@diviops/mcp-server 0.2.20 → 0.2.21

package/README.md

@@ -32,31 +32,33 @@ Go to **WP Admin -> Users -> Your Profile -> Application Passwords**:
 ### 3. Configure Claude Code
 
 ```bash
-claude mcp add diviops-mcp -- env \
-  WP_URL=http://your-site.local \
-  WP_USER=your-wp-username \
-  WP_APP_PASSWORD=xxxxXXXXxxxxXXXXxxxxXXXX \
-  npx @diviops/mcp-server
+claude mcp add diviops-mcp \
+  --env WP_URL=http://your-site.local \
+  --env WP_USER=your-wp-username \
+  --env WP_APP_PASSWORD=xxxxXXXXxxxxXXXXxxxxXXXX \
+  -- npx @diviops/mcp-server
 ```
 
+> **Use `--env` flags, not the `env` command.** Claude Code's native `--env KEY=VALUE` flags survive copy-paste; the older `-- env KEY=VALUE` form (piping through unix `env`) breaks silently when any value contains a space. Quote any value with spaces (e.g. `--env "WP_PATH=/Users/you/Local Sites/site/app/public"`) — no backslash escaping needed inside quotes.
+
 **With WP-CLI** (optional — enables `diviops_wp_cli` tool):
 ```bash
-claude mcp add diviops-mcp -- env \
-  WP_URL=http://your-site.local \
-  WP_USER=your-wp-username \
-  WP_APP_PASSWORD=xxxxXXXXxxxxXXXXxxxxXXXX \
-  WP_PATH="/path/to/wordpress" \
-  npx @diviops/mcp-server
+claude mcp add diviops-mcp \
+  --env WP_URL=http://your-site.local \
+  --env WP_USER=your-wp-username \
+  --env WP_APP_PASSWORD=xxxxXXXXxxxxXXXXxxxxXXXX \
+  --env "WP_PATH=/path/to/wordpress" \
+  -- npx @diviops/mcp-server
 ```
 
 **With Docker-based WP-CLI** (optional — uses a custom command prefix):
 ```bash
-claude mcp add diviops-mcp -- env \
-  WP_URL=https://site-name.ddev.site \
-  WP_USER=your-wp-username \
-  WP_APP_PASSWORD=xxxxXXXXxxxxXXXXxxxxXXXX \
-  WP_CLI_CMD="ddev wp" \
-  npx @diviops/mcp-server
+claude mcp add diviops-mcp \
+  --env WP_URL=https://site-name.ddev.site \
+  --env WP_USER=your-wp-username \
+  --env WP_APP_PASSWORD=xxxxXXXXxxxxXXXXxxxxXXXX \
+  --env "WP_CLI_CMD=ddev wp" \
+  -- npx @diviops/mcp-server
 ```
 
 ### Environment Variables
@@ -186,6 +188,7 @@ These commands carry higher risk and require explicit opt-in via the `DIVIOPS_WP
 | Command | Risk | Why opt-in |
 |---------|------|------------|
 | `option update` | High | Can change site URL, admin email, or security settings |
+| `option delete` | High | Permanently removes a WP option (no undo) |
 | `post delete` | Medium | Permanently removes content |
 | `post meta delete` | Medium | Removes metadata |
 | `term delete` | Medium | Permanently removes taxonomy terms |
@@ -198,17 +201,29 @@ These commands carry higher risk and require explicit opt-in via the `DIVIOPS_WP
 To enable extended commands, add `DIVIOPS_WP_CLI_ALLOW` to your MCP registration:
 
 ```bash
-claude mcp add diviops-mcp -- env \
-  WP_URL=http://your-site.local \
-  WP_USER=admin \
-  WP_APP_PASSWORD=xxxx \
-  WP_PATH="/path/to/wordpress" \
-  DIVIOPS_WP_CLI_ALLOW="option update,post delete,search-replace" \
-  npx @diviops/mcp-server
+claude mcp add diviops-mcp \
+  --env WP_URL=http://your-site.local \
+  --env WP_USER=admin \
+  --env WP_APP_PASSWORD=xxxx \
+  --env "WP_PATH=/path/to/wordpress" \
+  --env "DIVIOPS_WP_CLI_ALLOW=option update,post delete,search-replace" \
+  -- npx @diviops/mcp-server
 ```
 
 Only list the specific commands you need. Unknown entries are ignored with a warning.
 
+#### Wildcard / "god-mode" (local dev only)
+
+For trusted local-dev environments where you don't want to re-list every extended command per site, the values `*` and `all` grant the full extended set:
+
+```bash
+--env "DIVIOPS_WP_CLI_ALLOW=*"
+```
+
+The sentinel grants exactly the extended set above — it does NOT unlock anything beyond it (notably: `db query` stays out by design). The server emits a startup warning to stderr whenever the wildcard is active, so the broad grant is never silent. Auto-adopts new extended commands on future versions.
+
+> **Don't use this in shared or production environments.** Pin the specific commands you need with the comma-separated form instead.
+
 > **Note on `acf import`**: included in the default allowlist because it's an idempotent dev-time schema operation (re-creates field groups from JSON). Bulk content imports use `wp import` instead, which is opt-in.
 
 ### Filesystem flag validation

package/dist/wp-cli.js

@@ -90,6 +90,7 @@ const DEFAULT_COMMANDS = [
  */
 const EXTENDED_COMMANDS = [
     'option update', // Can change site URL, admin email, active plugins
+    'option delete', // Destructive — permanently removes a WP option
     'post delete', // Destructive — permanently removes content
     'post meta delete', // Destructive — removes metadata
     'term delete', // Destructive — removes taxonomy terms
@@ -104,6 +105,14 @@ function buildAllowlist() {
     const extra = process.env.DIVIOPS_WP_CLI_ALLOW?.trim();
     if (!extra)
         return DEFAULT_COMMANDS;
+    // Wildcard sentinel — convenience for trusted local-dev environments. Grants
+    // every entry in EXTENDED_COMMANDS but does NOT unlock anything beyond it
+    // (notably: `db query` stays out — see #361 Chunk B). Always emits a startup
+    // warning so the broad grant is never silent.
+    if (extra === '*' || extra === 'all') {
+        console.warn(`[diviops] DIVIOPS_WP_CLI_ALLOW="${extra}" — granting ALL ${EXTENDED_COMMANDS.length} extended commands. Intended for trusted local-dev only.`);
+        return [...DEFAULT_COMMANDS, ...EXTENDED_COMMANDS];
+    }
     const requested = extra.split(',').map((s) => s.trim()).filter(Boolean);
     const granted = new Set(DEFAULT_COMMANDS);
     for (const cmd of requested) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@diviops/mcp-server",
-  "version": "0.2.20",
+  "version": "0.2.21",
   "description": "MCP server exposing Divi 5 Visual Builder as tools for Claude",
   "type": "module",
   "main": "dist/index.js",