FAQ

Where are my API keys stored?

Encrypted at rest with sodium-secretbox, keyed off the platform's site secret — AUTH_KEY on WordPress, the Joomla site secret on Joomla — and stored in the platform's settings store (seanosai_settings option on WordPress, #__extensions.params for com_seanosai on Joomla). Neither plugin returns the plaintext to the browser — the Settings UI shows Key saved and a has_key boolean comes back over REST. If the underlying site secret ever changes, existing keys won't decrypt and you'll need to re-enter them.

No. Neither edition phones home and neither contacts any provider until you enable one. Once a provider is enabled, every chat turn sends prompts (and any attached files) to that provider's API endpoint — and that's it. Each provider's data-handling policy is documented in the readme's External Services section.

Can I use this offline?

Yes. Either:

  • Configure the Ollama provider pointed at a local Ollama instance

(http://127.0.0.1:11434 by default).

  • Configure the OpenAI-compatible provider against a self-hosted

server like vLLM, LM Studio, LocalAI, or text-generation-webui's OpenAI-compatible mode.

Both keep all prompts on the box.

Does it support multisite (WordPress) or multi-site (Joomla)?

WordPress multisite: yes. Each site gets its own seanosai_* tables, its own settings, its own conversations, its own attachments directory. Network activation runs the schema install per blog. There's no network-wide settings page on purpose — sites are intentionally siloed.

Joomla: Joomla itself is single-site, but the component is fully language- and template-aware. Settings live on the component row in #__extensions; conversations / audit logs use the standard Joomla table prefix.

How do I limit who can do what?

Two layers, with the same shape on both platforms:

  1. Tool toggle. Seanos AI → Tools (WordPress) / *Components →

Seanos AI → Tools* (Joomla) shows every registered tool and lets you turn individual ones off. Off means *the model never sees them in the tool list*, so it can't even try.

  1. Capability / ACL gates. Even if a tool is enabled, the platform

permission layer applies at execution time.

WordPress capabilities (kept the legacy slug names so existing role assignments don't break):

  • All tools require use_seanosai.
  • Write tools require seanosai_run_destructive_tools.
  • File-edit tools (write_file, edit_file, delete_file,

create_directory, restore_snapshot) additionally require seanosai_edit_files.

  • run_sql_write additionally requires seanosai_run_sql_write.

Joomla ACL: the chat itself requires core.manage on com_seanosai. Each write-tool call additionally checks core.edit on the relevant asset (com_content for create_article, the matching extension row for enable_extension, etc.).

Use a role-management plugin / add_cap() (WordPress) or the standard ACL editor under System → User Groups / Permissions (Joomla) to grant or revoke these per role.

What attachment types can I drop into the chat?

Four buckets, with provider-specific delivery:

KindFormatsWhat the model sees
Image.png, .jpg, .gif, .webpNative image input on any vision-capable model. Text-only models return a graceful "doesn't accept image inputs" error — switch model.
Text.txt, .md, .csv, .json, source filesInlined as a text content part, capped at 200 KB per attachment.
Office.docx, .xlsx, .pptxPlain text extracted server-side via PHP's native ZipArchive + DOMXPath (no composer dependencies) and inlined. The original binary stays on disk for download. Legacy .doc / .xls / .ppt aren't supported — re-save as OOXML. 10 MB cap per file.
PDF.pdfAnthropic and Gemini read PDFs natively (tables, layout, embedded images). On OpenAI / Grok / DeepSeek / GitHub Models / Ollama / generic OpenAI-compatible the plugin shells out to pdftotext (poppler-utils) for plain-text extraction; if poppler isn't installed, the agent gets an "install poppler-utils or switch to Anthropic / Gemini" note.

Every provider sees attachments now — previously only Anthropic and Gemini did.

How does image generation billing work?

Each generate_image call hits the configured image-provider's API directly and is billed there. The plugin never sits in the middle. Rough costs per image at the time of writing:

  • OpenAI gpt-image-2 (standard quality): around $0.04 per image.

DALL·E 3 standard is similar.

  • Google Gemini Imagen 3 / gemini-2.5-flash-image ("Nano Banana"):

comparable ballpark.

Monitor and cap spend at the provider level (OpenAI has a per-key hard limit; Google AI Studio has per-project budgets). The plugin treats generate_image as a write tool, so strict approval mode pauses on every call before it spends — see the next answer.

What happens if a tool fails or I reject it?

The model receives a tool result like Error: Tool not found or Error: Rejected by operator and the conversation continues. The agent typically apologises, picks an alternative tool, or asks you what to do next. Failures don't crash the conversation.

Can the agent break my site?

Every write is gated twice — once by the platform permission layer (capabilities / ACL) and once by approval mode. Strict mode (the default) pauses on every write tool call and waits for an explicit Approve click. The same approval gate covers generate_image (image-generation calls billing the configured provider), the content writers (create_article, edit_article, etc.), and every Pro write tool. The first time you give the Pro add-on permission to edit your wp-config.php / configuration.php, you'll see a full diff in the approval card and can reject it.

Pro snapshots every file the agent touches — under wp-content/uploads/seanosai-snapshots/ on WordPress, and as an audit-row blob on Joomla — so restore_snapshot can roll back any single change without restoring the whole site. That's a per-change safety net, not a backup tool. For full backups use a normal backup plugin / extension alongside Seanos AI.

Can I extend it?

Yes. Both free editions expose the same public extension surface — the hook mechanism differs per platform but the payload (a tool registry + a prompt catalog) is identical:

// WordPress (action hook)
do_action('seanosai_register_tools',   $registry, $enabled);
do_action('seanosai_register_prompts', $catalog);
// Joomla (event)
$dispatcher->dispatch('onSeanosaiRegisterTools', new \Joomla\Event\Event(
    'onSeanosaiRegisterTools',
    ['registry' => $registry, 'enabled' => $enabled]
));
$dispatcher->dispatch('onSeanosaiRegisterPrompts', new \Joomla\Event\Event(
    'onSeanosaiRegisterPrompts',
    ['catalog' => $catalog]
));

You can register custom tools and prompts from any plugin / extension you control. Both Pro add-ons use exactly these hooks — there's no private API. See Tools reference for the ToolInterface shape.

Is the Pro source visible?

Yes, both Pro add-ons are GPL-2.0-or-later (same as the free editions) per WordPress.org / JED rules. Buying Pro buys you the zip + lifetime updates + permission to ask for support. Source is in the zip.

What about refunds?

Seanos AI Pro carries a 7-day no-questions-asked refund on either edition. Send us a request via the contact form with your order ID within 7 days of purchase and we'll refund the full amount to your original payment method. Your download link is revoked at refund time so the zip stops resolving.

Who's behind Seanos AI?

Seanos AI is built and maintained by Sean White. Both editions ship under GPL-2.0-or-later. Pro is sold as a one-time payment with lifetime updates — no subscriptions, no auto-renewals. Updates ride the same download link the buyer received at checkout (and can be re-issued on request from the contact form).

I have a different question.

The fastest path is the chat agent (bottom-right of every page) — it can answer most questions and log support tickets, feature requests, and feedback for the team. For longer conversations, the contact form goes straight to the inbox. For free-edition questions you can also use the WordPress.org support forum or the JED listing's discussion thread (once the Joomla edition is listed).