feat: opt-in ALTCHA with global + per-form settings

[oxyc]

Summary

Makes ALTCHA protection opt-in with admin UI, instead of protecting every Gravity Form by default.

Previously the plugin was opt-out — every form was protected, configurable only via the should_protect filter. This adds a Gravity Forms add-on (GFAddOn) that surfaces the configuration as admin settings and flips the default:

• Global "Enable for all forms" toggle — Forms → Settings → ALTCHA. Off by default.
• Per-form "Enable ALTCHA for this form" toggle — each form's Settings → ALTCHA tab.

A form is protected when the global toggle is on or that form's own toggle is on (Settings::isEnabledForForm()). The genero/gravityforms_altcha/should_protect filter still overrides the saved settings for programmatic control.

Version bumped to 0.2.0.

⚠️ Behavior change

This flips the default from opt-out to opt-in. After upgrading, no form is protected until a toggle is enabled. Sites relying on universal coverage should turn on "Enable for all forms" after updating.

Changes

• src/Settings.php (new) — GFAddOn with global + per-form toggle fields and the isEnabledForForm() resolver.
• src/Plugin.php — register the add-on on gform_loaded; version → 0.2.0.
• src/Integration.php — shouldProtect() now defaults to the saved settings instead of hardcoded true.
• README.md — documents the settings and the filter's new role as an override.

Testing

Verified against a live WordPress + Gravity Forms 2.9 install:

• Opt-in resolver logic (no settings / per-form off / per-form on / global on) via WP-CLI.
• php -l clean, Pint passes, 6/6 PHPUnit unit tests pass.
• E2E (in the consuming site): valid proof accepted, missing proof rejected, forged-but-well-formed proof rejected by verifySolution(), and no widget rendered when a form has ALTCHA disabled.

🤖 Generated with Claude Code