This plugin connects your Joomla website to an AI provider (such as OpenAI, Mistral AI, Anthropic, Google, OpenRouter and any other) — securely, centrally, and without exposing your API key.

New: DeepL Translation supported

Typical use cases:

• A FAQ assistant th- at answers questions about your services in your website's tone
• An intake form that summarises a visitor's enquiry before it reaches your inbox
• A content tool that generates draft texts for your editors on the server side

The plugin has no visible frontend widget. It is infrastructure — a stable, secure foundation that any Joomla extension on your site can build on.

Features

• Interchangeable AI providers: OpenAI, Mistral AI (EU servers, GDPR-compliant), Anthropic, Google, Groq, DeepSeek, OpenRouter, Custom (i. e. Ollama or any other).
• Admin-configurable AI contexts in the backend: context key + system prompt + individual parameters
• Event-based context system: other plugins can register their own contexts server-side
• Two usage paths: HTTP endpoint (AJAX, frontend JS) and direct PHP method call (server-side)
• API key encryption: AES-256 with native PHP Sodium, using the Joomla site secret as the key
• Protection: Rate limiting, CSRF token verification, origin check, and input sanitisation by default
• Per-context parameters: maxtokens,maxinput_length, andtemperature configurable per context
• Backend test system: verify the API connection directly inside the Plugin Manager
• Conversation history: supports modern object-array format (role/content) and legacy strings
• Stateless: no conversation data is stored; every request is independent
• Built-in DeepL translation: translate text via HTTP or PHP with the same key management, CSRF protection, and rate limiting as the AI feature
• DeepL context system: define named translation profiles (e.g. html_de, formal_en) in the backend — no per-call parameter juggling needed

GDPR & Security

Data protection built in

All AI requests pass through your own server. Your API key is encrypted automatically on first save (AES-256, PHP Sodium, using your Joomla site secret as the encryption key) — it never appears in plain text in your database or your website's HTML.

Every request is protected by:

• CSRF token verification
• Origin check
• Rate limiting (default: 10 requests per IP per minute)
• Input sanitisation