@kya-os/contracts 1.3.1-canary.0 → 1.3.1-canary.2

package/dist/proof.d.ts

@@ -159,4 +159,242 @@ export type AuditRecord = z.infer<typeof AuditRecordSchema>;
 export declare const JWS_ALGORITHM = "EdDSA";
 export declare const HASH_ALGORITHM = "sha256";
 export declare const AUDIT_VERSION = "audit.v1";
+/**
+ * Tool call context for AgentShield dashboard integration
+ * Provides plaintext tool execution data alongside cryptographic proofs
+ */
+export declare const ToolCallContextSchema: z.ZodObject<{
+    tool: z.ZodString;
+    args: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+    result: z.ZodOptional<z.ZodUnknown>;
+    scopeId: z.ZodString;
+    userId: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    scopeId: string;
+    tool: string;
+    args: Record<string, unknown>;
+    result?: unknown;
+    userId?: string | undefined;
+}, {
+    scopeId: string;
+    tool: string;
+    args: Record<string, unknown>;
+    result?: unknown;
+    userId?: string | undefined;
+}>;
+/**
+ * Proof submission context for AgentShield API
+ * Includes tool calls and optional MCP server URL for tool discovery
+ */
+export declare const ProofSubmissionContextSchema: z.ZodObject<{
+    toolCalls: z.ZodArray<z.ZodObject<{
+        tool: z.ZodString;
+        args: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+        result: z.ZodOptional<z.ZodUnknown>;
+        scopeId: z.ZodString;
+        userId: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        scopeId: string;
+        tool: string;
+        args: Record<string, unknown>;
+        result?: unknown;
+        userId?: string | undefined;
+    }, {
+        scopeId: string;
+        tool: string;
+        args: Record<string, unknown>;
+        result?: unknown;
+        userId?: string | undefined;
+    }>, "many">;
+    mcpServerUrl: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    toolCalls: {
+        scopeId: string;
+        tool: string;
+        args: Record<string, unknown>;
+        result?: unknown;
+        userId?: string | undefined;
+    }[];
+    mcpServerUrl?: string | undefined;
+}, {
+    toolCalls: {
+        scopeId: string;
+        tool: string;
+        args: Record<string, unknown>;
+        result?: unknown;
+        userId?: string | undefined;
+    }[];
+    mcpServerUrl?: string | undefined;
+}>;
+/**
+ * Complete proof submission request to AgentShield
+ */
+export declare const ProofSubmissionRequestSchema: z.ZodObject<{
+    session_id: z.ZodString;
+    delegation_id: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    proofs: z.ZodArray<z.ZodObject<{
+        jws: z.ZodString;
+        meta: z.ZodObject<{
+            did: z.ZodString;
+            kid: z.ZodString;
+            ts: z.ZodNumber;
+            nonce: z.ZodString;
+            audience: z.ZodString;
+            sessionId: z.ZodString;
+            requestHash: z.ZodString;
+            responseHash: z.ZodString;
+            scopeId: z.ZodOptional<z.ZodString>;
+            delegationRef: z.ZodOptional<z.ZodString>;
+        }, "strip", z.ZodTypeAny, {
+            did: string;
+            kid: string;
+            ts: number;
+            nonce: string;
+            audience: string;
+            sessionId: string;
+            requestHash: string;
+            responseHash: string;
+            scopeId?: string | undefined;
+            delegationRef?: string | undefined;
+        }, {
+            did: string;
+            kid: string;
+            ts: number;
+            nonce: string;
+            audience: string;
+            sessionId: string;
+            requestHash: string;
+            responseHash: string;
+            scopeId?: string | undefined;
+            delegationRef?: string | undefined;
+        }>;
+    }, "strip", z.ZodTypeAny, {
+        jws: string;
+        meta: {
+            did: string;
+            kid: string;
+            ts: number;
+            nonce: string;
+            audience: string;
+            sessionId: string;
+            requestHash: string;
+            responseHash: string;
+            scopeId?: string | undefined;
+            delegationRef?: string | undefined;
+        };
+    }, {
+        jws: string;
+        meta: {
+            did: string;
+            kid: string;
+            ts: number;
+            nonce: string;
+            audience: string;
+            sessionId: string;
+            requestHash: string;
+            responseHash: string;
+            scopeId?: string | undefined;
+            delegationRef?: string | undefined;
+        };
+    }>, "many">;
+    context: z.ZodOptional<z.ZodObject<{
+        toolCalls: z.ZodArray<z.ZodObject<{
+            tool: z.ZodString;
+            args: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+            result: z.ZodOptional<z.ZodUnknown>;
+            scopeId: z.ZodString;
+            userId: z.ZodOptional<z.ZodString>;
+        }, "strip", z.ZodTypeAny, {
+            scopeId: string;
+            tool: string;
+            args: Record<string, unknown>;
+            result?: unknown;
+            userId?: string | undefined;
+        }, {
+            scopeId: string;
+            tool: string;
+            args: Record<string, unknown>;
+            result?: unknown;
+            userId?: string | undefined;
+        }>, "many">;
+        mcpServerUrl: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        toolCalls: {
+            scopeId: string;
+            tool: string;
+            args: Record<string, unknown>;
+            result?: unknown;
+            userId?: string | undefined;
+        }[];
+        mcpServerUrl?: string | undefined;
+    }, {
+        toolCalls: {
+            scopeId: string;
+            tool: string;
+            args: Record<string, unknown>;
+            result?: unknown;
+            userId?: string | undefined;
+        }[];
+        mcpServerUrl?: string | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    session_id: string;
+    proofs: {
+        jws: string;
+        meta: {
+            did: string;
+            kid: string;
+            ts: number;
+            nonce: string;
+            audience: string;
+            sessionId: string;
+            requestHash: string;
+            responseHash: string;
+            scopeId?: string | undefined;
+            delegationRef?: string | undefined;
+        };
+    }[];
+    delegation_id?: string | null | undefined;
+    context?: {
+        toolCalls: {
+            scopeId: string;
+            tool: string;
+            args: Record<string, unknown>;
+            result?: unknown;
+            userId?: string | undefined;
+        }[];
+        mcpServerUrl?: string | undefined;
+    } | undefined;
+}, {
+    session_id: string;
+    proofs: {
+        jws: string;
+        meta: {
+            did: string;
+            kid: string;
+            ts: number;
+            nonce: string;
+            audience: string;
+            sessionId: string;
+            requestHash: string;
+            responseHash: string;
+            scopeId?: string | undefined;
+            delegationRef?: string | undefined;
+        };
+    }[];
+    delegation_id?: string | null | undefined;
+    context?: {
+        toolCalls: {
+            scopeId: string;
+            tool: string;
+            args: Record<string, unknown>;
+            result?: unknown;
+            userId?: string | undefined;
+        }[];
+        mcpServerUrl?: string | undefined;
+    } | undefined;
+}>;
+export type ToolCallContext = z.infer<typeof ToolCallContextSchema>;
+export type ProofSubmissionContext = z.infer<typeof ProofSubmissionContextSchema>;
+export type ProofSubmissionRequest = z.infer<typeof ProofSubmissionRequestSchema>;
 //# sourceMappingURL=proof.d.ts.map

package/dist/proof.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AUDIT_VERSION = exports.HASH_ALGORITHM = exports.JWS_ALGORITHM = exports.AuditRecordSchema = exports.CanonicalHashesSchema = exports.DetachedProofSchema = exports.ProofMetaSchema = void 0;
+exports.ProofSubmissionRequestSchema = exports.ProofSubmissionContextSchema = exports.ToolCallContextSchema = exports.AUDIT_VERSION = exports.HASH_ALGORITHM = exports.JWS_ALGORITHM = exports.AuditRecordSchema = exports.CanonicalHashesSchema = exports.DetachedProofSchema = exports.ProofMetaSchema = void 0;
 const zod_1 = require("zod");
 /**
  * Proof and signature schemas for MCP-I
@@ -48,4 +48,35 @@ exports.AuditRecordSchema = zod_1.z.object({
 exports.JWS_ALGORITHM = "EdDSA";
 exports.HASH_ALGORITHM = "sha256";
 exports.AUDIT_VERSION = "audit.v1";
+/**
+ * Tool call context for AgentShield dashboard integration
+ * Provides plaintext tool execution data alongside cryptographic proofs
+ */
+exports.ToolCallContextSchema = zod_1.z.object({
+    tool: zod_1.z.string().min(1),
+    args: zod_1.z.record(zod_1.z.unknown()),
+    result: zod_1.z.unknown().optional(),
+    scopeId: zod_1.z.string(),
+    userId: zod_1.z.string().optional(),
+});
+/**
+ * Proof submission context for AgentShield API
+ * Includes tool calls and optional MCP server URL for tool discovery
+ */
+exports.ProofSubmissionContextSchema = zod_1.z.object({
+    toolCalls: zod_1.z.array(exports.ToolCallContextSchema),
+    mcpServerUrl: zod_1.z.string().url().optional(),
+});
+/**
+ * Complete proof submission request to AgentShield
+ */
+exports.ProofSubmissionRequestSchema = zod_1.z.object({
+    session_id: zod_1.z.string().min(1),
+    delegation_id: zod_1.z.string().nullable().optional(),
+    proofs: zod_1.z.array(zod_1.z.object({
+        jws: zod_1.z.string().min(1),
+        meta: exports.ProofMetaSchema,
+    })),
+    context: exports.ProofSubmissionContextSchema.optional(),
+});
 //# sourceMappingURL=proof.js.map

package/dist/registry.d.ts

@@ -57,12 +57,12 @@ export declare const ClaimTokenSchema: z.ZodObject<{
     expiresAt: z.ZodNumber;
     ttlHours: z.ZodDefault<z.ZodNumber>;
 }, "strip", z.ZodTypeAny, {
-    expiresAt: number;
     token: string;
+    expiresAt: number;
     ttlHours: number;
 }, {
-    expiresAt: number;
     token: string;
+    expiresAt: number;
     ttlHours?: number | undefined;
 }>;
 export declare const MirrorStatusSchema: z.ZodObject<{
@@ -83,7 +83,7 @@ export declare const MirrorStatusSchema: z.ZodObject<{
 }>;
 export declare const AgentStatusSchema: z.ZodObject<{
     did: z.ZodString;
-    keyId: z.ZodString;
+    kid: z.ZodString;
     ktaURL: z.ZodString;
     mirrorStatus: z.ZodObject<{
         status: z.ZodEnum<["pending", "success", "error"]>;
@@ -104,7 +104,7 @@ export declare const AgentStatusSchema: z.ZodObject<{
     lastHandshake: z.ZodOptional<z.ZodNumber>;
 }, "strip", z.ZodTypeAny, {
     did: string;
-    keyId: string;
+    kid: string;
     ktaURL: string;
     mirrorStatus: {
         status: "success" | "pending" | "error";
@@ -115,7 +115,7 @@ export declare const AgentStatusSchema: z.ZodObject<{
     lastHandshake?: number | undefined;
 }, {
     did: string;
-    keyId: string;
+    kid: string;
     ktaURL: string;
     mirrorStatus: {
         status: "success" | "pending" | "error";
@@ -161,13 +161,13 @@ export declare const DelegationRequestSchema: z.ZodObject<{
 }, "strip", z.ZodTypeAny, {
     subject: string;
     scopes: string[];
-    audience?: string | undefined;
     duration?: number | undefined;
+    audience?: string | undefined;
 }, {
     subject: string;
     scopes: string[];
-    audience?: string | undefined;
     duration?: number | undefined;
+    audience?: string | undefined;
 }>;
 /**
  * Storage mode configuration for verifiable credentials and delegations
@@ -182,24 +182,24 @@ export declare const ReceiptSchema: z.ZodObject<{
     ref: z.ZodString;
     contentHash: z.ZodString;
     action: z.ZodEnum<["issue", "revoke"]>;
-    ts: z.ZodNumber;
+    ts: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
     logIndex: z.ZodNumber;
     logRoot: z.ZodString;
     inclusionProof: z.ZodArray<z.ZodString, "many">;
 }, "strip", z.ZodTypeAny, {
-    ts: number;
     ref: string;
     contentHash: string;
     action: "issue" | "revoke";
+    ts: string | number;
     logIndex: number;
     logRoot: string;
     inclusionProof: string[];
     $schema?: "https://schemas.kya-os.ai/mcpi/receipt/v1.0.0.json" | undefined;
 }, {
-    ts: number;
     ref: string;
     contentHash: string;
     action: "issue" | "revoke";
+    ts: string | number;
     logIndex: number;
     logRoot: string;
     inclusionProof: string[];
@@ -236,24 +236,24 @@ export declare const DelegationResponseSchema: z.ZodObject<{
         ref: z.ZodString;
         contentHash: z.ZodString;
         action: z.ZodEnum<["issue", "revoke"]>;
-        ts: z.ZodNumber;
+        ts: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
         logIndex: z.ZodNumber;
         logRoot: z.ZodString;
         inclusionProof: z.ZodArray<z.ZodString, "many">;
     }, "strip", z.ZodTypeAny, {
-        ts: number;
         ref: string;
         contentHash: string;
         action: "issue" | "revoke";
+        ts: string | number;
         logIndex: number;
         logRoot: string;
         inclusionProof: string[];
         $schema?: "https://schemas.kya-os.ai/mcpi/receipt/v1.0.0.json" | undefined;
     }, {
-        ts: number;
         ref: string;
         contentHash: string;
         action: "issue" | "revoke";
+        ts: string | number;
         logIndex: number;
         logRoot: string;
         inclusionProof: string[];
@@ -271,10 +271,10 @@ export declare const DelegationResponseSchema: z.ZodObject<{
         aud?: string | undefined;
     };
     receipt: {
-        ts: number;
         ref: string;
         contentHash: string;
         action: "issue" | "revoke";
+        ts: string | number;
         logIndex: number;
         logRoot: string;
         inclusionProof: string[];
@@ -292,10 +292,10 @@ export declare const DelegationResponseSchema: z.ZodObject<{
         aud?: string | undefined;
     };
     receipt: {
-        ts: number;
         ref: string;
         contentHash: string;
         action: "issue" | "revoke";
+        ts: string | number;
         logIndex: number;
         logRoot: string;
         inclusionProof: string[];

package/dist/registry.js

@@ -40,7 +40,7 @@ exports.MirrorStatusSchema = zod_1.z.object({
 });
 exports.AgentStatusSchema = zod_1.z.object({
     did: zod_1.z.string().min(1),
-    keyId: zod_1.z.string().min(1),
+    kid: zod_1.z.string().min(1),
     ktaURL: zod_1.z.string().url(),
     mirrorStatus: exports.MirrorStatusSchema,
     lastHandshake: zod_1.z.number().int().positive().optional(),
@@ -82,7 +82,8 @@ exports.ReceiptSchema = zod_1.z.object({
     ref: zod_1.z.string().min(1),
     contentHash: zod_1.z.string().regex(/^sha256:[a-f0-9]{64}$/),
     action: zod_1.z.enum(["issue", "revoke"]),
-    ts: zod_1.z.number().int().positive(),
+    // Back-compat: accept ISO string (preferred) or legacy epoch number
+    ts: zod_1.z.union([zod_1.z.string().datetime(), zod_1.z.number().int().positive()]),
     logIndex: zod_1.z.number().int().nonnegative(),
     logRoot: zod_1.z.string().min(1),
     inclusionProof: zod_1.z.array(zod_1.z.string()),

package/dist/test.d.ts

@@ -30,25 +30,25 @@ export type TestEnvironment = z.infer<typeof TestEnvironmentSchema>;
  */
 export declare const MockIdentitySchema: z.ZodObject<{
     did: z.ZodString;
-    keyId: z.ZodString;
+    kid: z.ZodString;
     privateKey: z.ZodString;
     publicKey: z.ZodString;
     createdAt: z.ZodString;
-    lastRotated: z.ZodString;
+    lastRotated: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
     did: string;
-    keyId: string;
+    kid: string;
     privateKey: string;
     publicKey: string;
     createdAt: string;
-    lastRotated: string;
+    lastRotated?: string | undefined;
 }, {
     did: string;
-    keyId: string;
+    kid: string;
     privateKey: string;
     publicKey: string;
     createdAt: string;
-    lastRotated: string;
+    lastRotated?: string | undefined;
 }>;
 export type MockIdentity = z.infer<typeof MockIdentitySchema>;
 /**
@@ -67,25 +67,25 @@ export type MockKTAFailureType = z.infer<typeof MockKTAFailureTypeSchema>;
 export declare const MockIdentityProviderConfigSchema: z.ZodObject<{
     identities: z.ZodRecord<z.ZodString, z.ZodObject<{
         did: z.ZodString;
-        keyId: z.ZodString;
+        kid: z.ZodString;
         privateKey: z.ZodString;
         publicKey: z.ZodString;
         createdAt: z.ZodString;
-        lastRotated: z.ZodString;
+        lastRotated: z.ZodOptional<z.ZodString>;
     }, "strip", z.ZodTypeAny, {
         did: string;
-        keyId: string;
+        kid: string;
         privateKey: string;
         publicKey: string;
         createdAt: string;
-        lastRotated: string;
+        lastRotated?: string | undefined;
     }, {
         did: string;
-        keyId: string;
+        kid: string;
         privateKey: string;
         publicKey: string;
         createdAt: string;
-        lastRotated: string;
+        lastRotated?: string | undefined;
     }>>;
     delegations: z.ZodRecord<z.ZodString, z.ZodEnum<["active", "revoked", "pending"]>>;
     ktaFailures: z.ZodDefault<z.ZodArray<z.ZodEnum<["network", "auth", "invalid", "timeout"]>, "many">>;
@@ -93,11 +93,11 @@ export declare const MockIdentityProviderConfigSchema: z.ZodObject<{
 }, "strip", z.ZodTypeAny, {
     identities: Record<string, {
         did: string;
-        keyId: string;
+        kid: string;
         privateKey: string;
         publicKey: string;
         createdAt: string;
-        lastRotated: string;
+        lastRotated?: string | undefined;
     }>;
     delegations: Record<string, "pending" | "active" | "revoked">;
     ktaFailures: ("network" | "auth" | "invalid" | "timeout")[];
@@ -105,11 +105,11 @@ export declare const MockIdentityProviderConfigSchema: z.ZodObject<{
 }, {
     identities: Record<string, {
         did: string;
-        keyId: string;
+        kid: string;
         privateKey: string;
         publicKey: string;
         createdAt: string;
-        lastRotated: string;
+        lastRotated?: string | undefined;
     }>;
     delegations: Record<string, "pending" | "active" | "revoked">;
     ktaFailures?: ("network" | "auth" | "invalid" | "timeout")[] | undefined;
@@ -122,7 +122,7 @@ export type MockIdentityProviderConfig = z.infer<typeof MockIdentityProviderConf
 export declare const LocalVerificationResultSchema: z.ZodObject<{
     valid: z.ZodBoolean;
     did: z.ZodOptional<z.ZodString>;
-    keyId: z.ZodOptional<z.ZodString>;
+    kid: z.ZodOptional<z.ZodString>;
     signature: z.ZodObject<{
         valid: z.ZodBoolean;
         algorithm: z.ZodString;
@@ -192,7 +192,7 @@ export declare const LocalVerificationResultSchema: z.ZodObject<{
     };
     errors: string[];
     did?: string | undefined;
-    keyId?: string | undefined;
+    kid?: string | undefined;
 }, {
     valid: boolean;
     session: {
@@ -213,7 +213,7 @@ export declare const LocalVerificationResultSchema: z.ZodObject<{
         error?: string | undefined;
     };
     did?: string | undefined;
-    keyId?: string | undefined;
+    kid?: string | undefined;
     warnings?: string[] | undefined;
     errors?: string[] | undefined;
 }>;

package/dist/test.js

@@ -24,11 +24,11 @@ exports.TestEnvironmentSchema = zod_1.z.object({
  */
 exports.MockIdentitySchema = zod_1.z.object({
     did: zod_1.z.string(),
-    keyId: zod_1.z.string(),
-    privateKey: zod_1.z.string(),
-    publicKey: zod_1.z.string(),
+    kid: zod_1.z.string(),
+    privateKey: zod_1.z.string().regex(/^[A-Za-z0-9+/]{43}=$/, "Must be a valid base64-encoded Ed25519 private key (44 characters)"),
+    publicKey: zod_1.z.string().regex(/^[A-Za-z0-9+/]{43}=$/, "Must be a valid base64-encoded Ed25519 public key (44 characters)"),
     createdAt: zod_1.z.string(),
-    lastRotated: zod_1.z.string(),
+    lastRotated: zod_1.z.string().optional(),
 });
 /**
  * Mock delegation status for testing
@@ -62,7 +62,7 @@ exports.MockIdentityProviderConfigSchema = zod_1.z.object({
 exports.LocalVerificationResultSchema = zod_1.z.object({
     valid: zod_1.z.boolean(),
     did: zod_1.z.string().optional(),
-    keyId: zod_1.z.string().optional(),
+    kid: zod_1.z.string().optional(),
     signature: zod_1.z.object({
         valid: zod_1.z.boolean(),
         algorithm: zod_1.z.string(),

package/dist/utils/validation.d.ts

@@ -24,7 +24,7 @@ export declare function hasRequiredProperties(obj: any, properties: string[], co
  */
 export declare const StringValidators: {
     did: (value: string) => boolean;
-    keyId: (value: string) => boolean;
+    kid: (value: string) => boolean;
     url: (value: string) => boolean;
     projectName: (value: string) => boolean;
 };

package/dist/utils/validation.js

@@ -55,7 +55,7 @@ function hasRequiredProperties(obj, properties, context) {
  */
 exports.StringValidators = {
     did: (value) => /^did:[a-z0-9]+:[a-zA-Z0-9._-]+$/.test(value),
-    keyId: (value) => /^[a-zA-Z0-9._-]+$/.test(value),
+    kid: (value) => /^[a-zA-Z0-9._-]+$/.test(value),
     url: (value) => {
         try {
             new URL(value);