@llui/agent 0.0.54 → 0.0.55

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/server/cloudflare/worker.d.ts +1 -0
  2. package/dist/server/cloudflare/worker.d.ts.map +1 -1
  3. package/dist/server/cloudflare/worker.js +8 -3
  4. package/dist/server/cloudflare/worker.js.map +1 -1
  5. package/package.json +1 -1
package/dist/server/cloudflare/worker.d.ts CHANGED
@@ -44,5 +44,6 @@ export interface MinimalDurableObjectStub {
44
44
  */
45
45
  export declare function routeToAgentDO(req: Request, namespace: MinimalDurableObjectNamespace, resolveTid: (token: string) => Promise<string | null>, opts?: {
46
46
  rootName?: string;
47
+ mcpPath?: string;
47
48
  }): Promise<Response>;
48
49
  //# sourceMappingURL=worker.d.ts.map
package/dist/server/cloudflare/worker.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"worker.d.ts","sourceRoot":"","sources":["../../../src/server/cloudflare/worker.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,WAAW,6BAA6B;IAC5C,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,sBAAsB,CAAA;IAChD,GAAG,CAAC,EAAE,EAAE,sBAAsB,GAAG,wBAAwB,CAAA;CAC1D;AACD,MAAM,WAAW,sBAAsB;IAErC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CACvB;AACD,MAAM,WAAW,wBAAwB;IACvC,KAAK,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;CACvC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,wBAAsB,cAAc,CAClC,GAAG,EAAE,OAAO,EACZ,SAAS,EAAE,6BAA6B,EACxC,UAAU,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,EACrD,IAAI,GAAE;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAO,GAC/B,OAAO,CAAC,QAAQ,CAAC,CA4BnB"}
1
+ {"version":3,"file":"worker.d.ts","sourceRoot":"","sources":["../../../src/server/cloudflare/worker.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,WAAW,6BAA6B;IAC5C,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,sBAAsB,CAAA;IAChD,GAAG,CAAC,EAAE,EAAE,sBAAsB,GAAG,wBAAwB,CAAA;CAC1D;AACD,MAAM,WAAW,sBAAsB;IAErC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CACvB;AACD,MAAM,WAAW,wBAAwB;IACvC,KAAK,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;CACvC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,wBAAsB,cAAc,CAClC,GAAG,EAAE,OAAO,EACZ,SAAS,EAAE,6BAA6B,EACxC,UAAU,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,EACrD,IAAI,GAAE;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAO,GACjD,OAAO,CAAC,QAAQ,CAAC,CAiCnB"}
package/dist/server/cloudflare/worker.js CHANGED
@@ -28,16 +28,21 @@
28
28
  */
29
29
  export async function routeToAgentDO(req, namespace, resolveTid, opts = {}) {
30
30
  const rootName = opts.rootName ?? '__root';
31
+ const mcpPath = opts.mcpPath ?? '/agent/mcp';
31
32
  const url = new URL(req.url);
32
33
  const path = url.pathname;
33
34
  // Non-LAP / non-WS management endpoints (mint, resume, sessions,
34
- // revoke) — there's no per-tid routing; use the root DO which owns
35
- // the shared token store + identity resolver.
35
+ // revoke, mcp) — there's no per-tid routing and no bearer token
36
+ // required; use the root DO which owns the shared token store +
37
+ // identity resolver. MCP auth happens within the protocol via
38
+ // connect_session({token}), so the endpoint itself must be reachable
39
+ // without a pre-existing bearer.
36
40
  if (path === '/agent/mint' ||
37
41
  path === '/agent/revoke' ||
38
42
  path === '/agent/resume/list' ||
39
43
  path === '/agent/resume/claim' ||
40
- path === '/agent/sessions') {
44
+ path === '/agent/sessions' ||
45
+ path.startsWith(mcpPath)) {
41
46
  const stub = namespace.get(namespace.idFromName(rootName));
42
47
  return stub.fetch(req);
43
48
  }
package/dist/server/cloudflare/worker.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"worker.js","sourceRoot":"","sources":["../../../src/server/cloudflare/worker.ts"],"names":[],"mappings":"AAkBA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,GAAY,EACZ,SAAwC,EACxC,UAAqD,EACrD,OAA8B,EAAE;IAEhC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAA;IAC1C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAA;IAEzB,iEAAiE;IACjE,mEAAmE;IACnE,8CAA8C;IAC9C,IACE,IAAI,KAAK,aAAa;QACtB,IAAI,KAAK,eAAe;QACxB,IAAI,KAAK,oBAAoB;QAC7B,IAAI,KAAK,qBAAqB;QAC9B,IAAI,KAAK,iBAAiB,EAC1B,CAAC;QACD,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAA;QAC1D,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACxB,CAAC;IAED,0DAA0D;IAC1D,MAAM,KAAK,GAAG,uBAAuB,CAAC,GAAG,CAAC,CAAA;IAC1C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,QAAQ,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAEhE,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAA;IACnC,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,QAAQ,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAE9D,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAA;IACrD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;AACxB,CAAC;AAED,SAAS,uBAAuB,CAAC,GAAY;IAC3C,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;IAC7C,IAAI,IAAI,EAAE,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;IACpE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,CAAC,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IACvC,OAAO,CAAC,CAAA;AACV,CAAC","sourcesContent":["/**\n * Minimal DurableObjectNamespace surface we need — `idFromName` +\n * `get` returning a `Stub` with `fetch(req)`. Kept structural so we\n * don't depend on `@cloudflare/workers-types` (the user's project has\n * them; we shouldn't duplicate).\n */\nexport interface MinimalDurableObjectNamespace {\n idFromName(name: string): MinimalDurableObjectId\n get(id: MinimalDurableObjectId): MinimalDurableObjectStub\n}\nexport interface MinimalDurableObjectId {\n // Opaque, but DO ids are passed back into `namespace.get()`.\n readonly name?: string\n}\nexport interface MinimalDurableObjectStub {\n fetch(req: Request): Promise<Response>\n}\n\n/**\n * Route an incoming Worker `fetch` request to the Durable Object\n * that owns its `tid`.\n *\n * The token travels in three places depending on the route:\n * - LAP HTTP calls: `Authorization: Bearer <token>` header\n * - Mint / resume HTTP calls: no token (identity resolver runs\n * inside the DO via the LAP router; we route by origin or a\n * special `/agent/mint` path — see below)\n * - WebSocket upgrade: `?token=<token>` in the URL\n *\n * Requests that don't carry a tid (mint, resume-list, sessions) are\n * routed to a \"root\" DO named `__root`, which handles identity /\n * token store operations centrally. LAP and WS calls route to the\n * per-tid DO so the pairing state stays local.\n *\n * This is the recommended entry for Cloudflare Workers deployments;\n * users who need custom routing can write their own and call the\n * underlying primitives directly.\n *\n * As of 0.0.35 the token format is opaque (random, not signed), so we\n * can't recover `tid` from the token alone. The caller passes a\n * `resolveTid` callback — typically `(token) => stub.fetch(...)` to\n * the root DO's token-resolution endpoint — that turns a bearer into\n * its tid via the shared token store. Callers that don't shard by\n * tid can pass `() => Promise.resolve(rootName)` to route everything\n * through the root DO.\n */\nexport async function routeToAgentDO(\n req: Request,\n namespace: MinimalDurableObjectNamespace,\n resolveTid: (token: string) => Promise<string | null>,\n opts: { rootName?: string } = {},\n): Promise<Response> {\n const rootName = opts.rootName ?? '__root'\n const url = new URL(req.url)\n const path = url.pathname\n\n // Non-LAP / non-WS management endpoints (mint, resume, sessions,\n // revoke) — there's no per-tid routing; use the root DO which owns\n // the shared token store + identity resolver.\n if (\n path === '/agent/mint' ||\n path === '/agent/revoke' ||\n path === '/agent/resume/list' ||\n path === '/agent/resume/claim' ||\n path === '/agent/sessions'\n ) {\n const stub = namespace.get(namespace.idFromName(rootName))\n return stub.fetch(req)\n }\n\n // Token-bearing routes (LAP + WS upgrade) — route by tid.\n const token = extractTokenFromRequest(req)\n if (!token) return new Response('Unauthorized', { status: 401 })\n\n const tid = await resolveTid(token)\n if (!tid) return new Response('Unauthorized', { status: 401 })\n\n const stub = namespace.get(namespace.idFromName(tid))\n return stub.fetch(req)\n}\n\nfunction extractTokenFromRequest(req: Request): string | null {\n const auth = req.headers.get('authorization')\n if (auth?.startsWith('Bearer ')) return auth.slice('Bearer '.length)\n const url = new URL(req.url)\n const q = url.searchParams.get('token')\n return q\n}\n"]}
1
+ {"version":3,"file":"worker.js","sourceRoot":"","sources":["../../../src/server/cloudflare/worker.ts"],"names":[],"mappings":"AAkBA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,GAAY,EACZ,SAAwC,EACxC,UAAqD,EACrD,OAAgD,EAAE;IAElD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAA;IAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,YAAY,CAAA;IAC5C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAA;IAEzB,iEAAiE;IACjE,gEAAgE;IAChE,gEAAgE;IAChE,8DAA8D;IAC9D,qEAAqE;IACrE,iCAAiC;IACjC,IACE,IAAI,KAAK,aAAa;QACtB,IAAI,KAAK,eAAe;QACxB,IAAI,KAAK,oBAAoB;QAC7B,IAAI,KAAK,qBAAqB;QAC9B,IAAI,KAAK,iBAAiB;QAC1B,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EACxB,CAAC;QACD,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAA;QAC1D,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACxB,CAAC;IAED,0DAA0D;IAC1D,MAAM,KAAK,GAAG,uBAAuB,CAAC,GAAG,CAAC,CAAA;IAC1C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,QAAQ,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAEhE,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAA;IACnC,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,QAAQ,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAE9D,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAA;IACrD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;AACxB,CAAC;AAED,SAAS,uBAAuB,CAAC,GAAY;IAC3C,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;IAC7C,IAAI,IAAI,EAAE,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;IACpE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,CAAC,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IACvC,OAAO,CAAC,CAAA;AACV,CAAC","sourcesContent":["/**\n * Minimal DurableObjectNamespace surface we need — `idFromName` +\n * `get` returning a `Stub` with `fetch(req)`. Kept structural so we\n * don't depend on `@cloudflare/workers-types` (the user's project has\n * them; we shouldn't duplicate).\n */\nexport interface MinimalDurableObjectNamespace {\n idFromName(name: string): MinimalDurableObjectId\n get(id: MinimalDurableObjectId): MinimalDurableObjectStub\n}\nexport interface MinimalDurableObjectId {\n // Opaque, but DO ids are passed back into `namespace.get()`.\n readonly name?: string\n}\nexport interface MinimalDurableObjectStub {\n fetch(req: Request): Promise<Response>\n}\n\n/**\n * Route an incoming Worker `fetch` request to the Durable Object\n * that owns its `tid`.\n *\n * The token travels in three places depending on the route:\n * - LAP HTTP calls: `Authorization: Bearer <token>` header\n * - Mint / resume HTTP calls: no token (identity resolver runs\n * inside the DO via the LAP router; we route by origin or a\n * special `/agent/mint` path — see below)\n * - WebSocket upgrade: `?token=<token>` in the URL\n *\n * Requests that don't carry a tid (mint, resume-list, sessions) are\n * routed to a \"root\" DO named `__root`, which handles identity /\n * token store operations centrally. LAP and WS calls route to the\n * per-tid DO so the pairing state stays local.\n *\n * This is the recommended entry for Cloudflare Workers deployments;\n * users who need custom routing can write their own and call the\n * underlying primitives directly.\n *\n * As of 0.0.35 the token format is opaque (random, not signed), so we\n * can't recover `tid` from the token alone. The caller passes a\n * `resolveTid` callback — typically `(token) => stub.fetch(...)` to\n * the root DO's token-resolution endpoint — that turns a bearer into\n * its tid via the shared token store. Callers that don't shard by\n * tid can pass `() => Promise.resolve(rootName)` to route everything\n * through the root DO.\n */\nexport async function routeToAgentDO(\n req: Request,\n namespace: MinimalDurableObjectNamespace,\n resolveTid: (token: string) => Promise<string | null>,\n opts: { rootName?: string; mcpPath?: string } = {},\n): Promise<Response> {\n const rootName = opts.rootName ?? '__root'\n const mcpPath = opts.mcpPath ?? '/agent/mcp'\n const url = new URL(req.url)\n const path = url.pathname\n\n // Non-LAP / non-WS management endpoints (mint, resume, sessions,\n // revoke, mcp) — there's no per-tid routing and no bearer token\n // required; use the root DO which owns the shared token store +\n // identity resolver. MCP auth happens within the protocol via\n // connect_session({token}), so the endpoint itself must be reachable\n // without a pre-existing bearer.\n if (\n path === '/agent/mint' ||\n path === '/agent/revoke' ||\n path === '/agent/resume/list' ||\n path === '/agent/resume/claim' ||\n path === '/agent/sessions' ||\n path.startsWith(mcpPath)\n ) {\n const stub = namespace.get(namespace.idFromName(rootName))\n return stub.fetch(req)\n }\n\n // Token-bearing routes (LAP + WS upgrade) — route by tid.\n const token = extractTokenFromRequest(req)\n if (!token) return new Response('Unauthorized', { status: 401 })\n\n const tid = await resolveTid(token)\n if (!tid) return new Response('Unauthorized', { status: 401 })\n\n const stub = namespace.get(namespace.idFromName(tid))\n return stub.fetch(req)\n}\n\nfunction extractTokenFromRequest(req: Request): string | null {\n const auth = req.headers.get('authorization')\n if (auth?.startsWith('Bearer ')) return auth.slice('Bearer '.length)\n const url = new URL(req.url)\n const q = url.searchParams.get('token')\n return q\n}\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@llui/agent",
3
- "version": "0.0.54",
3
+ "version": "0.0.55",
4
4
  "type": "module",
5
5
  "sideEffects": false,
6
6
  "exports": {