=== AIM Transparency ===
Contributors: aimtransparency
Tags: ai, eu ai act, transparency, iptc, provenance
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Label AI-generated images for EU AI Act Article 50: the official EU AI-content badge, machine-readable IPTC/XMP metadata, and JSON-LD.

== Description ==

The EU AI Act (Regulation (EU) 2024/1689), Article 50, requires transparency for AI-generated and AI-manipulated media from 2 August 2026. A website owner who *displays* AI images is a **deployer**, whose duty is a **clear, human-visible disclosure** at first exposure. Embedding machine-readable provenance in the file is best practice (and is what search engines read to label AI images).

AIM Transparency gives you both, on any theme:

1. **Flag** — mark an image as AI-generated, AI-edited or algorithmic from the Media Library (single, bulk action, and an "AI" column).
2. **Visible badge** — a configurable "AI-generated" badge renders on the front end across galleries, portfolio grids, masonry, featured images, content images and block/FSE themes. An optional Universal badge coverage mode extends to custom themes that hand-write their markup.
3. **Machine-readable metadata** — writes the IPTC `Digital Source Type` (`Iptc4xmpExt:DigitalSourceType`) into the file's XMP, plus schema.org JSON-LD (`ImageObject` + `IPTC:DigitalSourceType`) on the page.
4. **Compliance record** — export a CSV audit trail of every disclosed image (file, type, disclosure label, embedded status and IPTC URI), plus your Article 4 AI-literacy checklist as evidence, for your own EU AI Act records. Free.
5. **Readiness score** — a free EU AI Act readiness view that combines your Article 50 image disclosure (scored automatically from your settings) with an **Article 4 AI-literacy checklist** you tick off and document with evidence notes. Article 4 (AI literacy) has applied since 2 February 2025, ahead of the Article 50 deadline.

A modern dashboard (under the top-level **AIM Transparency** menu) shows live coverage stats, the badge preview, the embedding-engine status, and settings — and follows your WordPress admin color scheme.

IPTC vocabulary used (the same value C2PA uses, so it is forward-compatible):

* AI-generated: `http://cv.iptc.org/newscodes/digitalsourcetype/trainedAlgorithmicMedia`
* AI-edited/composite: `http://cv.iptc.org/newscodes/digitalsourcetype/compositeWithTrainedAlgorithmicMedia`
* Algorithmic (non-AI): `http://cv.iptc.org/newscodes/digitalsourcetype/algorithmicMedia`

File embedding uses `exiftool` when present (JPEG/PNG/WebP/GIF/TIFF); otherwise a built-in pure-PHP writer handles JPEG and PNG.

**Optional, off by default:** an opt-in **AI Transparency Directory** lets you list your site publicly as one that discloses AI content. Nothing is shared without your explicit consent, and you can remove your listing anytime.

**Disclaimer:** this plugin is tooling to help meet Article 50 transparency obligations. It is not legal advice. Whether content is in scope (e.g. what counts as a "deepfake"), your deployer status, and the wording of your disclosure remain your responsibility.

== External services ==

This plugin can connect to the AIM Transparency service at `directory.aimtransparency.com`, operated by the plugin's developer. Every connection is **optional and user-initiated** — nothing is sent on install, on activation, or during normal use.

1. **AI Transparency Directory** (opt-in, off by default). If you opt in from the dashboard, the plugin sends your site URL, site name, plugin and WordPress versions, the number of images you have labeled, an optional contact email, your consent version/time, and a one-time verification token to `https://directory.aimtransparency.com/api/register`, so your site can be listed publicly as one that discloses AI content. The service then makes a single request back to a token endpoint on your site to verify you control it. You can remove your listing at any time, which deletes the stored data.

2. **Pro waitlist** (sent only when you submit the form). If you enter your email in the optional "notify me about Pro" form, that email is sent to `https://directory.aimtransparency.com/api/waitlist` so the developer can email you about the Pro add-on, and is stored only for that purpose.

The plugin makes no other external requests. The `iptc.org`, `schema.org`, `ns.adobe.com` and `w3.org` URLs in the code are standard metadata vocabulary identifiers written into your files and pages — they are not network requests.

Privacy policy: https://aimtransparency.com/privacy

== Installation ==

1. Upload the plugin to `/wp-content/plugins/`, or install it from the Plugins screen in wp-admin.
2. Activate the plugin.
3. Open the **AIM Transparency** menu, flag images in the Media Library (single, bulk action, or the per-image control), and configure the badge in Settings. The official EU badge and machine-readable metadata are on by default.

== Frequently Asked Questions ==

= Is it really free? =
Yes. Manual flagging, the visible badge, IPTC/XMP for JPEG & PNG, JSON-LD, and a CSV compliance export (an audit trail of every disclosed image) are all free. The optional AIM Transparency Pro add-on adds automatic flagging on upload, WebP/AVIF/GIF/TIFF embedding, a library scanner with strip-guard, the formatted compliance report (print-ready PDF, JSON, Markdown & TXT), Badge Studio (custom logo and extra styles), and WooCommerce support.

= Does the badge satisfy the law on its own? =
The visible badge addresses the deployer's human-visible disclosure (Art. 50(4)); the embedded metadata addresses machine-readability. Both are on by default.

= Will it work with my theme? =
It hooks WordPress's own image and template filters — including `render_block` for block/FSE themes — so any theme using standard functions is covered. For themes that hardcode `<img>` tags, enable Universal badge coverage in Settings.

= Will it modify my files? =
When file embedding is on, it writes XMP into flagged image files (and every generated size). It is idempotent. Turn it off to use the visible badge + JSON-LD only.

= My host has no exiftool. =
JPEG and PNG are still marked by the built-in PHP writer. WebP and other formats need exiftool; the Metadata screen shows your current capability.

== Screenshots ==

1. The dashboard — live compliance stats, coverage by format, and automatic flagging.
2. Badge Studio — shapes, colours, position and a live preview.
3. The "AI Generated" badge on the front end — a real photo and its AI counterpart, side by side.
4. Tag your whole library from the dashboard — search, filter and set each image's type.
5. Embedded metadata and the compliance report export.
6. The badge on your blog — flagged AI posts disclosed, real photographs left untouched, on any theme.
7. EU AI Act readiness — your Article 50 disclosure score and the Article 4 AI-literacy checklist.

== Build ==

The admin dashboard is a small React + TypeScript app; the only compiled files are `dashboard/assets/app.js` and `dashboard/assets/app.css`. Their human-readable source and the exact reproduction steps are documented in `BUILD.md` (included in this package).

== Changelog ==

= 1.0.0 =
* Initial release: media flag, bulk actions, visible badge across Enfold/standard/block themes, optional universal badge coverage, IPTC/XMP embedding (exiftool + pure-PHP JPEG/PNG), JSON-LD, free CSV compliance export, React dashboard, opt-in transparency directory.
