@jgardner04/ghost-mcp-server 1.8.0 → 1.9.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jgardner04/ghost-mcp-server",
-  "version": "1.8.0",
+  "version": "1.9.0",
   "description": "A Model Context Protocol (MCP) server for interacting with Ghost CMS via the Admin API",
   "author": "Jonathan Gardner",
   "type": "module",

package/src/mcp_server_improved.js

@@ -903,6 +903,122 @@ server.tool(
   }
 );
 
+// =============================================================================
+// MEMBER TOOLS
+// Member management for Ghost CMS subscribers
+// =============================================================================
+
+// Create Member Tool
+server.tool(
+  'ghost_create_member',
+  'Creates a new member (subscriber) in Ghost CMS.',
+  {
+    email: z.string().email().describe('The email address of the member (required).'),
+    name: z.string().optional().describe('The name of the member.'),
+    note: z.string().optional().describe('A note about the member.'),
+    labels: z.array(z.string()).optional().describe('List of label names to assign to the member.'),
+    newsletters: z
+      .array(z.object({ id: z.string() }))
+      .optional()
+      .describe('List of newsletter objects with id field to subscribe the member to.'),
+    subscribed: z
+      .boolean()
+      .optional()
+      .describe('Whether the member is subscribed to emails. Defaults to true.'),
+  },
+  async (input) => {
+    console.error(`Executing tool: ghost_create_member with email: ${input.email}`);
+    try {
+      await loadServices();
+
+      const ghostServiceImproved = await import('./services/ghostServiceImproved.js');
+      const createdMember = await ghostServiceImproved.createMember(input);
+      console.error(`Member created successfully. Member ID: ${createdMember.id}`);
+
+      return {
+        content: [{ type: 'text', text: JSON.stringify(createdMember, null, 2) }],
+      };
+    } catch (error) {
+      console.error(`Error in ghost_create_member:`, error);
+      return {
+        content: [{ type: 'text', text: `Error creating member: ${error.message}` }],
+        isError: true,
+      };
+    }
+  }
+);
+
+// Update Member Tool
+server.tool(
+  'ghost_update_member',
+  'Updates an existing member in Ghost CMS. All fields except id are optional.',
+  {
+    id: z.string().describe('The ID of the member to update.'),
+    email: z.string().email().optional().describe('New email address for the member.'),
+    name: z.string().optional().describe('New name for the member.'),
+    note: z.string().optional().describe('New note about the member.'),
+    labels: z
+      .array(z.string())
+      .optional()
+      .describe('New list of label names to assign to the member.'),
+    newsletters: z
+      .array(z.object({ id: z.string() }))
+      .optional()
+      .describe('New list of newsletter objects with id field to subscribe the member to.'),
+  },
+  async (input) => {
+    console.error(`Executing tool: ghost_update_member for member ID: ${input.id}`);
+    try {
+      await loadServices();
+
+      const { id, ...updateData } = input;
+
+      const ghostServiceImproved = await import('./services/ghostServiceImproved.js');
+      const updatedMember = await ghostServiceImproved.updateMember(id, updateData);
+      console.error(`Member updated successfully. Member ID: ${updatedMember.id}`);
+
+      return {
+        content: [{ type: 'text', text: JSON.stringify(updatedMember, null, 2) }],
+      };
+    } catch (error) {
+      console.error(`Error in ghost_update_member:`, error);
+      return {
+        content: [{ type: 'text', text: `Error updating member: ${error.message}` }],
+        isError: true,
+      };
+    }
+  }
+);
+
+// Delete Member Tool
+server.tool(
+  'ghost_delete_member',
+  'Deletes a member from Ghost CMS by ID. This operation is permanent and cannot be undone.',
+  {
+    id: z.string().describe('The ID of the member to delete.'),
+  },
+  async ({ id }) => {
+    console.error(`Executing tool: ghost_delete_member for member ID: ${id}`);
+    try {
+      await loadServices();
+
+      const ghostServiceImproved = await import('./services/ghostServiceImproved.js');
+      await ghostServiceImproved.deleteMember(id);
+      console.error(`Member deleted successfully. Member ID: ${id}`);
+
+      return {
+        content: [{ type: 'text', text: `Member ${id} has been successfully deleted.` }],
+      };
+    } catch (error) {
+      console.error(`Error in ghost_delete_member:`, error);
+      return {
+        content: [{ type: 'text', text: `Error deleting member: ${error.message}` }],
+        isError: true,
+      };
+    }
+  }
+);
+
 // =============================================================================
 // NEWSLETTER TOOLS
 // =============================================================================
@@ -1108,6 +1224,7 @@ async function main() {
     'Available tools: ghost_get_tags, ghost_create_tag, ghost_get_tag, ghost_update_tag, ghost_delete_tag, ghost_upload_image, ' +
       'ghost_create_post, ghost_get_posts, ghost_get_post, ghost_search_posts, ghost_update_post, ghost_delete_post, ' +
       'ghost_get_pages, ghost_get_page, ghost_create_page, ghost_update_page, ghost_delete_page, ghost_search_pages, ' +
+      'ghost_create_member, ghost_update_member, ghost_delete_member, ' +
       'ghost_get_newsletters, ghost_get_newsletter, ghost_create_newsletter, ghost_update_newsletter, ghost_delete_newsletter'
   );
 }

package/src/services/__tests__/ghostServiceImproved.members.test.js

@@ -0,0 +1,261 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { createMockContextLogger } from '../../__tests__/helpers/mockLogger.js';
+import { mockDotenv } from '../../__tests__/helpers/testUtils.js';
+
+// Mock the Ghost Admin API with members support
+vi.mock('@tryghost/admin-api', () => ({
+  default: vi.fn(function () {
+    return {
+      posts: {
+        add: vi.fn(),
+        browse: vi.fn(),
+        read: vi.fn(),
+        edit: vi.fn(),
+        delete: vi.fn(),
+      },
+      pages: {
+        add: vi.fn(),
+        browse: vi.fn(),
+        read: vi.fn(),
+        edit: vi.fn(),
+        delete: vi.fn(),
+      },
+      tags: {
+        add: vi.fn(),
+        browse: vi.fn(),
+        read: vi.fn(),
+        edit: vi.fn(),
+        delete: vi.fn(),
+      },
+      members: {
+        add: vi.fn(),
+        browse: vi.fn(),
+        read: vi.fn(),
+        edit: vi.fn(),
+        delete: vi.fn(),
+      },
+      site: {
+        read: vi.fn(),
+      },
+      images: {
+        upload: vi.fn(),
+      },
+    };
+  }),
+}));
+
+// Mock dotenv
+vi.mock('dotenv', () => mockDotenv());
+
+// Mock logger
+vi.mock('../../utils/logger.js', () => ({
+  createContextLogger: createMockContextLogger(),
+}));
+
+// Mock fs for validateImagePath
+vi.mock('fs/promises', () => ({
+  default: {
+    access: vi.fn(),
+  },
+}));
+
+// Import after setting up mocks
+import { createMember, updateMember, deleteMember, api } from '../ghostServiceImproved.js';
+
+describe('ghostServiceImproved - Members', () => {
+  beforeEach(() => {
+    // Reset all mocks before each test
+    vi.clearAllMocks();
+  });
+
+  describe('createMember', () => {
+    it('should create a member with required email', async () => {
+      const memberData = {
+        email: 'test@example.com',
+      };
+
+      const mockCreatedMember = {
+        id: 'member-1',
+        email: 'test@example.com',
+        status: 'free',
+      };
+
+      api.members.add.mockResolvedValue(mockCreatedMember);
+
+      const result = await createMember(memberData);
+
+      expect(api.members.add).toHaveBeenCalledWith(
+        expect.objectContaining({
+          email: 'test@example.com',
+        }),
+        expect.any(Object)
+      );
+      expect(result).toEqual(mockCreatedMember);
+    });
+
+    it('should create a member with optional fields', async () => {
+      const memberData = {
+        email: 'test@example.com',
+        name: 'John Doe',
+        note: 'Test member',
+        labels: ['premium', 'newsletter'],
+        newsletters: [{ id: 'newsletter-1' }],
+        subscribed: true,
+      };
+
+      const mockCreatedMember = {
+        id: 'member-1',
+        ...memberData,
+        status: 'free',
+      };
+
+      api.members.add.mockResolvedValue(mockCreatedMember);
+
+      const result = await createMember(memberData);
+
+      expect(api.members.add).toHaveBeenCalledWith(
+        expect.objectContaining(memberData),
+        expect.any(Object)
+      );
+      expect(result).toEqual(mockCreatedMember);
+    });
+
+    it('should throw validation error for missing email', async () => {
+      await expect(createMember({})).rejects.toThrow('Member validation failed');
+    });
+
+    it('should throw validation error for invalid email', async () => {
+      await expect(createMember({ email: 'invalid-email' })).rejects.toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should throw validation error for invalid labels type', async () => {
+      await expect(
+        createMember({
+          email: 'test@example.com',
+          labels: 'premium',
+        })
+      ).rejects.toThrow('Member validation failed');
+    });
+
+    it('should handle Ghost API errors', async () => {
+      const memberData = {
+        email: 'test@example.com',
+      };
+
+      api.members.add.mockRejectedValue(new Error('Ghost API Error'));
+
+      await expect(createMember(memberData)).rejects.toThrow();
+    });
+  });
+
+  describe('updateMember', () => {
+    it('should update a member with valid ID and data', async () => {
+      const memberId = 'member-1';
+      const updateData = {
+        name: 'Jane Doe',
+        note: 'Updated note',
+      };
+
+      const mockExistingMember = {
+        id: memberId,
+        email: 'test@example.com',
+        name: 'John Doe',
+        updated_at: '2023-01-01T00:00:00.000Z',
+      };
+
+      const mockUpdatedMember = {
+        ...mockExistingMember,
+        ...updateData,
+      };
+
+      api.members.read.mockResolvedValue(mockExistingMember);
+      api.members.edit.mockResolvedValue(mockUpdatedMember);
+
+      const result = await updateMember(memberId, updateData);
+
+      expect(api.members.read).toHaveBeenCalledWith(expect.any(Object), { id: memberId });
+      expect(api.members.edit).toHaveBeenCalledWith(
+        expect.objectContaining({
+          ...mockExistingMember,
+          ...updateData,
+        }),
+        expect.objectContaining({ id: memberId })
+      );
+      expect(result).toEqual(mockUpdatedMember);
+    });
+
+    it('should update member email if provided', async () => {
+      const memberId = 'member-1';
+      const updateData = {
+        email: 'newemail@example.com',
+      };
+
+      const mockExistingMember = {
+        id: memberId,
+        email: 'test@example.com',
+        updated_at: '2023-01-01T00:00:00.000Z',
+      };
+
+      const mockUpdatedMember = {
+        ...mockExistingMember,
+        email: 'newemail@example.com',
+      };
+
+      api.members.read.mockResolvedValue(mockExistingMember);
+      api.members.edit.mockResolvedValue(mockUpdatedMember);
+
+      const result = await updateMember(memberId, updateData);
+
+      expect(result.email).toBe('newemail@example.com');
+    });
+
+    it('should throw validation error for missing member ID', async () => {
+      await expect(updateMember(null, { name: 'Test' })).rejects.toThrow(
+        'Member ID is required for update'
+      );
+    });
+
+    it('should throw validation error for invalid email in update', async () => {
+      await expect(updateMember('member-1', { email: 'invalid-email' })).rejects.toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should throw not found error if member does not exist', async () => {
+      api.members.read.mockRejectedValue({
+        response: { status: 404 },
+        message: 'Member not found',
+      });
+
+      await expect(updateMember('non-existent', { name: 'Test' })).rejects.toThrow();
+    });
+  });
+
+  describe('deleteMember', () => {
+    it('should delete a member with valid ID', async () => {
+      const memberId = 'member-1';
+
+      api.members.delete.mockResolvedValue({ deleted: true });
+
+      const result = await deleteMember(memberId);
+
+      expect(api.members.delete).toHaveBeenCalledWith(memberId, expect.any(Object));
+      expect(result).toEqual({ deleted: true });
+    });
+
+    it('should throw validation error for missing member ID', async () => {
+      await expect(deleteMember(null)).rejects.toThrow('Member ID is required for deletion');
+    });
+
+    it('should throw not found error if member does not exist', async () => {
+      api.members.delete.mockRejectedValue({
+        response: { status: 404 },
+        message: 'Member not found',
+      });
+
+      await expect(deleteMember('non-existent')).rejects.toThrow();
+    });
+  });
+});

package/src/services/__tests__/memberService.test.js

@@ -0,0 +1,245 @@
+import { describe, it, expect } from 'vitest';
+import { validateMemberData, validateMemberUpdateData } from '../memberService.js';
+
+describe('memberService - Validation', () => {
+  describe('validateMemberData', () => {
+    it('should validate required email field', () => {
+      expect(() => validateMemberData({})).toThrow('Member validation failed');
+      expect(() => validateMemberData({ email: '' })).toThrow('Member validation failed');
+      expect(() => validateMemberData({ email: '   ' })).toThrow('Member validation failed');
+    });
+
+    it('should validate email format', () => {
+      expect(() => validateMemberData({ email: 'invalid-email' })).toThrow(
+        'Member validation failed'
+      );
+      expect(() => validateMemberData({ email: 'test@' })).toThrow('Member validation failed');
+      expect(() => validateMemberData({ email: '@test.com' })).toThrow('Member validation failed');
+    });
+
+    it('should accept valid email', () => {
+      expect(() => validateMemberData({ email: 'test@example.com' })).not.toThrow();
+    });
+
+    it('should accept optional name field', () => {
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', name: 'John Doe' })
+      ).not.toThrow();
+    });
+
+    it('should accept optional note field', () => {
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', note: 'Test note' })
+      ).not.toThrow();
+    });
+
+    it('should accept optional labels array', () => {
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', labels: ['premium', 'newsletter'] })
+      ).not.toThrow();
+    });
+
+    it('should validate labels is an array', () => {
+      expect(() => validateMemberData({ email: 'test@example.com', labels: 'premium' })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should accept optional newsletters array', () => {
+      expect(() =>
+        validateMemberData({
+          email: 'test@example.com',
+          newsletters: [{ id: 'newsletter-1' }],
+        })
+      ).not.toThrow();
+    });
+
+    it('should validate newsletter objects have id field', () => {
+      expect(() =>
+        validateMemberData({
+          email: 'test@example.com',
+          newsletters: [{ name: 'Newsletter' }],
+        })
+      ).toThrow('Member validation failed');
+    });
+
+    it('should accept optional subscribed boolean', () => {
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', subscribed: true })
+      ).not.toThrow();
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', subscribed: false })
+      ).not.toThrow();
+    });
+
+    it('should validate subscribed is a boolean', () => {
+      expect(() => validateMemberData({ email: 'test@example.com', subscribed: 'yes' })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should validate name length', () => {
+      const longName = 'a'.repeat(192); // Exceeds MAX_NAME_LENGTH (191)
+      expect(() => validateMemberData({ email: 'test@example.com', name: longName })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should accept name at max length', () => {
+      const maxName = 'a'.repeat(191); // At MAX_NAME_LENGTH
+      expect(() => validateMemberData({ email: 'test@example.com', name: maxName })).not.toThrow();
+    });
+
+    it('should validate note length', () => {
+      const longNote = 'a'.repeat(2001); // Exceeds MAX_NOTE_LENGTH (2000)
+      expect(() => validateMemberData({ email: 'test@example.com', note: longNote })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should accept note at max length', () => {
+      const maxNote = 'a'.repeat(2000); // At MAX_NOTE_LENGTH
+      expect(() => validateMemberData({ email: 'test@example.com', note: maxNote })).not.toThrow();
+    });
+
+    it('should sanitize HTML in note field', () => {
+      const memberData = {
+        email: 'test@example.com',
+        note: '<script>alert("xss")</script>Test note',
+      };
+      validateMemberData(memberData);
+      expect(memberData.note).toBe('Test note'); // HTML should be stripped
+    });
+
+    it('should validate label length', () => {
+      const longLabel = 'a'.repeat(192); // Exceeds MAX_LABEL_LENGTH (191)
+      expect(() => validateMemberData({ email: 'test@example.com', labels: [longLabel] })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should reject empty string labels', () => {
+      expect(() => validateMemberData({ email: 'test@example.com', labels: [''] })).toThrow(
+        'Member validation failed'
+      );
+      expect(() => validateMemberData({ email: 'test@example.com', labels: ['  '] })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should reject non-string labels', () => {
+      expect(() => validateMemberData({ email: 'test@example.com', labels: [123] })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should reject empty newsletter IDs', () => {
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', newsletters: [{ id: '' }] })
+      ).toThrow('Member validation failed');
+      expect(() =>
+        validateMemberData({ email: 'test@example.com', newsletters: [{ id: '  ' }] })
+      ).toThrow('Member validation failed');
+    });
+  });
+
+  describe('validateMemberUpdateData', () => {
+    it('should validate email format if provided', () => {
+      expect(() => validateMemberUpdateData({ email: 'invalid-email' })).toThrow(
+        'Member validation failed'
+      );
+      expect(() => validateMemberUpdateData({ email: 'test@example.com' })).not.toThrow();
+    });
+
+    it('should accept update with only name', () => {
+      expect(() => validateMemberUpdateData({ name: 'John Doe' })).not.toThrow();
+    });
+
+    it('should accept update with only note', () => {
+      expect(() => validateMemberUpdateData({ note: 'Updated note' })).not.toThrow();
+    });
+
+    it('should accept update with only labels', () => {
+      expect(() => validateMemberUpdateData({ labels: ['premium'] })).not.toThrow();
+    });
+
+    it('should validate labels is an array if provided', () => {
+      expect(() => validateMemberUpdateData({ labels: 'premium' })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should accept update with only newsletters', () => {
+      expect(() =>
+        validateMemberUpdateData({ newsletters: [{ id: 'newsletter-1' }] })
+      ).not.toThrow();
+    });
+
+    it('should validate newsletter objects have id field if provided', () => {
+      expect(() => validateMemberUpdateData({ newsletters: [{ name: 'Newsletter' }] })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should allow empty update object', () => {
+      expect(() => validateMemberUpdateData({})).not.toThrow();
+    });
+
+    it('should validate name length in updates', () => {
+      const longName = 'a'.repeat(192); // Exceeds MAX_NAME_LENGTH (191)
+      expect(() => validateMemberUpdateData({ name: longName })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should accept name at max length in updates', () => {
+      const maxName = 'a'.repeat(191); // At MAX_NAME_LENGTH
+      expect(() => validateMemberUpdateData({ name: maxName })).not.toThrow();
+    });
+
+    it('should validate note length in updates', () => {
+      const longNote = 'a'.repeat(2001); // Exceeds MAX_NOTE_LENGTH (2000)
+      expect(() => validateMemberUpdateData({ note: longNote })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should accept note at max length in updates', () => {
+      const maxNote = 'a'.repeat(2000); // At MAX_NOTE_LENGTH
+      expect(() => validateMemberUpdateData({ note: maxNote })).not.toThrow();
+    });
+
+    it('should sanitize HTML in note field for updates', () => {
+      const updateData = { note: '<script>alert("xss")</script>Updated note' };
+      validateMemberUpdateData(updateData);
+      expect(updateData.note).toBe('Updated note'); // HTML should be stripped
+    });
+
+    it('should validate label length in updates', () => {
+      const longLabel = 'a'.repeat(192); // Exceeds MAX_LABEL_LENGTH (191)
+      expect(() => validateMemberUpdateData({ labels: [longLabel] })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should reject empty string labels in updates', () => {
+      expect(() => validateMemberUpdateData({ labels: [''] })).toThrow('Member validation failed');
+      expect(() => validateMemberUpdateData({ labels: ['  '] })).toThrow(
+        'Member validation failed'
+      );
+    });
+
+    it('should reject non-string labels in updates', () => {
+      expect(() => validateMemberUpdateData({ labels: [123] })).toThrow('Member validation failed');
+    });
+
+    it('should reject empty newsletter IDs in updates', () => {
+      expect(() => validateMemberUpdateData({ newsletters: [{ id: '' }] })).toThrow(
+        'Member validation failed'
+      );
+      expect(() => validateMemberUpdateData({ newsletters: [{ id: '  ' }] })).toThrow(
+        'Member validation failed'
+      );
+    });
+  });
+});

package/src/services/ghostServiceImproved.js

@@ -772,6 +772,110 @@ export async function deleteTag(tagId) {
   }
 }
 
+/**
+ * Member CRUD Operations
+ * Members represent subscribers/users in Ghost CMS
+ */
+
+/**
+ * Creates a new member (subscriber) in Ghost CMS
+ * @param {Object} memberData - The member data
+ * @param {string} memberData.email - Member email (required)
+ * @param {string} [memberData.name] - Member name
+ * @param {string} [memberData.note] - Notes about the member (HTML will be sanitized)
+ * @param {string[]} [memberData.labels] - Array of label names
+ * @param {Object[]} [memberData.newsletters] - Array of newsletter objects with id
+ * @param {boolean} [memberData.subscribed] - Email subscription status
+ * @param {Object} [options] - Additional options for the API request
+ * @returns {Promise<Object>} The created member object
+ * @throws {ValidationError} If validation fails
+ * @throws {GhostAPIError} If the API request fails
+ */
+export async function createMember(memberData, options = {}) {
+  // Import and validate input
+  const { validateMemberData } = await import('./memberService.js');
+  validateMemberData(memberData);
+
+  try {
+    return await handleApiRequest('members', 'add', memberData, options);
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 422) {
+      throw new ValidationError('Member creation failed due to validation errors', [
+        { field: 'member', message: error.originalError },
+      ]);
+    }
+    throw error;
+  }
+}
+
+/**
+ * Updates an existing member in Ghost CMS
+ * @param {string} memberId - The member ID to update
+ * @param {Object} updateData - The member update data
+ * @param {string} [updateData.email] - Member email
+ * @param {string} [updateData.name] - Member name
+ * @param {string} [updateData.note] - Notes about the member (HTML will be sanitized)
+ * @param {string[]} [updateData.labels] - Array of label names
+ * @param {Object[]} [updateData.newsletters] - Array of newsletter objects with id
+ * @param {boolean} [updateData.subscribed] - Email subscription status
+ * @param {Object} [options] - Additional options for the API request
+ * @returns {Promise<Object>} The updated member object
+ * @throws {ValidationError} If validation fails
+ * @throws {NotFoundError} If the member is not found
+ * @throws {GhostAPIError} If the API request fails
+ */
+export async function updateMember(memberId, updateData, options = {}) {
+  if (!memberId) {
+    throw new ValidationError('Member ID is required for update');
+  }
+
+  // Import and validate update data
+  const { validateMemberUpdateData } = await import('./memberService.js');
+  validateMemberUpdateData(updateData);
+
+  try {
+    // Get existing member to retrieve updated_at for conflict resolution
+    const existingMember = await handleApiRequest('members', 'read', { id: memberId });
+
+    // Merge existing data with updates, preserving updated_at
+    const mergedData = {
+      ...existingMember,
+      ...updateData,
+      updated_at: existingMember.updated_at,
+    };
+
+    return await handleApiRequest('members', 'edit', mergedData, { id: memberId, ...options });
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 404) {
+      throw new NotFoundError('Member', memberId);
+    }
+    throw error;
+  }
+}
+
+/**
+ * Deletes a member from Ghost CMS
+ * @param {string} memberId - The member ID to delete
+ * @returns {Promise<Object>} Deletion confirmation object
+ * @throws {ValidationError} If member ID is not provided
+ * @throws {NotFoundError} If the member is not found
+ * @throws {GhostAPIError} If the API request fails
+ */
+export async function deleteMember(memberId) {
+  if (!memberId) {
+    throw new ValidationError('Member ID is required for deletion');
+  }
+
+  try {
+    return await handleApiRequest('members', 'delete', { id: memberId });
+  } catch (error) {
+    if (error instanceof GhostAPIError && error.ghostStatusCode === 404) {
+      throw new NotFoundError('Member', memberId);
+    }
+    throw error;
+  }
+}
+
 /**
  * Newsletter CRUD Operations
  */
@@ -920,6 +1024,9 @@ export default {
   getTag,
   updateTag,
   deleteTag,
+  createMember,
+  updateMember,
+  deleteMember,
   getNewsletters,
   getNewsletter,
   createNewsletter,

package/src/services/memberService.js

@@ -0,0 +1,202 @@
+import sanitizeHtml from 'sanitize-html';
+import { ValidationError } from '../errors/index.js';
+
+/**
+ * Email validation regex
+ * Simple but effective email validation
+ */
+const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+
+/**
+ * Maximum length constants (following Ghost's database constraints)
+ */
+const MAX_NAME_LENGTH = 191; // Ghost's typical varchar limit
+const MAX_NOTE_LENGTH = 2000; // Reasonable limit for notes
+const MAX_LABEL_LENGTH = 191; // Label name limit
+
+/**
+ * Validates member data for creation
+ * @param {Object} memberData - The member data to validate
+ * @throws {ValidationError} If validation fails
+ */
+export function validateMemberData(memberData) {
+  const errors = [];
+
+  // Email is required and must be valid
+  if (!memberData.email || memberData.email.trim().length === 0) {
+    errors.push({ field: 'email', message: 'Email is required' });
+  } else if (!EMAIL_REGEX.test(memberData.email)) {
+    errors.push({ field: 'email', message: 'Invalid email format' });
+  }
+
+  // Name is optional but must be a string with valid length if provided
+  if (memberData.name !== undefined) {
+    if (typeof memberData.name !== 'string') {
+      errors.push({ field: 'name', message: 'Name must be a string' });
+    } else if (memberData.name.length > MAX_NAME_LENGTH) {
+      errors.push({ field: 'name', message: `Name must not exceed ${MAX_NAME_LENGTH} characters` });
+    }
+  }
+
+  // Note is optional but must be a string with valid length if provided
+  // Sanitize HTML to prevent XSS attacks
+  if (memberData.note !== undefined) {
+    if (typeof memberData.note !== 'string') {
+      errors.push({ field: 'note', message: 'Note must be a string' });
+    } else {
+      if (memberData.note.length > MAX_NOTE_LENGTH) {
+        errors.push({
+          field: 'note',
+          message: `Note must not exceed ${MAX_NOTE_LENGTH} characters`,
+        });
+      }
+      // Sanitize HTML content - strip all HTML tags for notes
+      memberData.note = sanitizeHtml(memberData.note, {
+        allowedTags: [], // Strip all HTML
+        allowedAttributes: {},
+      });
+    }
+  }
+
+  // Labels is optional but must be an array of valid strings if provided
+  if (memberData.labels !== undefined) {
+    if (!Array.isArray(memberData.labels)) {
+      errors.push({ field: 'labels', message: 'Labels must be an array' });
+    } else {
+      // Validate each label is a non-empty string within length limit
+      const invalidLabels = memberData.labels.filter(
+        (label) =>
+          typeof label !== 'string' || label.trim().length === 0 || label.length > MAX_LABEL_LENGTH
+      );
+      if (invalidLabels.length > 0) {
+        errors.push({
+          field: 'labels',
+          message: `Each label must be a non-empty string (max ${MAX_LABEL_LENGTH} characters)`,
+        });
+      }
+    }
+  }
+
+  // Newsletters is optional but must be an array of objects with valid id field
+  if (memberData.newsletters !== undefined) {
+    if (!Array.isArray(memberData.newsletters)) {
+      errors.push({ field: 'newsletters', message: 'Newsletters must be an array' });
+    } else {
+      // Validate each newsletter has a non-empty string id
+      const invalidNewsletters = memberData.newsletters.filter(
+        (newsletter) =>
+          !newsletter.id || typeof newsletter.id !== 'string' || newsletter.id.trim().length === 0
+      );
+      if (invalidNewsletters.length > 0) {
+        errors.push({
+          field: 'newsletters',
+          message: 'Each newsletter must have a non-empty id field',
+        });
+      }
+    }
+  }
+
+  // Subscribed is optional but must be a boolean if provided
+  if (memberData.subscribed !== undefined && typeof memberData.subscribed !== 'boolean') {
+    errors.push({ field: 'subscribed', message: 'Subscribed must be a boolean' });
+  }
+
+  if (errors.length > 0) {
+    throw new ValidationError('Member validation failed', errors);
+  }
+}
+
+/**
+ * Validates member data for update
+ * All fields are optional for updates, but if provided they must be valid
+ * @param {Object} updateData - The member update data to validate
+ * @throws {ValidationError} If validation fails
+ */
+export function validateMemberUpdateData(updateData) {
+  const errors = [];
+
+  // Email is optional for update but must be valid if provided
+  if (updateData.email !== undefined) {
+    if (typeof updateData.email !== 'string' || updateData.email.trim().length === 0) {
+      errors.push({ field: 'email', message: 'Email must be a non-empty string' });
+    } else if (!EMAIL_REGEX.test(updateData.email)) {
+      errors.push({ field: 'email', message: 'Invalid email format' });
+    }
+  }
+
+  // Name is optional but must be a string with valid length if provided
+  if (updateData.name !== undefined) {
+    if (typeof updateData.name !== 'string') {
+      errors.push({ field: 'name', message: 'Name must be a string' });
+    } else if (updateData.name.length > MAX_NAME_LENGTH) {
+      errors.push({ field: 'name', message: `Name must not exceed ${MAX_NAME_LENGTH} characters` });
+    }
+  }
+
+  // Note is optional but must be a string with valid length if provided
+  // Sanitize HTML to prevent XSS attacks
+  if (updateData.note !== undefined) {
+    if (typeof updateData.note !== 'string') {
+      errors.push({ field: 'note', message: 'Note must be a string' });
+    } else {
+      if (updateData.note.length > MAX_NOTE_LENGTH) {
+        errors.push({
+          field: 'note',
+          message: `Note must not exceed ${MAX_NOTE_LENGTH} characters`,
+        });
+      }
+      // Sanitize HTML content - strip all HTML tags for notes
+      updateData.note = sanitizeHtml(updateData.note, {
+        allowedTags: [], // Strip all HTML
+        allowedAttributes: {},
+      });
+    }
+  }
+
+  // Labels is optional but must be an array of valid strings if provided
+  if (updateData.labels !== undefined) {
+    if (!Array.isArray(updateData.labels)) {
+      errors.push({ field: 'labels', message: 'Labels must be an array' });
+    } else {
+      // Validate each label is a non-empty string within length limit
+      const invalidLabels = updateData.labels.filter(
+        (label) =>
+          typeof label !== 'string' || label.trim().length === 0 || label.length > MAX_LABEL_LENGTH
+      );
+      if (invalidLabels.length > 0) {
+        errors.push({
+          field: 'labels',
+          message: `Each label must be a non-empty string (max ${MAX_LABEL_LENGTH} characters)`,
+        });
+      }
+    }
+  }
+
+  // Newsletters is optional but must be an array of objects with valid id field
+  if (updateData.newsletters !== undefined) {
+    if (!Array.isArray(updateData.newsletters)) {
+      errors.push({ field: 'newsletters', message: 'Newsletters must be an array' });
+    } else {
+      // Validate each newsletter has a non-empty string id
+      const invalidNewsletters = updateData.newsletters.filter(
+        (newsletter) =>
+          !newsletter.id || typeof newsletter.id !== 'string' || newsletter.id.trim().length === 0
+      );
+      if (invalidNewsletters.length > 0) {
+        errors.push({
+          field: 'newsletters',
+          message: 'Each newsletter must have a non-empty id field',
+        });
+      }
+    }
+  }
+
+  if (errors.length > 0) {
+    throw new ValidationError('Member validation failed', errors);
+  }
+}
+
+export default {
+  validateMemberData,
+  validateMemberUpdateData,
+};