Axtolab AI Connector

1.0.3

Permission and consent behavior now line up across the admin UI and the MCP tool surface.

• Improved: Connection Manager now owns per-connection tool families and sensitive-action behavior, making the activation/behavior split clearer for each AI client.
• Improved: MCP clients now only see tools allowed by the active connection’s tool-family permissions.
• Improved: wp_get_my_capabilities now reports the active connection’s actual tool families and allowed tool list.
• Fixed: Application Password fallback resolution now supports newer WordPress password hashes, keeping per-connection permissions accurate when the auth hook is bypassed.
• Fixed: The connection wizard’s “Configure this connection” button now opens the Connection Manager reliably after creating a token.

1.0.2

WooCommerce tools are now included in the free connector.

• Added: WooCommerce MCP tools for products, orders, product price updates, bulk price adjustments, and coupon creation when WooCommerce is active.
• Added: WooCommerce guardrail settings for AI-driven price and coupon writes.
• Improved: WooCommerce writes are captured in Logs & Roll Back so product price and coupon changes can be reverted.
• Improved: WordPress 6.8+/6.9+ optional integrations remain safe on the plugin’s WordPress 6.2 minimum.

1.0.1

Bug fix release for the connection wizard.

• Fixed: Connection wizard could fail with “Network error” on the final Create step on WordPress 6.8 and newer, even when Verify reported authenticated successfully. The wizard now matches the pasted Application Password using the same WordPress core helper as the authentication subsystem (which supports the new fast-hash format introduced in WordPress 6.8), so connections are created correctly.
• Improved: The wizard surfaces the actual server-side error message on HTTP failures instead of always showing the generic “Network error” string, making future failures easier to diagnose.

1.0.0

First public WordPress.org release.

Highlights:

• WordPress 7.0 QA verified. Tested on a real WordPress 7.0 testbed, including the Abilities API bridge, admin UI, media/upload flows, auth methods, and deactivate/reactivate behaviour.
• Health and ping endpoints. /wp-json/axtolab-ai-connector/v1/ping and /health-check report connection status and the installed plugin version.
• Roll Back / Undo on every write. Every AI-driven create, update, publish, trash, or restore action captures a before/after snapshot. Revert any change with one click from the Logs & Roll Back admin page.
• MCP tools across content authoring, media management, taxonomy, authors, Yoast SEO, stock photos, image generation, upload portal, connection introspection, and Roll Back.
• Two authentication methods. Application Passwords (HTTP Basic) for Desktop AI clients, and OAuth 2.1 with PKCE S256 + dynamic client registration (RFC 7591) for Web AI clients on the MCP-over-HTTP transport.
• Capability-group-driven tool filtering on the MCP transport — operators choose what AI agents on each connection are allowed to do (read, create_edit, publish, trash_restore, media_manage, taxonomy, authors, seo, image, upload_portal).
• Provider-neutral SEO tools that auto-detect Yoast or Rank Math, with the legacy Yoast-specific tools retained for backwards compatibility.
• Confirmation-token flow required for destructive operations (publish, trash, restore) — a single-use token must be issued before the action proceeds.
• Per-connection privilege model — every MCP connection authenticates as a WordPress user (chosen by the administrator during setup, via the Application Password wizard); the plugin never creates WordPress users or roles. Connection capability set and the user’s WordPress role layer to determine what each tool call can do.
• Submission readiness pass — feature settings stand alone (no inline upsells), all third-party services disclosed in the External Services section, the .mcpb Claude Desktop installer is hosted as a GitHub Release asset and linked from the setup page.