npm - @id-wispera/mcp-server - Versions diffs - 0.1.0 - Mend

@id-wispera/mcp-server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (46) hide show

package/README.md +161 -0
package/dist/index.d.ts +7 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +196 -0
package/dist/index.js.map +1 -0
package/dist/middleware/auth.d.ts +24 -0
package/dist/middleware/auth.d.ts.map +1 -0
package/dist/middleware/auth.js +47 -0
package/dist/middleware/auth.js.map +1 -0
package/dist/middleware/policy-enforce.d.ts +26 -0
package/dist/middleware/policy-enforce.d.ts.map +1 -0
package/dist/middleware/policy-enforce.js +53 -0
package/dist/middleware/policy-enforce.js.map +1 -0
package/dist/resources/audit-resource.d.ts +35 -0
package/dist/resources/audit-resource.d.ts.map +1 -0
package/dist/resources/audit-resource.js +46 -0
package/dist/resources/audit-resource.js.map +1 -0
package/dist/resources/passport-resource.d.ts +42 -0
package/dist/resources/passport-resource.d.ts.map +1 -0
package/dist/resources/passport-resource.js +54 -0
package/dist/resources/passport-resource.js.map +1 -0
package/dist/tools/check-policy.d.ts +43 -0
package/dist/tools/check-policy.d.ts.map +1 -0
package/dist/tools/check-policy.js +47 -0
package/dist/tools/check-policy.js.map +1 -0
package/dist/tools/get-credential.d.ts +39 -0
package/dist/tools/get-credential.d.ts.map +1 -0
package/dist/tools/get-credential.js +53 -0
package/dist/tools/get-credential.js.map +1 -0
package/dist/tools/handler.d.ts +12 -0
package/dist/tools/handler.d.ts.map +1 -0
package/dist/tools/handler.js +20 -0
package/dist/tools/handler.js.map +1 -0
package/dist/tools/list-passports.d.ts +64 -0
package/dist/tools/list-passports.d.ts.map +1 -0
package/dist/tools/list-passports.js +68 -0
package/dist/tools/list-passports.js.map +1 -0
package/dist/tools/request-access.d.ts +44 -0
package/dist/tools/request-access.d.ts.map +1 -0
package/dist/tools/request-access.js +85 -0
package/dist/tools/request-access.js.map +1 -0
package/dist/tools/revoke.d.ts +35 -0
package/dist/tools/revoke.d.ts.map +1 -0
package/dist/tools/revoke.js +40 -0
package/dist/tools/revoke.js.map +1 -0
package/package.json +65 -0

package/README.md ADDED Viewed

@@ -0,0 +1,161 @@
+# @id-wispera/mcp-server
+MCP (Model Context Protocol) server for ID Wispera credential governance.
+## Overview
+This package provides an MCP server that allows AI agents (like Claude) to securely access governed credentials through the Model Context Protocol.
+## Installation
+```bash
+npm install @id-wispera/mcp-server
+```
+## Usage
+### Starting the Server
+```bash
+# Start the MCP server
+npx @id-wispera/mcp-server
+# With custom vault path
+IDW_VAULT_PATH=~/.my-vault/vault.json npx @id-wispera/mcp-server
+```
+### Configuration with Claude Desktop
+Add to your Claude Desktop config (`~/Library/Application Support/Claude/claude_desktop_config.json`):
+```json
+{
+  "mcpServers": {
+    "id-wispera": {
+      "command": "npx",
+      "args": ["@id-wispera/mcp-server"],
+      "env": {
+        "IDW_VAULT_PATH": "/path/to/vault.json",
+        "IDW_SESSION_TOKEN": "idw_st_..."
+      }
+    }
+  }
+}
+```
+**Authentication**: Generate a scoped session token with `idw auth token create --name "claude-desktop" --scope read,list --ttl 7d` and set it as `IDW_SESSION_TOKEN`. This avoids storing a plaintext passphrase in your config file.
+> **Deprecated**: `IDW_PASSPHRASE` is still accepted for backward compatibility but will be removed in a future release. Migrate to `IDW_SESSION_TOKEN`.
+## Available Tools
+### get_credential
+Retrieve a credential by passport ID.
+```json
+{
+  "name": "get_credential",
+  "arguments": {
+    "passport_id": "uuid-of-passport",
+    "purpose": "Making API call to OpenAI"
+  }
+}
+```
+### list_passports
+List available passports with optional filters.
+```json
+{
+  "name": "list_passports",
+  "arguments": {
+    "status": "active",
+    "platform": "openai"
+  }
+}
+```
+### request_access
+Request access to a credential (creates audit entry, may require approval).
+```json
+{
+  "name": "request_access",
+  "arguments": {
+    "passport_id": "uuid-of-passport",
+    "purpose": "Executing user-requested API call",
+    "scope": ["chat", "completions"]
+  }
+}
+```
+### check_policy
+Check if an action is permitted by policy.
+```json
+{
+  "name": "check_policy",
+  "arguments": {
+    "passport_id": "uuid-of-passport",
+    "action": "access"
+  }
+}
+```
+### revoke_passport
+Revoke a passport (requires confirmation).
+```json
+{
+  "name": "revoke_passport",
+  "arguments": {
+    "passport_id": "uuid-of-passport",
+    "reason": "Credential exposed in logs"
+  }
+}
+```
+## Available Resources
+### passport://{id}
+Access passport metadata as a resource.
+```
+passport://a1b2c3d4-e5f6-7890-abcd-ef1234567890
+```
+### audit://{passport_id}
+Access audit trail for a passport.
+```
+audit://a1b2c3d4-e5f6-7890-abcd-ef1234567890
+```
+## Security
+- All credential access is logged to the audit trail
+- Policy rules are evaluated before credential retrieval
+- The server runs locally and communicates via stdio
+- Credentials are never sent to external services
+## Environment Variables
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `IDW_SESSION_TOKEN` | Scoped session token (recommended) | |
+| `IDW_VAULT_PATH` | Path to vault file | `~/.id-wispera/vault.json` |
+| `IDW_LOG_LEVEL` | Logging level | `info` |
+| `IDW_PASSPHRASE` | Vault passphrase | **Deprecated** -- use `IDW_SESSION_TOKEN` instead |
+The server resolves authentication in order: `IDW_SESSION_TOKEN` > OS keychain > `IDW_PASSPHRASE`.
+## License
+MIT

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+/**
+ * ID Wispera MCP Server
+ * Model Context Protocol server for credential governance
+ */
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;GAGG"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,196 @@
+#!/usr/bin/env node
+/**
+ * ID Wispera MCP Server
+ * Model Context Protocol server for credential governance
+ */
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { CallToolRequestSchema, ListToolsRequestSchema, ListResourcesRequestSchema, ReadResourceRequestSchema, } from '@modelcontextprotocol/sdk/types.js';
+import { getVault, getActor } from './middleware/auth.js';
+import { getCredentialTool, handleGetCredential, } from './tools/get-credential.js';
+import { listPassportsTool, handleListPassports, } from './tools/list-passports.js';
+import { requestAccessTool, handleRequestAccess, } from './tools/request-access.js';
+import { checkPolicyTool, handleCheckPolicy, } from './tools/check-policy.js';
+import { revokePassportTool, handleRevokePassport, } from './tools/revoke.js';
+import { getPassportResource, listPassportResources, } from './resources/passport-resource.js';
+import { getAuditResource, listAuditResources, } from './resources/audit-resource.js';
+const VERSION = '0.1.0';
+/**
+ * Create and configure the MCP server
+ */
+async function createServer() {
+    const server = new Server({
+        name: 'id-wispera',
+        version: VERSION,
+    }, {
+        capabilities: {
+            tools: {},
+            resources: {},
+        },
+    });
+    // List available tools
+    server.setRequestHandler(ListToolsRequestSchema, async () => {
+        return {
+            tools: [
+                getCredentialTool,
+                listPassportsTool,
+                requestAccessTool,
+                checkPolicyTool,
+                revokePassportTool,
+            ],
+        };
+    });
+    // Handle tool calls
+    server.setRequestHandler(CallToolRequestSchema, async (request) => {
+        const { name, arguments: args } = request.params;
+        try {
+            const vault = await getVault();
+            const actor = getActor();
+            let result;
+            switch (name) {
+                case 'get_credential':
+                    result = await handleGetCredential(vault, args, actor);
+                    break;
+                case 'list_passports':
+                    result = await handleListPassports(vault, args);
+                    break;
+                case 'request_access':
+                    result = await handleRequestAccess(vault, args, actor);
+                    break;
+                case 'check_policy':
+                    result = await handleCheckPolicy(vault, args);
+                    break;
+                case 'revoke_passport':
+                    result = await handleRevokePassport(vault, args, actor);
+                    break;
+                default:
+                    return {
+                        content: [
+                            {
+                                type: 'text',
+                                text: JSON.stringify({ error: `Unknown tool: ${name}` }),
+                            },
+                        ],
+                        isError: true,
+                    };
+            }
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify(result, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (err) {
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify({
+                            error: err instanceof Error ? err.message : 'Unknown error',
+                        }),
+                    },
+                ],
+                isError: true,
+            };
+        }
+    });
+    // List available resources
+    server.setRequestHandler(ListResourcesRequestSchema, async () => {
+        try {
+            const vault = await getVault();
+            const passportResources = await listPassportResources(vault);
+            const auditResources = await listAuditResources(vault);
+            return {
+                resources: [...passportResources, ...auditResources],
+            };
+        }
+        catch (err) {
+            return {
+                resources: [],
+            };
+        }
+    });
+    // Read resource
+    server.setRequestHandler(ReadResourceRequestSchema, async (request) => {
+        const { uri } = request.params;
+        try {
+            const vault = await getVault();
+            // Parse URI
+            const url = new URL(uri);
+            const scheme = url.protocol.replace(':', '');
+            const id = url.hostname;
+            let content;
+            switch (scheme) {
+                case 'passport':
+                    content = await getPassportResource(vault, id);
+                    break;
+                case 'audit':
+                    content = await getAuditResource(vault, id);
+                    break;
+                default:
+                    return {
+                        contents: [
+                            {
+                                uri,
+                                mimeType: 'application/json',
+                                text: JSON.stringify({ error: `Unknown resource scheme: ${scheme}` }),
+                            },
+                        ],
+                    };
+            }
+            if (!content) {
+                return {
+                    contents: [
+                        {
+                            uri,
+                            mimeType: 'application/json',
+                            text: JSON.stringify({ error: 'Resource not found' }),
+                        },
+                    ],
+                };
+            }
+            return {
+                contents: [
+                    {
+                        uri,
+                        mimeType: 'application/json',
+                        text: JSON.stringify(content, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (err) {
+            return {
+                contents: [
+                    {
+                        uri,
+                        mimeType: 'application/json',
+                        text: JSON.stringify({
+                            error: err instanceof Error ? err.message : 'Unknown error',
+                        }),
+                    },
+                ],
+            };
+        }
+    });
+    return server;
+}
+/**
+ * Main entry point
+ */
+async function main() {
+    const server = await createServer();
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    // Log to stderr (stdout is for MCP communication)
+    console.error('ID Wispera MCP Server started');
+    console.error(`Version: ${VERSION}`);
+}
+main().catch((err) => {
+    console.error('Failed to start MCP server:', err);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;GAGG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,0BAA0B,EAC1B,yBAAyB,GAC1B,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EACL,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,eAAe,EACf,iBAAiB,GAClB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EACL,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,+BAA+B,CAAC;AAEvC,MAAM,OAAO,GAAG,OAAO,CAAC;AAExB;;GAEG;AACH,KAAK,UAAU,YAAY;IACzB,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,OAAO;KACjB,EACD;QACE,YAAY,EAAE;YACZ,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,EAAE;SACd;KACF,CACF,CAAC;IAEF,uBAAuB;IACvB,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,OAAO;YACL,KAAK,EAAE;gBACL,iBAAiB;gBACjB,iBAAiB;gBACjB,iBAAiB;gBACjB,eAAe;gBACf,kBAAkB;aACnB;SACF,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,oBAAoB;IACpB,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAChE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QAEjD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,QAAQ,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;YAEzB,IAAI,MAAe,CAAC;YAEpB,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,gBAAgB;oBACnB,MAAM,GAAG,MAAM,mBAAmB,CAAC,KAAK,EAAE,IAAW,EAAE,KAAK,CAAC,CAAC;oBAC9D,MAAM;gBAER,KAAK,gBAAgB;oBACnB,MAAM,GAAG,MAAM,mBAAmB,CAAC,KAAK,EAAE,IAAW,CAAC,CAAC;oBACvD,MAAM;gBAER,KAAK,gBAAgB;oBACnB,MAAM,GAAG,MAAM,mBAAmB,CAAC,KAAK,EAAE,IAAW,EAAE,KAAK,CAAC,CAAC;oBAC9D,MAAM;gBAER,KAAK,cAAc;oBACjB,MAAM,GAAG,MAAM,iBAAiB,CAAC,KAAK,EAAE,IAAW,CAAC,CAAC;oBACrD,MAAM;gBAER,KAAK,iBAAiB;oBACpB,MAAM,GAAG,MAAM,oBAAoB,CAAC,KAAK,EAAE,IAAW,EAAE,KAAK,CAAC,CAAC;oBAC/D,MAAM;gBAER;oBACE,OAAO;wBACL,OAAO,EAAE;4BACP;gCACE,IAAI,EAAE,MAAM;gCACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;6BACzD;yBACF;wBACD,OAAO,EAAE,IAAI;qBACd,CAAC;YACN,CAAC;YAED,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;qBACtC;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;yBAC5D,CAAC;qBACH;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,2BAA2B;IAC3B,MAAM,CAAC,iBAAiB,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;QAC9D,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,QAAQ,EAAE,CAAC;YAE/B,MAAM,iBAAiB,GAAG,MAAM,qBAAqB,CAAC,KAAK,CAAC,CAAC;YAC7D,MAAM,cAAc,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAEvD,OAAO;gBACL,SAAS,EAAE,CAAC,GAAG,iBAAiB,EAAE,GAAG,cAAc,CAAC;aACrD,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,SAAS,EAAE,EAAE;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,gBAAgB;IAChB,MAAM,CAAC,iBAAiB,CAAC,yBAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QACpE,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QAE/B,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,QAAQ,EAAE,CAAC;YAE/B,YAAY;YACZ,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YACzB,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YAC7C,MAAM,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC;YAExB,IAAI,OAAgB,CAAC;YAErB,QAAQ,MAAM,EAAE,CAAC;gBACf,KAAK,UAAU;oBACb,OAAO,GAAG,MAAM,mBAAmB,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;oBAC/C,MAAM;gBAER,KAAK,OAAO;oBACV,OAAO,GAAG,MAAM,gBAAgB,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;oBAC5C,MAAM;gBAER;oBACE,OAAO;wBACL,QAAQ,EAAE;4BACR;gCACE,GAAG;gCACH,QAAQ,EAAE,kBAAkB;gCAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,4BAA4B,MAAM,EAAE,EAAE,CAAC;6BACtE;yBACF;qBACF,CAAC;YACN,CAAC;YAED,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,GAAG;4BACH,QAAQ,EAAE,kBAAkB;4BAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;yBACtD;qBACF;iBACF,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE;oBACR;wBACE,GAAG;wBACH,QAAQ,EAAE,kBAAkB;wBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;qBACvC;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,QAAQ,EAAE;oBACR;wBACE,GAAG;wBACH,QAAQ,EAAE,kBAAkB;wBAC5B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;yBAC5D,CAAC;qBACH;iBACF;aACF,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,MAAM,YAAY,EAAE,CAAC;IACpC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAE7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,kDAAkD;IAClD,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAC/C,OAAO,CAAC,KAAK,CAAC,YAAY,OAAO,EAAE,CAAC,CAAC;AACvC,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;IAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/middleware/auth.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * Authentication middleware for MCP requests
+ *
+ * Uses PassphraseProvider with allowInteractive: false so the MCP server
+ * resolves the passphrase via session token, OS keychain, or IDW_PASSPHRASE
+ * env var / .env file — it will never prompt.
+ */
+import type { Vault } from '@id-wispera/core';
+/**
+ * Get or create an authenticated vault instance
+ */
+export declare function getVault(): Promise<Vault>;
+/**
+ * Get the actor identifier for audit logging
+ */
+export declare function getActor(): string;
+/**
+ * Clear cached vault (for testing).
+ *
+ * NOTE: Currently unused -- intended for test teardown. Wire up in test
+ * setup/teardown when vault integration tests are added.
+ */
+export declare function clearVaultCache(): void;
+//# sourceMappingURL=auth.d.ts.map

package/dist/middleware/auth.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/middleware/auth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAK9C;;GAEG;AACH,wBAAsB,QAAQ,IAAI,OAAO,CAAC,KAAK,CAAC,CAmB/C;AAED;;GAEG;AACH,wBAAgB,QAAQ,IAAI,MAAM,CAEjC;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,IAAI,IAAI,CAKtC"}

package/dist/middleware/auth.js ADDED Viewed

@@ -0,0 +1,47 @@
+/**
+ * Authentication middleware for MCP requests
+ *
+ * Uses PassphraseProvider with allowInteractive: false so the MCP server
+ * resolves the passphrase via session token, OS keychain, or IDW_PASSPHRASE
+ * env var / .env file — it will never prompt.
+ */
+import { unlockVault, vaultExists, getDefaultVaultPath, PassphraseProvider } from '@id-wispera/core';
+let cachedVault = null;
+/**
+ * Get or create an authenticated vault instance
+ */
+export async function getVault() {
+    if (cachedVault && cachedVault.isUnlocked) {
+        return cachedVault;
+    }
+    const vaultPath = process.env.IDW_VAULT_PATH ?? getDefaultVaultPath();
+    if (!(await vaultExists(vaultPath))) {
+        throw new Error(`Vault not found at ${vaultPath}. Initialize with 'idw init' first.`);
+    }
+    const provider = new PassphraseProvider({
+        allowInteractive: false,
+        allowEnvVar: true,
+    });
+    const passphrase = await provider.getPassphrase();
+    cachedVault = await unlockVault(passphrase, vaultPath);
+    return cachedVault;
+}
+/**
+ * Get the actor identifier for audit logging
+ */
+export function getActor() {
+    return process.env.IDW_ACTOR ?? 'mcp-agent';
+}
+/**
+ * Clear cached vault (for testing).
+ *
+ * NOTE: Currently unused -- intended for test teardown. Wire up in test
+ * setup/teardown when vault integration tests are added.
+ */
+export function clearVaultCache() {
+    if (cachedVault) {
+        cachedVault.lock();
+        cachedVault = null;
+    }
+}
+//# sourceMappingURL=auth.js.map

package/dist/middleware/auth.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/middleware/auth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAErG,IAAI,WAAW,GAAiB,IAAI,CAAC;AAErC;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ;IAC5B,IAAI,WAAW,IAAI,WAAW,CAAC,UAAU,EAAE,CAAC;QAC1C,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,mBAAmB,EAAE,CAAC;IAEtE,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,sBAAsB,SAAS,qCAAqC,CAAC,CAAC;IACxF,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,kBAAkB,CAAC;QACtC,gBAAgB,EAAE,KAAK;QACvB,WAAW,EAAE,IAAI;KAClB,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,aAAa,EAAE,CAAC;IAClD,WAAW,GAAG,MAAM,WAAW,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACvD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ;IACtB,OAAO,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,WAAW,CAAC;AAC9C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe;IAC7B,IAAI,WAAW,EAAE,CAAC;QAChB,WAAW,CAAC,IAAI,EAAE,CAAC;QACnB,WAAW,GAAG,IAAI,CAAC;IACrB,CAAC;AACH,CAAC"}

package/dist/middleware/policy-enforce.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * Policy enforcement middleware
+ */
+import type { Vault, Passport, PolicyDecision } from '@id-wispera/core';
+export interface EnforcementResult {
+    allowed: boolean;
+    decision: PolicyDecision;
+}
+/**
+ * Enforce policy before credential access.
+ *
+ * NOTE: Currently unused -- available for future use when tools delegate
+ * policy checks to shared middleware instead of calling evaluatePolicy directly.
+ */
+export declare function enforcePolicy(vault: Vault, passport: Passport, action: string, actor: string, context?: Record<string, unknown>): Promise<EnforcementResult>;
+/**
+ * Check if passport status allows access.
+ *
+ * NOTE: Currently unused -- available for future use when tools delegate
+ * status checks to shared middleware instead of checking passport.status inline.
+ */
+export declare function isPassportUsable(passport: Passport): {
+    usable: boolean;
+    reason?: string;
+};
+//# sourceMappingURL=policy-enforce.d.ts.map

package/dist/middleware/policy-enforce.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"policy-enforce.d.ts","sourceRoot":"","sources":["../../src/middleware/policy-enforce.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAGxE,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,cAAc,CAAC;CAC1B;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,QAAQ,EAClB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,iBAAiB,CAAC,CAsB5B;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,GAAG;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAczF"}

package/dist/middleware/policy-enforce.js ADDED Viewed

@@ -0,0 +1,53 @@
+/**
+ * Policy enforcement middleware
+ */
+import { evaluatePolicy, DEFAULT_POLICY_RULES, logAction } from '@id-wispera/core';
+/**
+ * Enforce policy before credential access.
+ *
+ * NOTE: Currently unused -- available for future use when tools delegate
+ * policy checks to shared middleware instead of calling evaluatePolicy directly.
+ */
+export async function enforcePolicy(vault, passport, action, actor, context) {
+    const decision = evaluatePolicy(passport, action, DEFAULT_POLICY_RULES);
+    // Log the policy check
+    await logAction(vault, {
+        passportId: passport.id,
+        action: 'policy-checked',
+        actor,
+        platform: 'mcp',
+        details: `Policy ${decision.effect} for action "${action}"`,
+        metadata: {
+            action,
+            effect: decision.effect,
+            matchedRules: decision.matchedRules.map(r => r.id),
+            context,
+        },
+    });
+    return {
+        allowed: decision.allowed,
+        decision,
+    };
+}
+/**
+ * Check if passport status allows access.
+ *
+ * NOTE: Currently unused -- available for future use when tools delegate
+ * status checks to shared middleware instead of checking passport.status inline.
+ */
+export function isPassportUsable(passport) {
+    switch (passport.status) {
+        case 'revoked':
+            return { usable: false, reason: 'Passport has been revoked' };
+        case 'expired':
+            return { usable: false, reason: 'Passport has expired' };
+        case 'suspended':
+            return { usable: false, reason: 'Passport is suspended' };
+        case 'expiring':
+        case 'active':
+            return { usable: true };
+        default:
+            return { usable: false, reason: 'Unknown passport status' };
+    }
+}
+//# sourceMappingURL=policy-enforce.js.map

package/dist/middleware/policy-enforce.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"policy-enforce.js","sourceRoot":"","sources":["../../src/middleware/policy-enforce.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAOnF;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAY,EACZ,QAAkB,EAClB,MAAc,EACd,KAAa,EACb,OAAiC;IAEjC,MAAM,QAAQ,GAAG,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,oBAAoB,CAAC,CAAC;IAExE,uBAAuB;IACvB,MAAM,SAAS,CAAC,KAAK,EAAE;QACrB,UAAU,EAAE,QAAQ,CAAC,EAAE;QACvB,MAAM,EAAE,gBAAgB;QACxB,KAAK;QACL,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,UAAU,QAAQ,CAAC,MAAM,gBAAgB,MAAM,GAAG;QAC3D,QAAQ,EAAE;YACR,MAAM;YACN,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,YAAY,EAAE,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClD,OAAO;SACR;KACF,CAAC,CAAC;IAEH,OAAO;QACL,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,QAAQ;KACT,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAkB;IACjD,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;QACxB,KAAK,SAAS;YACZ,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,EAAE,CAAC;QAChE,KAAK,SAAS;YACZ,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;QAC3D,KAAK,WAAW;YACd,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;QAC5D,KAAK,UAAU,CAAC;QAChB,KAAK,QAAQ;YACX,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QAC1B;YACE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IAChE,CAAC;AACH,CAAC"}

package/dist/resources/audit-resource.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * MCP Resource: audit://{passport_id}
+ * Access audit trail as a resource
+ */
+import type { Vault } from '@id-wispera/core';
+export interface AuditResourceContent {
+    passport_id: string;
+    entries: Array<{
+        id: string;
+        action: string;
+        actor: string;
+        timestamp: string;
+        platform?: string;
+        details?: string;
+    }>;
+    stats: {
+        total_actions: number;
+        actions_last_24h: number;
+        actions_last_7d: number;
+        last_access?: string;
+    };
+}
+/**
+ * Get audit resource for a passport
+ */
+export declare function getAuditResource(vault: Vault, passportId: string): Promise<AuditResourceContent | null>;
+/**
+ * List audit resources
+ */
+export declare function listAuditResources(vault: Vault): Promise<Array<{
+    uri: string;
+    name: string;
+    description: string;
+}>>;
+//# sourceMappingURL=audit-resource.d.ts.map

package/dist/resources/audit-resource.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"audit-resource.d.ts","sourceRoot":"","sources":["../../src/resources/audit-resource.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAG9C,MAAM,WAAW,oBAAoB;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,KAAK,CAAC;QACb,EAAE,EAAE,MAAM,CAAC;QACX,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC,CAAC;IACH,KAAK,EAAE;QACL,aAAa,EAAE,MAAM,CAAC;QACtB,gBAAgB,EAAE,MAAM,CAAC;QACzB,eAAe,EAAE,MAAM,CAAC;QACxB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,KAAK,EACZ,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAyBtC;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,KAAK,GACX,OAAO,CAAC,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAQpE"}

package/dist/resources/audit-resource.js ADDED Viewed

@@ -0,0 +1,46 @@
+/**
+ * MCP Resource: audit://{passport_id}
+ * Access audit trail as a resource
+ */
+import { getAuditLog, getAuditStats } from '@id-wispera/core';
+/**
+ * Get audit resource for a passport
+ */
+export async function getAuditResource(vault, passportId) {
+    try {
+        const entries = await getAuditLog(vault, passportId);
+        const stats = await getAuditStats(vault, passportId);
+        return {
+            passport_id: passportId,
+            entries: entries.slice(0, 50).map(e => ({
+                id: e.id,
+                action: e.action,
+                actor: e.actor,
+                timestamp: e.timestamp,
+                platform: e.platform,
+                details: e.details,
+            })),
+            stats: {
+                total_actions: stats.totalActions,
+                actions_last_24h: stats.actionsLast24h,
+                actions_last_7d: stats.actionsLast7d,
+                last_access: stats.lastAction?.timestamp,
+            },
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * List audit resources
+ */
+export async function listAuditResources(vault) {
+    const passports = await vault.getAllPassports();
+    return passports.map(p => ({
+        uri: `audit://${p.id}`,
+        name: `Audit: ${p.name}`,
+        description: `Audit trail for ${p.name}`,
+    }));
+}
+//# sourceMappingURL=audit-resource.js.map

package/dist/resources/audit-resource.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"audit-resource.js","sourceRoot":"","sources":["../../src/resources/audit-resource.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAoB9D;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,KAAY,EACZ,UAAkB;IAElB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;QACrD,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;QAErD,OAAO;YACL,WAAW,EAAE,UAAU;YACvB,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACtC,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,OAAO,EAAE,CAAC,CAAC,OAAO;aACnB,CAAC,CAAC;YACH,KAAK,EAAE;gBACL,aAAa,EAAE,KAAK,CAAC,YAAY;gBACjC,gBAAgB,EAAE,KAAK,CAAC,cAAc;gBACtC,eAAe,EAAE,KAAK,CAAC,aAAa;gBACpC,WAAW,EAAE,KAAK,CAAC,UAAU,EAAE,SAAS;aACzC;SACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,KAAY;IAEZ,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,eAAe,EAAE,CAAC;IAEhD,OAAO,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACzB,GAAG,EAAE,WAAW,CAAC,CAAC,EAAE,EAAE;QACtB,IAAI,EAAE,UAAU,CAAC,CAAC,IAAI,EAAE;QACxB,WAAW,EAAE,mBAAmB,CAAC,CAAC,IAAI,EAAE;KACzC,CAAC,CAAC,CAAC;AACN,CAAC"}