@egain/egain-mcp-server 1.0.6 → 1.0.12

package/src/hooks/auth-hook.ts

@@ -1738,170 +1738,6 @@ export class AuthenticationHook implements SDKInitHook, BeforeRequestHook {
    * Monitor browser window for authorization code in URL
    * Works with ANY redirect URL - detects when URL contains code= parameter
    */
-  private async monitorBrowserForAuthCode(): Promise<string> {
-    const platform = process.platform;
-    const timeout = 120; // 2 minutes
-    const startTime = Date.now();
-    
-    if (platform === 'darwin') {
-      // macOS - Monitor using AppleScript
-      console.error(`🔍 Monitoring ${this.detectedBrowser} for authorization code...`);
-      let lastUrl = '';
-      
-      while ((Date.now() - startTime) < timeout * 1000) {
-        try {
-          // Get URL from browser using AppleScript
-          const script = `
-            tell application "${this.detectedBrowser}"
-              try
-                set currentURL to URL of active tab of front window
-                return currentURL
-              on error
-                return ""
-              end try
-            end tell
-          `;
-          
-          const { stdout } = await execAsync(`osascript -e '${script}'`);
-          const currentUrl = stdout.trim();
-          
-          if (currentUrl && currentUrl !== lastUrl) {
-            lastUrl = currentUrl;
-            console.error(`🔍 Current URL: ${currentUrl}`);
-          }
-          
-          // Check if URL contains code= parameter (regardless of domain)
-          if (currentUrl && currentUrl.includes('code=')) {
-            console.error('✅ Found authorization code in URL!');
-            
-            // Extract the code from the URL
-            const codeMatch = currentUrl.match(/[?&]code=([^&]+)/);
-            if (codeMatch && codeMatch[1]) {
-              const code = decodeURIComponent(codeMatch[1]);
-              console.error(`🔑 Extracted authorization code (first 20 chars): ${code.substring(0, 20)}...`);
-              console.error(`   Code length: ${code.length} characters`);
-              
-              // Close the browser window immediately (non-blocking - fire and forget)
-              setImmediate(async () => {
-                try {
-                  await execAsync(`osascript -e 'tell application "${this.detectedBrowser}" to close front window'`);
-                  console.error('✅ Browser window closed');
-                } catch (closeError) {
-                  console.error('⚠️  Could not close browser window:', closeError);
-                }
-              });
-              
-              // Return code immediately without waiting for window close
-              return code;
-            }
-          }
-          
-          // Also check for error parameters
-          if (currentUrl && currentUrl.includes('error=')) {
-            const errorMatch = currentUrl.match(/[?&]error=([^&]+)/);
-            const errorDescMatch = currentUrl.match(/error_description=([^&]+)/);
-            const error = errorMatch && errorMatch[1] ? decodeURIComponent(errorMatch[1]) : 'unknown_error';
-            const errorDesc = errorDescMatch && errorDescMatch[1] ? decodeURIComponent(errorDescMatch[1]) : 'No description';
-            
-            // Throw OAuth error - this will stop monitoring but window stays open so user can see the error
-            throw new Error(`OAuth error: ${error} - ${errorDesc}`);
-          }
-          
-        } catch (error) {
-          // Re-throw OAuth errors (they should stop monitoring but window stays open)
-          if (error instanceof Error && error.message.includes('OAuth error:')) {
-            throw error;
-          }
-          // Ignore AppleScript errors and continue monitoring
-        }
-        
-        // Wait 500ms before checking again
-        await new Promise(resolve => setTimeout(resolve, 500));
-      }
-      
-      throw new Error('Authentication timeout. Please try again.');
-      
-    } else if (platform === 'win32') {
-      // Windows - Monitor browser window title (contains URL in most browsers)
-      console.error(`🔍 Monitoring ${this.detectedBrowser} for authorization code...`);
-      let lastTitle = '';
-      
-      while ((Date.now() - startTime) < timeout * 1000) {
-        try {
-          // PowerShell script to get browser window title
-          // Window titles often contain the URL or page title
-          const browserProcessName = this.detectedBrowser.replace('.exe', '');
-          const psScript = `
-            $process = Get-Process -Name "${browserProcessName}" -ErrorAction SilentlyContinue | 
-              Where-Object { $_.MainWindowHandle -ne 0 } | 
-              Select-Object -First 1
-            if ($process) {
-              $process.MainWindowTitle
-            }
-          `.replace(/\n\s+/g, ' ');
-          
-          const { stdout } = await execAsync(`powershell -Command "${psScript}"`);
-          const windowTitle = stdout.trim();
-          
-          if (windowTitle && windowTitle !== lastTitle) {
-            lastTitle = windowTitle;
-            console.error(`🔍 Browser window: ${windowTitle.substring(0, 100)}...`);
-            
-            // Check if title or URL contains the code parameter
-            // Most browsers show URL in the title or we can detect redirect completion
-            if (windowTitle.includes('code=') || windowTitle.includes('localhost:3333')) {
-              console.error('✅ Detected OAuth callback!');
-              
-              // Try to extract code from title if visible
-              const codeMatch = windowTitle.match(/code=([^&\s]+)/);
-              if (codeMatch && codeMatch[1]) {
-                const code = decodeURIComponent(codeMatch[1]);
-                console.error(`🔑 Extracted authorization code (first 20 chars): ${code.substring(0, 20)}...`);
-                console.error(`   Code length: ${code.length} characters`);
-                
-                // Close browser window immediately (non-blocking - fire and forget)
-                setImmediate(async () => {
-                  try {
-                    await execAsync(`powershell -Command "Stop-Process -Name '${browserProcessName}' -Force"`);
-                    console.error('✅ Browser window closed');
-                  } catch (closeError) {
-                    console.error('⚠️  Could not close browser window:', closeError);
-                  }
-                });
-                
-                // Return code immediately without waiting for window close
-                return code;
-              }
-            }
-            
-            // Check for OAuth error in title
-            if (windowTitle.includes('error=')) {
-              const errorMatch = windowTitle.match(/error=([^&\s]+)/);
-              const error = errorMatch && errorMatch[1] ? decodeURIComponent(errorMatch[1]) : 'unknown_error';
-              // Throw OAuth error - this will stop monitoring but window stays open so user can see the error
-              throw new Error(`OAuth error: ${error}`);
-            }
-          }
-          
-        } catch (error) {
-          // Re-throw OAuth errors (they should stop monitoring but window stays open)
-          if (error instanceof Error && error.message.includes('OAuth error:')) {
-            throw error;
-          }
-          // Ignore other errors and continue monitoring
-        }
-        
-        // Wait 500ms before checking again
-        await new Promise(resolve => setTimeout(resolve, 500));
-      }
-      
-      throw new Error('Authentication timeout. The browser window title did not show the authorization code. Please ensure your redirect URL is http://localhost:3333/callback for automatic detection on Windows.');
-      
-    } else {
-      throw new Error('Linux is not supported. Use macOS or Windows for automatic authentication.');
-    }
-  }
-
   private async getUserAccessToken(code: string): Promise<string> {
     const { clientId, clientSecret, redirectUri, accessUrl } = this.authConfig;
     
@@ -2078,6 +1914,26 @@ export class AuthenticationHook implements SDKInitHook, BeforeRequestHook {
           return true;
         } else {
           console.error(`⏰ AUTH: Token expires in ${Math.round(timeUntilExpiry / 1000)} seconds - treating as expired`);
+          // Delete expired token files to prevent reuse
+          const projectRoot = getProjectRoot();
+          const tokenPath = path.join(projectRoot, '.bearer_token');
+          
+          try {
+            if (fs.existsSync(tokenPath)) {
+              fs.unlinkSync(tokenPath);
+              console.error('🗑️  Deleted expired bearer token file');
+            }
+            if (fs.existsSync(metadataPath)) {
+              fs.unlinkSync(metadataPath);
+              console.error('🗑️  Deleted expired bearer token metadata file');
+            }
+          } catch (error) {
+            console.error('⚠️  Failed to delete expired token files:', error);
+          }
+          
+          // Clear in-memory token to prevent reuse
+          this.token = null;
+          
           return false;
         }
       }
@@ -2102,9 +1958,19 @@ export class AuthenticationHook implements SDKInitHook, BeforeRequestHook {
           console.error(`🔑 Found existing bearer token at: ${tokenPath}`);
           return token;
         }
+      } else {
+        // Token file doesn't exist, clear in-memory token if it was set
+        if (this.token) {
+          console.error('🗑️  Token file deleted, clearing in-memory token');
+          this.token = null;
+        }
       }
     } catch (error) {
       console.error('Could not load existing token:', error);
+      // Clear in-memory token on error as well
+      if (this.token) {
+        this.token = null;
+      }
     }
     return null;
   }
@@ -2249,34 +2115,7 @@ export class AuthenticationHook implements SDKInitHook, BeforeRequestHook {
             // Start monitoring browser in background (for ANY redirect URL)
             console.error('🔍 Starting browser URL monitoring for authorization code...');
             setImmediate(async () => {
-              try {
-                const code = await this.monitorBrowserForAuthCode();
-                console.error('✅ Authorization code detected:', code.substring(0, 10) + '...');
-                
-                const accessToken = await this.getUserAccessToken(code);
-                console.error('✅ Access token received');
-                
-                this.token = accessToken;
-                
-                // Trigger cache initialization if available
-                if (this.portalCacheHook) {
-                  try {
-                    const fakeRequest = new Request(this.authConfig.environmentUrl!, {
-                      headers: { 'Authorization': `Bearer ${accessToken}` }
-                    });
-                    await this.portalCacheHook.ensureCacheInitialized(fakeRequest);
-                  } catch (error) {
-                    // Cache init failure is non-fatal
-                  }
-                }
-                
-                console.error('🎉 Authentication complete! Stopping config server...');
-                this.stopConfigServer();
-                
-              } catch (authError: any) {
-                console.error('❌ Authentication monitoring error:', authError);
-                this.stopConfigServer();
-              }
+              await this.monitorBrowserWithRetry();
             });
             
           } catch (error: any) {
@@ -2375,36 +2214,7 @@ export class AuthenticationHook implements SDKInitHook, BeforeRequestHook {
               // Start monitoring browser in background (for ANY redirect URL)
               console.error('🔍 Starting browser URL monitoring for authorization code...');
               setImmediate(async () => {
-                try {
-                  const code = await this.monitorBrowserForAuthCode();
-                  console.error('✅ Authorization code detected:', code.substring(0, 10) + '...');
-                  
-                  const accessToken = await this.getUserAccessToken(code);
-                  console.error('✅ Access token received');
-                  
-                  this.token = accessToken;
-                  
-                  // Trigger cache initialization if available
-                  if (this.portalCacheHook) {
-                    console.error('🔄 Triggering cache initialization...');
-                    try {
-                      const fakeRequest = new Request(this.authConfig.environmentUrl!, {
-                        headers: { 'Authorization': `Bearer ${accessToken}` }
-                      });
-                      await this.portalCacheHook.ensureCacheInitialized(fakeRequest);
-                      console.error('✅ Cache initialization completed');
-                    } catch (error) {
-                      console.error('⚠️  Cache initialization failed:', error);
-                    }
-                  }
-                  
-                  console.error('🎉 Authentication complete! Stopping config server...');
-                  this.stopConfigServer();
-                  
-                } catch (authError: any) {
-                  console.error('❌ Authentication monitoring error:', authError);
-                  this.stopConfigServer();
-                }
+                await this.monitorBrowserWithRetry();
               });
               
             } catch (error: any) {
@@ -2477,8 +2287,18 @@ export class AuthenticationHook implements SDKInitHook, BeforeRequestHook {
                 this.stopConfigServer();
                 
               } catch (authError: any) {
-                console.error('❌ Token exchange error:', authError);
-                this.stopConfigServer();
+                // Check if this is an OAuth error (like wrong username/password)
+                const isOAuthError = authError instanceof Error && authError.message.includes('OAuth error:');
+                
+                if (isOAuthError) {
+                  // For OAuth errors, don't stop the server - allow user to try again
+                  console.error('❌ OAuth authentication error:', authError.message);
+                  console.error('💡 The configuration server will remain running. Please try again with correct credentials.');
+                } else {
+                  // For other token exchange errors, stop the server
+                  console.error('❌ Token exchange error:', authError);
+                  this.stopConfigServer();
+                }
               }
             });
             
@@ -2557,6 +2377,160 @@ export class AuthenticationHook implements SDKInitHook, BeforeRequestHook {
     });
   }
 
+  /**
+   * Monitor browser for authorization code with retry on OAuth errors
+   * This method will continue monitoring even after OAuth errors (like wrong password)
+   * to allow users to retry authentication
+   */
+  private async monitorBrowserWithRetry(): Promise<void> {
+    const platform = process.platform;
+    const timeout = 120; // 2 minutes
+    const startTime = Date.now();
+    let oAuthErrorLogged = false;
+    let lastUrl = '';
+    let lastErrorUrl: string | null = null;
+    
+    // Log monitoring start only once
+    if (platform === 'darwin') {
+      console.error(`🔍 Monitoring ${this.detectedBrowser} for authorization code...`);
+    } else if (platform === 'win32') {
+      console.error(`🔍 Monitoring ${this.detectedBrowser} for authorization code...`);
+    }
+    
+    while (true) {
+      try {
+        // Check timeout
+        if ((Date.now() - startTime) >= timeout * 1000) {
+          throw new Error('Authentication timeout. Please try again.');
+        }
+        
+        let currentUrl = '';
+        
+        if (platform === 'darwin') {
+          // macOS - Get URL from browser using AppleScript
+          const script = `
+            tell application "${this.detectedBrowser}"
+              try
+                set currentURL to URL of active tab of front window
+                return currentURL
+              on error
+                return ""
+              end try
+            end tell
+          `;
+          const { stdout } = await execAsync(`osascript -e '${script}'`);
+          currentUrl = stdout.trim();
+        } else if (platform === 'win32') {
+          // Windows - Get browser window title
+          const browserProcessName = this.detectedBrowser.replace('.exe', '');
+          const psScript = `
+            $process = Get-Process -Name "${browserProcessName}" -ErrorAction SilentlyContinue | 
+              Where-Object { $_.MainWindowHandle -ne 0 } | 
+              Select-Object -First 1
+            if ($process) {
+              $process.MainWindowTitle
+            }
+          `.replace(/\n\s+/g, ' ');
+          const { stdout } = await execAsync(`powershell -Command "${psScript}"`);
+          currentUrl = stdout.trim();
+        }
+        
+        // Only log URL when it changes
+        if (currentUrl && currentUrl !== lastUrl) {
+          lastUrl = currentUrl;
+          console.error(`🔍 Current URL: ${currentUrl}`);
+        }
+        
+        // Check if URL contains code= parameter
+        if (currentUrl && currentUrl.includes('code=')) {
+          const codeMatch = currentUrl.match(/[?&]code=([^&]+)/);
+          if (codeMatch && codeMatch[1]) {
+            const code = decodeURIComponent(codeMatch[1]);
+            console.error('✅ Found authorization code in URL!');
+            console.error(`🔑 Extracted authorization code (first 20 chars): ${code.substring(0, 20)}...`);
+            
+            // Close browser window (non-blocking)
+            setImmediate(async () => {
+              try {
+                if (platform === 'darwin') {
+                  await execAsync(`osascript -e 'tell application "${this.detectedBrowser}" to close front window'`);
+                } else if (platform === 'win32') {
+                  const browserProcessName = this.detectedBrowser.replace('.exe', '');
+                  await execAsync(`powershell -Command "Stop-Process -Name '${browserProcessName}' -Force"`);
+                }
+              } catch (closeError) {
+                // Ignore close errors
+              }
+            });
+            
+            console.error('✅ Authorization code detected:', code.substring(0, 10) + '...');
+            
+            const accessToken = await this.getUserAccessToken(code);
+            console.error('✅ Access token received');
+            
+            this.token = accessToken;
+            
+            // Trigger cache initialization if available
+            if (this.portalCacheHook) {
+              try {
+                const fakeRequest = new Request(this.authConfig.environmentUrl!, {
+                  headers: { 'Authorization': `Bearer ${accessToken}` }
+                });
+                await this.portalCacheHook.ensureCacheInitialized(fakeRequest);
+                console.error('✅ Cache initialization completed');
+              } catch (error) {
+                console.error('⚠️  Cache initialization failed:', error);
+              }
+            }
+            
+            console.error('🎉 Authentication complete! Stopping config server...');
+            this.stopConfigServer();
+            return; // Success - exit the loop
+          }
+        }
+        
+        // Check for error parameters - only throw if this is a new error URL
+        if (currentUrl && currentUrl.includes('error=')) {
+          if (currentUrl !== lastErrorUrl) {
+            lastErrorUrl = currentUrl;
+            const errorMatch = currentUrl.match(/[?&]error=([^&]+)/);
+            const errorDescMatch = currentUrl.match(/error_description=([^&]+)/);
+            const error = errorMatch && errorMatch[1] ? decodeURIComponent(errorMatch[1]) : 'unknown_error';
+            const errorDesc = errorDescMatch && errorDescMatch[1] ? decodeURIComponent(errorDescMatch[1]) : 'No description';
+            
+            // Log error only once
+            if (!oAuthErrorLogged) {
+              console.error('❌ OAuth authentication error:', `${error} - ${errorDesc}`);
+              console.error('💡 The configuration server will remain running. Please try again with correct credentials.');
+              console.error('🔍 Continuing to monitor browser for authorization code...');
+              oAuthErrorLogged = true;
+            }
+            // Continue monitoring silently - don't throw, just keep checking
+          }
+          // If it's the same error URL, continue monitoring silently
+        } else {
+          // Reset error tracking if URL no longer contains error
+          if (lastErrorUrl !== null) {
+            lastErrorUrl = null;
+            oAuthErrorLogged = false; // Reset so we can log new errors
+          }
+        }
+        
+        // Wait before checking again
+        await new Promise(resolve => setTimeout(resolve, 500));
+        
+      } catch (error: any) {
+        // Only handle non-OAuth errors here (OAuth errors are handled above)
+        if (!(error instanceof Error && error.message.includes('OAuth error:'))) {
+          console.error('❌ Authentication monitoring error:', error);
+          this.stopConfigServer();
+          return; // Exit the loop
+        }
+        // OAuth errors are handled in the main loop above
+      }
+    }
+  }
+
   /**
    * Stop the configuration HTTP server
    */
@@ -2740,6 +2714,8 @@ export class AuthenticationHook implements SDKInitHook, BeforeRequestHook {
         }
       } else {
         console.error('⏰ Existing token is expired or not found, proceeding with fresh login...');
+        // Clear in-memory token to ensure fresh authentication
+        this.token = null;
       }
       
       // Check if we have configuration (from .env or file)

package/src/lib/config.ts

@@ -82,8 +82,8 @@ export function serverURLFromOptions(options: SDKOptions): URL | null {
 export const SDK_METADATA = {
   language: "typescript",
   openapiDocVersion: "1.0.0",
-  sdkVersion: "1.0.6",
+  sdkVersion: "1.0.12",
   genVersion: "2.723.8",
   userAgent:
-    "speakeasy-sdk/mcp-typescript 1.0.6 2.723.8 1.0.0 @egain/egain-mcp-server",
+    "speakeasy-sdk/mcp-typescript 1.0.12 2.723.8 1.0.0 @egain/egain-mcp-server",
 } as const;

package/src/mcp-server/mcp-server.ts

@@ -19,7 +19,7 @@ const routes = buildRouteMap({
 export const app = buildApplication(routes, {
   name: "mcp",
   versionInfo: {
-    currentVersion: "1.0.6",
+    currentVersion: "1.0.12",
   },
 });
 

package/src/mcp-server/server.ts

@@ -34,7 +34,7 @@ export function createMCPServer(deps: {
 }) {
   const server = new McpServer({
     name: "EgainMcp",
-    version: "1.0.6",
+    version: "1.0.12",
   });
 
   const getClient = deps.getSDK || (() =>

package/src/mcp-server/tools/getPortals.ts

@@ -14,14 +14,55 @@ export const tool$getPortals: ToolDefinition<typeof args> = {
   name: "get-portals",
   description: `Get All Portals Accessible To User
 
+Get All Portals Accessible to User
+
 ## Overview
-  The Get All Portals Accessible to User API allows a user to fetch all portals accessible to user across all department.
-  * If no access tags are specified for a portal, then any user can access the portal.
-  * If access tags are specified for a portal, users with a user profile that allows access have access to the portal. For users with multiple user profiles, the user profile that allows access does not need to be the active user profile.
-  * All the global users(partition) cannot be assigned user profiles; their access is limited to portals without access restrictions.
-  * The only articles returned are associated to an Article type when the parameter, “Include in browse on portals” is set to "Yes".
-  * When the "shortUrlTemplate" query parameter is provided, the API filters accessible portals according to the specified language and template name. Portal Short URL specific to to the "shortUrlTemplate" query parameter value is returned in the response.
-  * When there is no short URL available for a specific language, the API returns a portal object with an empty "shortURL" field.
+The Get All Portals Accessible to User API allows a user to fetch all portals accessible to the user across all departments.
+- If no access tags are specified for a portal, any user can access the portal.
+- If access tags are specified for a portal, users with a user profile that allows access can access the portal. For users with multiple user profiles, the user profile that allows access does not need to be the active user profile.
+- Global users (partition) cannot be assigned user profiles; their access is limited to portals without access restrictions.
+- The only articles returned are associated to an Article type when the parameter “Include in browse on portals” is set to "Yes".
+- When the \`shortUrlTemplate\` query parameter is provided, the API filters accessible portals according to the specified language and template name. A portal short URL specific to the \`shortUrlTemplate\` value is returned in the response when available. If there is no short URL for a language, the portal object returns an empty \`shortURL\` field.
+
+## Pagination behavior (CRITICAL for AI assistants)
+
+**IMPORTANT**: This endpoint is paginated. When searching for a portal by name or listing portals, you MUST automatically fetch ALL pages before concluding that a portal doesn't exist.
+
+### Automatic pagination is REQUIRED when:
+- User asks to find a portal by name (e.g., "business portal", "Master portal")
+- User requests to list or see all portals
+- You need to resolve a natural portal name to its ID
+
+### How to detect more pages exist:
+The response includes \`paginationInfo\` with:
+- \`count\`: Total number of items across all pages
+- \`pagenum\`: Current page number
+- \`pagesize\`: Items per page (default: 25)
+
+**Check for more pages if ANY of these are true:**
+1. The number of portals returned equals \`pagesize\` (e.g., exactly 25 portals returned)
+2. \`paginationInfo.count > (pagenum * pagesize)\` - there are more items beyond this page
+3. The response includes a \`link\` array with a \`next\` relation
+
+### Required pagination workflow:
+1. Start with \`$pagenum=1\` and \`$pagesize=25\` (default)
+2. After receiving the response, check \`paginationInfo\`
+3. **If more pages exist** (using the checks above), automatically call this endpoint again with \`$pagenum=2\`, then \`$pagenum=3\`, etc.
+4. Continue incrementing \`$pagenum\` until:
+   - A page returns fewer portals than \`pagesize\` (indicating the last page)
+   - A page returns zero portals
+   - \`pagenum * pagesize >= paginationInfo.count\` (if count represents total items)
+5. Merge all portals from all pages by unique portal ID
+6. Only then search through the complete merged list or report results to the user
+
+### Example scenario:
+If you search for "business portal" and the first page returns 25 portals but none match:
+- DO NOT immediately tell the user the portal doesn't exist
+- Check \`paginationInfo.count\` - if it's > 25, automatically fetch page 2
+- Continue fetching until all pages are retrieved
+- Search the complete merged list before concluding the portal doesn't exist
+
+This ensures reliable portal name-to-ID resolution and prevents false "not found" errors.
 `,
   annotations: {
     "destructiveHint": false,

package/src/models/getmyportalsop.ts

@@ -27,8 +27,8 @@ export type GetMyPortalsRequest = {
   shortUrlTemplate?: string | undefined;
   Dollar_sort?: SortIdNameDepartment | undefined;
   Dollar_order?: Order | undefined;
-  Dollar_pagenum?: number | undefined;
   Dollar_pagesize?: number | undefined;
+  Dollar_pagenum?: number | undefined;
 };
 
 export const GetMyPortalsRequest$zodSchema: z.ZodType<