@langchain/langgraph-api 0.0.20 → 0.0.22

package/dist/auth/index.mjs

@@ -0,0 +1,120 @@
+import { HTTPException } from "hono/http-exception";
+import * as url from "node:url";
+import * as path from "path";
+let CUSTOM_AUTH;
+let DISABLE_STUDIO_AUTH = false;
+export const isAuthRegistered = () => CUSTOM_AUTH != null;
+export const isStudioAuthDisabled = () => DISABLE_STUDIO_AUTH;
+function convertError(error) {
+    const isHTTPAuthException = (error) => {
+        return (typeof error === "object" &&
+            error != null &&
+            "status" in error &&
+            "headers" in error);
+    };
+    if (isHTTPAuthException(error)) {
+        throw new HTTPException(error.status, {
+            message: error.message,
+            res: new Response(error.message || "Unauthorized", {
+                status: error.status,
+                headers: error.headers,
+            }),
+        });
+    }
+    throw error;
+}
+export async function authorize(payload) {
+    // find filters and execute them
+    const handlers = CUSTOM_AUTH?.["~handlerCache"];
+    if (!handlers)
+        return { filters: undefined, value: payload.value };
+    const cbKey = [
+        `${payload.resource}:${payload.action}`,
+        `${payload.resource}`,
+        `*:${payload.action}`,
+        `*`,
+    ].find((priority) => handlers.callbacks?.[priority]);
+    const handler = cbKey ? handlers.callbacks?.[cbKey] : undefined;
+    if (!handler || !payload.context) {
+        return { filters: undefined, value: payload.value };
+    }
+    try {
+        const result = await handler({
+            event: `${payload.resource}:${payload.action}`,
+            resource: payload.resource,
+            action: payload.action,
+            value: payload.value,
+            permissions: payload.context?.scopes,
+            user: payload.context?.user,
+        });
+        if (result == null || result == true) {
+            return { filters: undefined, value: payload.value };
+        }
+        if (result === false)
+            throw new HTTPException(403);
+        if (typeof result !== "object") {
+            throw new HTTPException(500, {
+                message: `Auth handler returned invalid result. Expected filter object, null, undefined or boolean. Got "${typeof result}" instead.`,
+            });
+        }
+        return { filters: result, value: payload.value };
+    }
+    catch (error) {
+        throw convertError(error);
+    }
+}
+export async function authenticate(request) {
+    const handlers = CUSTOM_AUTH?.["~handlerCache"];
+    if (!handlers?.authenticate)
+        return undefined;
+    try {
+        const response = await handlers.authenticate(request);
+        // normalize auth response
+        const { scopes, user } = (() => {
+            if (typeof response === "string") {
+                return {
+                    scopes: [],
+                    user: {
+                        permissions: [],
+                        identity: response,
+                        display_name: response,
+                        is_authenticated: true,
+                    },
+                };
+            }
+            if ("identity" in response && typeof response.identity === "string") {
+                const scopes = "permissions" in response && Array.isArray(response.permissions)
+                    ? response.permissions
+                    : [];
+                return {
+                    scopes,
+                    user: {
+                        ...response,
+                        permissions: scopes,
+                        is_authenticated: response.is_authenticated ?? true,
+                        display_name: response.display_name ?? response.identity,
+                    },
+                };
+            }
+            throw new Error("Invalid auth response received. Make sure to either return a `string` or an object with `identity` property.");
+        })();
+        return { scopes, user };
+    }
+    catch (error) {
+        throw convertError(error);
+    }
+}
+export async function registerAuth(auth, options) {
+    if (!auth.path)
+        return;
+    // TODO: handle options.auth.disable_studio_auth
+    const [userFile, exportSymbol] = auth.path.split(":", 2);
+    const sourceFile = path.resolve(options.cwd, userFile);
+    const module = (await import(url.pathToFileURL(sourceFile).toString()).then((module) => module[exportSymbol || "default"]));
+    if (!module)
+        throw new Error(`Failed to load auth: ${auth.path}`);
+    if (!("~handlerCache" in module))
+        throw new Error(`Auth must be an instance of Auth: ${auth.path}`);
+    CUSTOM_AUTH = module;
+    DISABLE_STUDIO_AUTH = auth.disable_studio_auth ?? false;
+}

package/dist/cli/spawn.d.mts

@@ -9,6 +9,27 @@ export declare function spawnServer(args: {
         ui_config?: {
             shared?: string[];
         };
+        auth?: {
+            path?: string;
+            disable_studio_auth?: boolean;
+        };
+        http?: {
+            app?: string;
+            disable_assistants?: boolean;
+            disable_threads?: boolean;
+            disable_runs?: boolean;
+            disable_store?: boolean;
+            disable_meta?: boolean;
+            cors?: {
+                allow_origins?: string[];
+                allow_methods?: string[];
+                allow_headers?: string[];
+                allow_credentials?: boolean;
+                allow_origin_regex?: string;
+                expose_headers?: string[];
+                max_age?: number;
+            };
+        };
     };
     env: NodeJS.ProcessEnv;
     hostUrl: string;

package/dist/cli/spawn.mjs

@@ -30,9 +30,11 @@ For production use, please use LangGraph Cloud.
             nWorkers: Number.parseInt(args.nJobsPerWorker, 10),
             host: args.host,
             graphs: context.config.graphs,
+            auth: context.config.auth,
             ui: context.config.ui,
             ui_config: context.config.ui_config,
             cwd: options.projectCwd,
+            http: context.config.http,
         }),
     ], {
         stdio: ["inherit", "inherit", "inherit", "ipc"],

package/dist/graph/load.mjs

@@ -10,7 +10,7 @@ export const GRAPHS = {};
 export const GRAPH_SPEC = {};
 export const GRAPH_SCHEMA = {};
 export const NAMESPACE_GRAPH = uuid.parse("6ba7b821-9dad-11d1-80b4-00c04fd430c8");
-const ConfigSchema = z.record(z.unknown());
+const ConfigSchema = z.record(z.record(z.unknown()));
 export const getAssistantId = (graphId) => {
     if (graphId in GRAPHS)
         return uuid.v5(graphId, NAMESPACE_GRAPH);
@@ -37,7 +37,7 @@ export async function registerFromEnv(specs, options) {
             config: config ?? {},
             if_exists: "do_nothing",
             name: graphId,
-        });
+        }, undefined);
         return resolved;
     }));
 }

package/dist/http/custom.mjs

@@ -0,0 +1,10 @@
+import * as path from "node:path";
+import * as url from "node:url";
+export async function registerHttp(appPath, options) {
+    const [userFile, exportSymbol] = appPath.split(":", 2);
+    const sourceFile = path.resolve(options.cwd, userFile);
+    const user = (await import(url.pathToFileURL(sourceFile).toString()).then((module) => module[exportSymbol || "default"]));
+    if (!user)
+        throw new Error(`Failed to load HTTP app: ${appPath}`);
+    return { api: user };
+}

package/dist/http/middleware.mjs

@@ -0,0 +1,38 @@
+import { cors as honoCors } from "hono/cors";
+export const cors = (cors) => {
+    if (cors == null)
+        return honoCors();
+    const originRegex = cors.allow_origin_regex
+        ? new RegExp(cors.allow_origin_regex)
+        : undefined;
+    const origin = originRegex
+        ? (origin) => {
+            originRegex.lastIndex = 0; // reset regex in case it's a global regex
+            if (originRegex.test(origin))
+                return origin;
+            return undefined;
+        }
+        : (cors.allow_origins ?? []);
+    // TODO: handle `cors.allow_credentials`
+    return honoCors({
+        origin,
+        maxAge: cors.max_age,
+        allowMethods: cors.allow_methods,
+        allowHeaders: cors.allow_headers,
+        credentials: cors.allow_credentials,
+        exposeHeaders: cors.expose_headers,
+    });
+};
+// This is used to match the behavior of the original LangGraph API
+// where the content-type is not being validated. Might be nice
+// to warn about this in the future and throw an error instead.
+export const ensureContentType = () => {
+    return async (c, next) => {
+        if (c.req.header("content-type")?.startsWith("text/plain") &&
+            c.req.method !== "GET" &&
+            c.req.method !== "OPTIONS") {
+            c.req.raw.headers.set("content-type", "application/json");
+        }
+        await next();
+    };
+};

package/dist/queue.mjs

@@ -2,6 +2,7 @@ import { Runs, Threads } from "./storage/ops.mjs";
 import { streamState, } from "./stream.mjs";
 import { logError, logger } from "./logging.mjs";
 import { serializeError } from "./utils/serde.mjs";
+import { callWebhook } from "./webhook.mjs";
 const MAX_RETRY_ATTEMPTS = 3;
 const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
 export const queue = async () => {
@@ -15,9 +16,12 @@ export const queue = async () => {
 };
 const worker = async (run, attempt, abortSignal) => {
     const startedAt = new Date();
+    let endedAt = undefined;
     let checkpoint = undefined;
     let exception = undefined;
+    let status = undefined;
     const temporary = run.kwargs.temporary;
+    const webhook = run.kwargs.webhook;
     logger.info("Starting background run", {
         run_id: run.run_id,
         run_attempt: attempt,
@@ -54,7 +58,7 @@ const worker = async (run, attempt, abortSignal) => {
             await Runs.Stream.publish(run.run_id, "error", serializeError(error));
             throw error;
         }
-        const endedAt = new Date();
+        endedAt = new Date();
         logger.info("Background run succeeded", {
             run_id: run.run_id,
             run_attempt: attempt,
@@ -63,10 +67,11 @@ const worker = async (run, attempt, abortSignal) => {
             run_ended_at: endedAt,
             run_exec_ms: endedAt.valueOf() - startedAt.valueOf(),
         });
-        await Runs.setStatus(run.run_id, "success");
+        status = "success";
+        await Runs.setStatus(run.run_id, status);
     }
     catch (error) {
-        const endedAt = new Date();
+        endedAt = new Date();
         if (error instanceof Error)
             exception = error;
         logError(error, {
@@ -80,14 +85,26 @@ const worker = async (run, attempt, abortSignal) => {
                 run_exec_ms: endedAt.valueOf() - startedAt.valueOf(),
             },
         });
+        status = "error";
         await Runs.setStatus(run.run_id, "error");
     }
     finally {
         if (temporary) {
-            await Threads.delete(run.thread_id);
+            await Threads.delete(run.thread_id, undefined);
         }
         else {
             await Threads.setStatus(run.thread_id, { checkpoint, exception });
         }
+        if (webhook) {
+            await callWebhook({
+                checkpoint,
+                status,
+                exception,
+                run,
+                webhook,
+                run_started_at: startedAt,
+                run_ended_at: endedAt,
+            });
+        }
     }
 };

package/dist/schemas.mjs

@@ -45,6 +45,7 @@ export const AssistantPatch = z
     .object({
     graph_id: z.string().describe("The graph to use.").optional(),
     config: AssistantConfig.optional(),
+    name: z.string().optional(),
     metadata: z
         .object({})
         .catchall(z.any())
@@ -88,7 +89,7 @@ export const CronCreate = z
         .describe("Metadata for the run.")
         .optional(),
     config: AssistantConfig.optional(),
-    webhook: z.string().url().optional(),
+    webhook: z.string().optional(),
     interrupt_before: z.union([z.enum(["*"]), z.array(z.string())]).optional(),
     interrupt_after: z.union([z.enum(["*"]), z.array(z.string())]).optional(),
     multitask_strategy: z
@@ -171,7 +172,7 @@ export const RunCreate = z
         .describe("Metadata for the run.")
         .optional(),
     config: AssistantConfig.optional(),
-    webhook: z.string().url().optional(),
+    webhook: z.string().optional(),
     interrupt_before: z.union([z.enum(["*"]), z.array(z.string())]).optional(),
     interrupt_after: z.union([z.enum(["*"]), z.array(z.string())]).optional(),
     on_disconnect: z

package/dist/server.mjs

@@ -1,11 +1,11 @@
 import { serve } from "@hono/node-server";
 import { Hono } from "hono";
-import { cors } from "hono/cors";
 import { registerFromEnv } from "./graph/load.mjs";
 import runs from "./api/runs.mjs";
 import threads from "./api/threads.mjs";
 import assistants from "./api/assistants.mjs";
 import store from "./api/store.mjs";
+import meta from "./api/meta.mjs";
 import { truncate, conn as opsConn } from "./storage/ops.mjs";
 import { zValidator } from "@hono/zod-validator";
 import { z } from "zod";
@@ -13,44 +13,46 @@ import { queue } from "./queue.mjs";
 import { logger, requestLogger } from "./logging.mjs";
 import { checkpointer } from "./storage/checkpoint.mjs";
 import { store as graphStore } from "./storage/store.mjs";
-const app = new Hono();
-// This is used to match the behavior of the original LangGraph API
-// where the content-type is not being validated. Might be nice
-// to warn about this in the future and throw an error instead.
-app.use(async (c, next) => {
-    if (c.req.header("content-type")?.startsWith("text/plain") &&
-        c.req.method !== "GET" &&
-        c.req.method !== "OPTIONS") {
-        c.req.raw.headers.set("content-type", "application/json");
-    }
-    await next();
-});
-app.use(cors());
-app.use(requestLogger());
-app.route("/", assistants);
-app.route("/", runs);
-app.route("/", threads);
-app.route("/", store);
-app.get("/info", (c) => c.json({ flags: { assistants: true, crons: false } }));
-app.post("/internal/truncate", zValidator("json", z.object({
-    runs: z.boolean().optional(),
-    threads: z.boolean().optional(),
-    assistants: z.boolean().optional(),
-    checkpointer: z.boolean().optional(),
-    store: z.boolean().optional(),
-})), (c) => {
-    const { runs, threads, assistants, checkpointer, store } = c.req.valid("json");
-    truncate({ runs, threads, assistants, checkpointer, store });
-    return c.json({ ok: true });
-});
+import { auth } from "./auth/custom.mjs";
+import { registerAuth } from "./auth/index.mjs";
+import { registerHttp } from "./http/custom.mjs";
+import { cors, ensureContentType } from "./http/middleware.mjs";
+import { bindLoopbackFetch } from "./webhook.mjs";
 export const StartServerSchema = z.object({
     port: z.number(),
     nWorkers: z.number(),
     host: z.string(),
     cwd: z.string(),
     graphs: z.record(z.string()),
+    auth: z
+        .object({
+        path: z.string().optional(),
+        disable_studio_auth: z.boolean().default(false),
+    })
+        .optional(),
     ui: z.record(z.string()).optional(),
     ui_config: z.object({ shared: z.array(z.string()).optional() }).optional(),
+    http: z
+        .object({
+        app: z.string().optional(),
+        disable_assistants: z.boolean().default(false),
+        disable_threads: z.boolean().default(false),
+        disable_runs: z.boolean().default(false),
+        disable_store: z.boolean().default(false),
+        disable_meta: z.boolean().default(false),
+        cors: z
+            .object({
+            allow_origins: z.array(z.string()).optional(),
+            allow_methods: z.array(z.string()).optional(),
+            allow_headers: z.array(z.string()).optional(),
+            allow_credentials: z.boolean().optional(),
+            allow_origin_regex: z.string().optional(),
+            expose_headers: z.array(z.string()).optional(),
+            max_age: z.number().optional(),
+        })
+            .optional(),
+    })
+        .optional(),
 });
 export async function startServer(options) {
     logger.info(`Initializing storage...`);
@@ -65,16 +67,52 @@ export async function startServer(options) {
     };
     logger.info(`Registering graphs from ${options.cwd}`);
     await registerFromEnv(options.graphs, { cwd: options.cwd });
-    if (options.ui) {
-        logger.info(`Loading UI`);
-        const { api, registerGraphUi } = await import("./ui/load.mjs");
+    const app = new Hono();
+    if (options.auth?.path) {
+        logger.info(`Loading auth from ${options.auth.path}`);
+        await registerAuth(options.auth, { cwd: options.cwd });
+        app.use(auth());
+    }
+    if (options.http?.app) {
+        logger.info(`Loading HTTP app from ${options.http.app}`);
+        const { api } = await registerHttp(options.http.app, { cwd: options.cwd });
         app.route("/", api);
+    }
+    app.use(cors(options.http?.cors));
+    app.use(requestLogger());
+    app.use(ensureContentType());
+    app.post("/internal/truncate", zValidator("json", z.object({
+        runs: z.boolean().optional(),
+        threads: z.boolean().optional(),
+        assistants: z.boolean().optional(),
+        checkpointer: z.boolean().optional(),
+        store: z.boolean().optional(),
+    })), (c) => {
+        const { runs, threads, assistants, checkpointer, store } = c.req.valid("json");
+        truncate({ runs, threads, assistants, checkpointer, store });
+        return c.json({ ok: true });
+    });
+    if (!options.http?.disable_meta)
+        app.route("/", meta);
+    if (!options.http?.disable_assistants)
+        app.route("/", assistants);
+    if (!options.http?.disable_runs)
+        app.route("/", runs);
+    if (!options.http?.disable_threads)
+        app.route("/", threads);
+    if (!options.http?.disable_store)
+        app.route("/", store);
+    if (options.ui) {
         logger.info(`Registering UI from ${options.cwd}`);
+        const { api, registerGraphUi } = await import("./ui/load.mjs");
         await registerGraphUi(options.ui, {
             cwd: options.cwd,
             config: options.ui_config,
         });
+        app.route("/", api);
     }
+    // Loopback fetch used by webhooks
+    bindLoopbackFetch(app);
     logger.info(`Starting ${options.nWorkers} workers`);
     for (let i = 0; i < options.nWorkers; i++)
         queue();