=== BeeClear WebMCP AI Visibility ===
Contributors: beeclear
Donate link: https://beeclear.pl/
Tags: seo, ai, geo, mcp, webmcp
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 0.1.3
License: GPLv3
License URI: https://www.gnu.org/licenses/gpl-3.0.html

Expose content and discovery endpoints that help AI agents understand WordPress sites through WebMCP tools.

== Description ==

### AI visibility and WebMCP discovery for WordPress

**BeeClear WebMCP AI Visibility** helps WordPress sites describe public content, navigation, media, forms and selected actions in a structured way for compatible AI agents and browser clients.

The plugin adds WebMCP-style REST tools, agent discovery files, Markdown content output and OpenAPI metadata so automated clients can understand what the site offers before making requests.

It is designed for site owners, publishers, agencies and developers who want their public WordPress content to be easier for AI assistants, browser agents and discovery tools to inspect without changing the normal frontend experience for visitors.

### What the plugin adds

* **REST manifest:** Provides a machine-readable entry point at `/wp-json/beeclear-webmcp/v1/manifest`.
* **Agent discovery files:** Adds optional `/agent-manifest.txt`, `/agents-manifest.txt`, `/agents.txt` and `/.well-known/api-catalog` endpoints, detects whether `/llms.txt` and `/llms-full.txt` are already available, and can optionally provide WebMCP fallback output for each llms file independently.
* **Agent policy hints:** Publishes controlled capability tokens, robots.txt cross-reference directives and optional DID / W3C Verifiable Credential identity hints with admin-side previews.
* **Markdown for agents:** Serves singular content as Markdown when compatible clients request `Accept: text/markdown`.
* **OpenAPI schema:** Publishes endpoint metadata at `/wp-json/beeclear-webmcp/v1/openapi`.
* **Content discovery tools:** Exposes public post search, post retrieval, post types, taxonomies, terms, menus and media metadata.
* **Contact Form 7 tools:** Detects Contact Form 7 forms, exposes field schemas and supports authenticated submission testing.
* **Custom form definitions:** Lets administrators describe frontend forms with selectors, fields, labels and field purposes.
* **Custom REST functions:** Exposes selected same-site REST endpoints as structured WebMCP tools.
* **Discovery links and headers:** Adds HTML head links and HTTP Link headers for configured agent-facing resources.
* **Origin Trial support:** Optionally sends a WebMCP Origin Trial token as an `Origin-Trial` header and HTML meta tag for Chrome 149+ production testing.
* **Current browser API support:** Registers page tools with `document.modelContext`, keeps a compatibility fallback for older `navigator.modelContext` builds, and can expose tools to configured secure cross-origin iframe hosts.
* **Content signals:** Adds optional headers and robots.txt directives for automated content-use preferences.

Read-only tools can be exposed publicly. State-changing tools require the normal WordPress REST nonce and current-user context. Public agent endpoints include simple transient-based rate limiting to reduce accidental repeated load.

### Built for...

#### Publishers and content sites

If your site contains articles, guides, documentation or resources, the plugin helps compatible agents discover the right content and request a cleaner text version for analysis.

#### Agencies and developers

If you manage WordPress sites for clients, the plugin provides a structured way to expose public content, menus, media and selected business actions without building a custom agent API for each project.

#### Businesses using forms

If Contact Form 7 or custom frontend forms are part of your conversion flow, the plugin can describe form fields and purposes so authenticated browser-agent tests can work with structured input.

#### AI visibility workflows

If you are testing how AI clients understand a site, BeeClear WebMCP AI Visibility gives you manifest, Markdown, OpenAPI and discovery-file outputs from one admin-controlled plugin.

### Admin controls

In wp-admin, go to **BeeClear WebMCP** to:

* Enable or disable the integration.
* Add a Chrome WebMCP Origin Trial token for production testing.
* Configure secure origins that may discover tools when this site is embedded in an iframe with `allow="tools"`.
* Choose which public post types are exposed.
* Enable or disable content, navigation, media, form and custom-function tool groups.
* Configure agent discovery documents and content-signal preferences.
* Detect existing `/llms.txt` and `/llms-full.txt` files from another plugin or static file.
* Independently decide whether WebMCP should generate `/llms.txt` or `/llms-full.txt` fallback output.
* Preview the generated `agent-manifest.txt`, `agents-manifest.txt` and `agents.txt` policy files.
* Add optional trusted issuer hints and site-specific `x-` capability tokens.
* Describe Contact Form 7 fields and form purposes.
* Disable selected Contact Form 7 forms from WebMCP visibility.
* Define custom forms with CSS selectors and field metadata.
* Define custom functions that proxy to same-site REST endpoints.
* Run quick checks for the manifest, discovery files and enabled tools.

### Additional resources

* [BeeClear website](https://beeclear.pl/)
* [WordPress REST API documentation](https://developer.wordpress.org/rest-api/)

== External services ==

This plugin does not send data to third-party external services by default.

The plugin may send same-site HTTP requests to the WordPress site where it is installed. These requests are used to detect whether local discovery files such as `/llms.txt` or `/llms-full.txt` already exist, and to call administrator-configured custom REST functions. Custom REST functions are restricted to same-site endpoints or relative paths; external URLs are rejected.

Administrators can optionally enter DID values for trusted VC issuers or agent identities. Those values are published as policy hints in `agent-manifest.txt`; the plugin does not contact those identifiers, send data to them, or verify them cryptographically.

Administrators can optionally enter secure HTTPS origins for cross-origin WebMCP iframe testing. When a matching embedding page delegates `allow="tools"`, the browser may expose this site's registered WebMCP tool metadata and allow tool execution to that configured origin. The plugin does not contact those origins by itself.

Administrators can optionally enter a Chrome WebMCP Origin Trial token. The plugin publishes that token as an `Origin-Trial` HTTP header and an HTML meta tag; it does not send the token to Google or any other external service.

== Installation ==

= Installation from within WordPress =

1. Go to **Plugins > Add New**.
2. Search for **BeeClear WebMCP AI Visibility**.
3. Click **Install Now**, then **Activate**.
4. Open **BeeClear WebMCP** in wp-admin and review which tools and discovery files should be enabled.

= Manual installation =

1. Download the plugin ZIP file.
2. Upload the `beeclear-webmcp-ai-visibility` folder to your `/wp-content/plugins/` directory, or upload the ZIP from **Plugins > Add New > Upload Plugin**.
3. Activate **BeeClear WebMCP AI Visibility** in the WordPress admin.
4. Open **BeeClear WebMCP** and save the settings once to confirm your preferred configuration.
5. Test the manifest at `/wp-json/beeclear-webmcp/v1/manifest`.

== Frequently Asked Questions ==

= Does the plugin change my public website design? =

No. The plugin adds REST endpoints, discovery files, optional Markdown responses and discovery links. It does not replace your theme or normal frontend templates.

= Are WebMCP read tools public? =

They can be public if enabled in the plugin settings. State-changing tools still require the normal logged-in WordPress REST nonce/current-user context.

= Do I need an Origin Trial token? =

For local development, Chrome can use the `chrome://flags/#enable-webmcp-testing` flag. For production testing in Chrome 149 and newer while WebMCP is in Origin Trial, register your site origin in Chrome Origin Trials and paste the WebMCP token into the plugin settings. The plugin will publish it as an `Origin-Trial` HTTP header and an HTML meta tag on uncached pages. If a page cache, CDN or server cache serves HTML before WordPress runs, add the same header at the cache/server layer.

= Can WebMCP tools work from a cross-origin iframe? =

Yes, but only when the embedding page delegates permission with `allow="tools"` on the iframe and the embedded site lists that secure HTTPS origin in the plugin's Cross-origin WebMCP setting. Leave the setting empty for same-origin tools only.

= Can I disable specific tool groups? =

Yes. You can enable or disable content, navigation, media, Contact Form 7, custom form and custom function tools from the admin screen.

= Does the plugin expose private posts? =

No. The content tools are intended for public content. Review the exposed post-type settings before enabling public read access.

Password-protected posts and pages are not exposed through public content tools or Markdown output.

= Does Markdown output replace my normal HTML pages? =

No. Markdown is served only for compatible requests that explicitly ask for it, or through the dedicated REST Markdown endpoint.

= Can I use another plugin to generate llms.txt? =

Yes. WebMCP detects existing `/llms.txt` and `/llms-full.txt` files and links to them from discovery metadata. Keep **Let WebMCP generate /llms.txt** disabled when another plugin or static file should own `/llms.txt`. `/llms-full.txt` has a separate fallback toggle.

= Why does the llms status say "Detected external file"? =

It means the public URL exists, but the response does not look like WebMCP-generated output. This is expected when another plugin or a static file serves the llms document.

= Does the plugin require Contact Form 7? =

No. Contact Form 7 integration is optional. If Contact Form 7 is not active, the rest of the plugin can still expose content, discovery files, OpenAPI metadata, custom forms and custom functions.

= Can custom functions call external APIs? =

Custom functions are limited to same-site endpoints or relative paths. The target endpoint should handle validation, permissions and business logic.

= Where can I test the configuration? =

Use the **Tests** screen under **BeeClear WebMCP** in wp-admin. It includes quick checks for the manifest, discovery files and common read tools.

== Screenshots ==

1. Settings screen, Connection and discovery section: enable WebMCP, allow public read-only tools, generated manifest URL, Chrome WebMCP Origin Trial token and cross-origin tool exposure.
2. Google/Chrome agent readiness section: Markdown-for-agents output, discovery files with detected llms.txt status, OpenAPI and api-catalog toggles, Content-Signal preferences and browser diagnostics.
3. Tests screen with quick checks that load the manifest, llms.txt, agent-manifest.txt, agents.txt, OpenAPI and read tools, showing the raw JSON an agent would receive.
4. Forms screen with the Contact Form 7 tab: automatically imported forms, per-form WebMCP visibility, agent purpose descriptions, success/error selectors and field-purpose mapping.

== Changelog ==

= 0.1.3 =
* Added Chrome WebMCP Origin Trial token support for production testing.
* Updated browser tool registration for the current `document.modelContext` API, JSON-string tool execution arguments and optional `exposedTo` cross-origin iframe support.
* Replaced inline admin script tags with WordPress script enqueue APIs.
* Restricted discovery REST permissions to plugin settings and manager capability checks.
* Documented external-service behavior and clarified same-site custom endpoint limits.
* Returned taxonomy terms keyed by term ID for stable agent parsing.

= 0.1.2 =
* Added agent policy file management for `/agent-manifest.txt`, `/agents-manifest.txt` and `/agents.txt`.
* Added optional DID / W3C Verifiable Credential identity hints and custom capability tokens.
* Added detection for existing `/llms.txt` and `/llms-full.txt` files served by another plugin or static file.
* Split WebMCP fallback generation into separate `/llms.txt` and `/llms-full.txt` toggles.
* Removed the llms content-limit setting from the admin UI.
* Improved custom forms UX with collapsible form cards, collapsible field mappings and add-new-form behavior that preserves existing collapsed state.
* Moved admin styling into `assets/admin.css` and aligned the UI with the BeeClear Marketing Source Tracking admin style.
* Cleaned up inline styles and unused CSS selectors.

= 0.1.0 =
* Initial release.
* Added WebMCP-style REST manifest and tool endpoints.
* Added `/agent-manifest.txt`, `/agents-manifest.txt`, `/agents.txt` and `/.well-known/api-catalog` discovery documents, plus optional `/llms.txt` and `/llms-full.txt` compatibility output.
* Added Markdown output for singular content and a REST Markdown endpoint.
* Added OpenAPI schema output.
* Added content, navigation, taxonomy, menu and media read tools.
* Added Contact Form 7 discovery and authenticated submission testing.
* Added custom form and custom function configuration screens.
* Added admin quick checks for discovery and tool testing.

== Upgrade Notice ==

= 0.1.3 =
Adds Origin Trial support and addresses WordPress.org review checks for scripts, REST permissions and external-service documentation.

= 0.1.2 =
Adds agent policy file controls, llms file detection, split llms fallback toggles and refreshed admin UI.

= 0.1.0 =
Initial release.
