claudeus-wp-mcp/dist/security/ToolSafetyController.js

The most comprehensive WordPress MCP server - 145 production-ready tools for complete WordPress management with AI

import { ConsentType } from '../types/security.js';
export class ToolSafetyController {
    consentManager;
    rateLimiter;
    executionLog = [];
    constructor(consentManager, rateLimiter = new Map()) {
        this.consentManager = consentManager;
        this.rateLimiter = rateLimiter;
    }
    async validateToolExecution(tool, params) {
        // Check rate limiting
        if (this.isRateLimited(tool)) {
            return {
                valid: false,
                errors: ['Rate limit exceeded for this tool']
            };
        }
        // Check user consent
        const operation = {
            type: ConsentType.TOOL_EXECUTION,
            description: `Execute tool: ${tool}`,
            params: params
        };
        const hasConsent = await this.consentManager.requestConsent(operation);
        if (!hasConsent) {
            return {
                valid: false,
                errors: ['User consent not granted for tool execution']
            };
        }
        // Validate parameters
        const validationErrors = this.validateParameters(params);
        if (validationErrors.length > 0) {
            return {
                valid: false,
                errors: validationErrors
            };
        }
        return { valid: true };
    }
    async executeWithSafety(tool, params, executor) {
        try {
            // Validate before execution
            const validation = await this.validateToolExecution(tool, params);
            if (!validation.valid) {
                return {
                    success: false,
                    error: new Error(validation.errors?.join(', '))
                };
            }
            // Execute in try-catch
            const result = await executor();
            // Record successful execution
            this.logExecution(tool, params, true, undefined);
            return {
                success: true,
                result
            };
        }
        catch (error) {
            // Record failed execution
            this.logExecution(tool, params, false, error);
            return {
                success: false,
                error: error
            };
        }
    }
    validateParameters(params) {
        const errors = [];
        if (!params) {
            return errors;
        }
        // Add parameter validation logic here
        // Example: Check for dangerous commands, invalid paths, etc.
        return errors;
    }
    isRateLimited(tool) {
        const now = Date.now();
        const lastExecution = this.rateLimiter.get(tool) || 0;
        const minInterval = 1000; // 1 second minimum between executions
        if (now - lastExecution < minInterval) {
            return true;
        }
        this.rateLimiter.set(tool, now);
        return false;
    }
    logExecution(tool, params, success, error) {
        this.executionLog.push({
            timestamp: new Date().toISOString(),
            type: 'tool_execution',
            operation: 'execute',
            status: success ? 'success' : 'failure',
            details: {
                error: error?.message
            },
            tool,
            params
        });
    }
    getExecutionLog() {
        return this.executionLog;
    }
}
//# sourceMappingURL=ToolSafetyController.js.map