@sassoftware/sas-score-mcp-serverjs 0.1.1 → 0.2.1

package/.env

@@ -1,19 +1,14 @@
-
-PORT=8080
-HTTPS=TRUE
-MCPTYPE=stdio
-
-# Sample values shown below
-VIYA_SERVER=<viya usl>
-AUTHFLOW=password
-USERNAME=sastest1
-PASSWORD=<some_password>
-CLIENTID=mcppw
-CLIENTSECRET=xxxxx
-SAS_CLI_PROFILE=00m
-SAS_CLI_CONFIG=c:\Users\kumar
-SSLCERT=c:\Users\kumar\.tls 
-VIYACERT=c:\Users\kumar\viyaCert
-CAS_SERVER=cas-shared-default
-COMPUTECONTEXT=SAS Job Execution compute context
-
+PORT=8080
+HTTPS=TRUE
+MCPTYPE=http
+AUTHFLOW=sascli
+CLIENTID=mcpserver
+CLIENTSECRET=jellico
+# VIYA_SERVER= set globally
+SSLCERT=c:\Users\kumar\.tls 
+VIYACERT=c:\Users\kumar\viyaCert\xf1
+CAS_SERVER=cas-shared-default
+# APPNAME defaults to sas-score-mcp-serverjs but you can override it here
+APPNAME=mcpserver
+COMPUTECONTEXT=SAS Job Execution compute context
+SAMESITE=Lax,secure

package/.envx

@@ -0,0 +1,13 @@
+
+PORT=8080
+HTTPS=FALSE
+MCPTYPE=http
+
+AUTHFLOW=sascli
+SAS_CLI_PROFILE=xf1
+SAS_CLI_CONFIG=c:\Users\kumar
+SSLCERT=c:\Users\kumar\.tls 
+VIYACERT=c:\Users\kumar\viyaCert\xf1\viya
+CAS_SERVER=cas-shared-default
+COMPUTECONTEXT=SAS Job Execution compute context
+

package/CHANGES.md

@@ -1,2 +1,8 @@
 # Changes
 All notable changes to this project will be documented in this file in accordance with semantic versioning.
+
+## V 0.2.0
+
+1. Added support for authorization_code flow.(AUTHFLOW=code)
+2. Logon dialog is auto started.
+3. Marked as experimental until further testing is completed.

package/Public/index.html

@@ -0,0 +1,70 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>sas-score-mcp-server</title>
+    <style>
+        * {
+            margin: 0;
+            padding: 0;
+            box-sizing: border-box;
+        }
+
+        body {
+            font-family: Arial, sans-serif;
+            height: 100vh;
+            overflow: hidden;
+        }
+
+        dialog {
+            position: fixed;
+            left: 50%;
+            right: auto;
+            top: 0;
+            transform: translateX(-50%);
+            width: fit-content;
+            height: fit-content;
+            border: none;
+            border-radius: 4px;
+            padding: 16px;
+            box-shadow: 0 6px 20px rgba(0, 0, 0, 0.3);
+        }
+
+        dialog::backdrop {
+            background-color: rgba(0, 0, 0, 0.1);
+        }
+
+        dialog h2 {
+            font-size: 18px;
+            margin-bottom: 12px;
+            color: #000;
+        }
+
+        dialog p {
+            font-family: 'Courier New', monospace;
+            font-size: 12px;
+            width: fit-content;
+            line-height: 1.6;
+            color: #333;
+            word-wrap: break-word;
+            white-space: pre-wrap;
+        }
+
+        /* Window styling to show it's 10px larger than dialog */
+        body::before {
+            display: none;
+        }
+    </style>
+</head>
+<body>
+    <dialog open>
+        <h2>sas-score-mcp-server</h2>
+        <p>The mcp server is now ready for use. </p>
+        <p>You can close this window</p>
+        <p>For information on the tools see this documentation link:</p>
+            <a href="https://github.com/sassoftware/sas-score-mcp-serverjs/wiki   " target="_blank">Summary of tools  </a>
+    </p>
+    </dialog>
+</body>
+</html>

package/README.md

@@ -25,7 +25,7 @@ See this [quick reference](sas-mcp-tools-reference.md) for details.
 SAS developers who want to extend the capabilities of the server with their own tools. See the [guide](tool-developer-guide.md) for details.
 
 ## Configuration Variables
-Typically these are set either in the .env file or as environment variables (or both). This is full list of the configuration variables used the mcp server.
+Typically these are set either in the .env file or as environment variables (or both). This is full list of the configuration variables used the mcp server. You will need only a subset of these for the different [transport,authentication] schemes
 
 ```env
 
@@ -33,7 +33,7 @@ Typically these are set either in the .env file or as environment variables (or
 # http is useful for remote mcp servers
 # If running locally, recommend stdio
 
-MCPTYPE=http
+MCPTYPE=<stdio|http>
 
 # Port for http transport(default is 8080)
 
@@ -42,8 +42,7 @@ PORT=8080
 # If transport is http, optionally specify if the server
 # is using http or https
 
-HTTPS=FALSE
-
+HTTPS=TRUE|FALSE
 
 # Viya Authentication
 # The mcp server support different ways to authenticate(see section on Authentication)
@@ -51,9 +50,10 @@ HTTPS=FALSE
 # * sascli * will look for tokens created with sas-viya cli
 # * token * a custom token
 # * password * userid/password 
-# * none *  No aut tokens are created - useful if you want to control authentication
+# * code * Oauth using authorization_code flow(pkce not supported in this release)
+
+AUTHFLOW=sascli|token|password|code
 
-AUTHFLOW=sascli
 SAS_CLI_CONFIG=your-home-directory
 SAS_CLI_PROFILE=your-sas-cli-profile
 
@@ -64,9 +64,11 @@ VIYA_SERVER= your Viya server url
 # if AUTHFLOW=token, specify the file with the token
 TOKENFILE=
 
-# if password flow specify these
+# if password flow or oauth flow specify these
 CLIENTID=
 CLIENTSECRET=
+
+# specify this if password AUTHFLOW
 PASSWORD=
 
 # When HTTPS is TRUE, specify the folder with SSL certificates for the mcp server
@@ -130,8 +132,67 @@ Set the env TOKENFILE to a file containing the token.
 There seems to be a pattern of using a long-lived token.
 If this is your use case, set the TOKENFILE to a file containing this token.
 
-### Oauth
-This is under development.
+### Oauth - (experimental) Authentication handled by the mcp server
+
+In this approach, the mcp client does not participate in the Oauth authentication process. It is handled by the mcp server at startup. 
+
+> This is marked as experimental since the testing is not complete
+
+#### SAS viya setup.
+
+Create a Oauth client with the following properties
+
+```js
+{
+  auth flow: authorization_code|password
+  clientid: <your client id>
+  clientsecret: <some client secret - pkce not supported at this time>
+  redirect: https://localhost:8080/mcpserver  
+}
+
+#### Use an .env file as follows(sample values shown)
+
+```env
+PORT=8080
+AUTHFLOW=code
+SSLCERT=c:\Users\kumar\.tls 
+VIYACERT=c:\Users\kumar\viyaCert
+CAS_SERVER=cas-shared-default
+COMPUTECONTEXT=SAS Job Execution compute context
+
+PORT=8080
+HTTPS=true
+MCPTYPE=http
+USELOGON=FALSE
+USETOKEN=TRUE
+APPNAME=sas-score-mcp-serverjs
+
+CLIENTID=mcpserver
+CLIENTSECRET=xxxxxx
+
+
+# SAMESITE=Lax,secure
+
+```
+
+#### Usage
+
+Start the server with this command:
+
+```sh
+npx @sassoftware/sas-score-mcp-serverjs@latest
+```
+
+Then visit this site on your browser:
+
+```sh
+https://localhost:8080/mcpserver
+```
+
+You will be prompted to logon to SAS Viya.
+A dialog will be displayed if the logon was successful.
+Icon this window and proceed to your mcp client
+
 
 ## Transport Methods
 This server supports both stdio and http transport methods.
@@ -238,6 +299,14 @@ The implication of this design choice is felt most when the tool needs is creati
 ## Other Useful Tips
 
 ### mkcert
+
+### Install
+
+1. Visit this [site](https://github.com/FiloSottile/mkcert/releases)
+2. Download the proper version 
+  - rename the file as mkcert (with proper exetension for your os)
+  - move it to a directory that is in the PATH value
+
 To create a self-signed certificate for localhost:
 
 ```sh
@@ -251,7 +320,7 @@ Now go to the location where you want to store the certificates.
 Then create the certificates:
 
 ```sh
-mkcert -key-file key.pem -cert-file crt.pem localhost 127:0.0.1 ::1
+mkcert  localhost 127:0.0.1 ::1
 ```
 
 One last step for windows nodejs users.

package/cli.js

@@ -8,7 +8,9 @@
 
 
 import coreSSE from './src/coreSSE.js';
-import corehttp from './src/corehttp.js';
+import expressMcpServer from './src/expressMcpServer.js';
+import hapiMcpServer from './src/hapiMcpServer.js';
+
 import createMcpServer from './src/createMcpServer.js';
 // import dotenvExpand from 'dotenv-expand';
 import fs from 'fs';
@@ -27,9 +29,9 @@ const __dirname = dirname(fileURLToPath(import.meta.url));
 
 let pkg = fs.readFileSync(__dirname + '/package.json', 'utf8');
 
-if (process.env.ENVFILE === 'NONE') {
+if (process.env.ENVFILE === 'FALSE') {
   //use this when using remote mcp server and no .env file is desired
-  console.error('[Note]: Skipping .env file as ENVFILE is set to NONE...');
+  console.error('[Note]: Skipping .env file as ENVFILE is set to FALSE...');
 } else {
   let envf = __dirname + '\\.env';
   console.error(envf);
@@ -38,13 +40,17 @@ if (process.env.ENVFILE === 'NONE') {
     let e = iconfig(envf); // avoid dotenv since it writes to console.log
     console.error('[Note]: Environment variables loaded from .env file...');
     console.error('Loaded env variables:', e);
-   // dotenvExpand.expand(e);
+    // dotenvExpand.expand(e);
   } else {
     console.error(
       '[Note]: No .env file found, Using default environment variables...'
     );
   }
 }
+
+if (process.env.APPHOST == null) {
+  process.env.APPHOST = 'localhost';
+} 
 /********************************* */
 const BRAND = 'sas-score'
 /********************************* */
@@ -90,14 +96,16 @@ if (process.env.SUBCLASS != null) {
 // setup base appEnv 
 // for stdio this is the _appContext
 // for http each session a copy of this as appEnvTemplate is created in corehttp
+
+// backward compability variables
+let clientID = process.env.CLIENTID || process.env.CLIENTIDPW || null;
+let clientSecret = process.env.CLIENTSECRET || process.env.CLIENTSECRETPW || null;
+let https = process.env.HTTPS != null ? process.env.HTTPS.toUpperCase() : "FALSE";
 const appEnvBase = {
   version: version,
-  mcpType: mcpType,
+  mcpType: mcpType, 
   brand: (process.env.BRAND == null) ? BRAND : process.env.BRAND,
-  HTTPS:
-    process.env.HTTPS != null && process.env.HTTPS.toUpperCase() === 'TRUE'
-      ? true
-      : false,
+  HTTPS: https,
   SAS_CLI_PROFILE: process.env.SAS_CLI_PROFILE || 'Default',
   SAS_CLI_CONFIG: process.env.SAS_CLI_CONFIG || process.env.HOME, // default to user home directory
   SSLCERT: process.env.SSLCERT || null,
@@ -108,8 +116,10 @@ const appEnvBase = {
   PORT: process.env.PORT || 8080,
   USERNAME: process.env.USERNAME || null,
   PASSWORD: process.env.PASSWORD || null,
-  CLIENTID: process.env.CLIENTID|| null,
-  CLIENTSECRET: process.env.CLIENTSECRET || null,
+  CLIENTID: clientID,
+  CLIENTSECRET: clientSecret,
+  PKCE: process.env.PKCE || null,
+
   TOKEN: process.env.TOKEN || null,
   REFRESH_TOKEN: process.env.REFRESH_TOKEN || null,
   TOKENFILE: process.env.TOKENFILE || null,
@@ -136,9 +146,20 @@ const appEnvBase = {
   logonPayload: null,
   bearerToken: null,
   tlsOpts: null,
+  oauthInfo: null,
   contexts: {
+    AUTHFLOW: process.env.AUTHFLOW || 'sascli',
+    host: process.env.VIYA_SERVER,
+    APPHOST: process.env.APPHOST || 'localhost',
+    APPNAME: process.env.APPNAME || 'sas-score-mcp-serverjs',
+    PORT: process.env.PORT || 8080,
+    HTTPS: https,
     store: null, /* for restaf users */
     storeConfig: {},
+    oauthInfo: null,
+    CLIENTID: clientID,
+    CLIENTSECRET: clientSecret,
+    pkce: process.env.PKCE || null,
     casSession: null, /* restaf cas session object */
     computeSession: null, /* restaf compute session object */
     viyaCert: null, /* ssl/tsl certificates to connect to viya */
@@ -151,6 +172,8 @@ const appEnvBase = {
   }
 };
 
+process.env.APPPORT=appEnvBase.PORT;
+
 // setup TLS options for viya calls
 
 console.error('[Note]Viya SSL dir set to: ' + appEnvBase.VIYACERT);
@@ -166,7 +189,7 @@ if (appEnvBase.TOKENFILE != null) {
     console.error(`[Note]Loading token from file: ${appEnvBase.TOKENFILE}...`);
     appEnvBase.TOKEN = fs.readFileSync(appEnvBase.TOKENFILE, { encoding: 'utf8' });
     appEnvBase.AUTHFLOW = 'token';
-    appEnvBase.contexts.logonPayload = {
+    appEnvBase.appContexts.logonPayload = {
       host: appEnvBase.VIYA_SERVER,
       authType: 'server',
       token: appEnvBase.TOKEN,
@@ -192,6 +215,7 @@ if (appEnvBase.REFRESH_TOKEN != null) {
   }
 }
 
+// if authflow is cli or code, postpone getting logonPayload until needed
 
 
 // setup mcpServer (both http and stdio use this)
@@ -209,6 +233,7 @@ sessionCache.set('transports', transports);
 
 // set this for stdio transport use
 // dummy sessionId for use in the tools  
+let useHapi = process.env.AUTHFLOW === 'code' ? true : false;
 if (mcpType === 'stdio') {
   let sessionId = randomUUID();
   sessionCache.set('currentId', sessionId);
@@ -219,31 +244,36 @@ if (mcpType === 'stdio') {
 
 } else {
   console.error('[Note] Starting HTTP MCP server...');
-  await corehttp(mcpServer, sessionCache, appEnvBase);
-  console.error('[Note] MCP HTTP server started on port ' + appEnvBase.PORT);
+  if (useHapi === true) {
+    await hapiMcpServer(mcpServer, sessionCache, appEnvBase);
+    console.error('[Note] Using HAPI HTTP server...')
+  } else {
+    await expressMcpServer(mcpServer, sessionCache, appEnvBase);
+    console.error('[Note] MCP HTTP server started on port ' + appEnvBase.PORT);
+  }
 }
 
 // custom reader for .env file to avoid dotenv logging to console
 function iconfig(envFile) {
-	try {
-		let data = fs.readFileSync(envFile, 'utf8');
-		let d = data.split(/\r?\n/);
+  try {
+    let data = fs.readFileSync(envFile, 'utf8');
+    let d = data.split(/\r?\n/);
     let envData = {};
-		d.forEach(l => {
-			if (l.length > 0 && l.indexOf('#') === -1) {
-				let la = l.split('=');
-				let envName = la[0];
-				if (la.length === 2 && la[1].length > 0) {
-					let t = la[1].trim();
-					process.env[envName] = t;
+    d.forEach(l => {
+      if (l.length > 0 && l.indexOf('#') === -1) {
+        let la = l.split('=');
+        let envName = la[0];
+        if (la.length === 2 && la[1].length > 0) {
+          let t = la[1].trim();
+          process.env[envName] = t;
           envData[envName] = t;
-				}
-			}
-		});
+        }
+      }
+    });
     return envData;
-	} catch (err) {
-		console.log(err);
-		process.exit(0);
-	}
+  } catch (err) {
+    console.log(err);
+    process.exit(0);
+  }
 }
 

package/devTest/code/.env

@@ -0,0 +1,12 @@
+
+PORT=8080
+HTTPS=FALSE
+MCPTYPE=http
+AUTHFLOW=sascli
+SAS_CLI_PROFILE=xf1
+SAS_CLI_CONFIG=c:\Users\kumar
+SSLCERT=c:\Users\kumar\.tls 
+VIYACERT=c:\Users\kumar\viyaCert\xf1\viya
+CAS_SERVER=cas-shared-default
+COMPUTECONTEXT=SAS Job Execution compute context
+

package/devTest/code/http.mcp.json

@@ -0,0 +1,8 @@
+{
+	"servers": {
+		"sasmcp": {
+			"type": "http",
+			"url": "http://localhost:8080/mcp"
+		}
+	}
+}

package/devTest/http/.env

@@ -0,0 +1,13 @@
+
+PORT=8080
+HTTPS=TRUE
+MCPTYPE=http
+AUTHFLOW=code
+CLIENTID=mcpserver
+CLIENTSECRET=jellico
+# VIYA_SERVER= set globally
+SSLCERT=c:\Users\kumar\.tls 
+VIYACERT=c:\Users\kumar\viyaCert\xf1\viya
+CAS_SERVER=cas-shared-default
+COMPUTECONTEXT=SAS Job Execution compute context
+

package/devTest/http/http.mcp.json

@@ -0,0 +1,8 @@
+{
+	"servers": {
+		"sasmcp": {
+			"type": "http",
+			"url": "http://localhost:8080/mcp"
+		}
+	}
+}

package/devTest/stdio/.env

@@ -0,0 +1,9 @@
+
+MCPTYPE=stdio
+AUTHFLOW=sascli
+SAS_CLI_PROFILE=xf1
+SAS_CLI_CONFIG=c:\Users\kumar
+SSLCERT=c:\Users\kumar\.tls 
+VIYACERT=c:\Users\kumar\viyaCert\xf1\viya
+CAS_SERVER=cas-shared-default
+COMPUTECONTEXT=SAS Job Execution compute context

package/{mcpConfigurations/stdio.json → devTest/stdio/stdio.mcp.json}

@@ -2,18 +2,20 @@
 	"servers": {
 		"sasmcp": {
 			"type": "stdio",
-			"command": "npx",
+			"command": "node",
 			"args": [
-				"@sassoftware/sas-score-mcp-serverjs@alpha"
+				"c:\\dev\\github\\sas-score-mcp-serverjs\\cli.js"
 			],
 			"env": {
 				"MCPTYPE": "stdio",
-				"AUTHFLOW": "sascli", 
-				"SAS_CLI_PROFILE": "cis",
+				"AUTHFLOW": "sascli",
+				"SAS_CLI_PROFILE": "xf1",
 				"SAS_CLI_CONFIG": "c:\\Users\\kumar",
 				"SSLCERT": "c:\\Users\\kumar\\.tls",
+				"VIYACERT": "c:\\Users\\kumar\\viyaCert\\xf1\\viya",
+				"CAS_SERVER": "cas-shared-default",
 				"COMPUTECONTEXT": "SAS Job Execution compute context",
-				"CAS_SERVER": "cas-shared-default"
+				"ENVFILE": "FALSE"
 			}
 		}
 	}

package/{mcpConfigurations → devTest}/stdiodev.json

@@ -4,7 +4,7 @@
 			"type": "stdio",
 			"command": "node",
 			"args": [
-				"c:\\dev\\gitlab\\mcp-serverjs\\cli.js"
+				"c:\\dev\\github\\mcp-serverjs\\cli.js"
 			],
 			"env": {
 				"MCPTYPE": "stdio",
@@ -12,6 +12,7 @@
 				"SAS_CLI_PROFILE": "00m",
 				"SAS_CLI_CONFIG": "c:\\Users\\kumar",
 				"SSLCERT": "c:\\Users\\kumar\\.tls",
+				"VIYACERT": "c:\\Users\\kumar\\.tls",
 				"COMPUTECONTEXT": "SAS Job Execution compute context",
 				"CAS_SERVER": "cas-shared-default"
 			}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sassoftware/sas-score-mcp-serverjs",
-  "version": "0.1.1",
+  "version": "0.2.1",
   "description": "A mcp server for SAS Viya",
   "author": "Deva Kumar <deva.kumar@sas.com>",
   "license": "Apache-2.0",
@@ -40,6 +40,7 @@
     "@sassoftware/restaf": "^5.6.0",
     "@sassoftware/restafedit": "^3.11.1-10",
     "@sassoftware/restaflib": "^5.6.0",
+    "@sassoftware/viya-serverjs": "^0.6.3-0",
     "axios": "^1.13.2",
     "body-parser": "^2.2.1",
     "cors": "^2.8.5",
@@ -51,6 +52,8 @@
     "helmet": "^8.1.0",
     "mcp-framework": "^0.2.16",
     "node-cache": "^5.1.2",
+    "open": "^11.0.0",
+    "puppeteer": "^24.34.0",
     "selfsigned": "^5.2.0",
     "undici": "^7.16.0",
     "uuid": "^13.0.0",

package/scripts/viyatls.sh

@@ -0,0 +1,3 @@
+kubectl cp $(kubectl get pod | grep "sas-consul-server-0" | awk -F" " '{print $1}'):security/ca.crt ./ca.crt
+kubectl cp $(kubectl get pod | grep "sas-consul-server-0" | awk -F" " '{print $1}'):security/tls.crt ./tls.crt
+kubectl cp $(kubectl get pod | grep "sas-consul-server-0" | awk -F" " '{print $1}'):security/tls.key ./tls.key

package/src/createMcpServer.js

@@ -16,7 +16,7 @@ import makeTools from "./toolSet/makeTools.js";
 import getLogonPayload from "./toolHelpers/getLogonPayload.js";
 
 async function createMcpServer(cache, _appContext) {
-  
+
   let mcpServer = new McpServer(
     {
       name: "sasmcp",
@@ -40,20 +40,31 @@ async function createMcpServer(cache, _appContext) {
     let _appContext = cache.get(currentId);
     let params;
     // get Viya token 
+
+    let errorStatus = cache.get('errorStatus');
+    if (errorStatus) {
+      return { isError: true, content: [{ type: 'text', text: errorStatus }] }
+    };
+    if (_appContext.AUTHFLOW === 'code' && _appContext.contexts.oauthInfo == null) {
+      return { isError: true, content: [{ type: 'text', text: 'Please visit https://localhost:8080/mcpserver to connect to Viya. Then try again.' }] }
+    }
+    console.error("Getting logon payload for tool with session ID:", currentId);
     _appContext.contexts.logonPayload = await getLogonPayload(_appContext);
     if (_appContext.contexts.logonPayload == null) {
       return { isError: true, content: [{ type: 'text', text: 'Unable to get authentication token for SAS Viya. Please check your configuration.' }] }
+
     }
 
-  // create enhanced appContext for tool
-  if (args == null) {
-    params = {_appContext: _appContext.contexts};
-  } else {
-    params = Object.assign({}, args, {_appContext: _appContext.contexts});
-  }
-  
-  // call the actual tool handler
-    let r = await builtin(params); 
+    // create enhanced appContext for tool
+    if (args == null) {
+      params = { _appContext: _appContext.contexts };
+    } else {
+      params = Object.assign({}, args, { _appContext: _appContext.contexts });
+    }
+
+    // call the actual tool handler
+    debugger;
+    let r = await builtin(params);
     return r;
   }
 
@@ -62,9 +73,9 @@ async function createMcpServer(cache, _appContext) {
   let toolNames = [];
   toolSet.forEach((tool, i) => {
     let toolName = _appContext.brand + '-' + tool.name;
-   // console.error(`\n[Note] Registering tool ${i + 1} : ${toolName}`);
+    // console.error(`\n[Note] Registering tool ${i + 1} : ${toolName}`);
     let toolHandler = wrapf(cache, tool.handler);
-   
+
     mcpServer.tool(toolName, tool.description, tool.schema, toolHandler);
     toolNames.push(toolName);
   });

package/src/{corehttp.js → expressMcpServer.js}

@@ -21,7 +21,7 @@ import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
 
 // setup express server
 
-async function corehttp(mcpServer, cache, currentAppEnvContext) {
+async function expressMcpServer(mcpServer, cache, currentAppEnvContext) {
   // setup for change to persistence session
   let headerCache = {};
 
@@ -228,7 +228,7 @@ async function corehttp(mcpServer, cache, currentAppEnvContext) {
   let appServer;
 
   // get TLS options
-  if (appEnvBase.HTTPS === true) {
+  if (appEnvBase.HTTPS === 'TRUE') {
     //appEnvBase.tlsOpts = getOpts(appEnvBase);
     if (appEnvBase.tlsOpts == null) {
       appEnvBase.tlsOpts = await getTls(appEnvBase);  
@@ -334,4 +334,4 @@ async function corehttp(mcpServer, cache, currentAppEnvContext) {
   }
 }
 
-export default corehttp;
+export default expressMcpServer;

package/src/handleGetDelete.js

@@ -0,0 +1,31 @@
+/*
+ * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+async function handleGetDelete(mcpServer, cache, req, h) {
+    const sessionId = req.headers["mcp-session-id"];
+    console.error("Handling GET/DELETE for session ID:", sessionId);
+    let transports = cache.get("transports");
+    let transport = transports[sessionId];
+    if (!sessionId || transport == null) {
+        console.error('[Note] Looks like a fresh start - no session id or transport found');
+        h.abandon;
+    }
+
+     if (req.method === "GET") {
+        // You can customize the response as needed
+        await transport.handleRequest(req.raw.req, req.raw.res, req.payload);
+        return h.abandon;
+     }
+
+    if (req.method === "DELETE") {
+        console.error("Deleting transport and cache for session ID:", sessionId);
+        delete transports[sessionId];
+        cache.del(sessionId);
+        return h.response(`[Info] In DELETE: Session ID ${sessionId} deleted`).code(201);
+    }
+
+    
+}
+export default handleGetDelete;

package/src/handleRequest.js

@@ -0,0 +1,110 @@
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { randomUUID } from "node:crypto";
+import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
+
+async function handleRequest(mcpServer, cache, req, h, credentials) {
+  let headerCache = {};
+  let transport;
+  let transports = cache.get("transports");
+  try {
+
+    headerCache = customHeaders(req, h);
+    let sessionId = req.headers["mcp-session-id"];
+
+    // we have session id, get existing transport
+
+    if (sessionId != null) {
+      /* existing transport */
+      transport = transports[sessionId];
+      if (transport == null) {
+        h.response({ isError: true, content: [{ type: 'text', text: 'Session not found. Please re-initialize the MCP client.' }] }).code(400).type('application/json');
+        return h.abandon;
+      }
+    }
+      
+    if (sessionId != null && transport != null) {
+      // post the curren session - used to pass _appContext to tools
+      cache.set("currentId", sessionId);
+
+      // get app context for session
+      let _appContext = cache.get(sessionId);
+
+      //if first prompt on a sessionid, create app context
+
+      if (_appContext == null) {
+        console.error("[Note] Creating new app context for session ID:", sessionId);
+        let appEnvTemplate = cache.get("appEnvTemplate");
+        _appContext = Object.assign({}, appEnvTemplate, headerCache);
+        _appContext.contexts.oauthInfo = credentials;
+        cache.set(sessionId, _appContext);
+      }
+      console.error("[Note] Using existing transport for session ID:", sessionId);
+      debugger;
+      console.error("calling transport.handleRequest");
+      return await transport.handleRequest(req.raw.req, req.raw.res, req.payload);
+    }
+
+    // initialize request
+    else if (!sessionId && isInitializeRequest(req.payload)) {
+      // create transport
+      console.error("[Note] Initializing new transport for MCP request...");
+      transport = new StreamableHTTPServerTransport({
+        sessionIdGenerator: () => randomUUID(),
+        enableJsonResponse: true,
+        onsessioninitialized: (sessionId) => {
+          // Store the transport by session ID
+          transports[sessionId] = transport;
+        },
+      });
+      // Clean up transport when closed
+      transport.onclose = () => {
+        if (transport.sessionId) {
+          delete transports[transport.sessionId];
+        }
+      };
+      console.error("[Note] Connecting mcpServer to new transport...");
+      await mcpServer.connect(transport);
+   
+      // Save transport data and app context for use in tools
+       cache.set("transports", transports);
+      return await transport.handleRequest(req.raw.req, req.raw.res, req.payload);
+      // cache transport
+
+
+    }
+  }
+  catch (error) {
+    console.error("Error handling MCP request:", error);
+    let r = { isError: true, content: [{ type: 'text', text: 'Internal server error occurred while processing the request.' }] };
+    return h.response(r).code(500).type('application/json');
+  }
+  function customHeaders(req, h) {
+
+    // process any new header information
+
+    // Allow different VIYA server per sessionid(user)
+    let headerCache = {};
+    if (req.headers["X-VIYA-SERVER"] != null) {
+      console.error("[Note] Using user supplied VIYA server");
+      headerCache.VIYA_SERVER = req.header("X-VIYA-SERVER");
+    }
+
+    // used when doing autorization via mcp client
+    // ideal for production use
+    const hdr = req.headers["Authorization"];
+    if (hdr != null) {
+      headerCache.bearerToken = hdr.slice(7);
+      headerCache.AUTHFLOW = "bearer";
+    }
+
+    // faking out api key since Viya does not support 
+    // not ideal for production
+    const hdr2 = req.headers["X-REFRESH-TOKEN"];
+    if (hdr2 != null) {
+      headerCache.refreshToken = hdr2;
+      headerCache.AUTHFLOW = "refresh";
+    }
+    return headerCache;
+  }
+};
+export default handleRequest;

package/src/hapiMcpServer.js

@@ -0,0 +1,94 @@
+/*
+ * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import appServer from "@sassoftware/viya-serverjs";
+import handleRequest from "./handleRequest.js";
+import handleGetDelete from "./handleGetDelete.js";
+import urlOpen from "./urlOpen.js";
+
+
+async function hapiMcpServer(mcpServer, cache, baseAppEnvContext) {
+
+  console.error('Starting Hapi MCP server...');
+  console.error("[Note]: Hapi MCP server started...", baseAppEnvContext.AUTHFLOW);
+ let r = await appServer.asyncCore(mcpHandlers, true, 'app', null);
+ console.error('Hapi server running result:', r);
+  if (baseAppEnvContext.AUTHFLOW === 'code'){
+    await urlOpen(r);
+  }
+  return r;
+  
+  // add MCP handlers to the app server
+
+  function mcpHandlers() {
+    let routes = [
+      {
+        method: ["GET"],
+        path: "/health",
+        options: {
+          handler: async (req, h) => {
+            let health = {
+              name: "@sassoftware/mcp-server",
+              version: baseAppEnvContext.version,
+              description: "SAS Viya Sample MCP Server",
+              endpoints: {
+                mcp: "/mcp",
+                health: "/health",
+              },
+              usage:
+                "Use with MCP Inspector or compatible MCP clients like vscode or your own MCP client",
+            };
+            console.error("Health check requested, returning:", health);
+            return h.response(health).code(200).type('application/json');
+          },
+          auth: false,
+          description: "Help",
+          notes: "Help",
+          tags: ["app"],
+        }
+      },
+      {
+        method: ["POST"],
+        path: `/mcp`,
+        options: {
+          handler: async (req, h) => {
+            let precontext = req.pre.context;
+            let oauthInfo = (precontext != null) ? precontext.credentials : null;
+            await handleRequest(mcpServer, cache, req, h, oauthInfo);
+            return h.abandon;
+          },
+
+          auth: {
+            strategy: "session",
+            mode: 'try'
+          },
+          description: "The main route for MCP requests",
+          notes: "Requires a valid session",
+          tags: ["mcp"],
+        },
+      },
+      {
+        method: ["GET", "DELETE"],
+        path: `/mcp`,
+
+        options: {
+          handler: async (req, h) => {
+            await handleGetDelete(mcpServer, cache, req, h);
+            return h.abandon;
+          },
+          auth: {
+            strategy: "session",
+            mode: 'try'
+          },
+          description: "Handle GET and DELETE requests",
+          notes: "Will fail if no valid session",
+          tags: ["mcp"],
+        },
+      }
+
+    ];
+    return routes;
+  }
+}
+export default hapiMcpServer;

package/src/toolHelpers/getLogonPayload.js

@@ -5,6 +5,7 @@
 
 import getToken from "./getToken.js";
 import refreshToken from "./refreshToken.js";
+import refreshTokenOauth from "./refreshTokenOauth.js";
 
 async function getLogonPayload(_appContext) {
   _appContext.contexts.logonPayload = await igetLogonPayload(_appContext);
@@ -15,14 +16,32 @@ async function igetLogonPayload(_appContext) {
 
   // Use cached logonPayload if available
   // This will cause timeouts if the token expires
-  if (_appContext.logonPayload != null && _appContext.tokenRefresh !== true) {
+  if (_appContext.contexts.logonPayload != null && _appContext.tokenRefresh !== true) {
     console.error("[Note] Using cached logonPayload information");
     return _appContext.contexts.logonPayload;
   }
 
+  if (_appContext.AUTHFLOW === 'code') {
+    let oauthInfo = _appContext.contexts.oauthInfo;
+    if (oauthInfo == null) {
+      return null;
+    }
+    _appContext.contexts.oauthInfo = await refreshTokenOauth(_appContext, oauthInfo);
+    if (_appContext.contexts.oauthInfo == null) {
+      return null;
+    }
+    let logonPayload = {
+      host: _appContext.VIYA_SERVER,
+      authType: "server",
+      token: _appContext.contexts.oauthInfo.accessToken,
+      tokenType: "Bearer",
+    }
+    return  logonPayload;
+  }
+
   // Use user supplied bearer token 
   if (_appContext.AUTHFLOW === "bearer") {
-    console.error("[Note] Using user suplied bearer token ");
+    console.error("[Note] Using user supplied bearer token ");
     let logonPayload = {
       host: _appContext.VIYA_SERVER,
       authType: "server",
@@ -74,8 +93,8 @@ async function igetLogonPayload(_appContext) {
       authType: "password",
       user: _appContext.USERNAME,
       password: _appContext.PASSWORD,
-      clientID: _appContext.CLIENTID,
-      clientSecret: _appContext.CLIENTSECRET,
+      clientID: _appContext.CLIENTIDPW,
+      clientSecret: _appContext.CLIENTSECRETPW,
     };
 
     return logonPayload;
@@ -84,7 +103,7 @@ async function igetLogonPayload(_appContext) {
   // sascli auth flow - create from credentials file
   try {
     let { host, token } = await getToken(_appContext)
-    console.error("[Note] got refresh token from getToken() for host ", host);
+    console.error("[Note] Token refreshed ", host);
     let logonPayload = {
       host: host,
       authType: "server",

package/src/toolHelpers/getOpts.js

@@ -9,12 +9,19 @@
  * if this function return a null, coreehttp will create unsigned certs
  * @param {Object} _appContext - Application context containing SSLCERT property
  */
-import fs from 'fs';
+
+import readCerts from './readCerts.js';
 function getOpts(_appContext) {
-    
-     if (_appContext.tlsOpts != null) {
+
+    if (_appContext.tlsOpts != null) {
         return _appContext.tlsOpts;
     }
+    let r = readCerts(_appContext.SSLCERT);
+    _appContext.tlsOpts = r;
+    return r;
+
+
+    /*
     let tlsdir = _appContext.SSLCERT;
     if (tlsdir == null || tlsdir === 'NONE') {
         return null;
@@ -38,6 +45,7 @@ function getOpts(_appContext) {
     console.error('TLS FILES', Object.keys(options));
     _appContext.tlsOpts = options;
     return options;
-   
+    */
+
 }
 export default getOpts;

package/src/toolHelpers/getOptsViya.js

@@ -2,13 +2,18 @@
  * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0
  */
-import fs from 'fs';
+import readCerts from './readCerts.js';
 function getOptsViya(_appContext) {
-    
-     if (_appContext.contexts.viyaCert != null) {
+
+    if (_appContext.contexts.viyaCert != null) {
         console.error('[Note] Using cached viyaOpts');
         return _appContext.contexts.viyaCert;
     }
+    let r = readCerts(_appContext.VIYACERT);
+    _appContext.contexts.viyaCert = r;
+    return r;
+
+    /*
     let tlsdir = _appContext.VIYACERT;
     if (tlsdir == null || tlsdir === 'NONE') {
         return {};
@@ -33,6 +38,7 @@ function getOptsViya(_appContext) {
     console.error('VIYACERT FILES', Object.keys(options));
     _appContext.contexts.viyaCert = options;
     return options;
-   
+    */
+
 }
 export default getOptsViya;

package/src/toolHelpers/getStoreOpts.js

@@ -7,8 +7,6 @@ import getOptsViya from './getOptsViya.js';
 function getStoreOpts(_appContext) {
   
   let opts = getOptsViya(_appContext);
-
-  
   let storeOpts = {
     casProxy: true,
     httpOptions: { ...opts, rejectUnauthorized: true }

package/src/toolHelpers/getToken.js

@@ -11,20 +11,20 @@ async function getToken(_appContext) {
   if (_appContext.SAS_CLI_CONFIG != null) {
     homedir = _appContext.SAS_CLI_CONFIG;
   }
- console.error(os.platform());
+
   let sep = (os.platform() === 'win32') ? '\\' : '/';
-  console.error('Using sep: ' + sep);
   let credentials = homedir + sep + '.sas' + sep + 'credentials.json';
   let url = homedir + sep + '.sas' + sep + 'config.json';
   console.error('[Note] Using credentials file: ' + credentials);
   console.error('[Note] Using config file: ' + url);
-
+  let profile = (_appContext.SAS_CLI_PROFILE == null || _appContext.SAS_CLI_PROFILE.toLowerCase() === 'default')
+      ? 'Default' : _appContext.SAS_CLI_PROFILE;
+  console.error('[Note] Using SASCLI profile: ' + profile);
   try {
 
     let j = fs.readFileSync(credentials, 'utf8');
     let js = JSON.parse(j);
-    let profile = (_appContext.SAS_CLI_PROFILE == null || _appContext.SAS_CLI_PROFILE.toLowerCase() === 'default')
-      ? 'Default' : _appContext.SAS_CLI_PROFILE;
+    
     let refresh_token = js[profile]['refresh-token'];
     j = fs.readFileSync(url, 'utf8');
     js = JSON.parse(j);

package/src/toolHelpers/readCerts.js

@@ -0,0 +1,33 @@
+/**
+ * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import fs from 'fs';
+function getCerts(tlsdir) {
+
+    if (tlsdir == null || tlsdir === 'NONE') {
+        return null;
+    }
+
+    console.log(`[Note] Reading certs from directory: ` + tlsdir);
+    if (fs.existsSync(tlsdir) === false) {
+        console.error("[Warning] Specified cert dir does not exist: " + tlsdir);
+        return null;
+    }
+
+    let listOfFiles = fs.readdirSync(tlsdir);
+    console.log("[Note] TLS/SSL files found: " + listOfFiles);
+    let options = {};
+    for(let i=0; i < listOfFiles.length; i++) {
+        let fname = listOfFiles[i];
+        let name = tlsdir + '/' + listOfFiles[i];
+        let key = fname.split('.')[0];
+        console.log('Reading TLS file: ' + name + ' as key: ' + key);
+        options[key] = fs.readFileSync(name, { encoding: 'utf8' });
+    }
+    console.log('cert files', Object.keys(options));
+    
+    return options;
+   
+}
+export default getCerts;

package/src/toolHelpers/refreshTokenOauth.js

@@ -0,0 +1,53 @@
+ /*
+ * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+ import { Agent, fetch } from 'undici';
+ import getOpts from './getOpts.js';
+ async function refreshTokenOauth(_appContext, oauthInfo ){
+ 
+    const url = `${process.env.VIYA_SERVER}/SASLogon/oauth/token`;
+    let opts = getOpts(_appContext);
+
+    const agent = new Agent({
+      connect: opts
+    });
+    
+    let bodyObject = {
+      grant_type: 'refresh_token',
+      refresh_token: oauthInfo.refreshToken,
+      client_id: _appContext.CLIENTID,
+      client_secret: _appContext.CLIENTSECRET
+    }
+    const body = new URLSearchParams(bodyObject);
+    try {
+      const response = await fetch(url, {
+        method: 'POST',
+        headers: {
+          'Accept': 'application/json',
+          'Content-Type': 'application/x-www-form-urlencoded',
+          dispatcher: agent
+        },
+        body: body.toString()
+      });
+
+      if (!response.ok) {
+        const error = await response.text();
+        console.error('[Error] Failed to refresh token: ', error);
+        throw new Error(error);
+      }
+
+      const data = await response.json();
+      let newauthInfo = {
+        accessToken: data.access_token,
+        refreshToken: data.refresh_token,
+        expiresIn: data.expires_in
+      }
+      return newauthInfo;
+    } catch (err) {
+      console.error('[Error] Failed to refresh token: ', err);
+      return null;
+    }
+  }
+  
+  export default refreshTokenOauth;

package/src/toolSet/findJob.js

@@ -9,6 +9,7 @@ function findJob(_appContext) {
   "purpose": "Map natural language requests to find a job in SAS Viya and return structured results.",
   "param_mapping": {
     "name": "required - single name. If missing, ask 'Which job name would you like to find?'.",
+    "_userPrompt": "the original user prompt that triggered this tool."
 
   },
   "response_schema": "{ jobs: Array<string|object> }",
@@ -77,7 +78,8 @@ function findJob(_appContext) {
     aliases: ['findJob','find job','find_job'],
     description: description,
     schema: {
-      name: z.string()
+      name: z.string(),
+      _userPrompt: z.string()
     },
     required: ['name'],
     handler: async (params) => {

package/src/urlOpen.js

@@ -0,0 +1,13 @@
+/*
+ * Copyright © 2026, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import open from 'open';
+
+async function urlOpen(url) {
+  
+  console.error(`[Note]Opening URL: ${url} for user authentication`); 
+  await open(url, {wait:true});
+  console.error(`[Note] User has closed the informational window after authentication.`);
+}
+export default urlOpen;