=== Maintenance Agent ===
Contributors: basicsound777
Tags: maintenance, updates, rollback, backup, security
Requires at least: 5.6
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

The agent's toolkit for remote & safe WordPress maintenance: snapshots, updates, stack management, health checks, rollbacks, recovery, and hardening

== Description ==

Maintenance Agent keeps your WordPress sites updated, hardened, and recoverable — so staying current is no longer a risk or a chore. You get a complete maintenance toolkit: careful updates, security hardening, instant rollback, emergency recovery, anti-bot features and Coming Soon page.

Drive it with your own AI assistant, manually, or through the free companion app — which adds the dashboards, manual controls and a specialized agent that runs the whole cycle based on dependencies and site history.

= Protect and harden — via wp-admin or remote (FREE) =

* 20 hardening and anti-bot features: security headers, HSTS, hide usernames, generic login errors, disable the file editor, force SSL on admin, block xmlrpc, block PHP execution in uploads, block sensitive files, honeypot URLs, bad-bot blocklist, directory listing off — and more. Each with a plain-English helper, all off by default.
* Login gate: protect your login with a PIN page that stops login-hammering bots before WordPress even boots (saves server resources).
* Every `.htaccess` change backed up automatically first, restorable in one click — plus an FTP kill-switch.
* Animated Coming Soon page and maintenance mode, configurable and SEO-aware.

= Careful maintenance toolset — for agents and custom integrations (FREE) =

* Works with any MCP-capable AI assistant, your scripts, or CI. Registered with the WordPress Abilities API (WP 6.9+), standard Application Password auth.
* Full site stack and health reports: versions, every plugin and theme, update availability, recent errors.
* A lightweight health signal, readable any time: database reachable, recent fatals, free disk space, stalled cron, auto-disabled plugins, active cache layer.
* Point-in-time snapshot of every plugin, theme, core, and the database — taken before anything is touched.
* The building blocks for careful, one-at-a-time updates: update a single item, flush caches, run a health check — sequenced by whatever drives it (the app's agent, your script, or your AI assistant).
* Install, activate, deactivate, or remove any plugin or theme.
* Per-item restore: roll back only what broke — no full-site backup restore needed.
* Optional backup-plugin trigger (UpdraftPlus, BackWPup), cache flush, error-log tail.

There is no AI inside the plugin itself — it is a deterministic toolkit. Intelligence lives in whatever you connect to it.

= Dashboards and a specialized agent — via the companion app (FREE TIER) =

* The free plan is real and permanent (no credit card, no trial clock): one agent audit, 5 agent maintenance runs, 1 archived restore point, maintenance dashboards.
* Specialized agent with memory that runs the whole cycle: snapshot → reasoned dependency update order → verify each step → decides rollback if something breaks → reports.
* Dashboard with stack overview, health, pending updates, status, theme/plugin installer, and more.
* Narrated, read-only first scan — see what the agent thinks of your site before anything is ever changed.
* Live run view (watch the agent do maintenance work), run history and reports, a Time Machine restore point, per-site notes.

= More sites, scheduling, and monitoring — paid plans (optional) =

The free plan runs the full agent and dashboards within a small monthly allowance. Paid plans lift the limits and add what matters once you manage more than one site:

* From a single site to a whole portfolio — more sites, more runs.
* Scheduling: a weekly maintenance rhythm per site, run unattended, reported back.
* Uptime, SSL and domain monitoring — external checks enriched with insider context (it knows which run touched the site and what changed).
* Cross-site installer: install, update, or harden plugins and themes across the whole fleet in one pass.
* Fleet-wide hardening — the security toolkit applied to many sites at once.
* Longer restore-point history, client reports under your agency branding, per-client routing.

Pricing and the full comparison are on the website. The plugin never requires a paid plan — or any plan.

= Why Maintenance Agent? =

Updates should be careful, observable, and reversible. Most tools update everything at once and hope; this one is built the other way.

* It reasons before it acts: reads your stack, plans a dependency-aware order, updates one item at a time, verifies each step — then decides, per failure, whether to retry, skip, roll back, or stop.
* Everything is reversible: a snapshot before anything is touched, per-item rollback, and an emergency companion that recovers a site even when the site itself won't boot.
* Drive it your way: click it in the dashboard, ask the in-app assistant, or run it from your own AI assistant over MCP — the same safe operations, three ways in.
* Your data stays in the EU: hosted in Germany, GDPR-aligned with a data-processing agreement, credentials encrypted at rest, and onboarding that never asks for your admin password.

Full features, screenshots, and pricing: https://kreiswolke.com/wp-maintenance-agent/

== External services ==

**1. The Kreiswolke companion app (optional, opt-in only)**

The plugin contacts the companion app **only if you explicitly connect your site** (a "Connect" action in the plugin's settings). Without connecting, the plugin sends nothing anywhere.

When you connect:

* The connection is established through a consent screen on the app. During pairing, the site URL and cryptographic public keys are exchanged, and a standard WordPress Application Password is created for the app — after you accept the terms on the consent screen.
* A connected app can then read the site reports described above and perform the maintenance operations you authorize (updates, rollback, hardening configuration), authenticated by that Application Password plus a per-site request signature.
* The plugin itself initiates only one outgoing call: if the plugin is disconnected, deactivated with disconnect, or deleted, it sends a short, best-effort notification to the app — containing the event name, the site URL, and the pairing identifier — so the app stops treating the site as managed. No other data is in that call.
* You can disconnect at any time from the plugin's settings; uninstalling removes the credentials on the site (and revokes the Application Password).

Service provider: Kreiswolke
Terms of service: https://kreiswolke.com/terms/
Privacy policy: https://kreiswolke.com/privacy-policy/

**2. api.wordpress.org**

Site stack reports enrich plugin information (latest version, last-updated date, requirements) through WordPress core's own `plugins_api()` — the same wordpress.org API your site already uses for the update screen.

**3. Requests to your own site**

Several features fetch a URL **on your own site** (never a third party): the post-update health check (pinned to your site's address), the webserver-detection probe, the login-gate self-test, and a one-time compatibility probe before writing an `ErrorDocument` rule. These are loopback self-checks, listed here so they are not mistaken for external calls.

== Frequently Asked Questions ==

= Can I use this with my own AI assistant or scripts? =

Yes — that's what it's designed for. Every capability is a REST endpoint, registered with the WordPress Abilities API (WP 6.9+), so any MCP-capable client you trust — or plain curl — can discover and use them. Authentication is a standard WordPress Application Password; destructive operations are snapshot-first with on-disk verification. The plugin is useful to humans and to whatever tooling you already run.

= Does the plugin work without the companion app? =

Yes, fully. The app adds orchestration (the maintenance agent, scheduling, multi-site dashboards, reports); the plugin alone gives you the reports, rollback, careful updates, and hardening on a single site.

= Does it send my data anywhere? =

Not unless you connect it to the companion app, and then only as described under "External services". There is no telemetry, no tracking, no phone-home.

= Why does it install an MU-plugin? =

The emergency companion exists for exactly one scenario: a failed update breaks the main plugin (or the site), and you still need the heartbeat, the maintenance splash, and the restore tools to work. A regular plugin can't promise that — an MU-plugin can. It is written atomically (no half-written file can white-screen a site), updated only on activation/version change, and removed on uninstall.

= Why does it write to .htaccess? =

Only when you enable an Apache-level hardening feature, and only inside one clearly marked block. The plugin backs up your `.htaccess` before every change, offers one-click restore, ships a kill-switch (create one file via FTP and all rules turn off), and removes the block fully on deactivation/uninstall. Blocking at the webserver is the point of these features: the request is rejected before PHP starts.

= What is the login gate, and can it lock me out? =

The gate puts a small PIN page in front of `wp-login.php`. It was built after watching bots hammer login pages on real servers: every attempt boots PHP, WordPress, and the database — a WordPress-layer rate limiter still pays that cost on each hit. The gate stops those requests at the webserver, before WordPress runs; bot/load protection is the primary purpose, the added login secrecy is a bonus. It is opt-in, requires a PIN before it can be enabled, and is built to fail open: if the plugin is removed by any means, the rule disables itself; a kill-switch file disables it instantly; logout/password-reset URLs are never blocked.

= Why does the code contain base64, unserialize, and error handlers? =

`base64` encodes/decodes Ed25519 signature material and HTTP Basic auth — both are binary-to-text transports, not obfuscation; every site is commented. The single `unserialize()` reads WordPress's own Application Passwords usermeta and is hardened with `allowed_classes => false`. The error handler and shutdown hooks feed the plugin's own error log and let a restore endpoint return structured JSON even if a fatal occurs; the handler returns `false` so PHP's normal error flow is untouched.

= Does it work on nginx? =

Everything except the Apache-level rules, which are detected as not applicable; for each, the plugin shows an equivalent nginx snippet to paste into your server config instead of pretending it worked.

= Is there AI in the plugin? =

No. The plugin is a deterministic toolkit — predictable, inspectable, no model calls. AI-assisted planning happens in the optional companion app, server-side, only for connected sites.

== Screenshots ==

1. [PLACEHOLDER: Site stack report]
2. [PLACEHOLDER: Hardening tab with per-feature explainers]
3. [PLACEHOLDER: Login gate settings + gate page]
4. [PLACEHOLDER: Coming Soon settings]
5. [PLACEHOLDER: Connect tab]
6. [PLACEHOLDER: Maintenance mode splash — assets/maintenance-mode-screen.jpg exists]

== Changelog ==

= 1.0.0 =
* Initial public release.
* Pre-update snapshot and per-item rollback for plugins, themes, core, and the database, with an archive of recent runs.
* Security and anti-bot hardening toolkit — security headers, xmlrpc / sensitive-file / author-enum protection, block PHP execution in uploads, optional PIN login gate — with automatic .htaccess backups and an FTP kill-switch.
* Site stack and health reporting; one-at-a-time updates with per-step health checks; cache flush; error-log tail.
* Animated Coming Soon page and maintenance mode.
* Registered with the WordPress Abilities API (WP 6.9+) so MCP-capable assistants can discover the tools.
* Optional, consent-based pairing with the Kreiswolke companion app for orchestrated multi-site maintenance.

== Upgrade Notice ==

= 1.0.0 =
First public release.
