@goodsamsoftware/freshbooks-mcp 1.0.1 → 1.0.2

package/dist/tools/user/schemas.d.ts

@@ -14,14 +14,14 @@ export declare const BusinessMembershipSchema: z.ZodObject<{
     role: z.ZodString;
 }, "strip", z.ZodTypeAny, {
     accountId: string;
+    id: number;
     name: string;
     role: string;
-    id: number;
 }, {
     accountId: string;
+    id: number;
     name: string;
     role: string;
-    id: number;
 }>;
 /**
  * Full User schema with all properties
@@ -38,14 +38,14 @@ export declare const UserSchema: z.ZodObject<{
         role: z.ZodString;
     }, "strip", z.ZodTypeAny, {
         accountId: string;
+        id: number;
         name: string;
         role: string;
-        id: number;
     }, {
         accountId: string;
+        id: number;
         name: string;
         role: string;
-        id: number;
     }>, "many">;
     phoneNumbers: z.ZodOptional<z.ZodArray<z.ZodObject<{
         title: z.ZodOptional<z.ZodString>;
@@ -85,15 +85,15 @@ export declare const UserSchema: z.ZodObject<{
         me: string;
     }>>;
 }, "strip", z.ZodTypeAny, {
-    email: string;
     id: number;
+    email: string;
     firstName: string;
     lastName: string;
     businessMemberships: {
         accountId: string;
+        id: number;
         name: string;
         role: string;
-        id: number;
     }[];
     phoneNumbers?: {
         number: string;
@@ -111,15 +111,15 @@ export declare const UserSchema: z.ZodObject<{
         me: string;
     } | undefined;
 }, {
-    email: string;
     id: number;
+    email: string;
     firstName: string;
     lastName: string;
     businessMemberships: {
         accountId: string;
+        id: number;
         name: string;
         role: string;
-        id: number;
     }[];
     phoneNumbers?: {
         number: string;
@@ -156,14 +156,14 @@ export declare const UserMeOutputSchema: z.ZodObject<{
         role: z.ZodString;
     }, "strip", z.ZodTypeAny, {
         accountId: string;
+        id: number;
         name: string;
         role: string;
-        id: number;
     }, {
         accountId: string;
+        id: number;
         name: string;
         role: string;
-        id: number;
     }>, "many">;
     phoneNumbers: z.ZodOptional<z.ZodArray<z.ZodObject<{
         title: z.ZodOptional<z.ZodString>;
@@ -203,15 +203,15 @@ export declare const UserMeOutputSchema: z.ZodObject<{
         me: string;
     }>>;
 }, "strip", z.ZodTypeAny, {
-    email: string;
     id: number;
+    email: string;
     firstName: string;
     lastName: string;
     businessMemberships: {
         accountId: string;
+        id: number;
         name: string;
         role: string;
-        id: number;
     }[];
     phoneNumbers?: {
         number: string;
@@ -229,15 +229,15 @@ export declare const UserMeOutputSchema: z.ZodObject<{
         me: string;
     } | undefined;
 }, {
-    email: string;
     id: number;
+    email: string;
     firstName: string;
     lastName: string;
     businessMemberships: {
         accountId: string;
+        id: number;
         name: string;
         role: string;
-        id: number;
     }[];
     phoneNumbers?: {
         number: string;

package/dist/tools/user/user-me.d.ts

@@ -25,14 +25,14 @@ export declare const userMeTool: {
             role: z.ZodString;
         }, "strip", z.ZodTypeAny, {
             accountId: string;
+            id: number;
             name: string;
             role: string;
-            id: number;
         }, {
             accountId: string;
+            id: number;
             name: string;
             role: string;
-            id: number;
         }>, "many">;
         phoneNumbers: z.ZodOptional<z.ZodArray<z.ZodObject<{
             title: z.ZodOptional<z.ZodString>;
@@ -72,15 +72,15 @@ export declare const userMeTool: {
             me: string;
         }>>;
     }, "strip", z.ZodTypeAny, {
-        email: string;
         id: number;
+        email: string;
         firstName: string;
         lastName: string;
         businessMemberships: {
             accountId: string;
+            id: number;
             name: string;
             role: string;
-            id: number;
         }[];
         phoneNumbers?: {
             number: string;
@@ -98,15 +98,15 @@ export declare const userMeTool: {
             me: string;
         } | undefined;
     }, {
-        email: string;
         id: number;
+        email: string;
         firstName: string;
         lastName: string;
         businessMemberships: {
             accountId: string;
+            id: number;
             name: string;
             role: string;
-            id: number;
         }[];
         phoneNumbers?: {
             number: string;

package/dist/utils/logger.d.ts

@@ -7,6 +7,7 @@ import type { LogLevel } from '../types/index.js';
 declare class Logger {
     private currentLevel;
     private requestId;
+    private static readonly MAX_DEPTH;
     constructor(level?: LogLevel);
     /**
      * Set the current log level
@@ -24,6 +25,14 @@ declare class Logger {
      * Check if a log level should be output
      */
     private shouldLog;
+    /**
+     * Check if a key name indicates sensitive data
+     */
+    private isSensitiveKey;
+    /**
+     * Heuristically detect if a string value looks like a secret
+     */
+    private looksLikeSecret;
     /**
      * Sanitize data to prevent logging sensitive information
      */

package/dist/utils/logger.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AASlD,cAAM,MAAM;IACV,OAAO,CAAC,YAAY,CAAW;IAC/B,OAAO,CAAC,SAAS,CAAuB;gBAE5B,KAAK,GAAE,QAAiB;IAIpC;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI;IAI/B;;OAEG;IACH,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAI9B;;OAEG;IACH,cAAc,IAAI,IAAI;IAItB;;OAEG;IACH,OAAO,CAAC,SAAS;IAIjB;;OAEG;IACH,OAAO,CAAC,QAAQ;IAqChB;;OAEG;IACH,OAAO,CAAC,KAAK;IAiBb;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAI/D;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAI9D;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAI9D;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK,GAAG,OAAO,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;CAezF;AAGD,eAAO,MAAM,MAAM,QAAe,CAAC"}
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAgFlD,cAAM,MAAM;IACV,OAAO,CAAC,YAAY,CAAW;IAC/B,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAM;gBAE3B,KAAK,GAAE,QAAiB;IAIpC;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI;IAI/B;;OAEG;IACH,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAI9B;;OAEG;IACH,cAAc,IAAI,IAAI;IAItB;;OAEG;IACH,OAAO,CAAC,SAAS;IAIjB;;OAEG;IACH,OAAO,CAAC,cAAc;IAatB;;OAEG;IACH,OAAO,CAAC,eAAe;IAwBvB;;OAEG;IACH,OAAO,CAAC,QAAQ;IA8BhB;;OAEG;IACH,OAAO,CAAC,KAAK;IAiBb;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAI/D;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAI9D;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAI9D;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK,GAAG,OAAO,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;CAgBzF;AAGD,eAAO,MAAM,MAAM,QAAe,CAAC"}

package/dist/utils/logger.js

@@ -3,15 +3,80 @@
  *
  * IMPORTANT: All logs go to stderr (stdout is reserved for MCP protocol)
  */
+import { isProduction } from '../config/environment.js';
 const LOG_LEVELS = {
     debug: 0,
     info: 1,
     warn: 2,
     error: 3,
 };
+/**
+ * Regex patterns for detecting sensitive keys
+ * These patterns catch various naming conventions (camelCase, snake_case, etc.)
+ */
+const SENSITIVE_KEY_PATTERNS = [
+    // Tokens and authentication
+    /token/i,
+    /bearer/i,
+    /jwt/i,
+    /oauth/i,
+    /session/i,
+    /auth/i,
+    // Secrets and passwords
+    /secret/i,
+    /password/i,
+    /passwd/i,
+    /pwd/i,
+    /credential/i,
+    // API keys
+    /api[-_]?key/i,
+    /apikey/i,
+    /key/i,
+    // Cryptographic
+    /private[-_]?key/i,
+    /signing/i,
+    /cipher/i,
+    /encrypt/i,
+    /salt/i,
+    /hash/i,
+    /\biv\b/i, // initialization vector
+    // Personal identifiable information
+    /ssn/i,
+    /social[-_]?security/i,
+    /credit[-_]?card/i,
+    /card[-_]?number/i,
+    /cvv/i,
+    /\bpin\b/i,
+    // Headers
+    /x-api/i,
+    /x-auth/i,
+    /x-secret/i,
+];
+/**
+ * Exact key matches (case-insensitive, normalized)
+ * These are checked after removing hyphens and underscores
+ */
+const SENSITIVE_EXACT_KEYS = new Set([
+    'password',
+    'token',
+    'secret',
+    'key',
+    'accesstoken',
+    'refreshtoken',
+    'apikey',
+    'clientsecret',
+    'privatekey',
+    'authorization',
+    'bearer',
+    'jwt',
+    'sessionid',
+    'cookie',
+    'credentials',
+]);
 class Logger {
     currentLevel;
     requestId = null;
+    static MAX_DEPTH = 10;
     constructor(level = 'info') {
         this.currentLevel = level;
     }
@@ -39,38 +104,66 @@ class Logger {
     shouldLog(level) {
         return LOG_LEVELS[level] >= LOG_LEVELS[this.currentLevel];
     }
+    /**
+     * Check if a key name indicates sensitive data
+     */
+    isSensitiveKey(key) {
+        // Normalize key: lowercase and remove separators
+        const normalizedKey = key.toLowerCase().replace(/[-_]/g, '');
+        // Check exact matches
+        if (SENSITIVE_EXACT_KEYS.has(normalizedKey)) {
+            return true;
+        }
+        // Check patterns
+        return SENSITIVE_KEY_PATTERNS.some((pattern) => pattern.test(key));
+    }
+    /**
+     * Heuristically detect if a string value looks like a secret
+     */
+    looksLikeSecret(value) {
+        // Skip short values
+        if (value.length < 20) {
+            return false;
+        }
+        // JWT pattern: eyJ...
+        if (/^eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/.test(value)) {
+            return true;
+        }
+        // Long hex strings (32+ chars) - likely keys/tokens
+        if (/^[a-f0-9]{32,}$/i.test(value)) {
+            return true;
+        }
+        // Base64-ish strings that are long (50+ chars) - likely tokens
+        if (/^[A-Za-z0-9+/=_-]{50,}$/.test(value)) {
+            return true;
+        }
+        return false;
+    }
     /**
      * Sanitize data to prevent logging sensitive information
      */
-    sanitize(data) {
+    sanitize(data, depth = 0) {
+        // Prevent infinite recursion
+        if (depth > Logger.MAX_DEPTH) {
+            return '[DEPTH_LIMIT]';
+        }
         if (typeof data !== 'object' || data === null) {
             return data;
         }
         if (Array.isArray(data)) {
-            return data.map((item) => this.sanitize(item));
+            return data.map((item) => this.sanitize(item, depth + 1));
         }
         const sanitized = {};
-        const sensitiveKeys = [
-            'token',
-            'accessToken',
-            'refreshToken',
-            'access_token',
-            'refresh_token',
-            'secret',
-            'password',
-            'clientSecret',
-            'client_secret',
-            'authorization',
-            'apiKey',
-            'api_key',
-        ];
         for (const [key, value] of Object.entries(data)) {
-            const lowerKey = key.toLowerCase();
-            if (sensitiveKeys.some((sensitive) => lowerKey.includes(sensitive))) {
+            if (this.isSensitiveKey(key)) {
                 sanitized[key] = '[REDACTED]';
             }
+            else if (typeof value === 'string' && this.looksLikeSecret(value)) {
+                // Detect secret-like values even if key doesn't match
+                sanitized[key] = '[REDACTED_VALUE]';
+            }
             else {
-                sanitized[key] = this.sanitize(value);
+                sanitized[key] = this.sanitize(value, depth + 1);
             }
         }
         return sanitized;
@@ -119,7 +212,8 @@ class Logger {
             errorContext.error = {
                 name: error.name,
                 message: error.message,
-                stack: error.stack,
+                // Only include stack traces in non-production environments
+                ...(isProduction() ? {} : { stack: error.stack }),
             };
         }
         else if (error) {

package/dist/utils/logger.js.map

@@ -1 +1 @@
-{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,MAAM,UAAU,GAA6B;IAC3C,KAAK,EAAE,CAAC;IACR,IAAI,EAAE,CAAC;IACP,IAAI,EAAE,CAAC;IACP,KAAK,EAAE,CAAC;CACT,CAAC;AAEF,MAAM,MAAM;IACF,YAAY,CAAW;IACvB,SAAS,GAAkB,IAAI,CAAC;IAExC,YAAY,QAAkB,MAAM;QAClC,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,KAAe;QACtB,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,EAAU;QACrB,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;IACxB,CAAC;IAED;;OAEG;IACK,SAAS,CAAC,KAAe;QAC/B,OAAO,UAAU,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC5D,CAAC;IAED;;OAEG;IACK,QAAQ,CAAC,IAAa;QAC5B,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YAC9C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,SAAS,GAA4B,EAAE,CAAC;QAC9C,MAAM,aAAa,GAAG;YACpB,OAAO;YACP,aAAa;YACb,cAAc;YACd,cAAc;YACd,eAAe;YACf,QAAQ;YACR,UAAU;YACV,cAAc;YACd,eAAe;YACf,eAAe;YACf,QAAQ;YACR,SAAS;SACV,CAAC;QAEF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;YACnC,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;gBACpE,SAAS,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;YAChC,CAAC;iBAAM,CAAC;gBACN,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACxC,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,KAAe,EAAE,OAAe,EAAE,OAAiC;QAC/E,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG;YACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK;YACL,OAAO;YACP,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;YACpD,GAAG,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;SACpD,CAAC;QAEF,0DAA0D;QAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;IACxD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAe,EAAE,OAAiC;QACtD,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,OAAe,EAAE,OAAiC;QACrD,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,OAAe,EAAE,OAAiC;QACrD,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAe,EAAE,KAAuB,EAAE,OAAiC;QAC/E,MAAM,YAAY,GAA4B,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAE5E,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,YAAY,CAAC,KAAK,GAAG;gBACnB,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,KAAK,EAAE,KAAK,CAAC,KAAK;aACnB,CAAC;QACJ,CAAC;aAAM,IAAI,KAAK,EAAE,CAAC;YACjB,YAAY,CAAC,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC5C,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;IAC7C,CAAC;CACF;AAED,4BAA4B;AAC5B,MAAM,CAAC,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC"}
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD,MAAM,UAAU,GAA6B;IAC3C,KAAK,EAAE,CAAC;IACR,IAAI,EAAE,CAAC;IACP,IAAI,EAAE,CAAC;IACP,KAAK,EAAE,CAAC;CACT,CAAC;AAEF;;;GAGG;AACH,MAAM,sBAAsB,GAAa;IACvC,4BAA4B;IAC5B,QAAQ;IACR,SAAS;IACT,MAAM;IACN,QAAQ;IACR,UAAU;IACV,OAAO;IAEP,wBAAwB;IACxB,SAAS;IACT,WAAW;IACX,SAAS;IACT,MAAM;IACN,aAAa;IAEb,WAAW;IACX,cAAc;IACd,SAAS;IACT,MAAM;IAEN,gBAAgB;IAChB,kBAAkB;IAClB,UAAU;IACV,SAAS;IACT,UAAU;IACV,OAAO;IACP,OAAO;IACP,SAAS,EAAE,wBAAwB;IAEnC,oCAAoC;IACpC,MAAM;IACN,sBAAsB;IACtB,kBAAkB;IAClB,kBAAkB;IAClB,MAAM;IACN,UAAU;IAEV,UAAU;IACV,QAAQ;IACR,SAAS;IACT,WAAW;CACZ,CAAC;AAEF;;;GAGG;AACH,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,UAAU;IACV,OAAO;IACP,QAAQ;IACR,KAAK;IACL,aAAa;IACb,cAAc;IACd,QAAQ;IACR,cAAc;IACd,YAAY;IACZ,eAAe;IACf,QAAQ;IACR,KAAK;IACL,WAAW;IACX,QAAQ;IACR,aAAa;CACd,CAAC,CAAC;AAEH,MAAM,MAAM;IACF,YAAY,CAAW;IACvB,SAAS,GAAkB,IAAI,CAAC;IAChC,MAAM,CAAU,SAAS,GAAG,EAAE,CAAC;IAEvC,YAAY,QAAkB,MAAM;QAClC,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,KAAe;QACtB,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,EAAU;QACrB,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;IACxB,CAAC;IAED;;OAEG;IACK,SAAS,CAAC,KAAe;QAC/B,OAAO,UAAU,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC5D,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,GAAW;QAChC,iDAAiD;QACjD,MAAM,aAAa,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAE7D,sBAAsB;QACtB,IAAI,oBAAoB,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,iBAAiB;QACjB,OAAO,sBAAsB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACrE,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,KAAa;QACnC,oBAAoB;QACpB,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACtB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,sBAAsB;QACtB,IAAI,qDAAqD,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACtE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,oDAAoD;QACpD,IAAI,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,+DAA+D;QAC/D,IAAI,yBAAyB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,QAAQ,CAAC,IAAa,EAAE,KAAK,GAAG,CAAC;QACvC,6BAA6B;QAC7B,IAAI,KAAK,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;YAC7B,OAAO,eAAe,CAAC;QACzB,CAAC;QAED,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YAC9C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,SAAS,GAA4B,EAAE,CAAC;QAE9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,IAAI,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,SAAS,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;YAChC,CAAC;iBAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;gBACpE,sDAAsD;gBACtD,SAAS,CAAC,GAAG,CAAC,GAAG,kBAAkB,CAAC;YACtC,CAAC;iBAAM,CAAC;gBACN,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,KAAe,EAAE,OAAe,EAAE,OAAiC;QAC/E,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG;YACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK;YACL,OAAO;YACP,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;YACpD,GAAG,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;SACpD,CAAC;QAEF,0DAA0D;QAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;IACxD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAe,EAAE,OAAiC;QACtD,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,OAAe,EAAE,OAAiC;QACrD,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,OAAe,EAAE,OAAiC;QACrD,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAe,EAAE,KAAuB,EAAE,OAAiC;QAC/E,MAAM,YAAY,GAA4B,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAE5E,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,YAAY,CAAC,KAAK,GAAG;gBACnB,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,2DAA2D;gBAC3D,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC;aAClD,CAAC;QACJ,CAAC;aAAM,IAAI,KAAK,EAAE,CAAC;YACjB,YAAY,CAAC,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC5C,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;IAC7C,CAAC;;AAGH,4BAA4B;AAC5B,MAAM,CAAC,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC"}

package/dist/utils/sanitizer.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Output sanitization utilities for MCP responses
+ *
+ * Prevents prompt injection attacks by sanitizing user-controlled data
+ * before returning it to Claude in MCP tool responses.
+ */
+export interface SanitizeOptions {
+    /** Maximum string length before truncation (default: 10000) */
+    maxStringLength?: number;
+    /** Strip control characters (default: true) */
+    stripControlChars?: boolean;
+    /** Maximum recursion depth (default: 50) */
+    maxDepth?: number;
+    /** Flag suspicious content in metadata (default: true) */
+    flagSuspiciousContent?: boolean;
+}
+export interface SanitizeResult {
+    data: unknown;
+    warnings: string[];
+}
+/**
+ * Check if a string contains suspicious content that might be prompt injection
+ */
+export declare function containsSuspiciousContent(str: string): boolean;
+/**
+ * Sanitize data for MCP response with warnings
+ *
+ * Returns both the sanitized data and any warnings about suspicious content.
+ * Warnings are for logging purposes - the data is still returned.
+ */
+export declare function sanitizeWithWarnings(data: unknown, options?: SanitizeOptions): SanitizeResult;
+/**
+ * Sanitize data for MCP response
+ *
+ * This is the main function to use when preparing tool responses.
+ * It sanitizes user-controlled data to prevent prompt injection.
+ *
+ * @param data - The data to sanitize (typically from FreshBooks API)
+ * @param options - Optional sanitization options
+ * @returns Sanitized data safe for MCP response
+ */
+export declare function sanitizeForMcpResponse(data: unknown, options?: SanitizeOptions): unknown;
+/**
+ * Create a sanitized JSON string for MCP response content
+ *
+ * Convenience function that sanitizes and stringifies in one call.
+ */
+export declare function toSanitizedJson(data: unknown, options?: SanitizeOptions): string;
+//# sourceMappingURL=sanitizer.d.ts.map

package/dist/utils/sanitizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitizer.d.ts","sourceRoot":"","sources":["../../src/utils/sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,eAAe;IAC9B,+DAA+D;IAC/D,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,+CAA+C;IAC/C,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,4CAA4C;IAC5C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,0DAA0D;IAC1D,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,OAAO,CAAC;IACd,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAsDD;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAM9D;AA0FD;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,OAAO,EACb,OAAO,CAAC,EAAE,eAAe,GACxB,cAAc,CAahB;AAED;;;;;;;;;GASG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,eAAe,GAAG,OAAO,CAExF;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,eAAe,GAAG,MAAM,CAGhF"}

package/dist/utils/sanitizer.js

@@ -0,0 +1,163 @@
+/**
+ * Output sanitization utilities for MCP responses
+ *
+ * Prevents prompt injection attacks by sanitizing user-controlled data
+ * before returning it to Claude in MCP tool responses.
+ */
+const DEFAULT_OPTIONS = {
+    maxStringLength: 10000,
+    stripControlChars: true,
+    maxDepth: 50,
+    flagSuspiciousContent: true,
+};
+/**
+ * Patterns that may indicate prompt injection attempts
+ * These are flagged but not blocked to avoid false positives
+ */
+const SUSPICIOUS_PATTERNS = [
+    // Direct instruction overrides
+    /ignore\s+(all\s+)?previous\s+instructions?/i,
+    /ignore\s+(all\s+)?prior\s+instructions?/i,
+    /disregard\s+(all\s+)?previous/i,
+    /forget\s+(all\s+)?previous/i,
+    // Role manipulation
+    /you\s+are\s+now\s+a/i,
+    /pretend\s+you\s+are/i,
+    /act\s+as\s+(if\s+you\s+are\s+)?a/i,
+    /from\s+now\s+on,?\s+you/i,
+    // System prompt references
+    /system\s*prompt/i,
+    /\[system\]/i,
+    /\[INST\]/i,
+    /<\|system\|>/i,
+    // Jailbreak attempts
+    /do\s+anything\s+now/i,
+    /DAN\s+mode/i,
+    /developer\s+mode/i,
+    /jailbreak/i,
+    // Instruction injection markers
+    /\n\n---\n\nNew instructions:/i,
+    /END\s+OF\s+DOCUMENT/i,
+    /IMPORTANT:\s*As\s+an?\s+AI/i,
+    // Tool manipulation
+    /call\s+(the\s+)?tool/i,
+    /execute\s+(the\s+)?function/i,
+    /invoke\s+.*_delete/i,
+];
+/**
+ * Control characters to strip (excluding common whitespace)
+ */
+const CONTROL_CHAR_REGEX = /[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g;
+/**
+ * Check if a string contains suspicious content that might be prompt injection
+ */
+export function containsSuspiciousContent(str) {
+    if (typeof str !== 'string') {
+        return false;
+    }
+    return SUSPICIOUS_PATTERNS.some((pattern) => pattern.test(str));
+}
+/**
+ * Sanitize a string value
+ */
+function sanitizeString(str, options) {
+    let result = str;
+    // Strip control characters
+    if (options.stripControlChars) {
+        result = result.replace(CONTROL_CHAR_REGEX, '');
+    }
+    // Truncate if too long
+    if (result.length > options.maxStringLength) {
+        result = result.substring(0, options.maxStringLength) + '... [TRUNCATED]';
+    }
+    return result;
+}
+/**
+ * Recursively sanitize data for MCP response
+ */
+function sanitizeValue(data, options, warnings, path, depth) {
+    // Check depth limit
+    if (depth > options.maxDepth) {
+        warnings.push(`Max depth exceeded at path: ${path}`);
+        return '[MAX_DEPTH_EXCEEDED]';
+    }
+    // Handle null/undefined
+    if (data === null || data === undefined) {
+        return data;
+    }
+    // Handle primitives
+    if (typeof data === 'string') {
+        const sanitized = sanitizeString(data, options);
+        // Check for suspicious content
+        if (options.flagSuspiciousContent && containsSuspiciousContent(data)) {
+            warnings.push(`Suspicious content detected at path: ${path}`);
+        }
+        return sanitized;
+    }
+    if (typeof data === 'number' || typeof data === 'boolean') {
+        return data;
+    }
+    // Handle arrays
+    if (Array.isArray(data)) {
+        return data.map((item, index) => sanitizeValue(item, options, warnings, `${path}[${index}]`, depth + 1));
+    }
+    // Handle objects
+    if (typeof data === 'object') {
+        // Handle Date objects
+        if (data instanceof Date) {
+            return data.toISOString();
+        }
+        // Handle regular objects
+        const sanitized = {};
+        for (const [key, value] of Object.entries(data)) {
+            sanitized[key] = sanitizeValue(value, options, warnings, `${path}.${key}`, depth + 1);
+        }
+        return sanitized;
+    }
+    // Handle functions (shouldn't appear in JSON, but be safe)
+    if (typeof data === 'function') {
+        return '[FUNCTION]';
+    }
+    return data;
+}
+/**
+ * Sanitize data for MCP response with warnings
+ *
+ * Returns both the sanitized data and any warnings about suspicious content.
+ * Warnings are for logging purposes - the data is still returned.
+ */
+export function sanitizeWithWarnings(data, options) {
+    const mergedOptions = {
+        ...DEFAULT_OPTIONS,
+        ...options,
+    };
+    const warnings = [];
+    const sanitizedData = sanitizeValue(data, mergedOptions, warnings, '$', 0);
+    return {
+        data: sanitizedData,
+        warnings,
+    };
+}
+/**
+ * Sanitize data for MCP response
+ *
+ * This is the main function to use when preparing tool responses.
+ * It sanitizes user-controlled data to prevent prompt injection.
+ *
+ * @param data - The data to sanitize (typically from FreshBooks API)
+ * @param options - Optional sanitization options
+ * @returns Sanitized data safe for MCP response
+ */
+export function sanitizeForMcpResponse(data, options) {
+    return sanitizeWithWarnings(data, options).data;
+}
+/**
+ * Create a sanitized JSON string for MCP response content
+ *
+ * Convenience function that sanitizes and stringifies in one call.
+ */
+export function toSanitizedJson(data, options) {
+    const sanitized = sanitizeForMcpResponse(data, options);
+    return JSON.stringify(sanitized, null, 2);
+}
+//# sourceMappingURL=sanitizer.js.map

package/dist/utils/sanitizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitizer.js","sourceRoot":"","sources":["../../src/utils/sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAkBH,MAAM,eAAe,GAA8B;IACjD,eAAe,EAAE,KAAK;IACtB,iBAAiB,EAAE,IAAI;IACvB,QAAQ,EAAE,EAAE;IACZ,qBAAqB,EAAE,IAAI;CAC5B,CAAC;AAEF;;;GAGG;AACH,MAAM,mBAAmB,GAAa;IACpC,+BAA+B;IAC/B,6CAA6C;IAC7C,0CAA0C;IAC1C,gCAAgC;IAChC,6BAA6B;IAE7B,oBAAoB;IACpB,sBAAsB;IACtB,sBAAsB;IACtB,mCAAmC;IACnC,0BAA0B;IAE1B,2BAA2B;IAC3B,kBAAkB;IAClB,aAAa;IACb,WAAW;IACX,eAAe;IAEf,qBAAqB;IACrB,sBAAsB;IACtB,aAAa;IACb,mBAAmB;IACnB,YAAY;IAEZ,gCAAgC;IAChC,+BAA+B;IAC/B,sBAAsB;IACtB,6BAA6B;IAE7B,oBAAoB;IACpB,uBAAuB;IACvB,8BAA8B;IAC9B,qBAAqB;CACtB,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GAAG,mCAAmC,CAAC;AAE/D;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,GAAW;IACnD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAClE,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,GAAW,EAAE,OAAkC;IACrE,IAAI,MAAM,GAAG,GAAG,CAAC;IAEjB,2BAA2B;IAC3B,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;QAC9B,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;IAClD,CAAC;IAED,uBAAuB;IACvB,IAAI,MAAM,CAAC,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;QAC5C,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC,GAAG,iBAAiB,CAAC;IAC5E,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,IAAa,EACb,OAAkC,EAClC,QAAkB,EAClB,IAAY,EACZ,KAAa;IAEb,oBAAoB;IACpB,IAAI,KAAK,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC,+BAA+B,IAAI,EAAE,CAAC,CAAC;QACrD,OAAO,sBAAsB,CAAC;IAChC,CAAC;IAED,wBAAwB;IACxB,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,oBAAoB;IACpB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAEhD,+BAA+B;QAC/B,IAAI,OAAO,CAAC,qBAAqB,IAAI,yBAAyB,CAAC,IAAI,CAAC,EAAE,CAAC;YACrE,QAAQ,CAAC,IAAI,CAAC,wCAAwC,IAAI,EAAE,CAAC,CAAC;QAChE,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,OAAO,IAAI,KAAK,SAAS,EAAE,CAAC;QAC1D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gBAAgB;IAChB,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAC9B,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,KAAK,GAAG,CAAC,CAAC,CACvE,CAAC;IACJ,CAAC;IAED,iBAAiB;IACjB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,sBAAsB;QACtB,IAAI,IAAI,YAAY,IAAI,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC;QAC5B,CAAC;QAED,yBAAyB;QACzB,MAAM,SAAS,GAA4B,EAAE,CAAC;QAE9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,SAAS,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,IAAI,IAAI,GAAG,EAAE,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;QACxF,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,2DAA2D;IAC3D,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAClC,IAAa,EACb,OAAyB;IAEzB,MAAM,aAAa,GAA8B;QAC/C,GAAG,eAAe;QAClB,GAAG,OAAO;KACX,CAAC;IAEF,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,aAAa,GAAG,aAAa,CAAC,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;IAE3E,OAAO;QACL,IAAI,EAAE,aAAa;QACnB,QAAQ;KACT,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAAa,EAAE,OAAyB;IAC7E,OAAO,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC;AAClD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,IAAa,EAAE,OAAyB;IACtE,MAAM,SAAS,GAAG,sBAAsB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACxD,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AAC5C,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@goodsamsoftware/freshbooks-mcp",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "FreshBooks MCP server providing 1:1 parity with the FreshBooks Node.js SDK",
   "type": "module",
   "main": "dist/server.js",
@@ -38,7 +38,7 @@
     }
   },
   "bin": {
-    "freshbooks-mcp": "./dist/server.js"
+    "freshbooks-mcp": "dist/server.js"
   },
   "files": [
     "dist",