beddel 0.2.0 → 0.2.2

package/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## [0.2.2] - 2025-12-19
+
+### Changed
+- Maintenance release (no functional changes)
+
 ## [0.2.0] - 2025-12-18
 
 ### Added

package/README.md

@@ -215,21 +215,29 @@ output:
 
 2. **The agent is automatically registered** when your application starts.
 
-3. **Execute via GraphQL or directly**:
+3. **Execute via GraphQL or directly** (GraphQL Yoga, introspection always enabled). GraphiQL is available at `GET /api/graphql`:
 
 ```graphql
-mutation {
-  executeMethod(
-    methodName: "greeting.execute"
-    params: { name: "Alice" }
-    props: { gemini_api_key: "your-api-key" }
-  ) {
+mutation Execute($methodName: String!, $params: JSON!, $props: JSON!) {
+  executeMethod(methodName: $methodName, params: $params, props: $props) {
     success
     data
+    error
+    executionTime
   }
 }
 ```
 
+Example variables:
+
+```json
+{
+  "methodName": "greeting.execute",
+  "params": { "name": "Alice" },
+  "props": { "gemini_api_key": "your-api-key" }
+}
+```
+
 ### Custom Agents with TypeScript Code-Behind
 
 For more complex logic, create custom agents with TypeScript implementations:

package/dist/server/api/graphql.d.ts

@@ -5,5 +5,5 @@ import type { ExecuteMethodInput, ExecuteMethodResult } from "../types";
 export declare function getGraphQLSchema(): string;
 export declare function executeRegisteredMethod(input: ExecuteMethodInput, clientId: string): Promise<ExecuteMethodResult>;
 export declare function handleGraphQLPost(request: Request): Promise<Response>;
-export declare function handleGraphQLGet(): Response;
+export declare function handleGraphQLGet(request: Request): Promise<Response>;
 //# sourceMappingURL=graphql.d.ts.map

package/dist/server/api/graphql.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"graphql.d.ts","sourceRoot":"","sources":["../../../src/server/api/graphql.ts"],"names":[],"mappings":"AAAA;;GAEG;AAsBH,OAAO,KAAK,EACV,kBAAkB,EAClB,mBAAmB,EAEpB,MAAM,UAAU,CAAC;AASlB,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAED,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,kBAAkB,EACzB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,mBAAmB,CAAC,CAwH9B;AAED,wBAAsB,iBAAiB,CAAC,OAAO,EAAE,OAAO,qBAyEvD;AAED,wBAAgB,gBAAgB,aAO/B"}
+{"version":3,"file":"graphql.d.ts","sourceRoot":"","sources":["../../../src/server/api/graphql.ts"],"names":[],"mappings":"AAAA;;GAEG;AAwBH,OAAO,KAAK,EACV,kBAAkB,EAClB,mBAAmB,EAEpB,MAAM,UAAU,CAAC;AASlB,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAmCD,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,kBAAkB,EACzB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,mBAAmB,CAAC,CAwH9B;AA8ED,wBAAsB,iBAAiB,CAAC,OAAO,EAAE,OAAO,qBAEvD;AAED,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,OAAO,qBAEtD"}

package/dist/server/api/graphql.js

@@ -7,6 +7,8 @@ exports.getGraphQLSchema = getGraphQLSchema;
 exports.executeRegisteredMethod = executeRegisteredMethod;
 exports.handleGraphQLPost = handleGraphQLPost;
 exports.handleGraphQLGet = handleGraphQLGet;
+const graphql_1 = require("graphql");
+const graphql_yoga_1 = require("graphql-yoga");
 const agentRegistry_1 = require("../../agents/agentRegistry");
 const kvStore_1 = require("../kvStore");
 const runtimeSecurity_1 = require("../runtimeSecurity");
@@ -20,6 +22,37 @@ const schema = `
 function getGraphQLSchema() {
     return schema;
 }
+const parseJsonLiteral = (ast) => {
+    switch (ast.kind) {
+        case graphql_1.Kind.STRING:
+        case graphql_1.Kind.BOOLEAN:
+            return ast.value;
+        case graphql_1.Kind.INT:
+            return parseInt(ast.value, 10);
+        case graphql_1.Kind.FLOAT:
+            return parseFloat(ast.value);
+        case graphql_1.Kind.OBJECT: {
+            const value = {};
+            for (const field of ast.fields) {
+                value[field.name.value] = parseJsonLiteral(field.value);
+            }
+            return value;
+        }
+        case graphql_1.Kind.LIST:
+            return ast.values.map(parseJsonLiteral);
+        case graphql_1.Kind.NULL:
+            return null;
+        default:
+            return null;
+    }
+};
+const jsonScalar = new graphql_1.GraphQLScalarType({
+    name: "JSON",
+    description: "Arbitrary JSON value",
+    serialize: (value) => value,
+    parseValue: (value) => value,
+    parseLiteral: (ast) => parseJsonLiteral(ast),
+});
 async function executeRegisteredMethod(input, clientId) {
     const startTime = Date.now();
     const context = {
@@ -113,68 +146,77 @@ async function executeRegisteredMethod(input, clientId) {
         return { success: false, error: errorMessage, executionTime };
     }
 }
-async function handleGraphQLPost(request) {
-    try {
-        let clientId;
-        const authHeader = request.headers.get("authorization");
-        if (authHeader && authHeader.startsWith("Bearer ")) {
-            const apiKey = authHeader.substring(7);
-            if (!(0, runtimeSecurity_1.isValidApiKey)(apiKey)) {
-                throw new errors_1.AuthenticationError("Invalid API key format");
-            }
-            const client = await (0, kvStore_1.getClientByApiKey)(apiKey);
-            if (!client)
-                throw new errors_1.AuthenticationError("Invalid API key");
-            const rateLimitOk = await (0, kvStore_1.checkRateLimit)(client.id, client.rateLimit);
-            if (!rateLimitOk)
-                throw new errors_1.RateLimitError("Rate limit exceeded.");
-            clientId = client.id;
-        }
-        else if (request.headers.get("x-admin-tenant") === "true") {
-            clientId = "admin_tenant";
-        }
-        else {
-            throw new errors_1.AuthenticationError("Missing or invalid authorization header");
-        }
-        const body = await request.json();
-        if (!body.query) {
-            throw new errors_1.ValidationError("Missing query in request body");
-        }
-        if (body.query && body.query.includes("executeMethod")) {
-            if (!body.variables || !body.variables.methodName) {
-                throw new errors_1.ValidationError("Missing 'variables' or 'methodName' in request body");
-            }
-            const result = await executeRegisteredMethod({
-                methodName: body.variables.methodName,
-                params: body.variables.params || {},
-                props: body.variables.props || {},
-            }, clientId);
-            return Response.json({ data: { executeMethod: result } });
+async function resolveClientId(request) {
+    const authHeader = request.headers.get("authorization");
+    if (authHeader && authHeader.startsWith("Bearer ")) {
+        const apiKey = authHeader.substring(7);
+        if (!(0, runtimeSecurity_1.isValidApiKey)(apiKey)) {
+            throw new errors_1.AuthenticationError("Invalid API key format");
         }
-        return Response.json({ errors: [{ message: "Unsupported operation" }] }, { status: 400 });
+        const client = await (0, kvStore_1.getClientByApiKey)(apiKey);
+        if (!client)
+            throw new errors_1.AuthenticationError("Invalid API key");
+        const rateLimitOk = await (0, kvStore_1.checkRateLimit)(client.id, client.rateLimit);
+        if (!rateLimitOk)
+            throw new errors_1.RateLimitError("Rate limit exceeded.");
+        return client.id;
     }
-    catch (error) {
-        const status = error instanceof errors_1.AuthenticationError
-            ? 401
-            : error instanceof errors_1.RateLimitError
-                ? 429
-                : error instanceof errors_1.ValidationError
-                    ? 400
-                    : error instanceof errors_1.NotFoundError
-                        ? 404
-                        : 500;
-        return Response.json({
-            errors: [
-                {
-                    message: error instanceof Error ? error.message : "Internal server error",
-                },
-            ],
-        }, { status });
+    if (request.headers.get("x-admin-tenant") === "true") {
+        return "admin_tenant";
+    }
+    throw new errors_1.AuthenticationError("Missing or invalid authorization header");
+}
+function toGraphQLError(error) {
+    const message = error instanceof Error ? error.message : "Internal server error";
+    let code = "INTERNAL_SERVER_ERROR";
+    if (error instanceof errors_1.AuthenticationError) {
+        code = "UNAUTHENTICATED";
+    }
+    else if (error instanceof errors_1.RateLimitError) {
+        code = "RATE_LIMITED";
+    }
+    else if (error instanceof errors_1.ValidationError) {
+        code = "BAD_USER_INPUT";
     }
+    else if (error instanceof errors_1.NotFoundError) {
+        code = "NOT_FOUND";
+    }
+    return new graphql_1.GraphQLError(message, { extensions: { code } });
+}
+const yoga = (0, graphql_yoga_1.createYoga)({
+    schema: (0, graphql_yoga_1.createSchema)({
+        typeDefs: schema,
+        resolvers: {
+            JSON: jsonScalar,
+            Query: {
+                ping: () => "pong",
+            },
+            Mutation: {
+                executeMethod: async (_parent, args, context) => {
+                    try {
+                        const clientId = await resolveClientId(context.request);
+                        return await executeRegisteredMethod({
+                            methodName: args.methodName,
+                            params: args.params || {},
+                            props: args.props || {},
+                        }, clientId);
+                    }
+                    catch (error) {
+                        throw toGraphQLError(error);
+                    }
+                },
+            },
+        },
+    }),
+    context: ({ request }) => ({ request }),
+    graphqlEndpoint: "/api/graphql",
+    graphiql: true,
+    fetchAPI: { Request, Response },
+});
+async function handleGraphQLPost(request) {
+    return yoga.handleRequest(request, { request });
 }
-function handleGraphQLGet() {
-    return new Response(`<!DOCTYPE html>
-    <html><head><title>Opal Support API - GraphQL</title><style>body{font-family:sans-serif;max-width:800px;margin:50px auto;padding:20px}code,pre{background:#f4f4f4;padding:4px 8px;border-radius:4px}</style></head>
-    <body><h1>Opal Support API</h1><p>GraphQL endpoint for executing registered methods.</p><h2>Endpoint</h2><code>POST /api/graphql</code><h2>Authentication</h2><p>Use Bearer token in Authorization header.</p><h2>Schema</h2><pre>${schema}</pre></body></html>`, { headers: { "Content-Type": "text/html" } });
+async function handleGraphQLGet(request) {
+    return yoga.handleRequest(request, { request });
 }
 //# sourceMappingURL=graphql.js.map

package/dist/server/api/graphql.js.map

@@ -1 +1 @@
-{"version":3,"file":"graphql.js","sourceRoot":"","sources":["../../../src/server/api/graphql.ts"],"names":[],"mappings":";AAAA;;GAEG;;AAmCH,4CAEC;AAED,0DA2HC;AAED,8CAyEC;AAED,4CAOC;AApPD,8DAA2D;AAC3D,wCAKoB;AACpB,wDAM4B;AAC5B,sCAKmB;AAOnB,MAAM,MAAM,GAAG;;;;;CAKd,CAAC;AAEF,SAAgB,gBAAgB;IAC9B,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,KAAyB,EACzB,QAAgB;IAEhB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAqB;QAChC,IAAI,EAAE,EAAE;QACR,MAAM,EAAE,SAAS;QACjB,MAAM,EAAE,SAAS;QACjB,KAAK,EAAE,SAAS;QAChB,GAAG,EAAE,CAAC,OAAe,EAAE,EAAE,CACvB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,OAAO,EAAE,CAAC;QAC/D,SAAS,EAAE,CAAC,MAAe,EAAE,EAAE;YAC7B,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;YACxB,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;QAC7B,CAAC;QACD,QAAQ,EAAE,CAAC,KAAa,EAAE,EAAE;YAC1B,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC;YACtB,OAAO,CAAC,MAAM,GAAG,OAAO,CAAC;QAC3B,CAAC;KACF,CAAC;IAEF,IAAI,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAC3C,IAAI,CAAC,IAAA,mCAAiB,EAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,wBAAe,CAAC,4BAA4B,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,gBAAgB,GAAG,6BAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAClE,IAAI,gBAAgB,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,4BAA4B,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;YAE5D,MAAM,MAAM,GAAG,MAAM,6BAAa,CAAC,YAAY,CAC7C,KAAK,CAAC,UAAU,EAChB,IAAA,+BAAa,EAAC,KAAK,CAAC,MAAM,CAAwB,EAClD,IAAA,+BAAa,EAAC,KAAK,CAAC,KAAK,CAA2B,EACpD,OAAO,CACR,CAAC;YAEF,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAC7C,MAAM,IAAA,sBAAY,EAAC;gBACjB,EAAE,EAAE,OAAO,IAAI,CAAC,GAAG,EAAE,EAAE;gBACvB,QAAQ;gBACR,YAAY,EAAE,KAAK,CAAC,UAAU;gBAC9B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,QAAQ,EAAE,aAAa;gBACvB,OAAO,EAAE,IAAI;gBACb,KAAK,EAAE,KAAK,CAAC,MAAM;gBACnB,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,OAAO,CAAC,IAAI;aACnB,CAAC,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;QACxD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAA,2BAAiB,EAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sBAAa,CAAC,WAAW,KAAK,CAAC,UAAU,aAAa,CAAC,CAAC;QACpE,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,mBAAmB,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QAChD,MAAM,eAAe,GAAG,IAAA,+BAAa,EAAC,KAAK,CAAC,MAAM,CAGjD,CAAC;QACF,MAAM,cAAc,GAAG,IAAA,+BAAa,EAAC,KAAK,CAAC,KAAK,CAA2B,CAAC;QAC5E,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,IAAA,uCAAqB,EAC9C,QAAQ,CAAC,aAAa,EACtB,cAAc,CACf,CAAC;QACF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,wBAAe,CACvB,2BAA2B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAChD,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;QACnD,MAAM,IAAA,kCAAgB,EACpB,QAAQ,CAAC,IAAI,EACb,eAAe,EACf,cAAc,EACd,OAAO,CACR,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAE3C,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,IAAI,2BAA2B,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAC7C,MAAM,IAAA,sBAAY,EAAC;YACjB,EAAE,EAAE,OAAO,IAAI,CAAC,GAAG,EAAE,EAAE;YACvB,QAAQ;YACR,YAAY,EAAE,KAAK,CAAC,UAAU;YAC9B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,QAAQ,EAAE,aAAa;YACvB,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,eAAe;YACtB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,IAAI,EAAE,OAAO,CAAC,IAAI;SACnB,CAAC,CAAC;QACH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,MAAM,EAAE,aAAa,EAAE,CAAC;IAChE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAC7C,MAAM,YAAY,GAChB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QAC3D,IAAI,CAAC,OAAO,CAAC,KAAK;YAAE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAEnD,MAAM,IAAA,sBAAY,EAAC;YACjB,EAAE,EAAE,OAAO,IAAI,CAAC,GAAG,EAAE,EAAE;YACvB,QAAQ;YACR,YAAY,EAAE,KAAK,CAAC,UAAU;YAC9B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,QAAQ,EAAE,aAAa;YACvB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,KAAK,CAAC,MAAM;YACnB,IAAI,EAAE,OAAO,CAAC,IAAI;SACnB,CAAC,CAAC;QACH,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC;IAChE,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,OAAgB;IACtD,IAAI,CAAC;QACH,IAAI,QAAgB,CAAC;QACrB,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QAExD,IAAI,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;YACvC,IAAI,CAAC,IAAA,+BAAa,EAAC,MAAM,CAAC,EAAE,CAAC;gBAC3B,MAAM,IAAI,4BAAmB,CAAC,wBAAwB,CAAC,CAAC;YAC1D,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAiB,EAAC,MAAM,CAAC,CAAC;YAC/C,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,4BAAmB,CAAC,iBAAiB,CAAC,CAAC;YAC9D,MAAM,WAAW,GAAG,MAAM,IAAA,wBAAc,EAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YACtE,IAAI,CAAC,WAAW;gBAAE,MAAM,IAAI,uBAAc,CAAC,sBAAsB,CAAC,CAAC;YACnE,QAAQ,GAAG,MAAM,CAAC,EAAE,CAAC;QACvB,CAAC;aAAM,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,KAAK,MAAM,EAAE,CAAC;YAC5D,QAAQ,GAAG,cAAc,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,4BAAmB,CAC3B,yCAAyC,CAC1C,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAChB,MAAM,IAAI,wBAAe,CAAC,+BAA+B,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YACvD,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC;gBAClD,MAAM,IAAI,wBAAe,CACvB,qDAAqD,CACtD,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,uBAAuB,CAC1C;gBACE,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU;gBACrC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,IAAI,EAAE;gBACnC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI,EAAE;aAClC,EACD,QAAQ,CACT,CAAC;YACF,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,QAAQ,CAAC,IAAI,CAClB,EAAE,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,EAAE,EAClD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,MAAM,GACV,KAAK,YAAY,4BAAmB;YAClC,CAAC,CAAC,GAAG;YACL,CAAC,CAAC,KAAK,YAAY,uBAAc;gBACjC,CAAC,CAAC,GAAG;gBACL,CAAC,CAAC,KAAK,YAAY,wBAAe;oBAClC,CAAC,CAAC,GAAG;oBACL,CAAC,CAAC,KAAK,YAAY,sBAAa;wBAChC,CAAC,CAAC,GAAG;wBACL,CAAC,CAAC,GAAG,CAAC;QACV,OAAO,QAAQ,CAAC,IAAI,CAClB;YACE,MAAM,EAAE;gBACN;oBACE,OAAO,EACL,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB;iBACnE;aACF;SACF,EACD,EAAE,MAAM,EAAE,CACX,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAgB,gBAAgB;IAC9B,OAAO,IAAI,QAAQ,CACjB;;wOAEoO,MAAM,sBAAsB,EAChQ,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,CAC7C,CAAC;AACJ,CAAC"}
+{"version":3,"file":"graphql.js","sourceRoot":"","sources":["../../../src/server/api/graphql.ts"],"names":[],"mappings":";AAAA;;GAEG;;AAqCH,4CAEC;AAmCD,0DA2HC;AA8ED,8CAEC;AAED,4CAEC;AAvRD,qCAAgF;AAChF,+CAAwD;AACxD,8DAA2D;AAC3D,wCAKoB;AACpB,wDAM4B;AAC5B,sCAKmB;AAOnB,MAAM,MAAM,GAAG;;;;;CAKd,CAAC;AAEF,SAAgB,gBAAgB;IAC9B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,gBAAgB,GAAG,CAAC,GAAc,EAAW,EAAE;IACnD,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,cAAI,CAAC,MAAM,CAAC;QACjB,KAAK,cAAI,CAAC,OAAO;YACf,OAAO,GAAG,CAAC,KAAK,CAAC;QACnB,KAAK,cAAI,CAAC,GAAG;YACX,OAAO,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACjC,KAAK,cAAI,CAAC,KAAK;YACb,OAAO,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC/B,KAAK,cAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YACjB,MAAM,KAAK,GAAwB,EAAE,CAAC;YACtC,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;gBAC/B,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,gBAAgB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC1D,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,KAAK,cAAI,CAAC,IAAI;YACZ,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC1C,KAAK,cAAI,CAAC,IAAI;YACZ,OAAO,IAAI,CAAC;QACd;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,IAAI,2BAAiB,CAAC;IACvC,IAAI,EAAE,MAAM;IACZ,WAAW,EAAE,sBAAsB;IACnC,SAAS,EAAE,CAAC,KAAc,EAAE,EAAE,CAAC,KAAK;IACpC,UAAU,EAAE,CAAC,KAAc,EAAE,EAAE,CAAC,KAAK;IACrC,YAAY,EAAE,CAAC,GAAc,EAAE,EAAE,CAAC,gBAAgB,CAAC,GAAG,CAAC;CACxD,CAAC,CAAC;AAEI,KAAK,UAAU,uBAAuB,CAC3C,KAAyB,EACzB,QAAgB;IAEhB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAqB;QAChC,IAAI,EAAE,EAAE;QACR,MAAM,EAAE,SAAS;QACjB,MAAM,EAAE,SAAS;QACjB,KAAK,EAAE,SAAS;QAChB,GAAG,EAAE,CAAC,OAAe,EAAE,EAAE,CACvB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,OAAO,EAAE,CAAC;QAC/D,SAAS,EAAE,CAAC,MAAe,EAAE,EAAE;YAC7B,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;YACxB,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;QAC7B,CAAC;QACD,QAAQ,EAAE,CAAC,KAAa,EAAE,EAAE;YAC1B,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC;YACtB,OAAO,CAAC,MAAM,GAAG,OAAO,CAAC;QAC3B,CAAC;KACF,CAAC;IAEF,IAAI,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAC3C,IAAI,CAAC,IAAA,mCAAiB,EAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,wBAAe,CAAC,4BAA4B,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,gBAAgB,GAAG,6BAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAClE,IAAI,gBAAgB,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,4BAA4B,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;YAE5D,MAAM,MAAM,GAAG,MAAM,6BAAa,CAAC,YAAY,CAC7C,KAAK,CAAC,UAAU,EAChB,IAAA,+BAAa,EAAC,KAAK,CAAC,MAAM,CAAwB,EAClD,IAAA,+BAAa,EAAC,KAAK,CAAC,KAAK,CAA2B,EACpD,OAAO,CACR,CAAC;YAEF,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAC7C,MAAM,IAAA,sBAAY,EAAC;gBACjB,EAAE,EAAE,OAAO,IAAI,CAAC,GAAG,EAAE,EAAE;gBACvB,QAAQ;gBACR,YAAY,EAAE,KAAK,CAAC,UAAU;gBAC9B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,QAAQ,EAAE,aAAa;gBACvB,OAAO,EAAE,IAAI;gBACb,KAAK,EAAE,KAAK,CAAC,MAAM;gBACnB,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,OAAO,CAAC,IAAI;aACnB,CAAC,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;QACxD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAA,2BAAiB,EAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sBAAa,CAAC,WAAW,KAAK,CAAC,UAAU,aAAa,CAAC,CAAC;QACpE,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,mBAAmB,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QAChD,MAAM,eAAe,GAAG,IAAA,+BAAa,EAAC,KAAK,CAAC,MAAM,CAGjD,CAAC;QACF,MAAM,cAAc,GAAG,IAAA,+BAAa,EAAC,KAAK,CAAC,KAAK,CAA2B,CAAC;QAC5E,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,IAAA,uCAAqB,EAC9C,QAAQ,CAAC,aAAa,EACtB,cAAc,CACf,CAAC;QACF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,wBAAe,CACvB,2BAA2B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAChD,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;QACnD,MAAM,IAAA,kCAAgB,EACpB,QAAQ,CAAC,IAAI,EACb,eAAe,EACf,cAAc,EACd,OAAO,CACR,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAE3C,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,IAAI,2BAA2B,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAC7C,MAAM,IAAA,sBAAY,EAAC;YACjB,EAAE,EAAE,OAAO,IAAI,CAAC,GAAG,EAAE,EAAE;YACvB,QAAQ;YACR,YAAY,EAAE,KAAK,CAAC,UAAU;YAC9B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,QAAQ,EAAE,aAAa;YACvB,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,eAAe;YACtB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,IAAI,EAAE,OAAO,CAAC,IAAI;SACnB,CAAC,CAAC;QACH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,MAAM,EAAE,aAAa,EAAE,CAAC;IAChE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAC7C,MAAM,YAAY,GAChB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QAC3D,IAAI,CAAC,OAAO,CAAC,KAAK;YAAE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAEnD,MAAM,IAAA,sBAAY,EAAC;YACjB,EAAE,EAAE,OAAO,IAAI,CAAC,GAAG,EAAE,EAAE;YACvB,QAAQ;YACR,YAAY,EAAE,KAAK,CAAC,UAAU;YAC9B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,QAAQ,EAAE,aAAa;YACvB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,KAAK,CAAC,MAAM;YACnB,IAAI,EAAE,OAAO,CAAC,IAAI;SACnB,CAAC,CAAC;QACH,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC;IAChE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,OAAgB;IAC7C,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAExD,IAAI,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACnD,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QACvC,IAAI,CAAC,IAAA,+BAAa,EAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,4BAAmB,CAAC,wBAAwB,CAAC,CAAC;QAC1D,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAiB,EAAC,MAAM,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,4BAAmB,CAAC,iBAAiB,CAAC,CAAC;QAC9D,MAAM,WAAW,GAAG,MAAM,IAAA,wBAAc,EAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;QACtE,IAAI,CAAC,WAAW;YAAE,MAAM,IAAI,uBAAc,CAAC,sBAAsB,CAAC,CAAC;QACnE,OAAO,MAAM,CAAC,EAAE,CAAC;IACnB,CAAC;IAED,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,KAAK,MAAM,EAAE,CAAC;QACrD,OAAO,cAAc,CAAC;IACxB,CAAC;IAED,MAAM,IAAI,4BAAmB,CAAC,yCAAyC,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC;IACjF,IAAI,IAAI,GAAG,uBAAuB,CAAC;IAEnC,IAAI,KAAK,YAAY,4BAAmB,EAAE,CAAC;QACzC,IAAI,GAAG,iBAAiB,CAAC;IAC3B,CAAC;SAAM,IAAI,KAAK,YAAY,uBAAc,EAAE,CAAC;QAC3C,IAAI,GAAG,cAAc,CAAC;IACxB,CAAC;SAAM,IAAI,KAAK,YAAY,wBAAe,EAAE,CAAC;QAC5C,IAAI,GAAG,gBAAgB,CAAC;IAC1B,CAAC;SAAM,IAAI,KAAK,YAAY,sBAAa,EAAE,CAAC;QAC1C,IAAI,GAAG,WAAW,CAAC;IACrB,CAAC;IAED,OAAO,IAAI,sBAAY,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,IAAI,GAAG,IAAA,yBAAU,EAAC;IACtB,MAAM,EAAE,IAAA,2BAAY,EAAC;QACnB,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE;YACT,IAAI,EAAE,UAAU;YAChB,KAAK,EAAE;gBACL,IAAI,EAAE,GAAG,EAAE,CAAC,MAAM;aACnB;YACD,QAAQ,EAAE;gBACR,aAAa,EAAE,KAAK,EAClB,OAAgB,EAChB,IAA8F,EAC9F,OAA6B,EAC7B,EAAE;oBACF,IAAI,CAAC;wBACH,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;wBACxD,OAAO,MAAM,uBAAuB,CAClC;4BACE,UAAU,EAAE,IAAI,CAAC,UAAU;4BAC3B,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE;4BACzB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,EAAE;yBACxB,EACD,QAAQ,CACT,CAAC;oBACJ,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC;oBAC9B,CAAC;gBACH,CAAC;aACF;SACF;KACF,CAAC;IACF,OAAO,EAAE,CAAC,EAAE,OAAO,EAAwB,EAAE,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC;IAC7D,eAAe,EAAE,cAAc;IAC/B,QAAQ,EAAE,IAAI;IACd,QAAQ,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEI,KAAK,UAAU,iBAAiB,CAAC,OAAgB;IACtD,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;AAClD,CAAC;AAEM,KAAK,UAAU,gBAAgB,CAAC,OAAgB;IACrD,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;AAClD,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "beddel",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "description": "Beddel - A secure YAML parser and OpenAPI endpoint manager for Node.js applications",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -23,6 +23,10 @@
     "./server/*": {
       "types": "./dist/server/*.d.ts",
       "default": "./dist/server/*.js"
+    },
+    "./server/api/graphql": {
+      "types": "./dist/server/api/graphql.d.ts",
+      "default": "./dist/server/api/graphql.js"
     }
   },
   "scripts": {
@@ -33,7 +37,10 @@
     "test:watch": "jest --watch",
     "test:coverage": "jest --coverage",
     "lint": "eslint src --ext .ts",
-    "lint:fix": "eslint src --ext .ts --fix"
+    "lint:fix": "eslint src --ext .ts --fix",
+    "version:patch": "npm version patch",
+    "version:minor": "npm version minor",
+    "version:major": "npm version major"
   },
   "keywords": [
     "yaml",
@@ -59,6 +66,8 @@
     "@upstash/redis": "^1.34.3",
     "ai": "^5.0.70",
     "firebase-admin": "12.7.0",
+    "graphql": "^16.10.0",
+    "graphql-yoga": "^5.13.5",
     "isolated-vm": "5.0.1",
     "js-yaml": "^4.1.0",
     "zod": "^4.1.12"
@@ -77,4 +86,4 @@
   "engines": {
     "node": ">=18.0.0"
   }
-}
+}

package/src/server/api/graphql.ts

@@ -2,6 +2,8 @@
  * GraphQL helpers used by the /api/graphql route.
  */
 
+import { GraphQLError, GraphQLScalarType, Kind, type ValueNode } from "graphql";
+import { createSchema, createYoga } from "graphql-yoga";
 import { agentRegistry } from "../../agents/agentRegistry";
 import {
   getClientByApiKey,
@@ -39,6 +41,39 @@ export function getGraphQLSchema(): string {
   return schema;
 }
 
+const parseJsonLiteral = (ast: ValueNode): unknown => {
+  switch (ast.kind) {
+    case Kind.STRING:
+    case Kind.BOOLEAN:
+      return ast.value;
+    case Kind.INT:
+      return parseInt(ast.value, 10);
+    case Kind.FLOAT:
+      return parseFloat(ast.value);
+    case Kind.OBJECT: {
+      const value: Record<string, any> = {};
+      for (const field of ast.fields) {
+        value[field.name.value] = parseJsonLiteral(field.value);
+      }
+      return value;
+    }
+    case Kind.LIST:
+      return ast.values.map(parseJsonLiteral);
+    case Kind.NULL:
+      return null;
+    default:
+      return null;
+  }
+};
+
+const jsonScalar = new GraphQLScalarType({
+  name: "JSON",
+  description: "Arbitrary JSON value",
+  serialize: (value: unknown) => value,
+  parseValue: (value: unknown) => value,
+  parseLiteral: (ast: ValueNode) => parseJsonLiteral(ast),
+});
+
 export async function executeRegisteredMethod(
   input: ExecuteMethodInput,
   clientId: string
@@ -164,86 +199,86 @@ export async function executeRegisteredMethod(
   }
 }
 
-export async function handleGraphQLPost(request: Request) {
-  try {
-    let clientId: string;
-    const authHeader = request.headers.get("authorization");
+async function resolveClientId(request: Request): Promise<string> {
+  const authHeader = request.headers.get("authorization");
 
-    if (authHeader && authHeader.startsWith("Bearer ")) {
-      const apiKey = authHeader.substring(7);
-      if (!isValidApiKey(apiKey)) {
-        throw new AuthenticationError("Invalid API key format");
-      }
-      const client = await getClientByApiKey(apiKey);
-      if (!client) throw new AuthenticationError("Invalid API key");
-      const rateLimitOk = await checkRateLimit(client.id, client.rateLimit);
-      if (!rateLimitOk) throw new RateLimitError("Rate limit exceeded.");
-      clientId = client.id;
-    } else if (request.headers.get("x-admin-tenant") === "true") {
-      clientId = "admin_tenant";
-    } else {
-      throw new AuthenticationError(
-        "Missing or invalid authorization header"
-      );
+  if (authHeader && authHeader.startsWith("Bearer ")) {
+    const apiKey = authHeader.substring(7);
+    if (!isValidApiKey(apiKey)) {
+      throw new AuthenticationError("Invalid API key format");
     }
+    const client = await getClientByApiKey(apiKey);
+    if (!client) throw new AuthenticationError("Invalid API key");
+    const rateLimitOk = await checkRateLimit(client.id, client.rateLimit);
+    if (!rateLimitOk) throw new RateLimitError("Rate limit exceeded.");
+    return client.id;
+  }
 
-    const body = await request.json();
-    if (!body.query) {
-      throw new ValidationError("Missing query in request body");
-    }
+  if (request.headers.get("x-admin-tenant") === "true") {
+    return "admin_tenant";
+  }
 
-    if (body.query && body.query.includes("executeMethod")) {
-      if (!body.variables || !body.variables.methodName) {
-        throw new ValidationError(
-          "Missing 'variables' or 'methodName' in request body"
-        );
-      }
+  throw new AuthenticationError("Missing or invalid authorization header");
+}
 
-      const result = await executeRegisteredMethod(
-        {
-          methodName: body.variables.methodName,
-          params: body.variables.params || {},
-          props: body.variables.props || {},
-        },
-        clientId
-      );
-      return Response.json({ data: { executeMethod: result } });
-    }
+function toGraphQLError(error: unknown): GraphQLError {
+  const message = error instanceof Error ? error.message : "Internal server error";
+  let code = "INTERNAL_SERVER_ERROR";
 
-    return Response.json(
-      { errors: [{ message: "Unsupported operation" }] },
-      { status: 400 }
-    );
-  } catch (error) {
-    const status =
-      error instanceof AuthenticationError
-        ? 401
-        : error instanceof RateLimitError
-        ? 429
-        : error instanceof ValidationError
-        ? 400
-        : error instanceof NotFoundError
-        ? 404
-        : 500;
-    return Response.json(
-      {
-        errors: [
-          {
-            message:
-              error instanceof Error ? error.message : "Internal server error",
-          },
-        ],
-      },
-      { status }
-    );
+  if (error instanceof AuthenticationError) {
+    code = "UNAUTHENTICATED";
+  } else if (error instanceof RateLimitError) {
+    code = "RATE_LIMITED";
+  } else if (error instanceof ValidationError) {
+    code = "BAD_USER_INPUT";
+  } else if (error instanceof NotFoundError) {
+    code = "NOT_FOUND";
   }
+
+  return new GraphQLError(message, { extensions: { code } });
+}
+
+const yoga = createYoga({
+  schema: createSchema({
+    typeDefs: schema,
+    resolvers: {
+      JSON: jsonScalar,
+      Query: {
+        ping: () => "pong",
+      },
+      Mutation: {
+        executeMethod: async (
+          _parent: unknown,
+          args: { methodName: string; params?: Record<string, unknown>; props?: Record<string, string> },
+          context: { request: Request }
+        ) => {
+          try {
+            const clientId = await resolveClientId(context.request);
+            return await executeRegisteredMethod(
+              {
+                methodName: args.methodName,
+                params: args.params || {},
+                props: args.props || {},
+              },
+              clientId
+            );
+          } catch (error) {
+            throw toGraphQLError(error);
+          }
+        },
+      },
+    },
+  }),
+  context: ({ request }: { request: Request }) => ({ request }),
+  graphqlEndpoint: "/api/graphql",
+  graphiql: true,
+  fetchAPI: { Request, Response },
+});
+
+export async function handleGraphQLPost(request: Request) {
+  return yoga.handleRequest(request, { request });
 }
 
-export function handleGraphQLGet() {
-  return new Response(
-    `<!DOCTYPE html>
-    <html><head><title>Opal Support API - GraphQL</title><style>body{font-family:sans-serif;max-width:800px;margin:50px auto;padding:20px}code,pre{background:#f4f4f4;padding:4px 8px;border-radius:4px}</style></head>
-    <body><h1>Opal Support API</h1><p>GraphQL endpoint for executing registered methods.</p><h2>Endpoint</h2><code>POST /api/graphql</code><h2>Authentication</h2><p>Use Bearer token in Authorization header.</p><h2>Schema</h2><pre>${schema}</pre></body></html>`,
-    { headers: { "Content-Type": "text/html" } }
-  );
+export async function handleGraphQLGet(request: Request) {
+  return yoga.handleRequest(request, { request });
 }