@webapper/cloudsee-drive-mcp 0.1.0

package/dist/index.js

@@ -0,0 +1,861 @@
+#!/usr/bin/env node
+
+// src/index.ts
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+
+// src/config.ts
+import { z } from "zod";
+
+// src/errors.ts
+var CloudSeeError = class extends Error {
+  code;
+  status;
+  retryable;
+  constructor(message, options = {}) {
+    super(message);
+    this.name = "CloudSeeError";
+    this.code = options.code ?? "error";
+    this.status = options.status;
+    this.retryable = options.retryable ?? false;
+  }
+};
+var AuthError = class extends CloudSeeError {
+  constructor(message, options = {}) {
+    super(message, { ...options, code: options.code ?? "auth" });
+    this.name = "AuthError";
+  }
+};
+
+// src/config.ts
+var DEFAULT_BASE_URL = "https://drive-api.cloudsee.cloud";
+var DEFAULT_TIMEOUT_MS = 3e4;
+var envSchema = z.object({
+  CLOUDSEE_API_KEY_ID: z.string().trim().min(1, "is required (your CloudSee Drive API key id)"),
+  CLOUDSEE_API_KEY_SECRET: z.string().trim().min(1, "is required (the matching API key secret)"),
+  CLOUDSEE_API_BASE_URL: z.string().url("must be a valid URL").optional(),
+  CLOUDSEE_TIMEOUT_MS: z.coerce.number().int().positive().optional(),
+  CLOUDSEE_LOG_LEVEL: z.enum(["error", "warn", "info", "debug"]).optional()
+});
+function loadConfig(env = process.env) {
+  const parsed = envSchema.safeParse(env);
+  if (!parsed.success) {
+    const issues = parsed.error.issues.map((i) => `  \u2022 ${i.path.join(".")} ${i.message}`).join("\n");
+    throw new CloudSeeError(
+      `CloudSee Drive MCP server is not configured:
+${issues}
+
+Set the required environment variables (see .env.example or the README).`,
+      { code: "config" }
+    );
+  }
+  const e = parsed.data;
+  return {
+    apiKeyId: e.CLOUDSEE_API_KEY_ID,
+    apiKeySecret: e.CLOUDSEE_API_KEY_SECRET,
+    baseUrl: (e.CLOUDSEE_API_BASE_URL ?? DEFAULT_BASE_URL).replace(/\/+$/, ""),
+    timeoutMs: e.CLOUDSEE_TIMEOUT_MS ?? DEFAULT_TIMEOUT_MS,
+    logLevel: e.CLOUDSEE_LOG_LEVEL ?? "info"
+  };
+}
+
+// src/logger.ts
+var LEVEL_WEIGHT = { error: 0, warn: 1, info: 2, debug: 3 };
+var currentLevel = "info";
+var secrets = [];
+function configureLogger(options) {
+  if (options.level) currentLevel = options.level;
+  if (options.redact) {
+    secrets = options.redact.filter((s) => typeof s === "string" && s.length > 0);
+  }
+}
+function redactSecrets(text) {
+  let out = text;
+  for (const secret of secrets) {
+    if (out.includes(secret)) out = out.split(secret).join("***");
+  }
+  return out;
+}
+function stringify(meta) {
+  if (meta === void 0) return "";
+  if (typeof meta === "string") return meta;
+  try {
+    return JSON.stringify(meta);
+  } catch {
+    return String(meta);
+  }
+}
+function emit(level, message, meta) {
+  if (LEVEL_WEIGHT[level] > LEVEL_WEIGHT[currentLevel]) return;
+  const suffix = meta === void 0 ? "" : ` ${stringify(meta)}`;
+  process.stderr.write(`[cloudsee-drive-mcp] ${level.toUpperCase()}: ${redactSecrets(message + suffix)}
+`);
+}
+var logger = {
+  error: (message, meta) => emit("error", message, meta),
+  warn: (message, meta) => emit("warn", message, meta),
+  info: (message, meta) => emit("info", message, meta),
+  debug: (message, meta) => emit("debug", message, meta)
+};
+
+// src/server.ts
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+
+// src/version.ts
+var VERSION = "0.1.0";
+
+// src/client/pagination.ts
+function encodeCursor(dialect, value) {
+  if (value === null || value === void 0 || value === "") return void 0;
+  const payload = { d: dialect, v: String(value) };
+  return Buffer.from(JSON.stringify(payload), "utf8").toString("base64url");
+}
+function decodeCursor(cursor, expected) {
+  let payload;
+  try {
+    payload = JSON.parse(Buffer.from(cursor, "base64url").toString("utf8"));
+  } catch {
+    throw new CloudSeeError("Invalid pagination cursor.", { code: "bad_cursor" });
+  }
+  if (!payload || typeof payload.v !== "string" || payload.d !== expected) {
+    throw new CloudSeeError("Pagination cursor is not valid for this operation.", { code: "bad_cursor" });
+  }
+  return payload.v;
+}
+var RESPONSE_FIELDS = ["nextPage", "nextPageToken", "marker", "lastEvaluatedKey", "pageToken", "nextToken"];
+function extractNextToken(data, dialect) {
+  if (!data || typeof data !== "object") return void 0;
+  const record = data;
+  for (const field of [dialect, ...RESPONSE_FIELDS]) {
+    const value = record[field];
+    if (typeof value === "string" && value !== "") return value;
+    if (value && typeof value === "object") {
+      try {
+        return JSON.stringify(value);
+      } catch {
+      }
+    }
+  }
+  return void 0;
+}
+
+// src/client/CloudSeeClient.ts
+var DEFAULT_RETRIES = 3;
+var BASE_BACKOFF_MS = 300;
+var MAX_BACKOFF_MS = 8e3;
+var CloudSeeClient = class {
+  baseUrl;
+  timeoutMs;
+  secret;
+  headers;
+  constructor(config) {
+    this.baseUrl = config.baseUrl;
+    this.timeoutMs = config.timeoutMs;
+    this.secret = config.apiKeySecret;
+    this.headers = {
+      "Content-Type": "application/json",
+      Accept: "application/json",
+      "X-Api-Key-Id": config.apiKeyId,
+      "X-Api-Key-Secret": config.apiKeySecret,
+      "User-Agent": `cloudsee-drive-mcp/${VERSION}`
+    };
+  }
+  /** POST a data-plane RPC endpoint (path WITHOUT `/v1`). Returns unwrapped `data`. */
+  async post(path, body = {}, options = {}) {
+    return (await this.request(path, body, options)).data;
+  }
+  /** POST a paginated endpoint. Translates the opaque `cursor` to/from the
+   *  endpoint's pagination dialect and returns a normalized `nextCursor`. The
+   *  continuation token can sit at the envelope level (e.g. `/storage/recent`
+   *  returns `nextToken` as a sibling of `data`) or inside `data` — check the
+   *  envelope first, then `data`, so a token is never silently dropped. */
+  async postPaged(path, body, dialect, cursor, options = {}) {
+    const requestBody = { ...body };
+    if (cursor) requestBody[dialect] = decodeCursor(cursor, dialect);
+    const { data, envelope } = await this.request(path, requestBody, options);
+    const token = extractNextToken(envelope, dialect) ?? extractNextToken(data, dialect);
+    return { data, nextCursor: encodeCursor(dialect, token) };
+  }
+  /** Run the request with retry/backoff, returning the unwrapped `data` together
+   *  with the raw response envelope (needed for envelope-level pagination tokens). */
+  async request(path, body, options) {
+    const url = `${this.baseUrl}/v1${path}`;
+    const retries = options.retries ?? DEFAULT_RETRIES;
+    let attempt = 0;
+    for (; ; ) {
+      attempt += 1;
+      const response = await this.fetchOnce(url, path, body, options.signal);
+      if (response.status === 401 || response.status === 403) {
+        throw new AuthError(
+          "Authentication failed (HTTP " + response.status + "). Check CLOUDSEE_API_KEY_ID and CLOUDSEE_API_KEY_SECRET, and that the key is active and not expired.",
+          { status: response.status }
+        );
+      }
+      if ((response.status === 429 || response.status >= 500) && attempt <= retries) {
+        const waitMs = retryAfterMs(response.headers.get("retry-after")) ?? backoffMs(attempt);
+        logger.warn(`HTTP ${response.status} from ${path}; retrying in ${waitMs}ms (attempt ${attempt}/${retries}).`);
+        await sleep(waitMs);
+        continue;
+      }
+      return await this.parse(response, path);
+    }
+  }
+  async fetchOnce(url, path, body, external) {
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), this.timeoutMs);
+    const onAbort = () => controller.abort();
+    if (external) external.addEventListener("abort", onAbort, { once: true });
+    try {
+      return await fetch(url, {
+        method: "POST",
+        headers: this.headers,
+        body: JSON.stringify(body),
+        signal: controller.signal
+      });
+    } catch (err) {
+      const reason = controller.signal.aborted ? `timed out after ${this.timeoutMs}ms` : this.redact(errMessage(err));
+      throw new CloudSeeError(`Network error calling ${path}: ${reason}`, { code: "network", retryable: true });
+    } finally {
+      clearTimeout(timer);
+      if (external) external.removeEventListener("abort", onAbort);
+    }
+  }
+  async parse(response, path) {
+    const text = await response.text();
+    let json;
+    if (text) {
+      try {
+        json = JSON.parse(text);
+      } catch {
+        throw new CloudSeeError(
+          response.ok ? `CloudSee API returned a non-JSON response for ${path}.` : `CloudSee API returned HTTP ${response.status} for ${path}.`,
+          { status: response.status, code: response.ok ? "bad_response" : "http_error" }
+        );
+      }
+    }
+    if (!response.ok) {
+      const message = json?.errorMessage ?? `HTTP ${response.status}`;
+      throw new CloudSeeError(`CloudSee API error for ${path}: ${this.redact(message)}`, {
+        status: response.status,
+        code: json?.code ?? "http_error"
+      });
+    }
+    if (json && typeof json === "object" && json.success === false) {
+      throw new CloudSeeError(this.redact(json.errorMessage || `Operation failed (${json.code ?? "unknown"}).`), {
+        code: json.code ?? "operation_failed",
+        status: response.status
+      });
+    }
+    const envelope = json && typeof json === "object" ? json : void 0;
+    if (json && typeof json === "object" && "data" in json) return { data: json.data, envelope };
+    return { data: json ?? {}, envelope };
+  }
+  redact(text) {
+    return this.secret && text.includes(this.secret) ? text.split(this.secret).join("***") : text;
+  }
+};
+function errMessage(err) {
+  return err instanceof Error ? err.message : String(err);
+}
+function backoffMs(attempt) {
+  const ceiling = Math.min(MAX_BACKOFF_MS, BASE_BACKOFF_MS * 2 ** (attempt - 1));
+  return Math.round(ceiling / 2 + Math.random() * (ceiling / 2));
+}
+function retryAfterMs(header) {
+  if (!header) return void 0;
+  const seconds = Number(header);
+  if (Number.isFinite(seconds)) return Math.max(0, seconds * 1e3);
+  const date = Date.parse(header);
+  if (Number.isFinite(date)) return Math.max(0, date - Date.now());
+  return void 0;
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// src/tools/read.ts
+import { z as z2 } from "zod";
+
+// src/tools/format.ts
+var DEFAULT_MAX_ITEMS = 100;
+var DEFAULT_MAX_CHARS = 8e3;
+function summarize(data, opts = {}) {
+  const maxItems = opts.maxItems ?? DEFAULT_MAX_ITEMS;
+  const maxChars = opts.maxChars ?? DEFAULT_MAX_CHARS;
+  let json;
+  try {
+    json = JSON.stringify(boundArrays(data, maxItems), null, 2);
+  } catch {
+    json = String(data);
+  }
+  if (json.length > maxChars) {
+    json = `${json.slice(0, maxChars)}
+\u2026 (output truncated at ${maxChars} characters \u2014 narrow your query or paginate).`;
+  }
+  return json;
+}
+function boundArrays(value, maxItems) {
+  if (Array.isArray(value)) {
+    const capped = value.slice(0, maxItems).map((v) => boundArrays(v, maxItems));
+    if (value.length > maxItems) {
+      capped.push(`\u2026 ${value.length - maxItems} more item(s) omitted \u2014 paginate for the rest.`);
+    }
+    return capped;
+  }
+  if (value && typeof value === "object") {
+    const out = {};
+    for (const [k, v] of Object.entries(value)) {
+      out[k] = boundArrays(v, maxItems);
+    }
+    return out;
+  }
+  return value;
+}
+function withCursor(body, nextCursor) {
+  if (!nextCursor) return body;
+  return `${body}
+
+\u21AA More results available. Call this tool again with cursor="${nextCursor}" for the next page.`;
+}
+
+// src/tools/types.ts
+function textResult(text) {
+  return { content: [{ type: "text", text }] };
+}
+
+// src/tools/read.ts
+var listBuckets = {
+  name: "list_buckets",
+  title: "List buckets",
+  description: "List the storage buckets (Amazon S3 buckets) the authenticated CloudSee Drive account can access. Use this first to discover available buckets before browsing or searching.",
+  endpoint: { method: "POST", path: "/storage/buckets", scopes: ["drive:read"] },
+  inputSchema: {},
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  handler: async (_args, { client }) => {
+    const data = await client.post("/storage/buckets", {});
+    return textResult(summarize(data));
+  }
+};
+var browseSchema = z2.object({
+  path: z2.string().optional().describe("Folder path / prefix to list. Empty or omitted = the root."),
+  sortOption: z2.string().optional().describe("Sort key, e.g. 'name_asc', 'name_desc', 'date_desc'."),
+  pageSize: z2.number().int().min(1).max(200).optional().describe("Max items per page (1-200, default 50)."),
+  cursor: z2.string().optional().describe("Opaque pagination cursor returned by a previous call.")
+});
+var browseFolder = {
+  name: "browse_folder",
+  title: "Browse folder",
+  description: "List the files and sub-folders directly inside a folder (one level, non-recursive), with sorting and pagination. To filter by keyword use 'search_files'.",
+  endpoint: { method: "POST", path: "/storage/list", scopes: ["drive:read"] },
+  inputSchema: browseSchema.shape,
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  handler: async (args, { client }) => {
+    const a = browseSchema.parse(args);
+    const { data, nextCursor } = await client.postPaged(
+      "/storage/list",
+      { dirPath: a.path ?? "", sortOption: a.sortOption, pageSize: a.pageSize ?? 50 },
+      "nextPage",
+      a.cursor
+    );
+    return textResult(withCursor(summarize(data), nextCursor));
+  }
+};
+var searchSchema = z2.object({
+  query: z2.string().min(1).describe("Keyword to match against file and folder names."),
+  path: z2.string().optional().describe("Folder to search within (this folder level, non-recursive). Empty = root."),
+  pageSize: z2.number().int().min(1).max(200).optional().describe("Max items per page (1-200, default 50)."),
+  cursor: z2.string().optional().describe("Opaque pagination cursor returned by a previous call.")
+});
+var searchFiles = {
+  name: "search_files",
+  title: "Search files",
+  description: "Search for files and folders by name keyword within a folder. Note: this matches the given folder level and is NOT a whole-tree recursive search \u2014 browse into sub-folders to search deeper. Returns matches with pagination.",
+  endpoint: { method: "POST", path: "/storage/list", scopes: ["drive:read"] },
+  inputSchema: searchSchema.shape,
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  handler: async (args, { client }) => {
+    const a = searchSchema.parse(args);
+    const { data, nextCursor } = await client.postPaged(
+      "/storage/list",
+      { dirPath: a.path ?? "", searchingKeyword: a.query, pageSize: a.pageSize ?? 50 },
+      "nextPage",
+      a.cursor
+    );
+    return textResult(withCursor(summarize(data), nextCursor));
+  }
+};
+var recentSchema = z2.object({
+  limit: z2.number().int().min(1).max(200).optional().describe("Max items (1-200, default 50)."),
+  cursor: z2.string().optional().describe("Opaque pagination cursor returned by a previous call.")
+});
+var recentFiles = {
+  name: "recent_files",
+  title: "Recent files",
+  description: "List the account's most recently accessed or modified files, newest first, with pagination.",
+  endpoint: { method: "POST", path: "/storage/recent", scopes: ["drive:read"] },
+  inputSchema: recentSchema.shape,
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  handler: async (args, { client }) => {
+    const a = recentSchema.parse(args);
+    const limit = a.limit ?? 50;
+    const { data, nextCursor } = await client.postPaged("/storage/recent", { limit }, "nextToken", a.cursor);
+    const hasMore = Array.isArray(data) && data.length >= limit;
+    return textResult(withCursor(summarize(data), hasMore ? nextCursor : void 0));
+  }
+};
+var metaSchema = z2.object({ objectKey: z2.string().min(1).describe("Full object key (path) of the file.") });
+var getFileMetadata = {
+  name: "get_file_metadata",
+  title: "Get file metadata",
+  description: "Get detailed metadata for a single file or object (size, type, timestamps, storage class, and other attributes) by its object key.",
+  endpoint: { method: "POST", path: "/storage/object/detail", scopes: ["drive:read"] },
+  inputSchema: metaSchema.shape,
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  handler: async (args, { client }) => {
+    const a = metaSchema.parse(args);
+    const data = await client.post("/storage/object/detail", { objectKey: a.objectKey });
+    return textResult(summarize(data));
+  }
+};
+var tagsSchema = z2.object({
+  objectKey: z2.string().min(1).describe("Full object key (path) of the file."),
+  bucketName: z2.string().optional().describe("Bucket name, if not implied by the key.")
+});
+var getFileTags = {
+  name: "get_file_tags",
+  title: "Get file tags",
+  description: "Get the S3 object tags (key/value pairs) attached to a file, by object key.",
+  endpoint: { method: "POST", path: "/storage/object/tagging", scopes: ["drive:read"] },
+  inputSchema: tagsSchema.shape,
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  handler: async (args, { client }) => {
+    const a = tagsSchema.parse(args);
+    const data = await client.post("/storage/object/tagging", { objectKey: a.objectKey, bucketName: a.bucketName });
+    return textResult(summarize(data));
+  }
+};
+var readTools = [
+  listBuckets,
+  browseFolder,
+  searchFiles,
+  recentFiles,
+  getFileMetadata,
+  getFileTags
+];
+
+// src/tools/download.ts
+import { z as z3 } from "zod";
+var downloadSchema = z3.object({
+  filePath: z3.string().min(1).describe("Object key (path) of the file to download."),
+  forceDownload: z3.boolean().optional().describe("If true, the link forces an attachment download instead of inline view."),
+  storageId: z3.string().optional().describe("Optional storage/index id.")
+});
+var downloadFile = {
+  name: "download_file",
+  title: "Download file",
+  description: "Get a short-lived pre-signed download URL for a file. The URL is time-limited and grants read access to that one object \u2014 share it with care. Returns the URL; it does not load file bytes into the conversation.",
+  endpoint: { method: "POST", path: "/storage/object/download-url", scopes: ["drive:read", "drive:download"] },
+  inputSchema: downloadSchema.shape,
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  handler: async (args, { client }) => {
+    const a = downloadSchema.parse(args);
+    const data = await client.post("/storage/object/download-url", {
+      filePath: a.filePath,
+      download: a.forceDownload ?? false,
+      storageId: a.storageId
+    });
+    return textResult(summarize(data));
+  }
+};
+var shareSchema = z3.object({
+  filePath: z3.string().min(1).describe("Object key (path) of the file to share."),
+  storageId: z3.string().optional().describe("Optional storage/index id.")
+});
+var shareLink = {
+  name: "share_link",
+  title: "Create share link",
+  description: "Create a shareable, time-limited link to a file (a pre-signed URL suitable for sharing). For richer share management (revocation, folder/prefix shares, expiry control) use the CloudSee dashboard.",
+  endpoint: { method: "POST", path: "/storage/object/download-url", scopes: ["drive:read", "drive:download"] },
+  inputSchema: shareSchema.shape,
+  annotations: { readOnlyHint: true, openWorldHint: true },
+  handler: async (args, { client }) => {
+    const a = shareSchema.parse(args);
+    const data = await client.post("/storage/object/download-url", {
+      filePath: a.filePath,
+      shareableLink: true,
+      storageId: a.storageId
+    });
+    return textResult(summarize(data));
+  }
+};
+var downloadTools = [downloadFile, shareLink];
+
+// src/tools/write.ts
+import { readFile, stat } from "fs/promises";
+import { basename } from "path";
+import { z as z5 } from "zod";
+
+// src/confirm.ts
+import { z as z4 } from "zod";
+var confirmShape = {
+  confirm: z4.boolean().optional().describe(
+    "Must be true to actually perform this mutating/irreversible action. If omitted or false, the tool returns a preview and makes no changes."
+  )
+};
+var SECURITY_NOTE = "Note: this confirmation is a client-side safety prompt, not the security boundary \u2014 the CloudSee API authorizes every operation server-side.";
+function confirmationPreview(action, details) {
+  return textResult(
+    `\u26A0\uFE0F Confirmation required \u2014 no changes have been made.
+
+About to: ${action}
+${details}
+
+Re-run this tool with confirm=true to proceed.
+${SECURITY_NOTE}`
+  );
+}
+
+// src/tools/write.ts
+var GATED = " (Write access is authorized server-side; until CloudSee's public-API RBAC wiring (CSD-572) is live, the gateway may deny this \u2014 that is expected, not a tool failure.)";
+var MULTIPART_THRESHOLD = 8 * 1024 * 1024;
+function pickUrl(data) {
+  if (typeof data === "string") return data;
+  if (data && typeof data === "object") {
+    const record = data;
+    for (const key of ["url", "uploadUrl", "signedUrl", "preSignedUrl", "presignedUrl", "putUrl"]) {
+      const value = record[key];
+      if (typeof value === "string" && value) return value;
+    }
+  }
+  return void 0;
+}
+function pickKey(data) {
+  if (data && typeof data === "object") {
+    const record = data;
+    for (const key of ["key", "objectKey", "Key", "objectPath", "filePath"]) {
+      const value = record[key];
+      if (typeof value === "string" && value) return value;
+    }
+    const fields = record["fields"];
+    if (fields && typeof fields === "object") {
+      const nested = fields["key"];
+      if (typeof nested === "string" && nested) return nested;
+    }
+  }
+  return void 0;
+}
+var uploadSchema = z5.object({
+  localPath: z5.string().min(1).describe("Path to the local file to upload (absolute, or relative to the server's working directory)."),
+  destinationFolder: z5.string().describe("Destination folder/prefix in CloudSee Drive. Empty = root."),
+  fileName: z5.string().optional().describe("Name to store the file as. Defaults to the local file's name."),
+  contentType: z5.string().optional().describe("MIME type. Defaults to application/octet-stream."),
+  storageClass: z5.string().optional().describe("Optional S3 storage class (e.g. STANDARD, INTELLIGENT_TIERING).")
+});
+var uploadFile = {
+  name: "upload_file",
+  title: "Upload file",
+  description: "Upload a local file to a CloudSee Drive folder. Reads the file from the local machine, requests a pre-signed upload URL, uploads the bytes to storage, then finalizes the object." + GATED,
+  endpoint: { method: "POST", path: "/storage/upload/url", scopes: ["drive:write"] },
+  inputSchema: uploadSchema.shape,
+  annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: false, openWorldHint: true },
+  handler: async (args, { client }) => {
+    const a = uploadSchema.parse(args);
+    const fileName = a.fileName ?? basename(a.localPath);
+    const contentType = a.contentType ?? "application/octet-stream";
+    let info;
+    try {
+      info = await stat(a.localPath);
+    } catch {
+      throw new CloudSeeError(`Local file not found: ${a.localPath}`, { code: "file_not_found" });
+    }
+    if (!info.isFile()) throw new CloudSeeError(`Not a regular file: ${a.localPath}`, { code: "not_a_file" });
+    if (info.size > MULTIPART_THRESHOLD) {
+      throw new CloudSeeError(
+        `File is ${(info.size / 1048576).toFixed(1)} MiB. Multipart upload (>8 MiB) is not enabled in this release \u2014 upload a smaller file or use the CloudSee web app for large files.`,
+        { code: "too_large" }
+      );
+    }
+    const bytes = await readFile(a.localPath);
+    const presign = await client.post("/storage/upload/url", {
+      dirPath: a.destinationFolder,
+      fileName,
+      contentType,
+      storageClass: a.storageClass
+    });
+    const uploadUrl = pickUrl(presign);
+    if (!uploadUrl) throw new CloudSeeError("The API did not return a usable upload URL.", { code: "no_upload_url" });
+    const key = pickKey(presign);
+    if (!key) {
+      throw new CloudSeeError(
+        "The upload-URL response did not include the object key, so the upload cannot be finalized safely. (No bytes were uploaded.)",
+        { code: "no_object_key" }
+      );
+    }
+    const put = await fetch(uploadUrl, { method: "PUT", headers: { "Content-Type": contentType }, body: new Uint8Array(bytes) });
+    if (!put.ok) throw new CloudSeeError(`Upload to storage failed (HTTP ${put.status}).`, { status: put.status, code: "upload_failed" });
+    let complete;
+    try {
+      complete = await client.post("/storage/upload/complete", {
+        dirPath: a.destinationFolder,
+        objects: [{ fileName, key, contentType, size: info.size }]
+      });
+    } catch (err) {
+      const reason = err instanceof Error ? err.message : String(err);
+      throw new CloudSeeError(
+        `Bytes were uploaded to storage but finalization failed: ${reason}. The object may exist without an index entry \u2014 retry the upload, or remove it via the CloudSee app.`,
+        { code: "finalize_failed" }
+      );
+    }
+    return textResult(`Uploaded "${fileName}" (${info.size} bytes) to "${a.destinationFolder || "/"}".
+
+${summarize(complete)}`);
+  }
+};
+var createFolderSchema = z5.object({
+  parentPath: z5.string().describe("Parent folder/prefix. Empty = root."),
+  name: z5.string().min(1).describe("New folder name.")
+});
+var createFolder = {
+  name: "create_folder",
+  title: "Create folder",
+  description: "Create a new folder at the given path." + GATED,
+  endpoint: { method: "POST", path: "/storage/folder/create", scopes: ["drive:write"] },
+  inputSchema: createFolderSchema.shape,
+  annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: false, openWorldHint: true },
+  handler: async (args, { client }) => {
+    const a = createFolderSchema.parse(args);
+    const data = await client.post("/storage/folder/create", { dirPath: a.parentPath, object: a.name });
+    return textResult(`Created folder "${a.name}" in "${a.parentPath || "/"}".
+
+${summarize(data)}`);
+  }
+};
+var renameSchema = z5.object({
+  oldObjectId: z5.string().min(1).describe("Current object key/id of the file or folder."),
+  newName: z5.string().min(1).describe("New name."),
+  isFolder: z5.boolean().optional().describe("Set true when renaming a folder."),
+  storageId: z5.string().optional().describe("Optional storage/index id."),
+  ...confirmShape
+});
+var renameFile = {
+  name: "rename_file",
+  title: "Rename file or folder",
+  description: "Rename a file or folder. Destructive (changes the object's key). Requires confirm=true." + GATED,
+  endpoint: { method: "POST", path: "/storage/object/rename", scopes: ["drive:write"] },
+  inputSchema: renameSchema.shape,
+  annotations: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true },
+  handler: async (args, { client }) => {
+    const a = renameSchema.parse(args);
+    if (!a.confirm) {
+      return confirmationPreview(`rename ${a.isFolder ? "folder" : "file"} to "${a.newName}"`, `Target: ${a.oldObjectId}`);
+    }
+    const data = await client.post("/storage/object/rename", {
+      oldObjectId: a.oldObjectId,
+      newObjectName: a.newName,
+      isFolder: a.isFolder ?? false,
+      storageId: a.storageId
+    });
+    return textResult(`Renamed to "${a.newName}".
+
+${summarize(data)}`);
+  }
+};
+var moveSchema = z5.object({
+  sourcePath: z5.string().min(1).describe("Source object key/prefix."),
+  destinationPath: z5.string().min(1).describe("Destination prefix."),
+  asCopy: z5.boolean().optional().describe("Copy instead of move (copy is non-destructive; the source is kept)."),
+  isFolder: z5.boolean().optional().describe("Set true for a folder."),
+  destinationBucket: z5.string().optional().describe("Target bucket, if different."),
+  storageId: z5.string().optional().describe("Optional storage/index id."),
+  ...confirmShape
+});
+var moveFile = {
+  name: "move_file",
+  title: "Move or copy file",
+  description: "Move (or copy, with asCopy=true) a file or folder to a new location. A move removes the source and is destructive, so it requires confirm=true; a copy does not." + GATED,
+  endpoint: { method: "POST", path: "/storage/object/move", scopes: ["drive:write"] },
+  inputSchema: moveSchema.shape,
+  annotations: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true },
+  handler: async (args, { client }) => {
+    const a = moveSchema.parse(args);
+    const isMove = !a.asCopy;
+    if (isMove && !a.confirm) {
+      return confirmationPreview(`move "${a.sourcePath}" \u2192 "${a.destinationPath}"`, "This removes the source. Pass asCopy=true to copy instead.");
+    }
+    const data = await client.post("/storage/object/move", {
+      asCopy: a.asCopy ?? false,
+      isFolder: a.isFolder ?? false,
+      sourcePath: a.sourcePath,
+      destinationPath: a.destinationPath,
+      destinationBucket: a.destinationBucket,
+      storageId: a.storageId
+    });
+    return textResult(`${isMove ? "Moved" : "Copied"} "${a.sourcePath}" \u2192 "${a.destinationPath}".
+
+${summarize(data)}`);
+  }
+};
+var duplicateSchema = z5.object({
+  objectKey: z5.string().min(1).describe("Source object key to duplicate."),
+  storageId: z5.string().optional().describe("Optional storage/index id.")
+});
+var duplicateFile = {
+  name: "duplicate_file",
+  title: "Duplicate file",
+  description: "Create a copy of a file in the same location." + GATED,
+  endpoint: { method: "POST", path: "/storage/object/duplicate", scopes: ["drive:write"] },
+  inputSchema: duplicateSchema.shape,
+  annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: false, openWorldHint: true },
+  handler: async (args, { client }) => {
+    const a = duplicateSchema.parse(args);
+    const data = await client.post("/storage/object/duplicate", { objectKey: a.objectKey, storageId: a.storageId });
+    return textResult(`Duplicated "${a.objectKey}".
+
+${summarize(data)}`);
+  }
+};
+var deleteSchema = z5.object({
+  objectKeys: z5.array(z5.string().min(1)).min(1).describe("Object keys (paths) to permanently delete."),
+  ...confirmShape
+});
+var deleteFiles = {
+  name: "delete_files",
+  title: "Delete files",
+  description: "Permanently delete one or more files/objects by key. Destructive and irreversible. Requires confirm=true." + GATED,
+  endpoint: { method: "POST", path: "/storage/objects/delete", scopes: ["drive:delete"] },
+  inputSchema: deleteSchema.shape,
+  annotations: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true },
+  handler: async (args, { client }) => {
+    const a = deleteSchema.parse(args);
+    if (!a.confirm) {
+      return confirmationPreview(`permanently delete ${a.objectKeys.length} object(s)`, a.objectKeys.map((k) => `  - ${k}`).join("\n"));
+    }
+    const data = await client.post("/storage/objects/delete", { deletedObjects: a.objectKeys });
+    return textResult(`Deleted ${a.objectKeys.length} object(s).
+
+${summarize(data)}`);
+  }
+};
+var updateMetaSchema = z5.object({
+  objectKey: z5.string().min(1).describe("Object key whose metadata to update."),
+  metadata: z5.record(z5.string(), z5.unknown()).describe("Metadata fields to set (key/value map). Overwrites the listed fields."),
+  ...confirmShape
+});
+var updateMetadata = {
+  name: "update_metadata",
+  title: "Update file metadata",
+  description: "Update a file's metadata. Destructive (overwrites the listed metadata fields). Requires confirm=true." + GATED,
+  endpoint: { method: "POST", path: "/storage/object/metadata", scopes: ["drive:write"] },
+  inputSchema: updateMetaSchema.shape,
+  annotations: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true },
+  handler: async (args, { client }) => {
+    const a = updateMetaSchema.parse(args);
+    if (!a.confirm) {
+      return confirmationPreview(`update metadata on "${a.objectKey}"`, `Fields: ${Object.keys(a.metadata).join(", ") || "(none)"}`);
+    }
+    const data = await client.post("/storage/object/metadata", { objectKey: a.objectKey, metadata: a.metadata });
+    return textResult(`Updated metadata on "${a.objectKey}".
+
+${summarize(data)}`);
+  }
+};
+var restoreSchema = z5.object({
+  objectKey: z5.string().min(1).describe("Object key of the archived (Glacier) object to restore."),
+  days: z5.number().int().min(1).optional().describe("How many days to keep the restored copy available."),
+  retrievalTier: z5.enum(["Expedited", "Standard", "Bulk"]).optional().describe("Glacier retrieval tier (default Standard)."),
+  storageId: z5.string().optional().describe("Optional storage/index id."),
+  ...confirmShape
+});
+var restoreArchivedFile = {
+  name: "restore_archived_file",
+  title: "Restore archived file",
+  description: "Begin restoring an archived (S3 Glacier) object so it can be downloaded. This is Glacier un-archiving \u2014 NOT recovery of a deleted file \u2014 and may incur retrieval cost and take minutes to hours. Requires confirm=true." + GATED,
+  endpoint: { method: "POST", path: "/storage/object/restore", scopes: ["drive:write"] },
+  inputSchema: restoreSchema.shape,
+  annotations: { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true },
+  handler: async (args, { client }) => {
+    const a = restoreSchema.parse(args);
+    if (!a.confirm) {
+      return confirmationPreview(
+        `restore archived object "${a.objectKey}"`,
+        `Tier: ${a.retrievalTier ?? "Standard"}${a.days ? `, ${a.days} day(s)` : ""}. May incur retrieval cost.`
+      );
+    }
+    const data = await client.post("/storage/object/restore", {
+      objectKey: a.objectKey,
+      days: a.days,
+      retrievalTier: a.retrievalTier,
+      storageId: a.storageId
+    });
+    return textResult(`Restore initiated for "${a.objectKey}".
+
+${summarize(data)}`);
+  }
+};
+var writeTools = [
+  uploadFile,
+  createFolder,
+  renameFile,
+  moveFile,
+  duplicateFile,
+  deleteFiles,
+  updateMetadata,
+  restoreArchivedFile
+];
+
+// src/tools/index.ts
+var allTools = [...readTools, ...downloadTools, ...writeTools];
+
+// src/server.ts
+function createServer(config) {
+  const client = new CloudSeeClient(config);
+  const server = new McpServer({ name: "cloudsee-drive-mcp", version: VERSION });
+  for (const tool of allTools) {
+    server.registerTool(
+      tool.name,
+      {
+        title: tool.title,
+        description: tool.description,
+        inputSchema: tool.inputSchema,
+        annotations: { title: tool.title, ...tool.annotations }
+      },
+      async (args) => {
+        try {
+          return await tool.handler(args ?? {}, { client });
+        } catch (err) {
+          const message = err instanceof Error ? err.message : String(err);
+          logger.error(`tool "${tool.name}" failed`, message);
+          return { content: [{ type: "text", text: `Error: ${message}` }], isError: true };
+        }
+      }
+    );
+  }
+  logger.info(`registered ${allTools.length} tools`);
+  return server;
+}
+
+// src/index.ts
+function loadConfigOrExit() {
+  try {
+    return loadConfig();
+  } catch (err) {
+    process.stderr.write(`
+${err instanceof Error ? err.message : String(err)}
+
+`);
+    process.exit(1);
+  }
+}
+async function main() {
+  const config = loadConfigOrExit();
+  configureLogger({ level: config.logLevel, redact: [config.apiKeySecret] });
+  const server = createServer(config);
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+  logger.info(`cloudsee-drive-mcp v${VERSION} ready on stdio (base: ${config.baseUrl})`);
+}
+main().catch((err) => {
+  process.stderr.write(`Fatal: ${err instanceof Error ? err.message : String(err)}
+`);
+  process.exit(1);
+});
+//# sourceMappingURL=index.js.map