@kya-os/contracts 1.6.6 → 1.6.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -464,6 +464,7 @@ export declare const verifyDelegationRequestSchema: z.ZodObject<{
|
|
|
464
464
|
scopes: z.ZodOptional<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
|
|
465
465
|
timestamp: z.ZodOptional<z.ZodNumber>;
|
|
466
466
|
agent_did: z.ZodString;
|
|
467
|
+
user_did: z.ZodOptional<z.ZodString>;
|
|
467
468
|
credential_jwt: z.ZodOptional<z.ZodString>;
|
|
468
469
|
delegation_token: z.ZodOptional<z.ZodString>;
|
|
469
470
|
client_info: z.ZodOptional<z.ZodObject<{
|
|
@@ -483,6 +484,7 @@ export declare const verifyDelegationRequestSchema: z.ZodObject<{
|
|
|
483
484
|
agent_did: string;
|
|
484
485
|
scopes?: string[] | undefined;
|
|
485
486
|
timestamp?: number | undefined;
|
|
487
|
+
user_did?: string | undefined;
|
|
486
488
|
credential_jwt?: string | undefined;
|
|
487
489
|
delegation_token?: string | undefined;
|
|
488
490
|
client_info?: {
|
|
@@ -494,6 +496,7 @@ export declare const verifyDelegationRequestSchema: z.ZodObject<{
|
|
|
494
496
|
agent_did: string;
|
|
495
497
|
scopes?: string[] | undefined;
|
|
496
498
|
timestamp?: number | undefined;
|
|
499
|
+
user_did?: string | undefined;
|
|
497
500
|
credential_jwt?: string | undefined;
|
|
498
501
|
delegation_token?: string | undefined;
|
|
499
502
|
client_info?: {
|
|
@@ -129,6 +129,9 @@ exports.delegationCredentialSchema = zod_1.z.object({
|
|
|
129
129
|
*/
|
|
130
130
|
exports.verifyDelegationRequestSchema = zod_1.z.object({
|
|
131
131
|
agent_did: zod_1.z.string(),
|
|
132
|
+
// User DID for user-scoped delegation verification (RECOMMENDED)
|
|
133
|
+
// Prevents cross-user delegation leakage where User B could use User A's delegation
|
|
134
|
+
user_did: zod_1.z.string().optional(),
|
|
132
135
|
credential_jwt: zod_1.z.string().optional(), // Optional, omit (don't set to empty string) when not available for OAuth flow
|
|
133
136
|
delegation_token: zod_1.z.string().optional(), // Optional, for stateless MCP servers
|
|
134
137
|
scopes: zod_1.z.array(zod_1.z.string()).optional(), // Optional, can be empty array
|
|
@@ -111,6 +111,16 @@ export interface ProofSubmissionResponse {
|
|
|
111
111
|
export interface VerifyDelegationRequest {
|
|
112
112
|
/** Agent DID to verify */
|
|
113
113
|
agent_did: string;
|
|
114
|
+
/**
|
|
115
|
+
* User DID for user-scoped delegation verification (RECOMMENDED)
|
|
116
|
+
*
|
|
117
|
+
* When provided, AgentShield validates that the delegation belongs to this specific user.
|
|
118
|
+
* This prevents cross-user delegation leakage where User B could use User A's delegation.
|
|
119
|
+
*
|
|
120
|
+
* Without user_did, verification relies on delegation_token alone which may not provide
|
|
121
|
+
* user-level isolation in all scenarios (e.g., legacy agent-only delegations).
|
|
122
|
+
*/
|
|
123
|
+
user_did?: string;
|
|
114
124
|
/** Credential JWT (optional, defaults to empty string for OAuth flow) */
|
|
115
125
|
credential_jwt?: string;
|
|
116
126
|
/** Delegation token from OAuth flow (optional, for stateless MCP servers) */
|
|
@@ -160,6 +160,12 @@ export interface CredentialProviderConfig extends BaseProviderConfig {
|
|
|
160
160
|
formTitle?: string;
|
|
161
161
|
formDescription?: string;
|
|
162
162
|
identityFieldLabel?: string;
|
|
163
|
+
/**
|
|
164
|
+
* Input type for the identity/username field
|
|
165
|
+
* Use "text" for username-based authentication, "email" for email-based
|
|
166
|
+
* @default Automatically detected from field name (email -> "email", otherwise "text")
|
|
167
|
+
*/
|
|
168
|
+
identityFieldType?: "text" | "email" | "tel";
|
|
163
169
|
passwordFieldLabel?: string;
|
|
164
170
|
submitButtonText?: string;
|
|
165
171
|
};
|
|
@@ -211,6 +217,7 @@ export declare const CredentialProviderConfigSchema: z.ZodObject<{
|
|
|
211
217
|
formTitle: z.ZodOptional<z.ZodString>;
|
|
212
218
|
formDescription: z.ZodOptional<z.ZodString>;
|
|
213
219
|
identityFieldLabel: z.ZodOptional<z.ZodString>;
|
|
220
|
+
identityFieldType: z.ZodOptional<z.ZodEnum<["text", "email", "tel"]>>;
|
|
214
221
|
passwordFieldLabel: z.ZodOptional<z.ZodString>;
|
|
215
222
|
submitButtonText: z.ZodOptional<z.ZodString>;
|
|
216
223
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -218,6 +225,7 @@ export declare const CredentialProviderConfigSchema: z.ZodObject<{
|
|
|
218
225
|
formTitle?: string | undefined;
|
|
219
226
|
formDescription?: string | undefined;
|
|
220
227
|
identityFieldLabel?: string | undefined;
|
|
228
|
+
identityFieldType?: "text" | "email" | "tel" | undefined;
|
|
221
229
|
passwordFieldLabel?: string | undefined;
|
|
222
230
|
submitButtonText?: string | undefined;
|
|
223
231
|
}, {
|
|
@@ -225,6 +233,7 @@ export declare const CredentialProviderConfigSchema: z.ZodObject<{
|
|
|
225
233
|
formTitle?: string | undefined;
|
|
226
234
|
formDescription?: string | undefined;
|
|
227
235
|
identityFieldLabel?: string | undefined;
|
|
236
|
+
identityFieldType?: "text" | "email" | "tel" | undefined;
|
|
228
237
|
passwordFieldLabel?: string | undefined;
|
|
229
238
|
submitButtonText?: string | undefined;
|
|
230
239
|
}>>;
|
|
@@ -254,6 +263,7 @@ export declare const CredentialProviderConfigSchema: z.ZodObject<{
|
|
|
254
263
|
formTitle?: string | undefined;
|
|
255
264
|
formDescription?: string | undefined;
|
|
256
265
|
identityFieldLabel?: string | undefined;
|
|
266
|
+
identityFieldType?: "text" | "email" | "tel" | undefined;
|
|
257
267
|
passwordFieldLabel?: string | undefined;
|
|
258
268
|
submitButtonText?: string | undefined;
|
|
259
269
|
} | undefined;
|
|
@@ -283,6 +293,7 @@ export declare const CredentialProviderConfigSchema: z.ZodObject<{
|
|
|
283
293
|
formTitle?: string | undefined;
|
|
284
294
|
formDescription?: string | undefined;
|
|
285
295
|
identityFieldLabel?: string | undefined;
|
|
296
|
+
identityFieldType?: "text" | "email" | "tel" | undefined;
|
|
286
297
|
passwordFieldLabel?: string | undefined;
|
|
287
298
|
submitButtonText?: string | undefined;
|
|
288
299
|
} | undefined;
|
|
@@ -661,6 +672,7 @@ export declare const AuthProviderSchema: z.ZodDiscriminatedUnion<"type", [z.ZodO
|
|
|
661
672
|
formTitle: z.ZodOptional<z.ZodString>;
|
|
662
673
|
formDescription: z.ZodOptional<z.ZodString>;
|
|
663
674
|
identityFieldLabel: z.ZodOptional<z.ZodString>;
|
|
675
|
+
identityFieldType: z.ZodOptional<z.ZodEnum<["text", "email", "tel"]>>;
|
|
664
676
|
passwordFieldLabel: z.ZodOptional<z.ZodString>;
|
|
665
677
|
submitButtonText: z.ZodOptional<z.ZodString>;
|
|
666
678
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -668,6 +680,7 @@ export declare const AuthProviderSchema: z.ZodDiscriminatedUnion<"type", [z.ZodO
|
|
|
668
680
|
formTitle?: string | undefined;
|
|
669
681
|
formDescription?: string | undefined;
|
|
670
682
|
identityFieldLabel?: string | undefined;
|
|
683
|
+
identityFieldType?: "text" | "email" | "tel" | undefined;
|
|
671
684
|
passwordFieldLabel?: string | undefined;
|
|
672
685
|
submitButtonText?: string | undefined;
|
|
673
686
|
}, {
|
|
@@ -675,6 +688,7 @@ export declare const AuthProviderSchema: z.ZodDiscriminatedUnion<"type", [z.ZodO
|
|
|
675
688
|
formTitle?: string | undefined;
|
|
676
689
|
formDescription?: string | undefined;
|
|
677
690
|
identityFieldLabel?: string | undefined;
|
|
691
|
+
identityFieldType?: "text" | "email" | "tel" | undefined;
|
|
678
692
|
passwordFieldLabel?: string | undefined;
|
|
679
693
|
submitButtonText?: string | undefined;
|
|
680
694
|
}>>;
|
|
@@ -704,6 +718,7 @@ export declare const AuthProviderSchema: z.ZodDiscriminatedUnion<"type", [z.ZodO
|
|
|
704
718
|
formTitle?: string | undefined;
|
|
705
719
|
formDescription?: string | undefined;
|
|
706
720
|
identityFieldLabel?: string | undefined;
|
|
721
|
+
identityFieldType?: "text" | "email" | "tel" | undefined;
|
|
707
722
|
passwordFieldLabel?: string | undefined;
|
|
708
723
|
submitButtonText?: string | undefined;
|
|
709
724
|
} | undefined;
|
|
@@ -733,6 +748,7 @@ export declare const AuthProviderSchema: z.ZodDiscriminatedUnion<"type", [z.ZodO
|
|
|
733
748
|
formTitle?: string | undefined;
|
|
734
749
|
formDescription?: string | undefined;
|
|
735
750
|
identityFieldLabel?: string | undefined;
|
|
751
|
+
identityFieldType?: "text" | "email" | "tel" | undefined;
|
|
736
752
|
passwordFieldLabel?: string | undefined;
|
|
737
753
|
submitButtonText?: string | undefined;
|
|
738
754
|
} | undefined;
|
package/dist/config/identity.js
CHANGED
|
@@ -42,6 +42,7 @@ exports.CredentialProviderConfigSchema = zod_1.z.object({
|
|
|
42
42
|
formTitle: zod_1.z.string().optional(),
|
|
43
43
|
formDescription: zod_1.z.string().optional(),
|
|
44
44
|
identityFieldLabel: zod_1.z.string().optional(),
|
|
45
|
+
identityFieldType: zod_1.z.enum(["text", "email", "tel"]).optional(),
|
|
45
46
|
passwordFieldLabel: zod_1.z.string().optional(),
|
|
46
47
|
submitButtonText: zod_1.z.string().optional(),
|
|
47
48
|
})
|
|
@@ -31,15 +31,15 @@ export declare const OAuthResultSchema: z.ZodObject<{
|
|
|
31
31
|
provider: string;
|
|
32
32
|
sub: string;
|
|
33
33
|
email?: string | undefined;
|
|
34
|
-
email_verified?: boolean | undefined;
|
|
35
34
|
name?: string | undefined;
|
|
35
|
+
email_verified?: boolean | undefined;
|
|
36
36
|
picture?: string | undefined;
|
|
37
37
|
}, {
|
|
38
38
|
provider: string;
|
|
39
39
|
sub: string;
|
|
40
40
|
email?: string | undefined;
|
|
41
|
-
email_verified?: boolean | undefined;
|
|
42
41
|
name?: string | undefined;
|
|
42
|
+
email_verified?: boolean | undefined;
|
|
43
43
|
picture?: string | undefined;
|
|
44
44
|
}>;
|
|
45
45
|
export type OAuthResult = z.infer<typeof OAuthResultSchema>;
|
|
@@ -69,15 +69,15 @@ export declare const IdentityResolveRequestSchema: z.ZodObject<{
|
|
|
69
69
|
provider: string;
|
|
70
70
|
sub: string;
|
|
71
71
|
email?: string | undefined;
|
|
72
|
-
email_verified?: boolean | undefined;
|
|
73
72
|
name?: string | undefined;
|
|
73
|
+
email_verified?: boolean | undefined;
|
|
74
74
|
picture?: string | undefined;
|
|
75
75
|
}, {
|
|
76
76
|
provider: string;
|
|
77
77
|
sub: string;
|
|
78
78
|
email?: string | undefined;
|
|
79
|
-
email_verified?: boolean | undefined;
|
|
80
79
|
name?: string | undefined;
|
|
80
|
+
email_verified?: boolean | undefined;
|
|
81
81
|
picture?: string | undefined;
|
|
82
82
|
}>;
|
|
83
83
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -86,8 +86,8 @@ export declare const IdentityResolveRequestSchema: z.ZodObject<{
|
|
|
86
86
|
provider: string;
|
|
87
87
|
sub: string;
|
|
88
88
|
email?: string | undefined;
|
|
89
|
-
email_verified?: boolean | undefined;
|
|
90
89
|
name?: string | undefined;
|
|
90
|
+
email_verified?: boolean | undefined;
|
|
91
91
|
picture?: string | undefined;
|
|
92
92
|
};
|
|
93
93
|
}, {
|
|
@@ -96,8 +96,8 @@ export declare const IdentityResolveRequestSchema: z.ZodObject<{
|
|
|
96
96
|
provider: string;
|
|
97
97
|
sub: string;
|
|
98
98
|
email?: string | undefined;
|
|
99
|
-
email_verified?: boolean | undefined;
|
|
100
99
|
name?: string | undefined;
|
|
100
|
+
email_verified?: boolean | undefined;
|
|
101
101
|
picture?: string | undefined;
|
|
102
102
|
};
|
|
103
103
|
}>;
|
|
@@ -133,11 +133,11 @@ export declare const IdentityResolveResponseSchema: z.ZodObject<{
|
|
|
133
133
|
requestId: z.ZodOptional<z.ZodString>;
|
|
134
134
|
timestamp: z.ZodOptional<z.ZodString>;
|
|
135
135
|
}, "strip", z.ZodTypeAny, {
|
|
136
|
-
requestId?: string | undefined;
|
|
137
136
|
timestamp?: string | undefined;
|
|
138
|
-
}, {
|
|
139
137
|
requestId?: string | undefined;
|
|
138
|
+
}, {
|
|
140
139
|
timestamp?: string | undefined;
|
|
140
|
+
requestId?: string | undefined;
|
|
141
141
|
}>>;
|
|
142
142
|
}, "strip", z.ZodTypeAny, {
|
|
143
143
|
success: true;
|
|
@@ -148,8 +148,8 @@ export declare const IdentityResolveResponseSchema: z.ZodObject<{
|
|
|
148
148
|
auto_linked: boolean;
|
|
149
149
|
};
|
|
150
150
|
metadata?: {
|
|
151
|
-
requestId?: string | undefined;
|
|
152
151
|
timestamp?: string | undefined;
|
|
152
|
+
requestId?: string | undefined;
|
|
153
153
|
} | undefined;
|
|
154
154
|
}, {
|
|
155
155
|
success: true;
|
|
@@ -160,8 +160,8 @@ export declare const IdentityResolveResponseSchema: z.ZodObject<{
|
|
|
160
160
|
auto_linked: boolean;
|
|
161
161
|
};
|
|
162
162
|
metadata?: {
|
|
163
|
-
requestId?: string | undefined;
|
|
164
163
|
timestamp?: string | undefined;
|
|
164
|
+
requestId?: string | undefined;
|
|
165
165
|
} | undefined;
|
|
166
166
|
}>;
|
|
167
167
|
export type IdentityResolveResponse = z.infer<typeof IdentityResolveResponseSchema>;
|