@awolve/myoffice 1.6.0

package/README.md

@@ -0,0 +1,271 @@
+# MyOffice MCP
+
+A lightweight MCP (Model Context Protocol) server and CLI for personal Microsoft 365 access, designed for AI assistants like Claude Code.
+
+Unlike admin-focused M365 tools, this uses **delegated authentication** - users authenticate as themselves and can only access their own data.
+
+## Features
+
+- **Email** - List, read, search, send, reply, delete, mark read/unread
+- **Calendar** - List, create, update, delete events (with Teams meetings)
+- **Tasks** - Manage Microsoft To Do lists and tasks
+- **Planner** - Access plans, buckets, and tasks
+- **OneDrive** - Browse, search, read files
+- **SharePoint** - Access sites and document libraries
+- **Teams** - List teams, channels, read/post messages
+- **Chats** - 1:1 and group chats
+- **Contacts** - List, search, create, update contacts
+
+## Installation
+
+### From npm (recommended)
+
+```bash
+npm install -g awolve-myoffice-cli
+```
+
+### From source
+
+```bash
+git clone https://github.com/awolve/ops-myoffice.git
+cd ops-myoffice
+npm install
+npm run build
+npm link
+```
+
+## Prerequisites
+
+- Node.js 18+
+- An Azure AD app registration with delegated permissions
+- Microsoft 365 account
+
+## Configuration
+
+Add to your shell profile (`~/.zshrc` or `~/.bashrc`):
+
+```bash
+export M365_CLIENT_ID="your-app-client-id"
+# Optional: export M365_TENANT_ID="your-tenant-id"
+```
+
+## Authentication
+
+```bash
+myoffice login
+```
+
+Opens a browser for device code authentication. Token is cached at `~/.config/myoffice-mcp/msal-cache.json`.
+
+## CLI Usage
+
+```bash
+# Check status
+myoffice status
+
+# Email
+myoffice mail list
+myoffice mail list --unread
+myoffice mail read <id>
+myoffice mail send --to user@example.com --subject "Hi" --body "Hello"
+
+# Calendar
+myoffice calendar list
+myoffice calendar list --start 2024-01-15 --end 2024-01-20
+
+# Tasks (To Do)
+myoffice tasks lists
+myoffice tasks list
+myoffice tasks create "Buy milk"
+
+# Files (OneDrive)
+myoffice files list
+myoffice files search "report"
+
+# Teams & Chats
+myoffice teams list
+myoffice chats list
+
+# Planner
+myoffice planner plans
+myoffice planner tasks <planId>
+
+# JSON output (for scripting)
+myoffice mail list --json
+```
+
+Run `myoffice --help` for all commands.
+
+## MCP Server Usage
+
+Add to your Claude Code MCP settings:
+
+```json
+{
+  "mcpServers": {
+    "myoffice": {
+      "command": "myoffice-mcp",
+      "env": {
+        "M365_CLIENT_ID": "your-client-id"
+      }
+    }
+  }
+}
+```
+
+Or with full path if not installed globally:
+
+```json
+{
+  "mcpServers": {
+    "myoffice": {
+      "command": "node",
+      "args": ["/path/to/ops-myoffice/dist/index.js"],
+      "env": {
+        "M365_CLIENT_ID": "your-client-id"
+      }
+    }
+  }
+}
+```
+
+## Azure AD App Registration
+
+1. Go to [Azure Portal](https://portal.azure.com) > Azure Active Directory > App registrations
+2. Click **New registration**
+   - Name: `MyOffice MCP` (or your choice)
+   - Supported account types: **Accounts in any organizational directory**
+   - Redirect URI: Leave blank (uses device code flow)
+3. Note the **Application (client) ID**
+4. Go to **Authentication** > Enable **Allow public client flows** = Yes
+5. Go to **API permissions** > Add Microsoft Graph delegated permissions:
+   - `Mail.ReadWrite`, `Mail.Send`
+   - `Calendars.ReadWrite`
+   - `Tasks.ReadWrite`
+   - `Files.ReadWrite`, `Sites.Read.All`
+   - `Contacts.ReadWrite`
+   - `Team.ReadBasic.All`, `Channel.ReadBasic.All`
+   - `ChannelMessage.Read.All`, `ChannelMessage.Send`
+   - `Chat.Create`, `Chat.ReadBasic`, `Chat.Read`, `ChatMessage.Send`
+   - `Tasks.Read`, `Tasks.ReadWrite`, `Group.Read.All` (for Planner)
+   - `User.Read`, `offline_access`
+
+## Development
+
+```bash
+npm install      # Install dependencies
+npm run dev      # Run with tsx (no build needed)
+npm run build    # Compile TypeScript to dist/
+npm run login    # Authenticate with Microsoft
+```
+
+### Project Structure
+
+```
+src/
+├── index.ts           # MCP server entry point
+├── cli.ts             # CLI entry point (Commander.js)
+├── core/
+│   └── handler.ts     # Shared tool dispatch logic
+├── cli/
+│   └── formatter.ts   # Human-readable output formatting
+├── auth/              # Authentication (device code flow, token cache)
+├── tools/             # Microsoft Graph API implementations
+└── utils/             # Graph client, version helper
+```
+
+### Testing Locally
+
+```bash
+# Test CLI directly (no build needed)
+npx tsx src/cli.ts mail list
+
+# Or build first then test
+npm run build
+node dist/cli.js mail list
+
+# Test MCP server
+npm run dev
+```
+
+## Deploying to npm
+
+The package is published to npm as `awolve-myoffice-cli`.
+
+### First-Time Setup
+
+1. Create npm account at https://www.npmjs.com/signup
+2. Login from terminal:
+   ```bash
+   npm login
+   ```
+
+### Publishing a New Version
+
+```bash
+# 1. Make sure you're on main branch with clean working directory
+git checkout main
+git pull
+git status  # Should be clean
+
+# 2. Run tests / verify everything works
+npm run build
+node dist/cli.js --help
+
+# 3. Bump version (choose one)
+npm version patch  # 1.1.0 -> 1.1.1 (bug fixes)
+npm version minor  # 1.1.0 -> 1.2.0 (new features)
+npm version major  # 1.1.0 -> 2.0.0 (breaking changes)
+
+# 4. Publish to npm (builds automatically via prepublishOnly)
+npm publish --access public
+
+# 5. Push version commit and tag to GitHub
+git push && git push --tags
+```
+
+### What Gets Published
+
+The `files` field in package.json controls what's included:
+- `dist/**/*` - Compiled JavaScript
+- `README.md` - Documentation
+
+Source code (`src/`), specs, and dev files are NOT published.
+
+### Verifying Publication
+
+```bash
+# Check package on npm
+npm view awolve-myoffice-cli
+
+# Test fresh install
+npm install -g awolve-myoffice-cli
+myoffice --version
+```
+
+### Important: Version Immutability
+
+npm does not allow republishing the same version. Once `1.1.0` is published, that version number is permanently taken. If you need to fix something:
+
+1. Bump to a new version (`npm version patch` → `1.1.1`)
+2. Publish the new version
+
+There is no way to "update" an existing version.
+
+### Troubleshooting
+
+- **"You must be logged in"** - Run `npm login`
+- **"Package name already exists"** - Name is taken, choose another
+- **"Cannot publish over existing version"** - Bump version with `npm version patch`
+- **Build fails during publish** - Fix TypeScript errors first
+
+## Security
+
+- Uses delegated permissions only - users can only access their own data
+- Tokens stored locally with restrictive permissions
+- No client secrets required (public client)
+- Destructive operations require explicit confirmation
+
+## License
+
+MIT

package/dist/auth/cache-plugin.d.ts

@@ -0,0 +1,20 @@
+import { ICachePlugin, TokenCacheContext } from '@azure/msal-node';
+/**
+ * MSAL Cache Plugin that persists the full token cache (including refresh tokens)
+ * to a file. This ensures tokens survive server restarts.
+ */
+export declare class FileCachePlugin implements ICachePlugin {
+    private cachePath;
+    constructor(cachePath: string);
+    /**
+     * Called before MSAL accesses the cache.
+     * Load the cache from disk into MSAL's memory.
+     */
+    beforeCacheAccess(cacheContext: TokenCacheContext): Promise<void>;
+    /**
+     * Called after MSAL accesses the cache.
+     * If the cache changed, persist it to disk.
+     */
+    afterCacheAccess(cacheContext: TokenCacheContext): Promise<void>;
+}
+//# sourceMappingURL=cache-plugin.d.ts.map

package/dist/auth/cache-plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache-plugin.d.ts","sourceRoot":"","sources":["../../src/auth/cache-plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAInE;;;GAGG;AACH,qBAAa,eAAgB,YAAW,YAAY;IAClD,OAAO,CAAC,SAAS,CAAS;gBAEd,SAAS,EAAE,MAAM;IAI7B;;;OAGG;IACG,iBAAiB,CAAC,YAAY,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAavE;;;OAGG;IACG,gBAAgB,CAAC,YAAY,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;CAcvE"}

package/dist/auth/cache-plugin.js

@@ -0,0 +1,49 @@
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
+import { dirname } from 'path';
+/**
+ * MSAL Cache Plugin that persists the full token cache (including refresh tokens)
+ * to a file. This ensures tokens survive server restarts.
+ */
+export class FileCachePlugin {
+    cachePath;
+    constructor(cachePath) {
+        this.cachePath = cachePath;
+    }
+    /**
+     * Called before MSAL accesses the cache.
+     * Load the cache from disk into MSAL's memory.
+     */
+    async beforeCacheAccess(cacheContext) {
+        try {
+            if (existsSync(this.cachePath)) {
+                const cacheData = readFileSync(this.cachePath, 'utf-8');
+                if (cacheData && cacheData.trim()) {
+                    cacheContext.tokenCache.deserialize(cacheData);
+                }
+            }
+        }
+        catch (error) {
+            console.error('[Cache] Failed to load cache:', error instanceof Error ? error.message : error);
+        }
+    }
+    /**
+     * Called after MSAL accesses the cache.
+     * If the cache changed, persist it to disk.
+     */
+    async afterCacheAccess(cacheContext) {
+        if (cacheContext.cacheHasChanged) {
+            try {
+                const dir = dirname(this.cachePath);
+                if (!existsSync(dir)) {
+                    mkdirSync(dir, { recursive: true });
+                }
+                const serialized = cacheContext.tokenCache.serialize();
+                writeFileSync(this.cachePath, serialized, { mode: 0o600 });
+            }
+            catch (error) {
+                console.error('[Cache] Failed to save cache:', error instanceof Error ? error.message : error);
+            }
+        }
+    }
+}
+//# sourceMappingURL=cache-plugin.js.map

package/dist/auth/cache-plugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache-plugin.js","sourceRoot":"","sources":["../../src/auth/cache-plugin.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAE/B;;;GAGG;AACH,MAAM,OAAO,eAAe;IAClB,SAAS,CAAS;IAE1B,YAAY,SAAiB;QAC3B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,iBAAiB,CAAC,YAA+B;QACrD,IAAI,CAAC;YACH,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/B,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBACxD,IAAI,SAAS,IAAI,SAAS,CAAC,IAAI,EAAE,EAAE,CAAC;oBAClC,YAAY,CAAC,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACjG,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,YAA+B;QACpD,IAAI,YAAY,CAAC,eAAe,EAAE,CAAC;YACjC,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACpC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBACtC,CAAC;gBACD,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,CAAC,SAAS,EAAE,CAAC;gBACvD,aAAa,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAC7D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YACjG,CAAC;QACH,CAAC;IACH,CAAC;CACF"}

package/dist/auth/config.d.ts

@@ -0,0 +1,40 @@
+export interface TokenCache {
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+    account?: {
+        homeAccountId: string;
+        environment: string;
+        tenantId: string;
+        username: string;
+    };
+}
+export interface AuthConfig {
+    clientId: string;
+    tenantId: string;
+    scopes: string[];
+}
+export interface StoredConfig {
+    clientId?: string;
+    tenantId?: string;
+}
+/**
+ * Get stored configuration from config file
+ */
+export declare function getStoredConfig(): StoredConfig;
+/**
+ * Save configuration to config file
+ */
+export declare function saveStoredConfig(config: StoredConfig): void;
+/**
+ * Get the current auth config (dynamically evaluated)
+ * Call this function instead of using DEFAULT_CONFIG directly
+ * to ensure env vars and stored config are always checked
+ */
+export declare function getAuthConfig(): AuthConfig;
+export declare const DEFAULT_CONFIG: AuthConfig;
+export declare const MSAL_CACHE_FILE: string;
+export declare function getTokenCache(): TokenCache | null;
+export declare function saveTokenCache(cache: TokenCache): void;
+export declare function clearTokenCache(): void;
+//# sourceMappingURL=config.d.ts.map

package/dist/auth/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/auth/config.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE;QACR,aAAa,EAAE,MAAM,CAAC;QACtB,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAKD;;GAEG;AACH,wBAAgB,eAAe,IAAI,YAAY,CAU9C;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAQ3D;AAuDD;;;;GAIG;AACH,wBAAgB,aAAa,IAAI,UAAU,CAM1C;AAMD,eAAO,MAAM,cAAc,EAAE,UAI5B,CAAC;AAGF,eAAO,MAAM,eAAe,QAAgE,CAAC;AAE7F,wBAAgB,aAAa,IAAI,UAAU,GAAG,IAAI,CAUjD;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI,CAMtD;AAED,wBAAgB,eAAe,IAAI,IAAI,CAQtC"}

package/dist/auth/config.js

@@ -0,0 +1,135 @@
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
+import { homedir } from 'os';
+import { join, dirname } from 'path';
+const CONFIG_DIR = join(homedir(), '.config', 'myoffice-mcp');
+const CONFIG_FILE = join(CONFIG_DIR, 'config.json');
+/**
+ * Get stored configuration from config file
+ */
+export function getStoredConfig() {
+    try {
+        if (existsSync(CONFIG_FILE)) {
+            const data = readFileSync(CONFIG_FILE, 'utf-8');
+            return JSON.parse(data);
+        }
+    }
+    catch {
+        // Ignore errors, return empty config
+    }
+    return {};
+}
+/**
+ * Save configuration to config file
+ */
+export function saveStoredConfig(config) {
+    if (!existsSync(CONFIG_DIR)) {
+        mkdirSync(CONFIG_DIR, { recursive: true });
+    }
+    // Merge with existing config
+    const existing = getStoredConfig();
+    const merged = { ...existing, ...config };
+    writeFileSync(CONFIG_FILE, JSON.stringify(merged, null, 2), { mode: 0o600 });
+}
+/**
+ * Get the client ID from env var or stored config
+ */
+function getClientId() {
+    // Environment variable takes precedence
+    if (process.env.M365_CLIENT_ID) {
+        return process.env.M365_CLIENT_ID;
+    }
+    // Fall back to stored config
+    const stored = getStoredConfig();
+    return stored.clientId || '';
+}
+/**
+ * Get the tenant ID from env var or stored config
+ */
+function getTenantId() {
+    // Environment variable takes precedence
+    if (process.env.M365_TENANT_ID) {
+        return process.env.M365_TENANT_ID;
+    }
+    // Fall back to stored config, default to 'common'
+    const stored = getStoredConfig();
+    return stored.tenantId || 'common';
+}
+// Scopes for Graph API access
+const SCOPES = [
+    'https://graph.microsoft.com/Mail.ReadWrite',
+    'https://graph.microsoft.com/Mail.Send',
+    'https://graph.microsoft.com/Calendars.ReadWrite',
+    'https://graph.microsoft.com/Tasks.ReadWrite',
+    'https://graph.microsoft.com/Files.ReadWrite',
+    'https://graph.microsoft.com/Sites.ReadWrite.All',
+    'https://graph.microsoft.com/Contacts.ReadWrite',
+    'https://graph.microsoft.com/User.Read',
+    // Teams
+    'https://graph.microsoft.com/Team.ReadBasic.All',
+    'https://graph.microsoft.com/Channel.ReadBasic.All',
+    'https://graph.microsoft.com/ChannelMessage.Read.All',
+    'https://graph.microsoft.com/ChannelMessage.Send',
+    // Chats
+    'https://graph.microsoft.com/Chat.Create',
+    'https://graph.microsoft.com/Chat.ReadBasic',
+    'https://graph.microsoft.com/Chat.Read',
+    'https://graph.microsoft.com/ChatMessage.Send',
+    // Planner
+    'https://graph.microsoft.com/Tasks.ReadWrite',
+    'https://graph.microsoft.com/Group.Read.All',
+    'https://graph.microsoft.com/User.ReadBasic.All',
+    'offline_access',
+];
+/**
+ * Get the current auth config (dynamically evaluated)
+ * Call this function instead of using DEFAULT_CONFIG directly
+ * to ensure env vars and stored config are always checked
+ */
+export function getAuthConfig() {
+    return {
+        clientId: getClientId(),
+        tenantId: getTenantId(),
+        scopes: SCOPES,
+    };
+}
+// Default Azure AD app for personal M365 access
+// Users can override with their own app registration
+// NOTE: This is evaluated once at module load time.
+// For dynamic access, use getAuthConfig() instead.
+export const DEFAULT_CONFIG = {
+    clientId: getClientId(),
+    tenantId: getTenantId(),
+    scopes: SCOPES,
+};
+const TOKEN_FILE = join(homedir(), '.config', 'myoffice-mcp', 'token.json');
+export const MSAL_CACHE_FILE = join(homedir(), '.config', 'myoffice-mcp', 'msal-cache.json');
+export function getTokenCache() {
+    try {
+        if (existsSync(TOKEN_FILE)) {
+            const data = readFileSync(TOKEN_FILE, 'utf-8');
+            return JSON.parse(data);
+        }
+    }
+    catch {
+        // Ignore errors, return null
+    }
+    return null;
+}
+export function saveTokenCache(cache) {
+    const dir = dirname(TOKEN_FILE);
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+    }
+    writeFileSync(TOKEN_FILE, JSON.stringify(cache, null, 2), { mode: 0o600 });
+}
+export function clearTokenCache() {
+    try {
+        if (existsSync(TOKEN_FILE)) {
+            writeFileSync(TOKEN_FILE, '', { mode: 0o600 });
+        }
+    }
+    catch {
+        // Ignore errors
+    }
+}
+//# sourceMappingURL=config.js.map

package/dist/auth/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/auth/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAyBrC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;AAC9D,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AAEpD;;GAEG;AACH,MAAM,UAAU,eAAe;IAC7B,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;YAChD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,qCAAqC;IACvC,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAoB;IACnD,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;IACD,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,MAAM,MAAM,GAAG,EAAE,GAAG,QAAQ,EAAE,GAAG,MAAM,EAAE,CAAC;IAC1C,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED;;GAEG;AACH,SAAS,WAAW;IAClB,wCAAwC;IACxC,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;QAC/B,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IACpC,CAAC;IACD,6BAA6B;IAC7B,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,OAAO,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,SAAS,WAAW;IAClB,wCAAwC;IACxC,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;QAC/B,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IACpC,CAAC;IACD,kDAAkD;IAClD,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,OAAO,MAAM,CAAC,QAAQ,IAAI,QAAQ,CAAC;AACrC,CAAC;AAED,8BAA8B;AAC9B,MAAM,MAAM,GAAG;IACb,4CAA4C;IAC5C,uCAAuC;IACvC,iDAAiD;IACjD,6CAA6C;IAC7C,6CAA6C;IAC7C,iDAAiD;IACjD,gDAAgD;IAChD,uCAAuC;IACvC,QAAQ;IACR,gDAAgD;IAChD,mDAAmD;IACnD,qDAAqD;IACrD,iDAAiD;IACjD,QAAQ;IACR,yCAAyC;IACzC,4CAA4C;IAC5C,uCAAuC;IACvC,8CAA8C;IAC9C,UAAU;IACV,6CAA6C;IAC7C,4CAA4C;IAC5C,gDAAgD;IAChD,gBAAgB;CACjB,CAAC;AAEF;;;;GAIG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO;QACL,QAAQ,EAAE,WAAW,EAAE;QACvB,QAAQ,EAAE,WAAW,EAAE;QACvB,MAAM,EAAE,MAAM;KACf,CAAC;AACJ,CAAC;AAED,gDAAgD;AAChD,qDAAqD;AACrD,oDAAoD;AACpD,mDAAmD;AACnD,MAAM,CAAC,MAAM,cAAc,GAAe;IACxC,QAAQ,EAAE,WAAW,EAAE;IACvB,QAAQ,EAAE,WAAW,EAAE;IACvB,MAAM,EAAE,MAAM;CACf,CAAC;AAEF,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;AAC5E,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,cAAc,EAAE,iBAAiB,CAAC,CAAC;AAE7F,MAAM,UAAU,aAAa;IAC3B,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,6BAA6B;IAC/B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAAiB;IAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAChC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,CAAC;IACD,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC7E,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,aAAa,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gBAAgB;IAClB,CAAC;AACH,CAAC"}

package/dist/auth/device-code.d.ts

@@ -0,0 +1,2 @@
+export declare function authenticateWithDeviceCode(): Promise<void>;
+//# sourceMappingURL=device-code.d.ts.map

package/dist/auth/device-code.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"device-code.d.ts","sourceRoot":"","sources":["../../src/auth/device-code.ts"],"names":[],"mappings":"AAMA,wBAAsB,0BAA0B,IAAI,OAAO,CAAC,IAAI,CAAC,CA0ChE"}

package/dist/auth/device-code.js

@@ -0,0 +1,40 @@
+import { PublicClientApplication } from '@azure/msal-node';
+import { getAuthConfig, MSAL_CACHE_FILE } from './config.js';
+import { FileCachePlugin } from './cache-plugin.js';
+const cachePlugin = new FileCachePlugin(MSAL_CACHE_FILE);
+export async function authenticateWithDeviceCode() {
+    const config = getAuthConfig();
+    if (!config.clientId) {
+        throw new Error('No client ID configured.\n' +
+            'Run: myoffice login --client-id <your-azure-app-client-id>\n' +
+            'Or set M365_CLIENT_ID environment variable.');
+    }
+    const pca = new PublicClientApplication({
+        auth: {
+            clientId: config.clientId,
+            authority: `https://login.microsoftonline.com/${config.tenantId}`,
+        },
+        cache: {
+            cachePlugin,
+        },
+    });
+    const deviceCodeRequest = {
+        scopes: config.scopes,
+        deviceCodeCallback: (response) => {
+            console.log('\n' + '='.repeat(60));
+            console.log('AUTHENTICATION REQUIRED');
+            console.log('='.repeat(60));
+            console.log(`\n${response.message}\n`);
+            console.log('='.repeat(60) + '\n');
+        },
+    };
+    const result = await pca.acquireTokenByDeviceCode(deviceCodeRequest);
+    if (!result || !result.accessToken) {
+        throw new Error('Failed to acquire access token');
+    }
+    // The cache plugin automatically persists the tokens via afterCacheAccess
+    console.log(`\nAuthenticated as: ${result.account?.username}`);
+    console.log('Token cached at:', MSAL_CACHE_FILE);
+    console.log('Refresh token is now properly persisted.\n');
+}
+//# sourceMappingURL=device-code.js.map

package/dist/auth/device-code.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"device-code.js","sourceRoot":"","sources":["../../src/auth/device-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAqB,MAAM,kBAAkB,CAAC;AAC9E,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;AAEzD,MAAM,CAAC,KAAK,UAAU,0BAA0B;IAC9C,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;IAE/B,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CACb,4BAA4B;YAC5B,8DAA8D;YAC9D,6CAA6C,CAC9C,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,uBAAuB,CAAC;QACtC,IAAI,EAAE;YACJ,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,qCAAqC,MAAM,CAAC,QAAQ,EAAE;SAClE;QACD,KAAK,EAAE;YACL,WAAW;SACZ;KACF,CAAC,CAAC;IAEH,MAAM,iBAAiB,GAAsB;QAC3C,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,kBAAkB,EAAE,CAAC,QAAQ,EAAE,EAAE;YAC/B,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,KAAK,QAAQ,CAAC,OAAO,IAAI,CAAC,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;QACrC,CAAC;KACF,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;IAErE,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IAED,0EAA0E;IAC1E,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;AAC5D,CAAC"}

package/dist/auth/index.d.ts

@@ -0,0 +1,4 @@
+export { getAccessToken, isAuthenticated, getCurrentUser } from './token-manager.js';
+export { authenticateWithDeviceCode } from './device-code.js';
+export { DEFAULT_CONFIG, getAuthConfig, getStoredConfig, saveStoredConfig, clearTokenCache } from './config.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACrF,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,eAAe,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC"}

package/dist/auth/index.js

@@ -0,0 +1,4 @@
+export { getAccessToken, isAuthenticated, getCurrentUser } from './token-manager.js';
+export { authenticateWithDeviceCode } from './device-code.js';
+export { DEFAULT_CONFIG, getAuthConfig, getStoredConfig, saveStoredConfig, clearTokenCache } from './config.js';
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACrF,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,eAAe,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC"}

package/dist/auth/login.d.ts

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+/**
+ * Standalone login script for initial authentication
+ * Run with: npm run login
+ */
+export {};
+//# sourceMappingURL=login.d.ts.map

package/dist/auth/login.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/auth/login.ts"],"names":[],"mappings":";AACA;;;GAGG"}

package/dist/auth/login.js

@@ -0,0 +1,22 @@
+#!/usr/bin/env node
+/**
+ * Standalone login script for initial authentication
+ * Run with: npm run login
+ */
+import { authenticateWithDeviceCode } from './device-code.js';
+async function main() {
+    console.log('Personal M365 MCP - Authentication');
+    console.log('===================================\n');
+    try {
+        await authenticateWithDeviceCode();
+        console.log('Authentication successful!');
+        console.log('You can now use the M365 MCP with Claude Code.');
+        process.exit(0);
+    }
+    catch (error) {
+        console.error('Authentication failed:', error);
+        process.exit(1);
+    }
+}
+main();
+//# sourceMappingURL=login.js.map

package/dist/auth/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/auth/login.ts"],"names":[],"mappings":";AACA;;;GAGG;AAEH,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAE9D,KAAK,UAAU,IAAI;IACjB,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;IAErD,IAAI,CAAC;QACH,MAAM,0BAA0B,EAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;QAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC"}

package/dist/auth/token-manager.d.ts

@@ -0,0 +1,4 @@
+export declare function getAccessToken(): Promise<string>;
+export declare function isAuthenticated(): Promise<boolean>;
+export declare function getCurrentUser(): Promise<string | null>;
+//# sourceMappingURL=token-manager.d.ts.map

package/dist/auth/token-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-manager.d.ts","sourceRoot":"","sources":["../../src/auth/token-manager.ts"],"names":[],"mappings":"AAsCA,wBAAsB,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC,CA0CtD;AAED,wBAAsB,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC,CAQxD;AAED,wBAAsB,cAAc,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAQ7D"}