npm - @creature-ai/sdk - Versions diffs - 0.1.6 → 0.1.8 - Mend

@creature-ai/sdk 0.1.6 → 0.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/server/index.js CHANGED Viewed

@@ -13401,7 +13401,7 @@ import path from "path";
 // src/vite/index.ts
 import { resolve, join, relative } from "path";
-import { readdirSync, statSync, existsSync, writeFileSync, mkdirSync, rmSync } from "fs";
+import { readdirSync, statSync, existsSync, writeFileSync, mkdirSync, rmSync, readFileSync } from "fs";
 import { createServer as createNetServer } from "net";
 import { createServer as createHttpServer } from "http";
 import { createHash } from "crypto";
@@ -13554,8 +13554,15 @@ function loadHtml(filePath, basePath) {
 <p>Run <code>npm run build</code> to build the UI.</p>
 </body></html>`;
 }
-function htmlLoader(filePath, basePath) {
-  return () => loadHtml(filePath, basePath);
+function isHtmlContent(str) {
+  const trimmed = str.trimStart();
+  return trimmed.startsWith("<") || trimmed.toLowerCase().startsWith("<!doctype");
+}
+function htmlLoader(htmlOrPath, basePath) {
+  if (isHtmlContent(htmlOrPath)) {
+    return () => htmlOrPath;
+  }
+  return () => loadHtml(htmlOrPath, basePath);
 }
 function isInitializeRequest2(body) {
   if (typeof body !== "object" || body === null) return false;
@@ -13758,8 +13765,6 @@ var App = class {
   callerDir;
   shutdownRegistered = false;
   isShuttingDown = false;
-  resourceCache = /* @__PURE__ */ new Map();
-  resourceCacheConfig;
   /** Server-side instance state, keyed by instanceId. */
   instanceState = /* @__PURE__ */ new Map();
   /** Callbacks to invoke when an instance is destroyed. */
@@ -13775,11 +13780,6 @@ var App = class {
     this.callerDir = callerDir || process.cwd();
     this.config = config;
     this.isDev = config.dev ?? process.env.NODE_ENV === "development";
-    this.resourceCacheConfig = {
-      maxSize: config.resourceCache?.maxSize ?? 100,
-      ttlMs: config.resourceCache?.ttlMs ?? 0,
-      enabled: config.resourceCache?.enabled ?? true
-    };
     if (this.isDev && config.hmrPort) {
       this.hmrPort = config.hmrPort;
     }
@@ -13977,6 +13977,46 @@ var App = class {
   getTransportSessionCount() {
     return this.transports.size;
   }
+  // ==========================================================================
+  // Public API: Serverless Adapters
+  // ==========================================================================
+  /**
+   * Get the app configuration.
+   */
+  getConfig() {
+    return this.config;
+  }
+  /**
+   * Get all tool definitions.
+   */
+  getToolDefinitions() {
+    return this.tools;
+  }
+  /**
+   * Get all resource definitions.
+   */
+  getResourceDefinitions() {
+    return this.resources;
+  }
+  /**
+   * Create a Vercel MCP adapter configuration.
+   * For use with Vercel's `mcp-handler` package.
+   *
+   * Note: This returns a configuration callback. The implementation
+   * is inline to avoid circular dependencies.
+   */
+  toVercelMcp(options) {
+    return this.createServerlessConfig(options);
+  }
+  /**
+   * Create an AWS Lambda handler.
+   *
+   * Note: This returns a Lambda handler function. The implementation
+   * is inline to avoid circular dependencies.
+   */
+  toAwsLambda(options) {
+    return this.createLambdaHandler(options);
+  }
   /**
    * Close a specific transport session.
    */
@@ -13993,36 +14033,245 @@ var App = class {
   // ==========================================================================
   // Public API: Resource Cache
   // ==========================================================================
+  // Private: Configuration Helpers
+  // ==========================================================================
+  getPort() {
+    return this.config.port || parseInt(process.env.MCP_PORT || process.env.PORT || "3000", 10);
+  }
+  getCallerDir() {
+    return this.callerDir;
+  }
+  // ==========================================================================
+  // Private: Serverless Adapter Helpers
+  // ==========================================================================
   /**
-   * Clear all cached resource content.
+   * Create a ToolContext for serverless environments.
+   * Shared between Vercel and Lambda adapters to avoid duplication.
    */
-  clearResourceCache() {
-    this.resourceCache.clear();
-  }
   /**
-   * Clear a specific resource from the cache.
+   * In-memory state for serverless when no external adapter provided.
+   * Only useful for local development - won't persist across invocations in production.
    */
-  clearResourceCacheEntry(uri) {
-    return this.resourceCache.delete(uri);
+  serverlessMemoryState = /* @__PURE__ */ new Map();
+  serverlessStateWarningLogged = false;
+  serverlessRealtimeWarningLogged = false;
+  createServerlessContext({
+    instanceId,
+    creatureToken,
+    stateAdapter,
+    realtimeAdapter
+  }) {
+    const websocketUrl = realtimeAdapter?.getWebSocketUrl?.(instanceId);
+    const app = this;
+    return {
+      instanceId,
+      creatureToken,
+      getState: () => {
+        if (stateAdapter) {
+          return void 0;
+        }
+        if (!app.serverlessStateWarningLogged) {
+          console.warn("[MCP] Using in-memory state - won't persist in production serverless");
+          app.serverlessStateWarningLogged = true;
+        }
+        return app.serverlessMemoryState.get(instanceId);
+      },
+      setState: (state) => {
+        if (stateAdapter) {
+          stateAdapter.set(instanceId, state);
+          return;
+        }
+        if (!app.serverlessStateWarningLogged) {
+          console.warn("[MCP] Using in-memory state - won't persist in production serverless");
+          app.serverlessStateWarningLogged = true;
+        }
+        app.serverlessMemoryState.set(instanceId, state);
+      },
+      send: (message) => {
+        if (realtimeAdapter) {
+          realtimeAdapter.send(instanceId, message);
+          return;
+        }
+        if (!app.serverlessRealtimeWarningLogged) {
+          console.warn("[MCP] Realtime disabled - provide realtimeAdapter for production");
+          app.serverlessRealtimeWarningLogged = true;
+        }
+      },
+      onMessage: (_handler) => {
+        if (realtimeAdapter) {
+          realtimeAdapter.subscribe(instanceId, _handler);
+          return;
+        }
+        if (!app.serverlessRealtimeWarningLogged) {
+          console.warn("[MCP] Realtime disabled - provide realtimeAdapter for production");
+          app.serverlessRealtimeWarningLogged = true;
+        }
+      },
+      onConnect: (_handler) => {
+        if (realtimeAdapter) {
+          return;
+        }
+      },
+      websocketUrl
+    };
   }
   /**
-   * Get resource cache statistics.
+   * Format tool result for serverless response.
+   * Shared between Vercel and Lambda adapters.
    */
-  getResourceCacheStats() {
+  formatServerlessResult(result, instanceId, websocketUrl) {
+    const text = result.text || JSON.stringify(result.data || {});
     return {
-      size: this.resourceCache.size,
-      maxSize: this.resourceCacheConfig.maxSize,
-      enabled: this.resourceCacheConfig.enabled
+      content: [{ type: "text", text }],
+      structuredContent: {
+        ...result.data,
+        instanceId,
+        ...websocketUrl && { websocketUrl }
+      },
+      _meta: { "openai/widgetSessionId": instanceId },
+      ...result.isError && { isError: true }
     };
   }
-  // ==========================================================================
-  // Private: Configuration Helpers
-  // ==========================================================================
-  getPort() {
-    return this.config.port || parseInt(process.env.MCP_PORT || process.env.PORT || "3000", 10);
+  /**
+   * Create a Vercel MCP configuration callback.
+   * Returns a function compatible with Vercel's mcp-handler createMcpHandler.
+   */
+  createServerlessConfig(options) {
+    const { stateAdapter, realtimeAdapter } = options || {};
+    const app = this;
+    return function mcpConfig(server, _context) {
+      for (const [name, definition] of app.tools) {
+        const { config: toolConfig, handler } = definition;
+        const inputSchema = toolConfig.input || z2.object({});
+        const hasUi = !!toolConfig.ui;
+        server.registerTool(
+          name,
+          {
+            title: name,
+            description: toolConfig.description + (hasUi ? " Returns instanceId for the widget." : ""),
+            inputSchema
+          },
+          async (args) => {
+            try {
+              const creatureToken = args._creatureToken;
+              const { _creatureToken: _, ...cleanArgs } = args;
+              const input = toolConfig.input ? toolConfig.input.parse(cleanArgs) : cleanArgs;
+              const instanceId = cleanArgs.instanceId || app.generateInstanceId();
+              const context = app.createServerlessContext({ instanceId, creatureToken, stateAdapter, realtimeAdapter });
+              const result = await handler(input, context);
+              return app.formatServerlessResult(result, instanceId, context.websocketUrl);
+            } catch (error) {
+              const err = error instanceof Error ? error : new Error(String(error));
+              return { content: [{ type: "text", text: err.message }], isError: true };
+            }
+          }
+        );
+      }
+    };
   }
-  getCallerDir() {
-    return this.callerDir;
+  /**
+   * Create an AWS Lambda handler function.
+   */
+  createLambdaHandler(options) {
+    const { stateAdapter, realtimeAdapter } = options || {};
+    const app = this;
+    return async (event, _lambdaContext) => {
+      const corsHeaders = {
+        "Access-Control-Allow-Origin": "*",
+        "Access-Control-Allow-Methods": "GET, POST, DELETE, OPTIONS",
+        "Access-Control-Allow-Headers": "Content-Type, Accept, Mcp-Session-Id",
+        "Content-Type": "application/json"
+      };
+      if (event.httpMethod === "OPTIONS") {
+        return { statusCode: 204, headers: corsHeaders, body: "" };
+      }
+      let body = {};
+      if (event.body) {
+        try {
+          body = JSON.parse(
+            event.isBase64Encoded ? Buffer.from(event.body, "base64").toString() : event.body
+          );
+        } catch {
+          return {
+            statusCode: 400,
+            headers: corsHeaders,
+            body: JSON.stringify({ jsonrpc: "2.0", error: { code: -32700, message: "Parse error" }, id: null })
+          };
+        }
+      }
+      try {
+        const method = body.method;
+        const params = body.params;
+        const id = body.id;
+        if (method === "initialize") {
+          return {
+            statusCode: 200,
+            headers: corsHeaders,
+            body: JSON.stringify({
+              jsonrpc: "2.0",
+              result: {
+                protocolVersion: "2024-11-05",
+                serverInfo: { name: app.config.name, version: app.config.version },
+                capabilities: { tools: {}, resources: {} }
+              },
+              id
+            })
+          };
+        }
+        if (method === "tools/list") {
+          const tools = [];
+          for (const [name, definition] of app.tools) {
+            tools.push({
+              name,
+              description: definition.config.description,
+              inputSchema: { type: "object" }
+            });
+          }
+          return {
+            statusCode: 200,
+            headers: corsHeaders,
+            body: JSON.stringify({ jsonrpc: "2.0", result: { tools }, id })
+          };
+        }
+        if (method === "tools/call") {
+          const toolName = params?.name;
+          const args = params?.arguments || {};
+          const definition = app.tools.get(toolName);
+          if (!definition) {
+            return {
+              statusCode: 200,
+              headers: corsHeaders,
+              body: JSON.stringify({ jsonrpc: "2.0", error: { code: -32601, message: `Tool not found: ${toolName}` }, id })
+            };
+          }
+          const { config: toolConfig, handler } = definition;
+          const creatureToken = args._creatureToken;
+          const { _creatureToken: _, ...cleanArgs } = args;
+          const input = toolConfig.input ? toolConfig.input.parse(cleanArgs) : cleanArgs;
+          const instanceId = cleanArgs.instanceId || app.generateInstanceId();
+          const context = app.createServerlessContext({ instanceId, creatureToken, stateAdapter, realtimeAdapter });
+          const result = await handler(input, context);
+          const formatted = app.formatServerlessResult(result, instanceId, context.websocketUrl);
+          return {
+            statusCode: 200,
+            headers: corsHeaders,
+            body: JSON.stringify({ jsonrpc: "2.0", result: formatted, id })
+          };
+        }
+        return {
+          statusCode: 200,
+          headers: corsHeaders,
+          body: JSON.stringify({ jsonrpc: "2.0", error: { code: -32601, message: `Method not found: ${method}` }, id })
+        };
+      } catch (error) {
+        const err = error instanceof Error ? error : new Error(String(error));
+        return {
+          statusCode: 500,
+          headers: corsHeaders,
+          body: JSON.stringify({ jsonrpc: "2.0", error: { code: -32603, message: err.message }, id: body.id ?? null })
+        };
+      }
+    };
   }
   getHmrPort() {
     if (!this.isDev) return null;
@@ -14091,31 +14340,6 @@ var App = class {
     return true;
   }
   // ==========================================================================
-  // Private: Resource Cache
-  // ==========================================================================
-  getCachedResource(uri) {
-    if (!this.resourceCacheConfig.enabled) return null;
-    const cached = this.resourceCache.get(uri);
-    if (!cached) return null;
-    const { ttlMs } = this.resourceCacheConfig;
-    if (ttlMs > 0 && Date.now() - cached.timestamp > ttlMs) {
-      this.resourceCache.delete(uri);
-      return null;
-    }
-    return cached.html;
-  }
-  setCachedResource(uri, html) {
-    if (!this.resourceCacheConfig.enabled) return;
-    const { maxSize } = this.resourceCacheConfig;
-    if (this.resourceCache.size >= maxSize) {
-      const oldestKey = this.resourceCache.keys().next().value;
-      if (oldestKey) {
-        this.resourceCache.delete(oldestKey);
-      }
-    }
-    this.resourceCache.set(uri, { html, timestamp: Date.now() });
-  }
-  // ==========================================================================
   // Private: Express Server
   // ==========================================================================
   createExpressApp() {
@@ -14314,10 +14538,12 @@ var App = class {
         },
         async (args) => {
           try {
-            const input = config.input ? config.input.parse(args) : args;
+            const creatureToken = args._creatureToken;
+            const { _creatureToken: _, ...cleanArgs } = args;
+            const input = config.input ? config.input.parse(cleanArgs) : cleanArgs;
             let instanceId;
             if (hasUi && config.ui) {
-              instanceId = this.resolveInstanceId(config.ui, args.instanceId);
+              instanceId = this.resolveInstanceId(config.ui, cleanArgs.instanceId);
             }
             const resource = config.ui ? this.resources.get(config.ui) : void 0;
             const hasWebSocket = resource?.config.websocket === true;
@@ -14329,6 +14555,7 @@ var App = class {
             }
             const context = {
               instanceId: instanceId || "",
+              creatureToken,
               getState: () => instanceId ? this.instanceState.get(instanceId) : void 0,
               setState: (state) => {
                 if (instanceId) {
@@ -14398,6 +14625,11 @@ var App = class {
     if (config.completedMessage) {
       toolMeta["openai/toolInvocation/invoked"] = config.completedMessage;
     }
+    if (this.config.auth?.creatureManaged) {
+      toolMeta.creature = {
+        auth: { managed: true }
+      };
+    }
     return toolMeta;
   }
   buildToolDescription(config, inputSchema) {
@@ -14541,13 +14773,100 @@ function wrapServer(server) {
   };
   return server;
 }
+// src/server/auth.ts
+var CreatureTokenError = class extends Error {
+  /** Error code from the verification API */
+  code;
+  constructor({ code, message }) {
+    super(message);
+    this.name = "CreatureTokenError";
+    this.code = code;
+  }
+};
+var DEFAULT_API_URL = "https://api.creature.run";
+var extractToken = (tokenOrHeader) => {
+  const trimmed = tokenOrHeader.trim();
+  if (trimmed.toLowerCase().startsWith("bearer ")) {
+    return trimmed.slice(7).trim();
+  }
+  return trimmed;
+};
+var verifyCreatureToken = async (tokenOrHeader, config) => {
+  if (!tokenOrHeader) {
+    throw new CreatureTokenError({
+      code: "missing_token",
+      message: "No token provided. Expected Authorization header or raw token."
+    });
+  }
+  const token = extractToken(tokenOrHeader);
+  if (!token) {
+    throw new CreatureTokenError({
+      code: "missing_token",
+      message: "Empty token after extraction from Authorization header."
+    });
+  }
+  const apiUrl = config?.apiUrl || DEFAULT_API_URL;
+  const verifyUrl = `${apiUrl}/apps/v1/token/verify`;
+  let response;
+  try {
+    response = await fetch(verifyUrl, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${token}`,
+        "Content-Type": "application/json"
+      }
+    });
+  } catch (err) {
+    throw new CreatureTokenError({
+      code: "network_error",
+      message: `Failed to reach Creature API: ${err instanceof Error ? err.message : "Unknown error"}`
+    });
+  }
+  if (!response.ok) {
+    let errorData = {};
+    try {
+      errorData = await response.json();
+    } catch {
+    }
+    throw new CreatureTokenError({
+      code: errorData.error || "verification_failed",
+      message: errorData.error_description || `Token verification failed (HTTP ${response.status})`
+    });
+  }
+  let data;
+  try {
+    data = await response.json();
+  } catch {
+    throw new CreatureTokenError({
+      code: "invalid_response",
+      message: "Invalid JSON response from Creature API"
+    });
+  }
+  if (!data.valid || !data.claims?.user) {
+    throw new CreatureTokenError({
+      code: "invalid_token",
+      message: "Token is not valid"
+    });
+  }
+  return {
+    user: data.claims.user,
+    organization: data.claims.organization,
+    project: data.claims.project,
+    session: data.claims.session,
+    expiresAt: data.expires_at
+  };
+};
 export {
   App,
+  CreatureTokenError,
   MIME_TYPES,
   createApp,
   htmlLoader,
+  isHtmlContent,
   loadHtml,
   svgToDataUri,
+  verifyCreatureToken,
   wrapServer
 };
 //# sourceMappingURL=index.js.map