@adsim/wordpress-mcp-server 4.5.0 → 4.6.0

package/tests/unit/pluginLayer.test.js

@@ -0,0 +1,151 @@
+import { vi, describe, it, expect, beforeEach, afterEach } from 'vitest';
+
+vi.mock('node-fetch', () => ({ default: vi.fn() }));
+
+import fetch from 'node-fetch';
+import { handleToolCall, getFilteredTools, pluginRegistry } from '../../index.js';
+import { mockSuccess, makeRequest, parseResult } from '../helpers/mockWpRequest.js';
+import { acfAdapter } from '../../src/plugins/adapters/acf/acfAdapter.js';
+
+function call(name, args = {}) {
+  return handleToolCall(makeRequest(name, args));
+}
+
+let consoleSpy;
+const envBackup = {};
+
+function saveEnv(...keys) {
+  keys.forEach(k => { envBackup[k] = process.env[k]; });
+}
+function restoreEnv() {
+  Object.entries(envBackup).forEach(([k, v]) => {
+    if (v === undefined) delete process.env[k];
+    else process.env[k] = v;
+  });
+}
+
+beforeEach(() => {
+  fetch.mockReset();
+  consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+  saveEnv('WP_DISABLE_PLUGIN_LAYERS');
+  delete process.env.WP_DISABLE_PLUGIN_LAYERS;
+
+  // Reset registry to clean state
+  pluginRegistry.active.clear();
+});
+afterEach(() => {
+  consoleSpy.mockRestore();
+  restoreEnv();
+  pluginRegistry.active.clear();
+});
+
+// ── Helper: simulate ACF detected ──
+
+function simulateAcfDetected() {
+  pluginRegistry.active.set('acf', {
+    id: 'acf',
+    namespace: 'acf/v3',
+    version: null,
+    tools: acfAdapter.getTools(),
+  });
+}
+
+// =========================================================================
+// Tests
+// =========================================================================
+
+describe('Plugin Layer integration', () => {
+
+  it('listTools includes acf_get_fields when ACF is detected', () => {
+    simulateAcfDetected();
+    const tools = getFilteredTools();
+    const names = tools.map(t => t.name);
+    expect(names).toContain('acf_get_fields');
+    expect(names).toContain('acf_list_field_groups');
+    expect(names).toContain('acf_get_field_group');
+  });
+
+  it('listTools does NOT include ACF tools when WP_DISABLE_PLUGIN_LAYERS=true', () => {
+    simulateAcfDetected();
+    process.env.WP_DISABLE_PLUGIN_LAYERS = 'true';
+    const tools = getFilteredTools();
+    const names = tools.map(t => t.name);
+    expect(names).not.toContain('acf_get_fields');
+    expect(names).not.toContain('acf_list_field_groups');
+    expect(names).not.toContain('acf_get_field_group');
+  });
+
+  it('callTool("acf_get_fields") routes to the adapter handler', async () => {
+    simulateAcfDetected();
+
+    // Mock the ACF REST API response
+    fetch.mockResolvedValue(mockSuccess({ acf: { title: 'Hello', price: 42 } }));
+
+    const res = await call('acf_get_fields', { id: 10, post_type: 'posts' });
+    expect(res.isError).toBeUndefined();
+    const data = parseResult(res);
+    expect(data.acf.title).toBe('Hello');
+    expect(data.acf.price).toBe(42);
+    expect(data.id).toBe(10);
+  });
+
+  it('callTool("wp_list_posts") continues to work normally', async () => {
+    simulateAcfDetected();
+
+    const mockPost = { id: 1, title: { rendered: 'Test Post' }, slug: 'test', status: 'publish', date: '2024-01-01', link: 'https://test.example.com/test', excerpt: { rendered: 'excerpt' }, author: 1, categories: [1], tags: [] };
+    fetch.mockResolvedValue(mockSuccess([mockPost]));
+
+    const res = await call('wp_list_posts', { per_page: 1 });
+    expect(res.isError).toBeUndefined();
+    const data = parseResult(res);
+    expect(data.posts[0].title).toBe('Test Post');
+  });
+
+  it('callTool with unknown tool returns error', async () => {
+    const res = await call('totally_fake_tool', {});
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('Unknown tool');
+  });
+
+  it('wp_site_info includes plugin_layer in response', async () => {
+    simulateAcfDetected();
+
+    // wp_site_info makes 3 sequential fetch calls
+    const siteInfo = { name: 'Test', description: 'A test', url: 'https://test.example.com', gmt_offset: 1, timezone_string: 'UTC' };
+    const userMe = { id: 1, name: 'Admin', slug: 'admin', roles: ['administrator'] };
+    const postTypes = { post: { slug: 'post', name: 'Posts', rest_base: 'posts' } };
+    mockSuccess(siteInfo);
+    mockSuccess(userMe);
+    mockSuccess(postTypes);
+
+    const res = await call('wp_site_info');
+    const data = parseResult(res);
+    expect(data.plugin_layer).toBeDefined();
+    expect(data.plugin_layer.active).toContain('acf');
+    expect(data.plugin_layer.disabled_by_env).toBe(false);
+  });
+
+  it('plugin_layer.active is empty when no plugins detected', async () => {
+    // Registry is empty (cleared in beforeEach)
+    const siteInfo = { name: 'Test', description: 'A test', url: 'https://test.example.com', gmt_offset: 1, timezone_string: 'UTC' };
+    const userMe = { id: 1, name: 'Admin', slug: 'admin', roles: ['administrator'] };
+    const postTypes = { post: { slug: 'post', name: 'Posts', rest_base: 'posts' } };
+    mockSuccess(siteInfo);
+    mockSuccess(userMe);
+    mockSuccess(postTypes);
+
+    const res = await call('wp_site_info');
+    const data = parseResult(res);
+    expect(data.plugin_layer.active).toEqual([]);
+  });
+
+  it('none of the 86 core tools are overwritten by plugin tools', () => {
+    simulateAcfDetected();
+    const tools = getFilteredTools();
+    const names = tools.map(t => t.name);
+
+    // Check no duplicates
+    const unique = new Set(names);
+    expect(unique.size).toBe(names.length);
+  });
+});

package/tests/unit/plugins/acf/acfAdapter.test.js

@@ -0,0 +1,205 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
+import { acfAdapter } from '../../../../src/plugins/adapters/acf/acfAdapter.js';
+import { validateAdapter } from '../../../../src/plugins/IPluginAdapter.js';
+
+let consoleSpy;
+const envBackup = {};
+
+function saveEnv(...keys) {
+  keys.forEach(k => { envBackup[k] = process.env[k]; });
+}
+function restoreEnv() {
+  Object.entries(envBackup).forEach(([k, v]) => {
+    if (v === undefined) delete process.env[k];
+    else process.env[k] = v;
+  });
+}
+
+beforeEach(() => {
+  consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+  saveEnv('WP_READ_ONLY');
+});
+afterEach(() => {
+  consoleSpy.mockRestore();
+  restoreEnv();
+});
+
+// ── Helpers ──
+
+function parseResult(result) {
+  return JSON.parse(result?.content?.[0]?.text);
+}
+
+function getAuditLogs() {
+  return consoleSpy.mock.calls
+    .map(c => c[0])
+    .filter(m => typeof m === 'string' && m.startsWith('[AUDIT]'))
+    .map(m => JSON.parse(m.replace('[AUDIT] ', '')));
+}
+
+function mockApi(data, shouldThrow = false) {
+  if (shouldThrow) {
+    return async () => { throw new Error('WP API 404: Not Found'); };
+  }
+  return async () => data;
+}
+
+// ── Mock data ──
+
+const mockAcfFields = {
+  acf: {
+    hero_title: 'Welcome to our site',
+    hero_subtitle: 'The best place',
+    price: 29.99,
+    show_banner: true,
+    gallery: [{ url: 'https://example.com/img1.jpg' }, { url: 'https://example.com/img2.jpg' }],
+  },
+};
+
+const mockFieldGroups = [
+  {
+    id: 101,
+    title: { rendered: 'Hero Section' },
+    fields: [{ name: 'hero_title' }, { name: 'hero_subtitle' }],
+    location: [[{ param: 'post_type', operator: '==', value: 'page' }]],
+  },
+  {
+    id: 102,
+    title: { rendered: 'Product Info' },
+    fields: [{ name: 'price' }, { name: 'sku' }],
+    location: [[{ param: 'post_type', operator: '==', value: 'product' }]],
+  },
+];
+
+const mockFieldGroupDetail = {
+  id: 101,
+  title: { rendered: 'Hero Section' },
+  fields: [
+    { key: 'field_abc', name: 'hero_title', type: 'text', label: 'Hero Title' },
+    { key: 'field_def', name: 'hero_subtitle', type: 'text', label: 'Hero Subtitle' },
+  ],
+  location: [[{ param: 'post_type', operator: '==', value: 'page' }]],
+  active: true,
+};
+
+// =========================================================================
+// Tests
+// =========================================================================
+
+describe('ACF Adapter', () => {
+
+  // 1. validateAdapter
+  it('passes validateAdapter without errors', () => {
+    const { valid, errors } = validateAdapter(acfAdapter);
+    expect(valid).toBe(true);
+    expect(errors).toEqual([]);
+  });
+
+  // 2. acf_get_fields — success
+  it('acf_get_fields returns ACF fields for a post', async () => {
+    const tool = acfAdapter.getTools().find(t => t.name === 'acf_get_fields');
+    const result = await tool.handler({ id: 42, post_type: 'posts' }, mockApi(mockAcfFields));
+    const data = parseResult(result);
+    expect(data.id).toBe(42);
+    expect(data.acf.hero_title).toBe('Welcome to our site');
+    expect(data.acf.price).toBe(29.99);
+    expect(data.fields_count).toBe(5);
+  });
+
+  // 3. acf_get_fields — fields filter
+  it('acf_get_fields filters to requested keys only', async () => {
+    const tool = acfAdapter.getTools().find(t => t.name === 'acf_get_fields');
+    const result = await tool.handler(
+      { id: 42, fields: ['hero_title', 'price'] },
+      mockApi(mockAcfFields)
+    );
+    const data = parseResult(result);
+    expect(Object.keys(data.acf)).toEqual(['hero_title', 'price']);
+    expect(data.acf.hero_subtitle).toBeUndefined();
+    expect(data.fields_count).toBe(2);
+  });
+
+  // 4. acf_get_fields — contextGuard truncation
+  it('acf_get_fields applies contextGuard on large responses', async () => {
+    // Generate a response > 30000 chars
+    const bigFields = {};
+    for (let i = 0; i < 500; i++) {
+      bigFields[`field_${i}`] = 'x'.repeat(100);
+    }
+    const tool = acfAdapter.getTools().find(t => t.name === 'acf_get_fields');
+    const result = await tool.handler(
+      { id: 1, mode: 'compact' },
+      mockApi({ acf: bigFields })
+    );
+    const data = parseResult(result);
+    expect(data._truncated).toBe(true);
+    expect(data._original_size).toBeGreaterThan(30000);
+    expect(data._warning).toContain('truncated');
+  });
+
+  // 5. acf_get_fields — 404
+  it('acf_get_fields propagates 404 error', async () => {
+    const tool = acfAdapter.getTools().find(t => t.name === 'acf_get_fields');
+    await expect(
+      tool.handler({ id: 99999 }, mockApi(null, true))
+    ).rejects.toThrow('404');
+  });
+
+  // 6. acf_list_field_groups — success
+  it('acf_list_field_groups returns the list', async () => {
+    const tool = acfAdapter.getTools().find(t => t.name === 'acf_list_field_groups');
+    const result = await tool.handler({}, mockApi(mockFieldGroups));
+    const data = parseResult(result);
+    expect(data.total).toBe(2);
+    expect(data.field_groups[0].title).toBe('Hero Section');
+    expect(data.field_groups[0].fields).toEqual(['hero_title', 'hero_subtitle']);
+    expect(data.field_groups[1].id).toBe(102);
+  });
+
+  // 7. acf_get_field_group — success
+  it('acf_get_field_group returns full details', async () => {
+    const tool = acfAdapter.getTools().find(t => t.name === 'acf_get_field_group');
+    const result = await tool.handler({ id: 101 }, mockApi(mockFieldGroupDetail));
+    const data = parseResult(result);
+    expect(data.id).toBe(101);
+    expect(data.fields).toHaveLength(2);
+    expect(data.fields[0].name).toBe('hero_title');
+  });
+
+  // 8. acf_get_field_group — 404
+  it('acf_get_field_group propagates 404 error', async () => {
+    const tool = acfAdapter.getTools().find(t => t.name === 'acf_get_field_group');
+    await expect(
+      tool.handler({ id: 99999 }, mockApi(null, true))
+    ).rejects.toThrow('404');
+  });
+
+  // 9. None of the tools are write tools — not blocked by WP_READ_ONLY
+  it('none of the 3 tools appear in core writeTools list', () => {
+    const writeTools = [
+      'wp_create_post', 'wp_update_post', 'wp_delete_post', 'wp_create_page',
+      'wp_update_page', 'wp_upload_media', 'wp_create_comment',
+      'wp_create_taxonomy_term', 'wp_update_seo_meta', 'wp_activate_plugin',
+      'wp_deactivate_plugin', 'wp_restore_revision', 'wp_delete_revision',
+      'wp_submit_for_review', 'wp_approve_post', 'wp_reject_post',
+      'wc_update_product', 'wc_update_stock', 'wc_update_order_status',
+    ];
+    const acfToolNames = acfAdapter.getTools().map(t => t.name);
+    for (const n of acfToolNames) {
+      expect(writeTools).not.toContain(n);
+    }
+  });
+
+  // 10. Audit log format
+  it('acf_get_fields logs correct audit format to stderr', async () => {
+    const tool = acfAdapter.getTools().find(t => t.name === 'acf_get_fields');
+    await tool.handler({ id: 42, post_type: 'posts' }, mockApi(mockAcfFields));
+    const logs = getAuditLogs();
+    const entry = logs.find(l => l.tool === 'acf_get_fields');
+    expect(entry).toBeDefined();
+    expect(entry.action).toBe('read_acf_fields');
+    expect(entry.target).toBe(42);
+    expect(entry.status).toBe('success');
+    expect(typeof entry.latency_ms).toBe('number');
+  });
+});

package/tests/unit/plugins/acf/acfAdapter.write.test.js

@@ -0,0 +1,157 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
+import { acfAdapter } from '../../../../src/plugins/adapters/acf/acfAdapter.js';
+
+let consoleSpy;
+const envBackup = {};
+
+function saveEnv(...keys) {
+  keys.forEach(k => { envBackup[k] = process.env[k]; });
+}
+function restoreEnv() {
+  Object.entries(envBackup).forEach(([k, v]) => {
+    if (v === undefined) delete process.env[k];
+    else process.env[k] = v;
+  });
+}
+
+beforeEach(() => {
+  consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+  saveEnv('WP_READ_ONLY');
+  delete process.env.WP_READ_ONLY;
+});
+afterEach(() => {
+  consoleSpy.mockRestore();
+  restoreEnv();
+});
+
+// ── Helpers ──
+
+function parseResult(result) {
+  return JSON.parse(result?.content?.[0]?.text);
+}
+
+function getAuditLogs() {
+  return consoleSpy.mock.calls
+    .map(c => c[0])
+    .filter(m => typeof m === 'string' && m.startsWith('[AUDIT]'))
+    .map(m => JSON.parse(m.replace('[AUDIT] ', '')));
+}
+
+function mockApi(data, shouldThrow = false) {
+  if (shouldThrow) {
+    return async () => { throw new Error('WP API 404: Not Found'); };
+  }
+  return async () => data;
+}
+
+function mockApi403() {
+  return async () => { throw new Error('WP API 403: Forbidden'); };
+}
+
+// ── Mock data ──
+
+const mockUpdatedResponse = {
+  acf: {
+    hero_title: 'New Title',
+    price: 49.99,
+  },
+};
+
+// =========================================================================
+// Tests
+// =========================================================================
+
+describe('ACF Adapter — acf_update_fields (write)', () => {
+  const getTool = () => acfAdapter.getTools().find(t => t.name === 'acf_update_fields');
+
+  // 1. Update réussi → retourne les champs mis à jour
+  it('successful update returns updated fields', async () => {
+    const tool = getTool();
+    const result = await tool.handler(
+      { id: 42, post_type: 'posts', fields: { hero_title: 'New Title', price: 49.99 } },
+      mockApi(mockUpdatedResponse)
+    );
+    const data = parseResult(result);
+    expect(data.id).toBe(42);
+    expect(data.post_type).toBe('posts');
+    expect(data.updated_fields.hero_title).toBe('New Title');
+    expect(data.updated_fields.price).toBe(49.99);
+  });
+
+  // 2. WP_READ_ONLY=true → bloqué, status "blocked" dans le log
+  it('blocked when WP_READ_ONLY=true', async () => {
+    process.env.WP_READ_ONLY = 'true';
+    const tool = getTool();
+    const result = await tool.handler(
+      { id: 42, fields: { hero_title: 'New' } },
+      mockApi(mockUpdatedResponse)
+    );
+    const data = parseResult(result);
+    expect(data.error).toContain('READ-ONLY');
+
+    const logs = getAuditLogs();
+    const entry = logs.find(l => l.tool === 'acf_update_fields');
+    expect(entry.status).toBe('blocked');
+  });
+
+  // 3. WP_READ_ONLY=false → exécution normale
+  it('executes normally when WP_READ_ONLY is not set', async () => {
+    delete process.env.WP_READ_ONLY;
+    const tool = getTool();
+    const result = await tool.handler(
+      { id: 10, fields: { price: 99 } },
+      mockApi({ acf: { price: 99 } })
+    );
+    const data = parseResult(result);
+    expect(data.updated_fields.price).toBe(99);
+    expect(data.id).toBe(10);
+  });
+
+  // 4. id invalide (string) → erreur validation
+  it('rejects non-integer id', async () => {
+    const tool = getTool();
+    await expect(
+      tool.handler({ id: 'abc', fields: { x: 1 } }, mockApi({}))
+    ).rejects.toThrow('Validation error');
+  });
+
+  // 5. fields vide {} → erreur
+  it('rejects empty fields object', async () => {
+    const tool = getTool();
+    await expect(
+      tool.handler({ id: 42, fields: {} }, mockApi({}))
+    ).rejects.toThrow('Validation error');
+  });
+
+  // 6. 404 post not found → erreur propre
+  it('propagates 404 error', async () => {
+    const tool = getTool();
+    await expect(
+      tool.handler({ id: 99999, fields: { x: 1 } }, mockApi(null, true))
+    ).rejects.toThrow('404');
+  });
+
+  // 7. 403 permission denied → erreur propre
+  it('propagates 403 permission error', async () => {
+    const tool = getTool();
+    await expect(
+      tool.handler({ id: 42, fields: { x: 1 } }, mockApi403())
+    ).rejects.toThrow('403');
+  });
+
+  // 8. Audit log format correct
+  it('logs correct audit format with action update_acf_fields', async () => {
+    const tool = getTool();
+    await tool.handler(
+      { id: 42, post_type: 'posts', fields: { hero_title: 'Updated' } },
+      mockApi(mockUpdatedResponse)
+    );
+    const logs = getAuditLogs();
+    const entry = logs.find(l => l.tool === 'acf_update_fields');
+    expect(entry).toBeDefined();
+    expect(entry.action).toBe('update_acf_fields');
+    expect(entry.target).toBe(42);
+    expect(entry.status).toBe('success');
+    expect(typeof entry.latency_ms).toBe('number');
+  });
+});

package/tests/unit/plugins/contextGuard.test.js

@@ -0,0 +1,51 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
+import { applyContextGuard } from '../../../src/plugins/contextGuard.js';
+
+let consoleSpy;
+
+beforeEach(() => {
+  consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+});
+afterEach(() => {
+  consoleSpy.mockRestore();
+});
+
+describe('applyContextGuard', () => {
+  it('returns data intact when below threshold', () => {
+    const data = { title: 'Hello', items: [1, 2, 3] };
+    const result = applyContextGuard(data, { toolName: 'test_tool', maxChars: 50000 });
+    expect(result).toEqual(data);
+  });
+
+  it('truncates and adds _truncated when above threshold', () => {
+    const bigArray = Array.from({ length: 5000 }, (_, i) => ({ id: i, label: `item-${i}-padding-data` }));
+    const result = applyContextGuard(bigArray, { toolName: 'test_tool', maxChars: 500 });
+    expect(result._truncated).toBe(true);
+    expect(result._original_size).toBeGreaterThan(500);
+    expect(typeof result._warning).toBe('string');
+    expect(result.data).toBeDefined();
+  });
+
+  it('does NOT truncate when mode is "raw" even if above threshold', () => {
+    const bigArray = Array.from({ length: 5000 }, (_, i) => ({ id: i, label: `item-${i}-padding-data` }));
+    const result = applyContextGuard(bigArray, { toolName: 'test_tool', mode: 'raw', maxChars: 500 });
+    expect(result._truncated).toBeUndefined();
+    expect(Array.isArray(result)).toBe(true);
+    expect(result.length).toBe(5000);
+  });
+
+  it('logs correct format to stderr on truncation', () => {
+    const bigArray = Array.from({ length: 5000 }, (_, i) => ({ id: i, label: `item-${i}-padding-data` }));
+    applyContextGuard(bigArray, { toolName: 'elementor_get_page', maxChars: 500 });
+
+    const logCalls = consoleSpy.mock.calls.map(c => c[0]).filter(m => typeof m === 'string');
+    const overflow = logCalls.find(m => m.includes('context_overflow'));
+    expect(overflow).toBeDefined();
+    const parsed = JSON.parse(overflow);
+    expect(parsed.tool).toBe('elementor_get_page');
+    expect(parsed.event).toBe('context_overflow');
+    expect(parsed.truncated).toBe(true);
+    expect(typeof parsed.size_chars).toBe('number');
+    expect(parsed.max_chars).toBe(500);
+  });
+});