npm - @respira/wordpress-mcp-server - Versions diffs - 6.11.13 → 6.13.0 - Mend

@respira/wordpress-mcp-server 6.11.13 → 6.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/server.d.ts +13 -0
package/dist/server.d.ts.map +1 -1
package/dist/server.js +268 -140
package/dist/server.js.map +1 -1
package/dist/wordpress-client.d.ts +18 -1
package/dist/wordpress-client.d.ts.map +1 -1
package/dist/wordpress-client.js +108 -16
package/dist/wordpress-client.js.map +1 -1
package/package.json +2 -2

package/package.json CHANGED Viewed

@@ -1,13 +1,13 @@
 {
   "name": "@respira/wordpress-mcp-server",
-  "version": "6.11.13",
+  "version": "6.13.0",
   "mcpName": "io.github.webmyc/respira-wordpress",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/webmyc/respira-wordpress.git",
     "directory": "mcp-server"
   },
-  "description": "180+ MCP tools for WordPress — the only MCP server with native page builder support and context-aware tool filtering. v6.11.13: five customer-driven fixes that pair with plugin v7.0.16. (1) wordpress_extract_builder_content now auto-detects the active site builder when the `builder` arg is omitted (calls /context/builder-info first, then routes); pre-6.11.13 the WP-side dispatcher returned WordPress server error (500): Builder \"undefined\" not supported because the schema marked builder required. (2) wordpress_update_element exposes editTarget=live|duplicate matching update_module / update_page_v2; the response now always carries target_id, original_id, edit_target, is_duplicate, duplicate_created, post_status, and post_type so a duplicate-routed write cannot be mistaken for a live-page change (N.M. on the customer site lost five days on this). (3) wordpress_inject_builder_content threads confirm_replace through the call surface — the plugin v7.0.16 endpoint returns 409 respira_replace_confirmation_required when the page already has content and the caller asks for replace, so agents must either pass mode=append (preserve) or mode=replace + confirm_replace=true (overwrite); P.S. on the customer site lost two rows to silent replace pre-7.0.16. (4) Server self-identifies as the actual installed version instead of a stale literal — pre-6.11.13 the handshake and instructions both returned MCP_SERVER_VERSION='6.11.4', a hand-bumped constant that never tracked npm publishes (K.B. on the customer site upgraded to 6.11.12 and every introspection call still reported 6.11.4); now read from package.json at module load. (5) wordpress_diagnose_connection probes OPTIONS /wp-json/respira/v1/ping alongside GET and surfaces write_method_blocked: true with a layer-specific recommendation when GET returns 2xx but OPTIONS returns 4xx/5xx — catches Cloudflare custom rules that block non-GET methods at the edge before requests reach WordPress (the customer's CF rule \"Bad Bot - Action Block\" blocked PUT/PATCH/DELETE/OPTIONS for every URI path including /wp-json/respira/, with no plugin-side trace; the diagnostic now includes the literal CF expression `and not (http.request.uri.path contains \"/wp-json/respira/\")` to append to the rule). v6.11.12: wordpress_delete_page now returns the WordPress response body and auto-sends confirm_live_edit=true alongside force=true, so the caller actually sees what happened (success / error / approval_required) instead of an empty {site:...} wrap from the harness — pre-6.11.12 the method was typed Promise<void> and discarded the response, which made every delete attempt look like a silent no-op even when the WP handler had returned an actionable error. Reported by Drew Daltrey on respirademo3.uk.w3pcloud.com. Pairs with plugin v7.0.15 (Connect Automatically + install_plugin + delete_page customer-facing hotfix). v6.11.11: surface validator rule errors from WordPress 7.0.9 (data.errors and data.warnings render inline in Debug details), strip UTF-8 BOM from config files on Windows (PowerShell Set-Content -Encoding UTF8 silently writes a BOM that breaks JSON.parse). v6.11.10: expose approval_token on plugin tool schemas. v6.11.2: auto-fallback to ?rest_route= when WordPress rewrite rules shadow /wp-json/[anything] and trigger redirect_canonical() (homepage 301 with x-redirect-by: WordPress) — transparent retry, per-session sticky flag so subsequent calls go directly to the fallback, one stderr warning on first activation per site, new forceRestRoute site-config flag for sites where the rewrite shadowing is known and stable. wordpress_diagnose_connection now also probes /?rest_route=/respira/v1/ping and reports rest_route_fallback_worked / rest_route_fallback_active / force_rest_route_configured for triangulation. v6.11.1: snake_case sweep across the tool catalog (14 keys, 46 schema occurrences, 21 dispatcher reads) — postId → post_id, perPage → per_page, editTarget → edit_target, originalId → original_id, customCss → custom_css, skipSecurityCheck → skip_security_check, featuredMedia → featured_media, plus 7 more — with one release of bidirectional camelCase back-compat (stderr deprecation warnings, removal target mcp-v6.13). v6.11.0: new wordpress_diagnose_connection tool runs a full self-check battery and reports back which layer is intercepting (extracts page <title> from any HTML response so you immediately know which layer is sending the redirect, detects edge-layer presence — Cloudflare cf-ray, Wordfence x-wordfence-*, Sucuri x-sucuri-*); wordpress_remove_element schema accepts identifier_type + identifier_value matching the plugin REST surface; wordpress_switch_site renamed siteId → site_id matching the rest of the catalog. v6.6.5: Oxygen 6 detection finally works on Soflyy builds that ship without an /engine or /jenga subfolder — version-header disambiguator (>=5.0 = Oxygen 6, Classic peaks at 4.x), Oxygen Zero Theme fallback, lazy-load of get_plugin_data on REST. New debug=true param on respira_get_builder_info returns per-builder detection_signals so future 'not detected' reports come with a single diagnostic block. v6.6.4: upload-hang killer — per-call watchdog on every tool (default 120s, RESPIRA_MAX_TOOL_TIMEOUT_MS) so one stuck handler can't wedge the whole stdio session; respira_upload_media now has a hard AbortController abort and 50 MB preflight (RESPIRA_UPLOAD_TIMEOUT_MS, RESPIRA_MAX_UPLOAD_MB); structured tool_timeout error. Post CRUD now returns author_info, taxonomies, and featured_media by default, and respira_create_custom_post / respira_update_post / respira_update_custom_post accept author, categories, tags, taxonomies, and featured_media inline — the full 'same category and author as post X' pattern now works in one call. v6.3: structuredContent in all tool results (MCP 2025-06-18 spec compliance), improved error taxonomy with self-correction hints. v6.2: Elementor conversion validator (7 rendering fidelity rules + auto-fix), per-site tool allowlist (whitelist/blacklist/presets), approval-required on destructive tools. 12 builders (Elementor, Divi 4+5, Bricks, Gutenberg, WPBakery, Oxygen, Beaver Builder, Brizy, Visual Composer, Thrive, Breakdance, Flatsome). Bricks Deep Intelligence (20 tools), Elementor Deep Intelligence (9 tools), WooCommerce Commerce (36 tools). Element-level editing, full page creation, HTML-to-builder conversion, WCAG accessibility, stock images, bulk operations. Setup: npx add-mcp for auto-config, --setup wizard, --doctor diagnostics. Duplicate-before-edit safety. Skills marketplace with 26 AI workflows.",
+  "description": "180+ MCP tools for WordPress — the only MCP server with native page builder support and context-aware tool filtering. v6.13.0 (pairs with plugin v7.0.31): two new tools driven by the cekt.ro feature request — (1) wordpress_get_page_outline returns a row-level outline of any builder page (one entry per top-level row with type/kind/primary_heading/child_count/child_types), lighter than extract_builder_content and designed for the common 'what is the structure of this page' read; (2) wordpress_get_builder_inline_schemas returns per-shortcode attribute schemas, populated for WPBakery + Uncode + TagDiv via vc_map() at runtime (cached 1h transient plugin-side). Plus wordpress_find_builder_targets pagination upgrade: true total_matches independent of limit, new offset + has_more + next_offset fields, and populated label/admin_label/text on WPBakery + Uncode targets (pre-v6.13 every WPBakery target came back with label: null, forcing callers to grep raw shortcode previews). Divi 5 _nodeId fallback in find_builder_targets so targets without a top-level `id` round-trip via update_element. v6.12.0: five customer-driven fixes that pair with plugin v7.0.16. (1) wordpress_extract_builder_content now auto-detects the active site builder when the `builder` arg is omitted (calls /context/builder-info first, then routes); pre-6.11.13 the WP-side dispatcher returned WordPress server error (500): Builder \"undefined\" not supported because the schema marked builder required. (2) wordpress_update_element exposes editTarget=live|duplicate matching update_module / update_page_v2; the response now always carries target_id, original_id, edit_target, is_duplicate, duplicate_created, post_status, and post_type so a duplicate-routed write cannot be mistaken for a live-page change (N.M. on the customer site lost five days on this). (3) wordpress_inject_builder_content threads confirm_replace through the call surface — the plugin v7.0.16 endpoint returns 409 respira_replace_confirmation_required when the page already has content and the caller asks for replace, so agents must either pass mode=append (preserve) or mode=replace + confirm_replace=true (overwrite); P.S. on the customer site lost two rows to silent replace pre-7.0.16. (4) Server self-identifies as the actual installed version instead of a stale literal — pre-6.11.13 the handshake and instructions both returned MCP_SERVER_VERSION='6.11.4', a hand-bumped constant that never tracked npm publishes (K.B. on the customer site upgraded to 6.11.12 and every introspection call still reported 6.11.4); now read from package.json at module load. (5) wordpress_diagnose_connection probes OPTIONS /wp-json/respira/v1/ping alongside GET and surfaces write_method_blocked: true with a layer-specific recommendation when GET returns 2xx but OPTIONS returns 4xx/5xx — catches Cloudflare custom rules that block non-GET methods at the edge before requests reach WordPress (the customer's CF rule \"Bad Bot - Action Block\" blocked PUT/PATCH/DELETE/OPTIONS for every URI path including /wp-json/respira/, with no plugin-side trace; the diagnostic now includes the literal CF expression `and not (http.request.uri.path contains \"/wp-json/respira/\")` to append to the rule). v6.11.12: wordpress_delete_page now returns the WordPress response body and auto-sends confirm_live_edit=true alongside force=true, so the caller actually sees what happened (success / error / approval_required) instead of an empty {site:...} wrap from the harness — pre-6.11.12 the method was typed Promise<void> and discarded the response, which made every delete attempt look like a silent no-op even when the WP handler had returned an actionable error. Reported by Drew Daltrey on respirademo3.uk.w3pcloud.com. Pairs with plugin v7.0.15 (Connect Automatically + install_plugin + delete_page customer-facing hotfix). v6.11.11: surface validator rule errors from WordPress 7.0.9 (data.errors and data.warnings render inline in Debug details), strip UTF-8 BOM from config files on Windows (PowerShell Set-Content -Encoding UTF8 silently writes a BOM that breaks JSON.parse). v6.11.10: expose approval_token on plugin tool schemas. v6.11.2: auto-fallback to ?rest_route= when WordPress rewrite rules shadow /wp-json/[anything] and trigger redirect_canonical() (homepage 301 with x-redirect-by: WordPress) — transparent retry, per-session sticky flag so subsequent calls go directly to the fallback, one stderr warning on first activation per site, new forceRestRoute site-config flag for sites where the rewrite shadowing is known and stable. wordpress_diagnose_connection now also probes /?rest_route=/respira/v1/ping and reports rest_route_fallback_worked / rest_route_fallback_active / force_rest_route_configured for triangulation. v6.11.1: snake_case sweep across the tool catalog (14 keys, 46 schema occurrences, 21 dispatcher reads) — postId → post_id, perPage → per_page, editTarget → edit_target, originalId → original_id, customCss → custom_css, skipSecurityCheck → skip_security_check, featuredMedia → featured_media, plus 7 more — with one release of bidirectional camelCase back-compat (stderr deprecation warnings, removal target mcp-v6.13). v6.11.0: new wordpress_diagnose_connection tool runs a full self-check battery and reports back which layer is intercepting (extracts page <title> from any HTML response so you immediately know which layer is sending the redirect, detects edge-layer presence — Cloudflare cf-ray, Wordfence x-wordfence-*, Sucuri x-sucuri-*); wordpress_remove_element schema accepts identifier_type + identifier_value matching the plugin REST surface; wordpress_switch_site renamed siteId → site_id matching the rest of the catalog. v6.6.5: Oxygen 6 detection finally works on Soflyy builds that ship without an /engine or /jenga subfolder — version-header disambiguator (>=5.0 = Oxygen 6, Classic peaks at 4.x), Oxygen Zero Theme fallback, lazy-load of get_plugin_data on REST. New debug=true param on respira_get_builder_info returns per-builder detection_signals so future 'not detected' reports come with a single diagnostic block. v6.6.4: upload-hang killer — per-call watchdog on every tool (default 120s, RESPIRA_MAX_TOOL_TIMEOUT_MS) so one stuck handler can't wedge the whole stdio session; respira_upload_media now has a hard AbortController abort and 50 MB preflight (RESPIRA_UPLOAD_TIMEOUT_MS, RESPIRA_MAX_UPLOAD_MB); structured tool_timeout error. Post CRUD now returns author_info, taxonomies, and featured_media by default, and respira_create_custom_post / respira_update_post / respira_update_custom_post accept author, categories, tags, taxonomies, and featured_media inline — the full 'same category and author as post X' pattern now works in one call. v6.3: structuredContent in all tool results (MCP 2025-06-18 spec compliance), improved error taxonomy with self-correction hints. v6.2: Elementor conversion validator (7 rendering fidelity rules + auto-fix), per-site tool allowlist (whitelist/blacklist/presets), approval-required on destructive tools. 12 builders (Elementor, Divi 4+5, Bricks, Gutenberg, WPBakery, Oxygen, Beaver Builder, Brizy, Visual Composer, Thrive, Breakdance, Flatsome). Bricks Deep Intelligence (20 tools), Elementor Deep Intelligence (9 tools), WooCommerce Commerce (36 tools). Element-level editing, full page creation, HTML-to-builder conversion, WCAG accessibility, stock images, bulk operations. Setup: npx add-mcp for auto-config, --setup wizard, --doctor diagnostics. Duplicate-before-edit safety. Skills marketplace with 26 AI workflows.",
   "main": "dist/index.js",
   "bin": {
     "wordpress-mcp-server": "./dist/index.js",