mcp-wordpress 1.2.2 → 1.3.0

package/docs/PERFORMANCE_MONITORING.md

@@ -13,6 +13,7 @@ The performance monitoring system consists of three main components:
 ## 🚀 Key Features
 
 ### Real-Time Monitoring
+
 - **Response Time Tracking**: Monitor API response times with percentile analysis (P50, P95, P99)
 - **Error Rate Monitoring**: Track success/failure rates across all operations
 - **Cache Performance**: Monitor cache hit rates, memory usage, and efficiency
@@ -20,12 +21,14 @@ The performance monitoring system consists of three main components:
 - **Tool Usage Analytics**: Monitor which MCP tools are used most frequently
 
 ### Historical Analysis
+
 - **Performance Trends**: Analyze performance changes over time
 - **Predictive Analytics**: Forecast future performance based on historical data
 - **Anomaly Detection**: Automatically detect unusual performance patterns
 - **Benchmark Comparisons**: Compare against industry standards
 
 ### Intelligent Insights
+
 - **Optimization Recommendations**: Get actionable suggestions for performance improvements
 - **ROI Estimates**: Understand the impact of potential optimizations
 - **Alert System**: Receive notifications for performance issues
@@ -36,6 +39,7 @@ The performance monitoring system consists of three main components:
 The system provides 6 new MCP tools for performance management:
 
 ### 1. `wp_performance_stats`
+
 Get real-time performance statistics and metrics.
 
 ```bash
@@ -50,11 +54,13 @@ wp_performance_stats --site=site1 --category=all
 ```
 
 **Parameters:**
+
 - `site` (optional): Specific site ID for multi-site setups
 - `category`: `overview`, `requests`, `cache`, `system`, `tools`, `all` (default: `overview`)
 - `format`: `summary`, `detailed`, `raw` (default: `summary`)
 
 **Example Output:**
+
 ```json
 {
   "success": true,
@@ -73,6 +79,7 @@ wp_performance_stats --site=site1 --category=all
 ```
 
 ### 2. `wp_performance_history`
+
 Get historical performance data and trend analysis.
 
 ```bash
@@ -87,12 +94,14 @@ wp_performance_history --timeframe=6h --includeTrends=true
 ```
 
 **Parameters:**
+
 - `site` (optional): Specific site ID
 - `timeframe`: `1h`, `6h`, `12h`, `24h`, `7d` (default: `24h`)
 - `metrics`: Array of specific metrics to include
 - `includeTrends`: Include trend analysis (default: `true`)
 
 ### 3. `wp_performance_benchmark`
+
 Compare current performance against industry benchmarks.
 
 ```bash
@@ -104,11 +113,13 @@ wp_performance_benchmark --category=response_time --includeRecommendations=true
 ```
 
 **Parameters:**
+
 - `site` (optional): Specific site ID
 - `category`: `response_time`, `cache_performance`, `error_rate`, `system_resources`, `all`
 - `includeRecommendations`: Include improvement suggestions (default: `true`)
 
 **Example Output:**
+
 ```json
 {
   "benchmarks": [
@@ -131,6 +142,7 @@ wp_performance_benchmark --category=response_time --includeRecommendations=true
 ```
 
 ### 4. `wp_performance_alerts`
+
 Get performance alerts and anomaly detection results.
 
 ```bash
@@ -145,6 +157,7 @@ wp_performance_alerts --category=cache --includeAnomalies=true
 ```
 
 **Parameters:**
+
 - `site` (optional): Specific site ID
 - `severity`: `info`, `warning`, `error`, `critical`
 - `category`: `performance`, `cache`, `system`, `wordpress`
@@ -152,6 +165,7 @@ wp_performance_alerts --category=cache --includeAnomalies=true
 - `includeAnomalies`: Include detected anomalies (default: `true`)
 
 ### 5. `wp_performance_optimize`
+
 Get optimization recommendations and insights.
 
 ```bash
@@ -166,6 +180,7 @@ wp_performance_optimize --priority=all --includePredictions=true
 ```
 
 **Parameters:**
+
 - `site` (optional): Specific site ID
 - `focus`: `speed`, `reliability`, `efficiency`, `scaling` (default: `speed`)
 - `priority`: `quick_wins`, `medium_term`, `long_term`, `all` (default: `all`)
@@ -173,6 +188,7 @@ wp_performance_optimize --priority=all --includePredictions=true
 - `includePredictions`: Include performance predictions (default: `true`)
 
 **Example Output:**
+
 ```json
 {
   "recommendations": [
@@ -195,6 +211,7 @@ wp_performance_optimize --priority=all --includePredictions=true
 ```
 
 ### 6. `wp_performance_export`
+
 Export comprehensive performance report.
 
 ```bash
@@ -209,6 +226,7 @@ wp_performance_export --format=summary --includeAnalytics=true
 ```
 
 **Parameters:**
+
 - `site` (optional): Specific site ID
 - `format`: `json`, `csv`, `summary` (default: `json`)
 - `includeHistorical`: Include historical data (default: `true`)
@@ -218,12 +236,14 @@ wp_performance_export --format=summary --includeAnalytics=true
 ## 📊 Performance Metrics
 
 ### Response Time Metrics
+
 - **Average Response Time**: Mean response time across all requests
 - **Percentiles**: P50 (median), P95, P99 response times
 - **Min/Max**: Fastest and slowest response times
 - **Requests Per Second**: Request throughput rate
 
 ### Cache Performance Metrics
+
 - **Hit Rate**: Percentage of requests served from cache
 - **Cache Size**: Number of cached entries
 - **Memory Usage**: Estimated memory consumption
@@ -231,12 +251,14 @@ wp_performance_export --format=summary --includeAnalytics=true
 - **Cache Efficiency**: Overall cache performance rating
 
 ### System Metrics
+
 - **Memory Usage**: Current memory consumption percentage
 - **CPU Usage**: Estimated CPU utilization
 - **Uptime**: System operational time
 - **Active Connections**: Number of concurrent connections
 
 ### Tool Usage Metrics
+
 - **Most Used Tool**: Tool with highest usage count
 - **Tool Performance**: Response times and success rates per tool
 - **Usage Distribution**: Frequency of tool usage
@@ -244,6 +266,7 @@ wp_performance_export --format=summary --includeAnalytics=true
 ## 🔍 Performance Analysis
 
 ### Trend Analysis
+
 The system automatically analyzes performance trends using linear regression:
 
 - **Direction**: `improving`, `declining`, or `stable`
@@ -252,6 +275,7 @@ The system automatically analyzes performance trends using linear regression:
 - **Predictions**: Forecasted future values
 
 ### Anomaly Detection
+
 Automatic detection of unusual performance patterns:
 
 - **Z-Score Analysis**: Statistical deviation from normal patterns
@@ -260,6 +284,7 @@ Automatic detection of unusual performance patterns:
 - **Possible Causes**: AI-generated suggestions for anomaly causes
 
 ### Benchmark Comparisons
+
 Compare against industry standards:
 
 - **Response Time**: `<200ms` (excellent), `200-500ms` (good), `500ms-1s` (average)
@@ -272,16 +297,19 @@ Compare against industry standards:
 The performance monitoring system is deeply integrated with the intelligent caching system:
 
 ### Automatic Cache Metrics
+
 - **Real-time cache statistics** from all registered cache managers
 - **Site-specific cache isolation** for multi-site installations
 - **Cache efficiency calculations** with performance impact analysis
 
 ### Cache Performance Insights
+
 - **Cache warming recommendations** based on usage patterns
 - **TTL optimization suggestions** for different data types
 - **Memory optimization** recommendations
 
 ### Cache Management Integration
+
 - Performance monitoring **automatically registers** with cache managers
 - **Request interception** for transparent performance tracking
 - **Cache invalidation tracking** for data consistency monitoring
@@ -289,12 +317,14 @@ The performance monitoring system is deeply integrated with the intelligent cach
 ## 🚨 Alert System
 
 ### Alert Types
+
 - **Performance Degradation**: Response times exceeding thresholds
 - **Error Rate Spikes**: Increased failure rates
 - **Cache Performance Issues**: Low hit rates or high memory usage
 - **System Resource Warnings**: High memory or CPU usage
 
 ### Alert Configuration
+
 Configure alert thresholds in your monitoring setup:
 
 ```javascript
@@ -310,6 +340,7 @@ const monitor = new PerformanceMonitor({
 ```
 
 ### Alert Severity Levels
+
 - **🔴 Critical**: Immediate attention required
 - **🟠 Error**: Significant performance impact
 - **🟡 Warning**: Performance degradation detected
@@ -318,31 +349,37 @@ const monitor = new PerformanceMonitor({
 ## 📈 Optimization Workflow
 
 ### 1. Monitor Current Performance
+
 ```bash
 wp_performance_stats --format=detailed
 ```
 
 ### 2. Analyze Historical Trends
+
 ```bash
 wp_performance_history --timeframe=7d --includeTrends=true
 ```
 
 ### 3. Compare Against Benchmarks
+
 ```bash
 wp_performance_benchmark --includeRecommendations=true
 ```
 
 ### 4. Check for Alerts and Anomalies
+
 ```bash
 wp_performance_alerts --includeAnomalies=true
 ```
 
 ### 5. Get Optimization Recommendations
+
 ```bash
 wp_performance_optimize --focus=speed --includeROI=true
 ```
 
 ### 6. Export Comprehensive Report
+
 ```bash
 wp_performance_export --format=json --includeAnalytics=true
 ```
@@ -350,6 +387,7 @@ wp_performance_export --format=json --includeAnalytics=true
 ## 🔧 Configuration
 
 ### Performance Monitor Configuration
+
 ```javascript
 const config = {
   collectInterval: 30000,           // 30 seconds
@@ -368,6 +406,7 @@ const config = {
 ```
 
 ### Metrics Collector Configuration
+
 ```javascript
 const config = {
   enableRealTime: true,
@@ -380,6 +419,7 @@ const config = {
 ```
 
 ### Analytics Configuration
+
 ```javascript
 const config = {
   enablePredictiveAnalysis: true,
@@ -393,21 +433,25 @@ const config = {
 ## 🎯 Best Practices
 
 ### 1. Regular Monitoring
+
 - Check performance stats daily with `wp_performance_stats`
 - Review weekly trends with `wp_performance_history --timeframe=7d`
 - Monitor alerts regularly with `wp_performance_alerts`
 
 ### 2. Proactive Optimization
+
 - Implement quick wins from `wp_performance_optimize --priority=quick_wins`
 - Address critical alerts immediately
 - Follow benchmark recommendations
 
 ### 3. Data-Driven Decisions
+
 - Use historical data to identify patterns
 - Compare before/after optimization results
 - Export reports for stakeholder communication
 
 ### 4. Multi-Site Management
+
 - Monitor each site individually
 - Compare performance across sites
 - Implement site-specific optimizations
@@ -417,6 +461,7 @@ const config = {
 ### Common Issues
 
 **1. High Response Times**
+
 ```bash
 # Check current performance
 wp_performance_stats --category=requests
@@ -426,6 +471,7 @@ wp_performance_optimize --focus=speed
 ```
 
 **2. Low Cache Hit Rates**
+
 ```bash
 # Check cache performance
 wp_performance_stats --category=cache
@@ -435,6 +481,7 @@ wp_performance_optimize --focus=efficiency
 ```
 
 **3. System Resource Issues**
+
 ```bash
 # Check system metrics
 wp_performance_stats --category=system
@@ -444,6 +491,7 @@ wp_performance_optimize --focus=scaling
 ```
 
 ### Performance Debugging
+
 1. **Enable detailed logging** in development environments
 2. **Use benchmark comparisons** to identify problem areas
 3. **Monitor trends** to catch performance degradation early
@@ -468,4 +516,4 @@ To contribute to the performance monitoring system:
 
 ---
 
-**🚀 The performance monitoring system helps you maintain optimal WordPress MCP server performance with real-time insights, intelligent analysis, and actionable recommendations.**
+**🚀 The performance monitoring system helps you maintain optimal WordPress MCP server performance with real-time insights, intelligent analysis, and actionable recommendations.**

package/docs/SECURITY_TESTING.md

@@ -84,6 +84,7 @@ npm test tests/security/security-validation.test.js -- --grep "XSS"
 ```
 
 **Covered Attack Vectors:**
+
 - Script tag injection
 - Event handler injection
 - JavaScript URL schemes
@@ -91,6 +92,7 @@ npm test tests/security/security-validation.test.js -- --grep "XSS"
 - HTML entity encoding
 
 **Example Test:**
+
 ```javascript
 test('should reject script tags in safe strings', () => {
   const maliciousInput = 'Hello <script>alert("XSS")</script> World';
@@ -105,6 +107,7 @@ npm test tests/security/security-validation.test.js -- --grep "SQL"
 ```
 
 **Covered Attack Vectors:**
+
 - Union-based injection
 - Boolean-based blind injection
 - Time-based blind injection
@@ -112,6 +115,7 @@ npm test tests/security/security-validation.test.js -- --grep "SQL"
 - Comment-based injection
 
 **Example Test:**
+
 ```javascript
 test('should reject SQL injection patterns', () => {
   const maliciousQueries = [
@@ -133,6 +137,7 @@ npm test tests/security/security-validation.test.js -- --grep "Path"
 ```
 
 **Covered Attack Vectors:**
+
 - Directory traversal (../)
 - Encoded path traversal
 - Windows path traversal (..\\)
@@ -145,6 +150,7 @@ npm test tests/security/penetration-tests.test.js
 ```
 
 **Comprehensive Attack Simulation:**
+
 - Command injection attempts
 - Authentication bypass
 - Header injection
@@ -156,11 +162,13 @@ npm test tests/security/penetration-tests.test.js
 ### Adding Security to New Tools
 
 1. **Import Security Framework:**
+
 ```typescript
 import { validateSecurity, ToolSchemas } from '../security/InputValidator.js';
 ```
 
 2. **Apply Validation Decorator:**
+
 ```typescript
 export class MyTools {
   @validateSecurity(ToolSchemas.postData)
@@ -171,6 +179,7 @@ export class MyTools {
 ```
 
 3. **Custom Validation Schema:**
+
 ```typescript
 const customSchema = z.object({
   customField: SecuritySchemas.safeString,
@@ -217,11 +226,13 @@ async function toolMethod(params: any) {
 ## 🚨 Security Testing Commands
 
 ### Run All Security Tests
+
 ```bash
 npm run test:security
 ```
 
 ### Run Specific Security Test Categories
+
 ```bash
 # Input validation tests
 npm test tests/security/security-validation.test.js
@@ -237,6 +248,7 @@ npm test -- --grep "SQL"
 ```
 
 ### Security Test Coverage
+
 ```bash
 npm run test:coverage -- tests/security/
 ```
@@ -244,6 +256,7 @@ npm run test:coverage -- tests/security/
 ## 📊 Security Monitoring
 
 ### Error Logging
+
 Security validation errors are automatically logged:
 
 ```typescript
@@ -260,6 +273,7 @@ Security validation errors are automatically logged:
 ```
 
 ### Rate Limiting Monitoring
+
 ```typescript
 {
   timestamp: "2024-01-01T00:00:00.000Z",
@@ -274,6 +288,7 @@ Security validation errors are automatically logged:
 ## 🔍 Security Audit Checklist
 
 ### ✅ Input Validation
+
 - [ ] All user inputs validated with Zod schemas
 - [ ] XSS protection on all text fields
 - [ ] SQL injection protection on search/query fields
@@ -281,24 +296,28 @@ Security validation errors are automatically logged:
 - [ ] Length limits enforced on all inputs
 
 ### ✅ Output Encoding
+
 - [ ] HTML entities encoded in output
 - [ ] JSON responses properly escaped
 - [ ] Error messages sanitized
 - [ ] Log entries do not contain sensitive data
 
 ### ✅ Authentication & Authorization
+
 - [ ] Rate limiting implemented
 - [ ] Secure password handling
 - [ ] Session management (if applicable)
 - [ ] Permission checks on all operations
 
 ### ✅ Error Handling
+
 - [ ] Sensitive information not exposed in errors
 - [ ] Consistent error response format
 - [ ] Proper logging without data leakage
 - [ ] Graceful handling of edge cases
 
 ### ✅ File Operations
+
 - [ ] Upload restrictions enforced
 - [ ] File type validation
 - [ ] Size limits implemented
@@ -307,6 +326,7 @@ Security validation errors are automatically logged:
 ## 🛠️ Security Tools Integration
 
 ### ESLint Security Rules
+
 ```javascript
 {
   "extends": ["plugin:security/recommended"],
@@ -319,6 +339,7 @@ Security validation errors are automatically logged:
 ```
 
 ### Automated Security Scanning
+
 ```bash
 # Add to package.json
 {
@@ -331,6 +352,7 @@ Security validation errors are automatically logged:
 ```
 
 ### CI/CD Security Pipeline
+
 ```yaml
 # GitHub Actions workflow
 - name: Security Audit
@@ -343,18 +365,21 @@ Security validation errors are automatically logged:
 ## 📚 Best Practices
 
 ### Input Validation Best Practices
+
 1. **Validate Early**: Check inputs at the entry point
 2. **Use Allow Lists**: Define what is allowed, not what is blocked
 3. **Sanitize and Validate**: Both sanitize and validate inputs
 4. **Fail Securely**: Default to rejecting invalid input
 
 ### Error Handling Best Practices
+
 1. **Generic Error Messages**: Don't expose implementation details
 2. **Log Detailed Errors**: Log full details for debugging (securely)
 3. **Rate Limit Errors**: Prevent information gathering
 4. **Sanitize Stack Traces**: Remove sensitive information
 
 ### Security Testing Best Practices
+
 1. **Test All Input Vectors**: Every parameter that accepts user input
 2. **Use Real Attack Payloads**: Test with actual malicious inputs
 3. **Automate Security Tests**: Include in CI/CD pipeline
@@ -363,12 +388,14 @@ Security validation errors are automatically logged:
 ## 🚀 Continuous Security
 
 ### Regular Security Updates
+
 - Monthly dependency audits
 - Quarterly penetration testing
 - Annual security architecture review
 - Continuous monitoring and alerting
 
 ### Security Metrics
+
 - Number of blocked malicious requests
 - Rate limiting effectiveness
 - Input validation error rates
@@ -377,12 +404,14 @@ Security validation errors are automatically logged:
 ## 📞 Security Incident Response
 
 ### If You Discover a Vulnerability
+
 1. **Do Not** create a public issue
 2. **Do** email security concerns privately
 3. **Include** steps to reproduce
 4. **Provide** impact assessment if possible
 
 ### Response Timeline
+
 - **24 hours**: Initial acknowledgment
 - **72 hours**: Preliminary assessment
 - **7 days**: Fix development and testing
@@ -390,4 +419,4 @@ Security validation errors are automatically logged:
 
 ---
 
-**🔒 Security is a shared responsibility - implement, test, and monitor continuously!**
+**🔒 Security is a shared responsibility - implement, test, and monitor continuously!**

package/docs/api/README.md

@@ -11,12 +11,20 @@
 
 The WordPress MCP Server provides **59 tools** across **10 categories** for comprehensive WordPress management through the Model Context Protocol.
 
-**Last Updated:** 30.6.2025  
+**Last Updated:** 3.7.2025  
 **Version:** 1.2.0  
 **Coverage:** 59/59 tools with examples
 
 ## Quick Start
 
+**First, install and configure the MCP WordPress server:**
+
+📖 **Setup Guides:**
+- **[NPX Setup](../user-guides/NPX_SETUP.md)** - Zero installation method (recommended)
+- **[NPM Setup](../user-guides/NPM_SETUP.md)** - Local development
+- **[Docker Setup](../user-guides/DOCKER_SETUP.md)** - Containerized deployment
+- **[DTX Setup](../user-guides/DTX_SETUP.md)** - Desktop Extension package
+
 ### Basic Usage
 ```bash
 # List all posts

package/docs/api/summary.json

@@ -2,7 +2,7 @@
   "totalTools": 59,
   "totalCategories": 10,
   "totalTypes": 1,
-  "lastUpdated": "2025-06-29T22:22:37.534Z",
+  "lastUpdated": "2025-07-03T17:22:44.406Z",
   "version": "1.2.0",
   "coverage": {
     "toolsWithExamples": 59,