=== miniOrange Secure MCP Server ===
Contributors: cyberlord92
Tags: governance, abilities, mcp, ai, abilities-api
Requires at least: 6.9
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.0
License: Expat
License URI: https://plugins.miniorange.com/mit-license

AI governance for WordPress. This first version lists every AI ability registered on your site so you can see what AI can access.

== Description ==

miniOrange Secure MCP Server helps WordPress administrators with AI governance and policy enforcement: understanding, and ultimately controlling, what AI assistants and MCP clients are allowed to do on their site.

Effective AI governance starts with visibility. The WordPress Abilities API (available in WordPress 6.9 and later) lets plugins and WordPress core expose discrete, machine-callable capabilities — for example: get site info, create a post, or generate a summary — that AI assistants, the Command Palette, and MCP clients can invoke. As more plugins register abilities, administrators need to know exactly what is exposed on their site before they can govern it.

**What this version does**

This first release is focused on that first step: visibility. It adds a single admin screen that gives you a complete, read-only inventory of every AI ability registered on your site, so you can review what is available at a glance.

For every ability, the viewer shows:

* The fully qualified ability name (namespace and slug).
* Its human-readable label and description.
* The ability category it belongs to.
* Its source namespace (the prefix before the slash), indicating where the ability comes from.
* The full input and output JSON schema, in a collapsible panel.

This version is a viewer only. It does not register abilities, execute abilities, enforce policies, change any settings, store any data, or send anything to an external server. It simply lists what is already registered on your site.

== Installation ==

1. Upload the plugin files to the `/wp-content/plugins/miniorange-secure-mcp-server` directory, or install the plugin through the WordPress plugins screen directly.
2. Activate the plugin through the "Plugins" screen in WordPress.
3. Open the "Secure MCP Server" menu item in the WordPress admin to view the abilities registered on your site.

== Frequently Asked Questions ==

= Does this plugin require a specific WordPress version? =

Yes. It requires WordPress 6.9 or higher, because the WordPress Abilities API was introduced in that release. On older versions the plugin shows a notice instead of the abilities list.

= Does this plugin store any data or contact external servers? =

No. The viewer reads the abilities already registered on your site and displays them. It saves no options, creates no database tables, and makes no external requests.

= Why does the "Source" column show a namespace instead of a plugin name? =

The Abilities API does not record which plugin registered a given ability. The namespace prefix (the part before the slash in the ability name) is the most reliable indicator of where an ability comes from, so that is what the viewer displays.

== Screenshots ==

1. The Registered Abilities screen, listing each ability with its category and source, and a collapsible panel for the input and output JSON schema.

== Changelog ==

= 1.0.0 =
* Initial release: read-only viewer for abilities registered through the WordPress Abilities API.

== Upgrade Notice ==

= 1.0.0 =
Initial release. No upgrade steps required.
