@adsim/wordpress-mcp-server 4.6.0 → 5.1.0

package/src/tools/plugins.js

@@ -0,0 +1,368 @@
+// src/tools/plugins.js — plugins tools (9)
+// Definitions + handlers (v5.0.0 refactor Step B+C)
+
+import { json, strip } from '../shared/utils.js';
+import { validateInput } from '../shared/governance.js';
+import { rt } from '../shared/context.js';
+
+export const definitions = [
+  { name: 'wp_list_plugins', _category: 'plugins', description: 'Use to list installed plugins with status and version. Requires Administrator role. Read-only. Hint: use mode=\'summary\' for listings, \'ids_only\' for batch ops.',
+        inputSchema: { type: 'object', properties: { search: { type: 'string' }, status: { type: 'string', enum: ['active', 'inactive', 'all'], default: 'all' }, per_page: { type: 'number', default: 20 }, mode: { type: 'string', enum: ['full', 'summary', 'ids_only'], default: 'full', description: 'full=all fields, summary=key fields only, ids_only=flat ID array' } }}},
+  { name: 'wp_activate_plugin', _category: 'plugins', description: 'Use to activate a plugin. Write — blocked by WP_READ_ONLY, WP_DISABLE_PLUGIN_MANAGEMENT.',
+        inputSchema: { type: 'object', properties: { plugin: { type: 'string', description: 'Plugin slug/file (e.g. "akismet/akismet.php"). Use wp_list_plugins to find the correct value.' } }, required: ['plugin'] }},
+  { name: 'wp_deactivate_plugin', _category: 'plugins', description: 'Use to deactivate a plugin. Write — blocked by WP_READ_ONLY, WP_DISABLE_PLUGIN_MANAGEMENT.',
+        inputSchema: { type: 'object', properties: { plugin: { type: 'string', description: 'Plugin slug/file (e.g. "akismet/akismet.php"). Use wp_list_plugins to find the correct value.' } }, required: ['plugin'] }},
+  { name: 'wp_list_themes', _category: 'plugins', description: 'Use to list installed themes with active theme detection. Read-only. Hint: use mode=\'summary\' for listings, \'ids_only\' for batch ops.',
+        inputSchema: { type: 'object', properties: { status: { type: 'string', enum: ['active', 'inactive', 'all'], default: 'all' }, per_page: { type: 'number', default: 20 }, mode: { type: 'string', enum: ['full', 'summary', 'ids_only'], default: 'full', description: 'full=all fields, summary=key fields only, ids_only=flat ID array' } }}},
+  { name: 'wp_get_theme', _category: 'plugins', description: 'Use to get theme details by stylesheet slug. Read-only.',
+        inputSchema: { type: 'object', properties: { stylesheet: { type: 'string', description: 'Theme stylesheet slug (e.g. "twentytwentyfour"). Use wp_list_themes to find the correct value.' } }, required: ['stylesheet'] }},
+  { name: 'wp_list_revisions', _category: 'plugins', description: 'Use to list revisions of a post or page (metadata only). Read-only. Hint: use mode=\'summary\' for listings, \'ids_only\' for batch ops.',
+        inputSchema: { type: 'object', properties: { post_id: { type: 'number' }, post_type: { type: 'string', enum: ['post', 'page'], default: 'post' }, per_page: { type: 'number', default: 10 }, mode: { type: 'string', enum: ['full', 'summary', 'ids_only'], default: 'full', description: 'full=all fields, summary=key fields only, ids_only=flat ID array' } }, required: ['post_id'] }},
+  { name: 'wp_get_revision', _category: 'plugins', description: 'Use to read a specific revision with full content. Read-only.',
+        inputSchema: { type: 'object', properties: { post_id: { type: 'number' }, revision_id: { type: 'number' }, post_type: { type: 'string', enum: ['post', 'page'], default: 'post' } }, required: ['post_id', 'revision_id'] }},
+  { name: 'wp_restore_revision', _category: 'plugins', description: 'Use to restore a post to a previous revision. Write — blocked by WP_READ_ONLY.',
+        inputSchema: { type: 'object', properties: { post_id: { type: 'number' }, revision_id: { type: 'number' }, post_type: { type: 'string', enum: ['post', 'page'], default: 'post' } }, required: ['post_id', 'revision_id'] }},
+  { name: 'wp_delete_revision', _category: 'plugins', description: 'Use to permanently delete a revision. Write — blocked by WP_READ_ONLY, WP_DISABLE_DELETE, WP_CONFIRM_DESTRUCTIVE.',
+    inputSchema: { type: 'object', properties: { post_id: { type: 'number' }, revision_id: { type: 'number' }, post_type: { type: 'string', enum: ['post', 'page'], default: 'post' }, confirmation_token: { type: 'string', description: 'Confirmation token returned by the first call when WP_CONFIRM_DESTRUCTIVE=true' } }, required: ['post_id', 'revision_id'] }}
+];
+
+export const handlers = {};
+
+handlers['wp_list_plugins'] = async (args) => {
+  const t0 = Date.now();
+  let result;
+  const { wpApiCall, auditLog, name } = rt;
+  validateInput(args, {
+    search: { type: 'string' },
+    status: { type: 'string', enum: ['active', 'inactive', 'all'] },
+    per_page: { type: 'number', min: 1, max: 100 },
+    mode: { type: 'string', enum: ['full', 'summary', 'ids_only'] }
+  });
+  const { search, status = 'all', per_page = 20, mode = 'full' } = args;
+  let ep = `/plugins?per_page=${per_page}&context=edit`;
+  if (search) ep += `&search=${encodeURIComponent(search)}`;
+  if (status && status !== 'all') ep += `&status=${status}`;
+
+  try {
+    const plugins = await wpApiCall(ep);
+    if (mode === 'ids_only') {
+      result = json({ total: plugins.length, mode: 'ids_only', ids: plugins.map(p => p.plugin) });
+      auditLog({ tool: name, action: 'list', target_type: 'plugin', status: 'success', latency_ms: Date.now() - t0, params: { search, status, per_page } });
+      return result;
+    }
+    const mapped = plugins.map(p => ({
+      plugin: p.plugin,
+      name: p.name,
+      version: p.version,
+      status: p.status,
+      author: p.author?.rendered ?? p.author ?? '',
+      description: p.description?.rendered ? strip(p.description.rendered) : '',
+      plugin_uri: p.plugin_uri ?? '',
+      requires_wp: p.requires_wp ?? '',
+      requires_php: p.requires_php ?? '',
+      network_only: p.network_only ?? false,
+      textdomain: p.textdomain ?? ''
+    }));
+    if (mode === 'summary') {
+      result = json({ total: mapped.length, mode: 'summary', plugins: mapped.map(p => ({ plugin: p.plugin, name: p.name, status: p.status, version: p.version })) });
+      auditLog({ tool: name, action: 'list', target_type: 'plugin', status: 'success', latency_ms: Date.now() - t0, params: { search, status, per_page } });
+      return result;
+    }
+    const activeCount = mapped.filter(p => p.status === 'active').length;
+    const inactiveCount = mapped.filter(p => p.status === 'inactive').length;
+    result = json({ total: mapped.length, active: activeCount, inactive: inactiveCount, plugins: mapped });
+    auditLog({ tool: name, action: 'list', target_type: 'plugin', status: 'success', latency_ms: Date.now() - t0, params: { search, status, per_page } });
+  } catch (pluginError) {
+    const is403 = pluginError.message && (pluginError.message.includes('403') || pluginError.message.includes('Forbidden'));
+    auditLog({ tool: name, action: 'list', target_type: 'plugin', status: 'error', latency_ms: Date.now() - t0, error: is403 ? 'Insufficient permissions' : pluginError.message, params: { search, status } });
+    if (is403) {
+      return { content: [{ type: 'text', text: 'Error: Access denied. wp_list_plugins requires Administrator role with activate_plugins capability. The current WordPress user does not have sufficient permissions to access the /wp/v2/plugins endpoint.' }], isError: true };
+    }
+    throw pluginError;
+  }
+  return result;
+};
+handlers['wp_activate_plugin'] = async (args) => {
+  const t0 = Date.now();
+  let result;
+  const { wpApiCall, auditLog, name } = rt;
+  validateInput(args, { plugin: { type: 'string', required: true } });
+  const { plugin } = args;
+  const encodedPlugin = encodeURIComponent(plugin);
+  try {
+    const p = await wpApiCall(`/plugins/${encodedPlugin}`, { method: 'POST', body: JSON.stringify({ status: 'active' }) });
+    result = json({ success: true, message: `Plugin activated: ${p.name || plugin}`, plugin: { plugin: p.plugin, name: p.name, version: p.version, status: p.status } });
+    auditLog({ tool: name, action: 'activate', target: plugin, target_type: 'plugin', status: 'success', latency_ms: Date.now() - t0 });
+  } catch (pluginError) {
+    const is403 = pluginError.message && (pluginError.message.includes('403') || pluginError.message.includes('Forbidden'));
+    const is404 = pluginError.message && (pluginError.message.includes('404') || pluginError.message.includes('Not Found'));
+    auditLog({ tool: name, action: 'activate', target: plugin, target_type: 'plugin', status: 'error', latency_ms: Date.now() - t0, error: is403 ? 'Insufficient permissions' : pluginError.message });
+    if (is403) return { content: [{ type: 'text', text: 'Error: Access denied. wp_activate_plugin requires Administrator role with activate_plugins capability.' }], isError: true };
+    if (is404) return { content: [{ type: 'text', text: 'Error: Plugin not found. Use wp_list_plugins to get the correct plugin slug.' }], isError: true };
+    throw pluginError;
+  }
+  return result;
+};
+handlers['wp_deactivate_plugin'] = async (args) => {
+  const t0 = Date.now();
+  let result;
+  const { wpApiCall, auditLog, name } = rt;
+  validateInput(args, { plugin: { type: 'string', required: true } });
+  const { plugin } = args;
+  const encodedPlugin = encodeURIComponent(plugin);
+  try {
+    const p = await wpApiCall(`/plugins/${encodedPlugin}`, { method: 'POST', body: JSON.stringify({ status: 'inactive' }) });
+    result = json({ success: true, message: `Plugin deactivated: ${p.name || plugin}`, plugin: { plugin: p.plugin, name: p.name, version: p.version, status: p.status } });
+    auditLog({ tool: name, action: 'deactivate', target: plugin, target_type: 'plugin', status: 'success', latency_ms: Date.now() - t0 });
+  } catch (pluginError) {
+    const is403 = pluginError.message && (pluginError.message.includes('403') || pluginError.message.includes('Forbidden'));
+    const is404 = pluginError.message && (pluginError.message.includes('404') || pluginError.message.includes('Not Found'));
+    auditLog({ tool: name, action: 'deactivate', target: plugin, target_type: 'plugin', status: 'error', latency_ms: Date.now() - t0, error: is403 ? 'Insufficient permissions' : pluginError.message });
+    if (is403) return { content: [{ type: 'text', text: 'Error: Access denied. wp_deactivate_plugin requires Administrator role with activate_plugins capability.' }], isError: true };
+    if (is404) return { content: [{ type: 'text', text: 'Error: Plugin not found. Use wp_list_plugins to get the correct plugin slug.' }], isError: true };
+    throw pluginError;
+  }
+  return result;
+};
+handlers['wp_list_themes'] = async (args) => {
+  const t0 = Date.now();
+  let result;
+  const { wpApiCall, auditLog, name } = rt;
+  validateInput(args, {
+    status: { type: 'string', enum: ['active', 'inactive', 'all'] },
+    per_page: { type: 'number', min: 1, max: 100 },
+    mode: { type: 'string', enum: ['full', 'summary', 'ids_only'] }
+  });
+  const { status = 'all', per_page = 20, mode = 'full' } = args;
+  let ep = `/themes?per_page=${per_page}&context=edit`;
+  if (status && status !== 'all') ep += `&status=${status}`;
+  try {
+    const themes = await wpApiCall(ep);
+    if (mode === 'ids_only') {
+      result = json({ total: themes.length, mode: 'ids_only', ids: themes.map(t => t.stylesheet) });
+      auditLog({ tool: name, action: 'list', target_type: 'theme', status: 'success', latency_ms: Date.now() - t0, params: { status, per_page } });
+      return result;
+    }
+    const mapped = themes.map(t => ({
+      stylesheet: t.stylesheet,
+      template: t.template,
+      name: t.name?.rendered ?? t.name ?? '',
+      description: t.description?.rendered ? strip(t.description.rendered) : '',
+      status: t.status,
+      version: t.version ?? '',
+      author: t.author?.rendered ?? t.author ?? '',
+      author_uri: t.author_uri ?? '',
+      theme_uri: t.theme_uri ?? '',
+      requires_wp: t.requires_wp ?? '',
+      requires_php: t.requires_php ?? '',
+      tags: t.tags?.rendered ?? t.tags ?? []
+    }));
+    if (mode === 'summary') {
+      result = json({ total: mapped.length, mode: 'summary', themes: mapped.map(t => ({ stylesheet: t.stylesheet, name: t.name, status: t.status, version: t.version })) });
+      auditLog({ tool: name, action: 'list', target_type: 'theme', status: 'success', latency_ms: Date.now() - t0, params: { status, per_page } });
+      return result;
+    }
+    const activeTheme = mapped.find(t => t.status === 'active');
+    result = json({ total: mapped.length, active_theme: activeTheme ? activeTheme.name : null, themes: mapped });
+    auditLog({ tool: name, action: 'list', target_type: 'theme', status: 'success', latency_ms: Date.now() - t0, params: { status, per_page } });
+  } catch (themeError) {
+    const is403 = themeError.message && (themeError.message.includes('403') || themeError.message.includes('Forbidden'));
+    auditLog({ tool: name, action: 'list', target_type: 'theme', status: 'error', latency_ms: Date.now() - t0, error: is403 ? 'Insufficient permissions' : themeError.message, params: { status } });
+    if (is403) return { content: [{ type: 'text', text: 'Error: Access denied. wp_list_themes requires switch_themes capability (Administrator or Editor role).' }], isError: true };
+    throw themeError;
+  }
+  return result;
+};
+handlers['wp_get_theme'] = async (args) => {
+  const t0 = Date.now();
+  let result;
+  const { wpApiCall, auditLog, name } = rt;
+  validateInput(args, { stylesheet: { type: 'string', required: true } });
+  const { stylesheet } = args;
+  try {
+    const t = await wpApiCall(`/themes/${encodeURIComponent(stylesheet)}?context=edit`);
+    result = json({
+      stylesheet: t.stylesheet,
+      template: t.template,
+      name: t.name?.rendered ?? t.name ?? '',
+      description: t.description?.rendered ? strip(t.description.rendered) : '',
+      status: t.status,
+      version: t.version ?? '',
+      author: t.author?.rendered ?? t.author ?? '',
+      author_uri: t.author_uri ?? '',
+      theme_uri: t.theme_uri ?? '',
+      requires_wp: t.requires_wp ?? '',
+      requires_php: t.requires_php ?? '',
+      tags: t.tags?.rendered ?? t.tags ?? []
+    });
+    auditLog({ tool: name, target: stylesheet, target_type: 'theme', action: 'read', status: 'success', latency_ms: Date.now() - t0 });
+  } catch (themeError) {
+    const is403 = themeError.message && (themeError.message.includes('403') || themeError.message.includes('Forbidden'));
+    const is404 = themeError.message && (themeError.message.includes('404') || themeError.message.includes('Not Found'));
+    auditLog({ tool: name, target: stylesheet, target_type: 'theme', action: 'read', status: 'error', latency_ms: Date.now() - t0, error: themeError.message });
+    if (is404) return { content: [{ type: 'text', text: 'Error: Theme not found. Use wp_list_themes to get the correct stylesheet slug.' }], isError: true };
+    if (is403) return { content: [{ type: 'text', text: 'Error: Access denied. wp_get_theme requires switch_themes capability (Administrator or Editor role).' }], isError: true };
+    throw themeError;
+  }
+  return result;
+};
+handlers['wp_list_revisions'] = async (args) => {
+  const t0 = Date.now();
+  let result;
+  const { wpApiCall, auditLog, name } = rt;
+  validateInput(args, {
+    post_id: { type: 'number', required: true, min: 1 },
+    post_type: { type: 'string', enum: ['post', 'page'] },
+    per_page: { type: 'number', min: 1, max: 100 },
+    mode: { type: 'string', enum: ['full', 'summary', 'ids_only'] }
+  });
+  const { post_id, post_type = 'post', per_page = 10, mode = 'full' } = args;
+  const base = post_type === 'page' ? 'pages' : 'posts';
+  try {
+    const revisions = await wpApiCall(`/${base}/${post_id}/revisions?per_page=${per_page}&context=edit`);
+    if (mode === 'ids_only') {
+      result = json({ total: revisions.length, post_id, post_type, mode: 'ids_only', ids: revisions.map(r => r.id) });
+      auditLog({ tool: name, action: 'list', target: post_id, target_type: 'revision', status: 'success', latency_ms: Date.now() - t0, params: { post_type, per_page } });
+      return result;
+    }
+    if (mode === 'summary') {
+      result = json({ total: revisions.length, post_id, post_type, mode: 'summary', revisions: revisions.map(r => ({ id: r.id, date: r.date, author: r.author })) });
+      auditLog({ tool: name, action: 'list', target: post_id, target_type: 'revision', status: 'success', latency_ms: Date.now() - t0, params: { post_type, per_page } });
+      return result;
+    }
+    result = json({
+      total: revisions.length,
+      post_id,
+      post_type,
+      note: 'Use wp_get_revision to read content of a specific revision',
+      revisions: revisions.map(r => ({
+        id: r.id,
+        parent: r.parent,
+        date: r.date,
+        date_gmt: r.date_gmt,
+        modified: r.modified,
+        modified_gmt: r.modified_gmt,
+        author: r.author,
+        title: r.title?.rendered ?? '',
+        excerpt: r.excerpt?.rendered ? strip(r.excerpt.rendered) : '',
+        slug: r.slug
+      }))
+    });
+    auditLog({ tool: name, action: 'list', target: post_id, target_type: 'revision', status: 'success', latency_ms: Date.now() - t0, params: { post_type, per_page } });
+  } catch (revError) {
+    const is404 = revError.message && (revError.message.includes('404') || revError.message.includes('Not Found'));
+    auditLog({ tool: name, action: 'list', target: post_id, target_type: 'revision', status: 'error', latency_ms: Date.now() - t0, error: revError.message });
+    if (is404) return { content: [{ type: 'text', text: 'Error: Post not found or no revisions available. Revisions require autosave to be enabled.' }], isError: true };
+    throw revError;
+  }
+  return result;
+};
+handlers['wp_get_revision'] = async (args) => {
+  const t0 = Date.now();
+  let result;
+  const { wpApiCall, auditLog, name } = rt;
+  validateInput(args, {
+    post_id: { type: 'number', required: true, min: 1 },
+    revision_id: { type: 'number', required: true, min: 1 },
+    post_type: { type: 'string', enum: ['post', 'page'] }
+  });
+  const { post_id, revision_id, post_type = 'post' } = args;
+  const base = post_type === 'page' ? 'pages' : 'posts';
+  try {
+    const r = await wpApiCall(`/${base}/${post_id}/revisions/${revision_id}?context=edit`);
+    result = json({
+      id: r.id,
+      parent: r.parent,
+      date: r.date,
+      author: r.author,
+      title: r.title?.rendered ?? '',
+      content: r.content?.rendered ?? '',
+      excerpt: r.excerpt?.rendered ?? ''
+    });
+    auditLog({ tool: name, action: 'read', target: revision_id, target_type: 'revision', status: 'success', latency_ms: Date.now() - t0, params: { post_id, post_type } });
+  } catch (revError) {
+    const is404 = revError.message && (revError.message.includes('404') || revError.message.includes('Not Found'));
+    auditLog({ tool: name, action: 'read', target: revision_id, target_type: 'revision', status: 'error', latency_ms: Date.now() - t0, error: revError.message });
+    if (is404) return { content: [{ type: 'text', text: 'Error: Revision not found. Use wp_list_revisions to get valid revision IDs for this post.' }], isError: true };
+    throw revError;
+  }
+  return result;
+};
+handlers['wp_restore_revision'] = async (args) => {
+  const t0 = Date.now();
+  let result;
+  const { wpApiCall, auditLog, name } = rt;
+  validateInput(args, {
+    post_id: { type: 'number', required: true, min: 1 },
+    revision_id: { type: 'number', required: true, min: 1 },
+    post_type: { type: 'string', enum: ['post', 'page'] }
+  });
+  const { post_id, revision_id, post_type = 'post' } = args;
+  const base = post_type === 'page' ? 'pages' : 'posts';
+
+  // Step 1: Read the revision
+  let revData;
+  try {
+    revData = await wpApiCall(`/${base}/${post_id}/revisions/${revision_id}?context=edit`);
+    auditLog({ tool: name, action: 'read', target: revision_id, target_type: 'revision', status: 'success', latency_ms: Date.now() - t0, params: { post_id, post_type } });
+  } catch (readError) {
+    const is404 = readError.message && (readError.message.includes('404') || readError.message.includes('Not Found'));
+    auditLog({ tool: name, action: 'read', target: revision_id, target_type: 'revision', status: 'error', latency_ms: Date.now() - t0, error: readError.message });
+    if (is404) return { content: [{ type: 'text', text: 'Error: Revision not found. Use wp_list_revisions to get valid revision IDs.' }], isError: true };
+    throw readError;
+  }
+
+  // Step 2: Update the post with revision content
+  const revTitle = revData.title?.raw ?? revData.title?.rendered ?? '';
+  const revContent = revData.content?.raw ?? revData.content?.rendered ?? '';
+  try {
+    await wpApiCall(`/${base}/${post_id}`, { method: 'POST', body: JSON.stringify({ title: revTitle, content: revContent }) });
+    result = json({ restored: true, post_id, revision_id, post_type, title: revTitle, note: `Post content restored from revision ${revision_id}` });
+    auditLog({ tool: name, action: 'restore', target: post_id, target_type: post_type, status: 'success', latency_ms: Date.now() - t0, params: { revision_id } });
+  } catch (writeError) {
+    auditLog({ tool: name, action: 'restore', target: post_id, target_type: post_type, status: 'error', latency_ms: Date.now() - t0, error: writeError.message, params: { revision_id } });
+    throw writeError;
+  }
+  return result;
+};
+handlers['wp_delete_revision'] = async (args) => {
+  const t0 = Date.now();
+  let result;
+  const { wpApiCall, getActiveControls, generateToken, validateToken, auditLog, name } = rt;
+  validateInput(args, {
+    post_id: { type: 'number', required: true, min: 1 },
+    revision_id: { type: 'number', required: true, min: 1 },
+    post_type: { type: 'string', enum: ['post', 'page'] }
+  });
+  const { post_id, revision_id, post_type = 'post', confirmation_token } = args;
+  const base = post_type === 'page' ? 'pages' : 'posts';
+
+  // Two-step confirmation when WP_CONFIRM_DESTRUCTIVE=true
+  if (getActiveControls().confirm_destructive) {
+    if (!confirmation_token) {
+      const token = generateToken(revision_id, 'delete_revision');
+      result = json({ status: 'confirmation_required', revision_id, post_id, action: 'delete_revision', confirmation_token: token, expires_in: 60, message: `Revision #${revision_id} of post #${post_id} will be permanently deleted. Call again with confirmation_token to confirm.` });
+      auditLog({ tool: name, target: revision_id, target_type: 'revision', action: 'delete_requested', status: 'pending', latency_ms: Date.now() - t0, params: { post_id, revision_id } });
+      return result;
+    }
+    const validation = validateToken(confirmation_token, revision_id, 'delete_revision');
+    if (!validation.valid) {
+      auditLog({ tool: name, target: revision_id, target_type: 'revision', action: 'delete_revision', status: 'error', latency_ms: Date.now() - t0, params: { post_id, revision_id }, error: 'Invalid or expired confirmation token' });
+      return { content: [{ type: 'text', text: 'Error: Invalid or expired confirmation token' }], isError: true };
+    }
+  }
+
+  try {
+    await wpApiCall(`/${base}/${post_id}/revisions/${revision_id}?force=true`, { method: 'DELETE' });
+    result = json({ deleted: true, revision_id, post_id, post_type });
+    auditLog({ tool: name, action: 'permanent_delete', target: revision_id, target_type: 'revision', status: 'success', latency_ms: Date.now() - t0, params: { post_id, post_type } });
+  } catch (delError) {
+    const is403 = delError.message && (delError.message.includes('403') || delError.message.includes('Forbidden'));
+    const is404 = delError.message && (delError.message.includes('404') || delError.message.includes('Not Found'));
+    auditLog({ tool: name, action: 'permanent_delete', target: revision_id, target_type: 'revision', status: 'error', latency_ms: Date.now() - t0, error: delError.message, params: { post_id } });
+    if (is404) return { content: [{ type: 'text', text: 'Error: Revision not found. Use wp_list_revisions to get valid revision IDs.' }], isError: true };
+    if (is403) return { content: [{ type: 'text', text: 'Error: Insufficient permissions to delete revisions (delete_posts capability required).' }], isError: true };
+    throw delError;
+  }
+  return result;
+};