mcp-core.php
8 hours ago
mcp-oauth.php
1 month ago
mcp-rest.php
1 week ago
mcp.conf
1 year ago
mcp.js
8 months ago
mcp.md
8 months ago
mcp.php
2 days ago
wpai-connectors.php
1 month ago
wpai-gateway-availability.php
2 months ago
wpai-gateway-directory.php
2 months ago
wpai-gateway-image-model.php
2 months ago
wpai-gateway-model.php
2 months ago
wpai-gateway-providers.php
2 months ago
wpai-gateway.php
2 months ago
mcp-rest.php
330 lines
| 1 | <?php |
| 2 | |
| 3 | class Meow_MWAI_Labs_MCP_Rest { |
| 4 | // Bump the suffix when build_schema_from_args() changes so old cached schemas are ignored. |
| 5 | private $cache_key = 'mwai_mcp_tools_cache_v4'; |
| 6 | private $allowed = [ 'posts', 'pages', 'media' ]; |
| 7 | |
| 8 | public function __construct() { |
| 9 | add_action( 'rest_api_init', [ $this, 'rest_api_init' ] ); |
| 10 | } |
| 11 | |
| 12 | public function rest_api_init() { |
| 13 | add_filter( 'mwai_mcp_tools', [ $this, 'register_rest_tools' ] ); |
| 14 | add_filter( 'mwai_mcp_callback', [ $this, 'handle_call' ], 10, 4 ); |
| 15 | } |
| 16 | |
| 17 | public function register_rest_tools( $prevTools ) { |
| 18 | $cached = get_transient( $this->cache_key ); |
| 19 | |
| 20 | if ( !$cached ) { |
| 21 | $tools = []; |
| 22 | $server = rest_get_server(); |
| 23 | $routes = $server->get_routes(); |
| 24 | |
| 25 | foreach ( $this->allowed as $resource ) { |
| 26 | $base = "/wp/v2/{$resource}"; |
| 27 | $item = "{$base}/(?P<id>[\d]+)"; |
| 28 | |
| 29 | if ( isset( $routes[ $base ] ) ) { |
| 30 | foreach ( $routes[ $base ] as $endpoint ) { |
| 31 | if ( !empty( $endpoint['methods']['GET'] ) ) { |
| 32 | $tools[ "list_{$resource}" ] = [ |
| 33 | 'name' => "list_{$resource}", |
| 34 | 'description' => "List {$resource}", |
| 35 | 'category' => 'Dynamic REST', |
| 36 | 'inputSchema' => $this->build_schema_from_args( $endpoint['args'] ), |
| 37 | 'outputSchema' => $this->build_output_schema(), |
| 38 | 'accessLevel' => 'read', |
| 39 | ]; |
| 40 | break; |
| 41 | } |
| 42 | } |
| 43 | } |
| 44 | |
| 45 | if ( isset( $routes[ $item ] ) ) { |
| 46 | foreach ( $routes[ $item ] as $endpoint ) { |
| 47 | if ( !empty( $endpoint['methods']['GET'] ) ) { |
| 48 | $tools[ "get_{$resource}" ] = [ |
| 49 | 'name' => "get_{$resource}", |
| 50 | 'description' => "Get single {$resource} by ID", |
| 51 | 'category' => 'Dynamic REST', |
| 52 | 'inputSchema' => $this->build_schema_from_args( $endpoint['args'] ), |
| 53 | 'outputSchema' => $this->build_output_schema(), |
| 54 | 'accessLevel' => 'read', |
| 55 | ]; |
| 56 | break; |
| 57 | } |
| 58 | } |
| 59 | } |
| 60 | |
| 61 | if ( isset( $routes[ $base ] ) ) { |
| 62 | foreach ( $routes[ $base ] as $endpoint ) { |
| 63 | if ( !empty( $endpoint['methods']['POST'] ) ) { |
| 64 | $tools[ "create_{$resource}" ] = [ |
| 65 | 'name' => "create_{$resource}", |
| 66 | 'description' => "Create {$resource}", |
| 67 | 'category' => 'Dynamic REST', |
| 68 | 'inputSchema' => $this->build_schema_from_args( $endpoint['args'] ), |
| 69 | 'outputSchema' => $this->build_output_schema(), |
| 70 | 'accessLevel' => 'write', |
| 71 | ]; |
| 72 | break; |
| 73 | } |
| 74 | } |
| 75 | } |
| 76 | |
| 77 | if ( isset( $routes[ $item ] ) ) { |
| 78 | foreach ( $routes[ $item ] as $endpoint ) { |
| 79 | $methods = array_keys( $endpoint['methods'] ); |
| 80 | if ( array_intersect( [ 'POST', 'PUT', 'PATCH' ], $methods ) ) { |
| 81 | $tools[ "update_{$resource}" ] = [ |
| 82 | 'name' => "update_{$resource}", |
| 83 | 'description' => "Update {$resource}", |
| 84 | 'category' => 'Dynamic REST', |
| 85 | 'inputSchema' => $this->build_schema_from_args( $endpoint['args'] ), |
| 86 | 'outputSchema' => $this->build_output_schema(), |
| 87 | 'accessLevel' => 'write', |
| 88 | ]; |
| 89 | break; |
| 90 | } |
| 91 | } |
| 92 | } |
| 93 | |
| 94 | if ( isset( $routes[ $item ] ) ) { |
| 95 | foreach ( $routes[ $item ] as $endpoint ) { |
| 96 | if ( !empty( $endpoint['methods']['DELETE'] ) ) { |
| 97 | $tools[ "delete_{$resource}" ] = [ |
| 98 | 'name' => "delete_{$resource}", |
| 99 | 'description' => "Delete {$resource}", |
| 100 | 'category' => 'Dynamic REST', |
| 101 | 'inputSchema' => $this->build_schema_from_args( $endpoint['args'] ), |
| 102 | 'outputSchema' => $this->build_output_schema(), |
| 103 | 'accessLevel' => 'admin', |
| 104 | ]; |
| 105 | break; |
| 106 | } |
| 107 | } |
| 108 | } |
| 109 | } |
| 110 | |
| 111 | set_transient( $this->cache_key, $tools, DAY_IN_SECONDS ); |
| 112 | $cached = $tools; |
| 113 | } |
| 114 | |
| 115 | return array_merge( array_values( $cached ), $prevTools ); |
| 116 | } |
| 117 | |
| 118 | private function build_schema_from_args( $args ) { |
| 119 | $schema = [ |
| 120 | 'type' => 'object', |
| 121 | 'properties' => [], |
| 122 | 'required' => [], |
| 123 | ]; |
| 124 | |
| 125 | // JSON Schema keys worth forwarding from WordPress REST arg definitions. |
| 126 | // PHP callbacks (sanitize_callback/validate_callback) and WP-only keys (arg_options, |
| 127 | // required) are intentionally excluded - clients would choke on them. |
| 128 | $allowed_keys = [ |
| 129 | 'type', 'description', 'enum', 'default', 'format', |
| 130 | 'items', 'properties', 'additionalProperties', |
| 131 | 'minimum', 'maximum', 'exclusiveMinimum', 'exclusiveMaximum', 'multipleOf', |
| 132 | 'minLength', 'maxLength', 'pattern', |
| 133 | 'minItems', 'maxItems', 'uniqueItems', |
| 134 | 'oneOf', 'anyOf', 'allOf', |
| 135 | ]; |
| 136 | |
| 137 | foreach ( $args as $name => $def ) { |
| 138 | $property = []; |
| 139 | foreach ( $allowed_keys as $key ) { |
| 140 | if ( array_key_exists( $key, $def ) ) { |
| 141 | $property[ $key ] = $def[ $key ]; |
| 142 | } |
| 143 | } |
| 144 | if ( !isset( $property['type'] ) ) { |
| 145 | $property['type'] = 'string'; |
| 146 | } |
| 147 | if ( !isset( $property['description'] ) ) { |
| 148 | $property['description'] = ''; |
| 149 | } |
| 150 | |
| 151 | $schema['properties'][ $name ] = $this->normalize_schema_node( $property ); |
| 152 | |
| 153 | if ( !empty( $def['required'] ) ) { |
| 154 | $schema['required'][] = $name; |
| 155 | } |
| 156 | } |
| 157 | |
| 158 | return $this->normalize_schema_node( $schema ); |
| 159 | } |
| 160 | |
| 161 | /** |
| 162 | * JSON Schema requires "properties" to be an object. WP REST arg definitions |
| 163 | * commonly set it to an empty PHP array (e.g. the "meta" arg on media/posts), |
| 164 | * which json_encode would serialize as [] and Claude's MCP validator rejects. |
| 165 | * Walk the schema and cast any empty "properties" / object-typed |
| 166 | * "additionalProperties" to (object)[] so they serialize as {}. |
| 167 | */ |
| 168 | private function normalize_schema_node( $node ) { |
| 169 | if ( !is_array( $node ) ) { |
| 170 | return $node; |
| 171 | } |
| 172 | |
| 173 | if ( array_key_exists( 'properties', $node ) ) { |
| 174 | if ( is_array( $node['properties'] ) ) { |
| 175 | if ( empty( $node['properties'] ) ) { |
| 176 | $node['properties'] = (object) []; |
| 177 | } |
| 178 | else { |
| 179 | foreach ( $node['properties'] as $key => $child ) { |
| 180 | $node['properties'][ $key ] = $this->normalize_schema_node( $child ); |
| 181 | } |
| 182 | } |
| 183 | } |
| 184 | } |
| 185 | |
| 186 | if ( isset( $node['items'] ) ) { |
| 187 | $node['items'] = $this->normalize_schema_node( $node['items'] ); |
| 188 | } |
| 189 | |
| 190 | if ( isset( $node['additionalProperties'] ) && is_array( $node['additionalProperties'] ) ) { |
| 191 | $node['additionalProperties'] = empty( $node['additionalProperties'] ) |
| 192 | ? (object) [] |
| 193 | : $this->normalize_schema_node( $node['additionalProperties'] ); |
| 194 | } |
| 195 | |
| 196 | foreach ( [ 'oneOf', 'anyOf', 'allOf' ] as $combinator ) { |
| 197 | if ( isset( $node[ $combinator ] ) && is_array( $node[ $combinator ] ) ) { |
| 198 | foreach ( $node[ $combinator ] as $i => $child ) { |
| 199 | $node[ $combinator ][ $i ] = $this->normalize_schema_node( $child ); |
| 200 | } |
| 201 | } |
| 202 | } |
| 203 | |
| 204 | // Some clients (notably Google Gemini) only allow "enum" on string-typed |
| 205 | // properties and reject the request with a 400 otherwise. WordPress REST |
| 206 | // sometimes defines integer enums, e.g. Jetpack's publicize "status" => [0, 1]. |
| 207 | // Drop the enum when the type is not a string; the value still works, it just |
| 208 | // loses the schema-level enumeration. Coercing to string instead would risk |
| 209 | // breaking the endpoint's own integer validation when the tool is called. |
| 210 | if ( isset( $node['enum'] ) ) { |
| 211 | $type = $node['type'] ?? null; |
| 212 | $isStringType = $type === 'string' |
| 213 | || ( is_array( $type ) && in_array( 'string', $type, true ) ) |
| 214 | || ( $type === null && count( array_filter( (array) $node['enum'], function ( $v ) { |
| 215 | return !is_string( $v ); |
| 216 | } ) ) === 0 ); |
| 217 | if ( !$isStringType ) { |
| 218 | unset( $node['enum'] ); |
| 219 | } |
| 220 | } |
| 221 | |
| 222 | return $node; |
| 223 | } |
| 224 | |
| 225 | private function build_output_schema() { |
| 226 | return [ |
| 227 | 'type' => 'object', |
| 228 | 'properties' => [ |
| 229 | 'content' => [ |
| 230 | 'type' => 'array', |
| 231 | 'items' => [ |
| 232 | 'type' => 'object', |
| 233 | 'properties' => [ |
| 234 | 'type' => [ |
| 235 | 'type' => 'string', |
| 236 | 'description' => 'Block type, e.g. text or image', |
| 237 | ], |
| 238 | 'text' => [ |
| 239 | 'type' => 'string', |
| 240 | 'description' => 'Human-readable content', |
| 241 | ], |
| 242 | ], |
| 243 | 'required' => [ 'type', 'text' ], |
| 244 | ], |
| 245 | ], |
| 246 | ], |
| 247 | 'required' => [ 'content' ], |
| 248 | ]; |
| 249 | } |
| 250 | |
| 251 | public function handle_call( $existing, $tool, $args, $id ) { |
| 252 | if ( !empty( $existing ) ) { |
| 253 | return $existing; |
| 254 | } |
| 255 | |
| 256 | $tools = get_transient( $this->cache_key ); |
| 257 | if ( !isset( $tools[ $tool ] ) ) { |
| 258 | return $existing; |
| 259 | } |
| 260 | |
| 261 | // Security check is already done in the MCP auth layer |
| 262 | // If we reach here, the user is authorized to use MCP |
| 263 | |
| 264 | list( $action, $resource ) = explode( '_', $tool, 2 ); |
| 265 | $path = "/wp/v2/{$resource}"; |
| 266 | $method = 'GET'; |
| 267 | |
| 268 | if ( in_array( $action, [ 'get', 'update', 'delete' ], true ) ) { |
| 269 | if ( empty( $args['id'] ) ) { |
| 270 | return [ |
| 271 | 'jsonrpc' => '2.0', |
| 272 | 'id' => $id, |
| 273 | 'error' => [ |
| 274 | 'code' => -32602, |
| 275 | 'message' => 'Missing parameter: id', |
| 276 | ], |
| 277 | ]; |
| 278 | } |
| 279 | $path .= '/' . intval( $args['id'] ); |
| 280 | } |
| 281 | |
| 282 | switch ( $action ) { |
| 283 | case 'create': |
| 284 | case 'update': |
| 285 | $method = 'POST'; |
| 286 | break; |
| 287 | case 'delete': |
| 288 | $method = 'DELETE'; |
| 289 | break; |
| 290 | default: |
| 291 | $method = 'GET'; |
| 292 | break; |
| 293 | } |
| 294 | |
| 295 | $request = new WP_REST_Request( $method, $path ); |
| 296 | |
| 297 | if ( $method === 'GET' ) { |
| 298 | foreach ( $args as $key => $value ) { |
| 299 | $request->set_param( $key, $value ); |
| 300 | } |
| 301 | } |
| 302 | else { |
| 303 | $request->set_body_params( $args ); |
| 304 | } |
| 305 | |
| 306 | $response = rest_do_request( $request ); |
| 307 | |
| 308 | if ( is_wp_error( $response ) || $response->get_status() >= 400 ) { |
| 309 | $error_obj = is_wp_error( $response ) ? $response : $response->as_error(); |
| 310 | |
| 311 | // Return error in old format for backward compatibility |
| 312 | // The execute_tool method will detect this and not re-wrap it |
| 313 | return [ |
| 314 | 'jsonrpc' => '2.0', |
| 315 | 'id' => $id, |
| 316 | 'error' => [ |
| 317 | 'code' => (int) ( $error_obj->get_error_code() ?: $response->get_status() ), |
| 318 | 'message' => $error_obj->get_error_message(), |
| 319 | 'data' => $error_obj->get_error_data() ?: null, |
| 320 | ], |
| 321 | ]; |
| 322 | } |
| 323 | |
| 324 | $data = $response->get_data(); |
| 325 | |
| 326 | // Return just the data - execute_tool will wrap it properly |
| 327 | return $data; |
| 328 | } |
| 329 | } |
| 330 |