@kya-os/contracts 1.7.15 → 1.7.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/agentshield-api/schemas.d.ts +279 -195
  2. package/dist/agentshield-api/schemas.js +8 -1
  3. package/dist/agentshield-api/types.d.ts +5 -1
  4. package/dist/audit/index.d.ts +21 -21
  5. package/dist/dashboard-config/schemas.d.ts +3355 -2307
  6. package/dist/delegation/schemas.d.ts +1090 -245
  7. package/dist/delegation/schemas.js +114 -4
  8. package/dist/handshake.d.ts +30 -30
  9. package/dist/handshake.js +11 -2
  10. package/dist/tool-protection/index.d.ts +204 -30
  11. package/dist/tool-protection/index.js +24 -0
  12. package/package.json +2 -2
package/dist/tool-protection/index.d.ts CHANGED
@@ -51,6 +51,16 @@ export type AuthorizationRequirement = {
51
51
  type: 'credential';
52
52
  credentialType: string;
53
53
  issuer?: string;
54
+ } | {
55
+ /** WebAuthn/Passkey authentication */
56
+ type: 'webauthn';
57
+ rpId?: string;
58
+ userVerification?: 'required' | 'preferred' | 'discouraged';
59
+ } | {
60
+ /** Sign-In with Ethereum (EIP-4361) */
61
+ type: 'siwe';
62
+ chainId?: number;
63
+ domain?: string;
54
64
  } | {
55
65
  type: 'none';
56
66
  };
@@ -64,6 +74,10 @@ export declare const AUTHORIZATION_TYPES: {
64
74
  readonly MDL: "mdl";
65
75
  readonly IDV: "idv";
66
76
  readonly VERIFIABLE_CREDENTIAL: "verifiable_credential";
77
+ /** WebAuthn/Passkey authentication */
78
+ readonly WEBAUTHN: "webauthn";
79
+ /** Sign-In with Ethereum (EIP-4361) */
80
+ readonly SIWE: "siwe";
67
81
  readonly NONE: "none";
68
82
  };
69
83
  export type AuthorizationType = (typeof AUTHORIZATION_TYPES)[keyof typeof AUTHORIZATION_TYPES];
@@ -279,6 +293,30 @@ export declare const AuthorizationRequirementSchema: z.ZodDiscriminatedUnion<"ty
279
293
  type: "credential";
280
294
  credentialType: string;
281
295
  issuer?: string | undefined;
296
+ }>, z.ZodObject<{
297
+ type: z.ZodLiteral<"webauthn">;
298
+ rpId: z.ZodOptional<z.ZodString>;
299
+ userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
300
+ }, "strip", z.ZodTypeAny, {
301
+ type: "webauthn";
302
+ rpId?: string | undefined;
303
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
304
+ }, {
305
+ type: "webauthn";
306
+ rpId?: string | undefined;
307
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
308
+ }>, z.ZodObject<{
309
+ type: z.ZodLiteral<"siwe">;
310
+ chainId: z.ZodOptional<z.ZodNumber>;
311
+ domain: z.ZodOptional<z.ZodString>;
312
+ }, "strip", z.ZodTypeAny, {
313
+ type: "siwe";
314
+ chainId?: number | undefined;
315
+ domain?: string | undefined;
316
+ }, {
317
+ type: "siwe";
318
+ chainId?: number | undefined;
319
+ domain?: string | undefined;
282
320
  }>, z.ZodObject<{
283
321
  type: z.ZodLiteral<"none">;
284
322
  }, "strip", z.ZodTypeAny, {
@@ -372,6 +410,30 @@ export declare const ToolProtectionSchema: z.ZodObject<{
372
410
  type: "credential";
373
411
  credentialType: string;
374
412
  issuer?: string | undefined;
413
+ }>, z.ZodObject<{
414
+ type: z.ZodLiteral<"webauthn">;
415
+ rpId: z.ZodOptional<z.ZodString>;
416
+ userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
417
+ }, "strip", z.ZodTypeAny, {
418
+ type: "webauthn";
419
+ rpId?: string | undefined;
420
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
421
+ }, {
422
+ type: "webauthn";
423
+ rpId?: string | undefined;
424
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
425
+ }>, z.ZodObject<{
426
+ type: z.ZodLiteral<"siwe">;
427
+ chainId: z.ZodOptional<z.ZodNumber>;
428
+ domain: z.ZodOptional<z.ZodString>;
429
+ }, "strip", z.ZodTypeAny, {
430
+ type: "siwe";
431
+ chainId?: number | undefined;
432
+ domain?: string | undefined;
433
+ }, {
434
+ type: "siwe";
435
+ chainId?: number | undefined;
436
+ domain?: string | undefined;
375
437
  }>, z.ZodObject<{
376
438
  type: z.ZodLiteral<"none">;
377
439
  }, "strip", z.ZodTypeAny, {
@@ -380,10 +442,8 @@ export declare const ToolProtectionSchema: z.ZodObject<{
380
442
  type: "none";
381
443
  }>]>>;
382
444
  }, "strip", z.ZodTypeAny, {
383
- requiredScopes: string[];
384
445
  requiresDelegation: boolean;
385
- riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
386
- oauthProvider?: string | undefined;
446
+ requiredScopes: string[];
387
447
  authorization?: {
388
448
  type: "oauth";
389
449
  provider: string;
@@ -411,14 +471,22 @@ export declare const ToolProtectionSchema: z.ZodObject<{
411
471
  type: "credential";
412
472
  credentialType: string;
413
473
  issuer?: string | undefined;
474
+ } | {
475
+ type: "webauthn";
476
+ rpId?: string | undefined;
477
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
478
+ } | {
479
+ type: "siwe";
480
+ chainId?: number | undefined;
481
+ domain?: string | undefined;
414
482
  } | {
415
483
  type: "none";
416
484
  } | undefined;
417
- }, {
418
- requiredScopes: string[];
419
- requiresDelegation: boolean;
420
485
  riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
421
486
  oauthProvider?: string | undefined;
487
+ }, {
488
+ requiresDelegation: boolean;
489
+ requiredScopes: string[];
422
490
  authorization?: {
423
491
  type: "oauth";
424
492
  provider: string;
@@ -446,9 +514,19 @@ export declare const ToolProtectionSchema: z.ZodObject<{
446
514
  type: "credential";
447
515
  credentialType: string;
448
516
  issuer?: string | undefined;
517
+ } | {
518
+ type: "webauthn";
519
+ rpId?: string | undefined;
520
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
521
+ } | {
522
+ type: "siwe";
523
+ chainId?: number | undefined;
524
+ domain?: string | undefined;
449
525
  } | {
450
526
  type: "none";
451
527
  } | undefined;
528
+ riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
529
+ oauthProvider?: string | undefined;
452
530
  }>;
453
531
  export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
454
532
  requiresDelegation: z.ZodBoolean;
@@ -536,6 +614,30 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
536
614
  type: "credential";
537
615
  credentialType: string;
538
616
  issuer?: string | undefined;
617
+ }>, z.ZodObject<{
618
+ type: z.ZodLiteral<"webauthn">;
619
+ rpId: z.ZodOptional<z.ZodString>;
620
+ userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
621
+ }, "strip", z.ZodTypeAny, {
622
+ type: "webauthn";
623
+ rpId?: string | undefined;
624
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
625
+ }, {
626
+ type: "webauthn";
627
+ rpId?: string | undefined;
628
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
629
+ }>, z.ZodObject<{
630
+ type: z.ZodLiteral<"siwe">;
631
+ chainId: z.ZodOptional<z.ZodNumber>;
632
+ domain: z.ZodOptional<z.ZodString>;
633
+ }, "strip", z.ZodTypeAny, {
634
+ type: "siwe";
635
+ chainId?: number | undefined;
636
+ domain?: string | undefined;
637
+ }, {
638
+ type: "siwe";
639
+ chainId?: number | undefined;
640
+ domain?: string | undefined;
539
641
  }>, z.ZodObject<{
540
642
  type: z.ZodLiteral<"none">;
541
643
  }, "strip", z.ZodTypeAny, {
@@ -544,10 +646,8 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
544
646
  type: "none";
545
647
  }>]>>;
546
648
  }, "strip", z.ZodTypeAny, {
547
- requiredScopes: string[];
548
649
  requiresDelegation: boolean;
549
- riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
550
- oauthProvider?: string | undefined;
650
+ requiredScopes: string[];
551
651
  authorization?: {
552
652
  type: "oauth";
553
653
  provider: string;
@@ -575,14 +675,22 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
575
675
  type: "credential";
576
676
  credentialType: string;
577
677
  issuer?: string | undefined;
678
+ } | {
679
+ type: "webauthn";
680
+ rpId?: string | undefined;
681
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
682
+ } | {
683
+ type: "siwe";
684
+ chainId?: number | undefined;
685
+ domain?: string | undefined;
578
686
  } | {
579
687
  type: "none";
580
688
  } | undefined;
581
- }, {
582
- requiredScopes: string[];
583
- requiresDelegation: boolean;
584
689
  riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
585
690
  oauthProvider?: string | undefined;
691
+ }, {
692
+ requiresDelegation: boolean;
693
+ requiredScopes: string[];
586
694
  authorization?: {
587
695
  type: "oauth";
588
696
  provider: string;
@@ -610,9 +718,19 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
610
718
  type: "credential";
611
719
  credentialType: string;
612
720
  issuer?: string | undefined;
721
+ } | {
722
+ type: "webauthn";
723
+ rpId?: string | undefined;
724
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
725
+ } | {
726
+ type: "siwe";
727
+ chainId?: number | undefined;
728
+ domain?: string | undefined;
613
729
  } | {
614
730
  type: "none";
615
731
  } | undefined;
732
+ riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
733
+ oauthProvider?: string | undefined;
616
734
  }>>;
617
735
  export declare const ToolProtectionResponseSchema: z.ZodObject<{
618
736
  toolProtections: z.ZodRecord<z.ZodString, z.ZodObject<{
@@ -701,6 +819,30 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
701
819
  type: "credential";
702
820
  credentialType: string;
703
821
  issuer?: string | undefined;
822
+ }>, z.ZodObject<{
823
+ type: z.ZodLiteral<"webauthn">;
824
+ rpId: z.ZodOptional<z.ZodString>;
825
+ userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
826
+ }, "strip", z.ZodTypeAny, {
827
+ type: "webauthn";
828
+ rpId?: string | undefined;
829
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
830
+ }, {
831
+ type: "webauthn";
832
+ rpId?: string | undefined;
833
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
834
+ }>, z.ZodObject<{
835
+ type: z.ZodLiteral<"siwe">;
836
+ chainId: z.ZodOptional<z.ZodNumber>;
837
+ domain: z.ZodOptional<z.ZodString>;
838
+ }, "strip", z.ZodTypeAny, {
839
+ type: "siwe";
840
+ chainId?: number | undefined;
841
+ domain?: string | undefined;
842
+ }, {
843
+ type: "siwe";
844
+ chainId?: number | undefined;
845
+ domain?: string | undefined;
704
846
  }>, z.ZodObject<{
705
847
  type: z.ZodLiteral<"none">;
706
848
  }, "strip", z.ZodTypeAny, {
@@ -709,10 +851,8 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
709
851
  type: "none";
710
852
  }>]>>;
711
853
  }, "strip", z.ZodTypeAny, {
712
- requiredScopes: string[];
713
854
  requiresDelegation: boolean;
714
- riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
715
- oauthProvider?: string | undefined;
855
+ requiredScopes: string[];
716
856
  authorization?: {
717
857
  type: "oauth";
718
858
  provider: string;
@@ -740,14 +880,22 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
740
880
  type: "credential";
741
881
  credentialType: string;
742
882
  issuer?: string | undefined;
883
+ } | {
884
+ type: "webauthn";
885
+ rpId?: string | undefined;
886
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
887
+ } | {
888
+ type: "siwe";
889
+ chainId?: number | undefined;
890
+ domain?: string | undefined;
743
891
  } | {
744
892
  type: "none";
745
893
  } | undefined;
746
- }, {
747
- requiredScopes: string[];
748
- requiresDelegation: boolean;
749
894
  riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
750
895
  oauthProvider?: string | undefined;
896
+ }, {
897
+ requiresDelegation: boolean;
898
+ requiredScopes: string[];
751
899
  authorization?: {
752
900
  type: "oauth";
753
901
  provider: string;
@@ -775,29 +923,37 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
775
923
  type: "credential";
776
924
  credentialType: string;
777
925
  issuer?: string | undefined;
926
+ } | {
927
+ type: "webauthn";
928
+ rpId?: string | undefined;
929
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
930
+ } | {
931
+ type: "siwe";
932
+ chainId?: number | undefined;
933
+ domain?: string | undefined;
778
934
  } | {
779
935
  type: "none";
780
936
  } | undefined;
937
+ riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
938
+ oauthProvider?: string | undefined;
781
939
  }>>;
782
940
  metadata: z.ZodOptional<z.ZodObject<{
783
941
  lastUpdated: z.ZodOptional<z.ZodString>;
784
942
  version: z.ZodOptional<z.ZodString>;
785
943
  source: z.ZodOptional<z.ZodString>;
786
944
  }, "strip", z.ZodTypeAny, {
787
- lastUpdated?: string | undefined;
788
945
  version?: string | undefined;
946
+ lastUpdated?: string | undefined;
789
947
  source?: string | undefined;
790
948
  }, {
791
- lastUpdated?: string | undefined;
792
949
  version?: string | undefined;
950
+ lastUpdated?: string | undefined;
793
951
  source?: string | undefined;
794
952
  }>>;
795
953
  }, "strip", z.ZodTypeAny, {
796
954
  toolProtections: Record<string, {
797
- requiredScopes: string[];
798
955
  requiresDelegation: boolean;
799
- riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
800
- oauthProvider?: string | undefined;
956
+ requiredScopes: string[];
801
957
  authorization?: {
802
958
  type: "oauth";
803
959
  provider: string;
@@ -825,21 +981,29 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
825
981
  type: "credential";
826
982
  credentialType: string;
827
983
  issuer?: string | undefined;
984
+ } | {
985
+ type: "webauthn";
986
+ rpId?: string | undefined;
987
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
988
+ } | {
989
+ type: "siwe";
990
+ chainId?: number | undefined;
991
+ domain?: string | undefined;
828
992
  } | {
829
993
  type: "none";
830
994
  } | undefined;
995
+ riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
996
+ oauthProvider?: string | undefined;
831
997
  }>;
832
998
  metadata?: {
833
- lastUpdated?: string | undefined;
834
999
  version?: string | undefined;
1000
+ lastUpdated?: string | undefined;
835
1001
  source?: string | undefined;
836
1002
  } | undefined;
837
1003
  }, {
838
1004
  toolProtections: Record<string, {
839
- requiredScopes: string[];
840
1005
  requiresDelegation: boolean;
841
- riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
842
- oauthProvider?: string | undefined;
1006
+ requiredScopes: string[];
843
1007
  authorization?: {
844
1008
  type: "oauth";
845
1009
  provider: string;
@@ -867,13 +1031,23 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
867
1031
  type: "credential";
868
1032
  credentialType: string;
869
1033
  issuer?: string | undefined;
1034
+ } | {
1035
+ type: "webauthn";
1036
+ rpId?: string | undefined;
1037
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
1038
+ } | {
1039
+ type: "siwe";
1040
+ chainId?: number | undefined;
1041
+ domain?: string | undefined;
870
1042
  } | {
871
1043
  type: "none";
872
1044
  } | undefined;
1045
+ riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
1046
+ oauthProvider?: string | undefined;
873
1047
  }>;
874
1048
  metadata?: {
875
- lastUpdated?: string | undefined;
876
1049
  version?: string | undefined;
1050
+ lastUpdated?: string | undefined;
877
1051
  source?: string | undefined;
878
1052
  } | undefined;
879
1053
  }>;
@@ -886,15 +1060,15 @@ export declare const DelegationRequiredErrorDataSchema: z.ZodObject<{
886
1060
  }, "strip", z.ZodTypeAny, {
887
1061
  requiredScopes: string[];
888
1062
  toolName: string;
889
- consentUrl?: string | undefined;
890
1063
  authorizationUrl?: string | undefined;
891
1064
  reason?: string | undefined;
1065
+ consentUrl?: string | undefined;
892
1066
  }, {
893
1067
  requiredScopes: string[];
894
1068
  toolName: string;
895
- consentUrl?: string | undefined;
896
1069
  authorizationUrl?: string | undefined;
897
1070
  reason?: string | undefined;
1071
+ consentUrl?: string | undefined;
898
1072
  }>;
899
1073
  /**
900
1074
  * Type Guards
package/dist/tool-protection/index.js CHANGED
@@ -43,6 +43,10 @@ exports.AUTHORIZATION_TYPES = {
43
43
  MDL: 'mdl',
44
44
  IDV: 'idv',
45
45
  VERIFIABLE_CREDENTIAL: 'verifiable_credential',
46
+ /** WebAuthn/Passkey authentication */
47
+ WEBAUTHN: 'webauthn',
48
+ /** Sign-In with Ethereum (EIP-4361) */
49
+ SIWE: 'siwe',
46
50
  NONE: 'none',
47
51
  };
48
52
  /**
@@ -88,6 +92,18 @@ exports.AuthorizationRequirementSchema = zod_1.z.discriminatedUnion('type', [
88
92
  credentialType: zod_1.z.string(),
89
93
  issuer: zod_1.z.string().optional(),
90
94
  }),
95
+ // WebAuthn/Passkey authentication
96
+ zod_1.z.object({
97
+ type: zod_1.z.literal('webauthn'),
98
+ rpId: zod_1.z.string().optional(),
99
+ userVerification: zod_1.z.enum(['required', 'preferred', 'discouraged']).optional(),
100
+ }),
101
+ // Sign-In with Ethereum (EIP-4361)
102
+ zod_1.z.object({
103
+ type: zod_1.z.literal('siwe'),
104
+ chainId: zod_1.z.number().optional(),
105
+ domain: zod_1.z.string().optional(),
106
+ }),
91
107
  zod_1.z.object({
92
108
  type: zod_1.z.literal('none'),
93
109
  }),
@@ -317,6 +333,10 @@ function getAuthorizationTypeLabel(auth) {
317
333
  case 'credential':
318
334
  // Deprecated: treat as verifiable_credential
319
335
  return auth.credentialType || 'Verifiable Credential';
336
+ case 'webauthn':
337
+ return 'Passkey / WebAuthn';
338
+ case 'siwe':
339
+ return 'Sign-In with Ethereum';
320
340
  case 'none':
321
341
  return 'Consent Only';
322
342
  default:
@@ -346,6 +366,10 @@ function getAuthorizationTypeKey(auth) {
346
366
  case 'credential':
347
367
  // Deprecated: treat as verifiable_credential
348
368
  return `vc:${auth.issuer || 'any'}:${auth.credentialType}`;
369
+ case 'webauthn':
370
+ return `webauthn:${auth.rpId || 'default'}`;
371
+ case 'siwe':
372
+ return `siwe:${auth.chainId || 1}:${auth.domain || 'any'}`;
349
373
  case 'none':
350
374
  return 'none';
351
375
  default:
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@kya-os/contracts",
3
- "version": "1.7.15",
3
+ "version": "1.7.17",
4
4
  "description": "Shared contracts, types, and schemas for MCP-I framework",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -95,7 +95,7 @@
95
95
  },
96
96
  "sideEffects": false,
97
97
  "dependencies": {
98
- "@kya-os/consent": "^0.1.12",
98
+ "@kya-os/consent": "^0.1.13",
99
99
  "zod": "^3.25.76"
100
100
  },
101
101
  "devDependencies": {