@jgardner04/ghost-mcp-server 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Jonathan Gardner
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,118 @@
+# Ghost MCP Server
+
+This project (`ghost-mcp-server`) implements a **Model Context Protocol (MCP) Server** that allows an MCP client (like Cursor or Claude Desktop) to interact with a Ghost CMS instance via defined tools.
+
+## Requirements
+
+- Node.js 14.0.0 or higher
+- Ghost Admin API URL and Key
+
+## Ghost MCP Server Details
+
+This server exposes Ghost CMS management functions as MCP tools, allowing an AI client like Cursor or Claude Desktop to manage a Ghost blog.
+
+An MCP client can discover these resources and tools by querying the running MCP server (typically listening on port 3001 by default) at its root endpoint (e.g., `http://localhost:3001/`). The server responds with its capabilities according to the Model Context Protocol specification.
+
+### Resources Defined
+
+- **`ghost/tag`**: Represents a tag in Ghost CMS. Contains `id`, `name`, `slug`, `description`.
+- **`ghost/post`**: Represents a post in Ghost CMS. Contains `id`, `title`, `slug`, `html`, `status`, `feature_image`, `published_at`, `tags` (array of `ghost/tag`), metadata fields, etc.
+
+_(Refer to `src/mcp_server.js` for full resource schemas.)_
+
+### Tools Defined
+
+Below is a guide for using the available MCP tools:
+
+1.  **`ghost_create_tag`**
+
+    - **Purpose**: Creates a new tag.
+    - **Inputs**:
+      - `name` (string, required): The name for the new tag.
+      - `description` (string, optional): A description for the tag.
+      - `slug` (string, optional): A URL-friendly slug (auto-generated if omitted).
+    - **Output**: The created `ghost/tag` resource.
+
+2.  **`ghost_get_tags`**
+
+    - **Purpose**: Retrieves existing tags. Can be used to find a tag ID or check if a tag exists before creation.
+    - **Inputs**:
+      - `name` (string, optional): Filter tags by exact name.
+    - **Output**: An array of `ghost/tag` resources matching the filter (or all tags if no name is provided).
+
+3.  **`ghost_upload_image`**
+
+    - **Purpose**: Uploads an image to Ghost for use, typically as a post's featured image.
+    - **Inputs**:
+      - `imageUrl` (string URL, required): A publicly accessible URL of the image to upload.
+      - `alt` (string, optional): Alt text for the image (a default is generated if omitted).
+    - **Output**: An object containing the final `url` (the Ghost URL for the uploaded image) and the determined `alt` text.
+    - **Usage Note**: Call this tool first to get a Ghost image URL before creating a post that needs a featured image.
+
+4.  **`ghost_create_post`**
+    - **Purpose**: Creates a new post.
+    - **Inputs**:
+      - `title` (string, required): The title of the post.
+      - `html` (string, required): The main content of the post in HTML format.
+      - `status` (string, optional, default: 'draft'): Set status to 'draft', 'published', or 'scheduled'.
+      - `tags` (array of strings, optional): List of tag _names_ to associate. Tags will be looked up or created automatically.
+      - `published_at` (string ISO date, optional): Date/time to publish or schedule. Required if status is 'scheduled'.
+      - `custom_excerpt` (string, optional): A short summary.
+      - `feature_image` (string URL, optional): The URL of the featured image (use the `url` output from `ghost_upload_image`).
+      - `feature_image_alt` (string, optional): Alt text for the feature image.
+      - `feature_image_caption` (string, optional): Caption for the feature image.
+      - `meta_title` (string, optional): Custom SEO title.
+      - `meta_description` (string, optional): Custom SEO description.
+    - **Output**: The created `ghost/post` resource.
+
+## Installation and Running
+
+1.  **Clone the Repository**:
+
+    ```bash
+    git clone <repository_url>
+    cd ghost-mcp-server
+    ```
+
+2.  **Install Dependencies**:
+
+    ```bash
+    npm install
+    ```
+
+3.  **Configure Environment Variables**:
+    Create a `.env` file in the project root and add your Ghost Admin API credentials:
+
+    ```dotenv
+    # Required:
+    GHOST_ADMIN_API_URL=https://your-ghost-site.com
+    GHOST_ADMIN_API_KEY=your_admin_api_key
+
+    # If using 1Password CLI for secrets:
+    # You might store the API key in 1Password and use `op run --env-file=.env -- ...`
+    ```
+
+    - Find your Ghost Admin API URL and Key in your Ghost Admin settings under Integrations -> Custom Integrations.
+
+4.  **Run the Server**:
+
+    ```bash
+    npm start
+    # OR directly:
+    # node src/index.js
+    ```
+
+    This command will start the MCP server.
+
+5.  **Development Mode (using nodemon)**:
+    For development with automatic restarting:
+    ```bash
+    npm run dev
+    ```
+
+## Troubleshooting
+
+- **401 Unauthorized Error from Ghost:** Check that your `GHOST_ADMIN_API_URL` and `GHOST_ADMIN_API_KEY` in the `.env` file are correct and that the Custom Integration in Ghost is enabled.
+- **MCP Server Connection Issues:** Ensure the MCP server is running (check console logs). Verify the port (`MCP_PORT`, default 3001) is not blocked by a firewall. Check that the client is connecting to the correct address and port.
+- **Tool Execution Errors:** Check the server console logs for detailed error messages from the specific tool implementation (e.g., `ghost_create_post`, `ghost_upload_image`). Common issues include invalid input (check against tool schemas in `src/mcp_server.js` and the README guide), problems downloading from `imageUrl`, image processing failures, or upstream errors from the Ghost API.
+- **Dependency Installation Issues:** Ensure you have a compatible Node.js version installed (see Requirements section). Try removing `node_modules` and `package-lock.json` and running `npm install` again.

package/package.json

@@ -0,0 +1,89 @@
+{
+  "name": "@jgardner04/ghost-mcp-server",
+  "version": "1.0.0",
+  "description": "A Model Context Protocol (MCP) server for interacting with Ghost CMS via the Admin API",
+  "author": "Jonathan Gardner",
+  "type": "module",
+  "main": "src/index.js",
+  "exports": {
+    ".": "./src/index.js",
+    "./mcp": "./src/mcp_server_improved.js"
+  },
+  "bin": {
+    "ghost-mcp-server": "src/index.js",
+    "ghost-mcp": "src/mcp_server_improved.js"
+  },
+  "files": [
+    "src",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/jgardner04/Ghost-MCP-Server.git"
+  },
+  "homepage": "https://github.com/jgardner04/Ghost-MCP-Server#readme",
+  "bugs": {
+    "url": "https://github.com/jgardner04/Ghost-MCP-Server/issues"
+  },
+  "scripts": {
+    "dev": "node scripts/dev.js",
+    "list": "node scripts/dev.js list",
+    "generate": "node scripts/dev.js generate",
+    "parse-prd": "node scripts/dev.js parse-prd",
+    "build": "mkdir -p build && cp -r src/* build/",
+    "start": "node src/index.js",
+    "start:mcp": "node src/mcp_server_improved.js",
+    "start:mcp:stdio": "MCP_TRANSPORT=stdio node src/mcp_server_improved.js",
+    "start:mcp:http": "MCP_TRANSPORT=http node src/mcp_server_improved.js",
+    "start:mcp:websocket": "MCP_TRANSPORT=websocket node src/mcp_server_improved.js"
+  },
+  "dependencies": {
+    "@anthropic-ai/sdk": "^0.39.0",
+    "@modelcontextprotocol/sdk": "^1.24.0",
+    "@tryghost/admin-api": "^1.13.12",
+    "axios": "^1.12.1",
+    "boxen": "^7.1.1",
+    "chalk": "^5.3.0",
+    "cli-table3": "^0.6.3",
+    "commander": "^11.1.0",
+    "dotenv": "^16.5.0",
+    "express": "^5.2.1",
+    "express-rate-limit": "^8.0.1",
+    "express-validator": "^7.3.1",
+    "figlet": "^1.7.0",
+    "gradient-string": "^2.0.2",
+    "helmet": "^8.1.0",
+    "joi": "^18.0.1",
+    "multer": "^2.0.2",
+    "openai": "^4.86.1",
+    "ora": "^7.0.1",
+    "sanitize-html": "^2.17.0",
+    "sharp": "^0.34.1",
+    "winston": "^3.17.0"
+  },
+  "keywords": [
+    "ghost",
+    "cms",
+    "mcp",
+    "model-context-protocol",
+    "ai",
+    "claude",
+    "ghost-cms",
+    "admin-api",
+    "blog",
+    "publishing"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "license": "MIT",
+  "devDependencies": {
+    "@semantic-release/changelog": "^6.0.3",
+    "@semantic-release/git": "^10.0.1",
+    "semantic-release": "^25.0.2"
+  }
+}

package/src/config/mcp-config.js

@@ -0,0 +1,131 @@
+import dotenv from 'dotenv';
+
+dotenv.config();
+
+/**
+ * MCP Server Configuration
+ * 
+ * Transport Options:
+ * - 'stdio': Best for CLI tools and direct process communication
+ * - 'http'/'sse': Good for web clients, supports CORS
+ * - 'websocket': Best for real-time bidirectional communication
+ */
+export const mcpConfig = {
+  // Transport configuration
+  transport: {
+    type: process.env.MCP_TRANSPORT || 'http', // 'stdio', 'http', 'sse', 'websocket'
+    port: parseInt(process.env.MCP_PORT || '3001'),
+    
+    // HTTP/SSE specific options
+    cors: process.env.MCP_CORS || '*',
+    sseEndpoint: process.env.MCP_SSE_ENDPOINT || '/mcp/sse',
+    
+    // WebSocket specific options
+    wsPath: process.env.MCP_WS_PATH || '/',
+    wsHeartbeatInterval: parseInt(process.env.MCP_WS_HEARTBEAT || '30000'),
+  },
+  
+  // Server metadata
+  metadata: {
+    name: process.env.MCP_SERVER_NAME || 'Ghost CMS Manager',
+    description: process.env.MCP_SERVER_DESC || 'MCP Server to manage a Ghost CMS instance using the Admin API.',
+    version: process.env.MCP_SERVER_VERSION || '1.0.0',
+  },
+  
+  // Error handling
+  errorHandling: {
+    includeStackTrace: process.env.NODE_ENV === 'development',
+    maxRetries: parseInt(process.env.MCP_MAX_RETRIES || '3'),
+    retryDelay: parseInt(process.env.MCP_RETRY_DELAY || '1000'),
+  },
+  
+  // Logging
+  logging: {
+    level: process.env.MCP_LOG_LEVEL || 'info', // 'debug', 'info', 'warn', 'error'
+    format: process.env.MCP_LOG_FORMAT || 'json', // 'json', 'text'
+  },
+  
+  // Security
+  security: {
+    // Add API key authentication if needed
+    apiKey: process.env.MCP_API_KEY,
+    allowedOrigins: process.env.MCP_ALLOWED_ORIGINS?.split(',') || ['*'],
+  }
+};
+
+/**
+ * Get transport-specific configuration
+ */
+export function getTransportConfig() {
+  const { transport } = mcpConfig;
+  
+  switch (transport.type) {
+    case 'stdio':
+      return {
+        type: 'stdio',
+        // No additional config needed for stdio
+      };
+      
+    case 'http':
+    case 'sse':
+      return {
+        type: 'sse',
+        port: transport.port,
+        cors: transport.cors,
+        endpoint: transport.sseEndpoint,
+      };
+      
+    case 'websocket':
+      return {
+        type: 'websocket',
+        port: transport.port,
+        path: transport.wsPath,
+        heartbeatInterval: transport.wsHeartbeatInterval,
+      };
+      
+    default:
+      throw new Error(`Unknown transport type: ${transport.type}`);
+  }
+}
+
+/**
+ * Validate configuration
+ */
+export function validateConfig() {
+  const errors = [];
+  
+  // Check if transport configuration exists
+  if (!mcpConfig.transport) {
+    errors.push('Missing transport configuration');
+  } else {
+    // Check transport type
+    const validTransports = ['stdio', 'http', 'sse', 'websocket'];
+    if (!mcpConfig.transport.type || !validTransports.includes(mcpConfig.transport.type)) {
+      errors.push(`Invalid transport type: ${mcpConfig.transport.type}`);
+    }
+    
+    // Check port for network transports
+    if (mcpConfig.transport.type && ['http', 'sse', 'websocket'].includes(mcpConfig.transport.type)) {
+      if (!mcpConfig.transport.port || mcpConfig.transport.port < 1 || mcpConfig.transport.port > 65535) {
+        errors.push(`Invalid port: ${mcpConfig.transport.port}`);
+      }
+    }
+  }
+  
+  // Check Ghost configuration
+  if (!process.env.GHOST_ADMIN_API_URL) {
+    errors.push('Missing GHOST_ADMIN_API_URL environment variable');
+  }
+  
+  if (!process.env.GHOST_ADMIN_API_KEY) {
+    errors.push('Missing GHOST_ADMIN_API_KEY environment variable');
+  }
+  
+  if (errors.length > 0) {
+    throw new Error(`Configuration errors:\n${errors.join('\n')}`);
+  }
+  
+  return true;
+}
+
+export default mcpConfig;

package/src/controllers/imageController.js

@@ -0,0 +1,271 @@
+import multer from "multer";
+import path from "path";
+import fs from "fs";
+import os from "os"; // Import the os module
+import Joi from "joi";
+import crypto from "crypto";
+import { createContextLogger } from "../utils/logger.js";
+import { uploadImage as uploadGhostImage } from "../services/ghostService.js"; // Assuming uploadImage is in ghostService
+import { processImage } from "../services/imageProcessingService.js"; // Import the processing service
+
+// --- Use OS temporary directory for uploads ---
+const uploadDir = os.tmpdir(); // Use the OS default temp directory
+// We generally don't need to create os.tmpdir(), it should exist
+// if (!fs.existsSync(uploadDir)){
+//     fs.mkdirSync(uploadDir);
+// }
+
+// Validation schema for uploaded files (excluding size - validated by multer limits)
+const fileValidationSchema = Joi.object({
+  originalname: Joi.string().max(255).required(),
+  mimetype: Joi.string().pattern(/^image\/(jpeg|jpg|png|gif|webp|svg\+xml)$/i).required()
+});
+
+// Post-upload validation schema (when file.size is available)
+const uploadedFileValidationSchema = Joi.object({
+  originalname: Joi.string().max(255).required(),
+  mimetype: Joi.string().pattern(/^image\/(jpeg|jpg|png|gif|webp|svg\+xml)$/i).required(),
+  size: Joi.number().max(10 * 1024 * 1024).required(), // 10MB max
+  path: Joi.string().required()
+});
+
+// Safe filename generation
+const generateSafeFilename = (originalName) => {
+  const ext = path.extname(originalName);
+  // Validate extension against whitelist
+  const allowedExtensions = ['.jpg', '.jpeg', '.png', '.gif', '.webp', '.svg'];
+  const normalizedExt = ext.toLowerCase();
+  
+  if (!allowedExtensions.includes(normalizedExt)) {
+    throw new Error('Invalid file extension');
+  }
+  
+  // Generate cryptographically secure random filename
+  const randomBytes = crypto.randomBytes(16).toString('hex');
+  const timestamp = Date.now();
+  return `mcp-upload-${timestamp}-${randomBytes}${normalizedExt}`;
+};
+
+const storage = multer.diskStorage({
+  destination: function (req, file, cb) {
+    // Ensure we're using the temp directory, no user input for path
+    cb(null, uploadDir);
+  },
+  filename: function (req, file, cb) {
+    try {
+      // Generate safe filename that prevents path traversal
+      const safeFilename = generateSafeFilename(file.originalname);
+      cb(null, safeFilename);
+    } catch (error) {
+      cb(error);
+    }
+  },
+});
+
+// Enhanced filter for image files with validation
+const imageFileFilter = (req, file, cb) => {
+  // Validate file properties (excluding size - not available at this stage)
+  const validation = fileValidationSchema.validate({
+    originalname: file.originalname,
+    mimetype: file.mimetype
+  });
+  
+  if (validation.error) {
+    return cb(new Error(`File validation failed: ${validation.error.details[0].message}`), false);
+  }
+  
+  // Additional security checks
+  const filename = file.originalname;
+  
+  // Check for path traversal attempts
+  if (filename.includes('../') || filename.includes('..\\') || path.isAbsolute(filename)) {
+    return cb(new Error('Invalid filename: Path traversal detected'), false);
+  }
+  
+  // Check for null bytes
+  if (filename.includes('\0')) {
+    return cb(new Error('Invalid filename: Null byte detected'), false);
+  }
+  
+  cb(null, true);
+};
+
+const upload = multer({ 
+  storage: storage, 
+  fileFilter: imageFileFilter,
+  limits: {
+    fileSize: 10 * 1024 * 1024, // 10MB
+    files: 1 // Only allow 1 file per request
+  }
+});
+
+/**
+ * Extracts a base filename without extension or unique identifiers.
+ * Example: 'mcp-upload-1678886400000-123456789.jpg' -> 'image' (if original was image.jpg)
+ * Note: This might be simplified depending on how original filename is best accessed.
+ * Multer's `file.originalname` is the best source.
+ */
+const getDefaultAltText = (originalName) => {
+  try {
+    // Use the original filename directly instead of a file path to avoid path traversal
+    // Validate the input is a string and not a path
+    if (!originalName || typeof originalName !== 'string') {
+      return "Uploaded image";
+    }
+    
+    // Ensure no path separators are present (defense in depth)
+    const sanitizedName = originalName.replace(/[/\\:]/g, '');
+    
+    const originalFilename = sanitizedName
+      .split(".")
+      .slice(0, -1)
+      .join(".");
+    
+    // Attempt to remove common prefixes/suffixes added during upload/processing
+    const nameWithoutIds = originalFilename.replace(
+      /^(processed-|mcp-upload-)\d+-\d+-?/,
+      ""
+    );
+    return nameWithoutIds.replace(/[-_]/g, " ") || "Uploaded image";
+  } catch (e) {
+    return "Uploaded image"; // Fallback
+  }
+};
+
+/**
+ * Controller to handle image uploads.
+ * Processes the image and includes alt text in the response.
+ */
+const handleImageUpload = async (req, res, next) => {
+  const logger = createContextLogger('image-controller');
+  let originalPath = null;
+  let processedPath = null;
+
+  try {
+    if (!req.file) {
+      return res.status(400).json({ message: "No image file uploaded." });
+    }
+    
+    // Post-upload validation with complete file information
+    const fileValidation = uploadedFileValidationSchema.validate({
+      originalname: req.file.originalname,
+      mimetype: req.file.mimetype,
+      size: req.file.size,
+      path: req.file.path
+    });
+    
+    if (fileValidation.error) {
+      // Delete the uploaded file since validation failed
+      // Validate file path is within upload directory before deletion
+      const filePath = req.file.path;
+      const resolvedFilePath = path.resolve(filePath);
+      const resolvedUploadDir = path.resolve(uploadDir);
+      
+      if (resolvedFilePath.startsWith(resolvedUploadDir)) {
+        fs.unlink(filePath, () => {});
+      }
+      
+      return res.status(400).json({ 
+        message: `File validation failed: ${fileValidation.error.details[0].message}` 
+      });
+    }
+    
+    // Validate the file path is within our temp directory (defense in depth)
+    originalPath = req.file.path;
+    const resolvedPath = path.resolve(originalPath);
+    const resolvedUploadDir = path.resolve(uploadDir);
+    
+    if (!resolvedPath.startsWith(resolvedUploadDir)) {
+      logger.error('Security violation: File path outside upload directory', {
+        filePath: path.basename(originalPath),
+        uploadDir: path.basename(uploadDir)
+      });
+      throw new Error('Security violation: File path outside of upload directory');
+    }
+    
+    logger.info('Image received for processing', {
+      originalName: req.file.originalname,
+      size: req.file.size,
+      mimetype: req.file.mimetype,
+      tempFile: path.basename(originalPath)
+    });
+
+    // Process Image (output directory is still the temp dir)
+    processedPath = await processImage(originalPath, uploadDir);
+
+    // --- Handle Alt Text ---
+    // Validate and sanitize alt text from the request body
+    const altSchema = Joi.string().max(500).allow('').optional();
+    const { error, value: sanitizedAlt } = altSchema.validate(req.body.alt);
+    
+    if (error) {
+      return res.status(400).json({ message: `Invalid alt text: ${error.details[0].message}` });
+    }
+    
+    const providedAlt = sanitizedAlt;
+    // Generate a default alt text from the original filename if none provided
+    const defaultAlt = getDefaultAltText(req.file.originalname);
+    const altText = providedAlt || defaultAlt;
+    logger.debug('Alt text determined', {
+      provided: !!providedAlt,
+      generated: !providedAlt,
+      altText
+    });
+    // --- End Alt Text Handling ---
+
+    // Call ghostService to upload the processed image
+    const uploadResult = await uploadGhostImage(processedPath);
+    logger.info('Image uploaded to Ghost successfully', {
+      ghostUrl: uploadResult.url,
+      processedFile: path.basename(processedPath)
+    });
+
+    // Respond with the URL and the determined alt text
+    res.status(200).json({ url: uploadResult.url, alt: altText });
+  } catch (error) {
+    logger.error('Image upload controller error', {
+      error: error.message,
+      stack: error.stack,
+      originalFile: originalPath ? path.basename(originalPath) : null,
+      processedFile: processedPath ? path.basename(processedPath) : null
+    });
+    // If it's a multer error (e.g., file filter), it might need specific handling
+    if (error instanceof multer.MulterError) {
+      return res.status(400).json({ message: error.message });
+    }
+    // Pass other errors to the global handler
+    next(error);
+  } finally {
+    // Cleanup: Delete temporary files with path validation
+    if (originalPath) {
+      const resolvedOriginalPath = path.resolve(originalPath);
+      const resolvedUploadDir = path.resolve(uploadDir);
+      
+      if (resolvedOriginalPath.startsWith(resolvedUploadDir)) {
+        fs.unlink(originalPath, (err) => {
+          if (err)
+            logger.warn('Failed to delete original temp file', {
+              file: path.basename(originalPath),
+              error: err.message
+            });
+        });
+      }
+    }
+    if (processedPath && processedPath !== originalPath) {
+      const resolvedProcessedPath = path.resolve(processedPath);
+      const resolvedUploadDir = path.resolve(uploadDir);
+      
+      if (resolvedProcessedPath.startsWith(resolvedUploadDir)) {
+        fs.unlink(processedPath, (err) => {
+          if (err)
+            logger.warn('Failed to delete processed temp file', {
+              file: path.basename(processedPath),
+              error: err.message
+            });
+        });
+      }
+    }
+  }
+};
+
+export { upload, handleImageUpload }; // Export upload middleware and controller

package/src/controllers/postController.js

@@ -0,0 +1,46 @@
+import { createPostService } from "../services/postService.js";
+import { createContextLogger } from "../utils/logger.js";
+
+/**
+ * Controller to handle creating a new post.
+ * Assumes input has been validated by middleware.
+ * Takes request body containing post data (incl. feature image, metadata)
+ * and calls the Post service layer.
+ */
+const createPost = async (req, res, next) => {
+  const logger = createContextLogger('post-controller');
+  
+  try {
+    // Input is already validated by express-validator middleware
+    // The body now includes potential feature_image and metadata fields
+    const postInput = req.body;
+
+    logger.info('Creating post via service layer', {
+      title: postInput.title,
+      status: postInput.status,
+      hasFeatureImage: !!postInput.feature_image,
+      tagCount: postInput.tags?.length || 0
+    });
+    
+    // Call the service layer function
+    const newPost = await createPostService(postInput);
+    
+    logger.info('Post created successfully', {
+      postId: newPost.id,
+      title: newPost.title,
+      status: newPost.status
+    });
+
+    res.status(201).json(newPost);
+  } catch (error) {
+    logger.error('Post creation failed', {
+      error: error.message,
+      stack: error.stack,
+      title: req.body?.title
+    });
+    // Pass error to the Express error handler
+    next(error);
+  }
+};
+
+export { createPost };