@mgsoftwarebv/mcp-server-bridge 3.5.13 → 3.5.15

package/README.md

@@ -130,6 +130,8 @@ Optional PDF compilation: pass `compilePdf: true` to trigger the `compile-docume
 - **log-hours** — log work hours as a draft agenda event (see the `/hours` Cursor command)
 - **create-time-entries** — create one or more individual dated hour lines (one timesheet event per date), single or bulk via `entries[]`. Top-level `projectId`/`ticketId`/`userId`/`description`/`billable`/`status` are shared defaults each entry can override. Skips duplicates (same user/team/date/project/description) unless `allowDuplicate`, and reports created/skipped/errored lines plus `totalHours`. Use this instead of `log-hours` when you have separate dated lines (e.g. "8h on 19/6, 8h on 16/6").
 - **get-time-entries** — read and total tracked time entries (urenregistratie), filterable by period, user, project, customer, ticket, status and type; returns accurate aggregate totals (total/billable/non-billable/invoiced hours) plus an optional grouped breakdown (day/project/customer/user/ticket). Answers questions like "how many hours did I work this month for customer X?"
+- **delete-time-entries** — soft-delete one or more existing hour lines by `id`/`ids[]` (e.g. to drop a wrongly-logged lump entry before re-creating dated lines). Only draft, non-invoiced entries are removed unless `allowInvoicedOverride`; confirmed/invoiced ones are skipped. Reports deleted/skipped/errored ids plus `deletedHours`.
+- **update-time-entry** — correct a single hour line by `id`: change `date`/`hours` (re-times the line), `description`, `projectId`, `ticketId`, `status` or `billable`. On confirmed/invoiced entries the financial/time fields are locked unless `allowInvoicedOverride`; description and project/ticket links stay editable.
 
 ### GitHub Code Exploration
 - **get-github-file** — read one file from the GitHub repo linked to a project

package/dist/index.js

@@ -94095,7 +94095,7 @@ var projects = pgTable(
     // Basic project management extensions
     color: text().default("#3B82F6").notNull(),
     projectCode: text("project_code"),
-    settings: jsonb().default({}),
+    settings: jsonb().$type().default({}),
     // Customer portal fields
     ownedByCustomer: boolean3("owned_by_customer").default(false),
     internal: boolean3().default(false).notNull(),
@@ -101312,7 +101312,11 @@ var teams = pgTable(
     // classifier allow-list filter. Default 30 mirrors `DEFAULT_TOOL_BUDGET_MAX`
     // in apps/api/src/ai/floris/skills/budget.ts. Read-resolver lands in
     // A5-impl.b; per-team toggles in A5-impl.c.
-    florisConfig: jsonb("floris_config").$type().default({ tool_budget_max: 30 }).notNull()
+    florisConfig: jsonb("floris_config").$type().default({ tool_budget_max: 30 }).notNull(),
+    // Per-team time-tracking policy (ticket 2026-REFRO-140). Currently holds the
+    // agent kill-switch `blockAgentDrafts`. Default `{}`; the resolver treats a
+    // missing flag as "block" so new teams are safe by default.
+    timeTrackingPolicy: jsonb("time_tracking_policy").$type().default({}).notNull()
   },
   (table) => [
     unique("teams_documents_email_id_key").on(table.documentsEmailId),
@@ -107400,6 +107404,80 @@ var TOOLS = [
       required: ["entries"]
     }
   },
+  {
+    name: "delete-time-entries",
+    description: "Delete one or more existing tracked time entries (urenregels / timesheet events) by id \u2014 e.g. to remove a wrongly-logged lump entry before re-creating it as separate dated lines with create-time-entries. Soft-deletes so the lines disappear from the agenda / urenoverzicht. Pass a single `id` or a list of `ids` (max 100). Safety: only draft, non-invoiced entries are deleted by default; confirmed or invoiced entries are skipped unless `allowInvoicedOverride` is true. Processing is per-id: the result reports deleted ids, skipped ids (reason: confirmed / invoiced / already_deleted) and per-id errors (not found / no access), plus deletedHours. Use get-time-entries to find ids first.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        teamId: teamIdProp,
+        id: {
+          type: "string",
+          description: "A single timesheet event id (UUID) to delete."
+        },
+        ids: {
+          type: "array",
+          items: { type: "string" },
+          description: "Multiple timesheet event ids (UUIDs) to delete in one call (max 100). Combined with `id` if both are given."
+        },
+        allowInvoicedOverride: {
+          type: "boolean",
+          default: false,
+          description: "When true, also delete confirmed and/or invoiced entries. Default false skips them (safer)."
+        }
+      },
+      required: []
+    }
+  },
+  {
+    name: "update-time-entry",
+    description: "Update a single existing tracked time entry (urenregel / timesheet event) by id: correct its date, hours, description, project link, ticket link, status or billable flag. Changing date and/or hours re-times the line (date moves it to 09:00 Europe/Amsterdam, hours sets its duration). Safety: on a confirmed or invoiced entry the financial/time fields (date, hours, status, billable) are locked unless `allowInvoicedOverride` is true; description and project/ticket links stay editable. Use get-time-entries to find the id and get-projects / get-tickets to resolve links. To remove a line use delete-time-entries; to create new lines use create-time-entries.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        teamId: teamIdProp,
+        id: {
+          type: "string",
+          description: "Timesheet event id (UUID) to update."
+        },
+        date: {
+          type: "string",
+          description: "New calendar date (YYYY-MM-DD, Europe/Amsterdam). Moves the line to 09:00 on this day."
+        },
+        hours: {
+          type: "number",
+          description: "New worked hours for the line (> 0, <= 24)."
+        },
+        description: {
+          type: "string",
+          description: "New line description (updates both the line title and description)."
+        },
+        projectId: {
+          type: ["string", "null"],
+          description: "New project UUID, or null to clear the project link."
+        },
+        ticketId: {
+          type: ["string", "null"],
+          description: "Replace the linked ticket (UUID), or null to unlink all tickets."
+        },
+        status: {
+          type: "string",
+          enum: ["draft", "confirmed", "submitted"],
+          description: "New status. 'submitted' is treated as 'confirmed'."
+        },
+        billable: {
+          type: "boolean",
+          description: "New billable flag. true -> to_bill, false -> unbillable."
+        },
+        allowInvoicedOverride: {
+          type: "boolean",
+          default: false,
+          description: "Allow editing locked fields (date/hours/status/billable) on a confirmed/invoiced entry."
+        }
+      },
+      required: ["id"]
+    }
+  },
   {
     name: "get-trips",
     description: "List trips / kilometer registration entries (rides) scoped to your provider team(s), with optional filters by period (dateFrom/dateTo), user, project, customer, trip type (business/private), billing type, and invoiced status. Returns each trip's id, date, start/end location, distance (km), odometer readings, trip type, billing type, rate/amount, linked user/project/customer/invoice/vehicle, plus aggregate business/private/total km and total amount.",
@@ -114307,6 +114385,43 @@ async function handleListGithubDirectory(input) {
 }
 
 // src/tools/hours.ts
+async function assertAgentMayLogHours(args2) {
+  const [team] = await db.select({ policy: schema_exports.teams.timeTrackingPolicy }).from(schema_exports.teams).where(eq(schema_exports.teams.id, args2.teamId)).limit(1);
+  let projectPolicy = {};
+  if (args2.projectId) {
+    const [project] = await db.select({ settings: schema_exports.projects.settings }).from(schema_exports.projects).where(eq(schema_exports.projects.id, args2.projectId)).limit(1);
+    const settings = project?.settings;
+    if (settings?.timeTracking && typeof settings.timeTracking === "object") {
+      projectPolicy = settings.timeTracking;
+    }
+  }
+  const teamBlocksAgents = team?.policy?.blockAgentDrafts ?? true;
+  const projectAllowAgents = projectPolicy.allowAgents;
+  const allowAgents = projectAllowAgents === void 0 || projectAllowAgents === null ? !teamBlocksAgents : Boolean(projectAllowAgents);
+  const enabled = projectPolicy.enabled !== false;
+  const requireTicket = projectPolicy.requireTicket === true;
+  const allowedTicketStatuses = Array.isArray(projectPolicy.allowedTicketStatuses) && projectPolicy.allowedTicketStatuses.length > 0 ? projectPolicy.allowedTicketStatuses : null;
+  if (!enabled) {
+    throw new Error(
+      "Blocked by time-tracking policy: time tracking is disabled for this project. No hours can be logged."
+    );
+  }
+  if (!allowAgents) {
+    throw new Error(
+      "Blocked by time-tracking policy: agents/automation may not log draft hours here. Ask a human to enable 'allow agents' on the project (or the team's agent time-tracking setting) before logging time."
+    );
+  }
+  if (requireTicket && !args2.hasTicket) {
+    throw new Error(
+      "Blocked by time-tracking policy: this project requires every time entry to be linked to a ticket. Pass a ticketId."
+    );
+  }
+  if (allowedTicketStatuses && args2.hasTicket && args2.ticketStatus && !allowedTicketStatuses.includes(args2.ticketStatus)) {
+    throw new Error(
+      `Blocked by time-tracking policy: time can only be booked on tickets with status: ${allowedTicketStatuses.join(", ")}. This ticket is "${args2.ticketStatus}".`
+    );
+  }
+}
 async function handleLogHours(input) {
   const ctx = getAuthContext();
   const {
@@ -114367,6 +114482,12 @@ async function handleLogHours(input) {
     if (!resolved.ok) return resolved.response;
     insertTeamId = resolved.teamId;
   }
+  await assertAgentMayLogHours({
+    teamId: insertTeamId,
+    projectId: project?.id ?? null,
+    hasTicket: Boolean(ticket?.id),
+    ticketStatus: ticket?.status ?? null
+  });
   const durationSeconds = Math.round(estimatedHours * 3600);
   const now2 = /* @__PURE__ */ new Date();
   let agendaEntry = null;
@@ -115087,6 +115208,271 @@ async function handleCreateTimeEntries(input) {
     }
   });
 }
+var MAX_DELETE_ENTRIES = 100;
+function rowDurationSeconds(row) {
+  if (row.startTime && row.endTime) {
+    const seconds = (new Date(row.endTime).getTime() - new Date(row.startTime).getTime()) / 1e3;
+    return Math.max(0, Math.round(seconds));
+  }
+  return Math.max(0, Math.round(toNumber(row.trackedDuration)));
+}
+function rowDurationHours(row) {
+  return Math.round(rowDurationSeconds(row) / 3600 * 100) / 100;
+}
+function isInvoicedRow(row) {
+  return row.invoiceId != null || row.billingStatus === "billed" || row.billingStatus === "draft_billed";
+}
+async function handleDeleteTimeEntries(input) {
+  const te = schema_exports.timesheetEvents;
+  const ids = [
+    ...new Set(
+      [input.id, ...Array.isArray(input.ids) ? input.ids : []].filter(
+        (value) => typeof value === "string" && value.trim().length > 0
+      ).map((value) => value.trim())
+    )
+  ];
+  if (ids.length === 0) {
+    return textResponse3(
+      "Error: provide `id` or a non-empty `ids` array of timesheet event ids. Use get-time-entries to find ids."
+    );
+  }
+  if (ids.length > MAX_DELETE_ENTRIES) {
+    return textResponse3(
+      `Error: too many ids (${ids.length}). Max ${MAX_DELETE_ENTRIES} per call.`
+    );
+  }
+  const scope = await resolveTeamScope(input.teamId);
+  if (!scope.ok) return scope.response;
+  if (scope.teamIds.length === 0) {
+    return textResponse3("No accessible teams found.");
+  }
+  const deleted = [];
+  const skipped = [];
+  const errors = [];
+  for (const id of ids) {
+    try {
+      const [row] = await db.select({
+        id: te.id,
+        title: te.title,
+        status: te.status,
+        invoiceId: te.invoiceId,
+        billingStatus: te.billingStatus,
+        isDeleted: te.isDeleted,
+        startTime: te.startTime,
+        endTime: te.endTime,
+        trackedDuration: te.trackedDuration,
+        date: sql`${localDateTextExpr()}`
+      }).from(te).where(and(eq(te.id, id), inArray(te.teamId, scope.teamIds))).limit(1);
+      if (!row) {
+        errors.push({
+          id,
+          message: "Not found or no access. Call get-time-entries to find a valid id."
+        });
+        continue;
+      }
+      const status = row.status === "confirmed" ? "confirmed" : "draft";
+      const invoiced = isInvoicedRow(row);
+      if (row.isDeleted) {
+        skipped.push({ id, reason: "already_deleted", status, invoiced });
+        continue;
+      }
+      const confirmed = status === "confirmed";
+      if ((invoiced || confirmed) && !input.allowInvoicedOverride) {
+        skipped.push({
+          id,
+          reason: invoiced ? "invoiced" : "confirmed",
+          status,
+          invoiced
+        });
+        continue;
+      }
+      await db.update(te).set({ isDeleted: true, deletedAt: sql`NOW()`, updatedAt: sql`NOW()` }).where(and(eq(te.id, id), inArray(te.teamId, scope.teamIds)));
+      deleted.push({
+        id,
+        date: row.date ?? null,
+        hours: rowDurationHours(row),
+        title: row.title
+      });
+    } catch (error49) {
+      errors.push({
+        id,
+        message: error49 instanceof Error ? error49.message : String(error49)
+      });
+    }
+  }
+  return jsonResponse({
+    teamScope: scope.teamIds,
+    deleted,
+    skipped,
+    errors,
+    totals: {
+      deletedCount: deleted.length,
+      skippedCount: skipped.length,
+      errorCount: errors.length,
+      deletedHours: Math.round(deleted.reduce((sum, d6) => sum + d6.hours, 0) * 100) / 100
+    }
+  });
+}
+async function handleUpdateTimeEntry(input) {
+  const te = schema_exports.timesheetEvents;
+  const id = typeof input.id === "string" ? input.id.trim() : "";
+  if (!id) return textResponse3("Error: `id` is required.");
+  let mappedStatus;
+  if (input.status !== void 0) {
+    const resolvedStatus = mapCreateStatus(input.status);
+    if (resolvedStatus === null) {
+      return textResponse3(
+        `Error: invalid status "${input.status}". Allowed: draft, confirmed (submitted is treated as confirmed).`
+      );
+    }
+    mappedStatus = resolvedStatus;
+  }
+  const newDate = input.date !== void 0 ? String(input.date).trim() : void 0;
+  if (newDate !== void 0 && !isValidIsoDate(newDate)) {
+    return textResponse3("Error: invalid `date`; expected YYYY-MM-DD.");
+  }
+  if (input.hours !== void 0) {
+    const hours = toNumber(input.hours);
+    if (!(hours > 0)) {
+      return textResponse3("Error: `hours` must be a number greater than 0.");
+    }
+    if (hours > 24) {
+      return textResponse3("Error: `hours` must not exceed 24 for a single day.");
+    }
+  }
+  const scope = await resolveTeamScope(input.teamId);
+  if (!scope.ok) return scope.response;
+  if (scope.teamIds.length === 0) {
+    return textResponse3("No accessible teams found.");
+  }
+  const [existing] = await db.select({
+    id: te.id,
+    status: te.status,
+    invoiceId: te.invoiceId,
+    billingStatus: te.billingStatus,
+    isDeleted: te.isDeleted,
+    startTime: te.startTime,
+    endTime: te.endTime,
+    trackedDuration: te.trackedDuration
+  }).from(te).where(and(eq(te.id, id), inArray(te.teamId, scope.teamIds))).limit(1);
+  if (!existing || existing.isDeleted) {
+    return textResponse3(
+      `Time entry ${id} not found or no access. Call get-time-entries to find a valid id.`
+    );
+  }
+  const invoiced = isInvoicedRow(existing);
+  const confirmed = existing.status === "confirmed";
+  if ((invoiced || confirmed) && !input.allowInvoicedOverride) {
+    const attempted = [];
+    if (input.date !== void 0) attempted.push("date");
+    if (input.hours !== void 0) attempted.push("hours");
+    if (input.billable !== void 0) attempted.push("billable");
+    if (input.status !== void 0) attempted.push("status");
+    if (attempted.length > 0) {
+      return textResponse3(
+        `Error: time entry ${id} is ${invoiced ? "invoiced" : "confirmed"}. Locked fields: ${attempted.join(", ")}. Re-call with allowInvoicedOverride: true to change them anyway, or only update description / project / ticket links.`
+      );
+    }
+  }
+  if (input.projectId) {
+    if (!scope.projectIds.includes(input.projectId)) {
+      return textResponse3(
+        `Project not found or no access: ${input.projectId}. Call get-projects first.`
+      );
+    }
+  }
+  if (input.ticketId) {
+    const [ticket] = await db.select({
+      id: schema_exports.tickets.id,
+      teamId: schema_exports.tickets.teamId,
+      projectId: schema_exports.tickets.projectId,
+      customerId: schema_exports.tickets.customerId
+    }).from(schema_exports.tickets).where(eq(schema_exports.tickets.id, input.ticketId)).limit(1);
+    if (!ticket) {
+      return textResponse3(
+        `Ticket not found: ${input.ticketId}. Call get-tickets first.`
+      );
+    }
+    let hasAccess = scope.teamIds.includes(ticket.teamId);
+    if (!hasAccess && ticket.projectId) {
+      hasAccess = scope.projectIds.includes(ticket.projectId);
+    }
+    if (!hasAccess && ticket.customerId) {
+      hasAccess = scope.customerIds.includes(ticket.customerId);
+    }
+    if (!hasAccess) {
+      return textResponse3(
+        `No access to ticket: ${input.ticketId}. Call get-tickets first.`
+      );
+    }
+  }
+  const updates = { updatedAt: sql`NOW()` };
+  if (input.description !== void 0) {
+    const description = String(input.description).trim();
+    if (!description) {
+      return textResponse3("Error: `description` cannot be empty.");
+    }
+    updates.title = description;
+    updates.description = description;
+  }
+  if (input.projectId !== void 0) updates.projectId = input.projectId;
+  if (input.billable !== void 0) {
+    updates.billingStatus = input.billable ? "to_bill" : "unbillable";
+  }
+  if (mappedStatus !== void 0) updates.status = mappedStatus;
+  if (newDate !== void 0 || input.hours !== void 0) {
+    const durationSeconds = input.hours !== void 0 ? Math.round(toNumber(input.hours) * 3600) : rowDurationSeconds(existing);
+    const startExpr = newDate !== void 0 ? sql`(${`${newDate} ${DEFAULT_START_HOUR}`}::timestamp AT TIME ZONE ${sql.raw(`'${TIMEZONE}'`)})` : sql`${existing.startTime}::timestamptz`;
+    const endExpr = sql`(${startExpr} + ${`${durationSeconds} seconds`}::interval)`;
+    updates.startTime = startExpr;
+    updates.endTime = endExpr;
+    updates.trackedDuration = durationSeconds;
+    updates.isTracked = true;
+  }
+  const hasFieldUpdate = Object.keys(updates).length > 1;
+  if (!hasFieldUpdate && input.ticketId === void 0) {
+    return textResponse3(
+      "No fields to update. Provide at least one of date, hours, description, projectId, ticketId, status, billable."
+    );
+  }
+  if (hasFieldUpdate) {
+    await db.update(te).set(updates).where(and(eq(te.id, id), inArray(te.teamId, scope.teamIds)));
+  }
+  if (input.ticketId !== void 0) {
+    await db.delete(schema_exports.timesheetEventTickets).where(eq(schema_exports.timesheetEventTickets.timesheetEventId, id));
+    if (input.ticketId) {
+      await db.insert(schema_exports.timesheetEventTickets).values({ timesheetEventId: id, ticketId: input.ticketId }).onConflictDoNothing();
+    }
+  }
+  const [row] = await db.select({
+    id: te.id,
+    title: te.title,
+    description: te.description,
+    status: te.status,
+    invoiceId: te.invoiceId,
+    billingStatus: te.billingStatus,
+    startTime: te.startTime,
+    endTime: te.endTime,
+    trackedDuration: te.trackedDuration,
+    projectId: te.projectId,
+    date: sql`${localDateTextExpr()}`
+  }).from(te).where(eq(te.id, id)).limit(1);
+  const links = await db.select({ ticketId: schema_exports.timesheetEventTickets.ticketId }).from(schema_exports.timesheetEventTickets).where(eq(schema_exports.timesheetEventTickets.timesheetEventId, id));
+  return jsonResponse({
+    updated: {
+      id,
+      date: row?.date ?? null,
+      hours: row ? rowDurationHours(row) : 0,
+      title: row?.title ?? null,
+      description: row?.description ?? null,
+      status: row?.status === "confirmed" ? "confirmed" : "draft",
+      invoiced: row ? isInvoicedRow(row) : false,
+      billingStatus: row?.billingStatus ?? null,
+      projectId: row?.projectId ?? null,
+      ticketIds: links.map((link) => link.ticketId)
+    }
+  });
+}
 
 // ../invoice/src/utils/included-items.ts
 function parseIncludedItems(value) {
@@ -126565,6 +126951,14 @@ function createMcpServer() {
           return await handleCreateTimeEntries(
             asToolArgs(toolArgs)
           );
+        case "delete-time-entries":
+          return await handleDeleteTimeEntries(
+            asToolArgs(toolArgs)
+          );
+        case "update-time-entry":
+          return await handleUpdateTimeEntry(
+            asToolArgs(toolArgs)
+          );
         case "get-github-file":
           return await handleGetGithubFile(asToolArgs(toolArgs));
         case "list-github-directory":