@softeria/ms-365-mcp-server 0.22.1 → 0.24.0

package/README.md

@@ -19,6 +19,70 @@ API.
 - Read-only mode support for safe operations
 - Tool filtering for granular access control
 
+## Output Format: JSON vs TOON
+
+The server supports two output formats that can be configured globally:
+
+### JSON Format (Default)
+
+Standard JSON output with pretty-printing:
+
+```json
+{
+  "value": [
+    {
+      "id": "1",
+      "displayName": "Alice Johnson",
+      "mail": "alice@example.com",
+      "jobTitle": "Software Engineer"
+    }
+  ]
+}
+```
+
+### (experimental) TOON Format
+
+[Token-Oriented Object Notation](https://github.com/toon-format/toon) for efficient LLM token usage:
+
+```
+value[1]{id,displayName,mail,jobTitle}:
+  "1",Alice Johnson,alice@example.com,Software Engineer
+```
+
+**Benefits:**
+
+- 30-60% fewer tokens vs JSON
+- Best for uniform array data (lists of emails, calendar events, files, etc.)
+- Ideal for cost-sensitive applications at scale
+
+**Usage:**
+(experimental) Enable TOON format globally:
+
+Via CLI flag:
+
+```bash
+npx @softeria/ms-365-mcp-server --toon
+```
+
+Via Claude Desktop configuration:
+
+```json
+{
+  "mcpServers": {
+    "ms365": {
+      "command": "npx",
+      "args": ["-y", "@softeria/ms-365-mcp-server", "--toon"]
+    }
+  }
+}
+```
+
+Via environment variable:
+
+```bash
+MS365_MCP_OUTPUT_FORMAT=toon npx @softeria/ms-365-mcp-server
+```
+
 ## Supported Services & Tools
 
 ### Personal Account Tools (Available by default)
@@ -289,6 +353,7 @@ When running as an MCP server, the following options can be used:
                   Starts Express.js server with MCP endpoint at /mcp
 --enable-auth-tools Enable login/logout tools when using HTTP mode (disabled by default in HTTP mode)
 --enabled-tools <pattern> Filter tools using regex pattern (e.g., "excel|contact" to enable Excel and Contact tools)
+--toon            (experimental) Enable TOON output format for 30-60% token reduction
 ```
 
 Environment variables:
@@ -297,6 +362,7 @@ Environment variables:
 - `ENABLED_TOOLS`: Filter tools using a regex pattern (alternative to --enabled-tools flag)
 - `MS365_MCP_ORG_MODE=true|1`: Enable organization/work mode (alternative to --org-mode flag)
 - `MS365_MCP_FORCE_WORK_SCOPES=true|1`: Backwards compatibility for MS365_MCP_ORG_MODE
+- `MS365_MCP_OUTPUT_FORMAT=toon`: Enable TOON output format (alternative to --toon flag)
 - `LOG_LEVEL`: Set logging level (default: 'info')
 - `SILENT=true|1`: Disable console output
 - `MS365_MCP_CLIENT_ID`: Custom Azure app client ID (defaults to built-in app)

package/bin/modules/generate-mcp-tools.mjs

@@ -27,6 +27,12 @@ export function generateMcpTools(openApiSpec, outputDir) {
 
     let clientCode = fs.readFileSync(clientFilePath, 'utf-8');
     clientCode = clientCode.replace(/'@zodios\/core';/, "'./hack.js';");
+
+    clientCode = clientCode.replace(
+      /const microsoft_graph_attachment = z\s+\.object\({[\s\S]*?}\)\s+\.strict\(\);/,
+      (match) => match.replace(/\.strict\(\);/, '.passthrough();')
+    );
+
     fs.writeFileSync(clientFilePath, clientCode);
 
     return true;

package/dist/cli.js

@@ -19,7 +19,7 @@ program.name("ms-365-mcp-server").description("Microsoft 365 MCP Server").versio
 ).option(
   "--org-mode",
   "Enable organization/work mode from start (includes Teams, SharePoint, etc.)"
-).option("--work-mode", "Alias for --org-mode").option("--force-work-scopes", "Backwards compatibility alias for --org-mode (deprecated)");
+).option("--work-mode", "Alias for --org-mode").option("--force-work-scopes", "Backwards compatibility alias for --org-mode (deprecated)").option("--toon", "(experimental) Enable TOON output format for 30-60% token reduction");
 function parseArgs() {
   program.parse();
   const options = program.opts();
@@ -38,6 +38,9 @@ function parseArgs() {
   if (options.workMode || options.forceWorkScopes) {
     options.orgMode = true;
   }
+  if (process.env.MS365_MCP_OUTPUT_FORMAT === "toon") {
+    options.toon = true;
+  }
   return options;
 }
 export {

package/dist/generated/client.js

@@ -1198,7 +1198,7 @@ const microsoft_graph_attachment = z.object({
   ).nullish(),
   name: z.string().describe("The attachment's file name.").nullish(),
   size: z.number().gte(-2147483648).lte(2147483647).describe("The length of the attachment in bytes.").optional()
-}).strict();
+}).passthrough();
 const microsoft_graph_attendeeType = z.enum(["required", "optional", "resource"]);
 const microsoft_graph_dateTimeTimeZone = z.object({
   dateTime: z.string().describe(

package/dist/graph-client.js

@@ -1,10 +1,13 @@
 import logger from "./logger.js";
 import { refreshAccessToken } from "./lib/microsoft-auth.js";
+import { encode as toonEncode } from "@toon-format/toon";
 class GraphClient {
-  constructor(authManager) {
+  constructor(authManager, outputFormat = "json") {
     this.accessToken = null;
     this.refreshToken = null;
+    this.outputFormat = "json";
     this.authManager = authManager;
+    this.outputFormat = outputFormat;
   }
   setOAuthTokens(accessToken, refreshToken) {
     this.accessToken = accessToken;
@@ -94,6 +97,17 @@ class GraphClient {
       body: options.body
     });
   }
+  serializeData(data, outputFormat, pretty = false) {
+    if (outputFormat === "toon") {
+      try {
+        return toonEncode(data);
+      } catch (error) {
+        logger.warn(`Failed to encode as TOON, falling back to JSON: ${error}`);
+        return JSON.stringify(data, null, pretty ? 2 : void 0);
+      }
+    }
+    return JSON.stringify(data, null, pretty ? 2 : void 0);
+  }
   async graphRequest(endpoint, options = {}) {
     try {
       logger.info(`Calling ${endpoint} with options: ${JSON.stringify(options)}`);
@@ -110,7 +124,7 @@ class GraphClient {
   formatJsonResponse(data, rawResponse = false, excludeResponse = false) {
     if (excludeResponse) {
       return {
-        content: [{ type: "text", text: JSON.stringify({ success: true }) }]
+        content: [{ type: "text", text: this.serializeData({ success: true }, this.outputFormat) }]
       };
     }
     if (data && typeof data === "object" && "_headers" in data) {
@@ -124,13 +138,17 @@ class GraphClient {
       }
       if (rawResponse) {
         return {
-          content: [{ type: "text", text: JSON.stringify(responseData.data) }],
+          content: [
+            { type: "text", text: this.serializeData(responseData.data, this.outputFormat) }
+          ],
           _meta: meta
         };
       }
       if (responseData.data === null || responseData.data === void 0) {
         return {
-          content: [{ type: "text", text: JSON.stringify({ success: true }) }],
+          content: [
+            { type: "text", text: this.serializeData({ success: true }, this.outputFormat) }
+          ],
           _meta: meta
         };
       }
@@ -147,18 +165,20 @@ class GraphClient {
       };
       removeODataProps2(responseData.data);
       return {
-        content: [{ type: "text", text: JSON.stringify(responseData.data, null, 2) }],
+        content: [
+          { type: "text", text: this.serializeData(responseData.data, this.outputFormat, true) }
+        ],
         _meta: meta
       };
     }
     if (rawResponse) {
       return {
-        content: [{ type: "text", text: JSON.stringify(data) }]
+        content: [{ type: "text", text: this.serializeData(data, this.outputFormat) }]
       };
     }
     if (data === null || data === void 0) {
       return {
-        content: [{ type: "text", text: JSON.stringify({ success: true }) }]
+        content: [{ type: "text", text: this.serializeData({ success: true }, this.outputFormat) }]
       };
     }
     const removeODataProps = (obj) => {
@@ -174,7 +194,7 @@ class GraphClient {
     };
     removeODataProps(data);
     return {
-      content: [{ type: "text", text: JSON.stringify(data, null, 2) }]
+      content: [{ type: "text", text: this.serializeData(data, this.outputFormat, true) }]
     };
   }
 }

package/dist/server.js

@@ -8,6 +8,7 @@ import logger, { enableConsoleLogging } from "./logger.js";
 import { registerAuthTools } from "./auth-tools.js";
 import { registerGraphTools } from "./graph-tools.js";
 import GraphClient from "./graph-client.js";
+import { buildScopesFromEndpoints } from "./auth.js";
 import { MicrosoftOAuthProvider } from "./oauth-provider.js";
 import {
   exchangeCodeForToken,
@@ -19,7 +20,8 @@ class MicrosoftGraphServer {
   constructor(authManager, options = {}) {
     this.authManager = authManager;
     this.options = options;
-    this.graphClient = new GraphClient(authManager);
+    const outputFormat = options.toon ? "toon" : "json";
+    this.graphClient = new GraphClient(authManager, outputFormat);
     this.server = null;
   }
   async initialize(version) {
@@ -56,6 +58,7 @@ class MicrosoftGraphServer {
     if (this.options.http) {
       const port = typeof this.options.http === "string" ? parseInt(this.options.http) : 3e3;
       const app = express();
+      app.set("trust proxy", true);
       app.use(express.json());
       app.use(express.urlencoded({ extended: true }));
       app.use((req, res, next) => {
@@ -73,7 +76,9 @@ class MicrosoftGraphServer {
       });
       const oauthProvider = new MicrosoftOAuthProvider(this.authManager);
       app.get("/.well-known/oauth-authorization-server", async (req, res) => {
-        const url = new URL(`${req.protocol}://${req.get("host")}`);
+        const protocol = req.secure ? "https" : "http";
+        const url = new URL(`${protocol}://${req.get("host")}`);
+        const scopes = buildScopesFromEndpoints(this.options.orgMode);
         res.json({
           issuer: url.origin,
           authorization_endpoint: `${url.origin}/authorize`,
@@ -84,15 +89,17 @@ class MicrosoftGraphServer {
           grant_types_supported: ["authorization_code", "refresh_token"],
           token_endpoint_auth_methods_supported: ["none"],
           code_challenge_methods_supported: ["S256"],
-          scopes_supported: ["User.Read", "Files.Read", "Mail.Read"]
+          scopes_supported: scopes
         });
       });
       app.get("/.well-known/oauth-protected-resource", async (req, res) => {
-        const url = new URL(`${req.protocol}://${req.get("host")}`);
+        const protocol = req.secure ? "https" : "http";
+        const url = new URL(`${protocol}://${req.get("host")}`);
+        const scopes = buildScopesFromEndpoints(this.options.orgMode);
         res.json({
           resource: `${url.origin}/mcp`,
           authorization_servers: [url.origin],
-          scopes_supported: ["User.Read", "Files.Read", "Mail.Read"],
+          scopes_supported: scopes,
           bearer_methods_supported: ["header"],
           resource_documentation: `${url.origin}`
         });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@softeria/ms-365-mcp-server",
-  "version": "0.22.1",
+  "version": "0.24.0",
   "description": " A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Office services through the Graph API",
   "type": "module",
   "main": "dist/index.js",
@@ -35,6 +35,7 @@
   "dependencies": {
     "@azure/msal-node": "^2.1.0",
     "@modelcontextprotocol/sdk": "^1.8.0",
+    "@toon-format/toon": "^0.8.0",
     "commander": "^11.1.0",
     "dotenv": "^17.0.1",
     "express": "^5.1.0",
@@ -55,6 +56,7 @@
     "@typescript-eslint/parser": "^8.38.0",
     "eslint": "^9.31.0",
     "globals": "^16.3.0",
+    "patch-package": "^8.0.1",
     "prettier": "^3.5.3",
     "semantic-release": "^24.2.7",
     "tsup": "^8.5.0",