@voyantjs/workflows-orchestrator-cloudflare 0.6.7 → 0.6.9

package/src/index.ts

@@ -26,30 +26,30 @@
 // See docs/runtime-protocol.md §2 and docs/design.md §6 for the
 // design this adapter implements.
 
-export * from "./types.js";
-export { createDurableObjectRunStore } from "./do-store.js";
+export {
+  type BundleLocation,
+  type CfContainerRunnerDeps,
+  type ContainerNamespaceLike,
+  createCfContainerStepRunner,
+} from "./cf-container-runner.js"
 export {
   createDispatchStepHandler,
   type DispatchHandlerDeps,
-} from "./dispatch-handler.js";
+} from "./dispatch-handler.js"
+export { createDurableObjectRunStore } from "./do-store.js"
 export {
-  handleDurableObjectRequest,
-  handleDurableObjectAlarm,
   type DurableObjectDeps,
-} from "./durable-object.js";
-export {
-  handleWorkerRequest,
-  type WorkerFetchDeps,
-  type DurableObjectNamespaceLike,
-} from "./worker.js";
-export {
-  createCfContainerStepRunner,
-  type BundleLocation,
-  type CfContainerRunnerDeps,
-  type ContainerNamespaceLike,
-} from "./cf-container-runner.js";
+  handleDurableObjectAlarm,
+  handleDurableObjectRequest,
+} from "./durable-object.js"
 export {
   createR2Presigner,
-  type R2PresignerOptions,
   type PresignArgs,
-} from "./r2-sign.js";
+  type R2PresignerOptions,
+} from "./r2-sign.js"
+export * from "./types.js"
+export {
+  type DurableObjectNamespaceLike,
+  handleWorkerRequest,
+  type WorkerFetchDeps,
+} from "./worker.js"

package/src/r2-sign.ts

@@ -17,42 +17,44 @@
 
 export interface R2PresignerOptions {
   /** Cloudflare account id (32-char hex). */
-  accountId: string;
+  accountId: string
   /** R2 Access Key ID from your CF dashboard — scope read-only. */
-  accessKeyId: string;
+  accessKeyId: string
   /** R2 Secret Access Key. Store as a Worker Secret. */
-  secretAccessKey: string;
+  secretAccessKey: string
   /** R2 bucket name. */
-  bucket: string;
+  bucket: string
 }
 
 export interface PresignArgs {
   /** Object key, e.g. `"prj_42/v1/container.mjs"`. Leading `/` is optional. */
-  key: string;
+  key: string
   /** Seconds until the URL stops being valid. Min 1, max 604800. */
-  expiresIn: number;
+  expiresIn: number
 }
 
-export function createR2Presigner(opts: R2PresignerOptions): (args: PresignArgs) => Promise<string> {
-  const host = `${opts.accountId}.r2.cloudflarestorage.com`;
-  const region = "auto"; // R2's SigV4 region convention.
-  const service = "s3";
+export function createR2Presigner(
+  opts: R2PresignerOptions,
+): (args: PresignArgs) => Promise<string> {
+  const host = `${opts.accountId}.r2.cloudflarestorage.com`
+  const region = "auto" // R2's SigV4 region convention.
+  const service = "s3"
 
   return async ({ key, expiresIn }) => {
     if (expiresIn < 1 || expiresIn > 604_800) {
-      throw new Error(`R2 presign: expiresIn must be 1..604800, got ${expiresIn}`);
+      throw new Error(`R2 presign: expiresIn must be 1..604800, got ${expiresIn}`)
     }
-    const normalizedKey = key.replace(/^\/+/, "");
+    const normalizedKey = key.replace(/^\/+/, "")
     const encodedKey = normalizedKey
       .split("/")
       .map((seg) => encodeURIComponent(seg))
-      .join("/");
+      .join("/")
 
-    const now = new Date();
-    const amzDate = toAmzDate(now);
-    const shortDate = amzDate.slice(0, 8);
-    const credentialScope = `${shortDate}/${region}/${service}/aws4_request`;
-    const credential = `${opts.accessKeyId}/${credentialScope}`;
+    const now = new Date()
+    const amzDate = toAmzDate(now)
+    const shortDate = amzDate.slice(0, 8)
+    const credentialScope = `${shortDate}/${region}/${service}/aws4_request`
+    const credential = `${opts.accessKeyId}/${credentialScope}`
 
     const params: Array<[string, string]> = [
       ["X-Amz-Algorithm", "AWS4-HMAC-SHA256"],
@@ -60,11 +62,11 @@ export function createR2Presigner(opts: R2PresignerOptions): (args: PresignArgs)
       ["X-Amz-Date", amzDate],
       ["X-Amz-Expires", String(expiresIn)],
       ["X-Amz-SignedHeaders", "host"],
-    ];
-    params.sort((a, b) => (a[0] < b[0] ? -1 : a[0] > b[0] ? 1 : 0));
+    ]
+    params.sort((a, b) => (a[0] < b[0] ? -1 : a[0] > b[0] ? 1 : 0))
     const canonicalQuery = params
       .map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(v)}`)
-      .join("&");
+      .join("&")
 
     const canonicalRequest = [
       "GET",
@@ -73,62 +75,57 @@ export function createR2Presigner(opts: R2PresignerOptions): (args: PresignArgs)
       `host:${host}\n`,
       "host",
       "UNSIGNED-PAYLOAD",
-    ].join("\n");
+    ].join("\n")
 
     const stringToSign = [
       "AWS4-HMAC-SHA256",
       amzDate,
       credentialScope,
       await sha256Hex(canonicalRequest),
-    ].join("\n");
-
-    const signingKey = await deriveSigningKey(
-      opts.secretAccessKey,
-      shortDate,
-      region,
-      service,
-    );
-    const signature = toHex(await hmac(signingKey, stringToSign));
-
-    return `https://${host}/${opts.bucket}/${encodedKey}?${canonicalQuery}&X-Amz-Signature=${signature}`;
-  };
+    ].join("\n")
+
+    const signingKey = await deriveSigningKey(opts.secretAccessKey, shortDate, region, service)
+    const signature = toHex(await hmac(signingKey, stringToSign))
+
+    return `https://${host}/${opts.bucket}/${encodedKey}?${canonicalQuery}&X-Amz-Signature=${signature}`
+  }
 }
 
 // ---- Crypto helpers ----
 
 function toAmzDate(d: Date): string {
-  const yyyy = d.getUTCFullYear();
-  const mm = String(d.getUTCMonth() + 1).padStart(2, "0");
-  const dd = String(d.getUTCDate()).padStart(2, "0");
-  const hh = String(d.getUTCHours()).padStart(2, "0");
-  const mi = String(d.getUTCMinutes()).padStart(2, "0");
-  const ss = String(d.getUTCSeconds()).padStart(2, "0");
-  return `${yyyy}${mm}${dd}T${hh}${mi}${ss}Z`;
+  const yyyy = d.getUTCFullYear()
+  const mm = String(d.getUTCMonth() + 1).padStart(2, "0")
+  const dd = String(d.getUTCDate()).padStart(2, "0")
+  const hh = String(d.getUTCHours()).padStart(2, "0")
+  const mi = String(d.getUTCMinutes()).padStart(2, "0")
+  const ss = String(d.getUTCSeconds()).padStart(2, "0")
+  return `${yyyy}${mm}${dd}T${hh}${mi}${ss}Z`
 }
 
 function toHex(bytes: ArrayBuffer): string {
-  const arr = new Uint8Array(bytes);
-  let out = "";
-  for (const b of arr) out += b.toString(16).padStart(2, "0");
-  return out;
+  const arr = new Uint8Array(bytes)
+  let out = ""
+  for (const b of arr) out += b.toString(16).padStart(2, "0")
+  return out
 }
 
 async function sha256Hex(input: string): Promise<string> {
-  const bytes = new TextEncoder().encode(input);
-  const digest = await crypto.subtle.digest("SHA-256", bytes);
-  return toHex(digest);
+  const bytes = new TextEncoder().encode(input)
+  const digest = await crypto.subtle.digest("SHA-256", bytes)
+  return toHex(digest)
 }
 
 async function hmac(key: ArrayBuffer | Uint8Array, msg: string): Promise<ArrayBuffer> {
-  const keyBuf = key instanceof Uint8Array ? key.slice().buffer : key;
+  const keyBuf = key instanceof Uint8Array ? key.slice().buffer : key
   const cryptoKey = await crypto.subtle.importKey(
     "raw",
     keyBuf,
     { name: "HMAC", hash: "SHA-256" },
     false,
     ["sign"],
-  );
-  return crypto.subtle.sign("HMAC", cryptoKey, new TextEncoder().encode(msg));
+  )
+  return crypto.subtle.sign("HMAC", cryptoKey, new TextEncoder().encode(msg))
 }
 
 async function deriveSigningKey(
@@ -137,9 +134,9 @@ async function deriveSigningKey(
   region: string,
   service: string,
 ): Promise<ArrayBuffer> {
-  const kDate = await hmac(new TextEncoder().encode(`AWS4${secret}`), shortDate);
-  const kRegion = await hmac(kDate, region);
-  const kService = await hmac(kRegion, service);
-  const kSigning = await hmac(kService, "aws4_request");
-  return kSigning;
+  const kDate = await hmac(new TextEncoder().encode(`AWS4${secret}`), shortDate)
+  const kRegion = await hmac(kDate, region)
+  const kService = await hmac(kRegion, service)
+  const kSigning = await hmac(kService, "aws4_request")
+  return kSigning
 }

package/src/types.ts

@@ -2,7 +2,7 @@
 // a hard dependency on `@cloudflare/workers-types` — matching the
 // shape is enough, and tests can pass plain objects.
 
-import type { WaitpointInjection } from "@voyantjs/workflows-orchestrator";
+import type { WaitpointInjection } from "@voyantjs/workflows-orchestrator"
 
 /**
  * Subset of Cloudflare's `DurableObjectStorage` we actually use.
@@ -15,16 +15,16 @@ import type { WaitpointInjection } from "@voyantjs/workflows-orchestrator";
  * due — see `handleDurableObjectAlarm`.
  */
 export interface DurableObjectStorageLike {
-  get<T>(key: string): Promise<T | undefined>;
-  put<T>(key: string, value: T): Promise<void>;
-  delete(key: string): Promise<boolean>;
-  list<T>(options?: { prefix?: string; limit?: number }): Promise<Map<string, T>>;
+  get<T>(key: string): Promise<T | undefined>
+  put<T>(key: string, value: T): Promise<void>
+  delete(key: string): Promise<boolean>
+  list<T>(options?: { prefix?: string; limit?: number }): Promise<Map<string, T>>
   /** ms-since-epoch of the scheduled alarm, or null if none. */
-  getAlarm?(): Promise<number | null>;
+  getAlarm?(): Promise<number | null>
   /** Schedule the DO's alarm() method to fire at `wakeAt`. */
-  setAlarm?(wakeAt: number): Promise<void>;
+  setAlarm?(wakeAt: number): Promise<void>
   /** Cancel any pending alarm. */
-  deleteAlarm?(): Promise<void>;
+  deleteAlarm?(): Promise<void>
 }
 
 /**
@@ -33,42 +33,45 @@ export interface DurableObjectStorageLike {
  * registered under that name.
  */
 export interface DispatchNamespaceLike {
-  get(name: string, args?: Record<string, unknown>): {
-    fetch(request: Request): Promise<Response>;
-  };
+  get(
+    name: string,
+    args?: Record<string, unknown>,
+  ): {
+    fetch(request: Request): Promise<Response>
+  }
 }
 
 /** Args the Worker passes when routing to a run DO. */
 export interface RunOperation {
-  op: "trigger" | "resume" | "cancel" | "get";
-  payload?: unknown;
+  op: "trigger" | "resume" | "cancel" | "get"
+  payload?: unknown
 }
 
 /** Injection payload on resume ops. */
 export interface ResumePayload {
-  injection: WaitpointInjection;
+  injection: WaitpointInjection
 }
 
 /** Trigger payload. */
 export interface TriggerPayload {
-  workflowId: string;
-  workflowVersion: string;
-  input: unknown;
+  workflowId: string
+  workflowVersion: string
+  input: unknown
   tenantMeta: {
-    tenantId: string;
-    projectId: string;
-    organizationId: string;
+    tenantId: string
+    projectId: string
+    organizationId: string
     /** Dispatch-namespace name to forward step requests to. */
-    tenantScript: string;
-  };
-  environment?: "production" | "preview" | "development";
-  tags?: string[];
-  runId?: string;
+    tenantScript: string
+  }
+  environment?: "production" | "preview" | "development"
+  tags?: string[]
+  runId?: string
 }
 
 /** Cancel payload. */
 export interface CancelPayload {
-  reason?: string;
+  reason?: string
 }
 
 /**
@@ -77,7 +80,7 @@ export interface CancelPayload {
  */
 export interface AdapterEnv<DONamespace = unknown, DispatchNS = DispatchNamespaceLike> {
   /** Durable Object namespace holding one DO per run. Typed loosely to avoid a CF types dep. */
-  WORKFLOW_RUN_DO: DONamespace;
+  WORKFLOW_RUN_DO: DONamespace
   /** Dispatch namespace containing tenant Workers. */
-  DISPATCHER: DispatchNS;
+  DISPATCHER: DispatchNS
 }

package/src/worker.ts

@@ -11,7 +11,7 @@
 //   POST /api/runs/:id/tokens/:token   → inject a MANUAL (token) waitpoint
 //   POST /api/runs/:id/cancel          → cancel a run
 
-import type { WaitpointInjection } from "@voyantjs/workflows-orchestrator";
+import type { WaitpointInjection } from "@voyantjs/workflows-orchestrator"
 
 /**
  * Minimal shape of a DO namespace. `idFromName` returns an opaque id;
@@ -19,80 +19,80 @@ import type { WaitpointInjection } from "@voyantjs/workflows-orchestrator";
  * Typed loosely so tests can pass any matching object.
  */
 export interface DurableObjectNamespaceLike<Id = unknown> {
-  idFromName(name: string): Id;
-  get(id: Id): { fetch(req: Request): Promise<Response> };
+  idFromName(name: string): Id
+  get(id: Id): { fetch(req: Request): Promise<Response> }
 }
 
 export interface WorkerFetchDeps<Id = unknown> {
-  runDO: DurableObjectNamespaceLike<Id>;
+  runDO: DurableObjectNamespaceLike<Id>
   /**
    * Called before any routing. Throws/rejects to reject the request.
    * Typical implementation validates a tenant access token.
    */
-  verifyRequest?: (req: Request) => void | Promise<void>;
+  verifyRequest?: (req: Request) => void | Promise<void>
   /** Optional logger. */
-  logger?: (level: "info" | "warn" | "error", msg: string, data?: object) => void;
+  logger?: (level: "info" | "warn" | "error", msg: string, data?: object) => void
   /** id generator for new triggers; defaults to `run_<random>`. */
-  idGenerator?: () => string;
+  idGenerator?: () => string
   /** Injectable clock for id generation. */
-  now?: () => number;
+  now?: () => number
 }
 
 export async function handleWorkerRequest<Id>(
   req: Request,
   deps: WorkerFetchDeps<Id>,
 ): Promise<Response> {
-  const url = new URL(req.url);
+  const url = new URL(req.url)
 
   if (req.method === "OPTIONS") {
     return new Response(null, {
       status: 204,
       headers: corsHeaders("GET,POST,OPTIONS"),
-    });
+    })
   }
 
   try {
-    if (deps.verifyRequest) await deps.verifyRequest(req);
+    if (deps.verifyRequest) await deps.verifyRequest(req)
   } catch (err) {
     return json(401, {
       error: "unauthorized",
       message: err instanceof Error ? err.message : String(err),
-    });
+    })
   }
 
   // POST /api/runs — trigger a new run.
   if (req.method === "POST" && url.pathname === "/api/runs") {
-    let payload: Record<string, unknown>;
+    let payload: Record<string, unknown>
     try {
-      payload = (await req.json()) as Record<string, unknown>;
+      payload = (await req.json()) as Record<string, unknown>
     } catch (err) {
-      return json(400, { error: "invalid_json", message: errMsg(err) });
+      return json(400, { error: "invalid_json", message: errMsg(err) })
     }
-    const runId = typeof payload.runId === "string" ? payload.runId : defaultRunId(deps);
+    const runId = typeof payload.runId === "string" ? payload.runId : defaultRunId(deps)
     const forward = new Request(`https://do-internal/trigger`, {
       method: "POST",
       headers: { "content-type": "application/json" },
       body: JSON.stringify({ ...payload, runId }),
-    });
-    return forwardToRunDO(runId, forward, deps);
+    })
+    return forwardToRunDO(runId, forward, deps)
   }
 
   // Everything below operates on a specific runId.
-  const runMatch = url.pathname.match(/^\/api\/runs\/([^/]+)(\/.+)?$/);
+  const runMatch = url.pathname.match(/^\/api\/runs\/([^/]+)(\/.+)?$/)
   if (!runMatch) {
-    return json(404, { error: "route_not_found", path: url.pathname });
+    return json(404, { error: "route_not_found", path: url.pathname })
   }
-  const runId = decodeURIComponent(runMatch[1]!);
-  const tail = runMatch[2] ?? "";
+  const runId = decodeURIComponent(runMatch[1]!)
+  const tail = runMatch[2] ?? ""
 
   if (req.method === "GET" && tail === "") {
-    const forward = new Request(`https://do-internal/get`, { method: "GET" });
-    return forwardToRunDO(runId, forward, deps);
+    const forward = new Request(`https://do-internal/get`, { method: "GET" })
+    return forwardToRunDO(runId, forward, deps)
   }
 
   if (req.method === "POST" && tail === "/cancel") {
-    const body = await safeJson(req);
-    if (isErrorBody(body)) return json(400, body);
+    const body = await safeJson(req)
+    if (isErrorBody(body)) return json(400, body)
     return forwardToRunDO(
       runId,
       new Request(`https://do-internal/cancel`, {
@@ -101,14 +101,14 @@ export async function handleWorkerRequest<Id>(
         body: JSON.stringify(body),
       }),
       deps,
-    );
+    )
   }
 
   // Waitpoint injections: events, signals, tokens.
-  const body = await safeJson(req);
-  if (isErrorBody(body)) return json(400, body);
-  const injection = parseInjection(tail, body);
-  if ("error" in injection) return json(400, injection);
+  const body = await safeJson(req)
+  if (isErrorBody(body)) return json(400, body)
+  const injection = parseInjection(tail, body)
+  if ("error" in injection) return json(400, injection)
   return forwardToRunDO(
     runId,
     new Request(`https://do-internal/resume`, {
@@ -117,13 +117,13 @@ export async function handleWorkerRequest<Id>(
       body: JSON.stringify({ injection: injection.injection }),
     }),
     deps,
-  );
+  )
 }
 
 function isErrorBody(
   body: Record<string, unknown> | { error: string; message: string },
 ): body is { error: string; message: string } {
-  return typeof (body as { error?: unknown }).error === "string";
+  return typeof (body as { error?: unknown }).error === "string"
 }
 
 function parseInjection(
@@ -132,19 +132,19 @@ function parseInjection(
 ): { injection: WaitpointInjection } | { error: string; message: string } {
   if (tail === "/events") {
     if (typeof body.eventType !== "string" || body.eventType.length === 0) {
-      return { error: "invalid_body", message: "`eventType` (string) is required" };
+      return { error: "invalid_body", message: "`eventType` (string) is required" }
     }
     return {
       injection: { kind: "EVENT", eventType: body.eventType, payload: body.payload },
-    };
+    }
   }
   if (tail === "/signals") {
     if (typeof body.name !== "string" || body.name.length === 0) {
-      return { error: "invalid_body", message: "`name` (string) is required" };
+      return { error: "invalid_body", message: "`name` (string) is required" }
     }
-    return { injection: { kind: "SIGNAL", name: body.name, payload: body.payload } };
+    return { injection: { kind: "SIGNAL", name: body.name, payload: body.payload } }
   }
-  const tokenMatch = tail.match(/^\/tokens\/([^/]+)$/);
+  const tokenMatch = tail.match(/^\/tokens\/([^/]+)$/)
   if (tokenMatch) {
     return {
       injection: {
@@ -152,9 +152,9 @@ function parseInjection(
         tokenId: decodeURIComponent(tokenMatch[1]!),
         payload: body.payload,
       },
-    };
+    }
   }
-  return { error: "route_not_found", message: `unknown path suffix ${tail}` };
+  return { error: "route_not_found", message: `unknown path suffix ${tail}` }
 }
 
 async function forwardToRunDO<Id>(
@@ -162,36 +162,38 @@ async function forwardToRunDO<Id>(
   req: Request,
   deps: WorkerFetchDeps<Id>,
 ): Promise<Response> {
-  const id = deps.runDO.idFromName(runId);
-  const stub = deps.runDO.get(id);
-  const resp = await stub.fetch(req);
+  const id = deps.runDO.idFromName(runId)
+  const stub = deps.runDO.get(id)
+  const resp = await stub.fetch(req)
   // Add CORS on outbound responses.
-  const out = new Response(resp.body, resp);
+  const out = new Response(resp.body, resp)
   for (const [k, v] of Object.entries(corsHeaders("GET,POST,OPTIONS"))) {
-    out.headers.set(k, v);
+    out.headers.set(k, v)
   }
-  return out;
+  return out
 }
 
 function defaultRunId<Id>(deps: WorkerFetchDeps<Id>): string {
-  if (deps.idGenerator) return deps.idGenerator();
-  const now = deps.now ?? (() => Date.now());
-  const ts = now().toString(36);
-  const rand = Math.floor(Math.random() * 1_000_000).toString(36).padStart(4, "0");
-  return `run_${ts}_${rand}`;
+  if (deps.idGenerator) return deps.idGenerator()
+  const now = deps.now ?? (() => Date.now())
+  const ts = now().toString(36)
+  const rand = Math.floor(Math.random() * 1_000_000)
+    .toString(36)
+    .padStart(4, "0")
+  return `run_${ts}_${rand}`
 }
 
 async function safeJson(
   req: Request,
 ): Promise<Record<string, unknown> | { error: string; message: string }> {
   // Some requests are bodyless (GET). Only parse when we have a body.
-  if (req.method === "GET" || req.method === "HEAD") return {};
-  const text = await req.text();
-  if (text.length === 0) return {};
+  if (req.method === "GET" || req.method === "HEAD") return {}
+  const text = await req.text()
+  if (text.length === 0) return {}
   try {
-    return JSON.parse(text) as Record<string, unknown>;
+    return JSON.parse(text) as Record<string, unknown>
   } catch (err) {
-    return { error: "invalid_json", message: errMsg(err) };
+    return { error: "invalid_json", message: errMsg(err) }
   }
 }
 
@@ -200,7 +202,7 @@ function corsHeaders(methods: string): Record<string, string> {
     "access-control-allow-origin": "*",
     "access-control-allow-methods": methods,
     "access-control-allow-headers": "content-type, x-voyant-protocol",
-  };
+  }
 }
 
 function json(status: number, body: unknown): Response {
@@ -210,9 +212,9 @@ function json(status: number, body: unknown): Response {
       "content-type": "application/json; charset=utf-8",
       ...corsHeaders("GET,POST,OPTIONS"),
     },
-  });
+  })
 }
 
 function errMsg(err: unknown): string {
-  return err instanceof Error ? err.message : String(err);
+  return err instanceof Error ? err.message : String(err)
 }