@kya-os/contracts 1.6.1 → 1.6.2-canary.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. package/dist/agentshield-api/schemas.d.ts +48 -27
  2. package/dist/agentshield-api/schemas.js +4 -5
  3. package/dist/agentshield-api/types.d.ts +4 -6
  4. package/dist/config/identity.d.ts +2 -214
  5. package/dist/config/identity.js +0 -29
  6. package/dist/config/index.d.ts +1 -2
  7. package/dist/consent/schemas.d.ts +1 -96
  8. package/dist/consent/schemas.js +1 -39
  9. package/dist/dashboard-config/schemas.d.ts +174 -1430
  10. package/dist/index.d.ts +0 -1
  11. package/dist/index.js +0 -2
  12. package/dist/tool-protection/index.d.ts +2 -478
  13. package/dist/tool-protection/index.js +2 -89
  14. package/package.json +120 -63
  15. package/dist/audit/index.d.ts +0 -193
  16. package/dist/audit/index.js +0 -100
  17. package/dist/config/tool-context.d.ts +0 -34
  18. package/dist/config/tool-context.js +0 -13
  19. package/dist/verifier/index.d.ts +0 -1
  20. package/dist/verifier/index.js +0 -18
package/dist/index.d.ts CHANGED
@@ -21,6 +21,5 @@ export * from "./test.js";
21
21
  export * from "./utils/validation.js";
22
22
  export * from "./vc/index.js";
23
23
  export * from "./delegation/index.js";
24
- export * from "./audit/index.js";
25
24
  export declare const CONTRACTS_VERSION = "1.2.1";
26
25
  export declare const SUPPORTED_XMCP_I_VERSION = "^1.0.0";
package/dist/index.js CHANGED
@@ -40,8 +40,6 @@ __exportStar(require("./utils/validation.js"), exports);
40
40
  // W3C VC and Delegation exports (for mcp-i-core compatibility)
41
41
  __exportStar(require("./vc/index.js"), exports);
42
42
  __exportStar(require("./delegation/index.js"), exports);
43
- // Audit types (platform-agnostic)
44
- __exportStar(require("./audit/index.js"), exports);
45
43
  // Version information
46
44
  exports.CONTRACTS_VERSION = "1.2.1";
47
45
  exports.SUPPORTED_XMCP_I_VERSION = "^1.0.0";
package/dist/tool-protection/index.d.ts CHANGED
@@ -8,31 +8,6 @@
8
8
  * @module @kya-os/contracts/tool-protection
9
9
  */
10
10
  import { z } from 'zod';
11
- /**
12
- * Authorization Requirement (Discriminated Union)
13
- *
14
- * Defines the type of authorization required for a tool.
15
- * Extensible design to support OAuth, MDL, IDV, credentials, etc.
16
- */
17
- export type AuthorizationRequirement = {
18
- type: 'oauth';
19
- provider: string;
20
- requiredScopes?: string[];
21
- } | {
22
- type: 'mdl';
23
- issuer: string;
24
- credentialType?: string;
25
- } | {
26
- type: 'idv';
27
- provider: string;
28
- verificationLevel?: 'basic' | 'enhanced' | 'loa3';
29
- } | {
30
- type: 'credential';
31
- credentialType: string;
32
- issuer?: string;
33
- } | {
34
- type: 'none';
35
- };
36
11
  /**
37
12
  * Tool Protection Definition
38
13
  *
@@ -54,19 +29,6 @@ export interface ToolProtection {
54
29
  * Used to determine appropriate authorization flows
55
30
  */
56
31
  riskLevel?: 'low' | 'medium' | 'high' | 'critical';
57
- /**
58
- * OAuth provider name for this tool (Phase 2+)
59
- * If specified, this tool will use the specified OAuth provider.
60
- * If not specified, provider will be resolved via fallback strategies.
61
- * @example "github", "google", "microsoft"
62
- * @deprecated Use `authorization` field instead. Will be removed in Phase 3.
63
- */
64
- oauthProvider?: string;
65
- /**
66
- * Authorization requirement for this tool
67
- * If requiresDelegation=true, authorization must be specified (or inferred from legacy fields)
68
- */
69
- authorization?: AuthorizationRequirement;
70
32
  }
71
33
  /**
72
34
  * Tool Protection Map
@@ -75,23 +37,6 @@ export interface ToolProtection {
75
37
  * This is how tool protections are typically stored and transmitted.
76
38
  */
77
39
  export type ToolProtectionMap = Record<string, ToolProtection>;
78
- /**
79
- * Partial tool protection for updates (all fields optional)
80
- * Use this when accepting partial updates to tool protection settings
81
- */
82
- export type PartialToolProtection = Partial<ToolProtection>;
83
- /**
84
- * Tool protection with explicit optional fields
85
- * Useful when TypeScript's Partial<T> doesn't preserve optional property access
86
- * Supports explicit null values to clear fields
87
- */
88
- export type ToolProtectionUpdate = {
89
- requiresDelegation?: boolean;
90
- requiredScopes?: string[];
91
- riskLevel?: 'low' | 'medium' | 'high' | 'critical';
92
- oauthProvider?: string | null;
93
- authorization?: AuthorizationRequirement | null;
94
- };
95
40
  /**
96
41
  * Tool Protection Response
97
42
  *
@@ -149,403 +94,48 @@ export interface DelegationRequiredErrorData {
149
94
  */
150
95
  reason?: string;
151
96
  }
152
- /**
153
- * Legacy tool protection format (pre-authorization field)
154
- * Used during migration period to support both old and new formats
155
- */
156
- export type LegacyToolProtection = Omit<ToolProtection, 'authorization'> & {
157
- oauthProvider?: string;
158
- };
159
- /**
160
- * Union type for both legacy and new formats
161
- * Useful during migration period when accepting tool protection input
162
- */
163
- export type ToolProtectionInput = ToolProtection | LegacyToolProtection;
164
97
  /**
165
98
  * Zod Schemas for Validation
166
99
  */
167
- export declare const AuthorizationRequirementSchema: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
168
- type: z.ZodLiteral<"oauth">;
169
- provider: z.ZodString;
170
- requiredScopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
171
- }, "strip", z.ZodTypeAny, {
172
- type: "oauth";
173
- provider: string;
174
- requiredScopes?: string[] | undefined;
175
- }, {
176
- type: "oauth";
177
- provider: string;
178
- requiredScopes?: string[] | undefined;
179
- }>, z.ZodObject<{
180
- type: z.ZodLiteral<"mdl">;
181
- issuer: z.ZodString;
182
- credentialType: z.ZodOptional<z.ZodString>;
183
- }, "strip", z.ZodTypeAny, {
184
- type: "mdl";
185
- issuer: string;
186
- credentialType?: string | undefined;
187
- }, {
188
- type: "mdl";
189
- issuer: string;
190
- credentialType?: string | undefined;
191
- }>, z.ZodObject<{
192
- type: z.ZodLiteral<"idv">;
193
- provider: z.ZodString;
194
- verificationLevel: z.ZodOptional<z.ZodEnum<["basic", "enhanced", "loa3"]>>;
195
- }, "strip", z.ZodTypeAny, {
196
- type: "idv";
197
- provider: string;
198
- verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
199
- }, {
200
- type: "idv";
201
- provider: string;
202
- verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
203
- }>, z.ZodObject<{
204
- type: z.ZodLiteral<"credential">;
205
- credentialType: z.ZodString;
206
- issuer: z.ZodOptional<z.ZodString>;
207
- }, "strip", z.ZodTypeAny, {
208
- type: "credential";
209
- credentialType: string;
210
- issuer?: string | undefined;
211
- }, {
212
- type: "credential";
213
- credentialType: string;
214
- issuer?: string | undefined;
215
- }>, z.ZodObject<{
216
- type: z.ZodLiteral<"none">;
217
- }, "strip", z.ZodTypeAny, {
218
- type: "none";
219
- }, {
220
- type: "none";
221
- }>]>;
222
100
  export declare const ToolProtectionSchema: z.ZodObject<{
223
101
  requiresDelegation: z.ZodBoolean;
224
102
  requiredScopes: z.ZodArray<z.ZodString, "many">;
225
103
  riskLevel: z.ZodOptional<z.ZodEnum<["low", "medium", "high", "critical"]>>;
226
- oauthProvider: z.ZodOptional<z.ZodString>;
227
- authorization: z.ZodOptional<z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
228
- type: z.ZodLiteral<"oauth">;
229
- provider: z.ZodString;
230
- requiredScopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
231
- }, "strip", z.ZodTypeAny, {
232
- type: "oauth";
233
- provider: string;
234
- requiredScopes?: string[] | undefined;
235
- }, {
236
- type: "oauth";
237
- provider: string;
238
- requiredScopes?: string[] | undefined;
239
- }>, z.ZodObject<{
240
- type: z.ZodLiteral<"mdl">;
241
- issuer: z.ZodString;
242
- credentialType: z.ZodOptional<z.ZodString>;
243
- }, "strip", z.ZodTypeAny, {
244
- type: "mdl";
245
- issuer: string;
246
- credentialType?: string | undefined;
247
- }, {
248
- type: "mdl";
249
- issuer: string;
250
- credentialType?: string | undefined;
251
- }>, z.ZodObject<{
252
- type: z.ZodLiteral<"idv">;
253
- provider: z.ZodString;
254
- verificationLevel: z.ZodOptional<z.ZodEnum<["basic", "enhanced", "loa3"]>>;
255
- }, "strip", z.ZodTypeAny, {
256
- type: "idv";
257
- provider: string;
258
- verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
259
- }, {
260
- type: "idv";
261
- provider: string;
262
- verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
263
- }>, z.ZodObject<{
264
- type: z.ZodLiteral<"credential">;
265
- credentialType: z.ZodString;
266
- issuer: z.ZodOptional<z.ZodString>;
267
- }, "strip", z.ZodTypeAny, {
268
- type: "credential";
269
- credentialType: string;
270
- issuer?: string | undefined;
271
- }, {
272
- type: "credential";
273
- credentialType: string;
274
- issuer?: string | undefined;
275
- }>, z.ZodObject<{
276
- type: z.ZodLiteral<"none">;
277
- }, "strip", z.ZodTypeAny, {
278
- type: "none";
279
- }, {
280
- type: "none";
281
- }>]>>;
282
104
  }, "strip", z.ZodTypeAny, {
283
105
  requiresDelegation: boolean;
284
106
  requiredScopes: string[];
285
- authorization?: {
286
- type: "oauth";
287
- provider: string;
288
- requiredScopes?: string[] | undefined;
289
- } | {
290
- type: "mdl";
291
- issuer: string;
292
- credentialType?: string | undefined;
293
- } | {
294
- type: "idv";
295
- provider: string;
296
- verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
297
- } | {
298
- type: "credential";
299
- credentialType: string;
300
- issuer?: string | undefined;
301
- } | {
302
- type: "none";
303
- } | undefined;
304
107
  riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
305
- oauthProvider?: string | undefined;
306
108
  }, {
307
109
  requiresDelegation: boolean;
308
110
  requiredScopes: string[];
309
- authorization?: {
310
- type: "oauth";
311
- provider: string;
312
- requiredScopes?: string[] | undefined;
313
- } | {
314
- type: "mdl";
315
- issuer: string;
316
- credentialType?: string | undefined;
317
- } | {
318
- type: "idv";
319
- provider: string;
320
- verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
321
- } | {
322
- type: "credential";
323
- credentialType: string;
324
- issuer?: string | undefined;
325
- } | {
326
- type: "none";
327
- } | undefined;
328
111
  riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
329
- oauthProvider?: string | undefined;
330
112
  }>;
331
113
  export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
332
114
  requiresDelegation: z.ZodBoolean;
333
115
  requiredScopes: z.ZodArray<z.ZodString, "many">;
334
116
  riskLevel: z.ZodOptional<z.ZodEnum<["low", "medium", "high", "critical"]>>;
335
- oauthProvider: z.ZodOptional<z.ZodString>;
336
- authorization: z.ZodOptional<z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
337
- type: z.ZodLiteral<"oauth">;
338
- provider: z.ZodString;
339
- requiredScopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
340
- }, "strip", z.ZodTypeAny, {
341
- type: "oauth";
342
- provider: string;
343
- requiredScopes?: string[] | undefined;
344
- }, {
345
- type: "oauth";
346
- provider: string;
347
- requiredScopes?: string[] | undefined;
348
- }>, z.ZodObject<{
349
- type: z.ZodLiteral<"mdl">;
350
- issuer: z.ZodString;
351
- credentialType: z.ZodOptional<z.ZodString>;
352
- }, "strip", z.ZodTypeAny, {
353
- type: "mdl";
354
- issuer: string;
355
- credentialType?: string | undefined;
356
- }, {
357
- type: "mdl";
358
- issuer: string;
359
- credentialType?: string | undefined;
360
- }>, z.ZodObject<{
361
- type: z.ZodLiteral<"idv">;
362
- provider: z.ZodString;
363
- verificationLevel: z.ZodOptional<z.ZodEnum<["basic", "enhanced", "loa3"]>>;
364
- }, "strip", z.ZodTypeAny, {
365
- type: "idv";
366
- provider: string;
367
- verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
368
- }, {
369
- type: "idv";
370
- provider: string;
371
- verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
372
- }>, z.ZodObject<{
373
- type: z.ZodLiteral<"credential">;
374
- credentialType: z.ZodString;
375
- issuer: z.ZodOptional<z.ZodString>;
376
- }, "strip", z.ZodTypeAny, {
377
- type: "credential";
378
- credentialType: string;
379
- issuer?: string | undefined;
380
- }, {
381
- type: "credential";
382
- credentialType: string;
383
- issuer?: string | undefined;
384
- }>, z.ZodObject<{
385
- type: z.ZodLiteral<"none">;
386
- }, "strip", z.ZodTypeAny, {
387
- type: "none";
388
- }, {
389
- type: "none";
390
- }>]>>;
391
117
  }, "strip", z.ZodTypeAny, {
392
118
  requiresDelegation: boolean;
393
119
  requiredScopes: string[];
394
- authorization?: {
395
- type: "oauth";
396
- provider: string;
397
- requiredScopes?: string[] | undefined;
398
- } | {
399
- type: "mdl";
400
- issuer: string;
401
- credentialType?: string | undefined;
402
- } | {
403
- type: "idv";
404
- provider: string;
405
- verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
406
- } | {
407
- type: "credential";
408
- credentialType: string;
409
- issuer?: string | undefined;
410
- } | {
411
- type: "none";
412
- } | undefined;
413
120
  riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
414
- oauthProvider?: string | undefined;
415
121
  }, {
416
122
  requiresDelegation: boolean;
417
123
  requiredScopes: string[];
418
- authorization?: {
419
- type: "oauth";
420
- provider: string;
421
- requiredScopes?: string[] | undefined;
422
- } | {
423
- type: "mdl";
424
- issuer: string;
425
- credentialType?: string | undefined;
426
- } | {
427
- type: "idv";
428
- provider: string;
429
- verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
430
- } | {
431
- type: "credential";
432
- credentialType: string;
433
- issuer?: string | undefined;
434
- } | {
435
- type: "none";
436
- } | undefined;
437
124
  riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
438
- oauthProvider?: string | undefined;
439
125
  }>>;
440
126
  export declare const ToolProtectionResponseSchema: z.ZodObject<{
441
127
  toolProtections: z.ZodRecord<z.ZodString, z.ZodObject<{
442
128
  requiresDelegation: z.ZodBoolean;
443
129
  requiredScopes: z.ZodArray<z.ZodString, "many">;
444
130
  riskLevel: z.ZodOptional<z.ZodEnum<["low", "medium", "high", "critical"]>>;
445
- oauthProvider: z.ZodOptional<z.ZodString>;
446
- authorization: z.ZodOptional<z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
447
- type: z.ZodLiteral<"oauth">;
448
- provider: z.ZodString;
449
- requiredScopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
450
- }, "strip", z.ZodTypeAny, {
451
- type: "oauth";
452
- provider: string;
453
- requiredScopes?: string[] | undefined;
454
- }, {
455
- type: "oauth";
456
- provider: string;
457
- requiredScopes?: string[] | undefined;
458
- }>, z.ZodObject<{
459
- type: z.ZodLiteral<"mdl">;
460
- issuer: z.ZodString;
461
- credentialType: z.ZodOptional<z.ZodString>;
462
- }, "strip", z.ZodTypeAny, {
463
- type: "mdl";
464
- issuer: string;
465
- credentialType?: string | undefined;
466
- }, {
467
- type: "mdl";
468
- issuer: string;
469
- credentialType?: string | undefined;
470
- }>, z.ZodObject<{
471
- type: z.ZodLiteral<"idv">;
472
- provider: z.ZodString;
473
- verificationLevel: z.ZodOptional<z.ZodEnum<["basic", "enhanced", "loa3"]>>;
474
- }, "strip", z.ZodTypeAny, {
475
- type: "idv";
476
- provider: string;
477
- verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
478
- }, {
479
- type: "idv";
480
- provider: string;
481
- verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
482
- }>, z.ZodObject<{
483
- type: z.ZodLiteral<"credential">;
484
- credentialType: z.ZodString;
485
- issuer: z.ZodOptional<z.ZodString>;
486
- }, "strip", z.ZodTypeAny, {
487
- type: "credential";
488
- credentialType: string;
489
- issuer?: string | undefined;
490
- }, {
491
- type: "credential";
492
- credentialType: string;
493
- issuer?: string | undefined;
494
- }>, z.ZodObject<{
495
- type: z.ZodLiteral<"none">;
496
- }, "strip", z.ZodTypeAny, {
497
- type: "none";
498
- }, {
499
- type: "none";
500
- }>]>>;
501
131
  }, "strip", z.ZodTypeAny, {
502
132
  requiresDelegation: boolean;
503
133
  requiredScopes: string[];
504
- authorization?: {
505
- type: "oauth";
506
- provider: string;
507
- requiredScopes?: string[] | undefined;
508
- } | {
509
- type: "mdl";
510
- issuer: string;
511
- credentialType?: string | undefined;
512
- } | {
513
- type: "idv";
514
- provider: string;
515
- verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
516
- } | {
517
- type: "credential";
518
- credentialType: string;
519
- issuer?: string | undefined;
520
- } | {
521
- type: "none";
522
- } | undefined;
523
134
  riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
524
- oauthProvider?: string | undefined;
525
135
  }, {
526
136
  requiresDelegation: boolean;
527
137
  requiredScopes: string[];
528
- authorization?: {
529
- type: "oauth";
530
- provider: string;
531
- requiredScopes?: string[] | undefined;
532
- } | {
533
- type: "mdl";
534
- issuer: string;
535
- credentialType?: string | undefined;
536
- } | {
537
- type: "idv";
538
- provider: string;
539
- verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
540
- } | {
541
- type: "credential";
542
- credentialType: string;
543
- issuer?: string | undefined;
544
- } | {
545
- type: "none";
546
- } | undefined;
547
138
  riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
548
- oauthProvider?: string | undefined;
549
139
  }>>;
550
140
  metadata: z.ZodOptional<z.ZodObject<{
551
141
  lastUpdated: z.ZodOptional<z.ZodString>;
@@ -564,27 +154,7 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
564
154
  toolProtections: Record<string, {
565
155
  requiresDelegation: boolean;
566
156
  requiredScopes: string[];
567
- authorization?: {
568
- type: "oauth";
569
- provider: string;
570
- requiredScopes?: string[] | undefined;
571
- } | {
572
- type: "mdl";
573
- issuer: string;
574
- credentialType?: string | undefined;
575
- } | {
576
- type: "idv";
577
- provider: string;
578
- verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
579
- } | {
580
- type: "credential";
581
- credentialType: string;
582
- issuer?: string | undefined;
583
- } | {
584
- type: "none";
585
- } | undefined;
586
157
  riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
587
- oauthProvider?: string | undefined;
588
158
  }>;
589
159
  metadata?: {
590
160
  version?: string | undefined;
@@ -595,27 +165,7 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
595
165
  toolProtections: Record<string, {
596
166
  requiresDelegation: boolean;
597
167
  requiredScopes: string[];
598
- authorization?: {
599
- type: "oauth";
600
- provider: string;
601
- requiredScopes?: string[] | undefined;
602
- } | {
603
- type: "mdl";
604
- issuer: string;
605
- credentialType?: string | undefined;
606
- } | {
607
- type: "idv";
608
- provider: string;
609
- verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
610
- } | {
611
- type: "credential";
612
- credentialType: string;
613
- issuer?: string | undefined;
614
- } | {
615
- type: "none";
616
- } | undefined;
617
168
  riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
618
- oauthProvider?: string | undefined;
619
169
  }>;
620
170
  metadata?: {
621
171
  version?: string | undefined;
@@ -633,14 +183,14 @@ export declare const DelegationRequiredErrorDataSchema: z.ZodObject<{
633
183
  requiredScopes: string[];
634
184
  toolName: string;
635
185
  reason?: string | undefined;
636
- authorizationUrl?: string | undefined;
637
186
  consentUrl?: string | undefined;
187
+ authorizationUrl?: string | undefined;
638
188
  }, {
639
189
  requiredScopes: string[];
640
190
  toolName: string;
641
191
  reason?: string | undefined;
642
- authorizationUrl?: string | undefined;
643
192
  consentUrl?: string | undefined;
193
+ authorizationUrl?: string | undefined;
644
194
  }>;
645
195
  /**
646
196
  * Type Guards
@@ -649,18 +199,6 @@ export declare function isToolProtection(obj: any): obj is ToolProtection;
649
199
  export declare function isToolProtectionMap(obj: any): obj is ToolProtectionMap;
650
200
  export declare function isToolProtectionResponse(obj: any): obj is ToolProtectionResponse;
651
201
  export declare function isDelegationRequiredErrorData(obj: any): obj is DelegationRequiredErrorData;
652
- /**
653
- * Type guard to check if an object is a valid AuthorizationRequirement
654
- */
655
- export declare function isAuthorizationRequirement(obj: unknown): obj is AuthorizationRequirement;
656
- /**
657
- * Type guard to check if a ToolProtection has OAuth authorization
658
- */
659
- export declare function hasOAuthAuthorization(protection: ToolProtection): protection is ToolProtection & {
660
- authorization: {
661
- type: 'oauth';
662
- };
663
- };
664
202
  /**
665
203
  * Validation Functions
666
204
  */
@@ -687,17 +225,3 @@ export declare function getToolRiskLevel(toolName: string, protections: ToolProt
687
225
  * Create a delegation required error
688
226
  */
689
227
  export declare function createDelegationRequiredError(toolName: string, requiredScopes: string[], consentUrl?: string): DelegationRequiredErrorData;
690
- /**
691
- * Normalize tool protection configuration
692
- * Migrates legacy oauthProvider field to authorization object
693
- *
694
- * - Migrates `oauthProvider` → `authorization: { type: 'oauth', provider: ... }`
695
- * - Ensures `authorization` field is present when `requiresDelegation=true`
696
- * - Returns fully normalized ToolProtection object
697
- *
698
- * @param raw - Raw tool protection data (may have legacy fields or be partial)
699
- * @returns Normalized ToolProtection object
700
- *
701
- * // TODO: Remove normalizeToolProtection() when all tools migrated (target: Phase 3)
702
- */
703
- export declare function normalizeToolProtection(raw: ToolProtection | PartialToolProtection): ToolProtection;