=== Grumpy AI Gate === Contributors: lkoudal, cleverplugins Tags: ai, monitoring, security, admin, privacy Requires at least: 7.0 Tested up to: 7.0 Requires PHP: 7.4 Stable tag: 1.0.2 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Intercept and log AI-related HTTP from plugins/themes; optional AI Client blocking. All data stays on your server. == Description == **Grumpy AI Gate** helps you stay in control as AI features spread across WordPress. It **observes and intercepts** outbound HTTP **that other code on your site already initiates** (plugins, themes, or core)—so you can see **which plugin** was involved, **how much** activity you are seeing (including helpful estimates), and **optionally stop** unwanted **WordPress AI Client** traffic for specific plugins. **This plugin does not** call external AI APIs for its own dashboard, analytics, or licensing. Nothing is sent to us or to a third-party analytics service. **Why use it** * **Visibility** — Dashboard summaries, a per-plugin usage table, and a request log so surprises become visible early. * **Spend awareness** — When other software calls paid APIs, usage adds up. Logging helps you notice patterns before invoices or quotas become a problem. * **Safer sharing** — Knowing what leaves your server makes it easier to decide what belongs in prompts and what does not. * **Optional blocking** — For paths that use WordPress’s AI Client, you can block generations from selected plugins under **Grumpy AI Gate → Settings** (save to apply). **How it works** * When the **WordPress AI Client** is available, the plugin records those requests from core lifecycle hooks (other code still drives the actual generation). * For **HTTP fallback**, Grumpy AI Gate **hooks WordPress’s HTTP API** (for example `pre_http_request`) to **inspect requests that are already in flight**. If a URL matches **built-in recognition rules** for major AI providers, a log row can be stored. **Grumpy AI Gate does not open those connections for its own purposes**—it only filters and classifies traffic **initiated elsewhere** on the site. * **HTTP fallback does not block** outbound API calls in the current release—it is there so you still get visibility when plugins talk to providers **directly over HTTP** instead of (or in addition to) AI Client flows. **Compatibility** The plugin requires **WordPress 7.0+** (matches **Requires at least** in the plugin header). On WordPress **7.x**, it works with **core AI Client** functionality where available. Release testing included **WordPress 7.0 Beta 5**. **HTTP fallback** remains important on every supported version—it records calls to **recognized provider endpoints** that **other plugins** make **directly over HTTP**, which is still common alongside (or instead of) AI Client–based flows. **Privacy** Everything is stored **locally in your WordPress database**. There is no cloud account, no telemetry, and no third-party analytics from this plugin. For technical details on logging, double-counting avoidance, and blocking limits, see the **FAQ** below. == Installation == 1. Upload the plugin folder to `/wp-content/plugins/` or install it from the **Plugins → Add New** screen in your admin. 2. Activate the plugin through the **Plugins** menu. 3. Open **Grumpy AI Gate** in the admin menu. Review the **Dashboard** and **Request log**, then visit **Settings** to turn monitoring options on or off and configure optional per-plugin blocking. == Frequently Asked Questions == = Why monitor AI usage on my site? = Plugins can trigger AI calls in the background—for content, assistants, SEO tools, and more. Logging gives you a clear picture of **which plugin** is active, **how often** requests run, and **where** traffic is going, so you can manage budgets and content thoughtfully. = Will this help me control API costs? = It helps you **see** usage and trends. **Optional blocking** reduces some **WordPress AI Client** traffic for plugins you choose. Outbound **HTTP** calls to provider APIs that **other code** makes are **logged for visibility** in the current release but are **not blocked** here—use provider dashboards, API keys, and quotas for hard spend limits. = Is my data sent to you or a third-party analytics service? = No. Logs and settings stay **on your server** in the WordPress database. This plugin does not add off-site tracking or analytics. = What does blocking actually stop? = Blocking applies to **WordPress AI Client** flows that respect the **`wp_ai_client_prevent_prompt`** filter. You choose plugins under **Grumpy AI Gate → Settings** and save. It is **not** a full firewall for every outbound request. = Does this block all AI traffic? = No. Only **AI Client** traffic for plugins you select under **Grumpy AI Gate → Settings** is blocked (after you save). **HTTP** calls to provider APIs that **other plugins or themes** initiate are **observed and logged** in the current release but **not blocked**. = Will it work if the WordPress AI Client is not available? = Yes. The plugin loads safely. Without the AI Client stack, **HTTP fallback** can still record calls to **recognized provider** endpoints when that option is enabled in **Settings**, as long as **other code** on the site is making those outbound requests. = How are AI Client requests and outbound HTTP logged? = When the WordPress AI Client stack is available, a full generation is one log row from its lifecycle hooks; the matching raw provider HTTP for that same call is skipped so usage is not double-counted. Calls that do not fire those hooks (for example listing models) are still logged and may appear with capability `provider_http`. When **another plugin** talks to a known AI API without going through core AiClient, or when AI Client monitoring is off in settings, those requests are recorded via HTTP fallback instead. = Which URLs does HTTP fallback recognize? = Only built-in provider host/path rules (OpenAI, Anthropic, Google AI / Gemini, xAI, DeepSeek, Mistral, OpenRouter, and local Ollama). See **Grumpy AI Gate → Settings** for the current hostname list. Those patterns exist **only to filter and classify** outbound traffic **initiated by other code**—they are **not** endpoints this plugin contacts for its own operation. = Does blocking stop all AI traffic from a plugin? = Blocking uses WordPress’s **`wp_ai_client_prevent_prompt`** filter: it stops prompt builder flows (support checks and generations) that go through that path. Separate calls such as **listing models** (`/v1/models`) may still run as **provider HTTP** on the AI Client channel and appear as a successful row—that traffic does not go through the same prevent hook. = Can I clear old log data? = Yes. Under **Grumpy AI Gate → Settings**, use the options to clear the request log only, or clear the log and aggregated statistics, as needed. == External services == This plugin **does not** rely on third-party AI APIs, remote analytics, or any external service **for its own features**. All logging and settings stay on your site. **Provider names and URL patterns** included with the plugin are **local matching rules** only. They let Grumpy AI Gate **filter and classify** outbound HTTP requests that **plugins, themes, or WordPress core** may already be sending. They are **not** a list of servers this plugin calls to power the admin UI or to “phone home.” Your site may still contact third-party AI providers when **you or other software** use AI features—that traffic is separate from this plugin’s own network use (which does not include calling those providers for monitoring). == Screenshots == 1. Dashboard with summary cards, top plugins, usage-by-plugin table, providers, and recent activity. 2. Request log for browsing individual AI-related requests. 3. Settings: enable AI Client and HTTP monitoring, retention, provider list, and per-plugin blocking. 4. Help: how monitoring and blocking work, privacy and retention, and restoring the dashboard welcome panel. == Changelog == = 1.0.2 = * Help submenu (Grumpy AI Gate → Help) with documentation on how AI Client and HTTP fallback logging work, what data is stored locally, a shortcut to retention in Settings, and a control to show the dashboard welcome panel again after dismissal. * Dashboard UX: plugin version shown next to the screen title; dismissible welcome panel (per major plugin version) with bullets and a link to Help; admin notices when a block rule is added or cannot be saved; clearer guidance when the WordPress AI Client is unavailable; short descriptions under Top providers and Usage by plugin; footer link to Help. * Block workflow: full-page Confirm block plugin step before adding an AI Client block rule from the dashboard or request log (nonce-protected, with Cancel and a link to Help explaining blocking scope). * Admin presentation: consistent credit line under titles; plugin labels show installed version where available; status rows use color-coded pills for success, blocked, and error states. = 1.0.1 = * Bumped Stable tag and internal version to 1.0.1. Aligned Requires at least with the plugin header (WordPress 7.0). No functional changes from 1.0.0. = 1.0.0 = * Renamed to Grumpy AI Gate (slug grumpy-ai-gate); internal prefix gaig / GAIG. Readme and admin copy clarify interception of outbound HTTP initiated by other code (not the plugin acting as an AI client). Added External services section for WordPress.org reviewers. Local-only logging of AI Client and matching HTTP traffic, dashboard and request log, optional per-plugin blocking for WordPress AI Client flows, retention and clear-data tools. See the FAQ for privacy, blocking scope, and provider matching details.