awolve-myoffice-cli 1.1.0

package/README.md

@@ -0,0 +1,205 @@
+# MyOffice MCP
+
+A lightweight MCP (Model Context Protocol) server for personal Microsoft 365 access, designed for AI assistants like Claude Code.
+
+Unlike admin-focused M365 tools, this uses **delegated authentication** - users authenticate as themselves and can only access their own data.
+
+## Features
+
+- **Email** - List, read, search, send, delete
+- **Calendar** - List, create, update, delete events (with Teams meetings)
+- **Tasks** - Manage Microsoft To Do lists and tasks
+- **OneDrive** - Browse, search, read files
+- **Contacts** - List and search contacts
+
+## Prerequisites
+
+- Node.js 18+
+- An Azure AD app registration with delegated permissions (see setup below)
+- Microsoft 365 account
+
+## Installation
+
+```bash
+git clone https://github.com/awolve/ops-myoffice.git
+cd ops-myoffice
+npm install
+npm run build
+```
+
+## Azure AD App Registration
+
+1. Go to [Azure Portal](https://portal.azure.com) > Azure Active Directory > App registrations
+2. Click **New registration**
+   - Name: `Personal M365 MCP` (or your choice)
+   - Supported account types: **Accounts in any organizational directory** (for multi-tenant)
+   - Redirect URI: Leave blank (we use device code flow)
+3. After creation, note the **Application (client) ID**
+4. Go to **Authentication** > Advanced settings
+   - Enable **Allow public client flows** = Yes
+5. Go to **API permissions** > Add a permission > Microsoft Graph > Delegated permissions
+   - Add these permissions:
+     - `Mail.ReadWrite`
+     - `Mail.Send`
+     - `Calendars.ReadWrite`
+     - `Tasks.ReadWrite`
+     - `Files.ReadWrite`
+     - `Sites.Read.All`
+     - `Contacts.ReadWrite`
+     - `User.Read`
+     - `Team.ReadBasic.All`
+     - `Channel.ReadBasic.All`
+     - `ChannelMessage.Read.All`
+     - `ChannelMessage.Send`
+     - `Chat.Create`
+     - `Chat.ReadBasic`
+     - `Chat.Read`
+     - `ChatMessage.Send`
+     - `offline_access`
+6. Click **Grant admin consent** (optional - users can consent themselves)
+
+## Configuration
+
+Set environment variables:
+
+```bash
+export M365_CLIENT_ID="your-app-client-id"
+export M365_TENANT_ID="common"  # or your tenant ID for single-tenant
+```
+
+Or create a `.env` file:
+
+```
+M365_CLIENT_ID=your-app-client-id
+M365_TENANT_ID=common
+```
+
+## First-Time Authentication
+
+Run the login script to authenticate:
+
+```bash
+npm run login
+```
+
+You'll see:
+```
+AUTHENTICATION REQUIRED
+========================================
+To sign in, use a web browser to open the page
+https://microsoft.com/devicelogin and enter the code XXXXXXXX
+========================================
+```
+
+After signing in, your token is cached at `~/.config/myoffice-mcp/token.json`
+
+## Usage with Claude Code
+
+Add to your Claude Code MCP settings:
+
+```json
+{
+  "mcpServers": {
+    "myoffice-mcp": {
+      "command": "node",
+      "args": ["/path/to/ops-myoffice/dist/index.js"],
+      "env": {
+        "M365_CLIENT_ID": "your-client-id"
+      }
+    }
+  }
+}
+```
+
+## Available Tools
+
+### Email
+| Tool | Description |
+|------|-------------|
+| `mail_list` | List emails from a folder |
+| `mail_read` | Read a specific email |
+| `mail_search` | Search emails |
+| `mail_send` | Send an email |
+| `mail_delete` | Delete an email |
+
+### Calendar
+| Tool | Description |
+|------|-------------|
+| `calendar_list` | List events in date range |
+| `calendar_get` | Get event details |
+| `calendar_create` | Create an event |
+| `calendar_update` | Update an event |
+| `calendar_delete` | Delete an event |
+
+### Tasks
+| Tool | Description |
+|------|-------------|
+| `tasks_list_lists` | List all task lists |
+| `tasks_list` | List tasks from a list |
+| `tasks_create` | Create a task |
+| `tasks_update` | Update a task |
+| `tasks_complete` | Mark task complete |
+| `tasks_delete` | Delete a task |
+
+### OneDrive
+| Tool | Description |
+|------|-------------|
+| `onedrive_list` | List files/folders |
+| `onedrive_get` | Get file metadata |
+| `onedrive_search` | Search files |
+| `onedrive_read` | Read text file content |
+| `onedrive_create_folder` | Create a folder |
+
+### Contacts
+| Tool | Description |
+|------|-------------|
+| `contacts_list` | List contacts |
+| `contacts_search` | Search contacts |
+| `contacts_get` | Get contact details |
+| `contacts_create` | Create a new contact |
+| `contacts_update` | Update an existing contact |
+
+### Teams
+| Tool | Description |
+|------|-------------|
+| `teams_list` | List Teams you're a member of |
+| `teams_channels` | List channels in a Team |
+| `teams_channel_messages` | Read messages from a channel |
+| `teams_channel_post` | Post a message to a channel |
+
+### Chats
+| Tool | Description |
+|------|-------------|
+| `chats_list` | List 1:1 and group chats |
+| `chats_messages` | Read messages from a chat |
+| `chats_send` | Send a message in a chat |
+| `chats_create` | Create a new 1:1 or group chat |
+
+### Auth
+| Tool | Description |
+|------|-------------|
+| `auth_status` | Check auth status |
+
+## Security
+
+- Uses delegated permissions only - users can only access their own data
+- Tokens stored locally with restrictive permissions (0600)
+- No client secrets required (public client)
+- Destructive operations (send, delete) are clearly marked for AI confirmation
+
+## Development
+
+```bash
+# Run in development mode
+npm run dev
+
+# Build
+npm run build
+
+# Run login flow
+npm run login
+```
+
+## License
+
+MIT

package/dist/auth/cache-plugin.d.ts

@@ -0,0 +1,20 @@
+import { ICachePlugin, TokenCacheContext } from '@azure/msal-node';
+/**
+ * MSAL Cache Plugin that persists the full token cache (including refresh tokens)
+ * to a file. This ensures tokens survive server restarts.
+ */
+export declare class FileCachePlugin implements ICachePlugin {
+    private cachePath;
+    constructor(cachePath: string);
+    /**
+     * Called before MSAL accesses the cache.
+     * Load the cache from disk into MSAL's memory.
+     */
+    beforeCacheAccess(cacheContext: TokenCacheContext): Promise<void>;
+    /**
+     * Called after MSAL accesses the cache.
+     * If the cache changed, persist it to disk.
+     */
+    afterCacheAccess(cacheContext: TokenCacheContext): Promise<void>;
+}
+//# sourceMappingURL=cache-plugin.d.ts.map

package/dist/auth/cache-plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache-plugin.d.ts","sourceRoot":"","sources":["../../src/auth/cache-plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAInE;;;GAGG;AACH,qBAAa,eAAgB,YAAW,YAAY;IAClD,OAAO,CAAC,SAAS,CAAS;gBAEd,SAAS,EAAE,MAAM;IAI7B;;;OAGG;IACG,iBAAiB,CAAC,YAAY,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAavE;;;OAGG;IACG,gBAAgB,CAAC,YAAY,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;CAcvE"}

package/dist/auth/cache-plugin.js

@@ -0,0 +1,49 @@
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
+import { dirname } from 'path';
+/**
+ * MSAL Cache Plugin that persists the full token cache (including refresh tokens)
+ * to a file. This ensures tokens survive server restarts.
+ */
+export class FileCachePlugin {
+    cachePath;
+    constructor(cachePath) {
+        this.cachePath = cachePath;
+    }
+    /**
+     * Called before MSAL accesses the cache.
+     * Load the cache from disk into MSAL's memory.
+     */
+    async beforeCacheAccess(cacheContext) {
+        try {
+            if (existsSync(this.cachePath)) {
+                const cacheData = readFileSync(this.cachePath, 'utf-8');
+                if (cacheData && cacheData.trim()) {
+                    cacheContext.tokenCache.deserialize(cacheData);
+                }
+            }
+        }
+        catch (error) {
+            console.error('[Cache] Failed to load cache:', error instanceof Error ? error.message : error);
+        }
+    }
+    /**
+     * Called after MSAL accesses the cache.
+     * If the cache changed, persist it to disk.
+     */
+    async afterCacheAccess(cacheContext) {
+        if (cacheContext.cacheHasChanged) {
+            try {
+                const dir = dirname(this.cachePath);
+                if (!existsSync(dir)) {
+                    mkdirSync(dir, { recursive: true });
+                }
+                const serialized = cacheContext.tokenCache.serialize();
+                writeFileSync(this.cachePath, serialized, { mode: 0o600 });
+            }
+            catch (error) {
+                console.error('[Cache] Failed to save cache:', error instanceof Error ? error.message : error);
+            }
+        }
+    }
+}
+//# sourceMappingURL=cache-plugin.js.map

package/dist/auth/cache-plugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache-plugin.js","sourceRoot":"","sources":["../../src/auth/cache-plugin.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAE/B;;;GAGG;AACH,MAAM,OAAO,eAAe;IAClB,SAAS,CAAS;IAE1B,YAAY,SAAiB;QAC3B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,iBAAiB,CAAC,YAA+B;QACrD,IAAI,CAAC;YACH,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/B,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBACxD,IAAI,SAAS,IAAI,SAAS,CAAC,IAAI,EAAE,EAAE,CAAC;oBAClC,YAAY,CAAC,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACjG,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,YAA+B;QACpD,IAAI,YAAY,CAAC,eAAe,EAAE,CAAC;YACjC,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACpC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBACtC,CAAC;gBACD,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,CAAC,SAAS,EAAE,CAAC;gBACvD,aAAa,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAC7D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YACjG,CAAC;QACH,CAAC;IACH,CAAC;CACF"}

package/dist/auth/config.d.ts

@@ -0,0 +1,22 @@
+export interface TokenCache {
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+    account?: {
+        homeAccountId: string;
+        environment: string;
+        tenantId: string;
+        username: string;
+    };
+}
+export interface AuthConfig {
+    clientId: string;
+    tenantId: string;
+    scopes: string[];
+}
+export declare const DEFAULT_CONFIG: AuthConfig;
+export declare const MSAL_CACHE_FILE: string;
+export declare function getTokenCache(): TokenCache | null;
+export declare function saveTokenCache(cache: TokenCache): void;
+export declare function clearTokenCache(): void;
+//# sourceMappingURL=config.d.ts.map

package/dist/auth/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/auth/config.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE;QACR,aAAa,EAAE,MAAM,CAAC;QACtB,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAID,eAAO,MAAM,cAAc,EAAE,UA0B5B,CAAC;AAGF,eAAO,MAAM,eAAe,QAAgE,CAAC;AAE7F,wBAAgB,aAAa,IAAI,UAAU,GAAG,IAAI,CAUjD;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI,CAMtD;AAED,wBAAgB,eAAe,IAAI,IAAI,CAQtC"}

package/dist/auth/config.js

@@ -0,0 +1,64 @@
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
+import { homedir } from 'os';
+import { join, dirname } from 'path';
+// Default Azure AD app for personal M365 access
+// Users can override with their own app registration
+export const DEFAULT_CONFIG = {
+    clientId: process.env.M365_CLIENT_ID || '',
+    tenantId: process.env.M365_TENANT_ID || 'common',
+    scopes: [
+        'https://graph.microsoft.com/Mail.ReadWrite',
+        'https://graph.microsoft.com/Mail.Send',
+        'https://graph.microsoft.com/Calendars.ReadWrite',
+        'https://graph.microsoft.com/Tasks.ReadWrite',
+        'https://graph.microsoft.com/Files.ReadWrite',
+        'https://graph.microsoft.com/Sites.Read.All',
+        'https://graph.microsoft.com/Contacts.ReadWrite',
+        'https://graph.microsoft.com/User.Read',
+        // Teams
+        'https://graph.microsoft.com/Team.ReadBasic.All',
+        'https://graph.microsoft.com/Channel.ReadBasic.All',
+        'https://graph.microsoft.com/ChannelMessage.Read.All',
+        'https://graph.microsoft.com/ChannelMessage.Send',
+        // Chats
+        'https://graph.microsoft.com/Chat.Create',
+        'https://graph.microsoft.com/Chat.ReadBasic',
+        'https://graph.microsoft.com/Chat.Read',
+        'https://graph.microsoft.com/ChatMessage.Send',
+        // Planner
+        'https://graph.microsoft.com/Group.Read.All',
+        'offline_access',
+    ],
+};
+const TOKEN_FILE = join(homedir(), '.config', 'myoffice-mcp', 'token.json');
+export const MSAL_CACHE_FILE = join(homedir(), '.config', 'myoffice-mcp', 'msal-cache.json');
+export function getTokenCache() {
+    try {
+        if (existsSync(TOKEN_FILE)) {
+            const data = readFileSync(TOKEN_FILE, 'utf-8');
+            return JSON.parse(data);
+        }
+    }
+    catch {
+        // Ignore errors, return null
+    }
+    return null;
+}
+export function saveTokenCache(cache) {
+    const dir = dirname(TOKEN_FILE);
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+    }
+    writeFileSync(TOKEN_FILE, JSON.stringify(cache, null, 2), { mode: 0o600 });
+}
+export function clearTokenCache() {
+    try {
+        if (existsSync(TOKEN_FILE)) {
+            writeFileSync(TOKEN_FILE, '', { mode: 0o600 });
+        }
+    }
+    catch {
+        // Ignore errors
+    }
+}
+//# sourceMappingURL=config.js.map

package/dist/auth/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/auth/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAoBrC,gDAAgD;AAChD,qDAAqD;AACrD,MAAM,CAAC,MAAM,cAAc,GAAe;IACxC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE;IAC1C,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,QAAQ;IAChD,MAAM,EAAE;QACN,4CAA4C;QAC5C,uCAAuC;QACvC,iDAAiD;QACjD,6CAA6C;QAC7C,6CAA6C;QAC7C,4CAA4C;QAC5C,gDAAgD;QAChD,uCAAuC;QACvC,QAAQ;QACR,gDAAgD;QAChD,mDAAmD;QACnD,qDAAqD;QACrD,iDAAiD;QACjD,QAAQ;QACR,yCAAyC;QACzC,4CAA4C;QAC5C,uCAAuC;QACvC,8CAA8C;QAC9C,UAAU;QACV,4CAA4C;QAC5C,gBAAgB;KACjB;CACF,CAAC;AAEF,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;AAC5E,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,cAAc,EAAE,iBAAiB,CAAC,CAAC;AAE7F,MAAM,UAAU,aAAa;IAC3B,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,6BAA6B;IAC/B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAAiB;IAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAChC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,CAAC;IACD,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC7E,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,aAAa,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gBAAgB;IAClB,CAAC;AACH,CAAC"}

package/dist/auth/device-code.d.ts

@@ -0,0 +1,2 @@
+export declare function authenticateWithDeviceCode(): Promise<void>;
+//# sourceMappingURL=device-code.d.ts.map

package/dist/auth/device-code.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"device-code.d.ts","sourceRoot":"","sources":["../../src/auth/device-code.ts"],"names":[],"mappings":"AAMA,wBAAsB,0BAA0B,IAAI,OAAO,CAAC,IAAI,CAAC,CAuChE"}

package/dist/auth/device-code.js

@@ -0,0 +1,38 @@
+import { PublicClientApplication } from '@azure/msal-node';
+import { DEFAULT_CONFIG, MSAL_CACHE_FILE } from './config.js';
+import { FileCachePlugin } from './cache-plugin.js';
+const cachePlugin = new FileCachePlugin(MSAL_CACHE_FILE);
+export async function authenticateWithDeviceCode() {
+    if (!DEFAULT_CONFIG.clientId) {
+        throw new Error('M365_CLIENT_ID environment variable is required.\n' +
+            'Create an Azure AD app registration with delegated permissions and set M365_CLIENT_ID.');
+    }
+    const pca = new PublicClientApplication({
+        auth: {
+            clientId: DEFAULT_CONFIG.clientId,
+            authority: `https://login.microsoftonline.com/${DEFAULT_CONFIG.tenantId}`,
+        },
+        cache: {
+            cachePlugin,
+        },
+    });
+    const deviceCodeRequest = {
+        scopes: DEFAULT_CONFIG.scopes,
+        deviceCodeCallback: (response) => {
+            console.log('\n' + '='.repeat(60));
+            console.log('AUTHENTICATION REQUIRED');
+            console.log('='.repeat(60));
+            console.log(`\n${response.message}\n`);
+            console.log('='.repeat(60) + '\n');
+        },
+    };
+    const result = await pca.acquireTokenByDeviceCode(deviceCodeRequest);
+    if (!result || !result.accessToken) {
+        throw new Error('Failed to acquire access token');
+    }
+    // The cache plugin automatically persists the tokens via afterCacheAccess
+    console.log(`\nAuthenticated as: ${result.account?.username}`);
+    console.log('Token cached at:', MSAL_CACHE_FILE);
+    console.log('Refresh token is now properly persisted.\n');
+}
+//# sourceMappingURL=device-code.js.map

package/dist/auth/device-code.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"device-code.js","sourceRoot":"","sources":["../../src/auth/device-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAqB,MAAM,kBAAkB,CAAC;AAC9E,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;AAEzD,MAAM,CAAC,KAAK,UAAU,0BAA0B;IAC9C,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CACb,oDAAoD;YACpD,wFAAwF,CACzF,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,uBAAuB,CAAC;QACtC,IAAI,EAAE;YACJ,QAAQ,EAAE,cAAc,CAAC,QAAQ;YACjC,SAAS,EAAE,qCAAqC,cAAc,CAAC,QAAQ,EAAE;SAC1E;QACD,KAAK,EAAE;YACL,WAAW;SACZ;KACF,CAAC,CAAC;IAEH,MAAM,iBAAiB,GAAsB;QAC3C,MAAM,EAAE,cAAc,CAAC,MAAM;QAC7B,kBAAkB,EAAE,CAAC,QAAQ,EAAE,EAAE;YAC/B,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,KAAK,QAAQ,CAAC,OAAO,IAAI,CAAC,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;QACrC,CAAC;KACF,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;IAErE,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IAED,0EAA0E;IAC1E,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;AAC5D,CAAC"}

package/dist/auth/index.d.ts

@@ -0,0 +1,4 @@
+export { getAccessToken, isAuthenticated, getCurrentUser } from './token-manager.js';
+export { authenticateWithDeviceCode } from './device-code.js';
+export { DEFAULT_CONFIG, clearTokenCache } from './config.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACrF,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC"}

package/dist/auth/index.js

@@ -0,0 +1,4 @@
+export { getAccessToken, isAuthenticated, getCurrentUser } from './token-manager.js';
+export { authenticateWithDeviceCode } from './device-code.js';
+export { DEFAULT_CONFIG, clearTokenCache } from './config.js';
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACrF,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC"}

package/dist/auth/login.d.ts

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+/**
+ * Standalone login script for initial authentication
+ * Run with: npm run login
+ */
+export {};
+//# sourceMappingURL=login.d.ts.map

package/dist/auth/login.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/auth/login.ts"],"names":[],"mappings":";AACA;;;GAGG"}

package/dist/auth/login.js

@@ -0,0 +1,22 @@
+#!/usr/bin/env node
+/**
+ * Standalone login script for initial authentication
+ * Run with: npm run login
+ */
+import { authenticateWithDeviceCode } from './device-code.js';
+async function main() {
+    console.log('Personal M365 MCP - Authentication');
+    console.log('===================================\n');
+    try {
+        await authenticateWithDeviceCode();
+        console.log('Authentication successful!');
+        console.log('You can now use the M365 MCP with Claude Code.');
+        process.exit(0);
+    }
+    catch (error) {
+        console.error('Authentication failed:', error);
+        process.exit(1);
+    }
+}
+main();
+//# sourceMappingURL=login.js.map

package/dist/auth/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/auth/login.ts"],"names":[],"mappings":";AACA;;;GAGG;AAEH,OAAO,EAAE,0BAA0B,EAAE,MAAM,kBAAkB,CAAC;AAE9D,KAAK,UAAU,IAAI;IACjB,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;IAErD,IAAI,CAAC;QACH,MAAM,0BAA0B,EAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;QAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC"}

package/dist/auth/token-manager.d.ts

@@ -0,0 +1,4 @@
+export declare function getAccessToken(): Promise<string>;
+export declare function isAuthenticated(): Promise<boolean>;
+export declare function getCurrentUser(): Promise<string | null>;
+//# sourceMappingURL=token-manager.d.ts.map

package/dist/auth/token-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-manager.d.ts","sourceRoot":"","sources":["../../src/auth/token-manager.ts"],"names":[],"mappings":"AA0BA,wBAAsB,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC,CA4CtD;AAED,wBAAsB,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC,CAQxD;AAED,wBAAsB,cAAc,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAQ7D"}

package/dist/auth/token-manager.js

@@ -0,0 +1,78 @@
+import { PublicClientApplication } from '@azure/msal-node';
+import { DEFAULT_CONFIG, MSAL_CACHE_FILE, getTokenCache } from './config.js';
+import { FileCachePlugin } from './cache-plugin.js';
+let msalInstance = null;
+const cachePlugin = new FileCachePlugin(MSAL_CACHE_FILE);
+function getMsalInstance() {
+    if (!msalInstance) {
+        if (!DEFAULT_CONFIG.clientId) {
+            throw new Error('M365_CLIENT_ID environment variable is required');
+        }
+        msalInstance = new PublicClientApplication({
+            auth: {
+                clientId: DEFAULT_CONFIG.clientId,
+                authority: `https://login.microsoftonline.com/${DEFAULT_CONFIG.tenantId}`,
+            },
+            cache: {
+                cachePlugin,
+            },
+        });
+    }
+    return msalInstance;
+}
+export async function getAccessToken() {
+    const pca = getMsalInstance();
+    // Get accounts from MSAL's persisted cache
+    const accounts = await pca.getTokenCache().getAllAccounts();
+    if (accounts.length === 0) {
+        // No accounts in MSAL cache - check legacy token.json for migration hint
+        const legacyCache = getTokenCache();
+        if (legacyCache?.account) {
+            console.error('[Auth] Found legacy token.json but no MSAL cache.');
+            console.error('[Auth] Please re-authenticate to migrate to new cache format.');
+        }
+        throw new Error('Not authenticated. Please run "npm run login" in the myoffice-mcp directory.');
+    }
+    // Use the first account (typically there's only one for personal use)
+    const account = accounts[0];
+    // Try silent token acquisition (MSAL handles refresh automatically)
+    console.error('[Auth] Acquiring token silently...');
+    try {
+        const silentRequest = {
+            scopes: DEFAULT_CONFIG.scopes,
+            account: account,
+        };
+        const result = await pca.acquireTokenSilent(silentRequest);
+        console.error('[Auth] Token acquired successfully');
+        return result.accessToken;
+    }
+    catch (error) {
+        // Silent refresh failed - log the actual error
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        console.error('[Auth] Silent token acquisition FAILED:', errorMessage);
+        console.error('[Auth] Please re-authenticate by running: npm run login');
+        throw new Error(`Token acquisition failed: ${errorMessage}. ` +
+            `Please re-authenticate by running 'npm run login' in the myoffice-mcp directory.`);
+    }
+}
+export async function isAuthenticated() {
+    try {
+        const pca = getMsalInstance();
+        const accounts = await pca.getTokenCache().getAllAccounts();
+        return accounts.length > 0;
+    }
+    catch {
+        return false;
+    }
+}
+export async function getCurrentUser() {
+    try {
+        const pca = getMsalInstance();
+        const accounts = await pca.getTokenCache().getAllAccounts();
+        return accounts[0]?.username || null;
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=token-manager.js.map

package/dist/auth/token-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../../src/auth/token-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAwD,MAAM,kBAAkB,CAAC;AACjH,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC7E,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD,IAAI,YAAY,GAAmC,IAAI,CAAC;AACxD,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,CAAC;AAEzD,SAAS,eAAe;IACtB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;QAED,YAAY,GAAG,IAAI,uBAAuB,CAAC;YACzC,IAAI,EAAE;gBACJ,QAAQ,EAAE,cAAc,CAAC,QAAQ;gBACjC,SAAS,EAAE,qCAAqC,cAAc,CAAC,QAAQ,EAAE;aAC1E;YACD,KAAK,EAAE;gBACL,WAAW;aACZ;SACF,CAAC,CAAC;IACL,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,GAAG,GAAG,eAAe,EAAE,CAAC;IAE9B,2CAA2C;IAC3C,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,aAAa,EAAE,CAAC,cAAc,EAAE,CAAC;IAE5D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,yEAAyE;QACzE,MAAM,WAAW,GAAG,aAAa,EAAE,CAAC;QACpC,IAAI,WAAW,EAAE,OAAO,EAAE,CAAC;YACzB,OAAO,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACnE,OAAO,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAC;QACjF,CAAC;QACD,MAAM,IAAI,KAAK,CACb,8EAA8E,CAC/E,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE5B,oEAAoE;IACpE,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,aAAa,GAAsB;YACvC,MAAM,EAAE,cAAc,CAAC,MAAM;YAC7B,OAAO,EAAE,OAAO;SACjB,CAAC;QAEF,MAAM,MAAM,GAAyB,MAAM,GAAG,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;QAEjF,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACpD,OAAO,MAAM,CAAC,WAAW,CAAC;IAC5B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,+CAA+C;QAC/C,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5E,OAAO,CAAC,KAAK,CAAC,yCAAyC,EAAE,YAAY,CAAC,CAAC;QACvE,OAAO,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAEzE,MAAM,IAAI,KAAK,CACb,6BAA6B,YAAY,IAAI;YAC7C,kFAAkF,CACnF,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,eAAe,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,aAAa,EAAE,CAAC,cAAc,EAAE,CAAC;QAC5D,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,eAAe,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,aAAa,EAAE,CAAC,cAAc,EAAE,CAAC;QAC5D,OAAO,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,IAAI,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/cli/formatter.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Output formatter for CLI - provides human-readable output
+ */
+export declare function formatOutput(data: unknown, toolName?: string): string;
+//# sourceMappingURL=formatter.d.ts.map

package/dist/cli/formatter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"formatter.d.ts","sourceRoot":"","sources":["../../src/cli/formatter.ts"],"names":[],"mappings":"AAAA;;GAEG;AAoWH,wBAAgB,YAAY,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAsErE"}