@genkit-ai/express 1.0.0-rc.1

package/README.md

@@ -0,0 +1,93 @@
+# Genkit Express Plugin
+
+This plugin provides utilities for conveninetly exposing Genkit flows and actions via Express HTTP server as REST APIs.
+
+```ts
+import { handler } from '@genkit-ai/express';
+import express from 'express';
+
+const simpleFlow = ai.defineFlow(
+  'simpleFlow',
+  async (input, streamingCallback) => {
+    const { text } = await ai.generate({
+      model: gemini15Flash,
+      prompt: input,
+      streamingCallback,
+    });
+    return text;
+  }
+);
+
+const app = express();
+app.use(express.json());
+
+app.post('/simpleFlow', handler(simpleFlow));
+
+app.listen(8080);
+```
+
+You can also set auth policies:
+
+```ts
+// middleware for handling auth headers.
+const authMiddleware = async (req, resp, next) => {
+  // parse auth headers and convert to auth object.
+  (req as RequestWithAuth).auth = {
+    user:
+      req.header('authorization') === 'open sesame' ? 'Ali Baba' : '40 thieves',
+  };
+  next();
+};
+
+app.post(
+  '/simpleFlow',
+  authMiddleware,
+  handler(simpleFlow, {
+    authPolicy: ({ auth }) => {
+      if (auth.user !== 'Ali Baba') {
+        throw new Error('not authorized');
+      }
+    },
+  })
+);
+```
+
+Flows and actions exposed using the `handler` function can be accessed using `genkit/client` library:
+
+```ts
+import { runFlow, streamFlow } from 'genkit/client';
+
+const result = await runFlow({
+  url: `http://localhost:${port}/simpleFlow`,
+  input: 'say hello',
+});
+
+console.log(result); // hello
+
+// set auth headers (when using auth policies)
+const result = await runFlow({
+  url: `http://localhost:${port}/simpleFlow`,
+  headers: {
+    Authorization: 'open sesame',
+  },
+  input: 'say hello',
+});
+
+console.log(result); // hello
+
+// and streamed
+const result = streamFlow({
+  url: `http://localhost:${port}/simpleFlow`,
+  input: 'say hello',
+});
+for await (const chunk of result.stream()) {
+  console.log(chunk);
+}
+console.log(await result.output());
+```
+
+The sources for this package are in the main [Genkit](https://github.com/firebase/genkit) repo. Please file issues and pull requests against that repo.
+
+Usage information and reference details can be found in [Genkit documentation](https://firebase.google.com/docs/genkit).
+
+License: Apache 2.0

package/lib/chunk-IQXHJV5O.mjs

@@ -0,0 +1,25 @@
+var __async = (__this, __arguments, generator) => {
+  return new Promise((resolve, reject) => {
+    var fulfilled = (value) => {
+      try {
+        step(generator.next(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var rejected = (value) => {
+      try {
+        step(generator.throw(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
+    step((generator = generator.apply(__this, __arguments)).next());
+  });
+};
+
+export {
+  __async
+};
+//# sourceMappingURL=chunk-IQXHJV5O.mjs.map

package/lib/chunk-IQXHJV5O.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/lib/index.d.mts

@@ -0,0 +1,52 @@
+import express from 'express';
+import { z, Flow, Action, CallableFlow } from 'genkit';
+
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Auth policy context is an object passed to the auth policy providing details necessary for auth.
+ */
+interface AuthPolicyContext<I extends z.ZodTypeAny = z.ZodTypeAny, O extends z.ZodTypeAny = z.ZodTypeAny, S extends z.ZodTypeAny = z.ZodTypeAny> {
+    flow?: Flow<I, O, S>;
+    action?: Action<I, O, S>;
+    input: z.infer<I>;
+    auth: any | undefined;
+    request: RequestWithAuth;
+}
+/**
+ * Flow Auth policy. Consumes the authorization context of the flow and
+ * performs checks before the flow runs. If this throws, the flow will not
+ * be executed.
+ */
+interface AuthPolicy<I extends z.ZodTypeAny = z.ZodTypeAny, O extends z.ZodTypeAny = z.ZodTypeAny, S extends z.ZodTypeAny = z.ZodTypeAny> {
+    (ctx: AuthPolicyContext<I, O, S>): void | Promise<void>;
+}
+/**
+ * For express-based flows, req.auth should contain the value to bepassed into
+ * the flow context.
+ */
+interface RequestWithAuth extends express.Request {
+    auth?: unknown;
+}
+/**
+ * Exposes provided flow or an action as express handler.
+ */
+declare function handler<I extends z.ZodTypeAny = z.ZodTypeAny, O extends z.ZodTypeAny = z.ZodTypeAny, S extends z.ZodTypeAny = z.ZodTypeAny>(f: CallableFlow<I, O, S> | Flow<I, O, S> | Action<I, O, S>, opts?: {
+    authPolicy?: AuthPolicy<I, O, S>;
+}): express.RequestHandler;
+
+export { type AuthPolicy, type AuthPolicyContext, type RequestWithAuth, handler };

package/lib/index.d.ts

@@ -0,0 +1,52 @@
+import express from 'express';
+import { z, Flow, Action, CallableFlow } from 'genkit';
+
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Auth policy context is an object passed to the auth policy providing details necessary for auth.
+ */
+interface AuthPolicyContext<I extends z.ZodTypeAny = z.ZodTypeAny, O extends z.ZodTypeAny = z.ZodTypeAny, S extends z.ZodTypeAny = z.ZodTypeAny> {
+    flow?: Flow<I, O, S>;
+    action?: Action<I, O, S>;
+    input: z.infer<I>;
+    auth: any | undefined;
+    request: RequestWithAuth;
+}
+/**
+ * Flow Auth policy. Consumes the authorization context of the flow and
+ * performs checks before the flow runs. If this throws, the flow will not
+ * be executed.
+ */
+interface AuthPolicy<I extends z.ZodTypeAny = z.ZodTypeAny, O extends z.ZodTypeAny = z.ZodTypeAny, S extends z.ZodTypeAny = z.ZodTypeAny> {
+    (ctx: AuthPolicyContext<I, O, S>): void | Promise<void>;
+}
+/**
+ * For express-based flows, req.auth should contain the value to bepassed into
+ * the flow context.
+ */
+interface RequestWithAuth extends express.Request {
+    auth?: unknown;
+}
+/**
+ * Exposes provided flow or an action as express handler.
+ */
+declare function handler<I extends z.ZodTypeAny = z.ZodTypeAny, O extends z.ZodTypeAny = z.ZodTypeAny, S extends z.ZodTypeAny = z.ZodTypeAny>(f: CallableFlow<I, O, S> | Flow<I, O, S> | Action<I, O, S>, opts?: {
+    authPolicy?: AuthPolicy<I, O, S>;
+}): express.RequestHandler;
+
+export { type AuthPolicy, type AuthPolicyContext, type RequestWithAuth, handler };

package/lib/index.js

@@ -0,0 +1,136 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __async = (__this, __arguments, generator) => {
+  return new Promise((resolve, reject) => {
+    var fulfilled = (value) => {
+      try {
+        step(generator.next(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var rejected = (value) => {
+      try {
+        step(generator.throw(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
+    step((generator = generator.apply(__this, __arguments)).next());
+  });
+};
+var src_exports = {};
+__export(src_exports, {
+  handler: () => handler
+});
+module.exports = __toCommonJS(src_exports);
+var import_genkit = require("genkit");
+var import_logging = require("genkit/logging");
+var import_utils = require("./utils");
+const streamDelimiter = "\n\n";
+function handler(f, opts) {
+  const flow = f.invoke ? f : f.flow ? f.flow : void 0;
+  const action = flow ? flow.action : f;
+  const registry = flow ? flow.registry : action.__registry;
+  return (request, response) => __async(this, null, function* () {
+    var _a;
+    const { stream } = request.query;
+    let input = request.body.data;
+    const auth = request.auth;
+    try {
+      yield (_a = opts == null ? void 0 : opts.authPolicy) == null ? void 0 : _a.call(opts, {
+        flow,
+        action,
+        auth,
+        input,
+        request
+      });
+    } catch (e) {
+      import_logging.logger.debug(e);
+      const respBody = {
+        error: {
+          status: "PERMISSION_DENIED",
+          message: e.message || "Permission denied to resource"
+        }
+      };
+      response.status(403).send(respBody).end();
+      return;
+    }
+    if (request.get("Accept") === "text/event-stream" || stream === "true") {
+      response.writeHead(200, {
+        "Content-Type": "text/plain",
+        "Transfer-Encoding": "chunked"
+      });
+      try {
+        const onChunk = (chunk) => {
+          response.write(
+            "data: " + JSON.stringify({ message: chunk }) + streamDelimiter
+          );
+        };
+        const result = yield (0, import_genkit.runWithStreamingCallback)(
+          registry,
+          onChunk,
+          () => action.run(input, {
+            onChunk,
+            context: auth
+          })
+        );
+        response.write(
+          "data: " + JSON.stringify({ result: result.result }) + streamDelimiter
+        );
+        response.end();
+      } catch (e) {
+        import_logging.logger.error(e);
+        response.write(
+          "data: " + JSON.stringify({
+            error: {
+              status: "INTERNAL",
+              message: (0, import_utils.getErrorMessage)(e),
+              details: (0, import_utils.getErrorStack)(e)
+            }
+          }) + streamDelimiter
+        );
+        response.end();
+      }
+    } else {
+      try {
+        const result = yield action.run(input, { context: auth });
+        response.setHeader("x-genkit-trace-id", result.telemetry.traceId);
+        response.setHeader("x-genkit-span-id", result.telemetry.spanId);
+        response.status(200).send({
+          result: result.result
+        }).end();
+      } catch (e) {
+        response.status(500).send({
+          error: {
+            status: "INTERNAL",
+            message: (0, import_utils.getErrorMessage)(e),
+            details: (0, import_utils.getErrorStack)(e)
+          }
+        }).end();
+      }
+    }
+  });
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  handler
+});
+//# sourceMappingURL=index.js.map

package/lib/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts"],"sourcesContent":["/**\n * Copyright 2024 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport express from 'express';\nimport {\n  Action,\n  CallableFlow,\n  Flow,\n  runWithStreamingCallback,\n  z,\n} from 'genkit';\nimport { logger } from 'genkit/logging';\nimport { Registry } from 'genkit/registry';\nimport { getErrorMessage, getErrorStack } from './utils';\n\nconst streamDelimiter = '\\n\\n';\n\n/**\n * Auth policy context is an object passed to the auth policy providing details necessary for auth.\n */\nexport interface AuthPolicyContext<\n  I extends z.ZodTypeAny = z.ZodTypeAny,\n  O extends z.ZodTypeAny = z.ZodTypeAny,\n  S extends z.ZodTypeAny = z.ZodTypeAny,\n> {\n  flow?: Flow<I, O, S>;\n  action?: Action<I, O, S>;\n  input: z.infer<I>;\n  auth: any | undefined;\n  request: RequestWithAuth;\n}\n\n/**\n * Flow Auth policy. Consumes the authorization context of the flow and\n * performs checks before the flow runs. If this throws, the flow will not\n * be executed.\n */\nexport interface AuthPolicy<\n  I extends z.ZodTypeAny = z.ZodTypeAny,\n  O extends z.ZodTypeAny = z.ZodTypeAny,\n  S extends z.ZodTypeAny = z.ZodTypeAny,\n> {\n  (ctx: AuthPolicyContext<I, O, S>): void | Promise<void>;\n}\n\n/**\n * For express-based flows, req.auth should contain the value to bepassed into\n * the flow context.\n */\nexport interface RequestWithAuth extends express.Request {\n  auth?: unknown;\n}\n\n/**\n * Exposes provided flow or an action as express handler.\n */\nexport function handler<\n  I extends z.ZodTypeAny = z.ZodTypeAny,\n  O extends z.ZodTypeAny = z.ZodTypeAny,\n  S extends z.ZodTypeAny = z.ZodTypeAny,\n>(\n  f: CallableFlow<I, O, S> | Flow<I, O, S> | Action<I, O, S>,\n  opts?: {\n    authPolicy?: AuthPolicy<I, O, S>;\n  }\n): express.RequestHandler {\n  const flow: Flow<I, O, S> | undefined = (f as Flow<I, O, S>).invoke\n    ? (f as Flow<I, O, S>)\n    : (f as CallableFlow<I, O, S>).flow\n      ? (f as CallableFlow<I, O, S>).flow\n      : undefined;\n  const action: Action<I, O, S> = flow ? flow.action : (f as Action<I, O, S>);\n  const registry: Registry = flow ? flow.registry : action.__registry;\n  return async (\n    request: RequestWithAuth,\n    response: express.Response\n  ): Promise<void> => {\n    const { stream } = request.query;\n    let input = request.body.data;\n    const auth = request.auth;\n\n    try {\n      await opts?.authPolicy?.({\n        flow,\n        action,\n        auth,\n        input,\n        request,\n      });\n    } catch (e: any) {\n      logger.debug(e);\n      const respBody = {\n        error: {\n          status: 'PERMISSION_DENIED',\n          message: e.message || 'Permission denied to resource',\n        },\n      };\n      response.status(403).send(respBody).end();\n      return;\n    }\n\n    if (request.get('Accept') === 'text/event-stream' || stream === 'true') {\n      response.writeHead(200, {\n        'Content-Type': 'text/plain',\n        'Transfer-Encoding': 'chunked',\n      });\n      try {\n        const onChunk = (chunk: z.infer<S>) => {\n          response.write(\n            'data: ' + JSON.stringify({ message: chunk }) + streamDelimiter\n          );\n        };\n        const result = await runWithStreamingCallback(registry, onChunk, () =>\n          action.run(input, {\n            onChunk,\n            context: auth,\n          })\n        );\n        response.write(\n          'data: ' + JSON.stringify({ result: result.result }) + streamDelimiter\n        );\n        response.end();\n      } catch (e) {\n        logger.error(e);\n        response.write(\n          'data: ' +\n            JSON.stringify({\n              error: {\n                status: 'INTERNAL',\n                message: getErrorMessage(e),\n                details: getErrorStack(e),\n              },\n            }) +\n            streamDelimiter\n        );\n        response.end();\n      }\n    } else {\n      try {\n        const result = await action.run(input, { context: auth });\n        response.setHeader('x-genkit-trace-id', result.telemetry.traceId);\n        response.setHeader('x-genkit-span-id', result.telemetry.spanId);\n        // Responses for non-streaming flows are passed back with the flow result stored in a field called \"result.\"\n        response\n          .status(200)\n          .send({\n            result: result.result,\n          })\n          .end();\n      } catch (e) {\n        // Errors for non-streaming flows are passed back as standard API errors.\n        response\n          .status(500)\n          .send({\n            error: {\n              status: 'INTERNAL',\n              message: getErrorMessage(e),\n              details: getErrorStack(e),\n            },\n          })\n          .end();\n      }\n    }\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAiBA,oBAMO;AACP,qBAAuB;AAEvB,mBAA+C;AAE/C,MAAM,kBAAkB;AAyCjB,SAAS,QAKd,GACA,MAGwB;AACxB,QAAM,OAAmC,EAAoB,SACxD,IACA,EAA4B,OAC1B,EAA4B,OAC7B;AACN,QAAM,SAA0B,OAAO,KAAK,SAAU;AACtD,QAAM,WAAqB,OAAO,KAAK,WAAW,OAAO;AACzD,SAAO,CACL,SACA,aACkB;AAzFtB;AA0FI,UAAM,EAAE,OAAO,IAAI,QAAQ;AAC3B,QAAI,QAAQ,QAAQ,KAAK;AACzB,UAAM,OAAO,QAAQ;AAErB,QAAI;AACF,aAAM,kCAAM,eAAN,8BAAmB;AAAA,QACvB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF,SAAS,GAAQ;AACf,4BAAO,MAAM,CAAC;AACd,YAAM,WAAW;AAAA,QACf,OAAO;AAAA,UACL,QAAQ;AAAA,UACR,SAAS,EAAE,WAAW;AAAA,QACxB;AAAA,MACF;AACA,eAAS,OAAO,GAAG,EAAE,KAAK,QAAQ,EAAE,IAAI;AACxC;AAAA,IACF;AAEA,QAAI,QAAQ,IAAI,QAAQ,MAAM,uBAAuB,WAAW,QAAQ;AACtE,eAAS,UAAU,KAAK;AAAA,QACtB,gBAAgB;AAAA,QAChB,qBAAqB;AAAA,MACvB,CAAC;AACD,UAAI;AACF,cAAM,UAAU,CAAC,UAAsB;AACrC,mBAAS;AAAA,YACP,WAAW,KAAK,UAAU,EAAE,SAAS,MAAM,CAAC,IAAI;AAAA,UAClD;AAAA,QACF;AACA,cAAM,SAAS,UAAM;AAAA,UAAyB;AAAA,UAAU;AAAA,UAAS,MAC/D,OAAO,IAAI,OAAO;AAAA,YAChB;AAAA,YACA,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AACA,iBAAS;AAAA,UACP,WAAW,KAAK,UAAU,EAAE,QAAQ,OAAO,OAAO,CAAC,IAAI;AAAA,QACzD;AACA,iBAAS,IAAI;AAAA,MACf,SAAS,GAAG;AACV,8BAAO,MAAM,CAAC;AACd,iBAAS;AAAA,UACP,WACE,KAAK,UAAU;AAAA,YACb,OAAO;AAAA,cACL,QAAQ;AAAA,cACR,aAAS,8BAAgB,CAAC;AAAA,cAC1B,aAAS,4BAAc,CAAC;AAAA,YAC1B;AAAA,UACF,CAAC,IACD;AAAA,QACJ;AACA,iBAAS,IAAI;AAAA,MACf;AAAA,IACF,OAAO;AACL,UAAI;AACF,cAAM,SAAS,MAAM,OAAO,IAAI,OAAO,EAAE,SAAS,KAAK,CAAC;AACxD,iBAAS,UAAU,qBAAqB,OAAO,UAAU,OAAO;AAChE,iBAAS,UAAU,oBAAoB,OAAO,UAAU,MAAM;AAE9D,iBACG,OAAO,GAAG,EACV,KAAK;AAAA,UACJ,QAAQ,OAAO;AAAA,QACjB,CAAC,EACA,IAAI;AAAA,MACT,SAAS,GAAG;AAEV,iBACG,OAAO,GAAG,EACV,KAAK;AAAA,UACJ,OAAO;AAAA,YACL,QAAQ;AAAA,YACR,aAAS,8BAAgB,CAAC;AAAA,YAC1B,aAAS,4BAAc,CAAC;AAAA,UAC1B;AAAA,QACF,CAAC,EACA,IAAI;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACF;","names":[]}

package/lib/index.mjs

@@ -0,0 +1,97 @@
+import {
+  __async
+} from "./chunk-IQXHJV5O.mjs";
+import {
+  runWithStreamingCallback
+} from "genkit";
+import { logger } from "genkit/logging";
+import { getErrorMessage, getErrorStack } from "./utils";
+const streamDelimiter = "\n\n";
+function handler(f, opts) {
+  const flow = f.invoke ? f : f.flow ? f.flow : void 0;
+  const action = flow ? flow.action : f;
+  const registry = flow ? flow.registry : action.__registry;
+  return (request, response) => __async(this, null, function* () {
+    var _a;
+    const { stream } = request.query;
+    let input = request.body.data;
+    const auth = request.auth;
+    try {
+      yield (_a = opts == null ? void 0 : opts.authPolicy) == null ? void 0 : _a.call(opts, {
+        flow,
+        action,
+        auth,
+        input,
+        request
+      });
+    } catch (e) {
+      logger.debug(e);
+      const respBody = {
+        error: {
+          status: "PERMISSION_DENIED",
+          message: e.message || "Permission denied to resource"
+        }
+      };
+      response.status(403).send(respBody).end();
+      return;
+    }
+    if (request.get("Accept") === "text/event-stream" || stream === "true") {
+      response.writeHead(200, {
+        "Content-Type": "text/plain",
+        "Transfer-Encoding": "chunked"
+      });
+      try {
+        const onChunk = (chunk) => {
+          response.write(
+            "data: " + JSON.stringify({ message: chunk }) + streamDelimiter
+          );
+        };
+        const result = yield runWithStreamingCallback(
+          registry,
+          onChunk,
+          () => action.run(input, {
+            onChunk,
+            context: auth
+          })
+        );
+        response.write(
+          "data: " + JSON.stringify({ result: result.result }) + streamDelimiter
+        );
+        response.end();
+      } catch (e) {
+        logger.error(e);
+        response.write(
+          "data: " + JSON.stringify({
+            error: {
+              status: "INTERNAL",
+              message: getErrorMessage(e),
+              details: getErrorStack(e)
+            }
+          }) + streamDelimiter
+        );
+        response.end();
+      }
+    } else {
+      try {
+        const result = yield action.run(input, { context: auth });
+        response.setHeader("x-genkit-trace-id", result.telemetry.traceId);
+        response.setHeader("x-genkit-span-id", result.telemetry.spanId);
+        response.status(200).send({
+          result: result.result
+        }).end();
+      } catch (e) {
+        response.status(500).send({
+          error: {
+            status: "INTERNAL",
+            message: getErrorMessage(e),
+            details: getErrorStack(e)
+          }
+        }).end();
+      }
+    }
+  });
+}
+export {
+  handler
+};
+//# sourceMappingURL=index.mjs.map

package/lib/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts"],"sourcesContent":["/**\n * Copyright 2024 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport express from 'express';\nimport {\n  Action,\n  CallableFlow,\n  Flow,\n  runWithStreamingCallback,\n  z,\n} from 'genkit';\nimport { logger } from 'genkit/logging';\nimport { Registry } from 'genkit/registry';\nimport { getErrorMessage, getErrorStack } from './utils';\n\nconst streamDelimiter = '\\n\\n';\n\n/**\n * Auth policy context is an object passed to the auth policy providing details necessary for auth.\n */\nexport interface AuthPolicyContext<\n  I extends z.ZodTypeAny = z.ZodTypeAny,\n  O extends z.ZodTypeAny = z.ZodTypeAny,\n  S extends z.ZodTypeAny = z.ZodTypeAny,\n> {\n  flow?: Flow<I, O, S>;\n  action?: Action<I, O, S>;\n  input: z.infer<I>;\n  auth: any | undefined;\n  request: RequestWithAuth;\n}\n\n/**\n * Flow Auth policy. Consumes the authorization context of the flow and\n * performs checks before the flow runs. If this throws, the flow will not\n * be executed.\n */\nexport interface AuthPolicy<\n  I extends z.ZodTypeAny = z.ZodTypeAny,\n  O extends z.ZodTypeAny = z.ZodTypeAny,\n  S extends z.ZodTypeAny = z.ZodTypeAny,\n> {\n  (ctx: AuthPolicyContext<I, O, S>): void | Promise<void>;\n}\n\n/**\n * For express-based flows, req.auth should contain the value to bepassed into\n * the flow context.\n */\nexport interface RequestWithAuth extends express.Request {\n  auth?: unknown;\n}\n\n/**\n * Exposes provided flow or an action as express handler.\n */\nexport function handler<\n  I extends z.ZodTypeAny = z.ZodTypeAny,\n  O extends z.ZodTypeAny = z.ZodTypeAny,\n  S extends z.ZodTypeAny = z.ZodTypeAny,\n>(\n  f: CallableFlow<I, O, S> | Flow<I, O, S> | Action<I, O, S>,\n  opts?: {\n    authPolicy?: AuthPolicy<I, O, S>;\n  }\n): express.RequestHandler {\n  const flow: Flow<I, O, S> | undefined = (f as Flow<I, O, S>).invoke\n    ? (f as Flow<I, O, S>)\n    : (f as CallableFlow<I, O, S>).flow\n      ? (f as CallableFlow<I, O, S>).flow\n      : undefined;\n  const action: Action<I, O, S> = flow ? flow.action : (f as Action<I, O, S>);\n  const registry: Registry = flow ? flow.registry : action.__registry;\n  return async (\n    request: RequestWithAuth,\n    response: express.Response\n  ): Promise<void> => {\n    const { stream } = request.query;\n    let input = request.body.data;\n    const auth = request.auth;\n\n    try {\n      await opts?.authPolicy?.({\n        flow,\n        action,\n        auth,\n        input,\n        request,\n      });\n    } catch (e: any) {\n      logger.debug(e);\n      const respBody = {\n        error: {\n          status: 'PERMISSION_DENIED',\n          message: e.message || 'Permission denied to resource',\n        },\n      };\n      response.status(403).send(respBody).end();\n      return;\n    }\n\n    if (request.get('Accept') === 'text/event-stream' || stream === 'true') {\n      response.writeHead(200, {\n        'Content-Type': 'text/plain',\n        'Transfer-Encoding': 'chunked',\n      });\n      try {\n        const onChunk = (chunk: z.infer<S>) => {\n          response.write(\n            'data: ' + JSON.stringify({ message: chunk }) + streamDelimiter\n          );\n        };\n        const result = await runWithStreamingCallback(registry, onChunk, () =>\n          action.run(input, {\n            onChunk,\n            context: auth,\n          })\n        );\n        response.write(\n          'data: ' + JSON.stringify({ result: result.result }) + streamDelimiter\n        );\n        response.end();\n      } catch (e) {\n        logger.error(e);\n        response.write(\n          'data: ' +\n            JSON.stringify({\n              error: {\n                status: 'INTERNAL',\n                message: getErrorMessage(e),\n                details: getErrorStack(e),\n              },\n            }) +\n            streamDelimiter\n        );\n        response.end();\n      }\n    } else {\n      try {\n        const result = await action.run(input, { context: auth });\n        response.setHeader('x-genkit-trace-id', result.telemetry.traceId);\n        response.setHeader('x-genkit-span-id', result.telemetry.spanId);\n        // Responses for non-streaming flows are passed back with the flow result stored in a field called \"result.\"\n        response\n          .status(200)\n          .send({\n            result: result.result,\n          })\n          .end();\n      } catch (e) {\n        // Errors for non-streaming flows are passed back as standard API errors.\n        response\n          .status(500)\n          .send({\n            error: {\n              status: 'INTERNAL',\n              message: getErrorMessage(e),\n              details: getErrorStack(e),\n            },\n          })\n          .end();\n      }\n    }\n  };\n}\n"],"mappings":";;;AAiBA;AAAA,EAIE;AAAA,OAEK;AACP,SAAS,cAAc;AAEvB,SAAS,iBAAiB,qBAAqB;AAE/C,MAAM,kBAAkB;AAyCjB,SAAS,QAKd,GACA,MAGwB;AACxB,QAAM,OAAmC,EAAoB,SACxD,IACA,EAA4B,OAC1B,EAA4B,OAC7B;AACN,QAAM,SAA0B,OAAO,KAAK,SAAU;AACtD,QAAM,WAAqB,OAAO,KAAK,WAAW,OAAO;AACzD,SAAO,CACL,SACA,aACkB;AAzFtB;AA0FI,UAAM,EAAE,OAAO,IAAI,QAAQ;AAC3B,QAAI,QAAQ,QAAQ,KAAK;AACzB,UAAM,OAAO,QAAQ;AAErB,QAAI;AACF,aAAM,kCAAM,eAAN,8BAAmB;AAAA,QACvB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF,SAAS,GAAQ;AACf,aAAO,MAAM,CAAC;AACd,YAAM,WAAW;AAAA,QACf,OAAO;AAAA,UACL,QAAQ;AAAA,UACR,SAAS,EAAE,WAAW;AAAA,QACxB;AAAA,MACF;AACA,eAAS,OAAO,GAAG,EAAE,KAAK,QAAQ,EAAE,IAAI;AACxC;AAAA,IACF;AAEA,QAAI,QAAQ,IAAI,QAAQ,MAAM,uBAAuB,WAAW,QAAQ;AACtE,eAAS,UAAU,KAAK;AAAA,QACtB,gBAAgB;AAAA,QAChB,qBAAqB;AAAA,MACvB,CAAC;AACD,UAAI;AACF,cAAM,UAAU,CAAC,UAAsB;AACrC,mBAAS;AAAA,YACP,WAAW,KAAK,UAAU,EAAE,SAAS,MAAM,CAAC,IAAI;AAAA,UAClD;AAAA,QACF;AACA,cAAM,SAAS,MAAM;AAAA,UAAyB;AAAA,UAAU;AAAA,UAAS,MAC/D,OAAO,IAAI,OAAO;AAAA,YAChB;AAAA,YACA,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AACA,iBAAS;AAAA,UACP,WAAW,KAAK,UAAU,EAAE,QAAQ,OAAO,OAAO,CAAC,IAAI;AAAA,QACzD;AACA,iBAAS,IAAI;AAAA,MACf,SAAS,GAAG;AACV,eAAO,MAAM,CAAC;AACd,iBAAS;AAAA,UACP,WACE,KAAK,UAAU;AAAA,YACb,OAAO;AAAA,cACL,QAAQ;AAAA,cACR,SAAS,gBAAgB,CAAC;AAAA,cAC1B,SAAS,cAAc,CAAC;AAAA,YAC1B;AAAA,UACF,CAAC,IACD;AAAA,QACJ;AACA,iBAAS,IAAI;AAAA,MACf;AAAA,IACF,OAAO;AACL,UAAI;AACF,cAAM,SAAS,MAAM,OAAO,IAAI,OAAO,EAAE,SAAS,KAAK,CAAC;AACxD,iBAAS,UAAU,qBAAqB,OAAO,UAAU,OAAO;AAChE,iBAAS,UAAU,oBAAoB,OAAO,UAAU,MAAM;AAE9D,iBACG,OAAO,GAAG,EACV,KAAK;AAAA,UACJ,QAAQ,OAAO;AAAA,QACjB,CAAC,EACA,IAAI;AAAA,MACT,SAAS,GAAG;AAEV,iBACG,OAAO,GAAG,EACV,KAAK;AAAA,UACJ,OAAO;AAAA,YACL,QAAQ;AAAA,YACR,SAAS,gBAAgB,CAAC;AAAA,YAC1B,SAAS,cAAc,CAAC;AAAA,UAC1B;AAAA,QACF,CAAC,EACA,IAAI;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACF;","names":[]}

package/lib/utils.d.mts

@@ -0,0 +1,25 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Extracts error message from the given error object, or if input is not an error then just turn the error into a string.
+ */
+declare function getErrorMessage(e: any): string;
+/**
+ * Extracts stack trace from the given error object, or if input is not an error then returns undefined.
+ */
+declare function getErrorStack(e: any): string | undefined;
+
+export { getErrorMessage, getErrorStack };

package/lib/utils.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Extracts error message from the given error object, or if input is not an error then just turn the error into a string.
+ */
+declare function getErrorMessage(e: any): string;
+/**
+ * Extracts stack trace from the given error object, or if input is not an error then returns undefined.
+ */
+declare function getErrorStack(e: any): string | undefined;
+
+export { getErrorMessage, getErrorStack };

package/lib/utils.js

@@ -0,0 +1,42 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var utils_exports = {};
+__export(utils_exports, {
+  getErrorMessage: () => getErrorMessage,
+  getErrorStack: () => getErrorStack
+});
+module.exports = __toCommonJS(utils_exports);
+function getErrorMessage(e) {
+  if (e instanceof Error) {
+    return e.message;
+  }
+  return `${e}`;
+}
+function getErrorStack(e) {
+  if (e instanceof Error) {
+    return e.stack;
+  }
+  return void 0;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  getErrorMessage,
+  getErrorStack
+});
+//# sourceMappingURL=utils.js.map

package/lib/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/utils.ts"],"sourcesContent":["/**\n * Copyright 2024 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * Extracts error message from the given error object, or if input is not an error then just turn the error into a string.\n */\nexport function getErrorMessage(e: any): string {\n  if (e instanceof Error) {\n    return e.message;\n  }\n  return `${e}`;\n}\n\n/**\n * Extracts stack trace from the given error object, or if input is not an error then returns undefined.\n */\nexport function getErrorStack(e: any): string | undefined {\n  if (e instanceof Error) {\n    return e.stack;\n  }\n  return undefined;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAmBO,SAAS,gBAAgB,GAAgB;AAC9C,MAAI,aAAa,OAAO;AACtB,WAAO,EAAE;AAAA,EACX;AACA,SAAO,GAAG,CAAC;AACb;AAKO,SAAS,cAAc,GAA4B;AACxD,MAAI,aAAa,OAAO;AACtB,WAAO,EAAE;AAAA,EACX;AACA,SAAO;AACT;","names":[]}

package/lib/utils.mjs

@@ -0,0 +1,18 @@
+import "./chunk-IQXHJV5O.mjs";
+function getErrorMessage(e) {
+  if (e instanceof Error) {
+    return e.message;
+  }
+  return `${e}`;
+}
+function getErrorStack(e) {
+  if (e instanceof Error) {
+    return e.stack;
+  }
+  return void 0;
+}
+export {
+  getErrorMessage,
+  getErrorStack
+};
+//# sourceMappingURL=utils.mjs.map

package/lib/utils.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/utils.ts"],"sourcesContent":["/**\n * Copyright 2024 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * Extracts error message from the given error object, or if input is not an error then just turn the error into a string.\n */\nexport function getErrorMessage(e: any): string {\n  if (e instanceof Error) {\n    return e.message;\n  }\n  return `${e}`;\n}\n\n/**\n * Extracts stack trace from the given error object, or if input is not an error then returns undefined.\n */\nexport function getErrorStack(e: any): string | undefined {\n  if (e instanceof Error) {\n    return e.stack;\n  }\n  return undefined;\n}\n"],"mappings":";AAmBO,SAAS,gBAAgB,GAAgB;AAC9C,MAAI,aAAa,OAAO;AACtB,WAAO,EAAE;AAAA,EACX;AACA,SAAO,GAAG,CAAC;AACb;AAKO,SAAS,cAAc,GAA4B;AACxD,MAAI,aAAa,OAAO;AACtB,WAAO,EAAE;AAAA,EACX;AACA,SAAO;AACT;","names":[]}

package/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "@genkit-ai/express",
+  "description": "Genkit AI framework plugin for Express server",
+  "keywords": [
+    "genkit",
+    "genkit-plugin",
+    "langchain",
+    "ai",
+    "genai",
+    "generative-ai"
+  ],
+  "version": "1.0.0-rc.1",
+  "type": "commonjs",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/firebase/genkit.git",
+    "directory": "js/plugins/express"
+  },
+  "author": "genkit",
+  "license": "Apache-2.0",
+  "dependencies": {},
+  "peerDependencies": {
+    "express": "^4.21.1",
+    "genkit": "1.0.0-rc.1"
+  },
+  "devDependencies": {
+    "get-port": "^5.1.0",
+    "@types/express": "^4.17.21",
+    "@types/node": "^20.11.16",
+    "npm-run-all": "^4.1.5",
+    "rimraf": "^6.0.1",
+    "tsup": "^8.3.5",
+    "tsx": "^4.19.2",
+    "typescript": "^4.9.0"
+  },
+  "types": "./lib/index.d.ts",
+  "exports": {
+    ".": {
+      "require": "./lib/index.js",
+      "default": "./lib/index.js",
+      "import": "./lib/index.mjs",
+      "types": "./lib/index.d.ts"
+    }
+  },
+  "scripts": {
+    "check": "tsc",
+    "compile": "tsup-node",
+    "build:clean": "rimraf ./lib",
+    "build": "npm-run-all build:clean check compile",
+    "build:watch": "tsup-node --watch",
+    "test": "node --import tsx --test tests/*_test.ts",
+    "test:watch": "node --import tsx --watch --test tests/*_test.ts"
+  }
+}

package/src/index.ts

@@ -0,0 +1,178 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import express from 'express';
+import {
+  Action,
+  CallableFlow,
+  Flow,
+  runWithStreamingCallback,
+  z,
+} from 'genkit';
+import { logger } from 'genkit/logging';
+import { Registry } from 'genkit/registry';
+import { getErrorMessage, getErrorStack } from './utils';
+
+const streamDelimiter = '\n\n';
+
+/**
+ * Auth policy context is an object passed to the auth policy providing details necessary for auth.
+ */
+export interface AuthPolicyContext<
+  I extends z.ZodTypeAny = z.ZodTypeAny,
+  O extends z.ZodTypeAny = z.ZodTypeAny,
+  S extends z.ZodTypeAny = z.ZodTypeAny,
+> {
+  flow?: Flow<I, O, S>;
+  action?: Action<I, O, S>;
+  input: z.infer<I>;
+  auth: any | undefined;
+  request: RequestWithAuth;
+}
+
+/**
+ * Flow Auth policy. Consumes the authorization context of the flow and
+ * performs checks before the flow runs. If this throws, the flow will not
+ * be executed.
+ */
+export interface AuthPolicy<
+  I extends z.ZodTypeAny = z.ZodTypeAny,
+  O extends z.ZodTypeAny = z.ZodTypeAny,
+  S extends z.ZodTypeAny = z.ZodTypeAny,
+> {
+  (ctx: AuthPolicyContext<I, O, S>): void | Promise<void>;
+}
+
+/**
+ * For express-based flows, req.auth should contain the value to bepassed into
+ * the flow context.
+ */
+export interface RequestWithAuth extends express.Request {
+  auth?: unknown;
+}
+
+/**
+ * Exposes provided flow or an action as express handler.
+ */
+export function handler<
+  I extends z.ZodTypeAny = z.ZodTypeAny,
+  O extends z.ZodTypeAny = z.ZodTypeAny,
+  S extends z.ZodTypeAny = z.ZodTypeAny,
+>(
+  f: CallableFlow<I, O, S> | Flow<I, O, S> | Action<I, O, S>,
+  opts?: {
+    authPolicy?: AuthPolicy<I, O, S>;
+  }
+): express.RequestHandler {
+  const flow: Flow<I, O, S> | undefined = (f as Flow<I, O, S>).invoke
+    ? (f as Flow<I, O, S>)
+    : (f as CallableFlow<I, O, S>).flow
+      ? (f as CallableFlow<I, O, S>).flow
+      : undefined;
+  const action: Action<I, O, S> = flow ? flow.action : (f as Action<I, O, S>);
+  const registry: Registry = flow ? flow.registry : action.__registry;
+  return async (
+    request: RequestWithAuth,
+    response: express.Response
+  ): Promise<void> => {
+    const { stream } = request.query;
+    let input = request.body.data;
+    const auth = request.auth;
+
+    try {
+      await opts?.authPolicy?.({
+        flow,
+        action,
+        auth,
+        input,
+        request,
+      });
+    } catch (e: any) {
+      logger.debug(e);
+      const respBody = {
+        error: {
+          status: 'PERMISSION_DENIED',
+          message: e.message || 'Permission denied to resource',
+        },
+      };
+      response.status(403).send(respBody).end();
+      return;
+    }
+
+    if (request.get('Accept') === 'text/event-stream' || stream === 'true') {
+      response.writeHead(200, {
+        'Content-Type': 'text/plain',
+        'Transfer-Encoding': 'chunked',
+      });
+      try {
+        const onChunk = (chunk: z.infer<S>) => {
+          response.write(
+            'data: ' + JSON.stringify({ message: chunk }) + streamDelimiter
+          );
+        };
+        const result = await runWithStreamingCallback(registry, onChunk, () =>
+          action.run(input, {
+            onChunk,
+            context: auth,
+          })
+        );
+        response.write(
+          'data: ' + JSON.stringify({ result: result.result }) + streamDelimiter
+        );
+        response.end();
+      } catch (e) {
+        logger.error(e);
+        response.write(
+          'data: ' +
+            JSON.stringify({
+              error: {
+                status: 'INTERNAL',
+                message: getErrorMessage(e),
+                details: getErrorStack(e),
+              },
+            }) +
+            streamDelimiter
+        );
+        response.end();
+      }
+    } else {
+      try {
+        const result = await action.run(input, { context: auth });
+        response.setHeader('x-genkit-trace-id', result.telemetry.traceId);
+        response.setHeader('x-genkit-span-id', result.telemetry.spanId);
+        // Responses for non-streaming flows are passed back with the flow result stored in a field called "result."
+        response
+          .status(200)
+          .send({
+            result: result.result,
+          })
+          .end();
+      } catch (e) {
+        // Errors for non-streaming flows are passed back as standard API errors.
+        response
+          .status(500)
+          .send({
+            error: {
+              status: 'INTERNAL',
+              message: getErrorMessage(e),
+              details: getErrorStack(e),
+            },
+          })
+          .end();
+      }
+    }
+  };
+}

package/src/utils.ts

@@ -0,0 +1,35 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Extracts error message from the given error object, or if input is not an error then just turn the error into a string.
+ */
+export function getErrorMessage(e: any): string {
+  if (e instanceof Error) {
+    return e.message;
+  }
+  return `${e}`;
+}
+
+/**
+ * Extracts stack trace from the given error object, or if input is not an error then returns undefined.
+ */
+export function getErrorStack(e: any): string | undefined {
+  if (e instanceof Error) {
+    return e.stack;
+  }
+  return undefined;
+}

package/tests/express_test.ts

@@ -0,0 +1,376 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import express from 'express';
+import { GenerateResponseData, Genkit, genkit, z } from 'genkit';
+import { runFlow, streamFlow } from 'genkit/client';
+import { GenerateResponseChunkData, ModelAction } from 'genkit/model';
+import getPort from 'get-port';
+import * as http from 'http';
+import assert from 'node:assert';
+import { afterEach, beforeEach, describe, it } from 'node:test';
+import { RequestWithAuth, handler } from '../src/index.js';
+
+describe('telemetry', async () => {
+  let server: http.Server;
+  let port;
+
+  beforeEach(async () => {
+    const ai = genkit({});
+    const echoModel = defineEchoModel(ai);
+
+    const voidInput = ai.defineFlow('voidInput', async () => {
+      return 'banana';
+    });
+
+    const stringInput = ai.defineFlow('stringInput', async (input) => {
+      const { text } = await ai.generate({
+        model: 'echoModel',
+        prompt: input,
+      });
+      return text;
+    });
+
+    const objectInput = ai.defineFlow(
+      { name: 'objectInput', inputSchema: z.object({ question: z.string() }) },
+      async (input) => {
+        const { text } = await ai.generate({
+          model: 'echoModel',
+          prompt: input.question,
+        });
+        return text;
+      }
+    );
+
+    const streamingFlow = ai.defineFlow(
+      {
+        name: 'streamingFlow',
+        inputSchema: z.object({ question: z.string() }),
+      },
+      async (input, sendChunk) => {
+        const { text } = await ai.generate({
+          model: 'echoModel',
+          prompt: input.question,
+          onChunk: sendChunk,
+        });
+        return text;
+      }
+    );
+
+    const flowWithContext = ai.defineFlow(
+      {
+        name: 'flowWithContext',
+        inputSchema: z.object({ question: z.string() }),
+      },
+      async (input, { context }) => {
+        return `${input.question} - ${JSON.stringify(context)}`;
+      }
+    );
+
+    const app = express();
+    app.use(express.json());
+    port = await getPort();
+
+    app.post('/voidInput', handler(voidInput));
+    app.post('/stringInput', handler(stringInput));
+    app.post('/objectInput', handler(objectInput));
+    app.post('/streamingFlow', handler(streamingFlow));
+    app.post(
+      '/flowWithAuth',
+      async (req, resp, next) => {
+        (req as RequestWithAuth).auth = {
+          user:
+            req.header('authorization') === 'open sesame'
+              ? 'Ali Baba'
+              : '40 thieves',
+        };
+        next();
+      },
+      handler(flowWithContext, {
+        authPolicy: ({ auth, action, input, request }) => {
+          assert.ok(auth, 'auth must be set');
+          assert.ok(action, 'flow must be set');
+          assert.ok(input, 'input must be set');
+          assert.ok(request, 'request must be set');
+
+          if (auth.user !== 'Ali Baba') {
+            throw new Error('not authorized');
+          }
+        },
+      })
+    );
+
+    // Can also expose any action.
+    app.post('/echoModel', handler(echoModel));
+    app.post(
+      '/echoModelWithAuth',
+      async (req, resp, next) => {
+        (req as RequestWithAuth).auth = {
+          user:
+            req.header('authorization') === 'open sesame'
+              ? 'Ali Baba'
+              : '40 thieves',
+        };
+        next();
+      },
+      handler(echoModel, {
+        authPolicy: ({ auth, action, input, request }) => {
+          assert.ok(auth, 'auth must be set');
+          assert.ok(action, 'flow must be set');
+          assert.ok(input, 'input must be set');
+          assert.ok(request, 'request must be set');
+
+          if (auth.user !== 'Ali Baba') {
+            throw new Error('not authorized');
+          }
+        },
+      })
+    );
+
+    server = app.listen(port, () => {
+      console.log(`Example app listening on port ${port}`);
+    });
+  });
+
+  afterEach(() => {
+    server.close();
+  });
+
+  describe('runFlow', () => {
+    it('should call a void input flow', async () => {
+      const result = await runFlow({
+        url: `http://localhost:${port}/voidInput`,
+      });
+      assert.strictEqual(result, 'banana');
+    });
+
+    it('should run a flow with string input', async () => {
+      const result = await runFlow({
+        url: `http://localhost:${port}/stringInput`,
+        input: 'hello',
+      });
+      assert.strictEqual(result, 'Echo: hello');
+    });
+
+    it('should run a flow with object input', async () => {
+      const result = await runFlow({
+        url: `http://localhost:${port}/objectInput`,
+        input: {
+          question: 'olleh',
+        },
+      });
+      assert.strictEqual(result, 'Echo: olleh');
+    });
+
+    it('should fail a bad input', async () => {
+      const result = runFlow({
+        url: `http://localhost:${port}/objectInput`,
+        input: {
+          badField: 'hello',
+        },
+      });
+      await assert.rejects(result, (err: Error) => {
+        return err.message.includes('INVALID_ARGUMENT');
+      });
+    });
+
+    it('should call a flow with auth', async () => {
+      const result = await runFlow<string>({
+        url: `http://localhost:${port}/flowWithAuth`,
+        input: {
+          question: 'hello',
+        },
+        headers: {
+          Authorization: 'open sesame',
+        },
+      });
+      assert.strictEqual(result, 'hello - {"user":"Ali Baba"}');
+    });
+
+    it('should fail a flow with auth', async () => {
+      const result = runFlow({
+        url: `http://localhost:${port}/flowWithAuth`,
+        input: {
+          question: 'hello',
+        },
+        headers: {
+          Authorization: 'thieve #24',
+        },
+      });
+      await assert.rejects(result, (err) => {
+        return (err as Error).message.includes('not authorized');
+      });
+    });
+
+    it('should call a model', async () => {
+      const result = await runFlow({
+        url: `http://localhost:${port}/echoModel`,
+        input: {
+          messages: [{ role: 'user', content: [{ text: 'hello' }] }],
+        },
+      });
+      assert.strictEqual(result.finishReason, 'stop');
+      assert.deepStrictEqual(result.message, {
+        role: 'model',
+        content: [{ text: 'Echo: hello' }],
+      });
+    });
+
+    it('should call a model with auth', async () => {
+      const result = await runFlow<GenerateResponseData>({
+        url: `http://localhost:${port}/echoModelWithAuth`,
+        input: {
+          messages: [{ role: 'user', content: [{ text: 'hello' }] }],
+        },
+        headers: {
+          Authorization: 'open sesame',
+        },
+      });
+      assert.strictEqual(result.finishReason, 'stop');
+      assert.deepStrictEqual(result.message, {
+        role: 'model',
+        content: [{ text: 'Echo: hello' }],
+      });
+    });
+
+    it('should fail a flow with auth', async () => {
+      const result = runFlow({
+        url: `http://localhost:${port}/echoModelWithAuth`,
+        input: {
+          messages: [
+            {
+              role: 'user',
+              content: [{ text: 'hello' }],
+            },
+          ],
+        },
+        headers: {
+          Authorization: 'thieve #24',
+        },
+      });
+      await assert.rejects(result, (err) => {
+        return (err as Error).message.includes('not authorized');
+      });
+    });
+  });
+
+  describe('streamFlow', () => {
+    it('stream a flow', async () => {
+      const result = streamFlow<string, GenerateResponseChunkData>({
+        url: `http://localhost:${port}/streamingFlow`,
+        input: {
+          question: 'olleh',
+        },
+      });
+
+      const gotChunks: GenerateResponseChunkData[] = [];
+      for await (const chunk of result.stream()) {
+        gotChunks.push(chunk);
+      }
+
+      assert.deepStrictEqual(gotChunks, [
+        { content: [{ text: '3' }] },
+        { content: [{ text: '2' }] },
+        { content: [{ text: '1' }] },
+      ]);
+
+      assert.strictEqual(await result.output(), 'Echo: olleh');
+    });
+
+    it('stream a model', async () => {
+      const result = streamFlow({
+        url: `http://localhost:${port}/echoModel`,
+        input: {
+          messages: [
+            {
+              role: 'user',
+              content: [{ text: 'olleh' }],
+            },
+          ],
+        },
+      });
+
+      const gotChunks: any[] = [];
+      for await (const chunk of result.stream()) {
+        gotChunks.push(chunk);
+      }
+
+      const output = await result.output();
+      assert.strictEqual(output.finishReason, 'stop');
+      assert.deepStrictEqual(output.message, {
+        role: 'model',
+        content: [{ text: 'Echo: olleh' }],
+      });
+
+      assert.deepStrictEqual(gotChunks, [
+        { content: [{ text: '3' }] },
+        { content: [{ text: '2' }] },
+        { content: [{ text: '1' }] },
+      ]);
+    });
+  });
+});
+
+export function defineEchoModel(ai: Genkit): ModelAction {
+  return ai.defineModel(
+    {
+      name: 'echoModel',
+    },
+    async (request, streamingCallback) => {
+      streamingCallback?.({
+        content: [
+          {
+            text: '3',
+          },
+        ],
+      });
+      streamingCallback?.({
+        content: [
+          {
+            text: '2',
+          },
+        ],
+      });
+      streamingCallback?.({
+        content: [
+          {
+            text: '1',
+          },
+        ],
+      });
+      return {
+        message: {
+          role: 'model',
+          content: [
+            {
+              text:
+                'Echo: ' +
+                request.messages
+                  .map(
+                    (m) =>
+                      (m.role === 'user' || m.role === 'model'
+                        ? ''
+                        : `${m.role}: `) + m.content.map((c) => c.text).join()
+                  )
+                  .join(),
+            },
+          ],
+        },
+        finishReason: 'stop',
+      };
+    }
+  );
+}

package/tsconfig.json

@@ -0,0 +1,4 @@
+{
+  "extends": "../../tsconfig.json",
+  "include": ["src"]
+}

package/tsup.config.ts

@@ -0,0 +1,22 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { defineConfig, Options } from 'tsup';
+import { defaultOptions } from '../../tsup.common';
+
+export default defineConfig({
+  ...(defaultOptions as Options),
+});

package/typedoc.json

@@ -0,0 +1,3 @@
+{
+  "entryPoints": ["src/index.ts"]
+}