npm - mcp-wordpress - Versions diffs - 1.1.7 → 1.2.2 - Mend

mcp-wordpress 1.1.7 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (255) hide show

package/README.md +388 -66
package/dist/cache/CacheInvalidation.d.ts +118 -0
package/dist/cache/CacheInvalidation.d.ts.map +1 -0
package/dist/cache/CacheInvalidation.js +349 -0
package/dist/cache/CacheInvalidation.js.map +1 -0
package/dist/cache/CacheManager.d.ts +143 -0
package/dist/cache/CacheManager.d.ts.map +1 -0
package/dist/cache/CacheManager.js +308 -0
package/dist/cache/CacheManager.js.map +1 -0
package/dist/cache/HttpCacheWrapper.d.ts +121 -0
package/dist/cache/HttpCacheWrapper.d.ts.map +1 -0
package/dist/cache/HttpCacheWrapper.js +280 -0
package/dist/cache/HttpCacheWrapper.js.map +1 -0
package/dist/cache/__tests__/CacheInvalidation.test.d.ts +5 -0
package/dist/cache/__tests__/CacheInvalidation.test.d.ts.map +1 -0
package/dist/cache/__tests__/CacheInvalidation.test.js +236 -0
package/dist/cache/__tests__/CacheInvalidation.test.js.map +1 -0
package/dist/cache/__tests__/CacheManager.test.d.ts +5 -0
package/dist/cache/__tests__/CacheManager.test.d.ts.map +1 -0
package/dist/cache/__tests__/CacheManager.test.js +233 -0
package/dist/cache/__tests__/CacheManager.test.js.map +1 -0
package/dist/cache/__tests__/CachedWordPressClient.test.d.ts +5 -0
package/dist/cache/__tests__/CachedWordPressClient.test.d.ts.map +1 -0
package/dist/cache/__tests__/CachedWordPressClient.test.js +228 -0
package/dist/cache/__tests__/CachedWordPressClient.test.js.map +1 -0
package/dist/cache/__tests__/HttpCacheWrapper.test.d.ts +5 -0
package/dist/cache/__tests__/HttpCacheWrapper.test.d.ts.map +1 -0
package/dist/cache/__tests__/HttpCacheWrapper.test.js +296 -0
package/dist/cache/__tests__/HttpCacheWrapper.test.js.map +1 -0
package/dist/cache/index.d.ts +12 -0
package/dist/cache/index.d.ts.map +1 -0
package/dist/cache/index.js +9 -0
package/dist/cache/index.js.map +1 -0
package/dist/client/CachedWordPressClient.d.ts +160 -0
package/dist/client/CachedWordPressClient.d.ts.map +1 -0
package/dist/client/CachedWordPressClient.js +338 -0
package/dist/client/CachedWordPressClient.js.map +1 -0
package/dist/client/WordPressClient.d.ts +81 -0
package/dist/client/WordPressClient.d.ts.map +1 -0
package/dist/client/WordPressClient.js +354 -0
package/dist/client/WordPressClient.js.map +1 -0
package/dist/config/ConfigurationSchema.d.ts +281 -0
package/dist/config/ConfigurationSchema.d.ts.map +1 -0
package/dist/config/ConfigurationSchema.js +205 -0
package/dist/config/ConfigurationSchema.js.map +1 -0
package/dist/config/ServerConfiguration.d.ts +38 -0
package/dist/config/ServerConfiguration.d.ts.map +1 -0
package/dist/config/ServerConfiguration.js +158 -0
package/dist/config/ServerConfiguration.js.map +1 -0
package/dist/docs/DocumentationGenerator.d.ts +184 -0
package/dist/docs/DocumentationGenerator.d.ts.map +1 -0
package/dist/docs/DocumentationGenerator.js +735 -0
package/dist/docs/DocumentationGenerator.js.map +1 -0
package/dist/docs/MarkdownFormatter.d.ts +84 -0
package/dist/docs/MarkdownFormatter.d.ts.map +1 -0
package/dist/docs/MarkdownFormatter.js +448 -0
package/dist/docs/MarkdownFormatter.js.map +1 -0
package/dist/docs/index.d.ts +8 -0
package/dist/docs/index.d.ts.map +1 -0
package/dist/docs/index.js +7 -0
package/dist/docs/index.js.map +1 -0
package/dist/index.d.ts +1 -4
package/dist/index.d.ts.map +1 -1
package/dist/index.js +12 -212
package/dist/index.js.map +1 -1
package/dist/performance/AnomalyDetector.d.ts +63 -0
package/dist/performance/AnomalyDetector.d.ts.map +1 -0
package/dist/performance/AnomalyDetector.js +222 -0
package/dist/performance/AnomalyDetector.js.map +1 -0
package/dist/performance/BenchmarkAnalyzer.d.ts +67 -0
package/dist/performance/BenchmarkAnalyzer.d.ts.map +1 -0
package/dist/performance/BenchmarkAnalyzer.js +301 -0
package/dist/performance/BenchmarkAnalyzer.js.map +1 -0
package/dist/performance/MetricsCollector.d.ts +139 -0
package/dist/performance/MetricsCollector.d.ts.map +1 -0
package/dist/performance/MetricsCollector.js +320 -0
package/dist/performance/MetricsCollector.js.map +1 -0
package/dist/performance/PerformanceAnalytics.d.ts +162 -0
package/dist/performance/PerformanceAnalytics.d.ts.map +1 -0
package/dist/performance/PerformanceAnalytics.js +554 -0
package/dist/performance/PerformanceAnalytics.js.map +1 -0
package/dist/performance/PerformanceMonitor.d.ts +202 -0
package/dist/performance/PerformanceMonitor.d.ts.map +1 -0
package/dist/performance/PerformanceMonitor.js +478 -0
package/dist/performance/PerformanceMonitor.js.map +1 -0
package/dist/performance/TrendAnalyzer.d.ts +69 -0
package/dist/performance/TrendAnalyzer.d.ts.map +1 -0
package/dist/performance/TrendAnalyzer.js +203 -0
package/dist/performance/TrendAnalyzer.js.map +1 -0
package/dist/performance/index.d.ts +11 -0
package/dist/performance/index.d.ts.map +1 -0
package/dist/performance/index.js +8 -0
package/dist/performance/index.js.map +1 -0
package/dist/security/InputValidator.d.ts +215 -0
package/dist/security/InputValidator.d.ts.map +1 -0
package/dist/security/InputValidator.js +278 -0
package/dist/security/InputValidator.js.map +1 -0
package/dist/security/SecurityConfig.d.ts +129 -0
package/dist/security/SecurityConfig.d.ts.map +1 -0
package/dist/security/SecurityConfig.js +262 -0
package/dist/security/SecurityConfig.js.map +1 -0
package/dist/server/ConnectionTester.d.ts +24 -0
package/dist/server/ConnectionTester.d.ts.map +1 -0
package/dist/server/ConnectionTester.js +61 -0
package/dist/server/ConnectionTester.js.map +1 -0
package/dist/server/ToolRegistry.d.ts +46 -0
package/dist/server/ToolRegistry.d.ts.map +1 -0
package/dist/server/ToolRegistry.js +148 -0
package/dist/server/ToolRegistry.js.map +1 -0
package/dist/tools/BaseToolClass.d.ts +76 -0
package/dist/tools/BaseToolClass.d.ts.map +1 -0
package/dist/tools/BaseToolClass.js +104 -0
package/dist/tools/BaseToolClass.js.map +1 -0
package/dist/tools/BaseToolManager.d.ts +26 -0
package/dist/tools/BaseToolManager.d.ts.map +1 -0
package/dist/tools/BaseToolManager.js +56 -0
package/dist/tools/BaseToolManager.js.map +1 -0
package/dist/tools/base.d.ts +37 -0
package/dist/tools/base.d.ts.map +1 -0
package/dist/tools/base.js +60 -0
package/dist/tools/base.js.map +1 -0
package/dist/tools/cache.d.ts +260 -0
package/dist/tools/cache.d.ts.map +1 -0
package/dist/tools/cache.js +237 -0
package/dist/tools/cache.js.map +1 -0
package/dist/tools/index.d.ts +2 -0
package/dist/tools/index.d.ts.map +1 -1
package/dist/tools/index.js +2 -0
package/dist/tools/index.js.map +1 -1
package/dist/tools/performance.d.ts +63 -0
package/dist/tools/performance.d.ts.map +1 -0
package/dist/tools/performance.js +865 -0
package/dist/tools/performance.js.map +1 -0
package/dist/types/client.d.ts +1 -0
package/dist/types/client.d.ts.map +1 -1
package/dist/types/client.js.map +1 -1
package/dist/utils/toolWrapper.d.ts +4 -0
package/dist/utils/toolWrapper.d.ts.map +1 -1
package/dist/utils/toolWrapper.js +11 -0
package/dist/utils/toolWrapper.js.map +1 -1
package/dist/utils/validation.d.ts +68 -0
package/dist/utils/validation.d.ts.map +1 -0
package/dist/utils/validation.js +185 -0
package/dist/utils/validation.js.map +1 -0
package/docs/CACHING.md +340 -0
package/docs/DOCKER.md +451 -0
package/docs/PERFORMANCE_MONITORING.md +471 -0
package/docs/SECURITY_TESTING.md +393 -0
package/docs/api/README.md +200 -0
package/docs/api/categories/auth.md +40 -0
package/docs/api/categories/cache.md +41 -0
package/docs/api/categories/comment.md +44 -0
package/docs/api/categories/media.md +43 -0
package/docs/api/categories/page.md +43 -0
package/docs/api/categories/performance.md +44 -0
package/docs/api/categories/post.md +43 -0
package/docs/api/categories/site.md +43 -0
package/docs/api/categories/taxonomy.md +47 -0
package/docs/api/categories/user.md +43 -0
package/docs/api/openapi.json +3305 -0
package/docs/api/summary.json +12 -0
package/docs/api/tools/wp_approve_comment.md +98 -0
package/docs/api/tools/wp_cache_clear.md +120 -0
package/docs/api/tools/wp_cache_info.md +119 -0
package/docs/api/tools/wp_cache_stats.md +119 -0
package/docs/api/tools/wp_cache_warm.md +119 -0
package/docs/api/tools/wp_create_application_password.md +102 -0
package/docs/api/tools/wp_create_category.md +102 -0
package/docs/api/tools/wp_create_comment.md +128 -0
package/docs/api/tools/wp_create_page.md +135 -0
package/docs/api/tools/wp_create_post.md +147 -0
package/docs/api/tools/wp_create_tag.md +101 -0
package/docs/api/tools/wp_create_user.md +135 -0
package/docs/api/tools/wp_delete_application_password.md +101 -0
package/docs/api/tools/wp_delete_category.md +100 -0
package/docs/api/tools/wp_delete_comment.md +101 -0
package/docs/api/tools/wp_delete_media.md +108 -0
package/docs/api/tools/wp_delete_page.md +108 -0
package/docs/api/tools/wp_delete_post.md +117 -0
package/docs/api/tools/wp_delete_tag.md +100 -0
package/docs/api/tools/wp_delete_user.md +108 -0
package/docs/api/tools/wp_get_application_passwords.md +103 -0
package/docs/api/tools/wp_get_auth_status.md +101 -0
package/docs/api/tools/wp_get_category.md +103 -0
package/docs/api/tools/wp_get_comment.md +103 -0
package/docs/api/tools/wp_get_current_user.md +101 -0
package/docs/api/tools/wp_get_media.md +103 -0
package/docs/api/tools/wp_get_page.md +103 -0
package/docs/api/tools/wp_get_page_revisions.md +103 -0
package/docs/api/tools/wp_get_post.md +112 -0
package/docs/api/tools/wp_get_post_revisions.md +103 -0
package/docs/api/tools/wp_get_site_settings.md +108 -0
package/docs/api/tools/wp_get_tag.md +103 -0
package/docs/api/tools/wp_get_user.md +103 -0
package/docs/api/tools/wp_list_categories.md +111 -0
package/docs/api/tools/wp_list_comments.md +111 -0
package/docs/api/tools/wp_list_media.md +145 -0
package/docs/api/tools/wp_list_pages.md +145 -0
package/docs/api/tools/wp_list_posts.md +156 -0
package/docs/api/tools/wp_list_tags.md +110 -0
package/docs/api/tools/wp_list_users.md +111 -0
package/docs/api/tools/wp_performance_alerts.md +162 -0
package/docs/api/tools/wp_performance_benchmark.md +160 -0
package/docs/api/tools/wp_performance_export.md +162 -0
package/docs/api/tools/wp_performance_history.md +161 -0
package/docs/api/tools/wp_performance_optimize.md +162 -0
package/docs/api/tools/wp_performance_stats.md +160 -0
package/docs/api/tools/wp_search_site.md +99 -0
package/docs/api/tools/wp_spam_comment.md +98 -0
package/docs/api/tools/wp_switch_auth_method.md +122 -0
package/docs/api/tools/wp_test_auth.md +96 -0
package/docs/api/tools/wp_update_category.md +102 -0
package/docs/api/tools/wp_update_comment.md +127 -0
package/docs/api/tools/wp_update_media.md +129 -0
package/docs/api/tools/wp_update_page.md +135 -0
package/docs/api/tools/wp_update_post.md +144 -0
package/docs/api/tools/wp_update_site_settings.md +127 -0
package/docs/api/tools/wp_update_tag.md +102 -0
package/docs/api/tools/wp_update_user.md +134 -0
package/docs/api/tools/wp_upload_media.md +131 -0
package/docs/api/types/WordPressPost.md +39 -0
package/docs/contract-testing.md +183 -0
package/docs/developer/NPM_AUTH_SETUP.md +3 -3
package/docs/wordpress-rest-api-authentication-troubleshooting.md +218 -0
package/package.json +84 -64
package/src/cache/CacheInvalidation.ts +421 -0
package/src/cache/CacheManager.ts +391 -0
package/src/cache/HttpCacheWrapper.ts +372 -0
package/src/cache/__tests__/CacheInvalidation.test.ts +299 -0
package/src/cache/__tests__/CacheManager.test.ts +300 -0
package/src/cache/__tests__/CachedWordPressClient.test.ts +304 -0
package/src/cache/__tests__/HttpCacheWrapper.test.ts +359 -0
package/src/cache/index.ts +26 -0
package/src/client/CachedWordPressClient.ts +442 -0
package/src/config/ConfigurationSchema.ts +246 -0
package/src/config/ServerConfiguration.ts +215 -0
package/src/docs/DocumentationGenerator.ts +952 -0
package/src/docs/MarkdownFormatter.ts +494 -0
package/src/docs/index.ts +21 -0
package/src/index.ts +14 -274
package/src/performance/MetricsCollector.ts +447 -0
package/src/performance/PerformanceAnalytics.ts +762 -0
package/src/performance/PerformanceMonitor.ts +649 -0
package/src/performance/index.ts +28 -0
package/src/security/InputValidator.ts +319 -0
package/src/security/SecurityConfig.ts +301 -0
package/src/server/ConnectionTester.ts +74 -0
package/src/server/ToolRegistry.ts +194 -0
package/src/tools/BaseToolManager.ts +66 -0
package/src/tools/cache.ts +259 -0
package/src/tools/index.ts +2 -0
package/src/tools/performance.ts +948 -0
package/src/types/client.ts +1 -0
package/src/utils/toolWrapper.ts +11 -0
package/src/utils/validation.ts +259 -0

package/src/types/client.ts CHANGED Viewed

@@ -72,6 +72,7 @@ export interface RequestOptions {
   timeout?: number;
   retries?: number;
   signal?: AbortSignal;
+  params?: any;
 }
 // API Response Wrapper

package/src/utils/toolWrapper.ts CHANGED Viewed

@@ -103,3 +103,14 @@ export function formatErrorResponse(operation: string, error: any): never {
   const message = getErrorMessage(error);
   throw new Error(`${operation}: ${message}`);
 }
+/**
+ * Simple tool wrapper for standalone async functions
+ */
+export async function toolWrapper<T>(fn: () => Promise<T>): Promise<T> {
+  try {
+    return await fn();
+  } catch (error) {
+    throw new Error(getErrorMessage(error));
+  }
+}

package/src/utils/validation.ts ADDED Viewed

@@ -0,0 +1,259 @@
+import * as path from 'path';
+import { WordPressAPIError } from '../types/client.js';
+/**
+ * Security-focused validation utilities for MCP WordPress
+ */
+/**
+ * Validates and sanitizes numeric IDs
+ */
+export function validateId(id: any, fieldName: string = 'id'): number {
+  const numId = parseInt(String(id), 10);
+  if (isNaN(numId) || numId <= 0) {
+    throw new WordPressAPIError(`Invalid ${fieldName}: must be a positive number`, 400, 'INVALID_PARAMETER');
+  }
+  return numId;
+}
+/**
+ * Validates string length within bounds
+ */
+export function validateString(
+  value: any,
+  fieldName: string,
+  minLength: number = 1,
+  maxLength: number = 1000
+): string {
+  if (typeof value !== 'string') {
+    throw new WordPressAPIError(`Invalid ${fieldName}: must be a string`, 400, 'INVALID_PARAMETER');
+  }
+  const trimmed = value.trim();
+  if (trimmed.length < minLength || trimmed.length > maxLength) {
+    throw new WordPressAPIError(
+      `Invalid ${fieldName}: length must be between ${minLength} and ${maxLength} characters`,
+      400,
+      'INVALID_PARAMETER'
+    );
+  }
+  return trimmed;
+}
+/**
+ * Validates and sanitizes file paths to prevent directory traversal
+ */
+export function validateFilePath(userPath: string, allowedBasePath: string): string {
+  // Normalize the path to remove ../ and other dangerous patterns
+  const normalizedPath = path.normalize(userPath);
+  const resolvedPath = path.resolve(allowedBasePath, normalizedPath);
+  // Ensure the resolved path is within the allowed directory
+  if (!resolvedPath.startsWith(path.resolve(allowedBasePath))) {
+    throw new WordPressAPIError('Invalid file path: access denied', 403, 'PATH_TRAVERSAL_ATTEMPT');
+  }
+  return resolvedPath;
+}
+/**
+ * Validates WordPress post status values
+ */
+export function validatePostStatus(status: string): string {
+  const validStatuses = ['publish', 'draft', 'pending', 'private', 'future', 'auto-draft', 'trash'];
+  if (!validStatuses.includes(status)) {
+    throw new WordPressAPIError(
+      `Invalid status: must be one of ${validStatuses.join(', ')}`,
+      400,
+      'INVALID_PARAMETER'
+    );
+  }
+  return status;
+}
+/**
+ * Validates and sanitizes URLs
+ */
+export function validateUrl(url: string, fieldName: string = 'url'): string {
+  try {
+    const urlObj = new URL(url);
+    // Only allow http and https protocols
+    if (!['http:', 'https:'].includes(urlObj.protocol)) {
+      throw new Error('Invalid protocol');
+    }
+    return urlObj.toString();
+  } catch {
+    throw new WordPressAPIError(`Invalid ${fieldName}: must be a valid URL`, 400, 'INVALID_PARAMETER');
+  }
+}
+/**
+ * Validates file size
+ */
+export function validateFileSize(sizeInBytes: number, maxSizeInMB: number = 10): void {
+  const maxSizeInBytes = maxSizeInMB * 1024 * 1024;
+  if (sizeInBytes > maxSizeInBytes) {
+    throw new WordPressAPIError(
+      `File size exceeds maximum allowed size of ${maxSizeInMB}MB`,
+      413,
+      'FILE_TOO_LARGE'
+    );
+  }
+}
+/**
+ * Validates MIME types for file uploads
+ */
+export function validateMimeType(mimeType: string, allowedTypes: string[]): void {
+  if (!allowedTypes.includes(mimeType)) {
+    throw new WordPressAPIError(
+      `Invalid file type: ${mimeType}. Allowed types: ${allowedTypes.join(', ')}`,
+      415,
+      'UNSUPPORTED_MEDIA_TYPE'
+    );
+  }
+}
+/**
+ * Sanitizes HTML content to prevent XSS
+ * Note: This is a basic implementation. For production use,
+ * consider using a library like DOMPurify
+ */
+export function sanitizeHtml(html: string): string {
+  // Remove script tags and their content
+  let sanitized = html.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '');
+  // Remove event handlers
+  sanitized = sanitized.replace(/\s*on\w+\s*=\s*["'][^"']*["']/gi, '');
+  // Remove javascript: protocol
+  sanitized = sanitized.replace(/javascript:/gi, '');
+  // Remove data: protocol (can be used for XSS)
+  sanitized = sanitized.replace(/data:text\/html/gi, '');
+  return sanitized;
+}
+/**
+ * Validates array input
+ */
+export function validateArray<T>(
+  value: any,
+  fieldName: string,
+  minItems: number = 0,
+  maxItems: number = 100
+): T[] {
+  if (!Array.isArray(value)) {
+    throw new WordPressAPIError(`Invalid ${fieldName}: must be an array`, 400, 'INVALID_PARAMETER');
+  }
+  if (value.length < minItems || value.length > maxItems) {
+    throw new WordPressAPIError(
+      `Invalid ${fieldName}: array must contain between ${minItems} and ${maxItems} items`,
+      400,
+      'INVALID_PARAMETER'
+    );
+  }
+  return value;
+}
+/**
+ * Validates email addresses
+ */
+export function validateEmail(email: string): string {
+  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+  if (!emailRegex.test(email)) {
+    throw new WordPressAPIError('Invalid email address format', 400, 'INVALID_PARAMETER');
+  }
+  return email.toLowerCase();
+}
+/**
+ * Validates username format
+ */
+export function validateUsername(username: string): string {
+  // WordPress username rules: alphanumeric, space, underscore, hyphen, period, @ symbol
+  const usernameRegex = /^[a-zA-Z0-9 _.\-@]+$/;
+  if (!usernameRegex.test(username)) {
+    throw new WordPressAPIError(
+      'Invalid username: can only contain letters, numbers, spaces, and _.-@ symbols',
+      400,
+      'INVALID_PARAMETER'
+    );
+  }
+  if (username.length < 3 || username.length > 60) {
+    throw new WordPressAPIError(
+      'Invalid username: must be between 3 and 60 characters',
+      400,
+      'INVALID_PARAMETER'
+    );
+  }
+  return username;
+}
+/**
+ * Rate limiting tracker (simple in-memory implementation)
+ * For production, use Redis or similar
+ */
+class RateLimiter {
+  private attempts: Map<string, { count: number; resetTime: number }> = new Map();
+  constructor(
+    private maxAttempts: number = 5,
+    private windowMs: number = 60000 // 1 minute
+  ) {}
+  check(identifier: string): void {
+    const now = Date.now();
+    const record = this.attempts.get(identifier);
+    if (!record || record.resetTime < now) {
+      this.attempts.set(identifier, { count: 1, resetTime: now + this.windowMs });
+      return;
+    }
+    if (record.count >= this.maxAttempts) {
+      const waitTime = Math.ceil((record.resetTime - now) / 1000);
+      throw new WordPressAPIError(
+        `Rate limit exceeded. Please wait ${waitTime} seconds before trying again.`,
+        429,
+        'RATE_LIMIT_EXCEEDED'
+      );
+    }
+    record.count++;
+  }
+  reset(identifier: string): void {
+    this.attempts.delete(identifier);
+  }
+}
+// Export a default rate limiter for authentication attempts
+export const authRateLimiter = new RateLimiter(5, 300000); // 5 attempts per 5 minutes
+/**
+ * Validates and sanitizes search queries
+ */
+export function validateSearchQuery(query: string): string {
+  // Remove potentially dangerous characters while preserving search functionality
+  let sanitized = query.trim();
+  // Limit length to prevent DoS
+  if (sanitized.length > 200) {
+    sanitized = sanitized.substring(0, 200);
+  }
+  // Remove SQL-like patterns (basic protection)
+  sanitized = sanitized.replace(/(\b(union|select|insert|update|delete|drop|create)\b)/gi, '');
+  // Remove special characters that might be used for injection
+  sanitized = sanitized.replace(/[<>'"`;\\]/g, '');
+  return sanitized;
+}