Open for Agents: AI Toolkit with MCP

Description

Open for Agents is the WordPress control layer for the machine-readable web. In plain language, it lets site owners review and control what AI agents can discover and use.

The plugin starts from a conservative position. Nothing is publicly published until an administrator enables it. Write actions remain off until they are individually reviewed and enabled, and execution remains unavailable unless a trusted approval verifier attests the visitor’s exact approval.

What it provides

  • A guided Setup, Review, Validate, Publish, and Verify workflow in wp-admin.
  • Read-only standard tools for public WordPress content, navigation, search, and WooCommerce discovery.
  • Scanning for WordPress core, Contact Form 7, WPForms Lite, WooCommerce, and selected custom REST or AJAX surfaces.
  • Public discovery through well-known resources, llms.txt, API Catalog, MCP Server Card, Agent Skills, and optional Agentic Resource Discovery output.
  • An optional browser WebMCP runtime for reviewed same-origin page actions.
  • A read-only MCP Streamable HTTP endpoint.
  • Disabled-by-default transactional tools with explicit administrator opt-in, trusted visitor-approval attestation, replay protection, budgets, and audit history.
  • AI crawler and Content Signal controls for WordPress-generated robots.txt.
  • JSON export, validation, readiness scoring, diagnostics, and scan history.

All capabilities included in this plugin are available without a paid upgrade or license key.

Safety model

Open for Agents does not turn every detected form or endpoint into a public tool. Administrators review proposed actions before publishing. Public exports exclude private, sensitive, dangerous, or unapproved actions. Transactional tools use separate controls and do not include checkout, payment, order placement, or account changes.

Optional integrations

Deep scan can accept rendered page reports from a compatible integration through the documented open_for_agents_deep_scan_report WordPress filter. If no renderer is configured, the plugin falls back to its normal static scan and records a warning. Open for Agents does not send scan data to an Enoki Limited service.

The separately distributed Open for Agents Assistant is optional and is not included in this WordPress.org package. The core plugin works without the Assistant or a model provider. Installing the add-on does not include access to the Open for Agents hosted gateway, which is currently limited to the official demo and selected approved deployments.

Form integration status

  • WooCommerce 10.5.1 and 10.9.4: tested discovery and coarse product availability, session-bound read-only cart inspection, certified visitor-approved reversible cart tools, and declared HPOS compatibility.
  • Contact Form 7 6.1.5 and 6.1.6: tested detection, reviewed publication, and certified per-form execution for supported single-page text, email, URL, telephone, textarea, choice, and checkbox fields.
  • WPForms Lite 1.9.9.2 and 1.10.2.1: tested detection, reviewed publication, and certified per-form execution for supported single-page text, textarea, email, URL, phone, number, choice, checkbox, name, and address fields.

For every executable provider, captcha, acceptance/consent, payment, upload, account, signature, calculation, and multi-page workflows remain blocked. Generic REST and AJAX mining is lower-confidence discovery for administrator review, not native provider support.

Detection never means automatic publication or execution. Administrators still review discovered actions, and every eligible form submission requires framework enablement, exact per-form opt-in, and a separately registered trusted approval verifier.

External services

The core plugin does not contact an external service operated by Enoki Limited or another provider.

Published MCP Server Card and Agent Skills discovery documents contain $schema identifiers hosted at static.modelcontextprotocol.io and schemas.agentskills.io. These strings identify the public document formats. Open for Agents does not request those URLs, transmit data to them, or require those sites to be available.

Deep scan is an optional developer integration point, not a bundled external service. The plugin passes a page URL and non-secret request settings to locally installed code attached to the open_for_agents_deep_scan_report filter only when an administrator enables deep scan. Authentication cookies, authorization headers, and WordPress nonces are never passed to that filter. If a site developer connects the filter to an external renderer, that separate integration must disclose its provider, transmitted data, terms, and privacy policy. Without an integration, Open for Agents uses its same-site static scan and sends nothing externally.

Documentation: Open for Agents documentation

Live demo: Open for Agents live demo

Privacy

The core plugin does not create an account with Enoki Limited, load remote tracking code, or transmit site data to an Open for Agents service.

Normal scanning and verification make HTTP requests to the WordPress site’s own public or administrator-authorized same-origin URLs. Authenticated scan cookies are used only for same-origin requests during that scan and are never included in public output.

If a site developer connects a third-party rendering service to the deep-scan filter, page URLs, request context, or rendered content may be processed by that service. The site operator is responsible for documenting and governing that separately configured service.

Privacy policy: Open for Agents privacy policy

Terms: Open for Agents terms

Screenshots

Installation

  1. Install and activate Open for Agents from the WordPress Plugins screen.
  2. Open Open for Agents > Setup in wp-admin.
  3. Enable Standard Tools for the built-in read-only starting set.
  4. Run a scan if you want to discover site-specific workflows.
  5. Review the proposed actions and adjust their visibility and execution policies.
  6. Validate the approved catalog, then enable public publishing when ready.
  7. Use the Verify step to confirm the public endpoints are reachable.

Upgrading preserves existing settings, reviewed actions, scan history, and publication state.

FAQ

Does activation immediately expose my site to agents?

No. Public publishing and the browser runtime are disabled by default. An administrator must review and enable them.

Does the plugin send my content or credentials to Open for Agents?

No. The core plugin does not send site content, credentials, scan results, or visitor data to Enoki Limited or Open for Agents. Its normal scans request pages from the WordPress site being scanned. A site developer may separately connect a renderer through a WordPress filter for deep scan; that integration controls its own data handling.

Do I need an AI API key?

No. Scanning, review, validation, publication, discovery endpoints, MCP, and WebMCP runtime support do not require a model API key.

Which integrations are supported?

The scanner includes support for WordPress core surfaces, WooCommerce core, Contact Form 7, and WPForms Lite. It can also inspect selected custom WordPress REST and AJAX surfaces as lower-confidence candidates for administrator review.

Can an agent place an order or make a payment?

No. Checkout, payment, order placement, and account changes are excluded. Transactional browser tools are disabled by default and require administrator opt-in plus trusted, argument-bound visitor-approval attestation.

What is published?

Only the administrator-approved public catalog and enabled discovery formats. Private scan evidence, cookies, credentials, nonces, logs, and admin-only data are not published.

Is there a live demo?

Yes. Visit https://demo.openforagents.com/ to try the hosted WordPress demos.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“Open for Agents: AI Toolkit with MCP” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

0.3.18

  • Remove all production WordPress user-context switching while retaining explicit public publication and content boundaries.
  • Keep private-full CLI exports out of public uploads, require nonces for completion notices, and use the canonical AJAX nonce guard.
  • Apply the full plugin prefix to every dynamic transaction and Standard Tool cache key.

0.3.17

  • Make accepted Deep Scan cancellation terminal across independent PHP workers by using cache-independent per-job leases, generation IDs, revision checks, and database transition boundaries.
  • Publish WordPress’s canonical REST API Link relation in the same combined homepage field as all Open for Agents discovery relations, with truthful diagnostics for both URL and relation.
  • Classify WordPress-toolbar-only WebKit overflow as measured external control evidence while continuing to fail every plugin-owned overflow.

0.3.8

  • Initial WordPress.org release.