@decocms/runtime 1.0.0-alpha.2 → 1.0.0-alpha.21

package/src/bindings/language-model/utils.ts

@@ -25,94 +25,3 @@ export function streamToResponse(
     },
   });
 }
-
-export function responseToStream(
-  response: Response,
-): ReadableStream<LanguageModelV2StreamPart> {
-  if (!response.body) {
-    throw new Error("Response body is null");
-  }
-
-  return response.body.pipeThrough(new TextDecoderStream()).pipeThrough(
-    new TransformStream<string, LanguageModelV2StreamPart>({
-      transform(chunk, controller) {
-        // Split by newlines and parse each line
-        const lines = chunk.split("\n");
-
-        for (const line of lines) {
-          if (line.trim()) {
-            try {
-              const parsed = JSON.parse(line) as LanguageModelV2StreamPart;
-              controller.enqueue(parsed);
-            } catch (error) {
-              console.error("Failed to parse stream chunk:", error);
-            }
-          }
-        }
-      },
-    }),
-  );
-}
-
-/**
- * Lazy promise wrapper that defers execution until the promise is awaited.
- * The factory function is only called when .then() is invoked for the first time.
- */
-class Lazy<T> implements PromiseLike<T> {
-  private promise: Promise<T> | null = null;
-
-  constructor(private factory: () => Promise<T>) {}
-
-  private getOrCreatePromise(): Promise<T> {
-    if (!this.promise) {
-      this.promise = this.factory();
-    }
-    return this.promise;
-  }
-
-  // eslint-disable-next-line no-thenable
-  then<TResult1 = T, TResult2 = never>(
-    onfulfilled?:
-      | ((value: T) => TResult1 | PromiseLike<TResult1>)
-      | null
-      | undefined,
-    onrejected?:
-      | ((reason: unknown) => TResult2 | PromiseLike<TResult2>)
-      | null
-      | undefined,
-  ): PromiseLike<TResult1 | TResult2> {
-    return this.getOrCreatePromise().then(onfulfilled, onrejected);
-  }
-
-  catch<TResult = never>(
-    onrejected?:
-      | ((reason: unknown) => TResult | PromiseLike<TResult>)
-      | null
-      | undefined,
-  ): Promise<T | TResult> {
-    return this.getOrCreatePromise().catch(onrejected);
-  }
-
-  finally(onfinally?: (() => void) | null | undefined): Promise<T> {
-    return this.getOrCreatePromise().finally(onfinally);
-  }
-}
-
-/**
- * Creates a lazy promise that only executes when awaited.
- *
- * @param factory - A function that returns a Promise<T>
- * @returns A Promise-like object that defers execution until .then() is called
- *
- * @example
- * ```ts
- * const lazyData = lazy(() => fetchExpensiveData());
- * // fetchExpensiveData() is NOT called yet
- *
- * const result = await lazyData;
- * // fetchExpensiveData() is called NOW
- * ```
- */
-export function lazy<T>(factory: () => Promise<T>): Promise<T> {
-  return new Lazy(factory) as unknown as Promise<T>;
-}

package/src/bindings.ts

@@ -4,89 +4,22 @@ import { MCPClient } from "./mcp.ts";
 import type {
   BindingBase,
   ContractBinding,
+  MCPAppBinding,
   MCPBinding,
-  MCPIntegrationNameBinding,
 } from "./wrangler.ts";
 
-interface IntegrationContext {
-  integrationId: string;
-  workspace: string;
-  branch?: string;
-  decoCmsApiUrl?: string;
-}
-
-const normalizeWorkspace = (workspace: string) => {
-  if (workspace.startsWith("/users")) {
-    return workspace;
-  }
-  if (workspace.startsWith("/shared")) {
-    return workspace;
-  }
-  if (workspace.includes("/")) {
-    return workspace;
-  }
-  return `/shared/${workspace}`;
-};
-
-/**
- * Url: /apps/mcp?appName=$appName
- */
-const createAppsUrl = ({
-  appName,
-  decoChatApiUrl,
-}: {
-  appName: string;
-  decoChatApiUrl?: string;
-}) =>
-  new URL(
-    `/apps/mcp?appName=${appName}`,
-    decoChatApiUrl ?? "https://api.decocms.com",
-  ).href;
-/**
- * Url: /:workspace.root/:workspace.slug/:integrationId/mcp
- */
-const createIntegrationsUrl = ({
-  integrationId,
-  workspace,
-  decoCmsApiUrl,
-  branch,
-}: IntegrationContext) => {
-  const base = `${normalizeWorkspace(workspace)}/${integrationId}/mcp`;
-  const url = new URL(base, decoCmsApiUrl ?? "https://api.decocms.com");
-  branch && url.searchParams.set("branch", branch);
-  return url.href;
-};
-
-type WorkspaceClientContext = Omit<
+type ClientContext = Omit<
   RequestContext,
   "ensureAuthenticated" | "state" | "fetchIntegrationMetadata"
 >;
-export const workspaceClient = (
-  ctx: WorkspaceClientContext,
-  decocmsApiUrl?: string,
-): ReturnType<(typeof MCPClient)["forWorkspace"]> => {
-  return MCPClient.forWorkspace(ctx.workspace, ctx.token, decocmsApiUrl);
-};
-
-const mcpClientForAppName = (appName: string, decoChatApiUrl?: string) => {
-  const mcpConnection: MCPConnection = {
-    type: "HTTP",
-    url: createAppsUrl({
-      appName,
-      decoChatApiUrl,
-    }),
-  };
-
-  return MCPClient.forConnection(mcpConnection, decoChatApiUrl);
-};
 
 export const proxyConnectionForId = (
-  integrationId: string,
-  ctx: Omit<WorkspaceClientContext, "token"> & {
+  connectionId: string,
+  ctx: Omit<ClientContext, "token"> & {
     token?: string;
     cookie?: string;
+    meshUrl: string;
   },
-  decocmsApiUrl?: string,
   appName?: string,
 ): MCPConnection => {
   let headers: Record<string, string> | undefined = appName
@@ -98,55 +31,39 @@ export const proxyConnectionForId = (
   }
   return {
     type: "HTTP",
-    url: createIntegrationsUrl({
-      integrationId,
-      workspace: ctx.workspace,
-      decoCmsApiUrl: decocmsApiUrl,
-      branch: ctx.branch,
-    }),
+    url: new URL(`/mcp/${connectionId}`, ctx.meshUrl).href,
     token: ctx.token,
     headers,
   };
 };
-const mcpClientForIntegrationId = (
-  integrationId: string,
-  ctx: WorkspaceClientContext,
-  decocmsApiUrl?: string,
+const mcpClientForConnectionId = (
+  connectionId: string,
+  ctx: ClientContext,
   appName?: string,
 ) => {
-  const mcpConnection = proxyConnectionForId(
-    integrationId,
-    ctx,
-    decocmsApiUrl,
-    appName,
-  );
+  const mcpConnection = proxyConnectionForId(connectionId, ctx, appName);
 
   // TODO(@igorbrasileiro): Switch this proxy to be a proxy that call MCP Client.toolCall from @modelcontextprotocol
-  return MCPClient.forConnection(mcpConnection, decocmsApiUrl);
+  return MCPClient.forConnection(mcpConnection);
 };
 
 function mcpClientFromState(
-  binding: BindingBase | MCPIntegrationNameBinding,
+  binding: BindingBase | MCPAppBinding,
   env: DefaultEnv,
 ) {
-  const ctx = env.DECO_REQUEST_CONTEXT;
+  const ctx = env.MESH_REQUEST_CONTEXT;
   const bindingFromState = ctx?.state?.[binding.name];
-  const integrationId =
+  const connectionId =
     bindingFromState &&
     typeof bindingFromState === "object" &&
     "value" in bindingFromState
       ? bindingFromState.value
       : undefined;
-  if (typeof integrationId !== "string" && "integration_name" in binding) {
+  if (typeof connectionId !== "string" && "app_name" in binding) {
     // in case of a binding to an app name, we need to use the new apps/mcp endpoint which will proxy the request to the app but without any token
-    return mcpClientForAppName(binding.integration_name, env.DECO_API_URL);
+    return undefined;
   }
-  return mcpClientForIntegrationId(
-    integrationId,
-    ctx,
-    env.DECO_API_URL,
-    env.DECO_APP_NAME,
-  );
+  return mcpClientForConnectionId(connectionId, ctx);
 }
 
 export const createContractBinding = (
@@ -160,20 +77,24 @@ export const createIntegrationBinding = (
   binding: MCPBinding,
   env: DefaultEnv,
 ) => {
-  const integrationId =
-    "integration_id" in binding ? binding.integration_id : undefined;
-  if (!integrationId) {
+  const connectionId =
+    "connection_id" in binding ? binding.connection_id : undefined;
+  if (!connectionId) {
     return mcpClientFromState(binding, env);
   }
+  if (!env.MESH_RUNTIME_TOKEN) {
+    throw new Error("MESH_RUNTIME_TOKEN is required");
+  }
+  if (!env.MESH_URL) {
+    throw new Error("MESH_URL is required");
+  }
   // bindings pointed to an specific integration id are binded using the app deployment workspace
-  return mcpClientForIntegrationId(
-    integrationId,
+  return mcpClientForConnectionId(
+    connectionId,
     {
-      workspace: env.DECO_WORKSPACE,
-      token: env.DECO_API_TOKEN,
-      branch: env.DECO_REQUEST_CONTEXT?.branch,
+      token: env.MESH_RUNTIME_TOKEN,
+      meshUrl: env.MESH_URL,
     },
-    env.DECO_API_URL,
-    env.DECO_APP_NAME,
+    env.MESH_APP_NAME,
   );
 };

package/src/client.ts

@@ -1,35 +1,3 @@
-import { toAsyncIterator } from "./bindings/deconfig/helpers.ts";
-// Extract resource name from DECO_RESOURCE_${NAME}_READ pattern
-type ExtractResourceName<K> = K extends `DECO_RESOURCE_${infer Name}_READ`
-  ? Name
-  : never;
-
-// Generate SUBSCRIBE method name from resource name
-type SubscribeMethodName<Name extends string> =
-  `DECO_RESOURCE_${Name}_SUBSCRIBE`;
-
-// Extract data type from READ method return type
-type ExtractReadData<T> = T extends Promise<{ data: infer D }>
-  ? D
-  : T extends { data: infer D }
-    ? D
-    : never;
-
-// Generate all SUBSCRIBE method names for a given type
-type SubscribeMethods<T> = {
-  [K in keyof T as K extends `DECO_RESOURCE_${string}_READ`
-    ? SubscribeMethodName<ExtractResourceName<K>>
-    : never]: K extends `DECO_RESOURCE_${string}_READ`
-    ? // oxlint-disable-next-line no-explicit-any
-      T[K] extends (...args: any) => any
-      ? (args: { id: string } | { uri: string }) => AsyncIterableIterator<{
-          uri: string;
-          data: ExtractReadData<Awaited<ReturnType<T[K]>>>;
-        }>
-      : never
-    : never;
-};
-
 export type MCPClient<T> = {
   // oxlint-disable-next-line no-explicit-any
   [K in keyof T]: T[K] extends (...args: any) => any
@@ -38,7 +6,7 @@ export type MCPClient<T> = {
         init?: CustomInit,
       ) => Promise<Awaited<ReturnType<T[K]>>>
     : never;
-} & SubscribeMethods<T>;
+};
 
 export type CustomInit = RequestInit & {
   handleResponse?: (response: Response) => Promise<unknown>;
@@ -53,123 +21,11 @@ export const DEFAULT_INIT: CustomInit = {
   },
 };
 
-/**
- * Helper function to call an MCP tool via fetch
- */
-async function callMCPTool<T = unknown>(
-  methodName: string,
-  args: unknown,
-  init?: CustomInit,
-): Promise<T> {
-  const mergedInit: CustomInit = {
-    ...init,
-    headers: {
-      ...DEFAULT_INIT.headers,
-      ...init?.headers,
-    },
-  };
-
-  const response = await fetch(`/mcp/call-tool/${methodName}`, {
-    method: "POST",
-    body: JSON.stringify(args),
-    credentials: "include",
-    ...mergedInit,
-  });
-
-  if (!response.ok) {
-    throw new Error(`Failed to call ${methodName}: ${response.statusText}`);
-  }
-
-  return response.json() as Promise<T>;
-}
-
-/**
- * Creates a subscribe method for a resource that returns an async iterator
- * yielding {uri, data} objects as resources are updated.
- */
-function createSubscribeMethod(
-  resourceName: string,
-  init?: CustomInit,
-): (args: { id: string }) => AsyncIterableIterator<{
-  uri: string;
-  data: unknown;
-}> {
-  return async function* (args: { id: string } | { uri: string }) {
-    // Step 1: Call DESCRIBE to get watch endpoint configuration and URI template
-    const describeMethodName = `DECO_RESOURCE_${resourceName}_DESCRIBE`;
-    const readMethodName = `DECO_RESOURCE_${resourceName}_READ`;
-
-    // Get describe information
-    const describeData = await callMCPTool<{
-      uriTemplate?: string;
-      features?: {
-        watch?: {
-          pathname?: string;
-        };
-      };
-    }>(describeMethodName, {}, init);
-
-    const watchPathname = describeData?.features?.watch?.pathname;
-    const uriTemplate = describeData?.uriTemplate;
-
-    if (!watchPathname) {
-      throw new Error(
-        `Resource ${resourceName} does not support watch functionality`,
-      );
-    }
-
-    if (!uriTemplate) {
-      throw new Error(`Resource ${resourceName} does not provide uriTemplate`);
-    }
-
-    // Step 2: Construct URI from template by replacing * with id
-    const resourceUri =
-      "uri" in args ? args.uri : uriTemplate.replace("*", args.id);
-
-    // Step 3: Construct watch URL and create EventSource
-    const watchUrl = new URL(watchPathname, globalThis.location.origin);
-    watchUrl.searchParams.set("uri", resourceUri);
-
-    const eventSource = new EventSource(watchUrl.href);
-
-    // Step 4: Use toAsyncIterator to consume SSE events and enrich with READ data
-    const eventStream = toAsyncIterator<{ uri: string }>(
-      eventSource,
-      "message",
-    );
-
-    // Iterate over SSE events and enrich with full data
-    for await (const event of eventStream) {
-      const uri = event.uri;
-
-      if (uri) {
-        // Call READ to get full resource data
-        const readData = await callMCPTool<{ data: unknown }>(
-          readMethodName,
-          { uri },
-          init,
-        );
-
-        yield { uri, data: readData.data };
-      }
-    }
-  };
-}
-
 export const createClient = <T>(init?: CustomInit): MCPClient<T> => {
   return new Proxy(
     {},
     {
       get: (_, prop) => {
-        const propStr = String(prop);
-
-        // Check if this is a SUBSCRIBE method call
-        const subscribeMatch = propStr.match(/^DECO_RESOURCE_(.+)_SUBSCRIBE$/);
-        if (subscribeMatch) {
-          const resourceName = subscribeMatch[1];
-          return createSubscribeMethod(resourceName, init);
-        }
-
         // Regular method call
         return async (args: unknown, innerInit?: CustomInit) => {
           const mergedInit: CustomInit = {

package/src/cors.ts

@@ -0,0 +1,140 @@
+export type CORSOrigin =
+  | string
+  | string[]
+  | ((origin: string, req: Request) => string | null | undefined);
+
+export interface CORSOptions {
+  /**
+   * The value of "Access-Control-Allow-Origin" CORS header.
+   * Can be a string, array of strings, or a function that returns the allowed origin.
+   * @default '*'
+   */
+  origin?: CORSOrigin;
+  /**
+   * The value of "Access-Control-Allow-Methods" CORS header.
+   * @default ['GET', 'HEAD', 'PUT', 'POST', 'DELETE', 'PATCH']
+   */
+  allowMethods?: string[];
+  /**
+   * The value of "Access-Control-Allow-Headers" CORS header.
+   * @default []
+   */
+  allowHeaders?: string[];
+  /**
+   * The value of "Access-Control-Max-Age" CORS header (in seconds).
+   */
+  maxAge?: number;
+  /**
+   * The value of "Access-Control-Allow-Credentials" CORS header.
+   */
+  credentials?: boolean;
+  /**
+   * The value of "Access-Control-Expose-Headers" CORS header.
+   * @default []
+   */
+  exposeHeaders?: string[];
+}
+
+const DEFAULT_ALLOW_METHODS = ["GET", "HEAD", "PUT", "POST", "DELETE", "PATCH"];
+
+const resolveOrigin = (
+  origin: CORSOrigin | undefined,
+  requestOrigin: string | null,
+  req: Request,
+): string | null => {
+  if (!requestOrigin) return null;
+
+  if (origin === undefined || origin === "*") {
+    return "*";
+  }
+
+  if (typeof origin === "string") {
+    return origin === requestOrigin ? origin : null;
+  }
+
+  if (Array.isArray(origin)) {
+    return origin.includes(requestOrigin) ? requestOrigin : null;
+  }
+
+  if (typeof origin === "function") {
+    return origin(requestOrigin, req) ?? null;
+  }
+
+  return null;
+};
+
+const setCORSHeaders = (
+  headers: Headers,
+  req: Request,
+  options: CORSOptions,
+): void => {
+  const requestOrigin = req.headers.get("Origin");
+  const allowedOrigin = resolveOrigin(options.origin, requestOrigin, req);
+
+  if (allowedOrigin) {
+    headers.set("Access-Control-Allow-Origin", allowedOrigin);
+  }
+
+  if (options.credentials) {
+    headers.set("Access-Control-Allow-Credentials", "true");
+  }
+
+  if (options.exposeHeaders?.length) {
+    headers.set(
+      "Access-Control-Expose-Headers",
+      options.exposeHeaders.join(", "),
+    );
+  }
+};
+
+export const handlePreflight = (
+  req: Request,
+  options: CORSOptions,
+): Response => {
+  const headers = new Headers();
+  const requestOrigin = req.headers.get("Origin");
+  const allowedOrigin = resolveOrigin(options.origin, requestOrigin, req);
+
+  if (allowedOrigin) {
+    headers.set("Access-Control-Allow-Origin", allowedOrigin);
+  }
+
+  if (options.credentials) {
+    headers.set("Access-Control-Allow-Credentials", "true");
+  }
+
+  const allowMethods = options.allowMethods ?? DEFAULT_ALLOW_METHODS;
+  headers.set("Access-Control-Allow-Methods", allowMethods.join(", "));
+
+  const requestHeaders = req.headers.get("Access-Control-Request-Headers");
+  if (options.allowHeaders?.length) {
+    headers.set(
+      "Access-Control-Allow-Headers",
+      options.allowHeaders.join(", "),
+    );
+  } else if (requestHeaders) {
+    // Mirror the requested headers if no explicit allowHeaders configured
+    headers.set("Access-Control-Allow-Headers", requestHeaders);
+  }
+
+  if (options.maxAge !== undefined) {
+    headers.set("Access-Control-Max-Age", options.maxAge.toString());
+  }
+
+  return new Response(null, { status: 204, headers });
+};
+
+export const withCORS = (
+  response: Response,
+  req: Request,
+  options: CORSOptions,
+): Response => {
+  const newHeaders = new Headers(response.headers);
+  setCORSHeaders(newHeaders, req, options);
+
+  return new Response(response.body, {
+    status: response.status,
+    statusText: response.statusText,
+    headers: newHeaders,
+  });
+};