npm - @kya-os/mcp-i-cloudflare - Versions diffs - 1.5.10-canary.8 → 1.6.0 - Mend

@kya-os/mcp-i-cloudflare 1.5.10-canary.8 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (102) hide show

package/README.md +130 -0
package/dist/__tests__/e2e/test-config.d.ts +37 -0
package/dist/__tests__/e2e/test-config.d.ts.map +1 -0
package/dist/__tests__/e2e/test-config.js +62 -0
package/dist/__tests__/e2e/test-config.js.map +1 -0
package/dist/adapter.d.ts +44 -1
package/dist/adapter.d.ts.map +1 -1
package/dist/adapter.js +712 -112
package/dist/adapter.js.map +1 -1
package/dist/agent.d.ts +103 -25
package/dist/agent.d.ts.map +1 -1
package/dist/agent.js +617 -40
package/dist/agent.js.map +1 -1
package/dist/app.d.ts +0 -8
package/dist/app.d.ts.map +1 -1
package/dist/app.js +277 -119
package/dist/app.js.map +1 -1
package/dist/cache/kv-oauth-config-cache.d.ts +47 -0
package/dist/cache/kv-oauth-config-cache.d.ts.map +1 -0
package/dist/cache/kv-oauth-config-cache.js +82 -0
package/dist/cache/kv-oauth-config-cache.js.map +1 -0
package/dist/cache/kv-tool-protection-cache.d.ts +26 -1
package/dist/cache/kv-tool-protection-cache.d.ts.map +1 -1
package/dist/cache/kv-tool-protection-cache.js +19 -11
package/dist/cache/kv-tool-protection-cache.js.map +1 -1
package/dist/config.d.ts.map +1 -1
package/dist/config.js +39 -14
package/dist/config.js.map +1 -1
package/dist/helpers/env-mapper.d.ts +60 -1
package/dist/helpers/env-mapper.d.ts.map +1 -1
package/dist/helpers/env-mapper.js +136 -6
package/dist/helpers/env-mapper.js.map +1 -1
package/dist/index.d.ts +4 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.js +16 -3
package/dist/index.js.map +1 -1
package/dist/runtime/audit-logger.d.ts +96 -0
package/dist/runtime/audit-logger.d.ts.map +1 -0
package/dist/runtime/audit-logger.js +276 -0
package/dist/runtime/audit-logger.js.map +1 -0
package/dist/runtime/oauth-handler.d.ts +5 -0
package/dist/runtime/oauth-handler.d.ts.map +1 -1
package/dist/runtime/oauth-handler.js +287 -35
package/dist/runtime/oauth-handler.js.map +1 -1
package/dist/runtime.d.ts +12 -1
package/dist/runtime.d.ts.map +1 -1
package/dist/runtime.js +34 -4
package/dist/runtime.js.map +1 -1
package/dist/server.d.ts +7 -0
package/dist/server.d.ts.map +1 -1
package/dist/server.js +133 -18
package/dist/server.js.map +1 -1
package/dist/services/admin.service.d.ts +1 -3
package/dist/services/admin.service.d.ts.map +1 -1
package/dist/services/admin.service.js +175 -146
package/dist/services/admin.service.js.map +1 -1
package/dist/services/consent-audit.service.d.ts +91 -0
package/dist/services/consent-audit.service.d.ts.map +1 -0
package/dist/services/consent-audit.service.js +243 -0
package/dist/services/consent-audit.service.js.map +1 -0
package/dist/services/consent-config.service.d.ts +2 -2
package/dist/services/consent-config.service.d.ts.map +1 -1
package/dist/services/consent-config.service.js +55 -28
package/dist/services/consent-config.service.js.map +1 -1
package/dist/services/consent-page-renderer.d.ts +14 -0
package/dist/services/consent-page-renderer.d.ts.map +1 -1
package/dist/services/consent-page-renderer.js +54 -27
package/dist/services/consent-page-renderer.js.map +1 -1
package/dist/services/consent.service.d.ts +93 -8
package/dist/services/consent.service.d.ts.map +1 -1
package/dist/services/consent.service.js +1817 -553
package/dist/services/consent.service.js.map +1 -1
package/dist/services/delegation.service.d.ts.map +1 -1
package/dist/services/delegation.service.js +67 -29
package/dist/services/delegation.service.js.map +1 -1
package/dist/services/idp-token-storage.d.ts +68 -0
package/dist/services/idp-token-storage.d.ts.map +1 -0
package/dist/services/idp-token-storage.js +157 -0
package/dist/services/idp-token-storage.js.map +1 -0
package/dist/services/oauth-service.d.ts +66 -0
package/dist/services/oauth-service.d.ts.map +1 -0
package/dist/services/oauth-service.js +223 -0
package/dist/services/oauth-service.js.map +1 -0
package/dist/services/proof.service.d.ts +8 -6
package/dist/services/proof.service.d.ts.map +1 -1
package/dist/services/proof.service.js +131 -75
package/dist/services/proof.service.js.map +1 -1
package/dist/services/tool-context-builder.d.ts +55 -0
package/dist/services/tool-context-builder.d.ts.map +1 -0
package/dist/services/tool-context-builder.js +124 -0
package/dist/services/tool-context-builder.js.map +1 -0
package/dist/types/tool-context.d.ts +35 -0
package/dist/types/tool-context.d.ts.map +1 -0
package/dist/types/tool-context.js +13 -0
package/dist/types/tool-context.js.map +1 -0
package/dist/types.d.ts +31 -2
package/dist/types.d.ts.map +1 -1
package/dist/utils/oauth-service-registry.d.ts +65 -0
package/dist/utils/oauth-service-registry.d.ts.map +1 -0
package/dist/utils/oauth-service-registry.js +125 -0
package/dist/utils/oauth-service-registry.js.map +1 -0
package/package.json +27 -60

package/dist/services/tool-context-builder.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tool-context-builder.js","sourceRoot":"","sources":["../../src/services/tool-context-builder.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAsBH;;;;;;GAMG;AACH,MAAM,OAAO,kBAAkB;IACrB,MAAM,CAEZ;IAEF,YAAY,MAAgC;QAC1C,IAAI,CAAC,MAAM,GAAG;YACZ,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;SACpC,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,OAA2B,EAC3B,SAA6B,EAC7B,eAAmC,EACnC,cAAqC;QAErC,4CAA4C;QAC5C,IAAI,CAAC,cAAc,EAAE,cAAc,EAAE,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YACxD,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,sDAAsD;QACtD,yDAAyD;QACzD,8DAA8D;QAC9D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;QAE5D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,4CAA4C,EAAE;gBAC/D,QAAQ;gBACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;aAC1C,CAAC,CAAC;YACH,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,oBAAoB;QACpB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,mBAAmB,CAClE,OAAO,EACP,QAAQ,EACR,cAAc,CAAC,cAAc,CAC9B,CAAC;QAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,gDAAgD;YAChD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,0CAA0C,EAAE;gBAC7D,QAAQ;gBACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;gBACzC,QAAQ;gBACR,MAAM,EAAE,cAAc,CAAC,cAAc;aACtC,CAAC,CAAC;YACH,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,2BAA2B;QAC3B,MAAM,OAAO,GAAyB;YACpC,QAAQ;YACR,QAAQ;YACR,MAAM,EAAE,cAAc,CAAC,cAAc;YACrC,OAAO;YACP,SAAS;YACT,eAAe;SAChB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,iDAAiD,EAAE;YACpE,QAAQ;YACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;YACzC,QAAQ;YACR,QAAQ,EAAE,CAAC,CAAC,QAAQ;SACrB,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;;;OAQG;IACK,KAAK,CAAC,eAAe,CAC3B,cAA8B;QAE9B,mEAAmE;QACnE,sCAAsC;QACtC,yCAAyC;QACzC,IAAI;QAEJ,2EAA2E;QAC3E,8EAA8E;QAC9E,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,CAChE,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;YAEF,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YACrD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC3B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,8CAA8C,EAAE;oBACjE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;iBACjC,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC;YACd,CAAC;YAED,qDAAqD;YACrD,4EAA4E;YAC5E,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;YAE9B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,2DAA2D,EAAE;gBAC9E,QAAQ;gBACR,kBAAkB,EAAE,SAAS;aAC9B,CAAC,CAAC;YAEH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,mDAAmD,EAAE;gBACtE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;gBAC7D,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;aACjC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF"}

package/dist/types/tool-context.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * Tool Execution Context
+ *
+ * Execution context passed to tool handlers, enabling tools to access
+ * IDP tokens for external API calls (GitHub, Google, etc.).
+ *
+ * All fields are optional for backward compatibility - tools that don't
+ * require OAuth will receive undefined context.
+ *
+ * @package @kya-os/mcp-i-cloudflare
+ */
+/**
+ * Execution context passed to tool handlers
+ *
+ * Enables tools to access IDP tokens for external API calls.
+ * Context is only provided when:
+ * - Tool requires OAuth (has requiredScopes)
+ * - User DID is available
+ * - IDP token is successfully resolved
+ */
+export interface ToolExecutionContext {
+    /** IDP access token for external API calls (e.g., GitHub, Google) */
+    idpToken?: string;
+    /** OAuth provider name (e.g., "github", "google") */
+    provider?: string;
+    /** Scopes granted for this token */
+    scopes?: string[];
+    /** User DID associated with this token */
+    userDid?: string;
+    /** Session ID */
+    sessionId?: string;
+    /** Delegation token (MCP-I internal authorization) */
+    delegationToken?: string;
+}
+//# sourceMappingURL=tool-context.d.ts.map

package/dist/types/tool-context.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tool-context.d.ts","sourceRoot":"","sources":["../../src/types/tool-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH;;;;;;;;GAQG;AACH,MAAM,WAAW,oBAAoB;IACnC,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,qDAAqD;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,oCAAoC;IACpC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB,0CAA0C;IAC1C,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,iBAAiB;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,sDAAsD;IACtD,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B"}

package/dist/types/tool-context.js ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Tool Execution Context
+ *
+ * Execution context passed to tool handlers, enabling tools to access
+ * IDP tokens for external API calls (GitHub, Google, etc.).
+ *
+ * All fields are optional for backward compatibility - tools that don't
+ * require OAuth will receive undefined context.
+ *
+ * @package @kya-os/mcp-i-cloudflare
+ */
+export {};
+//# sourceMappingURL=tool-context.js.map

package/dist/types/tool-context.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"tool-context.js","sourceRoot":"","sources":["../../src/types/tool-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG"}

package/dist/types.d.ts CHANGED Viewed

@@ -3,15 +3,42 @@
  *
  * These types are separated to avoid circular dependencies.
  */
-import type { KVNamespace, DurableObjectState } from "@cloudflare/workers-types";
+import type { KVNamespace, DurableObjectState } from '@cloudflare/workers-types';
 /**
  * Cloudflare environment bindings for MCP-I
+ *
+ * This is the normalized format after prefix mapping. All components expect
+ * this format with standard KV binding names (e.g., `NONCE_CACHE`, not `_17429_NONCE_CACHE`).
+ *
+ * To handle prefixed KV bindings (required for multi-agent deployments in the same account),
+ * use `normalizeCloudflareEnv()` from `@kya-os/mcp-i-cloudflare/helpers/env-mapper` before
+ * passing the environment to components.
+ *
+ * @example
+ * ```typescript
+ * import { normalizeCloudflareEnv } from '@kya-os/mcp-i-cloudflare/helpers/env-mapper';
+ *
+ * // With prefixed bindings
+ * const env = { _17429_NONCE_CACHE: kvNamespace };
+ * const normalized = normalizeCloudflareEnv(env, '_17429');
+ * // normalized.NONCE_CACHE is now available
+ *
+ * // Without prefix (direct access)
+ * const env2 = { NONCE_CACHE: kvNamespace };
+ * const normalized2 = normalizeCloudflareEnv(env2);
+ * // normalized2.NONCE_CACHE is available
+ * ```
  */
 export interface CloudflareEnv {
+    /** KV namespace for nonce cache (required for replay attack prevention) */
     NONCE_CACHE: KVNamespace;
+    /** KV namespace for proof archive (optional, for auditability) */
     PROOF_ARCHIVE?: KVNamespace;
+    /** KV namespace for identity storage (optional, for persistent agent identity) */
     IDENTITY_STORAGE?: KVNamespace;
+    /** KV namespace for tool protection config cache (optional, for dashboard-controlled delegation) */
     TOOL_PROTECTION_KV?: KVNamespace;
+    /** KV namespace for delegation storage (required for OAuth/delegation flows) */
     DELEGATION_STORAGE?: KVNamespace;
     MCP_IDENTITY_PRIVATE_KEY?: string;
     MCP_IDENTITY_PUBLIC_KEY?: string;
@@ -20,10 +47,12 @@ export interface CloudflareEnv {
     AGENTSHIELD_API_URL?: string;
     AGENTSHIELD_API_KEY?: string;
     AGENTSHIELD_PROJECT_ID?: string;
+    /** Optional encryption secret for OAuth token encryption (CSRF protection) */
+    OAUTH_ENCRYPTION_SECRET?: string;
     MCPI_ENV?: string;
     ENVIRONMENT?: string;
     ADMIN_API_KEY?: string;
+    /** Optional Durable Object state for identity persistence */
     _durableObjectState?: DurableObjectState;
 }
-export type { MCPICloudflareAdapterConfig } from "./adapter";
 //# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,~~EACV~~,WAAW,~~EACX~~,kBAAkB,~~EACnB~~,MAAM,2BAA2B,CAAC;~~AAEnC;;GAEG~~;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,WAAW,CAAC;IACzB,aAAa,CAAC,EAAE,WAAW,CAAC;IAC5B,gBAAgB,CAAC,EAAE,WAAW,CAAC;IAC/B,kBAAkB,CAAC,EAAE,WAAW,CAAC;IACjC,kBAAkB,CAAC,EAAE,WAAW,CAAC;IACjC,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;~~IAEvB~~,mBAAmB,CAAC,EAAE,kBAAkB,CAAC;CAC1C~~;AAGD,YAAY,EAAE,2BAA2B,EAAE,MAAM,WAAW,CAAC~~"}
1	+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAEjF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,WAAW,aAAa;IAC5B,2EAA2E;IAC3E,WAAW,EAAE,WAAW,CAAC;IACzB,kEAAkE;IAClE,aAAa,CAAC,EAAE,WAAW,CAAC;IAC5B,kFAAkF;IAClF,gBAAgB,CAAC,EAAE,WAAW,CAAC;IAC/B,oGAAoG;IACpG,kBAAkB,CAAC,EAAE,WAAW,CAAC;IACjC,gFAAgF;IAChF,kBAAkB,CAAC,EAAE,WAAW,CAAC;IACjC,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,8EAA8E;IAC9E,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,6DAA6D;IAC7D,mBAAmB,CAAC,EAAE,kBAAkB,CAAC;CAC1C"}

package/dist/utils/oauth-service-registry.d.ts ADDED Viewed

@@ -0,0 +1,65 @@
+/**
+ * OAuth Service Registry - Centralized tree-shaking prevention
+ *
+ * This module solves a critical bundling issue with Cloudflare Workers:
+ * Wrangler uses esbuild which aggressively tree-shakes imports that are
+ * only used inside async functions with conditional execution.
+ *
+ * Solution: Register OAuth services on globalThis at module load time,
+ * creating an observable side effect that esbuild cannot eliminate.
+ *
+ * @module oauth-service-registry
+ * @see https://esbuild.github.io/api/#tree-shaking
+ */
+import { OAuthConfigService, OAuthProviderRegistry, ProviderResolver } from "@kya-os/mcp-i-core";
+/**
+ * Type definition for the OAuth services registry
+ */
+export interface OAuthServicesRegistry {
+    OAuthConfigService: typeof OAuthConfigService;
+    OAuthProviderRegistry: typeof OAuthProviderRegistry;
+    ProviderResolver: typeof ProviderResolver;
+}
+/**
+ * Error thrown when OAuth services are not available
+ */
+export declare class OAuthServicesUnavailableError extends Error {
+    constructor(serviceName: string);
+}
+/**
+ * Get OAuth services from the global registry
+ *
+ * This is the primary API for retrieving OAuth services.
+ * It retrieves services that were registered on globalThis at module load,
+ * ensuring they survive esbuild's tree-shaking.
+ *
+ * @returns The OAuth services registry containing all constructors
+ * @throws {OAuthServicesUnavailableError} If services are not registered
+ *
+ * @example
+ * ```typescript
+ * const { OAuthConfigService, OAuthProviderRegistry } = getOAuthServices();
+ * const configService = new OAuthConfigService({ ... });
+ * ```
+ */
+export declare function getOAuthServices(): OAuthServicesRegistry;
+/**
+ * Check if OAuth services are available without throwing
+ *
+ * Useful for conditional initialization where missing services
+ * should be handled gracefully rather than throwing.
+ *
+ * @returns true if all OAuth services are registered and valid
+ *
+ * @example
+ * ```typescript
+ * if (isOAuthServicesAvailable()) {
+ *   const services = getOAuthServices();
+ *   // Initialize OAuth functionality
+ * } else {
+ *   console.warn("OAuth services not available");
+ * }
+ * ```
+ */
+export declare function isOAuthServicesAvailable(): boolean;
+//# sourceMappingURL=oauth-service-registry.d.ts.map

package/dist/utils/oauth-service-registry.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth-service-registry.d.ts","sourceRoot":"","sources":["../../src/utils/oauth-service-registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,gBAAgB,EACjB,MAAM,oBAAoB,CAAC;AAQ5B;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,kBAAkB,EAAE,OAAO,kBAAkB,CAAC;IAC9C,qBAAqB,EAAE,OAAO,qBAAqB,CAAC;IACpD,gBAAgB,EAAE,OAAO,gBAAgB,CAAC;CAC3C;AA6CD;;GAEG;AACH,qBAAa,6BAA8B,SAAQ,KAAK;gBAC1C,WAAW,EAAE,MAAM;CAQhC;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,gBAAgB,IAAI,qBAAqB,CAqBxD;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,wBAAwB,IAAI,OAAO,CAelD"}

package/dist/utils/oauth-service-registry.js ADDED Viewed

@@ -0,0 +1,125 @@
+/**
+ * OAuth Service Registry - Centralized tree-shaking prevention
+ *
+ * This module solves a critical bundling issue with Cloudflare Workers:
+ * Wrangler uses esbuild which aggressively tree-shakes imports that are
+ * only used inside async functions with conditional execution.
+ *
+ * Solution: Register OAuth services on globalThis at module load time,
+ * creating an observable side effect that esbuild cannot eliminate.
+ *
+ * @module oauth-service-registry
+ * @see https://esbuild.github.io/api/#tree-shaking
+ */
+import { OAuthConfigService, OAuthProviderRegistry, ProviderResolver, } from "@kya-os/mcp-i-core";
+/**
+ * Global registry key for OAuth services
+ * Using a unique symbol-like string to avoid collisions
+ */
+const REGISTRY_KEY = "__MCPI_OAUTH_SERVICES__";
+/**
+ * The services object containing all OAuth-related constructors
+ * This is created at module load time to ensure bundler inclusion
+ */
+const _oauthServices = {
+    OAuthConfigService,
+    OAuthProviderRegistry,
+    ProviderResolver,
+};
+/**
+ * CRITICAL: Register on globalThis at module load
+ *
+ * This creates an observable side effect that esbuild cannot optimize away.
+ * The write to globalThis MUST happen for the program to work correctly,
+ * so esbuild will include all the OAuth service classes in the bundle.
+ */
+globalThis[REGISTRY_KEY] = _oauthServices;
+/**
+ * Validate registration succeeded
+ * Logs errors at module load if services are missing (indicates bundler issue)
+ */
+const _registeredServices = globalThis[REGISTRY_KEY];
+if (!_registeredServices?.OAuthConfigService) {
+    console.error("[OAuthServiceRegistry] CRITICAL: OAuthConfigService not registered - bundler issue");
+}
+if (!_registeredServices?.OAuthProviderRegistry) {
+    console.error("[OAuthServiceRegistry] CRITICAL: OAuthProviderRegistry not registered - bundler issue");
+}
+if (!_registeredServices?.ProviderResolver) {
+    console.error("[OAuthServiceRegistry] CRITICAL: ProviderResolver not registered - bundler issue");
+}
+/**
+ * Error thrown when OAuth services are not available
+ */
+export class OAuthServicesUnavailableError extends Error {
+    constructor(serviceName) {
+        super(`${serviceName} not available from OAuth service registry. ` +
+            `This indicates a bundler tree-shaking issue. ` +
+            `The globalThis registration should have happened at module load.`);
+        this.name = "OAuthServicesUnavailableError";
+    }
+}
+/**
+ * Get OAuth services from the global registry
+ *
+ * This is the primary API for retrieving OAuth services.
+ * It retrieves services that were registered on globalThis at module load,
+ * ensuring they survive esbuild's tree-shaking.
+ *
+ * @returns The OAuth services registry containing all constructors
+ * @throws {OAuthServicesUnavailableError} If services are not registered
+ *
+ * @example
+ * ```typescript
+ * const { OAuthConfigService, OAuthProviderRegistry } = getOAuthServices();
+ * const configService = new OAuthConfigService({ ... });
+ * ```
+ */
+export function getOAuthServices() {
+    const services = globalThis[REGISTRY_KEY];
+    if (!services) {
+        throw new OAuthServicesUnavailableError("OAuth services registry");
+    }
+    // Validate each service is a constructor
+    if (typeof services.OAuthConfigService !== "function") {
+        throw new OAuthServicesUnavailableError("OAuthConfigService");
+    }
+    if (typeof services.OAuthProviderRegistry !== "function") {
+        throw new OAuthServicesUnavailableError("OAuthProviderRegistry");
+    }
+    if (typeof services.ProviderResolver !== "function") {
+        throw new OAuthServicesUnavailableError("ProviderResolver");
+    }
+    return services;
+}
+/**
+ * Check if OAuth services are available without throwing
+ *
+ * Useful for conditional initialization where missing services
+ * should be handled gracefully rather than throwing.
+ *
+ * @returns true if all OAuth services are registered and valid
+ *
+ * @example
+ * ```typescript
+ * if (isOAuthServicesAvailable()) {
+ *   const services = getOAuthServices();
+ *   // Initialize OAuth functionality
+ * } else {
+ *   console.warn("OAuth services not available");
+ * }
+ * ```
+ */
+export function isOAuthServicesAvailable() {
+    try {
+        const services = globalThis[REGISTRY_KEY];
+        return (!!services &&
+            typeof services.OAuthConfigService === "function" &&
+            typeof services.OAuthProviderRegistry === "function" &&
+            typeof services.ProviderResolver === "function");
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=oauth-service-registry.js.map

package/dist/utils/oauth-service-registry.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth-service-registry.js","sourceRoot":"","sources":["../../src/utils/oauth-service-registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAE5B;;;GAGG;AACH,MAAM,YAAY,GAAG,yBAAyB,CAAC;AAW/C;;;GAGG;AACH,MAAM,cAAc,GAA0B;IAC5C,kBAAkB;IAClB,qBAAqB;IACrB,gBAAgB;CACjB,CAAC;AAEF;;;;;;GAMG;AACF,UAAsC,CAAC,YAAY,CAAC,GAAG,cAAc,CAAC;AAEvE;;;GAGG;AACH,MAAM,mBAAmB,GAAI,UAAsC,CACjE,YAAY,CACwB,CAAC;AAEvC,IAAI,CAAC,mBAAmB,EAAE,kBAAkB,EAAE,CAAC;IAC7C,OAAO,CAAC,KAAK,CACX,oFAAoF,CACrF,CAAC;AACJ,CAAC;AACD,IAAI,CAAC,mBAAmB,EAAE,qBAAqB,EAAE,CAAC;IAChD,OAAO,CAAC,KAAK,CACX,uFAAuF,CACxF,CAAC;AACJ,CAAC;AACD,IAAI,CAAC,mBAAmB,EAAE,gBAAgB,EAAE,CAAC;IAC3C,OAAO,CAAC,KAAK,CACX,kFAAkF,CACnF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,6BAA8B,SAAQ,KAAK;IACtD,YAAY,WAAmB;QAC7B,KAAK,CACH,GAAG,WAAW,8CAA8C;YAC1D,+CAA+C;YAC/C,kEAAkE,CACrE,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,+BAA+B,CAAC;IAC9C,CAAC;CACF;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,QAAQ,GAAI,UAAsC,CAAC,YAAY,CAExD,CAAC;IAEd,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,6BAA6B,CAAC,yBAAyB,CAAC,CAAC;IACrE,CAAC;IAED,yCAAyC;IACzC,IAAI,OAAO,QAAQ,CAAC,kBAAkB,KAAK,UAAU,EAAE,CAAC;QACtD,MAAM,IAAI,6BAA6B,CAAC,oBAAoB,CAAC,CAAC;IAChE,CAAC;IACD,IAAI,OAAO,QAAQ,CAAC,qBAAqB,KAAK,UAAU,EAAE,CAAC;QACzD,MAAM,IAAI,6BAA6B,CAAC,uBAAuB,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,OAAO,QAAQ,CAAC,gBAAgB,KAAK,UAAU,EAAE,CAAC;QACpD,MAAM,IAAI,6BAA6B,CAAC,kBAAkB,CAAC,CAAC;IAC9D,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,wBAAwB;IACtC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAI,UAAsC,CAAC,YAAY,CAExD,CAAC;QAEd,OAAO,CACL,CAAC,CAAC,QAAQ;YACV,OAAO,QAAQ,CAAC,kBAAkB,KAAK,UAAU;YACjD,OAAO,QAAQ,CAAC,qBAAqB,KAAK,UAAU;YACpD,OAAO,QAAQ,CAAC,gBAAgB,KAAK,UAAU,CAChD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/package.json CHANGED Viewed

@@ -1,74 +1,41 @@
 {
   "name": "@kya-os/mcp-i-cloudflare",
-  "version": "1.5.10-canary.8",
-  "description": "Cloudflare Workers implementation of MCP-I framework",
+  "version": "1.6.0",
+  "description": "Cloudflare Workers adapter for MCP-I framework",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
-  "type": "module",
-  "exports": {
-    ".": {
-      "import": "./dist/index.js",
-      "types": "./dist/index.d.ts"
-    },
-    "./config": {
-      "import": "./dist/config.js",
-      "types": "./dist/config.d.ts"
-    }
-  },
   "files": [
-    "dist/**/*",
-    "README.md"
+    "dist"
   ],
   "scripts": {
     "build": "tsc",
-    "dev": "tsc --watch",
-    "test": "vitest --run",
-    "test:coverage": "vitest --run --coverage",
-    "lint": "eslint src/**/*.ts",
-    "type-check": "tsc --noEmit",
-    "prepublishOnly": "npm run build && node ../create-mcpi-app/scripts/validate-dependencies.js"
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage",
+    "test:watch": "vitest",
+    "lint": "eslint .",
+    "clean": "rm -rf dist .turbo node_modules",
+    "prepublishOnly": "npm run build && node ../create-mcpi-app/scripts/validate-no-workspace.js"
   },
-  "keywords": [
-    "mcp-i",
-    "mcp",
-    "identity",
-    "did",
-    "cloudflare",
-    "workers",
-    "edge"
-  ],
   "dependencies": {
-    "@kya-os/contracts": "^1.5.4-canary.2",
-    "@kya-os/mcp-i-core": "^1.2.3-canary.6",
-    "@modelcontextprotocol/sdk": "^1.11.4",
-    "base-x": "^5.0.1"
-  },
-  "peerDependencies": {
-    "hono": "^4.0.0",
-    "agents": "^0.2.21"
+    "@kya-os/contracts": "^1.6.0",
+    "@kya-os/mcp-i-core": "^1.3.0",
+    "@modelcontextprotocol/sdk": "^1.22.0",
+    "agents": "^0.2.21",
+    "base-x": "^5.0.0",
+    "hono": "^4.6.3",
+    "jose": "^5.6.3",
+    "zod": "^3.23.8"
   },
   "devDependencies": {
-    "@cloudflare/workers-types": "^4.20251109.0",
-    "@types/node": "^20.0.0",
-    "@typescript-eslint/eslint-plugin": "^6.0.0",
-    "@typescript-eslint/parser": "^6.0.0",
+    "@cloudflare/workers-types": "^4.20240701.0",
+    "@types/node": "^20.14.9",
     "@vitest/coverage-v8": "^4.0.5",
-    "eslint": "^8.0.0",
-    "typescript": "^5.3.0",
-    "vitest": "^4.0.5",
-    "wrangler": "^3.0.0"
-  },
-  "engines": {
-    "node": ">=20.0.0"
-  },
-  "author": "MCP-I Team",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/modelcontextprotocol-identity/mcp-i.git"
-  },
-  "bugs": {
-    "url": "https://github.com/modelcontextprotocol-identity/mcp-i/issues"
-  },
-  "homepage": "https://github.com/modelcontextprotocol-identity/mcp-i#readme"
+    "dotenv": "^16.3.1",
+    "eslint": "^8.57.0",
+    "typescript": "^5.5.3",
+    "vitest": "^4.0.5"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
 }