Full access. Full responsibility.
Your AI runs PHP inside WordPress with full access. Here is what that means and how you stay in control.
The AI runs PHP inside your WordPress process.
Full access to every function, the database, and the filesystem. There is no abstraction layer, no restricted API. Your AI calls WordPress functions directly.
When your AI writes new PHP files, they land in a dedicated sandbox folder where crashes are caught and auto-recovered. Direct code execution bypasses the sandbox. Any code your AI runs can do anything PHP can do.
No anonymous access. Ever.
Every request requires a WordPress Application Password over HTTPS. Only admin users can connect. The credentials are generated per-user and can be revoked at any time from the WordPress dashboard.
Novamira does not phone home, does not proxy through third-party servers, and does not store credentials. The connection is direct: your AI client talks to your WordPress site.
Safety nets
Things break. You recover.
Crash recovery
If a sandbox file causes a fatal error, Novamira detects it and disables the file so your site keeps running. Database changes or config edits via direct code are beyond its reach, but for the PHP files your AI writes, the site comes back.
Safe mode
Add a safe mode flag to any URL and all sandbox files are skipped instantly. Manual kill switch when you need it.
30-second limit
Every direct code call has a hard time limit. No runaway scripts. No infinite loops eating your server.
Sandbox dashboard
Every file the AI creates is listed in the admin panel. Inspect, disable, or delete them one by one. You stay in control.
Dev and staging only.
Novamira is for development and staging environments only. Always keep backups. You choose the AI model, you provide the API key, you review the output. We provide the plugin.
Novamira is open source. You can audit every line of code on GitHub.
Your WordPress. Your AI.
Nothing in between.
Free and open source. Built for WordPress 6.9+.