Documentation Index
Fetch the complete documentation index at: https://docs.maxicore.ai/llms.txt
Use this file to discover all available pages before exploring further.
Maxi AI Core exposes a set of PHP constants you can define in your wp-config.php file to override default behavior. These constants let you tune OAuth token lifetimes, licensing check intervals, WP-CLI write permissions, and GDPR data masking — without touching plugin settings or the database. Add any constant above the /* That's all, stop editing! */ line in your wp-config.php file using the format:
define( 'CONSTANT_NAME', value );
Licensing
These constants control how often Maxi AI Core validates your license against the remote server and where it sends update checks.
| Constant | Default | Description |
|---|
MAXI_AI_LICENSE_CHECK_INTERVAL | 43200 (12 h) | How often the license is re-validated remotely, in seconds. The minimum accepted value is 3600 (1 hour). |
MAXI_AI_UPDATE_URL | https://api.maxicore.ai/v1/updates/check | The endpoint used to check for plugin updates. Override this if you run a custom update server. |
OAuth 2.1
These constants adjust the behavior of the OAuth 2.1 server that AI clients use to connect to your site. The defaults are designed for typical use — you only need to change them if you have specific security or compliance requirements.
Kill switch
| Constant | Default | Description |
|---|
MAXI_AI_OAUTH_DISABLE | false | Set to true to disable OAuth entirely. All OAuth endpoints return 404 and the Bearer token hook is not registered. Clients using application passwords are unaffected. |
Access control
| Constant | Default | Description |
|---|
MAXI_AI_OAUTH_REQUIRED_CAP | manage_options | The WordPress capability a user must hold to see and approve the OAuth consent page. |
MAXI_AI_OAUTH_CLOCK_SKEW | 60 | Seconds of clock skew tolerance when validating token expiry. Increase this if your server clock is slightly out of sync with client clocks. |
Rate limiting
| Constant | Default | Description |
|---|
MAXI_AI_OAUTH_DCR_RATE_LIMIT | 10 | Maximum Dynamic Client Registration (DCR) registrations allowed per IP address per hour. |
MAXI_AI_OAUTH_TOKEN_RATE_LIMIT | 60 | Maximum requests to the token endpoint allowed per IP address per hour. |
Token lifetimes
| Constant | Default | Description |
|---|
MAXI_AI_OAUTH_CODE_TTL | 600 | Authorization code lifetime in seconds (10 minutes). Codes are single-use. |
MAXI_AI_OAUTH_ACCESS_TTL | 7200 | Access token lifetime in seconds (2 hours). Short by design — MCP clients refresh transparently. |
MAXI_AI_OAUTH_REFRESH_TTL | 5184000 | Refresh token lifetime in seconds (60 days). Rotated on every use. |
Retention and cleanup
| Constant | Default | Description |
|---|
MAXI_AI_OAUTH_REVOKED_RETENTION | 86400 (24 h) | How long revoked tokens are retained in the database for forensic review, in seconds. |
MAXI_AI_OAUTH_DCR_GC_AGE | 604800 (7 d) | Age at which a registered client that has never been used is automatically deleted, in seconds. |
Data masking
| Constant | Default | Description |
|---|
MAXI_AI_DATA_MASKING | true | Controls whether PII masking is active. Set to false to disable masking entirely and allow full field values to reach AI agents. See GDPR data masking for details. |
Setting MAXI_AI_DATA_MASKING to false means AI providers will receive unredacted personal data such as names, email addresses, and shipping details. Only disable masking if your use case requires it and you understand the privacy implications.
WP-CLI write groups
Read-only WP-CLI commands are always permitted. Write commands are blocked by default and must be explicitly unlocked by defining the corresponding constant. Each constant enables a specific group of commands.
All WP-CLI constants are false by default. You only need to define the ones for the write groups you actually want to allow.
| Constant | Commands enabled |
|---|
MAXI_AI_WP_CLI_ALLOW_CACHE_WRITES | cache flush, transient delete, cron management, rewrite flush |
MAXI_AI_WP_CLI_ALLOW_CONTENT_WRITES | post create/update/delete, term writes, menu management |
MAXI_AI_WP_CLI_ALLOW_USER_WRITES | user create, user update |
MAXI_AI_WP_CLI_ALLOW_OPTION_WRITES | option add, option update, option delete |
MAXI_AI_WP_CLI_ALLOW_DB_READS | db query (SELECT-only) and db export |
Example wp-config.php snippet
The following example shows a representative set of constants. Copy only the ones you need and adjust the values to suit your site.
// Maxi AI Core configuration
// Check the license every 6 hours instead of the default 12
define( 'MAXI_AI_LICENSE_CHECK_INTERVAL', 21600 );
// Shorten the OAuth access token to 1 hour
define( 'MAXI_AI_OAUTH_ACCESS_TTL', 3600 );
// Allow agents to flush the cache and manage transients via WP-CLI
define( 'MAXI_AI_WP_CLI_ALLOW_CACHE_WRITES', true );
// Allow SELECT-only db queries and db export via WP-CLI
define( 'MAXI_AI_WP_CLI_ALLOW_DB_READS', true );
/* That's all, stop editing! Happy publishing. */