@sassoftware/sas-score-mcp-serverjs 0.4.1-1 → 0.4.1-15

package/src/oauthHandlers/authorize.js

@@ -0,0 +1,46 @@
+//authorize
+import { randomBytes, createHash } from "node:crypto";
+import baseUrl from "./baseUrl.js";
+
+function authorize(req, res, appContext, pkceStore, codeStore) {
+    const { response_type, redirect_uri, state, scope } = req.query;
+    console.error("===============================================================");
+    if (appContext.AUTHEXTERNAL === true) {
+        console.error('*************************************************************');
+        console.error("[Error] Received request for /authorize endpoint with external authorization expected");
+        console.error('*************************************************************');
+    }
+    console.error("[NOTE] query parameters:", { response_type, redirect_uri, state, scope });
+    if (response_type !== "code") {
+        return res.status(400).json({ error: "unsupported_response_type" });
+    }
+    if (!redirect_uri) {
+        return res.status(400).json({ error: "invalid_request", error_description: "redirect_uri is required" });
+    }
+
+    const codeVerifier = randomBytes(64).toString("base64url");
+    const codeChallenge = createHash("sha256").update(codeVerifier).digest("base64url");
+    const ourState = randomBytes(16).toString("hex");
+
+    pkceStore.set(ourState, { codeVerifier, clientRedirectUri: redirect_uri, clientState: state, codeChallenge });
+
+    const callbackUri = appContext.mcpHost + '/callback';
+    console.error("[Note] callbackUri:", callbackUri);
+    let urlConfig = {
+        response_type: "code",
+        client_id: appContext.CLIENTID,
+        redirect_uri: callbackUri,
+        scope: "openid",
+        state: ourState,
+        code_challenge: codeChallenge,
+        code_challenge_method: "S256"
+    }
+    if (appContext.PKCE !== "TRUE") {
+        urlConfig.client_secret = appContext.CLIENTSECRET;
+    }
+    console.error("[Note] Params for SAS Viya authorization request:", urlConfig);
+    const params = new URLSearchParams(urlConfig);
+    console.error("================================================================");
+    return res.redirect(`${appContext.VIYA_SERVER}/SASLogon/oauth/authorize?${params}`);
+}
+export default authorize;

package/src/oauthHandlers/baseUrl.js

@@ -0,0 +1,8 @@
+function baseUrl(appContext) {
+    const protocol = appContext.HTTPS === "TRUE" ? "https" : "http";
+    //const host = "localhost";
+    const host = appContext.VIYA_SERVER;
+    return host;
+    return `${protocol}://${host}:${appContext.PORT}`;
+}
+export default baseUrl;

package/src/oauthHandlers/callback.js

@@ -0,0 +1,93 @@
+import baseUrl from "./baseUrl.js";
+import { Agent, fetch as undiciFetch } from "undici";
+import { randomUUID } from "node:crypto";
+async function callback(req, res, pkceStore, codeStore, appContext) {
+  console.error("===============================================================");
+  console.error("[Note] OAuth callback");
+  console.error(req.query);
+  const {code, state} = req.query;
+
+  console.error("[Note] query parameters:", code, state);
+  if (!code) {  
+    return res.status(400).send("Missing code parameter");
+  }
+
+  const pending = pkceStore.get(state);
+  if (!pending) {
+    return res.status(400).send("Invalid or expired state parameter");
+  }
+  pkceStore.delete(state);
+
+  // const callbackUri = `${baseUrl(appContext)}/callback`;
+  const callbackUri = appContext.mcpHost + '/callback';
+  console.error("[Note] callbackUri for token exchange:", callbackUri);
+  try {
+    const body = new URLSearchParams({
+      grant_type: "authorization_code",
+      client_id: appContext.CLIENTID,
+      code: code,
+      redirect_uri: callbackUri,
+      code_verifier: pending.codeVerifier
+    }).toString();
+   
+    console.error("[Note] Token request body:", body.toString());
+    let connectOpts = {
+      ca: appContext.contexts.viyaCert.ca,     // trust this CA
+      rejectUnauthorized: false  // or false, if you really want to bypass checks
+    }
+    const agent = new Agent({ connect: connectOpts });
+    console.error("[Note] Initiating token exchange with SAS Viya");
+    let clientID= appContext.CLIENTID;
+    let h = buildBasicAuthFromClientId(clientID);
+    console.error("[Note] Authorization header for token request:", h);
+    const response = await undiciFetch(`${appContext.VIYA_SERVER}/SASLogon/oauth/token`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        "Accept": "application/json"
+      },
+      body: body,
+      dispatcher: agent,
+    });
+
+    if (!response.ok) {
+      const errText = await response.text();
+      console.error("[Error] SAS Viya token exchange failed:", errText);
+      return res.status(502).send("Token exchange with SAS Viya failed");
+    }
+
+    const tokens = await response.json();
+    console.error("[Note] Received tokens from SAS Viya:", tokens);
+    const ourCode = randomUUID();
+    codeStore.set(ourCode, {
+      access_token: tokens.access_token,
+      refresh_token: tokens.refresh_token,
+      expires_in: tokens.expires_in,
+    });
+
+    const redirectParams = new URLSearchParams({ code: ourCode , state: pending.clientState});
+    //pending.clientState is the original state from the MCP client, which we should pass back to it for correlation
+
+    // pending.clientRedirectUri is the original redirect URI from the MCP client, 
+    // which was part of the payload from the client to /oauth/authorize
+    // we trust since it was associated with the valid PKCE state
+    console.error("[Note] OAuth callback complete, redirecting to MCP client");
+    console.log(pending.clientRedirectUri.toString())
+    return res.redirect(`${pending.clientRedirectUri}?${redirectParams}`);
+  } catch (err) {
+    console.error("[Error] OAuth callback handler error:", err);
+    return res.status(500).send("Internal server error during token exchange");
+  }
+
+  function buildBasicAuthFromClientId(clientId) {
+    const raw = `${clientId}:`;   // empty client_secret
+    const encoded =
+      typeof btoa === "function"
+        ? btoa(raw)
+        : Buffer.from(raw).toString("base64");
+
+    return `Basic ${encoded}`;
+  }
+
+}
+export default callback;

package/src/oauthHandlers/getMetadata.js

@@ -0,0 +1,27 @@
+import baseUrl from "./baseUrl.js";
+function getMetadata(req, res, appEnvContext) {
+    let base = '';
+    let host = '';
+    if (appEnvContext.AUTHEXTERNAL === true) {
+        base = appEnvContext.VIYA_SERVER + '/SASLogon';
+        host = appEnvContext.VIYA_SERVER;
+    } else {
+        base = appEnvContext.mcpHost;
+        host = appEnvContext.mcpHost;
+    } 
+    console.error(`[Note] Base URL for Authorization Server Metadata: ${base}`);
+    let metadata = {
+        "issuer": host,
+        "authorization_endpoint": `${base}/oauth/authorize`,
+        "token_endpoint": `${base}/oauth/token`,
+        "response_types_supported": ["code"],
+        "grant_types_supported": ["authorization_code", "refresh_token"],
+        "code_challenge_methods_supported": ["S256"],
+        "scopes_supported": ["openid"]
+    };
+    console.error("===============================================================");
+    console.error("[Note] Authorization Server Metadata:", metadata);
+    console.error("===============================================================");
+    return metadata;
+};
+export default getMetadata;

package/src/oauthHandlers/index.js

@@ -0,0 +1,7 @@
+import authorize from "./authorize.js";
+import callback from "./callback.js";   
+import token from "./token.js";
+import getMetadata from "./getMetadata.js";
+import baseUrl from "./baseUrl.js";
+
+export { authorize, callback, token, getMetadata, baseUrl };

package/src/oauthHandlers/token.js

@@ -0,0 +1,37 @@
+function token(req, res, appContext, codeStore, cache) {
+  console.error("===============================================================");
+  console.error("[Note] at /token endpoint");
+  console.error("[Note] Request headers:", req.headers);
+  console.error("[Note] Handling token request with body:", req.body);
+
+  const { grant_type, code } = req.body;
+  console.error("[Note] OAuth token request received for code:", code);
+  console.error("[Note] Grant type:", grant_type);
+
+  const tokenData = codeStore.get(code);
+  if (!tokenData) {
+    return res.status(400).json({ error: "Invalid_code", error_description: "Invalid or expired authorization code" });
+  }
+  console.error("[Note] Retrieved token data for code:", Object.keys(tokenData));
+ 
+  let payload = {
+    access_token: code, // tokenData.access_token,
+    token_type: "Bearer",
+    expires_in: tokenData.expires_in,
+    scope: "openid" // You can include scopes if you have them, e.g., tokenData.scope
+   // scope: tokenData.scope,
+  };
+  let tokenlist = cache.get("tokenlist");
+  tokenData.refreshAt = Date.now() + tokenData.expires_in * 1000; // Set refresh time based on expires_in
+  tokenlist[code] = tokenData;
+  cache.set("tokenlist", tokenlist);
+
+  codeStore.delete(code); // Invalidate the code after use
+  console.error("[Note] Returning token to client");
+  console.error("[Note] Token sent to client:", JSON.stringify(payload, null, 2));
+ 
+  console.error("============================================================")
+  return res.status(200).json(payload);
+}
+
+export default token;

package/src/processHeaders.js

@@ -0,0 +1,88 @@
+import { start } from "node:repl";
+
+/*
+ * Copyright © 2026, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import baseUrl from "./oauthHandlers/baseUrl.js";
+function processHeaders(req, res, next, cache, appContext) {
+
+  // process any new header information
+  debugger;
+  console.error("=======================================================");
+  console.error("Processing headers for incoming request to /mcp endpoint");
+  // Allow different VIYA server per sessionid(user)
+  cache.del("headerCache");
+  let headerCache = {};
+  if (req.header("X-VIYA-SERVER") != null) {
+    console.error("[Note] Using user supplied VIYA server");
+    headerCache.VIYA_SERVER = req.header("X-VIYA-SERVER");
+  }
+
+  // fakeapi key since Viya does not support it
+  // not ideal for production, just for testing
+  const hdr2 = req.header("X-REFRESH-TOKEN");
+  if (hdr2 != null) {
+    headerCache.REFRESH_TOKEN = hdr2;
+    headerCache.AUTHFLOW = "refresh";
+    console.error("[Note] Using user supplied refresh token for authorization");
+  }
+
+  // Oauth flow
+  const hdr = req.header("Authorization");
+  //for now, ignore Authorization if authflow is not bearer
+  let token = (hdr != null) ? hdr.slice(7) : null;
+  //console.error("[Note] Authorization token", token);
+  debugger;
+  console.log('>>>',appContext.AUTHFLOW);
+  if (appContext.AUTHFLOW === 'bearer') {
+    debugger;
+    let startAuth = false;
+    console.error("[Note] appContext.AUTHEXTERNAL:", appContext.AUTHEXTERNAL);
+    if (appContext.AUTHEXTERNAL === true) {
+      console.error("[Note] Expecting external authorization"); 
+      if (token != null) {
+        console.error("[Note] Using user supplied token for authorization");
+        headerCache.bearerToken = token;
+      } else {
+        startAuth = true;
+      }
+    } else  if (token == null) {
+      console.error("[Note] No Authorization token provided in header.");
+       startAuth = true;
+    } else {
+      console.error("[Note] Checking token against cache", token);
+      let tokenlist = cache.get("tokenlist");
+      let tokenData = tokenlist[token];
+      if (tokenData == null) {
+        return res.status(403).json({
+          error: "unauthorized",
+          error_description: "[Error] Expired token. Clear token and try again."
+        });
+      } else {
+        token = tokenData.access_token;
+        headerCache.bearerToken = token;
+      }
+    }
+    if (startAuth === true) {
+      // start oauth flow process
+      console.error(`[Note] No Authorization header provided.
+                            Returning 401 to start the OAuth flow`); 
+      const base = appContext.mcpHost;
+      res.set(
+        "WWW-Authenticate",
+        `Bearer resource_metadata="${base}/.well-known/oauth-authorization-server", scope="openid"`
+      );
+      return res.status(401).json({
+        error: "unauthorized",
+        error_description: "Bearer token required."
+      });
+      // start auth flow process since no token provided in header and we are not configured for external token
+    }
+  }
+ // console.error("Header cache after processing:", headerCache);
+  cache.set("headerCache", headerCache);
+  next();
+}
+
+export default processHeaders;

package/src/toolHelpers/_listLibrary.js

@@ -12,7 +12,6 @@ async function _listLibrary(params) {
  
   const _ilistLibrary = async (params) => {
     let { server, limit, start, name, _appContext } = params;
-    console.error(_appContext);
     let config = {
       casServerName: _appContext.cas,
       computeContext: _appContext.sas,

package/src/toolHelpers/getLogonPayload.js

@@ -53,7 +53,6 @@ async function igetLogonPayload(_appContext) {
       token: _appContext.bearerToken,
       tokenType: "Bearer",
     };
-    console.error("[Note] Bearer token in logonPayload ", _appContext.bearerToken);
     return logonPayload;
   }
 
@@ -122,4 +121,9 @@ async function igetLogonPayload(_appContext) {
     return null;
   }
 }
+
+function isExpired(expiresAt, skewSeconds = 60) {
+  return Date.now() >= (expiresAt - skewSeconds * 1000);
+}
+
 export default getLogonPayload;

package/src/toolHelpers/refreshTokenOauth.js

@@ -6,7 +6,7 @@
  //import getOpts from './getOpts.js';
  async function refreshTokenOauth(_appContext, oauthInfo ){
  
-    const url = `${process.env.VIYA_SERVER}/SASLogon/oauth/token`;
+   const url = `${_appContext.VIYA_SERVER}/SASLogon/oauth/token`;
     let opts = _appContext.contexts.appCert;
 
     const agent = new Agent({
@@ -23,10 +23,10 @@
     try {
       const response = await fetch(url, {
         method: 'POST',
+        dispatcher: agent,
         headers: {
           'Accept': 'application/json',
-          'Content-Type': 'application/x-www-form-urlencoded',
-          dispatcher: agent
+          'Content-Type': 'application/x-www-form-urlencoded'
         },
         body: body.toString()
       });

package/src/toolSet/.claude/settings.local.json

@@ -0,0 +1,13 @@
+{
+  "permissions": {
+    "allow": [
+      "mcp__sasmcp__sas-score-deva-score",
+      "mcp__sasmcp__sas-score-find-model",
+      "mcp__sasmcp__sas-score-model-info",
+      "Bash(cp \"C:/dev/github/7-skill-integration/.claude/skills/sas-read-and-score/SKILL.md\" \"C:/dev/github/7-skill-integration/skills/sas-read-and-score/SKILL.md\")",
+      "Bash(cp \"C:/dev/github/7-skill-integration/.claude/skills/sas-read-strategy/SKILL.md\" \"C:/dev/github/7-skill-integration/skills/sas-read-strategy/SKILL.md\")",
+      "Bash(cp \"C:/dev/github/7-skill-integration/.claude/skills/sas-score-workflow/SKILL.md\" \"C:/dev/github/7-skill-integration/skills/sas-score-workflow/SKILL.md\")",
+      "WebSearch"
+    ]
+  }
+}

package/src/toolSet/devaScore.js

@@ -1,61 +1,61 @@
-/*
- * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-import { z } from 'zod';
-
-function devaScore(_appContext) {
-
-    let description = `
-deva-score — compute a numeric score based on two input values.
-
-USE when: calculate deva score, score these values, compute score for numbers
-DO NOT USE for: model scoring (use model-score), statistical calculations, data lookup
-
-PARAMETERS
-- a: number (required) — first input value
-- b: number (required) — second input value
-
-FORMULA: (a + b) * 42
-
-ROUTING RULES
-- "calculate deva score for 5 and 10" → { a: 5, b: 10 }
-- "score 1 and 2" → { a: 1, b: 2 }
-- "deva score a=3, b=7" → { a: 3, b: 7 }
-- Multiple numbers → chain calls left-to-right: call(first, second), then call(result, third)
-
-EXAMPLES
-- "Calculate deva score for 5 and 10" → { a: 5, b: 10 } returns 630
-- "Score 1 and 2" → { a: 1, b: 2 } returns 126
-- "Deva score 20 and 30" → { a: 20, b: 30 } returns 2100
-
-NEGATIVE EXAMPLES (do not route here)
-- "Score this customer with credit model" (use model-score)
-- "Calculate the mean of these values" (use run-sas-program or sas-query)
-- "Statistical analysis of numbers" (use sas-query)
-
-RESPONSE
-Returns { score: (a + b) * 42 }
-    `;
-    let spec = {
-        name: 'deva-score',
-        description: description,
-        inputSchema: z.object({
-            a: z.number(),
-            b: z.number()
-        }),
-        handler: async ({ a, b }) => {
-            console.error(a, b);
-            let r = { score: (a + b) * 42 };
-            console.error('deva score result', r);
-            return {
-                content: [{ type: 'text', text: 'deva score result: ' + JSON.stringify(r) }],
-                structuredContent: r
-            };
-        }
-    }
-
-    return spec;
-}
-export default devaScore;
-
+/*
+ * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { z } from 'zod';
+
+function devaScore(_appContext) {
+
+    let description = `
+deva-score — compute a numeric score based on two input values.
+
+USE when: calculate deva score, score these values, compute score for numbers
+DO NOT USE for: model scoring (use model-score), statistical calculations, data lookup
+
+PARAMETERS
+- a: number (required) — first input value
+- b: number (required) — second input value
+
+FORMULA: (a + b) * 42
+
+ROUTING RULES
+- "calculate deva score for 5 and 10" → { a: 5, b: 10 }
+- "score 1 and 2" → { a: 1, b: 2 }
+- "deva score a=3, b=7" → { a: 3, b: 7 }
+- Multiple numbers → chain calls left-to-right: call(first, second), then call(result, third)
+
+EXAMPLES
+- "Calculate deva score for 5 and 10" → { a: 5, b: 10 } returns 630
+- "Score 1 and 2" → { a: 1, b: 2 } returns 126
+- "Deva score 20 and 30" → { a: 20, b: 30 } returns 2100
+
+NEGATIVE EXAMPLES (do not route here)
+- "Score this customer with credit model" (use model-score)
+- "Calculate the mean of these values" (use run-sas-program or sas-query)
+- "Statistical analysis of numbers" (use sas-query)
+
+RESPONSE
+Returns { score: (a + b) * 42 }
+    `;
+    let spec = {
+        name: 'deva-score',
+        description: description,
+        inputSchema: z.object({
+            a: z.number(),
+            b: z.number(),
+        }),
+        handler: async ({ a, b }) => {
+            console.error(a, b);
+            let r = { score: (a + b) * 42 };
+            console.error('deva score result', r);
+            return {
+                content: [{ type: 'text', text: 'deva score result: ' + JSON.stringify(r) }],
+                structuredContent: r
+            };
+        }
+    }
+
+    return spec;
+}
+export default devaScore;
+

package/src/toolSet/findJob.js

@@ -42,7 +42,7 @@ Returns { jobs: [] } if not found; { jobs: [name, ...] } if found. Never halluci
     name: 'find-job',
     description: description,
     inputSchema: z.object({
-      name: z.string(),
+      name: z.string()
     }),
     handler: async (params) => {
       let r = await _listJobs(params);

package/src/toolSet/findJobdef.js

@@ -51,7 +51,7 @@ Returns { jobdefs: [] } if not found; { jobdefs: [name, ...] } if found. Never h
     name: 'find-jobdef',
     description: description,
     inputSchema: z.object({
-      name: z.string()
+        name: z.string()
     }),
     handler: async (params) => {
       let r = await _listJobdefs(params);
@@ -61,4 +61,4 @@ Returns { jobdefs: [] } if not found; { jobdefs: [name, ...] } if found. Never h
   return spec;
 }
 export default findJobdef;
-
+

package/src/toolSet/findLibrary.js

@@ -1,67 +1,68 @@
-/*
- * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-import { z } from 'zod';
-import _listLibrary from '../toolHelpers/_listLibrary.js';
-function findLibrary(_appContext) {
-  
-  let description = `
-find-library — locate a specific CAS or SAS library.
-
-USE when: find library, find lib, does library exist, is library available, lookup library
-DO NOT USE for: list libraries (use list-libraries), find table/job/jobdef/model (use respective tools), table structure (use table-info), create library (use run-sas-program)
-
-PARAMETERS
-- name: string (required) — library/caslib name; if multiple supplied, use first
-- server: 'cas' | 'sas' (default: 'cas') — target environment
-
-ROUTING RULES
-- "find lib <name>" → { name: "<name>", server: "cas" }
-- "find lib <name> in cas" → { name: "<name>", server: "cas" }
-- "find library <name> in sas" → { name: "<name>", server: "sas" }
-- "does library <name> exist" → { name: "<name>", server: "cas" }
-- "find lib" with no name → ask "Which library name would you like to find?"
-- "list libraries / list libs" → use list-libraries instead
-- "tables in <lib>" → use list-tables instead
-
-EXAMPLES
-- "find lib Public" → { name: "Public", server: "cas" }
-- "find library sasuser in sas" → { name: "sasuser", server: "sas" }
-- "does library Formats exist" → { name: "Formats", server: "cas" }
-
-NEGATIVE EXAMPLES (do not route here)
-- "list libs" (use list-libraries)
-- "show tables in Public" (use list-tables)
-- "find table cars in sashelp" (use find-table)
-- "find job cars_job" (use find-job)
-
-ERRORS
-Returns { libraries: [] } if not found; { libraries: [name, ...] } if found. Never hallucinate library names.
-  `;
-
-  let spec = {
-    name: 'find-library',
-    description: description,
-    inputSchema: z.object({
-      name: z.string(),
-      server: z.string()
-    }),
-    handler: async (params) => {
-      // normalize server to lowercase & default
-      if (!params.server) params.server = 'cas';
-      params.server = params.server.toLowerCase();
-
-      // If multiple names passed (comma or space separated), take the first token (defensive)
-      if (params.name && /[,\s]+/.test(params.name.trim())) {
-        params.name = params.name.split(/[,\s]+/).filter(Boolean)[0];
-      }
-
-      let r = await _listLibrary(params);
-      return r;
-    }
-  }
-  return spec;
-}
-export default findLibrary;
-
+/*
+ * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { z } from 'zod';
+import _listLibrary from '../toolHelpers/_listLibrary.js';
+function findLibrary(_appContext) {
+  
+  let description = `
+find-library — locate a specific CAS or SAS library.
+
+USE when: find library, find lib, does library exist, is library available, lookup library
+DO NOT USE for: list libraries (use list-libraries), find table/job/jobdef/model (use respective tools), table structure (use table-info), create library (use run-sas-program)
+
+PARAMETERS
+- name: string (required) — library/caslib name; if multiple supplied, use first
+- server: 'cas' | 'sas' (default: 'cas') — target environment
+
+ROUTING RULES
+- "find lib <name>" → { name: "<name>", server: "cas" }
+- "find lib <name> in cas" → { name: "<name>", server: "cas" }
+- "find library <name> in sas" → { name: "<name>", server: "sas" }
+- "does library <name> exist" → { name: "<name>", server: "cas" }
+- "find lib" with no name → ask "Which library name would you like to find?"
+- "list libraries / list libs" → use list-libraries instead
+- "tables in <lib>" → use list-tables instead
+
+EXAMPLES
+- "find lib Public" → { name: "Public", server: "cas" }
+- "find library sasuser in sas" → { name: "sasuser", server: "sas" }
+- "does library Formats exist" → { name: "Formats", server: "cas" }
+
+NEGATIVE EXAMPLES (do not route here)
+- "list libs" (use list-libraries)
+- "show tables in Public" (use list-tables)
+- "find table cars in sashelp" (use find-table)
+- "find job cars_job" (use find-job)
+
+ERRORS
+Returns { libraries: [] } if not found; { libraries: [name, ...] } if found. Never hallucinate library names.
+  `;
+
+  let spec = {
+    name: 'find-library',
+    description: description,
+    inputSchema: z.object({
+      name: z.string(),
+      server: z.string().optional()
+    }),
+    
+    handler: async (params) => {
+      // normalize server to lowercase & default
+      if (!params.server) params.server = 'cas';
+      params.server = params.server.toLowerCase();
+
+      // If multiple names passed (comma or space separated), take the first token (defensive)
+      if (params.name && /[,\s]+/.test(params.name.trim())) {
+        params.name = params.name.split(/[,\s]+/).filter(Boolean)[0];
+      }
+
+      let r = await _listLibrary(params);
+      return r;
+    }
+  }
+  return spec;
+}
+export default findLibrary;
+