@softeria/ms-365-mcp-server 0.4.1 → 0.4.3

package/dist/graph-tools.js

@@ -1,9 +1,12 @@
 import logger from './logger.js';
 import { api } from './generated/client.js';
 import { z } from 'zod';
-export function registerGraphTools(server, graphClient) {
+export function registerGraphTools(server, graphClient, readOnly = false) {
     for (const tool of api.endpoints) {
-        // Create a zod schema for the parameters
+        if (readOnly && tool.method.toUpperCase() !== 'GET') {
+            logger.info(`Skipping write operation ${tool.alias} in read-only mode`);
+            continue;
+        }
         const paramSchema = {};
         if (tool.parameters && tool.parameters.length > 0) {
             for (const param of tool.parameters) {

package/dist/server.js

@@ -17,13 +17,16 @@ class MicrosoftGraphServer {
             version,
         });
         registerAuthTools(this.server, this.authManager);
-        registerGraphTools(this.server, this.graphClient);
+        registerGraphTools(this.server, this.graphClient, this.options.readOnly);
     }
     async start() {
         if (this.options.v) {
             enableConsoleLogging();
         }
         logger.info('Microsoft 365 MCP Server starting...');
+        if (this.options.readOnly) {
+            logger.info('Server running in READ-ONLY mode. Write operations are disabled.');
+        }
         const transport = new StdioServerTransport();
         await this.server.connect(transport);
         logger.info('Server connected to transport');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@softeria/ms-365-mcp-server",
-  "version": "0.4.1",
+  "version": "0.4.3",
   "description": "Microsoft 365 MCP Server",
   "type": "module",
   "main": "dist/index.js",
@@ -14,7 +14,8 @@
     "dev": "tsx src/index.ts",
     "format": "prettier --write \"**/*.{ts,mts,js,mjs,json,md}\"",
     "release": "ts-node --esm bin/release.mts",
-    "inspect": "npx @modelcontextprotocol/inspector tsx src/index.ts"
+    "inspect": "npx @modelcontextprotocol/inspector tsx src/index.ts",
+    "prepublishOnly": "npm run build"
   },
   "keywords": [
     "microsoft",

package/src/endpoints.json

@@ -104,7 +104,7 @@
     ]
   },
   {
-    "pathPattern": "/drives",
+    "pathPattern": "/me/drives",
     "method": "get",
     "toolName": "list-drives",
     "scopes": [
@@ -196,6 +196,14 @@
       "Files.Read"
     ]
   },
+  {
+    "pathPattern": "/drives/{drive-id}/items/{driveItem-id}/children",
+    "method": "post",
+    "toolName": "create-folder",
+    "scopes": [
+      "Files.ReadWrite"
+    ]
+  },
   {
     "pathPattern": "/me/onenote/notebooks",
     "method": "get",

package/src/generated/README.md

@@ -2,11 +2,16 @@
 
 This directory contains the generated TypeScript client for the Microsoft 365 API based on the OpenAPI specification.
 
+> **Important Note for NPM Package Users**: 
+> The source file `client.ts` (approximately 1MB) is excluded from the npm package to reduce package size, 
+> but the compiled JavaScript file `client.js` is included. This means the package is fully functional,
+> but you won't see the TypeScript source in the node_modules directory.
+
 ## The Evolution
 
 ### Initial Challenge
 
-Our initial approach used the full MS 365 OpenAPI specification file directly. This created two significant problems:
+Our initial approach used the full MS 365 OpenAPI specification file directly. This created several significant problems:
 
 - The spec file was a whopping 45MB in size
 - It had to be included in the npm package

package/.github/workflows/build.yml

@@ -1,34 +0,0 @@
-name: Build
-
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    branches: [ main ]
-  workflow_dispatch:
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-
-    strategy:
-      matrix:
-        node-version: [ 18.x, 20.x ]
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: 'npm'
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Build TypeScript
-        run: npm run build
-
-      - name: Run tests
-        run: npm test

package/.github/workflows/npm-publish.yml

@@ -1,32 +0,0 @@
-name: Node.js Package
-
-on:
-  release:
-    types: [ created ]
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 20
-      - run: npm ci
-      - run: npm run build
-      - run: npm test
-
-  publish-npm:
-    needs: build
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 20
-          registry-url: https://registry.npmjs.org/
-      - run: npm ci
-      - run: npm run build
-      - run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{secrets.npm_token}}

package/.prettierrc

@@ -1,7 +0,0 @@
-{
-  "semi": true,
-  "singleQuote": true,
-  "trailingComma": "es5",
-  "printWidth": 100,
-  "tabWidth": 2
-}

package/src/auth-tools.ts

@@ -1,89 +0,0 @@
-import { z } from 'zod';
-import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
-import AuthManager from './auth.js';
-
-export function registerAuthTools(server: McpServer, authManager: AuthManager): void {
-  server.tool(
-    'login',
-    {
-      force: z.boolean().default(false).describe('Force a new login even if already logged in'),
-    },
-    async ({ force }) => {
-      try {
-        if (!force) {
-          const loginStatus = await authManager.testLogin();
-          if (loginStatus.success) {
-            return {
-              content: [
-                {
-                  type: 'text',
-                  text: JSON.stringify({
-                    status: 'Already logged in',
-                    ...loginStatus,
-                  }),
-                },
-              ],
-            };
-          }
-        }
-
-        const text = await new Promise<string>((r) => {
-          authManager.acquireTokenByDeviceCode(r);
-        });
-        return {
-          content: [
-            {
-              type: 'text',
-              text,
-            },
-          ],
-        };
-      } catch (error) {
-        return {
-          content: [
-            {
-              type: 'text',
-              text: JSON.stringify({ error: `Authentication failed: ${(error as Error).message}` }),
-            },
-          ],
-        };
-      }
-    }
-  );
-
-  server.tool('logout', {}, async () => {
-    try {
-      await authManager.logout();
-      return {
-        content: [
-          {
-            type: 'text',
-            text: JSON.stringify({ message: 'Logged out successfully' }),
-          },
-        ],
-      };
-    } catch (error) {
-      return {
-        content: [
-          {
-            type: 'text',
-            text: JSON.stringify({ error: 'Logout failed' }),
-          },
-        ],
-      };
-    }
-  });
-
-  server.tool('verify-login', async () => {
-    const testResult = await authManager.testLogin();
-
-    return {
-      content: [
-        {
-          type: 'text',
-          text: JSON.stringify(testResult),
-        },
-      ],
-    };
-  });
-}

package/src/auth.ts

@@ -1,267 +0,0 @@
-import { PublicClientApplication } from '@azure/msal-node';
-import type { Configuration } from '@azure/msal-node';
-import keytar from 'keytar';
-import { fileURLToPath } from 'url';
-import path from 'path';
-import fs from 'fs';
-import logger from './logger.js';
-
-const endpoints = await import('./endpoints.json', {
-  with: { type: 'json' },
-});
-
-const SERVICE_NAME = 'ms-365-mcp-server';
-const TOKEN_CACHE_ACCOUNT = 'msal-token-cache';
-const FALLBACK_DIR = path.dirname(fileURLToPath(import.meta.url));
-const FALLBACK_PATH = path.join(FALLBACK_DIR, '..', '.token-cache.json');
-
-const DEFAULT_CONFIG: Configuration = {
-  auth: {
-    clientId: '084a3e9f-a9f4-43f7-89f9-d229cf97853e',
-    authority: 'https://login.microsoftonline.com/common',
-  },
-};
-
-interface ScopeHierarchy {
-  [key: string]: string[];
-}
-
-const SCOPE_HIERARCHY: ScopeHierarchy = {
-  'Mail.ReadWrite': ['Mail.Read', 'Mail.Send'],
-  'Calendars.ReadWrite': ['Calendars.Read'],
-  'Files.ReadWrite': ['Files.Read'],
-  'Tasks.ReadWrite': ['Tasks.Read'],
-  'Contacts.ReadWrite': ['Contacts.Read'],
-};
-
-function buildScopesFromEndpoints(): string[] {
-  const scopesSet = new Set<string>();
-
-  endpoints.default.forEach((endpoint) => {
-    if (endpoint.scopes && Array.isArray(endpoint.scopes)) {
-      endpoint.scopes.forEach((scope) => scopesSet.add(scope));
-    }
-  });
-
-  Object.entries(SCOPE_HIERARCHY).forEach(([higherScope, lowerScopes]) => {
-    if (lowerScopes.every((scope) => scopesSet.has(scope))) {
-      lowerScopes.forEach((scope) => scopesSet.delete(scope));
-      scopesSet.add(higherScope);
-    }
-  });
-
-  return Array.from(scopesSet);
-}
-
-interface LoginTestResult {
-  success: boolean;
-  message: string;
-  userData?: {
-    displayName: string;
-    userPrincipalName: string;
-  };
-}
-
-class AuthManager {
-  private config: Configuration;
-  private scopes: string[];
-  private msalApp: PublicClientApplication;
-  private accessToken: string | null;
-  private tokenExpiry: number | null;
-
-  constructor(
-    config: Configuration = DEFAULT_CONFIG,
-    scopes: string[] = buildScopesFromEndpoints()
-  ) {
-    logger.info(`And scopes are ${scopes.join(', ')}`, scopes);
-    this.config = config;
-    this.scopes = scopes;
-    this.msalApp = new PublicClientApplication(this.config);
-    this.accessToken = null;
-    this.tokenExpiry = null;
-  }
-
-  async loadTokenCache(): Promise<void> {
-    try {
-      let cacheData: string | undefined;
-
-      try {
-        const cachedData = await keytar.getPassword(SERVICE_NAME, TOKEN_CACHE_ACCOUNT);
-        if (cachedData) {
-          cacheData = cachedData;
-        }
-      } catch (keytarError) {
-        logger.warn(
-          `Keychain access failed, falling back to file storage: ${(keytarError as Error).message}`
-        );
-      }
-
-      if (!cacheData && fs.existsSync(FALLBACK_PATH)) {
-        cacheData = fs.readFileSync(FALLBACK_PATH, 'utf8');
-      }
-
-      if (cacheData) {
-        this.msalApp.getTokenCache().deserialize(cacheData);
-      }
-    } catch (error) {
-      logger.error(`Error loading token cache: ${(error as Error).message}`);
-    }
-  }
-
-  async saveTokenCache(): Promise<void> {
-    try {
-      const cacheData = this.msalApp.getTokenCache().serialize();
-
-      try {
-        await keytar.setPassword(SERVICE_NAME, TOKEN_CACHE_ACCOUNT, cacheData);
-      } catch (keytarError) {
-        logger.warn(
-          `Keychain save failed, falling back to file storage: ${(keytarError as Error).message}`
-        );
-
-        fs.writeFileSync(FALLBACK_PATH, cacheData);
-      }
-    } catch (error) {
-      logger.error(`Error saving token cache: ${(error as Error).message}`);
-    }
-  }
-
-  async getToken(forceRefresh = false): Promise<string | null> {
-    if (this.accessToken && this.tokenExpiry && this.tokenExpiry > Date.now() && !forceRefresh) {
-      return this.accessToken;
-    }
-
-    const accounts = await this.msalApp.getTokenCache().getAllAccounts();
-
-    if (accounts.length > 0) {
-      const silentRequest = {
-        account: accounts[0],
-        scopes: this.scopes,
-      };
-
-      try {
-        const response = await this.msalApp.acquireTokenSilent(silentRequest);
-        this.accessToken = response.accessToken;
-        this.tokenExpiry = response.expiresOn ? new Date(response.expiresOn).getTime() : null;
-        return this.accessToken;
-      } catch (error) {
-        logger.info('Silent token acquisition failed, using device code flow');
-      }
-    }
-
-    throw new Error('No valid token found');
-  }
-
-  async acquireTokenByDeviceCode(hack?: (message: string) => void): Promise<string | null> {
-    const deviceCodeRequest = {
-      scopes: this.scopes,
-      deviceCodeCallback: (response: { message: string }) => {
-        const text = ['\n', response.message, '\n'].join('');
-        if (hack) {
-          hack(text + 'After login run the "verify login" command');
-        } else {
-          console.log(text);
-        }
-        logger.info('Device code login initiated');
-      },
-    };
-
-    try {
-      logger.info('Requesting device code...');
-      const response = await this.msalApp.acquireTokenByDeviceCode(deviceCodeRequest);
-      logger.info('Device code login successful');
-      this.accessToken = response?.accessToken || null;
-      this.tokenExpiry = response?.expiresOn ? new Date(response.expiresOn).getTime() : null;
-      await this.saveTokenCache();
-      return this.accessToken;
-    } catch (error) {
-      logger.error(`Error in device code flow: ${(error as Error).message}`);
-      throw error;
-    }
-  }
-
-  async testLogin(): Promise<LoginTestResult> {
-    try {
-      logger.info('Testing login...');
-      const token = await this.getToken();
-
-      if (!token) {
-        logger.error('Login test failed - no token received');
-        return {
-          success: false,
-          message: 'Login failed - no token received',
-        };
-      }
-
-      logger.info('Token retrieved successfully, testing Graph API access...');
-
-      try {
-        const response = await fetch('https://graph.microsoft.com/v1.0/me', {
-          headers: {
-            Authorization: `Bearer ${token}`,
-          },
-        });
-
-        if (response.ok) {
-          const userData = await response.json();
-          logger.info('Graph API user data fetch successful');
-          return {
-            success: true,
-            message: 'Login successful',
-            userData: {
-              displayName: userData.displayName,
-              userPrincipalName: userData.userPrincipalName,
-            },
-          };
-        } else {
-          const errorText = await response.text();
-          logger.error(`Graph API user data fetch failed: ${response.status} - ${errorText}`);
-          return {
-            success: false,
-            message: `Login successful but Graph API access failed: ${response.status}`,
-          };
-        }
-      } catch (graphError) {
-        logger.error(`Error fetching user data: ${(graphError as Error).message}`);
-        return {
-          success: false,
-          message: `Login successful but Graph API access failed: ${(graphError as Error).message}`,
-        };
-      }
-    } catch (error) {
-      logger.error(`Login test failed: ${(error as Error).message}`);
-      return {
-        success: false,
-        message: `Login failed: ${(error as Error).message}`,
-      };
-    }
-  }
-
-  async logout(): Promise<boolean> {
-    try {
-      const accounts = await this.msalApp.getTokenCache().getAllAccounts();
-      for (const account of accounts) {
-        await this.msalApp.getTokenCache().removeAccount(account);
-      }
-      this.accessToken = null;
-      this.tokenExpiry = null;
-
-      try {
-        await keytar.deletePassword(SERVICE_NAME, TOKEN_CACHE_ACCOUNT);
-      } catch (keytarError) {
-        logger.warn(`Keychain deletion failed: ${(keytarError as Error).message}`);
-      }
-
-      if (fs.existsSync(FALLBACK_PATH)) {
-        fs.unlinkSync(FALLBACK_PATH);
-      }
-
-      return true;
-    } catch (error) {
-      logger.error(`Error during logout: ${(error as Error).message}`);
-      throw error;
-    }
-  }
-}
-
-export default AuthManager;

package/src/cli.ts

@@ -1,33 +0,0 @@
-import { Command } from 'commander';
-import { readFileSync } from 'fs';
-import path from 'path';
-import { fileURLToPath } from 'url';
-
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const packageJsonPath = path.join(__dirname, '..', 'package.json');
-const packageJson = JSON.parse(readFileSync(packageJsonPath, 'utf8'));
-const version = packageJson.version;
-
-const program = new Command();
-
-program
-  .name('ms-365-mcp-server')
-  .description('Microsoft 365 MCP Server')
-  .version(version)
-  .option('-v', 'Enable verbose logging')
-  .option('--login', 'Login using device code flow')
-  .option('--logout', 'Log out and clear saved credentials')
-  .option('--verify-login', 'Verify login without starting the server');
-
-export interface CommandOptions {
-  v?: boolean;
-  login?: boolean;
-  logout?: boolean;
-  verifyLogin?: boolean;
-  [key: string]: any;
-}
-
-export function parseArgs(): CommandOptions {
-  program.parse();
-  return program.opts();
-}