@decocms/runtime 0.28.0 → 1.0.0-alpha.10

package/dist/index.js

@@ -1,637 +0,0 @@
-import { DeconfigResource, MCPClient } from './chunk-SHQSNOFL.js';
-export { createMCPFetchStub } from './chunk-SHQSNOFL.js';
-import './chunk-5EYZ2LVM.js';
-import './chunk-3AWMDSOH.js';
-import { DECO_MCP_CLIENT_HEADER } from './chunk-4XSQKJLU.js';
-import './chunk-UHR3BLMF.js';
-import { createMCPServer, State, isWorkflow } from './chunk-UIJGM3NV.js';
-import './chunk-L4OT2YDO.js';
-import { D1Store } from './chunk-ZPUT6RN6.js';
-import './chunk-7ITSLORK.js';
-import './chunk-I7BWSAN6.js';
-import { decodeJwt, jwtVerify } from 'jose';
-import { Mastra } from '@mastra/core';
-import { RuntimeContext } from '@mastra/core/di';
-import { DurableObject } from 'cloudflare:workers';
-
-var DECO_APP_AUTH_COOKIE_NAME = "deco_page_auth";
-var MAX_COOKIE_SIZE = 4e3;
-var StateParser = {
-  parse: (state) => {
-    return JSON.parse(decodeURIComponent(atob(state)));
-  },
-  stringify: (state) => {
-    return btoa(encodeURIComponent(JSON.stringify(state)));
-  }
-};
-var chunkValue = (value) => {
-  if (value.length <= MAX_COOKIE_SIZE) {
-    return [value];
-  }
-  const chunks = [];
-  for (let i = 0; i < value.length; i += MAX_COOKIE_SIZE) {
-    chunks.push(value.slice(i, i + MAX_COOKIE_SIZE));
-  }
-  return chunks;
-};
-var reassembleChunkedCookies = (cookies, baseName) => {
-  if (cookies[baseName]) {
-    return cookies[baseName];
-  }
-  const chunks = [];
-  let index = 0;
-  while (true) {
-    const chunkName = `${baseName}_${index}`;
-    if (!cookies[chunkName]) {
-      break;
-    }
-    chunks.push(cookies[chunkName]);
-    index++;
-  }
-  return chunks.length > 0 ? chunks.join("") : void 0;
-};
-var parseCookies = (cookieHeader) => {
-  const cookies = {};
-  if (!cookieHeader) return cookies;
-  cookieHeader.split(";").forEach((cookie) => {
-    const [name, ...rest] = cookie.trim().split("=");
-    if (name && rest.length > 0) {
-      cookies[name] = decodeURIComponent(rest.join("="));
-    }
-  });
-  return cookies;
-};
-var parseJWK = (jwk) => JSON.parse(atob(jwk));
-var getReqToken = async (req, env) => {
-  const token = () => {
-    const authHeader = req.headers.get("Authorization");
-    if (authHeader) {
-      return authHeader.split(" ")[1];
-    }
-    const cookieHeader = req.headers.get("Cookie");
-    if (cookieHeader) {
-      const cookies = parseCookies(cookieHeader);
-      return reassembleChunkedCookies(cookies, DECO_APP_AUTH_COOKIE_NAME);
-    }
-    return void 0;
-  };
-  const authToken = token();
-  if (!authToken) {
-    return void 0;
-  }
-  env.DECO_API_JWT_PUBLIC_KEY && await jwtVerify(authToken, parseJWK(env.DECO_API_JWT_PUBLIC_KEY), {
-    issuer: "https://api.decocms.com",
-    algorithms: ["RS256"],
-    typ: "JWT"
-  }).catch((err) => {
-    console.error(
-      `[auth-token]: error validating: ${err} ${env.DECO_API_JWT_PUBLIC_KEY}`
-    );
-  });
-  return authToken;
-};
-var handleAuthCallback = async (req, options) => {
-  const url = new URL(req.url);
-  const code = url.searchParams.get("code");
-  const state = url.searchParams.get("state");
-  if (!code) {
-    return new Response("Missing authorization code", { status: 400 });
-  }
-  let next = "/";
-  if (state) {
-    try {
-      const parsedState = StateParser.parse(state);
-      next = parsedState.next || "/";
-    } catch {
-    }
-  }
-  try {
-    const apiUrl = options.apiUrl ?? "https://api.decocms.com";
-    const exchangeResponse = await fetch(`${apiUrl}/apps/code-exchange`, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json"
-      },
-      body: JSON.stringify({
-        code,
-        client_id: options.appName
-      })
-    });
-    if (!exchangeResponse.ok) {
-      console.error(
-        "authentication failed",
-        code,
-        options.appName,
-        await exchangeResponse.text().catch((_) => "")
-      );
-      return new Response("Authentication failed", { status: 401 });
-    }
-    const { access_token } = await exchangeResponse.json();
-    if (!access_token) {
-      return new Response("No access token received", { status: 401 });
-    }
-    const chunks = chunkValue(access_token);
-    const headers = new Headers();
-    headers.set("Location", next);
-    if (chunks.length === 1) {
-      headers.set(
-        "Set-Cookie",
-        `${DECO_APP_AUTH_COOKIE_NAME}=${access_token}; HttpOnly; SameSite=None; Secure; Path=/`
-      );
-    } else {
-      chunks.forEach((chunk, index) => {
-        headers.append(
-          "Set-Cookie",
-          `${DECO_APP_AUTH_COOKIE_NAME}_${index}=${chunk}; HttpOnly; SameSite=None; Secure; Path=/`
-        );
-      });
-    }
-    return new Response(null, {
-      status: 302,
-      headers
-    });
-  } catch (err) {
-    return new Response(`Authentication failed ${err}`, { status: 500 });
-  }
-};
-var removeAuthCookie = (headers) => {
-  headers.append(
-    "Set-Cookie",
-    `${DECO_APP_AUTH_COOKIE_NAME}=; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=0`
-  );
-  for (let i = 0; i < 10; i++) {
-    headers.append(
-      "Set-Cookie",
-      `${DECO_APP_AUTH_COOKIE_NAME}_${i}=; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=0`
-    );
-  }
-};
-var handleLogout = (req) => {
-  const url = new URL(req.url);
-  const next = url.searchParams.get("next");
-  const redirectTo = new URL("/", url);
-  const headers = new Headers();
-  removeAuthCookie(headers);
-  headers.set("Location", next ?? redirectTo.href);
-  return new Response(null, {
-    status: 302,
-    headers
-  });
-};
-
-// src/bindings.ts
-var normalizeWorkspace = (workspace) => {
-  if (workspace.startsWith("/users")) {
-    return workspace;
-  }
-  if (workspace.startsWith("/shared")) {
-    return workspace;
-  }
-  if (workspace.includes("/")) {
-    return workspace;
-  }
-  return `/shared/${workspace}`;
-};
-var createAppsUrl = ({
-  appName,
-  decoChatApiUrl
-}) => new URL(
-  `/apps/mcp?appName=${appName}`,
-  decoChatApiUrl ?? "https://api.decocms.com"
-).href;
-var createIntegrationsUrl = ({
-  integrationId,
-  workspace,
-  decoCmsApiUrl,
-  branch
-}) => {
-  const base = `${normalizeWorkspace(workspace)}/${integrationId}/mcp`;
-  const url = new URL(base, decoCmsApiUrl ?? "https://api.decocms.com");
-  branch && url.searchParams.set("branch", branch);
-  return url.href;
-};
-var workspaceClient = (ctx) => {
-  return MCPClient.forWorkspace(ctx.workspace, ctx.token);
-};
-var mcpClientForAppName = (appName, decoChatApiUrl) => {
-  const mcpConnection = {
-    type: "HTTP",
-    url: createAppsUrl({
-      appName,
-      decoChatApiUrl
-    })
-  };
-  return MCPClient.forConnection(mcpConnection);
-};
-var proxyConnectionForId = (integrationId, ctx, decoChatApiUrl, appName) => {
-  let headers = appName ? { "x-caller-app": appName } : void 0;
-  if (ctx.cookie) {
-    headers ??= {};
-    headers.cookie = ctx.cookie;
-  }
-  return {
-    type: "HTTP",
-    url: createIntegrationsUrl({
-      integrationId,
-      workspace: ctx.workspace,
-      decoCmsApiUrl: decoChatApiUrl,
-      branch: ctx.branch
-    }),
-    token: ctx.token,
-    headers
-  };
-};
-var mcpClientForIntegrationId = (integrationId, ctx, decoChatApiUrl, appName) => {
-  const mcpConnection = proxyConnectionForId(
-    integrationId,
-    ctx,
-    decoChatApiUrl,
-    appName
-  );
-  return MCPClient.forConnection(mcpConnection);
-};
-function mcpClientFromState(binding, env) {
-  const ctx = env.DECO_REQUEST_CONTEXT;
-  const bindingFromState = ctx?.state?.[binding.name];
-  const integrationId = bindingFromState && typeof bindingFromState === "object" && "value" in bindingFromState ? bindingFromState.value : void 0;
-  if (typeof integrationId !== "string" && "integration_name" in binding) {
-    return mcpClientForAppName(binding.integration_name, env.DECO_API_URL);
-  }
-  return mcpClientForIntegrationId(
-    integrationId,
-    ctx,
-    env.DECO_API_URL,
-    env.DECO_APP_NAME
-  );
-}
-var createContractBinding = (binding, env) => {
-  return mcpClientFromState(binding, env);
-};
-var createIntegrationBinding = (binding, env) => {
-  const integrationId = "integration_id" in binding ? binding.integration_id : void 0;
-  if (!integrationId) {
-    return mcpClientFromState(binding, env);
-  }
-  return mcpClientForIntegrationId(
-    integrationId,
-    {
-      workspace: env.DECO_WORKSPACE,
-      token: env.DECO_API_TOKEN,
-      branch: env.DECO_REQUEST_CONTEXT?.branch
-    },
-    env.DECO_API_URL,
-    env.DECO_APP_NAME
-  );
-};
-
-// src/workflow.ts
-var createRuntimeContext = (env, ctx) => {
-  const runtimeContext = new RuntimeContext();
-  runtimeContext.set("env", env);
-  runtimeContext.set("ctx", ctx);
-  return runtimeContext;
-};
-var Workflow = (server, workflows) => {
-  return class Workflow extends DurableObject {
-    constructor(ctx, env) {
-      super(ctx, env);
-      this.ctx = ctx;
-      this.env = env;
-    }
-    bindings(ctx) {
-      return withBindings({
-        env: this.env,
-        server,
-        tokenOrContext: ctx
-      });
-    }
-    runWithContext(ctx, f) {
-      const bindings = this.bindings(ctx);
-      return State.run(
-        {
-          ctx: {
-            waitUntil: this.ctx.waitUntil.bind(this.ctx)
-          },
-          env: this.bindings(ctx)
-        },
-        () => f(bindings)
-      );
-    }
-    async #getWorkflow(workflowId, bindings) {
-      const bindedWorkflows = await Promise.all(
-        workflows?.map(async (workflow) => {
-          const workflowResult = workflow(bindings);
-          if (isWorkflow(workflowResult)) {
-            return { workflow: workflowResult };
-          }
-          return await workflowResult;
-        }) ?? []
-      );
-      const workflowsMap = Object.fromEntries(
-        bindedWorkflows.map((w) => [w.workflow.id, w.workflow])
-      );
-      const d1Storage = new D1Store({
-        client: bindings.DECO_WORKSPACE_DB
-      });
-      const mastra = new Mastra({
-        storage: d1Storage,
-        workflows: {
-          [workflowId]: workflowsMap[workflowId]
-        },
-        telemetry: {
-          enabled: true,
-          serviceName: `app-${this.env.DECO_CHAT_SCRIPT_SLUG ?? this.env.DECO_APP_SLUG}`
-        }
-      });
-      return { workflow: mastra.getWorkflow(workflowId) };
-    }
-    start({ workflowId, runId, args, ctx }) {
-      return this.runWithContext(ctx, async (bindings) => {
-        const { workflow } = await this.#getWorkflow(workflowId, bindings);
-        const run = await workflow.createRunAsync({
-          runId: this.ctx.id.name ?? runId
-        });
-        const promise = run.start({
-          inputData: args,
-          runtimeContext: createRuntimeContext(bindings, this.ctx)
-        });
-        this.ctx.waitUntil(
-          promise.then(() => {
-            console.debug("workflow", run.runId, "finished successfully");
-          }).catch((e) => {
-            console.error("workflow", run.runId, "finished with error", e);
-            throw e;
-          })
-        );
-        return {
-          runId: run.runId
-        };
-      });
-    }
-    cancel({ workflowId, runId, ctx }) {
-      return this.runWithContext(ctx, async () => {
-        const { workflow } = await this.#getWorkflow(
-          workflowId,
-          this.bindings(ctx)
-        );
-        const run = await workflow.createRunAsync({
-          runId: this.ctx.id.name ?? runId
-        });
-        this.ctx.waitUntil(run.cancel());
-        return {
-          cancelled: true
-        };
-      });
-    }
-    resume({ workflowId, runId, resumeData, stepId, ctx }) {
-      return this.runWithContext(ctx, async (bindings) => {
-        const { workflow } = await this.#getWorkflow(workflowId, bindings);
-        const run = await workflow.createRunAsync({
-          runId: this.ctx.id.name ?? runId
-        });
-        this.ctx.waitUntil(
-          run.resume({
-            resumeData,
-            step: stepId,
-            runtimeContext: createRuntimeContext(bindings, this.ctx)
-          })
-        );
-        return {
-          resumed: true
-        };
-      });
-    }
-  };
-};
-
-// src/index.ts
-var WorkersMCPBindings = {
-  parse: (bindings) => {
-    if (!bindings) return [];
-    try {
-      return JSON.parse(atob(bindings));
-    } catch {
-      return [];
-    }
-  },
-  stringify: (bindings) => {
-    return btoa(JSON.stringify(bindings));
-  }
-};
-var creatorByType = {
-  mcp: createIntegrationBinding,
-  contract: createContractBinding
-};
-var withDefaultBindings = ({
-  env,
-  server,
-  ctx,
-  url
-}) => {
-  const client = workspaceClient(ctx);
-  const createWorkspaceDB = (ctx2) => {
-    const client2 = workspaceClient(ctx2);
-    return {
-      query: ({ sql, params }) => {
-        return client2.DATABASES_RUN_SQL({
-          sql,
-          params
-        });
-      }
-    };
-  };
-  env["SELF"] = new Proxy(
-    {},
-    {
-      get: (_, prop) => {
-        if (prop === "toJSON") {
-          return null;
-        }
-        return async (args) => {
-          return await server.callTool({
-            toolCallId: prop,
-            toolCallInput: args
-          });
-        };
-      }
-    }
-  );
-  const workspaceDbBinding = {
-    ...createWorkspaceDB(ctx),
-    forContext: createWorkspaceDB
-  };
-  env["DECO_API"] = MCPClient;
-  env["DECO_WORKSPACE_API"] = client;
-  env["DECO_WORKSPACE_DB"] = workspaceDbBinding;
-  env["DECO_CHAT_API"] = MCPClient;
-  env["DECO_CHAT_WORKSPACE_API"] = client;
-  env["DECO_CHAT_WORKSPACE_DB"] = workspaceDbBinding;
-  env["IS_LOCAL"] = (url?.startsWith("http://localhost") || url?.startsWith("http://127.0.0.1")) ?? false;
-};
-var UnauthorizedError = class extends Error {
-  constructor(message, redirectTo) {
-    super(message);
-    this.redirectTo = redirectTo;
-    this.name = "UnauthorizedError";
-  }
-};
-var AUTH_CALLBACK_ENDPOINT = "/oauth/callback";
-var AUTH_START_ENDPOINT = "/oauth/start";
-var AUTH_LOGOUT_ENDPOINT = "/oauth/logout";
-var AUTHENTICATED = (user, workspace) => () => {
-  return {
-    ...user ?? {},
-    workspace
-  };
-};
-var withBindings = ({
-  env: _env,
-  server,
-  tokenOrContext,
-  origin,
-  url,
-  branch
-}) => {
-  branch ??= void 0;
-  const env = _env;
-  const apiUrl = env.DECO_API_URL ?? "https://api.decocms.com";
-  let context;
-  if (typeof tokenOrContext === "string") {
-    const decoded = decodeJwt(tokenOrContext);
-    const workspace = decoded.aud;
-    context = {
-      state: decoded.state,
-      token: tokenOrContext,
-      integrationId: decoded.integrationId,
-      workspace,
-      ensureAuthenticated: AUTHENTICATED(decoded.user, workspace),
-      branch
-    };
-  } else if (typeof tokenOrContext === "object") {
-    context = tokenOrContext;
-    const decoded = decodeJwt(tokenOrContext.token);
-    const workspace = decoded.aud;
-    const appName = decoded.appName;
-    context.callerApp = appName;
-    context.integrationId ??= decoded.integrationId;
-    context.ensureAuthenticated = AUTHENTICATED(decoded.user, workspace);
-  } else {
-    context = {
-      state: void 0,
-      token: env.DECO_API_TOKEN,
-      workspace: env.DECO_WORKSPACE,
-      branch,
-      ensureAuthenticated: (options) => {
-        const workspaceHint = options?.workspaceHint ?? env.DECO_WORKSPACE;
-        const authUri = new URL("/apps/oauth", apiUrl);
-        authUri.searchParams.set("client_id", env.DECO_APP_NAME);
-        authUri.searchParams.set(
-          "redirect_uri",
-          new URL(AUTH_CALLBACK_ENDPOINT, origin ?? env.DECO_APP_ENTRYPOINT).href
-        );
-        workspaceHint && authUri.searchParams.set("workspace_hint", workspaceHint);
-        throw new UnauthorizedError("Unauthorized", authUri);
-      }
-    };
-  }
-  env.DECO_REQUEST_CONTEXT = context;
-  env.DECO_CHAT_REQUEST_CONTEXT = context;
-  const bindings = WorkersMCPBindings.parse(env.DECO_BINDINGS);
-  for (const binding of bindings) {
-    env[binding.name] = creatorByType[binding.type](binding, env);
-  }
-  withDefaultBindings({
-    env,
-    server,
-    ctx: env.DECO_REQUEST_CONTEXT,
-    url
-  });
-  return env;
-};
-var withRuntime = (userFns) => {
-  const server = createMCPServer(userFns);
-  const fetcher = async (req, env, ctx) => {
-    const url = new URL(req.url);
-    if (url.pathname === AUTH_CALLBACK_ENDPOINT) {
-      return handleAuthCallback(req, {
-        apiUrl: env.DECO_API_URL,
-        appName: env.DECO_APP_NAME
-      });
-    }
-    if (url.pathname === AUTH_START_ENDPOINT) {
-      env.DECO_REQUEST_CONTEXT.ensureAuthenticated();
-      const redirectTo = new URL("/", url);
-      const next = url.searchParams.get("next");
-      return Response.redirect(next ?? redirectTo, 302);
-    }
-    if (url.pathname === AUTH_LOGOUT_ENDPOINT) {
-      return handleLogout(req);
-    }
-    if (url.pathname === "/mcp") {
-      return server.fetch(req, env, ctx);
-    }
-    if (url.pathname.startsWith("/mcp/call-tool")) {
-      const toolCallId = url.pathname.split("/").pop();
-      if (!toolCallId) {
-        return new Response("Not found", { status: 404 });
-      }
-      const toolCallInput = await req.json();
-      const result = await server.callTool({
-        toolCallId,
-        toolCallInput
-      });
-      if (result instanceof Response) {
-        return result;
-      }
-      return new Response(JSON.stringify(result), {
-        headers: {
-          "Content-Type": "application/json"
-        }
-      });
-    }
-    if (url.pathname.startsWith(DeconfigResource.WatchPathNameBase)) {
-      return DeconfigResource.watchAPI(req, env);
-    }
-    return userFns.fetch?.(req, env, ctx) || new Response("Not found", { status: 404 });
-  };
-  return {
-    Workflow: Workflow(server, userFns.workflows),
-    fetch: async (req, env, ctx) => {
-      const referer = req.headers.get("referer");
-      const isFetchRequest = req.headers.has(DECO_MCP_CLIENT_HEADER);
-      try {
-        const bindings = withBindings({
-          env,
-          server,
-          branch: req.headers.get("x-deco-branch") ?? new URL(req.url).searchParams.get("__b"),
-          tokenOrContext: await getReqToken(req, env),
-          origin: referer ?? req.headers.get("origin") ?? new URL(req.url).origin,
-          url: req.url
-        });
-        return await State.run(
-          { req, env: bindings, ctx },
-          async () => await fetcher(req, bindings, ctx)
-        );
-      } catch (error) {
-        if (error instanceof UnauthorizedError) {
-          if (!isFetchRequest) {
-            const url = new URL(req.url);
-            error.redirectTo.searchParams.set(
-              "state",
-              StateParser.stringify({
-                next: url.searchParams.get("next") ?? referer ?? req.url
-              })
-            );
-            return Response.redirect(error.redirectTo, 302);
-          }
-          return new Response(null, { status: 401 });
-        }
-        throw error;
-      }
-    }
-  };
-};
-
-export { UnauthorizedError, WorkersMCPBindings, proxyConnectionForId, withBindings, withRuntime };
-//# sourceMappingURL=index.js.map
-//# sourceMappingURL=index.js.map