PatchOn Agent

PatchOn is a solution for safely updating the plugins, themes, and core of your WordPress site. Before applying an update to production, it reproduces your site’s configuration in a staging environment, applies the update there, and runs a screenshot comparison (Visual Regression Test) to check for any problems. This plugin acts as the connector between your WordPress site and PatchOn.

This plugin requires the PatchOn service (patchon.jp) and does not function on its own. No account is required to get started. Immediately after activation it performs no external communication, and a consent screen is shown in the admin area. Outbound communication with PatchOn begins only after the user explicitly clicks the “Agree and Start” button on that consent screen, which registers the site anonymously. A PatchOn account is needed only to view detailed inspection results in the dashboard or to upgrade to a paid plan.

Main Features

• Pre-inspection that simulates updates in a staging environment, with results displayed in your dashboard
• Backup of site files and database before applying updates
• Production rollout of updates that have passed inspection

This plugin (the free distribution on WordPress.org) does not write to your site files (wp-content, mu-plugins, theme directories, etc.), even when it detects a problem. AI auto-repair, which writes patched code to mu-plugins or the active child theme, is provided by the separately distributed PatchOn Agent Pro extension plugin (available to PatchOn Standard / Business plan subscribers).

Data Sent

After the user has consented on the consent screen, when they run a “Pre-inspection” or “Apply update” operation, the plugin sends the following data to PatchOn and related external services. See the Privacy Policy for details.

• Site URL / WordPress version / PHP version / DB version
• List and versions of installed plugins, themes, and MU plugins
• Site files prior to update application (child theme / mu-plugins / wp-config.php, used for backup)
• Contents of WordPress debug.log (used to detect issues)
• Lightweight database dump (only at pre-inspection time; tables and columns containing personal information are excluded)

External services

This plugin depends on the following external services. No external communication is performed merely by activating the plugin. Communication starts only after the user explicitly clicks the “Agree and Start” button on the consent screen shown on first use.

PatchOn API (https://patchon.jp and its subdomains)

The backend for all inspection, repair, update, and database-dump operations. Two host names are used, both operated by Rocketa Inc. and routed to PatchOn’s infrastructure:

• https://patchon.jp/api/* — site registration, pre-inspection control, apply-update control, billing
• https://dump.patchon.jp/* — database-dump control endpoints and signed-URL chunk uploads used during pre-inspection (the database dump is excluded from the data sent over patchon.jp/api/*)

Provider: Rocketa Inc. (rocketa.co.jp)

When data is sent:

• On click of the “Agree and Start” consent button (one-time): anonymous site registration and UUID issuance
• When the user runs a “Pre-inspection”: list of plugins / themes, debug.log, lightweight database dump
• When the user runs an “Apply update”: backup files, application result

What is sent: see the “Data Sent” section above

• Terms of Service: https://patchon.jp/terms
• Privacy Policy: https://patchon.jp/privacy-policy
• Subprocessors: https://patchon.jp/subprocessors

AWS S3 (Tokyo region, accessed via PatchOn)

Storage destination for the pre-update full-site backup (tar.gz). File uploads are performed only against pre-signed URLs issued by https://patchon.jp/api/* on a per-request basis. The customer site does not hold any S3 credentials.

• Provider: Amazon Web Services, Inc.
• Endpoint: https://*.s3.ap-northeast-1.amazonaws.com (pre-signed URLs only)
• When data is sent: when the user runs an “Apply update”
• What is sent: pre-update site files (tar.gz)
• AWS Privacy: https://aws.amazon.com/privacy/