@agent-vm/mcp-portal 0.0.69 → 0.0.71

package/dist/cli/index.d.ts

@@ -0,0 +1,101 @@
+import { F as PortalToolSelector } from "../portal-session-DG2CUjIo.js";
+import { f as PortalHttpAuditEvent, n as PortalApprovalAuditEvent } from "../resolve-agent-identity-FQL02YdW.js";
+import { McpPortalAgentConfig, McpPortalConfig, SecretValue } from "@agent-vm/config-contracts";
+import { SecretResolver, createSecretResolver, resolveServiceAccountToken } from "@agent-vm/secret-management";
+import { serve } from "@hono/node-server";
+
+//#region src/cli/serve-command.d.ts
+type PortalServeFunction = typeof serve;
+type PortalServerLogEvent = {
+  readonly event: 'server_error';
+  readonly level: 'error';
+  readonly message: string;
+  readonly stack?: string;
+} | {
+  readonly agentId: string;
+  readonly clientAddress: string;
+  readonly decision: PortalHttpAuditEvent['decision'];
+  readonly event: 'mcp_proxy_auth';
+  readonly level: 'info' | 'warn';
+  readonly reason?: PortalHttpAuditEvent['reason'];
+  readonly timeMs: number;
+} | {
+  readonly agentId: string;
+  readonly clientAddress: string;
+  readonly event: 'mcp_proxy_auth_audit_error';
+  readonly level: 'warn';
+  readonly message: string;
+  readonly timeMs: number;
+} | {
+  readonly agentId: string;
+  readonly decision: PortalApprovalAuditEvent['decision'];
+  readonly event: 'mcp_portal_approval';
+  readonly level: 'info' | 'warn';
+  readonly reason?: PortalApprovalAuditEvent['reason'];
+  readonly timeMs: number;
+  readonly verifierReason?: string;
+} | {
+  readonly agentId: string;
+  readonly event: 'mcp_portal_approval_audit_error';
+  readonly level: 'warn';
+  readonly message: string;
+  readonly timeMs: number;
+} | {
+  readonly agentScopeId: string;
+  readonly event: 'upstream_close_error';
+  readonly level: 'warn';
+  readonly message: string;
+  readonly namespace?: string;
+};
+interface PortalServerLogger {
+  readonly log: (event: PortalServerLogEvent) => void;
+}
+interface PortalServerCliArgs {
+  readonly agentOverrides: readonly string[];
+  readonly configDir: string;
+  readonly port?: number;
+}
+interface StartPortalServerProps {
+  readonly args: PortalServerCliArgs;
+  readonly env: Readonly<Record<string, string | undefined>>;
+  readonly logger?: PortalServerLogger;
+  readonly resolveSecret?: (secret: SecretValue) => Promise<string>;
+  readonly serveFn?: PortalServeFunction;
+}
+interface CreateServeSecretResolverDependencies {
+  readonly createOnePasswordSecretResolver?: typeof createSecretResolver;
+  readonly resolveServiceAccountToken?: typeof resolveServiceAccountToken;
+}
+declare function createServeSecretResolver(env: Readonly<Record<string, string | undefined>>, dependencies?: CreateServeSecretResolverDependencies): Promise<SecretResolver>;
+interface ProfilePolicyMaps {
+  readonly enabledNamespacesByAgent: Readonly<Record<string, readonly string[]>>;
+  readonly enabledToolsByAgent: Readonly<Record<string, readonly PortalToolSelector[]>>;
+  readonly hiddenToolsByAgent: Readonly<Record<string, readonly PortalToolSelector[]>>;
+}
+declare function parsePortalServerCliArgs(argv: readonly string[]): PortalServerCliArgs;
+declare function applyAgentOverrides(agents: Readonly<Record<string, McpPortalAgentConfig>>, overrides: readonly string[]): Readonly<Record<string, McpPortalAgentConfig>>;
+interface DeferredPort {
+  readonly promise: Promise<number>;
+  readonly reject: (error: Error) => void;
+  readonly resolve: (port: number) => void;
+}
+declare function handlePortalServerError(props: {
+  readonly error: Error;
+  readonly hasListened: boolean;
+  readonly listeningPort: DeferredPort;
+  readonly logger: PortalServerLogger;
+}): void;
+declare function buildProfilePolicyMaps(portalConfig: McpPortalConfig): ProfilePolicyMaps & {
+  readonly cacheTtlMs: number;
+};
+declare function deriveApprovalHmacKeysFromMasterKey(props: {
+  readonly agentIds: readonly string[];
+  readonly masterKey: Buffer;
+}): ReadonlyMap<string, Buffer>;
+declare function startPortalServer(props: StartPortalServerProps): Promise<{
+  readonly close: () => Promise<void>;
+  readonly port: number;
+}>;
+//#endregion
+export { CreateServeSecretResolverDependencies, DeferredPort, PortalServerCliArgs, PortalServerLogEvent, PortalServerLogger, ProfilePolicyMaps, StartPortalServerProps, applyAgentOverrides, buildProfilePolicyMaps, createServeSecretResolver, deriveApprovalHmacKeysFromMasterKey, handlePortalServerError, parsePortalServerCliArgs, startPortalServer };
+//# sourceMappingURL=index.d.ts.map

package/dist/cli/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","names":[],"sources":["../../src/cli/serve-command.ts"],"mappings":";;;;;;;KAuCK,mBAAA,UAA6B,KAAA;AAAA,KAEtB,oBAAA;EAAA,SAEA,KAAA;EAAA,SACA,KAAA;EAAA,SACA,OAAA;EAAA,SACA,KAAA;AAAA;EAAA,SAGA,OAAA;EAAA,SACA,aAAA;EAAA,SACA,QAAA,EAAU,oBAAA;EAAA,SACV,KAAA;EAAA,SACA,KAAA;EAAA,SACA,MAAA,GAAS,oBAAA;EAAA,SACT,MAAA;AAAA;EAAA,SAGA,OAAA;EAAA,SACA,aAAA;EAAA,SACA,KAAA;EAAA,SACA,KAAA;EAAA,SACA,OAAA;EAAA,SACA,MAAA;AAAA;EAAA,SAGA,OAAA;EAAA,SACA,QAAA,EAAU,wBAAA;EAAA,SACV,KAAA;EAAA,SACA,KAAA;EAAA,SACA,MAAA,GAAS,wBAAA;EAAA,SACT,MAAA;EAAA,SACA,cAAA;AAAA;EAAA,SAGA,OAAA;EAAA,SACA,KAAA;EAAA,SACA,KAAA;EAAA,SACA,OAAA;EAAA,SACA,MAAA;AAAA;EAAA,SAGA,YAAA;EAAA,SACA,KAAA;EAAA,SACA,KAAA;EAAA,SACA,OAAA;EAAA,SACA,SAAA;AAAA;AAAA,UAGK,kBAAA;EAAA,SACP,GAAA,GAAM,KAAA,EAAO,oBAAA;AAAA;AAAA,UAGN,mBAAA;EAAA,SACP,cAAA;EAAA,SACA,SAAA;EAAA,SACA,IAAA;AAAA;AAAA,UAGO,sBAAA;EAAA,SACP,IAAA,EAAM,mBAAA;EAAA,SACN,GAAA,EAAK,QAAA,CAAS,MAAA;EAAA,SACd,MAAA,GAAS,kBAAA;EAAA,SACT,aAAA,IAAiB,MAAA,EAAQ,WAAA,KAAgB,OAAA;EAAA,SACzC,OAAA,GAAU,mBAAA;AAAA;AAAA,UAGH,qCAAA;EAAA,SACP,+BAAA,UAAyC,oBAAA;EAAA,SACzC,0BAAA,UAAoC,0BAAA;AAAA;AAAA,iBAgFxB,yBAAA,CACrB,GAAA,EAAK,QAAA,CAAS,MAAA,+BACd,YAAA,GAAc,qCAAA,GACZ,OAAA,CAAQ,cAAA;AAAA,UAkBM,iBAAA;EAAA,SACP,wBAAA,EAA0B,QAAA,CAAS,MAAA;EAAA,SACnC,mBAAA,EAAqB,QAAA,CAAS,MAAA,kBAAwB,kBAAA;EAAA,SACtD,kBAAA,EAAoB,QAAA,CAAS,MAAA,kBAAwB,kBAAA;AAAA;AAAA,iBAc/C,wBAAA,CAAyB,IAAA,sBAA0B,mBAAA;AAAA,iBAuBnD,mBAAA,CACf,MAAA,EAAQ,QAAA,CAAS,MAAA,SAAe,oBAAA,IAChC,SAAA,sBACE,QAAA,CAAS,MAAA,SAAe,oBAAA;AAAA,UAsBV,YAAA;EAAA,SACP,OAAA,EAAS,OAAA;EAAA,SACT,MAAA,GAAS,KAAA,EAAO,KAAA;EAAA,SAChB,OAAA,GAAU,IAAA;AAAA;AAAA,iBAmCJ,uBAAA,CAAwB,KAAA;EAAA,SAC9B,KAAA,EAAO,KAAA;EAAA,SACP,WAAA;EAAA,SACA,aAAA,EAAe,YAAA;EAAA,SACf,MAAA,EAAQ,kBAAA;AAAA;AAAA,iBAiCF,sBAAA,CACf,YAAA,EAAc,eAAA,GACZ,iBAAA;EAAA,SAA+B,UAAA;AAAA;AAAA,iBA+ClB,mCAAA,CAAoC,KAAA;EAAA,SAC1C,QAAA;EAAA,SACA,SAAA,EAAW,MAAA;AAAA,IACjB,WAAA,SAAoB,MAAA;AAAA,iBAoBF,iBAAA,CACrB,KAAA,EAAO,sBAAA,GACL,OAAA;EAAA,SAAmB,KAAA,QAAa,OAAA;EAAA,SAAwB,IAAA;AAAA"}

package/dist/cli/index.js

@@ -0,0 +1,2 @@
+import { a as handlePortalServerError, i as deriveApprovalHmacKeysFromMasterKey, n as buildProfilePolicyMaps, o as parsePortalServerCliArgs, r as createServeSecretResolver, s as startPortalServer, t as applyAgentOverrides } from "../serve-command-D3SlETy_.js";
+export { applyAgentOverrides, buildProfilePolicyMaps, createServeSecretResolver, deriveApprovalHmacKeysFromMasterKey, handlePortalServerError, parsePortalServerCliArgs, startPortalServer };

package/dist/core/index.d.ts

@@ -0,0 +1,40 @@
+import { n as PortalToolRecord, s as JsonObject } from "../catalog-types-BVuB4Ynx.js";
+import { F as PortalToolSelector } from "../portal-session-DG2CUjIo.js";
+import { A as PortalToolSuccess, C as PortalCallUpstreamTool, D as PortalToolResult, E as PortalToolHandlers, M as createPortalToolHandlers, N as portalToolInputSchemas, O as PortalToolResultMap, S as PortalBatchResult, T as PortalToolHandlerCall, _ as createPortalCore, a as PortalCore, b as PortalBatchDiagnostic, c as PortalCoreEvent, d as PortalCoreResult, f as PortalCoreRuntime, g as collectPortalCoreResult, h as PortalCoreToolName, i as PortalAuditEvent, j as PortalUpstreamEvent, k as PortalToolRuntime, l as PortalCoreItemError, m as PortalCoreToolDescriptor, n as PortalAgentScope, o as PortalCoreCollectOptions, p as PortalCoreStreamCall, r as PortalApprovalEvaluator, s as PortalCoreContentBlock, t as CreatePortalCoreProps, u as PortalCoreItemResult, v as listPortalCoreToolDescriptors, w as PortalToolFailure, x as PortalBatchError, y as PortalApprovalCall } from "../portal-core-CZQI7Ob6.js";
+import { S as createUpstreamMcpClientRuntime, r as redactCredentialText, u as NormalizedUpstreamMcpServer } from "../upstream-response-middleware-1MZnAD9C.js";
+import { McpConfig, SecretValue } from "@agent-vm/config-contracts";
+
+//#region src/core/provider-runtime.d.ts
+interface ResolveUpstreamServersProps {
+  readonly config: McpConfig;
+  readonly resolveSecret: (secret: SecretValue) => Promise<string>;
+}
+declare function resolveUpstreamServers(props: ResolveUpstreamServersProps): Promise<readonly NormalizedUpstreamMcpServer[]>;
+//#endregion
+//#region src/core/portal-call-validation.d.ts
+declare function validatePortalToolArguments(tool: PortalToolRecord, argumentsValue: JsonObject): {
+  readonly ok: true;
+  readonly value: unknown;
+} | {
+  readonly error: {
+    readonly issues: readonly {
+      readonly code: string;
+      readonly message: string;
+      readonly path: readonly (number | string)[];
+    }[];
+    readonly kind: 'input_validation';
+    readonly namespace: string;
+    readonly toolName: string;
+  } | {
+    readonly feature: string;
+    readonly kind: 'schema_validation_unavailable';
+    readonly message: string;
+    readonly namespace: string;
+    readonly path: readonly (number | string)[];
+    readonly toolName: string;
+  };
+  readonly ok: false;
+};
+//#endregion
+export { CreatePortalCoreProps, PortalAgentScope, PortalApprovalCall, PortalApprovalEvaluator, PortalAuditEvent, PortalBatchDiagnostic, PortalBatchError, PortalBatchResult, PortalCallUpstreamTool, PortalCore, PortalCoreCollectOptions, PortalCoreContentBlock, PortalCoreEvent, PortalCoreItemError, PortalCoreItemResult, PortalCoreResult, PortalCoreRuntime, PortalCoreStreamCall, PortalCoreToolDescriptor, PortalCoreToolName, PortalToolFailure, PortalToolHandlerCall, PortalToolHandlers, PortalToolResult, PortalToolResultMap, PortalToolRuntime, type PortalToolSelector, PortalToolSuccess, PortalUpstreamEvent, ResolveUpstreamServersProps, collectPortalCoreResult, createPortalCore, createPortalToolHandlers, createUpstreamMcpClientRuntime, listPortalCoreToolDescriptors, portalToolInputSchemas, redactCredentialText, resolveUpstreamServers, validatePortalToolArguments };
+//# sourceMappingURL=index.d.ts.map

package/dist/core/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","names":[],"sources":["../../src/core/provider-runtime.ts","../../src/core/portal-call-validation.ts"],"mappings":";;;;;;;UASiB,2BAAA;EAAA,SACP,MAAA,EAAQ,SAAA;EAAA,SACR,aAAA,GAAgB,MAAA,EAAQ,WAAA,KAAgB,OAAA;AAAA;AAAA,iBAsC5B,sBAAA,CACrB,KAAA,EAAO,2BAAA,GACL,OAAA,UAAiB,2BAAA;;;iBC/CJ,2BAAA,CACf,IAAA,EAAM,gBAAA,EACN,cAAA,EAAgB,UAAA;EAAA,SAEH,EAAA;EAAA,SAAmB,KAAA;AAAA;EAAA,SAErB,KAAA;IAAA,SAEG,MAAA;MAAA,SACC,IAAA;MAAA,SACA,OAAA;MAAA,SACA,IAAA;IAAA;IAAA,SAED,IAAA;IAAA,SACA,SAAA;IAAA,SACA,QAAA;EAAA;IAAA,SAGA,OAAA;IAAA,SACA,IAAA;IAAA,SACA,OAAA;IAAA,SACA,SAAA;IAAA,SACA,IAAA;IAAA,SACA,QAAA;EAAA;EAAA,SAEH,EAAA;AAAA"}

package/dist/core/index.js

@@ -0,0 +1,5 @@
+import { n as redactCredentialText } from "../upstream-response-middleware-BjUWZ2G8.js";
+import { t as createUpstreamMcpClientRuntime } from "../upstream-mcp-client-runtime-JlsfTm7_.js";
+import { i as resolveUpstreamServers, n as createPortalCore, r as listPortalCoreToolDescriptors, t as collectPortalCoreResult } from "../portal-core-Cgu714CL.js";
+import { n as portalToolInputSchemas, r as validatePortalToolArguments, t as createPortalToolHandlers } from "../portal-tools-DKci1szO.js";
+export { collectPortalCoreResult, createPortalCore, createPortalToolHandlers, createUpstreamMcpClientRuntime, listPortalCoreToolDescriptors, portalToolInputSchemas, redactCredentialText, resolveUpstreamServers, validatePortalToolArguments };

package/dist/hmac-env-B4shpRRB.js

@@ -0,0 +1,20 @@
+//#region src/portal-auth/hmac-env.ts
+const portalHmacKeyEnvPrefix = "PORTAL_HMAC_KEY__";
+const portalHmacKeyHexLength = 64;
+function portalHmacKeyEnvName(agentId) {
+	return `${portalHmacKeyEnvPrefix}${agentId}`;
+}
+function parseHmacKeysFromEnv(env) {
+	const keysByAgent = /* @__PURE__ */ new Map();
+	for (const [name, value] of Object.entries(env)) {
+		if (!name.startsWith(portalHmacKeyEnvPrefix) || value === void 0) continue;
+		const agentId = name.slice(17);
+		if (!/^[0-9a-f]+$/u.test(value) || value.length !== portalHmacKeyHexLength) throw new Error(`Malformed HMAC key in env var "${name}".`);
+		keysByAgent.set(agentId, Buffer.from(value, "hex"));
+	}
+	return keysByAgent;
+}
+//#endregion
+export { portalHmacKeyEnvName as n, parseHmacKeysFromEnv as t };
+
+//# sourceMappingURL=hmac-env-B4shpRRB.js.map

package/dist/hmac-env-B4shpRRB.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hmac-env-B4shpRRB.js","names":[],"sources":["../src/portal-auth/hmac-env.ts"],"sourcesContent":["const portalHmacKeyEnvPrefix = 'PORTAL_HMAC_KEY__';\nconst portalHmacKeyHexLength = 64;\n\nexport function portalHmacKeyEnvName(agentId: string): string {\n\treturn `${portalHmacKeyEnvPrefix}${agentId}`;\n}\n\nexport function parseHmacKeysFromEnv(\n\tenv: Readonly<Record<string, string | undefined>>,\n): ReadonlyMap<string, Buffer> {\n\tconst keysByAgent = new Map<string, Buffer>();\n\tfor (const [name, value] of Object.entries(env)) {\n\t\tif (!name.startsWith(portalHmacKeyEnvPrefix) || value === undefined) {\n\t\t\tcontinue;\n\t\t}\n\t\tconst agentId = name.slice(portalHmacKeyEnvPrefix.length);\n\t\tif (!/^[0-9a-f]+$/u.test(value) || value.length !== portalHmacKeyHexLength) {\n\t\t\tthrow new Error(`Malformed HMAC key in env var \"${name}\".`);\n\t\t}\n\t\tkeysByAgent.set(agentId, Buffer.from(value, 'hex'));\n\t}\n\treturn keysByAgent;\n}\n"],"mappings":";AAAA,MAAM,yBAAyB;AAC/B,MAAM,yBAAyB;AAE/B,SAAgB,qBAAqB,SAAyB;CAC7D,OAAO,GAAG,yBAAyB;;AAGpC,SAAgB,qBACf,KAC8B;CAC9B,MAAM,8BAAc,IAAI,KAAqB;CAC7C,KAAK,MAAM,CAAC,MAAM,UAAU,OAAO,QAAQ,IAAI,EAAE;EAChD,IAAI,CAAC,KAAK,WAAW,uBAAuB,IAAI,UAAU,KAAA,GACzD;EAED,MAAM,UAAU,KAAK,MAAM,GAA8B;EACzD,IAAI,CAAC,eAAe,KAAK,MAAM,IAAI,MAAM,WAAW,wBACnD,MAAM,IAAI,MAAM,kCAAkC,KAAK,IAAI;EAE5D,YAAY,IAAI,SAAS,OAAO,KAAK,OAAO,MAAM,CAAC;;CAEpD,OAAO"}

package/dist/hmac-token-DBqWY3-w.js

@@ -0,0 +1,100 @@
+import { z } from "zod";
+import { createHash, createHmac, randomUUID, timingSafeEqual } from "node:crypto";
+//#region src/portal-auth/hmac-token.ts
+const approvalTokenCallDigestSchema = z.object({
+	argumentsHash: z.string().min(1),
+	namespace: z.string().min(1),
+	toolName: z.string().min(1)
+}).strict();
+const approvalTokenPayloadSchema = z.object({
+	agentId: z.string().min(1),
+	calls: z.array(approvalTokenCallDigestSchema),
+	exp: z.number().int(),
+	iat: z.number().int(),
+	jti: z.string().min(1)
+}).strict();
+function base64UrlEncode(value) {
+	return (typeof value === "string" ? Buffer.from(value, "utf8") : value).toString("base64url");
+}
+function canonicalize(value) {
+	if (value === null || typeof value !== "object") return JSON.stringify(value ?? null);
+	if (Array.isArray(value)) return `[${value.map(canonicalize).join(",")}]`;
+	return `{${Object.entries(value).filter((entry) => entry[1] !== void 0).toSorted(([leftKey], [rightKey]) => leftKey.localeCompare(rightKey)).map(([key, entryValue]) => `${JSON.stringify(key)}:${canonicalize(entryValue)}`).join(",")}}`;
+}
+function hashCallArguments(args) {
+	return createHash("sha256").update(canonicalize(args)).digest("base64url");
+}
+function signApprovalToken(props) {
+	const payloadEncoded = base64UrlEncode(canonicalize({
+		agentId: props.agentId,
+		calls: [...props.calls],
+		exp: props.expiresAtMs,
+		iat: props.issuedAtMs ?? Date.now(),
+		jti: props.jti ?? randomUUID()
+	}));
+	return `${payloadEncoded}.${createHmac("sha256", props.key).update(payloadEncoded).digest("base64url")}`;
+}
+function parseApprovalTokenPayload(payloadEncoded) {
+	try {
+		return approvalTokenPayloadSchema.parse(JSON.parse(Buffer.from(payloadEncoded, "base64url").toString("utf8")));
+	} catch {
+		return null;
+	}
+}
+function isApprovalTokenParts(parts) {
+	return parts.length === 2;
+}
+function callsMatch(leftCalls, rightCalls) {
+	if (leftCalls.length !== rightCalls.length) return false;
+	return leftCalls.every((leftCall, index) => {
+		const rightCall = rightCalls[index];
+		return rightCall !== void 0 && leftCall.argumentsHash === rightCall.argumentsHash && leftCall.namespace === rightCall.namespace && leftCall.toolName === rightCall.toolName;
+	});
+}
+function verifyApprovalToken(props) {
+	const parts = props.token.split(".");
+	if (!isApprovalTokenParts(parts)) return {
+		ok: false,
+		reason: "malformed"
+	};
+	const [payloadEncoded, signatureEncoded] = parts;
+	const expectedSignature = createHmac("sha256", props.key).update(payloadEncoded).digest();
+	const providedSignature = Buffer.from(signatureEncoded, "base64url");
+	if (providedSignature.length !== expectedSignature.length || !timingSafeEqual(providedSignature, expectedSignature)) return {
+		ok: false,
+		reason: "signature-mismatch"
+	};
+	const payload = parseApprovalTokenPayload(payloadEncoded);
+	if (payload === null) return {
+		ok: false,
+		reason: "malformed"
+	};
+	if (payload.exp <= props.nowMs) return {
+		ok: false,
+		reason: "expired"
+	};
+	if (props.maxLifetimeMs !== void 0 && payload.exp - payload.iat > props.maxLifetimeMs) return {
+		ok: false,
+		reason: "ttl-exceeded"
+	};
+	if (payload.agentId !== props.agentId) return {
+		ok: false,
+		reason: "agent-mismatch"
+	};
+	if (!callsMatch(payload.calls, props.calls)) return {
+		ok: false,
+		reason: "call-mismatch"
+	};
+	if (props.consumeTokenId !== void 0) {
+		const consumeResult = props.consumeTokenId(payload.jti, payload.exp);
+		if (!consumeResult.ok) return {
+			ok: false,
+			reason: consumeResult.reason
+		};
+	}
+	return { ok: true };
+}
+//#endregion
+export { signApprovalToken as n, verifyApprovalToken as r, hashCallArguments as t };
+
+//# sourceMappingURL=hmac-token-DBqWY3-w.js.map

package/dist/hmac-token-DBqWY3-w.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hmac-token-DBqWY3-w.js","names":[],"sources":["../src/portal-auth/hmac-token.ts"],"sourcesContent":["import { createHash, createHmac, randomUUID, timingSafeEqual } from 'node:crypto';\n\nimport { z } from 'zod';\n\nexport interface ApprovalTokenCallDigest {\n\treadonly argumentsHash: string;\n\treadonly namespace: string;\n\treadonly toolName: string;\n}\n\nexport interface SignApprovalTokenProps {\n\treadonly agentId: string;\n\treadonly calls: readonly ApprovalTokenCallDigest[];\n\treadonly expiresAtMs: number;\n\treadonly issuedAtMs?: number;\n\treadonly jti?: string;\n\treadonly key: Buffer;\n}\n\nexport interface VerifyApprovalTokenProps {\n\treadonly agentId: string;\n\treadonly calls: readonly ApprovalTokenCallDigest[];\n\treadonly key: Buffer;\n\treadonly consumeTokenId?: (\n\t\tjti: string,\n\t\texpiresAtMs: number,\n\t) =>\n\t\t| { readonly ok: true }\n\t\t| { readonly ok: false; readonly reason: 'replay-cache-full' | 'replayed' };\n\treadonly maxLifetimeMs?: number;\n\treadonly nowMs: number;\n\treadonly token: string;\n}\n\nexport type VerifyApprovalTokenResult =\n\t| { readonly ok: true }\n\t| {\n\t\t\treadonly ok: false;\n\t\t\treadonly reason:\n\t\t\t\t| 'agent-mismatch'\n\t\t\t\t| 'call-mismatch'\n\t\t\t\t| 'expired'\n\t\t\t\t| 'malformed'\n\t\t\t\t| 'replay-cache-full'\n\t\t\t\t| 'replayed'\n\t\t\t\t| 'signature-mismatch'\n\t\t\t\t| 'ttl-exceeded';\n\t  };\n\nconst approvalTokenCallDigestSchema = z\n\t.object({\n\t\targumentsHash: z.string().min(1),\n\t\tnamespace: z.string().min(1),\n\t\ttoolName: z.string().min(1),\n\t})\n\t.strict();\n\nconst approvalTokenPayloadSchema = z\n\t.object({\n\t\tagentId: z.string().min(1),\n\t\tcalls: z.array(approvalTokenCallDigestSchema),\n\t\texp: z.number().int(),\n\t\tiat: z.number().int(),\n\t\tjti: z.string().min(1),\n\t})\n\t.strict();\n\ntype ApprovalTokenPayload = z.infer<typeof approvalTokenPayloadSchema>;\n\nfunction base64UrlEncode(value: Buffer | string): string {\n\tconst buffer = typeof value === 'string' ? Buffer.from(value, 'utf8') : value;\n\treturn buffer.toString('base64url');\n}\n\nfunction canonicalize(value: unknown): string {\n\tif (value === null || typeof value !== 'object') {\n\t\treturn JSON.stringify(value ?? null);\n\t}\n\tif (Array.isArray(value)) {\n\t\treturn `[${value.map(canonicalize).join(',')}]`;\n\t}\n\tconst entries = Object.entries(value)\n\t\t.filter((entry) => entry[1] !== undefined)\n\t\t.toSorted(([leftKey], [rightKey]) => leftKey.localeCompare(rightKey))\n\t\t.map(([key, entryValue]) => `${JSON.stringify(key)}:${canonicalize(entryValue)}`);\n\treturn `{${entries.join(',')}}`;\n}\n\nexport function hashCallArguments(args: unknown): string {\n\treturn createHash('sha256').update(canonicalize(args)).digest('base64url');\n}\n\nexport function signApprovalToken(props: SignApprovalTokenProps): string {\n\tconst payload = {\n\t\tagentId: props.agentId,\n\t\tcalls: [...props.calls],\n\t\texp: props.expiresAtMs,\n\t\tiat: props.issuedAtMs ?? Date.now(),\n\t\tjti: props.jti ?? randomUUID(),\n\t} satisfies ApprovalTokenPayload;\n\tconst payloadEncoded = base64UrlEncode(canonicalize(payload));\n\tconst signature = createHmac('sha256', props.key).update(payloadEncoded).digest('base64url');\n\treturn `${payloadEncoded}.${signature}`;\n}\n\nfunction parseApprovalTokenPayload(payloadEncoded: string): ApprovalTokenPayload | null {\n\ttry {\n\t\treturn approvalTokenPayloadSchema.parse(\n\t\t\tJSON.parse(Buffer.from(payloadEncoded, 'base64url').toString('utf8')),\n\t\t);\n\t} catch {\n\t\treturn null;\n\t}\n}\n\nfunction isApprovalTokenParts(parts: readonly string[]): parts is readonly [string, string] {\n\treturn parts.length === 2;\n}\n\nfunction callsMatch(\n\tleftCalls: readonly ApprovalTokenCallDigest[],\n\trightCalls: readonly ApprovalTokenCallDigest[],\n): boolean {\n\tif (leftCalls.length !== rightCalls.length) {\n\t\treturn false;\n\t}\n\treturn leftCalls.every((leftCall, index) => {\n\t\tconst rightCall = rightCalls[index];\n\t\treturn (\n\t\t\trightCall !== undefined &&\n\t\t\tleftCall.argumentsHash === rightCall.argumentsHash &&\n\t\t\tleftCall.namespace === rightCall.namespace &&\n\t\t\tleftCall.toolName === rightCall.toolName\n\t\t);\n\t});\n}\n\nexport function verifyApprovalToken(props: VerifyApprovalTokenProps): VerifyApprovalTokenResult {\n\tconst parts = props.token.split('.');\n\tif (!isApprovalTokenParts(parts)) {\n\t\treturn { ok: false, reason: 'malformed' };\n\t}\n\tconst [payloadEncoded, signatureEncoded] = parts;\n\tconst expectedSignature = createHmac('sha256', props.key).update(payloadEncoded).digest();\n\tconst providedSignature = Buffer.from(signatureEncoded, 'base64url');\n\tif (\n\t\tprovidedSignature.length !== expectedSignature.length ||\n\t\t!timingSafeEqual(providedSignature, expectedSignature)\n\t) {\n\t\treturn { ok: false, reason: 'signature-mismatch' };\n\t}\n\n\tconst payload = parseApprovalTokenPayload(payloadEncoded);\n\tif (payload === null) {\n\t\treturn { ok: false, reason: 'malformed' };\n\t}\n\tif (payload.exp <= props.nowMs) {\n\t\treturn { ok: false, reason: 'expired' };\n\t}\n\tif (props.maxLifetimeMs !== undefined && payload.exp - payload.iat > props.maxLifetimeMs) {\n\t\treturn { ok: false, reason: 'ttl-exceeded' };\n\t}\n\tif (payload.agentId !== props.agentId) {\n\t\treturn { ok: false, reason: 'agent-mismatch' };\n\t}\n\tif (!callsMatch(payload.calls, props.calls)) {\n\t\treturn { ok: false, reason: 'call-mismatch' };\n\t}\n\tif (props.consumeTokenId !== undefined) {\n\t\tconst consumeResult = props.consumeTokenId(payload.jti, payload.exp);\n\t\tif (!consumeResult.ok) {\n\t\t\treturn { ok: false, reason: consumeResult.reason };\n\t\t}\n\t}\n\treturn { ok: true };\n}\n"],"mappings":";;;AAiDA,MAAM,gCAAgC,EACpC,OAAO;CACP,eAAe,EAAE,QAAQ,CAAC,IAAI,EAAE;CAChC,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC5B,UAAU,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC3B,CAAC,CACD,QAAQ;AAEV,MAAM,6BAA6B,EACjC,OAAO;CACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC1B,OAAO,EAAE,MAAM,8BAA8B;CAC7C,KAAK,EAAE,QAAQ,CAAC,KAAK;CACrB,KAAK,EAAE,QAAQ,CAAC,KAAK;CACrB,KAAK,EAAE,QAAQ,CAAC,IAAI,EAAE;CACtB,CAAC,CACD,QAAQ;AAIV,SAAS,gBAAgB,OAAgC;CAExD,QADe,OAAO,UAAU,WAAW,OAAO,KAAK,OAAO,OAAO,GAAG,OAC1D,SAAS,YAAY;;AAGpC,SAAS,aAAa,OAAwB;CAC7C,IAAI,UAAU,QAAQ,OAAO,UAAU,UACtC,OAAO,KAAK,UAAU,SAAS,KAAK;CAErC,IAAI,MAAM,QAAQ,MAAM,EACvB,OAAO,IAAI,MAAM,IAAI,aAAa,CAAC,KAAK,IAAI,CAAC;CAM9C,OAAO,IAJS,OAAO,QAAQ,MAAM,CACnC,QAAQ,UAAU,MAAM,OAAO,KAAA,EAAU,CACzC,UAAU,CAAC,UAAU,CAAC,cAAc,QAAQ,cAAc,SAAS,CAAC,CACpE,KAAK,CAAC,KAAK,gBAAgB,GAAG,KAAK,UAAU,IAAI,CAAC,GAAG,aAAa,WAAW,GAC7D,CAAC,KAAK,IAAI,CAAC;;AAG9B,SAAgB,kBAAkB,MAAuB;CACxD,OAAO,WAAW,SAAS,CAAC,OAAO,aAAa,KAAK,CAAC,CAAC,OAAO,YAAY;;AAG3E,SAAgB,kBAAkB,OAAuC;CAQxE,MAAM,iBAAiB,gBAAgB,aAAa;EANnD,SAAS,MAAM;EACf,OAAO,CAAC,GAAG,MAAM,MAAM;EACvB,KAAK,MAAM;EACX,KAAK,MAAM,cAAc,KAAK,KAAK;EACnC,KAAK,MAAM,OAAO,YAAY;EAE4B,CAAC,CAAC;CAE7D,OAAO,GAAG,eAAe,GADP,WAAW,UAAU,MAAM,IAAI,CAAC,OAAO,eAAe,CAAC,OAAO,YAC3C;;AAGtC,SAAS,0BAA0B,gBAAqD;CACvF,IAAI;EACH,OAAO,2BAA2B,MACjC,KAAK,MAAM,OAAO,KAAK,gBAAgB,YAAY,CAAC,SAAS,OAAO,CAAC,CACrE;SACM;EACP,OAAO;;;AAIT,SAAS,qBAAqB,OAA8D;CAC3F,OAAO,MAAM,WAAW;;AAGzB,SAAS,WACR,WACA,YACU;CACV,IAAI,UAAU,WAAW,WAAW,QACnC,OAAO;CAER,OAAO,UAAU,OAAO,UAAU,UAAU;EAC3C,MAAM,YAAY,WAAW;EAC7B,OACC,cAAc,KAAA,KACd,SAAS,kBAAkB,UAAU,iBACrC,SAAS,cAAc,UAAU,aACjC,SAAS,aAAa,UAAU;GAEhC;;AAGH,SAAgB,oBAAoB,OAA4D;CAC/F,MAAM,QAAQ,MAAM,MAAM,MAAM,IAAI;CACpC,IAAI,CAAC,qBAAqB,MAAM,EAC/B,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAa;CAE1C,MAAM,CAAC,gBAAgB,oBAAoB;CAC3C,MAAM,oBAAoB,WAAW,UAAU,MAAM,IAAI,CAAC,OAAO,eAAe,CAAC,QAAQ;CACzF,MAAM,oBAAoB,OAAO,KAAK,kBAAkB,YAAY;CACpE,IACC,kBAAkB,WAAW,kBAAkB,UAC/C,CAAC,gBAAgB,mBAAmB,kBAAkB,EAEtD,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAsB;CAGnD,MAAM,UAAU,0BAA0B,eAAe;CACzD,IAAI,YAAY,MACf,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAa;CAE1C,IAAI,QAAQ,OAAO,MAAM,OACxB,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAW;CAExC,IAAI,MAAM,kBAAkB,KAAA,KAAa,QAAQ,MAAM,QAAQ,MAAM,MAAM,eAC1E,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAgB;CAE7C,IAAI,QAAQ,YAAY,MAAM,SAC7B,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAkB;CAE/C,IAAI,CAAC,WAAW,QAAQ,OAAO,MAAM,MAAM,EAC1C,OAAO;EAAE,IAAI;EAAO,QAAQ;EAAiB;CAE9C,IAAI,MAAM,mBAAmB,KAAA,GAAW;EACvC,MAAM,gBAAgB,MAAM,eAAe,QAAQ,KAAK,QAAQ,IAAI;EACpE,IAAI,CAAC,cAAc,IAClB,OAAO;GAAE,IAAI;GAAO,QAAQ,cAAc;GAAQ;;CAGpD,OAAO,EAAE,IAAI,MAAM"}