mcp-wordpress 1.5.2 โ†’ 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (190) hide show
  1. package/README.md +332 -61
  2. package/dist/cache/CacheInvalidation.d.ts.map +1 -1
  3. package/dist/cache/CacheInvalidation.js +4 -4
  4. package/dist/cache/CacheInvalidation.js.map +1 -1
  5. package/dist/client/MockWordPressClient.d.ts +55 -0
  6. package/dist/client/MockWordPressClient.d.ts.map +1 -0
  7. package/dist/client/MockWordPressClient.js +369 -0
  8. package/dist/client/MockWordPressClient.js.map +1 -0
  9. package/dist/client/api.d.ts +1 -0
  10. package/dist/client/api.d.ts.map +1 -1
  11. package/dist/client/api.js +26 -60
  12. package/dist/client/api.js.map +1 -1
  13. package/dist/client/managers/AuthenticationManager.d.ts.map +1 -1
  14. package/dist/client/managers/AuthenticationManager.js +4 -3
  15. package/dist/client/managers/AuthenticationManager.js.map +1 -1
  16. package/dist/config/ConfigurationSchema.d.ts +3 -3
  17. package/dist/config/ConfigurationSchema.d.ts.map +1 -1
  18. package/dist/config/ConfigurationSchema.js +7 -24
  19. package/dist/config/ConfigurationSchema.js.map +1 -1
  20. package/dist/config/ServerConfiguration.d.ts +8 -0
  21. package/dist/config/ServerConfiguration.d.ts.map +1 -1
  22. package/dist/config/ServerConfiguration.js +80 -31
  23. package/dist/config/ServerConfiguration.js.map +1 -1
  24. package/dist/docs/DocumentationGenerator.d.ts.map +1 -1
  25. package/dist/docs/DocumentationGenerator.js +5 -7
  26. package/dist/docs/DocumentationGenerator.js.map +1 -1
  27. package/dist/index.d.ts.map +1 -1
  28. package/dist/index.js +33 -29
  29. package/dist/index.js.map +1 -1
  30. package/dist/security/InputValidator.d.ts.map +1 -1
  31. package/dist/security/InputValidator.js +3 -11
  32. package/dist/security/InputValidator.js.map +1 -1
  33. package/dist/server/ToolRegistry.d.ts +4 -0
  34. package/dist/server/ToolRegistry.d.ts.map +1 -1
  35. package/dist/server/ToolRegistry.js +71 -8
  36. package/dist/server/ToolRegistry.js.map +1 -1
  37. package/dist/tools/auth.d.ts.map +1 -1
  38. package/dist/tools/auth.js +8 -3
  39. package/dist/tools/auth.js.map +1 -1
  40. package/dist/tools/posts.d.ts.map +1 -1
  41. package/dist/tools/posts.js +287 -20
  42. package/dist/tools/posts.js.map +1 -1
  43. package/dist/tools/site.d.ts.map +1 -1
  44. package/dist/tools/site.js +47 -9
  45. package/dist/tools/site.js.map +1 -1
  46. package/dist/tools/users.d.ts.map +1 -1
  47. package/dist/tools/users.js +113 -10
  48. package/dist/tools/users.js.map +1 -1
  49. package/dist/utils/enhancedError.d.ts +61 -0
  50. package/dist/utils/enhancedError.d.ts.map +1 -0
  51. package/dist/utils/enhancedError.js +221 -0
  52. package/dist/utils/enhancedError.js.map +1 -0
  53. package/dist/utils/streaming.d.ts +104 -0
  54. package/dist/utils/streaming.d.ts.map +1 -0
  55. package/dist/utils/streaming.js +312 -0
  56. package/dist/utils/streaming.js.map +1 -0
  57. package/dist/utils/validation.d.ts +19 -3
  58. package/dist/utils/validation.d.ts.map +1 -1
  59. package/dist/utils/validation.js +174 -24
  60. package/dist/utils/validation.js.map +1 -1
  61. package/docs/ARCHITECTURE.md +850 -0
  62. package/docs/CACHING.md +20 -17
  63. package/docs/CONFIGURATION.md +660 -0
  64. package/docs/DOCKER.md +61 -60
  65. package/docs/EVALUATION.md +397 -0
  66. package/docs/INSTALLATION.md +423 -0
  67. package/docs/PERFORMANCE_MONITORING.md +17 -15
  68. package/docs/SECURITY.md +621 -0
  69. package/docs/SECURITY_TESTING.md +22 -26
  70. package/docs/TEST_SITE_SETUP.md +136 -0
  71. package/docs/TROUBLESHOOTING.md +578 -0
  72. package/docs/api/README.md +76 -91
  73. package/docs/api/categories/auth.md +0 -2
  74. package/docs/api/categories/cache.md +0 -2
  75. package/docs/api/categories/comment.md +0 -2
  76. package/docs/api/categories/media.md +0 -2
  77. package/docs/api/categories/page.md +0 -2
  78. package/docs/api/categories/performance.md +0 -2
  79. package/docs/api/categories/post.md +0 -2
  80. package/docs/api/categories/site.md +0 -2
  81. package/docs/api/categories/taxonomy.md +0 -2
  82. package/docs/api/categories/user.md +0 -2
  83. package/docs/api/summary.json +1 -1
  84. package/docs/api/tools/wp_approve_comment.md +11 -3
  85. package/docs/api/tools/wp_cache_clear.md +14 -5
  86. package/docs/api/tools/wp_cache_info.md +14 -5
  87. package/docs/api/tools/wp_cache_stats.md +14 -5
  88. package/docs/api/tools/wp_cache_warm.md +14 -5
  89. package/docs/api/tools/wp_create_application_password.md +11 -3
  90. package/docs/api/tools/wp_create_category.md +11 -3
  91. package/docs/api/tools/wp_create_comment.md +14 -5
  92. package/docs/api/tools/wp_create_page.md +13 -5
  93. package/docs/api/tools/wp_create_post.md +14 -7
  94. package/docs/api/tools/wp_create_tag.md +11 -3
  95. package/docs/api/tools/wp_create_user.md +13 -5
  96. package/docs/api/tools/wp_delete_application_password.md +11 -3
  97. package/docs/api/tools/wp_delete_category.md +11 -3
  98. package/docs/api/tools/wp_delete_comment.md +11 -3
  99. package/docs/api/tools/wp_delete_media.md +10 -3
  100. package/docs/api/tools/wp_delete_page.md +10 -3
  101. package/docs/api/tools/wp_delete_post.md +11 -5
  102. package/docs/api/tools/wp_delete_tag.md +11 -3
  103. package/docs/api/tools/wp_delete_user.md +10 -3
  104. package/docs/api/tools/wp_get_application_passwords.md +11 -3
  105. package/docs/api/tools/wp_get_auth_status.md +11 -3
  106. package/docs/api/tools/wp_get_category.md +11 -3
  107. package/docs/api/tools/wp_get_comment.md +11 -3
  108. package/docs/api/tools/wp_get_current_user.md +11 -3
  109. package/docs/api/tools/wp_get_media.md +11 -3
  110. package/docs/api/tools/wp_get_page.md +11 -3
  111. package/docs/api/tools/wp_get_page_revisions.md +11 -3
  112. package/docs/api/tools/wp_get_post.md +12 -5
  113. package/docs/api/tools/wp_get_post_revisions.md +11 -3
  114. package/docs/api/tools/wp_get_site_settings.md +10 -3
  115. package/docs/api/tools/wp_get_tag.md +11 -3
  116. package/docs/api/tools/wp_get_user.md +11 -3
  117. package/docs/api/tools/wp_list_categories.md +11 -3
  118. package/docs/api/tools/wp_list_comments.md +11 -3
  119. package/docs/api/tools/wp_list_media.md +14 -5
  120. package/docs/api/tools/wp_list_pages.md +14 -5
  121. package/docs/api/tools/wp_list_posts.md +15 -7
  122. package/docs/api/tools/wp_list_tags.md +11 -3
  123. package/docs/api/tools/wp_list_users.md +11 -3
  124. package/docs/api/tools/wp_performance_alerts.md +17 -7
  125. package/docs/api/tools/wp_performance_benchmark.md +17 -7
  126. package/docs/api/tools/wp_performance_export.md +17 -7
  127. package/docs/api/tools/wp_performance_history.md +17 -7
  128. package/docs/api/tools/wp_performance_optimize.md +17 -7
  129. package/docs/api/tools/wp_performance_stats.md +17 -7
  130. package/docs/api/tools/wp_search_site.md +11 -3
  131. package/docs/api/tools/wp_spam_comment.md +11 -3
  132. package/docs/api/tools/wp_switch_auth_method.md +14 -5
  133. package/docs/api/tools/wp_test_auth.md +11 -3
  134. package/docs/api/tools/wp_update_category.md +11 -3
  135. package/docs/api/tools/wp_update_comment.md +14 -5
  136. package/docs/api/tools/wp_update_media.md +14 -5
  137. package/docs/api/tools/wp_update_page.md +13 -5
  138. package/docs/api/tools/wp_update_post.md +14 -7
  139. package/docs/api/tools/wp_update_site_settings.md +14 -5
  140. package/docs/api/tools/wp_update_tag.md +11 -3
  141. package/docs/api/tools/wp_update_user.md +13 -5
  142. package/docs/api/tools/wp_upload_media.md +13 -5
  143. package/docs/api/types/WordPressPost.md +2 -0
  144. package/docs/code-improvements.md +40 -0
  145. package/docs/contract-testing.md +1 -1
  146. package/docs/developer/API_REFERENCE.md +19 -59
  147. package/docs/developer/ARCHITECTURE.md +8 -11
  148. package/docs/developer/BUILD_SYSTEM.md +2 -2
  149. package/docs/developer/CONTRIBUTING.md +3 -5
  150. package/docs/developer/GITHUB_ACTIONS_SETUP.md +2 -2
  151. package/docs/developer/MIGRATION_GUIDE.md +5 -6
  152. package/docs/developer/README.md +2 -1
  153. package/docs/developer/REFACTORING.md +9 -15
  154. package/docs/developer/RELEASE_PROCESS.md +4 -3
  155. package/docs/developer/TESTING.md +2 -2
  156. package/docs/examples/claude-desktop-config.md +8 -0
  157. package/docs/integrations/claude-desktop.md +426 -0
  158. package/docs/integrations/cline.md +537 -0
  159. package/docs/integrations/vs-code.md +515 -0
  160. package/docs/releases/COMMUNITY_ANNOUNCEMENT_v1.1.2.md +30 -23
  161. package/docs/releases/RELEASE_NOTES_v1.1.2.md +7 -6
  162. package/docs/testing-configurations.md +11 -0
  163. package/docs/user-guides/DOCKER_NPM_DTX_SETUP.md +3 -2
  164. package/docs/user-guides/DOCKER_SETUP.md +3 -2
  165. package/docs/user-guides/DTX_SETUP.md +6 -5
  166. package/docs/user-guides/DXT_INSTALLATION.md +4 -4
  167. package/docs/user-guides/NPM_SETUP.md +4 -2
  168. package/docs/user-guides/NPX_SETUP.md +4 -2
  169. package/docs/user-guides/SMITHERY_SETUP.md +402 -0
  170. package/docs/wordpress-rest-api-authentication-troubleshooting.md +45 -42
  171. package/package.json +12 -2
  172. package/src/cache/CacheInvalidation.ts +7 -18
  173. package/src/client/MockWordPressClient.ts +398 -0
  174. package/src/client/api.ts +77 -237
  175. package/src/client/managers/AuthenticationManager.ts +19 -56
  176. package/src/config/ConfigurationSchema.ts +14 -45
  177. package/src/config/ServerConfiguration.ts +98 -71
  178. package/src/docs/DocumentationGenerator.ts +39 -123
  179. package/src/dxt-entry.cjs +4 -1
  180. package/src/index.ts +35 -54
  181. package/src/security/InputValidator.ts +15 -57
  182. package/src/server/ToolRegistry.ts +88 -17
  183. package/src/tools/auth.ts +15 -22
  184. package/src/tools/posts.ts +347 -64
  185. package/src/tools/site.ts +69 -46
  186. package/src/tools/users.ts +142 -44
  187. package/src/utils/enhancedError.ts +248 -0
  188. package/src/utils/streaming.ts +428 -0
  189. package/src/utils/validation.ts +253 -92
  190. package/dist/mcp-wordpress-1.5.2.tgz +0 -0
package/docs/SECURITY_TESTING.md CHANGED
@@ -40,20 +40,20 @@ This guide covers the comprehensive security testing and validation framework im
40
40
  // Safe string validation (XSS protection)
41
41
  SecuritySchemas.safeString
42
42
  .max(10000)
43
- .refine(val => !SCRIPT_PATTERN.test(val))
44
- .refine(val => !val.includes('javascript:'))
43
+ .refine((val) => !SCRIPT_PATTERN.test(val))
44
+ .refine((val) => !val.includes("javascript:"));
45
45
 
46
46
  // URL validation
47
47
  SecuritySchemas.url
48
48
  .url()
49
49
  .regex(URL_PATTERN)
50
- .refine(val => !val.includes('javascript:'))
50
+ .refine((val) => !val.includes("javascript:"));
51
51
 
52
52
  // Search query validation (SQL injection protection)
53
53
  SecuritySchemas.searchQuery
54
54
  .max(500)
55
- .refine(val => !SQL_INJECTION_PATTERN.test(val))
56
- .refine(val => !val.includes('--'))
55
+ .refine((val) => !SQL_INJECTION_PATTERN.test(val))
56
+ .refine((val) => !val.includes("--"));
57
57
  ```
58
58
 
59
59
  ### Tool-Specific Schemas
@@ -64,14 +64,14 @@ ToolSchemas.postData = z.object({
64
64
  site: SecuritySchemas.siteId.optional(),
65
65
  title: SecuritySchemas.safeString.optional(),
66
66
  content: SecuritySchemas.wpContent.optional(),
67
- status: z.enum(['publish', 'draft', 'private', 'pending']).optional()
67
+ status: z.enum(["publish", "draft", "private", "pending"]).optional(),
68
68
  });
69
69
 
70
70
  // User management validation
71
71
  ToolSchemas.userData = z.object({
72
72
  username: SecuritySchemas.slug,
73
73
  email: SecuritySchemas.email,
74
- password: SecuritySchemas.safeString.optional()
74
+ password: SecuritySchemas.safeString.optional(),
75
75
  });
76
76
  ```
77
77
 
@@ -94,7 +94,7 @@ npm test tests/security/security-validation.test.js -- --grep "XSS"
94
94
  **Example Test:**
95
95
 
96
96
  ```javascript
97
- test('should reject script tags in safe strings', () => {
97
+ test("should reject script tags in safe strings", () => {
98
98
  const maliciousInput = 'Hello <script>alert("XSS")</script> World';
99
99
  expect(() => SecuritySchemas.safeString.parse(maliciousInput)).toThrow();
100
100
  });
@@ -117,14 +117,10 @@ npm test tests/security/security-validation.test.js -- --grep "SQL"
117
117
  **Example Test:**
118
118
 
119
119
  ```javascript
120
- test('should reject SQL injection patterns', () => {
121
- const maliciousQueries = [
122
- "'; DROP TABLE wp_posts; --",
123
- "1' OR '1'='1",
124
- "admin'--"
125
- ];
126
-
127
- maliciousQueries.forEach(query => {
120
+ test("should reject SQL injection patterns", () => {
121
+ const maliciousQueries = ["'; DROP TABLE wp_posts; --", "1' OR '1'='1", "admin'--"];
122
+
123
+ maliciousQueries.forEach((query) => {
128
124
  expect(() => SecuritySchemas.searchQuery.parse(query)).toThrow();
129
125
  });
130
126
  });
@@ -164,10 +160,10 @@ npm test tests/security/penetration-tests.test.js
164
160
  1. **Import Security Framework:**
165
161
 
166
162
  ```typescript
167
- import { validateSecurity, ToolSchemas } from '../security/InputValidator.js';
163
+ import { validateSecurity, ToolSchemas } from "../security/InputValidator.js";
168
164
  ```
169
165
 
170
- 2. **Apply Validation Decorator:**
166
+ 1. **Apply Validation Decorator:**
171
167
 
172
168
  ```typescript
173
169
  export class MyTools {
@@ -178,7 +174,7 @@ export class MyTools {
178
174
  }
179
175
  ```
180
176
 
181
- 3. **Custom Validation Schema:**
177
+ 1. **Custom Validation Schema:**
182
178
 
183
179
  ```typescript
184
180
  const customSchema = z.object({
@@ -195,7 +191,7 @@ async customTool(params: any) {
195
191
  ### Manual Input Sanitization
196
192
 
197
193
  ```typescript
198
- import { InputSanitizer } from '../security/InputValidator.js';
194
+ import { InputSanitizer } from "../security/InputValidator.js";
199
195
 
200
196
  // Sanitize HTML content
201
197
  const safeHtml = InputSanitizer.sanitizeHtml(userInput);
@@ -210,15 +206,15 @@ const safeOutput = InputSanitizer.encodeOutput(userContent);
210
206
  ### Rate Limiting Integration
211
207
 
212
208
  ```typescript
213
- import { SecurityLimiter } from '../security/InputValidator.js';
209
+ import { SecurityLimiter } from "../security/InputValidator.js";
214
210
 
215
211
  async function toolMethod(params: any) {
216
- const userId = params.userId || 'anonymous';
217
-
212
+ const userId = params.userId || "anonymous";
213
+
218
214
  if (!SecurityLimiter.checkRateLimit(userId)) {
219
- throw new Error('Rate limit exceeded. Please try again later.');
215
+ throw new Error("Rate limit exceeded. Please try again later.");
220
216
  }
221
-
217
+
222
218
  // Continue with tool logic
223
219
  }
224
220
  ```
@@ -277,7 +273,7 @@ Security validation errors are automatically logged:
277
273
  ```typescript
278
274
  {
279
275
  timestamp: "2024-01-01T00:00:00.000Z",
280
- level: "warning",
276
+ level: "warning",
281
277
  event: "rate_limit_exceeded",
282
278
  userId: "user123",
283
279
  requestCount: 1001,
package/docs/TEST_SITE_SETUP.md ADDED
@@ -0,0 +1,136 @@
1
+ # WordPress Test Site Setup Guide
2
+
3
+ For comprehensive mcp-evals testing, set up a dedicated WordPress test site.
4
+
5
+ ## ๐ŸŽฏ **Recommended Approach**
6
+
7
+ ### Option 1: WordPress.com Test Site (Easiest)
8
+
9
+ 1. **Create Account**: Go to [WordPress.com](https://wordpress.com)
10
+ 2. **Create Site**: Choose "Start with a free site"
11
+ 3. **Site URL**: Something like `your-test-site.wordpress.com`
12
+ 4. **Enable REST API**: Should be enabled by default
13
+
14
+ ### Option 2: Local WordPress (Most Control)
15
+
16
+ ```bash
17
+ # Using WordPress CLI
18
+ wp core download
19
+ wp config create --dbname=wordpress_test --dbuser=root --dbpass=password
20
+ wp core install --url=http://localhost:8080 --title="Test Site" --admin_user=admin --admin_password=password --admin_email=test@example.com
21
+
22
+ # Or using Docker
23
+ docker run -d -p 8080:80 -e WORDPRESS_DB_HOST=mysql -e WORDPRESS_DB_NAME=wordpress --name wordpress wordpress:latest
24
+ ```
25
+
26
+ ### Option 3: Staging Environment
27
+
28
+ Use your existing hosting provider's staging environment if available.
29
+
30
+ ## ๐Ÿ” **Application Password Setup**
31
+
32
+ 1. **Log into WordPress Admin**
33
+ 2. **Go to Users โ†’ Profile**
34
+ 3. **Scroll to Application Passwords**
35
+ 4. **Add New Password**:
36
+ - Name: `MCP Evaluations`
37
+ - Click "Add New Application Password"
38
+ 5. **Copy Password**: Format like `AbCd EfGh IjKl MnOp QrSt UvWx`
39
+
40
+ ## ๐Ÿ“ **Test Data Creation**
41
+
42
+ For comprehensive testing, create sample content:
43
+
44
+ ```bash
45
+ # Sample posts
46
+ wp post create --post_type=post --post_title="Test Post 1" --post_content="Content for testing" --post_status=publish
47
+ wp post create --post_type=post --post_title="Test Post 2" --post_content="More test content" --post_status=draft
48
+
49
+ # Sample pages
50
+ wp post create --post_type=page --post_title="Test Page" --post_content="Page content" --post_status=publish
51
+
52
+ # Sample users
53
+ wp user create testuser test@example.com --role=author --user_pass=testpass123
54
+
55
+ # Sample categories
56
+ wp term create category "Test Category" --slug=test-category
57
+ ```
58
+
59
+ ## ๐Ÿงช **Testing Permissions**
60
+
61
+ Ensure your test user has appropriate permissions:
62
+
63
+ - **Administrator**: Full access to all tools
64
+ - **Editor**: Posts, pages, comments, media
65
+ - **Author**: Own posts and media only
66
+
67
+ ## ๐Ÿ”ง **Configuration Examples**
68
+
69
+ ### GitHub Secrets
70
+
71
+ ```bash
72
+ TEST_WORDPRESS_URL=https://your-test-site.wordpress.com
73
+ TEST_WORDPRESS_USER=admin
74
+ TEST_WORDPRESS_PASSWORD=AbCd EfGh IjKl MnOp QrSt UvWx
75
+ ```
76
+
77
+ ### Local .env.evaluation
78
+
79
+ ```bash
80
+ TEST_WORDPRESS_URL=http://localhost:8080
81
+ TEST_WORDPRESS_USER=admin
82
+ TEST_WORDPRESS_PASSWORD=AbCd EfGh IjKl MnOp QrSt UvWx
83
+ ```
84
+
85
+ ### mcp-wordpress.config.json
86
+
87
+ ```json
88
+ {
89
+ "sites": [
90
+ {
91
+ "id": "test-site",
92
+ "name": "Evaluation Test Site",
93
+ "config": {
94
+ "WORDPRESS_SITE_URL": "https://your-test-site.wordpress.com",
95
+ "WORDPRESS_USERNAME": "admin",
96
+ "WORDPRESS_APP_PASSWORD": "AbCd EfGh IjKl MnOp QrSt UvWx"
97
+ }
98
+ }
99
+ ]
100
+ }
101
+ ```
102
+
103
+ ## โš ๏ธ **Security Considerations**
104
+
105
+ 1. **Separate Test Site**: Never use production sites for testing
106
+ 2. **Limited Permissions**: Use minimal required permissions
107
+ 3. **Temporary Content**: Test content should be disposable
108
+ 4. **Network Security**: Ensure test sites are properly secured
109
+ 5. **Credential Rotation**: Regularly rotate test credentials
110
+
111
+ ## ๐Ÿš€ **Testing Commands**
112
+
113
+ ```bash
114
+ # Test with existing sites
115
+ npm run eval:quick
116
+
117
+ # Test with specific configuration
118
+ npx mcp-eval evaluations/config/existing-sites-eval.yaml dist/index.js
119
+
120
+ # Test connection only
121
+ npm run status
122
+ ```
123
+
124
+ ## ๐Ÿ“Š **Expected Results**
125
+
126
+ A properly configured test site should:
127
+
128
+ - โœ… Connect successfully via REST API
129
+ - โœ… Allow tool operations based on user permissions
130
+ - โœ… Return consistent, predictable results
131
+ - โœ… Handle errors gracefully
132
+ - โœ… Support all MCP WordPress tools
133
+
134
+ ---
135
+
136
+ **Ready to test?** Choose your preferred setup method and configure the credentials accordingly!