npm - @kya-os/create-mcpi-app - Versions diffs - 1.7.17 → 1.7.20 - Mend

@kya-os/create-mcpi-app 1.7.17 → 1.7.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (98) hide show

package/.turbo/turbo-build.log +4 -0
package/.turbo/turbo-test$colon$coverage.log +315 -0
package/.turbo/turbo-test.log +95 -0
package/CHANGELOG.md +372 -0
package/IMPLEMENTATION_SUMMARY.md +108 -0
package/REMEDIATION_PLAN.md +99 -0
package/coverage/base.css +224 -0
package/coverage/block-navigation.js +87 -0
package/coverage/clover.xml +252 -0
package/coverage/config-builder.ts.html +580 -0
package/coverage/coverage-final.json +7 -0
package/coverage/favicon.png +0 -0
package/coverage/fetch-cloudflare-mcpi-template.ts.html +7006 -0
package/coverage/generate-config.ts.html +436 -0
package/coverage/generate-identity.ts.html +574 -0
package/coverage/index.html +191 -0
package/coverage/install.ts.html +322 -0
package/coverage/prettify.css +1 -0
package/coverage/prettify.js +2 -0
package/coverage/sort-arrow-sprite.png +0 -0
package/coverage/sorter.js +210 -0
package/coverage/validate-project-structure.ts.html +466 -0
package/dist/.tsbuildinfo +1 -1
package/dist/helpers/__tests__/config-builder.spec.d.ts +8 -0
package/dist/helpers/__tests__/config-builder.spec.d.ts.map +1 -0
package/dist/helpers/__tests__/config-builder.spec.js +182 -0
package/dist/helpers/__tests__/config-builder.spec.js.map +1 -0
package/dist/helpers/config-builder.d.ts +58 -0
package/dist/helpers/config-builder.d.ts.map +1 -0
package/dist/helpers/config-builder.js +102 -0
package/dist/helpers/config-builder.js.map +1 -0
package/dist/helpers/create.d.ts +1 -0
package/dist/helpers/create.d.ts.map +1 -1
package/dist/helpers/create.js +2 -1
package/dist/helpers/create.js.map +1 -1
package/dist/helpers/fetch-cloudflare-mcpi-template.d.ts +1 -0
package/dist/helpers/fetch-cloudflare-mcpi-template.d.ts.map +1 -1
package/dist/helpers/fetch-cloudflare-mcpi-template.js +209 -174
package/dist/helpers/fetch-cloudflare-mcpi-template.js.map +1 -1
package/dist/helpers/fetch-mcpi-template.d.ts.map +1 -1
package/dist/helpers/fetch-mcpi-template.js +18 -3
package/dist/helpers/fetch-mcpi-template.js.map +1 -1
package/dist/helpers/generate-config.d.ts.map +1 -1
package/dist/helpers/generate-config.js +27 -40
package/dist/helpers/generate-config.js.map +1 -1
package/dist/helpers/install.js +5 -0
package/dist/helpers/install.js.map +1 -1
package/dist/index.js +2 -0
package/dist/index.js.map +1 -1
package/package.json +18 -9
package/scripts/prepare-pack.js +47 -0
package/scripts/validate-no-workspace.js +79 -0
package/src/__tests__/cloudflare-template.test.ts +488 -0
package/src/__tests__/helpers/fetch-cloudflare-mcpi-template.test.ts +337 -0
package/src/__tests__/helpers/generate-config.test.ts +312 -0
package/src/__tests__/helpers/generate-identity.test.ts +271 -0
package/src/__tests__/helpers/install.test.ts +362 -0
package/src/__tests__/helpers/validate-project-structure.test.ts +467 -0
package/src/__tests__.bak/regression.test.ts +434 -0
package/src/effects/index.ts +80 -0
package/src/helpers/__tests__/config-builder.spec.ts +231 -0
package/src/helpers/apply-identity-preset.ts +209 -0
package/src/helpers/config-builder.ts +165 -0
package/src/helpers/copy-template.ts +11 -0
package/src/helpers/create.ts +239 -0
package/src/helpers/fetch-cloudflare-mcpi-template.ts +2311 -0
package/src/helpers/fetch-cloudflare-template.ts +361 -0
package/src/helpers/fetch-mcpi-template.ts +236 -0
package/src/helpers/fetch-xmcp-template.ts +153 -0
package/src/helpers/generate-config.ts +117 -0
package/src/helpers/generate-identity.ts +163 -0
package/src/helpers/identity-manager.ts +186 -0
package/src/helpers/install.ts +79 -0
package/src/helpers/rename.ts +17 -0
package/src/helpers/validate-project-structure.ts +127 -0
package/src/index.ts +480 -0
package/src/utils/check-node.ts +17 -0
package/src/utils/is-folder-empty.ts +60 -0
package/src/utils/validate-project-name.ts +132 -0
package/test-cloudflare/README.md +164 -0
package/test-cloudflare/package.json +28 -0
package/test-cloudflare/src/index.ts +340 -0
package/test-cloudflare/src/tools/greet.ts +19 -0
package/test-cloudflare/tests/cache-invalidation.test.ts +410 -0
package/test-cloudflare/tests/cors-security.test.ts +349 -0
package/test-cloudflare/tests/delegation.test.ts +335 -0
package/test-cloudflare/tests/do-routing.test.ts +314 -0
package/test-cloudflare/tests/integration.test.ts +205 -0
package/test-cloudflare/tests/session-management.test.ts +359 -0
package/test-cloudflare/tsconfig.json +22 -0
package/test-cloudflare/vitest.config.ts +9 -0
package/test-cloudflare/wrangler.toml +37 -0
package/test-node/README.md +44 -0
package/test-node/package.json +23 -0
package/test-node/src/tools/greet.ts +25 -0
package/test-node/xmcp.config.ts +20 -0
package/tsconfig.json +26 -0
package/vitest.config.ts +14 -0

package/test-cloudflare/tests/session-management.test.ts ADDED Viewed

@@ -0,0 +1,359 @@
+import { describe, test, expect, vi, beforeEach } from 'vitest';
+/**
+ * Session Management Tests
+ * Tests proper session tracking, TTL, and MCP session ID handling
+ */
+describe('Session Management', () => {
+  // Mock KV namespace for session storage
+  const mockSessionStorage = {
+    get: vi.fn(),
+    put: vi.fn(),
+    delete: vi.fn()
+  };
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+  describe('Session ID Reading', () => {
+    test('should read MCP session ID from Claude Desktop headers', () => {
+      const headers = new Headers({
+        'mcp-session-id': 'claude-desktop-session-123'
+      });
+      const sessionId = headers.get('mcp-session-id') ||
+                       headers.get('Mcp-Session-Id');
+      expect(sessionId).toBe('claude-desktop-session-123');
+    });
+    test('should handle both header casings', () => {
+      const headers1 = new Headers({
+        'mcp-session-id': 'session-lower'
+      });
+      const headers2 = new Headers({
+        'Mcp-Session-Id': 'session-pascal'
+      });
+      const id1 = headers1.get('mcp-session-id') || headers1.get('Mcp-Session-Id');
+      const id2 = headers2.get('mcp-session-id') || headers2.get('Mcp-Session-Id');
+      expect(id1).toBe('session-lower');
+      expect(id2).toBe('session-pascal');
+    });
+    test('should NOT create ephemeral session for every tool call', () => {
+      // Mock multiple tool calls with same session
+      const sessionId = 'persistent-session-456';
+      const timestamps: string[] = [];
+      for (let i = 0; i < 5; i++) {
+        // Simulate tool calls with same session
+        const headers = new Headers({
+          'mcp-session-id': sessionId
+        });
+        const retrievedId = headers.get('mcp-session-id') ||
+                           `ephemeral-${Date.now()}-${Math.random()}`;
+        timestamps.push(retrievedId);
+      }
+      // All should be the same session ID
+      expect(new Set(timestamps).size).toBe(1);
+      expect(timestamps[0]).toBe(sessionId);
+    });
+    test('should create ephemeral session only when header missing', () => {
+      const headers = new Headers({}); // No session ID
+      const sessionId = headers.get('mcp-session-id') ||
+                       headers.get('Mcp-Session-Id') ||
+                       `ephemeral-${Date.now()}-${Math.random().toString(36).substring(2, 10)}`;
+      expect(sessionId).toMatch(/^ephemeral-\d+-[a-z0-9]+$/);
+    });
+  });
+  describe('Session Storage', () => {
+    test('should store session with 30-minute TTL per MCP spec', async () => {
+      const sessionId = 'test-session-789';
+      const sessionData = {
+        id: sessionId,
+        audience: 'https://kya.vouched.id',
+        agentDid: 'did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK',
+        createdAt: Date.now(),
+        expiresAt: Date.now() + (30 * 60 * 1000) // 30 minutes
+      };
+      await mockSessionStorage.put(
+        `session:${sessionId}`,
+        JSON.stringify(sessionData),
+        { expirationTtl: 1800 } // 30 minutes in seconds
+      );
+      expect(mockSessionStorage.put).toHaveBeenCalledWith(
+        `session:${sessionId}`,
+        expect.any(String),
+        { expirationTtl: 1800 }
+      );
+    });
+    test('should validate session TTL on retrieval', async () => {
+      const sessionId = 'expired-session';
+      const expiredSession = {
+        id: sessionId,
+        expiresAt: Date.now() - 1000 // Expired 1 second ago
+      };
+      mockSessionStorage.get.mockResolvedValueOnce(JSON.stringify(expiredSession));
+      const data = await mockSessionStorage.get(`session:${sessionId}`);
+      const session = JSON.parse(data);
+      // Should detect expiration
+      const isExpired = session.expiresAt < Date.now();
+      expect(isExpired).toBe(true);
+      // Should delete expired session
+      if (isExpired) {
+        await mockSessionStorage.delete(`session:${sessionId}`);
+        expect(mockSessionStorage.delete).toHaveBeenCalled();
+      }
+    });
+    test('should include delegation token in session when available', async () => {
+      const sessionId = 'session-with-delegation';
+      const delegationToken = 'jwt-delegation-token-xyz';
+      const sessionData = {
+        id: sessionId,
+        audience: 'https://kya.vouched.id',
+        agentDid: 'did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK',
+        createdAt: Date.now(),
+        expiresAt: Date.now() + (30 * 60 * 1000),
+        delegationToken // Include delegation token
+      };
+      await mockSessionStorage.put(
+        `session:${sessionId}`,
+        JSON.stringify(sessionData),
+        { expirationTtl: 1800 }
+      );
+      const stored = mockSessionStorage.put.mock.calls[0][1];
+      const parsedSession = JSON.parse(stored);
+      expect(parsedSession.delegationToken).toBe(delegationToken);
+    });
+  });
+  describe('Session Consistency', () => {
+    test('should maintain session across multiple tool calls', async () => {
+      const sessionId = 'consistent-session-abc';
+      const toolCalls = [
+        { tool: 'greet', timestamp: Date.now() },
+        { tool: 'search', timestamp: Date.now() + 1000 },
+        { tool: 'analyze', timestamp: Date.now() + 2000 }
+      ];
+      // All calls should use same session
+      for (const call of toolCalls) {
+        const headers = new Headers({
+          'mcp-session-id': sessionId
+        });
+        const retrievedId = headers.get('mcp-session-id');
+        expect(retrievedId).toBe(sessionId);
+      }
+    });
+    test('should handle session rotation gracefully', async () => {
+      const oldSessionId = 'old-session-123';
+      const newSessionId = 'new-session-456';
+      // Store data with old session
+      const oldSessionData = {
+        id: oldSessionId,
+        data: 'user-specific-data'
+      };
+      await mockSessionStorage.put(
+        `session:${oldSessionId}`,
+        JSON.stringify(oldSessionData)
+      );
+      // Rotate to new session
+      const newSessionData = {
+        id: newSessionId,
+        data: 'user-specific-data',
+        previousSession: oldSessionId
+      };
+      await mockSessionStorage.put(
+        `session:${newSessionId}`,
+        JSON.stringify(newSessionData)
+      );
+      // Verify rotation tracked
+      const newStored = mockSessionStorage.put.mock.calls[1][1];
+      const parsed = JSON.parse(newStored);
+      expect(parsed.previousSession).toBe(oldSessionId);
+    });
+    test('should isolate sessions between users', async () => {
+      const user1SessionId = 'user1-session';
+      const user2SessionId = 'user2-session';
+      const user1Data = {
+        id: user1SessionId,
+        userId: 'user-1',
+        delegationToken: 'user1-delegation'
+      };
+      const user2Data = {
+        id: user2SessionId,
+        userId: 'user-2',
+        delegationToken: 'user2-delegation'
+      };
+      await mockSessionStorage.put(
+        `session:${user1SessionId}`,
+        JSON.stringify(user1Data)
+      );
+      await mockSessionStorage.put(
+        `session:${user2SessionId}`,
+        JSON.stringify(user2Data)
+      );
+      // Sessions should be completely isolated
+      mockSessionStorage.get.mockResolvedValueOnce(JSON.stringify(user1Data));
+      const retrieved1 = await mockSessionStorage.get(`session:${user1SessionId}`);
+      const session1 = JSON.parse(retrieved1);
+      mockSessionStorage.get.mockResolvedValueOnce(JSON.stringify(user2Data));
+      const retrieved2 = await mockSessionStorage.get(`session:${user2SessionId}`);
+      const session2 = JSON.parse(retrieved2);
+      expect(session1.delegationToken).not.toBe(session2.delegationToken);
+      expect(session1.userId).not.toBe(session2.userId);
+    });
+  });
+  describe('Session Security', () => {
+    test('should not expose session data in logs', () => {
+      const consoleLogSpy = vi.spyOn(console, 'log');
+      const sessionId = 'secure-session';
+      const sensitiveData = {
+        delegationToken: 'secret-token-xyz',
+        privateKey: 'private-key-abc'
+      };
+      // Simulate logging
+      console.log('[Session] Created session:', sessionId);
+      // Should NOT log sensitive data
+      expect(consoleLogSpy).toHaveBeenCalledWith(
+        '[Session] Created session:',
+        sessionId
+      );
+      expect(consoleLogSpy).not.toHaveBeenCalledWith(
+        expect.stringContaining('secret-token')
+      );
+      expect(consoleLogSpy).not.toHaveBeenCalledWith(
+        expect.stringContaining('private-key')
+      );
+      consoleLogSpy.mockRestore();
+    });
+    test('should validate session audience', async () => {
+      const sessionId = 'audience-test-session';
+      const sessionData = {
+        id: sessionId,
+        audience: 'https://kya.vouched.id',
+        createdAt: Date.now()
+      };
+      // Validate audience matches expected
+      expect(sessionData.audience).toBe('https://kya.vouched.id');
+      // Should reject mismatched audience
+      const invalidAudience = 'https://evil.com';
+      expect(invalidAudience).not.toBe(sessionData.audience);
+    });
+    test('should enforce session TTL limits', () => {
+      const maxTTL = 30 * 60 * 1000; // 30 minutes
+      const timestamp = Date.now();
+      const sessionData = {
+        createdAt: timestamp,
+        expiresAt: timestamp + maxTTL
+      };
+      const ttl = sessionData.expiresAt - sessionData.createdAt;
+      expect(ttl).toBeLessThanOrEqual(maxTTL);
+      expect(ttl).toBe(30 * 60 * 1000);
+    });
+  });
+  describe('Edge Cases', () => {
+    test('should handle missing session storage gracefully', async () => {
+      const env = {}; // No session storage configured
+      // Should not throw, just return null
+      const sessionId = 'test-session';
+      const result = await Promise.resolve(null); // Would be getDelegationToken result
+      expect(result).toBeNull();
+    });
+    test('should handle corrupt session data', async () => {
+      const sessionId = 'corrupt-session';
+      // Return invalid JSON
+      mockSessionStorage.get.mockResolvedValueOnce('{ invalid json }');
+      try {
+        const data = await mockSessionStorage.get(`session:${sessionId}`);
+        JSON.parse(data);
+      } catch (error) {
+        expect(error).toBeInstanceOf(SyntaxError);
+      }
+    });
+    test('should handle very long session IDs', () => {
+      const longSessionId = 'a'.repeat(1000);
+      const headers = new Headers({
+        'mcp-session-id': longSessionId
+      });
+      const retrievedId = headers.get('mcp-session-id');
+      expect(retrievedId).toBe(longSessionId);
+      expect(retrievedId.length).toBe(1000);
+    });
+    test('should handle concurrent session operations', async () => {
+      const sessionId = 'concurrent-session';
+      // Simulate concurrent read/write
+      const operations = Array(10).fill(null).map((_, i) =>
+        mockSessionStorage.put(
+          `session:${sessionId}`,
+          JSON.stringify({ counter: i }),
+          { expirationTtl: 1800 }
+        )
+      );
+      await Promise.all(operations);
+      // All operations should complete
+      expect(mockSessionStorage.put).toHaveBeenCalledTimes(10);
+    });
+  });
+});

package/test-cloudflare/tsconfig.json ADDED Viewed

@@ -0,0 +1,22 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ES2022",
+    "lib": [
+      "ES2022"
+    ],
+    "types": [
+      "@cloudflare/workers-types"
+    ],
+    "moduleResolution": "bundler",
+    "resolveJsonModule": true,
+    "allowSyntheticDefaultImports": true,
+    "esModuleInterop": true,
+    "strict": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true
+  },
+  "include": [
+    "src/**/*"
+  ]
+}

package/test-cloudflare/vitest.config.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import { defineConfig } from 'vitest/config';
+export default defineConfig({
+  test: {
+    globals: true,
+    environment: 'node',
+    testTimeout: 30000,
+  },
+});

package/test-cloudflare/wrangler.toml ADDED Viewed

@@ -0,0 +1,37 @@
+#:schema node_modules/wrangler/config-schema.json
+name = "test-cloudflare"
+main = "src/index.ts"
+compatibility_date = "2025-06-18"
+compatibility_flags = ["nodejs_compat"]
+[[durable_objects.bindings]]
+name = "MCP_OBJECT"
+class_name = "CloudflareMCP"
+[[migrations]]
+tag = "v1"
+new_sqlite_classes = ["CloudflareMCP"]
+[[kv_namespaces]]
+binding = "NONCE_CACHE"
+id = "your-kv-namespace-id"
+[[kv_namespaces]]
+binding = "PROOF_ARCHIVE"
+id = "your-proof-archive-kv-id"
+[vars]
+XMCP_I_TS_SKEW_SEC = "120"
+XMCP_I_SESSION_TTL = "1800"
+[env.production]
+name = "test-cloudflare-production"
+vars = { XMCP_I_TS_SKEW_SEC = "60" }
+[[env.production.kv_namespaces]]
+binding = "NONCE_CACHE"
+id = "your-production-nonce-kv-id"
+[[env.production.kv_namespaces]]
+binding = "PROOF_ARCHIVE"
+id = "your-production-proof-kv-id"

package/test-node/README.md ADDED Viewed

@@ -0,0 +1,44 @@
+# test-node
+MCP-I server with cryptographic identity built-in.
+## Getting Started
+1. Install dependencies:
+   ```bash
+   npm install
+   ```
+2. Initialize identity (generates cryptographic keys):
+   ```bash
+   npm run init
+   ```
+3. Start development server:
+   ```bash
+   npm run dev
+   ```
+## Scripts
+- `npm run dev` - Start development server with hot reload
+- `npm run build` - Build production bundle
+- `npm run start` - Start production server
+- `npm run init` - Initialize agent identity
+- `npm run status` - Check identity and server status
+- `npm run keys:rotate` - Rotate cryptographic keys
+## Project Structure
+```
+├── src/
+│   └── tools/          # MCP tools
+│       └── greet.ts    # Example tool
+├── xmcp.config.ts      # MCP-I configuration
+└── .mcpi/              # Identity files (git-ignored)
+```
+## Learn More
+- [MCP-I Documentation](https://github.com/modelcontextprotocol-identity/mcp-i)
+- [Model Context Protocol](https://modelcontextprotocol.io)

package/test-node/package.json ADDED Viewed

@@ -0,0 +1,23 @@
+{
+  "name": "test-node",
+  "version": "0.1.0",
+  "dependencies": {
+    "@kya-os/cli": "^1.2.7",
+    "@kya-os/mcp-i": "^1.2.7",
+    "zod": "^3.24.4"
+  },
+  "scripts": {
+    "dev": "mcpi dev",
+    "build": "mcpi build",
+    "start": "mcpi start",
+    "init": "mcpi init",
+    "register": "mcpi register",
+    "keys:rotate": "mcpi rotate",
+    "identity:clean": "rm -rf .mcpi",
+    "status": "mcpi status"
+  },
+  "devDependencies": {
+    "@modelcontextprotocol/inspector": "^0.16.6",
+    "swc-loader": "^0.2.6"
+  }
+}

package/test-node/src/tools/greet.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import { z } from "zod";
+import { type InferSchema, type ToolMetadata } from "@kya-os/mcp-i";
+// Define the schema for tool parameters
+export const schema = {
+  name: z.string().describe("The name of the user to greet"),
+};
+// Define tool metadata
+export const metadata: ToolMetadata = {
+  name: "greet",
+  description: "Greet the user",
+};
+// Tool implementation
+export default async function greet({ name }: InferSchema<typeof schema>) {
+  return {
+    content: [
+      {
+        type: "text" as const,
+        text: `Hello, ${name}!`,
+      },
+    ],
+  };
+}

package/test-node/xmcp.config.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import type { XmcpConfig } from "@kya-os/mcp-i";
+const config: XmcpConfig = {
+  // Point to the tools directory
+  paths: {
+    tools: "./src/tools",
+  },
+  // Enable MCP-I identity features
+  identity: {
+    enabled: true,
+    environment: "development",
+    debug: true,
+  },
+  // Enable STDIO transport for Claude Desktop
+  stdio: true,
+};
+export default config;

package/tsconfig.json ADDED Viewed

@@ -0,0 +1,26 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ES2022",
+    "moduleResolution": "bundler",
+    "lib": ["ES2022"],
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true,
+    "resolveJsonModule": true,
+    "allowSyntheticDefaultImports": true,
+    "allowJs": false,
+    "noEmit": false,
+    "incremental": true,
+    "tsBuildInfoFile": "./dist/.tsbuildinfo"
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist", "templates", "src/**/*.test.ts", "src/**/__tests__/**", "src/__tests__", "src/__tests__.bak"],
+  "references": [{ "path": "../contracts" }]
+}

package/vitest.config.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import { defineConfig } from 'vitest/config';
+export default defineConfig({
+  test: {
+    exclude: [
+      '**/node_modules/**',
+      '**/dist/**',
+      '**/.{idea,git,cache,output,temp}/**',
+      '**/{karma,rollup,webpack,vite,vitest,jest,ava,babel,nyc,cypress,tsup,build}.config.*',
+      '**/__tests__.bak/**', // Exclude backup tests
+      '**/integration.test.ts', // Exclude Wrangler integration tests (requires wrangler dependency)
+    ],
+  },
+});