@adsim/wordpress-mcp-server 3.1.0 → 4.5.0

package/tests/unit/tools/site.test.js

@@ -72,10 +72,15 @@ describe('wp_site_info', () => {
     expect(typeof data.enterprise_controls.draft_only).toBe('boolean');
     expect(typeof data.enterprise_controls.delete_disabled).toBe('boolean');
     expect(typeof data.enterprise_controls.plugin_management_disabled).toBe('boolean');
+    expect(typeof data.enterprise_controls.confirm_destructive).toBe('boolean');
+
+    // Control sources
+    expect(data.enterprise_controls.read_only_source).toBeDefined();
+    expect(['global', 'target', 'both', 'none']).toContain(data.enterprise_controls.read_only_source);
 
     // Server info
     expect(data.server.mcp_version).toBeDefined();
-    expect(data.server.tools_count).toBe(35);
+    expect(data.server.tools_count).toBe(85);
   });
 
   it('SUCCESS — enterprise_controls reflect WP_READ_ONLY env var', async () => {

package/tests/unit/tools/woocommerce.test.js

@@ -0,0 +1,344 @@
+import { vi, describe, it, expect, beforeEach, afterEach } from 'vitest';
+
+vi.mock('node-fetch', () => ({ default: vi.fn() }));
+
+import fetch from 'node-fetch';
+import { handleToolCall, _testSetTarget } from '../../../index.js';
+import { mockSuccess, mockError, getAuditLogs, makeRequest, parseResult } from '../../helpers/mockWpRequest.js';
+
+function call(name, args = {}) {
+  return handleToolCall(makeRequest(name, args));
+}
+
+let consoleSpy;
+beforeEach(() => {
+  fetch.mockReset();
+  consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+  process.env.WC_CONSUMER_KEY = 'ck_test';
+  process.env.WC_CONSUMER_SECRET = 'cs_test';
+});
+afterEach(() => {
+  consoleSpy.mockRestore();
+  _testSetTarget(null);
+  delete process.env.WC_CONSUMER_KEY;
+  delete process.env.WC_CONSUMER_SECRET;
+});
+
+// =========================================================================
+// Mock data
+// =========================================================================
+
+const product1 = {
+  id: 101, name: 'T-Shirt', slug: 't-shirt', status: 'publish',
+  price: '19.99', regular_price: '24.99', sale_price: '19.99',
+  stock_status: 'instock', stock_quantity: 50,
+  categories: [{ id: 5, name: 'Clothing' }],
+  images: [{ src: 'https://shop.example.com/img/tshirt.jpg' }],
+  permalink: 'https://shop.example.com/product/t-shirt',
+  type: 'simple', variations: []
+};
+
+const product2 = {
+  id: 102, name: 'Hoodie', slug: 'hoodie', status: 'publish',
+  price: '49.99', regular_price: '49.99', sale_price: '',
+  stock_status: 'instock', stock_quantity: 20,
+  categories: [{ id: 5, name: 'Clothing' }],
+  images: [{ src: 'https://shop.example.com/img/hoodie.jpg' }],
+  permalink: 'https://shop.example.com/product/hoodie',
+  type: 'variable', variations: [201, 202]
+};
+
+const order1 = {
+  id: 500, number: '500', status: 'processing',
+  date_created: '2026-02-01T10:00:00',
+  customer_id: 10,
+  billing: { first_name: 'John', last_name: 'Doe', email: 'john@example.com' },
+  total: '69.98', currency: 'EUR',
+  line_items: [{ name: 'T-Shirt', quantity: 2, total: '39.98' }, { name: 'Hoodie', quantity: 1, total: '49.99' }],
+  shipping: {}, payment_method: 'stripe', transaction_id: 'txn_123', meta_data: []
+};
+
+const customer1 = {
+  id: 10, first_name: 'John', last_name: 'Doe', email: 'john@example.com',
+  date_created: '2025-06-15T08:00:00', orders_count: 5, total_spent: '350.00', username: 'johndoe'
+};
+
+// =========================================================================
+// wc_list_products
+// =========================================================================
+
+describe('wc_list_products', () => {
+  it('SUCCESS — returns product list', async () => {
+    _testSetTarget('shop', { url: 'https://shop.example.com', username: 'u', password: 'p' });
+    mockSuccess([product1, product2]);
+
+    const res = await call('wc_list_products');
+    const data = parseResult(res);
+
+    expect(data.total).toBe(2);
+    expect(data.products[0].id).toBe(101);
+    expect(data.products[0].name).toBe('T-Shirt');
+    expect(data.products[0].price).toBe('19.99');
+    expect(data.products[0].categories[0].name).toBe('Clothing');
+    expect(data.products[0].image).toBe('https://shop.example.com/img/tshirt.jpg');
+
+    const logs = getAuditLogs();
+    const entry = logs.find(l => l.tool === 'wc_list_products');
+    expect(entry).toBeDefined();
+    expect(entry.status).toBe('success');
+  });
+
+  it('BLOCKED — WP_READ_ONLY prevents access', async () => {
+    const original = process.env.WP_READ_ONLY;
+    process.env.WP_READ_ONLY = 'true';
+    try {
+      const res = await call('wc_list_products');
+      expect(res.isError).toBe(true);
+      expect(res.content[0].text).toContain('READ-ONLY');
+    } finally {
+      if (original === undefined) delete process.env.WP_READ_ONLY;
+      else process.env.WP_READ_ONLY = original;
+    }
+  });
+
+  it('ERROR — WC credentials missing', async () => {
+    delete process.env.WC_CONSUMER_KEY;
+    delete process.env.WC_CONSUMER_SECRET;
+    _testSetTarget('shop', { url: 'https://shop.example.com', username: 'u', password: 'p' });
+
+    const res = await call('wc_list_products');
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('WC_CONSUMER_KEY');
+  });
+});
+
+// =========================================================================
+// wc_get_product
+// =========================================================================
+
+describe('wc_get_product', () => {
+  it('SUCCESS — returns full product details', async () => {
+    _testSetTarget('shop', { url: 'https://shop.example.com', username: 'u', password: 'p' });
+    mockSuccess(product1);
+
+    const res = await call('wc_get_product', { id: 101 });
+    const data = parseResult(res);
+
+    expect(data.id).toBe(101);
+    expect(data.name).toBe('T-Shirt');
+    expect(data.price).toBe('19.99');
+  });
+
+  it('SUCCESS — variable product includes variations_detail', async () => {
+    _testSetTarget('shop', { url: 'https://shop.example.com', username: 'u', password: 'p' });
+    mockSuccess(product2); // variable product with variations [201, 202]
+    mockSuccess([
+      { id: 201, sku: 'hoodie-s', price: '49.99', regular_price: '49.99', sale_price: '', stock_status: 'instock', stock_quantity: 10, attributes: [{ name: 'Size', option: 'S' }] },
+      { id: 202, sku: 'hoodie-l', price: '49.99', regular_price: '49.99', sale_price: '', stock_status: 'instock', stock_quantity: 10, attributes: [{ name: 'Size', option: 'L' }] }
+    ]);
+
+    const res = await call('wc_get_product', { id: 102 });
+    const data = parseResult(res);
+
+    expect(data.id).toBe(102);
+    expect(data.type).toBe('variable');
+    expect(data.variations_detail).toHaveLength(2);
+    expect(data.variations_detail[0].sku).toBe('hoodie-s');
+    expect(data.variations_detail[1].attributes[0].option).toBe('L');
+  });
+
+  it('ERROR — product not found (404)', async () => {
+    _testSetTarget('shop', { url: 'https://shop.example.com', username: 'u', password: 'p' });
+    mockError(404, '{"code":"woocommerce_rest_product_invalid_id","message":"Invalid ID."}');
+
+    const res = await call('wc_get_product', { id: 999 });
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('404');
+  });
+});
+
+// =========================================================================
+// wc_list_orders
+// =========================================================================
+
+describe('wc_list_orders', () => {
+  it('SUCCESS — returns order list', async () => {
+    _testSetTarget('shop', { url: 'https://shop.example.com', username: 'u', password: 'p' });
+    mockSuccess([order1]);
+
+    const res = await call('wc_list_orders');
+    const data = parseResult(res);
+
+    expect(data.total).toBe(1);
+    expect(data.orders[0].id).toBe(500);
+    expect(data.orders[0].status).toBe('processing');
+    expect(data.orders[0].billing_name).toBe('John Doe');
+    expect(data.orders[0].billing_email).toBe('john@example.com');
+    expect(data.orders[0].total).toBe('69.98');
+    expect(data.orders[0].line_items).toHaveLength(2);
+  });
+
+  it('BLOCKED — WP_READ_ONLY prevents access', async () => {
+    const original = process.env.WP_READ_ONLY;
+    process.env.WP_READ_ONLY = 'true';
+    try {
+      const res = await call('wc_list_orders');
+      expect(res.isError).toBe(true);
+      expect(res.content[0].text).toContain('READ-ONLY');
+    } finally {
+      if (original === undefined) delete process.env.WP_READ_ONLY;
+      else process.env.WP_READ_ONLY = original;
+    }
+  });
+
+  it('SUCCESS — filter by status', async () => {
+    _testSetTarget('shop', { url: 'https://shop.example.com', username: 'u', password: 'p' });
+    mockSuccess([order1]);
+
+    const res = await call('wc_list_orders', { status: 'processing' });
+    const data = parseResult(res);
+    expect(data.orders[0].status).toBe('processing');
+
+    // Verify the fetch URL contained the status param
+    const fetchUrl = fetch.mock.calls[0][0];
+    expect(fetchUrl).toContain('status=processing');
+  });
+});
+
+// =========================================================================
+// wc_get_order
+// =========================================================================
+
+describe('wc_get_order', () => {
+  it('SUCCESS — returns full order details', async () => {
+    _testSetTarget('shop', { url: 'https://shop.example.com', username: 'u', password: 'p' });
+    mockSuccess(order1);
+
+    const res = await call('wc_get_order', { id: 500 });
+    const data = parseResult(res);
+
+    expect(data.id).toBe(500);
+    expect(data.billing.first_name).toBe('John');
+    expect(data.payment_method).toBe('stripe');
+    expect(data.line_items).toHaveLength(2);
+  });
+
+  it('ERROR — order not found (404)', async () => {
+    _testSetTarget('shop', { url: 'https://shop.example.com', username: 'u', password: 'p' });
+    mockError(404, '{"code":"woocommerce_rest_shop_order_invalid_id","message":"Invalid ID."}');
+
+    const res = await call('wc_get_order', { id: 999 });
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('404');
+  });
+});
+
+// =========================================================================
+// wc_list_customers
+// =========================================================================
+
+describe('wc_list_customers', () => {
+  it('SUCCESS — returns customer list', async () => {
+    _testSetTarget('shop', { url: 'https://shop.example.com', username: 'u', password: 'p' });
+    mockSuccess([customer1]);
+
+    const res = await call('wc_list_customers');
+    const data = parseResult(res);
+
+    expect(data.total).toBe(1);
+    expect(data.customers[0].id).toBe(10);
+    expect(data.customers[0].first_name).toBe('John');
+    expect(data.customers[0].email).toBe('john@example.com');
+    expect(data.customers[0].orders_count).toBe(5);
+    expect(data.customers[0].total_spent).toBe('350.00');
+  });
+
+  it('BLOCKED — WP_READ_ONLY prevents access', async () => {
+    const original = process.env.WP_READ_ONLY;
+    process.env.WP_READ_ONLY = 'true';
+    try {
+      const res = await call('wc_list_customers');
+      expect(res.isError).toBe(true);
+      expect(res.content[0].text).toContain('READ-ONLY');
+    } finally {
+      if (original === undefined) delete process.env.WP_READ_ONLY;
+      else process.env.WP_READ_ONLY = original;
+    }
+  });
+});
+
+// =========================================================================
+// wc_price_guardrail
+// =========================================================================
+
+describe('wc_price_guardrail', () => {
+  it('SAFE — price change within default threshold (20%)', async () => {
+    _testSetTarget('shop', { url: 'https://shop.example.com', username: 'u', password: 'p' });
+    mockSuccess({ id: 101, name: 'T-Shirt', price: '100.00' });
+
+    const res = await call('wc_price_guardrail', { product_id: 101, new_price: 110 });
+    const data = parseResult(res);
+
+    expect(data.safe).toBe(true);
+    expect(data.current_price).toBe(100);
+    expect(data.new_price).toBe(110);
+    expect(data.change_percent).toBe(10);
+    expect(data.message).toContain('within threshold');
+
+    const logs = getAuditLogs();
+    const entry = logs.find(l => l.tool === 'wc_price_guardrail');
+    expect(entry).toBeDefined();
+    expect(entry.action).toBe('price_check');
+  });
+
+  it('UNSAFE — price change exceeds threshold', async () => {
+    _testSetTarget('shop', { url: 'https://shop.example.com', username: 'u', password: 'p' });
+    mockSuccess({ id: 101, name: 'T-Shirt', price: '100.00' });
+
+    const res = await call('wc_price_guardrail', { product_id: 101, new_price: 150 });
+    const data = parseResult(res);
+
+    expect(data.safe).toBe(false);
+    expect(data.change_percent).toBe(50);
+    expect(data.requires_confirmation).toBe(true);
+    expect(data.message).toContain('exceeds threshold');
+  });
+
+  it('CUSTOM THRESHOLD — respects threshold_percent param', async () => {
+    _testSetTarget('shop', { url: 'https://shop.example.com', username: 'u', password: 'p' });
+    mockSuccess({ id: 101, name: 'T-Shirt', price: '100.00' });
+
+    const res = await call('wc_price_guardrail', { product_id: 101, new_price: 108, threshold_percent: 5 });
+    const data = parseResult(res);
+
+    expect(data.safe).toBe(false);
+    expect(data.change_percent).toBe(8);
+    expect(data.message).toContain('5%');
+  });
+
+  it('ERROR — product not found', async () => {
+    _testSetTarget('shop', { url: 'https://shop.example.com', username: 'u', password: 'p' });
+    mockError(404, '{"code":"woocommerce_rest_product_invalid_id","message":"Invalid ID."}');
+
+    const res = await call('wc_price_guardrail', { product_id: 999, new_price: 50 });
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('404');
+  });
+
+  it('NOT blocked by WP_READ_ONLY (analysis only)', async () => {
+    const original = process.env.WP_READ_ONLY;
+    process.env.WP_READ_ONLY = 'true';
+    try {
+      _testSetTarget('shop', { url: 'https://shop.example.com', username: 'u', password: 'p' });
+      mockSuccess({ id: 101, name: 'T-Shirt', price: '100.00' });
+
+      const res = await call('wc_price_guardrail', { product_id: 101, new_price: 110 });
+      expect(res.isError).toBeUndefined();
+      const data = parseResult(res);
+      expect(data.safe).toBe(true);
+    } finally {
+      if (original === undefined) delete process.env.WP_READ_ONLY;
+      else process.env.WP_READ_ONLY = original;
+    }
+  });
+});