estatehelm 1.0.22 → 1.0.24

package/dist/index.js

@@ -611,12 +611,18 @@ function base64Decode(base64) {
     throw new Error(`Failed to decode base64: ${error instanceof Error ? error.message : "Unknown error"}`);
   }
 }
+function generateRandomBytes(length) {
+  return crypto.getRandomValues(new Uint8Array(length));
+}
 function stringToBytes(str) {
   return new TextEncoder().encode(str);
 }
 function bytesToString(bytes) {
   return new TextDecoder().decode(bytes);
 }
+function generateUUID() {
+  return crypto.randomUUID();
+}
 
 // ../encryption/src/householdKeys.ts
 var HOUSEHOLD_KEY_SIZE = 32;
@@ -697,6 +703,13 @@ async function importEntityKey(entityKeyBytes) {
 // ../encryption/src/entityEncryption.ts
 var IV_SIZE = 12;
 var AUTH_TAG_SIZE = 16;
+function packEncryptedBlob(version, iv, ciphertext) {
+  const blob = new Uint8Array(1 + iv.length + ciphertext.length);
+  blob[0] = version;
+  blob.set(iv, 1);
+  blob.set(ciphertext, 1 + iv.length);
+  return base64Encode(blob);
+}
 function unpackEncryptedBlob(packedBlob) {
   const blob = base64Decode(packedBlob);
   if (blob.length < 1 + IV_SIZE + AUTH_TAG_SIZE) {
@@ -707,6 +720,41 @@ function unpackEncryptedBlob(packedBlob) {
   const ciphertext = blob.slice(1 + IV_SIZE);
   return { version, iv, ciphertext };
 }
+async function encryptEntity(householdKey, entityId, entityType, keyType, entityData, options = {}) {
+  try {
+    const entityKeyBytes = await deriveEntityKey(householdKey, entityId, entityType);
+    const entityKey = await importEntityKey(entityKeyBytes);
+    const jsonData = JSON.stringify(entityData);
+    const dataBytes = stringToBytes(jsonData);
+    const iv = generateRandomBytes(IV_SIZE);
+    const encryptParams = {
+      name: "AES-GCM",
+      iv
+    };
+    if (options.additionalData) {
+      encryptParams.additionalData = options.additionalData;
+    }
+    const ciphertext = await crypto.subtle.encrypt(
+      encryptParams,
+      entityKey,
+      dataBytes
+    );
+    const result = {
+      entityId,
+      entityType,
+      keyType,
+      ciphertext: base64Encode(new Uint8Array(ciphertext)),
+      iv: base64Encode(iv),
+      encryptedAt: /* @__PURE__ */ new Date(),
+      derivedEntityKey: entityKeyBytes
+    };
+    return result;
+  } catch (error) {
+    throw new Error(
+      `Failed to encrypt ${entityType} entity ${entityId}: ${error instanceof Error ? error.message : "Unknown error"}`
+    );
+  }
+}
 async function decryptEntity(householdKey, encrypted, options = {}) {
   if (options.expectedType && encrypted.entityType !== options.expectedType) {
     throw new Error(
@@ -826,6 +874,12 @@ function getKeyTypeForEntity(entityType) {
   }
   return config.keyType;
 }
+function resolveEntityAlias(entityType) {
+  if (entityType in ENTITY_ALIASES) {
+    return ENTITY_ALIASES[entityType];
+  }
+  return entityType;
+}
 
 // ../types/src/options.ts
 var PERSONAL_LEGAL_DOCUMENT_TYPE_OPTIONS = [
@@ -1101,6 +1155,7 @@ var ENTITY_KEY_TYPE_MAP = {
     Object.entries(ENTITY_ALIASES).map(([alias, target]) => [alias, ENTITIES[target].keyType])
   )
 };
+var CURRENT_CRYPTO_VERSION = 1;
 
 // ../encryption/src/recoveryKey.ts
 var RECOVERY_KEY_SIZE = 16;
@@ -1315,6 +1370,38 @@ var RP_ID = typeof window !== "undefined" ? window.location.hostname : "estatehe
 
 // ../encryption/src/fileEncryption.ts
 var FILE_IV_SIZE = 12;
+async function encryptFileToBytes(householdKey, entityId, entityType, fileBytes, mimeType, options = {}) {
+  const keyDerivationId = options.fileId || entityId;
+  try {
+    const fileKeyBytes = await deriveEntityKey(householdKey, keyDerivationId, entityType);
+    const fileKey = await importEntityKey(fileKeyBytes);
+    const iv = generateRandomBytes(FILE_IV_SIZE);
+    const encryptParams = {
+      name: "AES-GCM",
+      iv
+    };
+    if (options.additionalData) {
+      encryptParams.additionalData = options.additionalData;
+    }
+    const ciphertext = await crypto.subtle.encrypt(
+      encryptParams,
+      fileKey,
+      fileBytes
+    );
+    const packed = new Uint8Array(FILE_IV_SIZE + ciphertext.byteLength);
+    packed.set(iv, 0);
+    packed.set(new Uint8Array(ciphertext), FILE_IV_SIZE);
+    return {
+      encryptedBytes: packed,
+      mimeType,
+      originalSize: fileBytes.length
+    };
+  } catch (error) {
+    throw new Error(
+      `Failed to encrypt file for ${entityType} ${keyDerivationId}: ${error instanceof Error ? error.message : "Unknown error"}`
+    );
+  }
+}
 async function decryptFileFromArrayBuffer(householdKey, entityId, entityType, encryptedArrayBuffer, mimeType) {
   const packed = new Uint8Array(encryptedArrayBuffer);
   if (packed.length < FILE_IV_SIZE + 16) {
@@ -1609,7 +1696,7 @@ function trackLogout() {
   trackEvent("mcp_logout");
 }
 function trackToolUse(tool) {
-  trackEvent("mcp_tool_use", { tool });
+  trackEvent(`mcp_${tool}`);
 }
 function trackSearch(resultCount, hasEntityType) {
   trackEvent("mcp_search", { resultCount, filtered: hasEntityType });
@@ -1895,7 +1982,7 @@ async function getPrivateKey(mcpToken) {
 // src/server.ts
 var import_server = require("@modelcontextprotocol/sdk/server/index.js");
 var import_stdio = require("@modelcontextprotocol/sdk/server/stdio.js");
-var import_types44 = require("@modelcontextprotocol/sdk/types.js");
+var import_types46 = require("@modelcontextprotocol/sdk/types.js");
 
 // ../cache-sqlite/src/sqliteStore.ts
 var import_better_sqlite3 = __toESM(require("better-sqlite3"));
@@ -2507,6 +2594,10 @@ async function loadHouseholdKeys(client, householdId, privateKey) {
 function getHouseholdKey(householdId, keyType) {
   return householdKeysCache.get(`${householdId}:${keyType}`);
 }
+function getHouseholdKeyForEntity(householdId, entityType) {
+  const keyType = getKeyTypeForEntity(entityType);
+  return getHouseholdKey(householdId, keyType);
+}
 async function getDecryptedEntities(householdId, entityType, privateKey) {
   const cache = getCache();
   const cacheEntry = await cache.getEntityCache(householdId, entityType);
@@ -3503,6 +3594,85 @@ function indexAllEntities(data) {
   return entities;
 }
 
+// ../utils/src/entityMerge.ts
+var ENTITY_METADATA_FIELDS = [
+  "id",
+  "created_at",
+  "updated_at",
+  "created_by",
+  "household_id",
+  "owner_user_id",
+  "version",
+  "key_type",
+  "entity_type",
+  "entityType",
+  "householdId",
+  "ownerUserId",
+  "createdAt",
+  "updatedAt",
+  "createdBy",
+  "keyType"
+];
+function deepMergeEntity(existing, partial) {
+  const result = { ...existing };
+  for (const key of Object.keys(partial)) {
+    const newValue = partial[key];
+    if (newValue === void 0) {
+      continue;
+    }
+    if (newValue === null) {
+      result[key] = null;
+      continue;
+    }
+    if (Array.isArray(newValue)) {
+      result[key] = [...newValue];
+      continue;
+    }
+    if (typeof newValue === "object" && newValue !== null && typeof result[key] === "object" && result[key] !== null && !Array.isArray(result[key])) {
+      result[key] = deepMergeEntity(
+        result[key],
+        newValue
+      );
+      continue;
+    }
+    result[key] = newValue;
+  }
+  return result;
+}
+function appendToEntityArrays(existing, appendToArrays) {
+  const result = { ...existing };
+  for (const [fieldName, itemsToAppend] of Object.entries(appendToArrays)) {
+    if (!Array.isArray(itemsToAppend) || itemsToAppend.length === 0) {
+      continue;
+    }
+    const existingArray = result[fieldName];
+    if (Array.isArray(existingArray)) {
+      ;
+      result[fieldName] = [...existingArray, ...itemsToAppend];
+    } else {
+      ;
+      result[fieldName] = [...itemsToAppend];
+    }
+  }
+  return result;
+}
+function normalizeEntityData(data) {
+  const normalized = { ...data };
+  if ("entity_type" in normalized && normalized.entity_type !== void 0 && !("person_type" in normalized && normalized.person_type !== void 0)) {
+    ;
+    normalized.person_type = normalized.entity_type;
+  }
+  delete normalized.entity_type;
+  return normalized;
+}
+function stripEntityMetadata(entity) {
+  const result = { ...entity };
+  for (const field of ENTITY_METADATA_FIELDS) {
+    delete result[field];
+  }
+  return result;
+}
+
 // ../list-data/src/adapters/contactAdapter.ts
 function getContactComputedFields(contact) {
   const computed = {
@@ -5061,6 +5231,388 @@ async function executeFileDownload(client, params) {
   }
 }
 
+// src/tools/entities.ts
+var import_fs = require("fs");
+var import_path = require("path");
+var import_ajv = __toESM(require("ajv"));
+var ajv = new import_ajv.default({ allErrors: true, strict: false });
+var schemaValidators = /* @__PURE__ */ new Map();
+function makeSchemaStrict(schema) {
+  const result = { ...schema };
+  if (result.properties && result.additionalProperties === void 0) {
+    result.additionalProperties = false;
+  }
+  if (result.definitions && typeof result.definitions === "object") {
+    const strictDefinitions = {};
+    for (const [name, def] of Object.entries(result.definitions)) {
+      if (def && typeof def === "object" && "properties" in def) {
+        strictDefinitions[name] = {
+          ...def,
+          additionalProperties: def.additionalProperties ?? false
+        };
+      } else {
+        strictDefinitions[name] = def;
+      }
+    }
+    result.definitions = strictDefinitions;
+  }
+  return result;
+}
+function findUnknownFields(data, schema) {
+  const validProperties = schema.properties;
+  if (!validProperties) {
+    return [];
+  }
+  const validKeys = new Set(Object.keys(validProperties));
+  const unknownFields = [];
+  for (const key of Object.keys(data)) {
+    if (!validKeys.has(key)) {
+      unknownFields.push(key);
+    }
+  }
+  return unknownFields;
+}
+var schemaCache = /* @__PURE__ */ new Map();
+function getSchemaDir() {
+  try {
+    const typesPath = require.resolve("@hearthcoo/types");
+    const typesDir = (0, import_path.dirname)((0, import_path.dirname)(typesPath));
+    return (0, import_path.join)(typesDir, "dist", "schemas");
+  } catch {
+    return (0, import_path.join)(process.cwd(), "..", "types", "dist", "schemas");
+  }
+}
+async function getSchemaValidator(entityType) {
+  if (schemaValidators.has(entityType)) {
+    return schemaValidators.get(entityType);
+  }
+  if (!SCHEMA_ENTITY_TYPES.includes(entityType)) {
+    console.error(`[Entities] No schema for ${entityType}, skipping validation`);
+    return null;
+  }
+  try {
+    const schemaDir = getSchemaDir();
+    const schemaPath = (0, import_path.join)(schemaDir, `${entityType}.json`);
+    console.error(`[Entities] Loading schema from: ${schemaPath}`);
+    const schemaContent = (0, import_fs.readFileSync)(schemaPath, "utf-8");
+    const schema = JSON.parse(schemaContent);
+    console.error(`[Entities] Schema loaded, properties:`, Object.keys(schema.properties || {}));
+    const strictSchema = makeSchemaStrict(schema);
+    console.error(`[Entities] Strict schema additionalProperties:`, strictSchema.additionalProperties);
+    const validator = ajv.compile(strictSchema);
+    schemaValidators.set(entityType, validator);
+    return validator;
+  } catch (err) {
+    console.error(`[Entities] Failed to load schema for ${entityType}:`, err);
+    return null;
+  }
+}
+async function getEntitySchema(entityTypeOrAlias) {
+  const entityType = resolveEntityAlias(entityTypeOrAlias);
+  if (!SCHEMA_ENTITY_TYPES.includes(entityType)) {
+    return {
+      success: false,
+      error: `No schema available for entity type: ${entityType}. Valid types with schemas: ${SCHEMA_ENTITY_TYPES.join(", ")}`
+    };
+  }
+  try {
+    const schemaDir = getSchemaDir();
+    const schemaPath = (0, import_path.join)(schemaDir, `${entityType}.json`);
+    const schemaContent = (0, import_fs.readFileSync)(schemaPath, "utf-8");
+    const schema = JSON.parse(schemaContent);
+    return {
+      success: true,
+      entityType,
+      schema: {
+        properties: schema.properties || {},
+        required: schema.required || [],
+        definitions: schema.definitions || {}
+      }
+    };
+  } catch (err) {
+    return {
+      success: false,
+      error: `Failed to load schema for ${entityType}: ${err instanceof Error ? err.message : "Unknown error"}`
+    };
+  }
+}
+async function executeCreateEntity(client, privateKey, params) {
+  const { householdId, data, entityId: providedId } = params;
+  const entityType = resolveEntityAlias(params.entityType);
+  try {
+    const householdKey = getHouseholdKeyForEntity(householdId, entityType);
+    if (!householdKey) {
+      return {
+        success: false,
+        error: `No encryption key available for ${entityType}. Ensure cache is synced.`
+      };
+    }
+    const validator = await getSchemaValidator(entityType);
+    if (validator && !validator(data)) {
+      const errors = ajv.errorsText(validator.errors);
+      return {
+        success: false,
+        error: `Validation failed: ${errors}`
+      };
+    }
+    const entityId = providedId || generateUUID();
+    const normalizedData = normalizeEntityData(stripEntityMetadata(data));
+    const keyType = getKeyTypeForEntity(entityType);
+    const encrypted = await encryptEntity(
+      householdKey,
+      entityId,
+      entityType,
+      keyType,
+      normalizedData
+    );
+    const encryptedBlob = packEncryptedBlob(
+      CURRENT_CRYPTO_VERSION,
+      base64Decode(encrypted.iv),
+      base64Decode(encrypted.ciphertext)
+    );
+    const response = await client.createEntity(householdId, {
+      id: entityId,
+      entityType,
+      keyType,
+      encryptedData: encryptedBlob,
+      cryptoVersion: CURRENT_CRYPTO_VERSION
+    });
+    await syncIfNeeded(client, privateKey, true);
+    return {
+      success: true,
+      entityId: response.id,
+      version: response.version
+    };
+  } catch (err) {
+    if (err.status === 409) {
+      return {
+        success: false,
+        error: "Entity with this ID already exists"
+      };
+    }
+    return {
+      success: false,
+      error: err.message || "Failed to create entity"
+    };
+  }
+}
+async function executeUpdateEntity(client, privateKey, params) {
+  const { householdId, entityId, data, appendToArrays } = params;
+  const entityType = resolveEntityAlias(params.entityType);
+  try {
+    const householdKey = getHouseholdKeyForEntity(householdId, entityType);
+    if (!householdKey) {
+      return {
+        success: false,
+        error: `No encryption key available for ${entityType}. Ensure cache is synced.`
+      };
+    }
+    let existingEntity;
+    try {
+      existingEntity = await client.getEntity(householdId, entityId);
+    } catch (err) {
+      if (err.status === 404) {
+        return {
+          success: false,
+          error: `Entity not found: ${entityId}`
+        };
+      }
+      throw err;
+    }
+    const { iv, ciphertext } = unpackEncryptedBlob(existingEntity.encryptedData);
+    const encryptedForDecrypt = {
+      entityId: existingEntity.id,
+      entityType: existingEntity.entityType,
+      keyType: existingEntity.keyType,
+      ciphertext: base64Encode(ciphertext),
+      iv: base64Encode(iv),
+      encryptedAt: new Date(existingEntity.createdAt),
+      derivedEntityKey: new Uint8Array()
+    };
+    const existingData = await decryptEntity(
+      householdKey,
+      encryptedForDecrypt
+    );
+    const cleanExisting = stripEntityMetadata(existingData);
+    const strippedPartial = stripEntityMetadata(data);
+    let mergedData = deepMergeEntity(cleanExisting, strippedPartial);
+    if (appendToArrays && Object.keys(appendToArrays).length > 0) {
+      mergedData = appendToEntityArrays(mergedData, appendToArrays);
+    }
+    const normalizedData = normalizeEntityData(mergedData);
+    if (SCHEMA_ENTITY_TYPES.includes(entityType)) {
+      try {
+        if (!schemaCache.has(entityType)) {
+          const schemaDir = getSchemaDir();
+          const schemaPath = (0, import_path.join)(schemaDir, `${entityType}.json`);
+          const schemaContent = (0, import_fs.readFileSync)(schemaPath, "utf-8");
+          schemaCache.set(entityType, JSON.parse(schemaContent));
+        }
+        const schema = schemaCache.get(entityType);
+        const newFieldsToValidate = stripEntityMetadata(data);
+        const unknownFields = findUnknownFields(newFieldsToValidate, schema);
+        if (unknownFields.length > 0) {
+          const validFields = Object.keys(schema.properties || {});
+          return {
+            success: false,
+            error: `Unknown fields: ${unknownFields.join(", ")}. Valid fields are: ${validFields.join(", ")}`
+          };
+        }
+      } catch (err) {
+        console.error(`[Entities] Failed to validate new fields:`, err);
+      }
+    }
+    const keyType = getKeyTypeForEntity(entityType);
+    const encrypted = await encryptEntity(
+      householdKey,
+      entityId,
+      entityType,
+      keyType,
+      normalizedData
+    );
+    const encryptedBlob = packEncryptedBlob(
+      CURRENT_CRYPTO_VERSION,
+      base64Decode(encrypted.iv),
+      base64Decode(encrypted.ciphertext)
+    );
+    try {
+      const response = await client.updateEntity(
+        householdId,
+        entityId,
+        {
+          keyType,
+          encryptedData: encryptedBlob,
+          cryptoVersion: CURRENT_CRYPTO_VERSION
+        },
+        existingEntity.version
+      );
+      await syncIfNeeded(client, privateKey, true);
+      return {
+        success: true,
+        version: response.version
+      };
+    } catch (err) {
+      if (err.status === 412 || err.code === "VERSION_CONFLICT") {
+        return {
+          success: false,
+          error: "VERSION_CONFLICT: Entity was modified by another user. Please retry."
+        };
+      }
+      throw err;
+    }
+  } catch (err) {
+    return {
+      success: false,
+      error: err.message || "Failed to update entity"
+    };
+  }
+}
+
+// src/tools/upload.ts
+var import_promises = require("fs/promises");
+var import_path2 = require("path");
+var CRYPTO_VERSION = 2;
+async function executeFileUpload(client, params) {
+  const { householdId, entityId, filePath, mimeType } = params;
+  const entityType = resolveEntityAlias(params.entityType);
+  try {
+    const householdKey = getHouseholdKeyForEntity(householdId, entityType);
+    if (!householdKey) {
+      return {
+        success: false,
+        error: `No encryption key available for ${entityType}. Ensure cache is synced.`
+      };
+    }
+    let fileBytes;
+    let fileName;
+    try {
+      const buffer = await (0, import_promises.readFile)(filePath);
+      fileBytes = new Uint8Array(buffer);
+      fileName = (0, import_path2.basename)(filePath);
+    } catch (err) {
+      return {
+        success: false,
+        error: `Failed to read file: ${err.message}`
+      };
+    }
+    const fileSizeBytes = fileBytes.length;
+    const keyType = getKeyTypeForEntity(entityType);
+    const uploadUrlResponse = await client.post(
+      `/households/${householdId}/files/upload-url`,
+      {
+        contentType: mimeType,
+        keyType,
+        fileSizeBytes,
+        includeThumbnailUrl: false
+        // MCP doesn't generate thumbnails
+      }
+    );
+    const fileId = uploadUrlResponse.fileId;
+    const encrypted = await encryptFileToBytes(
+      householdKey,
+      entityId,
+      entityType,
+      fileBytes,
+      mimeType,
+      { fileId }
+    );
+    const uploadResponse = await fetch(uploadUrlResponse.url, {
+      method: "PUT",
+      headers: {
+        "Content-Type": "application/octet-stream"
+      },
+      body: encrypted.encryptedBytes
+    });
+    if (!uploadResponse.ok) {
+      return {
+        success: false,
+        error: `Upload to storage failed: ${uploadResponse.status}`
+      };
+    }
+    const ext = fileName.includes(".") ? fileName.split(".").pop() : "";
+    const genericName = ext ? `file.${ext}` : "file";
+    const metadataResponse = await client.post(
+      `/households/${householdId}/files`,
+      {
+        fileId,
+        storagePath: uploadUrlResponse.storagePath,
+        entityId,
+        entityType,
+        fileName: genericName,
+        // Real name is in encrypted entity
+        fileType: mimeType,
+        fileSizeBytes,
+        keyType,
+        cryptoVersion: CRYPTO_VERSION
+      }
+    );
+    return {
+      success: true,
+      fileId: metadataResponse.id,
+      fileName,
+      mimeType,
+      size: fileSizeBytes
+    };
+  } catch (err) {
+    if (err.status === 402) {
+      return {
+        success: false,
+        error: "File uploads require an active subscription"
+      };
+    }
+    if (err.status === 400 && err.error?.error === "attachment_error") {
+      return {
+        success: false,
+        error: err.error?.message || "File type or size not allowed"
+      };
+    }
+    return {
+      success: false,
+      error: err.message || "Failed to upload file"
+    };
+  }
+}
+
 // src/server.ts
 async function startServer(mode, mcpToken) {
   const config = loadConfig();
@@ -5102,7 +5654,7 @@ async function startServer(mode, mcpToken) {
       }
     }
   );
-  server.setRequestHandler(import_types44.ListResourcesRequestSchema, async () => {
+  server.setRequestHandler(import_types46.ListResourcesRequestSchema, async () => {
     const households = await listHouseholds();
     const resources = [
       {
@@ -5130,7 +5682,7 @@ async function startServer(mode, mcpToken) {
     }
     return { resources };
   });
-  server.setRequestHandler(import_types44.ReadResourceRequestSchema, async (request) => {
+  server.setRequestHandler(import_types46.ReadResourceRequestSchema, async (request) => {
     const uri = request.params.uri;
     const parsed = parseResourceUri(uri);
     if (!parsed) {
@@ -5159,7 +5711,7 @@ async function startServer(mode, mcpToken) {
       ]
     };
   });
-  server.setRequestHandler(import_types44.ListToolsRequestSchema, async () => {
+  server.setRequestHandler(import_types46.ListToolsRequestSchema, async () => {
     return {
       tools: [
         {
@@ -5248,11 +5800,111 @@ async function startServer(mode, mcpToken) {
             type: "object",
             properties: {}
           }
+        },
+        {
+          name: "get_entity_schema",
+          description: "Get the JSON schema for an entity type. Use this BEFORE create_entity or update_entity to discover valid field names and types.",
+          inputSchema: {
+            type: "object",
+            properties: {
+              entityType: {
+                type: "string",
+                description: "Entity type (e.g., pet, vehicle, insurance_policy, contact)"
+              }
+            },
+            required: ["entityType"]
+          }
+        },
+        {
+          name: "create_entity",
+          description: "Create a new encrypted entity. IMPORTANT: Call get_entity_schema first to discover valid field names - unknown fields will be rejected.",
+          inputSchema: {
+            type: "object",
+            properties: {
+              householdId: {
+                type: "string",
+                description: "The household ID to create the entity in"
+              },
+              entityType: {
+                type: "string",
+                description: "Entity type (e.g., pet, vehicle, insurance_policy, contact)"
+              },
+              data: {
+                type: "object",
+                description: "Entity data fields - must match schema from get_entity_schema"
+              },
+              entityId: {
+                type: "string",
+                description: "Optional: Pre-generated entity ID"
+              }
+            },
+            required: ["householdId", "entityType", "data"]
+          }
+        },
+        {
+          name: "update_entity",
+          description: "Update an existing entity with partial data. IMPORTANT: Call get_entity_schema first to discover valid field names - unknown fields will be rejected. Only fields provided will be changed; all other fields are preserved.",
+          inputSchema: {
+            type: "object",
+            properties: {
+              householdId: {
+                type: "string",
+                description: "The household ID"
+              },
+              entityType: {
+                type: "string",
+                description: "Entity type (e.g., pet, vehicle, insurance_policy)"
+              },
+              entityId: {
+                type: "string",
+                description: "The entity ID to update"
+              },
+              data: {
+                type: "object",
+                description: "Partial entity data - must match schema from get_entity_schema"
+              },
+              appendToArrays: {
+                type: "object",
+                description: 'Optional: Object mapping array field names to items to append (e.g., { photo_history: [{ file_id: "...", date: "..." }] })'
+              }
+            },
+            required: ["householdId", "entityType", "entityId", "data"]
+          }
+        },
+        {
+          name: "upload_file",
+          description: "Upload and encrypt a file attachment from disk. Returns a file ID that can be linked to an entity via update_entity with appendToArrays.",
+          inputSchema: {
+            type: "object",
+            properties: {
+              householdId: {
+                type: "string",
+                description: "The household ID"
+              },
+              entityId: {
+                type: "string",
+                description: "The entity ID to attach the file to"
+              },
+              entityType: {
+                type: "string",
+                description: "The entity type (e.g., pet, vehicle, insurance)"
+              },
+              filePath: {
+                type: "string",
+                description: "Absolute path to the file on disk"
+              },
+              mimeType: {
+                type: "string",
+                description: 'MIME type (e.g., "image/jpeg", "application/pdf")'
+              }
+            },
+            required: ["householdId", "entityId", "entityType", "filePath", "mimeType"]
+          }
         }
       ]
     };
   });
-  server.setRequestHandler(import_types44.CallToolRequestSchema, async (request) => {
+  server.setRequestHandler(import_types46.CallToolRequestSchema, async (request) => {
     const { name, arguments: args } = request.params;
     trackToolUse(name);
     switch (name) {
@@ -5298,11 +5950,56 @@ async function startServer(mode, mcpToken) {
           }]
         };
       }
+      case "get_entity_schema": {
+        const { entityType } = args;
+        const result = await getEntitySchema(entityType);
+        return {
+          content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
+        };
+      }
+      case "create_entity": {
+        const createArgs = args;
+        const result = await executeCreateEntity(client, privateKey, {
+          householdId: createArgs.householdId,
+          entityType: createArgs.entityType,
+          data: createArgs.data,
+          entityId: createArgs.entityId
+        });
+        return {
+          content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
+        };
+      }
+      case "update_entity": {
+        const updateArgs = args;
+        const result = await executeUpdateEntity(client, privateKey, {
+          householdId: updateArgs.householdId,
+          entityType: updateArgs.entityType,
+          entityId: updateArgs.entityId,
+          data: updateArgs.data,
+          appendToArrays: updateArgs.appendToArrays
+        });
+        return {
+          content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
+        };
+      }
+      case "upload_file": {
+        const uploadArgs = args;
+        const result = await executeFileUpload(client, {
+          householdId: uploadArgs.householdId,
+          entityId: uploadArgs.entityId,
+          entityType: uploadArgs.entityType,
+          filePath: uploadArgs.filePath,
+          mimeType: uploadArgs.mimeType
+        });
+        return {
+          content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
+        };
+      }
       default:
         throw new Error(`Unknown tool: ${name}`);
     }
   });
-  server.setRequestHandler(import_types44.ListPromptsRequestSchema, async () => {
+  server.setRequestHandler(import_types46.ListPromptsRequestSchema, async () => {
     return {
       prompts: [
         {
@@ -5335,7 +6032,7 @@ async function startServer(mode, mcpToken) {
       ]
     };
   });
-  server.setRequestHandler(import_types44.GetPromptRequestSchema, async (request) => {
+  server.setRequestHandler(import_types46.GetPromptRequestSchema, async (request) => {
     const { name, arguments: args } = request.params;
     switch (name) {
       case "household_summary": {