@sassoftware/sas-score-mcp-serverjs 1.0.1-9 → 1.1.2

package/scripts/optimize_tools.py

@@ -1,99 +0,0 @@
-#!/usr/bin/env python3
-import re
-
-# DevaScore optimization
-deva_old = '''    let description = `
-## deva-score — compute a numeric score based on two input values
-
-LLM Invocation Guidance (When to use)
-Use THIS tool when:
-- User wants to calculate the deva score: "Calculate deva score for 5 and 10"
-- User provides two numbers for scoring: "Score these values: 3 and 7"
-- User wants to compute a score in a series: "Calculate scores for [list of numbers]"
-
-Do NOT use this tool for:
-- Scoring models (use model-score)
-- Statistical calculations beyond deva scoring
-- Looking up data or metadata
-
-Purpose
-Compute a numeric deva score by applying the formula (a + b) * 42 to two input numbers. For scoring more than two numbers, call this tool multiple times using the previous result as the first input (left-to-right fold).
-
-Parameters
-- a (number, required): First numeric input value
-- b (number, required): Second numeric input value
-
-Response Contract
-Returns a numeric result: (a + b) * 42
-The result is always a number representing the computed deva score.
-
-Disambiguation & Clarification
-- If user provides more than two numbers without clear instructions: "Do you want to calculate the deva score by combining these numbers left-to-right?"
-- If user provides non-numeric input: "Please provide numeric values"
-
-Examples (→ mapped params)
-- "Calculate deva score for 5 and 10" → { a: 5, b: 10 } returns 630
-- "Score 1 and 2" → { a: 1, b: 2 } returns 126
-- For multiple numbers, chain calls: devaScore(1,2)→126, then devaScore(126,3)→5418
-
-Negative Examples (should NOT call deva-score)
-- "Score this customer with the credit model" (use model-score instead)
-- "Calculate the mean of these values" (use run-sas-program or sas-query instead)
-
-Related Tools
-- None directly related (this is a specialized scoring tool)
-
-Notes
-For sequences of numbers, use a left-to-right fold: call devaScore(first, second), then use that result as the first parameter for devaScore(result, third), and so on.
-`;'''
-
-deva_new = '''    let description = `
-deva-score — compute a numeric score based on two input values.
-
-USE when: calculate deva score, score these values, compute score for numbers
-DO NOT USE for: model scoring (use model-score), statistical calculations, data lookup
-
-PARAMETERS
-- a: number (required) — first input value
-- b: number (required) — second input value
-
-FORMULA: (a + b) * 42
-
-ROUTING RULES
-- "calculate deva score for 5 and 10" → { a: 5, b: 10 }
-- "score 1 and 2" → { a: 1, b: 2 }
-- "deva score a=3, b=7" → { a: 3, b: 7 }
-- Multiple numbers → chain calls left-to-right: call(first, second), then call(result, third)
-
-EXAMPLES
-- "Calculate deva score for 5 and 10" → { a: 5, b: 10 } returns 630
-- "Score 1 and 2" → { a: 1, b: 2 } returns 126
-- "Deva score 20 and 30" → { a: 20, b: 30 } returns 2100
-
-NEGATIVE EXAMPLES (do not route here)
-- "Score this customer with credit model" (use model-score)
-- "Calculate the mean of these values" (use run-sas-program or sas-query)
-- "Statistical analysis of numbers" (use sas-query)
-
-RESPONSE
-Returns { score: (a + b) * 42 }
-    `;'''
-
-files = {
-    'src/toolSet/devaScore.js': (deva_old, deva_new),
-}
-
-for filepath, (old, new) in files.items():
-    try:
-        with open(filepath, 'r', encoding='utf-8') as f:
-            content = f.read()
-        
-        if old in content:
-            content = content.replace(old, new)
-            with open(filepath, 'w', encoding='utf-8') as f:
-                f.write(content)
-            print(f"✓ Updated {filepath}")
-        else:
-            print(f"✗ Pattern not found in {filepath}")
-    except Exception as e:
-        print(f"✗ Error updating {filepath}: {e}")

package/scripts/setup-skills.js

@@ -1,34 +0,0 @@
-#!/usr/bin/env node
-import fs from 'fs';
-import path from 'path';
-import { fileURLToPath } from 'url';
-import os from 'os';
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-// Paths
-let client = (process.env.CLIENTNAME == null) ? '.github' : `.${process.env.CLIENTNAME.toLowerCase()}`;
-const source = path.join(__dirname, `../.skills`);
-const destination = path.join(process.cwd(), client);
-// const destination = path.join(os.homedir(), client)
-console.error(`📁 Copying ${source} to ${destination}...`);
-function copyFolderSync(from, to) {
-    if (!fs.existsSync(from)) return;
-    if (!fs.existsSync(to)) fs.mkdirSync(to, { recursive: true });
-    console.error(`📁 Copying folder: ${from} to ${to}`);
-    fs.readdirSync(from).forEach(element => {
-        const fromPath = path.join(from, element);
-        const toPath = path.join(to, element);
-        if (fs.lstatSync(fromPath).isFile()) {
-            fs.copyFileSync(fromPath, toPath);
-        } else if (fs.lstatSync(fromPath).isDirectory()) {
-            copyFolderSync(fromPath, toPath);
-        }
-    });
-}
-
-try {
-    copyFolderSync(source, destination);
-    console.error(`✅ Success: ${destination} folder is now in your project root.`);
-} catch (err) {
-    console.error('❌ Error copying files:', err.message);
-}
-process.exit(0);

package/scripts/update_descriptions.py

@@ -1,46 +0,0 @@
-#!/usr/bin/env python3
-import re
-import os
-
-os.chdir('c:/dev/github/sas-score-mcp-serverjs')
-
-# Update runJob.js
-file_path = 'src/toolSet/runJob.js'
-with open(file_path, 'r', encoding='utf-8') as f:
-    content = f.read()
-
-new_desc = """run-job — execute a deployed SAS Viya job.
-
-USE when: run job, execute job, run with parameters
-DO NOT USE for: arbitrary SAS code (use run-sas-program), macros (use run-macro), list/find jobs
-
-PARAMETERS
-- name: string — job name (required)
-- scenario: string | object — input parameters. Accepts: "x=1, y=2" or {x:1, y:2}
-
-ROUTING RULES
-- "run job xyz" → { name: "xyz" }
-- "run job xyz with param1=10, param2=val2" → { name: "xyz", scenario: {param1:10, param2:"val2"} }
-
-EXAMPLES
-- "run job xyz" → { name: "xyz" }
-- "run job monthly_etl with month=10, year=2025" → { name: "monthly_etl", scenario: {month:10, year:2025} }
-
-NEGATIVE EXAMPLES (do not route here)
-- "run SAS code" (use run-sas-program)
-- "run macro X" (use run-macro)
-- "list jobs" (use list-jobs)
-- "find job X" (use find-job)
-
-ERRORS
-Returns log output, listings, tables from job. Error if job not found."""
-
-# Use a more flexible pattern
-pattern = r'let description = `\n## run-job.*?`;\n'
-replacement = f'let description = `\n{new_desc}\n`;\n'
-updated = re.sub(pattern, replacement, content, flags=re.DOTALL)
-
-with open(file_path, 'w', encoding='utf-8') as f:
-    f.write(updated)
-
-print(f"✓ Updated {file_path}")

package/src/authpkce.js

@@ -1,219 +0,0 @@
-/**
- * SAS Viya PKCE Authorization Flow
- *
- * Uses the Authorization Code flow with PKCE (RFC 7636).
- * Starts a local HTTP server to capture the redirect callback.
- *
- * Usage:
- *   node sas-viya-pkce-auth.js
- *
- * Prerequisites:
- *   - A SAS Viya client registered with:
- *       grant_types: authorization_code
- *       redirect_uri: http://localhost:3000/callback
- *       PKCE enabled (no client_secret required)
- */
-
-import http from "http";
-import https from "https";
-import crypto from "crypto";
-import url from "url";
-
-    let VIYA_SERVER=process.env.VIYA_SERVER;
-    let PORT=8080;
-    let CLIENTID='pkcemcp';
-    // ── Configuration ────────────────────────────────────────────────────────────
-  
-    const CONFIG = {
-        authBaseUrl: `${VIYA_SERVER}/oauth/SASLogon`,
-        clientId: CLIENTID,       // <-- replace with your client ID
-        redirectUri: `http://localhost:${PORT}/callback`,
-        scopes: "openid profile",
-        localPort: PORT,
-    };
-
-    main().catch((err) => {
-      console.error("Unexpected error:", err);
-      process.exit(1);
-    });
-
-    // ─────────────────────────────────────────────────────────────────────────────
-
-    // Generate a cryptographically random code verifier (43–128 chars, base64url)
-    function generateCodeVerifier() {
-        return crypto.randomBytes(64).toString("base64url");
-    }
-
-    // Derive the code challenge: BASE64URL(SHA-256(verifier))
-    function generateCodeChallenge(verifier) {
-        return crypto.createHash("sha256").update(verifier).digest("base64url");
-    }
-
-    // Build the SASLogon authorization URL
-    function buildAuthUrl(codeChallenge, state) {
-        const params = new URLSearchParams({
-            response_type: "code",
-            client_id: CONFIG.clientId,
-            redirect_uri: CONFIG.redirectUri,
-            scope: CONFIG.scopes,
-            state,
-            code_challenge: codeChallenge,
-            code_challenge_method: "S256",
-        });
-        return `${CONFIG.authBaseUrl}/authorize?${params}`;
-    }
-
-    // Exchange the authorization code for tokens
-    function exchangeCodeForTokens(code, codeVerifier) {
-        return new Promise((resolve, reject) => {
-            const body = new URLSearchParams({
-                grant_type: "authorization_code",
-                client_id: CONFIG.clientId,
-                redirect_uri: CONFIG.redirectUri,
-                code,
-                code_verifier: codeVerifier,
-            }).toString();
-
-            const tokenUrl = new URL(`${CONFIG.authBaseUrl}/token`);
-
-            const options = {
-                hostname: tokenUrl.hostname,
-                port: tokenUrl.port || 443,
-                path: tokenUrl.pathname,
-                method: "POST",
-                headers: {
-                    "Content-Type": "application/x-www-form-urlencoded",
-                    "Content-Length": Buffer.byteLength(body),
-                },
-                // Remove the line below if your Viya instance has a valid TLS cert
-                rejectUnauthorized: false,
-            };
-
-            const req = https.request(options, (res) => {
-                let data = "";
-                res.on("data", (chunk) => (data += chunk));
-                res.on("end", () => {
-                    try {
-                        const parsed = JSON.parse(data);
-                        if (res.statusCode >= 400) {
-                            reject(new Error(`Token error (${res.statusCode}): ${data}`));
-                        } else {
-                            resolve(parsed);
-                        }
-                    } catch {
-                        reject(new Error(`Failed to parse token response: ${data}`));
-                    }
-                });
-            });
-
-            req.on("error", reject);
-            req.write(body);
-            req.end();
-        });
-    }
-
-    // Wait for the browser redirect and extract code + state
-    function waitForCallback(expectedState) {
-        return new Promise((resolve, reject) => {
-            const server = http.createServer((req, res) => {
-                const parsed = url.parse(req.url, true);
-
-                if (parsed.pathname !== "/callback") {
-                    res.writeHead(404);
-                    res.end("Not found");
-                    return;
-                }
-
-                const { code, state, error, error_description } = parsed.query;
-
-                res.writeHead(200, { "Content-Type": "text/html" });
-                res.end(`
-        <html><body>
-          <h2>${error ? "Authorization failed" : "Authorization successful!"}</h2>
-          <p>You may close this tab.</p>
-        </body></html>
-      `);
-
-                server.close();
-
-                if (error) {
-                    reject(new Error(`OAuth error: ${error} — ${error_description}`));
-                    return;
-                }
-                if (state !== expectedState) {
-                    reject(new Error("State mismatch — possible CSRF attack"));
-                    return;
-                }
-
-                resolve(code);
-            });
-
-            server.listen(CONFIG.localPort, () => {
-                console.error(`Listening on http://localhost:${CONFIG.localPort}/callback`);
-            });
-
-            server.on("error", reject);
-        });
-    }
-
-    // Main flow
-    async function main() {
-        const codeVerifier = generateCodeVerifier();
-        const codeChallenge = generateCodeChallenge(codeVerifier);
-        const state = crypto.randomBytes(16).toString("hex");
-
-        const authUrl = buildAuthUrl(codeChallenge, state);
-
-        console.error("\nOpen this URL in your browser to log in:\n");
-        console.error(authUrl);
-        console.error();
-
-        // Try to auto-open in the default browser (best-effort)
-        try {
-            const { exec } = require("child_process");
-            const cmd =
-                process.platform === "win32"
-                    ? `start "" "${authUrl}"`
-                    : process.platform === "darwin"
-                        ? `open "${authUrl}"`
-                        : `xdg-open "${authUrl}"`;
-            exec(cmd);
-        } catch {
-            // ignore — user can open manually
-        }
-
-        let code;
-        try {
-            code = await waitForCallback(state);
-        } catch (err) {
-            console.error("Callback error:", err.message);
-            return null;
-        }
-
-        console.error("Authorization code received. Exchanging for tokens...");
-
-        let tokens;
-        try {
-            tokens = await exchangeCodeForTokens(code, codeVerifier);
-        } catch (err) {
-            console.error("Token exchange error:", err.message);
-            return null;
-        }
-
-        console.error("\nTokens received:");
-        console.error("  access_token :", tokens.access_token?.slice(0, 40) + "...");
-        console.error("  token_type   :", tokens.token_type);
-        console.error("  expires_in   :", tokens.expires_in, "seconds");
-        if (tokens.refresh_token) {
-            console.error("  refresh_token:", tokens.refresh_token.slice(0, 20) + "...");
-        }
-        if (tokens.id_token) {
-            console.error("  id_token     :", tokens.id_token.slice(0, 40) + "...");
-        }
-
-        // tokens.access_token is ready to use as a Bearer token for Viya REST APIs
-        return tokens.access_token
-    }
-
-
-  

package/src/handleGetDelete.js

@@ -1,34 +0,0 @@
-/*
- * Copyright © 2025, SAS Institute Inc., Cary, NC, USA.  All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-
-async function handleGetDelete(mcpServer, cache, req, h) {
-    const sessionId = req.headers["mcp-session-id"];
-    console.error("=======================================================");
-    console.error(`[Note] Handling ${req.method} for session ID:`, sessionId);
-    let transports = cache.get("transports");
-    let transport = transports[sessionId];
-    if (!sessionId || transport == null) {
-        console.error('[Note] Looks like a fresh start - no session id or transport found');
-        return h.abandon;
-    }
-
-     if (req.method === "GET") {
-        // You can customize the response as needed
-        console.error("[Note] Payload:", req.payload);
-        console.error("======================================================");
-        await transport.handleRequest(req.raw.req, req.raw.res, req.payload);
-        return h.abandon;
-     }
-
-    if (req.method === "DELETE") {
-        console.error("[Note] Deleting transport and cache for session ID:", sessionId);
-        delete transports[sessionId];
-        cache.del(sessionId);
-        return h.response(`[Info] In DELETE: Session ID ${sessionId} deleted`).code(201);
-    }
-
-    
-}
-export default handleGetDelete;

package/src/handleRequest.js

@@ -1,112 +0,0 @@
-import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
-import { randomUUID } from "node:crypto";
-import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
-
-async function handleRequest(mcpServer, cache, req, h, credentials) {
-  let headerCache = {};
-  let transport;
-  let transports = cache.get("transports");
-  try {
-
-    headerCache = customHeaders(req, h);
-    let sessionId = req.headers["mcp-session-id"];
-
-    // we have session id, get existing transport
-
-    if (sessionId != null) {
-      /* existing transport */
-      transport = transports[sessionId];
-      if (transport == null) {
-        h.response({ isError: true, content: [{ type: 'text', text: 'Session not found. Please re-initialize the MCP client.' }] }).code(400).type('application/json');
-        return h.abandon;
-      }
-    }
-      
-    if (sessionId != null && transport != null) {
-      // post the curren session - used to pass _appContext to tools
-      cache.set("currentId", sessionId);
-
-      // get app context for session
-      let _appContext = cache.get(sessionId);
-
-      //if first prompt on a sessionid, create app context
-
-      if (_appContext == null) {
-        console.error("[Note] Creating new app context for session ID:", sessionId);
-        let appEnvTemplate = cache.get("appEnvTemplate");
-        _appContext = Object.assign({}, appEnvTemplate, headerCache);
-        if (headerCache.AUTHFLOW === 'bearer') {
-          _appContext.contexts.AUTHFLOW =  'bearer';
-          _appContext.contexts.bearerToken = headerCache.bearerToken;
-        }
-        _appContext.contexts.oauthInfo = credentials;
-        cache.set(sessionId, _appContext);
-      }
-      console.error("[Note] Using existing transport for session ID:", sessionId);
-      return await transport.handleRequest(req.raw.req, req.raw.res, req.payload);
-    }
-
-    // initialize request
-    else if (!sessionId && isInitializeRequest(req.payload)) {
-      // create transport
-      console.error("[Note] Initializing new transport for MCP request...");
-      transport = new StreamableHTTPServerTransport({
-        sessionIdGenerator: () => randomUUID(),
-        enableJsonResponse: true,
-        onsessioninitialized: (sessionId) => {
-          // Store the transport by session ID
-          transports[sessionId] = transport;
-        },
-      });
-      // Clean up transport when closed
-      transport.onclose = () => {
-        if (transport.sessionId) {
-          delete transports[transport.sessionId];
-        }
-      };
-      console.error("[Note] Connecting mcpServer to new transport...");
-      await mcpServer.connect(transport);
-   
-      // Save transport data and app context for use in tools
-       cache.set("transports", transports);
-      return await transport.handleRequest(req.raw.req, req.raw.res, req.payload);
-      // cache transport
-
-
-    }
-  }
-  catch (error) {
-    console.error("Error handling MCP request:", error);
-    let r = { isError: true, content: [{ type: 'text', text: 'Internal server error occurred while processing the request.' }] };
-    return h.response(r).code(500).type('application/json');
-  }
-  function customHeaders(req, h) {
-
-    // process any new header information
-
-    // Allow different VIYA server per sessionid(user)
-    let headerCache = {};
-    if (req.headers["X-VIYA-SERVER"] != null) {
-      console.error("[Note] Using user supplied VIYA server");
-      headerCache.VIYA_SERVER = req.header("X-VIYA-SERVER");
-    }
-
-    // used when doing autorization via mcp client
-    // ideal for production use
-    const hdr = req.headers["Authorization"];
-    if (hdr != null) {
-      headerCache.bearerToken = hdr.slice(7);
-      headerCache.AUTHFLOW = "bearer";
-    }
-
-    // faking out api key since Viya does not support 
-    // not ideal for production
-    const hdr2 = req.headers["X-REFRESH-TOKEN"];
-    if (hdr2 != null) {
-      headerCache.refreshToken = hdr2;
-      headerCache.AUTHFLOW = "refresh";
-    }
-    return headerCache;
-  }
-};
-export default handleRequest;