npm - libmodulor - Versions diffs - 0.28.0 → 0.30.0 - Mend

libmodulor 0.28.0 → 0.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (189) hide show

package/dist/esm/target/lib/server/ServerRequestHandler.d.ts CHANGED Viewed

@@ -26,12 +26,15 @@ export interface ServerRequestHandlerRes {
     redirect: (location: URL | URLPath) => Promise<void>;
     setCookie: (info: AuthCookieCreatorOutput) => Promise<void>;
 }
-interface Input<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined> {
+export interface ServerRequestHandlerInput<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined> {
     appManifest: AppManifest;
+    dangerouslySkipAuthCheck?: boolean | undefined;
+    dangerouslySkipPubApiKeyCheck?: boolean | undefined;
     envelope: HTTPDataEnvelope;
     execOpts?: UCManagerExecServerOpts<OPI0, OPI1> | undefined;
     req: ServerRequestHandlerReq;
     res: ServerRequestHandlerRes;
+    skipSideEffects?: boolean | undefined;
     ucd: UCDef<I, OPI0, OPI1>;
     /**
      * It is not injected in the handler constructor because it must be the same as the one used in ServerManager.
@@ -41,15 +44,18 @@ interface Input<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBas
     ucManager: UCManager;
 }
 type BodylessStatus = 204 | 302;
-type Output<OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined> = {
+type Output<OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined> = ({
     body: undefined;
     status: BodylessStatus;
 } | {
     body: UCOutput<OPI0, OPI1> | object;
+    rawErr?: Error;
     status: Exclude<HTTPStatusNumber, BodylessStatus>;
+}) & {
+    rawErr?: Error;
 };
 type S = Pick<ServerManagerSettings, 'server_cookies_name_auth' | 'server_public_api_key_header_name'>;
-export declare class ServerRequestHandler implements Worker<Input, Promise<Output>> {
+export declare class ServerRequestHandler implements Worker<ServerRequestHandlerInput, Promise<Output>> {
     private authCookieCreator;
     private authenticationChecker;
     private customerFacingErrorBuilder;
@@ -58,11 +64,9 @@ export declare class ServerRequestHandler implements Worker<Input, Promise<Outpu
     private requestLogger;
     private settingsManager;
     private ucBuilder;
-    private static AUTHORIZATION_HEADER_NAME;
-    private static X_FORWARDED_PROTO_HEADER_NAME;
     constructor(authCookieCreator: AuthCookieCreator, authenticationChecker: AuthenticationChecker, customerFacingErrorBuilder: CustomerFacingErrorBuilder, publicApiKeyChecker: PublicApiKeyChecker, requestChecker: RequestChecker, requestLogger: RequestLogger, settingsManager: SettingsManager<S>, ucBuilder: UCBuilder);
     s(): S;
-    exec<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>({ appManifest, envelope, execOpts, req, res, ucd, ucManager, }: Input<I, OPI0, OPI1>): Promise<Output<OPI0, OPI1>>;
+    exec<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>({ appManifest, dangerouslySkipAuthCheck, dangerouslySkipPubApiKeyCheck, envelope, execOpts, req, res, skipSideEffects, ucd, ucManager, }: ServerRequestHandlerInput<I, OPI0, OPI1>): Promise<Output<OPI0, OPI1>>;
     private fill;
     private applySideEffects;
     private applyClearAuthSideEffect;

package/dist/esm/target/lib/server/ServerRequestHandler.js CHANGED Viewed

@@ -10,10 +10,10 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 var __param = (this && this.__param) || function (paramIndex, decorator) {
     return function (target, key) { decorator(target, key, paramIndex); }
 };
-var ServerRequestHandler_1;
 import { inject, injectable } from 'inversify';
-import { IllegalArgumentError, isEmptyJSON } from '../../../error/index.js';
+import { IllegalArgumentError, isEmptyJSON, logDevWarning, } from '../../../error/index.js';
 import { UCBuilder, UCOutputReader, UCOutputSideEffectType, } from '../../../uc/index.js';
+import { AUTHORIZATION_HEADER_NAME, X_FORWARDED_PROTO_HEADER_NAME, } from '../shared.js';
 import { AuthCookieCreator, } from './AuthCookieCreator.js';
 import { AuthenticationChecker } from './AuthenticationChecker.js';
 import { CustomerFacingErrorBuilder } from './CustomerFacingErrorBuilder.js';
@@ -21,7 +21,6 @@ import { PublicApiKeyChecker } from './PublicApiKeyChecker.js';
 import { RequestChecker } from './RequestChecker.js';
 import { RequestLogger } from './RequestLogger.js';
 let ServerRequestHandler = class ServerRequestHandler {
-    static { ServerRequestHandler_1 = this; }
     authCookieCreator;
     authenticationChecker;
     customerFacingErrorBuilder;
@@ -30,8 +29,6 @@ let ServerRequestHandler = class ServerRequestHandler {
     requestLogger;
     settingsManager;
     ucBuilder;
-    static AUTHORIZATION_HEADER_NAME = 'Authorization';
-    static X_FORWARDED_PROTO_HEADER_NAME = 'X-Forwarded-Proto';
     constructor(authCookieCreator, authenticationChecker, customerFacingErrorBuilder, publicApiKeyChecker, requestChecker, requestLogger, settingsManager, ucBuilder) {
         this.authCookieCreator = authCookieCreator;
         this.authenticationChecker = authenticationChecker;
@@ -48,7 +45,7 @@ let ServerRequestHandler = class ServerRequestHandler {
             server_public_api_key_header_name: this.settingsManager.get()('server_public_api_key_header_name'),
         };
     }
-    async exec({ appManifest, envelope, execOpts, req, res, ucd, ucManager, }) {
+    async exec({ appManifest, dangerouslySkipAuthCheck = false, dangerouslySkipPubApiKeyCheck = false, envelope, execOpts, req, res, skipSideEffects = false, ucd, ucManager, }) {
         try {
             const { bodyRaw, cookie, header, method, secure, url } = req;
             this.requestLogger.exec({
@@ -59,34 +56,46 @@ let ServerRequestHandler = class ServerRequestHandler {
             this.requestChecker.exec({
                 secure,
                 url,
-                xForwardedProtoHeader: await header(ServerRequestHandler_1.X_FORWARDED_PROTO_HEADER_NAME),
+                xForwardedProtoHeader: await header(X_FORWARDED_PROTO_HEADER_NAME),
             });
             const { ext, sec } = ucd;
-            await this.publicApiKeyChecker.exec({
-                checkType: sec?.publicApiKeyCheckType,
-                value: await header(this.s().server_public_api_key_header_name),
-            });
+            if (dangerouslySkipPubApiKeyCheck) {
+                logDevWarning('Skipping pub api key check');
+            }
+            else {
+                await this.publicApiKeyChecker.exec({
+                    checkType: sec?.publicApiKeyCheckType,
+                    value: await header(this.s().server_public_api_key_header_name),
+                });
+            }
             const uc = this.ucBuilder.exec({
                 appManifest,
                 auth: null,
                 def: ucd,
             });
-            const { auth } = await this.authenticationChecker.exec({
-                authCookie: await cookie(this.s().server_cookies_name_auth),
-                authorizationHeader: await header(ServerRequestHandler_1.AUTHORIZATION_HEADER_NAME),
-                uc,
-            });
-            if (auth) {
-                uc.auth = auth;
+            if (dangerouslySkipAuthCheck) {
+                logDevWarning('Skipping auth check');
+            }
+            else {
+                const { auth } = await this.authenticationChecker.exec({
+                    authCookie: await cookie(this.s().server_cookies_name_auth),
+                    authorizationHeader: await header(AUTHORIZATION_HEADER_NAME),
+                    uc,
+                });
+                if (auth) {
+                    uc.auth = auth;
+                }
             }
             await this.fill(req, envelope, uc);
             const output = await ucManager.execServer(uc, execOpts);
-            const { status } = await this.applySideEffects(res, ucd, output);
-            if (status !== undefined) {
-                return {
-                    body: undefined,
-                    status,
-                };
+            if (!skipSideEffects) {
+                const { status } = await this.applySideEffects(res, ucd, output);
+                if (status !== undefined) {
+                    return {
+                        body: undefined,
+                        status,
+                    };
+                }
             }
             if (!output) {
                 return {
@@ -106,6 +115,7 @@ let ServerRequestHandler = class ServerRequestHandler {
             });
             return {
                 body: error.toObj(),
+                rawErr: err,
                 status: error.httpStatus,
             };
         }
@@ -186,7 +196,7 @@ let ServerRequestHandler = class ServerRequestHandler {
         res.setCookie(output);
     }
 };
-ServerRequestHandler = ServerRequestHandler_1 = __decorate([
+ServerRequestHandler = __decorate([
     injectable(),
     __param(0, inject(AuthCookieCreator)),
     __param(1, inject(AuthenticationChecker)),

package/dist/esm/target/lib/server/consts.d.ts CHANGED Viewed

@@ -1,5 +1,9 @@
+import type { HTTPMethod } from '../../../dt/index.js';
+import type { HTTPHeaderName } from '../../../utils/index.js';
 import type { ServerManagerSettings } from './ServerManager.js';
 /**
  * @see TARGET_DEFAULT_SERVER_CLIENT_MANAGER_SETTINGS
  */
 export declare const TARGET_DEFAULT_SERVER_MANAGER_SETTINGS: ServerManagerSettings;
+export declare const TARGET_USUAL_SERVER_MANAGER_CORS_HEADERS: HTTPHeaderName[];
+export declare const TARGET_USUAL_SERVER_MANAGER_CORS_METHODS: HTTPMethod[];

package/dist/esm/target/lib/server/consts.js CHANGED Viewed

@@ -10,9 +10,19 @@ export const TARGET_DEFAULT_SERVER_MANAGER_SETTINGS = {
     server_cookies_name_auth: 'auth',
     server_cookies_same_site: 'strict',
     server_cookies_secure: true,
+    server_cors_credentials: false,
+    server_cors_headers: [],
+    server_cors_methods: [],
+    server_cors_origins: [],
     server_csp_default_src: [],
     server_csp_img_src: [],
     server_csp_script_src: [],
+    server_expose_mcp: false,
+    server_expose_mcp_at: '/mcp',
+    server_expose_openapi_spec: false,
+    server_expose_openapi_spec_at: '/api/openapi.json',
+    server_mcp_dangerously_skip_auth_check: false,
+    server_mcp_dangerously_skip_pub_api_key_check: false,
     server_private_api_key_entries: [],
     server_public_api_key_entries: [unsafeDefaultSetting()],
     server_public_api_key_header_name: 'X-API-Key',
@@ -23,3 +33,19 @@ export const TARGET_DEFAULT_SERVER_MANAGER_SETTINGS = {
     server_stop_mode: 'patient',
     server_tmp_path: 'tmp',
 };
+export const TARGET_USUAL_SERVER_MANAGER_CORS_HEADERS = [
+    'Accept',
+    'Authorization',
+    'Content-Type',
+    'Cookie',
+    'Origin',
+    'X-Requested-With',
+];
+export const TARGET_USUAL_SERVER_MANAGER_CORS_METHODS = [
+    'DELETE',
+    'GET',
+    'HEAD',
+    'OPTIONS',
+    'POST',
+    'PUT',
+];

package/dist/esm/target/lib/server-express/CORSMiddlewareBuilder.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { RequestHandler } from 'express';
+import type { Configurable, SettingsManager, Worker } from '../../../std/index.js';
+import type { ServerManagerSettings } from '../server/ServerManager.js';
+interface Input {
+}
+type Output = RequestHandler;
+type S = Pick<ServerManagerSettings, 'server_cors_credentials' | 'server_cors_headers' | 'server_cors_methods' | 'server_cors_origins' | 'server_public_api_key_header_name'>;
+export declare class CORSMiddlewareBuilder implements Configurable<S>, Worker<Input, Output> {
+    private settingsManager;
+    constructor(settingsManager: SettingsManager<S>);
+    s(): S;
+    exec(_input: Input): Output;
+    private fmt;
+}
+export {};

package/dist/esm/target/lib/server-express/CORSMiddlewareBuilder.js ADDED Viewed

@@ -0,0 +1,55 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+import { inject, injectable } from 'inversify';
+let CORSMiddlewareBuilder = class CORSMiddlewareBuilder {
+    settingsManager;
+    constructor(settingsManager) {
+        this.settingsManager = settingsManager;
+    }
+    s() {
+        return {
+            server_cors_credentials: this.settingsManager.get()('server_cors_credentials'),
+            server_cors_headers: this.settingsManager.get()('server_cors_headers'),
+            server_cors_methods: this.settingsManager.get()('server_cors_methods'),
+            server_cors_origins: this.settingsManager.get()('server_cors_origins'),
+            server_public_api_key_header_name: this.settingsManager.get()('server_public_api_key_header_name'),
+        };
+    }
+    exec(_input) {
+        return (req, res, next) => {
+            res.header('Access-Control-Allow-Credentials', String(this.s().server_cors_credentials));
+            res.header('Access-Control-Allow-Headers', this.fmt([
+                ...this.s().server_cors_headers,
+                this.s().server_public_api_key_header_name,
+            ]));
+            res.header('Access-Control-Allow-Methods', this.fmt(this.s().server_cors_methods));
+            const { origin } = req.headers;
+            if (origin) {
+                const electedOrigin = this.s().server_cors_origins.find((o) => o.startsWith(origin));
+                if (electedOrigin) {
+                    res.header('Access-Control-Allow-Origin', electedOrigin);
+                }
+            }
+            next();
+        };
+    }
+    fmt(arr) {
+        return arr.join(', ');
+    }
+};
+CORSMiddlewareBuilder = __decorate([
+    injectable(),
+    __param(0, inject('SettingsManager')),
+    __metadata("design:paramtypes", [Object])
+], CORSMiddlewareBuilder);
+export { CORSMiddlewareBuilder };

package/dist/esm/target/lib/server-express/funcs.d.ts CHANGED Viewed

@@ -7,9 +7,10 @@ import type { UCDef, UCHTTPContract, UCInput, UCManager, UCOPIBase } from '../..
 import type { CustomerFacingErrorBuilder } from '../server/CustomerFacingErrorBuilder.js';
 import type { ServerManagerSettings } from '../server/ServerManager.js';
 import type { ServerRequestHandler, ServerRequestHandlerReq, ServerRequestHandlerRes } from '../server/ServerRequestHandler.js';
+import type { CORSMiddlewareBuilder } from './CORSMiddlewareBuilder.js';
 import type { HelmetMiddlewareBuilder } from './HelmetMiddlewareBuilder.js';
 export declare function buildHandler<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>(appManifest: AppManifest, ucd: UCDef<I, OPI0, OPI1>, contract: UCHTTPContract, serverRequestHandler: ServerRequestHandler, ucManager: UCManager): RequestHandler;
-export declare function init(helmetMB: HelmetMiddlewareBuilder, loggerLevel: LoggerLevel, serverTmpPath: ServerManagerSettings['server_tmp_path']): Express;
+export declare function init(corsMB: CORSMiddlewareBuilder, helmetMB: HelmetMiddlewareBuilder, loggerLevel: LoggerLevel, serverTmpPath: ServerManagerSettings['server_tmp_path']): Express;
 export declare function mountHandler(contract: UCHTTPContract, express: Express, handler: RequestHandler): void;
 export declare function postInit(app: Express, customerFacingErrorBuilder: CustomerFacingErrorBuilder): void;
 export declare function toFile(f: fileUpload.UploadedFile): File;

package/dist/esm/target/lib/server-express/funcs.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import cookieParser from 'cookie-parser';
 import express, {} from 'express';
 import fileUpload from 'express-fileupload';
-import { fmtSingleDataMsg, fmtSSEError, isError, SSE_HEADERS, } from '../../../utils/index.js';
+import { defaultStreamOnClose, fmtSingleDataMsg, fmtSSEError, isError, SSE_HEADERS, } from '../../../utils/index.js';
 export function buildHandler(appManifest, ucd, contract, serverRequestHandler, ucManager) {
     const { envelope } = contract;
     const handler = async (req, res) => {
@@ -12,12 +12,12 @@ export function buildHandler(appManifest, ucd, contract, serverRequestHandler, u
                 // Nothing to do
                 break;
             case 'stream': {
+                let streamedOnce = false;
                 execOpts = {
                     stream: {
-                        onClose: async () => {
-                            throw new Error('execOpts.stream.onClose needs to be set in the UC ServerMain');
-                        },
+                        onClose: defaultStreamOnClose(streamedOnce),
                         onData: async (output) => {
+                            streamedOnce = true;
                             if (!output) {
                                 return;
                             }
@@ -72,9 +72,10 @@ export function buildHandler(appManifest, ucd, contract, serverRequestHandler, u
     };
     return handler;
 }
-export function init(helmetMB, loggerLevel, serverTmpPath) {
+export function init(corsMB, helmetMB, loggerLevel, serverTmpPath) {
     const app = express();
     app.use(helmetMB.exec({}));
+    app.use(corsMB.exec({}));
     app.use(fileUpload({
         createParentPath: true,
         debug: loggerLevel === 'trace',

package/dist/esm/target/lib/server-hono/CORSMiddlewareBuilder.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import type { MiddlewareHandler } from 'hono';
+import type { Configurable, SettingsManager, Worker } from '../../../std/index.js';
+import type { ServerManagerSettings } from '../server/ServerManager.js';
+interface Input {
+}
+type Output = MiddlewareHandler;
+type S = Pick<ServerManagerSettings, 'server_cors_credentials' | 'server_cors_headers' | 'server_cors_methods' | 'server_cors_origins' | 'server_public_api_key_header_name'>;
+export declare class CORSMiddlewareBuilder implements Configurable<S>, Worker<Input, Output> {
+    private settingsManager;
+    constructor(settingsManager: SettingsManager<S>);
+    s(): S;
+    exec(_input: Input): Output;
+}
+export {};

package/dist/esm/target/lib/server-hono/CORSMiddlewareBuilder.js ADDED Viewed

@@ -0,0 +1,46 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+import { cors } from 'hono/cors';
+import { inject, injectable } from 'inversify';
+let CORSMiddlewareBuilder = class CORSMiddlewareBuilder {
+    settingsManager;
+    constructor(settingsManager) {
+        this.settingsManager = settingsManager;
+    }
+    s() {
+        return {
+            server_cors_credentials: this.settingsManager.get()('server_cors_credentials'),
+            server_cors_headers: this.settingsManager.get()('server_cors_headers'),
+            server_cors_methods: this.settingsManager.get()('server_cors_methods'),
+            server_cors_origins: this.settingsManager.get()('server_cors_origins'),
+            server_public_api_key_header_name: this.settingsManager.get()('server_public_api_key_header_name'),
+        };
+    }
+    exec(_input) {
+        return cors({
+            allowHeaders: [
+                ...this.s().server_cors_headers,
+                this.s().server_public_api_key_header_name,
+            ],
+            allowMethods: this.s().server_cors_methods,
+            credentials: true,
+            origin: this.s().server_cors_origins,
+        });
+    }
+};
+CORSMiddlewareBuilder = __decorate([
+    injectable(),
+    __param(0, inject('SettingsManager')),
+    __metadata("design:paramtypes", [Object])
+], CORSMiddlewareBuilder);
+export { CORSMiddlewareBuilder };

package/dist/esm/target/lib/server-hono/funcs.d.ts CHANGED Viewed

@@ -4,8 +4,9 @@ import type { AppManifest } from '../../../app/index.js';
 import type { UCDef, UCHTTPContract, UCInput, UCManager, UCOPIBase } from '../../../uc/index.js';
 import type { CustomerFacingErrorBuilder } from '../server/CustomerFacingErrorBuilder.js';
 import type { ServerRequestHandler, ServerRequestHandlerReq, ServerRequestHandlerRes } from '../server/ServerRequestHandler.js';
+import type { CORSMiddlewareBuilder } from './CORSMiddlewareBuilder.js';
 export declare function buildHandler<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>(appManifest: AppManifest, ucd: UCDef<I, OPI0, OPI1>, contract: UCHTTPContract, serverRequestHandler: ServerRequestHandler, ucManager: UCManager, beforeExec?: (c: Context) => Promise<void>): Handler;
-export declare function init<E extends Env = BlankEnv>(customerFacingErrorBuilder: CustomerFacingErrorBuilder): Hono<E>;
+export declare function init<E extends Env = BlankEnv>(corsMB: CORSMiddlewareBuilder, customerFacingErrorBuilder: CustomerFacingErrorBuilder): Hono<E>;
 export declare function mountHandler(contract: UCHTTPContract, hono: Hono, handler: Handler): void;
 export declare function toReq(c: Context): ServerRequestHandlerReq;
 export declare function toRes(c: Context): ServerRequestHandlerRes;

package/dist/esm/target/lib/server-hono/funcs.js CHANGED Viewed

@@ -3,7 +3,7 @@ import { deleteCookie, getCookie, setCookie } from 'hono/cookie';
 import { logger } from 'hono/logger';
 import { secureHeaders } from 'hono/secure-headers';
 import { NotFoundError } from '../../../error/index.js';
-import { fmtSingleDataMsg, fmtSSEError, fromFormData, isError, SSE_HEADERS, } from '../../../utils/index.js';
+import { defaultStreamOnClose, fmtSingleDataMsg, fmtSSEError, fromFormData, isError, SSE_HEADERS, } from '../../../utils/index.js';
 export function buildHandler(appManifest, ucd, contract, serverRequestHandler, ucManager, beforeExec) {
     const { envelope } = contract;
     const handler = async (c) => {
@@ -28,10 +28,12 @@ export function buildHandler(appManifest, ucd, contract, serverRequestHandler, u
                             ctrl.close();
                             closed = true;
                         };
+                        let streamedOnce = false;
                         execOpts = {
                             stream: {
-                                onClose: async () => { },
+                                onClose: defaultStreamOnClose(streamedOnce),
                                 onData: async (output) => {
+                                    streamedOnce = true;
                                     if (!output || closed) {
                                         return;
                                     }
@@ -86,9 +88,10 @@ export function buildHandler(appManifest, ucd, contract, serverRequestHandler, u
     };
     return handler;
 }
-export function init(customerFacingErrorBuilder) {
+export function init(corsMB, customerFacingErrorBuilder) {
     const app = new Hono();
     app.use(secureHeaders());
+    app.use(corsMB.exec({}));
     app.use(logger());
     app.notFound((c) => {
         const error = new NotFoundError();

package/dist/esm/target/lib/shared.d.ts CHANGED Viewed

@@ -1,2 +1,7 @@
+import type { SemVerVersion } from '../../dt/index.js';
+import type { HTTPHeaderName } from '../../utils/index.js';
 export type AuthCookieName = 'auth';
 export type PublicApiKeyHeaderName = 'X-API-Key' | (string & {});
+export declare const AUTHORIZATION_HEADER_NAME: HTTPHeaderName;
+export declare const X_FORWARDED_PROTO_HEADER_NAME: HTTPHeaderName;
+export declare const DEFAULT_VERSION: SemVerVersion;

package/dist/esm/target/lib/shared.js CHANGED Viewed

@@ -1 +1,3 @@
-export {};
+export const AUTHORIZATION_HEADER_NAME = 'Authorization';
+export const X_FORWARDED_PROTO_HEADER_NAME = 'X-Forwarded-Proto';
+export const DEFAULT_VERSION = '0.1.0';

package/dist/esm/target/nextjs-server/NextJSServerManager.d.ts CHANGED Viewed

@@ -1,6 +1,8 @@
 import type { AppManifest } from '../../app/index.js';
-import type { DirPath } from '../../dt/index.js';
+import type { DirPath, URLPath } from '../../dt/index.js';
+import type { ProductUCsLoaderOutput } from '../../product/index.js';
 import type { UCDef, UCHTTPContract, UCInput, UCManager, UCOPIBase } from '../../uc/index.js';
+import type { OpenAPISpec } from '../lib/openapi/types.js';
 import type { ServerManager } from '../lib/server/ServerManager.js';
 export declare class NextJSServerManager implements ServerManager {
     overrideUCManager(_ucManager: UCManager): void;
@@ -8,6 +10,8 @@ export declare class NextJSServerManager implements ServerManager {
     initSync(): void;
     mount<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>(_appManifest: AppManifest, _ucd: UCDef<I, OPI0, OPI1>, _contract: UCHTTPContract): Promise<void>;
     mountSync<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>(_appManifest: AppManifest, _ucd: UCDef<I, OPI0, OPI1>, _contract: UCHTTPContract): void;
+    mountMCP(_ucs: ProductUCsLoaderOutput, _at: URLPath): Promise<void>;
+    mountOpenAPISpec(_spec: OpenAPISpec, _at: URLPath): Promise<void>;
     mountStaticDir(_dirPath: DirPath): Promise<void>;
     start(): Promise<void>;
     stop(): Promise<void>;

package/dist/esm/target/nextjs-server/NextJSServerManager.js CHANGED Viewed

@@ -21,6 +21,12 @@ let NextJSServerManager = class NextJSServerManager {
     mountSync(_appManifest, _ucd, _contract) {
         // Nothing to do
     }
+    async mountMCP(_ucs, _at) {
+        // Nothing to do
+    }
+    async mountOpenAPISpec(_spec, _at) {
+        // Nothing to do
+    }
     async mountStaticDir(_dirPath) {
         // Nothing to do
     }

package/dist/esm/target/node-express-server/NodeExpressServerManager.d.ts CHANGED Viewed

@@ -1,29 +1,35 @@
-import { type Express } from 'express';
+import { type Express, type RequestHandler } from 'express';
 import type { AppManifest } from '../../app/index.js';
-import type { DirPath } from '../../dt/index.js';
+import type { DirPath, URLPath } from '../../dt/index.js';
+import type { ProductUCsLoaderOutput } from '../../product/index.js';
 import type { Configurable, EnvironmentManager, Logger, LoggerSettings, SettingsManager } from '../../std/index.js';
 import type { UCDef, UCHTTPContract, UCInput, UCManager, UCOPIBase } from '../../uc/index.js';
+import type { MCPHTTPRequestHandlerBuilder } from '../lib/mcp-server/http/MCPHTTPRequestHandlerBuilder.js';
+import type { OpenAPISpec } from '../lib/openapi/types.js';
 import { CustomerFacingErrorBuilder } from '../lib/server/CustomerFacingErrorBuilder.js';
 import { EntrypointsBuilder } from '../lib/server/EntrypointsBuilder.js';
 import type { ServerManager, ServerManagerSettings } from '../lib/server/ServerManager.js';
 import { ServerRequestHandler } from '../lib/server/ServerRequestHandler.js';
 import { ServerSSLCertLoader } from '../lib/server/ServerSSLCertLoader.js';
+import { CORSMiddlewareBuilder } from '../lib/server-express/CORSMiddlewareBuilder.js';
 import { HelmetMiddlewareBuilder } from '../lib/server-express/HelmetMiddlewareBuilder.js';
 import type { ListenSettings, StopSettings } from '../lib/server-node/types.js';
 type S = ListenSettings & Pick<LoggerSettings, 'logger_level'> & Pick<ServerManagerSettings, 'server_tmp_path'> & StopSettings;
 export declare class NodeExpressServerManager implements Configurable<S>, ServerManager {
+    private corsMiddlewareBuilder;
     private customerFacingErrorBuilder;
     private entrypointsBuilder;
     protected environmentManager: EnvironmentManager;
-    private helmetMB;
+    private helmetMiddlewareBuilder;
     protected logger: Logger;
+    private mcpHTTPRequestHandlerBuilder;
     private serverRequestHandler;
     private serverSSLCertLoader;
     private settingsManager;
     private ucManager;
     protected runtime: Express;
     private server;
-    constructor(customerFacingErrorBuilder: CustomerFacingErrorBuilder, entrypointsBuilder: EntrypointsBuilder, environmentManager: EnvironmentManager, helmetMB: HelmetMiddlewareBuilder, logger: Logger, serverRequestHandler: ServerRequestHandler, serverSSLCertLoader: ServerSSLCertLoader, settingsManager: SettingsManager<S>, ucManager: UCManager);
+    constructor(corsMiddlewareBuilder: CORSMiddlewareBuilder, customerFacingErrorBuilder: CustomerFacingErrorBuilder, entrypointsBuilder: EntrypointsBuilder, environmentManager: EnvironmentManager, helmetMiddlewareBuilder: HelmetMiddlewareBuilder, logger: Logger, mcpHTTPRequestHandlerBuilder: MCPHTTPRequestHandlerBuilder<RequestHandler>, serverRequestHandler: ServerRequestHandler, serverSSLCertLoader: ServerSSLCertLoader, settingsManager: SettingsManager<S>, ucManager: UCManager);
     s(): S;
     getRuntime(): Express;
     overrideUCManager(ucManager: UCManager): void;
@@ -31,6 +37,8 @@ export declare class NodeExpressServerManager implements Configurable<S>, Server
     initSync(): void;
     mount<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>(appManifest: AppManifest, ucd: UCDef<I, OPI0, OPI1>, contract: UCHTTPContract): Promise<void>;
     mountSync<I extends UCInput | undefined = undefined, OPI0 extends UCOPIBase | undefined = undefined, OPI1 extends UCOPIBase | undefined = undefined>(appManifest: AppManifest, ucd: UCDef<I, OPI0, OPI1>, contract: UCHTTPContract): void;
+    mountMCP(ucs: ProductUCsLoaderOutput, at: URLPath): Promise<void>;
+    mountOpenAPISpec(spec: OpenAPISpec, at: URLPath): Promise<void>;
     mountStaticDir(dirPath: DirPath): Promise<void>;
     start(): Promise<void>;
     stop(): Promise<void>;