spiceflow 1.6.1 → 1.6.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "spiceflow",
-  "version": "1.6.1",
+  "version": "1.6.2",
   "description": "Simple API framework with RPC and type safety",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -45,6 +45,7 @@
     "ajv": "^8.17.1",
     "ajv-formats": "^3.0.1",
     "eventsource-parser": "^3.0.0",
+    "lodash.clonedeep": "^4.5.0",
     "openapi-types": "^12.1.3",
     "superjson": "^2.2.2",
     "zod": "^3.24.1",
@@ -59,7 +60,8 @@
     }
   },
   "devDependencies": {
-    "@types/node": "22.12.0",
+    "@types/lodash.clonedeep": "^4.5.9",
+    "@types/node": "22.13.4",
     "eventsource": "^3.0.5",
     "formdata-node": "^6.0.3",
     "js-base64": "^3.7.7",

package/src/client.test.ts

@@ -234,12 +234,19 @@ describe('client', () => {
 
   it('stream return', async () => {
     const { data } = await client['stream-return'].get()
-    expect(data).toEqual('a')
+    let all = ''
+    for await (const chunk of data!) {
+      all += chunk
+    }
+    expect(all).toEqual('a')
   })
   it('stream return async', async () => {
-    const { data } = await client['stream-return-async'].get({})
-    // console.log(data)
-    expect(data).toEqual('a')
+    const { data } = await client['stream-return-async'].get()
+    let all = ''
+    for await (const chunk of data!) {
+      all += chunk
+    }
+    expect(all).toEqual('a')
   })
   it('post zodAny', async () => {
     const body = [{ key: 'value' }, 123, 'string', true, null]

package/src/cors.ts

@@ -27,7 +27,7 @@ export const cors = (options?: CORSOptions): MiddlewareHandler => {
     allowHeaders: [],
     exposeHeaders: [],
     credentials: true,
-    cacheAge: 21600 // 6 hours default
+    cacheAge: 21600, // 6 hours default
   }
   const opts = {
     ...defaults,
@@ -49,7 +49,16 @@ export const cors = (options?: CORSOptions): MiddlewareHandler => {
     let response = await next()
 
     function set(key: string, value: string) {
-      response.headers.set(key, value)
+      try {
+        response.headers.set(key, value)
+      } catch (error) {
+        if (error instanceof TypeError && error.message.includes('immutable')) {
+          response = new Response(response.body, response)
+          set(key, value)
+        } else {
+          throw error
+        }
+      }
     }
 
     const allowOrigin = findAllowOrigin(c.request.headers.get('origin') || '')
@@ -82,10 +91,13 @@ export const cors = (options?: CORSOptions): MiddlewareHandler => {
       if (opts.cacheAge && opts.cacheAge > 0) {
         // CORS preflight cache
         set('Access-Control-Max-Age', opts.cacheAge.toString())
-        
+
         // Browser cache and CDN cache
-        set('Cache-Control', `public, max-age=${opts.cacheAge}, s-maxage=${opts.cacheAge}`)
-        
+        set(
+          'Cache-Control',
+          `public, max-age=${opts.cacheAge}, s-maxage=${opts.cacheAge}`,
+        )
+
         // Additional CDN-specific headers
         set('CDN-Cache-Control', `public, s-maxage=${opts.cacheAge}`)
         set('Cloudflare-CDN-Cache-Control', `public, s-maxage=${opts.cacheAge}`)

package/src/error.ts

@@ -11,8 +11,8 @@ const env =
 export const ERROR_CODE = Symbol('SpiceflowErrorCode')
 export type ERROR_CODE = typeof ERROR_CODE
 
-export const ELYSIA_RESPONSE = Symbol('SpiceflowResponse')
-export type ELYSIA_RESPONSE = typeof ELYSIA_RESPONSE
+export const SPICEFLOW_RESPONSE = Symbol('SpiceflowResponse')
+export type SPICEFLOW_RESPONSE = typeof SPICEFLOW_RESPONSE
 
 export const isProduction = (env?.NODE_ENV ?? env?.ENV) === 'production'
 

package/src/mcp.test.ts

@@ -85,7 +85,6 @@ describe('MCP Plugin', () => {
             "description": "GET /goSomething",
             "inputSchema": {
               "properties": {},
-              "required": [],
               "type": "object",
             },
             "name": "GET /goSomething",
@@ -94,18 +93,15 @@ describe('MCP Plugin', () => {
             "description": "GET /users",
             "inputSchema": {
               "properties": {},
-              "required": [],
               "type": "object",
             },
             "name": "GET /users",
           },
           {
-            "description": "GET /somethingElse/:id",
+            "description": "GET /somethingElse/{id}",
             "inputSchema": {
               "properties": {
                 "params": {
-                  "$schema": "http://json-schema.org/draft-07/schema#",
-                  "additionalProperties": false,
                   "properties": {
                     "id": {
                       "type": "string",
@@ -117,24 +113,20 @@ describe('MCP Plugin', () => {
                   "type": "object",
                 },
               },
-              "required": [],
               "type": "object",
             },
-            "name": "GET /somethingElse/:id",
+            "name": "GET /somethingElse/{id}",
           },
           {
             "description": "GET /search",
             "inputSchema": {
               "properties": {
                 "query": {
-                  "$schema": "http://json-schema.org/draft-07/schema#",
-                  "additionalProperties": false,
                   "properties": {
                     "limit": {
                       "type": "number",
                     },
                     "q": {
-                      "description": "Search query",
                       "type": "string",
                     },
                   },
@@ -145,7 +137,6 @@ describe('MCP Plugin', () => {
                   "type": "object",
                 },
               },
-              "required": [],
               "type": "object",
             },
             "name": "GET /search",
@@ -195,12 +186,12 @@ describe('MCP Plugin', () => {
         {
           "mimeType": "application/json",
           "name": "GET /goSomething",
-          "uri": "http://localhost:4000/goSomething",
+          "uri": "http://localhost/goSomething",
         },
         {
           "mimeType": "application/json",
           "name": "GET /users",
-          "uri": "http://localhost:4000/users",
+          "uri": "http://localhost/users",
         },
       ]
     `)

package/src/mcp.ts

@@ -10,6 +10,7 @@ import { zodToJsonSchema } from 'zod-to-json-schema'
 import { SSEServerTransportSpiceflow } from './mcp-transport.js'
 import { isZodSchema, Spiceflow } from './spiceflow.js'
 import { OpenAPIV3 } from 'openapi-types'
+import { openapi } from './openapi.js'
 
 function getJsonSchema(schema: any) {
   if (!schema) return undefined
@@ -20,12 +21,75 @@ function getJsonSchema(schema: any) {
   }
   return schema
 }
+const transports = new Map<string, SSEServerTransportSpiceflow>()
+function getOperationRequestBody(
+  operation: OpenAPIV3.OperationObject,
+): OpenAPIV3.SchemaObject | undefined {
+  if (!operation.requestBody) return undefined
+
+  const requestBody = operation.requestBody as OpenAPIV3.RequestBodyObject
+  const content = requestBody.content['application/json']
+  return content?.schema as OpenAPIV3.SchemaObject
+}
 
-export const mcp = <Path extends string = '/mcp'>({
-  path = '/mcp' as Path,
+function getOperationParameters(operation: OpenAPIV3.OperationObject): {
+  queryParams?: OpenAPIV3.SchemaObject
+  pathParams?: OpenAPIV3.SchemaObject
+} {
+  if (!operation.parameters) return {}
+
+  const queryProperties: Record<string, OpenAPIV3.SchemaObject> = {}
+  const pathProperties: Record<string, OpenAPIV3.SchemaObject> = {}
+  const queryRequired: string[] = []
+  const pathRequired: string[] = []
+
+  operation.parameters.forEach((param) => {
+    if ('$ref' in param) return // TODO referenced parameters
+    
+    if (param.in === 'query') {
+      queryProperties[param.name] = param.schema as OpenAPIV3.SchemaObject
+      if (param.required) queryRequired.push(param.name)
+    } else if (param.in === 'path') {
+      pathProperties[param.name] = param.schema as OpenAPIV3.SchemaObject
+      if (param.required) pathRequired.push(param.name)
+    }
+  })
+
+  const result: {
+    queryParams?: OpenAPIV3.SchemaObject
+    pathParams?: OpenAPIV3.SchemaObject
+  } = {}
+
+  if (Object.keys(queryProperties).length > 0) {
+    result.queryParams = {
+      type: 'object',
+      properties: queryProperties,
+      required: queryRequired.length > 0 ? queryRequired : undefined,
+    }
+  }
+
+  if (Object.keys(pathProperties).length > 0) {
+    result.pathParams = {
+      type: 'object',
+      properties: pathProperties,
+      required: pathRequired.length > 0 ? pathRequired : undefined,
+    }
+  }
+
+  return result
+}
+
+function createMCPServer({
   name = 'spiceflow',
   version = '1.0.0',
-} = {}) => {
+  openapi,
+  app,
+}: {
+  name?: string
+  version?: string
+  openapi: OpenAPIV3.Document
+  app: Spiceflow
+}) {
   const server = new Server(
     { name, version },
     {
@@ -36,213 +100,234 @@ export const mcp = <Path extends string = '/mcp'>({
     },
   )
 
-  const transports = new Map<string, SSEServerTransportSpiceflow>()
-  const messagePath = path + '/message'
-  let app = new Spiceflow({ name: 'mcp' })
-    .post(messagePath, async ({ request, query }) => {
-      const sessionId = query.sessionId!
-
-      const t = transports.get(sessionId)
-      if (!t) {
-        return new Response('Session not found', { status: 404 })
-      }
-
-      await t.handlePostMessage(request)
-      return 'ok'
-    })
-    .get(path, async ({ request }) => {
-      const transport = new SSEServerTransportSpiceflow(messagePath)
-      transports.set(transport.sessionId, transport)
-      server.onclose = () => {
-        transports.delete(transport.sessionId)
-      }
-      await server.connect(transport)
-
-      request.signal.addEventListener('abort', () => {
-        transport.close().catch((error) => {
-          console.error('Error closing transport:', error)
-        })
-      })
-
-      if (request.method === 'POST') {
-        return await transport.handlePostMessage(request)
-      }
-      let routes = app
-        .getAllRoutes()
-        .filter((x) => x.path !== path && x.path !== messagePath)
-
-      server.setRequestHandler(ListToolsRequestSchema, async () => {
-        return {
-          tools: routes.map((route) => {
-            const bodySchema = getJsonSchema(route.hooks?.body)
-            const querySchema = getJsonSchema(route.hooks?.query)
-            const paramsSchema = getJsonSchema(route.hooks?.params)
-
+  server.setRequestHandler(ListToolsRequestSchema, async () => {
+    const tools = Object.entries(openapi.paths)
+      .filter(
+        ([path]) => !['/mcp-openapi', '/mcp', '/mcp/message'].includes(path),
+      )
+      .flatMap(([path, pathObj]) =>
+        Object.entries(pathObj || {})
+          .filter(([method]) => method !== 'parameters')
+          .map(([method, operation]) => {
             const properties: Record<string, any> = {}
             const required: string[] = []
 
-            if (bodySchema) {
-              properties.body = bodySchema
+            const requestBody = getOperationRequestBody(
+              operation as OpenAPIV3.OperationObject,
+            )
+            if (requestBody) {
+              properties.body = requestBody
               required.push('body')
             }
-            if (querySchema?.properties) {
-              properties.query = querySchema
+
+            const { queryParams, pathParams } = getOperationParameters(
+              operation as OpenAPIV3.OperationObject,
+            )
+            if (queryParams) {
+              properties.query = queryParams
             }
-            if (paramsSchema?.properties) {
-              properties.params = paramsSchema
+            if (pathParams) {
+              properties.params = pathParams
             }
 
             return {
-              name: getRouteName({ method: route.method, path: route.path }),
-
+              name: getRouteName({ method, path }),
               description:
-                route.hooks?.detail?.description ||
-                `${route.method} ${route.path}`,
+                (operation as OpenAPIV3.OperationObject).description ||
+                (operation as OpenAPIV3.OperationObject).summary ||
+                `${method.toUpperCase()} ${path}`,
               inputSchema: {
                 type: 'object',
                 properties,
-                required,
+                required: required.length > 0 ? required : undefined,
               },
             }
           }),
-        }
-      })
+      )
 
-      server.setRequestHandler(CallToolRequestSchema, async (request) => {
-        const toolName = request.params.name
-        let { path, method } = getPathFromToolName(toolName)
+    return { tools }
+  })
 
-        const route = routes.find(
-          (r) =>
-            r.method.toUpperCase() === method.toUpperCase() && r.path === path,
-        )
+  server.setRequestHandler(CallToolRequestSchema, async (request) => {
+    const toolName = request.params.name
+    let { path, method } = getPathFromToolName(toolName)
 
-        if (!route) {
-          return {
-            content: [{ type: 'text', text: `Tool ${toolName} not found` }],
-            isError: true,
-          }
-        }
-
-        try {
-          const { body, query, params } = request.params.arguments || {}
-
-          if (params) {
-            Object.entries(params).forEach(([key, value]) => {
-              path = path.replace(`:${key}`, encodeURIComponent(String(value)))
-            })
-          }
-          const url = new URL(`http://localhost${path}`)
-          if (query) {
-            Object.entries(query).forEach(([key, value]) => {
-              url.searchParams.set(key, String(value))
-            })
-          }
-
-          const response = await app.topLevelApp!.handle(
-            new Request(url, {
-              method: route.method,
-              headers: {
-                'content-type': 'application/json',
-              },
-              body: body ? JSON.stringify(body) : undefined,
-            }),
-          )
+    const pathObj = openapi.paths[path]
+    if (!pathObj || !pathObj[method.toLowerCase()]) {
+      return {
+        content: [{ type: 'text', text: `Tool ${toolName} not found` }],
+        isError: true,
+      }
+    }
 
-          const isError = !response.ok
+    try {
+      const { body, query, params } = request.params.arguments || {}
 
-          const contentType = response.headers.get('content-type')
-          if (contentType?.includes('application/json')) {
-            const json = await response.json()
-            return {
-              isError,
-              content: [{ type: 'text', text: JSON.stringify(json, null, 2) }],
-            }
-          }
-
-          const text = await response.text()
-          return {
-            isError,
-            content: [{ type: 'text', text }],
-          }
-        } catch (error: any) {
-          return {
-            content: [{ type: 'text', text: error.message || 'Unknown error' }],
-            isError: true,
-          }
-        }
-      })
-      const resourcesRoutes = routes.filter((route) => {
-        if (route.method !== 'GET') return false
+      if (params) {
+        Object.entries(params).forEach(([key, value]) => {
+          path = path.replace(`{${key}}`, encodeURIComponent(String(value)))
+        })
+      }
 
-        if (route.path.includes(':')) return false
+      const url = new URL(`http://localhost${path}`)
+      if (query) {
+        Object.entries(query).forEach(([key, value]) => {
+          url.searchParams.set(key, String(value))
+        })
+      }
 
-        const querySchema = route.hooks?.query
+      const response = await app.handle(
+        new Request(url, {
+          method: method,
+          headers: {
+            'content-type': 'application/json',
+          },
+          body: body ? JSON.stringify(body) : undefined,
+        }),
+      )
+
+      const isError = !response.ok
+      const contentType = response.headers.get('content-type')
+
+      if (contentType?.includes('application/json')) {
+        const json = await response.json()
+        return {
+          isError,
+          content: [{ type: 'text', text: JSON.stringify(json, null, 2) }],
+        }
+      }
 
-        if (querySchema) {
-          const jsonSchema = getJsonSchema(querySchema)
-          if (jsonSchema?.required?.length) {
-            return false
-          }
+      const text = await response.text()
+      return {
+        isError,
+        content: [{ type: 'text', text }],
+      }
+    } catch (error: any) {
+      return {
+        content: [{ type: 'text', text: error.message || 'Unknown error' }],
+        isError: true,
+      }
+    }
+  })
+
+  server.setRequestHandler(ListResourcesRequestSchema, async () => {
+    const resources: { uri: string; mimeType: string; name: string }[] = []
+    for (const [path, pathObj] of Object.entries(openapi.paths)) {
+      if (path.startsWith('/mcp')) {
+        continue
+      }
+      const getOperation = pathObj?.get as OpenAPIV3.OperationObject
+      if (getOperation && !path.includes('{')) {
+        const { queryParams } = getOperationParameters(getOperation)
+        const hasRequiredQuery =
+          queryParams?.required && queryParams.required.length > 0
+
+        if (!hasRequiredQuery) {
+          resources.push({
+            uri: new URL(path, 'http://localhost').href,
+            mimeType: 'application/json',
+            name: `GET ${path}`,
+          })
         }
+      }
+    }
+    return { resources }
+  })
+
+  server.setRequestHandler(ReadResourceRequestSchema, async (request) => {
+    const resourceUrl = new URL(request.params.uri)
+    const path = resourceUrl.pathname
+
+    const pathObj = openapi.paths[path]
+    if (!pathObj?.get) {
+      throw new Error('Resource not found')
+    }
+
+    const response = await app.handle(
+      new Request(resourceUrl, {
+        method: 'GET',
+        headers: {
+          'content-type': 'application/json',
+        },
+      }),
+    )
+
+    const contentType = response.headers.get('content-type')
+    const text = await response.text()
+
+    if (contentType?.includes('application/json')) {
+      return {
+        contents: [
+          {
+            uri: request.params.uri,
+            mimeType: 'application/json',
+            text: text,
+          },
+        ],
+      }
+    }
+
+    return {
+      contents: [
+        {
+          uri: request.params.uri,
+          mimeType: 'text/plain',
+          text,
+        },
+      ],
+    }
+  })
+
+  return { server, transports }
+}
 
-        return true
-      })
-      server.setRequestHandler(ListResourcesRequestSchema, async () => {
-        const resources = resourcesRoutes.map((route) => ({
-          uri: new URL(route.path, `http://${request.headers.get('host')}`)
-            .href,
-          mimeType: 'application/json',
-          name: `GET ${route.path}`,
-        }))
-        return { resources }
-      })
+export const mcp = <Path extends string = '/mcp'>({
+  path = '/mcp' as Path,
+  name = 'spiceflow',
+  version = '1.0.0',
+} = {}) => {
+  const messagePath = path + '/message'
 
-      server.setRequestHandler(ReadResourceRequestSchema, async (request) => {
-        const resourceUrl = new URL(request.params.uri)
-        const path = resourceUrl.pathname
+  let app = new Spiceflow({ name: 'mcp' })
+    .use(openapi({ path: '/mcp-openapi' }))
+    .post(messagePath, async ({ request, query }) => {
+      const sessionId = query.sessionId!
 
-        const route = resourcesRoutes.find(
-          (route) => route.path === path && route.method === 'GET',
-        )
-        if (!route) {
-          throw new Error('Resource not found')
-        }
+      const t = transports.get(sessionId)
+      if (!t) {
+        return new Response('Session not found', { status: 404 })
+      }
 
-        const response = await app.topLevelApp!.handle(
-          new Request(resourceUrl, {
-            method: 'GET',
-            headers: {
-              'content-type': 'application/json',
-            },
-          }),
-        )
-
-        const contentType = response.headers.get('content-type')
-        const text = await response.text()
-        if (contentType?.includes('application/json')) {
-          return {
-            contents: [
-              {
-                uri: request.params.uri,
-                mimeType: 'application/json',
-                text: text,
-              },
-            ],
-          }
-        }
+      await t.handlePostMessage(request)
+      return 'ok'
+    })
+    .get(path, async ({ request }) => {
+      const transport = new SSEServerTransportSpiceflow(messagePath)
+      transports.set(transport.sessionId, transport)
+      const openapi = await app
+        .topLevelApp!.handle(new Request('http://localhost/mcp-openapi'))
+        .then((r) => r.json())
+      const { server } = createMCPServer({
+        name,
+        version,
+        openapi,
+        app: app!.topLevelApp!,
+      })
+      server.onclose = () => {
+        transports.delete(transport.sessionId)
+      }
+      await server.connect(transport)
 
-        return {
-          contents: [
-            {
-              uri: request.params.uri,
-              mimeType: 'text/plain',
-              text,
-            },
-          ],
-        }
+      request.signal.addEventListener('abort', () => {
+        transport.close().catch((error) => {
+          console.error('Error closing transport:', error)
+        })
       })
 
+      if (request.method === 'POST') {
+        return await transport.handlePostMessage(request)
+      }
+
       return transport.response
     })