Audit log
Audit log Every artifact the toolkit produces and every significant event it observes is recorded to a tamper-evident audit log. This is your CRA Article 31 record-keeping evidence — proof you generated what you generated, when you generated it. Where it lives A custom WordPress database table: wp_mmcra_audit_log (the prefix matches your install). One row […]
Updates and Ed25519 signature verification
Updates and Ed25519 signature verification MM CRA Toolkit updates come from mmplugs.com over the standard WordPress update channel. Every package is cryptographically signed with Ed25519 and verified by the toolkit against a bundled public key before WordPress installs it. How it works A daily cron event (mmcra_daily_update_check) calls the mmplugs.com /update endpoint with your license […]
License watermarking explained
License watermarking explained Every artifact MM CRA Toolkit generates (SBOM, DoC HTML, Compliance Bundle) is embedded with a 16-character fingerprint derived from your license key and site domain. This is an anti-piracy measure that makes leaked artifacts traceable back to the buyer they came from. What the fingerprint is A 16-character hexadecimal string. Specifically: substr( […]
Changelog
Changelog 1.10.0 — May 2026 Anti-piracy and license enforcement. License-gated features. SBOM generation, Plugin Scanner, Compliance Bundle export, DoC HTML export, and weekly OSV monitoring now require an active license. 14-day grace window covers transient network outages — the License page surfaces a countdown warning when grace is running down. License watermark on every artifact. […]
Roadmap
Roadmap What's in flight, what's next, and what's parked. Honest dates only. In flight Stripe checkout integration on mmplugs.com. Required for actually selling licenses. Target: before the September 11 deadline. License CPT on the server already supports the flow; just need the checkout half wired up. Public key baked in for signed updates. The 1.10.0 […]