@koderlabs/tasks-mcp 0.1.0

package/dist/chunk-ULHBL6XY.js

@@ -0,0 +1,2289 @@
+// @koderlabs/tasks-mcp — generated build, do not edit
+
+// src/server.ts
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import {
+  CallToolRequestSchema,
+  ListToolsRequestSchema
+} from "@modelcontextprotocol/sdk/types.js";
+
+// src/tools/discover/whoami.ts
+import { z } from "zod";
+
+// src/tools/define.ts
+import { zodToJsonSchema as convertZodToJsonSchema } from "zod-to-json-schema";
+function defineTool(definition) {
+  return definition;
+}
+function zodToJsonSchema(schema) {
+  const out = convertZodToJsonSchema(schema, {
+    target: "openApi3",
+    $refStrategy: "none"
+  });
+  delete out.$schema;
+  delete out.definitions;
+  return out;
+}
+
+// src/tools/discover/whoami.ts
+import { SCOPE } from "@koderlabs/tasks-sdk-types";
+var DESCRIPTION = `
+USE WHEN:
+- You need to know which InstantTasks organization or projects are accessible
+  with the current token before running any other tool.
+- The user asks "who am I?" or "what can I access?" in the context of
+  InstantTasks.
+- You want to confirm token validity before a long agentic workflow.
+
+DO NOT USE:
+- To fetch a specific ticket, issue, or bug report \u2014 use get_ticket_details,
+  get_issue_details, or get_bug_report for those.
+- More than once per session unless the token changes.
+
+TRIGGER PATTERNS:
+- "what projects do I have access to"
+- "show my organizations"
+- "check my token"
+- "am I logged in to InstantTasks"
+- Before calling find_organizations or find_projects as a pre-flight check.
+
+<examples>
+<example>
+<user>What projects do I have access to?</user>
+<tool>whoami</tool>
+<result>You have access to 1 organization: KoderLabs (slug: koderlabs). Projects: FE (Frontend), BE (Backend).</result>
+</example>
+</examples>
+`.trim();
+var whoamiTool = defineTool({
+  name: "whoami",
+  title: "Identify Current User",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  skills: ["discover"],
+  requiredScopes: [SCOPE.PROJECT_READ],
+  description: DESCRIPTION,
+  inputSchema: z.object({}),
+  async handler(_params, ctx) {
+    const orgs = await ctx.apiClient.listOrganizations();
+    if (orgs.length === 0) {
+      return {
+        content: [{ type: "text", text: "No organizations found for this token." }]
+      };
+    }
+    const lines = [];
+    for (const org of orgs) {
+      const projects = await ctx.apiClient.listProjects(org.id);
+      lines.push(`Organization: ${org.name} (${org.slug})${org.isPersonal ? " [personal]" : ""}`);
+      if (projects.length === 0) {
+        lines.push("  No projects.");
+      } else {
+        for (const p of projects) {
+          lines.push(`  Project: ${p.key} \u2014 ${p.name}`);
+        }
+      }
+    }
+    return {
+      content: [{ type: "text", text: lines.join("\n") }]
+    };
+  }
+});
+
+// src/tools/discover/find-organizations.ts
+import { z as z2 } from "zod";
+import { SCOPE as SCOPE2 } from "@koderlabs/tasks-sdk-types";
+
+// src/formatting/ticket.ts
+function formatTicket(t) {
+  const lines = [
+    `${t.key} \u2014 ${t.title}`,
+    `Status: ${t.status} | Priority: ${t.priority}`,
+    t.assigneeId ? `Assignee ID: ${t.assigneeId}` : "Assignee: unassigned",
+    t.reporterId ? `Reporter ID: ${t.reporterId}` : "",
+    `Created: ${t.createdAt.slice(0, 10)} | Updated: ${t.updatedAt.slice(0, 10)}`
+  ];
+  if (t.description) {
+    lines.push("", "Description:", t.description.slice(0, 2e3));
+    if (t.description.length > 2e3) lines.push("[description truncated]");
+  }
+  const cfKeys = Object.keys(t.customFields ?? {}).filter(
+    (k) => !["screenshotAttachmentId", "annotationsAttachmentId", "sdkEventId", "sdkMetadata"].includes(k)
+  );
+  if (cfKeys.length) {
+    lines.push("", "Custom fields:");
+    for (const k of cfKeys) {
+      lines.push(`  ${k}: ${JSON.stringify(t.customFields[k])}`);
+    }
+  }
+  return lines.filter(Boolean).join("\n");
+}
+function formatTicketList(tickets) {
+  const lines = tickets.map(
+    (t) => `${t.key} \u2014 ${t.title} [${t.status}] [${t.priority}]`
+  );
+  return `${tickets.length} ticket(s) found:
+${lines.join("\n")}`;
+}
+function formatOrganizationList(orgs) {
+  if (orgs.length === 0) return "No organizations found.";
+  const lines = orgs.map(
+    (o) => `${o.name} (slug: ${o.slug}, personal: ${o.isPersonal})`
+  );
+  return `${orgs.length} organization(s):
+${lines.join("\n")}`;
+}
+
+// src/tools/discover/find-organizations.ts
+var DESCRIPTION2 = `
+USE WHEN:
+- You need a list of organizations the current token can access, e.g. before
+  calling find_projects with a specific organizationId.
+- The user asks which teams, workspaces, or organizations they belong to.
+
+DO NOT USE:
+- To get project details \u2014 use find_projects instead.
+- When you already have the organizationId you need.
+
+TRIGGER PATTERNS:
+- "list my organizations"
+- "show all workspaces"
+- "what teams / orgs do I have?"
+- "organization slug for <name>"
+
+<examples>
+<example>
+<user>List all my organizations.</user>
+<tool>find_organizations</tool>
+<result>1 organization found: KoderLabs (slug: koderlabs, personal: false)</result>
+</example>
+</examples>
+`.trim();
+var findOrganizationsTool = defineTool({
+  name: "find_organizations",
+  title: "Find Organizations",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  skills: ["discover"],
+  requiredScopes: [SCOPE2.PROJECT_READ],
+  description: DESCRIPTION2,
+  inputSchema: z2.object({}),
+  async handler(_params, ctx) {
+    const orgs = await ctx.apiClient.listOrganizations();
+    return {
+      content: [{ type: "text", text: formatOrganizationList(orgs) }]
+    };
+  }
+});
+
+// src/tools/discover/find-projects.ts
+import { z as z3 } from "zod";
+import { SCOPE as SCOPE3 } from "@koderlabs/tasks-sdk-types";
+
+// src/errors.ts
+import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
+var UserInputError = class extends McpError {
+  constructor(message) {
+    super(ErrorCode.InvalidParams, message);
+    this.name = "UserInputError";
+  }
+};
+var ApiNotFoundError = class extends McpError {
+  constructor(resource, id) {
+    super(ErrorCode.InvalidParams, `${resource} not found: ${id}`);
+    this.name = "ApiNotFoundError";
+  }
+};
+var ScopeError = class extends McpError {
+  constructor(requiredScope) {
+    super(ErrorCode.InvalidRequest, `Token missing required scope: ${requiredScope}`);
+    this.name = "ScopeError";
+  }
+};
+var ApiError = class extends McpError {
+  constructor(message, statusCode) {
+    super(ErrorCode.InternalError, `InstantTasks API error: ${message}`);
+    this.statusCode = statusCode;
+    this.name = "ApiError";
+  }
+  statusCode;
+};
+var AuthError = class extends McpError {
+  constructor(reason, detail) {
+    super(ErrorCode.InvalidRequest, detail ? `${reason}: ${detail}` : reason);
+    this.reason = reason;
+    this.name = "AuthError";
+  }
+  reason;
+};
+
+// src/tools/discover/find-projects.ts
+var DESCRIPTION3 = `
+USE WHEN:
+- You need a project's key (e.g. "FE", "BE") to pass into find_tickets,
+  get_ticket_details, or find_issues.
+- The user asks to list projects in a workspace or organization.
+
+DO NOT USE:
+- To fetch tickets \u2014 use find_tickets or get_ticket_details.
+- Without an organizationId \u2014 call find_organizations first.
+
+TRIGGER PATTERNS:
+- "show projects in <org>"
+- "what project key is <name>?"
+- "list all projects"
+
+<examples>
+<example>
+<user>What projects are in the KoderLabs organization?</user>
+<tool>find_projects { "organizationId": "uuid-here" }</tool>
+<result>3 projects: FE (Frontend), BE (Backend), MOB (Mobile)</result>
+</example>
+</examples>
+`.trim();
+var findProjectsTool = defineTool({
+  name: "find_projects",
+  title: "Find Projects",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  skills: ["discover"],
+  requiredScopes: [SCOPE3.PROJECT_READ],
+  description: DESCRIPTION3,
+  inputSchema: z3.object({
+    organizationId: z3.string().describe("UUID of the organization")
+  }),
+  async handler(params, ctx) {
+    if (!params.organizationId) throw new UserInputError("organizationId is required");
+    const projects = await ctx.apiClient.listProjects(params.organizationId);
+    if (projects.length === 0) {
+      return { content: [{ type: "text", text: "No projects found." }] };
+    }
+    const lines = projects.map((p) => `${p.key} \u2014 ${p.name}${p.description ? `: ${p.description}` : ""}`);
+    return { content: [{ type: "text", text: `${projects.length} project(s):
+${lines.join("\n")}` }] };
+  }
+});
+
+// src/tools/discover/find-releases.ts
+import { z as z4 } from "zod";
+import { SCOPE as SCOPE4 } from "@koderlabs/tasks-sdk-types";
+var DESCRIPTION4 = `
+USE WHEN:
+- You need to know which releases or versions exist in a project, e.g. to
+  filter bug reports to a specific release or answer "what version shipped X?".
+- The user asks for release history or version list.
+
+DO NOT USE:
+- To look up ticket-level version data \u2014 use get_ticket_details instead.
+- When you already have the version string you need.
+
+TRIGGER PATTERNS:
+- "list releases for <project>"
+- "what versions exist in <project>?"
+- "show release history"
+- "when was v2.3 released?"
+
+<examples>
+<example>
+<user>List recent releases in the FE project.</user>
+<tool>find_releases { "projectId": "uuid" }</tool>
+<result>5 releases: v2.5.0 (2026-05-01), v2.4.3 (2026-04-15), ...</result>
+</example>
+</examples>
+`.trim();
+var findReleasesTool = defineTool({
+  name: "find_releases",
+  title: "Find Releases",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  skills: ["discover"],
+  requiredScopes: [SCOPE4.PROJECT_READ],
+  description: DESCRIPTION4,
+  inputSchema: z4.object({
+    projectId: z4.string().describe("UUID of the project"),
+    limit: z4.number().optional().describe("Max releases to return (default 20)")
+  }),
+  async handler(params, ctx) {
+    if (!params.projectId) throw new UserInputError("projectId is required");
+    const releases = await ctx.apiClient.listReleases(params.projectId, params.limit);
+    if (releases.length === 0) {
+      return { content: [{ type: "text", text: "No releases found for this project." }] };
+    }
+    const lines = releases.map(
+      (r) => `${r.version}${r.releasedAt ? ` \u2014 released ${r.releasedAt.slice(0, 10)}` : " (unreleased)"}`
+    );
+    return { content: [{ type: "text", text: `${releases.length} release(s):
+${lines.join("\n")}` }] };
+  }
+});
+
+// src/tools/triage/find-issues.ts
+import { z as z5 } from "zod";
+import { SCOPE as SCOPE5 } from "@koderlabs/tasks-sdk-types";
+
+// src/formatting/issue.ts
+function formatIssue(issue) {
+  const firstSeen = issue.firstSeen.slice(0, 10);
+  const lastSeen = issue.lastSeen.slice(0, 10);
+  return [
+    `Issue: ${issue.title}`,
+    `Culprit: ${issue.culprit}`,
+    `Status: ${issue.status} | Level: ${issue.level}`,
+    `Occurrences: ${issue.count.toLocaleString()}`,
+    `First seen: ${firstSeen} | Last seen: ${lastSeen}`,
+    `Project ID: ${issue.projectId}`
+  ].join("\n");
+}
+function formatIssueList(issues) {
+  const lines = issues.map(
+    (i) => `[${i.level.toUpperCase()}] ${i.title} \u2014 ${i.count} occurrences, last seen ${i.lastSeen.slice(0, 10)} (${i.status})`
+  );
+  return `${issues.length} issue(s) found:
+${lines.join("\n")}`;
+}
+
+// src/tools/triage/find-issues.ts
+var DESCRIPTION5 = `
+USE WHEN:
+- You need to search for SDK-captured error issues in a project (crashes,
+  exceptions, unhandled promise rejections captured by the InstantTasks SDK).
+- The user mentions "errors", "crashes", "exceptions", or "issues in prod".
+- You want to triage recent errors before diving into a specific ticket.
+
+DO NOT USE:
+- To search project management tickets \u2014 use find_tickets for those.
+- When you already have a specific issue ID \u2014 use get_issue_details instead.
+
+TRIGGER PATTERNS:
+- "show recent errors in <project>"
+- "what crashes happened in prod?"
+- "find issues with status unresolved"
+- "search for TypeError in <project>"
+
+DEPENDENCY:
+- Requires Phase C (Issues module) to be merged on the API. Returns a
+  "module not yet available" notice if the API returns 404.
+
+<examples>
+<example>
+<user>Show unresolved errors in the FE project.</user>
+<tool>find_issues { "projectId": "uuid", "filter": "status:unresolved" }</tool>
+<result>12 unresolved issues found: TypeError in App.tsx (last seen 2h ago), ...</result>
+</example>
+</examples>
+`.trim();
+var findIssuesTool = defineTool({
+  name: "find_issues",
+  title: "Find Issues",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  meta: { "anthropic/maxResultSizeChars": 3e5 },
+  skills: ["triage"],
+  requiredScopes: [SCOPE5.EVENT_READ],
+  description: DESCRIPTION5,
+  inputSchema: z5.object({
+    projectId: z5.string().describe("UUID of the project to search"),
+    filter: z5.string().optional().describe('Free-text or structured query, e.g. "status:unresolved TypeError"'),
+    limit: z5.number().optional().describe("Max issues to return (default 25)")
+  }),
+  async handler(params, ctx) {
+    if (!params.projectId) throw new UserInputError("projectId is required");
+    const issues = await ctx.apiClient.listIssues(params.projectId, params.filter, params.limit);
+    if (issues === null) {
+      return {
+        content: [{
+          type: "text",
+          text: "The Issues module is not yet available on this InstantTasks instance (Phase C dependency). Use find_tickets to search project management tickets instead."
+        }]
+      };
+    }
+    if (issues.length === 0) {
+      return { content: [{ type: "text", text: "No issues found matching your filter." }] };
+    }
+    return { content: [{ type: "text", text: formatIssueList(issues) }] };
+  }
+});
+
+// src/tools/triage/find-tickets.ts
+import { z as z6 } from "zod";
+import { SCOPE as SCOPE6 } from "@koderlabs/tasks-sdk-types";
+var DESCRIPTION6 = `
+USE WHEN:
+- You need to search InstantTasks project management tickets (tasks, bugs,
+  stories, epics) using natural language or IQL.
+- The user references tickets, tasks, bugs in a project management context
+  (not SDK-captured errors \u2014 use find_issues for those).
+- You want to list open tickets, tickets assigned to someone, or tickets
+  matching a text query.
+
+DO NOT USE:
+- To find SDK-captured errors or crashes \u2014 use find_issues for those.
+- When you already have a ticket key (e.g. FE-42) \u2014 use get_ticket_details.
+
+TRIGGER PATTERNS:
+- "find tickets assigned to <user>"
+- "show open bugs in <project>"
+- "list in-progress tickets"
+- "search for tickets about <topic>"
+- "what tickets are blocked?"
+- "IQL: <query>"
+
+IQL EXAMPLES:
+- project = FE AND status = "In Progress"
+- assignee = currentUser() AND priority in (High, Critical)
+- text ~ "payment" AND created > -7d ORDER BY priority DESC
+- sprint in openSprints() AND status != Done
+
+<examples>
+<example>
+<user>Show open high-priority bugs in the FE project.</user>
+<tool>find_tickets { "query": "project = FE AND status != Done AND priority = High", "limit": 10 }</tool>
+<result>8 tickets found: FE-142 - Login page crash (High, In Progress), ...</result>
+</example>
+</examples>
+`.trim();
+var findTicketsTool = defineTool({
+  name: "find_tickets",
+  title: "Find Tickets",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  meta: { "anthropic/maxResultSizeChars": 3e5 },
+  skills: ["triage"],
+  requiredScopes: [SCOPE6.TICKET_READ],
+  description: DESCRIPTION6,
+  inputSchema: z6.object({
+    query: z6.string().describe("IQL query string or natural language search"),
+    projectKey: z6.string().optional().describe('Project key to scope search (e.g. "FE")'),
+    limit: z6.number().optional().describe("Max tickets to return (default 25)")
+  }),
+  async handler(params, ctx) {
+    if (!params.query) throw new UserInputError("query is required");
+    const tickets = await ctx.apiClient.listTicketsByIQL(params.query, params.projectKey, params.limit);
+    if (tickets.length === 0) {
+      return { content: [{ type: "text", text: "No tickets found matching your query." }] };
+    }
+    return { content: [{ type: "text", text: formatTicketList(tickets) }] };
+  }
+});
+
+// src/tools/triage/get-issue-details.ts
+import { z as z7 } from "zod";
+import { SCOPE as SCOPE7 } from "@koderlabs/tasks-sdk-types";
+var DESCRIPTION7 = `
+USE WHEN:
+- You have an issue ID (from find_issues) and want full details: title,
+  culprit, occurrence count, first/last seen, status, level.
+- The user asks to investigate or describe a specific SDK-captured error.
+
+DO NOT USE:
+- When you need event-level detail (breadcrumbs, stack trace) \u2014 use
+  get_event_details for that.
+- For project management tickets \u2014 use get_ticket_details.
+
+TRIGGER PATTERNS:
+- "tell me about issue <id>"
+- "describe error <id>"
+- "show details for this crash"
+
+DEPENDENCY: Requires Phase C (Issues module) on the API.
+
+<examples>
+<example>
+<user>Show details for issue abc123.</user>
+<tool>get_issue_details { "issueId": "abc123" }</tool>
+<result>TypeError: Cannot read property 'x' of null | culprit: App.tsx | count: 42 | last seen: 2h ago</result>
+</example>
+</examples>
+`.trim();
+var getIssueDetailsTool = defineTool({
+  name: "get_issue_details",
+  title: "Get Issue Details",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  skills: ["triage"],
+  requiredScopes: [SCOPE7.EVENT_READ],
+  description: DESCRIPTION7,
+  inputSchema: z7.object({
+    issueId: z7.string().describe("Issue ID from find_issues output")
+  }),
+  async handler(params, ctx) {
+    if (!params.issueId) throw new UserInputError("issueId is required");
+    const issue = await ctx.apiClient.getIssue(params.issueId);
+    if (!issue) {
+      return {
+        content: [{
+          type: "text",
+          text: `Issue ${params.issueId} not found. Either the ID is incorrect or the Issues module (Phase C) is not yet deployed on this instance.`
+        }]
+      };
+    }
+    return { content: [{ type: "text", text: formatIssue(issue) }] };
+  }
+});
+
+// src/tools/triage/get-ticket-details.ts
+import { z as z8 } from "zod";
+import { SCOPE as SCOPE8 } from "@koderlabs/tasks-sdk-types";
+var DESCRIPTION8 = `
+USE WHEN:
+- You have a ticket key (e.g. "FE-42") and need its full details: title,
+  description, status, priority, assignee, custom fields, comments count.
+- The user references a specific ticket by key and asks what it contains.
+- You want to read the full description or custom fields of a ticket before
+  suggesting a fix.
+
+DO NOT USE:
+- To search for tickets \u2014 use find_tickets with an IQL query instead.
+- For SDK-captured error events \u2014 use get_event_details or get_bug_report.
+
+TRIGGER PATTERNS:
+- "what is FE-42?"
+- "show ticket <key>"
+- "describe <KEY> ticket"
+- "open ticket <key>"
+- "ticket details for <key>"
+
+<examples>
+<example>
+<user>What is ticket FE-142?</user>
+<tool>get_ticket_details { "ticketKey": "FE-142" }</tool>
+<result>FE-142 \u2014 Login page crashes on Safari | Status: In Progress | Priority: High | Assignee: jane@example.com</result>
+</example>
+</examples>
+`.trim();
+var getTicketDetailsTool = defineTool({
+  name: "get_ticket_details",
+  title: "Get Ticket Details",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  meta: { "anthropic/maxResultSizeChars": 2e5 },
+  skills: ["triage"],
+  requiredScopes: [SCOPE8.TICKET_READ],
+  description: DESCRIPTION8,
+  inputSchema: z8.object({
+    ticketKey: z8.string().describe('Ticket key in PROJECT-NUMBER format, e.g. "FE-42"')
+  }),
+  async handler(params, ctx) {
+    if (!params.ticketKey) throw new UserInputError("ticketKey is required");
+    const ticket = await ctx.apiClient.getTicketByKey(params.ticketKey);
+    if (!ticket) throw new ApiNotFoundError("Ticket", params.ticketKey);
+    return { content: [{ type: "text", text: formatTicket(ticket) }] };
+  }
+});
+
+// src/tools/triage/get-event-details.ts
+import { z as z9 } from "zod";
+import { SCOPE as SCOPE9 } from "@koderlabs/tasks-sdk-types";
+
+// src/formatting/event.ts
+function formatEvent(event) {
+  const lines = [
+    `Event: ${event.id}`,
+    `Message: ${event.message}`,
+    `Level: ${event.level} | Timestamp: ${event.timestamp}`
+  ];
+  if (Object.keys(event.tags ?? {}).length) {
+    lines.push("Tags: " + Object.entries(event.tags).map(([k, v]) => `${k}=${v}`).join(", "));
+  }
+  if (event.request) {
+    const req = event.request;
+    lines.push(`Request: ${req.method ?? "?"} ${req.url ?? "?"}`);
+  }
+  if (event.breadcrumbs?.length) {
+    lines.push("", `Breadcrumbs (${event.breadcrumbs.length} entries):`);
+    lines.push(formatBreadcrumbs(event.breadcrumbs.slice(-10)));
+    if (event.breadcrumbs.length > 10) {
+      lines.push(`[${event.breadcrumbs.length - 10} earlier entries omitted]`);
+    }
+  }
+  if (Object.keys(event.extra ?? {}).length) {
+    lines.push("", "Extra context:", JSON.stringify(event.extra, null, 2).slice(0, 500));
+  }
+  return lines.join("\n");
+}
+function formatBreadcrumbs(breadcrumbs) {
+  return breadcrumbs.map((b) => {
+    const ts = b.timestamp ? b.timestamp.slice(11, 19) : "?";
+    const data = Object.keys(b.data ?? {}).length ? ` | ${JSON.stringify(b.data)}` : "";
+    return `${ts} [${b.category}] ${b.message}${data}`;
+  }).join("\n");
+}
+function bufferToBase64(buffer) {
+  const bytes = new Uint8Array(buffer);
+  let binary = "";
+  for (let i = 0; i < bytes.byteLength; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  return btoa(binary);
+}
+
+// src/tools/triage/get-event-details.ts
+var DESCRIPTION9 = `
+USE WHEN:
+- You have an event ID and want the complete event payload: message, level,
+  timestamp, breadcrumbs, tags, extra context, request info.
+- The user asks to investigate a specific occurrence of an error.
+- You want breadcrumbs or stack details to understand *what the user did*
+  before the crash happened.
+
+DO NOT USE:
+- To get issue-level aggregate data \u2014 use get_issue_details for that.
+- For widget bug screenshots \u2014 use get_bug_screenshot.
+- For project tickets \u2014 use get_ticket_details.
+
+TRIGGER PATTERNS:
+- "show event <id>"
+- "what happened in this occurrence?"
+- "get breadcrumbs for event <id>"
+- "what was the request when this error happened?"
+
+DEPENDENCY: Requires Phase C (Issues + Events module) on the API.
+
+<examples>
+<example>
+<user>Show me event details for event xyz789.</user>
+<tool>get_event_details { "eventId": "xyz789" }</tool>
+<result>Event xyz789 | TypeError: null pointer | Breadcrumbs: 5 entries | Tags: browser=Chrome, os=macOS</result>
+</example>
+</examples>
+`.trim();
+var getEventDetailsTool = defineTool({
+  name: "get_event_details",
+  title: "Get Event Details",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  skills: ["triage"],
+  requiredScopes: [SCOPE9.EVENT_READ],
+  description: DESCRIPTION9,
+  inputSchema: z9.object({
+    eventId: z9.string().describe("SDK event ID")
+  }),
+  async handler(params, ctx) {
+    if (!params.eventId) throw new UserInputError("eventId is required");
+    const event = await ctx.apiClient.getEvent(params.eventId);
+    if (!event) {
+      return {
+        content: [{
+          type: "text",
+          text: `Event ${params.eventId} not found. Either the ID is incorrect or the Events module (Phase C) is not yet deployed.`
+        }]
+      };
+    }
+    return { content: [{ type: "text", text: formatEvent(event) }] };
+  }
+});
+
+// src/tools/triage/get-event-attachment.ts
+import { z as z10 } from "zod";
+import { SCOPE as SCOPE10 } from "@koderlabs/tasks-sdk-types";
+var DESCRIPTION10 = `
+USE WHEN:
+- You need a binary file attached to an SDK event (minidump, state snapshot,
+  custom attachment uploaded by the SDK).
+- You want to read or display a crash attachment in the agent's context.
+
+DO NOT USE:
+- For widget bug screenshots \u2014 use get_bug_screenshot instead (it handles
+  the ticket \u2192 event \u2192 attachment chain automatically).
+- When you just need event metadata \u2014 use get_event_details.
+
+TRIGGER PATTERNS:
+- "download attachment <id> from event <id>"
+- "get the minidump for event <id>"
+- "show the state snapshot attached to crash <id>"
+
+DEPENDENCY: Requires Phase C (Events module) on the API.
+
+<examples>
+<example>
+<user>Get attachment abc from event xyz.</user>
+<tool>get_event_attachment { "eventId": "xyz", "attachmentId": "abc" }</tool>
+<result>{ mimeType: 'application/octet-stream', dataBase64: '...' }</result>
+</example>
+</examples>
+`.trim();
+var getEventAttachmentTool = defineTool({
+  name: "get_event_attachment",
+  title: "Get Event Attachment",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  skills: ["triage"],
+  requiredScopes: [SCOPE10.EVENT_READ],
+  description: DESCRIPTION10,
+  inputSchema: z10.object({
+    eventId: z10.string().describe("SDK event ID"),
+    attachmentId: z10.string().describe("Attachment ID from the event details")
+  }),
+  async handler(params, ctx) {
+    if (!params.eventId) throw new UserInputError("eventId is required");
+    if (!params.attachmentId) throw new UserInputError("attachmentId is required");
+    const result = await ctx.apiClient.getEventAttachment(params.eventId, params.attachmentId);
+    if (!result) {
+      throw new ApiNotFoundError("Event attachment", `${params.eventId}/${params.attachmentId}`);
+    }
+    const isImage = result.mimeType.startsWith("image/");
+    if (isImage) {
+      return {
+        content: [{
+          type: "image",
+          data: bufferToBase64(result.buffer),
+          mimeType: result.mimeType
+        }]
+      };
+    }
+    return {
+      content: [{
+        type: "text",
+        text: JSON.stringify({
+          mimeType: result.mimeType,
+          dataBase64: bufferToBase64(result.buffer),
+          sizeBytes: result.buffer.byteLength
+        })
+      }]
+    };
+  }
+});
+
+// src/tools/widget-bug/get-bug-report.ts
+import { z as z11 } from "zod";
+import { SCOPE as SCOPE11 } from "@koderlabs/tasks-sdk-types";
+var DESCRIPTION11 = `
+USE WHEN:
+- A user submits a bug via the InstantTasks widget and you want to see the
+  full report: title, description, URL, browser info, and all attached data.
+- You have a ticket key (e.g. "FE-42") and want a summary of the bug report
+  including what the user was doing when they hit the bug.
+- Before calling get_bug_screenshot, get_bug_console_logs, or other
+  widget_bug tools \u2014 call this first to confirm the ticket exists and
+  understand what data is available.
+
+DO NOT USE:
+- For non-widget tickets (tasks, stories, epics) \u2014 use get_ticket_details
+  instead (it returns the same data, but without bug-report context).
+- When you need the screenshot image specifically \u2014 use get_bug_screenshot
+  which returns image bytes.
+
+TRIGGER PATTERNS:
+- "show bug report for <ticket key>"
+- "what did the user report in FE-42?"
+- "open bug <key>"
+- "what happened in ticket <key>?"
+- "user submitted bug <key>, what does it say?"
+
+<examples>
+<example>
+<user>Show the bug report for FE-99.</user>
+<tool>get_bug_report { "ticketKey": "FE-99" }</tool>
+<result>FE-99: "Checkout button doesn't work" | URL: /checkout | Browser: Chrome 124 | OS: Windows 11 | Screenshot available: yes</result>
+</example>
+</examples>
+`.trim();
+var getBugReportTool = defineTool({
+  name: "get_bug_report",
+  title: "Get Bug Report",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  skills: ["widget_bug"],
+  requiredScopes: [SCOPE11.TICKET_READ],
+  description: DESCRIPTION11,
+  inputSchema: z11.object({
+    ticketKey: z11.string().describe('Ticket key in PROJECT-NUMBER format, e.g. "FE-42"')
+  }),
+  async handler(params, ctx) {
+    if (!params.ticketKey) throw new UserInputError("ticketKey is required");
+    const ticket = await ctx.apiClient.getBugReport(params.ticketKey);
+    if (!ticket) throw new ApiNotFoundError("Bug report ticket", params.ticketKey);
+    const hasScreenshot = !!ticket.customFields?.screenshotAttachmentId;
+    const hasAnnotations = !!ticket.customFields?.annotationsAttachmentId;
+    const hasSdkEvent = !!ticket.customFields?.sdkEventId;
+    const sections = [
+      formatTicket(ticket),
+      "",
+      "\u2500\u2500 Attached data \u2500\u2500",
+      `Screenshot: ${hasScreenshot ? "yes (call get_bug_screenshot to fetch image)" : "none"}`,
+      `Annotations: ${hasAnnotations ? "yes (call get_bug_annotations)" : "none"}`,
+      `SDK event data: ${hasSdkEvent ? "yes (console logs, network requests, breadcrumbs available)" : "none"}`
+    ];
+    return { content: [{ type: "text", text: sections.join("\n") }] };
+  }
+});
+
+// src/tools/widget-bug/get-bug-screenshot.ts
+import { z as z12 } from "zod";
+import { SCOPE as SCOPE12 } from "@koderlabs/tasks-sdk-types";
+var DESCRIPTION12 = `
+USE WHEN:
+- You want to see the screenshot the user captured when they submitted a bug
+  report via the InstantTasks widget.
+- The screenshot will help you understand what was on screen when the bug
+  was reported (UI state, error messages, visual glitches).
+- You need visual evidence before suggesting a fix or asking for more info.
+
+DO NOT USE:
+- If the model context does not support images \u2014 use get_bug_report for a
+  text summary instead.
+- When you haven't confirmed a screenshot exists \u2014 call get_bug_report first
+  to check if screenshotAttachmentId is present.
+- For event attachments not linked to widget bugs \u2014 use get_event_attachment.
+
+TRIGGER PATTERNS:
+- "show screenshot for <ticket key>"
+- "what did the screen look like when they reported <key>?"
+- "get the screenshot from FE-42"
+- "show me the bug screenshot"
+
+RETURN FORMAT:
+Returns an MCP image content block: { type: 'image', mimeType: 'image/png', data: '<base64>' }.
+The model renders this inline. If no screenshot is attached, returns a text explanation.
+
+<examples>
+<example>
+<user>Show me the screenshot from FE-99.</user>
+<tool>get_bug_screenshot { "ticketKey": "FE-99" }</tool>
+<result>[image/png inline \u2014 1920x1080 screenshot of checkout page with error toast visible]</result>
+</example>
+</examples>
+`.trim();
+var getBugScreenshotTool = defineTool({
+  name: "get_bug_screenshot",
+  title: "Get Bug Screenshot",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  skills: ["widget_bug"],
+  requiredScopes: [SCOPE12.TICKET_READ],
+  description: DESCRIPTION12,
+  inputSchema: z12.object({
+    ticketKey: z12.string().describe('Ticket key in PROJECT-NUMBER format, e.g. "FE-42"')
+  }),
+  async handler(params, ctx) {
+    if (!params.ticketKey) throw new UserInputError("ticketKey is required");
+    const result = await ctx.apiClient.getBugScreenshot(params.ticketKey);
+    if (!result) {
+      return {
+        content: [{
+          type: "text",
+          text: `No screenshot found for ticket ${params.ticketKey}. Either the ticket does not exist, was not submitted via the widget, or no screenshot was captured. Call get_bug_report to check what data is available.`
+        }]
+      };
+    }
+    return {
+      content: [{
+        type: "image",
+        data: bufferToBase64(result.buffer),
+        mimeType: result.mimeType
+      }]
+    };
+  }
+});
+
+// src/tools/widget-bug/get-bug-annotations.ts
+import { z as z13 } from "zod";
+import { SCOPE as SCOPE13 } from "@koderlabs/tasks-sdk-types";
+var DESCRIPTION13 = `
+USE WHEN:
+- The bug reporter drew on the screenshot to highlight a UI element, and you
+  want to understand what they were pointing at.
+- You need to know which part of the screen the user considered important.
+
+DO NOT USE:
+- As a substitute for get_bug_screenshot \u2014 annotations are overlay commands,
+  not a rendered image. Use get_bug_screenshot for the visual.
+
+TRIGGER PATTERNS:
+- "what did the user highlight in the screenshot?"
+- "show annotations for <ticket key>"
+- "what was the user pointing at?"
+
+<examples>
+<example>
+<user>What did the user highlight in FE-99's screenshot?</user>
+<tool>get_bug_annotations { "ticketKey": "FE-99" }</tool>
+<result>[{ type: "highlight", x: 120, y: 340, width: 200, height: 40, comment: "this button is broken" }]</result>
+</example>
+</examples>
+`.trim();
+var getBugAnnotationsTool = defineTool({
+  name: "get_bug_annotations",
+  title: "Get Bug Annotations",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  skills: ["widget_bug"],
+  requiredScopes: [SCOPE13.TICKET_READ],
+  description: DESCRIPTION13,
+  inputSchema: z13.object({
+    ticketKey: z13.string().describe('Ticket key in PROJECT-NUMBER format, e.g. "FE-42"')
+  }),
+  async handler(params, ctx) {
+    if (!params.ticketKey) throw new UserInputError("ticketKey is required");
+    const annotations = await ctx.apiClient.getBugAnnotations(params.ticketKey);
+    if (annotations === null) {
+      return {
+        content: [{
+          type: "text",
+          text: `No annotations found for ticket ${params.ticketKey}. The reporter may not have drawn on the screenshot, or the ticket was not submitted via the widget.`
+        }]
+      };
+    }
+    return {
+      content: [{
+        type: "text",
+        text: typeof annotations === "string" ? annotations : JSON.stringify(annotations, null, 2)
+      }]
+    };
+  }
+});
+
+// src/tools/widget-bug/get-bug-console-logs.ts
+import { z as z14 } from "zod";
+import { SCOPE as SCOPE14 } from "@koderlabs/tasks-sdk-types";
+var DESCRIPTION14 = `
+USE WHEN:
+- You need to see what JavaScript console output (console.log, console.error,
+  console.warn) was present in the browser when the user submitted the bug.
+- Useful for spotting JS errors, API response logging, or debug output that
+  reveals the root cause.
+
+DO NOT USE:
+- For server-side logs \u2014 console logs here are browser-side only.
+- When the ticket was not submitted via the InstantTasks widget \u2014 the data
+  won't be available.
+
+TRIGGER PATTERNS:
+- "show console logs for <ticket key>"
+- "what errors appeared in the console when <key> happened?"
+- "console output for bug <key>"
+
+<examples>
+<example>
+<user>Show console logs for FE-99.</user>
+<tool>get_bug_console_logs { "ticketKey": "FE-99" }</tool>
+<result>[ERROR] TypeError: Cannot read properties of null | [WARN] Slow API response 3200ms | [LOG] user clicked checkout</result>
+</example>
+</examples>
+`.trim();
+var getBugConsoleLogsTool = defineTool({
+  name: "get_bug_console_logs",
+  title: "Get Bug Console Logs",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  meta: { "anthropic/maxResultSizeChars": 3e5 },
+  skills: ["widget_bug"],
+  requiredScopes: [SCOPE14.TICKET_READ],
+  description: DESCRIPTION14,
+  inputSchema: z14.object({
+    ticketKey: z14.string().describe('Ticket key in PROJECT-NUMBER format, e.g. "FE-42"'),
+    level: z14.enum(["error", "warn", "log", "info", "debug"]).optional().describe("Filter by log level"),
+    limit: z14.number().optional().describe("Max entries to return (default: all)")
+  }),
+  async handler(params, ctx) {
+    if (!params.ticketKey) throw new UserInputError("ticketKey is required");
+    const logs = await ctx.apiClient.getBugConsoleLogs(params.ticketKey);
+    if (logs === null) {
+      return {
+        content: [{
+          type: "text",
+          text: `No console logs found for ticket ${params.ticketKey}. The ticket may not have been submitted via the widget, or console recording was disabled.`
+        }]
+      };
+    }
+    let filtered = logs;
+    if (params.level) {
+      filtered = filtered.filter((l) => l.level === params.level);
+    }
+    if (params.limit) {
+      filtered = filtered.slice(0, params.limit);
+    }
+    if (filtered.length === 0) {
+      return { content: [{ type: "text", text: "No console log entries match the filter." }] };
+    }
+    const lines = filtered.map((l) => {
+      const ts = l.timestamp ? `[${l.timestamp}] ` : "";
+      const lvl = l.level ? `[${l.level.toUpperCase()}] ` : "";
+      return `${ts}${lvl}${l.message ?? JSON.stringify(l)}`;
+    });
+    return { content: [{ type: "text", text: lines.join("\n") }] };
+  }
+});
+
+// src/tools/widget-bug/get-bug-network-requests.ts
+import { z as z15 } from "zod";
+import { SCOPE as SCOPE15 } from "@koderlabs/tasks-sdk-types";
+var DESCRIPTION15 = `
+USE WHEN:
+- You need to inspect what API calls the browser made before or during the bug.
+- Useful for spotting failed API calls (4xx/5xx), slow responses, or missing
+  requests that explain the bug.
+
+DO NOT USE:
+- When you need server-side request logs \u2014 this is browser-side only.
+- For tickets not submitted via the InstantTasks widget.
+
+TRIGGER PATTERNS:
+- "what API calls were made before bug <key>?"
+- "show network requests for <ticket key>"
+- "did any request fail when <key> occurred?"
+- "show 4xx requests in <key>"
+
+<examples>
+<example>
+<user>Show network requests for FE-99, filtering for failed ones.</user>
+<tool>get_bug_network_requests { "ticketKey": "FE-99", "statusFilter": "4xx" }</tool>
+<result>3 failed requests: POST /api/checkout \u2192 422 (150ms), GET /api/cart \u2192 401 (89ms), ...</result>
+</example>
+</examples>
+`.trim();
+var getBugNetworkRequestsTool = defineTool({
+  name: "get_bug_network_requests",
+  title: "Get Bug Network Requests",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  meta: { "anthropic/maxResultSizeChars": 3e5 },
+  skills: ["widget_bug"],
+  requiredScopes: [SCOPE15.TICKET_READ],
+  description: DESCRIPTION15,
+  inputSchema: z15.object({
+    ticketKey: z15.string().describe('Ticket key in PROJECT-NUMBER format, e.g. "FE-42"'),
+    statusFilter: z15.string().optional().describe('Filter by status range: "4xx", "5xx", "2xx", or exact code like "404"'),
+    limit: z15.number().optional().describe("Max entries to return (default: all)")
+  }),
+  async handler(params, ctx) {
+    if (!params.ticketKey) throw new UserInputError("ticketKey is required");
+    const requests = await ctx.apiClient.getBugNetworkRequests(params.ticketKey);
+    if (requests === null) {
+      return {
+        content: [{
+          type: "text",
+          text: `No network requests found for ticket ${params.ticketKey}. The ticket may not have been submitted via the widget, or network recording was disabled.`
+        }]
+      };
+    }
+    let filtered = requests;
+    if (params.statusFilter) {
+      const sf = params.statusFilter;
+      if (sf === "4xx") filtered = filtered.filter((r) => (r.status ?? 0) >= 400 && (r.status ?? 0) < 500);
+      else if (sf === "5xx") filtered = filtered.filter((r) => (r.status ?? 0) >= 500);
+      else if (sf === "2xx") filtered = filtered.filter((r) => (r.status ?? 0) >= 200 && (r.status ?? 0) < 300);
+      else {
+        const code = parseInt(sf, 10);
+        if (!isNaN(code)) filtered = filtered.filter((r) => r.status === code);
+      }
+    }
+    if (params.limit) filtered = filtered.slice(0, params.limit);
+    if (filtered.length === 0) {
+      return { content: [{ type: "text", text: "No network requests match the filter." }] };
+    }
+    const lines = filtered.map((r) => {
+      const status = r.status ?? "?";
+      const duration = r.duration != null ? `${r.duration}ms` : "?ms";
+      const size = r.responseSize != null ? ` ${Math.round(r.responseSize / 1024)}KB` : "";
+      return `${r.method ?? "GET"} ${r.url ?? "?"} \u2192 ${status} (${duration}${size})`;
+    });
+    return { content: [{ type: "text", text: `${filtered.length} request(s):
+${lines.join("\n")}` }] };
+  }
+});
+
+// src/tools/widget-bug/get-bug-metadata.ts
+import { z as z16 } from "zod";
+import { SCOPE as SCOPE16 } from "@koderlabs/tasks-sdk-types";
+var DESCRIPTION16 = `
+USE WHEN:
+- You want to know the developer-supplied context attached to a bug report:
+  userId, plan tier, feature flags, environment, custom attributes.
+- Host apps use widget.setCustomData() to inject structured context \u2014 this
+  tool returns whatever was set.
+
+DO NOT USE:
+- For console logs \u2014 use get_bug_console_logs.
+- For breadcrumbs (user actions) \u2014 use get_bug_breadcrumbs.
+- For browser/OS info \u2014 use get_bug_report which includes that in the summary.
+
+TRIGGER PATTERNS:
+- "what user submitted bug <key>?"
+- "show metadata for <ticket key>"
+- "what plan was the user on when they hit <key>?"
+- "custom data for bug <key>"
+
+<examples>
+<example>
+<user>What user submitted FE-99?</user>
+<tool>get_bug_metadata { "ticketKey": "FE-99" }</tool>
+<result>userId: u_12345 | email: alice@example.com | plan: enterprise | featureFlag.newCheckout: true</result>
+</example>
+</examples>
+`.trim();
+var getBugMetadataTool = defineTool({
+  name: "get_bug_metadata",
+  title: "Get Bug Metadata",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  skills: ["widget_bug"],
+  requiredScopes: [SCOPE16.TICKET_READ],
+  description: DESCRIPTION16,
+  inputSchema: z16.object({
+    ticketKey: z16.string().describe('Ticket key in PROJECT-NUMBER format, e.g. "FE-42"')
+  }),
+  async handler(params, ctx) {
+    if (!params.ticketKey) throw new UserInputError("ticketKey is required");
+    const metadata = await ctx.apiClient.getBugMetadata(params.ticketKey);
+    if (metadata === null) {
+      return {
+        content: [{
+          type: "text",
+          text: `No developer metadata found for ticket ${params.ticketKey}. The host app may not have called setCustomData(), or the ticket was not submitted via the widget.`
+        }]
+      };
+    }
+    const lines = Object.entries(metadata).map(([k, v]) => `${k}: ${JSON.stringify(v)}`);
+    return { content: [{ type: "text", text: lines.join("\n") || "Metadata object is empty." }] };
+  }
+});
+
+// src/tools/widget-bug/get-bug-breadcrumbs.ts
+import { z as z17 } from "zod";
+import { SCOPE as SCOPE17 } from "@koderlabs/tasks-sdk-types";
+var DESCRIPTION17 = `
+USE WHEN:
+- You want to reconstruct what the user was doing before they submitted the
+  bug \u2014 which pages they visited, what they clicked, what API calls fired.
+- You need to understand the reproduction steps for a bug report.
+- The breadcrumb trail often contains the smoking gun that explains WHY the
+  bug happened.
+
+DO NOT USE:
+- For console output (console.log) \u2014 use get_bug_console_logs.
+- For network request details \u2014 use get_bug_network_requests.
+
+TRIGGER PATTERNS:
+- "what was the user doing before bug <key>?"
+- "show breadcrumbs for <ticket key>"
+- "user journey for bug <key>"
+- "how did the user get to the error in <key>?"
+- "reproduce steps for <key>"
+
+<examples>
+<example>
+<user>What was the user doing before submitting FE-99?</user>
+<tool>get_bug_breadcrumbs { "ticketKey": "FE-99" }</tool>
+<result>
+14:23:01 [navigation] Navigated to /checkout
+14:23:05 [click] Clicked "Place Order" button
+14:23:05 [xhr] POST /api/orders \u2192 pending
+14:23:08 [error] Unhandled rejection: Network timeout
+</result>
+</example>
+</examples>
+`.trim();
+var getBugBreadcrumbsTool = defineTool({
+  name: "get_bug_breadcrumbs",
+  title: "Get Bug Breadcrumbs",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  meta: { "anthropic/maxResultSizeChars": 2e5 },
+  skills: ["widget_bug"],
+  requiredScopes: [SCOPE17.TICKET_READ],
+  description: DESCRIPTION17,
+  inputSchema: z17.object({
+    ticketKey: z17.string().describe('Ticket key in PROJECT-NUMBER format, e.g. "FE-42"'),
+    limit: z17.number().optional().describe("Max breadcrumbs to return, from most recent (default: all)")
+  }),
+  async handler(params, ctx) {
+    if (!params.ticketKey) throw new UserInputError("ticketKey is required");
+    const breadcrumbs = await ctx.apiClient.getBugBreadcrumbs(params.ticketKey);
+    if (breadcrumbs === null) {
+      return {
+        content: [{
+          type: "text",
+          text: `No breadcrumbs found for ticket ${params.ticketKey}. The ticket may not have been submitted via the widget, or breadcrumb recording was disabled.`
+        }]
+      };
+    }
+    let crumbs = breadcrumbs;
+    if (params.limit) crumbs = crumbs.slice(-params.limit);
+    if (crumbs.length === 0) {
+      return { content: [{ type: "text", text: "No breadcrumbs recorded." }] };
+    }
+    return { content: [{ type: "text", text: formatBreadcrumbs(crumbs) }] };
+  }
+});
+
+// src/tools/tickets/create-ticket.ts
+import { z as z18 } from "zod";
+
+// src/auth/scopes.ts
+var ScopeSet = class {
+  set;
+  constructor(scopes) {
+    this.set = new Set(scopes);
+  }
+  has(scope) {
+    return this.set.has(scope);
+  }
+  hasAll(scopes) {
+    return scopes.every((s) => this.set.has(s));
+  }
+  toArray() {
+    return [...this.set];
+  }
+};
+function assertScope(scopes, required) {
+  if (!scopes.has(required)) {
+    throw new ScopeError(required);
+  }
+}
+
+// src/tools/tickets/create-ticket.ts
+import { SCOPE as SCOPE18 } from "@koderlabs/tasks-sdk-types";
+
+// src/middleware/audit.ts
+var REDACTED_KEYS = /* @__PURE__ */ new Set([
+  "password",
+  "token",
+  "secret",
+  "apiKey",
+  "api_key",
+  "accessToken",
+  "access_token",
+  "refreshToken",
+  "refresh_token",
+  "privateKey",
+  "private_key",
+  "clientSecret",
+  "client_secret",
+  "authorization"
+]);
+var REDACTED_SENTINEL = "[REDACTED]";
+var SECRET_PATTERNS = [
+  /sk_(?:live|test)_[A-Za-z0-9_-]+/g,
+  /Bearer\s+[A-Za-z0-9._\-+/=]+/gi,
+  /eyJ[A-Za-z0-9._-]{20,}/g
+  // JWT-like
+];
+function redactString(text) {
+  let out = text;
+  for (const re of SECRET_PATTERNS) {
+    out = out.replace(re, REDACTED_SENTINEL);
+  }
+  return out;
+}
+function redactArgs(value, depth = 0) {
+  if (depth > 10) return "[DEEP]";
+  if (value === null || value === void 0) return value;
+  if (typeof value === "string") return redactString(value);
+  if (Array.isArray(value)) return value.map((v) => redactArgs(v, depth + 1));
+  if (typeof value === "object") {
+    const out = {};
+    for (const [k, v] of Object.entries(value)) {
+      out[k] = REDACTED_KEYS.has(k) ? REDACTED_SENTINEL : redactArgs(v, depth + 1);
+    }
+    return out;
+  }
+  return value;
+}
+function redactResultContent(content) {
+  return content.map((c) => {
+    if (c.type === "text") {
+      return { type: "text", text: redactString(c.text).slice(0, 1e3) };
+    }
+    return { type: "image", data: REDACTED_SENTINEL, mimeType: c.mimeType };
+  });
+}
+function withAudit(toolName, handler) {
+  return async (params, ctx) => {
+    const redacted = redactArgs(params);
+    let result;
+    try {
+      result = await handler(params, ctx);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      void ctx.auditClient.shipAuditRecord({
+        toolName,
+        args: redacted,
+        result: { error: redactString(message) },
+        success: false
+      });
+      throw err;
+    }
+    void ctx.apiClient.shipAuditRecord({
+      toolName,
+      args: redacted,
+      result: { content: redactResultContent(result.content) },
+      success: !result.isError
+    });
+    return result;
+  };
+}
+
+// src/tools/tickets/create-ticket.ts
+var DESCRIPTION18 = `
+USE WHEN:
+- An agent has diagnosed a bug and needs to file a ticket.
+- The user asks to create a new task, bug report, or story.
+- A monitoring alert should become an actionable ticket.
+DO NOT USE to update an existing ticket \u2014 use update_ticket.
+REQUIRED SCOPE: ticket:write
+`.trim();
+var createTicketTool = defineTool({
+  name: "create_ticket",
+  title: "Create Ticket",
+  annotations: { destructiveHint: false, idempotentHint: false, openWorldHint: true },
+  skills: ["tickets"],
+  requiredScopes: [SCOPE18.TICKET_WRITE],
+  description: DESCRIPTION18,
+  inputSchema: z18.object({
+    project: z18.string().describe('Project UUID or key (e.g. "FE")'),
+    title: z18.string().describe("Ticket title / summary"),
+    description: z18.string().optional().describe("Ticket description (markdown)"),
+    issueType: z18.string().optional().describe("bug | story | task | subtask | epic"),
+    priority: z18.string().optional().describe("Highest | High | Medium | Low | Lowest"),
+    assigneeId: z18.string().optional().describe("Assignee user ID (UUID)"),
+    sprintId: z18.string().optional().describe("Sprint UUID"),
+    labels: z18.array(z18.string()).optional(),
+    customFields: z18.record(z18.unknown()).optional()
+  }),
+  handler: withAudit("create_ticket", async (params, ctx) => {
+    assertScope(ctx.scopes, SCOPE18.TICKET_WRITE);
+    if (!params.project) throw new UserInputError("project is required");
+    if (!params.title?.trim()) throw new UserInputError("title is required");
+    const body = { title: params.title };
+    if (params.description !== void 0) body.description = params.description;
+    if (params.issueType !== void 0) body.issueType = params.issueType;
+    if (params.priority !== void 0) body.priority = params.priority;
+    if (params.assigneeId !== void 0) body.assigneeId = params.assigneeId;
+    if (params.sprintId !== void 0) body.sprintId = params.sprintId;
+    if (params.labels !== void 0) body.labels = params.labels;
+    if (params.customFields !== void 0) body.customFields = params.customFields;
+    const ticket = await ctx.apiClient.createTicket(params.project, body);
+    return {
+      content: [{
+        type: "text",
+        text: `Ticket **${ticket.key}** created: ${ticket.title}
+Status: ${ticket.status} | Priority: ${ticket.priority}`
+      }],
+      _meta: {
+        "instanttasks/ticketId": ticket.id,
+        "instanttasks/ticketKey": ticket.key
+      }
+    };
+  })
+});
+
+// src/tools/tickets/update-ticket.ts
+import { z as z19 } from "zod";
+import { SCOPE as SCOPE19 } from "@koderlabs/tasks-sdk-types";
+var updateTicketTool = defineTool({
+  name: "update_ticket",
+  title: "Update Ticket",
+  annotations: { destructiveHint: false, idempotentHint: true, openWorldHint: true },
+  skills: ["tickets"],
+  requiredScopes: [SCOPE19.TICKET_WRITE],
+  description: "Update fields (title, description, priority, assignee, sprint, labels, customFields) on an existing ticket. For status changes use transition_ticket. REQUIRED SCOPE: ticket:write",
+  inputSchema: z19.object({
+    ticket: z19.string().describe('Ticket UUID or key (e.g. "FE-42")'),
+    title: z19.string().optional(),
+    description: z19.string().optional().describe("Markdown. Empty string clears it."),
+    priority: z19.string().optional().describe("Highest | High | Medium | Low | Lowest"),
+    assigneeId: z19.string().nullable().optional().describe("User UUID or null to unassign"),
+    sprintId: z19.string().nullable().optional().describe("Sprint UUID or null"),
+    labels: z19.array(z19.string()).optional(),
+    customFields: z19.record(z19.unknown()).optional()
+  }),
+  handler: withAudit("update_ticket", async (params, ctx) => {
+    assertScope(ctx.scopes, SCOPE19.TICKET_WRITE);
+    if (!params.ticket) throw new UserInputError("ticket is required");
+    const { ticket, ...fields } = params;
+    const definedFields = Object.fromEntries(Object.entries(fields).filter(([, v]) => v !== void 0));
+    if (Object.keys(definedFields).length === 0) throw new UserInputError("At least one field must be provided");
+    const updated = await ctx.apiClient.updateTicket(ticket, definedFields);
+    return {
+      content: [{ type: "text", text: `Ticket **${updated.key}** updated. Changed: ${Object.keys(definedFields).join(", ")}` }],
+      _meta: {
+        "instanttasks/ticketId": updated.id,
+        "instanttasks/ticketKey": updated.key
+      }
+    };
+  })
+});
+
+// src/tools/tickets/transition-ticket.ts
+import { z as z20 } from "zod";
+import { SCOPE as SCOPE20 } from "@koderlabs/tasks-sdk-types";
+var TERMINAL_CATEGORIES = /* @__PURE__ */ new Set(["DONE", "done", "Done", "CLOSED", "closed", "Closed"]);
+var transitionTicketTool = defineTool({
+  name: "transition_ticket",
+  title: "Transition Ticket Status",
+  annotations: { destructiveHint: false, idempotentHint: false, openWorldHint: true },
+  skills: ["tickets"],
+  requiredScopes: [SCOPE20.TICKET_WRITE],
+  description: `Move a ticket to a new workflow status (e.g. "In Progress", "Done"). Workflow rules enforced server-side.
+HUMAN-IN-LOOP GUARD: When project.mcpConfig.requireAcknowledgeOnTerminal=true, transitioning to Done/Closed requires acknowledged:true.
+If you get an acknowledgement error, re-call with acknowledged:true after confirming with the user.
+REQUIRED SCOPE: ticket:write`,
+  inputSchema: z20.object({
+    ticket: z20.string().describe('Ticket UUID or key (e.g. "FE-42")'),
+    targetStatus: z20.string().describe('Target status name or ID (e.g. "In Progress", "Done")'),
+    acknowledged: z20.boolean().optional().describe("Set true to confirm terminal-status transition when project requires it"),
+    comment: z20.string().optional().describe("Optional comment to attach with the transition")
+  }),
+  handler: withAudit("transition_ticket", async (params, ctx) => {
+    assertScope(ctx.scopes, SCOPE20.TICKET_WRITE);
+    if (!params.ticket) throw new UserInputError("ticket is required");
+    if (!params.targetStatus) throw new UserInputError("targetStatus is required");
+    const transitions = await ctx.apiClient.getTicketTransitions(params.ticket);
+    const matched = transitions.find((t) => t.name === params.targetStatus || t.id === params.targetStatus);
+    const isTerminal = matched ? TERMINAL_CATEGORIES.has(matched.toStatusCategory ?? "") : false;
+    const ticket = await ctx.apiClient.getTicketByKey(params.ticket);
+    if (!ticket) throw new UserInputError(`Ticket not found: ${params.ticket}`);
+    const projectData = ticket.project;
+    const mcpConfig = projectData?.["mcpConfig"] ?? {};
+    const requireAck = mcpConfig["requireAcknowledgeOnTerminal"] === true;
+    if (isTerminal && requireAck && params.acknowledged !== true) {
+      return {
+        isError: true,
+        content: [{
+          type: "text",
+          text: `transition_ticket: "${params.targetStatus}" is a terminal (Done/Closed) status and this project requires explicit acknowledgement. Re-call with acknowledged:true to confirm.`
+        }]
+      };
+    }
+    const body = { targetStatus: params.targetStatus };
+    if (params.comment) body.comment = params.comment;
+    if (params.acknowledged !== void 0) body.acknowledged = params.acknowledged;
+    const updated = await ctx.apiClient.transitionTicket(params.ticket, body);
+    return {
+      content: [{ type: "text", text: `Ticket **${updated.key}** transitioned to **${updated.status}**.` }],
+      _meta: {
+        "instanttasks/ticketId": updated.id,
+        "instanttasks/ticketKey": updated.key,
+        "instanttasks/newStatus": updated.status
+      }
+    };
+  })
+});
+
+// src/tools/tickets/add-comment.ts
+import { z as z21 } from "zod";
+import { SCOPE as SCOPE21 } from "@koderlabs/tasks-sdk-types";
+var addCommentTool = defineTool({
+  name: "add_comment",
+  title: "Add Comment",
+  annotations: { destructiveHint: false, idempotentHint: false, openWorldHint: true },
+  skills: ["tickets"],
+  requiredScopes: [SCOPE21.TICKET_WRITE],
+  description: "Add a comment (markdown) to a ticket. Supports internal notes. Use to document investigation findings, root-cause analysis, or agent decisions. REQUIRED SCOPE: ticket:write",
+  inputSchema: z21.object({
+    ticket: z21.string().describe('Ticket UUID or key (e.g. "FE-42")'),
+    body: z21.string().describe("Comment body (markdown)"),
+    internal: z21.boolean().optional().describe("Mark as internal note (default false)")
+  }),
+  handler: withAudit("add_comment", async (params, ctx) => {
+    assertScope(ctx.scopes, SCOPE21.TICKET_WRITE);
+    if (!params.ticket) throw new UserInputError("ticket is required");
+    if (!params.body?.trim()) throw new UserInputError("body is required");
+    const payload = { body: params.body };
+    if (params.internal !== void 0) payload.internal = params.internal;
+    await ctx.apiClient.addComment(params.ticket, payload);
+    const label = params.internal ? "Internal note" : "Comment";
+    return { content: [{ type: "text", text: `${label} added to **${params.ticket}**.` }] };
+  })
+});
+
+// src/tools/tickets/link-pr.ts
+import { z as z22 } from "zod";
+import { SCOPE as SCOPE22 } from "@koderlabs/tasks-sdk-types";
+function detectProvider(prUrl) {
+  return prUrl.includes("bitbucket.org") || prUrl.includes("bitbucket.com") ? "bitbucket" : "github";
+}
+var linkPrTool = defineTool({
+  name: "link_pr",
+  title: "Link Pull Request",
+  annotations: { destructiveHint: false, idempotentHint: true, openWorldHint: true },
+  skills: ["tickets"],
+  requiredScopes: [SCOPE22.TICKET_WRITE],
+  description: "Attach a GitHub or Bitbucket PR URL to a ticket. Provider auto-detected from URL. Reuses existing github-integrations/bitbucket-integrations services \u2014 no logic duplicated. REQUIRED SCOPE: ticket:write",
+  inputSchema: z22.object({
+    ticket: z22.string().describe('Ticket UUID or key (e.g. "FE-42")'),
+    prUrl: z22.string().url().describe("Full PR URL, e.g. https://github.com/org/repo/pull/123"),
+    provider: z22.enum(["github", "bitbucket"]).optional().describe("VCS provider (auto-detected if omitted)"),
+    title: z22.string().optional().describe("PR title (optional)"),
+    state: z22.enum(["open", "closed", "merged"]).optional()
+  }),
+  handler: withAudit("link_pr", async (params, ctx) => {
+    assertScope(ctx.scopes, SCOPE22.TICKET_WRITE);
+    if (!params.ticket) throw new UserInputError("ticket is required");
+    if (!params.prUrl) throw new UserInputError("prUrl is required");
+    const provider = params.provider ?? detectProvider(params.prUrl);
+    const body = { url: params.prUrl, refType: "pull_request" };
+    if (params.title !== void 0) body.title = params.title;
+    if (params.state !== void 0) body.state = params.state;
+    await ctx.apiClient.linkPr(params.ticket, provider, body);
+    return { content: [{ type: "text", text: `PR linked to **${params.ticket}** (${provider}): ${params.prUrl}` }] };
+  })
+});
+
+// src/tools/tickets/promote-issue-to-ticket.ts
+import { z as z23 } from "zod";
+import { SCOPE as SCOPE23 } from "@koderlabs/tasks-sdk-types";
+var promoteIssueToTicketTool = defineTool({
+  name: "promote_issue_to_ticket",
+  title: "Promote Issue to Ticket",
+  annotations: { destructiveHint: true, idempotentHint: false, openWorldHint: true },
+  skills: ["tickets"],
+  requiredScopes: [SCOPE23.TICKET_WRITE],
+  description: "Promote an SDK-captured error/event (issue) into a first-class ticket. All fields optional \u2014 API copies issue title/description if not overridden. Use after investigating an issue via find_issues / get_issue_details. REQUIRED SCOPE: ticket:write",
+  inputSchema: z23.object({
+    issueId: z23.string().describe("SDK issue ID (UUID)"),
+    title: z23.string().optional().describe("Override ticket title"),
+    description: z23.string().optional().describe("Override ticket description (markdown)"),
+    priority: z23.string().optional().describe("Highest | High | Medium | Low | Lowest"),
+    assigneeId: z23.string().optional().describe("Assignee user ID (UUID)"),
+    sprintId: z23.string().optional().describe("Sprint UUID"),
+    labels: z23.array(z23.string()).optional()
+  }),
+  handler: withAudit("promote_issue_to_ticket", async (params, ctx) => {
+    assertScope(ctx.scopes, SCOPE23.TICKET_WRITE);
+    if (!params.issueId) throw new UserInputError("issueId is required");
+    const body = {};
+    if (params.title !== void 0) body.title = params.title;
+    if (params.description !== void 0) body.description = params.description;
+    if (params.priority !== void 0) body.priority = params.priority;
+    if (params.assigneeId !== void 0) body.assigneeId = params.assigneeId;
+    if (params.sprintId !== void 0) body.sprintId = params.sprintId;
+    if (params.labels !== void 0) body.labels = params.labels;
+    const ticket = await ctx.apiClient.promoteIssueToTicket(params.issueId, body);
+    return { content: [{ type: "text", text: `Issue **${params.issueId}** promoted to ticket **${ticket.key}**: ${ticket.title}` }] };
+  })
+});
+
+// src/tools/release/pin-release.ts
+import { z as z24 } from "zod";
+import { SCOPE as SCOPE24 } from "@koderlabs/tasks-sdk-types";
+var pinReleaseTool = defineTool({
+  name: "pin_release",
+  title: "Pin Release to Environment",
+  annotations: { destructiveHint: false, idempotentHint: true, openWorldHint: true },
+  skills: ["release"],
+  requiredScopes: [SCOPE24.EVENT_WRITE],
+  description: "Mark a release (version) as the current release for an environment. Affects fingerprint resolution and symbolication baseline. REQUIRED SCOPE: event:write",
+  inputSchema: z24.object({
+    project: z24.string().describe('Project UUID or key (e.g. "FE")'),
+    version: z24.string().describe('Version UUID or name (e.g. "v1.4.2")'),
+    environment: z24.string().optional().describe('Target environment (default: "production")')
+  }),
+  handler: withAudit("pin_release", async (params, ctx) => {
+    assertScope(ctx.scopes, SCOPE24.EVENT_WRITE);
+    if (!params.project) throw new UserInputError("project is required");
+    if (!params.version) throw new UserInputError("version is required");
+    const env = params.environment ?? "production";
+    await ctx.apiClient.pinRelease(params.project, params.version, env);
+    return { content: [{ type: "text", text: `Release **${params.version}** pinned for **${params.project}** / **${env}**.` }] };
+  })
+});
+
+// src/tools/release/symbolicate-frame.ts
+import { z as z25 } from "zod";
+import { SCOPE as SCOPE25 } from "@koderlabs/tasks-sdk-types";
+var frameSchema = z25.object({
+  file: z25.string().describe('Minified file path, e.g. "/static/js/main.abc123.js"'),
+  line: z25.number().int().min(1).describe("1-based line number"),
+  column: z25.number().int().min(1).describe("1-based column number"),
+  function: z25.string().optional().describe("Function name from the minified frame")
+});
+var symbolicateFrameTool = defineTool({
+  name: "symbolicate_frame",
+  title: "Symbolicate Stack Frame",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  meta: { "anthropic/maxResultSizeChars": 2e5 },
+  skills: ["release"],
+  requiredScopes: [SCOPE25.EVENT_WRITE],
+  description: "Symbolicate one or more minified stack frames using source-maps for a release. Returns original file, line, column, and function name. Use after receiving a bug report with obfuscated stack traces. REQUIRED SCOPE: event:write",
+  inputSchema: z25.object({
+    project: z25.string().describe("Project UUID or key"),
+    release: z25.string().optional().describe("Release UUID or version name. Omit to use pinned release."),
+    environment: z25.string().optional().describe('Environment for pinned-release resolution (default: "production")'),
+    frames: z25.array(frameSchema).min(1).describe("Minified stack frames to symbolicate")
+  }),
+  handler: withAudit("symbolicate_frame", async (params, ctx) => {
+    assertScope(ctx.scopes, SCOPE25.EVENT_WRITE);
+    if (!params.project) throw new UserInputError("project is required");
+    if (!params.frames?.length) throw new UserInputError("frames array must not be empty");
+    const releaseRef = params.release ?? "pinned";
+    const env = params.environment ?? "production";
+    const result = await ctx.apiClient.symbolicateFrames(params.project, releaseRef, params.frames, env);
+    const frames = result["frames"] ?? [];
+    if (!frames.length) {
+      return { content: [{ type: "text", text: "Symbolication returned no results. Source maps may not be uploaded for this release." }] };
+    }
+    const lines = frames.map((f, i) => {
+      const orig = `${f["originalFile"] ?? "?"}:${f["originalLine"] ?? "?"}:${f["originalColumn"] ?? "?"}`;
+      const fn = f["originalFunction"] ? ` in ${f["originalFunction"]}` : "";
+      return `Frame ${i + 1}: ${orig}${fn}`;
+    });
+    return { content: [{ type: "text", text: lines.join("\n") }] };
+  })
+});
+
+// src/tools/release/find-release-artifacts.ts
+import { z as z26 } from "zod";
+import { SCOPE as SCOPE26 } from "@koderlabs/tasks-sdk-types";
+var findReleaseArtifactsTool = defineTool({
+  name: "find_release_artifacts",
+  title: "Find Release Artifacts",
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  meta: { "anthropic/maxResultSizeChars": 2e5 },
+  skills: ["release"],
+  requiredScopes: [SCOPE26.EVENT_READ],
+  description: "List build artifacts (source maps, bundles, DSYM files) attached to a release. Use to verify source maps are present before symbolication. Read-only. REQUIRED SCOPE: event:read",
+  inputSchema: z26.object({
+    project: z26.string().describe("Project UUID or key"),
+    release: z26.string().describe("Release UUID or version name"),
+    type: z26.enum(["sourcemap", "bundle", "dsym", "proguard"]).optional().describe("Filter by artifact type"),
+    limit: z26.number().int().min(1).max(200).optional().describe("Max results (default 50)")
+  }),
+  async handler(params, ctx) {
+    assertScope(ctx.scopes, SCOPE26.EVENT_READ);
+    if (!params.project) throw new UserInputError("project is required");
+    if (!params.release) throw new UserInputError("release is required");
+    const result = await ctx.apiClient.listReleaseArtifacts(params.project, params.release, params.type, params.limit);
+    const items = result["items"] ?? [];
+    if (!items.length) {
+      return {
+        content: [{
+          type: "text",
+          text: `No artifacts found for **${params.project}** release **${params.release}**${params.type ? ` (type: ${params.type})` : ""}.`
+        }]
+      };
+    }
+    return {
+      content: [{
+        type: "text",
+        text: `${items.length} artifact(s) for **${params.project}** release **${params.release}**:
+${JSON.stringify(items, null, 2)}`
+      }]
+    };
+  }
+});
+
+// src/tools/index.ts
+var ALL_TOOLS = [
+  // discover (4)
+  whoamiTool,
+  findOrganizationsTool,
+  findProjectsTool,
+  findReleasesTool,
+  // triage (6)
+  findIssuesTool,
+  findTicketsTool,
+  getIssueDetailsTool,
+  getTicketDetailsTool,
+  getEventDetailsTool,
+  getEventAttachmentTool,
+  // widget_bug (7)
+  getBugReportTool,
+  getBugScreenshotTool,
+  getBugAnnotationsTool,
+  getBugConsoleLogsTool,
+  getBugNetworkRequestsTool,
+  getBugMetadataTool,
+  getBugBreadcrumbsTool,
+  // tickets (Phase F — 6)
+  createTicketTool,
+  updateTicketTool,
+  transitionTicketTool,
+  addCommentTool,
+  linkPrTool,
+  promoteIssueToTicketTool,
+  // release (Phase F — 3)
+  pinReleaseTool,
+  symbolicateFrameTool,
+  findReleaseArtifactsTool
+];
+function toolsForScopes(scopeList) {
+  const set = new Set(scopeList);
+  return ALL_TOOLS.filter((t) => t.requiredScopes.every((s) => set.has(s)));
+}
+
+// src/server.ts
+import { McpError as McpError2, ErrorCode as ErrorCode2 } from "@modelcontextprotocol/sdk/types.js";
+var SERVER_NAME = "instanttasks-mcp";
+var SERVER_VERSION = "0.1.0";
+function createMcpServer(getContext) {
+  const server = new Server(
+    { name: SERVER_NAME, version: SERVER_VERSION },
+    {
+      capabilities: {
+        // Per MCP spec 2025-06-18 §Tools: declare `listChanged` explicitly so
+        // clients know whether to subscribe to `notifications/tools/list_changed`.
+        // Our tool registry is static — set false to skip needless wiring.
+        tools: { listChanged: false }
+      }
+    }
+  );
+  server.setRequestHandler(ListToolsRequestSchema, async () => {
+    const ctx = await getContext();
+    const available = toolsForScopes(ctx.scopes.toArray());
+    return {
+      tools: available.map((tool) => ({
+        name: tool.name,
+        // Human-readable display name (Anthropic Directory requires this on
+        // every tool — distinct from `name`).
+        title: tool.title,
+        description: tool.description,
+        inputSchema: zodToJsonSchema(tool.inputSchema),
+        // MCP 2025-06-18: annotations advise clients on tool behaviour
+        // (readOnly / destructive / idempotent / openWorld). Optional —
+        // omit when not provided so the field doesn't appear as undefined.
+        ...tool.annotations && { annotations: tool.annotations },
+        // Anthropic-specific `_meta` (e.g. `anthropic/maxResultSizeChars`)
+        // surfaced at tools/list time so Claude clients can adjust per-tool
+        // output thresholds before invoking.
+        ...tool.meta && { _meta: tool.meta }
+      }))
+    };
+  });
+  server.setRequestHandler(CallToolRequestSchema, async (request) => {
+    const { name, arguments: rawArgs } = request.params;
+    const tool = ALL_TOOLS.find((t) => t.name === name);
+    if (!tool) {
+      throw new McpError2(ErrorCode2.MethodNotFound, `Unknown tool: ${name}`);
+    }
+    const ctx = await getContext();
+    for (const scope of tool.requiredScopes) {
+      if (!ctx.scopes.has(scope)) {
+        throw new McpError2(
+          ErrorCode2.InvalidRequest,
+          `Token missing required scope '${scope}' for tool '${name}'`
+        );
+      }
+    }
+    const parseResult = tool.inputSchema.safeParse(rawArgs ?? {});
+    if (!parseResult.success) {
+      throw new McpError2(
+        ErrorCode2.InvalidParams,
+        `Invalid parameters for tool '${name}': ${parseResult.error.message}`
+      );
+    }
+    const result = await tool.handler(parseResult.data, {
+      apiClient: ctx.apiClient,
+      auditClient: ctx.auditClient,
+      scopes: ctx.scopes
+    });
+    return {
+      content: result.content,
+      isError: result.isError ?? false,
+      // Forward tool-level `_meta` to the MCP response so clients can
+      // surface deep-links / IDs / mimeType hints. Omit when empty so the
+      // field doesn't appear as `undefined` over the wire.
+      ...result._meta && { _meta: result._meta }
+    };
+  });
+  return server;
+}
+
+// src/audit-queue.ts
+import { promises as fs } from "fs";
+import { dirname, resolve } from "path";
+var DEFAULT_PATH = process.env.MCP_AUDIT_QUEUE_PATH ?? "./audit-queue.jsonl";
+var DEFAULT_MAX = parseInt(process.env.MCP_AUDIT_QUEUE_MAX ?? "5000", 10);
+var AuditQueue = class {
+  path;
+  maxLines;
+  logger;
+  /** Serializes file access so concurrent enqueue / replay can't tear lines. */
+  chain = Promise.resolve();
+  /** When path is `:memory:` we keep a buffer instead of writing to disk. */
+  memory = null;
+  constructor(opts = {}) {
+    this.path = opts.path ?? DEFAULT_PATH;
+    this.maxLines = opts.maxLines ?? DEFAULT_MAX;
+    this.logger = opts.logger ?? console;
+    if (this.path === ":memory:") this.memory = [];
+  }
+  /** Append a payload to the queue. Never throws — durability is best-effort. */
+  enqueue(payload) {
+    return this.run(async () => {
+      const line = JSON.stringify(payload) + "\n";
+      if (this.memory) {
+        this.memory.push(line);
+        while (this.memory.length > this.maxLines) {
+          this.logger.warn("[AuditQueue] dropping oldest record (in-memory cap exceeded)");
+          this.memory.shift();
+        }
+        return;
+      }
+      try {
+        await fs.mkdir(dirname(resolve(this.path)), { recursive: true });
+        const existing = await this.readLines();
+        let next = existing;
+        while (next.length >= this.maxLines) {
+          this.logger.warn("[AuditQueue] dropping oldest record (file cap exceeded)", {
+            path: this.path,
+            cap: this.maxLines
+          });
+          next = next.slice(1);
+        }
+        next.push(line.trimEnd());
+        await fs.writeFile(this.path, next.join("\n") + "\n", "utf8");
+      } catch (err) {
+        this.logger.error("[AuditQueue] enqueue failed (audit record will be lost):", err);
+      }
+    });
+  }
+  /**
+   * Drain the persisted queue by re-shipping each record. Returns counts so the
+   * caller (boot path) can log a summary. Stops on the first failure to preserve
+   * order — back-pressure during a sustained outage.
+   */
+  replay(send) {
+    return this.run(async () => {
+      const lines = await this.readLines();
+      if (lines.length === 0) return { shipped: 0, remaining: 0 };
+      let shipped = 0;
+      const leftover = [];
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        let payload;
+        try {
+          payload = JSON.parse(line);
+        } catch {
+          this.logger.warn("[AuditQueue] dropping unparseable line on replay");
+          continue;
+        }
+        try {
+          await send(payload);
+          shipped += 1;
+        } catch (err) {
+          this.logger.warn("[AuditQueue] replay paused \u2014 line will retry on next boot:", err);
+          leftover.push(...lines.slice(i));
+          break;
+        }
+      }
+      if (this.memory) {
+        this.memory = leftover.map((l) => l + "\n");
+      } else {
+        if (leftover.length === 0) {
+          await fs.rm(this.path, { force: true });
+        } else {
+          await fs.writeFile(this.path, leftover.join("\n") + "\n", "utf8");
+        }
+      }
+      return { shipped, remaining: leftover.length };
+    });
+  }
+  async readLines() {
+    if (this.memory) return this.memory.map((l) => l.trimEnd());
+    try {
+      const buf = await fs.readFile(this.path, "utf8");
+      return buf.split("\n").filter(Boolean);
+    } catch (err) {
+      if (err.code === "ENOENT") return [];
+      throw err;
+    }
+  }
+  /**
+   * Chain async work so file access is serialized. The returned promise
+   * resolves to the inner fn's result; the internal `chain` field is kept
+   * pending so the next caller waits for THIS fn's completion before its
+   * own fn runs. Errors in fn() do not break the chain — they propagate
+   * to the returned promise while `chain` swallows them.
+   */
+  run(fn) {
+    const next = this.chain.then(fn);
+    this.chain = next.then(
+      () => void 0,
+      () => void 0
+    );
+    return next;
+  }
+};
+
+// src/api-client.ts
+var _auditQueue = null;
+function getAuditQueue() {
+  if (!_auditQueue) _auditQueue = new AuditQueue();
+  return _auditQueue;
+}
+async function replayPersistedAuditQueue(send) {
+  return getAuditQueue().replay(send);
+}
+var ApiClient = class {
+  baseUrl;
+  headers;
+  constructor(opts) {
+    this.baseUrl = opts.baseUrl.replace(/\/$/, "");
+    this.headers = {
+      Authorization: `Bearer ${opts.token}`,
+      "Content-Type": "application/json",
+      Accept: "application/json"
+    };
+  }
+  // ── helpers ──────────────────────────────────────────────────────────────
+  /**
+   * Unwrap the API's `{ success, data, meta? }` envelope.
+   *
+   * For list endpoints (data: T[]) we expose `{ items, meta }` to match the
+   * historical call-sites that read `result.items`. Single-resource calls
+   * just return the data payload directly.
+   */
+  unwrap(json) {
+    if (json && typeof json === "object" && "success" in json && "data" in json) {
+      const data = json.data;
+      if (Array.isArray(data)) {
+        return { items: data, meta: json.meta };
+      }
+      return data;
+    }
+    return json;
+  }
+  async post(path, body) {
+    let res;
+    try {
+      res = await fetch(`${this.baseUrl}${path}`, {
+        method: "POST",
+        headers: this.headers,
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(1e4)
+      });
+    } catch (err) {
+      throw new ApiError(`Network error: ${err.message}`);
+    }
+    if (!res.ok) {
+      const text = await res.text().catch(() => "");
+      throw new ApiError(`${res.status} ${res.statusText}: ${text}`, res.status);
+    }
+    return this.unwrap(await res.json());
+  }
+  async patch(path, body) {
+    let res;
+    try {
+      res = await fetch(`${this.baseUrl}${path}`, {
+        method: "PATCH",
+        headers: this.headers,
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(1e4)
+      });
+    } catch (err) {
+      throw new ApiError(`Network error: ${err.message}`);
+    }
+    if (!res.ok) {
+      const text = await res.text().catch(() => "");
+      throw new ApiError(`${res.status} ${res.statusText}: ${text}`, res.status);
+    }
+    return this.unwrap(await res.json());
+  }
+  async get(path, query) {
+    const url = new URL(`${this.baseUrl}${path}`);
+    if (query) {
+      for (const [k, v] of Object.entries(query)) {
+        if (v !== void 0) url.searchParams.set(k, String(v));
+      }
+    }
+    let res;
+    try {
+      res = await fetch(url.toString(), {
+        headers: this.headers,
+        signal: AbortSignal.timeout(1e4)
+      });
+    } catch (err) {
+      throw new ApiError(`Network error reaching InstantTasks API: ${err.message}`);
+    }
+    if (res.status === 404) return null;
+    if (!res.ok) {
+      const text = await res.text().catch(() => "");
+      throw new ApiError(`${res.status} ${res.statusText}: ${text}`, res.status);
+    }
+    return this.unwrap(await res.json());
+  }
+  async getRaw(path) {
+    const url = `${this.baseUrl}${path}`;
+    let res;
+    try {
+      res = await fetch(url, {
+        headers: { Authorization: this.headers.Authorization },
+        signal: AbortSignal.timeout(15e3)
+      });
+    } catch (err) {
+      throw new ApiError(`Network error: ${err.message}`);
+    }
+    if (res.status === 404) return null;
+    if (!res.ok) throw new ApiError(`${res.status} ${res.statusText}`, res.status);
+    const mimeType = res.headers.get("content-type") ?? "application/octet-stream";
+    return { buffer: await res.arrayBuffer(), mimeType };
+  }
+  // ── Discover ─────────────────────────────────────────────────────────────
+  async listOrganizations() {
+    const result = await this.get("/organizations");
+    return result?.items ?? [];
+  }
+  async listProjects(organizationId) {
+    const result = await this.get(`/organizations/${organizationId}/projects`);
+    return result?.items ?? [];
+  }
+  async listReleases(projectId, limit = 20) {
+    const result = await this.get(`/projects/${projectId}/versions`, { limit });
+    return result?.items ?? [];
+  }
+  // ── Triage: Tickets ───────────────────────────────────────────────────────
+  async getTicketByKey(ticketKey) {
+    return this.get(`/tickets/${ticketKey}`);
+  }
+  async listTicketsByIQL(query, projectKey, limit = 25) {
+    const q = { q: query, limit };
+    if (projectKey) q.projectKey = projectKey;
+    const result = await this.get("/search/tickets", q);
+    return result?.items ?? [];
+  }
+  // ── Triage: Issues (Phase C — graceful 404 fallback) ────────────────────
+  /**
+   * List issues in a project.
+   * Returns null if the Issues module is not yet deployed (Phase C dependency).
+   */
+  async listIssues(projectId, filter, limit = 25) {
+    const result = await this.get(`/projects/${projectId}/issues`, {
+      q: filter,
+      limit
+    });
+    return result?.items ?? null;
+  }
+  /**
+   * Get a single issue by ID.
+   * Returns null if not found OR if Phase C not yet merged.
+   */
+  async getIssue(issueId) {
+    return this.get(`/issues/${issueId}`);
+  }
+  /**
+   * Get a single SDK event.
+   * Returns null if not found OR if Phase C not yet merged.
+   */
+  async getEvent(eventId) {
+    return this.get(`/events/${eventId}`);
+  }
+  /**
+   * Get an attachment associated with an event.
+   * Returns raw buffer + mimeType, or null if not found.
+   */
+  async getEventAttachment(eventId, attachmentId) {
+    return this.getRaw(`/events/${eventId}/attachments/${attachmentId}`);
+  }
+  // ── Widget Bug (ticket-level SDK data) ───────────────────────────────────
+  /**
+   * Get the full SDK event payload for a ticket (the "bug report").
+   * Tickets created via the widget SDK have their event data in `customFields`
+   * and a linked attachment. This fetches both.
+   */
+  async getBugReport(ticketKey) {
+    return this.getTicketByKey(ticketKey);
+  }
+  /**
+   * Get the screenshot attachment for a ticket submitted via the widget.
+   * The attachment id is stored in the ticket's `customFields.screenshotAttachmentId`.
+   */
+  async getBugScreenshot(ticketKey) {
+    const ticket = await this.getTicketByKey(ticketKey);
+    if (!ticket) return null;
+    const screenshotId = ticket.customFields?.screenshotAttachmentId;
+    if (!screenshotId) return null;
+    return this.getRaw(`/tickets/${ticket.id}/attachments/${screenshotId}/inline`);
+  }
+  /**
+   * Get the annotations overlay for a ticket screenshot.
+   * Stored as a JSON attachment with mimeType application/json.
+   */
+  async getBugAnnotations(ticketKey) {
+    const ticket = await this.getTicketByKey(ticketKey);
+    if (!ticket) return null;
+    const annotationsId = ticket.customFields?.annotationsAttachmentId;
+    if (!annotationsId) return null;
+    const result = await this.get(`/tickets/${ticket.id}/attachments/${annotationsId}/data`);
+    return result;
+  }
+  /**
+   * Get the console logs captured with the bug report.
+   */
+  async getBugConsoleLogs(ticketKey) {
+    const ticket = await this.getTicketByKey(ticketKey);
+    if (!ticket) return null;
+    const sdkEventId = ticket.customFields?.sdkEventId;
+    if (!sdkEventId) return null;
+    const result = await this.get(`/sdk/events/${sdkEventId}/console-logs`);
+    return result?.consoleLogs ?? null;
+  }
+  /**
+   * Get the network requests captured with the bug report.
+   */
+  async getBugNetworkRequests(ticketKey) {
+    const ticket = await this.getTicketByKey(ticketKey);
+    if (!ticket) return null;
+    const sdkEventId = ticket.customFields?.sdkEventId;
+    if (!sdkEventId) return null;
+    const result = await this.get(`/sdk/events/${sdkEventId}/network-requests`);
+    return result?.networkRequests ?? null;
+  }
+  /**
+   * Get metadata (custom key/value pairs) attached to the bug report.
+   */
+  async getBugMetadata(ticketKey) {
+    const ticket = await this.getTicketByKey(ticketKey);
+    if (!ticket) return null;
+    return ticket.customFields?.sdkMetadata ?? null;
+  }
+  /**
+   * Get the breadcrumb trail leading up to the bug report.
+   */
+  async getBugBreadcrumbs(ticketKey) {
+    const ticket = await this.getTicketByKey(ticketKey);
+    if (!ticket) return null;
+    const sdkEventId = ticket.customFields?.sdkEventId;
+    if (!sdkEventId) return null;
+    const result = await this.get(`/sdk/events/${sdkEventId}/breadcrumbs`);
+    return result?.breadcrumbs ?? null;
+  }
+  // ── Ticket write operations (Phase F) ────────────────────────────────────
+  async createTicket(projectRef, body) {
+    const result = await this.post("/tickets", { ...body, project: projectRef });
+    return result.data;
+  }
+  async updateTicket(ticketRef, fields) {
+    const result = await this.patch(`/tickets/${encodeURIComponent(ticketRef)}`, fields);
+    return result.data;
+  }
+  async transitionTicket(ticketRef, body) {
+    const result = await this.post(
+      `/tickets/${encodeURIComponent(ticketRef)}/transitions`,
+      body
+    );
+    return result.data;
+  }
+  async getTicketTransitions(ticketRef) {
+    const result = await this.get(
+      `/tickets/${encodeURIComponent(ticketRef)}/transitions`
+    );
+    return result?.data ?? [];
+  }
+  async addComment(ticketRef, body) {
+    const result = await this.post(
+      `/tickets/${encodeURIComponent(ticketRef)}/comments`,
+      body
+    );
+    return result.data;
+  }
+  async linkPr(ticketRef, provider, body) {
+    const path = provider === "bitbucket" ? `/tickets/${encodeURIComponent(ticketRef)}/bitbucket-refs` : `/tickets/${encodeURIComponent(ticketRef)}/github-refs`;
+    const result = await this.post(path, body);
+    return result.data;
+  }
+  async promoteIssueToTicket(issueId, body) {
+    const result = await this.post(
+      `/sdk/issues/${encodeURIComponent(issueId)}/promote`,
+      body
+    );
+    return result.data;
+  }
+  // ── Release write operations (Phase F) ───────────────────────────────────
+  async pinRelease(projectRef, versionRef, environment) {
+    const result = await this.patch(
+      `/projects/${encodeURIComponent(projectRef)}/versions/${encodeURIComponent(versionRef)}/pin`,
+      { environment }
+    );
+    return result.data;
+  }
+  async symbolicateFrames(projectRef, releaseRef, frames, environment) {
+    const result = await this.post(
+      `/projects/${encodeURIComponent(projectRef)}/releases/${encodeURIComponent(releaseRef)}/symbolicate`,
+      { frames, environment }
+    );
+    return result.data;
+  }
+  async listReleaseArtifacts(projectRef, releaseRef, type, limit) {
+    const result = await this.get(
+      `/projects/${encodeURIComponent(projectRef)}/releases/${encodeURIComponent(releaseRef)}/artifacts`,
+      { type, limit }
+    );
+    return result?.data ?? result ?? {};
+  }
+  async shipAuditRecord(payload) {
+    await shipAuditWithRetry(
+      (body) => this.post("/audit/mcp", body),
+      payload
+    );
+  }
+};
+var DEFAULT_AUDIT_RETRY = {
+  // 3 retries total => 3 attempts; pre-attempt waits are [0, 1s, 3s, 9s]-style.
+  // We use 3 attempts with delays BEFORE retry #2 and retry #3 of 1s and 3s,
+  // and a final 9s back-pressure pause before giving up — matching the
+  // spec's 1s/3s/9s schedule.
+  maxAttempts: 3,
+  delaysMs: [1e3, 3e3, 9e3],
+  sleep: (ms) => new Promise((r) => setTimeout(r, ms)),
+  logger: console
+};
+function isRetryable(err) {
+  if (err instanceof ApiError) {
+    if (err.statusCode === void 0) return true;
+    return err.statusCode >= 500;
+  }
+  return true;
+}
+async function shipAuditWithRetry(send, payload, options = {}) {
+  const opts = { ...DEFAULT_AUDIT_RETRY, ...options };
+  const delays = opts.delaysMs;
+  let lastErr;
+  for (let attempt = 1; attempt <= opts.maxAttempts; attempt++) {
+    try {
+      await send(payload);
+      return;
+    } catch (err) {
+      lastErr = err;
+      if (!isRetryable(err) || attempt === opts.maxAttempts) {
+        break;
+      }
+      const delay = delays[attempt - 1] ?? delays[delays.length - 1] ?? 1e3;
+      await opts.sleep(delay);
+    }
+  }
+  const correlationId = payload["toolName"] ?? "unknown";
+  opts.logger.error("[ApiClient] audit/mcp ship failed after retries:", {
+    correlationId,
+    payload,
+    error: lastErr instanceof Error ? lastErr.message : String(lastErr)
+  });
+  void getAuditQueue().enqueue(payload);
+}
+
+// src/auth/secret-key.ts
+function extractBearerToken(authHeader) {
+  if (!authHeader?.startsWith("Bearer ")) return null;
+  const token = authHeader.slice(7).trim();
+  return token || null;
+}
+async function validateSecretKey(token, apiBaseUrl) {
+  if (!token.startsWith("sk_live_") && !token.startsWith("sk_test_")) {
+    throw new AuthError("invalid_token", "expected sk_live_* or sk_test_*");
+  }
+  const url = `${apiBaseUrl}/sdk/keys/whoami-management`;
+  let res;
+  try {
+    res = await fetch(url, {
+      method: "GET",
+      headers: { Authorization: `Bearer ${token}` },
+      signal: AbortSignal.timeout(5e3)
+    });
+  } catch (err) {
+    throw new ApiError(`Cannot reach InstantTasks API: ${err.message}`);
+  }
+  if (!res.ok) {
+    throw new AuthError("invalid_token", `whoami-management returned ${res.status}`);
+  }
+  let body;
+  try {
+    body = await res.json();
+  } catch (err) {
+    throw new ApiError(`Malformed whoami-management response: ${err.message}`);
+  }
+  if (!body.id || !body.projectId || !body.organizationId || !Array.isArray(body.scopes)) {
+    throw new AuthError("invalid_token", "whoami-management response missing required fields");
+  }
+  return {
+    keyId: body.id,
+    projectId: body.projectId,
+    organizationId: body.organizationId,
+    scopes: new ScopeSet(body.scopes),
+    kind: "management"
+  };
+}
+
+export {
+  ApiError,
+  AuthError,
+  ScopeSet,
+  createMcpServer,
+  replayPersistedAuditQueue,
+  ApiClient,
+  extractBearerToken,
+  validateSecretKey
+};
+//# sourceMappingURL=chunk-ULHBL6XY.js.map