@sassoftware/sas-score-mcp-serverjs 0.2.1-0 → 0.2.2

package/.env

@@ -1,23 +1,14 @@
-
-PORT=8080
-HTTPS=true
-MCPTYPE=http
-USELOGON=FALSE
-USETOKEN=TRUE
-APPNAME=mcpserver
-APPHOST=localhost
-APPPORT=8080
-    
-CLIENTID=mcpserver
-CLIENTSECRET=jellico
-
-AUTHFLOW=sascli
-SAS_CLI_PROFILE=00m
-SAS_CLI_CONFIG=c:\Users\kumar
-SSLCERT=c:\Users\kumar\.tls 
-VIYACERT=c:\Users\kumar\viyaCert
-CAS_SERVER=cas-shared-default
-COMPUTECONTEXT=SAS Job Execution compute context
-SAMESITE=Lax,false
-AUTOSTART=TRUE
-
+PORT=8080
+HTTPS=TRUE
+MCPTYPE=http
+AUTHFLOW=sascli
+CLIENTID=mcpserver
+CLIENTSECRET=jellico
+# VIYA_SERVER= set globally
+SSLCERT=c:\Users\kumar\.tls 
+VIYACERT=c:\Users\kumar\viyaCert\xf1
+CAS_SERVER=cas-shared-default
+# APPNAME defaults to sas-score-mcp-serverjs but you can override it here
+APPNAME=mcpserver
+COMPUTECONTEXT=SAS Job Execution compute context
+SAMESITE=Lax,secure

package/.envx

@@ -0,0 +1,13 @@
+
+PORT=8080
+HTTPS=FALSE
+MCPTYPE=http
+
+AUTHFLOW=sascli
+SAS_CLI_PROFILE=xf1
+SAS_CLI_CONFIG=c:\Users\kumar
+SSLCERT=c:\Users\kumar\.tls 
+VIYACERT=c:\Users\kumar\viyaCert\xf1\viya
+CAS_SERVER=cas-shared-default
+COMPUTECONTEXT=SAS Job Execution compute context
+

package/README.md

@@ -25,7 +25,7 @@ See this [quick reference](sas-mcp-tools-reference.md) for details.
 SAS developers who want to extend the capabilities of the server with their own tools. See the [guide](tool-developer-guide.md) for details.
 
 ## Configuration Variables
-Typically these are set either in the .env file or as environment variables (or both). This is full list of the configuration variables used the mcp server.
+Typically these are set either in the .env file or as environment variables (or both). This is full list of the configuration variables used the mcp server. You will need only a subset of these for the different [transport,authentication] schemes
 
 ```env
 
@@ -33,7 +33,7 @@ Typically these are set either in the .env file or as environment variables (or
 # http is useful for remote mcp servers
 # If running locally, recommend stdio
 
-MCPTYPE=http
+MCPTYPE=<stdio|http>
 
 # Port for http transport(default is 8080)
 
@@ -42,8 +42,7 @@ PORT=8080
 # If transport is http, optionally specify if the server
 # is using http or https
 
-HTTPS=FALSE
-
+HTTPS=TRUE|FALSE
 
 # Viya Authentication
 # The mcp server support different ways to authenticate(see section on Authentication)
@@ -51,9 +50,10 @@ HTTPS=FALSE
 # * sascli * will look for tokens created with sas-viya cli
 # * token * a custom token
 # * password * userid/password 
-# * none *  No aut tokens are created - useful if you want to control authentication
+# * code * Oauth using authorization_code flow(pkce not supported in this release)
+
+AUTHFLOW=sascli|token|password|code
 
-AUTHFLOW=sascli
 SAS_CLI_CONFIG=your-home-directory
 SAS_CLI_PROFILE=your-sas-cli-profile
 
@@ -64,9 +64,11 @@ VIYA_SERVER= your Viya server url
 # if AUTHFLOW=token, specify the file with the token
 TOKENFILE=
 
-# if password flow specify these
+# if password flow or oauth flow specify these
 CLIENTID=
 CLIENTSECRET=
+
+# specify this if password AUTHFLOW
 PASSWORD=
 
 # When HTTPS is TRUE, specify the folder with SSL certificates for the mcp server
@@ -132,43 +134,44 @@ If this is your use case, set the TOKENFILE to a file containing this token.
 
 ### Oauth - (experimental) Authentication handled by the mcp server
 
-In this approach, the mcp client does not participate in the Oauth authentication process. It is handled by the mcp server at startup.
+In this approach, the mcp client does not participate in the Oauth authentication process. It is handled by the mcp server at startup. 
 
-> This is marked as experimental since there can be timing issues between the mcp client and server. This needs to be investigated further.
+> This is marked as experimental since the testing is not complete
 
 #### SAS viya setup.
 
-Create a Oauth client  with the following properties
+Create a Oauth client with the following properties
 
 ```js
 {
-  auth flow: authorization_code
+  auth flow: authorization_code|password
   clientid: <your client id>
   clientsecret: <some client secret - pkce not supported at this time>
-  redirect: https://localhost:8080/mcpserver
+  redirect: https://localhost:8080/mcpserver  
 }
 
 #### Use an .env file as follows(sample values shown)
 
 ```env
+PORT=8080
+AUTHFLOW=code
+SSLCERT=c:\Users\kumar\.tls 
+VIYACERT=c:\Users\kumar\viyaCert
+CAS_SERVER=cas-shared-default
+COMPUTECONTEXT=SAS Job Execution compute context
 
 PORT=8080
 HTTPS=true
 MCPTYPE=http
 USELOGON=FALSE
 USETOKEN=TRUE
-APPNAME=mcpserver
-APPHOST=localhost
-APPPORT=8080
+APPNAME=sas-score-mcp-serverjs
 
 CLIENTID=mcpserver
-CLIENTSECRET=jellico
-AUTHFLOW=code
-SSLCERT=c:\Users\kumar\.tls 
-VIYACERT=c:\Users\kumar\viyaCert
-CAS_SERVER=cas-shared-default
-COMPUTECONTEXT=SAS Job Execution compute context
-SAMESITE=Lax,false
+CLIENTSECRET=xxxxxx
+
+
+# SAMESITE=Lax,secure
 
 ```
 
@@ -296,6 +299,14 @@ The implication of this design choice is felt most when the tool needs is creati
 ## Other Useful Tips
 
 ### mkcert
+
+### Install
+
+1. Visit this [site](https://github.com/FiloSottile/mkcert/releases)
+2. Download the proper version 
+  - rename the file as mkcert (with proper exetension for your os)
+  - move it to a directory that is in the PATH value
+
 To create a self-signed certificate for localhost:
 
 ```sh
@@ -309,7 +320,7 @@ Now go to the location where you want to store the certificates.
 Then create the certificates:
 
 ```sh
-mkcert -key-file key.pem -cert-file crt.pem localhost 127:0.0.1 ::1
+mkcert  localhost 127:0.0.1 ::1
 ```
 
 One last step for windows nodejs users.

package/cli.js

@@ -29,9 +29,9 @@ const __dirname = dirname(fileURLToPath(import.meta.url));
 
 let pkg = fs.readFileSync(__dirname + '/package.json', 'utf8');
 
-if (process.env.ENVFILE === 'NONE') {
+if (process.env.ENVFILE === 'FALSE') {
   //use this when using remote mcp server and no .env file is desired
-  console.error('[Note]: Skipping .env file as ENVFILE is set to NONE...');
+  console.error('[Note]: Skipping .env file as ENVFILE is set to FALSE...');
 } else {
   let envf = __dirname + '\\.env';
   console.error(envf);
@@ -47,6 +47,10 @@ if (process.env.ENVFILE === 'NONE') {
     );
   }
 }
+
+if (process.env.APPHOST == null) {
+  process.env.APPHOST = 'localhost';
+} 
 /********************************* */
 const BRAND = 'sas-score'
 /********************************* */
@@ -144,10 +148,11 @@ const appEnvBase = {
   tlsOpts: null,
   oauthInfo: null,
   contexts: {
+    AUTHFLOW: process.env.AUTHFLOW || 'sascli',
     host: process.env.VIYA_SERVER,
     APPHOST: process.env.APPHOST || 'localhost',
-    APPNAME: process.env.APPNAME || 'mcpServer',
-    PORT: process.env.APPPORT || 8080,
+    APPNAME: process.env.APPNAME || 'sas-score-mcp-serverjs',
+    PORT: process.env.PORT || 8080,
     HTTPS: https,
     store: null, /* for restaf users */
     storeConfig: {},
@@ -167,6 +172,8 @@ const appEnvBase = {
   }
 };
 
+process.env.APPPORT=appEnvBase.PORT;
+
 // setup TLS options for viya calls
 
 console.error('[Note]Viya SSL dir set to: ' + appEnvBase.VIYACERT);

package/devTest/code/.env

@@ -0,0 +1,12 @@
+
+PORT=8080
+HTTPS=FALSE
+MCPTYPE=http
+AUTHFLOW=sascli
+SAS_CLI_PROFILE=xf1
+SAS_CLI_CONFIG=c:\Users\kumar
+SSLCERT=c:\Users\kumar\.tls 
+VIYACERT=c:\Users\kumar\viyaCert\xf1\viya
+CAS_SERVER=cas-shared-default
+COMPUTECONTEXT=SAS Job Execution compute context
+

package/devTest/code/http.mcp.json

@@ -0,0 +1,8 @@
+{
+	"servers": {
+		"sasmcp": {
+			"type": "http",
+			"url": "http://localhost:8080/mcp"
+		}
+	}
+}

package/devTest/http/.env

@@ -0,0 +1,13 @@
+
+PORT=8080
+HTTPS=TRUE
+MCPTYPE=http
+AUTHFLOW=code
+CLIENTID=mcpserver
+CLIENTSECRET=jellico
+# VIYA_SERVER= set globally
+SSLCERT=c:\Users\kumar\.tls 
+VIYACERT=c:\Users\kumar\viyaCert\xf1\viya
+CAS_SERVER=cas-shared-default
+COMPUTECONTEXT=SAS Job Execution compute context
+

package/devTest/http/http.mcp.json

@@ -0,0 +1,8 @@
+{
+	"servers": {
+		"sasmcp": {
+			"type": "http",
+			"url": "http://localhost:8080/mcp"
+		}
+	}
+}

package/devTest/stdio/.env

@@ -0,0 +1,9 @@
+
+MCPTYPE=stdio
+AUTHFLOW=sascli
+SAS_CLI_PROFILE=xf1
+SAS_CLI_CONFIG=c:\Users\kumar
+SSLCERT=c:\Users\kumar\.tls 
+VIYACERT=c:\Users\kumar\viyaCert\xf1\viya
+CAS_SERVER=cas-shared-default
+COMPUTECONTEXT=SAS Job Execution compute context

package/{mcpConfigurations/stdio.json → devTest/stdio/stdio.mcp.json}

@@ -2,18 +2,20 @@
 	"servers": {
 		"sasmcp": {
 			"type": "stdio",
-			"command": "npx",
+			"command": "node",
 			"args": [
-				"@sassoftware/sas-score-mcp-serverjs@latest"
+				"c:\\dev\\github\\sas-score-mcp-serverjs\\cli.js"
 			],
 			"env": {
 				"MCPTYPE": "stdio",
-				"AUTHFLOW": "password", 
-				"SAS_CLI_PROFILE": "cis",
+				"AUTHFLOW": "sascli",
+				"SAS_CLI_PROFILE": "xf1",
 				"SAS_CLI_CONFIG": "c:\\Users\\kumar",
 				"SSLCERT": "c:\\Users\\kumar\\.tls",
+				"VIYACERT": "c:\\Users\\kumar\\viyaCert\\xf1\\viya",
+				"CAS_SERVER": "cas-shared-default",
 				"COMPUTECONTEXT": "SAS Job Execution compute context",
-				"CAS_SERVER": "cas-shared-default"
+				"ENVFILE": "FALSE"
 			}
 		}
 	}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sassoftware/sas-score-mcp-serverjs",
-  "version": "0.2.1-0",
+  "version": "0.2.2",
   "description": "A mcp server for SAS Viya",
   "author": "Deva Kumar <deva.kumar@sas.com>",
   "license": "Apache-2.0",
@@ -18,7 +18,7 @@
     "deploy": "bash ./deploy.sh",
     "push2acr": "bash ./push2acr.sh",
     "bump": "npm version prerelease",
-    "pub": "npm publish --tag alpha --access public"
+    "pub": "npm publish --tag dev --access public"
   },
   "repository": "https://github.com/sassoftware/sas-score-mcp-serverjs",
   "keywords": [
@@ -40,7 +40,7 @@
     "@sassoftware/restaf": "^5.6.0",
     "@sassoftware/restafedit": "^3.11.1-10",
     "@sassoftware/restaflib": "^5.6.0",
-    "@sassoftware/viya-serverjs": "^0.6.1-5",
+    "@sassoftware/viya-serverjs": "^0.6.3-0",
     "axios": "^1.13.2",
     "body-parser": "^2.2.1",
     "cors": "^2.8.5",

package/scripts/viyatls.sh

@@ -0,0 +1,3 @@
+kubectl cp $(kubectl get pod | grep "sas-consul-server-0" | awk -F" " '{print $1}'):security/ca.crt ./ca.crt
+kubectl cp $(kubectl get pod | grep "sas-consul-server-0" | awk -F" " '{print $1}'):security/tls.crt ./tls.crt
+kubectl cp $(kubectl get pod | grep "sas-consul-server-0" | awk -F" " '{print $1}'):security/tls.key ./tls.key

package/src/expressMcpServer.js

@@ -228,7 +228,7 @@ async function expressMcpServer(mcpServer, cache, currentAppEnvContext) {
   let appServer;
 
   // get TLS options
-  if (appEnvBase.HTTPS === true) {
+  if (appEnvBase.HTTPS === 'TRUE') {
     //appEnvBase.tlsOpts = getOpts(appEnvBase);
     if (appEnvBase.tlsOpts == null) {
       appEnvBase.tlsOpts = await getTls(appEnvBase);  

package/src/hapiMcpServer.js

@@ -6,15 +6,20 @@ import appServer from "@sassoftware/viya-serverjs";
 import handleRequest from "./handleRequest.js";
 import handleGetDelete from "./handleGetDelete.js";
 import urlOpen from "./urlOpen.js";
-//import { auth } from "@modelcontextprotocol/sdk/client/auth.js";
+
 
 async function hapiMcpServer(mcpServer, cache, baseAppEnvContext) {
 
-  console.error(appServer);
-  appServer(mcpHandlers, true, 'app', null);
-  if (process.env.AUTOSTART === 'TRUE') {
-    await urlOpen();
+  console.error('Starting Hapi MCP server...');
+  console.error("[Note]: Hapi MCP server started...", baseAppEnvContext.AUTHFLOW);
+ let r = await appServer.asyncCore(mcpHandlers, true, 'app', null);
+ console.error('Hapi server running result:', r);
+  if (baseAppEnvContext.AUTHFLOW === 'code'){
+    await urlOpen(r);
   }
+  return r;
+  
+  // add MCP handlers to the app server
 
   function mcpHandlers() {
     let routes = [

package/src/toolHelpers/getToken.js

@@ -11,20 +11,20 @@ async function getToken(_appContext) {
   if (_appContext.SAS_CLI_CONFIG != null) {
     homedir = _appContext.SAS_CLI_CONFIG;
   }
- console.error(os.platform());
+
   let sep = (os.platform() === 'win32') ? '\\' : '/';
-  console.error('Using sep: ' + sep);
   let credentials = homedir + sep + '.sas' + sep + 'credentials.json';
   let url = homedir + sep + '.sas' + sep + 'config.json';
   console.error('[Note] Using credentials file: ' + credentials);
   console.error('[Note] Using config file: ' + url);
-
+  let profile = (_appContext.SAS_CLI_PROFILE == null || _appContext.SAS_CLI_PROFILE.toLowerCase() === 'default')
+      ? 'Default' : _appContext.SAS_CLI_PROFILE;
+  console.error('[Note] Using SASCLI profile: ' + profile);
   try {
 
     let j = fs.readFileSync(credentials, 'utf8');
     let js = JSON.parse(j);
-    let profile = (_appContext.SAS_CLI_PROFILE == null || _appContext.SAS_CLI_PROFILE.toLowerCase() === 'default')
-      ? 'Default' : _appContext.SAS_CLI_PROFILE;
+    
     let refresh_token = js[profile]['refresh-token'];
     j = fs.readFileSync(url, 'utf8');
     js = JSON.parse(j);

package/src/urlOpen.js

@@ -1,12 +1,13 @@
+/*
+ * Copyright © 2026, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
 import open from 'open';
 
-async function urlOpen(contexts) {
-  let appHost = process.env.APPHOST || 'localhost';
-  let appPort = process.env.PORT || '8080';
-  let appName = process.env.APPNAME || 'mcpserver';
-  let protocol =  (process.env.HTTPS != null && process.env.HTTPS.toUpperCase() === 'TRUE') ? 'https' : 'http';
-  let urlx = `${protocol}://${appHost}:${appPort}/${appName}`;
-  console.log(`Opening URL: ${urlx}`); 
-  await open(urlx, {wait:true});
+async function urlOpen(url) {
+  
+  console.error(`[Note]Opening URL: ${url} for user authentication`); 
+  await open(url, {wait:true});
+  console.error(`[Note] User has closed the informational window after authentication.`);
 }
 export default urlOpen;