AI Site Editor — Notes

2026-04-25 — Initial brainstorm with Sean

The idea

• Client users log in, see their project sites, can ask AI to make changes
• No Telegram/WhatsApp needed — browser-only self-serve
• Two approaches discussed: embedded per-page widget vs central dashboard editor
• Decision: embedded per-page (more intuitive, contextual)

Key concerns

• Security is #1 — must be locked down tight
• AI must NOT be able to touch things outside the site directory
• Audit trail is critical
• Approval workflow for non-admin users (Sean approves before live)
• Need per-site permissions (BF employees only see BF sites)

Sean's notes

• "Dangerous so I'd need to lock the ability down for sure"
• Wants Microsoft login for client orgs (verified by email domain)
• Eventually wants the AI embedded right in each page
• Alternatively, a central place on the dashboard
• Mentioned GitHub Copilot has a feature for embedding in apps — explore this
• Also asked: could we create a new OpenClaw Agent per project with specific instructions?
• Wants to know how to manage who's logged in where — maybe a dashboard feature

Apr 25 — Architecture Options Explored

• Option 1: OpenClaw per-project agents — leverage existing infra, each project gets an agent with scoped AGENTS.md. Most powerful but highest latency.
• Option 2: GitHub Copilot Extensions — embed Copilot in the app. Changes flow through GitHub (PRs/commits). Free with Sean's plan. Newer API, less documented.
• Option 3: Lightweight edit API — thin FastAPI service, sends file + prompt to any LLM, validates output, writes back. Simplest and fastest to build.
• Recommendation: Start with Option 3, evolve to Option 1 for complex edits later. Widget UI is the same regardless of backend.
• User management: "Who's Online" card on admin dashboard showing active sessions, sites, edit counts. Admin can revoke.

Technical decisions

• Use OpenClaw subagent for the AI backend (already have infrastructure)
• Git auto-commit for every change (built-in rollback)
• Staging copy before live (preview workflow)
• JSON permissions file (simple, no database needed initially)