sync

Author: thdxr

app/core/src/workspace/index.ts

@@ -18,6 +18,7 @@ export namespace Workspace {
         workspaceID,
         id: Identifier.create("user"),
         email: account.properties.email,
+        name: "",
       })
     })
     return workspaceID

app/function/package.json

@@ -7,6 +7,7 @@
   "dependencies": {
     "@ai-sdk/anthropic": "1.2.1",
     "@hono/zod-validator": "0.4.3",
+    "@modelcontextprotocol/sdk": "1.9.0",
     "@openauthjs/openauth": "0.0.0-20250322224806",
     "@opencontrol/core": "workspace:*",
     "@rocicorp/zero": "0.17.2025031904",

app/function/src/api.ts

@@ -3,8 +3,8 @@ import { createClient } from "@openauthjs/openauth/client"
 import { Actor } from "@opencontrol/core/actor.js"
 import { Log } from "@opencontrol/core/util/log.js"
 import { Workspace } from "@opencontrol/core/workspace/index.js"
-import { Database, eq } from "@opencontrol/core/drizzle/index.js"
-import { Hono } from "hono"
+import { Database, eq, and } from "@opencontrol/core/drizzle/index.js"
+import { Hono, MiddlewareHandler } from "hono"
 import { handle } from "hono/aws-lambda"
 import { HTTPException } from "hono/http-exception"
 import { Resource } from "sst"
@@ -16,6 +16,13 @@ import { WorkspaceTable } from "@opencontrol/core/workspace/workspace.sql.js"
 import { AwsAccountTable } from "@opencontrol/core/aws.sql.js"
 import { Identifier } from "@opencontrol/core/identifier.js"
 import { Aws } from "@opencontrol/core/aws.js"
+import {
+  ListToolsRequestSchema,
+  CallToolRequestSchema,
+  ListToolsResult,
+  CallToolResult,
+} from "@modelcontextprotocol/sdk/types.js"
+import { UserTable } from "@opencontrol/core/user/user.sql.js"
 
 const model = createAnthropic({
   apiKey: Resource.AnthropicApiKey.value,
@@ -30,30 +37,61 @@ const log = Log.create({
   namespace: "api",
 })
 
-const app = new Hono()
-  .use(async (c, next) => {
-    const authorization = c.req.header("Authorization")
-    if (authorization) {
-      const [type, token] = authorization.split(" ")
-      if (type !== "Bearer") {
-        throw new HTTPException(401, {
-          message: "Invalid authorization header",
-        })
-      }
-      const verified = await client.verify(token)
-      if (verified.err)
-        throw new HTTPException(401, {
-          message: verified.err.message,
-        })
+export const AuthMiddleware: MiddlewareHandler = async (c, next) => {
+  const authorization = c.req.header("authorization")
+  if (!authorization) {
+    return Actor.provide("public", {}, next)
+  }
+  const token = authorization.split(" ")[1]
+  if (!token)
+    throw new HTTPException(403, {
+      message: "Bearer token is required.",
+    })
 
-      return Actor.provide(
-        verified.subject.type as any,
-        verified.subject.properties,
-        next,
+  const verified = await client.verify(token)
+  if (verified.err) {
+    throw new HTTPException(403, {
+      message: "Invalid token.",
+    })
+  }
+  let subject = verified.subject as Actor.Info
+  if (subject.type === "account") {
+    const workspaceID = c.req.header("x-opencontrol-workspace")
+    const email = subject.properties.email
+    if (workspaceID) {
+      const user = await Database.use((tx) =>
+        tx
+          .select({
+            id: UserTable.id,
+            workspaceID: UserTable.workspaceID,
+          })
+          .from(UserTable)
+          .where(
+            and(
+              eq(UserTable.email, email),
+              eq(UserTable.workspaceID, workspaceID),
+            ),
+          )
+          .then((rows) => rows[0]),
       )
+      if (!user)
+        throw new HTTPException(403, {
+          message: "You do not have access to this workspace.",
+        })
+      subject = {
+        type: "user",
+        properties: {
+          userID: user.id,
+          workspaceID: workspaceID,
+        },
+      }
     }
-    return Actor.provide("public", {}, next)
-  })
+  }
+  await Actor.provide(subject.type, subject.properties, next)
+}
+
+const app = new Hono()
+  .use(AuthMiddleware)
   .get("/rest/account", async (c, next) => {
     const account = Actor.assert("account")
     let workspaces = await Workspace.list()
@@ -141,103 +179,132 @@ const app = new Hono()
       })
     },
   )
-  .post("/tools/list", async (c) => {
-    const user = Actor.assert("user")
-    const tools = []
-
-    // Look up aws tool
-    const awsAccount = await Database.use((tx) =>
-      tx
-        .select({})
-        .from(AwsAccountTable)
-        .where(eq(AwsAccountTable.workspaceID, user.properties.workspaceID)),
-    )
-    if (awsAccount) {
-      tools.push({
-        name: "aws",
-        description: `This uses aws sdk v2 in javascript to execute aws commands
-        this is roughly how it works
-        \`\`\`js
-        import aws from "aws-sdk";
-        aws[service][method](params)
-        \`\`\`
-      `,
-        args: z.object({
-          service: z
-            .string()
-            .describe(
-              "name of the aws service in the format aws sdk v2 uses, like S3 or EC2",
-            ),
-          method: z
-            .string()
-            .describe("name of the aws method in the format aws sdk v2 uses"),
-          params: z
-            .string()
-            .describe("params for the aws method in json format"),
-        }),
-      })
-    }
-
-    return c.json({ tools })
-  })
   .post(
-    "/tools/call",
+    "/mcp",
     zValidator(
       "json",
-      z.custom<{
-        name: string
-        service: string
-        method: string
-        params: string
-      }>(),
+      z.discriminatedUnion("method", [
+        ListToolsRequestSchema,
+        CallToolRequestSchema,
+      ]),
     ),
     async (c) => {
       const body = c.req.valid("json")
-      const { name, service, method, params } = body
-
-      if (name === "aws") {
-        const awsAccount = await Database.use((tx) =>
-          tx
-            .select({
-              accountNumber: AwsAccountTable.accountNumber,
-              region: AwsAccountTable.region,
-            })
-            .from(AwsAccountTable)
-            .where(eq(AwsAccountTable.workspaceID, Actor.workspace())),
-        )
-        if (!awsAccount) {
-          throw new Error(
-            "AWS integration not found. Please connect your AWS account first.",
-          )
+      switch (body.method) {
+        case "tools/list": {
+          const result: ListToolsResult = {
+            tools: await Database.use((tx) =>
+              tx
+                .select({})
+                .from(AwsAccountTable)
+                .where(eq(AwsAccountTable.workspaceID, Actor.workspace())),
+            ).then((rows) =>
+              rows.map((item): ListToolsResult["tools"][number] => ({
+                name: "aws",
+                description: `This uses aws sdk v2 in javascript to execute aws commands
+                this is roughly how it works
+                \`\`\`js
+                import aws from "aws-sdk";
+                aws[service][method](params)
+                \`\`\``,
+                inputSchema: {
+                  type: "object",
+                  properties: {
+                    service: {
+                      type: "string",
+                      description:
+                        "name of the aws service in the format aws sdk v2 uses, like S3 or EC2",
+                    },
+                    method: {
+                      type: "string",
+                      description:
+                        "name of the aws method in the format aws sdk v2 uses",
+                    },
+                    params: {
+                      type: "string",
+                      description: "params for the aws method in json format",
+                    },
+                  },
+                },
+              })),
+            ),
+          }
+          return c.json(result)
         }
+        case "tools/call": {
+          try {
+            if (body.params.name === "aws") {
+              const awsAccount = await Database.use((tx) =>
+                tx
+                  .select({
+                    accountNumber: AwsAccountTable.accountNumber,
+                    region: AwsAccountTable.region,
+                  })
+                  .from(AwsAccountTable)
+                  .where(eq(AwsAccountTable.workspaceID, Actor.workspace())),
+              )
+              if (!awsAccount) {
+                throw new Error(
+                  "AWS integration not found. Please connect your AWS account first.",
+                )
+              }
 
-        // Assume role
-        const credentials = await Aws.assumeRole({
-          accountNumber: awsAccount[0].accountNumber,
-          region: awsAccount[0].region,
-        })
+              // Assume role
+              const credentials = await Aws.assumeRole({
+                accountNumber: awsAccount[0].accountNumber,
+                region: awsAccount[0].region,
+              })
 
-        /* @ts-expect-error */
-        const client = aws.default[service]
-        if (!client) {
-          throw new HTTPException(500, {
-            message: `service "${service}" is not found in aws sdk v2`,
-          })
-        }
-        const instance = new client({
-          credentials: {
-            accessKeyId: credentials.AccessKeyId,
-            secretAccessKey: credentials.SecretAccessKey,
-            sessionToken: credentials.SessionToken,
-          },
-        })
-        if (!instance[method]) {
+              const { service, method, params } = body.params.arguments || {}
+
+              /* @ts-expect-error */
+              const client = AWS[service]
+              if (!client) {
+                throw new Error(
+                  `service "${service}" is not found in aws sdk v2`,
+                )
+              }
+              const instance = new client({
+                credentials: {
+                  accessKeyId: credentials.AccessKeyId,
+                  secretAccessKey: credentials.SecretAccessKey,
+                  sessionToken: credentials.SessionToken,
+                },
+              })
+              if (!instance[method]) {
+                throw new Error(
+                  `method "${method}" is not found in on the ${service} service of aws sdk v2`,
+                )
+              }
+              const response = await instance[method](
+                JSON.parse(params as string),
+              ).promise()
+              const result: CallToolResult = {
+                content: [
+                  {
+                    type: "text",
+                    text: JSON.stringify(response),
+                  },
+                ],
+              }
+              return c.json(result)
+            }
+          } catch (error: any) {
+            const result: CallToolResult = {
+              isError: true,
+              content: [
+                {
+                  type: "text",
+                  text: error.toString(),
+                },
+              ],
+            }
+            return c.json(result)
+          }
           throw new HTTPException(500, {
-            message: `method "${method}" is not found in on the ${service} service of aws sdk v2`,
+            message: `tool "${body.params.name}" is not found`,
           })
         }
-        const response = await instance[method](JSON.parse(params)).promise()
-        return c.json(response)
       }
     },
   )

app/function/src/migrator.ts

@@ -0,0 +1,10 @@
+import { Database } from "@opencontrol/core/drizzle/index.js"
+import { migrate } from "drizzle-orm/postgres-js/migrator"
+
+export const handler = async (_event: any) => {
+  await Database.use((db) =>
+    migrate(db, {
+      migrationsFolder: "./migrations",
+    }),
+  )
+}

app/web/src/app.tsx

@@ -17,7 +17,7 @@ export function App(props: { url?: string }) {
       <DialogProvider>
         <DialogString />
         <DialogSelect />
-        <OpenAuthProvider clientID="web" issuer={import.meta.env.VITE_AUTH_URL}>
+        <OpenAuthProvider clientID="web" issuer={import.meta.env.VITE_AUTH_URL || "http://dummy"}>
           <AccountProvider>
             <MetaProvider>
               <Router

app/web/src/components/context-theme.tsx

@@ -2,6 +2,7 @@ import { createStore } from "solid-js/store";
 import { makePersisted } from "@solid-primitives/storage";
 import { createEffect } from "solid-js";
 import { createInitializedContext } from "../util/context";
+import { isServer } from "solid-js/web";
 
 interface Storage {
   mode: "light" | "dark";
@@ -12,8 +13,8 @@ export const { provider: ThemeProvider, use: useTheme } =
     const [store, setStore] = makePersisted(
       createStore<Storage>({
         mode:
-          window.matchMedia &&
-            window.matchMedia("(prefers-color-scheme: dark)").matches
+          (!isServer && window.matchMedia &&
+            window.matchMedia("(prefers-color-scheme: dark)").matches)
             ? "dark"
             : "light",
       }),

app/web/src/entry-client.tsx

@@ -8,5 +8,8 @@ if (import.meta.env.DEV) {
 }
 
 if (!import.meta.env.DEV) {
-  hydrate(() => <App />, document.getElementById('root')!);
+  if (globalThis.$HY)
+    hydrate(() => <App />, document.getElementById('root')!);
+  else
+    render(() => <App />, document.getElementById('root')!);
 }

app/web/src/pages/[workspace]/billing.tsx

@@ -1,4 +1,4 @@
-import Layout from "./components/Layout"
+import Layout from "./components/layout"
 
 export default function Billing() {
   return (