Skip to content

v1.18.0 — server-enforced approval grants

Choose a tag to compare

@BenKalsky BenKalsky released this 07 Jul 13:31
231a64f

Server-enforced Ed25519 approval grants for governed Elementor writes

The second plank of P0.2 — the moat no competitor has: EMCP-grade breadth with server-enforced human approval on the destructive edits.

When SiteAgent's Ed25519 grant regime is active (a gateway key is provisioned) and grant enforcement is opted in for this plugin, a governed write must present a valid X-Aura-Approval-Grant bound to its exact tool + params. Verified via SiteAgent's Aura_Worker_Grant::verify() (signature, tool/params/site binding, validity window, single-use nonce).

Checked before the tool runs

The grant is verified before the callback executes — so a create-style tool (create-page, build-page, theme-template / popup creation) cannot even wp_insert_post() an unauthorized draft before approval. Missing grant → governance_grant_required; rejected → governance_grant_invalid; neither executes.

Previews are exempt (schema-driven, no hardcoded list)

A grant is skipped only for a dry-run preview: a tool is preview-capable iff its input schema declares an apply flag (the a11y/SEO generators). Such a tool invoked with apply falsy writes nothing and needs no grant. Everything else — edits and create-style writes — is gated. The grant binds to the exposed MCP tool name (/-, e.g. elementor-mcp-update-element), matching what the gateway signs.

Opt-in — cannot brick governed sites

Enforcement is OFF by default even when a gateway key exists. SiteAgent enforces grants for its own tools the moment a key is provisioned, but the gateway must also be minting grants for this plugin's tool names first — otherwise every Elementor edit would be denied. Operators enable it (elementor_mcp_require_grants option / filter, or emcp_governance_require_grants()) once the gateway is issuing Elementor-tool grants. With no key or the opt-in off, writes proceed exactly as before. The opt-in is cleared on uninstall.

Combines with 1.17.0's capture-before-write snapshot: an approved write is still snapshotted and rolled back on failure.

Tests

Full suite 657 green; 24 GovernanceFunctionalTest cases. Converged over 6 Codex review rounds — the create-tool-insert-before-write and preview tensions drove the design to "grant before the callback, preview detected from the schema apply flag."