dxcomplete 0.1.0

package/dist/http/server.js

@@ -0,0 +1,236 @@
+import { loadWorkspaceConfig, parseWorkspaceConfig } from "../runtime/workspace.js";
+const MCP_PATH = "/api/mcp";
+const GOOGLE_CALLBACK_PATH = "/api/auth/callback/google";
+const MCP_SCOPE = "mcp:tools";
+let workspaceConfigPromise;
+export function configureDxcompleteWorkspace(config) {
+    workspaceConfigPromise = Promise.resolve(parseWorkspaceConfig(config, "DX Complete workspace config"));
+}
+export async function closeDxcompleteHttpRuntime() {
+    workspaceConfigPromise = undefined;
+}
+export default async function handleDxcompleteHttpRequest(req, res) {
+    try {
+        setCorsHeaders(res);
+        if (req.method === "OPTIONS") {
+            res.writeHead(204).end();
+            return;
+        }
+        const baseUrl = getBaseUrl(req);
+        const requestUrl = new URL(req.url ?? "/", baseUrl);
+        const path = normalizePath(requestUrl.pathname);
+        if (isProtectedResourceMetadataPath(path)) {
+            writeJson(res, 200, protectedResourceMetadata(baseUrl));
+            return;
+        }
+        if (isAuthorizationServerMetadataPath(path)) {
+            writeJson(res, 200, authorizationServerMetadata(baseUrl));
+            return;
+        }
+        if (path === MCP_PATH && !readBearerToken(req)) {
+            await drainRequestBody(req);
+            writeOAuthChallenge(res, baseUrl);
+            return;
+        }
+        const servicePath = servicePathForPublicPath(path);
+        if (!servicePath) {
+            writeJson(res, 404, { error: "not_found" });
+            return;
+        }
+        const workspaceConfig = await getWorkspaceConfig();
+        const serviceConfig = getWorkspaceServiceConfig();
+        await proxyToCentralService(req, res, {
+            serviceConfig,
+            workspaceConfig,
+            baseUrl,
+            servicePath,
+            search: requestUrl.search
+        });
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (!res.headersSent) {
+            writeJson(res, 500, { error: "server_error", error_description: message });
+        }
+        else {
+            res.end();
+        }
+    }
+}
+async function proxyToCentralService(req, res, input) {
+    const targetUrl = new URL(input.servicePath + input.search, input.serviceConfig.serviceUrl);
+    const body = req.method === "GET" || req.method === "HEAD" ? undefined : await readRequestBody(req);
+    const response = await fetch(targetUrl, {
+        method: req.method,
+        headers: serviceHeaders(req.headers, input),
+        body,
+        redirect: "manual"
+    });
+    const responseBody = Buffer.from(await response.arrayBuffer());
+    const headers = {};
+    response.headers.forEach((value, key) => {
+        if (!shouldForwardResponseHeader(key)) {
+            return;
+        }
+        headers[key] = value;
+    });
+    headers["content-length"] = String(responseBody.byteLength);
+    res.writeHead(response.status, headers);
+    res.end(responseBody);
+}
+function serviceHeaders(headers, input) {
+    const forwarded = new Headers();
+    for (const key of [
+        "accept",
+        "authorization",
+        "content-type",
+        "mcp-protocol-version",
+        "mcp-session-id",
+        "last-event-id",
+        "user-agent"
+    ]) {
+        const value = firstHeader(headers[key]);
+        if (value) {
+            forwarded.set(key, value);
+        }
+    }
+    forwarded.set("x-dxc-service-client-id", input.serviceConfig.serviceClientId);
+    forwarded.set("x-dxc-service-client-secret", input.serviceConfig.serviceClientSecret);
+    forwarded.set("x-dxc-workspace-id", input.workspaceConfig.workspaceId);
+    forwarded.set("x-dxc-workspace-name", input.workspaceConfig.name);
+    forwarded.set("x-dxc-forwarded-base-url", input.baseUrl);
+    return forwarded;
+}
+function shouldForwardResponseHeader(key) {
+    const lowerKey = key.toLowerCase();
+    return !["connection", "content-encoding", "content-length", "keep-alive", "transfer-encoding"].includes(lowerKey);
+}
+function servicePathForPublicPath(pathname) {
+    switch (pathname) {
+        case MCP_PATH:
+            return "/api/dxcomplete/service/mcp";
+        case "/api/dxcomplete/auth/register":
+            return "/api/dxcomplete/service/auth/register";
+        case "/api/dxcomplete/auth/authorize":
+            return "/api/dxcomplete/service/auth/authorize";
+        case GOOGLE_CALLBACK_PATH:
+            return "/api/dxcomplete/service/auth/google/callback";
+        case "/api/dxcomplete/auth/token":
+            return "/api/dxcomplete/service/auth/token";
+        default:
+            return undefined;
+    }
+}
+function getWorkspaceServiceConfig(env = process.env) {
+    return {
+        serviceUrl: readRequiredEnv(env, "DXC_SERVICE_URL"),
+        serviceClientId: readRequiredEnv(env, "DXC_SERVICE_CLIENT_ID"),
+        serviceClientSecret: readRequiredEnv(env, "DXC_SERVICE_CLIENT_SECRET")
+    };
+}
+async function getWorkspaceConfig() {
+    workspaceConfigPromise ??= loadWorkspaceConfig();
+    return workspaceConfigPromise;
+}
+function protectedResourceMetadata(baseUrl) {
+    return {
+        resource: mcpResourceUrl(baseUrl),
+        authorization_servers: [baseUrl],
+        scopes_supported: [MCP_SCOPE],
+        resource_name: "DX Complete"
+    };
+}
+function authorizationServerMetadata(baseUrl) {
+    return {
+        issuer: baseUrl,
+        authorization_endpoint: `${baseUrl}/api/dxcomplete/auth/authorize`,
+        token_endpoint: `${baseUrl}/api/dxcomplete/auth/token`,
+        registration_endpoint: `${baseUrl}/api/dxcomplete/auth/register`,
+        response_types_supported: ["code"],
+        code_challenge_methods_supported: ["S256"],
+        token_endpoint_auth_methods_supported: ["none"],
+        grant_types_supported: ["authorization_code", "refresh_token"],
+        scopes_supported: [MCP_SCOPE]
+    };
+}
+function writeOAuthChallenge(res, baseUrl) {
+    res.setHeader("www-authenticate", `Bearer resource_metadata="${protectedResourceMetadataUrl(baseUrl)}", scope="${MCP_SCOPE}"`);
+    writeJson(res, 401, { error: "unauthorized" });
+}
+function setCorsHeaders(res) {
+    res.setHeader("access-control-allow-origin", "*");
+    res.setHeader("access-control-allow-headers", "authorization,content-type,mcp-protocol-version,mcp-session-id,last-event-id");
+    res.setHeader("access-control-allow-methods", "GET,POST,DELETE,OPTIONS");
+    res.setHeader("access-control-expose-headers", "mcp-session-id,www-authenticate");
+}
+function writeJson(res, status, value) {
+    const body = JSON.stringify(value);
+    if (!res.headersSent) {
+        res.writeHead(status, {
+            "content-type": "application/json",
+            "content-length": String(Buffer.byteLength(body))
+        });
+    }
+    res.end(body);
+}
+function getBaseUrl(req) {
+    const forwardedProto = firstHeader(req.headers["x-forwarded-proto"]);
+    const forwardedHost = firstHeader(req.headers["x-forwarded-host"]);
+    const host = forwardedHost || firstHeader(req.headers.host);
+    const protocol = forwardedProto || "http";
+    if (!host) {
+        throw new Error("Host header is required.");
+    }
+    return `${protocol}://${host}`;
+}
+function firstHeader(value) {
+    return Array.isArray(value) ? value[0] : value;
+}
+function normalizePath(pathname) {
+    if (pathname === "/api/mcp" || pathname === "/api/dxcomplete" || pathname === "/api/dxcomplete/mcp") {
+        return MCP_PATH;
+    }
+    return pathname.endsWith("/") && pathname.length > 1 ? pathname.slice(0, -1) : pathname;
+}
+function isProtectedResourceMetadataPath(pathname) {
+    return (pathname === protectedResourceMetadataPath() ||
+        pathname === "/.well-known/oauth-protected-resource/api/dxcomplete/mcp" ||
+        pathname === `/api/dxcomplete${protectedResourceMetadataPath()}`);
+}
+function isAuthorizationServerMetadataPath(pathname) {
+    return (pathname === "/.well-known/oauth-authorization-server" ||
+        pathname === "/api/dxcomplete/.well-known/oauth-authorization-server");
+}
+function protectedResourceMetadataPath() {
+    return `/.well-known/oauth-protected-resource${MCP_PATH}`;
+}
+function protectedResourceMetadataUrl(baseUrl) {
+    return `${baseUrl}${protectedResourceMetadataPath()}`;
+}
+function mcpResourceUrl(baseUrl) {
+    return `${baseUrl}${MCP_PATH}`;
+}
+async function readRequestBody(req) {
+    const chunks = [];
+    for await (const chunk of req) {
+        chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+    }
+    return Buffer.concat(chunks);
+}
+async function drainRequestBody(req) {
+    for await (const _ of req) {
+        // Drain request body so clients can reuse the connection.
+    }
+}
+function readBearerToken(req) {
+    const header = firstHeader(req.headers.authorization);
+    const match = header?.match(/^Bearer\s+(.+)$/i);
+    return match?.[1];
+}
+function readRequiredEnv(env, key) {
+    const value = env[key]?.trim();
+    if (!value) {
+        throw new Error(`${key} is required for the workspace MCP proxy.`);
+    }
+    return value;
+}

package/dist/http/service.d.ts

@@ -0,0 +1,7 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+export declare function closeDxcompleteServiceRuntime(): Promise<void>;
+export declare function closeDxcompleteHttpRuntime(): Promise<void>;
+export default function handleDxcompleteServiceRequest(req: IncomingMessage & {
+    body?: unknown;
+    query?: Record<string, unknown>;
+}, res: ServerResponse): Promise<void>;