npm - mcp-wordpress - Versions diffs - 2.4.2 → 2.5.0 - Mend

mcp-wordpress 2.4.2 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (348) hide show

package/README.md +114 -48
package/dist/ajv-patch.js +34 -0
package/dist/cache/CacheInvalidation.d.ts +3 -1
package/dist/cache/CacheInvalidation.d.ts.map +1 -1
package/dist/cache/CacheInvalidation.js +10 -4
package/dist/cache/CacheInvalidation.js.map +1 -1
package/dist/cache/CacheManager.d.ts +3 -2
package/dist/cache/CacheManager.d.ts.map +1 -1
package/dist/cache/CacheManager.js +11 -3
package/dist/cache/CacheManager.js.map +1 -1
package/dist/cache/HttpCacheWrapper.d.ts +7 -6
package/dist/cache/HttpCacheWrapper.d.ts.map +1 -1
package/dist/cache/HttpCacheWrapper.js +8 -5
package/dist/cache/HttpCacheWrapper.js.map +1 -1
package/dist/cache/__tests__/HttpCacheWrapper.test.js +6 -5
package/dist/cache/__tests__/HttpCacheWrapper.test.js.map +1 -1
package/dist/cache/index.d.ts +3 -3
package/dist/cache/index.d.ts.map +1 -1
package/dist/cache/index.js +1 -1
package/dist/cache/index.js.map +1 -1
package/dist/client/CachedWordPressClient.d.ts +23 -9
package/dist/client/CachedWordPressClient.d.ts.map +1 -1
package/dist/client/CachedWordPressClient.js +4 -1
package/dist/client/CachedWordPressClient.js.map +1 -1
package/dist/client/MockWordPressClient.d.ts +2 -1
package/dist/client/MockWordPressClient.d.ts.map +1 -1
package/dist/client/MockWordPressClient.js +3 -1
package/dist/client/MockWordPressClient.js.map +1 -1
package/dist/client/api.d.ts +17 -13
package/dist/client/api.d.ts.map +1 -1
package/dist/client/api.js +135 -30
package/dist/client/api.js.map +1 -1
package/dist/client/auth.d.ts.map +1 -1
package/dist/client/auth.js +2 -3
package/dist/client/auth.js.map +1 -1
package/dist/client/managers/AuthenticationManager.d.ts +55 -2
package/dist/client/managers/AuthenticationManager.d.ts.map +1 -1
package/dist/client/managers/AuthenticationManager.js +269 -71
package/dist/client/managers/AuthenticationManager.js.map +1 -1
package/dist/client/managers/BaseManager.d.ts +3 -3
package/dist/client/managers/BaseManager.d.ts.map +1 -1
package/dist/client/managers/BaseManager.js +11 -5
package/dist/client/managers/BaseManager.js.map +1 -1
package/dist/client/managers/RequestManager.d.ts +2 -2
package/dist/client/managers/RequestManager.d.ts.map +1 -1
package/dist/client/managers/RequestManager.js +25 -12
package/dist/client/managers/RequestManager.js.map +1 -1
package/dist/config/Config.d.ts +155 -0
package/dist/config/Config.d.ts.map +1 -0
package/dist/config/Config.js +215 -0
package/dist/config/Config.js.map +1 -0
package/dist/config/ConfigurationSchema.d.ts +21 -21
package/dist/config/ConfigurationSchema.d.ts.map +1 -1
package/dist/config/ConfigurationSchema.js +19 -2
package/dist/config/ConfigurationSchema.js.map +1 -1
package/dist/config/ServerConfiguration.d.ts +2 -1
package/dist/config/ServerConfiguration.d.ts.map +1 -1
package/dist/config/ServerConfiguration.js +50 -41
package/dist/config/ServerConfiguration.js.map +1 -1
package/dist/docs/DocumentationGenerator.d.ts +9 -8
package/dist/docs/DocumentationGenerator.d.ts.map +1 -1
package/dist/docs/DocumentationGenerator.js +10 -7
package/dist/docs/DocumentationGenerator.js.map +1 -1
package/dist/docs/MarkdownFormatter.d.ts.map +1 -1
package/dist/docs/MarkdownFormatter.js +3 -2
package/dist/docs/MarkdownFormatter.js.map +1 -1
package/dist/dxt-entry.cjs +81 -0
package/dist/dxt-entry.js +15 -14
package/dist/dxt-entry.js.map +1 -1
package/dist/index.d.ts +3 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +37 -21
package/dist/index.js.map +1 -1
package/dist/performance/MetricsCollector.d.ts +13 -7
package/dist/performance/MetricsCollector.d.ts.map +1 -1
package/dist/performance/MetricsCollector.js +69 -27
package/dist/performance/MetricsCollector.js.map +1 -1
package/dist/performance/PerformanceAnalytics.d.ts +8 -2
package/dist/performance/PerformanceAnalytics.d.ts.map +1 -1
package/dist/performance/PerformanceAnalytics.js +17 -47
package/dist/performance/PerformanceAnalytics.js.map +1 -1
package/dist/performance/PerformanceMonitor.d.ts +2 -1
package/dist/performance/PerformanceMonitor.d.ts.map +1 -1
package/dist/performance/PerformanceMonitor.js +12 -13
package/dist/performance/PerformanceMonitor.js.map +1 -1
package/dist/performance/index.d.ts +2 -2
package/dist/performance/index.d.ts.map +1 -1
package/dist/security/AISecurityScanner.d.ts +1 -0
package/dist/security/AISecurityScanner.d.ts.map +1 -1
package/dist/security/AISecurityScanner.js +22 -12
package/dist/security/AISecurityScanner.js.map +1 -1
package/dist/security/AutomatedRemediation.d.ts +4 -3
package/dist/security/AutomatedRemediation.d.ts.map +1 -1
package/dist/security/AutomatedRemediation.js +46 -15
package/dist/security/AutomatedRemediation.js.map +1 -1
package/dist/security/InputValidator.d.ts +13 -9
package/dist/security/InputValidator.d.ts.map +1 -1
package/dist/security/InputValidator.js +4 -2
package/dist/security/InputValidator.js.map +1 -1
package/dist/security/SecurityCIPipeline.d.ts +1 -1
package/dist/security/SecurityCIPipeline.d.ts.map +1 -1
package/dist/security/SecurityCIPipeline.js +38 -29
package/dist/security/SecurityCIPipeline.js.map +1 -1
package/dist/security/SecurityConfig.d.ts +3 -3
package/dist/security/SecurityConfig.d.ts.map +1 -1
package/dist/security/SecurityConfig.js +13 -9
package/dist/security/SecurityConfig.js.map +1 -1
package/dist/security/SecurityConfigManager.d.ts +2 -2
package/dist/security/SecurityConfigManager.d.ts.map +1 -1
package/dist/security/SecurityConfigManager.js +20 -15
package/dist/security/SecurityConfigManager.js.map +1 -1
package/dist/security/SecurityMonitoring.d.ts +2 -2
package/dist/security/SecurityMonitoring.d.ts.map +1 -1
package/dist/security/SecurityMonitoring.js +19 -17
package/dist/security/SecurityMonitoring.js.map +1 -1
package/dist/security/SecurityReviewer.d.ts.map +1 -1
package/dist/security/SecurityReviewer.js +10 -7
package/dist/security/SecurityReviewer.js.map +1 -1
package/dist/security/index.d.ts +24 -23
package/dist/security/index.d.ts.map +1 -1
package/dist/security/index.js +52 -23
package/dist/security/index.js.map +1 -1
package/dist/server/ConnectionTester.d.ts +12 -4
package/dist/server/ConnectionTester.d.ts.map +1 -1
package/dist/server/ConnectionTester.js +96 -22
package/dist/server/ConnectionTester.js.map +1 -1
package/dist/server/ToolRegistry.d.ts +2 -2
package/dist/server/ToolRegistry.d.ts.map +1 -1
package/dist/server/ToolRegistry.js +10 -5
package/dist/server/ToolRegistry.js.map +1 -1
package/dist/tools/BaseToolManager.d.ts +47 -11
package/dist/tools/BaseToolManager.d.ts.map +1 -1
package/dist/tools/BaseToolManager.js +168 -29
package/dist/tools/BaseToolManager.js.map +1 -1
package/dist/tools/auth.d.ts +16 -10
package/dist/tools/auth.d.ts.map +1 -1
package/dist/tools/auth.js +3 -2
package/dist/tools/auth.js.map +1 -1
package/dist/tools/cache.d.ts +30 -30
package/dist/tools/cache.d.ts.map +1 -1
package/dist/tools/cache.js +1 -6
package/dist/tools/cache.js.map +1 -1
package/dist/tools/comments.d.ts +20 -20
package/dist/tools/comments.d.ts.map +1 -1
package/dist/tools/comments.js +16 -9
package/dist/tools/comments.js.map +1 -1
package/dist/tools/media.d.ts +18 -16
package/dist/tools/media.d.ts.map +1 -1
package/dist/tools/media.js +16 -15
package/dist/tools/media.js.map +1 -1
package/dist/tools/pages.d.ts +19 -17
package/dist/tools/pages.d.ts.map +1 -1
package/dist/tools/pages.js +16 -12
package/dist/tools/pages.js.map +1 -1
package/dist/tools/performance.d.ts +11 -1
package/dist/tools/performance.d.ts.map +1 -1
package/dist/tools/performance.js +67 -34
package/dist/tools/performance.js.map +1 -1
package/dist/tools/posts/PostHandlers.d.ts +46 -0
package/dist/tools/posts/PostHandlers.d.ts.map +1 -0
package/dist/tools/posts/PostHandlers.js +400 -0
package/dist/tools/posts/PostHandlers.js.map +1 -0
package/dist/tools/posts/PostToolDefinitions.d.ts +37 -0
package/dist/tools/posts/PostToolDefinitions.d.ts.map +1 -0
package/dist/tools/posts/PostToolDefinitions.js +236 -0
package/dist/tools/posts/PostToolDefinitions.js.map +1 -0
package/dist/tools/posts/index.d.ts +138 -0
package/dist/tools/posts/index.d.ts.map +1 -0
package/dist/tools/posts/index.js +163 -0
package/dist/tools/posts/index.js.map +1 -0
package/dist/tools/posts.d.ts +10 -246
package/dist/tools/posts.d.ts.map +1 -1
package/dist/tools/posts.js +11 -723
package/dist/tools/posts.js.map +1 -1
package/dist/tools/site.d.ts +19 -18
package/dist/tools/site.d.ts.map +1 -1
package/dist/tools/site.js +14 -10
package/dist/tools/site.js.map +1 -1
package/dist/tools/taxonomies.d.ts +23 -24
package/dist/tools/taxonomies.d.ts.map +1 -1
package/dist/tools/taxonomies.js +24 -18
package/dist/tools/taxonomies.js.map +1 -1
package/dist/tools/users.d.ts +20 -15
package/dist/tools/users.d.ts.map +1 -1
package/dist/tools/users.js +12 -8
package/dist/tools/users.js.map +1 -1
package/dist/types/client.d.ts +48 -41
package/dist/types/client.d.ts.map +1 -1
package/dist/types/client.js +30 -5
package/dist/types/client.js.map +1 -1
package/dist/types/enhanced.d.ts +237 -0
package/dist/types/enhanced.d.ts.map +1 -0
package/dist/types/enhanced.js +49 -0
package/dist/types/enhanced.js.map +1 -0
package/dist/types/index.d.ts +15 -12
package/dist/types/index.d.ts.map +1 -1
package/dist/types/index.js +2 -0
package/dist/types/index.js.map +1 -1
package/dist/types/mcp.d.ts +12 -12
package/dist/types/mcp.d.ts.map +1 -1
package/dist/types/requests.d.ts +322 -0
package/dist/types/requests.d.ts.map +1 -0
package/dist/types/requests.js +8 -0
package/dist/types/requests.js.map +1 -0
package/dist/types/tools.d.ts +506 -0
package/dist/types/tools.d.ts.map +1 -0
package/dist/types/tools.js +8 -0
package/dist/types/tools.js.map +1 -0
package/dist/types/wordpress.d.ts +43 -15
package/dist/types/wordpress.d.ts.map +1 -1
package/dist/types/wordpress.js +8 -1
package/dist/types/wordpress.js.map +1 -1
package/dist/utils/debug.d.ts +19 -11
package/dist/utils/debug.d.ts.map +1 -1
package/dist/utils/debug.js +46 -10
package/dist/utils/debug.js.map +1 -1
package/dist/utils/enhancedError.d.ts +8 -8
package/dist/utils/enhancedError.d.ts.map +1 -1
package/dist/utils/enhancedError.js.map +1 -1
package/dist/utils/error.d.ts +2 -4
package/dist/utils/error.d.ts.map +1 -1
package/dist/utils/error.js +42 -5
package/dist/utils/error.js.map +1 -1
package/dist/utils/logger.d.ts +106 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +280 -0
package/dist/utils/logger.js.map +1 -0
package/dist/utils/streaming.d.ts +9 -9
package/dist/utils/streaming.d.ts.map +1 -1
package/dist/utils/streaming.js +71 -52
package/dist/utils/streaming.js.map +1 -1
package/dist/utils/toolWrapper.d.ts +9 -7
package/dist/utils/toolWrapper.d.ts.map +1 -1
package/dist/utils/toolWrapper.js.map +1 -1
package/dist/utils/validation/core.d.ts +21 -0
package/dist/utils/validation/core.d.ts.map +1 -0
package/dist/utils/validation/core.js +71 -0
package/dist/utils/validation/core.js.map +1 -0
package/dist/utils/validation/index.d.ts +25 -0
package/dist/utils/validation/index.d.ts.map +1 -0
package/dist/utils/validation/index.js +29 -0
package/dist/utils/validation/index.js.map +1 -0
package/dist/utils/validation/network.d.ts +19 -0
package/dist/utils/validation/network.d.ts.map +1 -0
package/dist/utils/validation/network.js +93 -0
package/dist/utils/validation/network.js.map +1 -0
package/dist/utils/validation/rateLimit.d.ts +21 -0
package/dist/utils/validation/rateLimit.d.ts.map +1 -0
package/dist/utils/validation/rateLimit.js +43 -0
package/dist/utils/validation/rateLimit.js.map +1 -0
package/dist/utils/validation/security.d.ts +29 -0
package/dist/utils/validation/security.d.ts.map +1 -0
package/dist/utils/validation/security.js +327 -0
package/dist/utils/validation/security.js.map +1 -0
package/dist/utils/validation/wordpress.d.ts +31 -0
package/dist/utils/validation/wordpress.d.ts.map +1 -0
package/dist/utils/validation/wordpress.js +146 -0
package/dist/utils/validation/wordpress.js.map +1 -0
package/dist/utils/validation.d.ts +13 -82
package/dist/utils/validation.d.ts.map +1 -1
package/dist/utils/validation.js +25 -343
package/dist/utils/validation.js.map +1 -1
package/docs/BADGE_UPDATES.md +132 -0
package/docs/CI_CD_IMPROVEMENTS.md +191 -0
package/docs/INCREMENTAL_COVERAGE.md +183 -0
package/docs/api/README.md +3 -1
package/docs/api/openapi.json +5 -1
package/docs/api/summary.json +1 -1
package/docs/api/tools/wp_create_post.md +12 -14
package/docs/examples/claude-desktop-config.md +1 -1
package/docs/examples/docker-production.md +100 -93
package/docs/examples/multi-site-setup.md +5 -4
package/docs/examples/single-site-setup.md +3 -4
package/docs/examples/use-case-workflows.md +4 -5
package/docs/integrations/claude-desktop.md +31 -31
package/docs/integrations/cline.md +4 -4
package/docs/integrations/vs-code.md +9 -8
package/docs/user-guides/SMITHERY_SETUP.md +10 -10
package/package.json +44 -25
package/src/cache/CacheInvalidation.ts +12 -5
package/src/cache/CacheManager.ts +18 -15
package/src/cache/HttpCacheWrapper.ts +30 -59
package/src/cache/__tests__/HttpCacheWrapper.test.ts +6 -5
package/src/cache/index.ts +3 -14
package/src/client/CachedWordPressClient.ts +32 -30
package/src/client/MockWordPressClient.ts +4 -2
package/src/client/api.ts +186 -64
package/src/client/auth.ts +15 -40
package/src/client/managers/AuthenticationManager.ts +337 -77
package/src/client/managers/BaseManager.ts +18 -30
package/src/client/managers/RequestManager.ts +39 -44
package/src/config/Config.ts +308 -0
package/src/config/ConfigurationSchema.ts +23 -2
package/src/config/ServerConfiguration.ts +51 -47
package/src/docs/DocumentationGenerator.ts +50 -39
package/src/docs/MarkdownFormatter.ts +19 -29
package/src/dxt-entry.cjs +26 -16
package/src/dxt-entry.ts +17 -27
package/src/index.ts +42 -28
package/src/performance/MetricsCollector.ts +108 -86
package/src/performance/PerformanceAnalytics.ts +69 -164
package/src/performance/PerformanceMonitor.ts +32 -47
package/src/performance/index.ts +2 -10
package/src/security/AISecurityScanner.ts +22 -12
package/src/security/AutomatedRemediation.ts +49 -18
package/src/security/InputValidator.ts +9 -6
package/src/security/SecurityCIPipeline.ts +53 -37
package/src/security/SecurityConfig.ts +22 -22
package/src/security/SecurityConfigManager.ts +23 -19
package/src/security/SecurityMonitoring.ts +24 -21
package/src/security/SecurityReviewer.ts +10 -7
package/src/security/index.ts +64 -29
package/src/server/ConnectionTester.ts +120 -31
package/src/server/ToolRegistry.ts +31 -21
package/src/tools/BaseToolManager.ts +286 -33
package/src/tools/auth.ts +20 -8
package/src/tools/cache.ts +5 -15
package/src/tools/comments.ts +34 -48
package/src/tools/media.ts +41 -53
package/src/tools/pages.ts +32 -54
package/src/tools/performance.ts +141 -176
package/src/tools/posts/PostHandlers.ts +474 -0
package/src/tools/posts/PostToolDefinitions.ts +250 -0
package/src/tools/posts/index.ts +192 -0
package/src/tools/posts.ts +24 -780
package/src/tools/site.ts +34 -19
package/src/tools/taxonomies.ts +41 -57
package/src/tools/users.ts +28 -16
package/src/types/client.ts +114 -138
package/src/types/enhanced.ts +318 -0
package/src/types/index.ts +51 -30
package/src/types/mcp.ts +20 -42
package/src/types/requests.ts +378 -0
package/src/types/tools.ts +608 -0
package/src/types/wordpress.ts +56 -34
package/src/utils/debug.ts +77 -59
package/src/utils/enhancedError.ts +8 -8
package/src/utils/error.ts +53 -31
package/src/utils/logger.ts +351 -0
package/src/utils/streaming.ts +86 -68
package/src/utils/toolWrapper.ts +10 -12
package/src/utils/validation/core.ts +108 -0
package/src/utils/validation/index.ts +36 -0
package/src/utils/validation/network.ts +132 -0
package/src/utils/validation/rateLimit.ts +54 -0
package/src/utils/validation/security.ts +361 -0
package/src/utils/validation/wordpress.ts +180 -0
package/src/utils/validation.ts +47 -470

package/src/client/managers/BaseManager.ts CHANGED Viewed

@@ -18,58 +18,46 @@ export abstract class BaseManager {
   /**
    * Standardized error handling for all managers
    */
-  protected handleError(error: any, operation: string): never {
-    logError(`${operation} failed:`, error);
+  protected handleError(error: unknown, operation: string): never {
+    logError(`${operation} failed:`, error as Record<string, unknown>);
     if (error instanceof WordPressAPIError) {
       throw error;
     }
-    if (error.name === "AbortError" || error.code === "ABORT_ERR") {
-      throw new WordPressAPIError(
-        `Request timeout after ${this.config.timeout}ms`,
-        408,
-        "timeout",
-      );
-    }
+    // Type guard for error-like objects
+    const isErrorLike = (err: unknown): err is { name?: string; code?: string; message?: string } => {
+      return typeof err === "object" && err !== null;
+    };
+    if (isErrorLike(error)) {
+      if (error.name === "AbortError" || error.code === "ABORT_ERR") {
+        throw new WordPressAPIError(`Request timeout after ${this.config.timeout}ms`, 408, "timeout");
+      }
-    if (error.code === "ECONNREFUSED" || error.code === "ENOTFOUND") {
-      throw new WordPressAPIError(
-        `Cannot connect to WordPress site: ${this.config.baseUrl}`,
-        503,
-        "connection_failed",
-      );
+      if (error.code === "ECONNREFUSED" || error.code === "ENOTFOUND") {
+        throw new WordPressAPIError(`Cannot connect to WordPress site: ${this.config.baseUrl}`, 503, "connection_failed");
+      }
     }
     const message = getErrorMessage(error);
-    throw new WordPressAPIError(
-      `${operation} failed: ${message}`,
-      500,
-      "unknown_error",
-    );
+    throw new WordPressAPIError(`${operation} failed: ${message}`, 500, "unknown_error");
   }
   /**
    * Standardized success logging
    */
-  protected logSuccess(operation: string, details?: any): void {
+  protected logSuccess(operation: string, details?: unknown): void {
     debug.log(`${operation} completed successfully`, details);
   }
   /**
    * Validate required parameters
    */
-  protected validateRequired(
-    params: Record<string, any>,
-    requiredFields: string[],
-  ): void {
+  protected validateRequired(params: Record<string, unknown>, requiredFields: string[]): void {
     for (const field of requiredFields) {
       if (params[field] === undefined || params[field] === null) {
-        throw new WordPressAPIError(
-          `Missing required parameter: ${field}`,
-          400,
-          "missing_parameter",
-        );
+        throw new WordPressAPIError(`Missing required parameter: ${field}`, 400, "missing_parameter");
       }
     }
   }

package/src/client/managers/RequestManager.ts CHANGED Viewed

@@ -4,13 +4,9 @@
  */
 // Use native fetch in Node.js 18+
-import type {
-  HTTPMethod,
-  RequestOptions,
-  ClientStats,
-  WordPressClientConfig,
-} from "../../types/client.js";
+import type { HTTPMethod, RequestOptions, ClientStats, WordPressClientConfig } from "../../types/client.js";
 import { WordPressAPIError, RateLimitError } from "../../types/client.js";
+import { config } from "../../config/Config.js";
 import { BaseManager } from "./BaseManager.js";
 import { AuthenticationManager } from "./AuthenticationManager.js";
 import { debug, startTimer } from "../../utils/debug.js";
@@ -21,14 +17,11 @@ export class RequestManager extends BaseManager {
   private requestInterval: number;
   private authManager: AuthenticationManager;
-  constructor(
-    config: WordPressClientConfig,
-    authManager: AuthenticationManager,
-  ) {
-    super(config);
+  constructor(clientConfig: WordPressClientConfig, authManager: AuthenticationManager) {
+    super(clientConfig);
     this.authManager = authManager;
-    this.requestInterval = 60000 / parseInt(process.env.RATE_LIMIT || "60");
+    this.requestInterval = 60000 / config().security.rateLimit;
     this.stats = {
       totalRequests: 0,
       successfulRequests: 0,
@@ -42,23 +35,13 @@ export class RequestManager extends BaseManager {
   /**
    * Make HTTP request with retry logic and rate limiting
    */
-  async request<T>(
-    method: HTTPMethod,
-    endpoint: string,
-    data?: any,
-    options: RequestOptions = {},
-  ): Promise<T> {
+  async request<T>(method: HTTPMethod, endpoint: string, data?: unknown, options: RequestOptions = {}): Promise<T> {
     const timer = startTimer();
     try {
       await this.enforceRateLimit();
-      const response = await this.makeRequestWithRetry(
-        method,
-        endpoint,
-        data,
-        options,
-      );
+      const response = await this.makeRequestWithRetry(method, endpoint, data, options);
       this.stats.successfulRequests++;
       this.updateAverageResponseTime(timer.end());
@@ -78,27 +61,30 @@ export class RequestManager extends BaseManager {
   private async makeRequestWithRetry<T>(
     method: HTTPMethod,
     endpoint: string,
-    data?: any,
+    data?: unknown,
     options: RequestOptions = {},
   ): Promise<T> {
-    let lastError: any;
+    let lastError: unknown;
     const maxRetries = options.retries ?? this.config.maxRetries ?? 3;
     for (let attempt = 1; attempt <= maxRetries; attempt++) {
       try {
         return await this.makeRequest<T>(method, endpoint, data, options);
-      } catch (error: any) {
+      } catch (error: unknown) {
         lastError = error;
+        // Type guard for error-like objects
+        const isErrorLike = (err: unknown): err is { statusCode?: number; message?: string } => {
+          return typeof err === "object" && err !== null;
+        };
         // Don't retry on authentication errors or client errors
-        if (error.statusCode < 500 || attempt === maxRetries) {
+        if ((isErrorLike(error) && error.statusCode && error.statusCode < 500) || attempt === maxRetries) {
           throw error;
         }
-        debug.log(
-          `Request failed (attempt ${attempt}/${maxRetries}):`,
-          error.message,
-        );
+        const errorMessage = isErrorLike(error) && error.message ? error.message : String(error);
+        debug.log(`Request failed (attempt ${attempt}/${maxRetries}):`, errorMessage);
         // Exponential backoff
         const delay = Math.min(1000 * Math.pow(2, attempt - 1), 5000);
@@ -115,7 +101,7 @@ export class RequestManager extends BaseManager {
   private async makeRequest<T>(
     method: HTTPMethod,
     endpoint: string,
-    data?: any,
+    data?: unknown,
     options: RequestOptions = {},
   ): Promise<T> {
     const url = this.buildUrl(endpoint);
@@ -128,7 +114,7 @@ export class RequestManager extends BaseManager {
       // Get authentication headers
       const authHeaders = await this.authManager.getAuthHeaders();
-      const fetchOptions: any = {
+      const fetchOptions: RequestInit = {
         method,
         headers: {
           "Content-Type": "application/json",
@@ -142,11 +128,17 @@ export class RequestManager extends BaseManager {
       if (data && method !== "GET") {
         if (
           data instanceof FormData ||
-          (data && typeof data.append === "function")
+          (typeof data === "object" && data && "append" in data && typeof data.append === "function")
         ) {
           // For FormData, don't set Content-Type (let fetch set it with boundary)
-          delete fetchOptions.headers["Content-Type"];
-          fetchOptions.body = data;
+          if (
+            fetchOptions.headers &&
+            typeof fetchOptions.headers === "object" &&
+            "Content-Type" in fetchOptions.headers
+          ) {
+            delete (fetchOptions.headers as Record<string, string>)["Content-Type"];
+          }
+          fetchOptions.body = data as FormData;
         } else if (Buffer.isBuffer(data)) {
           // For Buffer data, keep Content-Type from headers
           fetchOptions.body = data;
@@ -175,18 +167,22 @@ export class RequestManager extends BaseManager {
   /**
    * Handle HTTP error responses
    */
-  private async handleErrorResponse(response: any): Promise<never> {
-    let errorData: any = {};
+  private async handleErrorResponse(response: Response): Promise<never> {
+    let errorData: Record<string, unknown> = {};
     try {
-      errorData = await response.json();
+      const jsonData = await response.json();
+      if (typeof jsonData === "object" && jsonData !== null) {
+        errorData = jsonData as Record<string, unknown>;
+      }
     } catch {
       // Ignore JSON parsing errors
     }
     const message =
-      errorData.message || `HTTP ${response.status}: ${response.statusText}`;
-    const code = errorData.code || "http_error";
+      (typeof errorData.message === "string" ? errorData.message : undefined) ||
+      `HTTP ${response.status}: ${response.statusText}`;
+    const code = (typeof errorData.code === "string" ? errorData.code : undefined) || "http_error";
     if (response.status === 429) {
       this.stats.rateLimitHits++;
@@ -233,8 +229,7 @@ export class RequestManager extends BaseManager {
     const totalRequests = this.stats.successfulRequests;
     const currentAverage = this.stats.averageResponseTime;
-    this.stats.averageResponseTime =
-      (currentAverage * (totalRequests - 1) + responseTime) / totalRequests;
+    this.stats.averageResponseTime = (currentAverage * (totalRequests - 1) + responseTime) / totalRequests;
   }
   /**

package/src/config/Config.ts ADDED Viewed

@@ -0,0 +1,308 @@
+/**
+ * Centralized Configuration Management
+ *
+ * Provides typed access to all environment variables and configuration options.
+ * Centralizes configuration logic and eliminates scattered process.env access.
+ */
+export interface AppConfig {
+  // WordPress Connection
+  readonly wordpress: {
+    readonly siteUrl: string | undefined;
+    readonly username: string | undefined;
+    readonly appPassword: string | undefined;
+    readonly password: string | undefined;
+    readonly authMethod: string;
+    readonly timeout: number;
+    readonly maxRetries: number;
+    readonly jwtSecret: string | undefined;
+    readonly apiKey: string | undefined;
+    readonly cookieNonce: string | undefined;
+    readonly jwtPassword: string | undefined;
+  };
+  // Application Environment
+  readonly app: {
+    readonly nodeEnv: string;
+    readonly isDevelopment: boolean;
+    readonly isProduction: boolean;
+    readonly isTest: boolean;
+    readonly isDXT: boolean;
+    readonly isCI: boolean;
+  };
+  // Debug & Logging
+  readonly debug: {
+    readonly enabled: boolean;
+    readonly logLevel: string;
+  };
+  // Caching
+  readonly cache: {
+    readonly disabled: boolean;
+    readonly ttl: number;
+    readonly maxItems: number;
+    readonly maxMemoryMB: number;
+  };
+  // Security
+  readonly security: {
+    readonly rateLimitEnabled: boolean;
+    readonly rateLimitRequests: number;
+    readonly rateLimitWindow: number;
+    readonly rateLimit: number;
+    readonly strictMode: boolean;
+  };
+  // Error Handling & Logging
+  readonly error: {
+    readonly legacyLogsEnabled: boolean;
+  };
+  // Testing & Coverage
+  readonly testing: {
+    readonly coverageTolerance: number;
+    readonly skipPactTests: boolean;
+    readonly performanceTest: boolean;
+  };
+  // CI/CD Environment Detection
+  readonly ci: {
+    readonly isCI: boolean;
+    readonly provider: string | null;
+    readonly isGitHubActions: boolean;
+    readonly isTravis: boolean;
+    readonly isCircleCI: boolean;
+  };
+}
+/**
+ * Centralized Configuration Class
+ *
+ * Singleton that provides type-safe access to all configuration values.
+ * Replaces scattered process.env access throughout the codebase.
+ */
+export class Config {
+  private static instance: Config | null = null;
+  private readonly config: AppConfig;
+  private constructor() {
+    this.config = this.loadConfiguration();
+  }
+  /**
+   * Get singleton instance
+   */
+  public static getInstance(): Config {
+    if (!Config.instance) {
+      Config.instance = new Config();
+    }
+    return Config.instance;
+  }
+  /**
+   * Get configuration object (read-only)
+   */
+  public get(): AppConfig {
+    return this.config;
+  }
+  /**
+   * Load and validate all configuration from environment
+   */
+  private loadConfiguration(): AppConfig {
+    const nodeEnv = process.env.NODE_ENV || "development";
+    return {
+      wordpress: {
+        siteUrl: process.env.WORDPRESS_SITE_URL,
+        username: process.env.WORDPRESS_USERNAME,
+        appPassword: process.env.WORDPRESS_APP_PASSWORD,
+        password: process.env.WORDPRESS_PASSWORD,
+        authMethod: process.env.WORDPRESS_AUTH_METHOD || "app-password",
+        timeout: parseInt(process.env.WORDPRESS_TIMEOUT || "30000", 10),
+        maxRetries: parseInt(process.env.WORDPRESS_MAX_RETRIES || "3", 10),
+        jwtSecret: process.env.WORDPRESS_JWT_SECRET,
+        apiKey: process.env.WORDPRESS_API_KEY,
+        cookieNonce: process.env.WORDPRESS_COOKIE_NONCE,
+        jwtPassword: process.env.WORDPRESS_JWT_PASSWORD,
+      },
+      app: {
+        nodeEnv,
+        isDevelopment: nodeEnv === "development",
+        isProduction: nodeEnv === "production",
+        isTest: nodeEnv === "test",
+        isDXT: nodeEnv === "dxt",
+        isCI: this.detectCIEnvironment(),
+      },
+      debug: {
+        enabled: process.env.DEBUG === "true",
+        logLevel: process.env.LOG_LEVEL || "info",
+      },
+      cache: {
+        disabled: this.isTruthy(process.env.CACHE_DISABLED) || this.isTruthy(process.env.DISABLE_CACHE),
+        ttl: parseInt(process.env.CACHE_TTL || "300", 10), // 5 minutes default
+        maxItems: parseInt(process.env.CACHE_MAX_ITEMS || "1000", 10),
+        maxMemoryMB: parseInt(process.env.CACHE_MAX_MEMORY_MB || "50", 10),
+      },
+      security: {
+        rateLimitEnabled: process.env.RATE_LIMIT_ENABLED !== "false",
+        rateLimitRequests: parseInt(process.env.RATE_LIMIT_REQUESTS || "100", 10),
+        rateLimitWindow: parseInt(process.env.RATE_LIMIT_WINDOW || "60000", 10), // 1 minute
+        rateLimit: parseInt(process.env.RATE_LIMIT || "60", 10),
+        strictMode: process.env.SECURITY_STRICT_MODE === "true",
+      },
+      error: {
+        legacyLogsEnabled: process.env.LEGACY_ERROR_LOGS !== "0",
+      },
+      testing: {
+        coverageTolerance: parseFloat(process.env.COVERAGE_TOLERANCE || "1.0"),
+        skipPactTests: process.env.SKIP_PACT_TESTS === "true",
+        performanceTest: process.env.PERFORMANCE_TEST === "true",
+      },
+      ci: {
+        isCI: this.detectCIEnvironment(),
+        provider: this.detectCIProvider(),
+        isGitHubActions: process.env.GITHUB_ACTIONS === "true",
+        isTravis: process.env.TRAVIS === "true",
+        isCircleCI: process.env.CIRCLECI === "true",
+      },
+    };
+  }
+  /**
+   * Check if a string value should be considered truthy
+   * Accepts common truthy string representations
+   */
+  private isTruthy(value: string | undefined): boolean {
+    if (!value) return false;
+    const lowerValue = value.trim().toLowerCase();
+    return ["true", "1", "yes", "on", "enable", "enabled"].includes(lowerValue);
+  }
+  /**
+   * Detect if running in CI environment
+   */
+  private detectCIEnvironment(): boolean {
+    return (
+      process.env.CI === "true" ||
+      process.env.NODE_ENV === "ci" ||
+      process.env.GITHUB_ACTIONS === "true" ||
+      process.env.TRAVIS === "true" ||
+      process.env.CIRCLECI === "true"
+    );
+  }
+  /**
+   * Detect CI provider
+   */
+  private detectCIProvider(): string | null {
+    if (process.env.GITHUB_ACTIONS === "true") return "github-actions";
+    if (process.env.TRAVIS === "true") return "travis";
+    if (process.env.CIRCLECI === "true") return "circleci";
+    if (process.env.CI === "true") return "generic";
+    return null;
+  }
+  // Convenience methods for common checks
+  /**
+   * Should log debug information?
+   */
+  public shouldDebug(): boolean {
+    return this.config.debug.enabled && !this.config.app.isDXT;
+  }
+  /**
+   * Should use caching?
+   */
+  public shouldUseCache(): boolean {
+    return !this.config.cache.disabled;
+  }
+  /**
+   * Should log info messages? (not in test or DXT mode)
+   */
+  public shouldLogInfo(): boolean {
+    return !this.config.app.isTest && !this.config.app.isDXT;
+  }
+  /**
+   * Is WordPress configuration complete?
+   */
+  public hasWordPressConfig(): boolean {
+    const wp = this.config.wordpress;
+    return !!(wp.siteUrl && wp.username && wp.appPassword);
+  }
+  /**
+   * Get environment-appropriate timeout for operations
+   */
+  public getOperationTimeout(): number {
+    if (this.config.app.isTest) return 5000; // 5 seconds in tests
+    if (this.config.app.isCI) return 30000; // 30 seconds in CI
+    return 60000; // 1 minute in development/production
+  }
+  /**
+   * Reset singleton (for testing)
+   */
+  public static reset(): void {
+    Config.instance = null;
+  }
+}
+/**
+ * Global configuration instance getter
+ * Use this throughout the application instead of process.env
+ */
+export const config = () => Config.getInstance().get();
+/**
+ * Configuration helper utilities
+ */
+export const ConfigHelpers = {
+  /**
+   * Get config instance
+   */
+  get: () => Config.getInstance(),
+  /**
+   * Quick environment checks
+   */
+  isDev: () => config().app.isDevelopment,
+  isProd: () => config().app.isProduction,
+  isTest: () => config().app.isTest,
+  isDXT: () => config().app.isDXT,
+  isCI: () => config().app.isCI,
+  /**
+   * Quick feature flags
+   */
+  shouldDebug: () => Config.getInstance().shouldDebug(),
+  shouldUseCache: () => Config.getInstance().shouldUseCache(),
+  shouldLogInfo: () => Config.getInstance().shouldLogInfo(),
+  hasWordPressConfig: () => Config.getInstance().hasWordPressConfig(),
+  /**
+   * Get timeout for different operation types
+   */
+  getTimeout: (type: "operation" | "upload" | "test" = "operation") => {
+    const instance = Config.getInstance();
+    switch (type) {
+      case "upload":
+        return instance.getOperationTimeout() * 5; // 5x longer for uploads
+      case "test":
+        return config().app.isCI ? 30000 : 10000;
+      default:
+        return instance.getOperationTimeout();
+    }
+  },
+};

package/src/config/ConfigurationSchema.ts CHANGED Viewed

@@ -6,7 +6,7 @@ import { z } from "zod";
 const AuthMethodSchema = z.enum(["app-password", "jwt", "basic", "api-key", "cookie"] as const);
 /**
- * Zod schema for URL validation
+ * Zod schema for URL validation with security checks
  */
 const UrlSchema = z
   .string()
@@ -14,7 +14,28 @@ const UrlSchema = z
   .refine((url) => {
     const parsed = new URL(url);
     return parsed.protocol === "http:" || parsed.protocol === "https:";
-  }, "URL must use http or https protocol");
+  }, "URL must use http or https protocol")
+  .refine((url) => {
+    // Additional security checks
+    const parsed = new URL(url);
+    const hostname = parsed.hostname.toLowerCase();
+    // In production, block localhost and private IPs
+    if (process.env.NODE_ENV === "production") {
+      if (
+        hostname === "localhost" ||
+        hostname === "127.0.0.1" ||
+        hostname === "::1" ||
+        hostname.match(/^10\./) ||
+        hostname.match(/^172\.(1[6-9]|2[0-9]|3[01])\./) ||
+        hostname.match(/^192\.168\./)
+      ) {
+        return false;
+      }
+    }
+    return true;
+  }, "Private/localhost URLs not allowed in production");
 /**
  * Zod schema for WordPress site configuration