=== SlideMind – AI Gateway for E-Learning ===
Contributors:      zaprene
Tags:              ai, e-learning, storyline, scorm, xapi
Requires at least: 6.2
Tested up to:      7.0
Requires PHP:      8.0
Stable tag:        1.0.0
License:           GPL-2.0-or-later
License URI:       https://www.gnu.org/licenses/gpl-2.0.html

Secure AI gateway for same-origin e-learning modules (Storyline, Captivate, Lectora, DominKnow, iSpring) with persistent learner memory.

== Description ==

SlideMind adds a secure server-side **AI gateway** to e-learning modules hosted on the same WordPress site (Articulate Storyline, Adobe Captivate, Lectora, DominKnow, iSpring). It forwards chat and Q&A requests from your modules to Large Language Model APIs via [OpenRouter](https://openrouter.ai/) (or directly to OpenAI, Anthropic, Google Gemini, Mistral AI), and stores persistent learner variables across slides in a global scope.

The plugin acts as a proxy: your e-learning module sends a request to your WordPress site, which forwards it to the AI provider. **Your API key never leaves the server** and is encrypted at rest using AES-256.

= Key Features (Free version) =

* **Secure proxy architecture** — API key encrypted with AES-256, never sent to the browser.
* **Multi-authoring-tool code generator** — One-click integration code for Storyline, Captivate, Lectora, DominKnow, and iSpring. Chat mode automatically uses an embeddable HTML widget.
* **HTML chat widget** — Embeddable multi-turn conversation interface (iframe or web object), used automatically for Chat mode slides.
* **Guided wizard** — 5-step setup for non-technical users.
* **Interactive sandbox** — Test your slides with real prompts before deploying.
* **Prompt templates** — 6 built-in templates (3 Q&A + 3 Chat) with import/export and favorites.
* **Learner memory** — Persistent variable storage in a global scope across slides.
* **Structured JSON responses** — Return typed variables (text, number, boolean, enum) for branching and scoring.
* **AI-assisted prompt generation** — Let an LLM draft your system prompt based on pedagogical objectives.
* **WordPress profile injection** — 5 native fields (first name, last name, display name, email, username) resolved in prompts.
* **Full data export** — One-click JSON export of slides, templates, memory, and settings (without API keys) for backup or migration.
* **Guest access toggle** — Per-slide control over whether non-logged-in visitors can interact.
* **Rate limiting** — 60 requests/minute logged-in, 20 requests/minute anonymous.
* **GDPR hooks** — Data exporter, eraser, configurable memory retention.

= How it works =

1. Create a slide configuration in the WordPress admin.
2. Write or generate a system prompt with variables.
3. Copy the generated integration code into your e-learning module (hosted on the same WordPress site).
4. Learners interact with the AI — every request is proxied through WordPress.

= Same-origin by design =

The free version is intentionally scoped to e-learning modules hosted on the same WordPress site (or on localhost during development). Cross-origin integrations (Moodle, Docebo, Cornerstone, SCORM Cloud, external LMS), HMAC-signed tokens, and CORS whitelists are part of the paid Pro tier.

= Links =

* [Website](https://slidemind.app)
* [Documentation](https://docs.slidemind.app/wordpress/getting-started/)
* [Pricing](https://slidemind.app/pricing/)

== Installation ==

1. Upload the `slidemind` folder to `/wp-content/plugins/` (or install from the WordPress plugin directory).
2. Activate the plugin through the "Plugins" menu in WordPress.
3. Go to **SlideMind > Settings** and enter your OpenRouter (or other LLM provider) API key.
4. Create your first slide using the guided wizard (**SlideMind > Add New**).
5. Copy the generated code into your same-origin e-learning module.

= Requirements =

* WordPress 6.0 or higher
* PHP 8.0 or higher
* OpenSSL PHP extension (for API key encryption)
* An API key from an LLM provider (OpenRouter recommended — unified gateway to many models)

== Frequently Asked Questions ==

= Where do I get an API key? =

Sign up at [OpenRouter](https://openrouter.ai/) and create an API key in your dashboard. OpenRouter gives you access to models from Anthropic, OpenAI, Google, Meta, Mistral, and many others through a single key. You can also use keys from OpenAI, Anthropic, Google Gemini, or Mistral directly.

= Which e-learning authoring tools are supported? =

SlideMind generates ready-to-use integration code for:

* **Articulate Storyline** — Execute JavaScript trigger
* **Adobe Captivate** — Advanced Actions with JavaScript (beta)
* **Lectora (ELB Learning)** — Run JavaScript action (beta)
* **DominKnow | Claro** — HTML Widget (beta)
* **iSpring Suite** — Web Object JavaScript (beta)
* **Chat mode** — HTML widget embeddable as an iframe or web object in any authoring tool

= Where should I host my e-learning modules? =

On the same WordPress site (same origin). The free version ships with a same-origin check in the embed shortcode and relies on WordPress cookie/nonce authentication. For cross-origin integrations (external LMS, SCORM Cloud, Moodle, Docebo, etc.), use SlideMind Pro, which adds HMAC-signed tokens, CORS whitelists, and an External LMS API.

= Is my API key secure? =

Yes. Your API key is encrypted at rest using AES-256-CBC and never sent to the browser. All AI requests are proxied through your WordPress server, so learners never see the key.

= How do I export all my data? =

Go to **SlideMind > Export data**. Pick the sections you want (slides, templates, memory variables, settings, etc.) and download them as a single JSON file. API keys are never included in the export.

= Is SlideMind GDPR compliant? =

SlideMind stores learner data (memory variables) in your WordPress database. No data is sent to third parties other than the AI provider you configure. You can purge individual learner data from the admin interface, and the plugin ships with `wp_privacy_personal_data_exporters` and `wp_privacy_personal_data_erasers` hooks. You remain responsible for your privacy policy regarding AI-generated content.

= Can non-logged-in visitors use AI slides? =

Only if you explicitly opt in. Each slide has a guest access toggle (`allow` / `deny` / `inherit`), and a global fallback lives in **Settings > Advanced**. The default is closed — visitors must be logged in. Anonymous requests are rate-limited to 20 per minute.

= How do I test my slides? =

Use the built-in **Sandbox** (SlideMind > Sandbox) to send real prompts against any slide, inspect the rendered system prompt, and verify structured JSON responses before publishing.

== Third-Party Services ==

SlideMind connects to external AI providers to process learner interactions. **No data is sent unless the site administrator explicitly configures an API key and creates an interactive slide.**

= LLM Providers =

When a learner interacts with an AI-enabled slide, SlideMind sends the conversation messages and resolved profile variables to the configured LLM provider. The following providers are supported:

* [OpenRouter](https://openrouter.ai/) — [Terms of Service](https://openrouter.ai/terms) · [Privacy Policy](https://openrouter.ai/privacy)
* [OpenAI](https://openai.com/) — [Terms of Use](https://openai.com/policies/terms-of-use/) · [Privacy Policy](https://openai.com/policies/privacy-policy/)
* [Anthropic](https://www.anthropic.com/) — [Terms of Service](https://www.anthropic.com/legal/consumer-terms) · [Privacy Policy](https://www.anthropic.com/legal/privacy)
* [Google Gemini](https://ai.google.dev/) — [Terms of Service](https://ai.google.dev/gemini-api/terms) · [Privacy Policy](https://policies.google.com/privacy)
* [Mistral AI](https://mistral.ai/) — [Terms of Service](https://mistral.ai/terms/) · [Privacy Policy](https://mistral.ai/terms/#privacy-policy)

= Freemius =

SlideMind uses the [Freemius](https://freemius.com/) SDK for license management and optional usage analytics. Freemius displays an opt-in dialog on activation — no data is collected without the administrator's explicit consent. [Freemius Privacy Policy](https://freemius.com/privacy/)

**No other external services are contacted.** All CSS, JavaScript, fonts, and images are bundled locally within the plugin.

== Screenshots ==

1. Dashboard — Overview with usage stats and quick-start guide
2. Wizard — Guided 5-step configuration setup
3. Sandbox — Test configurations with debug panel
4. Code Generator — Multi-authoring-tool integration code
5. HTML Chat Widget — Embeddable multi-turn conversation interface
6. Settings — API key, defaults, and advanced options

== Changelog ==

= 1.0.0 =
* Initial public release on WordPress.org.
* Same-origin embed shortcode with cross-origin validation.
* REST endpoints migrated to nonce authentication with `/bootstrap` flow.
* Per-slide guest access toggle with global fallback (closed by default).
* Rate limiting: 60 requests/minute for logged-in users, 20 for anonymous.
* Full data exporter (Tools > Export data) with JSON download.
* Built-in sandbox with prompt preview and structured response inspection.
* 6 built-in prompt templates (Socratic, Quiz, Role-play, and Q&A variants).
* AI-assisted prompt generation.
* WordPress-native profile field injection (first name, last name, display name, email, username).
* Learner memory in a global scope with configurable retention.
* GDPR exporter and eraser hooks.
* Multi-authoring-tool code generator (Storyline, Captivate, Lectora, DominKnow, iSpring, universal widget).
* AES-256 at-rest encryption of API keys.

== Upgrade Notice ==

= 1.0.0 =
First stable release tailored for the WordPress.org directory.
