@adsim/wordpress-mcp-server 1.0.0 → 3.0.0

package/tests/unit/tools/revisions.test.js

@@ -0,0 +1,299 @@
+import { vi, describe, it, expect, beforeEach, afterEach } from 'vitest';
+
+vi.mock('node-fetch', () => ({ default: vi.fn() }));
+
+import fetch from 'node-fetch';
+import { handleToolCall } from '../../../index.js';
+import { mockSuccess, mockError, getAuditLogs, makeRequest, parseResult } from '../../helpers/mockWpRequest.js';
+
+function call(name, args = {}) {
+  return handleToolCall(makeRequest(name, args));
+}
+
+let consoleSpy;
+beforeEach(() => { fetch.mockReset(); consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {}); });
+afterEach(() => { consoleSpy.mockRestore(); });
+
+// =========================================================================
+// Shared mock data
+// =========================================================================
+
+const revisionsList = [
+  {
+    id: 101,
+    parent: 1,
+    date: '2024-01-01',
+    date_gmt: '2024-01-01T00:00:00',
+    modified: '2024-01-01',
+    modified_gmt: '2024-01-01T00:00:00',
+    author: 1,
+    title: { rendered: 'Revision 1' },
+    excerpt: { rendered: '<p>Excerpt</p>' },
+    slug: '1-revision-v1',
+  },
+  {
+    id: 102,
+    parent: 1,
+    date: '2024-01-02',
+    date_gmt: '2024-01-02T00:00:00',
+    modified: '2024-01-02',
+    modified_gmt: '2024-01-02T00:00:00',
+    author: 1,
+    title: { rendered: 'Revision 2' },
+    excerpt: { rendered: '' },
+    slug: '1-revision-v2',
+  },
+];
+
+const singleRevision = {
+  id: 101,
+  parent: 1,
+  date: '2024-01-01',
+  author: 1,
+  title: { rendered: 'Revision 1' },
+  content: { rendered: '<p>Old content</p>' },
+  excerpt: { rendered: '<p>Old excerpt</p>' },
+};
+
+const restoreRevisionData = {
+  id: 101,
+  parent: 1,
+  title: { raw: 'Old Title', rendered: 'Old Title' },
+  content: { raw: '<p>Old content</p>', rendered: '<p>Old content</p>' },
+};
+
+const restoreUpdateResponse = {
+  id: 1,
+  title: { rendered: 'Old Title' },
+  status: 'publish',
+};
+
+// =========================================================================
+// wp_list_revisions
+// =========================================================================
+
+describe('wp_list_revisions', () => {
+  it('SUCCESS — returns total, post_id, post_type, note, and revisions without content', async () => {
+    mockSuccess(revisionsList);
+
+    const res = await call('wp_list_revisions', { post_id: 1 });
+    const data = parseResult(res);
+
+    expect(data.total).toBe(2);
+    expect(data.post_id).toBe(1);
+    expect(data.post_type).toBe('post');
+    expect(data.note).toContain('wp_get_revision');
+    expect(data.revisions).toHaveLength(2);
+
+    // Revisions should not include content field
+    const rev = data.revisions[0];
+    expect(rev.id).toBe(101);
+    expect(rev.parent).toBe(1);
+    expect(rev.date).toBe('2024-01-01');
+    expect(rev.author).toBe(1);
+    expect(rev.title).toBe('Revision 1');
+    expect(rev.slug).toBe('1-revision-v1');
+    expect(rev).not.toHaveProperty('content');
+  });
+
+  it('ERROR 404 — returns message about "no revisions available"', async () => {
+    mockError(404, '{"code":"rest_post_not_found"}');
+
+    const res = await call('wp_list_revisions', { post_id: 999 });
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('no revisions available');
+  });
+
+  it('AUDIT — logs list action on success', async () => {
+    mockSuccess(revisionsList);
+
+    await call('wp_list_revisions', { post_id: 1 });
+
+    const logs = getAuditLogs();
+    const entry = logs.find(l => l.tool === 'wp_list_revisions');
+    expect(entry).toBeDefined();
+    expect(entry.status).toBe('success');
+  });
+});
+
+// =========================================================================
+// wp_get_revision
+// =========================================================================
+
+describe('wp_get_revision', () => {
+  it('SUCCESS — returns full revision with content', async () => {
+    mockSuccess(singleRevision);
+
+    const res = await call('wp_get_revision', { post_id: 1, revision_id: 101 });
+    const data = parseResult(res);
+
+    expect(data.id).toBe(101);
+    expect(data.parent).toBe(1);
+    expect(data.date).toBe('2024-01-01');
+    expect(data.author).toBe(1);
+    expect(data.title).toBe('Revision 1');
+    expect(data.content).toBe('<p>Old content</p>');
+    expect(data.excerpt).toBe('<p>Old excerpt</p>');
+  });
+
+  it('ERROR 404 — returns message mentioning wp_list_revisions', async () => {
+    mockError(404, '{"code":"rest_revision_not_found"}');
+
+    const res = await call('wp_get_revision', { post_id: 1, revision_id: 999 });
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('wp_list_revisions');
+  });
+
+  it('AUDIT — logs read action on success', async () => {
+    mockSuccess(singleRevision);
+
+    await call('wp_get_revision', { post_id: 1, revision_id: 101 });
+
+    const logs = getAuditLogs();
+    const entry = logs.find(l => l.tool === 'wp_get_revision');
+    expect(entry).toBeDefined();
+    expect(entry.status).toBe('success');
+  });
+});
+
+// =========================================================================
+// wp_restore_revision
+// =========================================================================
+
+describe('wp_restore_revision', () => {
+  it('SUCCESS — restores revision and verifies PUT/POST call with revision data', async () => {
+    // First call: GET revision data
+    mockSuccess(restoreRevisionData);
+    // Second call: POST update to post
+    mockSuccess(restoreUpdateResponse);
+
+    const res = await call('wp_restore_revision', { post_id: 1, revision_id: 101 });
+    const data = parseResult(res);
+
+    expect(data.restored).toBe(true);
+    expect(data.post_id).toBe(1);
+    expect(data.revision_id).toBe(101);
+    expect(data.title).toBe('Old Title');
+
+    // Verify the second fetch call sent the revision's title and content
+    expect(fetch.mock.calls.length).toBeGreaterThanOrEqual(2);
+    const updateCall = fetch.mock.calls[1];
+    const body = JSON.parse(updateCall[1].body);
+    expect(body.title).toBe('Old Title');
+    expect(body.content).toBe('<p>Old content</p>');
+  });
+
+  it('GOVERNANCE — blocked by WP_READ_ONLY', async () => {
+    const original = process.env.WP_READ_ONLY;
+    process.env.WP_READ_ONLY = 'true';
+    try {
+      const res = await call('wp_restore_revision', { post_id: 1, revision_id: 101 });
+      expect(res.isError).toBe(true);
+      expect(res.content[0].text).toContain('READ-ONLY');
+    } finally {
+      if (original === undefined) delete process.env.WP_READ_ONLY;
+      else process.env.WP_READ_ONLY = original;
+    }
+  });
+
+  it('ERROR 404 on GET revision — does not attempt PUT', async () => {
+    mockError(404, '{"code":"rest_revision_not_found"}');
+
+    const res = await call('wp_restore_revision', { post_id: 1, revision_id: 999 });
+    expect(res.isError).toBe(true);
+
+    // Only one fetch call should have been made (the GET), no PUT/POST
+    expect(fetch.mock.calls).toHaveLength(1);
+  });
+
+  it('AUDIT — logs entries on success', async () => {
+    mockSuccess(restoreRevisionData);
+    mockSuccess(restoreUpdateResponse);
+
+    await call('wp_restore_revision', { post_id: 1, revision_id: 101 });
+
+    const logs = getAuditLogs();
+    const entries = logs.filter(l => l.tool === 'wp_restore_revision');
+    expect(entries.length).toBeGreaterThanOrEqual(1);
+    expect(entries.some(e => e.status === 'success')).toBe(true);
+  });
+});
+
+// =========================================================================
+// wp_delete_revision
+// =========================================================================
+
+describe('wp_delete_revision', () => {
+  it('SUCCESS — returns deleted true with revision_id and post_id', async () => {
+    mockSuccess({ deleted: true });
+
+    const res = await call('wp_delete_revision', { post_id: 1, revision_id: 101 });
+    const data = parseResult(res);
+
+    expect(data.deleted).toBe(true);
+    expect(data.revision_id).toBe(101);
+    expect(data.post_id).toBe(1);
+  });
+
+  it('SUCCESS — force=true is present in the fetch URL', async () => {
+    mockSuccess({ deleted: true });
+
+    await call('wp_delete_revision', { post_id: 1, revision_id: 101 });
+
+    const fetchUrl = fetch.mock.calls[0][0];
+    expect(fetchUrl).toContain('force=true');
+  });
+
+  it('GOVERNANCE — blocked by WP_READ_ONLY', async () => {
+    const original = process.env.WP_READ_ONLY;
+    process.env.WP_READ_ONLY = 'true';
+    try {
+      const res = await call('wp_delete_revision', { post_id: 1, revision_id: 101 });
+      expect(res.isError).toBe(true);
+      expect(res.content[0].text).toContain('READ-ONLY');
+    } finally {
+      if (original === undefined) delete process.env.WP_READ_ONLY;
+      else process.env.WP_READ_ONLY = original;
+    }
+  });
+
+  it('GOVERNANCE — blocked by WP_DISABLE_DELETE', async () => {
+    const original = process.env.WP_DISABLE_DELETE;
+    process.env.WP_DISABLE_DELETE = 'true';
+    try {
+      const res = await call('wp_delete_revision', { post_id: 1, revision_id: 101 });
+      expect(res.isError).toBe(true);
+      expect(res.content[0].text).toContain('WP_DISABLE_DELETE');
+    } finally {
+      if (original === undefined) delete process.env.WP_DISABLE_DELETE;
+      else process.env.WP_DISABLE_DELETE = original;
+    }
+  });
+
+  it('ERROR 404 — returns revision not found message', async () => {
+    mockError(404, '{"code":"rest_revision_not_found"}');
+
+    const res = await call('wp_delete_revision', { post_id: 1, revision_id: 999 });
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('Revision not found');
+  });
+
+  it('ERROR 403 — returns message about delete_posts capability', async () => {
+    mockError(403, '{"code":"rest_forbidden"}');
+
+    const res = await call('wp_delete_revision', { post_id: 1, revision_id: 101 });
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('delete_posts');
+  });
+
+  it('AUDIT — logs permanent_delete action on success', async () => {
+    mockSuccess({ deleted: true });
+
+    await call('wp_delete_revision', { post_id: 1, revision_id: 101 });
+
+    const logs = getAuditLogs();
+    const entry = logs.find(l => l.tool === 'wp_delete_revision');
+    expect(entry).toBeDefined();
+    expect(entry.status).toBe('success');
+  });
+});

package/tests/unit/tools/search.test.js

@@ -0,0 +1,190 @@
+import { vi, describe, it, expect, beforeEach, afterEach } from 'vitest';
+
+vi.mock('node-fetch', () => ({ default: vi.fn() }));
+
+import fetch from 'node-fetch';
+import { handleToolCall } from '../../../index.js';
+import { mockSuccess, mockError, getAuditLogs, makeRequest, parseResult } from '../../helpers/mockWpRequest.js';
+
+function call(name, args = {}) {
+  return handleToolCall(makeRequest(name, args));
+}
+
+let consoleSpy;
+beforeEach(() => { fetch.mockReset(); consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {}); });
+afterEach(() => { consoleSpy.mockRestore(); });
+
+// =========================================================================
+// wp_search
+// =========================================================================
+
+describe('wp_search', () => {
+  const searchResults = [
+    { id: 1, title: 'Post 1', url: 'https://test.example.com/post-1', type: 'post', subtype: 'post' },
+    { id: 10, title: 'About', url: 'https://test.example.com/about', type: 'post', subtype: 'page' },
+  ];
+
+  it('SUCCESS — returns query, total, and results array', async () => {
+    mockSuccess(searchResults);
+
+    const res = await call('wp_search', { search: 'test' });
+    const data = parseResult(res);
+
+    expect(data.query).toBe('test');
+    expect(data.total).toBe(2);
+    expect(data.results).toHaveLength(2);
+
+    const first = data.results[0];
+    expect(first).toEqual(
+      expect.objectContaining({ id: 1, title: 'Post 1', url: 'https://test.example.com/post-1', type: 'post', subtype: 'post' })
+    );
+    const second = data.results[1];
+    expect(second).toEqual(
+      expect.objectContaining({ id: 10, title: 'About', url: 'https://test.example.com/about', type: 'post', subtype: 'page' })
+    );
+  });
+
+  it('ERROR 403 — returns error message', async () => {
+    mockError(403, '{"code":"rest_forbidden"}');
+
+    const res = await call('wp_search', { search: 'secret' });
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('403');
+  });
+
+  it('AUDIT — logs search action on success', async () => {
+    mockSuccess(searchResults);
+
+    await call('wp_search', { search: 'audit-test' });
+
+    const logs = getAuditLogs();
+    const entry = logs.find(l => l.tool === 'wp_search');
+    expect(entry).toBeDefined();
+    expect(entry.status).toBe('success');
+    expect(entry.action).toBe('search');
+  });
+});
+
+// =========================================================================
+// wp_list_post_types
+// =========================================================================
+
+describe('wp_list_post_types', () => {
+  const typesResponse = {
+    post: { slug: 'post', name: 'Posts', description: '', hierarchical: false, rest_base: 'posts' },
+    page: { slug: 'page', name: 'Pages', description: '', hierarchical: true, rest_base: 'pages' },
+    product: { slug: 'product', name: 'Products', description: 'Custom products', hierarchical: false, rest_base: 'products' },
+  };
+
+  it('SUCCESS — returns total and post_types array', async () => {
+    mockSuccess(typesResponse);
+
+    const res = await call('wp_list_post_types');
+    const data = parseResult(res);
+
+    expect(data.total).toBe(3);
+    expect(data.post_types).toHaveLength(3);
+
+    const product = data.post_types.find(t => t.slug === 'product');
+    expect(product).toEqual(
+      expect.objectContaining({ slug: 'product', name: 'Products', description: 'Custom products', hierarchical: false, rest_base: 'products' })
+    );
+  });
+
+  it('ERROR 403 — returns error message', async () => {
+    mockError(403, '{"code":"rest_forbidden"}');
+
+    const res = await call('wp_list_post_types');
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('403');
+  });
+
+  it('AUDIT — logs list action on success', async () => {
+    mockSuccess(typesResponse);
+
+    await call('wp_list_post_types');
+
+    const logs = getAuditLogs();
+    const entry = logs.find(l => l.tool === 'wp_list_post_types');
+    expect(entry).toBeDefined();
+    expect(entry.status).toBe('success');
+    expect(entry.action).toBe('list');
+  });
+});
+
+// =========================================================================
+// wp_list_custom_posts
+// =========================================================================
+
+describe('wp_list_custom_posts', () => {
+  const typesResponse = {
+    post: { slug: 'post', name: 'Posts', description: '', hierarchical: false, rest_base: 'posts' },
+    page: { slug: 'page', name: 'Pages', description: '', hierarchical: true, rest_base: 'pages' },
+    product: { slug: 'product', name: 'Products', description: 'Custom products', hierarchical: false, rest_base: 'products' },
+  };
+
+  const productPosts = [
+    {
+      id: 50,
+      title: { rendered: 'Widget' },
+      status: 'publish',
+      date: '2024-01-01',
+      link: 'https://test.example.com/product/widget',
+      slug: 'widget',
+      type: 'product',
+      meta: {},
+    },
+  ];
+
+  it('SUCCESS — fetches types then custom posts', async () => {
+    // First call: GET /types
+    mockSuccess(typesResponse);
+    // Second call: GET /products?...
+    mockSuccess(productPosts);
+
+    const res = await call('wp_list_custom_posts', { post_type: 'product' });
+    const data = parseResult(res);
+
+    expect(data.post_type).toBe('product');
+    expect(data.total).toBe(1);
+    expect(data.posts).toHaveLength(1);
+    expect(data.posts[0]).toEqual(
+      expect.objectContaining({ id: 50, title: 'Widget', status: 'publish', slug: 'widget', type: 'product' })
+    );
+  });
+
+  it('ERROR — post type not found', async () => {
+    // Return types without the requested type
+    const limitedTypes = {
+      post: { slug: 'post', name: 'Posts', description: '', hierarchical: false, rest_base: 'posts' },
+      page: { slug: 'page', name: 'Pages', description: '', hierarchical: true, rest_base: 'pages' },
+    };
+    mockSuccess(limitedTypes);
+
+    const res = await call('wp_list_custom_posts', { post_type: 'nonexistent' });
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('not found');
+  });
+
+  it('ERROR 403 — returns error', async () => {
+    mockError(403, '{"code":"rest_forbidden"}');
+
+    const res = await call('wp_list_custom_posts', { post_type: 'product' });
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('403');
+  });
+
+  it('AUDIT — logs list action on success', async () => {
+    mockSuccess(typesResponse);
+    mockSuccess(productPosts);
+
+    await call('wp_list_custom_posts', { post_type: 'product' });
+
+    const logs = getAuditLogs();
+    const entry = logs.find(l => l.tool === 'wp_list_custom_posts');
+    expect(entry).toBeDefined();
+    expect(entry.status).toBe('success');
+    expect(entry.action).toBe('list');
+    expect(entry.params.post_type).toBe('product');
+  });
+});