@corsenai/corsen-context-nextjs 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Corsen AI
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md ADDED
@@ -0,0 +1,31 @@
1
+ # @corsenai/corsen-context-nextjs
2
+
3
+ Next.js adapter for **[Corsen Context](https://github.com/CorsenAI/corsen-context)** — drop-in route handlers for the MCP endpoint and `llms.txt`, with built-in auth, rate limiting, CORS, and security headers.
4
+
5
+ ```bash
6
+ npm install @corsenai/corsen-context @corsenai/corsen-context-nextjs
7
+ ```
8
+
9
+ **App Router** — `app/v1/mcp/route.ts`:
10
+
11
+ ```typescript
12
+ import { createMCPHandler } from '@corsenai/corsen-context-nextjs';
13
+ import { siteProvider } from '@/lib/corsen-provider';
14
+
15
+ const { POST, OPTIONS } = createMCPHandler({ siteUrl: 'https://example.com' }, siteProvider);
16
+ export { POST, OPTIONS };
17
+ ```
18
+
19
+ For production (multi-instance / Vercel), pass a Redis cache and rate-limit store:
20
+
21
+ ```typescript
22
+ import { RedisCache, RedisRateLimitStore } from '@corsenai/corsen-context';
23
+
24
+ createMCPHandler(config, provider, {
25
+ cache: new RedisCache(redis),
26
+ rateLimitStore: new RedisRateLimitStore(redis),
27
+ });
28
+ ```
29
+
30
+ - **Full docs:** https://github.com/CorsenAI/corsen-context#readme
31
+ - **License:** MIT
@@ -0,0 +1,87 @@
1
+ import { CorsenContextConfig, CacheDriver, RateLimitStore, Logger, ContentProvider } from '@corsenai/corsen-context';
2
+ export { CacheDriver, ContentProvider, CorsenContextConfig, Logger, RateLimitStore } from '@corsenai/corsen-context';
3
+
4
+ interface NextConfig {
5
+ rewrites?: () => Promise<any[] | {
6
+ beforeFiles?: any[];
7
+ afterFiles?: any[];
8
+ fallback?: any[];
9
+ }>;
10
+ [key: string]: unknown;
11
+ }
12
+ /**
13
+ * Wraps a Next.js config to enable Corsen Context.
14
+ *
15
+ * Usage in next.config.mjs:
16
+ * ```js
17
+ * import { withCorsenContext } from '@corsenai/corsen-context-nextjs';
18
+ *
19
+ * export default withCorsenContext({
20
+ * siteUrl: 'https://example.com',
21
+ * })({
22
+ * // your existing Next.js config
23
+ * });
24
+ * ```
25
+ */
26
+ declare function withCorsenContext(corsenConfig: CorsenContextConfig): (nextConfig?: NextConfig) => NextConfig;
27
+
28
+ /**
29
+ * Optional production wiring for the Next.js handlers — inject the same
30
+ * distributed cache, rate-limit store, and logger the core supports (e.g. Redis
31
+ * on Vercel/multi-instance).
32
+ */
33
+ interface HandlerOptions {
34
+ cache?: CacheDriver;
35
+ rateLimitStore?: RateLimitStore;
36
+ logger?: Logger;
37
+ }
38
+ /**
39
+ * Creates a Next.js App Router handler for the MCP endpoint (POST /v1/mcp).
40
+ *
41
+ * Uses the core MCPServer class from @corsenai/corsen-context for full
42
+ * MCP 2025-11-25 compliance including:
43
+ * - initialize, ping, notifications/initialized
44
+ * - tools/list, tools/call
45
+ * - resources/list, resources/read
46
+ * - JSON-RPC 2.0 notification handling (204 No Content when id is absent)
47
+ * - Rate limiting, CORS, API key auth, security headers
48
+ *
49
+ * Usage (App Router - app/v1/mcp/route.ts):
50
+ * ```ts
51
+ * import { createMCPHandler } from '@corsenai/corsen-context-nextjs';
52
+ *
53
+ * const { POST, OPTIONS } = createMCPHandler({
54
+ * siteUrl: 'https://example.com',
55
+ * }, myProvider);
56
+ *
57
+ * export { POST, OPTIONS };
58
+ * ```
59
+ */
60
+ declare function createMCPHandler(config: CorsenContextConfig, provider: ContentProvider, options?: HandlerOptions): {
61
+ POST: (request: Request) => Promise<Response>;
62
+ OPTIONS: (request: Request) => Promise<Response>;
63
+ };
64
+ /**
65
+ * Creates a SSE handler for MCP streaming (GET /v1/mcp/sse).
66
+ *
67
+ * This is a stub for future SSE transport support.
68
+ * Currently returns a proper SSE connection that sends the MCP endpoint URL
69
+ * so clients can discover the POST endpoint for JSON-RPC calls.
70
+ *
71
+ * Usage (App Router - app/v1/mcp/sse/route.ts):
72
+ * ```ts
73
+ * import { createSSEHandler } from '@corsenai/corsen-context-nextjs';
74
+ * export const GET = createSSEHandler({ siteUrl: 'https://example.com' });
75
+ * ```
76
+ */
77
+ declare function createSSEHandler(config: CorsenContextConfig, provider?: ContentProvider, options?: HandlerOptions): (request: Request) => Promise<Response>;
78
+ /**
79
+ * Creates a handler that serves /llms.txt
80
+ */
81
+ declare function createLlmsTxtHandler(config: CorsenContextConfig, provider: ContentProvider): () => Promise<Response>;
82
+ /**
83
+ * Creates a handler that serves /llms-full.txt
84
+ */
85
+ declare function createLlmsFullTxtHandler(config: CorsenContextConfig, provider: ContentProvider): () => Promise<Response>;
86
+
87
+ export { type HandlerOptions, createLlmsFullTxtHandler, createLlmsTxtHandler, createMCPHandler, createSSEHandler, withCorsenContext };
@@ -0,0 +1,87 @@
1
+ import { CorsenContextConfig, CacheDriver, RateLimitStore, Logger, ContentProvider } from '@corsenai/corsen-context';
2
+ export { CacheDriver, ContentProvider, CorsenContextConfig, Logger, RateLimitStore } from '@corsenai/corsen-context';
3
+
4
+ interface NextConfig {
5
+ rewrites?: () => Promise<any[] | {
6
+ beforeFiles?: any[];
7
+ afterFiles?: any[];
8
+ fallback?: any[];
9
+ }>;
10
+ [key: string]: unknown;
11
+ }
12
+ /**
13
+ * Wraps a Next.js config to enable Corsen Context.
14
+ *
15
+ * Usage in next.config.mjs:
16
+ * ```js
17
+ * import { withCorsenContext } from '@corsenai/corsen-context-nextjs';
18
+ *
19
+ * export default withCorsenContext({
20
+ * siteUrl: 'https://example.com',
21
+ * })({
22
+ * // your existing Next.js config
23
+ * });
24
+ * ```
25
+ */
26
+ declare function withCorsenContext(corsenConfig: CorsenContextConfig): (nextConfig?: NextConfig) => NextConfig;
27
+
28
+ /**
29
+ * Optional production wiring for the Next.js handlers — inject the same
30
+ * distributed cache, rate-limit store, and logger the core supports (e.g. Redis
31
+ * on Vercel/multi-instance).
32
+ */
33
+ interface HandlerOptions {
34
+ cache?: CacheDriver;
35
+ rateLimitStore?: RateLimitStore;
36
+ logger?: Logger;
37
+ }
38
+ /**
39
+ * Creates a Next.js App Router handler for the MCP endpoint (POST /v1/mcp).
40
+ *
41
+ * Uses the core MCPServer class from @corsenai/corsen-context for full
42
+ * MCP 2025-11-25 compliance including:
43
+ * - initialize, ping, notifications/initialized
44
+ * - tools/list, tools/call
45
+ * - resources/list, resources/read
46
+ * - JSON-RPC 2.0 notification handling (204 No Content when id is absent)
47
+ * - Rate limiting, CORS, API key auth, security headers
48
+ *
49
+ * Usage (App Router - app/v1/mcp/route.ts):
50
+ * ```ts
51
+ * import { createMCPHandler } from '@corsenai/corsen-context-nextjs';
52
+ *
53
+ * const { POST, OPTIONS } = createMCPHandler({
54
+ * siteUrl: 'https://example.com',
55
+ * }, myProvider);
56
+ *
57
+ * export { POST, OPTIONS };
58
+ * ```
59
+ */
60
+ declare function createMCPHandler(config: CorsenContextConfig, provider: ContentProvider, options?: HandlerOptions): {
61
+ POST: (request: Request) => Promise<Response>;
62
+ OPTIONS: (request: Request) => Promise<Response>;
63
+ };
64
+ /**
65
+ * Creates a SSE handler for MCP streaming (GET /v1/mcp/sse).
66
+ *
67
+ * This is a stub for future SSE transport support.
68
+ * Currently returns a proper SSE connection that sends the MCP endpoint URL
69
+ * so clients can discover the POST endpoint for JSON-RPC calls.
70
+ *
71
+ * Usage (App Router - app/v1/mcp/sse/route.ts):
72
+ * ```ts
73
+ * import { createSSEHandler } from '@corsenai/corsen-context-nextjs';
74
+ * export const GET = createSSEHandler({ siteUrl: 'https://example.com' });
75
+ * ```
76
+ */
77
+ declare function createSSEHandler(config: CorsenContextConfig, provider?: ContentProvider, options?: HandlerOptions): (request: Request) => Promise<Response>;
78
+ /**
79
+ * Creates a handler that serves /llms.txt
80
+ */
81
+ declare function createLlmsTxtHandler(config: CorsenContextConfig, provider: ContentProvider): () => Promise<Response>;
82
+ /**
83
+ * Creates a handler that serves /llms-full.txt
84
+ */
85
+ declare function createLlmsFullTxtHandler(config: CorsenContextConfig, provider: ContentProvider): () => Promise<Response>;
86
+
87
+ export { type HandlerOptions, createLlmsFullTxtHandler, createLlmsTxtHandler, createMCPHandler, createSSEHandler, withCorsenContext };
package/dist/index.js ADDED
@@ -0,0 +1,309 @@
1
+ "use strict";
2
+ var __defProp = Object.defineProperty;
3
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
+ var __getOwnPropNames = Object.getOwnPropertyNames;
5
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
6
+ var __export = (target, all) => {
7
+ for (var name in all)
8
+ __defProp(target, name, { get: all[name], enumerable: true });
9
+ };
10
+ var __copyProps = (to, from, except, desc) => {
11
+ if (from && typeof from === "object" || typeof from === "function") {
12
+ for (let key of __getOwnPropNames(from))
13
+ if (!__hasOwnProp.call(to, key) && key !== except)
14
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
+ }
16
+ return to;
17
+ };
18
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
+
20
+ // src/index.ts
21
+ var index_exports = {};
22
+ __export(index_exports, {
23
+ createLlmsFullTxtHandler: () => createLlmsFullTxtHandler,
24
+ createLlmsTxtHandler: () => createLlmsTxtHandler,
25
+ createMCPHandler: () => createMCPHandler,
26
+ createSSEHandler: () => createSSEHandler,
27
+ withCorsenContext: () => withCorsenContext
28
+ });
29
+ module.exports = __toCommonJS(index_exports);
30
+
31
+ // src/with-corsen-context.ts
32
+ function withCorsenContext(corsenConfig) {
33
+ return function wrapNextConfig(nextConfig = {}) {
34
+ const existingRewrites = nextConfig.rewrites;
35
+ return {
36
+ ...nextConfig,
37
+ async rewrites() {
38
+ const corsenRewrites = [
39
+ {
40
+ source: "/llms.txt",
41
+ destination: "/api/corsen-context/llms-txt"
42
+ },
43
+ {
44
+ source: "/llms-full.txt",
45
+ destination: "/api/corsen-context/llms-full-txt"
46
+ }
47
+ ];
48
+ if (existingRewrites) {
49
+ const existing = await existingRewrites();
50
+ if (Array.isArray(existing)) {
51
+ return [...corsenRewrites, ...existing];
52
+ }
53
+ return {
54
+ ...existing,
55
+ beforeFiles: [...corsenRewrites, ...existing.beforeFiles || []]
56
+ };
57
+ }
58
+ return corsenRewrites;
59
+ },
60
+ // Store config for runtime handlers
61
+ env: {
62
+ ...nextConfig.env,
63
+ CORSEN_CONTEXT_CONFIG: JSON.stringify(corsenConfig)
64
+ }
65
+ };
66
+ };
67
+ }
68
+
69
+ // src/handlers.ts
70
+ var import_corsen_context = require("@corsenai/corsen-context");
71
+ var cachedInstances = /* @__PURE__ */ new WeakMap();
72
+ function getInstance(config, provider, cache) {
73
+ let providerInstances = cachedInstances.get(provider);
74
+ if (!providerInstances) {
75
+ providerInstances = /* @__PURE__ */ new Map();
76
+ cachedInstances.set(provider, providerInstances);
77
+ }
78
+ const configKey = stableStringify(config);
79
+ let instance = providerInstances.get(configKey);
80
+ if (!instance) {
81
+ instance = new import_corsen_context.CorsenContext(config, provider, cache);
82
+ providerInstances.set(configKey, instance);
83
+ }
84
+ return instance;
85
+ }
86
+ async function readBoundedText(request) {
87
+ const body = request.body;
88
+ if (!body || typeof body.getReader !== "function") {
89
+ const text = await request.text();
90
+ return new TextEncoder().encode(text).length > import_corsen_context.MAX_BODY_SIZE ? null : text;
91
+ }
92
+ const reader = body.getReader();
93
+ const chunks = [];
94
+ let total = 0;
95
+ for (; ; ) {
96
+ const { done, value } = await reader.read();
97
+ if (done) break;
98
+ if (value) {
99
+ total += value.byteLength;
100
+ if (total > import_corsen_context.MAX_BODY_SIZE) {
101
+ await reader.cancel();
102
+ return null;
103
+ }
104
+ chunks.push(value);
105
+ }
106
+ }
107
+ const merged = new Uint8Array(total);
108
+ let offset = 0;
109
+ for (const chunk of chunks) {
110
+ merged.set(chunk, offset);
111
+ offset += chunk.byteLength;
112
+ }
113
+ return new TextDecoder().decode(merged);
114
+ }
115
+ function stableStringify(value) {
116
+ if (value === null || typeof value !== "object") {
117
+ return JSON.stringify(value) ?? "undefined";
118
+ }
119
+ if (Array.isArray(value)) {
120
+ return `[${value.map((item) => stableStringify(item)).join(",")}]`;
121
+ }
122
+ const record = value;
123
+ return `{${Object.keys(record).sort().map((key) => `${JSON.stringify(key)}:${stableStringify(record[key])}`).join(",")}}`;
124
+ }
125
+ function getClientIp(request, trustProxy) {
126
+ if (trustProxy) {
127
+ const cfIp = request.headers.get("cf-connecting-ip");
128
+ if (cfIp) return cfIp.trim();
129
+ const realIp = request.headers.get("x-real-ip");
130
+ if (realIp) return realIp.trim();
131
+ const xff = request.headers.get("x-forwarded-for");
132
+ if (xff) {
133
+ const first = xff.split(",")[0]?.trim();
134
+ if (first) return first;
135
+ }
136
+ }
137
+ const ua = request.headers.get("user-agent") || "";
138
+ return `anon-${simpleHash(ua)}`;
139
+ }
140
+ function simpleHash(str) {
141
+ let hash = 0;
142
+ for (let i = 0; i < str.length; i++) {
143
+ hash = (hash << 5) - hash + str.charCodeAt(i) | 0;
144
+ }
145
+ return Math.abs(hash).toString(36);
146
+ }
147
+ function getApiKey(request) {
148
+ return request.headers.get("x-mcp-key") || request.headers.get("authorization")?.replace("Bearer ", "") || void 0;
149
+ }
150
+ function createMCPHandler(config, provider, options) {
151
+ const trustProxy = config.security?.trustProxy ?? false;
152
+ function createServer(instance) {
153
+ return instance.createMCPServer({
154
+ rateLimitStore: options?.rateLimitStore,
155
+ logger: options?.logger
156
+ });
157
+ }
158
+ async function POST(request) {
159
+ const instance = getInstance(config, provider, options?.cache);
160
+ const server = createServer(instance);
161
+ const headers = new Headers();
162
+ for (const [key, value] of Object.entries(server.getSecurityHeaders())) {
163
+ headers.set(key, value);
164
+ }
165
+ headers.set("Content-Type", "application/json");
166
+ const origin = request.headers.get("origin") || void 0;
167
+ for (const [key, value] of Object.entries(server.getCorsHeaders(origin))) {
168
+ headers.set(key, value);
169
+ }
170
+ const clientIp = getClientIp(request, trustProxy);
171
+ const apiKey = getApiKey(request);
172
+ const rateLimit = await server.checkRateLimit(clientIp, apiKey);
173
+ for (const [key, value] of Object.entries(rateLimit.headers)) {
174
+ headers.set(key, value);
175
+ }
176
+ if (!rateLimit.allowed) {
177
+ return new Response(
178
+ JSON.stringify({ jsonrpc: "2.0", error: { code: -32e3, message: "Rate limit exceeded" }, id: null }),
179
+ { status: 429, headers }
180
+ );
181
+ }
182
+ if (!server.checkAuth(apiKey)) {
183
+ return new Response(
184
+ JSON.stringify({ jsonrpc: "2.0", error: { code: -32e3, message: "Unauthorized" }, id: null }),
185
+ { status: 401, headers }
186
+ );
187
+ }
188
+ const raw = await readBoundedText(request);
189
+ if (raw === null) {
190
+ return new Response(
191
+ JSON.stringify({ jsonrpc: "2.0", error: { code: -32600, message: "Request body too large" }, id: null }),
192
+ { status: 413, headers }
193
+ );
194
+ }
195
+ let body;
196
+ try {
197
+ body = JSON.parse(raw);
198
+ } catch {
199
+ return new Response(
200
+ JSON.stringify({ jsonrpc: "2.0", error: { code: -32700, message: "Parse error" }, id: null }),
201
+ { status: 400, headers }
202
+ );
203
+ }
204
+ const result = await server.handleRequest(body, clientIp, apiKey, { skipRateLimit: true });
205
+ if (result === null) {
206
+ return new Response(null, { status: 204, headers });
207
+ }
208
+ return new Response(JSON.stringify(result), { status: 200, headers });
209
+ }
210
+ async function OPTIONS(request) {
211
+ const instance = getInstance(config, provider, options?.cache);
212
+ const server = createServer(instance);
213
+ const headers = new Headers();
214
+ for (const [key, value] of Object.entries(server.getSecurityHeaders())) {
215
+ headers.set(key, value);
216
+ }
217
+ const origin = request.headers.get("origin") || void 0;
218
+ for (const [key, value] of Object.entries(server.getCorsHeaders(origin))) {
219
+ headers.set(key, value);
220
+ }
221
+ return new Response(null, { status: 204, headers });
222
+ }
223
+ return { POST, OPTIONS };
224
+ }
225
+ function createSSEHandler(config, provider, options) {
226
+ const trustProxy = config.security?.trustProxy ?? false;
227
+ const gateProvider = provider ?? {
228
+ async getPages() {
229
+ return [];
230
+ },
231
+ async getPageContent() {
232
+ return null;
233
+ },
234
+ async searchContent() {
235
+ return [];
236
+ }
237
+ };
238
+ return async function GET(request) {
239
+ const siteUrl = config.siteUrl.replace(/\/$/, "");
240
+ const mcpEndpoint = `${siteUrl}${config.mcp?.endpoint || "/v1/mcp"}`;
241
+ const instance = getInstance(config, gateProvider, options?.cache);
242
+ const server = instance.createMCPServer({ rateLimitStore: options?.rateLimitStore, logger: options?.logger });
243
+ const apiKey = getApiKey(request);
244
+ const clientIp = getClientIp(request, trustProxy);
245
+ const rl = await server.checkRateLimit(clientIp, apiKey);
246
+ if (!rl.allowed) {
247
+ return new Response("rate limit exceeded", { status: 429, headers: { ...import_corsen_context.SECURITY_HEADERS, "Retry-After": rl.headers["Retry-After"] || "60" } });
248
+ }
249
+ if (!server.checkAuth(apiKey)) {
250
+ return new Response("unauthorized", { status: 401, headers: { ...import_corsen_context.SECURITY_HEADERS } });
251
+ }
252
+ const headers = new Headers({
253
+ "Content-Type": "text/event-stream",
254
+ "Cache-Control": "no-cache",
255
+ Connection: "keep-alive",
256
+ ...import_corsen_context.SECURITY_HEADERS
257
+ });
258
+ headers.set("Cache-Control", "no-cache");
259
+ const encoder = new TextEncoder();
260
+ const stream = new ReadableStream({
261
+ start(controller) {
262
+ controller.enqueue(encoder.encode(`event: endpoint
263
+ data: ${mcpEndpoint}
264
+
265
+ `));
266
+ const interval = setInterval(() => {
267
+ try {
268
+ controller.enqueue(encoder.encode(": ping\n\n"));
269
+ } catch {
270
+ clearInterval(interval);
271
+ }
272
+ }, 3e4);
273
+ request.signal.addEventListener("abort", () => {
274
+ clearInterval(interval);
275
+ controller.close();
276
+ });
277
+ }
278
+ });
279
+ return new Response(stream, { status: 200, headers });
280
+ };
281
+ }
282
+ function createLlmsTxtHandler(config, provider) {
283
+ return async function GET() {
284
+ const instance = getInstance(config, provider);
285
+ const text = await instance.generateLlmsTxt();
286
+ const headers = new Headers(import_corsen_context.SECURITY_HEADERS);
287
+ headers.set("Content-Type", "text/plain; charset=utf-8");
288
+ headers.set("Cache-Control", "public, max-age=3600, s-maxage=3600");
289
+ return new Response(text, { status: 200, headers });
290
+ };
291
+ }
292
+ function createLlmsFullTxtHandler(config, provider) {
293
+ return async function GET() {
294
+ const instance = getInstance(config, provider);
295
+ const text = await instance.generateLlmsFullTxt();
296
+ const headers = new Headers(import_corsen_context.SECURITY_HEADERS);
297
+ headers.set("Content-Type", "text/plain; charset=utf-8");
298
+ headers.set("Cache-Control", "public, max-age=3600, s-maxage=3600");
299
+ return new Response(text, { status: 200, headers });
300
+ };
301
+ }
302
+ // Annotate the CommonJS export names for ESM import in node:
303
+ 0 && (module.exports = {
304
+ createLlmsFullTxtHandler,
305
+ createLlmsTxtHandler,
306
+ createMCPHandler,
307
+ createSSEHandler,
308
+ withCorsenContext
309
+ });
package/dist/index.mjs ADDED
@@ -0,0 +1,282 @@
1
+ // src/with-corsen-context.ts
2
+ function withCorsenContext(corsenConfig) {
3
+ return function wrapNextConfig(nextConfig = {}) {
4
+ const existingRewrites = nextConfig.rewrites;
5
+ return {
6
+ ...nextConfig,
7
+ async rewrites() {
8
+ const corsenRewrites = [
9
+ {
10
+ source: "/llms.txt",
11
+ destination: "/api/corsen-context/llms-txt"
12
+ },
13
+ {
14
+ source: "/llms-full.txt",
15
+ destination: "/api/corsen-context/llms-full-txt"
16
+ }
17
+ ];
18
+ if (existingRewrites) {
19
+ const existing = await existingRewrites();
20
+ if (Array.isArray(existing)) {
21
+ return [...corsenRewrites, ...existing];
22
+ }
23
+ return {
24
+ ...existing,
25
+ beforeFiles: [...corsenRewrites, ...existing.beforeFiles || []]
26
+ };
27
+ }
28
+ return corsenRewrites;
29
+ },
30
+ // Store config for runtime handlers
31
+ env: {
32
+ ...nextConfig.env,
33
+ CORSEN_CONTEXT_CONFIG: JSON.stringify(corsenConfig)
34
+ }
35
+ };
36
+ };
37
+ }
38
+
39
+ // src/handlers.ts
40
+ import {
41
+ CorsenContext,
42
+ MAX_BODY_SIZE,
43
+ SECURITY_HEADERS
44
+ } from "@corsenai/corsen-context";
45
+ var cachedInstances = /* @__PURE__ */ new WeakMap();
46
+ function getInstance(config, provider, cache) {
47
+ let providerInstances = cachedInstances.get(provider);
48
+ if (!providerInstances) {
49
+ providerInstances = /* @__PURE__ */ new Map();
50
+ cachedInstances.set(provider, providerInstances);
51
+ }
52
+ const configKey = stableStringify(config);
53
+ let instance = providerInstances.get(configKey);
54
+ if (!instance) {
55
+ instance = new CorsenContext(config, provider, cache);
56
+ providerInstances.set(configKey, instance);
57
+ }
58
+ return instance;
59
+ }
60
+ async function readBoundedText(request) {
61
+ const body = request.body;
62
+ if (!body || typeof body.getReader !== "function") {
63
+ const text = await request.text();
64
+ return new TextEncoder().encode(text).length > MAX_BODY_SIZE ? null : text;
65
+ }
66
+ const reader = body.getReader();
67
+ const chunks = [];
68
+ let total = 0;
69
+ for (; ; ) {
70
+ const { done, value } = await reader.read();
71
+ if (done) break;
72
+ if (value) {
73
+ total += value.byteLength;
74
+ if (total > MAX_BODY_SIZE) {
75
+ await reader.cancel();
76
+ return null;
77
+ }
78
+ chunks.push(value);
79
+ }
80
+ }
81
+ const merged = new Uint8Array(total);
82
+ let offset = 0;
83
+ for (const chunk of chunks) {
84
+ merged.set(chunk, offset);
85
+ offset += chunk.byteLength;
86
+ }
87
+ return new TextDecoder().decode(merged);
88
+ }
89
+ function stableStringify(value) {
90
+ if (value === null || typeof value !== "object") {
91
+ return JSON.stringify(value) ?? "undefined";
92
+ }
93
+ if (Array.isArray(value)) {
94
+ return `[${value.map((item) => stableStringify(item)).join(",")}]`;
95
+ }
96
+ const record = value;
97
+ return `{${Object.keys(record).sort().map((key) => `${JSON.stringify(key)}:${stableStringify(record[key])}`).join(",")}}`;
98
+ }
99
+ function getClientIp(request, trustProxy) {
100
+ if (trustProxy) {
101
+ const cfIp = request.headers.get("cf-connecting-ip");
102
+ if (cfIp) return cfIp.trim();
103
+ const realIp = request.headers.get("x-real-ip");
104
+ if (realIp) return realIp.trim();
105
+ const xff = request.headers.get("x-forwarded-for");
106
+ if (xff) {
107
+ const first = xff.split(",")[0]?.trim();
108
+ if (first) return first;
109
+ }
110
+ }
111
+ const ua = request.headers.get("user-agent") || "";
112
+ return `anon-${simpleHash(ua)}`;
113
+ }
114
+ function simpleHash(str) {
115
+ let hash = 0;
116
+ for (let i = 0; i < str.length; i++) {
117
+ hash = (hash << 5) - hash + str.charCodeAt(i) | 0;
118
+ }
119
+ return Math.abs(hash).toString(36);
120
+ }
121
+ function getApiKey(request) {
122
+ return request.headers.get("x-mcp-key") || request.headers.get("authorization")?.replace("Bearer ", "") || void 0;
123
+ }
124
+ function createMCPHandler(config, provider, options) {
125
+ const trustProxy = config.security?.trustProxy ?? false;
126
+ function createServer(instance) {
127
+ return instance.createMCPServer({
128
+ rateLimitStore: options?.rateLimitStore,
129
+ logger: options?.logger
130
+ });
131
+ }
132
+ async function POST(request) {
133
+ const instance = getInstance(config, provider, options?.cache);
134
+ const server = createServer(instance);
135
+ const headers = new Headers();
136
+ for (const [key, value] of Object.entries(server.getSecurityHeaders())) {
137
+ headers.set(key, value);
138
+ }
139
+ headers.set("Content-Type", "application/json");
140
+ const origin = request.headers.get("origin") || void 0;
141
+ for (const [key, value] of Object.entries(server.getCorsHeaders(origin))) {
142
+ headers.set(key, value);
143
+ }
144
+ const clientIp = getClientIp(request, trustProxy);
145
+ const apiKey = getApiKey(request);
146
+ const rateLimit = await server.checkRateLimit(clientIp, apiKey);
147
+ for (const [key, value] of Object.entries(rateLimit.headers)) {
148
+ headers.set(key, value);
149
+ }
150
+ if (!rateLimit.allowed) {
151
+ return new Response(
152
+ JSON.stringify({ jsonrpc: "2.0", error: { code: -32e3, message: "Rate limit exceeded" }, id: null }),
153
+ { status: 429, headers }
154
+ );
155
+ }
156
+ if (!server.checkAuth(apiKey)) {
157
+ return new Response(
158
+ JSON.stringify({ jsonrpc: "2.0", error: { code: -32e3, message: "Unauthorized" }, id: null }),
159
+ { status: 401, headers }
160
+ );
161
+ }
162
+ const raw = await readBoundedText(request);
163
+ if (raw === null) {
164
+ return new Response(
165
+ JSON.stringify({ jsonrpc: "2.0", error: { code: -32600, message: "Request body too large" }, id: null }),
166
+ { status: 413, headers }
167
+ );
168
+ }
169
+ let body;
170
+ try {
171
+ body = JSON.parse(raw);
172
+ } catch {
173
+ return new Response(
174
+ JSON.stringify({ jsonrpc: "2.0", error: { code: -32700, message: "Parse error" }, id: null }),
175
+ { status: 400, headers }
176
+ );
177
+ }
178
+ const result = await server.handleRequest(body, clientIp, apiKey, { skipRateLimit: true });
179
+ if (result === null) {
180
+ return new Response(null, { status: 204, headers });
181
+ }
182
+ return new Response(JSON.stringify(result), { status: 200, headers });
183
+ }
184
+ async function OPTIONS(request) {
185
+ const instance = getInstance(config, provider, options?.cache);
186
+ const server = createServer(instance);
187
+ const headers = new Headers();
188
+ for (const [key, value] of Object.entries(server.getSecurityHeaders())) {
189
+ headers.set(key, value);
190
+ }
191
+ const origin = request.headers.get("origin") || void 0;
192
+ for (const [key, value] of Object.entries(server.getCorsHeaders(origin))) {
193
+ headers.set(key, value);
194
+ }
195
+ return new Response(null, { status: 204, headers });
196
+ }
197
+ return { POST, OPTIONS };
198
+ }
199
+ function createSSEHandler(config, provider, options) {
200
+ const trustProxy = config.security?.trustProxy ?? false;
201
+ const gateProvider = provider ?? {
202
+ async getPages() {
203
+ return [];
204
+ },
205
+ async getPageContent() {
206
+ return null;
207
+ },
208
+ async searchContent() {
209
+ return [];
210
+ }
211
+ };
212
+ return async function GET(request) {
213
+ const siteUrl = config.siteUrl.replace(/\/$/, "");
214
+ const mcpEndpoint = `${siteUrl}${config.mcp?.endpoint || "/v1/mcp"}`;
215
+ const instance = getInstance(config, gateProvider, options?.cache);
216
+ const server = instance.createMCPServer({ rateLimitStore: options?.rateLimitStore, logger: options?.logger });
217
+ const apiKey = getApiKey(request);
218
+ const clientIp = getClientIp(request, trustProxy);
219
+ const rl = await server.checkRateLimit(clientIp, apiKey);
220
+ if (!rl.allowed) {
221
+ return new Response("rate limit exceeded", { status: 429, headers: { ...SECURITY_HEADERS, "Retry-After": rl.headers["Retry-After"] || "60" } });
222
+ }
223
+ if (!server.checkAuth(apiKey)) {
224
+ return new Response("unauthorized", { status: 401, headers: { ...SECURITY_HEADERS } });
225
+ }
226
+ const headers = new Headers({
227
+ "Content-Type": "text/event-stream",
228
+ "Cache-Control": "no-cache",
229
+ Connection: "keep-alive",
230
+ ...SECURITY_HEADERS
231
+ });
232
+ headers.set("Cache-Control", "no-cache");
233
+ const encoder = new TextEncoder();
234
+ const stream = new ReadableStream({
235
+ start(controller) {
236
+ controller.enqueue(encoder.encode(`event: endpoint
237
+ data: ${mcpEndpoint}
238
+
239
+ `));
240
+ const interval = setInterval(() => {
241
+ try {
242
+ controller.enqueue(encoder.encode(": ping\n\n"));
243
+ } catch {
244
+ clearInterval(interval);
245
+ }
246
+ }, 3e4);
247
+ request.signal.addEventListener("abort", () => {
248
+ clearInterval(interval);
249
+ controller.close();
250
+ });
251
+ }
252
+ });
253
+ return new Response(stream, { status: 200, headers });
254
+ };
255
+ }
256
+ function createLlmsTxtHandler(config, provider) {
257
+ return async function GET() {
258
+ const instance = getInstance(config, provider);
259
+ const text = await instance.generateLlmsTxt();
260
+ const headers = new Headers(SECURITY_HEADERS);
261
+ headers.set("Content-Type", "text/plain; charset=utf-8");
262
+ headers.set("Cache-Control", "public, max-age=3600, s-maxage=3600");
263
+ return new Response(text, { status: 200, headers });
264
+ };
265
+ }
266
+ function createLlmsFullTxtHandler(config, provider) {
267
+ return async function GET() {
268
+ const instance = getInstance(config, provider);
269
+ const text = await instance.generateLlmsFullTxt();
270
+ const headers = new Headers(SECURITY_HEADERS);
271
+ headers.set("Content-Type", "text/plain; charset=utf-8");
272
+ headers.set("Cache-Control", "public, max-age=3600, s-maxage=3600");
273
+ return new Response(text, { status: 200, headers });
274
+ };
275
+ }
276
+ export {
277
+ createLlmsFullTxtHandler,
278
+ createLlmsTxtHandler,
279
+ createMCPHandler,
280
+ createSSEHandler,
281
+ withCorsenContext
282
+ };
package/package.json ADDED
@@ -0,0 +1,64 @@
1
+ {
2
+ "name": "@corsenai/corsen-context-nextjs",
3
+ "version": "1.2.0",
4
+ "description": "Next.js adapter for Corsen Context — AI Context Layer with MCP + llms.txt",
5
+ "author": "Corsen AI <contact@corsen.ai>",
6
+ "license": "MIT",
7
+ "homepage": "https://github.com/CorsenAI/corsen-context",
8
+ "repository": {
9
+ "type": "git",
10
+ "url": "https://github.com/CorsenAI/corsen-context.git",
11
+ "directory": "packages/nextjs-adapter"
12
+ },
13
+ "keywords": [
14
+ "mcp",
15
+ "llms-txt",
16
+ "nextjs",
17
+ "ai",
18
+ "corsen"
19
+ ],
20
+ "main": "./dist/index.js",
21
+ "module": "./dist/index.mjs",
22
+ "types": "./dist/index.d.ts",
23
+ "exports": {
24
+ ".": {
25
+ "types": "./dist/index.d.ts",
26
+ "import": "./dist/index.mjs",
27
+ "require": "./dist/index.js"
28
+ }
29
+ },
30
+ "files": [
31
+ "dist",
32
+ "LICENSE",
33
+ "README.md"
34
+ ],
35
+ "dependencies": {
36
+ "@corsenai/corsen-context": "1.2.0"
37
+ },
38
+ "peerDependencies": {
39
+ "next": ">=13.0.0"
40
+ },
41
+ "devDependencies": {
42
+ "@types/node": "^22.0.0",
43
+ "next": "^15.0.0",
44
+ "tsup": "^8.3.0",
45
+ "typescript": "^5.7.0",
46
+ "vitest": "^2.1.0"
47
+ },
48
+ "publishConfig": {
49
+ "access": "public"
50
+ },
51
+ "bugs": {
52
+ "url": "https://github.com/CorsenAI/corsen-context/issues"
53
+ },
54
+ "sideEffects": false,
55
+ "engines": {
56
+ "node": ">=18.0.0"
57
+ },
58
+ "scripts": {
59
+ "build": "tsup src/index.ts --format cjs,esm --dts --clean",
60
+ "test": "vitest run",
61
+ "typecheck": "tsc --noEmit",
62
+ "clean": "rm -rf dist"
63
+ }
64
+ }