=== PillarShield ===
Contributors: pillarshield
Tags: governance, compliance, publishing, moderation
Requires at least: 6.0
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 0.1.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Connect WordPress to the PillarShield SaaS API and enforce governance checks at publish time.

== Description ==

PillarShield integrates WordPress with the PillarShield SaaS governance API. It runs checks at the publish boundary, blocks non‑compliant content, allows optional overrides, and keeps a governance record per post for reporting. You must obtain a PillarShield API key from https://pillarshield.co for the plugin to function.

Key features:

* Gate governance checks on publish/private statuses (configurable per post type).
* Optional manual checks that never block saves.
* Override workflow for privileged users.
* Governance reporting under Tools → PillarShield (blocked-at-gate items only).
* Safe storage of outcomes without raw content.

== Installation ==

1. Upload the `pillarshield` folder to `wp-content/plugins/` or install it as a ZIP.
2. Activate **PillarShield** in Plugins → Installed Plugins.
3. Go to Settings → PillarShield to configure API settings.

== Configuration ==

Settings → PillarShield:

* **API Endpoint**: The PillarShield governance endpoint.
* **API Key**: Your tenant API key (`psk_...`).
  * Get a key at https://pillarshield.co. The plugin does not perform governance checks without a valid API key.
  * You can also define `PILLARSHIELD_API_KEY` in `wp-config.php` to override the stored option:
    `define('PILLARSHIELD_API_KEY', 'psk_...');`
* **Enable Governance**: Turn checks on/off.
* **Allow Save Without API**: Allow publishing if the API is unavailable.
* **Enabled Post Types**: Which post types are governed.
* **Fields per Post Type**: Comma‑separated fields to scan. Supports `meta:KEY`.
* **Gate Configuration**:
  * **Gated statuses** (default: publish + private)
  * **Fallback status** (default: draft)

Use the **Test Connection** button to validate API access.

== Editor UX ==

On governed post types, a PillarShield meta box appears with:

* **Check PillarShield governance on this save** (manual check)
* **Override PillarShield governance (save anyway)**

These checkboxes do not persist — they only apply to the current save.

== Permissions (Roles/Capabilities) ==

PillarShield adds these capabilities:

* `pillarshield_manage_settings` — manage settings page
* `pillarshield_view_reports` — view reports
* `pillarshield_manual_check` — run manual check
* `pillarshield_override_governance` — override violations

On activation, these are granted to **Administrators** only.

**Override visibility requirement:**
The Override checkbox only appears for users who have the `pillarshield_override_governance` capability. Editors will not see it unless you explicitly grant that capability via a role editor plugin or custom code.

== Reporting ==

Tools → PillarShield:

* Overview of content currently blocked at the gate.
* Details page per post with block reason and metadata.

== Screenshots ==

1. Settings → PillarShield configuration page.
2. Block editor notice after a blocked publish.
3. Tools → PillarShield report list for blocked content.

== Frequently Asked Questions ==

= Why didn’t I see a notice after publishing? =
The block editor uses REST saves; notices are injected into the editor UI after save. Quick Edit notices appear on the list table after inline‑save completes. Classic admin notices show on full page loads.

= Does this store my content? =
No. Only minimal blocked-at-gate metadata and reasons are stored locally. Content is sent to the PillarShield SaaS API for evaluation.

= What post statuses are gated? =
By default `publish` and `private`, configurable per post type.

= Where do I get an API key? =
Get a PillarShield API key at https://pillarshield.co. The plugin requires a valid key to run governance checks.

= Where can I get support? =
Visit https://pillarshield.co.

== External services ==

This plugin connects to the PillarShield governance API to evaluate post content for compliance before publishing.

**Service:** PillarShield SaaS governance API, operated by PillarShield.
**Endpoint:** https://api.pillarshield.co/pillarshield-governance/governance

**What is sent and when:**
When a user saves a post to a gated status (by default: publish or private) on a governed post type, or manually triggers a governance check, the plugin sends a POST request containing:

* The post's configured content fields (by default: title, body, and excerpt)
* Post metadata: post type, post ID, post UUID, post URL, and target publish status
* WordPress user context: user ID and roles (no email or username is transmitted)
* The tenant API key

No data is sent during autosaves, revisions, or saves to non-gated statuses. The plugin requires a valid API key obtained from https://pillarshield.co to function.

* [Terms of service](https://pillarshield.co/terms)
* [Privacy policy](https://pillarshield.co/privacy-policy)

== Support ==

Support and documentation: https://pillarshield.co.

== Changelog ==

= 0.1.0 =
* Initial beta.

== Upgrade Notice ==

= 0.1.0 =
Initial beta release.
