Add: Connectors screen and API#75833
Conversation
|
Size Change: +1.83 kB (+0.03%) Total Size: 6.84 MB
ℹ️ View Unchanged
|
|
Per Matt's direction, let's ensure the
|
Should probably instead be at at |
|
@shaunandrews on the designs... Perhaps change Perhaps change Once a connector is connected, perhaps the |
We need to be clear that this is about connecting to Google's Gemini and Anthropic's Claude. Especially for Google, they have a ton of services and this does not connect you to all of them by any means. Don't want someone to think that because they're connected to "Google" they know can use Google Maps. 😄 |
@JasonTheAdams in that case it feels like you're burying the GPT and DALL-E bits by naming the other Connector merely as OpenAI? |
|
@shaunandrews also on the design, perhaps for now we mimic the Tools > Import page and have something like this at the bottom:
|
| import { __ } from '@wordpress/i18n'; | ||
|
|
||
| // OpenAI logo as inline SVG | ||
| const OpenAILogo = () => ( |
There was a problem hiding this comment.
Shouldnt these come from the "connectors" and not this package?
Edit: sorry that was supposed to have been saved in my pending.
+1. We should probably have a real options-connections.php Settings screen here, instead of a "virtual" one. |
Add position parameter (1) to add_submenu_page so the Connectors menu item appears between General and Writing in the Settings submenu, per Matt's direction. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add a helpful message at the bottom of the connectors list pointing users to the plugin directory to find additional connector plugins. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jeffpaul, I added placeholder with 22c72e2
Addressed with df48889. The remaining feedback to address from the comments left so far:
|
Anything that comes from core without installing any plugin, will need to be hardcoded.
This is a JS based screen even if we provide a PHP based registry in the future, we will still need a JS API that PHP can call to render its things (and any plugin will also be able to use it like core does). In the same way for example blocks initially were registered in the client, and than we had PHP registration too that calls the client code to register. The UI to have connector may range from an input field, to a simple button, to a complex form, so an API needs to accommodate that. |
|
There were some design enhancements following @shaunandrews feedback, this is the latest version: |
There was a problem hiding this comment.
@justlevine, all great feedback. One important consideration, we want to include as much polished user experience for the WP 7.0 beta 2 release tomorrow. The goal is to iterate on the code behind the scenes to make it more flexible. However, we need to integrate everything with WordPress core codebase first so folks can start validating whether the proposed UX is good enough for WP 7.0. @desrosj raised a good point during the Core meeting earlier today, that for the WP AI Client flagship feature, we still have another week to improve the implementation and add more flexibility around potential code updates, so we aren't forced to run a WP patch release to update copy or logo. It isn't an ideal path, but we are acting as quickly as possible based on the feedback from last week.
@jorgefilipecosta, I don't have more feedback to share. There are still a few things to improve as noted in the feedback. The most important being:
"We should probably have a real
options-connections.phpSettings screen here, instead of a "virtual" one.
I don't consider it a blocker here because the code in Gutenberg is only active with the WP AI Client, which currently lives only in WP core's trunk. I wanted to acknowledge that it's an important one that might be easier to address in WordPress core than in the Gutenberg plugin during PHP code sync.
| 'sanitize_callback' => $config['sanitize'], | ||
| ) | ||
| ); | ||
| add_filter( "option_{$option_name}", $config['mask'] ); |
There was a problem hiding this comment.
It sounds like these API key options should always be masked by default, but the filter is instead temporarily removed when passing to the AI provider class when auth is being configured.
There was a problem hiding this comment.
Well, we need a proper security audit here, because we try to mirror how Claude and OpenAI manage API keys. However, we also noticed that Google allows displaying the stored API key for Gemini, so maybe it's fine to skip that masking.
There was a problem hiding this comment.
Small nuance to consider: just because you can use an API Key on one site (or are authorized to connect a new one) doesn't mean you can use that key off site in your own tooling.
(related https://github.com/WordPress/gutenberg/pull/75833/files#r2855648259 )
*In time for tomorrow's beta2, you're right. Longer term, I would assume we leverage existing APIs and use meta from the plugin headers or readme.txt
Yes, but there's no need for a superfluous API to register all the things. I believe that with a little bit of discussion we just don't have time for we'll all agree that PHP is the more holistic place for where this registry should live, and want to make sure that we're not rushed into needing to support 2 sources of truth because |
| remove_filter( "option_{$option_name}", $mask_callback ); | ||
| $value = get_option( $option_name, '' ); | ||
| add_filter( "option_{$option_name}", $mask_callback ); |
There was a problem hiding this comment.
Masking is nice, but should we also encrypt out API keys before we store them in them the database? Seems like a bigger problem than before when giving AI access to your database is one of the bigger practical use cases for agentic site work.
Also confirming - add_filter( 'option_{$option_name}', static fn () => MY_PRIVATE_ENV_CONST, 9 ); is the only way to programmatically bypass db storage for enterprise and other security or deployment minded folks who care about these things, and that too might break in 7.1?
| * @param string $value The raw option value. | ||
| * @return string Masked key or empty string. | ||
| */ | ||
| function _gutenberg_mask_gemini_api_key( string $value ): string { |
There was a problem hiding this comment.
These are all private anyway, why even bother? I say we ditch the boilerplate and just call _gutenberg_{mask|sanitize}_api_key() directly unles/until we have one that deviates.
I hope we can agree that long term we don't want any of this in core itself anyway over the actual providers, so imo no reason to ship any of this boilerplate.
Co-authored-by: jorgefilipecosta <jorgefilipecosta@git.wordpress.org> Co-authored-by: gziolo <gziolo@git.wordpress.org> Co-authored-by: justlevine <justlevine@git.wordpress.org> Co-authored-by: westonruter <westonruter@git.wordpress.org> Co-authored-by: jeffpaul <jeffpaul@git.wordpress.org> Co-authored-by: JasonTheAdams <jason_the_adams@git.wordpress.org> Co-authored-by: audrasjb <audrasjb@git.wordpress.org> Co-authored-by: shaunandrews <shaunandrews@git.wordpress.org> Co-authored-by: felixarntz <flixos90@git.wordpress.org>
|
I just cherry-picked this PR to the wp/7.0 branch to get it included in the next release: 336a47b |
Another case that should be tested, is revoking a key that was valid on the provider website, oppening the connectors screen again and verify that it stops saying connected and allows to setup a different key. |
Adds `wp-includes/connectors.php` (loaded from `wp-settings.php`) and registers a Settings > Connectors submenu when the AI client and Connectors admin page renderer are available. Registers connector API key settings in `/wp/v2/settings`, masks key values on option reads, validates keys against provider configuration, and returns `invalid_key` for explicitly requested connector fields when validation fails. Stored connector keys are also passed to the AI client registry on init. Gutenberg PR at WordPress/gutenberg#75833. Developed in #11056. Props jorgefilipecosta, gziolo, flixos90, justlevine, westonruter, jeffpaul, JasonTheAdams, audrasjb, shaunandrews, noruzzaman, mukesh27. Fixes #64730. git-svn-id: https://develop.svn.wordpress.org/trunk@61749 602fd350-edb4-49c9-b593-d223f7449a82
Adds `wp-includes/connectors.php` (loaded from `wp-settings.php`) and registers a Settings > Connectors submenu when the AI client and Connectors admin page renderer are available. Registers connector API key settings in `/wp/v2/settings`, masks key values on option reads, validates keys against provider configuration, and returns `invalid_key` for explicitly requested connector fields when validation fails. Stored connector keys are also passed to the AI client registry on init. Gutenberg PR at WordPress/gutenberg#75833. Developed in WordPress/wordpress-develop#11056. Props jorgefilipecosta, gziolo, flixos90, justlevine, westonruter, jeffpaul, JasonTheAdams, audrasjb, shaunandrews, noruzzaman, mukesh27. Fixes #64730. Built from https://develop.svn.wordpress.org/trunk@61749 git-svn-id: http://core.svn.wordpress.org/trunk@61055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
CI run: #11059. See #64595. --- I've included a log of the Gutenberg changes with the following command: git log --reverse --format="- %s" 23b566c72e9c4a36219ef5d6e62890f05551f6cb..022d8dd3d461f91b15c1f0410649d3ebb027207f | sed 's|#\([0-9][0-9]*\)|https://github.com/WordPress/gutenberg/pull/\1|g; /github\.com\/WordPress\/gutenberg\/pull/!d' | pbcopy - Pattern Editing: Fix nested patterns/sections (WordPress/gutenberg#75772) - QuickEdit: rename status label and remove extra labels in popup (WordPress/gutenberg#75824) - Fix block editing modes not recomputing when isolated editor value changes (WordPress/gutenberg#75821) - Synced patterns: Fix block editing mode of synced pattern content when nested in an unsynced pattern (WordPress/gutenberg#75818) - Block Support: Fix custom CSS not saved when style schema is not defined (WordPress/gutenberg#75797) - Gallery: Fixes keyboard focus escaping the lightbox overlay when navigating a gallery with Tab/Shift+Tab. (WordPress/gutenberg#75852) - Navigation Overlay Close: Set Close as default text, rather than using a placeholder (WordPress/gutenberg#75692) - RTC: Fix entity save call / initial persistence. (WordPress/gutenberg#75841) - Real-time collaboration: Improve collaboration within the same rich text (WordPress/gutenberg#75703) - Client Side Media: Add device/browser capability detection (WordPress/gutenberg#75863) - Navigation editing: simplify edit/view buttons (WordPress/gutenberg#75819) - Add core/icon block to theme.json schema (WordPress/gutenberg#75813) - Fix error when undoing newly added pattern (WordPress/gutenberg#75850) - Page List Item: Replace RawHTML with dangerouslySetInnerHTML for label and title (WordPress/gutenberg#75890) - REST API: Make filter_wp_unique_filename() static to match core, plus avoid duplicate routes (WordPress/gutenberg#75782) - RichText: useAnchor: Fix TypeError in virtual element (WordPress/gutenberg#75900) - DataViews: Remove menu divider again. (WordPress/gutenberg#75908) - Theme: Add build plugins to inject design token fallbacks (WordPress/gutenberg#75901) - Theme: Remove global stylesheet (WordPress/gutenberg#75879) - Real-time collaboration: Remove ghost awareness state explicitly when refreshing (WordPress/gutenberg#75883) - Real-time collaboration: Expand mergeCrdtBlocks() automated testing (WordPress/gutenberg#75923) - Fix client-side media file naming (WordPress/gutenberg#75817) - Add: Connectors screen (WordPress/gutenberg#75833) - Merge document meta into state map (WordPress/gutenberg#75830) - Move WordPress meta key from sync package to core-data (WordPress/gutenberg#75846) - Bugfix: Fix casing of getPersistedCRDTDoc (WordPress/gutenberg#75922) - Add debug logging to SyncManager (WordPress/gutenberg#75924) - DataForm: fix label colors (WordPress/gutenberg#75730) - DataViews: minimize padding for primary action buttons (WordPress/gutenberg#75721) (WordPress/gutenberg#75947) - Connectors: Add `_ai_` prefix to connector setting names and fix naming inconsistencies (WordPress/gutenberg#75948) - Connectors: Unhook Core callbacks in Gutenberg coexistence (WordPress/gutenberg#75935) - Unsynced patterns: Rename 'Disconnect pattern' to 'Detach pattern' in context menu (WordPress/gutenberg#75807) - Editor: Remove View dropdown and pinned items from revisions header (WordPress/gutenberg#75951) - Fix: Template revisions infinite spinner (WordPress/gutenberg#75953) - Backport: Avoid flickering while refreshing (WordPress/gutenberg#74572) (WordPress/gutenberg#75952) - Add wp_ prefix to real time collaberation option. (WordPress/gutenberg#75837) git-svn-id: https://develop.svn.wordpress.org/trunk@61750 602fd350-edb4-49c9-b593-d223f7449a82
CI run: WordPress/wordpress-develop#11059. See #64595. --- I've included a log of the Gutenberg changes with the following command: git log --reverse --format="- %s" 23b566c72e9c4a36219ef5d6e62890f05551f6cb..022d8dd3d461f91b15c1f0410649d3ebb027207f | sed 's|#\([0-9][0-9]*\)|https://github.com/WordPress/gutenberg/pull/\1|g; /github\.com\/WordPress\/gutenberg\/pull/!d' | pbcopy - Pattern Editing: Fix nested patterns/sections (WordPress/gutenberg#75772) - QuickEdit: rename status label and remove extra labels in popup (WordPress/gutenberg#75824) - Fix block editing modes not recomputing when isolated editor value changes (WordPress/gutenberg#75821) - Synced patterns: Fix block editing mode of synced pattern content when nested in an unsynced pattern (WordPress/gutenberg#75818) - Block Support: Fix custom CSS not saved when style schema is not defined (WordPress/gutenberg#75797) - Gallery: Fixes keyboard focus escaping the lightbox overlay when navigating a gallery with Tab/Shift+Tab. (WordPress/gutenberg#75852) - Navigation Overlay Close: Set Close as default text, rather than using a placeholder (WordPress/gutenberg#75692) - RTC: Fix entity save call / initial persistence. (WordPress/gutenberg#75841) - Real-time collaboration: Improve collaboration within the same rich text (WordPress/gutenberg#75703) - Client Side Media: Add device/browser capability detection (WordPress/gutenberg#75863) - Navigation editing: simplify edit/view buttons (WordPress/gutenberg#75819) - Add core/icon block to theme.json schema (WordPress/gutenberg#75813) - Fix error when undoing newly added pattern (WordPress/gutenberg#75850) - Page List Item: Replace RawHTML with dangerouslySetInnerHTML for label and title (WordPress/gutenberg#75890) - REST API: Make filter_wp_unique_filename() static to match core, plus avoid duplicate routes (WordPress/gutenberg#75782) - RichText: useAnchor: Fix TypeError in virtual element (WordPress/gutenberg#75900) - DataViews: Remove menu divider again. (WordPress/gutenberg#75908) - Theme: Add build plugins to inject design token fallbacks (WordPress/gutenberg#75901) - Theme: Remove global stylesheet (WordPress/gutenberg#75879) - Real-time collaboration: Remove ghost awareness state explicitly when refreshing (WordPress/gutenberg#75883) - Real-time collaboration: Expand mergeCrdtBlocks() automated testing (WordPress/gutenberg#75923) - Fix client-side media file naming (WordPress/gutenberg#75817) - Add: Connectors screen (WordPress/gutenberg#75833) - Merge document meta into state map (WordPress/gutenberg#75830) - Move WordPress meta key from sync package to core-data (WordPress/gutenberg#75846) - Bugfix: Fix casing of getPersistedCRDTDoc (WordPress/gutenberg#75922) - Add debug logging to SyncManager (WordPress/gutenberg#75924) - DataForm: fix label colors (WordPress/gutenberg#75730) - DataViews: minimize padding for primary action buttons (WordPress/gutenberg#75721) (WordPress/gutenberg#75947) - Connectors: Add `_ai_` prefix to connector setting names and fix naming inconsistencies (WordPress/gutenberg#75948) - Connectors: Unhook Core callbacks in Gutenberg coexistence (WordPress/gutenberg#75935) - Unsynced patterns: Rename 'Disconnect pattern' to 'Detach pattern' in context menu (WordPress/gutenberg#75807) - Editor: Remove View dropdown and pinned items from revisions header (WordPress/gutenberg#75951) - Fix: Template revisions infinite spinner (WordPress/gutenberg#75953) - Backport: Avoid flickering while refreshing (WordPress/gutenberg#74572) (WordPress/gutenberg#75952) - Add wp_ prefix to real time collaberation option. (WordPress/gutenberg#75837) Built from https://develop.svn.wordpress.org/trunk@61750 git-svn-id: http://core.svn.wordpress.org/trunk@61056 1a063a9b-81f0-0310-95a4-ce76da25c4cd




Very early exploration, in development.
Summary
What's Included
@wordpress/componentsand@wordpress/admin-uiconnections-wp-admin_initaction hookStatus
This PR is a work in progress.
Whats shown right now:
Some mockups of the end goal
Props to @shaunandrews



Testing:
Install all AI provider plugins.
Set API keys for every supported provider.
Remove the key and set it again for every supported provider.
When a incorrect API key is provided then it isn't possible to save it.
API keys are properly masked on the frontend (including REST API response).
Deactivate the AI provider plugin from the Plugins screen and activate the plugin again from the Connectors screen.
Uninstall the AI provider plugin from the Plugins screen and install the plugin again from the Connectors screen.
Revoke a key that was valid on the provider website and veify the screen does not says connected anymore.