@sassoftware/sas-score-mcp-serverjs 0.1.0 → 0.2.1-0

package/.env

@@ -1,9 +1,16 @@
 
 PORT=8080
-HTTPS=TRUE
+HTTPS=true
 MCPTYPE=http
+USELOGON=FALSE
+USETOKEN=TRUE
+APPNAME=mcpserver
+APPHOST=localhost
+APPPORT=8080
+    
+CLIENTID=mcpserver
+CLIENTSECRET=jellico
 
-# Sample values shown below
 AUTHFLOW=sascli
 SAS_CLI_PROFILE=00m
 SAS_CLI_CONFIG=c:\Users\kumar
@@ -11,4 +18,6 @@ SSLCERT=c:\Users\kumar\.tls
 VIYACERT=c:\Users\kumar\viyaCert
 CAS_SERVER=cas-shared-default
 COMPUTECONTEXT=SAS Job Execution compute context
+SAMESITE=Lax,false
+AUTOSTART=TRUE
 

package/CHANGES.md

@@ -1,2 +1,8 @@
 # Changes
 All notable changes to this project will be documented in this file in accordance with semantic versioning.
+
+## V 0.2.0
+
+1. Added support for authorization_code flow.(AUTHFLOW=code)
+2. Logon dialog is auto started.
+3. Marked as experimental until further testing is completed.

package/Public/index.html

@@ -0,0 +1,70 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>sas-score-mcp-server</title>
+    <style>
+        * {
+            margin: 0;
+            padding: 0;
+            box-sizing: border-box;
+        }
+
+        body {
+            font-family: Arial, sans-serif;
+            height: 100vh;
+            overflow: hidden;
+        }
+
+        dialog {
+            position: fixed;
+            left: 50%;
+            right: auto;
+            top: 0;
+            transform: translateX(-50%);
+            width: fit-content;
+            height: fit-content;
+            border: none;
+            border-radius: 4px;
+            padding: 16px;
+            box-shadow: 0 6px 20px rgba(0, 0, 0, 0.3);
+        }
+
+        dialog::backdrop {
+            background-color: rgba(0, 0, 0, 0.1);
+        }
+
+        dialog h2 {
+            font-size: 18px;
+            margin-bottom: 12px;
+            color: #000;
+        }
+
+        dialog p {
+            font-family: 'Courier New', monospace;
+            font-size: 12px;
+            width: fit-content;
+            line-height: 1.6;
+            color: #333;
+            word-wrap: break-word;
+            white-space: pre-wrap;
+        }
+
+        /* Window styling to show it's 10px larger than dialog */
+        body::before {
+            display: none;
+        }
+    </style>
+</head>
+<body>
+    <dialog open>
+        <h2>sas-score-mcp-server</h2>
+        <p>The mcp server is now ready for use. </p>
+        <p>You can close this window</p>
+        <p>For information on the tools see this documentation link:</p>
+            <a href="https://github.com/sassoftware/sas-score-mcp-serverjs/wiki   " target="_blank">Summary of tools  </a>
+    </p>
+    </dialog>
+</body>
+</html>

package/README.md

@@ -19,10 +19,10 @@ This MCP server was developed for two types of SAS users.
 
 ### SAS users
 SAS users who want to use natural language("chat") to execute prebuilt SAS code and models.
-See this [quick reference](../sas-mcp-tools-reference.md) for details.
+See this [quick reference](sas-mcp-tools-reference.md) for details.
 
 ### MCP tool developers 
-SAS developers who want to extend the capabilities of the server with their own tools. See the [guide](../tool-developer-guide.md) for details.
+SAS developers who want to extend the capabilities of the server with their own tools. See the [guide](tool-developer-guide.md) for details.
 
 ## Configuration Variables
 Typically these are set either in the .env file or as environment variables (or both). This is full list of the configuration variables used the mcp server.
@@ -65,7 +65,7 @@ VIYA_SERVER= your Viya server url
 TOKENFILE=
 
 # if password flow specify these
-CLIENTIDPW=
+CLIENTID=
 CLIENTSECRET=
 PASSWORD=
 
@@ -130,8 +130,66 @@ Set the env TOKENFILE to a file containing the token.
 There seems to be a pattern of using a long-lived token.
 If this is your use case, set the TOKENFILE to a file containing this token.
 
-### Oauth
-This is under development.
+### Oauth - (experimental) Authentication handled by the mcp server
+
+In this approach, the mcp client does not participate in the Oauth authentication process. It is handled by the mcp server at startup.
+
+> This is marked as experimental since there can be timing issues between the mcp client and server. This needs to be investigated further.
+
+#### SAS viya setup.
+
+Create a Oauth client  with the following properties
+
+```js
+{
+  auth flow: authorization_code
+  clientid: <your client id>
+  clientsecret: <some client secret - pkce not supported at this time>
+  redirect: https://localhost:8080/mcpserver
+}
+
+#### Use an .env file as follows(sample values shown)
+
+```env
+
+PORT=8080
+HTTPS=true
+MCPTYPE=http
+USELOGON=FALSE
+USETOKEN=TRUE
+APPNAME=mcpserver
+APPHOST=localhost
+APPPORT=8080
+
+CLIENTID=mcpserver
+CLIENTSECRET=jellico
+AUTHFLOW=code
+SSLCERT=c:\Users\kumar\.tls 
+VIYACERT=c:\Users\kumar\viyaCert
+CAS_SERVER=cas-shared-default
+COMPUTECONTEXT=SAS Job Execution compute context
+SAMESITE=Lax,false
+
+```
+
+#### Usage
+
+Start the server with this command:
+
+```sh
+npx @sassoftware/sas-score-mcp-serverjs@latest
+```
+
+Then visit this site on your browser:
+
+```sh
+https://localhost:8080/mcpserver
+```
+
+You will be prompted to logon to SAS Viya.
+A dialog will be displayed if the logon was successful.
+Icon this window and proceed to your mcp client
+
 
 ## Transport Methods
 This server supports both stdio and http transport methods.
@@ -154,7 +212,7 @@ The env variables can be specified in two ways:
     "command": "npx",
     "args": [
       "-y",
-      "@sassoftware/sas-app-mcp-serverjs@latest",
+      "@sassoftware/sas-score-mcp-serverjs@latest",
     ],
     "env": {
       "MCPTYPE": "stdio",
@@ -166,8 +224,8 @@ The env variables can be specified in two ways:
       "VIYA_SERVER": "viya server if AUTHFLOW=password|token|refresh",
       "PASSWORD": "password if AUTHFLOW is password",
       "USERNAME": "username if AUTHFLOW is password",
-      "CLIENTIDPW": "client password if AUTHFLOW is password",
-      "CLIENTSECRETPW": "client id if AUTHFLOW is password",
+      "CLIENTID": "client password if AUTHFLOW is password",
+      "CLIENTSECRET": "client id if AUTHFLOW is password",
       "TOKENFILE": "file if AUTHFLOW is token",
       "COMPUTECONTEXT": "SAS Job Execution compute context",
       "CASSERVER": "cas-shared-default",
@@ -222,7 +280,7 @@ But this step is necessary of using http transport.
 
 
 ```sh
-npx @sassoftware/sas-app-mcp-serverjs@latest
+npx @sassoftware/sas-score-mcp-serverjs@latest
 ```
 
 Make sure that the .env file is in the current working directory

package/SECURITY.md

@@ -1,10 +1,7 @@
-<!-- 
-A SECURITY.md outlines your project's security policy. It includes instructions on how to report a security vulnerability in your project.
-If your project contains this file, link to it from the project's README. 
--->
 
-# PROJECT_NAME Security Policy
-<!-- Replace PROJECT_NAME with the official name of your SAS-sanctioned open source project. -->
+
+# sas-score-mcp-serverjs Security Policy
+
 Project maintainers and community contributors take security issues seriously.
 Efforts to disclose potential issues responsibly are appreciated, and viable contributions will be acknowledged. 
 To aid investigation of any reported vulnerabilities, please follow the [reporting guidelines](#reporting-guidelines) when submitting your findings.

package/cli.js

@@ -8,7 +8,9 @@
 
 
 import coreSSE from './src/coreSSE.js';
-import corehttp from './src/corehttp.js';
+import expressMcpServer from './src/expressMcpServer.js';
+import hapiMcpServer from './src/hapiMcpServer.js';
+
 import createMcpServer from './src/createMcpServer.js';
 // import dotenvExpand from 'dotenv-expand';
 import fs from 'fs';
@@ -38,7 +40,7 @@ if (process.env.ENVFILE === 'NONE') {
     let e = iconfig(envf); // avoid dotenv since it writes to console.log
     console.error('[Note]: Environment variables loaded from .env file...');
     console.error('Loaded env variables:', e);
-   // dotenvExpand.expand(e);
+    // dotenvExpand.expand(e);
   } else {
     console.error(
       '[Note]: No .env file found, Using default environment variables...'
@@ -90,14 +92,16 @@ if (process.env.SUBCLASS != null) {
 // setup base appEnv 
 // for stdio this is the _appContext
 // for http each session a copy of this as appEnvTemplate is created in corehttp
+
+// backward compability variables
+let clientID = process.env.CLIENTID || process.env.CLIENTIDPW || null;
+let clientSecret = process.env.CLIENTSECRET || process.env.CLIENTSECRETPW || null;
+let https = process.env.HTTPS != null ? process.env.HTTPS.toUpperCase() : "FALSE";
 const appEnvBase = {
   version: version,
-  mcpType: mcpType,
+  mcpType: mcpType, 
   brand: (process.env.BRAND == null) ? BRAND : process.env.BRAND,
-  HTTPS:
-    process.env.HTTPS != null && process.env.HTTPS.toUpperCase() === 'TRUE'
-      ? true
-      : false,
+  HTTPS: https,
   SAS_CLI_PROFILE: process.env.SAS_CLI_PROFILE || 'Default',
   SAS_CLI_CONFIG: process.env.SAS_CLI_CONFIG || process.env.HOME, // default to user home directory
   SSLCERT: process.env.SSLCERT || null,
@@ -108,8 +112,10 @@ const appEnvBase = {
   PORT: process.env.PORT || 8080,
   USERNAME: process.env.USERNAME || null,
   PASSWORD: process.env.PASSWORD || null,
-  CLIENTIDPW: process.env.CLIENTIDPW || null,
-  CLIENTSECRET: process.env.CLIENTSECRETPW || null,
+  CLIENTID: clientID,
+  CLIENTSECRET: clientSecret,
+  PKCE: process.env.PKCE || null,
+
   TOKEN: process.env.TOKEN || null,
   REFRESH_TOKEN: process.env.REFRESH_TOKEN || null,
   TOKENFILE: process.env.TOKENFILE || null,
@@ -136,9 +142,19 @@ const appEnvBase = {
   logonPayload: null,
   bearerToken: null,
   tlsOpts: null,
+  oauthInfo: null,
   contexts: {
+    host: process.env.VIYA_SERVER,
+    APPHOST: process.env.APPHOST || 'localhost',
+    APPNAME: process.env.APPNAME || 'mcpServer',
+    PORT: process.env.APPPORT || 8080,
+    HTTPS: https,
     store: null, /* for restaf users */
     storeConfig: {},
+    oauthInfo: null,
+    CLIENTID: clientID,
+    CLIENTSECRET: clientSecret,
+    pkce: process.env.PKCE || null,
     casSession: null, /* restaf cas session object */
     computeSession: null, /* restaf compute session object */
     viyaCert: null, /* ssl/tsl certificates to connect to viya */
@@ -192,14 +208,8 @@ if (appEnvBase.REFRESH_TOKEN != null) {
   }
 }
 
-// if authflow is cli, postpone getting logonPayload until needed
+// if authflow is cli or code, postpone getting logonPayload until needed
 
-/*
-if(appEnvBase.AUTHFLOW ==='sascli') {
-  let logonPayload = await getLogonPayload(appEnvBase);
-  appEnvBase.logonPayload = logonPayload;
-}
-  */
 
 // setup mcpServer (both http and stdio use this)
 // this is singleton - best practices recommend this
@@ -216,6 +226,7 @@ sessionCache.set('transports', transports);
 
 // set this for stdio transport use
 // dummy sessionId for use in the tools  
+let useHapi = process.env.AUTHFLOW === 'code' ? true : false;
 if (mcpType === 'stdio') {
   let sessionId = randomUUID();
   sessionCache.set('currentId', sessionId);
@@ -226,31 +237,36 @@ if (mcpType === 'stdio') {
 
 } else {
   console.error('[Note] Starting HTTP MCP server...');
-  await corehttp(mcpServer, sessionCache, appEnvBase);
-  console.error('[Note] MCP HTTP server started on port ' + appEnvBase.PORT);
+  if (useHapi === true) {
+    await hapiMcpServer(mcpServer, sessionCache, appEnvBase);
+    console.error('[Note] Using HAPI HTTP server...')
+  } else {
+    await expressMcpServer(mcpServer, sessionCache, appEnvBase);
+    console.error('[Note] MCP HTTP server started on port ' + appEnvBase.PORT);
+  }
 }
 
 // custom reader for .env file to avoid dotenv logging to console
 function iconfig(envFile) {
-	try {
-		let data = fs.readFileSync(envFile, 'utf8');
-		let d = data.split(/\r?\n/);
+  try {
+    let data = fs.readFileSync(envFile, 'utf8');
+    let d = data.split(/\r?\n/);
     let envData = {};
-		d.forEach(l => {
-			if (l.length > 0 && l.indexOf('#') === -1) {
-				let la = l.split('=');
-				let envName = la[0];
-				if (la.length === 2 && la[1].length > 0) {
-					let t = la[1].trim();
-					process.env[envName] = t;
+    d.forEach(l => {
+      if (l.length > 0 && l.indexOf('#') === -1) {
+        let la = l.split('=');
+        let envName = la[0];
+        if (la.length === 2 && la[1].length > 0) {
+          let t = la[1].trim();
+          process.env[envName] = t;
           envData[envName] = t;
-				}
-			}
-		});
+        }
+      }
+    });
     return envData;
-	} catch (err) {
-		console.log(err);
-		process.exit(0);
-	}
+  } catch (err) {
+    console.log(err);
+    process.exit(0);
+  }
 }
 

package/mcpConfigurations/stdio.json

@@ -4,11 +4,11 @@
 			"type": "stdio",
 			"command": "npx",
 			"args": [
-				"@sassoftware/sas-score-mcp-serverjs@alpha"
+				"@sassoftware/sas-score-mcp-serverjs@latest"
 			],
 			"env": {
 				"MCPTYPE": "stdio",
-				"AUTHFLOW": "sascli", 
+				"AUTHFLOW": "password", 
 				"SAS_CLI_PROFILE": "cis",
 				"SAS_CLI_CONFIG": "c:\\Users\\kumar",
 				"SSLCERT": "c:\\Users\\kumar\\.tls",

package/mcpConfigurations/stdiodev.json

@@ -4,7 +4,7 @@
 			"type": "stdio",
 			"command": "node",
 			"args": [
-				"c:\\dev\\gitlab\\mcp-serverjs\\cli.js"
+				"c:\\dev\\github\\mcp-serverjs\\cli.js"
 			],
 			"env": {
 				"MCPTYPE": "stdio",
@@ -12,6 +12,7 @@
 				"SAS_CLI_PROFILE": "00m",
 				"SAS_CLI_CONFIG": "c:\\Users\\kumar",
 				"SSLCERT": "c:\\Users\\kumar\\.tls",
+				"VIYACERT": "c:\\Users\\kumar\\.tls",
 				"COMPUTECONTEXT": "SAS Job Execution compute context",
 				"CAS_SERVER": "cas-shared-default"
 			}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sassoftware/sas-score-mcp-serverjs",
-  "version": "0.1.0",
+  "version": "0.2.1-0",
   "description": "A mcp server for SAS Viya",
   "author": "Deva Kumar <deva.kumar@sas.com>",
   "license": "Apache-2.0",
@@ -40,6 +40,7 @@
     "@sassoftware/restaf": "^5.6.0",
     "@sassoftware/restafedit": "^3.11.1-10",
     "@sassoftware/restaflib": "^5.6.0",
+    "@sassoftware/viya-serverjs": "^0.6.1-5",
     "axios": "^1.13.2",
     "body-parser": "^2.2.1",
     "cors": "^2.8.5",
@@ -51,6 +52,8 @@
     "helmet": "^8.1.0",
     "mcp-framework": "^0.2.16",
     "node-cache": "^5.1.2",
+    "open": "^11.0.0",
+    "puppeteer": "^24.34.0",
     "selfsigned": "^5.2.0",
     "undici": "^7.16.0",
     "uuid": "^13.0.0",

package/src/createMcpServer.js

@@ -16,7 +16,7 @@ import makeTools from "./toolSet/makeTools.js";
 import getLogonPayload from "./toolHelpers/getLogonPayload.js";
 
 async function createMcpServer(cache, _appContext) {
-  
+
   let mcpServer = new McpServer(
     {
       name: "sasmcp",
@@ -40,20 +40,31 @@ async function createMcpServer(cache, _appContext) {
     let _appContext = cache.get(currentId);
     let params;
     // get Viya token 
+
+    let errorStatus = cache.get('errorStatus');
+    if (errorStatus) {
+      return { isError: true, content: [{ type: 'text', text: errorStatus }] }
+    };
+    if (_appContext.AUTHFLOW === 'code' && _appContext.contexts.oauthInfo == null) {
+      return { isError: true, content: [{ type: 'text', text: 'Please visit https://localhost:8080/mcpserver to connect to Viya. Then try again.' }] }
+    }
+    console.error("Getting logon payload for tool with session ID:", currentId);
     _appContext.contexts.logonPayload = await getLogonPayload(_appContext);
     if (_appContext.contexts.logonPayload == null) {
       return { isError: true, content: [{ type: 'text', text: 'Unable to get authentication token for SAS Viya. Please check your configuration.' }] }
+
     }
 
-  // create enhanced appContext for tool
-  if (args == null) {
-    params = {_appContext: _appContext.contexts};
-  } else {
-    params = Object.assign({}, args, {_appContext: _appContext.contexts});
-  }
-  
-  // call the actual tool handler
-    let r = await builtin(params); 
+    // create enhanced appContext for tool
+    if (args == null) {
+      params = { _appContext: _appContext.contexts };
+    } else {
+      params = Object.assign({}, args, { _appContext: _appContext.contexts });
+    }
+
+    // call the actual tool handler
+    debugger;
+    let r = await builtin(params);
     return r;
   }
 
@@ -62,9 +73,9 @@ async function createMcpServer(cache, _appContext) {
   let toolNames = [];
   toolSet.forEach((tool, i) => {
     let toolName = _appContext.brand + '-' + tool.name;
-   // console.error(`\n[Note] Registering tool ${i + 1} : ${toolName}`);
+    // console.error(`\n[Note] Registering tool ${i + 1} : ${toolName}`);
     let toolHandler = wrapf(cache, tool.handler);
-   
+
     mcpServer.tool(toolName, tool.description, tool.schema, toolHandler);
     toolNames.push(toolName);
   });

package/src/{corehttp.js → expressMcpServer.js}

@@ -21,7 +21,7 @@ import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
 
 // setup express server
 
-async function corehttp(mcpServer, cache, currentAppEnvContext) {
+async function expressMcpServer(mcpServer, cache, currentAppEnvContext) {
   // setup for change to persistence session
   let headerCache = {};
 
@@ -334,4 +334,4 @@ async function corehttp(mcpServer, cache, currentAppEnvContext) {
   }
 }
 
-export default corehttp;
+export default expressMcpServer;

package/src/handleGetDelete.js

@@ -0,0 +1,31 @@
+/*
+ * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+async function handleGetDelete(mcpServer, cache, req, h) {
+    const sessionId = req.headers["mcp-session-id"];
+    console.error("Handling GET/DELETE for session ID:", sessionId);
+    let transports = cache.get("transports");
+    let transport = transports[sessionId];
+    if (!sessionId || transport == null) {
+        console.error('[Note] Looks like a fresh start - no session id or transport found');
+        h.abandon;
+    }
+
+     if (req.method === "GET") {
+        // You can customize the response as needed
+        await transport.handleRequest(req.raw.req, req.raw.res, req.payload);
+        return h.abandon;
+     }
+
+    if (req.method === "DELETE") {
+        console.error("Deleting transport and cache for session ID:", sessionId);
+        delete transports[sessionId];
+        cache.del(sessionId);
+        return h.response(`[Info] In DELETE: Session ID ${sessionId} deleted`).code(201);
+    }
+
+    
+}
+export default handleGetDelete;

package/src/handleRequest.js

@@ -0,0 +1,110 @@
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { randomUUID } from "node:crypto";
+import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
+
+async function handleRequest(mcpServer, cache, req, h, credentials) {
+  let headerCache = {};
+  let transport;
+  let transports = cache.get("transports");
+  try {
+
+    headerCache = customHeaders(req, h);
+    let sessionId = req.headers["mcp-session-id"];
+
+    // we have session id, get existing transport
+
+    if (sessionId != null) {
+      /* existing transport */
+      transport = transports[sessionId];
+      if (transport == null) {
+        h.response({ isError: true, content: [{ type: 'text', text: 'Session not found. Please re-initialize the MCP client.' }] }).code(400).type('application/json');
+        return h.abandon;
+      }
+    }
+      
+    if (sessionId != null && transport != null) {
+      // post the curren session - used to pass _appContext to tools
+      cache.set("currentId", sessionId);
+
+      // get app context for session
+      let _appContext = cache.get(sessionId);
+
+      //if first prompt on a sessionid, create app context
+
+      if (_appContext == null) {
+        console.error("[Note] Creating new app context for session ID:", sessionId);
+        let appEnvTemplate = cache.get("appEnvTemplate");
+        _appContext = Object.assign({}, appEnvTemplate, headerCache);
+        _appContext.contexts.oauthInfo = credentials;
+        cache.set(sessionId, _appContext);
+      }
+      console.error("[Note] Using existing transport for session ID:", sessionId);
+      debugger;
+      console.error("calling transport.handleRequest");
+      return await transport.handleRequest(req.raw.req, req.raw.res, req.payload);
+    }
+
+    // initialize request
+    else if (!sessionId && isInitializeRequest(req.payload)) {
+      // create transport
+      console.error("[Note] Initializing new transport for MCP request...");
+      transport = new StreamableHTTPServerTransport({
+        sessionIdGenerator: () => randomUUID(),
+        enableJsonResponse: true,
+        onsessioninitialized: (sessionId) => {
+          // Store the transport by session ID
+          transports[sessionId] = transport;
+        },
+      });
+      // Clean up transport when closed
+      transport.onclose = () => {
+        if (transport.sessionId) {
+          delete transports[transport.sessionId];
+        }
+      };
+      console.error("[Note] Connecting mcpServer to new transport...");
+      await mcpServer.connect(transport);
+   
+      // Save transport data and app context for use in tools
+       cache.set("transports", transports);
+      return await transport.handleRequest(req.raw.req, req.raw.res, req.payload);
+      // cache transport
+
+
+    }
+  }
+  catch (error) {
+    console.error("Error handling MCP request:", error);
+    let r = { isError: true, content: [{ type: 'text', text: 'Internal server error occurred while processing the request.' }] };
+    return h.response(r).code(500).type('application/json');
+  }
+  function customHeaders(req, h) {
+
+    // process any new header information
+
+    // Allow different VIYA server per sessionid(user)
+    let headerCache = {};
+    if (req.headers["X-VIYA-SERVER"] != null) {
+      console.error("[Note] Using user supplied VIYA server");
+      headerCache.VIYA_SERVER = req.header("X-VIYA-SERVER");
+    }
+
+    // used when doing autorization via mcp client
+    // ideal for production use
+    const hdr = req.headers["Authorization"];
+    if (hdr != null) {
+      headerCache.bearerToken = hdr.slice(7);
+      headerCache.AUTHFLOW = "bearer";
+    }
+
+    // faking out api key since Viya does not support 
+    // not ideal for production
+    const hdr2 = req.headers["X-REFRESH-TOKEN"];
+    if (hdr2 != null) {
+      headerCache.refreshToken = hdr2;
+      headerCache.AUTHFLOW = "refresh";
+    }
+    return headerCache;
+  }
+};
+export default handleRequest;

package/src/hapiMcpServer.js

@@ -0,0 +1,89 @@
+/*
+ * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import appServer from "@sassoftware/viya-serverjs";
+import handleRequest from "./handleRequest.js";
+import handleGetDelete from "./handleGetDelete.js";
+import urlOpen from "./urlOpen.js";
+//import { auth } from "@modelcontextprotocol/sdk/client/auth.js";
+
+async function hapiMcpServer(mcpServer, cache, baseAppEnvContext) {
+
+  console.error(appServer);
+  appServer(mcpHandlers, true, 'app', null);
+  if (process.env.AUTOSTART === 'TRUE') {
+    await urlOpen();
+  }
+
+  function mcpHandlers() {
+    let routes = [
+      {
+        method: ["GET"],
+        path: "/health",
+        options: {
+          handler: async (req, h) => {
+            let health = {
+              name: "@sassoftware/mcp-server",
+              version: baseAppEnvContext.version,
+              description: "SAS Viya Sample MCP Server",
+              endpoints: {
+                mcp: "/mcp",
+                health: "/health",
+              },
+              usage:
+                "Use with MCP Inspector or compatible MCP clients like vscode or your own MCP client",
+            };
+            console.error("Health check requested, returning:", health);
+            return h.response(health).code(200).type('application/json');
+          },
+          auth: false,
+          description: "Help",
+          notes: "Help",
+          tags: ["app"],
+        }
+      },
+      {
+        method: ["POST"],
+        path: `/mcp`,
+        options: {
+          handler: async (req, h) => {
+            let precontext = req.pre.context;
+            let oauthInfo = (precontext != null) ? precontext.credentials : null;
+            await handleRequest(mcpServer, cache, req, h, oauthInfo);
+            return h.abandon;
+          },
+
+          auth: {
+            strategy: "session",
+            mode: 'try'
+          },
+          description: "The main route for MCP requests",
+          notes: "Requires a valid session",
+          tags: ["mcp"],
+        },
+      },
+      {
+        method: ["GET", "DELETE"],
+        path: `/mcp`,
+
+        options: {
+          handler: async (req, h) => {
+            await handleGetDelete(mcpServer, cache, req, h);
+            return h.abandon;
+          },
+          auth: {
+            strategy: "session",
+            mode: 'try'
+          },
+          description: "Handle GET and DELETE requests",
+          notes: "Will fail if no valid session",
+          tags: ["mcp"],
+        },
+      }
+
+    ];
+    return routes;
+  }
+}
+export default hapiMcpServer;

package/src/toolHelpers/getLogonPayload.js

@@ -5,6 +5,7 @@
 
 import getToken from "./getToken.js";
 import refreshToken from "./refreshToken.js";
+import refreshTokenOauth from "./refreshTokenOauth.js";
 
 async function getLogonPayload(_appContext) {
   _appContext.contexts.logonPayload = await igetLogonPayload(_appContext);
@@ -15,14 +16,32 @@ async function igetLogonPayload(_appContext) {
 
   // Use cached logonPayload if available
   // This will cause timeouts if the token expires
-  if (_appContext.logonPayload != null && _appContext.tokenRefresh !== true) {
+  if (_appContext.contexts.logonPayload != null && _appContext.tokenRefresh !== true) {
     console.error("[Note] Using cached logonPayload information");
     return _appContext.contexts.logonPayload;
   }
 
+  if (_appContext.AUTHFLOW === 'code') {
+    let oauthInfo = _appContext.contexts.oauthInfo;
+    if (oauthInfo == null) {
+      return null;
+    }
+    _appContext.contexts.oauthInfo = await refreshTokenOauth(_appContext, oauthInfo);
+    if (_appContext.contexts.oauthInfo == null) {
+      return null;
+    }
+    let logonPayload = {
+      host: _appContext.VIYA_SERVER,
+      authType: "server",
+      token: _appContext.contexts.oauthInfo.accessToken,
+      tokenType: "Bearer",
+    }
+    return  logonPayload;
+  }
+
   // Use user supplied bearer token 
   if (_appContext.AUTHFLOW === "bearer") {
-    console.error("[Note] Using user suplied bearer token ");
+    console.error("[Note] Using user supplied bearer token ");
     let logonPayload = {
       host: _appContext.VIYA_SERVER,
       authType: "server",
@@ -68,7 +87,7 @@ async function igetLogonPayload(_appContext) {
     return logonPayload;
   }
 
-  if (_appContext.PASSWORDAUTHFLOW === "password") {
+  if (_appContext.AUTHFLOW === "password") {
     let logonPayload = {
       host: _appContext.VIYA_SERVER,
       authType: "password",
@@ -84,7 +103,7 @@ async function igetLogonPayload(_appContext) {
   // sascli auth flow - create from credentials file
   try {
     let { host, token } = await getToken(_appContext)
-    console.error("[Note] got refresh token from getToken() for host ", host);
+    console.error("[Note] Token refreshed ", host);
     let logonPayload = {
       host: host,
       authType: "server",

package/src/toolHelpers/getOpts.js

@@ -9,12 +9,19 @@
  * if this function return a null, coreehttp will create unsigned certs
  * @param {Object} _appContext - Application context containing SSLCERT property
  */
-import fs from 'fs';
+
+import readCerts from './readCerts.js';
 function getOpts(_appContext) {
-    
-     if (_appContext.tlsOpts != null) {
+
+    if (_appContext.tlsOpts != null) {
         return _appContext.tlsOpts;
     }
+    let r = readCerts(_appContext.SSLCERT);
+    _appContext.tlsOpts = r;
+    return r;
+
+
+    /*
     let tlsdir = _appContext.SSLCERT;
     if (tlsdir == null || tlsdir === 'NONE') {
         return null;
@@ -38,6 +45,7 @@ function getOpts(_appContext) {
     console.error('TLS FILES', Object.keys(options));
     _appContext.tlsOpts = options;
     return options;
-   
+    */
+
 }
 export default getOpts;

package/src/toolHelpers/getOptsViya.js

@@ -2,13 +2,18 @@
  * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0
  */
-import fs from 'fs';
+import readCerts from './readCerts.js';
 function getOptsViya(_appContext) {
-    
-     if (_appContext.contexts.viyaCert != null) {
+
+    if (_appContext.contexts.viyaCert != null) {
         console.error('[Note] Using cached viyaOpts');
         return _appContext.contexts.viyaCert;
     }
+    let r = readCerts(_appContext.VIYACERT);
+    _appContext.contexts.viyaCert = r;
+    return r;
+
+    /*
     let tlsdir = _appContext.VIYACERT;
     if (tlsdir == null || tlsdir === 'NONE') {
         return {};
@@ -33,6 +38,7 @@ function getOptsViya(_appContext) {
     console.error('VIYACERT FILES', Object.keys(options));
     _appContext.contexts.viyaCert = options;
     return options;
-   
+    */
+
 }
 export default getOptsViya;

package/src/toolHelpers/getStoreOpts.js

@@ -7,8 +7,6 @@ import getOptsViya from './getOptsViya.js';
 function getStoreOpts(_appContext) {
   
   let opts = getOptsViya(_appContext);
-
-  
   let storeOpts = {
     casProxy: true,
     httpOptions: { ...opts, rejectUnauthorized: true }

package/src/toolHelpers/readCerts.js

@@ -0,0 +1,33 @@
+/**
+ * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import fs from 'fs';
+function getCerts(tlsdir) {
+
+    if (tlsdir == null || tlsdir === 'NONE') {
+        return null;
+    }
+
+    console.log(`[Note] Reading certs from directory: ` + tlsdir);
+    if (fs.existsSync(tlsdir) === false) {
+        console.error("[Warning] Specified cert dir does not exist: " + tlsdir);
+        return null;
+    }
+
+    let listOfFiles = fs.readdirSync(tlsdir);
+    console.log("[Note] TLS/SSL files found: " + listOfFiles);
+    let options = {};
+    for(let i=0; i < listOfFiles.length; i++) {
+        let fname = listOfFiles[i];
+        let name = tlsdir + '/' + listOfFiles[i];
+        let key = fname.split('.')[0];
+        console.log('Reading TLS file: ' + name + ' as key: ' + key);
+        options[key] = fs.readFileSync(name, { encoding: 'utf8' });
+    }
+    console.log('cert files', Object.keys(options));
+    
+    return options;
+   
+}
+export default getCerts;

package/src/toolHelpers/refreshTokenOauth.js

@@ -0,0 +1,53 @@
+ /*
+ * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+ import { Agent, fetch } from 'undici';
+ import getOpts from './getOpts.js';
+ async function refreshTokenOauth(_appContext, oauthInfo ){
+ 
+    const url = `${process.env.VIYA_SERVER}/SASLogon/oauth/token`;
+    let opts = getOpts(_appContext);
+
+    const agent = new Agent({
+      connect: opts
+    });
+    
+    let bodyObject = {
+      grant_type: 'refresh_token',
+      refresh_token: oauthInfo.refreshToken,
+      client_id: _appContext.CLIENTID,
+      client_secret: _appContext.CLIENTSECRET
+    }
+    const body = new URLSearchParams(bodyObject);
+    try {
+      const response = await fetch(url, {
+        method: 'POST',
+        headers: {
+          'Accept': 'application/json',
+          'Content-Type': 'application/x-www-form-urlencoded',
+          dispatcher: agent
+        },
+        body: body.toString()
+      });
+
+      if (!response.ok) {
+        const error = await response.text();
+        console.error('[Error] Failed to refresh token: ', error);
+        throw new Error(error);
+      }
+
+      const data = await response.json();
+      let newauthInfo = {
+        accessToken: data.access_token,
+        refreshToken: data.refresh_token,
+        expiresIn: data.expires_in
+      }
+      return newauthInfo;
+    } catch (err) {
+      console.error('[Error] Failed to refresh token: ', err);
+      return null;
+    }
+  }
+  
+  export default refreshTokenOauth;

package/src/toolSet/findJob.js

@@ -9,6 +9,7 @@ function findJob(_appContext) {
   "purpose": "Map natural language requests to find a job in SAS Viya and return structured results.",
   "param_mapping": {
     "name": "required - single name. If missing, ask 'Which job name would you like to find?'.",
+    "_userPrompt": "the original user prompt that triggered this tool."
 
   },
   "response_schema": "{ jobs: Array<string|object> }",
@@ -77,7 +78,8 @@ function findJob(_appContext) {
     aliases: ['findJob','find job','find_job'],
     description: description,
     schema: {
-      name: z.string()
+      name: z.string(),
+      _userPrompt: z.string()
     },
     required: ['name'],
     handler: async (params) => {

package/src/urlOpen.js

@@ -0,0 +1,12 @@
+import open from 'open';
+
+async function urlOpen(contexts) {
+  let appHost = process.env.APPHOST || 'localhost';
+  let appPort = process.env.PORT || '8080';
+  let appName = process.env.APPNAME || 'mcpserver';
+  let protocol =  (process.env.HTTPS != null && process.env.HTTPS.toUpperCase() === 'TRUE') ? 'https' : 'http';
+  let urlx = `${protocol}://${appHost}:${appPort}/${appName}`;
+  console.log(`Opening URL: ${urlx}`); 
+  await open(urlx, {wait:true});
+}
+export default urlOpen;