Description

AI Valve gives site administrators visibility and control over how plugins use the built-in WordPress AI connector.

Features

Per-plugin access control — Allow or deny individual plugins from making AI requests.
Token budgets — Set daily and monthly token limits per plugin and globally.
Context restrictions — Control which execution contexts (admin, frontend, cron, REST, AJAX, CLI) may trigger AI calls.
Usage dashboard — See token consumption at a glance with summary cards, progress bars, and per-plugin breakdowns.
Request logging — Every AI request is logged with provider, model, capability, tokens, and caller attribution.
Budget alerts — Admin notices and optional email when usage approaches or exceeds limits.

Requirements

WordPress 7.0 or later
PHP 8.3 or later
A configured AI provider in Settings Connectors

Screenshots

Dashboard with usage summary cards and per-plugin breakdown.

Installation

Install AI Valve from the WordPress plugin directory, or upload soderlind-aivalve.zip via Plugins Add New Upload Plugin.
Activate the plugin.
Go to Settings AI Valve to configure.

FAQ

What are tokens?

Tokens are the units AI models use to measure input and output. Roughly 1 token ≈ ¾ of a word. Both the text you send (prompt tokens) and the text the AI returns (completion tokens) count toward your usage.

What does “limit = 0” mean?

A limit of 0 means unlimited — no cap is enforced. Set a positive number to restrict token usage.

How does AI Valve identify which plugin made an AI request?

It walks the PHP call stack (debug_backtrace()) and matches file paths against the plugins directory to determine the originating plugin slug.

Will this work with future WordPress updates?

Yes. AI Valve relies only on the stable public hooks (wp_ai_client_prevent_prompt, wp_ai_client_before_generate_result, wp_ai_client_after_generate_result) provided by the WordPress AI connector API.

Are there developer hooks?

Yes. See the developer hooks documentation for available filters and actions.

Does AI Valve work on multisite?

Yes. Each subsite has its own log table, settings, and budgets.

What happens when a plugin is blocked?

The plugin receives a WP_Error with code prompt_prevented instead of an AI response. The denied request is logged with the reason. See how-blocking-works.md for the full explanation.

How do I block all plugins and only allow specific ones?

Go to Settings AI Valve Settings.
Set the Default policy to Deny.
Switch to the Dashboard tab.
In the Per-plugin access table, set the plugins you want to allow to Allow.

Only explicitly allowed plugins will be able to make AI requests; everything else is denied by default.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“AI Valve” is open source software. The following people have contributed to this plugin.

Per Søderlind

Translate “AI Valve” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.1.6

Fixed: WordPress.org review issues by correcting repository URLs and restoring the ai-valve text domain.

1.1.5

Changed: Plugin-facing slugs, REST namespace, package metadata, docs, and admin UI prefixes from ai-valve to soderlind-aivalve.
Fixed: Plugin text domain now uses soderlind-aivalve consistently across PHP, JavaScript, and generated assets.

1.1.4

Fixed: WordPress.org plugin review prefix compliance by renaming plugin-owned namespaces, constants, hooks, options, cron events, database keys, and admin script globals to the unique soderlind_aivalve prefix.
Fixed: Migration and cleanup paths for existing aivalve/ai_valve installs while keeping active identifiers uniquely prefixed.
Changed: Readme tags for improved clarity and relevance.

1.1.3

Changed: Updated WordPress.org icons and banner.
Fixed: Improved compatibility with custom plugin directory layouts and unique plugin-owned identifiers.
Fixed: Resolved npm dependency security advisories.

1.1.2

Changed: Refactored code structure for improved readability and maintainability.

1.1.1

Fixed: Dashboard usage date buckets now keep Today, plugin totals, and Recent Requests aligned around database/PHP day boundaries.
Fixed: WordPress 6.8 SelectControl deprecation warnings in the admin UI.
Added: WordPress.org icon and banner assets.

1.1.0

Removed: GitHub release updater for WordPress.org distribution.
Removed: plugin-update-checker dependency and bundled updater files.
Fixed: Added direct-access guards and Plugin Check cleanup for production files.

1.0.4

Changed: Update npm dependencies to latest versions.

1.0.3

Added: soderlind_aivalve_plugin_policy filter to override allow/deny policy programmatically.
Added: soderlind_aivalve_request_denied action, fired when a request is blocked.
Added: soderlind_aivalve_request_completed action, fired after every successful request.

1.0.2

Fixed: Resolve multiple security vulnerabilities in transitive dependencies.

1.0.1

Added: FAQ entry on deny-by-default allowlist setup.

1.0.0

Fixed: AI requests that fail (auth errors, timeouts, bad deployments) now logged with status = ‘error’.
Fixed: Schema migrations run on every load (version-gated) so in-place updates work without deactivate/activate.
Changed: on_before_generate inserts a pending log row immediately; on_after_generate updates it.
Changed: Shutdown handler catches orphaned pending rows and marks them as errors.
Added: LogRepository::update() for updating existing log rows by ID.

0.6.0

Added: Request duration tracking (duration_ms column, schema v3).
Added: Log retention setting — auto-delete logs older than N days via daily cron.
Added: Purge all logs REST endpoint (DELETE /logs) and Danger Zone UI on Logs tab.
Added: Time-range preset selector (24h / 7d / 30d / This month) on Logs tab.
Added: Combined Provider / Model column in log tables with duration display.
Added: Dropdown filters for Plugin, Provider, and Model on Logs tab (GET /logs/filters).
Changed: Database schema upgraded to v3.
Changed: Moved Danger Zone (purge) from Settings to Logs tab.

0.5.0

Removed: Reflection-based event dispatcher injection workaround (fixed in WP 7 RC1).
Changed: Tested up to WP 7.0-RC1.

0.4.0

Changed: Admin UI rebuilt as a React single-page application.
Changed: Settings, dashboard, and logs now render client-side via the REST API.
Added: REST endpoint GET /settings for reading all plugin settings.
Added: by_context, recent, and known_slugs fields in the GET /usage response.
Added: date_from and date_to filter parameters on the GET /logs endpoint.
Added: Dedicated CSS file for admin styles (replaces inline styles).

0.3.0

Added: Model filter on the Logs tab and CSV export.
Added: Provider & Model breakdown table on the Dashboard.
Added: Per-plugin token bar chart on the Dashboard.
Added: Per-provider token counters.
Changed: Providers & Contexts tables displayed side by side.
Changed: Plugin list only shows plugins that used the AI connector.

0.2.0

Fixed: Status column widened — denial reasons were silently truncated.
Fixed: “Denied” log filter now matches all denial variants.
Fixed: Respect the wp_supports_ai filter as a global kill switch.
Added: Date range filter (From / To) on the Logs tab.
Added: Context breakdown table on the Dashboard tab.
Added: Per-plugin budget threshold alerts (admin notices).
Added: CSV export button on the Logs tab.
Changed: Logs filter bar uses flex layout for better fit.

0.1.0

Initial release.
Per-plugin access control (allow/deny).
Global and per-plugin daily/monthly token budgets.
Context restrictions (admin, frontend, cron, REST, AJAX, CLI).
Usage dashboard with summary cards and progress bars.
Request logging with provider, model, capability, and token counts.
Budget alert notices and optional email notifications.
REST API endpoints for usage and log data.
Workaround for WordPress 7.0 event dispatcher bug.