@sassoftware/sas-score-mcp-serverjs 0.1.1 → 0.2.1-0

package/.env

@@ -1,19 +1,23 @@
 
 PORT=8080
-HTTPS=TRUE
-MCPTYPE=stdio
+HTTPS=true
+MCPTYPE=http
+USELOGON=FALSE
+USETOKEN=TRUE
+APPNAME=mcpserver
+APPHOST=localhost
+APPPORT=8080
+    
+CLIENTID=mcpserver
+CLIENTSECRET=jellico
 
-# Sample values shown below
-VIYA_SERVER=<viya usl>
-AUTHFLOW=password
-USERNAME=sastest1
-PASSWORD=<some_password>
-CLIENTID=mcppw
-CLIENTSECRET=xxxxx
+AUTHFLOW=sascli
 SAS_CLI_PROFILE=00m
 SAS_CLI_CONFIG=c:\Users\kumar
 SSLCERT=c:\Users\kumar\.tls 
 VIYACERT=c:\Users\kumar\viyaCert
 CAS_SERVER=cas-shared-default
 COMPUTECONTEXT=SAS Job Execution compute context
+SAMESITE=Lax,false
+AUTOSTART=TRUE
 

package/CHANGES.md

@@ -1,2 +1,8 @@
 # Changes
 All notable changes to this project will be documented in this file in accordance with semantic versioning.
+
+## V 0.2.0
+
+1. Added support for authorization_code flow.(AUTHFLOW=code)
+2. Logon dialog is auto started.
+3. Marked as experimental until further testing is completed.

package/Public/index.html

@@ -0,0 +1,70 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>sas-score-mcp-server</title>
+    <style>
+        * {
+            margin: 0;
+            padding: 0;
+            box-sizing: border-box;
+        }
+
+        body {
+            font-family: Arial, sans-serif;
+            height: 100vh;
+            overflow: hidden;
+        }
+
+        dialog {
+            position: fixed;
+            left: 50%;
+            right: auto;
+            top: 0;
+            transform: translateX(-50%);
+            width: fit-content;
+            height: fit-content;
+            border: none;
+            border-radius: 4px;
+            padding: 16px;
+            box-shadow: 0 6px 20px rgba(0, 0, 0, 0.3);
+        }
+
+        dialog::backdrop {
+            background-color: rgba(0, 0, 0, 0.1);
+        }
+
+        dialog h2 {
+            font-size: 18px;
+            margin-bottom: 12px;
+            color: #000;
+        }
+
+        dialog p {
+            font-family: 'Courier New', monospace;
+            font-size: 12px;
+            width: fit-content;
+            line-height: 1.6;
+            color: #333;
+            word-wrap: break-word;
+            white-space: pre-wrap;
+        }
+
+        /* Window styling to show it's 10px larger than dialog */
+        body::before {
+            display: none;
+        }
+    </style>
+</head>
+<body>
+    <dialog open>
+        <h2>sas-score-mcp-server</h2>
+        <p>The mcp server is now ready for use. </p>
+        <p>You can close this window</p>
+        <p>For information on the tools see this documentation link:</p>
+            <a href="https://github.com/sassoftware/sas-score-mcp-serverjs/wiki   " target="_blank">Summary of tools  </a>
+    </p>
+    </dialog>
+</body>
+</html>

package/README.md

@@ -130,8 +130,66 @@ Set the env TOKENFILE to a file containing the token.
 There seems to be a pattern of using a long-lived token.
 If this is your use case, set the TOKENFILE to a file containing this token.
 
-### Oauth
-This is under development.
+### Oauth - (experimental) Authentication handled by the mcp server
+
+In this approach, the mcp client does not participate in the Oauth authentication process. It is handled by the mcp server at startup.
+
+> This is marked as experimental since there can be timing issues between the mcp client and server. This needs to be investigated further.
+
+#### SAS viya setup.
+
+Create a Oauth client  with the following properties
+
+```js
+{
+  auth flow: authorization_code
+  clientid: <your client id>
+  clientsecret: <some client secret - pkce not supported at this time>
+  redirect: https://localhost:8080/mcpserver
+}
+
+#### Use an .env file as follows(sample values shown)
+
+```env
+
+PORT=8080
+HTTPS=true
+MCPTYPE=http
+USELOGON=FALSE
+USETOKEN=TRUE
+APPNAME=mcpserver
+APPHOST=localhost
+APPPORT=8080
+
+CLIENTID=mcpserver
+CLIENTSECRET=jellico
+AUTHFLOW=code
+SSLCERT=c:\Users\kumar\.tls 
+VIYACERT=c:\Users\kumar\viyaCert
+CAS_SERVER=cas-shared-default
+COMPUTECONTEXT=SAS Job Execution compute context
+SAMESITE=Lax,false
+
+```
+
+#### Usage
+
+Start the server with this command:
+
+```sh
+npx @sassoftware/sas-score-mcp-serverjs@latest
+```
+
+Then visit this site on your browser:
+
+```sh
+https://localhost:8080/mcpserver
+```
+
+You will be prompted to logon to SAS Viya.
+A dialog will be displayed if the logon was successful.
+Icon this window and proceed to your mcp client
+
 
 ## Transport Methods
 This server supports both stdio and http transport methods.

package/cli.js

@@ -8,7 +8,9 @@
 
 
 import coreSSE from './src/coreSSE.js';
-import corehttp from './src/corehttp.js';
+import expressMcpServer from './src/expressMcpServer.js';
+import hapiMcpServer from './src/hapiMcpServer.js';
+
 import createMcpServer from './src/createMcpServer.js';
 // import dotenvExpand from 'dotenv-expand';
 import fs from 'fs';
@@ -38,7 +40,7 @@ if (process.env.ENVFILE === 'NONE') {
     let e = iconfig(envf); // avoid dotenv since it writes to console.log
     console.error('[Note]: Environment variables loaded from .env file...');
     console.error('Loaded env variables:', e);
-   // dotenvExpand.expand(e);
+    // dotenvExpand.expand(e);
   } else {
     console.error(
       '[Note]: No .env file found, Using default environment variables...'
@@ -90,14 +92,16 @@ if (process.env.SUBCLASS != null) {
 // setup base appEnv 
 // for stdio this is the _appContext
 // for http each session a copy of this as appEnvTemplate is created in corehttp
+
+// backward compability variables
+let clientID = process.env.CLIENTID || process.env.CLIENTIDPW || null;
+let clientSecret = process.env.CLIENTSECRET || process.env.CLIENTSECRETPW || null;
+let https = process.env.HTTPS != null ? process.env.HTTPS.toUpperCase() : "FALSE";
 const appEnvBase = {
   version: version,
-  mcpType: mcpType,
+  mcpType: mcpType, 
   brand: (process.env.BRAND == null) ? BRAND : process.env.BRAND,
-  HTTPS:
-    process.env.HTTPS != null && process.env.HTTPS.toUpperCase() === 'TRUE'
-      ? true
-      : false,
+  HTTPS: https,
   SAS_CLI_PROFILE: process.env.SAS_CLI_PROFILE || 'Default',
   SAS_CLI_CONFIG: process.env.SAS_CLI_CONFIG || process.env.HOME, // default to user home directory
   SSLCERT: process.env.SSLCERT || null,
@@ -108,8 +112,10 @@ const appEnvBase = {
   PORT: process.env.PORT || 8080,
   USERNAME: process.env.USERNAME || null,
   PASSWORD: process.env.PASSWORD || null,
-  CLIENTID: process.env.CLIENTID|| null,
-  CLIENTSECRET: process.env.CLIENTSECRET || null,
+  CLIENTID: clientID,
+  CLIENTSECRET: clientSecret,
+  PKCE: process.env.PKCE || null,
+
   TOKEN: process.env.TOKEN || null,
   REFRESH_TOKEN: process.env.REFRESH_TOKEN || null,
   TOKENFILE: process.env.TOKENFILE || null,
@@ -136,9 +142,19 @@ const appEnvBase = {
   logonPayload: null,
   bearerToken: null,
   tlsOpts: null,
+  oauthInfo: null,
   contexts: {
+    host: process.env.VIYA_SERVER,
+    APPHOST: process.env.APPHOST || 'localhost',
+    APPNAME: process.env.APPNAME || 'mcpServer',
+    PORT: process.env.APPPORT || 8080,
+    HTTPS: https,
     store: null, /* for restaf users */
     storeConfig: {},
+    oauthInfo: null,
+    CLIENTID: clientID,
+    CLIENTSECRET: clientSecret,
+    pkce: process.env.PKCE || null,
     casSession: null, /* restaf cas session object */
     computeSession: null, /* restaf compute session object */
     viyaCert: null, /* ssl/tsl certificates to connect to viya */
@@ -166,7 +182,7 @@ if (appEnvBase.TOKENFILE != null) {
     console.error(`[Note]Loading token from file: ${appEnvBase.TOKENFILE}...`);
     appEnvBase.TOKEN = fs.readFileSync(appEnvBase.TOKENFILE, { encoding: 'utf8' });
     appEnvBase.AUTHFLOW = 'token';
-    appEnvBase.contexts.logonPayload = {
+    appEnvBase.appContexts.logonPayload = {
       host: appEnvBase.VIYA_SERVER,
       authType: 'server',
       token: appEnvBase.TOKEN,
@@ -192,6 +208,7 @@ if (appEnvBase.REFRESH_TOKEN != null) {
   }
 }
 
+// if authflow is cli or code, postpone getting logonPayload until needed
 
 
 // setup mcpServer (both http and stdio use this)
@@ -209,6 +226,7 @@ sessionCache.set('transports', transports);
 
 // set this for stdio transport use
 // dummy sessionId for use in the tools  
+let useHapi = process.env.AUTHFLOW === 'code' ? true : false;
 if (mcpType === 'stdio') {
   let sessionId = randomUUID();
   sessionCache.set('currentId', sessionId);
@@ -219,31 +237,36 @@ if (mcpType === 'stdio') {
 
 } else {
   console.error('[Note] Starting HTTP MCP server...');
-  await corehttp(mcpServer, sessionCache, appEnvBase);
-  console.error('[Note] MCP HTTP server started on port ' + appEnvBase.PORT);
+  if (useHapi === true) {
+    await hapiMcpServer(mcpServer, sessionCache, appEnvBase);
+    console.error('[Note] Using HAPI HTTP server...')
+  } else {
+    await expressMcpServer(mcpServer, sessionCache, appEnvBase);
+    console.error('[Note] MCP HTTP server started on port ' + appEnvBase.PORT);
+  }
 }
 
 // custom reader for .env file to avoid dotenv logging to console
 function iconfig(envFile) {
-	try {
-		let data = fs.readFileSync(envFile, 'utf8');
-		let d = data.split(/\r?\n/);
+  try {
+    let data = fs.readFileSync(envFile, 'utf8');
+    let d = data.split(/\r?\n/);
     let envData = {};
-		d.forEach(l => {
-			if (l.length > 0 && l.indexOf('#') === -1) {
-				let la = l.split('=');
-				let envName = la[0];
-				if (la.length === 2 && la[1].length > 0) {
-					let t = la[1].trim();
-					process.env[envName] = t;
+    d.forEach(l => {
+      if (l.length > 0 && l.indexOf('#') === -1) {
+        let la = l.split('=');
+        let envName = la[0];
+        if (la.length === 2 && la[1].length > 0) {
+          let t = la[1].trim();
+          process.env[envName] = t;
           envData[envName] = t;
-				}
-			}
-		});
+        }
+      }
+    });
     return envData;
-	} catch (err) {
-		console.log(err);
-		process.exit(0);
-	}
+  } catch (err) {
+    console.log(err);
+    process.exit(0);
+  }
 }
 

package/mcpConfigurations/stdio.json

@@ -4,11 +4,11 @@
 			"type": "stdio",
 			"command": "npx",
 			"args": [
-				"@sassoftware/sas-score-mcp-serverjs@alpha"
+				"@sassoftware/sas-score-mcp-serverjs@latest"
 			],
 			"env": {
 				"MCPTYPE": "stdio",
-				"AUTHFLOW": "sascli", 
+				"AUTHFLOW": "password", 
 				"SAS_CLI_PROFILE": "cis",
 				"SAS_CLI_CONFIG": "c:\\Users\\kumar",
 				"SSLCERT": "c:\\Users\\kumar\\.tls",

package/mcpConfigurations/stdiodev.json

@@ -4,7 +4,7 @@
 			"type": "stdio",
 			"command": "node",
 			"args": [
-				"c:\\dev\\gitlab\\mcp-serverjs\\cli.js"
+				"c:\\dev\\github\\mcp-serverjs\\cli.js"
 			],
 			"env": {
 				"MCPTYPE": "stdio",
@@ -12,6 +12,7 @@
 				"SAS_CLI_PROFILE": "00m",
 				"SAS_CLI_CONFIG": "c:\\Users\\kumar",
 				"SSLCERT": "c:\\Users\\kumar\\.tls",
+				"VIYACERT": "c:\\Users\\kumar\\.tls",
 				"COMPUTECONTEXT": "SAS Job Execution compute context",
 				"CAS_SERVER": "cas-shared-default"
 			}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sassoftware/sas-score-mcp-serverjs",
-  "version": "0.1.1",
+  "version": "0.2.1-0",
   "description": "A mcp server for SAS Viya",
   "author": "Deva Kumar <deva.kumar@sas.com>",
   "license": "Apache-2.0",
@@ -40,6 +40,7 @@
     "@sassoftware/restaf": "^5.6.0",
     "@sassoftware/restafedit": "^3.11.1-10",
     "@sassoftware/restaflib": "^5.6.0",
+    "@sassoftware/viya-serverjs": "^0.6.1-5",
     "axios": "^1.13.2",
     "body-parser": "^2.2.1",
     "cors": "^2.8.5",
@@ -51,6 +52,8 @@
     "helmet": "^8.1.0",
     "mcp-framework": "^0.2.16",
     "node-cache": "^5.1.2",
+    "open": "^11.0.0",
+    "puppeteer": "^24.34.0",
     "selfsigned": "^5.2.0",
     "undici": "^7.16.0",
     "uuid": "^13.0.0",

package/src/createMcpServer.js

@@ -16,7 +16,7 @@ import makeTools from "./toolSet/makeTools.js";
 import getLogonPayload from "./toolHelpers/getLogonPayload.js";
 
 async function createMcpServer(cache, _appContext) {
-  
+
   let mcpServer = new McpServer(
     {
       name: "sasmcp",
@@ -40,20 +40,31 @@ async function createMcpServer(cache, _appContext) {
     let _appContext = cache.get(currentId);
     let params;
     // get Viya token 
+
+    let errorStatus = cache.get('errorStatus');
+    if (errorStatus) {
+      return { isError: true, content: [{ type: 'text', text: errorStatus }] }
+    };
+    if (_appContext.AUTHFLOW === 'code' && _appContext.contexts.oauthInfo == null) {
+      return { isError: true, content: [{ type: 'text', text: 'Please visit https://localhost:8080/mcpserver to connect to Viya. Then try again.' }] }
+    }
+    console.error("Getting logon payload for tool with session ID:", currentId);
     _appContext.contexts.logonPayload = await getLogonPayload(_appContext);
     if (_appContext.contexts.logonPayload == null) {
       return { isError: true, content: [{ type: 'text', text: 'Unable to get authentication token for SAS Viya. Please check your configuration.' }] }
+
     }
 
-  // create enhanced appContext for tool
-  if (args == null) {
-    params = {_appContext: _appContext.contexts};
-  } else {
-    params = Object.assign({}, args, {_appContext: _appContext.contexts});
-  }
-  
-  // call the actual tool handler
-    let r = await builtin(params); 
+    // create enhanced appContext for tool
+    if (args == null) {
+      params = { _appContext: _appContext.contexts };
+    } else {
+      params = Object.assign({}, args, { _appContext: _appContext.contexts });
+    }
+
+    // call the actual tool handler
+    debugger;
+    let r = await builtin(params);
     return r;
   }
 
@@ -62,9 +73,9 @@ async function createMcpServer(cache, _appContext) {
   let toolNames = [];
   toolSet.forEach((tool, i) => {
     let toolName = _appContext.brand + '-' + tool.name;
-   // console.error(`\n[Note] Registering tool ${i + 1} : ${toolName}`);
+    // console.error(`\n[Note] Registering tool ${i + 1} : ${toolName}`);
     let toolHandler = wrapf(cache, tool.handler);
-   
+
     mcpServer.tool(toolName, tool.description, tool.schema, toolHandler);
     toolNames.push(toolName);
   });

package/src/{corehttp.js → expressMcpServer.js}

@@ -21,7 +21,7 @@ import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
 
 // setup express server
 
-async function corehttp(mcpServer, cache, currentAppEnvContext) {
+async function expressMcpServer(mcpServer, cache, currentAppEnvContext) {
   // setup for change to persistence session
   let headerCache = {};
 
@@ -334,4 +334,4 @@ async function corehttp(mcpServer, cache, currentAppEnvContext) {
   }
 }
 
-export default corehttp;
+export default expressMcpServer;

package/src/handleGetDelete.js

@@ -0,0 +1,31 @@
+/*
+ * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+async function handleGetDelete(mcpServer, cache, req, h) {
+    const sessionId = req.headers["mcp-session-id"];
+    console.error("Handling GET/DELETE for session ID:", sessionId);
+    let transports = cache.get("transports");
+    let transport = transports[sessionId];
+    if (!sessionId || transport == null) {
+        console.error('[Note] Looks like a fresh start - no session id or transport found');
+        h.abandon;
+    }
+
+     if (req.method === "GET") {
+        // You can customize the response as needed
+        await transport.handleRequest(req.raw.req, req.raw.res, req.payload);
+        return h.abandon;
+     }
+
+    if (req.method === "DELETE") {
+        console.error("Deleting transport and cache for session ID:", sessionId);
+        delete transports[sessionId];
+        cache.del(sessionId);
+        return h.response(`[Info] In DELETE: Session ID ${sessionId} deleted`).code(201);
+    }
+
+    
+}
+export default handleGetDelete;

package/src/handleRequest.js

@@ -0,0 +1,110 @@
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { randomUUID } from "node:crypto";
+import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
+
+async function handleRequest(mcpServer, cache, req, h, credentials) {
+  let headerCache = {};
+  let transport;
+  let transports = cache.get("transports");
+  try {
+
+    headerCache = customHeaders(req, h);
+    let sessionId = req.headers["mcp-session-id"];
+
+    // we have session id, get existing transport
+
+    if (sessionId != null) {
+      /* existing transport */
+      transport = transports[sessionId];
+      if (transport == null) {
+        h.response({ isError: true, content: [{ type: 'text', text: 'Session not found. Please re-initialize the MCP client.' }] }).code(400).type('application/json');
+        return h.abandon;
+      }
+    }
+      
+    if (sessionId != null && transport != null) {
+      // post the curren session - used to pass _appContext to tools
+      cache.set("currentId", sessionId);
+
+      // get app context for session
+      let _appContext = cache.get(sessionId);
+
+      //if first prompt on a sessionid, create app context
+
+      if (_appContext == null) {
+        console.error("[Note] Creating new app context for session ID:", sessionId);
+        let appEnvTemplate = cache.get("appEnvTemplate");
+        _appContext = Object.assign({}, appEnvTemplate, headerCache);
+        _appContext.contexts.oauthInfo = credentials;
+        cache.set(sessionId, _appContext);
+      }
+      console.error("[Note] Using existing transport for session ID:", sessionId);
+      debugger;
+      console.error("calling transport.handleRequest");
+      return await transport.handleRequest(req.raw.req, req.raw.res, req.payload);
+    }
+
+    // initialize request
+    else if (!sessionId && isInitializeRequest(req.payload)) {
+      // create transport
+      console.error("[Note] Initializing new transport for MCP request...");
+      transport = new StreamableHTTPServerTransport({
+        sessionIdGenerator: () => randomUUID(),
+        enableJsonResponse: true,
+        onsessioninitialized: (sessionId) => {
+          // Store the transport by session ID
+          transports[sessionId] = transport;
+        },
+      });
+      // Clean up transport when closed
+      transport.onclose = () => {
+        if (transport.sessionId) {
+          delete transports[transport.sessionId];
+        }
+      };
+      console.error("[Note] Connecting mcpServer to new transport...");
+      await mcpServer.connect(transport);
+   
+      // Save transport data and app context for use in tools
+       cache.set("transports", transports);
+      return await transport.handleRequest(req.raw.req, req.raw.res, req.payload);
+      // cache transport
+
+
+    }
+  }
+  catch (error) {
+    console.error("Error handling MCP request:", error);
+    let r = { isError: true, content: [{ type: 'text', text: 'Internal server error occurred while processing the request.' }] };
+    return h.response(r).code(500).type('application/json');
+  }
+  function customHeaders(req, h) {
+
+    // process any new header information
+
+    // Allow different VIYA server per sessionid(user)
+    let headerCache = {};
+    if (req.headers["X-VIYA-SERVER"] != null) {
+      console.error("[Note] Using user supplied VIYA server");
+      headerCache.VIYA_SERVER = req.header("X-VIYA-SERVER");
+    }
+
+    // used when doing autorization via mcp client
+    // ideal for production use
+    const hdr = req.headers["Authorization"];
+    if (hdr != null) {
+      headerCache.bearerToken = hdr.slice(7);
+      headerCache.AUTHFLOW = "bearer";
+    }
+
+    // faking out api key since Viya does not support 
+    // not ideal for production
+    const hdr2 = req.headers["X-REFRESH-TOKEN"];
+    if (hdr2 != null) {
+      headerCache.refreshToken = hdr2;
+      headerCache.AUTHFLOW = "refresh";
+    }
+    return headerCache;
+  }
+};
+export default handleRequest;

package/src/hapiMcpServer.js

@@ -0,0 +1,89 @@
+/*
+ * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import appServer from "@sassoftware/viya-serverjs";
+import handleRequest from "./handleRequest.js";
+import handleGetDelete from "./handleGetDelete.js";
+import urlOpen from "./urlOpen.js";
+//import { auth } from "@modelcontextprotocol/sdk/client/auth.js";
+
+async function hapiMcpServer(mcpServer, cache, baseAppEnvContext) {
+
+  console.error(appServer);
+  appServer(mcpHandlers, true, 'app', null);
+  if (process.env.AUTOSTART === 'TRUE') {
+    await urlOpen();
+  }
+
+  function mcpHandlers() {
+    let routes = [
+      {
+        method: ["GET"],
+        path: "/health",
+        options: {
+          handler: async (req, h) => {
+            let health = {
+              name: "@sassoftware/mcp-server",
+              version: baseAppEnvContext.version,
+              description: "SAS Viya Sample MCP Server",
+              endpoints: {
+                mcp: "/mcp",
+                health: "/health",
+              },
+              usage:
+                "Use with MCP Inspector or compatible MCP clients like vscode or your own MCP client",
+            };
+            console.error("Health check requested, returning:", health);
+            return h.response(health).code(200).type('application/json');
+          },
+          auth: false,
+          description: "Help",
+          notes: "Help",
+          tags: ["app"],
+        }
+      },
+      {
+        method: ["POST"],
+        path: `/mcp`,
+        options: {
+          handler: async (req, h) => {
+            let precontext = req.pre.context;
+            let oauthInfo = (precontext != null) ? precontext.credentials : null;
+            await handleRequest(mcpServer, cache, req, h, oauthInfo);
+            return h.abandon;
+          },
+
+          auth: {
+            strategy: "session",
+            mode: 'try'
+          },
+          description: "The main route for MCP requests",
+          notes: "Requires a valid session",
+          tags: ["mcp"],
+        },
+      },
+      {
+        method: ["GET", "DELETE"],
+        path: `/mcp`,
+
+        options: {
+          handler: async (req, h) => {
+            await handleGetDelete(mcpServer, cache, req, h);
+            return h.abandon;
+          },
+          auth: {
+            strategy: "session",
+            mode: 'try'
+          },
+          description: "Handle GET and DELETE requests",
+          notes: "Will fail if no valid session",
+          tags: ["mcp"],
+        },
+      }
+
+    ];
+    return routes;
+  }
+}
+export default hapiMcpServer;

package/src/toolHelpers/getLogonPayload.js

@@ -5,6 +5,7 @@
 
 import getToken from "./getToken.js";
 import refreshToken from "./refreshToken.js";
+import refreshTokenOauth from "./refreshTokenOauth.js";
 
 async function getLogonPayload(_appContext) {
   _appContext.contexts.logonPayload = await igetLogonPayload(_appContext);
@@ -15,14 +16,32 @@ async function igetLogonPayload(_appContext) {
 
   // Use cached logonPayload if available
   // This will cause timeouts if the token expires
-  if (_appContext.logonPayload != null && _appContext.tokenRefresh !== true) {
+  if (_appContext.contexts.logonPayload != null && _appContext.tokenRefresh !== true) {
     console.error("[Note] Using cached logonPayload information");
     return _appContext.contexts.logonPayload;
   }
 
+  if (_appContext.AUTHFLOW === 'code') {
+    let oauthInfo = _appContext.contexts.oauthInfo;
+    if (oauthInfo == null) {
+      return null;
+    }
+    _appContext.contexts.oauthInfo = await refreshTokenOauth(_appContext, oauthInfo);
+    if (_appContext.contexts.oauthInfo == null) {
+      return null;
+    }
+    let logonPayload = {
+      host: _appContext.VIYA_SERVER,
+      authType: "server",
+      token: _appContext.contexts.oauthInfo.accessToken,
+      tokenType: "Bearer",
+    }
+    return  logonPayload;
+  }
+
   // Use user supplied bearer token 
   if (_appContext.AUTHFLOW === "bearer") {
-    console.error("[Note] Using user suplied bearer token ");
+    console.error("[Note] Using user supplied bearer token ");
     let logonPayload = {
       host: _appContext.VIYA_SERVER,
       authType: "server",
@@ -74,8 +93,8 @@ async function igetLogonPayload(_appContext) {
       authType: "password",
       user: _appContext.USERNAME,
       password: _appContext.PASSWORD,
-      clientID: _appContext.CLIENTID,
-      clientSecret: _appContext.CLIENTSECRET,
+      clientID: _appContext.CLIENTIDPW,
+      clientSecret: _appContext.CLIENTSECRETPW,
     };
 
     return logonPayload;
@@ -84,7 +103,7 @@ async function igetLogonPayload(_appContext) {
   // sascli auth flow - create from credentials file
   try {
     let { host, token } = await getToken(_appContext)
-    console.error("[Note] got refresh token from getToken() for host ", host);
+    console.error("[Note] Token refreshed ", host);
     let logonPayload = {
       host: host,
       authType: "server",

package/src/toolHelpers/getOpts.js

@@ -9,12 +9,19 @@
  * if this function return a null, coreehttp will create unsigned certs
  * @param {Object} _appContext - Application context containing SSLCERT property
  */
-import fs from 'fs';
+
+import readCerts from './readCerts.js';
 function getOpts(_appContext) {
-    
-     if (_appContext.tlsOpts != null) {
+
+    if (_appContext.tlsOpts != null) {
         return _appContext.tlsOpts;
     }
+    let r = readCerts(_appContext.SSLCERT);
+    _appContext.tlsOpts = r;
+    return r;
+
+
+    /*
     let tlsdir = _appContext.SSLCERT;
     if (tlsdir == null || tlsdir === 'NONE') {
         return null;
@@ -38,6 +45,7 @@ function getOpts(_appContext) {
     console.error('TLS FILES', Object.keys(options));
     _appContext.tlsOpts = options;
     return options;
-   
+    */
+
 }
 export default getOpts;

package/src/toolHelpers/getOptsViya.js

@@ -2,13 +2,18 @@
  * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0
  */
-import fs from 'fs';
+import readCerts from './readCerts.js';
 function getOptsViya(_appContext) {
-    
-     if (_appContext.contexts.viyaCert != null) {
+
+    if (_appContext.contexts.viyaCert != null) {
         console.error('[Note] Using cached viyaOpts');
         return _appContext.contexts.viyaCert;
     }
+    let r = readCerts(_appContext.VIYACERT);
+    _appContext.contexts.viyaCert = r;
+    return r;
+
+    /*
     let tlsdir = _appContext.VIYACERT;
     if (tlsdir == null || tlsdir === 'NONE') {
         return {};
@@ -33,6 +38,7 @@ function getOptsViya(_appContext) {
     console.error('VIYACERT FILES', Object.keys(options));
     _appContext.contexts.viyaCert = options;
     return options;
-   
+    */
+
 }
 export default getOptsViya;

package/src/toolHelpers/getStoreOpts.js

@@ -7,8 +7,6 @@ import getOptsViya from './getOptsViya.js';
 function getStoreOpts(_appContext) {
   
   let opts = getOptsViya(_appContext);
-
-  
   let storeOpts = {
     casProxy: true,
     httpOptions: { ...opts, rejectUnauthorized: true }

package/src/toolHelpers/readCerts.js

@@ -0,0 +1,33 @@
+/**
+ * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import fs from 'fs';
+function getCerts(tlsdir) {
+
+    if (tlsdir == null || tlsdir === 'NONE') {
+        return null;
+    }
+
+    console.log(`[Note] Reading certs from directory: ` + tlsdir);
+    if (fs.existsSync(tlsdir) === false) {
+        console.error("[Warning] Specified cert dir does not exist: " + tlsdir);
+        return null;
+    }
+
+    let listOfFiles = fs.readdirSync(tlsdir);
+    console.log("[Note] TLS/SSL files found: " + listOfFiles);
+    let options = {};
+    for(let i=0; i < listOfFiles.length; i++) {
+        let fname = listOfFiles[i];
+        let name = tlsdir + '/' + listOfFiles[i];
+        let key = fname.split('.')[0];
+        console.log('Reading TLS file: ' + name + ' as key: ' + key);
+        options[key] = fs.readFileSync(name, { encoding: 'utf8' });
+    }
+    console.log('cert files', Object.keys(options));
+    
+    return options;
+   
+}
+export default getCerts;

package/src/toolHelpers/refreshTokenOauth.js

@@ -0,0 +1,53 @@
+ /*
+ * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+ import { Agent, fetch } from 'undici';
+ import getOpts from './getOpts.js';
+ async function refreshTokenOauth(_appContext, oauthInfo ){
+ 
+    const url = `${process.env.VIYA_SERVER}/SASLogon/oauth/token`;
+    let opts = getOpts(_appContext);
+
+    const agent = new Agent({
+      connect: opts
+    });
+    
+    let bodyObject = {
+      grant_type: 'refresh_token',
+      refresh_token: oauthInfo.refreshToken,
+      client_id: _appContext.CLIENTID,
+      client_secret: _appContext.CLIENTSECRET
+    }
+    const body = new URLSearchParams(bodyObject);
+    try {
+      const response = await fetch(url, {
+        method: 'POST',
+        headers: {
+          'Accept': 'application/json',
+          'Content-Type': 'application/x-www-form-urlencoded',
+          dispatcher: agent
+        },
+        body: body.toString()
+      });
+
+      if (!response.ok) {
+        const error = await response.text();
+        console.error('[Error] Failed to refresh token: ', error);
+        throw new Error(error);
+      }
+
+      const data = await response.json();
+      let newauthInfo = {
+        accessToken: data.access_token,
+        refreshToken: data.refresh_token,
+        expiresIn: data.expires_in
+      }
+      return newauthInfo;
+    } catch (err) {
+      console.error('[Error] Failed to refresh token: ', err);
+      return null;
+    }
+  }
+  
+  export default refreshTokenOauth;

package/src/toolSet/findJob.js

@@ -9,6 +9,7 @@ function findJob(_appContext) {
   "purpose": "Map natural language requests to find a job in SAS Viya and return structured results.",
   "param_mapping": {
     "name": "required - single name. If missing, ask 'Which job name would you like to find?'.",
+    "_userPrompt": "the original user prompt that triggered this tool."
 
   },
   "response_schema": "{ jobs: Array<string|object> }",
@@ -77,7 +78,8 @@ function findJob(_appContext) {
     aliases: ['findJob','find job','find_job'],
     description: description,
     schema: {
-      name: z.string()
+      name: z.string(),
+      _userPrompt: z.string()
     },
     required: ['name'],
     handler: async (params) => {

package/src/urlOpen.js

@@ -0,0 +1,12 @@
+import open from 'open';
+
+async function urlOpen(contexts) {
+  let appHost = process.env.APPHOST || 'localhost';
+  let appPort = process.env.PORT || '8080';
+  let appName = process.env.APPNAME || 'mcpserver';
+  let protocol =  (process.env.HTTPS != null && process.env.HTTPS.toUpperCase() === 'TRUE') ? 'https' : 'http';
+  let urlx = `${protocol}://${appHost}:${appPort}/${appName}`;
+  console.log(`Opening URL: ${urlx}`); 
+  await open(urlx, {wait:true});
+}
+export default urlOpen;