UNPKG

convex

Version:

Client for the Convex Cloud

convex.dev

get-convex/convex-js

160 lines (141 loc) 5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
import { BigBrainAuth, Context, ErrorType } from "../../../bundler/context.js"; import { Filesystem, nodeFs } from "../../../bundler/fs.js"; import { Ora } from "ora"; import { DeploymentSelectionWithinProject, deploymentSelectionWithinProjectSchema, DeploymentSelectionOptions, } from "../api.js"; import { z } from "zod"; export interface McpOptions extends DeploymentSelectionOptions { projectDir?: string; disableTools?: string; dangerouslyEnableProductionDeployments?: boolean; cautiouslyAllowProductionPii?: boolean; } export class RequestContext implements Context { fs: Filesystem; deprecationMessagePrinted = false; spinner: Ora | undefined; _cleanupFns: Record<string, (exitCode: number, err?: any) => Promise<void>> = {}; _bigBrainAuth: BigBrainAuth | null = null; constructor(public options: McpOptions) { this.fs = nodeFs; this.deprecationMessagePrinted = false; } async crash(args: { exitCode: number; errorType?: ErrorType; errForSentry?: any; printedMessage: string | null; }): Promise<never> { const cleanupFns = this._cleanupFns; this._cleanupFns = {}; for (const fn of Object.values(cleanupFns)) { await fn(args.exitCode, args.errForSentry); } // eslint-disable-next-line no-restricted-syntax throw new RequestCrash(args.exitCode, args.errorType, args.printedMessage); } flushAndExit() { // eslint-disable-next-line no-restricted-syntax throw new Error("Not implemented"); } registerCleanup(fn: (exitCode: number, err?: any) => Promise<void>): string { const handle = crypto.randomUUID(); this._cleanupFns[handle] = fn; return handle; } removeCleanup(handle: string) { const value = this._cleanupFns[handle]; delete this._cleanupFns[handle]; return value ?? null; } bigBrainAuth(): BigBrainAuth | null { return this._bigBrainAuth; } _updateBigBrainAuth(auth: BigBrainAuth | null): void { this._bigBrainAuth = auth; } async decodeDeploymentSelector(encoded: string) { const { projectDir, deployment } = decodeDeploymentSelector(encoded); if ( deployment.kind === "prod" && !this.options.dangerouslyEnableProductionDeployments ) { return await this.crash({ exitCode: 1, errorType: "fatal", printedMessage: "This tool cannot be used with production deployments. Use a read-only tool like `insights` instead, or enable production access with --dangerously-enable-production-deployments.", }); } return { projectDir, deployment }; } /** Decode a deployment selector without checking the production guard. Use for read-only tools that don't expose PII (e.g. insights). */ decodeDeploymentSelectorUnchecked(encoded: string) { return decodeDeploymentSelector(encoded); } /** Decode a deployment selector for read-only tools that may expose PII (e.g. data, logs, queries). Requires --cautiously-allow-production-pii. */ async decodeDeploymentSelectorReadOnly(encoded: string) { const { projectDir, deployment } = decodeDeploymentSelector(encoded); if ( deployment.kind === "prod" && !this.options.dangerouslyEnableProductionDeployments && !this.options.cautiouslyAllowProductionPii ) { return await this.crash({ exitCode: 1, errorType: "fatal", printedMessage: "This read-only tool may expose PII from production. Enable with --cautiously-allow-production-pii, or use --dangerously-enable-production-deployments for full access.", }); } return { projectDir, deployment }; } get productionDeploymentsDisabled() { return !this.options.dangerouslyEnableProductionDeployments; } get productionPiiAllowed() { return ( this.options.dangerouslyEnableProductionDeployments || this.options.cautiouslyAllowProductionPii ); } } export class RequestCrash { printedMessage: string; constructor( private exitCode: number, private errorType: ErrorType | undefined, printedMessage: string | null, ) { this.printedMessage = printedMessage ?? "Unknown error"; } toString(): string { return this.printedMessage; } } // Unfortunately, MCP clients don't seem to handle nested JSON objects very // well (even though this is within spec). To work around this, encode the // deployment selectors as an obfuscated string that the MCP client can // opaquely pass around. export function encodeDeploymentSelector( projectDir: string, deployment: DeploymentSelectionWithinProject, ) { const payload = { projectDir, deployment, }; return `${deployment.kind}:${btoa(JSON.stringify(payload))}`; } const payloadSchema = z.object({ projectDir: z.string(), deployment: deploymentSelectionWithinProjectSchema, }); function decodeDeploymentSelector(encoded: string) { const [_, serializedPayload] = encoded.split(":"); return payloadSchema.parse(JSON.parse(atob(serializedPayload))); }