@kya-os/contracts 1.5.3-canary.1 → 1.5.3-canary.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/agentshield-api/index.d.ts +1 -1
  2. package/dist/agentshield-api/schemas.d.ts +204 -76
  3. package/dist/agentshield-api/schemas.js +31 -3
  4. package/dist/agentshield-api/types.d.ts +30 -3
  5. package/dist/consent/schemas.d.ts +18 -15
  6. package/dist/consent/schemas.js +100 -64
  7. package/package.json +1 -1
package/dist/agentshield-api/index.d.ts CHANGED
@@ -6,7 +6,7 @@
6
6
  *
7
7
  * @package @kya-os/contracts/agentshield-api
8
8
  */
9
- export type { AgentShieldAPIResponse, AgentShieldAPIErrorResponse, ProofSubmissionRequest, ProofSubmissionResponse, ToolCallContext, BouncerOutcome, VerifyDelegationRequest, VerifyDelegationResponse, VerifyDelegationAPIResponse, DelegationCredential, AgentShieldToolProtection, ToolProtectionConfigResponse, ToolProtectionConfigAPIResponse, CreateDelegationRequest, CreateDelegationResponse, CreateDelegationAPIResponse, RevokeDelegationRequest, RevokeDelegationResponse, RevokeDelegationAPIResponse, } from "./types.js";
9
+ export type { AgentShieldAPIResponse, AgentShieldAPIErrorResponse, ProofSubmissionRequest, ProofSubmissionResponse, ToolCallContext, ConsentEventContext, BouncerOutcome, VerifyDelegationRequest, VerifyDelegationResponse, VerifyDelegationAPIResponse, DelegationCredential, AgentShieldToolProtection, ToolProtectionConfigResponse, ToolProtectionConfigAPIResponse, CreateDelegationRequest, CreateDelegationResponse, CreateDelegationAPIResponse, RevokeDelegationRequest, RevokeDelegationResponse, RevokeDelegationAPIResponse, } from "./types.js";
10
10
  export { AgentShieldAPIError } from "./types.js";
11
11
  export type { AgentShieldAPIHeaders } from "./endpoints.js";
12
12
  export type { ClearCacheRequest, ClearCacheResponse } from "./admin-types.js";
package/dist/agentshield-api/schemas.d.ts CHANGED
@@ -33,11 +33,11 @@ export declare const agentShieldAPIResponseSchema: <T extends z.ZodTypeAny>(data
33
33
  requestId: z.ZodString;
34
34
  timestamp: z.ZodString;
35
35
  }, "strip", z.ZodTypeAny, {
36
- timestamp: string;
37
36
  requestId: string;
38
- }, {
39
37
  timestamp: string;
38
+ }, {
40
39
  requestId: string;
40
+ timestamp: string;
41
41
  }>>;
42
42
  }, "strip", z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<{
43
43
  success: z.ZodBoolean;
@@ -46,11 +46,11 @@ export declare const agentShieldAPIResponseSchema: <T extends z.ZodTypeAny>(data
46
46
  requestId: z.ZodString;
47
47
  timestamp: z.ZodString;
48
48
  }, "strip", z.ZodTypeAny, {
49
- timestamp: string;
50
49
  requestId: string;
51
- }, {
52
50
  timestamp: string;
51
+ }, {
53
52
  requestId: string;
53
+ timestamp: string;
54
54
  }>>;
55
55
  }>, any> extends infer T_1 ? { [k in keyof T_1]: z.objectUtil.addQuestionMarks<z.baseObjectOutputType<{
56
56
  success: z.ZodBoolean;
@@ -59,11 +59,11 @@ export declare const agentShieldAPIResponseSchema: <T extends z.ZodTypeAny>(data
59
59
  requestId: z.ZodString;
60
60
  timestamp: z.ZodString;
61
61
  }, "strip", z.ZodTypeAny, {
62
- timestamp: string;
63
62
  requestId: string;
64
- }, {
65
63
  timestamp: string;
64
+ }, {
66
65
  requestId: string;
66
+ timestamp: string;
67
67
  }>>;
68
68
  }>, any>[k]; } : never, z.baseObjectInputType<{
69
69
  success: z.ZodBoolean;
@@ -72,11 +72,11 @@ export declare const agentShieldAPIResponseSchema: <T extends z.ZodTypeAny>(data
72
72
  requestId: z.ZodString;
73
73
  timestamp: z.ZodString;
74
74
  }, "strip", z.ZodTypeAny, {
75
- timestamp: string;
76
75
  requestId: string;
77
- }, {
78
76
  timestamp: string;
77
+ }, {
79
78
  requestId: string;
79
+ timestamp: string;
80
80
  }>>;
81
81
  }> extends infer T_2 ? { [k_1 in keyof T_2]: z.baseObjectInputType<{
82
82
  success: z.ZodBoolean;
@@ -85,11 +85,11 @@ export declare const agentShieldAPIResponseSchema: <T extends z.ZodTypeAny>(data
85
85
  requestId: z.ZodString;
86
86
  timestamp: z.ZodString;
87
87
  }, "strip", z.ZodTypeAny, {
88
- timestamp: string;
89
88
  requestId: string;
90
- }, {
91
89
  timestamp: string;
90
+ }, {
92
91
  requestId: string;
92
+ timestamp: string;
93
93
  }>>;
94
94
  }>[k_1]; } : never>;
95
95
  /**
@@ -115,57 +115,57 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
115
115
  }, "strip", z.ZodTypeAny, {
116
116
  did: string;
117
117
  kid: string;
118
+ ts: number;
118
119
  nonce: string;
119
120
  audience: string;
120
121
  sessionId: string;
121
- ts: number;
122
122
  requestHash: string;
123
123
  responseHash: string;
124
- clientDid?: string | undefined;
125
124
  scopeId?: string | undefined;
126
125
  delegationRef?: string | undefined;
126
+ clientDid?: string | undefined;
127
127
  }, {
128
128
  did: string;
129
129
  kid: string;
130
+ ts: number;
130
131
  nonce: string;
131
132
  audience: string;
132
133
  sessionId: string;
133
- ts: number;
134
134
  requestHash: string;
135
135
  responseHash: string;
136
- clientDid?: string | undefined;
137
136
  scopeId?: string | undefined;
138
137
  delegationRef?: string | undefined;
138
+ clientDid?: string | undefined;
139
139
  }>;
140
140
  }, "strip", z.ZodTypeAny, {
141
141
  jws: string;
142
142
  meta: {
143
143
  did: string;
144
144
  kid: string;
145
+ ts: number;
145
146
  nonce: string;
146
147
  audience: string;
147
148
  sessionId: string;
148
- ts: number;
149
149
  requestHash: string;
150
150
  responseHash: string;
151
- clientDid?: string | undefined;
152
151
  scopeId?: string | undefined;
153
152
  delegationRef?: string | undefined;
153
+ clientDid?: string | undefined;
154
154
  };
155
155
  }, {
156
156
  jws: string;
157
157
  meta: {
158
158
  did: string;
159
159
  kid: string;
160
+ ts: number;
160
161
  nonce: string;
161
162
  audience: string;
162
163
  sessionId: string;
163
- ts: number;
164
164
  requestHash: string;
165
165
  responseHash: string;
166
- clientDid?: string | undefined;
167
166
  scopeId?: string | undefined;
168
167
  delegationRef?: string | undefined;
168
+ clientDid?: string | undefined;
169
169
  };
170
170
  }>, "many">;
171
171
  context: z.ZodOptional<z.ZodObject<{
@@ -188,6 +188,61 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
188
188
  result?: unknown;
189
189
  userIdentifier?: string | undefined;
190
190
  }>, "many">>;
191
+ consentEvents: z.ZodOptional<z.ZodArray<z.ZodObject<{
192
+ eventType: z.ZodEnum<["consent:page_viewed", "consent:approved", "consent:delegation_created", "consent:credential_required"]>;
193
+ timestamp: z.ZodNumber;
194
+ sessionId: z.ZodString;
195
+ userDid: z.ZodOptional<z.ZodString>;
196
+ agentDid: z.ZodString;
197
+ targetTools: z.ZodArray<z.ZodString, "many">;
198
+ scopes: z.ZodArray<z.ZodString, "many">;
199
+ delegationId: z.ZodOptional<z.ZodString>;
200
+ projectId: z.ZodString;
201
+ termsAccepted: z.ZodOptional<z.ZodBoolean>;
202
+ credentialStatus: z.ZodOptional<z.ZodEnum<["present", "required", "obtained"]>>;
203
+ oauthIdentity: z.ZodOptional<z.ZodObject<{
204
+ provider: z.ZodString;
205
+ identifier: z.ZodString;
206
+ }, "strip", z.ZodTypeAny, {
207
+ provider: string;
208
+ identifier: string;
209
+ }, {
210
+ provider: string;
211
+ identifier: string;
212
+ }>>;
213
+ }, "strip", z.ZodTypeAny, {
214
+ sessionId: string;
215
+ scopes: string[];
216
+ timestamp: number;
217
+ eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
218
+ agentDid: string;
219
+ targetTools: string[];
220
+ projectId: string;
221
+ userDid?: string | undefined;
222
+ delegationId?: string | undefined;
223
+ termsAccepted?: boolean | undefined;
224
+ credentialStatus?: "present" | "required" | "obtained" | undefined;
225
+ oauthIdentity?: {
226
+ provider: string;
227
+ identifier: string;
228
+ } | undefined;
229
+ }, {
230
+ sessionId: string;
231
+ scopes: string[];
232
+ timestamp: number;
233
+ eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
234
+ agentDid: string;
235
+ targetTools: string[];
236
+ projectId: string;
237
+ userDid?: string | undefined;
238
+ delegationId?: string | undefined;
239
+ termsAccepted?: boolean | undefined;
240
+ credentialStatus?: "present" | "required" | "obtained" | undefined;
241
+ oauthIdentity?: {
242
+ provider: string;
243
+ identifier: string;
244
+ } | undefined;
245
+ }>, "many">>;
191
246
  mcpServerUrl: z.ZodOptional<z.ZodString>;
192
247
  }, "strip", z.ZodTypeAny, {
193
248
  toolCalls?: {
@@ -197,6 +252,23 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
197
252
  result?: unknown;
198
253
  userIdentifier?: string | undefined;
199
254
  }[] | undefined;
255
+ consentEvents?: {
256
+ sessionId: string;
257
+ scopes: string[];
258
+ timestamp: number;
259
+ eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
260
+ agentDid: string;
261
+ targetTools: string[];
262
+ projectId: string;
263
+ userDid?: string | undefined;
264
+ delegationId?: string | undefined;
265
+ termsAccepted?: boolean | undefined;
266
+ credentialStatus?: "present" | "required" | "obtained" | undefined;
267
+ oauthIdentity?: {
268
+ provider: string;
269
+ identifier: string;
270
+ } | undefined;
271
+ }[] | undefined;
200
272
  mcpServerUrl?: string | undefined;
201
273
  }, {
202
274
  toolCalls?: {
@@ -206,6 +278,23 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
206
278
  result?: unknown;
207
279
  userIdentifier?: string | undefined;
208
280
  }[] | undefined;
281
+ consentEvents?: {
282
+ sessionId: string;
283
+ scopes: string[];
284
+ timestamp: number;
285
+ eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
286
+ agentDid: string;
287
+ targetTools: string[];
288
+ projectId: string;
289
+ userDid?: string | undefined;
290
+ delegationId?: string | undefined;
291
+ termsAccepted?: boolean | undefined;
292
+ credentialStatus?: "present" | "required" | "obtained" | undefined;
293
+ oauthIdentity?: {
294
+ provider: string;
295
+ identifier: string;
296
+ } | undefined;
297
+ }[] | undefined;
209
298
  mcpServerUrl?: string | undefined;
210
299
  }>>;
211
300
  }, "strip", z.ZodTypeAny, {
@@ -215,15 +304,15 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
215
304
  meta: {
216
305
  did: string;
217
306
  kid: string;
307
+ ts: number;
218
308
  nonce: string;
219
309
  audience: string;
220
310
  sessionId: string;
221
- ts: number;
222
311
  requestHash: string;
223
312
  responseHash: string;
224
- clientDid?: string | undefined;
225
313
  scopeId?: string | undefined;
226
314
  delegationRef?: string | undefined;
315
+ clientDid?: string | undefined;
227
316
  };
228
317
  }[];
229
318
  delegation_id?: string | null | undefined;
@@ -235,6 +324,23 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
235
324
  result?: unknown;
236
325
  userIdentifier?: string | undefined;
237
326
  }[] | undefined;
327
+ consentEvents?: {
328
+ sessionId: string;
329
+ scopes: string[];
330
+ timestamp: number;
331
+ eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
332
+ agentDid: string;
333
+ targetTools: string[];
334
+ projectId: string;
335
+ userDid?: string | undefined;
336
+ delegationId?: string | undefined;
337
+ termsAccepted?: boolean | undefined;
338
+ credentialStatus?: "present" | "required" | "obtained" | undefined;
339
+ oauthIdentity?: {
340
+ provider: string;
341
+ identifier: string;
342
+ } | undefined;
343
+ }[] | undefined;
238
344
  mcpServerUrl?: string | undefined;
239
345
  } | undefined;
240
346
  }, {
@@ -244,15 +350,15 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
244
350
  meta: {
245
351
  did: string;
246
352
  kid: string;
353
+ ts: number;
247
354
  nonce: string;
248
355
  audience: string;
249
356
  sessionId: string;
250
- ts: number;
251
357
  requestHash: string;
252
358
  responseHash: string;
253
- clientDid?: string | undefined;
254
359
  scopeId?: string | undefined;
255
360
  delegationRef?: string | undefined;
361
+ clientDid?: string | undefined;
256
362
  };
257
363
  }[];
258
364
  delegation_id?: string | null | undefined;
@@ -264,6 +370,23 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
264
370
  result?: unknown;
265
371
  userIdentifier?: string | undefined;
266
372
  }[] | undefined;
373
+ consentEvents?: {
374
+ sessionId: string;
375
+ scopes: string[];
376
+ timestamp: number;
377
+ eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
378
+ agentDid: string;
379
+ targetTools: string[];
380
+ projectId: string;
381
+ userDid?: string | undefined;
382
+ delegationId?: string | undefined;
383
+ termsAccepted?: boolean | undefined;
384
+ credentialStatus?: "present" | "required" | "obtained" | undefined;
385
+ oauthIdentity?: {
386
+ provider: string;
387
+ identifier: string;
388
+ } | undefined;
389
+ }[] | undefined;
267
390
  mcpServerUrl?: string | undefined;
268
391
  } | undefined;
269
392
  }>;
@@ -364,8 +487,8 @@ export declare const delegationCredentialSchema: z.ZodObject<{
364
487
  * Delegation verification request schema
365
488
  */
366
489
  export declare const verifyDelegationRequestSchema: z.ZodObject<{
367
- timestamp: z.ZodOptional<z.ZodNumber>;
368
490
  scopes: z.ZodOptional<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
491
+ timestamp: z.ZodOptional<z.ZodNumber>;
369
492
  agent_did: z.ZodString;
370
493
  credential_jwt: z.ZodOptional<z.ZodString>;
371
494
  delegation_token: z.ZodOptional<z.ZodString>;
@@ -384,8 +507,8 @@ export declare const verifyDelegationRequestSchema: z.ZodObject<{
384
507
  }>>;
385
508
  }, "strip", z.ZodTypeAny, {
386
509
  agent_did: string;
387
- timestamp?: number | undefined;
388
510
  scopes?: string[] | undefined;
511
+ timestamp?: number | undefined;
389
512
  credential_jwt?: string | undefined;
390
513
  delegation_token?: string | undefined;
391
514
  client_info?: {
@@ -395,8 +518,8 @@ export declare const verifyDelegationRequestSchema: z.ZodObject<{
395
518
  } | undefined;
396
519
  }, {
397
520
  agent_did: string;
398
- timestamp?: number | undefined;
399
521
  scopes?: string[] | undefined;
522
+ timestamp?: number | undefined;
400
523
  credential_jwt?: string | undefined;
401
524
  delegation_token?: string | undefined;
402
525
  client_info?: {
@@ -1689,7 +1812,6 @@ export declare const verifyDelegationResponseSchema: z.ZodObject<{
1689
1812
  details?: Record<string, unknown> | undefined;
1690
1813
  } | undefined;
1691
1814
  delegation_id?: string | undefined;
1692
- reason?: string | undefined;
1693
1815
  delegation?: z.objectOutputType<{
1694
1816
  id: z.ZodString;
1695
1817
  issuerDid: z.ZodString;
@@ -2110,6 +2232,7 @@ export declare const verifyDelegationResponseSchema: z.ZodObject<{
2110
2232
  user_id?: string | undefined;
2111
2233
  user_identifier?: string | undefined;
2112
2234
  } | undefined;
2235
+ reason?: string | undefined;
2113
2236
  }, {
2114
2237
  valid: boolean;
2115
2238
  error?: {
@@ -2118,7 +2241,6 @@ export declare const verifyDelegationResponseSchema: z.ZodObject<{
2118
2241
  details?: Record<string, unknown> | undefined;
2119
2242
  } | undefined;
2120
2243
  delegation_id?: string | undefined;
2121
- reason?: string | undefined;
2122
2244
  delegation?: z.objectInputType<{
2123
2245
  id: z.ZodString;
2124
2246
  issuerDid: z.ZodString;
@@ -2539,6 +2661,7 @@ export declare const verifyDelegationResponseSchema: z.ZodObject<{
2539
2661
  user_id?: string | undefined;
2540
2662
  user_identifier?: string | undefined;
2541
2663
  } | undefined;
2664
+ reason?: string | undefined;
2542
2665
  }>;
2543
2666
  /**
2544
2667
  * Wrapped verification response schema
@@ -3826,7 +3949,6 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
3826
3949
  details?: Record<string, unknown> | undefined;
3827
3950
  } | undefined;
3828
3951
  delegation_id?: string | undefined;
3829
- reason?: string | undefined;
3830
3952
  delegation?: z.objectOutputType<{
3831
3953
  id: z.ZodString;
3832
3954
  issuerDid: z.ZodString;
@@ -4247,6 +4369,7 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
4247
4369
  user_id?: string | undefined;
4248
4370
  user_identifier?: string | undefined;
4249
4371
  } | undefined;
4372
+ reason?: string | undefined;
4250
4373
  }, {
4251
4374
  valid: boolean;
4252
4375
  error?: {
@@ -4255,7 +4378,6 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
4255
4378
  details?: Record<string, unknown> | undefined;
4256
4379
  } | undefined;
4257
4380
  delegation_id?: string | undefined;
4258
- reason?: string | undefined;
4259
4381
  delegation?: z.objectInputType<{
4260
4382
  id: z.ZodString;
4261
4383
  issuerDid: z.ZodString;
@@ -4676,16 +4798,17 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
4676
4798
  user_id?: string | undefined;
4677
4799
  user_identifier?: string | undefined;
4678
4800
  } | undefined;
4801
+ reason?: string | undefined;
4679
4802
  }>;
4680
4803
  metadata: z.ZodOptional<z.ZodObject<{
4681
4804
  requestId: z.ZodString;
4682
4805
  timestamp: z.ZodString;
4683
4806
  }, "strip", z.ZodTypeAny, {
4684
- timestamp: string;
4685
4807
  requestId: string;
4686
- }, {
4687
4808
  timestamp: string;
4809
+ }, {
4688
4810
  requestId: string;
4811
+ timestamp: string;
4689
4812
  }>>;
4690
4813
  }, "strip", z.ZodTypeAny, {
4691
4814
  success: boolean;
@@ -4697,7 +4820,6 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
4697
4820
  details?: Record<string, unknown> | undefined;
4698
4821
  } | undefined;
4699
4822
  delegation_id?: string | undefined;
4700
- reason?: string | undefined;
4701
4823
  delegation?: z.objectOutputType<{
4702
4824
  id: z.ZodString;
4703
4825
  issuerDid: z.ZodString;
@@ -5118,10 +5240,11 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
5118
5240
  user_id?: string | undefined;
5119
5241
  user_identifier?: string | undefined;
5120
5242
  } | undefined;
5243
+ reason?: string | undefined;
5121
5244
  };
5122
5245
  metadata?: {
5123
- timestamp: string;
5124
5246
  requestId: string;
5247
+ timestamp: string;
5125
5248
  } | undefined;
5126
5249
  }, {
5127
5250
  success: boolean;
@@ -5133,7 +5256,6 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
5133
5256
  details?: Record<string, unknown> | undefined;
5134
5257
  } | undefined;
5135
5258
  delegation_id?: string | undefined;
5136
- reason?: string | undefined;
5137
5259
  delegation?: z.objectInputType<{
5138
5260
  id: z.ZodString;
5139
5261
  issuerDid: z.ZodString;
@@ -5554,10 +5676,11 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
5554
5676
  user_id?: string | undefined;
5555
5677
  user_identifier?: string | undefined;
5556
5678
  } | undefined;
5679
+ reason?: string | undefined;
5557
5680
  };
5558
5681
  metadata?: {
5559
- timestamp: string;
5560
5682
  requestId: string;
5683
+ timestamp: string;
5561
5684
  } | undefined;
5562
5685
  }>;
5563
5686
  /**
@@ -5730,11 +5853,11 @@ export declare const toolProtectionConfigAPIResponseSchema: z.ZodObject<{
5730
5853
  requestId: z.ZodString;
5731
5854
  timestamp: z.ZodString;
5732
5855
  }, "strip", z.ZodTypeAny, {
5733
- timestamp: string;
5734
5856
  requestId: string;
5735
- }, {
5736
5857
  timestamp: string;
5858
+ }, {
5737
5859
  requestId: string;
5860
+ timestamp: string;
5738
5861
  }>>;
5739
5862
  }, "strip", z.ZodTypeAny, {
5740
5863
  success: boolean;
@@ -5756,8 +5879,8 @@ export declare const toolProtectionConfigAPIResponseSchema: z.ZodObject<{
5756
5879
  } | undefined;
5757
5880
  };
5758
5881
  metadata?: {
5759
- timestamp: string;
5760
5882
  requestId: string;
5883
+ timestamp: string;
5761
5884
  } | undefined;
5762
5885
  }, {
5763
5886
  success: boolean;
@@ -5779,15 +5902,15 @@ export declare const toolProtectionConfigAPIResponseSchema: z.ZodObject<{
5779
5902
  } | undefined;
5780
5903
  };
5781
5904
  metadata?: {
5782
- timestamp: string;
5783
5905
  requestId: string;
5906
+ timestamp: string;
5784
5907
  } | undefined;
5785
5908
  }>;
5786
5909
  /**
5787
5910
  * Create delegation request schema
5788
5911
  *
5789
5912
  * Note: AgentShield API accepts a simplified format, not the full DelegationRecord.
5790
- * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, custom_fields
5913
+ * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, user_identifier, custom_fields
5791
5914
  *
5792
5915
  * IMPORTANT: expires_in_days and expires_at are mutually exclusive - use one or the other, not both.
5793
5916
  */
@@ -5798,6 +5921,7 @@ export declare const createDelegationRequestSchema: z.ZodEffects<z.ZodObject<{
5798
5921
  expires_at: z.ZodOptional<z.ZodString>;
5799
5922
  session_id: z.ZodOptional<z.ZodString>;
5800
5923
  project_id: z.ZodOptional<z.ZodString>;
5924
+ user_identifier: z.ZodOptional<z.ZodString>;
5801
5925
  custom_fields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
5802
5926
  }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
5803
5927
  agent_did: z.ZodString;
@@ -5806,6 +5930,7 @@ export declare const createDelegationRequestSchema: z.ZodEffects<z.ZodObject<{
5806
5930
  expires_at: z.ZodOptional<z.ZodString>;
5807
5931
  session_id: z.ZodOptional<z.ZodString>;
5808
5932
  project_id: z.ZodOptional<z.ZodString>;
5933
+ user_identifier: z.ZodOptional<z.ZodString>;
5809
5934
  custom_fields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
5810
5935
  }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
5811
5936
  agent_did: z.ZodString;
@@ -5814,6 +5939,7 @@ export declare const createDelegationRequestSchema: z.ZodEffects<z.ZodObject<{
5814
5939
  expires_at: z.ZodOptional<z.ZodString>;
5815
5940
  session_id: z.ZodOptional<z.ZodString>;
5816
5941
  project_id: z.ZodOptional<z.ZodString>;
5942
+ user_identifier: z.ZodOptional<z.ZodString>;
5817
5943
  custom_fields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
5818
5944
  }, z.ZodTypeAny, "passthrough">>, z.objectOutputType<{
5819
5945
  agent_did: z.ZodString;
@@ -5822,6 +5948,7 @@ export declare const createDelegationRequestSchema: z.ZodEffects<z.ZodObject<{
5822
5948
  expires_at: z.ZodOptional<z.ZodString>;
5823
5949
  session_id: z.ZodOptional<z.ZodString>;
5824
5950
  project_id: z.ZodOptional<z.ZodString>;
5951
+ user_identifier: z.ZodOptional<z.ZodString>;
5825
5952
  custom_fields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
5826
5953
  }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
5827
5954
  agent_did: z.ZodString;
@@ -5830,6 +5957,7 @@ export declare const createDelegationRequestSchema: z.ZodEffects<z.ZodObject<{
5830
5957
  expires_at: z.ZodOptional<z.ZodString>;
5831
5958
  session_id: z.ZodOptional<z.ZodString>;
5832
5959
  project_id: z.ZodOptional<z.ZodString>;
5960
+ user_identifier: z.ZodOptional<z.ZodString>;
5833
5961
  custom_fields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
5834
5962
  }, z.ZodTypeAny, "passthrough">>;
5835
5963
  /**
@@ -5847,30 +5975,30 @@ export declare const createDelegationResponseSchema: z.ZodObject<{
5847
5975
  user_id: z.ZodOptional<z.ZodString>;
5848
5976
  user_identifier: z.ZodOptional<z.ZodString>;
5849
5977
  scopes: z.ZodArray<z.ZodString, "many">;
5850
- status: z.ZodLiteral<"active">;
5978
+ status: z.ZodEnum<["active", "expired", "revoked"]>;
5851
5979
  issued_at: z.ZodString;
5852
- expires_at: z.ZodOptional<z.ZodString>;
5980
+ expires_at: z.ZodOptional<z.ZodNullable<z.ZodString>>;
5853
5981
  created_at: z.ZodString;
5854
5982
  }, "strip", z.ZodTypeAny, {
5855
- status: "active";
5856
- delegation_id: string;
5983
+ status: "active" | "revoked" | "expired";
5857
5984
  scopes: string[];
5985
+ delegation_id: string;
5858
5986
  agent_did: string;
5859
5987
  issued_at: string;
5860
5988
  created_at: string;
5861
5989
  user_id?: string | undefined;
5862
5990
  user_identifier?: string | undefined;
5863
- expires_at?: string | undefined;
5991
+ expires_at?: string | null | undefined;
5864
5992
  }, {
5865
- status: "active";
5866
- delegation_id: string;
5993
+ status: "active" | "revoked" | "expired";
5867
5994
  scopes: string[];
5995
+ delegation_id: string;
5868
5996
  agent_did: string;
5869
5997
  issued_at: string;
5870
5998
  created_at: string;
5871
5999
  user_id?: string | undefined;
5872
6000
  user_identifier?: string | undefined;
5873
- expires_at?: string | undefined;
6001
+ expires_at?: string | null | undefined;
5874
6002
  }>;
5875
6003
  /**
5876
6004
  * Wrapped creation response schema
@@ -5883,74 +6011,74 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
5883
6011
  user_id: z.ZodOptional<z.ZodString>;
5884
6012
  user_identifier: z.ZodOptional<z.ZodString>;
5885
6013
  scopes: z.ZodArray<z.ZodString, "many">;
5886
- status: z.ZodLiteral<"active">;
6014
+ status: z.ZodEnum<["active", "expired", "revoked"]>;
5887
6015
  issued_at: z.ZodString;
5888
- expires_at: z.ZodOptional<z.ZodString>;
6016
+ expires_at: z.ZodOptional<z.ZodNullable<z.ZodString>>;
5889
6017
  created_at: z.ZodString;
5890
6018
  }, "strip", z.ZodTypeAny, {
5891
- status: "active";
5892
- delegation_id: string;
6019
+ status: "active" | "revoked" | "expired";
5893
6020
  scopes: string[];
6021
+ delegation_id: string;
5894
6022
  agent_did: string;
5895
6023
  issued_at: string;
5896
6024
  created_at: string;
5897
6025
  user_id?: string | undefined;
5898
6026
  user_identifier?: string | undefined;
5899
- expires_at?: string | undefined;
6027
+ expires_at?: string | null | undefined;
5900
6028
  }, {
5901
- status: "active";
5902
- delegation_id: string;
6029
+ status: "active" | "revoked" | "expired";
5903
6030
  scopes: string[];
6031
+ delegation_id: string;
5904
6032
  agent_did: string;
5905
6033
  issued_at: string;
5906
6034
  created_at: string;
5907
6035
  user_id?: string | undefined;
5908
6036
  user_identifier?: string | undefined;
5909
- expires_at?: string | undefined;
6037
+ expires_at?: string | null | undefined;
5910
6038
  }>;
5911
6039
  metadata: z.ZodOptional<z.ZodObject<{
5912
6040
  requestId: z.ZodString;
5913
6041
  timestamp: z.ZodString;
5914
6042
  }, "strip", z.ZodTypeAny, {
5915
- timestamp: string;
5916
6043
  requestId: string;
5917
- }, {
5918
6044
  timestamp: string;
6045
+ }, {
5919
6046
  requestId: string;
6047
+ timestamp: string;
5920
6048
  }>>;
5921
6049
  }, "strip", z.ZodTypeAny, {
5922
6050
  success: boolean;
5923
6051
  data: {
5924
- status: "active";
5925
- delegation_id: string;
6052
+ status: "active" | "revoked" | "expired";
5926
6053
  scopes: string[];
6054
+ delegation_id: string;
5927
6055
  agent_did: string;
5928
6056
  issued_at: string;
5929
6057
  created_at: string;
5930
6058
  user_id?: string | undefined;
5931
6059
  user_identifier?: string | undefined;
5932
- expires_at?: string | undefined;
6060
+ expires_at?: string | null | undefined;
5933
6061
  };
5934
6062
  metadata?: {
5935
- timestamp: string;
5936
6063
  requestId: string;
6064
+ timestamp: string;
5937
6065
  } | undefined;
5938
6066
  }, {
5939
6067
  success: boolean;
5940
6068
  data: {
5941
- status: "active";
5942
- delegation_id: string;
6069
+ status: "active" | "revoked" | "expired";
5943
6070
  scopes: string[];
6071
+ delegation_id: string;
5944
6072
  agent_did: string;
5945
6073
  issued_at: string;
5946
6074
  created_at: string;
5947
6075
  user_id?: string | undefined;
5948
6076
  user_identifier?: string | undefined;
5949
- expires_at?: string | undefined;
6077
+ expires_at?: string | null | undefined;
5950
6078
  };
5951
6079
  metadata?: {
5952
- timestamp: string;
5953
6080
  requestId: string;
6081
+ timestamp: string;
5954
6082
  } | undefined;
5955
6083
  }>;
5956
6084
  /**
@@ -5971,12 +6099,12 @@ export declare const revokeDelegationResponseSchema: z.ZodObject<{
5971
6099
  revoked: z.ZodBoolean;
5972
6100
  revoked_at: z.ZodNumber;
5973
6101
  }, "strip", z.ZodTypeAny, {
5974
- delegation_id: string;
5975
6102
  revoked: boolean;
6103
+ delegation_id: string;
5976
6104
  revoked_at: number;
5977
6105
  }, {
5978
- delegation_id: string;
5979
6106
  revoked: boolean;
6107
+ delegation_id: string;
5980
6108
  revoked_at: number;
5981
6109
  }>;
5982
6110
  /**
@@ -5989,44 +6117,44 @@ export declare const revokeDelegationAPIResponseSchema: z.ZodObject<{
5989
6117
  revoked: z.ZodBoolean;
5990
6118
  revoked_at: z.ZodNumber;
5991
6119
  }, "strip", z.ZodTypeAny, {
5992
- delegation_id: string;
5993
6120
  revoked: boolean;
6121
+ delegation_id: string;
5994
6122
  revoked_at: number;
5995
6123
  }, {
5996
- delegation_id: string;
5997
6124
  revoked: boolean;
6125
+ delegation_id: string;
5998
6126
  revoked_at: number;
5999
6127
  }>;
6000
6128
  metadata: z.ZodOptional<z.ZodObject<{
6001
6129
  requestId: z.ZodString;
6002
6130
  timestamp: z.ZodString;
6003
6131
  }, "strip", z.ZodTypeAny, {
6004
- timestamp: string;
6005
6132
  requestId: string;
6006
- }, {
6007
6133
  timestamp: string;
6134
+ }, {
6008
6135
  requestId: string;
6136
+ timestamp: string;
6009
6137
  }>>;
6010
6138
  }, "strip", z.ZodTypeAny, {
6011
6139
  success: boolean;
6012
6140
  data: {
6013
- delegation_id: string;
6014
6141
  revoked: boolean;
6142
+ delegation_id: string;
6015
6143
  revoked_at: number;
6016
6144
  };
6017
6145
  metadata?: {
6018
- timestamp: string;
6019
6146
  requestId: string;
6147
+ timestamp: string;
6020
6148
  } | undefined;
6021
6149
  }, {
6022
6150
  success: boolean;
6023
6151
  data: {
6024
- delegation_id: string;
6025
6152
  revoked: boolean;
6153
+ delegation_id: string;
6026
6154
  revoked_at: number;
6027
6155
  };
6028
6156
  metadata?: {
6029
- timestamp: string;
6030
6157
  requestId: string;
6158
+ timestamp: string;
6031
6159
  } | undefined;
6032
6160
  }>;
package/dist/agentshield-api/schemas.js CHANGED
@@ -48,6 +48,32 @@ const toolCallContextSchema = zod_1.z.object({
48
48
  scopeId: zod_1.z.string().min(1, "scopeId is required to link context to proof"),
49
49
  userIdentifier: zod_1.z.string().optional(),
50
50
  });
51
+ /**
52
+ * Consent Event Context Schema
53
+ * Represents consent-related events for audit tracking
54
+ */
55
+ const consentEventContextSchema = zod_1.z.object({
56
+ eventType: zod_1.z.enum([
57
+ "consent:page_viewed",
58
+ "consent:approved",
59
+ "consent:delegation_created",
60
+ "consent:credential_required"
61
+ ]),
62
+ timestamp: zod_1.z.number().int().positive(),
63
+ sessionId: zod_1.z.string().min(1),
64
+ userDid: zod_1.z.string().optional(),
65
+ agentDid: zod_1.z.string().min(1),
66
+ targetTools: zod_1.z.array(zod_1.z.string()).min(1), // ALWAYS array
67
+ scopes: zod_1.z.array(zod_1.z.string()).min(0),
68
+ delegationId: zod_1.z.string().uuid().optional(),
69
+ projectId: zod_1.z.string().uuid(),
70
+ termsAccepted: zod_1.z.boolean().optional(),
71
+ credentialStatus: zod_1.z.enum(["present", "required", "obtained"]).optional(),
72
+ oauthIdentity: zod_1.z.object({
73
+ provider: zod_1.z.string(),
74
+ identifier: zod_1.z.string(),
75
+ }).optional(),
76
+ });
51
77
  /**
52
78
  * Proof submission request schema
53
79
  */
@@ -59,6 +85,7 @@ exports.proofSubmissionRequestSchema = zod_1.z.object({
59
85
  context: zod_1.z
60
86
  .object({
61
87
  toolCalls: zod_1.z.array(toolCallContextSchema).optional(),
88
+ consentEvents: zod_1.z.array(consentEventContextSchema).optional(), // NEW: Consent events for audit tracking
62
89
  mcpServerUrl: zod_1.z.string().url().optional(), // MCP server URL for tool discovery
63
90
  })
64
91
  .optional(),
@@ -172,7 +199,7 @@ exports.toolProtectionConfigAPIResponseSchema = (0, exports.agentShieldAPIRespon
172
199
  * Create delegation request schema
173
200
  *
174
201
  * Note: AgentShield API accepts a simplified format, not the full DelegationRecord.
175
- * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, custom_fields
202
+ * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, user_identifier, custom_fields
176
203
  *
177
204
  * IMPORTANT: expires_in_days and expires_at are mutually exclusive - use one or the other, not both.
178
205
  */
@@ -184,6 +211,7 @@ exports.createDelegationRequestSchema = zod_1.z
184
211
  expires_at: zod_1.z.string().datetime().optional(),
185
212
  session_id: zod_1.z.string().optional(),
186
213
  project_id: zod_1.z.string().uuid().optional(),
214
+ user_identifier: zod_1.z.string().max(200).optional(), // Matches AgentShield's max(200)
187
215
  custom_fields: zod_1.z.record(zod_1.z.unknown()).optional(),
188
216
  })
189
217
  .passthrough()
@@ -211,9 +239,9 @@ exports.createDelegationResponseSchema = zod_1.z.object({
211
239
  user_id: zod_1.z.string().optional(),
212
240
  user_identifier: zod_1.z.string().optional(),
213
241
  scopes: zod_1.z.array(zod_1.z.string()),
214
- status: zod_1.z.literal("active"),
242
+ status: zod_1.z.enum(['active', 'expired', 'revoked']), // Matches AgentShield's actual API behavior
215
243
  issued_at: zod_1.z.string().datetime(),
216
- expires_at: zod_1.z.string().datetime().optional(),
244
+ expires_at: zod_1.z.string().datetime().nullable().optional(), // AgentShield allows null values
217
245
  created_at: zod_1.z.string().datetime(),
218
246
  });
219
247
  /**
package/dist/agentshield-api/types.d.ts CHANGED
@@ -41,6 +41,30 @@ export interface ToolCallContext {
41
41
  scopeId: string;
42
42
  userIdentifier?: string;
43
43
  }
44
+ /**
45
+ * Consent Event Context
46
+ *
47
+ * Represents consent-related events that occur during the consent flow.
48
+ * These events are logged separately from tool executions and allow
49
+ * multiple events per session (unlike regular audit logs).
50
+ */
51
+ export interface ConsentEventContext {
52
+ eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
53
+ timestamp: number;
54
+ sessionId: string;
55
+ userDid?: string;
56
+ agentDid: string;
57
+ targetTools: string[];
58
+ scopes: string[];
59
+ delegationId?: string;
60
+ projectId: string;
61
+ termsAccepted?: boolean;
62
+ credentialStatus?: "present" | "required" | "obtained";
63
+ oauthIdentity?: {
64
+ provider: string;
65
+ identifier: string;
66
+ };
67
+ }
44
68
  /**
45
69
  * Request body for proof submission endpoint
46
70
  * POST /api/v1/bouncer/proofs
@@ -55,6 +79,7 @@ export interface ProofSubmissionRequest {
55
79
  /** AgentShield extension: Optional context for dashboard enrichment */
56
80
  context?: {
57
81
  toolCalls?: ToolCallContext[];
82
+ consentEvents?: ConsentEventContext[];
58
83
  mcpServerUrl?: string;
59
84
  };
60
85
  }
@@ -163,7 +188,7 @@ export type ToolProtectionConfigAPIResponse = AgentShieldAPIResponse<ToolProtect
163
188
  * POST /api/v1/bouncer/delegations
164
189
  *
165
190
  * Note: AgentShield API accepts a simplified format, not the full DelegationRecord.
166
- * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, custom_fields
191
+ * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, user_identifier, custom_fields
167
192
  *
168
193
  * IMPORTANT: expires_in_days and expires_at are mutually exclusive - use one or the other, not both.
169
194
  */
@@ -176,6 +201,8 @@ export interface CreateDelegationRequest {
176
201
  expires_at?: string;
177
202
  session_id?: string;
178
203
  project_id?: string;
204
+ /** User identifier string, max 200 chars, optional */
205
+ user_identifier?: string;
179
206
  custom_fields?: Record<string, unknown>;
180
207
  }
181
208
  /**
@@ -193,9 +220,9 @@ export interface CreateDelegationResponse {
193
220
  user_id?: string;
194
221
  user_identifier?: string;
195
222
  scopes: string[];
196
- status: "active";
223
+ status: "active" | "expired" | "revoked";
197
224
  issued_at: string;
198
- expires_at?: string;
225
+ expires_at?: string | null;
199
226
  created_at: string;
200
227
  }
201
228
  /**
package/dist/consent/schemas.d.ts CHANGED
@@ -6,7 +6,7 @@
6
6
  *
7
7
  * Related Spec: MCP-I Phase 0 Implementation Plan
8
8
  */
9
- import { z } from 'zod';
9
+ import { z } from "zod";
10
10
  /**
11
11
  * Consent Branding Schema
12
12
  */
@@ -357,8 +357,11 @@ export declare const consentApprovalRequestSchema: z.ZodObject<{
357
357
  /**
358
358
  * OAuth provider identity information (optional)
359
359
  * Used to link OAuth accounts to persistent User DIDs
360
+ *
361
+ * CRITICAL: Uses .nullish() to accept null, undefined, or OAuthIdentity
362
+ * This matches JSON parsing behavior where missing fields become null
360
363
  */
361
- oauth_identity: z.ZodOptional<z.ZodObject<{
364
+ oauth_identity: z.ZodOptional<z.ZodNullable<z.ZodObject<{
362
365
  /**
363
366
  * OAuth provider name (e.g., "google", "github", "microsoft")
364
367
  */
@@ -386,7 +389,7 @@ export declare const consentApprovalRequestSchema: z.ZodObject<{
386
389
  subject: string;
387
390
  name?: string | undefined;
388
391
  email?: string | undefined;
389
- }>>;
392
+ }>>>;
390
393
  /**
391
394
  * User DID (optional)
392
395
  * If provided, represents the persistent User DID for this user
@@ -394,11 +397,11 @@ export declare const consentApprovalRequestSchema: z.ZodObject<{
394
397
  */
395
398
  user_did: z.ZodOptional<z.ZodString>;
396
399
  }, "strip", z.ZodTypeAny, {
397
- agent_did: string;
398
- project_id: string;
399
400
  tool: string;
400
401
  scopes: string[];
402
+ agent_did: string;
401
403
  session_id: string;
404
+ project_id: string;
402
405
  termsAccepted: boolean;
403
406
  customFields?: Record<string, string | boolean> | undefined;
404
407
  termsVersion?: string | undefined;
@@ -407,14 +410,14 @@ export declare const consentApprovalRequestSchema: z.ZodObject<{
407
410
  subject: string;
408
411
  name?: string | undefined;
409
412
  email?: string | undefined;
410
- } | undefined;
413
+ } | null | undefined;
411
414
  user_did?: string | undefined;
412
415
  }, {
413
- agent_did: string;
414
- project_id: string;
415
416
  tool: string;
416
417
  scopes: string[];
418
+ agent_did: string;
417
419
  session_id: string;
420
+ project_id: string;
418
421
  termsAccepted: boolean;
419
422
  customFields?: Record<string, string | boolean> | undefined;
420
423
  termsVersion?: string | undefined;
@@ -423,7 +426,7 @@ export declare const consentApprovalRequestSchema: z.ZodObject<{
423
426
  subject: string;
424
427
  name?: string | undefined;
425
428
  email?: string | undefined;
426
- } | undefined;
429
+ } | null | undefined;
427
430
  user_did?: string | undefined;
428
431
  }>;
429
432
  export type ConsentApprovalRequest = z.infer<typeof consentApprovalRequestSchema>;
@@ -723,11 +726,11 @@ export declare function validateConsentPageConfig(config: unknown): z.SafeParseR
723
726
  * @returns Validation result
724
727
  */
725
728
  export declare function validateConsentApprovalRequest(request: unknown): z.SafeParseReturnType<{
726
- agent_did: string;
727
- project_id: string;
728
729
  tool: string;
729
730
  scopes: string[];
731
+ agent_did: string;
730
732
  session_id: string;
733
+ project_id: string;
731
734
  termsAccepted: boolean;
732
735
  customFields?: Record<string, string | boolean> | undefined;
733
736
  termsVersion?: string | undefined;
@@ -736,14 +739,14 @@ export declare function validateConsentApprovalRequest(request: unknown): z.Safe
736
739
  subject: string;
737
740
  name?: string | undefined;
738
741
  email?: string | undefined;
739
- } | undefined;
742
+ } | null | undefined;
740
743
  user_did?: string | undefined;
741
744
  }, {
742
- agent_did: string;
743
- project_id: string;
744
745
  tool: string;
745
746
  scopes: string[];
747
+ agent_did: string;
746
748
  session_id: string;
749
+ project_id: string;
747
750
  termsAccepted: boolean;
748
751
  customFields?: Record<string, string | boolean> | undefined;
749
752
  termsVersion?: string | undefined;
@@ -752,7 +755,7 @@ export declare function validateConsentApprovalRequest(request: unknown): z.Safe
752
755
  subject: string;
753
756
  name?: string | undefined;
754
757
  email?: string | undefined;
755
- } | undefined;
758
+ } | null | undefined;
756
759
  user_did?: string | undefined;
757
760
  }>;
758
761
  /**
package/dist/consent/schemas.js CHANGED
@@ -20,58 +20,79 @@ const zod_1 = require("zod");
20
20
  exports.consentBrandingSchema = zod_1.z.object({
21
21
  primaryColor: zod_1.z
22
22
  .string()
23
- .regex(/^#[0-9A-Fa-f]{6}$/, 'Must be a valid hex color (e.g., #0066CC)')
23
+ .regex(/^#[0-9A-Fa-f]{6}$/, "Must be a valid hex color (e.g., #0066CC)")
24
24
  .optional(),
25
- logoUrl: zod_1.z.string().url('Must be a valid URL').optional(),
26
- companyName: zod_1.z.string().max(100, 'Company name must be 100 characters or less').optional(),
27
- theme: zod_1.z.enum(['light', 'dark', 'auto']).optional(),
25
+ logoUrl: zod_1.z.string().url("Must be a valid URL").optional(),
26
+ companyName: zod_1.z
27
+ .string()
28
+ .max(100, "Company name must be 100 characters or less")
29
+ .optional(),
30
+ theme: zod_1.z.enum(["light", "dark", "auto"]).optional(),
28
31
  });
29
32
  /**
30
33
  * Consent Terms Schema
31
34
  */
32
35
  exports.consentTermsSchema = zod_1.z.object({
33
- text: zod_1.z.string().max(10000, 'Terms text must be 10000 characters or less').optional(),
34
- url: zod_1.z.string().url('Must be a valid URL').optional(),
35
- version: zod_1.z.string().max(50, 'Version must be 50 characters or less').optional(),
36
+ text: zod_1.z
37
+ .string()
38
+ .max(10000, "Terms text must be 10000 characters or less")
39
+ .optional(),
40
+ url: zod_1.z.string().url("Must be a valid URL").optional(),
41
+ version: zod_1.z
42
+ .string()
43
+ .max(50, "Version must be 50 characters or less")
44
+ .optional(),
36
45
  required: zod_1.z.boolean().default(true),
37
46
  });
38
47
  /**
39
48
  * Consent Custom Field Option Schema
40
49
  */
41
50
  exports.consentCustomFieldOptionSchema = zod_1.z.object({
42
- value: zod_1.z.string().max(100, 'Option value must be 100 characters or less'),
43
- label: zod_1.z.string().max(100, 'Option label must be 100 characters or less'),
51
+ value: zod_1.z.string().max(100, "Option value must be 100 characters or less"),
52
+ label: zod_1.z.string().max(100, "Option label must be 100 characters or less"),
44
53
  });
45
54
  /**
46
55
  * Consent Custom Field Schema
47
56
  */
48
- exports.consentCustomFieldSchema = zod_1.z.object({
57
+ exports.consentCustomFieldSchema = zod_1.z
58
+ .object({
49
59
  name: zod_1.z
50
60
  .string()
51
- .min(1, 'Field name is required')
52
- .max(50, 'Field name must be 50 characters or less')
53
- .regex(/^[a-zA-Z0-9_]+$/, 'Field name must contain only letters, numbers, and underscores'),
54
- label: zod_1.z.string().min(1, 'Field label is required').max(100, 'Field label must be 100 characters or less'),
55
- type: zod_1.z.enum(['text', 'textarea', 'checkbox', 'select']),
61
+ .min(1, "Field name is required")
62
+ .max(50, "Field name must be 50 characters or less")
63
+ .regex(/^[a-zA-Z0-9_]+$/, "Field name must contain only letters, numbers, and underscores"),
64
+ label: zod_1.z
65
+ .string()
66
+ .min(1, "Field label is required")
67
+ .max(100, "Field label must be 100 characters or less"),
68
+ type: zod_1.z.enum(["text", "textarea", "checkbox", "select"]),
56
69
  required: zod_1.z.boolean(),
57
- placeholder: zod_1.z.string().max(200, 'Placeholder must be 200 characters or less').optional(),
70
+ placeholder: zod_1.z
71
+ .string()
72
+ .max(200, "Placeholder must be 200 characters or less")
73
+ .optional(),
58
74
  options: zod_1.z
59
75
  .array(exports.consentCustomFieldOptionSchema)
60
- .min(1, 'Select fields must have at least one option')
76
+ .min(1, "Select fields must have at least one option")
77
+ .optional(),
78
+ pattern: zod_1.z
79
+ .string()
80
+ .max(500, "Pattern must be 500 characters or less")
61
81
  .optional(),
62
- pattern: zod_1.z.string().max(500, 'Pattern must be 500 characters or less').optional(),
63
- }).refine((data) => {
82
+ })
83
+ .refine((data) => {
64
84
  // Select fields must have options
65
- if (data.type === 'select' && (!data.options || data.options.length === 0)) {
85
+ if (data.type === "select" &&
86
+ (!data.options || data.options.length === 0)) {
66
87
  return false;
67
88
  }
68
89
  // Non-select fields should not have options
69
- if (data.type !== 'select' && data.options) {
90
+ if (data.type !== "select" && data.options) {
70
91
  return false;
71
92
  }
72
93
  return true;
73
94
  }, {
74
- message: 'Select fields must have options, and non-select fields must not have options',
95
+ message: "Select fields must have options, and non-select fields must not have options",
75
96
  });
76
97
  /**
77
98
  * OAuth Identity Schema
@@ -83,47 +104,50 @@ exports.oauthIdentitySchema = zod_1.z.object({
83
104
  /**
84
105
  * OAuth provider name (e.g., "google", "github", "microsoft")
85
106
  */
86
- provider: zod_1.z.string()
87
- .min(1, 'Provider is required')
88
- .max(50, 'Provider name must be 50 characters or less'),
107
+ provider: zod_1.z
108
+ .string()
109
+ .min(1, "Provider is required")
110
+ .max(50, "Provider name must be 50 characters or less"),
89
111
  /**
90
112
  * OAuth subject identifier (unique user ID from provider)
91
113
  * @example "123456789" (Google), "github-user-id" (GitHub)
92
114
  */
93
- subject: zod_1.z.string()
94
- .min(1, 'Subject is required')
95
- .max(255, 'Subject must be 255 characters or less'),
115
+ subject: zod_1.z
116
+ .string()
117
+ .min(1, "Subject is required")
118
+ .max(255, "Subject must be 255 characters or less"),
96
119
  /**
97
120
  * User's email address from OAuth provider (optional)
98
121
  */
99
- email: zod_1.z.string()
100
- .email('Must be a valid email address')
101
- .max(255, 'Email must be 255 characters or less')
122
+ email: zod_1.z
123
+ .string()
124
+ .email("Must be a valid email address")
125
+ .max(255, "Email must be 255 characters or less")
102
126
  .optional(),
103
127
  /**
104
128
  * User's display name from OAuth provider (optional)
105
129
  */
106
- name: zod_1.z.string()
107
- .max(255, 'Name must be 255 characters or less')
108
- .optional(),
130
+ name: zod_1.z.string().max(255, "Name must be 255 characters or less").optional(),
109
131
  });
110
132
  /**
111
133
  * Consent Page Config Schema
112
134
  */
113
135
  exports.consentPageConfigSchema = zod_1.z.object({
114
- tool: zod_1.z.string().min(1, 'Tool name is required'),
115
- toolDescription: zod_1.z.string().max(500, 'Tool description must be 500 characters or less'),
116
- scopes: zod_1.z.array(zod_1.z.string()).min(0, 'Scopes array cannot be negative'),
117
- agentDid: zod_1.z.string().min(1, 'Agent DID is required'),
118
- sessionId: zod_1.z.string().min(1, 'Session ID is required'),
119
- projectId: zod_1.z.string().min(1, 'Project ID is required'),
136
+ tool: zod_1.z.string().min(1, "Tool name is required"),
137
+ toolDescription: zod_1.z
138
+ .string()
139
+ .max(500, "Tool description must be 500 characters or less"),
140
+ scopes: zod_1.z.array(zod_1.z.string()).min(0, "Scopes array cannot be negative"),
141
+ agentDid: zod_1.z.string().min(1, "Agent DID is required"),
142
+ sessionId: zod_1.z.string().min(1, "Session ID is required"),
143
+ projectId: zod_1.z.string().min(1, "Project ID is required"),
120
144
  branding: exports.consentBrandingSchema.optional(),
121
145
  terms: exports.consentTermsSchema.optional(),
122
146
  customFields: zod_1.z
123
147
  .array(exports.consentCustomFieldSchema)
124
- .max(10, 'Maximum 10 custom fields allowed')
148
+ .max(10, "Maximum 10 custom fields allowed")
125
149
  .optional(),
126
- serverUrl: zod_1.z.string().url('Server URL must be a valid URL'),
150
+ serverUrl: zod_1.z.string().url("Server URL must be a valid URL"),
127
151
  autoClose: zod_1.z.boolean().optional(),
128
152
  });
129
153
  /**
@@ -136,44 +160,49 @@ exports.consentPageConfigSchema = zod_1.z.object({
136
160
  * - user_did: Optional User DID for persistent identity (if already known)
137
161
  */
138
162
  exports.consentApprovalRequestSchema = zod_1.z.object({
139
- tool: zod_1.z.string().min(1, 'Tool name is required'),
140
- scopes: zod_1.z.array(zod_1.z.string()).min(0, 'Scopes array cannot be negative'),
141
- agent_did: zod_1.z.string().min(1, 'Agent DID is required'),
142
- session_id: zod_1.z.string().min(1, 'Session ID is required'),
143
- project_id: zod_1.z.string().min(1, 'Project ID is required'),
163
+ tool: zod_1.z.string().min(1, "Tool name is required"),
164
+ scopes: zod_1.z.array(zod_1.z.string()).min(0, "Scopes array cannot be negative"),
165
+ agent_did: zod_1.z.string().min(1, "Agent DID is required"),
166
+ session_id: zod_1.z.string().min(1, "Session ID is required"),
167
+ project_id: zod_1.z.string().min(1, "Project ID is required"),
144
168
  termsAccepted: zod_1.z.boolean(),
145
- termsVersion: zod_1.z.string()
146
- .max(50, 'Terms version must be 50 characters or less')
147
- .optional(),
148
- customFields: zod_1.z
149
- .record(zod_1.z.union([zod_1.z.string(), zod_1.z.boolean()]))
169
+ termsVersion: zod_1.z
170
+ .string()
171
+ .max(50, "Terms version must be 50 characters or less")
150
172
  .optional(),
173
+ customFields: zod_1.z.record(zod_1.z.union([zod_1.z.string(), zod_1.z.boolean()])).optional(),
151
174
  // Phase 4: OAuth identity linking
152
175
  /**
153
176
  * OAuth provider identity information (optional)
154
177
  * Used to link OAuth accounts to persistent User DIDs
178
+ *
179
+ * CRITICAL: Uses .nullish() to accept null, undefined, or OAuthIdentity
180
+ * This matches JSON parsing behavior where missing fields become null
155
181
  */
156
- oauth_identity: exports.oauthIdentitySchema.optional(),
182
+ oauth_identity: exports.oauthIdentitySchema.nullish(),
157
183
  /**
158
184
  * User DID (optional)
159
185
  * If provided, represents the persistent User DID for this user
160
186
  * Format: did:key:... or did:web:...
161
187
  */
162
- user_did: zod_1.z.string()
163
- .regex(/^did:/, 'Must be a valid DID format (starting with did:)')
164
- .max(500, 'DID must be 500 characters or less')
188
+ user_did: zod_1.z
189
+ .string()
190
+ .regex(/^did:/, "Must be a valid DID format (starting with did:)")
191
+ .max(500, "DID must be 500 characters or less")
165
192
  .optional(),
166
193
  });
167
194
  /**
168
195
  * Consent Approval Response Schema
169
196
  */
170
- exports.consentApprovalResponseSchema = zod_1.z.object({
197
+ exports.consentApprovalResponseSchema = zod_1.z
198
+ .object({
171
199
  success: zod_1.z.boolean(),
172
200
  delegation_id: zod_1.z.string().min(1).optional(),
173
201
  delegation_token: zod_1.z.string().min(1).optional(),
174
202
  error: zod_1.z.string().optional(),
175
203
  error_code: zod_1.z.string().optional(),
176
- }).refine((data) => {
204
+ })
205
+ .refine((data) => {
177
206
  // If success is true, must have delegation_id and delegation_token
178
207
  if (data.success) {
179
208
  return !!data.delegation_id && !!data.delegation_token;
@@ -181,7 +210,7 @@ exports.consentApprovalResponseSchema = zod_1.z.object({
181
210
  // If success is false, must have error or error_code
182
211
  return !!data.error || !!data.error_code;
183
212
  }, {
184
- message: 'Successful responses must include delegation_id and delegation_token. Failed responses must include error or error_code',
213
+ message: "Successful responses must include delegation_id and delegation_token. Failed responses must include error or error_code",
185
214
  });
186
215
  /**
187
216
  * Consent Config Schema
@@ -191,14 +220,21 @@ exports.consentConfigSchema = zod_1.z.object({
191
220
  terms: exports.consentTermsSchema.optional(),
192
221
  customFields: zod_1.z
193
222
  .array(exports.consentCustomFieldSchema)
194
- .max(10, 'Maximum 10 custom fields allowed')
223
+ .max(10, "Maximum 10 custom fields allowed")
195
224
  .optional(),
196
- ui: zod_1.z.object({
197
- theme: zod_1.z.enum(['light', 'dark', 'auto']).optional(),
225
+ ui: zod_1.z
226
+ .object({
227
+ theme: zod_1.z.enum(["light", "dark", "auto"]).optional(),
198
228
  popupEnabled: zod_1.z.boolean().optional(),
199
229
  autoClose: zod_1.z.boolean().optional(),
200
- autoCloseDelay: zod_1.z.number().int().positive().max(60000, 'Auto-close delay must be 60000ms or less').optional(),
201
- }).optional(),
230
+ autoCloseDelay: zod_1.z
231
+ .number()
232
+ .int()
233
+ .positive()
234
+ .max(60000, "Auto-close delay must be 60000ms or less")
235
+ .optional(),
236
+ })
237
+ .optional(),
202
238
  });
203
239
  /**
204
240
  * Validation Helpers
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@kya-os/contracts",
3
- "version": "1.5.3-canary.1",
3
+ "version": "1.5.3-canary.10",
4
4
  "description": "Shared types and schemas for XMCP-I ecosystem",
5
5
  "type": "commonjs",
6
6
  "sideEffects": false,