@adsim/wordpress-mcp-server 4.5.0 → 4.6.0

package/README.md

@@ -3,14 +3,14 @@
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Node.js](https://img.shields.io/badge/Node.js-%3E%3D18-green.svg)](https://nodejs.org/)
 [![MCP SDK](https://img.shields.io/badge/MCP-SDK-blue.svg)](https://github.com/anthropics/mcp)
-[![Tests](https://img.shields.io/badge/tests-674%20passing-brightgreen.svg)](https://github.com/GeorgesAdSim/wordpress-mcp-server/actions)
+[![Tests](https://img.shields.io/badge/tests-767%20passing-brightgreen.svg)](https://github.com/GeorgesAdSim/wordpress-mcp-server/actions)
 [![npm](https://img.shields.io/npm/v/@adsim/wordpress-mcp-server.svg)](https://www.npmjs.com/package/@adsim/wordpress-mcp-server)
 
 **Enterprise Governance · Audit Trail · Multi-Site · Plugin-Free**
 
 The enterprise governance layer for Claude-to-WordPress integrations — secure, auditable, and multi-site.
 
-**v4.5.0 Enterprise** · 85 tools · 674 Vitest tests · GitHub Actions CI · HTTP Streamable transport · MCPB bundle · SEO metadata · SEO audit suite · Content intelligence · Plugin intelligence · Plugin & theme management · Revision control · Editorial approval workflow · Destructive confirmation · Internal link analysis · WooCommerce (read + intelligence + write) · Execution controls · JSON audit trail · Multi-site targeting
+**v4.6.0 Enterprise** · 92 tools · 767 Vitest tests · GitHub Actions CI · HTTP Streamable transport · MCPB bundle · SEO metadata · SEO audit suite · Content intelligence · Plugin intelligence · Plugin layer (ACF, Elementor) · Plugin & theme management · Revision control · Editorial approval workflow · Destructive confirmation · Internal link analysis · WooCommerce (read + intelligence + write) · Execution controls · JSON audit trail · Multi-site targeting
 
 ---
 
@@ -174,7 +174,7 @@ npx -y @adsim/wordpress-mcp-server
 ### Health check
 ```bash
 curl http://localhost:3000/health
-# → { "status": "ok", "version": "4.4.0", "transport": "http" }
+# → { "status": "ok", "version": "4.6.0", "transport": "http" }
 ```
 
 ### Connect an MCP client via HTTP
@@ -214,7 +214,7 @@ Double-click `wordpress-mcp-server.mcpb` — Claude Desktop will prompt for:
 
 ---
 
-## Available Tools (79)
+## Available Tools (92)
 
 ### Content Management
 
@@ -311,6 +311,33 @@ All SEO audit tools are read-only and always allowed regardless of governance fl
 
 All Content Intelligence tools are read-only and always allowed regardless of governance flags.
 
+### Plugin Intelligence Layer
+
+> New in v4.6.0 — Extensible adapter architecture for third-party WordPress plugins. Adapters activate only when the plugin is detected via REST API namespace discovery.
+
+Disable all plugin tools: `WP_DISABLE_PLUGIN_LAYERS=true`
+
+**ACF (Advanced Custom Fields)**
+
+| Tool | Description |
+|---|---|
+| `acf_get_fields` | Get ACF custom fields for a post/page with key filtering and raw/compact/summary modes |
+| `acf_list_field_groups` | List all configured ACF field groups |
+| `acf_get_field_group` | Get full detail of an ACF field group by ID |
+| `acf_update_fields` | Update ACF custom fields for a post/page. Write — blocked by `WP_READ_ONLY` |
+
+Requires ACF Pro or ACF Free with REST API enabled (`/acf/v3` namespace).
+
+**Elementor**
+
+| Tool | Description |
+|---|---|
+| `elementor_list_templates` | List Elementor templates (page, section, block, popup) with type filtering |
+| `elementor_get_template` | Get full Elementor template content and elements. Context-guarded at 50k chars |
+| `elementor_get_page_data` | Get Elementor editor data for a post/page: widgets used, elements count |
+
+Requires Elementor Free or Pro (`/elementor/v1` namespace).
+
 ### Plugins
 
 | Tool | Description |
@@ -387,7 +414,7 @@ All WooCommerce write tools are blocked by `WP_READ_ONLY`. `wc_price_guardrail`
 | Tool | Description |
 |---|---|
 | `wp_set_target` | Switch active WordPress site in multi-target mode |
-| `wp_site_info` | Site info, current user, post types, enterprise controls, and available targets |
+| `wp_site_info` | Site info, current user, post types, enterprise controls, available targets, and `plugin_layer` (detected plugins, tools count) |
 
 ---
 
@@ -716,7 +743,7 @@ WC_PRICE_GUARDRAIL_THRESHOLD=20   # percentage — changes above this require ex
 
 ## Testing
 
-674 unit tests covering all 85 tools — zero network calls, fully mocked.
+767 unit tests covering all 92 tools — zero network calls, fully mocked.
 ```bash
 npm test              # run all tests (vitest)
 npm run test:watch    # watch mode
@@ -756,7 +783,17 @@ npm run test:coverage # coverage report
 | `transport/http.test.js` | HTTP transport, Bearer auth, sessions | 10 |
 | `pluginDetector.test.js` | SEO plugin detection, rendered head, HTML head parsing | 13 |
 | `pluginIntelligence.test.js` | 6 plugin intelligence tools: rendered head, rendered SEO audit, pillar content, schema plugins, SEO score, Twitter meta | 48 |
-| `dxt/manifest.test.js` | MCPB manifest validation, 85 tools declared | 10 |
+| `dxt/manifest.test.js` | MCPB manifest validation, 86 tools declared | 10 |
+| `dynamicFiltering.test.js` | WooCommerce/editorial/plugin-intelligence filtering, combined counts, callable when filtered | 9 |
+| `outputCompression.test.js` | mode=full/summary/ids_only for 10 listing tools (pages, media, comments, categories, tags, users, custom posts, plugins, themes, revisions) | 30 |
+| `siteOptions.test.js` | wp_get_site_options: all options, key filtering, 403, audit log, not blocked by WP_READ_ONLY | 5 |
+| `plugins/registry.test.js` | PluginRegistry: ACF/Elementor detection, empty namespaces, WP_DISABLE_PLUGIN_LAYERS, getSummary | 6 |
+| `plugins/contextGuard.test.js` | applyContextGuard: under threshold, truncation, raw bypass, stderr log | 4 |
+| `plugins/iPluginAdapter.test.js` | validateAdapter: complete adapter, missing id, missing getTools | 3 |
+| `plugins/acf/acfAdapter.test.js` | ACF read tools: get fields, filter, contextGuard, 404, list groups, get group, audit log | 10 |
+| `plugins/acf/acfAdapter.write.test.js` | ACF write: update fields, WP_READ_ONLY blocking, validation, 404/403, audit log | 8 |
+| `plugins/elementor/elementorAdapter.test.js` | Elementor adapter: list/get templates, page data, contextGuard, validation, namespace detection, audit log | 10 |
+| `pluginLayer.test.js` | Plugin Layer integration: listTools, callTool routing, wp_site_info, WP_DISABLE_PLUGIN_LAYERS, no collisions | 8 |
 
 Each test verifies: success response shape, governance blocking (write tools), HTTP error handling (403/404), and audit log entries.
 
@@ -853,7 +890,7 @@ The server performs a health check on startup: REST API connectivity, user authe
 - Credentials never logged — audit trail sanitizes all sensitive data
 - No credentials in code — `.env` or environment variables only
 - Instant revocation — Application Passwords can be revoked from WordPress admin
-- Traceable requests — custom `User-Agent: WordPress-MCP-Server/4.4.0`
+- Traceable requests — custom `User-Agent: WordPress-MCP-Server/4.6.0`
 - Bearer token auth in HTTP mode — timing-safe comparison, no token in logs
 - Origin validation in HTTP mode — anti-DNS-rebinding protection
 
@@ -926,6 +963,50 @@ npx @modelcontextprotocol/inspector node index.js
 
 ## Changelog
 
+### v4.6.0 (2026-02-22) — Plugin Intelligence Layer
+
+Extensible adapter architecture for third-party WordPress plugins. Adapters activate only when their plugin is detected via REST API namespace discovery — zero overhead when plugins are absent.
+
+**Architecture:**
+- `src/plugins/registry.js` — PluginRegistry with automatic plugin detection via REST namespaces. `WP_DISABLE_PLUGIN_LAYERS=true` disables all plugin tools
+- `src/plugins/contextGuard.js` — LLM context overflow protection: automatic truncation at 50k chars with truncation metadata
+- `src/plugins/IPluginAdapter.js` — Adapter contract interface: id, namespace, riskLevel, contextConfig, getTools, handleTool
+- `wp_site_info` now reports `plugin_layer` (detected plugins, available tools count)
+
+**ACF Adapter:**
+- `acf_get_fields` — ACF custom fields with key filtering, raw/compact/summary modes
+- `acf_list_field_groups` — all configured field groups
+- `acf_get_field_group` — field group detail by ID
+- `acf_update_fields` — update custom fields. Blocked by `WP_READ_ONLY`. riskLevel: "medium"
+
+**Elementor Adapter (read-only):**
+- `elementor_list_templates` — templates with type filter (page/section/block/popup)
+- `elementor_get_template` — full template content, context-guarded at 50k chars
+- `elementor_get_page_data` — widgets used, elements count, Elementor status per post
+
+767 Vitest unit tests · 92 tools
+
+### v4.5.1 (2026-02-21) — Context Optimization
+
+LLM context reduction across all 85 tools — zero breaking changes.
+
+**Dynamic filtering:**
+- `getFilteredTools()` hides WooCommerce (13), editorial (3), and plugin intelligence (6) tools when their env vars are absent
+- `listTools` returns only exposed tools; `callTool` still handles all 85
+- `wp_site_info` now reports `tools_total`, `tools_exposed`, `filtered_out`
+
+**LLM-optimized descriptions:**
+- All 85 tool descriptions rewritten: `"Use when [TRIGGER]. [ACTION]. [Read-only | Write — blocked by X]. [Hint: optional]"`
+
+**Schema compact:**
+- Redundant `description` fields removed from `inputSchema` properties (id, per_page, page, status with enum, search, force, post_type with enum, etc.)
+
+**Output compression (`mode` parameter):**
+- 10 listing tools gain `mode` param: `full` (default), `summary` (key fields only), `ids_only` (flat array)
+- wp_list_pages, wp_list_media, wp_list_comments, wp_list_categories, wp_list_tags, wp_list_users, wp_list_custom_posts, wp_list_plugins, wp_list_themes, wp_list_revisions
+
+713 Vitest unit tests · 85 tools
+
 ### v4.5.0 (2026-02-21) — Plugin Intelligence (RankMath + Yoast)
 
 6 new tools exploiting native RankMath and Yoast SEO API endpoints for rendered head analysis, schema validation, and social meta management.
@@ -1091,16 +1172,16 @@ All Content Intelligence tools are read-only and always allowed regardless of go
 
 ## Roadmap
 
-### v4.5 — GSC Integration
+### v4.7 — GSC Integration
 - `wp_get_gsc_performance` — Google Search Console API (clicks, impressions, position, CTR per URL)
 - `wp_find_quick_win_keywords` — surface keywords ranking positions 11–20 for targeted updates
 - `wp_seo_content_decay` — cross-reference GSC traffic loss with content age to prioritize refresh candidates
 
-### v4.6 — Redirect Intelligence
+### v4.8 — Redirect Intelligence
 - `wp_create_redirect` — create 301 redirects via Redirection plugin or RankMath/Yoast Redirects. Auto-triggered governance hook when `wp_update_post` changes a slug
 - `wp_list_404_errors` — surface recent 404s from Redirection plugin log
 
-### v4.7 — OAuth & Registry
+### v4.9 — OAuth & Registry
 - OAuth 2.0 / JWT authentication
 - MCP Registry submission
 

package/dxt/manifest.json

@@ -2,9 +2,9 @@
   "manifest_version": "0.3",
   "name": "wordpress-mcp-server",
   "display_name": "WordPress MCP Server",
-  "version": "4.5.0",
-  "description": "Manage your WordPress site from Claude Desktop — posts, pages, media, SEO audits, content intelligence, plugin intelligence, plugins, themes, revisions, WooCommerce, content compression, and more. 85 tools, no WordPress plugin required.",
-  "long_description": "A full-featured MCP server for WordPress REST API integration. Manage posts, pages, media, categories, tags, comments, users, SEO metadata, plugins, themes, revisions, and WooCommerce products/orders/customers through 85 tools — all from Claude Desktop.\n\nNo WordPress plugin required. Uses the built-in WordPress REST API with Application Passwords for secure authentication.\n\nFeatures:\n- Content management: create, read, update, delete posts and pages\n- Content compression: field filtering, content_format (html/text/links_only), list modes (full/summary/ids_only) for LLM context optimization\n- Content intelligence: readability scoring, duplicate detection, entity extraction, publishing velocity, revision diff, content structure analysis, FAQ extraction, CTA detection, link mapping, anchor text audit, schema markup validation\n- Plugin intelligence: SEO plugin detection (RankMath/Yoast/SEOPress), rendered head analysis, schema validation from plugin fields, SEO score reading, Twitter Card meta, pillar content management\n- Editorial approval workflow: submit for review, approve, reject\n- Media library: list, get details, upload from URL\n- Taxonomy: categories, tags, custom post types\n- SEO: auto-detects Yoast, RankMath, SEOPress, or All in One SEO\n- SEO audit suite: media alt text, orphan pages, heading structure, thin content, canonicals, E-E-A-T signals, broken links, keyword cannibalization, taxonomy bloat, outbound links\n- Plugins & themes: list, activate, deactivate\n- Revisions: list, view, restore, delete\n- WooCommerce read: products, orders, customers, price guardrail\n- WooCommerce intelligence: inventory alerts, order analytics, product SEO audit, product link suggestions\n- WooCommerce write: update products (with price guardrail), stock management, order status transitions\n- Enterprise controls: read-only mode, draft-only, disable-delete, require-approval (global and per-target)\n- Multi-site: target multiple WordPress installations with per-target controls",
+  "version": "4.6.0",
+  "description": "Manage your WordPress site from Claude Desktop — posts, pages, media, SEO audits, content intelligence, plugin intelligence, plugin layer (ACF, Elementor), plugins, themes, revisions, WooCommerce, content compression, and more. 92 tools, no WordPress plugin required.",
+  "long_description": "A full-featured MCP server for WordPress REST API integration. Manage posts, pages, media, categories, tags, comments, users, SEO metadata, plugins, themes, revisions, and WooCommerce products/orders/customers through 92 tools — all from Claude Desktop.\n\nNo WordPress plugin required. Uses the built-in WordPress REST API with Application Passwords for secure authentication.\n\nFeatures:\n- Content management: create, read, update, delete posts and pages\n- Content compression: field filtering, content_format (html/text/links_only), list modes (full/summary/ids_only) for LLM context optimization\n- Content intelligence: readability scoring, duplicate detection, entity extraction, publishing velocity, revision diff, content structure analysis, FAQ extraction, CTA detection, link mapping, anchor text audit, schema markup validation\n- Plugin intelligence: SEO plugin detection (RankMath/Yoast/SEOPress), rendered head analysis, schema validation from plugin fields, SEO score reading, Twitter Card meta, pillar content management\n- Plugin layer: extensible adapter architecture for third-party plugins (ACF, Elementor). Adapters activate only when plugin detected via REST namespace discovery\n- Editorial approval workflow: submit for review, approve, reject\n- Media library: list, get details, upload from URL\n- Taxonomy: categories, tags, custom post types\n- SEO: auto-detects Yoast, RankMath, SEOPress, or All in One SEO\n- SEO audit suite: media alt text, orphan pages, heading structure, thin content, canonicals, E-E-A-T signals, broken links, keyword cannibalization, taxonomy bloat, outbound links\n- Plugins & themes: list, activate, deactivate\n- Revisions: list, view, restore, delete\n- WooCommerce read: products, orders, customers, price guardrail\n- WooCommerce intelligence: inventory alerts, order analytics, product SEO audit, product link suggestions\n- WooCommerce write: update products (with price guardrail), stock management, order status transitions\n- Enterprise controls: read-only mode, draft-only, disable-delete, require-approval (global and per-target)\n- Multi-site: target multiple WordPress installations with per-target controls",
   "author": {
     "name": "AdSim",
     "email": "georges@adsim.be",
@@ -59,7 +59,7 @@
     { "name": "wp_list_custom_posts", "description": "List posts from any custom post type" },
     { "name": "wp_list_users", "description": "List users with roles" },
     { "name": "wp_set_target", "description": "Switch active WordPress site (multi-target mode)" },
-    { "name": "wp_site_info", "description": "Get site info, current user, post types, and enterprise controls" },
+    { "name": "wp_site_info", "description": "Get site info, current user, post types, enterprise controls, and plugin_layer (detected plugins, tools count)" },
     { "name": "wp_get_seo_meta", "description": "Get SEO metadata for a post or page" },
     { "name": "wp_update_seo_meta", "description": "Update SEO metadata for a post or page" },
     { "name": "wp_audit_seo", "description": "Audit SEO metadata across multiple posts/pages" },
@@ -118,7 +118,15 @@
     { "name": "wp_get_pillar_content", "description": "Read or set RankMath pillar/cornerstone content flag. Write mode blocked by WP_READ_ONLY" },
     { "name": "wp_audit_schema_plugins", "description": "Audit JSON-LD schemas from SEO plugin native fields (rank_math_schema or Yoast head)" },
     { "name": "wp_get_seo_score", "description": "Read RankMath native SEO score (0-100) with bulk mode distribution stats" },
-    { "name": "wp_get_twitter_meta", "description": "Read or write Twitter Card meta (title, description, image) from RankMath, Yoast, or SEOPress" }
+    { "name": "wp_get_twitter_meta", "description": "Read or write Twitter Card meta (title, description, image) from RankMath, Yoast, or SEOPress" },
+    { "name": "wp_get_site_options", "description": "Read WordPress site settings (title, tagline, language, timezone) via /wp/v2/settings. Requires manage_options" },
+    { "name": "acf_get_fields", "description": "Get ACF custom fields for a post/page with key filtering and raw/compact/summary modes. Requires ACF plugin" },
+    { "name": "acf_list_field_groups", "description": "List all configured ACF field groups. Requires ACF plugin" },
+    { "name": "acf_get_field_group", "description": "Get full detail of an ACF field group by ID. Requires ACF plugin" },
+    { "name": "acf_update_fields", "description": "Update ACF custom fields for a post/page. Write — blocked by WP_READ_ONLY. Requires ACF plugin" },
+    { "name": "elementor_list_templates", "description": "List Elementor templates (page, section, block, popup) with type filtering. Requires Elementor" },
+    { "name": "elementor_get_template", "description": "Get full Elementor template content and elements. Context-guarded at 50k chars. Requires Elementor" },
+    { "name": "elementor_get_page_data", "description": "Get Elementor editor data for a post/page: widgets used, elements count. Requires Elementor" }
   ],
   "keywords": [
     "wordpress",
@@ -136,7 +144,10 @@
     "ecommerce",
     "content-compression",
     "content-intelligence",
-    "plugin-intelligence"
+    "plugin-intelligence",
+    "plugin-layer",
+    "acf",
+    "elementor"
   ],
   "license": "MIT",
   "user_config": {