Add: Connectors screen and API#75833
Merged
jorgefilipecosta merged 81 commits intotrunkfrom Feb 25, 2026
Merged
Conversation
|
Size Change: +1.83 kB (+0.03%) Total Size: 6.84 MB
ℹ️ View Unchanged
|
Member
|
Per Matt's direction, let's ensure the
|
Member
Should probably instead be at at |
Member
|
@shaunandrews on the designs... Perhaps change Perhaps change Once a connector is connected, perhaps the |
Member
We need to be clear that this is about connecting to Google's Gemini and Anthropic's Claude. Especially for Google, they have a ton of services and this does not connect you to all of them by any means. Don't want someone to think that because they're connected to "Google" they know can use Google Maps. 😄 |
Member
@JasonTheAdams in that case it feels like you're burying the GPT and DALL-E bits by naming the other Connector merely as OpenAI? |
Member
|
@shaunandrews also on the design, perhaps for now we mimic the Tools > Import page and have something like this at the bottom:
|
justlevine
reviewed
Feb 23, 2026
| import { __ } from '@wordpress/i18n'; | ||
|
|
||
| // OpenAI logo as inline SVG | ||
| const OpenAILogo = () => ( |
Contributor
There was a problem hiding this comment.
Shouldnt these come from the "connectors" and not this package?
Edit: sorry that was supposed to have been saved in my pending.
Contributor
+1. We should probably have a real options-connections.php Settings screen here, instead of a "virtual" one. |
Add position parameter (1) to add_submenu_page so the Connectors menu item appears between General and Writing in the Settings submenu, per Matt's direction. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add a helpful message at the bottom of the connectors list pointing users to the plugin directory to find additional connector plugins. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Member
@jeffpaul, I added placeholder with 22c72e2
Addressed with df48889. The remaining feedback to address from the comments left so far:
|
Member
Author
Anything that comes from core without installing any plugin, will need to be hardcoded.
This is a JS based screen even if we provide a PHP based registry in the future, we will still need a JS API that PHP can call to render its things (and any plugin will also be able to use it like core does). In the same way for example blocks initially were registered in the client, and than we had PHP registration too that calls the client code to register. The UI to have connector may range from an input field, to a simple button, to a complex form, so an API needs to accommodate that. |
Member
|
Tested again with all the latest code changes applied, and everything works as intended. Some screens from my local WordPress instance: 
I was able to perform the following actions on the Connectors screen:
|
Member
Author
|
There were some design enhancements following @shaunandrews feedback, this is the latest version: |
gziolo
approved these changes
Feb 25, 2026
Member
There was a problem hiding this comment.
@justlevine, all great feedback. One important consideration, we want to include as much polished user experience for the WP 7.0 beta 2 release tomorrow. The goal is to iterate on the code behind the scenes to make it more flexible. However, we need to integrate everything with WordPress core codebase first so folks can start validating whether the proposed UX is good enough for WP 7.0. @desrosj raised a good point during the Core meeting earlier today, that for the WP AI Client flagship feature, we still have another week to improve the implementation and add more flexibility around potential code updates, so we aren't forced to run a WP patch release to update copy or logo. It isn't an ideal path, but we are acting as quickly as possible based on the feedback from last week.
@jorgefilipecosta, I don't have more feedback to share. There are still a few things to improve as noted in the feedback. The most important being:
"We should probably have a real
options-connections.phpSettings screen here, instead of a "virtual" one.
I don't consider it a blocker here because the code in Gutenberg is only active with the WP AI Client, which currently lives only in WP core's trunk. I wanted to acknowledge that it's an important one that might be easier to address in WordPress core than in the Gutenberg plugin during PHP code sync.
westonruter
reviewed
Feb 25, 2026
| 'sanitize_callback' => $config['sanitize'], | ||
| ) | ||
| ); | ||
| add_filter( "option_{$option_name}", $config['mask'] ); |
Member
There was a problem hiding this comment.
There is at least one hole I'm aware of for this method of masking the API key: the key is still visible when you go to /wp-admin/options.php (the hidden options screen):
(My actual key has been redacted in this screenshot.)
Member
There was a problem hiding this comment.
It sounds like these API key options should always be masked by default, but the filter is instead temporarily removed when passing to the AI provider class when auth is being configured.
Member
There was a problem hiding this comment.
Well, we need a proper security audit here, because we try to mirror how Claude and OpenAI manage API keys. However, we also noticed that Google allows displaying the stored API key for Gemini, so maybe it's fine to skip that masking.
Contributor
There was a problem hiding this comment.
Small nuance to consider: just because you can use an API Key on one site (or are authorized to connect a new one) doesn't mean you can use that key off site in your own tooling.
(related https://github.com/WordPress/gutenberg/pull/75833/files#r2855648259 )
Contributor
*In time for tomorrow's beta2, you're right. Longer term, I would assume we leverage existing APIs and use meta from the plugin headers or readme.txt
Yes, but there's no need for a superfluous API to register all the things. I believe that with a little bit of discussion we just don't have time for we'll all agree that PHP is the more holistic place for where this registry should live, and want to make sure that we're not rushed into needing to support 2 sources of truth because |
justlevine
reviewed
Feb 25, 2026
Comment on lines
+88
to
+90
| remove_filter( "option_{$option_name}", $mask_callback ); | ||
| $value = get_option( $option_name, '' ); | ||
| add_filter( "option_{$option_name}", $mask_callback ); |
Contributor
There was a problem hiding this comment.
Masking is nice, but should we also encrypt out API keys before we store them in them the database? Seems like a bigger problem than before when giving AI access to your database is one of the bigger practical use cases for agentic site work.
Also confirming - add_filter( 'option_{$option_name}', static fn () => MY_PRIVATE_ENV_CONST, 9 ); is the only way to programmatically bypass db storage for enterprise and other security or deployment minded folks who care about these things, and that too might break in 7.1?
justlevine
reviewed
Feb 25, 2026
| * @param string $value The raw option value. | ||
| * @return string Masked key or empty string. | ||
| */ | ||
| function _gutenberg_mask_gemini_api_key( string $value ): string { |
Contributor
There was a problem hiding this comment.
These are all private anyway, why even bother? I say we ditch the boilerplate and just call _gutenberg_{mask|sanitize}_api_key() directly unles/until we have one that deviates.
I hope we can agree that long term we don't want any of this in core itself anyway over the actual providers, so imo no reason to ship any of this boilerplate.
jorgefilipecosta
added
Backport to WP 7.0 Beta/RC
github-actions
bot
removed
the
Backport to WP 7.0 Beta/RC
gutenbergplugin
pushed a commit
that referenced
this pull request
Feb 25, 2026
Co-authored-by: jorgefilipecosta <jorgefilipecosta@git.wordpress.org> Co-authored-by: gziolo <gziolo@git.wordpress.org> Co-authored-by: justlevine <justlevine@git.wordpress.org> Co-authored-by: westonruter <westonruter@git.wordpress.org> Co-authored-by: jeffpaul <jeffpaul@git.wordpress.org> Co-authored-by: JasonTheAdams <jason_the_adams@git.wordpress.org> Co-authored-by: audrasjb <audrasjb@git.wordpress.org> Co-authored-by: shaunandrews <shaunandrews@git.wordpress.org> Co-authored-by: felixarntz <flixos90@git.wordpress.org>
github-actions
bot
added
the
Backported to WP Core
|
I just cherry-picked this PR to the wp/7.0 branch to get it included in the next release: 336a47b |
Member
Author
Another case that should be tested, is revoking a key that was valid on the provider website, oppening the connectors screen again and verify that it stops saying connected and allows to setup a different key. |
pento
pushed a commit
to WordPress/wordpress-develop
that referenced
this pull request
Feb 26, 2026
Adds `wp-includes/connectors.php` (loaded from `wp-settings.php`) and registers a Settings > Connectors submenu when the AI client and Connectors admin page renderer are available. Registers connector API key settings in `/wp/v2/settings`, masks key values on option reads, validates keys against provider configuration, and returns `invalid_key` for explicitly requested connector fields when validation fails. Stored connector keys are also passed to the AI client registry on init. Gutenberg PR at WordPress/gutenberg#75833. Developed in #11056. Props jorgefilipecosta, gziolo, flixos90, justlevine, westonruter, jeffpaul, JasonTheAdams, audrasjb, shaunandrews, noruzzaman, mukesh27. Fixes #64730. git-svn-id: https://develop.svn.wordpress.org/trunk@61749 602fd350-edb4-49c9-b593-d223f7449a82
markjaquith
pushed a commit
to markjaquith/WordPress
that referenced
this pull request
Feb 26, 2026
Adds `wp-includes/connectors.php` (loaded from `wp-settings.php`) and registers a Settings > Connectors submenu when the AI client and Connectors admin page renderer are available. Registers connector API key settings in `/wp/v2/settings`, masks key values on option reads, validates keys against provider configuration, and returns `invalid_key` for explicitly requested connector fields when validation fails. Stored connector keys are also passed to the AI client registry on init. Gutenberg PR at WordPress/gutenberg#75833. Developed in WordPress/wordpress-develop#11056. Props jorgefilipecosta, gziolo, flixos90, justlevine, westonruter, jeffpaul, JasonTheAdams, audrasjb, shaunandrews, noruzzaman, mukesh27. Fixes #64730. Built from https://develop.svn.wordpress.org/trunk@61749 git-svn-id: http://core.svn.wordpress.org/trunk@61055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
pento
pushed a commit
to WordPress/wordpress-develop
that referenced
this pull request
Feb 26, 2026
CI run: #11059. See #64595. --- I've included a log of the Gutenberg changes with the following command: git log --reverse --format="- %s" 23b566c72e9c4a36219ef5d6e62890f05551f6cb..022d8dd3d461f91b15c1f0410649d3ebb027207f | sed 's|#\([0-9][0-9]*\)|https://github.com/WordPress/gutenberg/pull/\1|g; /github\.com\/WordPress\/gutenberg\/pull/!d' | pbcopy - Pattern Editing: Fix nested patterns/sections (WordPress/gutenberg#75772) - QuickEdit: rename status label and remove extra labels in popup (WordPress/gutenberg#75824) - Fix block editing modes not recomputing when isolated editor value changes (WordPress/gutenberg#75821) - Synced patterns: Fix block editing mode of synced pattern content when nested in an unsynced pattern (WordPress/gutenberg#75818) - Block Support: Fix custom CSS not saved when style schema is not defined (WordPress/gutenberg#75797) - Gallery: Fixes keyboard focus escaping the lightbox overlay when navigating a gallery with Tab/Shift+Tab. (WordPress/gutenberg#75852) - Navigation Overlay Close: Set Close as default text, rather than using a placeholder (WordPress/gutenberg#75692) - RTC: Fix entity save call / initial persistence. (WordPress/gutenberg#75841) - Real-time collaboration: Improve collaboration within the same rich text (WordPress/gutenberg#75703) - Client Side Media: Add device/browser capability detection (WordPress/gutenberg#75863) - Navigation editing: simplify edit/view buttons (WordPress/gutenberg#75819) - Add core/icon block to theme.json schema (WordPress/gutenberg#75813) - Fix error when undoing newly added pattern (WordPress/gutenberg#75850) - Page List Item: Replace RawHTML with dangerouslySetInnerHTML for label and title (WordPress/gutenberg#75890) - REST API: Make filter_wp_unique_filename() static to match core, plus avoid duplicate routes (WordPress/gutenberg#75782) - RichText: useAnchor: Fix TypeError in virtual element (WordPress/gutenberg#75900) - DataViews: Remove menu divider again. (WordPress/gutenberg#75908) - Theme: Add build plugins to inject design token fallbacks (WordPress/gutenberg#75901) - Theme: Remove global stylesheet (WordPress/gutenberg#75879) - Real-time collaboration: Remove ghost awareness state explicitly when refreshing (WordPress/gutenberg#75883) - Real-time collaboration: Expand mergeCrdtBlocks() automated testing (WordPress/gutenberg#75923) - Fix client-side media file naming (WordPress/gutenberg#75817) - Add: Connectors screen (WordPress/gutenberg#75833) - Merge document meta into state map (WordPress/gutenberg#75830) - Move WordPress meta key from sync package to core-data (WordPress/gutenberg#75846) - Bugfix: Fix casing of getPersistedCRDTDoc (WordPress/gutenberg#75922) - Add debug logging to SyncManager (WordPress/gutenberg#75924) - DataForm: fix label colors (WordPress/gutenberg#75730) - DataViews: minimize padding for primary action buttons (WordPress/gutenberg#75721) (WordPress/gutenberg#75947) - Connectors: Add `_ai_` prefix to connector setting names and fix naming inconsistencies (WordPress/gutenberg#75948) - Connectors: Unhook Core callbacks in Gutenberg coexistence (WordPress/gutenberg#75935) - Unsynced patterns: Rename 'Disconnect pattern' to 'Detach pattern' in context menu (WordPress/gutenberg#75807) - Editor: Remove View dropdown and pinned items from revisions header (WordPress/gutenberg#75951) - Fix: Template revisions infinite spinner (WordPress/gutenberg#75953) - Backport: Avoid flickering while refreshing (WordPress/gutenberg#74572) (WordPress/gutenberg#75952) - Add wp_ prefix to real time collaberation option. (WordPress/gutenberg#75837) git-svn-id: https://develop.svn.wordpress.org/trunk@61750 602fd350-edb4-49c9-b593-d223f7449a82
markjaquith
pushed a commit
to markjaquith/WordPress
that referenced
this pull request
Feb 26, 2026
CI run: WordPress/wordpress-develop#11059. See #64595. --- I've included a log of the Gutenberg changes with the following command: git log --reverse --format="- %s" 23b566c72e9c4a36219ef5d6e62890f05551f6cb..022d8dd3d461f91b15c1f0410649d3ebb027207f | sed 's|#\([0-9][0-9]*\)|https://github.com/WordPress/gutenberg/pull/\1|g; /github\.com\/WordPress\/gutenberg\/pull/!d' | pbcopy - Pattern Editing: Fix nested patterns/sections (WordPress/gutenberg#75772) - QuickEdit: rename status label and remove extra labels in popup (WordPress/gutenberg#75824) - Fix block editing modes not recomputing when isolated editor value changes (WordPress/gutenberg#75821) - Synced patterns: Fix block editing mode of synced pattern content when nested in an unsynced pattern (WordPress/gutenberg#75818) - Block Support: Fix custom CSS not saved when style schema is not defined (WordPress/gutenberg#75797) - Gallery: Fixes keyboard focus escaping the lightbox overlay when navigating a gallery with Tab/Shift+Tab. (WordPress/gutenberg#75852) - Navigation Overlay Close: Set Close as default text, rather than using a placeholder (WordPress/gutenberg#75692) - RTC: Fix entity save call / initial persistence. (WordPress/gutenberg#75841) - Real-time collaboration: Improve collaboration within the same rich text (WordPress/gutenberg#75703) - Client Side Media: Add device/browser capability detection (WordPress/gutenberg#75863) - Navigation editing: simplify edit/view buttons (WordPress/gutenberg#75819) - Add core/icon block to theme.json schema (WordPress/gutenberg#75813) - Fix error when undoing newly added pattern (WordPress/gutenberg#75850) - Page List Item: Replace RawHTML with dangerouslySetInnerHTML for label and title (WordPress/gutenberg#75890) - REST API: Make filter_wp_unique_filename() static to match core, plus avoid duplicate routes (WordPress/gutenberg#75782) - RichText: useAnchor: Fix TypeError in virtual element (WordPress/gutenberg#75900) - DataViews: Remove menu divider again. (WordPress/gutenberg#75908) - Theme: Add build plugins to inject design token fallbacks (WordPress/gutenberg#75901) - Theme: Remove global stylesheet (WordPress/gutenberg#75879) - Real-time collaboration: Remove ghost awareness state explicitly when refreshing (WordPress/gutenberg#75883) - Real-time collaboration: Expand mergeCrdtBlocks() automated testing (WordPress/gutenberg#75923) - Fix client-side media file naming (WordPress/gutenberg#75817) - Add: Connectors screen (WordPress/gutenberg#75833) - Merge document meta into state map (WordPress/gutenberg#75830) - Move WordPress meta key from sync package to core-data (WordPress/gutenberg#75846) - Bugfix: Fix casing of getPersistedCRDTDoc (WordPress/gutenberg#75922) - Add debug logging to SyncManager (WordPress/gutenberg#75924) - DataForm: fix label colors (WordPress/gutenberg#75730) - DataViews: minimize padding for primary action buttons (WordPress/gutenberg#75721) (WordPress/gutenberg#75947) - Connectors: Add `_ai_` prefix to connector setting names and fix naming inconsistencies (WordPress/gutenberg#75948) - Connectors: Unhook Core callbacks in Gutenberg coexistence (WordPress/gutenberg#75935) - Unsynced patterns: Rename 'Disconnect pattern' to 'Detach pattern' in context menu (WordPress/gutenberg#75807) - Editor: Remove View dropdown and pinned items from revisions header (WordPress/gutenberg#75951) - Fix: Template revisions infinite spinner (WordPress/gutenberg#75953) - Backport: Avoid flickering while refreshing (WordPress/gutenberg#74572) (WordPress/gutenberg#75952) - Add wp_ prefix to real time collaberation option. (WordPress/gutenberg#75837) Built from https://develop.svn.wordpress.org/trunk@61750 git-svn-id: http://core.svn.wordpress.org/trunk@61056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Very early exploration, in development.
Summary
What's Included
@wordpress/componentsand@wordpress/admin-uiconnections-wp-admin_initaction hookStatus
This PR is a work in progress.
Whats shown right now:
Some mockups of the end goal
Props to @shaunandrews
Testing:
Install all AI provider plugins.
Set API keys for every supported provider.
Remove the key and set it again for every supported provider.
When a incorrect API key is provided then it isn't possible to save it.
API keys are properly masked on the frontend (including REST API response).
Deactivate the AI provider plugin from the Plugins screen and activate the plugin again from the Connectors screen.
Uninstall the AI provider plugin from the Plugins screen and install the plugin again from the Connectors screen.
Revoke a key that was valid on the provider website and veify the screen does not says connected anymore.