npm - @enactprotocol/mcp-server - Versions diffs - 1.2.7 → 1.2.9 - Mend

@enactprotocol/mcp-server 1.2.7 → 1.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.js CHANGED Viewed

@@ -226294,6 +226294,13 @@ class EnactApiClient {
       throw new EnactApiError("Unknown error occurred", 0);
     }
   }
+  async signTool(toolId, payload, token, tokenType = "cli") {
+    const endpoint = `/functions/v1/tools/${encodeURIComponent(toolId)}/signatures`;
+    return this.makeRequest(endpoint, {
+      method: "POST",
+      body: JSON.stringify(payload)
+    }, token, tokenType);
+  }
   generateOAuthUrl(options) {
     const params = new URLSearchParams({
       response_type: "code",
@@ -239018,6 +239025,33 @@ class EnactCore {
       };
     }
   }
+  static async checkToolVerificationStatus(tool) {
+    const documentForVerification = {
+      command: tool.command,
+      description: tool.description,
+      from: tool.from,
+      name: tool.name,
+      signatures: tool.signatures?.map((sig) => ({
+        signature: sig.value,
+        publicKey: "",
+        algorithm: sig.algorithm,
+        timestamp: new Date(sig.created).getTime()
+      }))
+    };
+    let isValid2 = false;
+    if (tool.signatures && tool.signatures.length > 0) {
+      isValid2 = tool.signatures.some((sig) => {
+        const referenceSignature = {
+          signature: sig.value,
+          publicKey: "",
+          algorithm: sig.algorithm,
+          timestamp: new Date(sig.created).getTime()
+        };
+        return SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ["command", "description", "from", "name"] });
+      });
+    }
+    return isValid2;
+  }
   async verifyTool(tool, dangerouslySkipVerification = false) {
     if (dangerouslySkipVerification) {
       logger_default.warn(`Skipping signature verification for tool: ${tool.name}`);
@@ -239027,23 +239061,8 @@ class EnactCore {
       if (!tool.signatures || tool.signatures.length === 0) {
         throw new Error(`Tool ${tool.name} does not have any signatures`);
       }
-      const documentForVerification = {
-        command: tool.command,
-        description: tool.description,
-        from: tool.from,
-        name: tool.name
-      };
-      const referenceSignature = {
-        signature: tool.signatures[0].value,
-        publicKey: "",
-        algorithm: tool.signatures[0].algorithm,
-        timestamp: new Date(tool.signatures[0].created).getTime()
-      };
-      const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ["command", "description", "from", "name"] });
-      const docString = JSON.stringify(canonicalDoc);
-      const messageHash = CryptoUtils.hash(docString);
-      const directVerify = CryptoUtils.verify(referenceSignature.publicKey, messageHash, referenceSignature.signature);
-      const isValid2 = SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ["command", "description", "from", "name"] });
+      const isValid2 = await EnactCore.checkToolVerificationStatus(tool);
+      console.log("Final verification result:", isValid2);
       if (!isValid2) {
         throw new Error(`Tool ${tool.name} has invalid signatures`);
       }

package/dist/index.js.bak CHANGED Viewed

@@ -226293,6 +226293,13 @@ class EnactApiClient {
       throw new EnactApiError("Unknown error occurred", 0);
     }
   }
+  async signTool(toolId, payload, token, tokenType = "cli") {
+    const endpoint = `/functions/v1/tools/${encodeURIComponent(toolId)}/signatures`;
+    return this.makeRequest(endpoint, {
+      method: "POST",
+      body: JSON.stringify(payload)
+    }, token, tokenType);
+  }
   generateOAuthUrl(options) {
     const params = new URLSearchParams({
       response_type: "code",
@@ -239017,6 +239024,33 @@ class EnactCore {
       };
     }
   }
+  static async checkToolVerificationStatus(tool) {
+    const documentForVerification = {
+      command: tool.command,
+      description: tool.description,
+      from: tool.from,
+      name: tool.name,
+      signatures: tool.signatures?.map((sig) => ({
+        signature: sig.value,
+        publicKey: "",
+        algorithm: sig.algorithm,
+        timestamp: new Date(sig.created).getTime()
+      }))
+    };
+    let isValid2 = false;
+    if (tool.signatures && tool.signatures.length > 0) {
+      isValid2 = tool.signatures.some((sig) => {
+        const referenceSignature = {
+          signature: sig.value,
+          publicKey: "",
+          algorithm: sig.algorithm,
+          timestamp: new Date(sig.created).getTime()
+        };
+        return SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ["command", "description", "from", "name"] });
+      });
+    }
+    return isValid2;
+  }
   async verifyTool(tool, dangerouslySkipVerification = false) {
     if (dangerouslySkipVerification) {
       logger_default.warn(`Skipping signature verification for tool: ${tool.name}`);
@@ -239026,23 +239060,8 @@ class EnactCore {
       if (!tool.signatures || tool.signatures.length === 0) {
         throw new Error(`Tool ${tool.name} does not have any signatures`);
       }
-      const documentForVerification = {
-        command: tool.command,
-        description: tool.description,
-        from: tool.from,
-        name: tool.name
-      };
-      const referenceSignature = {
-        signature: tool.signatures[0].value,
-        publicKey: "",
-        algorithm: tool.signatures[0].algorithm,
-        timestamp: new Date(tool.signatures[0].created).getTime()
-      };
-      const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ["command", "description", "from", "name"] });
-      const docString = JSON.stringify(canonicalDoc);
-      const messageHash = CryptoUtils.hash(docString);
-      const directVerify = CryptoUtils.verify(referenceSignature.publicKey, messageHash, referenceSignature.signature);
-      const isValid2 = SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ["command", "description", "from", "name"] });
+      const isValid2 = await EnactCore.checkToolVerificationStatus(tool);
+      console.log("Final verification result:", isValid2);
       if (!isValid2) {
         throw new Error(`Tool ${tool.name} has invalid signatures`);
       }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@enactprotocol/mcp-server",
-  "version": "1.2.7",
+  "version": "1.2.9",
   "description": "MCP server for the Enact Protocol - enables AI tools integration via Model Context Protocol",
   "type": "module",
   "main": "./dist/index.js",
@@ -38,7 +38,7 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "@enactprotocol/shared": "1.2.7",
+    "@enactprotocol/shared": "1.2.9",
     "@modelcontextprotocol/sdk": "^1.13.0",
     "zod": "^3.25.67"
   },