@datacules/agent-identity-mcp 0.11.0 → 0.11.1

package/LICENSE

@@ -0,0 +1,109 @@
+Datacules Agent Identity License — Version 1.0
+Copyright (c) 2026 Datacules LLC. All rights reserved.
+
+─────────────────────────────────────────────────────────────────────────────
+PREAMBLE
+─────────────────────────────────────────────────────────────────────────────
+
+This software — Agent Identity & Auth Patterns — is developed and owned by
+Datacules LLC. It is made available to the public as open-source software
+under the permissive terms below.
+
+Datacules LLC retains ownership and authorship of this software while
+granting broad, royalty-free rights for anyone to use, copy, modify, and
+distribute it — in commercial or non-commercial contexts — without requiring
+that derivative works also become open source.
+
+─────────────────────────────────────────────────────────────────────────────
+TERMS AND CONDITIONS
+─────────────────────────────────────────────────────────────────────────────
+
+1. PERMISSION TO USE
+
+   Permission is hereby granted, free of charge, to any person or
+   organization obtaining a copy of this software and associated
+   documentation files (the "Software"), to use, copy, modify, merge,
+   publish, distribute, sublicense, and/or sell copies of the Software,
+   and to permit persons to whom the Software is furnished to do so,
+   subject to the conditions below.
+
+2. ATTRIBUTION
+
+   a. Redistributions of source code must retain this copyright notice,
+      this list of conditions, and the disclaimer below.
+
+   b. Redistributions in binary form or as a product must reproduce this
+      copyright notice, this list of conditions, and the disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+   c. Neither the name "Datacules LLC" nor the names of its contributors
+      may be used to endorse or promote products derived from this Software
+      without prior written permission from Datacules LLC.
+
+3. COMMERCIAL USE
+
+   Use of this Software in commercial products, SaaS platforms, internal
+   enterprise tools, or any revenue-generating context is explicitly
+   permitted without royalty, fee, or additional licensing agreement,
+   provided that the conditions in Section 2 (Attribution) are met.
+
+4. NO COPYLEFT / NO VIRAL REQUIREMENT
+
+   This license does NOT require that derivative works, modifications,
+   or software that uses or embeds this Software be made open source.
+   You may incorporate this Software into proprietary or closed-source
+   products under your own license terms.
+
+5. MODIFICATIONS
+
+   Modified versions of the Software may be distributed under the same
+   terms as this license or under any other permissive open-source
+   license (e.g. MIT, Apache 2.0, BSD), provided that:
+
+   a. The original copyright notice of Datacules LLC is preserved.
+   b. Modifications are clearly documented and distinguished from the
+      original work.
+
+6. COMPATIBILITY
+
+   This license is compatible with other permissive open-source licenses
+   such as MIT, BSD 2-Clause, BSD 3-Clause, and Apache License 2.0. It
+   is also GPL-compatible — this Software may coexist with GPL-licensed
+   code, though this Software itself is not distributed under the GPL.
+
+─────────────────────────────────────────────────────────────────────────────
+DISCLAIMER
+─────────────────────────────────────────────────────────────────────────────
+
+THIS SOFTWARE IS PROVIDED BY DATACULES LLC AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
+AND NON-INFRINGEMENT ARE DISCLAIMED.
+
+IN NO EVENT SHALL DATACULES LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+─────────────────────────────────────────────────────────────────────────────
+SUMMARY (non-binding)
+─────────────────────────────────────────────────────────────────────────────
+
+  ✔  Use freely — commercial, proprietary, or open-source projects
+  ✔  Modify and distribute with or without changes
+  ✔  Sell products built on this Software
+  ✔  No royalties or fees
+  ✔  No requirement to open-source your own code
+  ✔  Attribution to Datacules LLC required in source and binary distributions
+  ✗  Do not use "Datacules LLC" to endorse derived products without permission
+
+─────────────────────────────────────────────────────────────────────────────
+CONTACT
+─────────────────────────────────────────────────────────────────────────────
+
+Datacules LLC
+For licensing enquiries: legal@datacules.com
+Product: https://github.com/hvrcharon1/agent-identity

package/dist/cjs/index.js

@@ -0,0 +1,180 @@
+"use strict";
+/**
+ * @datacules/agent-identity-mcp
+ *
+ * Exposes agent-identity credential resolution as an MCP server.
+ * Any MCP-capable client — Claude Desktop, Claude Code, Cursor,
+ * Windsurf, or a custom agent — can call the following tools:
+ *
+ *   resolve_credential           — resolves a credential for an AgentRequestContext
+ *   resolve_migration_credential — resolves source+target pair for MigrationContext
+ *   list_credentials             — lists active credentials (safe metadata only)
+ *   list_rules                   — lists routing rules (highest priority first)
+ *   health                       — liveness + loaded credential/rule counts
+ *
+ * Supports two transports:
+ *   stdio    — stdin/stdout, compatible with Claude Desktop / Claude Code / Cursor configs
+ *   http+sse — HTTP Server-Sent Events for hosted deployments
+ *
+ * Quick start (stdio):
+ *   import { createAgentIdentityMcpServer } from '@datacules/agent-identity-mcp';
+ *   const { start } = createAgentIdentityMcpServer({ credentials, rules });
+ *   await start();  // reads from stdin, writes to stdout
+ *
+ * Quick start (HTTP):
+ *   const { start } = createAgentIdentityMcpServer({
+ *     credentials, rules, transport: 'http', httpPort: 3002
+ *   });
+ *   await start();
+ *
+ * Claude Desktop config snippet (~/.claude/claude_desktop_config.json):
+ *   {
+ *     "mcpServers": {
+ *       "agent-identity": {
+ *         "command": "npx",
+ *         "args": ["@datacules/agent-identity-mcp"],
+ *         "env": {
+ *           "AGENT_IDENTITY_CREDENTIALS": "<base64-encoded JSON>",
+ *           "AGENT_IDENTITY_RULES": "<base64-encoded JSON>"
+ *         }
+ *       }
+ *     }
+ *   }
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ALL_TOOLS = void 0;
+exports.createAgentIdentityMcpServer = createAgentIdentityMcpServer;
+const index_js_1 = require("@modelcontextprotocol/sdk/server/index.js");
+const types_js_1 = require("@modelcontextprotocol/sdk/types.js");
+const agent_identity_1 = require("@datacules/agent-identity");
+const tools_js_1 = require("./tools.js");
+const transports_js_1 = require("./transports.js");
+__exportStar(require("./types.js"), exports);
+var tools_js_2 = require("./tools.js");
+Object.defineProperty(exports, "ALL_TOOLS", { enumerable: true, get: function () { return tools_js_2.ALL_TOOLS; } });
+/**
+ * Create an agent-identity MCP server.
+ *
+ * @example
+ * // stdio (Claude Desktop / Claude Code config)
+ * const { start } = createAgentIdentityMcpServer({ credentials, rules });
+ * await start();
+ *
+ * @example
+ * // HTTP+SSE (hosted / networked)
+ * const { start } = createAgentIdentityMcpServer({
+ *   credentials, rules, transport: 'http', httpPort: 3002,
+ * });
+ * await start();
+ */
+function createAgentIdentityMcpServer(config) {
+    const { credentials, store: customStore, rules, logger, name = 'agent-identity', version = '0.1.0', transport = 'stdio', httpPort = 3002, httpHost = '127.0.0.1', httpAuthToken, } = config;
+    if (!customStore && !credentials) {
+        throw new Error('[agent-identity-mcp] Provide either credentials[] or a custom store.');
+    }
+    const store = customStore ?? new agent_identity_1.MemoryCredentialStore(credentials);
+    const deps = { store, rules, logger };
+    // Build the MCP server
+    const server = new index_js_1.Server({ name, version }, { capabilities: { tools: {} } });
+    // Register tools/list handler
+    server.setRequestHandler(types_js_1.ListToolsRequestSchema, async () => ({
+        tools: tools_js_1.ALL_TOOLS.map((t) => ({
+            name: t.name,
+            description: t.description,
+            inputSchema: {
+                type: 'object',
+                // Convert Zod schema to JSON Schema via .shape introspection for
+                // simple objects; complex schemas fall back to an open object.
+                properties: extractJsonSchemaProperties(t.inputSchema),
+                required: extractRequiredKeys(t.inputSchema),
+            },
+        })),
+    }));
+    // Register tools/call handler
+    server.setRequestHandler(types_js_1.CallToolRequestSchema, async (request) => {
+        const tool = tools_js_1.ALL_TOOLS.find((t) => t.name === request.params.name);
+        if (!tool) {
+            return {
+                content: [{ type: 'text', text: JSON.stringify({ error: `Unknown tool: ${request.params.name}` }) }],
+                isError: true,
+            };
+        }
+        return tool.handler(request.params.arguments ?? {}, deps);
+    });
+    let stopFn = null;
+    const start = async () => {
+        if (transport === 'stdio') {
+            const stdioTransport = new transports_js_1.StdioServerTransport();
+            await server.connect(stdioTransport);
+        }
+        else {
+            stopFn = await (0, transports_js_1.startHttpMcpTransport)({
+                server,
+                port: httpPort,
+                host: httpHost,
+                authToken: httpAuthToken,
+            });
+        }
+    };
+    const stop = async () => {
+        stopFn?.();
+        await server.close();
+    };
+    return { server, start, stop };
+}
+// ─── JSON Schema helpers (lightweight — no ajv dependency) ───────────────────
+function extractJsonSchemaProperties(schema) {
+    try {
+        const shape = schema?._def?.shape?.() ?? schema?.shape ?? {};
+        const props = {};
+        for (const [key, val] of Object.entries(shape)) {
+            props[key] = zodToJsonSchemaNode(val);
+        }
+        return props;
+    }
+    catch {
+        return {};
+    }
+}
+function extractRequiredKeys(schema) {
+    try {
+        const shape = schema?._def?.shape?.() ?? schema?.shape ?? {};
+        return Object.entries(shape)
+            .filter(([, v]) => {
+            const typeName = v?._def?.typeName;
+            return typeName !== 'ZodOptional' && typeName !== 'ZodDefault';
+        })
+            .map(([k]) => k);
+    }
+    catch {
+        return [];
+    }
+}
+function zodToJsonSchemaNode(zodNode) {
+    const typeName = zodNode?._def?.typeName;
+    switch (typeName) {
+        case 'ZodString': return { type: 'string' };
+        case 'ZodNumber': return { type: 'number' };
+        case 'ZodBoolean': return { type: 'boolean' };
+        case 'ZodEnum': return { type: 'string', enum: zodNode._def.values };
+        case 'ZodOptional':
+        case 'ZodDefault': return zodToJsonSchemaNode(zodNode._def.innerType);
+        case 'ZodObject': return { type: 'object', properties: extractJsonSchemaProperties(zodNode) };
+        default: return { type: 'string' };
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;;;;;;;;;;;;;;;;;AAwDH,oEAgFC;AAtID,wEAAmE;AACnE,iEAG4C;AAE5C,8DAAkE;AAClE,yCAAsD;AACtD,mDAA8E;AAG9E,6CAA2B;AAC3B,uCAAuC;AAA9B,qGAAA,SAAS,OAAA;AA2BlB;;;;;;;;;;;;;;GAcG;AACH,SAAgB,4BAA4B,CAC1C,MAAoC;IAEpC,MAAM,EACJ,WAAW,EACX,KAAK,EAAE,WAAW,EAClB,KAAK,EACL,MAAM,EACN,IAAI,GAAG,gBAAgB,EACvB,OAAO,GAAG,OAAO,EACjB,SAAS,GAAG,OAAO,EACnB,QAAQ,GAAG,IAAI,EACf,QAAQ,GAAG,WAAW,EACtB,aAAa,GACd,GAAG,MAAM,CAAC;IAEX,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;IAC1F,CAAC;IAED,MAAM,KAAK,GACT,WAAW,IAAI,IAAI,sCAAqB,CAAC,WAAY,CAAC,CAAC;IAEzD,MAAM,IAAI,GAAa,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IAEhD,uBAAuB;IACvB,MAAM,MAAM,GAAG,IAAI,iBAAM,CACvB,EAAE,IAAI,EAAE,OAAO,EAAE,EACjB,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;IAEF,8BAA8B;IAC9B,MAAM,CAAC,iBAAiB,CAAC,iCAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QAC5D,KAAK,EAAE,oBAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3B,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,WAAW,EAAE;gBACX,IAAI,EAAE,QAAiB;gBACvB,iEAAiE;gBACjE,+DAA+D;gBAC/D,UAAU,EAAE,2BAA2B,CAAC,CAAC,CAAC,WAAW,CAAC;gBACtD,QAAQ,EAAE,mBAAmB,CAAC,CAAC,CAAC,WAAW,CAAC;aAC7C;SACF,CAAC,CAAC;KACJ,CAAC,CAAC,CAAC;IAEJ,8BAA8B;IAC9B,MAAM,CAAC,iBAAiB,CAAC,gCAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAChE,MAAM,IAAI,GAAG,oBAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACnE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,CAAC;gBAC7G,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,IAAI,MAAM,GAAwB,IAAI,CAAC;IAEvC,MAAM,KAAK,GAAG,KAAK,IAAmB,EAAE;QACtC,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;YAC1B,MAAM,cAAc,GAAG,IAAI,oCAAoB,EAAE,CAAC;YAClD,MAAM,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,MAAM,IAAA,qCAAqB,EAAC;gBACnC,MAAM;gBACN,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,aAAa;aACzB,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,IAAI,GAAG,KAAK,IAAmB,EAAE;QACrC,MAAM,EAAE,EAAE,CAAC;QACX,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC,CAAC;IAEF,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACjC,CAAC;AAED,gFAAgF;AAEhF,SAAS,2BAA2B,CAAC,MAAW;IAC9C,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,IAAI,MAAM,EAAE,KAAK,IAAI,EAAE,CAAC;QAC7D,MAAM,KAAK,GAA4B,EAAE,CAAC;QAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC/C,KAAK,CAAC,GAAG,CAAC,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAW;IACtC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,IAAI,MAAM,EAAE,KAAK,IAAI,EAAE,CAAC;QAC7D,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;aACzB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAgB,EAAE,EAAE;YAC/B,MAAM,QAAQ,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC;YACnC,OAAO,QAAQ,KAAK,aAAa,IAAI,QAAQ,KAAK,YAAY,CAAC;QACjE,CAAC,CAAC;aACD,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAY;IACvC,MAAM,QAAQ,GAAG,OAAO,EAAE,IAAI,EAAE,QAAQ,CAAC;IACzC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,WAAW,CAAC,CAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC7C,KAAK,WAAW,CAAC,CAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC7C,KAAK,YAAY,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QAC9C,KAAK,SAAS,CAAC,CAAI,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACxE,KAAK,aAAa,CAAC;QACnB,KAAK,YAAY,CAAC,CAAC,OAAO,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACtE,KAAK,WAAW,CAAC,CAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,2BAA2B,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/F,OAAO,CAAC,CAAW,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC/C,CAAC;AACH,CAAC"}

package/dist/cjs/tools.js

@@ -0,0 +1,166 @@
+"use strict";
+/**
+ * MCP tool handler implementations for @datacules/agent-identity.
+ *
+ * Each exported function corresponds to one MCP tool:
+ *   resolve_credential        — resolves credential for AgentRequestContext
+ *   resolve_migration_credential — resolves source+target pair for MigrationContext
+ *   list_credentials          — lists active credentials (safe metadata, no raw refs)
+ *   list_rules                — lists routing rules
+ *   health                    — liveness check
+ *
+ * Tool schemas use Zod and are exported as McpToolSchema objects so the
+ * server index can register them with a single loop.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ALL_TOOLS = void 0;
+const zod_1 = require("zod");
+const agent_identity_1 = require("@datacules/agent-identity");
+// ─── Shared Zod schemas ───────────────────────────────────────────────────────
+const SupportedProviderSchema = zod_1.z.enum(['openai', 'anthropic', 'gemini', 'mistral', 'local']);
+const ResourceKindSchema = zod_1.z.enum(['shared', 'personal']);
+const MigrationPhaseSchema = zod_1.z.enum(['dry-run', 'extract', 'transform', 'load', 'verify', 'rollback']);
+const BaseContextSchema = zod_1.z.object({
+    userId: zod_1.z.string().min(1),
+    resourceId: zod_1.z.string().min(1),
+    resourceKind: ResourceKindSchema,
+    provider: SupportedProviderSchema,
+    model: zod_1.z.string().min(1),
+    action: zod_1.z.string().min(1),
+    traceId: zod_1.z.string().min(1),
+    sessionId: zod_1.z.string().optional(),
+    requestedAt: zod_1.z.string().optional(),
+    parentTraceId: zod_1.z.string().optional(),
+    mcpSessionId: zod_1.z.string().optional(),
+    mcpClientId: zod_1.z.string().optional(),
+});
+const ResolveCredentialSchema = BaseContextSchema;
+const ResolveMigrationSchema = BaseContextSchema.extend({
+    migrationId: zod_1.z.string().min(1),
+    phase: MigrationPhaseSchema,
+    sourceResourceId: zod_1.z.string().min(1),
+    targetResourceId: zod_1.z.string().min(1),
+    batchIndex: zod_1.z.number().int().nonnegative().optional(),
+    totalBatches: zod_1.z.number().int().positive().optional(),
+    dryRun: zod_1.z.boolean(),
+});
+// ─── Helper ───────────────────────────────────────────────────────────────────
+function ok(data) {
+    return { content: [{ type: 'text', text: JSON.stringify(data, null, 2) }] };
+}
+function err(message) {
+    return { content: [{ type: 'text', text: JSON.stringify({ error: message }) }], isError: true };
+}
+// ─── resolve_credential ───────────────────────────────────────────────────────
+const resolveCredentialTool = {
+    name: 'resolve_credential',
+    description: 'Resolve the correct credential for an agent request. ' +
+        'Provide the full AgentRequestContext (userId, resourceId, resourceKind, provider, model, action, traceId). ' +
+        'Returns the resolved credential metadata — never the raw secret.',
+    inputSchema: ResolveCredentialSchema,
+    async handler(input, { store, rules, logger }) {
+        const parsed = ResolveCredentialSchema.safeParse(input);
+        if (!parsed.success)
+            return err(`Validation error: ${parsed.error.message}`);
+        const ctx = {
+            ...parsed.data,
+            requestedAt: parsed.data.requestedAt ?? new Date().toISOString(),
+        };
+        const router = (0, agent_identity_1.createRouterFromStore)(store, rules, logger);
+        const resolved = router.resolve(ctx);
+        if (!resolved)
+            return err('No credential resolved — no routing rule matched this context.');
+        return ok({
+            ok: true,
+            credentialId: resolved.credentialId,
+            kind: resolved.kind,
+            resolvedFor: resolved.resolvedFor,
+            // ref is intentionally omitted — never surface raw refs over MCP
+        });
+    },
+};
+// ─── resolve_migration_credential ─────────────────────────────────────────────
+const resolveMigrationCredentialTool = {
+    name: 'resolve_migration_credential',
+    description: 'Resolve source and target credentials for a data migration workflow. ' +
+        'Requires a full MigrationContext including migrationId, phase, sourceResourceId, targetResourceId, and dryRun flag. ' +
+        'Returns both resolved credential metadata objects — never raw secrets.',
+    inputSchema: ResolveMigrationSchema,
+    async handler(input, { store, rules, logger }) {
+        const parsed = ResolveMigrationSchema.safeParse(input);
+        if (!parsed.success)
+            return err(`Validation error: ${parsed.error.message}`);
+        const ctx = {
+            ...parsed.data,
+            requestedAt: parsed.data.requestedAt ?? new Date().toISOString(),
+        };
+        const router = (0, agent_identity_1.createRouterFromStore)(store, rules, logger);
+        const pair = router.resolvePair(ctx);
+        if (!pair)
+            return err('No credential pair resolved — check that routing rules cover both sourceResourceId and targetResourceId.');
+        return ok({
+            ok: true,
+            migrationId: pair.migrationId,
+            source: { credentialId: pair.source.credentialId, kind: pair.source.kind, resolvedFor: pair.source.resolvedFor },
+            target: { credentialId: pair.target.credentialId, kind: pair.target.kind, resolvedFor: pair.target.resolvedFor },
+            expiresAt: pair.expiresAt ?? null,
+        });
+    },
+};
+// ─── list_credentials ─────────────────────────────────────────────────────────
+const listCredentialsTool = {
+    name: 'list_credentials',
+    description: 'List all active credentials registered with this agent-identity server. ' +
+        'Returns safe metadata only (id, kind, name, scope, status, expiresAt). ' +
+        'Raw refs and secrets are never included.',
+    inputSchema: zod_1.z.object({
+        kind: zod_1.z.enum(['fixed', 'user-delegated']).optional().describe('Filter by credential kind'),
+    }),
+    async handler(input, { store }) {
+        const parsed = zod_1.z.object({ kind: zod_1.z.enum(['fixed', 'user-delegated']).optional() }).safeParse(input);
+        if (!parsed.success)
+            return err(`Validation error: ${parsed.error.message}`);
+        const creds = parsed.data.kind
+            ? await store.listByKind(parsed.data.kind)
+            : await store.listActive();
+        const safe = creds.map(({ id, kind, name, scope, status, expiresAt }) => ({
+            id, kind, name, scope, status, expiresAt: expiresAt ?? null,
+        }));
+        return ok({ count: safe.length, credentials: safe });
+    },
+};
+// ─── list_rules ───────────────────────────────────────────────────────────────
+const listRulesTool = {
+    name: 'list_rules',
+    description: 'List all routing rules registered with this agent-identity server, ' +
+        'ordered by priority (highest first). Useful for debugging credential routing.',
+    inputSchema: zod_1.z.object({}),
+    async handler(_input, { rules }) {
+        const sorted = [...rules].sort((a, b) => b.priority - a.priority);
+        return ok({ count: sorted.length, rules: sorted });
+    },
+};
+// ─── health ───────────────────────────────────────────────────────────────────
+const healthTool = {
+    name: 'health',
+    description: 'Check whether the agent-identity MCP server is healthy and how many credentials/rules are loaded.',
+    inputSchema: zod_1.z.object({}),
+    async handler(_input, { store, rules }) {
+        const active = await store.listActive();
+        return ok({
+            status: 'ok',
+            credentialsLoaded: active.length,
+            rulesLoaded: rules.length,
+            timestamp: new Date().toISOString(),
+        });
+    },
+};
+// ─── Export all tools ─────────────────────────────────────────────────────────
+exports.ALL_TOOLS = [
+    resolveCredentialTool,
+    resolveMigrationCredentialTool,
+    listCredentialsTool,
+    listRulesTool,
+    healthTool,
+];
+//# sourceMappingURL=tools.js.map

package/dist/cjs/tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tools.js","sourceRoot":"","sources":["../../src/tools.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAEH,6BAAwB;AACxB,8DAAyF;AAQzF,iFAAiF;AAEjF,MAAM,uBAAuB,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;AAC9F,MAAM,kBAAkB,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC;AAC1D,MAAM,oBAAoB,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC;AAEvG,MAAM,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACjC,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzB,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7B,YAAY,EAAE,kBAAkB;IAChC,QAAQ,EAAE,uBAAuB;IACjC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzB,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC,CAAC;AAEH,MAAM,uBAAuB,GAAG,iBAAiB,CAAC;AAElD,MAAM,sBAAsB,GAAG,iBAAiB,CAAC,MAAM,CAAC;IACtD,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9B,KAAK,EAAE,oBAAoB;IAC3B,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACnC,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACnC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACrD,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IACpD,MAAM,EAAE,OAAC,CAAC,OAAO,EAAE;CACpB,CAAC,CAAC;AAuBH,iFAAiF;AAEjF,SAAS,EAAE,CAAC,IAAa;IACvB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;AAC9E,CAAC;AAED,SAAS,GAAG,CAAC,OAAe;IAC1B,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAClG,CAAC;AAED,iFAAiF;AAEjF,MAAM,qBAAqB,GAAsB;IAC/C,IAAI,EAAE,oBAAoB;IAC1B,WAAW,EACT,uDAAuD;QACvD,6GAA6G;QAC7G,kEAAkE;IACpE,WAAW,EAAE,uBAAuB;IACpC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE;QAC3C,MAAM,MAAM,GAAG,uBAAuB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACxD,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,OAAO,GAAG,CAAC,qBAAqB,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAE7E,MAAM,GAAG,GAAG;YACV,GAAG,MAAM,CAAC,IAAI;YACd,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACjE,CAAC;QAEF,MAAM,MAAM,GAAG,IAAA,sCAAqB,EAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,CAAC,QAAQ;YAAE,OAAO,GAAG,CAAC,gEAAgE,CAAC,CAAC;QAE5F,OAAO,EAAE,CAAC;YACR,EAAE,EAAE,IAAI;YACR,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,iEAAiE;SAClE,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,iFAAiF;AAEjF,MAAM,8BAA8B,GAAsB;IACxD,IAAI,EAAE,8BAA8B;IACpC,WAAW,EACT,uEAAuE;QACvE,sHAAsH;QACtH,wEAAwE;IAC1E,WAAW,EAAE,sBAAsB;IACnC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE;QAC3C,MAAM,MAAM,GAAG,sBAAsB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,OAAO,GAAG,CAAC,qBAAqB,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAE7E,MAAM,GAAG,GAAG;YACV,GAAG,MAAM,CAAC,IAAI;YACd,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACjE,CAAC;QAEF,MAAM,MAAM,GAAG,IAAA,sCAAqB,EAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC3D,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,CAAC,IAAI;YAAE,OAAO,GAAG,CAAC,0GAA0G,CAAC,CAAC;QAElI,OAAO,EAAE,CAAC;YACR,EAAE,EAAE,IAAI;YACR,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,MAAM,EAAE,EAAE,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE;YAChH,MAAM,EAAE,EAAE,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE;YAChH,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI;SAClC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,iFAAiF;AAEjF,MAAM,mBAAmB,GAAsB;IAC7C,IAAI,EAAE,kBAAkB;IACxB,WAAW,EACT,0EAA0E;QAC1E,yEAAyE;QACzE,0CAA0C;IAC5C,WAAW,EAAE,OAAC,CAAC,MAAM,CAAC;QACpB,IAAI,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;KAC3F,CAAC;IACF,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE;QAC5B,MAAM,MAAM,GAAG,OAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACnG,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,OAAO,GAAG,CAAC,qBAAqB,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAE7E,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI;YAC5B,CAAC,CAAC,MAAM,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;YAC1C,CAAC,CAAC,MAAM,KAAK,CAAC,UAAU,EAAE,CAAC;QAE7B,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,CAAC;YACxE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,IAAI;SAC5D,CAAC,CAAC,CAAC;QAEJ,OAAO,EAAE,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;IACvD,CAAC;CACF,CAAC;AAEF,iFAAiF;AAEjF,MAAM,aAAa,GAAsB;IACvC,IAAI,EAAE,YAAY;IAClB,WAAW,EACT,qEAAqE;QACrE,+EAA+E;IACjF,WAAW,EAAE,OAAC,CAAC,MAAM,CAAC,EAAE,CAAC;IACzB,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE;QAC7B,MAAM,MAAM,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QAClE,OAAO,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IACrD,CAAC;CACF,CAAC;AAEF,iFAAiF;AAEjF,MAAM,UAAU,GAAsB;IACpC,IAAI,EAAE,QAAQ;IACd,WAAW,EAAE,mGAAmG;IAChH,WAAW,EAAE,OAAC,CAAC,MAAM,CAAC,EAAE,CAAC;IACzB,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE;QACpC,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,UAAU,EAAE,CAAC;QACxC,OAAO,EAAE,CAAC;YACR,MAAM,EAAE,IAAI;YACZ,iBAAiB,EAAE,MAAM,CAAC,MAAM;YAChC,WAAW,EAAE,KAAK,CAAC,MAAM;YACzB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,iFAAiF;AAEpE,QAAA,SAAS,GAAwB;IAC5C,qBAAqB;IACrB,8BAA8B;IAC9B,mBAAmB;IACnB,aAAa;IACb,UAAU;CACX,CAAC"}

package/dist/cjs/transports.js

@@ -0,0 +1,125 @@
+"use strict";
+/**
+ * Transport helpers for @datacules/agent-identity-mcp.
+ *
+ * Provides two transports:
+ *   - StdioServerTransport  : stdin/stdout, for Claude Desktop / Claude Code / Cursor config
+ *   - createHttpMcpTransport: HTTP + SSE, for hosted / networked deployments
+ *
+ * The HTTP transport adds optional bearer-token auth. The SSE endpoint at
+ * GET /sse initialises a session; the message endpoint at POST /messages
+ * receives client tool calls and posts responses back over the SSE stream.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.StdioServerTransport = void 0;
+exports.startHttpMcpTransport = startHttpMcpTransport;
+const stdio_js_1 = require("@modelcontextprotocol/sdk/server/stdio.js");
+Object.defineProperty(exports, "StdioServerTransport", { enumerable: true, get: function () { return stdio_js_1.StdioServerTransport; } });
+const sse_js_1 = require("@modelcontextprotocol/sdk/server/sse.js");
+/**
+ * Start an HTTP + SSE MCP transport.
+ *
+ * Session lifecycle:
+ *   1. Client opens GET /sse — transport creates an SSEServerTransport,
+ *      connects it to the MCP Server, and starts streaming.
+ *   2. Client POSTs tool calls to POST /messages?sessionId=<id>.
+ *   3. Transport routes each message to the correct session and replies
+ *      via the open SSE stream.
+ *
+ * Returns a cleanup function that closes the HTTP server.
+ */
+async function startHttpMcpTransport(options) {
+    const { server, port = 3002, host = '127.0.0.1', authToken } = options;
+    // Session registry: sessionId → active SSEServerTransport
+    const sessions = new Map();
+    const http = await Promise.resolve().then(() => __importStar(require('node:http')));
+    function authenticate(req, res) {
+        if (!authToken)
+            return true;
+        const header = req.headers['authorization'] ?? '';
+        if (header === `Bearer ${authToken}`)
+            return true;
+        res.writeHead(401, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: 'Unauthorized — valid Bearer token required' }));
+        return false;
+    }
+    const httpServer = http.createServer(async (req, res) => {
+        const url = new URL(req.url ?? '/', `http://${host}:${port}`);
+        // CORS for browser-based MCP clients
+        res.setHeader('Access-Control-Allow-Origin', '*');
+        res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+        res.setHeader('Access-Control-Allow-Headers', 'Authorization, Content-Type');
+        if (req.method === 'OPTIONS') {
+            res.writeHead(204);
+            res.end();
+            return;
+        }
+        if (!authenticate(req, res))
+            return;
+        // ── SSE session init ──────────────────────────────────────────────────
+        if (req.method === 'GET' && url.pathname === '/sse') {
+            const transport = new sse_js_1.SSEServerTransport('/messages', res);
+            sessions.set(transport.sessionId, transport);
+            req.on('close', () => sessions.delete(transport.sessionId));
+            await server.connect(transport);
+            return;
+        }
+        // ── Incoming tool call message ────────────────────────────────────────
+        if (req.method === 'POST' && url.pathname === '/messages') {
+            const sessionId = url.searchParams.get('sessionId') ?? '';
+            const transport = sessions.get(sessionId);
+            if (!transport) {
+                res.writeHead(404, { 'Content-Type': 'application/json' });
+                res.end(JSON.stringify({ error: `Session ${sessionId} not found or expired` }));
+                return;
+            }
+            await transport.handlePostMessage(req, res);
+            return;
+        }
+        // ── Health probe (GET /) ──────────────────────────────────────────────
+        if (req.method === 'GET' && url.pathname === '/') {
+            res.writeHead(200, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ ok: true, sessions: sessions.size, transport: 'http+sse' }));
+            return;
+        }
+        res.writeHead(404);
+        res.end();
+    });
+    await new Promise((resolve) => httpServer.listen(port, host, resolve));
+    console.error(`[agent-identity-mcp] HTTP+SSE transport listening on http://${host}:${port}`);
+    return () => httpServer.close();
+}
+//# sourceMappingURL=transports.js.map

package/dist/cjs/transports.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transports.js","sourceRoot":"","sources":["../../src/transports.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuCH,sDAoEC;AAzGD,wEAAiF;AAKxE,qGALA,+BAAoB,OAKA;AAJ7B,oEAA6E;AAwB7E;;;;;;;;;;;GAWG;AACI,KAAK,UAAU,qBAAqB,CAAC,OAAgC;IAC1E,MAAM,EAAE,MAAM,EAAE,IAAI,GAAG,IAAI,EAAE,IAAI,GAAG,WAAW,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;IAEvE,0DAA0D;IAC1D,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA8B,CAAC;IAEvD,MAAM,IAAI,GAAG,wDAAa,WAAW,GAAC,CAAC;IAEvC,SAAS,YAAY,CAAC,GAAoB,EAAE,GAAmB;QAC7D,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAC5B,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;QAClD,IAAI,MAAM,KAAK,UAAU,SAAS,EAAE;YAAE,OAAO,IAAI,CAAC;QAClD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC,CAAC,CAAC;QACjF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,GAAoB,EAAE,GAAmB,EAAE,EAAE;QACvF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,UAAU,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;QAE9D,qCAAqC;QACrC,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;QAClD,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,oBAAoB,CAAC,CAAC;QACpE,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,6BAA6B,CAAC,CAAC;QAC7E,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YAAC,OAAO;QAAC,CAAC;QAExE,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,GAAG,CAAC;YAAE,OAAO;QAEpC,yEAAyE;QACzE,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YACpD,MAAM,SAAS,GAAG,IAAI,2BAAkB,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YAC3D,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;YAE7C,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;YAE5D,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO;QACT,CAAC;QAED,yEAAyE;QACzE,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YAC1D,MAAM,SAAS,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YAC1D,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAE1C,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,SAAS,uBAAuB,EAAE,CAAC,CAAC,CAAC;gBAChF,OAAO;YACT,CAAC;YAED,MAAM,SAAS,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC5C,OAAO;QACT,CAAC;QAED,yEAAyE;QACzE,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;YACjD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;YACtF,OAAO;QACT,CAAC;QAED,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAAC,GAAG,CAAC,GAAG,EAAE,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;IAC7E,OAAO,CAAC,KAAK,CAAC,+DAA+D,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;IAE7F,OAAO,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;AAClC,CAAC"}

package/dist/cjs/types.js

@@ -0,0 +1,10 @@
+"use strict";
+/**
+ * MCP-specific type extensions for @datacules/agent-identity.
+ *
+ * McpRequestContext extends AgentRequestContext with the MCP session and
+ * client identifiers so audit logs can trace a credential resolution back
+ * to the exact MCP session that triggered it.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/cjs/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG"}