sharepoint-mcp
Provides tools for managing Vault secrets and token operations, serving as the token storage backend for SharePoint authentication via Microsoft Graph.
sharepoint-mcp
Node.js MCP server for Microsoft SharePoint via Microsoft Graph, built from the FortisAI-compatible MCP skeleton. It includes:
SharePoint site, search, drive, folder, metadata, and text-content tools
Vault-backed Microsoft Graph token lookup by user id
Postgres-backed configuration management
stdio and HTTP MCP transports
Security and operational defaults for production-style patterns
Purpose
This repository is a local starting point for a FortisAI SharePoint MCP that can later sit behind an OpenAPI gateway. The initial implementation is intentionally read-focused for SharePoint content discovery and retrieval. Mutating admin tools are inherited from the skeleton and remain protected by MCP_ADMIN_AUTH_KEY when configured.
Related MCP server: SharePoint MCP Server
SharePoint Architecture
Runtime flow:
src/index.js boots the app, creates services, and connects MCP stdio transport.
src/config/env.js loads and validates environment configuration.
src/services/configStore.js handles Postgres persistence.
src/services/vault.js handles Vault operations and write retry queue.
src/services/security.js redacts sensitive fields.
src/mcp/server.js registers MCP tools and applies auth/error wrappers.
src/http/server.js exposes MCP over HTTP with auth, limits, and access logs.
src/http/index.js boots the dedicated HTTP MCP process.
src/start-both.js starts stdio and HTTP as separate child processes.
Local infrastructure:
docker-compose.yml runs Postgres and Vault for local development.
docker-compose.external.yml runs only the MCP app against external Postgres and Vault services.
initdb/001_config.sh creates and seeds the app-prefixed config table.
Registering The MCP Server
This repository can be registered with MCP clients in either stdio mode or HTTP mode.
For local development, stdio is the simplest option:
{
"mcpServers": {
"sharepoint-mcp": {
"command": "npm",
"args": ["run", "start:stdio"],
"cwd": "/Users/lesterjohn/Documents/Github/sharepoint-mcp"
}
}
}For HTTP-capable clients, use npm run start:http and point the client at the /mcp endpoint.
Codex
Use stdio for Codex unless you specifically need HTTP. Add the server to your Codex MCP configuration using the local workspace path:
Config file:
~/.codex/config.tomlTransport: stdio
{
"mcpServers": {
"sharepoint-mcp": {
"command": "npm",
"args": ["run", "start:stdio"],
"cwd": "/Users/lesterjohn/Documents/Github/sharepoint-mcp"
}
}
}If you prefer HTTP, run npm run start:http in this repository and configure Codex to send MCP requests to http://127.0.0.1:3000/mcp.
VS Code
Use stdio in VS Code for local workspace access, or HTTP if your setup routes MCP servers over a local endpoint:
Config file:
.vscode/mcp.jsonTransport: stdio or HTTP
{
"command": "npm",
"args": ["run", "start:stdio"],
"cwd": "/Users/lesterjohn/Documents/Github/sharepoint-mcp"
}If your VS Code setup uses HTTP transport, point it at http://127.0.0.1:3000/mcp after starting npm run start:http.
Claude
For Claude Desktop, use stdio and add an MCP server entry that launches the process from this repository:
Config file:
~/Library/Application Support/Claude/claude_desktop_config.jsonTransport: stdio
{
"mcpServers": {
"sharepoint-mcp": {
"command": "npm",
"args": ["run", "start:stdio"],
"cwd": "/Users/lesterjohn/Documents/Github/sharepoint-mcp"
}
}
}If you are using a Claude setup that supports MCP over HTTP, point it at http://127.0.0.1:3000/mcp.
Tool Catalog
SharePoint tools:
sharepoint_connection_info: show Graph endpoint, token source configuration, Vault path template, and limits without exposing token values.sharepoint_list_sites: search SharePoint sites withsearch,limit, optionaluserId, and optional directaccessToken.sharepoint_get_site: fetch a site by GraphsiteId.sharepoint_search: run Microsoft Graph search oversite,driveItem, and related entity types.sharepoint_list_drives: list document libraries for a site.sharepoint_list_folder: list folder children usingsiteIdplus optionaldriveId,itemId, orpath.sharepoint_get_file_metadata: fetch drive item metadata usingsiteIdplus optionaldriveId,itemId, orpath.sharepoint_get_file_text: retrieve file content as UTF-8 text with a configurable byte cap.
Inherited read-only admin tools:
connection_infovault_connection_infohealthchecklist_configsget_configlist_secretsget_secretvault_agent_token_readtoken_lookup_selftoken_rotation_config
Inherited mutating admin tools:
set_configdelete_configset_secretdelete_secrettoken_renew_selftoken_createtoken_revoketoken_revoke_selfvault_seed_http_tokenvault_seed_oauth_token
If MCP_ADMIN_AUTH_KEY is configured, mutating tools require authorizationKey.
SharePoint Authentication
The SharePoint tools resolve a Microsoft Graph access token in this order:
accessTokenargument on the tool call. This is useful for direct testing only.SHAREPOINT_ACCESS_TOKENenvironment variable.Vault secret at
SHAREPOINT_VAULT_ACCESS_TOKEN_PATH, defaulting tosharepoint/oauth/{userId}/access-token.
Vault token secrets may use any of these field names:
access_tokenaccessTokentoken
For FortisAI, prefer Vault storage and pass a server-controlled userId from the OpenAPI gateway or wrapper instead of letting arbitrary callers choose another user's token.
Security Behavior
Sensitive fields are redacted unless MCP_ALLOW_SENSITIVE_OUTPUT=true.
Mutating operations can be access controlled with MCP_ADMIN_AUTH_KEY.
Vault write operations are serialized through an internal queue and retried with exponential backoff.
Environment Variables
Core:
APP_NAME
MCP_SERVER_NAME
MCP_SERVER_VERSION
MCP_ALLOW_SENSITIVE_OUTPUT
MCP_ADMIN_AUTH_KEY
MCP_TRANSPORT_MODE (
stdio,http, orboth)MCP_CONFIG_DEFAULT_USER_ID
MCP_TOKEN_ROTATION_DEFAULT_INTERVAL_MS
MCP_TOKEN_ROTATION_USER_INTERVAL_CONFIG_KEY
MCP_VAULT_AGENT_AUTH_MODE_CONFIG_KEY
MCP_VAULT_AGENT_TOKEN_FILE_PATH_CONFIG_KEY
MCP_VAULT_AGENT_LISTENER_ADDR_CONFIG_KEY
HTTP transport:
MCP_HTTP_HOST
MCP_HTTP_PORT
MCP_HTTP_PATH
MCP_HTTP_HEALTH_PATH
MCP_HTTP_AUTH_MODE (
token,oauth2,both)MCP_HTTP_TOKEN_SOURCE (
vault,env)MCP_HTTP_AUTH_TOKENS (comma-separated bearer tokens)
MCP_HTTP_TRUST_PROXY
MCP_HTTP_ALLOWED_ORIGINS (comma-separated)
MCP_HTTP_ALLOWED_IPS (comma-separated)
MCP_HTTP_MAX_BODY_BYTES
MCP_HTTP_RATE_LIMIT_WINDOW_MS
MCP_HTTP_RATE_LIMIT_MAX_REQUESTS
MCP_HTTP_VAULT_TOKEN_INDEX_PATH
MCP_HTTP_VAULT_TOKEN_DEFAULT_USER_ID
MCP_HTTP_VAULT_TOKEN_REQUIRED_SCOPES
MCP_HTTP_VAULT_TOKEN_REQUIRED_AUDIENCE
MCP_HTTP_VAULT_TOKEN_CACHE_TTL_MS
MCP_HTTP_OAUTH2_INTROSPECTION_URL
MCP_HTTP_OAUTH2_CLIENT_ID
MCP_HTTP_OAUTH2_CLIENT_SECRET
MCP_HTTP_OAUTH2_REQUIRED_SCOPES
MCP_HTTP_OAUTH2_REQUIRED_AUDIENCE
MCP_HTTP_OAUTH2_TIMEOUT_MS
MCP_HTTP_OAUTH2_CACHE_TTL_MS
MCP_HTTP_TLS_ENABLED
MCP_HTTP_TLS_CERT_PATH
MCP_HTTP_TLS_KEY_PATH
Postgres:
POSTGRES_HOST
POSTGRES_PORT
POSTGRES_EXPOSED_PORT (host-exposed Docker port; default
5432)POSTGRES_DB
POSTGRES_USER
POSTGRES_PASSWORD
Postgres config model:
Configuration data is multi-user scoped in
sharepoint_configusing composite key(user_id, key).MCP config tools accept optional
userId; when omitted,MCP_CONFIG_DEFAULT_USER_IDis used.Seed records include:
default/sharepoint.featuredefault/app.defaultsfor future default parameters.default/token.rotation.intervalMsdefault/vault.agent.auth.modedefault/vault.agent.tokenFilePathdefault/vault.agent.listener.addr
SharePoint:
SHAREPOINT_GRAPH_BASE_URL
SHAREPOINT_DEFAULT_USER_ID
SHAREPOINT_ACCESS_TOKEN
SHAREPOINT_VAULT_ACCESS_TOKEN_PATH
SHAREPOINT_TIMEOUT_MS
SHAREPOINT_MAX_RESPONSE_CHARS
Vault:
VAULT_ADDR
VAULT_EXPOSED_PORT (host-exposed Docker port; default
8200)VAULT_CLUSTER_EXPOSED_PORT (host-exposed Docker port for cluster listener in production compose; default
8201)VAULT_TOKEN
VAULT_AGENT_ENABLED
VAULT_AGENT_AUTH_MODE (
none,file,listener,both)VAULT_AGENT_TOKEN_FILE_PATH
VAULT_AGENT_LISTENER_ENABLED
VAULT_AGENT_LISTENER_ADDR
VAULT_UNSEAL_KEY
VAULT_KV_MOUNT
VAULT_WRITE_RETRY_ATTEMPTS
VAULT_WRITE_RETRY_BASE_DELAY_MS
VAULT_WRITE_RETRY_MAX_DELAY_MS
Compose-exposed HTTP:
MCP_HTTP_EXPOSED_PORT (host-exposed Docker port for
mcp-http; default3000)
Naming defaults:
APP_NAMEdefaults tosharepoint.The Postgres config table defaults to
${APP_NAME}_config.The Vault token index path defaults to
${APP_NAME}/http/auth/token-index.Set only
APP_NAMEto rename the app-scoped Vault/Postgres schema across local and external stores.
Reference values are in .env.example.
Quick Start
Install dependencies.
Copy .env.example to .env.
Start local services with docker compose up -d.
Resolve the managed unseal key:
npm run vault:unseal-key -- --json.Initialize and unseal local Vault (first run):
docker exec -e VAULT_ADDR=http://127.0.0.1:8200 sharepoint-mcp-vault vault operator init -key-shares=1 -key-threshold=1 -format=json
docker exec -e VAULT_ADDR=http://127.0.0.1:8200 sharepoint-mcp-vault vault operator unseal <unseal_key_from_init_or_env>Seed a test secret in Vault.
Start the MCP server with npm start.
Run tests with npm test.
External Services Mode
Use this mode when Vault and Postgres are already managed outside this repository.
Required environment variables:
POSTGRES_HOST,POSTGRES_PORT,POSTGRES_DB,POSTGRES_USER,POSTGRES_PASSWORDVAULT_ADDR,VAULT_TOKEN
Run the app-only compose stack:
docker compose -f docker-compose.external.yml up -dNotes:
The app still uses Vault for secrets and Postgres for config.
The external stack is the same MCP HTTP container, but it skips local Postgres/Vault containers.
If you keep Vault sealed, the app will still require whatever unseal process your external Vault uses.
Test Coverage Notes
Current automation includes listener-related coverage for Vault Agent runtime resolution.
tests/vault-agent-runtime.test.js validates:
listener mode resolution from Postgres defaults
both mode resolution (listener + file)
fallback to environment values when database mode is invalid
Transport scripts:
# stdio only (default)
npm run start:stdio
# HTTP transport only
npm run start:http
# run stdio + HTTP as two processes
npm run start:bothHTTP MCP Endpoint
Default endpoint values:
MCP URL:
http://127.0.0.1:3000/mcpHealth URL:
http://127.0.0.1:3000/healthz
HTTP transport security controls:
Every
/mcprequest requiresAuthorization: Bearer <token>.For
MCP_HTTP_AUTH_MODE=token, setMCP_HTTP_TOKEN_SOURCE=vaultto validate tokens from Vault.For
MCP_HTTP_AUTH_MODE=oauth2, bearer tokens are validated by OAuth2 introspection.For
MCP_HTTP_AUTH_MODE=both, either token strategy can authorize requests.Mutating tools still require
authorizationKeywhenMCP_ADMIN_AUTH_KEYis set.Request limits are enforced with:
MCP_HTTP_MAX_BODY_BYTESMCP_HTTP_RATE_LIMIT_WINDOW_MSMCP_HTTP_RATE_LIMIT_MAX_REQUESTS
Optional network restrictions:
MCP_HTTP_ALLOWED_ORIGINSMCP_HTTP_ALLOWED_IPS
Vault Multi-User Token Model
Store HTTP bearer tokens in Vault at MCP_HTTP_VAULT_TOKEN_INDEX_PATH.
Default-user fallback behavior:
MCP_HTTP_VAULT_TOKEN_DEFAULT_USER_IDdefaults todefault.If no non-default users exist in the token index, the default user is always used as fallback.
Supported index shape:
{
"tokens": {
"<sha256(token)>": {
"userId": "user-123",
"tokenId": "tok-123",
"active": true,
"scopes": ["mcp:invoke", "mcp:read"],
"audience": ["codex", "claude"],
"expiresAt": "2026-12-31T23:59:59Z"
}
}
}Notes:
Store only token hashes in Vault index data, never plaintext tokens.
MCP_HTTP_VAULT_TOKEN_REQUIRED_SCOPESandMCP_HTTP_VAULT_TOKEN_REQUIRED_AUDIENCEenforce policy checks.This keeps secrets in Vault under the app-prefixed root while configuration remains in the app-prefixed Postgres table.
Vault HTTP Token Seeding
Use the helper script to generate an opaque bearer token and store it in the Vault user token structure:
npm run vault:seed-http-token -- --user-id default --jsonUseful options:
--user-id <id>: Vault user to seed.--token-id <id>: Optional token id stored with the entry.--scopes <list>: Comma or space separated scopes.--audience <list>: Comma or space separated audience values.--expires-at <value>: Optional ISO timestamp or unix seconds.--path <vault-path>: Override the token index path.
The script writes the token record under the app-prefixed user structure and mirrors the token in the top-level token map for compatibility.
If you need to reseed a user, run the script again with the same --user-id and a new --token-id.
Vault OAuth Token Seeding
Use the helper script to store a provided OAuth access token in the Vault user token structure:
npm run vault:seed-oauth-token -- --token "$OAUTH_ACCESS_TOKEN" --user-id default --jsonUseful options:
--token <value>: OAuth access token to seed.--user-id <id>: Vault user to seed.--token-id <id>: Optional token id stored with the entry.--scopes <list>: Comma or space separated scopes.--audience <list>: Comma or space separated audience values.--expires-at <value>: Optional ISO timestamp or unix seconds.--path <vault-path>: Override the token index path.
The script stores the provided token under the app-prefixed user structure, keeps the top-level token map aligned, and marks the entry as oauth2 in Vault metadata.
MCP Tool
The same capability is exposed as an MCP tool for controlled setup workflows:
vault_seed_http_token: generate a bearer token and store it in the Vault HTTP token index for a user.vault_seed_oauth_token: store a provided OAuth access token in the Vault HTTP token index for a user.
The tool requires authorizationKey when MCP_ADMIN_AUTH_KEY is configured.
Vault Token Lifecycle MCP Tools
The server exposes node-vault token lifecycle methods as MCP tools:
token_lookup_self->tokenLookupSelftoken_renew_self->tokenRenewSelftoken_create->tokenCreatetoken_revoke->tokenRevoketoken_revoke_self->tokenRevokeSelf
These tools are intended for controlled operational usage and are guarded by admin authorization when MCP_ADMIN_AUTH_KEY is configured.
Vault Agent Auto-Auth and Token Renewal
Vault Agent can own token auth/renewal while this service reads the sink token file.
Enable with
VAULT_AGENT_ENABLED=trueChoose auth mode with
VAULT_AGENT_AUTH_MODE:file: use Vault Agent token sink filelistener: use Vault Agent listener endpointboth: enable listener operations and file-based token read workflows
Configure sink file path with
VAULT_AGENT_TOKEN_FILE_PATHEnable listener with
VAULT_AGENT_LISTENER_ENABLED=trueConfigure listener with
VAULT_AGENT_LISTENER_ADDRUse
vault_agent_token_readwhen application workflows need token sink visibility
When Vault Agent mode is enabled:
File mode refreshes token state from the configured token sink path.
Listener mode routes Vault operations through the configured Vault Agent listener.
Both mode supports listener operations and token sink read workflows.
Option 3: Postgres-Backed Non-Secret Vault Agent Settings
This server supports storing non-secret Vault Agent runtime pointers/settings in Postgres while keeping token material in Vault.
Runtime settings are read from default user config scope (
MCP_CONFIG_DEFAULT_USER_ID).Key names are configurable with:
MCP_VAULT_AGENT_AUTH_MODE_CONFIG_KEYMCP_VAULT_AGENT_TOKEN_FILE_PATH_CONFIG_KEYMCP_VAULT_AGENT_LISTENER_ADDR_CONFIG_KEY
Recommended values in Postgres:
vault.agent.auth.modevault.agent.tokenFilePathvault.agent.listener.addr
Rotation Time Configuration
Rotation interval supports both global defaults and user-scoped overrides:
Global default env variable:
MCP_TOKEN_ROTATION_DEFAULT_INTERVAL_MSUser-scoped config key name:
MCP_TOKEN_ROTATION_USER_INTERVAL_CONFIG_KEY(defaulttoken.rotation.intervalMs)
Effective value resolution is:
User-scoped Postgres config (
userId+ key)Default user Postgres config (
default+ key)Global env default
Use token_rotation_config tool to inspect the resolved rotation interval for a user scope.
Minimal remote call example:
curl -i http://127.0.0.1:3000/mcp \
-H "Authorization: Bearer replace-me-token" \
-H "Accept: application/json, text/event-stream" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "initialize",
"params": {
"protocolVersion": "2025-11-25",
"capabilities": {},
"clientInfo": { "name": "client", "version": "1.0.0" }
}
}'HTTPS Deployment Choice
This repository uses a reverse proxy (recommended): terminate TLS at a reverse proxy or load balancer.
Keep this app on internal HTTP.
Enforce HTTPS, client allowlists, and edge-level controls at the proxy/LB.
Forward traffic to
MCP_HTTP_HOST:MCP_HTTP_PORT.Keep
MCP_HTTP_TLS_ENABLED=falsein this process mode.
Popular patterns include Nginx, Traefik, Envoy, ALB/NLB, or Cloudflare Tunnel in front of /mcp.
Vault Production Migration (Raft)
The repository now includes a Vault production migration scaffold under vault-production:
vault-production/config/vault.hcl: Raft-backed Vault server configuration.
vault-production/docker-compose.vault-prod.yml: Compose definition for Vault in server mode (non-dev).
vault-production/scripts/convert-dev-to-prod.sh: Script to export dev KV data, start Raft Vault, initialize/unseal, and import secrets.
vault-production/scripts/bootstrap-post-conversion.sh: Script to enable audit, write policy, configure AppRole, and emit service credentials.
scripts/vault-unseal-key.js: Script to resolve unseal key from
VAULT_UNSEAL_KEYorsrc/config/vault.unseal.key.json.vault-production/README.md: Detailed migration notes and options.
Managed unseal key flow:
VAULT_UNSEAL_KEYis optional and can be injected at runtime.If
VAULT_UNSEAL_KEYis not set,npm run vault:unseal-keyreadssrc/config/vault.unseal.key.json.If the key file is missing or empty, a 24-character key is generated and saved to
src/config/vault.unseal.key.json.Both compose stacks run a one-shot
vault-unseal-key-initservice before Vault startup to ensure key material exists.
Run the conversion:
bash vault-production/scripts/convert-dev-to-prod.sh --init-keys-out vault-production/backups/vault-init.jsonCommon options:
# Use a different KV mount
bash vault-production/scripts/convert-dev-to-prod.sh --mount secret
# Migrate infra only (skip data movement)
bash vault-production/scripts/convert-dev-to-prod.sh --skip-export --skip-import
# Use when Raft Vault is already initialized
bash vault-production/scripts/convert-dev-to-prod.sh --skip-init
# Explicitly set key file path used by convert script
bash vault-production/scripts/convert-dev-to-prod.sh --unseal-key-path src/config/vault.unseal.key.json
# Post-conversion hardening bootstrap (audit, policy, AppRole)
bash vault-production/scripts/bootstrap-post-conversion.sh --vault-token <root_or_admin_token>
# CI-friendly machine output
bash vault-production/scripts/bootstrap-post-conversion.sh \
--vault-token <root_or_admin_token> \
--output jsonVS Code Agent Structure
This repository includes a project agent structure for adapting this MCP server to additional service-backed MCP implementations:
agent/README.md: Overview of agent assets.
agent/playbooks/service-onboarding.md: Step-by-step onboarding checklist.
agent/templates/service-spec.md: Request template for describing new service integrations.
Workspace custom agent:
Use this custom agent when you want GitHub Copilot in VS Code to:
Configure new service adapters under
src/services.Register matching MCP tools in
src/mcp/server.js.Update env validation in
src/config/env.js.Preserve authorization and redaction behavior.
Add tests and documentation updates.
Test Coverage
Integration tests in tests/server.integration.test.js cover:
Healthcheck behavior
Authorization on mutating tools
Redaction behavior for secret output
HTTP transport tests in tests/http.integration.test.js cover:
Unauthorized requests are rejected
Authorized MCP initialization succeeds
Internal failures return JSON-RPC-compatible error responses
Health endpoint behavior
Vault token auth tests in tests/vault-token-auth.test.js cover:
Multi-user token index lookup by SHA-256 hash
Inactive token rejection
Scope/audience-aware authorization inputs
Production migration tests in tests/vault-production.test.js cover:
Presence of Vault production scaffold files
Raft config expectations
Non-dev Vault compose command validation
Conversion/bootstrap script help and bash syntax checks
Extend The Server
Add domain services under src/services.
Register new tools in src/mcp/server.js.
Add corresponding tests under tests.
Keep mutating tools behind authorization checks.
Keep secret-bearing fields redacted by default.
Notes
docker-compose.yml now runs Vault with Raft-backed storage for local persistence.
The managed key script is an automation helper and not a Vault KMS/HSM auto-unseal backend.
The migration scaffold starts with bootstrap-friendly defaults and still requires TLS, production auth methods, and credential rotation before real production use.
This server cannot be installed
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/LesterAJohn/sharepoint-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server