=== Grumpy AI Gate ===
Contributors: lkoudal, cleverplugins
Tags: ai, monitoring, security, admin, privacy
Requires at least: 7.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Intercept and log AI-related HTTP from plugins/themes; optional AI Client blocking. All data stays on your server.

== Description ==

**Grumpy AI Gate** helps you stay in control as AI features spread across WordPress. It **observes and intercepts** outbound HTTP **that other code on your site already initiates** (plugins, themes, or core)—so you can see **which plugin** was involved, **how much** activity you are seeing (including helpful estimates), and **optionally stop** unwanted **WordPress AI Client** traffic for specific plugins. **This plugin does not** call external AI APIs for its own dashboard, analytics, or licensing. Nothing is sent to us or to a third-party analytics service.

**Why use it**

* **Visibility** — Dashboard summaries, a per-plugin usage table, and a request log so surprises become visible early.
* **Spend awareness** — When other software calls paid APIs, usage adds up. Logging helps you notice patterns before invoices or quotas become a problem.
* **Safer sharing** — Knowing what leaves your server makes it easier to decide what belongs in prompts and what does not.
* **Optional blocking** — For paths that use WordPress’s AI Client, you can block generations from selected plugins under **Grumpy AI Gate → Settings** (save to apply).

**How it works**

* When the **WordPress AI Client** is available, the plugin records those requests from core lifecycle hooks (other code still drives the actual generation).
* For **HTTP fallback**, Grumpy AI Gate **hooks WordPress’s HTTP API** (for example `pre_http_request`) to **inspect requests that are already in flight**. If a URL matches **built-in recognition rules** for major AI providers, a log row can be stored. **Grumpy AI Gate does not open those connections for its own purposes**—it only filters and classifies traffic **initiated elsewhere** on the site.
* **HTTP fallback does not block** outbound API calls in the current release—it is there so you still get visibility when plugins talk to providers **directly over HTTP** instead of (or in addition to) AI Client flows.

**Compatibility**

The plugin requires **WordPress 7.0+** (matches **Requires at least** in the plugin header). On WordPress **7.x**, it works with **core AI Client** functionality where available. Release testing included **WordPress 7.0 Beta 5**. **HTTP fallback** remains important on every supported version—it records calls to **recognized provider endpoints** that **other plugins** make **directly over HTTP**, which is still common alongside (or instead of) AI Client–based flows.

**Privacy**

Everything is stored **locally in your WordPress database**. There is no cloud account, no telemetry, and no third-party analytics from this plugin.

For technical details on logging, double-counting avoidance, and blocking limits, see the **FAQ** below.

== Installation ==

1. Upload the plugin folder to `/wp-content/plugins/` or install it from the **Plugins → Add New** screen in your admin.
2. Activate the plugin through the **Plugins** menu.
3. Open **Grumpy AI Gate** in the admin menu. Review the **Dashboard** and **Request log**, then visit **Settings** to turn monitoring options on or off and configure optional per-plugin blocking.

== Frequently Asked Questions ==

= Why monitor AI usage on my site? =

Plugins can trigger AI calls in the background—for content, assistants, SEO tools, and more. Logging gives you a clear picture of **which plugin** is active, **how often** requests run, and **where** traffic is going, so you can manage budgets and content thoughtfully.

= Will this help me control API costs? =

It helps you **see** usage and trends. **Optional blocking** reduces some **WordPress AI Client** traffic for plugins you choose. Outbound **HTTP** calls to provider APIs that **other code** makes are **logged for visibility** in the current release but are **not blocked** here—use provider dashboards, API keys, and quotas for hard spend limits.

= Is my data sent to you or a third-party analytics service? =

No. Logs and settings stay **on your server** in the WordPress database. This plugin does not add off-site tracking or analytics.

= What does blocking actually stop? =

Blocking applies to **WordPress AI Client** flows that respect the **`wp_ai_client_prevent_prompt`** filter. You choose plugins under **Grumpy AI Gate → Settings** and save. It is **not** a full firewall for every outbound request.

= Does this block all AI traffic? =

No. Only **AI Client** traffic for plugins you select under **Grumpy AI Gate → Settings** is blocked (after you save). **HTTP** calls to provider APIs that **other plugins or themes** initiate are **observed and logged** in the current release but **not blocked**.

= Will it work if the WordPress AI Client is not available? =

Yes. The plugin loads safely. Without the AI Client stack, **HTTP fallback** can still record calls to **recognized provider** endpoints when that option is enabled in **Settings**, as long as **other code** on the site is making those outbound requests.

= How are AI Client requests and outbound HTTP logged? =

When the WordPress AI Client stack is available, a full generation is one log row from its lifecycle hooks; the matching raw provider HTTP for that same call is skipped so usage is not double-counted. Calls that do not fire those hooks (for example listing models) are still logged and may appear with capability `provider_http`. When **another plugin** talks to a known AI API without going through core AiClient, or when AI Client monitoring is off in settings, those requests are recorded via HTTP fallback instead.

= Which URLs does HTTP fallback recognize? =

Only built-in provider host/path rules (OpenAI, Anthropic, Google AI / Gemini, xAI, DeepSeek, Mistral, OpenRouter, and local Ollama). See **Grumpy AI Gate → Settings** for the current hostname list. Those patterns exist **only to filter and classify** outbound traffic **initiated by other code**—they are **not** endpoints this plugin contacts for its own operation.

= Does blocking stop all AI traffic from a plugin? =

Blocking uses WordPress’s **`wp_ai_client_prevent_prompt`** filter: it stops prompt builder flows (support checks and generations) that go through that path. Separate calls such as **listing models** (`/v1/models`) may still run as **provider HTTP** on the AI Client channel and appear as a successful row—that traffic does not go through the same prevent hook.

= Can I clear old log data? =

Yes. Under **Grumpy AI Gate → Settings**, use the options to clear the request log only, or clear the log and aggregated statistics, as needed.

== External services ==

This plugin **does not** rely on third-party AI APIs, remote analytics, or any external service **for its own features**. All logging and settings stay on your site.

**Provider names and URL patterns** included with the plugin are **local matching rules** only. They let Grumpy AI Gate **filter and classify** outbound HTTP requests that **plugins, themes, or WordPress core** may already be sending. They are **not** a list of servers this plugin calls to power the admin UI or to “phone home.”

Your site may still contact third-party AI providers when **you or other software** use AI features—that traffic is separate from this plugin’s own network use (which does not include calling those providers for monitoring).

== Screenshots ==

1. Dashboard with summary cards, top plugins, usage-by-plugin table, providers, and recent activity.
2. Request log for browsing individual AI-related requests.
3. Settings: enable AI Client and HTTP monitoring, retention, provider list, and per-plugin blocking.
4. Help: how monitoring and blocking work, privacy and retention, and restoring the dashboard welcome panel.

== Changelog ==

= 1.0.2 =
* Help submenu (Grumpy AI Gate → Help) with documentation on how AI Client and HTTP fallback logging work, what data is stored locally, a shortcut to retention in Settings, and a control to show the dashboard welcome panel again after dismissal.
* Dashboard UX: plugin version shown next to the screen title; dismissible welcome panel (per major plugin version) with bullets and a link to Help; admin notices when a block rule is added or cannot be saved; clearer guidance when the WordPress AI Client is unavailable; short descriptions under Top providers and Usage by plugin; footer link to Help.
* Block workflow: full-page Confirm block plugin step before adding an AI Client block rule from the dashboard or request log (nonce-protected, with Cancel and a link to Help explaining blocking scope).
* Admin presentation: consistent credit line under titles; plugin labels show installed version where available; status rows use color-coded pills for success, blocked, and error states.

= 1.0.1 =
* Bumped Stable tag and internal version to 1.0.1. Aligned Requires at least with the plugin header (WordPress 7.0). No functional changes from 1.0.0.

= 1.0.0 =
* Renamed to Grumpy AI Gate (slug grumpy-ai-gate); internal prefix gaig / GAIG. Readme and admin copy clarify interception of outbound HTTP initiated by other code (not the plugin acting as an AI client). Added External services section for WordPress.org reviewers. Local-only logging of AI Client and matching HTTP traffic, dashboard and request log, optional per-plugin blocking for WordPress AI Client flows, retention and clear-data tools. See the FAQ for privacy, blocking scope, and provider matching details.
