/** * Copyright 2026 Xavier Portilla Edo * Copyright 2026 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ import type { APIGatewayProxyEvent, APIGatewayProxyResult, APIGatewayProxyEventV2, APIGatewayProxyResultV2, Context as LambdaContext, StreamifyHandler } from "aws-lambda"; import { type Flow, type z, type ActionContext } from "genkit"; import { type ContextProvider, type RequestData } from "genkit/context"; export type { ContextProvider, RequestData, ActionContext }; /** * Type helpers to extract input/output types from Flow */ type FlowInput = F extends Flow ? z.infer : never; type FlowOutput = F extends Flow ? z.infer : never; type FlowStream = F extends Flow ? z.infer : never; /** * CORS configuration options */ export interface CorsOptions { /** * Allowed origins for CORS requests. * Can be a string, array of strings, or '*' for all origins. * @default '*' */ origin?: string | string[]; /** * Allowed HTTP methods. * @default ['POST', 'OPTIONS'] */ methods?: string[]; /** * Allowed headers in requests. * @default ['Content-Type', 'Authorization'] */ allowedHeaders?: string[]; /** * Headers exposed to the client. */ exposedHeaders?: string[]; /** * Whether to allow credentials. * @default false */ credentials?: boolean; /** * Max age for preflight cache (in seconds). * @default 86400 (24 hours) */ maxAge?: number; } /** * Extended action context that includes Lambda-specific information */ export interface LambdaActionContext extends ActionContext { /** Lambda-specific context data */ lambda?: { event: { requestContext: Record; headers: Record; queryStringParameters: Record | null; pathParameters: Record | null; }; context: { functionName: string; functionVersion: string; invokedFunctionArn: string; memoryLimitInMB: string; awsRequestId: string; }; }; } /** * Options for configuring the Lambda handler */ export interface LambdaOptions { /** * CORS configuration. Set to false to disable CORS headers. * @default { origin: '*', methods: ['POST', 'OPTIONS'] } */ cors?: CorsOptions | boolean; /** * Context provider that parses request data and returns context for the flow. * This follows the same pattern as express, next.js, and other Genkit integrations. * * The context provider receives a RequestData object containing: * - method: HTTP method ('GET', 'POST', etc.) * - headers: Lowercase headers from the request * - input: Parsed request body * * Return an ActionContext object that will be available via getContext() in the flow. * Throw UserFacingError for authentication/authorization failures. * * @example * ```typescript * import { UserFacingError } from 'genkit'; * * const authProvider: ContextProvider = async (req) => { * const token = req.headers['authorization']; * if (!token) { * throw new UserFacingError('UNAUTHENTICATED', 'Missing auth token'); * } * const user = await verifyToken(token); * return { auth: { user } }; * }; * * export const handler = onCallGenkit( * { contextProvider: authProvider }, * myFlow * ); * ``` */ contextProvider?: ContextProvider; /** * Custom error handler for transforming errors before response. */ onError?: (error: Error) => { statusCode: number; message: string; } | Promise<{ statusCode: number; message: string; }>; /** * Whether to log incoming events (for debugging). * @default false */ debug?: boolean; /** * Whether to return a streaming Lambda handler instead of a standard one. * When true, `onCallGenkit` returns a `StreamifyHandler` that uses * `awslambda.streamifyResponse` for real incremental streaming via * Lambda Function URLs with `InvokeMode: RESPONSE_STREAM`. * * The streaming handler is compatible with `streamFlow` from `genkit/beta/client`. * For clients sending `Accept: text/event-stream`, it writes SSE chunks * incrementally. Otherwise it falls back to a buffered JSON response. * * @default false * * @example * ```typescript * export const handler = onCallGenkit( * { streaming: true }, * myStreamingFlow * ); * ``` */ streaming?: boolean; } /** * Response wrapper for successful flow execution (callable protocol). * Follows the same format as express and other Genkit integrations. */ export interface FlowResponse { result: T; } /** * Response wrapper for failed flow execution (callable protocol). * Shape matches genkit's getCallableJSON output. */ export interface FlowErrorResponse { error: { status: string; message: string; details?: unknown; }; } /** * Union type for flow responses */ export type LambdaFlowResponse = FlowResponse | FlowErrorResponse; /** * Lambda handler function type for API Gateway v1 */ export type LambdaHandler = (event: APIGatewayProxyEvent, context: LambdaContext) => Promise; /** * Lambda handler function type for API Gateway v2 */ export type LambdaHandlerV2 = (event: APIGatewayProxyEventV2, context: LambdaContext) => Promise; /** * Run options for flow execution */ export interface FlowRunOptions { context?: Record; } /** * Callable function type that includes the raw handler and metadata */ export interface CallableLambdaFunction extends LambdaHandler { /** * The underlying Genkit flow */ flow: F; /** * Execute the flow directly (for testing) */ run: (input: FlowInput, options?: FlowRunOptions) => Promise>; /** * Stream the flow directly (for testing) */ stream: (input: FlowInput, options?: FlowRunOptions) => { stream: AsyncIterable>; output: Promise>; }; /** * Flow name */ flowName: string; } /** * Creates a Lambda handler for a Genkit flow. * * This function wraps a Genkit flow to create an AWS Lambda handler that: * - Handles CORS automatically * - Supports ContextProvider for authentication/authorization * - Provides proper error handling * - Returns standardized response format * * @example Basic usage * ```typescript * import { genkit, z } from 'genkit'; * import { onCallGenkit } from 'genkitx-aws-bedrock'; * import { awsBedrock, amazonNovaProV1 } from 'genkitx-aws-bedrock'; * * const ai = genkit({ * plugins: [awsBedrock()], * model: amazonNovaProV1(), * }); * * const myFlow = ai.defineFlow( * { name: 'myFlow', inputSchema: z.string(), outputSchema: z.string() }, * async (input) => { * const { text } = await ai.generate({ prompt: input }); * return text; * } * ); * * export const handler = onCallGenkit(myFlow); * ``` * * @example With ContextProvider for authentication * ```typescript * import { UserFacingError, getContext } from 'genkit'; * import type { ContextProvider } from 'genkit/context'; * * interface AuthContext { * auth: { user: { id: string; name: string } }; * } * * const authProvider: ContextProvider = async (req) => { * const token = req.headers['authorization']; * if (!token) { * throw new UserFacingError('UNAUTHENTICATED', 'Missing auth token'); * } * const user = await verifyToken(token); * return { auth: { user } }; * }; * * // In your flow, access context via getContext() * const myFlow = ai.defineFlow( * { name: 'myFlow', inputSchema: z.string(), outputSchema: z.string() }, * async (input, { context }) => { * const { auth } = context; * console.log('User:', auth.user.name); * // ... * } * ); * * export const handler = onCallGenkit( * { contextProvider: authProvider }, * myFlow * ); * ``` * * @param flow - The Genkit flow to wrap * @returns A Lambda handler function */ export declare function onCallGenkit(flow: F): CallableLambdaFunction; /** * Creates a Lambda handler for a Genkit flow with options. * * @param opts - Configuration options for the Lambda handler * @param flow - The Genkit flow to wrap * @returns A Lambda handler function, or a StreamifyHandler when `streaming: true` */ export declare function onCallGenkit(opts: LambdaOptions> & { streaming: true; }, flow: F): StreamifyHandler; export declare function onCallGenkit(opts: LambdaOptions>, flow: F): CallableLambdaFunction; /** * Context with API key authentication */ export interface ApiKeyContext extends ActionContext { auth: { apiKey: string; }; } /** * Context with bearer token authentication */ export interface BearerTokenContext extends ActionContext { auth: { token: string; }; } /** * Creates a context provider that requires an API key in a specific header. * * @example * ```typescript * // Require API key to match a specific value * export const handler = onCallGenkit( * { contextProvider: requireApiKey('X-API-Key', process.env.API_KEY!) }, * myFlow * ); * * // Or with a custom validation function * export const handler = onCallGenkit( * { * contextProvider: requireApiKey('X-API-Key', async (key) => { * const valid = await validateApiKey(key); * if (!valid) { * throw new UserFacingError('PERMISSION_DENIED', 'Invalid API key'); * } * }) * }, * myFlow * ); * ``` */ export declare function requireApiKey(headerName: string, expectedValueOrValidator: string | ((apiKey: string) => void | Promise)): ContextProvider; /** * Creates a context provider that requires Bearer token authentication. * * @example * ```typescript * // With custom token validation * export const handler = onCallGenkit( * { * contextProvider: requireBearerToken(async (token) => { * const user = await verifyJWT(token); * return { auth: { user } }; * }) * }, * myFlow * ); * ``` */ export declare function requireBearerToken(validateToken: (token: string) => C | Promise): ContextProvider; /** * Creates a context provider that requires a specific header to be present. * * @example * ```typescript * // Require header to exist * export const handler = onCallGenkit( * { contextProvider: requireHeader('X-Request-ID') }, * myFlow * ); * * // Require header to have specific value * export const handler = onCallGenkit( * { contextProvider: requireHeader('X-API-Version', '2.0') }, * myFlow * ); * ``` */ export declare function requireHeader(headerName: string, expectedValue?: string): ContextProvider; /** * Creates a context provider that always allows requests (no authentication). * Useful for public endpoints. * * @example * ```typescript * export const handler = onCallGenkit( * { contextProvider: allowAll() }, * myPublicFlow * ); * ``` */ export declare function allowAll(): ContextProvider; /** * Combines multiple context providers. All providers must succeed. * The returned context is a merge of all provider contexts. * * @example * ```typescript * export const handler = onCallGenkit( * { * contextProvider: allOf( * requireHeader('X-Request-ID'), * requireApiKey('X-API-Key', process.env.API_KEY!) * ) * }, * myFlow * ); * ``` */ export declare function allOf(...providers: ContextProvider[]): ContextProvider; /** * Tries context providers in order, returning the first one that succeeds. * If all providers fail, throws the error from the last provider. * * @example * ```typescript * // Accept either API key or Bearer token * export const handler = onCallGenkit( * { * contextProvider: anyOf( * requireApiKey('X-API-Key', process.env.API_KEY!), * requireBearerToken(async (token) => { * const user = await verifyJWT(token); * return { auth: { user } }; * }) * ) * }, * myFlow * ); * ``` */ export declare function anyOf(...providers: ContextProvider[]): ContextProvider; export default onCallGenkit;