Title: Tessera for the Abilities API
Author: Ibrahim
Published: <strong>May 12, 2026</strong>
Last modified: May 12, 2026

---

Search plugins

![](https://ps.w.org/abilityguard-mcp/assets/icon-256x256.png?rev=3530025)

# Tessera for the Abilities API

 By [Ibrahim](https://profiles.wordpress.org/ibrahimhajjaj/)

[Download](https://downloads.wordpress.org/plugin/abilityguard-mcp.1.3.5.zip)

 * [Details](https://vec.wordpress.org/plugins/abilityguard-mcp/#description)
 * [Reviews](https://vec.wordpress.org/plugins/abilityguard-mcp/#reviews)
 *  [Installation](https://vec.wordpress.org/plugins/abilityguard-mcp/#installation)
 * [Development](https://vec.wordpress.org/plugins/abilityguard-mcp/#developers)

 [Support](https://wordpress.org/support/plugin/abilityguard-mcp/)

## Description

Tessera is a developer library for plugin authors who register abilities via `wp_register_ability()`
and want snapshot capture, audit logging, approval workflows, and one-click rollback
for every invocation across REST, MCP, internal PHP, and WP-CLI without building
it themselves.

Declare what state your ability touches; Tessera handles the safety wrapper.

#### What you get out of the box

 * **Pre + post snapshots.** Every safety-enabled invocation captures declared state
   before the callback and (on success) after, so the audit log can show a real 
   diff.
 * **Audit log.** One row per invocation with ability name, caller (REST/MCP/CLI/
   internal), user, args, result, status, duration, pre/post hashes, and parent_invocation_id
   for nested calls.
 * **One-click rollback.** Restore captured state from post_meta, options, taxonomy
   term assignments, user roles + caps. File contents support tiered drift detection(
   mtime / mtime_size / critical_hash / full_hash) plus opt-in real byte-level rollback
   via `full_content` strategy.
 * **Drift check on rollback.** Live state is hashed and compared to the snapshot’s
   post-state before restoring; if they differ the rollback returns an error unless
   forced.
 * **Concurrency lock.** Capture + execute is serialised per surface set via a MySQL
   advisory lock so two simultaneous invocations do not capture each other’s mid-
   states.
 * **Encrypted redaction.** Scrub secrets out of args, results, and snapshots. Stores
   redacted values as AES-256-GCM envelopes so rollback can still restore them.
 * **Approval queue.** When `safety.requires_approval` is set, the wrapper blocks
   execution and returns a 202 pending response. A human approves or rejects via
   wp-admin, WP-CLI, or REST. Multi-stage sequential or parallel approval chains
   are supported.
 * **Multisite support.** Each subsite gets its own set of `wp_<N>_abilityguard_*`
   tables, with auto-install on `wp_initialize_site` and auto-drop on `wpmu_drop_tables`.
 * **Retention.** Daily WP-Cron prunes old log rows (defaults: 30 days normal, 180
   days destructive) and orphaned snapshots.

#### Surfaces

 * **PHP API** with `wp_register_ability( $name, [ ..., 'safety' => [...] ] )` and
   helpers `abilityguard_rollback`, `abilityguard_snapshot_meta`, `abilityguard_snapshot_options`.
 * **REST**: `/abilityguard/v1/log`, `/log/<id>`, `/log/export`, `/rollback/<id>`,`/
   rollback/bulk`, `/approval`, `/approval/<id>/approve`, `/approval/<id>/reject`,`/
   approval/bulk`, `/approval/export`, `/retention`, `/retention/prune`, `/health`.
 * **WP-CLI**: `wp abilityguard log list/show`, `wp abilityguard rollback <id>`,`
   wp abilityguard approval list/approve/reject <id>`, `wp abilityguard prune`.
 * **wp-admin**: Tools > Tessera. Hybrid timeline + command-palette search, snapshot
   drawer, JSON-highlighted Input/Result tabs, invocation chain navigation, and 
   real rollback against the captured snapshot.

#### Example

    ```
    wp_register_ability( 'my-plugin/update-product-price', array(
        'label'               => 'Update product price',
        'description'         => 'Updates the price on a WooCommerce product.',
        'category'            => 'woocommerce',
        'input_schema'        => array( /* ... */ ),
        'permission_callback' => fn() => current_user_can( 'manage_woocommerce' ),
        'execute_callback'    => fn( $args ) => update_post_meta( $args['product_id'], '_price', $args['price'] ),
        'safety' => array(
            'destructive'       => true,
            'requires_approval' => false,
            'snapshot'          => fn( $input ) => array(
                'post_meta' => array( $input['product_id'] => array( '_price', '_regular_price' ) ),
                'options'   => array( 'woocommerce_last_price_change' ),
            ),
        ),
    ) );
    ```

#### Documentation

Full plugin-author documentation lives at the GitHub repo: https://github.com/ibrahimhajjaj/
abilityguard

### Source Code

The full source for Tessera, including the unminified React source for the admin
app, lives on GitHub: https://github.com/ibrahimhajjaj/abilityguard

 * The admin bundle `assets/admin.js` is compiled from `assets/admin.jsx` (React
   + JSX, no preprocessor magic beyond JSX).
 * The bundler is [esbuild](https://esbuild.github.io/), configured in `scripts/
   build.mjs`.
 * To rebuild the admin bundle from a fresh checkout, run `npm install` once, then`
   npm run build` whenever `assets/admin.jsx` changes. This regenerates `assets/
   admin.js` in place.
 * The release zip published to the WordPress.org directory is produced by `scripts/
   build-release.sh`, which excludes development artifacts (tests, examples, build
   configs) but keeps everything required for the plugin to run.

## Screenshots

[⌊Invocation timeline. Every ability call across REST, MCP, internal PHP, and WP-
CLI, with caller attribution and per-row status.⌉⌊Invocation timeline. Every ability
call across REST, MCP, internal PHP, and WP-CLI, with caller attribution and per-
row status.⌉[

Invocation timeline. Every ability call across REST, MCP, internal PHP, and WP-CLI,
with caller attribution and per-row status.

[⌊Approvals queue. Pending requests waiting on a human, with the requesting context
and a one-click approve or reject.⌉⌊Approvals queue. Pending requests waiting on
a human, with the requesting context and a one-click approve or reject.⌉[

Approvals queue. Pending requests waiting on a human, with the requesting context
and a one-click approve or reject.

[⌊Invocation detail after a one-click rollback restored the captured pre-state.⌉⌊
Invocation detail after a one-click rollback restored the captured pre-state.⌉[

Invocation detail after a one-click rollback restored the captured pre-state.

[⌊Search-as-you-type in the log: ability name, caller, status.⌉⌊Search-as-you-type
in the log: ability name, caller, status.⌉[

Search-as-you-type in the log: ability name, caller, status.

[⌊Invocation detail, result tab, with redacted secret values restored on display
when the encryption key is present.⌉⌊Invocation detail, result tab, with redacted
secret values restored on display when the encryption key is present.⌉[

Invocation detail, result tab, with redacted secret values restored on display when
the encryption key is present.

[⌊Snapshot drawer showing the captured pre-state and post-state for a destructive
invocation.⌉⌊Snapshot drawer showing the captured pre-state and post-state for a
destructive invocation.⌉[

Snapshot drawer showing the captured pre-state and post-state for a destructive 
invocation.

[⌊Multi-stage approval chain with per-stage capability and role routing.⌉⌊Multi-
stage approval chain with per-stage capability and role routing.⌉[

Multi-stage approval chain with per-stage capability and role routing.

## Installation

 1. Upload the `abilityguard-mcp` folder to `/wp-content/plugins/`.
 2. Activate the plugin through the Plugins menu in WordPress (or network-activate 
    on multisite).
 3. Visit Tools > Tessera to view the audit log.
 4. In your own plugin, register abilities via `wp_register_ability()` with a `safety`
    config.

Requires WordPress 6.9 or later (for the Abilities API) and PHP 8.1 or later.

## FAQ

### Does this work without other plugins?

It will activate without registered abilities, but it only does work when other 
plugins register abilities with a `safety` config via `wp_register_ability()`.

### What state surfaces are supported for snapshots?

post_meta, options, taxonomy term assignments, user roles + caps, and files (with
five tiered strategies from mtime to full content rollback).

### Does it support multisite?

Yes. Each subsite gets its own set of `wp_<N>_abilityguard_*` tables. New subsites
are auto-installed via `wp_initialize_site`; deleted subsites have their tables 
dropped via `wpmu_drop_tables`.

### How does it handle concurrent invocations?

Per-surface MySQL advisory locks (GET_LOCK) serialise capture + execute so simultaneous
invocations do not capture each other’s mid-states.

### Are secrets encrypted in the log?

Yes. Redaction uses AES-256-GCM envelopes so rollback can still restore the original
value when the encryption key is intact.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“Tessera for the Abilities API” is open source software. The following people have
contributed to this plugin.

Contributors

 *   [ Ibrahim ](https://profiles.wordpress.org/ibrahimhajjaj/)

[Translate “Tessera for the Abilities API” into your language.](https://translate.wordpress.org/projects/wp-plugins/abilityguard-mcp)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/abilityguard-mcp/),
check out the [SVN repository](https://plugins.svn.wordpress.org/abilityguard-mcp/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/abilityguard-mcp/)
by [RSS](https://plugins.trac.wordpress.org/log/abilityguard-mcp/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.3.5

 * Release zip no longer ships `composer/installers` and its unused installer adapters.
   Cuts the published zip from 909K to 824K and 206 files to 98.

#### 1.3.4

 * Release zip now ships `vendor/autoload.php` so the plugin actually boots on a
   fresh install. (1.3.3 zip was missing the autoloader and fatal’d on activation.)

#### 1.3.3

 * Display name changed to “Tessera for the Abilities API” to clearly distinguish
   this plugin from any future official safety library. Slug, text domain, and internal
   namespace are unchanged.
 * `error_log()` calls in the rate-limiter and concurrency lock are now gated behind`
   WP_DEBUG`, so production hosts no longer accumulate noise from fail-open paths.
 * `readme.txt` gains a Source Code section documenting the GitHub repository, the
   esbuild-based build pipeline, and the `npm run build` command used to regenerate`
   assets/admin.js`.

#### 1.3.2

 * Slug renamed to `abilityguard-mcp` for the WordPress.org directory.
 * Snapshot file blobs now stored under `wp-uploads/abilityguard-mcp/` instead of`
   wp-content/abilityguard-staging/`.
 * Admin page CSS folded into the existing enqueued bundle; no more inline `<script
   >`/`<style>` echoes.
 * `$_SERVER['REMOTE_ADDR']` is unslashed and sanitized before being hashed for 
   IP-keyed rate-limit principals.

#### 1.3.1

 * Skipped (broken release-workflow build).

#### 1.3.0

 * Sliding-window-counter rate limiter with multi-policy support (burst + sustained),
   pluggable storage (Redis / object cache / transient), and IETF draft RateLimit
   headers.
 * Dry-run mode: per-call `safety.dry_run` previews a destructive ability, persists
   the diff, auto-rolls-back, and surfaces details via `/dry-run/<id>` REST endpoint
   and `abilityguard_get_dry_run_result()` helper. Result returns untouched so it
   validates against `output_schema`.
 * Approval queue gains per-stage role routing (`approval_roles`) and separation-
   of-duties enforcement across the chain.
 * Per-status retention via `abilityguard_retention_days_by_status`.
 * `/stats` REST endpoint and admin dashboard widget (counts, p50/p95, top abilities).
 * Wrapper split into observability listeners on `wp_before_execute_ability` / `
   wp_after_execute_ability` plus an enforcement seam (`abilityguard_pre_execute_decision`
   filter) for plugin extensions.
 * Reads `meta.annotations.destructive` directly from core (WP 6.9 surface), no 
   parallel safety metadata.
 * Requires WP 6.9; pre-6.9 fallback path removed.

#### 1.2.0

 * Parallel multi-stage approval chains with optional per-stage user pinning.
 * `/health` REST endpoint and a pending-approvals badge in the admin bar.
 * WP-CLI: `log show --diff`, `approval show`, `prune --all-sites`.
 * JSONL export option for audit log.
 * Real byte-level file rollback via `safety.snapshot.files.strategy = 'full_content'`(
   AES-256-GCM, content-addressed sidecar staging dir, atomic writes, 256 KB per-
   file cap).
 * Full multisite support with auto-install on subsite creation and auto-drop on
   subsite deletion.
 * Sequential and parallel multi-stage approval chains.

#### 1.1.0

 * Multi-stage approval queues.
 * Invocation correlation via `parent_invocation_id` and an admin-side invocation
   chain navigator.
 * `log_meta` table for extensible per-row metadata.

#### 1.0.0

 * Initial public release.
 * Snapshot, audit, rollback, and approval middleware for the WordPress Abilities
   API.
 * Five collectors: post_meta, options, taxonomy, user_role, files.
 * REST + WP-CLI + wp-admin surfaces.
 * Encrypted redaction, payload caps, retention pruning.

## Meta

 *  Version **1.3.5**
 *  Last updated **4 weeks ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 6.9 or higher **
 *  Tested up to **6.9.4**
 *  PHP version ** 8.1 or higher **
 *  Language
 * [English (US)](https://wordpress.org/plugins/abilityguard-mcp/)
 * Tags
 * [abilities-api](https://vec.wordpress.org/plugins/tags/abilities-api/)[audit](https://vec.wordpress.org/plugins/tags/audit/)
   [mcp](https://vec.wordpress.org/plugins/tags/mcp/)[rollback](https://vec.wordpress.org/plugins/tags/rollback/)
   [safety](https://vec.wordpress.org/plugins/tags/safety/)
 *  [Advanced View](https://vec.wordpress.org/plugins/abilityguard-mcp/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/abilityguard-mcp/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/abilityguard-mcp/reviews/)

## Contributors

 *   [ Ibrahim ](https://profiles.wordpress.org/ibrahimhajjaj/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/abilityguard-mcp/)