Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3457513

Timestamp:

02/09/2026 09:59:36 PM (7 weeks ago)

Author:

visiblefirst

Message:

Release 3.2.26 - Security: Move llms.txt prompt to server-side API

Location:

Files:

: 6 edited
: 1 copied

tags/3.2.26 (copied) (copied from visiblefirst/trunk)
tags/3.2.26/includes/class-visibl-llms-generator.php (modified) (3 diffs)
tags/3.2.26/readme.txt (modified) (3 diffs)
tags/3.2.26/visiblefirst.php (modified) (2 diffs)
trunk/includes/class-visibl-llms-generator.php (modified) (3 diffs)
trunk/readme.txt (modified) (3 diffs)
trunk/visiblefirst.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

visiblefirst/tags/3.2.26/includes/class-visibl-llms-generator.php

-                      r3457500
+                      r3457513
+    }
     /**
      * Phase 2: AI Enhancement
+     *
+     * Send crawl data to Claude API for llms.txt generation
+     * Send crawl data to server API for llms.txt generation
+     * NOTE: System prompt is server-side - we only send crawl data
+     *
      * @param array $crawl_data Output from Phase 1
 …
      */
     public static function generate_with_ai($crawl_data) {
-        // Build the system prompt
-        $system_prompt = self::get_system_prompt();
         // Truncate crawl data to fit within token limits
         $truncated_data = self::truncate_crawl_data($crawl_data);
+        // Build the user message with crawl data
+        $user_message = "Here is the crawl data for {$truncated_data['site_url']}:\n\n" .
+                        json_encode($truncated_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
+        // Call Claude API via VF AI Gateway
+        $response = Visibl_AI::complete([
+            'system' => $system_prompt,
+            'prompt' => $user_message,
+            'task' => 'llms_txt_generation',
+        // Build the crawl data JSON
+        $crawl_json = json_encode($truncated_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
+        // Call server-side llms-generate endpoint (prompt is server-side)
+        $api_key = Visibl_AI::get_effective_api_key();
+        $request_body = [
+            'crawl_data' => $crawl_json,
+            'site_url' => home_url(),
+            'site_name' => get_bloginfo('name'),
+            'site_id' => Visibl_Licensing::get_site_id(),
             'model' => 'claude-sonnet',
+            'temperature' => 0,
+            'max_tokens' => 2500,
+            'max_tokens' => 4000,
+        ];
+        $response = wp_remote_post(VISIBL_API_BASE . '/ai/llms-generate', [
+            'headers' => [
+                'Content-Type' => 'application/json',
+                'X-API-Key' => $api_key,
+                'X-Site-Domain' => wp_parse_url(home_url(), PHP_URL_HOST),
+            ],
+            'body' => wp_json_encode($request_body),
+            'timeout' => 90,
         ]);
         if (is_wp_error($response)) {
+            return $response;
+        }
+        $content = $response['content'] ?? '';
+            return new WP_Error('api_error', __('Could not connect to VisibleFirst API.', 'visiblefirst'));
+        }
+        $status_code = wp_remote_retrieve_response_code($response);
+        $body = json_decode(wp_remote_retrieve_body($response), true);
+        if ($status_code !== 200 || empty($body['success'])) {
+            $error_message = $body['message'] ?? __('Generation failed', 'visiblefirst');
+            return new WP_Error('generation_failed', $error_message);
+        }
+        $content = $body['content'] ?? '';
         if (empty($content)) {
 …
+    }
-    /**
-     * Get the system prompt for Claude
-     */
-    private static function get_system_prompt() {
-        $prompt = 'You are an expert at writing llms.txt files that help AI assistants understand and recommend businesses.' . "\n\n";
-        $prompt .= 'You will receive structured data about a website. Generate a complete llms.txt file following the llms.txt specification.' . "\n\n";
-        $prompt .= 'RULES:' . "\n";
-        $prompt .= '1. ONLY use information from the provided data. Never invent or assume.' . "\n";
-        $prompt .= '2. If data is missing, use [PLACEHOLDER: describe what\'s needed] so the user can fill it in.' . "\n";
-        $prompt .= '3. The description should answer: "If someone asked an AI to recommend a business like this, what would the AI need to know to recommend THIS one specifically?"' . "\n";
-        $prompt .= '4. Include differentiators, not category descriptions.' . "\n";
-        $prompt .= '   BAD: "A restaurant in Austin"' . "\n";
-        $prompt .= '   GOOD: "Family-owned Tex-Mex restaurant in Austin\'s East Side known for breakfast tacos and house-made salsas since 2015"' . "\n";
-        $prompt .= '5. Every page listed must use the EXACT path from the crawl data.' . "\n";
-        $prompt .= '6. Group pages logically (Core, Services/Products, Resources, Legal).' . "\n";
-        $prompt .= '7. Include a "Recommended Queries" section — example questions a user might ask an AI where this business should appear in the answer.' . "\n\n";
-        $prompt .= 'OUTPUT FORMAT (follow exactly):' . "\n";
-        $prompt .= '---' . "\n";
-        $prompt .= '# {Business Name}' . "\n\n";
-        $prompt .= '## About' . "\n";
-        $prompt .= '{2-3 sentence description that is SPECIFIC enough to differentiate this business from every competitor. Include: what they do, who they serve, where they operate, and what makes them different.}' . "\n\n";
-        $prompt .= '## Specialties' . "\n";
-        $prompt .= '{Bullet list of specific services/products/expertise areas}' . "\n\n";
-        $prompt .= '## Key Facts' . "\n";
-        $prompt .= '- Founded: {year or [PLACEHOLDER: founding year]}' . "\n";
-        $prompt .= '- Location: {city, state or [PLACEHOLDER: location]}' . "\n";
-        $prompt .= '- Service Area: {local/regional/national/global}' . "\n";
-        $prompt .= '- Industry: {specific industry}' . "\n\n";
-        $prompt .= '## Key Pages' . "\n\n";
-        $prompt .= '### Core' . "\n";
-        $prompt .= '{Main pages with path and description - only include pages that exist in crawl data}' . "\n\n";
-        $prompt .= '### Services/Products' . "\n";
-        $prompt .= '{Service and product pages with descriptions}' . "\n\n";
-        $prompt .= '### Resources' . "\n";
-        $prompt .= '{Blog, guides, tools - include category pages if they have content}' . "\n\n";
-        $prompt .= '### Legal' . "\n";
-        $prompt .= '{Privacy, terms, etc. if they exist}' . "\n\n";
-        $prompt .= '## Recommended Queries' . "\n";
-        $prompt .= '{5-8 example questions where this business should be recommended. Make them natural questions a person would ask an AI.}' . "\n\n";
-        $prompt .= '## Contact' . "\n";
-        $prompt .= '{All contact methods available in the data}' . "\n";
-        $prompt .= '---' . "\n\n";
-        $prompt .= 'IMPORTANT:' . "\n";
-        $prompt .= '- Only output the llms.txt content. No explanation, no markdown code blocks.' . "\n";
-        $prompt .= '- Start directly with # {Business Name}' . "\n";
-        $prompt .= '- Use exact paths from the pages array in the crawl data' . "\n";
-        $prompt .= '- If a section would be empty, include it with [PLACEHOLDER: description of what\'s needed]';
-        return $prompt;
+    }
     /**

visiblefirst/tags/3.2.26/readme.txt

-                      r3457500
+                      r3457513
 Tested up to: 6.9
 Requires PHP: 7.4
 Stable tag: 3.2.25
+Stable tag: 3.2.26
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+= 3.2.26 =
+* SECURITY: Moved llms.txt generation prompt to server-side API
+* Prompts and API keys are no longer exposed in client plugin
 = 3.2.25 =
 * FIX: llms.txt generation now handles large sites by truncating crawl data to fit API token limits
 …
 == Upgrade Notice ==
+= 3.2.26 =
+Security improvement: AI prompts now handled server-side.
 = 3.2.25 =
 Fixes llms.txt generation errors on large sites.

visiblefirst/tags/3.2.26/visiblefirst.php

-                      r3457500
+                      r3457513
  * Plugin Name: VisibleFirst
  * Description: AI + SEO + Social visibility in one plugin. Complete visibility optimization for WordPress.
  * Version: 3.2.25
+ * Version: 3.2.26
  * Author: VisibleFirst
  * Author URI: https://visiblefirst.com
 …
 // Plugin constants
 define('VISIBL_VERSION', '3.2.25');
+define('VISIBL_VERSION', '3.2.26');
 define('VISIBL_PLUGIN_DIR', plugin_dir_path(__FILE__));
 define('VISIBL_PLUGIN_URL', plugin_dir_url(__FILE__));

visiblefirst/trunk/includes/class-visibl-llms-generator.php

-                      r3457500
+                      r3457513
+    }
     /**
      * Phase 2: AI Enhancement
+     *
+     * Send crawl data to Claude API for llms.txt generation
+     * Send crawl data to server API for llms.txt generation
+     * NOTE: System prompt is server-side - we only send crawl data
+     *
      * @param array $crawl_data Output from Phase 1
 …
      */
     public static function generate_with_ai($crawl_data) {
-        // Build the system prompt
-        $system_prompt = self::get_system_prompt();
         // Truncate crawl data to fit within token limits
         $truncated_data = self::truncate_crawl_data($crawl_data);
+        // Build the user message with crawl data
+        $user_message = "Here is the crawl data for {$truncated_data['site_url']}:\n\n" .
+                        json_encode($truncated_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
+        // Call Claude API via VF AI Gateway
+        $response = Visibl_AI::complete([
+            'system' => $system_prompt,
+            'prompt' => $user_message,
+            'task' => 'llms_txt_generation',
+        // Build the crawl data JSON
+        $crawl_json = json_encode($truncated_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
+        // Call server-side llms-generate endpoint (prompt is server-side)
+        $api_key = Visibl_AI::get_effective_api_key();
+        $request_body = [
+            'crawl_data' => $crawl_json,
+            'site_url' => home_url(),
+            'site_name' => get_bloginfo('name'),
+            'site_id' => Visibl_Licensing::get_site_id(),
             'model' => 'claude-sonnet',
+            'temperature' => 0,
+            'max_tokens' => 2500,
+            'max_tokens' => 4000,
+        ];
+        $response = wp_remote_post(VISIBL_API_BASE . '/ai/llms-generate', [
+            'headers' => [
+                'Content-Type' => 'application/json',
+                'X-API-Key' => $api_key,
+                'X-Site-Domain' => wp_parse_url(home_url(), PHP_URL_HOST),
+            ],
+            'body' => wp_json_encode($request_body),
+            'timeout' => 90,
         ]);
         if (is_wp_error($response)) {
+            return $response;
+        }
+        $content = $response['content'] ?? '';
+            return new WP_Error('api_error', __('Could not connect to VisibleFirst API.', 'visiblefirst'));
+        }
+        $status_code = wp_remote_retrieve_response_code($response);
+        $body = json_decode(wp_remote_retrieve_body($response), true);
+        if ($status_code !== 200 || empty($body['success'])) {
+            $error_message = $body['message'] ?? __('Generation failed', 'visiblefirst');
+            return new WP_Error('generation_failed', $error_message);
+        }
+        $content = $body['content'] ?? '';
         if (empty($content)) {
 …
+    }
-    /**
-     * Get the system prompt for Claude
-     */
-    private static function get_system_prompt() {
-        $prompt = 'You are an expert at writing llms.txt files that help AI assistants understand and recommend businesses.' . "\n\n";
-        $prompt .= 'You will receive structured data about a website. Generate a complete llms.txt file following the llms.txt specification.' . "\n\n";
-        $prompt .= 'RULES:' . "\n";
-        $prompt .= '1. ONLY use information from the provided data. Never invent or assume.' . "\n";
-        $prompt .= '2. If data is missing, use [PLACEHOLDER: describe what\'s needed] so the user can fill it in.' . "\n";
-        $prompt .= '3. The description should answer: "If someone asked an AI to recommend a business like this, what would the AI need to know to recommend THIS one specifically?"' . "\n";
-        $prompt .= '4. Include differentiators, not category descriptions.' . "\n";
-        $prompt .= '   BAD: "A restaurant in Austin"' . "\n";
-        $prompt .= '   GOOD: "Family-owned Tex-Mex restaurant in Austin\'s East Side known for breakfast tacos and house-made salsas since 2015"' . "\n";
-        $prompt .= '5. Every page listed must use the EXACT path from the crawl data.' . "\n";
-        $prompt .= '6. Group pages logically (Core, Services/Products, Resources, Legal).' . "\n";
-        $prompt .= '7. Include a "Recommended Queries" section — example questions a user might ask an AI where this business should appear in the answer.' . "\n\n";
-        $prompt .= 'OUTPUT FORMAT (follow exactly):' . "\n";
-        $prompt .= '---' . "\n";
-        $prompt .= '# {Business Name}' . "\n\n";
-        $prompt .= '## About' . "\n";
-        $prompt .= '{2-3 sentence description that is SPECIFIC enough to differentiate this business from every competitor. Include: what they do, who they serve, where they operate, and what makes them different.}' . "\n\n";
-        $prompt .= '## Specialties' . "\n";
-        $prompt .= '{Bullet list of specific services/products/expertise areas}' . "\n\n";
-        $prompt .= '## Key Facts' . "\n";
-        $prompt .= '- Founded: {year or [PLACEHOLDER: founding year]}' . "\n";
-        $prompt .= '- Location: {city, state or [PLACEHOLDER: location]}' . "\n";
-        $prompt .= '- Service Area: {local/regional/national/global}' . "\n";
-        $prompt .= '- Industry: {specific industry}' . "\n\n";
-        $prompt .= '## Key Pages' . "\n\n";
-        $prompt .= '### Core' . "\n";
-        $prompt .= '{Main pages with path and description - only include pages that exist in crawl data}' . "\n\n";
-        $prompt .= '### Services/Products' . "\n";
-        $prompt .= '{Service and product pages with descriptions}' . "\n\n";
-        $prompt .= '### Resources' . "\n";
-        $prompt .= '{Blog, guides, tools - include category pages if they have content}' . "\n\n";
-        $prompt .= '### Legal' . "\n";
-        $prompt .= '{Privacy, terms, etc. if they exist}' . "\n\n";
-        $prompt .= '## Recommended Queries' . "\n";
-        $prompt .= '{5-8 example questions where this business should be recommended. Make them natural questions a person would ask an AI.}' . "\n\n";
-        $prompt .= '## Contact' . "\n";
-        $prompt .= '{All contact methods available in the data}' . "\n";
-        $prompt .= '---' . "\n\n";
-        $prompt .= 'IMPORTANT:' . "\n";
-        $prompt .= '- Only output the llms.txt content. No explanation, no markdown code blocks.' . "\n";
-        $prompt .= '- Start directly with # {Business Name}' . "\n";
-        $prompt .= '- Use exact paths from the pages array in the crawl data' . "\n";
-        $prompt .= '- If a section would be empty, include it with [PLACEHOLDER: description of what\'s needed]';
-        return $prompt;
+    }
     /**

visiblefirst/trunk/readme.txt

-                      r3457500
+                      r3457513
 Tested up to: 6.9
 Requires PHP: 7.4
 Stable tag: 3.2.25
+Stable tag: 3.2.26
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+= 3.2.26 =
+* SECURITY: Moved llms.txt generation prompt to server-side API
+* Prompts and API keys are no longer exposed in client plugin
 = 3.2.25 =
 * FIX: llms.txt generation now handles large sites by truncating crawl data to fit API token limits
 …
 == Upgrade Notice ==
+= 3.2.26 =
+Security improvement: AI prompts now handled server-side.
 = 3.2.25 =
 Fixes llms.txt generation errors on large sites.

visiblefirst/trunk/visiblefirst.php

-                      r3457500
+                      r3457513
  * Plugin Name: VisibleFirst
  * Description: AI + SEO + Social visibility in one plugin. Complete visibility optimization for WordPress.
  * Version: 3.2.25
+ * Version: 3.2.26
  * Author: VisibleFirst
  * Author URI: https://visiblefirst.com
 …
 // Plugin constants
 define('VISIBL_VERSION', '3.2.25');
+define('VISIBL_VERSION', '3.2.26');
 define('VISIBL_PLUGIN_DIR', plugin_dir_path(__FILE__));
 define('VISIBL_PLUGIN_URL', plugin_dir_url(__FILE__));

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: