@kya-os/contracts 1.5.3-canary.4 → 1.5.3-canary.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/agentshield-api/index.d.ts +1 -1
  2. package/dist/agentshield-api/schemas.d.ts +182 -59
  3. package/dist/agentshield-api/schemas.js +27 -0
  4. package/dist/agentshield-api/types.d.ts +25 -0
  5. package/dist/consent/schemas.d.ts +1 -1
  6. package/dist/consent/schemas.js +96 -63
  7. package/package.json +1 -1
package/dist/agentshield-api/index.d.ts CHANGED
@@ -6,7 +6,7 @@
6
6
  *
7
7
  * @package @kya-os/contracts/agentshield-api
8
8
  */
9
- export type { AgentShieldAPIResponse, AgentShieldAPIErrorResponse, ProofSubmissionRequest, ProofSubmissionResponse, ToolCallContext, BouncerOutcome, VerifyDelegationRequest, VerifyDelegationResponse, VerifyDelegationAPIResponse, DelegationCredential, AgentShieldToolProtection, ToolProtectionConfigResponse, ToolProtectionConfigAPIResponse, CreateDelegationRequest, CreateDelegationResponse, CreateDelegationAPIResponse, RevokeDelegationRequest, RevokeDelegationResponse, RevokeDelegationAPIResponse, } from "./types.js";
9
+ export type { AgentShieldAPIResponse, AgentShieldAPIErrorResponse, ProofSubmissionRequest, ProofSubmissionResponse, ToolCallContext, ConsentEventContext, BouncerOutcome, VerifyDelegationRequest, VerifyDelegationResponse, VerifyDelegationAPIResponse, DelegationCredential, AgentShieldToolProtection, ToolProtectionConfigResponse, ToolProtectionConfigAPIResponse, CreateDelegationRequest, CreateDelegationResponse, CreateDelegationAPIResponse, RevokeDelegationRequest, RevokeDelegationResponse, RevokeDelegationAPIResponse, } from "./types.js";
10
10
  export { AgentShieldAPIError } from "./types.js";
11
11
  export type { AgentShieldAPIHeaders } from "./endpoints.js";
12
12
  export type { ClearCacheRequest, ClearCacheResponse } from "./admin-types.js";
package/dist/agentshield-api/schemas.d.ts CHANGED
@@ -33,11 +33,11 @@ export declare const agentShieldAPIResponseSchema: <T extends z.ZodTypeAny>(data
33
33
  requestId: z.ZodString;
34
34
  timestamp: z.ZodString;
35
35
  }, "strip", z.ZodTypeAny, {
36
- timestamp: string;
37
36
  requestId: string;
38
- }, {
39
37
  timestamp: string;
38
+ }, {
40
39
  requestId: string;
40
+ timestamp: string;
41
41
  }>>;
42
42
  }, "strip", z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<{
43
43
  success: z.ZodBoolean;
@@ -46,11 +46,11 @@ export declare const agentShieldAPIResponseSchema: <T extends z.ZodTypeAny>(data
46
46
  requestId: z.ZodString;
47
47
  timestamp: z.ZodString;
48
48
  }, "strip", z.ZodTypeAny, {
49
- timestamp: string;
50
49
  requestId: string;
51
- }, {
52
50
  timestamp: string;
51
+ }, {
53
52
  requestId: string;
53
+ timestamp: string;
54
54
  }>>;
55
55
  }>, any> extends infer T_1 ? { [k in keyof T_1]: z.objectUtil.addQuestionMarks<z.baseObjectOutputType<{
56
56
  success: z.ZodBoolean;
@@ -59,11 +59,11 @@ export declare const agentShieldAPIResponseSchema: <T extends z.ZodTypeAny>(data
59
59
  requestId: z.ZodString;
60
60
  timestamp: z.ZodString;
61
61
  }, "strip", z.ZodTypeAny, {
62
- timestamp: string;
63
62
  requestId: string;
64
- }, {
65
63
  timestamp: string;
64
+ }, {
66
65
  requestId: string;
66
+ timestamp: string;
67
67
  }>>;
68
68
  }>, any>[k]; } : never, z.baseObjectInputType<{
69
69
  success: z.ZodBoolean;
@@ -72,11 +72,11 @@ export declare const agentShieldAPIResponseSchema: <T extends z.ZodTypeAny>(data
72
72
  requestId: z.ZodString;
73
73
  timestamp: z.ZodString;
74
74
  }, "strip", z.ZodTypeAny, {
75
- timestamp: string;
76
75
  requestId: string;
77
- }, {
78
76
  timestamp: string;
77
+ }, {
79
78
  requestId: string;
79
+ timestamp: string;
80
80
  }>>;
81
81
  }> extends infer T_2 ? { [k_1 in keyof T_2]: z.baseObjectInputType<{
82
82
  success: z.ZodBoolean;
@@ -85,11 +85,11 @@ export declare const agentShieldAPIResponseSchema: <T extends z.ZodTypeAny>(data
85
85
  requestId: z.ZodString;
86
86
  timestamp: z.ZodString;
87
87
  }, "strip", z.ZodTypeAny, {
88
- timestamp: string;
89
88
  requestId: string;
90
- }, {
91
89
  timestamp: string;
90
+ }, {
92
91
  requestId: string;
92
+ timestamp: string;
93
93
  }>>;
94
94
  }>[k_1]; } : never>;
95
95
  /**
@@ -115,57 +115,57 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
115
115
  }, "strip", z.ZodTypeAny, {
116
116
  did: string;
117
117
  kid: string;
118
+ ts: number;
118
119
  nonce: string;
119
120
  audience: string;
120
121
  sessionId: string;
121
- ts: number;
122
122
  requestHash: string;
123
123
  responseHash: string;
124
- clientDid?: string | undefined;
125
124
  scopeId?: string | undefined;
126
125
  delegationRef?: string | undefined;
126
+ clientDid?: string | undefined;
127
127
  }, {
128
128
  did: string;
129
129
  kid: string;
130
+ ts: number;
130
131
  nonce: string;
131
132
  audience: string;
132
133
  sessionId: string;
133
- ts: number;
134
134
  requestHash: string;
135
135
  responseHash: string;
136
- clientDid?: string | undefined;
137
136
  scopeId?: string | undefined;
138
137
  delegationRef?: string | undefined;
138
+ clientDid?: string | undefined;
139
139
  }>;
140
140
  }, "strip", z.ZodTypeAny, {
141
141
  jws: string;
142
142
  meta: {
143
143
  did: string;
144
144
  kid: string;
145
+ ts: number;
145
146
  nonce: string;
146
147
  audience: string;
147
148
  sessionId: string;
148
- ts: number;
149
149
  requestHash: string;
150
150
  responseHash: string;
151
- clientDid?: string | undefined;
152
151
  scopeId?: string | undefined;
153
152
  delegationRef?: string | undefined;
153
+ clientDid?: string | undefined;
154
154
  };
155
155
  }, {
156
156
  jws: string;
157
157
  meta: {
158
158
  did: string;
159
159
  kid: string;
160
+ ts: number;
160
161
  nonce: string;
161
162
  audience: string;
162
163
  sessionId: string;
163
- ts: number;
164
164
  requestHash: string;
165
165
  responseHash: string;
166
- clientDid?: string | undefined;
167
166
  scopeId?: string | undefined;
168
167
  delegationRef?: string | undefined;
168
+ clientDid?: string | undefined;
169
169
  };
170
170
  }>, "many">;
171
171
  context: z.ZodOptional<z.ZodObject<{
@@ -188,6 +188,61 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
188
188
  result?: unknown;
189
189
  userIdentifier?: string | undefined;
190
190
  }>, "many">>;
191
+ consentEvents: z.ZodOptional<z.ZodArray<z.ZodObject<{
192
+ eventType: z.ZodEnum<["consent:page_viewed", "consent:approved", "consent:delegation_created", "consent:credential_required"]>;
193
+ timestamp: z.ZodNumber;
194
+ sessionId: z.ZodString;
195
+ userDid: z.ZodOptional<z.ZodString>;
196
+ agentDid: z.ZodString;
197
+ targetTools: z.ZodArray<z.ZodString, "many">;
198
+ scopes: z.ZodArray<z.ZodString, "many">;
199
+ delegationId: z.ZodOptional<z.ZodString>;
200
+ projectId: z.ZodString;
201
+ termsAccepted: z.ZodOptional<z.ZodBoolean>;
202
+ credentialStatus: z.ZodOptional<z.ZodEnum<["present", "required", "obtained"]>>;
203
+ oauthIdentity: z.ZodOptional<z.ZodObject<{
204
+ provider: z.ZodString;
205
+ identifier: z.ZodString;
206
+ }, "strip", z.ZodTypeAny, {
207
+ provider: string;
208
+ identifier: string;
209
+ }, {
210
+ provider: string;
211
+ identifier: string;
212
+ }>>;
213
+ }, "strip", z.ZodTypeAny, {
214
+ sessionId: string;
215
+ scopes: string[];
216
+ timestamp: number;
217
+ eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
218
+ agentDid: string;
219
+ targetTools: string[];
220
+ projectId: string;
221
+ userDid?: string | undefined;
222
+ delegationId?: string | undefined;
223
+ termsAccepted?: boolean | undefined;
224
+ credentialStatus?: "present" | "required" | "obtained" | undefined;
225
+ oauthIdentity?: {
226
+ provider: string;
227
+ identifier: string;
228
+ } | undefined;
229
+ }, {
230
+ sessionId: string;
231
+ scopes: string[];
232
+ timestamp: number;
233
+ eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
234
+ agentDid: string;
235
+ targetTools: string[];
236
+ projectId: string;
237
+ userDid?: string | undefined;
238
+ delegationId?: string | undefined;
239
+ termsAccepted?: boolean | undefined;
240
+ credentialStatus?: "present" | "required" | "obtained" | undefined;
241
+ oauthIdentity?: {
242
+ provider: string;
243
+ identifier: string;
244
+ } | undefined;
245
+ }>, "many">>;
191
246
  mcpServerUrl: z.ZodOptional<z.ZodString>;
192
247
  }, "strip", z.ZodTypeAny, {
193
248
  toolCalls?: {
@@ -197,6 +252,23 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
197
252
  result?: unknown;
198
253
  userIdentifier?: string | undefined;
199
254
  }[] | undefined;
255
+ consentEvents?: {
256
+ sessionId: string;
257
+ scopes: string[];
258
+ timestamp: number;
259
+ eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
260
+ agentDid: string;
261
+ targetTools: string[];
262
+ projectId: string;
263
+ userDid?: string | undefined;
264
+ delegationId?: string | undefined;
265
+ termsAccepted?: boolean | undefined;
266
+ credentialStatus?: "present" | "required" | "obtained" | undefined;
267
+ oauthIdentity?: {
268
+ provider: string;
269
+ identifier: string;
270
+ } | undefined;
271
+ }[] | undefined;
200
272
  mcpServerUrl?: string | undefined;
201
273
  }, {
202
274
  toolCalls?: {
@@ -206,6 +278,23 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
206
278
  result?: unknown;
207
279
  userIdentifier?: string | undefined;
208
280
  }[] | undefined;
281
+ consentEvents?: {
282
+ sessionId: string;
283
+ scopes: string[];
284
+ timestamp: number;
285
+ eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
286
+ agentDid: string;
287
+ targetTools: string[];
288
+ projectId: string;
289
+ userDid?: string | undefined;
290
+ delegationId?: string | undefined;
291
+ termsAccepted?: boolean | undefined;
292
+ credentialStatus?: "present" | "required" | "obtained" | undefined;
293
+ oauthIdentity?: {
294
+ provider: string;
295
+ identifier: string;
296
+ } | undefined;
297
+ }[] | undefined;
209
298
  mcpServerUrl?: string | undefined;
210
299
  }>>;
211
300
  }, "strip", z.ZodTypeAny, {
@@ -215,15 +304,15 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
215
304
  meta: {
216
305
  did: string;
217
306
  kid: string;
307
+ ts: number;
218
308
  nonce: string;
219
309
  audience: string;
220
310
  sessionId: string;
221
- ts: number;
222
311
  requestHash: string;
223
312
  responseHash: string;
224
- clientDid?: string | undefined;
225
313
  scopeId?: string | undefined;
226
314
  delegationRef?: string | undefined;
315
+ clientDid?: string | undefined;
227
316
  };
228
317
  }[];
229
318
  delegation_id?: string | null | undefined;
@@ -235,6 +324,23 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
235
324
  result?: unknown;
236
325
  userIdentifier?: string | undefined;
237
326
  }[] | undefined;
327
+ consentEvents?: {
328
+ sessionId: string;
329
+ scopes: string[];
330
+ timestamp: number;
331
+ eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
332
+ agentDid: string;
333
+ targetTools: string[];
334
+ projectId: string;
335
+ userDid?: string | undefined;
336
+ delegationId?: string | undefined;
337
+ termsAccepted?: boolean | undefined;
338
+ credentialStatus?: "present" | "required" | "obtained" | undefined;
339
+ oauthIdentity?: {
340
+ provider: string;
341
+ identifier: string;
342
+ } | undefined;
343
+ }[] | undefined;
238
344
  mcpServerUrl?: string | undefined;
239
345
  } | undefined;
240
346
  }, {
@@ -244,15 +350,15 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
244
350
  meta: {
245
351
  did: string;
246
352
  kid: string;
353
+ ts: number;
247
354
  nonce: string;
248
355
  audience: string;
249
356
  sessionId: string;
250
- ts: number;
251
357
  requestHash: string;
252
358
  responseHash: string;
253
- clientDid?: string | undefined;
254
359
  scopeId?: string | undefined;
255
360
  delegationRef?: string | undefined;
361
+ clientDid?: string | undefined;
256
362
  };
257
363
  }[];
258
364
  delegation_id?: string | null | undefined;
@@ -264,6 +370,23 @@ export declare const proofSubmissionRequestSchema: z.ZodObject<{
264
370
  result?: unknown;
265
371
  userIdentifier?: string | undefined;
266
372
  }[] | undefined;
373
+ consentEvents?: {
374
+ sessionId: string;
375
+ scopes: string[];
376
+ timestamp: number;
377
+ eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
378
+ agentDid: string;
379
+ targetTools: string[];
380
+ projectId: string;
381
+ userDid?: string | undefined;
382
+ delegationId?: string | undefined;
383
+ termsAccepted?: boolean | undefined;
384
+ credentialStatus?: "present" | "required" | "obtained" | undefined;
385
+ oauthIdentity?: {
386
+ provider: string;
387
+ identifier: string;
388
+ } | undefined;
389
+ }[] | undefined;
267
390
  mcpServerUrl?: string | undefined;
268
391
  } | undefined;
269
392
  }>;
@@ -364,8 +487,8 @@ export declare const delegationCredentialSchema: z.ZodObject<{
364
487
  * Delegation verification request schema
365
488
  */
366
489
  export declare const verifyDelegationRequestSchema: z.ZodObject<{
367
- timestamp: z.ZodOptional<z.ZodNumber>;
368
490
  scopes: z.ZodOptional<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
491
+ timestamp: z.ZodOptional<z.ZodNumber>;
369
492
  agent_did: z.ZodString;
370
493
  credential_jwt: z.ZodOptional<z.ZodString>;
371
494
  delegation_token: z.ZodOptional<z.ZodString>;
@@ -384,8 +507,8 @@ export declare const verifyDelegationRequestSchema: z.ZodObject<{
384
507
  }>>;
385
508
  }, "strip", z.ZodTypeAny, {
386
509
  agent_did: string;
387
- timestamp?: number | undefined;
388
510
  scopes?: string[] | undefined;
511
+ timestamp?: number | undefined;
389
512
  credential_jwt?: string | undefined;
390
513
  delegation_token?: string | undefined;
391
514
  client_info?: {
@@ -395,8 +518,8 @@ export declare const verifyDelegationRequestSchema: z.ZodObject<{
395
518
  } | undefined;
396
519
  }, {
397
520
  agent_did: string;
398
- timestamp?: number | undefined;
399
521
  scopes?: string[] | undefined;
522
+ timestamp?: number | undefined;
400
523
  credential_jwt?: string | undefined;
401
524
  delegation_token?: string | undefined;
402
525
  client_info?: {
@@ -1689,7 +1812,6 @@ export declare const verifyDelegationResponseSchema: z.ZodObject<{
1689
1812
  details?: Record<string, unknown> | undefined;
1690
1813
  } | undefined;
1691
1814
  delegation_id?: string | undefined;
1692
- reason?: string | undefined;
1693
1815
  delegation?: z.objectOutputType<{
1694
1816
  id: z.ZodString;
1695
1817
  issuerDid: z.ZodString;
@@ -2110,6 +2232,7 @@ export declare const verifyDelegationResponseSchema: z.ZodObject<{
2110
2232
  user_id?: string | undefined;
2111
2233
  user_identifier?: string | undefined;
2112
2234
  } | undefined;
2235
+ reason?: string | undefined;
2113
2236
  }, {
2114
2237
  valid: boolean;
2115
2238
  error?: {
@@ -2118,7 +2241,6 @@ export declare const verifyDelegationResponseSchema: z.ZodObject<{
2118
2241
  details?: Record<string, unknown> | undefined;
2119
2242
  } | undefined;
2120
2243
  delegation_id?: string | undefined;
2121
- reason?: string | undefined;
2122
2244
  delegation?: z.objectInputType<{
2123
2245
  id: z.ZodString;
2124
2246
  issuerDid: z.ZodString;
@@ -2539,6 +2661,7 @@ export declare const verifyDelegationResponseSchema: z.ZodObject<{
2539
2661
  user_id?: string | undefined;
2540
2662
  user_identifier?: string | undefined;
2541
2663
  } | undefined;
2664
+ reason?: string | undefined;
2542
2665
  }>;
2543
2666
  /**
2544
2667
  * Wrapped verification response schema
@@ -3826,7 +3949,6 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
3826
3949
  details?: Record<string, unknown> | undefined;
3827
3950
  } | undefined;
3828
3951
  delegation_id?: string | undefined;
3829
- reason?: string | undefined;
3830
3952
  delegation?: z.objectOutputType<{
3831
3953
  id: z.ZodString;
3832
3954
  issuerDid: z.ZodString;
@@ -4247,6 +4369,7 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
4247
4369
  user_id?: string | undefined;
4248
4370
  user_identifier?: string | undefined;
4249
4371
  } | undefined;
4372
+ reason?: string | undefined;
4250
4373
  }, {
4251
4374
  valid: boolean;
4252
4375
  error?: {
@@ -4255,7 +4378,6 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
4255
4378
  details?: Record<string, unknown> | undefined;
4256
4379
  } | undefined;
4257
4380
  delegation_id?: string | undefined;
4258
- reason?: string | undefined;
4259
4381
  delegation?: z.objectInputType<{
4260
4382
  id: z.ZodString;
4261
4383
  issuerDid: z.ZodString;
@@ -4676,16 +4798,17 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
4676
4798
  user_id?: string | undefined;
4677
4799
  user_identifier?: string | undefined;
4678
4800
  } | undefined;
4801
+ reason?: string | undefined;
4679
4802
  }>;
4680
4803
  metadata: z.ZodOptional<z.ZodObject<{
4681
4804
  requestId: z.ZodString;
4682
4805
  timestamp: z.ZodString;
4683
4806
  }, "strip", z.ZodTypeAny, {
4684
- timestamp: string;
4685
4807
  requestId: string;
4686
- }, {
4687
4808
  timestamp: string;
4809
+ }, {
4688
4810
  requestId: string;
4811
+ timestamp: string;
4689
4812
  }>>;
4690
4813
  }, "strip", z.ZodTypeAny, {
4691
4814
  success: boolean;
@@ -4697,7 +4820,6 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
4697
4820
  details?: Record<string, unknown> | undefined;
4698
4821
  } | undefined;
4699
4822
  delegation_id?: string | undefined;
4700
- reason?: string | undefined;
4701
4823
  delegation?: z.objectOutputType<{
4702
4824
  id: z.ZodString;
4703
4825
  issuerDid: z.ZodString;
@@ -5118,10 +5240,11 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
5118
5240
  user_id?: string | undefined;
5119
5241
  user_identifier?: string | undefined;
5120
5242
  } | undefined;
5243
+ reason?: string | undefined;
5121
5244
  };
5122
5245
  metadata?: {
5123
- timestamp: string;
5124
5246
  requestId: string;
5247
+ timestamp: string;
5125
5248
  } | undefined;
5126
5249
  }, {
5127
5250
  success: boolean;
@@ -5133,7 +5256,6 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
5133
5256
  details?: Record<string, unknown> | undefined;
5134
5257
  } | undefined;
5135
5258
  delegation_id?: string | undefined;
5136
- reason?: string | undefined;
5137
5259
  delegation?: z.objectInputType<{
5138
5260
  id: z.ZodString;
5139
5261
  issuerDid: z.ZodString;
@@ -5554,10 +5676,11 @@ export declare const verifyDelegationAPIResponseSchema: z.ZodObject<{
5554
5676
  user_id?: string | undefined;
5555
5677
  user_identifier?: string | undefined;
5556
5678
  } | undefined;
5679
+ reason?: string | undefined;
5557
5680
  };
5558
5681
  metadata?: {
5559
- timestamp: string;
5560
5682
  requestId: string;
5683
+ timestamp: string;
5561
5684
  } | undefined;
5562
5685
  }>;
5563
5686
  /**
@@ -5730,11 +5853,11 @@ export declare const toolProtectionConfigAPIResponseSchema: z.ZodObject<{
5730
5853
  requestId: z.ZodString;
5731
5854
  timestamp: z.ZodString;
5732
5855
  }, "strip", z.ZodTypeAny, {
5733
- timestamp: string;
5734
5856
  requestId: string;
5735
- }, {
5736
5857
  timestamp: string;
5858
+ }, {
5737
5859
  requestId: string;
5860
+ timestamp: string;
5738
5861
  }>>;
5739
5862
  }, "strip", z.ZodTypeAny, {
5740
5863
  success: boolean;
@@ -5756,8 +5879,8 @@ export declare const toolProtectionConfigAPIResponseSchema: z.ZodObject<{
5756
5879
  } | undefined;
5757
5880
  };
5758
5881
  metadata?: {
5759
- timestamp: string;
5760
5882
  requestId: string;
5883
+ timestamp: string;
5761
5884
  } | undefined;
5762
5885
  }, {
5763
5886
  success: boolean;
@@ -5779,8 +5902,8 @@ export declare const toolProtectionConfigAPIResponseSchema: z.ZodObject<{
5779
5902
  } | undefined;
5780
5903
  };
5781
5904
  metadata?: {
5782
- timestamp: string;
5783
5905
  requestId: string;
5906
+ timestamp: string;
5784
5907
  } | undefined;
5785
5908
  }>;
5786
5909
  /**
@@ -5853,8 +5976,8 @@ export declare const createDelegationResponseSchema: z.ZodObject<{
5853
5976
  created_at: z.ZodString;
5854
5977
  }, "strip", z.ZodTypeAny, {
5855
5978
  status: "active";
5856
- delegation_id: string;
5857
5979
  scopes: string[];
5980
+ delegation_id: string;
5858
5981
  agent_did: string;
5859
5982
  issued_at: string;
5860
5983
  created_at: string;
@@ -5863,8 +5986,8 @@ export declare const createDelegationResponseSchema: z.ZodObject<{
5863
5986
  expires_at?: string | undefined;
5864
5987
  }, {
5865
5988
  status: "active";
5866
- delegation_id: string;
5867
5989
  scopes: string[];
5990
+ delegation_id: string;
5868
5991
  agent_did: string;
5869
5992
  issued_at: string;
5870
5993
  created_at: string;
@@ -5889,8 +6012,8 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
5889
6012
  created_at: z.ZodString;
5890
6013
  }, "strip", z.ZodTypeAny, {
5891
6014
  status: "active";
5892
- delegation_id: string;
5893
6015
  scopes: string[];
6016
+ delegation_id: string;
5894
6017
  agent_did: string;
5895
6018
  issued_at: string;
5896
6019
  created_at: string;
@@ -5899,8 +6022,8 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
5899
6022
  expires_at?: string | undefined;
5900
6023
  }, {
5901
6024
  status: "active";
5902
- delegation_id: string;
5903
6025
  scopes: string[];
6026
+ delegation_id: string;
5904
6027
  agent_did: string;
5905
6028
  issued_at: string;
5906
6029
  created_at: string;
@@ -5912,18 +6035,18 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
5912
6035
  requestId: z.ZodString;
5913
6036
  timestamp: z.ZodString;
5914
6037
  }, "strip", z.ZodTypeAny, {
5915
- timestamp: string;
5916
6038
  requestId: string;
5917
- }, {
5918
6039
  timestamp: string;
6040
+ }, {
5919
6041
  requestId: string;
6042
+ timestamp: string;
5920
6043
  }>>;
5921
6044
  }, "strip", z.ZodTypeAny, {
5922
6045
  success: boolean;
5923
6046
  data: {
5924
6047
  status: "active";
5925
- delegation_id: string;
5926
6048
  scopes: string[];
6049
+ delegation_id: string;
5927
6050
  agent_did: string;
5928
6051
  issued_at: string;
5929
6052
  created_at: string;
@@ -5932,15 +6055,15 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
5932
6055
  expires_at?: string | undefined;
5933
6056
  };
5934
6057
  metadata?: {
5935
- timestamp: string;
5936
6058
  requestId: string;
6059
+ timestamp: string;
5937
6060
  } | undefined;
5938
6061
  }, {
5939
6062
  success: boolean;
5940
6063
  data: {
5941
6064
  status: "active";
5942
- delegation_id: string;
5943
6065
  scopes: string[];
6066
+ delegation_id: string;
5944
6067
  agent_did: string;
5945
6068
  issued_at: string;
5946
6069
  created_at: string;
@@ -5949,8 +6072,8 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
5949
6072
  expires_at?: string | undefined;
5950
6073
  };
5951
6074
  metadata?: {
5952
- timestamp: string;
5953
6075
  requestId: string;
6076
+ timestamp: string;
5954
6077
  } | undefined;
5955
6078
  }>;
5956
6079
  /**
@@ -5971,12 +6094,12 @@ export declare const revokeDelegationResponseSchema: z.ZodObject<{
5971
6094
  revoked: z.ZodBoolean;
5972
6095
  revoked_at: z.ZodNumber;
5973
6096
  }, "strip", z.ZodTypeAny, {
5974
- delegation_id: string;
5975
6097
  revoked: boolean;
6098
+ delegation_id: string;
5976
6099
  revoked_at: number;
5977
6100
  }, {
5978
- delegation_id: string;
5979
6101
  revoked: boolean;
6102
+ delegation_id: string;
5980
6103
  revoked_at: number;
5981
6104
  }>;
5982
6105
  /**
@@ -5989,44 +6112,44 @@ export declare const revokeDelegationAPIResponseSchema: z.ZodObject<{
5989
6112
  revoked: z.ZodBoolean;
5990
6113
  revoked_at: z.ZodNumber;
5991
6114
  }, "strip", z.ZodTypeAny, {
5992
- delegation_id: string;
5993
6115
  revoked: boolean;
6116
+ delegation_id: string;
5994
6117
  revoked_at: number;
5995
6118
  }, {
5996
- delegation_id: string;
5997
6119
  revoked: boolean;
6120
+ delegation_id: string;
5998
6121
  revoked_at: number;
5999
6122
  }>;
6000
6123
  metadata: z.ZodOptional<z.ZodObject<{
6001
6124
  requestId: z.ZodString;
6002
6125
  timestamp: z.ZodString;
6003
6126
  }, "strip", z.ZodTypeAny, {
6004
- timestamp: string;
6005
6127
  requestId: string;
6006
- }, {
6007
6128
  timestamp: string;
6129
+ }, {
6008
6130
  requestId: string;
6131
+ timestamp: string;
6009
6132
  }>>;
6010
6133
  }, "strip", z.ZodTypeAny, {
6011
6134
  success: boolean;
6012
6135
  data: {
6013
- delegation_id: string;
6014
6136
  revoked: boolean;
6137
+ delegation_id: string;
6015
6138
  revoked_at: number;
6016
6139
  };
6017
6140
  metadata?: {
6018
- timestamp: string;
6019
6141
  requestId: string;
6142
+ timestamp: string;
6020
6143
  } | undefined;
6021
6144
  }, {
6022
6145
  success: boolean;
6023
6146
  data: {
6024
- delegation_id: string;
6025
6147
  revoked: boolean;
6148
+ delegation_id: string;
6026
6149
  revoked_at: number;
6027
6150
  };
6028
6151
  metadata?: {
6029
- timestamp: string;
6030
6152
  requestId: string;
6153
+ timestamp: string;
6031
6154
  } | undefined;
6032
6155
  }>;
package/dist/agentshield-api/schemas.js CHANGED
@@ -48,6 +48,32 @@ const toolCallContextSchema = zod_1.z.object({
48
48
  scopeId: zod_1.z.string().min(1, "scopeId is required to link context to proof"),
49
49
  userIdentifier: zod_1.z.string().optional(),
50
50
  });
51
+ /**
52
+ * Consent Event Context Schema
53
+ * Represents consent-related events for audit tracking
54
+ */
55
+ const consentEventContextSchema = zod_1.z.object({
56
+ eventType: zod_1.z.enum([
57
+ "consent:page_viewed",
58
+ "consent:approved",
59
+ "consent:delegation_created",
60
+ "consent:credential_required"
61
+ ]),
62
+ timestamp: zod_1.z.number().int().positive(),
63
+ sessionId: zod_1.z.string().min(1),
64
+ userDid: zod_1.z.string().optional(),
65
+ agentDid: zod_1.z.string().min(1),
66
+ targetTools: zod_1.z.array(zod_1.z.string()).min(1), // ALWAYS array
67
+ scopes: zod_1.z.array(zod_1.z.string()).min(0),
68
+ delegationId: zod_1.z.string().uuid().optional(),
69
+ projectId: zod_1.z.string().uuid(),
70
+ termsAccepted: zod_1.z.boolean().optional(),
71
+ credentialStatus: zod_1.z.enum(["present", "required", "obtained"]).optional(),
72
+ oauthIdentity: zod_1.z.object({
73
+ provider: zod_1.z.string(),
74
+ identifier: zod_1.z.string(),
75
+ }).optional(),
76
+ });
51
77
  /**
52
78
  * Proof submission request schema
53
79
  */
@@ -59,6 +85,7 @@ exports.proofSubmissionRequestSchema = zod_1.z.object({
59
85
  context: zod_1.z
60
86
  .object({
61
87
  toolCalls: zod_1.z.array(toolCallContextSchema).optional(),
88
+ consentEvents: zod_1.z.array(consentEventContextSchema).optional(), // NEW: Consent events for audit tracking
62
89
  mcpServerUrl: zod_1.z.string().url().optional(), // MCP server URL for tool discovery
63
90
  })
64
91
  .optional(),
package/dist/agentshield-api/types.d.ts CHANGED
@@ -41,6 +41,30 @@ export interface ToolCallContext {
41
41
  scopeId: string;
42
42
  userIdentifier?: string;
43
43
  }
44
+ /**
45
+ * Consent Event Context
46
+ *
47
+ * Represents consent-related events that occur during the consent flow.
48
+ * These events are logged separately from tool executions and allow
49
+ * multiple events per session (unlike regular audit logs).
50
+ */
51
+ export interface ConsentEventContext {
52
+ eventType: "consent:page_viewed" | "consent:approved" | "consent:delegation_created" | "consent:credential_required";
53
+ timestamp: number;
54
+ sessionId: string;
55
+ userDid?: string;
56
+ agentDid: string;
57
+ targetTools: string[];
58
+ scopes: string[];
59
+ delegationId?: string;
60
+ projectId: string;
61
+ termsAccepted?: boolean;
62
+ credentialStatus?: "present" | "required" | "obtained";
63
+ oauthIdentity?: {
64
+ provider: string;
65
+ identifier: string;
66
+ };
67
+ }
44
68
  /**
45
69
  * Request body for proof submission endpoint
46
70
  * POST /api/v1/bouncer/proofs
@@ -55,6 +79,7 @@ export interface ProofSubmissionRequest {
55
79
  /** AgentShield extension: Optional context for dashboard enrichment */
56
80
  context?: {
57
81
  toolCalls?: ToolCallContext[];
82
+ consentEvents?: ConsentEventContext[];
58
83
  mcpServerUrl?: string;
59
84
  };
60
85
  }
package/dist/consent/schemas.d.ts CHANGED
@@ -6,7 +6,7 @@
6
6
  *
7
7
  * Related Spec: MCP-I Phase 0 Implementation Plan
8
8
  */
9
- import { z } from 'zod';
9
+ import { z } from "zod";
10
10
  /**
11
11
  * Consent Branding Schema
12
12
  */
package/dist/consent/schemas.js CHANGED
@@ -20,58 +20,79 @@ const zod_1 = require("zod");
20
20
  exports.consentBrandingSchema = zod_1.z.object({
21
21
  primaryColor: zod_1.z
22
22
  .string()
23
- .regex(/^#[0-9A-Fa-f]{6}$/, 'Must be a valid hex color (e.g., #0066CC)')
23
+ .regex(/^#[0-9A-Fa-f]{6}$/, "Must be a valid hex color (e.g., #0066CC)")
24
24
  .optional(),
25
- logoUrl: zod_1.z.string().url('Must be a valid URL').optional(),
26
- companyName: zod_1.z.string().max(100, 'Company name must be 100 characters or less').optional(),
27
- theme: zod_1.z.enum(['light', 'dark', 'auto']).optional(),
25
+ logoUrl: zod_1.z.string().url("Must be a valid URL").optional(),
26
+ companyName: zod_1.z
27
+ .string()
28
+ .max(100, "Company name must be 100 characters or less")
29
+ .optional(),
30
+ theme: zod_1.z.enum(["light", "dark", "auto"]).optional(),
28
31
  });
29
32
  /**
30
33
  * Consent Terms Schema
31
34
  */
32
35
  exports.consentTermsSchema = zod_1.z.object({
33
- text: zod_1.z.string().max(10000, 'Terms text must be 10000 characters or less').optional(),
34
- url: zod_1.z.string().url('Must be a valid URL').optional(),
35
- version: zod_1.z.string().max(50, 'Version must be 50 characters or less').optional(),
36
+ text: zod_1.z
37
+ .string()
38
+ .max(10000, "Terms text must be 10000 characters or less")
39
+ .optional(),
40
+ url: zod_1.z.string().url("Must be a valid URL").optional(),
41
+ version: zod_1.z
42
+ .string()
43
+ .max(50, "Version must be 50 characters or less")
44
+ .optional(),
36
45
  required: zod_1.z.boolean().default(true),
37
46
  });
38
47
  /**
39
48
  * Consent Custom Field Option Schema
40
49
  */
41
50
  exports.consentCustomFieldOptionSchema = zod_1.z.object({
42
- value: zod_1.z.string().max(100, 'Option value must be 100 characters or less'),
43
- label: zod_1.z.string().max(100, 'Option label must be 100 characters or less'),
51
+ value: zod_1.z.string().max(100, "Option value must be 100 characters or less"),
52
+ label: zod_1.z.string().max(100, "Option label must be 100 characters or less"),
44
53
  });
45
54
  /**
46
55
  * Consent Custom Field Schema
47
56
  */
48
- exports.consentCustomFieldSchema = zod_1.z.object({
57
+ exports.consentCustomFieldSchema = zod_1.z
58
+ .object({
49
59
  name: zod_1.z
50
60
  .string()
51
- .min(1, 'Field name is required')
52
- .max(50, 'Field name must be 50 characters or less')
53
- .regex(/^[a-zA-Z0-9_]+$/, 'Field name must contain only letters, numbers, and underscores'),
54
- label: zod_1.z.string().min(1, 'Field label is required').max(100, 'Field label must be 100 characters or less'),
55
- type: zod_1.z.enum(['text', 'textarea', 'checkbox', 'select']),
61
+ .min(1, "Field name is required")
62
+ .max(50, "Field name must be 50 characters or less")
63
+ .regex(/^[a-zA-Z0-9_]+$/, "Field name must contain only letters, numbers, and underscores"),
64
+ label: zod_1.z
65
+ .string()
66
+ .min(1, "Field label is required")
67
+ .max(100, "Field label must be 100 characters or less"),
68
+ type: zod_1.z.enum(["text", "textarea", "checkbox", "select"]),
56
69
  required: zod_1.z.boolean(),
57
- placeholder: zod_1.z.string().max(200, 'Placeholder must be 200 characters or less').optional(),
70
+ placeholder: zod_1.z
71
+ .string()
72
+ .max(200, "Placeholder must be 200 characters or less")
73
+ .optional(),
58
74
  options: zod_1.z
59
75
  .array(exports.consentCustomFieldOptionSchema)
60
- .min(1, 'Select fields must have at least one option')
76
+ .min(1, "Select fields must have at least one option")
77
+ .optional(),
78
+ pattern: zod_1.z
79
+ .string()
80
+ .max(500, "Pattern must be 500 characters or less")
61
81
  .optional(),
62
- pattern: zod_1.z.string().max(500, 'Pattern must be 500 characters or less').optional(),
63
- }).refine((data) => {
82
+ })
83
+ .refine((data) => {
64
84
  // Select fields must have options
65
- if (data.type === 'select' && (!data.options || data.options.length === 0)) {
85
+ if (data.type === "select" &&
86
+ (!data.options || data.options.length === 0)) {
66
87
  return false;
67
88
  }
68
89
  // Non-select fields should not have options
69
- if (data.type !== 'select' && data.options) {
90
+ if (data.type !== "select" && data.options) {
70
91
  return false;
71
92
  }
72
93
  return true;
73
94
  }, {
74
- message: 'Select fields must have options, and non-select fields must not have options',
95
+ message: "Select fields must have options, and non-select fields must not have options",
75
96
  });
76
97
  /**
77
98
  * OAuth Identity Schema
@@ -83,47 +104,50 @@ exports.oauthIdentitySchema = zod_1.z.object({
83
104
  /**
84
105
  * OAuth provider name (e.g., "google", "github", "microsoft")
85
106
  */
86
- provider: zod_1.z.string()
87
- .min(1, 'Provider is required')
88
- .max(50, 'Provider name must be 50 characters or less'),
107
+ provider: zod_1.z
108
+ .string()
109
+ .min(1, "Provider is required")
110
+ .max(50, "Provider name must be 50 characters or less"),
89
111
  /**
90
112
  * OAuth subject identifier (unique user ID from provider)
91
113
  * @example "123456789" (Google), "github-user-id" (GitHub)
92
114
  */
93
- subject: zod_1.z.string()
94
- .min(1, 'Subject is required')
95
- .max(255, 'Subject must be 255 characters or less'),
115
+ subject: zod_1.z
116
+ .string()
117
+ .min(1, "Subject is required")
118
+ .max(255, "Subject must be 255 characters or less"),
96
119
  /**
97
120
  * User's email address from OAuth provider (optional)
98
121
  */
99
- email: zod_1.z.string()
100
- .email('Must be a valid email address')
101
- .max(255, 'Email must be 255 characters or less')
122
+ email: zod_1.z
123
+ .string()
124
+ .email("Must be a valid email address")
125
+ .max(255, "Email must be 255 characters or less")
102
126
  .optional(),
103
127
  /**
104
128
  * User's display name from OAuth provider (optional)
105
129
  */
106
- name: zod_1.z.string()
107
- .max(255, 'Name must be 255 characters or less')
108
- .optional(),
130
+ name: zod_1.z.string().max(255, "Name must be 255 characters or less").optional(),
109
131
  });
110
132
  /**
111
133
  * Consent Page Config Schema
112
134
  */
113
135
  exports.consentPageConfigSchema = zod_1.z.object({
114
- tool: zod_1.z.string().min(1, 'Tool name is required'),
115
- toolDescription: zod_1.z.string().max(500, 'Tool description must be 500 characters or less'),
116
- scopes: zod_1.z.array(zod_1.z.string()).min(0, 'Scopes array cannot be negative'),
117
- agentDid: zod_1.z.string().min(1, 'Agent DID is required'),
118
- sessionId: zod_1.z.string().min(1, 'Session ID is required'),
119
- projectId: zod_1.z.string().min(1, 'Project ID is required'),
136
+ tool: zod_1.z.string().min(1, "Tool name is required"),
137
+ toolDescription: zod_1.z
138
+ .string()
139
+ .max(500, "Tool description must be 500 characters or less"),
140
+ scopes: zod_1.z.array(zod_1.z.string()).min(0, "Scopes array cannot be negative"),
141
+ agentDid: zod_1.z.string().min(1, "Agent DID is required"),
142
+ sessionId: zod_1.z.string().min(1, "Session ID is required"),
143
+ projectId: zod_1.z.string().min(1, "Project ID is required"),
120
144
  branding: exports.consentBrandingSchema.optional(),
121
145
  terms: exports.consentTermsSchema.optional(),
122
146
  customFields: zod_1.z
123
147
  .array(exports.consentCustomFieldSchema)
124
- .max(10, 'Maximum 10 custom fields allowed')
148
+ .max(10, "Maximum 10 custom fields allowed")
125
149
  .optional(),
126
- serverUrl: zod_1.z.string().url('Server URL must be a valid URL'),
150
+ serverUrl: zod_1.z.string().url("Server URL must be a valid URL"),
127
151
  autoClose: zod_1.z.boolean().optional(),
128
152
  });
129
153
  /**
@@ -136,18 +160,17 @@ exports.consentPageConfigSchema = zod_1.z.object({
136
160
  * - user_did: Optional User DID for persistent identity (if already known)
137
161
  */
138
162
  exports.consentApprovalRequestSchema = zod_1.z.object({
139
- tool: zod_1.z.string().min(1, 'Tool name is required'),
140
- scopes: zod_1.z.array(zod_1.z.string()).min(0, 'Scopes array cannot be negative'),
141
- agent_did: zod_1.z.string().min(1, 'Agent DID is required'),
142
- session_id: zod_1.z.string().min(1, 'Session ID is required'),
143
- project_id: zod_1.z.string().min(1, 'Project ID is required'),
163
+ tool: zod_1.z.string().min(1, "Tool name is required"),
164
+ scopes: zod_1.z.array(zod_1.z.string()).min(0, "Scopes array cannot be negative"),
165
+ agent_did: zod_1.z.string().min(1, "Agent DID is required"),
166
+ session_id: zod_1.z.string().min(1, "Session ID is required"),
167
+ project_id: zod_1.z.string().min(1, "Project ID is required"),
144
168
  termsAccepted: zod_1.z.boolean(),
145
- termsVersion: zod_1.z.string()
146
- .max(50, 'Terms version must be 50 characters or less')
147
- .optional(),
148
- customFields: zod_1.z
149
- .record(zod_1.z.union([zod_1.z.string(), zod_1.z.boolean()]))
169
+ termsVersion: zod_1.z
170
+ .string()
171
+ .max(50, "Terms version must be 50 characters or less")
150
172
  .optional(),
173
+ customFields: zod_1.z.record(zod_1.z.union([zod_1.z.string(), zod_1.z.boolean()])).optional(),
151
174
  // Phase 4: OAuth identity linking
152
175
  /**
153
176
  * OAuth provider identity information (optional)
@@ -162,21 +185,24 @@ exports.consentApprovalRequestSchema = zod_1.z.object({
162
185
  * If provided, represents the persistent User DID for this user
163
186
  * Format: did:key:... or did:web:...
164
187
  */
165
- user_did: zod_1.z.string()
166
- .regex(/^did:/, 'Must be a valid DID format (starting with did:)')
167
- .max(500, 'DID must be 500 characters or less')
188
+ user_did: zod_1.z
189
+ .string()
190
+ .regex(/^did:/, "Must be a valid DID format (starting with did:)")
191
+ .max(500, "DID must be 500 characters or less")
168
192
  .optional(),
169
193
  });
170
194
  /**
171
195
  * Consent Approval Response Schema
172
196
  */
173
- exports.consentApprovalResponseSchema = zod_1.z.object({
197
+ exports.consentApprovalResponseSchema = zod_1.z
198
+ .object({
174
199
  success: zod_1.z.boolean(),
175
200
  delegation_id: zod_1.z.string().min(1).optional(),
176
201
  delegation_token: zod_1.z.string().min(1).optional(),
177
202
  error: zod_1.z.string().optional(),
178
203
  error_code: zod_1.z.string().optional(),
179
- }).refine((data) => {
204
+ })
205
+ .refine((data) => {
180
206
  // If success is true, must have delegation_id and delegation_token
181
207
  if (data.success) {
182
208
  return !!data.delegation_id && !!data.delegation_token;
@@ -184,7 +210,7 @@ exports.consentApprovalResponseSchema = zod_1.z.object({
184
210
  // If success is false, must have error or error_code
185
211
  return !!data.error || !!data.error_code;
186
212
  }, {
187
- message: 'Successful responses must include delegation_id and delegation_token. Failed responses must include error or error_code',
213
+ message: "Successful responses must include delegation_id and delegation_token. Failed responses must include error or error_code",
188
214
  });
189
215
  /**
190
216
  * Consent Config Schema
@@ -194,14 +220,21 @@ exports.consentConfigSchema = zod_1.z.object({
194
220
  terms: exports.consentTermsSchema.optional(),
195
221
  customFields: zod_1.z
196
222
  .array(exports.consentCustomFieldSchema)
197
- .max(10, 'Maximum 10 custom fields allowed')
223
+ .max(10, "Maximum 10 custom fields allowed")
198
224
  .optional(),
199
- ui: zod_1.z.object({
200
- theme: zod_1.z.enum(['light', 'dark', 'auto']).optional(),
225
+ ui: zod_1.z
226
+ .object({
227
+ theme: zod_1.z.enum(["light", "dark", "auto"]).optional(),
201
228
  popupEnabled: zod_1.z.boolean().optional(),
202
229
  autoClose: zod_1.z.boolean().optional(),
203
- autoCloseDelay: zod_1.z.number().int().positive().max(60000, 'Auto-close delay must be 60000ms or less').optional(),
204
- }).optional(),
230
+ autoCloseDelay: zod_1.z
231
+ .number()
232
+ .int()
233
+ .positive()
234
+ .max(60000, "Auto-close delay must be 60000ms or less")
235
+ .optional(),
236
+ })
237
+ .optional(),
205
238
  });
206
239
  /**
207
240
  * Validation Helpers
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@kya-os/contracts",
3
- "version": "1.5.3-canary.4",
3
+ "version": "1.5.3-canary.6",
4
4
  "description": "Shared types and schemas for XMCP-I ecosystem",
5
5
  "type": "commonjs",
6
6
  "sideEffects": false,