@kya-os/mcp-i-cloudflare 1.5.8-canary.2 → 1.5.8-canary.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/dist/__tests__/e2e/test-config.d.ts +37 -0
  2. package/dist/__tests__/e2e/test-config.d.ts.map +1 -0
  3. package/dist/__tests__/e2e/test-config.js +62 -0
  4. package/dist/__tests__/e2e/test-config.js.map +1 -0
  5. package/dist/adapter.d.ts.map +1 -1
  6. package/dist/adapter.js +166 -29
  7. package/dist/adapter.js.map +1 -1
  8. package/dist/agent.d.ts.map +1 -1
  9. package/dist/agent.js +5 -3
  10. package/dist/agent.js.map +1 -1
  11. package/dist/app.d.ts.map +1 -1
  12. package/dist/app.js +19 -3
  13. package/dist/app.js.map +1 -1
  14. package/dist/config.d.ts.map +1 -1
  15. package/dist/config.js +33 -4
  16. package/dist/config.js.map +1 -1
  17. package/dist/index.d.ts.map +1 -1
  18. package/dist/index.js +5 -1
  19. package/dist/index.js.map +1 -1
  20. package/dist/runtime.d.ts +12 -0
  21. package/dist/runtime.d.ts.map +1 -1
  22. package/dist/runtime.js +32 -1
  23. package/dist/runtime.js.map +1 -1
  24. package/dist/services/admin.service.d.ts.map +1 -1
  25. package/dist/services/admin.service.js +15 -1
  26. package/dist/services/admin.service.js.map +1 -1
  27. package/dist/services/consent-audit.service.d.ts +91 -0
  28. package/dist/services/consent-audit.service.d.ts.map +1 -0
  29. package/dist/services/consent-audit.service.js +241 -0
  30. package/dist/services/consent-audit.service.js.map +1 -0
  31. package/dist/services/consent.service.d.ts +43 -0
  32. package/dist/services/consent.service.d.ts.map +1 -1
  33. package/dist/services/consent.service.js +1401 -20
  34. package/dist/services/consent.service.js.map +1 -1
  35. package/dist/services/proof.service.d.ts +5 -3
  36. package/dist/services/proof.service.d.ts.map +1 -1
  37. package/dist/services/proof.service.js +19 -6
  38. package/dist/services/proof.service.js.map +1 -1
  39. package/package.json +9 -5
package/dist/services/consent.service.js CHANGED
@@ -15,17 +15,144 @@ import { validateConsentApprovalRequest, } from "@kya-os/contracts/consent";
15
15
  import { AGENTSHIELD_ENDPOINTS, createDelegationAPIResponseSchema, createDelegationResponseSchema, } from "@kya-os/contracts/agentshield-api";
16
16
  import { UserDidManager } from "@kya-os/mcp-i-core";
17
17
  import { WebCryptoProvider } from "../providers/crypto";
18
+ import { ConsentAuditService } from "./consent-audit.service";
19
+ import { CloudflareProofGenerator } from "../proof-generator";
20
+ import { ProofService } from "./proof.service";
21
+ import { fetchRemoteConfig } from "@kya-os/mcp-i-core/config/remote-config";
18
22
  export class ConsentService {
19
23
  configService;
20
24
  renderer;
21
25
  env;
22
26
  runtime;
23
27
  userDidManager; // Cached instance for consistent DID generation
28
+ // ✅ Audit service - lazy initialized
29
+ auditService;
30
+ auditInitPromise; // Cache promise to prevent race conditions
31
+ /**
32
+ * ✅ FIXED: Constructor takes env: CloudflareEnv, not config
33
+ */
24
34
  constructor(env, runtime) {
25
35
  this.env = env;
26
36
  this.runtime = runtime;
27
37
  this.configService = new ConsentConfigService(env);
28
38
  this.renderer = new ConsentPageRenderer();
39
+ // No initialization here - keep constructor synchronous
40
+ }
41
+ /**
42
+ * Get or initialize audit service (lazy initialization)
43
+ *
44
+ * Fetches config from remote API when projectId is available.
45
+ * Uses promise caching to prevent race conditions.
46
+ *
47
+ * @param projectId - Project ID from consent request (required for config fetch)
48
+ */
49
+ async getAuditService(projectId) {
50
+ // Already initialized
51
+ if (this.auditService) {
52
+ return this.auditService;
53
+ }
54
+ // No runtime - audit not available
55
+ if (!this.runtime) {
56
+ return undefined;
57
+ }
58
+ // Initialization in progress - wait for it
59
+ if (this.auditInitPromise) {
60
+ await this.auditInitPromise;
61
+ return this.auditService;
62
+ }
63
+ // Start initialization (with projectId for config fetch)
64
+ this.auditInitPromise = this.initializeAuditService(projectId);
65
+ try {
66
+ await this.auditInitPromise;
67
+ }
68
+ catch (error) {
69
+ console.warn("[ConsentService] Audit service initialization failed:", error);
70
+ // Don't throw - audit failures shouldn't break consent flow
71
+ }
72
+ return this.auditService;
73
+ }
74
+ /**
75
+ * Initialize audit service - fetches config from remote API
76
+ *
77
+ * ⚠️ CRITICAL: Fetches config from remote API using fetchRemoteConfig()
78
+ * This is the ONLY way to get CloudflareRuntimeConfig per requirement.
79
+ */
80
+ async initializeAuditService(projectId) {
81
+ if (!this.runtime) {
82
+ return;
83
+ }
84
+ try {
85
+ // ✅ CRITICAL: Fetch config from remote API
86
+ const config = await this.getConfigFromRemoteAPI(projectId);
87
+ if (!config?.proofing?.enabled) {
88
+ console.log("[ConsentService] Proofing not enabled in remote config");
89
+ return; // Proofing not enabled
90
+ }
91
+ // Get identity (async - requires runtime to be initialized)
92
+ const identity = await this.runtime.getIdentity();
93
+ // ✅ FIXED: CloudflareProofGenerator only takes identity, not providers
94
+ const proofGenerator = new CloudflareProofGenerator(identity);
95
+ // Get audit logger
96
+ const auditLogger = this.runtime.getAuditLogger();
97
+ if (!auditLogger) {
98
+ console.warn("[ConsentService] AuditLogger not available");
99
+ return;
100
+ }
101
+ // Create audit service with fetched config
102
+ this.auditService = new ConsentAuditService(new ProofService(config, this.runtime), auditLogger, proofGenerator, config, // ✅ Config fetched from remote API
103
+ this.runtime);
104
+ console.log("[ConsentService] Audit service initialized successfully");
105
+ }
106
+ catch (error) {
107
+ console.error("[ConsentService] Failed to initialize audit service:", error);
108
+ // Don't throw - audit failures shouldn't break consent flow
109
+ }
110
+ }
111
+ /**
112
+ * Fetch CloudflareRuntimeConfig from remote API (AgentShield)
113
+ *
114
+ * ⚠️ CRITICAL: Config MUST be fetched from remote API, not constructed from env.
115
+ *
116
+ * Uses existing `fetchRemoteConfig()` from `@kya-os/mcp-i-core/config/remote-config`
117
+ * which handles caching, error handling, and API communication.
118
+ *
119
+ * @param projectId - Project ID from consent request
120
+ * @returns Runtime config or undefined if unavailable
121
+ */
122
+ async getConfigFromRemoteAPI(projectId) {
123
+ if (!this.env.AGENTSHIELD_API_KEY) {
124
+ console.warn("[ConsentService] No API key for runtime config fetch");
125
+ return undefined;
126
+ }
127
+ try {
128
+ // Create KV cache adapter
129
+ const cache = this.env.TOOL_PROTECTION_KV
130
+ ? {
131
+ get: async (key) => {
132
+ return ((await this.env.TOOL_PROTECTION_KV.get(key, "text")) || null);
133
+ },
134
+ set: async (key, value, ttl) => {
135
+ await this.env.TOOL_PROTECTION_KV.put(key, value, {
136
+ expirationTtl: Math.floor(ttl / 1000),
137
+ });
138
+ },
139
+ }
140
+ : undefined;
141
+ const config = await fetchRemoteConfig({
142
+ apiUrl: this.env.AGENTSHIELD_API_URL || "https://kya.vouched.id",
143
+ apiKey: this.env.AGENTSHIELD_API_KEY,
144
+ projectId, // ✅ Use projectId from consent request
145
+ cacheTtl: 300000, // 5 minutes
146
+ fetchProvider: fetch,
147
+ }, cache);
148
+ // fetchRemoteConfig returns MCPIConfig | null
149
+ // CloudflareRuntimeConfig extends MCPIConfig, so cast is safe
150
+ return config;
151
+ }
152
+ catch (error) {
153
+ console.warn("[ConsentService] Error fetching runtime config:", error);
154
+ return undefined;
155
+ }
29
156
  }
30
157
  /**
31
158
  * Get or generate User DID for a session
@@ -38,13 +165,21 @@ export class ConsentService {
38
165
  * @returns User DID (did:key format)
39
166
  */
40
167
  async getUserDidForSession(sessionId, oauthIdentity) {
168
+ // Handle null explicitly (from JSON parsing)
169
+ const hasOAuthIdentity = oauthIdentity &&
170
+ typeof oauthIdentity === "object" &&
171
+ oauthIdentity.provider &&
172
+ oauthIdentity.subject;
41
173
  // If OAuth identity provided, check for existing mapping first
42
- if (oauthIdentity && this.env.DELEGATION_STORAGE) {
174
+ if (hasOAuthIdentity && this.env.DELEGATION_STORAGE) {
43
175
  try {
44
176
  const oauthKey = STORAGE_KEYS.oauthIdentity(oauthIdentity.provider, oauthIdentity.subject);
45
177
  const mappedUserDid = await this.env.DELEGATION_STORAGE.get(oauthKey, "text");
46
178
  if (mappedUserDid) {
47
- console.log("[ConsentService] Found persistent User DID from OAuth mapping");
179
+ console.log("[ConsentService] Found persistent User DID from OAuth mapping:", {
180
+ provider: oauthIdentity.provider,
181
+ userDid: mappedUserDid.substring(0, 20) + "...",
182
+ });
48
183
  return mappedUserDid;
49
184
  }
50
185
  }
@@ -53,6 +188,10 @@ export class ConsentService {
53
188
  // Continue with ephemeral DID generation
54
189
  }
55
190
  }
191
+ else if (oauthIdentity === null) {
192
+ // Explicitly handle null case (no OAuth)
193
+ console.log("[ConsentService] No OAuth identity provided (null), generating ephemeral DID");
194
+ }
56
195
  // Continue with existing ephemeral DID generation logic
57
196
  if (!this.env.DELEGATION_STORAGE) {
58
197
  // No storage - use cached UserDidManager instance for consistent DID generation
@@ -403,6 +542,29 @@ export class ConsentService {
403
542
  });
404
543
  return Response.redirect(oauthUrl, 302);
405
544
  }
545
+ // ✅ Lazy initialization with projectId
546
+ const auditService = await this.getAuditService(projectId);
547
+ // Log page view event (if audit service available)
548
+ if (auditService) {
549
+ await auditService
550
+ .logConsentPageView({
551
+ sessionId,
552
+ agentDid,
553
+ targetTools: [tool], // Wrap in array
554
+ scopes,
555
+ projectId,
556
+ })
557
+ .catch((err) => {
558
+ // Structured error logging
559
+ console.error("[ConsentService] Audit logging failed", {
560
+ eventType: "consent:page_viewed",
561
+ sessionId,
562
+ error: err instanceof Error ? err.message : String(err),
563
+ stack: err instanceof Error ? err.stack : undefined,
564
+ });
565
+ // Don't throw - audit failures shouldn't break consent flow
566
+ });
567
+ }
406
568
  // Build consent page config
407
569
  const pageConfig = {
408
570
  tool,
@@ -439,6 +601,1079 @@ export class ConsentService {
439
601
  });
440
602
  }
441
603
  }
604
+ /**
605
+ * Parse request body from JSON or FormData
606
+ *
607
+ * Handles both JSON and FormData/multipart requests, converting
608
+ * FormData fields to the correct format for ConsentApprovalRequest.
609
+ *
610
+ * @param request - Request to parse
611
+ * @returns Parsed body object
612
+ */
613
+ async parseRequestBody(request) {
614
+ const contentType = request.headers.get("content-type") || "";
615
+ // Helper function to parse form fields into body object
616
+ const parseFormFields = (entries) => {
617
+ const body = {};
618
+ for (const [key, value] of entries) {
619
+ // Handle special fields that need parsing
620
+ if (key === "scopes" || key === "scopes[]") {
621
+ // Scopes come as JSON string
622
+ try {
623
+ body["scopes"] = JSON.parse(value);
624
+ }
625
+ catch {
626
+ // If not JSON, treat as single scope or array
627
+ body["scopes"] = value.includes(",") ? value.split(",") : [value];
628
+ }
629
+ }
630
+ else if (key === "oauth_identity" || key === "oauth_identity_json") {
631
+ // OAuth identity comes as JSON string
632
+ try {
633
+ const parsed = JSON.parse(value);
634
+ body["oauth_identity"] = parsed || null;
635
+ }
636
+ catch {
637
+ // Invalid JSON, set to null
638
+ body["oauth_identity"] = null;
639
+ }
640
+ }
641
+ else if (key === "termsAccepted") {
642
+ // Convert checkbox values to boolean
643
+ body[key] =
644
+ value === "on" ||
645
+ value === "true" ||
646
+ value === "1" ||
647
+ value === "yes";
648
+ }
649
+ else if (key === "customFields") {
650
+ // Custom fields come as JSON string
651
+ try {
652
+ body[key] = JSON.parse(value);
653
+ }
654
+ catch {
655
+ // If not JSON, skip
656
+ }
657
+ }
658
+ else {
659
+ // Regular string fields
660
+ body[key] = value;
661
+ }
662
+ }
663
+ // Default termsAccepted to true if not provided (common for checkboxes)
664
+ if (!("termsAccepted" in body)) {
665
+ body.termsAccepted = true;
666
+ }
667
+ // Default scopes to empty array if not provided (required by schema but can be empty)
668
+ if (!("scopes" in body)) {
669
+ body.scopes = [];
670
+ }
671
+ return body;
672
+ };
673
+ // Parse URL-encoded form data (application/x-www-form-urlencoded)
674
+ // When Content-Type is URL-encoded but FormData object is passed, try FormData parsing first
675
+ if (contentType.includes("application/x-www-form-urlencoded")) {
676
+ // Try FormData parsing first (FormData object might have been passed)
677
+ try {
678
+ const clonedRequest = request.clone();
679
+ const formData = await clonedRequest.formData();
680
+ const body = {};
681
+ let hasValidFields = false;
682
+ // Check if FormData parsing returned malformed data (entire multipart body as single entry)
683
+ // Type assertion: FormData.entries() exists at runtime in Cloudflare Workers
684
+ const entriesArray = Array.from(formData.entries());
685
+ if (entriesArray.length === 1 &&
686
+ typeof entriesArray[0][0] === "string" &&
687
+ entriesArray[0][0].includes("Content-Disposition") &&
688
+ typeof entriesArray[0][1] === "string" &&
689
+ entriesArray[0][1].toString().includes("Content-Disposition")) {
690
+ // Manually parse multipart format from the value string
691
+ // The key contains the first boundary and Content-Disposition header start
692
+ // The value contains the rest of the first field and all subsequent fields
693
+ const keyPart = entriesArray[0][0];
694
+ const valuePart = entriesArray[0][1];
695
+ // Fix: If key ends with "name" and value starts with '"fieldname"', combine them
696
+ let multipartBody;
697
+ if (keyPart.trim().endsWith("name") &&
698
+ valuePart.trim().startsWith('"')) {
699
+ // Key ends with "name", value starts with '"fieldname"', combine with = between them
700
+ multipartBody = keyPart + "=" + valuePart;
701
+ }
702
+ else {
703
+ multipartBody = keyPart + valuePart;
704
+ }
705
+ // Match: Content-Disposition header with field name, then capture value until next boundary or end
706
+ const fieldRegex = /Content-Disposition:\s*form-data;\s*name="([^"]+)"\r?\n\r?\n([\s\S]*?)(?=\r?\n------|$)/g;
707
+ let match;
708
+ while ((match = fieldRegex.exec(multipartBody)) !== null) {
709
+ const fieldName = match[1];
710
+ const fieldValue = match[2].trim(); // Remove trailing newlines
711
+ if (fieldName === "scopes" || fieldName === "scopes[]") {
712
+ try {
713
+ body["scopes"] = JSON.parse(fieldValue);
714
+ }
715
+ catch {
716
+ body["scopes"] = fieldValue.includes(",")
717
+ ? fieldValue.split(",")
718
+ : [fieldValue];
719
+ }
720
+ }
721
+ else if (fieldName === "oauth_identity" ||
722
+ fieldName === "oauth_identity_json") {
723
+ try {
724
+ body["oauth_identity"] = JSON.parse(fieldValue) || null;
725
+ }
726
+ catch {
727
+ body["oauth_identity"] = null;
728
+ }
729
+ }
730
+ else if (fieldName === "termsAccepted") {
731
+ body[fieldName] =
732
+ fieldValue === "on" ||
733
+ fieldValue === "true" ||
734
+ fieldValue === "1" ||
735
+ fieldValue === "yes";
736
+ }
737
+ else if (fieldName === "customFields") {
738
+ try {
739
+ body[fieldName] = JSON.parse(fieldValue);
740
+ }
741
+ catch {
742
+ // Skip
743
+ }
744
+ }
745
+ else {
746
+ body[fieldName] = fieldValue;
747
+ }
748
+ hasValidFields = true;
749
+ }
750
+ }
751
+ else {
752
+ // Normal FormData parsing
753
+ // Type assertion: FormData.entries() exists at runtime in Cloudflare Workers
754
+ for (const [key, value] of formData.entries()) {
755
+ if (value instanceof File) {
756
+ continue;
757
+ }
758
+ // Extract field name from malformed keys (when FormData is passed with wrong Content-Type)
759
+ let fieldName = key;
760
+ if (key.includes("Content-Disposition") && key.includes('name="')) {
761
+ // Extract field name from Content-Disposition header
762
+ const nameMatch = key.match(/name="([^"]+)"/);
763
+ if (nameMatch && nameMatch[1]) {
764
+ fieldName = nameMatch[1];
765
+ }
766
+ else {
767
+ // Skip if we can't extract a valid field name
768
+ continue;
769
+ }
770
+ }
771
+ else if (key.includes("------") ||
772
+ key.includes("\r\n") ||
773
+ key.trim() === "") {
774
+ // Skip boundary strings and invalid keys
775
+ continue;
776
+ }
777
+ hasValidFields = true;
778
+ const stringValue = value.toString();
779
+ if (fieldName === "scopes" || fieldName === "scopes[]") {
780
+ try {
781
+ body["scopes"] = JSON.parse(stringValue);
782
+ }
783
+ catch {
784
+ body["scopes"] = stringValue.includes(",")
785
+ ? stringValue.split(",")
786
+ : [stringValue];
787
+ }
788
+ }
789
+ else if (fieldName === "oauth_identity" ||
790
+ fieldName === "oauth_identity_json") {
791
+ try {
792
+ body["oauth_identity"] = JSON.parse(stringValue) || null;
793
+ }
794
+ catch {
795
+ body["oauth_identity"] = null;
796
+ }
797
+ }
798
+ else if (fieldName === "termsAccepted") {
799
+ body[fieldName] =
800
+ stringValue === "on" ||
801
+ stringValue === "true" ||
802
+ stringValue === "1" ||
803
+ stringValue === "yes";
804
+ }
805
+ else if (fieldName === "customFields") {
806
+ try {
807
+ body[fieldName] = JSON.parse(stringValue);
808
+ }
809
+ catch {
810
+ // Skip
811
+ }
812
+ }
813
+ else {
814
+ body[fieldName] = stringValue;
815
+ }
816
+ }
817
+ }
818
+ if (hasValidFields && Object.keys(body).length > 0) {
819
+ if (!("termsAccepted" in body)) {
820
+ body.termsAccepted = true;
821
+ }
822
+ // Default scopes to empty array if not provided
823
+ if (!("scopes" in body)) {
824
+ body.scopes = [];
825
+ }
826
+ return body;
827
+ }
828
+ }
829
+ catch (formDataError) {
830
+ // FormData parsing failed, try URL-encoded text parsing
831
+ console.warn("[ConsentService] FormData parsing failed, trying URL-encoded text:", formDataError);
832
+ }
833
+ // Try URL-encoded text parsing as fallback
834
+ try {
835
+ const text = await request.clone().text();
836
+ const params = new URLSearchParams(text);
837
+ // Type assertion: URLSearchParams.entries() exists at runtime
838
+ return parseFormFields(params.entries());
839
+ }
840
+ catch (urlEncodedError) {
841
+ // Both failed, fall through to JSON parsing
842
+ console.warn("[ConsentService] URL-encoded parsing also failed:", urlEncodedError);
843
+ }
844
+ }
845
+ // Parse multipart FormData (multipart/form-data or when FormData object is passed with other Content-Type)
846
+ // Include text/plain here to handle cases where FormData is passed with mismatched Content-Type
847
+ if (contentType.includes("multipart/form-data") ||
848
+ contentType.includes("form") ||
849
+ contentType === "" ||
850
+ contentType.includes("text/plain") ||
851
+ contentType.includes("text")) {
852
+ // Check if multipart/form-data Content-Type is missing boundary
853
+ // If so, try to parse as text first (FormData might have been serialized incorrectly)
854
+ if (contentType.includes("multipart/form-data") &&
855
+ !contentType.includes("boundary=")) {
856
+ try {
857
+ const textRequest = request.clone();
858
+ const text = await textRequest.text();
859
+ if (text && text.length > 0) {
860
+ // Try to manually parse multipart format from text
861
+ const fieldRegex = /Content-Disposition:\s*form-data;\s*name="([^"]+)"\r?\n\r?\n([\s\S]*?)(?=\r?\n------|$)/g;
862
+ const body = {};
863
+ let match;
864
+ let hasValidFields = false;
865
+ while ((match = fieldRegex.exec(text)) !== null) {
866
+ const fieldName = match[1];
867
+ const fieldValue = match[2].trim();
868
+ if (fieldName === "scopes" || fieldName === "scopes[]") {
869
+ try {
870
+ body["scopes"] = JSON.parse(fieldValue);
871
+ }
872
+ catch {
873
+ body["scopes"] = fieldValue.includes(",")
874
+ ? fieldValue.split(",")
875
+ : [fieldValue];
876
+ }
877
+ }
878
+ else if (fieldName === "oauth_identity" ||
879
+ fieldName === "oauth_identity_json") {
880
+ try {
881
+ body["oauth_identity"] = JSON.parse(fieldValue) || null;
882
+ }
883
+ catch {
884
+ body["oauth_identity"] = null;
885
+ }
886
+ }
887
+ else if (fieldName === "termsAccepted") {
888
+ body[fieldName] =
889
+ fieldValue === "on" ||
890
+ fieldValue === "true" ||
891
+ fieldValue === "1" ||
892
+ fieldValue === "yes";
893
+ }
894
+ else if (fieldName === "customFields") {
895
+ try {
896
+ body[fieldName] = JSON.parse(fieldValue);
897
+ }
898
+ catch {
899
+ // Skip
900
+ }
901
+ }
902
+ else {
903
+ body[fieldName] = fieldValue;
904
+ }
905
+ hasValidFields = true;
906
+ }
907
+ if (hasValidFields && Object.keys(body).length > 0) {
908
+ if (!("termsAccepted" in body)) {
909
+ body.termsAccepted = true;
910
+ }
911
+ // Default scopes to empty array if not provided
912
+ if (!("scopes" in body)) {
913
+ body.scopes = [];
914
+ }
915
+ return body;
916
+ }
917
+ }
918
+ }
919
+ catch {
920
+ // If text parsing fails, fall through to FormData parsing
921
+ }
922
+ }
923
+ try {
924
+ const clonedRequest = request.clone();
925
+ let formData;
926
+ try {
927
+ formData = await clonedRequest.formData();
928
+ }
929
+ catch (formDataError) {
930
+ // Handle FormData parsing errors (missing boundary, wrong Content-Type, etc.)
931
+ const errorMessage = formDataError instanceof Error
932
+ ? formDataError.message
933
+ : String(formDataError);
934
+ const errorCause = formDataError instanceof Error && "cause" in formDataError
935
+ ? formDataError.cause instanceof Error
936
+ ? formDataError.cause.message
937
+ : String(formDataError.cause)
938
+ : "";
939
+ if (errorMessage.includes("missing boundary") ||
940
+ errorMessage.includes("boundary") ||
941
+ errorMessage.includes("Content-Type was not one of") ||
942
+ errorCause.includes("missing boundary") ||
943
+ errorCause.includes("boundary")) {
944
+ // When boundary is missing, try to parse as URL-encoded form data instead
945
+ // This handles the case where FormData was passed but Content-Type doesn't include boundary
946
+ try {
947
+ const textRequest = request.clone();
948
+ const text = await textRequest.text();
949
+ // If text parsing succeeds, try URL-encoded parsing
950
+ if (text && text.length > 0) {
951
+ try {
952
+ const params = new URLSearchParams(text);
953
+ return parseFormFields(params.entries());
954
+ }
955
+ catch {
956
+ // If URL-encoded parsing fails, the text might be multipart format
957
+ // Try to manually parse multipart format from text
958
+ const fieldRegex = /Content-Disposition:\s*form-data;\s*name="([^"]+)"\r?\n\r?\n([\s\S]*?)(?=\r?\n------|$)/g;
959
+ const body = {};
960
+ let match;
961
+ let hasValidFields = false;
962
+ while ((match = fieldRegex.exec(text)) !== null) {
963
+ const fieldName = match[1];
964
+ const fieldValue = match[2].trim();
965
+ if (fieldName === "scopes" || fieldName === "scopes[]") {
966
+ try {
967
+ body["scopes"] = JSON.parse(fieldValue);
968
+ }
969
+ catch {
970
+ body["scopes"] = fieldValue.includes(",")
971
+ ? fieldValue.split(",")
972
+ : [fieldValue];
973
+ }
974
+ }
975
+ else if (fieldName === "oauth_identity" ||
976
+ fieldName === "oauth_identity_json") {
977
+ try {
978
+ body["oauth_identity"] = JSON.parse(fieldValue) || null;
979
+ }
980
+ catch {
981
+ body["oauth_identity"] = null;
982
+ }
983
+ }
984
+ else if (fieldName === "termsAccepted") {
985
+ body[fieldName] =
986
+ fieldValue === "on" ||
987
+ fieldValue === "true" ||
988
+ fieldValue === "1" ||
989
+ fieldValue === "yes";
990
+ }
991
+ else if (fieldName === "customFields") {
992
+ try {
993
+ body[fieldName] = JSON.parse(fieldValue);
994
+ }
995
+ catch {
996
+ // Skip
997
+ }
998
+ }
999
+ else {
1000
+ body[fieldName] = fieldValue;
1001
+ }
1002
+ hasValidFields = true;
1003
+ }
1004
+ if (hasValidFields && Object.keys(body).length > 0) {
1005
+ if (!("termsAccepted" in body)) {
1006
+ body.termsAccepted = true;
1007
+ }
1008
+ // Default scopes to empty array if not provided
1009
+ if (!("scopes" in body)) {
1010
+ body.scopes = [];
1011
+ }
1012
+ return body;
1013
+ }
1014
+ }
1015
+ }
1016
+ }
1017
+ catch {
1018
+ // If all parsing attempts fail, rethrow the original error
1019
+ }
1020
+ }
1021
+ throw formDataError;
1022
+ }
1023
+ const body = {};
1024
+ let hasValidFields = false;
1025
+ // Check if FormData parsing returned malformed data (entire multipart body as single entry)
1026
+ // Type assertion: FormData.entries() exists at runtime in Cloudflare Workers
1027
+ const entriesArray = Array.from(formData.entries());
1028
+ if (entriesArray.length === 1 &&
1029
+ typeof entriesArray[0][0] === "string" &&
1030
+ entriesArray[0][0].includes("Content-Disposition") &&
1031
+ typeof entriesArray[0][1] === "string" &&
1032
+ entriesArray[0][1].toString().includes("Content-Disposition")) {
1033
+ // Manually parse multipart format from the value string
1034
+ const keyPart = entriesArray[0][0];
1035
+ const valuePart = entriesArray[0][1];
1036
+ // Fix: If key ends with "name" and value starts with '"fieldname"', combine them
1037
+ let multipartBody;
1038
+ if (keyPart.trim().endsWith("name") &&
1039
+ valuePart.trim().startsWith('"')) {
1040
+ multipartBody = keyPart + "=" + valuePart;
1041
+ }
1042
+ else {
1043
+ multipartBody = keyPart + valuePart;
1044
+ }
1045
+ // Match: Content-Disposition header with field name, then capture value until next boundary or end
1046
+ const fieldRegex = /Content-Disposition:\s*form-data;\s*name="([^"]+)"\r?\n\r?\n([\s\S]*?)(?=\r?\n------|$)/g;
1047
+ let match;
1048
+ while ((match = fieldRegex.exec(multipartBody)) !== null) {
1049
+ const fieldName = match[1];
1050
+ const fieldValue = match[2].trim();
1051
+ if (fieldName === "scopes" || fieldName === "scopes[]") {
1052
+ try {
1053
+ body["scopes"] = JSON.parse(fieldValue);
1054
+ }
1055
+ catch {
1056
+ body["scopes"] = fieldValue.includes(",")
1057
+ ? fieldValue.split(",")
1058
+ : [fieldValue];
1059
+ }
1060
+ }
1061
+ else if (fieldName === "oauth_identity" ||
1062
+ fieldName === "oauth_identity_json") {
1063
+ try {
1064
+ body["oauth_identity"] = JSON.parse(fieldValue) || null;
1065
+ }
1066
+ catch {
1067
+ body["oauth_identity"] = null;
1068
+ }
1069
+ }
1070
+ else if (fieldName === "termsAccepted") {
1071
+ body[fieldName] =
1072
+ fieldValue === "on" ||
1073
+ fieldValue === "true" ||
1074
+ fieldValue === "1" ||
1075
+ fieldValue === "yes";
1076
+ }
1077
+ else if (fieldName === "customFields") {
1078
+ try {
1079
+ body[fieldName] = JSON.parse(fieldValue);
1080
+ }
1081
+ catch {
1082
+ // Skip
1083
+ }
1084
+ }
1085
+ else {
1086
+ body[fieldName] = fieldValue;
1087
+ }
1088
+ hasValidFields = true;
1089
+ }
1090
+ }
1091
+ else {
1092
+ // Normal FormData parsing
1093
+ // Type assertion: FormData.entries() exists at runtime in Cloudflare Workers
1094
+ for (const [key, value] of formData.entries()) {
1095
+ if (value instanceof File) {
1096
+ continue;
1097
+ }
1098
+ // Extract field name from malformed keys (when FormData is passed with wrong Content-Type)
1099
+ let fieldName = key;
1100
+ if (key.includes("Content-Disposition") && key.includes('name="')) {
1101
+ // Extract field name from Content-Disposition header
1102
+ const nameMatch = key.match(/name="([^"]+)"/);
1103
+ if (nameMatch && nameMatch[1]) {
1104
+ fieldName = nameMatch[1];
1105
+ }
1106
+ else {
1107
+ // Skip if we can't extract a valid field name
1108
+ continue;
1109
+ }
1110
+ }
1111
+ else if (key.includes("------") ||
1112
+ key.includes("\r\n") ||
1113
+ key.trim() === "") {
1114
+ // Skip boundary strings and invalid keys
1115
+ continue;
1116
+ }
1117
+ hasValidFields = true;
1118
+ const stringValue = value.toString();
1119
+ if (fieldName === "scopes" || fieldName === "scopes[]") {
1120
+ try {
1121
+ body["scopes"] = JSON.parse(stringValue);
1122
+ }
1123
+ catch {
1124
+ body["scopes"] = stringValue.includes(",")
1125
+ ? stringValue.split(",")
1126
+ : [stringValue];
1127
+ }
1128
+ }
1129
+ else if (fieldName === "oauth_identity" ||
1130
+ fieldName === "oauth_identity_json") {
1131
+ try {
1132
+ body["oauth_identity"] = JSON.parse(stringValue) || null;
1133
+ }
1134
+ catch {
1135
+ body["oauth_identity"] = null;
1136
+ }
1137
+ }
1138
+ else if (fieldName === "termsAccepted") {
1139
+ body[fieldName] =
1140
+ stringValue === "on" ||
1141
+ stringValue === "true" ||
1142
+ stringValue === "1" ||
1143
+ stringValue === "yes";
1144
+ }
1145
+ else if (fieldName === "customFields") {
1146
+ try {
1147
+ body[fieldName] = JSON.parse(stringValue);
1148
+ }
1149
+ catch {
1150
+ // Skip
1151
+ }
1152
+ }
1153
+ else {
1154
+ body[fieldName] = stringValue;
1155
+ }
1156
+ }
1157
+ }
1158
+ if (hasValidFields && Object.keys(body).length > 0) {
1159
+ if (!("termsAccepted" in body)) {
1160
+ body.termsAccepted = true;
1161
+ }
1162
+ // Default scopes to empty array if not provided
1163
+ if (!("scopes" in body)) {
1164
+ body.scopes = [];
1165
+ }
1166
+ return body;
1167
+ }
1168
+ }
1169
+ catch (formDataError) {
1170
+ console.warn("[ConsentService] FormData parsing failed:", formDataError);
1171
+ // Fall through to JSON parsing
1172
+ }
1173
+ }
1174
+ // Default to JSON parsing
1175
+ try {
1176
+ return await request.json();
1177
+ }
1178
+ catch (error) {
1179
+ // If JSON parsing fails and content-type suggests form data, try FormData parsing as fallback
1180
+ // Special handling for text/plain with FormData body - try text parsing first
1181
+ if (contentType === "text/plain") {
1182
+ try {
1183
+ const textRequest = request.clone();
1184
+ const text = await textRequest.text();
1185
+ if (text && text.length > 0) {
1186
+ // Try URL-encoded parsing first
1187
+ try {
1188
+ const params = new URLSearchParams(text);
1189
+ const body = parseFormFields(params.entries());
1190
+ if (Object.keys(body).length > 0) {
1191
+ return body;
1192
+ }
1193
+ }
1194
+ catch {
1195
+ // URL-encoded parsing failed, try multipart format
1196
+ }
1197
+ // Try multipart format parsing (FormData serializes to multipart)
1198
+ const fieldRegex = /Content-Disposition:\s*form-data;\s*name="([^"]+)"\r?\n\r?\n([\s\S]*?)(?=\r?\n------|$)/g;
1199
+ const body = {};
1200
+ let match;
1201
+ let hasValidFields = false;
1202
+ while ((match = fieldRegex.exec(text)) !== null) {
1203
+ const fieldName = match[1];
1204
+ const fieldValue = match[2].trim();
1205
+ if (fieldName === "scopes" || fieldName === "scopes[]") {
1206
+ try {
1207
+ body["scopes"] = JSON.parse(fieldValue);
1208
+ }
1209
+ catch {
1210
+ body["scopes"] = fieldValue.includes(",")
1211
+ ? fieldValue.split(",")
1212
+ : [fieldValue];
1213
+ }
1214
+ }
1215
+ else if (fieldName === "oauth_identity" ||
1216
+ fieldName === "oauth_identity_json") {
1217
+ try {
1218
+ body["oauth_identity"] = JSON.parse(fieldValue) || null;
1219
+ }
1220
+ catch {
1221
+ body["oauth_identity"] = null;
1222
+ }
1223
+ }
1224
+ else if (fieldName === "termsAccepted") {
1225
+ body[fieldName] =
1226
+ fieldValue === "on" ||
1227
+ fieldValue === "true" ||
1228
+ fieldValue === "1" ||
1229
+ fieldValue === "yes";
1230
+ }
1231
+ else if (fieldName === "customFields") {
1232
+ try {
1233
+ body[fieldName] = JSON.parse(fieldValue);
1234
+ }
1235
+ catch {
1236
+ // Skip
1237
+ }
1238
+ }
1239
+ else {
1240
+ body[fieldName] = fieldValue;
1241
+ }
1242
+ hasValidFields = true;
1243
+ }
1244
+ if (hasValidFields && Object.keys(body).length > 0) {
1245
+ if (!("termsAccepted" in body)) {
1246
+ body.termsAccepted = true;
1247
+ }
1248
+ // Default scopes to empty array if not provided
1249
+ if (!("scopes" in body)) {
1250
+ body.scopes = [];
1251
+ }
1252
+ return body;
1253
+ }
1254
+ }
1255
+ }
1256
+ catch {
1257
+ // Text parsing failed, fall through to FormData parsing
1258
+ }
1259
+ }
1260
+ if (!contentType.includes("application/json") &&
1261
+ (contentType.includes("form") ||
1262
+ contentType === "" ||
1263
+ contentType.includes("text"))) {
1264
+ try {
1265
+ // Clone request ONCE before trying any parsing, so we can reuse it if FormData parsing fails
1266
+ const fallbackRequest = request.clone();
1267
+ // Try FormData parsing as fallback (even if Content-Type doesn't match)
1268
+ let formData;
1269
+ try {
1270
+ formData = await fallbackRequest.formData();
1271
+ }
1272
+ catch (formDataParseError) {
1273
+ // If FormData parsing fails, try reading as text and parsing manually
1274
+ // This handles cases where Content-Type doesn't match (e.g., text/plain with FormData body)
1275
+ try {
1276
+ // Use a fresh clone for text parsing (body might be consumed by failed FormData attempt)
1277
+ const textRequest = request.clone();
1278
+ const text = await textRequest.text();
1279
+ if (text && text.length > 0) {
1280
+ // First try URL-encoded parsing (simpler format)
1281
+ try {
1282
+ const params = new URLSearchParams(text);
1283
+ const body = parseFormFields(params.entries());
1284
+ if (Object.keys(body).length > 0) {
1285
+ return body;
1286
+ }
1287
+ }
1288
+ catch {
1289
+ // URL-encoded parsing failed, try multipart format
1290
+ }
1291
+ // Try to manually parse multipart format from text
1292
+ const fieldRegex = /Content-Disposition:\s*form-data;\s*name="([^"]+)"\r?\n\r?\n([\s\S]*?)(?=\r?\n------|$)/g;
1293
+ const body = {};
1294
+ let match;
1295
+ let hasValidFields = false;
1296
+ while ((match = fieldRegex.exec(text)) !== null) {
1297
+ const fieldName = match[1];
1298
+ const fieldValue = match[2].trim();
1299
+ if (fieldName === "scopes" || fieldName === "scopes[]") {
1300
+ try {
1301
+ body["scopes"] = JSON.parse(fieldValue);
1302
+ }
1303
+ catch {
1304
+ body["scopes"] = fieldValue.includes(",")
1305
+ ? fieldValue.split(",")
1306
+ : [fieldValue];
1307
+ }
1308
+ }
1309
+ else if (fieldName === "oauth_identity" ||
1310
+ fieldName === "oauth_identity_json") {
1311
+ try {
1312
+ body["oauth_identity"] = JSON.parse(fieldValue) || null;
1313
+ }
1314
+ catch {
1315
+ body["oauth_identity"] = null;
1316
+ }
1317
+ }
1318
+ else if (fieldName === "termsAccepted") {
1319
+ body[fieldName] =
1320
+ fieldValue === "on" ||
1321
+ fieldValue === "true" ||
1322
+ fieldValue === "1" ||
1323
+ fieldValue === "yes";
1324
+ }
1325
+ else if (fieldName === "customFields") {
1326
+ try {
1327
+ body[fieldName] = JSON.parse(fieldValue);
1328
+ }
1329
+ catch {
1330
+ // Skip
1331
+ }
1332
+ }
1333
+ else {
1334
+ body[fieldName] = fieldValue;
1335
+ }
1336
+ hasValidFields = true;
1337
+ }
1338
+ if (hasValidFields && Object.keys(body).length > 0) {
1339
+ if (!("termsAccepted" in body)) {
1340
+ body.termsAccepted = true;
1341
+ }
1342
+ // Default scopes to empty array if not provided
1343
+ if (!("scopes" in body)) {
1344
+ body.scopes = [];
1345
+ }
1346
+ return body;
1347
+ }
1348
+ }
1349
+ }
1350
+ catch {
1351
+ // If text parsing also fails, rethrow original FormData error
1352
+ }
1353
+ throw formDataParseError;
1354
+ }
1355
+ // Check if FormData has valid entries (might be empty if Content-Type mismatch)
1356
+ const entriesArray = Array.from(formData.entries());
1357
+ if (entriesArray.length === 0) {
1358
+ // FormData parsing succeeded but returned no entries - try text parsing
1359
+ // This handles cases where Content-Type doesn't match (e.g., text/plain with FormData body)
1360
+ try {
1361
+ const textRequest = request.clone();
1362
+ const text = await textRequest.text();
1363
+ if (text && text.length > 0) {
1364
+ // Try URL-encoded parsing first
1365
+ try {
1366
+ const params = new URLSearchParams(text);
1367
+ const body = parseFormFields(params.entries());
1368
+ if (Object.keys(body).length > 0) {
1369
+ return body;
1370
+ }
1371
+ }
1372
+ catch {
1373
+ // URL-encoded parsing failed, try multipart format
1374
+ }
1375
+ // Try multipart format parsing
1376
+ const fieldRegex = /Content-Disposition:\s*form-data;\s*name="([^"]+)"\r?\n\r?\n([\s\S]*?)(?=\r?\n------|$)/g;
1377
+ const body = {};
1378
+ let match;
1379
+ let hasValidFields = false;
1380
+ while ((match = fieldRegex.exec(text)) !== null) {
1381
+ const fieldName = match[1];
1382
+ const fieldValue = match[2].trim();
1383
+ if (fieldName === "scopes" || fieldName === "scopes[]") {
1384
+ try {
1385
+ body["scopes"] = JSON.parse(fieldValue);
1386
+ }
1387
+ catch {
1388
+ body["scopes"] = fieldValue.includes(",")
1389
+ ? fieldValue.split(",")
1390
+ : [fieldValue];
1391
+ }
1392
+ }
1393
+ else if (fieldName === "oauth_identity" ||
1394
+ fieldName === "oauth_identity_json") {
1395
+ try {
1396
+ body["oauth_identity"] = JSON.parse(fieldValue) || null;
1397
+ }
1398
+ catch {
1399
+ body["oauth_identity"] = null;
1400
+ }
1401
+ }
1402
+ else if (fieldName === "termsAccepted") {
1403
+ body[fieldName] =
1404
+ fieldValue === "on" ||
1405
+ fieldValue === "true" ||
1406
+ fieldValue === "1" ||
1407
+ fieldValue === "yes";
1408
+ }
1409
+ else if (fieldName === "customFields") {
1410
+ try {
1411
+ body[fieldName] = JSON.parse(fieldValue);
1412
+ }
1413
+ catch {
1414
+ // Skip
1415
+ }
1416
+ }
1417
+ else {
1418
+ body[fieldName] = fieldValue;
1419
+ }
1420
+ hasValidFields = true;
1421
+ }
1422
+ if (hasValidFields && Object.keys(body).length > 0) {
1423
+ if (!("termsAccepted" in body)) {
1424
+ body.termsAccepted = true;
1425
+ }
1426
+ // Default scopes to empty array if not provided
1427
+ if (!("scopes" in body)) {
1428
+ body.scopes = [];
1429
+ }
1430
+ return body;
1431
+ }
1432
+ }
1433
+ // If text parsing failed or found no valid fields, throw error to trigger fallback
1434
+ throw new Error("FormData parsing returned empty entries and text parsing found no valid fields");
1435
+ }
1436
+ catch (textParseError) {
1437
+ // Text parsing failed or found no valid fields - throw error to trigger JSON fallback
1438
+ // This ensures we don't continue with empty FormData entries
1439
+ throw new Error(`Failed to parse FormData: ${textParseError instanceof Error ? textParseError.message : "Unknown error"}`);
1440
+ }
1441
+ }
1442
+ const body = {};
1443
+ // Type assertion: FormData.entries() exists at runtime in Cloudflare Workers
1444
+ let hasValidEntries = false;
1445
+ for (const [key, value] of formData.entries()) {
1446
+ if (value instanceof File)
1447
+ continue;
1448
+ // Extract field name from malformed keys
1449
+ let fieldName = key;
1450
+ if (key.includes("Content-Disposition") && key.includes('name="')) {
1451
+ const nameMatch = key.match(/name="([^"]+)"/);
1452
+ if (nameMatch && nameMatch[1]) {
1453
+ fieldName = nameMatch[1];
1454
+ }
1455
+ else {
1456
+ continue;
1457
+ }
1458
+ }
1459
+ else if (key.includes("------") ||
1460
+ key.includes("\r\n") ||
1461
+ key.trim() === "" ||
1462
+ key.includes("formdata-undici")) {
1463
+ // Malformed key - likely from text/plain Content-Type mismatch
1464
+ // Skip this entry and fall back to text parsing
1465
+ continue;
1466
+ }
1467
+ // If we have a valid field name, mark as having valid entries
1468
+ if (fieldName && fieldName !== key) {
1469
+ hasValidEntries = true;
1470
+ }
1471
+ else if (fieldName &&
1472
+ !key.includes("Content-Disposition") &&
1473
+ !key.includes("------") &&
1474
+ !key.includes("\r\n")) {
1475
+ hasValidEntries = true;
1476
+ }
1477
+ // Process the field value
1478
+ const stringValue = value.toString();
1479
+ if (fieldName === "scopes" || fieldName === "scopes[]") {
1480
+ try {
1481
+ body["scopes"] = JSON.parse(stringValue);
1482
+ }
1483
+ catch {
1484
+ body["scopes"] = stringValue.includes(",")
1485
+ ? stringValue.split(",")
1486
+ : [stringValue];
1487
+ }
1488
+ }
1489
+ else if (fieldName === "oauth_identity" ||
1490
+ fieldName === "oauth_identity_json") {
1491
+ try {
1492
+ body["oauth_identity"] = JSON.parse(stringValue) || null;
1493
+ }
1494
+ catch {
1495
+ body["oauth_identity"] = null;
1496
+ }
1497
+ }
1498
+ else if (fieldName === "termsAccepted") {
1499
+ body[fieldName] =
1500
+ stringValue === "on" ||
1501
+ stringValue === "true" ||
1502
+ stringValue === "1" ||
1503
+ stringValue === "yes";
1504
+ }
1505
+ else if (fieldName === "customFields") {
1506
+ try {
1507
+ body[fieldName] = JSON.parse(stringValue);
1508
+ }
1509
+ catch {
1510
+ // Skip
1511
+ }
1512
+ }
1513
+ else {
1514
+ body[fieldName] = stringValue;
1515
+ }
1516
+ }
1517
+ // If we didn't get any valid entries (all keys were malformed), try text parsing
1518
+ if (!hasValidEntries || Object.keys(body).length === 0) {
1519
+ // Try text parsing as fallback when FormData parsing returns no valid entries
1520
+ try {
1521
+ const textRequest = request.clone();
1522
+ const text = await textRequest.text();
1523
+ if (text && text.length > 0) {
1524
+ // Try multipart format parsing from text
1525
+ const fieldRegex = /Content-Disposition:\s*form-data;\s*name="([^"]+)"\r?\n\r?\n([\s\S]*?)(?=\r?\n------|$)/g;
1526
+ const textBody = {};
1527
+ let match;
1528
+ let hasValidFields = false;
1529
+ while ((match = fieldRegex.exec(text)) !== null) {
1530
+ const fieldName = match[1];
1531
+ const fieldValue = match[2].trim();
1532
+ if (fieldName === "scopes" || fieldName === "scopes[]") {
1533
+ try {
1534
+ textBody["scopes"] = JSON.parse(fieldValue);
1535
+ }
1536
+ catch {
1537
+ textBody["scopes"] = fieldValue.includes(",")
1538
+ ? fieldValue.split(",")
1539
+ : [fieldValue];
1540
+ }
1541
+ }
1542
+ else if (fieldName === "oauth_identity" ||
1543
+ fieldName === "oauth_identity_json") {
1544
+ try {
1545
+ textBody["oauth_identity"] =
1546
+ JSON.parse(fieldValue) || null;
1547
+ }
1548
+ catch {
1549
+ textBody["oauth_identity"] = null;
1550
+ }
1551
+ }
1552
+ else if (fieldName === "termsAccepted") {
1553
+ textBody[fieldName] =
1554
+ fieldValue === "on" ||
1555
+ fieldValue === "true" ||
1556
+ fieldValue === "1" ||
1557
+ fieldValue === "yes";
1558
+ }
1559
+ else if (fieldName === "customFields") {
1560
+ try {
1561
+ textBody[fieldName] = JSON.parse(fieldValue);
1562
+ }
1563
+ catch {
1564
+ // Skip
1565
+ }
1566
+ }
1567
+ else {
1568
+ textBody[fieldName] = fieldValue;
1569
+ }
1570
+ hasValidFields = true;
1571
+ }
1572
+ if (hasValidFields && Object.keys(textBody).length > 0) {
1573
+ if (!("termsAccepted" in textBody)) {
1574
+ textBody.termsAccepted = true;
1575
+ }
1576
+ if (!("scopes" in textBody)) {
1577
+ textBody.scopes = [];
1578
+ }
1579
+ return textBody;
1580
+ }
1581
+ }
1582
+ }
1583
+ catch {
1584
+ // Text parsing also failed, fall through to throw error
1585
+ }
1586
+ throw new Error("FormData parsing returned only malformed entries - falling back to text parsing");
1587
+ }
1588
+ if (!("termsAccepted" in body)) {
1589
+ body.termsAccepted = true;
1590
+ }
1591
+ // Default scopes to empty array if not provided
1592
+ if (!("scopes" in body)) {
1593
+ body.scopes = [];
1594
+ }
1595
+ return body;
1596
+ }
1597
+ catch (formError) {
1598
+ // FormData parsing failed - if it was due to malformed entries, try text parsing
1599
+ const errorMessage = formError instanceof Error ? formError.message : String(formError);
1600
+ if (errorMessage.includes("malformed entries") ||
1601
+ errorMessage.includes("empty entries") ||
1602
+ errorMessage.includes("falling back to text parsing")) {
1603
+ // Try text parsing as last resort
1604
+ try {
1605
+ const textRequest = request.clone();
1606
+ const text = await textRequest.text();
1607
+ if (text && text.length > 0) {
1608
+ // Try multipart format parsing
1609
+ const fieldRegex = /Content-Disposition:\s*form-data;\s*name="([^"]+)"\r?\n\r?\n([\s\S]*?)(?=\r?\n------|$)/g;
1610
+ const body = {};
1611
+ let match;
1612
+ let hasValidFields = false;
1613
+ while ((match = fieldRegex.exec(text)) !== null) {
1614
+ const fieldName = match[1];
1615
+ const fieldValue = match[2].trim();
1616
+ if (fieldName === "scopes" || fieldName === "scopes[]") {
1617
+ try {
1618
+ body["scopes"] = JSON.parse(fieldValue);
1619
+ }
1620
+ catch {
1621
+ body["scopes"] = fieldValue.includes(",")
1622
+ ? fieldValue.split(",")
1623
+ : [fieldValue];
1624
+ }
1625
+ }
1626
+ else if (fieldName === "oauth_identity" ||
1627
+ fieldName === "oauth_identity_json") {
1628
+ try {
1629
+ body["oauth_identity"] = JSON.parse(fieldValue) || null;
1630
+ }
1631
+ catch {
1632
+ body["oauth_identity"] = null;
1633
+ }
1634
+ }
1635
+ else if (fieldName === "termsAccepted") {
1636
+ body[fieldName] =
1637
+ fieldValue === "on" ||
1638
+ fieldValue === "true" ||
1639
+ fieldValue === "1" ||
1640
+ fieldValue === "yes";
1641
+ }
1642
+ else if (fieldName === "customFields") {
1643
+ try {
1644
+ body[fieldName] = JSON.parse(fieldValue);
1645
+ }
1646
+ catch {
1647
+ // Skip
1648
+ }
1649
+ }
1650
+ else {
1651
+ body[fieldName] = fieldValue;
1652
+ }
1653
+ hasValidFields = true;
1654
+ }
1655
+ if (hasValidFields && Object.keys(body).length > 0) {
1656
+ if (!("termsAccepted" in body)) {
1657
+ body.termsAccepted = true;
1658
+ }
1659
+ // Default scopes to empty array if not provided
1660
+ if (!("scopes" in body)) {
1661
+ body.scopes = [];
1662
+ }
1663
+ return body;
1664
+ }
1665
+ }
1666
+ }
1667
+ catch {
1668
+ // Text parsing also failed
1669
+ }
1670
+ }
1671
+ // Both failed, throw original error
1672
+ }
1673
+ }
1674
+ throw new Error(`Failed to parse request body: ${error instanceof Error ? error.message : "Unknown error"}`);
1675
+ }
1676
+ }
442
1677
  /**
443
1678
  * Handle consent approval
444
1679
  *
@@ -449,11 +1684,33 @@ export class ConsentService {
449
1684
  * @returns JSON response
450
1685
  */
451
1686
  async handleApproval(request) {
1687
+ console.log("[ConsentService] Approval request received");
452
1688
  try {
453
- // Parse and validate request body
454
- const body = await request.json();
1689
+ // Parse and validate request body (supports both JSON and FormData)
1690
+ const body = await this.parseRequestBody(request);
1691
+ console.log("[ConsentService] Request body parsed:", {
1692
+ hasBody: !!body,
1693
+ bodyKeys: Object.keys(body || {}),
1694
+ hasOAuthIdentity: !!body?.oauth_identity,
1695
+ });
1696
+ // Convert null oauth_identity to undefined for proper schema validation
1697
+ // Zod's .nullish() should handle null, but converting to undefined is more explicit
1698
+ // and avoids potential edge cases with FormData parsing
1699
+ if (body &&
1700
+ typeof body === "object" &&
1701
+ body !== null &&
1702
+ "oauth_identity" in body) {
1703
+ const bodyObj = body;
1704
+ if (bodyObj.oauth_identity === null) {
1705
+ bodyObj.oauth_identity = undefined;
1706
+ }
1707
+ }
455
1708
  const validation = validateConsentApprovalRequest(body);
456
1709
  if (!validation.success) {
1710
+ console.error("[ConsentService] Approval request validation failed:", {
1711
+ errors: validation.error.errors,
1712
+ receivedBody: body,
1713
+ });
457
1714
  return new Response(JSON.stringify({
458
1715
  success: false,
459
1716
  error: "Invalid request",
@@ -465,6 +1722,13 @@ export class ConsentService {
465
1722
  });
466
1723
  }
467
1724
  const approvalRequest = validation.data;
1725
+ console.log("[ConsentService] Approval request validated:", {
1726
+ agentDid: approvalRequest.agent_did?.substring(0, 20) + "...",
1727
+ sessionId: approvalRequest.session_id?.substring(0, 20) + "...",
1728
+ scopes: approvalRequest.scopes,
1729
+ hasOAuthIdentity: !!approvalRequest.oauth_identity,
1730
+ oauthProvider: approvalRequest.oauth_identity?.provider,
1731
+ });
468
1732
  // Validate terms acceptance if required
469
1733
  const consentConfig = await this.configService.getConsentConfig(approvalRequest.project_id);
470
1734
  if (consentConfig.terms?.required && !approvalRequest.termsAccepted) {
@@ -477,9 +1741,40 @@ export class ConsentService {
477
1741
  headers: { "Content-Type": "application/json" },
478
1742
  });
479
1743
  }
1744
+ // ✅ Extract projectId from approval request
1745
+ const projectId = approvalRequest.project_id;
1746
+ // ✅ Lazy initialization with projectId
1747
+ const auditService = await this.getAuditService(projectId);
1748
+ // Check if user needs credentials before delegation
1749
+ const needsCredentials = !approvalRequest.user_did && !approvalRequest.oauth_identity;
1750
+ if (needsCredentials && auditService) {
1751
+ await auditService
1752
+ .logCredentialRequired({
1753
+ sessionId: approvalRequest.session_id,
1754
+ agentDid: approvalRequest.agent_did,
1755
+ targetTools: [approvalRequest.tool], // Array
1756
+ scopes: approvalRequest.scopes,
1757
+ projectId,
1758
+ oauthProvider: approvalRequest.oauth_identity?.provider,
1759
+ })
1760
+ .catch((err) => {
1761
+ console.error("[ConsentService] Failed to log credential required", {
1762
+ eventType: "consent:credential_required",
1763
+ sessionId: approvalRequest.session_id,
1764
+ error: err instanceof Error ? err.message : String(err),
1765
+ });
1766
+ });
1767
+ // Note: We don't redirect here - the consent flow continues
1768
+ // The credential_required event is just for audit tracking
1769
+ }
480
1770
  // Create delegation via AgentShield API
1771
+ console.log("[ConsentService] Creating delegation...");
481
1772
  const delegationResult = await this.createDelegation(approvalRequest);
482
1773
  if (!delegationResult.success) {
1774
+ console.error("[ConsentService] Delegation creation failed:", {
1775
+ error: delegationResult.error,
1776
+ error_code: delegationResult.error_code,
1777
+ });
483
1778
  return new Response(JSON.stringify({
484
1779
  success: false,
485
1780
  error: delegationResult.error || "Failed to create delegation",
@@ -489,8 +1784,60 @@ export class ConsentService {
489
1784
  headers: { "Content-Type": "application/json" },
490
1785
  });
491
1786
  }
1787
+ console.log("[ConsentService] ✅ Delegation created successfully:", {
1788
+ delegationId: delegationResult.delegation_id?.substring(0, 20) + "...",
1789
+ });
492
1790
  // Store delegation token in KV
493
1791
  await this.storeDelegationToken(approvalRequest.session_id, approvalRequest.agent_did, delegationResult.delegation_token, delegationResult.delegation_id);
1792
+ // ✅ After successful delegation creation - log audit events
1793
+ if (auditService && delegationResult.success) {
1794
+ try {
1795
+ // Get userDid (may have been generated during delegation creation)
1796
+ // getUserDidForSession can work without DELEGATION_STORAGE (uses in-memory UserDidManager)
1797
+ let userDid;
1798
+ if (approvalRequest.session_id) {
1799
+ try {
1800
+ userDid = await this.getUserDidForSession(approvalRequest.session_id, approvalRequest.oauth_identity || undefined);
1801
+ }
1802
+ catch (error) {
1803
+ console.warn("[ConsentService] Failed to get userDid for audit logging:", error);
1804
+ // Continue without userDid - audit events can still be logged
1805
+ }
1806
+ }
1807
+ await auditService.logConsentApproval({
1808
+ sessionId: approvalRequest.session_id,
1809
+ userDid,
1810
+ agentDid: approvalRequest.agent_did,
1811
+ targetTools: [approvalRequest.tool], // Array
1812
+ scopes: approvalRequest.scopes,
1813
+ delegationId: delegationResult.delegation_id,
1814
+ projectId,
1815
+ termsAccepted: approvalRequest.termsAccepted || false,
1816
+ oauthIdentity: approvalRequest.oauth_identity
1817
+ ? {
1818
+ provider: approvalRequest.oauth_identity.provider,
1819
+ identifier: approvalRequest.oauth_identity.subject,
1820
+ }
1821
+ : undefined,
1822
+ });
1823
+ await auditService.logDelegationCreated({
1824
+ sessionId: approvalRequest.session_id,
1825
+ delegationId: delegationResult.delegation_id,
1826
+ agentDid: approvalRequest.agent_did,
1827
+ userDid,
1828
+ targetTools: [approvalRequest.tool], // Array
1829
+ scopes: approvalRequest.scopes,
1830
+ projectId,
1831
+ });
1832
+ }
1833
+ catch (error) {
1834
+ console.error("[ConsentService] Audit failed but continuing", {
1835
+ sessionId: approvalRequest.session_id,
1836
+ error: error instanceof Error ? error.message : String(error),
1837
+ eventTypes: ["consent:approved", "consent:delegation_created"],
1838
+ });
1839
+ }
1840
+ }
494
1841
  // Return success response
495
1842
  const response = {
496
1843
  success: true,
@@ -537,17 +1884,36 @@ export class ConsentService {
537
1884
  const fieldName = await getDelegationFieldName(this.env.DELEGATION_STORAGE);
538
1885
  // Get userDID from session or generate new ephemeral DID
539
1886
  // Phase 4 PR #3: Use OAuth identity if provided in approval request
1887
+ // CRITICAL: Must work with or without OAuth identity
1888
+ // CRITICAL: Always generate ephemeral DID if session_id is available, even without DELEGATION_STORAGE
540
1889
  let userDid;
541
- if (this.env.DELEGATION_STORAGE && request.session_id) {
1890
+ if (request.session_id) {
542
1891
  try {
543
- // Pass OAuth identity if available in approval request
544
- userDid = await this.getUserDidForSession(request.session_id, request.oauth_identity);
1892
+ console.log("[ConsentService] Getting User DID for session:", {
1893
+ sessionId: request.session_id.substring(0, 20) + "...",
1894
+ hasOAuthIdentity: !!request.oauth_identity,
1895
+ oauthProvider: request.oauth_identity?.provider,
1896
+ hasStorage: !!this.env.DELEGATION_STORAGE,
1897
+ });
1898
+ // Pass OAuth identity if available in approval request (can be null/undefined)
1899
+ // getUserDidForSession can work without DELEGATION_STORAGE (uses in-memory UserDidManager)
1900
+ userDid = await this.getUserDidForSession(request.session_id, request.oauth_identity || undefined // Explicitly handle null as undefined
1901
+ );
1902
+ console.log("[ConsentService] User DID retrieved:", {
1903
+ userDid: userDid?.substring(0, 20) + "...",
1904
+ hasUserDid: !!userDid,
1905
+ });
545
1906
  }
546
1907
  catch (error) {
547
- console.warn("[ConsentService] Failed to get/generate userDid:", error);
548
- // Continue without userDid - delegation will use ephemeral placeholder
1908
+ console.error("[ConsentService] Failed to get/generate userDid:", error);
1909
+ // Continue without userDid - delegation will work without user_identifier
1910
+ // This is valid for non-OAuth scenarios, but we should log this as a warning
1911
+ console.warn("[ConsentService] Delegation will be created without user_identifier - this may affect user tracking");
549
1912
  }
550
1913
  }
1914
+ else {
1915
+ console.log("[ConsentService] No session_id provided - skipping User DID generation");
1916
+ }
551
1917
  const expiresInDays = 7; // Default to 7 days
552
1918
  // Build delegation request with error-based format detection
553
1919
  // Try full format first, fallback to simplified format on error
@@ -799,13 +2165,15 @@ export class ConsentService {
799
2165
  */
800
2166
  async buildFullFormatRequest(request, userDid, expiresInDays) {
801
2167
  const notAfter = Date.now() + expiresInDays * 24 * 60 * 60 * 1000;
2168
+ // Defensive check: ensure scopes is always defined (should be guaranteed by validation)
2169
+ const scopes = request.scopes ?? [];
802
2170
  return {
803
2171
  delegation: {
804
2172
  id: crypto.randomUUID(),
805
2173
  issuerDid: userDid || "did:key:z6MkEphemeral", // Use ephemeral if no userDid
806
2174
  subjectDid: request.agent_did,
807
2175
  constraints: {
808
- scopes: request.scopes,
2176
+ scopes,
809
2177
  notAfter,
810
2178
  notBefore: Date.now(),
811
2179
  },
@@ -840,18 +2208,28 @@ export class ConsentService {
840
2208
  */
841
2209
  buildSimplifiedFormatRequest(request, userDid, expiresInDays, fieldName) {
842
2210
  // Build request with ONLY fields that are in AgentShield's schema
2211
+ // Defensive check: ensure scopes is always defined (should be guaranteed by validation)
2212
+ const scopes = request.scopes ?? [];
843
2213
  const simplifiedRequest = {
844
2214
  agent_did: request.agent_did,
845
- scopes: request.scopes,
2215
+ scopes,
846
2216
  expires_in_days: expiresInDays,
847
2217
  };
848
2218
  // Include user_identifier if we have userDid (matches AgentShield schema)
2219
+ // CRITICAL: user_identifier is optional - delegation works without it
849
2220
  if (userDid) {
850
2221
  simplifiedRequest.user_identifier = userDid;
2222
+ console.log("[ConsentService] Including user_identifier in delegation request:", {
2223
+ userDid: userDid.substring(0, 20) + "...",
2224
+ });
2225
+ }
2226
+ else {
2227
+ console.log("[ConsentService] No user_identifier (no OAuth or ephemeral DID) - delegation will proceed without it");
851
2228
  }
852
2229
  // AgentShield API only accepts "custom_fields", not "metadata"
853
- // Always use "custom_fields" regardless of Day0 config
2230
+ // Always use "custom_fields" regardless of Day0 config
854
2231
  if (userDid) {
2232
+ // Include issuer_did and subject_did in custom_fields when we have userDid
855
2233
  simplifiedRequest.custom_fields = {
856
2234
  issuer_did: userDid,
857
2235
  subject_did: request.agent_did,
@@ -865,6 +2243,7 @@ export class ConsentService {
865
2243
  // Include custom_fields from request even if no userDid
866
2244
  simplifiedRequest.custom_fields = request.customFields;
867
2245
  }
2246
+ // If no userDid and no customFields, custom_fields is omitted (valid)
868
2247
  // EXPLICIT SAFEGUARD: Remove session_id and project_id if they somehow got added
869
2248
  // This should never happen, but provides defense-in-depth
870
2249
  delete simplifiedRequest.session_id;
@@ -907,11 +2286,11 @@ export class ConsentService {
907
2286
  // FINAL SAFEGUARD: Remove session_id and project_id if they somehow got added
908
2287
  // This provides defense-in-depth protection
909
2288
  const sanitizedBody = { ...requestBody };
910
- if ('session_id' in sanitizedBody) {
2289
+ if ("session_id" in sanitizedBody) {
911
2290
  console.warn("[ConsentService] ⚠️ session_id detected in request body - removing (not in schema)");
912
2291
  delete sanitizedBody.session_id;
913
2292
  }
914
- if ('project_id' in sanitizedBody) {
2293
+ if ("project_id" in sanitizedBody) {
915
2294
  console.warn("[ConsentService] ⚠️ project_id detected in request body - removing (not in schema)");
916
2295
  delete sanitizedBody.project_id;
917
2296
  }
@@ -934,13 +2313,15 @@ export class ConsentService {
934
2313
  }
935
2314
  // Check for validation error specifically
936
2315
  if (response.status === 400) {
937
- const errorMessage = responseData
938
- ?.error?.message ||
939
- responseData?.message ||
940
- "Validation failed";
941
- if (errorMessage.includes("format") ||
2316
+ const errorData = responseData;
2317
+ const errorMessage = errorData.error?.message || errorData.message || "Validation failed";
2318
+ const errorCode = errorData.error_code || errorData.error?.code;
2319
+ // Check if error_code is explicitly set to "validation_error" OR error message suggests validation error
2320
+ if (errorCode === "validation_error" ||
2321
+ errorMessage.includes("format") ||
942
2322
  errorMessage.includes("schema") ||
943
- errorMessage.includes("invalid")) {
2323
+ errorMessage.includes("invalid") ||
2324
+ errorMessage.includes("Validation")) {
944
2325
  return {
945
2326
  success: false,
946
2327
  error: errorMessage,