mcp-dataverse 0.4.7 → 0.7.5

package/README.md

@@ -6,7 +6,7 @@
 
 **The most complete MCP server for Microsoft Dataverse.**
 
-73 tools · 4 resources · 10 guided workflows · Zero config auth
+79 tools · 4 resources · 10 guided workflows · Three auth modes
 
 [![npm](https://img.shields.io/npm/v/mcp-dataverse)](https://www.npmjs.com/package/mcp-dataverse)
 [![npm downloads](https://img.shields.io/npm/dm/mcp-dataverse)](https://www.npmjs.com/package/mcp-dataverse)
@@ -25,7 +25,7 @@
 
 AI agents hallucinate schema, guess column names, and build broken OData queries. This server gives them **real-time access** to your Dataverse environment — schema, records, metadata, solutions — through the [Model Context Protocol](https://modelcontextprotocol.io).
 
-- **No Azure AD app registration** — device code flow, zero pre-configuration
+- **Three auth modes** — device code (local), client credentials (CI/CD), managed identity (Azure-hosted)
 - **Works with any MCP client** — VS Code, Claude, Cursor, Windsurf, Gemini, Codex CLI
 - **Atomic tools** — each tool does one thing well; the AI picks the right one
 - **Structured outputs** — every response returns `{summary, data, suggestions}`
@@ -48,31 +48,47 @@ The interactive wizard configures your environment, registers the server in VS C
 
 ## Authentication
 
-**No PAC CLI, no app registration, no client secret.** Uses Microsoft's device code flow (MSAL):
+Three modes — choose based on where the server runs:
 
-1. **First tool call** → a sign-in code appears in the MCP Output panel (`View → Output → MCP`)
-2. Open `https://microsoft.com/devicelogin` → enter the code → sign in with your work account
-3. **Done.** Token is cached encrypted — all future starts are silent
+| Mode                      | When to use                                                                                       |
+| :------------------------ | :------------------------------------------------------------------------------------------------ |
+| **Device Code** (default) | Local development — interactive Microsoft login, token cached on disk                             |
+| **Client Credentials**    | Unattended: CI/CD, Docker, Azure services — `authMethod: "client-credentials"` + App Registration |
+| **Managed Identity**      | Azure-hosted (App Service, Container Apps) — zero secrets, `authMethod: "managed-identity"`       |
 
-Re-authenticate after ~90 days of inactivity: `npx mcp-dataverse-auth`
+**Device code quick start:** authentication triggers on the first tool call.
+
+1. Open `View → Output → MCP` — a sign-in code appears
+2. Go to `https://microsoft.com/devicelogin`, enter the code, sign in with your work account
+3. Token is cached encrypted — all future starts are silent
+
+For client credentials and managed identity setup, see [Authentication docs](https://codeurali.github.io/mcp-dataverse/authentication).
 
 ---
 
 ## Capabilities
 
-| Category                | Count | Description                                                    |
-| ----------------------- | ----- | -------------------------------------------------------------- |
-| **Metadata**            | 8     | Tables, schema, relationships, option sets, entity keys        |
-| **Query**               | 3     | OData, FetchXML, paginated retrieval                           |
-| **CRUD**                | 6     | Get, create, update, delete, upsert, assign                    |
-| **Actions & Functions** | 6     | Bound/unbound Dataverse actions and functions                  |
-| **Batch**               | 1     | Up to 1000 operations atomically                               |
-| **Solutions**           | 3     | List solutions, components, publish customizations             |
-| **Search**              | 1     | Full-text Relevance Search                                     |
-| **Users & Teams**       | 3     | Users, roles, teams                                            |
-| **Files**               | 2     | Upload/download file and image columns                         |
-| **+ more**              | …     | Audit, trace logs, delta tracking, impersonation, annotations… |
-| **Assistance**          | 4     | Tool router, workflow guide                                    |
+| Category                | Count | Description                                                           |
+| ----------------------- | ----- | --------------------------------------------------------------------- |
+| **Metadata**            | 9     | Tables, schema, relationships, option sets, entity keys               |
+| **Query**               | 3     | OData, FetchXML, paginated retrieval                                  |
+| **CRUD**                | 6     | Get, create, update, delete, upsert, assign                           |
+| **Relations**           | 4     | Associate, associate bulk, disassociate, query associations           |
+| **Actions & Functions** | 6     | Bound/unbound Dataverse actions and functions                         |
+| **Batch**               | 1     | Up to 1000 operations atomically                                      |
+| **Solutions**           | 2     | Publish customizations, create sitemap                                |
+| **Search**              | 1     | Full-text Relevance Search                                            |
+| **Users & Teams**       | 4     | Users, roles, teams, role assignment                                  |
+| **RBAC**                | 7     | Role privileges: list, assign, remove, add, replace, get, team        |
+| **Files**               | 2     | Upload/download file and image columns                                |
+| **Audit & Trace**       | 3     | Audit log, plugin trace logs, workflow trace logs                     |
+| **Annotations**         | 2     | Notes and file attachments                                            |
+| **Customization**       | 4     | Custom actions, plugins, env variables, connection references         |
+| **Attributes**          | 4     | Create, update, delete columns; lookup column type                    |
+| **Schema (write)**      | 2     | Create custom tables and relationships                                |
+| **Record Access**       | 4     | Check, grant, revoke record sharing; merge records                    |
+| **Assistance**          | 2     | Tool router, tool tags                                                |
+| **+ more**              | …     | Delta sync, impersonation, views, business units, duplicate detection |
 
 [→ Full Capabilities Reference](https://codeurali.github.io/mcp-dataverse/capabilities)
 
@@ -87,6 +103,7 @@ MCP_TRANSPORT=http MCP_HTTP_PORT=3000 MCP_HTTP_SECRET=mysecret node dist/server.
 ```
 
 Connect using VS Code / Copilot with:
+
 ```json
 {
   "servers": {
@@ -123,10 +140,12 @@ MCP Dataverse is designed to be comprehensive, but most AI models work best with
 
 ## Roadmap
 
-| Version | Feature | Status |
-| ------- | ------- | ------ |
-| **v0.4** | HTTP transport + attribute management + schema consistency | ✅ Released |
-| **v0.5** | Enterprise auth (Client Credentials, Managed Identity) + MCP Prompts | 🔴 Planned |
+| Version  | Feature                                                           | Status      |
+| -------- | ----------------------------------------------------------------- | ----------- |
+| **v0.4** | HTTP transport + attribute management + schema consistency        | ✅ Released |
+| **v0.5** | Enterprise auth (Client Credentials, Managed Identity, Entra JWT) | ✅ Released |
+| **v0.6** | MCP Prompts (5 templates) + MCP Resources (4)                     | ✅ Released |
+| **v0.7** | Schema write (create table/relationship) + Record Access (share, merge) | ✅ Released (v0.7.5) |
 
 [→ Full Roadmap](https://codeurali.github.io/mcp-dataverse/roadmap)
 

package/dist/auth-provider.factory-IVYKBXVY.js

@@ -0,0 +1 @@
+import{a}from"./chunk-M5UROAVJ.js";import"./chunk-RYRO3QPE.js";import"./chunk-KJ3HM2VM.js";export{a as createAuthProvider};

package/dist/chunk-6KQIRQNP.js

@@ -0,0 +1,35 @@
+var y=class extends Error{constructor(t,n,s,r,i={}){super(t);this.status=n;this.data=s;this.code=r;this.responseHeaders=i;this.name="HttpError"}},R=class{baseURL;timeoutMs;defaultHeaders;tokenProvider;constructor(e){this.baseURL=e.baseURL.endsWith("/")?e.baseURL:e.baseURL+"/",this.timeoutMs=e.timeout??3e4,this.defaultHeaders={...e.headers},this.tokenProvider=e.tokenProvider??void 0}async get(e,t){return this.request("GET",e,void 0,t)}async post(e,t,n){return this.request("POST",e,t,n)}async patch(e,t,n){return this.request("PATCH",e,t,n)}async put(e,t,n){return this.request("PUT",e,t,n)}async delete(e,t){return this.request("DELETE",e,void 0,t)}resolveUrl(e){if(!e.startsWith("http"))return this.baseURL+e;let t=new URL(e),n=new URL(this.baseURL);if(t.origin!==n.origin)throw new y(`SSRF protection: request to '${t.origin}' blocked; only '${n.origin}' is permitted`,0,void 0,"SSRF_BLOCKED");return e}async request(e,t,n,s){let r=this.resolveUrl(t),i={...this.defaultHeaders,...s?.headers};this.tokenProvider&&(i.Authorization=`Bearer ${await this.tokenProvider()}`);let u=s?.timeoutMs??this.timeoutMs,c=new AbortController,a=setTimeout(()=>c.abort(),u);try{let o={method:e,headers:i,signal:c.signal};n!==void 0&&(o.body=typeof n=="string"?n:JSON.stringify(n));let d=await fetch(r,o),p={};if(d.headers.forEach((g,f)=>{p[f]=g}),!d.ok){let g=await d.text(),f;try{f=JSON.parse(g)}catch{f=g||void 0}throw new y(`Request failed with status ${d.status}`,d.status,f,void 0,p)}let m;if(s?.responseType==="text")m=await d.text();else{let g=await d.text();m=g?JSON.parse(g):{}}return{data:m,status:d.status,headers:p}}catch(o){throw o instanceof y?o:o instanceof DOMException&&o.name==="AbortError"?new y("Request timed out",0,void 0,"ECONNABORTED"):o}finally{clearTimeout(a)}}};function O(h){let e=h.indexOf(`\r
+\r
+`),t=h.indexOf(`
+
+`);return e!==-1&&(t===-1||e<=t)?e+4:t!==-1?t+2:-1}function E(h,e){let t=[],n=h.split(`--${e}`);for(let s of n){let r=s.trim();if(!r||r==="--")continue;let i=O(s);if(i===-1)continue;let u=s.slice(i),c=O(u);if(c===-1)continue;let o=(u.trimStart().split(/\r?\n/)[0]??"").match(/^HTTP\/\d+\.\d+\s+(\d{3})/),d=o?parseInt(o[1],10):0,p=d>=200&&d<300,m=u.slice(c).trim();if(!m){t.push(p?null:{error:"Empty response body",status:d});continue}try{let g=JSON.parse(m);t.push(p?g:{error:g,status:d})}catch{t.push({error:m,status:d})}}return t}function l(h){return h.replace(/'/g,"''")}var P="9.2",v={opportunities:"opportunityid",territories:"territoryid",categories:"categoryid",activityparties:"activitypartyid",activitymimeattachments:"activitymimeattachmentid",queues:"queueid",queueitems:"queueitemid"},$=class{http;authProvider;maxRetries;constructor(e,t=3,n=3e4){this.authProvider=e,this.maxRetries=t,this.http=new R({baseURL:`${e.environmentUrl}/api/data/v${P}/`,timeout:n,headers:{"OData-MaxVersion":"4.0","OData-Version":"4.0",Accept:"application/json","Content-Type":"application/json; charset=utf-8"},tokenProvider:()=>e.getToken()})}get serviceRootUrl(){return this.http.baseURL}async requestWithRetry(e,t=0){try{return await e()}catch(n){if(n instanceof y){if(n.status===401&&t===0)return this.authProvider.invalidateToken(),this.requestWithRetry(e,t+1);if([429,503,504].includes(n.status)&&t<this.maxRetries){let r=n.responseHeaders["retry-after"],i=r?parseInt(r,10)*1e3:Math.pow(2,t)*1e3;return await new Promise(u=>setTimeout(u,i)),this.requestWithRetry(e,t+1)}if(n.status===400){let r=n.data?.error?.code;if(r==="0x80071151"&&t<5){let c=Math.pow(2,t)*5e3;return await new Promise(a=>setTimeout(a,c)),this.requestWithRetry(e,t+1)}if(r==="0x80071151"&&t>=5)throw new Error(`[TRANSIENT_LOCK_EXHAUSTED] Dataverse customization lock (0x80071151) still held after ${t} retries (~155s total). A publish operation is running server-side. WAIT at least 60 seconds, then retry the operation ONCE manually. Do NOT loop-retry. Inform the user that Dataverse is processing a previous schema change.`);let i=n.data?.error?.message?.toLowerCase()??"",u=r==="0x80044181"||i.includes("publish")&&(i.includes("already")||i.includes("in progress")||i.includes("another user"));if(u&&t<4)return await new Promise(c=>setTimeout(c,3e4)),this.requestWithRetry(e,t+1);if(u&&t>=4)throw new Error(`[TRANSIENT_LOCK_EXHAUSTED] Dataverse publish lock still held after ${t} retries (~120s total). A PublishAllXml operation is in progress server-side. WAIT at least 60 seconds before retrying ONCE. Do NOT call dataverse_publish_customizations again immediately. Inform the user that Dataverse is serialising a background publish job.`)}}throw this.formatError(n)}}formatError(e){if(e instanceof y){let t=e.data?.error;return t?.code==="0x80060888"?new Error(`Dataverse error 0x80060888: The Web API endpoint does not exist in this organization. This means the action/function name is wrong OR the entity set name is incorrect \u2014 NOT necessarily a permissions error. Original message: ${t.message??""}. Tip: verify action names via $metadata or use dataverse_resolve_entity_name for entity names.`):t?new Error(`Dataverse error ${t.code??""}: ${t.message??"Unknown error"}`):e.code==="ECONNABORTED"?new Error("Request timed out. Check your Dataverse environment URL."):e}return e instanceof Error?e:new Error(String(e))}async whoAmI(){return this.requestWithRetry(async()=>{let e=await this.http.get("WhoAmI"),{UserId:t,BusinessUnitId:n,OrganizationId:s}=e.data,r="";try{r=(await this.http.get(`organizations(${s})?$select=name`)).data.name??""}catch{r=""}let i=this.authProvider.environmentUrl;return{UserId:t,BusinessUnitId:n,OrganizationId:s,OrganizationName:r,EnvironmentUrl:i}})}async listTables(e=!1){let s=["$select=LogicalName,SchemaName,DisplayName,EntitySetName,PrimaryIdAttribute,PrimaryNameAttribute,IsCustomEntity",e?"$filter=IsCustomEntity eq true":""].filter(Boolean).join("&");return this.requestWithRetry(()=>this.http.get(`EntityDefinitions?${s}`).then(r=>r.data.value))}async getTableMetadata(e,t=!0){let n=t?"$expand=Attributes":"",s=`EntityDefinitions(LogicalName='${l(e)}')${n?"?"+n:""}`;return this.requestWithRetry(()=>this.http.get(s).then(r=>r.data))}async fetchAllPagesOData(e){let t=[],n=e;for(;n;){let s=await this.requestWithRetry(()=>this.http.get(n).then(r=>r.data));t.push(...s.value??[]),n=s["@odata.nextLink"]}return t}async getRelationships(e){let t=l(e),[n,s,r]=await Promise.all([this.fetchAllPagesOData(`EntityDefinitions(LogicalName='${t}')/OneToManyRelationships`),this.fetchAllPagesOData(`EntityDefinitions(LogicalName='${t}')/ManyToOneRelationships`),this.fetchAllPagesOData(`EntityDefinitions(LogicalName='${t}')/ManyToManyRelationships`)]);return[...n,...s,...r]}async query(e,t={}){let n=u=>encodeURIComponent(u).replace(/%28/g,"(").replace(/%29/g,")").replace(/%2C/g,",").replace(/%27/g,"'").replace(/%40/g,"@"),s=[];t.select?.length&&s.push(`$select=${t.select.join(",")}`),t.filter&&s.push(`$filter=${n(t.filter)}`),t.orderby&&s.push(`$orderby=${n(t.orderby)}`),t.top&&s.push(`$top=${t.top}`),t.expand&&s.push(`$expand=${t.expand}`),t.count&&s.push("$count=true"),t.apply&&s.push(`$apply=${n(t.apply)}`);let r=`${e}${s.length?"?"+s.join("&"):""}`,i=t.formattedValues?{headers:{Prefer:'odata.include-annotations="OData.Community.Display.V1.FormattedValue"'}}:void 0;return this.requestWithRetry(()=>this.http.get(r,i).then(u=>u.data))}async executeFetchXml(e,t,n){let s=encodeURIComponent(t),r=n?{headers:{Prefer:'odata.include-annotations="OData.Community.Display.V1.FormattedValue"'}}:void 0;return this.requestWithRetry(()=>this.http.get(`${e}?fetchXml=${s}`,r).then(i=>i.data))}async getRecord(e,t,n,s){let r=[];n?.length&&r.push(`$select=${n.join(",")}`),s&&r.push(`$expand=${s}`);let i=r.length?`?${r.join("&")}`:"";return this.requestWithRetry(async()=>{let u=await this.http.get(`${e}(${t})${i}`,{headers:{Prefer:'odata.include-annotations="*"'}}),c=u.headers["odata-etag"]??u.data["@odata.etag"]??null;return{record:u.data,etag:c}})}async createRecord(e,t){return this.requestWithRetry(async()=>{let n=await this.http.post(e,t,{headers:{Prefer:"return=representation"}}),r=n.headers["odata-entityid"]?.match(/\(([^)]+)\)/)?.[1];if(r)return r;let i=n.data,u=i["@odata.id"]?.match(/\(([^)]+)\)/)?.[1];if(u)return u;let c=v[e]??e.replace(/s$/,"")+"id",a=i[c];return a||(n.headers.location?.match(/\(([^)]+)\)/)?.[1]??"")})}async updateRecord(e,t,n,s){await this.requestWithRetry(()=>this.http.patch(`${e}(${t})`,n,{headers:{"If-Match":s??"*"}}))}async deleteRecord(e,t){await this.requestWithRetry(()=>this.http.delete(`${e}(${t})`))}async upsertRecord(e,t,n,s,r="upsert",i){return this.requestWithRetry(async()=>{let u=i?`${e}(${i})`:`${e}(${l(t)}='${l(n)}')`,c={Prefer:"return=representation"};r==="createOnly"&&(c["If-None-Match"]="*"),r==="updateOnly"&&(c["If-Match"]="*");try{let a=await this.http.put(u,s,{headers:c}),o=a.status===201?"created":"updated",p=a.headers["odata-entityid"]?.match(/\(([^)]+)\)/)?.[1],m=a.data,g=v[e]??e.replace(/s$/,"")+"id",f=p??m?.[g]??n;return{operation:o,id:f}}catch(a){if(a instanceof y&&a.status===412){if(r==="createOnly")throw new Error("Record already exists");if(r==="updateOnly")throw new Error("Record not found")}throw a}})}async associate(e,t,n,s,r){let i=`${this.authProvider.environmentUrl}/api/data/v${P}/${s}(${r})`;await this.requestWithRetry(()=>this.http.post(`${e}(${t})/${n}/$ref`,{"@odata.id":i}))}async disassociate(e,t,n,s,r){let i=s?`?$id=${this.authProvider.environmentUrl}/api/data/v${P}/${r??e}(${s})`:"";await this.requestWithRetry(()=>this.http.delete(`${e}(${t})/${n}/$ref${i}`))}};var w=class extends ${async executeAction(e,t={}){return this.requestWithRetry(()=>this.http.post(e,t).then(n=>n.data))}async executeFunction(e,t={}){let n=[],s=[],r=/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;Object.entries(t).forEach(([c,a])=>{if(typeof a=="object"&&a!==null){let o=`@${c}`;s.push(`${l(c)}=${o}`),n.push(`${o}=${encodeURIComponent(JSON.stringify(a))}`)}else typeof a=="string"&&r.test(a)?s.push(`${l(c)}=${a}`):typeof a=="string"?s.push(`${l(c)}='${l(a)}'`):s.push(`${l(c)}=${String(a)}`)});let i=s.length?`${e}(${s.join(",")})`:`${e}()`,u=n.length?`${i}?${n.join("&")}`:i;return this.requestWithRetry(()=>this.http.get(u).then(c=>c.data))}async search(e){let n=`${this.http.baseURL.replace(/\/api\/data\/v[\d.]+\/?$/,"")}/api/search/v2.0/query`;return this.requestWithRetry(()=>this.http.post(n,e).then(s=>s.data))}async executeBoundAction(e,t,n,s={}){return this.requestWithRetry(()=>this.http.post(`${e}(${t})/Microsoft.Dynamics.CRM.${n}`,s).then(r=>r.data))}};var b=class extends w{async listDependencies(e,t){return this.requestWithRetry(()=>this.http.get(`RetrieveDependenciesForDelete(ComponentType=${e},ObjectId=${t})`).then(n=>n.data.value))}async listTableDependencies(e,t){let n={0:"Workflow",1:"Dialog",2:"BusinessRule",3:"Action",4:"BusinessProcessFlow",5:"Flow"},s={0:"Draft",1:"Active",2:"Inactive"},i=(await this.requestWithRetry(()=>this.http.get(`workflows?$filter=primaryentity eq '${l(e)}' and statecode ne 2&$select=name,workflowid,statecode,category,triggeroncreate,triggerondelete,triggeronupdateattributelist`).then(o=>o.data))).value.map(o=>{let d=[];return o.triggeroncreate&&d.push("Create"),o.triggerondelete&&d.push("Delete"),o.triggeronupdateattributelist&&d.push("Update"),{componentType:n[o.category]??`Category${o.category}`,name:o.name,id:o.workflowid,state:s[o.statecode]??`State${o.statecode}`,triggerEvent:d.length?d.join(","):null,solutionName:null}}),u=t?.length?i.filter(o=>t.includes(o.componentType)):i,a=t?.some(o=>o==="Plugin"||o==="CustomAPI")?"Plugin and CustomAPI types require additional SDK message queries and are not yet implemented. Results show Workflow/BusinessRule/Flow/Action dependencies only.":null;return{tableName:e,dependencies:u,count:u.length,warning:a}}async listGlobalOptionSets(){return this.requestWithRetry(()=>this.http.get("GlobalOptionSetDefinitions").then(e=>e.data.value))}async getOptionSet(e){return this.requestWithRetry(()=>this.http.get(`GlobalOptionSetDefinitions(Name='${l(e)}')`).then(t=>t.data))}async getAttributeOptionSet(e,t){let n=["PicklistAttributeMetadata","MultiSelectPicklistAttributeMetadata","StatusAttributeMetadata","StateAttributeMetadata"];for(let s of n)try{let r=`EntityDefinitions(LogicalName='${l(e)}')/Attributes(LogicalName='${l(t)}')/Microsoft.Dynamics.CRM.${s}?$select=LogicalName,DisplayName&$expand=OptionSet`,a=((await this.requestWithRetry(()=>this.http.get(r).then(o=>o.data))).OptionSet?.Options??[]).map(o=>({label:o.Label?.UserLocalizedLabel?.Label??"",value:o.Value}));return{entityLogicalName:e,attributeLogicalName:t,attributeType:s.replace("AttributeMetadata",""),options:a}}catch{continue}throw new Error(`Attribute '${t}' on entity '${e}' is not a Picklist, MultiSelectPicklist, Status, or State attribute, or does not exist.`)}async getEntityKeys(e){return this.requestWithRetry(async()=>(await this.http.get(`EntityDefinitions(LogicalName='${l(e)}')/Keys?$select=SchemaName,LogicalName,KeyAttributes,IsCustomizable,EntityKeyIndexStatus`)).data.value.map(n=>({schemaName:n.SchemaName,logicalName:n.LogicalName,keyAttributes:n.KeyAttributes,isCustomizable:n.IsCustomizable?.Value??!1,indexStatus:n.EntityKeyIndexStatus})))}async updateEntityDefinition(e,t){await this.requestWithRetry(()=>this.http.patch(`EntityDefinitions(LogicalName='${l(e)}')`,t,{headers:{"MSCRM.MergeLabels":"true"}}))}async createEntityDefinition(e){return this.requestWithRetry(async()=>(await this.http.post("EntityDefinitions",e)).headers["odata-entityid"]?.match(/\(([^)]+)\)$/)?.[1]??"")}async createAttribute(e,t){return this.requestWithRetry(async()=>(await this.http.post(`EntityDefinitions(LogicalName='${l(e)}')/Attributes`,t,{headers:{Prefer:"return=representation"}})).data.MetadataId??"")}async updateAttribute(e,t,n){await this.requestWithRetry(()=>this.http.put(`EntityDefinitions(LogicalName='${l(e)}')/Attributes(LogicalName='${l(t)}')`,n,{headers:{"MSCRM.MergeLabels":"true"}}))}async deleteAttribute(e,t){await this.requestWithRetry(()=>this.http.delete(`EntityDefinitions(LogicalName='${l(e)}')/Attributes(LogicalName='${l(t)}')`))}async createRelationship(e){return this.requestWithRetry(async()=>(await this.http.post("RelationshipDefinitions",e)).headers["odata-entityid"]?.match(/\(([^)]+)\)$/)?.[1]??"")}};var T=class extends b{async batchExecute(e,t=!1){let n=`batch_${Date.now()}`,s="";if(t){let i=`changeset_${Date.now()+1}`,u=e.filter(a=>a.method==="GET"),c=e.filter(a=>a.method!=="GET");for(let a of u)s+=`--${n}\r
+`,s+=`Content-Type: application/http\r
+`,s+=`Content-Transfer-Encoding: binary\r
+\r
+`,s+=`${a.method} ${this.http.baseURL}${a.url} HTTP/1.1\r
+`,s+=`Accept: application/json\r
+\r
+`;if(c.length>0){s+=`--${n}\r
+`,s+=`Content-Type: multipart/mixed; boundary=${i}\r
+\r
+`;let a=1;for(let o of c)s+=`--${i}\r
+`,s+=`Content-Type: application/http\r
+`,s+=`Content-Transfer-Encoding: binary\r
+`,s+=`Content-ID: ${o.contentId??a++}\r
+\r
+`,s+=`${o.method} ${this.http.baseURL}${o.url} HTTP/1.1\r
+`,s+=`Content-Type: application/json\r
+\r
+`,o.body&&(s+=JSON.stringify(o.body)),s+=`\r
+`;s+=`--${i}--\r
+`}}else e.forEach(i=>{s+=`--${n}\r
+`,s+=`Content-Type: application/http\r
+`,s+=`Content-Transfer-Encoding: binary\r
+\r
+`,s+=`${i.method} ${this.http.baseURL}${i.url} HTTP/1.1\r
+`,s+=`Content-Type: application/json\r
+\r
+`,i.body&&(s+=JSON.stringify(i.body)),s+=`\r
+`});s+=`--${n}--`;let r=await this.requestWithRetry(()=>this.http.post("$batch",s,{headers:{"Content-Type":`multipart/mixed;boundary=${n}`},responseType:"text"}));try{let u=(r.headers["content-type"]??"").match(/boundary=(?:"([^"]+)"|([^;"\s]+))/),c=u?.[1]??u?.[2];return c?E(r.data,c):(process.stderr.write(`[batchExecute] No multipart boundary in response Content-Type; returning raw data.
+`),[r.data])}catch(i){return process.stderr.write(`[batchExecute] Failed to parse multipart response; returning raw data. ${String(i)}
+`),[r.data]}}};var A={1:"Entity",2:"Attribute",3:"Relationship",9:"OptionSet",29:"Workflow",61:"SystemForm",71:"SiteMap",90:"PluginAssembly",92:"PluginType",97:"WebResource",95:"ServiceEndpoint",79:"ConnectionRole"};function k(h){return h.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&apos;")}var x=class extends T{async executeBoundFunction(e,t,n,s={}){let r=[],i=[];Object.entries(s).forEach(([o,d])=>{if(typeof d=="object"&&d!==null){let p=`@${o}`;i.push(`${l(o)}=${p}`),r.push(`${p}=${encodeURIComponent(JSON.stringify(d))}`)}else typeof d=="string"?i.push(`${l(o)}='${l(d)}'`):i.push(`${l(o)}=${String(d)}`)});let u=i.join(","),c=`${e}(${t})/Microsoft.Dynamics.CRM.${n}(${u})`,a=r.length?`${c}?${r.join("&")}`:c;return this.requestWithRetry(()=>this.http.get(a).then(o=>o.data))}async executeUnboundFunction(e,t={}){let n=[],s=[];Object.entries(t).forEach(([c,a])=>{if(typeof a=="object"&&a!==null){let o=`@${c}`;s.push(`${l(c)}=${o}`),n.push(`${o}=${encodeURIComponent(JSON.stringify(a))}`)}else typeof a=="string"?s.push(`${l(c)}='${l(a)}'`):s.push(`${l(c)}=${String(a)}`)});let r=s.join(","),i=`${e}(${r})`,u=n.length?`${i}?${n.join("&")}`:i;return this.requestWithRetry(()=>this.http.get(u).then(c=>c.data))}async queryWithPaging(e,t={}){let n=Math.min(t.maxTotal??5e3,5e4),s=[],r=0,i={};t.select!==void 0&&(i.select=t.select),t.filter!==void 0&&(i.filter=t.filter),t.orderby!==void 0&&(i.orderby=t.orderby),t.expand!==void 0&&(i.expand=t.expand);let u=await this.query(e,i);for(s.push(...u.value),r++;u["@odata.nextLink"]&&s.length<n;){let a=u["@odata.nextLink"];u=await this.requestWithRetry(()=>this.http.get(a).then(o=>o.data)),s.push(...u.value),r++}let c=s.slice(0,n);return{records:c,totalRetrieved:c.length,pageCount:r}}async getChangedRecords(e,t,n){let s,r={};if(t===null){let p=n?.length?`?$select=${n.join(",")}`:"";s=`${e}${p}`,r.Prefer="odata.track-changes"}else{let p=n?.length?`&$select=${n.join(",")}`:"";s=`${e}?$deltatoken=${t}${p}`}let i=await this.requestWithRetry(()=>this.http.get(s,{headers:r}).then(p=>p.data)),u=i.value??[],c=[],a=[];for(let p of u)if("@removed"in p){let m=String(p["@id"]??""),g=m.match(/\(([^)]+)\)$/);a.push({id:g?g[1]:m})}else c.push(p);let o=i["@odata.deltaLink"],d=null;if(o){let p=o.match(/\$deltatoken=([^&]+)/);d=p?decodeURIComponent(p[1]):null}return{newAndModified:c,deleted:a,nextDeltaToken:d}}async getSolutionComponents(e,t,n=200){return this.requestWithRetry(async()=>{let r=(await this.http.get(`solutions?$filter=uniquename eq '${l(e)}'&$select=solutionid,uniquename,friendlyname,version&$top=1`)).data.value;if(!r.length)throw new Error(`Solution '${e}' not found`);let i=r[0],u=i.solutionid,c=`_solutionid_value eq ${u}`;t!==void 0&&(c+=` and componenttype eq ${t}`);let o=(await this.http.get(`solutioncomponents?$filter=${c}&$select=componenttype,objectid&$top=${n}&$orderby=componenttype`)).data.value.map(d=>({componentType:d.componenttype,componentTypeName:A[d.componenttype]??`Type${d.componenttype}`,objectId:d.objectid}));return{solutionName:i.uniquename,solutionId:u,friendlyName:i.friendlyname,version:i.version,components:o,count:o.length}})}async publishCustomizations(e){try{return await this.requestWithRetry(async()=>{if(!(e&&((e.entities?.length??0)>0||(e.webResources?.length??0)>0||(e.optionSets?.length??0)>0)))return await this.http.post("PublishAllXml",{},{timeoutMs:12e4}),{published:!0,message:"All customizations published successfully"};let n="<importexportxml>";return e.entities?.length&&(n+="<entities>"+e.entities.map(s=>`<entity>${k(s)}</entity>`).join("")+"</entities>"),e.webResources?.length&&(n+="<webresources>"+e.webResources.map(s=>`<webresource>${k(s)}</webresource>`).join("")+"</webresources>"),e.optionSets?.length&&(n+="<optionsets>"+e.optionSets.map(s=>`<optionset>${k(s)}</optionset>`).join("")+"</optionsets>"),n+="</importexportxml>",await this.http.post("PublishXml",{ParameterXml:n},{timeoutMs:12e4}),{published:!0,message:"Selected customizations published successfully"}})}catch(t){if((t instanceof Error?t.message:String(t)).includes("[TRANSIENT_LOCK_EXHAUSTED]")&&(e?.entities?.length??0)>0)return{published:!0,message:"Publish lock exhausted but a concurrent PublishAllXml has already covered these entities. Changes are live. (covered by concurrent publish)"};throw t}}async listDataverseWorkflows(e){return this.requestWithRetry(async()=>{let t=[];e.category!==void 0&&t.push(`category eq ${e.category}`),e.nameContains&&t.push(`contains(name,'${l(e.nameContains)}')`);let n=`workflows?$select=workflowid,name,description,category,statecode,statuscode,type,modifiedon&$orderby=name asc&$top=${e.top??50}`;return t.length>0&&(n+=`&$filter=${t.join(" and ")}`),(await this.http.get(n)).data.value??[]})}async getDataverseWorkflow(e){return this.requestWithRetry(()=>this.http.get(`workflows(${e})?$select=workflowid,name,description,category,statecode,statuscode,type,modifiedon`).then(t=>t.data))}async executeFetchXmlAllPages(e,t){let n=[],s=1,r;do{let i=t;s>1&&(i=i.replace(/<fetch\b([^>]*)>/i,(o,d)=>{let p=d.replace(/\s+page="[^"]*"/g,"").replace(/\s+paging-cookie="[^"]*"/g,""),m=r?` paging-cookie="${r.replace(/"/g,"&quot;").replace(/'/g,"&apos;")}"`:"";return`<fetch${p} page="${s}"${m}>`}));let u=await this.executeFetchXml(e,i),c=u.value??[];n.push(...c);let a=u["@Microsoft.Dynamics.CRM.fetchxmlpagingcookie"];if(!a||c.length===0)break;try{let d=decodeURIComponent(decodeURIComponent(String(a))).match(/pagingcookie="([^"]+)"/);r=d?d[1]:void 0}catch{r=String(a)}if(!r||(s++,s>100))break}while(!0);return n}};export{l as a,x as b};

package/dist/chunk-IA4YDPXM.js

@@ -0,0 +1,35 @@
+var y=class extends Error{constructor(e,n,s,r,i={}){super(e);this.status=n;this.data=s;this.code=r;this.responseHeaders=i;this.name="HttpError"}},R=class{baseURL;timeoutMs;defaultHeaders;tokenProvider;constructor(t){this.baseURL=t.baseURL.endsWith("/")?t.baseURL:t.baseURL+"/",this.timeoutMs=t.timeout??3e4,this.defaultHeaders={...t.headers},this.tokenProvider=t.tokenProvider??void 0}async get(t,e){return this.request("GET",t,void 0,e)}async post(t,e,n){return this.request("POST",t,e,n)}async patch(t,e,n){return this.request("PATCH",t,e,n)}async put(t,e,n){return this.request("PUT",t,e,n)}async delete(t,e){return this.request("DELETE",t,void 0,e)}resolveUrl(t){if(!t.startsWith("http"))return this.baseURL+t;let e=new URL(t),n=new URL(this.baseURL);if(e.origin!==n.origin)throw new y(`SSRF protection: request to '${e.origin}' blocked; only '${n.origin}' is permitted`,0,void 0,"SSRF_BLOCKED");return t}async request(t,e,n,s){let r=this.resolveUrl(e),i={...this.defaultHeaders,...s?.headers};this.tokenProvider&&(i.Authorization=`Bearer ${await this.tokenProvider()}`);let u=s?.timeoutMs??this.timeoutMs,c=new AbortController,a=setTimeout(()=>c.abort(),u);try{let o={method:t,headers:i,signal:c.signal};n!==void 0&&(o.body=typeof n=="string"?n:JSON.stringify(n));let d=await fetch(r,o),p={};if(d.headers.forEach((g,f)=>{p[f]=g}),!d.ok){let g=await d.text(),f;try{f=JSON.parse(g)}catch{f=g||void 0}throw new y(`Request failed with status ${d.status}`,d.status,f,void 0,p)}let m;if(s?.responseType==="text")m=await d.text();else{let g=await d.text();m=g?JSON.parse(g):{}}return{data:m,status:d.status,headers:p}}catch(o){throw o instanceof y?o:o instanceof DOMException&&o.name==="AbortError"?new y("Request timed out",0,void 0,"ECONNABORTED"):o}finally{clearTimeout(a)}}};function E(h){let t=h.indexOf(`\r
+\r
+`),e=h.indexOf(`
+
+`);return t!==-1&&(e===-1||t<=e)?t+4:e!==-1?e+2:-1}function v(h,t){let e=[],n=h.split(`--${t}`);for(let s of n){let r=s.trim();if(!r||r==="--")continue;let i=E(s);if(i===-1)continue;let u=s.slice(i),c=E(u);if(c===-1)continue;let o=(u.trimStart().split(/\r?\n/)[0]??"").match(/^HTTP\/\d+\.\d+\s+(\d{3})/),d=o?parseInt(o[1],10):0,p=d>=200&&d<300,m=u.slice(c).trim();if(!m){e.push(p?null:{error:"Empty response body",status:d});continue}try{let g=JSON.parse(m);e.push(p?g:{error:g,status:d})}catch{e.push({error:m,status:d})}}return e}function l(h){return h.replace(/'/g,"''")}var P={opportunities:"opportunityid",territories:"territoryid",categories:"categoryid",activityparties:"activitypartyid",activitymimeattachments:"activitymimeattachmentid",queues:"queueid",queueitems:"queueitemid"};function x(h){if(h instanceof y){let t=h.data?.error;return t?.code==="0x80060888"?new Error(`Dataverse error 0x80060888: The Web API endpoint does not exist in this organization. This means the action/function name is wrong OR the entity set name is incorrect \u2014 NOT necessarily a permissions error. Original message: ${t.message??""}. Tip: verify action names via $metadata or use dataverse_resolve_entity_name for entity names.`):t?new Error(`Dataverse error ${t.code??""}: ${t.message??"Unknown error"}`):h.code==="ECONNABORTED"?new Error("Request timed out. Check your Dataverse environment URL."):h}return h instanceof Error?h:new Error(String(h))}var k="9.2",$=class{http;authProvider;maxRetries;constructor(t,e=3,n=3e4){this.authProvider=t,this.maxRetries=e,this.http=new R({baseURL:`${t.environmentUrl}/api/data/v${k}/`,timeout:n,headers:{"OData-MaxVersion":"4.0","OData-Version":"4.0",Accept:"application/json","Content-Type":"application/json; charset=utf-8"},tokenProvider:()=>t.getToken()})}get serviceRootUrl(){return this.http.baseURL}async requestWithRetry(t,e=0){try{return await t()}catch(n){if(n instanceof y){if(n.status===401&&e===0)return this.authProvider.invalidateToken(),this.requestWithRetry(t,e+1);if([429,503,504].includes(n.status)&&e<this.maxRetries){let r=n.responseHeaders["retry-after"],i=r?parseInt(r,10)*1e3:Math.pow(2,e)*1e3;return await new Promise(u=>setTimeout(u,i)),this.requestWithRetry(t,e+1)}if(n.status===400){let r=n.data?.error?.code;if(r==="0x80071151"&&e<5){let c=Math.pow(2,e)*5e3;return await new Promise(a=>setTimeout(a,c)),this.requestWithRetry(t,e+1)}if(r==="0x80071151"&&e>=5)throw new Error(`[TRANSIENT_LOCK_EXHAUSTED] Dataverse customization lock (0x80071151) still held after ${e} retries (~155s total). A publish operation is running server-side. WAIT at least 60 seconds, then retry the operation ONCE manually. Do NOT loop-retry. Inform the user that Dataverse is processing a previous schema change.`);let i=n.data?.error?.message?.toLowerCase()??"",u=r==="0x80044181"||i.includes("publish")&&(i.includes("already")||i.includes("in progress")||i.includes("another user"));if(u&&e<4)return await new Promise(c=>setTimeout(c,3e4)),this.requestWithRetry(t,e+1);if(u&&e>=4)throw new Error(`[TRANSIENT_LOCK_EXHAUSTED] Dataverse publish lock still held after ${e} retries (~120s total). A PublishAllXml operation is in progress server-side. WAIT at least 60 seconds before retrying ONCE. Do NOT call dataverse_publish_customizations again immediately. Inform the user that Dataverse is serialising a background publish job.`)}}throw x(n)}}async whoAmI(){return this.requestWithRetry(async()=>{let t=await this.http.get("WhoAmI"),{UserId:e,BusinessUnitId:n,OrganizationId:s}=t.data,r="";try{r=(await this.http.get(`organizations(${s})?$select=name`)).data.name??""}catch{r=""}let i=this.authProvider.environmentUrl;return{UserId:e,BusinessUnitId:n,OrganizationId:s,OrganizationName:r,EnvironmentUrl:i}})}async listTables(t=!1){let s=["$select=LogicalName,SchemaName,DisplayName,EntitySetName,PrimaryIdAttribute,PrimaryNameAttribute,IsCustomEntity",t?"$filter=IsCustomEntity eq true":""].filter(Boolean).join("&");return this.requestWithRetry(()=>this.http.get(`EntityDefinitions?${s}`).then(r=>r.data.value))}async getTableMetadata(t,e=!0){let n=e?"$expand=Attributes":"",s=`EntityDefinitions(LogicalName='${l(t)}')${n?"?"+n:""}`;return this.requestWithRetry(()=>this.http.get(s).then(r=>r.data))}async fetchAllPagesOData(t){let e=[],n=t;for(;n;){let s=await this.requestWithRetry(()=>this.http.get(n).then(r=>r.data));e.push(...s.value??[]),n=s["@odata.nextLink"]}return e}async getRelationships(t){let e=l(t),[n,s,r]=await Promise.all([this.fetchAllPagesOData(`EntityDefinitions(LogicalName='${e}')/OneToManyRelationships`),this.fetchAllPagesOData(`EntityDefinitions(LogicalName='${e}')/ManyToOneRelationships`),this.fetchAllPagesOData(`EntityDefinitions(LogicalName='${e}')/ManyToManyRelationships`)]);return[...n,...s,...r]}async query(t,e={}){let n=u=>encodeURIComponent(u).replace(/%28/g,"(").replace(/%29/g,")").replace(/%2C/g,",").replace(/%27/g,"'").replace(/%40/g,"@"),s=[];e.select?.length&&s.push(`$select=${e.select.join(",")}`),e.filter&&s.push(`$filter=${n(e.filter)}`),e.orderby&&s.push(`$orderby=${n(e.orderby)}`),e.top&&s.push(`$top=${e.top}`),e.expand&&s.push(`$expand=${e.expand}`),e.count&&s.push("$count=true"),e.apply&&s.push(`$apply=${n(e.apply)}`);let r=`${t}${s.length?"?"+s.join("&"):""}`,i=e.formattedValues?{headers:{Prefer:'odata.include-annotations="OData.Community.Display.V1.FormattedValue"'}}:void 0;return this.requestWithRetry(()=>this.http.get(r,i).then(u=>u.data))}async executeFetchXml(t,e,n){let s=encodeURIComponent(e),r=n?{headers:{Prefer:'odata.include-annotations="OData.Community.Display.V1.FormattedValue"'}}:void 0;return this.requestWithRetry(()=>this.http.get(`${t}?fetchXml=${s}`,r).then(i=>i.data))}async getRecord(t,e,n,s){let r=[];n?.length&&r.push(`$select=${n.join(",")}`),s&&r.push(`$expand=${s}`);let i=r.length?`?${r.join("&")}`:"";return this.requestWithRetry(async()=>{let u=await this.http.get(`${t}(${e})${i}`,{headers:{Prefer:'odata.include-annotations="*"'}}),c=u.headers["odata-etag"]??u.data["@odata.etag"]??null;return{record:u.data,etag:c}})}async createRecord(t,e){return this.requestWithRetry(async()=>{let n=await this.http.post(t,e,{headers:{Prefer:"return=representation"}}),r=n.headers["odata-entityid"]?.match(/\(([^)]+)\)/)?.[1];if(r)return r;let i=n.data,u=i["@odata.id"]?.match(/\(([^)]+)\)/)?.[1];if(u)return u;let c=P[t]??t.replace(/s$/,"")+"id",a=i[c];return a||(n.headers.location?.match(/\(([^)]+)\)/)?.[1]??"")})}async updateRecord(t,e,n,s){await this.requestWithRetry(()=>this.http.patch(`${t}(${e})`,n,{headers:{"If-Match":s??"*"}}))}async deleteRecord(t,e){await this.requestWithRetry(()=>this.http.delete(`${t}(${e})`))}async upsertRecord(t,e,n,s,r="upsert",i){return this.requestWithRetry(async()=>{let u=i?`${t}(${i})`:`${t}(${l(e)}='${l(n)}')`,c={Prefer:"return=representation"};r==="createOnly"&&(c["If-None-Match"]="*"),r==="updateOnly"&&(c["If-Match"]="*");try{let a=await this.http.put(u,s,{headers:c}),o=a.status===201?"created":"updated",p=a.headers["odata-entityid"]?.match(/\(([^)]+)\)/)?.[1],m=a.data,g=P[t]??t.replace(/s$/,"")+"id",f=p??m?.[g]??n;return{operation:o,id:f}}catch(a){if(a instanceof y&&a.status===412){if(r==="createOnly")throw new Error("Record already exists");if(r==="updateOnly")throw new Error("Record not found")}throw a}})}async associate(t,e,n,s,r){let i=`${this.authProvider.environmentUrl}/api/data/v${k}/${s}(${r})`;await this.requestWithRetry(()=>this.http.post(`${t}(${e})/${n}/$ref`,{"@odata.id":i}))}async disassociate(t,e,n,s,r){let i=s?`?$id=${this.authProvider.environmentUrl}/api/data/v${k}/${r??t}(${s})`:"";await this.requestWithRetry(()=>this.http.delete(`${t}(${e})/${n}/$ref${i}`))}};var w=class extends ${async executeAction(t,e={}){return this.requestWithRetry(()=>this.http.post(t,e).then(n=>n.data))}async executeFunction(t,e={}){let n=[],s=[],r=/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;Object.entries(e).forEach(([c,a])=>{if(typeof a=="object"&&a!==null){let o=`@${c}`;s.push(`${l(c)}=${o}`),n.push(`${o}=${encodeURIComponent(JSON.stringify(a))}`)}else typeof a=="string"&&r.test(a)?s.push(`${l(c)}=${a}`):typeof a=="string"?s.push(`${l(c)}='${l(a)}'`):s.push(`${l(c)}=${String(a)}`)});let i=s.length?`${t}(${s.join(",")})`:`${t}()`,u=n.length?`${i}?${n.join("&")}`:i;return this.requestWithRetry(()=>this.http.get(u).then(c=>c.data))}async search(t){let n=`${this.http.baseURL.replace(/\/api\/data\/v[\d.]+\/?$/,"")}/api/search/v2.0/query`;return this.requestWithRetry(()=>this.http.post(n,t).then(s=>s.data))}async executeBoundAction(t,e,n,s={}){return this.requestWithRetry(()=>this.http.post(`${t}(${e})/Microsoft.Dynamics.CRM.${n}`,s).then(r=>r.data))}};var b=class extends w{async listDependencies(t,e){return this.requestWithRetry(()=>this.http.get(`RetrieveDependenciesForDelete(ComponentType=${t},ObjectId=${e})`).then(n=>n.data.value))}async listTableDependencies(t,e){let n={0:"Workflow",1:"Dialog",2:"BusinessRule",3:"Action",4:"BusinessProcessFlow",5:"Flow"},s={0:"Draft",1:"Active",2:"Inactive"},i=(await this.requestWithRetry(()=>this.http.get(`workflows?$filter=primaryentity eq '${l(t)}' and statecode ne 2&$select=name,workflowid,statecode,category,triggeroncreate,triggerondelete,triggeronupdateattributelist`).then(o=>o.data))).value.map(o=>{let d=[];return o.triggeroncreate&&d.push("Create"),o.triggerondelete&&d.push("Delete"),o.triggeronupdateattributelist&&d.push("Update"),{componentType:n[o.category]??`Category${o.category}`,name:o.name,id:o.workflowid,state:s[o.statecode]??`State${o.statecode}`,triggerEvent:d.length?d.join(","):null,solutionName:null}}),u=e?.length?i.filter(o=>e.includes(o.componentType)):i,a=e?.some(o=>o==="Plugin"||o==="CustomAPI")?"Plugin and CustomAPI types require additional SDK message queries and are not yet implemented. Results show Workflow/BusinessRule/Flow/Action dependencies only.":null;return{tableName:t,dependencies:u,count:u.length,warning:a}}async listGlobalOptionSets(){return this.requestWithRetry(()=>this.http.get("GlobalOptionSetDefinitions").then(t=>t.data.value))}async getOptionSet(t){return this.requestWithRetry(()=>this.http.get(`GlobalOptionSetDefinitions(Name='${l(t)}')`).then(e=>e.data))}async getAttributeOptionSet(t,e){let n=["PicklistAttributeMetadata","MultiSelectPicklistAttributeMetadata","StatusAttributeMetadata","StateAttributeMetadata"];for(let s of n)try{let r=`EntityDefinitions(LogicalName='${l(t)}')/Attributes(LogicalName='${l(e)}')/Microsoft.Dynamics.CRM.${s}?$select=LogicalName,DisplayName&$expand=OptionSet`,a=((await this.requestWithRetry(()=>this.http.get(r).then(o=>o.data))).OptionSet?.Options??[]).map(o=>({label:o.Label?.UserLocalizedLabel?.Label??"",value:o.Value}));return{entityLogicalName:t,attributeLogicalName:e,attributeType:s.replace("AttributeMetadata",""),options:a}}catch{continue}throw new Error(`Attribute '${e}' on entity '${t}' is not a Picklist, MultiSelectPicklist, Status, or State attribute, or does not exist.`)}async getEntityKeys(t){return this.requestWithRetry(async()=>(await this.http.get(`EntityDefinitions(LogicalName='${l(t)}')/Keys?$select=SchemaName,LogicalName,KeyAttributes,IsCustomizable,EntityKeyIndexStatus`)).data.value.map(n=>({schemaName:n.SchemaName,logicalName:n.LogicalName,keyAttributes:n.KeyAttributes,isCustomizable:n.IsCustomizable?.Value??!1,indexStatus:n.EntityKeyIndexStatus})))}async updateEntityDefinition(t,e){await this.requestWithRetry(()=>this.http.patch(`EntityDefinitions(LogicalName='${l(t)}')`,e,{headers:{"MSCRM.MergeLabels":"true"}}))}async createEntityDefinition(t){return this.requestWithRetry(async()=>(await this.http.post("EntityDefinitions",t)).headers["odata-entityid"]?.match(/\(([^)]+)\)$/)?.[1]??"")}async createAttribute(t,e){return this.requestWithRetry(async()=>(await this.http.post(`EntityDefinitions(LogicalName='${l(t)}')/Attributes`,e,{headers:{Prefer:"return=representation"}})).data.MetadataId??"")}async updateAttribute(t,e,n){await this.requestWithRetry(()=>this.http.put(`EntityDefinitions(LogicalName='${l(t)}')/Attributes(LogicalName='${l(e)}')`,n,{headers:{"MSCRM.MergeLabels":"true"}}))}async deleteAttribute(t,e){await this.requestWithRetry(()=>this.http.delete(`EntityDefinitions(LogicalName='${l(t)}')/Attributes(LogicalName='${l(e)}')`))}async createRelationship(t){return this.requestWithRetry(async()=>(await this.http.post("RelationshipDefinitions",t)).headers["odata-entityid"]?.match(/\(([^)]+)\)$/)?.[1]??"")}};var T=class extends b{async batchExecute(t,e=!1){let n=`batch_${Date.now()}`,s="";if(e){let i=`changeset_${Date.now()+1}`,u=t.filter(a=>a.method==="GET"),c=t.filter(a=>a.method!=="GET");for(let a of u)s+=`--${n}\r
+`,s+=`Content-Type: application/http\r
+`,s+=`Content-Transfer-Encoding: binary\r
+\r
+`,s+=`${a.method} ${this.http.baseURL}${a.url} HTTP/1.1\r
+`,s+=`Accept: application/json\r
+\r
+`;if(c.length>0){s+=`--${n}\r
+`,s+=`Content-Type: multipart/mixed; boundary=${i}\r
+\r
+`;let a=1;for(let o of c)s+=`--${i}\r
+`,s+=`Content-Type: application/http\r
+`,s+=`Content-Transfer-Encoding: binary\r
+`,s+=`Content-ID: ${o.contentId??a++}\r
+\r
+`,s+=`${o.method} ${this.http.baseURL}${o.url} HTTP/1.1\r
+`,s+=`Content-Type: application/json\r
+\r
+`,o.body&&(s+=JSON.stringify(o.body)),s+=`\r
+`;s+=`--${i}--\r
+`}}else t.forEach(i=>{s+=`--${n}\r
+`,s+=`Content-Type: application/http\r
+`,s+=`Content-Transfer-Encoding: binary\r
+\r
+`,s+=`${i.method} ${this.http.baseURL}${i.url} HTTP/1.1\r
+`,s+=`Content-Type: application/json\r
+\r
+`,i.body&&(s+=JSON.stringify(i.body)),s+=`\r
+`});s+=`--${n}--`;let r=await this.requestWithRetry(()=>this.http.post("$batch",s,{headers:{"Content-Type":`multipart/mixed;boundary=${n}`},responseType:"text"}));try{let u=(r.headers["content-type"]??"").match(/boundary=(?:"([^"]+)"|([^;"\s]+))/),c=u?.[1]??u?.[2];return c?v(r.data,c):(process.stderr.write(`[batchExecute] No multipart boundary in response Content-Type; returning raw data.
+`),[r.data])}catch(i){return process.stderr.write(`[batchExecute] Failed to parse multipart response; returning raw data. ${String(i)}
+`),[r.data]}}};var q={1:"Entity",2:"Attribute",3:"Relationship",9:"OptionSet",29:"Workflow",61:"SystemForm",71:"SiteMap",90:"PluginAssembly",92:"PluginType",97:"WebResource",95:"ServiceEndpoint",79:"ConnectionRole"};function O(h){return h.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&apos;")}var A=class extends T{async executeBoundFunction(t,e,n,s={}){let r=[],i=[];Object.entries(s).forEach(([o,d])=>{if(typeof d=="object"&&d!==null){let p=`@${o}`;i.push(`${l(o)}=${p}`),r.push(`${p}=${encodeURIComponent(JSON.stringify(d))}`)}else typeof d=="string"?i.push(`${l(o)}='${l(d)}'`):i.push(`${l(o)}=${String(d)}`)});let u=i.join(","),c=`${t}(${e})/Microsoft.Dynamics.CRM.${n}(${u})`,a=r.length?`${c}?${r.join("&")}`:c;return this.requestWithRetry(()=>this.http.get(a).then(o=>o.data))}async executeUnboundFunction(t,e={}){let n=[],s=[];Object.entries(e).forEach(([c,a])=>{if(typeof a=="object"&&a!==null){let o=`@${c}`;s.push(`${l(c)}=${o}`),n.push(`${o}=${encodeURIComponent(JSON.stringify(a))}`)}else typeof a=="string"?s.push(`${l(c)}='${l(a)}'`):s.push(`${l(c)}=${String(a)}`)});let r=s.join(","),i=`${t}(${r})`,u=n.length?`${i}?${n.join("&")}`:i;return this.requestWithRetry(()=>this.http.get(u).then(c=>c.data))}async queryWithPaging(t,e={}){let n=Math.min(e.maxTotal??5e3,5e4),s=[],r=0,i={};e.select!==void 0&&(i.select=e.select),e.filter!==void 0&&(i.filter=e.filter),e.orderby!==void 0&&(i.orderby=e.orderby),e.expand!==void 0&&(i.expand=e.expand);let u=await this.query(t,i);for(s.push(...u.value),r++;u["@odata.nextLink"]&&s.length<n;){let a=u["@odata.nextLink"];u=await this.requestWithRetry(()=>this.http.get(a).then(o=>o.data)),s.push(...u.value),r++}let c=s.slice(0,n);return{records:c,totalRetrieved:c.length,pageCount:r}}async getChangedRecords(t,e,n){let s,r={};if(e===null){let p=n?.length?`?$select=${n.join(",")}`:"";s=`${t}${p}`,r.Prefer="odata.track-changes"}else{let p=n?.length?`&$select=${n.join(",")}`:"";s=`${t}?$deltatoken=${e}${p}`}let i=await this.requestWithRetry(()=>this.http.get(s,{headers:r}).then(p=>p.data)),u=i.value??[],c=[],a=[];for(let p of u)if("@removed"in p){let m=String(p["@id"]??""),g=m.match(/\(([^)]+)\)$/);a.push({id:g?g[1]:m})}else c.push(p);let o=i["@odata.deltaLink"],d=null;if(o){let p=o.match(/\$deltatoken=([^&]+)/);d=p?decodeURIComponent(p[1]):null}return{newAndModified:c,deleted:a,nextDeltaToken:d}}async getSolutionComponents(t,e,n=200){return this.requestWithRetry(async()=>{let r=(await this.http.get(`solutions?$filter=uniquename eq '${l(t)}'&$select=solutionid,uniquename,friendlyname,version&$top=1`)).data.value;if(!r.length)throw new Error(`Solution '${t}' not found`);let i=r[0],u=i.solutionid,c=`_solutionid_value eq ${u}`;e!==void 0&&(c+=` and componenttype eq ${e}`);let o=(await this.http.get(`solutioncomponents?$filter=${c}&$select=componenttype,objectid&$top=${n}&$orderby=componenttype`)).data.value.map(d=>({componentType:d.componenttype,componentTypeName:q[d.componenttype]??`Type${d.componenttype}`,objectId:d.objectid}));return{solutionName:i.uniquename,solutionId:u,friendlyName:i.friendlyname,version:i.version,components:o,count:o.length}})}async publishCustomizations(t){try{return await this.requestWithRetry(async()=>{if(!(t&&((t.entities?.length??0)>0||(t.webResources?.length??0)>0||(t.optionSets?.length??0)>0)))return await this.http.post("PublishAllXml",{},{timeoutMs:12e4}),{published:!0,message:"All customizations published successfully"};let n="<importexportxml>";return t.entities?.length&&(n+="<entities>"+t.entities.map(s=>`<entity>${O(s)}</entity>`).join("")+"</entities>"),t.webResources?.length&&(n+="<webresources>"+t.webResources.map(s=>`<webresource>${O(s)}</webresource>`).join("")+"</webresources>"),t.optionSets?.length&&(n+="<optionsets>"+t.optionSets.map(s=>`<optionset>${O(s)}</optionset>`).join("")+"</optionsets>"),n+="</importexportxml>",await this.http.post("PublishXml",{ParameterXml:n},{timeoutMs:12e4}),{published:!0,message:"Selected customizations published successfully"}})}catch(e){if((e instanceof Error?e.message:String(e)).includes("[TRANSIENT_LOCK_EXHAUSTED]")&&(t?.entities?.length??0)>0)return{published:!0,message:"Publish lock exhausted but a concurrent PublishAllXml has already covered these entities. Changes are live. (covered by concurrent publish)"};throw e}}async listDataverseWorkflows(t){return this.requestWithRetry(async()=>{let e=[];t.category!==void 0&&e.push(`category eq ${t.category}`),t.nameContains&&e.push(`contains(name,'${l(t.nameContains)}')`);let n=`workflows?$select=workflowid,name,description,category,statecode,statuscode,type,modifiedon&$orderby=name asc&$top=${t.top??50}`;return e.length>0&&(n+=`&$filter=${e.join(" and ")}`),(await this.http.get(n)).data.value??[]})}async getDataverseWorkflow(t){return this.requestWithRetry(()=>this.http.get(`workflows(${t})?$select=workflowid,name,description,category,statecode,statuscode,type,modifiedon`).then(e=>e.data))}async executeFetchXmlAllPages(t,e){let n=[],s=1,r;do{let i=e;s>1&&(i=i.replace(/<fetch\b([^>]*)>/i,(o,d)=>{let p=d.replace(/\s+page="[^"]*"/g,"").replace(/\s+paging-cookie="[^"]*"/g,""),m=r?` paging-cookie="${r.replace(/"/g,"&quot;").replace(/'/g,"&apos;")}"`:"";return`<fetch${p} page="${s}"${m}>`}));let u=await this.executeFetchXml(t,i),c=u.value??[];n.push(...c);let a=u["@Microsoft.Dynamics.CRM.fetchxmlpagingcookie"];if(!a||c.length===0)break;try{let d=decodeURIComponent(decodeURIComponent(String(a))).match(/pagingcookie="([^"]+)"/);r=d?d[1]:void 0}catch{r=String(a)}if(!r||(s++,s>100))break}while(!0);return n}};export{l as a,A as b};

package/dist/chunk-KJ3HM2VM.js

@@ -0,0 +1 @@
+import{createCipheriv as c,createDecipheriv as a,createHash as g,randomBytes as p}from"crypto";function i(){let e=[process.env.COMPUTERNAME??process.env.HOSTNAME??"",process.env.USERNAME??process.env.USER??"","mcp-dataverse-cache-v1"].join(".");return g("sha256").update(e).digest()}function d(e){let t=i(),s=p(16),r=c("aes-256-gcm",t,s),o=Buffer.concat([r.update(e,"utf-8"),r.final()]),n={v:1,iv:s.toString("hex"),tag:r.getAuthTag().toString("hex"),d:o.toString("hex")};return JSON.stringify(n)}function u(e){let t=JSON.parse(e);if(t.v!==1)throw new Error("Unknown encrypted-blob format version");let s=Buffer.from(t.iv,"hex"),r=Buffer.from(t.tag,"hex"),o=Buffer.from(t.d,"hex"),n=a("aes-256-gcm",i(),s);return n.setAuthTag(r),n.update(o).toString("utf-8")+n.final("utf-8")}function v(e){try{let t=JSON.parse(e);return t.v===1&&typeof t.iv=="string"&&typeof t.tag=="string"&&typeof t.d=="string"}catch{return!1}}export{d as a,u as b,v as c};

package/dist/chunk-M5UROAVJ.js

@@ -0,0 +1,4 @@
+import{a as o}from"./chunk-RYRO3QPE.js";import{ConfidentialClientApplication as c}from"@azure/msal-node";var r=class{environmentUrl;cca;scopes;cachedToken=null;tokenExpiresAt=0;pendingAuth=null;constructor(e,t,i,s){this.environmentUrl=e.replace(/\/$/,""),this.scopes=[`${this.environmentUrl}/.default`],this.cca=new c({auth:{clientId:i,authority:`https://login.microsoftonline.com/${t}`,clientSecret:s}})}async getToken(){let e=Date.now();return this.cachedToken!==null&&this.tokenExpiresAt>e+6e4?this.cachedToken:this.pendingAuth!==null?this.pendingAuth:(this.pendingAuth=this.acquireToken().finally(()=>{this.pendingAuth=null}),this.pendingAuth)}invalidateToken(){this.cachedToken=null,this.tokenExpiresAt=0}async isAuthenticated(){try{return await this.getToken(),!0}catch{return!1}}async acquireToken(){let e;try{e=await this.cca.acquireTokenByClientCredential({scopes:this.scopes})}catch(t){let i=t instanceof Error?t.message:String(t);throw new Error(`Client credentials token acquisition failed: ${i}
+Verify that tenantId, clientId, and clientSecret are correct and that the app registration has been granted access to Dataverse.`)}if(!e?.accessToken)throw new Error("Client credentials flow returned no access token. Ensure the app registration has the Dataverse Application User configured.");return this.cachedToken=e.accessToken,this.tokenExpiresAt=e.expiresOn?e.expiresOn.getTime():Date.now()+36e5,this.cachedToken}};import{ManagedIdentityApplication as h}from"@azure/msal-node";var a=class{environmentUrl;mia;resource;cachedToken=null;tokenExpiresAt=0;pendingAuth=null;constructor(e,t){this.environmentUrl=e.replace(/\/$/,"");let{protocol:i,hostname:s}=new URL(this.environmentUrl);this.resource=`${i}//${s}`,this.mia=new h(t?{managedIdentityIdParams:{userAssignedClientId:t}}:{})}async getToken(){let e=Date.now();return this.cachedToken!==null&&this.tokenExpiresAt>e+6e4?this.cachedToken:this.pendingAuth!==null?this.pendingAuth:(this.pendingAuth=this.acquireToken().finally(()=>{this.pendingAuth=null}),this.pendingAuth)}invalidateToken(){this.cachedToken=null,this.tokenExpiresAt=0}async isAuthenticated(){try{return await this.getToken(),!0}catch{return!1}}async acquireToken(){let e;try{e=await this.mia.acquireToken({resource:this.resource})}catch(t){let i=t instanceof Error?t.message:String(t);throw new Error(`Managed Identity token acquisition failed: ${i}
+This method only works on Azure-hosted environments (App Service, Container Apps, VMs, AKS).
+Ensure the managed identity has been assigned an Application User role in Dataverse.`)}if(!e?.accessToken)throw new Error("Managed Identity flow returned no access token. Verify that the managed identity has been added as a Dataverse Application User.");return this.cachedToken=e.accessToken,this.tokenExpiresAt=e.expiresOn?e.expiresOn.getTime():Date.now()+36e5,this.cachedToken}};function A(n){switch(n.authMethod){case"client-credentials":return new r(n.environmentUrl,n.tenantId,n.clientId,n.clientSecret);case"managed-identity":return new a(n.environmentUrl,n.managedIdentityClientId);case"device-code":default:return new o(n.environmentUrl)}}export{A as a};

package/dist/chunk-OQ46VPYS.js

@@ -0,0 +1,3 @@
+import{b as p,c as I}from"./chunk-KJ3HM2VM.js";import{readFileSync as C,existsSync as v}from"fs";import{join as g}from"path";import{homedir as S}from"os";import{z as t}from"zod";var h=t.object({environmentUrl:t.string().url("Must be a valid Dataverse environment URL").refine(n=>n.startsWith("https://"),{message:"Dataverse environment URL must use HTTPS"}).refine(n=>{try{return new URL(n).hostname.toLowerCase().endsWith(".dynamics.com")}catch{return!1}},{message:"environmentUrl must be a *.dynamics.com host"}),requestTimeoutMs:t.number().positive().default(3e4),maxRetries:t.number().min(0).max(10).default(3),authMethod:t.enum(["device-code","client-credentials","managed-identity"]).default("device-code"),tenantId:t.string().min(1).optional(),clientId:t.string().min(1).optional(),clientSecret:t.string().min(1).optional(),managedIdentityClientId:t.string().min(1).optional()}).superRefine((n,s)=>{n.authMethod==="client-credentials"&&(n.tenantId||s.addIssue({code:t.ZodIssueCode.custom,path:["tenantId"],message:"tenantId is required when authMethod is 'client-credentials'"}),n.clientId||s.addIssue({code:t.ZodIssueCode.custom,path:["clientId"],message:"clientId is required when authMethod is 'client-credentials'"}),n.clientSecret||s.addIssue({code:t.ZodIssueCode.custom,path:["clientSecret"],message:"clientSecret is required when authMethod is 'client-credentials'. Prefer AZURE_CLIENT_SECRET env var over storing it in config.json."}))});var E="config.json";function w(){let n=g(S(),".mcp-dataverse",E),s=process.env.MCP_CONFIG_PATH??(v(n)?n:g(process.cwd(),E)),e={};if(v(s)){let i=C(s,"utf-8");try{e=JSON.parse(i)}catch{throw new Error(`Invalid JSON in ${s}. Check for syntax errors (trailing commas, missing quotes).`)}}let o=process.env.DATAVERSE_ENV_URL??process.env.environmentUrl;o&&(e.environmentUrl=o);let c=process.env.REQUEST_TIMEOUT_MS??process.env.requestTimeoutMs;c&&(e.requestTimeoutMs=Number(c));let a=process.env.MAX_RETRIES??process.env.maxRetries;a&&(e.maxRetries=Number(a));let d=process.env.AUTH_METHOD??process.env.authMethod;d&&(e.authMethod=d);let m=process.env.AZURE_TENANT_ID??process.env.tenantId;m&&(e.tenantId=m);let l=process.env.AZURE_CLIENT_ID??process.env.clientId;l&&(e.clientId=l);let u=process.env.AZURE_CLIENT_SECRET??process.env.clientSecret;if(u)e.clientSecret=u;else if(typeof e.clientSecret=="string"&&I(e.clientSecret))try{e.clientSecret=p(e.clientSecret)}catch{throw new Error("Failed to decrypt clientSecret from config.json. The config may have been created on a different machine or user account. Re-run 'npx mcp-dataverse install' or set AZURE_CLIENT_SECRET env var.")}let f=process.env.AZURE_MANAGED_IDENTITY_CLIENT_ID??process.env.managedIdentityClientId;f&&(e.managedIdentityClientId=f);let r=h.safeParse(e);if(!r.success)throw new Error(`Invalid configuration:
+${r.error.issues.map(i=>`  - ${i.path.join(".")}: ${i.message}`).join(`
+`)}`);return r.data}export{w as a};

package/dist/chunk-RYRO3QPE.js

@@ -0,0 +1,29 @@
+import{a as o,b as a}from"./chunk-KJ3HM2VM.js";import{PublicClientApplication as u}from"@azure/msal-node";import{existsSync as p,mkdirSync as d,readFileSync as m,writeFileSync as f}from"fs";import{homedir as w}from"os";import{join as l}from"path";import{exec as y}from"child_process";import{platform as c}from"process";function v(n){let t=c==="win32"?`echo|set /p="${n}"| clip`:c==="darwin"?`printf '%s' '${n}' | pbcopy`:`printf '%s' '${n}' | xclip -selection clipboard 2>/dev/null || printf '%s' '${n}' | xsel --clipboard 2>/dev/null`;y(t,()=>{})}var g="1950a258-227b-4e31-a9cf-717495945fc2",h=l(w(),".mcp-dataverse"),r=l(h,"msal-cache.json"),C=300*1e3;function k(){return{beforeCacheAccess:async n=>{if(p(r))try{let t=m(r,"utf-8"),e;try{e=a(t)}catch{e=t}n.tokenCache.deserialize(e)}catch{}},afterCacheAccess:async n=>{n.cacheHasChanged&&(d(h,{recursive:!0}),f(r,o(n.tokenCache.serialize()),{encoding:"utf-8",mode:384}))}}}var s=class{environmentUrl;pca;cachedToken=null;tokenExpiresAt=0;pendingAuth=null;constructor(t){this.environmentUrl=t.replace(/\/$/,""),this.pca=new u({auth:{clientId:g,authority:"https://login.microsoftonline.com/common"},cache:{cachePlugin:k()}})}async getToken(){let t=Date.now();return this.cachedToken!==null&&this.tokenExpiresAt>t+6e4?this.cachedToken:this.pendingAuth!==null?this.pendingAuth:(this.pendingAuth=this.refreshToken().finally(()=>{this.pendingAuth=null}),this.pendingAuth)}invalidateToken(){this.cachedToken=null,this.tokenExpiresAt=0}async isAuthenticated(){try{return await this.getToken(),!0}catch{return!1}}async setupViaDeviceCode(){await this.runDeviceCodeFlow()}async refreshToken(){if((await this.pca.getAllAccounts()).length===0){process.stderr.write(`
+[mcp-dataverse] First-time authentication required.
+Environment: ${this.environmentUrl}
+Open the URL below in your browser to sign in.
+
+`);try{return await this.runDeviceCodeFlow(),await this.acquireSilently()}catch(e){let i=e instanceof Error?e.message:String(e);throw new Error(`Authentication setup failed: ${i}
+
+You can also authenticate manually:
+  npx mcp-dataverse-auth ${this.environmentUrl}
+Then restart the MCP server in VS Code.`)}}try{return await this.acquireSilently()}catch{process.stderr.write(`
+[mcp-dataverse] Session expired \u2014 re-authenticating.
+Open the URL below in your browser to sign in again.
+
+`);try{return await this.runDeviceCodeFlow(),await this.acquireSilently()}catch(e){this.cachedToken=null;let i=e instanceof Error?e.message:String(e);throw new Error(`Re-authentication failed: ${i}
+
+To authenticate manually:
+  npx mcp-dataverse-auth ${this.environmentUrl}
+Then restart the MCP server in VS Code.`)}}}async acquireSilently(){let t=await this.pca.getAllAccounts();if(t.length===0)throw new Error("No account found in cache after authentication.");let e=await this.pca.acquireTokenSilent({scopes:[`${this.environmentUrl}/.default`],account:t[0]});if(!e?.accessToken)throw new Error("Token acquisition returned an empty access token.");return this.cacheResult(e),e.accessToken}async runDeviceCodeFlow(){let t=await Promise.race([this.pca.acquireTokenByDeviceCode({scopes:[`${this.environmentUrl}/.default`],deviceCodeCallback:e=>{v(e.userCode),process.stderr.write(`
+[mcp-dataverse] Sign in required
+
+  1. Open ${e.verificationUri} in your browser
+     (use the browser profile linked to your Power Platform account)
+  2. Paste the code: ${e.userCode}  (already copied to your clipboard)
+  3. Sign in with your work account
+
+`)}}),new Promise((e,i)=>setTimeout(()=>i(new Error("Authentication timed out after 5 minutes. Please try again.")),C))]);t&&(this.cacheResult(t),process.stderr.write(`
+[mcp-dataverse] Authenticated \u2713  Token cached \u2014 no sign-in needed next time.
+
+`))}cacheResult(t){this.cachedToken=t.accessToken,this.tokenExpiresAt=t.expiresOn?.getTime()??Date.now()+3300*1e3}};export{s as a};

package/dist/config.loader-YZJ7QTCV.js

@@ -0,0 +1 @@
+import{a}from"./chunk-OQ46VPYS.js";import"./chunk-KJ3HM2VM.js";export{a as loadConfig};

package/dist/dataverse-client-advanced-54FU3FKK.js

@@ -0,0 +1 @@
+import{b as a}from"./chunk-6KQIRQNP.js";export{a as DataverseAdvancedClient};

package/dist/dataverse-client-advanced-CON7DMNS.js

@@ -0,0 +1 @@
+import{b as a}from"./chunk-IA4YDPXM.js";export{a as DataverseAdvancedClient};

package/dist/doctor.js

@@ -1,3 +1,3 @@
 #!/usr/bin/env node
-async function f(){let t=e=>process.stdout.write(e+`
-`),o=e=>t(`  \u2705 ${e}`),n=e=>t(`  \u274C ${e}`);t(""),t("\u{1F3E5} mcp-dataverse doctor"),t("\u2500".repeat(50)),t("");let r=!0;t("\u{1F4CB} Environment");let c=process.version;parseInt(c.slice(1).split(".")[0],10)>=20?o(`Node.js ${c}`):(n(`Node.js ${c} \u2014 requires v20+`),r=!1),t(""),t("\u2699\uFE0F  Configuration");try{let{loadConfig:e}=await import("./config.loader-VTIKUDN7.js"),s=e();o(`Environment URL: ${s.environmentUrl}`),o(`Timeout: ${s.requestTimeoutMs}ms, Retries: ${s.maxRetries}`)}catch(e){let s=e instanceof Error?e.message:String(e);n(`Configuration error: ${s}`),r=!1,t(""),t(r?"\u2705 All checks passed!":"\u274C Some checks failed."),process.exit(r?0:1)}t(""),t("\u{1F511} Authentication");try{let{loadConfig:e}=await import("./config.loader-VTIKUDN7.js"),s=e(),{createAuthProvider:l}=await import("./auth-provider.factory-MSMLSOX3.js"),i=await l(s).getToken();i?(o("Token acquired successfully"),i.split(".").length===3&&o("Valid JWT token format")):(n("No token returned"),r=!1)}catch(e){let s=e instanceof Error?e.message:String(e);n(`Auth failed: ${s}`),r=!1}t(""),t("\u{1F310} Dataverse API");try{let{loadConfig:e}=await import("./config.loader-VTIKUDN7.js"),s=e(),{createAuthProvider:l}=await import("./auth-provider.factory-MSMLSOX3.js"),{DataverseAdvancedClient:m}=await import("./dataverse-client-advanced-EASNSX3M.js"),i=l(s),a=await new m(i,s.maxRetries,s.requestTimeoutMs).whoAmI();o(`Organization: ${a.OrganizationName||"N/A"}`),o(`User ID: ${a.UserId||"N/A"}`),o(`Business Unit: ${a.BusinessUnitId||"N/A"}`),o(`Environment: ${a.EnvironmentUrl||s.environmentUrl}`)}catch(e){let s=e instanceof Error?e.message:String(e);n(`API call failed: ${s}`),r=!1}t(""),t("\u2500".repeat(50)),t(r?"\u2705 All checks passed! Your mcp-dataverse setup is healthy.":"\u274C Some checks failed. Review the errors above."),t(""),process.exit(r?0:1)}export{f as runDoctor};
+async function f(){let n=e=>process.stdout.write(e+`
+`),s=e=>n(`  \u2705 ${e}`),o=e=>n(`  \u274C ${e}`);n(""),n("\u{1F3E5} mcp-dataverse doctor"),n("\u2500".repeat(50)),n("");let i=!0;n("\u{1F4CB} Environment");let c=process.version;parseInt(c.slice(1).split(".")[0],10)>=20?s(`Node.js ${c}`):(o(`Node.js ${c} \u2014 requires v20+`),i=!1),n(""),n("\u2699\uFE0F  Configuration");try{let{loadConfig:e}=await import("./config.loader-YZJ7QTCV.js"),t=e();s(`Environment URL: ${t.environmentUrl}`),s(`Auth method: ${t.authMethod??"device-code"}`),s(`Timeout: ${t.requestTimeoutMs}ms, Retries: ${t.maxRetries}`)}catch(e){let t=e instanceof Error?e.message:String(e);o(`Configuration error: ${t}`),i=!1,n(""),n(i?"\u2705 All checks passed!":"\u274C Some checks failed."),process.exit(i?0:1)}n(""),n("\u{1F511} Authentication");try{let{loadConfig:e}=await import("./config.loader-YZJ7QTCV.js"),t=e(),r=t.authMethod??"device-code";s(`Auth method: ${r}`),r==="client-credentials"?(s(`Tenant ID : ${t.tenantId}`),s(`Client ID : ${t.clientId}`),t.clientSecret&&!process.env.AZURE_CLIENT_SECRET&&!process.env.clientSecret?n("  \u26A0\uFE0F  clientSecret is stored in config file \u2014 prefer AZURE_CLIENT_SECRET env var for production"):s("Client Secret: supplied via env var")):r==="managed-identity"&&(t.managedIdentityClientId?s(`Identity type: user-assigned (clientId: ${t.managedIdentityClientId})`):s("Identity type: system-assigned"));let{createAuthProvider:d}=await import("./auth-provider.factory-IVYKBXVY.js"),l=await d(t).getToken();l?(s("Token acquired successfully"),l.split(".").length===3&&s("Valid JWT token format")):(o("No token returned"),i=!1)}catch(e){let t=e instanceof Error?e.message:String(e);o(`Auth failed: ${t}`),i=!1}n(""),n("\u{1F310} Dataverse API");try{let{loadConfig:e}=await import("./config.loader-YZJ7QTCV.js"),t=e(),{createAuthProvider:r}=await import("./auth-provider.factory-IVYKBXVY.js"),{DataverseAdvancedClient:d}=await import("./dataverse-client-advanced-CON7DMNS.js"),m=r(t),a=await new d(m,t.maxRetries,t.requestTimeoutMs).whoAmI();s(`Organization: ${a.OrganizationName||"N/A"}`),s(`User ID: ${a.UserId||"N/A"}`),s(`Business Unit: ${a.BusinessUnitId||"N/A"}`),s(`Environment: ${a.EnvironmentUrl||t.environmentUrl}`)}catch(e){let t=e instanceof Error?e.message:String(e);o(`API call failed: ${t}`),i=!1}n(""),n("\u2500".repeat(50)),n(i?"\u2705 All checks passed! Your mcp-dataverse setup is healthy.":"\u274C Some checks failed. Review the errors above."),n(""),process.exit(i?0:1)}export{f as runDoctor};

package/dist/entra-jwt-validator-DABIEBOV.js

@@ -0,0 +1,2 @@
+import{createRemoteJWKSet as g,jwtVerify as m}from"jose";function J(d){let{tenantId:s,audience:l,requiredScope:r}=d,u=`https://login.microsoftonline.com/${s}/v2.0`,f=new URL(`https://login.microsoftonline.com/${s}/discovery/v2.0/keys`),p=g(f,{cooldownDuration:3e4,cacheMaxAge:10*6e4});return async function(a){let i;try{i=(await m(a,p,{issuer:u,audience:l,algorithms:["RS256"],clockTolerance:30})).payload}catch(n){let o=n instanceof Error?n.message:String(n);try{let c=a.split(".");if(c.length===3){let t=JSON.parse(Buffer.from(c[1],"base64url").toString("utf8"));process.stderr.write(`[entra-jwt] validation failed: ${o} | aud=${JSON.stringify(t.aud)} iss=${t.iss} scp="${t.scp}" ver=${t.ver}
+`)}}catch{}throw new Error(`Entra JWT validation failed: ${o}`)}if(r){let n=i.scp??"";if(!n.split(" ").includes(r))throw new Error(`Required scope '${r}' not present in token scp claim ('${n}')`)}let e=i;return{oid:e.oid??"",upn:e.upn??e.preferred_username??"",name:e.name??""}}}export{J as createEntraJwtValidator};

package/dist/http-server.js

@@ -1,4 +1,8 @@
-import{createServer as S}from"http";import{timingSafeEqual as u,createHmac as m,randomUUID as v}from"crypto";import{StreamableHTTPServerTransport as w}from"@modelcontextprotocol/sdk/server/streamableHttp.js";function g(a,r){try{let i=Buffer.from("mcp-token-verify-constant"),c=m("sha256",i).update(a).digest(),d=m("sha256",i).update(r).digest();return u(c,d)}catch{return!1}}async function O(a,r,i,c){let d=process.env.MCP_HTTP_JSON_RESPONSE!=="false",l=process.env.MCP_HTTP_SECRET??process.env.BEARER_TOKEN,h=process.env.MCP_HTTP_CORS_ORIGIN??"*",n=new Map,p=S(async(s,e)=>{if(e.setHeader("Access-Control-Allow-Origin",h),e.setHeader("Access-Control-Allow-Methods","GET, POST, DELETE, OPTIONS"),e.setHeader("Access-Control-Allow-Headers","Content-Type, mcp-session-id, Authorization"),s.method==="OPTIONS"){e.writeHead(204),e.end();return}let T=new URL(s.url??"/",`http://localhost:${r}`);if(T.pathname==="/health"&&s.method==="GET"){e.writeHead(200,{"Content-Type":"application/json"}),e.end(JSON.stringify({status:"ok",version:i,tools:c}));return}if(T.pathname==="/mcp"){if(l){let o=s.headers.authorization??"",t=o.startsWith("Bearer ")?o.slice(7):"";if(!g(t,l)){e.writeHead(401,{"Content-Type":"application/json","WWW-Authenticate":'Bearer realm="MCP Dataverse"'}),e.end(JSON.stringify({error:"Unauthorized"}));return}}try{let o=s.headers["mcp-session-id"];if(o){let t=n.get(o);if(!t){e.writeHead(404,{"Content-Type":"application/json"}),e.end(JSON.stringify({error:"Session not found. Please reinitialize."}));return}await t.handleRequest(s,e)}else{if(s.method!=="POST"){e.writeHead(400,{"Content-Type":"application/json"}),e.end(JSON.stringify({error:"mcp-session-id header required for GET and DELETE"}));return}let t=new w({sessionIdGenerator:()=>v(),enableJsonResponse:d});t.sessionId&&(n.set(t.sessionId,t),t.onclose=()=>{t.sessionId&&n.delete(t.sessionId)}),await a().connect(t),await t.handleRequest(s,e),t.sessionId&&(n.has(t.sessionId)||(n.set(t.sessionId,t),t.onclose=()=>{t.sessionId&&n.delete(t.sessionId)}))}}catch(o){process.stderr.write(`[http-server] Unhandled error: ${String(o)}
-`),e.headersSent||(e.writeHead(500,{"Content-Type":"application/json"}),e.end(JSON.stringify({error:"Internal server error"})))}return}e.writeHead(404,{"Content-Type":"application/json"}),e.end(JSON.stringify({error:"Not found"}))});await new Promise(s=>{p.listen(r,()=>{process.stderr.write(`MCP Dataverse HTTP server listening on http://localhost:${r}/mcp
-`),s()})});let f=async()=>{process.stderr.write(`Shutting down HTTP server...
-`);for(let s of n.values())await s.close();p.close(),process.exit(0)};process.on("SIGINT",f),process.on("SIGTERM",f),await new Promise(s=>{p.on("close",s)})}export{O as startHttpTransport};
+import{createServer as N}from"http";import{timingSafeEqual as y,createHmac as I,randomUUID as C}from"crypto";import{StreamableHTTPServerTransport as _}from"@modelcontextprotocol/sdk/server/streamableHttp.js";function A(p,a){try{let d=Buffer.from("mcp-token-verify-constant"),l=I("sha256",d).update(p).digest(),u=I("sha256",d).update(a).digest();return y(l,u)}catch{return!1}}async function U(p,a,d,l){let u=process.env.MCP_HTTP_JSON_RESPONSE!=="false",T=process.env.MCP_HTTP_SECRET??process.env.BEARER_TOKEN,S=process.env.MCP_HTTP_CORS_ORIGIN??"*",s=process.env.ENTRA_TENANT_ID&&process.env.ENTRA_CLIENT_ID?{tenantId:process.env.ENTRA_TENANT_ID,clientId:process.env.ENTRA_CLIENT_ID,audience:process.env.ENTRA_AUDIENCE??`api://${process.env.ENTRA_CLIENT_ID}`,...process.env.ENTRA_REQUIRED_SCOPE!==void 0?{requiredScope:process.env.ENTRA_REQUIRED_SCOPE}:{}}:null,h=null;if(s){let{createEntraJwtValidator:n}=await import("./entra-jwt-validator-DABIEBOV.js");h=n(s),process.stderr.write(`[http-server] Auth mode: entra-jwt (tenant=${s.tenantId}, audience=${s.audience})
+`)}else process.stderr.write(T?`[http-server] Auth mode: static bearer token
+`:`[http-server] WARNING: No auth configured \u2014 all /mcp requests accepted
+`);let w=(process.env.MCP_PUBLIC_URL??`http://localhost:${a}`).replace(/\/$/,""),o=new Map,m=N(async(n,e)=>{if(e.setHeader("Access-Control-Allow-Origin",S),e.setHeader("Access-Control-Allow-Methods","GET, POST, DELETE, OPTIONS"),e.setHeader("Access-Control-Allow-Headers","Content-Type, mcp-session-id, Authorization"),n.method==="OPTIONS"){e.writeHead(204),e.end();return}let f=new URL(n.url??"/",`http://localhost:${a}`);if(f.pathname==="/health"&&n.method==="GET"){e.writeHead(200,{"Content-Type":"application/json"}),e.end(JSON.stringify({status:"ok",version:d,tools:l}));return}if(f.pathname==="/.well-known/oauth-protected-resource"&&n.method==="GET"){let c=s?.tenantId??"";e.writeHead(200,{"Content-Type":"application/json","Cache-Control":"max-age=3600"});let i=s?.clientId??"";e.end(JSON.stringify({resource:`${w}/mcp`,authorization_servers:c?[`https://login.microsoftonline.com/${c}/v2.0`]:[],bearer_methods_supported:["header"],scopes_supported:i?[`api://${i}/DataverseAccess`]:[],resource_documentation:"https://github.com/aileron-split/mcp-dataverse"}));return}if(f.pathname==="/mcp"){let c=n.headers.authorization??"",i=c.startsWith("Bearer ")?c.slice(7):"",g=`${w}/.well-known/oauth-protected-resource`,v=s?`Bearer resource_metadata="${g}", realm="MCP Dataverse"`:'Bearer realm="MCP Dataverse"';if(h){if(!i){e.writeHead(401,{"Content-Type":"application/json","WWW-Authenticate":v}),e.end(JSON.stringify({error:"Unauthorized"}));return}try{await h(i)}catch(r){let t=r instanceof Error?r.message:String(r);process.stderr.write(`[http-server] JWT rejected: ${t}
+`),e.writeHead(401,{"Content-Type":"application/json","WWW-Authenticate":v}),e.end(JSON.stringify({error:"Unauthorized"}));return}}else if(T&&!A(i,T)){e.writeHead(401,{"Content-Type":"application/json","WWW-Authenticate":v}),e.end(JSON.stringify({error:"Unauthorized"}));return}try{let r=n.headers["mcp-session-id"];if(r){let t=o.get(r);if(!t){e.writeHead(404,{"Content-Type":"application/json"}),e.end(JSON.stringify({error:"Session not found. Please reinitialize."}));return}await t.handleRequest(n,e)}else{if(n.method!=="POST"){e.writeHead(400,{"Content-Type":"application/json"}),e.end(JSON.stringify({error:"mcp-session-id header required for GET and DELETE"}));return}let t=new _({sessionIdGenerator:()=>C(),enableJsonResponse:u});t.sessionId&&(o.set(t.sessionId,t),t.onclose=()=>{t.sessionId&&o.delete(t.sessionId)}),await p().connect(t),await t.handleRequest(n,e),t.sessionId&&(o.has(t.sessionId)||(o.set(t.sessionId,t),t.onclose=()=>{t.sessionId&&o.delete(t.sessionId)}))}}catch(r){process.stderr.write(`[http-server] Unhandled error: ${String(r)}
+`),e.headersSent||(e.writeHead(500,{"Content-Type":"application/json"}),e.end(JSON.stringify({error:"Internal server error"})))}return}e.writeHead(404,{"Content-Type":"application/json"}),e.end(JSON.stringify({error:"Not found"}))});await new Promise(n=>{m.listen(a,"0.0.0.0",()=>{process.stderr.write(`MCP Dataverse HTTP server listening on http://0.0.0.0:${a}/mcp
+`),n()})});let E=async()=>{process.stderr.write(`Shutting down HTTP server...
+`);for(let n of o.values())await n.close();m.close(),process.exit(0)};process.on("SIGINT",E),process.on("SIGTERM",E),await new Promise(n=>{m.on("close",n)})}export{U as startHttpTransport};

package/dist/install.js

@@ -1,9 +1,18 @@
 #!/usr/bin/env node
-import{a as f}from"./chunk-24RDOMG4.js";import{createInterface as S}from"readline/promises";import{existsSync as m,mkdirSync as y,readFileSync as b,readdirSync as w,writeFileSync as g}from"fs";import{execFileSync as P}from"child_process";import{homedir as h}from"os";import{join as s}from"path";var v=s(h(),".mcp-dataverse"),l=s(v,"config.json"),e=t=>process.stdout.write(t+`
-`),u=()=>process.stdout.write("\u2500".repeat(58)+`
-`);function A(t){let o=JSON.stringify({name:"mcp-dataverse",type:"stdio",command:"npx",args:["-y","mcp-dataverse"],env:{MCP_CONFIG_PATH:t}}),c=[{label:"VS Code Insiders",bin:"code-insiders"},{label:"VS Code Stable",bin:"code"}],i=[];for(let{label:a,bin:r}of c)try{let n=process.platform==="win32"?["/c",r,"--add-mcp",o]:["--add-mcp",o],d=process.platform==="win32"?"cmd.exe":r;P(d,n,{stdio:"pipe",timeout:15e3}),i.push({label:a,ok:!0})}catch{i.push({label:a,ok:!1})}return i}function I(){let t=h();switch(process.platform){case"win32":{let o=process.env.APPDATA??s(t,"AppData","Roaming");return[{label:"VS Code Insiders",dir:s(o,"Code - Insiders","User")},{label:"VS Code Stable",dir:s(o,"Code","User")}]}case"darwin":return[{label:"VS Code Insiders",dir:s(t,"Library","Application Support","Code - Insiders","User")},{label:"VS Code Stable",dir:s(t,"Library","Application Support","Code","User")}];default:return[{label:"VS Code Insiders",dir:s(t,".config","Code - Insiders","User")},{label:"VS Code Stable",dir:s(t,".config","Code","User")}]}}function V(t){let o={type:"stdio",command:"npx",args:["-y","mcp-dataverse"],env:{MCP_CONFIG_PATH:t}},c=[];for(let{dir:i}of I()){let a=s(i,"profiles");if(!m(a))continue;let r;try{r=w(a)}catch{continue}for(let n of r){let d=s(a,n,"mcp.json");if(m(d))try{let C=b(d,"utf-8"),p=JSON.parse(C);p.servers||(p.servers={}),p.servers["mcp-dataverse"]=o,g(d,JSON.stringify(p,null,"	")+`
-`,"utf-8"),c.push(d)}catch{}}}return c}function U(t){if(!t.startsWith("https://"))return"URL must start with https://";try{if(!new URL(t).hostname.toLowerCase().endsWith(".dynamics.com"))return"Must be a *.dynamics.com URL (your Power Platform environment)"}catch{return"Invalid URL format"}return null}function D(t){e("  Add this to your VS Code mcp.json (Ctrl+Shift+P \u2192 MCP: Open User Configuration):"),e(""),e('  "mcp-dataverse": {'),e('    "type": "stdio",'),e('    "command": "npx",'),e('    "args": ["-y", "mcp-dataverse"],'),e(`    "env": { "MCP_CONFIG_PATH": "${t.replace(/\\/g,"\\\\")}" }`),e("  }")}async function N(){e(""),e("\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557"),e("\u2551          MCP Dataverse \u2014 Interactive Setup             \u2551"),e("\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D"),e(""),e("This wizard will:"),e("  1. Ask for your Dataverse environment URL"),e("  2. Save configuration to  ~/.mcp-dataverse/config.json"),e("  3. Register the server in VS Code via CLI"),e("  4. Authenticate with your Microsoft account"),e(""),u();let t=S({input:process.stdin,output:process.stdout}),o="";for(;!o;){let r=(await t.question(`Dataverse environment URL
-  e.g. https://contoso.crm.dynamics.com
-\u203A `)).trim().replace(/\/$/,""),n=U(r);if(n){e(`  \u2717 ${n}
-`);continue}o=r}t.close(),e(""),e("Saving configuration\u2026"),y(v,{recursive:!0}),g(l,JSON.stringify({environmentUrl:o},null,2)+`
-`,"utf-8"),e(`  \u2713 ${l}`),e(""),e("Registering in VS Code\u2026");let c=A(l),i=c.filter(r=>r.ok);if(i.length>0){for(let{label:n}of i)e(`  \u2713 ${n}: registered via --add-mcp`);let r=c.filter(n=>!n.ok);for(let{label:n}of r)e(`  \u2013 ${n}: not found on PATH (skipped)`)}else e("  \u26A0 Neither 'code' nor 'code-insiders' found on PATH."),e("  Register manually:"),e(""),D(l);let a=V(l);a.length>0&&e(`  + Patched ${a.length} custom profile(s)`),e(""),u(),e("Authenticating with Microsoft\u2026"),e("(A prompt will appear below \u2014 open the URL and enter the code)"),e("");try{await new f(o).setupViaDeviceCode(),u(),e(""),e("  \u2713  Setup complete!"),e(""),i.length>0?(e("  The MCP server is now registered in VS Code."),e("  Open VS Code \u2192 Copilot chat \u2192 the 50 Dataverse tools are ready to use.")):(e("  Configuration and authentication are ready."),e("  Register the server manually (see snippet above), then restart VS Code.")),e("")}catch(r){let n=r instanceof Error?r.message:String(r);u(),e(`  \u2717 Authentication failed: ${n}`),e(""),e("  Configuration was saved. Authenticate later by restarting the MCP server \u2014"),e("  it will prompt for device code on startup."),e(""),process.exit(1)}}export{N as runInstall};
+import{a as y}from"./chunk-RYRO3QPE.js";import{a as S}from"./chunk-KJ3HM2VM.js";import{createInterface as _}from"readline/promises";import{mkdirSync as N,writeFileSync as H}from"fs";import{homedir as $}from"os";import{join as T}from"path";import{execFileSync as w}from"child_process";import{existsSync as b,readFileSync as M,readdirSync as k,writeFileSync as V}from"fs";import{homedir as L}from"os";import{join as f}from"path";var e=n=>{process.stdout.write(n+`
+`)},l=()=>{process.stdout.write("\u2500".repeat(58)+`
+`)};function R(n){let r=JSON.stringify({name:"mcp-dataverse",type:"stdio",command:"npx",args:["-y","mcp-dataverse"],env:{MCP_CONFIG_PATH:n}}),a=[{label:"VS Code Insiders",bin:"code-insiders"},{label:"VS Code Stable",bin:"code"}],o=[];for(let{label:i,bin:d}of a)try{let c=process.platform==="win32"?["/c",d,"--add-mcp",r]:["--add-mcp",r],p=process.platform==="win32"?"cmd.exe":d;w(p,c,{stdio:"pipe",timeout:15e3}),o.push({label:i,ok:!0})}catch{o.push({label:i,ok:!1})}return o}function P(n){let r=JSON.stringify({name:"mcp-dataverse",type:"http",url:n}),a=[{label:"VS Code Insiders",bin:"code-insiders"},{label:"VS Code Stable",bin:"code"}],o=[];for(let{label:i,bin:d}of a)try{let c=process.platform==="win32"?["/c",d,"--add-mcp",r]:["--add-mcp",r],p=process.platform==="win32"?"cmd.exe":d;w(p,c,{stdio:"pipe",timeout:15e3}),o.push({label:i,ok:!0})}catch{o.push({label:i,ok:!1})}return o}function x(){let n=L();switch(process.platform){case"win32":{let r=process.env.APPDATA??f(n,"AppData","Roaming");return[{label:"VS Code Insiders",dir:f(r,"Code - Insiders","User")},{label:"VS Code Stable",dir:f(r,"Code","User")}]}case"darwin":return[{label:"VS Code Insiders",dir:f(n,"Library","Application Support","Code - Insiders","User")},{label:"VS Code Stable",dir:f(n,"Library","Application Support","Code","User")}];default:return[{label:"VS Code Insiders",dir:f(n,".config","Code - Insiders","User")},{label:"VS Code Stable",dir:f(n,".config","Code","User")}]}}function g(n){let r=[];for(let{dir:a}of x()){let o=f(a,"profiles");if(!b(o))continue;let i;try{i=k(o)}catch{continue}for(let d of i){let c=f(o,d,"mcp.json");if(b(c))try{let p=M(c,"utf-8"),m=JSON.parse(p);m.servers||(m.servers={}),m.servers["mcp-dataverse"]=n,V(c,JSON.stringify(m,null,"	")+`
+`,"utf-8"),r.push(c)}catch{}}}return r}function A(n){if(!n.startsWith("https://"))return"URL must start with https://";try{if(!new URL(n).hostname.toLowerCase().endsWith(".dynamics.com"))return"Must be a *.dynamics.com URL (your Power Platform environment)"}catch{return"Invalid URL format"}return null}function I(n){e("  Add this to your VS Code mcp.json (Ctrl+Shift+P \u2192 MCP: Open User Configuration):"),e(""),e('  "mcp-dataverse": {'),e('    "type": "http",'),e(`    "url": "${n}"`),e("  }")}function E(n){e("  Add this to your VS Code mcp.json (Ctrl+Shift+P \u2192 MCP: Open User Configuration):"),e(""),e('  "mcp-dataverse": {'),e('    "type": "stdio",'),e('    "command": "npx",'),e('    "args": ["-y", "mcp-dataverse"],'),e(`    "env": { "MCP_CONFIG_PATH": "${n.replace(/\\/g,"\\\\")}" }`),e("  }")}var U=T($(),".mcp-dataverse"),v=T(U,"config.json");async function X(){e(""),e("\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557"),e("\u2551          MCP Dataverse \u2014 Interactive Setup             \u2551"),e("\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D"),e("");let n=_({input:process.stdin,output:process.stdout});e("Step 1 / 2  \u2014  Connection Mode"),l(),e("  How will you use the MCP Dataverse server?"),e(""),e("  1)  HTTP  (hosted server)    The server is already deployed on Azure."),e("                               You just need its endpoint URL."),e("                               \u2192 Dev connects via HTTPS, VS Code handles auth."),e(""),e("  2)  stdio (local server)     The server runs on this machine via npx."),e("                               You need a Dataverse URL + credentials."),e("");let r="http";for(;;){let t=(await n.question("Select [1/2]  default 1: ")).trim();if(!t||t==="1"){r="http";break}if(t==="2"){r="stdio";break}e(`  \u2717 Please enter 1 or 2.
+`)}if(e(`  \u2713 ${r==="http"?"HTTP (hosted)":"stdio (local)"}`),e(""),r==="http"){e("Step 2 / 2  \u2014  MCP Server Endpoint"),l(),e("  The HTTPS URL of your hosted MCP Dataverse server."),e("  e.g. https://mcp-dataverse-api.azurewebsites.net/mcp"),e(""),e("  Authentication against the server is handled automatically by VS Code"),e("  using your signed-in Microsoft account (Entra ID)."),e("");let t="";for(;!t;){let u=(await n.question(`Server URL
+\u203A `)).trim().replace(/\/$/,"");if(!u.startsWith("https://")){e(`  \u2717 URL must start with https://
+`);continue}try{new URL(u)}catch{e(`  \u2717 Invalid URL format.
+`);continue}t=u}e(`  \u2713 ${t}`),e(""),n.close(),e("Registering in VS Code\u2026");let s=P(t),h=s.filter(u=>u.ok);if(h.length>0){for(let{label:u}of h)e(`  \u2713 ${u}`);for(let{label:u}of s.filter(D=>!D.ok))e(`  \u2013 ${u}: not found on PATH (skipped)`)}else e("  \u26A0  Neither 'code' nor 'code-insiders' found on PATH."),e("  Register manually:"),e(""),I(t);let C=g({type:"http",url:t});C.length>0&&e(`  + Patched ${C.length} custom VS Code profile(s)`),l(),e(""),e("  \u2713  Setup complete!"),e(""),e("  Restart VS Code \u2014 the MCP Dataverse tools will be available in Copilot chat."),e("  VS Code will sign you in automatically with your Microsoft account."),e("");return}e("Step 2 / 3  \u2014  Dataverse Environment"),l(),e("  The URL of your Power Platform / Dataverse environment."),e("  Find it in https://admin.powerplatform.microsoft.com \u2192 Environments \u2192 <your env>."),e("");let a="";for(;!a;){let t=(await n.question(`Environment URL  (e.g. https://contoso.crm.dynamics.com)
+\u203A `)).trim().replace(/\/$/,""),s=A(t);if(s){e(`  \u2717 ${s}
+`);continue}a=t}e(`  \u2713 ${a}`),e(""),e("Step 3 / 3  \u2014  Authentication Method"),l(),e("  1)  Device Code          Sign in with your Microsoft account in a browser"),e("                           Recommended for individual developers"),e(""),e("  2)  Client Credentials   Use an Azure App Registration   (service / CI/CD)"),e("                           Requires Tenant ID \xB7 Client ID \xB7 Client Secret"),e(""),e("  \u2139  Need Managed Identity? Go back and choose 'On Azure / hosted' (option 1)."),e("     Managed Identity only works when the server runs on Azure \u2014 not locally."),e("");let o="device-code";for(;;){let t=(await n.question("Select [1/2]  default 1: ")).trim();if(!t||t==="1"){o="device-code";break}if(t==="2"){o="client-credentials";break}e(`  \u2717 Please enter 1 or 2.
+`)}e(`  \u2713 ${o}`),e("");let i={environmentUrl:a,authMethod:o};if(o==="client-credentials"){e("Step 4 / 4  \u2014  App Registration Details"),l(),e("  Enter the values from Azure Portal \u2192 App registrations \u2192 your app."),e("  You can also supply these as environment variables (recommended for secrets)."),e("");let t="";for(;!t;)t=(await n.question(`Tenant ID      (env: AZURE_TENANT_ID)
+\u203A `)).trim(),t||e(`  \u2717 Required.
+`);let s="";for(;!s;)s=(await n.question(`Client ID      (env: AZURE_CLIENT_ID)
+\u203A `)).trim(),s||e(`  \u2717 Required.
+`);e(""),e("  Client Secret: leave blank to provide it via env var AZURE_CLIENT_SECRET"),e("  (safer \u2014 avoids storing the secret in config.json)."),e("");let h=(await n.question(`Client Secret  (env: AZURE_CLIENT_SECRET)  [Enter to skip]
+\u203A `)).trim();i.tenantId=t,i.clientId=s,h?(i.clientSecret=S(h),e(""),e("  \u2713 Secret encrypted (AES-256-GCM, machine-bound key) and stored in config.json."),e("  \u26A0  Do not commit config.json to version control.")):(e(""),e("  \u2192 Set AZURE_CLIENT_SECRET in your environment or in the 'env' block of mcp.json.")),e("")}n.close(),e("Saving configuration\u2026"),N(U,{recursive:!0}),H(v,JSON.stringify(i,null,2)+`
+`,{encoding:"utf-8",mode:384}),e(`  \u2713 ${v}`),e(""),e("Registering in VS Code\u2026");let d={type:"stdio",command:"npx",args:["-y","mcp-dataverse"],env:{MCP_CONFIG_PATH:v}},c=R(v),p=c.filter(t=>t.ok);if(p.length>0){for(let{label:t}of p)e(`  \u2713 ${t}`);for(let{label:t}of c.filter(s=>!s.ok))e(`  \u2013 ${t}: not found on PATH (skipped)`)}else e("  \u26A0  Neither 'code' nor 'code-insiders' found on PATH."),e("  Register manually:"),e(""),E(v);let m=g(d);if(m.length>0&&e(`  + Patched ${m.length} custom VS Code profile(s)`),e(""),l(),o!=="device-code"){e(""),e("  \u2713  Setup complete!"),e(""),e("  Restart VS Code to activate the MCP server."),o==="client-credentials"&&!i.clientSecret&&e("  Remember to set AZURE_CLIENT_SECRET before starting the server."),e("");return}e("Authenticating with Microsoft\u2026"),e("(Open the URL shown below and enter the code to complete sign-in)"),e("");try{await new y(a).setupViaDeviceCode(),l(),e(""),e("  \u2713  Setup complete!"),e(""),p.length>0?(e("  The MCP server is registered in VS Code."),e("  Open VS Code \u2192 Copilot chat \u2014 your Dataverse tools are ready.")):(e("  Config and authentication saved."),e("  Register the server manually (see snippet above), then restart VS Code.")),e("")}catch(t){let s=t instanceof Error?t.message:String(t);l(),e(`  \u2717 Authentication failed: ${s}`),e(""),e("  Configuration was saved. Run 'npx mcp-dataverse install' again to retry."),e(""),process.exit(1)}}export{X as runInstall};