@codemation/host 0.0.1

package/src/presentation/http/routeHandlers/OAuth2HttpRouteHandlerFactory.ts

@@ -0,0 +1,129 @@
+import { inject, injectable } from "@codemation/core";
+import serialize from "serialize-javascript";
+import { CredentialInstanceService } from "../../../domain/credentials/CredentialServices";
+import { OAuth2ConnectService } from "../../../domain/credentials/OAuth2ConnectServiceFactory";
+import { ServerHttpErrorResponseFactory } from "../ServerHttpErrorResponseFactory";
+
+@injectable()
+export class OAuth2HttpRouteHandler {
+  constructor(
+    @inject(OAuth2ConnectService)
+    private readonly oauth2ConnectService: OAuth2ConnectService,
+    @inject(CredentialInstanceService)
+    private readonly credentialInstanceService: CredentialInstanceService,
+  ) {}
+
+  async getAuthRedirect(request: Request): Promise<Response> {
+    try {
+      const url = new URL(request.url);
+      const instanceId = url.searchParams.get("instanceId")?.trim();
+      if (!instanceId) {
+        return Response.json({ error: "Missing instanceId query parameter." }, { status: 400 });
+      }
+      const redirect = await this.oauth2ConnectService.createAuthRedirect(
+        instanceId,
+        this.resolveRequestOrigin(request),
+      );
+      return Response.redirect(redirect.redirectUrl, 302);
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async getCallback(request: Request): Promise<Response> {
+    try {
+      const url = new URL(request.url);
+      const result = await this.oauth2ConnectService.handleCallback({
+        code: url.searchParams.get("code"),
+        state: url.searchParams.get("state"),
+        requestOrigin: this.resolveRequestOrigin(request),
+      });
+      return new Response(this.createPopupHtml({ kind: "oauth2.connected", ...result }), {
+        headers: {
+          "content-type": "text/html; charset=utf-8",
+        },
+      });
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      return new Response(this.createPopupHtml({ kind: "oauth2.error", message }), {
+        status: 400,
+        headers: {
+          "content-type": "text/html; charset=utf-8",
+        },
+      });
+    }
+  }
+
+  async getRedirectUri(request: Request): Promise<Response> {
+    try {
+      return Response.json({
+        redirectUri: this.oauth2ConnectService.getRedirectUri(this.resolveRequestOrigin(request)),
+      });
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async postDisconnect(request: Request): Promise<Response> {
+    try {
+      const url = new URL(request.url);
+      const instanceId = url.searchParams.get("instanceId")?.trim();
+      if (!instanceId) {
+        return Response.json({ error: "Missing instanceId query parameter." }, { status: 400 });
+      }
+      return Response.json(await this.credentialInstanceService.disconnectOAuth2(instanceId));
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  private resolveRequestOrigin(request: Request): string {
+    const forwardedProto = OAuth2HttpRouteHandler.firstCommaSeparatedValue(request.headers.get("x-forwarded-proto"));
+    const forwardedHost = OAuth2HttpRouteHandler.firstCommaSeparatedValue(request.headers.get("x-forwarded-host"));
+    if (forwardedProto && forwardedHost) {
+      return `${forwardedProto}://${forwardedHost}`;
+    }
+    const host = OAuth2HttpRouteHandler.firstCommaSeparatedValue(request.headers.get("host"));
+    if (host) {
+      return `${new URL(request.url).protocol}//${host}`;
+    }
+    return new URL(request.url).origin;
+  }
+
+  /** Proxies may send comma-separated lists (chain); use the first host/proto only. */
+  private static firstCommaSeparatedValue(value: string | null | undefined): string | undefined {
+    const trimmed = value?.trim();
+    if (!trimmed) {
+      return undefined;
+    }
+    return trimmed.split(",")[0]?.trim();
+  }
+
+  /**
+   * Serialize popup payload for an inline script using `serialize-javascript`
+   * (Webpack / HTML plugin stack): escapes angle brackets, slashes, and Unicode line
+   * terminators so string values cannot break out of the script block.
+   */
+  private createPopupHtml(message: Readonly<Record<string, unknown>>): string {
+    const safeLiteral = serialize(message, { isJSON: true });
+    return `<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8" />
+    <title>OAuth2 connection</title>
+  </head>
+  <body>
+    <script>
+      (function () {
+        const message = ${safeLiteral};
+        if (window.opener) {
+          window.opener.postMessage(message, window.location.origin);
+        }
+        window.close();
+      })();
+    </script>
+    <p>You can close this window.</p>
+  </body>
+</html>`;
+  }
+}

package/src/presentation/http/routeHandlers/RunHttpRouteHandler.ts

@@ -0,0 +1,82 @@
+import { inject, injectable } from "@codemation/core";
+import { HttpRequestJsonBodyReader } from "../HttpRequestJsonBodyReader";
+import type { CommandBus } from "../../../application/bus/CommandBus";
+import type { QueryBus } from "../../../application/bus/QueryBus";
+import { ReplaceMutableRunWorkflowSnapshotCommand } from "../../../application/commands/ReplaceMutableRunWorkflowSnapshotCommand";
+import { ReplayWorkflowNodeCommand } from "../../../application/commands/ReplayWorkflowNodeCommand";
+import { SetPinnedNodeInputCommand } from "../../../application/commands/SetPinnedNodeInputCommand";
+import { StartWorkflowRunCommand } from "../../../application/commands/StartWorkflowRunCommand";
+import type {
+  CreateRunRequest,
+  RunNodeRequest,
+  UpdateRunNodePinRequest,
+  UpdateRunWorkflowSnapshotRequest,
+} from "../../../application/contracts/RunContracts";
+import { GetRunStateQuery } from "../../../application/queries/GetRunStateQuery";
+import { ApplicationTokens } from "../../../applicationTokens";
+import { ServerHttpErrorResponseFactory } from "../ServerHttpErrorResponseFactory";
+import type { ServerHttpRouteParams } from "../ServerHttpRouteParams";
+
+@injectable()
+export class RunHttpRouteHandler {
+  constructor(
+    @inject(ApplicationTokens.QueryBus)
+    private readonly queryBus: QueryBus,
+    @inject(ApplicationTokens.CommandBus)
+    private readonly commandBus: CommandBus,
+  ) {}
+
+  async getRun(_: Request, params: ServerHttpRouteParams): Promise<Response> {
+    try {
+      const state = await this.queryBus.execute(new GetRunStateQuery(params.runId!));
+      if (!state) {
+        return Response.json({ error: "Unknown runId" }, { status: 404 });
+      }
+      return Response.json(state);
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async postRuns(request: Request, _: ServerHttpRouteParams): Promise<Response> {
+    try {
+      const body = await HttpRequestJsonBodyReader.readJsonBody<CreateRunRequest>(request);
+      return Response.json(await this.commandBus.execute(new StartWorkflowRunCommand(body)));
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async patchRunWorkflowSnapshot(request: Request, params: ServerHttpRouteParams): Promise<Response> {
+    try {
+      const body = await HttpRequestJsonBodyReader.readJsonBody<UpdateRunWorkflowSnapshotRequest>(request);
+      return Response.json(
+        await this.commandBus.execute(new ReplaceMutableRunWorkflowSnapshotCommand(params.runId!, body)),
+      );
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async patchRunNodePin(request: Request, params: ServerHttpRouteParams): Promise<Response> {
+    try {
+      const body = await HttpRequestJsonBodyReader.readJsonBody<UpdateRunNodePinRequest>(request);
+      return Response.json(
+        await this.commandBus.execute(new SetPinnedNodeInputCommand(params.runId!, params.nodeId!, body)),
+      );
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async postRunNode(request: Request, params: ServerHttpRouteParams): Promise<Response> {
+    try {
+      const body = await HttpRequestJsonBodyReader.readJsonBody<RunNodeRequest>(request);
+      return Response.json(
+        await this.commandBus.execute(new ReplayWorkflowNodeCommand(params.runId!, params.nodeId!, body)),
+      );
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+}

package/src/presentation/http/routeHandlers/UserHttpRouteHandlerFactory.ts

@@ -0,0 +1,109 @@
+import { inject, injectable } from "@codemation/core";
+import { ApplicationRequestError } from "../../../application/ApplicationRequestError";
+import type { CommandBus } from "../../../application/bus/CommandBus";
+import type { QueryBus } from "../../../application/bus/QueryBus";
+import {
+  AcceptUserInviteCommand,
+  InviteUserCommand,
+  RegenerateUserInviteCommand,
+  UpdateUserAccountStatusCommand,
+} from "../../../application/commands/UserAccountCommandHandlers";
+import type {
+  AcceptUserInviteRequestDto,
+  InviteUserRequestDto,
+  UpdateUserAccountStatusRequestDto,
+} from "../../../application/contracts/userDirectoryContracts.types";
+import { ListUserAccountsQuery, VerifyUserInviteQuery } from "../../../application/queries/UserAccountQueryHandlers";
+import { ApplicationTokens } from "../../../applicationTokens";
+import { ServerHttpErrorResponseFactory } from "../ServerHttpErrorResponseFactory";
+import type { ServerHttpRouteParams } from "../ServerHttpRouteParams";
+
+@injectable()
+export class UserHttpRouteHandler {
+  constructor(
+    @inject(ApplicationTokens.QueryBus)
+    private readonly queryBus: QueryBus,
+    @inject(ApplicationTokens.CommandBus)
+    private readonly commandBus: CommandBus,
+  ) {}
+
+  async getUsers(): Promise<Response> {
+    try {
+      return Response.json(await this.queryBus.execute(new ListUserAccountsQuery()));
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async getInviteVerify(request: Request): Promise<Response> {
+    try {
+      const url = new URL(request.url);
+      const token = url.searchParams.get("token") ?? "";
+      return Response.json(await this.queryBus.execute(new VerifyUserInviteQuery(token)));
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async postInvite(request: Request): Promise<Response> {
+    try {
+      const body = await this.readJsonBody<InviteUserRequestDto>(request);
+      const origin = this.resolveRequestOrigin(request);
+      return Response.json(await this.commandBus.execute(new InviteUserCommand(body.email, origin)), { status: 201 });
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async postRegenerateInvite(request: Request, params: ServerHttpRouteParams): Promise<Response> {
+    try {
+      const userId = params.userId!;
+      const origin = this.resolveRequestOrigin(request);
+      return Response.json(await this.commandBus.execute(new RegenerateUserInviteCommand(userId, origin)));
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async postAcceptInvite(request: Request): Promise<Response> {
+    try {
+      const body = await this.readJsonBody<AcceptUserInviteRequestDto>(request);
+      await this.commandBus.execute(new AcceptUserInviteCommand(body.token, body.password));
+      return new Response(null, { status: 204 });
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async patchUserStatus(request: Request, params: ServerHttpRouteParams): Promise<Response> {
+    try {
+      const body = await this.readJsonBody<UpdateUserAccountStatusRequestDto>(request);
+      return Response.json(
+        await this.commandBus.execute(new UpdateUserAccountStatusCommand(params.userId!, body.status)),
+      );
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  private resolveRequestOrigin(request: Request): string {
+    const forwardedProto = request.headers.get("x-forwarded-proto");
+    const forwardedHost = request.headers.get("x-forwarded-host");
+    if (forwardedProto?.trim() && forwardedHost?.trim()) {
+      const proto = forwardedProto.split(",")[0]!.trim();
+      const host = forwardedHost.split(",")[0]!.trim();
+      return `${proto}://${host}`;
+    }
+    const url = new URL(request.url);
+    return `${url.protocol}//${url.host}`;
+  }
+
+  private async readJsonBody<TBody>(request: Request): Promise<TBody> {
+    try {
+      return (await request.json()) as TBody;
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      throw new ApplicationRequestError(400, `Invalid JSON body: ${message}`);
+    }
+  }
+}

package/src/presentation/http/routeHandlers/WebhookHttpRouteHandler.ts

@@ -0,0 +1,42 @@
+import { inject, injectable } from "@codemation/core";
+import { RunIntentService } from "@codemation/core/bootstrap";
+import type { CommandBus } from "../../../application/bus/CommandBus";
+import { HandleWebhookInvocationCommand } from "../../../application/commands/HandleWebhookInvocationCommand";
+import { ApplicationTokens } from "../../../applicationTokens";
+import { RequestToWebhookItemMapper } from "../../../infrastructure/webhooks/RequestToWebhookItemMapper";
+import { ServerHttpErrorResponseFactory } from "../ServerHttpErrorResponseFactory";
+import type { ServerHttpRouteParams } from "../ServerHttpRouteParams";
+
+@injectable()
+export class WebhookHttpRouteHandler {
+  constructor(
+    @inject(ApplicationTokens.CommandBus)
+    private readonly commandBus: CommandBus,
+    @inject(RunIntentService)
+    private readonly runIntentService: RunIntentService,
+    @inject(RequestToWebhookItemMapper)
+    private readonly requestToWebhookItemMapper: RequestToWebhookItemMapper,
+  ) {}
+
+  async postWebhook(request: Request, params: ServerHttpRouteParams): Promise<Response> {
+    try {
+      const endpointPath = decodeURIComponent(params.endpointPath ?? "");
+      const method = request.method.toUpperCase() as "GET" | "POST" | "PUT" | "PATCH" | "DELETE";
+      const resolution = this.runIntentService.resolveWebhookTrigger({ endpointPath, method });
+      if (resolution.status === "notFound") {
+        return Response.json({ error: "Unknown webhook endpoint" }, { status: 404 });
+      }
+      if (resolution.status === "methodNotAllowed") {
+        return Response.json({ error: "Method not allowed" }, { status: 405 });
+      }
+      const requestItem = await this.requestToWebhookItemMapper.map(request, resolution.match);
+      return Response.json(
+        await this.commandBus.execute(
+          new HandleWebhookInvocationCommand(endpointPath, request.method.toUpperCase(), requestItem),
+        ),
+      );
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+}

package/src/presentation/http/routeHandlers/WhitelabelLogoHttpRouteHandler.ts

@@ -0,0 +1,96 @@
+import { inject, injectable } from "@codemation/core";
+import { createReadStream, existsSync } from "node:fs";
+import path from "node:path";
+import { Readable } from "node:stream";
+
+import { ApplicationTokens } from "../../../applicationTokens";
+import type { AppConfig } from "../../config/AppConfig";
+import type { CodemationWhitelabelConfig } from "../../config/CodemationWhitelabelConfig";
+
+@injectable()
+export class WhitelabelLogoHttpRouteHandler {
+  constructor(
+    @inject(ApplicationTokens.AppConfig)
+    private readonly appConfig: AppConfig,
+    @inject(ApplicationTokens.CodemationWhitelabelConfig)
+    private readonly whitelabel: CodemationWhitelabelConfig,
+  ) {}
+
+  async getLogo(): Promise<Response> {
+    const consumerRootRaw = this.appConfig.consumerRoot.trim();
+    if (!consumerRootRaw || consumerRootRaw.length === 0) {
+      return new Response(null, { status: 404 });
+    }
+    const logoPath = this.whitelabel.logoPath?.trim();
+    if (!logoPath || logoPath.length === 0) {
+      return new Response(null, { status: 404 });
+    }
+    const consumerRoot = path.resolve(consumerRootRaw);
+    let consumerRootReal: string;
+    try {
+      consumerRootReal = await this.safeRealpath(consumerRoot);
+    } catch {
+      return new Response(null, { status: 404 });
+    }
+    const candidate = path.resolve(consumerRoot, logoPath);
+    let fileReal: string;
+    try {
+      fileReal = await this.safeRealpath(candidate);
+    } catch {
+      return new Response(null, { status: 404 });
+    }
+    if (!this.isPathInsideDirectory(consumerRootReal, fileReal)) {
+      return new Response(null, { status: 404 });
+    }
+    if (!existsSync(fileReal)) {
+      return new Response(null, { status: 404 });
+    }
+    const contentType = this.resolveContentType(fileReal);
+    const stream = createReadStream(fileReal);
+    const webStream = Readable.toWeb(stream) as ReadableStream<Uint8Array>;
+    return new Response(webStream, {
+      status: 200,
+      headers: {
+        "content-type": contentType,
+        "cache-control": "public, max-age=3600",
+      },
+    });
+  }
+
+  private async safeRealpath(p: string): Promise<string> {
+    const { realpath } = await import("node:fs/promises");
+    return await realpath(p);
+  }
+
+  private isPathInsideDirectory(directoryReal: string, fileReal: string): boolean {
+    const relative = path.relative(directoryReal, fileReal);
+    if (relative.length === 0) {
+      return false;
+    }
+    if (relative.startsWith(`..${path.sep}`) || relative === "..") {
+      return false;
+    }
+    return !path.isAbsolute(relative);
+  }
+
+  private resolveContentType(filePath: string): string {
+    const ext = path.extname(filePath).toLowerCase();
+    switch (ext) {
+      case ".svg":
+        return "image/svg+xml";
+      case ".png":
+        return "image/png";
+      case ".jpg":
+      case ".jpeg":
+        return "image/jpeg";
+      case ".webp":
+        return "image/webp";
+      case ".gif":
+        return "image/gif";
+      case ".ico":
+        return "image/x-icon";
+      default:
+        return "application/octet-stream";
+    }
+  }
+}

package/src/presentation/http/routeHandlers/WorkflowHttpRouteHandler.ts

@@ -0,0 +1,104 @@
+import { inject, injectable } from "@codemation/core";
+import { HttpRequestJsonBodyReader } from "../HttpRequestJsonBodyReader";
+import type { CommandBus } from "../../../application/bus/CommandBus";
+import type { QueryBus } from "../../../application/bus/QueryBus";
+import { CopyRunToWorkflowDebuggerCommand } from "../../../application/commands/CopyRunToWorkflowDebuggerCommand";
+import { ReplaceWorkflowDebuggerOverlayCommand } from "../../../application/commands/ReplaceWorkflowDebuggerOverlayCommand";
+import { SetWorkflowActivationCommand } from "../../../application/commands/SetWorkflowActivationCommand";
+import type {
+  CopyRunToWorkflowDebuggerRequest,
+  UpdateWorkflowDebuggerOverlayRequest,
+} from "../../../application/contracts/WorkflowDebuggerContracts";
+import { WorkflowDefinitionMapper } from "../../../application/mapping/WorkflowDefinitionMapper";
+import { GetWorkflowDebuggerOverlayQuery } from "../../../application/queries/GetWorkflowDebuggerOverlayQuery";
+import { GetWorkflowDetailQuery } from "../../../application/queries/GetWorkflowDetailQuery";
+import { GetWorkflowSummariesQuery } from "../../../application/queries/GetWorkflowSummariesQuery";
+import { ListWorkflowRunsQuery } from "../../../application/queries/ListWorkflowRunsQuery";
+import { ApplicationTokens } from "../../../applicationTokens";
+import { ServerHttpErrorResponseFactory } from "../ServerHttpErrorResponseFactory";
+import type { ServerHttpRouteParams } from "../ServerHttpRouteParams";
+
+@injectable()
+export class WorkflowHttpRouteHandler {
+  constructor(
+    @inject(ApplicationTokens.QueryBus)
+    private readonly queryBus: QueryBus,
+    @inject(ApplicationTokens.CommandBus)
+    private readonly commandBus: CommandBus,
+    @inject(WorkflowDefinitionMapper)
+    private readonly workflowDefinitionMapper: WorkflowDefinitionMapper,
+  ) {}
+
+  async getWorkflows(_: Request, __: ServerHttpRouteParams): Promise<Response> {
+    try {
+      const workflows = await this.queryBus.execute(new GetWorkflowSummariesQuery());
+      return Response.json(workflows.map((workflow) => this.workflowDefinitionMapper.toSummary(workflow)));
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async getWorkflow(_: Request, params: ServerHttpRouteParams): Promise<Response> {
+    try {
+      const workflow = await this.queryBus.execute(new GetWorkflowDetailQuery(params.workflowId!));
+      if (!workflow) {
+        return Response.json({ error: "Unknown workflowId" }, { status: 404 });
+      }
+      return Response.json(await this.workflowDefinitionMapper.map(workflow));
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async patchWorkflowActivation(request: Request, params: ServerHttpRouteParams): Promise<Response> {
+    try {
+      const body = await HttpRequestJsonBodyReader.readJsonBody<Readonly<{ active?: unknown }>>(request);
+      if (typeof body.active !== "boolean") {
+        return Response.json({ error: "Request body must include boolean active" }, { status: 400 });
+      }
+      return Response.json(
+        await this.commandBus.execute(new SetWorkflowActivationCommand(params.workflowId!, body.active)),
+      );
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async getWorkflowRuns(_: Request, params: ServerHttpRouteParams): Promise<Response> {
+    try {
+      return Response.json(await this.queryBus.execute(new ListWorkflowRunsQuery(params.workflowId!)));
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async getWorkflowDebuggerOverlay(_: Request, params: ServerHttpRouteParams): Promise<Response> {
+    try {
+      return Response.json(await this.queryBus.execute(new GetWorkflowDebuggerOverlayQuery(params.workflowId!)));
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async putWorkflowDebuggerOverlay(request: Request, params: ServerHttpRouteParams): Promise<Response> {
+    try {
+      const body = await HttpRequestJsonBodyReader.readJsonBody<UpdateWorkflowDebuggerOverlayRequest>(request);
+      return Response.json(
+        await this.commandBus.execute(new ReplaceWorkflowDebuggerOverlayCommand(params.workflowId!, body)),
+      );
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+
+  async postCopyWorkflowDebuggerOverlay(request: Request, params: ServerHttpRouteParams): Promise<Response> {
+    try {
+      const body = await HttpRequestJsonBodyReader.readJsonBody<CopyRunToWorkflowDebuggerRequest>(request);
+      return Response.json(
+        await this.commandBus.execute(new CopyRunToWorkflowDebuggerCommand(params.workflowId!, body)),
+      );
+    } catch (error) {
+      return ServerHttpErrorResponseFactory.fromUnknown(error);
+    }
+  }
+}

package/src/presentation/server/CodemationConsumerAppResolver.ts

@@ -0,0 +1,82 @@
+import type { WorkflowDefinition } from "@codemation/core";
+import type { CodemationConfig } from "../config/CodemationConfig";
+import { CodemationConfigNormalizer } from "../config/CodemationConfigNormalizer";
+import { CodemationConsumerConfigExportsResolver } from "./CodemationConsumerConfigExportsResolver";
+import { DiscoveredWorkflowsEmptyMessageFactory } from "./DiscoveredWorkflowsEmptyMessageFactory";
+import { WorkflowDefinitionExportsResolver } from "./WorkflowDefinitionExportsResolver";
+
+export type CodemationConsumerApp = Readonly<{
+  config: CodemationConfig;
+  workflowSources: ReadonlyArray<string>;
+}>;
+
+export class CodemationConsumerAppResolver {
+  private readonly configExportsResolver = new CodemationConsumerConfigExportsResolver();
+  private readonly configNormalizer = new CodemationConfigNormalizer();
+  private readonly workflowDefinitionExportsResolver = new WorkflowDefinitionExportsResolver();
+  private readonly discoveredWorkflowsEmptyMessageFactory = new DiscoveredWorkflowsEmptyMessageFactory();
+
+  resolve(
+    args: Readonly<{
+      configModule: Readonly<Record<string, unknown>>;
+      workflowModules: ReadonlyArray<Readonly<Record<string, unknown>>>;
+      workflowSourcePaths: ReadonlyArray<string>;
+      workflowDiscoveryPathSegmentsList?: ReadonlyArray<readonly string[]>;
+    }>,
+  ): CodemationConsumerApp {
+    const rawConfig = this.configExportsResolver.resolveConfig(args.configModule);
+    if (!rawConfig) {
+      throw new Error("Consumer app module does not export a Codemation config object.");
+    }
+    const config = this.configNormalizer.normalize(rawConfig);
+    const discoveredWorkflows = this.resolveDiscoveredWorkflows(
+      args.workflowModules,
+      args.workflowSourcePaths,
+      args.workflowDiscoveryPathSegmentsList,
+    );
+    return {
+      config: {
+        ...config,
+        workflows: this.mergeWorkflows(config.workflows ?? [], discoveredWorkflows),
+      },
+      workflowSources: args.workflowSourcePaths,
+    };
+  }
+
+  private resolveDiscoveredWorkflows(
+    workflowModules: ReadonlyArray<Readonly<Record<string, unknown>>>,
+    workflowSourcePaths: ReadonlyArray<string>,
+    workflowDiscoveryPathSegmentsList: ReadonlyArray<readonly string[]> | undefined,
+  ): ReadonlyArray<WorkflowDefinition> {
+    const workflowsById = new Map<string, WorkflowDefinition>();
+    workflowModules.forEach((workflowModule: Readonly<Record<string, unknown>>, index: number) => {
+      const pathSegments = workflowDiscoveryPathSegmentsList?.[index];
+      const workflows = this.workflowDefinitionExportsResolver.resolve(workflowModule);
+      workflows.forEach((workflow: WorkflowDefinition) => {
+        const enriched =
+          pathSegments && pathSegments.length > 0
+            ? ({ ...workflow, discoveryPathSegments: pathSegments } satisfies WorkflowDefinition)
+            : workflow;
+        workflowsById.set(workflow.id, enriched);
+      });
+    });
+    if (workflowsById.size === 0 && workflowSourcePaths.length > 0) {
+      throw new Error(this.discoveredWorkflowsEmptyMessageFactory.create(workflowSourcePaths));
+    }
+    return [...workflowsById.values()];
+  }
+
+  private mergeWorkflows(
+    configuredWorkflows: ReadonlyArray<WorkflowDefinition>,
+    discoveredWorkflows: ReadonlyArray<WorkflowDefinition>,
+  ): ReadonlyArray<WorkflowDefinition> {
+    const workflowsById = new Map<string, WorkflowDefinition>();
+    for (const workflow of discoveredWorkflows) {
+      workflowsById.set(workflow.id, workflow);
+    }
+    for (const workflow of configuredWorkflows) {
+      workflowsById.set(workflow.id, workflow);
+    }
+    return [...workflowsById.values()];
+  }
+}

package/src/presentation/server/CodemationConsumerConfigExportsResolver.ts

@@ -0,0 +1,33 @@
+import type { CodemationConfig } from "../config/CodemationConfig";
+
+export class CodemationConsumerConfigExportsResolver {
+  resolveConfig(moduleExports: Readonly<Record<string, unknown>>): CodemationConfig | null {
+    const defaultExport = moduleExports.default;
+    if (this.isConfig(defaultExport)) {
+      return defaultExport;
+    }
+    const namedConfig = moduleExports.codemationHost ?? moduleExports.config;
+    if (this.isConfig(namedConfig)) {
+      return namedConfig;
+    }
+    return null;
+  }
+
+  private isConfig(value: unknown): value is CodemationConfig {
+    if (!value || typeof value !== "object") {
+      return false;
+    }
+    return (
+      "app" in value ||
+      "register" in value ||
+      "credentials" in value ||
+      "runtime" in value ||
+      "workflows" in value ||
+      "workflowDiscovery" in value ||
+      "plugins" in value ||
+      "whitelabel" in value ||
+      "auth" in value ||
+      "log" in value
+    );
+  }
+}