How it works

How the agent keeps its word.

The agent runs the same five steps every day on every site. The dashboard is for the days you want to look. The agent is for the days you don't.

01 / CHECK

It looks at everything that matters, every day

The agent walks every revenue-critical page, runs a synthetic checkout on every WooCommerce store, watches every gateway response, checks backups, surfaces vulnerabilities, sees the things that quietly drift. Twice an hour for commerce, daily for the rest.

The dashboard shows you the structured view. The agent already saw it.

Synthetic checkout 4 of 4 stores ok
Renewal rate −13% vs expected on store B (day 2)
14 of 80 sites below PHP 8.2 floor
SSL on regional-fr.brand.com expires in 9 days
02 / DECIDE

It checks against your policy before doing anything

You set the boundaries once per fleet, per site, per environment. Patches yes, majors no. Never touch on Fridays. Always ask for these specific plugins. Treat checkout as the page that decides whether the update stays. Enterprise approval chain on production.

Every action the agent considers gets checked against your policy first. In bounds gets done. Out of bounds gets held for a human.

03 / DO

It updates the site without breaking it

For every safe update, the agent snapshots the site first, applies the change, then runs the synthetic checkout (and the pages you marked critical). If anything moves in the wrong direction, the change is reversed and the site is back to the state that worked.

You wake up to "12 updates applied, 1 rolled back, 1 held for review." Not "your client is on the phone."

overnight on store-eu.brand.com
page-builder 3.20 → 3.21
wordpress-seo 27.4 → 27.5
cache-plugin 3.18 → 3.19 (rolled back, checkout broke)
? stripe-gateway 8.1 → 8.2 (held, high-risk plugin)
04 / REMEMBER

It learns each site over time Planned

When something breaks, the agent records what happened. Next time the same plugin tries to update on the same site, it knows to be careful. Either it handles the known fix automatically, or it pulls you in earlier.

The longer the agent runs on a fleet, the fewer surprises. Your weird sites stay handled by their own quirks.

05 / TELL YOU

You get a daily summary. Real alerts when it matters.

One short morning summary of what the agent did and what needs your call. For real incidents (uptime drop, security finding, rollback failure), an alert goes to Telegram, WhatsApp, Slack, or email, whichever you use. If a problem clears on its own, you get a quiet "recovered" message instead of being pinged twice.

Once a month, the agent writes the client-facing maintenance report for you. Plain language, branded as your agency, ready to send.

// Why this approach

What we won't do

Auto-update everything blindly

Every existing tool does this and every existing tool has broken sites this way. WPShake runs the safety checks first, every time.

Make the model the decider

AI is good at synthesis and pattern recognition. It is not the right thing to decide whether to push a major security plugin upgrade on a live store at 2 am. The hard calls are made by deterministic rules. The model fills in the parts where ambiguity actually exists.

Hide what we did

Every action the agent took is recorded. You can review, override, or change the rules. You're the operator. The agent works for you.

Lock you in

Your data is yours. Your client reports are yours. If you ever want to leave, you take everything with you.

See what it would do on your fleet.

Founding-customer pricing locks in for the first 100.

Get on the alpha list