@decocms/runtime 1.0.0-alpha.5 → 1.0.0

package/src/bindings.ts

@@ -1,92 +1,104 @@
+import { CollectionBinding } from "packages/bindings/src/well-known/collections.ts";
 import type { MCPConnection } from "./connection.ts";
-import type { DefaultEnv, RequestContext } from "./index.ts";
-import { MCPClient } from "./mcp.ts";
-import type {
-  BindingBase,
-  ContractBinding,
-  MCPBinding,
-  MCPIntegrationNameBinding,
-} from "./wrangler.ts";
-
-interface IntegrationContext {
-  integrationId: string;
-  workspace: string;
-  branch?: string;
-  decoCmsApiUrl?: string;
-}
+import type { RequestContext } from "./index.ts";
+import { type MCPClientFetchStub, MCPClient, type ToolBinder } from "./mcp.ts";
+import { z } from "zod";
 
-const normalizeWorkspace = (workspace: string) => {
-  if (workspace.startsWith("/users")) {
-    return workspace;
-  }
-  if (workspace.startsWith("/shared")) {
-    return workspace;
-  }
-  if (workspace.includes("/")) {
-    return workspace;
-  }
-  return `/shared/${workspace}`;
-};
+type ClientContext = Omit<
+  RequestContext,
+  "ensureAuthenticated" | "state" | "fetchIntegrationMetadata"
+>;
+
+export interface Binding<TType extends string = string> {
+  __type: TType;
+  value: string;
+}
 
 /**
- * Url: /apps/mcp?appName=$appName
+ * A registry mapping binding type strings (e.g. "@deco/database") to their ToolBinder definitions.
+ * Used by ResolvedBindings to resolve binding types to their corresponding MCP client types.
+ *
+ * @example
+ * ```ts
+ * type MyBindings = {
+ *   "@deco/database": typeof DATABASE_BINDING;
+ *   "@deco/storage": typeof STORAGE_BINDING;
+ * };
+ * ```
  */
-const createAppsUrl = ({
-  appName,
-  decoChatApiUrl,
-}: {
-  appName: string;
-  decoChatApiUrl?: string;
-}) =>
-  new URL(
-    `/apps/mcp?appName=${appName}`,
-    decoChatApiUrl ?? "https://api.decocms.com",
-  ).href;
+export type BindingRegistry = Record<string, readonly ToolBinder[]>;
+
 /**
- * Url: /:workspace.root/:workspace.slug/:integrationId/mcp
+ * Function that returns Zod Schema
  */
-const createIntegrationsUrl = ({
-  integrationId,
-  workspace,
-  decoCmsApiUrl,
-  branch,
-}: IntegrationContext) => {
-  const base = `${normalizeWorkspace(workspace)}/${integrationId}/mcp`;
-  const url = new URL(base, decoCmsApiUrl ?? "https://api.decocms.com");
-  branch && url.searchParams.set("branch", branch);
-  return url.href;
-};
-
-type WorkspaceClientContext = Omit<
-  RequestContext,
-  "ensureAuthenticated" | "state" | "fetchIntegrationMetadata"
->;
-export const workspaceClient = (
-  ctx: WorkspaceClientContext,
-  decocmsApiUrl?: string,
-): ReturnType<(typeof MCPClient)["forWorkspace"]> => {
-  return MCPClient.forWorkspace(ctx.workspace, ctx.token, decocmsApiUrl);
+export const BindingOf = <
+  TRegistry extends BindingRegistry,
+  TName extends keyof TRegistry | "*",
+>(
+  name: TName,
+) => {
+  return z.object({
+    __type: z.literal<TName>(name).default(name),
+    value: z.string(),
+  });
 };
 
-const mcpClientForAppName = (appName: string, decoChatApiUrl?: string) => {
-  const mcpConnection: MCPConnection = {
-    type: "HTTP",
-    url: createAppsUrl({
-      appName,
-      decoChatApiUrl,
-    }),
-  };
+/**
+ * Recursively transforms a type T by replacing all Binding instances with their
+ * corresponding MCPClientFetchStub based on the __type field.
+ *
+ * @template T - The source type to transform
+ * @template TBindings - A registry mapping binding __type strings to ToolBinder definitions
+ *
+ * @example
+ * ```ts
+ * interface State {
+ *   db: Binding<"@deco/database">;
+ *   items: Array<Binding<"@deco/storage">>;
+ *   config: { nested: Binding<"@deco/config"> };
+ * }
+ *
+ * type Resolved = ResolvedBindings<State, {
+ *   "@deco/database": typeof DATABASE_BINDING;
+ *   "@deco/storage": typeof STORAGE_BINDING;
+ * }>;
+ * // Result:
+ * // {
+ * //   db: MCPClientFetchStub<typeof DATABASE_BINDING>;
+ * //   items: Array<MCPClientFetchStub<typeof STORAGE_BINDING>>;
+ * //   config: { nested: unknown }; // "@deco/config" not in registry
+ * // }
+ * ```
+ */
+export type ResolvedBindings<
+  T,
+  TBindings extends BindingRegistry,
+> = T extends Binding<infer TType>
+  ? TType extends keyof TBindings
+    ? MCPClientFetchStub<TBindings[TType]> & { __type: TType; value: string }
+    : MCPClientFetchStub<[]> & { __type: string; value: string }
+  : T extends Array<infer U>
+    ? Array<ResolvedBindings<U, TBindings>>
+    : T extends object
+      ? { [K in keyof T]: ResolvedBindings<T[K], TBindings> }
+      : T;
 
-  return MCPClient.forConnection(mcpConnection, decoChatApiUrl);
+export const isBinding = (v: unknown): v is Binding => {
+  return (
+    typeof v === "object" &&
+    v !== null &&
+    typeof (v as { __type: string }).__type === "string" &&
+    typeof (v as { value: string }).value === "string"
+  );
 };
 
 export const proxyConnectionForId = (
-  integrationId: string,
-  ctx: Omit<WorkspaceClientContext, "token"> & {
+  connectionId: string,
+  ctx: Omit<ClientContext, "token"> & {
     token?: string;
     cookie?: string;
+    meshUrl: string;
   },
-  decocmsApiUrl?: string,
   appName?: string,
 ): MCPConnection => {
   let headers: Record<string, string> | undefined = appName
@@ -98,82 +110,77 @@ export const proxyConnectionForId = (
   }
   return {
     type: "HTTP",
-    url: createIntegrationsUrl({
-      integrationId,
-      workspace: ctx.workspace,
-      decoCmsApiUrl: decocmsApiUrl,
-      branch: ctx.branch,
-    }),
+    url: new URL(`/mcp/${connectionId}`, ctx.meshUrl).href,
     token: ctx.token,
     headers,
   };
 };
-const mcpClientForIntegrationId = (
-  integrationId: string,
-  ctx: WorkspaceClientContext,
-  decocmsApiUrl?: string,
+
+const mcpClientForConnectionId = (
+  connectionId: string,
+  ctx: ClientContext,
   appName?: string,
 ) => {
-  const mcpConnection = proxyConnectionForId(
-    integrationId,
-    ctx,
-    decocmsApiUrl,
-    appName,
-  );
-
-  // TODO(@igorbrasileiro): Switch this proxy to be a proxy that call MCP Client.toolCall from @modelcontextprotocol
-  return MCPClient.forConnection(mcpConnection, decocmsApiUrl);
+  const mcpConnection = proxyConnectionForId(connectionId, ctx, appName);
+  return new Proxy(MCPClient.forConnection(mcpConnection), {
+    get(target, name) {
+      if (name === "value") {
+        return connectionId;
+      }
+      if (name === "__type") {
+        return appName;
+      }
+      return target[name as keyof typeof target];
+    },
+  });
 };
 
-function mcpClientFromState(
-  binding: BindingBase | MCPIntegrationNameBinding,
-  env: DefaultEnv,
-) {
-  const ctx = env.DECO_REQUEST_CONTEXT;
-  const bindingFromState = ctx?.state?.[binding.name];
-  const integrationId =
-    bindingFromState &&
-    typeof bindingFromState === "object" &&
-    "value" in bindingFromState
-      ? bindingFromState.value
-      : undefined;
-  if (typeof integrationId !== "string" && "integration_name" in binding) {
-    // in case of a binding to an app name, we need to use the new apps/mcp endpoint which will proxy the request to the app but without any token
-    return mcpClientForAppName(binding.integration_name, env.DECO_API_URL);
+const traverseAndReplace = (obj: unknown, ctx: ClientContext): unknown => {
+  // Handle null/undefined
+  if (obj === null || obj === undefined) {
+    return obj;
   }
-  return mcpClientForIntegrationId(
-    integrationId,
-    ctx,
-    env.DECO_API_URL,
-    env.DECO_APP_NAME,
-  );
-}
 
-export const createContractBinding = (
-  binding: ContractBinding,
-  env: DefaultEnv,
-) => {
-  return mcpClientFromState(binding, env);
-};
+  // Handle arrays
+  if (Array.isArray(obj)) {
+    return obj.map((item) => traverseAndReplace(item, ctx));
+  }
 
-export const createIntegrationBinding = (
-  binding: MCPBinding,
-  env: DefaultEnv,
-) => {
-  const integrationId =
-    "integration_id" in binding ? binding.integration_id : undefined;
-  if (!integrationId) {
-    return mcpClientFromState(binding, env);
+  // Handle objects
+  if (typeof obj === "object") {
+    // Check if this is a binding
+    if (isBinding(obj)) {
+      return mcpClientForConnectionId(obj.value, ctx, obj.__type);
+    }
+
+    // Traverse object properties
+    const result: Record<string, unknown> = {};
+    for (const [key, value] of Object.entries(obj)) {
+      result[key] = traverseAndReplace(value, ctx);
+    }
+    return result;
   }
-  // bindings pointed to an specific integration id are binded using the app deployment workspace
-  return mcpClientForIntegrationId(
-    integrationId,
-    {
-      workspace: env.DECO_WORKSPACE,
-      token: env.DECO_API_TOKEN,
-      branch: env.DECO_REQUEST_CONTEXT?.branch,
-    },
-    env.DECO_API_URL,
-    env.DECO_APP_NAME,
-  );
+
+  // Return primitives as-is
+  return obj;
+};
+
+export const initializeBindings = <
+  T,
+  TBindings extends BindingRegistry = BindingRegistry,
+>(
+  ctx: RequestContext,
+): ResolvedBindings<T, TBindings> => {
+  // resolves the state in-place
+  return traverseAndReplace(ctx.state, ctx) as ResolvedBindings<T, TBindings>;
 };
+
+interface DefaultRegistry extends BindingRegistry {
+  "@deco/mesh": CollectionBinding<{ hello: string }, "MESH">;
+}
+
+export interface XPTO {
+  MESH: Binding<"@deco/meh">;
+}
+
+export type XPTOResolved = ResolvedBindings<XPTO, DefaultRegistry>;

package/src/client.ts

@@ -1,35 +1,3 @@
-import { toAsyncIterator } from "./bindings/deconfig/helpers.ts";
-// Extract resource name from DECO_RESOURCE_${NAME}_READ pattern
-type ExtractResourceName<K> = K extends `DECO_RESOURCE_${infer Name}_READ`
-  ? Name
-  : never;
-
-// Generate SUBSCRIBE method name from resource name
-type SubscribeMethodName<Name extends string> =
-  `DECO_RESOURCE_${Name}_SUBSCRIBE`;
-
-// Extract data type from READ method return type
-type ExtractReadData<T> = T extends Promise<{ data: infer D }>
-  ? D
-  : T extends { data: infer D }
-    ? D
-    : never;
-
-// Generate all SUBSCRIBE method names for a given type
-type SubscribeMethods<T> = {
-  [K in keyof T as K extends `DECO_RESOURCE_${string}_READ`
-    ? SubscribeMethodName<ExtractResourceName<K>>
-    : never]: K extends `DECO_RESOURCE_${string}_READ`
-    ? // oxlint-disable-next-line no-explicit-any
-      T[K] extends (...args: any) => any
-      ? (args: { id: string } | { uri: string }) => AsyncIterableIterator<{
-          uri: string;
-          data: ExtractReadData<Awaited<ReturnType<T[K]>>>;
-        }>
-      : never
-    : never;
-};
-
 export type MCPClient<T> = {
   // oxlint-disable-next-line no-explicit-any
   [K in keyof T]: T[K] extends (...args: any) => any
@@ -38,7 +6,7 @@ export type MCPClient<T> = {
         init?: CustomInit,
       ) => Promise<Awaited<ReturnType<T[K]>>>
     : never;
-} & SubscribeMethods<T>;
+};
 
 export type CustomInit = RequestInit & {
   handleResponse?: (response: Response) => Promise<unknown>;
@@ -53,123 +21,11 @@ export const DEFAULT_INIT: CustomInit = {
   },
 };
 
-/**
- * Helper function to call an MCP tool via fetch
- */
-async function callMCPTool<T = unknown>(
-  methodName: string,
-  args: unknown,
-  init?: CustomInit,
-): Promise<T> {
-  const mergedInit: CustomInit = {
-    ...init,
-    headers: {
-      ...DEFAULT_INIT.headers,
-      ...init?.headers,
-    },
-  };
-
-  const response = await fetch(`/mcp/call-tool/${methodName}`, {
-    method: "POST",
-    body: JSON.stringify(args),
-    credentials: "include",
-    ...mergedInit,
-  });
-
-  if (!response.ok) {
-    throw new Error(`Failed to call ${methodName}: ${response.statusText}`);
-  }
-
-  return response.json() as Promise<T>;
-}
-
-/**
- * Creates a subscribe method for a resource that returns an async iterator
- * yielding {uri, data} objects as resources are updated.
- */
-function createSubscribeMethod(
-  resourceName: string,
-  init?: CustomInit,
-): (args: { id: string }) => AsyncIterableIterator<{
-  uri: string;
-  data: unknown;
-}> {
-  return async function* (args: { id: string } | { uri: string }) {
-    // Step 1: Call DESCRIBE to get watch endpoint configuration and URI template
-    const describeMethodName = `DECO_RESOURCE_${resourceName}_DESCRIBE`;
-    const readMethodName = `DECO_RESOURCE_${resourceName}_READ`;
-
-    // Get describe information
-    const describeData = await callMCPTool<{
-      uriTemplate?: string;
-      features?: {
-        watch?: {
-          pathname?: string;
-        };
-      };
-    }>(describeMethodName, {}, init);
-
-    const watchPathname = describeData?.features?.watch?.pathname;
-    const uriTemplate = describeData?.uriTemplate;
-
-    if (!watchPathname) {
-      throw new Error(
-        `Resource ${resourceName} does not support watch functionality`,
-      );
-    }
-
-    if (!uriTemplate) {
-      throw new Error(`Resource ${resourceName} does not provide uriTemplate`);
-    }
-
-    // Step 2: Construct URI from template by replacing * with id
-    const resourceUri =
-      "uri" in args ? args.uri : uriTemplate.replace("*", args.id);
-
-    // Step 3: Construct watch URL and create EventSource
-    const watchUrl = new URL(watchPathname, globalThis.location.origin);
-    watchUrl.searchParams.set("uri", resourceUri);
-
-    const eventSource = new EventSource(watchUrl.href);
-
-    // Step 4: Use toAsyncIterator to consume SSE events and enrich with READ data
-    const eventStream = toAsyncIterator<{ uri: string }>(
-      eventSource,
-      "message",
-    );
-
-    // Iterate over SSE events and enrich with full data
-    for await (const event of eventStream) {
-      const uri = event.uri;
-
-      if (uri) {
-        // Call READ to get full resource data
-        const readData = await callMCPTool<{ data: unknown }>(
-          readMethodName,
-          { uri },
-          init,
-        );
-
-        yield { uri, data: readData.data };
-      }
-    }
-  };
-}
-
 export const createClient = <T>(init?: CustomInit): MCPClient<T> => {
   return new Proxy(
     {},
     {
       get: (_, prop) => {
-        const propStr = String(prop);
-
-        // Check if this is a SUBSCRIBE method call
-        const subscribeMatch = propStr.match(/^DECO_RESOURCE_(.+)_SUBSCRIBE$/);
-        if (subscribeMatch) {
-          const resourceName = subscribeMatch[1];
-          return createSubscribeMethod(resourceName, init);
-        }
-
         // Regular method call
         return async (args: unknown, innerInit?: CustomInit) => {
           const mergedInit: CustomInit = {

package/src/cors.ts

@@ -0,0 +1,140 @@
+export type CORSOrigin =
+  | string
+  | string[]
+  | ((origin: string, req: Request) => string | null | undefined);
+
+export interface CORSOptions {
+  /**
+   * The value of "Access-Control-Allow-Origin" CORS header.
+   * Can be a string, array of strings, or a function that returns the allowed origin.
+   * @default '*'
+   */
+  origin?: CORSOrigin;
+  /**
+   * The value of "Access-Control-Allow-Methods" CORS header.
+   * @default ['GET', 'HEAD', 'PUT', 'POST', 'DELETE', 'PATCH']
+   */
+  allowMethods?: string[];
+  /**
+   * The value of "Access-Control-Allow-Headers" CORS header.
+   * @default []
+   */
+  allowHeaders?: string[];
+  /**
+   * The value of "Access-Control-Max-Age" CORS header (in seconds).
+   */
+  maxAge?: number;
+  /**
+   * The value of "Access-Control-Allow-Credentials" CORS header.
+   */
+  credentials?: boolean;
+  /**
+   * The value of "Access-Control-Expose-Headers" CORS header.
+   * @default []
+   */
+  exposeHeaders?: string[];
+}
+
+const DEFAULT_ALLOW_METHODS = ["GET", "HEAD", "PUT", "POST", "DELETE", "PATCH"];
+
+const resolveOrigin = (
+  origin: CORSOrigin | undefined,
+  requestOrigin: string | null,
+  req: Request,
+): string | null => {
+  if (!requestOrigin) return null;
+
+  if (origin === undefined || origin === "*") {
+    return "*";
+  }
+
+  if (typeof origin === "string") {
+    return origin === requestOrigin ? origin : null;
+  }
+
+  if (Array.isArray(origin)) {
+    return origin.includes(requestOrigin) ? requestOrigin : null;
+  }
+
+  if (typeof origin === "function") {
+    return origin(requestOrigin, req) ?? null;
+  }
+
+  return null;
+};
+
+const setCORSHeaders = (
+  headers: Headers,
+  req: Request,
+  options: CORSOptions,
+): void => {
+  const requestOrigin = req.headers.get("Origin");
+  const allowedOrigin = resolveOrigin(options.origin, requestOrigin, req);
+
+  if (allowedOrigin) {
+    headers.set("Access-Control-Allow-Origin", allowedOrigin);
+  }
+
+  if (options.credentials) {
+    headers.set("Access-Control-Allow-Credentials", "true");
+  }
+
+  if (options.exposeHeaders?.length) {
+    headers.set(
+      "Access-Control-Expose-Headers",
+      options.exposeHeaders.join(", "),
+    );
+  }
+};
+
+export const handlePreflight = (
+  req: Request,
+  options: CORSOptions,
+): Response => {
+  const headers = new Headers();
+  const requestOrigin = req.headers.get("Origin");
+  const allowedOrigin = resolveOrigin(options.origin, requestOrigin, req);
+
+  if (allowedOrigin) {
+    headers.set("Access-Control-Allow-Origin", allowedOrigin);
+  }
+
+  if (options.credentials) {
+    headers.set("Access-Control-Allow-Credentials", "true");
+  }
+
+  const allowMethods = options.allowMethods ?? DEFAULT_ALLOW_METHODS;
+  headers.set("Access-Control-Allow-Methods", allowMethods.join(", "));
+
+  const requestHeaders = req.headers.get("Access-Control-Request-Headers");
+  if (options.allowHeaders?.length) {
+    headers.set(
+      "Access-Control-Allow-Headers",
+      options.allowHeaders.join(", "),
+    );
+  } else if (requestHeaders) {
+    // Mirror the requested headers if no explicit allowHeaders configured
+    headers.set("Access-Control-Allow-Headers", requestHeaders);
+  }
+
+  if (options.maxAge !== undefined) {
+    headers.set("Access-Control-Max-Age", options.maxAge.toString());
+  }
+
+  return new Response(null, { status: 204, headers });
+};
+
+export const withCORS = (
+  response: Response,
+  req: Request,
+  options: CORSOptions,
+): Response => {
+  const newHeaders = new Headers(response.headers);
+  setCORSHeaders(newHeaders, req, options);
+
+  return new Response(response.body, {
+    status: response.status,
+    statusText: response.statusText,
+    headers: newHeaders,
+  });
+};