npm - @softeria/ms-365-mcp-server - Versions diffs - 0.114.2 → 0.114.4 - Mend

@softeria/ms-365-mcp-server 0.114.2 → 0.114.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/Dockerfile CHANGED Viewed

@@ -9,7 +9,7 @@ COPY . .
 RUN npm run generate
 RUN npm run build
-FROM node:20-alpine AS release
+FROM node:24-alpine AS release
 WORKDIR /app

package/README.md CHANGED Viewed

@@ -504,7 +504,19 @@ npx @softeria/ms-365-mcp-server --preset mail
 npx @softeria/ms-365-mcp-server --list-presets  # See all available presets
 ```
-Available presets: `mail`, `calendar`, `files`, `personal`, `work`, `excel`, `contacts`, `tasks`, `onenote`, `search`, `users`, `all`
+Available presets: `mail`, `calendar`, `files`, `personal`, `work`, `excel`, `contacts`, `tasks`, `onenote`, `search`, `users`, `outlook`, `onedrive`, `teams`, `all`
+Each endpoint in `endpoints.json` declares which presets it belongs to via a `presets` array, so every preset is an exact tool-name allow-list that never over-matches across apps (e.g. `mail` does not include shared-mailbox tools; those are in `work`).
+The `outlook`, `onedrive` and `teams` presets are app-scoped: they expose exactly one Microsoft app. Use these for "expose exactly one app" deployments:
+```bash
+# Outlook only (mail + calendar + contacts; no shared mailboxes, no files)
+npx @softeria/ms-365-mcp-server --preset outlook
+# Teams only (requires --org-mode)
+npx @softeria/ms-365-mcp-server --org-mode --preset teams
+```
 ## Dynamic Tool Discovery

package/dist/auth-tools.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import { z } from "zod";
+import { getRequestTokens } from "./request-context.js";
 function registerAuthTools(server, authManager) {
   server.tool(
     "login",
@@ -121,6 +122,7 @@ function registerAuthTools(server, authManager) {
         const accounts = await authManager.listAccounts();
         const selectedAccountId = authManager.getSelectedAccountId();
         const pinnedMode = authManager.hasExpectedAccount();
+        const oauthBearerMode = authManager.isOAuthModeEnabled() || Boolean(getRequestTokens());
         const result = accounts.map((account) => ({
           email: account.username || "unknown",
           name: account.name,
@@ -133,7 +135,7 @@ function registerAuthTools(server, authManager) {
               text: JSON.stringify({
                 accounts: result,
                 count: result.length,
-                tip: pinnedMode ? "Expected account pinning is configured; account parameters are disabled." : "Pass the 'email' value as the 'account' parameter in any tool call to target a specific account."
+                tip: pinnedMode ? "Expected account pinning is configured; account parameters are disabled." : oauthBearerMode ? "This server is in HTTP/OAuth mode: every request uses the identity of the connecting client's bearer token. The cached accounts listed here cannot be targeted via the 'account' parameter; reconnect the MCP client as the desired account instead." : "Pass the 'email' value as the 'account' parameter in any tool call to target a specific account."
               })
             }
           ]

package/dist/auth.js CHANGED Viewed

@@ -718,6 +718,11 @@ class AuthManager {
    */
   async getTokenForAccount(identifier) {
     if (this.isOAuthMode && this.oauthToken) {
+      if (identifier) {
+        throw new Error(
+          `Cannot switch to account '${identifier}': the server is in OAuth mode and always uses the identity of the supplied bearer token. Account switching requires stdio mode (or HTTP with --trust-proxy-auth).`
+        );
+      }
       return this.oauthToken;
     }
     let targetAccount = null;