=== Ask This Guy Chat Widget ===
Contributors: askthisguy
Tags: chat, chatbot, ai, assistant, widget, customer-support
Requires at least: 6.0
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 0.1.0
License: GPL v2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Embed the Ask This Guy AI chat assistant on your WordPress site with a one-step install.

== Description ==

Adds the Ask This Guy chat widget to your WordPress site front-end. Configure your agent UUID once and the widget appears site-wide with no template edits required.

Two modes are supported:

* **Open mode (default)** &mdash; anonymous visitors. The widget connects to your agent using only the agent UUID. Suitable for public marketing sites and FAQ pages.
* **Signed mode (advanced)** &mdash; logged-in users only. The plugin generates an ECDSA P-256 keypair on your site, signs short-lived ES256 JWTs in PHP carrying the logged-in WordPress user identity, and the widget hands them to Ask This Guy when starting a chat session. Suitable for member portals and SaaS dashboards where chats should be tied to known users for lead capture or CRM enrichment.

Display options:

* Launcher position: bottom-right (default), bottom-left, floating, or hidden (load widget without a launcher button so you can wire up your own trigger)
* Auto language detection from the WordPress site locale, or explicit English / French
* Site-wide, restricted to specific post types, or everywhere except a list of URL paths
* Custom accessibility label for the launcher button
* Theme overrides: brand color, corner radius, fonts, shadow (full default theme shown as documentation)

== Installation ==

1. Upload the `atg-chat-widget` folder to `/wp-content/plugins/` (or upload the ZIP via Plugins -> Add New -> Upload Plugin).
2. Activate the plugin through the **Plugins** menu in WordPress.
3. Go to **Settings -> Ask This Guy Chat**.
4. Paste your agent UUID (find it in your Ask This Guy admin console under the agent).
5. Save Changes.

The widget will load automatically on your site front-end.

To enable signed mode (logged-in users only):

1. On the same settings page, scroll to **Signed mode (advanced)**.
2. Tick **Pass the logged-in WordPress user identity to ATG via a signed JWT** and Save Changes.
3. Copy the displayed public key.
4. In your Ask This Guy admin console, open the agent's **Signed parameters** settings and register the public key under the kid shown next to the textarea.

The plugin generates the keypair locally; the private key never leaves your WordPress install.

== Frequently Asked Questions ==

= Where do I find my agent UUID? =

In your Ask This Guy admin console, open the agent. The UUID is on the agent's overview page.

= Why does the widget not appear on my site? =

Check that the agent UUID is set on the settings page. With no UUID the plugin emits nothing rather than a broken script tag. If the UUID is set, also check the "Show on" rule (e.g. "Only on selected post types" excludes pages that don't match).

= Can I use signed mode without logging users in? =

No. Signed mode passes the logged-in WordPress user identity to Ask This Guy as part of the JWT payload, so anonymous visitors can't be signed. The plugin skips emitting the widget script tag entirely for unauthenticated visitors when signed mode is on. If you want anonymous chat plus identity for logged-in visitors, you currently need to choose one mode or the other; mixed mode is a future feature.

= How do I rotate the signing key? =

Settings -> Ask This Guy Chat -> Rotate signing key. A new keypair is generated and a new kid is shown. Re-register the new public key in your Ask This Guy admin console.

= What happens to the private key when I uninstall the plugin? =

The plugin's `uninstall.php` deletes the option that holds it. Deactivating the plugin (without deleting) keeps the key in place so re-activation continues to work without re-registering with Ask This Guy.

= Why am I seeing an OpenSSL error when enabling signed mode? =

Signed mode needs the PHP OpenSSL extension. It's enabled by default on virtually every production WordPress host. If you see this error in a local dev environment, check that `php -m` lists `openssl`. The error notice itself surfaces the underlying OpenSSL error message, which often points at an `openssl.cnf` path issue on Windows.

== Privacy Policy ==

This plugin embeds a third-party chat widget served from `app.askthisguy.com`. When the widget loads on a page, the visitor's browser establishes a connection to Ask This Guy's API at `api01.askthisguy.com` to start a chat session.

**In open mode (default)**, the only data that leaves your site is whatever the visitor types into the chat. The plugin itself does not transmit any information about the visitor; the widget is the one that talks to Ask This Guy.

**In signed mode**, when a logged-in WordPress user loads a page, the plugin signs a short-lived JWT containing:

* The WordPress user ID (`external_user_ref`)
* The user's WordPress roles (`entitlements.roles`)
* The user's WordPress login name, display name, and email address (`context_metadata`)

The JWT is delivered to Ask This Guy by the widget when starting a chat session, and is used to associate the chat with this user in your Ask This Guy console. **You should disclose this data sharing in your site's privacy policy before enabling signed mode.** A suggested clause:

> When you are logged in, our chat assistant receives your user identifier, role, login name, display name, and email address from our website. This is used to associate your chat history with your account. Our chat assistant is provided by Ask This Guy (https://www.askthisguy.com/); see their privacy policy for further details.

The plugin stores its settings (including the signing keypair) in the standard WordPress `wp_options` table on your own server. The private key never leaves your WordPress install. Uninstalling the plugin deletes both the settings and the keys.

== Third-Party Libraries ==

This plugin bundles the [jose](https://github.com/panva/jose) JavaScript library (v5.2.3) for cryptographic operations performed by the chat widget. It is served from the plugin's own `assets/vendor/` directory, not from a third-party CDN.

* Source: https://github.com/panva/jose
* License: MIT (Copyright (c) 2018 Filip Skokan) &mdash; see `assets/vendor/jose-5.2.3.LICENSE` in the plugin folder.

== Changelog ==

= 0.1.0 =
* Initial release.
* Open mode: agent UUID, display style (bubble or drawer), language, post-type / URL-path visibility rules.
* Signed mode: ES256 JWT signing in PHP with auto-generated ECDSA P-256 keypair, key rotation, REST endpoint serving fresh JWTs to the widget per session, logged-in-only gating.
