=== Civilized Embed ===
Contributors: civilizedai
Tags: chat, search, ai, widget, embed
Requires at least: 6.4
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 0.1.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Add the Civilized AI chat widget and search bar to your site. No API keys required.

== Description ==

Civilized helps your visitors find answers and get in touch. This plugin adds two embeddable widgets to your WordPress site:

* **Chat widget** — a floating AI chat overlay enabled site-wide with one toggle.
* **Search bar** — a "Civilized Search" Gutenberg block (or `[civilized_search]` shortcode on classic themes) you can drop into any post, page, header, footer, or sidebar. Size and colors are configured per-instance directly in the block sidebar with a live preview; shortcode and template-tag users can pass optional overrides (see below).
* **Contact Us link** — a copy-paste HTML link to your hosted Civilized contact page.

The plugin uses domain-based authentication. There is no API key to configure — you just need to add your site domain to your organization's allowed-domains list in the Civilized Admin Dashboard.

This plugin is built for organizations that are existing Civilized customers. It only functions on sites whose domains have been explicitly allowlisted by the partner organization on Civilized's backend; it does nothing on any other site.

== Installation ==

1. Upload the `civilized-embed` folder to `/wp-content/plugins/`, or install via Plugins → Add New → Upload Plugin.
2. Activate the plugin through the **Plugins** menu.
3. Go to **Settings → Civilized** and click **Check status** to verify that your site domain is on your organization's allowed-domains list.
4. (Optional) Toggle the chat widget on; add the **Civilized Search** block to any post, page, or template part.

== Privacy & external services ==

This plugin communicates with a single external service: **api.civilized.ai**, operated by Civilized AI.

**When the plugin contacts api.civilized.ai:**
Only when you click the **Check status** (or **Re-check status**) button on the **Settings → Civilized** page. The plugin makes no automatic, scheduled, or page-load HTTP calls to any external service.

**What is sent:**
The HTTP `Origin` header containing your site's scheme and host (e.g., `https://example.com`). No other data, content, or user information leaves your site through this plugin.

**What is returned:**
A small JSON response indicating whether your domain is on your organization's allowed-domains list, plus your organization name and hosted-chat URL (only if allowlisted). These values are stored locally in WordPress as part of the plugin's settings option (`civilized_embed_settings`) and are used to display status on the settings page and to generate the optional Contact Us link.

**Loader scripts on the front-end:**
When the chat widget or search bar is rendered on a page of your site, the corresponding loader script is fetched from `chat.civilized.ai/sdk/...` by the visitor's browser. This is the same pattern as embedding any third-party widget (Stripe, Intercom, etc.) and only happens on pages where you've explicitly placed the widget or enabled the chat toggle.

**Civilized's policies:**

* Privacy policy: https://civilized.ai/privacy
* Terms of service: https://civilized.ai/terms

== Why the loader uses @latest ==

The widget loader scripts are referenced from a Civilized-controlled domain (`chat.civilized.ai`) at the unversioned `@latest` URL:

`https://chat.civilized.ai/sdk/civilized-ai@latest/loader.js`

We use `@latest` rather than a pinned version for the following reasons:

1. **Closed-customer plugin, not a public widget.** This plugin is a runtime for a managed product. It only functions for organizations whose domains we have explicitly allowlisted. It is not, and is not intended to be, a general-purpose widget that arbitrary sites can use.

2. **Civilized-controlled infrastructure.** The loader is served from `chat.civilized.ai`, which is owned and operated by Civilized AI — not a third-party CDN. We do not load executable code from any uncontrolled source.

3. **Server-coupled releases.** The loader is updated in lock-step with the Civilized backend it talks to (`api.civilized.ai`). Pinning a loader version inside this plugin would force a plugin re-release every time we ship a routine server-side change, and would break partners during the lag.

4. **No data exfiltration surface.** The plugin itself never transmits page content, user data, or credentials. All runtime traffic goes through partner-domain-authenticated requests to Civilized's own backend.

Customers who require strict version control on the loader can self-host the loader files; contact support@civilized.ai for guidance.

== Frequently Asked Questions ==

= Where do I add my domain? =

Your organization's primary website domain is allowlisted automatically when you become a Civilized customer. If you want to add additional domains (e.g., a staging or marketing site), reach out to Civilized — only Civilized staff and your designated org admins can modify the allowed-domains list.

= Will the plugin survive a theme switch? =

Yes — the plugin is theme-independent. The chat widget hooks into `wp_footer`, which exists on every theme. The search bar block and shortcode also work regardless of theme.

= Can I add a Contact Us link to my site? =

Yes — the settings page shows a copy-paste HTML snippet for your org's hosted chat URL, including a query parameter that opens the chat directly into the contact-us prompt. You can paste this into any page, post, or HTML widget.

= Does the chat widget show up in feeds or REST API responses? =

No. The plugin explicitly suppresses widget output in RSS/Atom feeds, REST API responses, AJAX requests, and XML-RPC payloads to avoid corrupting those formats with script tags.

= Can I customize the search bar size and colors? =

Yes. Using the **Civilized Search** block, each instance has its own sliders and color pickers in the editor sidebar (with a live preview in the block canvas) — so you can have a wide bar on the homepage and a compact one in the footer.

For the `[civilized_search]` shortcode and the `civilized_search()` template tag, pass optional overrides:

* Shortcode: `[civilized_search max_width="640" height="64" text_size="20" radius="16" button_color="#cc0000" button_hover_color="#aa0000"]`
* Template tag: `<?php civilized_search( array( 'maxWidth' => 640, 'height' => 64 ) ); ?>`

Any unset value falls back to the default (max width 745px, height 55px, text 18px, radius 12px, button #0098cc, hover #0086b5). Because the bar uses `max-width`, it will also shrink to fit narrower containers.

== Source code and build instructions ==

The plugin's Gutenberg block ships both its compiled output (in `blocks/search/build/`) and the original, human-readable source (in `blocks/search/src/`). The `package.json` file in the plugin root lists the build toolchain.

To rebuild from source:

1. Install Node.js 16 or later.
2. From the plugin root, run `npm install` followed by `npm run build`.

The build uses the standard `@wordpress/scripts` toolchain. No other JavaScript or CSS in the plugin is compressed or minified.

== Changelog ==

= 0.1.0 =

* Initial release.
* Chat widget (site-wide toggle, floating bubble).
* Search bar Gutenberg block with per-instance size/color sliders, a live preview inside the block canvas, plus `[civilized_search]` shortcode and `civilized_search()` template tag (both accept optional appearance overrides).
* Theme-aware settings-page guidance (block theme vs. classic theme).
* Domain status check via `api.civilized.ai/public/embed/config`, button-gated and result-cached locally.
* Contact Us link surfaced as a copy-paste HTML snippet.
* Renderable-context guard prevents script leakage into feeds, REST, AJAX, and XML-RPC.
