WP Agentic Admin

The Local-First AI Site Reliability Engineer (SRE) for WordPress

We’re building a fully local, privacy-first AI agent that lives directly in your browser and acts as your personal WordPress Site Reliability Engineer, allowing you to execute tasks within the protected realm of your WordPress instance. We’re pushing the limits of WebGPU and WebLLM to run a Small Language Model entirely on the client side. No server costs. No API calls. Complete privacy.

How it works

You simply tell it: “My site is throwing a 500 error”

The Agent uses its thinking process to:

Read your debug log
Identify the rogue plugin
Propose a fix
If there is a solution, execute it at the user’s command

The Vision

Make agentic code work within smaller models so that workflows and tool calling can be possible via smart reasoning techniques to help users figure out issues inside their WordPress install and fix them without sharing sensitive data.

What’s Working

Local AI runs in-browser via WebLLM
Adaptive tool selection + workflows
Integration of WordPress abilities
Service Worker mode keeps model loaded across page navigation
Integration with WordPress Abilities API
Automated test coverage (partially)

What Needs Your Help

Small language models face specific challenges that larger models handle easily. We’ve identified 5+ critical improvement areas we could work on, such as reasoning, expanding on the abilities end as well as on the workflows and tooling creating. Also, feature upgrades that we might be missing that are super useful for the whole ecosystem around WordPress.

Target Audience

Frontend Wizards (WebGPU/WebLLM)

Wrangling the WebLLM library
Managing model state in-browser
Building the chat interface that talks to the GPU
Optimizing Service Worker persistence

WordPress Integration Engineers

Building Abilities API integrations
Writing PHP functions for safe cache flushing, SQL queries, plugin toggling
Ensuring WordPress security best practices

Prompt Engineers & AI Whisperers

Design System Prompts for small models
Build ReAct loop logic that teaches tool usage
Explain a debug.log to a small language model
Test behavioral edge cases

QA & Testing Engineers

Write test cases for edge cases
Create behavioral test suites
Stress-test with real WordPress environments
Measure success rates

Hackathon Goals

Get the local LLM to successfully “reason” and choose the right tool
Improve small model reliability
Better error handling
Smarter error log analysis
Add more abilities
Add more workflows
Google AI API introduction via browser extension
Adoption of core proposal feature WP AI Client

Results

WP Agentic Admin: Privacy-First AI for WordPress

The WP Agentic Admin team set out to prove that powerful AI assistance doesn’t require sending data to the cloud. Their project delivers a fully local AI Site Reliability Engineer that runs entirely in the browser using WebGPU and WebLLM, transforming WordPress admin into a natural language command center where site administrators can diagnose issues, run security scans, and manage their sites simply by describing what they need.

The eleven-member team, spanning developers, security specialists, and accessibility experts, arrived with a working prototype featuring 14 abilities and a ReAct agent loop powered by Qwen 3 1.7B, a small language model compiled to run on the user’s GPU. By the end of the three-day sprint, they had shipped 78 merged pull requests and tripled the plugin’s capabilities to 42+ abilities, covering everything from plugin vulnerability scanning against CVE databases to database optimization and content management.

A defining achievement on Day 2 was the Plugin Abilities Platform, arguably the team’s most strategically important contribution. This system allows any third-party WordPress plugin to auto-register its own abilities with the AI assistant, turning WP Agentic Admin from a standalone tool into an extensible ecosystem. The architectural decision to use WordPress’s native hook system means plugin developers can expose their functionality to the AI with just a few lines of code.

The team’s commitment to privacy drove several technical breakthroughs. Voice input was implemented using a local Whisper model, keeping all audio processing on-device with no recordings ever leaving the browser. An in-browser RAG (Retrieval Augmented Generation) system computes vector embeddings entirely client-side, enabling the AI to search and understand codebases without any external API calls. Even the feedback system with thumbs up/down ratings stores everything in localStorage rather than phoning home.

Accessibility was never an afterthought. The team drove the interface to full WCAG 2.2 AA compliance while building Gutenberg editor sidebar and admin bar integrations that make the AI assistant available from every WordPress admin page. CI/CD pipelines via GitHub Actions were established on Day 1, ensuring that the team’s rapid pace never compromised code quality, with PHP linting, JS linting, unit tests, and build checks running on every pull request.

Security received major attention with a comprehensive suite of tools: a multi-step “Check if Hacked” workflow that chains file scanning, core checksum verification, and database inspection, alongside plugin vulnerability scanning that cross-references installed plugins against the National Vulnerability Database. The team also built a WebMCP bridge enabling external AI agents to interact with WordPress via the emerging navigator.modelContext standard, and web search capabilities that parse DuckDuckGo results without requiring API keys.

To ensure no one is left behind regardless of hardware, the team added GPU capability detection, f32 precision fallback for older devices, and a complete external AI provider infrastructure for users whose machines can’t run local models. The external provider system proxies requests through WordPress REST to avoid CORS issues, supporting Ollama, LM Studio, OpenAI, and any compatible endpoint.

Post-hackathon, the team continues active development with eyes on proposing the WordPress Abilities API for WordPress core, expanding the Plugin Abilities Platform ecosystem, and supporting newer model architectures as WebLLM compilation support grows. The project demonstrates that meaningful AI integration in open-source software doesn’t require surrendering user privacy or depending on commercial API providers.