@spacelr/mcp 0.0.8 → 0.0.9

package/dist/index.mjs

@@ -4304,6 +4304,2725 @@ function registerAllPrompts(server) {
   registerFunctionPrompts(server);
 }
 
+// libs/mcp-server/src/resources/getting-started.ts
+var DOCS = `# Getting Started with Spacelr
+
+## Overview
+
+Spacelr is a **Backend-as-a-Service (BaaS)** platform that provides everything you need to build and run applications. The Spacelr MCP server gives you tools to manage:
+
+- **Projects** - Create and manage your application projects
+- **Database** - Document database with collections, documents, indexes, and security rules
+- **Storage** - File storage with upload, download, sharing, and quotas
+- **Serverless Functions** - Deploy and execute functions with a built-in KV store
+- **Hosting** - Static site hosting with deployments and custom domains
+- **Email Templates** - Manage and preview email templates
+- **Cron Jobs** - Schedule and manage recurring jobs
+- **Webhooks** - Configure webhook event delivery
+- **Notifications** - Send push notifications to users
+- **Audit Logs** - View audit logs for your projects
+- **OAuth Clients** - Manage OAuth client applications
+
+## Authentication
+
+The first step is always to authenticate. Use the \`auth_login\` tool with your email and password:
+
+1. Call \`auth_login\` with your credentials. After a successful login, the token is stored automatically for subsequent requests.
+2. Use \`auth_me\` to verify your current session and see your user profile.
+
+## Project Context
+
+Most tools require a \`projectId\` to specify which project you are working with.
+
+- Use \`projects_list\` to see all projects you have access to.
+- Use \`projects_create\` to create a new project if needed.
+
+Once you have a \`projectId\`, pass it to module-specific tools to manage resources within that project.
+
+## Available Documentation Resources
+
+For detailed documentation on each module, read the following resources:
+
+| Resource | URI | Description |
+|----------|-----|-------------|
+| Authentication | \`spacelr://docs/auth\` | Login, profile management |
+| Projects | \`spacelr://docs/projects\` | Project and member management |
+| OAuth Clients | \`spacelr://docs/clients\` | OAuth client management |
+| Database | \`spacelr://docs/database\` | Collections, documents, indexes, security rules |
+| Storage | \`spacelr://docs/storage\` | File upload, download, sharing, quotas |
+| Functions | \`spacelr://docs/functions\` | Serverless functions, deployments, KV store |
+| Hosting | \`spacelr://docs/hosting\` | Static site hosting, deployments, custom domains |
+| Email Templates | \`spacelr://docs/email-templates\` | Email template management |
+| Cron Jobs | \`spacelr://docs/cron-jobs\` | Scheduled job management |
+| Webhooks | \`spacelr://docs/webhooks\` | Webhook event delivery |
+| Notifications | \`spacelr://docs/notifications\` | Push notifications |
+| Audit Logs | \`spacelr://docs/audit-logs\` | Audit log viewing |
+| Best Practices | \`spacelr://docs/best-practices\` | Setup guide, credentials, recommended workflows |
+
+## Quick Start Workflow
+
+1. **Authenticate** - Call \`auth_login\` with your email and password.
+2. **Find your project** - Call \`projects_list\` to see available projects.
+3. **Use module tools** - Pass the \`projectId\` to any module-specific tool (e.g., \`database_collections_list\`, \`storage_files_list\`, \`functions_list\`).
+`;
+function registerGettingStartedResources(server) {
+  server.registerResource(
+    "docs-getting-started",
+    "spacelr://docs/getting-started",
+    {
+      title: "Getting Started - Spacelr Docs",
+      description: "Overview of the Spacelr platform, authentication flow, and available modules",
+      mimeType: "text/markdown",
+      annotations: {
+        audience: ["assistant"],
+        priority: 1
+      }
+    },
+    async (uri) => ({
+      contents: [{
+        uri: uri.href,
+        mimeType: "text/markdown",
+        text: DOCS
+      }]
+    })
+  );
+}
+
+// libs/mcp-server/src/resources/auth.ts
+var DOCS2 = `# Authentication Tools
+
+## Overview
+
+The authentication tools provide login, session inspection, and profile management for the Spacelr platform. After a successful login, the access token is stored automatically by the API client and used for all subsequent requests.
+
+## Tools Reference
+
+### auth_login
+
+Authenticate with email and password.
+
+> **WARNING:** The password will be visible in the conversation context. Token values are redacted in the response.
+
+| Parameter  | Type   | Required | Description              |
+|------------|--------|----------|--------------------------|
+| email      | string | Yes      | A valid email address    |
+| password   | string | Yes      | Password (min 1 character) |
+
+**Returns:** The login response with token values redacted.
+
+---
+
+### auth_me
+
+Get the currently authenticated user profile.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+
+This tool takes no parameters. It returns the profile of the user associated with the current access token.
+
+---
+
+### auth_update_profile
+
+Update the currently authenticated user profile. At least one field must be provided.
+
+| Parameter   | Type   | Required | Description                  |
+|-------------|--------|----------|------------------------------|
+| firstName   | string | No       | Updated first name           |
+| lastName    | string | No       | Updated last name            |
+| displayName | string | No       | Updated display name         |
+
+**Returns:** The updated user profile with token values redacted.
+
+## Common Workflows
+
+### Login Flow
+
+1. Call \`auth_login\` with the user's email and password.
+2. On success the access token is stored automatically \u2014 no need to pass it manually.
+3. All subsequent tool calls will use the stored token for authentication.
+
+### Checking the Current Session
+
+1. Call \`auth_me\` to retrieve the profile tied to the stored token.
+2. If the call fails with an authentication error the token has expired or was never set \u2014 call \`auth_login\` again.
+
+### Updating a Profile
+
+1. Ensure you are logged in (call \`auth_me\` to verify).
+2. Call \`auth_update_profile\` with one or more fields to change.
+3. The response contains the full updated profile.
+
+## Tips
+
+- The access token is stored automatically after a successful \`auth_login\` call; you do not need to manage it yourself.
+- Token values are redacted in all responses to prevent leaking secrets into the conversation context.
+- Passwords are **not** redacted \u2014 avoid including real credentials in shared conversations.
+- If a request returns an authentication error, re-authenticate with \`auth_login\`.
+`;
+function registerAuthResources(server) {
+  server.registerResource(
+    "docs-auth",
+    "spacelr://docs/auth",
+    {
+      title: "Authentication - Spacelr Docs",
+      description: "Documentation for authentication tools: login, profile, and session management",
+      mimeType: "text/markdown",
+      annotations: {
+        audience: ["assistant"],
+        priority: 0.9
+      }
+    },
+    async (uri) => ({
+      contents: [{
+        uri: uri.href,
+        mimeType: "text/markdown",
+        text: DOCS2
+      }]
+    })
+  );
+}
+
+// libs/mcp-server/src/resources/projects.ts
+var DOCS3 = `# Project Management - Spacelr Docs
+
+## Overview
+
+Projects are the top-level organizational unit in Spacelr. Every resource (database collections, files, functions, etc.) belongs to a project. Use the project tools to create, configure, and manage projects, their members, and roles.
+
+## Tools Reference
+
+### projects_list
+
+List all projects the authenticated user has access to.
+
+| Parameter | Type     | Required | Description                       |
+|-----------|----------|----------|-----------------------------------|
+| role      | string   | No       | Filter projects by the user's role |
+
+---
+
+### projects_get
+
+Get a single project by its ID.
+
+| Parameter | Type   | Required | Description        |
+|-----------|--------|----------|--------------------|
+| projectId | string | Yes      | The project's ID   |
+
+---
+
+### projects_get_by_slug
+
+Get a single project by its slug.
+
+| Parameter | Type   | Required | Description         |
+|-----------|--------|----------|---------------------|
+| slug      | string | Yes      | The project's slug  |
+
+---
+
+### projects_create
+
+Create a new project.
+
+| Parameter  | Type   | Required | Description                        |
+|------------|--------|----------|------------------------------------|
+| name        | string | Yes      | Display name of the project          |
+| slug        | string | Yes      | URL-friendly identifier (unique)     |
+| description | string | No       | Short description of the project     |
+| logoUrl     | string | No       | URL to the project logo (valid URL)  |
+| websiteUrl  | string | No       | URL to the project website (valid URL) |
+
+---
+
+### projects_update
+
+Update an existing project. At least one optional field must be provided.
+
+| Parameter  | Type   | Required | Description                        |
+|------------|--------|----------|------------------------------------|
+| projectId  | string | Yes      | The project's ID                   |
+| name       | string | No       | New display name                   |
+| description| string | No       | New description                    |
+| logoUrl    | string | No       | New logo URL (valid URL)           |
+| websiteUrl | string | No       | New website URL (valid URL)        |
+
+---
+
+### projects_delete
+
+Delete a project by its ID. This action is irreversible.
+
+| Parameter | Type   | Required | Description        |
+|-----------|--------|----------|--------------------|
+| projectId | string | Yes      | The project's ID   |
+
+---
+
+### projects_members_list
+
+List members of a project with optional pagination.
+
+| Parameter | Type    | Required | Description                    |
+|-----------|---------|----------|--------------------------------|
+| projectId | string  | Yes      | The project's ID               |
+| limit     | integer | No       | Number of results (1-100)      |
+| offset    | integer | No       | Number of results to skip (>= 0)|
+
+---
+
+### projects_members_add
+
+Add a member to a project by email with a specified role.
+
+| Parameter   | Type     | Required | Description                                                         |
+|-------------|----------|----------|---------------------------------------------------------------------|
+| projectId   | string   | Yes      | The project's ID                                                    |
+| email       | string   | Yes      | Email address of the user to add (must be a valid email)            |
+| role        | string   | Yes      | One of: \`owner\`, \`admin\`, \`developer\`, \`member\`, \`viewer\` |
+| permissions | string[] | No       | Array of permission strings to grant                                |
+
+---
+
+### projects_members_update
+
+Update a project member's role, permissions, or console access. At least one optional field must be provided.
+
+| Parameter          | Type     | Required | Description                                                         |
+|--------------------|----------|----------|---------------------------------------------------------------------|
+| projectId          | string   | Yes      | The project's ID                                                    |
+| memberId           | string   | Yes      | The member's ID                                                     |
+| role               | string   | No       | One of: \`owner\`, \`admin\`, \`developer\`, \`member\`, \`viewer\` |
+| permissions        | string[] | No       | Updated array of permission strings                                 |
+| grantConsoleAccess | boolean  | No       | Whether to grant admin console access                               |
+
+---
+
+### projects_members_remove
+
+Remove a member from a project.
+
+| Parameter | Type   | Required | Description        |
+|-----------|--------|----------|--------------------|
+| projectId | string | Yes      | The project's ID   |
+| memberId  | string | Yes      | The member's ID    |
+
+---
+
+### projects_users_create
+
+Create a new user within a project. **WARNING:** The password will be visible in the conversation context.
+
+| Parameter          | Type     | Required | Description                                                         |
+|--------------------|----------|----------|---------------------------------------------------------------------|
+| projectId          | string   | Yes      | The project's ID                                                    |
+| username           | string   | Yes      | Username for the new user                                           |
+| email              | string   | Yes      | Email address (must be a valid email)                               |
+| password           | string   | Yes      | Password (min 1 character)                                          |
+| role               | string   | Yes      | One of: \`owner\`, \`admin\`, \`developer\`, \`member\`, \`viewer\` |
+| firstName          | string   | No       | User's first name                                                   |
+| lastName           | string   | No       | User's last name                                                    |
+| displayName        | string   | No       | User's display name                                                 |
+| permissions        | string[] | No       | Array of permission strings                                         |
+| grantConsoleAccess | boolean  | No       | Whether to grant admin console access                               |
+
+---
+
+### projects_role
+
+Get the current authenticated user's role in a specific project.
+
+| Parameter | Type   | Required | Description        |
+|-----------|--------|----------|--------------------|
+| projectId | string | Yes      | The project's ID   |
+
+---
+
+## Common Workflows
+
+### Creating a New Project
+
+1. Call \`projects_create\` with a \`name\` and a unique \`slug\`.
+2. The response contains the new \`projectId\` - use it for all subsequent operations.
+3. Optionally call \`projects_update\` to add a logo or website URL.
+
+### Managing Members
+
+1. Use \`projects_members_list\` to see who is already in the project.
+2. Add a new member with \`projects_members_add\`, specifying their email and role.
+3. Change a member's role or permissions with \`projects_members_update\`.
+4. Remove a member with \`projects_members_remove\`.
+
+### Checking Your Role
+
+Call \`projects_role\` with the \`projectId\` to see what role you hold. This is useful before attempting operations that require elevated privileges.
+
+### Creating Project Users
+
+Use \`projects_users_create\` to provision a user directly inside a project. This creates the user account and assigns them a role in one step.
+
+## Tips
+
+- **Slug uniqueness** - Project slugs must be unique across the tenant. Choose a descriptive, URL-safe value (e.g., \`my-app\`, \`acme-dashboard\`).
+- **Role hierarchy** - Roles from most to least privileged: \`owner\` > \`admin\` > \`developer\` > \`member\` > \`viewer\`.
+- **Lookup by slug** - If you know a project's slug but not its ID, use \`projects_get_by_slug\` to resolve it.
+- **Pagination** - When listing members of large projects, use \`limit\` and \`offset\` to page through results.
+- **At least one field** - Both \`projects_update\` and \`projects_members_update\` require at least one optional field to be provided; calling them with no changes will return an error.
+- **Console access** - The \`grantConsoleAccess\` flag on member and user tools controls whether the user can access the admin console.
+`;
+function registerProjectResources(server) {
+  server.registerResource(
+    "docs-projects",
+    "spacelr://docs/projects",
+    {
+      title: "Projects - Spacelr Docs",
+      description: "Documentation for project management tools: create, update, members, and roles",
+      mimeType: "text/markdown",
+      annotations: {
+        audience: ["assistant"],
+        priority: 0.9
+      }
+    },
+    async (uri) => ({
+      contents: [{
+        uri: uri.href,
+        mimeType: "text/markdown",
+        text: DOCS3
+      }]
+    })
+  );
+}
+
+// libs/mcp-server/src/resources/clients.ts
+var DOCS4 = `# OAuth Clients
+
+## Overview
+
+OAuth clients represent applications that authenticate users through the Spacelr OAuth service. Each client belongs to a project and defines how an application can request tokens, which scopes it may use, and where users are redirected after login.
+
+Clients can be **confidential** (server-side apps that can keep a secret) or **public** (SPAs and mobile apps). Confidential clients receive a client secret on creation that is only shown once; use \`clients_regenerate_secret\` if it is lost.
+
+Secrets returned by list, get, create, and update operations are automatically redacted. Only \`clients_regenerate_secret\` returns the plaintext secret.
+
+---
+
+## Tools Reference
+
+### clients_list
+
+List all OAuth clients for a project.
+
+| Parameter   | Type     | Required | Description                        |
+|-------------|----------|----------|------------------------------------|
+| projectId   | string   | Yes     | The project to list clients for    |
+
+---
+
+### clients_get
+
+Get details of a specific OAuth client.
+
+| Parameter   | Type     | Required | Description               |
+|-------------|----------|----------|---------------------------|
+| clientId    | string   | Yes     | The ID of the client      |
+
+---
+
+### clients_create
+
+Create a new OAuth client for a project.
+
+| Parameter      | Type       | Required | Description                                         |
+|----------------|------------|----------|-----------------------------------------------------|
+| projectId      | string     | Yes     | The project the client belongs to                   |
+| name           | string     | Yes     | Human-readable name for the client                  |
+| grantTypes     | string[]   | Yes     | OAuth grant types (e.g. authorization_code, client_credentials) |
+| redirectUris   | string[]   | No      | Valid redirect URIs (must be valid URLs)             |
+| scopes         | string[]   | No      | Scopes the client is allowed to request             |
+| isConfidential | boolean    | No      | Whether the client is confidential (has a secret)   |
+| corsOrigins    | string[]   | No      | Allowed CORS origins for browser-based flows        |
+| accessTokenTtl | number     | No      | Access token time-to-live in seconds                |
+
+---
+
+### clients_update
+
+Update an existing OAuth client. At least one optional field must be provided.
+
+| Parameter      | Type       | Required | Description                                         |
+|----------------|------------|----------|-----------------------------------------------------|
+| clientId       | string     | Yes     | The ID of the client to update                      |
+| name           | string     | No      | Updated client name                                 |
+| redirectUris   | string[]   | No      | Updated redirect URIs (must be valid URLs)          |
+| scopes         | string[]   | No      | Updated scopes                                      |
+| grantTypes     | string[]   | No      | Updated grant types                                 |
+| isActive       | boolean    | No      | Enable or disable the client                        |
+| corsOrigins    | string[]   | No      | Updated CORS origins                                |
+| accessTokenTtl | number     | No      | Updated access token TTL in seconds                 |
+
+---
+
+### clients_delete
+
+Delete an OAuth client.
+
+| Parameter   | Type     | Required | Description                    |
+|-------------|----------|----------|--------------------------------|
+| clientId    | string   | Yes     | The ID of the client to delete |
+
+---
+
+### clients_regenerate_secret
+
+Regenerate the secret for an OAuth client. The new secret is returned in plaintext and can only be retrieved at this moment.
+
+| Parameter   | Type     | Required | Description                               |
+|-------------|----------|----------|-------------------------------------------|
+| clientId    | string   | Yes     | The ID of the client to regenerate for    |
+
+---
+
+## Common Workflows
+
+### Creating a client for your application
+
+1. Use \`clients_create\` with at least \`projectId\`, \`name\`, and \`grantTypes\`.
+   - For a web app with login flow, use \`grantTypes: ["authorization_code"]\` and provide \`redirectUris\`.
+   - For a backend service, use \`grantTypes: ["client_credentials"]\` and set \`isConfidential: true\`.
+2. Store the returned client ID (and secret, if confidential) securely.
+
+### Regenerating a lost or compromised secret
+
+1. Call \`clients_regenerate_secret\` with the \`clientId\`.
+2. Copy the new secret from the response immediately -- it will not be shown again.
+3. Update your application configuration with the new secret.
+
+### Disabling a client temporarily
+
+Call \`clients_update\` with \`isActive: false\`. Re-enable later with \`isActive: true\`.
+
+---
+
+## Tips
+
+- Secrets are only visible at creation time and when explicitly regenerated. All other responses redact them.
+- Always set \`redirectUris\` for authorization-code clients to prevent open-redirect attacks.
+- Use \`corsOrigins\` when the client is a browser-based SPA that calls the token endpoint directly.
+- Set a reasonable \`accessTokenTtl\` to balance security and user experience.
+`;
+function registerClientResources(server) {
+  server.registerResource(
+    "docs-clients",
+    "spacelr://docs/clients",
+    {
+      title: "OAuth Clients - Spacelr Docs",
+      description: "Documentation for OAuth client management tools: create, update, and credential rotation",
+      mimeType: "text/markdown",
+      annotations: {
+        audience: ["assistant"],
+        priority: 0.7
+      }
+    },
+    async (uri) => ({
+      contents: [{
+        uri: uri.href,
+        mimeType: "text/markdown",
+        text: DOCS4
+      }]
+    })
+  );
+}
+
+// libs/mcp-server/src/resources/database.ts
+var DOCS5 = `# Database - Spacelr Documentation
+
+## Overview
+
+The Spacelr Database is a **document database** with per-project data isolation, collection-based organization, flexible querying, and a powerful security rules engine. Each project gets its own dedicated database (\`project_{projectId}\`), and all operations are scoped to that project automatically.
+
+The database module provides tools for:
+
+- **Collections** - Create, list, and delete collections
+- **Documents** - Insert, query, update, and delete documents within collections
+- **Security Rules** - Define access control and validation rules per collection
+- **Indexes** - Create and manage indexes for query performance
+- **Index Rules** - Declarative index definitions that can be synced
+- **Statistics** - View database usage statistics
+
+---
+
+## Key Concept: Rules-First Approach
+
+> **Collections are defined through security rules. You MUST set rules before inserting data.**
+
+This is the single most important concept in the Spacelr database system. Without rules for a collection, **all operations are denied** by the \`$other\` catch-all rule. The correct workflow is always:
+
+1. Get the current rules (\`database_rules_get\`)
+2. Add your new collection rules to the existing rules object
+3. Set the updated rules (\`database_rules_set\`) - this automatically creates the collection
+4. Now you can insert and query documents
+
+**Do NOT** attempt to insert documents before setting rules - it will fail with a "Rule denied" error.
+
+The \`$other\` catch-all rule should always be present to deny access to undefined collections:
+
+\`\`\`json
+{
+  "$other": {
+    ".read": "false",
+    ".write": "false"
+  }
+}
+\`\`\`
+
+---
+
+## Security Rules Syntax
+
+Each collection in the rules object supports the following rule types:
+
+| Rule | Purpose | Evaluated on |
+|------|---------|-------------|
+| \`.create\` | Controls document inserts | Insert operations |
+| \`.read\` | Controls document reads and queries | Read/find operations |
+| \`.update\` | Controls document updates | Update operations |
+| \`.delete\` | Controls document deletion | Delete operations |
+| \`.validate\` | Per-field validation expressions | Write operations |
+| \`.schema\` | Field type declarations | Write operations |
+
+### Available Context Variables
+
+Rules are JavaScript-like expressions that have access to:
+
+| Variable | Description |
+|----------|-------------|
+| \`auth.uid\` | The authenticated user's ID (undefined if not authenticated) |
+| \`auth.role\` | The authenticated user's role in the project (e.g., \`'owner'\`, \`'admin'\`) |
+| \`newData\` | The document data being written (available in create/update/validate rules) |
+
+### Rule Examples
+
+**Public read, authenticated create, admin delete:**
+\`\`\`json
+{
+  "posts": {
+    ".create": "!!auth.uid",
+    ".read": "true",
+    ".update": "!!auth.uid",
+    ".delete": "auth.role === 'owner' || auth.role === 'admin'"
+  }
+}
+\`\`\`
+
+**Admin-only access:**
+\`\`\`json
+{
+  "settings": {
+    ".create": "auth.role === 'owner' || auth.role === 'admin'",
+    ".read": "auth.role === 'owner' || auth.role === 'admin'",
+    ".update": "auth.role === 'owner' || auth.role === 'admin'",
+    ".delete": "auth.role === 'owner' || auth.role === 'admin'"
+  }
+}
+\`\`\`
+
+**Authenticated users only:**
+\`\`\`json
+{
+  "messages": {
+    ".create": "!!auth.uid",
+    ".read": "!!auth.uid",
+    ".update": "!!auth.uid",
+    ".delete": "auth.role === 'owner' || auth.role === 'admin'"
+  }
+}
+\`\`\`
+
+---
+
+## Tools Reference
+
+### Collections
+
+#### \`database_collections_list\`
+List all collections in a project database.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| \`projectId\` | string | Yes | The project ID |
+
+#### \`database_collections_create\`
+Create a new collection in a project database.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| \`projectId\` | string | Yes | The project ID |
+| \`name\` | string | Yes | Collection name |
+| \`description\` | string | No | Optional description |
+
+#### \`database_collections_delete\`
+Delete a collection from a project database.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| \`projectId\` | string | Yes | The project ID |
+| \`name\` | string | Yes | Collection name to delete |
+
+---
+
+### Security Rules
+
+#### \`database_rules_get\`
+Get the current security rules for a project database.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| \`projectId\` | string | Yes | The project ID |
+
+#### \`database_rules_set\`
+Set security rules for a project database. Setting rules for a collection automatically creates it.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| \`projectId\` | string | Yes | The project ID |
+| \`rules\` | object | Yes | The complete rules object (Record<string, unknown>) |
+| \`expectedVersion\` | number | No | Optimistic concurrency version to prevent conflicting updates |
+
+#### \`database_rules_validate\`
+Validate security rules without applying them. Use this to check rules syntax before committing.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| \`projectId\` | string | Yes | The project ID |
+| \`rules\` | object | Yes | The rules object to validate (Record<string, unknown>) |
+
+---
+
+### Index Rules
+
+#### \`database_index_rules_get\`
+Get the declarative index rules for a project database.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| \`projectId\` | string | Yes | The project ID |
+
+#### \`database_index_rules_sync\`
+Sync index rules for a project database. This applies declarative index definitions.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| \`projectId\` | string | Yes | The project ID |
+| \`indexRules\` | object | Yes | The index rules object (Record<string, unknown>) |
+
+---
+
+### Indexes
+
+#### \`database_indexes_list\`
+List all indexes for a collection.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| \`projectId\` | string | Yes | The project ID |
+| \`collectionName\` | string | Yes | The collection name |
+
+#### \`database_indexes_create\`
+Create a new index on a collection.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| \`projectId\` | string | Yes | The project ID |
+| \`collectionName\` | string | Yes | The collection name |
+| \`fields\` | object | Yes | Index field definitions. Keys are field names, values are \`1\` (ascending), \`-1\` (descending), or \`"text"\` (text index) |
+| \`unique\` | boolean | No | Whether the index enforces uniqueness |
+| \`sparse\` | boolean | No | Whether the index is sparse (skips documents missing the field) |
+| \`ttlSeconds\` | number | No | Time-to-live in seconds for automatic document expiration |
+
+#### \`database_indexes_delete\`
+Delete an index from a collection.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| \`projectId\` | string | Yes | The project ID |
+| \`collectionName\` | string | Yes | The collection name |
+| \`indexName\` | string | Yes | The name of the index to delete |
+
+---
+
+### Documents
+
+#### \`database_documents_find\`
+Query documents in a collection with optional filtering, sorting, projection, pagination.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| \`projectId\` | string | Yes | The project ID |
+| \`collectionName\` | string | Yes | The collection name |
+| \`filter\` | object | No | MongoDB-style query filter (Record<string, unknown>) |
+| \`sort\` | object | No | Sort specification. Keys are field names, values are \`1\` (ascending) or \`-1\` (descending) |
+| \`fields\` | string[] | No | Array of field names to include in the result (projection) |
+| \`limit\` | number | No | Maximum number of documents to return (1-100) |
+| \`offset\` | number | No | Number of documents to skip (min 0) |
+
+#### \`database_documents_insert\`
+Insert one or more documents into a collection.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| \`projectId\` | string | Yes | The project ID |
+| \`collectionName\` | string | Yes | The collection name |
+| \`documents\` | object[] | Yes | Array of documents to insert (1-500 documents) |
+
+#### \`database_documents_update\`
+Update a specific document in a collection by its ID.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| \`projectId\` | string | Yes | The project ID |
+| \`collectionName\` | string | Yes | The collection name |
+| \`docId\` | string | Yes | The document ID to update |
+| \`update\` | object | Yes | The update operations to apply (Record<string, unknown>) |
+
+#### \`database_documents_delete\`
+Delete a specific document from a collection by its ID.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| \`projectId\` | string | Yes | The project ID |
+| \`collectionName\` | string | Yes | The collection name |
+| \`docId\` | string | Yes | The document ID to delete |
+
+---
+
+### Statistics
+
+#### \`database_stats\`
+Get database statistics for a project (storage size, document counts, etc.).
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| \`projectId\` | string | Yes | The project ID |
+
+---
+
+## Common Workflows
+
+### Setting Up a New Collection
+
+\`\`\`
+1. database_rules_get        -> get current rules
+2. database_rules_set        -> add new collection rules to existing rules
+3. database_indexes_create   -> (optional) add indexes for query performance
+4. database_documents_insert -> start inserting data
+\`\`\`
+
+### CRUD Operations
+
+\`\`\`
+Create:  database_documents_insert   (batch up to 500 documents)
+Read:    database_documents_find     (with filter, sort, fields, limit, offset)
+Update:  database_documents_update   (by document ID)
+Delete:  database_documents_delete   (by document ID)
+\`\`\`
+
+### Managing Indexes
+
+\`\`\`
+1. database_indexes_list     -> see existing indexes
+2. database_indexes_create   -> add new index (ascending, descending, or text)
+3. database_indexes_delete   -> remove unused indexes
+\`\`\`
+
+Alternatively, use **index rules** for declarative index management:
+
+\`\`\`
+1. database_index_rules_get  -> see current index rule definitions
+2. database_index_rules_sync -> apply updated index rules (adds/removes as needed)
+\`\`\`
+
+### Validating Rules Before Applying
+
+\`\`\`
+1. database_rules_validate   -> check syntax without applying
+2. database_rules_set        -> apply once validation passes
+\`\`\`
+
+Use the \`expectedVersion\` parameter on \`database_rules_set\` for optimistic concurrency control when multiple users might be editing rules simultaneously.
+
+---
+
+## Data Isolation
+
+Each project has its own isolated database (\`project_{projectId}\`). This means:
+
+- Collections are scoped to the project automatically
+- No cross-project data access is possible
+- Deleting a project's database does not affect other projects
+- Security rules are defined per project
+
+Always pass the correct \`projectId\` to every database tool call.
+
+---
+
+## Tips and Gotchas
+
+1. **Always set rules first.** The most common mistake is trying to insert documents into a collection that has no rules defined. Without rules, the \`$other\` catch-all denies all access.
+
+2. **Rules replace, not merge.** When calling \`database_rules_set\`, you must pass the **complete** rules object including all collections. Always \`database_rules_get\` first, modify the result, then \`database_rules_set\` with the full object.
+
+3. **The \`$other\` catch-all is essential.** Always include \`"$other": { ".read": "false", ".write": "false" }\` in your rules to deny access to undefined collections.
+
+4. **Document find has a max limit of 100.** Use \`offset\` for pagination when you need more results.
+
+5. **Batch inserts max out at 500 documents.** Split larger datasets into multiple \`database_documents_insert\` calls.
+
+6. **Use \`database_rules_validate\` before \`database_rules_set\`.** This catches syntax errors without affecting your live rules.
+
+7. **Index creation fields accept three values:** \`1\` (ascending), \`-1\` (descending), or \`"text"\` (full-text search).
+
+8. **TTL indexes** auto-delete documents after the specified \`ttlSeconds\`. Useful for session data, logs, or temporary records.
+
+9. **Sparse indexes** skip documents that do not contain the indexed field. Useful for optional fields where you only want to index documents that have the field.
+
+10. **Use \`expectedVersion\` for safe rule updates.** This prevents accidentally overwriting rule changes made by another user or process.
+
+11. **Serverless functions** can access the database using \`spacelr.db.collection("collectionName")\` - the same security rules apply.
+`;
+function registerDatabaseResources(server) {
+  server.registerResource(
+    "docs-database",
+    "spacelr://docs/database",
+    {
+      title: "Database - Spacelr Docs",
+      description: "Documentation for database tools: collections, documents, indexes, and security rules",
+      mimeType: "text/markdown",
+      annotations: {
+        audience: ["assistant"],
+        priority: 0.8
+      }
+    },
+    async (uri) => ({
+      contents: [{
+        uri: uri.href,
+        mimeType: "text/markdown",
+        text: DOCS5
+      }]
+    })
+  );
+}
+
+// libs/mcp-server/src/resources/hosting.ts
+var DOCS6 = `# Hosting Tools
+
+## Overview
+
+The hosting tools provide static site hosting capabilities for Spacelr projects. You can create deployments, upload site files, manage custom domains, and configure hosting behaviour such as SPA mode and custom headers.
+
+## Tools Reference
+
+### Deployments
+
+#### hosting_deployments_list
+
+List deployments for a hosting project.
+
+| Parameter  | Type   | Required | Description                       |
+|------------|--------|----------|-----------------------------------|
+| projectId  | string | Yes      | Project ID                        |
+| limit      | number | No       | Max results (1-100)               |
+| offset     | number | No       | Pagination offset (min 0)         |
+
+---
+
+#### hosting_deployments_get
+
+Get details of a specific deployment.
+
+| Parameter    | Type   | Required | Description   |
+|--------------|--------|----------|---------------|
+| projectId    | string | Yes      | Project ID    |
+| deploymentId | string | Yes      | Deployment ID |
+
+---
+
+#### hosting_deployments_create
+
+Create a new deployment for a hosting project.
+
+| Parameter   | Type   | Required | Description                              |
+|-------------|--------|----------|------------------------------------------|
+| projectId   | string | Yes      | Project ID                               |
+| description | string | No       | Human-readable deployment description    |
+| framework   | string | No       | Framework identifier (e.g. "react")      |
+
+**Returns:** The newly created deployment object including its \`deploymentId\`.
+
+---
+
+#### hosting_deployments_upload
+
+Upload files to an existing hosting deployment. Accepts a record of filename to content, bundles them into a ZIP archive, and uploads it.
+
+| Parameter    | Type                    | Required | Description                                                                 |
+|--------------|-------------------------|----------|-----------------------------------------------------------------------------|
+| projectId    | string                  | Yes      | Project ID                                                                  |
+| deploymentId | string                  | Yes      | Deployment ID (from \`hosting_deployments_create\`)                         |
+| files        | Record<string, string>  | Yes      | Map of file path to file content (e.g. \`{ "index.html": "<!DOCTYPE html>..." }\`) |
+
+Keys are file paths inside the archive (e.g. \`"index.html"\`, \`"assets/style.css"\`). Values are the UTF-8 file contents. At least one file entry is required.
+
+**Returns:** Upload summary including the list of uploaded filenames and bundle size in bytes.
+
+---
+
+#### hosting_deployments_activate
+
+Activate a specific deployment, making it the live version.
+
+| Parameter    | Type   | Required | Description   |
+|--------------|--------|----------|---------------|
+| projectId    | string | Yes      | Project ID    |
+| deploymentId | string | Yes      | Deployment ID |
+
+---
+
+#### hosting_deployments_status
+
+Get the status of a specific deployment.
+
+| Parameter    | Type   | Required | Description   |
+|--------------|--------|----------|---------------|
+| projectId    | string | Yes      | Project ID    |
+| deploymentId | string | Yes      | Deployment ID |
+
+---
+
+#### hosting_deployments_delete
+
+Delete a specific deployment.
+
+| Parameter    | Type   | Required | Description   |
+|--------------|--------|----------|---------------|
+| projectId    | string | Yes      | Project ID    |
+| deploymentId | string | Yes      | Deployment ID |
+
+---
+
+### Configuration
+
+#### hosting_config_get
+
+Get hosting configuration for a project.
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| projectId | string | Yes      | Project ID  |
+
+---
+
+#### hosting_config_update
+
+Update hosting configuration for a project. At least one config field must be provided.
+
+| Parameter   | Type                   | Required | Description                                          |
+|-------------|------------------------|----------|------------------------------------------------------|
+| projectId   | string                 | Yes      | Project ID                                           |
+| spaMode     | boolean                | No       | Enable single-page application mode                  |
+| defaultFile | string                 | No       | Default file to serve (e.g. \`"index.html"\`)        |
+| headers     | Record<string, string> | No       | Custom response headers (key-value pairs)            |
+| enabled     | boolean                | No       | Enable or disable hosting for the project            |
+
+---
+
+### Domains
+
+#### hosting_domains_list
+
+List custom domains for a hosting project.
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| projectId | string | Yes      | Project ID  |
+
+---
+
+#### hosting_domains_get
+
+Get details of a specific custom domain.
+
+| Parameter | Type   | Required | Description          |
+|-----------|--------|----------|----------------------|
+| projectId | string | Yes      | Project ID           |
+| domain    | string | Yes      | Domain name          |
+
+---
+
+#### hosting_domains_add
+
+Add a custom domain to a hosting project.
+
+| Parameter          | Type   | Required | Description                                      |
+|--------------------|--------|----------|--------------------------------------------------|
+| projectId          | string | Yes      | Project ID                                       |
+| domain             | string | Yes      | Domain name to add                               |
+| projectSlug        | string | Yes      | Project slug                                     |
+| verificationMethod | string | No       | Verification method: \`"cname"\` or \`"txt"\`    |
+
+---
+
+#### hosting_domains_verify
+
+Verify a custom domain for a hosting project.
+
+| Parameter | Type   | Required | Description          |
+|-----------|--------|----------|----------------------|
+| projectId | string | Yes      | Project ID           |
+| domain    | string | Yes      | Domain name to verify |
+
+---
+
+#### hosting_domains_remove
+
+Remove a custom domain from a hosting project.
+
+| Parameter | Type   | Required | Description           |
+|-----------|--------|----------|----------------------|
+| projectId | string | Yes      | Project ID            |
+| domain    | string | Yes      | Domain name to remove |
+
+---
+
+#### hosting_domains_set_primary
+
+Set a custom domain as the primary domain for a hosting project.
+
+| Parameter | Type   | Required | Description                    |
+|-----------|--------|----------|--------------------------------|
+| projectId | string | Yes      | Project ID                     |
+| domain    | string | Yes      | Domain name to set as primary  |
+
+## Common Workflows
+
+### Deploying a Static Site
+
+1. Call \`hosting_deployments_create\` with the \`projectId\` (and optionally \`description\` and \`framework\`) to create a new deployment.
+2. Call \`hosting_deployments_upload\` with the returned \`deploymentId\`, \`projectId\`, and a \`files\` map containing your site files.
+3. Call \`hosting_deployments_activate\` with the \`projectId\` and \`deploymentId\` to make the deployment live.
+
+### Managing Custom Domains
+
+1. Call \`hosting_domains_add\` with the \`projectId\`, \`domain\`, and \`projectSlug\` to register a custom domain.
+2. Configure the DNS records as instructed in the response.
+3. Call \`hosting_domains_verify\` to confirm DNS propagation and complete verification.
+4. Optionally call \`hosting_domains_set_primary\` to make it the primary domain.
+
+### Configuring Hosting Behaviour
+
+1. Call \`hosting_config_get\` to inspect the current configuration.
+2. Call \`hosting_config_update\` with the fields you want to change (e.g. enable \`spaMode\` for a single-page application, set custom \`headers\`, or change the \`defaultFile\`).
+
+### Reviewing Deployment Status
+
+1. Call \`hosting_deployments_list\` to see all deployments for a project.
+2. Call \`hosting_deployments_status\` or \`hosting_deployments_get\` for detailed information on a specific deployment.
+
+## Tips
+
+- Always create a deployment before uploading files \u2014 the \`deploymentId\` is required for the upload step.
+- A deployment is not live until you explicitly call \`hosting_deployments_activate\`.
+- The \`files\` parameter in \`hosting_deployments_upload\` accepts nested paths as keys (e.g. \`"assets/style.css"\`) \u2014 no need to flatten your file structure.
+- Enable \`spaMode\` in the hosting config when deploying single-page applications so that all routes fall back to the default file.
+- Use \`hosting_deployments_list\` with \`limit\` and \`offset\` to paginate through large numbers of deployments.
+- Domain verification may take time for DNS propagation \u2014 if \`hosting_domains_verify\` fails, wait and retry.
+`;
+function registerHostingResources(server) {
+  server.registerResource(
+    "docs-hosting",
+    "spacelr://docs/hosting",
+    {
+      title: "Hosting - Spacelr Docs",
+      description: "Documentation for static site hosting tools: deployments, domains, and configuration",
+      mimeType: "text/markdown",
+      annotations: {
+        audience: ["assistant"],
+        priority: 0.7
+      }
+    },
+    async (uri) => ({
+      contents: [{
+        uri: uri.href,
+        mimeType: "text/markdown",
+        text: DOCS6
+      }]
+    })
+  );
+}
+
+// libs/mcp-server/src/resources/storage.ts
+var DOCS7 = `# Storage
+
+## Overview
+
+The Storage module provides file storage management capabilities for Spacelr projects. Users can list files, retrieve file details, delete files, manage file visibility, and share files within a project. Each user has a storage quota that limits how much data they can store, and storage tools also expose quota and usage statistics. Files support visibility controls (public/private) and can be shared with other users with configurable permissions.
+
+## Tools Reference
+
+### storage_files_list
+
+List files in storage for a project and user.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| projectId | string | Yes | The project ID |
+| userId | string | Yes | The user ID whose files to list |
+| limit | integer | No | Number of files to return (1-100) |
+| offset | integer | No | Number of files to skip (min 0) |
+
+### storage_files_get
+
+Get details of a specific file in storage.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| projectId | string | Yes | The project ID |
+| userId | string | Yes | The user ID |
+| fileId | string | Yes | The file ID to retrieve |
+
+### storage_files_delete
+
+Delete a specific file from storage.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| projectId | string | Yes | The project ID |
+| userId | string | Yes | The user ID |
+| fileId | string | Yes | The file ID to delete |
+
+### storage_files_visibility
+
+Update the visibility of a specific file.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| projectId | string | Yes | The project ID |
+| userId | string | Yes | The user ID |
+| fileId | string | Yes | The file ID to update |
+| visibility | enum | Yes | \`"public"\` or \`"private"\` |
+
+### storage_files_share
+
+Share a file with other users.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| projectId | string | Yes | The project ID |
+| userId | string | Yes | The owner user ID |
+| fileId | string | Yes | The file ID to share |
+| userIds | string[] | Yes | Array of user IDs to share with |
+| permission | enum | No | \`"read"\` or \`"write"\` (defaults to read) |
+
+### storage_files_unshare
+
+Remove file sharing for specific users.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| projectId | string | Yes | The project ID |
+| userId | string | Yes | The owner user ID |
+| fileId | string | Yes | The file ID to unshare |
+| userIds | string[] | Yes | Array of user IDs to remove sharing for |
+
+### storage_quota_get
+
+Get storage quota information for a user in a project.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| projectId | string | Yes | The project ID |
+| userId | string | Yes | The user ID |
+
+### storage_quota_set
+
+Set storage quota for a user in a project.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| projectId | string | Yes | The project ID |
+| targetUserId | string | Yes | The user ID to set the quota for |
+| quotaBytes | integer | Yes | Quota size in bytes (min 0) |
+
+### storage_project_stats
+
+Get storage statistics for a project.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| projectId | string | Yes | The project ID |
+
+## Common Workflows
+
+### Uploading and Managing Files
+
+1. **List existing files** - Call \`storage_files_list\` with the \`projectId\` and \`userId\` to see what is already stored.
+2. **Get file details** - Call \`storage_files_get\` with the \`fileId\` to inspect metadata such as size, type, and visibility.
+3. **Delete unwanted files** - Call \`storage_files_delete\` to remove a file and free up quota.
+
+### Sharing Files
+
+1. **Share a file** - Call \`storage_files_share\` with the target \`userIds\` and an optional \`permission\` level (\`"read"\` or \`"write"\`).
+2. **Revoke access** - Call \`storage_files_unshare\` with the \`userIds\` to remove their access.
+3. **Set visibility** - Call \`storage_files_visibility\` to make a file \`"public"\` (accessible via URL) or \`"private"\` (requires authentication).
+
+### Managing Quotas
+
+1. **Check user quota** - Call \`storage_quota_get\` to see how much storage a user has used and their limit.
+2. **Update quota** - Call \`storage_quota_set\` with \`targetUserId\` and \`quotaBytes\` to increase or decrease the allowed storage.
+3. **Review project stats** - Call \`storage_project_stats\` to get an overview of total storage usage across the entire project.
+
+## Tips
+
+- Use \`limit\` and \`offset\` in \`storage_files_list\` to paginate through large file collections.
+- Check \`storage_quota_get\` before uploading large files to verify sufficient remaining quota.
+- Set files to \`"public"\` visibility only when they need to be accessible without authentication (e.g., profile images, public assets).
+- When sharing files, prefer \`"read"\` permission unless the recipient needs to modify the file.
+- Use \`storage_project_stats\` to monitor overall project storage consumption and plan capacity.
+`;
+function registerStorageResources(server) {
+  server.registerResource(
+    "docs-storage",
+    "spacelr://docs/storage",
+    {
+      title: "Storage - Spacelr Docs",
+      description: "Documentation for file storage tools: listing, sharing, visibility, and quotas",
+      mimeType: "text/markdown",
+      annotations: {
+        audience: ["assistant"],
+        priority: 0.8
+      }
+    },
+    async (uri) => ({
+      contents: [{
+        uri: uri.href,
+        mimeType: "text/markdown",
+        text: DOCS7
+      }]
+    })
+  );
+}
+
+// libs/mcp-server/src/resources/functions.ts
+var DOCS8 = `# Serverless Functions
+
+## Overview
+
+Serverless functions let you run custom JavaScript code in an isolated V8 sandbox. Functions can be triggered manually, on a cron schedule, via webhook, or in response to platform events. Each function gets its own KV store, environment variables, and access to platform APIs (database, storage, email, notifications).
+
+The runtime is **NOT Node.js** -- it is an isolated V8 sandbox (via isolated-vm). There is no \`require()\`, no static ES module \`import\` declarations, and no Node.js built-ins (\`fs\`, \`path\`, \`crypto\`, \`Buffer\`, \`process\`, etc.). Top-level \`await\` is supported, and local bundled modules can be loaded dynamically with \`await import('./lib.js')\`. All platform APIs are pre-injected globals.
+
+## Tools Reference
+
+### CRUD Operations
+
+#### functions_list
+
+List all functions for a project.
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| projectId | string | Yes      | Project ID  |
+
+---
+
+#### functions_get
+
+Get details of a specific function.
+
+| Parameter  | Type   | Required | Description |
+|------------|--------|----------|-------------|
+| projectId  | string | Yes      | Project ID  |
+| functionId | string | Yes      | Function ID |
+
+---
+
+#### functions_create
+
+Create a new serverless function in a project.
+
+| Parameter      | Type    | Required | Description                                      |
+|----------------|---------|----------|--------------------------------------------------|
+| projectId      | string  | Yes      | Project ID                                       |
+| name           | string  | Yes      | Function name (1-255 chars)                      |
+| description    | string  | No       | Description (max 1000 chars)                     |
+| entryPoint     | string  | No       | Entry point file (max 255 chars, default: index.js) |
+| cronExpression | string  | No       | Cron expression for scheduled execution          |
+| cronTimezone   | string  | No       | Timezone for cron (e.g. "Europe/Berlin")         |
+| timeout        | integer | No       | Execution timeout in ms (1000-120000, default: 30000) |
+| memoryLimitMb  | integer | No       | Memory limit in MB (16-512, default: 128)        |
+| enabled        | boolean | No       | Whether the function is enabled                  |
+
+---
+
+#### functions_update
+
+Update an existing function. All fields except projectId and functionId are optional.
+
+| Parameter      | Type    | Required | Description                                      |
+|----------------|---------|----------|--------------------------------------------------|
+| projectId      | string  | Yes      | Project ID                                       |
+| functionId     | string  | Yes      | Function ID                                      |
+| name           | string  | No       | Function name (1-255 chars)                      |
+| description    | string  | No       | Description (max 1000 chars)                     |
+| entryPoint     | string  | No       | Entry point file (max 255 chars)                 |
+| cronExpression | string  | No       | Cron expression for scheduled execution          |
+| cronTimezone   | string  | No       | Timezone for cron                                |
+| timeout        | integer | No       | Execution timeout in ms (1000-120000)            |
+| memoryLimitMb  | integer | No       | Memory limit in MB (16-512)                      |
+| enabled        | boolean | No       | Whether the function is enabled                  |
+
+---
+
+#### functions_delete
+
+Delete a function and its associated cron job.
+
+| Parameter  | Type   | Required | Description |
+|------------|--------|----------|-------------|
+| projectId  | string | Yes      | Project ID  |
+| functionId | string | Yes      | Function ID |
+
+---
+
+### Code & Deployments
+
+#### functions_get_code
+
+Get the deployed source code of a function with syntax-highlighted file contents.
+
+| Parameter  | Type   | Required | Description |
+|------------|--------|----------|-------------|
+| projectId  | string | Yes      | Project ID  |
+| functionId | string | Yes      | Function ID |
+
+---
+
+#### functions_deploy
+
+Deploy code to a serverless function. Accepts one or more files as a record of filename to content. The files are bundled into a ZIP archive and uploaded.
+
+| Parameter  | Type                    | Required | Description                                                              |
+|------------|-------------------------|----------|--------------------------------------------------------------------------|
+| projectId  | string                  | Yes      | Project ID                                                               |
+| functionId | string                  | Yes      | Function ID (from functions_create or functions_list)                    |
+| files      | Record<string, string>  | Yes      | Map of filename to file content (e.g. \`{ "index.js": "..." }\`)        |
+| entryPoint | string                  | No       | Entry point file inside the bundle (default: "index.js", max 255 chars) |
+
+**Example -- single file:**
+\`\`\`json
+{ "files": { "index.js": "const data = await fetch('https://api.example.com'); console.log(data.body);" } }
+\`\`\`
+
+**Example -- multiple files:**
+\`\`\`json
+{ "files": { "index.js": "const { greet } = await import('./lib.js'); console.log(greet());", "lib.js": "export const greet = () => 'hello';" } }
+\`\`\`
+
+---
+
+#### functions_deployments_list
+
+List all deployments (versions) of a function.
+
+| Parameter  | Type   | Required | Description |
+|------------|--------|----------|-------------|
+| projectId  | string | Yes      | Project ID  |
+| functionId | string | Yes      | Function ID |
+
+---
+
+### Execution
+
+#### functions_trigger
+
+Manually trigger a function execution.
+
+| Parameter  | Type   | Required | Description |
+|------------|--------|----------|-------------|
+| projectId  | string | Yes      | Project ID  |
+| functionId | string | Yes      | Function ID |
+
+---
+
+#### functions_executions_list
+
+List recent executions of a function with status, duration, and logs.
+
+| Parameter  | Type    | Required | Description                    |
+|------------|---------|----------|--------------------------------|
+| projectId  | string  | Yes      | Project ID                     |
+| functionId | string  | Yes      | Function ID                    |
+| limit      | integer | No       | Max results to return (1-100)  |
+| offset     | integer | No       | Number of results to skip (>= 0) |
+
+---
+
+### Webhooks
+
+#### functions_enable_webhook
+
+Enable webhook trigger for a function. Returns a one-time webhook secret.
+
+| Parameter  | Type   | Required | Description |
+|------------|--------|----------|-------------|
+| projectId  | string | Yes      | Project ID  |
+| functionId | string | Yes      | Function ID |
+
+---
+
+#### functions_regenerate_webhook_secret
+
+Regenerate the webhook secret for a function. The old secret stops working immediately.
+
+| Parameter  | Type   | Required | Description |
+|------------|--------|----------|-------------|
+| projectId  | string | Yes      | Project ID  |
+| functionId | string | Yes      | Function ID |
+
+---
+
+#### functions_disable_webhook
+
+Disable webhook trigger for a function. The webhook secret is deleted.
+
+| Parameter  | Type   | Required | Description |
+|------------|--------|----------|-------------|
+| projectId  | string | Yes      | Project ID  |
+| functionId | string | Yes      | Function ID |
+
+---
+
+### Environment Variables
+
+#### functions_get_env_vars
+
+Get environment variables for a function (decrypted). Use these to store API keys and secrets.
+
+| Parameter  | Type   | Required | Description |
+|------------|--------|----------|-------------|
+| projectId  | string | Yes      | Project ID  |
+| functionId | string | Yes      | Function ID |
+
+---
+
+#### functions_set_env_vars
+
+Set environment variables for a function. Merges with existing vars. Values are encrypted at rest.
+
+| Parameter  | Type                   | Required | Description                                      |
+|------------|------------------------|----------|--------------------------------------------------|
+| projectId  | string                 | Yes      | Project ID                                       |
+| functionId | string                 | Yes      | Function ID                                      |
+| variables  | Record<string, string> | Yes      | Key-value pairs to set (merged with existing)    |
+
+---
+
+### KV Store
+
+#### functions_kv_list
+
+List KV store keys for a function.
+
+| Parameter  | Type   | Required | Description |
+|------------|--------|----------|-------------|
+| projectId  | string | Yes      | Project ID  |
+| functionId | string | Yes      | Function ID |
+
+---
+
+## Sandbox API Quick Reference
+
+These globals are available inside function code at runtime:
+
+| API | Usage |
+|-----|-------|
+| \`console.log/warn/error/info()\` | Captured to execution logs (1MB buffer) |
+| \`await fetch(url, options?)\` | HTTP client. Returns \`{ status, headers, body }\` where body is a string. 10s timeout, 5MB limit. |
+| \`env.get(key)\` | Read environment variables (read-only) |
+| \`await kv.get(key)\` | Get a KV value (string or null) |
+| \`await kv.set(key, value, ttlSeconds?)\` | Set a KV value (256KB max, 30-day default TTL) |
+| \`await kv.delete(key)\` | Delete a KV key |
+| \`await kv.list(prefix?)\` | List KV keys (1000 max per function) |
+| \`await spacelr.db.collection(name).find(filter?, options?)\` | Query documents |
+| \`await spacelr.db.collection(name).insertOne(doc)\` | Insert one document |
+| \`await spacelr.db.collection(name).insertMany(docs)\` | Insert multiple documents |
+| \`await spacelr.storage.list/getInfo/getDownloadUrl()\` | Access project storage |
+| \`await spacelr.email.send({ to, template, variables })\` | Send template email |
+| \`await spacelr.email.sendRaw({ to, subject, html })\` | Send raw HTML email |
+| \`await spacelr.notifications.send({ userId, title, body, data? })\` | Send push notification |
+| \`await spacelr.notifications.sendMany({ userIds, title, body, data? })\` | Send to multiple users |
+
+**Trigger context globals** (available depending on trigger type):
+- \`event\`: \`{ type, data, timestamp }\` -- for event-triggered executions
+- \`payload\`: \`{ ... }\` -- for webhook-triggered executions (the POST body)
+
+## Common Workflows
+
+### Creating and Deploying a Function
+
+1. **Create** the function with \`functions_create\` (provide name, optional timeout/memory settings).
+2. **Deploy** code with \`functions_deploy\` -- pass your source files as a \`files\` record.
+3. **Trigger** manually with \`functions_trigger\` to test.
+4. **Check results** with \`functions_executions_list\` to see status, duration, and logs.
+5. **Review code** with \`functions_get_code\` to verify what is deployed.
+
+### Scheduled Execution (Cron)
+
+1. Create or update the function with a \`cronExpression\` (e.g. \`"0 */6 * * *"\` for every 6 hours).
+2. Optionally set \`cronTimezone\` (e.g. \`"Europe/Berlin"\`).
+3. The function runs automatically on schedule when \`enabled\` is true.
+
+### Using the KV Store
+
+Inside function code, use the \`kv\` global to persist data across executions:
+\`\`\`js
+const lastRun = await kv.get("lastRun");
+console.log("Last run:", lastRun);
+await kv.set("lastRun", new Date().toISOString());
+\`\`\`
+
+Manage KV entries externally with \`functions_kv_list\`.
+
+### Setting Up Webhooks
+
+1. **Enable** the webhook with \`functions_enable_webhook\` -- save the returned secret.
+2. **Call** the webhook endpoint: \`POST /api/v1/functions/{projectId}/{functionId}/invoke\` with header \`X-Webhook-Secret: <secret>\`.
+3. Inside the function, read the POST body from the \`payload\` global.
+4. **Rotate** the secret with \`functions_regenerate_webhook_secret\` (old secret stops immediately).
+5. **Disable** with \`functions_disable_webhook\` when no longer needed.
+
+### Environment Variables
+
+1. **Set** variables with \`functions_set_env_vars\` (merges with existing vars, encrypted at rest).
+2. **Read** inside function code with \`env.get("MY_API_KEY")\`.
+3. **List** current variables with \`functions_get_env_vars\`.
+
+## Tips
+
+- The runtime is an isolated V8 sandbox, not Node.js. Do not use \`require()\`, \`import\`, or Node.js built-ins.
+- \`fetch()\` returns \`{ status, headers, body }\` where \`body\` is always a **string**. Use \`JSON.parse(response.body)\` for JSON APIs.
+- If using \`spacelr.db\`, database rules must be set on the collection **before** the function writes to it. Without rules, inserts will fail with "Rule denied".
+- Store secrets in environment variables (\`functions_set_env_vars\`), not hardcoded in function code.
+- KV store values are capped at 256KB and 1000 keys per function with a 30-day default TTL.
+- Resource limits: 120s max timeout, 512MB max memory, 10MB max code bundle, 10 concurrent executions per project.
+- Use \`functions_deployments_list\` to see deployment history and roll back if needed.
+`;
+function registerFunctionResources(server) {
+  server.registerResource(
+    "docs-functions",
+    "spacelr://docs/functions",
+    {
+      title: "Serverless Functions - Spacelr Docs",
+      description: "Documentation for serverless function tools: deployment, execution, environment variables, KV store, and webhooks",
+      mimeType: "text/markdown",
+      annotations: {
+        audience: ["assistant"],
+        priority: 0.8
+      }
+    },
+    async (uri) => ({
+      contents: [{
+        uri: uri.href,
+        mimeType: "text/markdown",
+        text: DOCS8
+      }]
+    })
+  );
+}
+
+// libs/mcp-server/src/resources/email-templates.ts
+var DOCS9 = `# Email Template Tools
+
+## Overview
+
+The email template tools allow you to manage project-specific email templates in Spacelr. Templates use **MJML** for responsive email markup and **Handlebars** for variable interpolation. Each template has a \`type\` that identifies its purpose (e.g. "verify-email", "welcome", "invoice").
+
+The system supports a layered resolution model: project-specific templates override system defaults. System default templates (those without a \`projectId\`) cannot be deleted.
+
+## Tools Reference
+
+### email_templates_list
+
+List all email templates for a project (includes system defaults).
+
+| Parameter | Type   | Required | Description                        |
+|-----------|--------|----------|------------------------------------|
+| projectId | string | Yes      | The project ID to list templates for |
+
+**Returns:** An array of email template objects including both project-specific and system default templates.
+
+---
+
+### email_templates_get
+
+Get a single email template by ID.
+
+| Parameter | Type   | Required | Description            |
+|-----------|--------|----------|------------------------|
+| id        | string | Yes      | The email template ID  |
+
+**Returns:** The full email template object.
+
+---
+
+### email_templates_create
+
+Create a new project-specific email template. The type identifies the template purpose (e.g. "verify-email", "welcome", "invoice").
+
+| Parameter  | Type     | Required | Description                                         |
+|------------|----------|----------|-----------------------------------------------------|
+| projectId  | string   | Yes      | The project this template belongs to                |
+| type       | string   | Yes      | Template type identifier (e.g. "verify-email")      |
+| name       | string   | Yes      | Human-readable template name                        |
+| subject    | string   | Yes      | Email subject line (supports Handlebars variables)  |
+| mjmlSource | string   | Yes      | MJML markup for the email body                      |
+| variables  | string[] | No       | List of variable names used in the template         |
+| isActive   | boolean  | No       | Whether the template is active                      |
+
+**Returns:** The created email template object.
+
+---
+
+### email_templates_update
+
+Update an existing email template. At least one field must be provided.
+
+| Parameter  | Type     | Required | Description                                         |
+|------------|----------|----------|-----------------------------------------------------|
+| id         | string   | Yes      | The email template ID to update                     |
+| name       | string   | No       | Updated human-readable template name                |
+| subject    | string   | No       | Updated email subject line                          |
+| mjmlSource | string   | No       | Updated MJML markup                                 |
+| variables  | string[] | No       | Updated list of variable names                      |
+| isActive   | boolean  | No       | Updated active state                                |
+
+**Returns:** The updated email template object.
+
+---
+
+### email_templates_delete
+
+Delete an email template. System default templates cannot be deleted.
+
+| Parameter | Type   | Required | Description                      |
+|-----------|--------|----------|----------------------------------|
+| id        | string | Yes      | The email template ID to delete  |
+
+**Returns:** Confirmation message or the deleted template object.
+
+---
+
+### email_templates_preview
+
+Preview a compiled email template. Renders MJML to HTML and applies Handlebars variables.
+
+| Parameter | Type                       | Required | Description                                          |
+|-----------|----------------------------|----------|------------------------------------------------------|
+| mjmlSource | string                    | Yes      | MJML markup to render                                |
+| variables  | Record<string, unknown>   | No       | Key-value map of Handlebars variables to interpolate |
+
+**Returns:** The rendered HTML output of the template.
+
+## Common Workflows
+
+### Creating a Project-Specific Template
+
+1. Call \`email_templates_list\` with a \`projectId\` to see existing templates and system defaults.
+2. Call \`email_templates_create\` with the project ID, a type, name, subject, and MJML source.
+3. Use \`email_templates_preview\` to verify the rendered output before activating.
+
+### Previewing a Template
+
+1. Call \`email_templates_preview\` with your MJML source and an optional variables map.
+2. Inspect the returned HTML to verify layout and variable substitution.
+3. Iterate on the MJML source until the output looks correct.
+
+### Updating an Existing Template
+
+1. Call \`email_templates_get\` with the template ID to retrieve the current state.
+2. Call \`email_templates_update\` with the ID and only the fields you want to change.
+3. Use \`email_templates_preview\` to verify the changes render correctly.
+
+### Overriding a System Default
+
+1. Call \`email_templates_list\` with the project ID to find the system default you want to override.
+2. Note the \`type\` of the system default template.
+3. Call \`email_templates_create\` with the same \`type\` but your project ID and custom MJML source.
+4. The project-specific template will now take priority over the system default.
+
+## Tips
+
+- Use \`email_templates_preview\` to test MJML rendering without saving \u2014 this is the fastest way to iterate on template design.
+- The \`variables\` array on a template is informational \u2014 it documents which Handlebars variables the template expects but does not enforce them.
+- When previewing, pass sample data in the \`variables\` parameter to verify Handlebars interpolation works as expected.
+- System default templates (\`projectId: null\`) cannot be deleted. Create a project-specific template with the same type to override them.
+- MJML documentation is available at https://mjml.io/documentation/ for markup reference.
+`;
+function registerEmailTemplateResources(server) {
+  server.registerResource(
+    "docs-email-templates",
+    "spacelr://docs/email-templates",
+    {
+      title: "Email Templates - Spacelr Docs",
+      description: "Documentation for email template tools: create, update, preview, and manage templates",
+      mimeType: "text/markdown",
+      annotations: {
+        audience: ["assistant"],
+        priority: 0.6
+      }
+    },
+    async (uri) => ({
+      contents: [{
+        uri: uri.href,
+        mimeType: "text/markdown",
+        text: DOCS9
+      }]
+    })
+  );
+}
+
+// libs/mcp-server/src/resources/cron-jobs.ts
+var DOCS10 = `# Cron Job Tools
+
+## Overview
+
+The cron job tools allow you to schedule, manage, and monitor recurring tasks within a Spacelr project. Jobs can invoke a webhook URL or trigger a serverless function on a cron schedule. Each job tracks its execution history so you can inspect past runs and diagnose failures.
+
+## Tools Reference
+
+### cron_jobs_list
+
+List all cron jobs for a project.
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| projectId | string | Yes      | Project ID  |
+
+---
+
+### cron_jobs_get
+
+Get a single cron job by ID.
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| projectId | string | Yes      | Project ID  |
+| jobId     | string | Yes      | Cron job ID |
+
+---
+
+### cron_jobs_create
+
+Create a new cron job. When type is \`webhook\`, \`url\` is required. When type is \`function\`, \`functionId\` is required. \`cronExpression\` uses 5-field cron format.
+
+| Parameter      | Type                       | Required | Description                                               |
+|----------------|----------------------------|----------|-----------------------------------------------------------|
+| projectId      | string                     | Yes      | Project ID                                                |
+| name           | string                     | Yes      | Display name for the job                                  |
+| cronExpression | string                     | Yes      | 5-field cron expression (e.g. \`0 0 * * *\`)               |
+| timezone       | string                     | No       | IANA timezone (e.g. \`Europe/Berlin\`)                      |
+| type           | \`"webhook"\` \\| \`"function"\` | No       | Job type \u2014 determines whether \`url\` or \`functionId\` is used |
+| functionId     | string                     | No       | Function to invoke (required when type is \`function\`)      |
+| url            | string (URL)               | No       | Webhook URL to call (required when type is \`webhook\`)      |
+| secret         | string                     | No       | Secret for webhook signature verification                 |
+| payload        | Record<string, unknown>    | No       | JSON payload sent with each execution                     |
+| retryAttempts  | integer (0-10)             | No       | Number of retry attempts on failure                       |
+| timeout        | integer (1000-120000)      | No       | Execution timeout in milliseconds                         |
+| enabled        | boolean                    | No       | Whether the job is active (defaults to true)              |
+
+---
+
+### cron_jobs_update
+
+Update an existing cron job. At least one field (besides \`projectId\` and \`jobId\`) must be provided.
+
+| Parameter      | Type                       | Required | Description                                               |
+|----------------|----------------------------|----------|-----------------------------------------------------------|
+| projectId      | string                     | Yes      | Project ID                                                |
+| jobId          | string                     | Yes      | Cron job ID                                               |
+| name           | string                     | No       | Updated display name                                      |
+| cronExpression | string                     | No       | Updated 5-field cron expression                           |
+| timezone       | string                     | No       | Updated IANA timezone                                     |
+| type           | \`"webhook"\` \\| \`"function"\` | No       | Updated job type                                          |
+| functionId     | string                     | No       | Updated function ID                                       |
+| url            | string (URL)               | No       | Updated webhook URL                                       |
+| secret         | string                     | No       | Updated webhook secret                                    |
+| payload        | Record<string, unknown>    | No       | Updated JSON payload                                      |
+| retryAttempts  | integer (0-10)             | No       | Updated retry attempts                                    |
+| timeout        | integer (1000-120000)      | No       | Updated timeout in milliseconds                           |
+| enabled        | boolean                    | No       | Updated enabled state                                     |
+
+---
+
+### cron_jobs_delete
+
+Delete a cron job.
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| projectId | string | Yes      | Project ID  |
+| jobId     | string | Yes      | Cron job ID |
+
+---
+
+### cron_jobs_trigger
+
+Manually trigger a cron job execution outside of its schedule.
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| projectId | string | Yes      | Project ID  |
+| jobId     | string | Yes      | Cron job ID |
+
+---
+
+### cron_jobs_toggle
+
+Toggle a cron job enabled or disabled.
+
+| Parameter | Type    | Required | Description                        |
+|-----------|---------|----------|------------------------------------|
+| projectId | string  | Yes      | Project ID                         |
+| jobId     | string  | Yes      | Cron job ID                        |
+| enabled   | boolean | Yes      | \`true\` to enable, \`false\` to disable |
+
+---
+
+### cron_jobs_executions
+
+List execution history for a cron job.
+
+| Parameter | Type              | Required | Description                    |
+|-----------|-------------------|----------|--------------------------------|
+| projectId | string            | Yes      | Project ID                     |
+| jobId     | string            | Yes      | Cron job ID                    |
+| limit     | integer (1-100)   | No       | Max number of results          |
+| offset    | integer (>= 0)    | No       | Number of results to skip      |
+
+---
+
+### cron_jobs_list_all
+
+List all cron jobs across projects (admin overview).
+
+| Parameter | Type   | Required | Description                           |
+|-----------|--------|----------|---------------------------------------|
+| projectId | string | No       | Filter by project ID (omit for all)   |
+
+---
+
+### cron_jobs_status
+
+Get the cron queue status (no parameters).
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+
+This tool takes no parameters. It returns the current state of the cron processing queue.
+
+## Common Workflows
+
+### Creating a Webhook Cron Job
+
+1. Call \`cron_jobs_create\` with \`projectId\`, \`name\`, \`cronExpression\`, \`type: "webhook"\`, and \`url\`.
+2. Optionally set \`secret\` for signature verification and \`payload\` for a custom body.
+3. The job starts running on schedule immediately unless \`enabled\` is set to \`false\`.
+
+### Creating a Function Cron Job
+
+1. Call \`cron_jobs_create\` with \`projectId\`, \`name\`, \`cronExpression\`, \`type: "function"\`, and \`functionId\`.
+2. Optionally pass \`payload\` to provide input data to the function.
+3. Use \`retryAttempts\` and \`timeout\` to control failure handling.
+
+### Toggling a Job On/Off
+
+1. Call \`cron_jobs_toggle\` with the \`projectId\`, \`jobId\`, and \`enabled: false\` to pause or \`enabled: true\` to resume.
+
+### Checking Execution History
+
+1. Call \`cron_jobs_executions\` with \`projectId\` and \`jobId\`.
+2. Use \`limit\` and \`offset\` to paginate through results.
+3. Each execution record contains status, timestamps, and any error details.
+
+### Monitoring the Queue
+
+1. Call \`cron_jobs_status\` (no parameters) to inspect the queue health and processing state.
+2. Call \`cron_jobs_list_all\` to get an admin-level overview of all jobs across projects.
+
+## Tips
+
+- **Cron expression format:** Uses standard 5-field syntax \u2014 \`minute hour day-of-month month day-of-week\`. For example, \`*/15 * * * *\` runs every 15 minutes, \`0 9 * * 1-5\` runs at 09:00 on weekdays.
+- **Timezone:** Defaults to UTC if omitted. Use IANA timezone names such as \`America/New_York\` or \`Europe/Berlin\`.
+- **Retry and timeout:** \`retryAttempts\` (0-10) controls how many times a failed execution is retried. \`timeout\` (1000-120000 ms) sets the maximum execution duration before the run is aborted.
+- **Manual trigger:** Use \`cron_jobs_trigger\` to run a job immediately for testing \u2014 it does not affect the regular schedule.
+- **At least one field:** When calling \`cron_jobs_update\`, you must supply at least one field to change beyond \`projectId\` and \`jobId\`.
+`;
+function registerCronJobResources(server) {
+  server.registerResource(
+    "docs-cron-jobs",
+    "spacelr://docs/cron-jobs",
+    {
+      title: "Cron Jobs - Spacelr Docs",
+      description: "Documentation for cron job tools: scheduling, execution, and monitoring",
+      mimeType: "text/markdown",
+      annotations: {
+        audience: ["assistant"],
+        priority: 0.6
+      }
+    },
+    async (uri) => ({
+      contents: [{
+        uri: uri.href,
+        mimeType: "text/markdown",
+        text: DOCS10
+      }]
+    })
+  );
+}
+
+// libs/mcp-server/src/resources/webhooks.ts
+var DOCS11 = `# Webhook Tools
+
+## Overview
+
+The webhook tools let you manage event subscriptions for a project. Webhooks send HTTP POST requests to a configured URL whenever specific events occur \u2014 such as user sign-ups, database writes, or file uploads. You can create, update, test, and monitor webhooks and their delivery history entirely through these tools.
+
+## Event Types
+
+The following event types are available when creating or updating a webhook:
+
+| Category  | Event                              |
+|-----------|------------------------------------|
+| User      | \`user.created\`                   |
+| User      | \`user.updated\`                   |
+| User      | \`user.deleted\`                   |
+| User      | \`user.login\`                     |
+| User      | \`user.email_verified\`            |
+| User      | \`user.password_reset_requested\`  |
+| User      | \`user.password_reset\`            |
+| User      | \`user.2fa_verified\`              |
+| Database  | \`database.insert\`                |
+| Database  | \`database.update\`                |
+| Database  | \`database.delete\`                |
+| Storage   | \`storage.upload\`                 |
+| Storage   | \`storage.delete\`                 |
+| Project   | \`project.created\`                |
+| Project   | \`project.updated\`                |
+
+## Tools Reference
+
+### webhooks_list
+
+List all webhooks for a project.
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| projectId | string | Yes      | Project ID  |
+
+**Returns:** Array of webhook objects.
+
+---
+
+### webhooks_get
+
+Get a single webhook by ID.
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| projectId | string | Yes      | Project ID  |
+| webhookId | string | Yes      | Webhook ID  |
+
+**Returns:** The webhook object.
+
+---
+
+### webhooks_create
+
+Create a new webhook for a project.
+
+> **WARNING:** The response includes a secret that will be visible in the conversation context.
+
+| Parameter   | Type                          | Required | Description                                       |
+|-------------|-------------------------------|----------|---------------------------------------------------|
+| projectId   | string                        | Yes      | Project ID                                        |
+| url         | string (URL)                  | Yes      | Endpoint URL that will receive POST requests      |
+| events      | string[] (min 1)              | Yes      | Array of event types to subscribe to (see above)  |
+| description | string                        | No       | Human-readable description of the webhook         |
+| headers     | Record<string, string>        | No       | Custom HTTP headers sent with each delivery       |
+| active      | boolean                       | No       | Whether the webhook is active                     |
+
+**Returns:** The created webhook object including its secret.
+
+---
+
+### webhooks_update
+
+Update an existing webhook. At least one optional field must be provided.
+
+| Parameter   | Type                          | Required | Description                                       |
+|-------------|-------------------------------|----------|---------------------------------------------------|
+| projectId   | string                        | Yes      | Project ID                                        |
+| webhookId   | string                        | Yes      | Webhook ID                                        |
+| url         | string (URL)                  | No       | Updated endpoint URL                              |
+| events      | string[] (min 1)              | No       | Updated array of event types                      |
+| description | string                        | No       | Updated description                               |
+| headers     | Record<string, string>        | No       | Updated custom HTTP headers                       |
+| active      | boolean                       | No       | Enable or disable the webhook                     |
+
+**Returns:** The updated webhook object.
+
+---
+
+### webhooks_delete
+
+Delete a webhook.
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| projectId | string | Yes      | Project ID  |
+| webhookId | string | Yes      | Webhook ID  |
+
+**Returns:** Confirmation that the webhook was deleted.
+
+---
+
+### webhooks_test
+
+Send a test ping to a webhook to verify the endpoint is reachable.
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| projectId | string | Yes      | Project ID  |
+| webhookId | string | Yes      | Webhook ID  |
+
+**Returns:** The test delivery result.
+
+---
+
+### webhooks_deliveries
+
+List webhook delivery logs for a project. Optionally filter by a specific webhook.
+
+| Parameter | Type    | Required | Description                          |
+|-----------|---------|----------|--------------------------------------|
+| projectId | string | Yes      | Project ID                           |
+| webhookId | string | No       | Filter deliveries to this webhook    |
+| limit     | integer | No       | Number of results (1-100)           |
+| offset    | integer | No       | Offset for pagination (min 0)       |
+
+**Returns:** Array of delivery log entries.
+
+---
+
+### webhooks_delivery_retry
+
+Retry a failed webhook delivery.
+
+| Parameter  | Type   | Required | Description    |
+|------------|--------|----------|----------------|
+| projectId  | string | Yes      | Project ID     |
+| deliveryId | string | Yes      | Delivery ID    |
+
+**Returns:** The retry delivery result.
+
+## Common Workflows
+
+### Creating a Webhook
+
+1. Call \`webhooks_create\` with the \`projectId\`, target \`url\`, and at least one event type in \`events\`.
+2. Store the returned secret securely \u2014 it is used to verify delivery signatures on the receiving end.
+3. Use \`webhooks_test\` to send a test ping and confirm the endpoint responds correctly.
+
+### Testing a Webhook
+
+1. Call \`webhooks_test\` with the \`projectId\` and \`webhookId\`.
+2. Check the response for the HTTP status code returned by the endpoint.
+3. If the test fails, verify the URL is reachable and returns a 2xx status.
+
+### Checking Delivery History
+
+1. Call \`webhooks_deliveries\` with the \`projectId\` to list recent deliveries.
+2. Optionally pass \`webhookId\` to filter to a specific webhook.
+3. Use \`limit\` and \`offset\` for pagination through large delivery logs.
+
+### Retrying a Failed Delivery
+
+1. Identify the failed delivery ID from \`webhooks_deliveries\`.
+2. Call \`webhooks_delivery_retry\` with the \`projectId\` and \`deliveryId\`.
+3. Check the result to confirm the retry succeeded.
+
+### Disabling a Webhook
+
+1. Call \`webhooks_update\` with \`active\` set to \`false\` to pause deliveries without deleting the webhook.
+2. Set \`active\` back to \`true\` to re-enable it later.
+
+## Tips
+
+- Always call \`webhooks_test\` after creating or updating a webhook to verify the endpoint works.
+- Use \`description\` to document the purpose of each webhook for easier management.
+- Custom \`headers\` can be used to pass authentication tokens or API keys to the receiving endpoint.
+- The \`events\` array must contain at least one event type \u2014 an empty array is not allowed.
+- When updating a webhook, only the fields you provide will be changed; omitted fields remain unchanged.
+- Use \`webhooks_deliveries\` to monitor for failures and \`webhooks_delivery_retry\` to re-send missed events.
+- The webhook secret from \`webhooks_create\` is only shown once \u2014 treat it like a password.
+`;
+function registerWebhookResources(server) {
+  server.registerResource(
+    "docs-webhooks",
+    "spacelr://docs/webhooks",
+    {
+      title: "Webhooks - Spacelr Docs",
+      description: "Documentation for webhook tools: event subscriptions, deliveries, and testing",
+      mimeType: "text/markdown",
+      annotations: {
+        audience: ["assistant"],
+        priority: 0.6
+      }
+    },
+    async (uri) => ({
+      contents: [{
+        uri: uri.href,
+        mimeType: "text/markdown",
+        text: DOCS11
+      }]
+    })
+  );
+}
+
+// libs/mcp-server/src/resources/notifications.ts
+var DOCS12 = `# Notification Tools
+
+## Overview
+
+The notification tools manage web push notifications for Spacelr projects. The system supports three push providers \u2014 VAPID (Web Push), FCM (Firebase Cloud Messaging), and APNS (Apple Push Notification Service). Notification content is driven by Handlebars-based templates that can be customised per project, with system defaults as fallbacks.
+
+## Tools Reference
+
+### Templates
+
+#### notification_templates_list
+
+List all notification templates for a project (includes system defaults).
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| projectId | string | Yes      | The project ID |
+
+---
+
+#### notification_templates_get
+
+Get a single notification template by ID.
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| id        | string | Yes      | The template ID |
+
+---
+
+#### notification_templates_create
+
+Create a new project-specific notification template. Variables use Handlebars syntax in \`titleTemplate\` and \`bodyTemplate\`.
+
+| Parameter     | Type     | Required | Description |
+|---------------|----------|----------|-------------|
+| projectId     | string   | Yes      | The project ID |
+| type          | string   | Yes      | Template type identifier |
+| name          | string   | Yes      | Human-readable template name |
+| titleTemplate | string   | Yes      | Handlebars template for the notification title |
+| bodyTemplate  | string   | Yes      | Handlebars template for the notification body |
+| icon          | string   | No       | URL of the notification icon |
+| defaultUrl    | string   | No       | Default click-through URL |
+| variables     | string[] | No       | List of variable names used in the templates |
+| isActive      | boolean  | No       | Whether the template is active |
+
+---
+
+#### notification_templates_update
+
+Update an existing notification template. At least one field must be provided.
+
+| Parameter     | Type     | Required | Description |
+|---------------|----------|----------|-------------|
+| id            | string   | Yes      | The template ID |
+| name          | string   | No       | Human-readable template name |
+| titleTemplate | string   | No       | Handlebars template for the notification title |
+| bodyTemplate  | string   | No       | Handlebars template for the notification body |
+| icon          | string   | No       | URL of the notification icon |
+| defaultUrl    | string   | No       | Default click-through URL |
+| variables     | string[] | No       | List of variable names used in the templates |
+| isActive      | boolean  | No       | Whether the template is active |
+
+---
+
+#### notification_templates_delete
+
+Delete a project notification template override (reverts to system default).
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| id        | string | Yes      | The template ID |
+
+---
+
+#### notification_templates_preview
+
+Preview a compiled notification template with Handlebars variables applied.
+
+| Parameter     | Type                    | Required | Description |
+|---------------|-------------------------|----------|-------------|
+| titleTemplate | string                  | Yes      | Handlebars template for the title |
+| bodyTemplate  | string                  | Yes      | Handlebars template for the body |
+| variables     | Record<string, string>  | Yes      | Key-value map of variable values to substitute |
+
+---
+
+### Configuration
+
+#### notification_config_get
+
+Get push notification provider configuration for a project (VAPID, FCM, APNS).
+
+> **WARNING:** The response may include sensitive credentials that will be visible in the conversation context.
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| projectId | string | Yes      | The project ID |
+
+---
+
+#### notification_config_update
+
+Update push notification provider configuration. Supports VAPID, FCM, and APNS providers.
+
+> **WARNING:** \`privateKey\` and \`serviceAccountJson\` values are sensitive credentials that will be visible in the conversation context.
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| projectId | string | Yes      | The project ID |
+| vapid     | object | No       | VAPID (Web Push) configuration |
+| fcm       | object | No       | Firebase Cloud Messaging configuration |
+| apns      | object | No       | Apple Push Notification Service configuration |
+
+**vapid object:**
+
+| Field      | Type    | Required | Description |
+|------------|---------|----------|-------------|
+| publicKey  | string  | No       | VAPID public key |
+| privateKey | string  | No       | VAPID private key |
+| subject    | string  | No       | VAPID subject (usually a mailto: or URL) |
+| enabled    | boolean | No       | Whether VAPID is enabled |
+
+**fcm object:**
+
+| Field              | Type    | Required | Description |
+|--------------------|---------|----------|-------------|
+| serviceAccountJson | string  | No       | Firebase service account JSON |
+| enabled            | boolean | No       | Whether FCM is enabled |
+
+**apns object:**
+
+| Field      | Type    | Required | Description |
+|------------|---------|----------|-------------|
+| keyId      | string  | No       | APNS key ID |
+| teamId     | string  | No       | Apple Developer team ID |
+| privateKey | string  | No       | APNS private key |
+| bundleId   | string  | No       | App bundle identifier |
+| production | boolean | No       | Use production APNS environment |
+| enabled    | boolean | No       | Whether APNS is enabled |
+
+---
+
+#### notification_config_delete
+
+Delete push notification provider configuration. Specify a provider to delete only that one, or omit to delete all.
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| projectId | string | Yes      | The project ID |
+| provider  | enum   | No       | Provider to delete: \`vapid\`, \`fcm\`, or \`apns\`. Omit to delete all. |
+
+---
+
+#### notification_config_generate_vapid
+
+Generate a new VAPID key pair for web push notifications.
+
+> **WARNING:** The private key will be visible in the conversation context.
+
+This tool takes no parameters.
+
+**Returns:** An object with \`publicKey\` and \`privateKey\` strings.
+
+---
+
+### Sending
+
+#### notifications_send
+
+Send a push notification to selected users.
+
+| Parameter | Type     | Required | Description |
+|-----------|----------|----------|-------------|
+| projectId | string   | Yes      | The project ID |
+| userIds   | string[] | Yes      | Array of user IDs to notify (min 1) |
+| title     | string   | Yes      | Notification title |
+| body      | string   | Yes      | Notification body text |
+| icon      | string   | No       | URL of the notification icon |
+| url       | string   | No       | Click-through URL |
+
+---
+
+#### notifications_broadcast
+
+Broadcast a push notification to all subscribed users in a project.
+
+| Parameter | Type   | Required | Description |
+|-----------|--------|----------|-------------|
+| projectId | string | Yes      | The project ID |
+| title     | string | Yes      | Notification title |
+| body      | string | Yes      | Notification body text |
+| icon      | string | No       | URL of the notification icon |
+| url       | string | No       | Click-through URL |
+
+## Common Workflows
+
+### Setting Up VAPID (Web Push)
+
+1. Call \`notification_config_generate_vapid\` to generate a new key pair.
+2. Call \`notification_config_update\` with the generated keys and a \`subject\` (e.g. \`mailto:admin@example.com\`) under the \`vapid\` object, setting \`enabled: true\`.
+3. Verify the configuration with \`notification_config_get\`.
+
+### Creating a Custom Template
+
+1. Call \`notification_templates_list\` to see existing templates and system defaults.
+2. Call \`notification_templates_create\` with a \`type\`, \`name\`, and Handlebars templates for title and body. For example: \`titleTemplate: "Hello {{userName}}"\`, \`bodyTemplate: "{{message}}"\`.
+3. Use \`notification_templates_preview\` to verify the template renders correctly with sample variables.
+
+### Sending Notifications to Specific Users
+
+1. Ensure push configuration is set up (see VAPID workflow above).
+2. Call \`notifications_send\` with the \`projectId\`, an array of \`userIds\`, and the notification \`title\` and \`body\`.
+3. Optionally include an \`icon\` URL and a click-through \`url\`.
+
+### Broadcasting to All Users
+
+1. Ensure push configuration is set up.
+2. Call \`notifications_broadcast\` with the \`projectId\`, \`title\`, and \`body\`.
+3. The notification will be delivered to all users with active push subscriptions in the project.
+
+## Tips
+
+- Always set up provider configuration (\`notification_config_update\`) before attempting to send notifications.
+- Use \`notification_templates_preview\` to test Handlebars templates before creating them \u2014 this avoids broken notifications reaching users.
+- Deleting a project template override with \`notification_templates_delete\` reverts to the system default; it does not remove the template entirely.
+- The \`notification_config_generate_vapid\` tool generates keys on the server \u2014 you do not need to generate them locally.
+- Be cautious with \`notifications_broadcast\` as it reaches all subscribed users in the project. Prefer \`notifications_send\` for targeted delivery.
+- Provider credentials (private keys, service account JSON) are sensitive. Avoid sharing conversations that contain these values.
+`;
+function registerNotificationResources(server) {
+  server.registerResource(
+    "docs-notifications",
+    "spacelr://docs/notifications",
+    {
+      title: "Notifications - Spacelr Docs",
+      description: "Documentation for push notification tools: configuration, templates, sending, and broadcasting",
+      mimeType: "text/markdown",
+      annotations: {
+        audience: ["assistant"],
+        priority: 0.7
+      }
+    },
+    async (uri) => ({
+      contents: [{
+        uri: uri.href,
+        mimeType: "text/markdown",
+        text: DOCS12
+      }]
+    })
+  );
+}
+
+// libs/mcp-server/src/resources/audit-logs.ts
+var DOCS13 = `# Audit Logs
+
+## Overview
+
+Audit logs provide a detailed, immutable record of actions performed within a project. Every significant operation (user creation, client modification, database changes, etc.) is captured with metadata including the actor, timestamp, entity type, and action performed. Use the audit log tools to investigate activity, troubleshoot issues, and maintain compliance.
+
+## Tools Reference
+
+### audit_logs_list
+
+List audit logs for a project with optional filters.
+
+| Parameter     | Type   | Required | Description |
+|---------------|--------|----------|-------------|
+| \`projectId\`  | string | Yes      | The project ID to query audit logs for |
+| \`entityType\` | enum   | No       | Filter by entity type. One of: \`user\`, \`client\`, \`project\`, \`auth\`, \`database\`, \`storage\` |
+| \`action\`     | string | No       | Filter by action name (e.g. \`create\`, \`update\`, \`delete\`) |
+| \`startDate\`  | string | No       | ISO 8601 datetime. Only return logs on or after this date |
+| \`endDate\`    | string | No       | ISO 8601 datetime. Only return logs on or before this date |
+| \`limit\`      | number | No       | Number of entries to return (1-100) |
+| \`offset\`     | number | No       | Number of entries to skip (min 0), for pagination |
+
+### audit_logs_get
+
+Retrieve a single audit log entry by its ID.
+
+| Parameter    | Type   | Required | Description |
+|--------------|--------|----------|-------------|
+| \`projectId\` | string | Yes      | The project ID the log belongs to |
+| \`logId\`     | string | Yes      | The ID of the audit log entry |
+
+## Common Workflows
+
+### List recent activity for a project
+
+Call \`audit_logs_list\` with just the \`projectId\` to see the most recent log entries.
+
+### Filter by entity type
+
+Pass \`entityType\` to narrow results, e.g. set \`entityType\` to \`user\` to see only user-related events.
+
+### Filter by date range
+
+Provide \`startDate\` and/or \`endDate\` as ISO 8601 strings to restrict the time window:
+- \`startDate\`: \`"2025-01-01T00:00:00Z"\`
+- \`endDate\`: \`"2025-01-31T23:59:59Z"\`
+
+### Paginate through results
+
+Use \`limit\` and \`offset\` together. For example, to fetch the second page of 25 results, set \`limit\` to 25 and \`offset\` to 25.
+
+### View details of a specific entry
+
+Use \`audit_logs_get\` with the \`logId\` obtained from a list result to retrieve the full entry with all metadata.
+
+## Tips
+
+- **Entity types**: \`user\`, \`client\`, \`project\`, \`auth\`, \`database\`, \`storage\` cover the main domains. Use them to focus queries on the area you care about.
+- **Date filtering**: Both \`startDate\` and \`endDate\` accept ISO 8601 datetime strings (e.g. \`2025-06-15T08:00:00Z\`). You can use one or both to define a range.
+- **Pagination**: The default result set may be limited. Always use \`limit\` and \`offset\` when you need to retrieve large numbers of entries.
+- **Action names**: Actions are free-form strings. Common values include \`create\`, \`update\`, \`delete\`, \`login\`, and \`logout\`, but the exact values depend on the operations your project performs.
+`;
+function registerAuditLogResources(server) {
+  server.registerResource(
+    "docs-audit-logs",
+    "spacelr://docs/audit-logs",
+    {
+      title: "Audit Logs - Spacelr Docs",
+      description: "Documentation for audit log tools: listing and viewing audit entries",
+      mimeType: "text/markdown",
+      annotations: {
+        audience: ["assistant"],
+        priority: 0.5
+      }
+    },
+    async (uri) => ({
+      contents: [{
+        uri: uri.href,
+        mimeType: "text/markdown",
+        text: DOCS13
+      }]
+    })
+  );
+}
+
+// libs/mcp-server/src/resources/best-practices.ts
+var DOCS14 = `# Best Practices & Setup Guide
+
+This guide covers how to set up and use the Spacelr MCP server effectively. Follow these steps to ensure a smooth experience.
+
+## Initial Setup \u2014 Credentials
+
+The MCP server needs valid credentials to interact with the Spacelr API. There are two ways to authenticate:
+
+### Option A: Use the Spacelr CLI (Recommended)
+
+Install and log in via the CLI \u2014 this creates the credentials file automatically:
+
+\`\`\`bash
+npx @spacelr/cli login
+\`\`\`
+
+This opens a browser for OAuth authentication and stores credentials at:
+- **Global:** \`~/.spacelr/credentials.json\`
+- **Project-scoped:** \`<projectDir>/.spacelr/credentials.json\` (if \`spacelr.json\` exists)
+
+### Option B: Use the auth_login Tool
+
+If the CLI is not available, use the \`auth_login\` MCP tool directly with email and password. The MCP server stores the returned token automatically.
+
+### Credential File Structure
+
+\`\`\`json
+{
+  "accessToken": "eyJ...",
+  "refreshToken": "refresh_...",
+  "expiresAt": 1712000000000,
+  "apiUrl": "https://api.spacelr.com/api/v1"
+}
+\`\`\`
+
+### Credential Lookup Order
+
+1. \`SPACELR_AUTH_TOKEN\` environment variable (highest priority)
+2. Project-scoped: \`<projectDir>/.spacelr/credentials.json\` (if \`spacelr.json\` found)
+3. Global fallback: \`~/.spacelr/credentials.json\`
+
+### Security
+
+- Credential files are created with restrictive permissions (\`0o600\` \u2014 owner read/write only)
+- The \`.spacelr/\` directory is automatically added to \`.gitignore\` to prevent accidental commits
+- Token refresh happens automatically when the token is within 60 seconds of expiration
+
+## Project Configuration \u2014 spacelr.json
+
+Create a \`spacelr.json\` file in your project root to scope credentials and set defaults:
+
+\`\`\`json
+{
+  "projectId": "your-project-id",
+  "apiUrl": "https://api.spacelr.com/api/v1",
+  "hosting": {
+    "directory": "./dist"
+  }
+}
+\`\`\`
+
+You can also create this file using the CLI:
+
+\`\`\`bash
+npx @spacelr/cli init
+\`\`\`
+
+This will prompt you to select a project and configure hosting settings.
+
+**Benefits of having spacelr.json:**
+- Credentials are stored per-project in \`.spacelr/credentials.json\` (not globally)
+- The \`projectId\` is available as a default for tools that require it
+- Team members get consistent project configuration
+
+## Environment Variables
+
+For CI/CD pipelines or automated environments, use environment variables instead of credential files:
+
+| Variable | Purpose |
+|----------|---------|
+| \`SPACELR_AUTH_TOKEN\` | Override authentication token directly |
+| \`SPACELR_API_URL\` | Override API endpoint URL |
+| \`SPACELR_CLIENT_ID\` | Override OAuth client ID |
+| \`SPACELR_PROJECT_ID\` | Override default project ID |
+
+\`SPACELR_AUTH_TOKEN\` takes highest priority and bypasses all file-based credential resolution.
+
+## Best Practices
+
+### Authentication
+- Always verify your session with \`auth_me\` before starting work
+- Use project-scoped credentials when working within a specific project
+- For CI/CD, prefer \`SPACELR_AUTH_TOKEN\` over stored credentials
+- Token refresh is automatic \u2014 no manual re-authentication needed under normal conditions
+
+### Database
+- **Rules-first approach:** Always define security rules for a collection before inserting data
+- Without rules, all operations are denied by the \`$other\` catch-all rule
+- Use \`database_rules_set\` to define collection rules \u2014 this automatically creates the collection
+- Read the database documentation at \`spacelr://docs/database\` for the full rules syntax
+
+### Storage
+- Use presigned URLs for large file uploads from client applications
+- Manage user quotas proactively to prevent storage overflows
+
+### Functions
+- Functions run in a V8 sandbox \u2014 no Node.js APIs, no require/import
+- Always deploy after updating function code
+- Use the KV store for persistent state between executions
+
+### Hosting
+- Upload all files before activating a deployment
+- Use SPA mode for single-page applications to handle client-side routing
+
+## Recommended Workflow for AI Assistants
+
+When first connecting to a Spacelr project, follow this sequence:
+
+1. **Check for spacelr.json** \u2014 Look in the current directory and parent directories. If it exists, note the \`projectId\`.
+
+2. **Verify session** \u2014 Call \`auth_me\` to check if credentials are valid.
+
+3. **Authenticate if needed** \u2014 If not authenticated, guide the user through \`auth_login\` or suggest running \`npx @spacelr/cli login\`.
+
+4. **Identify the project** \u2014 Use \`projects_list\` to find available projects, or use the \`projectId\` from \`spacelr.json\`.
+
+5. **Read relevant documentation** \u2014 Before performing tasks, read the appropriate docs resource:
+   - \`spacelr://docs/database\` for database operations
+   - \`spacelr://docs/storage\` for file management
+   - \`spacelr://docs/functions\` for serverless functions
+   - \`spacelr://docs/hosting\` for static site deployment
+   - See \`spacelr://docs/getting-started\` for the full list
+
+6. **Execute the task** \u2014 Use the documented tools with correct parameters.
+
+## Available Documentation Resources
+
+For the full list of documentation resources, read \`spacelr://docs/getting-started\`.
+`;
+function registerBestPracticeResources(server) {
+  server.registerResource(
+    "docs-best-practices",
+    "spacelr://docs/best-practices",
+    {
+      title: "Best Practices & Setup - Spacelr Docs",
+      description: "Setup guide and best practices: credential configuration, spacelr.json, environment variables, and recommended workflows for AI assistants",
+      mimeType: "text/markdown",
+      annotations: {
+        audience: ["assistant"],
+        priority: 0.95
+      }
+    },
+    async (uri) => ({
+      contents: [
+        {
+          uri: uri.href,
+          mimeType: "text/markdown",
+          text: DOCS14
+        }
+      ]
+    })
+  );
+}
+
+// libs/mcp-server/src/resources/index.ts
+function registerAllResources(server) {
+  registerGettingStartedResources(server);
+  registerAuthResources(server);
+  registerProjectResources(server);
+  registerClientResources(server);
+  registerDatabaseResources(server);
+  registerHostingResources(server);
+  registerStorageResources(server);
+  registerFunctionResources(server);
+  registerEmailTemplateResources(server);
+  registerCronJobResources(server);
+  registerWebhookResources(server);
+  registerNotificationResources(server);
+  registerAuditLogResources(server);
+  registerBestPracticeResources(server);
+}
+
 // libs/mcp-server/src/index.ts
 async function main() {
   const config = await loadConfig();
@@ -4314,6 +7033,7 @@ async function main() {
   });
   registerAllTools(server, api);
   registerAllPrompts(server);
+  registerAllResources(server);
   const transport = new StdioServerTransport();
   await server.connect(transport);
   const shutdown = async () => {