miniOrange Secure MCP Server

miniOrange Secure MCP Server helps WordPress administrators with AI governance and policy enforcement: understanding, and ultimately controlling, what AI assistants and MCP clients are allowed to do on their site. Effective AI governance starts with visibility. The WordPress Abilities API (available in WordPress 6.9 and later) lets plugins and WordPress core expose discrete, machine-callable capabilities — for example: get site info, create a post, or generate a summary — that AI assistants, the Command Palette, and MCP clients can invoke. As more plugins register abilities, administrators need to know exactly what is exposed on their site before they can govern it. What this version does This first release is focused on that first step: visibility. It adds a single admin screen that gives you a complete, read-only inventory of every AI ability registered on your site, so you can review what is available at a glance. For every ability, the viewer shows:

• The fully qualified ability name (namespace and slug).
• Its human-readable label and description.
• The ability category it belongs to.
• Its source namespace (the prefix before the slash), indicating where the ability comes from.
• The full input and output JSON schema, in a collapsible panel.

This version is a viewer only. It does not register abilities, execute abilities, enforce policies, change any settings, store any data, or send anything to an external server. It simply lists what is already registered on your site.

1.0.0

• Initial release: read-only viewer for abilities registered through the WordPress Abilities API.