WordPress Code Review MCP Server

Instructions

Implementation Reference

• src/guidelines-manager.ts:40-53 (registration)

  Registration of the 'security_check' MCP tool, including name, description, and input schema requiring a 'code' string.
  { name: 'security_check', description: 'Perform security analysis on code using configured security rules', inputSchema: { type: 'object', properties: { code: { type: 'string', description: 'The code to check for security issues', }, }, required: ['code'], }, },
• src/guidelines-source-factory.ts:9-9 (schema)

  Type definition (schema) for the performSecurityCheck method return type.
  performSecurityCheck(code: string): Promise<{ vulnerabilities: string[]; warnings: string[]; recommendations: string[] }>;
• src/guidelines-manager.ts:87-88 (handler)

  Dispatch in handleTool switch statement for 'security_check' tool call.
  case 'security_check': return await this.performSecurityCheck(args.code);
• src/guidelines-manager.ts:171-204 (handler)

  Primary handler for 'security_check' tool: delegates to guideline source and formats the result into MCP response.
  private async performSecurityCheck(code: string) { try { const result = await this.guidelineSource.performSecurityCheck(code); const response = []; if (result.vulnerabilities.length > 0) { response.push(`🚨 **Vulnerabilities Found:**\n${result.vulnerabilities.map(vuln => `- ${vuln}`).join('\n')}`); } if (result.warnings.length > 0) { response.push(`⚠️ **Warnings:**\n${result.warnings.map(warning => `- ${warning}`).join('\n')}`); } if (result.recommendations.length > 0) { response.push(`💡 **Recommendations:**\n${result.recommendations.map(rec => `- ${rec}`).join('\n')}`); } if (response.length === 0) { response.push('✅ Security check passed. No obvious vulnerabilities detected.'); } return { content: [ { type: 'text', text: response.join('\n\n'), }, ], }; } catch (error) { throw new Error(`Security check failed: ${error instanceof Error ? error.message : 'Unknown error'}`); } }
• src/guidelines-source-factory.ts:57-60 (handler)

  Core implementation in UrlGuidelineSource: fetches security rules and parses/appplies them to the code.
  async performSecurityCheck(code: string): Promise<{ vulnerabilities: string[]; warnings: string[]; recommendations: string[] }> { const securityGuidelines = await this.fetchGuidelines('security-rules'); return this.parseSecurityRules(securityGuidelines, code); }
• src/guidelines-source-factory.ts:103-123 (helper)

  Helper that applies security rules to code, categorizing results based on level.
  private parseSecurityRules(guidelines: string, code: string): { vulnerabilities: string[]; warnings: string[]; recommendations: string[] } { const vulnerabilities: string[] = []; const warnings: string[] = []; const recommendations: string[] = []; const rules = this.extractRules(guidelines, 'SECURITY_RULES'); for (const rule of rules) { const result = this.applySecurityRule(rule, code); if (result.level === 'CRITICAL' || result.level === 'HIGH') { vulnerabilities.push(`${result.level}: ${result.message}`); } else if (result.level === 'MEDIUM') { warnings.push(`${result.level}: ${result.message}`); } else if (result.level === 'INFO') { recommendations.push(result.message); } } return { vulnerabilities, warnings, recommendations }; }