pim-mcp-server 1.0.0

package/README.md

@@ -0,0 +1,175 @@
+# PIM MCP Server
+
+MCP server (stdio transport) that wraps the PIM Gateway REST API into typed MCP tools. Provides email, calendar, and task management capabilities to AI agents.
+
+## Prerequisites
+
+- Node.js 20+
+- PIM Gateway running behind Kong
+- Authentik OAuth2 credentials
+
+## Installation
+
+### From npm
+
+```bash
+npm install -g pim-mcp-server
+```
+
+Or run directly with npx:
+
+```bash
+npx pim-mcp-server
+```
+
+### From source
+
+```bash
+cd pim-mcp-server
+npm install
+npm run build
+```
+
+## Environment Variables
+
+| Variable | Required | Default | Description |
+|---|---|---|---|
+| `PIM_AUTHENTIK_URL` | Yes | — | Authentik URL (e.g. `https://argus:9443`) |
+| `PIM_KONG_URL` | Yes | — | Kong proxy URL (e.g. `https://argus:8443`) |
+| `PIM_CLIENT_ID` | No | `pim-gateway` | OAuth2 client ID |
+| `PIM_CLIENT_SECRET` | Yes | — | OAuth2 client secret |
+
+## Available Tools (24)
+
+### Email (9)
+| Tool | Description |
+|---|---|
+| `pim_list_emails` | List emails from a Gmail label |
+| `pim_search_emails` | Search emails using Gmail query syntax |
+| `pim_get_email` | Get full email content |
+| `pim_send_email` | Send a new email |
+| `pim_reply_email` | Reply to an email |
+| `pim_list_attachments` | List email attachments |
+| `pim_download_attachment` | Download an attachment |
+| `pim_trash_email` | Trash an email (admin) |
+| `pim_delete_email` | Permanently delete (admin) |
+
+### Calendar (5)
+| Tool | Description |
+|---|---|
+| `pim_list_events` | List events in a time range |
+| `pim_get_event` | Get event details |
+| `pim_create_event` | Create a new event |
+| `pim_update_event` | Update an event |
+| `pim_delete_event` | Delete an event (admin) |
+
+### Tasks (7)
+| Tool | Description |
+|---|---|
+| `pim_list_task_lists` | List all task lists |
+| `pim_list_tasks` | List tasks in a list |
+| `pim_get_task` | Get task details |
+| `pim_create_task` | Create a new task |
+| `pim_update_task` | Update a task |
+| `pim_complete_task` | Mark task complete |
+| `pim_delete_task` | Delete a task (admin) |
+
+### Health & Admin (3)
+| Tool | Description |
+|---|---|
+| `pim_health` | Liveness check |
+| `pim_health_ready` | Readiness check (DB + Google API) |
+| `pim_audit_log` | Query audit log (admin) |
+
+## Client Configuration
+
+### Claude Code
+
+Add to `.claude/settings.json` or project `settings.json`:
+
+```json
+{
+  "mcpServers": {
+    "pim": {
+      "command": "npx",
+      "args": ["pim-mcp-server"],
+      "env": {
+        "PIM_AUTHENTIK_URL": "https://argus:9443",
+        "PIM_KONG_URL": "https://argus:8443",
+        "PIM_CLIENT_SECRET": "<your-secret>"
+      }
+    }
+  }
+}
+```
+
+### Claude Desktop
+
+Add to `claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "pim": {
+      "command": "npx",
+      "args": ["pim-mcp-server"],
+      "env": {
+        "PIM_AUTHENTIK_URL": "https://argus:9443",
+        "PIM_KONG_URL": "https://argus:8443",
+        "PIM_CLIENT_SECRET": "<your-secret>"
+      }
+    }
+  }
+}
+```
+
+### OpenClaw (on Jarvis)
+
+```bash
+export PIM_AUTHENTIK_URL=https://argus:9443
+export PIM_KONG_URL=https://argus:8443
+export PIM_CLIENT_SECRET=<your-secret>
+npx pim-mcp-server
+```
+
+## Testing
+
+Run the smoke test to verify connectivity:
+
+```bash
+PIM_AUTHENTIK_URL=https://argus:9443 \
+PIM_KONG_URL=https://argus:8443 \
+PIM_CLIENT_SECRET=<your-secret> \
+npm test
+```
+
+## Building & Publishing
+
+### Build
+
+```bash
+npm run build    # compiles TypeScript to dist/
+```
+
+### Publish to npm
+
+Requires npm login with 2FA:
+
+```bash
+npm login
+npm publish --otp=<2fa-code>
+```
+
+To publish a new version:
+
+```bash
+npm version patch   # or minor, major
+npm publish --otp=<2fa-code>
+```
+
+## Design
+
+- **Role-agnostic:** All endpoints are exposed. RBAC is enforced by the PIM Gateway, not this server. The same binary serves OpenClaw (agent role) and Claude Desktop (admin role) — only the credentials differ.
+- **Auth caching:** JWT tokens are cached in memory and auto-refreshed 30 seconds before expiry. On 401, the token is force-refreshed and the request retried once.
+- **Full envelope:** Tool responses return the complete PIM Gateway response envelope (`status`, `data`, `error`, `meta`) for debugging and traceability.
+- **Logging:** Token refreshes and API calls (method, path, status, duration) are logged to stderr.

package/dist/auth.d.ts

@@ -0,0 +1,13 @@
+export declare class TokenManager {
+    private authentikUrl;
+    private clientId;
+    private clientSecret;
+    private token;
+    private expiresAt;
+    private refreshing;
+    constructor(authentikUrl: string, clientId: string, clientSecret: string);
+    getToken(): Promise<string>;
+    forceRefresh(): Promise<string>;
+    private refresh;
+    private fetchToken;
+}

package/dist/auth.js

@@ -0,0 +1,62 @@
+// Skip TLS verification for self-signed certs
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
+export class TokenManager {
+    authentikUrl;
+    clientId;
+    clientSecret;
+    token = null;
+    expiresAt = 0;
+    refreshing = null;
+    constructor(authentikUrl, clientId, clientSecret) {
+        this.authentikUrl = authentikUrl;
+        this.clientId = clientId;
+        this.clientSecret = clientSecret;
+    }
+    async getToken() {
+        if (this.token && Date.now() / 1000 < this.expiresAt - 30) {
+            return this.token;
+        }
+        return this.refresh();
+    }
+    async forceRefresh() {
+        this.token = null;
+        this.expiresAt = 0;
+        return this.refresh();
+    }
+    async refresh() {
+        if (this.refreshing)
+            return this.refreshing;
+        this.refreshing = this.fetchToken();
+        try {
+            return await this.refreshing;
+        }
+        finally {
+            this.refreshing = null;
+        }
+    }
+    async fetchToken() {
+        const url = `${this.authentikUrl}/application/o/token/`;
+        const body = new URLSearchParams({
+            grant_type: "client_credentials",
+            client_id: this.clientId,
+            client_secret: this.clientSecret,
+            scope: "openid pim-role",
+        });
+        const start = Date.now();
+        const resp = await fetch(url, {
+            method: "POST",
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            body: body.toString(),
+        });
+        if (!resp.ok) {
+            const text = await resp.text();
+            throw new Error(`Token request failed (${resp.status}): ${text}`);
+        }
+        const data = (await resp.json());
+        this.token = data.access_token;
+        this.expiresAt = Date.now() / 1000 + data.expires_in;
+        const duration = Date.now() - start;
+        console.error(`[auth] Token refreshed (expires in ${data.expires_in}s, took ${duration}ms)`);
+        return this.token;
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,40 @@
+#!/usr/bin/env node
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { TokenManager } from "./auth.js";
+import { PIMClient } from "./pim-client.js";
+import { registerEmailTools } from "./tools/email.js";
+import { registerCalendarTools } from "./tools/calendar.js";
+import { registerTasksTools } from "./tools/tasks.js";
+import { registerHealthTools } from "./tools/health.js";
+function requiredEnv(name) {
+    const value = process.env[name];
+    if (!value) {
+        console.error(`[pim-mcp] ERROR: ${name} environment variable is required`);
+        process.exit(1);
+    }
+    return value;
+}
+const authentikUrl = requiredEnv("PIM_AUTHENTIK_URL");
+const kongUrl = requiredEnv("PIM_KONG_URL");
+const clientId = process.env.PIM_CLIENT_ID ?? "pim-gateway";
+const clientSecret = requiredEnv("PIM_CLIENT_SECRET");
+const tokenManager = new TokenManager(authentikUrl, clientId, clientSecret);
+const pimClient = new PIMClient(kongUrl, tokenManager);
+const server = new McpServer({
+    name: "pim-gateway",
+    version: "1.0.0",
+});
+registerEmailTools(server, pimClient);
+registerCalendarTools(server, pimClient);
+registerTasksTools(server, pimClient);
+registerHealthTools(server, pimClient);
+async function main() {
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    console.error("[pim-mcp] Server started (stdio transport)");
+}
+main().catch((err) => {
+    console.error("[pim-mcp] Fatal error:", err);
+    process.exit(1);
+});

package/dist/pim-client.d.ts

@@ -0,0 +1,13 @@
+import type { TokenManager } from "./auth.js";
+interface RequestOptions {
+    params?: Record<string, string | number | boolean | undefined>;
+    json?: Record<string, unknown>;
+}
+export declare class PIMClient {
+    private kongUrl;
+    private tokenManager;
+    constructor(kongUrl: string, tokenManager: TokenManager);
+    request(method: string, path: string, opts?: RequestOptions): Promise<Record<string, unknown>>;
+    private doRequest;
+}
+export {};

package/dist/pim-client.js

@@ -0,0 +1,58 @@
+export class PIMClient {
+    kongUrl;
+    tokenManager;
+    constructor(kongUrl, tokenManager) {
+        this.kongUrl = kongUrl;
+        this.tokenManager = tokenManager;
+    }
+    async request(method, path, opts) {
+        const result = await this.doRequest(method, path, opts);
+        if (result.status === 401) {
+            console.error(`[pim] 401 on ${method} ${path}, refreshing token...`);
+            await this.tokenManager.forceRefresh();
+            return this.doRequest(method, path, opts);
+        }
+        return result;
+    }
+    async doRequest(method, path, opts) {
+        const token = await this.tokenManager.getToken();
+        let url = `${this.kongUrl}/api/v1/pim${path}`;
+        if (opts?.params) {
+            const searchParams = new URLSearchParams();
+            for (const [key, value] of Object.entries(opts.params)) {
+                if (value !== undefined && value !== null) {
+                    searchParams.set(key, String(value));
+                }
+            }
+            const qs = searchParams.toString();
+            if (qs)
+                url += `?${qs}`;
+        }
+        const headers = {
+            Authorization: `Bearer ${token}`,
+        };
+        const fetchOpts = {
+            method,
+            headers,
+        };
+        if (opts?.json) {
+            headers["Content-Type"] = "application/json";
+            fetchOpts.body = JSON.stringify(opts.json);
+        }
+        const start = Date.now();
+        const resp = await fetch(url, fetchOpts);
+        const duration = Date.now() - start;
+        let body;
+        try {
+            body = (await resp.json());
+        }
+        catch {
+            body = { status: "error", error: { message: await resp.text() } };
+        }
+        console.error(`[pim] ${method} ${path} → ${resp.status} (${duration}ms)`);
+        if (!resp.ok && resp.status === 401) {
+            return { status: 401 };
+        }
+        return body;
+    }
+}

package/dist/tools/calendar.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import type { PIMClient } from "../pim-client.js";
+export declare function registerCalendarTools(server: McpServer, client: PIMClient): void;

package/dist/tools/calendar.js

@@ -0,0 +1,45 @@
+import { z } from "zod";
+function textResult(data) {
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+}
+export function registerCalendarTools(server, client) {
+    server.tool("pim_list_events", "List calendar events within a time range", {
+        time_min: z.string().optional().describe("Start of range (ISO8601, defaults to now)"),
+        time_max: z.string().optional().describe("End of range (ISO8601, defaults to +7 days)"),
+        max_results: z.number().default(50).describe("Number of results (1-250)"),
+        calendar_id: z.string().default("primary").describe("Calendar to query"),
+        q: z.string().optional().describe("Free-text search query"),
+    }, async (params) => textResult(await client.request("GET", "/calendar/events", { params })));
+    server.tool("pim_get_event", "Get details of a specific calendar event", {
+        event_id: z.string().describe("Event ID"),
+        calendar_id: z.string().default("primary").describe("Calendar to query"),
+    }, async ({ event_id, calendar_id }) => textResult(await client.request("GET", `/calendar/events/${event_id}`, {
+        params: { calendar_id },
+    })));
+    server.tool("pim_create_event", "Create a new calendar event", {
+        summary: z.string().describe("Event title"),
+        start: z.string().describe("Start time (ISO8601 with timezone)"),
+        end: z.string().describe("End time (ISO8601 with timezone)"),
+        description: z.string().optional().describe("Event description"),
+        location: z.string().optional().describe("Event location"),
+        attendees: z.array(z.string()).optional().describe("Attendee email addresses"),
+    }, async (params) => textResult(await client.request("POST", "/calendar/events", { json: params })));
+    server.tool("pim_update_event", "Update a calendar event (only include fields to change)", {
+        event_id: z.string().describe("Event ID"),
+        calendar_id: z.string().default("primary").describe("Calendar"),
+        summary: z.string().optional().describe("New title"),
+        start: z.string().optional().describe("New start time (ISO8601)"),
+        end: z.string().optional().describe("New end time (ISO8601)"),
+        description: z.string().optional().describe("New description"),
+        location: z.string().optional().describe("New location"),
+    }, async ({ event_id, calendar_id, ...updates }) => textResult(await client.request("PUT", `/calendar/events/${event_id}`, {
+        params: { calendar_id },
+        json: updates,
+    })));
+    server.tool("pim_delete_event", "Delete a calendar event (requires admin role)", {
+        event_id: z.string().describe("Event ID"),
+        calendar_id: z.string().default("primary").describe("Calendar"),
+    }, async ({ event_id, calendar_id }) => textResult(await client.request("DELETE", `/calendar/events/${event_id}`, {
+        params: { calendar_id },
+    })));
+}

package/dist/tools/email.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import type { PIMClient } from "../pim-client.js";
+export declare function registerEmailTools(server: McpServer, client: PIMClient): void;

package/dist/tools/email.js

@@ -0,0 +1,58 @@
+import { z } from "zod";
+function textResult(data) {
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+}
+export function registerEmailTools(server, client) {
+    server.tool("pim_list_emails", "List emails from a Gmail label", {
+        label: z.string().default("INBOX").describe("Gmail label (INBOX, SENT, etc.)"),
+        max_results: z.number().default(20).describe("Number of results (1-100)"),
+        page_token: z.string().optional().describe("Pagination token from previous response"),
+    }, async (params) => textResult(await client.request("GET", "/email/messages", { params })));
+    server.tool("pim_search_emails", "Search emails using Gmail query syntax (e.g. 'from:alice subject:meeting', 'is:unread')", {
+        q: z.string().describe("Gmail search query"),
+        max_results: z.number().default(20).describe("Number of results (1-100)"),
+        page_token: z.string().optional().describe("Pagination token"),
+    }, async (params) => textResult(await client.request("GET", "/email/messages/search", { params })));
+    server.tool("pim_get_email", "Get full email content including body, cc, bcc, and attachments info", {
+        message_id: z.string().describe("Gmail message ID"),
+    }, async ({ message_id }) => textResult(await client.request("GET", `/email/messages/${message_id}`)));
+    server.tool("pim_send_email", "Send a new email", {
+        to: z.array(z.string()).describe("Recipient email addresses"),
+        subject: z.string().describe("Email subject"),
+        body: z.string().describe("Email body text"),
+        body_type: z.enum(["plain", "html"]).default("plain").describe("Body format"),
+        cc: z.array(z.string()).optional().describe("CC recipients"),
+        bcc: z.array(z.string()).optional().describe("BCC recipients"),
+    }, async (params) => textResult(await client.request("POST", "/email/messages/send", {
+        json: {
+            to: params.to,
+            subject: params.subject,
+            body: params.body,
+            body_type: params.body_type,
+            cc: params.cc ?? [],
+            bcc: params.bcc ?? [],
+        },
+    })));
+    server.tool("pim_reply_email", "Reply to an email (auto-sets In-Reply-To and thread headers)", {
+        message_id: z.string().describe("Message ID to reply to"),
+        body: z.string().describe("Reply body text"),
+        body_type: z.enum(["plain", "html"]).default("plain").describe("Body format"),
+        cc: z.array(z.string()).optional().describe("CC recipients"),
+        bcc: z.array(z.string()).optional().describe("BCC recipients"),
+    }, async ({ message_id, ...rest }) => textResult(await client.request("POST", `/email/messages/${message_id}/reply`, {
+        json: { body: rest.body, body_type: rest.body_type, cc: rest.cc ?? [], bcc: rest.bcc ?? [] },
+    })));
+    server.tool("pim_list_attachments", "List attachments for an email (returns id, filename, mime_type, size)", {
+        message_id: z.string().describe("Gmail message ID"),
+    }, async ({ message_id }) => textResult(await client.request("GET", `/email/messages/${message_id}/attachments`)));
+    server.tool("pim_download_attachment", "Download an email attachment (returns metadata; binary content not supported via MCP)", {
+        message_id: z.string().describe("Gmail message ID"),
+        attachment_id: z.string().describe("Attachment ID"),
+    }, async ({ message_id, attachment_id }) => textResult(await client.request("GET", `/email/messages/${message_id}/attachments/${attachment_id}`)));
+    server.tool("pim_trash_email", "Move an email to trash (requires admin role)", {
+        message_id: z.string().describe("Gmail message ID"),
+    }, async ({ message_id }) => textResult(await client.request("DELETE", `/email/messages/${message_id}`)));
+    server.tool("pim_delete_email", "Permanently delete an email (requires admin role, irreversible)", {
+        message_id: z.string().describe("Gmail message ID"),
+    }, async ({ message_id }) => textResult(await client.request("DELETE", `/email/messages/${message_id}/permanent`)));
+}

package/dist/tools/health.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import type { PIMClient } from "../pim-client.js";
+export declare function registerHealthTools(server: McpServer, client: PIMClient): void;

package/dist/tools/health.js

@@ -0,0 +1,16 @@
+import { z } from "zod";
+function textResult(data) {
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+}
+export function registerHealthTools(server, client) {
+    server.tool("pim_health", "Check PIM Gateway liveness", {}, async () => textResult(await client.request("GET", "/health")));
+    server.tool("pim_health_ready", "Check PIM Gateway readiness (database + Google API connectivity)", {}, async () => textResult(await client.request("GET", "/health/ready")));
+    server.tool("pim_audit_log", "Query the audit log (requires admin role)", {
+        since: z.string().optional().describe("Start time (ISO8601, defaults to -24h)"),
+        until: z.string().optional().describe("End time (ISO8601, defaults to now)"),
+        subject: z.string().optional().describe("Filter by JWT subject"),
+        path: z.string().optional().describe("Filter by request path prefix"),
+        status_code: z.number().optional().describe("Filter by HTTP status code"),
+        limit: z.number().default(100).describe("Max results (1-1000)"),
+    }, async (params) => textResult(await client.request("GET", "/admin/audit", { params })));
+}

package/dist/tools/tasks.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import type { PIMClient } from "../pim-client.js";
+export declare function registerTasksTools(server: McpServer, client: PIMClient): void;

package/dist/tools/tasks.js

@@ -0,0 +1,39 @@
+import { z } from "zod";
+function textResult(data) {
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+}
+export function registerTasksTools(server, client) {
+    server.tool("pim_list_task_lists", "List all task lists", {}, async () => textResult(await client.request("GET", "/tasks/lists")));
+    server.tool("pim_list_tasks", "List tasks in a task list", {
+        list_id: z.string().describe("Task list ID"),
+        show_completed: z.boolean().default(false).describe("Include completed tasks"),
+        max_results: z.number().default(50).describe("Number of results (1-100)"),
+        page_token: z.string().optional().describe("Pagination token"),
+    }, async ({ list_id, ...params }) => textResult(await client.request("GET", `/tasks/lists/${list_id}/tasks`, { params })));
+    server.tool("pim_get_task", "Get details of a specific task", {
+        list_id: z.string().describe("Task list ID"),
+        task_id: z.string().describe("Task ID"),
+    }, async ({ list_id, task_id }) => textResult(await client.request("GET", `/tasks/lists/${list_id}/tasks/${task_id}`)));
+    server.tool("pim_create_task", "Create a new task", {
+        list_id: z.string().describe("Task list ID"),
+        title: z.string().describe("Task title"),
+        notes: z.string().optional().describe("Task notes/description"),
+        due: z.string().optional().describe("Due date (ISO8601 date: YYYY-MM-DD)"),
+    }, async ({ list_id, ...body }) => textResult(await client.request("POST", `/tasks/lists/${list_id}/tasks`, { json: body })));
+    server.tool("pim_update_task", "Update a task (only include fields to change)", {
+        list_id: z.string().describe("Task list ID"),
+        task_id: z.string().describe("Task ID"),
+        title: z.string().optional().describe("New title"),
+        notes: z.string().optional().describe("New notes"),
+        due: z.string().optional().describe("New due date (ISO8601)"),
+        status: z.string().optional().describe("New status"),
+    }, async ({ list_id, task_id, ...updates }) => textResult(await client.request("PUT", `/tasks/lists/${list_id}/tasks/${task_id}`, { json: updates })));
+    server.tool("pim_complete_task", "Mark a task as complete", {
+        list_id: z.string().describe("Task list ID"),
+        task_id: z.string().describe("Task ID"),
+    }, async ({ list_id, task_id }) => textResult(await client.request("PATCH", `/tasks/lists/${list_id}/tasks/${task_id}/complete`)));
+    server.tool("pim_delete_task", "Delete a task (requires admin role)", {
+        list_id: z.string().describe("Task list ID"),
+        task_id: z.string().describe("Task ID"),
+    }, async ({ list_id, task_id }) => textResult(await client.request("DELETE", `/tasks/lists/${list_id}/tasks/${task_id}`)));
+}

package/package.json

@@ -0,0 +1,52 @@
+{
+  "name": "pim-mcp-server",
+  "version": "1.0.0",
+  "description": "MCP server for PIM Gateway — email, calendar, and tasks management via typed MCP tools",
+  "type": "module",
+  "main": "dist/index.js",
+  "bin": {
+    "pim-mcp-server": "dist/index.js"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "prepublishOnly": "npm run build",
+    "start": "node dist/index.js",
+    "dev": "tsx src/index.ts",
+    "test": "tsx scripts/test.ts"
+  },
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "pim",
+    "email",
+    "calendar",
+    "tasks",
+    "gmail",
+    "google-calendar",
+    "google-tasks",
+    "ai-agent"
+  ],
+  "author": "Michael Tan",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/michaeltansg/pim-gateway.git",
+    "directory": "pim-mcp-server"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.27.0",
+    "zod": "^3.25.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.8.0",
+    "tsx": "^4.19.0",
+    "@types/node": "^22.0.0"
+  }
+}