@de-otio/epimethian-mcp 2.0.1 → 3.0.0

package/dist/cli/index.js

@@ -1,5 +1,4 @@
 #!/usr/bin/env node
-#!/usr/bin/env node
 "use strict";
 var __create = Object.create;
 var __defProp = Object.defineProperty;
@@ -6804,20 +6803,28 @@ var require_dist = __commonJS({
 });
 
 // src/shared/keychain.ts
+function accountForProfile(profile) {
+  if (!PROFILE_NAME_RE.test(profile)) {
+    throw new Error(
+      `Invalid profile name: "${profile}". Use lowercase alphanumeric and hyphens only (1-63 chars).`
+    );
+  }
+  return `${LEGACY_ACCOUNT}/${profile}`;
+}
 function exec(cmd, args) {
   return new Promise((resolve2, reject) => {
-    (0, import_node_child_process.execFile)(cmd, args, { timeout: 5e3 }, (err, stdout2, stderr) => {
+    (0, import_node_child_process.execFile)(cmd, args, { timeout: 5e3 }, (err, stdout3, stderr) => {
       if (err) {
         reject(new Error(stderr || err.message));
       } else {
-        resolve2(stdout2);
+        resolve2(stdout3);
       }
     });
   });
 }
-async function writeMacOS(password) {
+async function writeMacOS(account, password) {
   try {
-    await exec("security", ["delete-generic-password", "-s", SERVICE, "-a", ACCOUNT]);
+    await exec("security", ["delete-generic-password", "-s", SERVICE, "-a", account]);
   } catch {
   }
   await exec("security", [
@@ -6825,23 +6832,26 @@ async function writeMacOS(password) {
     "-s",
     SERVICE,
     "-a",
-    ACCOUNT,
+    account,
     "-w",
     password,
     "-U"
   ]);
 }
-async function readMacOS() {
+async function readMacOS(account) {
   return (await exec("security", [
     "find-generic-password",
     "-s",
     SERVICE,
     "-a",
-    ACCOUNT,
+    account,
     "-w"
   ])).trim();
 }
-async function writeLinux(password) {
+async function deleteMacOS(account) {
+  await exec("security", ["delete-generic-password", "-s", SERVICE, "-a", account]);
+}
+async function writeLinux(account, password) {
   return new Promise((resolve2, reject) => {
     const proc = (0, import_node_child_process.spawn)("secret-tool", [
       "store",
@@ -6850,7 +6860,7 @@ async function writeLinux(password) {
       "service",
       SERVICE,
       "account",
-      ACCOUNT
+      account
     ]);
     proc.stdin.write(password);
     proc.stdin.end();
@@ -6861,55 +6871,122 @@ async function writeLinux(password) {
     proc.on("error", reject);
   });
 }
-async function readLinux() {
+async function readLinux(account) {
   return (await exec("secret-tool", [
     "lookup",
     "service",
     SERVICE,
     "account",
-    ACCOUNT
+    account
   ])).trim();
 }
-async function saveToKeychain(creds) {
+async function deleteLinux(account) {
+  await exec("secret-tool", [
+    "clear",
+    "service",
+    SERVICE,
+    "account",
+    account
+  ]);
+}
+function resolveAccount(profile) {
+  if (profile !== void 0) {
+    return accountForProfile(profile);
+  }
+  return LEGACY_ACCOUNT;
+}
+async function saveToKeychain(creds, profile) {
+  const account = resolveAccount(profile);
   const json = JSON.stringify(creds);
   if (process.platform === "darwin") {
-    await writeMacOS(json);
+    await writeMacOS(account, json);
   } else if (process.platform === "linux") {
-    await writeLinux(json);
+    await writeLinux(account, json);
   } else {
     throw new Error(`Keychain not supported on ${process.platform}`);
   }
 }
-async function readFromKeychain() {
+async function readFromKeychain(profile) {
+  const account = resolveAccount(profile);
+  let raw;
   try {
-    let raw;
     if (process.platform === "darwin") {
-      raw = await readMacOS();
+      raw = await readMacOS(account);
     } else if (process.platform === "linux") {
-      raw = await readLinux();
+      raw = await readLinux(account);
     } else {
       return null;
     }
-    const parsed = JSON.parse(raw);
-    if (parsed && typeof parsed.apiToken === "string") {
-      return parsed;
-    }
-    return null;
   } catch {
     return null;
   }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    const label = profile ? `profile "${profile}"` : "legacy keychain entry";
+    throw new Error(`Corrupted keychain entry for ${label}: invalid JSON.`);
+  }
+  if (!parsed || typeof parsed !== "object" || typeof parsed.apiToken !== "string" || typeof parsed.url !== "string" || typeof parsed.email !== "string") {
+    const label = profile ? `profile "${profile}"` : "legacy keychain entry";
+    throw new Error(
+      `Corrupted keychain entry for ${label}: missing required fields (url, email, apiToken).`
+    );
+  }
+  return parsed;
+}
+async function deleteFromKeychain(profile) {
+  const account = resolveAccount(profile);
+  try {
+    if (process.platform === "darwin") {
+      await deleteMacOS(account);
+    } else if (process.platform === "linux") {
+      await deleteLinux(account);
+    }
+  } catch {
+  }
 }
-var import_node_child_process, SERVICE, ACCOUNT;
+var import_node_child_process, SERVICE, LEGACY_ACCOUNT, PROFILE_NAME_RE;
 var init_keychain = __esm({
   "src/shared/keychain.ts"() {
     "use strict";
     import_node_child_process = require("node:child_process");
     SERVICE = "epimethian-mcp";
-    ACCOUNT = "confluence-credentials";
+    LEGACY_ACCOUNT = "confluence-credentials";
+    PROFILE_NAME_RE = /^[a-z0-9][a-z0-9-]{0,62}$/;
   }
 });
 
 // src/shared/test-connection.ts
+async function verifyTenantIdentity(url, email2, apiToken) {
+  const endpoint = `${url.replace(/\/+$/, "")}/wiki/rest/api/user/current`;
+  const auth = Buffer.from(`${email2}:${apiToken}`).toString("base64");
+  try {
+    const response = await fetch(endpoint, {
+      method: "GET",
+      headers: {
+        Authorization: `Basic ${auth}`,
+        Accept: "application/json"
+      }
+    });
+    if (!response.ok) {
+      return { ok: false, message: `HTTP ${response.status}: ${response.statusText}` };
+    }
+    const body = await response.json();
+    const authenticatedEmail = body.email ?? "";
+    if (authenticatedEmail.toLowerCase() !== email2.toLowerCase()) {
+      return {
+        ok: false,
+        authenticatedEmail,
+        message: `Tenant identity mismatch. Expected: ${email2}, authenticated as: ${authenticatedEmail}. This may indicate a DNS or configuration issue.`
+      };
+    }
+    return { ok: true, authenticatedEmail, message: `Verified identity: ${authenticatedEmail}` };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return { ok: false, message: `Identity verification failed: ${message}` };
+  }
+}
 async function testConnection(url, email2, apiToken) {
   const endpoint = `${url.replace(/\/+$/, "")}/wiki/api/v2/spaces?limit=1`;
   const auth = Buffer.from(`${email2}:${apiToken}`).toString("base64");
@@ -6947,6 +7024,76 @@ var init_test_connection = __esm({
   }
 });
 
+// src/shared/profiles.ts
+async function ensureConfigDir() {
+  await (0, import_promises2.mkdir)(CONFIG_DIR, { recursive: true, mode: 448 });
+}
+async function readProfileRegistry() {
+  try {
+    const raw = await (0, import_promises2.readFile)(REGISTRY_FILE, "utf-8");
+    const parsed = JSON.parse(raw);
+    if (parsed && typeof parsed === "object" && Array.isArray(parsed.profiles) && parsed.profiles.every((p) => typeof p === "string")) {
+      return parsed.profiles;
+    }
+    console.error(
+      "Warning: Profile registry has unexpected format. Treating as empty."
+    );
+    return [];
+  } catch (err) {
+    if (err instanceof Error && "code" in err && err.code === "ENOENT") {
+      return [];
+    }
+    console.error("Warning: Could not read profile registry. Treating as empty.");
+    return [];
+  }
+}
+async function addToProfileRegistry(name) {
+  await ensureConfigDir();
+  const profiles = await readProfileRegistry();
+  if (profiles.includes(name)) return;
+  profiles.push(name);
+  const data = JSON.stringify({ profiles }, null, 2) + "\n";
+  const tmpFile = (0, import_node_path2.join)(
+    CONFIG_DIR,
+    `.profiles.${(0, import_node_crypto.randomBytes)(4).toString("hex")}.tmp`
+  );
+  await (0, import_promises2.writeFile)(tmpFile, data, { mode: 384 });
+  await (0, import_promises2.rename)(tmpFile, REGISTRY_FILE);
+}
+async function removeFromProfileRegistry(name) {
+  const profiles = await readProfileRegistry();
+  const filtered = profiles.filter((p) => p !== name);
+  if (filtered.length === profiles.length) return;
+  await ensureConfigDir();
+  const data = JSON.stringify({ profiles: filtered }, null, 2) + "\n";
+  const tmpFile = (0, import_node_path2.join)(
+    CONFIG_DIR,
+    `.profiles.${(0, import_node_crypto.randomBytes)(4).toString("hex")}.tmp`
+  );
+  await (0, import_promises2.writeFile)(tmpFile, data, { mode: 384 });
+  await (0, import_promises2.rename)(tmpFile, REGISTRY_FILE);
+}
+async function appendAuditLog(message) {
+  await ensureConfigDir();
+  const entry = `[${(/* @__PURE__ */ new Date()).toISOString()}] ${message}
+`;
+  const { appendFile } = await import("node:fs/promises");
+  await appendFile(AUDIT_LOG, entry, { mode: 384 });
+}
+var import_promises2, import_node_path2, import_node_os2, import_node_crypto, CONFIG_DIR, REGISTRY_FILE, AUDIT_LOG;
+var init_profiles = __esm({
+  "src/shared/profiles.ts"() {
+    "use strict";
+    import_promises2 = require("node:fs/promises");
+    import_node_path2 = require("node:path");
+    import_node_os2 = require("node:os");
+    import_node_crypto = require("node:crypto");
+    CONFIG_DIR = (0, import_node_path2.join)((0, import_node_os2.homedir)(), ".config", "epimethian-mcp");
+    REGISTRY_FILE = (0, import_node_path2.join)(CONFIG_DIR, "profiles.json");
+    AUDIT_LOG = (0, import_node_path2.join)(CONFIG_DIR, "audit.log");
+  }
+});
+
 // src/cli/setup.ts
 var setup_exports = {};
 __export(setup_exports, {
@@ -6982,15 +7129,22 @@ function readPassword(prompt) {
     import_node_process2.stdin.on("data", onData);
   });
 }
-async function runSetup() {
+async function runSetup(profile) {
   if (!import_node_process2.stdin.isTTY) {
     console.error(
       "Error: setup requires an interactive terminal.\nFor non-interactive environments, set CONFLUENCE_URL, CONFLUENCE_EMAIL, and CONFLUENCE_API_TOKEN as environment variables."
     );
     process.exit(1);
   }
-  console.log("Epimethian MCP - Confluence credential setup\n");
-  const existing = await readFromKeychain();
+  if (profile !== void 0 && !PROFILE_NAME_RE.test(profile)) {
+    console.error(
+      `Error: Invalid profile name "${profile}". Use lowercase alphanumeric and hyphens only (1-63 chars).`
+    );
+    process.exit(1);
+  }
+  const banner = profile ? `Epimethian MCP - Credential setup for profile "${profile}"` : "Epimethian MCP - Confluence credential setup";
+  console.log(banner + "\n");
+  const existing = await readFromKeychain(profile);
   const rl = readline.createInterface({ input: import_node_process2.stdin, output: import_node_process2.stdout });
   try {
     const defaultUrl = existing?.url ?? "";
@@ -7006,6 +7160,21 @@ async function runSetup() {
       console.error("Error: URL must start with https://");
       process.exit(1);
     }
+    try {
+      const parsed = new URL(url);
+      if (parsed.username || parsed.password || /[\n\r]/.test(url)) {
+        console.error("Error: URL contains invalid characters.");
+        process.exit(1);
+      }
+      if (!parsed.hostname.endsWith(".atlassian.net")) {
+        console.error(
+          `Warning: URL does not match *.atlassian.net. Ensure this is the correct Confluence instance.`
+        );
+      }
+    } catch {
+      console.error("Error: Invalid URL format.");
+      process.exit(1);
+    }
     const defaultEmail = existing?.email ?? "";
     const emailPrompt = defaultEmail ? `Email [${defaultEmail}]: ` : "Email: ";
     let email2 = (await rl.question(emailPrompt)).trim();
@@ -7030,8 +7199,17 @@ async function runSetup() {
     }
     console.log(`${result.message}
 `);
-    await saveToKeychain({ url, email: email2, apiToken });
-    console.log("Credentials saved to OS keychain.\n");
+    await saveToKeychain({ url, email: email2, apiToken }, profile);
+    if (profile) {
+      await addToProfileRegistry(profile);
+      console.log(`Credentials saved to OS keychain (profile: ${profile}).
+`);
+    } else {
+      console.log("Credentials saved to OS keychain.\n");
+      console.log(
+        "Tip: Use --profile <name> for multi-tenant support.\n"
+      );
+    }
     console.log(`Available tools (${TOOLS.length}):`);
     console.log(`  ${TOOLS.join(", ")}`);
     console.log(
@@ -7049,6 +7227,7 @@ var init_setup = __esm({
     import_node_process2 = require("node:process");
     init_test_connection();
     init_keychain();
+    init_profiles();
     TOOLS = [
       "create_page",
       "get_page",
@@ -7066,6 +7245,164 @@ var init_setup = __esm({
   }
 });
 
+// src/cli/profiles.ts
+var profiles_exports = {};
+__export(profiles_exports, {
+  runProfiles: () => runProfiles
+});
+async function runProfiles() {
+  const args = process.argv.slice(3);
+  const removeIdx = args.indexOf("--remove");
+  if (removeIdx > -1) {
+    const name = args[removeIdx + 1];
+    if (!name || !PROFILE_NAME_RE.test(name)) {
+      console.error(
+        "Error: --remove requires a valid profile name."
+      );
+      process.exit(1);
+    }
+    await removeProfile(name, args.includes("--force"));
+    return;
+  }
+  const verbose = args.includes("--verbose");
+  const profiles = await readProfileRegistry();
+  if (profiles.length === 0) {
+    console.log("No profiles configured. Run `epimethian-mcp setup --profile <name>` to create one.");
+    return;
+  }
+  if (verbose) {
+    console.log(
+      `  ${"Profile".padEnd(20)} ${"URL".padEnd(40)} Email`
+    );
+    console.log(
+      `  ${"\u2500".repeat(20)} ${"\u2500".repeat(40)} ${"\u2500".repeat(30)}`
+    );
+    for (const name of profiles) {
+      try {
+        const creds = await readFromKeychain(name);
+        if (creds) {
+          console.log(
+            `  ${name.padEnd(20)} ${creds.url.padEnd(40)} ${creds.email}`
+          );
+        } else {
+          console.log(
+            `  ${name.padEnd(20)} (credentials missing)`
+          );
+        }
+      } catch {
+        console.log(
+          `  ${name.padEnd(20)} (credentials corrupted)`
+        );
+      }
+    }
+  } else {
+    console.log("Configured profiles:");
+    for (const name of profiles) {
+      console.log(`  ${name}`);
+    }
+    console.log("\nUse --verbose to show URLs and emails.");
+  }
+}
+async function removeProfile(name, force) {
+  if (!force || import_node_process3.stdin.isTTY) {
+    if (!import_node_process3.stdin.isTTY) {
+      console.error(
+        "Error: Removing a profile requires an interactive terminal or --force in non-TTY mode."
+      );
+      process.exit(1);
+    }
+    const rl = readline2.createInterface({ input: import_node_process3.stdin, output: import_node_process3.stdout });
+    try {
+      const answer = await rl.question(
+        `Remove profile "${name}" and delete its credentials? [y/N] `
+      );
+      if (answer.trim().toLowerCase() !== "y") {
+        console.log("Cancelled.");
+        return;
+      }
+    } finally {
+      rl.close();
+    }
+  }
+  await deleteFromKeychain(name);
+  await removeFromProfileRegistry(name);
+  await appendAuditLog(`Removed profile "${name}"`);
+  console.log(`Profile "${name}" removed.`);
+}
+var import_node_process3, readline2;
+var init_profiles2 = __esm({
+  "src/cli/profiles.ts"() {
+    "use strict";
+    import_node_process3 = require("node:process");
+    readline2 = __toESM(require("node:readline/promises"));
+    init_keychain();
+    init_profiles();
+  }
+});
+
+// src/cli/status.ts
+var status_exports = {};
+__export(status_exports, {
+  runStatus: () => runStatus
+});
+async function runStatus() {
+  const profile = process.env.CONFLUENCE_PROFILE || "";
+  const urlEnv = process.env.CONFLUENCE_URL || "";
+  const emailEnv = process.env.CONFLUENCE_EMAIL || "";
+  const tokenEnv = process.env.CONFLUENCE_API_TOKEN || "";
+  let url;
+  let email2;
+  let apiToken;
+  let mode;
+  if (profile) {
+    if (!PROFILE_NAME_RE.test(profile)) {
+      console.error(`Invalid CONFLUENCE_PROFILE: "${profile}".`);
+      process.exit(1);
+    }
+    const creds = await readFromKeychain(profile);
+    if (!creds) {
+      console.error(
+        `No credentials found for profile "${profile}". Run \`epimethian-mcp setup --profile ${profile}\` to configure.`
+      );
+      process.exit(1);
+    }
+    url = creds.url;
+    email2 = creds.email;
+    apiToken = creds.apiToken;
+    mode = `profile: ${profile}`;
+  } else if (urlEnv && emailEnv && tokenEnv) {
+    url = urlEnv;
+    email2 = emailEnv;
+    apiToken = tokenEnv;
+    mode = "env-var mode";
+  } else {
+    const legacy = await readFromKeychain();
+    if (!legacy) {
+      console.error(
+        "No credentials configured. Run `epimethian-mcp setup --profile <name>` to get started."
+      );
+      process.exit(1);
+    }
+    url = legacy.url;
+    email2 = legacy.email;
+    apiToken = legacy.apiToken;
+    mode = "legacy keychain (no profile)";
+  }
+  console.log(`Profile:  ${mode}`);
+  console.log(`URL:      ${url}`);
+  console.log(`Email:    ${email2}`);
+  console.log("Testing connection...");
+  const result = await testConnection(url, email2, apiToken);
+  console.log(`Status:   ${result.ok ? "Connected" : "Failed"} - ${result.message}`);
+}
+var init_status = __esm({
+  "src/cli/status.ts"() {
+    "use strict";
+    init_test_connection();
+    init_keychain();
+  }
+});
+
 // node_modules/zod/v3/external.js
 var external_exports = {};
 __export(external_exports, {
@@ -21286,29 +21623,64 @@ var import_node_path = require("node:path");
 
 // src/server/confluence-client.ts
 init_keychain();
+init_test_connection();
 var _config = null;
-async function getConfig() {
-  if (_config) return _config;
-  let url = process.env.CONFLUENCE_URL?.replace(/\/$/, "") || "";
-  let email2 = process.env.CONFLUENCE_EMAIL || "";
-  let apiToken = process.env.CONFLUENCE_API_TOKEN || "";
-  if (!url || !email2 || !apiToken) {
-    const keychainCreds = await readFromKeychain();
-    if (keychainCreds) {
-      url = url || keychainCreds.url.replace(/\/$/, "");
-      email2 = email2 || keychainCreds.email;
-      apiToken = apiToken || keychainCreds.apiToken;
-    }
-  }
-  if (!url || !email2 || !apiToken) {
+async function resolveCredentials() {
+  const profileEnv = process.env.CONFLUENCE_PROFILE || "";
+  const urlEnv = process.env.CONFLUENCE_URL?.replace(/\/$/, "") || "";
+  const emailEnv = process.env.CONFLUENCE_EMAIL || "";
+  const tokenEnv = process.env.CONFLUENCE_API_TOKEN || "";
+  if (profileEnv) {
+    if (!PROFILE_NAME_RE.test(profileEnv)) {
+      console.error(
+        `Invalid CONFLUENCE_PROFILE: "${profileEnv}". Use lowercase alphanumeric and hyphens only (1-63 chars).`
+      );
+      process.exit(1);
+    }
+    const creds = await readFromKeychain(profileEnv);
+    if (!creds) {
+      console.error(
+        `No credentials found for profile "${profileEnv}". Run \`epimethian-mcp setup --profile ${profileEnv}\` to configure.`
+      );
+      process.exit(1);
+    }
+    return {
+      url: creds.url.replace(/\/$/, ""),
+      email: creds.email,
+      apiToken: creds.apiToken,
+      profile: profileEnv
+    };
+  }
+  if (urlEnv && emailEnv && tokenEnv) {
+    delete process.env.CONFLUENCE_API_TOKEN;
+    return { url: urlEnv, email: emailEnv, apiToken: tokenEnv, profile: null };
+  }
+  const setVars = [
+    urlEnv && "CONFLUENCE_URL",
+    emailEnv && "CONFLUENCE_EMAIL",
+    tokenEnv && "CONFLUENCE_API_TOKEN"
+  ].filter(Boolean);
+  if (setVars.length > 0) {
     console.error(
-      "Missing Confluence credentials. Set CONFLUENCE_URL, CONFLUENCE_EMAIL, CONFLUENCE_API_TOKEN environment variables, or run `epimethian-mcp setup`."
+      `Error: Partial credentials detected (${setVars.join(", ")} set, but not all three).
+Either set CONFLUENCE_PROFILE or provide all three environment variables (CONFLUENCE_URL, CONFLUENCE_EMAIL, CONFLUENCE_API_TOKEN).
+Run \`epimethian-mcp setup --profile <name>\` for guided setup.`
     );
     process.exit(1);
   }
+  console.error(
+    "Missing Confluence credentials. Set CONFLUENCE_PROFILE environment variable, or run `epimethian-mcp setup --profile <name>` to configure."
+  );
+  process.exit(1);
+}
+async function getConfig() {
+  if (_config) return _config;
+  const { url, email: email2, apiToken, profile } = await resolveCredentials();
   const authHeader = "Basic " + Buffer.from(`${email2}:${apiToken}`).toString("base64");
-  _config = {
+  _config = Object.freeze({
     url,
+    email: email2,
+    profile,
     apiV2: `${url}/wiki/api/v2`,
     apiV1: `${url}/wiki/rest/api`,
     authHeader,
@@ -21316,9 +21688,43 @@ async function getConfig() {
       Authorization: authHeader,
       "Content-Type": "application/json"
     }
-  };
+  });
   return _config;
 }
+async function validateStartup(config2) {
+  const { url, email: email2, profile } = config2;
+  const decoded = Buffer.from(
+    config2.authHeader.replace("Basic ", ""),
+    "base64"
+  ).toString();
+  const colonIndex = decoded.indexOf(":");
+  const apiToken = decoded.slice(colonIndex + 1);
+  const connResult = await testConnection(url, email2, apiToken);
+  if (!connResult.ok) {
+    const profileHint = profile ? `Run \`epimethian-mcp setup --profile ${profile}\` to update credentials.` : "Check your CONFLUENCE_URL, CONFLUENCE_EMAIL, and CONFLUENCE_API_TOKEN.";
+    console.error(
+      `Error: Confluence credentials rejected by ${url}
+${connResult.message}
+${profileHint}`
+    );
+    process.exit(1);
+  }
+  const identityResult = await verifyTenantIdentity(url, email2, apiToken);
+  if (!identityResult.ok) {
+    const profileHint = profile ? `Run \`epimethian-mcp setup --profile ${profile}\` to reconfigure.` : "Check your credential configuration.";
+    console.error(
+      `Error: Tenant identity mismatch for ${profile ? `profile "${profile}"` : "configured credentials"}.
+Expected user: ${email2}
+` + (identityResult.authenticatedEmail ? `Authenticated as: ${identityResult.authenticatedEmail}
+` : "") + `This may indicate a DNS or configuration issue. ${profileHint}`
+    );
+    process.exit(1);
+  }
+  const profileLabel = profile ? `profile: ${profile}` : "env-var mode";
+  console.error(
+    `epimethian-mcp: connected to ${url} as ${email2} (${profileLabel})`
+  );
+}
 var PageSchema = external_exports.object({
   id: external_exports.string(),
   title: external_exports.string(),
@@ -21367,12 +21773,22 @@ var UploadResultSchema = external_exports.object({
     })
   ).default([])
 });
+function sanitizeError(message) {
+  let safe = message.slice(0, 500);
+  safe = safe.replace(/Basic [A-Za-z0-9+/=]{20,}/g, "Basic [REDACTED]");
+  safe = safe.replace(/Authorization:\s*\S+/gi, "Authorization: [REDACTED]");
+  safe = safe.replace(/Bearer [A-Za-z0-9._-]{20,}/g, "Bearer [REDACTED]");
+  return safe;
+}
 async function confluenceRequest(url, options = {}) {
   const cfg = await getConfig();
   const res = await fetch(url, { headers: cfg.jsonHeaders, ...options });
   if (!res.ok) {
     const body = await res.text();
-    throw new Error(`Confluence API error (${res.status}): ${body}`);
+    console.error(`Confluence API error (${res.status}): ${body}`);
+    throw new Error(
+      `Confluence API error (${res.status}): ${sanitizeError(body)}`
+    );
   }
   return res;
 }
@@ -21531,7 +21947,10 @@ async function uploadAttachment(pageId, fileData, filename, comment) {
   });
   if (!res.ok) {
     const body = await res.text();
-    throw new Error(`Confluence API error (${res.status}): ${body}`);
+    console.error(`Confluence API error (${res.status}): ${body}`);
+    throw new Error(
+      `Confluence API error (${res.status}): ${sanitizeError(body)}`
+    );
   }
   const data = UploadResultSchema.parse(await res.json());
   const att = data.results[0];
@@ -21593,360 +22012,374 @@ function toolResult(text) {
   return { content: [{ type: "text", text }] };
 }
 function toolError(err) {
-  const message = err instanceof Error ? err.message : String(err);
+  const raw = err instanceof Error ? err.message : String(err);
+  const message = sanitizeError(raw);
   return { content: [{ type: "text", text: `Error: ${message}` }], isError: true };
 }
-var server = new McpServer({
-  name: "confluence",
-  version: "1.0.0"
-});
-server.registerTool(
-  "create_page",
-  {
-    description: "Create a new page in Confluence",
-    inputSchema: {
-      title: external_exports.string().describe("Page title"),
-      space_key: external_exports.string().describe("Confluence space key, e.g. 'DEV' or 'TEAM'"),
-      body: external_exports.string().describe(
-        "Page content \u2013 plain text or Confluence storage format (HTML)"
-      ),
-      parent_id: external_exports.string().optional().describe("Optional parent page ID")
+function tenantEcho(config2) {
+  const host = new URL(config2.url).hostname;
+  const mode = config2.profile ? `profile: ${config2.profile}` : "env-var mode";
+  return `
+Tenant: ${host} (${mode})`;
+}
+function registerTools(server, config2) {
+  const echo = tenantEcho(config2);
+  server.registerTool(
+    "create_page",
+    {
+      description: "Create a new page in Confluence",
+      inputSchema: {
+        title: external_exports.string().describe("Page title"),
+        space_key: external_exports.string().describe("Confluence space key, e.g. 'DEV' or 'TEAM'"),
+        body: external_exports.string().describe(
+          "Page content \u2013 plain text or Confluence storage format (HTML)"
+        ),
+        parent_id: external_exports.string().optional().describe("Optional parent page ID")
+      },
+      annotations: { destructiveHint: false, idempotentHint: false }
     },
-    annotations: { destructiveHint: false, idempotentHint: false }
-  },
-  async ({ title, space_key, body, parent_id }) => {
-    try {
-      const spaceId = await resolveSpaceId(space_key);
-      const page = await createPage(spaceId, title, body, parent_id);
-      return toolResult(await formatPage(page, false));
-    } catch (err) {
-      return toolError(err);
-    }
-  }
-);
-server.registerTool(
-  "get_page",
-  {
-    description: "Read a Confluence page by ID",
-    inputSchema: {
-      page_id: external_exports.string().describe("The Confluence page ID"),
-      include_body: external_exports.boolean().default(true).describe("Whether to include the page body content")
+    async ({ title, space_key, body, parent_id }) => {
+      try {
+        const spaceId = await resolveSpaceId(space_key);
+        const page = await createPage(spaceId, title, body, parent_id);
+        return toolResult(await formatPage(page, false) + echo);
+      } catch (err) {
+        return toolError(err);
+      }
+    }
+  );
+  server.registerTool(
+    "get_page",
+    {
+      description: "Read a Confluence page by ID",
+      inputSchema: {
+        page_id: external_exports.string().describe("The Confluence page ID"),
+        include_body: external_exports.boolean().default(true).describe("Whether to include the page body content")
+      },
+      annotations: { readOnlyHint: true }
     },
-    annotations: { readOnlyHint: true }
-  },
-  async ({ page_id, include_body }) => {
-    try {
-      const page = await getPage(page_id, include_body);
-      return toolResult(await formatPage(page, include_body));
-    } catch (err) {
-      return toolError(err);
-    }
-  }
-);
-server.registerTool(
-  "update_page",
-  {
-    description: "Update an existing Confluence page. Auto-increments version number.",
-    inputSchema: {
-      page_id: external_exports.string().describe("The Confluence page ID"),
-      title: external_exports.string().optional().describe("New title (omit to keep current)"),
-      body: external_exports.string().optional().describe("New body content in plain text or storage format"),
-      version_message: external_exports.string().optional().describe("Optional version comment")
+    async ({ page_id, include_body }) => {
+      try {
+        const page = await getPage(page_id, include_body);
+        return toolResult(await formatPage(page, include_body));
+      } catch (err) {
+        return toolError(err);
+      }
+    }
+  );
+  server.registerTool(
+    "update_page",
+    {
+      description: "Update an existing Confluence page. Auto-increments version number.",
+      inputSchema: {
+        page_id: external_exports.string().describe("The Confluence page ID"),
+        title: external_exports.string().optional().describe("New title (omit to keep current)"),
+        body: external_exports.string().optional().describe("New body content in plain text or storage format"),
+        version_message: external_exports.string().optional().describe("Optional version comment")
+      },
+      annotations: { destructiveHint: false, idempotentHint: true }
     },
-    annotations: { destructiveHint: false, idempotentHint: true }
-  },
-  async ({ page_id, title, body, version_message }) => {
-    try {
-      const { page, newVersion } = await updatePage(page_id, {
-        title,
-        body,
-        versionMessage: version_message
-      });
-      return toolResult(
-        `Updated: ${page.title} (ID: ${page.id}, version: ${newVersion})`
-      );
-    } catch (err) {
-      return toolError(err);
+    async ({ page_id, title, body, version_message }) => {
+      try {
+        const { page, newVersion } = await updatePage(page_id, {
+          title,
+          body,
+          versionMessage: version_message
+        });
+        return toolResult(
+          `Updated: ${page.title} (ID: ${page.id}, version: ${newVersion})` + echo
+        );
+      } catch (err) {
+        return toolError(err);
+      }
     }
-  }
-);
-server.registerTool(
-  "delete_page",
-  {
-    description: "Delete a Confluence page by ID",
-    inputSchema: {
-      page_id: external_exports.string().describe("The Confluence page ID to delete")
+  );
+  server.registerTool(
+    "delete_page",
+    {
+      description: "Delete a Confluence page by ID",
+      inputSchema: {
+        page_id: external_exports.string().describe("The Confluence page ID to delete")
+      },
+      annotations: { destructiveHint: true, idempotentHint: true }
     },
-    annotations: { destructiveHint: true, idempotentHint: true }
-  },
-  async ({ page_id }) => {
-    try {
-      await deletePage(page_id);
-      return toolResult(`Deleted page ${page_id}`);
-    } catch (err) {
-      return toolError(err);
-    }
-  }
-);
-server.registerTool(
-  "search_pages",
-  {
-    description: "Search Confluence pages using CQL (Confluence Query Language)",
-    inputSchema: {
-      cql: external_exports.string().describe(
-        `CQL query string (e.g., 'space = "DEV" AND title ~ "architecture"')`
-      ),
-      limit: external_exports.number().default(25).describe("Maximum results to return (default: 25)")
+    async ({ page_id }) => {
+      try {
+        await deletePage(page_id);
+        return toolResult(`Deleted page ${page_id}` + echo);
+      } catch (err) {
+        return toolError(err);
+      }
+    }
+  );
+  server.registerTool(
+    "search_pages",
+    {
+      description: "Search Confluence pages using CQL (Confluence Query Language)",
+      inputSchema: {
+        cql: external_exports.string().describe(
+          `CQL query string (e.g., 'space = "DEV" AND title ~ "architecture"')`
+        ),
+        limit: external_exports.number().default(25).describe("Maximum results to return (default: 25)")
+      },
+      annotations: { readOnlyHint: true }
     },
-    annotations: { readOnlyHint: true }
-  },
-  async ({ cql, limit }) => {
-    try {
-      const results = await searchPages(cql, limit);
-      if (results.length === 0) {
-        return toolResult("No pages found matching the query.");
-      }
-      const lines = [`Found ${results.length} page(s):`, ""];
-      for (const p of results) {
-        const spaceKey = p.spaceId ?? p.space?.key ?? "N/A";
-        lines.push(`- ${p.title} (ID: ${p.id}, space: ${spaceKey})`);
-      }
-      return toolResult(lines.join("\n"));
-    } catch (err) {
-      return toolError(err);
-    }
-  }
-);
-server.registerTool(
-  "list_pages",
-  {
-    description: "List pages in a Confluence space",
-    inputSchema: {
-      space_key: external_exports.string().describe("Confluence space key (e.g., 'DEV')"),
-      limit: external_exports.number().default(25).describe("Maximum results (default: 25)"),
-      status: external_exports.string().default("current").describe("Page status filter (default: 'current')")
+    async ({ cql, limit }) => {
+      try {
+        const results = await searchPages(cql, limit);
+        if (results.length === 0) {
+          return toolResult("No pages found matching the query.");
+        }
+        const lines = [`Found ${results.length} page(s):`, ""];
+        for (const p of results) {
+          const spaceKey = p.spaceId ?? p.space?.key ?? "N/A";
+          lines.push(`- ${p.title} (ID: ${p.id}, space: ${spaceKey})`);
+        }
+        return toolResult(lines.join("\n"));
+      } catch (err) {
+        return toolError(err);
+      }
+    }
+  );
+  server.registerTool(
+    "list_pages",
+    {
+      description: "List pages in a Confluence space",
+      inputSchema: {
+        space_key: external_exports.string().describe("Confluence space key (e.g., 'DEV')"),
+        limit: external_exports.number().default(25).describe("Maximum results (default: 25)"),
+        status: external_exports.string().default("current").describe("Page status filter (default: 'current')")
+      },
+      annotations: { readOnlyHint: true }
     },
-    annotations: { readOnlyHint: true }
-  },
-  async ({ space_key, limit, status }) => {
-    try {
-      const spaceId = await resolveSpaceId(space_key);
-      const pages = await listPages(spaceId, limit, status);
-      if (pages.length === 0) {
-        return toolResult(`No pages found in space ${space_key}.`);
-      }
-      const lines = [`Pages in ${space_key} (${pages.length}):`, ""];
-      for (const p of pages) {
-        lines.push(`- ${p.title} (ID: ${p.id})`);
-      }
-      return toolResult(lines.join("\n"));
-    } catch (err) {
-      return toolError(err);
-    }
-  }
-);
-server.registerTool(
-  "get_page_children",
-  {
-    description: "Get child pages of a given Confluence page",
-    inputSchema: {
-      page_id: external_exports.string().describe("Parent page ID"),
-      limit: external_exports.number().default(25).describe("Maximum results (default: 25)")
+    async ({ space_key, limit, status }) => {
+      try {
+        const spaceId = await resolveSpaceId(space_key);
+        const pages = await listPages(spaceId, limit, status);
+        if (pages.length === 0) {
+          return toolResult(`No pages found in space ${space_key}.`);
+        }
+        const lines = [`Pages in ${space_key} (${pages.length}):`, ""];
+        for (const p of pages) {
+          lines.push(`- ${p.title} (ID: ${p.id})`);
+        }
+        return toolResult(lines.join("\n"));
+      } catch (err) {
+        return toolError(err);
+      }
+    }
+  );
+  server.registerTool(
+    "get_page_children",
+    {
+      description: "Get child pages of a given Confluence page",
+      inputSchema: {
+        page_id: external_exports.string().describe("Parent page ID"),
+        limit: external_exports.number().default(25).describe("Maximum results (default: 25)")
+      },
+      annotations: { readOnlyHint: true }
     },
-    annotations: { readOnlyHint: true }
-  },
-  async ({ page_id, limit }) => {
-    try {
-      const children = await getPageChildren(page_id, limit);
-      if (children.length === 0) {
-        return toolResult(`No child pages found for page ${page_id}.`);
-      }
-      const lines = [`Child pages (${children.length}):`, ""];
-      for (const p of children) {
-        lines.push(`- ${p.title} (ID: ${p.id})`);
-      }
-      return toolResult(lines.join("\n"));
-    } catch (err) {
-      return toolError(err);
-    }
-  }
-);
-server.registerTool(
-  "get_spaces",
-  {
-    description: "List available Confluence spaces",
-    inputSchema: {
-      limit: external_exports.number().default(25).describe("Maximum results (default: 25)"),
-      type: external_exports.string().optional().describe("Filter by space type (e.g., 'global', 'personal')")
+    async ({ page_id, limit }) => {
+      try {
+        const children = await getPageChildren(page_id, limit);
+        if (children.length === 0) {
+          return toolResult(`No child pages found for page ${page_id}.`);
+        }
+        const lines = [`Child pages (${children.length}):`, ""];
+        for (const p of children) {
+          lines.push(`- ${p.title} (ID: ${p.id})`);
+        }
+        return toolResult(lines.join("\n"));
+      } catch (err) {
+        return toolError(err);
+      }
+    }
+  );
+  server.registerTool(
+    "get_spaces",
+    {
+      description: "List available Confluence spaces",
+      inputSchema: {
+        limit: external_exports.number().default(25).describe("Maximum results (default: 25)"),
+        type: external_exports.string().optional().describe("Filter by space type (e.g., 'global', 'personal')")
+      },
+      annotations: { readOnlyHint: true }
     },
-    annotations: { readOnlyHint: true }
-  },
-  async ({ limit, type }) => {
-    try {
-      const spaces = await getSpaces(limit, type);
-      if (spaces.length === 0) {
-        return toolResult("No spaces found.");
-      }
-      const lines = [`Found ${spaces.length} space(s):`, ""];
-      for (const s of spaces) {
-        lines.push(`- ${s.name} (key: ${s.key}, type: ${s.type})`);
-      }
-      return toolResult(lines.join("\n"));
-    } catch (err) {
-      return toolError(err);
-    }
-  }
-);
-server.registerTool(
-  "get_page_by_title",
-  {
-    description: "Look up a Confluence page by its title within a space",
-    inputSchema: {
-      title: external_exports.string().describe("Page title to search for"),
-      space_key: external_exports.string().describe("Confluence space key (e.g., 'DEV')"),
-      include_body: external_exports.boolean().default(false).describe("Whether to include the page body content")
+    async ({ limit, type }) => {
+      try {
+        const spaces = await getSpaces(limit, type);
+        if (spaces.length === 0) {
+          return toolResult("No spaces found.");
+        }
+        const lines = [`Found ${spaces.length} space(s):`, ""];
+        for (const s of spaces) {
+          lines.push(`- ${s.name} (key: ${s.key}, type: ${s.type})`);
+        }
+        return toolResult(lines.join("\n"));
+      } catch (err) {
+        return toolError(err);
+      }
+    }
+  );
+  server.registerTool(
+    "get_page_by_title",
+    {
+      description: "Look up a Confluence page by its title within a space",
+      inputSchema: {
+        title: external_exports.string().describe("Page title to search for"),
+        space_key: external_exports.string().describe("Confluence space key (e.g., 'DEV')"),
+        include_body: external_exports.boolean().default(false).describe("Whether to include the page body content")
+      },
+      annotations: { readOnlyHint: true }
     },
-    annotations: { readOnlyHint: true }
-  },
-  async ({ title, space_key, include_body }) => {
-    try {
-      const spaceId = await resolveSpaceId(space_key);
-      const page = await getPageByTitle(spaceId, title, include_body);
-      if (!page) {
+    async ({ title, space_key, include_body }) => {
+      try {
+        const spaceId = await resolveSpaceId(space_key);
+        const page = await getPageByTitle(spaceId, title, include_body);
+        if (!page) {
+          return toolResult(
+            `No page found with title "${title}" in space ${space_key}.`
+          );
+        }
+        return toolResult(await formatPage(page, include_body));
+      } catch (err) {
+        return toolError(err);
+      }
+    }
+  );
+  server.registerTool(
+    "add_attachment",
+    {
+      description: "Upload a file as an attachment to a Confluence page. The file_path must be an absolute path under the current working directory.",
+      inputSchema: {
+        page_id: external_exports.string().describe("The Confluence page ID to attach the file to"),
+        file_path: external_exports.string().describe("Absolute path to the file on the local filesystem"),
+        filename: external_exports.string().optional().describe(
+          "Filename to use in Confluence (defaults to the basename of file_path)"
+        ),
+        comment: external_exports.string().optional().describe("Optional comment for the attachment")
+      },
+      annotations: { destructiveHint: false, idempotentHint: false }
+    },
+    async ({ page_id, file_path, filename, comment }) => {
+      try {
+        const resolved = await (0, import_promises.realpath)((0, import_node_path.resolve)(file_path));
+        const cwd = await (0, import_promises.realpath)(process.cwd());
+        if (!resolved.startsWith(cwd + "/") && resolved !== cwd) {
+          return toolError(
+            new Error(
+              `File path must be under the working directory (${cwd}). Got: ${resolved}`
+            )
+          );
+        }
+        const fileData = await (0, import_promises.readFile)(resolved);
+        const name = filename ?? resolved.split("/").pop() ?? "attachment";
+        const att = await uploadAttachment(page_id, fileData, name, comment);
         return toolResult(
-          `No page found with title "${title}" in space ${space_key}.`
+          `Attached: ${att.title} (ID: ${att.id}, size: ${att.fileSize ?? "unknown"} bytes) to page ${page_id}` + echo
         );
-      }
-      return toolResult(await formatPage(page, include_body));
-    } catch (err) {
-      return toolError(err);
-    }
-  }
-);
-server.registerTool(
-  "add_attachment",
-  {
-    description: "Upload a file as an attachment to a Confluence page. The file_path must be an absolute path under the current working directory.",
-    inputSchema: {
-      page_id: external_exports.string().describe("The Confluence page ID to attach the file to"),
-      file_path: external_exports.string().describe("Absolute path to the file on the local filesystem"),
-      filename: external_exports.string().optional().describe(
-        "Filename to use in Confluence (defaults to the basename of file_path)"
-      ),
-      comment: external_exports.string().optional().describe("Optional comment for the attachment")
+      } catch (err) {
+        return toolError(err);
+      }
+    }
+  );
+  server.registerTool(
+    "add_drawio_diagram",
+    {
+      description: "Add a draw.io diagram to a Confluence page. Uploads the diagram as an attachment and embeds it using the draw.io macro. Requires the draw.io app on the Confluence instance.",
+      inputSchema: {
+        page_id: external_exports.string().describe("The Confluence page ID to add the diagram to"),
+        diagram_xml: external_exports.string().describe(
+          "The draw.io diagram content in mxGraph XML format (the full XML starting with <mxfile>)"
+        ),
+        diagram_name: external_exports.string().regex(
+          /^[a-zA-Z0-9_\-. ]+$/,
+          "Diagram name may only contain letters, numbers, spaces, hyphens, underscores, and dots"
+        ).describe(
+          "Name for the diagram file (e.g., 'architecture.drawio'). Will have .drawio appended if not present."
+        ),
+        append: external_exports.boolean().default(true).describe(
+          "If true, appends the diagram to existing page content. If false, replaces the page body."
+        )
+      },
+      annotations: { destructiveHint: false, idempotentHint: false }
     },
-    annotations: { destructiveHint: false, idempotentHint: false }
-  },
-  async ({ page_id, file_path, filename, comment }) => {
-    try {
-      const resolved = await (0, import_promises.realpath)((0, import_node_path.resolve)(file_path));
-      const cwd = await (0, import_promises.realpath)(process.cwd());
-      if (!resolved.startsWith(cwd + "/") && resolved !== cwd) {
-        return toolError(
-          new Error(
-            `File path must be under the working directory (${cwd}). Got: ${resolved}`
-          )
+    async ({ page_id, diagram_xml, diagram_name, append }) => {
+      try {
+        const filename = diagram_name.endsWith(".drawio") ? diagram_name : `${diagram_name}.drawio`;
+        const tmpDir = await (0, import_promises.mkdtemp)((0, import_node_path.join)((0, import_node_os.tmpdir)(), "drawio-"));
+        try {
+          const tmpPath = (0, import_node_path.join)(tmpDir, filename);
+          await (0, import_promises.writeFile)(tmpPath, diagram_xml, "utf-8");
+          const fileData = await (0, import_promises.readFile)(tmpPath);
+          await uploadAttachment(page_id, fileData, filename);
+        } finally {
+          await (0, import_promises.rm)(tmpDir, { recursive: true, force: true });
+        }
+        const macro = [
+          `<ac:structured-macro ac:name="drawio" ac:schema-version="1">`,
+          `  <ac:parameter ac:name="diagramName">${escapeXml(filename)}</ac:parameter>`,
+          `  <ac:parameter ac:name="attachment">${escapeXml(filename)}</ac:parameter>`,
+          `</ac:structured-macro>`
+        ].join("\n");
+        const current = await getPage(page_id, true);
+        const newVersion = (current.version?.number ?? 0) + 1;
+        const existingBody = current.body?.storage?.value ?? current.body?.value ?? "";
+        const newBody = append ? `${existingBody}
+${macro}` : macro;
+        const { page } = await updatePage(page_id, {
+          body: newBody,
+          versionMessage: `Added diagram: ${filename}`
+        });
+        return toolResult(
+          `Diagram "${filename}" added to page ${page.title} (ID: ${page.id}, version: ${newVersion})` + echo
         );
+      } catch (err) {
+        return toolError(err);
       }
-      const fileData = await (0, import_promises.readFile)(resolved);
-      const name = filename ?? resolved.split("/").pop() ?? "attachment";
-      const att = await uploadAttachment(page_id, fileData, name, comment);
-      return toolResult(
-        `Attached: ${att.title} (ID: ${att.id}, size: ${att.fileSize ?? "unknown"} bytes) to page ${page_id}`
-      );
-    } catch (err) {
-      return toolError(err);
-    }
-  }
-);
-server.registerTool(
-  "add_drawio_diagram",
-  {
-    description: "Add a draw.io diagram to a Confluence page. Uploads the diagram as an attachment and embeds it using the draw.io macro. Requires the draw.io app on the Confluence instance.",
-    inputSchema: {
-      page_id: external_exports.string().describe("The Confluence page ID to add the diagram to"),
-      diagram_xml: external_exports.string().describe(
-        "The draw.io diagram content in mxGraph XML format (the full XML starting with <mxfile>)"
-      ),
-      diagram_name: external_exports.string().regex(
-        /^[a-zA-Z0-9_\-. ]+$/,
-        "Diagram name may only contain letters, numbers, spaces, hyphens, underscores, and dots"
-      ).describe(
-        "Name for the diagram file (e.g., 'architecture.drawio'). Will have .drawio appended if not present."
-      ),
-      append: external_exports.boolean().default(true).describe(
-        "If true, appends the diagram to existing page content. If false, replaces the page body."
-      )
+    }
+  );
+  server.registerTool(
+    "get_attachments",
+    {
+      description: "List attachments on a Confluence page",
+      inputSchema: {
+        page_id: external_exports.string().describe("The Confluence page ID"),
+        limit: external_exports.number().default(25).describe("Maximum results (default: 25)")
+      },
+      annotations: { readOnlyHint: true }
     },
-    annotations: { destructiveHint: false, idempotentHint: false }
-  },
-  async ({ page_id, diagram_xml, diagram_name, append }) => {
-    try {
-      const filename = diagram_name.endsWith(".drawio") ? diagram_name : `${diagram_name}.drawio`;
-      const tmpDir = await (0, import_promises.mkdtemp)((0, import_node_path.join)((0, import_node_os.tmpdir)(), "drawio-"));
+    async ({ page_id, limit }) => {
       try {
-        const tmpPath = (0, import_node_path.join)(tmpDir, filename);
-        await (0, import_promises.writeFile)(tmpPath, diagram_xml, "utf-8");
-        const fileData = await (0, import_promises.readFile)(tmpPath);
-        await uploadAttachment(page_id, fileData, filename);
-      } finally {
-        await (0, import_promises.rm)(tmpDir, { recursive: true, force: true });
-      }
-      const macro = [
-        `<ac:structured-macro ac:name="drawio" ac:schema-version="1">`,
-        `  <ac:parameter ac:name="diagramName">${escapeXml(filename)}</ac:parameter>`,
-        `  <ac:parameter ac:name="attachment">${escapeXml(filename)}</ac:parameter>`,
-        `</ac:structured-macro>`
-      ].join("\n");
-      const current = await getPage(page_id, true);
-      const newVersion = (current.version?.number ?? 0) + 1;
-      const existingBody = current.body?.storage?.value ?? current.body?.value ?? "";
-      const newBody = append ? `${existingBody}
-${macro}` : macro;
-      const { page } = await updatePage(page_id, {
-        body: newBody,
-        versionMessage: `Added diagram: ${filename}`
-      });
-      return toolResult(
-        `Diagram "${filename}" added to page ${page.title} (ID: ${page.id}, version: ${newVersion})`
-      );
-    } catch (err) {
-      return toolError(err);
-    }
-  }
-);
-server.registerTool(
-  "get_attachments",
-  {
-    description: "List attachments on a Confluence page",
-    inputSchema: {
-      page_id: external_exports.string().describe("The Confluence page ID"),
-      limit: external_exports.number().default(25).describe("Maximum results (default: 25)")
-    },
-    annotations: { readOnlyHint: true }
-  },
-  async ({ page_id, limit }) => {
-    try {
-      const attachments = await getAttachments(page_id, limit);
-      if (attachments.length === 0) {
-        return toolResult(`No attachments found on page ${page_id}.`);
-      }
-      const lines = [
-        `Attachments on page ${page_id} (${attachments.length}):`,
-        ""
-      ];
-      for (const a of attachments) {
-        const size = a.extensions?.fileSize ? `${Math.round(a.extensions.fileSize / 1024)}KB` : "unknown size";
-        const mediaType = a.extensions?.mediaType ?? "unknown type";
-        lines.push(`- ${a.title} (ID: ${a.id}, ${mediaType}, ${size})`);
+        const attachments = await getAttachments(page_id, limit);
+        if (attachments.length === 0) {
+          return toolResult(`No attachments found on page ${page_id}.`);
+        }
+        const lines = [
+          `Attachments on page ${page_id} (${attachments.length}):`,
+          ""
+        ];
+        for (const a of attachments) {
+          const size = a.extensions?.fileSize ? `${Math.round(a.extensions.fileSize / 1024)}KB` : "unknown size";
+          const mediaType = a.extensions?.mediaType ?? "unknown type";
+          lines.push(`- ${a.title} (ID: ${a.id}, ${mediaType}, ${size})`);
+        }
+        return toolResult(lines.join("\n"));
+      } catch (err) {
+        return toolError(err);
       }
-      return toolResult(lines.join("\n"));
-    } catch (err) {
-      return toolError(err);
     }
-  }
-);
+  );
+}
 async function main() {
+  const config2 = await getConfig();
+  await validateStartup(config2);
+  const serverName = config2.profile ? `confluence-${config2.profile}` : "confluence";
+  const server = new McpServer({
+    name: serverName,
+    version: "1.0.0"
+  });
+  registerTools(server, config2);
   const transport = new StdioServerTransport();
   await server.connect(transport);
 }
@@ -21955,8 +22388,16 @@ async function main() {
 async function run() {
   const command = process.argv[2];
   if (command === "setup") {
+    const idx = process.argv.indexOf("--profile");
+    const profile = idx > -1 ? process.argv[idx + 1] : void 0;
     const { runSetup: runSetup2 } = await Promise.resolve().then(() => (init_setup(), setup_exports));
-    await runSetup2();
+    await runSetup2(profile);
+  } else if (command === "profiles") {
+    const { runProfiles: runProfiles2 } = await Promise.resolve().then(() => (init_profiles2(), profiles_exports));
+    await runProfiles2();
+  } else if (command === "status") {
+    const { runStatus: runStatus2 } = await Promise.resolve().then(() => (init_status(), status_exports));
+    await runStatus2();
   } else {
     await main();
   }