@kya-os/mcp-i-cloudflare 1.5.10-canary.9 → 1.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +130 -0
- package/dist/__tests__/e2e/test-config.d.ts +37 -0
- package/dist/__tests__/e2e/test-config.d.ts.map +1 -0
- package/dist/__tests__/e2e/test-config.js +62 -0
- package/dist/__tests__/e2e/test-config.js.map +1 -0
- package/dist/adapter.d.ts +44 -1
- package/dist/adapter.d.ts.map +1 -1
- package/dist/adapter.js +712 -112
- package/dist/adapter.js.map +1 -1
- package/dist/agent.d.ts +103 -25
- package/dist/agent.d.ts.map +1 -1
- package/dist/agent.js +617 -40
- package/dist/agent.js.map +1 -1
- package/dist/app.d.ts +0 -8
- package/dist/app.d.ts.map +1 -1
- package/dist/app.js +277 -119
- package/dist/app.js.map +1 -1
- package/dist/cache/kv-oauth-config-cache.d.ts +47 -0
- package/dist/cache/kv-oauth-config-cache.d.ts.map +1 -0
- package/dist/cache/kv-oauth-config-cache.js +82 -0
- package/dist/cache/kv-oauth-config-cache.js.map +1 -0
- package/dist/cache/kv-tool-protection-cache.d.ts +26 -1
- package/dist/cache/kv-tool-protection-cache.d.ts.map +1 -1
- package/dist/cache/kv-tool-protection-cache.js +19 -11
- package/dist/cache/kv-tool-protection-cache.js.map +1 -1
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +39 -14
- package/dist/config.js.map +1 -1
- package/dist/helpers/env-mapper.d.ts +60 -1
- package/dist/helpers/env-mapper.d.ts.map +1 -1
- package/dist/helpers/env-mapper.js +136 -6
- package/dist/helpers/env-mapper.js.map +1 -1
- package/dist/index.d.ts +4 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +16 -3
- package/dist/index.js.map +1 -1
- package/dist/runtime/audit-logger.d.ts +96 -0
- package/dist/runtime/audit-logger.d.ts.map +1 -0
- package/dist/runtime/audit-logger.js +276 -0
- package/dist/runtime/audit-logger.js.map +1 -0
- package/dist/runtime/oauth-handler.d.ts +5 -0
- package/dist/runtime/oauth-handler.d.ts.map +1 -1
- package/dist/runtime/oauth-handler.js +287 -35
- package/dist/runtime/oauth-handler.js.map +1 -1
- package/dist/runtime.d.ts +12 -1
- package/dist/runtime.d.ts.map +1 -1
- package/dist/runtime.js +34 -4
- package/dist/runtime.js.map +1 -1
- package/dist/server.d.ts +7 -0
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +120 -29
- package/dist/server.js.map +1 -1
- package/dist/services/admin.service.d.ts +1 -3
- package/dist/services/admin.service.d.ts.map +1 -1
- package/dist/services/admin.service.js +175 -146
- package/dist/services/admin.service.js.map +1 -1
- package/dist/services/consent-audit.service.d.ts +91 -0
- package/dist/services/consent-audit.service.d.ts.map +1 -0
- package/dist/services/consent-audit.service.js +243 -0
- package/dist/services/consent-audit.service.js.map +1 -0
- package/dist/services/consent-config.service.d.ts +2 -2
- package/dist/services/consent-config.service.d.ts.map +1 -1
- package/dist/services/consent-config.service.js +55 -28
- package/dist/services/consent-config.service.js.map +1 -1
- package/dist/services/consent-page-renderer.d.ts +14 -0
- package/dist/services/consent-page-renderer.d.ts.map +1 -1
- package/dist/services/consent-page-renderer.js +54 -27
- package/dist/services/consent-page-renderer.js.map +1 -1
- package/dist/services/consent.service.d.ts +93 -8
- package/dist/services/consent.service.d.ts.map +1 -1
- package/dist/services/consent.service.js +1817 -553
- package/dist/services/consent.service.js.map +1 -1
- package/dist/services/delegation.service.d.ts.map +1 -1
- package/dist/services/delegation.service.js +67 -29
- package/dist/services/delegation.service.js.map +1 -1
- package/dist/services/idp-token-storage.d.ts +68 -0
- package/dist/services/idp-token-storage.d.ts.map +1 -0
- package/dist/services/idp-token-storage.js +157 -0
- package/dist/services/idp-token-storage.js.map +1 -0
- package/dist/services/oauth-service.d.ts +66 -0
- package/dist/services/oauth-service.d.ts.map +1 -0
- package/dist/services/oauth-service.js +223 -0
- package/dist/services/oauth-service.js.map +1 -0
- package/dist/services/proof.service.d.ts +8 -6
- package/dist/services/proof.service.d.ts.map +1 -1
- package/dist/services/proof.service.js +131 -75
- package/dist/services/proof.service.js.map +1 -1
- package/dist/services/tool-context-builder.d.ts +55 -0
- package/dist/services/tool-context-builder.d.ts.map +1 -0
- package/dist/services/tool-context-builder.js +124 -0
- package/dist/services/tool-context-builder.js.map +1 -0
- package/dist/types/tool-context.d.ts +35 -0
- package/dist/types/tool-context.d.ts.map +1 -0
- package/dist/types/tool-context.js +13 -0
- package/dist/types/tool-context.js.map +1 -0
- package/dist/types.d.ts +31 -2
- package/dist/types.d.ts.map +1 -1
- package/dist/utils/oauth-service-registry.d.ts +65 -0
- package/dist/utils/oauth-service-registry.d.ts.map +1 -0
- package/dist/utils/oauth-service-registry.js +125 -0
- package/dist/utils/oauth-service-registry.js.map +1 -0
- package/package.json +27 -60
|
@@ -184,7 +184,7 @@ export function createOAuthCallbackHandler(config = {}) {
|
|
|
184
184
|
return async (c) => {
|
|
185
185
|
const env = c.env;
|
|
186
186
|
// Get configuration with defaults
|
|
187
|
-
const { agentShieldApiUrl = env.AGENTSHIELD_API_URL || 'https://hobbs.work', delegationStorage, consentService, successTemplate = defaultSuccessTemplate, errorTemplate = defaultErrorTemplate, autoClose = true, autoCloseDelay = 5000 } = config;
|
|
187
|
+
const { agentShieldApiUrl = env.AGENTSHIELD_API_URL || 'https://hobbs.work', delegationStorage, consentService, oauthSecurityService, successTemplate = defaultSuccessTemplate, errorTemplate = defaultErrorTemplate, autoClose = true, autoCloseDelay = 5000 } = config;
|
|
188
188
|
// Get query parameters
|
|
189
189
|
const code = c.req.query('code');
|
|
190
190
|
const stateParam = c.req.query('state');
|
|
@@ -192,7 +192,12 @@ export function createOAuthCallbackHandler(config = {}) {
|
|
|
192
192
|
// Handle OAuth errors
|
|
193
193
|
if (error) {
|
|
194
194
|
const errorDescription = c.req.query('error_description') || 'Authorization failed';
|
|
195
|
-
console.error('[OAuth] Error from provider:',
|
|
195
|
+
console.error('[OAuth] 🔒 SECURITY EVENT: Error from provider:', {
|
|
196
|
+
error,
|
|
197
|
+
errorDescription,
|
|
198
|
+
timestamp: new Date().toISOString(),
|
|
199
|
+
eventType: 'oauth_provider_error'
|
|
200
|
+
});
|
|
196
201
|
const html = errorTemplate({
|
|
197
202
|
error,
|
|
198
203
|
description: errorDescription
|
|
@@ -201,25 +206,89 @@ export function createOAuthCallbackHandler(config = {}) {
|
|
|
201
206
|
}
|
|
202
207
|
// Validate required parameters
|
|
203
208
|
if (!code || !stateParam) {
|
|
204
|
-
console.error('[OAuth]
|
|
209
|
+
console.error('[OAuth] 🔒 SECURITY EVENT: Missing required parameters:', {
|
|
210
|
+
hasCode: !!code,
|
|
211
|
+
hasState: !!stateParam,
|
|
212
|
+
timestamp: new Date().toISOString(),
|
|
213
|
+
eventType: 'oauth_validation_failed',
|
|
214
|
+
reason: 'missing_parameters'
|
|
215
|
+
});
|
|
205
216
|
const html = errorTemplate({
|
|
206
217
|
error: 'invalid_request',
|
|
207
218
|
description: 'Missing authorization code or state parameter'
|
|
208
219
|
});
|
|
209
220
|
return c.html(html, 400);
|
|
210
221
|
}
|
|
211
|
-
//
|
|
222
|
+
// ✅ CSRF Protection: Retrieve and validate state from secure storage
|
|
212
223
|
let state;
|
|
213
|
-
|
|
214
|
-
|
|
224
|
+
let stateData = null;
|
|
225
|
+
if (oauthSecurityService) {
|
|
226
|
+
// Use secure state validation (CSRF-protected)
|
|
227
|
+
try {
|
|
228
|
+
stateData = await oauthSecurityService.getOAuthState(stateParam);
|
|
229
|
+
if (!stateData) {
|
|
230
|
+
console.error('[OAuth] 🔒 SECURITY EVENT: State validation failed - state not found or expired:', {
|
|
231
|
+
stateParam: stateParam.substring(0, 20) + '...',
|
|
232
|
+
timestamp: new Date().toISOString(),
|
|
233
|
+
eventType: 'csrf_protection_failed',
|
|
234
|
+
reason: 'state_not_found_or_expired'
|
|
235
|
+
});
|
|
236
|
+
const html = errorTemplate({
|
|
237
|
+
error: 'invalid_state',
|
|
238
|
+
description: 'Invalid or expired state parameter. This may be a CSRF attack or the authorization request has expired.'
|
|
239
|
+
});
|
|
240
|
+
return c.html(html, 400);
|
|
241
|
+
}
|
|
242
|
+
// Extract state from stored data
|
|
243
|
+
state = {
|
|
244
|
+
project_id: stateData.project_id,
|
|
245
|
+
agent_did: stateData.agent_did,
|
|
246
|
+
session_id: stateData.session_id,
|
|
247
|
+
delegation_id: stateData.delegation_id,
|
|
248
|
+
};
|
|
249
|
+
console.log('[OAuth] 🔒 SECURITY EVENT: State validated successfully:', {
|
|
250
|
+
projectId: state.project_id,
|
|
251
|
+
agentDid: state.agent_did.substring(0, 20) + '...',
|
|
252
|
+
sessionId: state.session_id?.substring(0, 20) + '...',
|
|
253
|
+
timestamp: new Date().toISOString(),
|
|
254
|
+
eventType: 'csrf_protection_success',
|
|
255
|
+
stateStoredAt: stateData.storedAt
|
|
256
|
+
});
|
|
257
|
+
}
|
|
258
|
+
catch (err) {
|
|
259
|
+
console.error('[OAuth] 🔒 SECURITY EVENT: State validation error:', {
|
|
260
|
+
error: err instanceof Error ? err.message : String(err),
|
|
261
|
+
stateParam: stateParam.substring(0, 20) + '...',
|
|
262
|
+
timestamp: new Date().toISOString(),
|
|
263
|
+
eventType: 'csrf_protection_error',
|
|
264
|
+
reason: 'validation_exception'
|
|
265
|
+
});
|
|
266
|
+
const html = errorTemplate({
|
|
267
|
+
error: 'invalid_state',
|
|
268
|
+
description: 'Failed to validate state parameter'
|
|
269
|
+
});
|
|
270
|
+
return c.html(html, 400);
|
|
271
|
+
}
|
|
215
272
|
}
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
}
|
|
222
|
-
|
|
273
|
+
else {
|
|
274
|
+
// Fallback: Decode state parameter directly (less secure, but backward compatible)
|
|
275
|
+
console.warn('[OAuth] ⚠️ SECURITY WARNING: OAuthSecurityService not provided, using insecure state decoding');
|
|
276
|
+
try {
|
|
277
|
+
state = JSON.parse(atob(stateParam));
|
|
278
|
+
}
|
|
279
|
+
catch (err) {
|
|
280
|
+
console.error('[OAuth] 🔒 SECURITY EVENT: Failed to decode state:', {
|
|
281
|
+
error: err instanceof Error ? err.message : String(err),
|
|
282
|
+
timestamp: new Date().toISOString(),
|
|
283
|
+
eventType: 'oauth_validation_failed',
|
|
284
|
+
reason: 'state_decode_error'
|
|
285
|
+
});
|
|
286
|
+
const html = errorTemplate({
|
|
287
|
+
error: 'invalid_state',
|
|
288
|
+
description: 'Invalid state parameter'
|
|
289
|
+
});
|
|
290
|
+
return c.html(html, 400);
|
|
291
|
+
}
|
|
223
292
|
}
|
|
224
293
|
const { project_id, agent_did, session_id, delegation_id } = state;
|
|
225
294
|
// Validate session ID
|
|
@@ -231,11 +300,14 @@ export function createOAuthCallbackHandler(config = {}) {
|
|
|
231
300
|
});
|
|
232
301
|
return c.html(html, 400);
|
|
233
302
|
}
|
|
234
|
-
console.log('[OAuth] Processing authorization code exchange:', {
|
|
303
|
+
console.log('[OAuth] 🔒 SECURITY EVENT: Processing authorization code exchange:', {
|
|
235
304
|
projectId: project_id,
|
|
236
305
|
agentDid: agent_did.substring(0, 20) + '...',
|
|
237
|
-
sessionId: session_id,
|
|
238
|
-
delegationId: delegation_id
|
|
306
|
+
sessionId: session_id?.substring(0, 20) + '...',
|
|
307
|
+
delegationId: delegation_id,
|
|
308
|
+
timestamp: new Date().toISOString(),
|
|
309
|
+
eventType: 'oauth_code_exchange_start',
|
|
310
|
+
hasSecureState: !!oauthSecurityService
|
|
239
311
|
});
|
|
240
312
|
try {
|
|
241
313
|
// Exchange authorization code for delegation token
|
|
@@ -255,9 +327,13 @@ export function createOAuthCallbackHandler(config = {}) {
|
|
|
255
327
|
});
|
|
256
328
|
if (!tokenResponse.ok) {
|
|
257
329
|
const errorText = await tokenResponse.text();
|
|
258
|
-
console.error('[OAuth] Token exchange failed:', {
|
|
330
|
+
console.error('[OAuth] 🔒 SECURITY EVENT: Token exchange failed:', {
|
|
259
331
|
status: tokenResponse.status,
|
|
260
|
-
error: errorText
|
|
332
|
+
error: errorText.substring(0, 200),
|
|
333
|
+
projectId: project_id,
|
|
334
|
+
agentDid: agent_did.substring(0, 20) + '...',
|
|
335
|
+
timestamp: new Date().toISOString(),
|
|
336
|
+
eventType: 'oauth_token_exchange_failed'
|
|
261
337
|
});
|
|
262
338
|
const html = errorTemplate({
|
|
263
339
|
error: 'token_exchange_failed',
|
|
@@ -268,18 +344,26 @@ export function createOAuthCallbackHandler(config = {}) {
|
|
|
268
344
|
const tokenData = await tokenResponse.json();
|
|
269
345
|
// Validate token response
|
|
270
346
|
if (!tokenData.delegation_token) {
|
|
271
|
-
console.error('[OAuth]
|
|
347
|
+
console.error('[OAuth] 🔒 SECURITY EVENT: Invalid token response:', {
|
|
348
|
+
hasDelegationToken: !!tokenData.delegation_token,
|
|
349
|
+
responseKeys: Object.keys(tokenData),
|
|
350
|
+
projectId: project_id,
|
|
351
|
+
timestamp: new Date().toISOString(),
|
|
352
|
+
eventType: 'oauth_invalid_token_response'
|
|
353
|
+
});
|
|
272
354
|
const html = errorTemplate({
|
|
273
355
|
error: 'invalid_response',
|
|
274
356
|
description: 'Invalid token response from authorization server'
|
|
275
357
|
});
|
|
276
358
|
return c.html(html, 500);
|
|
277
359
|
}
|
|
278
|
-
console.log('[OAuth] Token exchange successful:', {
|
|
360
|
+
console.log('[OAuth] 🔒 SECURITY EVENT: Token exchange successful:', {
|
|
279
361
|
delegationId: tokenData.delegation_id,
|
|
280
362
|
sessionId: tokenData.session_id || session_id,
|
|
281
363
|
expiresIn: tokenData.expires_in,
|
|
282
|
-
scopes: tokenData.scopes
|
|
364
|
+
scopes: tokenData.scopes,
|
|
365
|
+
timestamp: new Date().toISOString(),
|
|
366
|
+
eventType: 'oauth_token_exchange_success'
|
|
283
367
|
});
|
|
284
368
|
// Phase 4 PR #3: Extract OAuth user info and link to User DID
|
|
285
369
|
let oauthIdentity = null;
|
|
@@ -320,16 +404,161 @@ export function createOAuthCallbackHandler(config = {}) {
|
|
|
320
404
|
// Set OAuth identity cookie for consent page
|
|
321
405
|
const cookieValue = encodeURIComponent(JSON.stringify(oauthIdentity));
|
|
322
406
|
c.header("Set-Cookie", `oauth_identity=${cookieValue}; HttpOnly; Secure; SameSite=Lax; Max-Age=604800; Path=/`);
|
|
323
|
-
console.log('[OAuth] OAuth identity linked and cookie set:', {
|
|
407
|
+
console.log('[OAuth] 🔒 SECURITY EVENT: OAuth identity linked and cookie set:', {
|
|
324
408
|
provider: oauthIdentity.provider,
|
|
325
409
|
subject: oauthIdentity.subject.substring(0, 20) + '...',
|
|
326
410
|
userDid: userDid.substring(0, 20) + '...',
|
|
411
|
+
sessionId: session_id?.substring(0, 20) + '...',
|
|
412
|
+
timestamp: new Date().toISOString(),
|
|
413
|
+
eventType: 'oauth_identity_linked',
|
|
414
|
+
cookieSet: true
|
|
327
415
|
});
|
|
328
416
|
}
|
|
329
417
|
}
|
|
330
418
|
catch (error) {
|
|
331
419
|
// OAuth linking errors are non-fatal - log but continue
|
|
332
|
-
console.error('[OAuth] Failed to link OAuth identity (non-fatal):',
|
|
420
|
+
console.error('[OAuth] 🔒 SECURITY EVENT: Failed to link OAuth identity (non-fatal):', {
|
|
421
|
+
error: error instanceof Error ? error.message : String(error),
|
|
422
|
+
sessionId: session_id?.substring(0, 20) + '...',
|
|
423
|
+
timestamp: new Date().toISOString(),
|
|
424
|
+
eventType: 'oauth_identity_linking_failed',
|
|
425
|
+
severity: 'warning'
|
|
426
|
+
});
|
|
427
|
+
}
|
|
428
|
+
}
|
|
429
|
+
// ✅ Phase 3: Retrieve OAuth tokens from AgentShield (two-step flow)
|
|
430
|
+
// After receiving delegation token, retrieve OAuth tokens separately
|
|
431
|
+
// Note: userDid may not be available if OAuth linking failed, but we still need to store tokens
|
|
432
|
+
// For PKCE flows, we can use session-based userDid lookup if needed
|
|
433
|
+
if (delegationStorage && oauthSecurityService && tokenData.delegation_id) {
|
|
434
|
+
try {
|
|
435
|
+
// Extract provider from state or token response
|
|
436
|
+
const provider = tokenData.provider ||
|
|
437
|
+
state.provider ||
|
|
438
|
+
oauthIdentity?.provider ||
|
|
439
|
+
null;
|
|
440
|
+
// Extract scopes from state or token response
|
|
441
|
+
const requestedScopes = tokenData.scopes || state.scopes || [];
|
|
442
|
+
// Extract code_verifier from stored state (PKCE)
|
|
443
|
+
const codeVerifier = stateData
|
|
444
|
+
? stateData.code_verifier
|
|
445
|
+
: null;
|
|
446
|
+
const redirectUri = stateData?.redirect_uri ||
|
|
447
|
+
state?.redirect_uri ||
|
|
448
|
+
`${env.MCP_SERVER_URL || new URL(c.req.header("Referer") || "").origin}/oauth/callback`;
|
|
449
|
+
// Get userDid - use linked userDid if available, otherwise fallback to session-based lookup
|
|
450
|
+
let effectiveUserDid = userDid;
|
|
451
|
+
if (!effectiveUserDid && session_id && consentService) {
|
|
452
|
+
try {
|
|
453
|
+
effectiveUserDid = await consentService.getUserDidForSession(session_id);
|
|
454
|
+
}
|
|
455
|
+
catch (error) {
|
|
456
|
+
console.warn("[OAuth] Failed to get userDid from session, skipping token storage:", {
|
|
457
|
+
sessionId: session_id?.substring(0, 20) + "...",
|
|
458
|
+
error: error instanceof Error ? error.message : String(error),
|
|
459
|
+
});
|
|
460
|
+
}
|
|
461
|
+
}
|
|
462
|
+
if (provider && requestedScopes.length > 0 && effectiveUserDid) {
|
|
463
|
+
// Fetch provider config to determine flow (PKCE vs non-PKCE)
|
|
464
|
+
const { OAuthConfigService } = await import("@kya-os/mcp-i-core");
|
|
465
|
+
const { WorkersFetchProvider } = await import("../providers/storage.js");
|
|
466
|
+
const { KVOAuthConfigCache } = await import("../cache/kv-oauth-config-cache.js");
|
|
467
|
+
const { IdpTokenStorage } = await import("../services/idp-token-storage.js");
|
|
468
|
+
const fetchProvider = new WorkersFetchProvider();
|
|
469
|
+
const oauthConfigCache = delegationStorage
|
|
470
|
+
? new KVOAuthConfigCache({ kv: delegationStorage })
|
|
471
|
+
: undefined;
|
|
472
|
+
const oauthConfigService = new OAuthConfigService({
|
|
473
|
+
baseUrl: agentShieldApiUrl,
|
|
474
|
+
apiKey: env.AGENTSHIELD_API_KEY || "",
|
|
475
|
+
fetchProvider,
|
|
476
|
+
cache: oauthConfigCache,
|
|
477
|
+
});
|
|
478
|
+
const oauthConfig = await oauthConfigService.getOAuthConfig(project_id);
|
|
479
|
+
const providerConfig = oauthConfig.providers[provider];
|
|
480
|
+
if (!providerConfig) {
|
|
481
|
+
console.warn("[OAuth] Provider config not found, skipping token storage:", {
|
|
482
|
+
provider,
|
|
483
|
+
projectId: project_id,
|
|
484
|
+
});
|
|
485
|
+
}
|
|
486
|
+
else {
|
|
487
|
+
const idpTokenStorage = new IdpTokenStorage({
|
|
488
|
+
storage: delegationStorage,
|
|
489
|
+
oauthSecurityService,
|
|
490
|
+
});
|
|
491
|
+
// Choose flow based on provider config and codeVerifier availability
|
|
492
|
+
if (providerConfig.supportsPKCE && codeVerifier) {
|
|
493
|
+
// PKCE flow: Use OAuthService.exchangeToken()
|
|
494
|
+
const { OAuthService } = await import("@kya-os/mcp-i-core");
|
|
495
|
+
const oauthService = new OAuthService({
|
|
496
|
+
configService: oauthConfigService,
|
|
497
|
+
fetchProvider,
|
|
498
|
+
agentShieldApiUrl,
|
|
499
|
+
agentShieldApiKey: env.AGENTSHIELD_API_KEY || "",
|
|
500
|
+
projectId: project_id,
|
|
501
|
+
});
|
|
502
|
+
const idpTokens = await oauthService.exchangeToken(provider, code, codeVerifier, redirectUri);
|
|
503
|
+
await idpTokenStorage.storeToken(effectiveUserDid, provider, requestedScopes, idpTokens);
|
|
504
|
+
console.log("[OAuth] ✅ IDP tokens stored (PKCE flow):", {
|
|
505
|
+
userDid: effectiveUserDid.substring(0, 20) + "...",
|
|
506
|
+
provider,
|
|
507
|
+
scopes: requestedScopes,
|
|
508
|
+
expiresAt: new Date(idpTokens.expires_at).toISOString(),
|
|
509
|
+
});
|
|
510
|
+
}
|
|
511
|
+
else {
|
|
512
|
+
// Non-PKCE proxy mode: Use OAuthTokenRetrievalService
|
|
513
|
+
const { OAuthTokenRetrievalService } = await import("@kya-os/mcp-i-core");
|
|
514
|
+
const tokenRetrievalService = new OAuthTokenRetrievalService({
|
|
515
|
+
baseUrl: agentShieldApiUrl,
|
|
516
|
+
fetchProvider: fetch,
|
|
517
|
+
logger: (message, data) => {
|
|
518
|
+
console.log(`[OAuthTokenRetrieval] ${message}`, data);
|
|
519
|
+
},
|
|
520
|
+
});
|
|
521
|
+
const idpTokens = await tokenRetrievalService.retrieveTokens(tokenData.delegation_id, tokenData.delegation_token);
|
|
522
|
+
if (idpTokens) {
|
|
523
|
+
await idpTokenStorage.storeToken(effectiveUserDid, provider, requestedScopes, idpTokens);
|
|
524
|
+
console.log("[OAuth] ✅ OAuth tokens retrieved and stored (proxy mode):", {
|
|
525
|
+
userDid: effectiveUserDid.substring(0, 20) + "...",
|
|
526
|
+
provider,
|
|
527
|
+
scopes: requestedScopes,
|
|
528
|
+
expiresAt: new Date(idpTokens.expires_at).toISOString(),
|
|
529
|
+
delegationId: tokenData.delegation_id,
|
|
530
|
+
});
|
|
531
|
+
}
|
|
532
|
+
else {
|
|
533
|
+
// Token retrieval failed but delegation token is still valid
|
|
534
|
+
console.warn("[OAuth] OAuth token retrieval failed (non-fatal):", {
|
|
535
|
+
delegationId: tokenData.delegation_id,
|
|
536
|
+
provider,
|
|
537
|
+
sessionId: session_id?.substring(0, 20) + "...",
|
|
538
|
+
note: "Delegation token is still valid for MCP-I auth",
|
|
539
|
+
});
|
|
540
|
+
}
|
|
541
|
+
}
|
|
542
|
+
}
|
|
543
|
+
}
|
|
544
|
+
else {
|
|
545
|
+
console.log("[OAuth] Skipping IDP token storage:", {
|
|
546
|
+
hasProvider: !!provider,
|
|
547
|
+
hasScopes: requestedScopes.length > 0,
|
|
548
|
+
hasEffectiveUserDid: !!effectiveUserDid,
|
|
549
|
+
hasDelegationId: !!tokenData.delegation_id,
|
|
550
|
+
});
|
|
551
|
+
}
|
|
552
|
+
}
|
|
553
|
+
catch (error) {
|
|
554
|
+
// IDP token storage errors are non-fatal - log but continue
|
|
555
|
+
// Delegation token is still valid for MCP-I auth
|
|
556
|
+
console.error("[OAuth] Failed to retrieve/store OAuth tokens (non-fatal):", {
|
|
557
|
+
error: error instanceof Error ? error.message : String(error),
|
|
558
|
+
sessionId: session_id?.substring(0, 20) + "...",
|
|
559
|
+
delegationId: tokenData.delegation_id,
|
|
560
|
+
note: "Delegation token is still valid for MCP-I auth",
|
|
561
|
+
});
|
|
333
562
|
}
|
|
334
563
|
}
|
|
335
564
|
// Store delegation token in KV if storage is configured
|
|
@@ -350,11 +579,15 @@ export function createOAuthCallbackHandler(config = {}) {
|
|
|
350
579
|
await delegationStorage.put(userAgentKey, tokenData.delegation_token, {
|
|
351
580
|
expirationTtl: ttl
|
|
352
581
|
});
|
|
353
|
-
console.log('[OAuth] Delegation token stored with user+agent DID:', {
|
|
354
|
-
key: userAgentKey,
|
|
582
|
+
console.log('[OAuth] 🔒 SECURITY EVENT: Delegation token stored with user+agent DID:', {
|
|
583
|
+
key: userAgentKey.substring(0, 50) + '...',
|
|
355
584
|
ttl,
|
|
356
585
|
agentDid: agent_did.substring(0, 20) + '...',
|
|
357
|
-
|
|
586
|
+
userDid: sessionUserDid.substring(0, 20) + '...',
|
|
587
|
+
delegationId: tokenData.delegation_id,
|
|
588
|
+
timestamp: new Date().toISOString(),
|
|
589
|
+
eventType: 'delegation_token_stored',
|
|
590
|
+
storageType: 'user_agent_scoped'
|
|
358
591
|
});
|
|
359
592
|
}
|
|
360
593
|
// Backward compatibility: Agent-only key (24 hour TTL)
|
|
@@ -362,11 +595,15 @@ export function createOAuthCallbackHandler(config = {}) {
|
|
|
362
595
|
await delegationStorage.put(legacyKey, tokenData.delegation_token, {
|
|
363
596
|
expirationTtl: 24 * 60 * 60 // 24 hours only
|
|
364
597
|
});
|
|
365
|
-
console.log('[OAuth] Delegation token stored with legacy agent key:', {
|
|
366
|
-
key: legacyKey,
|
|
598
|
+
console.log('[OAuth] 🔒 SECURITY EVENT: Delegation token stored with legacy agent key:', {
|
|
599
|
+
key: legacyKey.substring(0, 50) + '...',
|
|
367
600
|
ttl: 24 * 60 * 60,
|
|
368
601
|
agentDid: agent_did.substring(0, 20) + '...',
|
|
369
|
-
delegationId: tokenData.delegation_id
|
|
602
|
+
delegationId: tokenData.delegation_id,
|
|
603
|
+
timestamp: new Date().toISOString(),
|
|
604
|
+
eventType: 'delegation_token_stored',
|
|
605
|
+
storageType: 'legacy_agent_scoped',
|
|
606
|
+
warning: 'Legacy format - migrate to user+agent scoped tokens'
|
|
370
607
|
});
|
|
371
608
|
// Session cache for fast lookup (shorter TTL for performance)
|
|
372
609
|
await delegationStorage.put(sessionKey, JSON.stringify({
|
|
@@ -377,16 +614,25 @@ export function createOAuthCallbackHandler(config = {}) {
|
|
|
377
614
|
}), {
|
|
378
615
|
expirationTtl: Math.min(ttl, 1800) // 30 minutes or token TTL, whichever is shorter
|
|
379
616
|
});
|
|
380
|
-
console.log('[OAuth] Delegation token cached for session:', {
|
|
381
|
-
key: sessionKey,
|
|
617
|
+
console.log('[OAuth] 🔒 SECURITY EVENT: Delegation token cached for session:', {
|
|
618
|
+
key: sessionKey.substring(0, 50) + '...',
|
|
382
619
|
ttl: Math.min(ttl, 1800),
|
|
383
|
-
sessionId: session_id,
|
|
384
|
-
userDid: sessionUserDid,
|
|
620
|
+
sessionId: session_id?.substring(0, 20) + '...',
|
|
621
|
+
userDid: sessionUserDid?.substring(0, 20) + '...',
|
|
622
|
+
timestamp: new Date().toISOString(),
|
|
623
|
+
eventType: 'delegation_token_cached',
|
|
624
|
+
storageType: 'session_cache'
|
|
385
625
|
});
|
|
386
626
|
}
|
|
387
627
|
catch (storageError) {
|
|
388
628
|
// Storage errors are non-fatal - log but continue
|
|
389
|
-
console.error('[OAuth] Storage error (non-fatal):',
|
|
629
|
+
console.error('[OAuth] 🔒 SECURITY EVENT: Storage error (non-fatal):', {
|
|
630
|
+
error: storageError instanceof Error ? storageError.message : String(storageError),
|
|
631
|
+
sessionId: session_id?.substring(0, 20) + '...',
|
|
632
|
+
timestamp: new Date().toISOString(),
|
|
633
|
+
eventType: 'delegation_storage_error',
|
|
634
|
+
severity: 'warning'
|
|
635
|
+
});
|
|
390
636
|
}
|
|
391
637
|
}
|
|
392
638
|
// Return success page
|
|
@@ -399,7 +645,13 @@ export function createOAuthCallbackHandler(config = {}) {
|
|
|
399
645
|
return c.html(html);
|
|
400
646
|
}
|
|
401
647
|
catch (error) {
|
|
402
|
-
console.error('[OAuth] Unexpected error:',
|
|
648
|
+
console.error('[OAuth] 🔒 SECURITY EVENT: Unexpected error:', {
|
|
649
|
+
error: error instanceof Error ? error.message : String(error),
|
|
650
|
+
stack: error instanceof Error ? error.stack : undefined,
|
|
651
|
+
timestamp: new Date().toISOString(),
|
|
652
|
+
eventType: 'oauth_unexpected_error',
|
|
653
|
+
severity: 'error'
|
|
654
|
+
});
|
|
403
655
|
const html = errorTemplate({
|
|
404
656
|
error: 'internal_error',
|
|
405
657
|
description: error instanceof Error ? error.message : 'An unexpected error occurred'
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-handler.js","sourceRoot":"","sources":["../../src/runtime/oauth-handler.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAgBH,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAqEzD;;GAEG;AACH,MAAM,sBAAsB,GAAG,CAAC,IAAsB,EAAU,EAAE,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6CAgEtB,IAAI,CAAC,SAAS,IAAI,IAAI;;;;;;;;;;;;;8BAarC,IAAI,CAAC,YAAY;;;;;8BAKjB,IAAI,CAAC,SAAS;;;;;8BAKd,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;;;oDAQA,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,IAAI,CAAC;;;;;CAK9F,CAAC;AAEF;;GAEG;AACH,MAAM,oBAAoB,GAAG,CAAC,KAAqB,EAAU,EAAE,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;0DAsDN,KAAK,CAAC,KAAK;6CACxB,KAAK,CAAC,WAAW;;;;;;;CAO7D,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CAAC,SAA8B,EAAE;IACzE,OAAO,KAAK,EAAE,CAAc,EAAE,EAAE;QAC9B,MAAM,GAAG,GAAG,CAAC,CAAC,GAA0C,CAAC;QAEzD,kCAAkC;QAClC,MAAM,EACJ,iBAAiB,GAAG,GAAG,CAAC,mBAAmB,IAAI,oBAAoB,EACnE,iBAAiB,EACjB,cAAc,EACd,eAAe,GAAG,sBAAsB,EACxC,aAAa,GAAG,oBAAoB,EACpC,SAAS,GAAG,IAAI,EAChB,cAAc,GAAG,IAAI,EACtB,GAAG,MAAM,CAAC;QAEX,uBAAuB;QACvB,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEnC,sBAAsB;QACtB,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,gBAAgB,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,mBAAmB,CAAC,IAAI,sBAAsB,CAAC;YACpF,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,EAAE,gBAAgB,CAAC,CAAC;YAEvE,MAAM,IAAI,GAAG,aAAa,CAAC;gBACzB,KAAK;gBACL,WAAW,EAAE,gBAAgB;aAC9B,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC3B,CAAC;QAED,+BAA+B;QAC/B,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACzB,OAAO,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;YACzD,MAAM,IAAI,GAAG,aAAa,CAAC;gBACzB,KAAK,EAAE,iBAAiB;gBACxB,WAAW,EAAE,+CAA+C;aAC7D,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC3B,CAAC;QAED,yBAAyB;QACzB,IAAI,KAAiB,CAAC;QACtB,IAAI,CAAC;YACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QACvC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,GAAG,CAAC,CAAC;YACtD,MAAM,IAAI,GAAG,aAAa,CAAC;gBACzB,KAAK,EAAE,eAAe;gBACtB,WAAW,EAAE,yBAAyB;aACvC,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC3B,CAAC;QAED,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE,GAAG,KAAK,CAAC;QAEnE,sBAAsB;QACtB,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAChD,MAAM,IAAI,GAAG,aAAa,CAAC;gBACzB,KAAK,EAAE,iBAAiB;gBACxB,WAAW,EAAE,uCAAuC;aACrD,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC3B,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,iDAAiD,EAAE;YAC7D,SAAS,EAAE,UAAU;YACrB,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;YAC5C,SAAS,EAAE,UAAU;YACrB,YAAY,EAAE,aAAa;SAC5B,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,mDAAmD;YACnD,MAAM,aAAa,GAAG,GAAG,iBAAiB,6BAA6B,CAAC;YAExE,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;gBAC/C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,QAAQ,EAAE,kBAAkB;iBAC7B;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,UAAU,EAAE,oBAAoB;oBAChC,IAAI,EAAE,IAAI;oBACV,SAAS,EAAE,SAAS;oBACpB,UAAU,EAAE,UAAU;iBACvB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;gBACtB,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;gBAC7C,OAAO,CAAC,KAAK,CAAC,gCAAgC,EAAE;oBAC9C,MAAM,EAAE,aAAa,CAAC,MAAM;oBAC5B,KAAK,EAAE,SAAS;iBACjB,CAAC,CAAC;gBAEH,MAAM,IAAI,GAAG,aAAa,CAAC;oBACzB,KAAK,EAAE,uBAAuB;oBAC9B,WAAW,EAAE,4DAA4D;iBAC1E,CAAC,CAAC;gBACH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;YAC5C,CAAC;YAED,MAAM,SAAS,GAA0B,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;YAEpE,0BAA0B;YAC1B,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;gBAChC,OAAO,CAAC,KAAK,CAAC,0CAA0C,EAAE,SAAS,CAAC,CAAC;gBACrE,MAAM,IAAI,GAAG,aAAa,CAAC;oBACzB,KAAK,EAAE,kBAAkB;oBACzB,WAAW,EAAE,kDAAkD;iBAChE,CAAC,CAAC;gBACH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC3B,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,oCAAoC,EAAE;gBAChD,YAAY,EAAE,SAAS,CAAC,aAAa;gBACrC,SAAS,EAAE,SAAS,CAAC,UAAU,IAAI,UAAU;gBAC7C,SAAS,EAAE,SAAS,CAAC,UAAU;gBAC/B,MAAM,EAAE,SAAS,CAAC,MAAM;aACzB,CAAC,CAAC;YAEH,8DAA8D;YAC9D,IAAI,aAAa,GAAyB,IAAI,CAAC;YAC/C,IAAI,OAA2B,CAAC;YAEhC,IAAI,cAAc,IAAI,iBAAiB,EAAE,CAAC;gBACxC,IAAI,CAAC;oBACH,mEAAmE;oBACnE,mDAAmD;oBACnD,MAAM,iBAAiB,GAAI,SAAiB,CAAC,SAAS,IAAK,SAAiB,CAAC,IAAI,CAAC;oBAElF,IAAI,iBAAiB,EAAE,CAAC;wBACtB,kDAAkD;wBAClD,+CAA+C;wBAC/C,yDAAyD;wBACzD,0CAA0C;wBAC1C,iCAAiC;wBACjC,MAAM,QAAQ,GAAI,SAAiB,CAAC,QAAQ;+BACtC,KAAa,CAAC,QAAQ;+BACtB,GAAW,CAAC,sBAAsB;+BACnC,QAAQ,CAAC;wBAEd,aAAa,GAAG;4BACd,QAAQ,EAAE,QAAQ;4BAClB,OAAO,EAAE,iBAAiB,CAAC,GAAG,IAAI,iBAAiB,CAAC,EAAE,IAAI,iBAAiB,CAAC,KAAK;4BACjF,KAAK,EAAE,iBAAiB,CAAC,KAAK;4BAC9B,IAAI,EAAE,iBAAiB,CAAC,IAAI,IAAI,iBAAiB,CAAC,YAAY;yBAC/D,CAAC;oBACJ,CAAC;yBAAM,CAAC;wBACN,oDAAoD;wBACpD,wDAAwD;wBACxD,sDAAsD;wBACtD,sEAAsE;wBACtE,OAAO,CAAC,IAAI,CAAC,2EAA2E,CAAC,CAAC;wBAC1F,OAAO,CAAC,IAAI,CAAC,0GAA0G,CAAC,CAAC;oBAC3H,CAAC;oBAED,gDAAgD;oBAChD,IAAI,aAAa,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;wBAC3C,OAAO,GAAG,MAAM,cAAc,CAAC,kBAAkB,CAC/C,aAAa,EACb,UAAU,CACX,CAAC;wBAEF,6CAA6C;wBAC7C,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC;wBACtE,CAAC,CAAC,MAAM,CACN,YAAY,EACZ,kBAAkB,WAAW,0DAA0D,CACxF,CAAC;wBAEF,OAAO,CAAC,GAAG,CAAC,+CAA+C,EAAE;4BAC3D,QAAQ,EAAE,aAAa,CAAC,QAAQ;4BAChC,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;4BACvD,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;yBAC1C,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,wDAAwD;oBACxD,OAAO,CAAC,KAAK,CAAC,oDAAoD,EAAE,KAAK,CAAC,CAAC;gBAC7E,CAAC;YACH,CAAC;YAED,wDAAwD;YACxD,IAAI,iBAAiB,EAAE,CAAC;gBACtB,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,IAAI,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,iBAAiB;gBAEzE,IAAI,CAAC;oBACH,kDAAkD;oBAClD,2DAA2D;oBAC3D,IAAI,cAAc,GAAG,OAAO,CAAC;oBAC7B,MAAM,UAAU,GAAG,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;oBACpD,IAAI,CAAC,cAAc,EAAE,CAAC;wBACpB,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAmD,CAAC;wBACtH,cAAc,GAAG,WAAW,EAAE,OAAO,CAAC;oBACxC,CAAC;oBAED,sDAAsD;oBACtD,IAAI,cAAc,EAAE,CAAC;wBACnB,MAAM,YAAY,GAAG,YAAY,CAAC,UAAU,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;wBACxE,MAAM,iBAAiB,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,CAAC,gBAAgB,EAAE;4BACpE,aAAa,EAAE,GAAG;yBACnB,CAAC,CAAC;wBACH,OAAO,CAAC,GAAG,CAAC,sDAAsD,EAAE;4BAClE,GAAG,EAAE,YAAY;4BACjB,GAAG;4BACH,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;4BAC5C,YAAY,EAAE,SAAS,CAAC,aAAa;yBACtC,CAAC,CAAC;oBACL,CAAC;oBAED,uDAAuD;oBACvD,MAAM,SAAS,GAAG,YAAY,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;oBAC3D,MAAM,iBAAiB,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,gBAAgB,EAAE;wBACjE,aAAa,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,gBAAgB;qBAC7C,CAAC,CAAC;oBACH,OAAO,CAAC,GAAG,CAAC,wDAAwD,EAAE;wBACpE,GAAG,EAAE,SAAS;wBACd,GAAG,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE;wBACjB,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wBAC5C,YAAY,EAAE,SAAS,CAAC,aAAa;qBACtC,CAAC,CAAC;oBAEH,8DAA8D;oBAC9D,MAAM,iBAAiB,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC;wBACrD,OAAO,EAAE,cAAc;wBACvB,QAAQ,EAAE,SAAS;wBACnB,eAAe,EAAE,SAAS,CAAC,gBAAgB;wBAC3C,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;qBACrB,CAAC,EAAE;wBACF,aAAa,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,gDAAgD;qBACpF,CAAC,CAAC;oBAEH,OAAO,CAAC,GAAG,CAAC,8CAA8C,EAAE;wBAC1D,GAAG,EAAE,UAAU;wBACf,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC;wBACxB,SAAS,EAAE,UAAU;wBACrB,OAAO,EAAE,cAAc;qBACxB,CAAC,CAAC;gBACL,CAAC;gBAAC,OAAO,YAAY,EAAE,CAAC;oBACtB,kDAAkD;oBAClD,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,YAAY,CAAC,CAAC;gBACpE,CAAC;YACH,CAAC;YAED,sBAAsB;YACtB,MAAM,IAAI,GAAG,eAAe,CAAC;gBAC3B,YAAY,EAAE,SAAS,CAAC,aAAa,IAAI,aAAa;gBACtD,SAAS,EAAE,UAAU;gBACrB,MAAM,EAAE,SAAS,CAAC,MAAM,IAAI,EAAE;gBAC9B,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;aAC1C,CAAC,CAAC;YAEH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEtB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;YAElD,MAAM,IAAI,GAAG,aAAa,CAAC;gBACzB,KAAK,EAAE,gBAAgB;gBACvB,WAAW,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,8BAA8B;aACrF,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,sBAAsB,CAAC,CAAc;IACnD,6BAA6B;IAC7B,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IACjD,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC;IAED,sBAAsB;IACtB,MAAM,YAAY,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IACxD,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,wBAAwB;IACxB,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACnD,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
1
|
+
{"version":3,"file":"oauth-handler.js","sourceRoot":"","sources":["../../src/runtime/oauth-handler.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAgBH,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AA2EzD;;GAEG;AACH,MAAM,sBAAsB,GAAG,CAAC,IAAsB,EAAU,EAAE,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6CAgEtB,IAAI,CAAC,SAAS,IAAI,IAAI;;;;;;;;;;;;;8BAarC,IAAI,CAAC,YAAY;;;;;8BAKjB,IAAI,CAAC,SAAS;;;;;8BAKd,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;;;oDAQA,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,IAAI,CAAC;;;;;CAK9F,CAAC;AAEF;;GAEG;AACH,MAAM,oBAAoB,GAAG,CAAC,KAAqB,EAAU,EAAE,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;0DAsDN,KAAK,CAAC,KAAK;6CACxB,KAAK,CAAC,WAAW;;;;;;;CAO7D,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CAAC,SAA8B,EAAE;IACzE,OAAO,KAAK,EAAE,CAAc,EAAE,EAAE;QAC9B,MAAM,GAAG,GAAG,CAAC,CAAC,GAA0C,CAAC;QAEzD,kCAAkC;QAClC,MAAM,EACJ,iBAAiB,GAAG,GAAG,CAAC,mBAAmB,IAAI,oBAAoB,EACnE,iBAAiB,EACjB,cAAc,EACd,oBAAoB,EACpB,eAAe,GAAG,sBAAsB,EACxC,aAAa,GAAG,oBAAoB,EACpC,SAAS,GAAG,IAAI,EAChB,cAAc,GAAG,IAAI,EACtB,GAAG,MAAM,CAAC;QAEX,uBAAuB;QACvB,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEnC,sBAAsB;QACtB,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,gBAAgB,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,mBAAmB,CAAC,IAAI,sBAAsB,CAAC;YACpF,OAAO,CAAC,KAAK,CAAC,iDAAiD,EAAE;gBAC/D,KAAK;gBACL,gBAAgB;gBAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,SAAS,EAAE,sBAAsB;aAClC,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,aAAa,CAAC;gBACzB,KAAK;gBACL,WAAW,EAAE,gBAAgB;aAC9B,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC3B,CAAC;QAED,+BAA+B;QAC/B,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACzB,OAAO,CAAC,KAAK,CAAC,yDAAyD,EAAE;gBACvE,OAAO,EAAE,CAAC,CAAC,IAAI;gBACf,QAAQ,EAAE,CAAC,CAAC,UAAU;gBACtB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,SAAS,EAAE,yBAAyB;gBACpC,MAAM,EAAE,oBAAoB;aAC7B,CAAC,CAAC;YACH,MAAM,IAAI,GAAG,aAAa,CAAC;gBACzB,KAAK,EAAE,iBAAiB;gBACxB,WAAW,EAAE,+CAA+C;aAC7D,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC3B,CAAC;QAED,qEAAqE;QACrE,IAAI,KAAiB,CAAC;QACtB,IAAI,SAAS,GAAmC,IAAI,CAAC;QAErD,IAAI,oBAAoB,EAAE,CAAC;YACzB,+CAA+C;YAC/C,IAAI,CAAC;gBACH,SAAS,GAAG,MAAM,oBAAoB,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;gBAEjE,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,OAAO,CAAC,KAAK,CAAC,kFAAkF,EAAE;wBAChG,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wBAC/C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;wBACnC,SAAS,EAAE,wBAAwB;wBACnC,MAAM,EAAE,4BAA4B;qBACrC,CAAC,CAAC;oBACH,MAAM,IAAI,GAAG,aAAa,CAAC;wBACzB,KAAK,EAAE,eAAe;wBACtB,WAAW,EAAE,yGAAyG;qBACvH,CAAC,CAAC;oBACH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;gBAC3B,CAAC;gBAED,iCAAiC;gBACjC,KAAK,GAAG;oBACN,UAAU,EAAE,SAAS,CAAC,UAAoB;oBAC1C,SAAS,EAAE,SAAS,CAAC,SAAmB;oBACxC,UAAU,EAAE,SAAS,CAAC,UAAgC;oBACtD,aAAa,EAAE,SAAS,CAAC,aAAuB;iBACjD,CAAC;gBAEF,OAAO,CAAC,GAAG,CAAC,0DAA0D,EAAE;oBACtE,SAAS,EAAE,KAAK,CAAC,UAAU;oBAC3B,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;oBAClD,SAAS,EAAE,KAAK,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;oBACrD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,SAAS,EAAE,yBAAyB;oBACpC,aAAa,EAAE,SAAS,CAAC,QAA8B;iBACxD,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,oDAAoD,EAAE;oBAClE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;oBACvD,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;oBAC/C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,SAAS,EAAE,uBAAuB;oBAClC,MAAM,EAAE,sBAAsB;iBAC/B,CAAC,CAAC;gBACH,MAAM,IAAI,GAAG,aAAa,CAAC;oBACzB,KAAK,EAAE,eAAe;oBACtB,WAAW,EAAE,oCAAoC;iBAClD,CAAC,CAAC;gBACH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;aAAM,CAAC;YACN,mFAAmF;YACnF,OAAO,CAAC,IAAI,CAAC,+FAA+F,CAAC,CAAC;YAC9G,IAAI,CAAC;gBACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YACvC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,oDAAoD,EAAE;oBAClE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;oBACvD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,SAAS,EAAE,yBAAyB;oBACpC,MAAM,EAAE,oBAAoB;iBAC7B,CAAC,CAAC;gBACH,MAAM,IAAI,GAAG,aAAa,CAAC;oBACzB,KAAK,EAAE,eAAe;oBACtB,WAAW,EAAE,yBAAyB;iBACvC,CAAC,CAAC;gBACH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;QAED,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE,GAAG,KAAK,CAAC;QAEnE,sBAAsB;QACtB,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAChD,MAAM,IAAI,GAAG,aAAa,CAAC;gBACzB,KAAK,EAAE,iBAAiB;gBACxB,WAAW,EAAE,uCAAuC;aACrD,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC3B,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,oEAAoE,EAAE;YAChF,SAAS,EAAE,UAAU;YACrB,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;YAC5C,SAAS,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;YAC/C,YAAY,EAAE,aAAa;YAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS,EAAE,2BAA2B;YACtC,cAAc,EAAE,CAAC,CAAC,oBAAoB;SACvC,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,mDAAmD;YACnD,MAAM,aAAa,GAAG,GAAG,iBAAiB,6BAA6B,CAAC;YAExE,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;gBAC/C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,QAAQ,EAAE,kBAAkB;iBAC7B;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,UAAU,EAAE,oBAAoB;oBAChC,IAAI,EAAE,IAAI;oBACV,SAAS,EAAE,SAAS;oBACpB,UAAU,EAAE,UAAU;iBACvB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;gBACtB,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;gBAC7C,OAAO,CAAC,KAAK,CAAC,mDAAmD,EAAE;oBACjE,MAAM,EAAE,aAAa,CAAC,MAAM;oBAC5B,KAAK,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;oBAClC,SAAS,EAAE,UAAU;oBACrB,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;oBAC5C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,SAAS,EAAE,6BAA6B;iBACzC,CAAC,CAAC;gBAEH,MAAM,IAAI,GAAG,aAAa,CAAC;oBACzB,KAAK,EAAE,uBAAuB;oBAC9B,WAAW,EAAE,4DAA4D;iBAC1E,CAAC,CAAC;gBACH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;YAC5C,CAAC;YAED,MAAM,SAAS,GAA0B,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;YAEpE,0BAA0B;YAC1B,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;gBAChC,OAAO,CAAC,KAAK,CAAC,oDAAoD,EAAE;oBAClE,kBAAkB,EAAE,CAAC,CAAC,SAAS,CAAC,gBAAgB;oBAChD,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;oBACpC,SAAS,EAAE,UAAU;oBACrB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,SAAS,EAAE,8BAA8B;iBAC1C,CAAC,CAAC;gBACH,MAAM,IAAI,GAAG,aAAa,CAAC;oBACzB,KAAK,EAAE,kBAAkB;oBACzB,WAAW,EAAE,kDAAkD;iBAChE,CAAC,CAAC;gBACH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC3B,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,uDAAuD,EAAE;gBACnE,YAAY,EAAE,SAAS,CAAC,aAAa;gBACrC,SAAS,EAAE,SAAS,CAAC,UAAU,IAAI,UAAU;gBAC7C,SAAS,EAAE,SAAS,CAAC,UAAU;gBAC/B,MAAM,EAAE,SAAS,CAAC,MAAM;gBACxB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,SAAS,EAAE,8BAA8B;aAC1C,CAAC,CAAC;YAEH,8DAA8D;YAC9D,IAAI,aAAa,GAAyB,IAAI,CAAC;YAC/C,IAAI,OAA2B,CAAC;YAEhC,IAAI,cAAc,IAAI,iBAAiB,EAAE,CAAC;gBACxC,IAAI,CAAC;oBACH,mEAAmE;oBACnE,mDAAmD;oBACnD,MAAM,iBAAiB,GAAI,SAAiB,CAAC,SAAS,IAAK,SAAiB,CAAC,IAAI,CAAC;oBAElF,IAAI,iBAAiB,EAAE,CAAC;wBACtB,kDAAkD;wBAClD,+CAA+C;wBAC/C,yDAAyD;wBACzD,0CAA0C;wBAC1C,iCAAiC;wBACjC,MAAM,QAAQ,GAAI,SAAiB,CAAC,QAAQ;+BACtC,KAAa,CAAC,QAAQ;+BACtB,GAAW,CAAC,sBAAsB;+BACnC,QAAQ,CAAC;wBAEd,aAAa,GAAG;4BACd,QAAQ,EAAE,QAAQ;4BAClB,OAAO,EAAE,iBAAiB,CAAC,GAAG,IAAI,iBAAiB,CAAC,EAAE,IAAI,iBAAiB,CAAC,KAAK;4BACjF,KAAK,EAAE,iBAAiB,CAAC,KAAK;4BAC9B,IAAI,EAAE,iBAAiB,CAAC,IAAI,IAAI,iBAAiB,CAAC,YAAY;yBAC/D,CAAC;oBACJ,CAAC;yBAAM,CAAC;wBACN,oDAAoD;wBACpD,wDAAwD;wBACxD,sDAAsD;wBACtD,sEAAsE;wBACtE,OAAO,CAAC,IAAI,CAAC,2EAA2E,CAAC,CAAC;wBAC1F,OAAO,CAAC,IAAI,CAAC,0GAA0G,CAAC,CAAC;oBAC3H,CAAC;oBAED,gDAAgD;oBAChD,IAAI,aAAa,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;wBAC3C,OAAO,GAAG,MAAM,cAAc,CAAC,kBAAkB,CAC/C,aAAa,EACb,UAAU,CACX,CAAC;wBAEF,6CAA6C;wBAC7C,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC;wBACtE,CAAC,CAAC,MAAM,CACN,YAAY,EACZ,kBAAkB,WAAW,0DAA0D,CACxF,CAAC;wBAEF,OAAO,CAAC,GAAG,CAAC,kEAAkE,EAAE;4BAC9E,QAAQ,EAAE,aAAa,CAAC,QAAQ;4BAChC,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;4BACvD,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;4BACzC,SAAS,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;4BAC/C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;4BACnC,SAAS,EAAE,uBAAuB;4BAClC,SAAS,EAAE,IAAI;yBAChB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,wDAAwD;oBACxD,OAAO,CAAC,KAAK,CAAC,uEAAuE,EAAE;wBACrF,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;wBAC7D,SAAS,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wBAC/C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;wBACnC,SAAS,EAAE,+BAA+B;wBAC1C,QAAQ,EAAE,SAAS;qBACpB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,oEAAoE;YACpE,qEAAqE;YACrE,gGAAgG;YAChG,oEAAoE;YACpE,IAAI,iBAAiB,IAAI,oBAAoB,IAAI,SAAS,CAAC,aAAa,EAAE,CAAC;gBACzE,IAAI,CAAC;oBACH,gDAAgD;oBAChD,MAAM,QAAQ,GACX,SAAiB,CAAC,QAAQ;wBAC1B,KAAa,CAAC,QAAQ;wBACvB,aAAa,EAAE,QAAQ;wBACvB,IAAI,CAAC;oBAEP,8CAA8C;oBAC9C,MAAM,eAAe,GACnB,SAAS,CAAC,MAAM,IAAK,KAAa,CAAC,MAAM,IAAI,EAAE,CAAC;oBAElD,iDAAiD;oBACjD,MAAM,YAAY,GAAG,SAAS;wBAC5B,CAAC,CAAE,SAAiB,CAAC,aAAa;wBAClC,CAAC,CAAC,IAAI,CAAC;oBAET,MAAM,WAAW,GACd,SAAiB,EAAE,YAAY;wBAC/B,KAAa,EAAE,YAAY;wBAC5B,GAAG,GAAG,CAAC,cAAc,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,iBAAiB,CAAC;oBAE1F,4FAA4F;oBAC5F,IAAI,gBAAgB,GAAG,OAAO,CAAC;oBAC/B,IAAI,CAAC,gBAAgB,IAAI,UAAU,IAAI,cAAc,EAAE,CAAC;wBACtD,IAAI,CAAC;4BACH,gBAAgB,GAAG,MAAM,cAAc,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;wBAC3E,CAAC;wBAAC,OAAO,KAAK,EAAE,CAAC;4BACf,OAAO,CAAC,IAAI,CAAC,qEAAqE,EAAE;gCAClF,SAAS,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;gCAC/C,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;6BAC9D,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;oBAED,IAAI,QAAQ,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,IAAI,gBAAgB,EAAE,CAAC;wBAC/D,6DAA6D;wBAC7D,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CACzC,oBAAoB,CACrB,CAAC;wBACF,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAC3C,yBAAyB,CAC1B,CAAC;wBACF,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CACzC,mCAAmC,CACpC,CAAC;wBACF,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CACtC,kCAAkC,CACnC,CAAC;wBAEF,MAAM,aAAa,GAAG,IAAI,oBAAoB,EAAE,CAAC;wBACjD,MAAM,gBAAgB,GAAG,iBAAiB;4BACxC,CAAC,CAAC,IAAI,kBAAkB,CAAC,EAAE,EAAE,EAAE,iBAAwB,EAAE,CAAC;4BAC1D,CAAC,CAAC,SAAS,CAAC;wBAEd,MAAM,kBAAkB,GAAG,IAAI,kBAAkB,CAAC;4BAChD,OAAO,EAAE,iBAAiB;4BAC1B,MAAM,EAAE,GAAG,CAAC,mBAAmB,IAAI,EAAE;4BACrC,aAAa;4BACb,KAAK,EAAE,gBAAgB;yBACxB,CAAC,CAAC;wBAEH,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;wBACxE,MAAM,cAAc,GAAG,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;wBAEvD,IAAI,CAAC,cAAc,EAAE,CAAC;4BACpB,OAAO,CAAC,IAAI,CAAC,4DAA4D,EAAE;gCACzE,QAAQ;gCACR,SAAS,EAAE,UAAU;6BACtB,CAAC,CAAC;wBACL,CAAC;6BAAM,CAAC;4BACN,MAAM,eAAe,GAAG,IAAI,eAAe,CAAC;gCAC1C,OAAO,EAAE,iBAAwB;gCACjC,oBAAoB;6BACrB,CAAC,CAAC;4BAEH,qEAAqE;4BACrE,IAAI,cAAc,CAAC,YAAY,IAAI,YAAY,EAAE,CAAC;gCAChD,8CAA8C;gCAC9C,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CACnC,oBAAoB,CACrB,CAAC;gCAEF,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC;oCACpC,aAAa,EAAE,kBAAkB;oCACjC,aAAa;oCACb,iBAAiB;oCACjB,iBAAiB,EAAE,GAAG,CAAC,mBAAmB,IAAI,EAAE;oCAChD,SAAS,EAAE,UAAU;iCACtB,CAAC,CAAC;gCAEH,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,aAAa,CAChD,QAAQ,EACR,IAAI,EACJ,YAAY,EACZ,WAAW,CACZ,CAAC;gCAEF,MAAM,eAAe,CAAC,UAAU,CAC9B,gBAAgB,EAChB,QAAQ,EACR,eAAe,EACf,SAAS,CACV,CAAC;gCAEF,OAAO,CAAC,GAAG,CAAC,0CAA0C,EAAE;oCACtD,OAAO,EAAE,gBAAgB,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;oCAClD,QAAQ;oCACR,MAAM,EAAE,eAAe;oCACvB,SAAS,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE;iCACxD,CAAC,CAAC;4BACL,CAAC;iCAAM,CAAC;gCACN,sDAAsD;gCACtD,MAAM,EAAE,0BAA0B,EAAE,GAAG,MAAM,MAAM,CACjD,oBAAoB,CACrB,CAAC;gCAEF,MAAM,qBAAqB,GAAG,IAAI,0BAA0B,CAAC;oCAC3D,OAAO,EAAE,iBAAiB;oCAC1B,aAAa,EAAE,KAAK;oCACpB,MAAM,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;wCACxB,OAAO,CAAC,GAAG,CAAC,yBAAyB,OAAO,EAAE,EAAE,IAAI,CAAC,CAAC;oCACxD,CAAC;iCACF,CAAC,CAAC;gCAEH,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAAC,cAAc,CAC1D,SAAS,CAAC,aAAa,EACvB,SAAS,CAAC,gBAAgB,CAC3B,CAAC;gCAEF,IAAI,SAAS,EAAE,CAAC;oCACd,MAAM,eAAe,CAAC,UAAU,CAC9B,gBAAgB,EAChB,QAAQ,EACR,eAAe,EACf,SAAS,CACV,CAAC;oCAEF,OAAO,CAAC,GAAG,CAAC,2DAA2D,EAAE;wCACvE,OAAO,EAAE,gBAAgB,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wCAClD,QAAQ;wCACR,MAAM,EAAE,eAAe;wCACvB,SAAS,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE;wCACvD,YAAY,EAAE,SAAS,CAAC,aAAa;qCACtC,CAAC,CAAC;gCACL,CAAC;qCAAM,CAAC;oCACN,6DAA6D;oCAC7D,OAAO,CAAC,IAAI,CAAC,mDAAmD,EAAE;wCAChE,YAAY,EAAE,SAAS,CAAC,aAAa;wCACrC,QAAQ;wCACR,SAAS,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wCAC/C,IAAI,EAAE,gDAAgD;qCACvD,CAAC,CAAC;gCACL,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE;4BACjD,WAAW,EAAE,CAAC,CAAC,QAAQ;4BACvB,SAAS,EAAE,eAAe,CAAC,MAAM,GAAG,CAAC;4BACrC,mBAAmB,EAAE,CAAC,CAAC,gBAAgB;4BACvC,eAAe,EAAE,CAAC,CAAC,SAAS,CAAC,aAAa;yBAC3C,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,4DAA4D;oBAC5D,iDAAiD;oBACjD,OAAO,CAAC,KAAK,CAAC,4DAA4D,EAAE;wBAC1E,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;wBAC7D,SAAS,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wBAC/C,YAAY,EAAE,SAAS,CAAC,aAAa;wBACrC,IAAI,EAAE,gDAAgD;qBACvD,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,wDAAwD;YACxD,IAAI,iBAAiB,EAAE,CAAC;gBACtB,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,IAAI,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,iBAAiB;gBAEzE,IAAI,CAAC;oBACH,kDAAkD;oBAClD,2DAA2D;oBAC3D,IAAI,cAAc,GAAG,OAAO,CAAC;oBAC7B,MAAM,UAAU,GAAG,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;oBACpD,IAAI,CAAC,cAAc,EAAE,CAAC;wBACpB,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAmD,CAAC;wBACtH,cAAc,GAAG,WAAW,EAAE,OAAO,CAAC;oBACxC,CAAC;oBAED,sDAAsD;oBACtD,IAAI,cAAc,EAAE,CAAC;wBACnB,MAAM,YAAY,GAAG,YAAY,CAAC,UAAU,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;wBACxE,MAAM,iBAAiB,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,CAAC,gBAAgB,EAAE;4BACpE,aAAa,EAAE,GAAG;yBACnB,CAAC,CAAC;wBACH,OAAO,CAAC,GAAG,CAAC,yEAAyE,EAAE;4BACrF,GAAG,EAAE,YAAY,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;4BAC1C,GAAG;4BACH,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;4BAC5C,OAAO,EAAE,cAAc,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;4BAChD,YAAY,EAAE,SAAS,CAAC,aAAa;4BACrC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;4BACnC,SAAS,EAAE,yBAAyB;4BACpC,WAAW,EAAE,mBAAmB;yBACjC,CAAC,CAAC;oBACL,CAAC;oBAED,uDAAuD;oBACvD,MAAM,SAAS,GAAG,YAAY,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;oBAC3D,MAAM,iBAAiB,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,gBAAgB,EAAE;wBACjE,aAAa,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,gBAAgB;qBAC7C,CAAC,CAAC;oBACH,OAAO,CAAC,GAAG,CAAC,2EAA2E,EAAE;wBACvF,GAAG,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wBACvC,GAAG,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE;wBACjB,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wBAC5C,YAAY,EAAE,SAAS,CAAC,aAAa;wBACrC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;wBACnC,SAAS,EAAE,yBAAyB;wBACpC,WAAW,EAAE,qBAAqB;wBAClC,OAAO,EAAE,qDAAqD;qBAC/D,CAAC,CAAC;oBAEH,8DAA8D;oBAC9D,MAAM,iBAAiB,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC;wBACrD,OAAO,EAAE,cAAc;wBACvB,QAAQ,EAAE,SAAS;wBACnB,eAAe,EAAE,SAAS,CAAC,gBAAgB;wBAC3C,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;qBACrB,CAAC,EAAE;wBACF,aAAa,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,gDAAgD;qBACpF,CAAC,CAAC;oBAEH,OAAO,CAAC,GAAG,CAAC,iEAAiE,EAAE;wBAC7E,GAAG,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wBACxC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC;wBACxB,SAAS,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wBAC/C,OAAO,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wBACjD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;wBACnC,SAAS,EAAE,yBAAyB;wBACpC,WAAW,EAAE,eAAe;qBAC7B,CAAC,CAAC;gBACL,CAAC;gBAAC,OAAO,YAAY,EAAE,CAAC;oBACtB,kDAAkD;oBAClD,OAAO,CAAC,KAAK,CAAC,uDAAuD,EAAE;wBACrE,KAAK,EAAE,YAAY,YAAY,KAAK,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC;wBAClF,SAAS,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wBAC/C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;wBACnC,SAAS,EAAE,0BAA0B;wBACrC,QAAQ,EAAE,SAAS;qBACpB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,sBAAsB;YACtB,MAAM,IAAI,GAAG,eAAe,CAAC;gBAC3B,YAAY,EAAE,SAAS,CAAC,aAAa,IAAI,aAAa;gBACtD,SAAS,EAAE,UAAU;gBACrB,MAAM,EAAE,SAAS,CAAC,MAAM,IAAI,EAAE;gBAC9B,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;aAC1C,CAAC,CAAC;YAEH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEtB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,8CAA8C,EAAE;gBAC5D,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;gBAC7D,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;gBACvD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,SAAS,EAAE,wBAAwB;gBACnC,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,aAAa,CAAC;gBACzB,KAAK,EAAE,gBAAgB;gBACvB,WAAW,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,8BAA8B;aACrF,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,sBAAsB,CAAC,CAAc;IACnD,6BAA6B;IAC7B,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IACjD,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC;IAED,sBAAsB;IACtB,MAAM,YAAY,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IACxD,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,wBAAwB;IACxB,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACnD,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}
|
package/dist/runtime.d.ts
CHANGED
|
@@ -13,6 +13,8 @@ import { CloudflareProofGenerator } from "./proof-generator";
|
|
|
13
13
|
import type { DetachedProof } from "@kya-os/contracts/proof";
|
|
14
14
|
import { type KVNamespace } from "./cache/kv-tool-protection-cache";
|
|
15
15
|
import type { CloudflareRuntimeConfig } from "./config";
|
|
16
|
+
import type { IAuditLogger } from "@kya-os/mcp-i-core/runtime/audit-logger";
|
|
17
|
+
import type { AgentIdentity } from "@kya-os/mcp-i-core";
|
|
16
18
|
/**
|
|
17
19
|
* CloudflareRuntime extends MCPIRuntimeBase with CloudflareProofGenerator
|
|
18
20
|
*/
|
|
@@ -32,7 +34,7 @@ export declare class CloudflareRuntime extends MCPIRuntimeBase {
|
|
|
32
34
|
private lastToolCallContext?;
|
|
33
35
|
private serverUrl?;
|
|
34
36
|
private proofService?;
|
|
35
|
-
|
|
37
|
+
private auditLogger?;
|
|
36
38
|
constructor(config: ProviderRuntimeConfig, serverUrl?: string, cloudflareConfig?: CloudflareRuntimeConfig);
|
|
37
39
|
/**
|
|
38
40
|
* Set AccessControlApiService (injected by createCloudflareRuntime)
|
|
@@ -42,6 +44,15 @@ export declare class CloudflareRuntime extends MCPIRuntimeBase {
|
|
|
42
44
|
* Set ProofVerifier (injected by createCloudflareRuntime)
|
|
43
45
|
*/
|
|
44
46
|
setProofVerifier(verifier: ProofVerifier): void;
|
|
47
|
+
/**
|
|
48
|
+
* Get audit logger instance
|
|
49
|
+
*/
|
|
50
|
+
getAuditLogger(): IAuditLogger | undefined;
|
|
51
|
+
/**
|
|
52
|
+
* Get identity - uses cached identity from base class for performance
|
|
53
|
+
* The base class caches identity during initialize() to avoid repeated provider calls
|
|
54
|
+
*/
|
|
55
|
+
getIdentity(): Promise<AgentIdentity>;
|
|
45
56
|
/**
|
|
46
57
|
* Initialize runtime and proof generator
|
|
47
58
|
*/
|
package/dist/runtime.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,eAAe,EACf,KAAK,qBAAqB,EAC1B,qBAAqB,EACrB,KAAK,2BAA2B,EAChC,uBAAuB,EACvB,aAAa,EACd,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAEL,KAAK,WAAW,EACjB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AAExD;;GAEG;AACH;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,qBAAa,iBAAkB,SAAQ,eAAe;IACpD,OAAO,CAAC,cAAc,CAAC,CAA2B;IAClD,OAAO,CAAC,iBAAiB,CAAC,CAAgB;IAC1C,OAAO,CAAC,mBAAmB,CAAC,CAAkB;IAC9C,OAAO,CAAC,SAAS,CAAC,CAAS;IAC3B,OAAO,CAAC,YAAY,CAAC,CAAe;
|
|
1
|
+
{"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,eAAe,EACf,KAAK,qBAAqB,EAC1B,qBAAqB,EACrB,KAAK,2BAA2B,EAChC,uBAAuB,EACvB,aAAa,EACd,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAEL,KAAK,WAAW,EACjB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AACxD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yCAAyC,CAAC;AAE5E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAExD;;GAEG;AACH;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,qBAAa,iBAAkB,SAAQ,eAAe;IACpD,OAAO,CAAC,cAAc,CAAC,CAA2B;IAClD,OAAO,CAAC,iBAAiB,CAAC,CAAgB;IAC1C,OAAO,CAAC,mBAAmB,CAAC,CAAkB;IAC9C,OAAO,CAAC,SAAS,CAAC,CAAS;IAC3B,OAAO,CAAC,YAAY,CAAC,CAAe;IAEpC,OAAO,CAAC,WAAW,CAAC,CAAe;gBAIjC,MAAM,EAAE,qBAAqB,EAC7B,SAAS,CAAC,EAAE,MAAM,EAClB,gBAAgB,CAAC,EAAE,uBAAuB;IAY5C;;OAEG;IACH,uBAAuB,CAAC,OAAO,EAAE,uBAAuB,GAAG,IAAI;IAM/D;;OAEG;IACH,gBAAgB,CAAC,QAAQ,EAAE,aAAa,GAAG,IAAI;IAM/C;;OAEG;IACH,cAAc,IAAI,YAAY,GAAG,SAAS;IAI1C;;;OAGG;IACG,WAAW,IAAI,OAAO,CAAC,aAAa,CAAC;IAI3C;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IA2BjC;;;;;;;;OAQG;IACG,WAAW,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,aAAa,CAAC;IAgGnE;;;;;;;;;;OAUG;IACG,eAAe,CACnB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,GAAG,EACT,OAAO,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,EACpC,OAAO,CAAC,EAAE,GAAG,GACZ,OAAO,CAAC,GAAG,CAAC;IA4Ef;;OAEG;IACH,iBAAiB,IAAI,wBAAwB,GAAG,SAAS;IAIzD;;;;OAIG;IACH,YAAY,IAAI,aAAa,GAAG,SAAS;IAIzC;;;;;OAKG;IACH,sBAAsB,IAAI,eAAe,GAAG,SAAS;IAIrD;;;;;;;;;;;;;;OAcG;IACH,SAAS,CAAC,eAAe,CACvB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,EAChB,OAAO,CAAC,EAAE,GAAG,EACb,WAAW,CAAC,EAAE,MAAM,GACnB,MAAM;IAgDT;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BG;IACH,MAAM,CAAC,2BAA2B,CAChC,EAAE,EAAE,WAAW,EACf,MAAM,EAAE,2BAA2B,GAClC,qBAAqB;CAIzB"}
|
package/dist/runtime.js
CHANGED
|
@@ -12,13 +12,15 @@ import { MCPIRuntimeBase, ToolProtectionService, } from "@kya-os/mcp-i-core";
|
|
|
12
12
|
import { CloudflareProofGenerator } from "./proof-generator";
|
|
13
13
|
import { KVToolProtectionCache, } from "./cache/kv-tool-protection-cache";
|
|
14
14
|
import { ProofService } from "./services/proof.service";
|
|
15
|
+
import { CloudflareAuditLogger } from "./runtime/audit-logger";
|
|
15
16
|
export class CloudflareRuntime extends MCPIRuntimeBase {
|
|
16
17
|
proofGenerator;
|
|
17
18
|
lastDetachedProof;
|
|
18
19
|
lastToolCallContext;
|
|
19
20
|
serverUrl; // Store server URL for consent URL building
|
|
20
21
|
proofService; // Proof submission service
|
|
21
|
-
accessControlService
|
|
22
|
+
// accessControlService is inherited from MCPIRuntimeBase (protected), no need to redeclare
|
|
23
|
+
auditLogger; // Audit logger instance
|
|
22
24
|
// proofVerifier is inherited from MCPIRuntimeBase (protected), no need to redeclare
|
|
23
25
|
constructor(config, serverUrl, cloudflareConfig) {
|
|
24
26
|
super(config);
|
|
@@ -31,21 +33,47 @@ export class CloudflareRuntime extends MCPIRuntimeBase {
|
|
|
31
33
|
* Set AccessControlApiService (injected by createCloudflareRuntime)
|
|
32
34
|
*/
|
|
33
35
|
setAccessControlService(service) {
|
|
36
|
+
// Access protected property from base class (MCPIRuntimeBase)
|
|
37
|
+
// Protected members are accessible from subclasses in TypeScript
|
|
34
38
|
this.accessControlService = service;
|
|
35
39
|
}
|
|
36
40
|
/**
|
|
37
41
|
* Set ProofVerifier (injected by createCloudflareRuntime)
|
|
38
42
|
*/
|
|
39
43
|
setProofVerifier(verifier) {
|
|
40
|
-
//
|
|
41
|
-
//
|
|
44
|
+
// Access protected property from base class (MCPIRuntimeBase)
|
|
45
|
+
// Protected members are accessible from subclasses in TypeScript
|
|
42
46
|
this.proofVerifier = verifier;
|
|
43
47
|
}
|
|
48
|
+
/**
|
|
49
|
+
* Get audit logger instance
|
|
50
|
+
*/
|
|
51
|
+
getAuditLogger() {
|
|
52
|
+
return this.auditLogger;
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Get identity - uses cached identity from base class for performance
|
|
56
|
+
* The base class caches identity during initialize() to avoid repeated provider calls
|
|
57
|
+
*/
|
|
58
|
+
async getIdentity() {
|
|
59
|
+
return await super.getIdentity();
|
|
60
|
+
}
|
|
44
61
|
/**
|
|
45
62
|
* Initialize runtime and proof generator
|
|
46
63
|
*/
|
|
47
64
|
async initialize() {
|
|
48
65
|
await super.initialize();
|
|
66
|
+
// Initialize CloudflareAuditLogger if audit is enabled
|
|
67
|
+
// Uses Web Crypto API instead of Node.js crypto for Cloudflare Workers compatibility
|
|
68
|
+
if (this.config.audit?.enabled) {
|
|
69
|
+
this.auditLogger = new CloudflareAuditLogger({
|
|
70
|
+
enabled: true,
|
|
71
|
+
logFunction: this.config.audit.logFunction || console.log,
|
|
72
|
+
includePayloads: false,
|
|
73
|
+
// rotation is optional and may not be in the config type
|
|
74
|
+
rotation: this.config.audit.rotation,
|
|
75
|
+
});
|
|
76
|
+
}
|
|
49
77
|
// Initialize CloudflareProofGenerator with identity
|
|
50
78
|
const identity = await this.getIdentity();
|
|
51
79
|
this.proofGenerator = new CloudflareProofGenerator(identity);
|
|
@@ -166,7 +194,9 @@ export class CloudflareRuntime extends MCPIRuntimeBase {
|
|
|
166
194
|
// Determine MCP server URL from session or stored serverUrl
|
|
167
195
|
// Ensure URL has protocol (https://) for AgentShield tool discovery
|
|
168
196
|
let mcpServerUrl = enhancedSession.serverOrigin || this.serverUrl;
|
|
169
|
-
if (mcpServerUrl &&
|
|
197
|
+
if (mcpServerUrl &&
|
|
198
|
+
!mcpServerUrl.startsWith("http://") &&
|
|
199
|
+
!mcpServerUrl.startsWith("https://")) {
|
|
170
200
|
// Auto-add https:// if protocol missing
|
|
171
201
|
mcpServerUrl = `https://${mcpServerUrl}`;
|
|
172
202
|
}
|