@kya-os/contracts 1.6.0 → 1.6.2-canary.0

package/dist/agentshield-api/schemas.d.ts

@@ -52,7 +52,7 @@ export declare const agentShieldAPIResponseSchema: <T extends z.ZodTypeAny>(data
         timestamp: string;
         requestId: string;
     }>>;
-}>, any> extends infer T_1 ? { [k in keyof T_1]: T_1[k]; } : never, z.baseObjectInputType<{
+}>, any> extends infer T_1 ? { [k in keyof T_1]: z.objectUtil.addQuestionMarks<z.baseObjectOutputType<{
     success: z.ZodBoolean;
     data: T;
     metadata: z.ZodOptional<z.ZodObject<{
@@ -65,7 +65,33 @@ export declare const agentShieldAPIResponseSchema: <T extends z.ZodTypeAny>(data
         timestamp: string;
         requestId: string;
     }>>;
-}> extends infer T_2 ? { [k_1 in keyof T_2]: T_2[k_1]; } : never>;
+}>, any>[k]; } : never, z.baseObjectInputType<{
+    success: z.ZodBoolean;
+    data: T;
+    metadata: z.ZodOptional<z.ZodObject<{
+        requestId: z.ZodString;
+        timestamp: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        timestamp: string;
+        requestId: string;
+    }, {
+        timestamp: string;
+        requestId: string;
+    }>>;
+}> extends infer T_2 ? { [k_1 in keyof T_2]: z.baseObjectInputType<{
+    success: z.ZodBoolean;
+    data: T;
+    metadata: z.ZodOptional<z.ZodObject<{
+        requestId: z.ZodString;
+        timestamp: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        timestamp: string;
+        requestId: string;
+    }, {
+        timestamp: string;
+        requestId: string;
+    }>>;
+}>[k_1]; } : never>;
 /**
  * Proof submission request schema
  */
@@ -371,7 +397,7 @@ export declare const proofSubmissionResponseSchema: z.ZodObject<{
     success: z.ZodBoolean;
     accepted: z.ZodNumber;
     rejected: z.ZodNumber;
-    outcomes: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodNumber>>;
+    outcomes: z.ZodRecord<z.ZodString, z.ZodNumber>;
     errors: z.ZodOptional<z.ZodArray<z.ZodObject<{
         proof_index: z.ZodNumber;
         error: z.ZodObject<{
@@ -406,6 +432,7 @@ export declare const proofSubmissionResponseSchema: z.ZodObject<{
     success: boolean;
     accepted: number;
     rejected: number;
+    outcomes: Record<string, number>;
     errors?: {
         error: {
             code: string;
@@ -414,11 +441,11 @@ export declare const proofSubmissionResponseSchema: z.ZodObject<{
         };
         proof_index: number;
     }[] | undefined;
-    outcomes?: Record<string, number> | undefined;
 }, {
     success: boolean;
     accepted: number;
     rejected: number;
+    outcomes: Record<string, number>;
     errors?: {
         error: {
             code: string;
@@ -427,7 +454,6 @@ export declare const proofSubmissionResponseSchema: z.ZodObject<{
         };
         proof_index: number;
     }[] | undefined;
-    outcomes?: Record<string, number> | undefined;
 }>;
 /**
  * Delegation credential schema
@@ -5884,7 +5910,7 @@ export declare const toolProtectionConfigAPIResponseSchema: z.ZodObject<{
  * Create delegation request schema
  *
  * Note: AgentShield API accepts a simplified format, not the full DelegationRecord.
- * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, user_identifier, custom_fields
+ * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, custom_fields
  *
  * IMPORTANT: expires_in_days and expires_at are mutually exclusive - use one or the other, not both.
  */
@@ -5895,7 +5921,6 @@ export declare const createDelegationRequestSchema: z.ZodEffects<z.ZodObject<{
     expires_at: z.ZodOptional<z.ZodString>;
     session_id: z.ZodOptional<z.ZodString>;
     project_id: z.ZodOptional<z.ZodString>;
-    user_identifier: z.ZodOptional<z.ZodString>;
     custom_fields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
     agent_did: z.ZodString;
@@ -5904,7 +5929,6 @@ export declare const createDelegationRequestSchema: z.ZodEffects<z.ZodObject<{
     expires_at: z.ZodOptional<z.ZodString>;
     session_id: z.ZodOptional<z.ZodString>;
     project_id: z.ZodOptional<z.ZodString>;
-    user_identifier: z.ZodOptional<z.ZodString>;
     custom_fields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
     agent_did: z.ZodString;
@@ -5913,7 +5937,6 @@ export declare const createDelegationRequestSchema: z.ZodEffects<z.ZodObject<{
     expires_at: z.ZodOptional<z.ZodString>;
     session_id: z.ZodOptional<z.ZodString>;
     project_id: z.ZodOptional<z.ZodString>;
-    user_identifier: z.ZodOptional<z.ZodString>;
     custom_fields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, z.ZodTypeAny, "passthrough">>, z.objectOutputType<{
     agent_did: z.ZodString;
@@ -5922,7 +5945,6 @@ export declare const createDelegationRequestSchema: z.ZodEffects<z.ZodObject<{
     expires_at: z.ZodOptional<z.ZodString>;
     session_id: z.ZodOptional<z.ZodString>;
     project_id: z.ZodOptional<z.ZodString>;
-    user_identifier: z.ZodOptional<z.ZodString>;
     custom_fields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
     agent_did: z.ZodString;
@@ -5931,7 +5953,6 @@ export declare const createDelegationRequestSchema: z.ZodEffects<z.ZodObject<{
     expires_at: z.ZodOptional<z.ZodString>;
     session_id: z.ZodOptional<z.ZodString>;
     project_id: z.ZodOptional<z.ZodString>;
-    user_identifier: z.ZodOptional<z.ZodString>;
     custom_fields: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, z.ZodTypeAny, "passthrough">>;
 /**
@@ -5949,12 +5970,12 @@ export declare const createDelegationResponseSchema: z.ZodObject<{
     user_id: z.ZodOptional<z.ZodString>;
     user_identifier: z.ZodOptional<z.ZodString>;
     scopes: z.ZodArray<z.ZodString, "many">;
-    status: z.ZodEnum<["active", "expired", "revoked"]>;
+    status: z.ZodLiteral<"active">;
     issued_at: z.ZodString;
-    expires_at: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    expires_at: z.ZodOptional<z.ZodString>;
     created_at: z.ZodString;
 }, "strip", z.ZodTypeAny, {
-    status: "active" | "revoked" | "expired";
+    status: "active";
     delegation_id: string;
     scopes: string[];
     agent_did: string;
@@ -5962,9 +5983,9 @@ export declare const createDelegationResponseSchema: z.ZodObject<{
     created_at: string;
     user_id?: string | undefined;
     user_identifier?: string | undefined;
-    expires_at?: string | null | undefined;
+    expires_at?: string | undefined;
 }, {
-    status: "active" | "revoked" | "expired";
+    status: "active";
     delegation_id: string;
     scopes: string[];
     agent_did: string;
@@ -5972,7 +5993,7 @@ export declare const createDelegationResponseSchema: z.ZodObject<{
     created_at: string;
     user_id?: string | undefined;
     user_identifier?: string | undefined;
-    expires_at?: string | null | undefined;
+    expires_at?: string | undefined;
 }>;
 /**
  * Wrapped creation response schema
@@ -5985,12 +6006,12 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
         user_id: z.ZodOptional<z.ZodString>;
         user_identifier: z.ZodOptional<z.ZodString>;
         scopes: z.ZodArray<z.ZodString, "many">;
-        status: z.ZodEnum<["active", "expired", "revoked"]>;
+        status: z.ZodLiteral<"active">;
         issued_at: z.ZodString;
-        expires_at: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+        expires_at: z.ZodOptional<z.ZodString>;
         created_at: z.ZodString;
     }, "strip", z.ZodTypeAny, {
-        status: "active" | "revoked" | "expired";
+        status: "active";
         delegation_id: string;
         scopes: string[];
         agent_did: string;
@@ -5998,9 +6019,9 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
         created_at: string;
         user_id?: string | undefined;
         user_identifier?: string | undefined;
-        expires_at?: string | null | undefined;
+        expires_at?: string | undefined;
     }, {
-        status: "active" | "revoked" | "expired";
+        status: "active";
         delegation_id: string;
         scopes: string[];
         agent_did: string;
@@ -6008,7 +6029,7 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
         created_at: string;
         user_id?: string | undefined;
         user_identifier?: string | undefined;
-        expires_at?: string | null | undefined;
+        expires_at?: string | undefined;
     }>;
     metadata: z.ZodOptional<z.ZodObject<{
         requestId: z.ZodString;
@@ -6023,7 +6044,7 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
 }, "strip", z.ZodTypeAny, {
     success: boolean;
     data: {
-        status: "active" | "revoked" | "expired";
+        status: "active";
         delegation_id: string;
         scopes: string[];
         agent_did: string;
@@ -6031,7 +6052,7 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
         created_at: string;
         user_id?: string | undefined;
         user_identifier?: string | undefined;
-        expires_at?: string | null | undefined;
+        expires_at?: string | undefined;
     };
     metadata?: {
         timestamp: string;
@@ -6040,7 +6061,7 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
 }, {
     success: boolean;
     data: {
-        status: "active" | "revoked" | "expired";
+        status: "active";
         delegation_id: string;
         scopes: string[];
         agent_did: string;
@@ -6048,7 +6069,7 @@ export declare const createDelegationAPIResponseSchema: z.ZodObject<{
         created_at: string;
         user_id?: string | undefined;
         user_identifier?: string | undefined;
-        expires_at?: string | null | undefined;
+        expires_at?: string | undefined;
     };
     metadata?: {
         timestamp: string;

package/dist/agentshield-api/schemas.js

@@ -97,7 +97,7 @@ exports.proofSubmissionResponseSchema = zod_1.z.object({
     success: zod_1.z.boolean(),
     accepted: zod_1.z.number().int().min(0),
     rejected: zod_1.z.number().int().min(0),
-    outcomes: zod_1.z.record(zod_1.z.string(), zod_1.z.number().int().min(0)).optional(), // Record<BouncerOutcome, number> - Optional because API may return empty object or omit it
+    outcomes: zod_1.z.record(zod_1.z.string(), zod_1.z.number().int().min(0)), // Record<BouncerOutcome, number>
     errors: zod_1.z
         .array(zod_1.z.object({
         proof_index: zod_1.z.number().int().min(0),
@@ -199,7 +199,7 @@ exports.toolProtectionConfigAPIResponseSchema = (0, exports.agentShieldAPIRespon
  * Create delegation request schema
  *
  * Note: AgentShield API accepts a simplified format, not the full DelegationRecord.
- * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, user_identifier, custom_fields
+ * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, custom_fields
  *
  * IMPORTANT: expires_in_days and expires_at are mutually exclusive - use one or the other, not both.
  */
@@ -211,7 +211,6 @@ exports.createDelegationRequestSchema = zod_1.z
     expires_at: zod_1.z.string().datetime().optional(),
     session_id: zod_1.z.string().optional(),
     project_id: zod_1.z.string().uuid().optional(),
-    user_identifier: zod_1.z.string().max(200).optional(), // Matches AgentShield's max(200)
     custom_fields: zod_1.z.record(zod_1.z.unknown()).optional(),
 })
     .passthrough()
@@ -239,9 +238,9 @@ exports.createDelegationResponseSchema = zod_1.z.object({
     user_id: zod_1.z.string().optional(),
     user_identifier: zod_1.z.string().optional(),
     scopes: zod_1.z.array(zod_1.z.string()),
-    status: zod_1.z.enum(['active', 'expired', 'revoked']), // Matches AgentShield's actual API behavior
+    status: zod_1.z.literal("active"),
     issued_at: zod_1.z.string().datetime(),
-    expires_at: zod_1.z.string().datetime().nullable().optional(), // AgentShield allows null values
+    expires_at: zod_1.z.string().datetime().optional(),
     created_at: zod_1.z.string().datetime(),
 });
 /**

package/dist/agentshield-api/types.d.ts

@@ -94,7 +94,7 @@ export interface ProofSubmissionResponse {
     success: boolean;
     accepted: number;
     rejected: number;
-    outcomes?: Record<BouncerOutcome, number>;
+    outcomes: Record<BouncerOutcome, number>;
     errors?: Array<{
         proof_index: number;
         error: {
@@ -188,7 +188,7 @@ export type ToolProtectionConfigAPIResponse = AgentShieldAPIResponse<ToolProtect
  * POST /api/v1/bouncer/delegations
  *
  * Note: AgentShield API accepts a simplified format, not the full DelegationRecord.
- * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, user_identifier, custom_fields
+ * The API accepts: agent_did, scopes, expires_in_days, expires_at, session_id, project_id, custom_fields
  *
  * IMPORTANT: expires_in_days and expires_at are mutually exclusive - use one or the other, not both.
  */
@@ -201,8 +201,6 @@ export interface CreateDelegationRequest {
     expires_at?: string;
     session_id?: string;
     project_id?: string;
-    /** User identifier string, max 200 chars, optional */
-    user_identifier?: string;
     custom_fields?: Record<string, unknown>;
 }
 /**
@@ -220,9 +218,9 @@ export interface CreateDelegationResponse {
     user_id?: string;
     user_identifier?: string;
     scopes: string[];
-    status: "active" | "expired" | "revoked";
+    status: "active";
     issued_at: string;
-    expires_at?: string | null;
+    expires_at?: string;
     created_at: string;
 }
 /**

package/dist/config/identity.d.ts

@@ -6,7 +6,6 @@
  *
  * @module @kya-os/contracts/config
  */
-import { z } from "zod";
 /**
  * Runtime Identity Configuration
  *
@@ -26,7 +25,7 @@ export interface RuntimeIdentityConfig {
      * Runtime environment for identity
      * Determines where keys come from and how they're managed
      */
-    environment: "development" | "production";
+    environment: 'development' | 'production';
     /**
      * Production identity configuration
      * Used when environment is 'production'
@@ -72,209 +71,7 @@ export interface RuntimeIdentityConfig {
      * - 'persistent': User DIDs are persisted in storage (requires did:web setup)
      * @default 'ephemeral'
      */
-    userDidStorage?: "ephemeral" | "persistent";
-}
-/**
- * OAuth Provider Configuration
- *
- * Configuration for a single OAuth provider (GitHub, Google, etc.)
- */
-export interface OAuthProvider {
-    /** OAuth client ID (public, safe to expose) */
-    clientId: string;
-    /** OAuth client secret (NOT returned in API response for security) */
-    clientSecret?: string | null;
-    /** OAuth authorization URL */
-    authorizationUrl: string;
-    /** OAuth token exchange URL */
-    tokenUrl: string;
-    /** OAuth user info endpoint URL */
-    userInfoUrl?: string;
-    /** Whether provider supports PKCE (Proof Key for Code Exchange) */
-    supportsPKCE: boolean;
-    /** Whether provider requires client secret (false for PKCE-only providers) */
-    requiresClientSecret: boolean;
-    /** Available scopes for this provider */
-    scopes?: string[];
-    /** Default scopes to request */
-    defaultScopes?: string[];
-    /** Whether provider uses proxy mode (via AgentShield) */
-    proxyMode?: boolean;
-    /** Custom OAuth parameters to include in authorization URL (e.g., audience, acr_values) */
-    customParams?: Record<string, string>;
-    /** Token endpoint authentication method */
-    tokenEndpointAuthMethod?: "client_secret_post" | "client_secret_basic";
-    /** OAuth response type (default: "code") */
-    responseType?: string;
-    /** OAuth grant type (default: "authorization_code") */
-    grantType?: string;
-}
-/**
- * OAuth Configuration
- *
- * Configuration for OAuth providers fetched from AgentShield API.
- * Contains all available providers for a project.
- *
- * Note: API does NOT return a defaultProvider field (Phase 1 architecture).
- * Phase 1 uses configured provider as temporary fallback.
- * Phase 2+ requires tools to explicitly specify oauthProvider.
- */
-export interface OAuthConfig {
-    /** Map of provider names to provider configurations */
-    providers: Record<string, OAuthProvider>;
-}
-/**
- * Zod schema for OAuthProvider validation
- */
-export declare const OAuthProviderSchema: z.ZodObject<{
-    clientId: z.ZodString;
-    clientSecret: z.ZodOptional<z.ZodNullable<z.ZodString>>;
-    authorizationUrl: z.ZodString;
-    tokenUrl: z.ZodString;
-    userInfoUrl: z.ZodOptional<z.ZodString>;
-    supportsPKCE: z.ZodBoolean;
-    requiresClientSecret: z.ZodBoolean;
-    scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    defaultScopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    proxyMode: z.ZodOptional<z.ZodBoolean>;
-    customParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
-    tokenEndpointAuthMethod: z.ZodOptional<z.ZodEnum<["client_secret_post", "client_secret_basic"]>>;
-    responseType: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-    grantType: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-}, "strip", z.ZodTypeAny, {
-    clientId: string;
-    authorizationUrl: string;
-    tokenUrl: string;
-    supportsPKCE: boolean;
-    requiresClientSecret: boolean;
-    responseType: string;
-    grantType: string;
-    scopes?: string[] | undefined;
-    clientSecret?: string | null | undefined;
-    userInfoUrl?: string | undefined;
-    defaultScopes?: string[] | undefined;
-    proxyMode?: boolean | undefined;
-    customParams?: Record<string, string> | undefined;
-    tokenEndpointAuthMethod?: "client_secret_post" | "client_secret_basic" | undefined;
-}, {
-    clientId: string;
-    authorizationUrl: string;
-    tokenUrl: string;
-    supportsPKCE: boolean;
-    requiresClientSecret: boolean;
-    scopes?: string[] | undefined;
-    clientSecret?: string | null | undefined;
-    userInfoUrl?: string | undefined;
-    defaultScopes?: string[] | undefined;
-    proxyMode?: boolean | undefined;
-    customParams?: Record<string, string> | undefined;
-    tokenEndpointAuthMethod?: "client_secret_post" | "client_secret_basic" | undefined;
-    responseType?: string | undefined;
-    grantType?: string | undefined;
-}>;
-/**
- * Zod schema for OAuthConfig validation
- */
-export declare const OAuthConfigSchema: z.ZodObject<{
-    providers: z.ZodRecord<z.ZodString, z.ZodObject<{
-        clientId: z.ZodString;
-        clientSecret: z.ZodOptional<z.ZodNullable<z.ZodString>>;
-        authorizationUrl: z.ZodString;
-        tokenUrl: z.ZodString;
-        userInfoUrl: z.ZodOptional<z.ZodString>;
-        supportsPKCE: z.ZodBoolean;
-        requiresClientSecret: z.ZodBoolean;
-        scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-        defaultScopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-        proxyMode: z.ZodOptional<z.ZodBoolean>;
-        customParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
-        tokenEndpointAuthMethod: z.ZodOptional<z.ZodEnum<["client_secret_post", "client_secret_basic"]>>;
-        responseType: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-        grantType: z.ZodDefault<z.ZodOptional<z.ZodString>>;
-    }, "strip", z.ZodTypeAny, {
-        clientId: string;
-        authorizationUrl: string;
-        tokenUrl: string;
-        supportsPKCE: boolean;
-        requiresClientSecret: boolean;
-        responseType: string;
-        grantType: string;
-        scopes?: string[] | undefined;
-        clientSecret?: string | null | undefined;
-        userInfoUrl?: string | undefined;
-        defaultScopes?: string[] | undefined;
-        proxyMode?: boolean | undefined;
-        customParams?: Record<string, string> | undefined;
-        tokenEndpointAuthMethod?: "client_secret_post" | "client_secret_basic" | undefined;
-    }, {
-        clientId: string;
-        authorizationUrl: string;
-        tokenUrl: string;
-        supportsPKCE: boolean;
-        requiresClientSecret: boolean;
-        scopes?: string[] | undefined;
-        clientSecret?: string | null | undefined;
-        userInfoUrl?: string | undefined;
-        defaultScopes?: string[] | undefined;
-        proxyMode?: boolean | undefined;
-        customParams?: Record<string, string> | undefined;
-        tokenEndpointAuthMethod?: "client_secret_post" | "client_secret_basic" | undefined;
-        responseType?: string | undefined;
-        grantType?: string | undefined;
-    }>>;
-}, "strip", z.ZodTypeAny, {
-    providers: Record<string, {
-        clientId: string;
-        authorizationUrl: string;
-        tokenUrl: string;
-        supportsPKCE: boolean;
-        requiresClientSecret: boolean;
-        responseType: string;
-        grantType: string;
-        scopes?: string[] | undefined;
-        clientSecret?: string | null | undefined;
-        userInfoUrl?: string | undefined;
-        defaultScopes?: string[] | undefined;
-        proxyMode?: boolean | undefined;
-        customParams?: Record<string, string> | undefined;
-        tokenEndpointAuthMethod?: "client_secret_post" | "client_secret_basic" | undefined;
-    }>;
-}, {
-    providers: Record<string, {
-        clientId: string;
-        authorizationUrl: string;
-        tokenUrl: string;
-        supportsPKCE: boolean;
-        requiresClientSecret: boolean;
-        scopes?: string[] | undefined;
-        clientSecret?: string | null | undefined;
-        userInfoUrl?: string | undefined;
-        defaultScopes?: string[] | undefined;
-        proxyMode?: boolean | undefined;
-        customParams?: Record<string, string> | undefined;
-        tokenEndpointAuthMethod?: "client_secret_post" | "client_secret_basic" | undefined;
-        responseType?: string | undefined;
-        grantType?: string | undefined;
-    }>;
-}>;
-/**
- * IDP Tokens
- *
- * Tokens received from OAuth provider (IDP = Identity Provider)
- */
-export interface IdpTokens {
-    /** OAuth access token for API calls */
-    access_token: string;
-    /** OAuth refresh token (optional) */
-    refresh_token?: string;
-    /** Token expiration time in seconds */
-    expires_in?: number;
-    /** Token expiration timestamp (milliseconds since epoch) */
-    expires_at: number;
-    /** Token type (usually "Bearer") */
-    token_type: string;
-    /** Granted scopes */
-    scope?: string;
+    userDidStorage?: 'ephemeral' | 'persistent';
 }
 /**
  * Agent identity representation

package/dist/config/identity.js

@@ -8,31 +8,3 @@
  * @module @kya-os/contracts/config
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.OAuthConfigSchema = exports.OAuthProviderSchema = void 0;
-const zod_1 = require("zod");
-/**
- * Zod schema for OAuthProvider validation
- */
-exports.OAuthProviderSchema = zod_1.z.object({
-    clientId: zod_1.z.string().min(1),
-    clientSecret: zod_1.z.string().nullable().optional(),
-    authorizationUrl: zod_1.z.string().url(),
-    tokenUrl: zod_1.z.string().url(),
-    userInfoUrl: zod_1.z.string().url().optional(),
-    supportsPKCE: zod_1.z.boolean(),
-    requiresClientSecret: zod_1.z.boolean(),
-    scopes: zod_1.z.array(zod_1.z.string()).optional(),
-    defaultScopes: zod_1.z.array(zod_1.z.string()).optional(),
-    proxyMode: zod_1.z.boolean().optional(),
-    // Phase 3: Custom IDP Support
-    customParams: zod_1.z.record(zod_1.z.string()).optional(),
-    tokenEndpointAuthMethod: zod_1.z.enum(["client_secret_post", "client_secret_basic"]).optional(),
-    responseType: zod_1.z.string().optional().default("code"),
-    grantType: zod_1.z.string().optional().default("authorization_code"),
-});
-/**
- * Zod schema for OAuthConfig validation
- */
-exports.OAuthConfigSchema = zod_1.z.object({
-    providers: zod_1.z.record(zod_1.z.string(), exports.OAuthProviderSchema),
-});

package/dist/config/index.d.ts

@@ -12,8 +12,7 @@ import type { ProofingConfig } from "./proofing.js";
 import type { DelegationConfig } from "./delegation.js";
 import type { ToolProtectionSourceConfig } from "./tool-protection.js";
 export { MCPIBaseConfig } from "./base.js";
-export { RuntimeIdentityConfig, AgentIdentity, OAuthProvider, OAuthConfig, IdpTokens, } from "./identity.js";
-export type { ToolExecutionContext } from "./tool-context.js";
+export { RuntimeIdentityConfig, AgentIdentity } from "./identity.js";
 /**
  * @deprecated Use RuntimeIdentityConfig instead
  * This export is maintained for backward compatibility