@adsim/wordpress-mcp-server 1.0.0 → 3.0.0

package/tests/unit/tools/plugins.test.js

@@ -0,0 +1,268 @@
+import { vi, describe, it, expect, beforeEach, afterEach } from 'vitest';
+
+vi.mock('node-fetch', () => ({ default: vi.fn() }));
+
+import fetch from 'node-fetch';
+import { handleToolCall } from '../../../index.js';
+import { mockSuccess, mockError, getAuditLogs, makeRequest, parseResult } from '../../helpers/mockWpRequest.js';
+
+function call(name, args = {}) {
+  return handleToolCall(makeRequest(name, args));
+}
+
+let consoleSpy;
+beforeEach(() => { fetch.mockReset(); consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {}); });
+afterEach(() => { consoleSpy.mockRestore(); });
+
+// =========================================================================
+// Shared mock data
+// =========================================================================
+
+const pluginsList = [
+  {
+    plugin: 'akismet/akismet.php',
+    name: 'Akismet',
+    version: '5.3',
+    status: 'active',
+    author: { rendered: 'Automattic' },
+    description: { rendered: '<p>Anti-spam plugin</p>' },
+    plugin_uri: 'https://akismet.com',
+    requires_wp: '6.0',
+    requires_php: '7.4',
+    network_only: false,
+    textdomain: 'akismet',
+  },
+  {
+    plugin: 'hello-dolly/hello.php',
+    name: 'Hello Dolly',
+    version: '1.7',
+    status: 'inactive',
+    author: { rendered: 'Matt Mullenweg' },
+    description: { rendered: '<p>Hello Dolly</p>' },
+    plugin_uri: '',
+    requires_wp: '',
+    requires_php: '',
+    network_only: false,
+    textdomain: 'hello-dolly',
+  },
+];
+
+// =========================================================================
+// wp_list_plugins
+// =========================================================================
+
+describe('wp_list_plugins', () => {
+  it('SUCCESS — returns total, active, inactive counts and plugins', async () => {
+    mockSuccess(pluginsList);
+
+    const res = await call('wp_list_plugins');
+    const data = parseResult(res);
+
+    expect(data.total).toBe(2);
+    expect(data.active).toBe(1);
+    expect(data.inactive).toBe(1);
+    expect(data.plugins).toHaveLength(2);
+
+    const akismet = data.plugins.find(p => p.plugin === 'akismet/akismet.php');
+    expect(akismet.name).toBe('Akismet');
+    expect(akismet.version).toBe('5.3');
+    expect(akismet.status).toBe('active');
+    expect(akismet.description).toBe('Anti-spam plugin');
+  });
+
+  it('SUCCESS — status filter is passed to URL', async () => {
+    mockSuccess([pluginsList[0]]);
+
+    await call('wp_list_plugins', { status: 'active' });
+
+    // Verify the fetch URL includes the status parameter
+    const fetchUrl = fetch.mock.calls[0][0];
+    expect(fetchUrl).toContain('status=active');
+  });
+
+  it('ERROR 403 — returns specific Administrator role message', async () => {
+    mockError(403, '{"code":"rest_forbidden"}');
+
+    const res = await call('wp_list_plugins');
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('Administrator role');
+    expect(res.content[0].text).toContain('activate_plugins');
+  });
+
+  it('AUDIT — logs list action on success', async () => {
+    mockSuccess(pluginsList);
+
+    await call('wp_list_plugins');
+
+    const logs = getAuditLogs();
+    const entry = logs.find(l => l.tool === 'wp_list_plugins');
+    expect(entry).toBeDefined();
+    expect(entry.status).toBe('success');
+    expect(entry.action).toBe('list');
+    expect(entry.target_type).toBe('plugin');
+  });
+});
+
+// =========================================================================
+// wp_activate_plugin
+// =========================================================================
+
+describe('wp_activate_plugin', () => {
+  const activatedPlugin = {
+    plugin: 'hello-dolly/hello.php',
+    name: 'Hello Dolly',
+    version: '1.7',
+    status: 'active',
+  };
+
+  it('SUCCESS — activates plugin and returns status active', async () => {
+    mockSuccess(activatedPlugin);
+
+    const res = await call('wp_activate_plugin', { plugin: 'hello-dolly/hello.php' });
+    const data = parseResult(res);
+
+    expect(data.success).toBe(true);
+    expect(data.plugin.status).toBe('active');
+    expect(data.plugin.name).toBe('Hello Dolly');
+  });
+
+  it('GOVERNANCE — blocked by WP_READ_ONLY', async () => {
+    const original = process.env.WP_READ_ONLY;
+    process.env.WP_READ_ONLY = 'true';
+    try {
+      const res = await call('wp_activate_plugin', { plugin: 'hello-dolly/hello.php' });
+      expect(res.isError).toBe(true);
+      expect(res.content[0].text).toContain('READ-ONLY');
+      expect(res.content[0].text).toContain('wp_activate_plugin');
+    } finally {
+      if (original === undefined) delete process.env.WP_READ_ONLY;
+      else process.env.WP_READ_ONLY = original;
+    }
+  });
+
+  it('GOVERNANCE — blocked by WP_DISABLE_PLUGIN_MANAGEMENT', async () => {
+    const original = process.env.WP_DISABLE_PLUGIN_MANAGEMENT;
+    process.env.WP_DISABLE_PLUGIN_MANAGEMENT = 'true';
+    try {
+      const res = await call('wp_activate_plugin', { plugin: 'hello-dolly/hello.php' });
+      expect(res.isError).toBe(true);
+      expect(res.content[0].text).toContain('WP_DISABLE_PLUGIN_MANAGEMENT');
+      expect(res.content[0].text).toContain('wp_activate_plugin');
+    } finally {
+      if (original === undefined) delete process.env.WP_DISABLE_PLUGIN_MANAGEMENT;
+      else process.env.WP_DISABLE_PLUGIN_MANAGEMENT = original;
+    }
+  });
+
+  it('ERROR 403 — returns specific Administrator role message', async () => {
+    mockError(403, '{"code":"rest_forbidden"}');
+
+    const res = await call('wp_activate_plugin', { plugin: 'hello-dolly/hello.php' });
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('Administrator role');
+  });
+
+  it('ERROR 404 — returns message mentioning wp_list_plugins', async () => {
+    mockError(404, '{"code":"rest_plugin_not_found"}');
+
+    const res = await call('wp_activate_plugin', { plugin: 'nonexistent/plugin.php' });
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('wp_list_plugins');
+  });
+
+  it('AUDIT — logs activate action on success', async () => {
+    mockSuccess(activatedPlugin);
+
+    await call('wp_activate_plugin', { plugin: 'hello-dolly/hello.php' });
+
+    const logs = getAuditLogs();
+    const entry = logs.find(l => l.tool === 'wp_activate_plugin');
+    expect(entry).toBeDefined();
+    expect(entry.status).toBe('success');
+    expect(entry.action).toBe('activate');
+    expect(entry.target).toBe('hello-dolly/hello.php');
+    expect(entry.target_type).toBe('plugin');
+  });
+});
+
+// =========================================================================
+// wp_deactivate_plugin
+// =========================================================================
+
+describe('wp_deactivate_plugin', () => {
+  const deactivatedPlugin = {
+    plugin: 'akismet/akismet.php',
+    name: 'Akismet',
+    version: '5.3',
+    status: 'inactive',
+  };
+
+  it('SUCCESS — deactivates plugin and returns status inactive', async () => {
+    mockSuccess(deactivatedPlugin);
+
+    const res = await call('wp_deactivate_plugin', { plugin: 'akismet/akismet.php' });
+    const data = parseResult(res);
+
+    expect(data.success).toBe(true);
+    expect(data.plugin.status).toBe('inactive');
+    expect(data.plugin.name).toBe('Akismet');
+  });
+
+  it('GOVERNANCE — blocked by WP_READ_ONLY', async () => {
+    const original = process.env.WP_READ_ONLY;
+    process.env.WP_READ_ONLY = 'true';
+    try {
+      const res = await call('wp_deactivate_plugin', { plugin: 'akismet/akismet.php' });
+      expect(res.isError).toBe(true);
+      expect(res.content[0].text).toContain('READ-ONLY');
+      expect(res.content[0].text).toContain('wp_deactivate_plugin');
+    } finally {
+      if (original === undefined) delete process.env.WP_READ_ONLY;
+      else process.env.WP_READ_ONLY = original;
+    }
+  });
+
+  it('GOVERNANCE — blocked by WP_DISABLE_PLUGIN_MANAGEMENT', async () => {
+    const original = process.env.WP_DISABLE_PLUGIN_MANAGEMENT;
+    process.env.WP_DISABLE_PLUGIN_MANAGEMENT = 'true';
+    try {
+      const res = await call('wp_deactivate_plugin', { plugin: 'akismet/akismet.php' });
+      expect(res.isError).toBe(true);
+      expect(res.content[0].text).toContain('WP_DISABLE_PLUGIN_MANAGEMENT');
+      expect(res.content[0].text).toContain('wp_deactivate_plugin');
+    } finally {
+      if (original === undefined) delete process.env.WP_DISABLE_PLUGIN_MANAGEMENT;
+      else process.env.WP_DISABLE_PLUGIN_MANAGEMENT = original;
+    }
+  });
+
+  it('ERROR 403 — returns specific Administrator role message', async () => {
+    mockError(403, '{"code":"rest_forbidden"}');
+
+    const res = await call('wp_deactivate_plugin', { plugin: 'akismet/akismet.php' });
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('Administrator role');
+  });
+
+  it('ERROR 404 — returns message mentioning wp_list_plugins', async () => {
+    mockError(404, '{"code":"rest_plugin_not_found"}');
+
+    const res = await call('wp_deactivate_plugin', { plugin: 'nonexistent/plugin.php' });
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('wp_list_plugins');
+  });
+
+  it('AUDIT — logs deactivate action on success', async () => {
+    mockSuccess(deactivatedPlugin);
+
+    await call('wp_deactivate_plugin', { plugin: 'akismet/akismet.php' });
+
+    const logs = getAuditLogs();
+    const entry = logs.find(l => l.tool === 'wp_deactivate_plugin');
+    expect(entry).toBeDefined();
+    expect(entry.status).toBe('success');
+    expect(entry.action).toBe('deactivate');
+    expect(entry.target).toBe('akismet/akismet.php');
+    expect(entry.target_type).toBe('plugin');
+  });
+});

package/tests/unit/tools/posts.test.js

@@ -0,0 +1,310 @@
+import { vi, describe, it, expect, beforeEach, afterEach } from 'vitest';
+
+vi.mock('node-fetch', () => ({ default: vi.fn() }));
+
+import fetch from 'node-fetch';
+import { handleToolCall } from '../../../index.js';
+import { mockSuccess, mockError, getAuditLogs, makeRequest, parseResult } from '../../helpers/mockWpRequest.js';
+
+function call(name, args = {}) {
+  return handleToolCall(makeRequest(name, args));
+}
+
+// ────────────────────────────────────────────────────────────
+// wp_list_posts
+// ────────────────────────────────────────────────────────────
+
+describe('wp_list_posts', () => {
+  let consoleSpy;
+  beforeEach(() => { fetch.mockReset(); consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {}); });
+  afterEach(() => { consoleSpy.mockRestore(); });
+
+  it('returns formatted post list on success', async () => {
+    fetch.mockResolvedValue(mockSuccess([
+      { id: 1, title: { rendered: 'Post 1' }, status: 'publish', date: '2024-01-01', modified: '2024-01-01', link: 'https://test.example.com/post-1', author: 1, categories: [1], tags: [], excerpt: { rendered: 'excerpt' } }
+    ]));
+
+    const result = await call('wp_list_posts');
+    const data = parseResult(result);
+
+    expect(data.total).toBe(1);
+    expect(data.posts[0].id).toBe(1);
+    expect(data.posts[0].title).toBe('Post 1');
+    expect(data.posts[0].status).toBe('publish');
+  });
+
+  it('logs audit entry with status success', async () => {
+    fetch.mockResolvedValue(mockSuccess([
+      { id: 1, title: { rendered: 'Post 1' }, status: 'publish', date: '2024-01-01', modified: '2024-01-01', link: 'https://test.example.com/post-1', author: 1, categories: [1], tags: [], excerpt: { rendered: 'excerpt' } }
+    ]));
+
+    await call('wp_list_posts');
+    const logs = getAuditLogs(consoleSpy);
+    const entry = logs.find(l => l.tool === 'wp_list_posts');
+
+    expect(entry).toBeDefined();
+    expect(entry.status).toBe('success');
+  });
+});
+
+// ────────────────────────────────────────────────────────────
+// wp_get_post
+// ────────────────────────────────────────────────────────────
+
+describe('wp_get_post', () => {
+  let consoleSpy;
+  beforeEach(() => { fetch.mockReset(); consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {}); });
+  afterEach(() => { consoleSpy.mockRestore(); });
+
+  it('returns full post data on success', async () => {
+    fetch.mockResolvedValue(mockSuccess({
+      id: 1, title: { rendered: 'Post 1' }, content: { rendered: '<p>Content</p>' }, excerpt: { rendered: 'excerpt' },
+      status: 'publish', date: '2024-01-01', modified: '2024-01-01', link: 'https://test.example.com/post-1',
+      slug: 'post-1', categories: [1], tags: [], author: 1, featured_media: 0, comment_status: 'open', meta: {}
+    }));
+
+    const result = await call('wp_get_post', { id: 1 });
+    const data = parseResult(result);
+
+    expect(data.id).toBe(1);
+    expect(data.title).toBe('Post 1');
+    expect(data.content).toBe('<p>Content</p>');
+    expect(data.slug).toBe('post-1');
+  });
+
+  it('returns error on 404', async () => {
+    fetch.mockResolvedValue(mockError(404));
+
+    const result = await call('wp_get_post', { id: 999 });
+
+    expect(result.isError).toBe(true);
+    expect(result.content[0].text).toContain('404');
+  });
+
+  it('logs audit with tool name', async () => {
+    fetch.mockResolvedValue(mockSuccess({
+      id: 1, title: { rendered: 'Post 1' }, content: { rendered: '<p>Content</p>' }, excerpt: { rendered: 'excerpt' },
+      status: 'publish', date: '2024-01-01', modified: '2024-01-01', link: 'https://test.example.com/post-1',
+      slug: 'post-1', categories: [1], tags: [], author: 1, featured_media: 0, comment_status: 'open', meta: {}
+    }));
+
+    await call('wp_get_post', { id: 1 });
+    const logs = getAuditLogs(consoleSpy);
+    const entry = logs.find(l => l.tool === 'wp_get_post');
+
+    expect(entry).toBeDefined();
+    expect(entry.status).toBe('success');
+    expect(entry.target).toBe(1);
+  });
+});
+
+// ────────────────────────────────────────────────────────────
+// wp_create_post
+// ────────────────────────────────────────────────────────────
+
+describe('wp_create_post', () => {
+  let consoleSpy;
+  beforeEach(() => { fetch.mockReset(); consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {}); });
+  afterEach(() => { consoleSpy.mockRestore(); });
+
+  it('creates a post and returns success shape', async () => {
+    fetch.mockResolvedValue(mockSuccess({
+      id: 2, title: { rendered: 'New Post' }, status: 'draft', link: 'https://test.example.com/?p=2', slug: 'new-post'
+    }));
+
+    const result = await call('wp_create_post', { title: 'New Post', content: 'Body text' });
+    const data = parseResult(result);
+
+    expect(data.success).toBe(true);
+    expect(data.post.id).toBe(2);
+    expect(data.post.title).toBe('New Post');
+    expect(data.post.status).toBe('draft');
+  });
+
+  it('is blocked by WP_READ_ONLY', async () => {
+    process.env.WP_READ_ONLY = 'true';
+    try {
+      const result = await call('wp_create_post', { title: 'T', content: 'C' });
+
+      expect(result.isError).toBe(true);
+      expect(result.content[0].text).toContain('READ-ONLY');
+
+      const logs = getAuditLogs(consoleSpy);
+      const entry = logs.find(l => l.tool === 'wp_create_post');
+      expect(entry).toBeDefined();
+      expect(entry.status).toBe('blocked');
+    } finally {
+      delete process.env.WP_READ_ONLY;
+    }
+  });
+
+  it('logs audit on success', async () => {
+    fetch.mockResolvedValue(mockSuccess({
+      id: 2, title: { rendered: 'New Post' }, status: 'draft', link: 'https://test.example.com/?p=2', slug: 'new-post'
+    }));
+
+    await call('wp_create_post', { title: 'New Post', content: 'Body' });
+    const logs = getAuditLogs(consoleSpy);
+    const entry = logs.find(l => l.tool === 'wp_create_post');
+
+    expect(entry).toBeDefined();
+    expect(entry.status).toBe('success');
+    expect(entry.action).toBe('create');
+  });
+});
+
+// ────────────────────────────────────────────────────────────
+// wp_update_post
+// ────────────────────────────────────────────────────────────
+
+describe('wp_update_post', () => {
+  let consoleSpy;
+  beforeEach(() => { fetch.mockReset(); consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {}); });
+  afterEach(() => { consoleSpy.mockRestore(); });
+
+  it('updates a post and returns success shape', async () => {
+    fetch.mockResolvedValue(mockSuccess({
+      id: 1, title: { rendered: 'Updated' }, status: 'publish', link: 'https://test.example.com/post-1', modified: '2024-01-02'
+    }));
+
+    const result = await call('wp_update_post', { id: 1, title: 'Updated' });
+    const data = parseResult(result);
+
+    expect(data.success).toBe(true);
+    expect(data.post.id).toBe(1);
+    expect(data.post.title).toBe('Updated');
+    expect(data.post.modified).toBe('2024-01-02');
+  });
+
+  it('returns error on 404', async () => {
+    fetch.mockResolvedValue(mockError(404));
+
+    const result = await call('wp_update_post', { id: 999, title: 'Ghost' });
+
+    expect(result.isError).toBe(true);
+    expect(result.content[0].text).toContain('404');
+  });
+
+  it('is blocked by WP_READ_ONLY', async () => {
+    process.env.WP_READ_ONLY = 'true';
+    try {
+      const result = await call('wp_update_post', { id: 1, title: 'T' });
+
+      expect(result.isError).toBe(true);
+      expect(result.content[0].text).toContain('READ-ONLY');
+    } finally {
+      delete process.env.WP_READ_ONLY;
+    }
+  });
+
+  it('logs audit with tool name and target', async () => {
+    fetch.mockResolvedValue(mockSuccess({
+      id: 1, title: { rendered: 'Updated' }, status: 'publish', link: 'https://test.example.com/post-1', modified: '2024-01-02'
+    }));
+
+    await call('wp_update_post', { id: 1, title: 'Updated' });
+    const logs = getAuditLogs(consoleSpy);
+    const entry = logs.find(l => l.tool === 'wp_update_post');
+
+    expect(entry).toBeDefined();
+    expect(entry.status).toBe('success');
+    expect(entry.target).toBe(1);
+  });
+});
+
+// ────────────────────────────────────────────────────────────
+// wp_delete_post
+// ────────────────────────────────────────────────────────────
+
+describe('wp_delete_post', () => {
+  let consoleSpy;
+  beforeEach(() => { fetch.mockReset(); consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {}); });
+  afterEach(() => { consoleSpy.mockRestore(); });
+
+  it('trashes a post and returns success shape', async () => {
+    fetch.mockResolvedValue(mockSuccess({
+      id: 1, title: { rendered: 'Post 1' }, status: 'trash'
+    }));
+
+    const result = await call('wp_delete_post', { id: 1 });
+    const data = parseResult(result);
+
+    expect(data.success).toBe(true);
+    expect(data.post.id).toBe(1);
+    expect(data.post.status).toBe('trash');
+  });
+
+  it('returns error on 404', async () => {
+    fetch.mockResolvedValue(mockError(404));
+
+    const result = await call('wp_delete_post', { id: 999 });
+
+    expect(result.isError).toBe(true);
+    expect(result.content[0].text).toContain('404');
+  });
+
+  it('is blocked by WP_READ_ONLY', async () => {
+    process.env.WP_READ_ONLY = 'true';
+    try {
+      const result = await call('wp_delete_post', { id: 1 });
+
+      expect(result.isError).toBe(true);
+      expect(result.content[0].text).toContain('READ-ONLY');
+    } finally {
+      delete process.env.WP_READ_ONLY;
+    }
+  });
+
+  it('logs audit with correct action', async () => {
+    fetch.mockResolvedValue(mockSuccess({
+      id: 1, title: { rendered: 'Post 1' }, status: 'trash'
+    }));
+
+    await call('wp_delete_post', { id: 1 });
+    const logs = getAuditLogs(consoleSpy);
+    const entry = logs.find(l => l.tool === 'wp_delete_post');
+
+    expect(entry).toBeDefined();
+    expect(entry.status).toBe('success');
+    expect(entry.action).toBe('trash');
+  });
+});
+
+// ────────────────────────────────────────────────────────────
+// wp_search
+// ────────────────────────────────────────────────────────────
+
+describe('wp_search', () => {
+  let consoleSpy;
+  beforeEach(() => { fetch.mockReset(); consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {}); });
+  afterEach(() => { consoleSpy.mockRestore(); });
+
+  it('returns search results on success', async () => {
+    fetch.mockResolvedValue(mockSuccess([
+      { id: 1, title: 'Post 1', url: 'https://test.example.com/post-1', type: 'post', subtype: 'post' }
+    ]));
+
+    const result = await call('wp_search', { search: 'Post' });
+    const data = parseResult(result);
+
+    expect(data.query).toBe('Post');
+    expect(data.total).toBe(1);
+    expect(data.results[0].id).toBe(1);
+    expect(data.results[0].title).toBe('Post 1');
+    expect(data.results[0].type).toBe('post');
+  });
+
+  it('logs audit with search action', async () => {
+    fetch.mockResolvedValue(mockSuccess([
+      { id: 1, title: 'Post 1', url: 'https://test.example.com/post-1', type: 'post', subtype: 'post' }
+    ]));
+
+    await call('wp_search', { search: 'Post' });
+    const logs = getAuditLogs(consoleSpy);
+    const entry = logs.find(l => l.tool === 'wp_search');
+
+    expect(entry).toBeDefined();
+    expect(entry.status).toBe('success');
+    expect(entry.action).toBe('search');
+  });
+});