@kya-os/contracts 1.7.12 → 1.7.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/agentshield-api/schemas.d.ts +157 -157
  2. package/dist/agentshield-api/schemas.js +2 -1
  3. package/dist/agentshield-api/types.d.ts +1 -1
  4. package/dist/audit/index.d.ts +20 -20
  5. package/dist/dashboard-config/schemas.d.ts +524 -0
  6. package/dist/handshake.d.ts +42 -42
  7. package/dist/tool-protection/index.d.ts +102 -7
  8. package/dist/tool-protection/index.js +41 -8
  9. package/package.json +1 -1
package/dist/handshake.d.ts CHANGED
@@ -24,16 +24,16 @@ export declare const MCPClientInfoSchema: z.ZodObject<{
24
24
  }, "strip", z.ZodTypeAny, {
25
25
  name: string;
26
26
  version?: string | undefined;
27
+ title?: string | undefined;
27
28
  platform?: string | undefined;
28
29
  vendor?: string | undefined;
29
- title?: string | undefined;
30
30
  persistentId?: string | undefined;
31
31
  }, {
32
32
  name: string;
33
33
  version?: string | undefined;
34
+ title?: string | undefined;
34
35
  platform?: string | undefined;
35
36
  vendor?: string | undefined;
36
- title?: string | undefined;
37
37
  persistentId?: string | undefined;
38
38
  }>;
39
39
  export declare const MCPClientSessionInfoSchema: z.ZodObject<{
@@ -48,22 +48,22 @@ export declare const MCPClientSessionInfoSchema: z.ZodObject<{
48
48
  protocolVersion: z.ZodOptional<z.ZodString>;
49
49
  capabilities: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
50
50
  }, "strip", z.ZodTypeAny, {
51
- name: string;
52
51
  clientId: string;
52
+ name: string;
53
53
  version?: string | undefined;
54
+ title?: string | undefined;
54
55
  platform?: string | undefined;
55
56
  vendor?: string | undefined;
56
- title?: string | undefined;
57
57
  persistentId?: string | undefined;
58
58
  protocolVersion?: string | undefined;
59
59
  capabilities?: Record<string, unknown> | undefined;
60
60
  }, {
61
- name: string;
62
61
  clientId: string;
62
+ name: string;
63
63
  version?: string | undefined;
64
+ title?: string | undefined;
64
65
  platform?: string | undefined;
65
66
  vendor?: string | undefined;
66
- title?: string | undefined;
67
67
  persistentId?: string | undefined;
68
68
  protocolVersion?: string | undefined;
69
69
  capabilities?: Record<string, unknown> | undefined;
@@ -84,20 +84,20 @@ export declare const HandshakeRequestSchema: z.ZodObject<{
84
84
  clientId: z.ZodOptional<z.ZodString>;
85
85
  }, "strip", z.ZodTypeAny, {
86
86
  name: string;
87
+ clientId?: string | undefined;
87
88
  version?: string | undefined;
89
+ title?: string | undefined;
88
90
  platform?: string | undefined;
89
91
  vendor?: string | undefined;
90
- title?: string | undefined;
91
92
  persistentId?: string | undefined;
92
- clientId?: string | undefined;
93
93
  }, {
94
94
  name: string;
95
+ clientId?: string | undefined;
95
96
  version?: string | undefined;
97
+ title?: string | undefined;
96
98
  platform?: string | undefined;
97
99
  vendor?: string | undefined;
98
- title?: string | undefined;
99
100
  persistentId?: string | undefined;
100
- clientId?: string | undefined;
101
101
  }>>;
102
102
  clientProtocolVersion: z.ZodOptional<z.ZodString>;
103
103
  clientCapabilities: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
@@ -108,12 +108,12 @@ export declare const HandshakeRequestSchema: z.ZodObject<{
108
108
  agentDid?: string | undefined;
109
109
  clientInfo?: {
110
110
  name: string;
111
+ clientId?: string | undefined;
111
112
  version?: string | undefined;
113
+ title?: string | undefined;
112
114
  platform?: string | undefined;
113
115
  vendor?: string | undefined;
114
- title?: string | undefined;
115
116
  persistentId?: string | undefined;
116
- clientId?: string | undefined;
117
117
  } | undefined;
118
118
  clientProtocolVersion?: string | undefined;
119
119
  clientCapabilities?: Record<string, unknown> | undefined;
@@ -124,12 +124,12 @@ export declare const HandshakeRequestSchema: z.ZodObject<{
124
124
  agentDid?: string | undefined;
125
125
  clientInfo?: {
126
126
  name: string;
127
+ clientId?: string | undefined;
127
128
  version?: string | undefined;
129
+ title?: string | undefined;
128
130
  platform?: string | undefined;
129
131
  vendor?: string | undefined;
130
- title?: string | undefined;
131
132
  persistentId?: string | undefined;
132
- clientId?: string | undefined;
133
133
  } | undefined;
134
134
  clientProtocolVersion?: string | undefined;
135
135
  clientCapabilities?: Record<string, unknown> | undefined;
@@ -158,22 +158,22 @@ export declare const SessionContextSchema: z.ZodObject<{
158
158
  protocolVersion: z.ZodOptional<z.ZodString>;
159
159
  capabilities: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
160
160
  }, "strip", z.ZodTypeAny, {
161
- name: string;
162
161
  clientId: string;
162
+ name: string;
163
163
  version?: string | undefined;
164
+ title?: string | undefined;
164
165
  platform?: string | undefined;
165
166
  vendor?: string | undefined;
166
- title?: string | undefined;
167
167
  persistentId?: string | undefined;
168
168
  protocolVersion?: string | undefined;
169
169
  capabilities?: Record<string, unknown> | undefined;
170
170
  }, {
171
- name: string;
172
171
  clientId: string;
172
+ name: string;
173
173
  version?: string | undefined;
174
+ title?: string | undefined;
174
175
  platform?: string | undefined;
175
176
  vendor?: string | undefined;
176
- title?: string | undefined;
177
177
  persistentId?: string | undefined;
178
178
  protocolVersion?: string | undefined;
179
179
  capabilities?: Record<string, unknown> | undefined;
@@ -204,65 +204,65 @@ export declare const SessionContextSchema: z.ZodObject<{
204
204
  name?: string | undefined;
205
205
  }>>;
206
206
  }, "strip", z.ZodTypeAny, {
207
+ createdAt: number;
207
208
  nonce: string;
208
209
  audience: string;
209
- sessionId: string;
210
- createdAt: number;
211
210
  timestamp: number;
211
+ sessionId: string;
212
212
  lastActivity: number;
213
213
  ttlMinutes: number;
214
- identityState: "anonymous" | "authenticated";
215
- clientDid?: string | undefined;
216
- userDid?: string | undefined;
214
+ identityState: "authenticated" | "anonymous";
217
215
  agentDid?: string | undefined;
218
- oauthIdentity?: {
219
- provider: string;
220
- subject: string;
221
- email?: string | undefined;
222
- name?: string | undefined;
223
- } | undefined;
224
216
  clientInfo?: {
225
- name: string;
226
217
  clientId: string;
218
+ name: string;
227
219
  version?: string | undefined;
220
+ title?: string | undefined;
228
221
  platform?: string | undefined;
229
222
  vendor?: string | undefined;
230
- title?: string | undefined;
231
223
  persistentId?: string | undefined;
232
224
  protocolVersion?: string | undefined;
233
225
  capabilities?: Record<string, unknown> | undefined;
234
226
  } | undefined;
235
227
  serverDid?: string | undefined;
236
- }, {
237
- nonce: string;
238
- audience: string;
239
- sessionId: string;
240
- createdAt: number;
241
- timestamp: number;
242
- lastActivity: number;
243
228
  clientDid?: string | undefined;
244
229
  userDid?: string | undefined;
245
- agentDid?: string | undefined;
246
230
  oauthIdentity?: {
247
231
  provider: string;
248
232
  subject: string;
249
233
  email?: string | undefined;
250
234
  name?: string | undefined;
251
235
  } | undefined;
236
+ }, {
237
+ createdAt: number;
238
+ nonce: string;
239
+ audience: string;
240
+ timestamp: number;
241
+ sessionId: string;
242
+ lastActivity: number;
243
+ agentDid?: string | undefined;
252
244
  clientInfo?: {
253
- name: string;
254
245
  clientId: string;
246
+ name: string;
255
247
  version?: string | undefined;
248
+ title?: string | undefined;
256
249
  platform?: string | undefined;
257
250
  vendor?: string | undefined;
258
- title?: string | undefined;
259
251
  persistentId?: string | undefined;
260
252
  protocolVersion?: string | undefined;
261
253
  capabilities?: Record<string, unknown> | undefined;
262
254
  } | undefined;
263
255
  ttlMinutes?: number | undefined;
264
256
  serverDid?: string | undefined;
265
- identityState?: "anonymous" | "authenticated" | undefined;
257
+ clientDid?: string | undefined;
258
+ userDid?: string | undefined;
259
+ identityState?: "authenticated" | "anonymous" | undefined;
260
+ oauthIdentity?: {
261
+ provider: string;
262
+ subject: string;
263
+ email?: string | undefined;
264
+ name?: string | undefined;
265
+ } | undefined;
266
266
  }>;
267
267
  export declare const NonceCacheEntrySchema: z.ZodObject<{
268
268
  sessionId: z.ZodString;
package/dist/tool-protection/index.d.ts CHANGED
@@ -16,9 +16,17 @@ import { z } from 'zod';
16
16
  * The VC output is always a DelegationCredential created on consent confirmation.
17
17
  */
18
18
  export type AuthorizationRequirement = {
19
+ /**
20
+ * @deprecated Use 'oauth2' instead. Will be removed in v2.0.0.
21
+ */
19
22
  type: 'oauth';
20
23
  provider: string;
21
24
  requiredScopes?: string[];
25
+ } | {
26
+ /** OAuth 2.0 provider authentication (canonical) */
27
+ type: 'oauth2';
28
+ provider: string;
29
+ requiredScopes?: string[];
22
30
  } | {
23
31
  type: 'password';
24
32
  provider: string;
@@ -48,7 +56,10 @@ export type AuthorizationRequirement = {
48
56
  };
49
57
  /** Canonical authorization type values for type safety */
50
58
  export declare const AUTHORIZATION_TYPES: {
59
+ /** @deprecated Use OAUTH2 instead. Will be removed in v2.0.0. */
51
60
  readonly OAUTH: "oauth";
61
+ /** OAuth 2.0 provider authentication (canonical) */
62
+ readonly OAUTH2: "oauth2";
52
63
  readonly PASSWORD: "password";
53
64
  readonly MDL: "mdl";
54
65
  readonly IDV: "idv";
@@ -199,6 +210,18 @@ export declare const AuthorizationRequirementSchema: z.ZodDiscriminatedUnion<"ty
199
210
  type: "oauth";
200
211
  provider: string;
201
212
  requiredScopes?: string[] | undefined;
213
+ }>, z.ZodObject<{
214
+ type: z.ZodLiteral<"oauth2">;
215
+ provider: z.ZodString;
216
+ requiredScopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
217
+ }, "strip", z.ZodTypeAny, {
218
+ type: "oauth2";
219
+ provider: string;
220
+ requiredScopes?: string[] | undefined;
221
+ }, {
222
+ type: "oauth2";
223
+ provider: string;
224
+ requiredScopes?: string[] | undefined;
202
225
  }>, z.ZodObject<{
203
226
  type: z.ZodLiteral<"password">;
204
227
  provider: z.ZodString;
@@ -280,6 +303,18 @@ export declare const ToolProtectionSchema: z.ZodObject<{
280
303
  type: "oauth";
281
304
  provider: string;
282
305
  requiredScopes?: string[] | undefined;
306
+ }>, z.ZodObject<{
307
+ type: z.ZodLiteral<"oauth2">;
308
+ provider: z.ZodString;
309
+ requiredScopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
310
+ }, "strip", z.ZodTypeAny, {
311
+ type: "oauth2";
312
+ provider: string;
313
+ requiredScopes?: string[] | undefined;
314
+ }, {
315
+ type: "oauth2";
316
+ provider: string;
317
+ requiredScopes?: string[] | undefined;
283
318
  }>, z.ZodObject<{
284
319
  type: z.ZodLiteral<"password">;
285
320
  provider: z.ZodString;
@@ -351,6 +386,10 @@ export declare const ToolProtectionSchema: z.ZodObject<{
351
386
  type: "oauth";
352
387
  provider: string;
353
388
  requiredScopes?: string[] | undefined;
389
+ } | {
390
+ type: "oauth2";
391
+ provider: string;
392
+ requiredScopes?: string[] | undefined;
354
393
  } | {
355
394
  type: "password";
356
395
  provider: string;
@@ -382,6 +421,10 @@ export declare const ToolProtectionSchema: z.ZodObject<{
382
421
  type: "oauth";
383
422
  provider: string;
384
423
  requiredScopes?: string[] | undefined;
424
+ } | {
425
+ type: "oauth2";
426
+ provider: string;
427
+ requiredScopes?: string[] | undefined;
385
428
  } | {
386
429
  type: "password";
387
430
  provider: string;
@@ -424,6 +467,18 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
424
467
  type: "oauth";
425
468
  provider: string;
426
469
  requiredScopes?: string[] | undefined;
470
+ }>, z.ZodObject<{
471
+ type: z.ZodLiteral<"oauth2">;
472
+ provider: z.ZodString;
473
+ requiredScopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
474
+ }, "strip", z.ZodTypeAny, {
475
+ type: "oauth2";
476
+ provider: string;
477
+ requiredScopes?: string[] | undefined;
478
+ }, {
479
+ type: "oauth2";
480
+ provider: string;
481
+ requiredScopes?: string[] | undefined;
427
482
  }>, z.ZodObject<{
428
483
  type: z.ZodLiteral<"password">;
429
484
  provider: z.ZodString;
@@ -495,6 +550,10 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
495
550
  type: "oauth";
496
551
  provider: string;
497
552
  requiredScopes?: string[] | undefined;
553
+ } | {
554
+ type: "oauth2";
555
+ provider: string;
556
+ requiredScopes?: string[] | undefined;
498
557
  } | {
499
558
  type: "password";
500
559
  provider: string;
@@ -526,6 +585,10 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
526
585
  type: "oauth";
527
586
  provider: string;
528
587
  requiredScopes?: string[] | undefined;
588
+ } | {
589
+ type: "oauth2";
590
+ provider: string;
591
+ requiredScopes?: string[] | undefined;
529
592
  } | {
530
593
  type: "password";
531
594
  provider: string;
@@ -569,6 +632,18 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
569
632
  type: "oauth";
570
633
  provider: string;
571
634
  requiredScopes?: string[] | undefined;
635
+ }>, z.ZodObject<{
636
+ type: z.ZodLiteral<"oauth2">;
637
+ provider: z.ZodString;
638
+ requiredScopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
639
+ }, "strip", z.ZodTypeAny, {
640
+ type: "oauth2";
641
+ provider: string;
642
+ requiredScopes?: string[] | undefined;
643
+ }, {
644
+ type: "oauth2";
645
+ provider: string;
646
+ requiredScopes?: string[] | undefined;
572
647
  }>, z.ZodObject<{
573
648
  type: z.ZodLiteral<"password">;
574
649
  provider: z.ZodString;
@@ -640,6 +715,10 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
640
715
  type: "oauth";
641
716
  provider: string;
642
717
  requiredScopes?: string[] | undefined;
718
+ } | {
719
+ type: "oauth2";
720
+ provider: string;
721
+ requiredScopes?: string[] | undefined;
643
722
  } | {
644
723
  type: "password";
645
724
  provider: string;
@@ -671,6 +750,10 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
671
750
  type: "oauth";
672
751
  provider: string;
673
752
  requiredScopes?: string[] | undefined;
753
+ } | {
754
+ type: "oauth2";
755
+ provider: string;
756
+ requiredScopes?: string[] | undefined;
674
757
  } | {
675
758
  type: "password";
676
759
  provider: string;
@@ -717,6 +800,10 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
717
800
  type: "oauth";
718
801
  provider: string;
719
802
  requiredScopes?: string[] | undefined;
803
+ } | {
804
+ type: "oauth2";
805
+ provider: string;
806
+ requiredScopes?: string[] | undefined;
720
807
  } | {
721
808
  type: "password";
722
809
  provider: string;
@@ -755,6 +842,10 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
755
842
  type: "oauth";
756
843
  provider: string;
757
844
  requiredScopes?: string[] | undefined;
845
+ } | {
846
+ type: "oauth2";
847
+ provider: string;
848
+ requiredScopes?: string[] | undefined;
758
849
  } | {
759
850
  type: "password";
760
851
  provider: string;
@@ -818,10 +909,11 @@ export declare function isDelegationRequiredErrorData(obj: any): obj is Delegati
818
909
  export declare function isAuthorizationRequirement(obj: unknown): obj is AuthorizationRequirement;
819
910
  /**
820
911
  * Type guard to check if a ToolProtection has OAuth authorization
912
+ * Checks for both 'oauth' (deprecated) and 'oauth2' (canonical)
821
913
  */
822
914
  export declare function hasOAuthAuthorization(protection: ToolProtection): protection is ToolProtection & {
823
915
  authorization: {
824
- type: 'oauth';
916
+ type: 'oauth' | 'oauth2';
825
917
  };
826
918
  };
827
919
  /**
@@ -921,21 +1013,24 @@ export declare function getAuthorizationTypeKey(auth: AuthorizationRequirement):
921
1013
  /**
922
1014
  * Normalize authorization requirement type
923
1015
  *
924
- * Normalizes deprecated 'credential' type to 'verifiable_credential' and emits
925
- * deprecation warnings. This function should be called at runtime boundaries
926
- * when processing authorization requirements.
1016
+ * Normalizes deprecated types to their canonical equivalents:
1017
+ * - 'oauth' 'oauth2'
1018
+ * - 'credential' 'verifiable_credential'
1019
+ *
1020
+ * This function should be called at runtime boundaries when processing
1021
+ * authorization requirements.
927
1022
  *
928
- * @param auth - Authorization requirement (may contain deprecated 'credential' type)
1023
+ * @param auth - Authorization requirement (may contain deprecated types)
929
1024
  * @param options - Normalization options
930
1025
  * @returns Normalized authorization requirement
931
1026
  *
932
1027
  * @example
933
1028
  * ```typescript
934
1029
  * const normalized = normalizeAuthorizationType(
935
- * { type: 'credential', credentialType: 'delegation' },
1030
+ * { type: 'oauth', provider: 'github' },
936
1031
  * { warn: true }
937
1032
  * );
938
- * // Returns: { type: 'verifiable_credential', credentialType: 'delegation' }
1033
+ * // Returns: { type: 'oauth2', provider: 'github' }
939
1034
  * // Logs: DEPRECATION warning
940
1035
  * ```
941
1036
  */
package/dist/tool-protection/index.js CHANGED
@@ -35,7 +35,10 @@ exports.normalizeAuthorizationType = normalizeAuthorizationType;
35
35
  const zod_1 = require("zod");
36
36
  /** Canonical authorization type values for type safety */
37
37
  exports.AUTHORIZATION_TYPES = {
38
+ /** @deprecated Use OAUTH2 instead. Will be removed in v2.0.0. */
38
39
  OAUTH: 'oauth',
40
+ /** OAuth 2.0 provider authentication (canonical) */
41
+ OAUTH2: 'oauth2',
39
42
  PASSWORD: 'password',
40
43
  MDL: 'mdl',
41
44
  IDV: 'idv',
@@ -46,11 +49,19 @@ exports.AUTHORIZATION_TYPES = {
46
49
  * Zod Schemas for Validation
47
50
  */
48
51
  exports.AuthorizationRequirementSchema = zod_1.z.discriminatedUnion('type', [
52
+ // Deprecated: 'oauth' is an alias for 'oauth2'
53
+ // Will be removed in v2.0.0. Use 'oauth2' instead.
49
54
  zod_1.z.object({
50
55
  type: zod_1.z.literal('oauth'),
51
56
  provider: zod_1.z.string(),
52
57
  requiredScopes: zod_1.z.array(zod_1.z.string()).optional(),
53
58
  }),
59
+ // OAuth 2.0 provider authentication (canonical)
60
+ zod_1.z.object({
61
+ type: zod_1.z.literal('oauth2'),
62
+ provider: zod_1.z.string(),
63
+ requiredScopes: zod_1.z.array(zod_1.z.string()).optional(),
64
+ }),
54
65
  zod_1.z.object({
55
66
  type: zod_1.z.literal('password'),
56
67
  provider: zod_1.z.string(),
@@ -127,9 +138,10 @@ function isAuthorizationRequirement(obj) {
127
138
  }
128
139
  /**
129
140
  * Type guard to check if a ToolProtection has OAuth authorization
141
+ * Checks for both 'oauth' (deprecated) and 'oauth2' (canonical)
130
142
  */
131
143
  function hasOAuthAuthorization(protection) {
132
- return protection.authorization?.type === 'oauth';
144
+ return protection.authorization?.type === 'oauth' || protection.authorization?.type === 'oauth2';
133
145
  }
134
146
  /**
135
147
  * Type guard to check if a ToolProtection has password authorization
@@ -290,6 +302,7 @@ function determineConsentProviderType(hasOAuthIdentity, isPasswordFlow = false,
290
302
  function getAuthorizationTypeLabel(auth) {
291
303
  switch (auth.type) {
292
304
  case 'oauth':
305
+ case 'oauth2':
293
306
  return auth.provider
294
307
  ? auth.provider.charAt(0).toUpperCase() + auth.provider.slice(1)
295
308
  : 'OAuth Provider';
@@ -318,7 +331,8 @@ function getAuthorizationTypeLabel(auth) {
318
331
  function getAuthorizationTypeKey(auth) {
319
332
  switch (auth.type) {
320
333
  case 'oauth':
321
- return `oauth:${auth.provider}`;
334
+ case 'oauth2':
335
+ return `oauth2:${auth.provider}`;
322
336
  case 'password':
323
337
  return `password:${auth.provider}`;
324
338
  case 'mdl':
@@ -341,26 +355,45 @@ function getAuthorizationTypeKey(auth) {
341
355
  /**
342
356
  * Normalize authorization requirement type
343
357
  *
344
- * Normalizes deprecated 'credential' type to 'verifiable_credential' and emits
345
- * deprecation warnings. This function should be called at runtime boundaries
346
- * when processing authorization requirements.
358
+ * Normalizes deprecated types to their canonical equivalents:
359
+ * - 'oauth' 'oauth2'
360
+ * - 'credential' 'verifiable_credential'
361
+ *
362
+ * This function should be called at runtime boundaries when processing
363
+ * authorization requirements.
347
364
  *
348
- * @param auth - Authorization requirement (may contain deprecated 'credential' type)
365
+ * @param auth - Authorization requirement (may contain deprecated types)
349
366
  * @param options - Normalization options
350
367
  * @returns Normalized authorization requirement
351
368
  *
352
369
  * @example
353
370
  * ```typescript
354
371
  * const normalized = normalizeAuthorizationType(
355
- * { type: 'credential', credentialType: 'delegation' },
372
+ * { type: 'oauth', provider: 'github' },
356
373
  * { warn: true }
357
374
  * );
358
- * // Returns: { type: 'verifiable_credential', credentialType: 'delegation' }
375
+ * // Returns: { type: 'oauth2', provider: 'github' }
359
376
  * // Logs: DEPRECATION warning
360
377
  * ```
361
378
  */
362
379
  function normalizeAuthorizationType(auth, options = {}) {
363
380
  const { warn = true, logger = console.warn } = options;
381
+ // Normalize 'oauth' to 'oauth2'
382
+ if (auth.type === 'oauth') {
383
+ if (warn) {
384
+ logger(`DEPRECATION: Authorization type 'oauth' is deprecated and will be removed in v2.0.0. ` +
385
+ `Please update to 'oauth2'. ` +
386
+ `See https://github.com/modelcontextprotocol-identity/xmcp-i/blob/main/docs/migrations/oauth-to-oauth2.md`);
387
+ }
388
+ // Normalize to oauth2
389
+ const normalized = {
390
+ type: 'oauth2',
391
+ provider: auth.provider,
392
+ ...(auth.requiredScopes !== undefined && { requiredScopes: auth.requiredScopes }),
393
+ };
394
+ return normalized;
395
+ }
396
+ // Normalize 'credential' to 'verifiable_credential'
364
397
  if (auth.type === 'credential') {
365
398
  if (warn) {
366
399
  logger(`DEPRECATION: Authorization type 'credential' is deprecated and will be removed in v2.0.0. ` +
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@kya-os/contracts",
3
- "version": "1.7.12",
3
+ "version": "1.7.14",
4
4
  "description": "Shared contracts, types, and schemas for MCP-I framework",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",