Safety by Default
Agent Builder is designed with a “read-only by default” approach. When you first activate an assistant, it can read your site content but cannot change anything without your explicit permission.
Permission System
Each assistant has granular permissions you control:
- Read posts/pages — View content on your site
- Write posts/pages — Create or modify content
- Read settings — View WordPress options
- Write settings — Change WordPress options
- Read files — View theme and plugin files
- Write files — Modify theme and plugin files
All write permissions are off by default. Enable only what each assistant needs.
Approval Workflow
Even with write permissions enabled, sensitive actions go through an approval process:
- The assistant proposes a change (e.g., “Create a new blog post titled…”)
- You see exactly what will change, including a preview
- You approve or reject the proposed change
- If approved, the change is applied and backed up
Audit Log
Every action taken by every assistant is recorded in Agent Builder → Audit Log. This includes:
- What action was requested
- Which assistant performed it
- When it happened
- Whether it was approved, rejected, or read-only
File Backups
Before an assistant modifies any file, the original is backed up to wp-content/agentic-backups/. If something goes wrong, you can restore the original file.