@snokam/mcp-server 0.1.0

package/dist/auth.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Token acquisition for Snokam backend APIs.
+ *
+ * Supports three modes (auto-detected):
+ *
+ * 1. **OBO (On-Behalf-Of):** When SNOKAM_USER_JWT is set, exchanges the user
+ *    JWT for a service-specific token via Azure AD OBO flow.
+ *    Requires AZURE_AD_CLIENT_ID, AZURE_AD_TENANT_ID, and either
+ *    AZURE_AD_SECRET (client secret) or managed identity.
+ *
+ * 2. **DefaultAzureCredential:** When no user JWT is present, falls back to
+ *    Azure CLI (local dev), managed identity (Azure), etc.
+ *
+ * 3. **No auth:** Endpoints without a scope get no Authorization header.
+ */
+export declare function getAccessToken(scope: string | null): Promise<string | null>;

package/dist/auth.js

@@ -0,0 +1,72 @@
+/**
+ * Token acquisition for Snokam backend APIs.
+ *
+ * Supports three modes (auto-detected):
+ *
+ * 1. **OBO (On-Behalf-Of):** When SNOKAM_USER_JWT is set, exchanges the user
+ *    JWT for a service-specific token via Azure AD OBO flow.
+ *    Requires AZURE_AD_CLIENT_ID, AZURE_AD_TENANT_ID, and either
+ *    AZURE_AD_SECRET (client secret) or managed identity.
+ *
+ * 2. **DefaultAzureCredential:** When no user JWT is present, falls back to
+ *    Azure CLI (local dev), managed identity (Azure), etc.
+ *
+ * 3. **No auth:** Endpoints without a scope get no Authorization header.
+ */
+import { DefaultAzureCredential, OnBehalfOfCredential, } from "@azure/identity";
+// Cache credentials per scope to avoid re-creating them
+const credentialCache = new Map();
+function getOboCredential(userJwt, clientId, tenantId) {
+    const clientSecret = process.env.AZURE_AD_SECRET;
+    if (clientSecret) {
+        return new OnBehalfOfCredential({
+            tenantId,
+            clientId,
+            clientSecret,
+            userAssertionToken: userJwt,
+        });
+    }
+    // Managed identity as client assertion (federated identity)
+    const mi = new DefaultAzureCredential();
+    return new OnBehalfOfCredential({
+        tenantId,
+        clientId,
+        userAssertionToken: userJwt,
+        getAssertion: async () => {
+            const token = await mi.getToken("api://AzureADTokenExchange");
+            return token.token;
+        },
+    });
+}
+export async function getAccessToken(scope) {
+    if (!scope)
+        return null;
+    const userJwt = process.env.SNOKAM_USER_JWT;
+    const clientId = process.env.AZURE_AD_CLIENT_ID ?? "";
+    const tenantId = process.env.AZURE_AD_TENANT_ID ?? "";
+    let credential;
+    if (userJwt && clientId && tenantId) {
+        // OBO mode
+        const cacheKey = `obo:${scope}`;
+        if (!credentialCache.has(cacheKey)) {
+            credentialCache.set(cacheKey, getOboCredential(userJwt, clientId, tenantId));
+        }
+        credential = credentialCache.get(cacheKey);
+    }
+    else {
+        // Default credential (Azure CLI locally, managed identity in Azure)
+        const cacheKey = "default";
+        if (!credentialCache.has(cacheKey)) {
+            credentialCache.set(cacheKey, new DefaultAzureCredential());
+        }
+        credential = credentialCache.get(cacheKey);
+    }
+    try {
+        const token = await credential.getToken(scope);
+        return token?.token ?? null;
+    }
+    catch (error) {
+        console.error(`[snokam-mcp] Failed to get token for scope ${scope}:`, error instanceof Error ? error.message : error);
+        return null;
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1,9 @@
+#!/usr/bin/env node
+/**
+ * Snokam MCP Server
+ *
+ * Exposes Snokam backend APIs as MCP tools by reading bundled OpenAPI specs.
+ * Auth is handled via @azure/identity — supports Azure CLI (local),
+ * managed identity (Azure), and OBO (when SNOKAM_USER_JWT is set).
+ */
+export {};

package/dist/index.js

@@ -0,0 +1,176 @@
+#!/usr/bin/env node
+/**
+ * Snokam MCP Server
+ *
+ * Exposes Snokam backend APIs as MCP tools by reading bundled OpenAPI specs.
+ * Auth is handled via @azure/identity — supports Azure CLI (local),
+ * managed identity (Azure), and OBO (when SNOKAM_USER_JWT is set).
+ */
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+import { fetchSpecs } from "./openapi-loader.js";
+import { getAccessToken } from "./auth.js";
+// ---------------------------------------------------------------------------
+// Config
+// ---------------------------------------------------------------------------
+const ENVIRONMENT = process.env.SNOKAM_ENVIRONMENT ?? "production";
+// ---------------------------------------------------------------------------
+// JSON Schema builder for tool inputs
+// ---------------------------------------------------------------------------
+function buildInputSchema(endpoint) {
+    const properties = {};
+    const required = [];
+    for (const param of endpoint.parameters) {
+        const prop = {};
+        if (param.schema?.type)
+            prop.type = param.schema.type;
+        if (param.schema?.enum)
+            prop.enum = param.schema.enum;
+        if (param.schema?.format)
+            prop.format = param.schema.format;
+        if (param.schema?.items)
+            prop.items = param.schema.items;
+        if (param.description)
+            prop.description = param.description;
+        if (!prop.type)
+            prop.type = "string";
+        properties[param.name] = prop;
+        if (param.required)
+            required.push(param.name);
+    }
+    if (endpoint.requestBody) {
+        properties.body = {
+            type: "object",
+            description: endpoint.requestBody.description ?? "Request body",
+        };
+        // Extract schema from content type if available
+        const jsonContent = endpoint.requestBody.content?.["application/json"];
+        if (jsonContent?.schema) {
+            properties.body = {
+                ...properties.body,
+                ...jsonContent.schema,
+            };
+        }
+        if (endpoint.requestBody.required)
+            required.push("body");
+    }
+    return {
+        type: "object",
+        properties,
+        required: required.length > 0 ? required : undefined,
+    };
+}
+// ---------------------------------------------------------------------------
+// HTTP call execution
+// ---------------------------------------------------------------------------
+async function executeCall(endpoint, args) {
+    let url = `${endpoint.baseUrl}${endpoint.path}`;
+    const queryParams = [];
+    for (const param of endpoint.parameters) {
+        const value = args[param.name];
+        if (value === undefined)
+            continue;
+        if (param.in === "path") {
+            url = url.replace(`{${param.name}}`, encodeURIComponent(String(value)));
+        }
+        else if (param.in === "query") {
+            queryParams.push(`${encodeURIComponent(param.name)}=${encodeURIComponent(String(value))}`);
+        }
+    }
+    if (queryParams.length > 0) {
+        url += `?${queryParams.join("&")}`;
+    }
+    const headers = {
+        Accept: "application/json",
+    };
+    const token = await getAccessToken(endpoint.scope);
+    if (token) {
+        headers.Authorization = `Bearer ${token}`;
+    }
+    let fetchBody;
+    if (args.body !== undefined && endpoint.method !== "GET") {
+        headers["Content-Type"] = "application/json";
+        fetchBody = JSON.stringify(args.body);
+    }
+    const response = await fetch(url, {
+        method: endpoint.method,
+        headers,
+        body: fetchBody,
+    });
+    let body;
+    const contentType = response.headers.get("content-type") ?? "";
+    if (contentType.includes("application/json")) {
+        body = await response.json();
+    }
+    else {
+        body = await response.text();
+    }
+    return { status: response.status, body };
+}
+// ---------------------------------------------------------------------------
+// Server setup
+// ---------------------------------------------------------------------------
+async function main() {
+    const endpoints = await fetchSpecs(ENVIRONMENT);
+    if (endpoints.length === 0) {
+        console.error("[snokam-mcp] No endpoints loaded. Ensure specs/*.json files exist.");
+    }
+    const endpointsByTool = new Map();
+    for (const ep of endpoints) {
+        endpointsByTool.set(ep.toolName, ep);
+    }
+    const server = new Server({ name: "snokam", version: "0.1.0" }, { capabilities: { tools: {} } });
+    // List tools
+    server.setRequestHandler(ListToolsRequestSchema, async () => ({
+        tools: endpoints.map((ep) => ({
+            name: ep.toolName,
+            description: ep.description || ep.summary || `${ep.method} ${ep.path}`,
+            inputSchema: buildInputSchema(ep),
+        })),
+    }));
+    // Call tool
+    server.setRequestHandler(CallToolRequestSchema, async (request) => {
+        const { name, arguments: args = {} } = request.params;
+        const endpoint = endpointsByTool.get(name);
+        if (!endpoint) {
+            return {
+                content: [{ type: "text", text: `Unknown tool: ${name}` }],
+                isError: true,
+            };
+        }
+        try {
+            const result = await executeCall(endpoint, args);
+            const text = typeof result.body === "string"
+                ? result.body
+                : JSON.stringify(result.body, null, 2);
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `HTTP ${result.status}\n\n${text}`,
+                    },
+                ],
+                isError: result.status >= 400,
+            };
+        }
+        catch (error) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `Request failed: ${error instanceof Error ? error.message : String(error)}`,
+                    },
+                ],
+                isError: true,
+            };
+        }
+    });
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    console.error("[snokam-mcp] Server running on stdio");
+}
+main().catch((error) => {
+    console.error("[snokam-mcp] Fatal error:", error);
+    process.exit(1);
+});

package/dist/openapi-loader.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Fetch OpenAPI specs from live Snokam APIs and produce tool definitions.
+ *
+ * Each backend function is available at `{service}.api.snokam.no` (prod)
+ * or `{service}.api.test.snokam.no` (test). The loader fetches `/swagger.json`
+ * from each, extracts endpoints, parameters, and OAuth scopes to generate
+ * MCP-compatible tool metadata.
+ */
+export interface ApiEndpoint {
+    service: string;
+    toolName: string;
+    operationId: string;
+    method: string;
+    path: string;
+    baseUrl: string;
+    summary: string;
+    description: string;
+    parameters: OpenApiParameter[];
+    requestBody: OpenApiRequestBody | null;
+    /** OAuth2 scope in `.default` format for OBO exchange, or null for public endpoints. */
+    scope: string | null;
+}
+interface OpenApiParameter {
+    name: string;
+    in: "query" | "path" | "header";
+    description?: string;
+    required?: boolean;
+    schema?: {
+        type?: string;
+        format?: string;
+        enum?: string[];
+        items?: {
+            type?: string;
+        };
+    };
+}
+interface OpenApiRequestBody {
+    description?: string;
+    required?: boolean;
+    content?: Record<string, {
+        schema?: Record<string, unknown>;
+    }>;
+}
+export declare function fetchSpecs(environment: string): Promise<ApiEndpoint[]>;
+export {};

package/dist/openapi-loader.js

@@ -0,0 +1,126 @@
+/**
+ * Fetch OpenAPI specs from live Snokam APIs and produce tool definitions.
+ *
+ * Each backend function is available at `{service}.api.snokam.no` (prod)
+ * or `{service}.api.test.snokam.no` (test). The loader fetches `/swagger.json`
+ * from each, extracts endpoints, parameters, and OAuth scopes to generate
+ * MCP-compatible tool metadata.
+ */
+// ---------------------------------------------------------------------------
+// Known services (functions that expose OpenAPI specs)
+// ---------------------------------------------------------------------------
+const SERVICES = [
+    "accounting",
+    "broker",
+    "calculators",
+    "chatgpt",
+    "crypto",
+    "employees",
+    "events",
+    "office",
+    "platform",
+    "power-office",
+    "sync",
+    "webshop",
+];
+// ---------------------------------------------------------------------------
+// Environment-aware URL resolution
+// ---------------------------------------------------------------------------
+const PROD_DOMAIN = "api.snokam.no";
+const TEST_DOMAIN = "api.test.snokam.no";
+function getBaseDomain(environment) {
+    return environment === "test" ? TEST_DOMAIN : PROD_DOMAIN;
+}
+function getBaseUrl(service, environment) {
+    return `https://${service}.${getBaseDomain(environment)}`;
+}
+// ---------------------------------------------------------------------------
+// Scope extraction
+// ---------------------------------------------------------------------------
+function extractScope(operation) {
+    for (const secReq of operation.security ?? []) {
+        for (const scopes of Object.values(secReq)) {
+            if (!Array.isArray(scopes))
+                continue;
+            for (const s of scopes) {
+                if (s.startsWith("api://")) {
+                    const base = s.substring(0, s.lastIndexOf("/"));
+                    return `${base}/.default`;
+                }
+            }
+        }
+    }
+    return null;
+}
+// ---------------------------------------------------------------------------
+// Tool naming
+// ---------------------------------------------------------------------------
+function makeToolName(service, operationId) {
+    return `${service}__${operationId}`;
+}
+// ---------------------------------------------------------------------------
+// Spec parsing
+// ---------------------------------------------------------------------------
+function parseSpec(spec, service, baseUrl) {
+    const endpoints = [];
+    const paths = spec.paths;
+    if (!paths || Object.keys(paths).length === 0)
+        return endpoints;
+    for (const [path, pathItem] of Object.entries(paths)) {
+        for (const method of ["get", "post", "put", "patch", "delete"]) {
+            const operation = pathItem[method];
+            if (!operation)
+                continue;
+            const operationId = operation.operationId ?? `${method}_${path.replace(/\//g, "_")}`;
+            const summary = operation.summary ?? "";
+            const description = operation.description ?? summary;
+            const scope = extractScope(operation);
+            endpoints.push({
+                service,
+                toolName: makeToolName(service, operationId),
+                operationId,
+                method: method.toUpperCase(),
+                path,
+                baseUrl,
+                summary,
+                description,
+                parameters: operation.parameters ?? [],
+                requestBody: operation.requestBody ?? null,
+                scope,
+            });
+        }
+    }
+    return endpoints;
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+export async function fetchSpecs(environment) {
+    const endpoints = [];
+    const results = await Promise.allSettled(SERVICES.map(async (service) => {
+        const baseUrl = getBaseUrl(service, environment);
+        const swaggerUrl = `${baseUrl}/swagger.json`;
+        const response = await fetch(swaggerUrl, {
+            signal: AbortSignal.timeout(10_000),
+        });
+        if (!response.ok) {
+            throw new Error(`HTTP ${response.status}`);
+        }
+        const spec = (await response.json());
+        return { service, baseUrl, spec };
+    }));
+    let successCount = 0;
+    for (const result of results) {
+        if (result.status === "fulfilled") {
+            const { service, baseUrl, spec } = result.value;
+            endpoints.push(...parseSpec(spec, service, baseUrl));
+            successCount++;
+        }
+        else {
+            const idx = results.indexOf(result);
+            console.error(`[snokam-mcp] Failed to fetch ${SERVICES[idx]}: ${result.reason}`);
+        }
+    }
+    console.error(`[snokam-mcp] Loaded ${endpoints.length} endpoints from ${successCount}/${SERVICES.length} services (env=${environment})`);
+    return endpoints;
+}

package/package.json

@@ -0,0 +1,28 @@
+{
+  "name": "@snokam/mcp-server",
+  "version": "0.1.0",
+  "description": "MCP server exposing Snokam backend APIs as tools",
+  "type": "module",
+  "bin": {
+    "snokam-mcp": "./dist/index.js"
+  },
+  "main": "./dist/index.js",
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "start": "node dist/index.js"
+  },
+  "files": [
+    "dist",
+    "specs"
+  ],
+  "dependencies": {
+    "@azure/identity": "^4.6.0",
+    "@modelcontextprotocol/sdk": "^1.12.1",
+    "zod": "^3.24.4"
+  },
+  "devDependencies": {
+    "@types/node": "^22.15.0",
+    "typescript": "~5.8.3"
+  }
+}