MVP working · now productionizing

Claude Code for WordPress.

A non-technical website owner connects their live WordPress site and makes changes in plain English — “change my phone number,” “make the top bar navy,” “add a testimonials section.” An AI agent proposes every change draft-first with a before/after and a live preview. One click to Approve & publish. Everything is reversible, and it never fakes going live.

Status MVP working end-to-end Focus Reliable production hosting Live URL sitesitter.themeknock.workers.dev
Overall completion
~70%
Core product proven and working. Remaining work is infrastructure, email delivery, media, and launch polish.
The idea

What SiteSitter is & the problem it solves

Most small-business owners are stuck: every tiny website edit means emailing a developer, waiting days, and paying for it. SiteSitter puts a calm, honest AI editor in front of their real site — so they can just ask.

The problem today

Small edits are slow, costly, and scary

  • A phone-number change means emailing a developer and waiting.
  • Page builders are overwhelming for non-technical owners.
  • One wrong click can break the live site with no easy undo.
  • Generic AI tools bluff — they claim things are “done” when they aren’t.
The SiteSitter way

Ask in plain English. Approve. Done.

  • Type what you want; the agent finds what and where to change.
  • Every change is proposed draft-first with a before/after + live preview.
  • Nothing goes public without your Approve & publish click.
  • One-click undo, and it’s honest — it only says “it’s live” when it truly is.
Under the hood

How it works — three parts, one signed channel

SiteSitter is a plugin on the owner’s site, a backend “brain,” and a dashboard. They talk to each other over a cryptographically signed channel, so no one can spoof a change.

1

WordPress Plugin

PHP · on the live site

Installed on the owner’s WordPress site. It sends a snapshot (pages, text, header/footer templates, menus, links, styles) and applies approved changes draft-first — nothing public until approved, pulled via WP-cron. Has a simple Connect screen (backend URL + connect code).

Ed25519 + HMAC signed WP-cron pull Draft-first apply
2

Backend — the brain

Node.js / Express

Runs the AI agent, stores everything in SQLite (sites, sessions, users, connect tokens, instructions, audit), handles auth, mints connect codes, and runs the honest apply loop (only says “it’s live” when truly applied). Needs SQLite + headless Chrome + a cron, so it runs on a real host, not the edge.

OpenRouter · gemini-2.5-flash SQLite Headless Chrome
3

Portal — the dashboard

Next.js · owner-facing

The owner’s dashboard and chat UI: sign up / log in, add a website, the connect wizard, make-a-change chat, before/after + approve, changes history + undo, AI recommendations, health, security, settings, and billing.

Chat + approvals History + undo Connect wizard
Signed channel · Plugin ↔ Backend ↔ Portal

WP Plugin

On the live site (PHP)
Signed · snapshot / apply

Backend (Brain)

AI agent · SQLite · apply loop
Auth · sessions / approvals

Portal (Dashboard)

Owner chat + approve (Next.js)
Currently fronted by a Cloudflare Worker proxy (sitesitter.themeknock.workers.dev) that exposes the local backend + portal via Cloudflare tunnels.
Onboarding

How connection works

From sign-up to “Connected!” — the owner never touches a server URL. They paste one code and the site links itself to their account automatically.

1

Sign up with email — no passwords

The owner signs up in the portal using a passwordless magic link. No passwords to remember or leak.

2

Add a website → get a one-time connect code

They click “Add a website,” enter their site’s address, and the portal mints a one-time connect code. The owner never sees a server URL.

3

Install the plugin & paste the code

They install the SiteSitter plugin (upload zip → Activate), then paste the connect code on the plugin’s Connect screen.

4

The site enrolls & links automatically

The plugin exchanges the code with the backend (/api/v1/enroll/exchange) → the site enrolls and links to the owner’s account → the portal’s status card flips to “Connected!” on its own.

5

Every change after that is signed & honest

All requests are Ed25519-signed. The site pulls approved changes via WP-cron, applies them draft-first, then reports the honest result.

The core loop

How a change works — chat to live

The agent figures out what and where, proposes it draft-first, and only publishes after the owner approves. If something is genuinely ambiguous, it asks exactly one question.

01

Type plain English

“Make the top bar navy” or “add a testimonials section.”

02

Agent finds what + where

Uses its tools to locate the exact text, element, style, or link.

03

Proposes draft-first

Before/after diff + live preview. Nothing is live yet.

04

Clarify if needed

One interactive pop-up (radio / checkbox / confirm) only if truly ambiguous.

05

Approve & publish

Plugin applies it live and purges caches so it shows on reload.

06

Honest result + undo

Truthful “it’s live” confirmation, with one-click undo.

Agent toolset
find_text get_page inspect_styles propose_edit change_style edit_link edit_menu edit_page_title edit_seo edit_business_info create_section create_page ask_user undo_styles
Verified working

What’s done Done

The core product is proven end-to-end. Below is what actually works today, grouped by area.

The chat / edit engine

The heart of the product
Edit text anywhere — page content, Elementor elements, header + footer templates, case-insensitive matching.
Design & colours that reliably hit the right element via a live “style map.”
Links (page anchors, menu items, header/footer buttons) and menu rename.
SEO title/meta and business info (phone / hours / address).
Build new sections + pages — real Elementor blocks, no placeholders.
Multi-step — one compound request becomes a plan; one approval applies all.
Interactive clarify pop-ups (radio / checkbox / confirm + cancel) and undo for styles.

Honesty & safety

Why owners can trust it
Draft-first — nothing goes live without an explicit Approve.
Honest apply loop — never a false “it’s live,” plus post-apply self-verification.
Universal cache purge so approved changes show on a normal reload.

Speed

~4–11 seconds per change (fixed a bad 40–90s regression).

Onboarding P0

Real accounts, self-serve
Real magic-link sign up / log in / log out.
Real per-user accounts with per-user site scoping — each owner sees only their sites.
Self-serve “Add a website” + connect wizard with live “Waiting → Connected” detection.
The real logged-in user everywhere (replaced the hardcoded demo user).

Live & secured

Reachable today
A stable public URL via a Cloudflare Worker proxy.
Secured control endpoints (auth tokens).
Rotated API key and cost tuned for economical runs.
Honest roadmap

What’s partial or not built yet

Kept deliberately honest. The single biggest gap is reliable production hosting — everything else is scoped and prioritized.

P0 · NOW
Blocking launch

Reliable production hosting Partial #1 gap

Today it runs on free Cloudflare quick-tunnels from a laptop, which are fragile — they drop and get rate-limited. Two proper fixes are pending a decision:
Option A

With DNS access → a stable named tunnel on the owner’s own domain.

Option B

Deploy fully to Cloudflare (Pages + Containers) — laptop-free.

P0 · NOW
Needed at launch

Real email provider for magic links Partial

Right now dev-mode shows the magic link on-screen. Launch needs a real email service to actually send login emails.

P1 · NEXT
Feature gaps + polish

Missing capabilities & polish Mostly not built

  • Media: image / logo upload + swap — not built.
  • Fonts / webfonts — not built.
  • Menu add / remove / reorder — only rename works today.
  • P1 polish: first-run checklist with real data, settings persistence, first-change celebration.
P2 · LATER
Hardening + business

Scale, security & monetization Not built

  • Wire real cloud sessions / approvals fully.
  • Security hardening — rate-limits, CSRF.
  • Per-owner pre-pointed plugin download.
  • Real billing / trial gating.
Live right now

Current live status

SiteSitter is reachable today through a stable Cloudflare Worker proxy. Both the backend and the portal are served through it.

Known caveat: it currently runs on free tunnels, so it can drop. A permanent, reliable URL depends on the A / B infrastructure decision (named tunnel on a domain, or full Cloudflare deploy).