@habibakhaledm/sharepoint-document-upload-mcp 1.1.3 → 1.1.4

package/dist/src/constants.d.ts

@@ -0,0 +1,95 @@
+/** Central configuration literals (no secrets). */
+export declare const GRAPH_V1_BASE_URL: "https://graph.microsoft.com/v1.0";
+export declare const GRAPH_BETA_BASE_URL: "https://graph.microsoft.com/beta";
+export declare const MICROSOFT_AUTH_MODE: "interactive";
+export declare const MICROSOFT_REDIRECT_URI: "http://localhost";
+/** Delegated scopes requested for interactive SharePoint upload. */
+export declare const GRAPH_DELEGATED_SCOPES: readonly ["https://graph.microsoft.com/Sites.Read.All", "https://graph.microsoft.com/Files.ReadWrite.All"];
+export declare const ENTRA_DEFAULT_REDIRECT_URI: "https://login.microsoftonline.com/common/oauth2/nativeclient";
+/** Used when MICROSOFT_TENANT_ID is omitted. */
+export declare const ENTRA_TENANT_FALLBACK_ORGANIZATIONS: "organizations";
+/**
+ * MSAL disk cache folder name under the OS store (e.g. Windows:
+ * %LocalAppData%\\.IdentityService\\<name>). Override with MICROSOFT_TOKEN_CACHE_NAME.
+ * Set MICROSOFT_DISABLE_TOKEN_CACHE=true to skip persistence (browser every run).
+ * If cache init fails without OS encryption, set MICROSOFT_TOKEN_CACHE_UNSAFE_UNENCRYPTED=true.
+ */
+export declare const MICROSOFT_TOKEN_CACHE_DEFAULT_NAME: "document-upload-mcp-graph";
+/**
+ * Account binding file for silent auth (Azure Identity needs this in addition to MSAL token cache).
+ * Default directory: ~/.document-upload-mcp (override MICROSOFT_AUTH_RECORD_DIR).
+ * Delete `auth-record-*.json` there to force sign-in again.
+ */
+export declare const MICROSOFT_AUTH_RECORD_BASE_DIR: ".document-upload-mcp";
+export declare const SHAREPOINT_DEFAULT_DOCUMENT_LIBRARY_NAME: "Documents";
+export declare const HTTP_CONTENT_TYPE_JSON: "application/json";
+export declare const HTTP_CONTENT_TYPE_OCTET_STREAM: "application/octet-stream";
+export declare const MCP_SERVER_NAME: "sharepoint-document-upload-mcp";
+export declare const MCP_SERVER_VERSION: "1.0.0";
+export declare const MCP_SERVER_DESCRIPTION: "A MCP server for uploading document";
+export declare const ALLOWED_UPLOAD_EXTENSIONS: readonly [".txt", ".md", ".pdf", ".docx"];
+export declare const LOCAL_UPLOAD_DIR: "uploads";
+/** Prefix length from SHA-256 hex used in SharePoint upload filenames. */
+export declare const SHAREPOINT_FILENAME_HASH_PREFIX_LENGTH = 12;
+/** Used with `crypto.createHash` for document deduplication and filenames. */
+export declare const DOCUMENT_HASH_ALGORITHM: "sha256";
+export declare const TOOL_NAME_HELLO_WORLD: "hello_world";
+export declare const TOOL_NAME_UPLOAD_DOCUMENT: "upload_document";
+export declare const TOOL_HELLO_WORLD_TITLE: "Hello World";
+export declare const TOOL_HELLO_WORLD_DESCRIPTION: "This tool will return Hello World";
+export declare const TOOL_HELLO_WORLD_RESPONSE_TEXT: "Hello World";
+export declare const TOOL_UPLOAD_DOCUMENT_TITLE: "Upload a document";
+export declare const TOOL_UPLOAD_DOCUMENT_DESCRIPTION: "Upload a document locally and to SharePoint when configured. Uses interactive Microsoft sign-in with Graph scopes Sites.Read.All and Files.ReadWrite.All only \u2014 remove other API permissions on the Entra app for SharePoint-only consent. After the first sign-in, account metadata and tokens are stored on disk (see ~/.document-upload-mcp and OS .IdentityService cache) so later runs usually skip the browser. Set MICROSOFT_DISABLE_TOKEN_CACHE=true only to disable the MSAL file cache.";
+/** Zod field descriptions for `upload_document` input schema */
+export declare const SCHEMA_DESC_DOCUMENT_FILENAME: "Original filename including extension (e.g. report.pdf)";
+export declare const SCHEMA_DESC_DOCUMENT_CONTENT: "File body as UTF-8 text or base64-encoded bytes";
+export declare const SCHEMA_DESC_MICROSOFT_TENANT_ID: "Entra tenant ID (optional; env MICROSOFT_TENANT_ID; omit for organizations / multi-tenant)";
+export declare const SCHEMA_DESC_MICROSOFT_CLIENT_ID: "App registration client ID (required for interactive browser sign-in; env MICROSOFT_CLIENT_ID)";
+export declare const SCHEMA_DESC_SHAREPOINT_SITE_HOST: "SharePoint hostname, e.g. contoso.sharepoint.com (or set SHAREPOINT_SITE_HOST env)";
+export declare const SCHEMA_DESC_SHAREPOINT_SITE_PATH: "Server-relative site path (e.g. /sites/Team). Use empty string for the root site";
+export declare const SCHEMA_DESC_SHAREPOINT_UPLOAD_BASE_PATH: "Folder under the document library (e.g. Incoming/2026). Omit or empty for library root";
+export declare const ERR_UNSUPPORTED_FILE_TYPE: "Unsupported file type";
+export declare const MSG_UPLOAD_SUCCESS_TEMPLATE: (sharePointNote: string) => string;
+/** Appended when Graph returns a browser URL for the uploaded item. */
+export declare const MSG_SHAREPOINT_DOC_URL_LINE: (url: string) => `
+
+SharePoint document URL:
+${string}`;
+/** Opaque Microsoft Graph `driveItem` id (for `/drives/.../items/{id}`). */
+export declare const MSG_SHAREPOINT_DRIVE_ITEM_ID_LINE: (id: string) => `
+
+Microsoft Graph drive item id:
+${string}`;
+/** SharePoint list row id (often what people mean by "item id" in libraries). */
+export declare const MSG_SHAREPOINT_LIST_ITEM_ID_LINE: (id: string) => `
+
+SharePoint list item id:
+${string}`;
+export declare const MSG_SHAREPOINT_LIST_ITEM_UNIQUE_ID_LINE: (id: string) => `
+
+SharePoint list item unique id:
+${string}`;
+export declare const SP_RESULT_NOTE_COMPLETED: "\n\nSharePoint upload completed (no document URL or ids in API response).";
+export declare const ERR_INTERACTIVE_NO_GRAPH_TOKEN: "Interactive sign-in did not return a Microsoft Graph token.";
+export declare const ERR_CONSENT_DECLINED_HINT: " Grant only delegated Sites.Read.All and Files.ReadWrite.All on the app registration, then accept consent.";
+export declare const AADSTS65004_SNIPPET: "AADSTS65004";
+export declare const CONSENT_DECLINED_SNIPPET: "declined to consent";
+export declare const ERR_SHAREPOINT_NO_DRIVES: "No drives found on SharePoint site";
+export declare const ERR_MICROSOFT_CLIENT_ID_REQUIRED: (redirectUri: string) => string;
+export declare const ERR_GRAPH_FOLDER_CHECK: (pathSoFar: string, status: number, body: string) => string;
+export declare const ERR_GRAPH_CREATE_FOLDER: (segment: string, parentPath: string, status: number, body: string) => string;
+export declare const MICROSOFT_GRAPH_CONFLICT_BEHAVIOR_FAIL: "fail";
+/** Set to `1` to log why `*-my.sharepoint.com/shared` URL construction was skipped. */
+export declare const DEBUG_SHAREPOINT_MY_URL_ENV: "SHAREPOINT_DEBUG_MY_URL";
+export declare const ERR_GRAPH_GET: (graphPath: string, status: number, body: string) => string;
+export declare const ERR_GRAPH_PUT: (graphPath: string, status: number, body: string) => string;
+export declare const MCP_UPLOAD_TEST_CLIENT_NAME: "upload-test";
+export declare const MCP_UPLOAD_TEST_CLIENT_VERSION: "1.0.0";
+export declare const MCP_CALL_TIMEOUT_ENV: "MCP_CALL_TIMEOUT_MS";
+export declare const MCP_CALL_TIMEOUT_DEFAULT_MS = 900000;
+/** Default fixture under `fixtures/`; override with env MCP_UPLOAD_TEST_FIXTURE. */
+export declare const FIXTURE_UPLOAD_TEST_FILENAME: "mcp-random-test.md";
+export declare const MCP_UPLOAD_TEST_FIXTURE_ENV: "MCP_UPLOAD_TEST_FIXTURE";
+/** Project-relative paths (repo root). */
+export declare const PROJECT_REL_TSX_CLI: "node_modules/tsx/dist/cli.mjs";
+export declare const PROJECT_REL_SERVER_ENTRY: "src/server.ts";

package/dist/src/constants.js

@@ -0,0 +1,102 @@
+/** Central configuration literals (no secrets). */
+/* Microsoft Graph */
+export const GRAPH_V1_BASE_URL = "https://graph.microsoft.com/v1.0";
+export const GRAPH_BETA_BASE_URL = "https://graph.microsoft.com/beta";
+export const MICROSOFT_AUTH_MODE = "interactive";
+export const MICROSOFT_REDIRECT_URI = "http://localhost";
+/** Delegated scopes requested for interactive SharePoint upload. */
+export const GRAPH_DELEGATED_SCOPES = [
+    "https://graph.microsoft.com/Sites.Read.All",
+    "https://graph.microsoft.com/Files.ReadWrite.All",
+];
+/* Microsoft Entra (interactive public client) */
+export const ENTRA_DEFAULT_REDIRECT_URI = "https://login.microsoftonline.com/common/oauth2/nativeclient";
+/** Used when MICROSOFT_TENANT_ID is omitted. */
+export const ENTRA_TENANT_FALLBACK_ORGANIZATIONS = "organizations";
+/**
+ * MSAL disk cache folder name under the OS store (e.g. Windows:
+ * %LocalAppData%\\.IdentityService\\<name>). Override with MICROSOFT_TOKEN_CACHE_NAME.
+ * Set MICROSOFT_DISABLE_TOKEN_CACHE=true to skip persistence (browser every run).
+ * If cache init fails without OS encryption, set MICROSOFT_TOKEN_CACHE_UNSAFE_UNENCRYPTED=true.
+ */
+export const MICROSOFT_TOKEN_CACHE_DEFAULT_NAME = "document-upload-mcp-graph";
+/**
+ * Account binding file for silent auth (Azure Identity needs this in addition to MSAL token cache).
+ * Default directory: ~/.document-upload-mcp (override MICROSOFT_AUTH_RECORD_DIR).
+ * Delete `auth-record-*.json` there to force sign-in again.
+ */
+export const MICROSOFT_AUTH_RECORD_BASE_DIR = ".document-upload-mcp";
+/* SharePoint */
+export const SHAREPOINT_DEFAULT_DOCUMENT_LIBRARY_NAME = "Documents";
+/* HTTP (Graph requests) */
+export const HTTP_CONTENT_TYPE_JSON = "application/json";
+export const HTTP_CONTENT_TYPE_OCTET_STREAM = "application/octet-stream";
+/* MCP server metadata */
+export const MCP_SERVER_NAME = "sharepoint-document-upload-mcp";
+export const MCP_SERVER_VERSION = "1.0.0";
+export const MCP_SERVER_DESCRIPTION = "A MCP server for uploading document";
+/* Local document handling */
+export const ALLOWED_UPLOAD_EXTENSIONS = [
+    ".txt",
+    ".md",
+    ".pdf",
+    ".docx",
+];
+export const LOCAL_UPLOAD_DIR = "uploads";
+/** Prefix length from SHA-256 hex used in SharePoint upload filenames. */
+export const SHAREPOINT_FILENAME_HASH_PREFIX_LENGTH = 12;
+/** Used with `crypto.createHash` for document deduplication and filenames. */
+export const DOCUMENT_HASH_ALGORITHM = "sha256";
+/* MCP tools — names, titles, descriptions, responses */
+export const TOOL_NAME_HELLO_WORLD = "hello_world";
+export const TOOL_NAME_UPLOAD_DOCUMENT = "upload_document";
+export const TOOL_HELLO_WORLD_TITLE = "Hello World";
+export const TOOL_HELLO_WORLD_DESCRIPTION = "This tool will return Hello World";
+export const TOOL_HELLO_WORLD_RESPONSE_TEXT = "Hello World";
+export const TOOL_UPLOAD_DOCUMENT_TITLE = "Upload a document";
+export const TOOL_UPLOAD_DOCUMENT_DESCRIPTION = "Upload a document locally and to SharePoint when configured. Uses interactive Microsoft sign-in with Graph scopes Sites.Read.All and Files.ReadWrite.All only — remove other API permissions on the Entra app for SharePoint-only consent. After the first sign-in, account metadata and tokens are stored on disk (see ~/.document-upload-mcp and OS .IdentityService cache) so later runs usually skip the browser. Set MICROSOFT_DISABLE_TOKEN_CACHE=true only to disable the MSAL file cache.";
+/** Zod field descriptions for `upload_document` input schema */
+export const SCHEMA_DESC_DOCUMENT_FILENAME = "Original filename including extension (e.g. report.pdf)";
+export const SCHEMA_DESC_DOCUMENT_CONTENT = "File body as UTF-8 text or base64-encoded bytes";
+export const SCHEMA_DESC_MICROSOFT_TENANT_ID = "Entra tenant ID (optional; env MICROSOFT_TENANT_ID; omit for organizations / multi-tenant)";
+export const SCHEMA_DESC_MICROSOFT_CLIENT_ID = "App registration client ID (required for interactive browser sign-in; env MICROSOFT_CLIENT_ID)";
+export const SCHEMA_DESC_SHAREPOINT_SITE_HOST = "SharePoint hostname, e.g. contoso.sharepoint.com (or set SHAREPOINT_SITE_HOST env)";
+export const SCHEMA_DESC_SHAREPOINT_SITE_PATH = "Server-relative site path (e.g. /sites/Team). Use empty string for the root site";
+export const SCHEMA_DESC_SHAREPOINT_UPLOAD_BASE_PATH = "Folder under the document library (e.g. Incoming/2026). Omit or empty for library root";
+/* Server messages */
+export const ERR_UNSUPPORTED_FILE_TYPE = "Unsupported file type";
+export const MSG_UPLOAD_SUCCESS_TEMPLATE = (sharePointNote) => `Upload successful.${sharePointNote}`;
+/** Appended when Graph returns a browser URL for the uploaded item. */
+export const MSG_SHAREPOINT_DOC_URL_LINE = (url) => `\n\nSharePoint document URL:\n${url}`;
+/** Opaque Microsoft Graph `driveItem` id (for `/drives/.../items/{id}`). */
+export const MSG_SHAREPOINT_DRIVE_ITEM_ID_LINE = (id) => `\n\nMicrosoft Graph drive item id:\n${id}`;
+/** SharePoint list row id (often what people mean by "item id" in libraries). */
+export const MSG_SHAREPOINT_LIST_ITEM_ID_LINE = (id) => `\n\nSharePoint list item id:\n${id}`;
+export const MSG_SHAREPOINT_LIST_ITEM_UNIQUE_ID_LINE = (id) => `\n\nSharePoint list item unique id:\n${id}`;
+export const SP_RESULT_NOTE_COMPLETED = "\n\nSharePoint upload completed (no document URL or ids in API response).";
+/* SharePoint / Graph runtime errors (user-facing) */
+export const ERR_INTERACTIVE_NO_GRAPH_TOKEN = "Interactive sign-in did not return a Microsoft Graph token.";
+export const ERR_CONSENT_DECLINED_HINT = " Grant only delegated Sites.Read.All and Files.ReadWrite.All on the app registration, then accept consent.";
+export const AADSTS65004_SNIPPET = "AADSTS65004";
+export const CONSENT_DECLINED_SNIPPET = "declined to consent";
+export const ERR_SHAREPOINT_NO_DRIVES = "No drives found on SharePoint site";
+export const ERR_MICROSOFT_CLIENT_ID_REQUIRED = (redirectUri) => `MICROSOFT_CLIENT_ID is required. Use a public Entra client with redirect "${redirectUri}" and delegated Sites.Read.All + Files.ReadWrite.All.`;
+export const ERR_GRAPH_FOLDER_CHECK = (pathSoFar, status, body) => `Graph folder check ${pathSoFar}: ${status} ${body}`;
+export const ERR_GRAPH_CREATE_FOLDER = (segment, parentPath, status, body) => `Create folder "${segment}" under "${parentPath || "root"}": ${status} ${body}`;
+export const MICROSOFT_GRAPH_CONFLICT_BEHAVIOR_FAIL = "fail";
+/** Set to `1` to log why `*-my.sharepoint.com/shared` URL construction was skipped. */
+export const DEBUG_SHAREPOINT_MY_URL_ENV = "SHAREPOINT_DEBUG_MY_URL";
+/* Graph client error prefixes */
+export const ERR_GRAPH_GET = (graphPath, status, body) => `Graph GET ${graphPath}: ${status} ${body}`;
+export const ERR_GRAPH_PUT = (graphPath, status, body) => `Graph PUT ${graphPath}: ${status} ${body}`;
+/* Integration test script (run-mcp-upload-test) */
+export const MCP_UPLOAD_TEST_CLIENT_NAME = "upload-test";
+export const MCP_UPLOAD_TEST_CLIENT_VERSION = "1.0.0";
+export const MCP_CALL_TIMEOUT_ENV = "MCP_CALL_TIMEOUT_MS";
+export const MCP_CALL_TIMEOUT_DEFAULT_MS = 900_000;
+/** Default fixture under `fixtures/`; override with env MCP_UPLOAD_TEST_FIXTURE. */
+export const FIXTURE_UPLOAD_TEST_FILENAME = "mcp-random-test.md";
+export const MCP_UPLOAD_TEST_FIXTURE_ENV = "MCP_UPLOAD_TEST_FIXTURE";
+/** Project-relative paths (repo root). */
+export const PROJECT_REL_TSX_CLI = "node_modules/tsx/dist/cli.mjs";
+export const PROJECT_REL_SERVER_ENTRY = "src/server.ts";

package/dist/src/document-upload.d.ts

@@ -0,0 +1,4 @@
+export declare function uploadDocument(document: {
+    filename: string;
+    content: string;
+}, MICROSOFT_TENANT_ID: string, MICROSOFT_CLIENT_ID: string, SHAREPOINT_SITE_HOST: string, SHAREPOINT_SITE_PATH: string, SHAREPOINT_UPLOAD_BASE_PATH: string): Promise<string>;

package/dist/src/document-upload.js

@@ -0,0 +1,61 @@
+import { ALLOWED_UPLOAD_EXTENSIONS, DOCUMENT_HASH_ALGORITHM, ERR_UNSUPPORTED_FILE_TYPE, LOCAL_UPLOAD_DIR, MSG_SHAREPOINT_DOC_URL_LINE, MSG_SHAREPOINT_DRIVE_ITEM_ID_LINE, MSG_SHAREPOINT_LIST_ITEM_ID_LINE, MSG_SHAREPOINT_LIST_ITEM_UNIQUE_ID_LINE, SHAREPOINT_FILENAME_HASH_PREFIX_LENGTH, SP_RESULT_NOTE_COMPLETED, } from "./constants.js";
+import { uploadBufferToSharePointIfConfigured } from "./sharepoint.js";
+import path from "node:path";
+import fs from "node:fs/promises";
+import crypto from "node:crypto";
+export async function uploadDocument(document, MICROSOFT_TENANT_ID, MICROSOFT_CLIENT_ID, SHAREPOINT_SITE_HOST, SHAREPOINT_SITE_PATH, SHAREPOINT_UPLOAD_BASE_PATH) {
+    const { filename, content } = document;
+    const ext = path.extname(filename).toLowerCase();
+    if (!ALLOWED_UPLOAD_EXTENSIONS.includes(ext)) {
+        throw new Error(ERR_UNSUPPORTED_FILE_TYPE);
+    }
+    const uploadDir = path.resolve(LOCAL_UPLOAD_DIR);
+    await fs.mkdir(uploadDir, { recursive: true });
+    const filePath = path.join(uploadDir, filename);
+    const buffer = isBase64(content)
+        ? Buffer.from(content, "base64")
+        : Buffer.from(content, "utf-8");
+    await fs.writeFile(filePath, buffer);
+    const hash = crypto.createHash(DOCUMENT_HASH_ALGORITHM).update(buffer).digest("hex");
+    const sp = await uploadBufferToSharePointIfConfigured(buffer, `${hash.slice(0, SHAREPOINT_FILENAME_HASH_PREFIX_LENGTH)}_${filename}`, {
+        MICROSOFT_TENANT_ID,
+        MICROSOFT_CLIENT_ID,
+        SHAREPOINT_SITE_HOST,
+        SHAREPOINT_SITE_PATH,
+        SHAREPOINT_UPLOAD_BASE_PATH,
+    });
+    const spNote = formatSharePointResultNote(sp);
+    return spNote;
+}
+function formatSharePointResultNote(sp) {
+    if (sp.skipped) {
+        return "";
+    }
+    const parts = [];
+    if (sp.webUrl) {
+        parts.push(MSG_SHAREPOINT_DOC_URL_LINE(sp.webUrl));
+    }
+    if (sp.driveItemId) {
+        parts.push(MSG_SHAREPOINT_DRIVE_ITEM_ID_LINE(sp.driveItemId));
+    }
+    const listItemId = sp.sharepointIds?.listItemId;
+    if (listItemId) {
+        parts.push(MSG_SHAREPOINT_LIST_ITEM_ID_LINE(listItemId));
+    }
+    const uniqueId = sp.sharepointIds?.listItemUniqueId;
+    if (uniqueId) {
+        parts.push(MSG_SHAREPOINT_LIST_ITEM_UNIQUE_ID_LINE(uniqueId));
+    }
+    if (parts.length > 0) {
+        return parts.join("");
+    }
+    return SP_RESULT_NOTE_COMPLETED;
+}
+function isBase64(str) {
+    try {
+        return Buffer.from(str, "base64").toString("base64") === str;
+    }
+    catch {
+        return false;
+    }
+}

package/dist/src/graph-client.d.ts

@@ -0,0 +1,20 @@
+/** Minimal Microsoft Graph v1 HTTP helpers (Bearer token). */
+export declare const GRAPH_V1_ROOT: "https://graph.microsoft.com/v1.0";
+export declare const GRAPH_BETA_ROOT: "https://graph.microsoft.com/beta";
+/** Subset of DriveItem fields used after upload / metadata reads. */
+export type GraphDriveItemSummary = {
+    id?: string;
+    webUrl?: string;
+    sharepointIds?: {
+        listId?: string;
+        listItemId?: string;
+        listItemUniqueId?: string;
+        siteId?: string;
+    };
+};
+/** Drive item path: encode each path segment (handles `/`, `&`, spaces). */
+export declare function encodeDriveRelativePath(relativePath: string): string;
+export declare function graphRequest(token: string, graphPath: string, init?: RequestInit): Promise<Response>;
+export declare function graphGetJson<T>(token: string, graphPath: string): Promise<T>;
+export declare function graphBetaGetJson<T>(token: string, graphPath: string): Promise<T>;
+export declare function graphPutStream(token: string, graphPath: string, body: Buffer): Promise<GraphDriveItemSummary>;

package/dist/src/graph-client.js

@@ -0,0 +1,53 @@
+/** Minimal Microsoft Graph v1 HTTP helpers (Bearer token). */
+import { ERR_GRAPH_GET, ERR_GRAPH_PUT, GRAPH_BETA_BASE_URL, GRAPH_V1_BASE_URL, HTTP_CONTENT_TYPE_OCTET_STREAM, } from "./constants.js";
+export const GRAPH_V1_ROOT = GRAPH_V1_BASE_URL;
+export const GRAPH_BETA_ROOT = GRAPH_BETA_BASE_URL;
+/** Drive item path: encode each path segment (handles `/`, `&`, spaces). */
+export function encodeDriveRelativePath(relativePath) {
+    return relativePath
+        .split("/")
+        .filter(Boolean)
+        .map((s) => encodeURIComponent(s))
+        .join("/");
+}
+export async function graphRequest(token, graphPath, init) {
+    const headers = new Headers(init?.headers ?? undefined);
+    headers.set("Authorization", `Bearer ${token}`);
+    return fetch(`${GRAPH_V1_ROOT}${graphPath}`, { ...init, headers });
+}
+export async function graphGetJson(token, graphPath) {
+    const res = await graphRequest(token, graphPath);
+    if (!res.ok) {
+        throw new Error(ERR_GRAPH_GET(graphPath, res.status, await res.text()));
+    }
+    return res.json();
+}
+export async function graphBetaGetJson(token, graphPath) {
+    const headers = new Headers();
+    headers.set("Authorization", `Bearer ${token}`);
+    const res = await fetch(`${GRAPH_BETA_ROOT}${graphPath}`, { headers });
+    if (!res.ok) {
+        throw new Error(ERR_GRAPH_GET(`[beta]${graphPath}`, res.status, await res.text()));
+    }
+    return res.json();
+}
+export async function graphPutStream(token, graphPath, body) {
+    const res = await graphRequest(token, graphPath, {
+        method: "PUT",
+        headers: { "Content-Type": HTTP_CONTENT_TYPE_OCTET_STREAM },
+        body: new Uint8Array(body),
+    });
+    if (!res.ok) {
+        throw new Error(ERR_GRAPH_PUT(graphPath, res.status, await res.text()));
+    }
+    const raw = await res.text();
+    if (!raw.trim()) {
+        return {};
+    }
+    try {
+        return JSON.parse(raw);
+    }
+    catch {
+        return {};
+    }
+}

package/dist/src/server.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/src/server.js

@@ -0,0 +1,61 @@
+#!/usr/bin/env node
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+import { MCP_SERVER_DESCRIPTION, MCP_SERVER_NAME, MCP_SERVER_VERSION, MSG_UPLOAD_SUCCESS_TEMPLATE, SCHEMA_DESC_DOCUMENT_CONTENT, SCHEMA_DESC_DOCUMENT_FILENAME, SCHEMA_DESC_MICROSOFT_CLIENT_ID, SCHEMA_DESC_MICROSOFT_TENANT_ID, SCHEMA_DESC_SHAREPOINT_SITE_HOST, SCHEMA_DESC_SHAREPOINT_SITE_PATH, SCHEMA_DESC_SHAREPOINT_UPLOAD_BASE_PATH, TOOL_HELLO_WORLD_RESPONSE_TEXT, TOOL_HELLO_WORLD_TITLE, TOOL_NAME_HELLO_WORLD, TOOL_NAME_UPLOAD_DOCUMENT, TOOL_UPLOAD_DOCUMENT_DESCRIPTION, TOOL_UPLOAD_DOCUMENT_TITLE, TOOL_HELLO_WORLD_DESCRIPTION } from "./constants.js";
+import { uploadDocument } from "./document-upload.js";
+const server = new McpServer({
+    name: MCP_SERVER_NAME,
+    version: MCP_SERVER_VERSION,
+    description: MCP_SERVER_DESCRIPTION,
+});
+server.registerTool(TOOL_NAME_HELLO_WORLD, {
+    title: TOOL_HELLO_WORLD_TITLE,
+    description: TOOL_HELLO_WORLD_DESCRIPTION,
+    inputSchema: {}
+}, async () => {
+    return { content: [
+            {
+                type: "text",
+                text: TOOL_HELLO_WORLD_RESPONSE_TEXT,
+            },
+        ],
+    };
+});
+server.registerTool(TOOL_NAME_UPLOAD_DOCUMENT, {
+    title: TOOL_UPLOAD_DOCUMENT_TITLE,
+    description: TOOL_UPLOAD_DOCUMENT_DESCRIPTION,
+    inputSchema: z.object({
+        document: z.object({
+            filename: z.string().describe(SCHEMA_DESC_DOCUMENT_FILENAME),
+            content: z.string().describe(SCHEMA_DESC_DOCUMENT_CONTENT),
+        }),
+        MICROSOFT_TENANT_ID: z
+            .string()
+            .describe(SCHEMA_DESC_MICROSOFT_TENANT_ID),
+        MICROSOFT_CLIENT_ID: z
+            .string()
+            .describe(SCHEMA_DESC_MICROSOFT_CLIENT_ID),
+        SHAREPOINT_SITE_HOST: z
+            .string()
+            .describe(SCHEMA_DESC_SHAREPOINT_SITE_HOST),
+        SHAREPOINT_SITE_PATH: z
+            .string()
+            .describe(SCHEMA_DESC_SHAREPOINT_SITE_PATH),
+        SHAREPOINT_UPLOAD_BASE_PATH: z
+            .string()
+            .describe(SCHEMA_DESC_SHAREPOINT_UPLOAD_BASE_PATH),
+    }),
+}, async ({ document, MICROSOFT_TENANT_ID, MICROSOFT_CLIENT_ID, SHAREPOINT_SITE_HOST, SHAREPOINT_SITE_PATH, SHAREPOINT_UPLOAD_BASE_PATH, }) => {
+    const spNote = await uploadDocument(document, MICROSOFT_TENANT_ID, MICROSOFT_CLIENT_ID, SHAREPOINT_SITE_HOST, SHAREPOINT_SITE_PATH, SHAREPOINT_UPLOAD_BASE_PATH);
+    return {
+        content: [
+            {
+                type: "text",
+                text: MSG_UPLOAD_SUCCESS_TEMPLATE(spNote),
+            },
+        ],
+    };
+});
+const transport = new StdioServerTransport();
+await server.connect(transport);

package/dist/src/sharepoint.d.ts

@@ -0,0 +1,29 @@
+/**
+ * SharePoint upload via Microsoft Graph + interactive browser sign-in.
+ * See `constants.ts` for Graph scopes, redirect URI, and defaults.
+ */
+import { type GraphDriveItemSummary } from "./graph-client.js";
+/** Re-export for callers that imported redirect from this module. */
+export declare const DEFAULT_REDIRECT_URI: "https://login.microsoftonline.com/common/oauth2/nativeclient";
+export type SharePointUploadOverrides = {
+    MICROSOFT_TENANT_ID?: string;
+    MICROSOFT_CLIENT_ID?: string;
+    SHAREPOINT_SITE_HOST?: string;
+    SHAREPOINT_SITE_PATH?: string;
+    SHAREPOINT_UPLOAD_BASE_PATH?: string;
+};
+/**
+ * Uploads when `SHAREPOINT_SITE_HOST` resolves (params and/or env).
+ * Skips when the site host is missing.
+ */
+export type SharePointUploadSaved = {
+    skipped: false;
+    webUrl?: string;
+    /** Microsoft Graph driveItem id (opaque). */
+    driveItemId?: string;
+    /** Present for items in SharePoint document libraries. */
+    sharepointIds?: GraphDriveItemSummary["sharepointIds"];
+};
+export declare function uploadBufferToSharePointIfConfigured(buffer: Buffer, filename: string, overrides?: SharePointUploadOverrides): Promise<{
+    skipped: true;
+} | SharePointUploadSaved>;

package/dist/src/sharepoint.js

@@ -0,0 +1,577 @@
+/**
+ * SharePoint upload via Microsoft Graph + interactive browser sign-in.
+ * See `constants.ts` for Graph scopes, redirect URI, and defaults.
+ */
+import { InteractiveBrowserCredential, deserializeAuthenticationRecord, serializeAuthenticationRecord, useIdentityPlugin, } from "@azure/identity";
+import { cachePersistencePlugin } from "@azure/identity-cache-persistence";
+import crypto from "node:crypto";
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+import { AADSTS65004_SNIPPET, CONSENT_DECLINED_SNIPPET, ENTRA_DEFAULT_REDIRECT_URI, ENTRA_TENANT_FALLBACK_ORGANIZATIONS, ERR_CONSENT_DECLINED_HINT, ERR_GRAPH_CREATE_FOLDER, ERR_GRAPH_FOLDER_CHECK, ERR_INTERACTIVE_NO_GRAPH_TOKEN, ERR_MICROSOFT_CLIENT_ID_REQUIRED, ERR_SHAREPOINT_NO_DRIVES, DOCUMENT_HASH_ALGORITHM, GRAPH_DELEGATED_SCOPES, HTTP_CONTENT_TYPE_JSON, MCP_SERVER_NAME, MICROSOFT_AUTH_RECORD_BASE_DIR, DEBUG_SHAREPOINT_MY_URL_ENV, MICROSOFT_GRAPH_CONFLICT_BEHAVIOR_FAIL, MICROSOFT_TOKEN_CACHE_DEFAULT_NAME, SHAREPOINT_DEFAULT_DOCUMENT_LIBRARY_NAME, MICROSOFT_REDIRECT_URI, } from "./constants.js";
+import { encodeDriveRelativePath, graphBetaGetJson, graphGetJson, graphPutStream, graphRequest, } from "./graph-client.js";
+/** Re-export for callers that imported redirect from this module. */
+export const DEFAULT_REDIRECT_URI = ENTRA_DEFAULT_REDIRECT_URI;
+let msalPersistencePluginAttempted = false;
+let msalPersistencePluginRegistered = false;
+function ensureMsalPersistencePlugin() {
+    if (msalPersistencePluginRegistered) {
+        return true;
+    }
+    if (msalPersistencePluginAttempted) {
+        return false;
+    }
+    msalPersistencePluginAttempted = true;
+    const disabled = process.env.MICROSOFT_DISABLE_TOKEN_CACHE;
+    if (disabled === "1" || disabled === "true") {
+        return false;
+    }
+    try {
+        useIdentityPlugin(cachePersistencePlugin);
+        msalPersistencePluginRegistered = true;
+        return true;
+    }
+    catch (e) {
+        const msg = e instanceof Error ? e.message : String(e);
+        console.error(`[${MCP_SERVER_NAME}] MSAL token cache plugin failed (${msg}). Browser sign-in may be required every run.`);
+        return false;
+    }
+}
+function resolveTokenCachePersistenceOptions() {
+    if (!ensureMsalPersistencePlugin()) {
+        return undefined;
+    }
+    const name = process.env.MICROSOFT_TOKEN_CACHE_NAME?.trim() ||
+        MICROSOFT_TOKEN_CACHE_DEFAULT_NAME;
+    const unsafe = process.env.MICROSOFT_TOKEN_CACHE_UNSAFE_UNENCRYPTED === "1" ||
+        process.env.MICROSOFT_TOKEN_CACHE_UNSAFE_UNENCRYPTED === "true";
+    return {
+        enabled: true,
+        name,
+        ...(unsafe ? { unsafeAllowUnencryptedStorage: true } : {}),
+    };
+}
+function pick(override, ...envKeys) {
+    if (override !== undefined) {
+        return override;
+    }
+    for (const key of envKeys) {
+        const v = process.env[key];
+        if (v !== undefined && v !== "") {
+            return v;
+        }
+    }
+    return undefined;
+}
+function normalizeSitePath(path) {
+    const p = path.trim();
+    return p.startsWith(":") ? p.slice(1) : p;
+}
+function resolveSiteConfig(overrides) {
+    const siteHost = pick(overrides?.SHAREPOINT_SITE_HOST, "SHAREPOINT_SITE_HOST");
+    if (!siteHost) {
+        return null;
+    }
+    const rawPath = pick(overrides?.SHAREPOINT_SITE_PATH, "SHAREPOINT_SITE_PATH") ?? "";
+    return {
+        tenantId: pick(overrides?.MICROSOFT_TENANT_ID, "MICROSOFT_TENANT_ID"),
+        clientId: pick(overrides?.MICROSOFT_CLIENT_ID, "MICROSOFT_CLIENT_ID"),
+        redirectUri: pick(undefined, "MICROSOFT_REDIRECT_URI") ?? MICROSOFT_REDIRECT_URI,
+        siteHost,
+        sitePath: normalizeSitePath(rawPath),
+        folderPath: pick(overrides?.SHAREPOINT_UPLOAD_BASE_PATH, "SHAREPOINT_UPLOAD_BASE_PATH", "SHAREPOINT_FOLDER_PATH") ?? "",
+        driveName: pick(undefined, "SHAREPOINT_DRIVE_NAME") ??
+            SHAREPOINT_DEFAULT_DOCUMENT_LIBRARY_NAME,
+    };
+}
+const GRAPH_SITE_WEB_GUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+/**
+ * `GET /sites/{id}` returns composite ids `hostname,{siteCollectionId},{webId}`.
+ * List subpaths like `/lists/{listId}/views` return 400 with the composite form; use the web GUID.
+ */
+function siteIdForListScopedRequests(siteId) {
+    const segments = siteId.split(",").map((s) => s.trim());
+    if (segments.length === 3) {
+        const webId = segments[2];
+        if (webId && GRAPH_SITE_WEB_GUID_RE.test(webId)) {
+            return webId;
+        }
+    }
+    const trimmed = siteId.trim();
+    if (GRAPH_SITE_WEB_GUID_RE.test(trimmed)) {
+        return trimmed;
+    }
+    return siteId;
+}
+function credentialBindingKey(tenantId, clientId, redirectUri) {
+    return `${tenantId}|${clientId}|${redirectUri}`;
+}
+function authenticationRecordFilePath(bindingKey) {
+    const dir = process.env.MICROSOFT_AUTH_RECORD_DIR?.trim() ||
+        path.join(os.homedir(), MICROSOFT_AUTH_RECORD_BASE_DIR);
+    const hash = crypto
+        .createHash(DOCUMENT_HASH_ALGORITHM)
+        .update(bindingKey)
+        .digest("hex")
+        .slice(0, 24);
+    return path.join(dir, `auth-record-${hash}.json`);
+}
+async function loadSavedAuthenticationRecord(bindingKey) {
+    try {
+        const raw = await fs.readFile(authenticationRecordFilePath(bindingKey), "utf-8");
+        return deserializeAuthenticationRecord(raw);
+    }
+    catch {
+        return undefined;
+    }
+}
+async function saveAuthenticationRecord(bindingKey, record) {
+    const filePath = authenticationRecordFilePath(bindingKey);
+    await fs.mkdir(path.dirname(filePath), { recursive: true });
+    await fs.writeFile(filePath, serializeAuthenticationRecord(record), "utf-8");
+}
+function rethrowWithConsentMessageIfNeeded(e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    if (msg.includes(AADSTS65004_SNIPPET) ||
+        msg.includes(CONSENT_DECLINED_SNIPPET)) {
+        throw new Error(`${msg}${ERR_CONSENT_DECLINED_HINT}`);
+    }
+    throw e;
+}
+async function acquireGraphToken(tenantId, clientId, redirectUri) {
+    const tenant = tenantId?.trim() || ENTRA_TENANT_FALLBACK_ORGANIZATIONS;
+    const bindingKey = credentialBindingKey(tenant, clientId, redirectUri);
+    let record = await loadSavedAuthenticationRecord(bindingKey);
+    const persistence = resolveTokenCachePersistenceOptions();
+    const credential = new InteractiveBrowserCredential({
+        tenantId: tenant,
+        clientId,
+        redirectUri,
+        ...(record ? { authenticationRecord: record } : {}),
+        ...(persistence ? { tokenCachePersistenceOptions: persistence } : {}),
+    });
+    if (!record) {
+        try {
+            const interactiveRecord = await credential.authenticate([
+                ...GRAPH_DELEGATED_SCOPES,
+            ]);
+            if (!interactiveRecord) {
+                throw new Error(ERR_INTERACTIVE_NO_GRAPH_TOKEN);
+            }
+            await saveAuthenticationRecord(bindingKey, interactiveRecord);
+        }
+        catch (e) {
+            rethrowWithConsentMessageIfNeeded(e);
+        }
+    }
+    try {
+        const result = await credential.getToken([...GRAPH_DELEGATED_SCOPES]);
+        if (!result?.token) {
+            throw new Error(ERR_INTERACTIVE_NO_GRAPH_TOKEN);
+        }
+        return result.token;
+    }
+    catch (e) {
+        rethrowWithConsentMessageIfNeeded(e);
+    }
+}
+function sitePathToGraphKey(host, sitePath) {
+    const seg = sitePath.trim();
+    if (seg === "" || seg === "/") {
+        return encodeURIComponent(`${host}:/`);
+    }
+    const normalized = seg.startsWith("/") ? seg : `/${seg}`;
+    return encodeURIComponent(`${host}:${normalized}`);
+}
+async function resolveSiteAndDriveIds(token, host, sitePath, driveName) {
+    const siteId = (await graphGetJson(token, `/sites/${sitePathToGraphKey(host, sitePath)}`)).id;
+    const drives = await graphGetJson(token, `/sites/${encodeURIComponent(siteId)}/drives`);
+    const drive = drives.value.find((d) => d.name === driveName) ?? drives.value[0];
+    if (!drive) {
+        throw new Error(ERR_SHAREPOINT_NO_DRIVES);
+    }
+    return { siteId, driveId: drive.id };
+}
+function mergeDriveItemMeta(a, b) {
+    const sharepointIds = a.sharepointIds || b.sharepointIds
+        ? { ...a.sharepointIds, ...b.sharepointIds }
+        : undefined;
+    return {
+        id: b.id ?? a.id,
+        webUrl: b.webUrl ?? a.webUrl,
+        sharepointIds,
+    };
+}
+async function getDriveItemBySiteDrivePath(token, siteId, driveId, encodedRelativePath) {
+    const select = "id,webUrl,sharepointIds";
+    const metaPath = `/sites/${encodeURIComponent(siteId)}/drives/${encodeURIComponent(driveId)}/root:/${encodedRelativePath}?$select=${select}`;
+    return graphGetJson(token, metaPath);
+}
+function sharePointHostnameWithoutScheme(siteHost) {
+    return siteHost.replace(/^https?:\/\//i, "").replace(/\/.*$/, "");
+}
+/** e.g. `integrantincorp` from `integrantincorp.sharepoint.com`. */
+function tenantKeyFromSharePointHost(hostname) {
+    const lower = hostname.toLowerCase();
+    const suffix = ".sharepoint.com";
+    if (!lower.endsWith(suffix)) {
+        return undefined;
+    }
+    const sub = lower.slice(0, -suffix.length);
+    const first = sub.split(".")[0];
+    return first || undefined;
+}
+function serverRelativeItemPathFromGraphWebUrl(itemWebUrl) {
+    const u = new URL(itemWebUrl);
+    const path = u.pathname.replace(/\/+$/, "") || u.pathname;
+    return decodeURIComponent(path);
+}
+function parentServerRelativePathFromItem(itemPath) {
+    const i = itemPath.lastIndexOf("/");
+    if (i <= 0) {
+        return itemPath;
+    }
+    return itemPath.slice(0, i);
+}
+/** Decode URL until stable so `.../Shared%2520Documents` becomes a single-encoded path for `listurl`. */
+function normalizeUrlForSharedListParam(url) {
+    let s = url.trim();
+    let prev = "";
+    while (s !== prev && /%[0-9a-f]{2}/i.test(s)) {
+        prev = s;
+        try {
+            s = decodeURIComponent(s);
+        }
+        catch {
+            break;
+        }
+    }
+    return s;
+}
+function buildMySharedQueryString(params) {
+    const listurl = normalizeUrlForSharedListParam(params.listurl);
+    const parts = [`listurl=${encodeURIComponent(listurl)}`];
+    if (params.viewid?.trim()) {
+        parts.push(`viewid=${encodeURIComponent(params.viewid.trim())}`);
+    }
+    parts.push(`id=${encodeURIComponent(params.id)}`);
+    parts.push(`parent=${encodeURIComponent(params.parent)}`);
+    if (params.ovuser?.trim()) {
+        parts.push(`ovuser=${encodeURIComponent(params.ovuser.trim())}`);
+    }
+    return parts.join("&");
+}
+async function fetchListWebRootUrl(token, siteId, listId) {
+    const sid = siteIdForListScopedRequests(siteId);
+    const list = await graphGetJson(token, `/sites/${encodeURIComponent(sid)}/lists/${encodeURIComponent(listId)}?$select=webUrl`);
+    const u = list.webUrl?.trim();
+    return u || undefined;
+}
+function logMySharedUrlDebug(message, err) {
+    if (process.env[DEBUG_SHAREPOINT_MY_URL_ENV] !== "1") {
+        return;
+    }
+    const detail = err instanceof Error ? err.message : err;
+    console.error(`[${MCP_SERVER_NAME}] my/shared URL: ${message}`, detail ?? "");
+}
+/**
+ * Graph list `id` + library webUrl for the document library drive.
+ * Prefer site-scoped `/sites/.../drives/.../list` (works for SharePoint libraries).
+ */
+async function fetchDriveDocumentLibraryList(token, siteId, driveId) {
+    const select = "$select=id,webUrl";
+    const attempts = [
+        {
+            label: "site+drive /list",
+            path: `/sites/${encodeURIComponent(siteId)}/drives/${encodeURIComponent(driveId)}/list?${select}`,
+        },
+        {
+            label: "/drives /list",
+            path: `/drives/${encodeURIComponent(driveId)}/list?${select}`,
+        },
+        {
+            label: "/drives $expand=list",
+            path: `/drives/${encodeURIComponent(driveId)}?$expand=list`,
+        },
+    ];
+    for (const { label, path } of attempts) {
+        try {
+            if (path.includes("$expand=list")) {
+                const drive = await graphGetJson(token, path);
+                if (drive.list?.id) {
+                    return { id: drive.list.id, webUrl: drive.list.webUrl };
+                }
+            }
+            else {
+                const list = await graphGetJson(token, path);
+                if (list?.id) {
+                    return { id: list.id, webUrl: list.webUrl };
+                }
+            }
+        }
+        catch (e) {
+            logMySharedUrlDebug(`${label} failed`, e);
+        }
+    }
+    logMySharedUrlDebug("no list id from site/drives list endpoints or expand");
+    return undefined;
+}
+function pickPreferredLibraryViewId(views) {
+    if (!views.length) {
+        return undefined;
+    }
+    const preferred = views.find((v) => v.name === "All Documents") ??
+        views.find((v) => /all\s*documents/i.test(v.name ?? "")) ??
+        views.find((v) => /all\s*documents/i.test(v.displayName ?? "")) ??
+        views[0];
+    return preferred?.id;
+}
+/**
+ * Resolves `viewid` for `*-my.sharepoint.com/shared`. Document libraries often reject
+ * `.../lists/{id}/views` on v1; we try `$expand=views`, then v1 `/views`, then beta `/views`.
+ */
+async function fetchLibraryViewIdForSharedLink(token, siteId, listId) {
+    const sid = siteIdForListScopedRequests(siteId);
+    const listBase = `/sites/${encodeURIComponent(sid)}/lists/${encodeURIComponent(listId)}`;
+    try {
+        const expanded = await graphGetJson(token, `${listBase}?$expand=views($select=id,name,displayName)&$select=id`);
+        const vid = pickPreferredLibraryViewId(expanded.views ?? []);
+        if (vid) {
+            return vid;
+        }
+    }
+    catch (e) {
+        logMySharedUrlDebug("list $expand=views (v1) failed", e);
+    }
+    try {
+        const data = await graphGetJson(token, `${listBase}/views`);
+        const vid = pickPreferredLibraryViewId(data.value ?? []);
+        if (vid) {
+            return vid;
+        }
+    }
+    catch (e) {
+        logMySharedUrlDebug("list /views (v1) failed", e);
+    }
+    try {
+        const data = await graphBetaGetJson(token, `${listBase}/views`);
+        const vid = pickPreferredLibraryViewId(data.value ?? []);
+        if (vid) {
+            return vid;
+        }
+    }
+    catch (e) {
+        logMySharedUrlDebug("list /views (beta) failed", e);
+    }
+    return undefined;
+}
+/**
+ * Browser often opens library files via
+ * `https://{tenant}-my.sharepoint.com/shared?listurl=&viewid=&id=&parent=` (and optional `ovuser`).
+ * Graph `webUrl` alone points at `*.sharepoint.com/...`, which may not match what users copy from the address bar.
+ * Omits `xsdata` / `sdata` (session tokens); those are not available server-side.
+ */
+async function tryBuildSharePointMySharedDocumentUrl(options) {
+    const { token, siteId, driveId, listIdFromSharepointIds, itemWebUrl, sharePointSiteHost, tenantId, } = options;
+    const host = sharePointHostnameWithoutScheme(sharePointSiteHost);
+    const tenantKey = tenantKeyFromSharePointHost(host);
+    if (!tenantKey) {
+        logMySharedUrlDebug("could not derive tenant prefix", host);
+        return undefined;
+    }
+    const libraryList = (await fetchDriveDocumentLibraryList(token, siteId, driveId)) ??
+        (listIdFromSharepointIds
+            ? { id: listIdFromSharepointIds, webUrl: undefined }
+            : undefined);
+    if (!libraryList?.id) {
+        logMySharedUrlDebug("no library list id (drive list + sharepointIds exhausted)");
+        return undefined;
+    }
+    const listId = libraryList.id;
+    let listWebUrl = libraryList.webUrl?.trim();
+    if (!listWebUrl) {
+        try {
+            listWebUrl = await fetchListWebRootUrl(token, siteId, listId);
+        }
+        catch {
+            return undefined;
+        }
+    }
+    if (!listWebUrl) {
+        logMySharedUrlDebug("no list webUrl", { listId });
+        return undefined;
+    }
+    const viewId = await fetchLibraryViewIdForSharedLink(token, siteId, listId);
+    if (!viewId) {
+        logMySharedUrlDebug("no view id discovered; continuing without viewid query param", { listId });
+    }
+    let itemPath;
+    try {
+        itemPath = serverRelativeItemPathFromGraphWebUrl(itemWebUrl);
+        if (!itemPath.startsWith("/")) {
+            logMySharedUrlDebug("item path not server-relative", itemPath);
+            return undefined;
+        }
+    }
+    catch (e) {
+        logMySharedUrlDebug("parse item webUrl failed", e);
+        return undefined;
+    }
+    const parentPath = parentServerRelativePathFromItem(itemPath);
+    const base = `https://${tenantKey}-my.sharepoint.com/shared`;
+    let ovuser;
+    const tid = tenantId?.trim();
+    if (tid) {
+        try {
+            const me = await graphGetJson(token, "/me?$select=userPrincipalName");
+            const upn = me.userPrincipalName?.trim();
+            if (upn) {
+                ovuser = `${tid},${upn}`;
+            }
+        }
+        catch {
+            /* ovuser is optional */
+        }
+    }
+    const q = buildMySharedQueryString({
+        listurl: listWebUrl,
+        viewid: viewId,
+        id: itemPath,
+        parent: parentPath,
+        ovuser,
+    });
+    return `${base}?${q}`;
+}
+/**
+ * Creates an org-scoped **view** link via Graph; `link.webUrl` generally opens in the
+ * browser even when the raw driveItem `webUrl` does not.
+ */
+async function tryCreateOrganizationViewLink(token, siteId, driveId, itemId) {
+    const path = `/sites/${encodeURIComponent(siteId)}/drives/${encodeURIComponent(driveId)}/items/${encodeURIComponent(itemId)}/createLink`;
+    try {
+        const res = await graphRequest(token, path, {
+            method: "POST",
+            headers: { "Content-Type": HTTP_CONTENT_TYPE_JSON },
+            body: JSON.stringify({
+                type: "view",
+                scope: "organization",
+            }),
+        });
+        if (!res.ok) {
+            logMySharedUrlDebug("createLink (organization view) failed", `${res.status} ${await res.text()}`);
+            return undefined;
+        }
+        const data = (await res.json());
+        const url = data.link?.webUrl?.trim();
+        return url || undefined;
+    }
+    catch (e) {
+        logMySharedUrlDebug("createLink error", e);
+        return undefined;
+    }
+}
+async function ensureFolderPath(token, driveId, folderPath) {
+    const segments = folderPath.split("/").filter(Boolean);
+    if (segments.length === 0) {
+        return;
+    }
+    let pathSoFar = "";
+    for (const segment of segments) {
+        pathSoFar = pathSoFar ? `${pathSoFar}/${segment}` : segment;
+        const encoded = encodeDriveRelativePath(pathSoFar);
+        const itemPath = `/drives/${encodeURIComponent(driveId)}/root:/${encoded}`;
+        const check = await graphRequest(token, itemPath);
+        if (check.ok) {
+            continue;
+        }
+        if (check.status !== 404) {
+            throw new Error(ERR_GRAPH_FOLDER_CHECK(pathSoFar, check.status, await check.text()));
+        }
+        const parentPath = pathSoFar.includes("/")
+            ? pathSoFar.slice(0, pathSoFar.lastIndexOf("/"))
+            : "";
+        const childrenSegment = parentPath
+            ? `root:/${encodeDriveRelativePath(parentPath)}:/children`
+            : "root/children";
+        const createPath = `/drives/${encodeURIComponent(driveId)}/${childrenSegment}`;
+        const created = await graphRequest(token, createPath, {
+            method: "POST",
+            headers: { "Content-Type": HTTP_CONTENT_TYPE_JSON },
+            body: JSON.stringify({
+                name: segment,
+                folder: {},
+                "@microsoft.graph.conflictBehavior": MICROSOFT_GRAPH_CONFLICT_BEHAVIOR_FAIL,
+            }),
+        });
+        if (created.status === 409) {
+            continue;
+        }
+        if (!created.ok) {
+            throw new Error(ERR_GRAPH_CREATE_FOLDER(segment, parentPath, created.status, await created.text()));
+        }
+    }
+}
+export async function uploadBufferToSharePointIfConfigured(buffer, filename, overrides) {
+    const cfg = resolveSiteConfig(overrides);
+    if (!cfg) {
+        return { skipped: true };
+    }
+    if (!cfg.clientId) {
+        throw new Error(ERR_MICROSOFT_CLIENT_ID_REQUIRED(ENTRA_DEFAULT_REDIRECT_URI));
+    }
+    const host = cfg.siteHost.replace(/^https?:\/\//, "");
+    const folder = cfg.folderPath
+        .replaceAll("\\", "/")
+        .replace(/^\/+|\/+$/g, "");
+    const token = await acquireGraphToken(cfg.tenantId, cfg.clientId, cfg.redirectUri);
+    const { siteId, driveId } = await resolveSiteAndDriveIds(token, host, cfg.sitePath, cfg.driveName);
+    await ensureFolderPath(token, driveId, folder);
+    const relativeFile = folder ? `${folder}/${filename}` : filename;
+    const encodedFile = encodeDriveRelativePath(relativeFile);
+    const uploadPath = `/sites/${encodeURIComponent(siteId)}/drives/${encodeURIComponent(driveId)}/root:/${encodedFile}:/content`;
+    const putItem = await graphPutStream(token, uploadPath, buffer);
+    const metaItem = await getDriveItemBySiteDrivePath(token, siteId, driveId, encodedFile);
+    const merged = mergeDriveItemMeta(putItem, metaItem);
+    let webUrl = merged.webUrl;
+    const itemId = merged.id;
+    if (itemId) {
+        const openUrl = await tryCreateOrganizationViewLink(token, siteId, driveId, itemId);
+        if (openUrl) {
+            webUrl = openUrl;
+        }
+        else if (merged.webUrl) {
+            const modern = await tryBuildSharePointMySharedDocumentUrl({
+                token,
+                siteId,
+                driveId,
+                listIdFromSharepointIds: merged.sharepointIds?.listId,
+                itemWebUrl: merged.webUrl,
+                sharePointSiteHost: cfg.siteHost,
+                tenantId: cfg.tenantId,
+            });
+            if (modern) {
+                webUrl = modern;
+            }
+        }
+    }
+    else if (merged.webUrl) {
+        const modern = await tryBuildSharePointMySharedDocumentUrl({
+            token,
+            siteId,
+            driveId,
+            listIdFromSharepointIds: merged.sharepointIds?.listId,
+            itemWebUrl: merged.webUrl,
+            sharePointSiteHost: cfg.siteHost,
+            tenantId: cfg.tenantId,
+        });
+        if (modern) {
+            webUrl = modern;
+        }
+    }
+    return {
+        skipped: false,
+        webUrl,
+        driveItemId: merged.id,
+        sharepointIds: merged.sharepointIds,
+    };
+}

package/package.json

@@ -1,13 +1,14 @@
 {
   "name": "@habibakhaledm/sharepoint-document-upload-mcp",
-  "version": "1.1.3",
+  "version": "1.1.4",
   "description": "A MCP server for uploading document to Sharepoint",
-  "main": "src/server.ts",
+  "main": "dist/src/server.js",
   "bin": {
-    "sharepoint-document-upload-mcp": "dist/server.js"
+    "sharepoint-document-upload-mcp": "dist/src/server.js"
   },
   "files": [
-    "bin/**/*.mjs",
+    "dist/**/*.js",
+    "dist/**/*.d.ts",
     "src/**/*.ts",
     "tsconfig.json"
   ],

package/src/server.ts

@@ -1,8 +1,7 @@
+#!/usr/bin/env node
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { z } from "zod";
-import path from "node:path";
-import { fileURLToPath } from "node:url";
 
 import {
   MCP_SERVER_DESCRIPTION,