@diviops/mcp-server 0.2.28 → 1.0.0

package/dist/wp-cli-fs-validator.d.ts

@@ -53,8 +53,12 @@ export declare function fsValidationDisabled(): boolean;
 export declare function ensureSafeFsRoot(safeRoot: string): void;
 /**
  * Identify which FS-sensitive command a parsed arg vector represents.
- * Returns the canonical prefix ("export", "acf export", "acf import") or
- * null if the args don't match a FS-sensitive command.
+ * Returns the canonical prefix ("export", "acf export", "scf json export"…)
+ * or null if the args don't match a FS-sensitive command.
+ *
+ * Checks 3-, 2-, then 1-word prefixes — longer matches win so that
+ * `scf json export` is identified as the SCF command (not bare `export`)
+ * even though both share the trailing word.
  */
 export declare function matchFsSensitiveCommand(args: string[]): string | null;
 /**

package/dist/wp-cli-fs-validator.js

@@ -31,11 +31,19 @@ const SAFE_FS_ROOT_OVERRIDE_ENV = 'DIVIOPS_WP_CLI_SAFE_FS_ROOT';
  * DEFAULT-tier commands whose arguments can write/read to arbitrary paths.
  * EXTENDED-tier FS commands (`import`, `eval-file`) are opt-in and not
  * validated here — opting in implies accepting the path-scope risk.
+ *
+ * SCF 6.8.4 introduced `wp scf json export|import` (and `wp acf json …`
+ * aliases). `export` takes `--dir=<directory>` (flag, like `wp export`);
+ * `import` takes a positional `<file>` path (like the legacy `acf import`).
  */
 const FS_SENSITIVE_COMMANDS = [
     'export',
     'acf export',
     'acf import',
+    'scf json export',
+    'scf json import',
+    'acf json export',
+    'acf json import',
 ];
 /**
  * Resolve the effective safe filesystem root for this wp-cli instance.
@@ -70,12 +78,19 @@ export function ensureSafeFsRoot(safeRoot) {
 }
 /**
  * Identify which FS-sensitive command a parsed arg vector represents.
- * Returns the canonical prefix ("export", "acf export", "acf import") or
- * null if the args don't match a FS-sensitive command.
+ * Returns the canonical prefix ("export", "acf export", "scf json export"…)
+ * or null if the args don't match a FS-sensitive command.
+ *
+ * Checks 3-, 2-, then 1-word prefixes — longer matches win so that
+ * `scf json export` is identified as the SCF command (not bare `export`)
+ * even though both share the trailing word.
  */
 export function matchFsSensitiveCommand(args) {
     if (args.length === 0)
         return null;
+    const threeWord = args.slice(0, 3).join(' ');
+    if (FS_SENSITIVE_COMMANDS.includes(threeWord))
+        return threeWord;
     const twoWord = args.slice(0, 2).join(' ');
     if (FS_SENSITIVE_COMMANDS.includes(twoWord))
         return twoWord;
@@ -333,5 +348,52 @@ export function validateFilesystemFlags(args, safeRoot, opts = {}) {
         }
         return { allowed: true };
     }
+    if (cmd === 'scf json export' || cmd === 'acf json export') {
+        // SCF 6.8.4's `wp scf|acf json export` uses `--dir=<dir>` (or `--stdout`)
+        // for output destination — same flag shape as `wp export`. Reuse the same
+        // extractor; `--filename_format` is `wp export`-only and irrelevant here.
+        const { dir, stdout } = extractExportFlags(args);
+        if (stdout) {
+            // Writes JSON to stdout; no FS write to validate.
+            return { allowed: true };
+        }
+        if (!dir) {
+            // Let wp-cli surface its own "must specify --dir or --stdout" error
+            // rather than returning a redundant allowlist rejection.
+            return { allowed: true };
+        }
+        const rel = rejectIfRelative(dir, `${cmd} --dir`, safeRootCanonical);
+        if (rel)
+            return rel;
+        if (!isPathUnderSafeRoot(dir, safeRootCanonical)) {
+            return {
+                allowed: false,
+                reason: `${cmd} --dir="${dir}" resolves outside the safe filesystem root ` +
+                    `"${safeRootCanonical}". Use a path under the safe root, or set ` +
+                    `${UNSAFE_FS_ENV}=1 to disable validation.`,
+            };
+        }
+        return { allowed: true };
+    }
+    if (cmd === 'scf json import' || cmd === 'acf json import') {
+        // `wp scf|acf json import <file>` — positional file path at args[3]
+        // (after the 3-word command prefix). Same safe-root rules as `acf import`.
+        const userPath = extractPositionalAfterPrefix(args, 3);
+        if (!userPath) {
+            return { allowed: true };
+        }
+        const rel = rejectIfRelative(userPath, cmd, safeRootCanonical);
+        if (rel)
+            return rel;
+        if (!isPathUnderSafeRoot(userPath, safeRootCanonical)) {
+            return {
+                allowed: false,
+                reason: `${cmd} "${userPath}" resolves outside the safe filesystem root ` +
+                    `"${safeRootCanonical}". Use a path under the safe root, or set ` +
+                    `${UNSAFE_FS_ENV}=1 to disable validation.`,
+            };
+        }
+        return { allowed: true };
+    }
     return { allowed: true };
 }

package/dist/wp-cli.d.ts

@@ -15,15 +15,31 @@ interface WpCliConfig {
 }
 export declare function createWpCli(config: WpCliConfig): {
     /**
-     * Execute a WP-CLI command. Returns stdout on success.
-     * Commands are parsed into args and validated against an allowlist.
-     * Uses execFile (no shell) to prevent command injection.
+     * Execute a WP-CLI command from a string. Parsed via parseCommand
+     * (single/double-quote toggling, no escape support). Validated against
+     * the allowlist. Uses execFile (no shell) to prevent command injection.
+     *
+     * Prefer `runArgs` from typed wrappers — it skips parseCommand entirely
+     * so user-supplied values containing apostrophes/quotes flow through
+     * verbatim instead of being mis-split.
      */
     run(command: string): Promise<{
         success: boolean;
         output: string;
         error?: string;
     }>;
+    /**
+     * Execute a WP-CLI command from a pre-built argv array. Skips
+     * parseCommand so values containing whitespace, apostrophes, or
+     * quotes pass through unmodified. Same allowlist + FS-safe-root
+     * validation as `run`. Use this from typed wrappers that already
+     * have the args structured (no string concatenation needed).
+     */
+    runArgs(args: string[]): Promise<{
+        success: boolean;
+        output: string;
+        error?: string;
+    }>;
     /** Return the list of allowed commands and available extensions. */
     getAllowedCommands(): {
         allowed: string[];

package/dist/wp-cli.js

@@ -40,6 +40,20 @@ const DEFAULT_COMMANDS = [
     'acf import',
     'acf field-group list',
     'acf field-group get',
+    // SCF 6.8.4+ adds `wp scf json {status,sync,import,export}` (also aliased as
+    // `wp acf json …`). All four are dev-time schema ops — `status`/`sync` are
+    // diff/apply against on-disk JSON, `import` re-creates DB entries from JSON,
+    // `export` writes DB schema to JSON. Same tier semantics as the legacy `acf`
+    // entries above; FS-touching subcommands (export, import) are second-pass
+    // validated below.
+    'scf json status',
+    'scf json sync',
+    'scf json import',
+    'scf json export',
+    'acf json status',
+    'acf json sync',
+    'acf json import',
+    'acf json export',
     // Users (read-only)
     'user list',
     // Cache (non-destructive maintenance)
@@ -319,66 +333,91 @@ export function createWpCli(config) {
     const runOptions = customWpCliCmd
         ? { ...execOptions, env, cwd: config.wpPath }
         : { ...execOptions, env };
-    return {
-        /**
-         * Execute a WP-CLI command. Returns stdout on success.
-         * Commands are parsed into args and validated against an allowlist.
-         * Uses execFile (no shell) to prevent command injection.
-         */
-        async run(command) {
-            const args = parseCommand(command);
-            const check = isCommandAllowed(args);
-            if (!check.allowed) {
-                return { success: false, output: '', error: check.reason };
+    // Internal argv-based runner — used by both `run(string)` (after
+    // parseCommand) and `runArgs(string[])` (skip parseCommand). Typed
+    // wrappers should call runArgs to bypass parseCommand's quote-toggling
+    // weakness: when a value contains an apostrophe (e.g. label "Bob's
+    // Group", file path /tmp/it's-fine.json), parseCommand mis-splits the
+    // argv because it treats the embedded `'` as a quote toggle. Passing
+    // pre-built argv eliminates the parsing step entirely so user-provided
+    // strings flow through verbatim — execFile (no shell) handles them
+    // correctly. Raised in PR #473 review (Copilot/Gemini both flagged).
+    const runArgv = async (args) => {
+        const check = isCommandAllowed(args);
+        if (!check.allowed) {
+            return { success: false, output: '', error: check.reason };
+        }
+        // Second-pass FS validation for commands whose flags/args can read/write
+        // arbitrary paths. Scoped to DEFAULT-tier FS commands only — EXTENDED
+        // (`import`, `eval-file`) are opt-in via DIVIOPS_WP_CLI_ALLOW, so opting
+        // in signals the caller accepts path-scope risk. Skip entirely when the
+        // user explicitly disables via DIVIOPS_WP_CLI_UNSAFE_FS=1.
+        //
+        // Wrapper mode (WP_CLI_CMD set) is gated separately inside
+        // validateFilesystemFlags — host-derived safe roots don't correspond to
+        // the wrapper's filesystem namespace, so the validator requires an
+        // explicit DIVIOPS_WP_CLI_SAFE_FS_ROOT there. We also skip the host-side
+        // mkdir in wrapper mode since the safe root is either container-scoped
+        // (user-managed) or unset (validator rejects).
+        if (!fsValidationDisabled() && matchFsSensitiveCommand(args)) {
+            const safeRoot = resolveSafeFsRoot(config.wpPath);
+            if (!customWpCliCmd) {
+                ensureSafeFsRoot(safeRoot);
             }
-            // Second-pass FS validation for commands whose flags/args can read/write
-            // arbitrary paths. Scoped to DEFAULT-tier FS commands only — EXTENDED
-            // (`import`, `eval-file`) are opt-in via DIVIOPS_WP_CLI_ALLOW, so opting
-            // in signals the caller accepts path-scope risk. Skip entirely when the
-            // user explicitly disables via DIVIOPS_WP_CLI_UNSAFE_FS=1.
-            //
-            // Wrapper mode (WP_CLI_CMD set) is gated separately inside
-            // validateFilesystemFlags — host-derived safe roots don't correspond to
-            // the wrapper's filesystem namespace, so the validator requires an
-            // explicit DIVIOPS_WP_CLI_SAFE_FS_ROOT there. We also skip the host-side
-            // mkdir in wrapper mode since the safe root is either container-scoped
-            // (user-managed) or unset (validator rejects).
-            if (!fsValidationDisabled() && matchFsSensitiveCommand(args)) {
-                const safeRoot = resolveSafeFsRoot(config.wpPath);
-                if (!customWpCliCmd) {
-                    ensureSafeFsRoot(safeRoot);
+            const fsCheck = validateFilesystemFlags(args, safeRoot, {
+                isWrapper: !!customWpCliCmd,
+            });
+            if (!fsCheck.allowed) {
+                return { success: false, output: '', error: fsCheck.reason };
+            }
+        }
+        const fullArgs = customWpCliCmd
+            ? [...prefixArgs, ...args, '--no-color']
+            : [...args, `--path=${config.wpPath}`, '--no-color'];
+        return new Promise((resolve) => {
+            execFile(executable, fullArgs, runOptions, (error, stdout, stderr) => {
+                // Filter PHP deprecation warnings from output
+                const output = (stdout + '\n' + stderr)
+                    .split('\n')
+                    .filter((line) => !line.includes('Deprecated:') && !line.includes('PHP Deprecated'))
+                    .join('\n')
+                    .trim();
+                if (error) {
+                    const detail = error.killed
+                        ? 'Command timed out'
+                        : error.signal
+                            ? `Killed by signal ${error.signal}`
+                            : `Exit code ${error.code ?? 'unknown'}`;
+                    resolve({ success: false, output, error: detail });
                 }
-                const fsCheck = validateFilesystemFlags(args, safeRoot, {
-                    isWrapper: !!customWpCliCmd,
-                });
-                if (!fsCheck.allowed) {
-                    return { success: false, output: '', error: fsCheck.reason };
+                else {
+                    resolve({ success: true, output });
                 }
-            }
-            const fullArgs = customWpCliCmd
-                ? [...prefixArgs, ...args, '--no-color']
-                : [...args, `--path=${config.wpPath}`, '--no-color'];
-            return new Promise((resolve) => {
-                execFile(executable, fullArgs, runOptions, (error, stdout, stderr) => {
-                    // Filter PHP deprecation warnings from output
-                    const output = (stdout + '\n' + stderr)
-                        .split('\n')
-                        .filter((line) => !line.includes('Deprecated:') && !line.includes('PHP Deprecated'))
-                        .join('\n')
-                        .trim();
-                    if (error) {
-                        const detail = error.killed
-                            ? 'Command timed out'
-                            : error.signal
-                                ? `Killed by signal ${error.signal}`
-                                : `Exit code ${error.code ?? 'unknown'}`;
-                        resolve({ success: false, output, error: detail });
-                    }
-                    else {
-                        resolve({ success: true, output });
-                    }
-                });
             });
+        });
+    };
+    return {
+        /**
+         * Execute a WP-CLI command from a string. Parsed via parseCommand
+         * (single/double-quote toggling, no escape support). Validated against
+         * the allowlist. Uses execFile (no shell) to prevent command injection.
+         *
+         * Prefer `runArgs` from typed wrappers — it skips parseCommand entirely
+         * so user-supplied values containing apostrophes/quotes flow through
+         * verbatim instead of being mis-split.
+         */
+        async run(command) {
+            return runArgv(parseCommand(command));
+        },
+        /**
+         * Execute a WP-CLI command from a pre-built argv array. Skips
+         * parseCommand so values containing whitespace, apostrophes, or
+         * quotes pass through unmodified. Same allowlist + FS-safe-root
+         * validation as `run`. Use this from typed wrappers that already
+         * have the args structured (no string concatenation needed).
+         */
+        async runArgs(args) {
+            return runArgv(args);
         },
         /** Return the list of allowed commands and available extensions. */
         getAllowedCommands() {

package/dist/wp-client.js

@@ -26,7 +26,7 @@ import { MIN_PLUGIN_VERSION, compareVersions, } from './compatibility.js';
  *   `0022` into emitted CSS).
  *
  * Under-escape (#409 fix). One form produced when an agent transcribes
- * `get_section` markup (which emits inner quotes as `"` HTML entities) and
+ * `section_get` markup (which emits inner quotes as `"` HTML entities) and
  * a layer in the agent → MCP → WP pipeline strips one level of escaping:
  *   - bare `"` (1 byte) — the inner quote loses its `\` prefix and prematurely
  *     terminates the OUTER block-attrs string at parse time. The WP block
@@ -67,8 +67,8 @@ function normalizeQuoteEscapes(s) {
  */
 const BLOCK_CONTENT_KEYS = new Set([
     'content', // update_page_content, render_preview, validate_blocks,
-    // append_section, replace_section, update_tb_layout,
-    // save_to_library, create_page
+    // section_append, section_replace, update_tb_layout,
+    // library_save, create_page
     'attrs', // update_module — attr values embedded in block JSON
     'header_content', // create_tb_template
     'footer_content', // create_tb_template
@@ -147,7 +147,7 @@ export class WPClient {
      */
     async testConnection() {
         try {
-            const result = await this.request('/settings');
+            const result = await this.request('/schema/settings');
             return {
                 ok: true,
                 message: `Connected to Divi ${result.builder?.version ?? 'unknown'}`,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@diviops/mcp-server",
-  "version": "0.2.28",
+  "version": "1.0.0",
   "description": "MCP server exposing Divi 5 Visual Builder as tools for Claude",
   "type": "module",
   "main": "dist/index.js",