What does a forum operator gain by this?
- Less server overhead because now the AI can communicate in a leaner protocol?
Will an AI bot still show up as a guest visitor while they read the forum? (who is online) And if yes will it be flagged as using webmcp?
Will AI bots still be controlled via usergroup guests? (get the same authorization as regular human guests visitors).
Great questions — let me address each one.
What does a forum operator gain?
It's not about server overhead — it's about control.
Without AI Connect, AI bots scrape your forum as anonymous guests. You can't tell who they are, what they're reading, or limit what they access.
With AI Connect, every AI agent must authenticate as a real user via OAuth 2.0. What you gain:
- Permission control — AI agents follow the exact same XenForo permission system as human users. If a usergroup can't see a private forum, neither can the AI acting on behalf of that user.
- Per-user accountability — every API call is tied to a real user account. You know who authorized what.
- Rate limiting — configurable per-user limits (requests per minute and per hour).
- Per-tool permissions — allow searching but block content creation, or enable write tools only for specific usergroups.
- Token revocation — cut off any AI agent instantly.
- Monetization potential — offer AI access as a premium feature for paying members.
The real value is turning uncontrolled anonymous scraping into controlled, authenticated, permission-aware access.
---
Will an AI bot show up as a guest visitor in "Who's Online"?
No. AI agents using AI Connect don't browse forum pages — they call REST API endpoints that return JSON. They won't appear in "Who's Online" at all.
If you want to track AI usage, every API call is tied to the user whose OAuth token was used, so you always know exactly who authorized the access.
---
Will AI bots be controlled via the Guests usergroup?
No — the opposite. AI bots authenticate as a specific user via OAuth. The AI acts with
that user's permissions, not guest permissions.
Example: if user "John" (Premium Members group) authorizes Claude via OAuth, the AI gets John's permissions — sees everything John can see, nothing more. If John's group can't access a private forum, the AI can't either.
Guests cannot use the tools at all — the
useTools permission defaults to Registered users only. Unauthenticated API calls are rejected with 403.
Permission hierarchy:
- Guests → can see the public info page (if enabled by admin), cannot use any tools
- Registered users → can authorize AI agents, tools respect their usergroup permissions
- Admin → full control over which groups and individual users can use which tools, managed through the standard XenForo permission system
New Features
Critical Fixes