=== Encypher Provenance - Text Authorship Verification ===
Contributors: encypherai
Tags: content authenticity, provenance, verification, proof of origin, authorship verification, misinformation, plagiarism, copyright, digital signature
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 2.0.3
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Protect your content with cryptographic proof of authorship. Invisible signatures prove when content was created, by whom, and whether it was tampered with.

== Description ==

**Encypher Provenance** brings C2PA (Coalition for Content Provenance and Authenticity) compliance to WordPress. Automatically embed invisible cryptographic signatures into your blog posts and pages that prove when content was created, by whom, and whether it has been modified.

= Why Content Authenticity Matters =

In an era of rapid content reuse and misinformation, proving the authenticity of your content is more important than ever. Encypher Provenance helps you:

* **Prove Original Authorship** - Cryptographic signatures tied to your organization
* **Detect Tampering** - Know if content has been modified after signing
* **Build Trust** - Show readers your content is verified and authentic
* **Protect Against Misquotes** - Track sentence-level provenance

= Key Features =

* **Email Connect Setup** - Start from a work email and auto-provision the plugin API key with a secure magic link
* **Auto-Sign on Publish** - Content is automatically signed when you publish
* **Auto-Sign on Update** - Re-signs with edit history when content changes
* **Invisible Embeddings** - C2PA manifests are embedded using invisible Unicode characters
* **Public Verification** - Readers can verify content authenticity with one click
* **Gutenberg Integration** - Full sidebar panel in the block editor
* **Verification Badge** - Optional badge shows readers that content is signed and verifiable

= C2PA Compliance =

Built on the same standards used by Google, BBC, OpenAI, Adobe, and Microsoft:

* Full C2PA 2.3 text manifest specification compliance
* Unicode variation selector embedding (invisible, copy-safe)
* SHA-256 hard binding for tamper detection
* Provenance chain tracking for edit history

= Tier Features =

**Free**
* Auto-sign on publish/update
* Unlimited signing for normal publishing use (fair-use guardrails apply)
* Sentence-level C2PA signing (micro_ecc_c2pa)
* Attribution indexing
* Batch signing (up to 10 docs)
* Encypher-managed certificates
* Coalition membership

**Enterprise (Custom)**
* All Free features
* Bring Your Own Key (BYOK)
* Word-level segmentation
* Dual binding & fingerprinting
* Batch signing (up to 100 docs)
* SSO/SCIM integration
* Dedicated support & SLA
* Coalition membership (priority placement)

== Installation ==

1. Upload the `encypher-provenance` folder to `/wp-content/plugins/` (or install the ZIP via **Plugins > Add New > Upload Plugin**)
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Go to **Encypher > Settings**
4. Click **Activate Provenance**. The plugin provisions your workspace and connects this site in one click — no email, no copy/paste.
5. Publish a post — it is signed automatically and a verification badge appears.

Already have an Encypher account? Use **Connect with Encypher account**, **Connect with API key**, or **Connect via email** from the same screen to attach this site to your existing workspace.

== Frequently Asked Questions ==

= Do I need an API key? =

No manual setup required. Click **Activate Provenance** on the settings page and the plugin provisions a free-tier API key and connects this site in one click. If you already manage Encypher credentials, you can paste an existing key or connect your account instead.

= How do I connect an existing Encypher account? =

From **Encypher > Settings**, choose **Connect with Encypher account** (log in and approve), **Connect with API key** (paste a key that starts with `ency_`), or **Connect via email** (approve a secure link Encypher sends you). All three attach this site to your existing workspace.

= Are the embeddings visible? =

No. C2PA manifests are embedded using invisible Unicode variation selectors. They don't affect how your content looks but can be extracted for verification.

= Does this work with the Classic Editor? =

Yes, the plugin supports both Gutenberg (block editor) and Classic Editor.

= What happens if I edit a signed post? =

The plugin automatically re-signs the content with a `c2pa.edited` action and maintains a provenance chain linking to the previous version.

= Can readers verify my content? =

Yes! A verification badge can be displayed on your posts. Clicking it shows verification details including signer information and timestamp.

= Is my content sent to external servers? =

Yes, content is sent to Encypher's API for signing. The API creates cryptographic signatures but does not store your full content. See our [Privacy Policy](https://encypher.com/privacy) for details.

== Screenshots ==

1. Settings page with workspace connection and signing defaults
2. Gutenberg sidebar showing signing status
3. Frontend verification badge
4. Verification modal with content details
5. Analytics dashboard

== Changelog ==

= 2.0.3 =
* Fixed: verifying unsigned content no longer claims "Manifest found" - the badge modal now reports "No C2PA provenance markers were found" with sign-first guidance, and unsigned posts are no longer stamped with a verification_failed status
* Added: server-side background bulk signing - a WP-Cron queue processes archive runs without an open browser tab (crash-safe, resumable, pause/cancel); the in-tab mode remains available via the new "Run in background" toggle
* Added: Site Health check "Encypher provenance integrity" - fetches your latest signed post and verifies the served page against the API, detecting themes/plugins/output buffers that alter signed text
* Changed: media file writes go through the WordPress Filesystem API with read-back verification (WordPress VIP and managed-host compatible); direct writes only as a guarded fallback on plain hosts
* Changed: signed-text injection and the verification badge now render in a single final-priority content filter, so no third-party content filter can alter signed bytes after injection
* Fixed: signing failure records from admin and bulk flows now use the same canonical error shape as the editor flow

= 2.0.2 =
* Fixed: live-page byte integrity - signed text is now injected after wptexturize/wpautop (priority 12) so the served bytes are exactly the signed bytes; previously texturize rewrote apostrophes/quotes after injection, making DOM-level verifiers (Chrome extension) report "Invalid Signature" on micro-embedded content
* Fixed: the public provenance report no longer shows a false "Not Verified" for freshly signed content - it now performs a live verification when the cache is empty, and signed-but-unverifiable content gets a neutral "Signature Present" verdict instead of a negative one
* Fixed: provenance report readability - removed the partial dark-mode theme that painted dark-mode text colors over light backgrounds (unreadable in dark-mode browsers); the report now always renders its light branded design with higher-contrast verdict text
* Fixed: WordPress 6.9 compatibility for the Abilities API - encypher/sign and encypher/verify now register with the core signature (args array with execute/permission callbacks, input/output schemas, and a registered "encypher" ability category) and only on the wp_abilities_api_init action, eliminating the "called incorrectly" notices that broke wp-admin headers under WP_DEBUG
* Fixed: editing or reordering blocks after signing no longer risks serving the pre-edit signed snapshot on the public page - render-time marker injection now checks the provenance status and falls back to the live clean content until the post is re-signed
* Fixed: compound posts with audio, video, or media-text blocks no longer fail text embedding - visible captions and body copy from those blocks are now included in the signed text, so all HTML fragments match during embedding (previously up to 3 fragments per post could mismatch and trip the fail-closed gate)
* Fixed: the public /c2pa-verify/ report page no longer shows "Not Found" for valid content - the URL-encoded instance id is now decoded before lookup
* Fixed: signed media-rich posts now pass reader-side C2PA verification - the rich signing request forwards the embedded-manifest options (embed_c2pa) so compound posts carry the same verifiable text artifact as text-only posts
* Changed: the signed marker-bearing HTML is stored alongside the clean editor content for rich posts, keeping the editor copy clean while the published page carries verifiable markers

= 2.0.1 =
* Changed: all provenance state icons (editor status hero, header chip, settings connection status, media library indicators, verification report verdicts, AI provenance badge) now use versions of the Encypher seal logo - checkmark for signed/verified, question glyph for pending/unknown, X glyph for tampered/failed - instead of generic dashicons, emoji, and text characters
* Changed: signing and verifying animations now use the branded Encypher seal loading spinner and stay visible for a short minimum time so the progress is perceivable even on fast operations
* Removed: "Encypher powers this provenance workflow" banner from the Encypher Provenance editor sidebar panel
* Fixed: posts are no longer reported as signed when the C2PA text embedding step fails - the post now shows a "Signing failed" state (new embedding_failed status) instead of a false "Signed" badge
* Fixed: a crashed or timed-out signing run no longer leaves the editor stuck on "Signing" forever - the in-progress flag is now timestamped and automatically expires after 5 minutes
* Fixed: signing failures (invalid key, quota, API down) now surface live in the editor sidebar with the failure reason instead of only appearing as an admin notice after reload
* Fixed: coalition auto-enrollment now calls the correct API endpoint (/coalition/opt-in) - previously every enrollment attempt returned 404
* Fixed: email connect polling now detects expired secure links and stops after 15 minutes with a "Send a new link" option instead of polling forever
* Fixed: bulk signing progress is saved locally and can be resumed after a browser crash or page reload; transient network errors retry with backoff (honoring Retry-After) instead of cancelling the whole run
* Added: monthly signing quota is checked before signing starts, so free-tier publishers over the cap get an immediate, clear error instead of a silent failure
* Changed: free tier signing is no longer capped at 1,000 documents/month - signing is now unlimited for normal publishing use (fair-use guardrails apply)

= 1.3.1 =
* Fixed: connection health check no longer fails when Cloudflare or CDN returns 403 on probe endpoints - now falls through to next probe instead of aborting
* Fixed: invalid API key error now shows actionable guidance ("starts with ency_") instead of cryptic "Tier lookup failed with status 403"
* Fixed: email connect error now includes HTTP status code and backend detail instead of generic "Unable to start WordPress connect flow"
* Added: client-side API key format validation catches non-Encypher keys (ED25519, random strings) before server round-trip

= 1.3.0 =
* Fixed: zero-friction "Activate Provenance" button now provisions API key inline instead of sending an unreachable magic link email
* Fixed: auto-provisioned API keys now authenticate correctly (local database auth fallback)
* Fixed: CDN signing endpoints no longer return 500 errors (broken import)
* Fixed: quick-connect no longer saves invalid API keys silently
* Added: rate-limited auto-provision endpoint (10 req/hour per IP) with strict domain validation
* Added: key verification after provisioning - clears key and shows error if verification fails
* Security: API key no longer exposed in REST response body

= 1.2.0 =
* Added WordPress/ai integration: auto-signs AI-generated content from all five WordPress/ai experiments (Title Generation, Excerpt Generation, Summarization, Review Notes, Alt Text) before it is committed to the post
* Added WordPress Abilities API support: registers `encypher/sign` and `encypher/verify` as first-class abilities callable by any plugin via `wp_get_ability()->execute()`
* Added "AI Content Provenance" Gutenberg sidebar panel with shield badge (green/yellow/red/grey) showing per-post AI provenance status and signed experiment list
* Added `GET encypher-provenance/v1/wordpress-ai-status` REST endpoint powering the new sidebar panel
* Added Coalition auto-enrollment: enabling the toggle in settings automatically enrolls the site in the Encypher Coalition via `/coalition/opt-in`
* Added WordPress/ai Integration settings section with enable toggle and Coalition auto-enroll toggle
* AI-signed experiment records are stored in post meta (`_encypher_wpai_experiments`) for audit trail and REST lookups

= 1.1.0 =
* Added email-based secure connect flow with automatic API key provisioning
* Added WordPress approval page flow for emailed connect links
* Added session polling and automatic connection completion in plugin settings
* Updated dashboard and plugin documentation for guided WordPress onboarding

= 1.0.0-beta =
* Public beta release for Encypher Provenance
* Settings UI streamlined: hard binding is always on and no longer configurable
* Added dashboard support contact section with direct email CTA
* Unified branded full-wordmark headers across Dashboard, Content, Settings, Analytics, Account, Bulk Sign, and Coalition pages
* Improved analytics cards/status presentation and coalition early-rollout placeholder experience

== Upgrade Notice ==

= 1.2.0 =
Adds WordPress/ai integration, WordPress Abilities API support, and Coalition auto-enrollment. No breaking changes. If you use the WordPress/ai plugin, enable the new integration toggle in Encypher > Settings to auto-sign AI-generated content.

= 1.1.0 =
This release adds secure email-based connection and automatic API key provisioning for WordPress installs while preserving manual API key setup for existing workspaces.

= 1.0.0-beta =
Public beta with polished admin UX and production-ready signing/verification defaults. Hard binding is enforced by default.

== Privacy Policy ==

Encypher Provenance sends your post content to Encypher's API (api.encypher.com) for cryptographic signing. We do not store your full content - only metadata needed for verification. See [encypher.com/privacy](https://encypher.com/privacy) for our complete privacy policy.
