@dayby/mcp-server 0.1.0

package/README.md

@@ -0,0 +1,124 @@
+# @dayby/mcp-server
+
+Post your dev progress to [DayBy.dev](https://dayby.dev) from Claude, Cursor, or any MCP client — with **local sanitization** so your company secrets never leave your machine.
+
+## How It Works
+
+```
+You're coding with Claude → learn something cool →
+  draft_post (sanitized locally, never touches network) →
+  Claude shows you a clean preview →
+  You say "ship it" →
+  publish_post → DayBy API (only sanitized content sent)
+```
+
+**The raw context from your codebase never touches the network.** Only the sanitized, approved version gets published.
+
+## Tools
+
+| Tool | What it does | Touches network? |
+|---|---|---|
+| `draft_post` | Creates a sanitized draft from your description | ❌ No |
+| `edit_draft` | Modify a draft before publishing | ❌ No |
+| `check_content` | Dry-run: see what would get stripped | ❌ No |
+| `publish_post` | Publish an approved draft to DayBy | ✅ Yes (sanitized only) |
+| `list_posts` | List your recent DayBy posts | ✅ Yes |
+
+## What Gets Stripped (Automatically)
+
+- API keys, tokens, secrets
+- AWS ARNs and access keys
+- Private IP addresses
+- Email addresses
+- SSH keys, JWTs, GitHub tokens
+- Database connection URLs
+- File paths with usernames
+- Plus anything you configure in blocklist ↓
+
+## Setup
+
+### 1. Get a DayBy API Key
+
+1. Sign up at [dayby.dev](https://dayby.dev)
+2. Go to Settings → API
+3. Enable API access and generate a key
+
+### 2. Configure Sanitizer (Optional but Recommended)
+
+Create `~/.dayby/sanitizer.json`:
+
+```json
+{
+  "blockedTerms": ["YourCompany", "ProjectCodename"],
+  "blockedDomains": ["internal.yourcompany.com"],
+  "blockedNames": ["Your Boss Name"],
+  "customPatterns": ["JIRA-\\d+", "INTERNAL-\\d+"]
+}
+```
+
+### 3. Install
+
+```bash
+npm install -g @dayby/mcp-server
+```
+
+### 4. Add to Claude Code / Claude Desktop / Cursor
+
+**Claude Code (simplest):**
+```bash
+claude mcp add dayby -- dayby-mcp
+```
+
+**Claude Desktop** (`claude_desktop_config.json`):
+```json
+{
+  "mcpServers": {
+    "dayby": {
+      "command": "dayby-mcp",
+      "env": {
+        "DAYBY_API_KEY": "your-api-key-here"
+      }
+    }
+  }
+}
+```
+
+**Cursor** (`.cursor/mcp.json`):
+```json
+{
+  "mcpServers": {
+    "dayby": {
+      "command": "dayby-mcp",
+      "env": {
+        "DAYBY_API_KEY": "your-api-key-here"
+      }
+    }
+  }
+}
+```
+
+## Usage Examples
+
+**While coding:**
+> "I just figured out how to use PostgreSQL partial indexes to optimize a multi-tenant query. Draft a DayBy post about it."
+
+**After a PR:**
+> "I built a rate limiter using Redis sorted sets today. Post it to DayBy."
+
+**Quick check:**
+> "Check if this text has any sensitive data before I post it."
+
+Claude will use `draft_post` to sanitize locally, show you a preview, and only publish when you approve.
+
+## Environment Variables
+
+| Variable | Description | Default |
+|---|---|---|
+| `DAYBY_API_KEY` | Your DayBy API key | (required) |
+| `DAYBY_API_URL` | DayBy API URL | `https://dayby.dev` |
+| `DAYBY_BLOCKED_TERMS` | Comma-separated blocked terms | (none) |
+| `DAYBY_BLOCKED_DOMAINS` | Comma-separated blocked domains | (none) |
+
+## License
+
+MIT

package/dist/dayby-client.d.ts

@@ -0,0 +1,58 @@
+/**
+ * DayBy API v2 client — thin wrapper around the REST API.
+ */
+export interface DayByConfig {
+    apiUrl: string;
+    apiKey: string;
+}
+export interface DayByPost {
+    id: number;
+    title: string;
+    slug: string;
+    content: string;
+    visibility: string;
+    has_article: boolean;
+    url: string;
+    created_at: string;
+    updated_at: string;
+}
+export interface PostsListResponse {
+    posts: DayByPost[];
+    meta: {
+        total: number;
+        page: number;
+        per_page: number;
+        total_pages: number;
+    };
+}
+export declare class DayByClient {
+    private apiUrl;
+    private apiKey;
+    constructor(config: DayByConfig);
+    private request;
+    listPosts(page?: number, perPage?: number): Promise<PostsListResponse>;
+    getPost(slug: string): Promise<{
+        post: DayByPost;
+    }>;
+    createPost(params: {
+        title: string;
+        content: string;
+        visibility?: string;
+    }): Promise<{
+        post: DayByPost;
+    }>;
+    updatePost(slug: string, params: {
+        title?: string;
+        content?: string;
+        visibility?: string;
+    }): Promise<{
+        post: DayByPost;
+    }>;
+    deletePost(slug: string): Promise<{
+        message: string;
+    }>;
+    generateArticle(slug: string): Promise<{
+        post: DayByPost;
+        message: string;
+    }>;
+}

package/dist/dayby-client.js

@@ -0,0 +1,55 @@
+"use strict";
+/**
+ * DayBy API v2 client — thin wrapper around the REST API.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DayByClient = void 0;
+class DayByClient {
+    apiUrl;
+    apiKey;
+    constructor(config) {
+        this.apiUrl = config.apiUrl.replace(/\/$/, '');
+        this.apiKey = config.apiKey;
+    }
+    async request(method, path, body) {
+        const url = `${this.apiUrl}${path}`;
+        const headers = {
+            'Authorization': `Bearer ${this.apiKey}`,
+            'Content-Type': 'application/json',
+            'Accept': 'application/json',
+        };
+        const res = await fetch(url, {
+            method,
+            headers,
+            body: body ? JSON.stringify(body) : undefined,
+        });
+        if (!res.ok) {
+            const error = await res.json().catch(() => ({ error: res.statusText }));
+            throw new Error(`DayBy API error (${res.status}): ${JSON.stringify(error)}`);
+        }
+        return res.json();
+    }
+    async listPosts(page = 1, perPage = 10) {
+        return this.request('GET', `/api/v2/posts?page=${page}&per_page=${perPage}`);
+    }
+    async getPost(slug) {
+        return this.request('GET', `/api/v2/posts/${slug}`);
+    }
+    async createPost(params) {
+        return this.request('POST', '/api/v2/posts', {
+            post: params,
+        });
+    }
+    async updatePost(slug, params) {
+        return this.request('PUT', `/api/v2/posts/${slug}`, {
+            post: params,
+        });
+    }
+    async deletePost(slug) {
+        return this.request('DELETE', `/api/v2/posts/${slug}`);
+    }
+    async generateArticle(slug) {
+        return this.request('POST', `/api/v2/posts/${slug}/generate_article`);
+    }
+}
+exports.DayByClient = DayByClient;

package/dist/index.d.ts

@@ -0,0 +1,10 @@
+#!/usr/bin/env node
+/**
+ * DayBy MCP Server
+ *
+ * Post your dev progress from Claude, Cursor, or any MCP client.
+ * All content is sanitized locally before it ever touches the network.
+ *
+ * Flow: draft_post → review → publish_post (nothing leaves without approval)
+ */
+export {};

package/dist/index.js

@@ -0,0 +1,285 @@
+#!/usr/bin/env node
+"use strict";
+/**
+ * DayBy MCP Server
+ *
+ * Post your dev progress from Claude, Cursor, or any MCP client.
+ * All content is sanitized locally before it ever touches the network.
+ *
+ * Flow: draft_post → review → publish_post (nothing leaves without approval)
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const mcp_js_1 = require("@modelcontextprotocol/sdk/server/mcp.js");
+const stdio_js_1 = require("@modelcontextprotocol/sdk/server/stdio.js");
+const zod_1 = require("zod");
+const sanitizer_js_1 = require("./sanitizer.js");
+const dayby_client_js_1 = require("./dayby-client.js");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+function loadConfig() {
+    // 1. Check env vars
+    const apiUrl = process.env.DAYBY_API_URL || 'https://dayby.dev';
+    const apiKey = process.env.DAYBY_API_KEY || '';
+    // 2. Load sanitizer config from file if it exists
+    let sanitizerConfig = {};
+    const configPaths = [
+        path.join(process.env.HOME || '~', '.dayby', 'sanitizer.json'),
+        path.join(process.cwd(), '.dayby-sanitizer.json'),
+    ];
+    for (const configPath of configPaths) {
+        try {
+            const raw = fs.readFileSync(configPath, 'utf-8');
+            sanitizerConfig = JSON.parse(raw);
+            break;
+        }
+        catch {
+            // File doesn't exist, that's fine
+        }
+    }
+    // 3. Also load from env (comma-separated)
+    if (process.env.DAYBY_BLOCKED_TERMS) {
+        sanitizerConfig.blockedTerms = [
+            ...(sanitizerConfig.blockedTerms || []),
+            ...process.env.DAYBY_BLOCKED_TERMS.split(',').map(s => s.trim()),
+        ];
+    }
+    if (process.env.DAYBY_BLOCKED_DOMAINS) {
+        sanitizerConfig.blockedDomains = [
+            ...(sanitizerConfig.blockedDomains || []),
+            ...process.env.DAYBY_BLOCKED_DOMAINS.split(',').map(s => s.trim()),
+        ];
+    }
+    return { apiUrl, apiKey, sanitizer: sanitizerConfig };
+}
+const drafts = new Map();
+function generateDraftId() {
+    return `draft_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+}
+// --- Main ---
+async function main() {
+    const config = loadConfig();
+    const sanitizer = new sanitizer_js_1.Sanitizer(config.sanitizer);
+    const client = new dayby_client_js_1.DayByClient({ apiUrl: config.apiUrl, apiKey: config.apiKey });
+    const server = new mcp_js_1.McpServer({
+        name: 'dayby',
+        version: '0.1.0',
+    });
+    // ========================================
+    // Tool: draft_post
+    // Sanitizes content locally, returns preview. NOTHING leaves the machine.
+    // ========================================
+    server.tool('draft_post', 'Create a sanitized draft of a dev progress post. Content is cleaned locally — nothing is sent to the network. Returns a preview for the user to review before publishing.', {
+        title: zod_1.z.string().describe('Post title — focus on the technology/skill learned'),
+        content: zod_1.z.string().describe('Post content — describe what you learned, built, or solved. The sanitizer will strip any sensitive data automatically.'),
+        visibility: zod_1.z.enum(['published', 'draft']).default('published').describe('Post visibility on DayBy'),
+    }, async ({ title, content, visibility }) => {
+        // Sanitize both title and content locally
+        const titleResult = sanitizer.sanitize(title);
+        const contentResult = sanitizer.sanitize(content);
+        const allStripped = [...titleResult.stripped, ...contentResult.stripped];
+        const draftId = generateDraftId();
+        const draft = {
+            id: draftId,
+            originalContent: content,
+            sanitizedTitle: titleResult.clean,
+            sanitizedContent: contentResult.clean,
+            strippedItems: allStripped,
+            createdAt: new Date(),
+        };
+        drafts.set(draftId, draft);
+        // Build response
+        let response = `📝 **Draft Preview** (ID: ${draftId})\n\n`;
+        response += `**Title:** ${draft.sanitizedTitle}\n\n`;
+        response += `**Content:**\n${draft.sanitizedContent}\n\n`;
+        response += `**Visibility:** ${visibility}\n`;
+        if (allStripped.length > 0) {
+            response += `\n⚠️ **Sanitizer removed ${allStripped.length} sensitive item(s):**\n`;
+            for (const item of allStripped.slice(0, 10)) {
+                response += `  • ${item}\n`;
+            }
+            if (allStripped.length > 10) {
+                response += `  • ...and ${allStripped.length - 10} more\n`;
+            }
+        }
+        else {
+            response += `\n✅ No sensitive data detected.\n`;
+        }
+        response += `\n👉 Review the above. If it looks good, use **publish_post** with draft ID: \`${draftId}\``;
+        response += `\n💡 You can also use **edit_draft** to modify before publishing.`;
+        return { content: [{ type: 'text', text: response }] };
+    });
+    // ========================================
+    // Tool: edit_draft
+    // Modify a draft before publishing
+    // ========================================
+    server.tool('edit_draft', 'Edit a draft post before publishing. Provide updated title and/or content — they will be re-sanitized locally.', {
+        draft_id: zod_1.z.string().describe('The draft ID from draft_post'),
+        title: zod_1.z.string().optional().describe('Updated title (will be re-sanitized)'),
+        content: zod_1.z.string().optional().describe('Updated content (will be re-sanitized)'),
+    }, async ({ draft_id, title, content }) => {
+        const draft = drafts.get(draft_id);
+        if (!draft) {
+            return {
+                content: [{ type: 'text', text: `❌ Draft not found: ${draft_id}. Use draft_post to create a new one.` }],
+            };
+        }
+        if (title) {
+            const result = sanitizer.sanitize(title);
+            draft.sanitizedTitle = result.clean;
+            draft.strippedItems.push(...result.stripped);
+        }
+        if (content) {
+            const result = sanitizer.sanitize(content);
+            draft.sanitizedContent = result.clean;
+            draft.originalContent = content;
+            draft.strippedItems.push(...result.stripped);
+        }
+        let response = `✏️ **Draft Updated** (ID: ${draft_id})\n\n`;
+        response += `**Title:** ${draft.sanitizedTitle}\n\n`;
+        response += `**Content:**\n${draft.sanitizedContent}\n\n`;
+        response += `\n👉 Use **publish_post** with draft ID: \`${draft_id}\` when ready.`;
+        return { content: [{ type: 'text', text: response }] };
+    });
+    // ========================================
+    // Tool: publish_post
+    // Only NOW does data leave the machine — and only the sanitized version.
+    // ========================================
+    server.tool('publish_post', 'Publish a previously drafted post to DayBy. Only the sanitized version is sent — the original content never leaves your machine.', {
+        draft_id: zod_1.z.string().describe('The draft ID from draft_post'),
+        generate_article: zod_1.z.boolean().default(false).describe('Also generate an AI-formatted article on DayBy after publishing'),
+    }, async ({ draft_id, generate_article }) => {
+        const draft = drafts.get(draft_id);
+        if (!draft) {
+            return {
+                content: [{ type: 'text', text: `❌ Draft not found: ${draft_id}. Use draft_post to create a new one.` }],
+            };
+        }
+        if (!config.apiKey) {
+            return {
+                content: [{
+                        type: 'text',
+                        text: '❌ No API key configured. Set DAYBY_API_KEY environment variable or add it to your MCP config.',
+                    }],
+            };
+        }
+        try {
+            // Only the sanitized content is sent
+            const result = await client.createPost({
+                title: draft.sanitizedTitle,
+                content: draft.sanitizedContent,
+            });
+            let response = `✅ **Published to DayBy!**\n\n`;
+            response += `**Title:** ${result.post.title}\n`;
+            response += `**URL:** ${result.post.url}\n`;
+            response += `**Slug:** ${result.post.slug}\n`;
+            if (generate_article && result.post.slug) {
+                try {
+                    await client.generateArticle(result.post.slug);
+                    response += `\n🤖 AI article generation triggered.`;
+                }
+                catch (e) {
+                    response += `\n⚠️ Article generation failed: ${e instanceof Error ? e.message : 'Unknown error'}`;
+                }
+            }
+            // Clean up draft
+            drafts.delete(draft_id);
+            return { content: [{ type: 'text', text: response }] };
+        }
+        catch (e) {
+            return {
+                content: [{
+                        type: 'text',
+                        text: `❌ Failed to publish: ${e instanceof Error ? e.message : 'Unknown error'}`,
+                    }],
+            };
+        }
+    });
+    // ========================================
+    // Tool: list_posts
+    // ========================================
+    server.tool('list_posts', 'List your recent DayBy posts.', {
+        page: zod_1.z.number().default(1).describe('Page number'),
+        per_page: zod_1.z.number().default(10).describe('Posts per page'),
+    }, async ({ page, per_page }) => {
+        if (!config.apiKey) {
+            return {
+                content: [{ type: 'text', text: '❌ No API key configured.' }],
+            };
+        }
+        try {
+            const result = await client.listPosts(page, per_page);
+            let response = `📋 **Your DayBy Posts** (page ${result.meta.page}/${result.meta.total_pages}, ${result.meta.total} total)\n\n`;
+            for (const post of result.posts) {
+                response += `• **${post.title}** — ${post.url}\n`;
+                response += `  ${post.content.slice(0, 100)}${post.content.length > 100 ? '...' : ''}\n`;
+                response += `  _${post.created_at.slice(0, 10)} · ${post.visibility}_\n\n`;
+            }
+            return { content: [{ type: 'text', text: response }] };
+        }
+        catch (e) {
+            return {
+                content: [{
+                        type: 'text',
+                        text: `❌ Failed to list posts: ${e instanceof Error ? e.message : 'Unknown error'}`,
+                    }],
+            };
+        }
+    });
+    // ========================================
+    // Tool: check_content
+    // Dry-run sanitization — see what would get stripped without creating a draft.
+    // ========================================
+    server.tool('check_content', 'Check if content contains sensitive data without creating a draft. Useful for quick checks before writing a post.', {
+        text: zod_1.z.string().describe('Text to check for sensitive content'),
+    }, async ({ text }) => {
+        const result = sanitizer.check(text);
+        if (result.safe) {
+            return {
+                content: [{ type: 'text', text: '✅ No sensitive data detected. Safe to post.' }],
+            };
+        }
+        let response = `⚠️ **Found ${result.issues.length} sensitive item(s):**\n\n`;
+        for (const issue of result.issues) {
+            response += `  • ${issue}\n`;
+        }
+        response += `\nUse **draft_post** to create a sanitized version.`;
+        return { content: [{ type: 'text', text: response }] };
+    });
+    // --- Start server ---
+    const transport = new stdio_js_1.StdioServerTransport();
+    await server.connect(transport);
+}
+main().catch(console.error);

package/dist/sanitizer.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Local sanitization layer — strips sensitive data BEFORE anything leaves the machine.
+ * Runs entirely offline. No network calls.
+ */
+export interface SanitizerConfig {
+    /** Company/org names to strip */
+    blockedTerms: string[];
+    /** Internal domains (e.g., "internal.corp.com") */
+    blockedDomains: string[];
+    /** Teammate/people names to strip */
+    blockedNames: string[];
+    /** Custom regex patterns to strip */
+    customPatterns: string[];
+}
+export declare class Sanitizer {
+    private config;
+    private compiledBlockedTerms;
+    private compiledCustomPatterns;
+    constructor(config?: Partial<SanitizerConfig>);
+    /**
+     * Sanitize text locally. Returns the cleaned text and a list of what was stripped.
+     */
+    sanitize(text: string): {
+        clean: string;
+        stripped: string[];
+    };
+    /**
+     * Check if text contains any blocked content without modifying it.
+     */
+    check(text: string): {
+        safe: boolean;
+        issues: string[];
+    };
+}

package/dist/sanitizer.js

@@ -0,0 +1,108 @@
+"use strict";
+/**
+ * Local sanitization layer — strips sensitive data BEFORE anything leaves the machine.
+ * Runs entirely offline. No network calls.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Sanitizer = void 0;
+const DEFAULT_PATTERNS = [
+    // API keys & tokens
+    /(?:api[_-]?key|token|secret|password|bearer)\s*[:=]\s*['"]?[A-Za-z0-9_\-/.+]{16,}['"]?/gi,
+    // AWS ARNs
+    /arn:aws:[a-z0-9\-]+:[a-z0-9\-]*:\d{12}:[a-zA-Z0-9\-_/:.]+/g,
+    // AWS access keys
+    /(?:AKIA|ABIA|ACCA|ASIA)[A-Z0-9]{16}/g,
+    // Private IPs
+    /\b(?:10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(?:1[6-9]|2\d|3[01])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})\b/g,
+    // Email addresses
+    /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g,
+    // SSH keys
+    /ssh-(?:rsa|ed25519|ecdsa)\s+[A-Za-z0-9+/=]{40,}/g,
+    // JWT tokens
+    /eyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]+/g,
+    // GitHub tokens
+    /gh[ps]_[A-Za-z0-9_]{36,}/g,
+    // Generic secrets in env-like format
+    /[A-Z_]{3,}=["']?[A-Za-z0-9+/=_\-]{20,}["']?/g,
+    // Database URLs
+    /(?:postgres|mysql|mongodb|redis):\/\/[^\s"']+/gi,
+    // File paths with usernames
+    /\/(?:home|Users)\/[a-zA-Z0-9._-]+/g,
+];
+class Sanitizer {
+    config;
+    compiledBlockedTerms;
+    compiledCustomPatterns;
+    constructor(config = {}) {
+        this.config = {
+            blockedTerms: config.blockedTerms || [],
+            blockedDomains: config.blockedDomains || [],
+            blockedNames: config.blockedNames || [],
+            customPatterns: config.customPatterns || [],
+        };
+        // Compile blocked terms into case-insensitive regexes with word boundaries
+        this.compiledBlockedTerms = [
+            ...this.config.blockedTerms,
+            ...this.config.blockedNames,
+        ]
+            .filter(t => t.length > 0)
+            .map(term => new RegExp(`\\b${escapeRegex(term)}\\b`, 'gi'));
+        this.compiledCustomPatterns = this.config.customPatterns
+            .filter(p => p.length > 0)
+            .map(p => new RegExp(p, 'gi'));
+    }
+    /**
+     * Sanitize text locally. Returns the cleaned text and a list of what was stripped.
+     */
+    sanitize(text) {
+        const stripped = [];
+        let clean = text;
+        // 1. Strip default sensitive patterns
+        for (const pattern of DEFAULT_PATTERNS) {
+            const matches = clean.match(pattern);
+            if (matches) {
+                stripped.push(...matches.map(m => `[pattern: ${m.slice(0, 20)}...]`));
+                clean = clean.replace(pattern, '[REDACTED]');
+            }
+        }
+        // 2. Strip blocked domains
+        for (const domain of this.config.blockedDomains) {
+            const domainRegex = new RegExp(`(?:https?://)?(?:[a-z0-9-]+\\.)*${escapeRegex(domain)}[/\\w.-]*`, 'gi');
+            const matches = clean.match(domainRegex);
+            if (matches) {
+                stripped.push(...matches.map(m => `[domain: ${domain}]`));
+                clean = clean.replace(domainRegex, '[REDACTED-URL]');
+            }
+        }
+        // 3. Strip blocked terms and names
+        for (const termRegex of this.compiledBlockedTerms) {
+            const matches = clean.match(termRegex);
+            if (matches) {
+                stripped.push(...matches.map(m => `[term: ${m}]`));
+                clean = clean.replace(termRegex, '[REDACTED]');
+            }
+        }
+        // 4. Strip custom patterns
+        for (const pattern of this.compiledCustomPatterns) {
+            const matches = clean.match(pattern);
+            if (matches) {
+                stripped.push(...matches.map(m => `[custom: ${m.slice(0, 20)}...]`));
+                clean = clean.replace(pattern, '[REDACTED]');
+            }
+        }
+        // 5. Clean up multiple consecutive [REDACTED] tags
+        clean = clean.replace(/(\[REDACTED(?:-URL)?\]\s*){2,}/g, '[REDACTED] ');
+        return { clean: clean.trim(), stripped };
+    }
+    /**
+     * Check if text contains any blocked content without modifying it.
+     */
+    check(text) {
+        const { stripped } = this.sanitize(text);
+        return { safe: stripped.length === 0, issues: stripped };
+    }
+}
+exports.Sanitizer = Sanitizer;
+function escapeRegex(str) {
+    return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}

package/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "@dayby/mcp-server",
+  "version": "0.1.0",
+  "description": "DayBy MCP Server — Post your dev progress from Claude, Cursor, or any MCP client. Local sanitization built in.",
+  "main": "dist/index.js",
+  "bin": {
+    "dayby-mcp": "dist/index.js"
+  },
+  "files": [
+    "dist/",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "start": "node dist/index.js"
+  },
+  "keywords": ["mcp", "dayby", "developer", "journal", "claude"],
+  "license": "MIT",
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.3.0",
+    "@types/node": "^20.0.0"
+  }
+}