130 publish to docker mcp registry (#156)

* fix: lazy load keytar - make it fully optional

* fix: hello docker image for MCP Docker registry thing - minimal setup

Author: eirikb

Dockerfile

@@ -0,0 +1,12 @@
+FROM node:20-alpine
+
+WORKDIR /app
+
+COPY package*.json ./
+RUN npm ci --omit=dev
+
+COPY . .
+RUN npm run build
+
+ENTRYPOINT ["node", "dist/index.js"]
+CMD ["--http"]

docker-registry/server.yaml

@@ -0,0 +1,57 @@
+name: ms-365-mcp-server
+image: mcp/ms-365-mcp-server
+type: server
+
+meta:
+  category: productivity
+  tags:
+    - microsoft
+    - 365
+    - office
+    - graph-api
+    - email
+    - calendar
+    - onedrive
+
+about:
+  title: Microsoft 365
+  description: A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Office services through the Graph API
+  icon: https://upload.wikimedia.org/wikipedia/commons/thumb/4/44/Microsoft_logo.svg/200px-Microsoft_logo.svg.png
+
+source:
+  project: https://github.com/softeria/ms-365-mcp-server
+  commit: 09e4eb3288fc2086954d83a618a19112e3f1a9e0
+  dockerfile: Dockerfile
+
+run:
+  allowHosts:
+    - graph.microsoft.com:443
+    - login.microsoftonline.com:443
+
+config:
+  secrets:
+    - name: ms365.client_id
+      env: MS365_MCP_CLIENT_ID
+      example: your-azure-ad-app-client-id-here
+      description: Azure AD App Registration Client ID
+    - name: ms365.client_secret
+      env: MS365_MCP_CLIENT_SECRET
+      example: your-azure-ad-app-client-secret-here
+      description: Azure AD App Registration Client Secret
+    - name: ms365.tenant_id
+      env: MS365_MCP_TENANT_ID
+      example: common
+      description: Tenant ID (use 'common' for multi-tenant or personal accounts)
+  parameters:
+    - name: org_mode
+      env: MS365_MCP_ORG_MODE
+      example: "true"
+      description: Enable organization/work account mode
+    - name: read_only
+      env: READ_ONLY
+      example: "true"
+      description: Enable read-only mode (disable write operations)
+    - name: enabled_tools
+      env: ENABLED_TOOLS
+      example: "mail,calendar"
+      description: Comma-separated list of enabled tool patterns

package.json

@@ -40,10 +40,12 @@
     "dotenv": "^17.0.1",
     "express": "^5.1.0",
     "js-yaml": "^4.1.0",
-    "keytar": "^7.9.0",
     "winston": "^3.17.0",
     "zod": "^3.24.2"
   },
+  "optionalDependencies": {
+    "keytar": "^7.9.0"
+  },
   "devDependencies": {
     "@redocly/cli": "^1.34.3",
     "@semantic-release/exec": "^7.1.0",

src/auth.ts

@@ -1,11 +1,30 @@
 import type { AccountInfo, Configuration } from '@azure/msal-node';
 import { PublicClientApplication } from '@azure/msal-node';
-import keytar from 'keytar';
 import logger from './logger.js';
 import fs, { existsSync, readFileSync } from 'fs';
 import { fileURLToPath } from 'url';
 import path from 'path';
 
+// Ok so this is a hack to lazily import keytar only when needed
+// since --http mode may not need it at all, and keytar can be a pain to install (looking at you alpine)
+let keytar: typeof import('keytar') | null = null;
+async function getKeytar() {
+  if (keytar === undefined) {
+    return null;
+  }
+  if (keytar === null) {
+    try {
+      keytar = await import('keytar');
+      return keytar;
+    } catch (error) {
+      logger.info('keytar not available, using file-based credential storage');
+      keytar = undefined as any;
+      return null;
+    }
+  }
+  return keytar;
+}
+
 interface EndpointConfig {
   pathPattern: string;
   method: string;
@@ -147,9 +166,12 @@ class AuthManager {
       let cacheData: string | undefined;
 
       try {
-        const cachedData = await keytar.getPassword(SERVICE_NAME, TOKEN_CACHE_ACCOUNT);
-        if (cachedData) {
-          cacheData = cachedData;
+        const kt = await getKeytar();
+        if (kt) {
+          const cachedData = await kt.getPassword(SERVICE_NAME, TOKEN_CACHE_ACCOUNT);
+          if (cachedData) {
+            cacheData = cachedData;
+          }
         }
       } catch (keytarError) {
         logger.warn(
@@ -177,9 +199,12 @@ class AuthManager {
       let selectedAccountData: string | undefined;
 
       try {
-        const cachedData = await keytar.getPassword(SERVICE_NAME, SELECTED_ACCOUNT_KEY);
-        if (cachedData) {
-          selectedAccountData = cachedData;
+        const kt = await getKeytar();
+        if (kt) {
+          const cachedData = await kt.getPassword(SERVICE_NAME, SELECTED_ACCOUNT_KEY);
+          if (cachedData) {
+            selectedAccountData = cachedData;
+          }
         }
       } catch (keytarError) {
         logger.warn(
@@ -206,7 +231,12 @@ class AuthManager {
       const cacheData = this.msalApp.getTokenCache().serialize();
 
       try {
-        await keytar.setPassword(SERVICE_NAME, TOKEN_CACHE_ACCOUNT, cacheData);
+        const kt = await getKeytar();
+        if (kt) {
+          await kt.setPassword(SERVICE_NAME, TOKEN_CACHE_ACCOUNT, cacheData);
+        } else {
+          fs.writeFileSync(FALLBACK_PATH, cacheData);
+        }
       } catch (keytarError) {
         logger.warn(
           `Keychain save failed, falling back to file storage: ${(keytarError as Error).message}`
@@ -224,7 +254,12 @@ class AuthManager {
       const selectedAccountData = JSON.stringify({ accountId: this.selectedAccountId });
 
       try {
-        await keytar.setPassword(SERVICE_NAME, SELECTED_ACCOUNT_KEY, selectedAccountData);
+        const kt = await getKeytar();
+        if (kt) {
+          await kt.setPassword(SERVICE_NAME, SELECTED_ACCOUNT_KEY, selectedAccountData);
+        } else {
+          fs.writeFileSync(SELECTED_ACCOUNT_PATH, selectedAccountData);
+        }
       } catch (keytarError) {
         logger.warn(
           `Keychain save failed for selected account, falling back to file storage: ${(keytarError as Error).message}`
@@ -403,8 +438,11 @@ class AuthManager {
       this.selectedAccountId = null;
 
       try {
-        await keytar.deletePassword(SERVICE_NAME, TOKEN_CACHE_ACCOUNT);
-        await keytar.deletePassword(SERVICE_NAME, SELECTED_ACCOUNT_KEY);
+        const kt = await getKeytar();
+        if (kt) {
+          await kt.deletePassword(SERVICE_NAME, TOKEN_CACHE_ACCOUNT);
+          await kt.deletePassword(SERVICE_NAME, SELECTED_ACCOUNT_KEY);
+        }
       } catch (keytarError) {
         logger.warn(`Keychain deletion failed: ${(keytarError as Error).message}`);
       }