Setting up the endpoints

Preparations

As we’re going to use function calling we’re going to change the target of the generated JSON schemas to draft-7, as LLMs currently support only this version.

src/lib/withZod.ts


404: Not Found

The code above is fetched from GitHub repository.

For the sake of shorter code, we also need to create a reusable constant BASE_FIELDS that is going to be used to omit id, entityType, createdAt and updatedAt fields from the Zod models, but also BASE_KEYS array that contains the keys of these fields to use with lodash.omit. This will help us to build proper create/update Zod models and omit these fields from entity objects when we need to create input objects.

src/constants.ts


import type { BaseEntity } from './types';
 
export const BASE_FIELDS = {
  id: true,
  entityType: true,
  createdAt: true,
  updatedAt: true,
} as const satisfies { readonly [key in keyof BaseEntity]: true };
 
export const BASE_KEYS = Object.keys(BASE_FIELDS) as (keyof BaseEntity)[];

For example, here’s how the UpdateUserSchema can be created by omitting the base fields from the generated UserSchema:


import { UserSchema } from '@schemas/index';
import { BASE_FIELDS } from '@/constants';
 
const UpdateUserSchema = UserSchema.omit(BASE_FIELDS); // fullName and email fields only

Implementing controllers and services

The controllers are going to declare full CRUD operations for User and Task entities, implemented as follows:

Each method is decorated with @operation decorator that describes the operation, including summary, description, and custom x-tool-successMessage and x-tool-errorMessage properties for MCP responses.
Each method is created with withZod function that implements request validation and schema emission.
Each method uses sessionGuard decorator to protect the endpoints, as described in the authentication article.
The “get all” endpoints use x-tool-disable operation option to exclude them from being used as tools by AI. The tools are going to use search endpoints instead to simulate more realistic scenarios.

The services are going to implement the actual business logic for each controller method, including database operations using Prisma client and embedding generation using OpenAI embeddings.

Database requests are invoked using DatabaseService.prisma where the prisma property is a normal Prisma client instance with extensions .
- Deletion operations return __isDeleted property to help the front-end to reconcile the state properly for soft deletions, see State page. The property is added by the Prisma client extension when DatabaseService.prisma.xxx.delete methods are invoked.
- In order to trigger database events (see Polling page) on task deletions, tasks are deleted explicitly, even though we have ON DELETE CASCADE set up in the database schema. This is required if the app also uses Polling for updates made by other users or external systems, such as MCP server or Telegram bot.
Creations and updates are followed by EmbeddingService.generateEntityEmbedding calls and the search endpoints use EmbeddingService.vectorSearch function to perform vector search using OpenAI embeddings and pgvector.

UserController.ts

src/modules/user/UserController.ts


import { procedure, prefix, get, put, post, del, operation } from "vovk";
import { z } from "zod";
import { TaskSchema, UserSchema } from "@schemas/index";
import { sessionGuard } from "@/decorators/sessionGuard";
import { BASE_FIELDS } from "@/constants";
import UserService from "./UserService";
 
@prefix("users")
export default class UserController {
  @operation({
    summary: "Get all users",
    description: "Retrieves a list of all users.",
    "x-tool-disable": true, // Make it to be used as an procedure only, excluding from the list of available tools
  })
  @get()
  @sessionGuard()
  static getUsers = procedure({
    output: UserSchema.array(),
    handle: UserService.getUsers,
  });
 
  @operation({
    summary: "Find users by ID, full name, or email",
    description:
      "Retrieves users that match the provided ID, full name, or email. Used to search the users when they need to be updated or deleted.",
    "x-tool-successMessage": "Users found successfully",
  })
  @get("search")
  @sessionGuard()
  static findUsers = procedure({
    query: z.object({
      search: z.string().meta({
        description: "Search term for users",
        examples: ["john.doe", "Jane"],
      }),
    }),
    output: UserSchema.array(),
    handle: ({ vovk }) => UserService.findUsers(vovk.query().search),
  });
 
  @operation({
    summary: "Create user",
    description: "Creates a new user with the provided details.",
    "x-tool-successMessage": "User created successfully",
  })
  @post()
  @sessionGuard()
  static createUser = procedure({
    body: UserSchema.omit(BASE_FIELDS),
    output: UserSchema,
    handle: async ({ vovk }) => UserService.createUser(await vovk.body()),
  });
 
  @operation({
    summary: "Update user",
    description:
      "Updates an existing user with the provided details, such as their email or name.",
    "x-tool-successMessage": "User updated successfully",
  })
  @put("{id}")
  @sessionGuard()
  static updateUser = procedure({
    body: UserSchema.omit(BASE_FIELDS).partial(),
    params: UserSchema.pick({ id: true }),
    output: UserSchema,
    handle: async ({ vovk }) =>
      UserService.updateUser(vovk.params().id, await vovk.body()),
  });
 
  @operation({
    summary: "Delete user",
    description: "Deletes a user by ID.",
    "x-tool-successMessage": "User deleted successfully",
  })
  @del("{id}")
  @sessionGuard()
  static deleteUser = procedure({
    params: UserSchema.pick({ id: true }),
    output: UserSchema.partial().extend({
      __isDeleted: z.literal(true),
      tasks: TaskSchema.partial()
        .extend({ __isDeleted: z.literal(true) })
        .array(),
    }),
    handle: async ({ vovk }) => UserService.deleteUser(vovk.params().id),
  });
}

The code above is fetched from GitHub repository.

UserService.ts

src/modules/user/UserService.ts


import type { VovkBody, VovkParams } from "vovk";
import type { UserType } from "@schemas/models/User.schema";
import type { TaskType } from "@schemas/models/Task.schema";
import type UserController from "./UserController";
import { EntityType } from "@prisma/client";
import DatabaseService from "../database/DatabaseService";
import EmbeddingService from "../embedding/EmbeddingService";
import TaskService from "../task/TaskService";
 
export default class UserService {
  static getUsers = () => DatabaseService.prisma.user.findMany();
 
  static findUsers = (search: string) =>
    EmbeddingService.vectorSearch<UserType>(EntityType.user, search);
 
  static createUser = async (
    data: VovkBody<typeof UserController.createUser>,
  ) => {
    const user = await DatabaseService.prisma.user.create({
      data: {
        ...data,
        imageUrl: `https://i.pravatar.cc/300?u=${data.email}`,
      },
    });
 
    await EmbeddingService.generateEntityEmbedding(
      user.entityType,
      user.id as UserType["id"],
    );
    return user;
  };
 
  static updateUser = async (
    id: VovkParams<typeof UserController.updateUser>["id"],
    data: VovkBody<typeof UserController.updateUser>,
  ) => {
    const user = await DatabaseService.prisma.user.update({
      where: { id },
      data,
    });
 
    await EmbeddingService.generateEntityEmbedding(user.entityType, id);
 
    return user;
  };
 
  static deleteUser = async (
    id: VovkParams<typeof UserController.updateUser>["id"],
  ) => {
    // Even though we have `ON DELETE CASCADE`, we need to delete tasks explicitly to trigger DB events
    const tasksToDelete = await DatabaseService.prisma.task.findMany({
      where: { userId: id },
      select: { id: true },
    });
 
    // 1) Explicitly delete the user's tasks (fires DB events)
    // 2) Delete the user record
    // 3) Return a single payload that merges task deletion results with the user deletion result,
    //    preserving __isDeleted flags so the UI can reconcile in one update
    return Object.assign(
      {
        tasks: await Promise.all(
          tasksToDelete.map((t) =>
            TaskService.deleteTask(t.id as TaskType["id"]),
          ),
        ),
      },
      await DatabaseService.prisma.user.delete({
        where: { id },
        select: { id: true, entityType: true },
      }),
    );
  };
}

The code above is fetched from GitHub repository.

TaskController.ts

src/modules/task/TaskController.ts


import { procedure, prefix, get, put, post, del, operation } from "vovk";
import { z } from "zod";
import { BASE_FIELDS } from "@/constants";
import { TaskSchema, UserSchema } from "@schemas/index";
import { sessionGuard } from "@/decorators/sessionGuard";
import TaskService from "./TaskService";
 
@prefix("tasks")
export default class TaskController {
  @operation({
    summary: "Get all tasks",
    description: "Retrieves a list of all tasks.",
    "x-tool-disable": true, // Make it to be used as an procedure only, excluding from the list of available tools
  })
  @get()
  @sessionGuard()
  static getTasks = procedure({
    output: TaskSchema.array(),
    handle: TaskService.getTasks,
  });
 
  @operation({
    summary: "Find tasks by ID, title or description",
    description:
      "Retrieves tasks that match the provided ID, title, or description. Used to search the tasks when they need to be updated or deleted.",
    "x-tool-successMessage": "Tasks found successfully",
  })
  @get("search")
  @sessionGuard()
  static findTasks = procedure({
    query: z.object({
      search: z.string().meta({
        description: "Search term for tasks",
        examples: ["bug", "feature"],
      }),
    }),
    output: TaskSchema.array(),
    handle: async ({ vovk }) => TaskService.findTasks(vovk.query().search),
  });
 
  @operation({
    summary: "Get tasks assigned to a specific user",
    description: "Retrieves all tasks associated with a specific user ID.",
    "x-tool-successMessage": "Tasks retrieved successfully",
  })
  @get("by-user/{userId}")
  @sessionGuard()
  static getTasksByUserId = procedure({
    params: z.object({ userId: UserSchema.shape.id }),
    output: TaskSchema.array(),
    handle: async ({ vovk }) =>
      TaskService.getTasksByUserId(vovk.params().userId),
  });
 
  @operation({
    summary: "Create a new task",
    description:
      "Creates a new task with the provided details, such as its title and description.",
    "x-tool-successMessage": "Task created successfully",
  })
  @post()
  @sessionGuard()
  static createTask = procedure({
    body: TaskSchema.omit(BASE_FIELDS),
    output: TaskSchema,
    handle: async ({ vovk }) => TaskService.createTask(await vovk.body()),
  });
 
  @operation({
    summary: "Update task",
    description:
      "Updates an existing task with the provided details, such as its title or description.",
    "x-tool-successMessage": "Task updated successfully",
  })
  @put("{id}")
  @sessionGuard()
  static updateTask = procedure({
    body: TaskSchema.omit(BASE_FIELDS).partial(),
    params: TaskSchema.pick({ id: true }),
    output: TaskSchema,
    handle: async ({ vovk }) =>
      TaskService.updateTask(vovk.params().id, await vovk.body()),
  });
 
  @operation({
    summary: "Delete task",
    description: "Deletes a task by ID.",
    "x-tool-successMessage": "Task deleted successfully",
  })
  @del("{id}")
  @sessionGuard()
  static deleteTask = procedure({
    params: TaskSchema.pick({ id: true }),
    output: TaskSchema.partial().extend({
      __isDeleted: z.literal(true),
    }),
    handle: async ({ vovk }) => TaskService.deleteTask(vovk.params().id),
  });
}

The code above is fetched from GitHub repository.

TaskService.ts

src/modules/task/TaskService.ts


import type { VovkBody, VovkParams } from "vovk";
import type { TaskType } from "@schemas/models/Task.schema";
import type { UserType } from "@schemas/models/User.schema";
import type TaskController from "./TaskController";
import { EntityType } from "@prisma/client";
import DatabaseService from "../database/DatabaseService";
import EmbeddingService from "../embedding/EmbeddingService";
 
export default class TaskService {
  static getTasks = () => DatabaseService.prisma.task.findMany();
 
  static findTasks = (search: string) =>
    EmbeddingService.vectorSearch<TaskType>(EntityType.task, search);
 
  static getTasksByUserId = (userId: UserType["id"]) =>
    DatabaseService.prisma.task.findMany({
      where: { userId },
    });
 
  static createTask = async (
    data: VovkBody<typeof TaskController.createTask>,
  ) => {
    const task = await DatabaseService.prisma.task.create({ data });
 
    await EmbeddingService.generateEntityEmbedding(
      task.entityType,
      task.id as TaskType["id"],
    );
 
    return task;
  };
 
  static updateTask = async (
    id: VovkParams<typeof TaskController.updateTask>["id"],
    data: VovkBody<typeof TaskController.updateTask>,
  ) => {
    const task = await DatabaseService.prisma.task.update({
      where: { id },
      data,
    });
 
    await EmbeddingService.generateEntityEmbedding(task.entityType, id);
 
    return task;
  };
 
  static deleteTask = (
    id: VovkParams<typeof TaskController.deleteTask>["id"],
  ) =>
    DatabaseService.prisma.task.delete({
      where: { id },
      select: { id: true, entityType: true },
    });
}

The code above is fetched from GitHub repository.

EmbeddingService.ts

src/modules/embedding/EmbeddingService.ts


import { embed } from "ai";
import { openai } from "@ai-sdk/openai";
import { capitalize, omit } from "lodash";
import { Prisma } from "@prisma/client";
import { EntityType } from "@schemas/index";
import { UserType } from "@schemas/models/User.schema";
import { TaskType } from "@schemas/models/Task.schema";
import { BASE_KEYS } from "@/constants";
import DatabaseService from "../database/DatabaseService";
 
export default class EmbeddingService {
  static async generateEmbedding(value: string): Promise<number[]> {
    const { embedding } = await embed({
      model: openai.embeddingModel("text-embedding-3-small"),
      value,
    });
 
    return embedding;
  }
 
  static generateEntityEmbedding = async (
    entityType: EntityType,
    entityId: UserType["id"] | TaskType["id"],
  ) => {
    const entity = await DatabaseService.prisma[
      entityType as "user"
    ].findUnique({
      where: { id: entityId },
    });
    const capitalizedEntityType = capitalize(entityType);
    if (!entity) throw new Error(`${capitalizedEntityType} not found`);
 
    const embedding = await this.generateEmbedding(
      Object.values(omit(entity, BASE_KEYS))
        .filter((v) => typeof v === "string")
        .join(" ")
        .trim()
        .toLowerCase(),
    );
 
    await DatabaseService.prisma.$executeRawUnsafe(
      `
    UPDATE "${capitalizedEntityType}" 
    SET embedding = $1::vector
    WHERE id = $2
    `,
      `[${embedding.join(",")}]`,
      entityId,
    );
 
    return embedding;
  };
 
  static async vectorSearch<T>(
    entityType: EntityType,
    query: string,
    limit: number = 10,
    similarityThreshold: number = 0.4,
  ) {
    const queryEmbedding = await this.generateEmbedding(
      query.trim().toLowerCase(),
    );
    const capitalizedEntityType = capitalize(entityType);
 
    // find similar vectors and return entity IDs
    const vectorResults = await DatabaseService.prisma.$queryRaw<
      { id: String; similarity: number }[]
    >`
    SELECT
      id,
      1 - (embedding <=> ${`[${queryEmbedding.join(",")}]`}::vector) as similarity
    FROM ${Prisma.raw(`"${capitalizedEntityType}"`)}
    WHERE embedding IS NOT NULL
      AND 1 - (embedding <=> ${`[${queryEmbedding.join(",")}]`}::vector) > ${similarityThreshold}
    ORDER BY embedding <=> ${`[${queryEmbedding.join(",")}]`}::vector
    LIMIT ${limit}
  `;
 
    return DatabaseService.prisma[entityType as "user"].findMany({
      where: {
        id: {
          in: vectorResults.map((r) => r.id as string),
        },
      },
    }) as Promise<T[]>;
  }
}

The code above is fetched from GitHub repository.