Release 2.0.1

Connecting to a local development site is now smoother: when a connection fails you see what went wrong and how to fix it, and the AI assistant keeps its access to the site after setup instead of failing with a certificate error.

Highlights:
- Exchange errors name the underlying TLS/network cause instead of a bare 'fetch failed', with NODE_EXTRA_CA_CERTS guidance on certificate-trust failures
- NODE_EXTRA_CA_CERTS set during connect is propagated into every generated MCP client config (Cursor, Claude Desktop, claude mcp add, printed configs)

Block MCP 2.0.0

Connect an AI assistant like Claude to your site in a few clicks — no
terminal, no config files. Block MCP 2.0 adds a guided setup at Settings →
Block MCP, gives the assistant its own limited account (separate from your
login and easy to disconnect at any time), and lets you control exactly what
it can create and whether it's allowed to move posts to the trash.

Highlights:
- Connect screen: one-click Claude Desktop installer (.mcpb), browser-Approve
  flow for Claude Code/Cursor, an AI-setup prompt, and a manual config option.
- Dedicated least-privilege agent account; interactive sign-in blocked;
  disconnect any client instantly from Active connections.
- Credentials never appear in URLs or browser history; sealed single-use
  exchange; config files written user-readable only.
- Per-site controls: post-type allow-list, media-upload toggle, trash gate
  (off by default), custom assistant instructions, block preference tiers.
- Assistant guidance: nested layouts (groups/columns/callouts) in one step,
  exact positioning contracts, paginated reads of very large pages.
- Fixes: local-file media uploads; misnamed tool parameters now rejected
  loudly instead of silently misplacing blocks.

Release 1.8.1 — BLOCK-20 fix: insert-child nests correctly into self-…

…closing wrappers

v1.8.0 — block.json-driven insert guard, full core/Gutenberg compat

Every WordPress core block and the full Gutenberg trunk block library now
compose cleanly through the write API. Each insert is validated against
the block's inline HTML attribute definitions, so malformed input is
caught up front with a clear, actionable error before becoming an
"invalid content" warning in the editor.

Highlights:

* Full compatibility coverage across every block in WordPress core and
  the entire Gutenberg trunk block library — verified on every release
  via a 187-test conformance suite (auto-refreshed from upstream).
* insert_blocks reads each block's own inline HTML attribute definitions
  from its block.json schema. Source-bound attribute sent without
  matching innerHTML → inner_html_required (400) with the offending
  field and canonical form to use. Covers core/paragraph, core/heading,
  core/image, core/button, core/html, core/shortcode, and every other
  block whose data is stored in markup.
* Legacy-block errors fire with a replacement suggestion even on sites
  that never had the source plugin installed.
* Strips empty class="" attributes from innerHTML on save (Gutenberg's
  save() never emits them, so stored ones tripped the invalid-content
  warning on next edit).

v1.7.1 — May 20, 2026

Fixes two Code Block Pro rendering bugs and hardens the wrapper against
attribute injection. Code blocks inserted by an AI agent now render
correctly (previously appeared as blank gaps), explicit `plaintext`
language is respected instead of being auto-detected (English prose
with the word "from" no longer renders as SQL), and caller-supplied
font / colour / className values are HTML-encoded before they reach
the wrapper markup.

Highlights:
- CBP blocks inserted via the API now render — enricher builds a
  minimal wrapper (matching CBP save()'s inline-style behaviour) when
  innerHTML is missing instead of leaving it empty
- Explicit language: 'plaintext' is respected; auto-detection only
  runs when the attribute is missing or set to 'auto'
- escapeAttr() helper HTML-encodes the five attribute-significant
  characters (& < > " ') on every wrapper style + className value
  before interpolation
- 14 new vitest cases covering wrapper build path, language contract,
  attribute encoding, and a regression test for </textarea> in code
- @gravitykit/block-mcp bumps from 1.7.0 to 1.7.2 across the two
  TS-server commits; WordPress plugin metadata aligns to 1.7.1

v1.7.0 — May 20, 2026

New per-site MCP server instructions addendum. Paste site-specific
conventions (callout className mapping, code-block theme, doc structure
rules) under Settings → Block MCP and every connected MCP client
receives them at handshake — no more rediscovery per session. Plain-text,
2,000-char cap, public-by-design endpoint with per-IP rate limiting.

Highlights:
- New admin field at Settings → Block MCP → "MCP server instructions"
  (textarea, live char counter, public-data warning)
- New REST endpoint GET /gk-block-api/v1/instructions — unauthenticated
  by design (clients fetch before any tool-call auth), Cache-Control:
  public, max-age=60, rate-limited at 30 req/min per IP
- TypeScript MCP server fetches the addendum at startup and combines
  with its hard-coded baseline before serverInfo.instructions reaches
  the SDK; BLOCK_MCP_INSTRUCTIONS_OFF=1 disables the fetch
- New Instructions service class (PHP) — option storage, sanitize, length
  cap, updated-at timestamp, per-IP sliding-window rate limiter
- Defense in depth: strips C0 controls, DEL, Bidi overrides, zero-width
  chars; UTF-8 code-point-safe truncation; HTTP-layer maxContentLength
  cap; maxRedirects: 0 to prevent cross-host redirects
- CBP enricher fixes (server v1.7.1):
  • respects explicit language: 'plaintext' instead of running auto-
    detection (the English-prose-detected-as-SQL bug)
  • builds wrapper innerHTML for fresh CBP blocks inserted via the API
    instead of leaving them as blank gaps on the front-end
- 71 new tests across PHPUnit + vitest (10 CBP + 26 Instructions unit +
  8 Instructions REST + 37 TS instructions covering fetch/sanitize/
  combine, surrogate-pair truncation, maxRedirects: 0, maxContentLength)

v1.6.1 — May 20, 2026

Fixes a 30-second timeout on /patterns for sites with many synced patterns: the per-pattern LIKE scan that ran twice per pattern is now a single chunked aggregate scan cached for an hour.

Highlights:
- /patterns no longer times out on sites with hundreds of synced patterns
- ?refresh=true on /patterns now requires manage_options (was edit_posts)
- Orphaned pattern refs dropped from the cache instead of polluting it
- Memory-bounded chunked scan caps peak resident memory regardless of post count

v1.3.0 — May 13, 2026

Yoast SEO integration rolled into the main MCP — titles, descriptions, focus keywords, schema, Open Graph, Twitter cards. Standalone yoast-seo-mcp deprecated and removed from the marketplace.

Highlights:
- yoast_get_seo / yoast_update_seo / yoast_bulk_update_seo
- Standalone yoast-seo-mcp removed (use block-mcp instead)

v1.2.0 — April 27, 2026

Docs lifecycle tools — create posts, update post metadata/status, list taxonomy terms, upload media to the Media Library. Closes the gap between block editing and full content lifecycle automation.

Highlights:
- create_post / update_post — full post lifecycle with status transitions, terms, featured media
- list_terms — taxonomy lookup for category/tag/custom assignment
- upload_media — multipart, URL sideload, base64 with SSRF guard

v1.6.0 — May 19, 2026

Adds a master kill-switch for media uploads with an admin checkbox,
restricts the create_post tool to a configurable post-type allowlist,
and closes several visibility leaks where drafts and password-protected
posts could appear in search and lookup results.

Highlights:
- Uploads kill-switch (Settings → Block MCP → "Allow MCP agents to
  upload media"); REST returns 403 before any I/O when disabled
- Post-types allowlist UI (3-column grid) restricts create_post
- gk_block_api_allow_taxonomy_in_terms filter opts private taxonomies
  back into /terms for the agent-editing use case
- Visibility leaks fixed on /post-info, /find-posts, /resolve, /terms,
  /patterns/{id}, and synced-pattern (core/block) expansion
- insert_pattern returns visible (flat) index and mints fresh refs on
  inlined blocks
- update-attrs deep-merges metadata so partial writes preserve gk_ref
  and bindings
- Post dates stored in site-local time
- Yoast cornerstone toggle off now actually disables it
- create_post / rewrite_post_blocks preserve innerHTML and innerBlocks
  (thanks @jakejackson1, #13)

See readme.txt Changelog for the full list.