@jgardner04/ghost-mcp-server 1.14.1 → 1.14.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jgardner04/ghost-mcp-server",
-  "version": "1.14.1",
+  "version": "1.14.2",
   "description": "A Model Context Protocol (MCP) server for interacting with Ghost CMS via the Admin API",
   "author": "Jonathan Gardner",
   "type": "module",

package/src/__tests__/mcp_server.test.js

@@ -568,7 +568,7 @@ describe('mcp_server - ghost_get_tags tool', () => {
     );
   });
 
-  it('should escape single quotes in name parameter', async () => {
+  it('should backslash-escape single quotes in name parameter', async () => {
     const mockTags = [{ id: '1', name: "O'Reilly", slug: 'oreilly' }];
     mockGetTags.mockResolvedValue(mockTags);
 
@@ -577,12 +577,12 @@ describe('mcp_server - ghost_get_tags tool', () => {
 
     expect(mockGetTags).toHaveBeenCalledWith(
       expect.objectContaining({
-        filter: "name:'O''Reilly'",
+        filter: "name:'O\\'Reilly'",
       })
     );
   });
 
-  it('should escape single quotes in slug parameter', async () => {
+  it('should backslash-escape single quotes in slug parameter', async () => {
     const mockTags = [{ id: '1', name: 'Test', slug: "test'slug" }];
     mockGetTags.mockResolvedValue(mockTags);
 
@@ -591,7 +591,28 @@ describe('mcp_server - ghost_get_tags tool', () => {
 
     expect(mockGetTags).toHaveBeenCalledWith(
       expect.objectContaining({
-        filter: "slug:'test''slug'",
+        filter: "slug:'test\\'slug'",
+      })
+    );
+  });
+
+  // `name` has a schema regex allowlist (letters/digits/space/-/_/') so `\` and `"` are
+  // rejected at validation. `slug` has no such restriction, so it's the actual surface
+  // where backslash/double-quote can flow into the NQL filter — exercise it here.
+  it('should backslash-escape single quotes, double quotes, and backslashes in slug parameter', async () => {
+    // Input bytes:    a  '  b  \  "  c   (6 chars)
+    // After sanitize: a  \' b  \\ \" c   (9 chars)
+    // Filter string:  slug:'a\'b\\\"c'
+    const slug = 'a\'b\\"c';
+    // Mock return value is irrelevant — this test only asserts what mockGetTags was called with.
+    mockGetTags.mockResolvedValue([{ id: '1', name: 'Test', slug: 'test' }]);
+
+    const tool = mockTools.get('ghost_get_tags');
+    await tool.handler({ slug });
+
+    expect(mockGetTags).toHaveBeenCalledWith(
+      expect.objectContaining({
+        filter: "slug:'a\\'b\\\\\\\"c'",
       })
     );
   });

package/src/mcp_server.js

@@ -13,6 +13,7 @@ import { formatErrorResponse } from './utils/formatErrorResponse.js';
 import { createContextLogger } from './utils/logger.js';
 import { trackTempFile, cleanupTempFiles } from './utils/tempFileManager.js';
 import { resolveLocalImagePath, decodeBase64ToTempFile } from './utils/imageInputResolver.js';
+import { sanitizeNqlValue } from './utils/nqlSanitizer.js';
 import {
   createTagSchema,
   updateTagSchema,
@@ -76,9 +77,6 @@ const loadServices = async () => {
   }
 };
 
-// Generate UUID without external dependency
-const generateUuid = () => crypto.randomUUID();
-
 // Helper function for default alt text
 const getDefaultAltText = (filePath) => {
   try {
@@ -92,17 +90,6 @@ const getDefaultAltText = (filePath) => {
   }
 };
 
-/**
- * Escapes single quotes in NQL filter values by doubling them.
- * This prevents filter injection attacks when building NQL query strings.
- * Example: "O'Reilly" becomes "O''Reilly" for use in name:'O''Reilly'
- * @param {string} value - The value to escape
- * @returns {string} The escaped value safe for NQL filter strings
- */
-const escapeNqlValue = (value) => {
-  return value.replace(/'/g, "''");
-};
-
 /**
  * Higher-order function that wraps a tool handler with standardized
  * input validation, service loading, and error handling.
@@ -119,7 +106,6 @@ const escapeNqlValue = (value) => {
  */
 const withErrorHandling = (toolName, schema, handler) => {
   return async (rawInput) => {
-    console.error(`Executing tool: ${toolName}`);
     const validation = validateToolInput(schema, rawInput, toolName);
     if (!validation.success) {
       return validation.errorResponse;
@@ -177,10 +163,13 @@ server.registerTool(
     if (input.include !== undefined) options.include = input.include;
 
     // Build filter string from individual filter parameters
+    // Note: `slug` has no schema regex (see src/schemas/tagSchemas.js), so it is the
+    // primary NQL injection surface here. `name` has an allowlist that pre-rejects
+    // `\` and `"`. `visibility` is an enum, no escaping needed.
     const filters = [];
-    if (input.name) filters.push(`name:'${escapeNqlValue(input.name)}'`);
-    if (input.slug) filters.push(`slug:'${escapeNqlValue(input.slug)}'`);
-    if (input.visibility) filters.push(`visibility:'${input.visibility}'`); // visibility is enum-validated, no escaping needed
+    if (input.name) filters.push(`name:'${sanitizeNqlValue(input.name)}'`);
+    if (input.slug) filters.push(`slug:'${sanitizeNqlValue(input.slug)}'`);
+    if (input.visibility) filters.push(`visibility:'${input.visibility}'`);
     if (input.filter) filters.push(input.filter);
 
     if (filters.length > 0) {
@@ -188,7 +177,7 @@ server.registerTool(
     }
 
     const tags = await ghostService.getTags(options);
-    console.error(`Retrieved ${tags.length} tags from Ghost.`);
+    mcpLogger.info(`Retrieved ${tags.length} tags from Ghost.`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(tags, null, 2) }],
@@ -205,7 +194,7 @@ server.registerTool(
   },
   withErrorHandling('ghost_create_tag', createTagSchema, async (input) => {
     const createdTag = await ghostService.createTag(input);
-    console.error(`Tag created successfully. Tag ID: ${createdTag.id}`);
+    mcpLogger.info(`Tag created successfully. Tag ID: ${createdTag.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(createdTag, null, 2) }],
@@ -224,13 +213,10 @@ server.registerTool(
     const options = {};
     if (input.include !== undefined) options.include = input.include;
 
-    if (!input.id && !input.slug) {
-      throw new Error('Either id or slug is required');
-    }
     const identifier = input.id || `slug/${input.slug}`;
 
     const tag = await ghostService.getTag(identifier, options);
-    console.error(`Retrieved tag: ${tag.name} (ID: ${tag.id})`);
+    mcpLogger.info(`Retrieved tag: ${tag.name} (ID: ${tag.id})`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(tag, null, 2) }],
@@ -248,7 +234,7 @@ server.registerTool(
   withErrorHandling('ghost_update_tag', updateTagInputSchema, async (input) => {
     const { id, ...updateData } = input;
     const updatedTag = await ghostService.updateTag(id, updateData);
-    console.error(`Tag updated successfully. Tag ID: ${updatedTag.id}`);
+    mcpLogger.info(`Tag updated successfully. Tag ID: ${updatedTag.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(updatedTag, null, 2) }],
@@ -267,7 +253,7 @@ server.registerTool(
   withErrorHandling('ghost_delete_tag', deleteTagSchema, async (input) => {
     const { id } = input;
     await ghostService.deleteTag(id);
-    console.error(`Tag deleted successfully. Tag ID: ${id}`);
+    mcpLogger.info(`Tag deleted successfully. Tag ID: ${id}`);
 
     return {
       content: [{ type: 'text', text: `Tag ${id} has been successfully deleted.` }],
@@ -346,8 +332,8 @@ async function acquireImageForUpload({ imageUrl, imagePath: localPath, imageBase
 
     const extension = path.extname(imageUrl.split('?')[0]) || '.tmp';
     const filenameHint =
-      path.basename(imageUrl.split('?')[0]) || `image-${generateUuid()}${extension}`;
-    const downloadedPath = path.join(tempDir, `mcp-download-${generateUuid()}${extension}`);
+      path.basename(imageUrl.split('?')[0]) || `image-${crypto.randomUUID()}${extension}`;
+    const downloadedPath = path.join(tempDir, `mcp-download-${crypto.randomUUID()}${extension}`);
 
     let bytes = 0;
     response.data.on('data', (chunk) => {
@@ -436,7 +422,7 @@ function validateAndXorImageInput(schema, rawInput, toolName) {
   if (xorError) {
     return {
       success: false,
-      errorResponse: { content: [{ type: 'text', text: xorError }], isError: true },
+      errorResponse: formatErrorResponse(new Error(xorError), toolName),
     };
   }
   return validation;
@@ -522,7 +508,7 @@ server.registerTool(
         type === 'post'
           ? await ghostService.updatePost(id, updatePayload)
           : await ghostService.updatePage(id, updatePayload);
-      console.error(`ghost_set_feature_image: ${type} ${id} updated with ${uploadedUrl}`);
+      mcpLogger.info(`ghost_set_feature_image: ${type} ${id} updated with ${uploadedUrl}`);
       return {
         content: [
           {
@@ -592,7 +578,7 @@ server.registerTool(
   },
   withErrorHandling('ghost_create_post', createPostSchema, async (input) => {
     const createdPost = await postService.createPostService(input);
-    console.error(`Post created successfully. Post ID: ${createdPost.id}`);
+    mcpLogger.info(`Post created successfully. Post ID: ${createdPost.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(createdPost, null, 2) }],
@@ -621,7 +607,7 @@ server.registerTool(
     if (input.formats !== undefined) options.formats = input.formats;
 
     const posts = await ghostService.getPosts(options);
-    console.error(`Retrieved ${posts.length} posts from Ghost.`);
+    mcpLogger.info(`Retrieved ${posts.length} posts from Ghost.`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(posts, null, 2) }],
@@ -641,14 +627,11 @@ server.registerTool(
     const options = {};
     if (input.include !== undefined) options.include = input.include;
 
-    // Determine identifier (prefer ID over slug)
-    if (!input.id && !input.slug) {
-      throw new Error('Either id or slug is required');
-    }
+    // Prefer ID over slug. The schema's .refine() guarantees one is present.
     const identifier = input.id || `slug/${input.slug}`;
 
     const post = await ghostService.getPost(identifier, options);
-    console.error(`Retrieved post: ${post.title} (ID: ${post.id})`);
+    mcpLogger.info(`Retrieved post: ${post.title} (ID: ${post.id})`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(post, null, 2) }],
@@ -670,7 +653,7 @@ server.registerTool(
     if (input.limit !== undefined) options.limit = input.limit;
 
     const posts = await ghostService.searchPosts(input.query, options);
-    console.error(`Found ${posts.length} posts matching "${input.query}".`);
+    mcpLogger.info(`Found ${posts.length} posts matching "${input.query}".`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(posts, null, 2) }],
@@ -691,7 +674,7 @@ server.registerTool(
     const { id, ...updateData } = input;
 
     const updatedPost = await ghostService.updatePost(id, updateData);
-    console.error(`Post updated successfully. Post ID: ${updatedPost.id}`);
+    mcpLogger.info(`Post updated successfully. Post ID: ${updatedPost.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(updatedPost, null, 2) }],
@@ -710,7 +693,7 @@ server.registerTool(
   withErrorHandling('ghost_delete_post', deletePostSchema, async (input) => {
     const { id } = input;
     await ghostService.deletePost(id);
-    console.error(`Post deleted successfully. Post ID: ${id}`);
+    mcpLogger.info(`Post deleted successfully. Post ID: ${id}`);
 
     return {
       content: [{ type: 'text', text: `Post ${id} has been successfully deleted.` }],
@@ -780,7 +763,7 @@ server.registerTool(
     if (input.order !== undefined) options.order = input.order;
 
     const pages = await ghostService.getPages(options);
-    console.error(`Retrieved ${pages.length} pages from Ghost.`);
+    mcpLogger.info(`Retrieved ${pages.length} pages from Ghost.`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(pages, null, 2) }],
@@ -799,13 +782,10 @@ server.registerTool(
     const options = {};
     if (input.include !== undefined) options.include = input.include;
 
-    if (!input.id && !input.slug) {
-      throw new Error('Either id or slug is required');
-    }
     const identifier = input.id || `slug/${input.slug}`;
 
     const page = await ghostService.getPage(identifier, options);
-    console.error(`Retrieved page: ${page.title} (ID: ${page.id})`);
+    mcpLogger.info(`Retrieved page: ${page.title} (ID: ${page.id})`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(page, null, 2) }],
@@ -823,7 +803,7 @@ server.registerTool(
   },
   withErrorHandling('ghost_create_page', createPageSchema, async (input) => {
     const createdPage = await pageService.createPageService(input);
-    console.error(`Page created successfully. Page ID: ${createdPage.id}`);
+    mcpLogger.info(`Page created successfully. Page ID: ${createdPage.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(createdPage, null, 2) }],
@@ -843,7 +823,7 @@ server.registerTool(
     const { id, ...updateData } = input;
 
     const updatedPage = await ghostService.updatePage(id, updateData);
-    console.error(`Page updated successfully. Page ID: ${updatedPage.id}`);
+    mcpLogger.info(`Page updated successfully. Page ID: ${updatedPage.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(updatedPage, null, 2) }],
@@ -862,7 +842,7 @@ server.registerTool(
   withErrorHandling('ghost_delete_page', deletePageSchema, async (input) => {
     const { id } = input;
     await ghostService.deletePage(id);
-    console.error(`Page deleted successfully. Page ID: ${id}`);
+    mcpLogger.info(`Page deleted successfully. Page ID: ${id}`);
 
     return {
       content: [{ type: 'text', text: `Page ${id} has been successfully deleted.` }],
@@ -883,7 +863,7 @@ server.registerTool(
     if (input.limit !== undefined) options.limit = input.limit;
 
     const pages = await ghostService.searchPages(input.query, options);
-    console.error(`Found ${pages.length} pages matching "${input.query}".`);
+    mcpLogger.info(`Found ${pages.length} pages matching "${input.query}".`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(pages, null, 2) }],
@@ -931,7 +911,7 @@ server.registerTool(
   },
   withErrorHandling('ghost_create_member', createMemberSchema, async (input) => {
     const createdMember = await ghostService.createMember(input);
-    console.error(`Member created successfully. Member ID: ${createdMember.id}`);
+    mcpLogger.info(`Member created successfully. Member ID: ${createdMember.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(createdMember, null, 2) }],
@@ -950,7 +930,7 @@ server.registerTool(
     const { id, ...updateData } = input;
 
     const updatedMember = await ghostService.updateMember(id, updateData);
-    console.error(`Member updated successfully. Member ID: ${updatedMember.id}`);
+    mcpLogger.info(`Member updated successfully. Member ID: ${updatedMember.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(updatedMember, null, 2) }],
@@ -969,7 +949,7 @@ server.registerTool(
   withErrorHandling('ghost_delete_member', deleteMemberSchema, async (input) => {
     const { id } = input;
     await ghostService.deleteMember(id);
-    console.error(`Member deleted successfully. Member ID: ${id}`);
+    mcpLogger.info(`Member deleted successfully. Member ID: ${id}`);
 
     return {
       content: [{ type: 'text', text: `Member ${id} has been successfully deleted.` }],
@@ -994,7 +974,7 @@ server.registerTool(
     if (input.include !== undefined) options.include = input.include;
 
     const members = await ghostService.getMembers(options);
-    console.error(`Retrieved ${members.length} members from Ghost.`);
+    mcpLogger.info(`Retrieved ${members.length} members from Ghost.`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(members, null, 2) }],
@@ -1013,7 +993,7 @@ server.registerTool(
   withErrorHandling('ghost_get_member', getMemberSchema, async (input) => {
     const { id, email } = input;
     const member = await ghostService.getMember({ id, email });
-    console.error(`Retrieved member: ${member.email} (ID: ${member.id})`);
+    mcpLogger.info(`Retrieved member: ${member.email} (ID: ${member.id})`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(member, null, 2) }],
@@ -1034,7 +1014,7 @@ server.registerTool(
     if (limit !== undefined) options.limit = limit;
 
     const members = await ghostService.searchMembers(query, options);
-    console.error(`Found ${members.length} members matching "${query}".`);
+    mcpLogger.info(`Found ${members.length} members matching "${query}".`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(members, null, 2) }],
@@ -1066,7 +1046,7 @@ server.registerTool(
     if (input.order !== undefined) options.order = input.order;
 
     const newsletters = await ghostService.getNewsletters(options);
-    console.error(`Retrieved ${newsletters.length} newsletters from Ghost.`);
+    mcpLogger.info(`Retrieved ${newsletters.length} newsletters from Ghost.`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(newsletters, null, 2) }],
@@ -1084,7 +1064,7 @@ server.registerTool(
   withErrorHandling('ghost_get_newsletter', getNewsletterSchema, async (input) => {
     const { id } = input;
     const newsletter = await ghostService.getNewsletter(id);
-    console.error(`Retrieved newsletter: ${newsletter.name} (ID: ${newsletter.id})`);
+    mcpLogger.info(`Retrieved newsletter: ${newsletter.name} (ID: ${newsletter.id})`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(newsletter, null, 2) }],
@@ -1102,7 +1082,7 @@ server.registerTool(
   },
   withErrorHandling('ghost_create_newsletter', createNewsletterSchema, async (input) => {
     const createdNewsletter = await newsletterService.createNewsletterService(input);
-    console.error(`Newsletter created successfully. Newsletter ID: ${createdNewsletter.id}`);
+    mcpLogger.info(`Newsletter created successfully. Newsletter ID: ${createdNewsletter.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(createdNewsletter, null, 2) }],
@@ -1122,7 +1102,7 @@ server.registerTool(
     const { id, ...updateData } = input;
 
     const updatedNewsletter = await ghostService.updateNewsletter(id, updateData);
-    console.error(`Newsletter updated successfully. Newsletter ID: ${updatedNewsletter.id}`);
+    mcpLogger.info(`Newsletter updated successfully. Newsletter ID: ${updatedNewsletter.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(updatedNewsletter, null, 2) }],
@@ -1141,7 +1121,7 @@ server.registerTool(
   withErrorHandling('ghost_delete_newsletter', deleteNewsletterSchema, async (input) => {
     const { id } = input;
     await ghostService.deleteNewsletter(id);
-    console.error(`Newsletter deleted successfully. Newsletter ID: ${id}`);
+    mcpLogger.info(`Newsletter deleted successfully. Newsletter ID: ${id}`);
 
     return {
       content: [{ type: 'text', text: `Newsletter ${id} has been successfully deleted.` }],
@@ -1166,7 +1146,7 @@ server.registerTool(
   },
   withErrorHandling('ghost_get_tiers', tierQuerySchema, async (input) => {
     const tiers = await ghostService.getTiers(input);
-    console.error(`Retrieved ${tiers.length} tiers`);
+    mcpLogger.info(`Retrieved ${tiers.length} tiers`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(tiers, null, 2) }],
@@ -1184,7 +1164,7 @@ server.registerTool(
   withErrorHandling('ghost_get_tier', getTierSchema, async (input) => {
     const { id } = input;
     const tier = await ghostService.getTier(id);
-    console.error(`Tier retrieved successfully. Tier ID: ${tier.id}`);
+    mcpLogger.info(`Tier retrieved successfully. Tier ID: ${tier.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(tier, null, 2) }],
@@ -1201,7 +1181,7 @@ server.registerTool(
   },
   withErrorHandling('ghost_create_tier', createTierSchema, async (input) => {
     const tier = await ghostService.createTier(input);
-    console.error(`Tier created successfully. Tier ID: ${tier.id}`);
+    mcpLogger.info(`Tier created successfully. Tier ID: ${tier.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(tier, null, 2) }],
@@ -1221,7 +1201,7 @@ server.registerTool(
     const { id, ...updateData } = input;
 
     const updatedTier = await ghostService.updateTier(id, updateData);
-    console.error(`Tier updated successfully. Tier ID: ${updatedTier.id}`);
+    mcpLogger.info(`Tier updated successfully. Tier ID: ${updatedTier.id}`);
 
     return {
       content: [{ type: 'text', text: JSON.stringify(updatedTier, null, 2) }],
@@ -1240,7 +1220,7 @@ server.registerTool(
   withErrorHandling('ghost_delete_tier', deleteTierSchema, async (input) => {
     const { id } = input;
     await ghostService.deleteTier(id);
-    console.error(`Tier deleted successfully. Tier ID: ${id}`);
+    mcpLogger.info(`Tier deleted successfully. Tier ID: ${id}`);
 
     return {
       content: [{ type: 'text', text: `Tier ${id} has been successfully deleted.` }],
@@ -1258,7 +1238,7 @@ async function main() {
 
   console.error('Ghost MCP Server running on stdio transport');
   console.error(
-    'Available tools: ghost_get_tags, ghost_create_tag, ghost_get_tag, ghost_update_tag, ghost_delete_tag, ghost_upload_image, ' +
+    'Available tools: ghost_get_tags, ghost_create_tag, ghost_get_tag, ghost_update_tag, ghost_delete_tag, ghost_upload_image, ghost_set_feature_image, ' +
       'ghost_create_post, ghost_get_posts, ghost_get_post, ghost_search_posts, ghost_update_post, ghost_delete_post, ' +
       'ghost_get_pages, ghost_get_page, ghost_create_page, ghost_update_page, ghost_delete_page, ghost_search_pages, ' +
       'ghost_create_member, ghost_update_member, ghost_delete_member, ghost_get_members, ghost_get_member, ghost_search_members, ' +

package/src/services/ghostService.js

@@ -33,7 +33,7 @@ const api = new GhostAdminAPI({
 const handleApiRequest = async (resource, action, data = {}, options = {}, retries = 3) => {
   if (!api[resource] || typeof api[resource][action] !== 'function') {
     const errorMsg = `Invalid Ghost API resource or action: ${resource}.${action}`;
-    console.error(errorMsg);
+    logger.error(errorMsg);
     throw new Error(errorMsg);
   }
 
@@ -116,14 +116,6 @@ const handleApiRequest = async (resource, action, data = {}, options = {}, retri
 // Example function (will be expanded later)
 const getSiteInfo = async () => {
   return handleApiRequest('site', 'read');
-  // try {
-  //   const site = await api.site.read();
-  //   console.log("Connected to Ghost site:", site.title);
-  //   return site;
-  // } catch (error) {
-  //   console.error("Error connecting to Ghost Admin API:", error);
-  //   throw error; // Re-throw the error for handling upstream
-  // }
 };
 
 /**

package/src/utils/__tests__/formatErrorResponse.test.js

@@ -131,6 +131,26 @@ describe('formatErrorResponse', () => {
     });
   });
 
+  describe('XOR image-input error pass-through', () => {
+    it('renders the XOR error through the sanitized envelope shape', () => {
+      // Mirror the call shape `validateAndXorImageInput` uses when the caller
+      // supplied more than one of imageUrl/imagePath/imageBase64.
+      const xorError = new Error('Provide exactly one of imageUrl, imagePath, or imageBase64.');
+      const response = formatErrorResponse(xorError, 'ghost_upload_image');
+
+      expect(response.isError).toBe(true);
+      expect(response.content[0].type).toBe('text');
+      expect(response.content[0].text).toContain('Error in ghost_upload_image:');
+
+      const envelope = parseJsonBlock(response.content[0].text);
+      expect(envelope.error).toBeDefined();
+      expect(envelope.error.message).toBe(
+        'Provide exactly one of imageUrl, imagePath, or imageBase64.'
+      );
+      expect(envelope).not.toHaveProperty('ghost');
+    });
+  });
+
   describe('ZodError coercion', () => {
     it('coerces ZodError-shaped input to VALIDATION_ERROR / 400 envelope', () => {
       const zodLike = Object.assign(new Error('zod'), {

package/src/utils/__tests__/logger.test.js

@@ -1,5 +1,6 @@
 import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
-import { createContextLogger } from '../logger.js';
+import { LEVEL, MESSAGE } from 'triple-beam';
+import { createContextLogger, createSafeConsoleTransport } from '../logger.js';
 import logger from '../logger.js';
 
 describe('logger', () => {
@@ -21,6 +22,94 @@ describe('logger', () => {
     });
   });
 
+  describe('transport routing', () => {
+    // stdio MCP transport uses stdout for JSON-RPC frames; all log output must
+    // land on stderr so a log line cannot corrupt the protocol channel.
+    let stdoutSpy;
+    let stderrSpy;
+
+    beforeEach(() => {
+      // Winston writes to console._stdout/_stderr (Node aliases for
+      // process.stdout/stderr, captured at logger construction). Spy on the
+      // same references winston uses so the hook lines up with the write.
+      // These are Node internals — fail loudly if they ever disappear so the
+      // test cannot silently turn into a no-op when the assumption breaks.
+      if (!console._stdout || !console._stderr) {
+        throw new Error(
+          'console._stdout/_stderr unavailable; logger transport-routing test ' +
+            'assumptions broken — winston uses these refs for its Console transport.'
+        );
+      }
+      stdoutSpy = vi.spyOn(console._stdout, 'write').mockImplementation(() => true);
+      stderrSpy = vi.spyOn(console._stderr, 'write').mockImplementation(() => true);
+    });
+
+    afterEach(() => {
+      vi.restoreAllMocks();
+    });
+
+    // The stderrLevels contract is pinned by the createSafeConsoleTransport
+    // suite below. Routing tests below verify the runtime side: every level's
+    // bytes actually land on stderr, not stdout.
+
+    // Drive the Console transport's log() directly. Winston's writable-stream
+    // pipeline can defer writes across ticks, so routing the message through
+    // logger.info() makes the test flaky. The transport's routing logic is
+    // synchronous, so calling log() with a winston-shaped info object covers it.
+    const makeInfo = (level, message) => ({
+      level,
+      message,
+      [LEVEL]: level,
+      [MESSAGE]: `formatted: ${message}`,
+    });
+
+    it.each([['error'], ['warn'], ['info'], ['debug']])('routes %s level to stderr', (level) => {
+      const transport = logger.transports.find((t) => t.name === 'console');
+      transport.log(makeInfo(level, `${level}-test`), () => {});
+      expect(stderrSpy).toHaveBeenCalledWith(expect.stringContaining(`${level}-test`));
+      expect(stdoutSpy).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('createSafeConsoleTransport', () => {
+    // Factory exists so the stderrLevels invariant cannot drift away from any
+    // future Console transport. Bare `new winston.transports.Console(...)` is
+    // forbidden by ESLint outside this module; this test pins the contract.
+
+    it('returns a winston Console transport', () => {
+      const t = createSafeConsoleTransport();
+      expect(t).toBeDefined();
+      expect(t.name).toBe('console');
+    });
+
+    it('always sets stderrLevels for every level', () => {
+      const t = createSafeConsoleTransport();
+      expect(t.stderrLevels).toMatchObject({
+        error: true,
+        warn: true,
+        info: true,
+        debug: true,
+      });
+    });
+
+    it('preserves caller-supplied options like level', () => {
+      const t = createSafeConsoleTransport({ level: 'warn' });
+      expect(t.level).toBe('warn');
+    });
+
+    it('forces stderrLevels even if caller tries to override it', () => {
+      // Defense in depth: a caller cannot accidentally narrow stderrLevels
+      // by passing their own array. This is the whole point of the factory.
+      const t = createSafeConsoleTransport({ stderrLevels: ['error'] });
+      expect(t.stderrLevels).toMatchObject({
+        error: true,
+        warn: true,
+        info: true,
+        debug: true,
+      });
+    });
+  });
+
   describe('createContextLogger', () => {
     let contextLogger;
     let logSpy;

package/src/utils/__tests__/sanitizeErrorPayload.test.js

@@ -105,15 +105,46 @@ describe('sanitizeErrorPayload', () => {
     expect(out).toEqual(input);
   });
 
-  it('truncates long originalMessage', () => {
+  it('truncates long originalMessage to 2KB cap', () => {
     const longMsg = 'x'.repeat(5000);
     const out = sanitizeErrorPayload({
       ghost: { originalMessage: longMsg },
     });
-    expect(out.ghost.originalMessage.length).toBeLessThan(longMsg.length);
+    // 2048-byte cap + ellipsis suffix: result stays under 2100 characters.
+    expect(out.ghost.originalMessage.length).toBeLessThan(2100);
     expect(out.ghost.originalMessage).toContain('[truncated]');
   });
 
+  it('caps generic strings at 4KB even outside ghost.originalMessage', () => {
+    const longMsg = 'y'.repeat(10000);
+    const out = sanitizeErrorPayload({
+      error: { message: longMsg },
+    });
+    expect(out.error.message.length).toBeLessThan(4200);
+    expect(out.error.message).toContain('[truncated]');
+  });
+
+  it('redacts BEFORE truncating so secrets spanning the cap boundary cannot leak a prefix', () => {
+    // Place a 89-byte Ghost-shaped admin key so it STRADDLES the 4096-byte
+    // generic cap (starts at 4050, ends at 4139). The ordering matters only
+    // for boundary-spanning values:
+    //   redact-first → full pattern matches, entire secret becomes [REDACTED]
+    //     before truncation; no prefix of the secret remains in the output.
+    //   truncate-first → first 4096 bytes keep a 46-byte PREFIX of the secret;
+    //     GHOST_KEY_PATTERN requires the full 89 chars to match, so the
+    //     partial prefix slips past redaction and leaks.
+    const secret = `${'a'.repeat(24)}:${'b'.repeat(64)}`; // 89 bytes
+    const msg = 'x'.repeat(4050) + secret; // 4139 bytes — boundary at 4096 cuts the secret
+    const out = sanitizeErrorPayload({ error: { message: msg } });
+    expect(out.error.message).not.toContain(secret);
+    // The partial prefix that truncate-first would leave behind. If this
+    // appears in the output, redaction ran AFTER truncation on a string the
+    // pattern no longer matches.
+    const leakedPrefix = `${'a'.repeat(24)}:${'b'.repeat(21)}`;
+    expect(out.error.message).not.toContain(leakedPrefix);
+    expect(out.error.message).toContain('[REDACTED]');
+  });
+
   it('does not redact env key when env var is empty', () => {
     process.env.GHOST_ADMIN_API_KEY = '';
     const out = sanitizeErrorPayload({ error: { message: 'harmless text' } });

package/src/utils/formatErrorResponse.js

@@ -36,15 +36,14 @@ export function formatErrorResponse(error, toolName, extra) {
     envelope.ghost = {
       operation: normalized.operation,
       statusCode: normalized.ghostStatusCode,
-      // normalized.originalError is already a string (coerced by ExternalServiceError constructor);
-      // coerce again defensively so the sanitizer always receives a string, not an Error object.
-      originalMessage:
-        typeof normalized.originalError === 'string'
-          ? normalized.originalError
-          : (normalized.originalError?.message ?? String(normalized.originalError)),
+      // ExternalServiceError's constructor coerces originalError to a string;
+      // String() handles any surprise non-string value without branching.
+      originalMessage: String(normalized.originalError ?? ''),
     };
   }
 
+  // Guard against non-object `extra`: Object.keys(string) returns per-char
+  // indices and would silently set envelope.extra to that string.
   if (extra && typeof extra === 'object' && Object.keys(extra).length > 0) {
     envelope.extra = extra;
   }

package/src/utils/logger.js

@@ -9,6 +9,18 @@ const __dirname = path.dirname(__filename);
 const logLevel = process.env.LOG_LEVEL || 'info';
 const isDevelopment = process.env.NODE_ENV === 'development';
 
+// Every level winston emits must route to stderr — the stdio MCP transport
+// reserves stdout for JSON-RPC frames. Single source of truth so adding a new
+// level later can't silently leave one transport routing to stdout.
+const ALL_LEVELS_TO_STDERR = ['error', 'warn', 'info', 'debug'];
+
+// Factory for Console transports. Always forces stderrLevels for all npm
+// levels — caller cannot narrow it. Bare `new winston.transports.Console(...)`
+// is forbidden by ESLint outside this module so this factory is the only way
+// to construct a Console transport in the project.
+const createSafeConsoleTransport = (options = {}) =>
+  new winston.transports.Console({ ...options, stderrLevels: ALL_LEVELS_TO_STDERR });
+
 // Define custom log format
 const logFormat = winston.format.combine(
   winston.format.timestamp({
@@ -42,16 +54,9 @@ const logger = winston.createLogger({
     service: 'ghost-mcp-server',
     pid: process.pid,
   },
-  transports: [
-    // Console output
-    new winston.transports.Console({
-      level: isDevelopment ? 'debug' : 'info',
-    }),
-  ],
-  // Handle uncaught exceptions
-  exceptionHandlers: [new winston.transports.Console()],
-  // Handle unhandled promise rejections
-  rejectionHandlers: [new winston.transports.Console()],
+  transports: [createSafeConsoleTransport({ level: isDevelopment ? 'debug' : 'info' })],
+  exceptionHandlers: [createSafeConsoleTransport()],
+  rejectionHandlers: [createSafeConsoleTransport()],
 });
 
 // Add file logging in production
@@ -150,4 +155,4 @@ const createContextLogger = (context) => {
 };
 
 export default logger;
-export { createContextLogger };
+export { createContextLogger, createSafeConsoleTransport };

package/src/utils/sanitizeErrorPayload.js

@@ -14,6 +14,10 @@ const AUTH_HEADER_PATTERN = /(Authorization|Set-Cookie)\s*[:=]\s*[^\r\n,;]+/gi;
 // the `Cookie` substring inside `Set-Cookie:` (handled by AUTH_HEADER_PATTERN).
 const COOKIE_HEADER_PATTERN = /(?<!Set-)(Cookie)\s*[:=]\s*[^\r\n]+/gi;
 const REDACTED = '[REDACTED]';
+// Upper bound on any string value in the envelope (guards against pathological
+// Ghost responses bloating the MCP reply).
+const GENERIC_MAX_BYTES = 4096;
+// Tighter cap on `ghost.originalMessage` specifically.
 const ORIGINAL_MESSAGE_MAX_BYTES = 2048;
 
 function redactString(value, envKey) {
@@ -38,16 +42,12 @@ function truncate(value, maxBytes) {
 
 function walk(node, envKey) {
   if (node === null || node === undefined) return node;
-  if (typeof node === 'string') return redactString(node, envKey);
+  if (typeof node === 'string') return truncate(redactString(node, envKey), GENERIC_MAX_BYTES);
   if (Array.isArray(node)) return node.map((item) => walk(item, envKey));
   if (typeof node === 'object') {
     const result = {};
     for (const [k, v] of Object.entries(node)) {
-      const walked = walk(v, envKey);
-      result[k] =
-        k === 'originalMessage' && typeof walked === 'string'
-          ? truncate(walked, ORIGINAL_MESSAGE_MAX_BYTES)
-          : walked;
+      result[k] = walk(v, envKey);
     }
     return result;
   }
@@ -63,5 +63,15 @@ function walk(node, envKey) {
  */
 export function sanitizeErrorPayload(envelope) {
   const envKey = process.env.GHOST_ADMIN_API_KEY || '';
-  return walk(envelope, envKey);
+  const sanitized = walk(envelope, envKey);
+  // Tighter cap for ghost.originalMessage specifically. walk() already applied
+  // the 4 KB generic cap; this narrows it further on the field most likely to
+  // receive a verbose Ghost response body.
+  if (sanitized?.ghost && typeof sanitized.ghost.originalMessage === 'string') {
+    sanitized.ghost.originalMessage = truncate(
+      sanitized.ghost.originalMessage,
+      ORIGINAL_MESSAGE_MAX_BYTES
+    );
+  }
+  return sanitized;
 }

package/src/utils/validation.js

@@ -2,7 +2,6 @@
  * Validation utilities for MCP tool handlers
  * Provides explicit Zod validation to ensure input is validated at handler entry points.
  */
-import { ValidationError } from '../errors/index.js';
 import { formatErrorResponse } from './formatErrorResponse.js';
 
 /**
@@ -16,10 +15,11 @@ import { formatErrorResponse } from './formatErrorResponse.js';
 export const validateToolInput = (schema, input, toolName) => {
   const result = schema.safeParse(input);
   if (!result.success) {
-    const error = ValidationError.fromZod(result.error, toolName);
+    // formatErrorResponse duck-types ZodError and coerces it to ValidationError,
+    // so pass the raw ZodError through — it owns the single coercion path.
     return {
       success: false,
-      errorResponse: formatErrorResponse(error, toolName),
+      errorResponse: formatErrorResponse(result.error, toolName),
     };
   }
   return { success: true, data: result.data };