@kya-os/contracts 1.6.5 → 1.6.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/identity/schemas.d.ts +105 -10
  2. package/dist/identity/schemas.js +36 -7
  3. package/package.json +1 -1
package/dist/identity/schemas.d.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  /**
2
2
  * Identity Resolution Schemas
3
3
  *
4
- * Types and schemas for OAuth identity → persistent user DID resolution.
4
+ * Types and schemas for OAuth/credential identity → persistent user DID resolution.
5
5
  * Used by xmcp-i to call AgentShield's identity resolution endpoint.
6
6
  *
7
7
  * Part of Phase 5: Identity Resolution Integration
@@ -43,16 +43,46 @@ export declare const OAuthResultSchema: z.ZodObject<{
43
43
  picture?: string | undefined;
44
44
  }>;
45
45
  export type OAuthResult = z.infer<typeof OAuthResultSchema>;
46
+ /**
47
+ * Credential result from credential-based authentication
48
+ *
49
+ * Contains user information from username/password or custom credential flows.
50
+ * Used for third-party authentication systems (e.g., 'hardwareworld').
51
+ */
52
+ export declare const CredentialResultSchema: z.ZodObject<{
53
+ /** Credential provider name (e.g., 'hardwareworld') */
54
+ provider: z.ZodString;
55
+ /** User ID from credential authentication */
56
+ user_id: z.ZodString;
57
+ /** User's email (optional) */
58
+ email: z.ZodOptional<z.ZodString>;
59
+ /** User's display name (optional) */
60
+ name: z.ZodOptional<z.ZodString>;
61
+ }, "strip", z.ZodTypeAny, {
62
+ provider: string;
63
+ user_id: string;
64
+ email?: string | undefined;
65
+ name?: string | undefined;
66
+ }, {
67
+ provider: string;
68
+ user_id: string;
69
+ email?: string | undefined;
70
+ name?: string | undefined;
71
+ }>;
72
+ export type CredentialResult = z.infer<typeof CredentialResultSchema>;
46
73
  /**
47
74
  * Identity resolution request
48
75
  *
49
76
  * POST /api/v1/bouncer/identity/resolve
77
+ *
78
+ * Accepts EITHER oauth_result OR credential_result (XOR - exactly one required).
79
+ * This supports both OAuth-based and credential-based authentication flows.
50
80
  */
51
- export declare const IdentityResolveRequestSchema: z.ZodObject<{
52
- /** Project UUID */
81
+ export declare const IdentityResolveRequestSchema: z.ZodEffects<z.ZodObject<{
82
+ /** Project UUID or friendly ID */
53
83
  project_id: z.ZodString;
54
- /** OAuth authentication result */
55
- oauth_result: z.ZodObject<{
84
+ /** OAuth authentication result (mutually exclusive with credential_result) */
85
+ oauth_result: z.ZodOptional<z.ZodObject<{
56
86
  /** OAuth provider name (e.g., 'google', 'github', 'microsoft') */
57
87
  provider: z.ZodString;
58
88
  /** OAuth subject claim (unique per provider) */
@@ -79,27 +109,92 @@ export declare const IdentityResolveRequestSchema: z.ZodObject<{
79
109
  email_verified?: boolean | undefined;
80
110
  name?: string | undefined;
81
111
  picture?: string | undefined;
82
- }>;
112
+ }>>;
113
+ /** Credential authentication result (mutually exclusive with oauth_result) */
114
+ credential_result: z.ZodOptional<z.ZodObject<{
115
+ /** Credential provider name (e.g., 'hardwareworld') */
116
+ provider: z.ZodString;
117
+ /** User ID from credential authentication */
118
+ user_id: z.ZodString;
119
+ /** User's email (optional) */
120
+ email: z.ZodOptional<z.ZodString>;
121
+ /** User's display name (optional) */
122
+ name: z.ZodOptional<z.ZodString>;
123
+ }, "strip", z.ZodTypeAny, {
124
+ provider: string;
125
+ user_id: string;
126
+ email?: string | undefined;
127
+ name?: string | undefined;
128
+ }, {
129
+ provider: string;
130
+ user_id: string;
131
+ email?: string | undefined;
132
+ name?: string | undefined;
133
+ }>>;
83
134
  }, "strip", z.ZodTypeAny, {
84
135
  project_id: string;
85
- oauth_result: {
136
+ oauth_result?: {
86
137
  provider: string;
87
138
  sub: string;
88
139
  email?: string | undefined;
89
140
  email_verified?: boolean | undefined;
90
141
  name?: string | undefined;
91
142
  picture?: string | undefined;
92
- };
143
+ } | undefined;
144
+ credential_result?: {
145
+ provider: string;
146
+ user_id: string;
147
+ email?: string | undefined;
148
+ name?: string | undefined;
149
+ } | undefined;
93
150
  }, {
94
151
  project_id: string;
95
- oauth_result: {
152
+ oauth_result?: {
96
153
  provider: string;
97
154
  sub: string;
98
155
  email?: string | undefined;
99
156
  email_verified?: boolean | undefined;
100
157
  name?: string | undefined;
101
158
  picture?: string | undefined;
102
- };
159
+ } | undefined;
160
+ credential_result?: {
161
+ provider: string;
162
+ user_id: string;
163
+ email?: string | undefined;
164
+ name?: string | undefined;
165
+ } | undefined;
166
+ }>, {
167
+ project_id: string;
168
+ oauth_result?: {
169
+ provider: string;
170
+ sub: string;
171
+ email?: string | undefined;
172
+ email_verified?: boolean | undefined;
173
+ name?: string | undefined;
174
+ picture?: string | undefined;
175
+ } | undefined;
176
+ credential_result?: {
177
+ provider: string;
178
+ user_id: string;
179
+ email?: string | undefined;
180
+ name?: string | undefined;
181
+ } | undefined;
182
+ }, {
183
+ project_id: string;
184
+ oauth_result?: {
185
+ provider: string;
186
+ sub: string;
187
+ email?: string | undefined;
188
+ email_verified?: boolean | undefined;
189
+ name?: string | undefined;
190
+ picture?: string | undefined;
191
+ } | undefined;
192
+ credential_result?: {
193
+ provider: string;
194
+ user_id: string;
195
+ email?: string | undefined;
196
+ name?: string | undefined;
197
+ } | undefined;
103
198
  }>;
104
199
  export type IdentityResolveRequest = z.infer<typeof IdentityResolveRequestSchema>;
105
200
  /**
package/dist/identity/schemas.js CHANGED
@@ -2,7 +2,7 @@
2
2
  /**
3
3
  * Identity Resolution Schemas
4
4
  *
5
- * Types and schemas for OAuth identity → persistent user DID resolution.
5
+ * Types and schemas for OAuth/credential identity → persistent user DID resolution.
6
6
  * Used by xmcp-i to call AgentShield's identity resolution endpoint.
7
7
  *
8
8
  * Part of Phase 5: Identity Resolution Integration
@@ -10,7 +10,7 @@
10
10
  * @see ACCOUNT_CENTRIC_IDENTITY_AND_VC_IMPLEMENTATION.md
11
11
  */
12
12
  Object.defineProperty(exports, "__esModule", { value: true });
13
- exports.IdentityResolveErrorSchema = exports.IdentityResolveResponseSchema = exports.IdentityResolveRequestSchema = exports.OAuthResultSchema = void 0;
13
+ exports.IdentityResolveErrorSchema = exports.IdentityResolveResponseSchema = exports.IdentityResolveRequestSchema = exports.CredentialResultSchema = exports.OAuthResultSchema = void 0;
14
14
  exports.parseIdentityResolveRequest = parseIdentityResolveRequest;
15
15
  exports.safeParseIdentityResolveRequest = safeParseIdentityResolveRequest;
16
16
  exports.parseIdentityResolveResponse = parseIdentityResolveResponse;
@@ -35,16 +35,45 @@ exports.OAuthResultSchema = zod_1.z.object({
35
35
  /** Avatar URL from OAuth provider */
36
36
  picture: zod_1.z.string().url().optional(),
37
37
  });
38
+ /**
39
+ * Credential result from credential-based authentication
40
+ *
41
+ * Contains user information from username/password or custom credential flows.
42
+ * Used for third-party authentication systems (e.g., 'hardwareworld').
43
+ */
44
+ exports.CredentialResultSchema = zod_1.z.object({
45
+ /** Credential provider name (e.g., 'hardwareworld') */
46
+ provider: zod_1.z.string().min(1, "Provider is required"),
47
+ /** User ID from credential authentication */
48
+ user_id: zod_1.z.string().min(1, "User ID is required"),
49
+ /** User's email (optional) */
50
+ email: zod_1.z.string().email().optional(),
51
+ /** User's display name (optional) */
52
+ name: zod_1.z.string().optional(),
53
+ });
38
54
  /**
39
55
  * Identity resolution request
40
56
  *
41
57
  * POST /api/v1/bouncer/identity/resolve
58
+ *
59
+ * Accepts EITHER oauth_result OR credential_result (XOR - exactly one required).
60
+ * This supports both OAuth-based and credential-based authentication flows.
42
61
  */
43
- exports.IdentityResolveRequestSchema = zod_1.z.object({
44
- /** Project UUID */
45
- project_id: zod_1.z.string().uuid("Invalid project ID format"),
46
- /** OAuth authentication result */
47
- oauth_result: exports.OAuthResultSchema,
62
+ exports.IdentityResolveRequestSchema = zod_1.z
63
+ .object({
64
+ /** Project UUID or friendly ID */
65
+ project_id: zod_1.z.string().min(1, "Project ID is required"),
66
+ /** OAuth authentication result (mutually exclusive with credential_result) */
67
+ oauth_result: exports.OAuthResultSchema.optional(),
68
+ /** Credential authentication result (mutually exclusive with oauth_result) */
69
+ credential_result: exports.CredentialResultSchema.optional(),
70
+ })
71
+ .refine((data) => {
72
+ const hasOAuth = !!data.oauth_result;
73
+ const hasCredential = !!data.credential_result;
74
+ return (hasOAuth && !hasCredential) || (!hasOAuth && hasCredential);
75
+ }, {
76
+ message: "Exactly one of oauth_result or credential_result must be provided",
48
77
  });
49
78
  /**
50
79
  * Identity resolution response
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@kya-os/contracts",
3
- "version": "1.6.5",
3
+ "version": "1.6.7",
4
4
  "description": "Shared contracts, types, and schemas for MCP-I framework",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",