@decocms/runtime 0.24.0 → 0.25.1

package/src/drizzle.ts

@@ -0,0 +1,201 @@
+import type { DrizzleConfig } from "drizzle-orm";
+import {
+  drizzle as drizzleProxy,
+  type SqliteRemoteDatabase,
+} from "drizzle-orm/sqlite-proxy";
+import { QueryResult } from "./mcp.ts";
+export * from "drizzle-orm/sqlite-core";
+export * as orm from "drizzle-orm";
+import { sql } from "drizzle-orm";
+import { DefaultEnv } from "./index.ts";
+
+const mapGetResult = ({ result: [page] }: { result: QueryResult[] }) => {
+  return page.results ?? [];
+};
+
+const mapPostResult = ({ result }: { result: QueryResult[] }) => {
+  return (
+    result
+      .map((page) => page.results ?? [])
+      .flat()
+      // @ts-expect-error - this is ok, result comes as unknown
+      .map(Object.values)
+  );
+};
+
+export function drizzle<
+  TSchema extends Record<string, unknown> = Record<string, never>,
+>(
+  { DECO_WORKSPACE_DB }: Pick<DefaultEnv, "DECO_WORKSPACE_DB">,
+  config?: DrizzleConfig<TSchema>,
+) {
+  return drizzleProxy((sql, params, method) => {
+    // https://orm.drizzle.team/docs/connect-drizzle-proxy says
+    // Drizzle always waits for {rows: string[][]} or {rows: string[]} for the return value.
+    // When the method is get, you should return a value as {rows: string[]}.
+    // Otherwise, you should return {rows: string[][]}.
+    const asRows = method === "get" ? mapGetResult : mapPostResult;
+    return DECO_WORKSPACE_DB.query({
+      sql,
+      params,
+    }).then((result) => ({ rows: asRows(result) }));
+  }, config);
+}
+
+/**
+ * The following code is a custom migration system tweaked
+ * from the durable-sqlite original migrator.
+ *
+ * @see https://github.com/drizzle-team/drizzle-orm/blob/main/drizzle-orm/src/durable-sqlite/migrator.ts
+ *
+ * It applies the migrations without transactions, as a workaround
+ * while we don't have remote transactions support on the
+ * workspace database durable object. Not ideal and we should
+ * look into implementing some way of doing transactions soon.
+ */
+
+export interface MigrationMeta {
+  sql: string[];
+  folderMillis: number;
+  hash: string;
+  bps: boolean;
+}
+
+export interface MigrationConfig {
+  journal: {
+    entries: { idx: number; when: number; tag: string; breakpoints: boolean }[];
+  };
+  migrations: Record<string, string>;
+  debug?: boolean;
+}
+
+function readMigrationFiles({
+  journal,
+  migrations,
+}: MigrationConfig): MigrationMeta[] {
+  const migrationQueries: MigrationMeta[] = [];
+
+  for (const journalEntry of journal.entries) {
+    const query =
+      migrations[`m${journalEntry.idx.toString().padStart(4, "0")}`];
+
+    if (!query) {
+      throw new Error(`Missing migration: ${journalEntry.tag}`);
+    }
+
+    try {
+      const result = query.split("--> statement-breakpoint").map((it) => {
+        return it;
+      });
+
+      migrationQueries.push({
+        sql: result,
+        bps: journalEntry.breakpoints,
+        folderMillis: journalEntry.when,
+        hash: "",
+      });
+    } catch {
+      throw new Error(`Failed to parse migration: ${journalEntry.tag}`);
+    }
+  }
+
+  return migrationQueries;
+}
+
+export async function migrateWithoutTransaction(
+  db: SqliteRemoteDatabase,
+  config: MigrationConfig,
+): Promise<void> {
+  const debug = config.debug ?? false;
+
+  if (debug) console.log("Migrating database");
+  const migrations = readMigrationFiles(config);
+  if (debug) console.log("Migrations", migrations);
+
+  try {
+    if (debug) console.log("Setting up migrations table");
+    const migrationsTable = "__drizzle_migrations";
+
+    // Create migrations table if it doesn't exist
+    // Note: Changed from SERIAL to INTEGER PRIMARY KEY AUTOINCREMENT for SQLite compatibility
+    const migrationTableCreate = sql`
+            CREATE TABLE IF NOT EXISTS ${sql.identifier(migrationsTable)} (
+                id INTEGER PRIMARY KEY AUTOINCREMENT,
+                hash text NOT NULL,
+                created_at numeric
+            )
+        `;
+    await db.run(migrationTableCreate);
+
+    // Get the last applied migration
+    const dbMigrations = await db.values<[number, string, string]>(
+      sql`SELECT id, hash, created_at FROM ${sql.identifier(
+        migrationsTable,
+      )} ORDER BY created_at DESC LIMIT 1`,
+    );
+
+    const lastDbMigration = dbMigrations[0] ?? undefined;
+    if (debug) console.log("Last applied migration:", lastDbMigration);
+
+    // Apply pending migrations sequentially (without transaction wrapper)
+    for (const migration of migrations) {
+      const hasNoMigrations =
+        lastDbMigration === undefined || !lastDbMigration.length;
+      if (
+        hasNoMigrations ||
+        Number(lastDbMigration[2])! < migration.folderMillis
+      ) {
+        if (debug) console.log(`Applying migration: ${migration.folderMillis}`);
+
+        try {
+          // Execute all statements in the migration
+          for (const stmt of migration.sql) {
+            if (stmt.trim()) {
+              // Skip empty statements
+              if (debug) {
+                console.log("Executing:", stmt.substring(0, 100) + "...");
+              }
+              await db.run(sql.raw(stmt));
+            }
+          }
+
+          // Record successful migration
+          await db.run(
+            sql`INSERT INTO ${sql.identifier(
+              migrationsTable,
+            )} ("hash", "created_at") VALUES(${migration.hash}, ${migration.folderMillis})`,
+          );
+
+          if (debug) {
+            console.log(
+              `✅ Migration ${migration.folderMillis} applied successfully`,
+            );
+          }
+        } catch (migrationError: unknown) {
+          console.error(
+            `❌ Migration ${migration.folderMillis} failed:`,
+            migrationError,
+          );
+          throw new Error(
+            `Migration failed at ${migration.folderMillis}: ${
+              migrationError instanceof Error
+                ? migrationError.message
+                : String(migrationError)
+            }`,
+          );
+        }
+      } else {
+        if (debug) {
+          console.log(
+            `⏭️ Skipping already applied migration: ${migration.folderMillis}`,
+          );
+        }
+      }
+    }
+
+    if (debug) console.log("✅ All migrations completed successfully");
+  } catch (error: unknown) {
+    console.error("❌ Migration process failed:", error);
+    throw error;
+  }
+}

package/src/http-client-transport.ts

@@ -0,0 +1,66 @@
+import type { JSONRPCMessage } from "@modelcontextprotocol/sdk/types.js";
+import {
+  StreamableHTTPClientTransport,
+  type StreamableHTTPClientTransportOptions,
+} from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+
+export class HTTPClientTransport extends StreamableHTTPClientTransport {
+  constructor(url: URL, opts?: StreamableHTTPClientTransportOptions) {
+    super(url, opts);
+  }
+
+  override send(
+    message: JSONRPCMessage,
+    options?: {
+      resumptionToken?: string;
+      onresumptiontoken?: (token: string) => void;
+    },
+  ): Promise<void> {
+    const mockAction = getMockActionFor(message);
+    if (mockAction?.type === "emit") {
+      this.onmessage?.(mockAction.message);
+      return Promise.resolve();
+    }
+    if (mockAction?.type === "suppress") {
+      return Promise.resolve();
+    }
+    return super.send(message, options);
+  }
+}
+
+type MockAction =
+  | { type: "emit"; message: JSONRPCMessage }
+  | { type: "suppress" };
+
+function getMockActionFor(message: JSONRPCMessage): MockAction | null {
+  const m = message;
+  if (!m || typeof m !== "object" || !("method" in m)) return null;
+
+  switch (m.method) {
+    case "initialize": {
+      const protocolVersion = m?.params?.protocolVersion;
+      if (!protocolVersion) return null;
+      return {
+        type: "emit",
+        message: {
+          result: {
+            protocolVersion,
+            capabilities: { tools: {} },
+            serverInfo: { name: "deco-chat-server", version: "1.0.0" },
+          },
+          jsonrpc: m.jsonrpc ?? "2.0",
+          // @ts-expect-error - id is not typed
+          id: m.id,
+        } as JSONRPCMessage,
+      };
+    }
+    case "notifications/roots/list_changed":
+    case "notifications/initialized":
+    case "notifications/cancelled":
+    case "notifications/progress": {
+      return { type: "suppress" };
+    }
+    default:
+      return null;
+  }
+}

package/src/index.ts

@@ -0,0 +1,409 @@
+/* oxlint-disable no-explicit-any */
+import type { ExecutionContext } from "@cloudflare/workers-types";
+import { decodeJwt } from "jose";
+import type { z } from "zod";
+import {
+  getReqToken,
+  handleAuthCallback,
+  handleLogout,
+  StateParser,
+} from "./auth.ts";
+import {
+  createContractBinding,
+  createIntegrationBinding,
+  workspaceClient,
+} from "./bindings.ts";
+import { DeconfigResource } from "./bindings/deconfig/index.ts";
+import { DECO_MCP_CLIENT_HEADER } from "./client.ts";
+import { DeprecatedEnv } from "./deprecated.ts";
+import {
+  createMCPServer,
+  type CreateMCPServerOptions,
+  MCPServer,
+} from "./mastra.ts";
+import { MCPClient, type QueryResult } from "./mcp.ts";
+import { State } from "./state.ts";
+import type { WorkflowDO } from "./workflow.ts";
+import { Workflow } from "./workflow.ts";
+import type { Binding, ContractBinding, MCPBinding } from "./wrangler.ts";
+export { proxyConnectionForId } from "./bindings.ts";
+export {
+  createMCPFetchStub,
+  type CreateStubAPIOptions,
+  type ToolBinder,
+} from "./mcp.ts";
+export interface WorkspaceDB {
+  query: (params: {
+    sql: string;
+    params: string[];
+  }) => Promise<{ result: QueryResult[] }>;
+}
+
+export interface DefaultEnv<TSchema extends z.ZodTypeAny = any>
+  extends DeprecatedEnv<TSchema> {
+  DECO_REQUEST_CONTEXT: RequestContext<TSchema>;
+  DECO_APP_NAME: string;
+  DECO_APP_SLUG: string;
+  DECO_APP_ENTRYPOINT: string;
+  DECO_API_URL?: string;
+  DECO_WORKSPACE: string;
+  DECO_API_JWT_PUBLIC_KEY: string;
+  DECO_APP_DEPLOYMENT_ID: string;
+  DECO_BINDINGS: string;
+  DECO_API_TOKEN: string;
+  DECO_WORKFLOW_DO: DurableObjectNamespace<WorkflowDO>;
+  DECO_WORKSPACE_DB: WorkspaceDB & {
+    forContext: (ctx: RequestContext) => WorkspaceDB;
+  };
+  IS_LOCAL: boolean;
+  [key: string]: unknown;
+}
+
+export interface BindingsObject {
+  bindings?: Binding[];
+}
+
+export const WorkersMCPBindings = {
+  parse: (bindings?: string): Binding[] => {
+    if (!bindings) return [];
+    try {
+      return JSON.parse(atob(bindings)) as Binding[];
+    } catch {
+      return [];
+    }
+  },
+  stringify: (bindings: Binding[]): string => {
+    return btoa(JSON.stringify(bindings));
+  },
+};
+
+export interface UserDefaultExport<
+  TUserEnv = Record<string, unknown>,
+  TSchema extends z.ZodTypeAny = never,
+  TEnv = TUserEnv & DefaultEnv<TSchema>,
+> extends CreateMCPServerOptions<TEnv, TSchema> {
+  fetch?: (
+    req: Request,
+    env: TEnv,
+    ctx: ExecutionContext,
+  ) => Promise<Response> | Response;
+}
+
+// 1. Map binding type to its interface
+interface BindingTypeMap {
+  mcp: MCPBinding;
+  contract: ContractBinding;
+}
+
+export interface User {
+  id: string;
+  email: string;
+  workspace: string;
+  user_metadata: {
+    avatar_url: string;
+    full_name: string;
+    picture: string;
+    [key: string]: unknown;
+  };
+}
+
+export interface RequestContext<TSchema extends z.ZodTypeAny = any> {
+  state: z.infer<TSchema>;
+  branch?: string;
+  token: string;
+  workspace: string;
+  ensureAuthenticated: (options?: {
+    workspaceHint?: string;
+  }) => User | undefined;
+  callerApp?: string;
+  integrationId?: string;
+}
+
+// 2. Map binding type to its creator function
+type CreatorByType = {
+  [K in keyof BindingTypeMap]: (
+    value: BindingTypeMap[K],
+    env: DefaultEnv,
+  ) => unknown;
+};
+
+// 3. Strongly type creatorByType
+const creatorByType: CreatorByType = {
+  mcp: createIntegrationBinding,
+  contract: createContractBinding,
+};
+
+const withDefaultBindings = ({
+  env,
+  server,
+  ctx,
+  url,
+}: {
+  env: DefaultEnv;
+  server: MCPServer<any, any>;
+  ctx: RequestContext;
+  url?: string;
+}) => {
+  const client = workspaceClient(ctx);
+  const createWorkspaceDB = (ctx: RequestContext): WorkspaceDB => {
+    const client = workspaceClient(ctx);
+    return {
+      query: ({ sql, params }) => {
+        return client.DATABASES_RUN_SQL({
+          sql,
+          params,
+        });
+      },
+    };
+  };
+  env["SELF"] = new Proxy(
+    {},
+    {
+      get: (_, prop) => {
+        if (prop === "toJSON") {
+          return null;
+        }
+
+        return async (args: unknown) => {
+          return await server.callTool({
+            toolCallId: prop as string,
+            toolCallInput: args,
+          });
+        };
+      },
+    },
+  );
+
+  const workspaceDbBinding = {
+    ...createWorkspaceDB(ctx),
+    forContext: createWorkspaceDB,
+  };
+
+  env["DECO_API"] = MCPClient;
+  env["DECO_WORKSPACE_API"] = client;
+  env["DECO_WORKSPACE_DB"] = workspaceDbBinding;
+
+  // Backwards compatibility
+  env["DECO_CHAT_API"] = MCPClient;
+  env["DECO_CHAT_WORKSPACE_API"] = client;
+  env["DECO_CHAT_WORKSPACE_DB"] = workspaceDbBinding;
+
+  env["IS_LOCAL"] =
+    (url?.startsWith("http://localhost") ||
+      url?.startsWith("http://127.0.0.1")) ??
+    false;
+};
+
+export class UnauthorizedError extends Error {
+  constructor(
+    message: string,
+    public redirectTo: URL,
+  ) {
+    super(message);
+    this.name = "UnauthorizedError";
+  }
+}
+
+const AUTH_CALLBACK_ENDPOINT = "/oauth/callback";
+const AUTH_START_ENDPOINT = "/oauth/start";
+const AUTH_LOGOUT_ENDPOINT = "/oauth/logout";
+const AUTHENTICATED = (user?: unknown, workspace?: string) => () => {
+  return {
+    ...((user as User) ?? {}),
+    workspace,
+  } as User;
+};
+
+export const withBindings = <TEnv>({
+  env: _env,
+  server,
+  tokenOrContext,
+  origin,
+  url,
+  branch,
+}: {
+  env: TEnv;
+  server: MCPServer<TEnv, any>;
+  tokenOrContext?: string | RequestContext;
+  origin?: string | null;
+  url?: string;
+  branch?: string | null;
+}): TEnv => {
+  branch ??= undefined;
+  const env = _env as DefaultEnv<any>;
+
+  const apiUrl = env.DECO_API_URL ?? "https://api.decocms.com";
+  let context;
+  if (typeof tokenOrContext === "string") {
+    const decoded = decodeJwt(tokenOrContext);
+    const workspace = decoded.aud as string;
+
+    context = {
+      state: decoded.state as Record<string, unknown>,
+      token: tokenOrContext,
+      integrationId: decoded.integrationId as string,
+      workspace,
+      ensureAuthenticated: AUTHENTICATED(decoded.user, workspace),
+      branch,
+    } as RequestContext<any>;
+  } else if (typeof tokenOrContext === "object") {
+    context = tokenOrContext;
+    const decoded = decodeJwt(tokenOrContext.token);
+    const workspace = decoded.aud as string;
+    const appName = decoded.appName as string | undefined;
+    context.callerApp = appName;
+    context.integrationId ??= decoded.integrationId as string;
+    context.ensureAuthenticated = AUTHENTICATED(decoded.user, workspace);
+  } else {
+    context = {
+      state: undefined,
+      token: env.DECO_API_TOKEN,
+      workspace: env.DECO_WORKSPACE,
+      branch,
+      ensureAuthenticated: (options?: { workspaceHint?: string }) => {
+        const workspaceHint = options?.workspaceHint ?? env.DECO_WORKSPACE;
+        const authUri = new URL("/apps/oauth", apiUrl);
+        authUri.searchParams.set("client_id", env.DECO_APP_NAME);
+        authUri.searchParams.set(
+          "redirect_uri",
+          new URL(AUTH_CALLBACK_ENDPOINT, origin ?? env.DECO_APP_ENTRYPOINT)
+            .href,
+        );
+        workspaceHint &&
+          authUri.searchParams.set("workspace_hint", workspaceHint);
+        throw new UnauthorizedError("Unauthorized", authUri);
+      },
+    };
+  }
+
+  env.DECO_REQUEST_CONTEXT = context;
+  // Backwards compatibility
+  env.DECO_CHAT_REQUEST_CONTEXT = context;
+  const bindings = WorkersMCPBindings.parse(env.DECO_BINDINGS);
+
+  for (const binding of bindings) {
+    env[binding.name] = creatorByType[binding.type](binding as any, env);
+  }
+
+  withDefaultBindings({
+    env,
+    server,
+    ctx: env.DECO_REQUEST_CONTEXT,
+    url,
+  });
+
+  return env as TEnv;
+};
+
+export const withRuntime = <TEnv, TSchema extends z.ZodTypeAny = never>(
+  userFns: UserDefaultExport<TEnv, TSchema>,
+): ExportedHandler<TEnv & DefaultEnv<TSchema>> & {
+  Workflow: ReturnType<typeof Workflow>;
+} => {
+  const server = createMCPServer<TEnv, TSchema>(userFns);
+  const fetcher = async (
+    req: Request,
+    env: TEnv & DefaultEnv<TSchema>,
+    ctx: ExecutionContext,
+  ) => {
+    const url = new URL(req.url);
+    if (url.pathname === AUTH_CALLBACK_ENDPOINT) {
+      return handleAuthCallback(req, {
+        apiUrl: env.DECO_API_URL,
+        appName: env.DECO_APP_NAME,
+      });
+    }
+    if (url.pathname === AUTH_START_ENDPOINT) {
+      env.DECO_REQUEST_CONTEXT.ensureAuthenticated();
+      const redirectTo = new URL("/", url);
+      const next = url.searchParams.get("next");
+      return Response.redirect(next ?? redirectTo, 302);
+    }
+    if (url.pathname === AUTH_LOGOUT_ENDPOINT) {
+      return handleLogout(req);
+    }
+    if (url.pathname === "/mcp") {
+      return server.fetch(req, env, ctx);
+    }
+
+    if (url.pathname.startsWith("/mcp/call-tool")) {
+      const toolCallId = url.pathname.split("/").pop();
+      if (!toolCallId) {
+        return new Response("Not found", { status: 404 });
+      }
+      const toolCallInput = await req.json();
+      const result = await server.callTool({
+        toolCallId,
+        toolCallInput,
+      });
+
+      if (result instanceof Response) {
+        return result;
+      }
+
+      return new Response(JSON.stringify(result), {
+        headers: {
+          "Content-Type": "application/json",
+        },
+      });
+    }
+
+    if (url.pathname.startsWith(DeconfigResource.WatchPathNameBase)) {
+      return DeconfigResource.watchAPI(req, env);
+    }
+    return (
+      userFns.fetch?.(req, env, ctx) ||
+      new Response("Not found", { status: 404 })
+    );
+  };
+  return {
+    Workflow: Workflow(server, userFns.workflows),
+    fetch: async (
+      req: Request,
+      env: TEnv & DefaultEnv<TSchema>,
+      ctx: ExecutionContext,
+    ) => {
+      const referer = req.headers.get("referer");
+      const isFetchRequest = req.headers.has(DECO_MCP_CLIENT_HEADER);
+
+      try {
+        const bindings = withBindings({
+          env,
+          server,
+          branch:
+            req.headers.get("x-deco-branch") ??
+            new URL(req.url).searchParams.get("__b"),
+          tokenOrContext: await getReqToken(req, env),
+          origin:
+            referer ?? req.headers.get("origin") ?? new URL(req.url).origin,
+          url: req.url,
+        });
+        return await State.run(
+          { req, env: bindings, ctx },
+          async () => await fetcher(req, bindings, ctx),
+        );
+      } catch (error) {
+        if (error instanceof UnauthorizedError) {
+          if (!isFetchRequest) {
+            const url = new URL(req.url);
+            error.redirectTo.searchParams.set(
+              "state",
+              StateParser.stringify({
+                next: url.searchParams.get("next") ?? referer ?? req.url,
+              }),
+            );
+            return Response.redirect(error.redirectTo, 302);
+          }
+          return new Response(null, { status: 401 });
+        }
+        throw error;
+      }
+    },
+  };
+};
+
+export {
+  type Contract,
+  type Migration,
+  type WranglerConfig,
+} from "./wrangler.ts";