v1.2.5 — Current Release

The Plugin

Everything about integrations, roadmap, and how AOS Governance for WP works under the hood.

Download v1.2.5 → Free vs Pro ↓ How It Works
AOS Governance Dashboard — real-time policy enforcement with audit log, active policies, and integration status
Current Integrations

Three Layers of AI Governance

AOS Governance intercepts AI actions at three distinct levels. Each integration has its own hook mechanism and coverage.

🔌

WordPress Abilities API

Automatic

Any plugin that registers abilities through the WordPress Abilities API is automatically governed — zero configuration needed.

Hook: wp_register_ability_args
Method: Wraps permission_callback (primary) and execute_callback (safety net)
Coverage: 100% of registered abilities
Plugins: AI Experiments, MCP Adapter, any Abilities API user

🤖

AI Engine (Meow Apps)

Built-in

We've written native integration for AI Engine's MCP server, intercepting every tool call and mapping 39+ tools to governance abilities.

Hook: mwai_mcp_callback
Method: Pre-execution filter with tool name mapping
Coverage: 39+ MCP tools mapped to governance abilities
Denial: Throws Exception (AI Engine expects this)

🌐

REST / MCP Adapter

REST Interception

For any other MCP plugin that routes traffic through the WordPress REST API, we intercept at the REST layer — covering all /mcp/* routes.

Hook: rest_pre_dispatch
Method: Intercepts REST requests, extracts tool/ability info
Coverage: All MCP traffic via REST API
Plugins: MCP Adapter (Automattic), any REST-based MCP server

Integration Roadmap

What's Coming Next

We're actively monitoring the WordPress AI ecosystem and adding integrations as plugins mature.

Shipped v1.2.5 — Analytics, AOS Attest & AI Engine

Analytics Dashboard with Chart.js visualizations. AOS Attest immutable audit ledger via GitHub API with SHA-256 hash chains. AI Engine integration with 39+ MCP tools. Email alerts, menu icons, and more.

Research Convoworks WP

No-code MCP server builder for WordPress. Investigating whether it uses the Abilities API (auto-governed) or custom hooks.

Research FlowMattic MCP

Automation platform with MCP capabilities. Investigating hook architecture for built-in integration.

Planned SEO Engine (Meow Apps)

Extends AI Engine — our existing AI Engine hook may already cover this. Verification needed.

Tracking WordPress 6.9 Core

The Abilities API may merge into WordPress core in 6.9. When it does, all plugins using it will be automatically governed.

Using an AI plugin we don't list? Let us know — we prioritize by community demand.

Free vs Pro

Feature Comparison

Everything in the free Community tier is yours forever. Pro unlocks enterprise-grade monitoring, compliance, and control.

Feature Free Pro
✅ Community — Included Free
Constitutional Policy Gate
Deterministic AI governance — zero LLM in the loop
6 Built-in Security Policies
Admin creation, file editing, plugin installs, etc.
Custom Policy Builder
Visual condition builder with ability picker
Immutable Audit Log
Tamper-evident logging with checksums
Simulation Testing
Run batch test scenarios through the pipeline
Full REST API
Policy and audit log API access
📊 Governance Score
0-100 site governance health rating with recommendations
🚨 Emergency Kill Switch
One-click disable ALL AI access with auto-expire timers
⭐ Pro — Available Now
📧 Real-Time Email Alerts
Instant notification when high-risk actions are denied		 🔒
⏰ Scheduled Policies
Time-based rules — restrict AI to business hours		 🔒
🔐 IP Allowlisting
Restrict AI agent access by IP address or range		 🔒
📈 Audit Log Export
CSV/JSON export for compliance and archival		 🔒
📦 Policy Import / Export
Share configurations across sites with JSON		 🔒
📊 Advanced Analytics Dashboard
6 interactive Chart.js visualizations		 🔒
🔗 AOS Attest — Immutable Audit Ledger
Push governance data to GitHub as tamper-proof SHA-256 evidence		 🔒
🗺️ Pro Roadmap — Coming Soon
✋ Human-ON-the-Loop Approval Queue FLAGSHIP
Route risky actions to admin for approval — agents wait		 🔒 🗺️
⚡ Rate Limiting / Throttling
Limit actions per agent per time window		 🔒 🗺️
📜 Policy Versioning & Rollback
Git-style history with one-click rollback		 🔒 🗺️
🎥 MCP Session Recording
Flight recorder for AI agent sessions		 🔒 🗺️
📄 Compliance Report Generator
One-click SOC2/HIPAA/GDPR PDF reports		 🔒 🗺️
🔔 Webhook Integrations
Slack, Discord, Teams, custom webhook		 🔒 🗺️
🤖 Agent Profiles & Trust Levels
Per-agent behavioral tracking and scoring		 🔒 🗺️
🌐 Multi-Site Network Governance
Centralized governance across WordPress network		 🔒 🗺️
🏪 Policy Marketplace FLAGSHIP
Install HIPAA, SOC2, or community policy packs		 🔒 🗺️
⚠️ Cross-Agent Conflict Detection
Auto-detect policy contradictions		 🔒 🗺️
💎 All Pro Plans Include
🎯 Priority Support
Direct email with 24-hour response guarantee		 🔒
Get Pro — Starting at $99/year →

🔒 30-day money-back guarantee • Instant activation

Architecture

How the Gate Works

The policy gate sits between AI agents and WordPress. Every action passes through deterministic evaluation.

Five Hooks, One Gate

All integrations funnel into a single policy evaluation engine. Whether the action arrives via the Abilities API, AI Engine, or raw REST, the same policies are applied:

  1. wp_register_ability_args — Abilities API (auto)
  2. rest_pre_dispatch — REST / MCP routes
  3. rest_pre_dispatch — SSE endpoint protection
  4. mwai_mcp_callback — AI Engine tools
  5. mwai_allow_mcp — AI Engine access control

Deterministic Evaluation

The gate uses zero AI in its decision-making. Policies are simple, auditable rules:

  • No LLM calls — pure PHP conditionals
  • No external API calls — runs entirely local
  • Sub-millisecond evaluation (<1ms)
  • 100% deterministic — same input always produces same result
  • Full audit logging of every decision
  • Alert system (email/webhook) on denials
Changelog

Version History

Latest v1.2.5 February 18, 2026
  • NEW: Governance Score — 0-100 composite health rating with SVG gauge, grade letter, factor breakdown, and actionable recommendations
  • NEW: Emergency Kill Switch — one-click deny ALL AI access with auto-expire durations (1h/4h/24h/indefinite)
  • NEW: Analytics Dashboard — 6 Chart.js visualizations (daily activity, decision distribution, agent breakdown, ability heatmap, hourly patterns, top denied policies)
  • NEW: AOS Attest Immutable Audit Ledger — push audit entries to GitHub as SHA-256 hash-chained evidence (Pro)
  • NEW: AOS Attest repo link — dynamic "Open" button next to repo input
  • NEW: Email alert system — real-time deny notifications with WP Cron scheduling (Pro)
  • NEW: Go Pro page — 4-section feature comparison (Community, Pro, Pro Roadmap, All Plans)
  • NEW: Emoji icons on all admin menu items for visual distinction
  • FIX: AOS Attest settings persistence — second save no longer shows false failure
  • FIX: Chart.js bundled locally to comply with WordPress Plugin Check standards
  • FIX: Chart rendering infinite scroll bug (canvas container constraints)
v1.1.1 February 17, 2026
  • NEW: AI Engine (Meow Apps) MCP integration via mwai_mcp_callback
  • NEW: Tool name mapping — 39 AI Engine tools → governance abilities
  • NEW: Integration Status panel on WP dashboard
  • FIX: wp_register_ability_args hook — was wrapping wrong key
  • FIX: Compact integration pills with per-integration test buttons
v1.0.0 February 17, 2026
  • Initial release
  • WordPress Abilities API integration
  • REST API interception for MCP routes
  • Policy engine with ability/agent/schedule matching
  • Audit log with full-text search
  • 8 built-in test scenarios (simulation runner)
  • Email and webhook deny alerts
  • Agent detection (Claude, GPT, Cursor, VS Code, etc.)

Ready to Govern AI?

Install the free plugin and have constitutional governance running in under a minute.

Download Free Plugin →