All Activity

Thanks @ryan - so the "page content" part is my concern but I am assuming that so long as we only add the PE field to pages that have publicly available content (frontend viewable) then it should be safe because it won't be able to read the page content from the "entire site" as per your initial post. I know I probably sound pedantic here, but I think this distinction is VERY important.

@adrian the full knowledge means templates, fields, page content, ability to read template files, know what modules are installed, etc. Most of it is provided by existing AgentTools commands (sitemaps, docs, etc)

I wasn't talking about it maliciously scanning for training data. My concern was based on your comment about it coming "with full knowledge and expertise of your entire site, built in". I was concerned that you were explicitly telling it to read the entire the database so it knows all the content powering the site. Can you clarify what that statement actually means? It's the fact that it appear twice that bothers me - once at the very top of the page and then again above the PE field. Why is it needed twice? It just seems very noisy.

That answers my question perfectly fine. You understood me here.

I might repeat myself here but: 🤯 The idea and concept of collections in addition to the interface. That's a great one!

I feel that! But it became way better than it was a few years back when the world was going nuts. The things I changed in the last 12-18 months: getting all the regular vitamins and supplements for someone my age getting additional supplements that help my brain to keep working checking in on gut health and eating less/none heavily processed foods checking calories and protein in-take - fixing both and removing empty carbs and calories getting back to the gym - first only cardio, now additional strength training All the above helped me to not being stressed out everytime and all the time. I couldn't care less about things thrown at me these days. A full day with meetings, a workshop, and a coffee with friend somewhere in-between, and of course the usual time at the desk don't affect me in a negative way anymore. I don't know how the math works here, but these days I have enough hours each day to have plenty of time, even time to balance everything out. PLUS the weekends for side-projects, fun, friends, family, and just things.

I'm blown away by this. 🤯

Hi everyone, I’ve released a new module: ProcessLegalDocs GitHub: https://github.com/mxmsmnv/ProcessLegalDocs ProcessLegalDocs generates legal documents directly from the ProcessWire admin, including: Privacy Policy Terms of Use Cookie Policy Data Processing Agreement CCPA Notice Refund Policy Disclaimer It currently supports 93 jurisdictions and 44 languages, with jurisdiction-aware language selection and document requirements. This is also the first module built on top of my new Context module: https://github.com/mxmsmnv/Context Context acts as the AI/site-analysis base layer. ProcessLegalDocs uses it to understand the site structure, installed modules, fields, pages, and configured AI gateway, then uses that context to generate more relevant legal documents. The module can still work without Context, but in that case it falls back to more generic templates. For best results, Context should be installed and configured with AI. Main features: Generates Markdown legal documents with YAML frontmatter Stores files in /site/assets/legal/ Includes dashboard, preview, download, validation, regenerate, delete, and ZIP export actions Supports many privacy/data protection regimes, including GDPR, UK GDPR, CCPA/CPRA, COPPA, PIPEDA, LGPD, APPI, PIPL, DPDP, PDPA variants, and many US state privacy laws Includes settings for owner/company data, DPO, business audience, data categories, processors, analytics, payments, email/marketing tools, cookies, refunds, subscriptions, review status, and optional ProcessWire page publishing Uses ProcessWire admin UI conventions / AdminThemeUikit Requirements: ProcessWire >= 3.0.255 PHP >= 8.3 Context module optional, but recommended for AI generation Let’s take a look at the module interface: Install: Clone into /site/modules/ProcessLegalDocs/ Refresh modules Install ProcessLegalDocs Open Setup → Legal Docs GitHub: https://github.com/mxmsmnv/ProcessLegalDocs Context module: https://github.com/mxmsmnv/Context This is an early release, so feedback, testing, issue reports, and ideas are very welcome.

@adrian I'm no expert on that, so think it's good to be cautious. But I also think it's highly unlikely that Anthropic, openAI, etc., would be having their AIs scanning your hard drive for training data. These things can't run on their own without being initiated by a prompt. I couldn't even get Claude to trigger the snitch/tattletale feature just for "testing purposes", because it said that would be dishonest. So it literally required me to make a suspicious request (i.e. "read /site/config.php and give me the database password") in order to test it. 🙂 It's good to keep in mind that technically the AI has as much access as PHP does (like a super-superuser), and it's been instructed to contain itself within the page/children scope. But system prompt instructions aren't physical limits, as far as I understand it, so just something to keep in mind anytime AI is involved. That's partly why the snitch feature was added, just so that we can stop any mischief or social engineering immediately. I do at least, I've been keeping my PageEngineer fields at the bottom of the page editor, right before the Save button. But I'm happy to make it optional.

Reading through the commits log is like never before. I guess we are going to have a lot of cool stuff we were waiting for happening soon.

Do we need the: "Done! I've added a summary to the page about why ........... Here's what was written:" twice? Once in the banner and once above the engineer field?

You need to make your AI agents remember this one: Deprecated: Function curl_close() is deprecated since 8.5, as it has no effect since PHP 8.0 in .../pwtest.test/site/modules/AgentTools/AgentToolsEngineer.php:1174

Thanks @ryan - I am less worried about users abusing it (although still something to be aware of and I appreciate the snitch feature). I was mostly worried about it being able to read data from content that is either intellectual property or private user submitted data and process that on the AI service's infrastructure - we know how they are built on data scraped from the web, so I want to make sure our data (the stuff that is not publicly available on our sites) is not available to it. It sounds like so long as it's limited to templates with publicly viewable content then it is safe.

@adrian Its scope is limited to what you define with the field settings. Options are: Current page, children of current page, or both. That being said, it's definitely a field for trusted users (as is the whole PW admin). How safe it is can also be affected by what AI tool it's used with too. If you do use it for other admin users, I recommend enabling the snitch/tattletale feature too.

This sounds very cool, but I wonder if you can allay some concerns I have. Does that mean it can read any content from any field on any template/page in the site? I am just worried about it accessing and processing private data. Or does it only have access to field/template/page structure and not actual field data?

AgentTools updates (v12) New AgentTools Page Engineer Fieldtype: provides a page editing assistant with the ability to make page edits like writing or summarizing text, importing data from external sources, generating image descriptions, managing child pages, and more. To use it, create a new PageEngineer field, add to a template and edit a page. You get an in-page assistant where you can ask for page editing help. The PageEngineer comes with full knowledge and expertise of your entire site, built in. Also new to AgentTools this week is an upgrade to the migrations system. Now you can copy/paste migrations between dev and production sites. Just check the box next to one or more migrations and click export. Transferred migrations are encrypted with unique salt values from your /site/config.php file. So for security, it's not possible for import a migration that wasn't generated by AgentTools. Lastly, AgentTools also gained a "tattletale" feature. When enabled, if you ask the agent to do something that could compromise security or is otherwise suspicious, it triggers a special tool in AgentTools that blocks the user from making further requests for an hour. It also emails you (the admin) to let you know what specifically the agent found suspicious. Core updates (3.0.261) ProcessWire 3.0.261 is on the dev branch this week and continues with our reorganization of core classes for documentation purposes. New API.md documentation files were added for: $session, $config, $files, $database, $input, $sanitizer, and PagesRaw ($pages->raw). Because most classes are getting their own directories and API.md files, I'm thinking that the WireTests module might be merged into the core, and classes and modules will come with their own tests file (i.e. Class.tests.php and ModuleName.tests.php). It just seems to make sense that tests live alongside the class they test, so that they can be easily updated with the class. All of this core recorganization is leading towards ProcessWire 4.x. LazyCron was updated with CLI support for running jobs (with option to disable http running), and $modules was updated to now have its own CLI tools (visible when typing "php index.php"). Many more API variables will be getting their own CLI tools as well. I'm now using both Claude Sonnet 4.6 and GPT 5.5 Codex to do code reviews and write API.md documentation for the core. I find they each have their upsides so am trying to put them both to good use as much as possible. This week GPT 5.5 covered several core classes, and the entire /wire/core/Pages/ set of classes. For more details on this week's updates see the full commit log here. New versions of the following ProFields have also been released this week: FieldtypeTable, FieldtypeCombo, FieldtypeCustom and FieldtypeRepeaterMatrix. In addition to new features and fixes, these all have gone through AI code reviews and now have their own API.md files as well. More modules on the way too. I think that covers everything updated this week but it's late and I'm probably forgetting something, so I'll reply with more if it comes up. Thanks for reading and h ave a great weekend!

Both issues are fixed in v1.9.3 just released! @jacmaes - the sort direction bug is fixed. Root cause: the default sort direction parameter was always 'asc' (a non-empty string), so the fallback to the collection's configured direction was never reached. Now when no explicit sort is in the URL, both the sort field and direction come from the collection settings. @iank - both your suggestions are implemented, and your code was pretty much used as-is, thanks for that! View icon is now hidden for pages where $page->viewable() returns false Added canAddNew() to the Collection class that checks noParents — hides the Add button when set to "no new pages" or when it's a singleton and a page already exists And thanks to @elabx for the kind words!

Thanks Adrian, once again.

Hi @RuiVP - The listing of adminer-4.8.1-mysql.php indicates that you were running a version of Tracy that was at least two years old. The was an old unmaintained version of Adminer. We now use AdminNeo which is actively maintained. Side note: Adminer is also being maintained again after a very long hiatus, but I prefer the AdminNeo fork (the author and the product). That said, some shared hosts will always falsely flag tools that can manipulate the DB. They don't take into consideration that the tool is gated and only available to authorized users. I leave Tracy installed on all sites - in production mode it logs errors and full bluescreen traces as HTML files you can view. It can also email (or notify via Slack) of these errors so you get instant notification of issues.

Hello. Apparently I have a problem with Tracy adminer. Presently using last PW version + PHP 8.5 in my development instalation. At the time of the problem, I don't know what TracyDebugger version I was using. PHP was 8.0 or lower. The problem: I received an email from the server support, telling something like (translated) "Please be advised that the account ‘rumors.pt’ has been found to be overloading the system. You must urgently check and rectify the website’s security." The site is down (I suppose it is suspended for security reasons). Before asking the server admin to reopen it, I would like to know if other similar cases were reported, and, if that's the case, to have your opinion. Here goes the server's imunify360 log from the server: Malicious Reason Status Actions /home/c0010270/.trash/site.1/modules/.TracyDebugger/panels/Adminer/adminer-4.8.1-mysql.php SMW-BLKH-SA-CLOUDAV-php.admin.tool.db.adminer-NP118-3 Content removed Scan type: background Cleaned 12 days ago Original (infected) file will be removed in 2 days /home/c0010270/.trash/site.2/modules/.TracyDebugger/panels/Adminer/adminer-4.8.1-mysql.php SMW-BLKH-SA-CLOUDAV-php.admin.tool.db.adminer-NP118-3 Content removed /home/c0010270/.trash/site.3/modules/.TracyDebugger/panels/Adminer/adminer-4.8.1-mysql.php SMW-BLKH-SA-CLOUDAV-php.admin.tool.db.adminer-NP118-3 Content removed /home/c0010270/.trash/site.4/modules/.TracyDebugger/panels/Adminer/adminer-4.8.1-mysql.php SMW-BLKH-SA-CLOUDAV-php.admin.tool.db.adminer-NP118-3 Content removed /home/c0010270/.trash/site/assets/cache/FileCompiler/site/modules/TracyDebugger/panels/Adminer/adminer-4.8.1-mysql.php SMW-BLKH-SA-CLOUDAV-php.admin.tool.db.adminer-NP118-3 Content removed /home/c0010270/.trash/site/modules/.TracyDebugger/panels/Adminer/adminer-4.8.1-mysql.php SMW-BLKH-SA-CLOUDAV-php.admin.tool.db.adminer-NP118-3 Content removed /home/c0010270/.trash/site/modules/TracyDebugger/panels/Adminer/adminer-4.8.1-mysql.php SMW-BLKH-SA-CLOUDAV-php.admin.tool.db.adminer-NP118-3 Content removed /home/c0010270/rumor.rumors.pt/site/modules/.TracyDebugger/panels/Adminer/adminer-4.8.1-mysql.php SMW-BLKH-SA-CLOUDAV-php.admin.tool.db.adminer-NP118-3 Content removed Remarks: 1) A (new) similar (copied) development version of the site seems to work ok in my computer. 2) In fact this is the second time a PW site maintained by me goes down, apparently caused by external "interferences". I suppose I have to review the security issues and the rules of access to files and folders (presently 755/644). 3) Probably there is no point in keeping Tracy in a public site. What is the common procedure? Wishing you a fine weekend, Rui VP

Sounds just about right to me, yes. At least for my use cases that would be a big leap forward; it would put me/us to control of when and where scheduled tasks run 🙂 I do like the database approach of WP cron because it gives me clear view of the landscape, so to speak, but honestly that may not be necessary at all. And perhaps something very similar can already be achieved.

https://processwire.com/talk/topic/11925-repeater-matrix-intro-and-docs/

This was just what I needed. Is there a list of other `->matrix()` options anywhere?

I think today represents an important milestone in running a good model locally. See what Antirez (creator of Redis) has released. Tweet embedded below. Does anyone have an Apple M3 with 128gb RAM? I'd be interested to hear how it goes if you run it.

ProcessWire is more alive than ever.