zola-mcp 1.3.2 → 1.4.0

package/.claude-plugin/marketplace.json

@@ -7,7 +7,7 @@
   },
   "metadata": {
     "description": "Zola wedding planning tools for Claude Code",
-    "version": "1.3.2"
+    "version": "1.4.0"
   },
   "plugins": [
     {
@@ -15,7 +15,7 @@
       "displayName": "Zola",
       "source": "./",
       "description": "Zola wedding planning tools for Claude — vendors, budget, guests, seating, events, registry, inquiries, and more via MCP",
-      "version": "1.3.2",
+      "version": "1.4.0",
       "author": {
         "name": "Chris Chall"
       },

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "zola",
   "displayName": "Zola",
-  "version": "1.3.2",
+  "version": "1.4.0",
   "description": "Zola wedding planning tools for Claude — vendors, budget, guests, seating, events, registry, inquiries, and more via MCP",
   "author": {
     "name": "Chris Chall",

package/dist/bundle.js

@@ -34809,7 +34809,9 @@ var KNOWN_CAPABILITIES = /* @__PURE__ */ new Set([
   "read_local_storage",
   "read_session_storage",
   "capture_request_header",
-  "read_indexed_db"
+  "capture_redirect",
+  "read_indexed_db",
+  "download"
 ]);
 
 // node_modules/@fetchproxy/protocol/dist/mcp-id.js
@@ -35369,6 +35371,31 @@ function validateInnerRequest(raw) {
     }
     return raw;
   }
+  if (raw.op === "capture_redirect") {
+    assertObject(raw.init, "inner.init");
+    if (raw.init.host === void 0) {
+      throw new ProtocolError("inner.init.host: missing");
+    }
+    assertString(raw.init.host, "inner.init.host");
+    if (!HOSTNAME_RE.test(raw.init.host)) {
+      throw new ProtocolError(`inner.init.host: invalid hostname ${JSON.stringify(raw.init.host)}`);
+    }
+    if (raw.init.path !== void 0) {
+      assertString(raw.init.path, "inner.init.path");
+      if (!CAPTURE_PATH_RE.test(raw.init.path)) {
+        throw new ProtocolError(`inner.init.path: must start with '/' ${JSON.stringify(raw.init.path)}`);
+      }
+    }
+    if (raw.init.timeoutMs !== void 0) {
+      assertPositiveInt(raw.init.timeoutMs, "inner.init.timeoutMs");
+    }
+    for (const k of Object.keys(raw.init)) {
+      if (k !== "host" && k !== "path" && k !== "timeoutMs") {
+        throw new ProtocolError(`inner.init: unexpected field ${JSON.stringify(k)} on capture_redirect`);
+      }
+    }
+    return raw;
+  }
   if (raw.op === "read_indexed_db") {
     assertObject(raw.init, "inner.init");
     if (raw.init.origin === void 0)
@@ -35394,7 +35421,32 @@ function validateInnerRequest(raw) {
     }
     return raw;
   }
-  throw new ProtocolError(`inner.op: must be one of "fetch", "read_cookies", "read_local_storage", "read_session_storage", "capture_request_header", "read_indexed_db"; got ${JSON.stringify(raw.op)}`);
+  if (raw.op === "download") {
+    assertObject(raw.init, "inner.init");
+    if (raw.init.url === void 0) {
+      throw new ProtocolError("inner.init.url: missing");
+    }
+    assertHttpUrl(raw.init.url, "inner.init.url");
+    if (raw.init.filename !== void 0) {
+      assertString(raw.init.filename, "inner.init.filename");
+      if (/^([/\\]|[A-Za-z]:)/.test(raw.init.filename)) {
+        throw new ProtocolError(`inner.init.filename: must be relative ${JSON.stringify(raw.init.filename)}`);
+      }
+      if (raw.init.filename.split(/[/\\]/).includes("..")) {
+        throw new ProtocolError(`inner.init.filename: must not contain '..' ${JSON.stringify(raw.init.filename)}`);
+      }
+    }
+    if (raw.init.timeoutMs !== void 0) {
+      assertPositiveInt(raw.init.timeoutMs, "inner.init.timeoutMs");
+    }
+    for (const k of Object.keys(raw.init)) {
+      if (k !== "url" && k !== "filename" && k !== "timeoutMs") {
+        throw new ProtocolError(`inner.init: unexpected field ${JSON.stringify(k)} on download`);
+      }
+    }
+    return raw;
+  }
+  throw new ProtocolError(`inner.op: must be one of "fetch", "read_cookies", "read_local_storage", "read_session_storage", "capture_request_header", "capture_redirect", "read_indexed_db", "download"; got ${JSON.stringify(raw.op)}`);
 }
 function assertNonEmptyKeyArray(value, label) {
   if (!Array.isArray(value)) {
@@ -35465,6 +35517,13 @@ function validateInnerResponse(raw) {
       assertString(raw.value, "inner.value");
       return raw;
     }
+    if (op === "capture_redirect") {
+      if (raw.value === void 0) {
+        throw new ProtocolError("inner.value: missing on capture_redirect response");
+      }
+      assertString(raw.value, "inner.value");
+      return raw;
+    }
     if (op === "read_indexed_db") {
       if (raw.values === void 0) {
         throw new ProtocolError("inner.values: missing on read_indexed_db response");
@@ -35472,6 +35531,25 @@ function validateInnerResponse(raw) {
       assertObject(raw.values, "inner.values");
       return raw;
     }
+    if (op === "download") {
+      assertObject(raw.value, "inner.value");
+      assertString(raw.value.path, "inner.value.path");
+      if (typeof raw.value.bytes !== "number" || !Number.isInteger(raw.value.bytes) || raw.value.bytes < 0) {
+        throw new ProtocolError("inner.value.bytes: expected non-negative integer");
+      }
+      if (raw.value.mime !== void 0) {
+        assertString(raw.value.mime, "inner.value.mime");
+      }
+      if (raw.value.finalUrl !== void 0) {
+        assertString(raw.value.finalUrl, "inner.value.finalUrl");
+      }
+      for (const k of Object.keys(raw.value)) {
+        if (k !== "path" && k !== "bytes" && k !== "mime" && k !== "finalUrl") {
+          throw new ProtocolError(`inner.value: unexpected field ${JSON.stringify(k)} on download response`);
+        }
+      }
+      return raw;
+    }
     throw new ProtocolError(`inner.op: unknown success-response op ${JSON.stringify(raw.op)}`);
   }
   if (raw.ok === false) {
@@ -36342,8 +36420,12 @@ var FetchproxyServer = class {
   pendingStorage = /* @__PURE__ */ new Map();
   // 0.3.0+: capture-header awaiters resolve a single string.
   pendingCapture = /* @__PURE__ */ new Map();
+  // capture_redirect awaiters resolve the captured redirect URL string.
+  pendingRedirect = /* @__PURE__ */ new Map();
   // 0.4.0+: read_indexed_db awaiters resolve a JSON-typed values map.
   pendingIdb = /* @__PURE__ */ new Map();
+  // download awaiters resolve the saved-file metadata (path + size + mime).
+  pendingDownload = /* @__PURE__ */ new Map();
   mcpId = null;
   identity = null;
   // 0.5.3+: in-flight role-election / handle-start promise. Set the
@@ -37275,6 +37357,181 @@ var FetchproxyServer = class {
     }
     return pending;
   }
+  /**
+   * Snapshot the redirect target URL of the next request the browser
+   * makes to `(host, path?)`. Single-shot: the extension registers a
+   * one-time `chrome.webRequest.onBeforeRedirect` listener filtered on
+   * `https://${host}${path ?? '/*'}`, captures `details.redirectUrl` on
+   * the first match, removes itself, and resolves with the URL. Times out
+   * after `timeoutMs` (default 30s on the extension).
+   *
+   * Use case: a Cloudflare-walled endpoint that 302-redirects cross-origin
+   * to a presigned URL — a page-level fetch sees only an opaque redirect,
+   * but `onBeforeRedirect` exposes the target. Capture is limited to the
+   * MCP's own declared `domains`; no per-entry declared scope is required.
+   */
+  async captureRedirect(opts) {
+    if (!this.opts.capabilities.includes("capture_redirect")) {
+      throw new Error('FetchproxyServer.captureRedirect(): MCP did not declare "capture_redirect" in capabilities');
+    }
+    await this.ensureConnected();
+    this.throwIfPendingPair();
+    try {
+      const result = await this._captureRedirectOnce(opts);
+      this.recordSuccess();
+      return result;
+    } catch (err) {
+      const swDown = err instanceof FetchproxyProtocolError && classifyFetchError(err.message) === "content_script_unreachable";
+      if (!swDown) {
+        this.recordFailure(`capture_redirect: ${err.message ?? String(err)}`);
+        throw err;
+      }
+      this.lastEvictionDetectedAt = Date.now();
+      const reviveMs = this.opts.bridgeReviveDelayMs ?? 0;
+      if (reviveMs > 0) {
+        this.lazyReviveAttempts += 1;
+        await new Promise((r) => setTimeout(r, reviveMs));
+        try {
+          const result = await this._captureRedirectOnce(opts);
+          this.lazyReviveSuccesses += 1;
+          this.recordSuccess();
+          return result;
+        } catch (retryErr) {
+          const stillDown = retryErr instanceof FetchproxyProtocolError && classifyFetchError(retryErr.message) === "content_script_unreachable";
+          if (!stillDown) {
+            this.recordFailure(`capture_redirect: ${retryErr.message ?? String(retryErr)}`);
+            throw retryErr;
+          }
+          this.recordFailure(`capture_redirect bridge-down: ${retryErr.message}`);
+          throw new FetchproxyBridgeDownError({
+            originalError: retryErr.message,
+            retryAttempted: true,
+            op: "capture_redirect",
+            url: `https://${opts.host}${opts.path ?? "/*"}`,
+            role: this.role,
+            port: this.opts.port
+          });
+        }
+      }
+      this.recordFailure(`capture_redirect bridge-down: ${err.message}`);
+      throw new FetchproxyBridgeDownError({
+        originalError: err.message,
+        retryAttempted: false,
+        op: "capture_redirect",
+        url: `https://${opts.host}${opts.path ?? "/*"}`,
+        role: this.role,
+        port: this.opts.port
+      });
+    }
+  }
+  async _captureRedirectOnce(opts) {
+    const id = this.nextRequestId++;
+    const inner = {
+      type: "request",
+      id,
+      op: "capture_redirect",
+      init: {
+        host: opts.host,
+        ...opts.path !== void 0 ? { path: opts.path } : {},
+        ...opts.timeoutMs !== void 0 ? { timeoutMs: opts.timeoutMs } : {}
+      }
+    };
+    const pending = new Promise((resolve, reject) => {
+      this.pendingRedirect.set(id, { resolve, reject });
+    });
+    if (this.hostHandle) {
+      await this.hostHandle.sendOwnInner(inner);
+    } else if (this.peerHandle) {
+      await this.peerHandle.sendInner(inner);
+    }
+    return pending;
+  }
+  /**
+   * Download `url` through the BROWSER's own network stack via
+   * `chrome.downloads` (real cookies + TLS/JA3 fingerprint). Unlike a
+   * page-level `fetch()` (cors mode), this clears a Cloudflare bot-challenge
+   * on the endpoint and follows the cross-origin redirect to the final file.
+   * Resolves the saved local file path + size; the bridge is loopback-only /
+   * single-host, so the MCP reads the bytes from the same disk. Requires
+   * `'download'` in capabilities and the `url` host to be a declared `domain`.
+   */
+  async download(opts) {
+    if (!this.opts.capabilities.includes("download")) {
+      throw new Error('FetchproxyServer.download(): MCP did not declare "download" in capabilities');
+    }
+    assertUrlInDomains("download url", opts.url, this.opts.domains);
+    await this.ensureConnected();
+    this.throwIfPendingPair();
+    try {
+      const result = await this._downloadOnce(opts);
+      this.recordSuccess();
+      return result;
+    } catch (err) {
+      const swDown = err instanceof FetchproxyProtocolError && classifyFetchError(err.message) === "content_script_unreachable";
+      if (!swDown) {
+        this.recordFailure(`download: ${err.message ?? String(err)}`);
+        throw err;
+      }
+      this.lastEvictionDetectedAt = Date.now();
+      const reviveMs = this.opts.bridgeReviveDelayMs ?? 0;
+      if (reviveMs > 0) {
+        this.lazyReviveAttempts += 1;
+        await new Promise((r) => setTimeout(r, reviveMs));
+        try {
+          const result = await this._downloadOnce(opts);
+          this.lazyReviveSuccesses += 1;
+          this.recordSuccess();
+          return result;
+        } catch (retryErr) {
+          const stillDown = retryErr instanceof FetchproxyProtocolError && classifyFetchError(retryErr.message) === "content_script_unreachable";
+          if (!stillDown) {
+            this.recordFailure(`download: ${retryErr.message ?? String(retryErr)}`);
+            throw retryErr;
+          }
+          this.recordFailure(`download bridge-down: ${retryErr.message}`);
+          throw new FetchproxyBridgeDownError({
+            originalError: retryErr.message,
+            retryAttempted: true,
+            op: "download",
+            url: opts.url,
+            role: this.role,
+            port: this.opts.port
+          });
+        }
+      }
+      this.recordFailure(`download bridge-down: ${err.message}`);
+      throw new FetchproxyBridgeDownError({
+        originalError: err.message,
+        retryAttempted: false,
+        op: "download",
+        url: opts.url,
+        role: this.role,
+        port: this.opts.port
+      });
+    }
+  }
+  async _downloadOnce(opts) {
+    const id = this.nextRequestId++;
+    const inner = {
+      type: "request",
+      id,
+      op: "download",
+      init: {
+        url: opts.url,
+        ...opts.filename !== void 0 ? { filename: opts.filename } : {},
+        ...opts.timeoutMs !== void 0 ? { timeoutMs: opts.timeoutMs } : {}
+      }
+    };
+    const pending = new Promise((resolve, reject) => {
+      this.pendingDownload.set(id, { resolve, reject });
+    });
+    if (this.hostHandle) {
+      await this.hostHandle.sendOwnInner(inner);
+    } else if (this.peerHandle) {
+      await this.peerHandle.sendInner(inner);
+    }
+    return pending;
+  }
   /**
    * 0.4.0+: read declared IndexedDB keys from the user's signed-in
    * tab. Requires `'read_indexed_db'` in capabilities AND the
@@ -37422,6 +37679,20 @@ var FetchproxyServer = class {
       }
       return;
     }
+    const redirectCb = this.pendingRedirect.get(inner.id);
+    if (redirectCb) {
+      this.pendingRedirect.delete(inner.id);
+      if (inner.ok) {
+        if (inner.op === "capture_redirect" && typeof inner.value === "string") {
+          redirectCb.resolve(inner.value);
+        } else {
+          redirectCb.reject(new FetchproxyProtocolError(`unexpected ${String(inner.op)} response on capture_redirect awaiter`));
+        }
+      } else {
+        redirectCb.reject(new FetchproxyProtocolError(inner.error));
+      }
+      return;
+    }
     const idbCb = this.pendingIdb.get(inner.id);
     if (idbCb) {
       this.pendingIdb.delete(inner.id);
@@ -37436,6 +37707,20 @@ var FetchproxyServer = class {
       }
       return;
     }
+    const downloadCb = this.pendingDownload.get(inner.id);
+    if (downloadCb) {
+      this.pendingDownload.delete(inner.id);
+      if (inner.ok) {
+        if (inner.op === "download" && inner.value && typeof inner.value === "object") {
+          downloadCb.resolve({ ...inner.value });
+        } else {
+          downloadCb.reject(new FetchproxyProtocolError(`unexpected ${String(inner.op)} response on download awaiter`));
+        }
+      } else {
+        downloadCb.reject(new FetchproxyProtocolError(inner.error));
+      }
+      return;
+    }
     const cookiesCb = this.pendingReadCookies.get(inner.id);
     if (cookiesCb) {
       this.pendingReadCookies.delete(inner.id);
@@ -37478,9 +37763,15 @@ var FetchproxyServer = class {
     for (const { reject } of this.pendingCapture.values())
       reject(err);
     this.pendingCapture.clear();
+    for (const { reject } of this.pendingRedirect.values())
+      reject(err);
+    this.pendingRedirect.clear();
     for (const { reject } of this.pendingIdb.values())
       reject(err);
     this.pendingIdb.clear();
+    for (const { reject } of this.pendingDownload.values())
+      reject(err);
+    this.pendingDownload.clear();
   }
   /**
    * 0.5.2+: read the current pair-pending pair code from whichever handle
@@ -37689,7 +37980,7 @@ var BootstrapDisabledError = class extends Error {
 // package.json
 var package_default = {
   name: "zola-mcp",
-  version: "1.3.2",
+  version: "1.4.0",
   mcpName: "io.github.chrischall/zola-mcp",
   description: "Zola wedding MCP server for Claude",
   author: "Claude Code (AI) <https://www.anthropic.com/claude>",
@@ -37735,18 +38026,19 @@ var package_default = {
     "test:watch": "vitest"
   },
   dependencies: {
-    "@chrischall/mcp-utils": "^0.5.0",
-    "@fetchproxy/bootstrap": "^1.0.0",
-    "@fetchproxy/server": "^1.0.0",
+    "@chrischall/mcp-utils": "^0.5.2",
+    "@fetchproxy/bootstrap": "^1.3.0",
+    "@fetchproxy/server": "^1.3.0",
     "@modelcontextprotocol/sdk": "^1.29.0",
-    dotenv: "^17.4.2"
+    dotenv: "^17.4.2",
+    zod: "^4.4.3"
   },
   devDependencies: {
-    "@types/node": "^25.9.1",
-    "@vitest/coverage-v8": "^4.1.7",
+    "@types/node": "^25.9.2",
+    "@vitest/coverage-v8": "^4.1.8",
     esbuild: "^0.28.0",
     typescript: "^6.0.3",
-    vitest: "^4.1.7"
+    vitest: "^4.1.8"
   }
 };
 
@@ -38295,37 +38587,39 @@ async function updateGuestAddress(args) {
   if (!group) {
     throw new Error(`Guest group with ID ${args.guest_group_id} not found`);
   }
-  const updatedGuests = group.guests.map((entry) => ({
-    ...entry.guest,
-    guest_id: entry.guest.guest_id,
-    address1: args.address1 ?? entry.guest.address1 ?? "",
-    address2: args.address2 !== void 0 ? args.address2 : entry.guest.address2 ?? "",
-    city: args.city ?? entry.guest.city ?? "",
-    state_province: args.state_province ?? entry.guest.state_province ?? "",
-    postal_code: args.postal_code ?? entry.guest.postal_code ?? "",
-    country_code: args.country_code ?? entry.guest.country_code ?? "US",
-    event_invitations: [],
-    tags: []
+  const updatedGuests = group.guests.map((guest) => ({
+    ...guest,
+    address1: args.address1 ?? guest.address1 ?? "",
+    address2: args.address2 !== void 0 ? args.address2 : guest.address2 ?? "",
+    city: args.city ?? guest.city ?? "",
+    state_province: args.state_province ?? guest.state_province ?? "",
+    postal_code: args.postal_code ?? guest.postal_code ?? "",
+    country_code: args.country_code ?? guest.country_code ?? "US",
+    event_invitations: guest.event_invitations ?? [],
+    tags: guest.tags ?? []
   }));
   const body = {
-    guest_group_request: {
-      wedding_account_id: weddingAccountId,
-      guest_group_id: args.guest_group_id,
-      guest_group_uuid: group.guest_group_uuid,
-      guest_group_affiliation: group.guest_group_affiliation,
-      guest_group_tier: group.guest_group_tier,
-      invited: group.invited,
-      invitation_sent: group.invitation_sent,
-      save_the_date_sent: group.save_the_date_sent,
-      envelope_recipient: group.envelope_recipient ?? "",
-      addressing_style: group.addressing_style,
-      guests: updatedGuests,
-      gift_count: 0
-    }
+    updated_guest_groups: [
+      {
+        ...group,
+        wedding_account_id: group.wedding_account_id ?? weddingAccountId,
+        envelope_recipient: group.envelope_recipient ?? "",
+        gift_group: group.gift_group ?? {
+          gift_count: 0,
+          modules: [],
+          gift_groups: [],
+          guest_group_uuid: ""
+        },
+        thank_you_note_status: group.thank_you_note_status ?? "NOT_STARTED",
+        rsvp_question_answers: group.rsvp_question_answers ?? [],
+        gift_count: group.gift_count ?? 0,
+        guests: updatedGuests
+      }
+    ]
   };
   const result = await client.requestMobile(
     "PUT",
-    `/v3/guestlists/groups/wedding-accounts/id/${weddingAccountId}/suite`,
+    `/v3/guestlists/groups/wedding-accounts/${weddingAccountId}/bulk/directory`,
     body
   );
   return jsonResult(result.data);
@@ -39761,8 +40055,177 @@ function registerInvitationTools(server) {
   }, setCardProjectQrcode);
 }
 
+// src/tools/event-invitations.ts
+async function fetchDirectory(acct) {
+  const resp = await client.requestMobile(
+    "POST",
+    `/v3/guestlists/directory/wedding-accounts/${acct}`,
+    { sort_by_name_asc: true }
+  );
+  return resp.data.guest_groups;
+}
+async function fetchEvents(acct) {
+  const resp = await client.requestMobile(
+    "GET",
+    `/v3/websites/events/wedding-accounts/${acct}/groups`
+  );
+  return resp.data.flatMap((group) => group.events);
+}
+function computeNext(existing, eventId, invited) {
+  const current = existing ?? [];
+  if (invited) {
+    if (current.some((e) => e.event_id === eventId)) return current;
+    return [...current, { event_id: eventId, id: null, rsvp_type: "NO_RESPONSE" }];
+  }
+  return current.filter((e) => e.event_id !== eventId);
+}
+function toWriteGuest(guest, invitations) {
+  return { ...guest, event_invitations: invitations, tags: guest.tags ?? [] };
+}
+function buildWriteGroup(group, guests, acct) {
+  return {
+    ...group,
+    wedding_account_id: group.wedding_account_id ?? acct,
+    envelope_recipient: group.envelope_recipient ?? "",
+    gift_group: group.gift_group ?? {
+      gift_count: 0,
+      modules: [],
+      gift_groups: [],
+      guest_group_uuid: ""
+    },
+    thank_you_note_status: group.thank_you_note_status ?? "NOT_STARTED",
+    rsvp_question_answers: group.rsvp_question_answers ?? [],
+    gift_count: group.gift_count ?? 0,
+    guests
+  };
+}
+async function writeGroups(acct, groups) {
+  await client.requestMobile(
+    "PUT",
+    `/v3/guestlists/groups/wedding-accounts/${acct}/bulk/directory`,
+    { updated_guest_groups: groups }
+  );
+}
+async function requireEvent(acct, eventId) {
+  const events = await fetchEvents(acct);
+  if (!events.some((e) => e.event_entity_id === eventId)) {
+    throw new Error(`Event with ID ${eventId} not found`);
+  }
+}
+async function setEventGuests(args) {
+  const { weddingAccountId: acct } = await client.getContext();
+  await requireEvent(acct, args.event_id);
+  const byId = new Map(
+    (await fetchDirectory(acct)).map((group) => [group.guest_group_id, group])
+  );
+  const updatedGroups = [];
+  const summary = [];
+  for (const req of args.guest_groups) {
+    const group = byId.get(req.guest_group_id);
+    if (!group) throw new Error(`Guest group with ID ${req.guest_group_id} not found`);
+    let changed = 0;
+    const newGuests = group.guests.map((guest) => {
+      const before = (guest.event_invitations ?? []).length;
+      const next = computeNext(guest.event_invitations ?? [], args.event_id, req.invited);
+      if (next.length !== before) changed++;
+      return toWriteGuest(guest, next);
+    });
+    updatedGroups.push(buildWriteGroup(group, newGuests, acct));
+    summary.push({ guest_group_id: req.guest_group_id, invited: req.invited, guests_changed: changed });
+  }
+  await writeGroups(acct, updatedGroups);
+  return jsonResult({ event_id: args.event_id, groups: summary });
+}
+async function mutateOne(opts) {
+  const hasGroup = opts.guest_group_id !== void 0;
+  const hasGuest = opts.guest_id !== void 0;
+  if (hasGroup === hasGuest) {
+    throw new Error("Provide exactly one of guest_group_id or guest_id");
+  }
+  const { weddingAccountId: acct } = await client.getContext();
+  await requireEvent(acct, opts.event_id);
+  const groups = await fetchDirectory(acct);
+  let target;
+  let appliesTo;
+  if (hasGroup) {
+    target = groups.find((g) => g.guest_group_id === opts.guest_group_id);
+    if (!target) throw new Error(`Guest group with ID ${opts.guest_group_id} not found`);
+    appliesTo = () => true;
+  } else {
+    target = groups.find((g) => g.guests.some((gu) => gu.guest_id === opts.guest_id));
+    if (!target) throw new Error(`Guest with ID ${opts.guest_id} not found`);
+    appliesTo = (guest) => guest.guest_id === opts.guest_id;
+  }
+  let changed = 0;
+  const newGuests = target.guests.map((guest) => {
+    const existing = guest.event_invitations ?? [];
+    if (!appliesTo(guest)) return toWriteGuest(guest, existing);
+    const next = computeNext(existing, opts.event_id, opts.invited);
+    if (next.length !== existing.length) changed++;
+    return toWriteGuest(guest, next);
+  });
+  await writeGroups(acct, [buildWriteGroup(target, newGuests, acct)]);
+  return jsonResult({
+    event_id: opts.event_id,
+    invited: opts.invited,
+    guest_group_id: target.guest_group_id,
+    guests_changed: changed
+  });
+}
+async function inviteGuestToEvent(args) {
+  return mutateOne({ ...args, invited: true });
+}
+async function removeEventInvitation(args) {
+  return mutateOne({ ...args, invited: false });
+}
+function registerEventInvitationTools(server) {
+  server.registerTool(
+    "set_event_guests",
+    {
+      description: "Set which guest groups are invited to an event (bulk). For each group, invited:true ensures every guest in the group is invited to the event; invited:false removes the invitation. Other events\u2019 invitations are preserved. Idempotent. Use this to assign guests to events in bulk (e.g. by tier/affiliation/location).",
+      inputSchema: {
+        event_id: external_exports.number().describe("Event entity ID from list_events (event_entity_id)"),
+        guest_groups: external_exports.array(
+          external_exports.object({
+            guest_group_id: external_exports.number().describe("Guest group ID from list_guests"),
+            invited: external_exports.boolean().describe("true = invite the whole group; false = uninvite")
+          })
+        ).describe("Guest groups to set for this event. Only the listed groups are affected.")
+      },
+      annotations: { destructiveHint: false }
+    },
+    setEventGuests
+  );
+  server.registerTool(
+    "invite_guest_to_event",
+    {
+      description: "Invite a single guest or guest group to an event (additive \u2014 does not affect other events). Pass exactly one of guest_group_id (invites all guests in the group) or guest_id (invites just that guest). Idempotent.",
+      inputSchema: {
+        event_id: external_exports.number().describe("Event entity ID from list_events (event_entity_id)"),
+        guest_group_id: external_exports.number().optional().describe("Guest group ID \u2014 invites every guest in the group"),
+        guest_id: external_exports.number().optional().describe("Single guest ID \u2014 invites just that guest")
+      },
+      annotations: { destructiveHint: false }
+    },
+    inviteGuestToEvent
+  );
+  server.registerTool(
+    "remove_event_invitation",
+    {
+      description: "Remove an event invitation for a single guest or guest group. Pass exactly one of guest_group_id (removes for all guests in the group) or guest_id (removes for just that guest). Other events\u2019 invitations are preserved. Idempotent.",
+      inputSchema: {
+        event_id: external_exports.number().describe("Event entity ID from list_events (event_entity_id)"),
+        guest_group_id: external_exports.number().optional().describe("Guest group ID \u2014 removes for every guest in the group"),
+        guest_id: external_exports.number().optional().describe("Single guest ID \u2014 removes for just that guest")
+      },
+      annotations: { destructiveHint: false }
+    },
+    removeEventInvitation
+  );
+}
+
 // src/index.ts
-var VERSION = "1.3.2";
+var VERSION = "1.4.0";
 await runMcp({
   name: "zola-mcp",
   version: VERSION,
@@ -39779,6 +40242,7 @@ await runMcp({
     registerWebsiteContentTools,
     registerWebsiteThemeTools,
     registerRegistryItemTools,
-    registerInvitationTools
+    registerInvitationTools,
+    registerEventInvitationTools
   ]
 });

package/dist/index.js

@@ -11,7 +11,8 @@ import { registerWebsiteContentTools } from './tools/website-content.js';
 import { registerWebsiteThemeTools } from './tools/website-theme.js';
 import { registerRegistryItemTools } from './tools/registry-items.js';
 import { registerInvitationTools } from './tools/invitations.js';
-const VERSION = '1.3.2'; // x-release-please-version
+import { registerEventInvitationTools } from './tools/event-invitations.js';
+const VERSION = '1.4.0'; // x-release-please-version
 await runMcp({
     name: 'zola-mcp',
     version: VERSION,
@@ -29,5 +30,6 @@ await runMcp({
         registerWebsiteThemeTools,
         registerRegistryItemTools,
         registerInvitationTools,
+        registerEventInvitationTools,
     ],
 });

package/dist/tools/event-invitations.js

@@ -0,0 +1,171 @@
+import { z } from 'zod';
+import { client } from '../client.js';
+import { jsonResult } from '../types.js';
+// ─── Live reads ────────────────────────────────────────────────────────────────
+async function fetchDirectory(acct) {
+    const resp = await client.requestMobile('POST', `/v3/guestlists/directory/wedding-accounts/${acct}`, { sort_by_name_asc: true });
+    return resp.data.guest_groups;
+}
+async function fetchEvents(acct) {
+    const resp = await client.requestMobile('GET', `/v3/websites/events/wedding-accounts/${acct}/groups`);
+    return resp.data.flatMap((group) => group.events);
+}
+// ─── Read-modify-write helpers ──────────────────────────────────────────────────
+/**
+ * Compute the new `event_invitations` array for one guest.
+ * Add → append `{ event_id, id: null, rsvp_type: "NO_RESPONSE" }` (idempotent).
+ * Remove → drop every element matching the event. Existing invitations to other
+ * events are preserved verbatim (id + rsvp intact) — this is what prevents the
+ * partial-update wipe.
+ */
+function computeNext(existing, eventId, invited) {
+    const current = existing ?? [];
+    if (invited) {
+        if (current.some((e) => e.event_id === eventId))
+            return current;
+        return [...current, { event_id: eventId, id: null, rsvp_type: 'NO_RESPONSE' }];
+    }
+    return current.filter((e) => e.event_id !== eventId);
+}
+/** Send each guest back as received (read-modify-write), with the new invitations. */
+function toWriteGuest(guest, invitations) {
+    return { ...guest, event_invitations: invitations, tags: guest.tags ?? [] };
+}
+/**
+ * Build the per-group payload the `bulk/directory` endpoint expects.
+ * Spread the group as read (faithful round-trip) and supply safe defaults for
+ * the few fields the endpoint requires non-null.
+ */
+function buildWriteGroup(group, guests, acct) {
+    return {
+        ...group,
+        wedding_account_id: group.wedding_account_id ?? acct,
+        envelope_recipient: group.envelope_recipient ?? '',
+        gift_group: group.gift_group ?? {
+            gift_count: 0,
+            modules: [],
+            gift_groups: [],
+            guest_group_uuid: '',
+        },
+        thank_you_note_status: group.thank_you_note_status ?? 'NOT_STARTED',
+        rsvp_question_answers: group.rsvp_question_answers ?? [],
+        gift_count: group.gift_count ?? 0,
+        guests,
+    };
+}
+async function writeGroups(acct, groups) {
+    await client.requestMobile('PUT', `/v3/guestlists/groups/wedding-accounts/${acct}/bulk/directory`, { updated_guest_groups: groups });
+}
+async function requireEvent(acct, eventId) {
+    const events = await fetchEvents(acct);
+    if (!events.some((e) => e.event_entity_id === eventId)) {
+        throw new Error(`Event with ID ${eventId} not found`);
+    }
+}
+// ─── Tool: set_event_guests (bulk) ──────────────────────────────────────────────
+export async function setEventGuests(args) {
+    const { weddingAccountId: acct } = await client.getContext();
+    await requireEvent(acct, args.event_id);
+    const byId = new Map((await fetchDirectory(acct)).map((group) => [group.guest_group_id, group]));
+    const updatedGroups = [];
+    const summary = [];
+    for (const req of args.guest_groups) {
+        const group = byId.get(req.guest_group_id);
+        if (!group)
+            throw new Error(`Guest group with ID ${req.guest_group_id} not found`);
+        let changed = 0;
+        const newGuests = group.guests.map((guest) => {
+            const before = (guest.event_invitations ?? []).length;
+            const next = computeNext(guest.event_invitations ?? [], args.event_id, req.invited);
+            if (next.length !== before)
+                changed++;
+            return toWriteGuest(guest, next);
+        });
+        updatedGroups.push(buildWriteGroup(group, newGuests, acct));
+        summary.push({ guest_group_id: req.guest_group_id, invited: req.invited, guests_changed: changed });
+    }
+    await writeGroups(acct, updatedGroups);
+    return jsonResult({ event_id: args.event_id, groups: summary });
+}
+// ─── Tools: invite_guest_to_event / remove_event_invitation (single) ─────────────
+async function mutateOne(opts) {
+    const hasGroup = opts.guest_group_id !== undefined;
+    const hasGuest = opts.guest_id !== undefined;
+    if (hasGroup === hasGuest) {
+        throw new Error('Provide exactly one of guest_group_id or guest_id');
+    }
+    const { weddingAccountId: acct } = await client.getContext();
+    await requireEvent(acct, opts.event_id);
+    const groups = await fetchDirectory(acct);
+    let target;
+    let appliesTo;
+    if (hasGroup) {
+        target = groups.find((g) => g.guest_group_id === opts.guest_group_id);
+        if (!target)
+            throw new Error(`Guest group with ID ${opts.guest_group_id} not found`);
+        appliesTo = () => true;
+    }
+    else {
+        target = groups.find((g) => g.guests.some((gu) => gu.guest_id === opts.guest_id));
+        if (!target)
+            throw new Error(`Guest with ID ${opts.guest_id} not found`);
+        appliesTo = (guest) => guest.guest_id === opts.guest_id;
+    }
+    let changed = 0;
+    const newGuests = target.guests.map((guest) => {
+        const existing = guest.event_invitations ?? [];
+        if (!appliesTo(guest))
+            return toWriteGuest(guest, existing);
+        const next = computeNext(existing, opts.event_id, opts.invited);
+        if (next.length !== existing.length)
+            changed++;
+        return toWriteGuest(guest, next);
+    });
+    await writeGroups(acct, [buildWriteGroup(target, newGuests, acct)]);
+    return jsonResult({
+        event_id: opts.event_id,
+        invited: opts.invited,
+        guest_group_id: target.guest_group_id,
+        guests_changed: changed,
+    });
+}
+export async function inviteGuestToEvent(args) {
+    return mutateOne({ ...args, invited: true });
+}
+export async function removeEventInvitation(args) {
+    return mutateOne({ ...args, invited: false });
+}
+// ─── MCP registration ────────────────────────────────────────────────────────
+export function registerEventInvitationTools(server) {
+    server.registerTool('set_event_guests', {
+        description: 'Set which guest groups are invited to an event (bulk). For each group, invited:true ensures every guest in the group is invited to the event; invited:false removes the invitation. Other events’ invitations are preserved. Idempotent. Use this to assign guests to events in bulk (e.g. by tier/affiliation/location).',
+        inputSchema: {
+            event_id: z.number().describe('Event entity ID from list_events (event_entity_id)'),
+            guest_groups: z
+                .array(z.object({
+                guest_group_id: z.number().describe('Guest group ID from list_guests'),
+                invited: z.boolean().describe('true = invite the whole group; false = uninvite'),
+            }))
+                .describe('Guest groups to set for this event. Only the listed groups are affected.'),
+        },
+        annotations: { destructiveHint: false },
+    }, setEventGuests);
+    server.registerTool('invite_guest_to_event', {
+        description: 'Invite a single guest or guest group to an event (additive — does not affect other events). Pass exactly one of guest_group_id (invites all guests in the group) or guest_id (invites just that guest). Idempotent.',
+        inputSchema: {
+            event_id: z.number().describe('Event entity ID from list_events (event_entity_id)'),
+            guest_group_id: z.number().optional().describe('Guest group ID — invites every guest in the group'),
+            guest_id: z.number().optional().describe('Single guest ID — invites just that guest'),
+        },
+        annotations: { destructiveHint: false },
+    }, inviteGuestToEvent);
+    server.registerTool('remove_event_invitation', {
+        description: 'Remove an event invitation for a single guest or guest group. Pass exactly one of guest_group_id (removes for all guests in the group) or guest_id (removes for just that guest). Other events’ invitations are preserved. Idempotent.',
+        inputSchema: {
+            event_id: z.number().describe('Event entity ID from list_events (event_entity_id)'),
+            guest_group_id: z.number().optional().describe('Guest group ID — removes for every guest in the group'),
+            guest_id: z.number().optional().describe('Single guest ID — removes for just that guest'),
+        },
+        annotations: { destructiveHint: false },
+    }, removeEventInvitation);
+}

package/dist/tools/guests.js

@@ -80,35 +80,40 @@ export async function updateGuestAddress(args) {
     if (!group) {
         throw new Error(`Guest group with ID ${args.guest_group_id} not found`);
     }
-    const updatedGuests = group.guests.map((entry) => ({
-        ...entry.guest,
-        guest_id: entry.guest.guest_id,
-        address1: args.address1 ?? entry.guest.address1 ?? '',
-        address2: args.address2 !== undefined ? args.address2 : entry.guest.address2 ?? '',
-        city: args.city ?? entry.guest.city ?? '',
-        state_province: args.state_province ?? entry.guest.state_province ?? '',
-        postal_code: args.postal_code ?? entry.guest.postal_code ?? '',
-        country_code: args.country_code ?? entry.guest.country_code ?? 'US',
-        event_invitations: [],
-        tags: [],
+    // Full read-modify-write through the verified bulk/directory endpoint
+    // (docs/zola-api-quirks.md §5). Crucially, preserve each guest's existing
+    // event_invitations — blanking them here would wipe the group's invitations.
+    const updatedGuests = group.guests.map((guest) => ({
+        ...guest,
+        address1: args.address1 ?? guest.address1 ?? '',
+        address2: args.address2 !== undefined ? args.address2 : guest.address2 ?? '',
+        city: args.city ?? guest.city ?? '',
+        state_province: args.state_province ?? guest.state_province ?? '',
+        postal_code: args.postal_code ?? guest.postal_code ?? '',
+        country_code: args.country_code ?? guest.country_code ?? 'US',
+        event_invitations: guest.event_invitations ?? [],
+        tags: guest.tags ?? [],
     }));
     const body = {
-        guest_group_request: {
-            wedding_account_id: weddingAccountId,
-            guest_group_id: args.guest_group_id,
-            guest_group_uuid: group.guest_group_uuid,
-            guest_group_affiliation: group.guest_group_affiliation,
-            guest_group_tier: group.guest_group_tier,
-            invited: group.invited,
-            invitation_sent: group.invitation_sent,
-            save_the_date_sent: group.save_the_date_sent,
-            envelope_recipient: group.envelope_recipient ?? '',
-            addressing_style: group.addressing_style,
-            guests: updatedGuests,
-            gift_count: 0,
-        },
+        updated_guest_groups: [
+            {
+                ...group,
+                wedding_account_id: group.wedding_account_id ?? weddingAccountId,
+                envelope_recipient: group.envelope_recipient ?? '',
+                gift_group: group.gift_group ?? {
+                    gift_count: 0,
+                    modules: [],
+                    gift_groups: [],
+                    guest_group_uuid: '',
+                },
+                thank_you_note_status: group.thank_you_note_status ?? 'NOT_STARTED',
+                rsvp_question_answers: group.rsvp_question_answers ?? [],
+                gift_count: group.gift_count ?? 0,
+                guests: updatedGuests,
+            },
+        ],
     };
-    const result = await client.requestMobile('PUT', `/v3/guestlists/groups/wedding-accounts/id/${weddingAccountId}/suite`, body);
+    const result = await client.requestMobile('PUT', `/v3/guestlists/groups/wedding-accounts/${weddingAccountId}/bulk/directory`, body);
     return jsonResult(result.data);
 }
 export async function removeGuest(args) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "zola-mcp",
-  "version": "1.3.2",
+  "version": "1.4.0",
   "mcpName": "io.github.chrischall/zola-mcp",
   "description": "Zola wedding MCP server for Claude",
   "author": "Claude Code (AI) <https://www.anthropic.com/claude>",
@@ -46,17 +46,18 @@
     "test:watch": "vitest"
   },
   "dependencies": {
-    "@chrischall/mcp-utils": "^0.5.0",
-    "@fetchproxy/bootstrap": "^1.0.0",
-    "@fetchproxy/server": "^1.0.0",
+    "@chrischall/mcp-utils": "^0.5.2",
+    "@fetchproxy/bootstrap": "^1.3.0",
+    "@fetchproxy/server": "^1.3.0",
     "@modelcontextprotocol/sdk": "^1.29.0",
-    "dotenv": "^17.4.2"
+    "dotenv": "^17.4.2",
+    "zod": "^4.4.3"
   },
   "devDependencies": {
-    "@types/node": "^25.9.1",
-    "@vitest/coverage-v8": "^4.1.7",
+    "@types/node": "^25.9.2",
+    "@vitest/coverage-v8": "^4.1.8",
     "esbuild": "^0.28.0",
     "typescript": "^6.0.3",
-    "vitest": "^4.1.7"
+    "vitest": "^4.1.8"
   }
 }

package/server.json

@@ -6,12 +6,12 @@
     "url": "https://github.com/chrischall/zola-mcp",
     "source": "github"
   },
-  "version": "1.3.2",
+  "version": "1.4.0",
   "packages": [
     {
       "registryType": "npm",
       "identifier": "zola-mcp",
-      "version": "1.3.2",
+      "version": "1.4.0",
       "transport": {
         "type": "stdio"
       },

package/skills/zola/SKILL.md

@@ -5,7 +5,7 @@ description: This skill should be used when the user asks about Zola wedding pla
 
 # zola-mcp
 
-MCP server for Zola — 27 tools for managing your entire wedding via the Zola mobile API.
+MCP server for Zola — 30 tools for managing your entire wedding via the Zola mobile API.
 
 ## Tools
 
@@ -41,6 +41,9 @@ MCP server for Zola — 27 tools for managing your entire wedding via the Zola m
 - `list_events` — All events with RSVP counts
 - `track_rsvps` — RSVP tracking per event
 - `update_event` — Update event details
+- `set_event_guests` — Bulk set which guest groups are invited to an event
+- `invite_guest_to_event` — Invite one guest or group to an event
+- `remove_event_invitation` — Remove an event invitation for a guest or group
 
 ### Registry & Gifts
 - `get_registry` — Registry categories and items