Launch pricing ends May 22 (CEST). --d --h --m left Lock in your plan

Crash Recovery

When AI agents write PHP to the sandbox, that code runs on every WordPress request. If a sandbox file contains a fatal error, it could take down the entire site. Novamira’s crash recovery detects this and automatically isolates the broken file by entering safe mode on the next request.

How crash detection works

Before loading any sandbox file, the loader registers a PHP shutdown handler. The handler watches for fatal errors:

  1. Track: while sandbox files load, the loader keeps note of which file is currently being included.
  2. Detect: if PHP shuts down with a fatal error (E_ERROR, E_PARSE, E_CORE_ERROR, E_COMPILE_ERROR) while a sandbox file was loading, the handler runs.
  3. Mark: the handler writes a .crashed file in wp-content/novamira-sandbox/ with the error details and the name of the offending sandbox file.

This catches fatal errors even when they are thrown indirectly: for example, a sandbox file calls get_header(), which calls wp_head(), which fatals inside a third-party plugin. The shutdown handler still attributes the crash to the sandbox file that started the load chain.

Automatic recovery

On the next request, the sandbox loader checks for the .crashed file:

  1. If .crashed exists, the loader enters safe mode: all sandbox files are skipped for that request.
  2. WordPress loads normally. The MCP server stays available. The admin dashboard works.

So even if a sandbox file causes a fatal error, the site automatically recovers on the next request. The MCP tools remain available, so the AI agent can read, fix, or delete the broken file.

Safe mode

When safe mode is active:

  • No sandbox files are loaded. All custom functionality from the sandbox is suspended.
  • A prominent admin notice appears: “Novamira Sandbox: Safe mode is active. A sandbox plugin caused a fatal error.”
  • All Novamira abilities (Execute PHP, Read File, Write File, etc.) continue to work normally. The AI agent can still operate.

Exiting safe mode

There are two ways to exit safe mode:

1. From the WordPress admin

Go to Novamira > Sandbox and click Exit Safe Mode. This deletes the .crashed file and sandbox files will load on the next request.

2. Via an AI agent

The AI agent can delete the crash marker using the Delete File ability:

// Delete the crash marker
path: "wp-content/novamira-sandbox/.crashed"

Manual safe mode

You can also force safe mode for a single request by adding ?novamira_safe_mode=1 to any URL. Sandbox files are skipped just for that request, leaving the rest untouched. This is useful when a sandbox file is misbehaving but not crashing: you can reach the admin without it loading, then disable or fix the file from there.

When crash recovery is active

Crash detection only runs when AI abilities are enabled. With abilities disabled, sandbox files are loaded without the shutdown-handler protection. If a sandbox file fatals in that state, the normal WordPress fatal error handler takes over instead.

This is also why crash recovery is fundamentally a development-phase tool. By the time code reaches production, AI abilities should already be off and the code should already have been reviewed in staging. The recovery system catches mistakes during the work, not after.

Limitations

  • Crash recovery does not roll back changes. The broken file stays on disk. You need to fix it, disable it, or delete it.
  • Execute PHP errors (from eval()) do not trigger crash recovery, because they do not involve the sandbox loader. Execute PHP has its own error handling that catches exceptions and returns them in the response.