Menu

Let's Talk
Docs PromptWire Version 1.x Remote Setup

Remote Setup

Connecting to a production or staging site via the HTTP API for cross-environment content and schema sync.

Deploy the API endpoint

Copy api/promptwire-api.php from the PromptWire module to your remote ProcessWire site root (the same directory as index.php):

scp site/modules/PromptWire/api/promptwire-api.php user@server:/var/www/html/

The endpoint bootstraps ProcessWire and runs the same command router as the local CLI. All tools work identically over HTTPS.

Set your API key

Copy the example config to your remote site's site/ directory:

cp api/config-promptwire.example.php /path/to/remote-site/site/config-promptwire.php

Edit site/config-promptwire.php and set a strong random key:

<?php
define('PROMPTWIRE_API_KEY', 'your-strong-random-key-here');

Generate one with openssl rand -hex 32. This key must match the PW_REMOTE_KEY value in your local .cursor/mcp.json.

Optional: restrict by IP

For an extra layer of protection, restrict API access to your machine's public IP:

<?php
define('PROMPTWIRE_API_KEY', 'your-strong-random-key-here');
define('PROMPTWIRE_ALLOWED_IPS', '1.2.3.4');

Find your IP with curl ifconfig.me. Multiple IPs can be comma-separated.

If your IP changes regularly (mobile tethering, VPN), you can leave the allowlist disabled. API key authentication is still required for every request.

Configure Cursor

Add a remote server entry to .cursor/mcp.json:

{
  "mcpServers": {
    "PromptWire: My Site (Production)": {
      "command": "node",
      "args": ["/path/to/site/modules/PromptWire/mcp-server/dist/index.js"],
      "env": {
        "PW_REMOTE_URL": "https://www.example.com/promptwire-api.php",
        "PW_REMOTE_KEY": "your-strong-random-key-here"
      }
    }
  }
}

Verify the connection

In Cursor chat, ask the agent to check the remote site's health. It should return the ProcessWire version, page count, and template count from the production server.

If the connection fails, the error message will tell you why:

  • 401: API key mismatch. Check that PW_REMOTE_KEY matches the PROMPTWIRE_API_KEY defined on the server.
  • 403: Your IP is not in the allowlist. Check PROMPTWIRE_ALLOWED_IPS or remove the restriction.
  • 404: The API file is missing or not at the expected URL. Confirm promptwire-api.php is in the site root.
  • 500: ProcessWire or the PromptWire module failed to load on the remote server. Check that the module is installed and the CommandRouter is accessible at site/modules/PromptWire/src/Cli/CommandRouter.php.

Hybrid setup

The most useful configuration is hybrid: set both PW_PATH (local) and PW_REMOTE_URL (remote) on a single MCP server entry. Reads use the fast local CLI. Writes can target local, remote, or both.

{
  "mcpServers": {
    "PromptWire: My Site": {
      "command": "node",
      "args": ["/path/to/site/modules/PromptWire/mcp-server/dist/index.js"],
      "env": {
        "PW_PATH": "/path/to/local/processwire",
        "PW_REMOTE_URL": "https://www.example.com/promptwire-api.php",
        "PW_REMOTE_KEY": "your-api-key-here"
      }
    }
  }
}

When you push content or publish pages, you can specify targets: "local", "remote", or "both". If not specified, push defaults to local when PW_PATH is present.

Security considerations

The API endpoint gives authenticated callers full read/write access to your ProcessWire site. Treat the API key like a database password.

  • Always use HTTPS. The key is sent in a request header; plain HTTP would expose it.
  • Keep config-promptwire.php inside the site/ directory. ProcessWire's default .htaccess blocks direct access to files in site/.
  • Use a strong, unique key per site. Do not reuse keys across projects.
  • Consider IP allowlisting if your IP is stable.
  • Do not deploy .cursor/, .pw-sync/, or site/assets/pw-mcp/ to production — these are local development directories and may contain API keys. See Security for the full list of deployment exclusions.

Next steps

  • Security — essential reading before going live. Covers API key management, IP allowlisting, deployment exclusions, and what should and shouldn't be on a production server.
  • Content Sync — the pull/push workflow for syncing content between local and remote.
  • Schema Sync — comparing and pushing field and template changes across environments.