NV Digital Open Operator System (NV OOS)
FreeNot checkedEnables AI-powered operations on WordPress sites, integrating multiple LLM providers and providing MCP server capabilities for chat, tools, and automation.
About
Enables AI-powered operations on WordPress sites, integrating multiple LLM providers and providing MCP server capabilities for chat, tools, and automation.
README
PHPUnit codecov JavaScript Tests PHP Linting Security Checks License: GPL v3 WordPress PHP Patent Pending Documentation
Version: 1.1.40 Release Date: 2026-07-15
See § Previous Releases for all version history.
MCP Specification: 2024-11-05 (Full Compliance)
Maintained by NV Digital
License: GPLv3 or later
Requires: WordPress 6.0+, PHP 7.4+
Patent Status: Patent Pending (Application #19/410,504)
Documentation: Grade A (95/100) — 1,617 files across 12 directories, 108 admin screenshots, 100% feature coverage
🔍 For Reviewers & Auditors
New to this repo? Start here → docs/project/FOR_REVIEWERS.md
That document answers every common question in one place: what the project is, current security posture, what's production vs experimental, PHP version requirements, AI development methodology, compliance status, and scoping advice for a limited-budget review.
Quick links for reviewers:
- Addon Inventory — what each of 26 addons does and its status
- Security Posture — current state of all 50 audit findings
- Compliance Traceability — every .org rejection reason → commit → verification command
- AI-Assisted Development — methodology, transparency, and what to scrutinize
- Architecture Overview — component diagram and data flow
📑 Table of Contents
Getting Started
- 🧩 Overview
- 🎯 Our Mission
- 🛡️ Active Security Monitoring
- ⚠️ Warranty & Safe Use
- 🏗 System Architecture
- 🚀 Features
- 📦 Installation
- 🔌 What You Lose Without Third-Party Plugins
- ⚙️ Configuration Checklist
- 📚 Documentation
Core Functionality
- 🧠 Memory & Tool Stack Overview
- 🛠 Built-in tools & automations
- 🗨️ Front-end chat surfaces
- 💬 Frontend Shortcode
Addons & Extensions
Orchestration & AI Features
AI Providers & Integration
- 🧠 Language Model Providers
- 🧱 ChatKit Integration
- 🌐 Crawl4AI Integration
- 📡 Job Notification System
- 🧊 Elementor Widgets
Performance & Optimization
- ⚡ Message Bundling
- 🎯 Agentic Loop Token Management
- 🔄 Chat Performance Optimizations
- 🌐 Mesh Compute Routing
- 🔗 Federation & Discovery System
Remote MCP Setup
- 🔒 MCP Server Authentication
- 🌐 Connecting Remote MCP Clients
- 🛰 REST API Endpoints
- 🌊 SSE Streaming Support
- 📝 MCP JSON-RPC 2.0 Endpoint
- 🔑 Assistant API Credentials
- 🎫 Token Management UI
Assistant Management
- 🛠 Assistant Editor Overview
- 📊 Assistant Storage: CPT vs CCT
- ⚡ Assistant Tool Shortcuts
- 🧠 Agent Skills
- 👔 Professional & Team Layers
- 🧵 REST Chat Payloads & Attachments
Development
- 🐳 Local Development with Docker
- 🧑💻 Development Tooling
- 📦 NPM Packages
- 🧪 Testing & QA
- 🧩 Hooks & Filters
- 🧰 WP-CLI Commands
Reference
- 🔐 JetEngine Capability Reference
- 🛰 JetEngine REST API Reference
- 🧮 Usage Tracking
- 🧷 Attachment MIME Controls
- 🧾 Logging
- 🧾 JetEngine REST Endpoint Report Helper
- 🔌 Optional Tools & Dependencies
- ✅ Manual QA Scenarios
🗺 Repository Map
| Directory | Purpose |
|---|---|
includes/ |
Core plugin classes — admin, assistants, tools, services, REST, security, providers (~15 AI backends), harness, data, markup, measurement, skills, professions, teams, slash-commands, A2A/ACP protocols, federation, elementor, blocks, crawler, integrations |
addons/ |
24 installable addons (Pro, Chat SPA, Docs Hub, SaaS Controller, Cloud Worker, Cloudways Dashboard, Toolkit Shell, Canvas, Canvas Toolkit, Document Editor, Media Studio, Graphify, Comic Reader, Funiq Bridge, AI Platform, Algorave, Cornerstone3D, Embedded, Fantasy Football, LibreChat, Schedule Anything Platform, Schedule Anything SPA, Tenant Router, Page Agent) |
assets/ |
Frontend JS/CSS, images, CSV templates, examples |
lib/ |
Framework-agnostic core library + WordPress/Laravel/Craft CMS adapters |
plugins/ |
Standalone plugins: NVOOS Graphify, NVOOS Graphify AI, NVOOS Graphify AI Platform |
packages/ |
23 NPM packages under @nvdigitalsolutions scope |
src/ |
TMA (Telegram Mini App) builders + workflow builder source |
shared/ |
Shared source code across builds |
core/ |
Standalone "core" distribution (mcp-ai-wpoos-core.php) |
config/ |
Site blueprints |
examples/ |
Agent and workflow example code |
tests/ |
PHPUnit test suite |
docs/ |
Comprehensive documentation (~1,600 files across 12 directories) |
bin/ |
Development and deployment scripts |
docker/ |
Docker Compose configuration |
languages/ |
Translation files (.pot/.po/.mo) |
patches/ |
Dependency patches |
.github/ |
CI/CD workflows (~30 pipelines), custom agents, Copilot instructions |
🧩 Overview
Real-time AI Orchestration Toolkit for Wordpress - NV oOS is a modular AI framework (Object-Oriented System) for WordPress that connects your site's data with 15 language-model providers: OpenAI, Gemini, Anthropic, DeepSeek, OpenRouter, Baseten, Kimi (Moonshot), Z.AI (GLM), DigitalOcean, NVIDIA NIM, Cloudflare Worker AI, Ollama, LM Studio, and Hugging Face. It allows you to create and manage AI Assistants that can interact with users, access WordPress data, and perform custom tool functions.
✨ What's New at a Glance (v1.1.40)
- 📝 Content Format Awareness. New
WP_MCP_AI_Content_Format_Helperdetects and preserves Markdown, HTML, and plain text formats across post-modifying and analysis tools — AI-generated content retains its intended structure through the full create/update pipeline. - 🔗 Research → Paper Store → WordPress Draft Pipeline. All research tools now support
save_to_paper_storefor staging results in the flat-file Paper Store. Newcreate_post_from_researchPro tool bridges staged research to WordPress drafts. Human-in-the-loop review before publishing. - 🎬 Demo Video Pipeline Complete (Phases 0–5). Scripted scene recording with AI voiceover narration. GitHub Actions CI workflow automates video assembly. 14 narration scripts and video catalog.
- 🔐 Settings Credential Split. Sensitive API keys moved from
wp_mcp_ai_settings(autoload) to separate non-autoloadwp_mcp_ai_credentialsoption with transparent merge. One-time migration.wp_suspend_cache_additionand dual cache clearing for defense-in-depth. - 🤖 Kimi & DeepSeek Client Parity. Both providers now match all first-class providers: streaming, tool use, token tracking, and error handling. Plus DeepSeek and 9 missing providers added to all research tools.
- 📊 Model Catalog Update (July 2026). 24 files updated across base + pro. Default bumps: Gemini
gemini-2.5-flash→gemini-3.5-flash, NVIDIAmeta/llama-3.1-8b→nvidia/nemotron-3-nano-30b-a3b, Gemini Livegemini-2.5-flash-live→gemini-3.1-flash-live-preview. - 🏗️ OOS Engine: SchemaStoreInterface + Tests. New domain contract, PostTypeSchema/TaxonomySchema entities, GetPostTypeSchemaTool, WordPress adapter. 45 new tests.
- ⚡ SSE HTTP/2 Fixes.
ob_clean()replacesob_flush()to prevent protocol errors. 524 timeout resolved in Pro SPA v2. - 🔍 Vector Store Sync — No Polling. Status now checked only on assistant change and page load, reducing API load.
- 🔧 Settings Import/Export Batch (4 fixes). Credential merge, save key wipe, subtab sanitization, export consistency — all resolved.
- 🛡️ Validated Tool Slug Allowlist. Tool slug matching fixed for validated variants.
✨ What's New at a Glance (v1.1.39)
- 🤖 Page Agent Addon v0.1.0. New addon (
addons/page-agent/) — AI-powered browser page control copilot powered by Alibaba Page Agent (MIT). Give any WordPress page its own AI agent that can click, type, and navigate via natural language, running entirely client-side with no headless browser required. Includes shortcode, Elementor widget, REST endpoints, and MCP tool bridge. - 💬 Pro SPA v2 — Major Parity Update. Voice pipeline, tasks drawer, workflow tracker, and file attachment upload to WordPress Media Library. Tool Shortcuts and Slash Commands drawers. Mobile hamburger sidebar toggle. Speech/audio button fixes using correct REST endpoint. Conversation title improvements and turn count display fix. Button and token NaN display fixes. Model sync and auth bypass fixes. Assistant preloading in runtime config.
- 🎨 Pro SPA v2 — UI Polish. Autoscroll fixes (submit, streaming start, user-at-bottom guard, scrollTop vs scrollIntoView). Viewport height fixes via CSS height chain instead of viewport calc.
overflow:hiddenon height-chain ancestors.filemtimecache-busting across all SPA addons. Lint errors resolved. - 👤 Per-User Chat Memory Preferences. Users can now toggle chat memory on/off from their WordPress user profile. Individual control over AI memory retention without affecting site-wide defaults.
- 📝 create_post / save_post Tool Enhancements. Markdown-to-HTML conversion via new
WP_MCP_AI_Tool_Markdown_Convertertrait. Smart taxonomy suggestions auto-detect relevant categories and tags. Block content corruption fixed for non-post post types. - 🔄 Workflow Blueprint & Schedule Improvements. Existing-content awareness in Content Publisher and Keyword Pipeline blueprints. Blog schedule presets now check for duplicate content before publishing. Readable response generation for workflow schedule result delivery.
- ♿ SPA Accessibility. Annotation pills made clickable with meaningful screen-reader labels.
- 🛡️ Security. OWASP ZAP DAST medium findings triaged as false positives.
✨ What's New at a Glance (v1.1.37)
- 🏭 EZuite Inventory Sync Pro Toolkit. ERP-integrated inventory sync bridging EZuite ERP with WooCommerce/WordPress. Pull products, query inventory, create/update items, manage orders, and configure API credentials — all via AI tools. Admin UI with connection selector, field mapping, and sync direction controls. CLI sync commands for batch operations.
- 🔄 Ralph Loop CCT Migration & Orchestration. Circuit breaker pattern with configurable failure thresholds. Execution logger with step-by-step tracking. CCT migration tools for safe cross-environment JetEngine data operations. Orchestration tools for multi-step workflows.
- 📅 JetBooking/JetAppointment Integration (8 tools). Adapter layer for Crocoblock booking and appointment plugins. 8 new tools + 4 enhanced calendar tools with booking/appointment awareness.
- 🧠 Moonshot AI (Kimi) & Z.AI (GLM) Provider Parity. Both providers upgraded to full DeepSeek-level chat client capabilities — streaming, tool use, token tracking. ZAI client + baseten service in DI container. Provider count now 15 first-class.
- 📋 Unified Sync Log Manager. Per-item audit trail across EZuite, FlowHub, and Shopify sync toolkits. Sync history with timestamps, status, and error tracking. Status dashboards on admin pages.
- 🎛️ Tool Presets Auto-Select & Chips Bar. Selected tools display as clickable chips with +N overflow toggle. Tool payload cap raised from 50 to 100 tools per assistant.
- 🌐 HTTrack Cache & Place-to-Service Bridge. HTML mirror import now supports HTTrack cache directories. Auto-creates bookable services during batch place import. URL backfill for mirrors without hts-cache.
- 🔌 FlowHub Per-Connection Overview. Remote Sites connection selector on FlowHub config tab. Per-connection sync controls. Proxy support via http_api_curl hook.
- 🔍 Web Search 429 Retry. Exponential backoff for rate-limited search requests.
- 🐛 45+ Bug Fixes. CCT module API mismatches across EZuite/FlowHub/Shopify (canonical Module.instance/Factory/ItemHandler). EZuite sync (missing return, field mapping, connections, CCT registration). FlowHub sync (silent failure, proxy persistence, auth headers, null cct, dry-run). Shopify sync (Catalog API guard, CCT registration lifecycle). Duplicate column errors in ensure_columns. SQLite meta cache explosion. masterminds/html5 case collision. Base-version guard blocking toolkits. Tool registry fatal guards. HTTrack import (URL resolution, hex filenames, subdirectory content, mirror detection). Necessity Gate request context crash. Auto-select compute timeout. Place-to-Service bridge collision.
- 📖 Documentation. Abilities registration plan (~1,000 tools as WordPress Abilities). Laravel-scale deployment architecture proposal. WP.org submission prep. Agent context sync.
✨ What's New at a Glance (v1.1.35)
🏪 FlowHub Inventory Sync Pro Toolkit. 6-tool cannabis dispensary management: products, inventory, locations, sync, analytics, alerts. P1 proxy support via http_api_curl hook. P2 CCT auto-registration in JetEngine custom content type tables. Auth, decryption, location_id, and null-guard fixes (PRs #5500, #5501, #5502, #5503, #5507, #5510). Admin UI toggle on Features tab.
🛒 Shopify Sync Pro Toolkit. 5-tool bi-directional e-commerce sync: products, orders, inventory, analytics, settings. Connection resolver trait. Dashboard widget with sync status and recent activity. Tool reference docs at
docs/tools/shopify-sync-toolkit.md(PR #5502).🛡️ Necessity Gate Layer J. Pre-execution safety layer that scores tool calls by irreversibility risk. Write operations (create/update/delete) assigned risk scores by resource type. Safety profile trait with clean autoload. Request context crash fix.
🎙️ Local Voice Embedded STT. Three pluggable browser-side speech-to-text backends: Web Speech API, Whisper.cpp (WASM), Vosk (WASM). Offline-first — no server dependency. Auto-detection based on browser capabilities (PR #5498).
🌐 Remote Site Administrator Blueprint. 22-tool assistant blueprint in Site Creator toolkit for full remote/local WP/WooCommerce management with JetEngine, JetFormBuilder, and REST API control. Auto-discovered by Unified Blueprints page.
📦 Places & Calendar Bulk Import. Batch import tools for Places and Calendar Booking toolkits — import multiple records in a single call (PR #5509).
💻 CLI site-import Subcommand. Multi-phase HTML mirror import for migrating static sites into WordPress — page structure extraction, content mapping, media sideloading.
🎤 Voice Realtime Auto-Detect. WebRTC/WebSocket auto-selection, duplicate message prevention, VAD threshold improvements (PR #5508).
🔧 Remote Connections Fixes. WordPress case handling normalized. FlowHub and Printful credential storage fixed (at-rest encryption). Printful connection type added (PR #5499).
🐛 7 Bug Fixes. Token-scoped assistant resolution (PR #5497), user_id empty fallback (PR #5495), credential token mapping (PR #5493), post type name lengths (PR #5484), OpenAI image deprecation cleanup (PRs #5489-#5491).
📋 Documentation. GPT-Realtime-2 upgrade proposal + 1,166-line implementation plan. FastAPI porting implementation plan (PR #5467).
🧹 Housekeeping. Stale build artifacts and toolkit-addons directory removed.
🔌 WP 7.0 Connectors Credential Integration. Credential_Resolver now integrated into all 17 AI client
get_api_key()methods. Fallback chain: WP 7.0 Connectors → plugin settings → env vars → PHP constants. Credential source badges and WP 7.0 Connectors hints rendered in admin settings UI. All 13 provider API key field descriptions updated. Provider diagnostics show key source column. Settings health check counts credentials via resolver.🧩 nvoos-graphify v1.0.0. Standalone nvoos-graphify plugin released at v1.0.0 (Plugin Check compliant). nvoos-graphify-ai released at v1.0.0-dev. Fixed critical
->prepare()spread-operator bug inDb::listNodes(). Renamedvectorcolumn →embedding_vectorto avoid MariaDB/MySQL reserved-word conflict. Fixed snake_case→camelCase method calls across tools, controllers, and cross-plugin integrations.🛡️ Security Dependencies. guzzlehttp/guzzle 7.10.0 → 7.12.1 (CVE-2026-55568, CVE-2026-55767). guzzlehttp/psr7 2.11.0 → 2.12.1 (CVE-2026-55766). guzzlehttp/promises 2.3.0 → 2.5.0. undici npm override tightened
>=7.28.0→>=8.5.0.🔒 npm Security. 29 alerts resolved across 14 packages: undici (TLS bypass CVE-2026-9697, cache info CVE-2026-9678), http-proxy-middleware (CRLF injection CVE-2026-55603), nodemailer (GHSA-p6gq-j5cr-w38f), webpack-dev-server (HMR CVE-2026-9595), dompurify (GHSA-cmwh-pvxp-8882). Fixed critical duplicate
overrideskey in rootpackage.json.🪲 Bug Fixes. Fixed missing
-pro-in WP All Import/Export require_once paths causing fatal errors when those Pro tools load. Fixed fragile@file_get_contents()warning suppression in tool status label loader — replaced with explicitset_error_handler('__return_true')to prevent leaked warnings from corrupting MCP JSON-RPC HTTP responses.📦 Dependencies. 15 Dependabot bumps across Composer, npm (stripe, zod, p-queue, csv-parse, react-query, puppeteer, vitest, wrangler, eslint-plugin, workers-types, types/node), and GitHub Actions (codecov 4→7, action-gh-release 2→3).
🧹 Housekeeping. Stale 1.1.31 and 1.1.32 build zips removed. SPA addon ZIPs rebuilt with updated security overrides.
✨ What's New at a Glance (v1.1.32)
- 📝 Content Format Templates & Featured Images. Content Format Template CPT with user-editable blog templates. Content Template Engine generates Anthropic-optimised AI prompts. Featured Image Service with 3-provider fallback (DALL-E → Gemini → Cloudflare) and 5 image styles. Provider image settings now respected instead of hardcoded defaults.
- 📬 Result Delivery Pipeline. 1,056-line service routes schedule results to 8 channels (email, Slack, Discord, Telegram, SMS, Paper Store, WordPress post, webhook). Both success and failure paths now deliver — previously only failures were surfaced.
- 📄 ECA Document Generation. ECA Consolidate & Add page with document generation tools.
- 🪲 Duplicate Posts Fixed. WordPress delivery channel removed from
weekly_blog_post_writerandweekly_blog_topic_researchpresets. Systemic guard skips WordPress delivery when AI tool calls already includecreate_postorsave_post. - ⏱️ 6 Provider Clients Timeout Fix. DeepSeek, Baseten, DigitalOcean, OpenRouter, Kimi, and Cloudflare clients now respect the global
request_timeoutsetting instead of hardcoding 60 seconds. - 🔧 Schedule Trigger Stability. Trigger crash on
rest_do_request()fixed with try/catch + pre-flight REST check. Result delivery sanitizer preserveschannelswrapper so edit modal shows saved values. AJAX handler captures PHP warnings that corrupt JSON. - 📋 Paper Store Delete Fix. Hidden inputs added to delete confirmation form so
handle_delete_record()receives required POST fields. - 🧪 npm CI & Jest Resilience. Babel ESM override pinned for Node 18/20 compatibility. Jest config probes for setup files at load time with graceful fallback. npm ci lockfile sync for 5 addons.
- 📦 Dependencies. 14 safe Dependabot bumps. 8 npm audit CVEs (nodemailer, tar, tar-fs). phpspreadsheet 5.7.0 → 5.8.0.
✨ What's New at a Glance (v1.1.31)
- 🎬 Media Command Center. Top-level NV Media admin menu with command center for media templates, presets, and blueprints.
- 💬 Pro SPA v2 — Rich Rendering & Scoping. Rich markdown rendering, per-assistant scoping, agent selector dropdown. Conversations primary, threads read-only. Version 2.0.1.
- 🧰 34 Workflow Preset Tools. All missing workflow presets implemented across 10 toolkits. Full PHPCS compliance and test suite for 36 tools.
- 🔒 npm Audit CVEs Resolved. 12 CVEs fixed: vite, launch-editor, markdown-it, ws, js-yaml, form-data, hono, dompurify, babel, opentelemetry, joi.
- 🎨 Gemini 3.1 Flash Image. Default Gemini image model upgraded to
gemini-3.1-flash-image. - 🖼 Media Toolkit Blueprints & Presets. Blueprints and scheduler presets synced to Data Management page.
- ⚡ OpenAI/DeepSeek stream_options. Streaming usage payloads now include proper
stream_optionsfor accurate usage tracking. - 💰 Agentic-Loop Cost Tracking. Tool result costs computed from tokens when not explicitly provided. Missing provider pricing added.
- 🛡️ Vite CVEs. vite ^8.0.16 for CVE-2026-53571 (server.fs.deny bypass) and CVE-2026-53632 (NTLMv2 disclosure).
- 🧹 1,658 PHPCS Lint Fixes. Across base + pro addon (44 toolkits).
- 🔧 CI Disk Space. Free disk space step added to all build workflows.
✨ What's New at a Glance (v1.1.30)
- 💬 Chat SPA Phase 8 — Message Actions. Edit, delete, regenerate, copy, and content enrichment cards on every assistant message. Conversations sidebar with assistant scoping. Auto-create thread on first message.
- 📊 PM Toolkit Enhancement Phase A–D. Shared engine powering Command Center dashboard with real-time task visibility. Work Ingestion panel. 28 new AI tools for task management, resource allocation, timeline generation, and reporting.
- 🏢 CRM Toolkit — Duplicates & Hygiene. Duplicate detection engine with safe one-click merge. Email hygiene module: domain reputation classification, exclusion/priority lists, auto-pruning. Top Customers/Clients analytics. LinkedIn & Upwork external sourcing.
- 🥧 DietPi Pro Toolkit Phases 0–3. 19+ tools for server management: system info, package/service control, backup/restore, storage, provisioning, SSH proxy. Registered as MCP server.
- 🛡️ Layer I Guardrails — Jailbreak Prevention. Stay-on-target guardrails blocking prompt-injection and role-change attacks. Configurable per-assistant via LLM Harness metabox.
- 🪟 Context Window Management. Pre-flight validation across all 13 AI providers. tiktoken integration, estimator metabox, token-budget tool capping, chat parity drift detection.
- 🌉 WP 7.0 Connectors API Bridge. Forward-compatible provider credential bridge. Classes load unconditionally on WP < 7.0.
- 🧠 Chat Transcript & Agent Memory Retention. Configurable TTL-based transcript cleanup (base). Agent memory lifecycle management with pruning and retention windows (Pro).
- ⚡ Pro Toolkit Optimizations Phase 1–3. Performance optimization across 6 Pro toolkits with autoload control, caching, and lazy loading.
- 🔌 OAuth & API Disconnect Buttons. One-click disconnect for OAuth and API connections with automatic token clearing.
- 💬 LibreChat Addon. New standalone addon with code interpreter, speech-to-text/text-to-speech, and web search reranker.
- 🪲 30+ Bug Fixes. SPA reliability sweep (thread endpoints, router context, event serialization). Agentic loop tool result persistence. CPT slug limits. Security CVEs (guzzlehttp/psr7, shell-quote, esbuild).
✨ What's New at a Glance (v1.1.29)
- 🔧 Chat Bubble Assistant Dropdown. Settings UX fixed:
chat_bubble_assistant_idchanged from manual ID input to proper assistant<select>dropdown. - 🪟 Context-Window Pre-Flight Validation. Added to all AI provider clients with shared
validate_context_window()helper, tiktoken integration, and estimator metabox. - ⚡ OpenAI SSE Streaming Fix.
stream_optionspayload flag corrected so OpenAI real-time SSE streaming triggers properly. - 📅 Schedule Preset Data Mismatches. Fixed presets losing configuration data after save. Improved error logging for preset operations.
- 🧹 Playbook Orphan Cleanup & Batching. Fixed orphan accumulation and sync timeouts with configurable chunk size batching.
- 🔄 Stale Provider Validation Lists. Provider checks moved to dynamic discovery instead of hardcoded arrays, fixing DeepSeek rejection.
- 📊 CRM Activity Titles, Due Dates & Block API v3. Activity post titles, recurring due dates, and admin blocks migrated to WordPress Block API v3.
- 🎯 OpenAI-Compatible Client — DeepSeek Parity. OpenRouter, Baseten, Kimi, DigitalOcean, NVIDIA NIM clients upgraded to DeepSeek parity.
- 🎤 Voice & Embedded LLM Missing Assets. Missing
.min.jsfiles added for voice recording/transcription and embedded LLM worker scripts. - 🪲 25+ Additional Fixes. Chat config messagesEndpoint, debug console, OOS bridge fatal error, embedding service WP_Error, SSE header warnings, memory cookie nonce, graphify content leak, model limits sync, shell-quote CVE-2026-9277, and more.
- 🧪 Tests. Chat transcript REST controller tests improved from ~4% to 87% pass rate.
✨ What's New at a Glance (v1.1.28)
- 🏢 CRM Phase C Complete. IMAP email polling, Twilio SMS webhook, Meta WhatsApp webhook, and Gmail OAuth bridge for multichannel inbound ingestion — all triaged through CRM Classifier and routed to the Workflow Command Center.
- 👥 Customer CPT + Customer 360. 5 CRUD tools for
mcp_ai_customerCPT. Customer Research & Add page with Customer 360 dashboard. Lead-to-customer conversion with deal promotion. - 🎫 Support Ticket Module — 10 AI Tools + SLA. Full ticket lifecycle: create, get, update, list, classify, escalate, resolve, reopen, merge, SLA report. Ticket automation, SLA breach detection via cron, email notifications, and optional Zendesk sync.
- 🔍 TF-IDF + BM25 Relevance Search. Dual-algorithm relevance ranking across CRM, healthcare, and base content search tools. Shared traits in both Base and Pro.
- 🧠 Transformer-Inspired Attention Routing. QKV multi-head attention (5 heads: semantic, capability, recency, dependency, risk) for semantic tool selection. Sliding-window conversation compressor. Persistent tool embedding store. RRF fusion with harness scoring.
- 🔌 Funiq Bridge Addon. Payload-to-WordPress bridge with React admin SPA, REST controllers, transformers, post types, and taxonomies.
- 🕸️ NVOOS Graphify Ecosystem. Three standalone plugins:
nvoos-graphify(visual knowledge graph, 14 tools),nvoos-graphify-ai(13 providers, streaming chat, RAG, embeddings),nvoos-graphify-ai-platform(Agents, A2A, ACP, Blueprints, Federation, Harness, Measurement, Professions, Skills, Slash Commands). Framework-agnosticlib/coreandlib/wordpress-adapterpackages. - 🏗️ NV Platform AI Addon. Top-level admin dashboard + CPTs (Project, Resource, Template).
- 🎬 Automated Demo Video Pipeline (Phases 1–3). Scripted scene recording, AI voiceover generation, automated video assembly.
- 🛡️ CRM Lead/Deal Enhancements. Enriched lead/company tables, dedicated Leads tab, data completeness KPI. Lead CPT admin expanded with contact details and remote channel link.
- 📋 Documentation & Unix Theory. Folder READMEs for new CRM subdirectories (
customers/,inbound/,support/). Compliance check errors inincludes/data/andaddons/pro/includes/traits/READMEs resolved. CRM enhancement plan updated.
✨ What's New at a Glance (v1.1.27)
- ⚡ Real-Time SSE Streaming. Real-time streaming enabled for OpenAI, DeepSeek, and all OpenAI-compatible providers. "Disable Native Streaming" control in Settings.
- 🧰 35 New OOS Core Tools. Data tools (GetPostTaxonomies, CountPosts, GetPostMeta, TruncateText, MergeArrays), format tools (FormatDate, TimeAgo, ParseCsv, MathEval, ColorConvert), infrastructure (EventDispatcher, Queue), and cache management tools.
- 📸 Extended Cognition Vision Recognition. Visual product/brand recognition with camera viewfinder UI, detection overlays, and consent gate.
- 🔧 JetFormBuilder Submission Tools — 8 Fixes. Empty results for non-admin users, form discovery pipeline, PHPCS warnings, REST route matching, form-type auto-detection, and plugin detection all fixed.
- 🎯 Graphify Tools Capability Compliance. Missing trait and explicit
get_required_capability()added to all Graphify tools. - 🤖 DeepSeek Agentic Tool Handling. Tool message filtering and payload normalisation for agentic multi-turn workflows.
- 📝 Docs Fixes. Broken links after Unix-theory reorganization resolved.
- 💰 June 2026 Model Pricing. All 13 provider pricing updated.
- 📋 Plugin Restructuring Proposals v3.0. Graphify-centric architecture spec and roadmap.
- 🛡️ Pro Toolkits Security Audit. 9 HIGH-severity security findings fixed.
- 📋 Reviewer Onboarding Docs. Complete reviewer documentation suite (
docs/project/FOR_REVIEWERS.md). - 🐳 Docker Dev Environments. WordPress, Laravel, and Craft CMS Docker environments all fixed.
- 🧪 Test Infrastructure. 95% of PHPUnit failures resolved across base, pro, and addon test suites.
- 🔧 Infrastructure Fixes. TCPDF autoloader fix, Pro vendor files committed, puppeteer detection path fix, shallow clone recommendation.
✨ What's New at a Glance (v1.1.25)
- 🧩 Unified Blueprint System. 55 pre-built AI assistant blueprints across 25 toolkits.
- ☁️ Cloudways Pro Toolkit. 60 AI tools for server and application management via Cloudways API v2.
- 🏢 CRM Toolkit Phases A–E Complete. 70+ tools: lead management, multi-channel triage, sequences, command center, compliance.
- 💬 Chat UI Enhancements. 7 features: profile card, stop generation, feedback, code copy, dark mode, prompts, search.
- 📂 Unix-Theory Tool Reorganisation Phase 4–5 Complete.
- 🎛 Pro Toolkit MCP Server Settings Pages. Phases A–C.
- 🏥 Aerlinn + Healthcare Blueprints.
- 🔧 Build Infrastructure Hardening.
✨ What's New at a Glance (v1.1.24)
- 🧹 Bug-Fix & Stabilisation Sweep. Paper Store Pro interface load order fix (deferred to
wp_mcp_ai_bootstrappedhook). Chat SPA duplicate-message and SSE protocol-mismatch fixes. Markdown rendering enabled in Chat SPA responses. - 🛡️ Skill Manager Canonical Envelope — Unix Theory P0/P1 Refinement. Skill manager now returns
WP_Erroron failure instead of the legacyarray('success' => false, ...)pattern. Skills sync endpoint added for idempotent import/export. YAML frontmatter parsing hardened against colons in description fields. - 📝 Assistant Tool Presets Coverage. 24 missing tools added to assistant creation presets. Out-of-date tests fixed.
- 🔒 CVE Patches.
tmpbumped to >=0.2.6 andsymfony/cacheto ^6.4.40 to resolve upstream CVEs. Composer vendor state committed. - 🗄️ Paper Store Admin CRUD. Full CRUD admin UI for Paper Store collections and records under Assistants menu, matching Skills admin convention.
- 🖥️ CLI Coverage Enhancements. Comprehensive WP-CLI command coverage improvements across the plugin toolchain.
- 📚 Folder README Convention — Unix Theory P7. Folder READMEs added for every PHP-bearing subdirectory across
includes/andaddons/pro/includes/. Agent context docs (CLAUDE.md,AGENTS.md) synced with recent features. - 🔧 Build & CI.
build-spa-addonsGitHub Actions workflow added. Missing SPA addon ZIPs restored. All SPA bundles rebuilt.
Privacy & Terms Notice: This plugin connects to external AI services. Review each provider's policies:
- OpenAI: Terms | Privacy
- Google Gemini: Terms | Privacy
- Anthropic: Terms | Privacy
- Cloudflare: Terms | Privacy
- Hugging Face: Terms | Privacy
- Ollama: Self-hosted (no external data transmission)
- OpenRouter: Terms | Privacy
- DigitalOcean Serverless Inference: Terms | Privacy
- DeepSeek: Terms | Privacy
- NVIDIA NIM: Terms | Privacy
- LM Studio: Self-hosted (no external data transmission)
- Baseten: Terms | Privacy
See the complete External Services Reference for all 20 services.
The plugin works standalone with ~195 base tools and optionally extends through the Pro addon, which adds ~830+ Pro tools for advanced integrations (WooCommerce, JetEngine, social media APIs, GitHub, Google services, Shopify, QuickBooks Desktop, Yahoo Fantasy Sports, ESPN Fantasy, ECA management, CRE Debt & Securitization, Cloudways server management, CRM lead/deal/customer lifecycle, support ticket management, multichannel inbound/outbound messaging) and exec-based tools (FFmpeg, WP-CLI, Python rembg, Jukebox), bringing the total to ~1,025+ built-in tools (~195 base + ~830+ Pro; live count via WP_MCP_AI_Tool_Registry::get_tools() is authoritative).
Note on Tool Count: Tools include base WordPress operations, content management, media generation, research capabilities, and optional third-party integrations. The base version (~195 tools) works standalone. The full version requires the Pro addon and provides ~1,025+ total tools including specialized toolkits for e-commerce, social media, analytics, document generation, vehicle estimation, image validation, JetEngine MCP, A2A agent delegation, CRE Debt & Securitization, Cloudways infrastructure management, CRM lead/deal/customer lifecycle + support tickets + multichannel, MCP Apps, and more. Live count via
WP_MCP_AI_Tool_Registry::get_tools()is authoritative.
Addon Ecosystem: NV oOS ships a growing family of 24 installable addons: Pro (addons/pro/ — ~830+ additional tools), Chat SPA (addons/chat-spa/ — React chat replacement), Docs Hub (addons/docs-hub/ — in-site documentation SPA), SaaS Controller + Cloud Worker (addons/saas-controller/ + addons/cloud-worker/ — NV oOS Cloud control plane), Cloudways Dashboard (addons/cloudways-dashboard/ — Cloudways server management), Toolkit Shell / Canvas / Canvas Toolkit / Document Editor / Media Studio (addons/toolkit-shell/ etc. — Toolkit SPA Blueprint Tier A–D), Graphify (addons/graphify/ — knowledge graph), Comic Reader (addons/comic-reader/ — CBR/CBZ/CB7/CBT reader), Funiq Bridge (addons/funiq-bridge/ — Payload-to-WordPress bridge with React SPA), AI Platform (addons/ai-platform/ — AI platform admin dashboard + CPTs), LibreChat (addons/librechat/ — code interpreter, speech, web search reranker), Schedule Anything Platform + SPA (addons/schedule-anything-platform/ + addons/schedule-anything-spa/ — SaaS booking with Stripe), Tenant Router (addons/tenant-router/ — multi-tenant routing), Page Agent (addons/page-agent/ — AI-powered browser page control copilot), Algorave, Cornerstone3D, Embedded, Fantasy Football. Separate standalone plugins: NVOOS Graphify (plugins/nvoos-graphify/ — visual knowledge graph), NVOOS Graphify AI (plugins/nvoos-graphify-ai/ — AI providers + chat + RAG), NVOOS Graphify AI Platform (plugins/nvoos-graphify-ai-platform/ — agents, A2A, blueprints, skills). See docs/developer/addons/toolkit-spa-blueprint.md for the blueprint all SPA addons follow.
🎯 Mission: Modernizing Small to Medium Business Websites
NV oOS is specifically designed to help small to medium-sized businesses fast-track their outdated, stale, or insecure company websites to modern technology standards—without the need to add yet another wrapper around API calls. Instead, we're trying to peel back decades of API wrappers with the help of AI, providing:
- Direct AI Integration - No middleware required. Connect directly to OpenAI, Gemini, Anthropic, Hugging Face, Cloudflare Worker AI, Ollama, LM Studio, OpenRouter, and DeepSeek without custom development
- Security-First Architecture - Built-in protection against nefarious usage with active monitoring and prevention systems
- Enterprise-Grade Features - Access to capabilities typically requiring expensive custom development
- Compliance & Audit Tools - Comprehensive logging, rate limiting, and usage tracking built-in
- Zero Technical Debt - Modern codebase following WordPress standards, ready for current technology stacks
🛡️ Active Security Monitoring
NV oOS actively prevents and monitors against nefarious behavior. The plugin includes:
- Nefarious Usage Monitor - Real-time detection of suspicious patterns and automatic emergency shutdown capabilities【F:includes/class-wp-mcp-ai-nefarious-usage-monitor.php†L1-L676】
- Root Security Key - Optional emergency authentication layer to prevent unauthorized reactivation after security incidents【F:docs/features/security/root-security-key.md†L1-L511】
- Granular Capability Controls - Every tool and API endpoint enforces WordPress capabilities to prevent unauthorized access
- Rate Limiting - Built-in protection against abuse with configurable limits per user, model, and time period
- Comprehensive Audit Logging - Track all API calls, tool executions, and security events for compliance and forensic analysis
- Input Sanitization & Output Escaping - All user input sanitized, all output escaped following WordPress security best practices
This is not a tool for circumventing security or promoting bad practices. Every feature is designed with security, transparency, and responsible AI usage as core principles. The plugin actively works to stop and prevent misuse before it happens.
Latest audit: See docs/operations/compliance/SECURITY_AUDIT_2026_04.md — the published summary of the April 2026 security & compliance code review (no Critical findings; 5 High items, 3 Fixed and 2 Partially Fixed). Full deliverables under docs/project/audits/2026-04/.
WordPress.org compliance hardening (May 9, 2026): docs/operations/compliance/WORDPRESS_ORG_COMPLIANCE_2026_05_09.md — findings B3, B8, B10, B13, and production vendor remap all resolved.
⚠️ Warranty & Safe Use
We make every effort to keep NV oOS safe and secure — but by design, it can be destructive and resource-intensive when not properly configured.
NV oOS grants AI assistants access to powerful WordPress operations. The same capability that automates real work can cause irreversible harm if misconfigured:
- Destructive tools — bulk content deletion, user management, file writes, mass email, WP-CLI, direct database operations
- API billing exposure — uncapped AI provider calls can exhaust quotas and trigger unexpected charges
- Server resource exhaustion — concurrent agentic loops and SSE streams can saturate CPU/memory on shared hosting
Before going live: test on staging, take verified backups, apply least-privilege tool permissions, enable rate limiting, and review the system prompt of every public-facing assistant.
📄 Full details: WARRANTY.md — security commitment, "AS IS" disclaimer, destructive-operations table, resource-consumption guide, and mitigation checklist aligned with OWASP, NIST SP 800-53, ISO/IEC 27001, and the WordPress Plugin Developer Handbook.
Patent Pending
NV oOS is the subject of a pending patent application for its novel System and Method for Dynamic AI Orchestration Layer with Real-Time Capability Gating and Resource Budgeting.
Application Number: 19/410,504
The patent covers NV oOS's innovative approach to implementing sophisticated AI orchestration in WordPress's request-based PHP architecture—a platform not designed for real-time streaming, asynchronous operations, or persistent state management. This technical achievement enables enterprise-grade AI capabilities on WordPress by recreating event-driven behavior within PHP's synchronous execution model.
Key Innovations Covered:
- Dynamic resource budget allocation during streaming operations
- Capability-based access control for AI tool execution
- Registry-state-based scheduling in stateless environments
- Metrics-driven budget adjustment for real-time optimization
- Persistent-behavior illusion in request-based architectures
The orchestration layer makes NV oOS unique in the WordPress ecosystem by solving fundamental architectural limitations that prevent traditional WordPress plugins from supporting advanced AI features. See the System Architecture section below for technical details on how these innovations work together.
🏗 System Architecture
NV oOS implements a comprehensive orchestration layer for managing AI operations during real-time streaming events. The system architecture comprises:
- 15 language-model providers — OpenAI, Gemini, Anthropic, DeepSeek, OpenRouter, Baseten, Kimi (Moonshot), Z.AI (GLM), DigitalOcean, NVIDIA NIM, Cloudflare Worker AI, Ollama, LM Studio, Hugging Face, Flowhub
- ~990 tool classes (~195 base + ~795 Pro; live count via
WP_MCP_AI_Tool_Registry::get_tools()is authoritative) registered through a singleton Tool Registry - 36 REST controllers (16 base + 20 pro) under the
mcp-ai/v1namespace - 64 service classes powering orchestration, budgets, and workflows
- 5 authentication methods — WordPress nonce, assistant credentials, mesh keys, Auth0 JWT, guest tokens
- Toolkit MCP servers — per-toolkit JSON-RPC 2.0 servers exposed under
/wp-json/mcp-ai-pro/v1/mcp/{slug}; discoverable at/.well-known/mcp - 8 inline-async-tick consumers — cooperative tick-lock pattern eliminates WP-Cron startup latency for background jobs (transcript mining, async tool executor, SaaS Apply, Crawl4AI, Docs Hub rebuild, Graphify reindex, Harness eval, Gemini Veo polling)
- 7 LLM Harness layers (+ 1 Pro) — opt-in epistemic layers A–H activated per-assistant via the LLM Harness metabox
- Orchestration Phases 1–7 — HITL approval queue, prompt-injection detector, structured output, OTel exporter, DAG builder, durable runs, triggers/webhooks, sub-agents
📖 For a detailed explanation of how NV oOS extends standard SSE and MCP protocols with novel orchestration features, see ORCHESTRATION-LAYER-ARCHITECTURE.md
Core Orchestration Layer: Overcoming PHP's Limitations
Critical Context: Most real-time AI streaming systems are built with Node.js, Python FastAPI, or Go — platforms designed for asynchronous, event-driven operations. These platforms natively support:
- Long-lived connections and persistent state
- Non-blocking I/O and parallel execution
- Event loops and asynchronous callbacks
- WebSocket protocols and SSE streaming
NV oOS achieves the same capabilities in PHP/WordPress — an environment fundamentally not designed for these patterns — through a sophisticated orchestration layer that creates a "persistent-behavior illusion":
- Real-Time Budget Enforcement - Monitors token/memory usage during streaming, prevents exhaustion through predictive allocation
- Capability-Based Tool Gating - WordPress role-based access control for AI tool execution
- Predictive Optimization - Analyzes usage patterns to prevent resource overruns before they occur
- Distributed Orchestration - Multi-provider support with policy-aware routing
- Auditability & Compliance - Complete governance layer with logging and rate limiting
- Cron-Based Task Orchestration - Extends orchestration to async operations with budget inheritance
Multi-Agent Orchestration Enhancement (DeepSeek V4-Inspired)
Added: January 2026 (v1.1.0)
Building upon the core orchestration layer, NV oOS now includes a sophisticated multi-agent coordination framework inspired by DeepSeek V4's orchestration patterns:
Key Components:
- Agent Role System - Four specialized roles (Planner, Executor, Critic, Specialist) with role-specific capabilities
- Team Composition - Automated team assembly based on task requirements and profession expertise
- Coordinated Workflows - Multi-step workflows with agent delegation, result aggregation, and validation
- Team CPT Integration - Persistent team configurations with orchestration modes (single/sequential/parallel/swarm)
- Profession-Based Discovery - 296 professions auto-assigned agent roles via intelligent seeding across 17 knowledge bases
Example Multi-Agent Workflow:
// 1. Compose research team (planner + executors + critic)
$orchestrator = new WP_MCP_AI_Agent_Team_Orchestrator();
$team = $orchestrator->compose_team( array( 'task_type' => 'research' ) );
// 2. Execute coordinated workflow
// Planner decomposes task → Executors research subtasks →
// Communication service aggregates → Critic validates quality
$result = $orchestrator->execute_team_workflow( $team, $task, $context );
Documentation:
- See Multi-Agent Orchestration for complete technical details
- See DEEPSEEK-V4-README.md for documentation suite overview
- See DEEPSEEK-V4-USAGE-GUIDE.md for practical examples
Why This Architecture Is Novel: Overcoming PHP's Limitations
- Event loops and background workers
PHP/WordPress, by contrast, is fundamentally request-based:
- Every HTTP request spawns a new process that dies after responding
- I/O operations block execution
- No persistent memory between requests
- No native event loop or async coordination
NV oOS solves this by implementing an orchestration layer that creates a "persistent-behavior illusion" — effectively recreating Node.js's event loop behavior within WordPress's synchronous, request-based architecture. This architectural compensation is the system's core technical innovation:
| PHP Limitation | NV oOS Solution |
|---|---|
| No persistent state | Registry & policy engine maintain state via database/cache |
| No event loop | Cron Manager extends orchestration across time-shifted operations |
| Blocking I/O | Predictive budget allocator prevents blocking operations |
| Request-based lifecycle | SSE controller implements streaming within request boundaries |
| No background workers | WordPress cron system simulates async job processing |
This makes NV oOS patent-worthy as a technical workaround — it achieves sophisticated AI orchestration in an environment specifically not designed for such patterns. See ORCHESTRATION-LAYER-ARCHITECTURE.md for the complete technical analysis.
Computer-Implemented Resource Management
The system operates as a computer-implemented method executing on a processor with memory, performing:
Dynamic Resource Budget Allocation: The orchestration layer dynamically allocates token and memory budgets to tool execution requests based on real-time system capacity and operation requirements. The
WP_MCP_AI_Resource_Managercontinuously monitors server resources (PHP memory limits, execution time constraints) and automatically adjusts operational parameters.Capability-Based Access Control: Tool execution endpoints enforce granular capability-based access controls. Each tool in the registry declares required WordPress capabilities, and the REST API controller validates user permissions before allowing execution. This ensures secure, policy-driven access to all operations.
Registry-State-Based Scheduling: The
WP_MCP_AI_Tool_Registrymaintains tool availability state and schedules execution based on policy constraints. Tools are loaded conditionally based on dependency availability, and execution is scheduled according to assistant configuration and user permissions.Metrics-Driven Budget Adjustment: The system continuously monitors execution metrics (memory usage, API response times, token consumption) and adjusts resource budgets in response to prevent resource exhaustion and reduce latency. The
WP_MCP_AI_Token_Budget_Managerimplements safety margins and dynamic chunking to prevent API limit overruns.
System Components
The system comprises a processor and memory storing instructions that:
- Monitor real-time resource availability through PHP runtime introspection
- Enforce capability checks at REST endpoint boundaries
- Schedule tool execution through a centralized registry
- Adjust token and memory budgets based on detected system metrics
- Maintain operation logs for audit and optimization
This architecture is embodied in non-transitory computer-readable media (PHP source files) that, when executed by a web server processor, cause the system to perform the complete resource management workflow. The implementation prioritizes stability, security, and efficient resource utilization across diverse hosting environments.
Symfony Process Integration (December 2025)
NV oOS Pro addon integrates the Symfony Process component for secure external command execution. This modern framework replaces direct exec() calls in 6 Pro tools and 2 supporting services, providing:
- Enhanced Security: Proper argument escaping and command validation
- Timeout Management: Configurable timeouts with graceful handling
- Better Error Handling: Comprehensive exception catching and WordPress-friendly error reporting
- Process Control: Real-time output streaming and cancellation support
Migrated Tools & Services:
- FFmpeg operations (video frame extraction, metadata reading)
- Python rembg (background removal)
- WP-CLI execution
- Meta AI Jukebox (music generation)
- Supporting services for video and audio processing
The Process Service (WP_MCP_AI_Process_Service) provides WordPress-friendly wrappers with WP_Error integration, making external process execution consistent with WordPress coding standards.【F:includes/services/class-wp-mcp-ai-process-service.php†L1-L220】【F:docs/history/2025/implementations/symfony-phases/SYMFONY_PHASE2B_PROCESS_INTEGRATION.md†L1-L100】
🆕 Latest Updates (v1.1.40 — July 2026)
July 12–15, 2026 — Content Format Awareness, Research Pipeline, Settings Credential Split, Model Catalog, Provider Parity, SSE Fixes
- ✅ Content Format Awareness. New
WP_MCP_AI_Content_Format_Helperclass (585 lines) detects and preserves Markdown, HTML, and plain text formats across post-modifying and analysis tools. Full 582-line test suite. - ✅ Research → Paper Store → WordPress Draft Pipeline. All research tools support
save_to_paper_storeparameter. Newcreate_post_from_researchPro tool. New action hooks. Backward-compatible. - ✅ Settings Credential Split. Sensitive API keys moved to separate non-autoload
wp_mcp_ai_credentialsoption with transparent merge viaget_settings(). One-time migration. Defense-in-depth withwp_suspend_cache_addition. Settings import/export batch fixes (4 PRs). - ✅ Demo Video Pipeline Complete (Phases 0–5). Scripted scene recording with AI voiceover. GitHub Actions CI workflow. 14 narration scripts.
- ✅ Kimi & DeepSeek Client Parity. Full streaming, tool use, and token tracking parity. DeepSeek and 9 missing providers added to all research tools.
- ✅ Model Catalog Update (July 2026). 24 files across base + pro. Default bumps: Gemini
gemini-2.5-flash→gemini-3.5-flash, NVIDIAmeta/llama-3.1-8b→nvidia/nemotron-3-nano-30b-a3b, Gemini Livegemini-2.5-flash-live→gemini-3.1-flash-live-preview. - ✅ OOS Engine: SchemaStoreInterface + Tests. New domain contract, entities, tool, and WordPress adapter. 45 new unit and integration tests.
- ✅ SSE HTTP/2 Fixes.
ob_clean()replacesob_flush(). 524 timeout resolved in Pro SPA v2. - ✅ Vector Store Sync No Polling. Status checked only on assistant change and page load.
- ✅ Validated Tool Slug Allowlist fix (PR #5680).
- 📦 Versioning — bumped to 1.1.40 across all version-bearing files. Tool count: ~195 base + ~830+ Pro (~1,025+ total; live count via
WP_MCP_AI_Tool_Registry::get_tools()is authoritative). Provider count: 15 first-class language-model providers. Addon count: 26.
🆕 Previous Updates (v1.1.39 — July 2026)
July 10–13, 2026 — Meta-Harness Auto-Optimization, Agent Delegation Rework, Pro SPA v2 Polish, Tool Presets Refactor, CRM Enhancements 🧠🔄💬🎛️📊
- ✅ Meta-Harness Auto-Optimization System (All 7 Phases). New self-improving agent infrastructure: Trace Store + Trace Capture for execution telemetry (Phases 0-1); Harness Search Engine for telemetry querying (Phase 2); Pro Coding-Agent Proposer for automated improvement suggestions (Phase 3); Cues, Population, Auto-Deploy, and DSpark orchestration (Phases 4-6); comprehensive test coverage (Phase 7). Enables plugins to observe, analyze, and self-optimize AI agent execution.
- ✅ Agent Delegation — Major Rework. Delegation now runs inline instead of async for immediate results. REST-based dispatch via chat endpoint replaces no-op role executor. Cron resilience: delegation jobs no longer silently fail without retry.
spawn_cron()added afterwp_schedule_single_eventfor instant deferred job execution. Name-based agent resolution indelegate_to_agenttool. Wire-up and tasks drawer fixes in SPA v2. - ✅ Pro SPA v2 — Polish & Fixes (20+ PRs). Vector store indicator and slash autocomplete positioning (PR #5666). Double path in vector store preload URL fixed (PR #5665). TDZ crash in CommandAutocomplete resolved (PR #5664). Inline command autocomplete and Zed-style refresh (PR #5663). Cost badges restored in response UI (PR #5661).
allowSensitiveToolsconfig propagated to chat-spa, Pro SPA v2, and delegation dispatch (PR #5658). Tool result rich rendering, sidebar auto-refresh, and media cache-busting (PR #5651). Auto-save transcripts ononFinishcallback (PR #5650). Attachment support, save button, and storage display (PR #5646). Tasks drawer toolbar button with failedCount badge (PR #5642). Speech/audio tool response envelope fix (PR #5636). Capability flags rendering fix (PR #5635). Usage badges and image+text rendering fix (PR #5634). Sidebar media panel visibility and ID column (PR #5633). Media insert button + speech button reposition (PR #5632). System prompt leak, sidebar empty state, media-to-chat bridge (PR #5631). Tool display and conversation duplication fix (PR #5626). Composer mobile bottom padding (PR #5625). Media grid flexbox layout fix (PR #5624). - ✅ Tool Presets Refactor. Essentials layers added, duplication stripped, auto-upgrade for validated variants (PR #5660). Validated tool auto-upgrade no longer causes duplicate names and not-allowed errors (PR #5662). Double tool execution fixed in SSE adapters with media refresh filter clear (PR #5652).
tool_call_idfallback for DeepSeek streaming and SPA v2 tool results (PR #5638). Save button added, tool messages withouttool_call_idstripped (PR #5648). Tool message block indentation auto-fixed (PR #5638). - ✅ CRM Enhancements. CRM cache loop fixed (PR #5645). Upwork rate limiting (PR #5645). Freelance Platforms & External Sourcing configuration enhanced (PR #5639).
- ✅ Infrastructure. Veo 2.0 deprecated — Gemini Omni Flash replacement (PR #5667): migration path, deprecation detection preventing wasteful 404 fallback loops, user-facing error messages recommending
gemini-omni-flash(10s duration, native audio, multi-turn editing), cost calculator updated, tool schema defaults updated, admin settings updated, tests updated. Workflow auth and protected method errors fixed (PR #5659). ZAP scan Docker network isolation resolved (PR #5637). npm packages rebuilt and built assets updated (PR #5653). - ✅ Documentation. Comprehensive OpenMed integration plan v2 added (PR #5641).
- 📦 Versioning — bumped to 1.1.39 across
mcp-ai-wpoos.php,WP_MCP_AI_VERSIONconstant (includes/bootstrap/constants.php),readme.txt,README.md,CHANGELOG.md,QUICK_REFERENCE.md,ROADMAP.md, andDOCUMENTATION_INDEX.md. Tool count: ~195 base + ~830+ Pro (~1,025+ total; live count viaWP_MCP_AI_Tool_Registry::get_tools()is authoritative). Provider count: 15 first-class language-model providers. Addon count: 26.
🆕 Previous Updates (v1.1.38 — July 2026)
July 10, 2026 — Page Agent Addon, Pro SPA v2 Parity, User Memory Toggle, Tool Enhancements, Workflow Improvements 🤖💬👤📝🔄
- ✅ Page Agent Addon v0.1.0. New addon at
addons/page-agent/— AI-powered browser page control copilot powered by Alibaba Page Agent (MIT). Gives any WordPress page its own AI agent that can click, type, and navigate via natural language. Runs entirely client-side with no headless browser, Python, or Chrome extension required. Includes shortcode[mcp_ai_page_agent], Elementor widget, REST endpoints, MCP tool bridge, and admin settings page. - ✅ Pro SPA v2 — Major Parity & Polish. Voice pipeline, tasks drawer, workflow tracker, and file attachment upload to WordPress Media Library. Tool Shortcuts and Slash Commands drawers for quick tool access. Mobile hamburger sidebar toggle. Speech/audio button fixes using correct ToolsClient REST endpoint. Conversation title improvements and turn count display fix. Button and token NaN fixes. Model sync and auth bypass fixes. Assistant preloading in runtime config to fix sidebar loading.
- ✅ Pro SPA v2 — UI Polish. Autoscroll fixes (scroll-to-bottom on submit, streaming start, user-at-bottom guard, restored via direct scrollTop instead of scrollIntoView). Viewport height fixes via CSS height chain instead of
calc(100vh - Xpx).overflow:hiddenon height-chain ancestors.filemtime-based cache-busting across all SPA addons. Lint errors resolved in both chat-SPA and pro-SPA. Deduplicated model selector to prevent React duplicate-key warning. REST route registration fixed and production assets rebuilt. - ✅ Per-User Chat Memory Preferences. Users can now toggle chat memory on/off from their WordPress user profile. Individual control over AI memory retention without affecting site-wide defaults. Settings page integration.
- ✅ create_post / save_post Tool Enhancements. Markdown-to-HTML conversion via new
WP_MCP_AI_Tool_Markdown_Convertertrait — auto-converts Markdown content to HTML when creating or updating posts. Smart taxonomy suggestions auto-detect relevant categories and tags. Block content corruption fix for non-post post types. - ✅ Workflow Blueprint & Schedule Improvements. Existing-content awareness in Content Publisher and Keyword Pipeline blueprints. Blog schedule presets now check for duplicate content before publishing. Readable response generation for workflow schedule result delivery.
- ✅ SPA Accessibility. Annotation pills made clickable with meaningful labels for screen readers.
- ✅ Security. OWASP ZAP DAST medium findings triaged as false positives.
- 📦 Versioning — bumped to 1.1.38 across
mcp-ai-wpoos.php,WP_MCP_AI_VERSIONconstant (includes/bootstrap/constants.php),readme.txt,README.md,CHANGELOG.md,QUICK_REFERENCE.md,ROADMAP.md, andDOCUMENTATION_INDEX.md. Tool count: ~195 base + ~830+ Pro (~1,025+ total; live count viaWP_MCP_AI_Tool_Registry::get_tools()is authoritative). Provider count: 15 first-class language-model providers. Addon count: 26.
🆕 Previous Updates (v1.1.37 — July 2026)
July 4–8, 2026 — JetEngine Meta Helper, Places Enrichment, RabbitMQ, Multi-Tenant DB, DSpark UI, Test Coverage, Docs Hub Broken Link Engine 🧩📍🐇🏢📊🧪🔗
- ✅ JetEngine Meta Helper (Universal). Unified REST exposure for all 25 Pro CPTs —
show_in_restandregister_post_metaapplied across the board. ECA_eca_*and_student_*fields registered in the JetEngine meta registry. MCP routing and error reporting bugs fixed. Load-order fix ensures the helper is available before dependent toolkit inits. - ✅ Places Toolkit Enrichment. Two new AI tools —
enrich_place_coordinates(batch geocoding) andenrich_place_details(Google Places API enrichment). Social media and booking fields added to the Places CCT schema. CLI bin scripts for batch enrichment operations. HTTrack import hardened: redirect stub handling, coordinate parsing, parent-child linking, and CLI parameter validation. - ✅ RabbitMQ Client & Queue Infrastructure. RabbitMQ client wired with queue manager and async tool interception. Queue storage migrated from WordPress options to custom database tables for scalability. Health endpoint for queue monitoring. Dedicated queue worker for background processing.
- ✅ Multi-Tenant Database Isolation (Phase 0–4 Complete). Phase 0 laid the foundation with database isolation primitives and connection routing. Phases 1–4 delivered query scoping, schema isolation, cross-tenant safety guards, and admin controls — the full isolation stack is now operational.
- ✅ DSpark Admin UI & Speculative Orchestration. New admin page with settings, threshold configuration, efficiency dashboard, presets, and a hook system for extensibility. Speculative orchestration enhancements with configurable execution strategies.
- ✅ Crocoblock Design System Addon (All 5 Phases). New standalone addon at
addons/crocoblock-ds/. Unified CSS custom properties, preset templates, and admin-controlled theming for JetEngine, JetSmartFilters, and JetFormBuilder. Registered in addon inventory and build pipeline. - ✅ Test Coverage — 329 Tools Across 28 Toolkits. 301 previously untested tools now covered by batch tests. 6 previously untested pro toolkits with full coverage. 22 toolkits covered across 7 batch test files. HTTP testing infrastructure for remote tool tests. Docker plugin seed service for integration test coverage. CRM, PM, DietPi, and Cloudways test suites hardened with recursive file search, dependency resolution, and graceful skipping for abstract/missing classes.
- ✅ Docs Hub Broken Link Detection & Repair Engine. Automated broken link scanning with results table. One-click Accept fix buttons on the detail table. Suggestion engine regression fixed (was producing no suggestions).
- ✅ SPA Annotation Pills — Accessible. Clickable pills with meaningful labels for screen readers.
- ✅ CI/CD Hardening. OWASP ZAP DAST security scanning integrated into the CI pipeline. PHP bumped from 8.1 to 8.2 across all CI workflows. QA Docker setup fixed (unnecessary chmod on bind-mounted script).
- ✅ Webhook & Agentic-Loop Resilience. Proactive agentic-loop context compaction prevents context overflow during long-running agent sessions. Webhook Context Manager enhanced with industry best practices. Sliding window context loss fixed across all 11 webhook controllers.
max_history_messagessection default normalized to match base settings (8). - ✅ Shopify Sync — Catalog API & Minimal Mode. Catalog API sync support for product caching. Minimal sync mode (title, SKU, stock levels only) for fast updates. Price field added to minimal mode payload.
- ✅ BME Chat History Context Strategy. RAG memory integration for chat history. Settings relocated to General → Behavior subtab on the new dashboard.
- ✅ Bug Fixes. Shopify Catalog API silent failures and result reporting. Recurring sync stuck at old interval with missing connection IDs. Sync log batching via deferred writes to avoid per-item DB timeouts. Webhook auto-reply broken by missing Webhook Context Manager require. Import-blueprints and remaining-pro-tools file discovery. Extended-cognition toolkit missing requires for trait and interface. Tool tests: static data providers, constructor mocks, slug overrides, WP_Error returns. js-yaml DoS vulnerability override. ESLint and WPCS compliance across test files and enrichment tools.
- 📦 Versioning — bumped to 1.1.37 across
mcp-ai-wpoos.php,WP_MCP_AI_VERSIONconstant (includes/bootstrap/constants.php),readme.txt,README.md,CHANGELOG.md,QUICK_REFERENCE.md,ROADMAP.md, andDOCUMENTATION_INDEX.md. Tool count: ~195 base + ~830+ Pro (~1,025+ total; live count viaWP_MCP_AI_Tool_Registry::get_tools()is authoritative). Provider count: 15 first-class language-model providers.
🆕 Previous Updates (v1.1.36 — July 2026)
June 29 – July 4, 2026 — EZuite Inventory Sync, Ralph Loop Orchestration, JetBooking/JetAppointment, Moonshot/Z.AI Parity, 45+ Bug Fixes 🏭🔄📅🧠🐛
- ✅ EZuite Inventory Sync Pro Toolkit. ERP-integrated inventory sync bridging EZuite ERP with WordPress/WooCommerce. Product pull, inventory query, item create/update, ERP settings, and CLI sync commands. Admin UI with connection selector, field mapping, and sync direction controls. Toolkit registered in Pro addon with auto-discovery.
- ✅ Ralph Loop CCT Migration & Orchestration. Circuit breaker pattern with configurable failure thresholds prevents cascading failures during cross-environment operations. Execution logger with step-by-step tracking and error reporting. CCT migration tools for safe JetEngine data transfers. Orchestration tools for coordinating multi-step workflows.
- ✅ JetBooking/JetAppointment Integration (8 Tools). Adapter layer for Crocoblock JetBooking and JetAppointment plugins. 8 new AI tools added to the Calendar Booking toolkit. 4 existing calendar tools enhanced with booking/appointment awareness. Full CRUD for appointments, bookings, and availability queries.
- ✅ Moonshot AI (Kimi) & Z.AI (GLM) Provider Parity. Both providers upgraded to full DeepSeek-level chat client capabilities — streaming, tool use, token tracking, and error handling. ZAI client service registered in DI container alongside
client.baseten. Class loader updated for new provider adapters. WPCS formatting auto-fixed across all provider client files. Provider count now 15 first-class. - ✅ Unified Sync Log Manager. Per-item audit trail across EZuite, FlowHub, and Shopify sync toolkits. Sync history with timestamps, status codes, and detailed error tracking. Status dashboards on toolkit settings pages. WP-CLI integration for log querying and export.
- ✅ Tool Presets Auto-Select & Chips Bar. Selected tools display as clickable chips below the tool selector with proper spacing. +N overflow toggle when too many chips are selected. Tool payload cap raised from 50 to 100 tools per assistant. Method-existence guard against tools lacking
get_definition(). - ✅ HTTrack Cache Support & Place-to-Service Bridge. HTML place import tool now supports HTTrack cache directories for proper mirror parsing. URL backfill for mirrors without
hts-cachedirectory. Place-to-Service bridge auto-creates bookable services during batch place import. Service sharing prevented when source URLs collide. - ✅ FlowHub Per-Connection Overview. Remote Sites connection selector added to FlowHub config tab. Per-connection sync controls — run sync for individual connections instead of all-at-once. Proxy support via
http_api_curlhook with connection-level proxy resolution. - ✅ Generate Default Mapping + Read-Only Sync. One-click default mapping buttons for EZuite and FlowHub field mapping. Read-only sync direction option — pull data without pushing changes back to source.
- ✅ Web Search 429 Retry. Exponential backoff for rate-limited (HTTP 429) web search requests with configurable retry count and base delay.
- ✅ wp_mcp_ai_log Global Helper. Centralized logging function available globally, defined in
includes/bootstrap/for availability before class autoloading. - ✅ JetEngine CCT Support for Remote WP Connections. Remote WordPress connections can now query and manage JetEngine CCT records — full CRUD support for remote CCTs via the
remote_wp_connectiontool. - ✅ CCT Module API & CRUD Fixes (Cross-Toolkit). Replaced fragile
jet_engine()->cctshorthand with canonicalModule::instance()across EZuite, FlowHub, and Shopify CCT managers. Standardized CRUD usingFactory/ItemHandlerAPIs. Addedtable_exists()fallback tois_cct_available()for lazy-init environments. Fixedget_cct_modulefalse negatives when CCT module is active but not yet loaded. - ✅ EZuite Sync Fixes. Missing return value with error diagnostics. API field mapping response key mismatch. Remote Sites connections not showing in toolkit settings (2 rounds). CCT auto-registration reading from wrong option key.
- ✅ FlowHub Sync Fixes. Silent success with 0 records now reports actual counts and errors. Proxy settings now correctly persist in Remote Sites connections. API auth header names corrected. Null CCT module guarded. Dry-run mode uses modules API instead of fragile shorthand. Location ID made optional with primary fallback.
- ✅ Shopify Sync Fixes. Catalog API-only connections blocked with clear error. CCT registration lifecycle uses explicit sanitize-update cycle. Meta fields populated in CCT registration. Column add_field routed through
module->managerinstead of rawjet_engine()->cct. - ✅ CCT Infrastructure Fixes. Duplicate column errors prevented in
ensure_columnsacross all three toolkits.add_fieldAPI replaced with direct SQL ALTER TABLE. Nonexistentget_item_by_slug()replaced with DB query. JetEngine CCT field definitions synchronized when columns missing. - ✅ SQLite Meta Cache Explosion Fix. Unbounded meta cache growth on SQLite-backed sites resolved.
- ✅ masterminds/html5 Case Collision Fix. Class file collision on case-insensitive filesystems (Windows/macOS) resolved.
- ✅ Base-Version Guard Fix. Guard no longer incorrectly blocks toolkit admin pages in base+pro mode.
- ✅ HTTrack Import Robustness. URL resolution, redirect filtering, and type classification. File discovery bugs (SKIP_DOTS, isDot, substring skip-dir matching). Hex-encoded filename support. Non-GNU glob compatibility for subdirectory content. Improved mirror root detection.
- ✅ Necessity Gate & Safety Profile Fixes. Request context crash guarded against missing
get_instance(). Safety profile trait autoload fixed — required from interface. - ✅ Auto-Select Compute Fix. O(n*m) timeout on assistant edit page resolved.
- ✅ Tool Chip UI Fixes. PHP parse errors from unescaped double-quotes in inline JavaScript fixed.
- ✅ Documentation. Comprehensive abilities registration plan (~1,000 tools as WordPress Abilities). Laravel-scale deployment architecture proposal with Graphify ecosystem cross-references. WP.org submission prep (readme, index.php, canonical envelopes, READMEs). Agent context sweep —
AGENTS.md,CLAUDE.md,.context/pro-vs-base.mdupdated. CHANGELOG v1.1.36 section. - ✅ Housekeeping. Stale build artifacts and toolkit-addons directory cleaned.
- 📦 Versioning — bumped to 1.1.36 across
mcp-ai-wpoos.php,WP_MCP_AI_VERSIONconstant (includes/bootstrap/constants.php),readme.txt,README.md,CHANGELOG.md,QUICK_REFERENCE.md,ROADMAP.md, andDOCUMENTATION_INDEX.md. Tool count: ~195 base + ~830+ Pro (~1,025+ total; live count viaWP_MCP_AI_Tool_Registry::get_tools()is authoritative). Provider count: 15 first-class language-model providers (added Moonshot Kimi & Z.AI GLM at DeepSeek parity).
🆕 Previous Updates (v1.1.35 — June 2026)
June 27–29, 2026 — FlowHub + Shopify Sync Pro Toolkits, Necessity Gate Layer J, Local Voice STT, Remote Site Admin Blueprint, Bulk Import, Fixes 🏪🛒🛡️🎙️🌐
- ✅ FlowHub Inventory Sync Pro Toolkit (PR #5501). 6-tool cannabis dispensary management toolkit. FlowHub Products (
flowhub_products) — query by location, category, brand, strain type. FlowHub Inventory (flowhub_inventory) — real-time levels, room/zone filtering, low-stock detection. FlowHub Locations (flowhub_locations) — address, contact, operational status. FlowHub Sync (flowhub_sync) — scheduled sync with webhook support. FlowHub Analytics (flowhub_analytics) — sales trends, top products, category performance. FlowHub Alert Manager — configurable low-stock and compliance alerts. FlowHub Settings (flowhub_settings) — API credentials, sync intervals, notifications. Connection resolver trait. Admin UI toggle on Features tab. Folder README ataddons/pro/includes/tools/flowhub/README.md. - ✅ FlowHub P1+P2 Enhancements (PR #5502). P1: Proxy support via
http_api_curlhook for environments behind forward proxies. P2: CCT auto-registration — inventory data stored in JetEngine tables. Connection auth fixes: API header names corrected; class-name collision withWP_MCP_AI_FlowHub_Clientresolved. API key decryption on credential update fixed (PR #5500).location_idmade optional — defaults to primary location. Null guard againstjet_engine()->cctfor sites without JetEngine. - ✅ Shopify Sync Pro Toolkit (PR #5502). 5-tool bi-directional e-commerce sync: Shopify Products (
shopify_sync_products) — product sync with variant support. Shopify Orders (shopify_sync_orders) — order import with fulfillment tracking. Shopify Inventory (shopify_sync_inventory) — real-time stock sync. Shopify Analytics (shopify_sync_analytics) — cross-platform reporting. Shopify Settings (shopify_sync_settings) — API credential and sync config. Dashboard widget. Connection resolver trait. Admin UI toggle. Tool reference docs atdocs/tools/shopify-sync-toolkit.mdanddocs/tools/flowhub-toolkit.md. Folder README ataddons/pro/includes/tools/shopify-sync/README.md. - ✅ Necessity Gate Layer J — Irreversibility-Weighted Safety Profiles. Pre-execution safety layer (
WP_MCP_AI_Necessity_Gate) scores tool calls by irreversibility risk. Write operations (create/update/delete) assigned risk scores by resource type. Safety profile trait loaded from interface for clean autoload. Request context crash fix: guards againstWP_MCP_AI_Request_Contextlackingget_instance(). - ✅ Local Voice Embedded STT (PR #5498). Three pluggable browser-side speech-to-text backends: browser-native Web Speech API, Whisper.cpp (WASM), and Vosk (WASM). Offline-first — STT engines run entirely in the browser with no server dependency. Auto-detection selects the best available backend based on browser capabilities.
- ✅ Remote Site Administrator Blueprint. New 22-tool CRM-style blueprint
remote-site-administrator.jsonin Site Creator toolkit. Pre-configured withremote_wp_connection, full JetEngine suite (11 tools), JetFormBuilder (2), site admin (4 —install_and_activate_plugin,install_and_activate_theme,update_option,create_post/update_post/delete_post),woo_products,generic_rest_api. Comprehensive system prompt with discovery→schema→execution workflow, tool reference, and 8 safety rules. Temperature 0.3,manage_optionscapability. Auto-discovered by Unified Blueprints page andimport_site_creator_blueprinttool. - ✅ Places & Calendar Bulk Import Tools (PR #5509). Batch import tools for Places and Calendar Booking toolkits. Places bulk import: batch geocode and store location records. Calendar bulk import: batch create events, appointments, bookings.
- ✅ CLI site-import Subcommand.
wp mcp-ai site-import— multi-phase HTML mirror import for migrating static sites into WordPress. Handles page structure extraction, content mapping, and media sideloading. - ✅ Voice Realtime Auto-Detect (PR #5508). WebRTC realtime voice auto-detection — automatically selects WebRTC or WebSocket transport. Duplicate message fix prevents echoed messages. VAD threshold improvements for better voice activity detection.
- ✅ Remote Connections Fixes (PR #5499). WordPress connection case handling normalized. FlowHub and Printful credential storage fixed — credentials correctly encrypted at rest. Printful connection type added to Remote Sites connection types.
- ✅ Token-Scoped Assistant Resolution (PR #5497). Token-scoped assistant now preferred over site default in resolver, ensuring bearer-token-authenticated requests use correct assistant config.
- ✅ User ID Empty Fallback (PR #5495).
user_idresolution updated to useempty()instead ofisset()for context fallback, fixing zero/empty-string bypass. - ✅ Local Credential Token Mapping (PR #5493). Local credential token user ID mapping corrected for consistent identity resolution.
- ✅ Post Type Name Lengths (PR #5484). Post type names exceeding 20-char WordPress limit now truncated with validation warnings.
- ✅ OpenAI Image Deprecation Cleanup (PRs #5489-#5491). Removed deprecated DALL-E models. Applied chat model fallback to
edit_image_via_responses_api. GPT-5.x chat models for image generation. Defaults andresponse_formathandling fixed. - ✅ Documentation. Agent context sweep —
AGENTS.md(v1.7),CLAUDE.md(v2.7),.context/pro-vs-base.mdupdated. CHANGELOG v1.1.35 section. - ✅ Housekeeping. Stale 1.1.34 build zips removed (6 files).
- 📦 Versioning — bumped to 1.1.35 across
mcp-ai-wpoos.php,WP_MCP_AI_VERSIONconstant (includes/bootstrap/constants.php),readme.txt,README.md,CHANGELOG.md,QUICK_REFERENCE.md,ROADMAP.md, andDOCUMENTATION_INDEX.md. Tool count: ~195 base + ~810+ Pro (~1,005+ total; live count viaWP_MCP_AI_Tool_Registry::get_tools()is authoritative). Provider count: 13 first-class language-model providers (unchanged).
🆕 Previous Updates (v1.1.33 — June 2026)
June 20–24, 2026 — WP 7.0 Connectors Credential Integration, nvoos-graphify v1.0.0, Security Fixes 🔌🧩🛡️🔒
- ✅ WP 7.0 Connectors Credential Integration (PR #5458).
Credential_Resolverintegrated into all 17 AI clientget_api_key()methods (Anthropic, Baseten, DeepSeek, DigitalOcean, Gemini, Gemini Live, Google Maps, Hugging Face, Kimi, LM Studio, NVIDIA, OpenAI, OpenAI Realtime, OpenRouter, plus 3 service classes). Fallback chain: WP 7.0 Connectors → plugin settings → environment variables → PHP constants. Newget_key_source()/get_key_source_label()methods added toCredential_Resolver. Credential source badges and WP 7.0 Connectors hints rendered in admin settings UI (Settings → Providers). All 13 provider API key field descriptions updated to mention alternative credential sources. Provider diagnostics now show a Key Source column indicating where each provider's API key originates. Settings health check counts credentials resolved via theCredential_Resolver. 17 Pro addon files updated to useCredential_Resolver::has_credentials()/get_api_key()for provider selection, OCR routing, vector store, embeddings, speech, and performance checks. All PHPCS-clean with zero new errors. - ✅ nvoos-graphify v1.0.0 Release (PR #5456). Standalone nvoos-graphify plugin released at v1.0.0 — Plugin Check compliant and ready for distribution. nvoos-graphify-ai plugin released at v1.0.0-dev. Fixed 8 output-escaping errors in
Section.phpviaprintf()withesc_attr(). Fixed critical->prepare()spread-operator bug inDb::listNodes()causing runtime fatals. Renamedvectorcolumn →embedding_vectorto avoid MariaDB/MySQL reserved-word conflict; bumped DB version. Fixed snake_case→camelCase method calls across tools (GetNode,GetNeighbors,QueryGraph,GraphStats), controllers (SyncRemoteSource, REST), and cross-plugin integrations (nvoos-graphify-ai). Guarded missing Webhook driver and fixed Crypto namespace. Addedmessagefield to Enricher stub for detectable false-success states. Updated Remote README to reflect stub reality (no drivers, no SSRF, no encryption). Documented actual REST access model:read+ guest token for reads,manage_optionsfor export/write. - ✅ Security Dependencies (PR #5457). guzzlehttp/guzzle 7.10.0 → 7.12.1 (CVE-2026-55568, CVE-2026-55767). guzzlehttp/psr7 2.11.0 → 2.12.1 (CVE-2026-55766). guzzlehttp/promises 2.3.0 → 2.5.0. undici npm override tightened from
>=7.28.0to>=8.5.0to match resolved version and prevent downgrades. - ✅ npm Security (PR #5438). 29 npm security alerts resolved across 14 packages. undici: TLS bypass (CVE-2026-9697) and cache info disclosure (CVE-2026-9678) — override applied to 11 addon lock files. http-proxy-middleware: CRLF injection (CVE-2026-55603) — override
>=3.0.7. nodemailer: raw option bypass (GHSA-p6gq-j5cr-w38f) — bumped^8.0.9→^9.0.1. webpack-dev-server: HMR interception (CVE-2026-9595) — override>=5.2.5. dompurify: ALLOWED_ATTR pollution (GHSA-cmwh-pvxp-8882) — bumped^3.4.9→^3.4.11. Fixed critical duplicateoverrideskey in rootpackage.jsonthat silently discarded all 39 security overrides. - ✅ Bug Fix — WP All Import/Export Pro Tools (commit
0de3cdf). Fourrequire_oncepaths in the Pro bootstrap map (addons/pro/mcp-ai-wpoos-pro.php) were missing-pro-in the filenames, referencingclass-wp-mcp-ai-tool-*.phpinstead of the actualclass-wp-mcp-ai-pro-tool-*.phpfiles on disk, causing fatal errors when those tools loaded. - ✅ Bug Fix — Tool Status Label Loader (commit
749ffce). Replaced fragile@file_get_contents()with explicitset_error_handler('__return_true')/restore_error_handler()in both copies ofload_tool_status_labels()(includes/class-wp-mcp-ai-tool-registry.phpandincludes/admin/sections/class-wp-mcp-ai-section-tools.php). The@operator does not reliably suppress warnings across all PHP 8 configurations (e.g. xdebug.scream, custom error handlers), and leaked warnings corrupt MCP JSON-RPC HTTP responses. - ✅ Dependency Updates. 15 Dependabot version bumps across the monorepo: Composer (guzzlehttp/psr7 2.11.0→2.12.1). npm/Pro (stripe 14.25.0→22.2.3, csv-parse 5.6.0→7.0.0, p-queue 8.1.1→9.3.0, @puppeteer/browsers upgrade). npm/SaaS Controller (@wordpress/eslint-plugin 25.2.0→25.4.1, zod 3.x→4.4.3, @tanstack/react-query upgrade, wrangler upgrade). npm/Cloud Worker (stripe upgrade, vitest 2.x→4.1.9, @cloudflare/workers-types upgrade). npm/Docs Hub (@typescript-eslint 8.x→8.62.0, @types/node→26.0.0). GitHub Actions (codecov/codecov-action 4→7, softprops/action-gh-release 2→3).
- ✅ Housekeeping. Stale 1.1.31 build zips removed (PR #5437). Stale 1.1.32 build zips removed (6 files). SPA addon ZIPs rebuilt with updated security overrides and dependency bumps. nvoos-graphify standalone ZIP built at v1.0.0. nvoos-graphify-ai ZIP built at v1.0.0-dev.
- 📦 Versioning — bumped to 1.1.33 across
mcp-ai-wpoos.php,WP_MCP_AI_VERSIONconstant (includes/bootstrap/constants.php),readme.txt,README.md, andCHANGELOG.md. Provider count: 13 first-class language-model providers (unchanged). Tool count: ~195 base + ~795 Pro (~990 total; live count viaWP_MCP_AI_Tool_Registry::get_tools()is authoritative). - ✅ MCP Initialize: Assistant-Scoped Instructions & Model Preferences (PR #5462). Both the base
/mcp-ai/v1/mcpendpoint and all 29 Pro toolkit MCP servers now carry the assistant's system prompt, professional role context, model preferences (modelPreferences— supported by Zed, Claude Desktop, Cursor), and knowledge base references in theinitializehandshake instead of a generic WordPress site description.serverInfo.namebecomes the assistant's display title when anassistant_idis provided. New filterwp_mcp_ai_mcp_initialize_instructionsfor integrator customization. Zero breaking changes — behavior is identical when noassistant_idis passed. Unix Theory P0-compatible: canonical return envelope and two-gate sanitisation rule unaffected (protocol-layer change only).
June 17–19, 2026 — Content Format Templates, Result Delivery Pipeline, Featured Images, Provider Timeout Fixes 📝📬⏱️🔧
- ✅ Content Format Templates & Featured Image Generation (PR #5433). Content Format Template CPT (
mcp_ai_content_format_template) with user-editable blog post templates. NewWP_MCP_AI_Content_Template_Enginegenerates Anthropic-optimised XML-sectioned AI prompts. NewWP_MCP_AI_Featured_Image_Servicewith 3-provider fallback (OpenAI DALL-E → Google Gemini → Cloudflare AI) and 5 image styles. Image Generation Provider dropdown on the CPT metabox. Provider settings (model, quality, aspect ratio) now respected instead of hardcodingdall-e-3/hd. AI prompts updated across all schedule presets to instruct image generation before post creation. 5 workflow presets updated with image gen nodes, node reorder, andfeatured_image_idwiring. Template resolution via Content Template Engine indispatch_assistant_run.resolve_node_template_variablesfor cross-node variable passthrough. 5 default templates seeded on activation. - ✅ Result Delivery Pipeline (PR #5425). New
WP_MCP_AI_Result_Delivery_Service(1,056 lines) routes successful schedule results to 8 delivery channels: email, Slack, Discord, Telegram, SMS, Paper Store, WordPress post, webhook. Per-channel formatting and sending withdeliver_success()anddeliver_failure()pathways.result_deliveryschema added to schedule CRUD. Result Delivery section in schedule edit modal UI. Delivery status appended to run history and result envelopes. Pre-configured Paper Store delivery for 8 research/audit presets. Both success and failure paths now deliver — previously only failures were surfaced. - ✅ ECA Document Generation (PR #5423). ECA Consolidate & Add page with document generation tools. PHPCS alignment fixes across ECA admin pages.
- ✅ Duplicate Posts & Provider Image Fixes (PR #5434). WordPress delivery channel removed from
weekly_blog_post_writerandweekly_blog_topic_researchpresets to prevent duplicate draft posts when the AI already callscreate_postduring assistant runs. Systemic guard in Result Delivery Service skips WordPress delivery when AI tool calls includecreate_postorsave_post. Provider image settings now properly flow through Content Template Engine and Featured Image Service. - ✅ 6 Provider Clients Now Respect Timeout (PR #5431). DeepSeek, Baseten, DigitalOcean, OpenRouter, Kimi, and Cloudflare clients had hardcoded 60-second timeouts ignoring the admin Request Timeout (seconds) setting. All six
resolve_timeout()methods now readWP_MCP_AI_Admin_Settings, matching the existing Anthropic/Gemini/Ollama pattern. Kimi retains its provider-specifickimi_timeoutoverride. - ✅ Schedule Trigger Stability (PRs #5429, #5430). Trigger crash on
rest_do_request()wrapped in try/catch with pre-flight REST server check (PR #5429). User context restored and filters cleaned up in all error paths.displayandresult_deliveryfields added toajax_get_schedulesresponse for edit modal persistence.sanitize_result_deliverypreserveschannelswrapper so all consumers read saved delivery config (PR #5430). Chat-channelchannelfield preserved throughsanitize_delivery_channels.ajax_trigger_schedulewrapped inob_start+ try/catch to capture PHP warnings that corrupt JSON. Trigger debug output logged to browser console whenWP_DEBUGis on. - ✅ Paper Store Delete Confirmation Fix (PR #5432). Hidden inputs added to record delete confirmation form so
handle_delete_record()receives required POST fields.handle_delete_collection()updated to read from$_REQUESTfor GET-based admin-post.php links. - ✅ ECA Settings Menu & Attachment Fix (PR #5421). ECA settings menu placement corrected. Attachment upload crash in ECA admin pages resolved.
- ✅ npm CI & Jest Resilience (PR #5428).
@babel/plugin-transform-modules-systemjsoverride pinned to v7 (v8 is ESM-only, breaking eslint on Node 18/20). Rootpackage-lock.jsonregenerated with override applied.jest.config.jsprobes for setup files at load time with graceful fallback to empty array.jest.setup.jsat repo root.|| exit 0ontest:coveragefor CI. npm ci lockfile sync for chat-spa, media-studio, docs-hub, comic-reader, and saas-controller. - ✅ Dependency Updates. 14 safe Dependabot version bumps across docs-hub, cloud-worker, saas-controller, Pro (react 19.2.6→19.2.7, vitest 4.1.5→4.1.9, stripe, workers-types, eslint 8.59.2→8.61.1, php-stubs 6.9.1→7.0.0, mailparser 3.7.1→3.9.9, validator 13.12.0→13.15.35). 8 npm audit CVEs fixed: nodemailer, tar, tar-fs. Security overrides added to 8 addon package.json files.
phpoffice/phpspreadsheetlock synced 5.7.0→5.8.0. - 📦 Versioning — bumped to 1.1.32 across
mcp-ai-wpoos.php,WP_MCP_AI_VERSIONconstant (includes/bootstrap/constants.php),readme.txt,README.md, andCHANGELOG.md. Provider count: 13 first-class language-model providers (unchanged). Tool count: ~195 base + ~795 Pro (~990 total; live count viaWP_MCP_AI_Tool_Registry::get_tools()is authoritative).
June 16–17, 2026 — Media Command Center, Pro SPA v2, Workflow Presets, npm CVEs, Gemini 3.1 Flash 🎬💬🧰🔒🎨
- ✅ Media Command Center (PR #5402). Top-level "NV Media" admin menu with command center for managing media workflows. Template and preset management. PHPCS cleanup and
implode()WP_Error crash fix in the templates tab. - ✅ Pro SPA v2 Migration & Rich Rendering (PRs #5401, #5412, #5414). Pro SPA v2 ported to feature parity with chat-spa and old pro-spa. Rich markdown rendering for assistant responses. Per-assistant scoping dropdown and agent selector. Conversations set as primary view; threads marked read-only after archival. CSS class-name mismatches fixed, causing previously unstyled UI to render correctly. Cache-bust version bump and admin layout fit within WordPress chrome (PR #5416). Bumped to v2.0.1.
- ✅ 34 Missing Workflow Preset Tools (PR #5418). All missing workflow presets implemented across 10 toolkits (AI Tool Builder, Analytics, Architect Agent, Architectural Design, Calendar Booking, CRM, Document Generation, DJ Management, Social Media, Video Production). Orphaned media tools created and Upwork tool availability fixed. Full PHPCS compliance and comprehensive test suite validating all 36 new tools (class existence, interface implementation, slug resolution, metadata, capability flags).
- ✅ npm Audit CVE Fixes (PR #5419). 12 CVEs resolved across the dependency tree: vite (CVE-2026-53571 server.fs.deny bypass), launch-editor (CVE-2026-53632 NTLMv2 disclosure), markdown-it (CVE-2026-48988 smartquotes DoS), ws (memory exhaustion), js-yaml (quadratic DoS), form-data (CRLF injection), hono (path traversal, CORS, Set-Cookie), dompurify (XSS sanitization bypasses), @babel/core (arbitrary file read), @opentelemetry/core (unbounded memory), joi (RangeError DoS). ajv bump reverted to restore ESLint 8 compatibility. Root npm audit: 51→0 vulnerabilities.
- ✅ Gemini 3.1 Flash Image Default (PR #5404). Default Gemini image generation model upgraded to
gemini-3.1-flash-image. - ✅ Media Toolkit Blueprints & Scheduler Presets (PRs #5398, #5411). Blueprints and scheduler presets added to the media toolkit. Media Toolkit sync integrated into the Data Management page. Private
get_media_presets()visibility fixed to prevent fatal error when called externally. - ✅ OpenAI/DeepSeek stream_options (PR #5400).
stream_optionspayload added to OpenAI and DeepSeek streaming API calls, enabling proper usage-tracking inclusion during streaming responses. - ✅ Tool Result Cost Calculation (PR #5395). Tool result costs now computed from token counts when not explicitly provided by the provider, ensuring accurate cost attribution in agentic loops.
- ✅ Agentic-Loop Cost Tracking (PR #5394). Missing provider pricing entries added across the cost-tracking layer, fixing under-reporting in multi-turn agentic workflows.
- ✅ Vite CVE Fixes (PR #5403). vite pinned to ^8.0.16 in devDeps to resolve CVE-2026-53571 (server.fs.deny bypass) and CVE-2026-53632 (NTLMv2 disclosure via launch-editor middleware). Pro SPA v2 production assets built and dist output un-gitignored.
- ✅ 1,658 PHPCS Lint Fixes (PR #5397). Full lint pass across base plugin and Pro addon (44 toolkits). Short ternaries converted to full, count() moved out of loops, docblock capitalisation normalized, require_once paths corrected for renamed optimization and tool files.
- ✅ CI Disk Space Cleanup (PR #5417).
Free disk spacestep added to all build workflows to prevent runner disk exhaustion during large ZIP assembly. - ✅ Data Integrity Fixes. PII pseudonymisation logic restored after being lost during a merge conflict resolution (PR #5398). CPT data store post type mismatch for CRM entities resolved (PR #5396).
June 12–15, 2026 — Chat SPA Phase 8, PM Toolkit A–D, CRM Duplicates & Hygiene, DietPi Toolkit, LibreChat Addon, Context Windows, WP 7.0 Bridge 🪲💬📊🔧🛡️
- ✅ Chat SPA Phase 8 — Message Actions & Content Enrichment (PRs #5381, #5383, #5390). Conversations sidebar with assistant scoping in the Pro Chat SPA. Auto-create thread when posting to a non-existent thread. Message action cards on every assistant bubble: edit, delete, regenerate, copy, and content enrichment. Pro SPA chat routed through chat-client endpoint; threads marked read-only after archival.
- ✅ Project Management Toolkit Enhancement Phase A–D (PR #5370). Shared
WP_MCP_AI_PM_Enginepowering the new Command Center dashboard with real-time task visibility, status filters, and bulk actions. Work Ingestion panel on the tasks tab for importing external tasks. 28 new AI tools spanning task management, resource allocation, timeline generation, and reporting. - ✅ CRM Toolkit — Duplicates, Email Hygiene & Analytics (PRs #5362, #5367, #5368). Duplicate detection engine with safe one-click merge and bulk merge from the new Duplicates tab. Email hygiene module: classify domains by reputation, manage exclusion/priority lists, and auto-prune. Top Customers and Top Clients analytics tools with dedicated Command Center tabs. Merged status filter and column on leads admin list. Inline tag editing and email priority/exclude actions. Repair CRM data tool fixing broken dates, generic titles, and impersonal sender names. Refresh All Sources button on Support tab. LinkedIn & Upwork external sourcing with LinkedIn as a Remote Sites OAuth 2.0 connection type.
- ✅ DietPi Pro Toolkit Phases 0–3 (PRs #5346, #5348, #5350). Foundations: CPT/CCT scaffolding, admin settings page, 19 core tools for system monitoring, package management, and service control. Phase 2: backup, update, storage, and dashboard tools. Phase 3: provisioning automation, infrastructure blueprints, and SSH proxy. Registered as an MCP server with Feature subtab toggle.
- ✅ LibreChat Addon (PR #5336). New
addons/librechat/addon with code interpreter, speech-to-text/text-to-speech services, and web search reranker. Added to SPA build workflow and addon ZIP build pipeline. - ✅ Layer I Guardrails — Stay-on-Target Jailbreak Prevention (PRs #5340, #5344). Harness Layer I intercepts prompt-injection and role-change attacks. Activated per-assistant via the LLM Harness metabox.
- ✅ Context Window Management — All 13 Providers (PRs #5335, #5348, #5352). Pre-flight context-window validation added to every AI provider client (OpenAI, Anthropic, Gemini, DeepSeek, OpenRouter, Baseten, Kimi, DigitalOcean, NVIDIA, Cloudflare, Hugging Face, LM Studio, Ollama). Shared
validate_context_window()helper in the language model router. tiktoken integration for accurate token counting with estimator metabox on the Assistant editor. Token-budget tool capping — tools exceeding remaining budget are auto-excluded. Chat parity drift detection workflow. Model limits synced with June 2026 canonical catalog. - ✅ WP 7.0 Connectors API Bridge (PR #5387). Bridge for provider credentials enabling forward-compatibility with the WordPress 7.0 Connectors API. Classes load unconditionally to prevent fatal errors on WP < 7.0.
- ✅ Chat Transcript & Agent Memory Retention (PRs #5356, #5357).
WP_MCP_AI_Transcript_Retention— configurable retention policies and automatic cleanup cron.WP_MCP_AI_Memory_Retention— agent memory lifecycle management with pruning and retention windows. - ✅ Pro Toolkit Optimizations Phase 1–3 (PRs #5355, #5356, #5357). Phase 1: Chat Channels and Social Media toolkits. Phase 2: Healthcare, Ecommerce, Calendar, and Orchestration. Phase 3: Document Generation and QMS. All classes wired into their toolkit init files with 767-line PHPUnit test suite.
- ✅ OAuth & API Connection Management (PR #5351). Disconnect buttons for OAuth and API connections. Auto-clear OAuth tokens when provider credentials change on save.
- ✅ SPA Reliability Sweep (PRs #5371–#5379). Register thread REST endpoints (fixes
createThreadcrash). Fix SPA router context error. FixcreateThreadevent serialization crash. Register POST/threads/{id}/messagesendpoint. Pass model and profile tocreateThread. Fix SPA bootstrap tools, turn count, and REST route. Fix SPA enqueue paths and PM blueprints. Restore Zed-inspired SPA after accidental revert. Build SPA bundle and fix import paths. - ✅ Core & Provider Fixes. 12 test suites fixed and SPL autoloader ordering corrected (#5392). Toolkit MCP tools returning empty
inputSchemafor image tools (#5391). OOS engine fatal error from undefinedsendRequest(#5389). Agentic loop tool result persistence across all providers (#5354). OpenAI real-time SSE streaming (#5327). Bridge credential resolver on WP < 7.0 (#5388). Stale provider validation lists rejecting DeepSeek (#5323). Schedule preset data mismatches (#5329). - ✅ CRM & Data Fixes. CRM configured sources count showing 0 for valid Gmail connections (#5386). Slider/range fields not rendering (#5361). 3 CPT slugs exceeding 20-character limit (#5361). Support ticket CPT rename
mcp_ai_support_ticket→mcp_ai_ticket(#5360). Memory tools capability flags (#5364). Extended Cognition review issues (#5363). Playbook orphans and sync timeouts (#5322, #5325). - ✅ Addon Fixes. Docs Hub: async rebuild stalls, browse critical error, broken Intuit privacy link (#5359). Cloudways Dashboard: removed
Requires Pluginsheader (#5353); base-active check in_is_ready()(#5385). Pro Integrations subtab overwriting redirect (#5347). Performance monitor: buttons, reports, test execution restored (#5366). DietPi Toolkit PHPCS and PHPCompat fixes (#5346). - ✅ Security. guzzlehttp/psr7 pinned to ^2.10.2 for CVE-2026-49214 (#5352). esbuild pinned to ^0.28.1; integrity check vulnerability in Pro addon (#5382). shell-quote bumped to >=1.8.4 for CVE-2026-9277 (#5330). vitest/vite/esbuild alerts in schedule-anything-spa (#5338).
- ✅ Infrastructure.
redirect_canonicalno longer breaks well-known endpoints (#5349).tool-status.txtreads guarded against missing files (#5348). WPCS lint in section-tools and tool-registry (#5348). ESLintno-varin performance-admin.js (#5366). PHPCS in CRM analytics (#5320). Chat parity workflow YAML and permissions fix (#5336). - ✅ Blueprint & Doc Updates. 46 healthcare-style blueprints converted to CRM-style format (#5373). All legacy flat-format blueprints upgraded to canonical (#5372). v1.1.29 comprehensive documentation refresh across all surfaces (#5365). 66 proposal statuses audited (#5335). README updated with PM toolkit and repository map (#5370). 75 PHPCS violations auto-fixed in Pro bootstrap (#5321).
- 📦 Versioning — bumped to 1.1.31 across
mcp-ai-wpoos.php,WP_MCP_AI_VERSIONconstant (includes/bootstrap/constants.php),readme.txt,README.md, andCHANGELOG.md. Provider count: 13 first-class language-model providers (unchanged). Tool count: ~195 base + ~795 Pro (~990 total; live count viaWP_MCP_AI_Tool_Registry::get_tools()is authoritative).
🆕 Previous Updates (v1.1.32 — June 2026)
June 7–11, 2026 — Bug-Fix & Stabilisation Sweep 🪲🔧⚡
- ✅ Chat Bubble Assistant Dropdown (PR #5333). Fixed settings UX:
chat_bubble_assistant_idfield on the Chat Bubble settings page (wp-admin/admin.php?page=wp-mcp-ai-dashboard&tab=general&subtab=chat_bubble) changed from a plain<input type="number">to a proper<select>dropdown populated with all published assistants. Addedget_assistant_options()helper method toWP_MCP_AI_Section_Chat_Clientmatching the pattern used bydefault_assistantin General → Core Settings. Users can now select assistants by name instead of manually typing numeric IDs. - ✅ Context-Window Pre-Flight Validation — All 13 Providers (PR #5328). Added pre-flight context-window validation to all AI provider clients: OpenAI, Anthropic, Gemini, DeepSeek, OpenRouter, Baseten, Kimi, DigitalOcean, NVIDIA NIM, Cloudflare, Hugging Face, LM Studio, and Ollama. Shared
validate_context_window()helper method inWP_MCP_AI_AI_Client_Base. Integratedtiktokenfor accurate token counting with estimator metabox on the Assistant editor. Token-budget tool capping prevents exceeding model limits. Context-window management documentation atdocs/developer/architecture/context-window-management.md. - ✅ OpenAI SSE Streaming Fix (PR #5327). Fixed
stream_optionspayload flag that prevented OpenAI real-time SSE streaming from triggering. Theinclude_usageflag was incorrectly nested, causing the OpenAI API to ignore the streaming request and return a non-streamed response. - ✅ Schedule Preset Data Mismatches (PR #5329). Fixed schedule preset data mismatches where presets would lose configuration data after save. Improved error logging for preset operations with structured log contexts.
- ✅ Playbook Orphan Cleanup & Batching (PRs #5322, #5325). Fixed orphan playbook accumulation where deleted parent records left unreachable children. Added JetEngine validation before deletion to prevent data corruption. Fixed sync timeouts for large playbook sets by implementing batch processing with configurable chunk sizes.
playbook_delete_batch_timeoutnow uses iterative deletion instead of single-query operations. - ✅ Stale Provider Validation Lists (PR #5323). Fixed provider validation lists in multiple locations that rejected DeepSeek and newer providers. Updated
WP_MCP_AI_Section_General::validate()andWP_MCP_AI_REST_Chat_Controllerprovider checks to use dynamic provider discovery viaWP_MCP_AI_Admin_Settings::get_available_providers()instead of hardcoded arrays. Also fixed default provider validation in CRM settings and Pro REST controllers. - ✅ CRM Activity Titles, Due Dates & Block API v3 (PR #5320). Fixed CRM activity post titles not displaying correctly when created via AI tools. Fixed due date calculations for recurring activities. Migrated CRM admin blocks to WordPress Block API v3 (
apiVersion: 3) for compatibility with WP 6.9+. - ✅ OpenAI-Compatible Client — DeepSeek Parity (PR #5315). Enhanced all OpenAI-compatible chat clients (OpenRouter, Baseten, Kimi, DigitalOcean, NVIDIA NIM) to parity with the DeepSeek client: added
max_completion_tokenssupport, temperature normalisation,top_phandling, and properstopsequence forwarding. - ✅ Voice & Embedded LLM Missing Assets (PR #5319). Added missing
.min.jsasset files for voice recording/transcription scripts and embedded LLM worker scripts. These files were referenced bywp_register_script()but missing from the build output, causing 404 errors on sites using minified assets. - ✅ Chat Config messagesEndpoint & Tool Count Guard (PR #5318). Fixed chat config
messagesEndpointpointing to the wrong REST route in certain configurations. Added a tool count guard that returns a clear error message when an assistant has more tools configured than the provider's limit, preventing silent failures. - ✅ Chat Debug Console Fixes (PRs #5316, #5317). Fixed
chatDebugModeusing loose equality (==instead of===) so PHP's string'1'is accepted alongside JavaScript's booleantrue. Fixed legacy chat debug console not displaying when enabled via admin settings — the debug panel container was hidden by a CSS rule that only targeted the new SPA debug view. - ✅ OOS Bridge, Embedding Fatal & SSE Headers (PR #5313). Fixed OOS bridge initialization failing when the core framework was loaded before WordPress user context was available. Fixed embedding service fatal error when API key was not configured — now returns a graceful
WP_Error. Fixed SSE header warnings in PHP 8.1+ caused byheader_remove()being called after output started. - ✅ Memory Cookie-Check Nonce Fix (PR #5312). Fixed "Cookie check failed" error on the admin Test Assistant memory drawer. The memory REST controller was generating a nonce on
init(before the user session was available), producing an invalid nonce for authenticated users. Nonce generation moved to thewphook. - ✅ Chat Transcript Tests — 4% to 87% Pass Rate (PR #5310). Fixed chat transcript REST controller tests. Root causes: test factories not creating posts with the correct
post_type, missingWP_REST_Serverinitialization, session key normalisation mismatches, and permission callback assertions testing the wrong user role. Pass rate improved from ~4% (3/80) to 87% (70/80). - ✅ Graphify Related Content Leak (PR #5291). Fixed graphify related content leaking to wrong page sections — content isolation tightened so graph nodes only render within their designated container element.
- ✅ Model Limits — June 2026 Canonical Catalog (PR #5331). Synced model limits (max tokens, max output tokens, rate limits) with the June 2026 canonical catalog across all providers.
- ✅ Security — shell-quote CVE-2026-9277 (PR #5330). Bumped
shell-quoteto >=1.8.4 via npm overrides to fix CVE-2026-9277 (command injection via insufficient escaping). - 📦 Versioning — bumped to 1.1.29 across
mcp-ai-wpoos.php,WP_MCP_AI_VERSIONconstant (includes/bootstrap/constants.php),package.json,readme.txtStable tag,README.md, anddocs/DOCUMENTATION_INDEX.md. Provider count: 14 first-class language-model providers (OpenAI, Gemini, Anthropic, DeepSeek, OpenRouter, Baseten, Kimi, DigitalOcean, NVIDIA NIM, Cloudflare, Hugging Face, LM Studio, Ollama, Flowhub). Tool count: ~195 base + ~795 Pro (~990 total; live count viaWP_MCP_AI_Tool_Registry::get_tools()is authoritative).
📋 Previous Releases
For full details on all releases, see CHANGELOG.md.
| Version | Date | Highlights |
|---|---|---|
| v1.1.38 | Jul 2026 | Page Agent addon v0.1.0 (AI browser page control copilot), Pro SPA v2 major parity & polish (voice pipeline, tasks drawer, workflow tracker, file attachments, tool shortcuts, slash commands, mobile hamburger, autoscroll/viewport fixes, cache-busting, assistant preloading), Per-user chat memory toggle, create_post/save_post Markdown-to-HTML + taxonomy suggestions, Workflow blueprint existing-content awareness, SPA accessibility: annotation pills, ZAP medium findings triaged |
| v1.1.37 | Jul 2026 | JetEngine Meta Helper universal (25 CPTs, REST, ECA fields), Places enrichment tools, RabbitMQ + queue infrastructure (custom DB tables, health endpoint, worker), Multi-tenant DB isolation Phase 0–4, DSpark admin UI + speculative orchestration, Crocoblock Design System addon (5 phases), Test coverage: 329 tools across 28 toolkits, Docs Hub broken link engine, OWASP ZAP DAST, 30+ bug fixes |
| v1.1.36 | Jul 2026 | EZuite Inventory Sync Pro Toolkit, Ralph Loop CCT migration + circuit breaker, JetBooking/JetAppointment (8 tools), Moonshot/Z.AI provider parity (15 total), Unified Sync Log Manager, Tool Presets Auto-Select + Chips Bar, HTTrack Cache + Place-to-Service Bridge, Generate Default Mapping + read-only sync, 45+ bug fixes |
| v1.1.35 | Jun 2026 | FlowHub Inventory Sync Pro Toolkit (6 tools), Shopify Sync Pro Toolkit (5 tools), Necessity Gate Layer J (irreversibility-weighted safety), Local Voice Embedded STT (3 backends, offline-first), Remote Site Administrator blueprint (22 tools), Places & Calendar bulk import, CLI site-import subcommand, voice realtime auto-detect, 7 bug fixes |
| v1.1.34 | Jun 2026 | GPT-Realtime-2 voice models with WebRTC + Translate/Whisper + reasoning, multi-channel result delivery UI (11 channels, up from 4), pro scheduler AI/workflow delivery, Graphify ecosystem: remote drivers, WP 7.0 Connectors, wp.org compliance, 3 reasoning-tool fatal bugs fixed, CRM deal import + multi-source auto-import, Upwork/LinkedIn mode toggle, Docs Hub REST + settings sync fixes, http-proxy-middleware CVE, Gemini cache fix, GPT image routing fix, FastAPI porting plan |
| v1.1.33 | Jun 2026 | WP 7.0 Connectors credential integration across all 17 AI clients with source badges, nvoos-graphify v1.0.0 release (Plugin Check compliant), 3 guzzlehttp CVEs + undici override, 29 npm alerts across 14 packages, 2 bug fixes (Pro tool paths, JSON-RPC warning leak), 15 dependabot bumps |
| v1.1.32 | Jun 2026 | Content Format Templates + Featured Image Service (3-provider fallback), Result Delivery Pipeline (8 channels), ECA document generation, duplicate posts fix, 6 provider clients timeout fix, schedule trigger stability, Paper Store delete fix, ECA settings/attachment fix, npm CI & Jest resilience, 14 dependabot bumps + 8 npm audit CVEs |
| v1.1.31 | Jun 2026 | Media Command Center, Pro SPA v2 (rich rendering, assistant scoping, agent selector, v2.0.1), 34 workflow preset tools, npm audit CVEs (12 resolved), Gemini 3.1 flash image default, Media toolkit blueprints & presets, stream_options, agentic-loop cost tracking, Vite CVEs, 1,658 PHPCS lint fixes, CI disk space, data integrity fixes |
| v1.1.30 | Jun 2026 | Chat SPA Phase 8, PM Toolkit A–D, CRM duplicates/hygiene/analytics, DietPi Pro Toolkit, LibreChat Addon, Layer I Guardrails, Context Window Management, WP 7.0 Bridge, Pro Toolkit Optimizations, OAuth disconnect, 30+ fixes |
| v1.1.28 | Jun 2026 | CRM Phase C complete (IMAP, SMS, WhatsApp ingestion), Customer CPT + 360 dashboard, Support Ticket module (10 AI tools + SLA), QKV Attention Routing, Funiq Bridge addon, NVOOS Graphify ecosystem (3 standalone plugins), NV Platform AI addon, automated demo video pipeline, TF-IDF + BM25 relevance search |
| v1.1.27 | Jun 2026 | Real-time SSE streaming for all OpenAI-compatible providers, 35 new OOS core tools migrated, JFB submission tools — 8 fixes, Extended Cognition vision recognition, DeepSeek agentic tool handling, 9 HIGH-severity security findings fixed, 95% PHPUnit failures resolved |
| v1.1.26 | Jun 2026 | Cross-Platform Extraction Engine Phases 0–2, Site-Builder Node-Graph Pipeline, SPA a11y hardening (WCAG 2.1 AA), 108 admin screenshots, docs reorganized into 12 directories |
| v1.1.25 | May 2026 | Unified Blueprint System (55 blueprints across 25 toolkits), Cloudways Pro Toolkit (60 tools), CRM Toolkit Phases A–E (70+ tools), Chat UI 7-feature enhancement, Unix-theory Phase 4–5 |
| v1.1.24 | May 2026 | Chat SPA fixes, Unix Theory P0/P1 refinement, CVE patches (tmp, symfony/cache), Paper Store admin CRUD, folder README convention |
| v1.1.23 | May 2026 | Zed-inspired SPA architecture, Antigravity Interactions API rewrite, TypeScript upgrade, Comic Reader & Media Studio v0.3.0 |
| v1.1.22 | May 2026 | Baseten provider (11th), CoSAI secure-by-design agentic system, Continual Harness P5, SaaS Controller P2/P4, npm VAD/Chat-Bubble/Memory-UI packages |
| v1.1.21 | May 2026 | WP.org compliance complete (50/50 findings), canonical return envelope enforced, semantic compression, AI prompt caching layer |
| v1.1.20 | May 2026 | Memory Layer 2026 Phase 7 — chat memory drawer UI complete |
| v1.1.19 | May 2026 | Kimi provider (10th), ACP Server, MCP Bridge, Unix Theory P7, 9 HIGH security findings fixed, chat bubble sweep |
| v1.1.18 | May 2026 | Unix Theory P0–P6, DigitalOcean Serverless Inference (9th provider), async chat continuation, jobs/tasks drawer, Toolkit MCP Servers Phase 7 |
| v1.1.17 | May 2026 | WP.org compliance (42/50), Chat SPA Phases 1–7, Docs Hub v0.3.8, coverage campaign |
| v1.1.16 | May 2026 | SaaS Controller Addon v0.1.0, structured logging integration, WP.org compliance hardening (B3, B8, B10, B13) |
| v1.1.15 | May 2026 | OpenRouter + DeepSeek providers (7th & 8th), Orchestration Phases 1–7, LLM Harnessing GA, Memory Bridge G-series, Graphify data-source bridge |
| v1.1.14 | May 2026 | Agent Skills v2 (45 skills), Markup Subsystem (Base), MemPalace Capture Framework, Graphify CPT/CCT suite |
| v1.1.13 | May 2026 | OpenAI Images 2.0 (gpt-image-2), durable agent-memory bridge Phase 4a/4b, AI Harmonization toolkit, production Composer autoloader |
| v1.1.12 | Apr 2026 | Architectural Design Toolkit Phases A–E, Graphify Federation/RAG, Tier 4 Browser-AI Runtime (Transformers.js v3.8.1), security patches |
| v1.1.11 | Apr 2026 | WP.org compliance hardening |
| v1.1.10 | Apr 2026 | Security audit summary (0 Critical, 5 High), production vendor autoload, Veo 3.1 fix |
| v1.1.9 | Apr 2026 | Measurement Subsystem GA, PHPUnit 11 upgrade, Graphify v0.5.0 restored, orchestration reference |
| v1.1.8 | Apr 2026 | Erlang C workforce tools, full tool-reference audit, WP.org compliance re-audit, MCP Apps per-assistant remote connections, CRE Debt toolkit (57 tools), 36 Pro professions + 17 teams, A2A protocol, Agent Command Center, floating chat bubble, JetEngine 3.8 MCP Server bridge, Anthropic/Gemini subscription tier support |
🚀 Features
Note: Some features require third-party plugins (WooCommerce, JetEngine, Elementor, etc.). See 🔌 What You Lose Without Third-Party Plugins for details.
Assistant & conversation tools
- 🧠 Create AI Assistants via a custom post type (
mcp_ai_assistant) - 👔 Professional & Team Templates - Deploy assistants from ~190 pre-built profession templates spanning 12 industry categories, or create entire teams of specialists with one click. Includes backend testing for professions, teams, and assistants before public deployment.
- 🚀 Getting Started Wizard - Guided 4-step onboarding (
/wp-admin/admin.php?page=wp-mcp-ai-getting-started) that walks new users through provider setup and use-case selection. Selecting a preset (Content Creator, Customer Support, E-commerce, SEO & Research, Developer Copilot, Media & Creative Studio, Site Administrator, or General Purpose) seeds a fully-configured assistant with tools, system prompt, and tuned temperature — ready to use immediately.【F:includes/admin/class-wp-mcp-ai-onboarding-wizard.php†L1-L53】【F:assets/js/onboarding-wizard.js†L1-L303】 - 🔄 Automatic synchronization to JetEngine Custom Content Types when available (CPT → CCT)
- 💬 Chat interface via
[mcp_ai_chat assistant="ID"] - 🧰 Per-assistant defaults for model, temperature, and system prompt baked into every chat request
- 🔍 Search Media Library knowledge attachments with permission-aware download URLs
- ⚡ Build reusable prompt shortcuts with optional tool targeting and inline descriptions so operators can trigger common tasks with one click.【F:includes/assistants/class-wp-mcp-ai-assistant-cpt.php†L893-L1048】【F:includes/class-wp-mcp-ai-shortcode.php†L430-L693】【F:assets/js/chat.js†L600-L666】
- 🧊 Elementor widgets for embedding chat surfaces, onboarding content, and MCP dashboards inside Elementor
Language routing & knowledge management
- 🔁 Route conversations through OpenAI or Gemini using a provider-aware language model router
- 🎯 Enhanced Gemini API integration: list models dynamically, count tokens for budget management, create embeddings for RAG/semantic search, and streaming support for real-time responses【F:docs/reference/api/gemini/gemini-api-enhancements.md†L1-L100】
- 🧠 Assistant knowledge base management with Media Library files and optional vector store IDs
- 🔎 Perform lightweight web searches (DuckDuckGo or Brave) without leaving the assistant conversation
- 🌐 Crawl4AI job runner tool for large-scale content gathering workflows
Media generation & transcription
- 🔊 Generate speech audio via OpenAI's Text-to-Speech API and save the result to the Media Library
- 🎵 Generate instrumental music using Google Gemini Lyria with controls for genre, mood, tempo, and instrumentation
- 🎨 Generate on-brand imagery with OpenAI's Images API, honouring the configured response format (including GPT-Image-1's
urlresponses) and storing the files as WordPress attachments - 🖼️ Generate images with Cloudflare Workers AI using Stable Diffusion, Flux-2 Dev, Leonardo AI (Lucid Origin, Phoenix 1.0), and other text-to-image models with configurable dimensions and generation parameters
- 🖼️ Vectorize raster images (PNG, JPEG, WebP, GIF) to SVG format using @neplex/vectorizer with configurable quality settings - perfect for logos and icons
- 🎨 Comprehensive graphic editing with Graphic Editor Plus combining local operations (logo overlay, smart resize) and AI-powered features (style transfer, background removal, enhancement)
- 🏗️ Pro: Generate professional architectural drawings (floor plans, elevations, sections) with building codes, dimensions, and material specifications - designed for construction professionals
- 🎧 Transcribe or translate uploaded audio with OpenAI's speech-to-text endpoints
Commerce & finance workflows
- 🛍 WooCommerce-aware tools (fetch orders or products, requires WooCommerce)
- 📊 Finance-ready QuickBooks Online reporting tool for surfacing Profit and Loss, Balance Sheet, and other statements inside assistant conversations【F:includes/tools/class-wp-mcp-ai-tool-get-quickbooks-report.php†L15-L214】【F:includes/admin/class-wp-mcp-ai-admin-settings.php†L906-L955】
- 🖥️ Pro: QuickBooks Desktop sync via QODBC relay API — connect to QuickBooks Desktop through a Windows relay server for data synchronization
- 🛒 Pro: Shopify integration with auto-resolved connections —
connection_idauto-resolved from assistant context, covering products, orders, customers, inventory, and catalog tools - 🚗 Pro: Vehicle estimation tools — VIN decode (NHTSA vPIC), image-to-repair-estimate pipeline, and car wash package pricing engine (always available)
- 📸 Pro: Listing image download tools — bulk-download Google Maps, Facebook, and Instagram business listing images into the Media Library or ZIP
Slash Commands & Workflow Automation ⭐ NEW
- ⚡ 8 Core Commands:
/help,/next-task,/ship,/clean-content,/optimize-perf,/sync-docs,/workflow- Command-line style interface for content management - 🔄 Workflow Orchestrator: Multi-step workflow execution with state management, conditional logic, and human-in-the-loop checkpoints
- 🛠️ 21 Pro Toolkit Commands: Specialized commands for E-commerce (6), Social Media (6), and Video Production (6) toolkits
- 🎯 7 Automated Workflows: Pre-built workflow templates for abandoned cart recovery, social media campaigns, video marketing, inventory management, and more
- 🔐 Security: Capability-based authorization, rate limiting, comprehensive audit logging
- 💡 Integration: JavaScript autocomplete, REST API endpoint, WP-CLI support
- Documentation → | Pro Commands →
Chat Channels & Messaging Integration ⭐ NEW
- 💬 Chat Channels Toolkit (47 Tools): Integrate with 11 platforms - Telegram, WhatsApp, Slack, Discord, Microsoft Teams, Facebook Messenger, Apple Messages for Business, Google Chat/Spaces, Twitter/X, Office 365 (Outlook + OneDrive), iCloud Drive
- 📧 Office 365 Integration ⭐ NEW: Send and retrieve Outlook mail, list/download/upload OneDrive files via Microsoft Graph API (5 tools)
- ☁️ iCloud Drive Integration ⭐ NEW: List, download, and upload iCloud Drive files via a configurable gateway service (3 tools)
- 🌐 Unified Broadcasting: Send messages across multiple platforms simultaneously with
unified_channel_broadcasttool - 🏠 WebChat Rooms: Custom post type for real-time collaborative chat rooms with AI assistant assignment
- 📝 Message Persistence: JetEngine CCT integration for permanent message history
- 🔊 WebRTC Support: Self-hosted WebRTC signaling via WordPress REST API for voice/video
- 🤖 AI-Powered Rooms: Assign dedicated assistants to chat rooms for automated support
- Chat Channels Guide → | WebChat Setup →
Communications & outreach
- ✉️ Mailjet-powered outbound email automation with granular capability enforcement and sender defaults configurable in the MCP settings.【F:includes/tools/class-wp-mcp-ai-tool-send-mailjet-email.php†L19-L405】【F:includes/admin/class-wp-mcp-ai-admin-settings.php†L1008-L1054】
- 📅 Google Workspace automations for creating calendar events and searching connected Gmail inboxes directly from assistant workflows.【F:includes/tools/class-wp-mcp-ai-tool-create-google-calendar-event.php†L1-L200】【F:includes/tools/class-wp-mcp-ai-tool-search-gmail.php†L1-L200】
- 🧾 JetFormBuilder orchestration for listing forms, reviewing submissions, and proxying REST calls on behalf of assistants (requires JetFormBuilder)
- 📚 JetEngine REST route reference tool for surfacing endpoint metadata inside AI workflows
- 🧱 Ready for extension with ChatKit integration
Integrations, security & controls
- 🔧 Tool Registry for registering PHP functions callable by the AI
- ⚙️ JetEngine integration for dynamic content queries (requires JetEngine)
- 🔌 JetEngine 3.8 MCP Server Bridge ⭐ NEW - JSON-RPC 2.0 client bridges NV oOS into JetEngine's native MCP Server with 7 new Pro tools for CPT/taxonomy/meta field creation, relations management, site context grounding, and prompt template access. MCP-first dispatch with REST v2 fallback.
- 🤝 Agent-to-Agent (A2A) Protocol ⭐ NEW - Full A2A protocol making NV oOS assistants discoverable and interoperable with any A2A-compliant agent.
/.well-known/agent.jsondiscovery, JSON-RPC 2.0 server with task state machine, A2A client for remote agent delegation, push notification webhooks. - 📊 Agent Command Center ⭐ NEW - Unified agent management dashboard with 7 tabs: Overview (KPI cards, live status), Activity Log, Active Tasks, Approvals (human-in-the-loop), Analytics (Chart.js with real per-agent metrics), Uptime & Health, and Strategy (efficiency scoring with recommendations).
- 💬 Floating Chat Bubble ⭐ NEW - Configurable floating chat bubble widget for Elementor and Gutenberg. 4 position variants, 3 sizes, bounce/pulse animations, dark mode, WCAG focus states, sessionStorage persistence.
- 🧷 Granular control over allowed attachment MIME types for chat uploads
- 🔐 Secure REST API endpoints
- 🔑 Root Security Key - Optional wp-config.php constant that can be enabled during emergency shutdown to require authentication before re-initializing the plugin. Provides an additional layer of protection against unauthorized reactivation after security incidents.【F:docs/features/security/root-security-key.md†L1-L511】【F:includes/class-wp-mcp-ai-root-security-key.php†L1-L360】
- 🛰 Assistant directory endpoint that advertises MCP tool/resource capabilities and negotiates Server-Sent Events handshakes for clients such as LM Studio or Claude Desktop.【F:includes/class-wp-mcp-ai-rest.php†L520-L666】【F:includes/class-wp-mcp-ai-rest.php†L1690-L1772】
- 📝 Full JSON-RPC 2.0 MCP endpoint (
/mcp) for standards-compliant remote client communication - 🔑 Configurable API credentials and defaults for OpenAI, Gemini, and Anthropic (with subscription tier support for Team/Enterprise plans and custom base URLs)
- 🤖 ChatGPT’s connector beta currently requires an Auth0 tenant; the plugin’s assistant credentials are compatible with LM Studio, Claude, and other MCP clients that support bearer headers directly.【F:docs/reference/api/mcp-server-authentication.md†L22-L46】
- 🌐 Mesh networking for distributed compute pooling across multiple WordPress sites. Server-to-server architecture enables anonymous and authenticated users to benefit from shared AI resources, budget pooling, and workload distribution across 100+ trusted peer sites. Backend assistants coordinate mesh operations via secure inter-site keys while maintaining user attribution and audit trails for compliance.【F:docs/features/federation/mesh-compute-pooling.md†L1-L615】【F:includes/tools/class-wp-mcp-ai-tool-query-remote-site.php†L1-L237】
- 🔗 Federation & Discovery - Decentralized AI capability network allowing WordPress sites to publish their capabilities via well-known endpoints (
/.well-known/ai-peer) and discover peer sites through directory services. Supports peer registration, health verification, search & ranking by capability/region/policy, and automatic cron-based health monitoring. Enable federation to join the network or run your own directory service for private peer discovery.【F:docs/features/federation/federation-discovery.md†L1-L511】【F:FEDERATION-IMPLEMENTATION-SUMMARY.md†L1-L381】 - 🧾 Optional logging of chat interactions, tool executions, and API errors
- 🧮 Built-in per-user usage tracking for provider/model billing summaries
- 🧩 Developer hooks and filters for integrating custom behaviours
- ⏱ Per-site request timeout control with sensible minimum enforcement
- 🗑 Toggleable uninstall cleanup to purge stored assistants and settings automatically
Performance & reliability
- ⚡ Client-side message bundling (800ms window) to reduce API calls and server load【F:docs/user-guides/chat/message-bundling-feature.md†L1-L80】
- 🎯 Intelligent token overflow handling with automatic model switching (gpt-4.1-mini → Gemini 2.0 Flash)【F:docs/features/tools/presets/high-token-tool-handling.md†L1-L80】
- 📡 Server-Sent Events (SSE) support for real-time streaming responses and job notifications【F:docs/features/streaming/ENABLE-SSE-STREAMING.md†L1-L100】
- 🌊 Real-time job status updates via SSE streaming and webhook notifications for async operations【F:docs/features/async-jobs/job-notification-system.md†L1-L100】
- 🔧 Symfony Process Component - Modern process execution framework replacing direct
exec()calls in Pro addon tools for enhanced security, timeout management, and error handling【F:includes/services/class-wp-mcp-ai-process-service.php†L1-L220】【F:docs/history/2025/implementations/symfony-phases/SYMFONY_PHASE2B_PROCESS_INTEGRATION.md†L1-L100】 - 🔄 Server-side WP-Cron polling for long-running tasks (Crawl4AI, background jobs)
- 💾 Chat history persistence with localStorage (24h) and optional JetEngine CCT storage【F:docs/user-guides/chat/chat-history-persistence.md†L1-L50】
- ⚙️ Optimized settings page with external CSS stylesheet (240 lines added to admin-settings.css) and request-level caching for improved admin performance【F:assets/css/admin-settings.css†L1-L984】【F:includes/admin/class-wp-mcp-ai-admin-settings.php†L27-L32】
Settings Management ⭐ NEW
- 🔧 Robust Settings System - 7-step save process with automatic backups, validation, and cache management ensures settings persist correctly across all tabs and subtabs【F:includes/admin/class-wp-mcp-ai-settings-dashboard.php†L262-L410】
- 🔍 Health Check - Run 6 diagnostic checks to verify settings integrity, provider configuration, and system status with GOOD/WARNING/CRITICAL status indicators【F:includes/admin/sections/class-wp-mcp-ai-section-advanced.php†L1500-L1650】
- 💾 Export Settings - Download all plugin settings as timestamped JSON files for backup or migration to other sites【F:docs/admin-guides/settings-management.md†L40-L80】
- 📤 Import Settings - Upload and validate settings from previously exported backups with automatic pre-import backup and 5-step validation【F:docs/admin-guides/settings-management.md†L85-L135】
- 🗑️ Clear Cache - One-click clearing of static cache, object cache, and transients when settings changes don't take effect【F:docs/admin-guides/settings-management.md†L140-L165】
- ↩️ Reset to Defaults - Safely reset all settings to default values with automatic backup before reset【F:docs/admin-guides/settings-management.md†L170-L200】
- 🔒 Security - File size validation (max 5MB), MIME type checking, JSON validation, and comprehensive input sanitization【F:includes/admin/class-wp-mcp-ai-settings-dashboard.php†L970-L1030】
- 📊 Automatic Backups - Every save operation creates a timestamped backup (keeps last 5) for emergency recovery【F:includes/admin/class-wp-mcp-ai-settings-dashboard.php†L285-L295】
- 🛡️ Data Protection - 3-layer protection (section filtering, merge strategy, sensitive key filtering) prevents accidental data loss when saving from tabs/subtabs【F:docs/admin-guides/settings-management.md†L230-L280】
- 📖 Pro Toolkits - Enable and configure 8 specialized Pro toolkits (650+ tools) including Project Management, Document Generation, Health & Wellness, CRE Debt & Securitization, and more【F:docs/admin-guides/pro-settings-toolkits.md†L1-L650】
➡️ Complete Documentation: Settings Management Guide | Quick Reference | Visual UI Guide | Pro Toolkits Guide
🧠 Memory & Tool Stack Overview
Model defaults
Global settings capture the default provider, model, and timeout used when assistants are created, ensuring every conversation inherits stable generation behaviour until explicitly overridden. These defaults ship with sensible values for OpenAI and Gemini out of the box and can be tailored from the NV oOS settings screen.【F:includes/admin/class-wp-mcp-ai-admin-settings.php†L36-L77】
Base knowledge
Each assistant can preload Media Library files and optionally link to an external vector store, giving the model persistent project context before a chat begins. Editors manage these knowledge sources from the assistant post type via the “Base Knowledge” meta box, which supports multiple attachments and vector store identifiers.【F:includes/assistants/class-wp-mcp-ai-assistant-cpt.php†L892-L1002】
Available tools
The tool registry boots with a curated catalogue of content, commerce, automation, and research utilities, then exposes hooks so developers can register their own providers. During initialisation the registry loads each bundled tool class—ranging from JetEngine accessors to Crawl4AI jobs and Mailjet automations—and makes them callable within conversations.【F:includes/class-wp-mcp-ai-tool-registry.php†L74-L220】
Chat-client Memory Drawer
The chat front-end exposes a persistent Memory Drawer (assets/js/chat-memory-drawer.js) with three tabs:
- Memories — browse, pin, and delete stored context items; 🧠 badge auto-appears on any assistant message that used a memory tool.
- Scope — set the active wing/room scope for subsequent memory operations in the current session.
- Audit — lazy-loaded audit trail from
WP_MCP_AI_REST_Chat_Memory_Controller::audit().
The drawer is wired to the REST proxy at /mcp-ai/v1/chat-memory/ and receives real-time updates via the memory_event SSE frame emitted by the agentic loop. Pagehide auto-capture stores the session state before tab close. Two gates control access: site-wide filter wp_mcp_ai_chat_memory_enabled and per-user meta wp_mcp_ai_chat_memory_enabled. Full reference: docs/features/memory/chat-client-integration.md.
Retroactive Transcript Mining
WP_MCP_AI_Transcript_Mining_Job retrospectively extracts memories from past chat transcripts. Enqueue a job via POST /mcp-ai/v1/transcript-mining/jobs (admin-only), poll progress with GET /jobs/{id}, or cancel with POST /jobs/{id}/cancel. Full reference: docs/features/memory/transcript-mining.md.
LLM Harnessing Subsystem
Seven opt-in per-request layers (includes/harness/) improve response quality without changing existing tool behaviour. Activated per-assistant via the LLM Harness metabox. Layers: A Prompt/Cue → B Reasoning Trace → C Tool Routing → D Retrieval → E Self-Refine → F Memory Scoping + PII Filter → G Eval Scheduler. Pro Layer H exports fine-tune curricula as OpenAI JSONL. Full reference: docs/features/llm-harness.md.
Workflow families & tool combos
The core plugin ships with a centrally registered tool catalogue that lets assistants mix and match capabilities into cohesive workflows without additional coding. Teams can chain authoring, media, research, commerce, marketing, and operational tools to deliver end-to-end outcomes inside a single conversation.
- Content & knowledge production – Combine
submit_document_prompt,search_content, andsearch_attachmentsto gather source material, then follow up withsave_post,create_wpcode_snippet, orget_rankmath_seofor structured drafting and optimisation. - Media generation & transcription – Pair
generate_openai_image,generate_gemini_image,vectorize_image, orgraphic_editor_pluswithgenerate_openai_speechandtranscribe_openai_audioto build multimedia assets that flow into editorial or marketing outputs. Usevectorize_imageto convert logos to scalable vectors, andgraphic_editor_plusfor comprehensive image editing with both local and AI-powered operations. - Research & situational awareness – Chain discovery helpers like
web_search,run_crawl4ai_job,reliefweb_reports,get_gdacs_events, andget_nhc_active_stormsto assemble briefing packs before drafting follow-up actions. - Commerce & finance operations – Use WooCommerce and finance tools such as
create_woo_product,get_woo_products,get_woo_recent_orders,crawl4ai_price_lookup,get_import_duty, andquickbooks_reportto coordinate merchandising, pricing, and bookkeeping reviews. - Marketing & analytics insights – Combine measurement tools including
google_analytics_report,get_google_business_insights,get_facebook_instagram_insights,get_linkedin_insights, andget_tiktok_insightsto guide campaigns and reporting. - Publishing & outreach automations – Trigger distribution via
post_facebook_instagram,post_google_business_update,post_linkedin_update,post_tiktok_video,send_group_email,send_mailjet_email,send_telegram_message,send_whatsapp_message, andschedule_notify_smsonce plans are ready. - Integrations & scheduling – Connect external systems with
create_google_calendar_event,search_gmail,list_jetengine_rest_routes,invoke_jetengine_route, andrun_openai_external_actionas part of larger automations. - Operations & diagnostics – Close the loop with
create_cron_job,list_cron_jobs,get_cron_job,delete_cron_job,check_wp_cli,purge_cache,purge_cloudflare_cache,purge_varnish_cache,get_site_summary,get_site_health,get_system_logs,get_update_status, and OpenAI usage/log review helpers for monitoring and maintenance. - Automation & scheduling workflows – Agents can autonomously schedule background tasks with
create_cron_job, monitor scheduled operations vialist_cron_jobsandget_cron_job, and clean up outdated automations withdelete_cron_job. Combine with cache management tools (purge_cache,purge_cloudflare_cache,purge_varnish_cache) to orchestrate content publishing workflows where agents schedule posts, then automatically invalidate caches at publication time.
🛠 Built-in tools & automations
The assistant registry ships with a comprehensive catalogue of editorial, marketing, commerce, and operational helpers. The tables below outline every bundled tool and the slug assistants call when orchestrating workflows.
Content & knowledge workflows
| Tool | Slug | Summary |
|---|---|---|
| Submit Document Prompt | submit_document_prompt |
Uploads WordPress attachments or OpenAI file IDs alongside an instruction so multimodal prompts reach the Responses API with the required file context.【F:includes/tools/class-wp-mcp-ai-tool-submit-document-prompt.php†L20-L214】 |
| Search Content | search_content |
Queries public post types with optional taxonomy and meta filters to surface structured post metadata for the assistant.【F:includes/tools/class-wp-mcp-ai-tool-search-content.php†L12-L280】 |
| Search Attachments | search_attachments |
Scans the Media Library with keyword or MIME filters while honouring attachment capability checks and signed download URLs.【F:includes/tools/class-wp-mcp-ai-tool-search-attachments.php†L15-L207】 |
| Get Recent Posts | get_recent_posts |
Returns the latest entries for a given post type with titles, permalinks, excerpts, and timestamps for quick editorial summaries.【F:includes/tools/class-wp-mcp-ai-tool-get-recent-posts.php†L12-L104】 |
| Get Elementor Templates | get_elementor_templates |
Lists Elementor library templates with status, type, and edit links when Elementor is available and the caller has access.【F:includes/tools/class-wp-mcp-ai-tool-get-elementor-templates.php†L12-L239】 |
| Get JetEngine Items | get_jetengine_items |
Retrieves JetEngine-managed content with capability-aware access checks for each registered custom post type.【F:includes/tools/class-wp-mcp-ai-tool-get-jetengine-items.php†L12-L118】 |
| Get JetFormBuilder Forms | get_jetformbuilder_forms |
Proxies JetFormBuilder REST controllers to return paginated form metadata with automatic REST/HTTP fallbacks.【F:includes/tools/class-wp-mcp-ai-tool-get-jetformbuilder-forms.php†L15-L155】 |
| Get JetFormBuilder Submissions | get_jetformbuilder_submissions |
Lists recent JetFormBuilder entries with normalised field snapshots and capability enforcement.【F:includes/tools/class-wp-mcp-ai-tool-get-jetformbuilder-submissions.php†L15-L154】 |
| Save Post | save_post |
Drafts or updates posts and custom post types with sanitised Gutenberg content, slug/title overrides, and edit links.【F:includes/tools/class-wp-mcp-ai-tool-save-post.php†L15-L268】 |
| Create WPCode Snippet 🌟 | create_wpcode_snippet |
Provisions or updates WPCode-managed snippets, validating code types, insert locations, and activation status. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-create-wpcode-snippet.php†L15-L224】 |
| Get Rank Math SEO Overview | get_rankmath_seo |
Surfaces Rank Math SEO scores, focus keywords, robots metadata, and schema details for a specific post when the plugin is active.【F:includes/tools/class-wp-mcp-ai-tool-get-rankmath-seo.php†L15-L220】 |
| Get User Information | get_user_info |
Inspects the acting user or a supplied account while respecting multisite membership and capability requirements.【F:includes/tools/class-wp-mcp-ai-tool-get-user-info.php†L12-L89】 |
Media generation & transcription
| Tool | Slug | Summary |
|---|---|---|
| Generate OpenAI Image | generate_openai_image |
Calls the OpenAI Images API with configurable defaults, saving the rendered asset to the Media Library with optional overrides.【F:includes/tools/class-wp-mcp-ai-tool-generate-openai-image.php†L17-L218】 |
| Generate Gemini Image | generate_gemini_image |
Uses Gemini’s multimodal image endpoint to render creative, aspect-ratio-aware visuals that are persisted as WordPress attachments.【F:includes/tools/class-wp-mcp-ai-tool-generate-gemini-image.php†L17-L200】 |
| Generate Cloudflare AI Image | cloudflareai_text_to_image |
Creates images using Cloudflare Workers AI text-to-image models including Stable Diffusion XL, Flux-2 Dev, Leonardo AI (Lucid Origin, Phoenix 1.0), and Dreamshaper with configurable dimensions, steps, and guidance parameters. |
| Vectorize Image | vectorize_image |
Converts raster images (PNG, JPEG, WebP, GIF) to SVG vector format with configurable quality settings using @neplex/vectorizer. Perfect for logos, icons, and graphics. Requires Node.js 14+.【F:includes/tools/class-wp-mcp-ai-tool-vectorize-image.php†L1-L430】 |
| Graphic Editor Plus | graphic_editor_plus |
Comprehensive image editing with local operations (logo overlay, resize) and AI-powered features (style transfer, background removal, enhancement). Combines speed with intelligent transformations.【F:includes/tools/class-wp-mcp-ai-tool-graphic-editor-plus.php†L1-L784】 |
| Generate Architectural Drawing 🌟 | generate_architectural_drawing |
[PRO] Creates professional architectural drawings (floor plans, elevations, sections, details) for construction projects. Supports 10 drawing types, 6 presentation styles (technical, sketched, rendered), dimensional specifications, building codes (IBC, IRC, NBC, Eurocode), and material lists. Outputs PNG or SVG with automatic vectorization. Perfect for architects, engineers, and construction professionals.【F:addons/pro/includes/tools/class-wp-mcp-ai-tool-generate-architectural-drawing.php†L1-L1136】 |
| Generate OpenAI Speech | generate_openai_speech |
Converts text to audio via OpenAI’s text-to-speech models, honouring default voice/format selections and storing results in the Media Library.【F:includes/tools/class-wp-mcp-ai-tool-generate-openai-speech.php†L17-L199】 |
| Generate Music | generate_music |
Creates instrumental music from text descriptions using Google Gemini Lyria model with controls for genre, mood, duration, and tempo. |
| Transcribe OpenAI Audio | transcribe_openai_audio |
Sends uploaded audio to OpenAI’s transcription/translation endpoints and returns structured transcripts with language and duration metadata.【F:includes/tools/class-wp-mcp-ai-tool-transcribe-openai-audio.php†L17-L195】 |
Research & situational awareness
| Tool | Slug | Summary |
|---|---|---|
| Web Search | web_search |
Performs lightweight lookups against DuckDuckGo or Brave, normalising related topics and enforcing per-user result caps.【F:includes/tools/class-wp-mcp-ai-tool-web-search.php†L12-L320】 |
| Run Crawl4AI Job | run_crawl4ai_job |
Executes Crawl4AI harvests locally or remotely, collecting Markdown, HTML, and error payloads for long-form content ingestion workflows.【F:includes/tools/class-wp-mcp-ai-tool-run-crawl4ai-job.php†L32-L745】 |
| ReliefWeb Reports | reliefweb_reports |
Queries ReliefWeb’s humanitarian dataset by country or disaster type and returns structured report metadata for situational updates.【F:includes/tools/class-wp-mcp-ai-tool-reliefweb-reports.php†L15-L234】 |
| Get GDACS Events | get_gdacs_events |
Fetches Global Disaster Alert and Coordination System events with optional date filters and capability checks for emergency planning.【F:includes/tools/class-wp-mcp-ai-tool-get-gdacs-events.php†L12-L200】 |
| Get NHC Active Storms | get_nhc_active_storms |
Retrieves the National Hurricane Center’s active storm feed, sanitising advisory data for assistant consumption.【F:includes/tools/class-wp-mcp-ai-tool-get-nhc-active-storms.php†L15-L146】 |
| Get Open-Meteo Forecast | get_open_meteo_forecast |
Pulls hourly weather data from Open-Meteo with coordinate, timezone, and variable controls for itinerary-aware responses.【F:includes/tools/class-wp-mcp-ai-tool-get-open-meteo-forecast.php†L15-L309】 |
| Vision Product Search | vision_product_search |
Searches for similar products using Google Cloud Vision API Product Search feature. Note: Requires proper Google Cloud authentication credentials to succeed.【F:includes/tools/class-wp-mcp-ai-tool-vision-product-search.php†L1-L200】 |
| Vision Object Localization | vision_object_localization |
Detects and localizes multiple objects in images using Google Cloud Vision API. Note: Requires proper Google Cloud authentication credentials to succeed.【F:includes/tools/class-wp-mcp-ai-tool-vision-object-localization.php†L1-L200】 |
Commerce & finance operations
| Tool | Slug | Summary |
|---|---|---|
| Create WooCommerce Product Draft | create_woo_product |
Builds draft WooCommerce products with merchandising copy, pricing, images, and brand metadata when WooCommerce is active.【F:includes/tools/class-wp-mcp-ai-tool-create-woo-product.php†L15-L258】 |
| Get WooCommerce Products | get_woo_products |
Surfaces catalogue listings with pricing, stock status, and optional SKU/status filters for merchandiser reviews.【F:includes/tools/class-wp-mcp-ai-tool-get-woo-products.php†L12-L140】 |
| Get Woo Recent Orders | get_woo_recent_orders |
Summarises recent WooCommerce orders with totals, billing details, and ISO timestamps for fulfilment teams.【F:includes/tools/class-wp-mcp-ai-tool-get-woo-recent-orders.php†L12-L117】 |
| Wholesale Club Price Lookup | crawl4ai_price_lookup |
Uses Crawl4AI’s web search endpoint to compare BJ’s, Sam’s Club, and Costco pricing for a given product query.【F:includes/tools/class-wp-mcp-ai-tool-crawl4ai-price-lookup.php†L17-L189】 |
| Lookup Import Duty 🌟 | get_import_duty |
Queries the ITA Tariff Rates API for HS codes or descriptions to surface import duty rates for supported countries. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-get-import-duty.php†L15-L152】 |
| QuickBooks Online Report 🌟 | quickbooks_report |
Requests Profit & Loss, Balance Sheet, or custom QuickBooks Online reports with optional date ranges and accounting methods. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-get-quickbooks-report.php†L15-L214】 |
Marketing & analytics insights
| Tool | Slug | Summary |
|---|---|---|
| Google Analytics Report 🌟 | google_analytics_report |
Runs GA4 Analytics Data API queries with metrics, dimensions, date ranges, and aggregation controls to monitor site performance. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-get-google-analytics-report.php†L15-L158】 |
| Google Business Insights | get_google_business_insights |
Fetches Google Business Profile metrics for a location using OAuth tokens, time ranges, and timezone hints. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-get-google-business-insights.php†L15-L149】 |
| Meta Social Insights | get_facebook_instagram_insights |
Pulls Facebook Page or Instagram business metrics via the Graph API with selectable periods and metric sets. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-get-facebook-instagram-insights.php†L15-L146】 |
| LinkedIn Insights | get_linkedin_insights |
Queries LinkedIn organizational share statistics with optional timeframe and granularity filters. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-get-linkedin-insights.php†L15-L138】 |
| TikTok Insights | get_tiktok_insights |
Calls the TikTok Open API to return account performance metrics across configurable windows and granularities. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-get-tiktok-insights.php†L15-L136】 |
| Get Cross-Platform Analytics 🌟 | get_cross_platform_analytics |
[NEW Jan 2026] Unified social media metrics dashboard aggregating data from Facebook, Instagram, Twitter, LinkedIn, and YouTube. Provides engagement rates, follower growth, post performance, and comparative analytics across all platforms. Built-in 12-hour caching. Pro addon tool (623 lines). |
| Track Hashtag Performance 🌟 | track_hashtag_performance |
[NEW Jan 2026] Comprehensive hashtag analysis tracking reach, engagement, impressions, and trend data across Facebook, Instagram, Twitter, LinkedIn, and YouTube. Identifies top-performing hashtags and provides optimization recommendations. Pro addon tool (586 lines). |
| Competitor Analysis 🌟 | analyze_competitor_social |
[NEW Jan 2026] Track competitor social media metrics and benchmark performance against your profiles. Monitors follower growth, engagement rates, posting frequency, and content strategies across all major platforms. Pro addon tool (711 lines). |
| Influencer Identification 🌟 | identify_influencers |
[NEW Jan 2026] Discover brand influencers and potential collaboration partners based on reach, engagement criteria, audience demographics, and content relevance. Searches across Facebook, Instagram, Twitter, LinkedIn, and YouTube. Pro addon tool (759 lines). |
Publishing & outreach
| Tool | Slug | Summary |
|---|---|---|
| Publish Meta Social Post 🌟 | post_facebook_instagram |
Publishes Facebook Page or Instagram business posts through the Meta Graph API with message, caption, and media controls. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-post-facebook-instagram.php†L15-L170】 |
| Publish Google Business Update 🌟 | post_google_business_update |
Creates Google Business Profile local posts with summaries, language codes, and optional call-to-action links. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-post-google-business-update.php†L15-L168】 |
| Publish LinkedIn Update 🌟 | post_linkedin_update |
Sends LinkedIn UGC posts for members or organisations with optional share URLs via the LinkedIn Marketing API. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-post-linkedin-update.php†L15-L160】 |
| Publish TikTok Video 🌟 | post_tiktok_video |
Submits hosted video assets to TikTok’s Open API share endpoint with optional captions. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-post-tiktok-video.php†L15-L152】 |
| Send Group Email | send_group_email |
Orchestrates structured or free-form email campaigns with capability-based audience limits and logging hooks. Full documentation.【F:includes/tools/class-wp-mcp-ai-tool-send-group-email.php†L16-L650】 |
| Send Mailjet Email 🌟 | send_mailjet_email |
Delivers transactional and marketing emails through Mailjet with sender defaults, CC/BCC routing, and response metadata. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-send-mailjet-email.php†L19-L405】 |
| Send Telegram Message 🌟 | send_telegram_message |
Posts formatted updates to Telegram chats or channels with capability filters and audit logging. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-send-telegram-message.php†L16-L232】 |
| Send WhatsApp Message 🌟 | send_whatsapp_message |
Sends WhatsApp Cloud API text messages with preview controls using phone-number specific access tokens. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-send-whatsapp-message.php†L15-L178】 |
| Schedule Notify.lk SMS 🌟 | schedule_notify_sms |
Queues Notify.lk SMS messages for future delivery using the official SDK and site cron orchestration. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-schedule-notify-sms.php†L15-L180】 |
Integrations & scheduling
| Tool | Slug | Summary |
|---|---|---|
| Create Google Calendar Event | create_google_calendar_event |
Builds calendar events with attendees, reminders, and timeout overrides using OAuth tokens or service accounts.【F:includes/tools/class-wp-mcp-ai-tool-create-google-calendar-event.php†L17-L378】 |
| Search Gmail Messages | search_gmail |
Performs delegated Gmail queries with optional label filters and pagination, returning normalised message metadata. Pro addon tool.【F:addons/pro/includes/src/Tools/class-wp-mcp-ai-pro-tool-search-gmail.php†L1-L200】 |
| List JetEngine REST Routes | list_jetengine_rest_routes |
Enumerates JetEngine REST endpoints with method, callback, and capability metadata for developers.【F:includes/tools/class-wp-mcp-ai-tool-list-jetengine-routes.php†L12-L151】 |
| Invoke JetEngine REST Route | invoke_jetengine_route |
Proxies JetEngine CRUD operations using the authenticated user context with REST/HTTP fallbacks.【F:includes/tools/class-wp-mcp-ai-tool-invoke-jetengine-route.php†L12-L133】 |
| Run OpenAI External Action | run_openai_external_action |
Triggers OpenAI Responses API workflows or assistants with payload sanitisation, timeout overrides, and structured errors.【F:includes/tools/class-wp-mcp-ai-tool-run-openai-external-action.php†L17-L211】 |
Operations & diagnostics
| Tool | Slug | Summary |
|---|---|---|
| Cron Management Suite | AI agents can autonomously schedule, monitor, and manage WordPress background tasks | |
| Create Cron Job | create_cron_job |
Schedules one-off or recurring WP-Cron events with duplicate detection and sanitised hooks/arguments. Agents can automate periodic maintenance, content publishing, or custom workflows by scheduling actions to run at specific times or intervals.【F:includes/tools/class-wp-mcp-ai-tool-create-cron-job.php†L16-L168】 |
| List Cron Jobs | list_cron_jobs |
Lists all scheduled WordPress cron jobs with details about schedule, next run time, and creator. Enables agents to provide visibility into scheduled automation tasks and audit what background processes are running.【F:includes/tools/class-wp-mcp-ai-tool-list-cron-jobs.php†L17-L141】 |
| Get Cron Job | get_cron_job |
Retrieves detailed information about a specific WordPress cron job by its job ID, including schedule interval details and execution metadata. Allows agents to inspect individual scheduled tasks for troubleshooting or reporting.【F:includes/tools/class-wp-mcp-ai-tool-get-cron-job.php†L17-L145】 |
| Delete Cron Job | delete_cron_job |
Deletes a scheduled WordPress cron job and removes it from both the plugin tracking and WP-Cron. Enables agents to cancel outdated or unnecessary automation tasks on behalf of operators.【F:includes/tools/class-wp-mcp-ai-tool-delete-cron-job.php†L17-L90】 |
| Cache Management | AI agents can coordinate multi-layer cache invalidation | |
| Purge Cache | purge_cache |
Master cache purge tool that coordinates multi-layer cache clearing (Cloudflare, Varnish, etc.) in the correct order. Agents can ensure content updates are properly reflected across all caching layers.【F:includes/tools/class-wp-mcp-ai-tool-purge-cache.php†L17-L150】 |
| Purge Cloudflare Cache | purge_cloudflare_cache |
Sends targeted or full-zone invalidations to Cloudflare with configurable timeouts and admin-only access controls.【F:includes/tools/class-wp-mcp-ai-tool-purge-cloudflare-cache.php†L17-L292】 |
| Purge Varnish Cache | purge_varnish_cache |
Purges the local Varnish cache with support for full-cache bans and specific URL purges. Agents can clear server-side caching to ensure immediate content updates.【F:includes/tools/class-wp-mcp-ai-tool-purge-varnish-cache.php†L17-L150】 |
| System Monitoring & Diagnostics | ||
| Check Site Security | check_site_security |
Checks if the WordPress site has security vulnerabilities that make it unsafe to use this AI plugin. Scans for common security issues and provides remediation guidance for administrators.【F:includes/tools/class-wp-mcp-ai-tool-check-site-security.php†L1-L200】 |
| Check WP-CLI Status | check_wp_cli |
Scans for the WordPress CLI binary, returning detected paths, version output, and environment warnings.【F:includes/tools/class-wp-mcp-ai-tool-check-wp-cli.php†L17-L309】 |
| Count Tokens | count_tokens |
Estimates token counts for text and messages using heuristic estimation (approximately 4 characters per token) for planning and budgeting purposes. Helps with capacity planning before sending requests to AI providers.【F:includes/tools/class-wp-mcp-ai-tool-count-tokens.php†L1-L200】 |
| Get Site Summary | get_site_summary |
Provides high-level site metadata, content counts, and admin contact details for context-aware assistants.【F:includes/tools/class-wp-mcp-ai-tool-get-site-summary.php†L12-L66】 |
| Get MCP Environment Status | get_environment_status |
Summarises WordPress versions, MCP defaults, assistant counts, and dependency warnings for incident response.【F:includes/tools/class-wp-mcp-ai-tool-get-environment-status.php†L12-L178】 |
| Get Site Health Status | get_site_health |
Runs WordPress Site Health diagnostics and returns grouped pass/warn/fail tests with remediation guidance.【F:includes/tools/class-wp-mcp-ai-tool-get-site-health.php†L12-L255】 |
| Get System Logs | get_system_logs |
Aggregates NV oOS logs, WordPress/PHP error logs, and plugin log files to aid in debugging workflows.【F:includes/tools/class-wp-mcp-ai-tool-get-system-logs.php†L12-L352】 |
| Get Update Status | get_update_status |
Reports pending core, plugin, and theme updates with version and download metadata for maintenance planning.【F:includes/tools/class-wp-mcp-ai-tool-get-update-status.php†L12-L182】 |
| Testing & Validation | ||
| Probe Assistant Chat | probe_chat |
Issues a chat probe against a published assistant to confirm sanitisation, configuration, and REST handling without consuming model tokens.【F:includes/tools/class-wp-mcp-ai-tool-probe-chat.php†L12-L178】 |
| Probe Remote MCP REST | probe_remote_mcp |
Reuses the remote connectivity tester to exercise /assistants and /chat on another site with optional bearer, guest, or nonce credentials.【F:includes/tools/class-wp-mcp-ai-tool-probe-remote-mcp.php†L12-L164】 |
| Mesh Networking | Distributed compute pooling across WordPress sites | |
| Query Remote Site | query_remote_site |
Executes chat requests on peer WordPress sites in a mesh network. Requires manage_options capability and mesh networking to be enabled. Coordinates server-to-server compute pooling with secure inter-site key authentication, enabling distributed AI workloads across trusted peers while maintaining user attribution and audit trails. Backend assistants use this tool to fan out work across the mesh on behalf of anonymous or authenticated users.【F:includes/tools/class-wp-mcp-ai-tool-query-remote-site.php†L1-L237】【F:docs/features/federation/mesh-compute-pooling.md†L1-L615】 |
| Query Mesh (Intelligent Routing) | query_mesh_intelligent |
Send a prompt to the mesh network with AI-powered peer selection and automatic failover. The system intelligently routes requests to the optimal peer site based on current load, response times, and task complexity. Provides resilient distributed compute with automatic retry logic.【F:includes/tools/class-wp-mcp-ai-tool-query-mesh-intelligent.php†L1-L300】 |
| Provider Dashboards | ||
| Open OpenAI Logs | open_openai_logs |
Returns dashboard shortcuts for reviewing OpenAI request logs in the provider console.【F:includes/tools/class-wp-mcp-ai-tool-open-openai-logs.php†L12-L66】 |
| Open OpenAI Usage | open_openai_usage |
Provides direct links to OpenAI usage dashboards so admins can audit consumption quickly.【F:includes/tools/class-wp-mcp-ai-tool-open-openai-usage.php†L12-L66】 |
| Authentication | ||
| Generate Simple JWT Token | generate_simple_jwt_token |
Generates a Simple JWT Login bearer token for the current user, enabling authenticated API access across sessions. Agents can help users obtain authentication tokens for headless WordPress integrations.【F:includes/tools/class-wp-mcp-ai-tool-generate-simple-jwt-token.php†L15-L120】 |
What the Cron Manager means to AI agents
The Cron Management Suite transforms AI assistants from reactive responders into proactive automation orchestrators. By providing full control over WordPress's background task scheduler, agents can:
Autonomous Task Scheduling
- Schedule content publishing workflows to go live at optimal times without human intervention
- Automate recurring maintenance tasks like cache clearing, database optimization, or backup operations
- Coordinate multi-step operations that span hours or days by chaining scheduled hooks
Intelligent Monitoring & Self-Management
- List and inspect all scheduled tasks to understand what automation is currently active
- Audit who created each task and when it's scheduled to run next
- Identify and remove outdated or redundant scheduled tasks to maintain system health
Real-World Agent Workflows
- Content Calendar Automation - An agent helping with content strategy can schedule posts to publish at researched optimal engagement times, set up recurring social media cross-posts, and schedule follow-up email campaigns.
- Site Maintenance Orchestration - When troubleshooting performance issues, agents can schedule off-peak cache purges, coordinate database cleanup tasks, and set up recurring health check notifications.
- Business Process Automation - Agents can schedule recurring report generation, periodic data syncs with external systems, and automated backup verification checks.
Technical Implementation
The cron manager tracks all scheduled tasks in wp_mcp_ai_cron_jobs option with full audit trails including:
- Job ID for unique identification
- Hook name and sanitized arguments
- Schedule type (single-run or recurring interval)
- Creation timestamp and user attribution
- Next execution time for monitoring
Jobs are automatically pruned when they complete (single-run) or are manually removed (recurring), keeping the tracking database clean. All cron operations require manage_options capability, ensuring only authorized users can delegate automation authority to agents.【F:includes/class-wp-mcp-ai-cron-manager.php†L12-L280】
Each tool inherits the assistant context and authenticated user from the REST layer, making it easy to layer custom permissions or extend behaviour via the documented filters and actions.【F:includes/class-wp-mcp-ai-rest.php†L236-L360】【F:includes/class-wp-mcp-ai-rest.php†L1124-L1198】
Need per-tool prerequisites or capability callouts? Consult docs/reference/tools/tool-reference.md for a detailed matrix of every bundled integration.
Tool Status Labels
The Tools Manager page displays status labels beside tool names to indicate their development stage and stability:
| Status | Display Label | Description | Auto-Disable |
|---|---|---|---|
| stable | STA | Production-ready, fully tested tools safe for all environments | No |
| beta | BET | Testing phase, mostly stable but may have minor issues | No |
| dev | DEV | In active development, may have bugs or incomplete features | No |
| experimental | EXP | New features that may change significantly | No |
| bug | BUG | Known issues exist, use with caution | Yes |
| deprecated | DEP | Will be removed in future versions | No |
Status labels are displayed as 3-letter abbreviations (e.g., "STA" for stable, "BET" for beta) to keep the UI compact.
Important: Tools marked with the bug status are automatically disabled when the plugin loads. This prevents problematic tools from being used until issues are resolved. Administrators can manually re-enable them from the Tools Manager if needed for testing.
Status labels are managed via the tool-status.txt file in the repository. To assign a status label to a tool:
- Open
docs/tool-status.txtin a text editor - Add a line in the format:
tool_slug = status_label - Save the file - changes appear immediately in the Tools Manager
Example:
create_post = stable
web_search = beta
generate_openai_image_validated = experimental
problematic_tool = bug
This file-based approach allows quick status updates without code changes, making it easy for maintainers to reflect tool maturity as development progresses. The automatic disabling of buggy tools provides an additional safety layer to prevent issues in production environments.
🗨️ Front-end chat surfaces
NV oOS ships multiple ways to embed assistants on the front end:
- Classic chat shortcode –
[mcp_ai_chat]renders the bundled interface with attachment uploads, tool invocation feedback, and optional guest access viaallow_guests="true". When guest mode is enabled, the shortcode provisions a temporary token and injects it into the JavaScript bootstrap so visitors without WordPress accounts can continue chatting while still respecting capability checks and attachment safety limits.【F:includes/class-wp-mcp-ai-shortcode.php†L132-L258】【F:includes/class-wp-mcp-ai-shortcode.php†L188-L226】 - Floating chat bubble ⭐ NEW – A configurable floating button that sits at a screen corner and opens a chat panel powered by the
[mcp_ai_chat]shortcode. Available as both an Elementor widget and a Gutenberg block. Supports 4 position variants, 3 sizes, auto-open delay, session persistence, dark mode, and WCAG keyboard navigation.【F:includes/elementor/class-wp-mcp-ai-elementor-chat-bubble-widget.php†L1-L200】【F:includes/blocks/chat-bubble/block.json†L1-L50】 - Elementor widgets – Drop the chat UI anywhere Elementor is active, pair it with intro/FAQ blocks, and surface dashboard telemetry without custom code. The chat widget mirrors the shortcode controls (including
allow_guests), and companion widgets expose onboarding content, usage timers, provider quick links, and activity feeds for operational views.【F:includes/elementor/class-wp-mcp-ai-elementor-widget.php†L79-L138】【F:includes/class-wp-mcp-ai-elementor-integration.php†L48-L98】【F:includes/elementor/class-wp-mcp-ai-elementor-chat-intro-widget.php†L47-L140】【F:includes/elementor/class-wp-mcp-ai-elementor-chat-usage-timer-widget.php†L48-L226】【F:includes/elementor/class-wp-mcp-ai-elementor-dashboard-activity-feed-widget.php†L48-L167】
Guest tokens are honoured by the REST endpoints through the X-WP-MCP-AI-Guest header or guest_token parameter, allowing the chat shortcode and Elementor widget to make authenticated requests on behalf of public visitors without exposing persistent credentials.【F:includes/class-wp-mcp-ai-rest.php†L289-L307】【F:includes/class-wp-mcp-ai-rest.php†L2088-L2104】
Chat History Persistence
The chat interface automatically persists conversation history to the browser's localStorage, preventing data loss when users navigate away or refresh the page. Conversations are:
- Automatically saved after each user message and assistant response
- Automatically restored when returning to the chat page (within 24 hours)
- Stored per assistant so different assistant conversations remain separate
- Server-side storage available with JetEngine - See note below about optional JetEngine integration
Server-Side Chat Transcript Storage (Requires JetEngine)
⚠️ Third-Party Plugin Required: JetEngine (not included with NV oOS)
Without JetEngine, chat conversations are only stored in browser localStorage (client-side, 24-hour retention). To enable permanent server-side chat transcript archiving:
- Install and activate the JetEngine plugin (third-party, paid plugin from Crocoblock)
- Enable the Custom Content Types module in JetEngine settings
- NV oOS will automatically provision the
ai_chat_transcriptsCCT for permanent storage
What you get with JetEngine:
- ✅ Permanent server-side chat transcript storage
- ✅ Cross-device conversation access
- ✅ Admin visibility into chat history
- ✅ Database-backed chat logs for compliance/auditing
Without JetEngine:
- ⚠️ Chat history only stored in browser localStorage
- ⚠️ Limited to 24-hour retention
- ⚠️ No cross-device synchronization
- ⚠️ Lost if browser data is cleared
See docs/user-guides/chat/chat-history-persistence.md for complete details on the persistence mechanism, data structure, and troubleshooting.
📦 Installation
ℹ️ Plugin Directory Status
This plugin is currently pending approval in the WordPress Plugin Directory. We are committed to maintaining high quality and security standards throughout the review process. You can install the plugin manually from our GitHub repository or wait for the official WordPress Plugin Directory listing.
🚀 Getting Started Wizard
After activating the plugin, you'll be redirected to a 4-step setup wizard that walks you through connecting an AI provider, choosing a use case, and creating your first assistant — all in under 2 minutes. The wizard creates fully-configured assistants with tools, system prompts, and tuned temperatures so your site is working out of the box. You can access the wizard any time at NV oOS → Getting Started or directly at/wp-admin/admin.php?page=wp-mcp-ai-getting-started.
🌱 Beginner 3-Step Install (Try it on Your PC)
No live site. No API costs. No risk. The fastest way to try NV oOS is on your own computer using a free local WordPress environment. Follow the full walkthrough on the NV Digital Solutions blog: How to Test NV oOS on Your Own PC Using Local + Downloading the Plugin →
Install a local WordPress environment — Local by WP Engine or WordPress Studio is the easiest option (one-click install, no server config). Alternatives: XAMPP, MAMP, or DevKinsta.
Download the NV oOS plugin zip — grab the latest release from GitHub Releases (look for
mcp-ai-wpoos-x.x.x.zip), or use the Code → Download ZIP button for the current development snapshot.Upload, activate, and run the wizard — in your local WordPress dashboard go to Plugins → Add New → Upload Plugin, select the zip, activate it, and follow the 🚀 Getting Started Wizard. For a free local AI model (no API key needed), install LM Studio and point the wizard at
http://localhost:1234.
🗺 Single-file auto-installer (roadmap) — A single cross-platform installer that bootstraps the entire stack automatically is on the roadmap. See the App / Plugin Distribution Proposal for current status and the plan.
Requirements
Minimum Requirements:
- WordPress 6.0+
- PHP 7.4+ (PHP 8.0+ recommended)
- MySQL 5.7+ or MariaDB 10.3+
Optional Requirements for Enhanced Features:
- Node.js 14+: Required for image vectorization tools (
vectorize_imagetool) - PHP Functions:
proc_open,proc_close,proc_terminate(for Node.js integration and Process Service)- These functions are often disabled on shared hosting for security
- Can be enabled on Cloudways via Application Settings (see troubleshooting guide)
- JetEngine Plugin: For CCT storage and advanced content management tools
- WooCommerce: For e-commerce integration tools
- Elementor: For visual page builder widgets
Note: The plugin works without optional requirements, but some features will be disabled. See deployment troubleshooting for enabling disabled PHP functions.
For Developers (GitHub Clone)
✅ Production-Ready Repository
This repository includes production-optimized vendor dependencies with classmap-authoritative autoloading configured by default in composer.json. You can clone and activate immediately without running composer. Thecomposer installcommand is only needed if you want to update dependencies or add development tools.
⚡ Use a shallow clone
A full clone of this repository is ~10 GB due to its long history. Use--depth 1to download only the latest snapshot (~500 MB) — much faster and smaller. If you later need the full history, rungit fetch --unshallow.git clone --depth 1 https://github.com/nvdigitalsolutions/mcp-ai-wpoos.git
If you're cloning from GitHub:
Option 1: Cloudways and Managed Hosting (Recommended)
For Cloudways and similar managed hosting platforms, clone directly into the WordPress plugins directory:
# SSH into your server
# Navigate to WordPress plugins directory
cd /home/master/applications/YOURAPP/public_html/wp-content/plugins/
# Clone the repository (production-ready, no composer needed!)
# Use --depth 1 for a fast shallow clone (recommended for production)
git clone --depth 1 https://github.com/nvdigitalsolutions/mcp-ai-wpoos.git
cd mcp-ai-wpoos
# Verify you're in the correct directory
pwd # Should show the plugins path
# Optional: Only needed for frontend asset rebuilding or development
# npm install && npm run build
# Optional: Only run if you need to update dependencies or add dev tools
# Note: Autoloader optimization is now configured by default in composer.json
# composer install --no-dev
⚠️ Cloudways Important Notes:
- Always clone directly into
/home/master/applications/YOURAPP/public_html/wp-content/plugins/ - Do NOT clone elsewhere and then move/copy - this causes
getcwd() failederrors - Replace
YOURAPPwith your actual Cloudways application name
Option 2: Local Development or VPS
For local development or standard VPS hosting:
# Option A: Clone directly into WordPress plugins directory (recommended, production-ready!)
cd /path/to/wordpress/wp-content/plugins/
# Use --depth 1 for a fast shallow clone (recommended for production)
git clone --depth 1 https://github.com/nvdigitalsolutions/mcp-ai-wpoos.git
cd mcp-ai-wpoos
# Ready to activate! No composer or npm needed for production use.
# Option B: Clone and copy (also production-ready!)
# Use --depth 1 for a fast shallow clone (recommended for production)
git clone --depth 1 https://github.com/nvdigitalsolutions/mcp-ai-wpoos.git
cd mcp-ai-wpoos
cp -r . /path/to/wordpress/wp-content/plugins/mcp-ai-wpoos/
For Development Only:
# Only if you need to rebuild assets or modify dependencies:
npm install && npm run build
# Note: Autoloader optimization is now configured by default in composer.json
composer install --no-dev
Optional: Strip Dev Files for Production
If you are deploying via git clone to a production server with anti-malware / EDR scanning, the working tree will contain test fixtures that embed verbatim attack-payload literals (XSS canaries, SQL-injection samples, prompt-injection strings) used by the security test suite. These can occasionally trip signature-based scanners.
For a clean production tree, run the bundled strip script after cloning:
# Preview what would be removed
bin/strip-dev-files.sh --dry-run
# Remove tests/, docs/, bin/, .github/, .bmad/, .context/, examples/,
# phpunit.xml.dist, phpcs.xml.dist, dev configs, etc.
bin/strip-dev-files.sh
The script mirrors the exclusion list in .distignore (used for the WordPress.org SVN deploy) and the export-ignore rules in .gitattributes (used for GitHub-distributed ZIPs). It is idempotent and refuses to run on a working tree with uncommitted changes (override with --force).
Note: Do not run this on a development checkout — it removes the test suite, docs, and build tooling. It is intended for deploy targets that only run the plugin.
Final Steps
- Activate Open Operator System Complete (NV oOS) from WordPress admin
- You now have the complete version with all ~990 tools (~195 base + ~795 Pro; live count via
WP_MCP_AI_Tool_Registry::get_tools()is authoritative)
What you get from the repository clone:
- ✅ The full codebase — all ~990 built-in tools ready to use (~195 base + ~795 Pro; live count via
WP_MCP_AI_Tool_Registry::get_tools()is authoritative) - ✅ Single plugin activation (not separate base + pro)
- ✅ Pro features automatically available (no separate Pro plugin to install)
Notes:
- The repository includes
mcp-ai-wpoos-base.phpandaddons/pro/mcp-ai-wpoos-pro.phpwhich are used for building separate distributions but do NOT appear as separate plugins when cloning - Only the main plugin file (
mcp-ai-wpoos.php) has a plugin header in the repository - The build script adds headers to the other files when creating standalone distributions
Standard Installation
- Upload
mcp-ai-wpoos.zipto/wp-content/plugins/ - Activate NV oOS from the WordPress admin
- Go to Settings → NV oOS
- Enter your OpenAI API key
- Create a new “AI Assistant” in AI Assistants
- Add
[mcp_ai_chat assistant="123"]to a page or post
Optional: JetEngine Integration
⚠️ Third-Party Plugin (Not Included): JetEngine is a paid plugin from Crocoblock
JetEngine is completely optional - NV oOS works perfectly without it. However, if you want server-side chat transcript storage:
- Purchase and install JetEngine separately
- Enable the Custom Content Types module in JetEngine settings
- NV oOS will automatically provision the
ai_chat_transcriptsCCT for permanent chat storage
What works WITHOUT JetEngine:
- ✅ All core AI assistant features
- ✅ Chat interface and conversations
- ✅ ~195 base tools (more with optional third-party plugins)
- ✅ MCP server functionality (
/wp-json/mcp-ai/v1/) - ✅ Browser-based chat history (localStorage, 24 hours)
- ✅ OpenAI/Gemini/Anthropic/Ollama/Hugging Face/Cloudflare integrations
What requires JetEngine:
- ❌ Server-side chat transcript storage (chat history only in browser without it)
- ❌ 5 JetEngine-specific tools (see 🔌 Optional Tools & Dependencies)
🔌 What You Lose Without Third-Party Plugins
NV oOS works perfectly with vanilla WordPress, but certain features require third-party plugins (sold separately). Here's exactly what you lose without each plugin:
Without JetEngine (Crocoblock - Paid Plugin)
Lost Features:
- ❌ AI metaboxes for JetEngine CPTs/Taxonomies - No AI assistant integration on JetEngine edit screens
- ❌ Research & Add pages - No AI-powered content creation with automatic field mapping
- ❌ Server-side chat transcript storage - Chat history only stored in browser localStorage (24 hours)
- ❌ Cross-device chat synchronization - No database-backed conversation history
- ❌ Admin chat history access - Cannot view/audit conversations from admin panel
- ❌ Assistant CCT synchronization - Assistants only in WordPress CPT (MCP server still works perfectly)
Lost Tools (5 tools):
get_jetengine_items- Query JetEngine custom post typeslist_jetengine_rest_routes- List JetEngine REST API routesinvoke_jetengine_route- Execute JetEngine REST operationsget_jetformbuilder_forms- List JetFormBuilder forms (also requires JetFormBuilder)get_jetformbuilder_submissions- Get form submissions (also requires JetFormBuilder)
✅ Still Works: All core features, MCP server, ~195 base tools, AI conversations
Without WooCommerce (Free Plugin)
Lost Features:
- ❌ E-commerce automation - Cannot create or manage products via AI
- ❌ Order management - Cannot query or analyze orders
- ❌ Product catalog access - Cannot search or update product data
Lost Tools (3 tools):
create_woo_product- Build draft WooCommerce products with AI-generated descriptions, pricing, and imagesget_woo_products- Search and retrieve product catalog with pricing and stock statusget_woo_recent_orders- Summarize recent orders with billing details and totals
Use Cases Lost: E-commerce content generation, order fulfillment assistance, product merchandising
Without Elementor (Freemium Plugin)
Lost Features:
- ❌ Template management - Cannot list or reference Elementor templates via AI
- ❌ Elementor widgets - Cannot use pre-built chat/dashboard widgets (shortcodes still work)
Lost Tools (2 tools):
get_elementor_templates- List Elementor library templates with status, type, and edit linksimport_elementor_template_kit- Import Elementor template kits
Lost UI Components:
- Elementor Chat Widget
- Elementor Chat Intro Widget
- Elementor Dashboard Widgets (Tool Matrix, User Capabilities, Activity Feed, etc.)
✅ Still Works: Standard [mcp_ai_chat] shortcode, all AI features
Without Rank Math SEO (Freemium Plugin)
Lost Features:
- ❌ SEO analysis - Cannot query SEO scores or optimization recommendations
- ❌ Schema data access - Cannot retrieve structured data for posts
Lost Tools (1 tool):
get_rankmath_seo- Get SEO scores, focus keywords, robots metadata, and schema details for posts
Use Cases Lost: AI-powered SEO content optimization, SEO audit assistance
Without WPCode (Freemium Plugin)
Lost Features:
- ❌ Code snippet management - Cannot create or update code snippets via AI
- ❌ Custom functionality automation - Cannot automate adding hooks, filters, or custom code
Lost Tools (1 tool):
create_wpcode_snippet- Create or update code snippets with validation and activation control
Use Cases Lost: AI-assisted custom development, automated code snippet generation
Without Simple JWT Login (Free Plugin)
Lost Features:
- ❌ JWT token generation - Cannot generate JWT bearer tokens for headless WordPress integrations
Lost Tools (1 tool):
generate_simple_jwt_token- Generate JWT bearer tokens for authenticated API access
Use Cases Lost: Headless WordPress authentication, mobile app integration, SPA authentication
Summary: Third-Party Plugin Dependencies
| Plugin | Type | Tools Lost | Key Feature Lost |
|---|---|---|---|
| JetEngine | Paid (Crocoblock) | 5 | Server-side chat transcript storage |
| WooCommerce | Free | 3 | E-commerce automation |
| Elementor | Freemium | 2 + Widgets | Elementor template integration |
| Rank Math | Freemium | 1 | SEO analysis |
| WPCode | Freemium | 1 | Code snippet management |
| Simple JWT Login | Free | 1 | JWT token generation |
Total Impact: Without these plugins, you lose 13 tools but retain 74 core tools and all essential AI assistant functionality.
Base Version (Default)
NV oOS runs in Base Version mode by default, providing 95 essential tools that work with vanilla WordPress without requiring any third-party plugins:
Base Version includes 95 essential tools that work with vanilla WordPress:
- Content management (search, save posts, attachments)
- AI media generation (images via OpenAI/Gemini, speech, transcription, video)
- Research tools (web search, weather, disaster alerts)
- Site operations (health checks, logs, cron jobs, cache management)
- WordPress-native email (via wp_mail)
- Image manipulation (resize, crop, rotate, convert, vectorize to SVG)
- Graphic editing (local operations and AI-powered transformations)
- Profession and assistant management
- GitHub integration tools
- Google Maps Platform tools
Base Version excludes 31 tools requiring third-party plugins or external APIs:
- Third-party WordPress plugins (13 tools) - See 🔌 What You Lose Without Third-Party Plugins for details
- WooCommerce tools (3)
- JetEngine/JetFormBuilder tools (5)
- Elementor tools (2)
- RankMath/WPCode/Simple JWT Login tools (3)
- External API services (18 tools) - Require API credentials
- Google services (5)
- Social media integrations (8)
- External messaging services (4)
- QuickBooks (1)
Full Version Installation (Opt-in)
To enable the Full Version with all third-party integrations and external API tools, add this constant to your wp-config.php file:
define( 'WP_MCP_AI_BASE_VERSION', false );
📖 See BASE-VERSION.md for the complete tool list and customization options.
When to use Base Version:
- Starting fresh with WordPress
- Testing or development environments
- Simpler installations without external dependencies
- Sites that don't need e-commerce or advanced integrations
- Don't want to purchase/install third-party plugins
When to use Full Version:
- Production sites with WooCommerce, JetEngine, or Elementor already installed
- Sites needing social media automation (requires API credentials)
- Advanced workflows requiring external APIs
- Need server-side chat transcript storage (requires JetEngine)
📖 See detailed breakdown: 🔌 What You Lose Without Third-Party Plugins
📚 Documentation
NV oOS includes comprehensive documentation covering all aspects of the plugin. Documentation reorganized June 2026 — Unix-theory separation of concerns. All docs sorted into 12 purpose-driven directories with zero content loss.
📖 Documentation Hub
- Documentation Hub ⭐ Start here - Central navigation with organized categories
- Documentation Index - Complete map of all 1,600+ documentation files
- Architecture Overview - System architecture (13 providers, ~990 tool classes, 36 REST controllers)
- Request Flow Walkthrough - End-to-end chat request lifecycle trace
- Quick Reference Guide - Fast access to common tasks and commands
Essential References
- Tool Reference - All ~990 tools documented (~195 base + ~795 Pro; live count via
WP_MCP_AI_Tool_Registry::get_tools()is authoritative) - REST API Documentation - Complete API reference with examples
- Testing & Quality Report - Test results and code quality analysis
📦 Archive
- Historical Documentation — 50+ archived files from 2024-2025 development
- Docs Archive - Consolidated implementation history and superseded documentation
For New Users
- 🚀 Getting Started Wizard ⭐ NEW — 4-step guided setup that connects your AI provider, selects a use case, and creates a ready-to-use assistant in under 2 minutes. 8 presets available: Content Creator, Customer Support, E-commerce, SEO & Research, Developer Copilot, Media & Creative Studio, Site Administrator, General Purpose.
- Use Cases & Quickstart Guides ⭐ NEW - Comprehensive guide covering 7 major use cases with step-by-step quickstarts
- 5-Minute Quick Start - Get started immediately: from zero to first chat
- Setup Checklist - Step-by-step installation and configuration
- Remote Client Quickstart - Connect Claude Desktop, LM Studio, or other MCP clients
- Best Practices - Recommended usage patterns and optimization tips
For Developers
- Testing & Quality Report - Test suite results (2,106 tests, 73.4% pass rate), code quality analysis, security audit
- Code Review Master - Comprehensive code quality analysis (95/100 score)
- Action Items - Prioritized development tasks (180+ hours)
- Authentication Guide - Authentication methods and security
- MCP JSON-RPC 2.0 Endpoint - Model Context Protocol implementation
For Administrators
- Deployment Troubleshooting - Common issues and solutions
- Multisite Support - WordPress multisite configuration
- Rate Limit Protection - API rate limiting setup
- Mesh Routing Guide - Intelligent compute routing across sites and providers
- Federation & Discovery - Decentralized AI capability network with peer discovery and well-known endpoints
Performance & Optimization
- Message Bundling - Client-side message optimization
- High Token Tool Handling - Agentic loop token management
- Job Notification System - Real-time async job updates
- Chat Performance Optimizations - Complete performance guide
- Mesh Routing Guide - Intelligent compute routing across sites and providers
Historical Documentation
- Archive Directory - 95+ historical documents organized by category:
implementations/- Implementation summaries and technical detailsphases/- Development phase documentsfixes/- Bug fix summaries and issue resolutionsfeatures/- Feature documentationcode-reviews/- Code review reportstesting/- Test infrastructure documentation
⚙️ Configuration Checklist (Action Items)
Complete these after installation to unlock every integration point:
- Add your OpenAI API key in Settings → NV oOS → OpenAI API Key so API calls are authorised.
- Add your Gemini API key in Settings → NV oOS → Gemini API Key if you plan to route assistants through Gemini.
- Confirm or override the default model via Settings → NV oOS → Default Model (
gpt-4.1ships as the default). - Set a default Gemini model under Settings → NV oOS → Default Gemini Model when Gemini is enabled.
- Choose the default provider from Settings → NV oOS → Default Provider so new assistants know whether to use OpenAI or Gemini by default.
- Adjust the request timeout under Settings → NV oOS → Request Timeout (minimum 5 s, default 30 s) to match your hosting environment.
- Select a default assistant with Settings → NV oOS → Default Assistant so REST and shortcode requests have a fallback.
- Decide on logging with Settings → NV oOS → Enable Logging when you need verbose diagnostics.
- Monitor token usage in Settings → NV oOS → Token Usage Statistics to track API consumption across users, providers, and models for billing and budget management.
- Choose your uninstall behaviour via Settings → NV oOS → Remove Data on Uninstall if this site should purge assistants and settings during cleanup.
- Configure Crawl4AI access in Settings → NV oOS → Tools when you want the Crawl4AI tool to be available to assistants.
- Review attachment MIME overrides in Settings → NV oOS → Attachments before enabling file uploads for end users.
- Review Send Group Email permissions in Settings → NV oOS → Tools to choose the capability and recipient cap for the group email automation.【F:includes/admin/class-wp-mcp-ai-admin-settings.php†L348-L359】【F:includes/admin/class-wp-mcp-ai-admin-settings.php†L938-L953】
- Connect Gmail under Settings → NV oOS → Tools → Connections → Gmail to enable Gmail search tools with OAuth 2.0. See Google OAuth Setup Guide for complete configuration steps.
- Connect QuickBooks Online under Settings → NV oOS → QuickBooks Company ID / API Key so the bundled reporting tool can fetch finance statements for authorised operators.【F:includes/admin/class-wp-mcp-ai-admin-settings.php†L906-L955】
- Configure Mailjet credentials in Settings → NV oOS → Mailjet API Key / Secret / From Email / From Name before enabling Mailjet-powered tools or Elementor widgets that send email on behalf of assistants.【F:includes/admin/class-wp-mcp-ai-admin-settings.php†L1008-L1054】
- Enable Federation & Discovery (Optional) in Settings → NV oOS → Federation & Discovery to publish your site's AI capabilities via
/.well-known/ai-peerand optionally run a directory service for peer discovery. Configure regions, data tags, and rate limits to control how your site participates in the decentralized AI network.【F:docs/features/federation/federation-discovery.md†L1-L511】【F:FEDERATION-IMPLEMENTATION-SUMMARY.md†L1-L381】 - Configure Root Security Key (Optional) by adding
define( 'WP_MCP_AI_ROOT_SECURITY_KEY', 'your-secure-key' );to wp-config.php. This provides an additional security layer that can be enabled during emergency shutdown to require authentication before re-initializing the plugin.【F:docs/features/security/root-security-key.md†L1-L511】 - Enable Pro Dashboard (Optional) by adding
define( 'WP_MCP_AI_PRO_DASHBOARD_ENABLED', true );to wp-config.php. This activates the dedicated Pro Dashboard with ISO/IEC 27001 compliance monitoring, reporting, and management tools. See Pro Dashboard Documentation for details.
🧠 Language Model Providers (OpenAI, Gemini, Anthropic, Baseten, DeepSeek, OpenRouter, Kimi, DigitalOcean, NVIDIA NIM, Ollama, LM Studio, Hugging Face, Cloudflare)
A dedicated router transparently forwards chat completions to the active provider, allowing each request to target OpenAI, Gemini, Anthropic, DeepSeek, OpenRouter, Baseten, Kimi, DigitalOcean, NVIDIA NIM, a local Ollama instance, LM Studio, Hugging Face, or Cloudflare Worker AI while sharing the same assistant UX.【F:includes/class-wp-mcp-ai-language-model-router.php†L12-L86】 Configure the required API keys, default models, and the global default provider in Settings → NV oOS so new assistants inherit sensible defaults and administrators can switch providers without code changes.【F:includes/admin/class-wp-mcp-ai-admin-settings.php†L124-L333】【F:includes/admin/class-wp-mcp-ai-admin-settings.php†L505-L530】 Assistants can still override provider, model, and generation parameters on a per-post basis.
Privacy & Terms: All AI providers have specific terms and privacy policies:
Installing NV Digital Open Operator System (NV OOS)
This server has no published package — it is built from source. Open the repository and follow its README.
▸ github.com/nvdigitalsolutions/mcp-ai-wpoosFAQ
Is NV Digital Open Operator System (NV OOS) MCP free?
Yes, NV Digital Open Operator System (NV OOS) MCP is free — one-click install via Unyly at no cost.
Does NV Digital Open Operator System (NV OOS) need an API key?
No, NV Digital Open Operator System (NV OOS) runs without API keys or environment variables.
Is NV Digital Open Operator System (NV OOS) hosted or self-hosted?
Self-hosted: the server runs locally on your machine via the install command above.
How do I install NV Digital Open Operator System (NV OOS) in Claude Desktop, Claude Code or Cursor?
Open NV Digital Open Operator System (NV OOS) on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
Gmail
Read, send and search emails from Claude
by GoogleSlack
Send, search and summarize Slack messages
by SlackRunbear
No-code MCP client for team chat platforms, such as Slack, Microsoft Teams, and Discord.
Discord Server
A community discord server dedicated to MCP by [Frank Fiegel](https://github.com/punkpeye)
Compare NV Digital Open Operator System (NV OOS) with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All communication MCPs
