@m6d/cortex-server 1.1.1 → 1.1.2

package/src/ai/tools/call-endpoint.tool.ts

@@ -4,93 +4,86 @@ import type { ResolvedCortexAgentConfig } from "../../config.ts";
 import { fetchBackend } from "../fetch.ts";
 
 export function createCallEndpointTool(
-  backendFetch: NonNullable<ResolvedCortexAgentConfig["backendFetch"]>,
-  token: string,
+    backendFetch: NonNullable<ResolvedCortexAgentConfig["backendFetch"]>,
+    token: string,
 ) {
-  return tool({
-    title: "Call an API endpoint",
-    description:
-      "Call an API endpoint on the backend. Use queryGraph first to discover the correct endpoint, parameters, and business rules. For write operations (POST/PUT/DELETE), ALWAYS get explicit user confirmation before calling.",
-    inputSchema: z.object({
-      path: z
-        .string()
-        .describe(
-          'The API path including path parameters. Example: "/items/list" or "/resources/{id}"',
-        ),
-      method: z
-        .enum(["GET", "POST", "PUT", "DELETE"])
-        .describe("The HTTP method"),
-      queryParams: z
-        .string()
-        .optional()
-        .describe("Optional JSON-encoded string of query parameters."),
-      body: z
-        .string()
-        .optional()
-        .describe(
-          "Optional JSON-encoded string of request body for POST/PUT. For parameters of type file, use `capturedFile#[uploadId]` as the value.",
-        ),
-    }),
-    execute: async ({ path, method, queryParams, body }) => {
-      let fullPath = path;
-      if (queryParams) {
-        const params = JSON.parse(queryParams) as Record<string, unknown>;
-        const searchParams = new URLSearchParams();
-        for (const [key, value] of Object.entries(params)) {
-          if (value == null || value === "") continue;
-          if (Array.isArray(value)) {
-            for (const item of value) {
-              searchParams.append(key, String(item));
+    return tool({
+        title: "Call an API endpoint",
+        description:
+            "Call an API endpoint on the backend. Use queryGraph first to discover the correct endpoint, parameters, and business rules. For write operations (POST/PUT/DELETE), ALWAYS get explicit user confirmation before calling.",
+        inputSchema: z.object({
+            path: z
+                .string()
+                .describe(
+                    'The API path including path parameters. Example: "/items/list" or "/resources/{id}"',
+                ),
+            method: z.enum(["GET", "POST", "PUT", "DELETE"]).describe("The HTTP method"),
+            queryParams: z
+                .string()
+                .optional()
+                .describe("Optional JSON-encoded string of query parameters."),
+            body: z
+                .string()
+                .optional()
+                .describe(
+                    "Optional JSON-encoded string of request body for POST/PUT. For parameters of type file, use `capturedFile#[uploadId]` as the value.",
+                ),
+        }),
+        execute: async ({ path, method, queryParams, body }) => {
+            let fullPath = path;
+            if (queryParams) {
+                const params = JSON.parse(queryParams) as Record<string, unknown>;
+                const searchParams = new URLSearchParams();
+                for (const [key, value] of Object.entries(params)) {
+                    if (value == null || value === "") continue;
+                    if (Array.isArray(value)) {
+                        for (const item of value) {
+                            searchParams.append(key, String(item));
+                        }
+                    } else {
+                        searchParams.set(key, String(value));
+                    }
+                }
+                const qs = searchParams.toString();
+                if (qs) fullPath += `?${qs}`;
             }
-          } else {
-            searchParams.set(key, String(value));
-          }
-        }
-        const qs = searchParams.toString();
-        if (qs) fullPath += `?${qs}`;
-      }
 
-      const options: RequestInit = { method };
-      if (body && (method === "POST" || method === "PUT")) {
-        options.body = body;
-      }
+            const options: RequestInit = { method };
+            if (body && (method === "POST" || method === "PUT")) {
+                options.body = body;
+            }
 
-      const response = await fetchBackend(
-        fullPath,
-        backendFetch,
-        token,
-        options,
-      );
+            const response = await fetchBackend(fullPath, backendFetch, token, options);
 
-      if (!response.ok) {
-        let message: string;
-        let details: unknown = undefined;
-        try {
-          const errorBody = (await response.json()) as Record<string, unknown>;
-          message =
-            (errorBody.message as string) ||
-            (errorBody.title as string) ||
-            JSON.stringify(errorBody);
-          if (errorBody.errors) {
-            details = errorBody.errors;
-          }
-        } catch {
-          message = `Request failed with status ${response.status}`;
-        }
-        return JSON.stringify({
-          error: true,
-          status: response.status,
-          message,
-          ...(details ? { details } : {}),
-        });
-      }
+            if (!response.ok) {
+                let message: string;
+                let details: unknown = undefined;
+                try {
+                    const errorBody = (await response.json()) as Record<string, unknown>;
+                    message =
+                        (errorBody.message as string) ||
+                        (errorBody.title as string) ||
+                        JSON.stringify(errorBody);
+                    if (errorBody.errors) {
+                        details = errorBody.errors;
+                    }
+                } catch {
+                    message = `Request failed with status ${response.status}`;
+                }
+                return JSON.stringify({
+                    error: true,
+                    status: response.status,
+                    message,
+                    ...(details ? { details } : {}),
+                });
+            }
 
-      if (response.status === 204) {
-        return JSON.stringify({ success: true });
-      }
+            if (response.status === 204) {
+                return JSON.stringify({ success: true });
+            }
 
-      const data = await response.json();
-      return JSON.stringify(data);
-    },
-  });
+            const data = await response.json();
+            return JSON.stringify(data);
+        },
+    });
 }

package/src/ai/tools/capture-files.tool.ts

@@ -2,21 +2,19 @@ import { tool } from "ai";
 import z from "zod";
 
 export const captureFilesTool = tool({
-  description: "Let the user upload a file",
-  inputSchema: z.object({
-    files: z.array(
-      z.object({
-        label: z
-          .string()
-          .describe(
-            "A label to view to the user to know what file they need to upload",
-          ),
-        id: z
-          .string()
-          .describe(
-            "An ID to the file for you to use it when calling apis or later processing",
-          ),
-      }),
-    ),
-  }),
+    description: "Let the user upload a file",
+    inputSchema: z.object({
+        files: z.array(
+            z.object({
+                label: z
+                    .string()
+                    .describe("A label to view to the user to know what file they need to upload"),
+                id: z
+                    .string()
+                    .describe(
+                        "An ID to the file for you to use it when calling apis or later processing",
+                    ),
+            }),
+        ),
+    }),
 });

package/src/ai/tools/execute-code.tool.ts

@@ -4,105 +4,98 @@ import type { ResolvedCortexAgentConfig } from "../../config.ts";
 import { fetchBackend } from "../fetch.ts";
 
 type ApiHelper = {
-  get: (
-    path: string,
-    queryParams?: Record<string, unknown>,
-  ) => Promise<unknown>;
-  post: (path: string, body?: unknown) => Promise<unknown>;
-  put: (path: string, body?: unknown) => Promise<unknown>;
-  del: (path: string) => Promise<unknown>;
+    get: (path: string, queryParams?: Record<string, unknown>) => Promise<unknown>;
+    post: (path: string, body?: unknown) => Promise<unknown>;
+    put: (path: string, body?: unknown) => Promise<unknown>;
+    del: (path: string) => Promise<unknown>;
 };
 
 function buildQueryString(params: Record<string, unknown>) {
-  const searchParams = new URLSearchParams();
-  for (const [key, value] of Object.entries(params)) {
-    if (value == null || value === "") continue;
-    if (Array.isArray(value)) {
-      for (const item of value) {
-        searchParams.append(key, String(item));
-      }
-    } else {
-      searchParams.set(key, String(value));
+    const searchParams = new URLSearchParams();
+    for (const [key, value] of Object.entries(params)) {
+        if (value == null || value === "") continue;
+        if (Array.isArray(value)) {
+            for (const item of value) {
+                searchParams.append(key, String(item));
+            }
+        } else {
+            searchParams.set(key, String(value));
+        }
     }
-  }
-  const qs = searchParams.toString();
-  return qs ? `?${qs}` : "";
+    const qs = searchParams.toString();
+    return qs ? `?${qs}` : "";
 }
 
 function createApiHelper(
-  backendFetch: NonNullable<ResolvedCortexAgentConfig["backendFetch"]>,
-  token: string,
+    backendFetch: NonNullable<ResolvedCortexAgentConfig["backendFetch"]>,
+    token: string,
 ) {
-  async function request(method: string, path: string, body?: unknown) {
-    const options: RequestInit = { method };
-    if (body !== undefined && (method === "POST" || method === "PUT")) {
-      options.body = JSON.stringify(body);
-    }
+    async function request(method: string, path: string, body?: unknown) {
+        const options: RequestInit = { method };
+        if (body !== undefined && (method === "POST" || method === "PUT")) {
+            options.body = JSON.stringify(body);
+        }
 
-    const response = await fetchBackend(path, backendFetch, token, options);
+        const response = await fetchBackend(path, backendFetch, token, options);
 
-    if (!response.ok) {
-      let message: string;
-      try {
-        const errorBody = await response.json();
-        message = JSON.stringify(errorBody);
-      } catch {
-        message = `HTTP ${response.status}`;
-      }
-      throw new Error(
-        `API ${method} ${path} failed (${response.status}): ${message}`,
-      );
-    }
+        if (!response.ok) {
+            let message: string;
+            try {
+                const errorBody = await response.json();
+                message = JSON.stringify(errorBody);
+            } catch {
+                message = `HTTP ${response.status}`;
+            }
+            throw new Error(`API ${method} ${path} failed (${response.status}): ${message}`);
+        }
 
-    if (response.status === 204) return { success: true };
-    return response.json();
-  }
+        if (response.status === 204) return { success: true };
+        return response.json();
+    }
 
-  return {
-    get: (path, queryParams) => {
-      const fullPath = queryParams
-        ? path + buildQueryString(queryParams)
-        : path;
-      return request("GET", fullPath);
-    },
-    post: (path, body) => request("POST", path, body),
-    put: (path, body) => request("PUT", path, body),
-    del: (path) => request("DELETE", path),
-  } satisfies ApiHelper;
+    return {
+        get: (path, queryParams) => {
+            const fullPath = queryParams ? path + buildQueryString(queryParams) : path;
+            return request("GET", fullPath);
+        },
+        post: (path, body) => request("POST", path, body),
+        put: (path, body) => request("PUT", path, body),
+        del: (path) => request("DELETE", path),
+    } satisfies ApiHelper;
 }
 
 const AsyncFunction: new (
-  ...args: [...paramNames: string[], body: string]
+    ...args: [...paramNames: string[], body: string]
 ) => (...args: unknown[]) => Promise<unknown> = Object.getPrototypeOf(
-  async function () {},
+    async function () {},
 ).constructor;
 
 export function createExecuteCodeTool(
-  backendFetch: NonNullable<ResolvedCortexAgentConfig["backendFetch"]>,
-  token: string,
+    backendFetch: NonNullable<ResolvedCortexAgentConfig["backendFetch"]>,
+    token: string,
 ) {
-  return tool({
-    title: "Executes JavaScript code",
-    description:
-      "Run a JavaScript script that calls APIs and returns only relevant data. The script has an `api` helper: api.get(path, params?), api.post(path, body?), api.put(path, body?), api.del(path). Each returns parsed JSON and throws on error. For parameters of type file, use `capturedFile#[uploadId]` as the value.",
-    inputSchema: z.object({
-      code: z
-        .string()
-        .describe(
-          "Async JS function body. Use the `api` helper to call endpoints. Return only the data needed for your response.",
-        ),
-    }),
-    execute: async ({ code }) => {
-      const apiHelper = createApiHelper(backendFetch, token);
+    return tool({
+        title: "Executes JavaScript code",
+        description:
+            "Run a JavaScript script that calls APIs and returns only relevant data. The script has an `api` helper: api.get(path, params?), api.post(path, body?), api.put(path, body?), api.del(path). Each returns parsed JSON and throws on error. For parameters of type file, use `capturedFile#[uploadId]` as the value.",
+        inputSchema: z.object({
+            code: z
+                .string()
+                .describe(
+                    "Async JS function body. Use the `api` helper to call endpoints. Return only the data needed for your response.",
+                ),
+        }),
+        execute: async ({ code }) => {
+            const apiHelper = createApiHelper(backendFetch, token);
 
-      try {
-        const fn = new AsyncFunction("api", code);
-        const result = await fn(apiHelper);
-        return JSON.stringify(result);
-      } catch (e) {
-        const message = e instanceof Error ? e.message : String(e);
-        return JSON.stringify({ error: true, message });
-      }
-    },
-  });
+            try {
+                const fn = new AsyncFunction("api", code);
+                const result = await fn(apiHelper);
+                return JSON.stringify(result);
+            } catch (e) {
+                const message = e instanceof Error ? e.message : String(e);
+                return JSON.stringify({ error: true, message });
+            }
+        },
+    });
 }

package/src/ai/tools/query-graph.tool.ts

@@ -3,9 +3,9 @@ import z from "zod";
 import type { Neo4jClient } from "../../graph/neo4j.ts";
 
 export function createQueryGraphTool(neo4j: Neo4jClient) {
-  return tool({
-    title: "Query existing Knowledge Graph",
-    description: `Run a Cypher query against the Neo4j knowledge graph to find relevant
+    return tool({
+        title: "Query existing Knowledge Graph",
+        description: `Run a Cypher query against the Neo4j knowledge graph to find relevant
 API endpoints, business rules, and system concepts.
 
 Concepts' descriptions are embedded (vectorized), always use this method to search unknowns; use regular keywords only if you received it before or you know it for a fact:
@@ -18,18 +18,18 @@ MATCH (ancestor)-[:QUERIED_VIA|MUTATED_VIA]->(e)
 RETURN node, e
 ORDER BY score DESC;
 \`\`\``,
-    inputSchema: z.object({
-      query: z.string().describe("The Cypher query to execute"),
-      parameters: z
-        .string()
-        .optional()
-        .describe(
-          'Optional JSON-encoded string of query parameters. Example: `{"name": "LeaveBalance"}` if you know the exact name; for parameters that need to be embedded first prepend the name with `#`, e.g., `{"#paramName": "Text to be embedded before passed to query"}`',
-        ),
-    }),
-    execute: async ({ query, parameters }) => {
-      const params = parameters ? JSON.parse(parameters) : undefined;
-      return neo4j.query(query, params);
-    },
-  });
+        inputSchema: z.object({
+            query: z.string().describe("The Cypher query to execute"),
+            parameters: z
+                .string()
+                .optional()
+                .describe(
+                    'Optional JSON-encoded string of query parameters. Example: `{"name": "LeaveBalance"}` if you know the exact name; for parameters that need to be embedded first prepend the name with `#`, e.g., `{"#paramName": "Text to be embedded before passed to query"}`',
+                ),
+        }),
+        execute: async ({ query, parameters }) => {
+            const params = parameters ? JSON.parse(parameters) : undefined;
+            return neo4j.query(query, params);
+        },
+    });
 }

package/src/auth/middleware.ts

@@ -6,58 +6,58 @@ import type { AppEnv, AuthedAppEnv } from "../types";
 import type { CortexConfig } from "../config";
 
 export function createUserLoaderMiddleware(authConfig: CortexConfig["auth"]) {
-  const jwks = createRemoteJWKSet(new URL(authConfig.jwksUri));
-
-  return createMiddleware<AppEnv>(async (c, next) => {
-    let token: string | null = null;
-
-    if (authConfig.tokenExtractor) {
-      token = authConfig.tokenExtractor(c.req.raw);
-    } else {
-      // 1. Authorization header
-      const authHeader = c.req.header("Authorization");
-      if (authHeader?.startsWith("Bearer ")) {
-        token = authHeader.slice(7);
-      }
-
-      // 2. Query parameter
-      if (!token) {
-        const url = new URL(c.req.url);
-        token = url.searchParams.get("token");
-      }
-
-      // 3. Cookie
-      if (!token && authConfig.cookieName) {
-        token = getCookie(c, authConfig.cookieName) ?? null;
-      }
-    }
-
-    if (!token) {
-      await next();
-      return;
-    }
-
-    try {
-      const { payload } = await jwtVerify(token, jwks, {
-        issuer: authConfig.issuer,
-        clockTolerance: Infinity,
-      });
-
-      if (payload.sub) {
-        c.set("user", { id: payload.sub, token });
-      }
-      await next();
-    } catch {
-      await next();
-    }
-  });
+    const jwks = createRemoteJWKSet(new URL(authConfig.jwksUri));
+
+    return createMiddleware<AppEnv>(async (c, next) => {
+        let token: string | null = null;
+
+        if (authConfig.tokenExtractor) {
+            token = authConfig.tokenExtractor(c.req.raw);
+        } else {
+            // 1. Authorization header
+            const authHeader = c.req.header("Authorization");
+            if (authHeader?.startsWith("Bearer ")) {
+                token = authHeader.slice(7);
+            }
+
+            // 2. Query parameter
+            if (!token) {
+                const url = new URL(c.req.url);
+                token = url.searchParams.get("token");
+            }
+
+            // 3. Cookie
+            if (!token && authConfig.cookieName) {
+                token = getCookie(c, authConfig.cookieName) ?? null;
+            }
+        }
+
+        if (!token) {
+            await next();
+            return;
+        }
+
+        try {
+            const { payload } = await jwtVerify(token, jwks, {
+                issuer: authConfig.issuer,
+                clockTolerance: Infinity,
+            });
+
+            if (payload.sub) {
+                c.set("user", { id: payload.sub, token });
+            }
+            await next();
+        } catch {
+            await next();
+        }
+    });
 }
 
 export const requireAuth = createMiddleware<AuthedAppEnv>(async (c, next) => {
-  const user = c.get("user");
-  if (!user) {
-    throw new HTTPException(401, { message: "Unauthorized" });
-  }
-  c.set("user", user);
-  await next();
+    const user = c.get("user");
+    if (!user) {
+        throw new HTTPException(401, { message: "Unauthorized" });
+    }
+    c.set("user", user);
+    await next();
 });