@dizzlkheinz/ynab-mcpb 0.18.3 → 0.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (346) hide show
  1. package/CHANGELOG.md +17 -0
  2. package/CLAUDE.md +87 -8
  3. package/bin/ynab-mcp-server.cjs +2 -2
  4. package/bin/ynab-mcp-server.js +3 -3
  5. package/biome.json +39 -0
  6. package/dist/bundle/index.cjs +67 -67
  7. package/dist/index.d.ts +1 -1
  8. package/dist/index.js +27 -27
  9. package/dist/server/YNABMCPServer.d.ts +3 -4
  10. package/dist/server/YNABMCPServer.js +111 -116
  11. package/dist/server/budgetResolver.d.ts +6 -5
  12. package/dist/server/budgetResolver.js +46 -36
  13. package/dist/server/cacheKeys.js +6 -6
  14. package/dist/server/cacheManager.js +14 -11
  15. package/dist/server/completions.d.ts +2 -2
  16. package/dist/server/completions.js +20 -15
  17. package/dist/server/config.d.ts +10 -5
  18. package/dist/server/config.js +24 -7
  19. package/dist/server/deltaCache.d.ts +2 -2
  20. package/dist/server/deltaCache.js +22 -16
  21. package/dist/server/deltaCache.merge.d.ts +2 -2
  22. package/dist/server/diagnostics.d.ts +4 -4
  23. package/dist/server/diagnostics.js +38 -32
  24. package/dist/server/errorHandler.d.ts +5 -12
  25. package/dist/server/errorHandler.js +219 -217
  26. package/dist/server/prompts.d.ts +2 -2
  27. package/dist/server/prompts.js +45 -45
  28. package/dist/server/rateLimiter.js +4 -4
  29. package/dist/server/requestLogger.d.ts +1 -1
  30. package/dist/server/requestLogger.js +40 -35
  31. package/dist/server/resources.d.ts +3 -3
  32. package/dist/server/resources.js +55 -52
  33. package/dist/server/responseFormatter.js +6 -6
  34. package/dist/server/securityMiddleware.d.ts +2 -2
  35. package/dist/server/securityMiddleware.js +22 -20
  36. package/dist/server/serverKnowledgeStore.js +1 -1
  37. package/dist/server/toolRegistry.d.ts +3 -3
  38. package/dist/server/toolRegistry.js +47 -40
  39. package/dist/tools/__tests__/deltaTestUtils.d.ts +3 -3
  40. package/dist/tools/__tests__/deltaTestUtils.js +2 -2
  41. package/dist/tools/accountTools.d.ts +9 -8
  42. package/dist/tools/accountTools.js +47 -47
  43. package/dist/tools/adapters.d.ts +13 -8
  44. package/dist/tools/adapters.js +21 -11
  45. package/dist/tools/budgetTools.d.ts +8 -7
  46. package/dist/tools/budgetTools.js +22 -22
  47. package/dist/tools/categoryTools.d.ts +9 -8
  48. package/dist/tools/categoryTools.js +68 -59
  49. package/dist/tools/compareTransactions/formatter.d.ts +3 -3
  50. package/dist/tools/compareTransactions/formatter.js +9 -9
  51. package/dist/tools/compareTransactions/index.d.ts +6 -6
  52. package/dist/tools/compareTransactions/index.js +58 -43
  53. package/dist/tools/compareTransactions/matcher.d.ts +1 -1
  54. package/dist/tools/compareTransactions/matcher.js +28 -15
  55. package/dist/tools/compareTransactions/parser.d.ts +2 -2
  56. package/dist/tools/compareTransactions/parser.js +144 -138
  57. package/dist/tools/compareTransactions/types.d.ts +4 -4
  58. package/dist/tools/compareTransactions.d.ts +1 -1
  59. package/dist/tools/compareTransactions.js +1 -1
  60. package/dist/tools/deltaFetcher.d.ts +2 -2
  61. package/dist/tools/deltaFetcher.js +16 -15
  62. package/dist/tools/deltaSupport.d.ts +4 -4
  63. package/dist/tools/deltaSupport.js +35 -41
  64. package/dist/tools/exportTransactions.d.ts +5 -4
  65. package/dist/tools/exportTransactions.js +61 -59
  66. package/dist/tools/monthTools.d.ts +7 -6
  67. package/dist/tools/monthTools.js +31 -29
  68. package/dist/tools/payeeTools.d.ts +7 -6
  69. package/dist/tools/payeeTools.js +28 -28
  70. package/dist/tools/reconcileAdapter.d.ts +2 -2
  71. package/dist/tools/reconcileAdapter.js +21 -11
  72. package/dist/tools/reconciliation/analyzer.d.ts +4 -4
  73. package/dist/tools/reconciliation/analyzer.js +136 -57
  74. package/dist/tools/reconciliation/csvParser.d.ts +3 -3
  75. package/dist/tools/reconciliation/csvParser.js +128 -104
  76. package/dist/tools/reconciliation/executor.d.ts +4 -4
  77. package/dist/tools/reconciliation/executor.js +148 -109
  78. package/dist/tools/reconciliation/index.d.ts +10 -10
  79. package/dist/tools/reconciliation/index.js +96 -83
  80. package/dist/tools/reconciliation/matcher.d.ts +3 -3
  81. package/dist/tools/reconciliation/matcher.js +17 -16
  82. package/dist/tools/reconciliation/payeeNormalizer.js +19 -8
  83. package/dist/tools/reconciliation/recommendationEngine.d.ts +1 -1
  84. package/dist/tools/reconciliation/recommendationEngine.js +40 -40
  85. package/dist/tools/reconciliation/reportFormatter.d.ts +2 -2
  86. package/dist/tools/reconciliation/reportFormatter.js +79 -54
  87. package/dist/tools/reconciliation/signDetector.d.ts +1 -1
  88. package/dist/tools/reconciliation/types.d.ts +19 -16
  89. package/dist/tools/reconciliation/ynabAdapter.d.ts +2 -2
  90. package/dist/tools/schemas/common.d.ts +1 -1
  91. package/dist/tools/schemas/common.js +1 -1
  92. package/dist/tools/schemas/outputs/accountOutputs.d.ts +1 -1
  93. package/dist/tools/schemas/outputs/accountOutputs.js +24 -18
  94. package/dist/tools/schemas/outputs/budgetOutputs.d.ts +1 -1
  95. package/dist/tools/schemas/outputs/budgetOutputs.js +14 -11
  96. package/dist/tools/schemas/outputs/categoryOutputs.d.ts +1 -1
  97. package/dist/tools/schemas/outputs/categoryOutputs.js +49 -29
  98. package/dist/tools/schemas/outputs/comparisonOutputs.d.ts +1 -1
  99. package/dist/tools/schemas/outputs/comparisonOutputs.js +12 -12
  100. package/dist/tools/schemas/outputs/index.d.ts +14 -14
  101. package/dist/tools/schemas/outputs/index.js +14 -14
  102. package/dist/tools/schemas/outputs/monthOutputs.d.ts +1 -1
  103. package/dist/tools/schemas/outputs/monthOutputs.js +56 -41
  104. package/dist/tools/schemas/outputs/payeeOutputs.d.ts +1 -1
  105. package/dist/tools/schemas/outputs/payeeOutputs.js +10 -10
  106. package/dist/tools/schemas/outputs/reconciliationOutputs.d.ts +2 -2
  107. package/dist/tools/schemas/outputs/reconciliationOutputs.js +45 -45
  108. package/dist/tools/schemas/outputs/transactionMutationOutputs.d.ts +1 -1
  109. package/dist/tools/schemas/outputs/transactionMutationOutputs.js +28 -22
  110. package/dist/tools/schemas/outputs/transactionOutputs.d.ts +1 -1
  111. package/dist/tools/schemas/outputs/transactionOutputs.js +43 -35
  112. package/dist/tools/schemas/outputs/utilityOutputs.d.ts +1 -1
  113. package/dist/tools/schemas/outputs/utilityOutputs.js +5 -3
  114. package/dist/tools/schemas/shared/commonOutputs.d.ts +1 -1
  115. package/dist/tools/schemas/shared/commonOutputs.js +15 -9
  116. package/dist/tools/transactionReadTools.d.ts +11 -0
  117. package/dist/tools/transactionReadTools.js +202 -0
  118. package/dist/tools/transactionSchemas.d.ts +309 -0
  119. package/dist/tools/transactionSchemas.js +235 -0
  120. package/dist/tools/transactionTools.d.ts +6 -302
  121. package/dist/tools/transactionTools.js +7 -2054
  122. package/dist/tools/transactionUtils.d.ts +31 -0
  123. package/dist/tools/transactionUtils.js +364 -0
  124. package/dist/tools/transactionWriteTools.d.ts +20 -0
  125. package/dist/tools/transactionWriteTools.js +1342 -0
  126. package/dist/tools/utilityTools.d.ts +5 -4
  127. package/dist/tools/utilityTools.js +11 -11
  128. package/dist/types/index.d.ts +7 -7
  129. package/dist/types/index.js +6 -6
  130. package/dist/types/reconciliation.d.ts +1 -1
  131. package/dist/types/toolRegistration.d.ts +14 -12
  132. package/dist/utils/amountUtils.js +1 -1
  133. package/dist/utils/dateUtils.js +4 -4
  134. package/dist/utils/errors.d.ts +3 -3
  135. package/dist/utils/errors.js +4 -4
  136. package/dist/utils/money.d.ts +2 -2
  137. package/dist/utils/money.js +8 -8
  138. package/dist/utils/validationError.d.ts +1 -1
  139. package/dist/utils/validationError.js +1 -1
  140. package/docs/assets/examples/reconciliation-with-recommendations.json +66 -66
  141. package/docs/assets/schemas/reconciliation-v2.json +360 -336
  142. package/docs/plans/2025-12-25-transaction-tools-refactor-design.md +211 -0
  143. package/docs/plans/2025-12-25-transaction-tools-refactor.md +905 -0
  144. package/esbuild.config.mjs +53 -50
  145. package/meta.json +12548 -12548
  146. package/package.json +98 -109
  147. package/scripts/analyze-bundle.mjs +33 -30
  148. package/scripts/create-pr-description.js +169 -120
  149. package/scripts/run-all-tests.js +205 -0
  150. package/scripts/run-domain-integration-tests.js +28 -18
  151. package/scripts/run-generate-mcpb.js +19 -17
  152. package/scripts/run-throttled-integration-tests.js +92 -83
  153. package/scripts/test-delta-params.mjs +149 -120
  154. package/scripts/test-recommendations.ts +36 -32
  155. package/scripts/tmpTransaction.ts +80 -43
  156. package/scripts/validate-env.js +98 -91
  157. package/scripts/verify-build.js +78 -76
  158. package/src/__tests__/comprehensive.integration.test.ts +1281 -1154
  159. package/src/__tests__/performance.test.ts +723 -671
  160. package/src/__tests__/setup.ts +442 -395
  161. package/src/__tests__/smoke.e2e.test.ts +41 -39
  162. package/src/__tests__/testRunner.ts +314 -295
  163. package/src/__tests__/testUtils.ts +456 -364
  164. package/src/__tests__/tools/reconciliation/csvParser.integration.test.ts +109 -107
  165. package/src/__tests__/tools/reconciliation/real-world.integration.test.ts +41 -41
  166. package/src/index.ts +68 -59
  167. package/src/server/CLAUDE.md +480 -0
  168. package/src/server/YNABMCPServer.ts +821 -794
  169. package/src/server/__tests__/YNABMCPServer.integration.test.ts +929 -893
  170. package/src/server/__tests__/YNABMCPServer.test.ts +903 -899
  171. package/src/server/__tests__/budgetResolver.test.ts +466 -423
  172. package/src/server/__tests__/cacheManager.test.ts +891 -874
  173. package/src/server/__tests__/completions.integration.test.ts +115 -106
  174. package/src/server/__tests__/completions.test.ts +334 -313
  175. package/src/server/__tests__/config.test.ts +98 -86
  176. package/src/server/__tests__/deltaCache.merge.test.ts +774 -703
  177. package/src/server/__tests__/deltaCache.swr.test.ts +198 -153
  178. package/src/server/__tests__/deltaCache.test.ts +946 -759
  179. package/src/server/__tests__/diagnostics.test.ts +825 -792
  180. package/src/server/__tests__/errorHandler.integration.test.ts +512 -462
  181. package/src/server/__tests__/errorHandler.test.ts +402 -397
  182. package/src/server/__tests__/prompts.test.ts +424 -347
  183. package/src/server/__tests__/rateLimiter.test.ts +313 -309
  184. package/src/server/__tests__/requestLogger.test.ts +443 -403
  185. package/src/server/__tests__/resources.template.test.ts +196 -185
  186. package/src/server/__tests__/resources.test.ts +294 -288
  187. package/src/server/__tests__/security.integration.test.ts +487 -421
  188. package/src/server/__tests__/securityMiddleware.test.ts +519 -444
  189. package/src/server/__tests__/server-startup.integration.test.ts +509 -490
  190. package/src/server/__tests__/serverKnowledgeStore.test.ts +174 -173
  191. package/src/server/__tests__/toolRegistration.test.ts +239 -210
  192. package/src/server/__tests__/toolRegistry.test.ts +907 -845
  193. package/src/server/budgetResolver.ts +221 -181
  194. package/src/server/cacheKeys.ts +6 -6
  195. package/src/server/cacheManager.ts +498 -484
  196. package/src/server/completions.ts +267 -243
  197. package/src/server/config.ts +35 -14
  198. package/src/server/deltaCache.merge.ts +146 -128
  199. package/src/server/deltaCache.ts +352 -309
  200. package/src/server/diagnostics.ts +257 -242
  201. package/src/server/errorHandler.ts +747 -744
  202. package/src/server/prompts.ts +181 -176
  203. package/src/server/rateLimiter.ts +131 -129
  204. package/src/server/requestLogger.ts +350 -322
  205. package/src/server/resources.ts +442 -374
  206. package/src/server/responseFormatter.ts +41 -37
  207. package/src/server/securityMiddleware.ts +223 -205
  208. package/src/server/serverKnowledgeStore.ts +67 -67
  209. package/src/server/toolRegistry.ts +508 -474
  210. package/src/tools/CLAUDE.md +604 -0
  211. package/src/tools/__tests__/accountTools.delta.integration.test.ts +128 -111
  212. package/src/tools/__tests__/accountTools.integration.test.ts +129 -111
  213. package/src/tools/__tests__/accountTools.test.ts +685 -638
  214. package/src/tools/__tests__/adapters.test.ts +142 -108
  215. package/src/tools/__tests__/budgetTools.delta.integration.test.ts +73 -73
  216. package/src/tools/__tests__/budgetTools.integration.test.ts +132 -124
  217. package/src/tools/__tests__/budgetTools.test.ts +442 -413
  218. package/src/tools/__tests__/categoryTools.delta.integration.test.ts +76 -68
  219. package/src/tools/__tests__/categoryTools.integration.test.ts +314 -288
  220. package/src/tools/__tests__/categoryTools.test.ts +656 -625
  221. package/src/tools/__tests__/compareTransactions/formatter.test.ts +535 -462
  222. package/src/tools/__tests__/compareTransactions/index.test.ts +378 -358
  223. package/src/tools/__tests__/compareTransactions/matcher.test.ts +497 -398
  224. package/src/tools/__tests__/compareTransactions/parser.test.ts +765 -747
  225. package/src/tools/__tests__/compareTransactions.test.ts +352 -332
  226. package/src/tools/__tests__/compareTransactions.window.test.ts +150 -146
  227. package/src/tools/__tests__/deltaFetcher.scheduled.integration.test.ts +69 -65
  228. package/src/tools/__tests__/deltaFetcher.test.ts +325 -265
  229. package/src/tools/__tests__/deltaSupport.test.ts +211 -184
  230. package/src/tools/__tests__/deltaTestUtils.ts +37 -33
  231. package/src/tools/__tests__/exportTransactions.test.ts +205 -200
  232. package/src/tools/__tests__/monthTools.delta.integration.test.ts +68 -68
  233. package/src/tools/__tests__/monthTools.integration.test.ts +178 -166
  234. package/src/tools/__tests__/monthTools.test.ts +561 -512
  235. package/src/tools/__tests__/payeeTools.delta.integration.test.ts +68 -68
  236. package/src/tools/__tests__/payeeTools.integration.test.ts +158 -142
  237. package/src/tools/__tests__/payeeTools.test.ts +486 -434
  238. package/src/tools/__tests__/transactionSchemas.test.ts +1204 -0
  239. package/src/tools/__tests__/transactionTools.integration.test.ts +875 -825
  240. package/src/tools/__tests__/transactionTools.test.ts +4923 -4366
  241. package/src/tools/__tests__/transactionUtils.test.ts +1016 -0
  242. package/src/tools/__tests__/utilityTools.integration.test.ts +32 -32
  243. package/src/tools/__tests__/utilityTools.test.ts +68 -58
  244. package/src/tools/accountTools.ts +293 -271
  245. package/src/tools/adapters.ts +120 -63
  246. package/src/tools/budgetTools.ts +121 -116
  247. package/src/tools/categoryTools.ts +379 -339
  248. package/src/tools/compareTransactions/formatter.ts +131 -119
  249. package/src/tools/compareTransactions/index.ts +249 -214
  250. package/src/tools/compareTransactions/matcher.ts +259 -209
  251. package/src/tools/compareTransactions/parser.ts +517 -487
  252. package/src/tools/compareTransactions/types.ts +38 -38
  253. package/src/tools/compareTransactions.ts +1 -1
  254. package/src/tools/deltaFetcher.ts +281 -260
  255. package/src/tools/deltaSupport.ts +264 -259
  256. package/src/tools/exportTransactions.ts +230 -218
  257. package/src/tools/monthTools.ts +180 -165
  258. package/src/tools/payeeTools.ts +152 -140
  259. package/src/tools/reconcileAdapter.ts +297 -246
  260. package/src/tools/reconciliation/CLAUDE.md +506 -0
  261. package/src/tools/reconciliation/__tests__/adapter.causes.test.ts +135 -112
  262. package/src/tools/reconciliation/__tests__/adapter.test.ts +249 -227
  263. package/src/tools/reconciliation/__tests__/analyzer.test.ts +408 -335
  264. package/src/tools/reconciliation/__tests__/csvParser.test.ts +71 -69
  265. package/src/tools/reconciliation/__tests__/executor.integration.test.ts +348 -323
  266. package/src/tools/reconciliation/__tests__/executor.progress.test.ts +503 -457
  267. package/src/tools/reconciliation/__tests__/executor.test.ts +898 -831
  268. package/src/tools/reconciliation/__tests__/matcher.test.ts +667 -663
  269. package/src/tools/reconciliation/__tests__/payeeNormalizer.test.ts +296 -276
  270. package/src/tools/reconciliation/__tests__/recommendationEngine.integration.test.ts +692 -624
  271. package/src/tools/reconciliation/__tests__/recommendationEngine.test.ts +1008 -986
  272. package/src/tools/reconciliation/__tests__/reconciliation.delta.integration.test.ts +187 -146
  273. package/src/tools/reconciliation/__tests__/reportFormatter.test.ts +583 -530
  274. package/src/tools/reconciliation/__tests__/scenarios/adapterCurrency.scenario.test.ts +75 -71
  275. package/src/tools/reconciliation/__tests__/scenarios/extremes.scenario.test.ts +70 -58
  276. package/src/tools/reconciliation/__tests__/scenarios/repeatAmount.scenario.test.ts +102 -88
  277. package/src/tools/reconciliation/__tests__/schemaUrl.test.ts +58 -43
  278. package/src/tools/reconciliation/__tests__/signDetector.test.ts +209 -206
  279. package/src/tools/reconciliation/__tests__/ynabAdapter.test.ts +66 -60
  280. package/src/tools/reconciliation/analyzer.ts +582 -406
  281. package/src/tools/reconciliation/csvParser.ts +656 -609
  282. package/src/tools/reconciliation/executor.ts +1290 -1128
  283. package/src/tools/reconciliation/index.ts +580 -528
  284. package/src/tools/reconciliation/matcher.ts +256 -240
  285. package/src/tools/reconciliation/payeeNormalizer.ts +92 -78
  286. package/src/tools/reconciliation/recommendationEngine.ts +357 -345
  287. package/src/tools/reconciliation/reportFormatter.ts +349 -276
  288. package/src/tools/reconciliation/signDetector.ts +89 -83
  289. package/src/tools/reconciliation/types.ts +164 -153
  290. package/src/tools/reconciliation/ynabAdapter.ts +17 -15
  291. package/src/tools/schemas/CLAUDE.md +546 -0
  292. package/src/tools/schemas/common.ts +1 -1
  293. package/src/tools/schemas/outputs/__tests__/accountOutputs.test.ts +410 -409
  294. package/src/tools/schemas/outputs/__tests__/budgetOutputs.test.ts +305 -299
  295. package/src/tools/schemas/outputs/__tests__/categoryOutputs.test.ts +431 -430
  296. package/src/tools/schemas/outputs/__tests__/comparisonOutputs.test.ts +510 -495
  297. package/src/tools/schemas/outputs/__tests__/dateValidation.test.ts +179 -153
  298. package/src/tools/schemas/outputs/__tests__/discrepancyDirection.test.ts +293 -254
  299. package/src/tools/schemas/outputs/__tests__/monthOutputs.test.ts +457 -457
  300. package/src/tools/schemas/outputs/__tests__/payeeOutputs.test.ts +362 -356
  301. package/src/tools/schemas/outputs/__tests__/reconciliationOutputs.test.ts +402 -399
  302. package/src/tools/schemas/outputs/__tests__/transactionMutationSchemas.test.ts +225 -211
  303. package/src/tools/schemas/outputs/__tests__/transactionOutputs.test.ts +457 -454
  304. package/src/tools/schemas/outputs/__tests__/utilityOutputs.test.ts +316 -315
  305. package/src/tools/schemas/outputs/accountOutputs.ts +40 -34
  306. package/src/tools/schemas/outputs/budgetOutputs.ts +24 -19
  307. package/src/tools/schemas/outputs/categoryOutputs.ts +76 -56
  308. package/src/tools/schemas/outputs/comparisonOutputs.ts +192 -169
  309. package/src/tools/schemas/outputs/index.ts +163 -163
  310. package/src/tools/schemas/outputs/monthOutputs.ts +95 -80
  311. package/src/tools/schemas/outputs/payeeOutputs.ts +18 -18
  312. package/src/tools/schemas/outputs/reconciliationOutputs.ts +386 -373
  313. package/src/tools/schemas/outputs/transactionMutationOutputs.ts +259 -231
  314. package/src/tools/schemas/outputs/transactionOutputs.ts +81 -71
  315. package/src/tools/schemas/outputs/utilityOutputs.ts +90 -84
  316. package/src/tools/schemas/shared/commonOutputs.ts +27 -19
  317. package/src/tools/toolCategories.ts +114 -114
  318. package/src/tools/transactionReadTools.ts +327 -0
  319. package/src/tools/transactionSchemas.ts +484 -0
  320. package/src/tools/transactionTools.ts +107 -2990
  321. package/src/tools/transactionUtils.ts +621 -0
  322. package/src/tools/transactionWriteTools.ts +2110 -0
  323. package/src/tools/utilityTools.ts +46 -41
  324. package/src/types/CLAUDE.md +477 -0
  325. package/src/types/__tests__/index.test.ts +51 -51
  326. package/src/types/index.ts +43 -39
  327. package/src/types/integration-tests.d.ts +26 -26
  328. package/src/types/reconciliation.ts +29 -29
  329. package/src/types/toolAnnotations.ts +30 -30
  330. package/src/types/toolRegistration.ts +43 -32
  331. package/src/utils/CLAUDE.md +508 -0
  332. package/src/utils/__tests__/dateUtils.test.ts +174 -168
  333. package/src/utils/__tests__/money.test.ts +193 -187
  334. package/src/utils/amountUtils.ts +5 -5
  335. package/src/utils/baseError.ts +5 -5
  336. package/src/utils/dateUtils.ts +29 -26
  337. package/src/utils/errors.ts +14 -14
  338. package/src/utils/money.ts +66 -52
  339. package/src/utils/validationError.ts +1 -1
  340. package/tsconfig.json +29 -29
  341. package/tsconfig.prod.json +16 -16
  342. package/vitest-reporters/split-json-reporter.ts +247 -204
  343. package/vitest.config.ts +99 -95
  344. package/.prettierignore +0 -10
  345. package/.prettierrc.json +0 -10
  346. package/eslint.config.js +0 -49
package/src/server/responseFormatter.ts CHANGED
@@ -1,51 +1,55 @@
1
- import { AsyncLocalStorage } from 'async_hooks';
1
+ import { AsyncLocalStorage } from "node:async_hooks";
2
2
 
3
3
  function parseBool(value: string | undefined, fallback: boolean): boolean {
4
- if (value === undefined) return fallback;
5
- const v = value.trim().toLowerCase();
6
- return v === '1' || v === 'true' || v === 'yes' || v === 'on';
4
+ if (value === undefined) return fallback;
5
+ const v = value.trim().toLowerCase();
6
+ return v === "1" || v === "true" || v === "yes" || v === "on";
7
7
  }
8
8
 
9
9
  function parseIntSafe(value: string | undefined, fallback: number): number {
10
- if (value === undefined) return fallback;
11
- const n = Number.parseInt(value, 10);
12
- return Number.isFinite(n) && n >= 0 ? n : fallback;
10
+ if (value === undefined) return fallback;
11
+ const n = Number.parseInt(value, 10);
12
+ return Number.isFinite(n) && n >= 0 ? n : fallback;
13
13
  }
14
14
 
15
15
  interface Context {
16
- minify?: boolean;
16
+ minify?: boolean;
17
17
  }
18
18
 
19
19
  class ResponseFormatter {
20
- private defaultMinify: boolean;
21
- private prettySpaces: number;
22
- private als = new AsyncLocalStorage<Context>();
23
-
24
- constructor() {
25
- // Defaults: minify outputs unless explicitly pretty-printed
26
- this.defaultMinify = parseBool(process.env['YNAB_MCP_MINIFY_OUTPUT'], true);
27
- this.prettySpaces = parseIntSafe(process.env['YNAB_MCP_PRETTY_SPACES'], 2);
28
- }
29
-
30
- configure(options?: { defaultMinify?: boolean; prettySpaces?: number }): void {
31
- if (!options) return;
32
- if (typeof options.defaultMinify === 'boolean') this.defaultMinify = options.defaultMinify;
33
- if (typeof options.prettySpaces === 'number' && options.prettySpaces >= 0) {
34
- this.prettySpaces = options.prettySpaces;
35
- }
36
- }
37
-
38
- runWithMinifyOverride<T>(minify: boolean | undefined, fn: () => T): T {
39
- if (minify === undefined) return fn();
40
- return this.als.run({ minify }, fn);
41
- }
42
-
43
- format(value: unknown): string {
44
- const ctx = this.als.getStore();
45
- const minify = ctx?.minify ?? this.defaultMinify;
46
- if (minify) return JSON.stringify(value);
47
- return JSON.stringify(value, null, this.prettySpaces);
48
- }
20
+ private defaultMinify: boolean;
21
+ private prettySpaces: number;
22
+ private als = new AsyncLocalStorage<Context>();
23
+
24
+ constructor() {
25
+ // Defaults: minify outputs unless explicitly pretty-printed
26
+ this.defaultMinify = parseBool(process.env["YNAB_MCP_MINIFY_OUTPUT"], true);
27
+ this.prettySpaces = parseIntSafe(process.env["YNAB_MCP_PRETTY_SPACES"], 2);
28
+ }
29
+
30
+ configure(options?: {
31
+ defaultMinify?: boolean;
32
+ prettySpaces?: number;
33
+ }): void {
34
+ if (!options) return;
35
+ if (typeof options.defaultMinify === "boolean")
36
+ this.defaultMinify = options.defaultMinify;
37
+ if (typeof options.prettySpaces === "number" && options.prettySpaces >= 0) {
38
+ this.prettySpaces = options.prettySpaces;
39
+ }
40
+ }
41
+
42
+ runWithMinifyOverride<T>(minify: boolean | undefined, fn: () => T): T {
43
+ if (minify === undefined) return fn();
44
+ return this.als.run({ minify }, fn);
45
+ }
46
+
47
+ format(value: unknown): string {
48
+ const ctx = this.als.getStore();
49
+ const minify = ctx?.minify ?? this.defaultMinify;
50
+ if (minify) return JSON.stringify(value);
51
+ return JSON.stringify(value, null, this.prettySpaces);
52
+ }
49
53
  }
50
54
 
51
55
  export const responseFormatter = new ResponseFormatter();
package/src/server/securityMiddleware.ts CHANGED
@@ -2,201 +2,219 @@
2
2
  * Security middleware that combines rate limiting, request logging, and input validation
3
3
  */
4
4
 
5
- import { CallToolResult } from '@modelcontextprotocol/sdk/types.js';
6
- import { z } from 'zod/v4';
7
- import { fromZodError } from 'zod-validation-error';
8
- import { globalRateLimiter, RateLimitError } from './rateLimiter.js';
9
- import { globalRequestLogger } from './requestLogger.js';
10
- import { ErrorHandler } from './errorHandler.js';
11
- import { responseFormatter } from './responseFormatter.js';
5
+ import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
6
+ import { fromZodError } from "zod-validation-error";
7
+ import { z } from "zod/v4";
8
+ import { createErrorHandler } from "./errorHandler.js";
9
+ import { RateLimitError, globalRateLimiter } from "./rateLimiter.js";
10
+ import { globalRequestLogger } from "./requestLogger.js";
11
+ import { responseFormatter } from "./responseFormatter.js";
12
12
 
13
13
  /**
14
14
  * Security context for requests
15
15
  */
16
16
  export interface SecurityContext {
17
- accessToken: string;
18
- toolName: string;
19
- operation: string;
20
- parameters: Record<string, unknown>;
21
- startTime: number;
17
+ accessToken: string;
18
+ toolName: string;
19
+ operation: string;
20
+ parameters: Record<string, unknown>;
21
+ startTime: number;
22
22
  }
23
23
 
24
24
  /**
25
25
  * Security middleware class that wraps tool operations
26
26
  */
27
+ // biome-ignore lint/complexity/noStaticOnlyClass: static utility class
27
28
  export class SecurityMiddleware {
28
- /**
29
- * Wrap a tool operation with security measures
30
- */
31
- static async withSecurity<T extends Record<string, unknown>>(
32
- context: SecurityContext,
33
- schema: z.ZodSchema<T>,
34
-
35
- operation: (..._args: unknown[]) => Promise<CallToolResult>,
36
- ): Promise<CallToolResult> {
37
- const startTime = Date.now();
38
-
39
- try {
40
- // 1. Input validation
41
- const validatedParams = await this.validateInput(schema, context.parameters);
42
-
43
- // 2. Rate limiting check
44
- await this.checkRateLimit(context.accessToken);
45
-
46
- // 3. Record the request for rate limiting
47
- globalRateLimiter.recordRequest(this.hashToken(context.accessToken));
48
-
49
- // 4. Execute the operation
50
- const result = await operation(validatedParams);
51
-
52
- // 5. Log successful request
53
- const duration = Date.now() - startTime;
54
- const rateLimitInfo = globalRateLimiter.getStatus(this.hashToken(context.accessToken));
55
-
56
- globalRequestLogger.logSuccess(
57
- context.toolName,
58
- context.operation,
59
- context.parameters,
60
- duration,
61
- {
62
- remaining: rateLimitInfo.remaining,
63
- isLimited: rateLimitInfo.isLimited,
64
- },
65
- );
66
-
67
- return result;
68
- } catch (error) {
69
- // Log failed request
70
- const duration = Date.now() - startTime;
71
- const rateLimitInfo = globalRateLimiter.getStatus(this.hashToken(context.accessToken));
72
-
73
- const errorMessage = error instanceof Error ? error.message : 'Unknown error';
74
-
75
- globalRequestLogger.logError(
76
- context.toolName,
77
- context.operation,
78
- context.parameters,
79
- errorMessage,
80
- duration,
81
- {
82
- remaining: rateLimitInfo.remaining,
83
- isLimited: rateLimitInfo.isLimited,
84
- },
85
- );
86
-
87
- // Handle rate limit errors specially
88
- if (error instanceof RateLimitError) {
89
- return this.createRateLimitErrorResponse(error);
90
- }
91
-
92
- // Handle validation errors
93
- if (error instanceof Error && error.message.includes('Validation failed')) {
94
- return ErrorHandler.createValidationError(
95
- 'Invalid parameters for ' + context.toolName,
96
- error.message,
97
- );
98
- }
99
-
100
- // Re-throw other errors to be handled by existing error handling
101
- throw error;
102
- }
103
- }
104
-
105
- /**
106
- * Validate input parameters using Zod schema
107
- */
108
- private static async validateInput<T>(
109
- schema: z.ZodSchema<T>,
110
- parameters: Record<string, unknown>,
111
- ): Promise<T> {
112
- try {
113
- return schema.parse(parameters);
114
- } catch (error) {
115
- if (error instanceof z.ZodError) {
116
- const validationError = fromZodError(error);
117
- throw new Error(`Validation failed: ${validationError.message}`);
118
- }
119
- throw error;
120
- }
121
- }
122
-
123
- /**
124
- * Check rate limit for the given access token
125
- */
126
- private static async checkRateLimit(accessToken: string): Promise<void> {
127
- const tokenHash = this.hashToken(accessToken);
128
- const rateLimitInfo = globalRateLimiter.isAllowed(tokenHash);
129
-
130
- if (rateLimitInfo.isLimited) {
131
- throw new RateLimitError(
132
- 'Rate limit exceeded. Please wait before making additional requests.',
133
- rateLimitInfo.resetTime,
134
- rateLimitInfo.remaining,
135
- );
136
- }
137
- }
138
-
139
- /**
140
- * Create a rate limit error response
141
- */
142
- private static createRateLimitErrorResponse(error: RateLimitError): CallToolResult {
143
- return {
144
- isError: true,
145
- content: [
146
- {
147
- type: 'text',
148
- text: responseFormatter.format({
149
- error: {
150
- code: 'RATE_LIMIT_EXCEEDED',
151
- message: error.message,
152
- details: {
153
- resetTime: error.resetTime.toISOString(),
154
- remaining: error.remaining,
155
- },
156
- },
157
- }),
158
- },
159
- ],
160
- };
161
- }
162
-
163
- /**
164
- * Hash access token for rate limiting and logging
165
- */
166
- private static hashToken(token: string): string {
167
- // Simple hash for rate limiting - not cryptographically secure
168
- let hash = 0;
169
- for (let i = 0; i < token.length; i++) {
170
- const char = token.charCodeAt(i);
171
- hash = (hash << 5) - hash + char;
172
- hash = hash & hash; // Convert to 32-bit integer
173
- }
174
- return `token_${Math.abs(hash).toString(16)}`;
175
- }
176
-
177
- /**
178
- * Get security statistics
179
- */
180
- static getSecurityStats(): {
181
- rateLimitStats: Record<string, unknown>;
182
- requestStats: Record<string, unknown>;
183
- } {
184
- return {
185
- rateLimitStats: {
186
- // Rate limiter doesn't expose internal stats, but we can provide basic info
187
- message: 'Rate limiting is active with YNAB API limits (200 requests/hour)',
188
- },
189
- requestStats: globalRequestLogger.getStats(),
190
- };
191
- }
192
-
193
- /**
194
- * Reset security state (useful for testing)
195
- */
196
- static reset(): void {
197
- globalRateLimiter.reset();
198
- globalRequestLogger.clearLogs();
199
- }
29
+ /**
30
+ * Wrap a tool operation with security measures
31
+ */
32
+ static async withSecurity<T extends Record<string, unknown>>(
33
+ context: SecurityContext,
34
+ schema: z.ZodSchema<T>,
35
+
36
+ operation: (..._args: unknown[]) => Promise<CallToolResult>,
37
+ ): Promise<CallToolResult> {
38
+ const startTime = Date.now();
39
+
40
+ try {
41
+ // 1. Input validation
42
+ const validatedParams = await SecurityMiddleware.validateInput(
43
+ schema,
44
+ context.parameters,
45
+ );
46
+
47
+ // 2. Rate limiting check
48
+ await SecurityMiddleware.checkRateLimit(context.accessToken);
49
+
50
+ // 3. Record the request for rate limiting
51
+ globalRateLimiter.recordRequest(
52
+ SecurityMiddleware.hashToken(context.accessToken),
53
+ );
54
+
55
+ // 4. Execute the operation
56
+ const result = await operation(validatedParams);
57
+
58
+ // 5. Log successful request
59
+ const duration = Date.now() - startTime;
60
+ const rateLimitInfo = globalRateLimiter.getStatus(
61
+ SecurityMiddleware.hashToken(context.accessToken),
62
+ );
63
+
64
+ globalRequestLogger.logSuccess(
65
+ context.toolName,
66
+ context.operation,
67
+ context.parameters,
68
+ duration,
69
+ {
70
+ remaining: rateLimitInfo.remaining,
71
+ isLimited: rateLimitInfo.isLimited,
72
+ },
73
+ );
74
+
75
+ return result;
76
+ } catch (error) {
77
+ // Log failed request
78
+ const duration = Date.now() - startTime;
79
+ const rateLimitInfo = globalRateLimiter.getStatus(
80
+ SecurityMiddleware.hashToken(context.accessToken),
81
+ );
82
+
83
+ const errorMessage =
84
+ error instanceof Error ? error.message : "Unknown error";
85
+
86
+ globalRequestLogger.logError(
87
+ context.toolName,
88
+ context.operation,
89
+ context.parameters,
90
+ errorMessage,
91
+ duration,
92
+ {
93
+ remaining: rateLimitInfo.remaining,
94
+ isLimited: rateLimitInfo.isLimited,
95
+ },
96
+ );
97
+
98
+ // Handle rate limit errors specially
99
+ if (error instanceof RateLimitError) {
100
+ return SecurityMiddleware.createRateLimitErrorResponse(error);
101
+ }
102
+
103
+ // Handle validation errors
104
+ if (
105
+ error instanceof Error &&
106
+ error.message.includes("Validation failed")
107
+ ) {
108
+ const errorHandler = createErrorHandler(responseFormatter);
109
+ return errorHandler.createValidationError(
110
+ `Invalid parameters for ${context.toolName}`,
111
+ error.message,
112
+ );
113
+ }
114
+
115
+ // Re-throw other errors to be handled by existing error handling
116
+ throw error;
117
+ }
118
+ }
119
+
120
+ /**
121
+ * Validate input parameters using Zod schema
122
+ */
123
+ private static async validateInput<T>(
124
+ schema: z.ZodSchema<T>,
125
+ parameters: Record<string, unknown>,
126
+ ): Promise<T> {
127
+ try {
128
+ return schema.parse(parameters);
129
+ } catch (error) {
130
+ if (error instanceof z.ZodError) {
131
+ const validationError = fromZodError(error);
132
+ throw new Error(`Validation failed: ${validationError.message}`);
133
+ }
134
+ throw error;
135
+ }
136
+ }
137
+
138
+ /**
139
+ * Check rate limit for the given access token
140
+ */
141
+ private static async checkRateLimit(accessToken: string): Promise<void> {
142
+ const tokenHash = SecurityMiddleware.hashToken(accessToken);
143
+ const rateLimitInfo = globalRateLimiter.isAllowed(tokenHash);
144
+
145
+ if (rateLimitInfo.isLimited) {
146
+ throw new RateLimitError(
147
+ "Rate limit exceeded. Please wait before making additional requests.",
148
+ rateLimitInfo.resetTime,
149
+ rateLimitInfo.remaining,
150
+ );
151
+ }
152
+ }
153
+
154
+ /**
155
+ * Create a rate limit error response
156
+ */
157
+ private static createRateLimitErrorResponse(
158
+ error: RateLimitError,
159
+ ): CallToolResult {
160
+ return {
161
+ isError: true,
162
+ content: [
163
+ {
164
+ type: "text",
165
+ text: responseFormatter.format({
166
+ error: {
167
+ code: "RATE_LIMIT_EXCEEDED",
168
+ message: error.message,
169
+ details: {
170
+ resetTime: error.resetTime.toISOString(),
171
+ remaining: error.remaining,
172
+ },
173
+ },
174
+ }),
175
+ },
176
+ ],
177
+ };
178
+ }
179
+
180
+ /**
181
+ * Hash access token for rate limiting and logging
182
+ */
183
+ private static hashToken(token: string): string {
184
+ // Simple hash for rate limiting - not cryptographically secure
185
+ let hash = 0;
186
+ for (let i = 0; i < token.length; i++) {
187
+ const char = token.charCodeAt(i);
188
+ hash = (hash << 5) - hash + char;
189
+ hash = hash & hash; // Convert to 32-bit integer
190
+ }
191
+ return `token_${Math.abs(hash).toString(16)}`;
192
+ }
193
+
194
+ /**
195
+ * Get security statistics
196
+ */
197
+ static getSecurityStats(): {
198
+ rateLimitStats: Record<string, unknown>;
199
+ requestStats: Record<string, unknown>;
200
+ } {
201
+ return {
202
+ rateLimitStats: {
203
+ // Rate limiter doesn't expose internal stats, but we can provide basic info
204
+ message:
205
+ "Rate limiting is active with YNAB API limits (200 requests/hour)",
206
+ },
207
+ requestStats: globalRequestLogger.getStats(),
208
+ };
209
+ }
210
+
211
+ /**
212
+ * Reset security state (useful for testing)
213
+ */
214
+ static reset(): void {
215
+ globalRateLimiter.reset();
216
+ globalRequestLogger.clearLogs();
217
+ }
200
218
  }
201
219
 
202
220
  /**
@@ -208,26 +226,26 @@ export class SecurityMiddleware {
208
226
  * @returns A function that takes an `accessToken` and returns a function that takes raw `params`, which returns a function that accepts a handler `(validated: T) => Promise<CallToolResult>`; when invoked, the handler is executed under the security middleware and its `CallToolResult` is returned
209
227
  */
210
228
  export function withSecurityWrapper<T extends Record<string, unknown>>(
211
- toolName: string,
212
- operation: string,
213
- schema: z.ZodSchema<T>,
229
+ toolName: string,
230
+ operation: string,
231
+ schema: z.ZodSchema<T>,
214
232
  ) {
215
- return (accessToken: string) =>
216
- (params: Record<string, unknown>) =>
217
- (handler: (validated: T) => Promise<CallToolResult>) => {
218
- const context: SecurityContext = {
219
- accessToken,
220
- toolName,
221
- operation,
222
- parameters: params,
223
- startTime: Date.now(),
224
- };
225
-
226
- // Adapt the handler to the generic signature expected by withSecurity
227
- const operationAdapter = async (validatedParams: unknown) => {
228
- return handler(validatedParams as T);
229
- };
230
-
231
- return SecurityMiddleware.withSecurity(context, schema, operationAdapter);
232
- };
233
+ return (accessToken: string) =>
234
+ (params: Record<string, unknown>) =>
235
+ (handler: (validated: T) => Promise<CallToolResult>) => {
236
+ const context: SecurityContext = {
237
+ accessToken,
238
+ toolName,
239
+ operation,
240
+ parameters: params,
241
+ startTime: Date.now(),
242
+ };
243
+
244
+ // Adapt the handler to the generic signature expected by withSecurity
245
+ const operationAdapter = async (validatedParams: unknown) => {
246
+ return handler(validatedParams as T);
247
+ };
248
+
249
+ return SecurityMiddleware.withSecurity(context, schema, operationAdapter);
250
+ };
233
251
  }