npm - @dizzlkheinz/ynab-mcpb - Versions diffs - 0.18.4 → 0.19.0 - Mend

@dizzlkheinz/ynab-mcpb 0.18.4 → 0.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (343) hide show

package/CLAUDE.md +87 -8
package/bin/ynab-mcp-server.cjs +2 -2
package/bin/ynab-mcp-server.js +3 -3
package/biome.json +39 -0
package/dist/bundle/index.cjs +67 -67
package/dist/index.d.ts +1 -1
package/dist/index.js +27 -27
package/dist/server/YNABMCPServer.d.ts +3 -4
package/dist/server/YNABMCPServer.js +111 -116
package/dist/server/budgetResolver.d.ts +6 -5
package/dist/server/budgetResolver.js +46 -36
package/dist/server/cacheKeys.js +6 -6
package/dist/server/cacheManager.js +14 -11
package/dist/server/completions.d.ts +2 -2
package/dist/server/completions.js +20 -15
package/dist/server/config.d.ts +10 -5
package/dist/server/config.js +24 -7
package/dist/server/deltaCache.d.ts +2 -2
package/dist/server/deltaCache.js +22 -16
package/dist/server/deltaCache.merge.d.ts +2 -2
package/dist/server/diagnostics.d.ts +4 -4
package/dist/server/diagnostics.js +38 -32
package/dist/server/errorHandler.d.ts +5 -12
package/dist/server/errorHandler.js +219 -217
package/dist/server/prompts.d.ts +2 -2
package/dist/server/prompts.js +45 -45
package/dist/server/rateLimiter.js +4 -4
package/dist/server/requestLogger.d.ts +1 -1
package/dist/server/requestLogger.js +40 -35
package/dist/server/resources.d.ts +3 -3
package/dist/server/resources.js +55 -52
package/dist/server/responseFormatter.js +6 -6
package/dist/server/securityMiddleware.d.ts +2 -2
package/dist/server/securityMiddleware.js +22 -20
package/dist/server/serverKnowledgeStore.js +1 -1
package/dist/server/toolRegistry.d.ts +3 -3
package/dist/server/toolRegistry.js +47 -40
package/dist/tools/__tests__/deltaTestUtils.d.ts +3 -3
package/dist/tools/__tests__/deltaTestUtils.js +2 -2
package/dist/tools/accountTools.d.ts +9 -8
package/dist/tools/accountTools.js +47 -47
package/dist/tools/adapters.d.ts +13 -8
package/dist/tools/adapters.js +21 -11
package/dist/tools/budgetTools.d.ts +8 -7
package/dist/tools/budgetTools.js +22 -22
package/dist/tools/categoryTools.d.ts +9 -8
package/dist/tools/categoryTools.js +68 -59
package/dist/tools/compareTransactions/formatter.d.ts +3 -3
package/dist/tools/compareTransactions/formatter.js +9 -9
package/dist/tools/compareTransactions/index.d.ts +6 -6
package/dist/tools/compareTransactions/index.js +58 -43
package/dist/tools/compareTransactions/matcher.d.ts +1 -1
package/dist/tools/compareTransactions/matcher.js +28 -15
package/dist/tools/compareTransactions/parser.d.ts +2 -2
package/dist/tools/compareTransactions/parser.js +144 -138
package/dist/tools/compareTransactions/types.d.ts +4 -4
package/dist/tools/compareTransactions.d.ts +1 -1
package/dist/tools/compareTransactions.js +1 -1
package/dist/tools/deltaFetcher.d.ts +2 -2
package/dist/tools/deltaFetcher.js +16 -15
package/dist/tools/deltaSupport.d.ts +4 -4
package/dist/tools/deltaSupport.js +35 -41
package/dist/tools/exportTransactions.d.ts +5 -4
package/dist/tools/exportTransactions.js +61 -59
package/dist/tools/monthTools.d.ts +7 -6
package/dist/tools/monthTools.js +31 -29
package/dist/tools/payeeTools.d.ts +7 -6
package/dist/tools/payeeTools.js +28 -28
package/dist/tools/reconcileAdapter.d.ts +2 -2
package/dist/tools/reconcileAdapter.js +19 -12
package/dist/tools/reconciliation/analyzer.d.ts +4 -4
package/dist/tools/reconciliation/analyzer.js +73 -59
package/dist/tools/reconciliation/csvParser.d.ts +3 -3
package/dist/tools/reconciliation/csvParser.js +128 -104
package/dist/tools/reconciliation/executor.d.ts +4 -4
package/dist/tools/reconciliation/executor.js +148 -109
package/dist/tools/reconciliation/index.d.ts +10 -10
package/dist/tools/reconciliation/index.js +96 -83
package/dist/tools/reconciliation/matcher.d.ts +3 -3
package/dist/tools/reconciliation/matcher.js +17 -16
package/dist/tools/reconciliation/payeeNormalizer.js +19 -8
package/dist/tools/reconciliation/recommendationEngine.d.ts +1 -1
package/dist/tools/reconciliation/recommendationEngine.js +40 -40
package/dist/tools/reconciliation/reportFormatter.d.ts +2 -2
package/dist/tools/reconciliation/reportFormatter.js +59 -58
package/dist/tools/reconciliation/signDetector.d.ts +1 -1
package/dist/tools/reconciliation/types.d.ts +16 -16
package/dist/tools/reconciliation/ynabAdapter.d.ts +2 -2
package/dist/tools/schemas/common.d.ts +1 -1
package/dist/tools/schemas/common.js +1 -1
package/dist/tools/schemas/outputs/accountOutputs.d.ts +1 -1
package/dist/tools/schemas/outputs/accountOutputs.js +24 -18
package/dist/tools/schemas/outputs/budgetOutputs.d.ts +1 -1
package/dist/tools/schemas/outputs/budgetOutputs.js +14 -11
package/dist/tools/schemas/outputs/categoryOutputs.d.ts +1 -1
package/dist/tools/schemas/outputs/categoryOutputs.js +49 -29
package/dist/tools/schemas/outputs/comparisonOutputs.d.ts +1 -1
package/dist/tools/schemas/outputs/comparisonOutputs.js +12 -12
package/dist/tools/schemas/outputs/index.d.ts +14 -14
package/dist/tools/schemas/outputs/index.js +14 -14
package/dist/tools/schemas/outputs/monthOutputs.d.ts +1 -1
package/dist/tools/schemas/outputs/monthOutputs.js +56 -41
package/dist/tools/schemas/outputs/payeeOutputs.d.ts +1 -1
package/dist/tools/schemas/outputs/payeeOutputs.js +10 -10
package/dist/tools/schemas/outputs/reconciliationOutputs.d.ts +2 -2
package/dist/tools/schemas/outputs/reconciliationOutputs.js +45 -45
package/dist/tools/schemas/outputs/transactionMutationOutputs.d.ts +1 -1
package/dist/tools/schemas/outputs/transactionMutationOutputs.js +28 -22
package/dist/tools/schemas/outputs/transactionOutputs.d.ts +1 -1
package/dist/tools/schemas/outputs/transactionOutputs.js +43 -35
package/dist/tools/schemas/outputs/utilityOutputs.d.ts +1 -1
package/dist/tools/schemas/outputs/utilityOutputs.js +5 -3
package/dist/tools/schemas/shared/commonOutputs.d.ts +1 -1
package/dist/tools/schemas/shared/commonOutputs.js +15 -9
package/dist/tools/transactionReadTools.d.ts +11 -0
package/dist/tools/transactionReadTools.js +202 -0
package/dist/tools/transactionSchemas.d.ts +7 -7
package/dist/tools/transactionSchemas.js +77 -57
package/dist/tools/transactionTools.d.ts +6 -24
package/dist/tools/transactionTools.js +7 -1499
package/dist/tools/transactionUtils.d.ts +6 -6
package/dist/tools/transactionUtils.js +78 -63
package/dist/tools/transactionWriteTools.d.ts +20 -0
package/dist/tools/transactionWriteTools.js +1342 -0
package/dist/tools/utilityTools.d.ts +5 -4
package/dist/tools/utilityTools.js +11 -11
package/dist/types/index.d.ts +7 -7
package/dist/types/index.js +6 -6
package/dist/types/reconciliation.d.ts +1 -1
package/dist/types/toolRegistration.d.ts +14 -12
package/dist/utils/amountUtils.js +1 -1
package/dist/utils/dateUtils.js +4 -4
package/dist/utils/errors.d.ts +3 -3
package/dist/utils/errors.js +4 -4
package/dist/utils/money.d.ts +2 -2
package/dist/utils/money.js +8 -8
package/dist/utils/validationError.d.ts +1 -1
package/dist/utils/validationError.js +1 -1
package/docs/assets/examples/reconciliation-with-recommendations.json +66 -66
package/docs/assets/schemas/reconciliation-v2.json +360 -336
package/esbuild.config.mjs +53 -50
package/meta.json +12548 -12548
package/package.json +98 -111
package/scripts/analyze-bundle.mjs +33 -30
package/scripts/create-pr-description.js +169 -120
package/scripts/run-all-tests.js +178 -169
package/scripts/run-domain-integration-tests.js +28 -18
package/scripts/run-generate-mcpb.js +19 -17
package/scripts/run-throttled-integration-tests.js +92 -83
package/scripts/test-delta-params.mjs +149 -120
package/scripts/test-recommendations.ts +36 -32
package/scripts/tmpTransaction.ts +80 -43
package/scripts/validate-env.js +98 -91
package/scripts/verify-build.js +78 -76
package/src/__tests__/comprehensive.integration.test.ts +1281 -1154
package/src/__tests__/performance.test.ts +723 -671
package/src/__tests__/setup.ts +442 -395
package/src/__tests__/smoke.e2e.test.ts +41 -39
package/src/__tests__/testRunner.ts +314 -295
package/src/__tests__/testUtils.ts +456 -364
package/src/__tests__/tools/reconciliation/csvParser.integration.test.ts +109 -107
package/src/__tests__/tools/reconciliation/real-world.integration.test.ts +41 -41
package/src/index.ts +68 -59
package/src/server/CLAUDE.md +480 -0
package/src/server/YNABMCPServer.ts +821 -794
package/src/server/__tests__/YNABMCPServer.integration.test.ts +929 -893
package/src/server/__tests__/YNABMCPServer.test.ts +903 -899
package/src/server/__tests__/budgetResolver.test.ts +466 -423
package/src/server/__tests__/cacheManager.test.ts +891 -874
package/src/server/__tests__/completions.integration.test.ts +115 -106
package/src/server/__tests__/completions.test.ts +334 -313
package/src/server/__tests__/config.test.ts +98 -86
package/src/server/__tests__/deltaCache.merge.test.ts +774 -703
package/src/server/__tests__/deltaCache.swr.test.ts +198 -153
package/src/server/__tests__/deltaCache.test.ts +946 -759
package/src/server/__tests__/diagnostics.test.ts +825 -792
package/src/server/__tests__/errorHandler.integration.test.ts +512 -462
package/src/server/__tests__/errorHandler.test.ts +402 -397
package/src/server/__tests__/prompts.test.ts +424 -347
package/src/server/__tests__/rateLimiter.test.ts +313 -309
package/src/server/__tests__/requestLogger.test.ts +443 -403
package/src/server/__tests__/resources.template.test.ts +196 -185
package/src/server/__tests__/resources.test.ts +294 -288
package/src/server/__tests__/security.integration.test.ts +487 -421
package/src/server/__tests__/securityMiddleware.test.ts +519 -444
package/src/server/__tests__/server-startup.integration.test.ts +509 -490
package/src/server/__tests__/serverKnowledgeStore.test.ts +174 -173
package/src/server/__tests__/toolRegistration.test.ts +239 -210
package/src/server/__tests__/toolRegistry.test.ts +907 -845
package/src/server/budgetResolver.ts +221 -181
package/src/server/cacheKeys.ts +6 -6
package/src/server/cacheManager.ts +498 -484
package/src/server/completions.ts +267 -243
package/src/server/config.ts +35 -14
package/src/server/deltaCache.merge.ts +146 -128
package/src/server/deltaCache.ts +352 -309
package/src/server/diagnostics.ts +257 -242
package/src/server/errorHandler.ts +747 -744
package/src/server/prompts.ts +181 -176
package/src/server/rateLimiter.ts +131 -129
package/src/server/requestLogger.ts +350 -322
package/src/server/resources.ts +442 -374
package/src/server/responseFormatter.ts +41 -37
package/src/server/securityMiddleware.ts +223 -205
package/src/server/serverKnowledgeStore.ts +67 -67
package/src/server/toolRegistry.ts +508 -474
package/src/tools/CLAUDE.md +604 -0
package/src/tools/__tests__/accountTools.delta.integration.test.ts +128 -111
package/src/tools/__tests__/accountTools.integration.test.ts +129 -111
package/src/tools/__tests__/accountTools.test.ts +685 -638
package/src/tools/__tests__/adapters.test.ts +142 -108
package/src/tools/__tests__/budgetTools.delta.integration.test.ts +73 -73
package/src/tools/__tests__/budgetTools.integration.test.ts +132 -124
package/src/tools/__tests__/budgetTools.test.ts +442 -413
package/src/tools/__tests__/categoryTools.delta.integration.test.ts +76 -68
package/src/tools/__tests__/categoryTools.integration.test.ts +314 -288
package/src/tools/__tests__/categoryTools.test.ts +656 -625
package/src/tools/__tests__/compareTransactions/formatter.test.ts +535 -462
package/src/tools/__tests__/compareTransactions/index.test.ts +378 -358
package/src/tools/__tests__/compareTransactions/matcher.test.ts +497 -398
package/src/tools/__tests__/compareTransactions/parser.test.ts +765 -747
package/src/tools/__tests__/compareTransactions.test.ts +352 -332
package/src/tools/__tests__/compareTransactions.window.test.ts +150 -146
package/src/tools/__tests__/deltaFetcher.scheduled.integration.test.ts +69 -65
package/src/tools/__tests__/deltaFetcher.test.ts +325 -265
package/src/tools/__tests__/deltaSupport.test.ts +211 -184
package/src/tools/__tests__/deltaTestUtils.ts +37 -33
package/src/tools/__tests__/exportTransactions.test.ts +205 -200
package/src/tools/__tests__/monthTools.delta.integration.test.ts +68 -68
package/src/tools/__tests__/monthTools.integration.test.ts +178 -166
package/src/tools/__tests__/monthTools.test.ts +561 -512
package/src/tools/__tests__/payeeTools.delta.integration.test.ts +68 -68
package/src/tools/__tests__/payeeTools.integration.test.ts +158 -142
package/src/tools/__tests__/payeeTools.test.ts +486 -434
package/src/tools/__tests__/transactionSchemas.test.ts +1202 -1186
package/src/tools/__tests__/transactionTools.integration.test.ts +875 -825
package/src/tools/__tests__/transactionTools.test.ts +4923 -4366
package/src/tools/__tests__/transactionUtils.test.ts +1004 -977
package/src/tools/__tests__/utilityTools.integration.test.ts +32 -32
package/src/tools/__tests__/utilityTools.test.ts +68 -58
package/src/tools/accountTools.ts +293 -271
package/src/tools/adapters.ts +120 -63
package/src/tools/budgetTools.ts +121 -116
package/src/tools/categoryTools.ts +379 -339
package/src/tools/compareTransactions/formatter.ts +131 -119
package/src/tools/compareTransactions/index.ts +249 -214
package/src/tools/compareTransactions/matcher.ts +259 -209
package/src/tools/compareTransactions/parser.ts +517 -487
package/src/tools/compareTransactions/types.ts +38 -38
package/src/tools/compareTransactions.ts +1 -1
package/src/tools/deltaFetcher.ts +281 -260
package/src/tools/deltaSupport.ts +264 -259
package/src/tools/exportTransactions.ts +230 -218
package/src/tools/monthTools.ts +180 -165
package/src/tools/payeeTools.ts +152 -140
package/src/tools/reconcileAdapter.ts +297 -252
package/src/tools/reconciliation/CLAUDE.md +506 -0
package/src/tools/reconciliation/__tests__/adapter.causes.test.ts +133 -124
package/src/tools/reconciliation/__tests__/adapter.test.ts +249 -230
package/src/tools/reconciliation/__tests__/analyzer.test.ts +408 -400
package/src/tools/reconciliation/__tests__/csvParser.test.ts +71 -69
package/src/tools/reconciliation/__tests__/executor.integration.test.ts +348 -323
package/src/tools/reconciliation/__tests__/executor.progress.test.ts +503 -457
package/src/tools/reconciliation/__tests__/executor.test.ts +898 -831
package/src/tools/reconciliation/__tests__/matcher.test.ts +667 -663
package/src/tools/reconciliation/__tests__/payeeNormalizer.test.ts +296 -276
package/src/tools/reconciliation/__tests__/recommendationEngine.integration.test.ts +692 -624
package/src/tools/reconciliation/__tests__/recommendationEngine.test.ts +1008 -989
package/src/tools/reconciliation/__tests__/reconciliation.delta.integration.test.ts +187 -146
package/src/tools/reconciliation/__tests__/reportFormatter.test.ts +583 -533
package/src/tools/reconciliation/__tests__/scenarios/adapterCurrency.scenario.test.ts +75 -74
package/src/tools/reconciliation/__tests__/scenarios/extremes.scenario.test.ts +70 -62
package/src/tools/reconciliation/__tests__/scenarios/repeatAmount.scenario.test.ts +102 -88
package/src/tools/reconciliation/__tests__/schemaUrl.test.ts +56 -55
package/src/tools/reconciliation/__tests__/signDetector.test.ts +209 -206
package/src/tools/reconciliation/__tests__/ynabAdapter.test.ts +66 -60
package/src/tools/reconciliation/analyzer.ts +564 -504
package/src/tools/reconciliation/csvParser.ts +656 -609
package/src/tools/reconciliation/executor.ts +1290 -1128
package/src/tools/reconciliation/index.ts +580 -528
package/src/tools/reconciliation/matcher.ts +256 -240
package/src/tools/reconciliation/payeeNormalizer.ts +92 -78
package/src/tools/reconciliation/recommendationEngine.ts +357 -345
package/src/tools/reconciliation/reportFormatter.ts +343 -307
package/src/tools/reconciliation/signDetector.ts +89 -83
package/src/tools/reconciliation/types.ts +164 -159
package/src/tools/reconciliation/ynabAdapter.ts +17 -15
package/src/tools/schemas/CLAUDE.md +546 -0
package/src/tools/schemas/common.ts +1 -1
package/src/tools/schemas/outputs/__tests__/accountOutputs.test.ts +410 -409
package/src/tools/schemas/outputs/__tests__/budgetOutputs.test.ts +305 -299
package/src/tools/schemas/outputs/__tests__/categoryOutputs.test.ts +431 -430
package/src/tools/schemas/outputs/__tests__/comparisonOutputs.test.ts +510 -495
package/src/tools/schemas/outputs/__tests__/dateValidation.test.ts +179 -153
package/src/tools/schemas/outputs/__tests__/discrepancyDirection.test.ts +293 -254
package/src/tools/schemas/outputs/__tests__/monthOutputs.test.ts +457 -457
package/src/tools/schemas/outputs/__tests__/payeeOutputs.test.ts +362 -356
package/src/tools/schemas/outputs/__tests__/reconciliationOutputs.test.ts +402 -399
package/src/tools/schemas/outputs/__tests__/transactionMutationSchemas.test.ts +225 -211
package/src/tools/schemas/outputs/__tests__/transactionOutputs.test.ts +457 -454
package/src/tools/schemas/outputs/__tests__/utilityOutputs.test.ts +316 -315
package/src/tools/schemas/outputs/accountOutputs.ts +40 -34
package/src/tools/schemas/outputs/budgetOutputs.ts +24 -19
package/src/tools/schemas/outputs/categoryOutputs.ts +76 -56
package/src/tools/schemas/outputs/comparisonOutputs.ts +192 -169
package/src/tools/schemas/outputs/index.ts +163 -163
package/src/tools/schemas/outputs/monthOutputs.ts +95 -80
package/src/tools/schemas/outputs/payeeOutputs.ts +18 -18
package/src/tools/schemas/outputs/reconciliationOutputs.ts +386 -373
package/src/tools/schemas/outputs/transactionMutationOutputs.ts +259 -231
package/src/tools/schemas/outputs/transactionOutputs.ts +81 -71
package/src/tools/schemas/outputs/utilityOutputs.ts +90 -84
package/src/tools/schemas/shared/commonOutputs.ts +27 -19
package/src/tools/toolCategories.ts +114 -114
package/src/tools/transactionReadTools.ts +327 -0
package/src/tools/transactionSchemas.ts +322 -291
package/src/tools/transactionTools.ts +84 -2246
package/src/tools/transactionUtils.ts +507 -422
package/src/tools/transactionWriteTools.ts +2110 -0
package/src/tools/utilityTools.ts +46 -41
package/src/types/CLAUDE.md +477 -0
package/src/types/__tests__/index.test.ts +51 -51
package/src/types/index.ts +43 -39
package/src/types/integration-tests.d.ts +26 -26
package/src/types/reconciliation.ts +29 -29
package/src/types/toolAnnotations.ts +30 -30
package/src/types/toolRegistration.ts +43 -32
package/src/utils/CLAUDE.md +508 -0
package/src/utils/__tests__/dateUtils.test.ts +174 -168
package/src/utils/__tests__/money.test.ts +193 -187
package/src/utils/amountUtils.ts +5 -5
package/src/utils/baseError.ts +5 -5
package/src/utils/dateUtils.ts +29 -26
package/src/utils/errors.ts +14 -14
package/src/utils/money.ts +66 -52
package/src/utils/validationError.ts +1 -1
package/tsconfig.json +29 -29
package/tsconfig.prod.json +16 -16
package/vitest-reporters/split-json-reporter.ts +247 -204
package/vitest.config.ts +99 -95
package/.prettierignore +0 -10
package/.prettierrc.json +0 -10
package/eslint.config.js +0 -49

package/src/server/responseFormatter.ts CHANGED Viewed

@@ -1,51 +1,55 @@
-import { AsyncLocalStorage } from 'async_hooks';
+import { AsyncLocalStorage } from "node:async_hooks";
 function parseBool(value: string | undefined, fallback: boolean): boolean {
-  if (value === undefined) return fallback;
-  const v = value.trim().toLowerCase();
-  return v === '1' || v === 'true' || v === 'yes' || v === 'on';
+	if (value === undefined) return fallback;
+	const v = value.trim().toLowerCase();
+	return v === "1" || v === "true" || v === "yes" || v === "on";
 }
 function parseIntSafe(value: string | undefined, fallback: number): number {
-  if (value === undefined) return fallback;
-  const n = Number.parseInt(value, 10);
-  return Number.isFinite(n) && n >= 0 ? n : fallback;
+	if (value === undefined) return fallback;
+	const n = Number.parseInt(value, 10);
+	return Number.isFinite(n) && n >= 0 ? n : fallback;
 }
 interface Context {
-  minify?: boolean;
+	minify?: boolean;
 }
 class ResponseFormatter {
-  private defaultMinify: boolean;
-  private prettySpaces: number;
-  private als = new AsyncLocalStorage<Context>();
-  constructor() {
-    // Defaults: minify outputs unless explicitly pretty-printed
-    this.defaultMinify = parseBool(process.env['YNAB_MCP_MINIFY_OUTPUT'], true);
-    this.prettySpaces = parseIntSafe(process.env['YNAB_MCP_PRETTY_SPACES'], 2);
-  }
-  configure(options?: { defaultMinify?: boolean; prettySpaces?: number }): void {
-    if (!options) return;
-    if (typeof options.defaultMinify === 'boolean') this.defaultMinify = options.defaultMinify;
-    if (typeof options.prettySpaces === 'number' && options.prettySpaces >= 0) {
-      this.prettySpaces = options.prettySpaces;
-    }
-  }
-  runWithMinifyOverride<T>(minify: boolean | undefined, fn: () => T): T {
-    if (minify === undefined) return fn();
-    return this.als.run({ minify }, fn);
-  }
-  format(value: unknown): string {
-    const ctx = this.als.getStore();
-    const minify = ctx?.minify ?? this.defaultMinify;
-    if (minify) return JSON.stringify(value);
-    return JSON.stringify(value, null, this.prettySpaces);
-  }
+	private defaultMinify: boolean;
+	private prettySpaces: number;
+	private als = new AsyncLocalStorage<Context>();
+	constructor() {
+		// Defaults: minify outputs unless explicitly pretty-printed
+		this.defaultMinify = parseBool(process.env["YNAB_MCP_MINIFY_OUTPUT"], true);
+		this.prettySpaces = parseIntSafe(process.env["YNAB_MCP_PRETTY_SPACES"], 2);
+	}
+	configure(options?: {
+		defaultMinify?: boolean;
+		prettySpaces?: number;
+	}): void {
+		if (!options) return;
+		if (typeof options.defaultMinify === "boolean")
+			this.defaultMinify = options.defaultMinify;
+		if (typeof options.prettySpaces === "number" && options.prettySpaces >= 0) {
+			this.prettySpaces = options.prettySpaces;
+		}
+	}
+	runWithMinifyOverride<T>(minify: boolean | undefined, fn: () => T): T {
+		if (minify === undefined) return fn();
+		return this.als.run({ minify }, fn);
+	}
+	format(value: unknown): string {
+		const ctx = this.als.getStore();
+		const minify = ctx?.minify ?? this.defaultMinify;
+		if (minify) return JSON.stringify(value);
+		return JSON.stringify(value, null, this.prettySpaces);
+	}
 }
 export const responseFormatter = new ResponseFormatter();

package/src/server/securityMiddleware.ts CHANGED Viewed

@@ -2,201 +2,219 @@
  * Security middleware that combines rate limiting, request logging, and input validation
  */
-import { CallToolResult } from '@modelcontextprotocol/sdk/types.js';
-import { z } from 'zod/v4';
-import { fromZodError } from 'zod-validation-error';
-import { globalRateLimiter, RateLimitError } from './rateLimiter.js';
-import { globalRequestLogger } from './requestLogger.js';
-import { ErrorHandler } from './errorHandler.js';
-import { responseFormatter } from './responseFormatter.js';
+import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
+import { fromZodError } from "zod-validation-error";
+import { z } from "zod/v4";
+import { createErrorHandler } from "./errorHandler.js";
+import { RateLimitError, globalRateLimiter } from "./rateLimiter.js";
+import { globalRequestLogger } from "./requestLogger.js";
+import { responseFormatter } from "./responseFormatter.js";
 /**
  * Security context for requests
  */
 export interface SecurityContext {
-  accessToken: string;
-  toolName: string;
-  operation: string;
-  parameters: Record<string, unknown>;
-  startTime: number;
+	accessToken: string;
+	toolName: string;
+	operation: string;
+	parameters: Record<string, unknown>;
+	startTime: number;
 }
 /**
  * Security middleware class that wraps tool operations
  */
+// biome-ignore lint/complexity/noStaticOnlyClass: static utility class
 export class SecurityMiddleware {
-  /**
-   * Wrap a tool operation with security measures
-   */
-  static async withSecurity<T extends Record<string, unknown>>(
-    context: SecurityContext,
-    schema: z.ZodSchema<T>,
-    operation: (..._args: unknown[]) => Promise<CallToolResult>,
-  ): Promise<CallToolResult> {
-    const startTime = Date.now();
-    try {
-      // 1. Input validation
-      const validatedParams = await this.validateInput(schema, context.parameters);
-      // 2. Rate limiting check
-      await this.checkRateLimit(context.accessToken);
-      // 3. Record the request for rate limiting
-      globalRateLimiter.recordRequest(this.hashToken(context.accessToken));
-      // 4. Execute the operation
-      const result = await operation(validatedParams);
-      // 5. Log successful request
-      const duration = Date.now() - startTime;
-      const rateLimitInfo = globalRateLimiter.getStatus(this.hashToken(context.accessToken));
-      globalRequestLogger.logSuccess(
-        context.toolName,
-        context.operation,
-        context.parameters,
-        duration,
-        {
-          remaining: rateLimitInfo.remaining,
-          isLimited: rateLimitInfo.isLimited,
-        },
-      );
-      return result;
-    } catch (error) {
-      // Log failed request
-      const duration = Date.now() - startTime;
-      const rateLimitInfo = globalRateLimiter.getStatus(this.hashToken(context.accessToken));
-      const errorMessage = error instanceof Error ? error.message : 'Unknown error';
-      globalRequestLogger.logError(
-        context.toolName,
-        context.operation,
-        context.parameters,
-        errorMessage,
-        duration,
-        {
-          remaining: rateLimitInfo.remaining,
-          isLimited: rateLimitInfo.isLimited,
-        },
-      );
-      // Handle rate limit errors specially
-      if (error instanceof RateLimitError) {
-        return this.createRateLimitErrorResponse(error);
-      }
-      // Handle validation errors
-      if (error instanceof Error && error.message.includes('Validation failed')) {
-        return ErrorHandler.createValidationError(
-          'Invalid parameters for ' + context.toolName,
-          error.message,
-        );
-      }
-      // Re-throw other errors to be handled by existing error handling
-      throw error;
-    }
-  }
-  /**
-   * Validate input parameters using Zod schema
-   */
-  private static async validateInput<T>(
-    schema: z.ZodSchema<T>,
-    parameters: Record<string, unknown>,
-  ): Promise<T> {
-    try {
-      return schema.parse(parameters);
-    } catch (error) {
-      if (error instanceof z.ZodError) {
-        const validationError = fromZodError(error);
-        throw new Error(`Validation failed: ${validationError.message}`);
-      }
-      throw error;
-    }
-  }
-  /**
-   * Check rate limit for the given access token
-   */
-  private static async checkRateLimit(accessToken: string): Promise<void> {
-    const tokenHash = this.hashToken(accessToken);
-    const rateLimitInfo = globalRateLimiter.isAllowed(tokenHash);
-    if (rateLimitInfo.isLimited) {
-      throw new RateLimitError(
-        'Rate limit exceeded. Please wait before making additional requests.',
-        rateLimitInfo.resetTime,
-        rateLimitInfo.remaining,
-      );
-    }
-  }
-  /**
-   * Create a rate limit error response
-   */
-  private static createRateLimitErrorResponse(error: RateLimitError): CallToolResult {
-    return {
-      isError: true,
-      content: [
-        {
-          type: 'text',
-          text: responseFormatter.format({
-            error: {
-              code: 'RATE_LIMIT_EXCEEDED',
-              message: error.message,
-              details: {
-                resetTime: error.resetTime.toISOString(),
-                remaining: error.remaining,
-              },
-            },
-          }),
-        },
-      ],
-    };
-  }
-  /**
-   * Hash access token for rate limiting and logging
-   */
-  private static hashToken(token: string): string {
-    // Simple hash for rate limiting - not cryptographically secure
-    let hash = 0;
-    for (let i = 0; i < token.length; i++) {
-      const char = token.charCodeAt(i);
-      hash = (hash << 5) - hash + char;
-      hash = hash & hash; // Convert to 32-bit integer
-    }
-    return `token_${Math.abs(hash).toString(16)}`;
-  }
-  /**
-   * Get security statistics
-   */
-  static getSecurityStats(): {
-    rateLimitStats: Record<string, unknown>;
-    requestStats: Record<string, unknown>;
-  } {
-    return {
-      rateLimitStats: {
-        // Rate limiter doesn't expose internal stats, but we can provide basic info
-        message: 'Rate limiting is active with YNAB API limits (200 requests/hour)',
-      },
-      requestStats: globalRequestLogger.getStats(),
-    };
-  }
-  /**
-   * Reset security state (useful for testing)
-   */
-  static reset(): void {
-    globalRateLimiter.reset();
-    globalRequestLogger.clearLogs();
-  }
+	/**
+	 * Wrap a tool operation with security measures
+	 */
+	static async withSecurity<T extends Record<string, unknown>>(
+		context: SecurityContext,
+		schema: z.ZodSchema<T>,
+		operation: (..._args: unknown[]) => Promise<CallToolResult>,
+	): Promise<CallToolResult> {
+		const startTime = Date.now();
+		try {
+			// 1. Input validation
+			const validatedParams = await SecurityMiddleware.validateInput(
+				schema,
+				context.parameters,
+			);
+			// 2. Rate limiting check
+			await SecurityMiddleware.checkRateLimit(context.accessToken);
+			// 3. Record the request for rate limiting
+			globalRateLimiter.recordRequest(
+				SecurityMiddleware.hashToken(context.accessToken),
+			);
+			// 4. Execute the operation
+			const result = await operation(validatedParams);
+			// 5. Log successful request
+			const duration = Date.now() - startTime;
+			const rateLimitInfo = globalRateLimiter.getStatus(
+				SecurityMiddleware.hashToken(context.accessToken),
+			);
+			globalRequestLogger.logSuccess(
+				context.toolName,
+				context.operation,
+				context.parameters,
+				duration,
+				{
+					remaining: rateLimitInfo.remaining,
+					isLimited: rateLimitInfo.isLimited,
+				},
+			);
+			return result;
+		} catch (error) {
+			// Log failed request
+			const duration = Date.now() - startTime;
+			const rateLimitInfo = globalRateLimiter.getStatus(
+				SecurityMiddleware.hashToken(context.accessToken),
+			);
+			const errorMessage =
+				error instanceof Error ? error.message : "Unknown error";
+			globalRequestLogger.logError(
+				context.toolName,
+				context.operation,
+				context.parameters,
+				errorMessage,
+				duration,
+				{
+					remaining: rateLimitInfo.remaining,
+					isLimited: rateLimitInfo.isLimited,
+				},
+			);
+			// Handle rate limit errors specially
+			if (error instanceof RateLimitError) {
+				return SecurityMiddleware.createRateLimitErrorResponse(error);
+			}
+			// Handle validation errors
+			if (
+				error instanceof Error &&
+				error.message.includes("Validation failed")
+			) {
+				const errorHandler = createErrorHandler(responseFormatter);
+				return errorHandler.createValidationError(
+					`Invalid parameters for ${context.toolName}`,
+					error.message,
+				);
+			}
+			// Re-throw other errors to be handled by existing error handling
+			throw error;
+		}
+	}
+	/**
+	 * Validate input parameters using Zod schema
+	 */
+	private static async validateInput<T>(
+		schema: z.ZodSchema<T>,
+		parameters: Record<string, unknown>,
+	): Promise<T> {
+		try {
+			return schema.parse(parameters);
+		} catch (error) {
+			if (error instanceof z.ZodError) {
+				const validationError = fromZodError(error);
+				throw new Error(`Validation failed: ${validationError.message}`);
+			}
+			throw error;
+		}
+	}
+	/**
+	 * Check rate limit for the given access token
+	 */
+	private static async checkRateLimit(accessToken: string): Promise<void> {
+		const tokenHash = SecurityMiddleware.hashToken(accessToken);
+		const rateLimitInfo = globalRateLimiter.isAllowed(tokenHash);
+		if (rateLimitInfo.isLimited) {
+			throw new RateLimitError(
+				"Rate limit exceeded. Please wait before making additional requests.",
+				rateLimitInfo.resetTime,
+				rateLimitInfo.remaining,
+			);
+		}
+	}
+	/**
+	 * Create a rate limit error response
+	 */
+	private static createRateLimitErrorResponse(
+		error: RateLimitError,
+	): CallToolResult {
+		return {
+			isError: true,
+			content: [
+				{
+					type: "text",
+					text: responseFormatter.format({
+						error: {
+							code: "RATE_LIMIT_EXCEEDED",
+							message: error.message,
+							details: {
+								resetTime: error.resetTime.toISOString(),
+								remaining: error.remaining,
+							},
+						},
+					}),
+				},
+			],
+		};
+	}
+	/**
+	 * Hash access token for rate limiting and logging
+	 */
+	private static hashToken(token: string): string {
+		// Simple hash for rate limiting - not cryptographically secure
+		let hash = 0;
+		for (let i = 0; i < token.length; i++) {
+			const char = token.charCodeAt(i);
+			hash = (hash << 5) - hash + char;
+			hash = hash & hash; // Convert to 32-bit integer
+		}
+		return `token_${Math.abs(hash).toString(16)}`;
+	}
+	/**
+	 * Get security statistics
+	 */
+	static getSecurityStats(): {
+		rateLimitStats: Record<string, unknown>;
+		requestStats: Record<string, unknown>;
+	} {
+		return {
+			rateLimitStats: {
+				// Rate limiter doesn't expose internal stats, but we can provide basic info
+				message:
+					"Rate limiting is active with YNAB API limits (200 requests/hour)",
+			},
+			requestStats: globalRequestLogger.getStats(),
+		};
+	}
+	/**
+	 * Reset security state (useful for testing)
+	 */
+	static reset(): void {
+		globalRateLimiter.reset();
+		globalRequestLogger.clearLogs();
+	}
 }
 /**
@@ -208,26 +226,26 @@ export class SecurityMiddleware {
  * @returns A function that takes an `accessToken` and returns a function that takes raw `params`, which returns a function that accepts a handler `(validated: T) => Promise<CallToolResult>`; when invoked, the handler is executed under the security middleware and its `CallToolResult` is returned
  */
 export function withSecurityWrapper<T extends Record<string, unknown>>(
-  toolName: string,
-  operation: string,
-  schema: z.ZodSchema<T>,
+	toolName: string,
+	operation: string,
+	schema: z.ZodSchema<T>,
 ) {
-  return (accessToken: string) =>
-    (params: Record<string, unknown>) =>
-    (handler: (validated: T) => Promise<CallToolResult>) => {
-      const context: SecurityContext = {
-        accessToken,
-        toolName,
-        operation,
-        parameters: params,
-        startTime: Date.now(),
-      };
-      // Adapt the handler to the generic signature expected by withSecurity
-      const operationAdapter = async (validatedParams: unknown) => {
-        return handler(validatedParams as T);
-      };
-      return SecurityMiddleware.withSecurity(context, schema, operationAdapter);
-    };
+	return (accessToken: string) =>
+		(params: Record<string, unknown>) =>
+		(handler: (validated: T) => Promise<CallToolResult>) => {
+			const context: SecurityContext = {
+				accessToken,
+				toolName,
+				operation,
+				parameters: params,
+				startTime: Date.now(),
+			};
+			// Adapt the handler to the generic signature expected by withSecurity
+			const operationAdapter = async (validatedParams: unknown) => {
+				return handler(validatedParams as T);
+			};
+			return SecurityMiddleware.withSecurity(context, schema, operationAdapter);
+		};
 }