server.mjs

#!/usr/bin/env node
/**
 * @pickle/mcp-remote  v3.0.0
 *
 * Hosted MCP server for Pickle — stateless, privacy-first.
 * Tokens arrive per-request in headers. Nothing is stored. Nothing is logged.
 *
 * Port: 3055 (override with PORT env var)
 *
 * Endpoints:
 *   POST /mcp       — MCP StreamableHTTP (primary)
 *   GET  /mcp       — SSE fallback (legacy clients)
 *   GET  /health    — { status: "ok", version: "3.0.0" }
 *   GET  /          — Landing page (static from ./public/)
 *
 * Request headers expected:
 *   x-pickle-key      — Pickle license key (any non-empty = valid; Polar.sh gating added later)
 *   x-clickup-token   — ClickUp personal API token (pk_...)
 *
 * Zero telemetry. Only talks to https://api.clickup.com.
 */

import { Server } from "@modelcontextprotocol/sdk/server/index.js";
import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
import {
  CallToolRequestSchema,
  ListToolsRequestSchema,
  ErrorCode,
  McpError,
} from "@modelcontextprotocol/sdk/types.js";
import express from "express";
import { createHash, randomUUID, timingSafeEqual } from "node:crypto";
import { fileURLToPath } from "node:url";
import path from "node:path";
import fs from "node:fs";
import https from "node:https";
import { z } from "zod";

// ---------------------------------------------------------------------------
// Config
// ---------------------------------------------------------------------------

const PORT         = Number(process.env.PORT ?? 3055);
const API_BASE     = "https://api.clickup.com";
const REQUEST_TIMEOUT_MS = 30_000;
const MAX_RETRIES  = 5;
const USER_AGENT   = "pickle-mcp-remote/3.0 (+https://pickle.adityaarsharma.com)";
const CACHE_TTL_MS = 3_600_000; // 1 hour — workspace/team data per user token
const VERSION      = "3.0.0";

const __dirname = path.dirname(fileURLToPath(import.meta.url));
const PUBLIC_DIR = path.join(__dirname, "public");
const DATA_DIR   = path.join(__dirname, "data");
const SIGNUPS_FILE = path.join(DATA_DIR, "signups.json");
const USAGE_FILE   = path.join(DATA_DIR, "usage.json");

// Ensure data dir exists
try { fs.mkdirSync(DATA_DIR, { recursive: true }); } catch {}

// Marketing/admin config — set via env vars on the server
const BREVO_API_KEY     = process.env.BREVO_API_KEY     || "";
const BREVO_LIST_ID     = process.env.BREVO_LIST_ID     || "";       // free / beta — CRM list
const BREVO_LIST_PRO_ID = process.env.BREVO_LIST_PRO_ID || "";       // pro waitlist — CRM list
const ZEPTO_API_KEY     = process.env.ZEPTO_API_KEY     || "";       // transactional sends
const ZEPTO_FROM        = process.env.ZEPTO_FROM        || "noreply@adityaarsharma.com";
const ADMIN_PASSWORD    = process.env.ADMIN_PASSWORD    || "pickle-admin-change-me";

// ---------------------------------------------------------------------------
// SSRF protection — whitelist of allowed outbound hosts
// ---------------------------------------------------------------------------

const ALLOWED_HOSTS = new Set([
  "api.clickup.com",
  "slack.com",                   // Slack Web API base
  "graph.microsoft.com",          // Microsoft Graph (Teams + Planner)
  "login.microsoftonline.com",    // Microsoft OAuth (if needed for refresh)
]);

function assertSafeHost(urlStr) {
  let hostname;
  try { hostname = new URL(urlStr).hostname; } catch {
    throw new McpError(ErrorCode.InvalidRequest, "Invalid API URL");
  }
  if (!ALLOWED_HOSTS.has(hostname)) {
    throw new McpError(ErrorCode.InvalidRequest, `Blocked request to disallowed host: ${hostname}`);
  }
}

// ---------------------------------------------------------------------------
// License gate
// Free key format: pickle_free_<uuid>
// Pro key format:  anything Polar.sh issues (validated server-side later)
// For now: any non-empty key >= 8 chars is accepted.
// ---------------------------------------------------------------------------

function validateLicenseKey(key) {
  return typeof key === "string" && key.trim().length >= 8;
}

// ---------------------------------------------------------------------------
// Free-tier audit window cap (Pro tier in Phase 3 will lift this to 30 days)
// ---------------------------------------------------------------------------

const FREE_TIER_MAX_WINDOW_MS = 7 * 24 * 60 * 60 * 1000; // 7 days
const PRO_COMING_SOON_NOTE =
  "Deeper history (beyond 7 days) is part of Pickle Pro, which I'm designing with the Beta cohort. " +
  "Beta users are grandfathered into the lowest Pro rate. " +
  "If you want this feature or have feedback, email pickle@adityaarsharma.com — I respond personally.";

// Parse a window string like "1h", "6h", "1d", "3d", "7d" into milliseconds.
// Returns { ms, clamped, original } so callers can surface a note when clamped.
function parseTimeWindow(input) {
  if (input === undefined || input === null || input === "") {
    return { ms: FREE_TIER_MAX_WINDOW_MS, clamped: false, original: "7d" };
  }
  const m = String(input).trim().toLowerCase().match(/^(\d+)\s*([hd])$/);
  if (!m) {
    return { ms: FREE_TIER_MAX_WINDOW_MS, clamped: true, original: String(input) };
  }
  const n = Number(m[1]);
  const unit = m[2];
  const ms = unit === "h" ? n * 60 * 60 * 1000 : n * 24 * 60 * 60 * 1000;
  if (ms > FREE_TIER_MAX_WINDOW_MS) {
    return { ms: FREE_TIER_MAX_WINDOW_MS, clamped: true, original: String(input) };
  }
  return { ms, clamped: false, original: String(input) };
}

// Apply window to ClickUp date filter args: clamps date_updated_gt /
// date_created_gt to "now - window" if they're absent OR set further back.
// Returns the adjusted args and a note if clamped.
function applyWindowCap(args, kind = "updated") {
  const tw = parseTimeWindow(args.time_window);
  const floor = Date.now() - tw.ms;
  const key = kind === "created" ? "date_created_gt" : "date_updated_gt";
  const existing = typeof args[key] === "number" ? args[key] : 0;
  const finalFloor = Math.max(existing, floor);
  return {
    args: { ...args, [key]: finalFloor },
    clamped: tw.clamped,
    window_used: tw.original === "7d" && !args.time_window ? "7d (default)" : tw.original,
    pro_note: tw.clamped ? PRO_COMING_SOON_NOTE : null,
  };
}

// ---------------------------------------------------------------------------
// Multi-tenant in-memory cache (process-level, keyed by SHA-256 of token)
// Stores workspace/team resolution so we don't re-fetch on every tool call
// within the same server request.
// ---------------------------------------------------------------------------

const _userCache = new Map();

function hashToken(token) {
  return createHash("sha256").update(token).digest("hex").slice(0, 16);
}

function getCached(tokenHash, field) {
  const entry = _userCache.get(tokenHash);
  if (!entry) return undefined;
  if (Date.now() - entry.ts > CACHE_TTL_MS) { _userCache.delete(tokenHash); return undefined; }
  return entry[field];
}

function setCached(tokenHash, field, value) {
  const existing = _userCache.get(tokenHash) ?? { ts: Date.now() };
  existing[field] = value;
  existing.ts = Date.now();
  _userCache.set(tokenHash, existing);
}

// Prune stale cache entries every 5 minutes to avoid unbounded growth
setInterval(() => {
  const cutoff = Date.now() - CACHE_TTL_MS;
  for (const [k, v] of _userCache) if (v.ts < cutoff) _userCache.delete(k);
}, 300_000).unref();

// ---------------------------------------------------------------------------
// Signups storage (JSON file) + Brevo push
// IMPORTANT: This is OPT-IN marketing data only — emails users explicitly
// submit to get a free key. Task data and tokens are NEVER stored.
// ---------------------------------------------------------------------------

function loadSignups() {
  try {
    const raw = fs.readFileSync(SIGNUPS_FILE, "utf-8");
    const parsed = JSON.parse(raw);
    return Array.isArray(parsed?.signups) ? parsed.signups : [];
  } catch { return []; }
}

function saveSignups(signups) {
  const tmp = SIGNUPS_FILE + ".tmp";
  fs.writeFileSync(tmp, JSON.stringify({ signups }, null, 2));
  fs.renameSync(tmp, SIGNUPS_FILE);
}

function addSignup(email, ip, userAgent, intent) {
  const signups = loadSignups();
  const existing = signups.find((s) => s.email.toLowerCase() === email.toLowerCase());
  if (existing) {
    // Upgrade intent if user came back wanting Pro
    if (intent === "pro" && existing.intent !== "pro") {
      existing.intent = "pro";
      existing.pro_waitlist_at = new Date().toISOString();
      saveSignups(signups);
    }
    return existing;
  }
  const entry = {
    email: email.trim(),
    key: `pickle_free_${randomUUID().replace(/-/g, "")}`,
    ip: (ip || "").slice(0, 64),
    user_agent: (userAgent || "").slice(0, 256),
    intent: intent === "pro" ? "pro" : "free",
    created_at: new Date().toISOString(),
    ...(intent === "pro" ? { pro_waitlist_at: new Date().toISOString() } : {}),
  };
  signups.push(entry);
  saveSignups(signups);
  return entry;
}

// ── Simple in-memory IP rate limiter for /api/signup ──────────────────────
// 5 signups per IP per hour. Map<ip, [timestamps]>
const _rl = new Map();
function rateLimitOk(ip) {
  const now = Date.now();
  const hour = 3_600_000;
  const arr = (_rl.get(ip) || []).filter((t) => now - t < hour);
  if (arr.length >= 5) { _rl.set(ip, arr); return false; }
  arr.push(now);
  _rl.set(ip, arr);
  return true;
}
// Prune empty buckets every 10min
setInterval(() => {
  const now = Date.now();
  const hour = 3_600_000;
  for (const [k, arr] of _rl) {
    const fresh = arr.filter((t) => now - t < hour);
    if (fresh.length === 0) _rl.delete(k);
    else _rl.set(k, fresh);
  }
}, 600_000).unref();

// Brevo HTTPS request via node:https — forces IPv4 (family:4) because
// Hetzner's default IPv6 outbound is blocked by Brevo's IP allowlist.
function brevoRequest(method, path, body) {
  return new Promise((resolve) => {
    const data = body ? JSON.stringify(body) : null;
    const req = https.request({
      hostname: "api.brevo.com",
      port: 443,
      path,
      method,
      family: 4,
      timeout: 8000,
      headers: {
        "api-key": BREVO_API_KEY,
        "Content-Type": "application/json",
        accept: "application/json",
        ...(data ? { "Content-Length": Buffer.byteLength(data) } : {}),
      },
    }, (res) => {
      let chunks = "";
      res.on("data", (c) => { chunks += c; });
      res.on("end", () => resolve({ ok: res.statusCode >= 200 && res.statusCode < 300, status: res.statusCode, body: chunks }));
    });
    req.on("error", (err) => resolve({ ok: false, status: 0, error: String(err?.message ?? err) }));
    req.on("timeout", () => { req.destroy(); resolve({ ok: false, status: 0, error: "brevo_timeout" }); });
    if (data) req.write(data);
    req.end();
  });
}

async function pushToBrevo(email, intent) {
  if (!BREVO_API_KEY) return { skipped: true, reason: "no_brevo_key" };

  // Pick which list: pro waitlist signups → Pro list; everyone else → Beta list
  const targetList = intent === "pro" && BREVO_LIST_PRO_ID
    ? Number(BREVO_LIST_PRO_ID)
    : (BREVO_LIST_ID ? Number(BREVO_LIST_ID) : null);
  if (!targetList) return { skipped: true, reason: "no_list_id" };

  const res = await brevoRequest("POST", "/v3/contacts", {
    email,
    listIds: [targetList],
    updateEnabled: true,
    attributes: {
      SOURCE: "pickle-landing",
      SIGNUP_DATE: new Date().toISOString(),
      PICKLE_INTENT: intent || "free",
    },
  });
  if (!res.ok && res.status !== 400) {
    process.stderr.write(`[brevo] push failed ${res.status}: ${String(res.body || res.error).slice(0, 200)}\n`);
  }
  return res;
}

// ─────────────────────────────────────────────────────────────────────────
// ZeptoMail (Zoho) — transactional sends
// ─────────────────────────────────────────────────────────────────────────

function zeptoRequest(payload) {
  return new Promise((resolve) => {
    const data = JSON.stringify(payload);
    const req = https.request({
      hostname: "api.zeptomail.com",
      port: 443,
      path: "/v1.1/email",
      method: "POST",
      family: 4,
      timeout: 8000,
      headers: {
        Accept: "application/json",
        "Content-Type": "application/json",
        Authorization: `Zoho-enczapikey ${ZEPTO_API_KEY}`,
        "Content-Length": Buffer.byteLength(data),
      },
    }, (res) => {
      let chunks = "";
      res.on("data", (c) => { chunks += c; });
      res.on("end", () => resolve({ ok: res.statusCode >= 200 && res.statusCode < 300, status: res.statusCode, body: chunks }));
    });
    req.on("error", (err) => resolve({ ok: false, status: 0, error: String(err?.message ?? err) }));
    req.on("timeout", () => { req.destroy(); resolve({ ok: false, status: 0, error: "zepto_timeout" }); });
    req.write(data);
    req.end();
  });
}

function welcomeEmailHTML(pickleKey) {
  // v3 — Pickle-branded, MCP-config copy-paste box, chat-guided onboarding.
  // Architecture: hosted MCP, tokens via HTTPS header per request, never stored.
  if (process.env.USE_LEGACY_WELCOME_EMAIL === "1") {
    return welcomeEmailHTMLLegacy(pickleKey);
  }
  const installPrompt = `Install the Pickle MCP server in my AI assistant. Be careful and do NOT modify or remove any existing MCP servers I already have — Pickle goes alongside them.

Steps:
1. Detect which AI assistant config applies to me (Claude Desktop: ~/Library/Application Support/Claude/claude_desktop_config.json on macOS, %APPDATA%/Claude/claude_desktop_config.json on Windows; Claude Code: ~/.claude.json; Cursor: ~/.cursor/mcp.json; Codex: ~/.codex/config.toml; Cline: VS Code settings).
2. Read my existing config file. Preserve every existing mcpServers entry exactly as-is.
3. Add this Pickle entry to the mcpServers object alongside anything that's already there:

{
  "pickle": {
    "type": "http",
    "url": "https://pickle.adityaarsharma.com/mcp",
    "headers": {
      "x-pickle-key": "${pickleKey}"
    }
  }
}

4. Write the file back with that single addition.
5. Print exactly: "✓ MCP Installed. Please restart your AI assistant now, then type 'Pickle Start' in any chat to begin."

If you don't have file-edit tools (regular ChatGPT, Claude.ai web), don't pretend to install — instead, tell me my assistant's config file path and show me the JSON block above to paste manually.

Never touch any MCP server other than Pickle. Safe-harbour mode.`;
  const fallbackJson = `{
  "mcpServers": {
    "pickle": {
      "type": "http",
      "url": "https://pickle.adityaarsharma.com/mcp",
      "headers": {
        "x-pickle-key": "${pickleKey}"
      }
    }
  }
}`;
  return `<!doctype html>
<html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"></head>
<body style="margin:0;padding:0;background:#080a0d;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif;color:#e2e8f0;line-height:1.6">
<table role="presentation" cellpadding="0" cellspacing="0" width="100%" style="background:#080a0d;padding:36px 16px">
  <tr><td align="center">
    <table role="presentation" cellpadding="0" cellspacing="0" width="600" style="max-width:600px;background:#0f1218;border:1px solid #1f2630;border-radius:16px;overflow:hidden">

      <!-- ── HEADER ─────────────────────────────────────────────── -->
      <tr><td style="padding:32px 32px 0 32px">
        <table role="presentation" cellpadding="0" cellspacing="0" width="100%">
          <tr>
            <td style="vertical-align:middle">
              <span style="display:inline-block;width:36px;height:36px;background:linear-gradient(135deg,#4ade80,#22c55e);border-radius:50%;text-align:center;line-height:36px;font-size:20px">🥒</span>
              <span style="font-size:19px;font-weight:700;color:#e2e8f0;letter-spacing:-0.01em;margin-left:6px;vertical-align:middle">Pickle</span>
            </td>
            <td align="right" style="vertical-align:middle">
              <span style="display:inline-block;padding:5px 12px;background:rgba(74,222,128,0.1);border:1px solid rgba(74,222,128,0.35);border-radius:999px;color:#4ade80;font-size:11px;font-family:'JetBrains Mono','SF Mono',Menlo,monospace;letter-spacing:0.08em;text-transform:uppercase;font-weight:600">Beta · Welcome</span>
            </td>
          </tr>
        </table>
      </td></tr>

      <!-- ── HEADLINE ───────────────────────────────────────────── -->
      <tr><td style="padding:28px 32px 0 32px">
        <h1 style="margin:0 0 16px 0;color:#e2e8f0;font-size:26px;font-weight:700;letter-spacing:-0.025em;line-height:1.2">You're in. Let's wire up Pickle.</h1>
        <p style="margin:0 0 14px 0;color:#94a3b8;font-size:15.5px;line-height:1.7">I'm Aditya. I built Pickle because every Monday I'd open ClickUp and find a task with 47 hours logged and an empty description. Every Friday someone's "shipping today" from 3 days ago was still open. So I built the audit tool I wished I had.</p>
        <p style="margin:0 0 6px 0;color:#94a3b8;font-size:14.5px;line-height:1.7">Free during Beta, forever for the features you have today. Three minutes to wire it up &mdash; here's how.</p>
      </td></tr>

      <!-- ── SPACER ──────────────────────────────────────────── -->
      <tr><td style="padding:14px 32px 0 32px">&nbsp;</td></tr>

      <!-- ── STEP 1 — INSTALL VIA PROMPT ──────────────────────── -->
      <tr><td style="padding:6px 32px 0 32px">
        <h2 style="margin:24px 0 10px 0;color:#e2e8f0;font-size:17px;font-weight:600;letter-spacing:-0.01em">Step 1 &mdash; Let your AI install Pickle for you</h2>
        <p style="margin:0 0 14px 0;color:#94a3b8;font-size:14.5px;line-height:1.7">Open <strong style="color:#cbd5e1">Claude Code, Cursor, Cline, or Codex</strong> (anything with file-edit tools) and paste this prompt as your very first message. The AI installs Pickle into your existing MCP config without touching anything else.</p>
        <table role="presentation" cellpadding="0" cellspacing="0" width="100%" style="background:#080a0d;border:1px solid #2a3340;border-radius:10px;border-left:3px solid #4ade80">
          <tr><td style="padding:16px 18px">
            <div style="font-size:10px;font-family:'JetBrains Mono','SF Mono',Menlo,monospace;color:#64748b;text-transform:uppercase;letter-spacing:0.1em;margin-bottom:10px">copy &rarr; paste as your first message</div>
            <pre style="margin:0;font-family:'JetBrains Mono','SF Mono',Menlo,Consolas,monospace;font-size:12.5px;color:#4ade80;line-height:1.6;white-space:pre-wrap;word-break:break-word;user-select:all">${installPrompt}</pre>
          </td></tr>
        </table>
        <p style="margin:14px 0 0 0;color:#94a3b8;font-size:13.5px;line-height:1.65">When the AI is done it prints <strong style="color:#4ade80">"&check; MCP Installed. Please restart your AI assistant now, then type 'Pickle Start' in any chat to begin."</strong> &mdash; that's your signal to move to Step 2.</p>

        <p style="margin:16px 0 8px 0;color:#64748b;font-size:12.5px;line-height:1.6"><strong style="color:#94a3b8">On Claude Desktop (no file-edit tools)?</strong> Add this block manually instead, in the file noted below:</p>
        <table role="presentation" cellpadding="0" cellspacing="0" width="100%" style="background:rgba(255,255,255,0.02);border:1px solid #1f2630;border-radius:8px">
          <tr><td style="padding:12px 16px">
            <pre style="margin:0;font-family:'JetBrains Mono','SF Mono',Menlo,Consolas,monospace;font-size:11.5px;color:#94a3b8;line-height:1.55;white-space:pre-wrap;word-break:break-all;user-select:all">${fallbackJson}</pre>
          </td></tr>
        </table>
        <table role="presentation" cellpadding="0" cellspacing="0" width="100%" style="margin-top:10px;background:rgba(255,255,255,0.02);border:1px solid #1f2630;border-radius:8px">
          <tr><td style="padding:11px 16px;font-size:12px;color:#94a3b8;line-height:1.6">
            <strong style="color:#cbd5e1">Config file location by assistant:</strong><br>
            &bull; Claude Desktop (macOS): <code style="color:#4ade80;font-size:11px">~/Library/Application Support/Claude/claude_desktop_config.json</code><br>
            &bull; Claude Desktop (Windows): <code style="color:#4ade80;font-size:11px">%APPDATA%/Claude/claude_desktop_config.json</code><br>
            &bull; Claude Code: <code style="color:#4ade80;font-size:11px">~/.claude.json</code><br>
            &bull; Cursor: <code style="color:#4ade80;font-size:11px">~/.cursor/mcp.json</code><br>
            &bull; Cline: VS Code &rarr; MCP Servers settings UI<br>
            &bull; Codex: <code style="color:#4ade80;font-size:11px">~/.codex/config.toml</code>
          </td></tr>
        </table>
      </td></tr>

      <!-- ── SPACER ──────────────────────────────────────────── -->
      <tr><td style="padding:18px 32px 0 32px">&nbsp;</td></tr>

      <!-- ── STEP 2 — RESTART ──────────────────────────────────── -->
      <tr><td style="padding:0 32px 0 32px">
        <h2 style="margin:0 0 10px 0;color:#e2e8f0;font-size:17px;font-weight:600;letter-spacing:-0.01em">Step 2 &mdash; Restart your assistant when it says so</h2>
        <p style="margin:0 0 4px 0;color:#94a3b8;font-size:14.5px;line-height:1.7">Once the AI confirms <em>"MCP Installed"</em>, close and reopen your assistant (Claude / Cursor / Cline / Codex) so the new MCP entry is picked up. Pickle's tools appear automatically on next launch.</p>
      </td></tr>

      <!-- ── SPACER ──────────────────────────────────────────── -->
      <tr><td style="padding:18px 32px 0 32px">&nbsp;</td></tr>

      <!-- ── STEP 3 — TALK TO PICKLE ───────────────────────────── -->
      <tr><td style="padding:0 32px 0 32px">
        <h2 style="margin:0 0 10px 0;color:#e2e8f0;font-size:17px;font-weight:600;letter-spacing:-0.01em">Step 3 &mdash; In any chat, type "Pickle Start"</h2>
        <p style="margin:0 0 14px 0;color:#94a3b8;font-size:14.5px;line-height:1.7">That's the trigger. The guided setup begins right there in chat:</p>
        <table role="presentation" cellpadding="0" cellspacing="0" width="100%" style="background:rgba(74,222,128,0.04);border:1px solid rgba(74,222,128,0.25);border-radius:8px">
          <tr><td style="padding:14px 18px">
            <code style="font-family:'JetBrains Mono','SF Mono',Menlo,monospace;font-size:13.5px;color:#4ade80;font-weight:600;user-select:all">Pickle Start</code>
          </td></tr>
        </table>
        <p style="margin:16px 0 0 0;color:#cbd5e1;font-size:14px;line-height:1.7">Pickle asks which platform you want first (ClickUp, Slack, or Microsoft Teams), walks you through getting the right token (~30 seconds per platform), and tells you exactly which header line to add to your MCP config. After that, the morning brief is one prompt away: <em>"Pickle, audit my ClickUp from last 24 hours."</em></p>
        <p style="margin:14px 0 0 0;color:#64748b;font-size:13px;line-height:1.6"><strong style="color:#94a3b8">Your tokens never leave your machine.</strong> They travel only in the HTTPS request header. Pickle's server uses them in memory to call ClickUp / Slack / Teams APIs, then drops them. Nothing persisted. Code is MIT open source at <a href="https://github.com/adityaarsharma/pickle" style="color:#94a3b8;text-decoration:none;border-bottom:1px dotted #2a3340">github.com/adityaarsharma/pickle</a>.</p>
      </td></tr>

      <!-- ── SPACER ──────────────────────────────────────────── -->
      <tr><td style="padding:14px 32px 0 32px">&nbsp;</td></tr>

      <!-- ── MORE COMING (no Pro upsell — just honest 'more soon') ── -->
      <tr><td style="padding:6px 32px 0 32px">
        <div style="margin:14px 0 0 0;padding:20px 22px;background:rgba(74,222,128,0.04);border:1px solid rgba(74,222,128,0.18);border-radius:10px">
          <div style="font-family:'JetBrains Mono','SF Mono',Menlo,monospace;font-size:11px;color:#4ade80;text-transform:uppercase;letter-spacing:0.1em;font-weight:600;margin-bottom:8px">More features ahead</div>
          <p style="margin:0;color:#cbd5e1;font-size:14.5px;line-height:1.7">Today, Pickle audits ClickUp deeply (9 patterns out of the box) and previews Slack &amp; Microsoft Teams setup via chat. New patterns, smarter automation, and per-platform improvements keep landing every couple of weeks.</p>
          <p style="margin:10px 0 0 0;color:#cbd5e1;font-size:14.5px;line-height:1.7">I'll email when something material ships. Until then, run your morning audit and tell me what feels off &mdash; that's how Pickle gets better.</p>
        </div>
      </td></tr>

      <!-- ── SPACER ──────────────────────────────────────────── -->
      <tr><td style="padding:14px 32px 0 32px">&nbsp;</td></tr>

      <!-- ── WEBSITE + REPLY CTA ─────────────────────────────── -->
      <tr><td style="padding:6px 32px 0 32px">
        <p style="margin:0 0 12px 0;color:#cbd5e1;font-size:14.5px;line-height:1.7">More about Pickle: <a href="https://pickle.adityaarsharma.com" style="color:#4ade80;text-decoration:none;border-bottom:1px dotted rgba(74,222,128,0.4)">pickle.adityaarsharma.com</a></p>
        <p style="margin:14px 0 4px 0;color:#cbd5e1;font-size:14.5px;line-height:1.7">Stuck on any step, or just have feedback? <strong>Hit reply</strong> &mdash; or email <a href="mailto:pickle@adityaarsharma.com" style="color:#4ade80;text-decoration:none;border-bottom:1px dotted rgba(74,222,128,0.4)">pickle@adityaarsharma.com</a>. I read every email personally and respond same-day.</p>
      </td></tr>

      <!-- ── FOUNDER SIG ──────────────────────────────────────── -->
      <tr><td style="padding:24px 32px 32px 32px">
        <table role="presentation" cellpadding="0" cellspacing="0" width="100%" style="border-top:1px solid #1f2630;padding-top:20px">
          <tr><td style="padding-top:18px">
            <span style="color:#e2e8f0;font-size:14px;font-weight:600">— Aditya Sharma</span>
            <div style="color:#64748b;font-size:12.5px;margin-top:3px">Founder, Pickle · <a href="https://adityaarsharma.com" style="color:#94a3b8;text-decoration:none;border-bottom:1px dotted #2a3340">adityaarsharma.com</a></div>
          </td></tr>
        </table>
      </td></tr>

    </table>

    <!-- ── FOOTER (outside the card) ──────────────────────────── -->
    <table role="presentation" cellpadding="0" cellspacing="0" width="600" style="max-width:600px;margin-top:16px">
      <tr><td align="center" style="padding:8px 24px 24px 24px;color:#475569;font-size:11px;line-height:1.5">
        You're receiving this because you signed up at <a href="https://pickle.adityaarsharma.com" style="color:#64748b;text-decoration:none">pickle.adityaarsharma.com</a>. Reply with "unsubscribe" if you'd like off the list.<br>
        Pickle is MIT open source · <a href="https://github.com/adityaarsharma/pickle" style="color:#64748b;text-decoration:none">github.com/adityaarsharma/pickle</a> · <a href="https://pickle.adityaarsharma.com/legal/privacy" style="color:#64748b;text-decoration:none">Privacy</a> · <a href="https://pickle.adityaarsharma.com/legal/terms" style="color:#64748b;text-decoration:none">Terms</a>
      </td></tr>
    </table>

  </td></tr>
</table>
</body></html>`;
}

// Legacy template (pre-npm-installer flow). Kept as fallback during the
// transition. Activate by setting USE_LEGACY_WELCOME_EMAIL=1 in env.
function welcomeEmailHTMLLegacy(pickleKey) {
  return `<!doctype html>
<html><body style="font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;background:#080a0d;color:#e2e8f0;margin:0;padding:32px 16px;line-height:1.6">
<div style="max-width:560px;margin:0 auto;background:#0f1218;border:1px solid #1f2630;border-radius:14px;padding:32px 28px">
  <div style="display:inline-block;padding:5px 12px;background:rgba(74,222,128,0.1);border:1px solid rgba(74,222,128,0.3);border-radius:999px;color:#4ade80;font-size:12px;font-family:monospace;letter-spacing:0.05em;margin-bottom:18px">BETA · WELCOME</div>
  <h1 style="margin:0 0 14px;color:#e2e8f0;font-size:24px;letter-spacing:-0.01em">You're in the Pickle Beta.</h1>
  <p style="color:#94a3b8;font-size:15px;margin:0 0 22px">I'm Aditya. Pickle audits your ClickUp / Slack / Microsoft Teams workspaces for the things a good ops manager would catch. Free during Beta. Locked into the lowest price I'll ever charge, forever.</p>
  <div style="background:#080a0d;border:1px solid #1f2630;border-radius:10px;padding:16px 18px;margin-bottom:22px">
    <div style="font-size:11px;font-family:monospace;color:#94a3b8;text-transform:uppercase;letter-spacing:0.08em;margin-bottom:6px">Your Pickle key</div>
    <div style="font-family:monospace;font-size:14px;color:#4ade80;word-break:break-all">${pickleKey}</div>
  </div>
  <p style="color:#94a3b8;font-size:14px;margin:0 0 14px">Setup instructions are at <a href="https://pickle.adityaarsharma.com/#start" style="color:#4ade80">pickle.adityaarsharma.com/#start</a>. Reply if you get stuck.</p>
  <p style="color:#64748b;font-size:13px;margin:22px 0 0;border-top:1px solid #1f2630;padding-top:18px">— Aditya<br/><span style="font-size:12px">Founder, Pickle · <a href="https://adityaarsharma.com" style="color:#94a3b8">adityaarsharma.com</a></span></p>
</div>
<div style="max-width:560px;margin:14px auto 0;text-align:center;color:#64748b;font-size:11px">You're receiving this because you signed up at pickle.adityaarsharma.com. Reply with "unsubscribe" if you'd like off the list.</div>
</body></html>`;
}

async function sendZeptoWelcome(email, pickleKey) {
  if (!ZEPTO_API_KEY) return { skipped: true, reason: "no_zepto_key" };
  const res = await zeptoRequest({
    from: { address: ZEPTO_FROM, name: "Pickle (Aditya)" },
    to: [{ email_address: { address: email } }],
    subject: "You're in the Pickle Beta — your config inside",
    htmlbody: welcomeEmailHTML(pickleKey),
  });
  if (!res.ok) {
    process.stderr.write(`[zepto] welcome send failed ${res.status}: ${String(res.body || res.error).slice(0, 200)}\n`);
  }
  return res;
}

// ── Per-key usage tracker (in-memory + periodic flush) ───────────────────
// Maps key → { count, last_used, first_used, requests_today, today_date }
const _usage = new Map();

function loadUsage() {
  try {
    const raw = fs.readFileSync(USAGE_FILE, "utf-8");
    const parsed = JSON.parse(raw);
    if (parsed && typeof parsed === "object") {
      for (const [k, v] of Object.entries(parsed)) _usage.set(k, v);
    }
  } catch {}
}
loadUsage();

function flushUsage() {
  try {
    const obj = Object.fromEntries(_usage);
    const tmp = USAGE_FILE + ".tmp";
    fs.writeFileSync(tmp, JSON.stringify(obj));
    fs.renameSync(tmp, USAGE_FILE);
  } catch (err) {
    process.stderr.write(`[usage] flush failed: ${err?.message ?? err}\n`);
  }
}
setInterval(flushUsage, 60_000).unref();
process.on("SIGTERM", () => { try { flushUsage(); } catch {} });

function trackUse(key) {
  if (!key) return;
  const today = new Date().toISOString().slice(0, 10);
  const now = new Date().toISOString();
  const entry = _usage.get(key) || {
    count: 0,
    first_used: now,
    last_used: now,
    requests_today: 0,
    today_date: today,
    audits: 0,
    audit_windows: {},
  };
  entry.count++;
  entry.last_used = now;
  if (entry.today_date !== today) { entry.today_date = today; entry.requests_today = 1; }
  else entry.requests_today++;
  _usage.set(key, entry);
}

// Install fingerprint tracker — 1 pickle_key should equal 1 install. We hash
// (IP + User-Agent) into a short fingerprint per request and remember the
// first one we saw per key. Subsequent requests from a different fingerprint
// are logged (currently soft warning, not blocking) so abuse can be reviewed
// in the admin dashboard. No PII stored — only the hash.
function fingerprintRequest(req) {
  const ip = req.headers["cf-connecting-ip"]
          || req.headers["x-forwarded-for"]?.split(",")[0]?.trim()
          || req.socket?.remoteAddress
          || "";
  const ua = String(req.headers["user-agent"] || "").slice(0, 200);
  const raw = `${ip}|${ua}`;
  // Cheap non-crypto hash — no node:crypto dep needed for fingerprinting.
  let h = 0xdeadbeef;
  for (let i = 0; i < raw.length; i++) h = Math.imul(h ^ raw.charCodeAt(i), 16777619);
  return (h >>> 0).toString(16).padStart(8, "0");
}

function trackInstallFingerprint(key, req) {
  if (!key) return;
  const fp = fingerprintRequest(req);
  const now = new Date().toISOString();
  const entry = _usage.get(key) || {
    count: 0, first_used: now, last_used: now, requests_today: 0,
    today_date: now.slice(0, 10), audits: 0, audit_windows: {},
  };
  entry.installs = entry.installs || [];
  const existing = entry.installs.find((i) => i.fp === fp);
  if (existing) {
    existing.last_seen = now;
    existing.count = (existing.count || 0) + 1;
  } else {
    entry.installs.push({ fp, first_seen: now, last_seen: now, count: 1 });
    // Beyond 1st install for this key → log a sharing warning (soft).
    if (entry.installs.length > 1) {
      process.stderr.write(
        `[pickle-share-watch] key=${key.slice(0, 18)}... now has ${entry.installs.length} distinct fingerprints; latest fp=${fp}\n`
      );
    }
  }
  _usage.set(key, entry);
}

// Platform-seen tracker — records WHICH platform tokens have been seen for a
// pickle_key (never the tokens themselves, just first/last-seen timestamps).
// Used for: smart error messages ("you have Slack but not Teams") + admin
// dashboard install-state view.
function trackPlatformsSeen(key, ctx) {
  if (!key || !ctx) return;
  const now = new Date().toISOString();
  const entry = _usage.get(key) || {
    count: 0, first_used: now, last_used: now, requests_today: 0,
    today_date: now.slice(0, 10), audits: 0, audit_windows: {},
  };
  entry.platforms_seen = entry.platforms_seen || {};
  for (const plat of ["clickup", "slack", "teams"]) {
    const tokenKey = `${plat}Token`;
    if (ctx[tokenKey]) {
      const cur = entry.platforms_seen[plat] || {};
      entry.platforms_seen[plat] = {
        first: cur.first || now,
        last: now,
        request_count: (cur.request_count || 0) + 1,
      };
    }
  }
  _usage.set(key, entry);
}

// Anonymous audit-specific counter. Tracks how often each pickle key triggers
// an audit-style tool and the time-window distribution. No workspace data is
// stored; only counters + a string label of the window used.
function trackAudit(key, toolName, windowLabel) {
  if (!key) return;
  const now = new Date().toISOString();
  const entry = _usage.get(key) || {
    count: 0, first_used: now, last_used: now, requests_today: 0,
    today_date: now.slice(0, 10), audits: 0, audit_windows: {},
  };
  entry.audits = (entry.audits || 0) + 1;
  entry.last_audit = now;
  entry.audit_windows = entry.audit_windows || {};
  const label = windowLabel || "default";
  entry.audit_windows[label] = (entry.audit_windows[label] || 0) + 1;
  _usage.set(key, entry);
}

function getSignupStats() {
  const signups = loadSignups();
  const now = Date.now();
  const day = 86400000;

  const last30 = [];
  for (let i = 29; i >= 0; i--) {
    const start = now - (i + 1) * day;
    const end   = now - i * day;
    const date  = new Date(end - day).toISOString().slice(0, 10);
    const count = signups.filter((s) => {
      const t = new Date(s.created_at).getTime();
      return t >= start && t < end;
    }).length;
    last30.push({ date, count });
  }

  const today  = signups.filter((s) => now - new Date(s.created_at).getTime() < day).length;
  const week   = signups.filter((s) => now - new Date(s.created_at).getTime() < 7 * day).length;
  const month  = signups.filter((s) => now - new Date(s.created_at).getTime() < 30 * day).length;

  // Usage metrics
  const todayStr = new Date().toISOString().slice(0, 10);
  let requests_today = 0;
  let requests_total = 0;
  let active_installs = 0;
  let active_24h = 0;
  for (const [, v] of _usage) {
    requests_total += v.count || 0;
    if (v.today_date === todayStr) requests_today += v.requests_today || 0;
    if ((v.count || 0) > 0) active_installs++;
    if (v.last_used && (now - new Date(v.last_used).getTime() < day)) active_24h++;
  }

  // Pro waitlist
  const pro_waitlist = signups.filter((s) => s.intent === "pro").length;
  const pro_today    = signups.filter((s) => s.intent === "pro" && (now - new Date(s.pro_waitlist_at || s.created_at).getTime() < day)).length;

  return {
    total: signups.length,
    today, week, month,
    daily: last30,
    usage: { requests_today, requests_total, active_installs, active_24h },
    pro: { waitlist: pro_waitlist, today: pro_today },
    brevo_configured: !!(BREVO_API_KEY && BREVO_LIST_ID),
    revenue: { mrr_usd: 0, paid_users: 0, status: "polar_pending" },
  };
}

function getUsageForKey(key) {
  return _usage.get(key) || null;
}

// ---------------------------------------------------------------------------
// HTTP helpers
// ---------------------------------------------------------------------------

function sleep(ms) { return new Promise((r) => setTimeout(r, ms)); }
function backoffMs(n) { return 500 * Math.pow(2, n) + Math.floor(Math.random() * 250); }
async function safeReadText(res) { try { return await res.text(); } catch { return ""; } }

function buildUrl(base, pathStr, query) {
  const url = new URL(pathStr, base);
  if (query && typeof query === "object") {
    for (const [key, value] of Object.entries(query)) {
      if (value === undefined || value === null) continue;
      if (Array.isArray(value)) {
        for (const v of value) { if (v != null) url.searchParams.append(key, String(v)); }
      } else if (typeof value === "boolean") {
        url.searchParams.append(key, value ? "true" : "false");
      } else {
        url.searchParams.append(key, String(value));
      }
    }
  }
  return url.toString();
}

// ---------------------------------------------------------------------------
// Zod → JSON Schema (compact, no extra dep — identical to server.mjs)
// ---------------------------------------------------------------------------

function zodToJsonSchema(schema) {
  const def = schema?._def;
  if (!def) return { type: "object" };
  switch (def.typeName) {
    case "ZodObject": {
      const shape = typeof def.shape === "function" ? def.shape() : def.shape;
      const properties = {}, required = [];
      for (const [key, child] of Object.entries(shape)) {
        properties[key] = zodToJsonSchema(child);
        if (!isOptional(child)) required.push(key);
      }
      const out = { type: "object", properties };
      if (required.length) out.required = required;
      if (def.unknownKeys === "strict") out.additionalProperties = false;
      return out;
    }
    case "ZodString": {
      const out = { type: "string" };
      if (Array.isArray(def.checks)) {
        for (const c of def.checks) {
          if (c.kind === "min") out.minLength = c.value;
          if (c.kind === "max") out.maxLength = c.value;
          if (c.kind === "url") out.format = "uri";
        }
      }
      if (schema.description) out.description = schema.description;
      return out;
    }
    case "ZodNumber": {
      const out = { type: "number" };
      if (Array.isArray(def.checks)) {
        for (const c of def.checks) {
          if (c.kind === "int") out.type = "integer";
          if (c.kind === "min") out.minimum = c.value;
          if (c.kind === "max") out.maximum = c.value;
        }
      }
      if (schema.description) out.description = schema.description;
      return out;
    }
    case "ZodBoolean": return { type: "boolean", ...(schema.description ? { description: schema.description } : {}) };
    case "ZodArray": { const out = { type: "array", items: zodToJsonSchema(def.type) }; if (schema.description) out.description = schema.description; return out; }
    case "ZodEnum": return { type: "string", enum: def.values, ...(schema.description ? { description: schema.description } : {}) };
    case "ZodLiteral": return { const: def.value };
    case "ZodUnion": return { anyOf: def.options.map((o) => zodToJsonSchema(o)) };
    case "ZodRecord": return { type: "object", additionalProperties: zodToJsonSchema(def.valueType) };
    case "ZodOptional": return zodToJsonSchema(def.innerType);
    case "ZodNullable": { const inner = zodToJsonSchema(def.innerType); return inner.type ? { ...inner, type: [inner.type, "null"] } : { anyOf: [inner, { type: "null" }] }; }
    case "ZodDefault": return { ...zodToJsonSchema(def.innerType), default: def.defaultValue() };
    case "ZodEffects": return zodToJsonSchema(def.schema);
    case "ZodAny": case "ZodUnknown": return {};
    default: return {};
  }
}

function isOptional(schema) {
  const def = schema?._def;
  if (!def) return false;
  if (def.typeName === "ZodOptional" || def.typeName === "ZodDefault") return true;
  if (def.typeName === "ZodEffects") return isOptional(def.schema);
  return false;
}

// ---------------------------------------------------------------------------
// MCP server factory — creates a new server instance per request
// Captures the ClickUp token via closure; uses per-user cache for team data.
// ---------------------------------------------------------------------------

const TOOL_COUNT = 40; // Updated at runtime in startupLog

function createPickleServer(ctxOrLegacyToken, legacyPickleKey = "") {
  // Backwards-compat: old call sites passed (clickupToken, pickleKey).
  // New call sites pass a ctx object: { pickleKey, clickupToken, slackToken, teamsToken }.
  const ctx = (typeof ctxOrLegacyToken === "object" && ctxOrLegacyToken !== null)
    ? ctxOrLegacyToken
    : { clickupToken: String(ctxOrLegacyToken || ""), pickleKey: legacyPickleKey, slackToken: "", teamsToken: "" };
  const { clickupToken = "", slackToken = "", teamsToken = "", pickleKey = "" } = ctx;
  // clickupToken may be empty when user is setting up — that's allowed for setup-only flow.
  const tokenHash = clickupToken ? hashToken(clickupToken) : null;

  // ── Per-user ClickUp HTTP client ─────────────────────────────────────────
  async function clickupFetch(method, pathStr, { query, body } = {}) {
    if (!clickupToken) {
      throw new McpError(
        ErrorCode.InvalidRequest,
        `ClickUp isn't connected for this Pickle key yet. ${(() => {
          const connected = [];
          if (slackToken) connected.push("Slack");
          if (teamsToken) connected.push("Microsoft Teams");
          if (!connected.length) return "Run `pickle_setup` with platform=\"clickup\" to connect.";
          return `You currently have ${connected.join(" and ")} connected. Either audit there instead, or run \`pickle_setup\` with platform="clickup" to connect ClickUp.`;
        })()}`
      );
    }
    const url = buildUrl(API_BASE, pathStr, query);
    assertSafeHost(url);

    const headers = {
      Authorization: clickupToken,
      Accept: "application/json",
      "User-Agent": USER_AGENT,
    };
    if (body !== undefined) headers["Content-Type"] = "application/json";

    let lastErr = null;
    for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
      const controller = new AbortController();
      const th = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
      let res;
      try {
        res = await fetch(url, {
          method, headers,
          body: body === undefined ? undefined : JSON.stringify(body),
          signal: controller.signal,
        });
      } catch (err) {
        clearTimeout(th);
        lastErr = err;
        if (attempt < MAX_RETRIES) { await sleep(backoffMs(attempt)); continue; }
        throw new McpError(ErrorCode.InternalError,
          `ClickUp request failed after ${MAX_RETRIES + 1} attempts: ${err?.message ?? err}`);
      }
      clearTimeout(th);

      if (res.ok) {
        if (res.status === 204) return { ok: true, status: 204 };
        const text = await res.text();
        if (!text) return { ok: true, status: res.status };
        try { return JSON.parse(text); } catch { return { ok: true, status: res.status, raw: text }; }
      }

      if (res.status === 429 && attempt < MAX_RETRIES) {
        const ra = res.headers.get("retry-after");
        let wait = ra ? (Number.isFinite(+ra) ? +ra * 1000 : Math.max(0, new Date(ra) - Date.now())) : backoffMs(attempt);
        if (!Number.isFinite(wait) || wait < 0) wait = backoffMs(attempt);
        await sleep(Math.min(wait, 60_000));
        continue;
      }

      const isIdempotent = method === "GET" || method === "HEAD";
      if (res.status >= 500 && isIdempotent && attempt < MAX_RETRIES) {
        await sleep(backoffMs(attempt)); continue;
      }

      const errorBody = await safeReadText(res);
      throw new McpError(ErrorCode.InternalError,
        `ClickUp API ${method} ${pathStr} → HTTP ${res.status} ${res.statusText}: ${errorBody || "(no body)"}`);
    }
    throw new McpError(ErrorCode.InternalError,
      `ClickUp request exhausted retries: ${lastErr?.message ?? "unknown"}`);
  }

  // ── Per-user team resolution (cached) ───────────────────────────────────
  async function listTeams() {
    const cached = getCached(tokenHash, "teams");
    if (cached) return cached;
    const data = await clickupFetch("GET", "/api/v2/team");
    const teams = Array.isArray(data?.teams) ? data.teams : [];
    setCached(tokenHash, "teams", teams);
    return teams;
  }

  async function resolveTeamId(override) {
    if (override) return String(override);
    const cached = getCached(tokenHash, "teamId");
    if (cached) return cached;
    const teams = await listTeams();
    if (!teams.length) throw new McpError(ErrorCode.InternalError, "No ClickUp workspaces found for this token.");
    const teamId = String(teams[0].id);
    setCached(tokenHash, "teamId", teamId);
    return teamId;
  }

  // ── Hierarchy helpers ────────────────────────────────────────────────────
  async function getSpaces(teamId) {
    const d = await clickupFetch("GET", `/api/v2/team/${teamId}/space`, { query: { archived: false } });
    return Array.isArray(d?.spaces) ? d.spaces : [];
  }
  async function getFoldersForSpace(spaceId) {
    const d = await clickupFetch("GET", `/api/v2/space/${spaceId}/folder`, { query: { archived: false } });
    return Array.isArray(d?.folders) ? d.folders : [];
  }
  async function getFolderlessLists(spaceId) {
    const d = await clickupFetch("GET", `/api/v2/space/${spaceId}/list`, { query: { archived: false } });
    return Array.isArray(d?.lists) ? d.lists : [];
  }
  async function getListsInFolder(folderId) {
    const d = await clickupFetch("GET", `/api/v2/folder/${folderId}/list`, { query: { archived: false } });
    return Array.isArray(d?.lists) ? d.lists : [];
  }

  // Helper: tell the user what they DO have connected when they ask for
  // something they don't. Surfaces a smart "I see you have X — want X instead?"
  function connectedPlatformsHint(missing) {
    const connected = [];
    if (clickupToken && missing !== "clickup") connected.push("ClickUp");
    if (slackToken   && missing !== "slack")   connected.push("Slack");
    if (teamsToken   && missing !== "teams")   connected.push("Microsoft Teams");
    if (!connected.length) {
      return `Run \`pickle_setup\` with platform="${missing}" to connect.`;
    }
    return `You currently have ${connected.join(" and ")} connected. Either audit there instead, or run \`pickle_setup\` with platform="${missing}" to connect ${missing}.`;
  }

  // ── Per-user Slack HTTP client ────────────────────────────────────────────
  // Generic, used by every Slack tool below. SSRF-guarded to slack.com only.
  async function slackFetch(method, pathStr, { query, body } = {}) {
    if (!slackToken) {
      throw new McpError(
        ErrorCode.InvalidRequest,
        `Slack isn't connected for this Pickle key yet. ${connectedPlatformsHint("slack")}`
      );
    }
    const url = buildUrl("https://slack.com", pathStr, query);
    assertSafeHost(url);

    const headers = {
      Authorization: `Bearer ${slackToken.replace(/^Bearer\s+/i, "")}`,
      Accept: "application/json",
      "User-Agent": USER_AGENT,
    };
    if (body !== undefined) headers["Content-Type"] = "application/json; charset=utf-8";

    let lastErr = null;
    for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
      const controller = new AbortController();
      const th = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
      let res;
      try {
        res = await fetch(url, {
          method, headers,
          body: body === undefined ? undefined : JSON.stringify(body),
          signal: controller.signal,
        });
      } catch (err) {
        clearTimeout(th);
        lastErr = err;
        if (attempt < MAX_RETRIES) { await sleep(backoffMs(attempt)); continue; }
        throw new McpError(ErrorCode.InternalError,
          `Slack request failed after ${MAX_RETRIES + 1} attempts: ${err?.message ?? err}`);
      }
      clearTimeout(th);

      // Slack returns 200 with { ok: false, error: "..." } on app-level errors.
      if (res.status === 429 && attempt < MAX_RETRIES) {
        const ra = res.headers.get("retry-after");
        const wait = ra ? Math.max(0, Number(ra) * 1000) : backoffMs(attempt);
        await sleep(Math.min(wait || backoffMs(attempt), 60_000));
        continue;
      }
      if (res.status >= 500 && (method === "GET" || method === "HEAD") && attempt < MAX_RETRIES) {
        await sleep(backoffMs(attempt));
        continue;
      }
      const text = await res.text();
      let json = null;
      try { json = text ? JSON.parse(text) : {}; } catch { json = { raw: text }; }
      if (!res.ok) {
        throw new McpError(ErrorCode.InternalError,
          `Slack API ${method} ${pathStr} → HTTP ${res.status} ${res.statusText}: ${text || "(no body)"}`);
      }
      if (json && json.ok === false) {
        throw new McpError(ErrorCode.InternalError,
          `Slack API error: ${json.error || "unknown_error"}${json.needed ? ` (needs scope: ${json.needed})` : ""}`);
      }
      return json;
    }
    throw new McpError(ErrorCode.InternalError,
      `Slack request exhausted retries: ${lastErr?.message ?? "unknown"}`);
  }

  // ── Per-user Microsoft Graph (Teams) HTTP client ──────────────────────────
  async function graphFetch(method, pathStr, { query, body } = {}) {
    if (!teamsToken) {
      throw new McpError(
        ErrorCode.InvalidRequest,
        `Microsoft Teams isn't connected for this Pickle key yet. ${connectedPlatformsHint("teams")}`
      );
    }
    const url = buildUrl("https://graph.microsoft.com", pathStr, query);
    assertSafeHost(url);

    const cleanToken = teamsToken.replace(/^Bearer\s+/i, "");
    const headers = {
      Authorization: `Bearer ${cleanToken}`,
      Accept: "application/json",
      "User-Agent": USER_AGENT,
    };
    if (body !== undefined) headers["Content-Type"] = "application/json";

    let lastErr = null;
    for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
      const controller = new AbortController();
      const th = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
      let res;
      try {
        res = await fetch(url, {
          method, headers,
          body: body === undefined ? undefined : JSON.stringify(body),
          signal: controller.signal,
        });
      } catch (err) {
        clearTimeout(th);
        lastErr = err;
        if (attempt < MAX_RETRIES) { await sleep(backoffMs(attempt)); continue; }
        throw new McpError(ErrorCode.InternalError,
          `Microsoft Graph request failed after ${MAX_RETRIES + 1} attempts: ${err?.message ?? err}`);
      }
      clearTimeout(th);

      if (res.status === 429 && attempt < MAX_RETRIES) {
        const ra = res.headers.get("retry-after");
        const wait = ra ? Math.max(0, Number(ra) * 1000) : backoffMs(attempt);
        await sleep(Math.min(wait || backoffMs(attempt), 60_000));
        continue;
      }
      if (res.status >= 500 && (method === "GET" || method === "HEAD") && attempt < MAX_RETRIES) {
        await sleep(backoffMs(attempt));
        continue;
      }
      if (res.ok) {
        if (res.status === 204) return { ok: true, status: 204 };
        const text = await res.text();
        if (!text) return { ok: true, status: res.status };
        try { return JSON.parse(text); } catch { return { ok: true, status: res.status, raw: text }; }
      }
      const errorBody = await safeReadText(res);
      throw new McpError(ErrorCode.InternalError,
        `Microsoft Graph ${method} ${pathStr} → HTTP ${res.status} ${res.statusText}: ${errorBody || "(no body)"}`);
    }
    throw new McpError(ErrorCode.InternalError,
      `Microsoft Graph request exhausted retries: ${lastErr?.message ?? "unknown"}`);
  }

  // =========================================================================
  // TOOLS — identical feature set to local server.mjs
  // =========================================================================

  const tools = [

    // ── SETUP (called first by AI hosts on a new install) ─────────────────
    {
      name: "pickle_setup",
      description: "FIRST-RUN SETUP for Pickle. Call this tool IMMEDIATELY whenever the user says any of: \"Pickle Start\" / \"Pickle start\" / \"Pickle set me up\" / \"setup Pickle\" / \"set up Pickle\" / \"connect Pickle\" / \"how do I get started with Pickle\" / \"Pickle set me up for ClickUp|Slack|Teams\". It returns step-by-step instructions for getting the right token(s) for ClickUp, Slack, or Microsoft Teams — and a checklist for adding them to the user's MCP config. No external skills, no shell scripts required. Always call this tool as the very first action whenever the user is onboarding to Pickle.",
      inputSchema: z.object({
        platform: z.enum(["clickup", "slack", "teams", "all"]).optional()
          .describe("Which platform the user wants to connect first. Defaults to 'all' (returns the full setup guide for ClickUp + Slack + Teams)."),
      }),
      async handler({ platform }) {
        const target = platform || "all";

        const clickupGuide = [
          "## Connect ClickUp (≈ 30 seconds)",
          "1. Open https://app.clickup.com → click your avatar → **Settings** → **Apps**",
          "2. Under **ClickUp API**, click **Generate** — copy the `pk_…` token",
          "3. In your assistant's MCP config (`~/.claude.json`, Cursor MCP settings, etc.), set the header:",
          "   `\"x-clickup-token\": \"pk_YOUR_TOKEN\"`",
          "4. Restart your assistant — Pickle's 40 ClickUp tools appear automatically",
          "",
          "✓ Token is used per-request, never stored on the Pickle server.",
        ].join("\n");

        const slackGuide = [
          "## Connect Slack (≈ 2 minutes)",
          "1. Open https://api.slack.com/apps → **Create New App** → **From scratch**",
          "2. Name it 'Pickle' (or whatever) → pick your workspace",
          "3. **OAuth & Permissions** → User Token Scopes → add: `channels:history`, `groups:history`, `im:history`, `mpim:history`, `users:read`, `chat:write`",
          "4. **Install to Workspace** → copy the **User OAuth Token** (`xoxp-…`)",
          "5. Add header to your MCP config: `\"x-slack-token\": \"xoxp-YOUR_TOKEN\"`",
          "6. Restart your assistant",
          "",
          "⚠ Slack-based audit patterns (ghost mode, DM-only completion, decisions-in-DM) are part of Pickle Pro. During Beta, the raw Slack tools are available as a Pro preview — when Pro launches, full Slack audit becomes a paid feature. Beta users get grandfathered into the lowest Pro rate. Email pickle@adityaarsharma.com with feedback on what Pro should include.",
        ].join("\n");

        const teamsGuide = [
          "## Connect Microsoft Teams (≈ 5 minutes, persistent)",
          "Quick test (1-hour token, no Azure app):",
          "1. Open https://developer.microsoft.com/graph/graph-explorer → sign in with your Teams account",
          "2. DevTools → Network → copy the `Authorization: Bearer …` value",
          "3. Add header: `\"x-teams-token\": \"Bearer YOUR_TOKEN\"`",
          "",
          "Persistent setup (one-time):",
          "1. https://portal.azure.com → **App registrations** → **New registration** → 'Pickle CLI', Personal Microsoft accounts",
          "2. **API permissions** → Add → Microsoft Graph (Delegated): `Chat.Read`, `ChannelMessage.Read.All`, `Team.ReadBasic.All`, `User.Read`, `Tasks.ReadWrite`, `offline_access`",
          "3. Complete the device-flow sign-in when Pickle prompts",
          "",
          "⚠ Microsoft Teams audit patterns (cross-tool catches, decisions-in-DM, manager bottleneck) are part of Pickle Pro. During Beta, the raw Teams tools are a Pro preview — when Pro launches, full Teams audit becomes a paid feature. Beta users get grandfathered into the lowest Pro rate. Email pickle@adityaarsharma.com with feedback.",
        ].join("\n");

        // Current install status — based on which platform tokens are in
        // this MCP request's headers. Lets pickle_setup be re-entrant:
        // first call gives the full guide, re-calls show status + remaining work.
        const status = {
          clickup: !!clickupToken,
          slack:   !!slackToken,
          teams:   !!teamsToken,
        };
        const connectedCount = Object.values(status).filter(Boolean).length;
        const statusLines = [
          `${status.clickup ? "✓ ClickUp connected" : "✗ ClickUp not yet"}`,
          `${status.slack   ? "✓ Slack connected"   : "✗ Slack not yet"}`,
          `${status.teams   ? "✓ Microsoft Teams connected" : "✗ Microsoft Teams not yet"}`,
        ].join("\n");

        const intro = [
          "# Pickle setup 🥒",
          "",
          "Pickle audits your ClickUp workspace for 9 patterns no native tool surfaces — stale tasks, broken promises, forty-hour empty descriptions, zombie tasks, standup copy-paste, and 4 more — all free in Beta. Cross-tool catches that need Slack/Teams chat data (ghost mode, DM-only completion, decisions-in-DM, manager bottleneck) ship later.",
          "",
          "**Free during Beta** for the first 200 users. Free plan stays free forever.",
          "",
          "---",
          "",
          "## Your current connection status",
          statusLines,
          "",
          connectedCount === 0
            ? "Looks like this is your first time. Pick a platform below to connect."
            : connectedCount === 3
              ? "All three platforms are connected. You're ready: try \"Pickle, audit my ClickUp from last 24 hours\"."
              : `${connectedCount} of 3 platforms connected. Run audits on what's connected, or set up the rest below.`,
          "",
          "---",
          "",
        ].join("\n");

        const blocks = [];
        if (target === "clickup" || target === "all") blocks.push(clickupGuide);
        if (target === "slack"   || target === "all") blocks.push(slackGuide);
        if (target === "teams"   || target === "all") blocks.push(teamsGuide);

        const outro = [
          "",
          "---",
          "",
          "## After you've added at least one token",
          "Just ask me: **\"What in my workspace needs attention today?\"**",
          "",
          "Pickle will scan whichever platform(s) you've connected and return a ranked morning brief.",
          "",
          "**Privacy:** every token travels in the HTTPS header per request. Pickle uses it to call the corresponding API on your behalf, then discards it. No tokens stored, no task data logged, no chat content kept.",
          "",
          "**Help:** anything broken? Email pickle@adityaarsharma.com — that's the founder.",
        ].join("\n");

        return intro + blocks.join("\n\n---\n\n") + outro;
      },
    },

    // ── WORKSPACE / MEMBERS ────────────────────────────────────────────────

    {
      name: "clickup_get_workspace_hierarchy",
      description: "Return the full tree: team → spaces → folders → lists (plus folderless lists).",
      inputSchema: z.object({ team_id: z.string().optional() }),
      async handler({ team_id }) {
        const teamId = await resolveTeamId(team_id);
        const teams  = await listTeams();
        const team   = teams.find((t) => String(t.id) === String(teamId)) || { id: teamId, name: null };
        const spaces = await getSpaces(teamId);
        const perSpace = await Promise.all(spaces.map(async (space) => {
          const [folders, folderlessLists] = await Promise.all([
            getFoldersForSpace(space.id),
            getFolderlessLists(space.id),
          ]);
          const folderLists = await Promise.all(folders.map(async (folder) => {
            const lists = Array.isArray(folder.lists) && folder.lists.length
              ? folder.lists : await getListsInFolder(folder.id);
            return { folder, lists };
          }));
          return { space, folderLists, folderlessLists };
        }));
        const hierarchy = perSpace.map(({ space, folderLists, folderlessLists }) => ({
          id: space.id, name: space.name, private: space.private ?? false,
          folders: folderLists.map(({ folder, lists }) => ({
            id: folder.id, name: folder.name, hidden: folder.hidden ?? false,
            lists: lists.map((l) => ({ id: l.id, name: l.name, task_count: l.task_count ?? null })),
          })),
          folderless_lists: folderlessLists.map((l) => ({ id: l.id, name: l.name, task_count: l.task_count ?? null })),
        }));
        return { team: { id: String(team.id), name: team.name ?? null }, spaces: hierarchy };
      },
    },

    {
      name: "clickup_get_workspace_members",
      description: "Return all members of a ClickUp workspace.",
      inputSchema: z.object({ team_id: z.string().optional() }),
      async handler({ team_id }) {
        const teamId = await resolveTeamId(team_id);
        const teams  = await listTeams();
        const team   = teams.find((t) => String(t.id) === String(teamId));
        if (!team) throw new McpError(ErrorCode.InvalidRequest, `Team ${teamId} not found.`);
        return {
          team_id: String(team.id), team_name: team.name ?? null,
          members: (team.members ?? []).map((m) => {
            const u = m?.user || {};
            return { id: u.id, username: u.username ?? null, email: u.email ?? null,
              initials: u.initials ?? null, color: u.color ?? null,
              profilePicture: u.profilePicture ?? null, role: u.role ?? null };
          }),
        };
      },
    },

    {
      name: "clickup_find_member_by_name",
      description: "Find a workspace member by case-insensitive substring on username or email.",
      inputSchema: z.object({ query: z.string().min(1), team_id: z.string().optional() }),
      async handler({ query, team_id }) {
        const teamId  = await resolveTeamId(team_id);
        const teams   = await listTeams();
        const team    = teams.find((t) => String(t.id) === String(teamId));
        const members = team?.members ?? [];
        const needle  = query.trim().toLowerCase();
        const matches = members.map((m) => m?.user).filter(Boolean)
          .filter((u) => (u.username || "").toLowerCase().includes(needle) || (u.email || "").toLowerCase().includes(needle))
          .map((u) => ({ id: u.id, username: u.username ?? null, email: u.email ?? null }));
        return { query, matches };
      },
    },

    {
      name: "clickup_resolve_assignees",
      description: "Resolve names/emails/IDs to numeric ClickUp user IDs. Numeric values pass through.",
      inputSchema: z.object({
        assignees: z.array(z.union([z.string(), z.number()])).min(1),
        team_id: z.string().optional(),
      }),
      async handler({ assignees, team_id }) {
        const teamId  = await resolveTeamId(team_id);
        const teams   = await listTeams();
        const team    = teams.find((t) => String(t.id) === String(teamId));
        const members = team?.members ?? [];
        const resolved = [], unresolved = [];
        for (const raw of assignees) {
          if (typeof raw === "number" || /^\d+$/.test(String(raw).trim())) { resolved.push(Number(raw)); continue; }
          const needle = String(raw).trim().toLowerCase();
          const user   = members.map((m) => m?.user).find((u) => u &&
            ((u.username || "").toLowerCase() === needle || (u.email || "").toLowerCase() === needle));
          if (user?.id != null) { resolved.push(Number(user.id)); continue; }
          const fuzzy = members.map((m) => m?.user).filter(Boolean).filter((u) =>
            (u.username || "").toLowerCase().includes(needle) || (u.email || "").toLowerCase().includes(needle));
          if (fuzzy.length === 1) resolved.push(Number(fuzzy[0].id));
          else unresolved.push(String(raw));
        }
        return { resolved, unresolved };
      },
    },

    // ── SPACES ─────────────────────────────────────────────────────────────

    {
      name: "clickup_get_space",
      description: "Get a single space by ID.",
      inputSchema: z.object({ space_id: z.string().min(1) }),
      async handler({ space_id }) {
        return clickupFetch("GET", `/api/v2/space/${encodeURIComponent(space_id)}`);
      },
    },

    {
      name: "clickup_create_space",
      description: "Create a new space in the workspace.",
      inputSchema: z.object({
        team_id: z.string().optional(),
        name: z.string().min(1),
        multiple_assignees: z.boolean().optional(),
        features: z.object({
          due_dates: z.object({ enabled: z.boolean(), start_date: z.boolean().optional(), remap_due_dates: z.boolean().optional(), remap_closed_due_date: z.boolean().optional() }).optional(),
          time_tracking: z.object({ enabled: z.boolean() }).optional(),
          tags: z.object({ enabled: z.boolean() }).optional(),
          time_estimates: z.object({ enabled: z.boolean() }).optional(),
          checklists: z.object({ enabled: z.boolean() }).optional(),
          custom_fields: z.object({ enabled: z.boolean() }).optional(),
          remap_dependencies: z.object({ enabled: z.boolean() }).optional(),
          dependency_warning: z.object({ enabled: z.boolean() }).optional(),
          portfolios: z.object({ enabled: z.boolean() }).optional(),
        }).optional(),
      }),
      async handler({ team_id, name, multiple_assignees, features }) {
        const teamId = await resolveTeamId(team_id);
        const body = { name };
        if (multiple_assignees !== undefined) body.multiple_assignees = multiple_assignees;
        if (features) body.features = features;
        return clickupFetch("POST", `/api/v2/team/${teamId}/space`, { body });
      },
    },

    // ── LISTS ──────────────────────────────────────────────────────────────

    {
      name: "clickup_get_lists_in_folder",
      description: "Get all lists inside a folder.",
      inputSchema: z.object({ folder_id: z.string().min(1), archived: z.boolean().optional() }),
      async handler({ folder_id, archived }) {
        return clickupFetch("GET", `/api/v2/folder/${encodeURIComponent(folder_id)}/list`,
          { query: { archived: archived ?? false } });
      },
    },

    {
      name: "clickup_get_folderless_lists",
      description: "Get all folderless (space-level) lists inside a space.",
      inputSchema: z.object({ space_id: z.string().min(1), archived: z.boolean().optional() }),
      async handler({ space_id, archived }) {
        return clickupFetch("GET", `/api/v2/space/${encodeURIComponent(space_id)}/list`,
          { query: { archived: archived ?? false } });
      },
    },

    {
      name: "clickup_get_list",
      description: "Get a single list by ID (includes task statuses, custom fields info).",
      inputSchema: z.object({ list_id: z.string().min(1) }),
      async handler({ list_id }) {
        return clickupFetch("GET", `/api/v2/list/${encodeURIComponent(list_id)}`);
      },
    },

    {
      name: "clickup_create_list",
      description: "Create a list. Provide EITHER folder_id OR space_id (folderless).",
      inputSchema: z.object({
        name: z.string().min(1),
        folder_id: z.string().optional(),
        space_id: z.string().optional(),
        content: z.string().optional(),
        due_date: z.number().int().optional(),
        due_date_time: z.boolean().optional(),
        priority: z.number().int().min(1).max(4).optional(),
        assignee: z.number().int().optional(),
        status: z.string().optional(),
      }).refine((v) => !!(v.folder_id) !== !!(v.space_id), { message: "Provide exactly one of folder_id or space_id." }),
      async handler(args) {
        const { folder_id, space_id, ...rest } = args;
        const body = Object.fromEntries(Object.entries(rest).filter(([, v]) => v !== undefined));
        const p = folder_id
          ? `/api/v2/folder/${encodeURIComponent(folder_id)}/list`
          : `/api/v2/space/${encodeURIComponent(space_id)}/list`;
        return clickupFetch("POST", p, { body });
      },
    },

    {
      name: "clickup_get_list_tasks",
      description: "Get tasks in a specific list, scoped to the audit time window (default last 7 days; max 7d on Free). Supports pagination, filters, custom fields. Use the `time_window` parameter ('1h'|'6h'|'1d'|'3d'|'7d') to scope the audit; deeper history is a Pro-tier feature coming soon.",
      inputSchema: z.object({
        list_id: z.string().min(1),
        time_window: z.string().optional().describe("Audit window: '1h', '6h', '1d', '3d', or '7d' (default). Free tier caps at 7d; longer windows are silently clamped."),
        archived: z.boolean().optional(),
        include_markdown_description: z.boolean().optional(),
        page: z.number().int().min(0).optional(),
        order_by: z.enum(["id", "created", "updated", "due_date"]).optional(),
        reverse: z.boolean().optional(),
        subtasks: z.boolean().optional(),
        statuses: z.array(z.string()).optional(),
        include_closed: z.boolean().optional(),
        assignees: z.array(z.union([z.string(), z.number()])).optional(),
        tags: z.array(z.string()).optional(),
        due_date_gt: z.number().int().optional(),
        due_date_lt: z.number().int().optional(),
        date_created_gt: z.number().int().optional(),
        date_created_lt: z.number().int().optional(),
        date_updated_gt: z.number().int().optional(),
        date_updated_lt: z.number().int().optional(),
        custom_fields: z.string().optional().describe("JSON-encoded array of custom field filters."),
      }),
      async handler({ list_id, ...rawArgs }) {
        const capped = applyWindowCap(rawArgs, "updated");
        const args = capped.args;
        trackAudit(pickleKey, "clickup_get_list_tasks", capped.window_used);
        const query = {};
        if (args.archived !== undefined) query.archived = args.archived;
        if (args.include_markdown_description) query.include_markdown_description = true;
        if (args.page !== undefined) query.page = args.page;
        if (args.order_by) query.order_by = args.order_by;
        if (args.reverse !== undefined) query.reverse = args.reverse;
        if (args.subtasks !== undefined) query.subtasks = args.subtasks;
        if (args.include_closed !== undefined) query.include_closed = args.include_closed;
        if (args.statuses) query["statuses[]"] = args.statuses;
        if (args.assignees) query["assignees[]"] = args.assignees;
        if (args.tags) query["tags[]"] = args.tags;
        if (args.due_date_gt !== undefined) query.due_date_gt = args.due_date_gt;
        if (args.due_date_lt !== undefined) query.due_date_lt = args.due_date_lt;
        if (args.date_created_gt !== undefined) query.date_created_gt = args.date_created_gt;
        if (args.date_created_lt !== undefined) query.date_created_lt = args.date_created_lt;
        if (args.date_updated_gt !== undefined) query.date_updated_gt = args.date_updated_gt;
        if (args.date_updated_lt !== undefined) query.date_updated_lt = args.date_updated_lt;
        if (args.custom_fields) query.custom_fields = args.custom_fields;
        const result = await clickupFetch("GET", `/api/v2/list/${encodeURIComponent(list_id)}/task`, { query });
        return {
          ...result,
          _audit: { window_used: capped.window_used, pro_note: capped.pro_note },
        };
      },
    },

    // ── CUSTOM FIELDS ──────────────────────────────────────────────────────

    {
      name: "clickup_get_list_custom_fields",
      description: "Get all custom fields defined on a list.",
      inputSchema: z.object({ list_id: z.string().min(1) }),
      async handler({ list_id }) {
        return clickupFetch("GET", `/api/v2/list/${encodeURIComponent(list_id)}/field`);
      },
    },

    {
      name: "clickup_set_task_custom_field",
      description: "Set (or update) a custom field value on a task.",
      inputSchema: z.object({
        task_id: z.string().min(1),
        field_id: z.string().min(1),
        value: z.any().describe("Value shape depends on custom field type."),
        value_options: z.record(z.any()).optional(),
        custom_task_ids: z.boolean().optional(),
        team_id: z.string().optional(),
      }),
      async handler({ task_id, field_id, value, value_options, custom_task_ids, team_id }) {
        const query = {};
        if (custom_task_ids) { query.custom_task_ids = true; query.team_id = team_id || await resolveTeamId(); }
        const body = { value };
        if (value_options) body.value_options = value_options;
        return clickupFetch("POST",
          `/api/v2/task/${encodeURIComponent(task_id)}/field/${encodeURIComponent(field_id)}`,
          { query, body });
      },
    },

    // ── CHAT (v3) ─────────────────────────────────────────────────────────

    {
      name: "clickup_get_chat_channels",
      description: "List chat channels (including DMs and group DMs) for the workspace.",
      inputSchema: z.object({
        team_id: z.string().optional(),
        limit: z.number().int().positive().max(200).optional(),
        cursor: z.string().optional(),
        include_hidden: z.boolean().optional(),
      }),
      async handler({ team_id, limit, cursor, include_hidden }) {
        const teamId = await resolveTeamId(team_id);
        const query = {};
        if (limit !== undefined) query.limit = limit;
        if (cursor) query.cursor = cursor;
        if (include_hidden !== undefined) query.include_hidden = include_hidden;
        return clickupFetch("GET", `/api/v3/workspaces/${teamId}/chat/channels`, { query });
      },
    },

    {
      name: "clickup_get_chat_channel",
      description: "Get details of a single chat channel by ID.",
      inputSchema: z.object({ channel_id: z.string().min(1), team_id: z.string().optional() }),
      async handler({ channel_id, team_id }) {
        const teamId = await resolveTeamId(team_id);
        return clickupFetch("GET", `/api/v3/workspaces/${teamId}/chat/channels/${encodeURIComponent(channel_id)}`);
      },
    },

    {
      name: "clickup_get_chat_channel_messages",
      description: "List messages from a ClickUp chat channel (v3). Supports limit and cursor pagination.",
      inputSchema: z.object({
        channel_id: z.string().min(1),
        team_id: z.string().optional(),
        limit: z.number().int().positive().max(200).optional(),
        cursor: z.string().optional(),
      }),
      async handler({ channel_id, team_id, limit, cursor }) {
        const teamId = await resolveTeamId(team_id);
        const query = {};
        if (limit !== undefined) query.limit = limit;
        if (cursor) query.cursor = cursor;
        return clickupFetch("GET",
          `/api/v3/workspaces/${teamId}/chat/channels/${encodeURIComponent(channel_id)}/messages`, { query });
      },
    },

    {
      name: "clickup_send_chat_message",
      description: "Send a message to a ClickUp chat channel (v3).",
      inputSchema: z.object({
        channel_id: z.string().min(1),
        content: z.string().min(1),
        type: z.enum(["message", "comment"]).optional(),
        team_id: z.string().optional(),
      }),
      async handler({ channel_id, content, type, team_id }) {
        const teamId = await resolveTeamId(team_id);
        return clickupFetch("POST",
          `/api/v3/workspaces/${teamId}/chat/channels/${encodeURIComponent(channel_id)}/messages`,
          { body: { type: type || "message", content } });
      },
    },

    {
      name: "clickup_update_chat_message",
      description: "Edit the content of an existing chat message.",
      inputSchema: z.object({
        channel_id: z.string().min(1),
        message_id: z.string().min(1),
        content: z.string().min(1),
        team_id: z.string().optional(),
      }),
      async handler({ channel_id, message_id, content, team_id }) {
        const teamId = await resolveTeamId(team_id);
        return clickupFetch("PUT",
          `/api/v3/workspaces/${teamId}/chat/channels/${encodeURIComponent(channel_id)}/messages/${encodeURIComponent(message_id)}`,
          { body: { content } });
      },
    },

    {
      name: "clickup_delete_chat_message",
      description: "Delete a chat message.",
      inputSchema: z.object({
        channel_id: z.string().min(1),
        message_id: z.string().min(1),
        team_id: z.string().optional(),
      }),
      async handler({ channel_id, message_id, team_id }) {
        const teamId = await resolveTeamId(team_id);
        return clickupFetch("DELETE",
          `/api/v3/workspaces/${teamId}/chat/channels/${encodeURIComponent(channel_id)}/messages/${encodeURIComponent(message_id)}`);
      },
    },

    {
      name: "clickup_get_chat_message_replies",
      description: "Get threaded replies for a specific chat message (v3).",
      inputSchema: z.object({
        channel_id: z.string().min(1),
        message_id: z.string().min(1),
        team_id: z.string().optional(),
        limit: z.number().int().positive().max(200).optional(),
        cursor: z.string().optional(),
      }),
      async handler({ channel_id, message_id, team_id, limit, cursor }) {
        const teamId = await resolveTeamId(team_id);
        const query = {};
        if (limit !== undefined) query.limit = limit;
        if (cursor) query.cursor = cursor;
        return clickupFetch("GET",
          `/api/v3/workspaces/${teamId}/chat/channels/${encodeURIComponent(channel_id)}/messages/${encodeURIComponent(message_id)}/replies`,
          { query });
      },
    },

    {
      name: "clickup_send_chat_reply",
      description: "Send a reply in a chat message thread (v3).",
      inputSchema: z.object({
        channel_id: z.string().min(1),
        message_id: z.string().min(1),
        content: z.string().min(1),
        team_id: z.string().optional(),
      }),
      async handler({ channel_id, message_id, content, team_id }) {
        const teamId = await resolveTeamId(team_id);
        return clickupFetch("POST",
          `/api/v3/workspaces/${teamId}/chat/channels/${encodeURIComponent(channel_id)}/messages/${encodeURIComponent(message_id)}/replies`,
          { body: { content } });
      },
    },

    {
      name: "clickup_react_to_chat_message",
      description: "Add an emoji reaction to a chat message.",
      inputSchema: z.object({
        message_id: z.string().min(1),
        emoji: z.string().min(1).describe("Emoji character or shortcode, e.g. '👍' or ':thumbsup:'"),
        team_id: z.string().optional(),
      }),
      async handler({ message_id, emoji, team_id }) {
        const teamId = await resolveTeamId(team_id);
        return clickupFetch("POST",
          `/api/v3/workspaces/${teamId}/chat/messages/${encodeURIComponent(message_id)}/reactions`,
          { body: { emoji } });
      },
    },

    // ── TASKS ──────────────────────────────────────────────────────────────

    {
      name: "clickup_filter_tasks",
      description: "Filter workspace tasks for audits. Scoped to the audit time window (default last 7 days; max 7d on Free). Pass `time_window` ('1h'|'6h'|'1d'|'3d'|'7d') to scope the audit; longer windows are silently clamped (Pro tier unlocks 30-day deep history, coming soon). Supports assignees, watchers, dates, search text, statuses, tags, list/folder/space filters, and pagination. Use response_format='summary' (default) for compact results.",
      inputSchema: z.object({
        team_id: z.string().optional(),
        time_window: z.string().optional().describe("Audit window: '1h', '6h', '1d', '3d', or '7d' (default). Free tier caps at 7d; longer windows are silently clamped to 7d."),
        assignees: z.array(z.union([z.string(), z.number()])).optional(),
        watchers: z.array(z.union([z.string(), z.number()])).optional(),
        search: z.string().optional().describe("Full-text search across task name and description."),
        date_updated_gt: z.number().int().optional(),
        date_updated_lt: z.number().int().optional(),
        date_created_gt: z.number().int().optional(),
        date_created_lt: z.number().int().optional(),
        due_date_gt: z.number().int().optional(),
        due_date_lt: z.number().int().optional(),
        include_closed: z.boolean().optional(),
        subtasks: z.boolean().optional(),
        archived: z.boolean().optional(),
        statuses: z.array(z.string()).optional(),
        tags: z.array(z.string()).optional(),
        list_ids: z.array(z.union([z.string(), z.number()])).optional(),
        folder_ids: z.array(z.union([z.string(), z.number()])).optional(),
        space_ids: z.array(z.union([z.string(), z.number()])).optional(),
        order_by: z.enum(["id", "created", "updated", "due_date"]).optional(),
        reverse: z.boolean().optional(),
        page: z.number().int().min(0).optional(),
        include_markdown_description: z.boolean().optional(),
        response_format: z.enum(["summary", "full"]).default("summary"),
      }),
      async handler(rawArgs) {
        const capped = applyWindowCap(rawArgs, "updated");
        const args = capped.args;
        trackAudit(pickleKey, "clickup_filter_tasks", capped.window_used);
        const teamId = await resolveTeamId(args.team_id);
        const query = {};
        if (args.assignees) query["assignees[]"] = args.assignees;
        if (args.watchers)  query["watchers[]"]  = args.watchers;
        if (args.search)    query.search         = args.search;
        if (args.statuses)  query["statuses[]"]  = args.statuses;
        if (args.tags)      query["tags[]"]      = args.tags;
        if (args.list_ids)  query["list_ids[]"]  = args.list_ids;
        if (args.folder_ids) query["folder_ids[]"] = args.folder_ids;
        if (args.space_ids)  query["space_ids[]"]  = args.space_ids;
        const simple = ["date_updated_gt","date_updated_lt","date_created_gt","date_created_lt",
          "due_date_gt","due_date_lt","include_closed","subtasks","archived","order_by","reverse","page",
          "include_markdown_description"];
        for (const k of simple) if (args[k] !== undefined) query[k] = args[k];
        const data = await clickupFetch("GET", `/api/v2/team/${teamId}/task`, { query });
        const rawTasks = Array.isArray(data?.tasks) ? data.tasks : [];
        const format = args.response_format || "summary";
        const tasks = format === "full" ? rawTasks : rawTasks.map((t) => ({
          id: t.id, custom_id: t.custom_id ?? null, name: t.name,
          status: t.status?.status ?? null,
          assignees: (t.assignees || []).map((a) => ({ id: a.id, username: a.username })),
          due_date: t.due_date ?? null, date_updated: t.date_updated ?? null,
          priority: t.priority?.priority ?? null,
          url: t.url ?? null, list_id: t.list?.id ?? null, list_name: t.list?.name ?? null,
        }));
        return {
          tasks,
          last_page: data?.last_page ?? null,
          page: args.page ?? 0,
          format,
          _audit: { window_used: capped.window_used, pro_note: capped.pro_note },
        };
      },
    },

    {
      name: "clickup_get_task",
      description: "Get a single task by ID.",
      inputSchema: z.object({
        task_id: z.string().min(1),
        custom_task_ids: z.boolean().optional(),
        team_id: z.string().optional(),
        include_subtasks: z.boolean().optional(),
        include_markdown_description: z.boolean().optional(),
      }),
      async handler({ task_id, custom_task_ids, team_id, include_subtasks, include_markdown_description }) {
        const query = {};
        if (custom_task_ids) { query.custom_task_ids = true; query.team_id = team_id || await resolveTeamId(); }
        if (include_subtasks !== undefined) query.include_subtasks = include_subtasks;
        if (include_markdown_description) query.include_markdown_description = true;
        return clickupFetch("GET", `/api/v2/task/${encodeURIComponent(task_id)}`, { query });
      },
    },

    {
      name: "clickup_create_task",
      description: "Create a task in a list.",
      inputSchema: z.object({
        list_id: z.string().min(1),
        name: z.string().min(1),
        description: z.string().optional(),
        markdown_description: z.string().optional(),
        assignees: z.array(z.number().int()).optional(),
        tags: z.array(z.string()).optional(),
        status: z.string().optional(),
        priority: z.number().int().min(1).max(4).optional().describe("1=urgent 2=high 3=normal 4=low"),
        due_date: z.number().int().optional(),
        due_date_time: z.boolean().optional(),
        start_date: z.number().int().optional(),
        start_date_time: z.boolean().optional(),
        time_estimate: z.number().int().optional().describe("Time estimate in milliseconds."),
        notify_all: z.boolean().optional(),
        parent: z.string().optional().describe("Parent task ID to create a subtask."),
        links_to: z.string().optional(),
        custom_fields: z.array(z.object({ id: z.string(), value: z.any() })).optional(),
      }),
      async handler(args) {
        const { list_id, ...rest } = args;
        const body = Object.fromEntries(Object.entries(rest).filter(([, v]) => v !== undefined));
        return clickupFetch("POST", `/api/v2/list/${encodeURIComponent(list_id)}/task`, { body });
      },
    },

    {
      name: "clickup_update_task",
      description: "Update fields on an existing task.",
      inputSchema: z.object({
        task_id: z.string().min(1),
        name: z.string().optional(),
        description: z.string().optional(),
        markdown_description: z.string().optional(),
        status: z.string().optional(),
        priority: z.number().int().min(1).max(4).nullable().optional(),
        due_date: z.number().int().nullable().optional(),
        due_date_time: z.boolean().optional(),
        start_date: z.number().int().nullable().optional(),
        start_date_time: z.boolean().optional(),
        time_estimate: z.number().int().nullable().optional(),
        assignees: z.object({
          add: z.array(z.number().int()).optional(),
          rem: z.array(z.number().int()).optional(),
        }).optional(),
        archived: z.boolean().optional(),
        parent: z.string().nullable().optional(),
        custom_task_ids: z.boolean().optional(),
        team_id: z.string().optional(),
      }),
      async handler(args) {
        const { task_id, custom_task_ids, team_id, ...rest } = args;
        const query = {};
        if (custom_task_ids) { query.custom_task_ids = true; query.team_id = team_id || await resolveTeamId(); }
        const body = Object.fromEntries(Object.entries(rest).filter(([, v]) => v !== undefined));
        return clickupFetch("PUT", `/api/v2/task/${encodeURIComponent(task_id)}`, { query, body });
      },
    },

    {
      name: "clickup_delete_task",
      description: "Permanently delete a task.",
      inputSchema: z.object({
        task_id: z.string().min(1),
        custom_task_ids: z.boolean().optional(),
        team_id: z.string().optional(),
      }),
      async handler({ task_id, custom_task_ids, team_id }) {
        const query = {};
        if (custom_task_ids) { query.custom_task_ids = true; query.team_id = team_id || await resolveTeamId(); }
        return clickupFetch("DELETE", `/api/v2/task/${encodeURIComponent(task_id)}`, { query });
      },
    },

    {
      name: "clickup_get_task_members",
      description: "Get all members assigned to or watching a task.",
      inputSchema: z.object({ task_id: z.string().min(1) }),
      async handler({ task_id }) {
        return clickupFetch("GET", `/api/v2/task/${encodeURIComponent(task_id)}/member`);
      },
    },

    // ── WATCHERS ───────────────────────────────────────────────────────────

    {
      name: "clickup_add_task_watcher",
      description: "Add a watcher to a task.",
      inputSchema: z.object({
        task_id: z.string().min(1),
        watcher_id: z.number().int().describe("Numeric ClickUp user ID to add as watcher."),
        custom_task_ids: z.boolean().optional(),
        team_id: z.string().optional(),
      }),
      async handler({ task_id, watcher_id, custom_task_ids, team_id }) {
        const query = {};
        if (custom_task_ids) { query.custom_task_ids = true; query.team_id = team_id || await resolveTeamId(); }
        return clickupFetch("POST", `/api/v2/task/${encodeURIComponent(task_id)}/watcher`,
          { query, body: { watcher: watcher_id } });
      },
    },

    {
      name: "clickup_remove_task_watcher",
      description: "Remove a watcher from a task.",
      inputSchema: z.object({
        task_id: z.string().min(1),
        watcher_id: z.number().int(),
        custom_task_ids: z.boolean().optional(),
        team_id: z.string().optional(),
      }),
      async handler({ task_id, watcher_id, custom_task_ids, team_id }) {
        const query = {};
        if (custom_task_ids) { query.custom_task_ids = true; query.team_id = team_id || await resolveTeamId(); }
        return clickupFetch("DELETE", `/api/v2/task/${encodeURIComponent(task_id)}/watcher`,
          { query, body: { watcher: watcher_id } });
      },
    },

    // ── COMMENTS ───────────────────────────────────────────────────────────

    {
      name: "clickup_get_task_comments",
      description: "Get all comments on a task.",
      inputSchema: z.object({
        task_id: z.string().min(1),
        start: z.number().int().optional().describe("Unix ms — oldest comment to include."),
        start_id: z.string().optional(),
        custom_task_ids: z.boolean().optional(),
        team_id: z.string().optional(),
      }),
      async handler({ task_id, start, start_id, custom_task_ids, team_id }) {
        const query = {};
        if (start !== undefined) query.start = start;
        if (start_id) query.start_id = start_id;
        if (custom_task_ids) { query.custom_task_ids = true; query.team_id = team_id || await resolveTeamId(); }
        return clickupFetch("GET", `/api/v2/task/${encodeURIComponent(task_id)}/comment`, { query });
      },
    },

    {
      name: "clickup_create_task_comment",
      description: "Create a comment on a task.",
      inputSchema: z.object({
        task_id: z.string().min(1),
        comment_text: z.string().min(1),
        assignee: z.number().int().optional(),
        notify_all: z.boolean().optional(),
        custom_task_ids: z.boolean().optional(),
        team_id: z.string().optional(),
      }),
      async handler({ task_id, comment_text, assignee, notify_all, custom_task_ids, team_id }) {
        const query = {};
        if (custom_task_ids) { query.custom_task_ids = true; query.team_id = team_id || await resolveTeamId(); }
        const body = { comment_text };
        if (assignee !== undefined) body.assignee = assignee;
        if (notify_all !== undefined) body.notify_all = notify_all;
        return clickupFetch("POST", `/api/v2/task/${encodeURIComponent(task_id)}/comment`, { query, body });
      },
    },

    {
      name: "clickup_update_comment",
      description: "Edit an existing comment's text.",
      inputSchema: z.object({
        comment_id: z.string().min(1),
        comment_text: z.string().min(1),
        assignee: z.number().int().optional(),
        resolved: z.boolean().optional(),
      }),
      async handler({ comment_id, comment_text, assignee, resolved }) {
        const body = { comment_text };
        if (assignee !== undefined) body.assignee = assignee;
        if (resolved !== undefined) body.resolved = resolved;
        return clickupFetch("PUT", `/api/v2/comment/${encodeURIComponent(comment_id)}`, { body });
      },
    },

    {
      name: "clickup_delete_comment",
      description: "Delete a comment.",
      inputSchema: z.object({ comment_id: z.string().min(1) }),
      async handler({ comment_id }) {
        return clickupFetch("DELETE", `/api/v2/comment/${encodeURIComponent(comment_id)}`);
      },
    },

    {
      name: "clickup_get_threaded_comments",
      description: "Get all threaded replies for a comment.",
      inputSchema: z.object({ comment_id: z.string().min(1) }),
      async handler({ comment_id }) {
        return clickupFetch("GET", `/api/v2/comment/${encodeURIComponent(comment_id)}/reply`);
      },
    },

    {
      name: "clickup_create_threaded_comment",
      description: "Create a reply in a comment thread.",
      inputSchema: z.object({
        comment_id: z.string().min(1),
        comment_text: z.string().min(1),
        notify_all: z.boolean().optional(),
      }),
      async handler({ comment_id, comment_text, notify_all }) {
        const body = { comment_text };
        if (notify_all !== undefined) body.notify_all = notify_all;
        return clickupFetch("POST", `/api/v2/comment/${encodeURIComponent(comment_id)}/reply`, { body });
      },
    },

    {
      name: "clickup_get_list_comments",
      description: "Get all comments on a list (list-level, not task comments).",
      inputSchema: z.object({
        list_id: z.string().min(1),
        start: z.number().int().optional(),
        start_id: z.string().optional(),
      }),
      async handler({ list_id, start, start_id }) {
        const query = {};
        if (start !== undefined) query.start = start;
        if (start_id) query.start_id = start_id;
        return clickupFetch("GET", `/api/v2/list/${encodeURIComponent(list_id)}/comment`, { query });
      },
    },

    {
      name: "clickup_create_list_comment",
      description: "Create a comment on a list (list-level discussion).",
      inputSchema: z.object({
        list_id: z.string().min(1),
        comment_text: z.string().min(1),
        notify_all: z.boolean().optional(),
        assignee: z.number().int().optional(),
      }),
      async handler({ list_id, comment_text, notify_all, assignee }) {
        const body = { comment_text };
        if (notify_all !== undefined) body.notify_all = notify_all;
        if (assignee !== undefined) body.assignee = assignee;
        return clickupFetch("POST", `/api/v2/list/${encodeURIComponent(list_id)}/comment`, { body });
      },
    },

    // ── DOCS (v3) ──────────────────────────────────────────────────────────

    {
      name: "clickup_search_docs",
      description: "Search / list Docs in the workspace. Supports text search and pagination.",
      inputSchema: z.object({
        team_id: z.string().optional(),
        search: z.string().optional().describe("Text to search in doc titles."),
        creator: z.number().int().optional().describe("Filter by creator user ID."),
        deleted: z.boolean().optional(),
        archived: z.boolean().optional(),
        limit: z.number().int().positive().max(100).optional(),
        next_cursor: z.string().optional(),
      }),
      async handler({ team_id, search, creator, deleted, archived, limit, next_cursor }) {
        const teamId = await resolveTeamId(team_id);
        const query = {};
        if (search)               query.search      = search;
        if (creator)              query.creator     = creator;
        if (deleted !== undefined) query.deleted    = deleted;
        if (archived !== undefined) query.archived  = archived;
        if (limit)                query.limit       = limit;
        if (next_cursor)          query.next_cursor = next_cursor;
        return clickupFetch("GET", `/api/v3/workspaces/${teamId}/docs`, { query });
      },
    },

    {
      name: "clickup_get_doc",
      description: "Get a single Doc by ID.",
      inputSchema: z.object({ doc_id: z.string().min(1), team_id: z.string().optional() }),
      async handler({ doc_id, team_id }) {
        const teamId = await resolveTeamId(team_id);
        return clickupFetch("GET", `/api/v3/workspaces/${teamId}/docs/${encodeURIComponent(doc_id)}`);
      },
    },

    {
      name: "clickup_get_doc_pages",
      description: "Get all pages inside a Doc.",
      inputSchema: z.object({
        doc_id: z.string().min(1),
        team_id: z.string().optional(),
        max_page_depth: z.number().int().min(-1).optional().describe("-1 for all depths."),
      }),
      async handler({ doc_id, team_id, max_page_depth }) {
        const teamId = await resolveTeamId(team_id);
        const query = {};
        if (max_page_depth !== undefined) query.max_page_depth = max_page_depth;
        return clickupFetch("GET",
          `/api/v3/workspaces/${teamId}/docs/${encodeURIComponent(doc_id)}/pages`, { query });
      },
    },

    {
      name: "clickup_create_doc",
      description: "Create a new Doc in the workspace.",
      inputSchema: z.object({
        team_id: z.string().optional(),
        name: z.string().min(1),
        parent: z.object({
          id: z.string(),
          type: z.number().int().describe("Parent type: 4=space, 5=folder, 6=list, 12=workspace"),
        }).optional(),
        visibility: z.enum(["PRIVATE", "PUBLIC"]).optional(),
        create_page: z.boolean().optional().describe("If true, create a default first page."),
      }),
      async handler({ team_id, name, parent, visibility, create_page }) {
        const teamId = await resolveTeamId(team_id);
        const body = { name };
        if (parent) body.parent = parent;
        if (visibility) body.visibility = visibility;
        if (create_page !== undefined) body.create_page = create_page;
        return clickupFetch("POST", `/api/v3/workspaces/${teamId}/docs`, { body });
      },
    },

    {
      name: "clickup_create_doc_page",
      description: "Create a new page inside an existing Doc.",
      inputSchema: z.object({
        doc_id: z.string().min(1),
        team_id: z.string().optional(),
        name: z.string().min(1),
        content: z.string().optional().describe("Page body content (markdown or HTML)."),
        sub_title: z.string().optional(),
        parent_page_id: z.string().optional(),
      }),
      async handler({ doc_id, team_id, name, content, sub_title, parent_page_id }) {
        const teamId = await resolveTeamId(team_id);
        const body = { name };
        if (content) body.content = content;
        if (sub_title) body.sub_title = sub_title;
        if (parent_page_id) body.parent_page_id = parent_page_id;
        return clickupFetch("POST",
          `/api/v3/workspaces/${teamId}/docs/${encodeURIComponent(doc_id)}/pages`, { body });
      },
    },

    {
      name: "clickup_update_doc_page",
      description: "Update the name or content of a Doc page.",
      inputSchema: z.object({
        doc_id: z.string().min(1),
        page_id: z.string().min(1),
        team_id: z.string().optional(),
        name: z.string().optional(),
        content: z.string().optional(),
        sub_title: z.string().optional(),
      }),
      async handler({ doc_id, page_id, team_id, name, content, sub_title }) {
        const teamId = await resolveTeamId(team_id);
        const body = {};
        if (name) body.name = name;
        if (content !== undefined) body.content = content;
        if (sub_title !== undefined) body.sub_title = sub_title;
        return clickupFetch("PUT",
          `/api/v3/workspaces/${teamId}/docs/${encodeURIComponent(doc_id)}/pages/${encodeURIComponent(page_id)}`,
          { body });
      },
    },

    // ── REMINDERS ──────────────────────────────────────────────────────────

    {
      name: "clickup_search_reminders",
      description: "List reminders for a user or the whole workspace. Requires ClickUp Business plan or above.",
      inputSchema: z.object({
        team_id: z.string().optional(),
        assignee: z.number().int().optional().describe("Filter by assignee user ID."),
        include_done: z.boolean().optional(),
        due_date_gt: z.number().int().optional().describe("Unix ms — reminders due after this."),
        due_date_lt: z.number().int().optional(),
      }),
      async handler({ team_id, assignee, include_done, due_date_gt, due_date_lt }) {
        const teamId = await resolveTeamId(team_id);
        const query = { team_id: teamId };
        if (assignee !== undefined) query.user_id = assignee;
        if (include_done !== undefined) query.include_done = include_done;
        if (due_date_gt !== undefined) query.due_date_gt = due_date_gt;
        if (due_date_lt !== undefined) query.due_date_lt = due_date_lt;
        return clickupFetch("GET", `/api/v2/reminder`, { query });
      },
    },

    {
      name: "clickup_create_reminder",
      description: "Create a reminder for a user.",
      inputSchema: z.object({
        team_id: z.string().optional(),
        name: z.string().min(1),
        assignee: z.number().int().describe("User ID the reminder is for."),
        due_date: z.number().int().describe("Unix ms when the reminder fires."),
        due_date_time: z.boolean().optional(),
        notify_all: z.boolean().optional(),
      }),
      async handler({ team_id, name, assignee, due_date, due_date_time, notify_all }) {
        const teamId = await resolveTeamId(team_id);
        const body = { name, assignee, due_date, team_id: teamId };
        if (due_date_time !== undefined) body.due_date_time = due_date_time;
        if (notify_all !== undefined) body.notify_all = notify_all;
        return clickupFetch("POST", `/api/v2/reminder`, { body });
      },
    },

    // =========================================================================
    // SLACK — read-only audit tools (requires x-slack-token header)
    // =========================================================================

    {
      name: "slack_list_channels",
      description: "List Slack public + private channels the authenticated user can see. Lightweight metadata only (id, name, is_private, num_members, topic). Useful for picking which channel to audit.",
      inputSchema: z.object({
        types: z.string().optional().describe("Comma-separated channel types. Default: 'public_channel,private_channel'."),
        exclude_archived: z.boolean().optional().default(true),
        limit: z.number().int().min(1).max(1000).optional().default(200),
        cursor: z.string().optional(),
      }),
      async handler(args) {
        const query = {
          types: args.types || "public_channel,private_channel",
          exclude_archived: args.exclude_archived !== false,
          limit: args.limit || 200,
        };
        if (args.cursor) query.cursor = args.cursor;
        const r = await slackFetch("GET", "/api/conversations.list", { query });
        const channels = (r.channels || []).map((c) => ({
          id: c.id, name: c.name, is_private: !!c.is_private,
          num_members: c.num_members ?? null,
          topic: c.topic?.value || null, purpose: c.purpose?.value || null,
          is_archived: !!c.is_archived,
        }));
        return { channels, response_metadata: r.response_metadata || null };
      },
    },

    {
      name: "slack_get_channel_history",
      description: "Get messages from a Slack channel scoped to the audit time window (default last 7 days; max 7d on Free). Returns ts, user, text, reply_count, reactions. Pass `time_window` ('1h'|'6h'|'1d'|'3d'|'7d'). Deeper history (up to 30d) is a Pro feature coming soon.",
      inputSchema: z.object({
        channel: z.string().min(1).describe("Channel ID (e.g. 'C0123ABCDEF'). Use slack_list_channels to find it."),
        time_window: z.string().optional().describe("Audit window: '1h', '6h', '1d', '3d', or '7d' (default). Free tier caps at 7d."),
        limit: z.number().int().min(1).max(1000).optional().default(200),
        cursor: z.string().optional(),
        inclusive: z.boolean().optional().default(true),
      }),
      async handler(rawArgs) {
        const tw = parseTimeWindow(rawArgs.time_window);
        const oldest = (Date.now() - tw.ms) / 1000; // Slack uses Unix seconds
        trackAudit(pickleKey, "slack_get_channel_history", tw.original);
        const query = {
          channel: rawArgs.channel,
          oldest: String(oldest),
          limit: rawArgs.limit || 200,
          inclusive: rawArgs.inclusive !== false,
        };
        if (rawArgs.cursor) query.cursor = rawArgs.cursor;
        const r = await slackFetch("GET", "/api/conversations.history", { query });
        const messages = (r.messages || []).map((m) => ({
          ts: m.ts, user: m.user || m.bot_id || null,
          text: m.text || "", thread_ts: m.thread_ts || null,
          reply_count: m.reply_count ?? 0,
          reactions: (m.reactions || []).map((r) => ({ name: r.name, count: r.count })),
          subtype: m.subtype || null,
        }));
        return {
          messages,
          has_more: !!r.has_more,
          response_metadata: r.response_metadata || null,
          _audit: { window_used: tw.original, pro_note: tw.clamped ? PRO_COMING_SOON_NOTE : null },
        };
      },
    },

    {
      name: "slack_list_dms",
      description: "List the authenticated user's open direct messages (1:1 and group DMs / 'mpim'). Returns id, type, user(s), last activity. Use slack_get_channel_history with the DM id to read messages.",
      inputSchema: z.object({
        types: z.string().optional().describe("Default 'im,mpim' (1:1 and group DMs)."),
        limit: z.number().int().min(1).max(1000).optional().default(200),
        cursor: z.string().optional(),
      }),
      async handler(args) {
        const query = {
          types: args.types || "im,mpim",
          limit: args.limit || 200,
        };
        if (args.cursor) query.cursor = args.cursor;
        const r = await slackFetch("GET", "/api/conversations.list", { query });
        const dms = (r.channels || []).map((c) => ({
          id: c.id,
          type: c.is_im ? "im" : (c.is_mpim ? "mpim" : "other"),
          user: c.user || null,
          is_user_deleted: !!c.is_user_deleted,
          updated: c.updated || null,
        }));
        return { dms, response_metadata: r.response_metadata || null };
      },
    },

    {
      name: "slack_list_users",
      description: "List active members of the Slack workspace. Returns id, name, real_name, email, is_bot, is_deleted. Useful for resolving user IDs in messages to readable names during audits.",
      inputSchema: z.object({
        limit: z.number().int().min(1).max(1000).optional().default(200),
        cursor: z.string().optional(),
        include_locale: z.boolean().optional().default(false),
      }),
      async handler(args) {
        const query = { limit: args.limit || 200, include_locale: args.include_locale === true };
        if (args.cursor) query.cursor = args.cursor;
        const r = await slackFetch("GET", "/api/users.list", { query });
        const members = (r.members || []).filter((u) => !u.deleted).map((u) => ({
          id: u.id, name: u.name, real_name: u.real_name || u.profile?.real_name || null,
          email: u.profile?.email || null,
          is_bot: !!u.is_bot, is_admin: !!u.is_admin, is_owner: !!u.is_owner,
          tz: u.tz || null,
        }));
        return { members, response_metadata: r.response_metadata || null };
      },
    },

    {
      name: "slack_search_messages",
      description: "Full-text search Slack messages (user token only, search:read scope required). Returns ranked matches with channel, user, ts, text. Useful for audits like 'find every message containing shipping today' or '@mention X without follow-up'.",
      inputSchema: z.object({
        query: z.string().min(1).describe("Slack search query. Supports operators like `in:#channel`, `from:@user`, `before:2026-05-10`."),
        time_window: z.string().optional().describe("Audit window appended as `after:<date>` if not already in query. Free tier caps at 7d."),
        count: z.number().int().min(1).max(100).optional().default(50),
        sort: z.enum(["score", "timestamp"]).optional().default("timestamp"),
      }),
      async handler(rawArgs) {
        const tw = parseTimeWindow(rawArgs.time_window);
        trackAudit(pickleKey, "slack_search_messages", tw.original);
        let q = rawArgs.query;
        if (!/after:|before:/i.test(q)) {
          const after = new Date(Date.now() - tw.ms).toISOString().slice(0, 10);
          q = `${q} after:${after}`;
        }
        const r = await slackFetch("GET", "/api/search.messages", {
          query: { query: q, count: rawArgs.count || 50, sort: rawArgs.sort || "timestamp" },
        });
        const matches = (r.messages?.matches || []).map((m) => ({
          ts: m.ts, channel_id: m.channel?.id || null, channel_name: m.channel?.name || null,
          user: m.user || m.username || null, text: m.text || "",
          permalink: m.permalink || null, score: m.score ?? null,
        }));
        return {
          matches, total: r.messages?.total ?? matches.length,
          query_used: q,
          _audit: { window_used: tw.original, pro_note: tw.clamped ? PRO_COMING_SOON_NOTE : null },
        };
      },
    },

    // =========================================================================
    // MICROSOFT TEAMS — read-only audit tools (requires x-teams-token header)
    // =========================================================================

    {
      name: "teams_list_teams",
      description: "List Microsoft Teams the authenticated user has joined. Returns id, displayName, description. Use this first to pick a team for channel audits.",
      inputSchema: z.object({
        top: z.number().int().min(1).max(100).optional().default(50),
      }),
      async handler(args) {
        const r = await graphFetch("GET", "/v1.0/me/joinedTeams", {
          query: { $top: args.top || 50 },
        });
        const teams = (r.value || []).map((t) => ({
          id: t.id, displayName: t.displayName, description: t.description || null,
          isArchived: !!t.isArchived,
        }));
        return { teams };
      },
    },

    {
      name: "teams_list_channels",
      description: "List channels within a Microsoft Teams team. Returns id, displayName, description, membershipType.",
      inputSchema: z.object({
        team_id: z.string().min(1).describe("Team ID from teams_list_teams."),
      }),
      async handler({ team_id }) {
        const r = await graphFetch("GET", `/v1.0/teams/${encodeURIComponent(team_id)}/channels`);
        const channels = (r.value || []).map((c) => ({
          id: c.id, displayName: c.displayName,
          description: c.description || null,
          membershipType: c.membershipType || null,
        }));
        return { channels };
      },
    },

    {
      name: "teams_get_channel_messages",
      description: "Get messages in a Teams channel scoped to the audit time window (default 7d, max 7d on Free). Returns id, from, body, createdDateTime, replies count. Pro will unlock 30d.",
      inputSchema: z.object({
        team_id: z.string().min(1),
        channel_id: z.string().min(1),
        time_window: z.string().optional().describe("'1h', '6h', '1d', '3d', or '7d' (default). Free tier caps at 7d."),
        top: z.number().int().min(1).max(50).optional().default(50),
      }),
      async handler(rawArgs) {
        const tw = parseTimeWindow(rawArgs.time_window);
        const sinceIso = new Date(Date.now() - tw.ms).toISOString();
        trackAudit(pickleKey, "teams_get_channel_messages", tw.original);
        const path = `/v1.0/teams/${encodeURIComponent(rawArgs.team_id)}/channels/${encodeURIComponent(rawArgs.channel_id)}/messages`;
        const r = await graphFetch("GET", path, { query: { $top: rawArgs.top || 50 } });
        const messages = (r.value || [])
          .filter((m) => !m.createdDateTime || m.createdDateTime >= sinceIso)
          .map((m) => ({
            id: m.id, createdDateTime: m.createdDateTime,
            from: m.from?.user?.displayName || m.from?.application?.displayName || null,
            body_content: m.body?.content || "",
            body_type: m.body?.contentType || null,
            reply_count: m.replies?.length ?? null,
          }));
        return {
          messages,
          since: sinceIso,
          _audit: { window_used: tw.original, pro_note: tw.clamped ? PRO_COMING_SOON_NOTE : null },
        };
      },
    },

    {
      name: "teams_list_chats",
      description: "List the authenticated user's 1:1 and group chats in Microsoft Teams. Returns id, chatType, topic, lastUpdatedDateTime.",
      inputSchema: z.object({
        top: z.number().int().min(1).max(50).optional().default(50),
      }),
      async handler(args) {
        const r = await graphFetch("GET", "/v1.0/me/chats", { query: { $top: args.top || 50 } });
        const chats = (r.value || []).map((c) => ({
          id: c.id, chatType: c.chatType,
          topic: c.topic || null,
          lastUpdatedDateTime: c.lastUpdatedDateTime || null,
        }));
        return { chats };
      },
    },

    {
      name: "teams_get_chat_messages",
      description: "Get messages in a Teams chat (DM or group) scoped to the audit window. Returns id, from, body, createdDateTime. Pro unlocks 30d.",
      inputSchema: z.object({
        chat_id: z.string().min(1),
        time_window: z.string().optional(),
        top: z.number().int().min(1).max(50).optional().default(50),
      }),
      async handler(rawArgs) {
        const tw = parseTimeWindow(rawArgs.time_window);
        const sinceIso = new Date(Date.now() - tw.ms).toISOString();
        trackAudit(pickleKey, "teams_get_chat_messages", tw.original);
        const r = await graphFetch("GET", `/v1.0/me/chats/${encodeURIComponent(rawArgs.chat_id)}/messages`, {
          query: { $top: rawArgs.top || 50 },
        });
        const messages = (r.value || [])
          .filter((m) => !m.createdDateTime || m.createdDateTime >= sinceIso)
          .map((m) => ({
            id: m.id, createdDateTime: m.createdDateTime,
            from: m.from?.user?.displayName || m.from?.application?.displayName || null,
            body_content: m.body?.content || "",
            body_type: m.body?.contentType || null,
          }));
        return {
          messages,
          since: sinceIso,
          _audit: { window_used: tw.original, pro_note: tw.clamped ? PRO_COMING_SOON_NOTE : null },
        };
      },
    },

  ]; // end tools

  // ── MCP server wiring ────────────────────────────────────────────────────
  // serverInfo.instructions tells the MCP client (Claude / Cursor / Cline)
  // how to onboard the user without them needing to know MCP exists.
  // Supported well in Claude Code + VS Code Copilot; partial in Cursor/Cline.
  const server = new Server(
    {
      name: "pickle-mcp-remote",
      version: VERSION,
      instructions: [
        "Pickle audits workspaces for stale tasks, broken promises, decisions lost in DMs, and other patterns a good ops manager would catch. Free in Beta: 9 ClickUp patterns (empty hours, stale in-progress, zombie tasks, standup copy-paste, expired promises, blocker age, effort-output mismatch, description quality, recurring zombie). Pro adds 4 cross-tool patterns that need Slack/Teams chat data (ghost mode, DM-only completion, decisions-in-DM, manager bottleneck) plus Manager Mode.",
        "",
        "TRIGGER PHRASES that should call `pickle_setup` immediately (in this order of priority):",
        "  - \"Pickle Start\" / \"Pickle start\" — the canonical first-time setup trigger from the welcome email. Always call `pickle_setup` with platform=\"all\" and present the returned guide as friendly chat.",
        "  - \"Pickle set me up\" / \"Pickle setup\" / \"set up Pickle\" / \"how do I connect Pickle\" — same, call `pickle_setup`.",
        "  - \"Pickle set me up for <platform>\" — call `pickle_setup` with platform set to clickup/slack/teams.",
        "",
        "First-run onboarding (do this proactively the first time a user invokes Pickle if no platform tokens are present in headers):",
        "1. Call `pickle_setup` with platform=\"all\" and present the returned guide. Ask the user which platform they want to connect first.",
        "2. Once they pick one, walk through that platform's token capture (the guide has step-by-step). When they paste the token into their MCP config and restart, run a first audit.",
        "3. For ClickUp: suggest \"Try: 'Pickle, audit my ClickUp from last 24 hours.'\"",
        "4. For Slack: after token is set, suggest `slack_list_channels` followed by `slack_get_channel_history` audits.",
        "5. For Microsoft Teams: after token is set, suggest `teams_list_teams` followed by `teams_get_channel_messages` audits.",
        "",
        "Free-tier audit window cap: 7 days maximum look-back on every audit tool (clickup_filter_tasks, clickup_get_list_tasks, slack_get_channel_history, slack_search_messages, teams_get_channel_messages, teams_get_chat_messages). If the user asks for older audits, pass time_window='7d' and tell them: \"I'm returning the last 7 days — deeper history is coming. Email pickle@adityaarsharma.com if you want it sooner.\"",
        "",
        "1-install-per-account fair use: each pickle key is meant for one person's machines. If you notice the user installing on many devices, mention the per-account fair-use policy.",
        "",
        "Pickle is READ-ONLY by default. Never write/post/delete in ClickUp/Slack/Teams unless the user explicitly asks (e.g. 'create this task'). When in doubt, return findings and let the user decide on actions.",
      ].join("\n"),
    },
    { capabilities: { tools: {} } }
  );

  const toolByName = new Map(tools.map((t) => [t.name, t]));

  server.setRequestHandler(ListToolsRequestSchema, async () => ({
    tools: tools.map((t) => ({
      name: t.name,
      description: t.description,
      inputSchema: zodToJsonSchema(t.inputSchema),
    })),
  }));

  server.setRequestHandler(CallToolRequestSchema, async (request) => {
    const { name, arguments: rawArgs } = request.params;
    const tool = toolByName.get(name);
    if (!tool) throw new McpError(ErrorCode.MethodNotFound, `Unknown tool: ${name}`);

    let args;
    try {
      args = tool.inputSchema.parse(rawArgs ?? {});
    } catch (err) {
      const msg = err?.issues?.map((i) => `${i.path.join(".") || "<root>"}: ${i.message}`).join("; ")
        || err?.message || String(err);
      throw new McpError(ErrorCode.InvalidParams, `Invalid arguments for ${name}: ${msg}`);
    }

    let result;
    try {
      result = await tool.handler(args);
    } catch (err) {
      if (err instanceof McpError) throw err;
      throw new McpError(ErrorCode.InternalError, `Tool ${name} failed: ${err?.message ?? err}`);
    }

    return {
      content: [{ type: "text", text: typeof result === "string" ? result : JSON.stringify(result) }],
    };
  });

  return { server, toolCount: tools.length };
}

// ---------------------------------------------------------------------------
// Express app
// ---------------------------------------------------------------------------

const app = express();
app.use(express.json({ limit: "2mb" }));

// Security headers
app.use((req, res, next) => {
  res.setHeader("X-Content-Type-Options", "nosniff");
  res.setHeader("X-Frame-Options", "SAMEORIGIN");
  res.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
  next();
});

// 301 any /<path>.html → /<path>  (clean URLs only, never .html visible)
app.get(/^\/(.+)\.html$/i, (req, res) => {
  const clean = "/" + req.params[0] + (req.url.includes("?") ? req.url.slice(req.url.indexOf("?")) : "");
  res.redirect(301, clean);
});

// Static landing page + legal pages (resolves /legal/privacy → /legal/privacy.html on disk)
app.use(express.static(PUBLIC_DIR, { index: "index.html", extensions: ["html"] }));

// Health check
app.get("/health", (req, res) => {
  res.json({ status: "ok", version: VERSION, service: "pickle-mcp-remote", uptime: process.uptime() });
});

// ── Auth middleware for MCP routes ────────────────────────────────────────
// Returns { ok: true, ctx } on success (ctx = { clickupToken, slackToken,
// teamsToken, pickleKey }) or { ok: false } after sending a 401 response.
// All platform tokens are optional — without them, only pickle_setup works.
function mcpAuth(req, res) {
  const licenseKey   = req.headers["x-pickle-key"];
  const clickupToken = req.headers["x-clickup-token"];
  const slackToken   = req.headers["x-slack-token"];
  const teamsToken   = req.headers["x-teams-token"];

  if (!validateLicenseKey(licenseKey)) {
    res.status(401).json({
      error: "Missing or invalid Pickle license key.",
      hint: "Add x-pickle-key header. Get a free key at https://pickle.adityaarsharma.com",
    });
    return { ok: false };
  }

  // Format checks per token (all optional; only run if present).
  if (clickupToken && (typeof clickupToken !== "string" || !clickupToken.startsWith("pk_"))) {
    res.status(401).json({
      error: "Invalid ClickUp token format.",
      hint: "x-clickup-token should be a ClickUp personal API token (starts with pk_). Or omit it and call pickle_setup first.",
    });
    return { ok: false };
  }
  if (slackToken && (typeof slackToken !== "string" || !/^xox[a-z]-/.test(slackToken))) {
    res.status(401).json({
      error: "Invalid Slack token format.",
      hint: "x-slack-token should be a Slack OAuth token (starts with xoxp- or xoxb-). Or omit it and call pickle_setup first.",
    });
    return { ok: false };
  }
  if (teamsToken && typeof teamsToken !== "string") {
    res.status(401).json({
      error: "Invalid Microsoft Teams token format.",
      hint: "x-teams-token should be a Microsoft Graph access token (often starts with 'Bearer ' or 'eyJ'). Or omit it and call pickle_setup first.",
    });
    return { ok: false };
  }

  return {
    ok: true,
    ctx: {
      pickleKey:    String(licenseKey),
      clickupToken: clickupToken || "",
      slackToken:   slackToken   || "",
      teamsToken:   teamsToken   || "",
    },
  };
}

// ── POST /mcp — StreamableHTTP (primary) ─────────────────────────────────
app.post("/mcp", async (req, res) => {
  const auth = mcpAuth(req, res);
  if (!auth.ok) return;

  trackUse(auth.ctx.pickleKey);
  trackInstallFingerprint(auth.ctx.pickleKey, req);
  trackPlatformsSeen(auth.ctx.pickleKey, auth.ctx);

  try {
    const transport = new StreamableHTTPServerTransport({ sessionIdGenerator: undefined });
    const { server } = createPickleServer(auth.ctx);
    await server.connect(transport);
    await transport.handleRequest(req, res, req.body);
    res.on("finish", () => server.close().catch(() => {}));
  } catch (err) {
    process.stderr.write(`[pickle-mcp-remote] POST /mcp error: ${err?.message ?? err}\n`);
    if (!res.headersSent) res.status(500).json({ error: "Internal server error" });
  }
});

// ── GET /mcp — SSE (legacy clients) ───────────────────────────────────────
app.get("/mcp", async (req, res) => {
  const auth = mcpAuth(req, res);
  if (!auth.ok) return;

  trackUse(auth.ctx.pickleKey);
  trackInstallFingerprint(auth.ctx.pickleKey, req);
  trackPlatformsSeen(auth.ctx.pickleKey, auth.ctx);

  try {
    const transport = new StreamableHTTPServerTransport({ sessionIdGenerator: undefined });
    const { server } = createPickleServer(auth.ctx);
    await server.connect(transport);
    await transport.handleRequest(req, res);
    res.on("finish", () => server.close().catch(() => {}));
  } catch (err) {
    process.stderr.write(`[pickle-mcp-remote] GET /mcp error: ${err?.message ?? err}\n`);
    if (!res.headersSent) res.status(500).json({ error: "Internal server error" });
  }
});

// ── DELETE /mcp — session cleanup (stateless: always 200) ─────────────────
app.delete("/mcp", (req, res) => {
  res.status(200).json({ message: "Session closed." });
});

// ─────────────────────────────────────────────────────────────────────────
// Public Beta counter — no auth, low-spec, used by landing hero
// ─────────────────────────────────────────────────────────────────────────

const BETA_CAP = 200;

app.get("/api/beta/seats", (req, res) => {
  const signups = loadSignups();
  const claimed = signups.length;
  const remaining = Math.max(0, BETA_CAP - claimed);
  const beta_open = claimed < BETA_CAP;
  res.set("Cache-Control", "public, max-age=60"); // 1-min cache via Cloudflare
  res.json({ claimed, cap: BETA_CAP, remaining, beta_open });
});

// ─────────────────────────────────────────────────────────────────────────
// Signup endpoint — email + free key
// ─────────────────────────────────────────────────────────────────────────

const EMAIL_RE = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;

app.post("/api/signup", async (req, res) => {
  const email = String(req.body?.email || "").trim();
  if (!EMAIL_RE.test(email) || email.length > 254) {
    return res.status(400).json({ error: "Valid email required." });
  }
  const ip = (req.headers["cf-connecting-ip"] || req.headers["x-real-ip"] || req.ip || "").toString();
  if (!rateLimitOk(ip || "unknown")) {
    return res.status(429).json({ error: "Too many signups from this IP. Try again in an hour." });
  }
  const ua = String(req.headers["user-agent"] || "");
  const intent = String(req.body?.intent || "free").toLowerCase();
  const entry = addSignup(email, ip, ua, intent);

  // Dual-fire (fire-and-forget, don't block the response):
  //   1. Brevo CRM push  — adds contact to list 12 (free) or 13 (pro)
  //   2. ZeptoMail send  — delivers welcome+key transactionally (immediate)
  pushToBrevo(email, entry.intent).catch(() => {});
  sendZeptoWelcome(email, entry.key).catch(() => {});

  res.json({ ok: true, key: entry.key, email: entry.email, intent: entry.intent });
});

// ─────────────────────────────────────────────────────────────────────────
// Admin — Basic Auth via ADMIN_PASSWORD env
// ─────────────────────────────────────────────────────────────────────────

function safeEqual(a, b) {
  const aBuf = Buffer.from(String(a));
  const bBuf = Buffer.from(String(b));
  if (aBuf.length !== bBuf.length) return false;
  return timingSafeEqual(aBuf, bBuf);
}

function requireAdmin(req, res, next) {
  const header = req.headers.authorization || "";
  const [scheme, b64] = header.split(" ");
  if (scheme !== "Basic" || !b64) {
    res.setHeader("WWW-Authenticate", 'Basic realm="Pickle Admin"');
    return res.status(401).send("Authentication required");
  }
  let creds = "";
  try { creds = Buffer.from(b64, "base64").toString("utf-8"); } catch {}
  const [, password] = creds.split(":");
  if (!password || !safeEqual(password, ADMIN_PASSWORD)) {
    res.setHeader("WWW-Authenticate", 'Basic realm="Pickle Admin"');
    return res.status(401).send("Invalid credentials");
  }
  next();
}

app.get("/admin", requireAdmin, (req, res) => {
  res.sendFile(path.join(PUBLIC_DIR, "admin.html"));
});

app.get("/api/admin/stats", requireAdmin, (req, res) => {
  res.json(getSignupStats());
});

app.get("/api/admin/signups", requireAdmin, (req, res) => {
  const signups = loadSignups();
  const limit = Math.min(Number(req.query.limit) || 200, 2000);
  // Newest first, enriched with usage data
  const rows = signups.slice().reverse().slice(0, limit).map((s) => {
    const usage = getUsageForKey(s.key);
    return {
      ...s,
      mcp_requests: usage?.count || 0,
      last_used: usage?.last_used || null,
      installed: !!usage,
    };
  });
  res.json({ rows, total: signups.length });
});

app.get("/api/admin/export.csv", requireAdmin, (req, res) => {
  const signups = loadSignups();
  const header = "email,key,created_at,ip,user_agent\n";
  const rows = signups.map((s) =>
    [s.email, s.key, s.created_at, s.ip, JSON.stringify(s.user_agent || "")].join(",")
  ).join("\n");
  res.setHeader("Content-Type", "text/csv");
  res.setHeader("Content-Disposition", `attachment; filename=pickle-signups-${new Date().toISOString().slice(0,10)}.csv`);
  res.send(header + rows);
});

// 404 catch-all
app.use((req, res) => {
  res.status(404).json({ error: "Not found" });
});

// ---------------------------------------------------------------------------
// Boot
// ---------------------------------------------------------------------------

const server = app.listen(PORT, "127.0.0.1", () => {
  process.stdout.write(
    `[pickle-mcp-remote] v${VERSION} ready\n` +
    `[pickle-mcp-remote] Listening on 127.0.0.1:${PORT}\n` +
    `[pickle-mcp-remote] MCP endpoint:  http://localhost:${PORT}/mcp\n` +
    `[pickle-mcp-remote] Health:        http://localhost:${PORT}/health\n` +
    `[pickle-mcp-remote] Admin:         http://localhost:${PORT}/admin\n` +
    `[pickle-mcp-remote] Brevo:         ${BREVO_API_KEY && BREVO_LIST_ID ? "configured" : "not configured (set BREVO_API_KEY + BREVO_LIST_ID)"}\n`
  );
});

server.on("error", (err) => {
  process.stderr.write(`[pickle-mcp-remote] Server error: ${err.message}\n`);
  if (err.code === "EADDRINUSE") {
    process.stderr.write(`[pickle-mcp-remote] Port ${PORT} is in use. Set PORT env var to override.\n`);
    process.exit(1);
  }
});

process.on("SIGTERM", () => {
  process.stdout.write("[pickle-mcp-remote] Shutting down...\n");
  server.close(() => process.exit(0));
});