psy

Thanks @Tiberium for the thoughtful reply. I don't think we're actually disagreeing. Your managed service model is a perfectly valid choice for your clients. Mine is different. I don't host or manage client infrastructure, and I prefer that domains, hosting and sites are owned by the client rather than by me. My original point wasn't really about client permissions though. It was that I was genuinely impressed by how Claude found an unexpected way to achieve the user's goal. It wasn't being malicious, it was being resourceful. That's both fascinating and, on a live production site, something we need to manage carefully. That experience reinforced for me the importance of approvals, audit trails and human oversight when AI is involved, regardless of who has superuser access.

There've been a few instances published about AI models going to extremes to solve a question. It's not that AI is malicious or over-eager to please. It's how it's wired. Find an answer or best guess or stop if there's an off-switch in the prompt when the goal cannot be reached. I have a non-technical client who thinks AI is the bee's knees and the answer to his content/SEO/GEO prayers. Client has no DDEV/SSH/FTP site access or coding knowledge. Claude app navigated the owner to the TracyDebugger console in admin to fulfil the owner's request to update site content. Client had no clue about TD until that moment. Claude did. It took client through a questionnaire about installed modules. Claude only had a 'snapshot' of pages, no holistic understanding of db, templates, etc. Client now thinks TD console is the best thing ever. He asks Claude a question. Claude answers and tells client to copy/paste it into TD console. Am now busy trying to bring Claude under control with audit trails, approvals and convincing client to use @ryan AgentTools to minimise risk. Yes, on live production site. OMG! No matter what your views on AI, it's out there and loves PW.

@HMCB Not sure how you'd implement this? You can cap the number of messages sent per conversation. The default is 20. The user will be warned when they have one question left. After that question is answered, the chat widget removes the input form. The user can continue in another chat by resetting the session.

@HMCB ChatAI will only suggest pages the user can access by role. Additional limits can be by template and/or a checkbox on a page template.

Now available in the Modules directory at https://processwire.com/modules/chat-ai/ and on gitHub at https://github.com/clipmagic/ChatAI What is it? ChatAI is a native ProcessWire AI chatbot module designed to answer questions about your site content, with a focus on: ProcessWire-first workflows Site-aware answers using RAG (Retrieval Augmented Generation) Respect for ProcessWire access control rule Admin visibility into usage and performance Keeping content ownership within ProcessWire Features include AI chat widget for frontend use RAG indexing of ProcessWire content Multi-role message support (system / assistant / user) Admin dashboard with metrics and observations Configurable prompts and behaviour Integration with AgentTools for model selection Role-aware retrieval (users only see content they can access) Frontend page restrictions Dictionary / weighting support for retrieval tuning Quick Start Ensure prereqs are installed, ie: PHP>=8.0, ProcessWire>=3.0.255, AgentTools>=0.1.1, TextformatterEntities, TextformatterNewlineBR Configure your chat LLM in AgentTools Configure your textembedder LLM in AgentTools Configure ChatAI module config with both the above Go to Setup->ChatAI and index your site pages (turn off Dry Run when you're ready). Add the CSS, Script and Widget to your template(s). After that, tweak to your heart's content, including adding languages, widget theming and prompts. Current status: Alpha Test thoroughly before using on live sites. Feedback welcome.

I’ve been using `TextformatterVideoEmbed` for YouTube/Vimeo embeds and made a small local patch that seems generally useful for generated iframe output. The change adds two attributes to generated iframe embeds when they are not already present: ```html loading="lazy" referrerpolicy="strict-origin-when-cross-origin" ``` This is independent of any consent/privacy module. It simply improves the default iframe markup produced by `TextformatterVideoEmbed`. The intended behavior is: - add `loading="lazy"` to iframe embeds by default - add `referrerpolicy="strict-origin-when-cross-origin"` by default - do not override either attribute if it already exists in the iframe markup - keep existing embed behavior unchanged otherwise Example implementation pattern: ```php if(stripos($embedCode, ' loading=') === false) { $embedCode = preg_replace('/<iframe\b/i', '<iframe loading="lazy"', $embedCode, 1); } if(stripos($embedCode, ' referrerpolicy=') === false) { $embedCode = preg_replace('/<iframe\b/i', '<iframe referrerpolicy="strict-origin-when-cross-origin"', $embedCode, 1); } ``` Reasoning: - Native iframe lazy loading is now widely supported and helps avoid loading off-screen video embeds unnecessarily. - `strict-origin-when-cross-origin` is also the modern browser default in many contexts, but making it explicit gives generated third-party embeds a safer baseline. - The change is low risk because it only applies to iframe markup and skips attributes already present. Would this be suitable as a small PR to the module? If preferred, it could also be exposed as module config options rather than hardcoded defaults.

LoginPassKey has undergone some changes. Latest version is 0.3.1 available at https://github.com/clipmagic/LoginPassKey As well as some 'under the hood' security upgrades, you can now login without entering a username/email. Simply click the 'Login with PassKey' button and if all the checks pass, you're automatically logged into either the admin area, or the frontend via LoginRegisterPro depending on your config/setup. A full list of the changes available at https://github.com/clipmagic/LoginPassKey/blob/main/CHANGELOG.md

Ditto. One thing missing in SEOMaestro is support for urlSegments. Fix is via a hook. Be great if SEO NEO supported urlSegments natively. Looking forward to seeing the new module 🙂

@szabesz thanks for letting me know. Yes, the link was a mistake. I wanted to pin the 1st comment to the the top for the latest info but didn't know how. In future will add new info above old for continuity. 🙂

For those who may have missed it, MarkupJsonLDSchema has undergone some major updates lately in light of the importance of structure data with AI. See for the latest info and d/l info

ProcessPromptManager is a ProcessWire admin module for generating site-aware prompt exports for external AI agents. It allows an administrator to select a template, define which fields an agent should populate, add instructions, and export a zip containing a markdown prompt and JSON field definitions. The module does not handle authentication or integration. It provides a controlled starting point for accepting structured input from external agents. Never include credentials or sensitive data in prompts. Module info: https://github.com/clipmagic/ProcessPromptManager/

@Soma So happy to see you back in the PW forums 🙂 Have been using your MarkupSimpleNavigation module for years without a problem, until well on current project. Timely! Problem was that current pages were not always being recognised as such. Fix was in function _renderTree line 211 - change: //$is_current = $child === $page; $is_current = ((int) $child->id === (int) $page->id); Credit to you that MuSNav has been solid for so long. Cheers psy

@maximus You're on fire 😄

Thanks @maximus Does it state in the docs that the project-summary.md should be updated at the end of each session via a prompt? Didn't RTFM 🙂

@ryan It's configured in PHPStorm settings. I don't have a JetBrains AI Service subscription. Went straight to OpenAI integration. https://www.jetbrains.com/help/ai-assistant/use-custom-models.html