@decocms/runtime 1.0.0-alpha.10 → 1.0.0-alpha.12

package/src/tools.ts

@@ -0,0 +1,342 @@
+/* oxlint-disable no-explicit-any */
+/* oxlint-disable ban-types */
+import { HttpServerTransport } from "@deco/mcp/http";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { z } from "zod";
+import { zodToJsonSchema } from "zod-to-json-schema";
+import type { DefaultEnv } from "./index.ts";
+import { State } from "./state.ts";
+
+export const createRuntimeContext = (prev?: AppContext) => {
+  const store = State.getStore();
+  if (!store) {
+    if (prev) {
+      return prev;
+    }
+    throw new Error("Missing context, did you forget to call State.bind?");
+  }
+  return store;
+};
+
+export interface ToolExecutionContext<
+  TSchemaIn extends z.ZodTypeAny = z.ZodTypeAny,
+> {
+  context: z.infer<TSchemaIn>;
+  runtimeContext: AppContext;
+}
+
+/**
+ * Tool interface with generic schema types for type-safe tool creation.
+ */
+export interface Tool<
+  TSchemaIn extends z.ZodTypeAny = z.ZodTypeAny,
+  TSchemaOut extends z.ZodTypeAny | undefined = undefined,
+> {
+  id: string;
+  description?: string;
+  inputSchema: TSchemaIn;
+  outputSchema?: TSchemaOut;
+  execute(
+    context: ToolExecutionContext<TSchemaIn>,
+  ): TSchemaOut extends z.ZodSchema
+    ? Promise<z.infer<TSchemaOut>>
+    : Promise<unknown>;
+}
+
+/**
+ * Streamable tool interface for tools that return Response streams.
+ */
+export interface StreamableTool<TSchemaIn extends z.ZodSchema = z.ZodSchema> {
+  id: string;
+  inputSchema: TSchemaIn;
+  streamable?: true;
+  description?: string;
+  execute(input: ToolExecutionContext<TSchemaIn>): Promise<Response>;
+}
+
+/**
+ * CreatedTool is a permissive type that any Tool or StreamableTool can be assigned to.
+ * Uses a structural type with relaxed execute signature to allow tools with any schema.
+ */
+export type CreatedTool = {
+  id: string;
+  description?: string;
+  inputSchema: z.ZodTypeAny;
+  outputSchema?: z.ZodTypeAny;
+  streamable?: true;
+  // Use a permissive execute signature - accepts any context shape
+  execute(context: {
+    context: unknown;
+    runtimeContext: AppContext;
+  }): Promise<unknown>;
+};
+
+/**
+ * creates a private tool that always ensure for athentication before being executed
+ */
+export function createPrivateTool<
+  TSchemaIn extends z.ZodSchema = z.ZodSchema,
+  TSchemaOut extends z.ZodSchema | undefined = undefined,
+>(opts: Tool<TSchemaIn, TSchemaOut>): Tool<TSchemaIn, TSchemaOut> {
+  const execute = opts.execute;
+  if (typeof execute === "function") {
+    opts.execute = (input: ToolExecutionContext<TSchemaIn>) => {
+      const env = input.runtimeContext.env;
+      if (env) {
+        env.MESH_REQUEST_CONTEXT?.ensureAuthenticated();
+      }
+      return execute(input);
+    };
+  }
+  return createTool(opts);
+}
+
+export function createStreamableTool<
+  TSchemaIn extends z.ZodSchema = z.ZodSchema,
+>(streamableTool: StreamableTool<TSchemaIn>): StreamableTool<TSchemaIn> {
+  return {
+    ...streamableTool,
+    execute: (input: ToolExecutionContext<TSchemaIn>) => {
+      const env = input.runtimeContext.env;
+      if (env) {
+        env.MESH_REQUEST_CONTEXT?.ensureAuthenticated();
+      }
+      return streamableTool.execute({
+        ...input,
+        runtimeContext: createRuntimeContext(input.runtimeContext),
+      });
+    },
+  };
+}
+
+export function createTool<
+  TSchemaIn extends z.ZodSchema = z.ZodSchema,
+  TSchemaOut extends z.ZodSchema | undefined = undefined,
+>(opts: Tool<TSchemaIn, TSchemaOut>): Tool<TSchemaIn, TSchemaOut> {
+  return {
+    ...opts,
+    execute: (input: ToolExecutionContext<TSchemaIn>) => {
+      return opts.execute({
+        ...input,
+        runtimeContext: createRuntimeContext(input.runtimeContext),
+      });
+    },
+  };
+}
+
+export interface ViewExport {
+  title: string;
+  icon: string;
+  url: string;
+  tools?: string[];
+  rules?: string[];
+  installBehavior?: "none" | "open" | "autoPin";
+}
+
+export interface Integration {
+  id: string;
+  appId: string;
+}
+
+export function isStreamableTool(
+  tool: CreatedTool,
+): tool is StreamableTool & CreatedTool {
+  return tool && "streamable" in tool && tool.streamable === true;
+}
+
+export interface CreateMCPServerOptions<
+  Env = unknown,
+  TSchema extends z.ZodTypeAny = never,
+> {
+  before?: (env: Env & DefaultEnv<TSchema>) => Promise<void> | void;
+  configuration?: {
+    state?: TSchema;
+    scopes?: string[];
+  };
+  tools?:
+    | Array<
+        (
+          env: Env & DefaultEnv<TSchema>,
+        ) =>
+          | Promise<CreatedTool>
+          | CreatedTool
+          | CreatedTool[]
+          | Promise<CreatedTool[]>
+      >
+    | ((
+        env: Env & DefaultEnv<TSchema>,
+      ) => CreatedTool[] | Promise<CreatedTool[]>);
+}
+
+export type Fetch<TEnv = unknown> = (
+  req: Request,
+  env: TEnv,
+  ctx: ExecutionContext,
+) => Promise<Response> | Response;
+
+export interface AppContext<TEnv extends DefaultEnv = DefaultEnv> {
+  env: TEnv;
+  ctx: { waitUntil: (promise: Promise<unknown>) => void };
+  req?: Request;
+}
+
+const decoChatOAuthToolsFor = <TSchema extends z.ZodTypeAny = never>({
+  state: schema,
+  scopes,
+}: CreateMCPServerOptions<
+  unknown,
+  TSchema
+>["configuration"] = {}): CreatedTool[] => {
+  const jsonSchema = schema
+    ? zodToJsonSchema(schema)
+    : { type: "object", properties: {} };
+  return [
+    // MESH API support
+    createTool({
+      id: "MCP_CONFIGURATION",
+      description: "MCP Configuration",
+      inputSchema: z.object({}),
+      outputSchema: z.object({
+        stateSchema: z.unknown(),
+        scopes: z.array(z.string()).optional(),
+      }),
+      execute: () => {
+        return Promise.resolve({
+          stateSchema: jsonSchema,
+          scopes,
+        });
+      },
+    }),
+  ];
+};
+
+type CallTool = (opts: {
+  toolCallId: string;
+  toolCallInput: unknown;
+}) => Promise<unknown>;
+
+export type MCPServer<TEnv = unknown, TSchema extends z.ZodTypeAny = never> = {
+  fetch: Fetch<TEnv & DefaultEnv<TSchema>>;
+  callTool: CallTool;
+};
+
+export const createMCPServer = <
+  TEnv = unknown,
+  TSchema extends z.ZodTypeAny = never,
+>(
+  options: CreateMCPServerOptions<TEnv, TSchema>,
+): MCPServer<TEnv, TSchema> => {
+  const createServer = async (bindings: TEnv & DefaultEnv<TSchema>) => {
+    await options.before?.(bindings);
+
+    const server = new McpServer(
+      { name: "@deco/mcp-api", version: "1.0.0" },
+      { capabilities: { tools: {} } },
+    );
+
+    const toolsFn =
+      typeof options.tools === "function"
+        ? options.tools
+        : async (bindings: TEnv & DefaultEnv<TSchema>) => {
+            if (typeof options.tools === "function") {
+              return await options.tools(bindings);
+            }
+            return await Promise.all(
+              options.tools?.flatMap(async (tool) => {
+                const toolResult = tool(bindings);
+                const awaited = await toolResult;
+                if (Array.isArray(awaited)) {
+                  return awaited;
+                }
+                return [awaited];
+              }) ?? [],
+            ).then((t) => t.flat());
+          };
+    const tools = await toolsFn(bindings);
+
+    tools.push(...decoChatOAuthToolsFor<TSchema>(options.configuration));
+
+    for (const tool of tools) {
+      server.registerTool(
+        tool.id,
+        {
+          _meta: {
+            streamable: isStreamableTool(tool),
+          },
+          description: tool.description,
+          inputSchema:
+            tool.inputSchema && "shape" in tool.inputSchema
+              ? (tool.inputSchema.shape as z.ZodRawShape)
+              : z.object({}).shape,
+          outputSchema: isStreamableTool(tool)
+            ? z.object({ bytes: z.record(z.string(), z.number()) }).shape
+            : tool.outputSchema &&
+                typeof tool.outputSchema === "object" &&
+                "shape" in tool.outputSchema
+              ? (tool.outputSchema.shape as z.ZodRawShape)
+              : z.object({}).shape,
+        },
+        async (args) => {
+          let result = await tool.execute({
+            context: args,
+            runtimeContext: createRuntimeContext(),
+          });
+
+          if (isStreamableTool(tool) && result instanceof Response) {
+            result = { bytes: await result.bytes() };
+          }
+          return {
+            structuredContent: result as Record<string, unknown>,
+            content: [
+              {
+                type: "text",
+                text: JSON.stringify(result),
+              },
+            ],
+          };
+        },
+      );
+    }
+
+    return { server, tools };
+  };
+
+  const fetch = async (
+    req: Request,
+    env: TEnv & DefaultEnv<TSchema>,
+    _ctx: ExecutionContext,
+  ) => {
+    const { server } = await createServer(env);
+    const transport = new HttpServerTransport();
+
+    await server.connect(transport);
+
+    return await transport.handleMessage(req);
+  };
+
+  const callTool: CallTool = async ({ toolCallId, toolCallInput }) => {
+    const currentState = State.getStore();
+    if (!currentState) {
+      throw new Error("Missing state, did you forget to call State.bind?");
+    }
+    const env = currentState?.env;
+    const { tools } = await createServer(env as TEnv & DefaultEnv<TSchema>);
+    const tool = tools.find((t) => t.id === toolCallId);
+    const execute = tool?.execute;
+    if (!execute) {
+      throw new Error(
+        `Tool ${toolCallId} not found or does not have an execute function`,
+      );
+    }
+
+    return execute({
+      context: toolCallInput,
+      runtimeContext: createRuntimeContext(),
+    });
+  };
+
+  return {
+    fetch,
+    callTool,
+  };
+};

package/src/wrangler.ts

@@ -2,20 +2,20 @@ export interface BindingBase {
   name: string;
 }
 
-export interface MCPIntegrationIdBinding extends BindingBase {
+export interface MCPConnectionBinding extends BindingBase {
   type: "mcp";
   /**
    * If not provided, will return a function that takes the integration id and return the binding implementation..
    */
-  integration_id: string;
+  connection_id: string;
 }
 
-export interface MCPIntegrationNameBinding extends BindingBase {
+export interface MCPAppBinding extends BindingBase {
   type: "mcp";
   /**
    * The name of the integration to bind.
    */
-  integration_name: string;
+  app_name: string;
 }
 export interface ContractClause {
   id: string;
@@ -36,7 +36,7 @@ export interface ContractBinding extends BindingBase {
   contract: Contract;
 }
 
-export type MCPBinding = MCPIntegrationIdBinding | MCPIntegrationNameBinding;
+export type MCPBinding = MCPConnectionBinding | MCPAppBinding;
 
 export type Binding = MCPBinding | ContractBinding;
 

package/tsconfig.json

@@ -1,7 +1,7 @@
 {
   "extends": "../../tsconfig.json",
   "compilerOptions": {
-    "types": ["@cloudflare/workers-types"]
+    "types": ["@cloudflare/workers-types", "@types/node"]
   },
   "include": ["src/**/*"],
   "exclude": ["node_modules", "dist", "scripts/**/*"]

package/src/admin.ts

@@ -1,16 +0,0 @@
-import { createChannel } from "bidc";
-
-export const requestMissingScopes = ({ scopes }: { scopes: string[] }) => {
-  try {
-    const channel = createChannel();
-    channel.send({
-      type: "request_missing_scopes",
-      payload: {
-        scopes,
-      },
-    });
-    channel.cleanup();
-  } catch (error) {
-    console.error("Failed to request missing scopes", error);
-  }
-};

package/src/auth.ts

@@ -1,233 +0,0 @@
-import { JWK, jwtVerify } from "jose";
-import type { DefaultEnv } from "./index.ts";
-
-const DECO_APP_AUTH_COOKIE_NAME = "deco_page_auth";
-const MAX_COOKIE_SIZE = 4000; // Leave some buffer below the 4096 limit
-
-export interface State {
-  next?: string;
-}
-
-export const StateParser = {
-  parse: (state: string) => {
-    return JSON.parse(decodeURIComponent(atob(state))) as State;
-  },
-  stringify: (state: State) => {
-    return btoa(encodeURIComponent(JSON.stringify(state)));
-  },
-};
-
-// Helper function to chunk a value into multiple cookies
-const chunkValue = (value: string): string[] => {
-  if (value.length <= MAX_COOKIE_SIZE) {
-    return [value];
-  }
-
-  const chunks: string[] = [];
-  for (let i = 0; i < value.length; i += MAX_COOKIE_SIZE) {
-    chunks.push(value.slice(i, i + MAX_COOKIE_SIZE));
-  }
-  return chunks;
-};
-
-// Helper function to reassemble chunked cookies
-const reassembleChunkedCookies = (
-  cookies: Record<string, string>,
-  baseName: string,
-): string | undefined => {
-  // First try the base cookie (non-chunked)
-  if (cookies[baseName]) {
-    return cookies[baseName];
-  }
-
-  // Try to reassemble from chunks
-  const chunks: string[] = [];
-  let index = 0;
-
-  while (true) {
-    const chunkName = `${baseName}_${index}`;
-    if (!cookies[chunkName]) {
-      break;
-    }
-    chunks.push(cookies[chunkName]);
-    index++;
-  }
-
-  return chunks.length > 0 ? chunks.join("") : undefined;
-};
-
-// Helper function to parse cookies from request
-const parseCookies = (cookieHeader: string): Record<string, string> => {
-  const cookies: Record<string, string> = {};
-  if (!cookieHeader) return cookies;
-
-  cookieHeader.split(";").forEach((cookie) => {
-    const [name, ...rest] = cookie.trim().split("=");
-    if (name && rest.length > 0) {
-      cookies[name] = decodeURIComponent(rest.join("="));
-    }
-  });
-
-  return cookies;
-};
-
-const parseJWK = (jwk: string): JWK => JSON.parse(atob(jwk)) as JWK;
-
-export const getReqToken = async (req: Request, env: DefaultEnv) => {
-  const token = () => {
-    // First try to get token from Authorization header
-    const authHeader = req.headers.get("Authorization");
-    if (authHeader) {
-      return authHeader.split(" ")[1];
-    }
-
-    // If not found, try to get from cookie
-    const cookieHeader = req.headers.get("Cookie");
-    if (cookieHeader) {
-      const cookies = parseCookies(cookieHeader);
-      return reassembleChunkedCookies(cookies, DECO_APP_AUTH_COOKIE_NAME);
-    }
-
-    return undefined;
-  };
-
-  const authToken = token();
-  if (!authToken) {
-    return undefined;
-  }
-
-  env.DECO_API_JWT_PUBLIC_KEY &&
-    (await jwtVerify(authToken, parseJWK(env.DECO_API_JWT_PUBLIC_KEY), {
-      issuer: "https://api.decocms.com",
-      algorithms: ["RS256"],
-      typ: "JWT",
-    }).catch((err) => {
-      console.error(
-        `[auth-token]: error validating: ${err} ${env.DECO_API_JWT_PUBLIC_KEY}`,
-      );
-    }));
-
-  return authToken;
-};
-
-export interface AuthCallbackOptions {
-  apiUrl?: string;
-  appName: string;
-}
-
-export const handleAuthCallback = async (
-  req: Request,
-  options: AuthCallbackOptions,
-): Promise<Response> => {
-  const url = new URL(req.url);
-  const code = url.searchParams.get("code");
-  const state = url.searchParams.get("state");
-
-  if (!code) {
-    return new Response("Missing authorization code", { status: 400 });
-  }
-
-  // Parse state to get the next URL
-  let next = "/";
-  if (state) {
-    try {
-      const parsedState = StateParser.parse(state);
-      next = parsedState.next || "/";
-    } catch {
-      // ignore parse errors
-    }
-  }
-
-  try {
-    // Exchange code for token
-    const apiUrl = options.apiUrl ?? "https://api.decocms.com";
-    const exchangeResponse = await fetch(`${apiUrl}/apps/code-exchange`, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-      },
-      body: JSON.stringify({
-        code,
-        client_id: options.appName,
-      }),
-    });
-
-    if (!exchangeResponse.ok) {
-      console.error(
-        "authentication failed",
-        code,
-        options.appName,
-        await exchangeResponse.text().catch((_) => ""),
-      );
-      return new Response("Authentication failed", { status: 401 });
-    }
-
-    const { access_token } = (await exchangeResponse.json()) as {
-      access_token: string;
-    };
-
-    if (!access_token) {
-      return new Response("No access token received", { status: 401 });
-    }
-
-    // Chunk the token if it's too large
-    const chunks = chunkValue(access_token);
-    const headers = new Headers();
-    headers.set("Location", next);
-
-    // Set cookies for each chunk
-    if (chunks.length === 1) {
-      // Single cookie for small tokens
-      headers.set(
-        "Set-Cookie",
-        `${DECO_APP_AUTH_COOKIE_NAME}=${access_token}; HttpOnly; SameSite=None; Secure; Path=/`,
-      );
-    } else {
-      // Multiple cookies for large tokens
-      chunks.forEach((chunk, index) => {
-        headers.append(
-          "Set-Cookie",
-          `${DECO_APP_AUTH_COOKIE_NAME}_${index}=${chunk}; HttpOnly; SameSite=None; Secure; Path=/`,
-        );
-      });
-    }
-
-    return new Response(null, {
-      status: 302,
-      headers,
-    });
-  } catch (err) {
-    return new Response(`Authentication failed ${err}`, { status: 500 });
-  }
-};
-
-const removeAuthCookie = (headers: Headers) => {
-  // Clear the base cookie
-  headers.append(
-    "Set-Cookie",
-    `${DECO_APP_AUTH_COOKIE_NAME}=; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=0`,
-  );
-
-  // Clear all potential chunked cookies
-  // We'll try to clear up to 10 chunks (which would support tokens up to 40KB)
-  // This is a reasonable upper limit
-  for (let i = 0; i < 10; i++) {
-    headers.append(
-      "Set-Cookie",
-      `${DECO_APP_AUTH_COOKIE_NAME}_${i}=; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=0`,
-    );
-  }
-};
-
-export const handleLogout = (req: Request) => {
-  const url = new URL(req.url);
-  const next = url.searchParams.get("next");
-  const redirectTo = new URL("/", url);
-  const headers = new Headers();
-  removeAuthCookie(headers);
-  headers.set("Location", next ?? redirectTo.href);
-  return new Response(null, {
-    status: 302,
-    headers,
-  });
-};