@kya-os/contracts 1.5.2-canary.4 → 1.5.2-canary.5

package/dist/dashboard-config/schemas.js

@@ -0,0 +1,254 @@
+"use strict";
+/**
+ * Dashboard Configuration Zod Schemas
+ *
+ * Runtime validation schemas for dashboard configuration types.
+ * Used for validating API requests and responses.
+ *
+ * @package @kya-os/contracts/dashboard-config
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateServerConfigResponseSchema = exports.validateServerConfigRequestSchema = exports.updateServerConfigResponseSchema = exports.updateServerConfigRequestSchema = exports.getServerConfigResponseSchema = exports.getServerConfigRequestSchema = exports.mcpIServerConfigSchema = exports.configMetadataSchema = exports.platformConfigSchema = exports.vercelPlatformConfigSchema = exports.nodePlatformConfigSchema = exports.cloudflarePlatformConfigSchema = exports.sessionConfigSchema = exports.auditConfigSchema = exports.toolProtectionConfigSchema = exports.delegationConfigSchema = exports.proofingConfigSchema = exports.identityConfigSchema = void 0;
+const zod_1 = require("zod");
+const index_js_1 = require("../tool-protection/index.js");
+/**
+ * Identity configuration schema
+ */
+exports.identityConfigSchema = zod_1.z.object({
+    /**
+     * @deprecated Use serverDid instead. Will be removed in v2.0
+     */
+    agentDid: zod_1.z.string().min(1).optional(),
+    serverDid: zod_1.z.string().min(1),
+    environment: zod_1.z.enum(['development', 'production']),
+    storageLocation: zod_1.z.enum(['cloudflare-kv', 'file-system', 'env-vars']),
+});
+/**
+ * Proofing configuration schema
+ */
+exports.proofingConfigSchema = zod_1.z.object({
+    enabled: zod_1.z.boolean(),
+    destinations: zod_1.z.array(zod_1.z.object({
+        type: zod_1.z.enum(['agentshield', 'kta', 'custom']),
+        apiUrl: zod_1.z.string().url(),
+        apiKey: zod_1.z.string().optional(),
+    })),
+    batchQueue: zod_1.z.object({
+        maxBatchSize: zod_1.z.number().int().positive().default(10),
+        flushIntervalMs: zod_1.z.number().int().positive().default(5000),
+        maxRetries: zod_1.z.number().int().nonnegative().default(3),
+    }),
+});
+/**
+ * Delegation verifier type schema
+ */
+const delegationVerifierTypeSchema = zod_1.z.enum([
+    'agentshield',
+    'kta',
+    'memory',
+    'cloudflare-kv',
+    'redis',
+    'dynamodb',
+    'custom',
+]);
+/**
+ * Delegation configuration schema
+ */
+exports.delegationConfigSchema = zod_1.z.object({
+    enabled: zod_1.z.boolean(),
+    enforceStrictly: zod_1.z.boolean(),
+    verifier: zod_1.z.object({
+        type: delegationVerifierTypeSchema,
+        apiUrl: zod_1.z.string().url().optional(),
+        cacheTtl: zod_1.z.number().int().positive().optional(),
+    }),
+    authorization: zod_1.z.object({
+        authorizationUrl: zod_1.z.string().url().optional(),
+        minReputationScore: zod_1.z.number().int().min(0).max(100).optional(),
+        resumeTokenTtl: zod_1.z.number().int().positive().optional(),
+        requireAuthForUnknown: zod_1.z.boolean().optional(),
+    }),
+});
+/**
+ * Tool protection configuration schema
+ */
+exports.toolProtectionConfigSchema = zod_1.z.object({
+    source: zod_1.z.enum(['agentshield', 'inline', 'file']),
+    agentShield: zod_1.z.object({
+        apiUrl: zod_1.z.string().url(),
+        cacheTtl: zod_1.z.number().int().positive(),
+    }).optional(),
+    fallback: index_js_1.ToolProtectionMapSchema.optional(),
+});
+/**
+ * Audit configuration schema
+ */
+exports.auditConfigSchema = zod_1.z.object({
+    enabled: zod_1.z.boolean(),
+    includeProofHashes: zod_1.z.boolean(),
+    includePayloads: zod_1.z.boolean(),
+});
+/**
+ * Session configuration schema
+ */
+exports.sessionConfigSchema = zod_1.z.object({
+    timestampSkewSeconds: zod_1.z.number().int().positive().default(120),
+    ttlMinutes: zod_1.z.number().int().positive().default(30),
+    absoluteLifetime: zod_1.z.number().int().positive().optional(),
+});
+/**
+ * Cloudflare platform configuration schema
+ */
+exports.cloudflarePlatformConfigSchema = zod_1.z.object({
+    workers: zod_1.z.object({
+        cpuMs: zod_1.z.number().int().positive().default(50),
+        memoryMb: zod_1.z.number().int().positive().default(128),
+    }),
+    kvNamespaces: zod_1.z.array(zod_1.z.object({
+        name: zod_1.z.string().min(1),
+        purpose: zod_1.z.enum(['sessions', 'delegations', 'cache', 'general']),
+    })),
+    environmentVariables: zod_1.z.array(zod_1.z.object({
+        name: zod_1.z.string().min(1),
+        value: zod_1.z.string(),
+        source: zod_1.z.enum(['wrangler.toml', 'secrets', '.dev.vars']),
+    })),
+});
+/**
+ * Node.js platform configuration schema
+ */
+exports.nodePlatformConfigSchema = zod_1.z.object({
+    server: zod_1.z.object({
+        port: zod_1.z.number().int().positive().default(3000),
+        host: zod_1.z.string().default('0.0.0.0'),
+        cors: zod_1.z.boolean().default(true),
+        timeout: zod_1.z.number().int().positive().default(30000),
+    }),
+    storage: zod_1.z.object({
+        type: zod_1.z.enum(['memory', 'redis', 'postgres', 'mongodb']),
+        connection: zod_1.z.object({
+            host: zod_1.z.string().optional(),
+            port: zod_1.z.number().int().positive().optional(),
+            database: zod_1.z.string().optional(),
+        }).optional(),
+    }),
+});
+/**
+ * Vercel platform configuration schema
+ */
+exports.vercelPlatformConfigSchema = zod_1.z.object({
+    environmentVariables: zod_1.z.array(zod_1.z.object({
+        name: zod_1.z.string().min(1),
+        value: zod_1.z.string(),
+        source: zod_1.z.enum(['vercel-dashboard', '.env.local']),
+    })),
+    edgeRuntime: zod_1.z.object({
+        maxDuration: zod_1.z.number().int().positive().optional(),
+        regions: zod_1.z.array(zod_1.z.string()).optional(),
+    }).optional(),
+});
+/**
+ * Platform configuration schema
+ */
+exports.platformConfigSchema = zod_1.z.object({
+    type: zod_1.z.enum(['cloudflare', 'node', 'vercel']),
+    cloudflare: exports.cloudflarePlatformConfigSchema.optional(),
+    node: exports.nodePlatformConfigSchema.optional(),
+    vercel: exports.vercelPlatformConfigSchema.optional(),
+});
+/**
+ * Metadata schema
+ */
+exports.configMetadataSchema = zod_1.z.object({
+    version: zod_1.z.string(),
+    lastUpdated: zod_1.z.string(),
+    source: zod_1.z.enum(['dashboard', 'code', 'mixed']),
+    serverUrl: zod_1.z.string().url().optional(),
+    deploymentStatus: zod_1.z.enum(['active', 'inactive', 'error']).optional(),
+});
+/**
+ * Complete MCP-I Server Configuration schema
+ */
+exports.mcpIServerConfigSchema = zod_1.z.object({
+    identity: exports.identityConfigSchema,
+    proofing: exports.proofingConfigSchema,
+    delegation: exports.delegationConfigSchema,
+    toolProtection: exports.toolProtectionConfigSchema,
+    audit: exports.auditConfigSchema,
+    session: exports.sessionConfigSchema,
+    platform: exports.platformConfigSchema,
+    metadata: exports.configMetadataSchema,
+});
+/**
+ * Get server config request schema
+ */
+exports.getServerConfigRequestSchema = zod_1.z.object({
+    projectId: zod_1.z.string().min(1),
+});
+/**
+ * Get server config response schema
+ */
+exports.getServerConfigResponseSchema = zod_1.z.object({
+    success: zod_1.z.boolean(),
+    data: zod_1.z.object({
+        config: exports.mcpIServerConfigSchema,
+    }),
+    metadata: zod_1.z.object({
+        requestId: zod_1.z.string().optional(),
+        timestamp: zod_1.z.string().optional(),
+    }).optional(),
+});
+/**
+ * Update server config request schema
+ */
+exports.updateServerConfigRequestSchema = zod_1.z.object({
+    projectId: zod_1.z.string().min(1),
+    config: exports.mcpIServerConfigSchema.partial(),
+});
+/**
+ * Update server config response schema
+ */
+exports.updateServerConfigResponseSchema = zod_1.z.object({
+    success: zod_1.z.boolean(),
+    data: zod_1.z.object({
+        config: exports.mcpIServerConfigSchema,
+        changes: zod_1.z.array(zod_1.z.object({
+            path: zod_1.z.string(),
+            oldValue: zod_1.z.unknown(),
+            newValue: zod_1.z.unknown(),
+        })),
+    }),
+    metadata: zod_1.z.object({
+        requestId: zod_1.z.string().optional(),
+        timestamp: zod_1.z.string().optional(),
+    }).optional(),
+});
+/**
+ * Validate server config request schema
+ */
+exports.validateServerConfigRequestSchema = zod_1.z.object({
+    projectId: zod_1.z.string().min(1),
+    config: exports.mcpIServerConfigSchema.partial(),
+});
+/**
+ * Validate server config response schema
+ */
+exports.validateServerConfigResponseSchema = zod_1.z.object({
+    success: zod_1.z.boolean(),
+    data: zod_1.z.object({
+        valid: zod_1.z.boolean(),
+        errors: zod_1.z.array(zod_1.z.object({
+            path: zod_1.z.string(),
+            message: zod_1.z.string(),
+            code: zod_1.z.string(),
+        })).optional(),
+        warnings: zod_1.z.array(zod_1.z.object({
+            path: zod_1.z.string(),
+            message: zod_1.z.string(),
+        })).optional(),
+    }),
+    metadata: zod_1.z.object({
+        requestId: zod_1.z.string().optional(),
+        timestamp: zod_1.z.string().optional(),
+    }).optional(),
+});

package/dist/dashboard-config/types.d.ts

@@ -0,0 +1,337 @@
+/**
+ * Dashboard Configuration Types
+ *
+ * Type definitions for AgentShield dashboard server configuration management API.
+ * These types ensure parity between xmcp-i and AgentShield dashboard implementations.
+ *
+ * @package @kya-os/contracts/dashboard-config
+ */
+import type { ToolProtectionMap } from '../tool-protection/index.js';
+import type { DelegationVerifierType } from '../config/delegation.js';
+/**
+ * MCP-I Server Configuration (Dashboard View Model)
+ *
+ * This is a flattened, UI-friendly representation of server configuration
+ * used by the AgentShield dashboard for configuration management.
+ *
+ * This type differs from MCPIConfig in that it:
+ * - Includes platform-specific details
+ * - Includes read-only metadata
+ * - Flattens nested structures for easier UI rendering
+ * - Includes deployment status information
+ */
+export interface MCPIServerConfig {
+    identity: {
+        /**
+         * MCP-I Server DID (public identifier)
+         * Identifies this server instance
+         * @deprecated Use serverDid instead. Will be removed in v2.0
+         */
+        agentDid?: string;
+        /**
+         * MCP-I Server DID (public identifier)
+         * Identifies this server instance
+         * Read-only, displayed for reference
+         */
+        serverDid: string;
+        /**
+         * Environment mode
+         * Controls identity source: 'development' | 'production'
+         */
+        environment: 'development' | 'production';
+        /**
+         * Identity storage location (read-only)
+         * Shows where identity is stored based on platform
+         */
+        storageLocation: 'cloudflare-kv' | 'file-system' | 'env-vars';
+    };
+    proofing: {
+        /**
+         * Enable proof submission
+         */
+        enabled: boolean;
+        /**
+         * Proof destinations
+         * Where proofs are sent (AgentShield, KTA, etc.)
+         */
+        destinations: Array<{
+            type: 'agentshield' | 'kta' | 'custom';
+            apiUrl: string;
+            apiKey?: string;
+        }>;
+        /**
+         * Batch queue settings
+         */
+        batchQueue: {
+            maxBatchSize: number;
+            flushIntervalMs: number;
+            maxRetries: number;
+        };
+    };
+    delegation: {
+        /**
+         * Enable delegation enforcement
+         */
+        enabled: boolean;
+        /**
+         * Strict enforcement mode
+         * When true, blocks tools without delegation
+         * When false, logs warnings but allows execution
+         */
+        enforceStrictly: boolean;
+        /**
+         * Delegation verifier settings
+         */
+        verifier: {
+            type: DelegationVerifierType;
+            apiUrl?: string;
+            cacheTtl?: number;
+        };
+        /**
+         * Authorization flow settings
+         */
+        authorization: {
+            authorizationUrl?: string;
+            minReputationScore?: number;
+            resumeTokenTtl?: number;
+            requireAuthForUnknown?: boolean;
+        };
+    };
+    toolProtection: {
+        /**
+         * Source of tool protection config
+         * 'agentshield' = Fetched from AgentShield API (dashboard-controlled)
+         * 'inline' = Defined in code/config file
+         * 'file' = Loaded from external file
+         */
+        source: 'agentshield' | 'inline' | 'file';
+        /**
+         * AgentShield API settings (if source is 'agentshield')
+         */
+        agentShield?: {
+            apiUrl: string;
+            cacheTtl: number;
+        };
+        /**
+         * Fallback configuration
+         * Used when API is unavailable
+         * Displayed as read-only (managed via /tools page)
+         */
+        fallback?: ToolProtectionMap;
+    };
+    audit: {
+        /**
+         * Enable audit logging
+         */
+        enabled: boolean;
+        /**
+         * Include proof hashes in logs
+         */
+        includeProofHashes: boolean;
+        /**
+         * Include full payloads in logs
+         * WARNING: May include sensitive data
+         */
+        includePayloads: boolean;
+    };
+    session: {
+        /**
+         * Maximum time skew allowed (seconds)
+         * Default: 120
+         */
+        timestampSkewSeconds: number;
+        /**
+         * Session TTL (minutes)
+         * Default: 30
+         */
+        ttlMinutes: number;
+        /**
+         * Absolute session lifetime (minutes)
+         * Optional, max lifetime regardless of activity
+         */
+        absoluteLifetime?: number;
+    };
+    platform: {
+        /**
+         * Platform type
+         */
+        type: 'cloudflare' | 'node' | 'vercel';
+        /**
+         * Cloudflare-specific settings
+         */
+        cloudflare?: {
+            /**
+             * Workers runtime settings
+             */
+            workers: {
+                cpuMs: number;
+                memoryMb: number;
+            };
+            /**
+             * KV namespace bindings (read-only)
+             * Shows which KV namespaces are configured
+             */
+            kvNamespaces: Array<{
+                name: string;
+                purpose: 'sessions' | 'delegations' | 'cache' | 'general';
+            }>;
+            /**
+             * Environment variables (masked)
+             */
+            environmentVariables: Array<{
+                name: string;
+                value: string;
+                source: 'wrangler.toml' | 'secrets' | '.dev.vars';
+            }>;
+        };
+        /**
+         * Node.js-specific settings
+         */
+        node?: {
+            /**
+             * Server configuration
+             */
+            server: {
+                port: number;
+                host: string;
+                cors: boolean;
+                timeout: number;
+            };
+            /**
+             * Storage configuration
+             */
+            storage: {
+                type: 'memory' | 'redis' | 'postgres' | 'mongodb';
+                connection?: {
+                    host?: string;
+                    port?: number;
+                    database?: string;
+                };
+            };
+        };
+        /**
+         * Vercel-specific settings
+         */
+        vercel?: {
+            /**
+             * Environment variables (masked)
+             */
+            environmentVariables: Array<{
+                name: string;
+                value: string;
+                source: 'vercel-dashboard' | '.env.local';
+            }>;
+            /**
+             * Edge runtime configuration
+             */
+            edgeRuntime?: {
+                maxDuration?: number;
+                regions?: string[];
+            };
+        };
+    };
+    metadata: {
+        /**
+         * Configuration version
+         */
+        version: string;
+        /**
+         * Last updated timestamp
+         */
+        lastUpdated: string;
+        /**
+         * Configuration source
+         * 'dashboard' = Managed via AgentShield dashboard
+         * 'code' = Defined in code (mcpi-runtime-config.ts)
+         * 'mixed' = Partially managed via dashboard
+         */
+        source: 'dashboard' | 'code' | 'mixed';
+        /**
+         * Server deployment URL
+         */
+        serverUrl?: string;
+        /**
+         * Server deployment status
+         */
+        deploymentStatus?: 'active' | 'inactive' | 'error';
+    };
+}
+/**
+ * API Request/Response types for dashboard config endpoints
+ */
+/**
+ * Request to get server configuration
+ * GET /api/v1/bouncer/projects/{projectId}/config
+ */
+export interface GetServerConfigRequest {
+    projectId: string;
+}
+/**
+ * Response from get server configuration endpoint
+ */
+export interface GetServerConfigResponse {
+    success: boolean;
+    data: {
+        config: MCPIServerConfig;
+    };
+    metadata?: {
+        requestId?: string;
+        timestamp?: string;
+    };
+}
+/**
+ * Request to update server configuration
+ * PUT /api/v1/bouncer/projects/{projectId}/config
+ */
+export interface UpdateServerConfigRequest {
+    projectId: string;
+    config: Partial<MCPIServerConfig>;
+}
+/**
+ * Response from update server configuration endpoint
+ */
+export interface UpdateServerConfigResponse {
+    success: boolean;
+    data: {
+        config: MCPIServerConfig;
+        changes: Array<{
+            path: string;
+            oldValue: unknown;
+            newValue: unknown;
+        }>;
+    };
+    metadata?: {
+        requestId?: string;
+        timestamp?: string;
+    };
+}
+/**
+ * Request to validate server configuration without saving
+ * POST /api/v1/bouncer/projects/{projectId}/config/validate
+ */
+export interface ValidateServerConfigRequest {
+    projectId: string;
+    config: Partial<MCPIServerConfig>;
+}
+/**
+ * Response from validate server configuration endpoint
+ */
+export interface ValidateServerConfigResponse {
+    success: boolean;
+    data: {
+        valid: boolean;
+        errors?: Array<{
+            path: string;
+            message: string;
+            code: string;
+        }>;
+        warnings?: Array<{
+            path: string;
+            message: string;
+        }>;
+    };
+    metadata?: {
+        requestId?: string;
+        timestamp?: string;
+    };
+}

package/dist/dashboard-config/types.js

@@ -0,0 +1,10 @@
+"use strict";
+/**
+ * Dashboard Configuration Types
+ *
+ * Type definitions for AgentShield dashboard server configuration management API.
+ * These types ensure parity between xmcp-i and AgentShield dashboard implementations.
+ *
+ * @package @kya-os/contracts/dashboard-config
+ */
+Object.defineProperty(exports, "__esModule", { value: true });