@softeria/ms-365-mcp-server 0.108.0 → 0.110.0

package/README.md

@@ -121,6 +121,35 @@ npx @softeria/ms-365-mcp-server --preset mail --list-permissions
 
 This is useful for enterprise environments where Graph API permissions must be pre-approved and admin-consented before deploying a new version.
 
+The `--list-permissions` JSON includes:
+
+- `toolPermissions`: permissions implied by the tool surface before `--allowed-scopes` filtering
+- `effectivePermissions`: permissions implied by the tools that remain enabled after `--allowed-scopes`
+- `permissions`: legacy alias for `effectivePermissions`, kept for compatibility with existing scripts
+- `allowedScopes`: the configured scope allowlist, when provided
+- `disabledTools`: tools hidden because their required Graph scopes are not covered by `allowedScopes`
+- `missingAllowedScopesForTools`: unique missing scopes across disabled tools
+- `extraAllowedScopesNotUsedByTools`: allowed scopes that are not used by the current tool surface
+
+### Allowed Scopes
+
+By default, MSAL requests the scopes implied by the enabled tools, and the tool surface is controlled by `--enabled-tools`, `--preset`, `--org-mode`, and `--read-only`.
+
+Enterprise and headless deployments can add a scope boundary with `--allowed-scopes` or `MS365_MCP_ALLOWED_SCOPES`. When configured, the server first computes the normal tool surface, then hides Graph tools whose required scopes are not covered by the allowlist. OAuth metadata and login flows request only the effective permissions for the tools that remain enabled.
+
+```bash
+npx @softeria/ms-365-mcp-server \
+  --org-mode \
+  --enabled-tools '^(list-mail-messages|get-mail-message|list-drives|get-drive-item|download-bytes)$' \
+  --allowed-scopes 'User.Read Mail.Read Files.Read'
+```
+
+CLI value takes precedence over `MS365_MCP_ALLOWED_SCOPES`; if neither is set, the default tool-derived scope behavior is unchanged. Supplying an empty value fails at startup so deployments do not accidentally fall back to a wider tool surface.
+
+Scope coverage is hierarchy-aware: for example, `Mail.ReadWrite` covers tools that require `Mail.Read`, and `Files.ReadWrite.All` covers tools that require `Files.Read`.
+
+In HTTP mode, OAuth discovery advertises the effective filtered permissions so clients request the same consent surface. On-Behalf-Of mode (`--obo`) still advertises `api://<clientId>/access_as_user` for protected-resource metadata; `--allowed-scopes` does not override OBO.
+
 ## Organization/Work Mode
 
 To access work/school features (Teams, SharePoint, etc.), enable organization mode using any of these flags:
@@ -438,6 +467,32 @@ npx @softeria/ms-365-mcp-server --list-accounts
 - **100% backward compatible**: existing single-account setups work unchanged.
 - The `account` parameter accepts email address (e.g. `user@outlook.com`) or MSAL `homeAccountId`.
 
+### Strict Account Pinning
+
+Headless stdio deployments can pin the local MSAL cache to one expected Microsoft account:
+
+```bash
+# Username matching is case-insensitive
+MS365_MCP_EXPECTED_USERNAME=work@company.com npx @softeria/ms-365-mcp-server --login
+
+# Or pin the exact MSAL homeAccountId shown by --list-accounts
+npx @softeria/ms-365-mcp-server --expected-home-account-id <homeAccountId> --login
+```
+
+Use `--list-accounts` to discover `homeAccountId` values. The MCP `list-accounts` tool intentionally hides account IDs, so use the CLI for exact ID pinning.
+
+Pinning is opt-in and local-MSAL only:
+
+- CLI values (`--expected-username`, `--expected-home-account-id`) take precedence over `MS365_MCP_EXPECTED_USERNAME` and `MS365_MCP_EXPECTED_HOME_ACCOUNT_ID`.
+- Supplying an empty pin value fails at startup instead of being ignored.
+- Username pins are compared case-insensitively; `homeAccountId` pins are exact.
+- If both pins are set, they must resolve to the same cached account.
+- Local stdio startup fails fast when the expected account is not in the token cache. Bootstrap by setting the pin, running `--login`, then starting the headless server.
+- Device-code and browser logins reject a missing or mismatched account before persisting the selected account or token cache.
+- Pinning collapses the effective MCP mode to single-account: the server does not advertise an `account` parameter and MCP instructions do not suggest account switching.
+- `--http`, `--obo`, and `MS365_MCP_OAUTH_TOKEN` use request-provided tokens for Graph calls, so account pins are warning-only in those modes. If HTTP auth tools are enabled, the pin still applies to those local MSAL helper flows.
+- `--logout` clears all cached accounts, including the pinned account. For surgical cleanup, prefer `--remove-account <id>`.
+
 > **For MCP multiplexers (Legate, Governor):** Multi-account mode replaces the N-process pattern. Instead of spawning one server per account, a single instance handles all accounts via the `account` parameter, reducing tool duplication from N×110 to 110.
 
 ## Tool Presets
@@ -469,11 +524,14 @@ The following options can be used when running ms-365-mcp-server directly from t
 --login           Login using device code flow
 --logout          Log out and clear saved credentials
 --verify-login    Verify login without starting the server
---list-permissions List all required Graph API permissions and exit (respects --org-mode, --preset, --enabled-tools)
+--list-permissions List required Graph API permissions and exit (respects --org-mode, --preset, --enabled-tools, --allowed-scopes)
 --org-mode        Enable organization/work mode from start (includes Teams, SharePoint, etc.)
 --work-mode       Alias for --org-mode
 --force-work-scopes Backwards compatibility alias for --org-mode (deprecated)
 --cloud <type>    Microsoft cloud environment: global (default) or china (21Vianet)
+--allowed-scopes <scopes> Limit exposed tools to Graph scopes covered by this allowlist
+--expected-username <username> Require local MSAL auth to use this account username
+--expected-home-account-id <id> Require local MSAL auth to use this exact homeAccountId
 ```
 
 ### Server Options
@@ -513,6 +571,8 @@ Environment variables:
 - `MS365_MCP_KEYVAULT_URL`: Azure Key Vault URL for secrets management (see Azure Key Vault section)
 - `MS365_MCP_TOKEN_CACHE_PATH`: Custom file path for MSAL token cache (see Token Storage below)
 - `MS365_MCP_SELECTED_ACCOUNT_PATH`: Custom file path for selected account metadata (see Token Storage below)
+- `MS365_MCP_EXPECTED_USERNAME`: Require local MSAL auth to use this Microsoft account username (case-insensitive; CLI flag takes precedence)
+- `MS365_MCP_EXPECTED_HOME_ACCOUNT_ID`: Require local MSAL auth to use this exact MSAL homeAccountId (CLI flag takes precedence)
 
 ## Token Storage
 

package/dist/__tests__/graph-tools.test.js

@@ -573,6 +573,104 @@ describe("graph-tools", () => {
       expect(payload.error).toMatch(/relative Microsoft Graph path/);
     });
   });
+  describe("allowed scopes filtering", () => {
+    it("registerGraphTools hides Graph tools outside the allowed scopes", async () => {
+      mockEndpoints.push(
+        {
+          alias: "list-mail-messages",
+          method: "get",
+          path: "/me/messages",
+          description: "List mail",
+          parameters: []
+        },
+        {
+          alias: "list-calendar-events",
+          method: "get",
+          path: "/me/events",
+          description: "List events",
+          parameters: []
+        }
+      );
+      mockEndpointsJson = [
+        {
+          toolName: "list-mail-messages",
+          method: "get",
+          pathPattern: "/me/messages",
+          scopes: ["Mail.Read"]
+        },
+        {
+          toolName: "list-calendar-events",
+          method: "get",
+          pathPattern: "/me/events",
+          scopes: ["Calendars.Read"]
+        }
+      ];
+      const server = createMockServer();
+      const { registerGraphTools } = await loadModule();
+      registerGraphTools(
+        server,
+        createMockGraphClient(),
+        false,
+        void 0,
+        false,
+        void 0,
+        false,
+        [],
+        "Mail.Read"
+      );
+      expect(server.tools.has("list-mail-messages")).toBe(true);
+      expect(server.tools.has("list-calendar-events")).toBe(false);
+    });
+    it("discovery hides Graph tools outside the allowed scopes", async () => {
+      mockEndpoints.push(
+        {
+          alias: "list-mail-messages",
+          method: "get",
+          path: "/me/messages",
+          description: "List mail",
+          parameters: []
+        },
+        {
+          alias: "list-calendar-events",
+          method: "get",
+          path: "/me/events",
+          description: "List events",
+          parameters: []
+        }
+      );
+      mockEndpointsJson = [
+        {
+          toolName: "list-mail-messages",
+          method: "get",
+          pathPattern: "/me/messages",
+          scopes: ["Mail.Read"]
+        },
+        {
+          toolName: "list-calendar-events",
+          method: "get",
+          pathPattern: "/me/events",
+          scopes: ["Calendars.Read"]
+        }
+      ];
+      const server = createMockServer();
+      const { registerDiscoveryTools } = await loadModule();
+      registerDiscoveryTools(
+        server,
+        {},
+        false,
+        false,
+        void 0,
+        false,
+        [],
+        void 0,
+        "Mail.Read"
+      );
+      const result = await server.tools.get("search-tools").handler({ limit: 50 });
+      const found = JSON.parse(result.content[0].text).tools.map((t) => t.name);
+      expect(found).toContain("list-mail-messages");
+      expect(found).not.toContain("list-calendar-events");
+    });
+  });
   describe("discovery mode: utility tools", () => {
     it('search-tools surfaces download-bytes for "download" queries', async () => {
       mockEndpoints.length = 0;

package/dist/auth-tools.js

@@ -89,7 +89,15 @@ function registerAuthTools(server, authManager) {
     }
   });
   server.tool("verify-login", "Check current Microsoft authentication status", {}, async () => {
-    const testResult = await authManager.testLogin();
+    let testResult;
+    try {
+      testResult = await authManager.testLogin();
+    } catch (error) {
+      testResult = {
+        success: false,
+        message: `Login failed: ${error.message}`
+      };
+    }
     return {
       content: [
         {
@@ -112,6 +120,7 @@ function registerAuthTools(server, authManager) {
       try {
         const accounts = await authManager.listAccounts();
         const selectedAccountId = authManager.getSelectedAccountId();
+        const pinnedMode = authManager.hasExpectedAccount();
         const result = accounts.map((account) => ({
           email: account.username || "unknown",
           name: account.name,
@@ -124,7 +133,7 @@ function registerAuthTools(server, authManager) {
               text: JSON.stringify({
                 accounts: result,
                 count: result.length,
-                tip: "Pass the 'email' value as the 'account' parameter in any tool call to target a specific account."
+                tip: pinnedMode ? "Expected account pinning is configured; account parameters are disabled." : "Pass the 'email' value as the 'account' parameter in any tool call to target a specific account."
               })
             }
           ]

package/dist/auth.js

@@ -89,6 +89,34 @@ const SCOPE_HIERARCHY = {
   "Tasks.ReadWrite": ["Tasks.Read"],
   "Contacts.ReadWrite": ["Contacts.Read"]
 };
+function parseAllowedScopes(value) {
+  if (value === void 0) {
+    return void 0;
+  }
+  return Array.from(new Set(value.trim().split(/\s+/).filter(Boolean)));
+}
+function getEndpointRequiredScopes(endpoint, includeWorkAccountScopes = false) {
+  if (!endpoint) {
+    return [];
+  }
+  const scopes = /* @__PURE__ */ new Set();
+  if (endpoint.scopes && Array.isArray(endpoint.scopes)) {
+    endpoint.scopes.forEach((scope) => scopes.add(scope));
+  }
+  if (includeWorkAccountScopes && endpoint.workScopes && Array.isArray(endpoint.workScopes)) {
+    endpoint.workScopes.forEach((scope) => scopes.add(scope));
+  }
+  return Array.from(scopes);
+}
+function collapseRedundantScopes(scopes) {
+  const scopesSet = new Set(scopes);
+  Object.entries(SCOPE_HIERARCHY).forEach(([higherScope, lowerScopes]) => {
+    if (scopesSet.has(higherScope) && lowerScopes.every((scope) => scopesSet.has(scope))) {
+      lowerScopes.forEach((scope) => scopesSet.delete(scope));
+    }
+  });
+  return Array.from(scopesSet);
+}
 function buildScopesFromEndpoints(includeWorkAccountScopes = false, enabledToolsPattern, readOnly = false) {
   const scopesSet = /* @__PURE__ */ new Set();
   let enabledToolsRegex;
@@ -104,7 +132,9 @@ function buildScopesFromEndpoints(includeWorkAccountScopes = false, enabledTools
   }
   endpoints.default.forEach((endpoint) => {
     if (readOnly && endpoint.method.toUpperCase() !== "GET") {
-      return;
+      if (!(endpoint.method.toUpperCase() === "POST" && endpoint.readOnly)) {
+        return;
+      }
     }
     if (enabledToolsRegex && !enabledToolsRegex.test(endpoint.toolName)) {
       return;
@@ -112,26 +142,153 @@ function buildScopesFromEndpoints(includeWorkAccountScopes = false, enabledTools
     if (!includeWorkAccountScopes && !endpoint.scopes && endpoint.workScopes) {
       return;
     }
-    if (endpoint.scopes && Array.isArray(endpoint.scopes)) {
-      endpoint.scopes.forEach((scope) => scopesSet.add(scope));
-    }
-    if (includeWorkAccountScopes && endpoint.workScopes && Array.isArray(endpoint.workScopes)) {
-      endpoint.workScopes.forEach((scope) => scopesSet.add(scope));
-    }
+    getEndpointRequiredScopes(endpoint, includeWorkAccountScopes).forEach(
+      (scope) => scopesSet.add(scope)
+    );
   });
-  Object.entries(SCOPE_HIERARCHY).forEach(([higherScope, lowerScopes]) => {
-    if (scopesSet.has(higherScope) && lowerScopes.every((scope) => scopesSet.has(scope))) {
-      lowerScopes.forEach((scope) => scopesSet.delete(scope));
-    }
-  });
-  const scopes = Array.from(scopesSet);
+  const scopes = collapseRedundantScopes(Array.from(scopesSet));
   if (enabledToolsPattern) {
     logger.info(`Built ${scopes.length} scopes for filtered tools: ${scopes.join(", ")}`);
   }
   return scopes;
 }
+function lowerScopesFor(scope) {
+  const lowerScopes = new Set(SCOPE_HIERARCHY[scope] ?? []);
+  if (scope.endsWith(".ReadWrite.All")) {
+    const readAllScope = scope.replace(/\.ReadWrite\.All$/, ".Read.All");
+    const readWriteScope = scope.replace(/\.ReadWrite\.All$/, ".ReadWrite");
+    const readScope = scope.replace(/\.ReadWrite\.All$/, ".Read");
+    lowerScopes.add(readAllScope);
+    lowerScopes.add(readWriteScope);
+    lowerScopes.add(readScope);
+  } else if (scope.endsWith(".ReadWrite.Shared")) {
+    lowerScopes.add(scope.replace(/\.ReadWrite\.Shared$/, ".Read.Shared"));
+  } else if (scope.endsWith(".ReadWrite")) {
+    lowerScopes.add(scope.replace(/\.ReadWrite$/, ".Read"));
+  } else if (scope.endsWith(".Read.All")) {
+    lowerScopes.add(scope.replace(/\.Read\.All$/, ".Read"));
+  }
+  return Array.from(lowerScopes);
+}
+function addImpliedScopes(scope, scopesSet) {
+  for (const lowerScope of lowerScopesFor(scope)) {
+    if (!scopesSet.has(lowerScope)) {
+      scopesSet.add(lowerScope);
+      addImpliedScopes(lowerScope, scopesSet);
+    }
+  }
+}
+function collapseScopeHierarchy(scopes) {
+  const scopesSet = new Set(scopes);
+  for (const scope of scopes) {
+    addImpliedScopes(scope, scopesSet);
+  }
+  return Array.from(scopesSet);
+}
+function getMissingAllowedScopes(requiredScopes, allowedScopes) {
+  if (allowedScopes === void 0) {
+    return [];
+  }
+  const coveredAllowedScopes = new Set(collapseScopeHierarchy(allowedScopes));
+  return requiredScopes.filter((scope) => !coveredAllowedScopes.has(scope));
+}
+function isScopeUsedByTools(allowedScope, toolScopes) {
+  const coveredByAllowedScope = new Set(collapseScopeHierarchy([allowedScope]));
+  return toolScopes.some((scope) => coveredByAllowedScope.has(scope));
+}
+function endpointMatchesNormalToolSurface(endpoint, includeWorkAccountScopes, enabledToolsRegex, readOnly = false) {
+  if (readOnly && endpoint.method.toUpperCase() !== "GET") {
+    if (!(endpoint.method.toUpperCase() === "POST" && endpoint.readOnly)) {
+      return false;
+    }
+  }
+  if (enabledToolsRegex && !enabledToolsRegex.test(endpoint.toolName)) {
+    return false;
+  }
+  if (!includeWorkAccountScopes && !endpoint.scopes && endpoint.workScopes) {
+    return false;
+  }
+  return true;
+}
+function buildAllowedScopeDiagnostics(options = {}) {
+  const allowedScopes = parseAllowedScopes(options.allowedScopes);
+  let enabledToolsRegex;
+  if (options.enabledTools) {
+    try {
+      enabledToolsRegex = new RegExp(options.enabledTools, "i");
+    } catch {
+      logger.error(
+        `Invalid tool filter regex pattern: ${options.enabledTools}. Building diagnostics without filter.`
+      );
+    }
+  }
+  const normalToolScopes = /* @__PURE__ */ new Set();
+  const effectiveToolScopes = /* @__PURE__ */ new Set();
+  const disabledTools = [];
+  for (const endpoint of endpoints.default) {
+    if (!endpointMatchesNormalToolSurface(
+      endpoint,
+      Boolean(options.orgMode),
+      enabledToolsRegex,
+      Boolean(options.readOnly)
+    )) {
+      continue;
+    }
+    const requiredScopes = getEndpointRequiredScopes(endpoint, Boolean(options.orgMode));
+    requiredScopes.forEach((scope) => normalToolScopes.add(scope));
+    const missingScopes = getMissingAllowedScopes(requiredScopes, allowedScopes);
+    if (missingScopes.length > 0) {
+      disabledTools.push({
+        toolName: endpoint.toolName,
+        requiredScopes: requiredScopes.sort((a, b) => a.localeCompare(b)),
+        missingScopes: missingScopes.sort((a, b) => a.localeCompare(b))
+      });
+      continue;
+    }
+    requiredScopes.forEach((scope) => effectiveToolScopes.add(scope));
+  }
+  const toolPermissions = collapseRedundantScopes(Array.from(normalToolScopes)).sort(
+    (a, b) => a.localeCompare(b)
+  );
+  const effectivePermissions = collapseRedundantScopes(Array.from(effectiveToolScopes)).sort(
+    (a, b) => a.localeCompare(b)
+  );
+  const sortedAllowedScopes = allowedScopes ? [...allowedScopes].sort((a, b) => a.localeCompare(b)) : void 0;
+  const missingAllowedScopesForTools = Array.from(
+    new Set(disabledTools.flatMap((tool) => tool.missingScopes))
+  ).sort((a, b) => a.localeCompare(b));
+  const extraAllowedScopesNotUsedByTools = sortedAllowedScopes?.filter((scope) => !isScopeUsedByTools(scope, effectivePermissions)) ?? [];
+  return {
+    permissions: effectivePermissions,
+    toolPermissions,
+    effectivePermissions,
+    ...sortedAllowedScopes ? { allowedScopes: sortedAllowedScopes } : {},
+    disabledTools,
+    missingAllowedScopesForTools,
+    extraAllowedScopesNotUsedByTools
+  };
+}
+function resolveAuthScopes(options = {}) {
+  return buildAllowedScopeDiagnostics(options).effectivePermissions;
+}
+function buildScopeDiagnostics(toolScopes, allowedScopesInput) {
+  const toolPermissions = [...toolScopes].sort((a, b) => a.localeCompare(b));
+  const coveredAllowedScopes = new Set(collapseScopeHierarchy(allowedScopesInput));
+  const missingAllowedScopesForTools = toolPermissions.filter(
+    (scope) => !coveredAllowedScopes.has(scope)
+  );
+  return {
+    permissions: toolPermissions.filter((scope) => coveredAllowedScopes.has(scope)),
+    toolPermissions,
+    effectivePermissions: toolPermissions.filter((scope) => coveredAllowedScopes.has(scope)),
+    allowedScopes: [...allowedScopesInput].sort((a, b) => a.localeCompare(b)),
+    disabledTools: [],
+    missingAllowedScopesForTools,
+    extraAllowedScopesNotUsedByTools: [...allowedScopesInput].sort((a, b) => a.localeCompare(b)).filter((scope) => !isScopeUsedByTools(scope, toolPermissions))
+  };
+}
 class AuthManager {
-  constructor(config, scopes = buildScopesFromEndpoints()) {
+  constructor(config, scopes = [], expectedAccount) {
     logger.info(`And scopes are ${scopes.join(", ")}`, scopes);
     this.config = config;
     this.scopes = scopes;
@@ -140,6 +297,10 @@ class AuthManager {
     this.tokenExpiry = null;
     this.selectedAccountId = null;
     this.useInteractiveAuth = false;
+    this.expectedUsername = this.normalizeExpectedUsername(expectedAccount?.expectedUsername);
+    this.expectedHomeAccountId = this.normalizeExpectedHomeAccountId(
+      expectedAccount?.expectedHomeAccountId
+    );
     const oauthTokenFromEnv = process.env.MS365_MCP_OAUTH_TOKEN;
     this.oauthToken = oauthTokenFromEnv ?? null;
     this.isOAuthMode = oauthTokenFromEnv != null;
@@ -148,10 +309,10 @@ class AuthManager {
    * Creates an AuthManager instance with secrets loaded from the configured provider.
    * Uses Key Vault if MS365_MCP_KEYVAULT_URL is set, otherwise environment variables.
    */
-  static async create(scopes = buildScopesFromEndpoints()) {
+  static async create(scopes = [], expectedAccount) {
     const secrets = await getSecrets();
     const config = createMsalConfig(secrets);
-    return new AuthManager(config, scopes);
+    return new AuthManager(config, scopes, expectedAccount);
   }
   async loadTokenCache() {
     try {
@@ -254,6 +415,118 @@ class AuthManager {
       logger.error(`Error saving selected account: ${error.message}`);
     }
   }
+  normalizeExpectedUsername(value) {
+    if (value === void 0) {
+      return null;
+    }
+    const trimmed = value.trim();
+    if (trimmed === "") {
+      throw new Error("Expected Microsoft account username was provided but is empty.");
+    }
+    return trimmed.toLowerCase();
+  }
+  normalizeExpectedHomeAccountId(value) {
+    if (value === void 0) {
+      return null;
+    }
+    const trimmed = value.trim();
+    if (trimmed === "") {
+      throw new Error("Expected Microsoft account homeAccountId was provided but is empty.");
+    }
+    return trimmed;
+  }
+  hasExpectedAccount() {
+    return this.expectedUsername !== null || this.expectedHomeAccountId !== null;
+  }
+  expectedAccountLabel() {
+    const parts = [];
+    if (this.expectedUsername) {
+      parts.push(`username ${this.expectedUsername}`);
+    }
+    if (this.expectedHomeAccountId) {
+      parts.push(`homeAccountId ${this.expectedHomeAccountId}`);
+    }
+    return parts.join(" and ");
+  }
+  describeAccount(account) {
+    return account?.username || account?.name || "unknown";
+  }
+  describeCachedAccounts(accounts) {
+    if (accounts.length === 0) {
+      return "none";
+    }
+    return accounts.map((account) => this.describeAccount(account)).join(", ");
+  }
+  accountMatchesExpected(account) {
+    if (!this.hasExpectedAccount() || !account) {
+      return !this.hasExpectedAccount();
+    }
+    if (this.expectedUsername && account.username?.toLowerCase() !== this.expectedUsername) {
+      return false;
+    }
+    if (this.expectedHomeAccountId && account.homeAccountId !== this.expectedHomeAccountId) {
+      return false;
+    }
+    return true;
+  }
+  buildExpectedAccountMissingError(accounts) {
+    return new Error(
+      `Expected Microsoft account '${this.expectedAccountLabel()}' not found in token cache. Cached accounts: ${this.describeCachedAccounts(accounts)}. Run --login after configuring the expected account, or use --select-account to recover.`
+    );
+  }
+  resolveExpectedAccountFromAccounts(accounts) {
+    if (!this.hasExpectedAccount()) {
+      throw new Error("No expected Microsoft account is configured.");
+    }
+    const usernameMatch = this.expectedUsername ? accounts.find((account) => account.username?.toLowerCase() === this.expectedUsername) : void 0;
+    const homeAccountIdMatch = this.expectedHomeAccountId ? accounts.find((account) => account.homeAccountId === this.expectedHomeAccountId) : void 0;
+    if (this.expectedUsername && this.expectedHomeAccountId) {
+      if (!usernameMatch || !homeAccountIdMatch) {
+        throw this.buildExpectedAccountMissingError(accounts);
+      }
+      if (usernameMatch.homeAccountId !== homeAccountIdMatch.homeAccountId) {
+        throw new Error(
+          `Expected Microsoft account pins conflict: username ${this.expectedUsername} matched ${this.describeAccount(usernameMatch)}, but homeAccountId ${this.expectedHomeAccountId} matched ${this.describeAccount(homeAccountIdMatch)}.`
+        );
+      }
+      return usernameMatch;
+    }
+    const expectedAccount = usernameMatch ?? homeAccountIdMatch;
+    if (!expectedAccount) {
+      throw this.buildExpectedAccountMissingError(accounts);
+    }
+    return expectedAccount;
+  }
+  async assertExpectedAccountAvailable() {
+    if (!this.hasExpectedAccount()) {
+      return;
+    }
+    const accounts = await this.msalApp.getTokenCache().getAllAccounts();
+    this.resolveExpectedAccountFromAccounts(accounts);
+  }
+  async rejectUnexpectedLoginAccount(account) {
+    if (!this.hasExpectedAccount()) {
+      return;
+    }
+    if (this.accountMatchesExpected(account)) {
+      return;
+    }
+    this.accessToken = null;
+    this.tokenExpiry = null;
+    if (account) {
+      try {
+        await this.msalApp.getTokenCache().removeAccount(account);
+      } catch (error) {
+        logger.warn(`Failed to remove unexpected account from cache: ${error.message}`);
+      }
+      throw new Error(
+        `Authenticated Microsoft account '${this.describeAccount(account)}' does not match expected Microsoft account '${this.expectedAccountLabel()}'. Login was not persisted.`
+      );
+    }
+    throw new Error(
+      `Microsoft login did not return an account. Expected Microsoft account '${this.expectedAccountLabel()}'. Login was not persisted.`
+    );
+  }
   async setOAuthToken(token) {
     this.oauthToken = token;
     this.isOAuthMode = true;
@@ -286,6 +559,9 @@ class AuthManager {
   }
   async getCurrentAccount() {
     const accounts = await this.msalApp.getTokenCache().getAllAccounts();
+    if (this.hasExpectedAccount()) {
+      return this.resolveExpectedAccountFromAccounts(accounts);
+    }
     if (accounts.length === 0) {
       return null;
     }
@@ -323,6 +599,7 @@ class AuthManager {
       logger.info("Device code login successful");
       this.accessToken = response?.accessToken || null;
       this.tokenExpiry = response?.expiresOn ? new Date(response.expiresOn).getTime() : null;
+      await this.rejectUnexpectedLoginAccount(response?.account);
       if (!this.selectedAccountId && response?.account) {
         this.selectedAccountId = response.account.homeAccountId;
         await this.saveSelectedAccount();
@@ -364,6 +641,7 @@ class AuthManager {
       logger.info("Interactive browser login successful");
       this.accessToken = response?.accessToken || null;
       this.tokenExpiry = response?.expiresOn ? new Date(response.expiresOn).getTime() : null;
+      await this.rejectUnexpectedLoginAccount(response?.account);
       if (!this.selectedAccountId && response?.account) {
         this.selectedAccountId = response.account.homeAccountId;
         await this.saveSelectedAccount();
@@ -468,6 +746,11 @@ class AuthManager {
   }
   async selectAccount(identifier) {
     const account = await this.resolveAccount(identifier);
+    if (this.hasExpectedAccount() && !this.accountMatchesExpected(account)) {
+      throw new Error(
+        `Account '${identifier}' does not match expected Microsoft account '${this.expectedAccountLabel()}'.`
+      );
+    }
     this.selectedAccountId = account.homeAccountId;
     await this.saveSelectedAccount();
     this.accessToken = null;
@@ -529,6 +812,9 @@ class AuthManager {
    * Used to decide whether to inject the `account` parameter into tool schemas.
    */
   async isMultiAccount() {
+    if (this.hasExpectedAccount()) {
+      return false;
+    }
     const accounts = await this.msalApp.getTokenCache().getAllAccounts();
     return accounts.length > 1;
   }
@@ -549,7 +835,18 @@ class AuthManager {
       return this.oauthToken;
     }
     let targetAccount = null;
-    if (identifier) {
+    if (this.hasExpectedAccount()) {
+      const accounts = await this.msalApp.getTokenCache().getAllAccounts();
+      targetAccount = this.resolveExpectedAccountFromAccounts(accounts);
+      if (identifier) {
+        const requestedAccount = await this.resolveAccount(identifier);
+        if (requestedAccount.homeAccountId !== targetAccount.homeAccountId) {
+          throw new Error(
+            `Account '${identifier}' does not match expected Microsoft account '${this.expectedAccountLabel()}'.`
+          );
+        }
+      }
+    } else if (identifier) {
       targetAccount = await this.resolveAccount(identifier);
     } else {
       const accounts = await this.msalApp.getTokenCache().getAllAccounts();
@@ -587,11 +884,18 @@ class AuthManager {
 }
 var auth_default = AuthManager;
 export {
+  buildAllowedScopeDiagnostics,
+  buildScopeDiagnostics,
   buildScopesFromEndpoints,
+  collapseScopeHierarchy,
   auth_default as default,
+  getEndpointRequiredScopes,
+  getMissingAllowedScopes,
   getSelectedAccountPath,
   getTokenCachePath,
+  parseAllowedScopes,
   pickNewest,
+  resolveAuthScopes,
   unwrapCache,
   wrapCache
 };

package/dist/cli.js

@@ -8,7 +8,13 @@ const packageJsonPath = path.join(__dirname, "..", "package.json");
 const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8"));
 const version = packageJson.version;
 const program = new Command();
-program.name("ms-365-mcp-server").description("Microsoft 365 MCP Server").version(version).option("-v", "Enable verbose logging").option("--login", "Login to Microsoft account").option("--logout", "Log out and clear saved credentials").option("--verify-login", "Verify login without starting the server").option("--list-accounts", "List all cached accounts").option("--select-account <accountId>", "Select a specific account by ID").option("--remove-account <accountId>", "Remove a specific account by ID").option("--read-only", "Start server in read-only mode, disabling write operations").option(
+program.name("ms-365-mcp-server").description("Microsoft 365 MCP Server").version(version).option("-v", "Enable verbose logging").option("--login", "Login to Microsoft account").option("--logout", "Log out and clear saved credentials").option("--verify-login", "Verify login without starting the server").option("--list-accounts", "List all cached accounts").option("--select-account <accountId>", "Select a specific account by ID").option("--remove-account <accountId>", "Remove a specific account by ID").option(
+  "--expected-username <username>",
+  "Require local MSAL authentication to use this Microsoft account username"
+).option(
+  "--expected-home-account-id <id>",
+  "Require local MSAL authentication to use this exact MSAL homeAccountId"
+).option("--read-only", "Start server in read-only mode, disabling write operations").option(
   "--http [address]",
   'Use Streamable HTTP transport instead of stdio. Format: [host:]port (e.g., "localhost:3000", ":3000", "3000"). Default: all interfaces on port 3000'
 ).option(
@@ -17,6 +23,9 @@ program.name("ms-365-mcp-server").description("Microsoft 365 MCP Server").versio
 ).option(
   "--enabled-tools <pattern>",
   'Filter tools using regex pattern (e.g., "excel|contact" to enable Excel and Contact tools)'
+).option(
+  "--allowed-scopes <scopes>",
+  "Limit exposed tools to Graph scopes covered by this whitespace-separated allowlist"
 ).option(
   "--preset <names>",
   "Use preset tool categories (comma-separated). Available: mail, calendar, files, personal, work, excel, contacts, tasks, onenote, search, users, all"
@@ -73,6 +82,41 @@ function parseArgs() {
   if (process.env.ENABLED_TOOLS) {
     options.enabledTools = process.env.ENABLED_TOOLS;
   }
+  if (options.allowedScopes === void 0 && process.env.MS365_MCP_ALLOWED_SCOPES !== void 0) {
+    options.allowedScopes = process.env.MS365_MCP_ALLOWED_SCOPES;
+  }
+  if (options.allowedScopes !== void 0 && options.allowedScopes.trim() === "") {
+    console.error(
+      "Error: --allowed-scopes / MS365_MCP_ALLOWED_SCOPES was provided but is empty. Provide one or more whitespace-separated scopes, or omit it to use tool-derived scopes."
+    );
+    process.exit(1);
+  }
+  if (options.expectedUsername === void 0 && process.env.MS365_MCP_EXPECTED_USERNAME !== void 0) {
+    options.expectedUsername = process.env.MS365_MCP_EXPECTED_USERNAME;
+  }
+  if (options.expectedHomeAccountId === void 0 && process.env.MS365_MCP_EXPECTED_HOME_ACCOUNT_ID !== void 0) {
+    options.expectedHomeAccountId = process.env.MS365_MCP_EXPECTED_HOME_ACCOUNT_ID;
+  }
+  if (options.expectedUsername !== void 0) {
+    const expectedUsername = String(options.expectedUsername).trim();
+    if (expectedUsername === "") {
+      console.error(
+        "Error: --expected-username / MS365_MCP_EXPECTED_USERNAME was provided but is empty. Provide a Microsoft account username, or omit it to allow any cached account."
+      );
+      process.exit(1);
+    }
+    options.expectedUsername = expectedUsername;
+  }
+  if (options.expectedHomeAccountId !== void 0) {
+    const expectedHomeAccountId = String(options.expectedHomeAccountId).trim();
+    if (expectedHomeAccountId === "") {
+      console.error(
+        "Error: --expected-home-account-id / MS365_MCP_EXPECTED_HOME_ACCOUNT_ID was provided but is empty. Provide an MSAL homeAccountId, or omit it to allow any cached account."
+      );
+      process.exit(1);
+    }
+    options.expectedHomeAccountId = expectedHomeAccountId;
+  }
   if (options.enabledTools) {
     try {
       new RegExp(options.enabledTools, "i");

package/dist/graph-tools.js

@@ -1,4 +1,9 @@
 import logger from "./logger.js";
+import {
+  getEndpointRequiredScopes,
+  getMissingAllowedScopes,
+  parseAllowedScopes
+} from "./auth.js";
 import { api } from "./generated/client.js";
 import { z } from "zod";
 import { readFileSync } from "fs";
@@ -34,6 +39,11 @@ function clampTopQueryParam(queryParams) {
   logger.info(`Clamping $top from ${requested} to ${cap} (MS365_MCP_MAX_TOP)`);
   queryParams["$top"] = String(cap);
 }
+function formatDisabledToolsForLog(disabledTools) {
+  const shown = disabledTools.slice(0, 20).map((tool) => `${tool.toolName} (missing: ${tool.missingScopes.join(", ")})`);
+  const suffix = disabledTools.length > shown.length ? `, ... +${disabledTools.length - shown.length} more` : "";
+  return `${shown.join("; ")}${suffix}`;
+}
 const UTILITY_TOOLS = [
   {
     name: "parse-teams-url",
@@ -404,7 +414,7 @@ async function executeGraphTool(tool, config, graphClient, params, authManager)
     };
   }
 }
-function registerGraphTools(server, graphClient, readOnly = false, enabledToolsPattern, orgMode = false, authManager, multiAccount = false, accountNames = []) {
+function registerGraphTools(server, graphClient, readOnly = false, enabledToolsPattern, orgMode = false, authManager, multiAccount = false, accountNames = [], allowedScopesValue) {
   let enabledToolsRegex;
   if (enabledToolsPattern) {
     try {
@@ -417,6 +427,8 @@ function registerGraphTools(server, graphClient, readOnly = false, enabledToolsP
   let registeredCount = 0;
   let skippedCount = 0;
   let failedCount = 0;
+  const allowedScopes = parseAllowedScopes(allowedScopesValue);
+  const disabledByAllowedScopes = [];
   for (const tool of api.endpoints) {
     const endpointConfig = endpointsData.find((e) => e.toolName === tool.alias);
     if (!orgMode && endpointConfig && !endpointConfig.scopes && endpointConfig.workScopes) {
@@ -437,6 +449,13 @@ function registerGraphTools(server, graphClient, readOnly = false, enabledToolsP
       skippedCount++;
       continue;
     }
+    const requiredScopes = getEndpointRequiredScopes(endpointConfig, orgMode);
+    const missingScopes = allowedScopes !== void 0 && !endpointConfig ? ["endpoint scope metadata"] : getMissingAllowedScopes(requiredScopes, allowedScopes);
+    if (missingScopes.length > 0) {
+      disabledByAllowedScopes.push({ toolName: tool.alias, missingScopes });
+      skippedCount++;
+      continue;
+    }
     const paramSchema = {};
     if (tool.parameters && tool.parameters.length > 0) {
       for (const param of tool.parameters) {
@@ -536,6 +555,11 @@ function registerGraphTools(server, graphClient, readOnly = false, enabledToolsP
   if (multiAccount) {
     logger.info('Multi-account mode: "account" parameter injected into all tool schemas');
   }
+  if (disabledByAllowedScopes.length > 0) {
+    logger.info(
+      `Allowed scopes disabled ${disabledByAllowedScopes.length} Graph tools: ${formatDisabledToolsForLog(disabledByAllowedScopes)}`
+    );
+  }
   const utilityCtx = {
     graphClient,
     authManager,
@@ -558,8 +582,9 @@ function registerGraphTools(server, graphClient, readOnly = false, enabledToolsP
   );
   return registeredCount;
 }
-function buildToolsRegistry(readOnly, orgMode, enabledToolsRegex) {
+function buildToolsRegistry(readOnly, orgMode, enabledToolsRegex, allowedScopesValue, disabledByAllowedScopes = []) {
   const toolsMap = /* @__PURE__ */ new Map();
+  const allowedScopes = parseAllowedScopes(allowedScopesValue);
   for (const tool of api.endpoints) {
     const endpointConfig = endpointsData.find((e) => e.toolName === tool.alias);
     if (!orgMode && endpointConfig && !endpointConfig.scopes && endpointConfig.workScopes) {
@@ -574,6 +599,14 @@ function buildToolsRegistry(readOnly, orgMode, enabledToolsRegex) {
     if (enabledToolsRegex && !enabledToolsRegex.test(tool.alias)) {
       continue;
     }
+    const missingScopes = allowedScopes !== void 0 && !endpointConfig ? ["endpoint scope metadata"] : getMissingAllowedScopes(
+      getEndpointRequiredScopes(endpointConfig, orgMode),
+      allowedScopes
+    );
+    if (missingScopes.length > 0) {
+      disabledByAllowedScopes.push({ toolName: tool.alias, missingScopes });
+      continue;
+    }
     toolsMap.set(tool.alias, { tool, config: endpointConfig });
   }
   return toolsMap;
@@ -635,7 +668,7 @@ function scoreDiscoveryQuery(query, index) {
   ranked.sort((a, b) => b.score - a.score);
   return ranked;
 }
-function registerDiscoveryTools(server, graphClient, readOnly = false, orgMode = false, authManager, multiAccount = false, accountNames = [], enabledTools) {
+function registerDiscoveryTools(server, graphClient, readOnly = false, orgMode = false, authManager, multiAccount = false, accountNames = [], enabledTools, allowedScopesValue) {
   let enabledToolsRegex;
   if (enabledTools) {
     try {
@@ -647,7 +680,19 @@ function registerDiscoveryTools(server, graphClient, readOnly = false, orgMode =
       );
     }
   }
-  const toolsRegistry = buildToolsRegistry(readOnly, orgMode, enabledToolsRegex);
+  const disabledByAllowedScopes = [];
+  const toolsRegistry = buildToolsRegistry(
+    readOnly,
+    orgMode,
+    enabledToolsRegex,
+    allowedScopesValue,
+    disabledByAllowedScopes
+  );
+  if (disabledByAllowedScopes.length > 0) {
+    logger.info(
+      `Discovery mode: allowed scopes disabled ${disabledByAllowedScopes.length} Graph tools: ${formatDisabledToolsForLog(disabledByAllowedScopes)}`
+    );
+  }
   const utilityTools = UTILITY_TOOLS.filter((u) => {
     if (readOnly && !u.readOnlyHint) return false;
     if (enabledToolsRegex && !enabledToolsRegex.test(u.name)) return false;

package/dist/index.js

@@ -2,8 +2,12 @@
 import "dotenv/config";
 import { parseArgs } from "./cli.js";
 import logger from "./logger.js";
-import AuthManager, { buildScopesFromEndpoints } from "./auth.js";
+import AuthManager, { buildAllowedScopeDiagnostics, resolveAuthScopes } from "./auth.js";
 import MicrosoftGraphServer from "./server.js";
+import {
+  getExpectedAccountInertWarning,
+  shouldAssertExpectedAccountAtStartup
+} from "./startup-pinning.js";
 import { version } from "./version.js";
 async function main() {
   try {
@@ -13,20 +17,44 @@ async function main() {
       logger.info("Organization mode enabled - including work account scopes");
     }
     const readOnly = args.readOnly || false;
-    const scopes = buildScopesFromEndpoints(includeWorkScopes, args.enabledTools, readOnly);
+    const effectiveScopes = resolveAuthScopes(args);
     if (args.listPermissions) {
-      const sorted = [...scopes].sort((a, b) => a.localeCompare(b));
+      const diagnostics = buildAllowedScopeDiagnostics(args);
       const mode = includeWorkScopes ? "org" : "personal";
       const filter = args.enabledTools ? args.enabledTools : void 0;
-      console.log(JSON.stringify({ mode, readOnly, filter, permissions: sorted }, null, 2));
+      if (diagnostics.disabledTools.length > 0) {
+        console.error(
+          `Warning: allowed scopes disabled ${diagnostics.disabledTools.length} tools. Missing scopes: ${diagnostics.missingAllowedScopesForTools.join(", ")}`
+        );
+      }
+      console.log(
+        JSON.stringify(
+          {
+            mode,
+            readOnly,
+            filter,
+            ...diagnostics
+          },
+          null,
+          2
+        )
+      );
       process.exit(0);
     }
-    const authManager = await AuthManager.create(scopes);
+    const authManager = await AuthManager.create(effectiveScopes, {
+      expectedUsername: args.expectedUsername,
+      expectedHomeAccountId: args.expectedHomeAccountId
+    });
     await authManager.loadTokenCache();
     if (args.authBrowser) {
       authManager.setUseInteractiveAuth(true);
       logger.info("Browser-based interactive auth enabled");
     }
+    const expectedAccountWarning = getExpectedAccountInertWarning(args, authManager);
+    if (expectedAccountWarning) {
+      logger.warn(expectedAccountWarning);
+      console.error(expectedAccountWarning);
+    }
     if (args.login) {
       if (args.authBrowser) {
         await authManager.acquireTokenInteractive();
@@ -81,6 +109,9 @@ async function main() {
       }
       process.exit(0);
     }
+    if (shouldAssertExpectedAccountAtStartup(args, authManager)) {
+      await authManager.assertExpectedAccountAvailable();
+    }
     const server = new MicrosoftGraphServer(authManager, args);
     await server.initialize(version);
     await server.start();

package/dist/server.js

@@ -8,7 +8,11 @@ import { registerAuthTools } from "./auth-tools.js";
 import { registerGraphTools, registerDiscoveryTools } from "./graph-tools.js";
 import { buildMcpServerInstructions } from "./mcp-instructions.js";
 import GraphClient from "./graph-client.js";
-import { buildScopesFromEndpoints } from "./auth.js";
+import {
+  buildScopesFromEndpoints,
+  parseAllowedScopes,
+  resolveAuthScopes
+} from "./auth.js";
 import { MicrosoftOAuthProvider } from "./oauth-provider.js";
 import {
   exchangeCodeForToken,
@@ -77,7 +81,8 @@ class MicrosoftGraphServer {
         this.authManager,
         this.multiAccount,
         this.accountNames,
-        this.options.enabledTools
+        this.options.enabledTools,
+        this.options.allowedScopes
       );
     } else {
       registerGraphTools(
@@ -88,7 +93,8 @@ class MicrosoftGraphServer {
         this.options.orgMode,
         this.authManager,
         this.multiAccount,
-        this.accountNames
+        this.accountNames,
+        this.options.allowedScopes
       );
     }
     return server;
@@ -170,11 +176,7 @@ class MicrosoftGraphServer {
         const protocol = req.secure ? "https" : "http";
         const requestOrigin = `${protocol}://${req.get("host")}`;
         const browserBase = publicBase ?? requestOrigin;
-        const scopes = buildScopesFromEndpoints(
-          this.options.orgMode,
-          this.options.enabledTools,
-          this.options.readOnly
-        );
+        const scopes = resolveAuthScopes(this.options);
         const metadata = {
           issuer: browserBase,
           authorization_endpoint: `${browserBase}/authorize`,
@@ -195,11 +197,7 @@ class MicrosoftGraphServer {
         const protocol = req.secure ? "https" : "http";
         const requestOrigin = `${protocol}://${req.get("host")}`;
         const browserBase = publicBase ?? requestOrigin;
-        const scopes = this.options.obo ? [`api://${this.secrets.clientId}/access_as_user`] : buildScopesFromEndpoints(
-          this.options.orgMode,
-          this.options.enabledTools,
-          this.options.readOnly
-        );
+        const scopes = this.options.obo ? [`api://${this.secrets.clientId}/access_as_user`] : resolveAuthScopes(this.options);
         res.json({
           resource: `${requestOrigin}/mcp`,
           authorization_servers: [browserBase],
@@ -304,8 +302,9 @@ class MicrosoftGraphServer {
           }
         }
         microsoftAuthUrl.searchParams.set("client_id", clientId);
+        const explicitAllowedScopes = parseAllowedScopes(this.options.allowedScopes);
         const clientScope = microsoftAuthUrl.searchParams.get("scope");
-        const baseScopes = clientScope ? clientScope.split(/\s+/).filter(Boolean) : buildScopesFromEndpoints(
+        const baseScopes = explicitAllowedScopes !== void 0 ? resolveAuthScopes(this.options) : clientScope ? clientScope.split(/\s+/).filter(Boolean) : buildScopesFromEndpoints(
           this.options.orgMode,
           this.options.enabledTools,
           this.options.readOnly

package/dist/startup-pinning.js

@@ -0,0 +1,40 @@
+const LOCAL_ACCOUNT_COMMANDS = [
+  "login",
+  "logout",
+  "listAccounts",
+  "selectAccount",
+  "removeAccount",
+  "verifyLogin"
+];
+function getExpectedAccountInertWarning(args, authManager) {
+  if (!authManager.hasExpectedAccount()) {
+    return null;
+  }
+  const inertModes = [];
+  if (args.http) {
+    inertModes.push("--http");
+  }
+  if (args.obo) {
+    inertModes.push("--obo");
+  }
+  if (authManager.isOAuthModeEnabled()) {
+    inertModes.push("MS365_MCP_OAUTH_TOKEN");
+  }
+  if (inertModes.length === 0) {
+    return null;
+  }
+  return `Warning: expected account pinning is configured, but ${inertModes.join(", ")} uses request-provided tokens for Graph calls. The pin only guards local MSAL auth helpers.`;
+}
+function shouldAssertExpectedAccountAtStartup(args, authManager) {
+  if (!authManager.hasExpectedAccount()) {
+    return false;
+  }
+  if (getExpectedAccountInertWarning(args, authManager)) {
+    return false;
+  }
+  return !LOCAL_ACCOUNT_COMMANDS.some((key) => Boolean(args[key]));
+}
+export {
+  getExpectedAccountInertWarning,
+  shouldAssertExpectedAccountAtStartup
+};

package/docs/deployment.md

@@ -194,6 +194,7 @@ The client automatically discovers OAuth endpoints and opens a browser for authe
 ## Security Considerations
 
 - **Stateless**: the server does not store tokens — each request carries the user's Bearer token
+- **Account pinning**: `MS365_MCP_EXPECTED_USERNAME` and `MS365_MCP_EXPECTED_HOME_ACCOUNT_ID` protect local MSAL cache flows for headless stdio deployments. In `--http`, `--obo`, or `MS365_MCP_OAUTH_TOKEN` deployments they are warning-only because Graph calls use request-provided tokens.
 - **Admin consent**: grant tenant-wide consent to avoid per-user consent prompts
 - **Managed identity**: use managed identity for Key Vault access (no secrets in environment variables)
 - **Read-only mode**: use `--read-only` to disable all write operations (send, delete, update, create)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@softeria/ms-365-mcp-server",
-  "version": "0.108.0",
+  "version": "0.110.0",
   "description": " A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Office services through the Graph API",
   "type": "module",
   "main": "dist/index.js",