@studiometa/productive-mcp 0.5.0 → 0.6.1

package/Dockerfile

@@ -18,6 +18,10 @@ ENV NODE_ENV=production
 ENV PORT=3000
 ENV HOST=0.0.0.0
 
+# Create non-root user for security
+RUN addgroup -g 1001 -S nodejs && \
+    adduser -S nodejs -u 1001 -G nodejs
+
 # Expose port
 EXPOSE 3000
 
@@ -25,5 +29,8 @@ EXPOSE 3000
 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
   CMD wget --no-verbose --tries=1 --spider http://localhost:3000/health || exit 1
 
+# Switch to non-root user
+USER nodejs
+
 # Run the HTTP server
 CMD ["productive-mcp-server"]

package/README.md

@@ -20,9 +20,9 @@ MCP (Model Context Protocol) server for [Productive.io](https://productive.io) A
 
 This package supports two modes:
 
-| Mode | Command | Use Case |
-|------|---------|----------|
-| **Local (stdio)** | `productive-mcp` | Personal use via Claude Desktop config |
+| Mode              | Command                 | Use Case                                     |
+| ----------------- | ----------------------- | -------------------------------------------- |
+| **Local (stdio)** | `productive-mcp`        | Personal use via Claude Desktop config       |
 | **Remote (HTTP)** | `productive-mcp-server` | Team use via Claude Desktop custom connector |
 
 ---
@@ -40,6 +40,7 @@ npm install -g @studiometa/productive-mcp
 ### Claude Desktop Configuration
 
 Edit your Claude Desktop config:
+
 - **macOS**: `~/Library/Application Support/Claude/claude_desktop_config.json`
 - **Windows**: `%APPDATA%/Claude/claude_desktop_config.json`
 - **Linux**: `~/.config/Claude/claude_desktop_config.json`
@@ -131,22 +132,23 @@ services:
       dockerfile: packages/productive-mcp/Dockerfile
     restart: unless-stopped
     ports:
-      - "3000:3000"
+      - '3000:3000'
     environment:
       PORT: 3000
       HOST: 0.0.0.0
-      OAUTH_SECRET: "your-random-secret-here"  # Required for production!
+      OAUTH_SECRET: 'your-random-secret-here' # Required for production!
 ```
 
 ### Environment Variables
 
-| Variable | Required | Description |
-|----------|----------|-------------|
-| `PORT` | No | Server port (default: 3000) |
-| `HOST` | No | Bind address (default: 0.0.0.0) |
+| Variable       | Required             | Description                            |
+| -------------- | -------------------- | -------------------------------------- |
+| `PORT`         | No                   | Server port (default: 3000)            |
+| `HOST`         | No                   | Bind address (default: 0.0.0.0)        |
 | `OAUTH_SECRET` | **Yes (production)** | Secret key for encrypting OAuth tokens |
 
 > ⚠️ **Important**: Always set `OAUTH_SECRET` in production. Generate a random secret:
+>
 > ```bash
 > openssl rand -base64 32
 > ```
@@ -174,6 +176,7 @@ echo -n "YOUR_ORG_ID:YOUR_API_TOKEN:YOUR_USER_ID" | base64
 ```
 
 Example:
+
 ```bash
 echo -n "12345:pk_abc123xyz:67890" | base64
 # Output: MTIzNDU6cGtfYWJjMTIzeHl6OjY3ODkw
@@ -181,15 +184,15 @@ echo -n "12345:pk_abc123xyz:67890" | base64
 
 ### Server Endpoints
 
-| Endpoint | Method | Description |
-|----------|--------|-------------|
-| `/mcp` | POST | MCP JSON-RPC endpoint |
-| `/health` | GET | Health check |
-| `/` | GET | Server info |
-| `/authorize` | GET | OAuth authorization (login form) |
-| `/authorize` | POST | OAuth authorization (process login) |
-| `/token` | POST | OAuth token exchange |
-| `/.well-known/oauth-authorization-server` | GET | OAuth metadata |
+| Endpoint                                  | Method | Description                         |
+| ----------------------------------------- | ------ | ----------------------------------- |
+| `/mcp`                                    | POST   | MCP JSON-RPC endpoint               |
+| `/health`                                 | GET    | Health check                        |
+| `/`                                       | GET    | Server info                         |
+| `/authorize`                              | GET    | OAuth authorization (login form)    |
+| `/authorize`                              | POST   | OAuth authorization (process login) |
+| `/token`                                  | POST   | OAuth token exchange                |
+| `/.well-known/oauth-authorization-server` | GET    | OAuth metadata                      |
 
 ---
 
@@ -203,38 +206,40 @@ productive(resource, action, ...)
 
 ### Resources & Actions
 
-| Resource | Actions | Description |
-|----------|---------|-------------|
-| `projects` | `list`, `get` | Project management |
-| `time` | `list`, `get`, `create`, `update`, `delete` | Time tracking |
-| `tasks` | `list`, `get` | Task management |
-| `services` | `list` | Budget line items |
-| `people` | `list`, `get`, `me` | Team members |
+| Resource   | Actions                                     | Description        |
+| ---------- | ------------------------------------------- | ------------------ |
+| `projects` | `list`, `get`                               | Project management |
+| `time`     | `list`, `get`, `create`, `update`, `delete` | Time tracking      |
+| `tasks`    | `list`, `get`                               | Task management    |
+| `services` | `list`                                      | Budget line items  |
+| `people`   | `list`, `get`, `me`                         | Team members       |
 
 ### Parameters
 
-| Parameter | Type | Description |
-|-----------|------|-------------|
-| `resource` | string | **Required**. One of: `projects`, `time`, `tasks`, `services`, `people` |
-| `action` | string | **Required**. Action to perform (see table above) |
-| `id` | string | Resource ID (required for `get`, `update`, `delete`) |
-| `filter` | object | Filter criteria for `list` actions |
-| `page` | number | Page number for pagination |
-| `per_page` | number | Items per page (default: 20, max: 200) |
-| `compact` | boolean | Compact output mode (default: true) |
-| `person_id` | string | Person ID (for time entry creation) |
-| `service_id` | string | Service ID (for time entry creation) |
-| `time` | number | Time in minutes (for time entries) |
-| `date` | string | Date in YYYY-MM-DD format |
-| `note` | string | Note/description |
+| Parameter    | Type    | Description                                                             |
+| ------------ | ------- | ----------------------------------------------------------------------- |
+| `resource`   | string  | **Required**. One of: `projects`, `time`, `tasks`, `services`, `people` |
+| `action`     | string  | **Required**. Action to perform (see table above)                       |
+| `id`         | string  | Resource ID (required for `get`, `update`, `delete`)                    |
+| `filter`     | object  | Filter criteria for `list` actions                                      |
+| `page`       | number  | Page number for pagination                                              |
+| `per_page`   | number  | Items per page (default: 20, max: 200)                                  |
+| `compact`    | boolean | Compact output mode (default: true)                                     |
+| `person_id`  | string  | Person ID (for time entry creation)                                     |
+| `service_id` | string  | Service ID (for time entry creation)                                    |
+| `time`       | number  | Time in minutes (for time entries)                                      |
+| `date`       | string  | Date in YYYY-MM-DD format                                               |
+| `note`       | string  | Note/description                                                        |
 
 ### Filter Options
 
 #### Projects
+
 - `company_id` - Filter by company
 - `project_manager_id` - Filter by project manager
 
 #### Time Entries
+
 - `person_id` - Filter by person
 - `project_id` - Filter by project
 - `service_id` - Filter by service
@@ -242,23 +247,26 @@ productive(resource, action, ...)
 - `before` - Before date (YYYY-MM-DD)
 
 #### Tasks
+
 - `project_id` - Filter by project
 - `assignee_id` - Filter by assignee
 - `task_list_id` - Filter by task list
 
 #### Services
+
 - `project_id` - Filter by project
 - `deal_id` - Filter by deal
 
 #### People
+
 - `archived` - Include archived (boolean)
 
 ### Configuration Tools (Local mode only)
 
-| Tool | Description |
-|------|-------------|
-| `productive_configure` | Configure credentials (organizationId, apiToken, userId) |
-| `productive_get_config` | View current configuration (token masked) |
+| Tool                    | Description                                              |
+| ----------------------- | -------------------------------------------------------- |
+| `productive_configure`  | Configure credentials (organizationId, apiToken, userId) |
+| `productive_get_config` | View current configuration (token masked)                |
 
 ---
 

package/dist/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,qBAAqB;IACpC,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,qBAAqB,GAAG,IAAI,CAkCnG;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,WAAW,EAAE,qBAAqB,GAAG,MAAM,CAM1E"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,qBAAqB;IACpC,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,UAAU,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GACpC,qBAAqB,GAAG,IAAI,CAkC9B;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,WAAW,EAAE,qBAAqB,GAAG,MAAM,CAM1E"}

package/dist/auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.js","sources":["../src/auth.ts"],"sourcesContent":["/**\n * Authentication utilities for Productive MCP server\n */\n\nexport interface ProductiveCredentials {\n  organizationId: string;\n  apiToken: string;\n  userId?: string;\n}\n\n/**\n * Parse Bearer token containing Productive credentials\n * Token format: base64(organizationId:apiToken) or base64(organizationId:apiToken:userId)\n *\n * @param authHeader - Authorization header value (e.g., \"Bearer base64...\")\n * @returns Parsed credentials or null if invalid\n */\nexport function parseAuthHeader(authHeader: string | undefined | null): ProductiveCredentials | null {\n  if (!authHeader) {\n    return null;\n  }\n\n  const match = authHeader.match(/^Bearer\\s+(.+)$/i);\n  if (!match) {\n    return null;\n  }\n\n  const token = match[1];\n\n  try {\n    const decoded = Buffer.from(token, 'base64').toString('utf-8');\n    const parts = decoded.split(':');\n\n    if (parts.length < 2) {\n      return null;\n    }\n\n    const [organizationId, apiToken, userId] = parts;\n\n    if (!organizationId || !apiToken) {\n      return null;\n    }\n\n    return {\n      organizationId,\n      apiToken,\n      userId: userId || undefined,\n    };\n  } catch {\n    return null;\n  }\n}\n\n/**\n * Create a Bearer token from Productive credentials\n * Useful for documentation and testing\n *\n * @param credentials - Productive credentials\n * @returns Base64 encoded token (without \"Bearer \" prefix)\n */\nexport function createAuthToken(credentials: ProductiveCredentials): string {\n  const parts = [credentials.organizationId, credentials.apiToken];\n  if (credentials.userId) {\n    parts.push(credentials.userId);\n  }\n  return Buffer.from(parts.join(':')).toString('base64');\n}\n"],"names":[],"mappings":"AAiBO,SAAS,gBAAgB,YAAqE;AACnG,MAAI,CAAC,YAAY;AACf,WAAO;AAAA,EACT;AAEA,QAAM,QAAQ,WAAW,MAAM,kBAAkB;AACjD,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,QAAM,QAAQ,MAAM,CAAC;AAErB,MAAI;AACF,UAAM,UAAU,OAAO,KAAK,OAAO,QAAQ,EAAE,SAAS,OAAO;AAC7D,UAAM,QAAQ,QAAQ,MAAM,GAAG;AAE/B,QAAI,MAAM,SAAS,GAAG;AACpB,aAAO;AAAA,IACT;AAEA,UAAM,CAAC,gBAAgB,UAAU,MAAM,IAAI;AAE3C,QAAI,CAAC,kBAAkB,CAAC,UAAU;AAChC,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,QAAQ,UAAU;AAAA,IAAA;AAAA,EAEtB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AASO,SAAS,gBAAgB,aAA4C;AAC1E,QAAM,QAAQ,CAAC,YAAY,gBAAgB,YAAY,QAAQ;AAC/D,MAAI,YAAY,QAAQ;AACtB,UAAM,KAAK,YAAY,MAAM;AAAA,EAC/B;AACA,SAAO,OAAO,KAAK,MAAM,KAAK,GAAG,CAAC,EAAE,SAAS,QAAQ;AACvD;"}
+{"version":3,"file":"auth.js","sources":["../src/auth.ts"],"sourcesContent":["/**\n * Authentication utilities for Productive MCP server\n */\n\nexport interface ProductiveCredentials {\n  organizationId: string;\n  apiToken: string;\n  userId?: string;\n}\n\n/**\n * Parse Bearer token containing Productive credentials\n * Token format: base64(organizationId:apiToken) or base64(organizationId:apiToken:userId)\n *\n * @param authHeader - Authorization header value (e.g., \"Bearer base64...\")\n * @returns Parsed credentials or null if invalid\n */\nexport function parseAuthHeader(\n  authHeader: string | undefined | null,\n): ProductiveCredentials | null {\n  if (!authHeader) {\n    return null;\n  }\n\n  const match = authHeader.match(/^Bearer\\s+(.+)$/i);\n  if (!match) {\n    return null;\n  }\n\n  const token = match[1];\n\n  try {\n    const decoded = Buffer.from(token, 'base64').toString('utf-8');\n    const parts = decoded.split(':');\n\n    if (parts.length < 2) {\n      return null;\n    }\n\n    const [organizationId, apiToken, userId] = parts;\n\n    if (!organizationId || !apiToken) {\n      return null;\n    }\n\n    return {\n      organizationId,\n      apiToken,\n      userId: userId || undefined,\n    };\n  } catch {\n    return null;\n  }\n}\n\n/**\n * Create a Bearer token from Productive credentials\n * Useful for documentation and testing\n *\n * @param credentials - Productive credentials\n * @returns Base64 encoded token (without \"Bearer \" prefix)\n */\nexport function createAuthToken(credentials: ProductiveCredentials): string {\n  const parts = [credentials.organizationId, credentials.apiToken];\n  if (credentials.userId) {\n    parts.push(credentials.userId);\n  }\n  return Buffer.from(parts.join(':')).toString('base64');\n}\n"],"names":[],"mappings":"AAiBO,SAAS,gBACd,YAC8B;AAC9B,MAAI,CAAC,YAAY;AACf,WAAO;AAAA,EACT;AAEA,QAAM,QAAQ,WAAW,MAAM,kBAAkB;AACjD,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT;AAEA,QAAM,QAAQ,MAAM,CAAC;AAErB,MAAI;AACF,UAAM,UAAU,OAAO,KAAK,OAAO,QAAQ,EAAE,SAAS,OAAO;AAC7D,UAAM,QAAQ,QAAQ,MAAM,GAAG;AAE/B,QAAI,MAAM,SAAS,GAAG;AACpB,aAAO;AAAA,IACT;AAEA,UAAM,CAAC,gBAAgB,UAAU,MAAM,IAAI;AAE3C,QAAI,CAAC,kBAAkB,CAAC,UAAU;AAChC,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,QAAQ,UAAU;AAAA,IAAA;AAAA,EAEtB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AASO,SAAS,gBAAgB,aAA4C;AAC1E,QAAM,QAAQ,CAAC,YAAY,gBAAgB,YAAY,QAAQ;AAC/D,MAAI,YAAY,QAAQ;AACtB,UAAM,KAAK,YAAY,MAAM;AAAA,EAC/B;AACA,SAAO,OAAO,KAAK,MAAM,KAAK,GAAG,CAAC,EAAE,SAAS,QAAQ;AACvD;"}

package/dist/crypto.js

@@ -37,7 +37,7 @@ function decrypt(ciphertext, secret = getSecret()) {
     );
     const encrypted = combined.subarray(SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH);
     const key = deriveKey(secret, salt);
-    const decipher = createDecipheriv(ALGORITHM, key, iv);
+    const decipher = createDecipheriv(ALGORITHM, key, iv, { authTagLength: AUTH_TAG_LENGTH });
     decipher.setAuthTag(authTag);
     const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);
     return decrypted.toString("utf8");

package/dist/crypto.js.map

@@ -1 +1 @@
-{"version":3,"file":"crypto.js","sources":["../src/crypto.ts"],"sourcesContent":["/**\n * Cryptographic utilities for stateless OAuth tokens\n *\n * Uses AES-256-GCM for authenticated encryption.\n * The authorization code contains encrypted credentials that can be\n * decrypted without server-side storage.\n */\n\nimport { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto';\n\nconst ALGORITHM = 'aes-256-gcm';\nconst IV_LENGTH = 12; // GCM recommended IV length\nconst AUTH_TAG_LENGTH = 16;\nconst SALT_LENGTH = 16;\n\n/**\n * Derive a 256-bit key from a password using scrypt\n */\nfunction deriveKey(password: string, salt: Buffer): Buffer {\n  return scryptSync(password, salt, 32);\n}\n\n/**\n * Get the encryption secret from environment or generate a default\n * In production, OAUTH_SECRET should always be set\n */\nexport function getSecret(): string {\n  const secret = process.env.OAUTH_SECRET;\n  if (!secret) {\n    console.warn(\n      'WARNING: OAUTH_SECRET not set. Using default secret. Set OAUTH_SECRET in production!'\n    );\n    return 'productive-mcp-default-secret-change-me';\n  }\n  return secret;\n}\n\n/**\n * Encrypt data using AES-256-GCM\n *\n * Output format: base64(salt + iv + authTag + ciphertext)\n *\n * @param plaintext - Data to encrypt\n * @param secret - Encryption secret (defaults to OAUTH_SECRET env var)\n * @returns Base64-encoded encrypted data\n */\nexport function encrypt(plaintext: string, secret: string = getSecret()): string {\n  const salt = randomBytes(SALT_LENGTH);\n  const key = deriveKey(secret, salt);\n  const iv = randomBytes(IV_LENGTH);\n\n  const cipher = createCipheriv(ALGORITHM, key, iv);\n  const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);\n  const authTag = cipher.getAuthTag();\n\n  // Combine: salt + iv + authTag + ciphertext\n  const combined = Buffer.concat([salt, iv, authTag, encrypted]);\n\n  return combined.toString('base64url');\n}\n\n/**\n * Decrypt data encrypted with encrypt()\n *\n * @param ciphertext - Base64-encoded encrypted data\n * @param secret - Encryption secret (defaults to OAUTH_SECRET env var)\n * @returns Decrypted plaintext\n * @throws Error if decryption fails (invalid data or wrong secret)\n */\nexport function decrypt(ciphertext: string, secret: string = getSecret()): string {\n  try {\n    const combined = Buffer.from(ciphertext, 'base64url');\n\n    // Extract components\n    const salt = combined.subarray(0, SALT_LENGTH);\n    const iv = combined.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n    const authTag = combined.subarray(\n      SALT_LENGTH + IV_LENGTH,\n      SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH\n    );\n    const encrypted = combined.subarray(SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH);\n\n    const key = deriveKey(secret, salt);\n\n    const decipher = createDecipheriv(ALGORITHM, key, iv);\n    decipher.setAuthTag(authTag);\n\n    const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);\n\n    return decrypted.toString('utf8');\n  } catch {\n    throw new Error('Decryption failed: invalid token or secret');\n  }\n}\n\n/**\n * Authorization code payload structure\n */\nexport interface AuthCodePayload {\n  orgId: string;\n  apiToken: string;\n  userId?: string;\n  codeChallenge?: string;\n  codeChallengeMethod?: string;\n}\n\n/**\n * Create an encrypted authorization code containing credentials and PKCE challenge\n *\n * @param credentials - Object with orgId, apiToken, userId, and optional PKCE params\n * @param expiresInSeconds - Code expiration time (default: 5 minutes)\n * @returns Encrypted authorization code\n */\nexport function createAuthCode(\n  credentials: AuthCodePayload,\n  expiresInSeconds: number = 300\n): string {\n  const payload = {\n    ...credentials,\n    exp: Date.now() + expiresInSeconds * 1000,\n  };\n  return encrypt(JSON.stringify(payload));\n}\n\n/**\n * Decode and validate an authorization code\n *\n * @param code - Encrypted authorization code\n * @returns Decoded payload with credentials and PKCE challenge\n * @throws Error if code is invalid or expired\n */\nexport function decodeAuthCode(code: string): AuthCodePayload {\n  const payload = JSON.parse(decrypt(code));\n\n  if (payload.exp && Date.now() > payload.exp) {\n    throw new Error('Authorization code expired');\n  }\n\n  const { orgId, apiToken, userId, codeChallenge, codeChallengeMethod } = payload;\n\n  if (!orgId || !apiToken) {\n    throw new Error('Invalid authorization code: missing credentials');\n  }\n\n  return { orgId, apiToken, userId, codeChallenge, codeChallengeMethod };\n}\n"],"names":[],"mappings":";AAUA,MAAM,YAAY;AAClB,MAAM,YAAY;AAClB,MAAM,kBAAkB;AACxB,MAAM,cAAc;AAKpB,SAAS,UAAU,UAAkB,MAAsB;AACzD,SAAO,WAAW,UAAU,MAAM,EAAE;AACtC;AAMO,SAAS,YAAoB;AAClC,QAAM,SAAS,QAAQ,IAAI;AAC3B,MAAI,CAAC,QAAQ;AACX,YAAQ;AAAA,MACN;AAAA,IAAA;AAEF,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAWO,SAAS,QAAQ,WAAmB,SAAiB,aAAqB;AAC/E,QAAM,OAAO,YAAY,WAAW;AACpC,QAAM,MAAM,UAAU,QAAQ,IAAI;AAClC,QAAM,KAAK,YAAY,SAAS;AAEhC,QAAM,SAAS,eAAe,WAAW,KAAK,EAAE;AAChD,QAAM,YAAY,OAAO,OAAO,CAAC,OAAO,OAAO,WAAW,MAAM,GAAG,OAAO,MAAA,CAAO,CAAC;AAClF,QAAM,UAAU,OAAO,WAAA;AAGvB,QAAM,WAAW,OAAO,OAAO,CAAC,MAAM,IAAI,SAAS,SAAS,CAAC;AAE7D,SAAO,SAAS,SAAS,WAAW;AACtC;AAUO,SAAS,QAAQ,YAAoB,SAAiB,aAAqB;AAChF,MAAI;AACF,UAAM,WAAW,OAAO,KAAK,YAAY,WAAW;AAGpD,UAAM,OAAO,SAAS,SAAS,GAAG,WAAW;AAC7C,UAAM,KAAK,SAAS,SAAS,aAAa,cAAc,SAAS;AACjE,UAAM,UAAU,SAAS;AAAA,MACvB,cAAc;AAAA,MACd,cAAc,YAAY;AAAA,IAAA;AAE5B,UAAM,YAAY,SAAS,SAAS,cAAc,YAAY,eAAe;AAE7E,UAAM,MAAM,UAAU,QAAQ,IAAI;AAElC,UAAM,WAAW,iBAAiB,WAAW,KAAK,EAAE;AACpD,aAAS,WAAW,OAAO;AAE3B,UAAM,YAAY,OAAO,OAAO,CAAC,SAAS,OAAO,SAAS,GAAG,SAAS,MAAA,CAAO,CAAC;AAE9E,WAAO,UAAU,SAAS,MAAM;AAAA,EAClC,QAAQ;AACN,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AACF;AAoBO,SAAS,eACd,aACA,mBAA2B,KACnB;AACR,QAAM,UAAU;AAAA,IACd,GAAG;AAAA,IACH,KAAK,KAAK,IAAA,IAAQ,mBAAmB;AAAA,EAAA;AAEvC,SAAO,QAAQ,KAAK,UAAU,OAAO,CAAC;AACxC;AASO,SAAS,eAAe,MAA+B;AAC5D,QAAM,UAAU,KAAK,MAAM,QAAQ,IAAI,CAAC;AAExC,MAAI,QAAQ,OAAO,KAAK,IAAA,IAAQ,QAAQ,KAAK;AAC3C,UAAM,IAAI,MAAM,4BAA4B;AAAA,EAC9C;AAEA,QAAM,EAAE,OAAO,UAAU,QAAQ,eAAe,wBAAwB;AAExE,MAAI,CAAC,SAAS,CAAC,UAAU;AACvB,UAAM,IAAI,MAAM,iDAAiD;AAAA,EACnE;AAEA,SAAO,EAAE,OAAO,UAAU,QAAQ,eAAe,oBAAA;AACnD;"}
+{"version":3,"file":"crypto.js","sources":["../src/crypto.ts"],"sourcesContent":["/**\n * Cryptographic utilities for stateless OAuth tokens\n *\n * Uses AES-256-GCM for authenticated encryption.\n * The authorization code contains encrypted credentials that can be\n * decrypted without server-side storage.\n */\n\nimport { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto';\n\nconst ALGORITHM = 'aes-256-gcm';\nconst IV_LENGTH = 12; // GCM recommended IV length\nconst AUTH_TAG_LENGTH = 16;\nconst SALT_LENGTH = 16;\n\n/**\n * Derive a 256-bit key from a password using scrypt\n */\nfunction deriveKey(password: string, salt: Buffer): Buffer {\n  return scryptSync(password, salt, 32);\n}\n\n/**\n * Get the encryption secret from environment or generate a default\n * In production, OAUTH_SECRET should always be set\n */\nexport function getSecret(): string {\n  const secret = process.env.OAUTH_SECRET;\n  if (!secret) {\n    console.warn(\n      'WARNING: OAUTH_SECRET not set. Using default secret. Set OAUTH_SECRET in production!',\n    );\n    return 'productive-mcp-default-secret-change-me';\n  }\n  return secret;\n}\n\n/**\n * Encrypt data using AES-256-GCM\n *\n * Output format: base64(salt + iv + authTag + ciphertext)\n *\n * @param plaintext - Data to encrypt\n * @param secret - Encryption secret (defaults to OAUTH_SECRET env var)\n * @returns Base64-encoded encrypted data\n */\nexport function encrypt(plaintext: string, secret: string = getSecret()): string {\n  const salt = randomBytes(SALT_LENGTH);\n  const key = deriveKey(secret, salt);\n  const iv = randomBytes(IV_LENGTH);\n\n  const cipher = createCipheriv(ALGORITHM, key, iv);\n  const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);\n  const authTag = cipher.getAuthTag();\n\n  // Combine: salt + iv + authTag + ciphertext\n  const combined = Buffer.concat([salt, iv, authTag, encrypted]);\n\n  return combined.toString('base64url');\n}\n\n/**\n * Decrypt data encrypted with encrypt()\n *\n * @param ciphertext - Base64-encoded encrypted data\n * @param secret - Encryption secret (defaults to OAUTH_SECRET env var)\n * @returns Decrypted plaintext\n * @throws Error if decryption fails (invalid data or wrong secret)\n */\nexport function decrypt(ciphertext: string, secret: string = getSecret()): string {\n  try {\n    const combined = Buffer.from(ciphertext, 'base64url');\n\n    // Extract components\n    const salt = combined.subarray(0, SALT_LENGTH);\n    const iv = combined.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n    const authTag = combined.subarray(\n      SALT_LENGTH + IV_LENGTH,\n      SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH,\n    );\n    const encrypted = combined.subarray(SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH);\n\n    const key = deriveKey(secret, salt);\n\n    const decipher = createDecipheriv(ALGORITHM, key, iv, { authTagLength: AUTH_TAG_LENGTH });\n    decipher.setAuthTag(authTag);\n\n    const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);\n\n    return decrypted.toString('utf8');\n  } catch {\n    throw new Error('Decryption failed: invalid token or secret');\n  }\n}\n\n/**\n * Authorization code payload structure\n */\nexport interface AuthCodePayload {\n  orgId: string;\n  apiToken: string;\n  userId?: string;\n  codeChallenge?: string;\n  codeChallengeMethod?: string;\n}\n\n/**\n * Create an encrypted authorization code containing credentials and PKCE challenge\n *\n * @param credentials - Object with orgId, apiToken, userId, and optional PKCE params\n * @param expiresInSeconds - Code expiration time (default: 5 minutes)\n * @returns Encrypted authorization code\n */\nexport function createAuthCode(\n  credentials: AuthCodePayload,\n  expiresInSeconds: number = 300,\n): string {\n  const payload = {\n    ...credentials,\n    exp: Date.now() + expiresInSeconds * 1000,\n  };\n  return encrypt(JSON.stringify(payload));\n}\n\n/**\n * Decode and validate an authorization code\n *\n * @param code - Encrypted authorization code\n * @returns Decoded payload with credentials and PKCE challenge\n * @throws Error if code is invalid or expired\n */\nexport function decodeAuthCode(code: string): AuthCodePayload {\n  const payload = JSON.parse(decrypt(code));\n\n  if (payload.exp && Date.now() > payload.exp) {\n    throw new Error('Authorization code expired');\n  }\n\n  const { orgId, apiToken, userId, codeChallenge, codeChallengeMethod } = payload;\n\n  if (!orgId || !apiToken) {\n    throw new Error('Invalid authorization code: missing credentials');\n  }\n\n  return { orgId, apiToken, userId, codeChallenge, codeChallengeMethod };\n}\n"],"names":[],"mappings":";AAUA,MAAM,YAAY;AAClB,MAAM,YAAY;AAClB,MAAM,kBAAkB;AACxB,MAAM,cAAc;AAKpB,SAAS,UAAU,UAAkB,MAAsB;AACzD,SAAO,WAAW,UAAU,MAAM,EAAE;AACtC;AAMO,SAAS,YAAoB;AAClC,QAAM,SAAS,QAAQ,IAAI;AAC3B,MAAI,CAAC,QAAQ;AACX,YAAQ;AAAA,MACN;AAAA,IAAA;AAEF,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAWO,SAAS,QAAQ,WAAmB,SAAiB,aAAqB;AAC/E,QAAM,OAAO,YAAY,WAAW;AACpC,QAAM,MAAM,UAAU,QAAQ,IAAI;AAClC,QAAM,KAAK,YAAY,SAAS;AAEhC,QAAM,SAAS,eAAe,WAAW,KAAK,EAAE;AAChD,QAAM,YAAY,OAAO,OAAO,CAAC,OAAO,OAAO,WAAW,MAAM,GAAG,OAAO,MAAA,CAAO,CAAC;AAClF,QAAM,UAAU,OAAO,WAAA;AAGvB,QAAM,WAAW,OAAO,OAAO,CAAC,MAAM,IAAI,SAAS,SAAS,CAAC;AAE7D,SAAO,SAAS,SAAS,WAAW;AACtC;AAUO,SAAS,QAAQ,YAAoB,SAAiB,aAAqB;AAChF,MAAI;AACF,UAAM,WAAW,OAAO,KAAK,YAAY,WAAW;AAGpD,UAAM,OAAO,SAAS,SAAS,GAAG,WAAW;AAC7C,UAAM,KAAK,SAAS,SAAS,aAAa,cAAc,SAAS;AACjE,UAAM,UAAU,SAAS;AAAA,MACvB,cAAc;AAAA,MACd,cAAc,YAAY;AAAA,IAAA;AAE5B,UAAM,YAAY,SAAS,SAAS,cAAc,YAAY,eAAe;AAE7E,UAAM,MAAM,UAAU,QAAQ,IAAI;AAElC,UAAM,WAAW,iBAAiB,WAAW,KAAK,IAAI,EAAE,eAAe,iBAAiB;AACxF,aAAS,WAAW,OAAO;AAE3B,UAAM,YAAY,OAAO,OAAO,CAAC,SAAS,OAAO,SAAS,GAAG,SAAS,MAAA,CAAO,CAAC;AAE9E,WAAO,UAAU,SAAS,MAAM;AAAA,EAClC,QAAQ;AACN,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC9D;AACF;AAoBO,SAAS,eACd,aACA,mBAA2B,KACnB;AACR,QAAM,UAAU;AAAA,IACd,GAAG;AAAA,IACH,KAAK,KAAK,IAAA,IAAQ,mBAAmB;AAAA,EAAA;AAEvC,SAAO,QAAQ,KAAK,UAAU,OAAO,CAAC;AACxC;AASO,SAAS,eAAe,MAA+B;AAC5D,QAAM,UAAU,KAAK,MAAM,QAAQ,IAAI,CAAC;AAExC,MAAI,QAAQ,OAAO,KAAK,IAAA,IAAQ,QAAQ,KAAK;AAC3C,UAAM,IAAI,MAAM,4BAA4B;AAAA,EAC9C;AAEA,QAAM,EAAE,OAAO,UAAU,QAAQ,eAAe,wBAAwB;AAExE,MAAI,CAAC,SAAS,CAAC,UAAU;AACvB,UAAM,IAAI,MAAM,iDAAiD;AAAA,EACnE;AAEA,SAAO,EAAE,OAAO,UAAU,QAAQ,eAAe,oBAAA;AACnD;"}

package/dist/formatters.d.ts

@@ -37,6 +37,26 @@ export declare function formatPerson(person: JsonApiResource, options?: McpForma
  * Format service for agent consumption
  */
 export declare function formatService(service: JsonApiResource, options?: McpFormatOptions): Record<string, unknown>;
+/**
+ * Format company for agent consumption
+ */
+export declare function formatCompany(company: JsonApiResource, options?: McpFormatOptions): Record<string, unknown>;
+/**
+ * Format comment for agent consumption
+ */
+export declare function formatComment(comment: JsonApiResource, options?: McpFormatOptions): Record<string, unknown>;
+/**
+ * Format timer for agent consumption
+ */
+export declare function formatTimer(timer: JsonApiResource, _options?: McpFormatOptions): Record<string, unknown>;
+/**
+ * Format deal for agent consumption
+ */
+export declare function formatDeal(deal: JsonApiResource, options?: McpFormatOptions): Record<string, unknown>;
+/**
+ * Format booking for agent consumption
+ */
+export declare function formatBooking(booking: JsonApiResource, options?: McpFormatOptions): Record<string, unknown>;
 /**
  * Format list response with pagination
  *

package/dist/formatters.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"formatters.d.ts","sourceRoot":"","sources":["../src/formatters.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAOL,KAAK,eAAe,EACpB,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACzB,MAAM,4BAA4B,CAAC;AAGpC,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,aAAa,EAAE,mBAAmB,EAAE,CAAC;AAcjF;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,eAAe,EAAE,CAAC;CAC9B;AAgBD;;GAEG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE,eAAe,EACtB,OAAO,CAAC,EAAE,gBAAgB,GACzB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAMzB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,eAAe,EACxB,OAAO,CAAC,EAAE,gBAAgB,GACzB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAMzB;AAED;;;GAGG;AACH,wBAAgB,UAAU,CACxB,IAAI,EAAE,eAAe,EACrB,OAAO,CAAC,EAAE,gBAAgB,GACzB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAazB;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,MAAM,EAAE,eAAe,EACvB,OAAO,CAAC,EAAE,gBAAgB,GACzB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAMzB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,eAAe,EACxB,OAAO,CAAC,EAAE,gBAAgB,GACzB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAMzB;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,EAClC,IAAI,EAAE,eAAe,EAAE,EACvB,SAAS,EAAE,CAAC,IAAI,EAAE,eAAe,EAAE,OAAO,CAAC,EAAE,gBAAgB,KAAK,CAAC,EACnE,IAAI,CAAC,EAAE,WAAW,EAClB,OAAO,CAAC,EAAE,gBAAgB,GACzB;IAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAAC,IAAI,CAAC,EAAE,mBAAmB,CAAA;CAAE,CAY3C"}
+{"version":3,"file":"formatters.d.ts","sourceRoot":"","sources":["../src/formatters.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAYL,KAAK,eAAe,EACpB,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACzB,MAAM,4BAA4B,CAAC;AAGpC,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,aAAa,EAAE,mBAAmB,EAAE,CAAC;AAcjF;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,eAAe,EAAE,CAAC;CAC9B;AAaD;;GAEG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE,eAAe,EACtB,OAAO,CAAC,EAAE,gBAAgB,GACzB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAMzB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,eAAe,EACxB,OAAO,CAAC,EAAE,gBAAgB,GACzB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAMzB;AAED;;;GAGG;AACH,wBAAgB,UAAU,CACxB,IAAI,EAAE,eAAe,EACrB,OAAO,CAAC,EAAE,gBAAgB,GACzB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAazB;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,MAAM,EAAE,eAAe,EACvB,OAAO,CAAC,EAAE,gBAAgB,GACzB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAMzB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,eAAe,EACxB,OAAO,CAAC,EAAE,gBAAgB,GACzB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAMzB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,eAAe,EACxB,OAAO,CAAC,EAAE,gBAAgB,GACzB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAMzB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,eAAe,EACxB,OAAO,CAAC,EAAE,gBAAgB,GACzB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAGzB;AAED;;GAEG;AACH,wBAAgB,WAAW,CACzB,KAAK,EAAE,eAAe,EACtB,QAAQ,CAAC,EAAE,gBAAgB,GAC1B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAGzB;AAED;;GAEG;AACH,wBAAgB,UAAU,CACxB,IAAI,EAAE,eAAe,EACrB,OAAO,CAAC,EAAE,gBAAgB,GACzB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAMzB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,eAAe,EACxB,OAAO,CAAC,EAAE,gBAAgB,GACzB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAMzB;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,EAClC,IAAI,EAAE,eAAe,EAAE,EACvB,SAAS,EAAE,CAAC,IAAI,EAAE,eAAe,EAAE,OAAO,CAAC,EAAE,gBAAgB,KAAK,CAAC,EACnE,IAAI,CAAC,EAAE,WAAW,EAClB,OAAO,CAAC,EAAE,gBAAgB,GACzB;IAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAAC,IAAI,CAAC,EAAE,mBAAmB,CAAA;CAAE,CAY3C"}

package/dist/handlers/bookings.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Bookings resource handler
+ */
+import type { HandlerContext, BookingArgs, ToolResult } from './types.js';
+export declare function handleBookings(action: string, args: BookingArgs, ctx: HandlerContext): Promise<ToolResult>;
+//# sourceMappingURL=bookings.d.ts.map

package/dist/handlers/bookings.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bookings.d.ts","sourceRoot":"","sources":["../../src/handlers/bookings.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAK1E,wBAAsB,cAAc,CAClC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,WAAW,EACjB,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,UAAU,CAAC,CAmDrB"}

package/dist/handlers/comments.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Comments resource handler
+ */
+import type { HandlerContext, CommentArgs, ToolResult } from './types.js';
+export declare function handleComments(action: string, args: CommentArgs, ctx: HandlerContext): Promise<ToolResult>;
+//# sourceMappingURL=comments.d.ts.map

package/dist/handlers/comments.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"comments.d.ts","sourceRoot":"","sources":["../../src/handlers/comments.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAK1E,wBAAsB,cAAc,CAClC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,WAAW,EACjB,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,UAAU,CAAC,CA0CrB"}

package/dist/handlers/companies.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Companies resource handler
+ */
+import type { HandlerContext, CompanyArgs, ToolResult } from './types.js';
+export declare function handleCompanies(action: string, args: CompanyArgs, ctx: HandlerContext): Promise<ToolResult>;
+//# sourceMappingURL=companies.d.ts.map

package/dist/handlers/companies.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"companies.d.ts","sourceRoot":"","sources":["../../src/handlers/companies.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAK1E,wBAAsB,eAAe,CACnC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,WAAW,EACjB,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,UAAU,CAAC,CA8BrB"}

package/dist/handlers/deals.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Deals resource handler
+ */
+import type { HandlerContext, DealArgs, ToolResult } from './types.js';
+export declare function handleDeals(action: string, args: DealArgs, ctx: HandlerContext): Promise<ToolResult>;
+//# sourceMappingURL=deals.d.ts.map

package/dist/handlers/deals.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deals.d.ts","sourceRoot":"","sources":["../../src/handlers/deals.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAKvE,wBAAsB,WAAW,CAC/B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,QAAQ,EACd,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,UAAU,CAAC,CA0CrB"}

package/dist/handlers/index.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Tool execution handlers for Productive MCP server
+ * These are shared between stdio and HTTP transports
+ *
+ * Single consolidated tool for minimal token overhead:
+ * - productive: resource + action based API
+ */
+import type { ProductiveCredentials } from '../auth.js';
+import type { ToolResult } from './types.js';
+export type { ToolResult } from './types.js';
+/**
+ * Execute a tool with the given credentials and arguments
+ */
+export declare function executeToolWithCredentials(name: string, args: Record<string, unknown>, credentials: ProductiveCredentials): Promise<ToolResult>;
+//# sourceMappingURL=index.d.ts.map

package/dist/handlers/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/handlers/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAExD,OAAO,KAAK,EAAE,UAAU,EAAkB,MAAM,YAAY,CAAC;AAgB7D,YAAY,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AA2C7C;;GAEG;AACH,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,WAAW,EAAE,qBAAqB,GACjC,OAAO,CAAC,UAAU,CAAC,CA4ErB"}

package/dist/handlers/people.d.ts

@@ -0,0 +1,7 @@
+/**
+ * People resource handler
+ */
+import type { ProductiveCredentials } from '../auth.js';
+import type { HandlerContext, CommonArgs, ToolResult } from './types.js';
+export declare function handlePeople(action: string, args: CommonArgs, ctx: HandlerContext, credentials: ProductiveCredentials): Promise<ToolResult>;
+//# sourceMappingURL=people.d.ts.map

package/dist/handlers/people.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"people.d.ts","sourceRoot":"","sources":["../../src/handlers/people.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACxD,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAKzE,wBAAsB,YAAY,CAChC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,UAAU,EAChB,GAAG,EAAE,cAAc,EACnB,WAAW,EAAE,qBAAqB,GACjC,OAAO,CAAC,UAAU,CAAC,CA2BrB"}

package/dist/handlers/projects.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Projects resource handler
+ */
+import type { HandlerContext, CommonArgs, ToolResult } from './types.js';
+export declare function handleProjects(action: string, args: CommonArgs, ctx: HandlerContext): Promise<ToolResult>;
+//# sourceMappingURL=projects.d.ts.map

package/dist/handlers/projects.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"projects.d.ts","sourceRoot":"","sources":["../../src/handlers/projects.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAKzE,wBAAsB,cAAc,CAClC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,UAAU,EAChB,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,UAAU,CAAC,CAgBrB"}

package/dist/handlers/services.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Services resource handler
+ */
+import type { HandlerContext, CommonArgs, ToolResult } from './types.js';
+export declare function handleServices(action: string, _args: CommonArgs, ctx: HandlerContext): Promise<ToolResult>;
+//# sourceMappingURL=services.d.ts.map

package/dist/handlers/services.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"services.d.ts","sourceRoot":"","sources":["../../src/handlers/services.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAKzE,wBAAsB,cAAc,CAClC,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,UAAU,EACjB,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,UAAU,CAAC,CASrB"}

package/dist/handlers/tasks.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Tasks resource handler
+ */
+import type { HandlerContext, TaskArgs, ToolResult } from './types.js';
+export declare function handleTasks(action: string, args: TaskArgs, ctx: HandlerContext): Promise<ToolResult>;
+//# sourceMappingURL=tasks.d.ts.map

package/dist/handlers/tasks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tasks.d.ts","sourceRoot":"","sources":["../../src/handlers/tasks.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAKvE,wBAAsB,WAAW,CAC/B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,QAAQ,EACd,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,UAAU,CAAC,CA8CrB"}

package/dist/handlers/time.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Time entries resource handler
+ */
+import type { HandlerContext, CommonArgs, ToolResult } from './types.js';
+export declare function handleTime(action: string, args: CommonArgs, ctx: HandlerContext): Promise<ToolResult>;
+//# sourceMappingURL=time.d.ts.map

package/dist/handlers/time.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"time.d.ts","sourceRoot":"","sources":["../../src/handlers/time.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAKzE,wBAAsB,UAAU,CAC9B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,UAAU,EAChB,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,UAAU,CAAC,CAyCrB"}

package/dist/handlers/timers.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Timers resource handler
+ */
+import type { HandlerContext, TimerArgs, ToolResult } from './types.js';
+export declare function handleTimers(action: string, args: TimerArgs, ctx: HandlerContext): Promise<ToolResult>;
+//# sourceMappingURL=timers.d.ts.map

package/dist/handlers/timers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"timers.d.ts","sourceRoot":"","sources":["../../src/handlers/timers.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAKxE,wBAAsB,YAAY,CAChC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,SAAS,EACf,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,UAAU,CAAC,CA8BrB"}

package/dist/handlers/types.d.ts

@@ -0,0 +1,78 @@
+/**
+ * Shared types for resource handlers
+ */
+import type { CallToolResult } from '@modelcontextprotocol/sdk/types.js';
+import type { ProductiveApi } from '@studiometa/productive-cli';
+import type { McpFormatOptions } from '../formatters.js';
+export type ToolResult = CallToolResult;
+/**
+ * Context passed to each resource handler
+ */
+export interface HandlerContext {
+    api: ProductiveApi;
+    formatOptions: McpFormatOptions;
+    filter?: Record<string, string>;
+    page?: number;
+    perPage: number;
+}
+/**
+ * Common args shared across resources
+ */
+export interface CommonArgs {
+    id?: string;
+    person_id?: string;
+    service_id?: string;
+    task_id?: string;
+    company_id?: string;
+    time?: number;
+    date?: string;
+    note?: string;
+}
+/**
+ * Task-specific args
+ */
+export interface TaskArgs extends CommonArgs {
+    title?: string;
+    project_id?: string;
+    task_list_id?: string;
+    description?: string;
+    assignee_id?: string;
+}
+/**
+ * Comment-specific args
+ */
+export interface CommentArgs extends CommonArgs {
+    body?: string;
+    deal_id?: string;
+}
+/**
+ * Timer-specific args
+ */
+export interface TimerArgs extends CommonArgs {
+    time_entry_id?: string;
+}
+/**
+ * Deal-specific args
+ */
+export interface DealArgs extends CommonArgs {
+    name?: string;
+}
+/**
+ * Booking-specific args
+ */
+export interface BookingArgs extends CommonArgs {
+    started_on?: string;
+    ended_on?: string;
+    event_id?: string;
+}
+/**
+ * Company-specific args
+ */
+export interface CompanyArgs extends CommonArgs {
+    name?: string;
+}
+/**
+ * Resource handler function signature
+ */
+export type ResourceHandler<T extends CommonArgs = CommonArgs> = (action: string, args: T, ctx: HandlerContext) => Promise<ToolResult>;
+//# sourceMappingURL=types.d.ts.map

package/dist/handlers/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/handlers/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAEhE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEzD,MAAM,MAAM,UAAU,GAAG,cAAc,CAAC;AAExC;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,aAAa,CAAC;IACnB,aAAa,EAAE,gBAAgB,CAAC;IAChC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,QAAS,SAAQ,UAAU;IAC1C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,WAAY,SAAQ,UAAU;IAC7C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,SAAU,SAAQ,UAAU;IAC3C,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,QAAS,SAAQ,UAAU;IAC1C,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,WAAY,SAAQ,UAAU;IAC7C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,WAAY,SAAQ,UAAU;IAC7C,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,MAAM,eAAe,CAAC,CAAC,SAAS,UAAU,GAAG,UAAU,IAAI,CAC/D,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,CAAC,EACP,GAAG,EAAE,cAAc,KAChB,OAAO,CAAC,UAAU,CAAC,CAAC"}

package/dist/handlers/utils.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Utility functions for resource handlers
+ */
+import type { ToolResult } from './types.js';
+/**
+ * Helper to create a successful JSON response
+ */
+export declare function jsonResult(data: unknown): ToolResult;
+/**
+ * Helper to create an error response
+ */
+export declare function errorResult(message: string): ToolResult;
+/**
+ * Convert unknown filter to string filter for API
+ */
+export declare function toStringFilter(filter?: Record<string, unknown>): Record<string, string> | undefined;
+//# sourceMappingURL=utils.d.ts.map

package/dist/handlers/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/handlers/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAE7C;;GAEG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,OAAO,GAAG,UAAU,CAIpD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU,CAKvD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,SAAS,CASpC"}

package/dist/handlers.d.ts

@@ -1,15 +1,8 @@
 /**
  * Tool execution handlers for Productive MCP server
- * These are shared between stdio and HTTP transports
  *
- * Single consolidated tool for minimal token overhead:
- * - productive: resource + action based API
+ * This module re-exports from the handlers/ directory for backwards compatibility.
+ * The handlers have been refactored into separate modules for better maintainability.
  */
-import type { CallToolResult } from '@modelcontextprotocol/sdk/types.js';
-import type { ProductiveCredentials } from './auth.js';
-export type ToolResult = CallToolResult;
-/**
- * Execute a tool with the given credentials and arguments
- */
-export declare function executeToolWithCredentials(name: string, args: Record<string, unknown>, credentials: ProductiveCredentials): Promise<ToolResult>;
+export { executeToolWithCredentials, type ToolResult } from './handlers/index.js';
 //# sourceMappingURL=handlers.d.ts.map

package/dist/handlers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../src/handlers.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AAWvD,MAAM,MAAM,UAAU,GAAG,cAAc,CAAC;AA0DxC;;GAEG;AACH,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,WAAW,EAAE,qBAAqB,GACjC,OAAO,CAAC,UAAU,CAAC,CAoLrB"}
+{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../src/handlers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,0BAA0B,EAAE,KAAK,UAAU,EAAE,MAAM,qBAAqB,CAAC"}