LolaCore – AI Admin Agent

Running WordPress once is easy. Running it every day is what wears you down: a separate screen for everything, a browser full of tabs, the same clicks every week, and the reason you made a change gone the moment you close the session. That daily grind has a name. It is admin fatigue, and it is the real cost of running a site. It hits hardest in a WooCommerce store, where every order, refund, and stock update stacks one more screen between you and the work. But any WordPress admin who runs real sites knows the feeling. I know it because I ran a WooCommerce store for ten years, and what burned me out was never the selling. It was the admin. LolaCore is where that stops. Lola is an AI agent that lives inside your wp-admin. You tell her what you need in plain words, she does the admin work, and she shows you exactly what she is about to change before anything happens. No new dashboard. No external tool to keep running. She works where you already work. And she remembers. Every other AI tool forgets the moment you close the tab. Lola keeps what she learns about your site across sessions, built natively on the WordPress 7.0 AI Client and the new Abilities API, so you never explain your setup twice. What Lola is NOT Lola is not a content generator. She doesn't write blog posts, invent marketing copy, or hallucinate data she doesn't have. She doesn't browse the web, scrape pages, or fetch arbitrary URLs. She doesn't touch your theme files or edit core PHP. The one exception is Plugin Builder, where she generates custom plugins for your site that you own and iterate in chat. Lola is a site admin who happens to be an AI. She reads real data from your WordPress database, reasons about it, and executes real actions, with your explicit approval, every single time. If you want an AI that writes articles for you, this is the wrong plugin. If you want an AI that actually knows your site and manages it through conversation, keep reading. For the complete picture (memory mechanics, ability reference, prompt library, and configuration walkthrough), see the full documentation. Persistent memory This is the part that changes how you work. Lola remembers facts across sessions. Plugin conflicts, security findings, your preferences, decisions you've made. All stored locally in your WordPress database. Her memory works the way human memory works: recent and important findings stay sharp, trivial details from months ago fade out, and critical facts you pin or mark as high importance decay much slower and stay in context longer. When you start a new conversation, Lola already knows what happened last time. You don't re-explain your stack. You don't repeat what was decided last month. You pick up the thread. How decay, boosting, and export/import work under the hood: persistent memory guide. 66 abilities. 9 domains. One chat. Lola ships with 66 built-in abilities split across 9 functional domains: Site diagnostics (4 abilities). WordPress version, PHP status, HTTPS, database size, permalink structure, security headers, SEO audit, debug mode detection. Lola tells you what's broken before your client does. Plugins (6 abilities). Search WordPress.org, install, activate, deactivate, update one or all at once. "Update all plugins" is one sentence. No clicking through 14 update screens. Plugin Builder (9 abilities). Describe a custom plugin for your site in chat. Lola reads your site structure first, co-designs a short plan with you, then generates three standard files (PHP, JS, CSS) in the background with internal safety checks and an AI code review. The first delivery is a working MVP you refine through chat. Save it to your Built Plugins library, test it in WordPress Playground (WooCommerce and demo products when needed), attest that it works, and only then install it on your live site. Still inactive until you choose to activate. Content & metadata (7 abilities). Create pages, edit posts, change status, update slugs, read and write post meta. "Create a draft page called Services with this text." Done. "Change the SEO title of post 42." Done. Works with Yoast, RankMath, and any plugin that stores data in post meta. Users (4 abilities). Create accounts, change roles, remove users with automatic content reassignment. The kind of admin task that takes 6 clicks, solved in one sentence. Database & cache (3 abilities). Clean post revisions, expired transients, orphaned postmeta, and spam comments. The cleanup WordPress never does for you. Taxonomies & media (7 abilities). Read and manage categories, tags, comments, and media files across the board. Every write action requires your confirmation first. Themes & settings (13 abilities). Search, install, update, and delete themes. Read and write site options. Manage navigation menus. Switch themes with safety warnings. Review cron jobs and remove orphaned entries. Full lifecycle management for everything outside content and plugins. WooCommerce (13 abilities). If WooCommerce is active, Lola detects it automatically. 13 of her 66 abilities are dedicated WooCommerce tools:

• List and inspect products with price, stock, SKU, and status
• Get full order details: line items, billing, shipping, payment method
• View customer history: total spent, order count, registration date
• Browse product categories with hierarchy and product counts
• Manage coupons: create, edit, delete with discount type, limits, and expiration
• Sales reports: total revenue, net sales, taxes, items sold, and top 5 products for any period
• Create products, update prices, change order status, all from the chat

"How much revenue did we do this week?" Lola pulls the number from your actual WooCommerce data. No dashboard required. Full breakdown of every ability with domain details: ability reference. Full WooCommerce tool reference with examples: WooCommerce abilities. How Lola stays safe Your data never touches our servers. There are no LolaCore servers. No telemetry. No analytics. No "anonymous usage data." Your conversations go from your hosting to your AI provider. That's it. Nothing happens without your approval. Every write action (every plugin update, every post edit, every database cleanup) shows a preview card with exactly what Lola is about to do. You confirm or cancel. Scheduled maintenance (memory decay, log retention) and Plugin Builder generation run in the background only after you start them or approve the underlying action. No surprise writes. Every change is logged. Before/after snapshots for every action executed. If something goes wrong, you know exactly what changed and when. Admin-only by design. Lola only appears for users with full administrator capabilities. No accidental exposure to editors, authors, or subscribers. Any model, your choice Lola works natively with whatever AI provider you configure in your WordPress 7.0 settings. You are never locked into a single ecosystem. We highly recommend these agentic models for optimal performance:

• OpenAI: GPT-5.5, GPT-5.5 Pro
• DeepSeek: DeepSeek V4 Pro, DeepSeek V4 Flash
• Anthropic: Claude 4.6 Sonnet, Claude Opus 4.7

Because Lola relies on the native WordPress connector, you can also use Gemini, Grok, local models via Ollama, or route through OpenRouter to models that support function calling. You pay your provider directly. LolaCore doesn't charge per token and doesn't add a markup. The conversation goes from your WordPress server directly to your configured AI provider. Nobody else sees it. Step-by-step setup for providers: connecting your AI provider. Native to WordPress 7.0 LolaCore runs entirely on the native WordPress AI Client and Abilities API introduced in WordPress 7.0. No external HTTP libraries. No custom credential vaults maintained by one developer. A minimal bundled vendor/ folder ships only what WordPress.org distribution requires (MCP adapter and Jetpack autoloader), not a heavy dependency tree. When WordPress updates its AI infrastructure, LolaCore updates with it. That's why we require WordPress 7.0, and that's why the plugin stays lean and current. Lola's lane A tool that does everything does nothing well. Lola is built narrow on purpose.

• She doesn't edit theme files, core, or server config. Plugin Builder is the one exception: Lola generates custom plugins (PHP, JS, CSS) for your site that you own and can iterate in chat.
• She doesn't see your frontend. Lola lives inside wp-admin.
• She works on one site at a time. Multi-site management is on the roadmap.

Why these boundaries exist and what's on the roadmap: what Lola cannot do. Skills: teach Lola new behaviors Skills are short behavioral guides written in plain Markdown. When a conversation matches certain triggers, the relevant skill loads, shaping how Lola approaches the task without granting new abilities or data access. LolaCore ships with 14 built-in skills (10 general plus 4 for Plugin Builder), active by default. You can also create your own: write a Markdown file with YAML frontmatter, import it through the settings panel, or ask Lola to build one for you directly in the chat. Skills are Lola's judgment layer. Abilities define what she can do. Skills define how she thinks about doing it. How skills work, trigger conditions, and the custom skills beta: skills guide. Don't know what to say? Start here. Lola understands natural language. No commands, no syntax. But if you want a head start, here are six prompts you can copy and paste right now:

"Give me a quick briefing on the site. Anything that needs attention today." "Run a complete security audit. Tell me what actually needs attention, not just a checklist." "Update all plugins except Elementor and [plugin name]. Show me the list first." "How much have we sold this week? Compare it to last week." "Check the database and tell me what's worth cleaning up." "Remember that [important fact about your site or client preference]."

These six cover diagnostics, security, plugins, WooCommerce, database, and memory. There are 42 more in the complete library: daily check-ins, content workflows, and multi-step session combos. prompt library.

1. Upload the lolacore folder to /wp-content/plugins/ or install via the WordPress plugin screen.
2. Activate the plugin through the "Plugins" screen in WordPress.
3. Configure your AI provider through WordPress's built-in AI settings (Settings → AI).
4. Open the floating chat widget in your admin dashboard.
5. Start managing your site through conversation.

Requirements

• WordPress 7.0 or higher
• PHP 8.0 or higher
• MySQL 5.7+ or MariaDB 10.3+ (JSON column support required)
• An AI provider configured through WordPress's AI Client settings
• WooCommerce 8.0+ (optional, for store management abilities)

Detailed setup instructions and first-conversation tips: getting started guide.

1.8.4

• Docs: Rewrote the readme to explain more clearly what LolaCore does and the problem it solves (admin fatigue). No functional changes to the plugin.

1.8.3

• Fix: Improved compatibility with hosting security plugins and firewalls. Chat messages are now sent as plain text, which prevents some security suites from blocking WordPress REST API requests on affected hosts — an issue that could interfere with Application Password management and MCP connections.
• Improvement: When a hosting firewall blocks a chat message, Lola now explains what happened and what to do, instead of showing a generic connection error.

1.8.2

• Fix: Free bridge addons (e.g. LolaCore for ACF, LolaCore for Elementor) now show a green FREE ADDON badge in the What Lola Can Do ability panel, matching the premium addon label treatment.

1.8.1

• Fix: Chat now accepts HTML and JavaScript code snippets (e.g. WPCode tracking scripts with <script> tags). Messages are no longer stripped by over-aggressive sanitization, and code payloads are base64-encoded in transit so hosting WAF rules do not block admin-ajax requests.

1.8.0

• Feature: Guided onboarding. First-time setup includes a site scan and initial report; returning users without an AI provider see a continuity state with clear next steps; connecting a provider triggers a one-time welcome grounded in scan data.
• Feature: Spanish (Spain) translation for wp-admin settings, the chat widget, ability labels, and user-facing messages (es_ES; other locales fall back to English).
• Improvement: Settings UI reorganized for a clearer overview of Lola's capabilities and optional extensions.
• Improvement: Admin navigation — dedicated Addons screen under the Lola menu and a shortcut from the Plugins list row. The screen lists available addons, including the free LolaCore for Elementor (91 abilities), and explains how cross-domain memory works.
• Improvement: Admin notice when WordPress is below the recommended version (7.0).
• Security: Hardened the chat confirmation card against malicious markup in action parameters (output escaping).
• Security: Chat sessions are now bound to the admin who created them, so a session cannot be read or continued by another user.
• Security: Expanded the protected-options list so role, plugin/theme activation, mail server, and upload-path settings cannot be changed through the generic option editor.

1.7.2

• Improvement: Plugin Builder additional pre-delivery safety checks. Block generated plugins missing direct-access guards (ABSPATH) or using forbidden functions (eval, shell_exec, and similar) before they reach your library.
• Improvement: Runtime load test validates the same normalized PHP used for install and Playground, and bootstraps declared dependencies (e.g. WooCommerce admin bases) when possible.
• Improvement: Delivery cards and the Built Plugins library show Load test (Passed / Skipped / Failed) separately from the Code review score, so the percentage is not mistaken for activation safety.
• Improvement: Safety findings and load-test status are stored on each built plugin entry for library diagnostics.

1.7.1

• Fix: Remove development-only CLI repro scripts from the WordPress.org distribution package (they remain in the source repo for local debugging). Packaging-only release, no functional changes.

1.7.0

• Feature: Plugin Builder. Describe a custom plugin for your site in chat; Lola reads site render context, co-designs an optional approved mini-plan with you, generates a standard three-file WordPress plugin (PHP, JS, CSS) in a background worker with progress in chat, and saves it to the Built Plugins library under Lola in wp-admin. Delivery cards explain the MVP iteration loop (you as architect, Lola as engineer).
• Feature: Nine Plugin Builder abilities: getSiteRenderContext, createPlugin, updatePluginCode, listBuiltPlugins, getBuiltPluginDetails, getInstalledPluginState, testPluginPlayground, installPluginLocal, and deleteBuiltPlugin.
• Feature: Built Plugins admin library: version, install status, Try in Playground, Install, review note and suggestions, and a read-only code viewer (PHP / JS / CSS tabs) on each entry.
• Feature: WordPress Playground testing. One-click disposable WordPress instance with your generated plugin installed and activated; when the plugin needs WooCommerce, the blueprint installs WooCommerce, skips onboarding, creates shop pages, and seeds demo products so cart and storefront behavior can be tested safely.
• Feature: Playground gate. Local install stays blocked until you attest Playground testing for the current library version.
• Feature: Local install. Copy built plugins into wp-content/plugins/ with PHP syntax validation and optional backup advisory on dry run; plugins stay inactive until you explicitly activate them (LolaCore modal with optional Activate now or open the Plugins screen).
• Feature: Chat artifact cards for async build progress, delivery preview, Playground links, and post-save success (no extra slow LLM round-trip for Playground URLs).
• Feature: Failed-build recovery. When generation cannot pass internal safety checks, the chat card offers Try again and preserves the last artifact for fix-mode retries.
• Feature: Automatic post revisions for each plugin update so you can roll back from the library entry.
• Feature: Internal quality pipeline. PHP syntax lint, deterministic fatal-safety rules (e.g. unknown parent classes at file scope), runtime load validation when possible, AI code review, and up to two automatic retries before delivery fails.
• Feature: Four built-in skills for plugin craft, Playground blueprints, security baseline, and plugin review methodology when you build, test, or debug generated plugins.
• Improvement: Plugin generation sends site context to the AI (active theme, plugins, block vs classic integration signals, and WooCommerce free-shipping minimum when configured) so store-specific defaults are more realistic.
• Improvement: Router debug logging is concise under WP_DEBUG (ability counts by category instead of dumping every tool name).
• Fix: Daily WP-Cron maintenance hooks (lolacore_daily_decay, lolacore_log_cleanup) now execute their handlers. Memory facts decay and archive on schedule, and action log entries older than Log Retention Days in Settings are purged automatically.

1.6.3

• Fix: Database optimization (optimizeDatabase) now processes revisions, spam comments, orphaned postmeta, and expired transients in safe batches of 1,000 rows, preventing timeouts and table locks on large databases with 100k+ revisions.
• Fix: Database optimization now verifies each batch for errors and stops safely on failure, reporting exactly what was cleaned and what remains.
• Improvement: Database optimization now reports actual space recovered (MB) instead of a hardcoded zero.
• Improvement: A time guard stops the cleanup at 80% of max_execution_time and reports partial progress. The user can run it again to continue where it left off.
• Improvement: Orphaned wp_postmeta rows (left behind by deleted revisions) are now cleaned automatically.
• Improvement: Expired transients are now included in the database cleanup.

1.6.2

• Fix: Gemini compatibility. Empty tool-call arguments now serialize as {} instead of [], preventing HTTP 400 errors when replaying chat history or calling no-parameter tools like optimizeDatabase.
• Fix: Gemini empty responses. When the intent router injected the full toolset (130+ declarations), Gemini returned candidates without content parts. Google provider requests now cap function declarations and use a discover-first toolset (getSiteStatus, getDiscoveredAbilities, requestFullToolset, addMemoryFact).
• Improvement: Google free-tier quota. The semantic intent classifier LLM call is skipped for Gemini to reduce API requests per message; quota and rate-limit errors now show a clear user-facing message instead of a generic server configuration warning.

1.6.1

• Fix: Resolved a critical issue where LolaCore's global MCP filters inadvertently blocked third-party standalone MCP servers (like lolacore-for-elementor) from discovering and executing their tools. Global tool filters are now strictly scoped to the LolaCore server ID.
• Fix: Prevented a JSON schema validation error ("action_id is a required property") by correctly formatting raw external tool responses (e.g. from Elementor) into the standard LolaCore action shape via ActionExecutor.
• Fix: Silenced a PHP 8.1 deprecation warning in the vendorized MCP adapter (McpObservabilityHelperTrait) that could corrupt JSON payloads when WP_DEBUG was active.

1.6.0

• Feature: Zero-Config MCP Server. LolaCore now natively bundles the Model Context Protocol (MCP) Adapter. You no longer need to install or configure external plugins to connect Lola to your IDE.
• Feature: Full IDE Parity. Lola now lives inside Cursor, Windsurf, and Claude Desktop with the exact same 52 capabilities she has in the Web Chat. The tools you enable and the domains you configure in wp-admin are instantly and perfectly mirrored in your IDE.
• Feature: Cross-Environment Persistent Memory. What Lola learns in your IDE, she remembers in the Web Chat. What you tell her in the Web Chat, she applies in Cursor. One agent, one memory bank, accessible through any interface you choose to work in.
• Improvement: Dynamic Tool Syncing. The MCP bridge now dynamically reads your exact active toolset and categories from your LolaCore panel in real time.

1.5.0

• Feature: Theme management. 5 new abilities (searchThemes, installTheme, updateTheme, bulkUpdateThemes, deleteTheme) bring themes to full parity with the existing plugin lifecycle. Lola can now discover themes on WordPress.org, install, update one or many, and safely delete (active theme and parents of active child themes are protected).
• UX Fix: When approved actions succeed but the follow-up summary call to the AI provider fails, the chat now confirms the actions ran instead of showing a misleading "I couldn't get a response" error. Users keep visibility into what executed.
• UX Fix: Tool confirmation cards are now idempotent on the client. A second submission of the same action_id (rare reload-and-reclick scenarios, accessibility tools firing duplicate events) is silently ignored, preventing the spurious "That confirmation has expired" message after a successful execution.

1.4.1

• Fix: Resolved a critical "Bad Request (400)" error triggered by orphan tool_call_ids during multi-tool execution (e.g. bulk plugin updates). The root cause was non-deterministic message ordering. MySQL's 1-second datetime resolution caused tool responses to appear out of sequence when multiple tools executed within the same second.
• Fix: Message history query now uses the auto-increment primary key for ordering instead of the datetime column, guaranteeing insertion-order fidelity regardless of timestamp collisions.
• Fix: The history sanitizer now detects and drops stale tool messages that reference tool_call_ids never declared by any assistant message in the session.
• Improvement: Added a defense-in-depth architecture for tool_call/tool_response pairing with four validation layers: deterministic DB ordering, history sanitizer with per-ID logging, post-sanitization assertion, and an HTTP-layer safety net that patches orphans in the final API request body.
• Improvement: Sanitizer telemetry now logs the exact orphaned tool_call_ids and function names, replacing the previous generic message.

1.4.0

• Feature: Skills.MD. Lola can now author, store and apply behavioral skills described in plain Markdown with YAML frontmatter. Skills inject specialized instructions into Lola's reasoning under deterministic conditions (always-on, keyword triggers, or environment conditions) without touching PHP.
• Feature: Skills are loaded from four sources with documented precedence (built-in, addon-registered, user filesystem at wp-content/lolacore-skills/, and database). The lolacore_register_skills filter lets addons register their own skill directories.
• Feature: Settings → Skills panel. Visualize every loaded skill grouped by origin, toggle each one on or off, view the source markdown, import skills from .md files, and configure advanced parameters (max active, char budget, max per prompt).
• Feature: Conversational skill authoring. Ask Lola "create a skill that…" and she generates the markdown, saves it inactive, and asks before activating. Full toolset: addSkill, activateSkill, deactivateSkill, updateSkill, deleteSkill, listSkills.
• Architecture: Single-axis state model for skills. Each skill is either active (firing) or inactive (off), managed by one toggle in the admin, one verb in the chat. Runtime diagnostics (no-triggers, incompatible, unmet-dependencies) surface as informational badges, not as states the user manipulates.
• Architecture: Two-layer skill cache. Hot transient with filesystem-hash validation and cold snapshot in wp_lolacore_config (capped at 1 MB serialized). Keeps the loader budget under 5 ms on the cache-hit path.
• Architecture: Skills system is gated behind a master toggle (Beta) so the entire feature can be disabled with a single switch without uninstalling.
• Database: Migration to schema version 0.3.0. Adds the wp_lolacore_skills table and consolidates legacy in-progress states into the unified active/inactive model.
• Improvement: SystemPromptBuilder enforces a ground-truth rule (listSkills before answering any state question) that prevents Lola from confabulating phantom skills from stale session summaries.
• Improvement: Session summaries now respect the language the user spoke in during the conversation rather than forcing a single locale.

1.3.0

• Performance: Memory fact extraction (extractFacts) is now deferred out of the user-facing response path via a non-blocking background request. Reduces perceived response time by ~5–19s on fact-heavy sessions (47% of observed median latency). Compatible with all PHP SAPIs. Uses fastcgi_finish_request() on PHP-FPM (Linux/production) and wp_remote_post(blocking=false) with HMAC authentication on CGI/other environments.
• Performance: DeepSeek V4 think-mode is now disabled for the intent classifier call. The classifier task is pure JSON categorization; disabling reasoning reduces classifier latency by ~34% with no accuracy regression.
• Fix: Meta-tool query patterns ("¿qué puedes hacer?", "¿qué funciones tienes?") were stored with mojibake-encoded characters that never matched real UTF-8 input. Replaced with accent-agnostic character classes (qu[eé], cu[aá]ntas, etc.).
• Fix: Holistic and meta-intent detectors now inspect only the current user message, not the conversation history window. Eliminates false positives on subsequent turns when a prior message happened to contain a capability-query phrase.

1.2.0

• Feature: Memory Bootstrap. Lola now seeds baseline facts from each active addon on activation and refreshes them every 6 hours via a unified background job. Compatible addons (WooCommerce Pro, WPCode Snippets, Fluent Support) contribute live site-state data so Lola has meaningful context from the very first conversation, with no manual "remember this" prompting required.
• Feature: Holistic monitoring queries ("what needs my attention?", "give me a full site overview", "morning briefing") now automatically activate the full tool set across all active domains without requiring a round-trip escalation. Extensible via the lolacore_holistic_monitoring_patterns filter.
• Architecture: Added MemoryBootstrapInterface and MemoryBootstrapRunner with an adaptive global budget (24 baseline facts, minimum 2 guaranteed per addon, competitive allocation by importance score). Bootstrap facts are immune to the memory decay engine and capped at 40% of the context window to prevent crowding out conversational memory.
• Improvement: Category affinity map expanded with bidirectional links across all Business Bundle domains (WooCommerce Pro, WPCode Snippets, Fluent Support). Cross-addon queries now resolve in a single pass without requiring a follow-up escalation.
• Improvement: The semantic intent classifier maximum category cap is now adaptive, scales from 3 to 5 based on the number of active addon domains, allowing genuine multi-domain queries (e.g., "compare my WooCommerce revenue against open support tickets") to resolve correctly on complex sites.
• Fix: Resolved "insufficient tool messages following tool_calls message" (HTTP 400) errors that could surface after an abandoned write confirmation, leaving the chat session permanently broken until reload. Affected DeepSeek and OpenAI-compatible providers.
• Fix: Added a defensive history sanitizer that detects orphan tool_call_ids in stored conversation history and injects synthetic placeholders before each provider request, preserving the assistant/tool pairing contract required by the OpenAI message format.
• Fix: Widened executor exception capture from \Exception to \Throwable so that a TypeError in any Domain Handler still produces a valid tool message instead of orphaning the assistant's tool_call.
• Fix: Provider responses with missing or null tool_call_id are now backfilled with a synthetic UUID, preventing silent round-trip pairing failures.
• Fix: Memory extraction job now uses an explicit 30-second transport timeout, eliminating silent extraction failures (cURL error 28) on reasoning-capable providers such as DeepSeek.
• Fix: DeepSeek V4 reasoning_content is now re-injected only when the assistant message includes tool_calls, following the V4 spec exactly. Previously re-injected unconditionally, wasting 500–2,000 tokens per conversational turn.
• Improvement: DeepSeek V4 models (deepseek-v4-pro, deepseek-v4-flash) now appear first in the model selector. Legacy V3 models (deepseek-chat, deepseek-reasoner, deprecated 2026-07-24) are sorted last.
• Improvement: Reduced average token usage per request by ~30–40% through four independent optimizations: system prompt restructuring to maximise prefix cache hits, site scan summary compression (JSON to compact text), adaptive memory budget that scales with message length (10/20/30 facts), and tool schema description compression for always-present tools.

1.1.3

• Architecture: Major overhaul of the Long-Term Memory persistence pipeline to prevent "amnesia" and ensure context retention across sessions.
• Architecture: Introduced "Immortal Facts" (is_pinned schema column). Important memory facts can now be pinned, making them permanently immune to the decay relevance engine.
• Architecture: Importance-Aware Decay. The memory decay formula now scales mathematically based on fact importance. Critical facts decay 2x slower than trivial observations.
• Feature: Proactive Memory Directives. Lola is now instructed at the system-prompt level to automatically save structural decisions, stack choices, and business preferences without waiting to be told "remember this".
• Feature: Contextual Fact Boosting. The retrieval engine now dynamically filters and boosts memory relevance in real-time based on keyword matches with your current chat message.
• Feature: Session Summary Persistence. Chat session summaries are now preserved as high-priority memory facts instead of being destructively overwritten by the newest session.
• Fix: Multi-Turn Memory Extraction. The background memory extraction job now observes the last 5 conversation turns (instead of just 1), preventing blind spots in extended discussions.
• Fix: Model Desync. Memory extraction now actively resolves the selected AI provider/model from settings, fixing a bug where extraction would fail silently on non-default models like DeepSeek.
• Fix: Scanner Budgeting. Scanner-generated facts (site_state) are now hard-capped at 35% of the memory window, preventing plugin lists from crowding out actual conversational memory.
• Fix: Added robust local PHP diagnostic logging (via error_log) to the memory extraction background job to eliminate silent failures.
• Compliance: Replaced hardcoded AJAX endpoint with dynamically localized URL via wp_localize_script.
• Compliance: Migrated widget state injection from inline script tag to wp_add_inline_script for WordPress enqueue standards.
• Compliance: Updated DOMPurify to 3.4.2 and marked.js to 18.0.3 (latest stable releases).
• Compliance: Escaped all dynamic values in exception messages across all Domain Handlers (esc_html).
• Compliance: Converted raw DB_NAME concatenation to $wpdb->prepare() in database size query.
• Compliance: Fixed translators comment placement for PHPCS MissingTranslatorsComment compliance.
• Compliance: Removed development-only files (scratch.php, extractor.php) from plugin root.

1.1.2

• Architecture: Complete refactoring of ActionExecutor into 12 modular Domain Handlers (ContentHandler, PluginHandler, UserHandler, SystemHandler, MediaHandler, MetaHandler, TaxonomyHandler, CommentHandler, NavigationHandler, MemoryHandler, WooReadHandler, WooWriteHandler) behind a HandlerRouter with ActionHandlerInterface contract.
• Architecture: Introduced HandlerRouter with deterministic dispatch. Each handler declares its owned actions via getSupportedActions(), eliminating the monolithic switch/case in ActionExecutor.
• Feature: Added getDiscoveredAbilities tool for Lola to introspect all registered WordPress Abilities at runtime.
• Feature: Added manageRoles tool enabling Lola to create, delete, and modify WordPress user roles and capabilities from chat.
• Fix: Intent Router reordering. Meta-intent detection (Layer 0.5) now executes before keyword matching (Layer 1), preventing false-positive category captures on meta-queries like "What tools do you have?".
• Fix: Enabled 'meta' as a valid category in the semantic classifier (Layer 2), providing a second safety net for meta-queries that bypass Layer 0.5.
• Fix: Plugin search (searchPlugins) now handles both object and array response formats from the WordPress.org plugins_api(), resolving empty results on certain PHP/WP versions.
• Fix: Chat UI now auto-links plain-text URLs in assistant responses, converting them into clickable links.
• Fix: Export download links (.xml, .json, .csv, .zip) now include the HTML download attribute, forcing browser download instead of inline rendering.
• Fix: URL autolink regex excludes backtick characters to prevent trailing %60 in generated links.
• Improvement: Keyword inference from tool descriptions is now isolated from meta-query routing, reducing false-positive matches in the intent router.
• Improvement: Removed legacy direct-method dispatch from ActionExecutor. All 51 actions now route exclusively through Domain Handlers.
• Improvement: Addon integration updated. WooCommerce Pro tools route through category affinity system for reliable domain escalation.
• Architecture: New LolaCore\I18n namespace with ErrorMessages and StatusMessages classes. Every user-facing string is now centralized and WordPress i18n-ready (__() wrappers for future translation).
• Architecture: Backend error sanitization via ErrorMessages::wrapServerError(). Stack traces, PHP class names, and raw exception details are filtered before reaching the frontend.
• Improvement: Chat error messages rewritten for cognitive ergonomics. First-person voice, no jargon, actionable next step in every message.
• Improvement: Replaced emoji-prefixed error indicators (⚠️) with CSS-driven visual treatment (.lola-error-message class with salmon accent border and tinted background).
• Improvement: appendMessage() in chat JS now accepts an isError flag for proper error styling without breaking Markdown rendering or autolink functionality.
• Improvement: All hardcoded error strings in Controller.php, Settings.php, and WPAIClientAdapter.php replaced with centralized ErrorMessages / StatusMessages method calls.

1.1.1

• Fix: Added full taxonomy assignment support (categories and tags) to createContent and editContent.
• Fix: Added featured_image assignment support to createContent and editContent.
• Feature: Added uploadMedia tool to allow autonomous sideloading of external images into the Media Library.

1.1.0

• UI Redesign: Complete overhaul of the settings panel to match LolaCore's design system.
• Feature: Added ability to manage Lola's persistent memory directly from the settings panel (Maintenance ops: Scan, Export, Import, Compact).
• Feature: Autonomous Tool Escalation added. Lola can now dynamically break out of restricted domains when she determines a tool is needed but restricted.
• Improvement: Modularized system prompt generation and unified safety toggles using a SafetyConfig architecture.
• Improvement: Integrated addon infrastructure (Door 4 & 5) enabling unified management and license validation for extensions like WPCode.
• Improvement: Minor UI updates and padding adjustments for broader screen compatibility.

1.0.2

• Fix: Preserved raw HTML/code syntax in user chat messages without stripping tags.
• Enhancement: Implemented Markdown rendering in chat UI for rich text, tables, and formatted code blocks (ChatGPT-like experience).
• Enhancement: Enqueued marked.js and DOMPurify for secure frontend Markdown parsing.

1.0.1

• Added: lolacore_execute_external_action filter for external addon action dispatch.
• Added: lolacore_sop_map filter for dynamic SOP injection by addon plugins.
• Improvement: LolaCore is now fully extensible for third-party addon plugins.

1.0.0

• Initial public release.
• 51 abilities across 13 domains (27 read + 24 write).
• Persistent memory engine with decay-based relevance scoring.
• Algorithmic site scanner with 11 data collection modules.
• 13 dedicated WooCommerce tools: products, orders, customers, coupons, categories, sales reports.
• Built on the WordPress 7.0 native AI Client. Zero external production dependencies.
• All abilities exposed via the WordPress Abilities API.
• MCP server compatibility. Works with Claude Desktop and any MCP client.
• Intent router. Filters abilities per message to reduce token usage and improve accuracy.
• Floating chat widget with drag, minimize, and session persistence.
• Preview, Confirm, Execute pattern for all write operations.
• Safety guards: self-deactivation block, last-admin protection, delete limit warnings.
• Three AI providers supported: Anthropic, OpenAI, DeepSeek.