@kya-os/mcp-i-cloudflare 1.2.3-canary.0 → 1.2.3-canary.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter.d.ts +4 -5
- package/dist/adapter.d.ts.map +1 -1
- package/dist/adapter.js +54 -17
- package/dist/adapter.js.map +1 -1
- package/dist/cache/kv-tool-protection-cache.d.ts +46 -0
- package/dist/cache/kv-tool-protection-cache.d.ts.map +1 -0
- package/dist/cache/kv-tool-protection-cache.js +88 -0
- package/dist/cache/kv-tool-protection-cache.js.map +1 -0
- package/dist/index.d.ts +9 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +22 -5
- package/dist/index.js.map +1 -1
- package/dist/proof-generator.d.ts +120 -0
- package/dist/proof-generator.d.ts.map +1 -0
- package/dist/proof-generator.js +238 -0
- package/dist/proof-generator.js.map +1 -0
- package/dist/providers/storage.d.ts +1 -1
- package/dist/providers/storage.d.ts.map +1 -1
- package/dist/providers/storage.js +8 -22
- package/dist/providers/storage.js.map +1 -1
- package/dist/runtime.d.ts +103 -0
- package/dist/runtime.d.ts.map +1 -0
- package/dist/runtime.js +185 -0
- package/dist/runtime.js.map +1 -0
- package/package.json +4 -3
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"proof-generator.d.ts","sourceRoot":"","sources":["../src/proof-generator.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAExD;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,SAAS,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,GAAG,CAAC;CACd;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,GAAG,CAAC;IACV,IAAI,CAAC,EAAE,GAAG,CAAC;CACZ;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;;;GAKG;AACH,qBAAa,wBAAwB;IACnC,OAAO,CAAC,QAAQ,CAAgB;gBAEpB,QAAQ,EAAE,aAAa;IAInC;;OAEG;IACG,aAAa,CACjB,OAAO,EAAE,WAAW,EACpB,QAAQ,EAAE,YAAY,EACtB,OAAO,EAAE,cAAc,EACvB,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC,aAAa,CAAC;IA0BzB;;OAEG;YACW,uBAAuB;IAuBrC;;;;OAIG;YACW,kBAAkB;IAgBhC;;;;;;;;OAQG;IACH,OAAO,CAAC,gBAAgB;IAyBxB;;;;;OAKG;YACW,WAAW;IAyCzB;;;;;OAKG;YACW,WAAW;IAiCzB;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAoB3B;;OAEG;IACH,OAAO,CAAC,eAAe;IAoBvB;;OAEG;IACH,OAAO,CAAC,YAAY;CAQrB"}
|
|
@@ -0,0 +1,238 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Proof Generation for Cloudflare Workers
|
|
3
|
+
*
|
|
4
|
+
* Web Crypto API implementation of JWS proof generation.
|
|
5
|
+
* Compatible with mcp-i's ProofGenerator but uses platform-native APIs.
|
|
6
|
+
*
|
|
7
|
+
* Generates full JWS compact format (header.payload.signature) compatible
|
|
8
|
+
* with AgentShield and other verification systems.
|
|
9
|
+
*/
|
|
10
|
+
/**
|
|
11
|
+
* Cloudflare-compatible Proof Generator
|
|
12
|
+
*
|
|
13
|
+
* Uses Web Crypto API for all cryptographic operations.
|
|
14
|
+
* Generates JWS proofs compatible with AgentShield and MCP-I spec.
|
|
15
|
+
*/
|
|
16
|
+
export class CloudflareProofGenerator {
|
|
17
|
+
identity;
|
|
18
|
+
constructor(identity) {
|
|
19
|
+
this.identity = identity;
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* Generate proof for tool request/response
|
|
23
|
+
*/
|
|
24
|
+
async generateProof(request, response, session, options = {}) {
|
|
25
|
+
// Generate canonical hashes
|
|
26
|
+
const hashes = await this.generateCanonicalHashes(request, response);
|
|
27
|
+
// Create proof metadata
|
|
28
|
+
const meta = {
|
|
29
|
+
did: this.identity.did,
|
|
30
|
+
kid: this.identity.kid,
|
|
31
|
+
ts: Math.floor(Date.now() / 1000),
|
|
32
|
+
nonce: session.nonce,
|
|
33
|
+
audience: session.audience,
|
|
34
|
+
sessionId: session.sessionId,
|
|
35
|
+
requestHash: hashes.requestHash,
|
|
36
|
+
responseHash: hashes.responseHash,
|
|
37
|
+
...options,
|
|
38
|
+
};
|
|
39
|
+
// Generate JWS (compact format)
|
|
40
|
+
const jws = await this.generateJWS(meta);
|
|
41
|
+
return {
|
|
42
|
+
jws,
|
|
43
|
+
meta,
|
|
44
|
+
};
|
|
45
|
+
}
|
|
46
|
+
/**
|
|
47
|
+
* Generate canonical hashes for request and response
|
|
48
|
+
*/
|
|
49
|
+
async generateCanonicalHashes(request, response) {
|
|
50
|
+
// Canonicalize request (exclude transport metadata)
|
|
51
|
+
const canonicalRequest = {
|
|
52
|
+
method: request.method,
|
|
53
|
+
...(request.params && { params: request.params }),
|
|
54
|
+
};
|
|
55
|
+
// Canonicalize response (only data, exclude meta)
|
|
56
|
+
const canonicalResponse = response.data;
|
|
57
|
+
// Generate SHA-256 hashes with JSON canonicalization
|
|
58
|
+
const requestHash = await this.generateSHA256Hash(canonicalRequest);
|
|
59
|
+
const responseHash = await this.generateSHA256Hash(canonicalResponse);
|
|
60
|
+
return {
|
|
61
|
+
requestHash,
|
|
62
|
+
responseHash,
|
|
63
|
+
};
|
|
64
|
+
}
|
|
65
|
+
/**
|
|
66
|
+
* Generate SHA-256 hash with JSON canonicalization
|
|
67
|
+
*
|
|
68
|
+
* Uses JCS (JSON Canonicalization Scheme) for deterministic serialization
|
|
69
|
+
*/
|
|
70
|
+
async generateSHA256Hash(data) {
|
|
71
|
+
// JCS canonicalization (RFC 8785)
|
|
72
|
+
const canonicalJson = this.canonicalizeJSON(data);
|
|
73
|
+
// SHA-256 hash using Web Crypto API
|
|
74
|
+
const encoder = new TextEncoder();
|
|
75
|
+
const dataBuffer = encoder.encode(canonicalJson);
|
|
76
|
+
const hashBuffer = await crypto.subtle.digest('SHA-256', dataBuffer);
|
|
77
|
+
// Convert to hex string
|
|
78
|
+
const hashArray = Array.from(new Uint8Array(hashBuffer));
|
|
79
|
+
const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
|
|
80
|
+
return `sha256:${hashHex}`;
|
|
81
|
+
}
|
|
82
|
+
/**
|
|
83
|
+
* JCS canonicalization implementation (RFC 8785)
|
|
84
|
+
*
|
|
85
|
+
* Rules:
|
|
86
|
+
* 1. Whitespace removed
|
|
87
|
+
* 2. Object keys sorted lexicographically
|
|
88
|
+
* 3. Unicode normalized
|
|
89
|
+
* 4. Numbers in IEEE 754 representation
|
|
90
|
+
*/
|
|
91
|
+
canonicalizeJSON(obj) {
|
|
92
|
+
if (obj === null)
|
|
93
|
+
return 'null';
|
|
94
|
+
if (typeof obj === 'undefined')
|
|
95
|
+
return 'null';
|
|
96
|
+
if (typeof obj === 'boolean')
|
|
97
|
+
return obj.toString();
|
|
98
|
+
if (typeof obj === 'number') {
|
|
99
|
+
// IEEE 754 representation (handle special cases)
|
|
100
|
+
if (!isFinite(obj))
|
|
101
|
+
throw new Error('Cannot canonicalize non-finite number');
|
|
102
|
+
return JSON.stringify(obj);
|
|
103
|
+
}
|
|
104
|
+
if (typeof obj === 'string')
|
|
105
|
+
return JSON.stringify(obj);
|
|
106
|
+
if (Array.isArray(obj)) {
|
|
107
|
+
const elements = obj.map(item => this.canonicalizeJSON(item));
|
|
108
|
+
return '[' + elements.join(',') + ']';
|
|
109
|
+
}
|
|
110
|
+
if (typeof obj === 'object') {
|
|
111
|
+
const keys = Object.keys(obj).sort();
|
|
112
|
+
const pairs = keys.map(key => {
|
|
113
|
+
const value = this.canonicalizeJSON(obj[key]);
|
|
114
|
+
return JSON.stringify(key) + ':' + value;
|
|
115
|
+
});
|
|
116
|
+
return '{' + pairs.join(',') + '}';
|
|
117
|
+
}
|
|
118
|
+
throw new Error(`Cannot canonicalize type: ${typeof obj}`);
|
|
119
|
+
}
|
|
120
|
+
/**
|
|
121
|
+
* Generate Ed25519 JWS in compact format (header.payload.signature)
|
|
122
|
+
*
|
|
123
|
+
* Uses Web Crypto API for signing.
|
|
124
|
+
* Compatible with AgentShield and MCP-I verification.
|
|
125
|
+
*/
|
|
126
|
+
async generateJWS(meta) {
|
|
127
|
+
// JWS Header (CRITICAL: Include kid for proper signature verification)
|
|
128
|
+
const header = {
|
|
129
|
+
alg: 'EdDSA',
|
|
130
|
+
typ: 'JWT',
|
|
131
|
+
kid: meta.kid, // Required for AgentShield verification
|
|
132
|
+
};
|
|
133
|
+
const headerBase64url = this.base64urlEncode(JSON.stringify(header));
|
|
134
|
+
// JWS Payload (JWT claims + proof metadata)
|
|
135
|
+
const payload = {
|
|
136
|
+
// Standard JWT claims
|
|
137
|
+
iss: meta.did,
|
|
138
|
+
sub: meta.did,
|
|
139
|
+
aud: meta.audience,
|
|
140
|
+
iat: meta.ts,
|
|
141
|
+
ts: meta.ts, // AgentShield requires 'ts' claim
|
|
142
|
+
// Proof-specific claims
|
|
143
|
+
nonce: meta.nonce,
|
|
144
|
+
sessionId: meta.sessionId,
|
|
145
|
+
requestHash: meta.requestHash,
|
|
146
|
+
responseHash: meta.responseHash,
|
|
147
|
+
// Optional delegation metadata
|
|
148
|
+
...(meta.scopeId && { scopeId: meta.scopeId }),
|
|
149
|
+
...(meta.delegationRef && { delegationRef: meta.delegationRef }),
|
|
150
|
+
};
|
|
151
|
+
const payloadBase64url = this.base64urlEncode(JSON.stringify(payload));
|
|
152
|
+
// Signing input (header.payload)
|
|
153
|
+
const signingInput = `${headerBase64url}.${payloadBase64url}`;
|
|
154
|
+
// Sign using Ed25519
|
|
155
|
+
const signature = await this.signEd25519(signingInput);
|
|
156
|
+
const signatureBase64url = this.base64urlEncode(signature);
|
|
157
|
+
// JWS Compact Serialization
|
|
158
|
+
return `${headerBase64url}.${payloadBase64url}.${signatureBase64url}`;
|
|
159
|
+
}
|
|
160
|
+
/**
|
|
161
|
+
* Sign data using Ed25519 with Web Crypto API
|
|
162
|
+
*
|
|
163
|
+
* Note: Keys are stored in raw format (32 bytes) but must be wrapped
|
|
164
|
+
* in PKCS#8 format for Web Crypto API import.
|
|
165
|
+
*/
|
|
166
|
+
async signEd25519(data) {
|
|
167
|
+
// Decode the raw private key (32 bytes)
|
|
168
|
+
const privateKeyBytes = this.decodeBase64(this.identity.privateKey);
|
|
169
|
+
// Wrap in PKCS#8 format for Web Crypto API
|
|
170
|
+
const pkcs8 = this.wrapPrivateKeyPKCS8(privateKeyBytes);
|
|
171
|
+
// Import the key using Web Crypto API
|
|
172
|
+
// @ts-ignore - Ed25519 types may not be fully available in all TS versions
|
|
173
|
+
const privateKey = await crypto.subtle.importKey('pkcs8', // Changed from 'raw' to 'pkcs8'
|
|
174
|
+
pkcs8.buffer, {
|
|
175
|
+
name: 'Ed25519',
|
|
176
|
+
}, false, ['sign']);
|
|
177
|
+
// Sign the data
|
|
178
|
+
const encoder = new TextEncoder();
|
|
179
|
+
const dataBuffer = encoder.encode(data);
|
|
180
|
+
// @ts-ignore - Ed25519 algorithm may not be fully typed
|
|
181
|
+
const signatureBuffer = await crypto.subtle.sign('Ed25519', privateKey, dataBuffer);
|
|
182
|
+
return new Uint8Array(signatureBuffer);
|
|
183
|
+
}
|
|
184
|
+
/**
|
|
185
|
+
* Wrap raw Ed25519 private key in PKCS#8 format
|
|
186
|
+
* (Same implementation as WebCryptoProvider)
|
|
187
|
+
*/
|
|
188
|
+
wrapPrivateKeyPKCS8(rawKey) {
|
|
189
|
+
// PKCS#8 wrapper for Ed25519 private key
|
|
190
|
+
const pkcs8Header = new Uint8Array([
|
|
191
|
+
0x30, 0x2e, // SEQUENCE (46 bytes)
|
|
192
|
+
0x02, 0x01, 0x00, // INTEGER version 0
|
|
193
|
+
0x30, 0x05, // SEQUENCE (5 bytes) - Algorithm
|
|
194
|
+
0x06, 0x03, 0x2b, 0x65, 0x70, // OID for Ed25519
|
|
195
|
+
0x04, 0x22, // OCTET STRING (34 bytes)
|
|
196
|
+
0x04, 0x20 // OCTET STRING (32 bytes) - the actual key
|
|
197
|
+
]);
|
|
198
|
+
// Handle both 32-byte and 64-byte keys (64-byte includes public key)
|
|
199
|
+
const keyBytes = rawKey.length === 64 ? rawKey.slice(0, 32) : rawKey;
|
|
200
|
+
const result = new Uint8Array(pkcs8Header.length + keyBytes.length);
|
|
201
|
+
result.set(pkcs8Header);
|
|
202
|
+
result.set(keyBytes, pkcs8Header.length);
|
|
203
|
+
return result;
|
|
204
|
+
}
|
|
205
|
+
/**
|
|
206
|
+
* Base64url encode (URL-safe base64 without padding)
|
|
207
|
+
*/
|
|
208
|
+
base64urlEncode(data) {
|
|
209
|
+
let base64;
|
|
210
|
+
if (typeof data === 'string') {
|
|
211
|
+
// Convert string to base64
|
|
212
|
+
const encoder = new TextEncoder();
|
|
213
|
+
const bytes = encoder.encode(data);
|
|
214
|
+
base64 = btoa(String.fromCharCode(...bytes));
|
|
215
|
+
}
|
|
216
|
+
else {
|
|
217
|
+
// Convert Uint8Array to base64
|
|
218
|
+
base64 = btoa(String.fromCharCode(...data));
|
|
219
|
+
}
|
|
220
|
+
// Convert to base64url (replace +/= with -_)
|
|
221
|
+
return base64
|
|
222
|
+
.replace(/\+/g, '-')
|
|
223
|
+
.replace(/\//g, '_')
|
|
224
|
+
.replace(/=/g, '');
|
|
225
|
+
}
|
|
226
|
+
/**
|
|
227
|
+
* Decode base64 string to Uint8Array
|
|
228
|
+
*/
|
|
229
|
+
decodeBase64(base64) {
|
|
230
|
+
const binaryString = atob(base64);
|
|
231
|
+
const bytes = new Uint8Array(binaryString.length);
|
|
232
|
+
for (let i = 0; i < binaryString.length; i++) {
|
|
233
|
+
bytes[i] = binaryString.charCodeAt(i);
|
|
234
|
+
}
|
|
235
|
+
return bytes;
|
|
236
|
+
}
|
|
237
|
+
}
|
|
238
|
+
//# sourceMappingURL=proof-generator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"proof-generator.js","sourceRoot":"","sources":["../src/proof-generator.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA0DH;;;;;GAKG;AACH,MAAM,OAAO,wBAAwB;IAC3B,QAAQ,CAAgB;IAEhC,YAAY,QAAuB;QACjC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,OAAoB,EACpB,QAAsB,EACtB,OAAuB,EACvB,UAAwB,EAAE;QAE1B,4BAA4B;QAC5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAErE,wBAAwB;QACxB,MAAM,IAAI,GAAc;YACtB,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG;YACtB,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG;YACtB,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YACjC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,GAAG,OAAO;SACX,CAAC;QAEF,gCAAgC;QAChC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEzC,OAAO;YACL,GAAG;YACH,IAAI;SACL,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,uBAAuB,CACnC,OAAoB,EACpB,QAAsB;QAEtB,oDAAoD;QACpD,MAAM,gBAAgB,GAAG;YACvB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC;SAClD,CAAC;QAEF,kDAAkD;QAClD,MAAM,iBAAiB,GAAG,QAAQ,CAAC,IAAI,CAAC;QAExC,qDAAqD;QACrD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;QACpE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,CAAC;QAEtE,OAAO;YACL,WAAW;YACX,YAAY;SACb,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,kBAAkB,CAAC,IAAS;QACxC,kCAAkC;QAClC,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAElD,oCAAoC;QACpC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACjD,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QAErE,wBAAwB;QACxB,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAE7E,OAAO,UAAU,OAAO,EAAE,CAAC;IAC7B,CAAC;IAED;;;;;;;;OAQG;IACK,gBAAgB,CAAC,GAAQ;QAC/B,IAAI,GAAG,KAAK,IAAI;YAAE,OAAO,MAAM,CAAC;QAChC,IAAI,OAAO,GAAG,KAAK,WAAW;YAAE,OAAO,MAAM,CAAC;QAC9C,IAAI,OAAO,GAAG,KAAK,SAAS;YAAE,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;QACpD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,iDAAiD;YACjD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAC7E,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACxD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC;YAC9D,OAAO,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QACxC,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;gBAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC9C,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,KAAK,CAAC;YAC3C,CAAC,CAAC,CAAC;YACH,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QACrC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,GAAG,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,WAAW,CAAC,IAAe;QACvC,uEAAuE;QACvE,MAAM,MAAM,GAAG;YACb,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,IAAI,CAAC,GAAG,EAAG,wCAAwC;SACzD,CAAC;QACF,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QAErE,4CAA4C;QAC5C,MAAM,OAAO,GAAG;YACd,sBAAsB;YACtB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,GAAG,EAAE,IAAI,CAAC,QAAQ;YAClB,GAAG,EAAE,IAAI,CAAC,EAAE;YACZ,EAAE,EAAE,IAAI,CAAC,EAAE,EAAG,kCAAkC;YAEhD,wBAAwB;YACxB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,YAAY,EAAE,IAAI,CAAC,YAAY;YAE/B,+BAA+B;YAC/B,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;YAC9C,GAAG,CAAC,IAAI,CAAC,aAAa,IAAI,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC;SACjE,CAAC;QACF,MAAM,gBAAgB,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAEvE,iCAAiC;QACjC,MAAM,YAAY,GAAG,GAAG,eAAe,IAAI,gBAAgB,EAAE,CAAC;QAE9D,qBAAqB;QACrB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QACvD,MAAM,kBAAkB,GAAG,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QAE3D,4BAA4B;QAC5B,OAAO,GAAG,eAAe,IAAI,gBAAgB,IAAI,kBAAkB,EAAE,CAAC;IACxE,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,WAAW,CAAC,IAAY;QACpC,wCAAwC;QACxC,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QAEpE,2CAA2C;QAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC,CAAC;QAExD,sCAAsC;QACtC,2EAA2E;QAC3E,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC9C,OAAO,EAAG,gCAAgC;QAC1C,KAAK,CAAC,MAAqB,EAC3B;YACE,IAAI,EAAE,SAAS;SAChB,EACD,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;QAEF,gBAAgB;QAChB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAExC,wDAAwD;QACxD,MAAM,eAAe,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAC9C,SAAS,EACT,UAAU,EACV,UAAU,CACX,CAAC;QAEF,OAAO,IAAI,UAAU,CAAC,eAAe,CAAC,CAAC;IACzC,CAAC;IAED;;;OAGG;IACK,mBAAmB,CAAC,MAAkB;QAC5C,yCAAyC;QACzC,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC;YACjC,IAAI,EAAE,IAAI,EAAE,sBAAsB;YAClC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,oBAAoB;YACtC,IAAI,EAAE,IAAI,EAAE,iCAAiC;YAC7C,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,kBAAkB;YAChD,IAAI,EAAE,IAAI,EAAE,0BAA0B;YACtC,IAAI,EAAE,IAAI,CAAE,2CAA2C;SACxD,CAAC,CAAC;QAEH,qEAAqE;QACrE,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QAErE,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACxB,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;QACzC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,IAAyB;QAC/C,IAAI,MAAc,CAAC;QAEnB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,2BAA2B;YAC3B,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACnC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,+BAA+B;YAC/B,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;QAC9C,CAAC;QAED,6CAA6C;QAC7C,OAAO,MAAM;aACV,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACvB,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,MAAc;QACjC,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QAClC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAClD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC7C,KAAK,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../src/providers/storage.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,aAAa,EAAE,aAAa,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../src/providers/storage.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,aAAa,EAAE,aAAa,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAMxI;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,eAAe;IACxC,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,WAAW;IAI7B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAIxC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9C,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIlC,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKrC,IAAI,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;CAI/C;AAED;;GAEG;AACH,qBAAa,oBAAqB,SAAQ,kBAAkB;IAC9C,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,WAAW;IAI7B,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKpC,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOpD,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAIxB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAG/B;AAED;;GAEG;AACH,qBAAa,oBAAqB,SAAQ,aAAa;IACrD,GAAG,IAAI,MAAM;IAIb,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO;IAO7D,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAItC,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IAI3C,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;CAGlC;AAED;;GAEG;AACH,qBAAa,oBAAqB,SAAQ,aAAa;IAC/C,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IAiCrC,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IAU1C,oBAAoB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAKhD,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;CAGnE;AAED;;GAEG;AACH,qBAAa,uBAAwB,SAAQ,gBAAgB;IAEzD,OAAO,CAAC,GAAG;IACX,OAAO,CAAC,cAAc,CAAC;gBADf,GAAG,EAAE,GAAG,EACR,cAAc,CAAC,EAAE,GAAG,YAAA;IAKxB,WAAW,IAAI,OAAO,CAAC,aAAa,CAAC;IA+BrC,YAAY,CAAC,QAAQ,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAMpD,UAAU,IAAI,OAAO,CAAC,aAAa,CAAC;IAkBpC,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC;IAIrC;;;;;;;OAOG;IACH,OAAO,CAAC,wBAAwB;IAiBhC;;OAEG;IACH,OAAO,CAAC,YAAY;IAIpB;;OAEG;IACH,OAAO,CAAC,aAAa;CAQtB"}
|
|
@@ -4,6 +4,9 @@
|
|
|
4
4
|
* Implements StorageProvider and NonceCacheProvider using Cloudflare KV.
|
|
5
5
|
*/
|
|
6
6
|
import { StorageProvider, NonceCacheProvider, ClockProvider, FetchProvider, IdentityProvider } from '@kya-os/mcp-i-core';
|
|
7
|
+
import baseX from 'base-x';
|
|
8
|
+
// Bitcoin base58 alphabet
|
|
9
|
+
const base58 = baseX('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz');
|
|
7
10
|
/**
|
|
8
11
|
* KV storage provider for Cloudflare Workers
|
|
9
12
|
*/
|
|
@@ -143,7 +146,7 @@ export class WorkersIdentityProvider extends IdentityProvider {
|
|
|
143
146
|
if (this.env.MCP_IDENTITY_PRIVATE_KEY && this.env.MCP_IDENTITY_PUBLIC_KEY && this.env.MCP_IDENTITY_AGENT_DID) {
|
|
144
147
|
return {
|
|
145
148
|
did: this.env.MCP_IDENTITY_AGENT_DID,
|
|
146
|
-
|
|
149
|
+
kid: `${this.env.MCP_IDENTITY_AGENT_DID}#key-1`,
|
|
147
150
|
privateKey: this.env.MCP_IDENTITY_PRIVATE_KEY,
|
|
148
151
|
publicKey: this.env.MCP_IDENTITY_PUBLIC_KEY,
|
|
149
152
|
createdAt: new Date().toISOString(),
|
|
@@ -158,7 +161,7 @@ export class WorkersIdentityProvider extends IdentityProvider {
|
|
|
158
161
|
const did = this.generateDIDFromPublicKey(keyPair.publicKey);
|
|
159
162
|
return {
|
|
160
163
|
did,
|
|
161
|
-
|
|
164
|
+
kid: `${did}#key-1`,
|
|
162
165
|
privateKey: keyPair.privateKey,
|
|
163
166
|
publicKey: keyPair.publicKey,
|
|
164
167
|
createdAt: new Date().toISOString(),
|
|
@@ -178,7 +181,7 @@ export class WorkersIdentityProvider extends IdentityProvider {
|
|
|
178
181
|
const did = this.generateDIDFromPublicKey(keyPair.publicKey);
|
|
179
182
|
return {
|
|
180
183
|
did,
|
|
181
|
-
|
|
184
|
+
kid: `${did}#key-1`,
|
|
182
185
|
privateKey: keyPair.privateKey,
|
|
183
186
|
publicKey: keyPair.publicKey,
|
|
184
187
|
createdAt: new Date().toISOString(),
|
|
@@ -209,27 +212,10 @@ export class WorkersIdentityProvider extends IdentityProvider {
|
|
|
209
212
|
return `did:key:${multibaseEncoded}`;
|
|
210
213
|
}
|
|
211
214
|
/**
|
|
212
|
-
* Base58 encode (Bitcoin alphabet)
|
|
215
|
+
* Base58 encode (Bitcoin alphabet) using base-x library
|
|
213
216
|
*/
|
|
214
217
|
base58Encode(bytes) {
|
|
215
|
-
|
|
216
|
-
// Convert bytes to bigint
|
|
217
|
-
let num = 0n;
|
|
218
|
-
for (let i = 0; i < bytes.length; i++) {
|
|
219
|
-
num = num * 256n + BigInt(bytes[i]);
|
|
220
|
-
}
|
|
221
|
-
// Convert to base58
|
|
222
|
-
let encoded = '';
|
|
223
|
-
while (num > 0n) {
|
|
224
|
-
const remainder = Number(num % 58n);
|
|
225
|
-
encoded = ALPHABET[remainder] + encoded;
|
|
226
|
-
num = num / 58n;
|
|
227
|
-
}
|
|
228
|
-
// Handle leading zeros
|
|
229
|
-
for (let i = 0; i < bytes.length && bytes[i] === 0; i++) {
|
|
230
|
-
encoded = ALPHABET[0] + encoded;
|
|
231
|
-
}
|
|
232
|
-
return encoded;
|
|
218
|
+
return base58.encode(bytes);
|
|
233
219
|
}
|
|
234
220
|
/**
|
|
235
221
|
* Convert base64 to bytes
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"storage.js","sourceRoot":"","sources":["../../src/providers/storage.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,aAAa,EAAE,aAAa,EAAE,gBAAgB,EAAiB,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"storage.js","sourceRoot":"","sources":["../../src/providers/storage.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,aAAa,EAAE,aAAa,EAAE,gBAAgB,EAAiB,MAAM,oBAAoB,CAAC;AACxI,OAAO,KAAK,MAAM,QAAQ,CAAC;AAE3B,0BAA0B;AAC1B,MAAM,MAAM,GAAG,KAAK,CAAC,4DAA4D,CAAC,CAAC;AAEnF;;GAEG;AACH,MAAM,OAAO,iBAAkB,SAAQ,eAAe;IAChC;IAApB,YAAoB,EAAe;QACjC,KAAK,EAAE,CAAC;QADU,OAAE,GAAF,EAAE,CAAa;IAEnC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,OAAO,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAa;QAClC,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACrC,OAAO,KAAK,KAAK,IAAI,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,MAAe;QACxB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QAC9C,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,oBAAqB,SAAQ,kBAAkB;IACtC;IAApB,YAAoB,EAAe;QACjC,KAAK,EAAE,CAAC;QADU,OAAE,GAAF,EAAE,CAAa;IAEnC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,KAAa;QACrB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,SAAS,KAAK,EAAE,CAAC,CAAC;QAClD,OAAO,KAAK,KAAK,IAAI,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,KAAa,EAAE,SAAiB;QACxC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;QACrE,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,SAAS,KAAK,EAAE,EAAE,GAAG,EAAE;YACvC,aAAa,EAAE,GAAG;SACnB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO;QACX,sCAAsC;IACxC,CAAC;IAED,KAAK,CAAC,OAAO;QACX,oBAAoB;IACtB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,oBAAqB,SAAQ,aAAa;IACrD,GAAG;QACD,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC;IACpB,CAAC;IAED,YAAY,CAAC,SAAiB,EAAE,WAAmB;QACjD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,WAAW,GAAG,IAAI,CAAC;QAClC,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,SAAS,CAAC,CAAC;QACvC,OAAO,IAAI,IAAI,MAAM,CAAC;IACxB,CAAC;IAED,UAAU,CAAC,SAAiB;QAC1B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IAChC,CAAC;IAED,eAAe,CAAC,UAAkB;QAChC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAC1C,CAAC;IAED,MAAM,CAAC,SAAiB;QACtB,OAAO,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;IAC3C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,oBAAqB,SAAQ,aAAa;IACrD,KAAK,CAAC,UAAU,CAAC,GAAW;QAC1B,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,iCAAiC;YACjC,MAAM,kBAAkB,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YACxD,OAAO;gBACL,UAAU,EAAE,CAAC,8BAA8B,CAAC;gBAC5C,EAAE,EAAE,GAAG;gBACP,kBAAkB,EAAE,CAAC;wBACnB,EAAE,EAAE,GAAG,GAAG,QAAQ;wBAClB,IAAI,EAAE,4BAA4B;wBAClC,UAAU,EAAE,GAAG;wBACf,kBAAkB;qBACnB,CAAC;gBACF,cAAc,EAAE,CAAC,GAAG,GAAG,QAAQ,CAAC;gBAChC,eAAe,EAAE,CAAC,GAAG,GAAG,QAAQ,CAAC;aAClC,CAAC;QACJ,CAAC;QAED,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC/D,MAAM,GAAG,GAAG,WAAW,MAAM,uBAAuB,CAAC;YACrD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;YAElC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,qBAAqB,GAAG,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;YACtE,CAAC;YAED,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC/B,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,GAAW;QAC/B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;QAElC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QACzE,CAAC;QAED,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,EAAU;QACnC,yCAAyC;QACzC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAW,EAAE,OAAqB;QAC5C,OAAO,MAAM,KAAK,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACnC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,uBAAwB,SAAQ,gBAAgB;IAEjD;IACA;IAFV,YACU,GAAQ,EACR,cAAoB;QAE5B,KAAK,EAAE,CAAC;QAHA,QAAG,GAAH,GAAG,CAAK;QACR,mBAAc,GAAd,cAAc,CAAM;IAG9B,CAAC;IAED,KAAK,CAAC,WAAW;QACf,oDAAoD;QACpD,IAAI,IAAI,CAAC,GAAG,CAAC,wBAAwB,IAAI,IAAI,CAAC,GAAG,CAAC,uBAAuB,IAAI,IAAI,CAAC,GAAG,CAAC,sBAAsB,EAAE,CAAC;YAC7G,OAAO;gBACL,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,sBAAsB;gBACpC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,sBAAsB,QAAQ;gBAC/C,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,wBAAwB;gBAC7C,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,uBAAuB;gBAC3C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,IAAI,EAAE,YAAY;aACnB,CAAC;QACJ,CAAC;QAED,qCAAqC;QACrC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,EAAE,CAAC;QAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAE7D,OAAO;YACL,GAAG;YACH,GAAG,EAAE,GAAG,GAAG,QAAQ;YACnB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,IAAI,EAAE,aAAa;SACpB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAuB;QACxC,gEAAgE;QAChE,mDAAmD;QACnD,OAAO,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAC;IAClG,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,EAAE,CAAC;QAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAE7D,OAAO;YACL,GAAG;YACH,GAAG,EAAE,GAAG,GAAG,QAAQ;YACnB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,IAAI,EAAE,YAAY;SACnB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,OAAO,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;IACrE,CAAC;IAED;;;;;;;OAOG;IACK,wBAAwB,CAAC,SAAiB;QAChD,MAAM,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAErD,qCAAqC;QACrC,MAAM,gBAAgB,GAAG,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;QAEtD,8BAA8B;QAC9B,MAAM,aAAa,GAAG,IAAI,UAAU,CAAC,gBAAgB,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACtF,aAAa,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QACpC,aAAa,CAAC,GAAG,CAAC,cAAc,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAE3D,2CAA2C;QAC3C,MAAM,gBAAgB,GAAG,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QAEhE,OAAO,WAAW,gBAAgB,EAAE,CAAC;IACvC,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,KAAiB;QACpC,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,MAAc;QAClC,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QAClC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAClD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC7C,KAAK,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}
|
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* CloudflareRuntime - Extended runtime with CloudflareProofGenerator
|
|
3
|
+
*
|
|
4
|
+
* Extends MCPIRuntimeBase with Cloudflare-specific proof generation
|
|
5
|
+
* using Web Crypto API instead of Node.js crypto.
|
|
6
|
+
*
|
|
7
|
+
* This runtime automatically uses CloudflareProofGenerator for all proof generation,
|
|
8
|
+
* producing full JWS compact format (header.payload.signature) compatible with
|
|
9
|
+
* AgentShield and the MCP-I proof specification.
|
|
10
|
+
*/
|
|
11
|
+
import { MCPIRuntimeBase, type MCPIRuntimeConfig, ToolProtectionService, type ToolProtectionServiceConfig } from '@kya-os/mcp-i-core';
|
|
12
|
+
import { CloudflareProofGenerator } from './proof-generator';
|
|
13
|
+
import type { DetachedProof } from '@kya-os/contracts/proof';
|
|
14
|
+
import { type KVNamespace } from './cache/kv-tool-protection-cache';
|
|
15
|
+
/**
|
|
16
|
+
* CloudflareRuntime extends MCPIRuntimeBase with CloudflareProofGenerator
|
|
17
|
+
*/
|
|
18
|
+
/**
|
|
19
|
+
* Tool call context for AgentShield dashboard
|
|
20
|
+
*/
|
|
21
|
+
export interface ToolCallContext {
|
|
22
|
+
tool: string;
|
|
23
|
+
args: Record<string, unknown>;
|
|
24
|
+
result?: unknown;
|
|
25
|
+
scopeId: string;
|
|
26
|
+
userId?: string;
|
|
27
|
+
}
|
|
28
|
+
export declare class CloudflareRuntime extends MCPIRuntimeBase {
|
|
29
|
+
private proofGenerator?;
|
|
30
|
+
private lastDetachedProof?;
|
|
31
|
+
private lastToolCallContext?;
|
|
32
|
+
constructor(config: MCPIRuntimeConfig);
|
|
33
|
+
/**
|
|
34
|
+
* Initialize runtime and proof generator
|
|
35
|
+
*/
|
|
36
|
+
initialize(): Promise<void>;
|
|
37
|
+
/**
|
|
38
|
+
* Override createProof to use CloudflareProofGenerator
|
|
39
|
+
*
|
|
40
|
+
* This returns a DetachedProof with full JWS format:
|
|
41
|
+
* - jws: Full compact JWS (header.payload.signature)
|
|
42
|
+
* - meta: ProofMeta with all required fields
|
|
43
|
+
*
|
|
44
|
+
* The proof is compatible with AgentShield and follows MCP-I specification.
|
|
45
|
+
*/
|
|
46
|
+
createProof(data: any, session?: any): Promise<DetachedProof>;
|
|
47
|
+
/**
|
|
48
|
+
* Override processToolCall to pass tool metadata through session
|
|
49
|
+
*
|
|
50
|
+
* This ensures that CloudflareProofGenerator has access to the tool name
|
|
51
|
+
* and parameters for generating accurate request hashes.
|
|
52
|
+
*/
|
|
53
|
+
processToolCall(toolName: string, args: any, handler: (args: any) => Promise<any>, session?: any): Promise<any>;
|
|
54
|
+
/**
|
|
55
|
+
* Get the CloudflareProofGenerator instance (for advanced usage)
|
|
56
|
+
*/
|
|
57
|
+
getProofGenerator(): CloudflareProofGenerator | undefined;
|
|
58
|
+
/**
|
|
59
|
+
* Override getLastProof to return DetachedProof format
|
|
60
|
+
*
|
|
61
|
+
* This ensures compatibility with applications expecting the full JWS proof format.
|
|
62
|
+
*/
|
|
63
|
+
getLastProof(): DetachedProof | undefined;
|
|
64
|
+
/**
|
|
65
|
+
* Get the last tool call context
|
|
66
|
+
*
|
|
67
|
+
* Returns plaintext tool execution data for AgentShield dashboard integration.
|
|
68
|
+
* This context can be submitted alongside proofs for enhanced UX.
|
|
69
|
+
*/
|
|
70
|
+
getLastToolCallContext(): ToolCallContext | undefined;
|
|
71
|
+
/**
|
|
72
|
+
* Create a ToolProtectionService with CloudFlare KV cache
|
|
73
|
+
*
|
|
74
|
+
* The service fetches tool protection config from AgentShield by agent DID.
|
|
75
|
+
* Config is cached in KV for 5 minutes to minimize API calls.
|
|
76
|
+
*
|
|
77
|
+
* Usage in CloudFlare Worker:
|
|
78
|
+
* ```typescript
|
|
79
|
+
* const toolProtectionService = CloudflareRuntime.createToolProtectionService(
|
|
80
|
+
* env.TOOL_PROTECTION_KV, // KV namespace from wrangler.toml
|
|
81
|
+
* {
|
|
82
|
+
* apiUrl: env.AGENTSHIELD_API_URL || 'https://kya.vouched.id',
|
|
83
|
+
* apiKey: env.AGENTSHIELD_API_KEY,
|
|
84
|
+
* cacheTtl: 300000, // 5 minutes (default)
|
|
85
|
+
* debug: env.MCPI_ENV === 'development',
|
|
86
|
+
* fallbackConfig: {
|
|
87
|
+
* toolProtections: {
|
|
88
|
+
* greet: { requiresDelegation: false, requiredScopes: ['greet:execute'] }
|
|
89
|
+
* }
|
|
90
|
+
* }
|
|
91
|
+
* }
|
|
92
|
+
* );
|
|
93
|
+
*
|
|
94
|
+
* // Pass to runtime config
|
|
95
|
+
* const runtime = new CloudflareRuntime({
|
|
96
|
+
* ...providers,
|
|
97
|
+
* toolProtectionService,
|
|
98
|
+
* });
|
|
99
|
+
* ```
|
|
100
|
+
*/
|
|
101
|
+
static createToolProtectionService(kv: KVNamespace, config: ToolProtectionServiceConfig): ToolProtectionService;
|
|
102
|
+
}
|
|
103
|
+
//# sourceMappingURL=runtime.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,eAAe,EACf,KAAK,iBAAiB,EACtB,qBAAqB,EACrB,KAAK,2BAA2B,EACjC,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAyB,KAAK,WAAW,EAAE,MAAM,kCAAkC,CAAC;AAE3F;;GAEG;AACH;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,qBAAa,iBAAkB,SAAQ,eAAe;IACpD,OAAO,CAAC,cAAc,CAAC,CAA2B;IAClD,OAAO,CAAC,iBAAiB,CAAC,CAAgB;IAC1C,OAAO,CAAC,mBAAmB,CAAC,CAAkB;gBAElC,MAAM,EAAE,iBAAiB;IAIrC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAajC;;;;;;;;OAQG;IACG,WAAW,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,aAAa,CAAC;IAsFnE;;;;;OAKG;IACG,eAAe,CACnB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,GAAG,EACT,OAAO,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,EACpC,OAAO,CAAC,EAAE,GAAG,GACZ,OAAO,CAAC,GAAG,CAAC;IAYf;;OAEG;IACH,iBAAiB,IAAI,wBAAwB,GAAG,SAAS;IAIzD;;;;OAIG;IACH,YAAY,IAAI,aAAa,GAAG,SAAS;IAIzC;;;;;OAKG;IACH,sBAAsB,IAAI,eAAe,GAAG,SAAS;IAIrD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BG;IACH,MAAM,CAAC,2BAA2B,CAChC,EAAE,EAAE,WAAW,EACf,MAAM,EAAE,2BAA2B,GAClC,qBAAqB;CAIzB"}
|