@langchain/langgraph-api 0.0.19 → 0.0.21

package/dist/auth/index.mjs

@@ -0,0 +1,120 @@
+import { HTTPException } from "hono/http-exception";
+import * as url from "node:url";
+import * as path from "path";
+let CUSTOM_AUTH;
+let DISABLE_STUDIO_AUTH = false;
+export const isAuthRegistered = () => CUSTOM_AUTH != null;
+export const isStudioAuthDisabled = () => DISABLE_STUDIO_AUTH;
+function convertError(error) {
+    const isHTTPAuthException = (error) => {
+        return (typeof error === "object" &&
+            error != null &&
+            "status" in error &&
+            "headers" in error);
+    };
+    if (isHTTPAuthException(error)) {
+        throw new HTTPException(error.status, {
+            message: error.message,
+            res: new Response(error.message || "Unauthorized", {
+                status: error.status,
+                headers: error.headers,
+            }),
+        });
+    }
+    throw error;
+}
+export async function authorize(payload) {
+    // find filters and execute them
+    const handlers = CUSTOM_AUTH?.["~handlerCache"];
+    if (!handlers)
+        return { filters: undefined, value: payload.value };
+    const cbKey = [
+        `${payload.resource}:${payload.action}`,
+        `${payload.resource}`,
+        `*:${payload.action}`,
+        `*`,
+    ].find((priority) => handlers.callbacks?.[priority]);
+    const handler = cbKey ? handlers.callbacks?.[cbKey] : undefined;
+    if (!handler || !payload.context) {
+        return { filters: undefined, value: payload.value };
+    }
+    try {
+        const result = await handler({
+            event: `${payload.resource}:${payload.action}`,
+            resource: payload.resource,
+            action: payload.action,
+            value: payload.value,
+            permissions: payload.context?.scopes,
+            user: payload.context?.user,
+        });
+        if (result == null || result == true) {
+            return { filters: undefined, value: payload.value };
+        }
+        if (result === false)
+            throw new HTTPException(403);
+        if (typeof result !== "object") {
+            throw new HTTPException(500, {
+                message: `Auth handler returned invalid result. Expected filter object, null, undefined or boolean. Got "${typeof result}" instead.`,
+            });
+        }
+        return { filters: result, value: payload.value };
+    }
+    catch (error) {
+        throw convertError(error);
+    }
+}
+export async function authenticate(request) {
+    const handlers = CUSTOM_AUTH?.["~handlerCache"];
+    if (!handlers?.authenticate)
+        return undefined;
+    try {
+        const response = await handlers.authenticate(request);
+        // normalize auth response
+        const { scopes, user } = (() => {
+            if (typeof response === "string") {
+                return {
+                    scopes: [],
+                    user: {
+                        permissions: [],
+                        identity: response,
+                        display_name: response,
+                        is_authenticated: true,
+                    },
+                };
+            }
+            if ("identity" in response && typeof response.identity === "string") {
+                const scopes = "permissions" in response && Array.isArray(response.permissions)
+                    ? response.permissions
+                    : [];
+                return {
+                    scopes,
+                    user: {
+                        ...response,
+                        permissions: scopes,
+                        is_authenticated: response.is_authenticated ?? true,
+                        display_name: response.display_name ?? response.identity,
+                    },
+                };
+            }
+            throw new Error("Invalid auth response received. Make sure to either return a `string` or an object with `identity` property.");
+        })();
+        return { scopes, user };
+    }
+    catch (error) {
+        throw convertError(error);
+    }
+}
+export async function registerAuth(auth, options) {
+    if (!auth.path)
+        return;
+    // TODO: handle options.auth.disable_studio_auth
+    const [userFile, exportSymbol] = auth.path.split(":", 2);
+    const sourceFile = path.resolve(options.cwd, userFile);
+    const module = (await import(url.pathToFileURL(sourceFile).toString()).then((module) => module[exportSymbol || "default"]));
+    if (!module)
+        throw new Error(`Failed to load auth: ${auth.path}`);
+    if (!("~handlerCache" in module))
+        throw new Error(`Auth must be an instance of Auth: ${auth.path}`);
+    CUSTOM_AUTH = module;
+    DISABLE_STUDIO_AUTH = auth.disable_studio_auth ?? false;
+}

package/dist/cli/spawn.d.mts

@@ -9,6 +9,10 @@ export declare function spawnServer(args: {
         ui_config?: {
             shared?: string[];
         };
+        auth?: {
+            path?: string;
+            disable_studio_auth?: boolean;
+        };
     };
     env: NodeJS.ProcessEnv;
     hostUrl: string;

package/dist/cli/spawn.mjs

@@ -30,6 +30,7 @@ For production use, please use LangGraph Cloud.
             nWorkers: Number.parseInt(args.nJobsPerWorker, 10),
             host: args.host,
             graphs: context.config.graphs,
+            auth: context.config.auth,
             ui: context.config.ui,
             ui_config: context.config.ui_config,
             cwd: options.projectCwd,

package/dist/graph/load.mjs

@@ -10,7 +10,7 @@ export const GRAPHS = {};
 export const GRAPH_SPEC = {};
 export const GRAPH_SCHEMA = {};
 export const NAMESPACE_GRAPH = uuid.parse("6ba7b821-9dad-11d1-80b4-00c04fd430c8");
-const ConfigSchema = z.record(z.unknown());
+const ConfigSchema = z.record(z.record(z.unknown()));
 export const getAssistantId = (graphId) => {
     if (graphId in GRAPHS)
         return uuid.v5(graphId, NAMESPACE_GRAPH);
@@ -37,7 +37,7 @@ export async function registerFromEnv(specs, options) {
             config: config ?? {},
             if_exists: "do_nothing",
             name: graphId,
-        });
+        }, undefined);
         return resolved;
     }));
 }

package/dist/queue.mjs

@@ -84,7 +84,7 @@ const worker = async (run, attempt, abortSignal) => {
     }
     finally {
         if (temporary) {
-            await Threads.delete(run.thread_id);
+            await Threads.delete(run.thread_id, undefined);
         }
         else {
             await Threads.setStatus(run.thread_id, { checkpoint, exception });

package/dist/schemas.mjs

@@ -45,6 +45,7 @@ export const AssistantPatch = z
     .object({
     graph_id: z.string().describe("The graph to use.").optional(),
     config: AssistantConfig.optional(),
+    name: z.string().optional(),
     metadata: z
         .object({})
         .catchall(z.any())

package/dist/server.mjs

@@ -13,6 +13,8 @@ import { queue } from "./queue.mjs";
 import { logger, requestLogger } from "./logging.mjs";
 import { checkpointer } from "./storage/checkpoint.mjs";
 import { store as graphStore } from "./storage/store.mjs";
+import { auth } from "./auth/custom.mjs";
+import { registerAuth } from "./auth/index.mjs";
 const app = new Hono();
 // This is used to match the behavior of the original LangGraph API
 // where the content-type is not being validated. Might be nice
@@ -27,10 +29,6 @@ app.use(async (c, next) => {
 });
 app.use(cors());
 app.use(requestLogger());
-app.route("/", assistants);
-app.route("/", runs);
-app.route("/", threads);
-app.route("/", store);
 app.get("/info", (c) => c.json({ flags: { assistants: true, crons: false } }));
 app.post("/internal/truncate", zValidator("json", z.object({
     runs: z.boolean().optional(),
@@ -43,12 +41,23 @@ app.post("/internal/truncate", zValidator("json", z.object({
     truncate({ runs, threads, assistants, checkpointer, store });
     return c.json({ ok: true });
 });
+app.use(auth());
+app.route("/", assistants);
+app.route("/", runs);
+app.route("/", threads);
+app.route("/", store);
 export const StartServerSchema = z.object({
     port: z.number(),
     nWorkers: z.number(),
     host: z.string(),
     cwd: z.string(),
     graphs: z.record(z.string()),
+    auth: z
+        .object({
+        path: z.string().optional(),
+        disable_studio_auth: z.boolean().default(false),
+    })
+        .optional(),
     ui: z.record(z.string()).optional(),
     ui_config: z.object({ shared: z.array(z.string()).optional() }).optional(),
 });
@@ -65,6 +74,10 @@ export async function startServer(options) {
     };
     logger.info(`Registering graphs from ${options.cwd}`);
     await registerFromEnv(options.graphs, { cwd: options.cwd });
+    if (options.auth?.path) {
+        logger.info(`Loading auth from ${options.auth.path}`);
+        await registerAuth(options.auth, { cwd: options.cwd });
+    }
     if (options.ui) {
         logger.info(`Loading UI`);
         const { api, registerGraphUi } = await import("./ui/load.mjs");