@sassoftware/sas-score-mcp-serverjs 0.3.19 → 0.4.1

package/cli.js

@@ -16,14 +16,15 @@ import createMcpServer from './src/createMcpServer.js';
 import fs from 'fs';
 import { randomUUID } from 'node:crypto';
 
-import refreshToken from './src/toolHelpers/refreshToken.js';
-import getOptsViya from './src/toolHelpers/getOptsViya.js';
+//import refreshToken from './src/toolHelpers/refreshToken.js';
+//import getOptsViya from './src/toolHelpers/getOptsViya.js';
+import readCerts from './src/toolHelpers/readCerts.js';
 
 import { fileURLToPath } from 'url';
 import { dirname } from 'path';
 
 import NodeCache from 'node-cache';
-import getOpts from './src/toolHelpers/getOpts.js';
+//import getOpts from './src/toolHelpers/getOpts.js';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 
@@ -70,7 +71,7 @@ console.error(
 // and storage provided by cloud providers
 console.error(process.env.COMPUTECONTEXT);
 debugger;
-let sessionCache = new NodeCache({ stdTTL: 0, checkperiod: 2 * 60, useClones: false });
+let sessionCache = new NodeCache({ stdTTL: 60*60, checkperiod: 2 * 60, useClones: false });
 
 //
 // Load environment variables from .env file if present
@@ -167,6 +168,7 @@ const appEnvBase = {
     casSession: null, /* restaf cas session object */
     computeSession: null, /* restaf compute session object */
     viyaCert: null, /* ssl/tsl certificates to connect to viya */
+    appCert: null,
     logonPayload: null, /* viya logon payload  to connect to viya */
     casServerId: null,
     computeSessonId: null,
@@ -179,10 +181,15 @@ const appEnvBase = {
 process.env.APPPORT=appEnvBase.PORT;
 
 // setup TLS options for viya calls
-
 console.error('[Note]Viya SSL dir set to: ' + appEnvBase.VIYACERT);
-await getOptsViya(appEnvBase); /* appEnvBase.contexts.viyaCert is set here */
-appEnvBase.tlsOpts = getOpts(appEnvBase);
+appEnvBase.contexts.viyaCert = readCerts(appEnvBase.VIYACERT); /* appEnvBase.contexts.viyaCert is set here */
+
+// setup TLS options for app server (expressMcpServer or hapiMcpServer)
+
+console.error('[Note]App SSL dir set to: ' + appEnvBase.SSLCERT);
+appEnvBase.tlsOpts = readCerts(appEnvBase.SSLCERT);
+appEnvBase.contexts.appCert = appEnvBase.tlsOpts; /* just for completeness */
+
 appEnvBase.contexts.storeConfig = {
   casProxy: true,
   options: { ns: null, proxyServer: null, httpOptions: appEnvBase.contexts.viyaCert }
@@ -205,19 +212,7 @@ if (appEnvBase.TOKENFILE != null) {
   }
 }
 
-// handle refresh token flow 
-// use this for testing only. 
-if (appEnvBase.REFRESH_TOKEN != null) {
-  appEnvBase.refreshToken = appEnvBase.REFRESH_TOKEN;
-  appEnvBase.AUTHFLOW = 'refresh';
-  let t = await refreshToken(appEnvBase, { token: appEnvBase.REFRESH_TOKEN, host: appEnvBase.VIYA_SERVER });
-  appEnvBase.contexts.logonPayload = {
-    host: appEnvBase.VIYA_SERVER,
-    authType: 'server',
-    token: t,
-    tokenType: 'Bearer'
-  }
-}
+
 
 // if authflow is cli or code, postpone getting logonPayload until needed
 
@@ -232,12 +227,13 @@ let appEnvTemplate = Object.assign({}, appEnvBase);
 
 sessionCache.set('appEnvTemplate', appEnvTemplate);
 
-let transports = {};
+let transports = {'dummy': null};
 sessionCache.set('transports', transports);
 
 // set this for stdio transport use
 // dummy sessionId for use in the tools  
-let useHapi = process.env.AUTHFLOW === 'code' ? true : false;
+let useHapi = (process.env.USEHAPI === 'TRUE') ? true : false;
+console.error('[Note] appEnvBase is', JSON.stringify(appEnvBase, null,2));
 if (mcpType === 'stdio') {
   let sessionId = randomUUID();
   sessionCache.set('currentId', sessionId);
@@ -249,6 +245,7 @@ if (mcpType === 'stdio') {
 } else {
   console.error('[Note] Starting HTTP MCP server...');
   if (useHapi === true) {
+    process.env.AUTHFLOW = null;;
     await hapiMcpServer(mcpServer, sessionCache, appEnvBase);
     console.error('[Note] Using HAPI HTTP server...')
   } else {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sassoftware/sas-score-mcp-serverjs",
-  "version": "0.3.19",
+  "version": "0.4.1",
   "description": "A mcp server for SAS Viya",
   "author": "Deva Kumar <deva.kumar@sas.com>",
   "license": "Apache-2.0",
@@ -10,7 +10,7 @@
   },
   "type": "module",
   "scripts": {
-    "start": "node  cli.js",
+    "start": "cross-env NODE_TLS_REJECT_UNAUTHORIZED=0 node  cli.js",
     "testi": "cross-env NODE_TLS_REJECT_UNAUTHORIZED=0 npx @modelcontextprotocol/inspector",
     "test": "cd test && node",
     "debug": "cross-env NODE_TLS_REJECT_UNAUTHORIZED=0  node --inspect-brk cli.js",

package/src/expressMcpServer.js

@@ -6,17 +6,14 @@ import express from "express";
 
 import https from "https";
 import cors from "cors";
-//import rateLimit from "express-rate-limit";
-//import helmet from "helmet";
 import bodyParser from "body-parser";
-
 import selfsigned from "selfsigned";
 import openAPIJson from "./openAPIJson.js";
-import fs from "fs";
 
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { randomUUID } from "node:crypto";
 import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
+import tlogon from "./toolHelpers/tlogon.js";
 
 
 // setup express server
@@ -115,14 +112,16 @@ function requireBearer(req, res, next) {
   if (hdr != null) {
     headerCache.bearerToken = hdr.slice(7);
     headerCache.AUTHFLOW = "bearer";
+    console.error("[Note] Using user supplied bearer token for authorization");
   }
 
   // faking out api key since Viya does not support 
   // not ideal for production
   const hdr2 = req.header("X-REFRESH-TOKEN");
   if (hdr2 != null) {
-    headerCache.refreshToken = hdr2;
+    headerCache.REFRESH_TOKEN = hdr2;
     headerCache.AUTHFLOW = "refresh";
+    console.error("[Note] Using user supplied refresh token for authorization");
   }
   cache.set("headerCache", headerCache);
   next();
@@ -132,6 +131,10 @@ function requireBearer(req, res, next) {
 const handleRequest = async (req, res) => {
   let transport;
   let transports = cache.get("transports");
+  if (transports == null) {
+    console.error("[Error] No transports found in cache. Initializing empty transports object.");
+    transports = {'dummy': null };
+  }
   console.error("current transports in cache:", Object.keys(transports)); 
   try {
 
@@ -221,12 +224,15 @@ const handleRequest = async (req, res) => {
 };
 const handleGetDelete = async (req, res) => {
   console.error(req.method, "/mcp called");
+
   const sessionId = req.headers["mcp-session-id"];
+  console.error("Headers:", sessionId);
   console.error("Handling GET/DELETE for session ID:", sessionId);
   let transports = cache.get("transports");
   let transport = (sessionId == null) ? null : transports[sessionId];
+  console.error("Found transport:", transport != null);
   if (!sessionId || transport == null) {
-    res.status(400).send(`[Error] In ${req.method}: Invalid or missing session ID ${sessionId}`);
+    res.status(200).send(`[Error] In ${req.method}: Invalid or missing session ID ${sessionId}`);
     return;
   }
   await transport.handleRequest(req, res);
@@ -248,7 +254,15 @@ app.get("/startup", (_req, res) => {
   }
   return res.status(200).json({ status: "started" });
 });
-
+app.get("/tlogon", async (_req, res) => {
+  console.error(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Testing logon");
+  if (appStatus === false) {
+     return res.status(500).json({ status: "not ready" });
+  }
+  let r = await tlogon(baseAppEnvContext);
+  console.error(r);
+  return res.status(200).json(r);
+});
 app.get("/status", (_req, res) => {
   console.error("Received request for status endpoint. Current app status:", appStatus);
   if (appStatus === false) {
@@ -274,12 +288,12 @@ let appServer;
 
 // get TLS options
 if (appEnvBase.HTTPS === 'TRUE') {
-  //appEnvBase.tlsOpts = getOpts(appEnvBase);
   if (appEnvBase.tlsOpts == null) {
     appEnvBase.tlsOpts = await getTls(appEnvBase);
     console.error(Object.keys(appEnvBase.tlsOpts));
     appEnvBase.tlsOpts.requestCert = false;
     appEnvBase.tlsOpts.rejectUnauthorized = false;
+    appEnvBase.contexts.appCert = appEnvBase.tlsOpts; /* just for completeness */
   }
 
   cache.set("appEnvBase", appEnvBase);

package/src/hapiMcpServer.js

@@ -126,6 +126,44 @@ async function hapiMcpServer(mcpServer, cache, baseAppEnvContext) {
           tags: ["mcp"],
         }
       },
+      {
+        method: ["GET"],
+        path: "/startz",
+        options: {
+          handler: async (req, h) => {
+            let status = { status: (process.env.HEALTH === 'true') ? 'ready' : 'starting' };
+            console.error("startz check requested, returning:", status);
+            if (process.env.HEALTH !== 'true') {
+                return h.response(status).code(200).type('application/json');
+            } else {
+                return h.response(status).code(503).type('application/json');
+            }
+          },
+          auth: false,
+          description: "Help",
+          notes: "Help",
+          tags: ["mcp"],
+        }
+      },
+      {
+        method: ["GET"],
+        path: "/readyz",
+        options: {
+          handler: async (req, h) => {
+            let status = { status: (process.env.HEALTH === 'true') ? 'ready' : 'starting' };
+            console.error("readyz check requested, returning:", status);
+            if (process.env.HEALTH !== 'true') {
+              return h.response(status).code(200).type('application/json');
+            } else {
+              return h.response(status).code(503).type('application/json');
+            }
+          },
+          auth: false,
+          description: "Help",
+          notes: "Help",
+          tags: ["mcp"],
+        }
+      },
       {
         method: ["GET"],
         path: "/apiMeta",

package/src/openAPIJson.js

@@ -1,176 +1,176 @@
-/*
- * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-function openAPIJson(version) {
-  let spec = {
-  "swagger": "2.0",
-  "info": {
-    "title": "sas-score-mcp-serverjs  API",
-    "version": "1.0.0",
-    "description": "sas-score-mcp-serverjs is a mcp server for SAS Viya"
-  },
-  "host": "localhost:8080",
-  "basePath": "/",
-  "schemes": ["http", "https"],
-  "consumes": ["application/json"],
-  "produces": ["application/json"],
-  "paths": {
-    "/health": {
-      "get": {
-        "summary": "Health check",
-        "operationId": "getHealth",
-        "description": "Returns health and version information.",
-        "responses": {
-          "200": {
-            "description": "Health information",
-            "schema": {
-              "type": "object",
-              "properties": {
-                "name": { "type": "string" },
-                "version": { "type": "string" },
-                "description": { "type": "string" },
-                "endpoints": { "type": "object" },
-                "usage": { "type": "string" }
-              }
-            }
-          }
-        }
-      }
-    },
-    "/apiMeta": {
-      "get": {
-        "summary": "API metadata using apiMeta",
-        "operationId": "GetApiMeta",
-        "responses": {
-          "200": {
-            "description": "OpenAPI document",
-            "schema": { "type": "object" }
-          }
-        }
-      }
-    },
-    "/openapi.json": {
-      "get": {
-        "summary": "API metadata using openapi.json",
-        "operationId": "GetOpenApiJson",
-        "description": "Returns the OpenAPI specification for this server.",
-        "responses": {
-          "200": {
-            "description": "OpenAPI document",
-            "schema": { "type": "object" }
-          }
-        }
-      }
-    },
-    "/mcp": {
-      "options": {
-        "summary": "CORS preflight",
-        "operationId": "OptionsMcp",
-        "description": "CORS preflight endpoint.",
-        "responses": {
-          "204": { "description": "No Content" }
-        }
-      },
-      "post": {
-        "summary": "MCP request",
-        "operationId": "PostMcp",
-        "parameters": [
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": { "type": "object" }
-          },
-          {
-            "name": "Authorization",
-            "in": "header",
-            "required": false,
-            "type": "string",
-            "description": "Bearer token for authentication"
-          },
-          {
-            "name": "X-VIYA-SERVER",
-            "in": "header",
-            "required": false,
-            "type": "string",
-            "description": "Override VIYA server"
-          },
-          {
-            "name": "X-REFRESH-TOKEN",
-            "in": "header",
-            "required": false,
-            "type": "string",
-            "description": "Refresh token for authentication"
-          },
-          {
-            "name": "mcp-session-id",
-            "in": "header",
-            "required": false,
-            "type": "string",
-            "description": "Session ID"
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "MCP response",
-            "schema": { "type": "object" }
-          },
-          "500": {
-            "description": "Server error",
-            "schema": { "type": "object" }
-          }
-        }
-      },
-      "get": {
-        "summary": "get MCP session",
-        "operationId": "GetMcp",
-        "description": "Retrieves information for an MCP session.",
-        "parameters": [
-          {
-            "name": "mcp-session-id",
-            "in": "header",
-            "required": true,
-            "type": "string",
-            "description": "Session ID"
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "Session information",
-            "schema": { "type": "object" }
-          },
-          "400": {
-            "description": "Invalid or missing session ID"
-          }
-        }
-      },
-      "delete": {
-        "summary": "Delete MCP session",
-        "operationId": "DeleteMcp",
-        "parameters": [
-          {
-            "name": "mcp-session-id",
-            "in": "header",
-            "required": true,
-            "type": "string",
-            "description": "Session ID"
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "Session deleted",
-            "schema": { "type": "object" }
-          },
-          "400": {
-            "description": "Invalid or missing session ID"
-          }
-        }
-      }
-    }
-  }
-}
-  spec.info.version = version;
-  return spec;
-};
+/*
+ * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+function openAPIJson(version) {
+  let spec = {
+  "swagger": "2.0",
+  "info": {
+    "title": "sas-score-mcp-serverjs  API",
+    "version": "1.0.0",
+    "description": "sas-score-mcp-serverjs is a mcp server for SAS Viya"
+  },
+  "host": "localhost:8080",
+  "basePath": "/",
+  "schemes": ["http", "https"],
+  "consumes": ["application/json"],
+  "produces": ["application/json"],
+  "paths": {
+    "/health": {
+      "get": {
+        "summary": "Health check",
+        "operationId": "getHealth",
+        "description": "Returns health and version information.",
+        "responses": {
+          "200": {
+            "description": "Health information",
+            "schema": {
+              "type": "object",
+              "properties": {
+                "name": { "type": "string" },
+                "version": { "type": "string" },
+                "description": { "type": "string" },
+                "endpoints": { "type": "object" },
+                "usage": { "type": "string" }
+              }
+            }
+          }
+        }
+      }
+    },
+    "/apiMeta": {
+      "get": {
+        "summary": "API metadata using apiMeta",
+        "operationId": "GetApiMeta",
+        "responses": {
+          "200": {
+            "description": "OpenAPI document",
+            "schema": { "type": "object" }
+          }
+        }
+      }
+    },
+    "/openapi.json": {
+      "get": {
+        "summary": "API metadata using openapi.json",
+        "operationId": "GetOpenApiJson",
+        "description": "Returns the OpenAPI specification for this server.",
+        "responses": {
+          "200": {
+            "description": "OpenAPI document",
+            "schema": { "type": "object" }
+          }
+        }
+      }
+    },
+    "/mcp": {
+      "options": {
+        "summary": "CORS preflight",
+        "operationId": "OptionsMcp",
+        "description": "CORS preflight endpoint.",
+        "responses": {
+          "204": { "description": "No Content" }
+        }
+      },
+      "post": {
+        "summary": "MCP request",
+        "operationId": "PostMcp",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "required": true,
+            "schema": { "type": "object" }
+          },
+          {
+            "name": "Authorization",
+            "in": "header",
+            "required": false,
+            "type": "string",
+            "description": "Bearer token for authentication"
+          },
+          {
+            "name": "X-VIYA-SERVER",
+            "in": "header",
+            "required": false,
+            "type": "string",
+            "description": "Override VIYA server"
+          },
+          {
+            "name": "X-REFRESH-TOKEN",
+            "in": "header",
+            "required": false,
+            "type": "string",
+            "description": "Refresh token for authentication"
+          },
+          {
+            "name": "mcp-session-id",
+            "in": "header",
+            "required": false,
+            "type": "string",
+            "description": "Session ID"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "MCP response",
+            "schema": { "type": "object" }
+          },
+          "500": {
+            "description": "Server error",
+            "schema": { "type": "object" }
+          }
+        }
+      },
+      "get": {
+        "summary": "get MCP session",
+        "operationId": "GetMcp",
+        "description": "Retrieves information for an MCP session.",
+        "parameters": [
+          {
+            "name": "mcp-session-id",
+            "in": "header",
+            "required": true,
+            "type": "string",
+            "description": "Session ID"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Session information",
+            "schema": { "type": "object" }
+          },
+          "400": {
+            "description": "Invalid or missing session ID"
+          }
+        }
+      },
+      "delete": {
+        "summary": "Delete MCP session",
+        "operationId": "DeleteMcp",
+        "parameters": [
+          {
+            "name": "mcp-session-id",
+            "in": "header",
+            "required": true,
+            "type": "string",
+            "description": "Session ID"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Session deleted",
+            "schema": { "type": "object" }
+          },
+          "400": {
+            "description": "Invalid or missing session ID"
+          }
+        }
+      }
+    }
+  }
+}
+  spec.info.version = version;
+  return spec;
+};
 export default openAPIJson;

package/src/toolHelpers/getLogonPayload.js

@@ -13,7 +13,7 @@ async function getLogonPayload(_appContext) {
 }
 
 async function igetLogonPayload(_appContext) {
-
+  console.error('[Info] Getting logon payload...',_appContext.AUTHFLOW);
   // Use cached logonPayload if available
   // This will cause timeouts if the token expires
   if (_appContext.contexts.logonPayload != null && _appContext.tokenRefresh !== true) {
@@ -57,12 +57,12 @@ async function igetLogonPayload(_appContext) {
 
   // Use user supplied refresh token-
   if (_appContext.AUTHFLOW === "refresh") {
-    console.error("[Note] Using user supplied refresh token"); 
-    let token = await refreshToken(_appContext,{token: _appContext.refreshToken, host: _appContext.VIYA_SERVER});
+    console.error("[Note] Using user supplied refresh token", _appContext.REFRESH_TOKEN); 
+    let token = await refreshToken(_appContext,{token: _appContext.REFRESH_TOKEN, host: _appContext.VIYA_SERVER});
     let logonPayload = {
       host: _appContext.VIYA_SERVER,
       authType: "server",
-      token: token,
+      token: token, 
       tokenType: "Bearer",
     };
 
@@ -97,8 +97,8 @@ async function igetLogonPayload(_appContext) {
       authType: "password",
       user: _appContext.USERNAME,
       password: _appContext.PASSWORD,
-      clientID: _appContext.CLIENTIDPW,
-      clientSecret: _appContext.CLIENTSECRETPW,
+      clientID: _appContext.CLIENTID,
+      clientSecret: _appContext.CLIENTSECRET,
     };
 
     return logonPayload;

package/src/toolHelpers/getStoreOpts.js

@@ -2,11 +2,10 @@
  * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0
  */
-import getOptsViya from './getOptsViya.js';
 
 function getStoreOpts(_appContext) {
   
-  let opts = getOptsViya(_appContext);
+  let opts = _appContext.contexts.viyaCert;
   let storeOpts = {
     casProxy: true,
     httpOptions: { ...opts, rejectUnauthorized: true }

package/src/toolHelpers/getToken.js

@@ -15,7 +15,6 @@ async function getToken(_appContext) {
   let sep = (os.platform() === 'win32') ? '\\' : '/';
   let credentials = homedir + sep + '.sas' + sep + 'credentials.json';
   let url = homedir + sep + '.sas' + sep + 'config.json';
-  console.error('[Note] Using credentials file: ' + credentials);
   console.error('[Note] Using config file: ' + url);
   let profile = (_appContext.SAS_CLI_PROFILE == null || _appContext.SAS_CLI_PROFILE.toLowerCase() === 'default')
       ? 'Default' : _appContext.SAS_CLI_PROFILE;

package/src/toolHelpers/refreshToken.js

@@ -1,49 +1,51 @@
- /*
- * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
- import { Agent, fetch } from 'undici';
- import getOpts from './getOpts.js';
- async function refreshToken(_appContext,params) {
-  let {host, token} = params;
-    const url = `${host}/SASLogon/oauth/token`;
-    console.error('[Info] Refresh token...', token);
-    let opts = getOpts(_appContext);
-    console.error('opts: ', opts);
-    const agent = new Agent({
-      connect: opts
-    });
-    console.error('[Info] Refreshing token...', token);
-    const body = new URLSearchParams({
-      grant_type: 'refresh_token',
-      refresh_token: token,
-      client_id: 'sas.cli'
+/*
+* Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+* SPDX-License-Identifier: Apache-2.0
+*/
+import { Agent, fetch } from 'undici';
+
+async function refreshToken(_appContext, params) {
+  let { host, token } = params;
+  let url = `${host}/SASLogon/oauth/token`;
+
+  let aconnect = {
+    ca: _appContext.contexts.viyaCert.ca,     // trust this CA
+    rejectUnauthorized: false  // or false, if you really want to bypass checks
+  }
+
+  const agent = new Agent(aconnect);
+
+  console.error('[Info] Refreshing token...', token);
+  const ibody = {
+    grant_type: 'refresh_token',
+    refresh_token: token,
+    client_id: 'sas.cli'
+  };
+
+  let body = new URLSearchParams(ibody);
+  try {
+    const response = await fetch(url, {
+      method: 'POST',
+      headers: {
+        'Accept': 'application/json',
+        'Content-Type': 'application/x-www-form-urlencoded',
+        dispatcher: agent
+      },
+      body: body.toString()
     });
-    
-    try {
-      const response = await fetch(url, {
-        method: 'POST',
-        headers: {
-          'Accept': 'application/json',
-          'Content-Type': 'application/x-www-form-urlencoded',
-          dispatcher: agent
-        },
-        body: body.toString()
-      });
-
-      if (!response.ok) {
-        const error = await response.text();
-        console.error('[Error] Failed to refresh token: ', error);
-        throw new Error(error);
-      }
-
-      const data = await response.json();
-      console.error('[Info] Token refreshed successfully: ', data.access_token);
-      return data.access_token;
-    } catch (err) {
-      console.error('[Error] Failed to refresh token: ', err);
-      throw err;
+
+    if (!response.ok) {
+      const error = await response.text();
+      console.error('[Error] Failed to refresh token: ', error);
+      throw new Error(error);
     }
+
+    const data = await response.json();
+    return data.access_token;
+  } catch (err) {
+    console.error('[Error] Failed to refresh token: ', err);
+    throw err;
   }
-  
-  export default refreshToken;
+}
+
+export default refreshToken;

package/src/toolHelpers/refreshTokenOauth.js

@@ -3,11 +3,11 @@
  * SPDX-License-Identifier: Apache-2.0
  */
  import { Agent, fetch } from 'undici';
- import getOpts from './getOpts.js';
+ //import getOpts from './getOpts.js';
  async function refreshTokenOauth(_appContext, oauthInfo ){
  
     const url = `${process.env.VIYA_SERVER}/SASLogon/oauth/token`;
-    let opts = getOpts(_appContext);
+    let opts = _appContext.contexts.appCert;
 
     const agent = new Agent({
       connect: opts

package/src/toolHelpers/tlogon.js

@@ -0,0 +1,9 @@
+import getLogonPayload from "./getLogonPayload.js";
+
+async function tlogon(_appContext) {
+    console.error('[Info] Starting tlogon...');
+    let r = await getLogonPayload(_appContext);
+    console.error('[Info] tlogon completed');
+    return r;
+}
+export default tlogon;

package/src/toolSet/devaScore.js

@@ -38,7 +38,7 @@ Disambiguation & Clarification
 Examples (→ mapped params)
 - "Calculate deva score for 5 and 10" → { a: 5, b: 10 } returns 630
 - "Score 1 and 2" → { a: 1, b: 2 } returns 126
-- For multiple numbers, chain calls: deva(1,2)→126, then deva(126,3)→5418
+- For multiple numbers, chain calls: devaScore(1,2)→126, then devaScore(126,3)→5418
 
 Negative Examples (should NOT call deva-score)
 - "Score this customer with the credit model" (use model-score instead)
@@ -58,11 +58,11 @@ For sequences of numbers, use a left-to-right fold: call devaScore(first, second
             a: z.number(),
             b: z.number()
         },
-        handler: async ({ a, b,_appContext }) => {
+        handler: async ({ a, b }) => {
             console.error( a, b);
-            return { content: [{ type: 'text', 
-                text: String((a + b) * 42) }] }
+            return `MagicScore ${ (a + b) * 42 }`;
         }
+        
     }
     return spec;
 }

package/src/toolHelpers/getOpts.js

@@ -1,51 +0,0 @@
-/**
- * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-/**
- * Helper function to get TLS options(for the app server) from specified directory
- * signed certificates 
- * for testing you can use mkcert
- * if this function return a null, coreehttp will create unsigned certs
- * @param {Object} _appContext - Application context containing SSLCERT property
- */
-
-import readCerts from './readCerts.js';
-function getOpts(_appContext) {
-
-    if (_appContext.tlsOpts != null) {
-        return _appContext.tlsOpts;
-    }
-    let r = readCerts(_appContext.SSLCERT);
-    _appContext.tlsOpts = r;
-    return r;
-
-
-    /*
-    let tlsdir = _appContext.SSLCERT;
-    if (tlsdir == null || tlsdir === 'NONE') {
-        return null;
-    }
-
-    console.error("[Note] Using TLS dir: " + tlsdir);
-    if (fs.existsSync(tlsdir) === false) {
-        console.error("[Warning] Specified TLS dir does not exist: " + tlsdir);
-        return null;
-    }
-
-    let listOfFiles = fs.readdirSync(tlsdir);
-    console.error("[Note] TLS/SSL files found: " + listOfFiles);
-    let options = {};
-    for(let i=0; i < listOfFiles.length; i++) {
-        let fname = listOfFiles[i];
-        let name = tlsdir + '/' + listOfFiles[i];
-        let key = fname.split('.')[0];
-        options[key] = fs.readFileSync(name, { encoding: 'utf8' });
-    }
-    console.error('TLS FILES', Object.keys(options));
-    _appContext.tlsOpts = options;
-    return options;
-    */
-
-}
-export default getOpts;

package/src/toolHelpers/getOptsViya.js

@@ -1,44 +0,0 @@
-/**
- * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-import readCerts from './readCerts.js';
-function getOptsViya(_appContext) {
-
-    if (_appContext.contexts.viyaCert != null) {
-        console.error('[Note] Using cached viyaOpts');
-        return _appContext.contexts.viyaCert;
-    }
-    let r = readCerts(_appContext.VIYACERT);
-    _appContext.contexts.viyaCert = r;
-    return r;
-
-    /*
-    let tlsdir = _appContext.VIYACERT;
-    if (tlsdir == null || tlsdir === 'NONE') {
-        return {};
-    }
-
-    console.error(`[Note] Using VIYACERT dir: ` + tlsdir);
-    if (fs.existsSync(tlsdir) === false) {
-        console.error("[Warning] Specified VIYACERT dir does not exist: " + tlsdir);
-        return {};
-    }
-
-    let listOfFiles = fs.readdirSync(tlsdir);
-    console.error("[Note] TLS/SSL files found: " + listOfFiles);
-    let options = {};
-    for(let i=0; i < listOfFiles.length; i++) {
-        let fname = listOfFiles[i];
-        let name = tlsdir + '/' + listOfFiles[i];
-        let key = fname.split('.')[0];
-        console.error('Reading TLS file: ' + name + ' as key: ' + key);
-        options[key] = fs.readFileSync(name, { encoding: 'utf8' });
-    }
-    console.error('VIYACERT FILES', Object.keys(options));
-    _appContext.contexts.viyaCert = options;
-    return options;
-    */
-
-}
-export default getOptsViya;