@sassoftware/sas-score-mcp-serverjs 1.0.1-9 → 1.1.1

package/scripts/update_descriptions.py

@@ -1,46 +0,0 @@
-#!/usr/bin/env python3
-import re
-import os
-
-os.chdir('c:/dev/github/sas-score-mcp-serverjs')
-
-# Update runJob.js
-file_path = 'src/toolSet/runJob.js'
-with open(file_path, 'r', encoding='utf-8') as f:
-    content = f.read()
-
-new_desc = """run-job — execute a deployed SAS Viya job.
-
-USE when: run job, execute job, run with parameters
-DO NOT USE for: arbitrary SAS code (use run-sas-program), macros (use run-macro), list/find jobs
-
-PARAMETERS
-- name: string — job name (required)
-- scenario: string | object — input parameters. Accepts: "x=1, y=2" or {x:1, y:2}
-
-ROUTING RULES
-- "run job xyz" → { name: "xyz" }
-- "run job xyz with param1=10, param2=val2" → { name: "xyz", scenario: {param1:10, param2:"val2"} }
-
-EXAMPLES
-- "run job xyz" → { name: "xyz" }
-- "run job monthly_etl with month=10, year=2025" → { name: "monthly_etl", scenario: {month:10, year:2025} }
-
-NEGATIVE EXAMPLES (do not route here)
-- "run SAS code" (use run-sas-program)
-- "run macro X" (use run-macro)
-- "list jobs" (use list-jobs)
-- "find job X" (use find-job)
-
-ERRORS
-Returns log output, listings, tables from job. Error if job not found."""
-
-# Use a more flexible pattern
-pattern = r'let description = `\n## run-job.*?`;\n'
-replacement = f'let description = `\n{new_desc}\n`;\n'
-updated = re.sub(pattern, replacement, content, flags=re.DOTALL)
-
-with open(file_path, 'w', encoding='utf-8') as f:
-    f.write(updated)
-
-print(f"✓ Updated {file_path}")

package/src/authpkce.js

@@ -1,219 +0,0 @@
-/**
- * SAS Viya PKCE Authorization Flow
- *
- * Uses the Authorization Code flow with PKCE (RFC 7636).
- * Starts a local HTTP server to capture the redirect callback.
- *
- * Usage:
- *   node sas-viya-pkce-auth.js
- *
- * Prerequisites:
- *   - A SAS Viya client registered with:
- *       grant_types: authorization_code
- *       redirect_uri: http://localhost:3000/callback
- *       PKCE enabled (no client_secret required)
- */
-
-import http from "http";
-import https from "https";
-import crypto from "crypto";
-import url from "url";
-
-    let VIYA_SERVER=process.env.VIYA_SERVER;
-    let PORT=8080;
-    let CLIENTID='pkcemcp';
-    // ── Configuration ────────────────────────────────────────────────────────────
-  
-    const CONFIG = {
-        authBaseUrl: `${VIYA_SERVER}/oauth/SASLogon`,
-        clientId: CLIENTID,       // <-- replace with your client ID
-        redirectUri: `http://localhost:${PORT}/callback`,
-        scopes: "openid profile",
-        localPort: PORT,
-    };
-
-    main().catch((err) => {
-      console.error("Unexpected error:", err);
-      process.exit(1);
-    });
-
-    // ─────────────────────────────────────────────────────────────────────────────
-
-    // Generate a cryptographically random code verifier (43–128 chars, base64url)
-    function generateCodeVerifier() {
-        return crypto.randomBytes(64).toString("base64url");
-    }
-
-    // Derive the code challenge: BASE64URL(SHA-256(verifier))
-    function generateCodeChallenge(verifier) {
-        return crypto.createHash("sha256").update(verifier).digest("base64url");
-    }
-
-    // Build the SASLogon authorization URL
-    function buildAuthUrl(codeChallenge, state) {
-        const params = new URLSearchParams({
-            response_type: "code",
-            client_id: CONFIG.clientId,
-            redirect_uri: CONFIG.redirectUri,
-            scope: CONFIG.scopes,
-            state,
-            code_challenge: codeChallenge,
-            code_challenge_method: "S256",
-        });
-        return `${CONFIG.authBaseUrl}/authorize?${params}`;
-    }
-
-    // Exchange the authorization code for tokens
-    function exchangeCodeForTokens(code, codeVerifier) {
-        return new Promise((resolve, reject) => {
-            const body = new URLSearchParams({
-                grant_type: "authorization_code",
-                client_id: CONFIG.clientId,
-                redirect_uri: CONFIG.redirectUri,
-                code,
-                code_verifier: codeVerifier,
-            }).toString();
-
-            const tokenUrl = new URL(`${CONFIG.authBaseUrl}/token`);
-
-            const options = {
-                hostname: tokenUrl.hostname,
-                port: tokenUrl.port || 443,
-                path: tokenUrl.pathname,
-                method: "POST",
-                headers: {
-                    "Content-Type": "application/x-www-form-urlencoded",
-                    "Content-Length": Buffer.byteLength(body),
-                },
-                // Remove the line below if your Viya instance has a valid TLS cert
-                rejectUnauthorized: false,
-            };
-
-            const req = https.request(options, (res) => {
-                let data = "";
-                res.on("data", (chunk) => (data += chunk));
-                res.on("end", () => {
-                    try {
-                        const parsed = JSON.parse(data);
-                        if (res.statusCode >= 400) {
-                            reject(new Error(`Token error (${res.statusCode}): ${data}`));
-                        } else {
-                            resolve(parsed);
-                        }
-                    } catch {
-                        reject(new Error(`Failed to parse token response: ${data}`));
-                    }
-                });
-            });
-
-            req.on("error", reject);
-            req.write(body);
-            req.end();
-        });
-    }
-
-    // Wait for the browser redirect and extract code + state
-    function waitForCallback(expectedState) {
-        return new Promise((resolve, reject) => {
-            const server = http.createServer((req, res) => {
-                const parsed = url.parse(req.url, true);
-
-                if (parsed.pathname !== "/callback") {
-                    res.writeHead(404);
-                    res.end("Not found");
-                    return;
-                }
-
-                const { code, state, error, error_description } = parsed.query;
-
-                res.writeHead(200, { "Content-Type": "text/html" });
-                res.end(`
-        <html><body>
-          <h2>${error ? "Authorization failed" : "Authorization successful!"}</h2>
-          <p>You may close this tab.</p>
-        </body></html>
-      `);
-
-                server.close();
-
-                if (error) {
-                    reject(new Error(`OAuth error: ${error} — ${error_description}`));
-                    return;
-                }
-                if (state !== expectedState) {
-                    reject(new Error("State mismatch — possible CSRF attack"));
-                    return;
-                }
-
-                resolve(code);
-            });
-
-            server.listen(CONFIG.localPort, () => {
-                console.error(`Listening on http://localhost:${CONFIG.localPort}/callback`);
-            });
-
-            server.on("error", reject);
-        });
-    }
-
-    // Main flow
-    async function main() {
-        const codeVerifier = generateCodeVerifier();
-        const codeChallenge = generateCodeChallenge(codeVerifier);
-        const state = crypto.randomBytes(16).toString("hex");
-
-        const authUrl = buildAuthUrl(codeChallenge, state);
-
-        console.error("\nOpen this URL in your browser to log in:\n");
-        console.error(authUrl);
-        console.error();
-
-        // Try to auto-open in the default browser (best-effort)
-        try {
-            const { exec } = require("child_process");
-            const cmd =
-                process.platform === "win32"
-                    ? `start "" "${authUrl}"`
-                    : process.platform === "darwin"
-                        ? `open "${authUrl}"`
-                        : `xdg-open "${authUrl}"`;
-            exec(cmd);
-        } catch {
-            // ignore — user can open manually
-        }
-
-        let code;
-        try {
-            code = await waitForCallback(state);
-        } catch (err) {
-            console.error("Callback error:", err.message);
-            return null;
-        }
-
-        console.error("Authorization code received. Exchanging for tokens...");
-
-        let tokens;
-        try {
-            tokens = await exchangeCodeForTokens(code, codeVerifier);
-        } catch (err) {
-            console.error("Token exchange error:", err.message);
-            return null;
-        }
-
-        console.error("\nTokens received:");
-        console.error("  access_token :", tokens.access_token?.slice(0, 40) + "...");
-        console.error("  token_type   :", tokens.token_type);
-        console.error("  expires_in   :", tokens.expires_in, "seconds");
-        if (tokens.refresh_token) {
-            console.error("  refresh_token:", tokens.refresh_token.slice(0, 20) + "...");
-        }
-        if (tokens.id_token) {
-            console.error("  id_token     :", tokens.id_token.slice(0, 40) + "...");
-        }
-
-        // tokens.access_token is ready to use as a Bearer token for Viya REST APIs
-        return tokens.access_token
-    }
-
-
-  

package/src/handleGetDelete.js

@@ -1,34 +0,0 @@
-/*
- * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-
-async function handleGetDelete(mcpServer, cache, req, h) {
-    const sessionId = req.headers["mcp-session-id"];
-    console.error("=======================================================");
-    console.error(`[Note] Handling ${req.method} for session ID:`, sessionId);
-    let transports = cache.get("transports");
-    let transport = transports[sessionId];
-    if (!sessionId || transport == null) {
-        console.error('[Note] Looks like a fresh start - no session id or transport found');
-        return h.abandon;
-    }
-
-     if (req.method === "GET") {
-        // You can customize the response as needed
-        console.error("[Note] Payload:", req.payload);
-        console.error("======================================================");
-        await transport.handleRequest(req.raw.req, req.raw.res, req.payload);
-        return h.abandon;
-     }
-
-    if (req.method === "DELETE") {
-        console.error("[Note] Deleting transport and cache for session ID:", sessionId);
-        delete transports[sessionId];
-        cache.del(sessionId);
-        return h.response(`[Info] In DELETE: Session ID ${sessionId} deleted`).code(201);
-    }
-
-    
-}
-export default handleGetDelete;

package/src/handleRequest.js

@@ -1,112 +0,0 @@
-import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
-import { randomUUID } from "node:crypto";
-import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
-
-async function handleRequest(mcpServer, cache, req, h, credentials) {
-  let headerCache = {};
-  let transport;
-  let transports = cache.get("transports");
-  try {
-
-    headerCache = customHeaders(req, h);
-    let sessionId = req.headers["mcp-session-id"];
-
-    // we have session id, get existing transport
-
-    if (sessionId != null) {
-      /* existing transport */
-      transport = transports[sessionId];
-      if (transport == null) {
-        h.response({ isError: true, content: [{ type: 'text', text: 'Session not found. Please re-initialize the MCP client.' }] }).code(400).type('application/json');
-        return h.abandon;
-      }
-    }
-      
-    if (sessionId != null && transport != null) {
-      // post the curren session - used to pass _appContext to tools
-      cache.set("currentId", sessionId);
-
-      // get app context for session
-      let _appContext = cache.get(sessionId);
-
-      //if first prompt on a sessionid, create app context
-
-      if (_appContext == null) {
-        console.error("[Note] Creating new app context for session ID:", sessionId);
-        let appEnvTemplate = cache.get("appEnvTemplate");
-        _appContext = Object.assign({}, appEnvTemplate, headerCache);
-        if (headerCache.AUTHFLOW === 'bearer') {
-          _appContext.contexts.AUTHFLOW =  'bearer';
-          _appContext.contexts.bearerToken = headerCache.bearerToken;
-        }
-        _appContext.contexts.oauthInfo = credentials;
-        cache.set(sessionId, _appContext);
-      }
-      console.error("[Note] Using existing transport for session ID:", sessionId);
-      return await transport.handleRequest(req.raw.req, req.raw.res, req.payload);
-    }
-
-    // initialize request
-    else if (!sessionId && isInitializeRequest(req.payload)) {
-      // create transport
-      console.error("[Note] Initializing new transport for MCP request...");
-      transport = new StreamableHTTPServerTransport({
-        sessionIdGenerator: () => randomUUID(),
-        enableJsonResponse: true,
-        onsessioninitialized: (sessionId) => {
-          // Store the transport by session ID
-          transports[sessionId] = transport;
-        },
-      });
-      // Clean up transport when closed
-      transport.onclose = () => {
-        if (transport.sessionId) {
-          delete transports[transport.sessionId];
-        }
-      };
-      console.error("[Note] Connecting mcpServer to new transport...");
-      await mcpServer.connect(transport);
-   
-      // Save transport data and app context for use in tools
-       cache.set("transports", transports);
-      return await transport.handleRequest(req.raw.req, req.raw.res, req.payload);
-      // cache transport
-
-
-    }
-  }
-  catch (error) {
-    console.error("Error handling MCP request:", error);
-    let r = { isError: true, content: [{ type: 'text', text: 'Internal server error occurred while processing the request.' }] };
-    return h.response(r).code(500).type('application/json');
-  }
-  function customHeaders(req, h) {
-
-    // process any new header information
-
-    // Allow different VIYA server per sessionid(user)
-    let headerCache = {};
-    if (req.headers["X-VIYA-SERVER"] != null) {
-      console.error("[Note] Using user supplied VIYA server");
-      headerCache.VIYA_SERVER = req.header("X-VIYA-SERVER");
-    }
-
-    // used when doing autorization via mcp client
-    // ideal for production use
-    const hdr = req.headers["Authorization"];
-    if (hdr != null) {
-      headerCache.bearerToken = hdr.slice(7);
-      headerCache.AUTHFLOW = "bearer";
-    }
-
-    // faking out api key since Viya does not support 
-    // not ideal for production
-    const hdr2 = req.headers["X-REFRESH-TOKEN"];
-    if (hdr2 != null) {
-      headerCache.refreshToken = hdr2;
-      headerCache.AUTHFLOW = "refresh";
-    }
-    return headerCache;
-  }
-};
-export default handleRequest;

package/src/hapiMcpServer.js

@@ -1,241 +0,0 @@
-/*
- * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-import appServer from "@sassoftware/viya-serverjs";
-import handleRequest from "./handleRequest.js";
-import handleGetDelete from "./handleGetDelete.js";
-import urlOpen from "./urlOpen.js";
-import fs from "fs";
-
-async function hapiMcpServer(mcpServer, cache, baseAppEnvContext) {
-
-  console.error('Starting Hapi MCP server...');
-  console.error("[Note]: Hapi MCP server started...", baseAppEnvContext.AUTHFLOW);
-  process.env.REDIRECT = `/status`;
-  process.env.APPHOST = '0.0.0.0';
-  let r = await appServer.asyncCore(mcpHandlers, true, 'app', null);
-  console.error('Hapi server running result:', r);
-  if (baseAppEnvContext.AUTHFLOW === 'code' && baseAppEnvContext.AUTOLOGON === 'TRUE') {
-    await urlOpen(r);
-  }
-  return r;
-
-  // add MCP handlers to the app server
-
-  function mcpHandlers() {
-    function getHtml() {
-      return `
-      <!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>sas-score-mcp-server</title>
-    <style>
-        * {
-            margin: 0;
-            padding: 0;
-            box-sizing: border-box;
-        }
-
-        body {
-            font-family: Arial, sans-serif;
-            height: 100vh;
-            overflow: hidden;
-        }
-
-        dialog {
-            position: fixed;
-            left: 50%;
-            right: auto;
-            top: 0;
-            transform: translateX(-50%);
-            width: fit-content;
-            height: fit-content;
-            border: none;
-            border-radius: 4px;
-            padding: 16px;
-            box-shadow: 0 6px 20px rgba(0, 0, 0, 0.3);
-        }
-
-        dialog::backdrop {
-            background-color: rgba(0, 0, 0, 0.1);
-        }
-
-        dialog h2 {
-            font-size: 18px;
-            margin-bottom: 12px;
-            color: #000;
-        }
-
-        dialog p {
-            font-family: 'Courier New', monospace;
-            font-size: 12px;
-            width: fit-content;
-            line-height: 1.6;
-            color: #333;
-            word-wrap: break-word;
-            white-space: pre-wrap;
-        }
-
-        /* Window styling to show it's 10px larger than dialog */
-        body::before {
-            display: none;
-        }
-    </style>
-</head>
-<body>
-    <dialog open>
-        <h2>sas-score-mcp-server</h2>
-        <p>The mcp server is now ready for use. </p>
-        <p>You can close this window</p>
-        <p>For information on the tools see this documentation link:</p>
-            <a href="https://github.com/sassoftware/sas-score-mcp-serverjs/wiki   " target="_blank">Summary of tools  </a>
-    </p>
-    </dialog>
-</body>
-</html>
-`;
-
-    }
-    let routes = [
-      {
-        method: ["GET"],
-        path: "/health",
-        options: {
-          handler: async (req, h) => {
-            let health = {
-              name: "@sassoftware/mcp-server",
-              version: baseAppEnvContext.version,
-              description: "SAS Viya Sample MCP Server",
-              endpoints: {
-                mcp: "/mcp",
-                health: "/health",
-                apiMeta: "/apiMeta"
-              },
-              usage:
-                "Use with MCP Inspector or compatible MCP clients like vscode or your own MCP client",
-            };
-            console.error("Health check requested, returning:", health);
-            return h.response(health).code(200).type('application/json');
-          },
-          auth: false,
-          description: "Help",
-          notes: "Help",
-          tags: ["mcp"],
-        }
-      },
-      {
-        method: ["GET"],
-        path: "/ready",
-        options: {
-          handler: async (req, h) => {
-            let status = {status: 1};
-            console.error("Ready check requested, returning:", status);
-            return h.response(status).code(200).type('application/json');
-          },
-          auth: false,
-          description: "probe readiness of the server",
-          notes: "Help",
-          tags: ["mcp"],
-        }
-      },
-      {
-        method: ["GET"],
-        path: "/StartUp",
-        options: {
-          handler: async (req, h) => {
-            let status = { status: 1 };
-            console.error("Startup check requested, returning:", status);
-            return h.response(status).code(200).type('application/json');
-          },
-          auth: false,
-          description: "probe startup of the server",
-          notes: "Help",
-          tags: ["mcp"],
-        }
-      },
-      {
-        method: ["GET"],
-        path: "/apiMeta",
-        options: {
-          handler: async (req, h) => {
-            let spec = openAPIJson();
-            return h.response(spec).code(200).type('application/json');
-          },
-          auth: false,
-          description: "API Metadata"
-        }
-      },
-      {
-        method: ["GET"],
-        path: "/openapi.json",
-        options: {
-          handler: async (req, h) => {
-            let spec = openAPIJson();
-            return h.response(spec).code(200).type('application/json');
-          },
-          auth: false,
-          description: "API Metadata"
-        }
-      },
-      {
-        method: ["GET"],
-        path: `/${baseAppEnvContext.contexts.APPNAME}/status`,
-        options: {
-          handler: async (req, h) => {
-            let ht = getHtml();
-            return h.response(ht).code(200).type('text/html');
-            // return h.abandon;
-          },
-          auth: false,
-          description: "Help",
-          notes: "Help",
-          tags: ["mcp"],
-        }
-      },
-      {
-        method: ["POST"],
-        path: `/mcp`,
-        options: {
-          handler: async (req, h) => {
-            let precontext = req.pre.context;
-            let oauthInfo = (precontext != null) ? precontext.credentials : null;
-            await handleRequest(mcpServer, cache, req, h, oauthInfo);
-            return h.abandon;
-          },
-
-          auth: {
-            strategy: "sas",
-            mode: 'required' 
-          },
-          description: "The main route for MCP requests",
-          notes: "Requires a valid session",
-          tags: ["mcp"],
-        },
-      },
-      {
-        method: ["GET", "DELETE"],
-        path: `/mcp`,
-
-        options: {
-          handler: async (req, h) => {
-            await handleGetDelete(mcpServer, cache, req, h);
-            return h.abandon;
-          },
-          auth: {
-            strategy: "session",
-            mode: 'try'
-          },
-          description: "Handle GET and DELETE requests",
-          notes: "Will fail if no valid session",
-          tags: ["mcp"],
-        },
-      }
-
-    ];
-    return routes;
-  }
-}
-export default hapiMcpServer;