For builders

Under the hood.

The chat sits on top of a real toolchain. WP-CLI, SSH, REST API, browser automation, file I/O — your skills can call any of them. Every command is shown before it runs, every credential lives in your Keychain, and every model is yours to pick.

If you're a developer

Real commands. Real escape hatches. Your model.

AgentPresso doesn't try to abstract WordPress away. It runs wp plugin install …, wp db query …, wp search-replace …, wp transient delete --all — the same commands you'd type into your terminal, except batched, logged, and reversible. If the agent's plan looks wrong, the plan is the actual command — you can read it before you approve it.

Skills are plain Markdown. A skill file says what it does in prose, which tools it's allowed to call (wp-cli, rest, ssh, browser, fs), and which sub-actions require approval. The bundled skills are written in the same format you'd use to write your own — no SDK, no compilation, no plugin system. Add or import skills inside Settings → Skills: write a new one directly in the app, or import a .md file you already have. The agent picks it up immediately.

For privacy-sensitive work, point AgentPresso at a local model running through LM Studio or any OpenAI-compatible endpoint. Set the base URL, set the model name, leave the API key blank, and the conversation never leaves your machine. Same skills, same chat surface, same approval flow — just running on your hardware.

Skill format (sketch)

---
name: rotate-salts
description: Rotates the wp-config.php salts safely.
tools: [ssh, wp-cli]
actions:
  read:  always
  write: approve
---

# Rotate WordPress salts

1. Read current salts from wp-config.php
2. Generate new salts via WordPress.org salts API
3. Show the diff to the user
4. Replace the salts block in wp-config.php
5. Flush all sessions

The skill format is a sketch. Real skills can have more sections (preconditions, post-checks, related skills, allowed file globs). Full skill schema is in the in-app help.

Connection methods

How AgentPresso talks to your site determines what it can do. You can connect a site with any combination of the four methods below — the more you provide, the more skills become available.

  • wp-admin pairing — the simplest. You sign into wp-admin once, the agent gets an Application Password through the standard WordPress auth flow. Enough for most content, SEO, and plugin tasks.
  • REST API + Application Password — for headless or scripted setups where you don't want a browser handshake. Same capabilities as wp-admin pairing.
  • SSH — the most capable. WP-CLI runs over the shell, the agent can read and edit files, restart services, look at logs, and rotate config. This is what unlocks the security and maintenance skills in full.
  • FTP / SFTP — for hosts where SSH isn't available but you still need file operations. Less powerful than SSH (no shell, no WP-CLI), but enough for theme/plugin file edits and uploads.

Every credential is stored in macOS Keychain, scoped to the site. The agent reads them at action time; they're never written to a config file or sent over the wire to anyone but the target host.

Permissions, in detail

Permissions are global, not per-site. You set them once, they apply everywhere. The model is three-state per category: Always (auto-approve), Ask (the agent stops and waits for your "yes"), Never (the agent refuses to attempt that class of action at all).

Categories cover read operations, write operations, database access, file system access, plugin and theme management, user management, and a few others. Most people leave reads on Always and writes on Ask — the calm middle ground.

Always-Protected actions are a hard floor. A small set of operations — deleting users, dropping tables, rotating salts, anything that's irreversible — always pause for confirmation regardless of how permissive your settings are. You can't accidentally turn them off.

Quick Mode is the opposite end: a session-level toggle that auto-approves everything except the Always-Protected set. Useful when you're knee-deep in a task and trust the next twenty steps. Off by default; turn it back on every session.

Privacy posture

  • All credentials stored in macOS Keychain. AgentPresso never writes them to a config file.
  • Your conversation is sent directly to whichever AI provider you pick — nothing routes through us, and we don't see, log, or store any of it. What the provider does with that data is governed by their privacy policy, which is worth a read before you choose one.
  • Local models supported through LM Studio. Use them and the conversation never leaves your Mac.
  • AgentPresso doesn't phone home. No anonymous usage analytics. No error reporter unless you opt in.
  • Sites can be exported as .agentpresso JSON files and shared between machines (with encrypted credentials).

You knew what you wanted before you opened the app.

AgentPresso is built to get out of your way. It does the boring parts, asks before the dangerous parts, and writes nothing down that you didn't write yourself.

Download for Mac   Or read the changelog →