m365-agent-cli 1.2.0

package/src/commands/graph-calendar.ts

@@ -0,0 +1,217 @@
+import { Command } from 'commander';
+import { resolveGraphAuth } from '../lib/graph-auth.js';
+import {
+  type GraphCalendarEvent,
+  getCalendar,
+  getEvent,
+  listCalendars,
+  listCalendarView
+} from '../lib/graph-calendar-client.js';
+import { acceptEventInvitation, declineEventInvitation, tentativelyAcceptEventInvitation } from '../lib/graph-event.js';
+import { checkReadOnly } from '../lib/utils.js';
+
+export const graphCalendarCommand = new Command('graph-calendar').description(
+  'Microsoft Graph calendar REST: calendars, calendarView, events, invitation responses (distinct from EWS `calendar` / `respond`)'
+);
+
+function formatEventLine(e: GraphCalendarEvent): string {
+  const subj = e.subject?.trim() || '(no subject)';
+  const start = e.start?.dateTime;
+  const end = e.end?.dateTime;
+  const tz = e.start?.timeZone || '';
+  const when =
+    start && end ? `${start} → ${end}${tz ? ` (${tz})` : ''}` : start ? `${start}${tz ? ` (${tz})` : ''}` : '?';
+  const allDay = e.isAllDay ? ' [all-day]' : '';
+  return `${when}${allDay}\t${subj}\t${e.id}`;
+}
+
+graphCalendarCommand
+  .command('list-calendars')
+  .description('List calendars (Graph GET /calendars)')
+  .option('--json', 'Output as JSON')
+  .option('--token <token>', 'Graph access token')
+  .option('--identity <name>', 'Graph token cache identity (default: default)')
+  .option('--user <email>', 'Target mailbox (delegation)')
+  .action(async (opts: { json?: boolean; token?: string; identity?: string; user?: string }) => {
+    const auth = await resolveGraphAuth({ token: opts.token, identity: opts.identity });
+    if (!auth.success || !auth.token) {
+      console.error(`Auth error: ${auth.error}`);
+      process.exit(1);
+    }
+    const r = await listCalendars(auth.token, opts.user);
+    if (!r.ok || !r.data) {
+      console.error(`Error: ${r.error?.message}`);
+      process.exit(1);
+    }
+    if (opts.json) {
+      console.log(JSON.stringify(r.data, null, 2));
+      return;
+    }
+    for (const c of r.data) {
+      const label = c.name || '(unnamed)';
+      console.log(`${label}\t${c.id}`);
+    }
+  });
+
+graphCalendarCommand
+  .command('get-calendar')
+  .description('Get one calendar by id')
+  .argument('<calendarId>', 'Calendar id')
+  .option('--json', 'Output as JSON')
+  .option('--token <token>', 'Graph access token')
+  .option('--identity <name>', 'Graph token cache identity (default: default)')
+  .option('--user <email>', 'Target mailbox (delegation)')
+  .action(async (calendarId: string, opts: { json?: boolean; token?: string; identity?: string; user?: string }) => {
+    const auth = await resolveGraphAuth({ token: opts.token, identity: opts.identity });
+    if (!auth.success || !auth.token) {
+      console.error(`Auth error: ${auth.error}`);
+      process.exit(1);
+    }
+    const r = await getCalendar(auth.token, calendarId, opts.user);
+    if (!r.ok || !r.data) {
+      console.error(`Error: ${r.error?.message}`);
+      process.exit(1);
+    }
+    if (opts.json) console.log(JSON.stringify(r.data, null, 2));
+    else console.log(JSON.stringify(r.data, null, 2));
+  });
+
+graphCalendarCommand
+  .command('list-view')
+  .description('List events in a time window (Graph GET .../calendarView)')
+  .requiredOption('--start <iso>', 'Start (ISO 8601, e.g. 2026-04-01T00:00:00Z)')
+  .requiredOption('--end <iso>', 'End (ISO 8601, exclusive upper bound in many cases — see Graph docs)')
+  .option('-c, --calendar <calendarId>', 'Calendar id (omit for default calendar)')
+  .option('--json', 'Output as JSON')
+  .option('--token <token>', 'Graph access token')
+  .option('--identity <name>', 'Graph token cache identity (default: default)')
+  .option('--user <email>', 'Target mailbox (delegation)')
+  .action(
+    async (opts: {
+      start: string;
+      end: string;
+      calendar?: string;
+      json?: boolean;
+      token?: string;
+      identity?: string;
+      user?: string;
+    }) => {
+      const auth = await resolveGraphAuth({ token: opts.token, identity: opts.identity });
+      if (!auth.success || !auth.token) {
+        console.error(`Auth error: ${auth.error}`);
+        process.exit(1);
+      }
+      const r = await listCalendarView(auth.token, opts.start, opts.end, {
+        calendarId: opts.calendar,
+        user: opts.user
+      });
+      if (!r.ok || !r.data) {
+        console.error(`Error: ${r.error?.message}`);
+        process.exit(1);
+      }
+      if (opts.json) {
+        console.log(JSON.stringify(r.data, null, 2));
+        return;
+      }
+      for (const e of r.data) {
+        console.log(formatEventLine(e));
+      }
+    }
+  );
+
+graphCalendarCommand
+  .command('get-event')
+  .description('Get a single event by id (Graph GET /events/{id})')
+  .argument('<eventId>', 'Event id')
+  .option('--select <fields>', 'OData $select (comma-separated)')
+  .option('--json', 'Output as JSON')
+  .option('--token <token>', 'Graph access token')
+  .option('--identity <name>', 'Graph token cache identity (default: default)')
+  .option('--user <email>', 'Mailbox that owns the event (delegation)')
+  .action(
+    async (
+      eventId: string,
+      opts: {
+        select?: string;
+        json?: boolean;
+        token?: string;
+        identity?: string;
+        user?: string;
+      }
+    ) => {
+      const auth = await resolveGraphAuth({ token: opts.token, identity: opts.identity });
+      if (!auth.success || !auth.token) {
+        console.error(`Auth error: ${auth.error}`);
+        process.exit(1);
+      }
+      const r = await getEvent(auth.token, eventId, opts.user, opts.select);
+      if (!r.ok || !r.data) {
+        console.error(`Error: ${r.error?.message}`);
+        process.exit(1);
+      }
+      if (opts.json) console.log(JSON.stringify(r.data, null, 2));
+      else console.log(JSON.stringify(r.data, null, 2));
+    }
+  );
+
+function addRespondCommand(
+  name: string,
+  description: string,
+  fn: (o: {
+    token: string;
+    eventId: string;
+    comment?: string;
+    sendResponse: boolean;
+    user?: string;
+  }) => ReturnType<typeof acceptEventInvitation>
+) {
+  graphCalendarCommand
+    .command(name)
+    .description(description)
+    .argument('<eventId>', 'Event id')
+    .option('--comment <text>', 'Optional comment to organizer')
+    .option('--no-notify', "Don't send response to organizer")
+    .option('--token <token>', 'Graph access token')
+    .option('--identity <name>', 'Graph token cache identity (default: default)')
+    .option('--user <email>', 'Mailbox that owns the invitation (delegation)')
+    .action(
+      async (
+        eventId: string,
+        opts: {
+          comment?: string;
+          notify: boolean;
+          token?: string;
+          identity?: string;
+          user?: string;
+        },
+        cmd: any
+      ) => {
+        checkReadOnly(cmd);
+        const auth = await resolveGraphAuth({ token: opts.token, identity: opts.identity });
+        if (!auth.success || !auth.token) {
+          console.error(`Auth error: ${auth.error}`);
+          process.exit(1);
+        }
+        const r = await fn({
+          token: auth.token,
+          eventId,
+          comment: opts.comment,
+          sendResponse: opts.notify !== false,
+          user: opts.user
+        });
+        if (!r.ok) {
+          console.error(`Error: ${r.error?.message}`);
+          process.exit(1);
+        }
+        console.log('Done.');
+      }
+    );
+}
+
+addRespondCommand('accept', 'Accept a meeting request (Graph POST .../accept)', acceptEventInvitation);
+addRespondCommand('decline', 'Decline a meeting request (Graph POST .../decline)', declineEventInvitation);
+addRespondCommand(
+  'tentative',
+  'Tentatively accept without proposing a new time (Graph POST .../tentativelyAccept)',
+  tentativelyAcceptEventInvitation
+);

package/src/commands/login.ts

@@ -0,0 +1,195 @@
+import { existsSync, mkdirSync } from 'node:fs';
+import { readFile } from 'node:fs/promises';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { createInterface } from 'node:readline/promises';
+import { Command } from 'commander';
+import { atomicWriteUtf8File } from '../lib/atomic-write.js';
+import { getMicrosoftTenantPathSegment } from '../lib/jwt-utils.js';
+
+async function performDeviceCodeFlow(clientId: string, tenant: string, scope: string, label: string): Promise<string> {
+  console.log(`\nInitiating Device Code flow for ${label}...`);
+
+  const deviceCodeRes = await fetch(`https://login.microsoftonline.com/${tenant}/oauth2/v2.0/devicecode`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body: new URLSearchParams({
+      client_id: clientId,
+      scope: scope
+    }).toString()
+  });
+
+  const deviceCodeJson = await deviceCodeRes.json();
+
+  if (!deviceCodeRes.ok) {
+    console.error(`Failed to initiate ${label} device code flow:`, deviceCodeJson);
+    process.exit(1);
+  }
+
+  console.log('\n=========================================================');
+  console.log(deviceCodeJson.message);
+  console.log('=========================================================\n');
+
+  const deviceCode = deviceCodeJson.device_code;
+  const interval = (deviceCodeJson.interval || 5) * 1000;
+  const expiresAt = Date.now() + (deviceCodeJson.expires_in || 900) * 1000;
+
+  let authenticated = false;
+  let refreshToken = '';
+  let pollInterval = interval;
+
+  console.log(`Waiting for ${label} authentication...`);
+
+  while (!authenticated) {
+    if (Date.now() > expiresAt) {
+      console.error(`\n${label} device code expired. Please run the command again.`);
+      process.exit(1);
+    }
+
+    await new Promise((resolve) => setTimeout(resolve, pollInterval));
+
+    const tokenRes = await fetch(`https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+      body: new URLSearchParams({
+        grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+        client_id: clientId,
+        device_code: deviceCode
+      }).toString()
+    });
+
+    const tokenJson = await tokenRes.json();
+
+    if (tokenRes.ok) {
+      authenticated = true;
+      refreshToken = tokenJson.refresh_token;
+      // Extract username from access token
+
+      try {
+        const parts = tokenJson.access_token.split('.');
+
+        if (parts.length === 3) {
+          const payload = JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf8'));
+
+          const rawUsername = payload.upn || payload.email;
+          const username = rawUsername ? rawUsername.replace(/[\r\n]/g, '') : undefined;
+
+          if (username) {
+            let envContent = '';
+
+            const configDir = join(homedir(), '.config', 'm365-agent-cli');
+            mkdirSync(configDir, { recursive: true, mode: 0o700 });
+            const envPath = join(configDir, '.env');
+
+            try {
+              envContent = await readFile(envPath, 'utf8');
+            } catch (err: any) {
+              if (err.code !== 'ENOENT') throw err;
+            }
+
+            if (/^EWS_USERNAME=.*$/m.test(envContent)) {
+              envContent = envContent.replace(/^EWS_USERNAME=.*$/m, () => `EWS_USERNAME=${username}`);
+            } else {
+              envContent += `\nEWS_USERNAME=${username}\n`;
+            }
+
+            await atomicWriteUtf8File(envPath, `${envContent.trim()}\n`, 0o600);
+
+            console.log(`Saved EWS_USERNAME (${username}) to ${envPath}`);
+          }
+        }
+      } catch (_e) {
+        /* ignore parse errors */
+      }
+      if (!refreshToken) {
+        console.error(`\nFailed to obtain ${label} refresh token. Ensure the offline_access scope is granted.`);
+        process.exit(1);
+      }
+    } else if (tokenJson.error === 'authorization_pending') {
+      // Continue polling
+    } else if (tokenJson.error === 'slow_down') {
+      pollInterval += 5000;
+    } else {
+      console.error(`\n${label} authentication failed:`, tokenJson.error_description || tokenJson.error);
+      process.exit(1);
+    }
+  }
+
+  console.log(`\n${label} authentication successful!`);
+
+  return refreshToken;
+}
+
+export const loginCommand = new Command('login')
+  .description('Interactive login to obtain refresh tokens via OAuth2 Device Code flow')
+  .action(async () => {
+    let clientId = process.env.EWS_CLIENT_ID;
+
+    // Read existing .env if present
+    const configDir = join(homedir(), '.config', 'm365-agent-cli');
+    mkdirSync(configDir, { recursive: true, mode: 0o700 });
+    const envPath = join(configDir, '.env');
+    let envContent = '';
+    if (existsSync(envPath)) {
+      envContent = await readFile(envPath, 'utf8');
+      if (!clientId) {
+        const match = envContent.match(/^EWS_CLIENT_ID=(.*)$/m);
+        if (match) {
+          clientId = match[1].trim();
+        }
+      }
+    }
+
+    if (!clientId) {
+      const rl = createInterface({
+        input: process.stdin,
+        output: process.stdout
+      });
+      clientId = await rl.question('Enter your EWS_CLIENT_ID: ');
+      rl.close();
+      clientId = clientId.trim();
+
+      if (!clientId) {
+        console.error('EWS_CLIENT_ID is required.');
+        process.exit(1);
+      }
+
+      // Save it to .env
+      envContent += `\nEWS_CLIENT_ID=${clientId}\n`;
+      await atomicWriteUtf8File(envPath, `${envContent.trim()}\n`, 0o600);
+    }
+
+    const tenant = getMicrosoftTenantPathSegment();
+
+    // Use a single Graph Device Code flow to obtain a multi-resource refresh token
+    const graphScope =
+      'offline_access User.Read Calendars.ReadWrite Mail.ReadWrite Files.ReadWrite.All Sites.ReadWrite.All Tasks.ReadWrite Group.ReadWrite.All';
+    const rawToken = await performDeviceCodeFlow(clientId, tenant, graphScope, 'Microsoft 365');
+    const refreshToken = rawToken.replace(/[\r\n]/g, '');
+
+    // Save tokens immediately
+    try {
+      envContent = await readFile(envPath, 'utf8');
+    } catch (err: any) {
+      if (err.code !== 'ENOENT') throw err;
+    }
+
+    // Update or append EWS_REFRESH_TOKEN
+    if (/^EWS_REFRESH_TOKEN=.*$/m.test(envContent)) {
+      envContent = envContent.replace(/^EWS_REFRESH_TOKEN=.*$/m, () => `EWS_REFRESH_TOKEN=${refreshToken}`);
+    } else {
+      envContent += `\nEWS_REFRESH_TOKEN=${refreshToken}\n`;
+    }
+
+    // Update or append GRAPH_REFRESH_TOKEN
+    if (/^GRAPH_REFRESH_TOKEN=.*$/m.test(envContent)) {
+      envContent = envContent.replace(/^GRAPH_REFRESH_TOKEN=.*$/m, () => `GRAPH_REFRESH_TOKEN=${refreshToken}`);
+    } else {
+      envContent += `\nGRAPH_REFRESH_TOKEN=${refreshToken}\n`;
+    }
+
+    envContent = envContent.replace(/\n{3,}/g, '\n\n');
+    await atomicWriteUtf8File(envPath, `${envContent.trim()}\n`, 0o600);
+
+    console.log(`Saved GRAPH_REFRESH_TOKEN and EWS_REFRESH_TOKEN to ${envPath}`);
+  });