waypoi 0.0.0

package/dist/src/mcp/service.js

@@ -0,0 +1,460 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createMcpService = createMcpService;
+const crypto_1 = require("crypto");
+const fs_1 = require("fs");
+const path_1 = __importDefault(require("path"));
+const zod_1 = require("zod");
+const mcp_js_1 = require("@modelcontextprotocol/sdk/server/mcp.js");
+const streamableHttp_js_1 = require("@modelcontextprotocol/sdk/server/streamableHttp.js");
+const types_js_1 = require("@modelcontextprotocol/sdk/types.js");
+const imageGeneration_1 = require("../services/imageGeneration");
+const imageUnderstanding_1 = require("../services/imageUnderstanding");
+const videoGeneration_1 = require("../services/videoGeneration");
+const policy_1 = require("./policy");
+const defaultDeps = {
+    runImageGeneration: imageGeneration_1.runImageGeneration,
+    normalizeImageGenerationPayload: imageGeneration_1.normalizeImageGenerationPayload,
+    runImageUnderstanding: imageUnderstanding_1.runImageUnderstanding,
+    runVideoGeneration: videoGeneration_1.runVideoGeneration,
+    resolveVideoGenerationModel: videoGeneration_1.resolveVideoGenerationModel,
+};
+const GENERATE_IMAGE_TOOL_DESCRIPTION = "Generate or edit images from a text prompt. Supports text-to-image and image-to-image editing. Successful calls always write files to the waypoi config directory (~/.config/waypoi/generated-images by default; override with WAYPOI_MCP_OUTPUT_ROOT). Report file_path or file_paths to the user. Use include_data=true only when inline image data is also needed.";
+const UNDERSTAND_IMAGE_TOOL_DESCRIPTION = "Analyze one image and return structured text. Provide exactly one of image_path (local file) or image_url (http/https or data URL). Use the instruction parameter to specify what analysis you need (e.g., 'describe the image', 'find all objects and their bounding boxes', 'extract text via OCR'). If returning points or boxes, use original-image pixel coordinates. Keep instruction concise and specify the output format you expect.";
+const GENERATE_VIDEO_TOOL_DESCRIPTION = "Generate videos from text prompts or images. Supports text-to-video and image-to-video generation using Alibaba Cloud ModelStudio (Wan models). Videos are generated asynchronously and may take 1-5 minutes. Returns a URL to the generated MP4 video (H.264 encoding). Provide a detailed prompt describing the desired video content, style, and camera movement. Optionally provide an image_url to use as the first frame for image-to-video generation.";
+function createMcpService(paths, deps = {}) {
+    const resolvedDeps = {
+        ...defaultDeps,
+        ...deps,
+    };
+    const sessions = new Map();
+    const createServer = () => {
+        const server = new mcp_js_1.McpServer({
+            name: "waypoi-mcp",
+            version: "0.7.1",
+        }, {
+            capabilities: {},
+        });
+        server.registerTool("generate_image", {
+            description: GENERATE_IMAGE_TOOL_DESCRIPTION,
+            inputSchema: {
+                prompt: zod_1.z.string().min(1),
+                model: zod_1.z.string().optional(),
+                image_path: zod_1.z.string().optional(),
+                image_url: zod_1.z.string().optional(),
+                n: zod_1.z.number().int().min(1).max(4).optional(),
+                size: zod_1.z.string().optional(),
+                quality: zod_1.z.string().optional(),
+                style: zod_1.z.string().optional(),
+                response_format: zod_1.z.enum(["url", "b64_json"]).optional(),
+                include_data: zod_1.z.boolean().optional(),
+            },
+        }, async (args) => {
+            const controller = new AbortController();
+            const timeout = setTimeout(() => controller.abort(), 60_000);
+            try {
+                (0, policy_1.validateAtMostOneImageInput)({
+                    image_path: args.image_path,
+                    image_url: args.image_url,
+                });
+                const resolvedImageUrl = await resolveOptionalImageInputToUrl({
+                    image_path: args.image_path,
+                    image_url: args.image_url,
+                });
+                const filePolicy = (0, policy_1.resolveBinaryOutputPolicy)({ include_data: args.include_data }, { defaultBaseDir: paths.baseDir });
+                const hasFileOutput = true;
+                // File output requires decodable bytes; force b64_json upstream even if caller asks for "url".
+                const responseFormat = hasFileOutput ? "b64_json" : (args.response_format ?? "b64_json");
+                const request = {
+                    prompt: args.prompt,
+                    model: args.model,
+                    n: args.n,
+                    size: args.size,
+                    quality: args.quality,
+                    style: args.style,
+                    response_format: responseFormat,
+                    image_url: resolvedImageUrl,
+                };
+                const generated = await resolvedDeps.runImageGeneration(paths, request, {}, controller.signal);
+                const normalized = await resolvedDeps.normalizeImageGenerationPayload(paths, generated.payload, generated.model);
+                const artifacts = await materializeImagesToFiles(normalized.images, normalized.created, {
+                    outputDir: filePolicy.outputDir,
+                    includeData: filePolicy.includeData,
+                    outputBaseRoot: filePolicy.outputBaseRoot,
+                });
+                const filePaths = artifacts.map((artifact) => artifact.file_path);
+                const summary = buildGenerateImageSummary(filePaths.length);
+                const output = {
+                    ok: true,
+                    summary,
+                    model: normalized.model,
+                    created: normalized.created,
+                    ...(filePaths.length === 1
+                        ? { file_path: filePaths[0] }
+                        : { file_paths: filePaths }),
+                    artifacts,
+                };
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: JSON.stringify(buildGenerateImageTextPayload(output)),
+                        },
+                    ],
+                    structuredContent: output,
+                };
+            }
+            catch (error) {
+                const typed = error;
+                const type = typed.type ?? "upstream_error";
+                const message = type === "no_diffusion_model"
+                    ? "No diffusion model available. Add or enable a provider model."
+                    : typed.message || "Image generation failed";
+                const output = {
+                    ok: false,
+                    error: {
+                        type,
+                        message,
+                    },
+                };
+                return {
+                    isError: true,
+                    content: [
+                        {
+                            type: "text",
+                            text: JSON.stringify(output),
+                        },
+                    ],
+                    structuredContent: output,
+                };
+            }
+            finally {
+                clearTimeout(timeout);
+            }
+        });
+        server.registerTool("understand_image", {
+            description: UNDERSTAND_IMAGE_TOOL_DESCRIPTION,
+            inputSchema: {
+                image_path: zod_1.z.string().optional(),
+                image_url: zod_1.z.string().optional(),
+                instruction: zod_1.z.string().optional(),
+                model: zod_1.z.string().optional(),
+                max_tokens: zod_1.z.number().int().min(1).max(4096).optional(),
+                temperature: zod_1.z.number().min(0).max(2).optional(),
+            },
+        }, async (args) => {
+            const controller = new AbortController();
+            const timeout = setTimeout(() => controller.abort(), 60_000);
+            try {
+                (0, policy_1.validateSingleImageInput)({
+                    image_path: args.image_path,
+                    image_url: args.image_url,
+                });
+                const result = await resolvedDeps.runImageUnderstanding(paths, {
+                    image_path: args.image_path,
+                    image_url: args.image_url,
+                    instruction: args.instruction,
+                    model: args.model,
+                    max_tokens: args.max_tokens,
+                    temperature: args.temperature,
+                }, controller.signal);
+                const summary = "Image analyzed.";
+                const output = {
+                    ok: true,
+                    summary,
+                    model: result.model,
+                    text: result.raw_text,
+                    result: result.analysis,
+                    ...(result.image_geometry ? { image_geometry: result.image_geometry } : {}),
+                    ...(result.usage ? { usage: result.usage } : {}),
+                };
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: JSON.stringify({
+                                ok: true,
+                                summary,
+                                model: result.model,
+                                text: result.raw_text,
+                            }),
+                        },
+                    ],
+                    structuredContent: output,
+                };
+            }
+            catch (error) {
+                const typed = error;
+                const type = typed.type ?? "upstream_error";
+                const output = {
+                    ok: false,
+                    error: {
+                        type,
+                        message: typed.message || "Image understanding failed",
+                    },
+                };
+                return {
+                    isError: true,
+                    content: [{ type: "text", text: JSON.stringify(output) }],
+                    structuredContent: output,
+                };
+            }
+            finally {
+                clearTimeout(timeout);
+            }
+        });
+        server.registerTool("generate_video", {
+            description: GENERATE_VIDEO_TOOL_DESCRIPTION,
+            inputSchema: {
+                prompt: zod_1.z.string().min(1),
+                model: zod_1.z.string().optional(),
+                image_url: zod_1.z.string().optional(),
+                audio_url: zod_1.z.string().optional(),
+                duration: zod_1.z.number().int().min(2).max(15).optional(),
+                resolution: zod_1.z.enum(["480P", "720P", "1080P"]).optional(),
+                negative_prompt: zod_1.z.string().optional(),
+                seed: zod_1.z.number().int().min(0).max(2147483647).optional(),
+                watermark: zod_1.z.boolean().optional(),
+                prompt_extend: zod_1.z.boolean().optional(),
+            },
+        }, async (args) => {
+            const controller = new AbortController();
+            const timeout = setTimeout(() => controller.abort(), 300_000);
+            try {
+                const resolvedModel = await resolvedDeps.resolveVideoGenerationModel(paths, args.model);
+                if (!resolvedModel) {
+                    throw (0, policy_1.typedError)("no_video_model", "No video generation model available. Add or enable a provider model.");
+                }
+                const request = {
+                    prompt: args.prompt,
+                    model: resolvedModel,
+                    image_url: args.image_url,
+                    audio_url: args.audio_url,
+                    duration: args.duration,
+                    resolution: args.resolution,
+                    negative_prompt: args.negative_prompt,
+                    seed: args.seed,
+                    watermark: args.watermark,
+                    prompt_extend: args.prompt_extend,
+                };
+                const generated = await resolvedDeps.runVideoGeneration(paths, request, {}, controller.signal);
+                const payload = generated.payload;
+                const data = payload.data ?? [];
+                const usage = payload.usage ?? {};
+                if (data.length === 0) {
+                    throw (0, policy_1.typedError)("no_video_output", "Video generation completed but no video URL was returned.");
+                }
+                const videoData = data[0];
+                const output = {
+                    ok: true,
+                    summary: "Generated 1 video.",
+                    model: generated.route.upstreamModel,
+                    url: videoData.url,
+                    ...(videoData.revised_prompt ? { revised_prompt: videoData.revised_prompt } : {}),
+                    ...(usage.video_count ? { video_count: usage.video_count } : {}),
+                    ...(usage.duration ? { duration: usage.duration } : {}),
+                    ...(usage.resolution ? { resolution: usage.resolution } : {}),
+                };
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: JSON.stringify(output),
+                        },
+                    ],
+                    structuredContent: output,
+                };
+            }
+            catch (error) {
+                const typed = error;
+                const type = typed.type ?? "upstream_error";
+                const message = type === "no_video_model"
+                    ? "No video generation model available. Add or enable a provider model."
+                    : typed.message || "Video generation failed";
+                const output = {
+                    ok: false,
+                    error: {
+                        type,
+                        message,
+                    },
+                };
+                return {
+                    isError: true,
+                    content: [
+                        {
+                            type: "text",
+                            text: JSON.stringify(output),
+                        },
+                    ],
+                    structuredContent: output,
+                };
+            }
+            finally {
+                clearTimeout(timeout);
+            }
+        });
+        return server;
+    };
+    const close = async () => {
+        const entries = Array.from(sessions.values());
+        sessions.clear();
+        await Promise.allSettled(entries.map(async (entry) => {
+            await entry.transport.close();
+            await entry.server.close();
+        }));
+    };
+    const handleRequest = async (req, res, parsedBody) => {
+        const sessionIdHeader = req.headers["mcp-session-id"];
+        const sessionId = typeof sessionIdHeader === "string"
+            ? sessionIdHeader
+            : Array.isArray(sessionIdHeader)
+                ? sessionIdHeader[0]
+                : undefined;
+        let entry;
+        if (sessionId) {
+            entry = sessions.get(sessionId);
+        }
+        if (!entry) {
+            if (sessionId || !(0, types_js_1.isInitializeRequest)(parsedBody)) {
+                if (!res.headersSent) {
+                    res.writeHead(400, { "Content-Type": "application/json" });
+                    res.end(JSON.stringify({
+                        jsonrpc: "2.0",
+                        error: {
+                            code: -32000,
+                            message: "Bad Request: No valid MCP session ID provided",
+                        },
+                        id: null,
+                    }));
+                }
+                return;
+            }
+            const server = createServer();
+            const transport = new streamableHttp_js_1.StreamableHTTPServerTransport({
+                sessionIdGenerator: () => (0, crypto_1.randomUUID)(),
+                enableJsonResponse: true,
+                onsessioninitialized: (newSessionId) => {
+                    sessions.set(newSessionId, { server, transport });
+                },
+                onsessionclosed: (closedSessionId) => {
+                    sessions.delete(closedSessionId);
+                },
+            });
+            transport.onclose = () => {
+                const sid = transport.sessionId;
+                if (sid) {
+                    sessions.delete(sid);
+                }
+            };
+            await server.connect(transport);
+            entry = { server, transport };
+        }
+        await entry.transport.handleRequest(req, res, parsedBody);
+    };
+    return {
+        handleRequest,
+        close,
+    };
+}
+async function materializeImagesToFiles(images, created, options) {
+    const output = [];
+    for (const image of images) {
+        const payload = decodeImagePayload(image);
+        if (!payload) {
+            throw (0, policy_1.typedError)("invalid_request", `Image ${image.index} has no decodable bytes for file output.`);
+        }
+        const extension = extensionForMime(payload.mimeType);
+        const resolvedPath = resolveOutputPath(image.index, created, extension, options);
+        await fs_1.promises.mkdir(path_1.default.dirname(resolvedPath), { recursive: true });
+        await fs_1.promises.writeFile(resolvedPath, payload.buffer);
+        const entry = {
+            index: image.index,
+            file_path: toRelativeFilePath(options.outputBaseRoot, resolvedPath),
+            mime_type: payload.mimeType,
+            bytes: payload.buffer.length,
+        };
+        if (image.revised_prompt) {
+            entry.revised_prompt = image.revised_prompt;
+        }
+        if (options.includeData) {
+            if (image.url)
+                entry.url = image.url;
+            if (image.b64_json)
+                entry.b64_json = image.b64_json;
+        }
+        output.push(entry);
+    }
+    return output;
+}
+function decodeImagePayload(image) {
+    if (image.b64_json) {
+        const mimeType = extractMimeFromDataUrl(image.url) ?? "image/png";
+        return { buffer: Buffer.from(image.b64_json, "base64"), mimeType };
+    }
+    if (image.url?.startsWith("data:")) {
+        const match = image.url.match(/^data:([^;]+);base64,(.+)$/i);
+        if (!match) {
+            return null;
+        }
+        return { buffer: Buffer.from(match[2], "base64"), mimeType: match[1] };
+    }
+    return null;
+}
+function extractMimeFromDataUrl(url) {
+    if (!url?.startsWith("data:")) {
+        return null;
+    }
+    const match = url.match(/^data:([^;]+);base64,/i);
+    return match ? match[1] : null;
+}
+function extensionForMime(mimeType) {
+    switch (mimeType.toLowerCase()) {
+        case "image/jpeg":
+            return "jpg";
+        case "image/webp":
+            return "webp";
+        case "image/gif":
+            return "gif";
+        default:
+            return "png";
+    }
+}
+function resolveOutputPath(index, created, extension, options) {
+    return path_1.default.join(options.outputDir, `image-${created}-${index}.${extension}`);
+}
+function toRelativeFilePath(outputBaseRoot, resolvedPath) {
+    const relative = path_1.default.relative(outputBaseRoot, resolvedPath);
+    if (!relative || relative === "") {
+        return ".";
+    }
+    return relative.split(path_1.default.sep).join("/");
+}
+async function resolveOptionalImageInputToUrl(input) {
+    if (input.image_path) {
+        return (0, imageUnderstanding_1.imageDataUrlFromPath)(input.image_path);
+    }
+    if (!input.image_url) {
+        return undefined;
+    }
+    if (input.image_url.startsWith("data:image/") ||
+        input.image_url.startsWith("http://") ||
+        input.image_url.startsWith("https://")) {
+        return input.image_url;
+    }
+    throw (0, policy_1.typedError)("invalid_request", "image_url must be an http(s) URL or data:image/* URL.");
+}
+function buildGenerateImageSummary(count) {
+    return count === 1 ? "Generated 1 image file." : `Generated ${count} image files.`;
+}
+function buildGenerateImageTextPayload(output) {
+    return {
+        ok: output.ok,
+        summary: output.summary,
+        ...(output.file_path ? { file_path: output.file_path } : {}),
+        ...(output.file_paths ? { file_paths: output.file_paths } : {}),
+        model: output.model,
+    };
+}

package/dist/src/middleware/auth.js

@@ -0,0 +1,179 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadAuthConfig = loadAuthConfig;
+exports.updateAuthConfig = updateAuthConfig;
+exports.getAuthConfig = getAuthConfig;
+exports.authGuard = authGuard;
+exports.apiKeyGuard = apiKeyGuard;
+exports.registerAuthHooks = registerAuthHooks;
+exports.requireAuth = requireAuth;
+exports.requireRole = requireRole;
+const files_1 = require("../storage/files");
+let authConfig = {
+    enabled: false,
+};
+/**
+ * Load auth configuration from the main config file.
+ */
+async function loadAuthConfig(paths) {
+    try {
+        const config = await (0, files_1.loadConfig)(paths);
+        return {
+            enabled: config.authEnabled ?? false,
+        };
+    }
+    catch {
+        return { enabled: false };
+    }
+}
+/**
+ * Update auth config (e.g., after config hot-reload).
+ */
+function updateAuthConfig(config) {
+    authConfig = config;
+}
+/**
+ * Get current auth config.
+ */
+function getAuthConfig() {
+    return authConfig;
+}
+/**
+ * Auth guard for protected routes.
+ *
+ * When auth is disabled: passes through all requests.
+ * When auth is enabled: checks for valid authentication.
+ */
+function authGuard(req, reply, done) {
+    // Auth disabled - pass through
+    if (!authConfig.enabled) {
+        done();
+        return;
+    }
+    // ─────────────────────────────────────────────────────────────────────────
+    // Auth enabled - implement your auth logic here
+    // ─────────────────────────────────────────────────────────────────────────
+    // Example: Check for Authorization header
+    const authHeader = req.headers.authorization;
+    if (!authHeader) {
+        reply.status(401).send({
+            error: {
+                message: "Authentication required",
+                type: "auth_error",
+                code: "missing_auth",
+            },
+        });
+        return;
+    }
+    // Placeholder validation - replace with real auth logic
+    // For now, any Bearer token is accepted
+    if (authHeader.startsWith("Bearer ")) {
+        const token = authHeader.slice(7);
+        // TODO: Validate token (JWT decode, database lookup, etc.)
+        // For now, we just set a placeholder user
+        req.user = {
+            id: "placeholder",
+            email: undefined,
+            roles: ["user"],
+        };
+        done();
+        return;
+    }
+    reply.status(401).send({
+        error: {
+            message: "Invalid authentication",
+            type: "auth_error",
+            code: "invalid_auth",
+        },
+    });
+}
+/**
+ * Optional: API key auth guard for simpler use cases.
+ */
+function apiKeyGuard(validKeys) {
+    return (req, reply, done) => {
+        if (!authConfig.enabled) {
+            done();
+            return;
+        }
+        const authHeader = req.headers.authorization;
+        const apiKey = req.headers["x-api-key"];
+        // Check X-API-Key header
+        if (apiKey && validKeys.has(apiKey)) {
+            req.user = { id: "api-key-user", roles: ["api"] };
+            done();
+            return;
+        }
+        // Check Bearer token as API key
+        if (authHeader?.startsWith("Bearer ")) {
+            const key = authHeader.slice(7);
+            if (validKeys.has(key)) {
+                req.user = { id: "api-key-user", roles: ["api"] };
+                done();
+                return;
+            }
+        }
+        reply.status(401).send({
+            error: {
+                message: "Invalid API key",
+                type: "auth_error",
+                code: "invalid_api_key",
+            },
+        });
+    };
+}
+/**
+ * Register auth hooks on protected route prefixes.
+ *
+ * Usage:
+ *   await registerAuthHooks(app, paths, ["/admin", "/ui"]);
+ */
+async function registerAuthHooks(app, paths, protectedPrefixes = ["/admin", "/ui"]) {
+    // Load initial config
+    authConfig = await loadAuthConfig(paths);
+    app.log.info({ authEnabled: authConfig.enabled, protectedPrefixes }, "Auth middleware initialized");
+    // Add hook for protected routes
+    app.addHook("onRequest", (req, reply, done) => {
+        const isProtected = protectedPrefixes.some((prefix) => req.url.startsWith(prefix));
+        if (isProtected) {
+            authGuard(req, reply, done);
+        }
+        else {
+            done();
+        }
+    });
+}
+/**
+ * Middleware factory for route-level auth.
+ *
+ * Usage in route handlers:
+ *   app.get("/admin/something", { preHandler: [requireAuth()] }, handler);
+ */
+function requireAuth() {
+    return (req, reply, done) => {
+        authGuard(req, reply, done);
+    };
+}
+/**
+ * Check if a user has a specific role.
+ */
+function requireRole(role) {
+    return (req, reply, done) => {
+        // First check auth
+        if (authConfig.enabled) {
+            if (!req.user) {
+                reply.status(401).send({
+                    error: { message: "Authentication required", type: "auth_error" },
+                });
+                return;
+            }
+            if (!req.user.roles?.includes(role)) {
+                reply.status(403).send({
+                    error: { message: "Insufficient permissions", type: "auth_error" },
+                });
+                return;
+            }
+        }
+        done();
+    };
+}