@kya-os/contracts 1.5.3-canary.13 → 1.5.3-canary.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/dist/agentshield-api/schemas.d.ts +52 -52
  2. package/dist/agentshield-api/schemas.js +1 -1
  3. package/dist/agentshield-api/types.d.ts +1 -1
  4. package/dist/config/identity.d.ts +68 -0
  5. package/dist/config/index.d.ts +2 -1
  6. package/dist/config/tool-context.d.ts +34 -0
  7. package/dist/config/tool-context.js +13 -0
  8. package/dist/consent/schemas.d.ts +64 -59
  9. package/dist/consent/schemas.js +1 -0
  10. package/dist/dashboard-config/schemas.d.ts +964 -912
  11. package/dist/tool-protection/index.d.ts +24 -6
  12. package/dist/tool-protection/index.js +2 -1
  13. package/package.json +1 -1
package/dist/agentshield-api/schemas.d.ts CHANGED
@@ -211,12 +211,12 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
211
211
  identifier: string;
212
212
  }>>;
213
213
  }, "strip", z.ZodTypeAny, {
214
- sessionId: string;
215
- scopes: string[];
216
214
  timestamp: number;
215
+ sessionId: string;
217
216
  eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
218
217
  agentDid: string;
219
218
  targetTools: string[];
219
+ scopes: string[];
220
220
  projectId: string;
221
221
  userDid?: string | undefined;
222
222
  delegationId?: string | undefined;
@@ -227,12 +227,12 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
227
227
  identifier: string;
228
228
  } | undefined;
229
229
  }, {
230
- sessionId: string;
231
- scopes: string[];
232
230
  timestamp: number;
231
+ sessionId: string;
233
232
  eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
234
233
  agentDid: string;
235
234
  targetTools: string[];
235
+ scopes: string[];
236
236
  projectId: string;
237
237
  userDid?: string | undefined;
238
238
  delegationId?: string | undefined;
@@ -253,12 +253,12 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
253
253
  userIdentifier?: string | undefined;
254
254
  }[] | undefined;
255
255
  consentEvents?: {
256
- sessionId: string;
257
- scopes: string[];
258
256
  timestamp: number;
257
+ sessionId: string;
259
258
  eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
260
259
  agentDid: string;
261
260
  targetTools: string[];
261
+ scopes: string[];
262
262
  projectId: string;
263
263
  userDid?: string | undefined;
264
264
  delegationId?: string | undefined;
@@ -279,12 +279,12 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
279
279
  userIdentifier?: string | undefined;
280
280
  }[] | undefined;
281
281
  consentEvents?: {
282
- sessionId: string;
283
- scopes: string[];
284
282
  timestamp: number;
283
+ sessionId: string;
285
284
  eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
286
285
  agentDid: string;
287
286
  targetTools: string[];
287
+ scopes: string[];
288
288
  projectId: string;
289
289
  userDid?: string | undefined;
290
290
  delegationId?: string | undefined;
@@ -325,12 +325,12 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
325
325
  userIdentifier?: string | undefined;
326
326
  }[] | undefined;
327
327
  consentEvents?: {
328
- sessionId: string;
329
- scopes: string[];
330
328
  timestamp: number;
329
+ sessionId: string;
331
330
  eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
332
331
  agentDid: string;
333
332
  targetTools: string[];
333
+ scopes: string[];
334
334
  projectId: string;
335
335
  userDid?: string | undefined;
336
336
  delegationId?: string | undefined;
@@ -371,12 +371,12 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
371
371
  userIdentifier?: string | undefined;
372
372
  }[] | undefined;
373
373
  consentEvents?: {
374
- sessionId: string;
375
- scopes: string[];
376
374
  timestamp: number;
375
+ sessionId: string;
377
376
  eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
378
377
  agentDid: string;
379
378
  targetTools: string[];
379
+ scopes: string[];
380
380
  projectId: string;
381
381
  userDid?: string | undefined;
382
382
  delegationId?: string | undefined;
@@ -397,7 +397,7 @@ export declare const proofSubmissionResponseSchema: z.ZodObject<{
397
397
  success: z.ZodBoolean;
398
398
  accepted: z.ZodNumber;
399
399
  rejected: z.ZodNumber;
400
- outcomes: z.ZodRecord<z.ZodString, z.ZodNumber>;
400
+ outcomes: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodNumber>>;
401
401
  errors: z.ZodOptional<z.ZodArray<z.ZodObject<{
402
402
  proof_index: z.ZodNumber;
403
403
  error: z.ZodObject<{
@@ -414,45 +414,45 @@ export declare const proofSubmissionResponseSchema: z.ZodObject<{
414
414
  details?: Record<string, unknown> | undefined;
415
415
  }>;
416
416
  }, "strip", z.ZodTypeAny, {
417
+ proof_index: number;
417
418
  error: {
418
419
  code: string;
419
420
  message: string;
420
421
  details?: Record<string, unknown> | undefined;
421
422
  };
422
- proof_index: number;
423
423
  }, {
424
+ proof_index: number;
424
425
  error: {
425
426
  code: string;
426
427
  message: string;
427
428
  details?: Record<string, unknown> | undefined;
428
429
  };
429
- proof_index: number;
430
430
  }>, "many">>;
431
431
  }, "strip", z.ZodTypeAny, {
432
432
  success: boolean;
433
433
  accepted: number;
434
434
  rejected: number;
435
- outcomes: Record<string, number>;
435
+ outcomes?: Record<string, number> | undefined;
436
436
  errors?: {
437
+ proof_index: number;
437
438
  error: {
438
439
  code: string;
439
440
  message: string;
440
441
  details?: Record<string, unknown> | undefined;
441
442
  };
442
- proof_index: number;
443
443
  }[] | undefined;
444
444
  }, {
445
445
  success: boolean;
446
446
  accepted: number;
447
447
  rejected: number;
448
- outcomes: Record<string, number>;
448
+ outcomes?: Record<string, number> | undefined;
449
449
  errors?: {
450
+ proof_index: number;
450
451
  error: {
451
452
  code: string;
452
453
  message: string;
453
454
  details?: Record<string, unknown> | undefined;
454
455
  };
455
- proof_index: number;
456
456
  }[] | undefined;
457
457
  }>;
458
458
  /**
@@ -471,24 +471,24 @@ export declare const delegationCredentialSchema: z.ZodObject<{
471
471
  agent_did: string;
472
472
  issued_at: number;
473
473
  created_at: number;
474
- constraints?: Record<string, unknown> | undefined;
475
474
  user_id?: string | undefined;
476
475
  user_identifier?: string | undefined;
476
+ constraints?: Record<string, unknown> | undefined;
477
477
  }, {
478
478
  scopes: string[];
479
479
  agent_did: string;
480
480
  issued_at: number;
481
481
  created_at: number;
482
- constraints?: Record<string, unknown> | undefined;
483
482
  user_id?: string | undefined;
484
483
  user_identifier?: string | undefined;
484
+ constraints?: Record<string, unknown> | undefined;
485
485
  }>;
486
486
  /**
487
487
  * Delegation verification request schema
488
488
  */
489
489
  export declare const verifyDelegationRequestSchema: z.ZodObject<{
490
- scopes: z.ZodOptional<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
491
490
  timestamp: z.ZodOptional<z.ZodNumber>;
491
+ scopes: z.ZodOptional<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
492
492
  agent_did: z.ZodString;
493
493
  credential_jwt: z.ZodOptional<z.ZodString>;
494
494
  delegation_token: z.ZodOptional<z.ZodString>;
@@ -507,8 +507,8 @@ export declare const verifyDelegationRequestSchema: z.ZodObject<{
507
507
  }>>;
508
508
  }, "strip", z.ZodTypeAny, {
509
509
  agent_did: string;
510
- scopes?: string[] | undefined;
511
510
  timestamp?: number | undefined;
511
+ scopes?: string[] | undefined;
512
512
  credential_jwt?: string | undefined;
513
513
  delegation_token?: string | undefined;
514
514
  client_info?: {
@@ -518,8 +518,8 @@ export declare const verifyDelegationRequestSchema: z.ZodObject<{
518
518
  } | undefined;
519
519
  }, {
520
520
  agent_did: string;
521
- scopes?: string[] | undefined;
522
521
  timestamp?: number | undefined;
522
+ scopes?: string[] | undefined;
523
523
  credential_jwt?: string | undefined;
524
524
  delegation_token?: string | undefined;
525
525
  client_info?: {
@@ -1778,17 +1778,17 @@ export declare const verifyDelegationResponseSchema: z.ZodObject<{
1778
1778
  agent_did: string;
1779
1779
  issued_at: number;
1780
1780
  created_at: number;
1781
- constraints?: Record<string, unknown> | undefined;
1782
1781
  user_id?: string | undefined;
1783
1782
  user_identifier?: string | undefined;
1783
+ constraints?: Record<string, unknown> | undefined;
1784
1784
  }, {
1785
1785
  scopes: string[];
1786
1786
  agent_did: string;
1787
1787
  issued_at: number;
1788
1788
  created_at: number;
1789
- constraints?: Record<string, unknown> | undefined;
1790
1789
  user_id?: string | undefined;
1791
1790
  user_identifier?: string | undefined;
1791
+ constraints?: Record<string, unknown> | undefined;
1792
1792
  }>>;
1793
1793
  error: z.ZodOptional<z.ZodObject<{
1794
1794
  code: z.ZodString;
@@ -1806,12 +1806,12 @@ export declare const verifyDelegationResponseSchema: z.ZodObject<{
1806
1806
  reason: z.ZodOptional<z.ZodString>;
1807
1807
  }, "strip", z.ZodTypeAny, {
1808
1808
  valid: boolean;
1809
+ delegation_id?: string | undefined;
1809
1810
  error?: {
1810
1811
  code: string;
1811
1812
  message: string;
1812
1813
  details?: Record<string, unknown> | undefined;
1813
1814
  } | undefined;
1814
- delegation_id?: string | undefined;
1815
1815
  delegation?: z.objectOutputType<{
1816
1816
  id: z.ZodString;
1817
1817
  issuerDid: z.ZodString;
@@ -2228,19 +2228,19 @@ export declare const verifyDelegationResponseSchema: z.ZodObject<{
2228
2228
  agent_did: string;
2229
2229
  issued_at: number;
2230
2230
  created_at: number;
2231
- constraints?: Record<string, unknown> | undefined;
2232
2231
  user_id?: string | undefined;
2233
2232
  user_identifier?: string | undefined;
2233
+ constraints?: Record<string, unknown> | undefined;
2234
2234
  } | undefined;
2235
2235
  reason?: string | undefined;
2236
2236
  }, {
2237
2237
  valid: boolean;
2238
+ delegation_id?: string | undefined;
2238
2239
  error?: {
2239
2240
  code: string;
2240
2241
  message: string;
2241
2242
  details?: Record<string, unknown> | undefined;
2242
2243
  } | undefined;
2243
- delegation_id?: string | undefined;
2244
2244
  delegation?: z.objectInputType<{
2245
2245
  id: z.ZodString;
2246
2246
  issuerDid: z.ZodString;
@@ -2657,9 +2657,9 @@ export declare const verifyDelegationResponseSchema: z.ZodObject<{
2657
2657
  agent_did: string;
2658
2658
  issued_at: number;
2659
2659
  created_at: number;
2660
- constraints?: Record<string, unknown> | undefined;
2661
2660
  user_id?: string | undefined;
2662
2661
  user_identifier?: string | undefined;
2662
+ constraints?: Record<string, unknown> | undefined;
2663
2663
  } | undefined;
2664
2664
  reason?: string | undefined;
2665
2665
  }>;
@@ -3915,17 +3915,17 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
3915
3915
  agent_did: string;
3916
3916
  issued_at: number;
3917
3917
  created_at: number;
3918
- constraints?: Record<string, unknown> | undefined;
3919
3918
  user_id?: string | undefined;
3920
3919
  user_identifier?: string | undefined;
3920
+ constraints?: Record<string, unknown> | undefined;
3921
3921
  }, {
3922
3922
  scopes: string[];
3923
3923
  agent_did: string;
3924
3924
  issued_at: number;
3925
3925
  created_at: number;
3926
- constraints?: Record<string, unknown> | undefined;
3927
3926
  user_id?: string | undefined;
3928
3927
  user_identifier?: string | undefined;
3928
+ constraints?: Record<string, unknown> | undefined;
3929
3929
  }>>;
3930
3930
  error: z.ZodOptional<z.ZodObject<{
3931
3931
  code: z.ZodString;
@@ -3943,12 +3943,12 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
3943
3943
  reason: z.ZodOptional<z.ZodString>;
3944
3944
  }, "strip", z.ZodTypeAny, {
3945
3945
  valid: boolean;
3946
+ delegation_id?: string | undefined;
3946
3947
  error?: {
3947
3948
  code: string;
3948
3949
  message: string;
3949
3950
  details?: Record<string, unknown> | undefined;
3950
3951
  } | undefined;
3951
- delegation_id?: string | undefined;
3952
3952
  delegation?: z.objectOutputType<{
3953
3953
  id: z.ZodString;
3954
3954
  issuerDid: z.ZodString;
@@ -4365,19 +4365,19 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
4365
4365
  agent_did: string;
4366
4366
  issued_at: number;
4367
4367
  created_at: number;
4368
- constraints?: Record<string, unknown> | undefined;
4369
4368
  user_id?: string | undefined;
4370
4369
  user_identifier?: string | undefined;
4370
+ constraints?: Record<string, unknown> | undefined;
4371
4371
  } | undefined;
4372
4372
  reason?: string | undefined;
4373
4373
  }, {
4374
4374
  valid: boolean;
4375
+ delegation_id?: string | undefined;
4375
4376
  error?: {
4376
4377
  code: string;
4377
4378
  message: string;
4378
4379
  details?: Record<string, unknown> | undefined;
4379
4380
  } | undefined;
4380
- delegation_id?: string | undefined;
4381
4381
  delegation?: z.objectInputType<{
4382
4382
  id: z.ZodString;
4383
4383
  issuerDid: z.ZodString;
@@ -4794,9 +4794,9 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
4794
4794
  agent_did: string;
4795
4795
  issued_at: number;
4796
4796
  created_at: number;
4797
- constraints?: Record<string, unknown> | undefined;
4798
4797
  user_id?: string | undefined;
4799
4798
  user_identifier?: string | undefined;
4799
+ constraints?: Record<string, unknown> | undefined;
4800
4800
  } | undefined;
4801
4801
  reason?: string | undefined;
4802
4802
  }>;
@@ -4814,12 +4814,12 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
4814
4814
  success: boolean;
4815
4815
  data: {
4816
4816
  valid: boolean;
4817
+ delegation_id?: string | undefined;
4817
4818
  error?: {
4818
4819
  code: string;
4819
4820
  message: string;
4820
4821
  details?: Record<string, unknown> | undefined;
4821
4822
  } | undefined;
4822
- delegation_id?: string | undefined;
4823
4823
  delegation?: z.objectOutputType<{
4824
4824
  id: z.ZodString;
4825
4825
  issuerDid: z.ZodString;
@@ -5236,9 +5236,9 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
5236
5236
  agent_did: string;
5237
5237
  issued_at: number;
5238
5238
  created_at: number;
5239
- constraints?: Record<string, unknown> | undefined;
5240
5239
  user_id?: string | undefined;
5241
5240
  user_identifier?: string | undefined;
5241
+ constraints?: Record<string, unknown> | undefined;
5242
5242
  } | undefined;
5243
5243
  reason?: string | undefined;
5244
5244
  };
@@ -5250,12 +5250,12 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
5250
5250
  success: boolean;
5251
5251
  data: {
5252
5252
  valid: boolean;
5253
+ delegation_id?: string | undefined;
5253
5254
  error?: {
5254
5255
  code: string;
5255
5256
  message: string;
5256
5257
  details?: Record<string, unknown> | undefined;
5257
5258
  } | undefined;
5258
- delegation_id?: string | undefined;
5259
5259
  delegation?: z.objectInputType<{
5260
5260
  id: z.ZodString;
5261
5261
  issuerDid: z.ZodString;
@@ -5672,9 +5672,9 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
5672
5672
  agent_did: string;
5673
5673
  issued_at: number;
5674
5674
  created_at: number;
5675
- constraints?: Record<string, unknown> | undefined;
5676
5675
  user_id?: string | undefined;
5677
5676
  user_identifier?: string | undefined;
5677
+ constraints?: Record<string, unknown> | undefined;
5678
5678
  } | undefined;
5679
5679
  reason?: string | undefined;
5680
5680
  };
@@ -5981,8 +5981,8 @@ export declare const createDelegationResponseSchema: z.ZodObject<{
5981
5981
  created_at: z.ZodString;
5982
5982
  }, "strip", z.ZodTypeAny, {
5983
5983
  status: "active" | "revoked" | "expired";
5984
- scopes: string[];
5985
5984
  delegation_id: string;
5985
+ scopes: string[];
5986
5986
  agent_did: string;
5987
5987
  issued_at: string;
5988
5988
  created_at: string;
@@ -5991,8 +5991,8 @@ export declare const createDelegationResponseSchema: z.ZodObject<{
5991
5991
  expires_at?: string | null | undefined;
5992
5992
  }, {
5993
5993
  status: "active" | "revoked" | "expired";
5994
- scopes: string[];
5995
5994
  delegation_id: string;
5995
+ scopes: string[];
5996
5996
  agent_did: string;
5997
5997
  issued_at: string;
5998
5998
  created_at: string;
@@ -6017,8 +6017,8 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
6017
6017
  created_at: z.ZodString;
6018
6018
  }, "strip", z.ZodTypeAny, {
6019
6019
  status: "active" | "revoked" | "expired";
6020
- scopes: string[];
6021
6020
  delegation_id: string;
6021
+ scopes: string[];
6022
6022
  agent_did: string;
6023
6023
  issued_at: string;
6024
6024
  created_at: string;
@@ -6027,8 +6027,8 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
6027
6027
  expires_at?: string | null | undefined;
6028
6028
  }, {
6029
6029
  status: "active" | "revoked" | "expired";
6030
- scopes: string[];
6031
6030
  delegation_id: string;
6031
+ scopes: string[];
6032
6032
  agent_did: string;
6033
6033
  issued_at: string;
6034
6034
  created_at: string;
@@ -6050,8 +6050,8 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
6050
6050
  success: boolean;
6051
6051
  data: {
6052
6052
  status: "active" | "revoked" | "expired";
6053
- scopes: string[];
6054
6053
  delegation_id: string;
6054
+ scopes: string[];
6055
6055
  agent_did: string;
6056
6056
  issued_at: string;
6057
6057
  created_at: string;
@@ -6067,8 +6067,8 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
6067
6067
  success: boolean;
6068
6068
  data: {
6069
6069
  status: "active" | "revoked" | "expired";
6070
- scopes: string[];
6071
6070
  delegation_id: string;
6071
+ scopes: string[];
6072
6072
  agent_did: string;
6073
6073
  issued_at: string;
6074
6074
  created_at: string;
@@ -6099,12 +6099,12 @@ export declare const revokeDelegationResponseSchema: z.ZodObject<{
6099
6099
  revoked: z.ZodBoolean;
6100
6100
  revoked_at: z.ZodNumber;
6101
6101
  }, "strip", z.ZodTypeAny, {
6102
- revoked: boolean;
6103
6102
  delegation_id: string;
6103
+ revoked: boolean;
6104
6104
  revoked_at: number;
6105
6105
  }, {
6106
- revoked: boolean;
6107
6106
  delegation_id: string;
6107
+ revoked: boolean;
6108
6108
  revoked_at: number;
6109
6109
  }>;
6110
6110
  /**
@@ -6117,12 +6117,12 @@ export declare const revokeDelegationAPIResponseSchema: z.ZodObject<{
6117
6117
  revoked: z.ZodBoolean;
6118
6118
  revoked_at: z.ZodNumber;
6119
6119
  }, "strip", z.ZodTypeAny, {
6120
- revoked: boolean;
6121
6120
  delegation_id: string;
6121
+ revoked: boolean;
6122
6122
  revoked_at: number;
6123
6123
  }, {
6124
- revoked: boolean;
6125
6124
  delegation_id: string;
6125
+ revoked: boolean;
6126
6126
  revoked_at: number;
6127
6127
  }>;
6128
6128
  metadata: z.ZodOptional<z.ZodObject<{
@@ -6138,8 +6138,8 @@ export declare const revokeDelegationAPIResponseSchema: z.ZodObject<{
6138
6138
  }, "strip", z.ZodTypeAny, {
6139
6139
  success: boolean;
6140
6140
  data: {
6141
- revoked: boolean;
6142
6141
  delegation_id: string;
6142
+ revoked: boolean;
6143
6143
  revoked_at: number;
6144
6144
  };
6145
6145
  metadata?: {
@@ -6149,8 +6149,8 @@ export declare const revokeDelegationAPIResponseSchema: z.ZodObject<{
6149
6149
  }, {
6150
6150
  success: boolean;
6151
6151
  data: {
6152
- revoked: boolean;
6153
6152
  delegation_id: string;
6153
+ revoked: boolean;
6154
6154
  revoked_at: number;
6155
6155
  };
6156
6156
  metadata?: {
package/dist/agentshield-api/schemas.js CHANGED
@@ -97,7 +97,7 @@ exports.proofSubmissionResponseSchema = zod_1.z.object({
97
97
  success: zod_1.z.boolean(),
98
98
  accepted: zod_1.z.number().int().min(0),
99
99
  rejected: zod_1.z.number().int().min(0),
100
- outcomes: zod_1.z.record(zod_1.z.string(), zod_1.z.number().int().min(0)), // Record<BouncerOutcome, number>
100
+ outcomes: zod_1.z.record(zod_1.z.string(), zod_1.z.number().int().min(0)).optional(), // Record<BouncerOutcome, number> - Optional because API may return empty object or omit it
101
101
  errors: zod_1.z
102
102
  .array(zod_1.z.object({
103
103
  proof_index: zod_1.z.number().int().min(0),
package/dist/agentshield-api/types.d.ts CHANGED
@@ -94,7 +94,7 @@ export interface ProofSubmissionResponse {
94
94
  success: boolean;
95
95
  accepted: number;
96
96
  rejected: number;
97
- outcomes: Record<BouncerOutcome, number>;
97
+ outcomes?: Record<BouncerOutcome, number>;
98
98
  errors?: Array<{
99
99
  proof_index: number;
100
100
  error: {
package/dist/config/identity.d.ts CHANGED
@@ -73,6 +73,74 @@ export interface RuntimeIdentityConfig {
73
73
  */
74
74
  userDidStorage?: 'ephemeral' | 'persistent';
75
75
  }
76
+ /**
77
+ * OAuth Provider Configuration
78
+ *
79
+ * Configuration for a single OAuth provider (GitHub, Google, etc.)
80
+ */
81
+ export interface OAuthProvider {
82
+ /** OAuth client ID (public, safe to expose) */
83
+ clientId: string;
84
+ /** OAuth client secret (NOT returned in API response for security) */
85
+ clientSecret?: string | null;
86
+ /** OAuth authorization URL */
87
+ authorizationUrl: string;
88
+ /** OAuth token exchange URL */
89
+ tokenUrl: string;
90
+ /** OAuth user info endpoint URL */
91
+ userInfoUrl?: string;
92
+ /** Whether provider supports PKCE (Proof Key for Code Exchange) */
93
+ supportsPKCE: boolean;
94
+ /** Whether provider requires client secret (false for PKCE-only providers) */
95
+ requiresClientSecret: boolean;
96
+ /** Available scopes for this provider */
97
+ scopes?: string[];
98
+ /** Default scopes to request */
99
+ defaultScopes?: string[];
100
+ /** Whether provider uses proxy mode (via AgentShield) */
101
+ proxyMode?: boolean;
102
+ /** Custom OAuth parameters to include in authorization URL (e.g., audience, acr_values) */
103
+ customParams?: Record<string, string>;
104
+ /** Token endpoint authentication method */
105
+ tokenEndpointAuthMethod?: 'client_secret_post' | 'client_secret_basic';
106
+ /** OAuth response type (default: "code") */
107
+ responseType?: string;
108
+ /** OAuth grant type (default: "authorization_code") */
109
+ grantType?: string;
110
+ }
111
+ /**
112
+ * OAuth Configuration
113
+ *
114
+ * Configuration for OAuth providers fetched from AgentShield API.
115
+ * Contains all available providers for a project.
116
+ *
117
+ * Note: API does NOT return a defaultProvider field (Phase 1 architecture).
118
+ * Phase 1 uses configured provider as temporary fallback.
119
+ * Phase 2+ requires tools to explicitly specify oauthProvider.
120
+ */
121
+ export interface OAuthConfig {
122
+ /** Map of provider names to provider configurations */
123
+ providers: Record<string, OAuthProvider>;
124
+ }
125
+ /**
126
+ * IDP Tokens
127
+ *
128
+ * Tokens received from OAuth provider (IDP = Identity Provider)
129
+ */
130
+ export interface IdpTokens {
131
+ /** OAuth access token for API calls */
132
+ access_token: string;
133
+ /** OAuth refresh token (optional) */
134
+ refresh_token?: string;
135
+ /** Token expiration time in seconds */
136
+ expires_in?: number;
137
+ /** Token expiration timestamp (milliseconds since epoch) */
138
+ expires_at: number;
139
+ /** Token type (usually "Bearer") */
140
+ token_type: string;
141
+ /** Granted scopes */
142
+ scope?: string;
143
+ }
76
144
  /**
77
145
  * Agent identity representation
78
146
  * The actual identity data structure used at runtime
package/dist/config/index.d.ts CHANGED
@@ -12,7 +12,8 @@ import type { ProofingConfig } from "./proofing.js";
12
12
  import type { DelegationConfig } from "./delegation.js";
13
13
  import type { ToolProtectionSourceConfig } from "./tool-protection.js";
14
14
  export { MCPIBaseConfig } from "./base.js";
15
- export { RuntimeIdentityConfig, AgentIdentity } from "./identity.js";
15
+ export { RuntimeIdentityConfig, AgentIdentity, OAuthProvider, OAuthConfig, IdpTokens, } from "./identity.js";
16
+ export type { ToolExecutionContext } from "./tool-context.js";
16
17
  /**
17
18
  * @deprecated Use RuntimeIdentityConfig instead
18
19
  * This export is maintained for backward compatibility
package/dist/config/tool-context.d.ts ADDED
@@ -0,0 +1,34 @@
1
+ /**
2
+ * Tool Execution Context
3
+ *
4
+ * Execution context passed to tool handlers, enabling tools to access
5
+ * IDP tokens for external API calls (GitHub, Google, etc.).
6
+ *
7
+ * All fields are optional for backward compatibility - tools that don't
8
+ * require OAuth will receive undefined context.
9
+ *
10
+ * @package @kya-os/contracts
11
+ */
12
+ /**
13
+ * Execution context passed to tool handlers
14
+ *
15
+ * Enables tools to access IDP tokens for external API calls.
16
+ * Context is only provided when:
17
+ * - Tool requires OAuth (has requiredScopes)
18
+ * - User DID is available
19
+ * - IDP token is successfully resolved
20
+ */
21
+ export interface ToolExecutionContext {
22
+ /** IDP access token for external API calls (e.g., GitHub, Google) */
23
+ idpToken?: string;
24
+ /** OAuth provider name (e.g., "github", "google") */
25
+ provider?: string;
26
+ /** Scopes granted for this token */
27
+ scopes?: string[];
28
+ /** User DID associated with this token */
29
+ userDid?: string;
30
+ /** Session ID */
31
+ sessionId?: string;
32
+ /** Delegation token (MCP-I internal authorization) */
33
+ delegationToken?: string;
34
+ }
package/dist/config/tool-context.js ADDED
@@ -0,0 +1,13 @@
1
+ "use strict";
2
+ /**
3
+ * Tool Execution Context
4
+ *
5
+ * Execution context passed to tool handlers, enabling tools to access
6
+ * IDP tokens for external API calls (GitHub, Google, etc.).
7
+ *
8
+ * All fields are optional for backward compatibility - tools that don't
9
+ * require OAuth will receive undefined context.
10
+ *
11
+ * @package @kya-os/contracts
12
+ */
13
+ Object.defineProperty(exports, "__esModule", { value: true });