MW
Tutorial 10 min read

Plugin management tool

List, install, activate, update — every plugin operation as a typed MCP tool with explicit safety rails.

Plugins Admin Safety Automation
Agent
plugins.*
WP Admin

1. Overview

Plugin tools must be gated harder than content tools. A wrong activation can break a site.

2. List & inspect

tools/plugins.list.ts typescript 
server.tool('plugins.list', 'List installed plugins.', {}, async () => {
  const list = await wpGet('/wp/v2/plugins')
  return { content: [{ type:'text', text: JSON.stringify(list, null, 2) }] }
})

3. Install / activate

tools/plugins.activate.ts typescript 
server.tool('plugins.activate', 'Activate a plugin by slug.', {
  slug: z.string(),
  dryRun: z.boolean().default(true),
}, async ({ slug, dryRun }) => {
  if (dryRun) return { content: [{ type:'text', text: `(dry-run) would activate ${slug}` }] }
  await wpPut(`/wp/v2/plugins/${slug}`, { status: 'active' })
  return { content: [{ type:'text', text: `Activated ${slug}` }] }
})

4. Updates

Run updates behind a feature flag. Snapshot the database first.

5. Safety rails

Plugin power, safely scoped

Dry-run by default. Approve every activation. Snapshot before updates.

  • Approval gates
  • Snapshots
  • Typed
Move to Gutenberg