Changeset 3480034
- Timestamp:
- 03/11/2026 11:50:26 AM (4 weeks ago)
- Location:
- mescio-for-agents/trunk
- Files:
-
- 4 edited
-
includes/class-agents-txt.php (modified) (1 diff)
-
includes/class-llms-endpoints.php (modified) (1 diff)
-
includes/class-markdown-generator.php (modified) (3 diffs)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
mescio-for-agents/trunk/includes/class-agents-txt.php
r3479326 r3480034 54 54 if ( get_query_var( self::QUERY_VAR, null ) === null ) { 55 55 return; 56 } 57 58 // Rate limiting 59 if ( apply_filters( 'mescio_rate_limit_enabled', true ) ) { 60 Mescio_For_Agents_Rate_Limiter::check( Mescio_For_Agents_Rate_Limiter::GROUP_DEFAULT ); 56 61 } 57 62 -
mescio-for-agents/trunk/includes/class-llms-endpoints.php
r3477777 r3480034 49 49 if ( $variant === null ) { 50 50 return; 51 } 52 53 // Rate limiting 54 if ( apply_filters( 'mescio_rate_limit_enabled', true ) ) { 55 Mescio_For_Agents_Rate_Limiter::check_for_request(); 51 56 } 52 57 -
mescio-for-agents/trunk/includes/class-markdown-generator.php
r3479820 r3480034 330 330 if ( is_array( $acf ) && ! empty( $acf ) ) { 331 331 $flat = self::flatten_acf( $acf ); 332 // Apply sensitive key filter even on ACF label-keyed fields 333 $flat = array_filter( 334 $flat, 335 static fn( $key ) => ! self::key_looks_sensitive( $key ), 336 ARRAY_FILTER_USE_KEY 337 ); 332 338 /** @var array<string,scalar> $flat */ 333 339 return apply_filters( 'mescio_custom_meta', $flat, $post ); … … 358 364 continue; 359 365 } 366 367 // Skip keys whose name suggests sensitive data 368 if ( self::key_looks_sensitive( $key ) ) continue; 360 369 361 370 $raw = $values[0] ?? ''; … … 407 416 408 417 /** 418 * Return true if a meta key name suggests it may contain sensitive data. 419 * 420 * Matches case-insensitively against substrings that commonly appear in 421 * keys holding credentials, PII, or internal tokens. 422 * Developers can bypass this via the mescio_custom_meta filter. 423 */ 424 private static function key_looks_sensitive( string $key ): bool { 425 static $patterns = [ 426 'password', 'passwd', 'pwd', 427 'secret', 'token', 'api_key', 'apikey', 'api_secret', 428 'auth', 'oauth', 'bearer', 'credential', 429 'private', 'private_key', 430 'email', 'mail', 431 'phone', 'mobile', 'tel', 432 'address', 'street', 'postcode', 'zip', 433 'vat', 'fiscal', 'tax_id', 'ssn', 'cf', 434 'credit', 'card', 'iban', 'bic', 435 'birth', 'dob', 436 'ip_addr', 'user_agent', 437 ]; 438 439 $lower = strtolower( $key ); 440 foreach ( $patterns as $pattern ) { 441 if ( str_contains( $lower, $pattern ) ) { 442 return true; 443 } 444 } 445 return false; 446 } 447 448 /** 409 449 * Render a scalar value as an inline YAML value. 410 450 * Booleans → true/false, numerics → unquoted, strings → double-quoted. -
mescio-for-agents/trunk/readme.txt
r3480025 r3480034 133 133 == Changelog == 134 134 135 = 1.6.0 = 136 * Added rate limiting: per-IP request throttling on all endpoints via WordPress transients 137 * `llms-full.txt` limited to 10 req/60s, REST search to 20, other REST to 30, default to 60 138 * Returns 429 Too Many Requests with `Retry-After` header when limit exceeded 139 * Respects Cloudflare, nginx and standard `X-Forwarded-For` proxy headers 140 * Added sensitive meta key filter: fields containing `password`, `token`, `email`, `phone`, `iban` and similar patterns are never exposed in Markdown front matter 141 * Both rate limiting and sensitive key filter are filterable by developers 142 143 = 1.5.0 = 144 * Added automatic custom fields support in Markdown front matter 145 * If ACF is active, uses `get_fields()` with label-keyed, typed values; nested groups and repeaters flattened to dot notation (e.g. `group.field`) 146 * Without ACF, exposes plain post meta — skipping internal keys (`_` prefix), serialized data, JSON blobs and known plugin internals 147 * Added `mescio_custom_meta` filter for developer overrides 148 149 = 1.4.0 = 150 * Added `/agents.txt` endpoint following IETF draft-srijal-agents-policy-00 151 * SHA-256 hash computed automatically from directive content 152 * Configurable directives (path, ALLOW/DISALLOW, optional params) via admin settings 153 * Live preview of generated file with hash in settings page 154 * Default directives: `/ ALLOW`, `/wp-admin DISALLOW`, `/wp-login.php DISALLOW` 155 * Added `/agents.txt` link in Quick Links table 156 157 = 1.3.0 = 158 * Refactored monolith into modular architecture (6 separate class files) 159 * Added REST endpoint `/wp-json/mescio-for-agents/v1/context` — site metadata + llms.txt in JSON for MCP servers 160 * Added REST endpoint `/wp-json/mescio-for-agents/v1/search` — full-text search with Markdown output 161 * Added REST endpoint `/wp-json/mescio-for-agents/v1/page` — page by slug or ID 162 * Added REST endpoint `/wp-json/mescio-for-agents/v1/openapi` — OpenAPI 3.1 schema 163 * Added `llms-full.txt` pagination via `?limit=N&offset=N` with `X-LLMS-Next` header 164 * Improved caching: real `Last-Modified` from content timestamp, `ETag` from body hash, full 304 support 165 * Fixed excess blank lines in Markdown output from Elementor and other page builders 166 * Expanded admin API Examples panel with 8 tabs and copy buttons 167 135 168 = 1.2.0 = 136 169 * Added `/llms.txt` endpoint — auto-generated site index in the llmstxt.org standard format … … 163 196 == Upgrade Notice == 164 197 198 = 1.6.0 = 199 Adds rate limiting and sensitive data protection for custom fields. Recommended for all sites exposed to public AI agents. 200 201 = 1.5.0 = 202 Custom fields and ACF data now automatically included in Markdown front matter. 203 204 = 1.4.0 = 205 Adds /agents.txt endpoint following the IETF draft standard for AI agent access policy. 206 207 = 1.3.0 = 208 Major update: new REST endpoints, pagination, improved caching, and better Markdown output for page builder sites. 209 165 210 = 1.1.0 = 166 211 Adds multilingual support and significantly improved Markdown output quality for page builder sites. Upgrade recommended for all users.
Note: See TracChangeset
for help on using the changeset viewer.