How Respira keeps your live site safe

A restore point on every edit

Every change Respira makes creates a restore point first, kept for 90 days. Snapshots are full fidelity: they capture the page builder's own data, not just rendered HTML, so a rollback brings back the real layout, not a flattened copy.

• One-click rollback. Roll any change back to the state before it ran.
• Cascade rollback. One call restores every object changed in a single edit session to its pre-session state, so a multi-step edit undoes cleanly.
• Structure too. ACF field groups, custom post types, and taxonomies are snapshotted and restorable, not just pages and posts.

Copy first, then swap

By default the AI works on a duplicate and you approve the swap. Editing the live original directly is off unless you turn it on.

• Content-loss check. Before a swap goes live, Respira checks for unexpected content loss and blocks a risky replace unless you explicitly force it.
• Stale-base detection. If the original changed since the copy was made, the swap is blocked, so the AI cannot clobber a newer edit you made by hand.

Destructive actions need approval

Deleting a page, post, media item, or user, installing or activating a plugin, and bulk operations all require an explicit approval step. Approval tokens expire after 10 minutes.

Per-tool governance lets you turn any individual tool on or off for a site, so you decide exactly what an AI is allowed to do.

Scoped keys, standard WordPress auth

Connect with a WordPress Application Password or a scoped Respira token. Keys are not all-or-nothing.

• Scopes. Keys carry scopes such as read-only, full-fidelity read, write, and force-approve, so a key only does what you grant it.
• Encrypted at rest. API keys are encrypted with AES-256-GCM.
• Rate limited. 1000 calls per key per hour by default, configurable.
• License-gated. If a license lapses, its keys stop working.

Your content never leaves your server

Respira records operation outcomes only: which action ran, on which resource, how many lines changed, and which builders and plugins were detected. It does not collect, store, or transmit your page or post content, and it cannot see your site content from its dashboard or internal tools.

When you connect an AI tool such as Claude, ChatGPT, or Cursor, the prompts and content you send to that tool are handled under that tool's own terms, not Respira's.

Every action is logged

Each key action is recorded: who, when, what resource, the result, and which AI client and version made the call. The audit log lives on your site, under your control.