Changelog

Follow new updates and improvements to SnipVault.

July 2nd, 2026

SnipVault 1.3.0 is our biggest release yet. This update introduces two features that fundamentally change how you build and organize custom functionality in WordPress: an autonomous AI coding agent that writes, tests, and deploys snippets for you, and a project workspace system that brings real structure to your snippet library.


Meet the Snippet Engineer

The Snippet Engineer is an AI-powered coding agent built directly into SnipVault. Describe what you want in plain English, and the agent writes the code, tests it in an isolated sandbox, runs a security audit, and asks for your approval before publishing — all without leaving the SnipVault panel.

This isn't a chatbot that pastes code for you to copy. It's a multi-step autonomous agent that plans, writes, validates, self-corrects, and deploys, with you in control at every decision point.

How it works

Tell the agent what you need — "Add a custom WooCommerce discount that gives 15% off orders over $100 for logged-in users" — and it takes over. It creates the snippet, writes PHP/CSS/JS as needed, runs the code in a sandboxed probe request to catch fatals before anything goes live, performs a security audit with risk scoring, and then asks for your approval before publishing. If something breaks after deploy, it automatically rolls back to the previous revision.

Parallel builds for multi-file projects

For larger requests, the agent splits work across parallel subagents. Need a custom admin page with a PHP handler, a CSS stylesheet, and a JavaScript module? The agent fans out 2–4 focused code-generation jobs that run simultaneously, each saving its output as a separate snippet the moment it finishes. The orchestrator plans and dispatches while the subagents generate — files are written and saved in parallel, not sequentially.

A live activity card shows each subagent's status, language, and a code preview as it works, with per-file "Saved" confirmation once persisted.

You stay in control

Every deploy goes through server-enforced publish gates: the sandbox must pass against the current code, and the security audit risk score must fall within your configured ceiling. Deploy approval is always human-in-the-loop by default, with an optional autopilot mode for lower-risk work. Signed deploy tokens and a full audit log track every write, deploy, rollback, and filesystem action.

The agent can also pause to ask you questions mid-run — clarifying requirements, confirming a plan before execution (Plan mode), or checking whether to publish drafts. Keyboard shortcuts (1–9) make answering quick.

A Cursor-style interface

The Snippet Engineer lives in a unified side panel accessible from anywhere in SnipVault. Four modes cover different workflows: Agent for autonomous multi-step builds, Chat for conversational help, Ask for quick questions about your codebase, and Plan for reviewing a proposed approach before the agent executes.

The composer supports @-mention autocomplete for snippets, projects, hooks, and plugins, so you can point the agent at exactly the right context. Conversations persist across sessions, and you can pick up where you left off or start fresh.

A model picker lets you choose between configured AI providers (Anthropic, OpenAI, xAI, Gemini) right from the composer — switch models mid-conversation if you want.

Built for performance

Real token-by-token streaming across all providers means you see the agent's thinking and code as it's generated — no more staring at a spinner for 30 seconds. Prompt caching keeps costs down on multi-turn runs. Incremental edits via apply_snippet_edits send only changed hunks instead of rewriting entire files. And detailed per-run performance traces give you full visibility into provider latency, tool durations, and token usage.


Project Workspaces

As your snippet library grows, folders alone aren't enough. SnipVault 1.3.0 introduces Projects — a new organizational layer that groups related snippets and folders into self-contained workspaces.

A global project switcher in the top toolbar lets you move between projects instantly. Each project gets its own folder tree, its own snippet list, and its own URL namespace (#/projects/{id}/snippets/{snippet-id}). A dedicated Projects page provides a grid view for creating, editing, duplicating, and deleting projects.

On upgrade, your existing snippets and folders are automatically migrated into a Default project — nothing breaks, nothing moves unexpectedly.

The Snippet Engineer is fully project-aware. It receives the active project's context, folder tree, and structure in its system prompt, and has tools to create projects, create folders, move snippets, and organize multi-file builds into logical groupings. Ask it to "set up a WooCommerce customization project with separate snippets for pricing, cart, and email templates" and it'll scaffold the entire workspace.


Security & reliability improvements

Several fixes tighten the agent's security posture and improve reliability on shared hosting:

  • Folder and batch deploys now enforce the same audit, risk ceiling, and sandbox checks per snippet that single deploys require — no more bypassing gates through batch operations.

  • Agent filesystem reads are restricted to wp-content/themes and wp-content/plugins, with a path traversal fix in the sanitization layer.

  • Agent trace files are protected with .htaccess deny rules, filesystem paths are stripped from API responses, and trace reads are scoped to the run owner.

  • The agent chat custom post type is hidden from the core REST API — only SnipVault's custom routes can access it.

  • The publish prompt no longer hangs on shared hosting. Pause state is checkpointed before waiting for input, expired run IDs are recreated on resume, and stale session locks are cleared after proxy timeouts.

  • Dashboard CPU telemetry gracefully skips /proc and /sys when open_basedir blocks them, instead of flooding PHP error logs.


Additional improvements

  • Image attachments in agent chat — attach images from the composer, upload to the media library, and send to vision-capable models with thumbnail previews and chat history replay.

  • Incremental snippet edits — the new apply_snippet_edits tool sends only changed hunks via search/replace, so small fixes don't require rewriting the entire file.

  • Batch deployrequest_deploy_batch publishes multiple snippets in one call; request_folder_deploy supports project-level deploys.

  • Live code streaming — agent-written code types into the editor progressively as it's generated, with reduced-motion support.

  • Task checklists — the agent creates and updates a visible task list for complex multi-step work, with live progress tracking synced to tool execution.

  • Provider compatibility — transparent handling of max_tokens vs max_completion_tokens for newer OpenAI models, and automatic temperature parameter stripping for models that deprecate it.

  • HTML snippet fix — snippets saved with the wrong .php extension now correctly use .html, matching GitHub sync and export naming.

  • AI settings UX — provider cards group API keys with their models, one-click recommended model setup, and a new Remove button for disconnecting providers.

May 22nd, 2026

  • Fixed WordPress 7 admin app bootstrap failure — removed pre-escaped esc_attr() / esc_url() values passed to wp_print_script_tag() so JSON config attributes (user-roles, snipvault-settings, post_types, etc.) are no longer double-encoded and JSON.parse() can read them correctly

May 19th, 2026

This release is a deep quality pass on the editor experience — tightening up the things you use every day.

Editor improvements

Two small but satisfying CSS shortcuts have been added: pressing Enter after a property declaration can now auto-insert a missing semicolon, and typing ! in a declaration context expands to !important; automatically. Both are opt-in.

Paste behaviour is also fixed — aggressive auto-indent was adding unwanted leading spaces to pasted code. That's gone.

Auto-minify

Snippets can now opt into automatic minification. When enabled, SnipVault generates a separate .min.css or .min.js artifact on save using proper parsers (scssphp for CSS, matthiasmullie/minify for JS) and serves the minified version at runtime, with a safe fallback to the original source if anything goes wrong.

GitHub sync

A fix for false conflict detection after regular saves — internal sync metadata is now excluded from editor REST updates so stale tracking values can no longer overwrite your sync state.

Other fixes

  • CSS build output now includes content hashes for proper cache-busting after updates

  • "Unsaved changes" indicator in the editor toolbar

  • Per-language format-on-save settings (PHP, JS, CSS, SCSS, HTML) with configurable print width, tab width, and indent style

  • Snippet warning messages now clearly distinguish NOT_LOADED (intentionally blocked) from runtime errors

  • Dashboard issues list now shows per-snippet breakdowns with direct links to each snippet's Errors panel

March 13th, 2026

A fast follow-up to 1.2.0 focused on production stability, safety, and a brand new dashboard. This release hardens settings persistence, adds multiple layers of snippet error protection, and delivers a full monitoring home page.


New Dashboard

SnipVault now opens to a dedicated dashboard home page. It surfaces snippet health KPIs — active, inactive, and those with runtime errors — alongside best-effort system telemetry for server load and RAM, each with live sparklines polling every 5 seconds. An ECharts-based PHP error trend chart shows the last 7 days grouped by day, with severity counts in the header row and full light/dark mode support.

A Server Health card shows WordPress version, PHP version, disk usage, SSL status, timezone, PHP memory limit, and a summary of available updates with links to the relevant admin pages. Error log analysis now attributes PHP errors to their source — plugin, theme, WordPress core, or SnipVault — and a dedicated "Errors by Source" card groups them with expandable sections so you can pinpoint what's causing problems at a glance.


Safe Mode & Activation Health Check

Two new safety nets protect your site from broken snippets. On plugin activation, SnipVault now temporarily disables all snippets, runs HTTP requests against both admin and frontend, scans the error log for snippet-origin fatals, and auto-deactivates any problematic snippets with a note explaining why. That note stays visible in the snippet editor until you fix and republish.

Safe Mode can also be triggered manually via an "Activate in Safe Mode" link in the plugins table. When enabled, no snippets execute at all. A toggle in Settings → Features controls it, and a "Deactivate Safe Mode" link appears when it's active. On top of this, the SnippetErrorHandler now catches fatal errors during snippet execution so a broken snippet no longer white-screens your site — it logs the error and continues loading.


PHP Syntax Validation

PHP snippets are now validated via nikic/php-parser before save. Invalid syntax blocks the save and shows a parse error with the exact line number. The format-on-save flow has been updated so that invalid code skips formatting and falls through to backend validation cleanly, rather than throwing a console error.


Settings Stability

This was the biggest area of fixes. Settings reads and writes have been migrated to a dedicated snipvault/v1/settings endpoint, moving away from wp/v2/settings which proved unreliable on production hosts with restrictive core endpoint behaviour. Explicit object cache invalidation has been added after every settings update so Redis/Memcached environments no longer serve stale data.

The hydration flow has been hardened to prevent mount-time race overwrites — immediate child @update saves are blocked until settings are fully loaded. The entire persistence foundation has been stabilised end-to-end: canonical PHP defaults and normalization, aligned REST schema defaults, frontend bootstrap/load/save normalization, defensive array guards to prevent .some()/.length crashes, and shared sanitization across GitHub and settings writers to prevent shape drift after reload.

Individual fixes include: PHP Global Variables now persist on production, the Global Variables section no longer crashes when adding a variable with async settings, settings search no longer crashes when a section lacks keywords, and code editor font size properly validates and persists (8–32px range, default 12).


Snippet Error Logging & Protection

All snippet errors — caught and fatal — are now written to the PHP error log with a [SnipVault Snippet #id] prefix. The Error Log dashboard recognises snippet-origin errors and groups them under "Custom Snippet" with the snippet title. When PHP Global Variables are deleted, removed keys are tracked and defined as null so snippets referencing them don't fatal; re-adding a variable restores it to normal.


GitHub Library Improvements

The Library panel now has a configurable source setting — choose between the built-in SnipVault Library or your connected GitHub repository. When GitHub is selected, repo files are shown inline on a single page with search and bulk import. The click-to-inspect workflow, list item styling, and detail panel match the default Library UI exactly. The GitHub Library inspect view also includes a revision tree so you can browse historical commits and preview a snapshot before importing.


Other Additions

  • Featured images per snippet — upload from the media library, toggle visibility in the snippets list, click to view full-size

  • Editor-only frontend live reload — CSS/SCSS updates apply without a full refresh for logged-in admins; PHP/JS/HTML changes trigger an automatic page reload; configurable in Settings → Features

  • Full screen toggle in the top-right toolbar with state persisted in localStorage


Security Hardening

  • GitHub OAuth callback now validates and consumes one-time state tokens before exchange, with initiating-user match enforcement

  • Snippet export downloads use short-lived signed tokens; direct public ZIP access is blocked

  • The SQL skip_security_check bypass path has been removed from the REST API — dangerous query checks are always enforced server-side

  • Legacy anthropic_key is preserved when normalizing provider-based AI settings to avoid key loss on upgrade

  • Media upload MIME validation now supports wildcard patterns like image/*


Bug Fixes

  • Fixed duplicate error notifications when the error log is unavailable — now shows a single friendly notice

  • Fixed Error Trend chart tooltips being cut off by container overflow

  • Fixed server load progress bar always reading 100% on Mac/Docker — load average is now scaled by CPU count with robust detection across platforms

  • Fixed incorrect server load normalization for containerized hosts — now uses 1-minute load with cgroup/cpuset-aware CPU limits and a non-linear scaling curve for shared hosts

  • Fixed PHP Error Trend chart rendering in Shadow DOM + CSS grid — replaced vue-echarts with direct ECharts init to avoid the 0-dimension fallback

  • Fixed commit inspection Monaco diff issues from 1.2.0

March 12th, 2026

This is the biggest SnipVault release yet — packed with GitHub sync, multi-provider AI, security auditing, relationship intelligence, and a completely refreshed UI. Here's everything that's new.


GitHub Sync

Full bidirectional GitHub sync has arrived. Connect your GitHub account directly from SnipVault settings via a centralised OAuth flow — no need to create per-site OAuth apps. Once connected, pick an existing repo or create a new one, choose your branch and base path, and you're ready to go.

Sync works per-snippet: toggle "Sync with GitHub" on the snippets you want tracked, and SnipVault handles push, pull, conflict detection, and resolution from there. Auto-sync runs on a scheduled cron, or you can trigger it manually at any time. Bulk actions let you sync, push, or pull multiple snippets from the list view.

Each synced snippet gets a revision tree in the sidebar — styled after Cursor IDE's commit timeline — where you can inspect any commit's message, patch, and full code snapshot. A compare mode powered by Monaco diff view lets you see exactly what changed between any commit and your current editor content.

Sidecar .snipvault.json metadata files travel with your snippets to GitHub, so importing on a fresh install restores all settings, flags, and tags automatically. The new "Import from GitHub" flow in the Library lets you browse your configured repo and pull in files as local snippets.


Multi-Provider AI

SnipVault's AI assistant is no longer Claude-only. You can now choose between Anthropic, OpenAI, Google Gemini, and xAI (Grok) as your AI provider, each with its own API key storage and model selection. Existing installs using the original Anthropic key and Claude model continue to work — full backward compatibility is maintained.

The assistant itself has been reworked with a review-first suggestion flow. AI responses no longer auto-overwrite your code. Instead, you get structured proposals with explicit actions — View diff, Copy, Discard, or Apply (which snapshots a revision before applying). You can also choose what you're asking for: General, Explain, Find bugs, Security harden, or Refactor.


Security Audit Center

A new advisory Security Audit Center provides static risk analysis for your snippets. Run scans individually or in bulk, and each snippet gets a risk score, risk level, and detailed findings stored as metadata. A dedicated panel in the snippet editor surfaces audit results inline, and the snippets list includes quick filters for "High risk" and "Needs review."


Relationship Intelligence

SnipVault now extracts and scores relationships between snippets — dependencies, shared hooks, and symbol references — with a full dependency graph. Related snippet insights appear in a dedicated editor panel, and the underlying graph data can be rebuilt on demand from the toolbar.


Snippet Organization

New metadata flags give you more ways to organise: favourite, pin, mark as template, or track recently opened snippets. Quick filters in the snippets list let you slice by Favourites, Pinned, Recent, Templates, High risk, or Needs review. A new semantic search field finds snippets by title, description, content, hook, or dependency symbols. You can also save custom views that persist across sessions.


UI Refresh

The interface has been tightened up across the board. Toolbar actions are consolidated into a dropdown menu triggered by a plus icon. Right-click and three-dot context menus give per-snippet access to Favourite, Pin, Template, Duplicate, and Delete. Snippet icons and colors now match file-type mappings (PHP, JS, CSS, SCSS, HTML, JSON, TXT), and checkboxes overlay the file icon on hover. Breadcrumbs show the snippet file name instead of an ID. Settings tabs now use query params for shareable deep links and proper browser history. All icons have moved to lucide-vue-next.


Other Improvements

  • PHP 8.2 is now the minimum requirement, with a graceful admin notice instead of a crash for older versions

  • Settings page sections are linkable via query params (e.g. ?section=ai)

  • Translation workflow added with Google Cloud automation and corrected .pot output naming

  • Fixed false unsaved-changes warnings caused by editor autoformat on snippet open

  • Fixed several Monaco editor race conditions in the commit inspection diff view

November 24th, 2025

We're thrilled to announce SnipVault 1.1.10, featuring the game-changing Remote Sites capability that transforms SnipVault into a centralised management hub for all your WordPress sites.

Remote Sites: Manage Everything from Anywhere

This is the feature you've been waiting for. SnipVault can now connect to and manage multiple remote WordPress sites from a single dashboard. Install SnipVault on any of your sites, configure your remote connections, and suddenly you have complete control over snippets, error logs, and all SnipVault features across your entire WordPress portfolio.

Here's what this means for you:

  • Centralized Snippet Management - View, edit, create, and organize snippets across all your sites without logging into each one individually

  • Unified Error Monitoring - Monitor PHP error logs from all your sites in one place

  • Cross-Site Operations - Manage settings, folders, and features for any connected site

  • Instant Site Switching - A sleek dropdown selector with search and site favicons lets you switch between sites instantly

Simply configure your remote sites with a URL and application password in the new Remote Sites settings section, and you're ready to manage your entire WordPress network from wherever you want. Whether you're managing client sites, a network of your own properties, or an agency portfolio, Remote Sites makes multi-site snippet management effortless.

Completely Redesigned Settings

The settings page has been rebuilt from the ground up with organization and usability in mind. A clean left navigation sidebar now organizes settings into logical sections: License, AI & Claude, Security, Features, Editor, PHP Configuration, Remote Sites, and Danger Zone.

Finding what you need is instant thanks to the new search functionality that filters settings sections as you type. It's a modern, intuitive interface that scales beautifully as SnipVault's feature set continues to grow.

Rock-Solid WP-CLI Interface

We've completely refactored the WP-CLI interface for maximum reliability across different hosting environments. The new implementation uses a dedicated REST API endpoint instead of admin-ajax, with comprehensive error handling, timeout protection, and improved path detection.

Key improvements include:

  • Proper success/failure detection that actually works

  • Timeout protection for long-running commands (5-minute limit)

  • Better error messages with debugging information

  • MySQL client tools detection for database commands

  • Compatibility fixes for shared hosting with open_basedir restrictions

  • Graceful handling of disabled PHP functions like putenv()

  • Reduced memory limits to prevent server overload

  • Enhanced path detection with fallback to bundled wp-cli.phar

The WP-CLI interface now works reliably on challenging hosting environments like InstaWP and shared hosting providers with strict security configurations.

Improved Snippet Organization

Fixed a race condition that could cause snippets to end up in the wrong folders on slow connections. Snippets now wait for folders to load completely before processing folder assignments, with safeguards to prevent filtering from running prematurely. Your snippet hierarchy now displays correctly every time, regardless of connection speed.


Update now to unlock Remote Sites and transform how you manage snippets across your WordPress portfolio. This is a major milestone for SnipVault, and we can't wait to hear how it streamlines your workflow.

November 23rd, 2025

We're excited to release SnipVault 1.0.21 with powerful new organization tools, security features, and enhanced AI model selection.

Organize with Tags

You can now tag your snippets for better organization and discovery. The new tag system includes a streamlined token input field right in the snippet editor where you can create, assign, and remove tags instantly. Start typing to search existing tags or create new ones on the fly. Remove tags with a simple backspace. It's a fast, intuitive way to keep your snippet library organized as it grows.

Enhanced Security Options

We've added two new security features to give you complete control over who can access SnipVault:

Password Protection - Set a password in settings to require authentication before anyone can access SnipVault. The password unlock modal appears when the plugin loads, and protection persists throughout the browser session. Passwords are securely hashed using SHA-256 before storage, keeping your snippets safe.

Restricted User Access - Need to limit SnipVault to a single user? You can now restrict access to just one administrator. When enabled, the menu item is hidden for everyone else, REST API endpoints are protected, and direct page access is blocked. Perfect for agencies or multi-user sites where you want tight control over snippet management.

Choose Your Claude Model

You now have full control over which Anthropic Claude model powers SnipVault's AI features. Select from the available models in settings, with the model list dynamically fetched from Anthropic's official API. The list automatically updates when you add or change your API key, and there's a manual refresh button to reload available models anytime. SnipVault intelligently falls back to your saved model if the API fetch fails.

File Browser Sorting

The file browser now supports comprehensive sorting options. Sort your files by name, date modified, file size, or file type, with the ability to toggle between ascending and descending order. The sorting UI matches the snippets list component for a consistent experience throughout SnipVault.

Additional Improvements

Defer Attribute for Modules - JavaScript module snippets now support the defer attribute, giving you more control over script loading behavior.

Dark Mode Fixes - Dropdown selects now display properly in dark mode with appropriate background and text colors, especially in Firefox where readability was previously an issue.


Update now to take advantage of these new organization and security features. As always, we recommend testing on a staging site first.

June 23rd, 2025

  • Added option to sort file browsing alphabetically, date modified etc.

  • Added options to disabled wp-cli, file browsing etc completely.

  • Added option to define specific admins who can access snipvault

April 15th, 2025

We're excited to share several new UI enhancements in this update:

  • Folder Color Customization: You can now color-code your folders! Simply click on any folder icon to access the color picker.

  • Improved UI Elements: We've refreshed the icons for accordions and condition group toggles for better visual clarity.

  • Resizable Panels: Both the snippets list and snippet options panels are now resizable, giving you more control over your workspace layout.

  • Condition Indicator: A new icon now appears whenever a snippet has conditions applied, making it easier to identify conditional snippets at a glance.

This update focuses on giving you more customization options and improving the overall user experience. Enjoy the new features!

March 20th, 2025

  • Improved error viewer logic

  • Improved PHP error log styles

  • Minor bug fixes

  • Fixed issue with PHP and 8.1 where composer would flag incompatibility (plugin requires 8.1 and above)