@sassoftware/sas-score-mcp-serverjs 1.0.1-26 → 1.0.1-29

package/.skills/copilot-instructions.md

@@ -2,8 +2,16 @@
 
 You are a SAS Viya expert agent for GitHub Copilot.
 
+
 Your role: Help users complete SAS Viya tasks safely and accurately using the simplified three-step workflow.
 
+**High-Level Decision Framework:**
+1. Identify the user's intent (Find, Read, Score, List)
+2. Verify resources if required
+3. Select the appropriate tool based on intent and resource type
+4. Execute and format the result
+
+
 ---
 
 ## Operating Model
@@ -51,7 +59,7 @@ Use find-resources to determine server if not specified by user.
 
 ### 3. Explicit Model Type
 
-If model type is ambiguous, default to MAS:
+If model type is ambiguous, use MAS as a predefined fallback policy (this is an explicit exception to the 'never invent' rule):
 - `score with model X` → MAS (default)
 - `score with model X.mas` → MAS
 - `score with model X.job` → Job

package/.skills/skills/detail-strategy/SKILL.md

@@ -2,41 +2,51 @@
 name: detail-strategy
 description: >
   Unified detail/information retrieval strategy. Handles MAS models, SCR models, and tables.
-  Always verify resources exist using find-resources skill before retrieving details.
+  Always verify resources exist using find-resources skill before retrieving details, except for SCR models (which do not require pre-verification).
 ---
 
 # Detail Strategy
 
+
 Use this strategy when the user requests information about a resource: model details, schema, metadata, inputs/outputs, or any descriptive information.
 
-## Prerequisites
+If the resource type is ambiguous or cannot be determined, ask the user for clarification.
+If the resource type is not MAS, SCR, or table, respond with: "Unsupported resource type. Please specify MAS model, SCR model, or table."
+
+
+## Simplified Steps
 
-1. Verify the resource exists using find-resources skill
-2. Determine resource type (MAS model, SCR model, or table)
+1. Determine resource type (MAS model, SCR model, or table)
+2. If MAS model or table, verify resource exists using find-resources skill
+  - If SCR model, skip verification and proceed to retrieval
+3. Retrieve details using the appropriate tool
 
 ---
 
+
 ## Step 1: Identify Resource Type
 
 Classify the resource based on naming convention or context:
 
-```
-model X.mas                  → MAS model (default for "model X")
-model X.scr                  → SCR model
-table X in library Y         → CAS or SAS table
-```
+| Pattern                        | Resource Type |
+|--------------------------------|--------------|
+| model X.mas or "model X"       | MAS model    |
+| model X.scr                    | SCR model    |
+| table X in library Y           | Table        |
+
+If resource type cannot be determined, ask the user for clarification.
 
 ---
 
-## Step 2: Verify Resource Exists
+## Step 2: Verify Resource Exists (if required)
 
-Use find-resources skill to confirm resource exists before retrieval:
+| Resource Type | Verification Required? | How to Verify |
+|---------------|-----------------------|---------------|
+| MAS model     | Yes                   | find-model    |
+| SCR model     | No                    | —             |
+| Table         | Yes                   | find-table    |
 
-### Find MAS Model
-```
-find-resources skill → find-model
-Tool: sas-score-find-model({ name: "<model>" })
-```
+If resource type is not supported, respond with: "Unsupported resource type. Please specify MAS model, SCR model, or table."
 
 ### Find SCR Model
 ```

package/.skills/skills/find-resources/SKILL.md

@@ -2,14 +2,14 @@
 name: find-resources
 description: >
   Unified resource verification skill. Use the appropriate find tool before any execution.
-  Determines server for tables (CAS vs SAS). Never use list tools for finding; list tools are for discovery only.
+  Determines server for tables (CAS vs SAS). Never use list tools for verifying or finding specific resources; list tools are for discovery and exploration only.
 ---
 
 # Unified Resource Finding Strategy
 
 Use this strategy to verify that a resource exists before executing any action.
 
-Do **not** use list tools for finding specific resources. List tools are for listing available resources  and exploration, not verification.
+Do **not** use list tools for verifying or finding specific resources. List tools are for discovery and exploration only, not for confirming the existence of a specific resource.
 
 ## Resource Types and Find Tools
 
@@ -19,12 +19,13 @@ Do **not** use list tools for finding specific resources. List tools are for lis
 
 **Tool**: `sas-score-find-library`
 
+
 **Logic**:
-- If server is specified: Use that server directly
-- If server is not specified:
-  1. Try CAS first: `sas-score-find-library({ name: "<lib>", server: "cas" })`
-  2. If not found, uppercase Lib and try SAS with uppercase name: `sas-score-find-library({ name: "<LIB>", server: "sas" })`
-  3. Report which server (or not found in either)
+1. If server is specified: Use that server directly.
+2. If server is not specified:
+  - Step 1: Try CAS first: `sas-score-find-library({ name: "<lib>", server: "cas" })`
+  - Step 2: If not found in CAS, try SAS with the library name uppercased: `sas-score-find-library({ name: "<LIB>", server: "sas" })`
+  - Step 3: Report which server (or not found in either)
 
 **Known default libraries**:
 - CAS: Casuser, Formats, ModelPerformanceData, Models, Public, Samples, SystemData
@@ -43,22 +44,22 @@ Do **not** use list tools for finding specific resources. List tools are for lis
 - Table name
 - Server (determined from library context or user specification)
 
+
 **Logic**:
-- If you already know that the table exists in a specific server return that result directly,
-otherwise follow these steps:
-  1. If library is a known CAS library (Casuser, Public, Samples, etc.), use cas as server 
-  2. If library is a known SAS library (SASHELP, WORK, SASUUSER, etc.), use sas as server
-  3. If the server has been identified in an earlier step for this library, use that as the server
-
-  4. If server is known at this point:
-    1. if server is sas, uppercase library name and try: `sas-score-find-table({ lib: "<LIB>", name: "<table>", server: "sas" })`
-    2.find the table: `sas-score-find-table({ lib: "<library>", name: "<table>", server: "<server" });`
-  5. If server is not known
-      1. Try CAS first: `sas-score-find-table({ lib: "<library>", name: "<table>", server: "cas" })`
-      2. If not found, uppercase Lib and try SAS: `sas-score-find-table({ lib: "<LIBRARY>", name: "<table>", server: "sas" })`
-  6. If the table was found report success and server. 
-  7. If not found, report failure.
-  
+1. If you already know that the table exists in a specific server, return that result directly.
+2. Otherwise, follow these steps:
+  - Step 1: If library is a known CAS library (Casuser, Public, Samples, etc.), use CAS as server.
+  - Step 2: If library is a known SAS library (SASHELP, WORK, SASUSER, etc.), use SAS as server.
+  - Step 3: If the server has been identified in an earlier step for this library, use that as the server.
+3. If server is known at this point:
+  - If server is SAS, uppercase the library name and try: `sas-score-find-table({ lib: "<LIB>", name: "<table>", server: "sas" })`
+  - Otherwise, use the provided server: `sas-score-find-table({ lib: "<library>", name: "<table>", server: "<server>" })`
+4. If server is not known:
+  - Step 1: Try CAS first: `sas-score-find-table({ lib: "<library>", name: "<table>", server: "cas" })`
+  - Step 2: If not found in CAS, try SAS with the library name uppercased: `sas-score-find-table({ lib: "<LIBRARY>", name: "<table>", server: "sas" })`
+5. If the table was found, report success and server.
+6. If not found, report failure.
+
 **Output**: Table server location (CAS or SAS)
 
 ---
@@ -100,7 +101,9 @@ otherwise follow these steps:
 
 **Trigger**: "find scr model X", "does scr model X exist"
 
+
 **Action**: Ask user for the SCR URL/endpoint. SCR models do not have a pre-verification tool.
+If the SCR URL/endpoint is invalid or missing, prompt the user to provide a valid URL.
 
 
 ---

package/.skills/skills/list-resource/SKILL.md

@@ -7,8 +7,21 @@ description: >
 
 # Unified Resource Listing Strategy
 
+
 Use this strategy to discover and browse available resources (libraries, tables, models, jobs, jobdefs).
 
+## Resource Type to Tool Mapping
+
+| Resource Type | List Tool |
+|--------------|-----------|
+| Libraries    | sas-score-list-libraries |
+| Tables       | sas-score-list-tables    |
+| Models       | sas-score-list-models    |
+| Jobs         | sas-score-list-jobs      |
+| JobDefs      | sas-score-list-jobdefs   |
+
+Use this table to select the correct tool for each resource type. Then follow the logic for parameters and pagination below.
+
 ## Resource Types and List Tools
 
 ### 1. List Libraries
@@ -58,8 +71,8 @@ sas-score-list-libraries({ server: "all", start: 11, limit: 10 })
 
 **Logic**:
 - If library is a known CAS library (Casuser, Public, Samples, etc.), use CAS
-- If library is a known SAS library (SASHELP, WORK, SASUUSER, etc.), use SAS
-- If ambiguous: Ask user or try both
+- If library is a known SAS library (SASHELP, WORK, SASUSER, etc.), use SAS
+- If ambiguous: Ask the user to clarify. If no clarification is provided, attempt both options (CAS and SAS) and return results for each, clearly labeled by server.
 
 **Parameters**:
 ```

package/.skills/skills/read-strategy/SKILL.md

@@ -11,8 +11,8 @@ Use this strategy when the user requests to read, fetch, or query data from a ta
 ## Prerequisites
 
 Before reading:
-1. Verify the table exists using FIND-RESOURCE strategy
-2. Determine the server (CAS or SAS) from Step 1
+1. Verify the table exists using find-resource strategy
+2. Determine the server (CAS or SAS) from the find-resource verification step. If the server cannot be determined, ask the user to specify. Do not proceed with a default server unless explicitly instructed by the user.
 
 ---
 
@@ -31,9 +31,9 @@ Before reading:
 
 **Parameters**:
 ```
-lib: "<library>"           # from FIND-RESOURCE verification
-table: "<table>"           # from FIND-RESOURCE verification
-server: "cas" or "sas"     # from FIND-RESOURCE verification
+lib: "<library>"           # from find-resource verification
+table: "<table>"           # from find-resource verification
+server: "cas" or "sas"     # from find-resource verification
 start: <row number>        # default 1
 limit: <max rows>          # default 10, max 1000
 where: "<SQL WHERE clause>"  # optional filter
@@ -83,6 +83,7 @@ sas-score-sas-query({
 
 ---
 
+
 ## Decision Tree
 
 ```
@@ -91,6 +92,8 @@ User requests data from table
 Is it an aggregation? (count, sum, avg, group by, distinct, etc.)
   ├─ YES → Use sas-score-sas-query
   └─ NO → Use sas-score-read-table
+
+If the user's intent is ambiguous or mixes aggregation and raw reads, ask the user to clarify whether they want raw records or aggregated results before proceeding.
 ```
 
 ---
@@ -106,8 +109,8 @@ Is it an aggregation? (count, sum, avg, group by, distinct, etc.)
 
 | Error | Action |
 |---|---|
-| Table not found | Verify table exists with FIND-RESOURCE first |
-| Server mismatch | Use server from FIND-RESOURCE verification |
+| Table not found | Verify table exists with find-resource first |
+| Server mismatch | Use server from find-resource verification |
 | Empty result | Ask user to adjust WHERE clause or criteria |
 | Column not found | Ask user to verify column name (case sensitivity) |
 

package/.skills/skills/request-routing/SKILL.md

@@ -14,7 +14,7 @@ Before executing any action, verify that the target resources exist.
 
 | Resource Type | Find Tool | Notes |
 |---|---|---|
-| Library | `sas-score-find-library` | Specify server (cas or sas). For tables, determine server here. |
+| Library | `sas-score-find-library` | For tables, if server is not specified (cas or sas), determine server here. Other resource types do not require server specification. |
 | Table | `sas-score-find-table` | Requires library name and server. |
 | MAS Model | `sas-score-find-model` | No server selection. |
 | Job | `sas-score-find-job` | No server selection. |
@@ -50,15 +50,23 @@ Combine verification and execution results:
 
 ---
 
-## Special Case: Read + Score (Combined Workflow)
 
-When the user requests scoring records from a table:
+## Special Case: Read + Score (Combined Workflow)
 
-1. **Verify**: Find the table (determine server), find the model.
-2. **Read**: Fetch rows from the table using `sas-score-read-table` or `sas-score-sas-query`.
-3. **Map**: Check if table columns match model input variables. Ask user for mapping if needed.
-4. **Score**: Score each row using `sas-score-mas-score` (for MAS) or `sas-score-scr-score` (for SCR).
-5. **Merge**: Combine predictions with original rows.
+When the user requests scoring records from a table, follow these sub-workflows in order:
+
+1. **Verify**
+  - Find the table (determine server as described above)
+  - Find the model
+2. **Read**
+  - Fetch rows from the table using `sas-score-read-table` or `sas-score-sas-query`
+3. **Map**
+  - Check if table columns match model input variables
+  - If not, ask user for mapping
+4. **Score**
+  - Score each row using `sas-score-mas-score` (for MAS) or `sas-score-scr-score` (for SCR)
+5. **Merge**
+  - Combine predictions with original rows
 
 ---
 

package/.skills/skills/score-strategy/SKILL.md

@@ -3,6 +3,8 @@ name: score-strategy
 description: >
   Unified scoring workflow. Handles MAS, Job, JobDef, SCR, and combined read+score scenarios.
   Always verify resources before scoring.
+
+  To reduce cognitive load, follow the stepwise flowchart below for scoring requests.
 ---
 
 # Score Strategy
@@ -17,6 +19,7 @@ Use this strategy when the user requests model scoring, predictions, or running
 
 ---
 
+
 ## Step 1: Parse the Score Request
 
 Identify the scoring target (model type) and input source:
@@ -28,7 +31,23 @@ score with model X.mas       → MAS model
 score with model X.job       → Job
 score with model X.jobdef    → JobDef
 score with model X.scr       → SCR model
-score with model X           → Default to MAS
+score with model X (default to MAS if type is not specified) → MAS model
+```
+
+### Visual Flowchart
+
+```mermaid
+flowchart TD
+  A[User score request] --> B{Model type specified?}
+  B -- .mas --> C[MAS model]
+  B -- .job --> D[Job]
+  B -- .jobdef --> E[JobDef]
+  B -- .scr --> F[SCR model]
+  B -- none --> C
+  C --> G[Verify MAS model]
+  D --> H[Verify Job]
+  E --> I[Verify JobDef]
+  F --> J[Skip verification]
 ```
 
 ### Identify Input Source

package/README.md

@@ -1,5 +1,6 @@
 # sas-score-mcp-serverjs
-A Model Context Protocol (MCP) Server for Scoring with SAS Viya
+A Model Context Protocol (MCP) Server for Scoring with SAS Viya. 
+See [wiki](https://github.com/sassoftware/sas-score-mcp-serverjs/wiki) for the capabilities of the server.
 
 ## Major changes in release 1.0.0
 
@@ -22,6 +23,17 @@ Some examples are:
   - job Definitions
   - jobs using SAS Studio or other interfaces
 
+## Capabilities
+
+The tools can be grouped into these categories
+
+- Scoring with MAS models, job, jobdef and scr
+- Viewing and querying tables
+
+Supporting tools can be grouped into these categories
+- Listing of  MAS models, job, jobdef , tables
+- Describing MAS models, job, jobdef, scr and tables
+
 ## Target Audience
 This MCP server was developed for two types of SAS users.
 
@@ -45,7 +57,9 @@ Typically these are set either in the .env file or as environment variables or a
 ### Required Options
 
 VIYA_SERVER=<url for Viya server>
+
 MCPTYPE=http|stdio
+
 MCPHOST=<url for the mcp server = http://localhost:8080 or some remote mcp server>
 
 >Recommended authflow is oauth - the most secure of all the options since all oauth flow occurs in the server and the actual token is never sent to the client. Bearer authflow is useful when the mcp server is remote with its own authentication process
@@ -80,28 +94,23 @@ CASSERVER=CAS server name (default: cas-shared-default)
 COMPUTECONTEXT=Compute session name or context (default: SAS Job Execution compute context) 
 ```
 
-## Agent
+## Agent and skills
 
 > The mcp server can be deployed as an agent in github copilot
 > The configuration files for claude can be installed locally. You have to move the files to the appriopiate place.
 
-Specify the following configuration values to enable agent mode
-
-```env
-AGENT=TRUE
-MCPCLIENT=github|claude
-```
-
-By default the agent information is installed in the user's home directory as .github or .claude} To install it where the mcp server is running do the following:
+To download the skills to your environment issue this command:
 
-```env
-MCPCLIENT=.github|.claude
+```sh
+npx @sassoftware/sas-score-mcp-serverjs --skills github|claude
 ```
+The skills and related files will be written to .github or .claude 
 
 
 ## Configure the mcp client for localhost
 
-The mcp configuration is show below
+The mcp configuration for oauth flow. For remote mcp, change the url to the
+appropriate url.
 
 ```json
  "sasmcp": {
@@ -113,19 +122,17 @@ The mcp configuration is show below
  }
 ```
 
-For remote mcp servers:
+For bearer authflow. 
 ```json
  "sasmcp": {
     "type": "http",
     "url": "your remote mcp server`,
-    "oauth": {
-      "type": 'oauth2
-    }
+    "headers" {
+      "Authorization": "bearer <tokenstring>"
+      }
  }
 ```
 
-For transport protocol stdio. For claude drop the type
-
 ```json
 "sas-mcp-server": {
       "type: "stdio"
@@ -144,13 +151,21 @@ For transport protocol stdio. For claude drop the type
 #### Step 2: Start the mcp server
 
 If using stdio transport, most of the mcp clients will start the server automatically.
-But this step is necessary of using http transport.
-
+But for http transport, the mcp server must be started. 
 
+If running locally
 ```sh
 npx @sassoftware/sas-score-mcp-serverjs@latest
 ```
 
+The mcp is also available as a docker image. Add or remove the env variables as needed.
+
+```sh
+docker run -p 8080:8080 --name sasscore -e VIYA_SERVER=<yourviayserver> -e AUTHFLOW=oauth ghcr.io/sassoftware/sas-score-mcp-serverjs:latest
+```
+
+If you want to run it in docker then use docker run:
+
 Make sure that the .env file is in the current working directory or specify the options in the command line
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sassoftware/sas-score-mcp-serverjs",
-  "version": "1.0.1-26",
+  "version": "1.0.1-29",
   "description": "A mcp server for SAS Viya",
   "author": "Deva Kumar <deva.kumar@sas.com>",
   "license": "Apache-2.0",

package/src/expressMcpServer.js

@@ -50,6 +50,25 @@ async function expressMcpServer(mcpServer, cache, baseAppEnvContext) {
   const pkceStore = new Map(); // ourState -> { codeVerifier, clientRedirectUri, clientState }
   const codeStore = new Map(); // ourCode   -> { access_token, refresh_token, expires_in }
 
+  // Create ONE shared transport for all sessions/users
+  const sharedTransport = new StreamableHTTPServerTransport({
+    sessionIdGenerator: () => randomUUID(),
+    enableJsonResponse: true,
+    enableDnsRebindingProtection: true,
+    onsessioninitialized: (sessionId) => {
+      console.error("[Note] Session initialized with ID:", sessionId);
+    },
+  });
+
+  // Connect mcpServer to the shared transport ONCE
+  await mcpServer.connect(sharedTransport);
+  console.error("[Note] MCP Server connected to shared transport");
+
+  // Store the shared transport for use in request handlers
+  cache.set("sharedTransport", sharedTransport);
+  const transports = new Map(); // Track active session transports for cleanup
+  cache.set("transports", transports);
+
   app.get('/.well-known/oauth-protected-resource', (req, res) => {
     let payload = {
       resource: `${baseAppEnvContext.mcpHost}/mcp`,
@@ -152,67 +171,28 @@ async function expressMcpServer(mcpServer, cache, baseAppEnvContext) {
 
   // process mcp endpoint requests
   const handleRequest = async (req, res) => {
-    let transport = null;
-    let transports = cache.get("transports");
+    let transport = cache.get("sharedTransport");
     console.error("=========================================================");
     console.error("Processing POST /mcp request");
-    if (transports == null) {
-      console.error("[Error] ***** transports cache is null. This is an error");
-      transports = {};
-      cache.set("transports", transports);
-    }
 
-    console.error("current transports in cache:", Object.keys(transports));
+    console.error("current active sessions:", cache.get("transports").size);
     try {
 
       let sessionId = req.headers["mcp-session-id"];
       console.error("[Note]Incoming session ID:", sessionId);
       let body = (req.body == null) ? 'no body' : JSON.stringify(req.body);
       console.error('[Note] Payload is ', body);
-      if (/*!sessionId &&*/ isInitializeRequest(req.body)) {
-        // create transport
-        console.error("[Note] Initializing new transport for MCP session...");
-
-        transport = new StreamableHTTPServerTransport({
-          sessionIdGenerator: () => randomUUID(),
-          enableJsonResponse: true,
-          enableDnsRebindingProtection: true,
-          onsessioninitialized: (sessionId) => {
-            // Store the transport by session ID
-            console.error('Session initialized');
-            console.error("[Note] Transport initialized with ID:", sessionId);
-            transports[sessionId] = transport;
-          },
-        });
-        // Clean up transport when closed
-        transport.onclose = () => {
-          if (transport.sessionId && transports[transport.sessionId]) {
-            delete transports[transport.sessionId];
-          }
-        };
-        console.error("[Note] Connecting mcpServer to new transport...");
-        await mcpServer.connect(transport);
-
-        // Save transport data and app context for use in tools
-        console.error('[Note] Connected to mcpServer');
-        cache.set("transports", transports);
+      if (!sessionId && isInitializeRequest(req.body)) {
+        // Use the shared transport for new initialization request
+        console.error("[Note] Initializing new session with shared transport...");
         console.error("=======================================================");
         return await transport.handleRequest(req, res, req.body);
 
-        // cache transport
-
       } else if (sessionId != null) {
         console.error('[Note] Incoming session ID:', sessionId);
-        transport = transports[sessionId];
-        console.error("[Note] Found transport:", transport != null);
-        if (transport == null) {
-          // this can happen if client is holding on to old session id 
-          console.error("[Error] No transport found for session ID:", sessionId, "Returning a 404 error with instructions for the user");
-          res.status(404).send(`Invalid or missing session ID ${sessionId}. Please ensure your MCP client is configured to use the correct session ID returned in the 'mcp-session-id' header of the response from the /mcp endpoint.`);
-          return;
-        }
-
-        // post the curren session - used to pass _appContext to tools
+        console.error("[Note] Using shared transport for session ID:", sessionId);
+        
+        // post the current session - used to pass _appContext to tools
         cache.set("currentId", sessionId);
 
         // get app context for session
@@ -230,7 +210,6 @@ async function expressMcpServer(mcpServer, cache, baseAppEnvContext) {
           _appContext = Object.assign(_appContext, headerCache);
           cache.set(sessionId, _appContext);
         }
-        console.error("[Note] Using existing transport for session ID:", sessionId);
         console.error("==========================================================");
         await transport.handleRequest(req, res, req.body);
         return;
@@ -260,20 +239,20 @@ async function expressMcpServer(mcpServer, cache, baseAppEnvContext) {
     const sessionId = req.headers["mcp-session-id"];
     console.error("[Note] SessionId:", sessionId);
 
-    let transports = cache.get("transports");
-    let transport = (sessionId == null) ? null : transports[sessionId];
-    console.error("[Note] Transport found:", transport != null);
-    if (!sessionId || transport == null) {
+    let transport = cache.get("sharedTransport");
+    console.error("[Note] Using shared transport");
+    /*
+    if (!sessionId) {
       res.status(404).send(`[Error] In ${req.method}: Invalid or missing session ID ${sessionId}`);
       return;
     }
+      */
     if (req.method === "GET") {
       await transport.handleRequest(req, res);
       return;
     }
     if (req.method === "DELETE" && sessionId != null) {
-      console.error("[Note] Deleting transport and cache for session ID:", sessionId);
-      delete transports[sessionId];
+      console.error("[Note] Deleting cache for session ID:", sessionId);
       cache.del(sessionId);
       res.status(201).send(`[Info] Deleted session ${sessionId}`);
     }

package/src/oauthHandlers/authorize.js

@@ -1,4 +1,7 @@
-//authorize
+/*
+ * Copyright © 2026, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
 import { randomBytes, createHash } from "node:crypto";
 import baseUrl from "./baseUrl.js";
 

package/src/oauthHandlers/baseUrl.js

@@ -1,3 +1,7 @@
+/*
+ * Copyright © 2026, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
 function baseUrl(appContext) {
     const protocol = appContext.HTTPS === "TRUE" ? "https" : "http";
     //const host = "localhost";

package/src/oauthHandlers/callback.js

@@ -1,3 +1,7 @@
+/*
+ * Copyright © 2026, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
 import baseUrl from "./baseUrl.js";
 import { Agent, fetch as undiciFetch } from "undici";
 import { randomUUID } from "node:crypto";

package/src/oauthHandlers/getMetadata.js

@@ -1,3 +1,7 @@
+/*
+ * Copyright © 2026, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
 import baseUrl from "./baseUrl.js";
 function getMetadata(req, res, appEnvContext) {
     let base = '';

package/src/oauthHandlers/index.js

@@ -1,3 +1,7 @@
+/*
+ * Copyright © 2026, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
 import authorize from "./authorize.js";
 import callback from "./callback.js";   
 import token from "./token.js";