@jgardner04/ghost-mcp-server 1.14.0 → 1.14.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jgardner04/ghost-mcp-server",
-  "version": "1.14.0",
+  "version": "1.14.2",
   "description": "A Model Context Protocol (MCP) server for interacting with Ghost CMS via the Admin API",
   "author": "Jonathan Gardner",
   "type": "module",

package/src/__tests__/mcp_server.test.js

@@ -568,7 +568,7 @@ describe('mcp_server - ghost_get_tags tool', () => {
     );
   });
 
-  it('should escape single quotes in name parameter', async () => {
+  it('should backslash-escape single quotes in name parameter', async () => {
     const mockTags = [{ id: '1', name: "O'Reilly", slug: 'oreilly' }];
     mockGetTags.mockResolvedValue(mockTags);
 
@@ -577,12 +577,12 @@ describe('mcp_server - ghost_get_tags tool', () => {
 
     expect(mockGetTags).toHaveBeenCalledWith(
       expect.objectContaining({
-        filter: "name:'O''Reilly'",
+        filter: "name:'O\\'Reilly'",
       })
     );
   });
 
-  it('should escape single quotes in slug parameter', async () => {
+  it('should backslash-escape single quotes in slug parameter', async () => {
     const mockTags = [{ id: '1', name: 'Test', slug: "test'slug" }];
     mockGetTags.mockResolvedValue(mockTags);
 
@@ -591,7 +591,28 @@ describe('mcp_server - ghost_get_tags tool', () => {
 
     expect(mockGetTags).toHaveBeenCalledWith(
       expect.objectContaining({
-        filter: "slug:'test''slug'",
+        filter: "slug:'test\\'slug'",
+      })
+    );
+  });
+
+  // `name` has a schema regex allowlist (letters/digits/space/-/_/') so `\` and `"` are
+  // rejected at validation. `slug` has no such restriction, so it's the actual surface
+  // where backslash/double-quote can flow into the NQL filter — exercise it here.
+  it('should backslash-escape single quotes, double quotes, and backslashes in slug parameter', async () => {
+    // Input bytes:    a  '  b  \  "  c   (6 chars)
+    // After sanitize: a  \' b  \\ \" c   (9 chars)
+    // Filter string:  slug:'a\'b\\\"c'
+    const slug = 'a\'b\\"c';
+    // Mock return value is irrelevant — this test only asserts what mockGetTags was called with.
+    mockGetTags.mockResolvedValue([{ id: '1', name: 'Test', slug: 'test' }]);
+
+    const tool = mockTools.get('ghost_get_tags');
+    await tool.handler({ slug });
+
+    expect(mockGetTags).toHaveBeenCalledWith(
+      expect.objectContaining({
+        filter: "slug:'a\\'b\\\\\\\"c'",
       })
     );
   });

package/src/mcp_server.js

@@ -8,10 +8,12 @@ import fs from 'fs';
 import path from 'path';
 import os from 'os';
 import crypto from 'crypto';
-import { ValidationError } from './errors/index.js';
 import { validateToolInput } from './utils/validation.js';
+import { formatErrorResponse } from './utils/formatErrorResponse.js';
+import { createContextLogger } from './utils/logger.js';
 import { trackTempFile, cleanupTempFiles } from './utils/tempFileManager.js';
 import { resolveLocalImagePath, decodeBase64ToTempFile } from './utils/imageInputResolver.js';
+import { sanitizeNqlValue } from './utils/nqlSanitizer.js';
 import {
   createTagSchema,
   updateTagSchema,
@@ -38,6 +40,24 @@ import {
 // Load environment variables
 dotenv.config({ quiet: true });
 
+const mcpLogger = createContextLogger('mcp-server');
+
+/**
+ * Emit structured log fields for a caught error. Never passes the raw error
+ * object to the logger — Ghost SDK errors carry request headers/URLs that
+ * include credentials.
+ */
+const logToolError = (toolName, error, extra = {}) => {
+  mcpLogger.error(`Tool ${toolName} failed`, {
+    tool: toolName,
+    errorName: error?.name,
+    errorMessage: error?.message,
+    errorCode: error?.code,
+    ghostStatusCode: error?.ghostStatusCode,
+    ...extra,
+  });
+};
+
 // Lazy-loaded modules (to avoid Node.js v25 Buffer compatibility issues at startup)
 let ghostService = null;
 let postService = null;
@@ -57,9 +77,6 @@ const loadServices = async () => {
   }
 };
 
-// Generate UUID without external dependency
-const generateUuid = () => crypto.randomUUID();
-
 // Helper function for default alt text
 const getDefaultAltText = (filePath) => {
   try {
@@ -73,17 +90,6 @@ const getDefaultAltText = (filePath) => {
   }
 };
 
-/**
- * Escapes single quotes in NQL filter values by doubling them.
- * This prevents filter injection attacks when building NQL query strings.
- * Example: "O'Reilly" becomes "O''Reilly" for use in name:'O''Reilly'
- * @param {string} value - The value to escape
- * @returns {string} The escaped value safe for NQL filter strings
- */
-const escapeNqlValue = (value) => {
-  return value.replace(/'/g, "''");
-};
-
 /**
  * Higher-order function that wraps a tool handler with standardized
  * input validation, service loading, and error handling.
@@ -99,9 +105,7 @@ const escapeNqlValue = (value) => {
  * @returns {Function} Wrapped async handler for server.registerTool
  */
 const withErrorHandling = (toolName, schema, handler) => {
-  const zodContext = toolName.replace('ghost_', '').replace(/_/g, ' ');
   return async (rawInput) => {
-    console.error(`Executing tool: ${toolName}`);
     const validation = validateToolInput(schema, rawInput, toolName);
     if (!validation.success) {
       return validation.errorResponse;
@@ -111,18 +115,8 @@ const withErrorHandling = (toolName, schema, handler) => {
       await loadServices();
       return await handler(validation.data);
     } catch (error) {
-      console.error(`Error in ${toolName}:`, error);
-      if (error.name === 'ZodError') {
-        const validationError = ValidationError.fromZod(error, zodContext);
-        return {
-          content: [{ type: 'text', text: JSON.stringify(validationError.toJSON(), null, 2) }],
-          isError: true,
-        };
-      }
-      return {
-        content: [{ type: 'text', text: `Error in ${toolName}: ${error.message}` }],
-        isError: true,
-      };
+      logToolError(toolName, error);
+      return formatErrorResponse(error, toolName);
     }
   };
 };
@@ -169,10 +163,13 @@ server.registerTool(
     if (input.include !== undefined) options.include = input.include;
 
     // Build filter string from individual filter parameters
+    // Note: `slug` has no schema regex (see src/schemas/tagSchemas.js), so it is the
+    // primary NQL injection surface here. `name` has an allowlist that pre-rejects
+    // `\` and `"`. `visibility` is an enum, no escaping needed.
     const filters = [];
-    if (input.name) filters.push(`name:'${escapeNqlValue(input.name)}'`);
-    if (input.slug) filters.push(`slug:'${escapeNqlValue(input.slug)}'`);
-    if (input.visibility) filters.push(`visibility:'${input.visibility}'`); // visibility is enum-validated, no escaping needed
+    if (input.name) filters.push(`name:'${sanitizeNqlValue(input.name)}'`);
+    if (input.slug) filters.push(`slug:'${sanitizeNqlValue(input.slug)}'`);
+    if (input.visibility) filters.push(`visibility:'${input.visibility}'`);
     if (input.filter) filters.push(input.filter);
 
     if (filters.length > 0) {
@@ -180,7 +177,7 @@ server.registerTool(
     }
 
     const tags = await ghostService.getTags(options);
-    console.error(`Retrieved ${tags.length} tags from Ghost.`);
+    mcpLogger.info(`Retrieved ${tags.length} tags from Ghost.`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(tags, null, 2) }],
@@ -197,7 +194,7 @@ server.registerTool(
   },
   withErrorHandling('ghost_create_tag', createTagSchema, async (input) => {
     const createdTag = await ghostService.createTag(input);
-    console.error(`Tag created successfully. Tag ID: ${createdTag.id}`);
+    mcpLogger.info(`Tag created successfully. Tag ID: ${createdTag.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(createdTag, null, 2) }],
@@ -216,13 +213,10 @@ server.registerTool(
     const options = {};
     if (input.include !== undefined) options.include = input.include;
 
-    if (!input.id && !input.slug) {
-      throw new Error('Either id or slug is required');
-    }
     const identifier = input.id || `slug/${input.slug}`;
 
     const tag = await ghostService.getTag(identifier, options);
-    console.error(`Retrieved tag: ${tag.name} (ID: ${tag.id})`);
+    mcpLogger.info(`Retrieved tag: ${tag.name} (ID: ${tag.id})`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(tag, null, 2) }],
@@ -240,7 +234,7 @@ server.registerTool(
   withErrorHandling('ghost_update_tag', updateTagInputSchema, async (input) => {
     const { id, ...updateData } = input;
     const updatedTag = await ghostService.updateTag(id, updateData);
-    console.error(`Tag updated successfully. Tag ID: ${updatedTag.id}`);
+    mcpLogger.info(`Tag updated successfully. Tag ID: ${updatedTag.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(updatedTag, null, 2) }],
@@ -259,7 +253,7 @@ server.registerTool(
   withErrorHandling('ghost_delete_tag', deleteTagSchema, async (input) => {
     const { id } = input;
     await ghostService.deleteTag(id);
-    console.error(`Tag deleted successfully. Tag ID: ${id}`);
+    mcpLogger.info(`Tag deleted successfully. Tag ID: ${id}`);
 
     return {
       content: [{ type: 'text', text: `Tag ${id} has been successfully deleted.` }],
@@ -338,8 +332,8 @@ async function acquireImageForUpload({ imageUrl, imagePath: localPath, imageBase
 
     const extension = path.extname(imageUrl.split('?')[0]) || '.tmp';
     const filenameHint =
-      path.basename(imageUrl.split('?')[0]) || `image-${generateUuid()}${extension}`;
-    const downloadedPath = path.join(tempDir, `mcp-download-${generateUuid()}${extension}`);
+      path.basename(imageUrl.split('?')[0]) || `image-${crypto.randomUUID()}${extension}`;
+    const downloadedPath = path.join(tempDir, `mcp-download-${crypto.randomUUID()}${extension}`);
 
     let bytes = 0;
     response.data.on('data', (chunk) => {
@@ -428,7 +422,7 @@ function validateAndXorImageInput(schema, rawInput, toolName) {
   if (xorError) {
     return {
       success: false,
-      errorResponse: { content: [{ type: 'text', text: xorError }], isError: true },
+      errorResponse: formatErrorResponse(new Error(xorError), toolName),
     };
   }
   return validation;
@@ -452,11 +446,8 @@ server.registerTool(
       if (uploadResult.ref) result.ref = uploadResult.ref;
       return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
     } catch (error) {
-      console.error(`Error in ghost_upload_image:`, error);
-      return {
-        content: [{ type: 'text', text: `Error uploading image: ${error.message}` }],
-        isError: true,
-      };
+      logToolError('ghost_upload_image', error);
+      return formatErrorResponse(error, 'ghost_upload_image');
     }
   }
 );
@@ -502,11 +493,8 @@ server.registerTool(
       uploadedRef = uploadResult.ref;
       altText = finalAltText;
     } catch (error) {
-      console.error(`ghost_set_feature_image: upload failed`, error);
-      return {
-        content: [{ type: 'text', text: `Upload failed: ${error.message}` }],
-        isError: true,
-      };
+      logToolError('ghost_set_feature_image', error, { phase: 'upload' });
+      return formatErrorResponse(error, 'ghost_set_feature_image');
     }
 
     const updatePayload = {
@@ -520,7 +508,7 @@ server.registerTool(
         type === 'post'
           ? await ghostService.updatePost(id, updatePayload)
           : await ghostService.updatePage(id, updatePayload);
-      console.error(`ghost_set_feature_image: ${type} ${id} updated with ${uploadedUrl}`);
+      mcpLogger.info(`ghost_set_feature_image: ${type} ${id} updated with ${uploadedUrl}`);
       return {
         content: [
           {
@@ -534,24 +522,14 @@ server.registerTool(
         ],
       };
     } catch (error) {
-      console.error(`ghost_set_feature_image: update failed (orphaned ${uploadedUrl})`, error);
-      return {
-        content: [
-          {
-            type: 'text',
-            text: JSON.stringify(
-              {
-                error: `Upload succeeded but ${type} update failed: ${error.message}`,
-                orphanedImage: { url: uploadedUrl, ref: uploadedRef, alt: altText },
-                hint: 'Ghost does not expose a delete-image endpoint; reuse this URL or leave it orphaned.',
-              },
-              null,
-              2
-            ),
-          },
-        ],
-        isError: true,
-      };
+      logToolError('ghost_set_feature_image', error, {
+        phase: 'update',
+        orphanedUrl: uploadedUrl,
+      });
+      return formatErrorResponse(error, 'ghost_set_feature_image', {
+        orphanedImage: { url: uploadedUrl, ref: uploadedRef, alt: altText },
+        hint: 'Ghost does not expose a delete-image endpoint; reuse this URL or leave it orphaned.',
+      });
     }
   }
 );
@@ -600,7 +578,7 @@ server.registerTool(
   },
   withErrorHandling('ghost_create_post', createPostSchema, async (input) => {
     const createdPost = await postService.createPostService(input);
-    console.error(`Post created successfully. Post ID: ${createdPost.id}`);
+    mcpLogger.info(`Post created successfully. Post ID: ${createdPost.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(createdPost, null, 2) }],
@@ -629,7 +607,7 @@ server.registerTool(
     if (input.formats !== undefined) options.formats = input.formats;
 
     const posts = await ghostService.getPosts(options);
-    console.error(`Retrieved ${posts.length} posts from Ghost.`);
+    mcpLogger.info(`Retrieved ${posts.length} posts from Ghost.`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(posts, null, 2) }],
@@ -649,14 +627,11 @@ server.registerTool(
     const options = {};
     if (input.include !== undefined) options.include = input.include;
 
-    // Determine identifier (prefer ID over slug)
-    if (!input.id && !input.slug) {
-      throw new Error('Either id or slug is required');
-    }
+    // Prefer ID over slug. The schema's .refine() guarantees one is present.
     const identifier = input.id || `slug/${input.slug}`;
 
     const post = await ghostService.getPost(identifier, options);
-    console.error(`Retrieved post: ${post.title} (ID: ${post.id})`);
+    mcpLogger.info(`Retrieved post: ${post.title} (ID: ${post.id})`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(post, null, 2) }],
@@ -678,7 +653,7 @@ server.registerTool(
     if (input.limit !== undefined) options.limit = input.limit;
 
     const posts = await ghostService.searchPosts(input.query, options);
-    console.error(`Found ${posts.length} posts matching "${input.query}".`);
+    mcpLogger.info(`Found ${posts.length} posts matching "${input.query}".`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(posts, null, 2) }],
@@ -699,7 +674,7 @@ server.registerTool(
     const { id, ...updateData } = input;
 
     const updatedPost = await ghostService.updatePost(id, updateData);
-    console.error(`Post updated successfully. Post ID: ${updatedPost.id}`);
+    mcpLogger.info(`Post updated successfully. Post ID: ${updatedPost.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(updatedPost, null, 2) }],
@@ -718,7 +693,7 @@ server.registerTool(
   withErrorHandling('ghost_delete_post', deletePostSchema, async (input) => {
     const { id } = input;
     await ghostService.deletePost(id);
-    console.error(`Post deleted successfully. Post ID: ${id}`);
+    mcpLogger.info(`Post deleted successfully. Post ID: ${id}`);
 
     return {
       content: [{ type: 'text', text: `Post ${id} has been successfully deleted.` }],
@@ -788,7 +763,7 @@ server.registerTool(
     if (input.order !== undefined) options.order = input.order;
 
     const pages = await ghostService.getPages(options);
-    console.error(`Retrieved ${pages.length} pages from Ghost.`);
+    mcpLogger.info(`Retrieved ${pages.length} pages from Ghost.`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(pages, null, 2) }],
@@ -807,13 +782,10 @@ server.registerTool(
     const options = {};
     if (input.include !== undefined) options.include = input.include;
 
-    if (!input.id && !input.slug) {
-      throw new Error('Either id or slug is required');
-    }
     const identifier = input.id || `slug/${input.slug}`;
 
     const page = await ghostService.getPage(identifier, options);
-    console.error(`Retrieved page: ${page.title} (ID: ${page.id})`);
+    mcpLogger.info(`Retrieved page: ${page.title} (ID: ${page.id})`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(page, null, 2) }],
@@ -831,7 +803,7 @@ server.registerTool(
   },
   withErrorHandling('ghost_create_page', createPageSchema, async (input) => {
     const createdPage = await pageService.createPageService(input);
-    console.error(`Page created successfully. Page ID: ${createdPage.id}`);
+    mcpLogger.info(`Page created successfully. Page ID: ${createdPage.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(createdPage, null, 2) }],
@@ -851,7 +823,7 @@ server.registerTool(
     const { id, ...updateData } = input;
 
     const updatedPage = await ghostService.updatePage(id, updateData);
-    console.error(`Page updated successfully. Page ID: ${updatedPage.id}`);
+    mcpLogger.info(`Page updated successfully. Page ID: ${updatedPage.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(updatedPage, null, 2) }],
@@ -870,7 +842,7 @@ server.registerTool(
   withErrorHandling('ghost_delete_page', deletePageSchema, async (input) => {
     const { id } = input;
     await ghostService.deletePage(id);
-    console.error(`Page deleted successfully. Page ID: ${id}`);
+    mcpLogger.info(`Page deleted successfully. Page ID: ${id}`);
 
     return {
       content: [{ type: 'text', text: `Page ${id} has been successfully deleted.` }],
@@ -891,7 +863,7 @@ server.registerTool(
     if (input.limit !== undefined) options.limit = input.limit;
 
     const pages = await ghostService.searchPages(input.query, options);
-    console.error(`Found ${pages.length} pages matching "${input.query}".`);
+    mcpLogger.info(`Found ${pages.length} pages matching "${input.query}".`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(pages, null, 2) }],
@@ -939,7 +911,7 @@ server.registerTool(
   },
   withErrorHandling('ghost_create_member', createMemberSchema, async (input) => {
     const createdMember = await ghostService.createMember(input);
-    console.error(`Member created successfully. Member ID: ${createdMember.id}`);
+    mcpLogger.info(`Member created successfully. Member ID: ${createdMember.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(createdMember, null, 2) }],
@@ -958,7 +930,7 @@ server.registerTool(
     const { id, ...updateData } = input;
 
     const updatedMember = await ghostService.updateMember(id, updateData);
-    console.error(`Member updated successfully. Member ID: ${updatedMember.id}`);
+    mcpLogger.info(`Member updated successfully. Member ID: ${updatedMember.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(updatedMember, null, 2) }],
@@ -977,7 +949,7 @@ server.registerTool(
   withErrorHandling('ghost_delete_member', deleteMemberSchema, async (input) => {
     const { id } = input;
     await ghostService.deleteMember(id);
-    console.error(`Member deleted successfully. Member ID: ${id}`);
+    mcpLogger.info(`Member deleted successfully. Member ID: ${id}`);
 
     return {
       content: [{ type: 'text', text: `Member ${id} has been successfully deleted.` }],
@@ -1002,7 +974,7 @@ server.registerTool(
     if (input.include !== undefined) options.include = input.include;
 
     const members = await ghostService.getMembers(options);
-    console.error(`Retrieved ${members.length} members from Ghost.`);
+    mcpLogger.info(`Retrieved ${members.length} members from Ghost.`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(members, null, 2) }],
@@ -1021,7 +993,7 @@ server.registerTool(
   withErrorHandling('ghost_get_member', getMemberSchema, async (input) => {
     const { id, email } = input;
     const member = await ghostService.getMember({ id, email });
-    console.error(`Retrieved member: ${member.email} (ID: ${member.id})`);
+    mcpLogger.info(`Retrieved member: ${member.email} (ID: ${member.id})`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(member, null, 2) }],
@@ -1042,7 +1014,7 @@ server.registerTool(
     if (limit !== undefined) options.limit = limit;
 
     const members = await ghostService.searchMembers(query, options);
-    console.error(`Found ${members.length} members matching "${query}".`);
+    mcpLogger.info(`Found ${members.length} members matching "${query}".`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(members, null, 2) }],
@@ -1074,7 +1046,7 @@ server.registerTool(
     if (input.order !== undefined) options.order = input.order;
 
     const newsletters = await ghostService.getNewsletters(options);
-    console.error(`Retrieved ${newsletters.length} newsletters from Ghost.`);
+    mcpLogger.info(`Retrieved ${newsletters.length} newsletters from Ghost.`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(newsletters, null, 2) }],
@@ -1092,7 +1064,7 @@ server.registerTool(
   withErrorHandling('ghost_get_newsletter', getNewsletterSchema, async (input) => {
     const { id } = input;
     const newsletter = await ghostService.getNewsletter(id);
-    console.error(`Retrieved newsletter: ${newsletter.name} (ID: ${newsletter.id})`);
+    mcpLogger.info(`Retrieved newsletter: ${newsletter.name} (ID: ${newsletter.id})`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(newsletter, null, 2) }],
@@ -1110,7 +1082,7 @@ server.registerTool(
   },
   withErrorHandling('ghost_create_newsletter', createNewsletterSchema, async (input) => {
     const createdNewsletter = await newsletterService.createNewsletterService(input);
-    console.error(`Newsletter created successfully. Newsletter ID: ${createdNewsletter.id}`);
+    mcpLogger.info(`Newsletter created successfully. Newsletter ID: ${createdNewsletter.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(createdNewsletter, null, 2) }],
@@ -1130,7 +1102,7 @@ server.registerTool(
     const { id, ...updateData } = input;
 
     const updatedNewsletter = await ghostService.updateNewsletter(id, updateData);
-    console.error(`Newsletter updated successfully. Newsletter ID: ${updatedNewsletter.id}`);
+    mcpLogger.info(`Newsletter updated successfully. Newsletter ID: ${updatedNewsletter.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(updatedNewsletter, null, 2) }],
@@ -1149,7 +1121,7 @@ server.registerTool(
   withErrorHandling('ghost_delete_newsletter', deleteNewsletterSchema, async (input) => {
     const { id } = input;
     await ghostService.deleteNewsletter(id);
-    console.error(`Newsletter deleted successfully. Newsletter ID: ${id}`);
+    mcpLogger.info(`Newsletter deleted successfully. Newsletter ID: ${id}`);
 
     return {
       content: [{ type: 'text', text: `Newsletter ${id} has been successfully deleted.` }],
@@ -1174,7 +1146,7 @@ server.registerTool(
   },
   withErrorHandling('ghost_get_tiers', tierQuerySchema, async (input) => {
     const tiers = await ghostService.getTiers(input);
-    console.error(`Retrieved ${tiers.length} tiers`);
+    mcpLogger.info(`Retrieved ${tiers.length} tiers`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(tiers, null, 2) }],
@@ -1192,7 +1164,7 @@ server.registerTool(
   withErrorHandling('ghost_get_tier', getTierSchema, async (input) => {
     const { id } = input;
     const tier = await ghostService.getTier(id);
-    console.error(`Tier retrieved successfully. Tier ID: ${tier.id}`);
+    mcpLogger.info(`Tier retrieved successfully. Tier ID: ${tier.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(tier, null, 2) }],
@@ -1209,7 +1181,7 @@ server.registerTool(
   },
   withErrorHandling('ghost_create_tier', createTierSchema, async (input) => {
     const tier = await ghostService.createTier(input);
-    console.error(`Tier created successfully. Tier ID: ${tier.id}`);
+    mcpLogger.info(`Tier created successfully. Tier ID: ${tier.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(tier, null, 2) }],
@@ -1229,7 +1201,7 @@ server.registerTool(
     const { id, ...updateData } = input;
 
     const updatedTier = await ghostService.updateTier(id, updateData);
-    console.error(`Tier updated successfully. Tier ID: ${updatedTier.id}`);
+    mcpLogger.info(`Tier updated successfully. Tier ID: ${updatedTier.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(updatedTier, null, 2) }],
@@ -1248,7 +1220,7 @@ server.registerTool(
   withErrorHandling('ghost_delete_tier', deleteTierSchema, async (input) => {
     const { id } = input;
     await ghostService.deleteTier(id);
-    console.error(`Tier deleted successfully. Tier ID: ${id}`);
+    mcpLogger.info(`Tier deleted successfully. Tier ID: ${id}`);
 
     return {
       content: [{ type: 'text', text: `Tier ${id} has been successfully deleted.` }],
@@ -1266,7 +1238,7 @@ async function main() {
 
   console.error('Ghost MCP Server running on stdio transport');
   console.error(
-    'Available tools: ghost_get_tags, ghost_create_tag, ghost_get_tag, ghost_update_tag, ghost_delete_tag, ghost_upload_image, ' +
+    'Available tools: ghost_get_tags, ghost_create_tag, ghost_get_tag, ghost_update_tag, ghost_delete_tag, ghost_upload_image, ghost_set_feature_image, ' +
       'ghost_create_post, ghost_get_posts, ghost_get_post, ghost_search_posts, ghost_update_post, ghost_delete_post, ' +
       'ghost_get_pages, ghost_get_page, ghost_create_page, ghost_update_page, ghost_delete_page, ghost_search_pages, ' +
       'ghost_create_member, ghost_update_member, ghost_delete_member, ghost_get_members, ghost_get_member, ghost_search_members, ' +

package/src/services/ghostService.js

@@ -33,7 +33,7 @@ const api = new GhostAdminAPI({
 const handleApiRequest = async (resource, action, data = {}, options = {}, retries = 3) => {
   if (!api[resource] || typeof api[resource][action] !== 'function') {
     const errorMsg = `Invalid Ghost API resource or action: ${resource}.${action}`;
-    console.error(errorMsg);
+    logger.error(errorMsg);
     throw new Error(errorMsg);
   }
 
@@ -116,14 +116,6 @@ const handleApiRequest = async (resource, action, data = {}, options = {}, retri
 // Example function (will be expanded later)
 const getSiteInfo = async () => {
   return handleApiRequest('site', 'read');
-  // try {
-  //   const site = await api.site.read();
-  //   console.log("Connected to Ghost site:", site.title);
-  //   return site;
-  // } catch (error) {
-  //   console.error("Error connecting to Ghost Admin API:", error);
-  //   throw error; // Re-throw the error for handling upstream
-  // }
 };
 
 /**

package/src/utils/__tests__/formatErrorResponse.test.js

@@ -0,0 +1,178 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { formatErrorResponse } from '../formatErrorResponse.js';
+import { GhostAPIError, ValidationError, NotFoundError } from '../../errors/index.js';
+
+function parseJsonBlock(text) {
+  const match = text.match(/```json\n([\s\S]+?)\n```/);
+  expect(match, `no JSON block in: ${text}`).toBeTruthy();
+  return JSON.parse(match[1]);
+}
+
+describe('formatErrorResponse', () => {
+  const originalEnv = process.env.GHOST_ADMIN_API_KEY;
+
+  beforeEach(() => {
+    process.env.GHOST_ADMIN_API_KEY = '';
+  });
+
+  afterEach(() => {
+    if (originalEnv === undefined) delete process.env.GHOST_ADMIN_API_KEY;
+    else process.env.GHOST_ADMIN_API_KEY = originalEnv;
+  });
+
+  it('returns consistent envelope with error key for generic Error (no ghost key)', () => {
+    const response = formatErrorResponse(new Error('boom'), 'ghost_get_posts');
+    expect(response.isError).toBe(true);
+    expect(response.content[0].type).toBe('text');
+    const envelope = parseJsonBlock(response.content[0].text);
+    expect(envelope.error).toBeDefined();
+    expect(envelope.error.message).toBe('boom');
+    expect(envelope).not.toHaveProperty('ghost');
+    expect(response.content[0].text).toContain('Error in ghost_get_posts: boom');
+  });
+
+  it('includes gated ghost sub-object for GhostAPIError', () => {
+    const err = new GhostAPIError('posts.edit', 'Title is required', 422);
+    const response = formatErrorResponse(err, 'ghost_update_post');
+    const envelope = parseJsonBlock(response.content[0].text);
+    expect(envelope.error.name).toBe('GhostAPIError');
+    expect(envelope.error.code).toBe('GHOST_VALIDATION_ERROR');
+    expect(envelope.ghost).toBeDefined();
+    expect(envelope.ghost.operation).toBe('posts.edit');
+    expect(envelope.ghost.statusCode).toBe(422);
+    expect(envelope.ghost.originalMessage).toBe('Title is required');
+    expect(response.content[0].text).toContain('422');
+    expect(response.content[0].text).toContain('posts.edit');
+    expect(response.content[0].text).toContain('Title is required');
+  });
+
+  it('uses raw ghostStatusCode (not remapped statusCode) in ghost envelope', () => {
+    const err = new GhostAPIError('posts.edit', 'bad', 422);
+    // GhostAPIError remaps 422 -> 400 for .statusCode; ghost.statusCode must be 422
+    expect(err.statusCode).toBe(400);
+    expect(err.ghostStatusCode).toBe(422);
+    const envelope = parseJsonBlock(formatErrorResponse(err, 'ghost_update_post').content[0].text);
+    expect(envelope.ghost.statusCode).toBe(422);
+    expect(envelope.error.statusCode).toBe(400);
+  });
+
+  it('does not leak GHOST_ADMIN_API_KEY in surfaced response', () => {
+    process.env.GHOST_ADMIN_API_KEY = 'plaintext-admin-key-xyz';
+    const err = new GhostAPIError(
+      'posts.edit',
+      'Ghost complained: token plaintext-admin-key-xyz invalid',
+      401
+    );
+    const response = formatErrorResponse(err, 'ghost_update_post');
+    expect(response.content[0].text).not.toContain('plaintext-admin-key-xyz');
+    expect(response.content[0].text).toContain('[REDACTED]');
+  });
+
+  it('does not leak Ghost-shaped admin key pattern in originalMessage', () => {
+    const fakeKey = `${'1'.repeat(24)}:${'2'.repeat(64)}`;
+    const err = new GhostAPIError('posts.edit', `failed with ${fakeKey}`, 401);
+    const response = formatErrorResponse(err, 'ghost_update_post');
+    expect(response.content[0].text).not.toContain(fakeKey);
+  });
+
+  it('produces envelope for ValidationError (no ghost key)', () => {
+    const err = new ValidationError('Validation failed', [
+      { field: 'title', message: 'required', type: 'invalid_type' },
+    ]);
+    const response = formatErrorResponse(err, 'ghost_update_post');
+    const envelope = parseJsonBlock(response.content[0].text);
+    expect(envelope.error.code).toBe('VALIDATION_ERROR');
+    expect(envelope).not.toHaveProperty('ghost');
+  });
+
+  it('produces envelope for NotFoundError (no ghost key)', () => {
+    const err = new NotFoundError('Post', 'abc');
+    const response = formatErrorResponse(err, 'ghost_get_post');
+    const envelope = parseJsonBlock(response.content[0].text);
+    expect(envelope.error.code).toBe('NOT_FOUND');
+    expect(envelope).not.toHaveProperty('ghost');
+  });
+
+  describe('extra context', () => {
+    it('includes and sanitizes extra context when provided', () => {
+      const extra = {
+        orphanedImage: { url: 'https://cdn.example/img.jpg?key=LEAK_ME_XYZ', ref: 'r1' },
+      };
+      const response = formatErrorResponse(new Error('boom'), 'ghost_set_feature_image', extra);
+      const envelope = parseJsonBlock(response.content[0].text);
+      expect(envelope.extra).toBeDefined();
+      expect(envelope.extra.orphanedImage.url).toContain('key=[REDACTED]');
+      expect(response.content[0].text).not.toContain('LEAK_ME_XYZ');
+    });
+
+    it('omits extra key entirely when arg is not provided', () => {
+      const envelope = parseJsonBlock(
+        formatErrorResponse(new Error('boom'), 'ghost_update_post').content[0].text
+      );
+      expect(envelope).not.toHaveProperty('extra');
+    });
+
+    it('omits extra key when arg is empty object (no empty-object leak)', () => {
+      const envelope = parseJsonBlock(
+        formatErrorResponse(new Error('boom'), 'ghost_update_post', {}).content[0].text
+      );
+      expect(envelope).not.toHaveProperty('extra');
+    });
+
+    it('combines error, ghost, and extra when all apply', () => {
+      const err = new GhostAPIError('posts.edit', 'bad', 422);
+      const envelope = parseJsonBlock(
+        formatErrorResponse(err, 'ghost_set_feature_image', { orphanedImage: { url: 'x' } })
+          .content[0].text
+      );
+      expect(envelope.error).toBeDefined();
+      expect(envelope.ghost).toBeDefined();
+      expect(envelope.extra).toBeDefined();
+    });
+  });
+
+  describe('XOR image-input error pass-through', () => {
+    it('renders the XOR error through the sanitized envelope shape', () => {
+      // Mirror the call shape `validateAndXorImageInput` uses when the caller
+      // supplied more than one of imageUrl/imagePath/imageBase64.
+      const xorError = new Error('Provide exactly one of imageUrl, imagePath, or imageBase64.');
+      const response = formatErrorResponse(xorError, 'ghost_upload_image');
+
+      expect(response.isError).toBe(true);
+      expect(response.content[0].type).toBe('text');
+      expect(response.content[0].text).toContain('Error in ghost_upload_image:');
+
+      const envelope = parseJsonBlock(response.content[0].text);
+      expect(envelope.error).toBeDefined();
+      expect(envelope.error.message).toBe(
+        'Provide exactly one of imageUrl, imagePath, or imageBase64.'
+      );
+      expect(envelope).not.toHaveProperty('ghost');
+    });
+  });
+
+  describe('ZodError coercion', () => {
+    it('coerces ZodError-shaped input to VALIDATION_ERROR / 400 envelope', () => {
+      const zodLike = Object.assign(new Error('zod'), {
+        name: 'ZodError',
+        issues: [{ path: ['purpose'], message: 'Invalid enum value', code: 'invalid_enum_value' }],
+      });
+      const envelope = parseJsonBlock(
+        formatErrorResponse(zodLike, 'ghost_upload_image').content[0].text
+      );
+      expect(envelope.error.code).toBe('VALIDATION_ERROR');
+      expect(envelope.error.statusCode).toBe(400);
+      expect(envelope.error.errors).toEqual([
+        { field: 'purpose', message: 'Invalid enum value', type: 'invalid_enum_value' },
+      ]);
+    });
+
+    it('does not coerce a non-ZodError error that happens to have an issues field', () => {
+      const notZod = Object.assign(new Error('unrelated'), { issues: [] });
+      const envelope = parseJsonBlock(
+        formatErrorResponse(notZod, 'ghost_update_post').content[0].text
+      );
+      expect(envelope.error.code).toBe('UNKNOWN');
+    });
+  });
+});

package/src/utils/__tests__/logger.test.js

@@ -1,5 +1,6 @@
 import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
-import { createContextLogger } from '../logger.js';
+import { LEVEL, MESSAGE } from 'triple-beam';
+import { createContextLogger, createSafeConsoleTransport } from '../logger.js';
 import logger from '../logger.js';
 
 describe('logger', () => {
@@ -21,6 +22,94 @@ describe('logger', () => {
     });
   });
 
+  describe('transport routing', () => {
+    // stdio MCP transport uses stdout for JSON-RPC frames; all log output must
+    // land on stderr so a log line cannot corrupt the protocol channel.
+    let stdoutSpy;
+    let stderrSpy;
+
+    beforeEach(() => {
+      // Winston writes to console._stdout/_stderr (Node aliases for
+      // process.stdout/stderr, captured at logger construction). Spy on the
+      // same references winston uses so the hook lines up with the write.
+      // These are Node internals — fail loudly if they ever disappear so the
+      // test cannot silently turn into a no-op when the assumption breaks.
+      if (!console._stdout || !console._stderr) {
+        throw new Error(
+          'console._stdout/_stderr unavailable; logger transport-routing test ' +
+            'assumptions broken — winston uses these refs for its Console transport.'
+        );
+      }
+      stdoutSpy = vi.spyOn(console._stdout, 'write').mockImplementation(() => true);
+      stderrSpy = vi.spyOn(console._stderr, 'write').mockImplementation(() => true);
+    });
+
+    afterEach(() => {
+      vi.restoreAllMocks();
+    });
+
+    // The stderrLevels contract is pinned by the createSafeConsoleTransport
+    // suite below. Routing tests below verify the runtime side: every level's
+    // bytes actually land on stderr, not stdout.
+
+    // Drive the Console transport's log() directly. Winston's writable-stream
+    // pipeline can defer writes across ticks, so routing the message through
+    // logger.info() makes the test flaky. The transport's routing logic is
+    // synchronous, so calling log() with a winston-shaped info object covers it.
+    const makeInfo = (level, message) => ({
+      level,
+      message,
+      [LEVEL]: level,
+      [MESSAGE]: `formatted: ${message}`,
+    });
+
+    it.each([['error'], ['warn'], ['info'], ['debug']])('routes %s level to stderr', (level) => {
+      const transport = logger.transports.find((t) => t.name === 'console');
+      transport.log(makeInfo(level, `${level}-test`), () => {});
+      expect(stderrSpy).toHaveBeenCalledWith(expect.stringContaining(`${level}-test`));
+      expect(stdoutSpy).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('createSafeConsoleTransport', () => {
+    // Factory exists so the stderrLevels invariant cannot drift away from any
+    // future Console transport. Bare `new winston.transports.Console(...)` is
+    // forbidden by ESLint outside this module; this test pins the contract.
+
+    it('returns a winston Console transport', () => {
+      const t = createSafeConsoleTransport();
+      expect(t).toBeDefined();
+      expect(t.name).toBe('console');
+    });
+
+    it('always sets stderrLevels for every level', () => {
+      const t = createSafeConsoleTransport();
+      expect(t.stderrLevels).toMatchObject({
+        error: true,
+        warn: true,
+        info: true,
+        debug: true,
+      });
+    });
+
+    it('preserves caller-supplied options like level', () => {
+      const t = createSafeConsoleTransport({ level: 'warn' });
+      expect(t.level).toBe('warn');
+    });
+
+    it('forces stderrLevels even if caller tries to override it', () => {
+      // Defense in depth: a caller cannot accidentally narrow stderrLevels
+      // by passing their own array. This is the whole point of the factory.
+      const t = createSafeConsoleTransport({ stderrLevels: ['error'] });
+      expect(t.stderrLevels).toMatchObject({
+        error: true,
+        warn: true,
+        info: true,
+        debug: true,
+      });
+    });
+  });
+
   describe('createContextLogger', () => {
     let contextLogger;
     let logSpy;

package/src/utils/__tests__/sanitizeErrorPayload.test.js

@@ -0,0 +1,161 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { sanitizeErrorPayload } from '../sanitizeErrorPayload.js';
+
+describe('sanitizeErrorPayload', () => {
+  const originalEnv = process.env.GHOST_ADMIN_API_KEY;
+
+  beforeEach(() => {
+    process.env.GHOST_ADMIN_API_KEY = '';
+  });
+
+  afterEach(() => {
+    if (originalEnv === undefined) {
+      delete process.env.GHOST_ADMIN_API_KEY;
+    } else {
+      process.env.GHOST_ADMIN_API_KEY = originalEnv;
+    }
+  });
+
+  it('redacts GHOST_ADMIN_API_KEY when it appears verbatim in a nested string', () => {
+    process.env.GHOST_ADMIN_API_KEY = 'super-secret-env-key-value';
+    const input = {
+      error: { message: 'Leaked super-secret-env-key-value in text' },
+      ghost: { originalMessage: 'also super-secret-env-key-value here' },
+    };
+    const out = sanitizeErrorPayload(input);
+    expect(out.error.message).not.toContain('super-secret-env-key-value');
+    expect(out.error.message).toContain('[REDACTED]');
+    expect(out.ghost.originalMessage).not.toContain('super-secret-env-key-value');
+  });
+
+  it('redacts Ghost-shaped admin key literal embedded in text', () => {
+    const key = `${'a'.repeat(24)}:${'b'.repeat(64)}`;
+    const out = sanitizeErrorPayload({
+      error: { message: `Bad auth with ${key} failed` },
+    });
+    expect(out.error.message).not.toContain(key);
+    expect(out.error.message).toContain('[REDACTED]');
+  });
+
+  it('redacts key= token= and access_token= query params on URLs', () => {
+    const out = sanitizeErrorPayload({
+      error: { message: 'GET https://ghost.example/admin?key=abc123&other=fine' },
+      ghost: {
+        originalMessage: 'https://x/y?token=xyz and https://x/y?access_token=qqq',
+      },
+    });
+    expect(out.error.message).toContain('key=[REDACTED]');
+    expect(out.error.message).toContain('other=fine');
+    expect(out.ghost.originalMessage).toContain('token=[REDACTED]');
+    expect(out.ghost.originalMessage).toContain('access_token=[REDACTED]');
+  });
+
+  it('redacts Authorization / Cookie header-style substrings', () => {
+    const out = sanitizeErrorPayload({
+      error: { message: 'Authorization: Bearer abc.def.ghi and Cookie: sess=xyz' },
+    });
+    expect(out.error.message).not.toContain('abc.def.ghi');
+    expect(out.error.message).not.toContain('sess=xyz');
+    expect(out.error.message).toContain('Authorization');
+    expect(out.error.message).toContain('[REDACTED]');
+  });
+
+  it('redacts every value in a multi-value Cookie header', () => {
+    const out = sanitizeErrorPayload({
+      error: { message: 'Cookie: a=first; b=SECRET_SESSION; c=third' },
+    });
+    expect(out.error.message).not.toContain('SECRET_SESSION');
+    expect(out.error.message).not.toContain('a=first');
+    expect(out.error.message).not.toContain('c=third');
+    expect(out.error.message).toContain('Cookie: [REDACTED]');
+  });
+
+  it('redacts Set-Cookie value but preserves attributes (HttpOnly, Secure, Path)', () => {
+    const out = sanitizeErrorPayload({
+      error: { message: 'Set-Cookie: sess=TOKEN_XYZ; HttpOnly; Secure; Path=/' },
+    });
+    expect(out.error.message).not.toContain('TOKEN_XYZ');
+    expect(out.error.message).toContain('Set-Cookie: [REDACTED]');
+    expect(out.error.message).toContain('HttpOnly');
+    expect(out.error.message).toContain('Secure');
+  });
+
+  it('redacts secrets inside string elements of arrays (truncation flag no longer needed)', () => {
+    const out = sanitizeErrorPayload({
+      ghost: {
+        originalMessage: ['https://x/y?key=LEAKED_1', 'https://x/y?token=LEAKED_2'],
+      },
+    });
+    expect(JSON.stringify(out)).not.toContain('LEAKED_1');
+    expect(JSON.stringify(out)).not.toContain('LEAKED_2');
+    expect(out.ghost.originalMessage[0]).toContain('key=[REDACTED]');
+    expect(out.ghost.originalMessage[1]).toContain('token=[REDACTED]');
+  });
+
+  it('leaves benign content untouched', () => {
+    const input = {
+      error: { message: 'Title is required', code: 'GHOST_VALIDATION_ERROR', statusCode: 400 },
+      ghost: {
+        operation: 'posts.edit',
+        statusCode: 422,
+        originalMessage: 'Post title cannot be blank',
+      },
+    };
+    const out = sanitizeErrorPayload(input);
+    expect(out).toEqual(input);
+  });
+
+  it('truncates long originalMessage to 2KB cap', () => {
+    const longMsg = 'x'.repeat(5000);
+    const out = sanitizeErrorPayload({
+      ghost: { originalMessage: longMsg },
+    });
+    // 2048-byte cap + ellipsis suffix: result stays under 2100 characters.
+    expect(out.ghost.originalMessage.length).toBeLessThan(2100);
+    expect(out.ghost.originalMessage).toContain('[truncated]');
+  });
+
+  it('caps generic strings at 4KB even outside ghost.originalMessage', () => {
+    const longMsg = 'y'.repeat(10000);
+    const out = sanitizeErrorPayload({
+      error: { message: longMsg },
+    });
+    expect(out.error.message.length).toBeLessThan(4200);
+    expect(out.error.message).toContain('[truncated]');
+  });
+
+  it('redacts BEFORE truncating so secrets spanning the cap boundary cannot leak a prefix', () => {
+    // Place a 89-byte Ghost-shaped admin key so it STRADDLES the 4096-byte
+    // generic cap (starts at 4050, ends at 4139). The ordering matters only
+    // for boundary-spanning values:
+    //   redact-first → full pattern matches, entire secret becomes [REDACTED]
+    //     before truncation; no prefix of the secret remains in the output.
+    //   truncate-first → first 4096 bytes keep a 46-byte PREFIX of the secret;
+    //     GHOST_KEY_PATTERN requires the full 89 chars to match, so the
+    //     partial prefix slips past redaction and leaks.
+    const secret = `${'a'.repeat(24)}:${'b'.repeat(64)}`; // 89 bytes
+    const msg = 'x'.repeat(4050) + secret; // 4139 bytes — boundary at 4096 cuts the secret
+    const out = sanitizeErrorPayload({ error: { message: msg } });
+    expect(out.error.message).not.toContain(secret);
+    // The partial prefix that truncate-first would leave behind. If this
+    // appears in the output, redaction ran AFTER truncation on a string the
+    // pattern no longer matches.
+    const leakedPrefix = `${'a'.repeat(24)}:${'b'.repeat(21)}`;
+    expect(out.error.message).not.toContain(leakedPrefix);
+    expect(out.error.message).toContain('[REDACTED]');
+  });
+
+  it('does not redact env key when env var is empty', () => {
+    process.env.GHOST_ADMIN_API_KEY = '';
+    const out = sanitizeErrorPayload({ error: { message: 'harmless text' } });
+    expect(out.error.message).toBe('harmless text');
+  });
+
+  it('does not mutate the input object', () => {
+    process.env.GHOST_ADMIN_API_KEY = 'SECRET';
+    const input = { error: { message: 'contains SECRET' } };
+    const snapshot = JSON.parse(JSON.stringify(input));
+    sanitizeErrorPayload(input);
+    expect(input).toEqual(snapshot);
+  });
+});

package/src/utils/__tests__/validation.test.js

@@ -54,11 +54,14 @@ describe('validateToolInput', () => {
       const result = validateToolInput(testSchema, { name: '' }, 'test_tool');
 
       expect(result.success).toBe(false);
-      const errorObj = JSON.parse(result.errorResponse.content[0].text);
-      expect(errorObj.name).toBe('ValidationError');
-      expect(errorObj.code).toBe('VALIDATION_ERROR');
-      expect(errorObj.statusCode).toBe(400);
-      expect(errorObj.message).toContain('Validation failed');
+      const text = result.errorResponse.content[0].text;
+      const jsonMatch = text.match(/```json\n([\s\S]+?)\n```/);
+      expect(jsonMatch).toBeTruthy();
+      const envelope = JSON.parse(jsonMatch[1]);
+      expect(envelope.error.name).toBe('ValidationError');
+      expect(envelope.error.code).toBe('VALIDATION_ERROR');
+      expect(envelope.error.statusCode).toBe(400);
+      expect(envelope.error.message).toContain('Validation failed');
     });
   });
 
@@ -141,8 +144,11 @@ describe('validateToolInput', () => {
 
       expect(result.success).toBe(false);
       expect(result.errorResponse.isError).toBe(true);
-      const errorObj = JSON.parse(result.errorResponse.content[0].text);
-      expect(errorObj.code).toBe('VALIDATION_ERROR');
+      const text = result.errorResponse.content[0].text;
+      const jsonMatch = text.match(/```json\n([\s\S]+?)\n```/);
+      expect(jsonMatch).toBeTruthy();
+      const envelope = JSON.parse(jsonMatch[1]);
+      expect(envelope.error.code).toBe('VALIDATION_ERROR');
     });
 
     it('should pass validation when refinement is satisfied', () => {

package/src/utils/formatErrorResponse.js

@@ -0,0 +1,62 @@
+import { BaseError, GhostAPIError, ValidationError } from '../errors/index.js';
+import { sanitizeErrorPayload } from './sanitizeErrorPayload.js';
+
+/**
+ * Builds an MCP tool error response with a consistent envelope shape.
+ * All errors produce `{ error: {...} }`; GhostAPIError additionally includes
+ * a gated `ghost` sub-object with Ghost-specific diagnostic fields. Callers
+ * may pass an optional `extra` object whose contents will be merged into the
+ * envelope under an `extra` key and sanitized alongside the rest.
+ *
+ * @param {Error} error - The caught error.
+ * @param {string} toolName - MCP tool name for the human-readable summary line.
+ * @param {object} [extra] - Optional caller-supplied context; sanitized with the envelope.
+ * @returns {{content: {type: string, text: string}[], isError: true}}
+ */
+export function formatErrorResponse(error, toolName, extra) {
+  // Duck-type ZodError so we don't couple this module to the zod runtime.
+  const normalized =
+    error?.name === 'ZodError' && Array.isArray(error.issues)
+      ? ValidationError.fromZod(error, toolName)
+      : error;
+
+  const base =
+    normalized instanceof BaseError
+      ? normalized.toJSON()
+      : {
+          name: normalized?.name || 'Error',
+          message: normalized?.message || String(normalized),
+          code: 'UNKNOWN',
+          statusCode: 500,
+        };
+
+  const envelope = { error: base };
+
+  if (normalized instanceof GhostAPIError) {
+    envelope.ghost = {
+      operation: normalized.operation,
+      statusCode: normalized.ghostStatusCode,
+      // ExternalServiceError's constructor coerces originalError to a string;
+      // String() handles any surprise non-string value without branching.
+      originalMessage: String(normalized.originalError ?? ''),
+    };
+  }
+
+  // Guard against non-object `extra`: Object.keys(string) returns per-char
+  // indices and would silently set envelope.extra to that string.
+  if (extra && typeof extra === 'object' && Object.keys(extra).length > 0) {
+    envelope.extra = extra;
+  }
+
+  const sanitized = sanitizeErrorPayload(envelope);
+  const summary = sanitized.ghost
+    ? `Error in ${toolName}: ${sanitized.error.name} [${sanitized.ghost.statusCode ?? '?'} ${sanitized.error.code}] ${sanitized.ghost.operation ?? '?'}: ${sanitized.ghost.originalMessage ?? sanitized.error.message}`
+    : `Error in ${toolName}: ${sanitized.error.message}`;
+
+  const body = `${summary}\n\n\`\`\`json\n${JSON.stringify(sanitized, null, 2)}\n\`\`\``;
+
+  return {
+    content: [{ type: 'text', text: body }],
+    isError: true,
+  };
+}

package/src/utils/logger.js

@@ -9,6 +9,18 @@ const __dirname = path.dirname(__filename);
 const logLevel = process.env.LOG_LEVEL || 'info';
 const isDevelopment = process.env.NODE_ENV === 'development';
 
+// Every level winston emits must route to stderr — the stdio MCP transport
+// reserves stdout for JSON-RPC frames. Single source of truth so adding a new
+// level later can't silently leave one transport routing to stdout.
+const ALL_LEVELS_TO_STDERR = ['error', 'warn', 'info', 'debug'];
+
+// Factory for Console transports. Always forces stderrLevels for all npm
+// levels — caller cannot narrow it. Bare `new winston.transports.Console(...)`
+// is forbidden by ESLint outside this module so this factory is the only way
+// to construct a Console transport in the project.
+const createSafeConsoleTransport = (options = {}) =>
+  new winston.transports.Console({ ...options, stderrLevels: ALL_LEVELS_TO_STDERR });
+
 // Define custom log format
 const logFormat = winston.format.combine(
   winston.format.timestamp({
@@ -42,16 +54,9 @@ const logger = winston.createLogger({
     service: 'ghost-mcp-server',
     pid: process.pid,
   },
-  transports: [
-    // Console output
-    new winston.transports.Console({
-      level: isDevelopment ? 'debug' : 'info',
-    }),
-  ],
-  // Handle uncaught exceptions
-  exceptionHandlers: [new winston.transports.Console()],
-  // Handle unhandled promise rejections
-  rejectionHandlers: [new winston.transports.Console()],
+  transports: [createSafeConsoleTransport({ level: isDevelopment ? 'debug' : 'info' })],
+  exceptionHandlers: [createSafeConsoleTransport()],
+  rejectionHandlers: [createSafeConsoleTransport()],
 });
 
 // Add file logging in production
@@ -150,4 +155,4 @@ const createContextLogger = (context) => {
 };
 
 export default logger;
-export { createContextLogger };
+export { createContextLogger, createSafeConsoleTransport };

package/src/utils/sanitizeErrorPayload.js

@@ -0,0 +1,77 @@
+/**
+ * Sole chokepoint for sanitizing error payloads surfaced to MCP clients.
+ * Walks the envelope and replaces values that could leak credentials.
+ */
+
+const GHOST_KEY_PATTERN = /[0-9a-f]{24}:[0-9a-f]{64}/gi;
+const URL_SECRET_QS_PATTERN = /([?&](?:key|token|access_token)=)[^&\s"']+/gi;
+// Authorization / Set-Cookie values stop at ';' (Set-Cookie attributes like
+// HttpOnly/Secure are not secrets). A bare `Cookie` header can contain multiple
+// `name=value` pairs separated by ';' — all of which may be session tokens — so
+// it gets a separate, greedier pattern that stops only at end-of-line.
+const AUTH_HEADER_PATTERN = /(Authorization|Set-Cookie)\s*[:=]\s*[^\r\n,;]+/gi;
+// Negative look-behind so this pattern matches a bare `Cookie:` header but not
+// the `Cookie` substring inside `Set-Cookie:` (handled by AUTH_HEADER_PATTERN).
+const COOKIE_HEADER_PATTERN = /(?<!Set-)(Cookie)\s*[:=]\s*[^\r\n]+/gi;
+const REDACTED = '[REDACTED]';
+// Upper bound on any string value in the envelope (guards against pathological
+// Ghost responses bloating the MCP reply).
+const GENERIC_MAX_BYTES = 4096;
+// Tighter cap on `ghost.originalMessage` specifically.
+const ORIGINAL_MESSAGE_MAX_BYTES = 2048;
+
+function redactString(value, envKey) {
+  if (typeof value !== 'string' || value.length === 0) return value;
+  let out = value;
+  if (envKey) {
+    out = out.replaceAll(envKey, REDACTED);
+  }
+  out = out.replace(GHOST_KEY_PATTERN, REDACTED);
+  out = out.replace(URL_SECRET_QS_PATTERN, `$1${REDACTED}`);
+  out = out.replace(AUTH_HEADER_PATTERN, `$1: ${REDACTED}`);
+  out = out.replace(COOKIE_HEADER_PATTERN, `$1: ${REDACTED}`);
+  return out;
+}
+
+function truncate(value, maxBytes) {
+  if (typeof value !== 'string') return value;
+  if (Buffer.byteLength(value, 'utf8') <= maxBytes) return value;
+  // Slice by bytes (not chars) to honour the byte limit even for multibyte content.
+  return `${Buffer.from(value, 'utf8').subarray(0, maxBytes).toString('utf8')}…[truncated]`;
+}
+
+function walk(node, envKey) {
+  if (node === null || node === undefined) return node;
+  if (typeof node === 'string') return truncate(redactString(node, envKey), GENERIC_MAX_BYTES);
+  if (Array.isArray(node)) return node.map((item) => walk(item, envKey));
+  if (typeof node === 'object') {
+    const result = {};
+    for (const [k, v] of Object.entries(node)) {
+      result[k] = walk(v, envKey);
+    }
+    return result;
+  }
+  return node;
+}
+
+/**
+ * Deep-walks an error envelope and redacts known secret patterns.
+ * Non-destructive: returns a new object; does not mutate input.
+ *
+ * @param {object} envelope - Error envelope object.
+ * @returns {object} Sanitized envelope.
+ */
+export function sanitizeErrorPayload(envelope) {
+  const envKey = process.env.GHOST_ADMIN_API_KEY || '';
+  const sanitized = walk(envelope, envKey);
+  // Tighter cap for ghost.originalMessage specifically. walk() already applied
+  // the 4 KB generic cap; this narrows it further on the field most likely to
+  // receive a verbose Ghost response body.
+  if (sanitized?.ghost && typeof sanitized.ghost.originalMessage === 'string') {
+    sanitized.ghost.originalMessage = truncate(
+      sanitized.ghost.originalMessage,
+      ORIGINAL_MESSAGE_MAX_BYTES
+    );
+  }
+  return sanitized;
+}

package/src/utils/validation.js

@@ -2,7 +2,7 @@
  * Validation utilities for MCP tool handlers
  * Provides explicit Zod validation to ensure input is validated at handler entry points.
  */
-import { ValidationError } from '../errors/index.js';
+import { formatErrorResponse } from './formatErrorResponse.js';
 
 /**
  * Validates tool input against a Zod schema and returns a structured result.
@@ -15,13 +15,11 @@ import { ValidationError } from '../errors/index.js';
 export const validateToolInput = (schema, input, toolName) => {
   const result = schema.safeParse(input);
   if (!result.success) {
-    const error = ValidationError.fromZod(result.error, toolName);
+    // formatErrorResponse duck-types ZodError and coerces it to ValidationError,
+    // so pass the raw ZodError through — it owns the single coercion path.
     return {
       success: false,
-      errorResponse: {
-        content: [{ type: 'text', text: JSON.stringify(error.toJSON(), null, 2) }],
-        isError: true,
-      },
+      errorResponse: formatErrorResponse(result.error, toolName),
     };
   }
   return { success: true, data: result.data };