== Changelog ==

= 1.0.1 =
* Builder-aware notice: when a page is built with a data-model builder (Elementor, Beaver Builder, Oxygen, Bricks), the results panel now shows a short note that some links those builders' add-ons render at view time may not appear. Spot Check reads a page's saved content, where most links live; a few add-on links (e.g. Essential Addons "wrapper" links) only become HTML when the page renders, so the notice keeps the list from looking complete when it isn't.
* Documentation: clarified in the FAQ which links are and aren't covered.

= 1.0.0 — 2026-06-12 =
* Initial release of Spot Check — On-Demand Broken Link Checker.
* Hybrid check engine: same-origin links verified client-side in the browser; external links verified server-side through the WordPress HTTP API (HEAD with GET fallback), since Same-Origin Policy makes external responses unreadable in the browser.
* Trust-first classification: green OK (2xx, redirects followed), red broken (404/410, DNS failure, connection refused, timeout), yellow unverifiable (401/403/429 and 5xx — never reported as broken by default, so firewalled or bot-blocked sites don't trigger false alarms).
* Browser-like request headers on server-side checks to reduce false bot-blocking 403s.
* SSL diagnostic retry: when a certificate fails validation, the real HTTP status is still retrieved and reported alongside the certificate problem.
* Placeholder links are flagged, not skipped: empty hrefs, bare "#", javascript: pseudo-links, and empty mailto:/tel: links are reported as broken; leftover relative placeholders such as href="todo" are resolved and actually checked.
* Editor-agnostic triggers: a Check Links button in the admin toolbar on any single post view (Gutenberg, Classic, Divi, Kadence, …) plus a Check Links row action on post-list screens.
* Live streaming results in a modal, five checks at a time, with a per-link reason and a summary line.
* Settings → Spot Check: per-post-type opt-out (new public types enabled automatically), configurable timeout (default 8 s), configurable User-Agent, and a toggle for treating blocked responses as unverifiable.
* Strict permissions: every entry point and AJAX request is gated on the per-post edit_post capability plus a nonce.
* Read-only by design: no background crawling, no cron, no stored link history, no auto-fixing. Uninstall removes the plugin's single option.
