@kya-os/mcp-i-cloudflare 1.5.8-canary.2 → 1.5.8-canary.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/__tests__/e2e/test-config.d.ts +37 -0
- package/dist/__tests__/e2e/test-config.d.ts.map +1 -0
- package/dist/__tests__/e2e/test-config.js +62 -0
- package/dist/__tests__/e2e/test-config.js.map +1 -0
- package/dist/adapter.d.ts.map +1 -1
- package/dist/adapter.js +166 -29
- package/dist/adapter.js.map +1 -1
- package/dist/agent.d.ts.map +1 -1
- package/dist/agent.js +5 -3
- package/dist/agent.js.map +1 -1
- package/dist/app.d.ts.map +1 -1
- package/dist/app.js +19 -3
- package/dist/app.js.map +1 -1
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +33 -4
- package/dist/config.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -1
- package/dist/index.js.map +1 -1
- package/dist/runtime.d.ts +12 -0
- package/dist/runtime.d.ts.map +1 -1
- package/dist/runtime.js +32 -1
- package/dist/runtime.js.map +1 -1
- package/dist/services/admin.service.d.ts.map +1 -1
- package/dist/services/admin.service.js +15 -1
- package/dist/services/admin.service.js.map +1 -1
- package/dist/services/consent-audit.service.d.ts +91 -0
- package/dist/services/consent-audit.service.d.ts.map +1 -0
- package/dist/services/consent-audit.service.js +241 -0
- package/dist/services/consent-audit.service.js.map +1 -0
- package/dist/services/consent.service.d.ts +43 -0
- package/dist/services/consent.service.d.ts.map +1 -1
- package/dist/services/consent.service.js +1401 -20
- package/dist/services/consent.service.js.map +1 -1
- package/dist/services/proof.service.d.ts +5 -3
- package/dist/services/proof.service.d.ts.map +1 -1
- package/dist/services/proof.service.js +19 -6
- package/dist/services/proof.service.js.map +1 -1
- package/package.json +9 -5
|
@@ -0,0 +1,241 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Consent Audit Service
|
|
3
|
+
*
|
|
4
|
+
* Handles audit logging for consent-related events.
|
|
5
|
+
* These events bypass session deduplication to allow multiple events per session.
|
|
6
|
+
*/
|
|
7
|
+
export class ConsentAuditService {
|
|
8
|
+
proofService;
|
|
9
|
+
auditLogger;
|
|
10
|
+
proofGenerator;
|
|
11
|
+
config;
|
|
12
|
+
runtime;
|
|
13
|
+
logger = {
|
|
14
|
+
error: (message, meta) => {
|
|
15
|
+
console.error(`[ConsentAuditService] ${message}`, meta);
|
|
16
|
+
// TODO: Send to error tracking service
|
|
17
|
+
}
|
|
18
|
+
};
|
|
19
|
+
constructor(proofService, auditLogger, proofGenerator, config, runtime // REQUIRED for identity
|
|
20
|
+
) {
|
|
21
|
+
this.proofService = proofService;
|
|
22
|
+
this.auditLogger = auditLogger;
|
|
23
|
+
this.proofGenerator = proofGenerator;
|
|
24
|
+
this.config = config;
|
|
25
|
+
this.runtime = runtime;
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Create a minimal SessionContext for audit logging
|
|
29
|
+
* Only sessionId and audience are used by logEvent, but TypeScript requires full SessionContext
|
|
30
|
+
*/
|
|
31
|
+
createSessionContext(sessionId) {
|
|
32
|
+
const now = Math.floor(Date.now() / 1000);
|
|
33
|
+
// Audience is typically from the handshake, but for consent events we use a default
|
|
34
|
+
const audience = "https://kya.vouched.id";
|
|
35
|
+
return {
|
|
36
|
+
sessionId,
|
|
37
|
+
audience,
|
|
38
|
+
nonce: '', // Not used by logEvent, but required by type
|
|
39
|
+
timestamp: now,
|
|
40
|
+
createdAt: now,
|
|
41
|
+
lastActivity: now,
|
|
42
|
+
ttlMinutes: 30,
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Log consent page view event
|
|
47
|
+
*/
|
|
48
|
+
async logConsentPageView(event) {
|
|
49
|
+
const timestamp = Math.floor(Date.now() / 1000); // Unix timestamp in seconds
|
|
50
|
+
const identity = await this.getServerIdentity();
|
|
51
|
+
// Log to audit system (bypasses session deduplication)
|
|
52
|
+
await this.auditLogger.logEvent({
|
|
53
|
+
eventType: "consent:page_viewed",
|
|
54
|
+
identity,
|
|
55
|
+
session: this.createSessionContext(event.sessionId),
|
|
56
|
+
eventData: event
|
|
57
|
+
});
|
|
58
|
+
// Generate proof for dashboard
|
|
59
|
+
const proof = await this.generateConsentProof("consent:page_viewed", event, timestamp);
|
|
60
|
+
await this.proofService.submitProof(proof, {
|
|
61
|
+
session: { id: event.sessionId },
|
|
62
|
+
consentEvent: {
|
|
63
|
+
eventType: "consent:page_viewed",
|
|
64
|
+
timestamp,
|
|
65
|
+
sessionId: event.sessionId,
|
|
66
|
+
agentDid: event.agentDid,
|
|
67
|
+
targetTools: event.targetTools,
|
|
68
|
+
scopes: event.scopes,
|
|
69
|
+
projectId: event.projectId
|
|
70
|
+
}
|
|
71
|
+
});
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Log consent approval event
|
|
75
|
+
*/
|
|
76
|
+
async logConsentApproval(event) {
|
|
77
|
+
const timestamp = Math.floor(Date.now() / 1000); // Unix timestamp in seconds
|
|
78
|
+
const identity = await this.getServerIdentity();
|
|
79
|
+
// Log to audit system
|
|
80
|
+
await this.auditLogger.logEvent({
|
|
81
|
+
eventType: "consent:approved",
|
|
82
|
+
identity,
|
|
83
|
+
session: this.createSessionContext(event.sessionId),
|
|
84
|
+
eventData: event
|
|
85
|
+
});
|
|
86
|
+
// Generate proof
|
|
87
|
+
const proof = await this.generateConsentProof("consent:approved", event, timestamp);
|
|
88
|
+
await this.proofService.submitProof(proof, {
|
|
89
|
+
session: { id: event.sessionId },
|
|
90
|
+
consentEvent: {
|
|
91
|
+
eventType: "consent:approved",
|
|
92
|
+
timestamp,
|
|
93
|
+
sessionId: event.sessionId,
|
|
94
|
+
userDid: event.userDid,
|
|
95
|
+
agentDid: event.agentDid,
|
|
96
|
+
targetTools: event.targetTools,
|
|
97
|
+
scopes: event.scopes,
|
|
98
|
+
delegationId: event.delegationId,
|
|
99
|
+
projectId: event.projectId,
|
|
100
|
+
termsAccepted: event.termsAccepted,
|
|
101
|
+
oauthIdentity: event.oauthIdentity
|
|
102
|
+
}
|
|
103
|
+
});
|
|
104
|
+
}
|
|
105
|
+
/**
|
|
106
|
+
* Log when user needs credentials before delegation
|
|
107
|
+
*/
|
|
108
|
+
async logCredentialRequired(event) {
|
|
109
|
+
const timestamp = Math.floor(Date.now() / 1000); // Unix timestamp in seconds
|
|
110
|
+
const identity = await this.getServerIdentity();
|
|
111
|
+
// Log to audit system
|
|
112
|
+
await this.auditLogger.logEvent({
|
|
113
|
+
eventType: "consent:credential_required",
|
|
114
|
+
identity,
|
|
115
|
+
session: this.createSessionContext(event.sessionId),
|
|
116
|
+
eventData: event
|
|
117
|
+
});
|
|
118
|
+
// Generate proof
|
|
119
|
+
const proof = await this.generateConsentProof("consent:credential_required", event, timestamp);
|
|
120
|
+
await this.proofService.submitProof(proof, {
|
|
121
|
+
session: { id: event.sessionId },
|
|
122
|
+
consentEvent: {
|
|
123
|
+
eventType: "consent:credential_required",
|
|
124
|
+
timestamp,
|
|
125
|
+
sessionId: event.sessionId,
|
|
126
|
+
agentDid: event.agentDid,
|
|
127
|
+
targetTools: event.targetTools,
|
|
128
|
+
scopes: event.scopes,
|
|
129
|
+
projectId: event.projectId,
|
|
130
|
+
credentialStatus: "required",
|
|
131
|
+
oauthIdentity: event.oauthProvider ? {
|
|
132
|
+
provider: event.oauthProvider,
|
|
133
|
+
identifier: ""
|
|
134
|
+
} : undefined
|
|
135
|
+
}
|
|
136
|
+
});
|
|
137
|
+
}
|
|
138
|
+
/**
|
|
139
|
+
* Log delegation creation
|
|
140
|
+
*/
|
|
141
|
+
async logDelegationCreated(event) {
|
|
142
|
+
const timestamp = Math.floor(Date.now() / 1000); // Unix timestamp in seconds
|
|
143
|
+
const identity = await this.getServerIdentity();
|
|
144
|
+
// Log to audit system
|
|
145
|
+
await this.auditLogger.logEvent({
|
|
146
|
+
eventType: "consent:delegation_created",
|
|
147
|
+
identity,
|
|
148
|
+
session: this.createSessionContext(event.sessionId),
|
|
149
|
+
eventData: event
|
|
150
|
+
});
|
|
151
|
+
// Generate proof
|
|
152
|
+
const proof = await this.generateConsentProof("consent:delegation_created", event, timestamp);
|
|
153
|
+
await this.proofService.submitProof(proof, {
|
|
154
|
+
session: { id: event.sessionId },
|
|
155
|
+
consentEvent: {
|
|
156
|
+
eventType: "consent:delegation_created",
|
|
157
|
+
timestamp,
|
|
158
|
+
sessionId: event.sessionId,
|
|
159
|
+
delegationId: event.delegationId,
|
|
160
|
+
agentDid: event.agentDid,
|
|
161
|
+
userDid: event.userDid,
|
|
162
|
+
targetTools: event.targetTools,
|
|
163
|
+
scopes: event.scopes,
|
|
164
|
+
projectId: event.projectId
|
|
165
|
+
}
|
|
166
|
+
});
|
|
167
|
+
}
|
|
168
|
+
/**
|
|
169
|
+
* Generate proof for consent event
|
|
170
|
+
*
|
|
171
|
+
* IMPORTANT: Consent events use synthetic canonical request/response forms
|
|
172
|
+
* since they represent system events, not actual HTTP requests. The MCP-I
|
|
173
|
+
* proof spec allows synthetic forms for system-generated events that don't
|
|
174
|
+
* correspond to actual HTTP requests.
|
|
175
|
+
*
|
|
176
|
+
* ✅ FIXED: Added nonce generation, fixed SessionContext structure
|
|
177
|
+
*/
|
|
178
|
+
async generateConsentProof(eventType, event, timestamp) {
|
|
179
|
+
const identity = await this.getServerIdentity();
|
|
180
|
+
// ✅ CRITICAL: Generate nonce for this session (REQUIRED by SessionContext)
|
|
181
|
+
const nonce = await this.runtime.issueNonce(event.sessionId);
|
|
182
|
+
// Synthetic canonical forms for consent events
|
|
183
|
+
// Use ToolRequest/ToolResponse format expected by CloudflareProofGenerator
|
|
184
|
+
const canonicalRequest = {
|
|
185
|
+
method: "POST",
|
|
186
|
+
params: {
|
|
187
|
+
eventType,
|
|
188
|
+
timestamp,
|
|
189
|
+
...event
|
|
190
|
+
}
|
|
191
|
+
};
|
|
192
|
+
const canonicalResponse = {
|
|
193
|
+
data: {
|
|
194
|
+
success: true,
|
|
195
|
+
eventType,
|
|
196
|
+
timestamp,
|
|
197
|
+
serverDid: identity.did
|
|
198
|
+
}
|
|
199
|
+
};
|
|
200
|
+
// ✅ FIXED: Build SessionContext with all required fields
|
|
201
|
+
// ✅ FIXED: Remove agentDid and clientDid from SessionContext (not part of spec)
|
|
202
|
+
// ✅ FIXED: Move clientDid to ProofOptions
|
|
203
|
+
const now = Math.floor(Date.now() / 1000);
|
|
204
|
+
const sessionContext = {
|
|
205
|
+
sessionId: event.sessionId,
|
|
206
|
+
nonce, // ✅ REQUIRED - was missing!
|
|
207
|
+
audience: "https://kya.vouched.id",
|
|
208
|
+
timestamp: now,
|
|
209
|
+
createdAt: now,
|
|
210
|
+
lastActivity: now,
|
|
211
|
+
ttlMinutes: 30,
|
|
212
|
+
};
|
|
213
|
+
return await this.proofGenerator.generateProof(canonicalRequest, canonicalResponse, sessionContext, // Only nonce, audience, sessionId
|
|
214
|
+
{
|
|
215
|
+
scopeId: eventType,
|
|
216
|
+
clientDid: event.userDid // ✅ clientDid belongs in options, not session
|
|
217
|
+
});
|
|
218
|
+
}
|
|
219
|
+
/**
|
|
220
|
+
* Get server's actual identity (NO FALLBACK)
|
|
221
|
+
*/
|
|
222
|
+
async getServerIdentity() {
|
|
223
|
+
if (!this.runtime) {
|
|
224
|
+
throw new Error("Runtime required for consent audit - cannot use fallback identity");
|
|
225
|
+
}
|
|
226
|
+
try {
|
|
227
|
+
const identity = await this.runtime.getIdentity();
|
|
228
|
+
if (!identity) {
|
|
229
|
+
throw new Error("No active identity available");
|
|
230
|
+
}
|
|
231
|
+
return identity;
|
|
232
|
+
}
|
|
233
|
+
catch (error) {
|
|
234
|
+
this.logger.error("Failed to get server identity", {
|
|
235
|
+
error: error instanceof Error ? error.message : String(error)
|
|
236
|
+
});
|
|
237
|
+
throw new Error("Server identity required for consent audit logging");
|
|
238
|
+
}
|
|
239
|
+
}
|
|
240
|
+
}
|
|
241
|
+
//# sourceMappingURL=consent-audit.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"consent-audit.service.js","sourceRoot":"","sources":["../../src/services/consent-audit.service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAYH,MAAM,OAAO,mBAAmB;IASpB;IACA;IACA;IACA;IACA;IAZF,MAAM,GAAG;QACf,KAAK,EAAE,CAAC,OAAe,EAAE,IAAyB,EAAE,EAAE;YACpD,OAAO,CAAC,KAAK,CAAC,yBAAyB,OAAO,EAAE,EAAE,IAAI,CAAC,CAAC;YACxD,uCAAuC;QACzC,CAAC;KACF,CAAC;IAEF,YACU,YAA0B,EAC1B,WAAwB,EACxB,cAAwC,EACxC,MAA+B,EAC/B,OAA0B,CAAC,wBAAwB;;QAJnD,iBAAY,GAAZ,YAAY,CAAc;QAC1B,gBAAW,GAAX,WAAW,CAAa;QACxB,mBAAc,GAAd,cAAc,CAA0B;QACxC,WAAM,GAAN,MAAM,CAAyB;QAC/B,YAAO,GAAP,OAAO,CAAmB;IACjC,CAAC;IAEJ;;;OAGG;IACK,oBAAoB,CAAC,SAAiB;QAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,oFAAoF;QACpF,MAAM,QAAQ,GAAG,wBAAwB,CAAC;QAC1C,OAAO;YACL,SAAS;YACT,QAAQ;YACR,KAAK,EAAE,EAAE,EAAE,6CAA6C;YACxD,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;YACd,YAAY,EAAE,GAAG;YACjB,UAAU,EAAE,EAAE;SACf,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,KAMxB;QACC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,4BAA4B;QAC7E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEhD,uDAAuD;QACvD,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC9B,SAAS,EAAE,qBAAqB;YAChC,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,SAAS,CAAC;YACnD,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,+BAA+B;QAC/B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,qBAAqB,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;QAEvF,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,KAAK,EAAE;YACzC,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,SAAS,EAAE;YAChC,YAAY,EAAE;gBACZ,SAAS,EAAE,qBAAqB;gBAChC,SAAS;gBACT,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,SAAS,EAAE,KAAK,CAAC,SAAS;aAC3B;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,KAUxB;QACC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,4BAA4B;QAC7E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEhD,sBAAsB;QACtB,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC9B,SAAS,EAAE,kBAAkB;YAC7B,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,SAAS,CAAC;YACnD,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,iBAAiB;QACjB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,kBAAkB,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;QAEpF,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,KAAK,EAAE;YACzC,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,SAAS,EAAE;YAChC,YAAY,EAAE;gBACZ,SAAS,EAAE,kBAAkB;gBAC7B,SAAS;gBACT,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,aAAa,EAAE,KAAK,CAAC,aAAa;gBAClC,aAAa,EAAE,KAAK,CAAC,aAAa;aACnC;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB,CAAC,KAO3B;QACC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,4BAA4B;QAC7E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEhD,sBAAsB;QACtB,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC9B,SAAS,EAAE,6BAA6B;YACxC,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,SAAS,CAAC;YACnD,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,iBAAiB;QACjB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,6BAA6B,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;QAE/F,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,KAAK,EAAE;YACzC,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,SAAS,EAAE;YAChC,YAAY,EAAE;gBACZ,SAAS,EAAE,6BAA6B;gBACxC,SAAS;gBACT,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,gBAAgB,EAAE,UAAU;gBAC5B,aAAa,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC;oBACnC,QAAQ,EAAE,KAAK,CAAC,aAAa;oBAC7B,UAAU,EAAE,EAAE;iBACf,CAAC,CAAC,CAAC,SAAS;aACd;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB,CAAC,KAQ1B;QACC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,4BAA4B;QAC7E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEhD,sBAAsB;QACtB,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC9B,SAAS,EAAE,4BAA4B;YACvC,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,SAAS,CAAC;YACnD,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,iBAAiB;QACjB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,4BAA4B,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;QAE9F,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,KAAK,EAAE;YACzC,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,SAAS,EAAE;YAChC,YAAY,EAAE;gBACZ,SAAS,EAAE,4BAA4B;gBACvC,SAAS;gBACT,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,SAAS,EAAE,KAAK,CAAC,SAAS;aAC3B;SACF,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACK,KAAK,CAAC,oBAAoB,CAChC,SAAiB,EACjB,KAAU,EACV,SAAiB;QAEjB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEhD,2EAA2E;QAC3E,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAE7D,+CAA+C;QAC/C,2EAA2E;QAC3E,MAAM,gBAAgB,GAAG;YACvB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE;gBACN,SAAS;gBACT,SAAS;gBACT,GAAG,KAAK;aACT;SACF,CAAC;QAEF,MAAM,iBAAiB,GAAG;YACxB,IAAI,EAAE;gBACJ,OAAO,EAAE,IAAI;gBACb,SAAS;gBACT,SAAS;gBACT,SAAS,EAAE,QAAQ,CAAC,GAAG;aACxB;SACF,CAAC;QAEF,yDAAyD;QACzD,gFAAgF;QAChF,0CAA0C;QAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,cAAc,GAAmB;YACrC,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,KAAK,EAAE,4BAA4B;YACnC,QAAQ,EAAE,wBAAwB;YAClC,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;YACd,YAAY,EAAE,GAAG;YACjB,UAAU,EAAE,EAAE;SACf,CAAC;QAEF,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAC5C,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EAAE,kCAAkC;QAClD;YACE,OAAO,EAAE,SAAS;YAClB,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,8CAA8C;SACxE,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB;QAC7B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;QACvF,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YAClD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;YAClD,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE;gBACjD,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;CACF"}
|
|
@@ -15,7 +15,40 @@ export declare class ConsentService {
|
|
|
15
15
|
private env;
|
|
16
16
|
private runtime?;
|
|
17
17
|
private userDidManager?;
|
|
18
|
+
private auditService?;
|
|
19
|
+
private auditInitPromise?;
|
|
20
|
+
/**
|
|
21
|
+
* ✅ FIXED: Constructor takes env: CloudflareEnv, not config
|
|
22
|
+
*/
|
|
18
23
|
constructor(env: CloudflareEnv, runtime?: CloudflareRuntime);
|
|
24
|
+
/**
|
|
25
|
+
* Get or initialize audit service (lazy initialization)
|
|
26
|
+
*
|
|
27
|
+
* Fetches config from remote API when projectId is available.
|
|
28
|
+
* Uses promise caching to prevent race conditions.
|
|
29
|
+
*
|
|
30
|
+
* @param projectId - Project ID from consent request (required for config fetch)
|
|
31
|
+
*/
|
|
32
|
+
private getAuditService;
|
|
33
|
+
/**
|
|
34
|
+
* Initialize audit service - fetches config from remote API
|
|
35
|
+
*
|
|
36
|
+
* ⚠️ CRITICAL: Fetches config from remote API using fetchRemoteConfig()
|
|
37
|
+
* This is the ONLY way to get CloudflareRuntimeConfig per requirement.
|
|
38
|
+
*/
|
|
39
|
+
private initializeAuditService;
|
|
40
|
+
/**
|
|
41
|
+
* Fetch CloudflareRuntimeConfig from remote API (AgentShield)
|
|
42
|
+
*
|
|
43
|
+
* ⚠️ CRITICAL: Config MUST be fetched from remote API, not constructed from env.
|
|
44
|
+
*
|
|
45
|
+
* Uses existing `fetchRemoteConfig()` from `@kya-os/mcp-i-core/config/remote-config`
|
|
46
|
+
* which handles caching, error handling, and API communication.
|
|
47
|
+
*
|
|
48
|
+
* @param projectId - Project ID from consent request
|
|
49
|
+
* @returns Runtime config or undefined if unavailable
|
|
50
|
+
*/
|
|
51
|
+
private getConfigFromRemoteAPI;
|
|
19
52
|
/**
|
|
20
53
|
* Get or generate User DID for a session
|
|
21
54
|
*
|
|
@@ -94,6 +127,16 @@ export declare class ConsentService {
|
|
|
94
127
|
* @returns HTML response
|
|
95
128
|
*/
|
|
96
129
|
private renderConsentPage;
|
|
130
|
+
/**
|
|
131
|
+
* Parse request body from JSON or FormData
|
|
132
|
+
*
|
|
133
|
+
* Handles both JSON and FormData/multipart requests, converting
|
|
134
|
+
* FormData fields to the correct format for ConsentApprovalRequest.
|
|
135
|
+
*
|
|
136
|
+
* @param request - Request to parse
|
|
137
|
+
* @returns Parsed body object
|
|
138
|
+
*/
|
|
139
|
+
private parseRequestBody;
|
|
97
140
|
/**
|
|
98
141
|
* Handle consent approval
|
|
99
142
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"consent.service.d.ts","sourceRoot":"","sources":["../../src/services/consent.service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAWpD,OAAO,KAAK,EAIV,aAAa,EACd,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"consent.service.d.ts","sourceRoot":"","sources":["../../src/services/consent.service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAWpD,OAAO,KAAK,EAIV,aAAa,EACd,MAAM,2BAA2B,CAAC;AAqBnC,qBAAa,cAAc;IACzB,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,QAAQ,CAAsB;IACtC,OAAO,CAAC,GAAG,CAAgB;IAC3B,OAAO,CAAC,OAAO,CAAC,CAAoB;IACpC,OAAO,CAAC,cAAc,CAAC,CAAiB;IAGxC,OAAO,CAAC,YAAY,CAAC,CAAsB;IAC3C,OAAO,CAAC,gBAAgB,CAAC,CAAgB;IAEzC;;OAEG;gBACS,GAAG,EAAE,aAAa,EAAE,OAAO,CAAC,EAAE,iBAAiB;IAQ3D;;;;;;;OAOG;YACW,eAAe;IAmC7B;;;;;OAKG;YACW,sBAAsB;IA8CpC;;;;;;;;;;OAUG;YACW,sBAAsB;IA6CpC;;;;;;;;;OASG;YACW,oBAAoB;IA4HlC;;;;;;;;;;;OAWG;IACG,eAAe,CACnB,SAAS,EAAE,MAAM,EACjB,aAAa,CAAC,EAAE,aAAa,GAC5B,OAAO,CAAC,OAAO,CAAC;IA+CnB;;;;;;;;;;;;OAYG;IACH,aAAa,CACX,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EAAE,EAChB,SAAS,EAAE,MAAM,GAChB,MAAM;IA8BT;;;;;;;;;;;OAWG;IACG,kBAAkB,CACtB,aAAa,EAAE,aAAa,EAC5B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC;IAuElB;;;;;;;;;;OAUG;IACG,MAAM,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IAqBjD;;;;;;;;;;;;;OAaG;YACW,iBAAiB;IA8M/B;;;;;;;;OAQG;YACW,gBAAgB;IA8lC9B;;;;;;;;OAQG;YACW,cAAc;IAmO5B;;;;;OAKG;YACW,gBAAgB;IAgN9B;;;;;;;;;OASG;YACW,oBAAoB;IAgFlC;;;;;OAKG;YACW,iBAAiB;IAmC/B;;;;OAIG;YACW,sBAAsB;IA+EpC;;OAEG;YACW,sBAAsB;IAyBpC;;;;;;;;;OASG;IACH,OAAO,CAAC,WAAW;IAMnB;;;;;;;;;OASG;IACH,OAAO,CAAC,4BAA4B;IA2DpC;;OAEG;YACW,UAAU;IAqDxB;;;;;OAKG;YACW,WAAW;IA0GzB;;OAEG;YACW,qBAAqB;CAyBpC"}
|