mcp-wordpress 2.11.13 → 3.0.0

package/src/security/SecurityReportGenerator.ts

@@ -0,0 +1,272 @@
+/**
+ * Security Report Generator
+ * Handles generation of security reports and statistics
+ */
+
+import type {
+  PipelineSecurityReport,
+  GateResult,
+  PipelineContext,
+  ReportSummary,
+  PipelineStatistics,
+  ReportFilterOptions,
+} from "./SecurityTypes.js";
+
+/**
+ * Security Report Generator
+ * Responsible for generating and managing security reports
+ */
+export class SecurityReportGenerator {
+  private reports: PipelineSecurityReport[] = [];
+
+  /**
+   * Generate a pipeline security report
+   */
+  generateReport(
+    reportId: string,
+    stage: string,
+    startTime: number,
+    status: "passed" | "failed" | "warning",
+    gateResults: GateResult[],
+    context: PipelineContext,
+  ): PipelineSecurityReport {
+    const allFindings = gateResults.flatMap((gate) => gate.checks.flatMap((check) => check.findings));
+
+    const summary: ReportSummary = {
+      totalIssues: allFindings.length,
+      criticalIssues: allFindings.filter((f) => f.severity === "critical").length,
+      highIssues: allFindings.filter((f) => f.severity === "high").length,
+      mediumIssues: allFindings.filter((f) => f.severity === "medium").length,
+      lowIssues: allFindings.filter((f) => f.severity === "low").length,
+      securityScore: this.calculateOverallSecurityScore(gateResults),
+      compliance: status === "passed",
+    };
+
+    const recommendations = this.generateRecommendations(gateResults, summary);
+
+    const report: PipelineSecurityReport = {
+      reportId,
+      timestamp: new Date(),
+      stage,
+      status,
+      duration: Date.now() - startTime,
+      gates: gateResults,
+      summary,
+      recommendations,
+      artifacts: this.generateArtifacts(reportId, gateResults),
+    };
+
+    return report;
+  }
+
+  /**
+   * Create empty report for stages with no gates
+   */
+  createEmptyReport(reportId: string, stage: string, startTime: number): PipelineSecurityReport {
+    return {
+      reportId,
+      timestamp: new Date(),
+      stage,
+      status: "passed",
+      duration: Date.now() - startTime,
+      gates: [],
+      summary: {
+        totalIssues: 0,
+        criticalIssues: 0,
+        highIssues: 0,
+        mediumIssues: 0,
+        lowIssues: 0,
+        securityScore: 100,
+        compliance: true,
+      },
+      recommendations: [],
+      artifacts: [],
+    };
+  }
+
+  /**
+   * Store a report
+   */
+  storeReport(report: PipelineSecurityReport): void {
+    this.reports.push(report);
+  }
+
+  /**
+   * Get the latest report
+   */
+  getLatestReport(): PipelineSecurityReport | undefined {
+    return this.reports.length > 0 ? this.reports[this.reports.length - 1] : undefined;
+  }
+
+  /**
+   * Get all reports
+   */
+  getAllReports(): PipelineSecurityReport[] {
+    return [...this.reports];
+  }
+
+  /**
+   * Get filtered reports
+   */
+  getReports(options: ReportFilterOptions = {}): PipelineSecurityReport[] {
+    let reports = [...this.reports];
+
+    if (options.stage) {
+      reports = reports.filter((r) => r.stage === options.stage);
+    }
+
+    if (options.status) {
+      reports = reports.filter((r) => r.status === options.status);
+    }
+
+    if (options.since) {
+      reports = reports.filter((r) => r.timestamp >= options.since!);
+    }
+
+    // Sort by timestamp (newest first)
+    reports.sort((a, b) => b.timestamp.getTime() - a.timestamp.getTime());
+
+    if (options.limit) {
+      reports = reports.slice(0, options.limit);
+    }
+
+    return reports;
+  }
+
+  /**
+   * Export report in various formats
+   */
+  exportReport(report: PipelineSecurityReport, format: string): string {
+    if (format === "html") {
+      return `<html><body>${JSON.stringify(report)}</body></html>`;
+    }
+    if (format === "xml") {
+      return `<report>${JSON.stringify(report)}</report>`;
+    }
+    return JSON.stringify(report);
+  }
+
+  /**
+   * Calculate security metrics from a report
+   */
+  calculateSecurityMetrics(report: PipelineSecurityReport): {
+    overallScore: number;
+    riskLevel: string;
+    complianceStatus: boolean;
+  } {
+    const overallScore = report.summary.securityScore ?? 100;
+    const riskLevel = overallScore > 80 ? "low" : overallScore > 50 ? "medium" : "high";
+    return { overallScore, riskLevel, complianceStatus: report.summary.compliance };
+  }
+
+  /**
+   * Calculate overall security score from gate results
+   */
+  calculateOverallSecurityScore(gateResults: GateResult[]): number {
+    const allChecks = gateResults.flatMap((gate) => gate.checks);
+
+    if (allChecks.length === 0) {
+      return 100;
+    }
+
+    const totalScore = allChecks.reduce((sum, check) => sum + check.score, 0);
+    return totalScore / allChecks.length;
+  }
+
+  /**
+   * Generate recommendations based on results
+   */
+  generateRecommendations(
+    gateResults: GateResult[],
+    summary: ReportSummary,
+  ): string[] {
+    const recommendations: string[] = [];
+
+    if (summary.criticalIssues > 0) {
+      recommendations.push("Address critical security vulnerabilities immediately before deployment");
+    }
+
+    if (summary.highIssues > 5) {
+      recommendations.push("Review and remediate high-severity security issues");
+    }
+
+    if (summary.securityScore < 80) {
+      recommendations.push("Improve overall security posture through code review and security training");
+    }
+
+    const failedGates = gateResults.filter((gate) => gate.status === "failed");
+    if (failedGates.length > 0) {
+      recommendations.push(`Review failed security gates: ${failedGates.map((g) => g.gateName).join(", ")}`);
+    }
+
+    return recommendations;
+  }
+
+  /**
+   * Generate artifacts for the security report
+   */
+  generateArtifacts(reportId: string, gateResults: GateResult[]): string[] {
+    return [`security-report-${reportId}.json`, `security-findings-${reportId}.sarif`];
+  }
+
+  /**
+   * Get pipeline statistics
+   */
+  getStatistics(): PipelineStatistics {
+    const totalReports = this.reports.length;
+    const passedReports = this.reports.filter((r) => r.status === "passed").length;
+    const passRate = totalReports > 0 ? passedReports / totalReports : 1;
+
+    const averageSecurityScore =
+      totalReports > 0 ? this.reports.reduce((sum, r) => sum + r.summary.securityScore, 0) / totalReports : 100;
+
+    // Count issue types
+    const issueTypes: Record<string, number> = {};
+    this.reports.forEach((report) => {
+      report.gates.forEach((gate) => {
+        gate.checks.forEach((check) => {
+          check.findings.forEach((finding) => {
+            issueTypes[finding.type] = (issueTypes[finding.type] || 0) + 1;
+          });
+        });
+      });
+    });
+
+    const mostCommonIssues = Object.entries(issueTypes)
+      .map(([type, count]) => ({ type, count }))
+      .sort((a, b) => b.count - a.count)
+      .slice(0, 5);
+
+    // Calculate gate performance
+    const gateStats: Record<string, { total: number; passed: number; totalDuration: number }> = {};
+
+    this.reports.forEach((report) => {
+      report.gates.forEach((gate) => {
+        if (!gateStats[gate.gateId]) {
+          gateStats[gate.gateId] = { total: 0, passed: 0, totalDuration: 0 };
+        }
+
+        gateStats[gate.gateId].total++;
+        gateStats[gate.gateId].totalDuration += gate.duration;
+
+        if (gate.status === "passed") {
+          gateStats[gate.gateId].passed++;
+        }
+      });
+    });
+
+    const gatePerformance = Object.entries(gateStats).map(([gateId, stats]) => ({
+      gateId,
+      successRate: stats.total > 0 ? stats.passed / stats.total : 0,
+      averageDuration: stats.total > 0 ? stats.totalDuration / stats.total : 0,
+    }));
+
+    return {
+      totalReports,
+      passRate,
+      averageSecurityScore,
+      mostCommonIssues,
+      gatePerformance,
+    };
+  }
+}

package/src/security/SecurityReviewer.ts

@@ -7,7 +7,7 @@ import * as fs from "fs/promises";
 import * as path from "path";
 import { SecurityUtils } from "./SecurityConfig.js";
 import { SecurityValidationError } from "./InputValidator.js";
-import { LoggerFactory } from "../utils/logger.js";
+import { LoggerFactory } from "@/utils/logger.js";
 
 interface SecurityReviewRule {
   id: string;

package/src/security/SecurityTypes.ts

@@ -0,0 +1,199 @@
+/**
+ * Security Types and Interfaces
+ * Shared type definitions for the security CI/CD pipeline
+ */
+
+/**
+ * Security gate configuration
+ */
+export interface SecurityGate {
+  id: string;
+  name: string;
+  stage: "pre-commit" | "pre-build" | "pre-deploy" | "post-deploy";
+  enabled: boolean;
+  blocking: boolean;
+  checks: SecurityCheck[];
+  thresholds: SecurityThresholds;
+  exceptions: string[];
+}
+
+/**
+ * Security thresholds for gate evaluation
+ */
+export interface SecurityThresholds {
+  maxCritical: number;
+  maxHigh: number;
+  maxMedium: number;
+  minSecurityScore: number;
+}
+
+/**
+ * Security check configuration
+ */
+export interface SecurityCheck {
+  id: string;
+  name: string;
+  type: SecurityCheckType;
+  enabled: boolean;
+  timeout: number;
+  retries: number;
+  parameters: Record<string, unknown>;
+}
+
+/**
+ * Types of security checks
+ */
+export type SecurityCheckType = "scan" | "review" | "dependency" | "configuration" | "secrets" | "compliance";
+
+/**
+ * Pipeline security report
+ */
+export interface PipelineSecurityReport {
+  reportId: string;
+  timestamp: Date;
+  stage: string;
+  status: ReportStatus;
+  duration: number;
+  gates: GateResult[];
+  summary: ReportSummary;
+  recommendations: string[];
+  artifacts: string[];
+}
+
+/**
+ * Report status
+ */
+export type ReportStatus = "passed" | "failed" | "warning";
+
+/**
+ * Report summary
+ */
+export interface ReportSummary {
+  totalIssues: number;
+  criticalIssues: number;
+  highIssues: number;
+  mediumIssues: number;
+  lowIssues: number;
+  securityScore: number;
+  compliance: boolean;
+}
+
+/**
+ * Gate execution result
+ */
+export interface GateResult {
+  gateId: string;
+  gateName: string;
+  status: GateStatus;
+  duration: number;
+  checks: CheckResult[];
+  blocking: boolean;
+  message: string;
+}
+
+/**
+ * Gate status
+ */
+export type GateStatus = "passed" | "failed" | "warning" | "skipped";
+
+/**
+ * Check execution result
+ */
+export interface CheckResult {
+  checkId: string;
+  checkName: string;
+  status: CheckStatus;
+  duration: number;
+  findings: SecurityFinding[];
+  details: string;
+  score: number;
+}
+
+/**
+ * Check status
+ */
+export type CheckStatus = "passed" | "failed" | "warning" | "error";
+
+/**
+ * Security finding
+ */
+export interface SecurityFinding {
+  id: string;
+  severity: FindingSeverity;
+  type: string;
+  description: string;
+  file?: string | undefined;
+  line?: number | undefined;
+  remediation?: string | undefined;
+}
+
+/**
+ * Finding severity levels
+ */
+export type FindingSeverity = "critical" | "high" | "medium" | "low" | "info";
+
+/**
+ * Pipeline execution context
+ */
+export interface PipelineContext {
+  repositoryUrl: string;
+  branch: string;
+  commit: string;
+  author: string;
+  pullRequest?: {
+    id: string;
+    title: string;
+    source: string;
+    target: string;
+  };
+  environment: string;
+  buildNumber: string;
+  artifacts: string[];
+}
+
+/**
+ * Gate execution options
+ */
+export interface GateExecutionOptions {
+  skipNonBlocking?: boolean;
+  continueOnFailure?: boolean;
+  dryRun?: boolean;
+}
+
+/**
+ * Check execution result (internal)
+ */
+export interface CheckExecutionResult {
+  findings: SecurityFinding[];
+  score: number;
+  details: string;
+}
+
+/**
+ * Gate status evaluation result
+ */
+export interface GateStatusResult {
+  status: "passed" | "failed" | "warning";
+  message: string;
+}
+
+/**
+ * Pipeline statistics
+ */
+export interface PipelineStatistics {
+  totalReports: number;
+  passRate: number;
+  averageSecurityScore: number;
+  mostCommonIssues: { type: string; count: number }[];
+  gatePerformance: { gateId: string; successRate: number; averageDuration: number }[];
+}
+
+/**
+ * Report filter options
+ */
+export interface ReportFilterOptions {
+  stage?: string;
+  status?: string;
+  since?: Date;
+  limit?: number;
+}

package/src/security/index.ts

@@ -6,7 +6,7 @@
 // Core Security Components
 export { SecurityConfig, SecurityUtils, createSecureError, getEnvironmentSecurity } from "./SecurityConfig.js";
 import { SecurityValidationError } from "./InputValidator.js";
-import { LoggerFactory } from "../utils/logger.js";
+import { LoggerFactory } from "@/utils/logger.js";
 export {
   InputSanitizer,
   SecuritySchemas,
@@ -41,6 +41,11 @@ export { SecurityMonitor, SecurityEvent } from "./SecurityMonitoring.js";
 import { SecurityCIPipeline, PipelineSecurityReport as _PipelineSecurityReport } from "./SecurityCIPipeline.js";
 export { SecurityCIPipeline, PipelineSecurityReport } from "./SecurityCIPipeline.js";
 
+// Security Types (new modular exports)
+export * from "./SecurityTypes.js";
+export { SecurityGateExecutor } from "./SecurityGateExecutor.js";
+export { SecurityReportGenerator } from "./SecurityReportGenerator.js";
+
 // Type definitions for external use
 export interface SecurityScanOptions {
   targets?: string[];

package/src/server/ConnectionTester.ts

@@ -1,7 +1,7 @@
-import { WordPressClient } from "../client/api.js";
-import { getErrorMessage } from "../utils/error.js";
-import { LoggerFactory } from "../utils/logger.js";
-import { ConfigHelpers } from "../config/Config.js";
+import { WordPressClient } from "@/client/api.js";
+import { getErrorMessage } from "@/utils/error.js";
+import { LoggerFactory } from "@/utils/logger.js";
+import { ConfigHelpers } from "@/config/Config.js";
 
 interface ErrorWithResponse {
   response?: {

package/src/server/ToolRegistry.ts

@@ -1,11 +1,11 @@
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { WordPressClient } from "../client/api.js";
-import { getErrorMessage } from "../utils/error.js";
-import { EnhancedError, ErrorHandlers } from "../utils/enhancedError.js";
-import { config } from "../config/Config.js";
-import * as Tools from "../tools/index.js";
+import { WordPressClient } from "@/client/api.js";
+import { getErrorMessage } from "@/utils/error.js";
+import { EnhancedError, ErrorHandlers } from "@/utils/enhancedError.js";
+import { config } from "@/config/Config.js";
+import * as Tools from "@/tools/index.js";
 import { z } from "zod";
-import type { MCPToolSchema, JSONSchemaProperty } from "../types/mcp.js";
+import type { MCPToolSchema, JSONSchemaProperty } from "@/types/mcp.js";
 
 /**
  * Interface for tool definition

package/src/tools/BaseToolManager.ts

@@ -2,8 +2,8 @@
  * Base utility class for tool managers with enhanced type safety
  */
 
-import { getErrorMessage } from "../utils/error.js";
-import { WordPressId, createWordPressId, DeepReadonly, Result, createSuccess, createError } from "../types/enhanced.js";
+import { getErrorMessage } from "@/utils/error.js";
+import { WordPressId, createWordPressId, DeepReadonly, Result, createSuccess, createError } from "@/types/enhanced.js";
 
 interface EnhancedError extends Error {
   originalError?: unknown;

package/src/tools/auth.ts

@@ -1,6 +1,6 @@
-import { WordPressClient } from "../client/api.js";
-import { AuthMethod } from "../types/client.js";
-import { getErrorMessage } from "../utils/error.js";
+import { WordPressClient } from "@/client/api.js";
+import { AuthMethod } from "@/types/client.js";
+import { getErrorMessage } from "@/utils/error.js";
 
 /**
  * Provides authentication-related tools for WordPress sites.

package/src/tools/cache.ts

@@ -3,9 +3,9 @@
  * Provides cache inspection, clearing, and warming capabilities
  */
 
-import type { WordPressClient } from "../client/api.js";
-import { CachedWordPressClient } from "../client/CachedWordPressClient.js";
-import { toolWrapper } from "../utils/toolWrapper.js";
+import type { WordPressClient } from "@/client/api.js";
+import { CachedWordPressClient } from "@/client/CachedWordPressClient.js";
+import { toolWrapper } from "@/utils/toolWrapper.js";
 
 /**
  * Cache management tools class

package/src/tools/comments.ts

@@ -1,6 +1,6 @@
-import { WordPressClient } from "../client/api.js";
-import { CommentQueryParams, CreateCommentRequest, UpdateCommentRequest } from "../types/wordpress.js";
-import { getErrorMessage } from "../utils/error.js";
+import { WordPressClient } from "@/client/api.js";
+import { CommentQueryParams, CreateCommentRequest, UpdateCommentRequest } from "@/types/wordpress.js";
+import { getErrorMessage } from "@/utils/error.js";
 
 /**
  * Provides tools for managing comments on a WordPress site.

package/src/tools/media.ts

@@ -1,7 +1,7 @@
 import * as fs from "fs";
-import { WordPressClient } from "../client/api.js";
-import { MediaQueryParams, UpdateMediaRequest, UploadMediaRequest } from "../types/wordpress.js";
-import { getErrorMessage } from "../utils/error.js";
+import { WordPressClient } from "@/client/api.js";
+import { MediaQueryParams, UpdateMediaRequest, UploadMediaRequest } from "@/types/wordpress.js";
+import { getErrorMessage } from "@/utils/error.js";
 
 /**
  * Comprehensive media management tools for WordPress sites.

package/src/tools/pages.ts

@@ -1,6 +1,6 @@
-import { WordPressClient } from "../client/api.js";
-import { CreatePageRequest, PostQueryParams as PageQueryParams, UpdatePageRequest } from "../types/wordpress.js";
-import { getErrorMessage } from "../utils/error.js";
+import { WordPressClient } from "@/client/api.js";
+import { CreatePageRequest, PostQueryParams as PageQueryParams, UpdatePageRequest } from "@/types/wordpress.js";
+import { getErrorMessage } from "@/utils/error.js";
 
 /**
  * Provides tools for managing pages on a WordPress site.