LolaCore – AI Admin Agent

Changelog

1.4.1

• Fix: Resolved a critical “Bad Request (400)” error triggered by orphan tool_call_ids during multi-tool execution (e.g. bulk plugin updates). The root cause was non-deterministic message ordering — MySQL’s 1-second datetime resolution caused tool responses to appear out of sequence when multiple tools executed within the same second.
• Fix: Message history query now uses the auto-increment primary key for ordering instead of the datetime column, guaranteeing insertion-order fidelity regardless of timestamp collisions.
• Fix: The history sanitizer now detects and drops stale tool messages that reference tool_call_ids never declared by any assistant message in the session.
• Improvement: Added a defense-in-depth architecture for tool_call/tool_response pairing with four validation layers: deterministic DB ordering, history sanitizer with per-ID logging, post-sanitization assertion, and an HTTP-layer safety net that patches orphans in the final API request body.
• Improvement: Sanitizer telemetry now logs the exact orphaned tool_call_ids and function names, replacing the previous generic message.

1.4.0

• Feature: Skills.MD — Lola can now author, store and apply behavioral skills described in plain Markdown with YAML frontmatter. Skills inject specialized instructions into Lola’s reasoning under deterministic conditions (always-on, keyword triggers, or environment conditions) without touching PHP.
• Feature: Skills are loaded from four sources with documented precedence (built-in, addon-registered, user filesystem at wp-content/lolacore-skills/, and database). The lolacore_register_skills filter lets addons register their own skill directories.
• Feature: Settings → Skills panel — visualize every loaded skill grouped by origin, toggle each one on or off, view the source markdown, import skills from .md files, and configure advanced parameters (max active, char budget, max per prompt).
• Feature: Conversational skill authoring — ask Lola “create a skill that…” and she generates the markdown, saves it inactive, and asks before activating. Full toolset: addSkill, activateSkill, deactivateSkill, updateSkill, deleteSkill, listSkills.
• Architecture: Single-axis state model for skills. Each skill is either active (firing) or inactive (off) — managed by one toggle in the admin, one verb in the chat. Runtime diagnostics (no-triggers, incompatible, unmet-dependencies) surface as informational badges, not as states the user manipulates.
• Architecture: Two-layer skill cache — hot transient with filesystem-hash validation and cold snapshot in wp_lolacore_config (capped at 1 MB serialized) — keeps the loader budget under 5 ms on the cache-hit path.
• Architecture: Skills system is gated behind a master toggle (Beta) so the entire feature can be disabled with a single switch without uninstalling.
• Database: Migration to schema version 0.3.0 — adds the wp_lolacore_skills table and consolidates legacy in-progress states into the unified active/inactive model.
• Improvement: SystemPromptBuilder enforces a ground-truth rule (listSkills before answering any state question) that prevents Lola from confabulating phantom skills from stale session summaries.
• Improvement: Session summaries now respect the language the user spoke in during the conversation rather than forcing a single locale.

1.3.0

• Performance: Memory fact extraction (extractFacts) is now deferred out of the user-facing response path via a non-blocking background request. Reduces perceived response time by ~5–19s on fact-heavy sessions (47% of observed median latency). Compatible with all PHP SAPIs — uses fastcgi_finish_request() on PHP-FPM (Linux/production) and wp_remote_post(blocking=false) with HMAC authentication on CGI/other environments.
• Performance: DeepSeek V4 think-mode is now disabled for the intent classifier call. The classifier task is pure JSON categorization — disabling reasoning reduces classifier latency by ~34% with no accuracy regression.
• Fix: Meta-tool query patterns (“¿qué puedes hacer?”, “¿qué funciones tienes?”) were stored with mojibake-encoded characters that never matched real UTF-8 input. Replaced with accent-agnostic character classes (qu[eé], cu[aá]ntas, etc.).
• Fix: Holistic and meta-intent detectors now inspect only the current user message, not the conversation history window. Eliminates false positives on subsequent turns when a prior message happened to contain a capability-query phrase.

1.2.0

• Feature: Memory Bootstrap — Lola now seeds baseline facts from each active addon on activation and refreshes them every 6 hours via a unified background job. Compatible addons (WooCommerce Pro, WPCode Snippets, Fluent Support) contribute live site-state data so Lola has meaningful context from the very first conversation, with no manual “remember this” prompting required.
• Feature: Holistic monitoring queries (“what needs my attention?”, “give me a full site overview”, “morning briefing”) now automatically activate the full tool set across all active domains without requiring a round-trip escalation. Extensible via the lolacore_holistic_monitoring_patterns filter.
• Architecture: Added MemoryBootstrapInterface and MemoryBootstrapRunner with an adaptive global budget (24 baseline facts, minimum 2 guaranteed per addon, competitive allocation by importance score). Bootstrap facts are immune to the memory decay engine and capped at 40% of the context window to prevent crowding out conversational memory.
• Improvement: Category affinity map expanded with bidirectional links across all Business Bundle domains (WooCommerce Pro ↔ WPCode Snippets ↔ Fluent Support). Cross-addon queries now resolve in a single pass without requiring a follow-up escalation.
• Improvement: The semantic intent classifier maximum category cap is now adaptive — scales from 3 to 5 based on the number of active addon domains, allowing genuine multi-domain queries (e.g., “compare my WooCommerce revenue against open support tickets”) to resolve correctly on complex sites.
• Fix: Resolved “insufficient tool messages following tool_calls message” (HTTP 400) errors that could surface after an abandoned write confirmation, leaving the chat session permanently broken until reload. Affected DeepSeek and OpenAI-compatible providers.
• Fix: Added a defensive history sanitizer that detects orphan tool_call_ids in stored conversation history and injects synthetic placeholders before each provider request, preserving the assistant→tool pairing contract required by the OpenAI message format.
• Fix: Widened executor exception capture from \Exception to \Throwable so that a TypeError in any Domain Handler still produces a valid tool message instead of orphaning the assistant’s tool_call.
• Fix: Provider responses with missing or null tool_call_id are now backfilled with a synthetic UUID, preventing silent round-trip pairing failures.
• Fix: Memory extraction job now uses an explicit 30-second transport timeout, eliminating silent extraction failures (cURL error 28) on reasoning-capable providers such as DeepSeek.
• Fix: DeepSeek V4 reasoning_content is now re-injected only when the assistant message includes tool_calls, following the V4 spec exactly. Previously re-injected unconditionally, wasting 500–2,000 tokens per conversational turn.
• Improvement: DeepSeek V4 models (deepseek-v4-pro, deepseek-v4-flash) now appear first in the model selector. Legacy V3 models (deepseek-chat, deepseek-reasoner, deprecated 2026-07-24) are sorted last.
• Improvement: Reduced average token usage per request by ~30–40% through four independent optimizations: system prompt restructuring to maximise prefix cache hits, site scan summary compression (JSON → compact text), adaptive memory budget that scales with message length (10/20/30 facts), and tool schema description compression for always-present tools.

1.1.3

• Architecture: Major overhaul of the Long-Term Memory persistence pipeline to prevent “amnesia” and ensure context retention across sessions.
• Architecture: Introduced “Immortal Facts” (is_pinned schema column). Important memory facts can now be pinned, making them permanently immune to the decay relevance engine.
• Architecture: Importance-Aware Decay. The memory decay formula now scales mathematically based on fact importance — critical facts decay 2x slower than trivial observations.
• Feature: Proactive Memory Directives. Lola is now instructed at the system-prompt level to automatically save structural decisions, stack choices, and business preferences without waiting to be told “remember this”.
• Feature: Contextual Fact Boosting. The retrieval engine now dynamically filters and boosts memory relevance in real-time based on keyword matches with your current chat message.
• Feature: Session Summary Persistence. Chat session summaries are now preserved as high-priority memory facts instead of being destructively overwritten by the newest session.
• Fix: Multi-Turn Memory Extraction. The background memory extraction job now observes the last 5 conversation turns (instead of just 1), preventing blind spots in extended discussions.
• Fix: Model Desync. Memory extraction now actively resolves the selected AI provider/model from settings, fixing a bug where extraction would fail silently on non-default models like DeepSeek.
• Fix: Scanner Budgeting. Scanner-generated facts (site_state) are now hard-capped at 35% of the memory window, preventing plugin lists from crowding out actual conversational memory.
• Fix: Added robust local PHP diagnostic logging (via error_log) to the memory extraction background job to eliminate silent failures.
• Compliance: Replaced hardcoded AJAX endpoint with dynamically localized URL via wp_localize_script.
• Compliance: Migrated widget state injection from inline script tag to wp_add_inline_script for WordPress enqueue standards.
• Compliance: Updated DOMPurify to 3.4.2 and marked.js to 18.0.3 (latest stable releases).
• Compliance: Escaped all dynamic values in exception messages across all Domain Handlers (esc_html).
• Compliance: Converted raw DB_NAME concatenation to $wpdb->prepare() in database size query.
• Compliance: Fixed translators comment placement for PHPCS MissingTranslatorsComment compliance.
• Compliance: Removed development-only files (scratch.php, extractor.php) from plugin root.

1.1.2

• Architecture: Complete refactoring of ActionExecutor into 12 modular Domain Handlers (ContentHandler, PluginHandler, UserHandler, SystemHandler, MediaHandler, MetaHandler, TaxonomyHandler, CommentHandler, NavigationHandler, MemoryHandler, WooReadHandler, WooWriteHandler) behind a HandlerRouter with ActionHandlerInterface contract.
• Architecture: Introduced HandlerRouter with deterministic dispatch — each handler declares its owned actions via getSupportedActions(), eliminating the monolithic switch/case in ActionExecutor.
• Feature: Added getDiscoveredAbilities tool for Lola to introspect all registered WordPress Abilities at runtime.
• Feature: Added manageRoles tool enabling Lola to create, delete, and modify WordPress user roles and capabilities from chat.
• Fix: Intent Router reordering — meta-intent detection (Layer 0.5) now executes before keyword matching (Layer 1), preventing false-positive category captures on meta-queries like “What tools do you have?”.
• Fix: Enabled ‘meta’ as a valid category in the semantic classifier (Layer 2), providing a second safety net for meta-queries that bypass Layer 0.5.
• Fix: Plugin search (searchPlugins) now handles both object and array response formats from the WordPress.org plugins_api(), resolving empty results on certain PHP/WP versions.
• Fix: Chat UI now auto-links plain-text URLs in assistant responses, converting them into clickable links.
• Fix: Export download links (.xml, .json, .csv, .zip) now include the HTML download attribute, forcing browser download instead of inline rendering.
• Fix: URL autolink regex excludes backtick characters to prevent trailing %60 in generated links.
• Improvement: Keyword inference from tool descriptions is now isolated from meta-query routing, reducing false-positive matches in the intent router.
• Improvement: Removed legacy direct-method dispatch from ActionExecutor — all 51 actions now route exclusively through Domain Handlers.
• Improvement: Addon integration updated — WooCommerce Pro tools route through category affinity system for reliable domain escalation.
• Architecture: New LolaCore\I18n namespace with ErrorMessages and StatusMessages classes — every user-facing string is now centralized and WordPress i18n-ready (__() wrappers for future translation).
• Architecture: Backend error sanitization via ErrorMessages::wrapServerError() — stack traces, PHP class names, and raw exception details are filtered before reaching the frontend.
• Improvement: Chat error messages rewritten for cognitive ergonomics — first-person voice, no jargon, actionable next step in every message.
• Improvement: Replaced emoji-prefixed error indicators (⚠️) with CSS-driven visual treatment (.lola-error-message class with salmon accent border and tinted background).
• Improvement: appendMessage() in chat JS now accepts an isError flag for proper error styling without breaking Markdown rendering or autolink functionality.
• Improvement: All hardcoded error strings in Controller.php, Settings.php, and WPAIClientAdapter.php replaced with centralized ErrorMessages / StatusMessages method calls.

1.1.1

• Fix: Added full taxonomy assignment support (categories and tags) to createContent and editContent.
• Fix: Added featured_image assignment support to createContent and editContent.
• Feature: Added uploadMedia tool to allow autonomous sideloading of external images into the Media Library.

1.1.0

• UI Redesign: Complete overhaul of the settings panel to match LolaCore’s design system.
• Feature: Added ability to manage Lola’s persistent memory directly from the settings panel (Maintenance ops: Scan, Export, Import, Compact).
• Feature: Autonomous Tool Escalation added. Lola can now dynamically break out of restricted domains when she determines a tool is needed but restricted.
• Improvement: Modularized system prompt generation and unified safety toggles using a SafetyConfig architecture.
• Improvement: Integrated addon infrastructure (Door 4 & 5) enabling unified management and license validation for extensions like WPCode.
• Improvement: Minor UI updates and padding adjustments for broader screen compatibility.

1.0.2

• Fix: Preserved raw HTML/code syntax in user chat messages without stripping tags.
• Enhancement: Implemented Markdown rendering in chat UI for rich text, tables, and formatted code blocks (ChatGPT-like experience).
• Enhancement: Enqueued marked.js and DOMPurify for secure frontend Markdown parsing.

1.0.1

• Added: lolacore_execute_external_action filter for external addon action dispatch.
• Added: lolacore_sop_map filter for dynamic SOP injection by addon plugins.
• Improvement: LolaCore is now fully extensible for third-party addon plugins.

1.0.0

• Initial public release.
• 51 abilities across 13 domains (27 read + 24 write).
• Persistent memory engine with decay-based relevance scoring.
• Algorithmic site scanner with 11 data collection modules.
• 13 dedicated WooCommerce tools — products, orders, customers, coupons, categories, sales reports.
• Built on the WordPress 7.0 native AI Client — zero external production dependencies.
• All abilities exposed via the WordPress Abilities API.
• MCP server compatibility — works with Claude Desktop and any MCP client.
• Intent router — filters abilities per message to reduce token usage and improve accuracy.
• Floating chat widget with drag, minimize, and session persistence.
• Preview → Confirm → Execute pattern for all write operations.
• Safety guards: self-deactivation block, last-admin protection, delete limit warnings.
• Three AI providers supported: Anthropic, OpenAI, DeepSeek.