npm - libmodulor - Versions diffs - 0.28.0 → 0.30.0 - Mend

libmodulor 0.28.0 → 0.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (189) hide show

package/dist/esm/target/lib/openapi/OpenAPISpecBuilder.js ADDED Viewed

@@ -0,0 +1,135 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+import { inject, injectable } from 'inversify';
+import { WordingManager } from '../../../i18n/index.js';
+import { formatFQUCInputName, formatFQUCName, ucHTTPContract, } from '../../../uc/index.js';
+import { serverErrorJsonSchema } from '../json-schema/error.js';
+import { ucInputJsonSchema } from '../json-schema/input.js';
+import { DEFAULT_VERSION } from '../shared.js';
+import { openAPIErrors, openAPIParameters, openAPIRequestBody, openAPISecurity, openAPISecuritySchemes, openAPISuccess, } from './funcs.js';
+let OpenAPISpecBuilder = class OpenAPISpecBuilder {
+    i18nManager;
+    productManifest;
+    settingsManager;
+    wordingManager;
+    constructor(i18nManager, productManifest, settingsManager, wordingManager) {
+        this.i18nManager = i18nManager;
+        this.productManifest = productManifest;
+        this.settingsManager = settingsManager;
+        this.wordingManager = wordingManager;
+    }
+    s() {
+        return {
+            server_cookies_name_auth: this.settingsManager.get()('server_cookies_name_auth'),
+            server_public_api_key_header_name: this.settingsManager.get()('server_public_api_key_header_name'),
+            server_public_url: this.settingsManager.get()('server_public_url'),
+        };
+    }
+    async exec({ ucs }) {
+        const output = this.initOutput();
+        const errors = this.initErrors();
+        const { desc, slogan } = this.wordingManager.p();
+        if (desc) {
+            output.spec.info.description = desc;
+        }
+        if (slogan) {
+            output.spec.info.summary = slogan;
+        }
+        for (const uc of ucs) {
+            const { method, path, pathAliases, envelope } = ucHTTPContract(uc);
+            const httpMethod = method.toLowerCase();
+            const fqUCName = formatFQUCName(uc.appManifest.name, uc.def.metadata.name);
+            const fqUCInputName = formatFQUCInputName(fqUCName);
+            output.spec.components.schemas[fqUCInputName] =
+                ucInputJsonSchema(uc);
+            for (const p of [path, ...pathAliases]) {
+                output.spec.paths[p] = {
+                    ...output.spec.paths[p],
+                    [httpMethod]: this.initPath(errors, uc, envelope, fqUCInputName),
+                };
+            }
+        }
+        return output;
+    }
+    initErrors() {
+        const errors = openAPIErrors();
+        for (const error of Object.values(errors)) {
+            error.description = this.i18nManager.t(error.description);
+        }
+        return errors;
+    }
+    initOutput() {
+        return {
+            spec: {
+                components: {
+                    schemas: {
+                        Error: serverErrorJsonSchema(),
+                    },
+                    securitySchemes: openAPISecuritySchemes(this.s().server_cookies_name_auth, this.s().server_public_api_key_header_name),
+                },
+                info: {
+                    title: this.productManifest.name,
+                    version: this.productManifest.version ?? DEFAULT_VERSION,
+                },
+                openapi: '3.1.0',
+                paths: {},
+                servers: [
+                    {
+                        url: this.s().server_public_url,
+                    },
+                ],
+            },
+        };
+    }
+    initPath(errors,
+    // biome-ignore lint/suspicious/noExplicitAny: can be anything
+    uc, envelope, fqUCInputName) {
+        const { desc, label } = this.wordingManager.uc(uc.def);
+        const res_200 = this.i18nManager.t('res_200');
+        const res_204 = this.i18nManager.t('res_204');
+        const path = {
+            responses: {
+                ...openAPISuccess(uc, { 200: res_200, 204: res_204 }),
+                ...errors,
+                // TODO : Infer errors that can be sent within ServerMain
+            },
+            security: openAPISecurity(uc.def.sec),
+            summary: label,
+            tags: [uc.appManifest.name],
+        };
+        if (desc) {
+            path.description = desc;
+        }
+        switch (envelope) {
+            case 'form-data':
+            case 'json':
+                path.requestBody = openAPIRequestBody(uc, envelope, fqUCInputName);
+                break;
+            case 'query-params':
+                path.parameters = openAPIParameters(uc, envelope);
+                break;
+            default:
+                envelope;
+        }
+        return path;
+    }
+};
+OpenAPISpecBuilder = __decorate([
+    injectable(),
+    __param(0, inject('I18nManager')),
+    __param(1, inject('ProductManifest')),
+    __param(2, inject('SettingsManager')),
+    __param(3, inject(WordingManager)),
+    __metadata("design:paramtypes", [Object, Object, Object, WordingManager])
+], OpenAPISpecBuilder);
+export { OpenAPISpecBuilder };

package/dist/esm/target/lib/openapi/funcs.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import type { HTTPStatusNumber } from '../../../dt/index.js';
+import { type FQUCInputName, type UC, type UCInput, type UCOPIBase, type UCSec } from '../../../uc/index.js';
+import { type HTTPDataEnvelope } from '../../../utils/index.js';
+import { type AuthCookieName, type PublicApiKeyHeaderName } from '../shared.js';
+import type { OpenAPIParameter, OpenAPIRequestBody, OpenAPIResponses, OpenAPISecurity, OpenAPISecuritySchemes } from './types.js';
+export declare function openAPIErrors(): OpenAPIResponses;
+export declare function openAPIParameters<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>(uc: UC<I, OPI0, OPI1>, envelope: Extract<HTTPDataEnvelope, 'query-params'>): OpenAPIParameter[];
+export declare function openAPIRequestBody<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>(uc: UC<I, OPI0, OPI1>, envelope: Extract<HTTPDataEnvelope, 'form-data' | 'json'>, fqUCInputName: FQUCInputName): OpenAPIRequestBody;
+export declare function openAPISecuritySchemes(authCookieName: AuthCookieName, publicApiKeyHeaderName: PublicApiKeyHeaderName): OpenAPISecuritySchemes;
+export declare function openAPISecurity(sec: UCSec | undefined): OpenAPISecurity;
+export declare function openAPISuccess<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>(uc: UC<I, OPI0, OPI1>, descriptions: Record<Extract<HTTPStatusNumber, 200 | 204>, string>): OpenAPIResponses;

package/dist/esm/target/lib/openapi/funcs.js ADDED Viewed

@@ -0,0 +1,148 @@
+import { ERROR_HTTP_STATUS_MAP } from '../../../error/index.js';
+import { DEFAULT_UC_SEC_AT, DEFAULT_UC_SEC_PAKCT, } from '../../../uc/index.js';
+import { isBlank } from '../../../utils/index.js';
+import { serverErrorJsonSchema } from '../json-schema/error.js';
+import { ucifJsonSchemaDef } from '../json-schema/input.js';
+import { ucOutputJsonSchema } from '../json-schema/output.js';
+import { AUTHORIZATION_HEADER_NAME, } from '../shared.js';
+export function openAPIErrors() {
+    return ERROR_HTTP_STATUS_MAP.entries().reduce((acc, cur) => {
+        const [status, clazz] = cur;
+        const message = new clazz().message;
+        acc[status] = {
+            content: {
+                'application/json': {
+                    schema: serverErrorJsonSchema(message),
+                },
+            },
+            description: message,
+        };
+        return acc;
+    }, {});
+}
+export function openAPIParameters(uc, envelope) {
+    const res = [];
+    switch (envelope) {
+        case 'query-params':
+            {
+                for (const f of uc.inputFields) {
+                    const { key } = f;
+                    const { internal, spec } = ucifJsonSchemaDef(f);
+                    if (!spec) {
+                        continue;
+                    }
+                    res.push({
+                        in: 'query',
+                        name: key,
+                        required: internal?.required ?? false,
+                        schema: spec,
+                    });
+                }
+            }
+            break;
+        default:
+            envelope;
+    }
+    return res;
+}
+export function openAPIRequestBody(uc, envelope, fqUCInputName) {
+    const innerContent = {
+        schema: {
+            $ref: `#/components/schemas/${fqUCInputName}`,
+        },
+    };
+    switch (envelope) {
+        case 'form-data': {
+            const repeatableFields = uc.inputFieldsRepeatable();
+            const content = {
+                'multipart/form-data': innerContent,
+            };
+            if (!isBlank(repeatableFields)) {
+                content['multipart/form-data'].encoding = {};
+            }
+            for (const f of repeatableFields) {
+                // This is to prevent SwaggerUI from sending the values comma separated
+                // biome-ignore lint/style/noNonNullAssertion: we want it
+                content['multipart/form-data'].encoding[f.key] = {
+                    explode: true,
+                    style: 'form',
+                };
+            }
+            return {
+                content,
+                required: true,
+            };
+        }
+        case 'json':
+            return {
+                content: {
+                    'application/json': innerContent,
+                },
+                required: true,
+            };
+        default:
+            envelope;
+            throw new Error();
+    }
+}
+export function openAPISecuritySchemes(authCookieName, publicApiKeyHeaderName) {
+    return {
+        apiKey: {
+            bearerFormat: 'Bearer',
+            in: 'header',
+            name: AUTHORIZATION_HEADER_NAME,
+            type: 'apiKey',
+        },
+        basic: {
+            scheme: 'basic',
+            type: 'http',
+        },
+        jwt: {
+            in: 'cookie',
+            name: authCookieName,
+            type: 'apiKey',
+        },
+        publicApiKey: {
+            in: 'header',
+            name: publicApiKeyHeaderName,
+            type: 'apiKey',
+        },
+    };
+}
+export function openAPISecurity(sec) {
+    const item = {};
+    const res = [item];
+    const publicApiCheckType = sec?.publicApiKeyCheckType ?? DEFAULT_UC_SEC_PAKCT;
+    switch (publicApiCheckType) {
+        case 'off':
+            break;
+        case 'on':
+            item.publicApiKey = [];
+            break;
+        default:
+            publicApiCheckType;
+    }
+    const authType = sec?.authType ?? DEFAULT_UC_SEC_AT;
+    item[authType] = [];
+    return res;
+}
+export function openAPISuccess(uc, descriptions) {
+    const schema = ucOutputJsonSchema(uc);
+    if (!schema) {
+        return {
+            '204': {
+                description: descriptions[204],
+            },
+        };
+    }
+    return {
+        '200': {
+            content: {
+                'application/json': {
+                    schema,
+                },
+            },
+            description: descriptions[200],
+        },
+    };
+}

package/dist/esm/target/lib/openapi/types.d.ts ADDED Viewed

@@ -0,0 +1,98 @@
+import type { FreeTextLong, FreeTextShort, HTTPMethod, HTTPStatusNumber, JSONSchemaObject, JSONSchemaProperty, SemVerVersion, URL } from '../../../dt/index.js';
+import type { ProductName } from '../../../product/index.js';
+import type { FQUCInputName, FQUCOPI0Name, FQUCOPI1Name, UCFieldKey } from '../../../uc/index.js';
+import type { AUTHORIZATION_HEADER_NAME, AuthCookieName, PublicApiKeyHeaderName } from '../shared.js';
+export type OpenAPIPathName = string;
+export type OpenAPIDescription = FreeTextLong;
+export type OpenAPISchemaName = FQUCInputName | FQUCOPI0Name | FQUCOPI1Name | `Error`;
+export type OpenAPISchemaRef = `#/components/schemas/${OpenAPISchemaName}`;
+export type OpenAPISummary = FreeTextShort;
+export type OpenAPISecurityItem = Partial<Record<keyof OpenAPISecuritySchemes, []>>;
+export type OpenAPISecurity = OpenAPISecurityItem[];
+export interface OpenAPISecurityScheme {
+    description?: OpenAPIDescription;
+}
+export interface OpenAPISecuritySchemes {
+    apiKey?: OpenAPISecurityScheme & {
+        bearerFormat: 'Bearer';
+        in: 'header';
+        name: typeof AUTHORIZATION_HEADER_NAME;
+        type: 'apiKey';
+    };
+    basic?: OpenAPISecurityScheme & {
+        scheme: 'basic';
+        type: 'http';
+    };
+    jwt?: OpenAPISecurityScheme & {
+        in: 'cookie';
+        name: AuthCookieName;
+        type: 'apiKey';
+    };
+    publicApiKey?: OpenAPISecurityScheme & {
+        in: 'header';
+        name: PublicApiKeyHeaderName;
+        type: 'apiKey';
+    };
+}
+export interface OpenAPIComponents {
+    securitySchemes: OpenAPISecuritySchemes;
+    schemas: Record<OpenAPISchemaName, JSONSchemaObject<any>>;
+}
+export interface OpenAPIParameter {
+    description?: OpenAPIDescription;
+    in: 'path' | 'query';
+    name: UCFieldKey;
+    required: boolean;
+    schema: JSONSchemaProperty<any>;
+}
+export interface OpenAPIPath {
+    description?: OpenAPIDescription;
+    parameters?: OpenAPIParameter[];
+    requestBody?: OpenAPIRequestBody;
+    responses: OpenAPIResponses;
+    security?: OpenAPISecurity;
+    summary?: OpenAPISummary;
+    tags?: string[];
+}
+export interface OpenAPIInnerContent {
+    schema: {
+        $ref: OpenAPISchemaRef;
+    } | JSONSchemaObject<any>;
+}
+export type OpenAPIContent = {
+    'application/json': OpenAPIInnerContent;
+} | {
+    'multipart/form-data': OpenAPIInnerContent & {
+        encoding?: Record<UCFieldKey, {
+            style: 'form';
+            explode: boolean;
+        }>;
+    };
+};
+export interface OpenAPIRequestBody {
+    content: OpenAPIContent;
+    description?: OpenAPIDescription;
+    required: boolean;
+}
+export type OpenAPIPaths = Record<OpenAPIPathName, Partial<Record<Lowercase<HTTPMethod>, OpenAPIPath>>>;
+export interface OpenAPIResponse {
+    content?: OpenAPIContent;
+    description: OpenAPIDescription;
+}
+export type OpenAPIResponses = Partial<Record<HTTPStatusNumber, OpenAPIResponse>>;
+export interface OpenAPIServer {
+    description?: OpenAPIDescription;
+    url: URL;
+}
+export interface OpenAPISpec {
+    components: OpenAPIComponents;
+    info: {
+        description?: OpenAPIDescription;
+        title: ProductName;
+        summary?: OpenAPISummary;
+        version: SemVerVersion;
+    };
+    openapi: '3.1.0';
+    paths: OpenAPIPaths;
+    servers: OpenAPIServer[];
+}

package/dist/esm/target/lib/openapi/types.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/esm/target/lib/rn/input.d.ts CHANGED Viewed

@@ -2,6 +2,9 @@ import type { TextInputProps } from 'react-native';
 import { type DataType, type ErrorMessage } from '../../../dt/index.js';
 import { type UCInputField } from '../../../uc/index.js';
 export interface RNInputDef {
+    /**
+     * Internal types that are not part of the spec
+     */
     internal?: undefined;
     /**
      * Fields that are part of {@link TextInputProps}

package/dist/esm/target/lib/server/AuthCookieCreator.d.ts CHANGED Viewed

@@ -1,10 +1,11 @@
 import type { JWT, Timestamp } from '../../../dt/index.js';
 import type { JWTManager, SettingsManager, Worker } from '../../../std/index.js';
+import type { HTTPCookieSameSite } from '../../../utils/index.js';
 import type { ServerManagerSettings } from '../../lib/server/ServerManager.js';
 export interface CookieOpts {
     expires: Date;
     httpOnly: boolean;
-    sameSite: 'strict';
+    sameSite: HTTPCookieSameSite;
     secure: boolean;
     signed: boolean;
 }

package/dist/esm/target/lib/server/ServerBooter.d.ts CHANGED Viewed

@@ -2,9 +2,10 @@ import { ProductUCsLoader } from '../../../product/index.js';
 import type { Configurable, EmailManager, FSManager, I18nManager, JobManager, Logger, SettingsManager, Worker } from '../../../std/index.js';
 import { type UCManager } from '../../../uc/index.js';
 import type { TargetEntrypointInput } from '../entrypoint.js';
+import { OpenAPISpecBuilder } from '../openapi/OpenAPISpecBuilder.js';
 import { ServerInstaller } from './ServerInstaller.js';
 import type { ServerManager, ServerManagerSettings } from './ServerManager.js';
-type S = Pick<ServerManagerSettings, 'server_static_dir_path' | 'server_tmp_path'>;
+type S = Pick<ServerManagerSettings, 'server_expose_mcp' | 'server_expose_mcp_at' | 'server_expose_openapi_spec' | 'server_expose_openapi_spec_at' | 'server_static_dir_path' | 'server_tmp_path'>;
 type Input = TargetEntrypointInput & {
     autoMountUCs?: boolean;
 };
@@ -13,13 +14,14 @@ export declare class ServerBooter implements Configurable<S>, Worker<Input, Prom
     private fsManager;
     private i18nManager;
     private jobManager;
+    private openAPISpecBuilder;
     private logger;
     private productUCsLoader;
     private serverManager;
     private serverInstaller;
     private settingsManager;
     private ucManager;
-    constructor(emailManager: EmailManager, fsManager: FSManager, i18nManager: I18nManager, jobManager: JobManager, logger: Logger, productUCsLoader: ProductUCsLoader, serverManager: ServerManager, serverInstaller: ServerInstaller, settingsManager: SettingsManager<S>, ucManager: UCManager);
+    constructor(emailManager: EmailManager, fsManager: FSManager, i18nManager: I18nManager, jobManager: JobManager, openAPISpecBuilder: OpenAPISpecBuilder, logger: Logger, productUCsLoader: ProductUCsLoader, serverManager: ServerManager, serverInstaller: ServerInstaller, settingsManager: SettingsManager<S>, ucManager: UCManager);
     s(): S;
     exec({ appsRootPath, autoMountUCs, srcImporter, }: Input): Promise<void>;
     private mountUC;

package/dist/esm/target/lib/server/ServerBooter.js CHANGED Viewed

@@ -11,8 +11,9 @@ var __param = (this && this.__param) || function (paramIndex, decorator) {
     return function (target, key) { decorator(target, key, paramIndex); }
 };
 import { inject, injectable } from 'inversify';
-import { ProductUCsLoader } from '../../../product/index.js';
+import { ProductUCsLoader, } from '../../../product/index.js';
 import { ucHTTPContract, } from '../../../uc/index.js';
+import { OpenAPISpecBuilder } from '../openapi/OpenAPISpecBuilder.js';
 import { shouldMountUC } from './funcs.js';
 import { ServerInstaller } from './ServerInstaller.js';
 let ServerBooter = class ServerBooter {
@@ -20,17 +21,19 @@ let ServerBooter = class ServerBooter {
     fsManager;
     i18nManager;
     jobManager;
+    openAPISpecBuilder;
     logger;
     productUCsLoader;
     serverManager;
     serverInstaller;
     settingsManager;
     ucManager;
-    constructor(emailManager, fsManager, i18nManager, jobManager, logger, productUCsLoader, serverManager, serverInstaller, settingsManager, ucManager) {
+    constructor(emailManager, fsManager, i18nManager, jobManager, openAPISpecBuilder, logger, productUCsLoader, serverManager, serverInstaller, settingsManager, ucManager) {
         this.emailManager = emailManager;
         this.fsManager = fsManager;
         this.i18nManager = i18nManager;
         this.jobManager = jobManager;
+        this.openAPISpecBuilder = openAPISpecBuilder;
         this.logger = logger;
         this.productUCsLoader = productUCsLoader;
         this.serverManager = serverManager;
@@ -40,6 +43,10 @@ let ServerBooter = class ServerBooter {
     }
     s() {
         return {
+            server_expose_mcp: this.settingsManager.get()('server_expose_mcp'),
+            server_expose_mcp_at: this.settingsManager.get()('server_expose_mcp_at'),
+            server_expose_openapi_spec: this.settingsManager.get()('server_expose_openapi_spec'),
+            server_expose_openapi_spec_at: this.settingsManager.get()('server_expose_openapi_spec_at'),
             server_static_dir_path: this.settingsManager.get()('server_static_dir_path'),
             server_tmp_path: this.settingsManager.get()('server_tmp_path'),
         };
@@ -55,13 +62,18 @@ let ServerBooter = class ServerBooter {
         await this.emailManager.verify();
         this.logger.info('Initializing server manager');
         await this.serverManager.init();
+        const mountedUCs = [];
         if (autoMountUCs) {
             const ucs = await this.productUCsLoader.exec({
                 appsRootPath,
                 srcImporter,
             });
             for await (const uc of ucs) {
-                await this.mountUC(uc);
+                const mounted = await this.mountUC(uc);
+                if (!mounted) {
+                    continue;
+                }
+                mountedUCs.push(uc);
             }
         }
         const staticDirPath = this.s().server_static_dir_path;
@@ -76,6 +88,25 @@ let ServerBooter = class ServerBooter {
         if (!(await this.fsManager.exists(tmpDirPath))) {
             await this.fsManager.mkdir(tmpDirPath);
         }
+        if (this.s().server_expose_openapi_spec) {
+            const at = this.s().server_expose_openapi_spec_at;
+            this.logger.info('Mounting OpenAPI spec', {
+                at,
+                mountedUCs: mountedUCs.length,
+            });
+            const { spec } = await this.openAPISpecBuilder.exec({
+                ucs: mountedUCs,
+            });
+            await this.serverManager.mountOpenAPISpec(spec, at);
+        }
+        if (this.s().server_expose_mcp) {
+            const at = this.s().server_expose_mcp_at;
+            this.logger.info('Mounting MCP', {
+                at,
+                mountedUCs: mountedUCs.length,
+            });
+            await this.serverManager.mountMCP(mountedUCs, at);
+        }
         await this.serverManager.warmUp();
         await this.serverManager.start();
     }
@@ -88,7 +119,7 @@ let ServerBooter = class ServerBooter {
             this.logger.debug(`Not mounting ${mountingPoint}`, {
                 reason: shouldNotMountReason,
             });
-            return;
+            return false;
         }
         this.logger.info(`Mounting ${mountingPoint}`, {
             contract,
@@ -96,6 +127,7 @@ let ServerBooter = class ServerBooter {
         });
         await this.ucManager.initServer(uc);
         await this.serverManager.mount(uc.appManifest, uc.def, contract);
+        return true;
     }
 };
 ServerBooter = __decorate([
@@ -104,12 +136,13 @@ ServerBooter = __decorate([
     __param(1, inject('FSManager')),
     __param(2, inject('I18nManager')),
     __param(3, inject('JobManager')),
-    __param(4, inject('Logger')),
-    __param(5, inject(ProductUCsLoader)),
-    __param(6, inject('ServerManager')),
-    __param(7, inject(ServerInstaller)),
-    __param(8, inject('SettingsManager')),
-    __param(9, inject('UCManager')),
-    __metadata("design:paramtypes", [Object, Object, Object, Object, Object, ProductUCsLoader, Object, ServerInstaller, Object, Object])
+    __param(4, inject(OpenAPISpecBuilder)),
+    __param(5, inject('Logger')),
+    __param(6, inject(ProductUCsLoader)),
+    __param(7, inject('ServerManager')),
+    __param(8, inject(ServerInstaller)),
+    __param(9, inject('SettingsManager')),
+    __param(10, inject('UCManager')),
+    __metadata("design:paramtypes", [Object, Object, Object, Object, OpenAPISpecBuilder, Object, ProductUCsLoader, Object, ServerInstaller, Object, Object])
 ], ServerBooter);
 export { ServerBooter };

package/dist/esm/target/lib/server/ServerManager.d.ts CHANGED Viewed

@@ -1,12 +1,12 @@
 import type { AppManifest } from '../../../app/index.js';
-import type { ApiKey, DirPath, FilePath, HostPort, Password, URL, Username } from '../../../dt/index.js';
+import type { ApiKey, DirPath, FilePath, HostPort, HTTPMethod, Password, URL, URLPath, Username } from '../../../dt/index.js';
+import type { ProductUCsLoaderOutput } from '../../../product/index.js';
 import type { Settings } from '../../../std/index.js';
 import type { UCDef, UCHTTPContract, UCInput, UCManager, UCOPIBase } from '../../../uc/index.js';
-import type { Initializable } from '../../../utils/index.js';
+import type { HTTPCSPValue } from '../../../utils/http/types.js';
+import type { HTTPCookieSameSite, HTTPHeaderName, Initializable } from '../../../utils/index.js';
+import type { OpenAPISpec } from '../openapi/types.js';
 import type { AuthCookieName, PublicApiKeyHeaderName } from '../shared.js';
-export type ServerManagerCSPDefType = 'defaultSrc' | 'imgSrc' | 'scriptSrc';
-export type ServerManagerCSPDefValue = URL[];
-export type ServerManagerCSPDef = Record<ServerManagerCSPDefType, ServerManagerCSPDefValue>;
 export interface ServerManagerAuthSettings {
     server_basic_auth_entries: Record<Username, Password>;
     server_private_api_key_entries: ApiKey[];
@@ -17,11 +17,21 @@ export interface ServerManagerSettings extends ServerManagerAuthSettings, Settin
     server_binding_port: HostPort;
     server_cookies_http_only: boolean;
     server_cookies_name_auth: AuthCookieName;
-    server_cookies_same_site: 'strict';
+    server_cookies_same_site: HTTPCookieSameSite;
     server_cookies_secure: boolean;
-    server_csp_default_src: ServerManagerCSPDefValue;
-    server_csp_img_src: ServerManagerCSPDefValue;
-    server_csp_script_src: ServerManagerCSPDefValue;
+    server_csp_default_src: HTTPCSPValue;
+    server_csp_img_src: HTTPCSPValue;
+    server_csp_script_src: HTTPCSPValue;
+    server_cors_credentials: boolean;
+    server_cors_headers: HTTPHeaderName[];
+    server_cors_methods: HTTPMethod[];
+    server_cors_origins: URL[];
+    server_expose_mcp: boolean;
+    server_expose_mcp_at: URLPath;
+    server_expose_openapi_spec: boolean;
+    server_expose_openapi_spec_at: URLPath;
+    server_mcp_dangerously_skip_pub_api_key_check: boolean;
+    server_mcp_dangerously_skip_auth_check: boolean;
     server_public_api_key_header_name: PublicApiKeyHeaderName;
     server_public_url: URL;
     server_ssl_fullchain_path: FilePath | null;
@@ -46,6 +56,16 @@ export interface ServerManager extends Initializable {
      * @param contract
      */
     mountSync<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>(appManifest: AppManifest, ucd: UCDef<I, OPI0, OPI1>, contract: UCHTTPContract): void;
+    /**
+     * Mount the MCP endpoint
+     * @param spec
+     */
+    mountMCP(ucs: ProductUCsLoaderOutput, at: URLPath): Promise<void>;
+    /**
+     * Mount the OpenAPI spec
+     * @param spec
+     */
+    mountOpenAPISpec(spec: OpenAPISpec, at: URLPath): Promise<void>;
     /**
      * Mount the static directory at `/`
      * @param dirPath