mcp-wordpress 2.10.0 → 2.10.2

package/docs/DOCKER_PUBLISHING_TROUBLESHOOTING.md

@@ -1,20 +1,24 @@
 # Docker Publishing Troubleshooting Guide
 
-This guide helps resolve Docker Hub publishing failures and provides tools for manual intervention when the automated release process encounters issues.
+This guide helps resolve Docker Hub publishing failures and provides tools for manual intervention when the automated
+release process encounters issues.
 
 ## 🚨 Current Status - Multiple Missing Versions
 
 **Investigation Results:**
+
 - NPM Publishing: ✅ All versions available (2.0.4, 2.1.0, 2.2.0, 2.3.0)
 - Docker Hub Publishing: ❌ Multiple versions missing since v2.0.4
 
 **Missing Docker Hub Versions:**
+
 - v2.0.4 (original issue)
 - v2.1.0, v2.2.0, v2.3.0 (subsequent failures)
 
 **Root Cause:** Systemic Docker publishing failure in release workflow since v2.0.4 release.
 
 **Available Versions on Docker Hub:**
+
 - ✅ v2.0.0, v2.0.1, v2.0.2, v2.0.3 (working)
 - ❌ v2.0.4, v2.1.0, v2.2.0, v2.3.0 (missing)
 
@@ -36,11 +40,13 @@ done
 ### Missing Docker Hub Versions
 
 **Symptoms:**
+
 - NPM publishing succeeds but Docker Hub fails
 - Verification workflow reports missing versions
 - GitHub releases exist but corresponding Docker images are absent
 
 **Root Causes:**
+
 - Docker Hub API rate limiting
 - Network timeouts during multi-platform builds
 - Docker registry authentication issues
@@ -175,6 +181,7 @@ The release workflow now includes:
 ### Image Integrity
 
 All published images include:
+
 - **Provenance**: Build attestation data
 - **SBOM**: Software Bill of Materials
 - **Signatures**: Cryptographic verification
@@ -208,6 +215,7 @@ curl -s https://hub.docker.com/v2/repositories/docdyhr/mcp-wordpress/tags | \
 If all automated methods fail:
 
 1. **Manual Docker Build:**
+
    ```bash
    git checkout v2.0.4
    docker buildx build --platform linux/amd64,linux/arm64 \
@@ -217,6 +225,7 @@ If all automated methods fail:
    ```
 
 2. **Contact Repository Maintainer:**
+
    - Create detailed issue with error logs
    - Include attempted resolution steps
    - Mention urgency level and impact
@@ -230,4 +239,4 @@ If all automated methods fail:
 
 - **GitHub Issues**: [Create Issue](https://github.com/docdyhr/mcp-wordpress/issues/new)
 - **Workflow Logs**: Check Actions tab for detailed error information
-- **Docker Hub Status**: [Docker Hub Status Page](https://status.docker.com/)
+- **Docker Hub Status**: [Docker Hub Status Page](https://status.docker.com/)

package/docs/EVALUATION.md

@@ -1,10 +1,12 @@
 # MCP WordPress Tools Evaluation Guide
 
-This guide covers the comprehensive evaluation system for MCP WordPress tools using [mcp-evals](https://github.com/mclenhard/mcp-evals).
+This guide covers the comprehensive evaluation system for MCP WordPress tools using
+[mcp-evals](https://github.com/mclenhard/mcp-evals).
 
 ## Overview
 
-The evaluation system provides automated testing and scoring of WordPress MCP tools using LLM-based evaluation to ensure:
+The evaluation system provides automated testing and scoring of WordPress MCP tools using LLM-based evaluation to
+ensure:
 
 - **Tool Reliability**: Consistent performance across different scenarios
 - **Quality Assurance**: Comprehensive testing of all 59 WordPress tools
@@ -157,23 +159,19 @@ evals:
 ### TypeScript Evaluation
 
 ```typescript
-import { EvalFunction, grade } from 'mcp-evals';
-import { openai } from 'mcp-evals/models';
+import { EvalFunction, grade } from "mcp-evals";
+import { openai } from "mcp-evals/models";
 
 export const customEval: EvalFunction = {
-  name: 'custom_evaluation',
-  description: 'Test custom functionality',
+  name: "custom_evaluation",
+  description: "Test custom functionality",
   run: async () => {
-    const result = await grade(
-      openai("gpt-4o"),
-      "Your test prompt here",
-      {
-        systemPrompt: "Evaluation criteria...",
-        responseFormat: { type: "json_object" }
-      }
-    );
+    const result = await grade(openai("gpt-4o"), "Your test prompt here", {
+      systemPrompt: "Evaluation criteria...",
+      responseFormat: { type: "json_object" },
+    });
     return JSON.parse(result);
-  }
+  },
 };
 ```
 
@@ -314,10 +312,7 @@ open evaluations/reports/evaluation-report.html
       "reason": "Error handling could be more graceful"
     }
   ],
-  "recommendations": [
-    "Improve error handling for edge cases",
-    "Add more comprehensive validation"
-  ]
+  "recommendations": ["Improve error handling for edge cases", "Add more comprehensive validation"]
 }
 ```
 
@@ -345,7 +340,7 @@ const customScoring = {
   completeness: { weight: 0.3, min: 3.5 },
   relevance: { weight: 0.2, min: 3.0 },
   clarity: { weight: 0.1, min: 3.0 },
-  reasoning: { weight: 0.1, min: 3.0 }
+  reasoning: { weight: 0.1, min: 3.0 },
 };
 ```
 
@@ -394,4 +389,4 @@ npm run eval:monitor
 ---
 
 **Ready to improve tool quality?** Start by running `npm run eval:quick` to see current performance, then dive into
-writing custom evaluations for your specific use cases!
+writing custom evaluations for your specific use cases!

package/docs/INCREMENTAL_COVERAGE.md

@@ -2,7 +2,8 @@
 
 ## Overview
 
-The incremental coverage guardrail prevents coverage regression by comparing current PR coverage against a baseline from the main branch. This ensures code quality and maintains test coverage standards.
+The incremental coverage guardrail prevents coverage regression by comparing current PR coverage against a baseline from
+the main branch. This ensures code quality and maintains test coverage standards.
 
 ## Features
 
@@ -105,7 +106,7 @@ BASELINE_FILE=coverage/baseline-main.json npm run coverage:baseline
       "metric": "lines",
       "baseline": 30.97,
       "current": 32.17,
-      "diff": 1.20,
+      "diff": 1.2,
       "passed": true,
       "tolerance": 1
     }
@@ -166,18 +167,21 @@ rm coverage-baseline.json && npm run coverage:baseline
 ## Implementation Details
 
 ### Script Location
+
 - `scripts/incremental-coverage-guardrail.js`: Main implementation
 - `scripts/coverage-guardrail.js`: Phase-based coverage validation
 - `.github/workflows/coverage-guard.yml`: CI/CD workflow
 
 ### Baseline Storage
+
 - `coverage-baseline.json`: Baseline metrics from main branch
 - Generated automatically in CI/CD pipeline
 - Contains timestamp, commit info, and detailed metrics
 
 ### Coverage Sources
+
 - Primary: `coverage/coverage-final.json` (Jest output)
 - Fallback: Estimated values from project knowledge
 - Future: Direct TypeScript coverage collection
 
-This incremental coverage system ensures code quality while providing flexibility for development workflows.
+This incremental coverage system ensures code quality while providing flexibility for development workflows.

package/docs/INSTALLATION.md

@@ -4,20 +4,21 @@ Complete installation guide for MCP WordPress Server with all supported methods.
 
 ## 🎯 Choose Your Installation Method
 
-| Method | Best For | Setup Time | Difficulty |
-|--------|----------|------------|------------|
-| **[DXT Extension](#-dxt-extension-recommended)** | Most users | 2 minutes | Beginner |
-| **[NPX](#-npx-quick-start)** | Power users | 5 minutes | Beginner |
-| **[Smithery](#-smithery-package-manager)** | MCP users | 3 minutes | Beginner |
-| **[NPM Global](#-npm-global-installation)** | Developers | 10 minutes | Intermediate |
-| **[Docker](#-docker-deployment)** | Production | 15 minutes | Intermediate |
-| **[Development](#️-development-setup)** | Contributors | 20 minutes | Advanced |
+| Method                                           | Best For     | Setup Time | Difficulty   |
+| ------------------------------------------------ | ------------ | ---------- | ------------ |
+| **[DXT Extension](#-dxt-extension-recommended)** | Most users   | 2 minutes  | Beginner     |
+| **[NPX](#-npx-quick-start)**                     | Power users  | 5 minutes  | Beginner     |
+| **[Smithery](#-smithery-package-manager)**       | MCP users    | 3 minutes  | Beginner     |
+| **[NPM Global](#-npm-global-installation)**      | Developers   | 10 minutes | Intermediate |
+| **[Docker](#-docker-deployment)**                | Production   | 15 minutes | Intermediate |
+| **[Development](#️-development-setup)**          | Contributors | 20 minutes | Advanced     |
 
 ## 🏆 DXT Extension (Recommended)
 
 The easiest way to get started with WordPress MCP in Claude Desktop.
 
 ### Prerequisites
+
 - Claude Desktop application
 - WordPress site with REST API enabled
 - WordPress Application Password
@@ -25,6 +26,7 @@ The easiest way to get started with WordPress MCP in Claude Desktop.
 ### Installation Steps
 
 1. **Download DXT Package**
+
    ```bash
    # Download the latest DXT package
    curl -L -o mcp-wordpress.dxt \
@@ -32,6 +34,7 @@ The easiest way to get started with WordPress MCP in Claude Desktop.
    ```
 
 2. **Install in Claude Desktop**
+
    - Open Claude Desktop
    - Go to Extensions menu
    - Click "Install Extension"
@@ -59,6 +62,7 @@ The easiest way to get started with WordPress MCP in Claude Desktop.
 Best for users who want the latest version without installation.
 
 ### NPX Prerequisites
+
 - Node.js 16+ and npm
 - WordPress site with REST API enabled
 - WordPress Application Password
@@ -100,6 +104,7 @@ Add to your Claude Desktop config:
 Smithery is a dedicated package manager for MCP servers, providing easy installation and management.
 
 ### Prerequisites
+
 - Smithery package manager installed
 - Claude Desktop application
 - WordPress site with REST API enabled
@@ -202,6 +207,7 @@ WORDPRESS_AUTH_METHOD=app-password
 Production-ready containerized deployment.
 
 ### Docker Prerequisites
+
 - Docker 20.10+
 - Docker Compose (optional)
 
@@ -223,7 +229,7 @@ docker logs mcp-wordpress
 ### Docker Compose
 
 ```yaml
-version: '3.8'
+version: "3.8"
 services:
   mcp-wordpress:
     image: docdyhr/mcp-wordpress:latest
@@ -243,6 +249,7 @@ services:
 For contributors and custom development.
 
 ### Development Prerequisites
+
 - Node.js 18+
 - npm or yarn
 - Git
@@ -287,15 +294,15 @@ WORDPRESS_APP_PASSWORD=dev-password
 
 ### Environment Variables
 
-| Variable | Required | Default | Description |
-|----------|----------|---------|-------------|
-| `WORDPRESS_SITE_URL` | Yes | - | WordPress site URL |
-| `WORDPRESS_USERNAME` | Yes | - | WordPress username |
-| `WORDPRESS_APP_PASSWORD` | Yes | - | Application password |
-| `WORDPRESS_AUTH_METHOD` | No | `app-password` | Authentication method |
-| `NODE_ENV` | No | `production` | Environment mode |
-| `DEBUG` | No | `false` | Enable debug logging |
-| `DISABLE_CACHE` | No | `false` | Disable caching |
+| Variable                 | Required | Default        | Description           |
+| ------------------------ | -------- | -------------- | --------------------- |
+| `WORDPRESS_SITE_URL`     | Yes      | -              | WordPress site URL    |
+| `WORDPRESS_USERNAME`     | Yes      | -              | WordPress username    |
+| `WORDPRESS_APP_PASSWORD` | Yes      | -              | Application password  |
+| `WORDPRESS_AUTH_METHOD`  | No       | `app-password` | Authentication method |
+| `NODE_ENV`               | No       | `production`   | Environment mode      |
+| `DEBUG`                  | No       | `false`        | Enable debug logging  |
+| `DISABLE_CACHE`          | No       | `false`        | Disable caching       |
 
 ### Multi-Site Configuration
 
@@ -352,11 +359,13 @@ npm run health
 ### Common Verification Issues
 
 **Tools not appearing in Claude:**
+
 - Restart Claude Desktop
 - Check configuration file syntax
 - Verify environment variables
 
 **Connection failed:**
+
 - Test WordPress REST API: `curl https://your-site.com/wp-json/wp/v2/`
 - Verify Application Password format
 - Check WordPress permissions
@@ -366,16 +375,19 @@ npm run health
 ### Common Issues
 
 1. **"Cannot connect to WordPress"**
+
    - Verify `WORDPRESS_SITE_URL` format
    - Check if WordPress REST API is enabled
    - Test manually: `curl https://your-site.com/wp-json/wp/v2/`
 
 2. **"Authentication failed"**
+
    - Verify Application Password format (with spaces)
    - Check WordPress user permissions
    - Ensure Application Passwords are enabled
 
 3. **"Tools not working in Claude"**
+
    - Restart Claude Desktop
    - Check configuration file location
    - Verify JSON syntax
@@ -390,12 +402,14 @@ npm run health
 ## 🔐 Security Considerations
 
 ### WordPress Security
+
 - Use Application Passwords (recommended)
 - Create dedicated MCP user with minimal permissions
 - Enable HTTPS for production
 - Regular security updates
 
 ### MCP Server Security
+
 - Keep dependencies updated
 - Use environment variables for secrets
 - Enable firewall rules for Docker deployments
@@ -422,4 +436,4 @@ After successful installation:
 
 **Found an issue with this guide?**
 [Edit on GitHub](https://github.com/docdyhr/mcp-wordpress/edit/main/docs/INSTALLATION.md) or
-[open an issue](https://github.com/docdyhr/mcp-wordpress/issues/new).
+[open an issue](https://github.com/docdyhr/mcp-wordpress/issues/new).

package/docs/PUBLISHING-TROUBLESHOOTING.md

@@ -2,8 +2,8 @@
 
 ## Overview
 
-This guide helps troubleshoot and resolve publishing issues for the MCP WordPress project. The project publishes
-to two main targets:
+This guide helps troubleshoot and resolve publishing issues for the MCP WordPress project. The project publishes to two
+main targets:
 
 1. **NPM Registry** - Node.js package
 2. **Docker Hub** - Container images
@@ -200,6 +200,7 @@ If all automated processes fail:
 ### Regular Maintenance
 
 1. **Rotate secrets annually:**
+
    - NPM_TOKEN
    - DOCKER_USERNAME/DOCKER_PASSWORD
 

package/docs/SECURITY.md

@@ -87,12 +87,12 @@ threat mitigation, and compliance requirements.
 
 ### Authentication Methods Comparison
 
-| Method | Security Level | Production Ready | Use Case |
-|--------|----------------|------------------|----------|
-| **Application Password** | 🟢 High | ✅ Yes | Recommended for all environments |
-| **JWT** | 🟡 Medium | ⚠️ With proper setup | API-heavy applications |
-| **Basic Auth** | 🔴 Low | ❌ No | Development only |
-| **API Key** | 🟡 Medium | ⚠️ Plugin dependent | Plugin-based authentication |
+| Method                   | Security Level | Production Ready     | Use Case                         |
+| ------------------------ | -------------- | -------------------- | -------------------------------- |
+| **Application Password** | 🟢 High        | ✅ Yes               | Recommended for all environments |
+| **JWT**                  | 🟡 Medium      | ⚠️ With proper setup | API-heavy applications           |
+| **Basic Auth**           | 🔴 Low         | ❌ No                | Development only                 |
+| **API Key**              | 🟡 Medium      | ⚠️ Plugin dependent  | Plugin-based authentication      |
 
 ## Input Validation & Sanitization
 
@@ -133,18 +133,18 @@ validateSearchQuery(query);
 ```typescript
 // Post creation with contextual validation
 validatePostParams({
-  title: "My Post",           // Required, sanitized
+  title: "My Post", // Required, sanitized
   content: "<p>Safe HTML</p>", // XSS protection
-  status: "future",           // Valid status
+  status: "future", // Valid status
   date: "2024-01-01T10:00:00", // Required for future posts
-  categories: [1, 2, 3]       // Valid category IDs
+  categories: [1, 2, 3], // Valid category IDs
 });
 
 // Pagination with conflict detection
 validatePaginationParams({
   page: 1,
   per_page: 10,
-  offset: 20  // ERROR: Cannot use page and offset together
+  offset: 20, // ERROR: Cannot use page and offset together
 });
 ```
 
@@ -158,7 +158,7 @@ const dangerousPatterns = [
   /<script[^>]*>[\s\S]*?<\/script>/gi,
   /<iframe[^>]*>/gi,
   /javascript:/gi,
-  /on\w+\s*=/gi  // Event handlers
+  /on\w+\s*=/gi, // Event handlers
 ];
 ```
 
@@ -166,10 +166,7 @@ const dangerousPatterns = [
 
 ```typescript
 // Query sanitization
-sanitized = sanitized.replace(
-  /(\b(union|select|insert|update|delete|drop|create)\b)/gi,
-  ""
-);
+sanitized = sanitized.replace(/(\b(union|select|insert|update|delete|drop|create)\b)/gi, "");
 ```
 
 **Path Traversal Prevention:**
@@ -421,18 +418,21 @@ grep "Security validation failed" /var/log/mcp-wordpress.log
 ### Security Incident Checklist
 
 1. **Immediate Response**
+
    - Disable affected accounts
    - Rotate compromised credentials
    - Enable additional logging
    - Document incident timeline
 
 2. **Investigation**
+
    - Analyze access logs
    - Check WordPress audit logs
    - Review security monitoring
    - Identify attack vectors
 
 3. **Remediation**
+
    - Patch vulnerabilities
    - Update credentials
    - Strengthen security controls
@@ -568,11 +568,13 @@ npm run test:security:penetration
 **Security Validation:**
 
 1. **Authentication Testing**
+
    - Invalid credential handling
    - Brute force protection
    - Session management
 
 2. **Input Validation Testing**
+
    - XSS prevention
    - SQL injection protection
    - Path traversal prevention

package/docs/SECURITY_TESTING.md

@@ -11,17 +11,20 @@ This guide covers the comprehensive security testing and validation framework im
 ### Core Security Components
 
 1. **Input Validation** (`src/security/InputValidator.ts`)
+
    - Zod-based schema validation
    - XSS protection patterns
    - SQL injection prevention
    - Path traversal protection
 
 2. **Rate Limiting** (`SecurityLimiter` class)
+
    - Request throttling per user/IP
    - DoS attack prevention
    - Automatic cleanup of expired entries
 
 3. **Input Sanitization** (`InputSanitizer` class)
+
    - HTML content sanitization
    - Search query cleaning
    - File path normalization