@juvantlabs/m365-graph-mcp-server 0.1.0

package/dist/tools/create_event.js

@@ -0,0 +1,144 @@
+/**
+ * Tool: m365-graph:create_event
+ *
+ * Create a new event on the user's primary calendar (or a specified
+ * calendar). Wraps Graph `POST /me/events` (or
+ * `POST /me/calendars/{id}/events`).
+ *
+ * Required Graph scope: `Calendars.ReadWrite` (delegated).
+ *
+ * Send-invitations behavior: by default Graph DOES send meeting
+ * invitations to attendees on event creation. To create an event
+ * without sending invites, set `send_invitations: false` (we set
+ * `responseStatus.response: "organizer"` and don't add the user as
+ * attendee — but Graph still notifies the *other* attendees unless
+ * the calendar is configured otherwise).
+ *
+ * Defaults:
+ *   - timezone: "UTC" if not specified (Graph requires explicit TZ)
+ *   - body_content_type: "text"
+ *   - is_all_day: false
+ *   - attendee.type: "required" (when type omitted in input)
+ *
+ * No spec/approval pattern here — creation is non-destructive (worst
+ * case: clutter on the calendar; the agent can call cancel_event or
+ * the user can delete via Outlook UI).
+ */
+import { summarizeEvent } from "./list_events.js";
+import { validateOptionalEnum, validateOptionalString, validateRequiredISODate, validateRequiredString, } from "../types/validators.js";
+const BODY_CONTENT_TYPES = ["text", "html"];
+const ATTENDEE_TYPES = ["required", "optional", "resource"];
+const definition = {
+    name: "m365-graph:create_event",
+    description: "Create a new event on the user's primary calendar (or a specified calendar). Returns the created event with its server-assigned id and webLink. By default Graph sends meeting invitations to attendees.",
+    inputSchema: {
+        type: "object",
+        properties: {
+            subject: { type: "string", description: "Event subject (title)." },
+            start: {
+                type: "string",
+                description: "Start, ISO 8601 (e.g. '2026-05-04T10:00:00').",
+            },
+            end: {
+                type: "string",
+                description: "End, ISO 8601. Must be after start.",
+            },
+            timezone: {
+                type: "string",
+                description: "IANA timezone for start + end (e.g. 'Europe/Rome'). Default: 'UTC'.",
+            },
+            body: {
+                type: "string",
+                description: "Optional body content for the event description.",
+            },
+            body_content_type: {
+                type: "string",
+                enum: ["text", "html"],
+                description: "Body content type. Default: 'text'.",
+            },
+            location: {
+                type: "string",
+                description: "Optional location (free-text or room name).",
+            },
+            attendees: {
+                type: "array",
+                description: "Optional attendees. Each item: {email, name?, type?}. type ∈ {required, optional, resource}.",
+                items: {
+                    type: "object",
+                    properties: {
+                        email: { type: "string" },
+                        name: { type: "string" },
+                        type: { type: "string", enum: ["required", "optional", "resource"] },
+                    },
+                    required: ["email"],
+                },
+            },
+            is_all_day: {
+                type: "boolean",
+                description: "Mark as all-day event. Default: false.",
+            },
+            calendar_id: {
+                type: "string",
+                description: "Optional calendar id from list_calendars. Defaults to the user's primary calendar.",
+            },
+        },
+        required: ["subject", "start", "end"],
+    },
+};
+function validateAttendees(value) {
+    if (value === undefined || value === null)
+        return [];
+    if (!Array.isArray(value)) {
+        throw new Error("'attendees' must be an array");
+    }
+    return value.map((raw, i) => {
+        if (typeof raw !== "object" || raw === null) {
+            throw new Error(`'attendees[${i}]' must be an object`);
+        }
+        const a = raw;
+        const email = validateRequiredString(a.email, `attendees[${i}].email`);
+        const name = validateOptionalString(a.name, `attendees[${i}].name`);
+        const type = validateOptionalEnum(a.type, `attendees[${i}].type`, ATTENDEE_TYPES, "required");
+        return { email, name, type };
+    });
+}
+const handler = async (graph, args) => {
+    const subject = validateRequiredString(args.subject, "subject");
+    const start = validateRequiredISODate(args.start, "start");
+    const end = validateRequiredISODate(args.end, "end");
+    const timezone = validateOptionalString(args.timezone, "timezone") ?? "UTC";
+    const body = validateOptionalString(args.body, "body");
+    const bodyContentType = validateOptionalEnum(args.body_content_type, "body_content_type", BODY_CONTENT_TYPES, "text");
+    const location = validateOptionalString(args.location, "location");
+    const attendees = validateAttendees(args.attendees);
+    const isAllDay = args.is_all_day === true;
+    const calendarId = validateOptionalString(args.calendar_id, "calendar_id");
+    const eventBody = {
+        subject,
+        start: { dateTime: start, timeZone: timezone },
+        end: { dateTime: end, timeZone: timezone },
+        isAllDay,
+    };
+    if (body !== undefined) {
+        eventBody.body = { contentType: bodyContentType, content: body };
+    }
+    if (location !== undefined) {
+        eventBody.location = { displayName: location };
+    }
+    if (attendees.length > 0) {
+        eventBody.attendees = attendees.map((a) => ({
+            emailAddress: a.name ? { address: a.email, name: a.name } : { address: a.email },
+            type: a.type ?? "required",
+        }));
+    }
+    const apiPath = calendarId
+        ? `/me/calendars/${encodeURIComponent(calendarId)}/events`
+        : "/me/events";
+    const created = await graph.api(apiPath).post(eventBody);
+    const summary = summarizeEvent(created);
+    return {
+        content: [{ type: "text", text: JSON.stringify({ created: summary }, null, 2) }],
+    };
+};
+export const createEventTool = { definition, handler };
+//# sourceMappingURL=create_event.js.map

package/dist/tools/create_event.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create_event.js","sourceRoot":"","sources":["../../src/tools/create_event.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAIH,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EACL,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAGhC,MAAM,kBAAkB,GAAG,CAAC,MAAM,EAAE,MAAM,CAAU,CAAC;AAGrD,MAAM,cAAc,GAAG,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,CAAU,CAAC;AASrE,MAAM,UAAU,GAAmB;IACjC,IAAI,EAAE,yBAAyB;IAC/B,WAAW,EACT,0MAA0M;IAC5M,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE;YACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wBAAwB,EAAE;YAClE,KAAK,EAAE;gBACL,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,+CAA+C;aAC7D;YACD,GAAG,EAAE;gBACH,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,qCAAqC;aACnD;YACD,QAAQ,EAAE;gBACR,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,qEAAqE;aACnF;YACD,IAAI,EAAE;gBACJ,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,kDAAkD;aAChE;YACD,iBAAiB,EAAE;gBACjB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;gBACtB,WAAW,EAAE,qCAAqC;aACnD;YACD,QAAQ,EAAE;gBACR,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,6CAA6C;aAC3D;YACD,SAAS,EAAE;gBACT,IAAI,EAAE,OAAO;gBACb,WAAW,EAAE,8FAA8F;gBAC3G,KAAK,EAAE;oBACL,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACxB,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC,EAAE;qBACrE;oBACD,QAAQ,EAAE,CAAC,OAAO,CAAC;iBACpB;aACF;YACD,UAAU,EAAE;gBACV,IAAI,EAAE,SAAS;gBACf,WAAW,EAAE,wCAAwC;aACtD;YACD,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,oFAAoF;aAClG;SACF;QACD,QAAQ,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC;KACtC;CACF,CAAC;AAEF,SAAS,iBAAiB,CAAC,KAAc;IACvC,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IACrD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QAC1B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,sBAAsB,CAAC,CAAC;QACzD,CAAC;QACD,MAAM,CAAC,GAAG,GAA8B,CAAC;QACzC,MAAM,KAAK,GAAG,sBAAsB,CAAC,CAAC,CAAC,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC;QACvE,MAAM,IAAI,GAAG,sBAAsB,CAAC,CAAC,CAAC,IAAI,EAAE,aAAa,CAAC,QAAQ,CAAC,CAAC;QACpE,MAAM,IAAI,GAAG,oBAAoB,CAC/B,CAAC,CAAC,IAAI,EACN,aAAa,CAAC,QAAQ,EACtB,cAAc,EACd,UAAU,CACX,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAC/B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,OAAO,GAAgB,KAAK,EAChC,KAAa,EACb,IAA6B,EACN,EAAE;IACzB,MAAM,OAAO,GAAG,sBAAsB,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAChE,MAAM,KAAK,GAAG,uBAAuB,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,uBAAuB,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,sBAAsB,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,KAAK,CAAC;IAC5E,MAAM,IAAI,GAAG,sBAAsB,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACvD,MAAM,eAAe,GAAG,oBAAoB,CAC1C,IAAI,CAAC,iBAAiB,EACtB,mBAAmB,EACnB,kBAAkB,EAClB,MAAM,CACP,CAAC;IACF,MAAM,QAAQ,GAAG,sBAAsB,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACnE,MAAM,SAAS,GAAG,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,KAAK,IAAI,CAAC;IAC1C,MAAM,UAAU,GAAG,sBAAsB,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IAE3E,MAAM,SAAS,GAA4B;QACzC,OAAO;QACP,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE;QAC9C,GAAG,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE;QAC1C,QAAQ;KACT,CAAC;IAEF,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,SAAS,CAAC,IAAI,GAAG,EAAE,WAAW,EAAE,eAAe,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACnE,CAAC;IACD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,SAAS,CAAC,QAAQ,GAAG,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC;IACjD,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,SAAS,CAAC,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC1C,YAAY,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,KAAK,EAAE;YAChF,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,UAAU;SAC3B,CAAC,CAAC,CAAC;IACN,CAAC;IAED,MAAM,OAAO,GAAG,UAAU;QACxB,CAAC,CAAC,iBAAiB,kBAAkB,CAAC,UAAU,CAAC,SAAS;QAC1D,CAAC,CAAC,YAAY,CAAC;IAEjB,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IAExC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;KACjF,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAS,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC"}

package/dist/tools/decline_event.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Tool: m365-graph:decline_event
+ *
+ * Decline an event the user is invited to (as an attendee — not as
+ * organizer). Sends a decline notification to the organizer.
+ *
+ * For events the user *organizes*, use `cancel_event` instead.
+ *
+ * Two-phase spec/approval pattern (same as delete_file +
+ * cancel_event): 1st call returns event preview + confirmation_token,
+ * 2nd call (with same args + token) executes POST
+ * `/me/events/{id}/decline`.
+ *
+ * Required Graph scope: `Calendars.ReadWrite` (delegated).
+ */
+import type { Tool } from "../types/tool.js";
+export declare const declineEventTool: Tool;
+//# sourceMappingURL=decline_event.d.ts.map

package/dist/tools/decline_event.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decline_event.d.ts","sourceRoot":"","sources":["../../src/tools/decline_event.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAaH,OAAO,KAAK,EAAE,IAAI,EAA6C,MAAM,kBAAkB,CAAC;AAiHxF,eAAO,MAAM,gBAAgB,EAAE,IAA8B,CAAC"}

package/dist/tools/decline_event.js

@@ -0,0 +1,105 @@
+/**
+ * Tool: m365-graph:decline_event
+ *
+ * Decline an event the user is invited to (as an attendee — not as
+ * organizer). Sends a decline notification to the organizer.
+ *
+ * For events the user *organizes*, use `cancel_event` instead.
+ *
+ * Two-phase spec/approval pattern (same as delete_file +
+ * cancel_event): 1st call returns event preview + confirmation_token,
+ * 2nd call (with same args + token) executes POST
+ * `/me/events/{id}/decline`.
+ *
+ * Required Graph scope: `Calendars.ReadWrite` (delegated).
+ */
+import { consumeConfirmation, issueConfirmation, } from "../auth/confirmation_tokens.js";
+import { summarizeEvent } from "./list_events.js";
+import { validateOptionalString, validateRequiredString, } from "../types/validators.js";
+const TOOL_NAME = "m365-graph:decline_event";
+const definition = {
+    name: TOOL_NAME,
+    description: "Decline an event the user is invited to (as attendee). Sends a decline RSVP to the organizer. Two-phase: first call returns event preview + confirmation_token, second call executes. For events the user organizes, use cancel_event instead.",
+    inputSchema: {
+        type: "object",
+        properties: {
+            event_id: { type: "string", description: "Event to decline." },
+            comment: {
+                type: "string",
+                description: "Optional comment included in the decline notification sent to the organizer.",
+            },
+            send_response: {
+                type: "boolean",
+                description: "Whether to send a decline notice to the organizer (default true). If false, the decline is silent — organizer does not see a notification.",
+            },
+            confirmation_token: {
+                type: "string",
+                description: "Omit on the first call (preview mode). Include the token from the preview to execute the decline.",
+            },
+        },
+        required: ["event_id"],
+    },
+};
+const handler = async (graph, args) => {
+    const eventId = validateRequiredString(args.event_id, "event_id");
+    const comment = validateOptionalString(args.comment, "comment");
+    const confirmationToken = validateOptionalString(args.confirmation_token, "confirmation_token");
+    // sendResponse default true (Graph default + matches user expectation
+    // of "I declined, the organizer should know"). To suppress: pass
+    // explicit false.
+    const sendResponse = args.send_response === false ? false : true;
+    // Spec includes everything that affects what the action does.
+    const spec = { event_id: eventId, send_response: sendResponse };
+    if (comment !== undefined)
+        spec.comment = comment;
+    const apiPath = `/me/events/${encodeURIComponent(eventId)}`;
+    // ---------- Phase 1: preview ----------
+    if (!confirmationToken) {
+        const event = (await graph.api(apiPath).get());
+        const summary = summarizeEvent(event);
+        const issued = issueConfirmation(TOOL_NAME, spec);
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: JSON.stringify({
+                        preview: {
+                            event: summary,
+                            decline_comment: comment ?? null,
+                            send_response: sendResponse,
+                            ...issued,
+                            instructions: `Re-call ${TOOL_NAME} with the SAME args (event_id, send_response${comment ? ", comment" : ""}) ` +
+                                `plus this confirmation_token to send the decline.`,
+                        },
+                    }, null, 2),
+                },
+            ],
+        };
+    }
+    // ---------- Phase 2: execute ----------
+    const verdict = consumeConfirmation(confirmationToken, TOOL_NAME, spec);
+    if (!verdict.ok) {
+        throw new Error(`Refusing to decline: confirmation_token ${verdict.error}. ` +
+            `Re-run without confirmation_token to get a fresh preview + token.`);
+    }
+    const declineBody = { sendResponse };
+    if (comment !== undefined)
+        declineBody.comment = comment;
+    await graph.api(`${apiPath}/decline`).post(declineBody);
+    return {
+        content: [
+            {
+                type: "text",
+                text: JSON.stringify({
+                    declined: { event_id: eventId, send_response: sendResponse },
+                    note: "POST /events/{id}/decline executed. " +
+                        (sendResponse
+                            ? "Decline notice sent to the organizer."
+                            : "Decline was silent — organizer not notified."),
+                }, null, 2),
+            },
+        ],
+    };
+};
+export const declineEventTool = { definition, handler };
+//# sourceMappingURL=decline_event.js.map

package/dist/tools/decline_event.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decline_event.js","sourceRoot":"","sources":["../../src/tools/decline_event.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,OAAO,EACL,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,gCAAgC,CAAC;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAGhC,MAAM,SAAS,GAAG,0BAA0B,CAAC;AAE7C,MAAM,UAAU,GAAmB;IACjC,IAAI,EAAE,SAAS;IACf,WAAW,EACT,gPAAgP;IAClP,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE;YACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mBAAmB,EAAE;YAC9D,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,8EAA8E;aAC5F;YACD,aAAa,EAAE;gBACb,IAAI,EAAE,SAAS;gBACf,WAAW,EACT,4IAA4I;aAC/I;YACD,kBAAkB,EAAE;gBAClB,IAAI,EAAE,QAAQ;gBACd,WAAW,EACT,mGAAmG;aACtG;SACF;QACD,QAAQ,EAAE,CAAC,UAAU,CAAC;KACvB;CACF,CAAC;AAEF,MAAM,OAAO,GAAgB,KAAK,EAChC,KAAa,EACb,IAA6B,EACN,EAAE;IACzB,MAAM,OAAO,GAAG,sBAAsB,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAClE,MAAM,OAAO,GAAG,sBAAsB,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAChE,MAAM,iBAAiB,GAAG,sBAAsB,CAAC,IAAI,CAAC,kBAAkB,EAAE,oBAAoB,CAAC,CAAC;IAChG,sEAAsE;IACtE,iEAAiE;IACjE,kBAAkB;IAClB,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;IAEjE,8DAA8D;IAC9D,MAAM,IAAI,GAA4B,EAAE,QAAQ,EAAE,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC;IACzF,IAAI,OAAO,KAAK,SAAS;QAAE,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IAElD,MAAM,OAAO,GAAG,cAAc,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;IAE5D,yCAAyC;IACzC,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,CAAC,MAAM,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAA4B,CAAC;QAC1E,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAClD,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;wBACE,OAAO,EAAE;4BACP,KAAK,EAAE,OAAO;4BACd,eAAe,EAAE,OAAO,IAAI,IAAI;4BAChC,aAAa,EAAE,YAAY;4BAC3B,GAAG,MAAM;4BACT,YAAY,EACV,WAAW,SAAS,+CAA+C,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,IAAI;gCACjG,mDAAmD;yBACtD;qBACF,EACD,IAAI,EACJ,CAAC,CACF;iBACF;aACF;SACF,CAAC;IACJ,CAAC;IAED,yCAAyC;IACzC,MAAM,OAAO,GAAG,mBAAmB,CAAC,iBAAiB,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;IACxE,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,2CAA2C,OAAO,CAAC,KAAK,IAAI;YAC1D,mEAAmE,CACtE,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAA4B,EAAE,YAAY,EAAE,CAAC;IAC9D,IAAI,OAAO,KAAK,SAAS;QAAE,WAAW,CAAC,OAAO,GAAG,OAAO,CAAC;IAEzD,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,OAAO,UAAU,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAExD,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;oBACE,QAAQ,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE;oBAC5D,IAAI,EACF,sCAAsC;wBACtC,CAAC,YAAY;4BACX,CAAC,CAAC,uCAAuC;4BACzC,CAAC,CAAC,8CAA8C,CAAC;iBACtD,EACD,IAAI,EACJ,CAAC,CACF;aACF;SACF;KACF,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAS,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC"}

package/dist/tools/delete_file.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Tool: m365-graph:delete_file
+ *
+ * Delete a file or folder. Two-phase spec/approval pattern per
+ * handbook ADR 0002 § Delete-class operations:
+ *
+ *   Call 1 (no confirmation_token):
+ *     - Tool fetches item metadata for preview.
+ *     - Issues a confirmation_token tied to the spec
+ *       {item_id, drive_id} and to this tool name.
+ *     - Returns the preview + token + expiry hint.
+ *
+ *   Call 2 (with confirmation_token):
+ *     - Tool verifies the token (exists, not expired, tied to this
+ *       tool, spec matches).
+ *     - DELETEs the item.
+ *     - Consumes the token (single-use).
+ *
+ * The pattern means a deletion can never happen from a single
+ * agent/LLM message — the agent must explicitly review the preview
+ * and decide to proceed. Defense against accidental destructive
+ * actions in long agent loops.
+ *
+ * Required Graph scope: `Files.ReadWrite` (delegated).
+ */
+import type { Tool } from "../types/tool.js";
+export declare const deleteFileTool: Tool;
+//# sourceMappingURL=delete_file.d.ts.map

package/dist/tools/delete_file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"delete_file.d.ts","sourceRoot":"","sources":["../../src/tools/delete_file.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAYH,OAAO,KAAK,EAAE,IAAI,EAA6C,MAAM,kBAAkB,CAAC;AAgHxF,eAAO,MAAM,cAAc,EAAE,IAA8B,CAAC"}

package/dist/tools/delete_file.js

@@ -0,0 +1,103 @@
+/**
+ * Tool: m365-graph:delete_file
+ *
+ * Delete a file or folder. Two-phase spec/approval pattern per
+ * handbook ADR 0002 § Delete-class operations:
+ *
+ *   Call 1 (no confirmation_token):
+ *     - Tool fetches item metadata for preview.
+ *     - Issues a confirmation_token tied to the spec
+ *       {item_id, drive_id} and to this tool name.
+ *     - Returns the preview + token + expiry hint.
+ *
+ *   Call 2 (with confirmation_token):
+ *     - Tool verifies the token (exists, not expired, tied to this
+ *       tool, spec matches).
+ *     - DELETEs the item.
+ *     - Consumes the token (single-use).
+ *
+ * The pattern means a deletion can never happen from a single
+ * agent/LLM message — the agent must explicitly review the preview
+ * and decide to proceed. Defense against accidental destructive
+ * actions in long agent loops.
+ *
+ * Required Graph scope: `Files.ReadWrite` (delegated).
+ */
+import { consumeConfirmation, issueConfirmation, } from "../auth/confirmation_tokens.js";
+import { validateOptionalString, validateRequiredString, } from "../types/validators.js";
+const TOOL_NAME = "m365-graph:delete_file";
+const definition = {
+    name: TOOL_NAME,
+    description: "Delete a file or folder. Two-phase: first call returns a preview + confirmation_token; second call (with the token + same args) executes the delete. Token is single-use, expires in 5 minutes, and tied to the exact spec — passing a different item_id with someone else's token fails.",
+    inputSchema: {
+        type: "object",
+        properties: {
+            item_id: { type: "string", description: "Item to delete." },
+            drive_id: { type: "string", description: "Optional drive ID. Defaults to /me/drive." },
+            confirmation_token: {
+                type: "string",
+                description: "Omit on the first call (preview mode). Include the token returned by the preview call to execute the delete.",
+            },
+        },
+        required: ["item_id"],
+    },
+};
+function summarizePreview(item) {
+    const folder = item.folder !== undefined;
+    const parent = item.parentReference;
+    return {
+        id: String(item.id ?? ""),
+        name: String(item.name ?? ""),
+        type: folder ? "folder" : "file",
+        size: Number(item.size ?? 0),
+        parent_path: parent?.path ?? null,
+        webUrl: String(item.webUrl ?? ""),
+    };
+}
+const handler = async (graph, args) => {
+    const itemId = validateRequiredString(args.item_id, "item_id");
+    const driveId = validateOptionalString(args.drive_id, "drive_id");
+    const confirmationToken = validateOptionalString(args.confirmation_token, "confirmation_token");
+    const drivePath = driveId
+        ? `/drives/${encodeURIComponent(driveId)}`
+        : "/me/drive";
+    const apiPath = `${drivePath}/items/${encodeURIComponent(itemId)}`;
+    const spec = { item_id: itemId };
+    if (driveId !== undefined)
+        spec.drive_id = driveId;
+    // ---------- Phase 1: preview ----------
+    if (!confirmationToken) {
+        const item = (await graph.api(apiPath).get());
+        const summary = summarizePreview(item);
+        const issued = issueConfirmation(TOOL_NAME, spec);
+        const preview = {
+            item: summary,
+            ...issued,
+            instructions: `Re-call ${TOOL_NAME} with the SAME args (item_id${driveId ? ", drive_id" : ""}) ` +
+                `plus this confirmation_token to execute the delete.`,
+        };
+        return {
+            content: [{ type: "text", text: JSON.stringify({ preview }, null, 2) }],
+        };
+    }
+    // ---------- Phase 2: execute ----------
+    const verdict = consumeConfirmation(confirmationToken, TOOL_NAME, spec);
+    if (!verdict.ok) {
+        throw new Error(`Refusing to delete: confirmation_token ${verdict.error}. ` +
+            `Re-run without confirmation_token to get a fresh preview + token.`);
+    }
+    await graph.api(apiPath).delete();
+    return {
+        content: [
+            {
+                type: "text",
+                text: JSON.stringify({
+                    deleted: { item_id: itemId, drive_id: driveId ?? null },
+                    note: "DELETE executed against Graph. The item may be recoverable from the user's recycle bin (default 30-day retention).",
+                }, null, 2),
+            },
+        ],
+    };
+};
+export const deleteFileTool = { definition, handler };
+//# sourceMappingURL=delete_file.js.map

package/dist/tools/delete_file.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"delete_file.js","sourceRoot":"","sources":["../../src/tools/delete_file.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAIH,OAAO,EACL,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAGhC,MAAM,SAAS,GAAG,wBAAwB,CAAC;AAE3C,MAAM,UAAU,GAAmB;IACjC,IAAI,EAAE,SAAS;IACf,WAAW,EACT,2RAA2R;IAC7R,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE;YACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;YAC3D,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2CAA2C,EAAE;YACtF,kBAAkB,EAAE;gBAClB,IAAI,EAAE,QAAQ;gBACd,WAAW,EACT,8GAA8G;aACjH;SACF;QACD,QAAQ,EAAE,CAAC,SAAS,CAAC;KACtB;CACF,CAAC;AAiBF,SAAS,gBAAgB,CAAC,IAA6B;IACrD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC;IACzC,MAAM,MAAM,GAAG,IAAI,CAAC,eAAsD,CAAC;IAC3E,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC;QACzB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;QAC7B,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM;QAChC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC;QAC5B,WAAW,EAAG,MAAM,EAAE,IAA2B,IAAI,IAAI;QACzD,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC;KAClC,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,GAAgB,KAAK,EAChC,KAAa,EACb,IAA6B,EACN,EAAE;IACzB,MAAM,MAAM,GAAG,sBAAsB,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAC/D,MAAM,OAAO,GAAG,sBAAsB,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAClE,MAAM,iBAAiB,GAAG,sBAAsB,CAAC,IAAI,CAAC,kBAAkB,EAAE,oBAAoB,CAAC,CAAC;IAEhG,MAAM,SAAS,GAAG,OAAO;QACvB,CAAC,CAAC,WAAW,kBAAkB,CAAC,OAAO,CAAC,EAAE;QAC1C,CAAC,CAAC,WAAW,CAAC;IAChB,MAAM,OAAO,GAAG,GAAG,SAAS,UAAU,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC;IAEnE,MAAM,IAAI,GAA4B,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAC1D,IAAI,OAAO,KAAK,SAAS;QAAE,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAEnD,yCAAyC;IACzC,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAA4B,CAAC;QACzE,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAClD,MAAM,OAAO,GAAkB;YAC7B,IAAI,EAAE,OAAO;YACb,GAAG,MAAM;YACT,YAAY,EACV,WAAW,SAAS,+BAA+B,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,IAAI;gBAClF,qDAAqD;SACxD,CAAC;QACF,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;SACxE,CAAC;IACJ,CAAC;IAED,yCAAyC;IACzC,MAAM,OAAO,GAAG,mBAAmB,CAAC,iBAAiB,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;IACxE,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,0CAA0C,OAAO,CAAC,KAAK,IAAI;YACzD,mEAAmE,CACtE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC;IAElC,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;oBACE,OAAO,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,IAAI,IAAI,EAAE;oBACvD,IAAI,EAAE,oHAAoH;iBAC3H,EACD,IAAI,EACJ,CAAC,CACF;aACF;SACF;KACF,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAAS,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC"}

package/dist/tools/download_file.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Tool: m365-graph:download_file
+ *
+ * Download a file from a drive to a per-tenant local sandbox directory,
+ * returning the local path. The agent can then read the file via any
+ * filesystem-aware MCP (or the agent's built-in file ops) — this tool
+ * does not return the file content directly.
+ *
+ * Why path return, not content:
+ *   - Files can be large (handbook spec § Performance: 200 MB cap).
+ *   - MCP responses are JSON-typed; binary content via base64 inflates
+ *     by 33% and stresses the agent's context.
+ *   - Composability: M365-aware fetch + provider-agnostic read are
+ *     two concerns that cleanly separate.
+ *
+ * Sandboxing (handbook spec § Sandboxing + anti-pattern #1):
+ *   - All downloads land under <sandbox-root>/<tenant-id>/ where the
+ *     filename is constructed as <sha256(item_id)[:16]>-<sanitized name>.
+ *     The local filename is server-controlled, NOT derived from
+ *     caller-supplied paths. Path injection is structurally impossible.
+ *   - sandbox-root is M365_DOWNLOAD_DIR (env), or
+ *     $XDG_CACHE_HOME/m365-graph-mcp-server, or ~/.cache/m365-graph-mcp-server.
+ *   - 0o700 dir mode + 0o600 file mode (defense-in-depth on shared hosts).
+ *   - Resolved path is verified to start with the sandbox root before
+ *     writing — an extra check on top of the structurally-safe naming.
+ *
+ * Size cap: 200 MB (handbook spec § Performance characteristics). Item
+ * size is fetched via `/items/{id}` metadata BEFORE downloading; the
+ * tool refuses to stream large files.
+ *
+ * Streaming: the actual download streams from the Graph CDN
+ * (@microsoft.graph.downloadUrl is a pre-signed Akamai URL — no Graph
+ * auth needed for the bytes themselves). Streamed via fetch + Node
+ * streams pipeline (no whole-file buffering — handbook anti-pattern #11).
+ *
+ * Required Graph scope: `Files.Read` (delegated). Read-only on the
+ * cloud side; writes only to the sandbox locally.
+ */
+import type { Tool } from "../types/tool.js";
+export declare function getSandboxRoot(tenantId: string): string;
+export declare function deriveSafeLocalPath(sandboxRoot: string, itemId: string, originalName: string): string;
+export declare const downloadFileTool: Tool;
+//# sourceMappingURL=download_file.d.ts.map

package/dist/tools/download_file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"download_file.d.ts","sourceRoot":"","sources":["../../src/tools/download_file.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAiBH,OAAO,KAAK,EAAE,IAAI,EAA6C,MAAM,kBAAkB,CAAC;AA2BxF,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAQvD;AAED,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM,CAWrG;AAgED,eAAO,MAAM,gBAAgB,EAAE,IAA8B,CAAC"}

package/dist/tools/download_file.js

@@ -0,0 +1,133 @@
+/**
+ * Tool: m365-graph:download_file
+ *
+ * Download a file from a drive to a per-tenant local sandbox directory,
+ * returning the local path. The agent can then read the file via any
+ * filesystem-aware MCP (or the agent's built-in file ops) — this tool
+ * does not return the file content directly.
+ *
+ * Why path return, not content:
+ *   - Files can be large (handbook spec § Performance: 200 MB cap).
+ *   - MCP responses are JSON-typed; binary content via base64 inflates
+ *     by 33% and stresses the agent's context.
+ *   - Composability: M365-aware fetch + provider-agnostic read are
+ *     two concerns that cleanly separate.
+ *
+ * Sandboxing (handbook spec § Sandboxing + anti-pattern #1):
+ *   - All downloads land under <sandbox-root>/<tenant-id>/ where the
+ *     filename is constructed as <sha256(item_id)[:16]>-<sanitized name>.
+ *     The local filename is server-controlled, NOT derived from
+ *     caller-supplied paths. Path injection is structurally impossible.
+ *   - sandbox-root is M365_DOWNLOAD_DIR (env), or
+ *     $XDG_CACHE_HOME/m365-graph-mcp-server, or ~/.cache/m365-graph-mcp-server.
+ *   - 0o700 dir mode + 0o600 file mode (defense-in-depth on shared hosts).
+ *   - Resolved path is verified to start with the sandbox root before
+ *     writing — an extra check on top of the structurally-safe naming.
+ *
+ * Size cap: 200 MB (handbook spec § Performance characteristics). Item
+ * size is fetched via `/items/{id}` metadata BEFORE downloading; the
+ * tool refuses to stream large files.
+ *
+ * Streaming: the actual download streams from the Graph CDN
+ * (@microsoft.graph.downloadUrl is a pre-signed Akamai URL — no Graph
+ * auth needed for the bytes themselves). Streamed via fetch + Node
+ * streams pipeline (no whole-file buffering — handbook anti-pattern #11).
+ *
+ * Required Graph scope: `Files.Read` (delegated). Read-only on the
+ * cloud side; writes only to the sandbox locally.
+ */
+import { createWriteStream } from "node:fs";
+import { mkdir } from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+import crypto from "node:crypto";
+import { Readable } from "node:stream";
+import { pipeline } from "node:stream/promises";
+import { sanitizeFilename, validateOptionalString, validateRequiredString, } from "../types/validators.js";
+const MAX_FILE_SIZE_BYTES = 200 * 1024 * 1024; // 200 MB per handbook spec
+const SANDBOX_DIR_MODE = 0o700;
+const SANDBOX_FILE_MODE = 0o600;
+const definition = {
+    name: "m365-graph:download_file",
+    description: "Download a file from a drive to a local sandbox directory. Returns the local path, not the file content — agents read the file via a filesystem-aware tool. Size is capped at 200 MB. Read-only on the cloud side.",
+    inputSchema: {
+        type: "object",
+        properties: {
+            item_id: {
+                type: "string",
+                description: "ID of the file to download. Obtain from list_items or search_files. Folders are rejected (no content).",
+            },
+            drive_id: {
+                type: "string",
+                description: "Optional drive ID. Defaults to the user's primary OneDrive.",
+            },
+        },
+        required: ["item_id"],
+    },
+};
+export function getSandboxRoot(tenantId) {
+    const override = process.env.M365_DOWNLOAD_DIR;
+    if (override)
+        return path.resolve(override, tenantId);
+    const xdg = process.env.XDG_CACHE_HOME;
+    if (xdg)
+        return path.resolve(xdg, "m365-graph-mcp-server", tenantId);
+    return path.resolve(os.homedir(), ".cache", "m365-graph-mcp-server", tenantId);
+}
+export function deriveSafeLocalPath(sandboxRoot, itemId, originalName) {
+    const itemHash = crypto.createHash("sha256").update(itemId).digest("hex").slice(0, 16);
+    const safe = sanitizeFilename(originalName);
+    const filename = `${itemHash}-${safe}`;
+    const resolved = path.resolve(sandboxRoot, filename);
+    // Defense-in-depth even though the filename is server-constructed.
+    if (!resolved.startsWith(sandboxRoot + path.sep) && resolved !== sandboxRoot) {
+        throw new Error(`Refusing to write outside sandbox: ${resolved}`);
+    }
+    return resolved;
+}
+const handler = async (graph, args) => {
+    const itemId = validateRequiredString(args.item_id, "item_id");
+    const driveId = validateOptionalString(args.drive_id, "drive_id");
+    const driveRoot = driveId ? `/drives/${encodeURIComponent(driveId)}` : "/me/drive";
+    const item = await graph.api(`${driveRoot}/items/${encodeURIComponent(itemId)}`).get();
+    if (item.folder !== undefined) {
+        throw new Error(`Item ${itemId} is a folder, not a file — refusing to download.`);
+    }
+    const size = Number(item.size ?? 0);
+    if (size > MAX_FILE_SIZE_BYTES) {
+        throw new Error(`File size (${size} bytes) exceeds the 200 MB cap. Refusing to download.`);
+    }
+    const downloadUrl = item["@microsoft.graph.downloadUrl"];
+    if (!downloadUrl) {
+        throw new Error("No @microsoft.graph.downloadUrl in item metadata — Graph returned an unexpected shape.");
+    }
+    const tenantId = process.env.M365_TENANT_ID ?? "unknown";
+    const sandboxRoot = getSandboxRoot(tenantId);
+    await mkdir(sandboxRoot, { recursive: true, mode: SANDBOX_DIR_MODE });
+    const localPath = deriveSafeLocalPath(sandboxRoot, itemId, String(item.name ?? "file"));
+    const response = await fetch(downloadUrl);
+    if (!response.ok) {
+        throw new Error(`Download HTTP ${response.status}: ${response.statusText}`);
+    }
+    if (!response.body) {
+        throw new Error("Download response has no body stream.");
+    }
+    const out = createWriteStream(localPath, { mode: SANDBOX_FILE_MODE });
+    // Node 20+ Web→Node stream interop. The `as ReadableStream` cast is
+    // because node:stream's Readable.fromWeb expects the Node-bundled
+    // ReadableStream, but undici's fetch returns the same shape.
+    await pipeline(Readable.fromWeb(response.body), out);
+    const result = {
+        item_id: itemId,
+        drive_id: driveId ?? null,
+        local_path: localPath,
+        size_bytes: size,
+        name: String(item.name ?? ""),
+        content_type: item.file?.mimeType ?? null,
+    };
+    return {
+        content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
+    };
+};
+export const downloadFileTool = { definition, handler };
+//# sourceMappingURL=download_file.js.map

package/dist/tools/download_file.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"download_file.js","sourceRoot":"","sources":["../../src/tools/download_file.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACzC,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAIhD,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAGhC,MAAM,mBAAmB,GAAG,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,2BAA2B;AAC1E,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAC/B,MAAM,iBAAiB,GAAG,KAAK,CAAC;AAEhC,MAAM,UAAU,GAAmB;IACjC,IAAI,EAAE,0BAA0B;IAChC,WAAW,EACT,oNAAoN;IACtN,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE;YACV,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EACT,wGAAwG;aAC3G;YACD,QAAQ,EAAE;gBACR,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,6DAA6D;aAC3E;SACF;QACD,QAAQ,EAAE,CAAC,SAAS,CAAC;KACtB;CACF,CAAC;AAEF,MAAM,UAAU,cAAc,CAAC,QAAgB;IAC7C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IAC/C,IAAI,QAAQ;QAAE,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAEtD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IACvC,IAAI,GAAG;QAAE,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,uBAAuB,EAAE,QAAQ,CAAC,CAAC;IAErE,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,uBAAuB,EAAE,QAAQ,CAAC,CAAC;AACjF,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,WAAmB,EAAE,MAAc,EAAE,YAAoB;IAC3F,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvF,MAAM,IAAI,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAC;IAC5C,MAAM,QAAQ,GAAG,GAAG,QAAQ,IAAI,IAAI,EAAE,CAAC;IACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAErD,mEAAmE;IACnE,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;QAC7E,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,OAAO,GAAgB,KAAK,EAChC,KAAa,EACb,IAA6B,EACN,EAAE;IACzB,MAAM,MAAM,GAAG,sBAAsB,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAC/D,MAAM,OAAO,GAAG,sBAAsB,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAElE,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,CAAC,WAAW,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;IACnF,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,SAAS,UAAU,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC;IAEvF,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,QAAQ,MAAM,kDAAkD,CAAC,CAAC;IACpF,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;IACpC,IAAI,IAAI,GAAG,mBAAmB,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CACb,cAAc,IAAI,uDAAuD,CAC1E,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,8BAA8B,CAAuB,CAAC;IAC/E,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,wFAAwF,CACzF,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,SAAS,CAAC;IACzD,MAAM,WAAW,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;IAC7C,MAAM,KAAK,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC;IAEtE,MAAM,SAAS,GAAG,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,CAAC,CAAC;IAExF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,CAAC;IAC1C,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,iBAAiB,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,GAAG,GAAG,iBAAiB,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC,CAAC;IACtE,oEAAoE;IACpE,kEAAkE;IAClE,6DAA6D;IAC7D,MAAM,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAa,CAAC,EAAE,GAAG,CAAC,CAAC;IAE9D,MAAM,MAAM,GAAG;QACb,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,OAAO,IAAI,IAAI;QACzB,UAAU,EAAE,SAAS;QACrB,UAAU,EAAE,IAAI;QAChB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;QAC7B,YAAY,EAAG,IAAI,CAAC,IAA4C,EAAE,QAAQ,IAAI,IAAI;KACnF,CAAC;IAEF,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;KACnE,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAS,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC"}

package/dist/tools/get_event.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Tool: m365-graph:get_event
+ *
+ * Fetch a single event's full detail (including the full body,
+ * attendees with response statuses, location, recurrence rule for
+ * series masters). Wraps Graph `/me/events/{id}`.
+ *
+ * Required Graph scope: `Calendars.Read` (delegated). Read-only.
+ *
+ * Input:
+ *   event_id  (string, required) — id from list_events / search_events
+ *
+ * Output: full event summary plus `body` (the long-form HTML/text
+ * preview, capped) and `recurrence` (the recurrence rule if any).
+ */
+import { summarizeEvent } from "./list_events.js";
+import type { Tool } from "../types/tool.js";
+interface FullEvent extends ReturnType<typeof summarizeEvent> {
+    body_content_type: string;
+    body: string;
+    body_truncated: boolean;
+    recurrence: unknown;
+}
+export declare function expandEvent(event: Record<string, unknown>): FullEvent;
+export declare const getEventTool: Tool;
+export {};
+//# sourceMappingURL=get_event.d.ts.map