@kya-os/contracts 1.3.0 → 1.3.1-canary.1

package/dist/cli.d.ts

@@ -5,27 +5,27 @@ import { z } from "zod";
 export declare const IdentityConfigSchema: z.ZodObject<{
     version: z.ZodLiteral<"1.0">;
     did: z.ZodString;
-    keyId: z.ZodString;
+    kid: z.ZodString;
     privateKey: z.ZodString;
     publicKey: z.ZodString;
     createdAt: z.ZodString;
-    lastRotated: z.ZodString;
+    lastRotated: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
     version: "1.0";
     did: string;
-    keyId: string;
+    kid: string;
     privateKey: string;
     publicKey: string;
     createdAt: string;
-    lastRotated: string;
+    lastRotated?: string | undefined;
 }, {
     version: "1.0";
     did: string;
-    keyId: string;
+    kid: string;
     privateKey: string;
     publicKey: string;
     createdAt: string;
-    lastRotated: string;
+    lastRotated?: string | undefined;
 }>;
 export declare const KeyRotationResultSchema: z.ZodObject<{
     success: z.ZodBoolean;
@@ -57,21 +57,21 @@ export declare const KeyRotationResultSchema: z.ZodObject<{
 }>;
 export declare const StatusReportSchema: z.ZodObject<{
     did: z.ZodString;
-    keyId: z.ZodString;
+    kid: z.ZodString;
     ktaURL: z.ZodString;
     mirrorStatus: z.ZodEnum<["pending", "success", "error"]>;
     lastHandshake: z.ZodOptional<z.ZodNumber>;
     environment: z.ZodEnum<["dev", "prod"]>;
 }, "strip", z.ZodTypeAny, {
     did: string;
-    keyId: string;
+    kid: string;
     ktaURL: string;
     mirrorStatus: "success" | "pending" | "error";
     environment: "dev" | "prod";
     lastHandshake?: number | undefined;
 }, {
     did: string;
-    keyId: string;
+    kid: string;
     ktaURL: string;
     mirrorStatus: "success" | "pending" | "error";
     environment: "dev" | "prod";

package/dist/cli.js

@@ -8,11 +8,11 @@ const zod_1 = require("zod");
 exports.IdentityConfigSchema = zod_1.z.object({
     version: zod_1.z.literal("1.0"),
     did: zod_1.z.string().min(1),
-    keyId: zod_1.z.string().min(1),
-    privateKey: zod_1.z.string().min(1), // base64-encoded Ed25519 private key
-    publicKey: zod_1.z.string().min(1), // base64-encoded Ed25519 public key
+    kid: zod_1.z.string().min(1), // Changed from kid to kid for spec compliance
+    privateKey: zod_1.z.string().regex(/^[A-Za-z0-9+/]{43}=$/, "Must be a valid base64-encoded Ed25519 private key (44 characters)"),
+    publicKey: zod_1.z.string().regex(/^[A-Za-z0-9+/]{43}=$/, "Must be a valid base64-encoded Ed25519 public key (44 characters)"),
     createdAt: zod_1.z.string().datetime(),
-    lastRotated: zod_1.z.string().datetime(),
+    lastRotated: zod_1.z.string().datetime().optional(),
 });
 exports.KeyRotationResultSchema = zod_1.z.object({
     success: zod_1.z.boolean(),
@@ -26,7 +26,7 @@ exports.KeyRotationResultSchema = zod_1.z.object({
 });
 exports.StatusReportSchema = zod_1.z.object({
     did: zod_1.z.string().min(1),
-    keyId: zod_1.z.string().min(1),
+    kid: zod_1.z.string().min(1), // Changed from kid to kid for spec compliance
     ktaURL: zod_1.z.string().url(),
     mirrorStatus: zod_1.z.enum(["pending", "success", "error"]),
     lastHandshake: zod_1.z.number().int().positive().optional(),

package/dist/handshake.d.ts

@@ -6,14 +6,17 @@ export declare const HandshakeRequestSchema: z.ZodObject<{
     nonce: z.ZodString;
     audience: z.ZodString;
     timestamp: z.ZodNumber;
+    agentDid: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
     nonce: string;
     audience: string;
     timestamp: number;
+    agentDid?: string | undefined;
 }, {
     nonce: string;
     audience: string;
     timestamp: number;
+    agentDid?: string | undefined;
 }>;
 export declare const SessionContextSchema: z.ZodObject<{
     sessionId: z.ZodString;
@@ -23,6 +26,7 @@ export declare const SessionContextSchema: z.ZodObject<{
     createdAt: z.ZodNumber;
     lastActivity: z.ZodNumber;
     ttlMinutes: z.ZodDefault<z.ZodNumber>;
+    agentDid: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
     createdAt: number;
     nonce: string;
@@ -31,6 +35,7 @@ export declare const SessionContextSchema: z.ZodObject<{
     sessionId: string;
     lastActivity: number;
     ttlMinutes: number;
+    agentDid?: string | undefined;
 }, {
     createdAt: number;
     nonce: string;
@@ -38,6 +43,7 @@ export declare const SessionContextSchema: z.ZodObject<{
     timestamp: number;
     sessionId: string;
     lastActivity: number;
+    agentDid?: string | undefined;
     ttlMinutes?: number | undefined;
 }>;
 export declare const NonceCacheEntrySchema: z.ZodObject<{

package/dist/handshake.js

@@ -9,6 +9,7 @@ exports.HandshakeRequestSchema = zod_1.z.object({
     nonce: zod_1.z.string().min(1),
     audience: zod_1.z.string().min(1),
     timestamp: zod_1.z.number().int().positive(),
+    agentDid: zod_1.z.string().startsWith("did:").optional(), // Agent DID for delegation verification
 });
 exports.SessionContextSchema = zod_1.z.object({
     sessionId: zod_1.z.string().min(1),
@@ -18,6 +19,7 @@ exports.SessionContextSchema = zod_1.z.object({
     createdAt: zod_1.z.number().int().positive(),
     lastActivity: zod_1.z.number().int().positive(),
     ttlMinutes: zod_1.z.number().int().positive().default(30),
+    agentDid: zod_1.z.string().optional(), // Agent DID for delegation verification
 });
 exports.NonceCacheEntrySchema = zod_1.z.object({
     sessionId: zod_1.z.string().min(1),

package/dist/index.d.ts

@@ -19,6 +19,8 @@ export * from "./registry.js";
 export * from "./cli.js";
 export * from "./test.js";
 export * from "./utils/validation.js";
+export * from "./vc/index.js";
+export * from "./delegation/index.js";
 export declare const CONTRACTS_VERSION = "1.2.1";
 export declare const SUPPORTED_XMCP_I_VERSION = "^1.0.0";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.js

@@ -37,6 +37,9 @@ __exportStar(require("./registry.js"), exports);
 __exportStar(require("./cli.js"), exports);
 __exportStar(require("./test.js"), exports);
 __exportStar(require("./utils/validation.js"), exports);
+// W3C VC and Delegation exports (for mcp-i-core compatibility)
+__exportStar(require("./vc/index.js"), exports);
+__exportStar(require("./delegation/index.js"), exports);
 // Version information
 exports.CONTRACTS_VERSION = "1.2.1";
 exports.SUPPORTED_XMCP_I_VERSION = "^1.0.0";

package/dist/proof.d.ts

@@ -1,6 +1,13 @@
 import { z } from "zod";
 /**
- * Detached proof and signature schemas
+ * Proof and signature schemas for MCP-I
+ *
+ * Note: The type name "DetachedProof" is maintained for backward compatibility,
+ * but the JWS format is actually FULL compact JWS (header.payload.signature),
+ * not detached format (header..signature).
+ *
+ * The JWS payload contains JWT standard claims (aud, sub, iss) plus custom
+ * proof claims (requestHash, responseHash, nonce, etc.).
  */
 export declare const ProofMetaSchema: z.ZodObject<{
     did: z.ZodString;

package/dist/proof.js

@@ -3,7 +3,14 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.AUDIT_VERSION = exports.HASH_ALGORITHM = exports.JWS_ALGORITHM = exports.AuditRecordSchema = exports.CanonicalHashesSchema = exports.DetachedProofSchema = exports.ProofMetaSchema = void 0;
 const zod_1 = require("zod");
 /**
- * Detached proof and signature schemas
+ * Proof and signature schemas for MCP-I
+ *
+ * Note: The type name "DetachedProof" is maintained for backward compatibility,
+ * but the JWS format is actually FULL compact JWS (header.payload.signature),
+ * not detached format (header..signature).
+ *
+ * The JWS payload contains JWT standard claims (aud, sub, iss) plus custom
+ * proof claims (requestHash, responseHash, nonce, etc.).
  */
 exports.ProofMetaSchema = zod_1.z.object({
     did: zod_1.z.string().min(1),
@@ -18,8 +25,8 @@ exports.ProofMetaSchema = zod_1.z.object({
     delegationRef: zod_1.z.string().optional(),
 });
 exports.DetachedProofSchema = zod_1.z.object({
-    jws: zod_1.z.string().min(1), // Compact JWS format
-    meta: exports.ProofMetaSchema,
+    jws: zod_1.z.string().min(1), // Full compact JWS format (header.payload.signature)
+    meta: exports.ProofMetaSchema, // Convenience metadata (duplicates signed payload data)
 });
 exports.CanonicalHashesSchema = zod_1.z.object({
     requestHash: zod_1.z.string().regex(/^sha256:[a-f0-9]{64}$/),

package/dist/registry.d.ts

@@ -57,12 +57,12 @@ export declare const ClaimTokenSchema: z.ZodObject<{
     expiresAt: z.ZodNumber;
     ttlHours: z.ZodDefault<z.ZodNumber>;
 }, "strip", z.ZodTypeAny, {
-    expiresAt: number;
     token: string;
+    expiresAt: number;
     ttlHours: number;
 }, {
-    expiresAt: number;
     token: string;
+    expiresAt: number;
     ttlHours?: number | undefined;
 }>;
 export declare const MirrorStatusSchema: z.ZodObject<{
@@ -83,7 +83,7 @@ export declare const MirrorStatusSchema: z.ZodObject<{
 }>;
 export declare const AgentStatusSchema: z.ZodObject<{
     did: z.ZodString;
-    keyId: z.ZodString;
+    kid: z.ZodString;
     ktaURL: z.ZodString;
     mirrorStatus: z.ZodObject<{
         status: z.ZodEnum<["pending", "success", "error"]>;
@@ -104,7 +104,7 @@ export declare const AgentStatusSchema: z.ZodObject<{
     lastHandshake: z.ZodOptional<z.ZodNumber>;
 }, "strip", z.ZodTypeAny, {
     did: string;
-    keyId: string;
+    kid: string;
     ktaURL: string;
     mirrorStatus: {
         status: "success" | "pending" | "error";
@@ -115,7 +115,7 @@ export declare const AgentStatusSchema: z.ZodObject<{
     lastHandshake?: number | undefined;
 }, {
     did: string;
-    keyId: string;
+    kid: string;
     ktaURL: string;
     mirrorStatus: {
         status: "success" | "pending" | "error";
@@ -161,13 +161,13 @@ export declare const DelegationRequestSchema: z.ZodObject<{
 }, "strip", z.ZodTypeAny, {
     subject: string;
     scopes: string[];
-    audience?: string | undefined;
     duration?: number | undefined;
+    audience?: string | undefined;
 }, {
     subject: string;
     scopes: string[];
-    audience?: string | undefined;
     duration?: number | undefined;
+    audience?: string | undefined;
 }>;
 /**
  * Storage mode configuration for verifiable credentials and delegations
@@ -182,24 +182,24 @@ export declare const ReceiptSchema: z.ZodObject<{
     ref: z.ZodString;
     contentHash: z.ZodString;
     action: z.ZodEnum<["issue", "revoke"]>;
-    ts: z.ZodNumber;
+    ts: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
     logIndex: z.ZodNumber;
     logRoot: z.ZodString;
     inclusionProof: z.ZodArray<z.ZodString, "many">;
 }, "strip", z.ZodTypeAny, {
-    ts: number;
     ref: string;
     contentHash: string;
     action: "issue" | "revoke";
+    ts: string | number;
     logIndex: number;
     logRoot: string;
     inclusionProof: string[];
     $schema?: "https://schemas.kya-os.ai/mcpi/receipt/v1.0.0.json" | undefined;
 }, {
-    ts: number;
     ref: string;
     contentHash: string;
     action: "issue" | "revoke";
+    ts: string | number;
     logIndex: number;
     logRoot: string;
     inclusionProof: string[];
@@ -236,24 +236,24 @@ export declare const DelegationResponseSchema: z.ZodObject<{
         ref: z.ZodString;
         contentHash: z.ZodString;
         action: z.ZodEnum<["issue", "revoke"]>;
-        ts: z.ZodNumber;
+        ts: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
         logIndex: z.ZodNumber;
         logRoot: z.ZodString;
         inclusionProof: z.ZodArray<z.ZodString, "many">;
     }, "strip", z.ZodTypeAny, {
-        ts: number;
         ref: string;
         contentHash: string;
         action: "issue" | "revoke";
+        ts: string | number;
         logIndex: number;
         logRoot: string;
         inclusionProof: string[];
         $schema?: "https://schemas.kya-os.ai/mcpi/receipt/v1.0.0.json" | undefined;
     }, {
-        ts: number;
         ref: string;
         contentHash: string;
         action: "issue" | "revoke";
+        ts: string | number;
         logIndex: number;
         logRoot: string;
         inclusionProof: string[];
@@ -271,10 +271,10 @@ export declare const DelegationResponseSchema: z.ZodObject<{
         aud?: string | undefined;
     };
     receipt: {
-        ts: number;
         ref: string;
         contentHash: string;
         action: "issue" | "revoke";
+        ts: string | number;
         logIndex: number;
         logRoot: string;
         inclusionProof: string[];
@@ -292,10 +292,10 @@ export declare const DelegationResponseSchema: z.ZodObject<{
         aud?: string | undefined;
     };
     receipt: {
-        ts: number;
         ref: string;
         contentHash: string;
         action: "issue" | "revoke";
+        ts: string | number;
         logIndex: number;
         logRoot: string;
         inclusionProof: string[];

package/dist/registry.js

@@ -40,7 +40,7 @@ exports.MirrorStatusSchema = zod_1.z.object({
 });
 exports.AgentStatusSchema = zod_1.z.object({
     did: zod_1.z.string().min(1),
-    keyId: zod_1.z.string().min(1),
+    kid: zod_1.z.string().min(1),
     ktaURL: zod_1.z.string().url(),
     mirrorStatus: exports.MirrorStatusSchema,
     lastHandshake: zod_1.z.number().int().positive().optional(),
@@ -82,7 +82,8 @@ exports.ReceiptSchema = zod_1.z.object({
     ref: zod_1.z.string().min(1),
     contentHash: zod_1.z.string().regex(/^sha256:[a-f0-9]{64}$/),
     action: zod_1.z.enum(["issue", "revoke"]),
-    ts: zod_1.z.number().int().positive(),
+    // Back-compat: accept ISO string (preferred) or legacy epoch number
+    ts: zod_1.z.union([zod_1.z.string().datetime(), zod_1.z.number().int().positive()]),
     logIndex: zod_1.z.number().int().nonnegative(),
     logRoot: zod_1.z.string().min(1),
     inclusionProof: zod_1.z.array(zod_1.z.string()),

package/dist/test.d.ts

@@ -30,25 +30,25 @@ export type TestEnvironment = z.infer<typeof TestEnvironmentSchema>;
  */
 export declare const MockIdentitySchema: z.ZodObject<{
     did: z.ZodString;
-    keyId: z.ZodString;
+    kid: z.ZodString;
     privateKey: z.ZodString;
     publicKey: z.ZodString;
     createdAt: z.ZodString;
-    lastRotated: z.ZodString;
+    lastRotated: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
     did: string;
-    keyId: string;
+    kid: string;
     privateKey: string;
     publicKey: string;
     createdAt: string;
-    lastRotated: string;
+    lastRotated?: string | undefined;
 }, {
     did: string;
-    keyId: string;
+    kid: string;
     privateKey: string;
     publicKey: string;
     createdAt: string;
-    lastRotated: string;
+    lastRotated?: string | undefined;
 }>;
 export type MockIdentity = z.infer<typeof MockIdentitySchema>;
 /**
@@ -67,25 +67,25 @@ export type MockKTAFailureType = z.infer<typeof MockKTAFailureTypeSchema>;
 export declare const MockIdentityProviderConfigSchema: z.ZodObject<{
     identities: z.ZodRecord<z.ZodString, z.ZodObject<{
         did: z.ZodString;
-        keyId: z.ZodString;
+        kid: z.ZodString;
         privateKey: z.ZodString;
         publicKey: z.ZodString;
         createdAt: z.ZodString;
-        lastRotated: z.ZodString;
+        lastRotated: z.ZodOptional<z.ZodString>;
     }, "strip", z.ZodTypeAny, {
         did: string;
-        keyId: string;
+        kid: string;
         privateKey: string;
         publicKey: string;
         createdAt: string;
-        lastRotated: string;
+        lastRotated?: string | undefined;
     }, {
         did: string;
-        keyId: string;
+        kid: string;
         privateKey: string;
         publicKey: string;
         createdAt: string;
-        lastRotated: string;
+        lastRotated?: string | undefined;
     }>>;
     delegations: z.ZodRecord<z.ZodString, z.ZodEnum<["active", "revoked", "pending"]>>;
     ktaFailures: z.ZodDefault<z.ZodArray<z.ZodEnum<["network", "auth", "invalid", "timeout"]>, "many">>;
@@ -93,11 +93,11 @@ export declare const MockIdentityProviderConfigSchema: z.ZodObject<{
 }, "strip", z.ZodTypeAny, {
     identities: Record<string, {
         did: string;
-        keyId: string;
+        kid: string;
         privateKey: string;
         publicKey: string;
         createdAt: string;
-        lastRotated: string;
+        lastRotated?: string | undefined;
     }>;
     delegations: Record<string, "pending" | "active" | "revoked">;
     ktaFailures: ("network" | "auth" | "invalid" | "timeout")[];
@@ -105,11 +105,11 @@ export declare const MockIdentityProviderConfigSchema: z.ZodObject<{
 }, {
     identities: Record<string, {
         did: string;
-        keyId: string;
+        kid: string;
         privateKey: string;
         publicKey: string;
         createdAt: string;
-        lastRotated: string;
+        lastRotated?: string | undefined;
     }>;
     delegations: Record<string, "pending" | "active" | "revoked">;
     ktaFailures?: ("network" | "auth" | "invalid" | "timeout")[] | undefined;
@@ -122,7 +122,7 @@ export type MockIdentityProviderConfig = z.infer<typeof MockIdentityProviderConf
 export declare const LocalVerificationResultSchema: z.ZodObject<{
     valid: z.ZodBoolean;
     did: z.ZodOptional<z.ZodString>;
-    keyId: z.ZodOptional<z.ZodString>;
+    kid: z.ZodOptional<z.ZodString>;
     signature: z.ZodObject<{
         valid: z.ZodBoolean;
         algorithm: z.ZodString;
@@ -192,7 +192,7 @@ export declare const LocalVerificationResultSchema: z.ZodObject<{
     };
     errors: string[];
     did?: string | undefined;
-    keyId?: string | undefined;
+    kid?: string | undefined;
 }, {
     valid: boolean;
     session: {
@@ -213,7 +213,7 @@ export declare const LocalVerificationResultSchema: z.ZodObject<{
         error?: string | undefined;
     };
     did?: string | undefined;
-    keyId?: string | undefined;
+    kid?: string | undefined;
     warnings?: string[] | undefined;
     errors?: string[] | undefined;
 }>;

package/dist/test.js

@@ -24,11 +24,11 @@ exports.TestEnvironmentSchema = zod_1.z.object({
  */
 exports.MockIdentitySchema = zod_1.z.object({
     did: zod_1.z.string(),
-    keyId: zod_1.z.string(),
-    privateKey: zod_1.z.string(),
-    publicKey: zod_1.z.string(),
+    kid: zod_1.z.string(),
+    privateKey: zod_1.z.string().regex(/^[A-Za-z0-9+/]{43}=$/, "Must be a valid base64-encoded Ed25519 private key (44 characters)"),
+    publicKey: zod_1.z.string().regex(/^[A-Za-z0-9+/]{43}=$/, "Must be a valid base64-encoded Ed25519 public key (44 characters)"),
     createdAt: zod_1.z.string(),
-    lastRotated: zod_1.z.string(),
+    lastRotated: zod_1.z.string().optional(),
 });
 /**
  * Mock delegation status for testing
@@ -62,7 +62,7 @@ exports.MockIdentityProviderConfigSchema = zod_1.z.object({
 exports.LocalVerificationResultSchema = zod_1.z.object({
     valid: zod_1.z.boolean(),
     did: zod_1.z.string().optional(),
-    keyId: zod_1.z.string().optional(),
+    kid: zod_1.z.string().optional(),
     signature: zod_1.z.object({
         valid: zod_1.z.boolean(),
         algorithm: zod_1.z.string(),

package/dist/utils/validation.d.ts

@@ -24,7 +24,7 @@ export declare function hasRequiredProperties(obj: any, properties: string[], co
  */
 export declare const StringValidators: {
     did: (value: string) => boolean;
-    keyId: (value: string) => boolean;
+    kid: (value: string) => boolean;
     url: (value: string) => boolean;
     projectName: (value: string) => boolean;
 };

package/dist/utils/validation.js

@@ -55,7 +55,7 @@ function hasRequiredProperties(obj, properties, context) {
  */
 exports.StringValidators = {
     did: (value) => /^did:[a-z0-9]+:[a-zA-Z0-9._-]+$/.test(value),
-    keyId: (value) => /^[a-zA-Z0-9._-]+$/.test(value),
+    kid: (value) => /^[a-zA-Z0-9._-]+$/.test(value),
     url: (value) => {
         try {
             new URL(value);