@kya-os/mcp-i-cloudflare 1.4.1-canary.0 → 1.4.1-canary.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +120 -1
- package/dist/adapter.d.ts +6 -0
- package/dist/adapter.d.ts.map +1 -1
- package/dist/adapter.js +29 -0
- package/dist/adapter.js.map +1 -1
- package/dist/agent.d.ts.map +1 -1
- package/dist/agent.js +8 -0
- package/dist/agent.js.map +1 -1
- package/dist/app.d.ts +6 -3
- package/dist/app.d.ts.map +1 -1
- package/dist/app.js +14 -1
- package/dist/app.js.map +1 -1
- package/dist/index.d.ts +3 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -1
- package/dist/index.js.map +1 -1
- package/dist/runtime.d.ts +22 -8
- package/dist/runtime.d.ts.map +1 -1
- package/dist/runtime.js +125 -28
- package/dist/runtime.js.map +1 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +23 -4
- package/dist/server.js.map +1 -1
- package/dist/services/admin.service.d.ts.map +1 -1
- package/dist/services/admin.service.js +36 -3
- package/dist/services/admin.service.js.map +1 -1
- package/dist/services/consent-config.service.d.ts +46 -0
- package/dist/services/consent-config.service.d.ts.map +1 -0
- package/dist/services/consent-config.service.js +157 -0
- package/dist/services/consent-config.service.js.map +1 -0
- package/dist/services/consent-page-renderer.d.ts +137 -0
- package/dist/services/consent-page-renderer.d.ts.map +1 -0
- package/dist/services/consent-page-renderer.js +539 -0
- package/dist/services/consent-page-renderer.js.map +1 -0
- package/dist/services/consent.service.d.ts +58 -3
- package/dist/services/consent.service.d.ts.map +1 -1
- package/dist/services/consent.service.js +373 -18
- package/dist/services/consent.service.js.map +1 -1
- package/dist/services/proof-batch-queue.d.ts +104 -0
- package/dist/services/proof-batch-queue.d.ts.map +1 -0
- package/dist/services/proof-batch-queue.js +209 -0
- package/dist/services/proof-batch-queue.js.map +1 -0
- package/dist/services/proof.service.d.ts +38 -1
- package/dist/services/proof.service.d.ts.map +1 -1
- package/dist/services/proof.service.js +214 -21
- package/dist/services/proof.service.js.map +1 -1
- package/dist/services/transport.service.d.ts +47 -0
- package/dist/services/transport.service.d.ts.map +1 -0
- package/dist/services/transport.service.js +76 -0
- package/dist/services/transport.service.js.map +1 -0
- package/dist/types.d.ts +1 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +2 -2
package/dist/runtime.js
CHANGED
|
@@ -8,15 +8,22 @@
|
|
|
8
8
|
* producing full JWS compact format (header.payload.signature) compatible with
|
|
9
9
|
* AgentShield and the MCP-I proof specification.
|
|
10
10
|
*/
|
|
11
|
-
import { MCPIRuntimeBase, ToolProtectionService } from
|
|
12
|
-
import { CloudflareProofGenerator } from
|
|
13
|
-
import { KVToolProtectionCache } from
|
|
11
|
+
import { MCPIRuntimeBase, ToolProtectionService, } from "@kya-os/mcp-i-core";
|
|
12
|
+
import { CloudflareProofGenerator } from "./proof-generator";
|
|
13
|
+
import { KVToolProtectionCache, } from "./cache/kv-tool-protection-cache";
|
|
14
|
+
import { ProofService } from "./services/proof.service";
|
|
14
15
|
export class CloudflareRuntime extends MCPIRuntimeBase {
|
|
15
16
|
proofGenerator;
|
|
16
17
|
lastDetachedProof;
|
|
17
18
|
lastToolCallContext;
|
|
18
|
-
|
|
19
|
+
serverUrl; // Store server URL for consent URL building
|
|
20
|
+
proofService; // Proof submission service
|
|
21
|
+
constructor(config, serverUrl, cloudflareConfig) {
|
|
19
22
|
super(config);
|
|
23
|
+
this.serverUrl = serverUrl;
|
|
24
|
+
// Initialize ProofService for automatic proof submission
|
|
25
|
+
// Use cloudflareConfig if provided (has proofing), otherwise cast ProviderRuntimeConfig
|
|
26
|
+
this.proofService = new ProofService(cloudflareConfig || config, this);
|
|
20
27
|
}
|
|
21
28
|
/**
|
|
22
29
|
* Initialize runtime and proof generator
|
|
@@ -27,8 +34,8 @@ export class CloudflareRuntime extends MCPIRuntimeBase {
|
|
|
27
34
|
const identity = await this.getIdentity();
|
|
28
35
|
this.proofGenerator = new CloudflareProofGenerator(identity);
|
|
29
36
|
if (this.config.audit?.enabled) {
|
|
30
|
-
console.log(
|
|
31
|
-
console.log(
|
|
37
|
+
console.log("[MCP-I] CloudflareRuntime initialized with CloudflareProofGenerator");
|
|
38
|
+
console.log("[MCP-I] DID:", identity.did);
|
|
32
39
|
}
|
|
33
40
|
}
|
|
34
41
|
/**
|
|
@@ -42,10 +49,10 @@ export class CloudflareRuntime extends MCPIRuntimeBase {
|
|
|
42
49
|
*/
|
|
43
50
|
async createProof(data, session) {
|
|
44
51
|
if (!this.proofGenerator) {
|
|
45
|
-
throw new Error(
|
|
52
|
+
throw new Error("CloudflareProofGenerator not initialized. Call initialize() first.");
|
|
46
53
|
}
|
|
47
54
|
if (!session) {
|
|
48
|
-
throw new Error(
|
|
55
|
+
throw new Error("Session required for proof generation");
|
|
49
56
|
}
|
|
50
57
|
// Ensure we have a nonce (generate one if not provided)
|
|
51
58
|
let nonce = session.nonce;
|
|
@@ -57,7 +64,7 @@ export class CloudflareRuntime extends MCPIRuntimeBase {
|
|
|
57
64
|
// Build ToolRequest from session data
|
|
58
65
|
// The processToolCall method should pass toolName in the session
|
|
59
66
|
const request = {
|
|
60
|
-
method: session.toolName ||
|
|
67
|
+
method: session.toolName || "unknown",
|
|
61
68
|
params: session.toolParams || session.args || {},
|
|
62
69
|
};
|
|
63
70
|
// Build ToolResponse
|
|
@@ -67,7 +74,7 @@ export class CloudflareRuntime extends MCPIRuntimeBase {
|
|
|
67
74
|
// Build SessionContext for CloudflareProofGenerator
|
|
68
75
|
const sessionContext = {
|
|
69
76
|
nonce,
|
|
70
|
-
audience: session.audience ||
|
|
77
|
+
audience: session.audience || "mcp-client",
|
|
71
78
|
sessionId: session.id,
|
|
72
79
|
};
|
|
73
80
|
// ✅ NEW: Determine scopeId from session or runtime config
|
|
@@ -92,42 +99,90 @@ export class CloudflareRuntime extends MCPIRuntimeBase {
|
|
|
92
99
|
this.lastDetachedProof = detachedProof;
|
|
93
100
|
// ✅ Store tool call context for AgentShield dashboard
|
|
94
101
|
this.lastToolCallContext = {
|
|
95
|
-
tool: session.toolName ||
|
|
102
|
+
tool: session.toolName || "unknown",
|
|
96
103
|
args: session.toolParams || session.args || {},
|
|
97
104
|
result: data,
|
|
98
|
-
scopeId: scopeId ||
|
|
105
|
+
scopeId: scopeId || "unknown",
|
|
99
106
|
userId: session.userId, // Optional user identifier
|
|
100
107
|
};
|
|
101
108
|
if (this.config.audit?.enabled) {
|
|
102
|
-
console.log(
|
|
109
|
+
console.log("[MCP-I] Proof generated:", {
|
|
103
110
|
did: detachedProof.meta.did,
|
|
104
111
|
sessionId: detachedProof.meta.sessionId,
|
|
105
|
-
requestHash: detachedProof.meta.requestHash.substring(0, 20) +
|
|
106
|
-
responseHash: detachedProof.meta.responseHash.substring(0, 20) +
|
|
112
|
+
requestHash: detachedProof.meta.requestHash.substring(0, 20) + "...",
|
|
113
|
+
responseHash: detachedProof.meta.responseHash.substring(0, 20) + "...",
|
|
107
114
|
scopeId: detachedProof.meta.scopeId, // ← ADDED: Log scopeId
|
|
108
|
-
jwsFormat: detachedProof.jws.split(
|
|
115
|
+
jwsFormat: detachedProof.jws.split(".").length === 3
|
|
116
|
+
? "valid (3 parts)"
|
|
117
|
+
: "invalid",
|
|
109
118
|
});
|
|
110
119
|
}
|
|
111
120
|
return detachedProof;
|
|
112
121
|
}
|
|
113
122
|
/**
|
|
114
|
-
* Override processToolCall to pass tool metadata through session
|
|
123
|
+
* Override processToolCall to pass tool metadata through session,
|
|
124
|
+
* automatically submit proofs to AgentShield, and attach proofs to result for MCP Inspector.
|
|
115
125
|
*
|
|
116
126
|
* This ensures that CloudflareProofGenerator has access to the tool name
|
|
117
|
-
* and parameters for generating accurate
|
|
127
|
+
* and parameters for generating accurate proof hashes, proofs are automatically
|
|
128
|
+
* submitted to AgentShield for dashboard integration, and proofs are included
|
|
129
|
+
* in the response for MCP Inspector.
|
|
118
130
|
*
|
|
119
131
|
* Note: Creates a new session object to avoid mutating the input session.
|
|
120
132
|
*/
|
|
121
133
|
async processToolCall(toolName, args, handler, session) {
|
|
122
134
|
// Enhance session with tool metadata for proof generation
|
|
123
135
|
// Create a new session object to avoid mutating the input (immutability contract)
|
|
124
|
-
const enhancedSession = session
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
136
|
+
const enhancedSession = session
|
|
137
|
+
? {
|
|
138
|
+
...session,
|
|
139
|
+
toolName,
|
|
140
|
+
toolParams: args,
|
|
141
|
+
}
|
|
142
|
+
: undefined;
|
|
143
|
+
// Call parent implementation with enhanced session (generates proof)
|
|
144
|
+
const result = await super.processToolCall(toolName, args, handler, enhancedSession);
|
|
145
|
+
// Get the proof that was generated (stored by createProof)
|
|
146
|
+
const proof = this.lastDetachedProof;
|
|
147
|
+
// Automatically submit proof to AgentShield if available
|
|
148
|
+
if (proof && this.proofService && enhancedSession) {
|
|
149
|
+
try {
|
|
150
|
+
// Determine MCP server URL from session or stored serverUrl
|
|
151
|
+
const mcpServerUrl = enhancedSession.serverOrigin || this.serverUrl;
|
|
152
|
+
// Submit proof asynchronously (don't block tool execution)
|
|
153
|
+
this.proofService
|
|
154
|
+
.submitProof(proof, {
|
|
155
|
+
session: { id: enhancedSession.id || "unknown" },
|
|
156
|
+
toolName,
|
|
157
|
+
args,
|
|
158
|
+
result,
|
|
159
|
+
mcpServerUrl,
|
|
160
|
+
})
|
|
161
|
+
.catch((error) => {
|
|
162
|
+
// Log error but don't fail the tool execution
|
|
163
|
+
console.error("[CloudflareRuntime] Failed to submit proof:", error);
|
|
164
|
+
});
|
|
165
|
+
}
|
|
166
|
+
catch (error) {
|
|
167
|
+
// Log error but don't fail the tool execution
|
|
168
|
+
console.error("[CloudflareRuntime] Error submitting proof:", error);
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
// Attach proof to result for MCP Inspector (if result is an object)
|
|
172
|
+
if (proof &&
|
|
173
|
+
result &&
|
|
174
|
+
typeof result === "object" &&
|
|
175
|
+
!Array.isArray(result)) {
|
|
176
|
+
// Attach proof to _meta field for MCP Inspector compatibility
|
|
177
|
+
if (!result._meta) {
|
|
178
|
+
result._meta = {};
|
|
179
|
+
}
|
|
180
|
+
result._meta.proof = {
|
|
181
|
+
jws: proof.jws,
|
|
182
|
+
meta: proof.meta,
|
|
183
|
+
};
|
|
184
|
+
}
|
|
185
|
+
return result;
|
|
131
186
|
}
|
|
132
187
|
/**
|
|
133
188
|
* Get the CloudflareProofGenerator instance (for advanced usage)
|
|
@@ -153,7 +208,15 @@ export class CloudflareRuntime extends MCPIRuntimeBase {
|
|
|
153
208
|
return this.lastToolCallContext;
|
|
154
209
|
}
|
|
155
210
|
/**
|
|
156
|
-
* Override buildConsentUrl to
|
|
211
|
+
* Override buildConsentUrl to use server-hosted consent page
|
|
212
|
+
*
|
|
213
|
+
* Auto-detects server URL from request origin (via session.serverOrigin),
|
|
214
|
+
* falls back to MCP_SERVER_URL env var, then to AgentShield dashboard.
|
|
215
|
+
*
|
|
216
|
+
* Priority:
|
|
217
|
+
* 1. session.serverOrigin (auto-detected from request)
|
|
218
|
+
* 2. this.serverUrl (from MCP_SERVER_URL env var)
|
|
219
|
+
* 3. AgentShield dashboard (backward compatibility)
|
|
157
220
|
*
|
|
158
221
|
* AgentShield consent endpoint requires:
|
|
159
222
|
* - snake_case parameter names (agent_did, session_id, project_id)
|
|
@@ -163,8 +226,42 @@ export class CloudflareRuntime extends MCPIRuntimeBase {
|
|
|
163
226
|
// Get project_id from tool protection service if available
|
|
164
227
|
const toolProtectionService = this.config.toolProtectionService;
|
|
165
228
|
const projectId = toolProtectionService?.getProjectId?.();
|
|
166
|
-
//
|
|
167
|
-
|
|
229
|
+
// Build query parameters with snake_case for API compatibility
|
|
230
|
+
const params = new URLSearchParams({
|
|
231
|
+
tool: toolName,
|
|
232
|
+
scopes: scopes.join(","),
|
|
233
|
+
session_id: session?.id || "",
|
|
234
|
+
agent_did: session?.agentDid || "",
|
|
235
|
+
});
|
|
236
|
+
// Add project_id if provided (required for consent endpoint)
|
|
237
|
+
if (projectId) {
|
|
238
|
+
params.set("project_id", projectId);
|
|
239
|
+
}
|
|
240
|
+
// Add resume token if provided
|
|
241
|
+
if (resumeToken) {
|
|
242
|
+
params.set("resume_token", resumeToken);
|
|
243
|
+
}
|
|
244
|
+
// Determine server URL with priority:
|
|
245
|
+
// 1. Auto-detected from request origin (session.serverOrigin)
|
|
246
|
+
// 2. From env var (this.serverUrl)
|
|
247
|
+
// 3. Fallback to AgentShield dashboard
|
|
248
|
+
let serverUrl;
|
|
249
|
+
if (session?.serverOrigin) {
|
|
250
|
+
// Use auto-detected origin from request
|
|
251
|
+
serverUrl = session.serverOrigin;
|
|
252
|
+
}
|
|
253
|
+
else if (this.serverUrl) {
|
|
254
|
+
// Use configured env var
|
|
255
|
+
serverUrl = this.serverUrl;
|
|
256
|
+
}
|
|
257
|
+
// Use server-hosted consent page if server URL is available
|
|
258
|
+
if (serverUrl) {
|
|
259
|
+
// Ensure server URL doesn't have trailing slash
|
|
260
|
+
const baseUrl = serverUrl.replace(/\/$/, "");
|
|
261
|
+
return `${baseUrl}/consent?${params.toString()}`;
|
|
262
|
+
}
|
|
263
|
+
// Fallback to AgentShield dashboard (for backward compatibility or when server URL not available)
|
|
264
|
+
return `https://kya.vouched.id/bouncer/consent?${params.toString()}`;
|
|
168
265
|
}
|
|
169
266
|
/**
|
|
170
267
|
* Create a ToolProtectionService with CloudFlare KV cache
|
package/dist/runtime.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,eAAe,EAEf,qBAAqB,
|
|
1
|
+
{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,eAAe,EAEf,qBAAqB,GAEtB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAE7D,OAAO,EACL,qBAAqB,GAEtB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAiBxD,MAAM,OAAO,iBAAkB,SAAQ,eAAe;IAC5C,cAAc,CAA4B;IAC1C,iBAAiB,CAAiB;IAClC,mBAAmB,CAAmB;IACtC,SAAS,CAAU,CAAC,4CAA4C;IAChE,YAAY,CAAgB,CAAC,2BAA2B;IAEhE,YAAY,MAA6B,EAAE,SAAkB,EAAE,gBAA0C;QACvG,KAAK,CAAC,MAAM,CAAC,CAAC;QACd,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,yDAAyD;QACzD,wFAAwF;QACxF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC,gBAAgB,IAAK,MAAkC,EACvD,IAAI,CACL,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,MAAM,KAAK,CAAC,UAAU,EAAE,CAAC;QAEzB,oDAAoD;QACpD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAC1C,IAAI,CAAC,cAAc,GAAG,IAAI,wBAAwB,CAAC,QAAQ,CAAC,CAAC;QAE7D,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CACT,qEAAqE,CACtE,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,WAAW,CAAC,IAAS,EAAE,OAAa;QACxC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAED,wDAAwD;QACxD,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAC1C,8CAA8C;YAC9C,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC;QACxB,CAAC;QAED,sCAAsC;QACtC,iEAAiE;QACjE,MAAM,OAAO,GAAG;YACd,MAAM,EAAE,OAAO,CAAC,QAAQ,IAAI,SAAS;YACrC,MAAM,EAAE,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,IAAI,IAAI,EAAE;SACjD,CAAC;QAEF,qBAAqB;QACrB,MAAM,QAAQ,GAAG;YACf,IAAI;SACL,CAAC;QAEF,oDAAoD;QACpD,MAAM,cAAc,GAAG;YACrB,KAAK;YACL,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,YAAY;YAC1C,SAAS,EAAE,OAAO,CAAC,EAAE;SACtB,CAAC;QAEF,0DAA0D;QAC1D,IAAI,OAA2B,CAAC;QAEhC,oDAAoD;QACpD,IAAI,OAAO,EAAE,OAAO,EAAE,CAAC;YACrB,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC5B,CAAC;QACD,4CAA4C;aACvC,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;YAC3B,OAAO,GAAG,GAAG,OAAO,CAAC,QAAQ,UAAU,CAAC;QAC1C,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,IAAI,OAAO,EAAE,CAAC;YAC1C,OAAO,CAAC,GAAG,CACT,mCAAmC,OAAO,CAAC,QAAQ,MAAM,OAAO,EAAE,CACnE,CAAC;QACJ,CAAC;QAED,wEAAwE;QACxE,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAC3D,OAAO,EACP,QAAQ,EACR,cAAc,EACd;YACE,OAAO,EAAE,gDAAgD;YACzD,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,uCAAuC;SACtE,CACF,CAAC;QAEF,+CAA+C;QAC/C,IAAI,CAAC,iBAAiB,GAAG,aAAa,CAAC;QAEvC,sDAAsD;QACtD,IAAI,CAAC,mBAAmB,GAAG;YACzB,IAAI,EAAE,OAAO,CAAC,QAAQ,IAAI,SAAS;YACnC,IAAI,EAAE,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,IAAI,IAAI,EAAE;YAC9C,MAAM,EAAE,IAAI;YACZ,OAAO,EAAE,OAAO,IAAI,SAAS;YAC7B,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,2BAA2B;SACpD,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE;gBACtC,GAAG,EAAE,aAAa,CAAC,IAAI,CAAC,GAAG;gBAC3B,SAAS,EAAE,aAAa,CAAC,IAAI,CAAC,SAAS;gBACvC,WAAW,EAAE,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;gBACpE,YAAY,EAAE,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;gBACtE,OAAO,EAAE,aAAa,CAAC,IAAI,CAAC,OAAO,EAAE,uBAAuB;gBAC5D,SAAS,EACP,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC;oBACvC,CAAC,CAAC,iBAAiB;oBACnB,CAAC,CAAC,SAAS;aAChB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,aAAa,CAAC;IACvB,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,eAAe,CACnB,QAAgB,EAChB,IAAS,EACT,OAAoC,EACpC,OAAa;QAEb,0DAA0D;QAC1D,kFAAkF;QAClF,MAAM,eAAe,GAAG,OAAO;YAC7B,CAAC,CAAC;gBACE,GAAG,OAAO;gBACV,QAAQ;gBACR,UAAU,EAAE,IAAI;aACjB;YACH,CAAC,CAAC,SAAS,CAAC;QAEd,qEAAqE;QACrE,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,eAAe,CACxC,QAAQ,EACR,IAAI,EACJ,OAAO,EACP,eAAe,CAChB,CAAC;QAEF,2DAA2D;QAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAErC,yDAAyD;QACzD,IAAI,KAAK,IAAI,IAAI,CAAC,YAAY,IAAI,eAAe,EAAE,CAAC;YAClD,IAAI,CAAC;gBACH,4DAA4D;gBAC5D,MAAM,YAAY,GAAG,eAAe,CAAC,YAAY,IAAI,IAAI,CAAC,SAAS,CAAC;gBAEpE,2DAA2D;gBAC3D,IAAI,CAAC,YAAY;qBACd,WAAW,CAAC,KAAK,EAAE;oBAClB,OAAO,EAAE,EAAE,EAAE,EAAE,eAAe,CAAC,EAAE,IAAI,SAAS,EAAE;oBAChD,QAAQ;oBACR,IAAI;oBACJ,MAAM;oBACN,YAAY;iBACb,CAAC;qBACD,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;oBACf,8CAA8C;oBAC9C,OAAO,CAAC,KAAK,CAAC,6CAA6C,EAAE,KAAK,CAAC,CAAC;gBACtE,CAAC,CAAC,CAAC;YACP,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,8CAA8C;gBAC9C,OAAO,CAAC,KAAK,CAAC,6CAA6C,EAAE,KAAK,CAAC,CAAC;YACtE,CAAC;QACH,CAAC;QAED,oEAAoE;QACpE,IACE,KAAK;YACL,MAAM;YACN,OAAO,MAAM,KAAK,QAAQ;YAC1B,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EACtB,CAAC;YACD,8DAA8D;YAC9D,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,MAAM,CAAC,KAAK,GAAG,EAAE,CAAC;YACpB,CAAC;YACD,MAAM,CAAC,KAAK,CAAC,KAAK,GAAG;gBACnB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,IAAI,EAAE,KAAK,CAAC,IAAI;aACjB,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;;;OAIG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,iBAAiB,CAAC;IAChC,CAAC;IAED;;;;;OAKG;IACH,sBAAsB;QACpB,OAAO,IAAI,CAAC,mBAAmB,CAAC;IAClC,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACO,eAAe,CACvB,QAAgB,EAChB,MAAgB,EAChB,OAAa,EACb,WAAoB;QAEpB,2DAA2D;QAC3D,MAAM,qBAAqB,GAAG,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC;QAChE,MAAM,SAAS,GAAG,qBAAqB,EAAE,YAAY,EAAE,EAAE,CAAC;QAE1D,+DAA+D;QAC/D,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YACxB,UAAU,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE;YAC7B,SAAS,EAAE,OAAO,EAAE,QAAQ,IAAI,EAAE;SACnC,CAAC,CAAC;QAEH,6DAA6D;QAC7D,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QACtC,CAAC;QAED,+BAA+B;QAC/B,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QAC1C,CAAC;QAED,sCAAsC;QACtC,8DAA8D;QAC9D,mCAAmC;QACnC,uCAAuC;QACvC,IAAI,SAA6B,CAAC;QAElC,IAAI,OAAO,EAAE,YAAY,EAAE,CAAC;YAC1B,wCAAwC;YACxC,SAAS,GAAG,OAAO,CAAC,YAAY,CAAC;QACnC,CAAC;aAAM,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAC1B,yBAAyB;YACzB,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAC7B,CAAC;QAED,4DAA4D;QAC5D,IAAI,SAAS,EAAE,CAAC;YACd,gDAAgD;YAChD,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAC7C,OAAO,GAAG,OAAO,YAAY,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;QACnD,CAAC;QAED,kGAAkG;QAClG,OAAO,0CAA0C,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IACvE,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BG;IACH,MAAM,CAAC,2BAA2B,CAChC,EAAe,EACf,MAAmC;QAEnC,MAAM,KAAK,GAAG,IAAI,qBAAqB,CAAC,EAAE,CAAC,CAAC;QAC5C,OAAO,IAAI,qBAAqB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAClD,CAAC;CACF"}
|
package/dist/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7C,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AACxD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAG5D,MAAM,WAAW,2BAA2B;IAC1C,GAAG,EAAE,aAAa,CAAC;IACnB,MAAM,EAAE,uBAAuB,CAAC;IAChC,OAAO,CAAC,EAAE,iBAAiB,CAAC;CAC7B;AAED,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,iBAAiB,CAAoB;IAC7C,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,YAAY,CAAC,CAAe;IACpC,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,OAAO,CAAC,CAAoB;IACpC,OAAO,CAAC,MAAM,CAA0B;IACxC,OAAO,CAAC,GAAG,CAAgB;gBAEf,OAAO,EAAE,2BAA2B;IAgBhD;;;OAGG;IACG,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7C,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AACxD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAG5D,MAAM,WAAW,2BAA2B;IAC1C,GAAG,EAAE,aAAa,CAAC;IACnB,MAAM,EAAE,uBAAuB,CAAC;IAChC,OAAO,CAAC,EAAE,iBAAiB,CAAC;CAC7B;AAED,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,iBAAiB,CAAoB;IAC7C,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,YAAY,CAAC,CAAe;IACpC,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,OAAO,CAAC,CAAoB;IACpC,OAAO,CAAC,MAAM,CAA0B;IACxC,OAAO,CAAC,GAAG,CAAgB;gBAEf,OAAO,EAAE,2BAA2B;IAgBhD;;;OAGG;IACG,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,QAAQ,CAAC;IA8ChF;;OAEG;YACW,mBAAmB;IA6BjC;;OAEG;IACG,eAAe,CAAC,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAc3D;;OAEG;IACH,oBAAoB,IAAI,iBAAiB;IAIzC;;OAEG;IACH,eAAe,IAAI,YAAY;IAI/B;;OAEG;IACH,eAAe,IAAI,YAAY,GAAG,SAAS;IAI3C;;OAEG;IACH,iBAAiB,IAAI,cAAc;CAGpC"}
|
package/dist/server.js
CHANGED
|
@@ -24,7 +24,7 @@ export class MCPICloudflareServer {
|
|
|
24
24
|
// Initialize all services
|
|
25
25
|
this.delegationService = new DelegationService(this.env, this.runtime);
|
|
26
26
|
this.proofService = new ProofService(this.config, this.runtime);
|
|
27
|
-
this.consentService = new ConsentService();
|
|
27
|
+
this.consentService = new ConsentService(this.env, this.runtime);
|
|
28
28
|
// Admin service is optional based on config
|
|
29
29
|
if (this.config.admin?.enabled) {
|
|
30
30
|
this.adminService = new AdminService(this.env);
|
|
@@ -48,7 +48,18 @@ export class MCPICloudflareServer {
|
|
|
48
48
|
return this.consentService.handle(request);
|
|
49
49
|
}
|
|
50
50
|
// Admin routes (if enabled)
|
|
51
|
-
if (url.pathname.startsWith('/admin')
|
|
51
|
+
if (url.pathname.startsWith('/admin')) {
|
|
52
|
+
if (!this.adminService) {
|
|
53
|
+
return new Response(JSON.stringify({
|
|
54
|
+
success: false,
|
|
55
|
+
error: "Admin endpoints are disabled",
|
|
56
|
+
endpoint: url.pathname,
|
|
57
|
+
hint: "Enable admin endpoints by setting config.admin.enabled = true and providing ADMIN_API_KEY in your runtime config.",
|
|
58
|
+
}), {
|
|
59
|
+
status: 403,
|
|
60
|
+
headers: { "Content-Type": "application/json" },
|
|
61
|
+
});
|
|
62
|
+
}
|
|
52
63
|
return this.adminService.handle(request);
|
|
53
64
|
}
|
|
54
65
|
// OAuth callback
|
|
@@ -93,9 +104,17 @@ export class MCPICloudflareServer {
|
|
|
93
104
|
* Handle scheduled events (cron jobs)
|
|
94
105
|
*/
|
|
95
106
|
async handleScheduled(event) {
|
|
96
|
-
// Placeholder for scheduled tasks
|
|
97
|
-
// Can be extended for proof batch flushing, cache cleanup, etc.
|
|
98
107
|
console.log('[MCPICloudflareServer] Scheduled event:', event.cron);
|
|
108
|
+
// Flush proof batch queue if available
|
|
109
|
+
if (this.proofService) {
|
|
110
|
+
try {
|
|
111
|
+
await this.proofService.flush();
|
|
112
|
+
console.log('[MCPICloudflareServer] Proof batch queue flushed');
|
|
113
|
+
}
|
|
114
|
+
catch (error) {
|
|
115
|
+
console.error('[MCPICloudflareServer] Failed to flush proof queue:', error);
|
|
116
|
+
}
|
|
117
|
+
}
|
|
99
118
|
}
|
|
100
119
|
/**
|
|
101
120
|
* Get delegation service (for advanced use cases)
|
package/dist/server.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAQrE,MAAM,OAAO,oBAAoB;IACvB,iBAAiB,CAAoB;IACrC,YAAY,CAAe;IAC3B,YAAY,CAAgB;IAC5B,cAAc,CAAiB;IAC/B,OAAO,CAAqB;IAC5B,MAAM,CAA0B;IAChC,GAAG,CAAgB;IAE3B,YAAY,OAAoC;QAC9C,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAE/B,0BAA0B;QAC1B,IAAI,CAAC,iBAAiB,GAAG,IAAI,iBAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACvE,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAChE,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAQrE,MAAM,OAAO,oBAAoB;IACvB,iBAAiB,CAAoB;IACrC,YAAY,CAAe;IAC3B,YAAY,CAAgB;IAC5B,cAAc,CAAiB;IAC/B,OAAO,CAAqB;IAC5B,MAAM,CAA0B;IAChC,GAAG,CAAgB;IAE3B,YAAY,OAAoC;QAC9C,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAE/B,0BAA0B;QAC1B,IAAI,CAAC,iBAAiB,GAAG,IAAI,iBAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACvE,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAChE,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAEjE,4CAA4C;QAC5C,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;YAC/B,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,aAAa,CAAC,OAAgB,EAAE,GAAsB;QAC1D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAEjC,eAAe;QACf,IAAI,GAAG,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;gBACxB,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE;aAC1C,CAAC,CAAC;QACL,CAAC;QAED,iBAAiB;QACjB,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC7C,CAAC;QAED,4BAA4B;QAC5B,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACtC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;gBACvB,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;oBACb,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,8BAA8B;oBACrC,QAAQ,EAAE,GAAG,CAAC,QAAQ;oBACtB,IAAI,EAAE,mHAAmH;iBAC1H,CAAC,EACF;oBACE,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;iBAChD,CACF,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;QAED,iBAAiB;QACjB,IAAI,GAAG,CAAC,QAAQ,KAAK,iBAAiB,EAAE,CAAC;YACvC,OAAO,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;QAED,gEAAgE;QAChE,qDAAqD;QACrD,0EAA0E;QAC1E,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IACpD,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,mBAAmB,CAAC,OAAgB;QAChD,gCAAgC;QAChC,MAAM,OAAO,GAAG,0BAA0B,CAAC;YACzC,iBAAiB,EAAE,IAAI,CAAC,GAAG,CAAC,mBAAmB;YAC/C,iBAAiB,EAAE,IAAI,CAAC,GAAG,CAAC,kBAAyB;SACtD,CAAC,CAAC;QAEH,6CAA6C;QAC7C,0EAA0E;QAC1E,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,WAAW,GAAG;YAClB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,GAAG,EAAE;gBACH,KAAK,EAAE,CAAC,GAAW,EAAE,EAAE,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,SAAS;gBAC9D,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,SAAS;aACjE;YACD,IAAI,EAAE,CAAC,IAAY,EAAE,MAAM,GAAG,GAAG,EAAE,EAAE,CAAC,IAAI,QAAQ,CAAC,IAAI,EAAE;gBACvD,MAAM;gBACN,OAAO,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE;aACzC,CAAC;YACF,IAAI,EAAE,CAAC,GAAQ,EAAE,MAAM,GAAG,GAAG,EAAE,EAAE,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;gBAClE,MAAM;gBACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CAAC;SACH,CAAC;QAEF,OAAO,OAAO,CAAC,WAAkB,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,KAAqB;QACzC,OAAO,CAAC,GAAG,CAAC,yCAAyC,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAEnE,uCAAuC;QACvC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;gBAChC,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;YAClE,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,qDAAqD,EAAE,KAAK,CAAC,CAAC;YAC9E,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,oBAAoB;QAClB,OAAO,IAAI,CAAC,iBAAiB,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"admin.service.d.ts","sourceRoot":"","sources":["../../src/services/admin.service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAG9C,qBAAa,YAAY;IACvB,OAAO,CAAC,GAAG,CAAgB;gBAEf,GAAG,EAAE,aAAa;IAI9B;;;;OAIG;IACG,MAAM,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"admin.service.d.ts","sourceRoot":"","sources":["../../src/services/admin.service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAG9C,qBAAa,YAAY;IACvB,OAAO,CAAC,GAAG,CAAgB;gBAEf,GAAG,EAAE,aAAa;IAI9B;;;;OAIG;IACG,MAAM,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IAyCjD;;OAEG;YACW,gBAAgB;CA6K/B"}
|
|
@@ -23,6 +23,9 @@ export class AdminService {
|
|
|
23
23
|
return new Response(JSON.stringify({
|
|
24
24
|
success: false,
|
|
25
25
|
error: "Method not allowed. Use POST.",
|
|
26
|
+
endpoint: url.pathname,
|
|
27
|
+
method: request.method,
|
|
28
|
+
allowed_methods: ["POST"],
|
|
26
29
|
}), {
|
|
27
30
|
status: 405,
|
|
28
31
|
headers: { "Content-Type": "application/json" },
|
|
@@ -30,9 +33,14 @@ export class AdminService {
|
|
|
30
33
|
}
|
|
31
34
|
return this.handleClearCache(request);
|
|
32
35
|
}
|
|
36
|
+
// Provide helpful error message for unknown admin routes
|
|
33
37
|
return new Response(JSON.stringify({
|
|
34
38
|
success: false,
|
|
35
|
-
error: "
|
|
39
|
+
error: "Admin endpoint not found",
|
|
40
|
+
endpoint: url.pathname,
|
|
41
|
+
available_endpoints: ["/admin/clear-cache"],
|
|
42
|
+
method: request.method,
|
|
43
|
+
hint: "Only POST /admin/clear-cache is supported. Ensure admin endpoints are enabled in runtime config.",
|
|
36
44
|
}), {
|
|
37
45
|
status: 404,
|
|
38
46
|
headers: { "Content-Type": "application/json" },
|
|
@@ -102,34 +110,59 @@ export class AdminService {
|
|
|
102
110
|
});
|
|
103
111
|
}
|
|
104
112
|
// Clear cache from KV
|
|
105
|
-
//
|
|
106
|
-
|
|
113
|
+
// Use project-scoped cache key if projectId is available (preferred)
|
|
114
|
+
// Otherwise fall back to agent-scoped cache key
|
|
115
|
+
const projectId = this.env.AGENTSHIELD_PROJECT_ID;
|
|
107
116
|
const kvNamespace = this.env.TOOL_PROTECTION_KV;
|
|
108
117
|
if (!kvNamespace) {
|
|
109
118
|
return new Response(JSON.stringify({
|
|
110
119
|
success: false,
|
|
111
120
|
error: "Tool protection KV namespace not configured",
|
|
121
|
+
hint: "Ensure TOOL_PROTECTION_KV is bound in wrangler.toml",
|
|
112
122
|
}), {
|
|
113
123
|
status: 500,
|
|
114
124
|
headers: { "Content-Type": "application/json" },
|
|
115
125
|
});
|
|
116
126
|
}
|
|
127
|
+
// Determine cache key format (matches ToolProtectionService logic)
|
|
128
|
+
// Project-scoped: tool-protection:config:tool-protections:{projectId}
|
|
129
|
+
// Agent-scoped: tool-protection:agent:{agentDid}
|
|
130
|
+
const cacheKeyBase = projectId
|
|
131
|
+
? `config:tool-protections:${projectId}`
|
|
132
|
+
: `agent:${agentDid}`;
|
|
133
|
+
const cacheKey = `tool-protection:${cacheKeyBase}`;
|
|
134
|
+
// Also clear the old agent-scoped key if using project-scoped (for migration)
|
|
135
|
+
const oldCacheKey = projectId
|
|
136
|
+
? `tool-protection:${agentDid}`
|
|
137
|
+
: null;
|
|
117
138
|
// Log before and after for debugging
|
|
118
139
|
const before = await kvNamespace.get(cacheKey);
|
|
140
|
+
const beforeOld = oldCacheKey ? await kvNamespace.get(oldCacheKey) : null;
|
|
141
|
+
// Delete both keys
|
|
119
142
|
await kvNamespace.delete(cacheKey);
|
|
143
|
+
if (oldCacheKey) {
|
|
144
|
+
await kvNamespace.delete(oldCacheKey);
|
|
145
|
+
}
|
|
120
146
|
const after = await kvNamespace.get(cacheKey);
|
|
121
147
|
console.log("[Admin] Cache clear operation", {
|
|
122
148
|
agentDid: agentDid.slice(0, 20) + "...",
|
|
149
|
+
projectId: projectId || "none",
|
|
123
150
|
cacheKey,
|
|
151
|
+
oldCacheKey: oldCacheKey || "none",
|
|
124
152
|
hadValue: !!before,
|
|
153
|
+
hadOldValue: !!beforeOld,
|
|
125
154
|
cleared: !after,
|
|
126
155
|
});
|
|
127
156
|
return new Response(JSON.stringify({
|
|
128
157
|
success: true,
|
|
129
158
|
message: "Cache cleared successfully. Next tool call will fetch fresh config from AgentShield.",
|
|
130
159
|
agent_did: agentDid,
|
|
160
|
+
project_id: projectId || null,
|
|
131
161
|
cache_key: cacheKey,
|
|
162
|
+
old_cache_key: oldCacheKey || null,
|
|
132
163
|
had_value: !!before,
|
|
164
|
+
had_old_value: !!beforeOld,
|
|
165
|
+
cleared: !after,
|
|
133
166
|
}), {
|
|
134
167
|
status: 200,
|
|
135
168
|
headers: { "Content-Type": "application/json" },
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"admin.service.js","sourceRoot":"","sources":["../../src/services/admin.service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAEvD,MAAM,OAAO,YAAY;IACf,GAAG,CAAgB;IAE3B,YAAY,GAAkB;QAC5B,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,OAAgB;QAC3B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAEjC,4CAA4C;QAC5C,IAAI,GAAG,CAAC,QAAQ,KAAK,oBAAoB,EAAE,CAAC;YAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC9B,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;oBACb,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,+BAA+B;
|
|
1
|
+
{"version":3,"file":"admin.service.js","sourceRoot":"","sources":["../../src/services/admin.service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAEvD,MAAM,OAAO,YAAY;IACf,GAAG,CAAgB;IAE3B,YAAY,GAAkB;QAC5B,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,OAAgB;QAC3B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAEjC,4CAA4C;QAC5C,IAAI,GAAG,CAAC,QAAQ,KAAK,oBAAoB,EAAE,CAAC;YAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC9B,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;oBACb,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,+BAA+B;oBACtC,QAAQ,EAAE,GAAG,CAAC,QAAQ;oBACtB,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,eAAe,EAAE,CAAC,MAAM,CAAC;iBAC1B,CAAC,EACF;oBACE,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;iBAChD,CACF,CAAC;YACJ,CAAC;YAED,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC;QAED,yDAAyD;QACzD,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;YACb,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,0BAA0B;YACjC,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,mBAAmB,EAAE,CAAC,oBAAoB,CAAC;YAC3C,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,IAAI,EAAE,kGAAkG;SACzG,CAAC,EACF;YACE,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;SAChD,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAAC,OAAgB;QAC7C,IAAI,CAAC;YACH,qBAAqB;YACrB,MAAM,IAAI,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAEnD,CAAC;YACF,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC;YAEhC,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAC9C,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;oBACb,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,0CAA0C;iBAClD,CAAC,EACF;oBACE,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;iBAChD,CACF,CAAC;YACJ,CAAC;YAED,4CAA4C;YAC5C,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YACxD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrD,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;oBACb,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,wDAAwD;iBAChE,CAAC,EACF;oBACE,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;iBAChD,CACF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,0BAA0B;YAE9D,wDAAwD;YACxD,MAAM,cAAc,GAClB,IAAI,CAAC,GAAG,CAAC,mBAAmB,IAAI,uBAAuB,CAAC;YAC1D,MAAM,aAAa,GAAG,GAAG,cAAc,oCAAoC,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAAC;YAE1G,IAAI,CAAC;gBACH,MAAM,kBAAkB,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;oBACpD,MAAM,EAAE,KAAK;oBACb,OAAO,EAAE;wBACP,cAAc,EAAE,kBAAkB;wBAClC,aAAa,EAAE,UAAU,MAAM,EAAE;qBAClC;iBACF,CAAC,CAAC;gBAEH,IAAI,CAAC,kBAAkB,CAAC,EAAE,EAAE,CAAC;oBAC3B,OAAO,CAAC,IAAI,CACV,oCAAoC,EACpC,kBAAkB,CAAC,MAAM,CAC1B,CAAC;oBACF,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;wBACb,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,gCAAgC;qBACxC,CAAC,EACF;wBACE,MAAM,EAAE,GAAG;wBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;qBAChD,CACF,CAAC;gBACJ,CAAC;gBAED,2CAA2C;gBAC3C,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACxD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,mCAAmC,EAAE,KAAK,CAAC,CAAC;gBAC1D,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;oBACb,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,6CAA6C;iBACrD,CAAC,EACF;oBACE,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;iBAChD,CACF,CAAC;YACJ,CAAC;YAED,sBAAsB;YACtB,qEAAqE;YACrE,gDAAgD;YAChD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,sBAAsB,CAAC;YAClD,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC;YAEhD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;oBACb,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,6CAA6C;oBACpD,IAAI,EAAE,qDAAqD;iBAC5D,CAAC,EACF;oBACE,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;iBAChD,CACF,CAAC;YACJ,CAAC;YAED,mEAAmE;YACnE,sEAAsE;YACtE,iDAAiD;YACjD,MAAM,YAAY,GAAG,SAAS;gBAC5B,CAAC,CAAC,2BAA2B,SAAS,EAAE;gBACxC,CAAC,CAAC,SAAS,QAAQ,EAAE,CAAC;YACxB,MAAM,QAAQ,GAAG,mBAAmB,YAAY,EAAE,CAAC;YAEnD,8EAA8E;YAC9E,MAAM,WAAW,GAAG,SAAS;gBAC3B,CAAC,CAAC,mBAAmB,QAAQ,EAAE;gBAC/B,CAAC,CAAC,IAAI,CAAC;YAET,qCAAqC;YACrC,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC/C,MAAM,SAAS,GAAG,WAAW,CAAC,CAAC,CAAC,MAAM,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAE1E,mBAAmB;YACnB,MAAM,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACxC,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAE9C,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE;gBAC3C,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;gBACvC,SAAS,EAAE,SAAS,IAAI,MAAM;gBAC9B,QAAQ;gBACR,WAAW,EAAE,WAAW,IAAI,MAAM;gBAClC,QAAQ,EAAE,CAAC,CAAC,MAAM;gBAClB,WAAW,EAAE,CAAC,CAAC,SAAS;gBACxB,OAAO,EAAE,CAAC,KAAK;aAChB,CAAC,CAAC;YAEH,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;gBACb,OAAO,EAAE,IAAI;gBACb,OAAO,EACL,sFAAsF;gBACxF,SAAS,EAAE,QAAQ;gBACnB,UAAU,EAAE,SAAS,IAAI,IAAI;gBAC7B,SAAS,EAAE,QAAQ;gBACnB,aAAa,EAAE,WAAW,IAAI,IAAI;gBAClC,SAAS,EAAE,CAAC,CAAC,MAAM;gBACnB,aAAa,EAAE,CAAC,CAAC,SAAS;gBAC1B,OAAO,EAAE,CAAC,KAAK;aAChB,CAAC,EACF;gBACE,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,gCAAgC,EAAE,KAAK,CAAC,CAAC;YACvD,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;gBACb,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,+BAA+B;gBACtC,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAChE,CAAC,EACF;gBACE,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CACF,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Consent Config Service
|
|
3
|
+
*
|
|
4
|
+
* Fetches consent configuration from AgentShield API with caching.
|
|
5
|
+
* Falls back to sensible defaults if API is unavailable.
|
|
6
|
+
*
|
|
7
|
+
* Related Spec: MCP-I Phase 0 Implementation Plan, Task B.3
|
|
8
|
+
*/
|
|
9
|
+
import type { CloudflareEnv } from '../types';
|
|
10
|
+
import type { ConsentConfig } from '@kya-os/contracts/consent';
|
|
11
|
+
/**
|
|
12
|
+
* Consent Config Service
|
|
13
|
+
*
|
|
14
|
+
* Manages fetching and caching of consent configuration from AgentShield
|
|
15
|
+
*/
|
|
16
|
+
export declare class ConsentConfigService {
|
|
17
|
+
private env;
|
|
18
|
+
constructor(env: CloudflareEnv);
|
|
19
|
+
/**
|
|
20
|
+
* Get consent configuration for a project
|
|
21
|
+
*
|
|
22
|
+
* Fetches from AgentShield API with caching. Falls back to defaults if:
|
|
23
|
+
* - API is unavailable
|
|
24
|
+
* - API key is missing
|
|
25
|
+
* - Project not found
|
|
26
|
+
*
|
|
27
|
+
* @param projectId - Project ID from AgentShield
|
|
28
|
+
* @returns Consent configuration (always returns valid config, never throws)
|
|
29
|
+
*/
|
|
30
|
+
getConsentConfig(projectId: string): Promise<ConsentConfig>;
|
|
31
|
+
/**
|
|
32
|
+
* Get default consent configuration
|
|
33
|
+
*
|
|
34
|
+
* Returns sensible defaults when API is unavailable
|
|
35
|
+
*
|
|
36
|
+
* @returns Default consent configuration
|
|
37
|
+
*/
|
|
38
|
+
private getDefaultConfig;
|
|
39
|
+
/**
|
|
40
|
+
* Invalidate cached consent configuration for a project
|
|
41
|
+
*
|
|
42
|
+
* @param projectId - Project ID to invalidate
|
|
43
|
+
*/
|
|
44
|
+
invalidateCache(projectId: string): Promise<void>;
|
|
45
|
+
}
|
|
46
|
+
//# sourceMappingURL=consent-config.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"consent-config.service.d.ts","sourceRoot":"","sources":["../../src/services/consent-config.service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAE9C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAQ/D;;;;GAIG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,GAAG,CAAgB;gBAEf,GAAG,EAAE,aAAa;IAI9B;;;;;;;;;;OAUG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAsFjE;;;;;;OAMG;IACH,OAAO,CAAC,gBAAgB;IAkBxB;;;;OAIG;IACG,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAcxD"}
|