@dayby/mcp-server 0.2.0 → 0.3.1

package/README.md

@@ -5,11 +5,10 @@ Post your dev progress to [DayBy.dev](https://dayby.dev) from Claude, Cursor, or
 ## How It Works
 
 ```
-You're coding with Claude → learn something cool →
-  draft_post (sanitized locally, never touches network) →
-  Claude shows you a clean preview →
-  You say "ship it" →
-  publish_post → DayBy API (only sanitized content sent)
+draft_post → sanitized locally, never touches network
+           → Claude shows you a clean preview
+           → you approve
+           → publish_post → DayBy API (sanitized content only)
 ```
 
 **The raw context from your codebase never touches the network.** Only the sanitized, approved version gets published.
@@ -23,6 +22,9 @@ You're coding with Claude → learn something cool →
 | `check_content` | Dry-run: see what would get stripped | ❌ No |
 | `publish_post` | Publish an approved draft to DayBy | ✅ Yes (sanitized only) |
 | `list_posts` | List your recent DayBy posts | ✅ Yes |
+| `get_post` | Fetch a single post by slug | ✅ Yes |
+| `update_post` | Update title, content, or visibility | ✅ Yes |
+| `delete_post` | Permanently delete a post | ✅ Yes |
 
 ## What Gets Stripped (Automatically)
 
@@ -58,23 +60,48 @@ Create `~/.dayby/sanitizer.json`:
 
 ### 3. Install
 
+**Option A — npx (no install needed):**
+
+```bash
+npx @dayby/mcp-server
+```
+
+**Option B — global install:**
+
 ```bash
 npm install -g @dayby/mcp-server
 ```
 
+**Option C — from source:**
+
+```bash
+git clone https://github.com/ja-roque/dayby-mcp-server.git
+cd dayby-mcp-server
+npm install && npm run build
+```
+
 ### 4. Add to Claude Code / Claude Desktop / Cursor
 
 **Claude Code (simplest):**
+
 ```bash
 claude mcp add dayby -- dayby-mcp
 ```
 
+Or with npx:
+
+```bash
+claude mcp add dayby -- npx @dayby/mcp-server
+```
+
 **Claude Desktop** (`claude_desktop_config.json`):
+
 ```json
 {
   "mcpServers": {
     "dayby": {
-      "command": "dayby-mcp",
+      "command": "npx",
+      "args": ["@dayby/mcp-server"],
       "env": {
         "DAYBY_API_KEY": "your-api-key-here"
       }
@@ -84,11 +111,13 @@ claude mcp add dayby -- dayby-mcp
 ```
 
 **Cursor** (`.cursor/mcp.json`):
+
 ```json
 {
   "mcpServers": {
     "dayby": {
-      "command": "dayby-mcp",
+      "command": "npx",
+      "args": ["@dayby/mcp-server"],
       "env": {
         "DAYBY_API_KEY": "your-api-key-here"
       }
@@ -119,6 +148,28 @@ Claude will use `draft_post` to sanitize locally, show you a preview, and only p
 | `DAYBY_BLOCKED_TERMS` | Comma-separated blocked terms | (none) |
 | `DAYBY_BLOCKED_DOMAINS` | Comma-separated blocked domains | (none) |
 
+## Troubleshooting
+
+**`dayby-mcp: command not found` after global install**
+
+Your npm global bin isn't in your PATH. Run:
+
+```bash
+source ~/.bashrc
+```
+
+Or add this to your `~/.bashrc` / `~/.zshrc`:
+
+```bash
+export PATH="$(npm bin -g):$PATH"
+```
+
+Then restart your terminal or run `source ~/.bashrc` again.
+
+**MCP server not showing up in Claude**
+
+Restart Claude Code / Claude Desktop after adding the MCP config.
+
 ## License
 
 MIT

package/dist/auth.d.ts

@@ -0,0 +1,16 @@
+/**
+ * DayBy MCP — device authorization flow.
+ *
+ * Usage:
+ *   dayby-mcp auth           → interactive OAuth-style flow, saves token
+ *   dayby-mcp auth --logout  → clears saved credentials
+ */
+interface Credentials {
+    token: string;
+    api_url: string;
+}
+export declare function loadCredentials(): Credentials | null;
+export declare function clearCredentials(): void;
+export declare function getStoredToken(apiUrl?: string): string | null;
+export declare function runAuthFlow(apiUrl?: string): Promise<void>;
+export {};

package/dist/auth.js

@@ -0,0 +1,142 @@
+"use strict";
+/**
+ * DayBy MCP — device authorization flow.
+ *
+ * Usage:
+ *   dayby-mcp auth           → interactive OAuth-style flow, saves token
+ *   dayby-mcp auth --logout  → clears saved credentials
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadCredentials = loadCredentials;
+exports.clearCredentials = clearCredentials;
+exports.getStoredToken = getStoredToken;
+exports.runAuthFlow = runAuthFlow;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const child_process_1 = require("child_process");
+// --- Config ---
+const DEFAULT_API_URL = 'https://dayby.dev';
+const CREDENTIALS_DIR = path.join(process.env.HOME || '~', '.dayby');
+const CREDENTIALS_FILE = path.join(CREDENTIALS_DIR, 'credentials.json');
+const POLL_INTERVAL_MS = 2000;
+// --- Storage ---
+function loadCredentials() {
+    try {
+        return JSON.parse(fs.readFileSync(CREDENTIALS_FILE, 'utf-8'));
+    }
+    catch {
+        return null;
+    }
+}
+function saveCredentials(creds) {
+    fs.mkdirSync(CREDENTIALS_DIR, { recursive: true });
+    fs.writeFileSync(CREDENTIALS_FILE, JSON.stringify(creds, null, 2), { mode: 0o600 });
+}
+function clearCredentials() {
+    try {
+        fs.unlinkSync(CREDENTIALS_FILE);
+        console.log('Logged out. Credentials cleared.');
+    }
+    catch {
+        console.log('No credentials found.');
+    }
+}
+function getStoredToken(apiUrl = DEFAULT_API_URL) {
+    const creds = loadCredentials();
+    if (!creds)
+        return null;
+    // If the stored token is for a different server, ignore it
+    if (creds.api_url !== apiUrl)
+        return null;
+    return creds.token;
+}
+// --- Browser ---
+function openBrowser(url) {
+    const display = process.env.DISPLAY || ':0';
+    const cmd = process.platform === 'darwin' ? `open "${url}"` :
+        process.platform === 'win32' ? `start "" "${url}"` :
+            `DISPLAY=${display} xdg-open "${url}"`;
+    (0, child_process_1.exec)(cmd, (err) => {
+        if (err) {
+            console.error(`Could not open browser: ${err.message}`);
+            console.log(`Please open this URL manually:\n  ${url}`);
+        }
+    });
+}
+// --- Poll ---
+async function pollForToken(apiUrl, code) {
+    const url = `${apiUrl}/api/v2/auth/device/${code}`;
+    for (;;) {
+        await new Promise(r => setTimeout(r, POLL_INTERVAL_MS));
+        const res = await fetch(url);
+        if (res.status === 200) {
+            const data = await res.json();
+            return data.token;
+        }
+        if (res.status === 410) {
+            throw new Error('Authorization expired. Please run `dayby-mcp auth` again.');
+        }
+        if (res.status !== 202) {
+            throw new Error(`Unexpected response while waiting for authorization (${res.status}).`);
+        }
+        // 202 = still pending, keep polling
+    }
+}
+// --- Main flow ---
+async function runAuthFlow(apiUrl = DEFAULT_API_URL) {
+    console.log('\n🔐 DayBy Authentication\n');
+    console.log(`Connecting to ${apiUrl}...`);
+    // 1. Request a device code
+    const res = await fetch(`${apiUrl}/api/v2/auth/device`, { method: 'POST' });
+    if (!res.ok) {
+        console.error(`\n❌ Could not reach DayBy (HTTP ${res.status}). Check your connection.\n`);
+        process.exit(1);
+    }
+    const { code, verification_uri, expires_in } = await res.json();
+    const expiresMinutes = Math.round(expires_in / 60);
+    // 2. Open browser
+    console.log('Opening DayBy in your browser...\n');
+    console.log(`  URL:  ${verification_uri}`);
+    console.log(`  Code: ${code}`);
+    console.log(`  Expires in ${expiresMinutes} minutes\n`);
+    openBrowser(verification_uri);
+    // 3. Poll until the user clicks Authorize
+    console.log('Waiting for you to authorize in the browser...');
+    const token = await pollForToken(apiUrl, code);
+    // 4. Save
+    saveCredentials({ token, api_url: apiUrl });
+    console.log('\n✅ Authenticated! You can now use DayBy MCP.\n');
+}

package/dist/auth.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/auth.test.js

@@ -0,0 +1,105 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+// We test the exported functions directly
+const auth_js_1 = require("./auth.js");
+const CREDENTIALS_DIR = path.join(process.env.HOME || '~', '.dayby');
+const CREDENTIALS_FILE = path.join(CREDENTIALS_DIR, 'credentials.json');
+const BACKUP_FILE = CREDENTIALS_FILE + '.test-backup';
+(0, vitest_1.describe)('Auth', () => {
+    let originalCredentials = null;
+    (0, vitest_1.beforeEach)(() => {
+        // Back up existing credentials
+        try {
+            originalCredentials = fs.readFileSync(CREDENTIALS_FILE, 'utf-8');
+        }
+        catch {
+            originalCredentials = null;
+        }
+    });
+    (0, vitest_1.afterEach)(() => {
+        // Restore original credentials
+        if (originalCredentials) {
+            fs.writeFileSync(CREDENTIALS_FILE, originalCredentials, { mode: 0o600 });
+        }
+    });
+    (0, vitest_1.describe)('loadCredentials', () => {
+        (0, vitest_1.it)('returns null when no credentials file exists', () => {
+            // Temporarily rename the file
+            const tempPath = CREDENTIALS_FILE + '.tmp';
+            try {
+                fs.renameSync(CREDENTIALS_FILE, tempPath);
+            }
+            catch { }
+            try {
+                const result = (0, auth_js_1.loadCredentials)();
+                (0, vitest_1.expect)(result).toBeNull();
+            }
+            finally {
+                try {
+                    fs.renameSync(tempPath, CREDENTIALS_FILE);
+                }
+                catch { }
+            }
+        });
+        (0, vitest_1.it)('returns credentials when file exists', () => {
+            const creds = (0, auth_js_1.loadCredentials)();
+            // If credentials exist on this machine, they should have token and api_url
+            if (creds) {
+                (0, vitest_1.expect)(creds).toHaveProperty('token');
+                (0, vitest_1.expect)(creds).toHaveProperty('api_url');
+                (0, vitest_1.expect)(typeof creds.token).toBe('string');
+                (0, vitest_1.expect)(typeof creds.api_url).toBe('string');
+            }
+        });
+    });
+    (0, vitest_1.describe)('getStoredToken', () => {
+        (0, vitest_1.it)('returns null for a non-matching API URL', () => {
+            const token = (0, auth_js_1.getStoredToken)('https://not-the-right-server.com');
+            (0, vitest_1.expect)(token).toBeNull();
+        });
+        (0, vitest_1.it)('returns token for the correct API URL', () => {
+            const token = (0, auth_js_1.getStoredToken)('https://dayby.dev');
+            // Token exists on this dev machine
+            if (token) {
+                (0, vitest_1.expect)(typeof token).toBe('string');
+                (0, vitest_1.expect)(token.length).toBeGreaterThan(0);
+            }
+        });
+    });
+});

package/dist/dayby-client.d.ts

@@ -28,7 +28,11 @@ export interface PostsListResponse {
 export declare class DayByClient {
     private apiUrl;
     private apiKey;
-    constructor(config: DayByConfig);
+    private resolveKey?;
+    constructor(config: DayByConfig & {
+        resolveKey?: () => string;
+    });
+    private getApiKey;
     private request;
     listPosts(page?: number, perPage?: number): Promise<PostsListResponse>;
     getPost(slug: string): Promise<{

package/dist/dayby-client.js

@@ -7,14 +7,22 @@ exports.DayByClient = void 0;
 class DayByClient {
     apiUrl;
     apiKey;
+    resolveKey;
     constructor(config) {
         this.apiUrl = config.apiUrl.replace(/\/$/, '');
         this.apiKey = config.apiKey;
+        this.resolveKey = config.resolveKey;
+    }
+    getApiKey() {
+        if (this.resolveKey)
+            return this.resolveKey();
+        return this.apiKey;
     }
     async request(method, path, body) {
         const url = `${this.apiUrl}${path}`;
+        const apiKey = this.getApiKey();
         const headers = {
-            'Authorization': `Bearer ${this.apiKey}`,
+            'Authorization': `Bearer ${apiKey}`,
             'Content-Type': 'application/json',
             'Accept': 'application/json',
         };

package/dist/index.d.ts

@@ -6,5 +6,9 @@
  * All content is sanitized locally before it ever touches the network.
  *
  * Flow: draft_post → review → publish_post (nothing leaves without approval)
+ *
+ * Auth:
+ *   Run `dayby-mcp auth` once to authorize via OAuth (no API key needed).
+ *   Or set DAYBY_API_KEY env var for the legacy API key flow.
  */
 export {};

package/dist/index.js

@@ -7,6 +7,10 @@
  * All content is sanitized locally before it ever touches the network.
  *
  * Flow: draft_post → review → publish_post (nothing leaves without approval)
+ *
+ * Auth:
+ *   Run `dayby-mcp auth` once to authorize via OAuth (no API key needed).
+ *   Or set DAYBY_API_KEY env var for the legacy API key flow.
  */
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
@@ -47,13 +51,29 @@ const stdio_js_1 = require("@modelcontextprotocol/sdk/server/stdio.js");
 const zod_1 = require("zod");
 const sanitizer_js_1 = require("./sanitizer.js");
 const dayby_client_js_1 = require("./dayby-client.js");
+const auth_js_1 = require("./auth.js");
+const visibility_js_1 = require("./visibility.js");
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+// --- Auth subcommand ---
+async function handleAuthCommand() {
+    const args = process.argv.slice(3); // after "auth"
+    if (args.includes('--logout')) {
+        (0, auth_js_1.clearCredentials)();
+        return;
+    }
+    const apiUrl = process.env.DAYBY_API_URL || 'https://dayby.dev';
+    await (0, auth_js_1.runAuthFlow)(apiUrl);
+}
 function loadConfig() {
-    // 1. Check env vars
     const apiUrl = process.env.DAYBY_API_URL || 'https://dayby.dev';
-    const apiKey = process.env.DAYBY_API_KEY || '';
-    // 2. Load sanitizer config from file if it exists
+    // 1. Env var takes priority (legacy)
+    let apiKey = process.env.DAYBY_API_KEY || '';
+    // 2. Fall back to stored token from `dayby-mcp auth`
+    if (!apiKey) {
+        apiKey = (0, auth_js_1.getStoredToken)(apiUrl) || '';
+    }
+    // 3. Load sanitizer config from file if it exists
     let sanitizerConfig = {};
     const configPaths = [
         path.join(process.env.HOME || '~', '.dayby', 'sanitizer.json'),
@@ -69,7 +89,7 @@ function loadConfig() {
             // File doesn't exist, that's fine
         }
     }
-    // 3. Also load from env (comma-separated)
+    // 4. Also load from env (comma-separated)
     if (process.env.DAYBY_BLOCKED_TERMS) {
         sanitizerConfig.blockedTerms = [
             ...(sanitizerConfig.blockedTerms || []),
@@ -90,9 +110,21 @@ function generateDraftId() {
 }
 // --- Main ---
 async function main() {
+    // Handle `dayby-mcp auth [--logout]` subcommand
+    if (process.argv[2] === 'auth') {
+        await handleAuthCommand();
+        process.exit(0);
+    }
     const config = loadConfig();
     const sanitizer = new sanitizer_js_1.Sanitizer(config.sanitizer);
-    const client = new dayby_client_js_1.DayByClient({ apiUrl: config.apiUrl, apiKey: config.apiKey });
+    const client = new dayby_client_js_1.DayByClient({
+        apiUrl: config.apiUrl,
+        apiKey: config.apiKey,
+        resolveKey: () => {
+            // Re-check env and stored credentials on every call
+            return process.env.DAYBY_API_KEY || (0, auth_js_1.getStoredToken)(config.apiUrl) || config.apiKey;
+        },
+    });
     const server = new mcp_js_1.McpServer({
         name: 'dayby',
         version: '0.1.0',
@@ -193,11 +225,12 @@ async function main() {
                 content: [{ type: 'text', text: `❌ Draft not found: ${draft_id}. Use draft_post to create a new one.` }],
             };
         }
-        if (!config.apiKey) {
+        const currentKey = process.env.DAYBY_API_KEY || (0, auth_js_1.getStoredToken)(config.apiUrl) || config.apiKey;
+        if (!currentKey) {
             return {
                 content: [{
                         type: 'text',
-                        text: '❌ No API key configured. Set DAYBY_API_KEY environment variable or add it to your MCP config.',
+                        text: '❌ Not authenticated. Run `dayby-mcp auth` in your terminal to connect your DayBy account.',
                     }],
             };
         }
@@ -206,7 +239,7 @@ async function main() {
             const result = await client.createPost({
                 title: draft.sanitizedTitle,
                 content: draft.sanitizedContent,
-                visibility: draft.visibility,
+                visibility: (0, visibility_js_1.toApiVisibility)(draft.visibility),
             });
             let response = `✅ **Published to DayBy!**\n\n`;
             response += `**Title:** ${result.post.title}\n`;
@@ -241,9 +274,9 @@ async function main() {
         page: zod_1.z.number().default(1).describe('Page number'),
         per_page: zod_1.z.number().default(10).describe('Posts per page'),
     }, async ({ page, per_page }) => {
-        if (!config.apiKey) {
+        if (!(process.env.DAYBY_API_KEY || (0, auth_js_1.getStoredToken)(config.apiUrl) || config.apiKey)) {
             return {
-                content: [{ type: 'text', text: '❌ No API key configured.' }],
+                content: [{ type: 'text', text: '❌ Not authenticated. Run `dayby-mcp auth` to connect your DayBy account.' }],
             };
         }
         try {
@@ -252,7 +285,7 @@ async function main() {
             for (const post of result.posts) {
                 response += `• **${post.title}** — ${post.url}\n`;
                 response += `  ${post.content.slice(0, 100)}${post.content.length > 100 ? '...' : ''}\n`;
-                response += `  _${post.created_at.slice(0, 10)} · ${post.visibility}_\n\n`;
+                response += `  _${post.created_at.slice(0, 10)} · ${(0, visibility_js_1.fromApiVisibility)(post.visibility)}_\n\n`;
             }
             return { content: [{ type: 'text', text: response }] };
         }
@@ -271,8 +304,8 @@ async function main() {
     server.tool('get_post', 'Get a single DayBy post by its slug.', {
         slug: zod_1.z.string().describe('The post slug'),
     }, async ({ slug }) => {
-        if (!config.apiKey) {
-            return { content: [{ type: 'text', text: '❌ No API key configured.' }] };
+        if (!(process.env.DAYBY_API_KEY || (0, auth_js_1.getStoredToken)(config.apiUrl) || config.apiKey)) {
+            return { content: [{ type: 'text', text: '❌ Not authenticated. Run `dayby-mcp auth` to connect your DayBy account.' }] };
         }
         try {
             const result = await client.getPost(slug);
@@ -280,7 +313,7 @@ async function main() {
             let response = `📄 **${post.title}**\n\n`;
             response += `**Slug:** ${post.slug}\n`;
             response += `**URL:** ${post.url}\n`;
-            response += `**Visibility:** ${post.visibility}\n`;
+            response += `**Visibility:** ${(0, visibility_js_1.fromApiVisibility)(post.visibility)}\n`;
             response += `**Created:** ${post.created_at.slice(0, 10)}\n\n`;
             response += post.content;
             return { content: [{ type: 'text', text: response }] };
@@ -300,8 +333,8 @@ async function main() {
         content: zod_1.z.string().optional().describe('New content (will be sanitized)'),
         visibility: zod_1.z.enum(['published', 'draft']).optional().describe('New visibility'),
     }, async ({ slug, title, content, visibility }) => {
-        if (!config.apiKey) {
-            return { content: [{ type: 'text', text: '❌ No API key configured.' }] };
+        if (!(process.env.DAYBY_API_KEY || (0, auth_js_1.getStoredToken)(config.apiUrl) || config.apiKey)) {
+            return { content: [{ type: 'text', text: '❌ Not authenticated. Run `dayby-mcp auth` to connect your DayBy account.' }] };
         }
         const params = {};
         if (title)
@@ -309,7 +342,7 @@ async function main() {
         if (content)
             params.content = sanitizer.sanitize(content).clean;
         if (visibility)
-            params.visibility = visibility;
+            params.visibility = (0, visibility_js_1.toApiVisibility)(visibility);
         if (Object.keys(params).length === 0) {
             return { content: [{ type: 'text', text: '❌ Provide at least one field to update (title, content, or visibility).' }] };
         }
@@ -319,7 +352,7 @@ async function main() {
             let response = `✅ **Post Updated**\n\n`;
             response += `**Title:** ${post.title}\n`;
             response += `**URL:** ${post.url}\n`;
-            response += `**Visibility:** ${post.visibility}\n`;
+            response += `**Visibility:** ${(0, visibility_js_1.fromApiVisibility)(post.visibility)}\n`;
             return { content: [{ type: 'text', text: response }] };
         }
         catch (e) {
@@ -334,8 +367,8 @@ async function main() {
     server.tool('delete_post', 'Permanently delete a DayBy post by its slug.', {
         slug: zod_1.z.string().describe('The post slug to delete'),
     }, async ({ slug }) => {
-        if (!config.apiKey) {
-            return { content: [{ type: 'text', text: '❌ No API key configured.' }] };
+        if (!(process.env.DAYBY_API_KEY || (0, auth_js_1.getStoredToken)(config.apiUrl) || config.apiKey)) {
+            return { content: [{ type: 'text', text: '❌ Not authenticated. Run `dayby-mcp auth` to connect your DayBy account.' }] };
         }
         try {
             const result = await client.deletePost(slug);

package/dist/sanitizer.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/sanitizer.test.js

@@ -0,0 +1,87 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const sanitizer_js_1 = require("./sanitizer.js");
+(0, vitest_1.describe)('Sanitizer', () => {
+    const sanitizer = new sanitizer_js_1.Sanitizer();
+    (0, vitest_1.describe)('default patterns', () => {
+        (0, vitest_1.it)('strips API keys', () => {
+            const result = sanitizer.sanitize('My api_key=sk_live_abc123def456ghi789jkl012');
+            (0, vitest_1.expect)(result.clean).not.toContain('sk_live_abc123def456ghi789jkl012');
+            (0, vitest_1.expect)(result.stripped.length).toBeGreaterThan(0);
+        });
+        (0, vitest_1.it)('strips AWS access keys', () => {
+            const result = sanitizer.sanitize('Key: AKIAIOSFODNN7EXAMPLE');
+            (0, vitest_1.expect)(result.clean).not.toContain('AKIAIOSFODNN7EXAMPLE');
+        });
+        (0, vitest_1.it)('strips private IPs', () => {
+            const result = sanitizer.sanitize('Server at 192.168.1.100');
+            (0, vitest_1.expect)(result.clean).not.toContain('192.168.1.100');
+            (0, vitest_1.expect)(result.clean).toContain('[REDACTED]');
+        });
+        (0, vitest_1.it)('strips email addresses', () => {
+            const result = sanitizer.sanitize('Contact me at user@company.com');
+            (0, vitest_1.expect)(result.clean).not.toContain('user@company.com');
+        });
+        (0, vitest_1.it)('strips database URLs', () => {
+            const result = sanitizer.sanitize('postgres://user:pass@localhost/db');
+            (0, vitest_1.expect)(result.clean).not.toContain('postgres://');
+        });
+        (0, vitest_1.it)('strips file paths with usernames', () => {
+            const result = sanitizer.sanitize('File at /home/javier/project');
+            (0, vitest_1.expect)(result.clean).not.toContain('/home/javier');
+        });
+        (0, vitest_1.it)('strips JWT tokens', () => {
+            const result = sanitizer.sanitize('Token: eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxfQ.abc123def456');
+            (0, vitest_1.expect)(result.clean).not.toContain('eyJhbGci');
+        });
+        (0, vitest_1.it)('strips GitHub tokens', () => {
+            const result = sanitizer.sanitize('ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijkl');
+            (0, vitest_1.expect)(result.clean).not.toContain('ghp_');
+        });
+    });
+    (0, vitest_1.describe)('safe content', () => {
+        (0, vitest_1.it)('leaves clean text untouched', () => {
+            const text = 'I built a feature using React and TypeScript today.';
+            const result = sanitizer.sanitize(text);
+            (0, vitest_1.expect)(result.clean).toBe(text);
+            (0, vitest_1.expect)(result.stripped).toHaveLength(0);
+        });
+        (0, vitest_1.it)('leaves public IPs alone', () => {
+            const result = sanitizer.sanitize('Server at 8.8.8.8');
+            (0, vitest_1.expect)(result.clean).toContain('8.8.8.8');
+        });
+    });
+    (0, vitest_1.describe)('blocked terms', () => {
+        (0, vitest_1.it)('strips configured blocked terms', () => {
+            const s = new sanitizer_js_1.Sanitizer({ blockedTerms: ['Acme Corp'] });
+            const result = s.sanitize('Working on the Acme Corp project');
+            (0, vitest_1.expect)(result.clean).not.toContain('Acme Corp');
+        });
+        (0, vitest_1.it)('strips blocked names', () => {
+            const s = new sanitizer_js_1.Sanitizer({ blockedNames: ['John Doe'] });
+            const result = s.sanitize('Paired with John Doe on the fix');
+            (0, vitest_1.expect)(result.clean).not.toContain('John Doe');
+        });
+    });
+    (0, vitest_1.describe)('blocked domains', () => {
+        (0, vitest_1.it)('strips blocked domain URLs', () => {
+            const s = new sanitizer_js_1.Sanitizer({ blockedDomains: ['internal.corp.com'] });
+            const result = s.sanitize('Check https://jira.internal.corp.com/browse/TICK-123');
+            (0, vitest_1.expect)(result.clean).not.toContain('internal.corp.com');
+            (0, vitest_1.expect)(result.clean).toContain('[REDACTED-URL]');
+        });
+    });
+    (0, vitest_1.describe)('check', () => {
+        (0, vitest_1.it)('returns safe for clean content', () => {
+            const result = sanitizer.check('Just a normal post about coding.');
+            (0, vitest_1.expect)(result.safe).toBe(true);
+            (0, vitest_1.expect)(result.issues).toHaveLength(0);
+        });
+        (0, vitest_1.it)('returns unsafe for sensitive content', () => {
+            const result = sanitizer.check('My api_key=super_secret_key_1234567890');
+            (0, vitest_1.expect)(result.safe).toBe(false);
+            (0, vitest_1.expect)(result.issues.length).toBeGreaterThan(0);
+        });
+    });
+});

package/dist/visibility.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Visibility mapping between MCP (user-facing) and DayBy API values.
+ *
+ * MCP uses "published"/"draft" (intuitive for users).
+ * DayBy API uses "publik"/"draft"/"hidden" (Rails enum).
+ */
+export declare function toApiVisibility(v: string): string;
+export declare function fromApiVisibility(v: string): string;

package/dist/visibility.js

@@ -0,0 +1,16 @@
+"use strict";
+/**
+ * Visibility mapping between MCP (user-facing) and DayBy API values.
+ *
+ * MCP uses "published"/"draft" (intuitive for users).
+ * DayBy API uses "publik"/"draft"/"hidden" (Rails enum).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.toApiVisibility = toApiVisibility;
+exports.fromApiVisibility = fromApiVisibility;
+function toApiVisibility(v) {
+    return v === 'published' ? 'publik' : v;
+}
+function fromApiVisibility(v) {
+    return v === 'publik' ? 'published' : v;
+}

package/dist/visibility.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/visibility.test.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const visibility_js_1 = require("./visibility.js");
+(0, vitest_1.describe)('Visibility mapping', () => {
+    (0, vitest_1.describe)('toApiVisibility', () => {
+        (0, vitest_1.it)('maps "published" to "publik"', () => {
+            (0, vitest_1.expect)((0, visibility_js_1.toApiVisibility)('published')).toBe('publik');
+        });
+        (0, vitest_1.it)('passes "draft" through unchanged', () => {
+            (0, vitest_1.expect)((0, visibility_js_1.toApiVisibility)('draft')).toBe('draft');
+        });
+        (0, vitest_1.it)('passes "hidden" through unchanged', () => {
+            (0, vitest_1.expect)((0, visibility_js_1.toApiVisibility)('hidden')).toBe('hidden');
+        });
+    });
+    (0, vitest_1.describe)('fromApiVisibility', () => {
+        (0, vitest_1.it)('maps "publik" to "published"', () => {
+            (0, vitest_1.expect)((0, visibility_js_1.fromApiVisibility)('publik')).toBe('published');
+        });
+        (0, vitest_1.it)('passes "draft" through unchanged', () => {
+            (0, vitest_1.expect)((0, visibility_js_1.fromApiVisibility)('draft')).toBe('draft');
+        });
+        (0, vitest_1.it)('passes "hidden" through unchanged', () => {
+            (0, vitest_1.expect)((0, visibility_js_1.fromApiVisibility)('hidden')).toBe('hidden');
+        });
+    });
+    (0, vitest_1.describe)('round-trip', () => {
+        (0, vitest_1.it)('published -> publik -> published', () => {
+            (0, vitest_1.expect)((0, visibility_js_1.fromApiVisibility)((0, visibility_js_1.toApiVisibility)('published'))).toBe('published');
+        });
+        (0, vitest_1.it)('draft -> draft -> draft', () => {
+            (0, vitest_1.expect)((0, visibility_js_1.fromApiVisibility)((0, visibility_js_1.toApiVisibility)('draft'))).toBe('draft');
+        });
+    });
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dayby/mcp-server",
-  "version": "0.2.0",
+  "version": "0.3.1",
   "description": "DayBy MCP Server — Post your dev progress from Claude, Cursor, or any MCP client. Local sanitization built in.",
   "main": "dist/index.js",
   "bin": {
@@ -13,15 +13,25 @@
   "scripts": {
     "build": "tsc",
     "dev": "tsc --watch",
-    "start": "node dist/index.js"
+    "start": "node dist/index.js",
+    "test": "vitest run",
+    "test:watch": "vitest"
   },
-  "keywords": ["mcp", "dayby", "developer", "journal", "claude"],
+  "keywords": [
+    "mcp",
+    "dayby",
+    "developer",
+    "journal",
+    "claude"
+  ],
   "license": "MIT",
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.0.0"
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "zod": "^3.22.0"
   },
   "devDependencies": {
+    "@types/node": "^20.0.0",
     "typescript": "^5.3.0",
-    "@types/node": "^20.0.0"
+    "vitest": "^4.1.5"
   }
 }