mcp-dataverse 0.3.9 → 0.4.5

package/CAPABILITIES.md

@@ -1,8 +1,8 @@
 # MCP Dataverse Server — Complete Capabilities Reference
 
-> **Version**: 0.3.6 | **API Version**: Dataverse Web API v9.2 | **Transport**: stdio · HTTP/SSE
+> **Version**: 0.4.5 | **API Version**: Dataverse Web API v9.2 | **Transport**: stdio · HTTP/SSE
 
-63 tools across 24 categories for full Dataverse lifecycle: schema, CRUD, FetchXML, solutions, plugins, audit, files, users, teams, RBAC, environment variables, workflows, and more.
+67 tools across 25 categories for full Dataverse lifecycle: schema, CRUD, FetchXML, solutions, plugins, audit, files, users, teams, RBAC, attribute management, environment variables, workflows, and more.
 
 ---
 
@@ -32,6 +32,10 @@
   - [19. Views (1)](#19-views-1-tool)
   - [20. Files (2)](#20-files-2-tools)
   - [21. Org (1)](#21-org-1-tool)
+  - [22. RBAC (3)](#22-rbac-3-tools)
+  - [23. Workflows (2)](#23-workflows-2-tools)
+  - [24. Assistance (4)](#24-assistance-4-tools)
+  - [25. Attributes (4)](#25-attributes-4-tools)
 - [Error Handling & Retry Behavior](#error-handling--retry-behavior)
 - [Security](#security)
 - [Limitations & Known Constraints](#limitations--known-constraints)
@@ -91,7 +95,7 @@ Server communicates over **stdio** (MCP SDK `StdioServerTransport`). Connect fro
 
 ```mermaid
 graph LR
-    MCP["MCP Dataverse Server<br/><i>63 tools · 24 categories</i>"]
+    MCP["MCP Dataverse Server<br/><i>67 tools · 25 categories</i>"]
 
     MCP --> AUTH["🔑 Auth (1)"]
     MCP --> META["📋 Metadata (8)"]
@@ -104,25 +108,27 @@ graph LR
     MCP --> SOL["🧩 Solutions (3)"]
     MCP --> IMP["👤 Impersonation (1)"]
     MCP --> CUST["🔧 Customization (3)"]
-    MCP --> ENV["⚙️ Environment (2)"]
+    MCP --> ENV["⚙️ Environment (3)"]
     MCP --> TRACE["🔎 Trace (2)"]
     MCP --> SRCH["🔍 Search (1)"]
     MCP --> AUDIT["📜 Audit (1)"]
     MCP --> QUAL["✅ Quality (1)"]
     MCP --> NOTE["📝 Annotations (2)"]
     MCP --> USR["👥 Users (2)"]
+    MCP --> RBAC["🛡️ RBAC (3)"]
     MCP --> VIEWS["👁️ Views (1)"]
     MCP --> FILES["📁 Files (2)"]
-    MCP --> ORG["🏢 Org (1)"]
-    MCP --> TEAMS["👥 Teams (1)"]
+    MCP --> ORG["🏢 Org (2)"]
+    MCP --> WF["⚙️ Workflows (2)"]
     MCP --> ASSIST["🤖 Assistance (4)"]
+    MCP --> ATTR["🏗️ Attributes (4)"]
 ```
 
 All tool handlers validate inputs with **Zod** before calling the `DataverseAdvancedClient`. Auth tokens are cached and refreshed proactively; transient errors (429, 503, 504) are retried with exponential backoff.
 
 ---
 
-## Tool Reference (63 tools)
+## Tool Reference (67 tools)
 
 ### 1. Auth (1 tool)
 
@@ -724,7 +730,7 @@ Retrieves AsyncOperation records for background/classic workflow executions. Not
 
 #### `dataverse_search`
 
-Full-text Relevance Search across all configured Dataverse tables. Returns ranked results with entity name, record ID, score, highlights, and matched fields. Requires **Relevance Search** enabled in Dataverse admin.
+Full-text Relevance Search across all configured Dataverse tables. Returns ranked results with entity name, record ID, score, highlights, and matched fields. Uses the **Search API v2.0** endpoint. Requires **Relevance Search** enabled in Dataverse admin. If Relevance Search is disabled or no entities are configured for search, returns a structured error with `errorCategory: "ENV_LIMITATION"` and setup instructions.
 
 | Parameter    | Type               | Req | Notes                                               |
 | ------------ | ------------------ | --- | --------------------------------------------------- |
@@ -801,7 +807,7 @@ Retrieves notes and file attachments linked to a record. Set `includeContent=tru
 | Parameter        | Type            | Req | Notes                                    |
 | ---------------- | --------------- | --- | ---------------------------------------- |
 | `recordId`       | `string (UUID)` | ✓   | Parent record GUID                       |
-| `includeContent` | `boolean`       | —   | Include `documentbody` (default `false`) |
+| `includeContent` | `boolean`       | —   | Include `documentBody` (default `false`) |
 | `top`            | `number`        | —   | Default `20`, max `100`                  |
 | `mimeTypeFilter` | `string`        | —   | e.g. `"application/pdf"`                 |
 
@@ -811,17 +817,17 @@ Retrieves notes and file attachments linked to a record. Set `includeContent=tru
 
 #### `dataverse_create_annotation`
 
-Creates a note or file attachment linked to a Dataverse record. Provide `notetext` for a text note, `documentbody` (base64) for a file, or both.
+Creates a note or file attachment linked to a Dataverse record. Provide `noteText` for a text note, `documentBody` (base64) for a file, or both.
 
 | Parameter       | Type            | Req | Notes                                                   |
 | --------------- | --------------- | --- | ------------------------------------------------------- |
 | `recordId`      | `string (UUID)` | ✓   | Parent record GUID                                      |
 | `entitySetName` | `string`        | ✓   | Parent entity set, e.g. `"accounts"`                    |
-| `notetext`      | `string`        | —   | Text content (required if no `documentbody`)            |
+| `noteText`      | `string`        | —   | Text content (required if no `documentBody`)            |
 | `subject`       | `string`        | —   | Note subject/title                                      |
-| `filename`      | `string`        | —   | File name (for attachments)                             |
-| `mimetype`      | `string`        | —   | MIME type, e.g. `"application/pdf"`                     |
-| `documentbody`  | `string`        | —   | Base64-encoded file content (required if no `notetext`) |
+| `fileName`      | `string`        | —   | File name (for attachments)                             |
+| `mimeType`      | `string`        | —   | MIME type, e.g. `"application/pdf"`                     |
+| `documentBody`  | `string`        | —   | Base64-encoded file content (required if no `noteText`) |
 
 > "Attach a PDF report to account a1b2c3d4"
 
@@ -942,7 +948,7 @@ Downloads a file from a Dataverse file-type column. Returns the file as a base64
 
 ---
 
-### 21. Org (1 tool)
+### 21. Org (2 tools)
 
 #### `dataverse_list_business_units`
 
@@ -957,6 +963,255 @@ Lists business units in the environment with name, ID, parent BU ID, disabled st
 
 ---
 
+#### `dataverse_list_teams`
+
+Lists Dataverse teams (owner teams and access teams) within one or all business units.
+
+| Parameter        | Type                      | Req | Notes                                          |
+| ---------------- | ------------------------- | --- | ---------------------------------------------- |
+| `top`            | `number`                  | —   | Default `50`, max `200`                        |
+| `teamType`       | `"Owner"\|"Access"\|"AAD"` | —   | Filter by team type; omit for all              |
+| `businessUnitId` | `string (UUID)`           | —   | Filter by business unit                        |
+
+> "List all owner teams in the environment"
+
+---
+
+### 22. RBAC (3 tools)
+
+#### `dataverse_list_roles`
+
+Lists security roles in the environment, optionally filtered by name.
+
+| Parameter    | Type     | Req | Notes                        |
+| ------------ | -------- | --- | ---------------------------- |
+| `nameFilter` | `string` | —   | Substring match on role name |
+| `top`        | `number` | —   | Default `50`, max `200`      |
+
+> "List all security roles that contain 'Sales'"
+
+```json
+{
+  "total": 3,
+  "roles": [{ "roleId": "...", "name": "Salesperson", "businessUnitId": "..." }]
+}
+```
+
+---
+
+#### `dataverse_assign_role_to_user`
+
+Assigns a security role to a system user (idempotent — returns `"already_assigned"` if the role is already assigned).
+
+| Parameter | Type            | Req | Notes             |
+| --------- | --------------- | --- | ----------------- |
+| `userId`  | `string (UUID)` | ✓   | System user GUID  |
+| `roleId`  | `string (UUID)` | ✓   | Security role ID  |
+
+> "Assign role r1s2t3u4 to user u1v2w3x4"
+
+---
+
+#### `dataverse_remove_role_from_user`
+
+Removes a security role from a system user.
+
+| Parameter | Type            | Req | Notes            |
+| --------- | --------------- | --- | ---------------- |
+| `userId`  | `string (UUID)` | ✓   | System user GUID |
+| `roleId`  | `string (UUID)` | ✓   | Security role ID |
+
+> "Remove role r1s2t3u4 from user u1v2w3x4"
+
+---
+
+### 23. Workflows (2 tools)
+
+#### `dataverse_list_workflows`
+
+Lists classic Dataverse workflows and modern cloud flows registered in the environment.
+
+| Parameter     | Type      | Req | Notes                                        |
+| ------------- | --------- | --- | -------------------------------------------- |
+| `top`         | `number`  | —   | Default `50`, max `200`                      |
+| `activeOnly`  | `boolean` | —   | Return only activated workflows (default `false`) |
+| `nameFilter`  | `string`  | —   | Substring match on workflow name             |
+
+> "List all active workflows on the account table"
+
+---
+
+#### `dataverse_get_workflow`
+
+Retrieves a single workflow definition by ID, including its trigger, steps, and current state.
+
+| Parameter    | Type            | Req | Notes         |
+| ------------ | --------------- | --- | ------------- |
+| `workflowId` | `string (UUID)` | ✓   | Workflow GUID |
+
+> "Get the definition of workflow w1x2y3z4"
+
+---
+
+### 24. Assistance (4 tools)
+
+#### `dataverse_suggest_tools`
+
+Returns a ranked list of MCP tools relevant to a natural-language task description. Use this when unsure which tool to call — it uses tag-based matching to surface the right tools.
+
+| Parameter     | Type     | Req | Notes                              |
+| ------------- | -------- | --- | ---------------------------------- |
+| `task`        | `string` | ✓   | Natural-language description of the task |
+| `top`         | `number` | —   | Max results (default `5`)          |
+
+> "Which tool should I use to create a new lookup column?"
+
+---
+
+#### `dataverse_list_guides`
+
+Lists available built-in guides that walk through common multi-step Dataverse tasks.
+
+| Parameter | Type | Req | Notes |
+| --------- | ---- | --- | ----- |
+| —         | —    | —   | No parameters |
+
+> "What guides are available in this MCP server?"
+
+---
+
+#### `dataverse_get_guide`
+
+Retrieves the full step-by-step content for a specific guide by name.
+
+| Parameter   | Type     | Req | Notes               |
+| ----------- | -------- | --- | ------------------- |
+| `guideName` | `string` | ✓   | Guide name from `list_guides` |
+
+> "Show me the steps for the entity-audit guide"
+
+---
+
+#### `dataverse_list_connection_references`
+
+Lists connection references used in solutions (Power Automate connectors).
+
+| Parameter      | Type     | Req | Notes                            |
+| -------------- | -------- | --- | -------------------------------- |
+| `top`          | `number` | —   | Default `50`, max `200`          |
+| `nameFilter`   | `string` | —   | Substring match on display name  |
+
+> "List all SharePoint connection references in my environment"
+
+---
+
+### 25. Attributes (4 tools)
+
+Attribute tools manage **column-level schema** in Dataverse tables. All write operations require `confirm: true` and auto-publish the entity definition by default.
+
+#### `dataverse_create_attribute`
+
+Creates a new column on an existing Dataverse table. Supports 11 attribute types with type-specific parameters.
+
+| Parameter            | Type                                                                                                             | Req | Notes                                                           |
+| -------------------- | ---------------------------------------------------------------------------------------------------------------- | --- | --------------------------------------------------------------- |
+| `entityLogicalName`  | `string`                                                                                                         | ✓   | Target table (e.g. `"account"`)                                 |
+| `schemaName`         | `string`                                                                                                         | ✓   | Must include publisher prefix (e.g. `"new_CustomField"`)        |
+| `attributeType`      | `"String"\|"Memo"\|"Integer"\|"Decimal"\|"Money"\|"DateTime"\|"Boolean"\|"Picklist"\|"MultiSelectPicklist"\|"AutoNumber"\|"Image"` | ✓   | Column type                                                     |
+| `displayName`        | `string`                                                                                                         | ✓   | Human-readable label                                            |
+| `description`        | `string`                                                                                                         | —   | Column description                                              |
+| `requiredLevel`      | `"None"\|"ApplicationRequired"\|"Recommended"`                                                                  | —   | Requirement level (default `"None"`)                            |
+| `maxLength`          | `number`                                                                                                         | —   | String/Memo max chars                                           |
+| `minValue`/`maxValue`| `number`                                                                                                         | —   | Integer/Decimal range bounds                                    |
+| `precision`          | `number`                                                                                                         | —   | Decimal/Money decimal places                                    |
+| `dateTimeFormat`     | `"DateOnly"\|"DateAndTime"`                                                                                      | —   | DateTime display format                                         |
+| `defaultBooleanValue`| `boolean`                                                                                                        | —   | Default for Boolean columns                                     |
+| `picklistOptions`    | `{value: number, label: string}[]`                                                                               | —   | Option values for Picklist/MultiSelectPicklist                  |
+| `autoNumberFormat`   | `string`                                                                                                         | —   | Format string for AutoNumber, e.g. `"INV-{SEQNUM:5}"`          |
+| `languageCode`       | `number`                                                                                                         | —   | Label language code (default `1033` = English)                  |
+| `autoPublish`        | `boolean`                                                                                                        | —   | Publish after create (default `true`)                           |
+| `confirm`            | `true`                                                                                                           | ✓   | Must be `true`                                                  |
+
+> "Add a text column 'new_ExternalId' to the account table with max 100 characters"
+
+```json
+{
+  "logicalName": "new_externalid",
+  "schemaName": "new_ExternalId",
+  "attributeType": "String",
+  "entityLogicalName": "account",
+  "published": true
+}
+```
+
+---
+
+#### `dataverse_update_attribute`
+
+Updates properties of an existing column. Only columns with `IsCustomizable = true` can be modified.
+
+| Parameter             | Type                                            | Req | Notes                                       |
+| --------------------- | ----------------------------------------------- | --- | ------------------------------------------- |
+| `entityLogicalName`   | `string`                                        | ✓   | Table containing the column                 |
+| `attributeLogicalName`| `string`                                        | ✓   | Column logical name (e.g. `"new_myfield"`)  |
+| `displayName`         | `string`                                        | —   | New display label                           |
+| `description`         | `string`                                        | —   | New description                             |
+| `requiredLevel`       | `"None"\|"ApplicationRequired"\|"Recommended"`  | —   | New requirement level                       |
+| `maxLength`           | `number`                                        | —   | Increase only (cannot decrease)             |
+| `isSearchable`        | `boolean`                                       | —   | Include in Quick Find views                 |
+| `languageCode`        | `number`                                        | —   | Default `1033`                              |
+| `autoPublish`         | `boolean`                                       | —   | Default `true`                              |
+| `confirm`             | `true`                                          | ✓   | Must be `true`                              |
+
+> "Update new_externalid on account to be required"
+
+---
+
+#### `dataverse_delete_attribute`
+
+⚠️ **DESTRUCTIVE** — permanently deletes a custom column and all its data from all records.
+
+| Parameter             | Type     | Req | Notes                                            |
+| --------------------- | -------- | --- | ------------------------------------------------ |
+| `entityLogicalName`   | `string` | ✓   | Table containing the column                      |
+| `attributeLogicalName`| `string` | ✓   | Column logical name (must be a custom column)    |
+| `autoPublish`         | `boolean`| —   | Publish after delete (default `true`)            |
+| `confirm`             | `true`   | ✓   | Must be `true`                                   |
+
+> "Delete the column new_externalid from account"
+
+---
+
+#### `dataverse_create_lookup_attribute`
+
+Creates a lookup (N:1) column on a table, simultaneously defining a 1:N relationship between two tables. This is the correct way to add a foreign-key-style reference to another table.
+
+| Parameter             | Type     | Req | Notes                                                                       |
+| --------------------- | -------- | --- | --------------------------------------------------------------------------- |
+| `entityLogicalName`   | `string` | ✓   | Table that will contain the lookup column (the "many" side)                 |
+| `schemaName`          | `string` | ✓   | Must include publisher prefix (e.g. `"new_ParentAccount"`)                  |
+| `displayName`         | `string` | ✓   | Human-readable label                                                        |
+| `referencedEntity`    | `string` | ✓   | Table being looked up (the "one" side, e.g. `"account"`)                    |
+| `description`         | `string` | —   | Column description                                                          |
+| `requiredLevel`       | `"None"\|"ApplicationRequired"\|"Recommended"` | — | Default `"None"`                          |
+| `languageCode`        | `number` | —   | Default `1033`                                                              |
+| `autoPublish`         | `boolean`| —   | Default `true`                                                              |
+| `confirm`             | `true`   | ✓   | Must be `true`                                                              |
+
+> "Add a lookup to 'account' on the contact table called new_PrimaryAccount"
+
+```json
+{
+  "lookupLogicalName": "new_primaryaccount",
+  "relationshipSchemaName": "new_contact_primaryaccount",
+  "referencedEntity": "account",
+  "referencingEntity": "contact",
+  "published": true
+}
+```
+
+---
+
 ## Error Handling & Retry Behavior
 
 All tool handlers return `{ isError: true, content: [{ type: "text", text: "Error: ..." }] }` on failure. Zod input validation runs before any network call.
@@ -971,6 +1226,16 @@ All tool handlers return `{ isError: true, content: [{ type: "text", text: "Erro
 
 Dataverse error bodies are formatted as `Dataverse error <code>: <message>`. Timeouts (`ECONNABORTED`) produce `Request timed out. Check your Dataverse environment URL.`
 
+### Error Categories
+
+Certain tools include an `errorCategory` field in the error text when the failure has a well-known cause:
+
+| `errorCategory`   | Meaning                                                      | Example                                                   |
+| ----------------- | ------------------------------------------------------------ | --------------------------------------------------------- |
+| `ENV_LIMITATION`  | Feature not enabled or unavailable in this environment       | `dataverse_search` when Relevance Search is disabled      |
+| `PERMISSIONS`     | Operation denied due to insufficient privileges              | Restricted table or action                                |
+| `SCHEMA_MISMATCH` | Supplied data conflicts with the table's metadata schema     | Wrong attribute type in `dataverse_create_attribute`      |
+
 ---
 
 ## Security
@@ -1036,4 +1301,4 @@ Dataverse error bodies are formatted as `Dataverse error <code>: <message>`. Tim
 
 ---
 
-_This document reflects the MCP Dataverse server codebase as of v0.3.6 — 63 tools across 24 categories._
+_This document reflects the MCP Dataverse server codebase as of v0.4.0 — 67 tools across 25 categories._

package/README.md

@@ -6,9 +6,7 @@
 
 **The most complete MCP server for Microsoft Dataverse.**
 
-Give your AI agents real-time access to Dataverse — query records with OData & FetchXML, manage metadata, inspect solutions, run batch operations, audit changes, and more. Zero-config auth via Microsoft device code flow.
-
-63 tools · 4 resources · 10 guided workflows · Zero config auth
+67 tools · 4 resources · 10 guided workflows · Zero config auth
 
 [![npm](https://img.shields.io/npm/v/mcp-dataverse)](https://www.npmjs.com/package/mcp-dataverse)
 [![npm downloads](https://img.shields.io/npm/dm/mcp-dataverse)](https://www.npmjs.com/package/mcp-dataverse)
@@ -80,6 +78,31 @@ Re-authenticate after ~90 days of inactivity: `npx mcp-dataverse-auth`
 
 ---
 
+## HTTP Transport
+
+Run as an HTTP server for multi-client use:
+
+```bash
+MCP_TRANSPORT=http MCP_HTTP_PORT=3000 MCP_HTTP_SECRET=mysecret node dist/server.js
+```
+
+Connect using VS Code / Copilot with:
+```json
+{
+  "servers": {
+    "dataverse": {
+      "type": "http",
+      "url": "http://localhost:3000/mcp",
+      "headers": {
+        "Authorization": "Bearer mysecret"
+      }
+    }
+  }
+}
+```
+
+---
+
 ## Troubleshooting
 
 | Symptom                            | Fix                                                                |
@@ -102,8 +125,8 @@ MCP Dataverse is designed to be comprehensive, but most AI models work best with
 
 | Version | Feature | Status |
 | ------- | ------- | ------ |
-| **v0.4** | HTTP transport + schema consistency + new auth methods | 🟢 In progress |
-| **v0.5** | MCP Prompts — workflow templates | 🔴 Planned |
+| **v0.4** | HTTP transport + attribute management + schema consistency | ✅ Released |
+| **v0.5** | Enterprise auth (Client Credentials, Managed Identity) + MCP Prompts | 🔴 Planned |
 
 [→ Full Roadmap](https://codeurali.github.io/mcp-dataverse/roadmap)
 

package/dist/chunk-MPWVUZBX.js

@@ -0,0 +1,35 @@
+var y=class extends Error{constructor(e,n,s,r,i={}){super(e);this.status=n;this.data=s;this.code=r;this.responseHeaders=i;this.name="HttpError"}},R=class{baseURL;timeoutMs;defaultHeaders;tokenProvider;constructor(t){this.baseURL=t.baseURL.endsWith("/")?t.baseURL:t.baseURL+"/",this.timeoutMs=t.timeout??3e4,this.defaultHeaders={...t.headers},this.tokenProvider=t.tokenProvider??void 0}async get(t,e){return this.request("GET",t,void 0,e)}async post(t,e,n){return this.request("POST",t,e,n)}async patch(t,e,n){return this.request("PATCH",t,e,n)}async put(t,e,n){return this.request("PUT",t,e,n)}async delete(t,e){return this.request("DELETE",t,void 0,e)}resolveUrl(t){if(!t.startsWith("http"))return this.baseURL+t;let e=new URL(t),n=new URL(this.baseURL);if(e.origin!==n.origin)throw new y(`SSRF protection: request to '${e.origin}' blocked; only '${n.origin}' is permitted`,0,void 0,"SSRF_BLOCKED");return t}async request(t,e,n,s){let r=this.resolveUrl(e),i={...this.defaultHeaders,...s?.headers};this.tokenProvider&&(i.Authorization=`Bearer ${await this.tokenProvider()}`);let a=s?.timeoutMs??this.timeoutMs,c=new AbortController,u=setTimeout(()=>c.abort(),a);try{let o={method:t,headers:i,signal:c.signal};n!==void 0&&(o.body=typeof n=="string"?n:JSON.stringify(n));let d=await fetch(r,o),p={};if(d.headers.forEach((g,f)=>{p[f]=g}),!d.ok){let g=await d.text(),f;try{f=JSON.parse(g)}catch{f=g||void 0}throw new y(`Request failed with status ${d.status}`,d.status,f,void 0,p)}let m;if(s?.responseType==="text")m=await d.text();else{let g=await d.text();m=g?JSON.parse(g):{}}return{data:m,status:d.status,headers:p}}catch(o){throw o instanceof y?o:o instanceof DOMException&&o.name==="AbortError"?new y("Request timed out",0,void 0,"ECONNABORTED"):o}finally{clearTimeout(u)}}};function O(h){let t=h.indexOf(`\r
+\r
+`),e=h.indexOf(`
+
+`);return t!==-1&&(e===-1||t<=e)?t+4:e!==-1?e+2:-1}function q(h,t){let e=[],n=h.split(`--${t}`);for(let s of n){let r=s.trim();if(!r||r==="--")continue;let i=O(s);if(i===-1)continue;let a=s.slice(i),c=O(a);if(c===-1)continue;let o=(a.trimStart().split(/\r?\n/)[0]??"").match(/^HTTP\/\d+\.\d+\s+(\d{3})/),d=o?parseInt(o[1],10):0,p=d>=200&&d<300,m=a.slice(c).trim();if(!m){e.push(p?null:{error:"Empty response body",status:d});continue}try{let g=JSON.parse(m);e.push(p?g:{error:g,status:d})}catch{e.push({error:m,status:d})}}return e}function l(h){return h.replace(/'/g,"''")}var P="9.2",v={opportunities:"opportunityid",territories:"territoryid",categories:"categoryid",activityparties:"activitypartyid",activitymimeattachments:"activitymimeattachmentid",queues:"queueid",queueitems:"queueitemid"},$=class{http;authProvider;maxRetries;constructor(t,e=3,n=3e4){this.authProvider=t,this.maxRetries=e,this.http=new R({baseURL:`${t.environmentUrl}/api/data/v${P}/`,timeout:n,headers:{"OData-MaxVersion":"4.0","OData-Version":"4.0",Accept:"application/json","Content-Type":"application/json; charset=utf-8"},tokenProvider:()=>t.getToken()})}async requestWithRetry(t,e=0){try{return await t()}catch(n){if(n instanceof y){if(n.status===401&&e===0)return this.authProvider.invalidateToken(),this.requestWithRetry(t,e+1);if([429,503,504].includes(n.status)&&e<this.maxRetries){let r=n.responseHeaders["retry-after"],i=r?parseInt(r,10)*1e3:Math.pow(2,e)*1e3;return await new Promise(a=>setTimeout(a,i)),this.requestWithRetry(t,e+1)}if(n.status===400&&n.data?.error?.code==="0x80071151"&&e<5){let i=Math.pow(2,e)*5e3;return await new Promise(a=>setTimeout(a,i)),this.requestWithRetry(t,e+1)}}throw this.formatError(n)}}formatError(t){if(t instanceof y){let e=t.data?.error;return e?new Error(`Dataverse error ${e.code??""}: ${e.message??"Unknown error"}`):t.code==="ECONNABORTED"?new Error("Request timed out. Check your Dataverse environment URL."):t}return t instanceof Error?t:new Error(String(t))}async whoAmI(){return this.requestWithRetry(async()=>{let t=await this.http.get("WhoAmI"),{UserId:e,BusinessUnitId:n,OrganizationId:s}=t.data,r="";try{r=(await this.http.get(`organizations(${s})?$select=name`)).data.name??""}catch{r=""}let i=this.authProvider.environmentUrl;return{UserId:e,BusinessUnitId:n,OrganizationId:s,OrganizationName:r,EnvironmentUrl:i}})}async listTables(t=!1){let s=["$select=LogicalName,SchemaName,DisplayName,EntitySetName,PrimaryIdAttribute,PrimaryNameAttribute,IsCustomEntity",t?"$filter=IsCustomEntity eq true":""].filter(Boolean).join("&");return this.requestWithRetry(()=>this.http.get(`EntityDefinitions?${s}`).then(r=>r.data.value))}async getTableMetadata(t,e=!0){let n=e?"$expand=Attributes":"",s=`EntityDefinitions(LogicalName='${l(t)}')${n?"?"+n:""}`;return this.requestWithRetry(()=>this.http.get(s).then(r=>r.data))}async fetchAllPagesOData(t){let e=[],n=t;for(;n;){let s=await this.requestWithRetry(()=>this.http.get(n).then(r=>r.data));e.push(...s.value??[]),n=s["@odata.nextLink"]}return e}async getRelationships(t){let e=l(t),[n,s,r]=await Promise.all([this.fetchAllPagesOData(`EntityDefinitions(LogicalName='${e}')/OneToManyRelationships`),this.fetchAllPagesOData(`EntityDefinitions(LogicalName='${e}')/ManyToOneRelationships`),this.fetchAllPagesOData(`EntityDefinitions(LogicalName='${e}')/ManyToManyRelationships`)]);return[...n,...s,...r]}async query(t,e={}){let n=a=>encodeURIComponent(a).replace(/%28/g,"(").replace(/%29/g,")").replace(/%2C/g,",").replace(/%27/g,"'").replace(/%40/g,"@"),s=[];e.select?.length&&s.push(`$select=${e.select.join(",")}`),e.filter&&s.push(`$filter=${n(e.filter)}`),e.orderby&&s.push(`$orderby=${n(e.orderby)}`),e.top&&s.push(`$top=${e.top}`),e.expand&&s.push(`$expand=${e.expand}`),e.count&&s.push("$count=true"),e.apply&&s.push(`$apply=${n(e.apply)}`);let r=`${t}${s.length?"?"+s.join("&"):""}`,i=e.formattedValues?{headers:{Prefer:'odata.include-annotations="OData.Community.Display.V1.FormattedValue"'}}:void 0;return this.requestWithRetry(()=>this.http.get(r,i).then(a=>a.data))}async executeFetchXml(t,e,n){let s=encodeURIComponent(e),r=n?{headers:{Prefer:'odata.include-annotations="OData.Community.Display.V1.FormattedValue"'}}:void 0;return this.requestWithRetry(()=>this.http.get(`${t}?fetchXml=${s}`,r).then(i=>i.data))}async getRecord(t,e,n,s){let r=[];n?.length&&r.push(`$select=${n.join(",")}`),s&&r.push(`$expand=${s}`);let i=r.length?`?${r.join("&")}`:"";return this.requestWithRetry(async()=>{let a=await this.http.get(`${t}(${e})${i}`,{headers:{Prefer:'odata.include-annotations="*"'}}),c=a.headers["odata-etag"]??a.data["@odata.etag"]??null;return{record:a.data,etag:c}})}async createRecord(t,e){return this.requestWithRetry(async()=>{let n=await this.http.post(t,e,{headers:{Prefer:"return=representation"}}),r=n.headers["odata-entityid"]?.match(/\(([^)]+)\)/)?.[1];if(r)return r;let i=n.data,a=i["@odata.id"]?.match(/\(([^)]+)\)/)?.[1];if(a)return a;let c=v[t]??t.replace(/s$/,"")+"id",u=i[c];return u||(n.headers.location?.match(/\(([^)]+)\)/)?.[1]??"")})}async updateRecord(t,e,n,s){await this.requestWithRetry(()=>this.http.patch(`${t}(${e})`,n,{headers:{"If-Match":s??"*"}}))}async deleteRecord(t,e){await this.requestWithRetry(()=>this.http.delete(`${t}(${e})`))}async upsertRecord(t,e,n,s,r="upsert",i){return this.requestWithRetry(async()=>{let a=i?`${t}(${i})`:`${t}(${l(e)}='${l(n)}')`,c={Prefer:"return=representation"};r==="createOnly"&&(c["If-None-Match"]="*"),r==="updateOnly"&&(c["If-Match"]="*");try{let u=await this.http.put(a,s,{headers:c}),o=u.status===201?"created":"updated",p=u.headers["odata-entityid"]?.match(/\(([^)]+)\)/)?.[1],m=u.data,g=v[t]??t.replace(/s$/,"")+"id",f=p??m?.[g]??n;return{operation:o,id:f}}catch(u){if(u instanceof y&&u.status===412){if(r==="createOnly")throw new Error("Record already exists");if(r==="updateOnly")throw new Error("Record not found")}throw u}})}async associate(t,e,n,s,r){let i=`${this.authProvider.environmentUrl}/api/data/v${P}/${s}(${r})`;await this.requestWithRetry(()=>this.http.post(`${t}(${e})/${n}/$ref`,{"@odata.id":i}))}async disassociate(t,e,n,s,r){let i=s?`?$id=${this.authProvider.environmentUrl}/api/data/v${P}/${r??t}(${s})`:"";await this.requestWithRetry(()=>this.http.delete(`${t}(${e})/${n}/$ref${i}`))}};var w=class extends ${async executeAction(t,e={}){return this.requestWithRetry(()=>this.http.post(t,e).then(n=>n.data))}async executeFunction(t,e={}){let n=[],s=[];Object.entries(e).forEach(([a,c])=>{if(typeof c=="object"&&c!==null){let u=`@${a}`;s.push(`${l(a)}=${u}`),n.push(`${u}=${encodeURIComponent(JSON.stringify(c))}`)}else typeof c=="string"?s.push(`${l(a)}='${l(c)}'`):s.push(`${l(a)}=${String(c)}`)});let r=s.length?`${t}(${s.join(",")})`:`${t}()`,i=n.length?`${r}?${n.join("&")}`:r;return this.requestWithRetry(()=>this.http.get(i).then(a=>a.data))}async search(t){let n=`${this.http.baseURL.replace(/\/api\/data\/v[\d.]+\/?$/,"")}/api/search/v2.0/query`;return this.requestWithRetry(()=>this.http.post(n,t).then(s=>s.data))}async executeBoundAction(t,e,n,s={}){return this.requestWithRetry(()=>this.http.post(`${t}(${e})/Microsoft.Dynamics.CRM.${n}`,s).then(r=>r.data))}};var b=class extends w{async listDependencies(t,e){return this.requestWithRetry(()=>this.http.get(`RetrieveDependenciesForDelete(ComponentType=${t},ObjectId=${e})`).then(n=>n.data.value))}async listTableDependencies(t,e){let n={0:"Workflow",1:"Dialog",2:"BusinessRule",3:"Action",4:"BusinessProcessFlow",5:"Flow"},s={0:"Draft",1:"Active",2:"Inactive"},i=(await this.requestWithRetry(()=>this.http.get(`workflows?$filter=primaryentity eq '${l(t)}' and statecode ne 2&$select=name,workflowid,statecode,category,triggeroncreate,triggerondelete,triggeronupdateattributelist`).then(o=>o.data))).value.map(o=>{let d=[];return o.triggeroncreate&&d.push("Create"),o.triggerondelete&&d.push("Delete"),o.triggeronupdateattributelist&&d.push("Update"),{componentType:n[o.category]??`Category${o.category}`,name:o.name,id:o.workflowid,state:s[o.statecode]??`State${o.statecode}`,triggerEvent:d.length?d.join(","):null,solutionName:null}}),a=e?.length?i.filter(o=>e.includes(o.componentType)):i,u=e?.some(o=>o==="Plugin"||o==="CustomAPI")?"Plugin and CustomAPI types require additional SDK message queries and are not yet implemented. Results show Workflow/BusinessRule/Flow/Action dependencies only.":null;return{tableName:t,dependencies:a,count:a.length,warning:u}}async listGlobalOptionSets(){return this.requestWithRetry(()=>this.http.get("GlobalOptionSetDefinitions").then(t=>t.data.value))}async getOptionSet(t){return this.requestWithRetry(()=>this.http.get(`GlobalOptionSetDefinitions(Name='${l(t)}')`).then(e=>e.data))}async getAttributeOptionSet(t,e){let n=["PicklistAttributeMetadata","MultiSelectPicklistAttributeMetadata","StatusAttributeMetadata","StateAttributeMetadata"];for(let s of n)try{let r=`EntityDefinitions(LogicalName='${l(t)}')/Attributes(LogicalName='${l(e)}')/Microsoft.Dynamics.CRM.${s}?$select=LogicalName,DisplayName&$expand=OptionSet`,u=((await this.requestWithRetry(()=>this.http.get(r).then(o=>o.data))).OptionSet?.Options??[]).map(o=>({label:o.Label?.UserLocalizedLabel?.Label??"",value:o.Value}));return{entityLogicalName:t,attributeLogicalName:e,attributeType:s.replace("AttributeMetadata",""),options:u}}catch{continue}throw new Error(`Attribute '${e}' on entity '${t}' is not a Picklist, MultiSelectPicklist, Status, or State attribute, or does not exist.`)}async getEntityKeys(t){return this.requestWithRetry(async()=>(await this.http.get(`EntityDefinitions(LogicalName='${l(t)}')/Keys?$select=SchemaName,LogicalName,KeyAttributes,IsCustomizable,EntityKeyIndexStatus`)).data.value.map(n=>({schemaName:n.SchemaName,logicalName:n.LogicalName,keyAttributes:n.KeyAttributes,isCustomizable:n.IsCustomizable?.Value??!1,indexStatus:n.EntityKeyIndexStatus})))}async updateEntityDefinition(t,e){await this.requestWithRetry(()=>this.http.patch(`EntityDefinitions(LogicalName='${l(t)}')`,e,{headers:{"MSCRM.MergeLabels":"true"}}))}async createAttribute(t,e){return this.requestWithRetry(async()=>(await this.http.post(`EntityDefinitions(LogicalName='${l(t)}')/Attributes`,e,{headers:{Prefer:"return=representation"}})).data.MetadataId??"")}async updateAttribute(t,e,n){await this.requestWithRetry(()=>this.http.put(`EntityDefinitions(LogicalName='${l(t)}')/Attributes(LogicalName='${l(e)}')`,n,{headers:{"MSCRM.MergeLabels":"true"}}))}async deleteAttribute(t,e){await this.requestWithRetry(()=>this.http.delete(`EntityDefinitions(LogicalName='${l(t)}')/Attributes(LogicalName='${l(e)}')`))}async createRelationship(t){return this.requestWithRetry(async()=>(await this.http.post("RelationshipDefinitions",t)).headers["odata-entityid"]?.match(/\(([^)]+)\)$/)?.[1]??"")}};var T=class extends b{async batchExecute(t,e=!1){let n=`batch_${Date.now()}`,s="";if(e){let i=`changeset_${Date.now()+1}`,a=t.filter(u=>u.method==="GET"),c=t.filter(u=>u.method!=="GET");for(let u of a)s+=`--${n}\r
+`,s+=`Content-Type: application/http\r
+`,s+=`Content-Transfer-Encoding: binary\r
+\r
+`,s+=`${u.method} ${this.http.baseURL}${u.url} HTTP/1.1\r
+`,s+=`Accept: application/json\r
+\r
+`;if(c.length>0){s+=`--${n}\r
+`,s+=`Content-Type: multipart/mixed; boundary=${i}\r
+\r
+`;let u=1;for(let o of c)s+=`--${i}\r
+`,s+=`Content-Type: application/http\r
+`,s+=`Content-Transfer-Encoding: binary\r
+`,s+=`Content-ID: ${o.contentId??u++}\r
+\r
+`,s+=`${o.method} ${this.http.baseURL}${o.url} HTTP/1.1\r
+`,s+=`Content-Type: application/json\r
+\r
+`,o.body&&(s+=JSON.stringify(o.body)),s+=`\r
+`;s+=`--${i}--\r
+`}}else t.forEach(i=>{s+=`--${n}\r
+`,s+=`Content-Type: application/http\r
+`,s+=`Content-Transfer-Encoding: binary\r
+\r
+`,s+=`${i.method} ${this.http.baseURL}${i.url} HTTP/1.1\r
+`,s+=`Content-Type: application/json\r
+\r
+`,i.body&&(s+=JSON.stringify(i.body)),s+=`\r
+`});s+=`--${n}--`;let r=await this.requestWithRetry(()=>this.http.post("$batch",s,{headers:{"Content-Type":`multipart/mixed;boundary=${n}`},responseType:"text"}));try{let a=(r.headers["content-type"]??"").match(/boundary=(?:"([^"]+)"|([^;"\s]+))/),c=a?.[1]??a?.[2];return c?q(r.data,c):(process.stderr.write(`[batchExecute] No multipart boundary in response Content-Type; returning raw data.
+`),[r.data])}catch(i){return process.stderr.write(`[batchExecute] Failed to parse multipart response; returning raw data. ${String(i)}
+`),[r.data]}}};var x={1:"Entity",2:"Attribute",3:"Relationship",9:"OptionSet",29:"Workflow",61:"SystemForm",71:"SiteMap",90:"PluginAssembly",92:"PluginType",97:"WebResource",95:"ServiceEndpoint",79:"ConnectionRole"};function k(h){return h.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&apos;")}var E=class extends T{async executeBoundFunction(t,e,n,s={}){let r=[],i=[];Object.entries(s).forEach(([o,d])=>{if(typeof d=="object"&&d!==null){let p=`@${o}`;i.push(`${l(o)}=${p}`),r.push(`${p}=${encodeURIComponent(JSON.stringify(d))}`)}else typeof d=="string"?i.push(`${l(o)}='${l(d)}'`):i.push(`${l(o)}=${String(d)}`)});let a=i.join(","),c=`${t}(${e})/Microsoft.Dynamics.CRM.${n}(${a})`,u=r.length?`${c}?${r.join("&")}`:c;return this.requestWithRetry(()=>this.http.get(u).then(o=>o.data))}async queryWithPaging(t,e={}){let n=Math.min(e.maxTotal??5e3,5e4),s=[],r=0,i={};e.select!==void 0&&(i.select=e.select),e.filter!==void 0&&(i.filter=e.filter),e.orderby!==void 0&&(i.orderby=e.orderby),e.expand!==void 0&&(i.expand=e.expand);let a=await this.query(t,i);for(s.push(...a.value),r++;a["@odata.nextLink"]&&s.length<n;){let u=a["@odata.nextLink"];a=await this.requestWithRetry(()=>this.http.get(u).then(o=>o.data)),s.push(...a.value),r++}let c=s.slice(0,n);return{records:c,totalRetrieved:c.length,pageCount:r}}async getChangedRecords(t,e,n){let s,r={};if(e===null){let p=n?.length?`?$select=${n.join(",")}`:"";s=`${t}${p}`,r.Prefer="odata.track-changes"}else{let p=n?.length?`&$select=${n.join(",")}`:"";s=`${t}?$deltatoken=${e}${p}`}let i=await this.requestWithRetry(()=>this.http.get(s,{headers:r}).then(p=>p.data)),a=i.value??[],c=[],u=[];for(let p of a)if("@removed"in p){let m=String(p["@id"]??""),g=m.match(/\(([^)]+)\)$/);u.push({id:g?g[1]:m})}else c.push(p);let o=i["@odata.deltaLink"],d=null;if(o){let p=o.match(/\$deltatoken=([^&]+)/);d=p?decodeURIComponent(p[1]):null}return{newAndModified:c,deleted:u,nextDeltaToken:d}}async getSolutionComponents(t,e,n=200){return this.requestWithRetry(async()=>{let r=(await this.http.get(`solutions?$filter=uniquename eq '${l(t)}'&$select=solutionid,uniquename,friendlyname,version&$top=1`)).data.value;if(!r.length)throw new Error(`Solution '${t}' not found`);let i=r[0],a=i.solutionid,c=`_solutionid_value eq ${a}`;e!==void 0&&(c+=` and componenttype eq ${e}`);let o=(await this.http.get(`solutioncomponents?$filter=${c}&$select=componenttype,objectid&$top=${n}&$orderby=componenttype`)).data.value.map(d=>({componentType:d.componenttype,componentTypeName:x[d.componenttype]??`Type${d.componenttype}`,objectId:d.objectid}));return{solutionName:i.uniquename,solutionId:a,friendlyName:i.friendlyname,version:i.version,components:o,count:o.length}})}async publishCustomizations(t){return this.requestWithRetry(async()=>{if(!(t&&((t.entities?.length??0)>0||(t.webResources?.length??0)>0||(t.optionSets?.length??0)>0)))return await this.http.post("PublishAllXml",{},{timeoutMs:12e4}),{published:!0,message:"All customizations published successfully"};let n="<importexportxml>";return t.entities?.length&&(n+="<entities>"+t.entities.map(s=>`<entity>${k(s)}</entity>`).join("")+"</entities>"),t.webResources?.length&&(n+="<webresources>"+t.webResources.map(s=>`<webresource>${k(s)}</webresource>`).join("")+"</webresources>"),t.optionSets?.length&&(n+="<optionsets>"+t.optionSets.map(s=>`<optionset>${k(s)}</optionset>`).join("")+"</optionsets>"),n+="</importexportxml>",await this.http.post("PublishXml",{ParameterXml:n},{timeoutMs:12e4}),{published:!0,message:"Selected customizations published successfully"}})}async listDataverseWorkflows(t){return this.requestWithRetry(async()=>{let e=[];t.category!==void 0&&e.push(`category eq ${t.category}`),t.nameContains&&e.push(`contains(name,'${l(t.nameContains)}')`);let n=`workflows?$select=workflowid,name,description,category,statecode,statuscode,type,modifiedon&$orderby=name asc&$top=${t.top??50}`;return e.length>0&&(n+=`&$filter=${e.join(" and ")}`),(await this.http.get(n)).data.value??[]})}async getDataverseWorkflow(t){return this.requestWithRetry(()=>this.http.get(`workflows(${t})?$select=workflowid,name,description,category,statecode,statuscode,type,modifiedon`).then(e=>e.data))}};export{l as a,E as b};

package/dist/dataverse-client-advanced-ZG4OPCGR.js

@@ -0,0 +1 @@
+import{b as a}from"./chunk-MPWVUZBX.js";export{a as DataverseAdvancedClient};

package/dist/doctor.js

@@ -1,3 +1,3 @@
 #!/usr/bin/env node
 async function f(){let t=e=>process.stdout.write(e+`
-`),o=e=>t(`  \u2705 ${e}`),n=e=>t(`  \u274C ${e}`);t(""),t("\u{1F3E5} mcp-dataverse doctor"),t("\u2500".repeat(50)),t("");let r=!0;t("\u{1F4CB} Environment");let c=process.version;parseInt(c.slice(1).split(".")[0],10)>=20?o(`Node.js ${c}`):(n(`Node.js ${c} \u2014 requires v20+`),r=!1),t(""),t("\u2699\uFE0F  Configuration");try{let{loadConfig:e}=await import("./config.loader-VTIKUDN7.js"),s=e();o(`Environment URL: ${s.environmentUrl}`),o(`Timeout: ${s.requestTimeoutMs}ms, Retries: ${s.maxRetries}`)}catch(e){let s=e instanceof Error?e.message:String(e);n(`Configuration error: ${s}`),r=!1,t(""),t(r?"\u2705 All checks passed!":"\u274C Some checks failed."),process.exit(r?0:1)}t(""),t("\u{1F511} Authentication");try{let{loadConfig:e}=await import("./config.loader-VTIKUDN7.js"),s=e(),{createAuthProvider:l}=await import("./auth-provider.factory-MSMLSOX3.js"),i=await l(s).getToken();i?(o("Token acquired successfully"),i.split(".").length===3&&o("Valid JWT token format")):(n("No token returned"),r=!1)}catch(e){let s=e instanceof Error?e.message:String(e);n(`Auth failed: ${s}`),r=!1}t(""),t("\u{1F310} Dataverse API");try{let{loadConfig:e}=await import("./config.loader-VTIKUDN7.js"),s=e(),{createAuthProvider:l}=await import("./auth-provider.factory-MSMLSOX3.js"),{DataverseAdvancedClient:m}=await import("./dataverse-client-advanced-T5ZJMRLK.js"),i=l(s),a=await new m(i,s.maxRetries,s.requestTimeoutMs).whoAmI();o(`Organization: ${a.OrganizationName||"N/A"}`),o(`User ID: ${a.UserId||"N/A"}`),o(`Business Unit: ${a.BusinessUnitId||"N/A"}`),o(`Environment: ${a.EnvironmentUrl||s.environmentUrl}`)}catch(e){let s=e instanceof Error?e.message:String(e);n(`API call failed: ${s}`),r=!1}t(""),t("\u2500".repeat(50)),t(r?"\u2705 All checks passed! Your mcp-dataverse setup is healthy.":"\u274C Some checks failed. Review the errors above."),t(""),process.exit(r?0:1)}export{f as runDoctor};
+`),o=e=>t(`  \u2705 ${e}`),n=e=>t(`  \u274C ${e}`);t(""),t("\u{1F3E5} mcp-dataverse doctor"),t("\u2500".repeat(50)),t("");let r=!0;t("\u{1F4CB} Environment");let c=process.version;parseInt(c.slice(1).split(".")[0],10)>=20?o(`Node.js ${c}`):(n(`Node.js ${c} \u2014 requires v20+`),r=!1),t(""),t("\u2699\uFE0F  Configuration");try{let{loadConfig:e}=await import("./config.loader-VTIKUDN7.js"),s=e();o(`Environment URL: ${s.environmentUrl}`),o(`Timeout: ${s.requestTimeoutMs}ms, Retries: ${s.maxRetries}`)}catch(e){let s=e instanceof Error?e.message:String(e);n(`Configuration error: ${s}`),r=!1,t(""),t(r?"\u2705 All checks passed!":"\u274C Some checks failed."),process.exit(r?0:1)}t(""),t("\u{1F511} Authentication");try{let{loadConfig:e}=await import("./config.loader-VTIKUDN7.js"),s=e(),{createAuthProvider:l}=await import("./auth-provider.factory-MSMLSOX3.js"),i=await l(s).getToken();i?(o("Token acquired successfully"),i.split(".").length===3&&o("Valid JWT token format")):(n("No token returned"),r=!1)}catch(e){let s=e instanceof Error?e.message:String(e);n(`Auth failed: ${s}`),r=!1}t(""),t("\u{1F310} Dataverse API");try{let{loadConfig:e}=await import("./config.loader-VTIKUDN7.js"),s=e(),{createAuthProvider:l}=await import("./auth-provider.factory-MSMLSOX3.js"),{DataverseAdvancedClient:m}=await import("./dataverse-client-advanced-ZG4OPCGR.js"),i=l(s),a=await new m(i,s.maxRetries,s.requestTimeoutMs).whoAmI();o(`Organization: ${a.OrganizationName||"N/A"}`),o(`User ID: ${a.UserId||"N/A"}`),o(`Business Unit: ${a.BusinessUnitId||"N/A"}`),o(`Environment: ${a.EnvironmentUrl||s.environmentUrl}`)}catch(e){let s=e instanceof Error?e.message:String(e);n(`API call failed: ${s}`),r=!1}t(""),t("\u2500".repeat(50)),t(r?"\u2705 All checks passed! Your mcp-dataverse setup is healthy.":"\u274C Some checks failed. Review the errors above."),t(""),process.exit(r?0:1)}export{f as runDoctor};

package/dist/http-server.js

@@ -1,3 +1,4 @@
-import{createServer as m}from"http";import{randomUUID as f}from"crypto";import{StreamableHTTPServerTransport as T}from"@modelcontextprotocol/sdk/server/streamableHttp.js";async function u(c,o,p,l){let t=new Map,r=m(async(n,s)=>{if(s.setHeader("Access-Control-Allow-Origin","*"),s.setHeader("Access-Control-Allow-Methods","GET, POST, DELETE, OPTIONS"),s.setHeader("Access-Control-Allow-Headers","Content-Type, mcp-session-id"),n.method==="OPTIONS"){s.writeHead(204),s.end();return}let a=new URL(n.url??"/",`http://localhost:${o}`);if(a.pathname==="/health"&&n.method==="GET"){s.writeHead(200,{"Content-Type":"application/json"}),s.end(JSON.stringify({status:"ok",version:p,tools:l}));return}if(a.pathname==="/mcp"){try{let d=n.headers["mcp-session-id"];if(d){let e=t.get(d);if(!e){s.writeHead(404,{"Content-Type":"application/json"}),s.end(JSON.stringify({error:"Session not found. Please reinitialize."}));return}await e.handleRequest(n,s)}else{let e=new T({sessionIdGenerator:()=>f(),enableJsonResponse:!0});e.sessionId&&(t.set(e.sessionId,e),e.onclose=()=>{e.sessionId&&t.delete(e.sessionId)}),await c().connect(e),await e.handleRequest(n,s),e.sessionId&&(t.has(e.sessionId)||(t.set(e.sessionId,e),e.onclose=()=>{e.sessionId&&t.delete(e.sessionId)}))}}catch{s.headersSent||(s.writeHead(500,{"Content-Type":"application/json"}),s.end(JSON.stringify({error:"Internal server error"})))}return}s.writeHead(404,{"Content-Type":"application/json"}),s.end(JSON.stringify({error:"Not found"}))});await new Promise(n=>{r.listen(o,()=>{process.stderr.write(`MCP Dataverse HTTP server listening on http://localhost:${o}/mcp
-`),n()})});let i=async()=>{process.stderr.write(`Shutting down HTTP server...
-`);for(let n of t.values())await n.close();r.close(),process.exit(0)};process.on("SIGINT",i),process.on("SIGTERM",i),await new Promise(n=>{r.on("close",n)})}export{u as startHttpTransport};
+import{createServer as S}from"http";import{timingSafeEqual as u,createHmac as m,randomUUID as v}from"crypto";import{StreamableHTTPServerTransport as w}from"@modelcontextprotocol/sdk/server/streamableHttp.js";function g(a,r){try{let i=Buffer.from("mcp-token-verify-constant"),c=m("sha256",i).update(a).digest(),d=m("sha256",i).update(r).digest();return u(c,d)}catch{return!1}}async function O(a,r,i,c){let d=process.env.MCP_HTTP_JSON_RESPONSE!=="false",l=process.env.MCP_HTTP_SECRET??process.env.BEARER_TOKEN,h=process.env.MCP_HTTP_CORS_ORIGIN??"*",n=new Map,p=S(async(s,e)=>{if(e.setHeader("Access-Control-Allow-Origin",h),e.setHeader("Access-Control-Allow-Methods","GET, POST, DELETE, OPTIONS"),e.setHeader("Access-Control-Allow-Headers","Content-Type, mcp-session-id, Authorization"),s.method==="OPTIONS"){e.writeHead(204),e.end();return}let T=new URL(s.url??"/",`http://localhost:${r}`);if(T.pathname==="/health"&&s.method==="GET"){e.writeHead(200,{"Content-Type":"application/json"}),e.end(JSON.stringify({status:"ok",version:i,tools:c}));return}if(T.pathname==="/mcp"){if(l){let o=s.headers.authorization??"",t=o.startsWith("Bearer ")?o.slice(7):"";if(!g(t,l)){e.writeHead(401,{"Content-Type":"application/json","WWW-Authenticate":'Bearer realm="MCP Dataverse"'}),e.end(JSON.stringify({error:"Unauthorized"}));return}}try{let o=s.headers["mcp-session-id"];if(o){let t=n.get(o);if(!t){e.writeHead(404,{"Content-Type":"application/json"}),e.end(JSON.stringify({error:"Session not found. Please reinitialize."}));return}await t.handleRequest(s,e)}else{if(s.method!=="POST"){e.writeHead(400,{"Content-Type":"application/json"}),e.end(JSON.stringify({error:"mcp-session-id header required for GET and DELETE"}));return}let t=new w({sessionIdGenerator:()=>v(),enableJsonResponse:d});t.sessionId&&(n.set(t.sessionId,t),t.onclose=()=>{t.sessionId&&n.delete(t.sessionId)}),await a().connect(t),await t.handleRequest(s,e),t.sessionId&&(n.has(t.sessionId)||(n.set(t.sessionId,t),t.onclose=()=>{t.sessionId&&n.delete(t.sessionId)}))}}catch(o){process.stderr.write(`[http-server] Unhandled error: ${String(o)}
+`),e.headersSent||(e.writeHead(500,{"Content-Type":"application/json"}),e.end(JSON.stringify({error:"Internal server error"})))}return}e.writeHead(404,{"Content-Type":"application/json"}),e.end(JSON.stringify({error:"Not found"}))});await new Promise(s=>{p.listen(r,()=>{process.stderr.write(`MCP Dataverse HTTP server listening on http://localhost:${r}/mcp
+`),s()})});let f=async()=>{process.stderr.write(`Shutting down HTTP server...
+`);for(let s of n.values())await s.close();p.close(),process.exit(0)};process.on("SIGINT",f),process.on("SIGTERM",f),await new Promise(s=>{p.on("close",s)})}export{O as startHttpTransport};