Skip to content
MCPWP

Changelog

3.3.9

Section titled “3.3.9”
  • fix(ux): Staging tools (wp_get_staging_info, wp_push_to_staging, wp_push_to_live, wp_get_staging_status) now appear in tools/list on all plans — non-Pro calls return a clear upgrade prompt instead of being silently absent
  • fix(ux): MCP server instructions include a Pro-features-not-active section when site is unlicensed

3.3.8 (Alpha)

Section titled “3.3.8 (Alpha)”
  • feat: Staging environment management — push between WP Engine, Kinsta, Pressable environments via MCP tools
  • feat: Approval gate on staging → live pushes — irreversible operations require human sign-off

3.3.7

Section titled “3.3.7”
  • Security hardening: SSRF allowlist on media import, scheme validation, per-request auth for batch sub-requests
  • wp_rendered_copy endpoint — structured visible text from live rendered pages (headings, paragraphs, buttons, alt text)
  • wp_cache_flush endpoint — flush W3TC, WP Super Cache, LiteSpeed, WP Rocket, Cloudflare cache (Pro)
  • Batch auth: X-SPAI-Batch-Sub-Request header replaced by unforgeable static property — prevents rate-limit bypass

3.3.3

Section titled “3.3.3”
  • require_pro() gate on all Pro REST endpoints
  • Removed hostname routing vulnerability
  • Fixed rate-limit identifier collision
  • wp_bulk_upload_media SSRF allowlist, scheme check, 20-item cap

3.2.1

Section titled “3.2.1”
  • cosmetic rename spai → mcpwp across codebase
  • Dual-emit webhook + MCP aliases for backward compat

3.2.0

Section titled “3.2.0”
  • MCP OAuth 2.1 server — connector sign-in flow
  • Agency Gateway (proxy.mcpwp.net) — one key, multiple sites
  • Security: SSRF protection, token revocation, UUID IDs, per-tenant encryption, tools/list scoping

3.1.0

Section titled “3.1.0”
  • 258 MCP tools across 15 categories
  • Double-gated release (correctness + adversarial review)

2.8.56

Section titled “2.8.56”
  • Last release under site-pilot-ai slug before mcpwp rename
  • Dual-prefix API key auth: accepts both spai_* and mcpwp_* keys during cutover

2.8.31

Section titled “2.8.31”
  • Freemius update hook registration fixed — plugin + update-core screens now clear stale update checks
  • CLI-safe host fallback before Freemius SDK init

2.2.x

Section titled “2.2.x”
  • Shared-host-safe elementor_data_base64 for WAF-protected hosts (HostGator, ModSecurity)
  • Operator admin polish: onboarding, update recovery, Library health

2.1.0

Section titled “2.1.0”
  • Image-based design references — store screenshots/mockups as reusable site assets
  • build_from_design_reference workflow

2.0.0

Section titled “2.0.0”
  • Reusable Elementor parts, page archetypes, WooCommerce product archetypes
  • Figma integration (personal token + OAuth)
  • Guided site character authoring + llms.txt output

Full changelog: CHANGELOG.md on GitHub