@kya-os/mcp-i-cloudflare 1.5.8-canary.6 → 1.5.8-canary.60

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (93) hide show
  1. package/README.md +130 -0
  2. package/dist/__tests__/e2e/test-config.d.ts +37 -0
  3. package/dist/__tests__/e2e/test-config.d.ts.map +1 -0
  4. package/dist/__tests__/e2e/test-config.js +62 -0
  5. package/dist/__tests__/e2e/test-config.js.map +1 -0
  6. package/dist/adapter.d.ts +44 -0
  7. package/dist/adapter.d.ts.map +1 -1
  8. package/dist/adapter.js +677 -88
  9. package/dist/adapter.js.map +1 -1
  10. package/dist/agent.d.ts +69 -25
  11. package/dist/agent.d.ts.map +1 -1
  12. package/dist/agent.js +438 -39
  13. package/dist/agent.js.map +1 -1
  14. package/dist/app.d.ts +0 -8
  15. package/dist/app.d.ts.map +1 -1
  16. package/dist/app.js +208 -55
  17. package/dist/app.js.map +1 -1
  18. package/dist/cache/kv-oauth-config-cache.d.ts +47 -0
  19. package/dist/cache/kv-oauth-config-cache.d.ts.map +1 -0
  20. package/dist/cache/kv-oauth-config-cache.js +82 -0
  21. package/dist/cache/kv-oauth-config-cache.js.map +1 -0
  22. package/dist/config.d.ts.map +1 -1
  23. package/dist/config.js +33 -4
  24. package/dist/config.js.map +1 -1
  25. package/dist/helpers/env-mapper.d.ts +60 -1
  26. package/dist/helpers/env-mapper.d.ts.map +1 -1
  27. package/dist/helpers/env-mapper.js +136 -6
  28. package/dist/helpers/env-mapper.js.map +1 -1
  29. package/dist/index.d.ts +4 -2
  30. package/dist/index.d.ts.map +1 -1
  31. package/dist/index.js +8 -3
  32. package/dist/index.js.map +1 -1
  33. package/dist/runtime/audit-logger.d.ts +96 -0
  34. package/dist/runtime/audit-logger.d.ts.map +1 -0
  35. package/dist/runtime/audit-logger.js +276 -0
  36. package/dist/runtime/audit-logger.js.map +1 -0
  37. package/dist/runtime/oauth-handler.d.ts +5 -0
  38. package/dist/runtime/oauth-handler.d.ts.map +1 -1
  39. package/dist/runtime/oauth-handler.js +287 -35
  40. package/dist/runtime/oauth-handler.js.map +1 -1
  41. package/dist/runtime.d.ts +12 -1
  42. package/dist/runtime.d.ts.map +1 -1
  43. package/dist/runtime.js +34 -4
  44. package/dist/runtime.js.map +1 -1
  45. package/dist/server.d.ts +7 -0
  46. package/dist/server.d.ts.map +1 -1
  47. package/dist/server.js +55 -2
  48. package/dist/server.js.map +1 -1
  49. package/dist/services/admin.service.d.ts.map +1 -1
  50. package/dist/services/admin.service.js +27 -0
  51. package/dist/services/admin.service.js.map +1 -1
  52. package/dist/services/consent-audit.service.d.ts +91 -0
  53. package/dist/services/consent-audit.service.d.ts.map +1 -0
  54. package/dist/services/consent-audit.service.js +243 -0
  55. package/dist/services/consent-audit.service.js.map +1 -0
  56. package/dist/services/consent-config.service.d.ts +2 -2
  57. package/dist/services/consent-config.service.d.ts.map +1 -1
  58. package/dist/services/consent-config.service.js +55 -24
  59. package/dist/services/consent-config.service.js.map +1 -1
  60. package/dist/services/consent-page-renderer.d.ts +14 -0
  61. package/dist/services/consent-page-renderer.d.ts.map +1 -1
  62. package/dist/services/consent-page-renderer.js +42 -0
  63. package/dist/services/consent-page-renderer.js.map +1 -1
  64. package/dist/services/consent.service.d.ts +82 -4
  65. package/dist/services/consent.service.d.ts.map +1 -1
  66. package/dist/services/consent.service.js +1717 -34
  67. package/dist/services/consent.service.js.map +1 -1
  68. package/dist/services/delegation.service.d.ts.map +1 -1
  69. package/dist/services/delegation.service.js +67 -29
  70. package/dist/services/delegation.service.js.map +1 -1
  71. package/dist/services/idp-token-storage.d.ts +68 -0
  72. package/dist/services/idp-token-storage.d.ts.map +1 -0
  73. package/dist/services/idp-token-storage.js +157 -0
  74. package/dist/services/idp-token-storage.js.map +1 -0
  75. package/dist/services/oauth-service.d.ts +66 -0
  76. package/dist/services/oauth-service.d.ts.map +1 -0
  77. package/dist/services/oauth-service.js +223 -0
  78. package/dist/services/oauth-service.js.map +1 -0
  79. package/dist/services/proof.service.d.ts +5 -3
  80. package/dist/services/proof.service.d.ts.map +1 -1
  81. package/dist/services/proof.service.js +35 -8
  82. package/dist/services/proof.service.js.map +1 -1
  83. package/dist/services/tool-context-builder.d.ts +55 -0
  84. package/dist/services/tool-context-builder.d.ts.map +1 -0
  85. package/dist/services/tool-context-builder.js +124 -0
  86. package/dist/services/tool-context-builder.js.map +1 -0
  87. package/dist/types/tool-context.d.ts +35 -0
  88. package/dist/types/tool-context.d.ts.map +1 -0
  89. package/dist/types/tool-context.js +13 -0
  90. package/dist/types/tool-context.js.map +1 -0
  91. package/dist/types.d.ts +30 -0
  92. package/dist/types.d.ts.map +1 -1
  93. package/package.json +27 -60
package/dist/helpers/env-mapper.js CHANGED
@@ -1,11 +1,69 @@
1
1
  /**
2
2
  * Environment Mapping Helpers
3
3
  *
4
- * Utilities for mapping prefixed KV bindings to standard CloudflareEnv format
4
+ * Utilities for mapping prefixed KV bindings to standard CloudflareEnv format.
5
+ *
6
+ * These utilities ensure consistent KV binding access across all components,
7
+ * supporting both prefixed (e.g., `_17429_NONCE_CACHE`) and non-prefixed (e.g., `NONCE_CACHE`) formats.
8
+ *
9
+ * @module @kya-os/mcp-i-cloudflare/helpers/env-mapper
10
+ */
11
+ /**
12
+ * Standard KV binding names that may be prefixed
13
+ */
14
+ const KV_BINDING_NAMES = [
15
+ 'NONCE_CACHE',
16
+ 'PROOF_ARCHIVE',
17
+ 'IDENTITY_STORAGE',
18
+ 'DELEGATION_STORAGE',
19
+ 'TOOL_PROTECTION_KV',
20
+ ];
21
+ /**
22
+ * Detect environment prefix by checking for prefixed KV bindings
23
+ *
24
+ * Checks common KV binding names to determine if a prefix is being used.
25
+ * Returns the prefix (without underscore) if found, undefined otherwise.
26
+ *
27
+ * @param env - Environment object to check
28
+ * @returns Detected prefix (e.g., "_17429" → "17429") or undefined
29
+ *
30
+ * @example
31
+ * ```typescript
32
+ * const env = { _17429_NONCE_CACHE: kvNamespace };
33
+ * const prefix = detectEnvPrefix(env); // Returns "17429"
34
+ * ```
5
35
  */
36
+ export function detectEnvPrefix(env) {
37
+ if (!env || typeof env !== 'object') {
38
+ return undefined;
39
+ }
40
+ // Check each KV binding name
41
+ for (const bindingName of KV_BINDING_NAMES) {
42
+ // Check for prefixed versions (e.g., _17429_NONCE_CACHE, MYAPP_NONCE_CACHE)
43
+ for (const key in env) {
44
+ if (typeof key === 'string' && key.endsWith(`_${bindingName}`)) {
45
+ // Extract prefix (everything before _NONCE_CACHE, etc.)
46
+ const prefix = key.slice(0, -(bindingName.length + 1));
47
+ if (prefix.length > 0) {
48
+ // Return prefix as-is (including leading underscore if present)
49
+ // The mapPrefixedEnv function handles both _17429 and 17429 formats
50
+ return prefix;
51
+ }
52
+ }
53
+ }
54
+ }
55
+ return undefined;
56
+ }
6
57
  /**
7
58
  * Map prefixed KV bindings to standard CloudflareEnv format
8
59
  *
60
+ * Explicitly maps prefixed KV bindings (e.g., `MYAPP_NONCE_CACHE`) to standard names
61
+ * (e.g., `NONCE_CACHE`). Use this when you know the prefix ahead of time.
62
+ *
63
+ * @param env - Environment object with prefixed KV bindings
64
+ * @param prefix - Prefix to use (e.g., "MYAPP" or "_17429")
65
+ * @returns Normalized CloudflareEnv with standard KV binding names
66
+ *
9
67
  * @example
10
68
  * ```typescript
11
69
  * const env = {
@@ -18,13 +76,83 @@
18
76
  * ```
19
77
  */
20
78
  export function mapPrefixedEnv(env, prefix) {
79
+ // Handle prefix with or without leading underscore
80
+ // Try both formats: _PREFIX_KEY and PREFIX_KEY
21
81
  const prefixUpper = prefix.toUpperCase();
82
+ const prefixWithUnderscore = prefixUpper.startsWith('_') ? prefixUpper : `_${prefixUpper}`;
83
+ const prefixWithoutUnderscore = prefixUpper.replace(/^_+/, '');
84
+ // Helper to get KV binding, trying both prefix formats
85
+ const getKV = (bindingName) => {
86
+ return (env[`${prefixWithUnderscore}_${bindingName}`] ||
87
+ env[`${prefixWithoutUnderscore}_${bindingName}`]);
88
+ };
89
+ return {
90
+ NONCE_CACHE: getKV('NONCE_CACHE'),
91
+ PROOF_ARCHIVE: getKV('PROOF_ARCHIVE'),
92
+ IDENTITY_STORAGE: getKV('IDENTITY_STORAGE'),
93
+ DELEGATION_STORAGE: getKV('DELEGATION_STORAGE'),
94
+ TOOL_PROTECTION_KV: getKV('TOOL_PROTECTION_KV'),
95
+ MCP_IDENTITY_PRIVATE_KEY: typeof env.MCP_IDENTITY_PRIVATE_KEY === 'string' ? env.MCP_IDENTITY_PRIVATE_KEY : undefined,
96
+ MCP_IDENTITY_PUBLIC_KEY: typeof env.MCP_IDENTITY_PUBLIC_KEY === 'string' ? env.MCP_IDENTITY_PUBLIC_KEY : undefined,
97
+ MCP_IDENTITY_AGENT_DID: typeof env.MCP_IDENTITY_AGENT_DID === 'string' ? env.MCP_IDENTITY_AGENT_DID : undefined,
98
+ AGENTSHIELD_API_URL: typeof env.AGENTSHIELD_API_URL === 'string' ? env.AGENTSHIELD_API_URL : undefined,
99
+ AGENTSHIELD_API_KEY: typeof env.AGENTSHIELD_API_KEY === 'string' ? env.AGENTSHIELD_API_KEY : undefined,
100
+ AGENTSHIELD_PROJECT_ID: typeof env.AGENTSHIELD_PROJECT_ID === 'string' ? env.AGENTSHIELD_PROJECT_ID : undefined,
101
+ MCPI_ENV: typeof env.MCPI_ENV === 'string' ? env.MCPI_ENV : undefined,
102
+ MCP_SERVER_URL: typeof env.MCP_SERVER_URL === 'string' ? env.MCP_SERVER_URL : undefined,
103
+ ENVIRONMENT: typeof env.ENVIRONMENT === 'string' ? env.ENVIRONMENT : undefined,
104
+ ADMIN_API_KEY: typeof env.ADMIN_API_KEY === 'string' ? env.ADMIN_API_KEY : undefined,
105
+ _durableObjectState: env._durableObjectState,
106
+ };
107
+ }
108
+ /**
109
+ * Normalize Cloudflare environment to standard CloudflareEnv format
110
+ *
111
+ * Automatically handles both prefixed and non-prefixed KV bindings:
112
+ * - If `prefix` is provided, uses explicit prefix mapping
113
+ * - If `prefix` is not provided, attempts auto-detection
114
+ * - Falls back to direct access if no prefix detected
115
+ *
116
+ * This is the recommended function for normalizing environments before use.
117
+ * All components should use this to ensure consistent KV binding access.
118
+ *
119
+ * @param env - Environment object (may have prefixed or non-prefixed KV bindings)
120
+ * @param prefix - Optional explicit prefix (e.g., "MYAPP" or "_17429")
121
+ * @returns Normalized CloudflareEnv with standard KV binding names
122
+ *
123
+ * @example
124
+ * ```typescript
125
+ * // With explicit prefix
126
+ * const env1 = { MYAPP_NONCE_CACHE: kvNamespace };
127
+ * const normalized1 = normalizeCloudflareEnv(env1, "MYAPP");
128
+ *
129
+ * // With auto-detection
130
+ * const env2 = { _17429_NONCE_CACHE: kvNamespace };
131
+ * const normalized2 = normalizeCloudflareEnv(env2); // Auto-detects "_17429"
132
+ *
133
+ * // Without prefix (direct access)
134
+ * const env3 = { NONCE_CACHE: kvNamespace };
135
+ * const normalized3 = normalizeCloudflareEnv(env3); // Uses direct access
136
+ * ```
137
+ */
138
+ export function normalizeCloudflareEnv(env, prefix) {
139
+ // If explicit prefix provided, use it
140
+ if (prefix) {
141
+ return mapPrefixedEnv(env, prefix);
142
+ }
143
+ // Try auto-detection
144
+ const detectedPrefix = detectEnvPrefix(env);
145
+ if (detectedPrefix) {
146
+ return mapPrefixedEnv(env, detectedPrefix);
147
+ }
148
+ // Fall back to direct access (assumes standard naming)
149
+ // This handles non-prefixed environments
22
150
  return {
23
- NONCE_CACHE: env[`${prefixUpper}_NONCE_CACHE`],
24
- PROOF_ARCHIVE: env[`${prefixUpper}_PROOF_ARCHIVE`],
25
- IDENTITY_STORAGE: env[`${prefixUpper}_IDENTITY_STORAGE`],
26
- DELEGATION_STORAGE: env[`${prefixUpper}_DELEGATION_STORAGE`],
27
- TOOL_PROTECTION_KV: env[`${prefixUpper}_TOOL_PROTECTION_KV`],
151
+ NONCE_CACHE: env.NONCE_CACHE,
152
+ PROOF_ARCHIVE: env.PROOF_ARCHIVE,
153
+ IDENTITY_STORAGE: env.IDENTITY_STORAGE,
154
+ DELEGATION_STORAGE: env.DELEGATION_STORAGE,
155
+ TOOL_PROTECTION_KV: env.TOOL_PROTECTION_KV,
28
156
  MCP_IDENTITY_PRIVATE_KEY: typeof env.MCP_IDENTITY_PRIVATE_KEY === 'string' ? env.MCP_IDENTITY_PRIVATE_KEY : undefined,
29
157
  MCP_IDENTITY_PUBLIC_KEY: typeof env.MCP_IDENTITY_PUBLIC_KEY === 'string' ? env.MCP_IDENTITY_PUBLIC_KEY : undefined,
30
158
  MCP_IDENTITY_AGENT_DID: typeof env.MCP_IDENTITY_AGENT_DID === 'string' ? env.MCP_IDENTITY_AGENT_DID : undefined,
@@ -34,6 +162,8 @@ export function mapPrefixedEnv(env, prefix) {
34
162
  MCPI_ENV: typeof env.MCPI_ENV === 'string' ? env.MCPI_ENV : undefined,
35
163
  MCP_SERVER_URL: typeof env.MCP_SERVER_URL === 'string' ? env.MCP_SERVER_URL : undefined,
36
164
  ENVIRONMENT: typeof env.ENVIRONMENT === 'string' ? env.ENVIRONMENT : undefined,
165
+ ADMIN_API_KEY: typeof env.ADMIN_API_KEY === 'string' ? env.ADMIN_API_KEY : undefined,
166
+ _durableObjectState: env._durableObjectState,
37
167
  };
38
168
  }
39
169
  //# sourceMappingURL=env-mapper.js.map
package/dist/helpers/env-mapper.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"env-mapper.js","sourceRoot":"","sources":["../../src/helpers/env-mapper.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,cAAc,CAC5B,GAA0B,EAC1B,MAAc;IAEd,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IAEzC,OAAO;QACL,WAAW,EAAE,GAAG,CAAC,GAAG,WAAW,cAAc,CAAgB;QAC7D,aAAa,EAAE,GAAG,CAAC,GAAG,WAAW,gBAAgB,CAA4B;QAC7E,gBAAgB,EAAE,GAAG,CAAC,GAAG,WAAW,mBAAmB,CAA4B;QACnF,kBAAkB,EAAE,GAAG,CAAC,GAAG,WAAW,qBAAqB,CAA4B;QACvF,kBAAkB,EAAE,GAAG,CAAC,GAAG,WAAW,qBAAqB,CAA4B;QACvF,wBAAwB,EAAE,OAAO,GAAG,CAAC,wBAAwB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS;QACrH,uBAAuB,EAAE,OAAO,GAAG,CAAC,uBAAuB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS;QAClH,sBAAsB,EAAE,OAAO,GAAG,CAAC,sBAAsB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS;QAC/G,mBAAmB,EAAE,OAAO,GAAG,CAAC,mBAAmB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;QACtG,mBAAmB,EAAE,OAAO,GAAG,CAAC,mBAAmB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;QACtG,sBAAsB,EAAE,OAAO,GAAG,CAAC,sBAAsB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS;QAC/G,QAAQ,EAAE,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACrE,cAAc,EAAE,OAAO,GAAG,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACvF,WAAW,EAAE,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;KAC/E,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"env-mapper.js","sourceRoot":"","sources":["../../src/helpers/env-mapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAMH;;GAEG;AACH,MAAM,gBAAgB,GAAG;IACvB,aAAa;IACb,eAAe;IACf,kBAAkB;IAClB,oBAAoB;IACpB,oBAAoB;CACZ,CAAC;AAEX;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,eAAe,CAAC,GAAQ;IACtC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,WAAW,IAAI,gBAAgB,EAAE,CAAC;QAC3C,4EAA4E;QAC5E,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;YACtB,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC/D,wDAAwD;gBACxD,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;gBACvD,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtB,gEAAgE;oBAChE,oEAAoE;oBACpE,OAAO,MAAM,CAAC;gBAChB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,cAAc,CAC5B,GAA0B,EAC1B,MAAc;IAEd,mDAAmD;IACnD,+CAA+C;IAC/C,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IACzC,MAAM,oBAAoB,GAAG,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC;IAC3F,MAAM,uBAAuB,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAE/D,uDAAuD;IACvD,MAAM,KAAK,GAAG,CAAC,WAAmB,EAA2B,EAAE;QAC7D,OAAO,CAAC,GAAG,CAAC,GAAG,oBAAoB,IAAI,WAAW,EAAE,CAAC;YAC7C,GAAG,CAAC,GAAG,uBAAuB,IAAI,WAAW,EAAE,CAAC,CAA4B,CAAC;IACvF,CAAC,CAAC;IAEF,OAAO;QACL,WAAW,EAAE,KAAK,CAAC,aAAa,CAAgB;QAChD,aAAa,EAAE,KAAK,CAAC,eAAe,CAAC;QACrC,gBAAgB,EAAE,KAAK,CAAC,kBAAkB,CAAC;QAC3C,kBAAkB,EAAE,KAAK,CAAC,oBAAoB,CAAC;QAC/C,kBAAkB,EAAE,KAAK,CAAC,oBAAoB,CAAC;QAC/C,wBAAwB,EAAE,OAAO,GAAG,CAAC,wBAAwB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS;QACrH,uBAAuB,EAAE,OAAO,GAAG,CAAC,uBAAuB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS;QAClH,sBAAsB,EAAE,OAAO,GAAG,CAAC,sBAAsB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS;QAC/G,mBAAmB,EAAE,OAAO,GAAG,CAAC,mBAAmB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;QACtG,mBAAmB,EAAE,OAAO,GAAG,CAAC,mBAAmB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;QACtG,sBAAsB,EAAE,OAAO,GAAG,CAAC,sBAAsB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS;QAC/G,QAAQ,EAAE,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACrE,cAAc,EAAE,OAAO,GAAG,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACvF,WAAW,EAAE,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QAC9E,aAAa,EAAE,OAAO,GAAG,CAAC,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;QACpF,mBAAmB,EAAE,GAAG,CAAC,mBAAqD;KAC/E,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAM,UAAU,sBAAsB,CACpC,GAAQ,EACR,MAAe;IAEf,sCAAsC;IACtC,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,cAAc,CAAC,GAA4B,EAAE,MAAM,CAAC,CAAC;IAC9D,CAAC;IAED,qBAAqB;IACrB,MAAM,cAAc,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IAC5C,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,cAAc,CAAC,GAA4B,EAAE,cAAc,CAAC,CAAC;IACtE,CAAC;IAED,uDAAuD;IACvD,yCAAyC;IACzC,OAAO;QACL,WAAW,EAAE,GAAG,CAAC,WAA0B;QAC3C,aAAa,EAAE,GAAG,CAAC,aAAwC;QAC3D,gBAAgB,EAAE,GAAG,CAAC,gBAA2C;QACjE,kBAAkB,EAAE,GAAG,CAAC,kBAA6C;QACrE,kBAAkB,EAAE,GAAG,CAAC,kBAA6C;QACrE,wBAAwB,EAAE,OAAO,GAAG,CAAC,wBAAwB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS;QACrH,uBAAuB,EAAE,OAAO,GAAG,CAAC,uBAAuB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS;QAClH,sBAAsB,EAAE,OAAO,GAAG,CAAC,sBAAsB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS;QAC/G,mBAAmB,EAAE,OAAO,GAAG,CAAC,mBAAmB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;QACtG,mBAAmB,EAAE,OAAO,GAAG,CAAC,mBAAmB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;QACtG,sBAAsB,EAAE,OAAO,GAAG,CAAC,sBAAsB,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS;QAC/G,QAAQ,EAAE,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACrE,cAAc,EAAE,OAAO,GAAG,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACvF,WAAW,EAAE,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QAC9E,aAAa,EAAE,OAAO,GAAG,CAAC,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;QACpF,mBAAmB,EAAE,GAAG,CAAC,mBAAqD;KAC/E,CAAC;AACJ,CAAC"}
package/dist/index.d.ts CHANGED
@@ -23,13 +23,15 @@ export { loadDay0Config, getDelegationFieldName, supportsFullDelegationFormat, h
23
23
  export { CloudflareProofGenerator, type ProofMeta, type SessionContext, type ToolRequest, type ToolResponse, type ProofOptions, } from "./proof-generator";
24
24
  export { CloudflareRuntime, type ToolCallContext } from "./runtime";
25
25
  export { KVToolProtectionCache, type KVNamespace, } from "./cache/kv-tool-protection-cache";
26
+ export { KVOAuthConfigCache } from "./cache/kv-oauth-config-cache";
27
+ export type { KVOAuthConfigCacheConfig } from "./cache/kv-oauth-config-cache";
26
28
  export { createOAuthCallbackHandler, extractDelegationToken, type HonoContext, type OAuthCallbackConfig, type OAuthSuccessData, type OAuthErrorData, type OAuthState, type TokenExchangeResponse, } from "./runtime/oauth-handler";
27
29
  export type { AgentIdentity } from "@kya-os/mcp-i-core";
28
30
  export { MCPICloudflareServer, type MCPICloudflareServerOptions, } from "./server";
29
31
  export { AdminService } from "./services/admin.service";
30
- export { MCPICloudflareAgent, type MCPICloudflareAgentOptions, type PrefixedCloudflareEnv, } from "./agent";
32
+ export { MCPICloudflareAgent, type PrefixedCloudflareEnv } from "./agent";
31
33
  export { createMCPIApp, type CreateMCPIAppOptions } from "./app";
32
- export { mapPrefixedEnv } from "./helpers/env-mapper";
34
+ export { mapPrefixedEnv, normalizeCloudflareEnv, detectEnvPrefix, } from "./helpers/env-mapper";
33
35
  export * from "./constants";
34
36
  export { defineConfig } from "./config";
35
37
  export type { CloudflareRuntimeConfig, CloudflareBuildConfig, CloudflareConfig, } from "./config";
package/dist/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAIL,qBAAqB,EAGtB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,EACpB,uBAAuB,EACxB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7C,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AAGxD,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,EACpB,uBAAuB,EACvB,kBAAkB,GACnB,CAAC;AAGF,OAAO,EACL,cAAc,EACd,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,KAAK,UAAU,EACf,KAAK,UAAU,GAChB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAGzE,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EACL,cAAc,EACd,sBAAsB,EACtB,4BAA4B,EAC5B,kBAAkB,EAClB,KAAK,UAAU,GAChB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,wBAAwB,EACxB,KAAK,SAAS,EACd,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,YAAY,GAClB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EAAE,iBAAiB,EAAE,KAAK,eAAe,EAAE,MAAM,WAAW,CAAC;AAGpE,OAAO,EACL,qBAAqB,EACrB,KAAK,WAAW,GACjB,MAAM,kCAAkC,CAAC;AAG1C,OAAO,EACL,0BAA0B,EAC1B,sBAAsB,EACtB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,UAAU,EACf,KAAK,qBAAqB,GAC3B,MAAM,yBAAyB,CAAC;AAGjC,YAAY,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAGxD,OAAO,EACL,oBAAoB,EACpB,KAAK,2BAA2B,GACjC,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAGxD,OAAO,EACL,mBAAmB,EACnB,KAAK,0BAA0B,EAC/B,KAAK,qBAAqB,GAC3B,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,aAAa,EAAE,KAAK,oBAAoB,EAAE,MAAM,OAAO,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGtD,cAAc,aAAa,CAAC;AAG5B,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,YAAY,EACV,uBAAuB,EACvB,qBAAqB,EACrB,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAGlB,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C,MAAM,WAAW,oBAAoB;IACnC,GAAG,EAAE,aAAa,CAAC;IACnB,WAAW,CAAC,EAAE,aAAa,GAAG,YAAY,CAAC;IAC3C,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,KAAK,CAAC,EAAE;QACN,OAAO,EAAE,OAAO,CAAC;QACjB,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;KACxC,CAAC;IACF,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAE9C,aAAa,CAAC,EAAE,uBAAuB,CAAC;CACzC;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,oBAAoB,GAC3B,iBAAiB,CAmFnB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,oBAAoB;mBAIrC,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;EAsFnD;AAGD,OAAO,EACL,2BAA2B,EAC3B,KAAK,2BAA2B,EAChC,KAAK,cAAc,GACpB,MAAM,WAAW,CAAC;AAGnB,cAAc,UAAU,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAIL,qBAAqB,EAGtB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,EACpB,uBAAuB,EACxB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7C,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AAGxD,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,EACpB,uBAAuB,EACvB,kBAAkB,GACnB,CAAC;AAGF,OAAO,EACL,cAAc,EACd,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,KAAK,UAAU,EACf,KAAK,UAAU,GAChB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAGzE,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EACL,cAAc,EACd,sBAAsB,EACtB,4BAA4B,EAC5B,kBAAkB,EAClB,KAAK,UAAU,GAChB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,wBAAwB,EACxB,KAAK,SAAS,EACd,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,YAAY,GAClB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EAAE,iBAAiB,EAAE,KAAK,eAAe,EAAE,MAAM,WAAW,CAAC;AAGpE,OAAO,EACL,qBAAqB,EACrB,KAAK,WAAW,GACjB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,YAAY,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AAG9E,OAAO,EACL,0BAA0B,EAC1B,sBAAsB,EACtB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,UAAU,EACf,KAAK,qBAAqB,GAC3B,MAAM,yBAAyB,CAAC;AAGjC,YAAY,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAGxD,OAAO,EACL,oBAAoB,EACpB,KAAK,2BAA2B,GACjC,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAGxD,OAAO,EAAE,mBAAmB,EAAE,KAAK,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,KAAK,oBAAoB,EAAE,MAAM,OAAO,CAAC;AACjE,OAAO,EACL,cAAc,EACd,sBAAsB,EACtB,eAAe,GAChB,MAAM,sBAAsB,CAAC;AAG9B,cAAc,aAAa,CAAC;AAG5B,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,YAAY,EACV,uBAAuB,EACvB,qBAAqB,EACrB,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAGlB,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C,MAAM,WAAW,oBAAoB;IACnC,GAAG,EAAE,aAAa,CAAC;IACnB,WAAW,CAAC,EAAE,aAAa,GAAG,YAAY,CAAC;IAC3C,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,KAAK,CAAC,EAAE;QACN,OAAO,EAAE,OAAO,CAAC;QACjB,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;KACxC,CAAC;IACF,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAE9C,aAAa,CAAC,EAAE,uBAAuB,CAAC;CACzC;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,oBAAoB,GAC3B,iBAAiB,CA6FnB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,oBAAoB;mBAIrC,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;EAsFnD;AAGD,OAAO,EACL,2BAA2B,EAC3B,KAAK,2BAA2B,EAChC,KAAK,cAAc,GACpB,MAAM,WAAW,CAAC;AAGnB,cAAc,UAAU,CAAC"}
package/dist/index.js CHANGED
@@ -28,15 +28,16 @@ export { CloudflareProofGenerator, } from "./proof-generator";
28
28
  export { CloudflareRuntime } from "./runtime";
29
29
  // Re-export cache implementations
30
30
  export { KVToolProtectionCache, } from "./cache/kv-tool-protection-cache";
31
+ export { KVOAuthConfigCache } from "./cache/kv-oauth-config-cache";
31
32
  // Re-export OAuth handler utilities
32
33
  export { createOAuthCallbackHandler, extractDelegationToken, } from "./runtime/oauth-handler";
33
34
  // Re-export MCPICloudflareServer and services
34
35
  export { MCPICloudflareServer, } from "./server";
35
36
  export { AdminService } from "./services/admin.service";
36
37
  // Re-export agent base class and app factory
37
- export { MCPICloudflareAgent, } from "./agent";
38
+ export { MCPICloudflareAgent } from "./agent";
38
39
  export { createMCPIApp } from "./app";
39
- export { mapPrefixedEnv } from "./helpers/env-mapper";
40
+ export { mapPrefixedEnv, normalizeCloudflareEnv, detectEnvPrefix, } from "./helpers/env-mapper";
40
41
  // Re-export constants
41
42
  export * from "./constants";
42
43
  // Re-export config utilities
@@ -77,7 +78,11 @@ export function createCloudflareRuntime(config) {
77
78
  apiKey: config.env.AGENTSHIELD_API_KEY,
78
79
  fetchProvider: fetchProvider,
79
80
  logger: (msg, data) => {
80
- if (config.environment === "development") {
81
+ // Always log errors and validation failures, even in production
82
+ const isError = msg.toLowerCase().includes("error") ||
83
+ msg.toLowerCase().includes("failed") ||
84
+ msg.toLowerCase().includes("validation");
85
+ if (isError || config.environment === "development") {
81
86
  console.log(`[AccessControl] ${msg}`, data);
82
87
  }
83
88
  },
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAGL,uBAAuB,EAEvB,uBAAuB,EACvB,aAAa,GACd,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAI9C,sBAAsB;AACtB,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,EACpB,uBAAuB,EACvB,kBAAkB,GACnB,CAAC;AAEF,4BAA4B;AAC5B,OAAO,EACL,cAAc,GAKf,MAAM,4BAA4B,CAAC;AAEpC,qBAAqB;AACrB,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAEzE,oCAAoC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EACL,cAAc,EACd,sBAAsB,EACtB,4BAA4B,EAC5B,kBAAkB,GAEnB,MAAM,qBAAqB,CAAC;AAE7B,6BAA6B;AAC7B,OAAO,EACL,wBAAwB,GAMzB,MAAM,mBAAmB,CAAC;AAE3B,6DAA6D;AAC7D,OAAO,EAAE,iBAAiB,EAAwB,MAAM,WAAW,CAAC;AAEpE,kCAAkC;AAClC,OAAO,EACL,qBAAqB,GAEtB,MAAM,kCAAkC,CAAC;AAE1C,oCAAoC;AACpC,OAAO,EACL,0BAA0B,EAC1B,sBAAsB,GAOvB,MAAM,yBAAyB,CAAC;AAKjC,8CAA8C;AAC9C,OAAO,EACL,oBAAoB,GAErB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD,6CAA6C;AAC7C,OAAO,EACL,mBAAmB,GAGpB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,aAAa,EAA6B,MAAM,OAAO,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,sBAAsB;AACtB,cAAc,aAAa,CAAC;AAE5B,6BAA6B;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAwBxC;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CACrC,MAA4B;IAE5B,MAAM,cAAc,GAAG,IAAI,iBAAiB,EAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAI,oBAAoB,EAAE,CAAC;IACjD,MAAM,aAAa,GAAG,IAAI,oBAAoB,EAAE,CAAC;IACjD,MAAM,eAAe,GAAG,IAAI,iBAAiB,CAC3C,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,IAAI,MAAM,CAAC,GAAG,CAAC,WAAW,CAAQ,CAC/D,CAAC;IACF,MAAM,kBAAkB,GAAG,IAAI,oBAAoB,CACjD,MAAM,CAAC,GAAG,CAAC,WAAkB,CAC9B,CAAC;IAEF,uDAAuD;IACvD,MAAM,oBAAoB,GAAG,IAAI,uBAAuB,CACtD,MAAM,CAAC,GAAG,EACV,cAAc,EACd,MAAM,CAAC,GAAG,CAAC,mBAA0B,CAAC,yCAAyC;KAChF,CAAC;IAEF,uEAAuE;IACvE,uEAAuE;IACvE,MAAM,gBAAgB,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB;QAClD,CAAC,CAAC,IAAI,kBAAkB,CACpB,MAAM,CAAC,GAAG,CAAC,gBAAuB,EAClC,oBAAoB,EACpB,cAAc,CACf;QACH,CAAC,CAAC,oBAAoB,CAAC;IAEzB,4BAA4B;IAC5B,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC;QACtC,cAAc;QACd,aAAa;QACb,kBAAkB;QAClB,aAAa;QACb,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,IAAI,GAAG;KACzD,CAAC,CAAC;IAEH,8DAA8D;IAC9D,IAAI,oBAAyD,CAAC;IAC9D,IAAI,MAAM,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC;QACnC,oBAAoB,GAAG,IAAI,uBAAuB,CAAC;YACjD,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,mBAAmB,IAAI,wBAAwB;YACnE,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,mBAAmB;YACtC,aAAa,EAAE,aAAa;YAC5B,MAAM,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;gBACpB,IAAI,MAAM,CAAC,WAAW,KAAK,aAAa,EAAE,CAAC;oBACzC,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,EAAE,EAAE,IAAI,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC;SACF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,aAAa,GAA0B;QAC3C,cAAc;QACd,aAAa;QACb,aAAa;QACb,eAAe;QACf,kBAAkB;QAClB,gBAAgB;QAChB,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,YAAY;QAC/C,OAAO,EAAE;YACP,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,IAAI,GAAG;YACxD,UAAU,EAAE,MAAM,CAAC,iBAAiB,IAAI,EAAE;SAC3C;QACD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,qBAAqB,EAAE,MAAM,CAAC,qBAAqB;KACpD,CAAC;IAEF,0DAA0D;IAC1D,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC;IAE5C,uEAAuE;IACvE,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,CAAC;IAE9C,MAAM,OAAO,GAAG,IAAI,iBAAiB,CAAC,aAAa,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;IAElF,+BAA+B;IAC/B,IAAI,oBAAoB,EAAE,CAAC;QACzB,OAAO,CAAC,uBAAuB,CAAC,oBAAoB,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAExC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAA4B;IAC5D,MAAM,OAAO,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC;IAEhD,OAAO;QACL,KAAK,CAAC,KAAK,CAAC,OAAgB;YAC1B,sCAAsC;YACtC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;gBACzB,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;YAC7B,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAEjC,8BAA8B;YAC9B,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;gBAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,sBAAsB,EAAE,CAAC;gBACjD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBAE3C,IAAI,MAAM,EAAE,CAAC;oBACX,gEAAgE;oBAChE,IAAI,QAAQ,IAAI,MAAM,IAAI,SAAS,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,EAAE,CAAC;wBAClE,OAAO,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE;4BAC/B,MAAM,EAAE,MAAM,CAAC,MAAM;4BACrB,OAAO,EAAE;gCACP,GAAG,MAAM,CAAC,OAAO;gCACjB,GAAG,uBAAuB;6BAC3B;yBACF,CAAC,CAAC;oBACL,CAAC;oBACD,uDAAuD;oBACvD,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE;wBAC1C,MAAM,EAAE,GAAG;wBACX,OAAO,EAAE;4BACP,cAAc,EAAE,kBAAkB;4BAClC,GAAG,uBAAuB;yBAC3B;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,sBAAsB;YACtB,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC9B,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAQ,CAAC;oBAE3C,mBAAmB;oBACnB,IAAI,IAAI,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;wBAChC,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;wBAC1D,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE;4BAC1C,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;yBAChD,CAAC,CAAC;oBACL,CAAC;oBAED,oBAAoB;oBACpB,IAAI,IAAI,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;wBACjC,2CAA2C;wBAC3C,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;4BACb,MAAM,EAAE,mBAAmB;yBAC5B,CAAC,EACF;4BACE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;yBAChD,CACF,CAAC;oBACJ,CAAC;oBAED,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;wBACb,KAAK,EAAE,gBAAgB;qBACxB,CAAC,EACF;wBACE,MAAM,EAAE,GAAG;wBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;qBAChD,CACF,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAU,EAAE,CAAC;oBACpB,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;wBACb,KAAK,EAAE,KAAK,CAAC,OAAO,IAAI,gBAAgB;qBACzC,CAAC,EACF;wBACE,MAAM,EAAE,GAAG;wBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;qBAChD,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,OAAO,IAAI,QAAQ,CAAC,oBAAoB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC7D,CAAC;KACF,CAAC;AACJ,CAAC;AAED,mDAAmD;AACnD,OAAO,EACL,2BAA2B,GAG5B,MAAM,WAAW,CAAC;AAEnB,2CAA2C;AAC3C,cAAc,UAAU,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAGL,uBAAuB,EAEvB,uBAAuB,EACvB,aAAa,GACd,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAI9C,sBAAsB;AACtB,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,EACpB,uBAAuB,EACvB,kBAAkB,GACnB,CAAC;AAEF,4BAA4B;AAC5B,OAAO,EACL,cAAc,GAKf,MAAM,4BAA4B,CAAC;AAEpC,qBAAqB;AACrB,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAEzE,oCAAoC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EACL,cAAc,EACd,sBAAsB,EACtB,4BAA4B,EAC5B,kBAAkB,GAEnB,MAAM,qBAAqB,CAAC;AAE7B,6BAA6B;AAC7B,OAAO,EACL,wBAAwB,GAMzB,MAAM,mBAAmB,CAAC;AAE3B,6DAA6D;AAC7D,OAAO,EAAE,iBAAiB,EAAwB,MAAM,WAAW,CAAC;AAEpE,kCAAkC;AAClC,OAAO,EACL,qBAAqB,GAEtB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,oCAAoC;AACpC,OAAO,EACL,0BAA0B,EAC1B,sBAAsB,GAOvB,MAAM,yBAAyB,CAAC;AAKjC,8CAA8C;AAC9C,OAAO,EACL,oBAAoB,GAErB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD,6CAA6C;AAC7C,OAAO,EAAE,mBAAmB,EAA8B,MAAM,SAAS,CAAC;AAC1E,OAAO,EAAE,aAAa,EAA6B,MAAM,OAAO,CAAC;AACjE,OAAO,EACL,cAAc,EACd,sBAAsB,EACtB,eAAe,GAChB,MAAM,sBAAsB,CAAC;AAE9B,sBAAsB;AACtB,cAAc,aAAa,CAAC;AAE5B,6BAA6B;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAwBxC;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CACrC,MAA4B;IAE5B,MAAM,cAAc,GAAG,IAAI,iBAAiB,EAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAI,oBAAoB,EAAE,CAAC;IACjD,MAAM,aAAa,GAAG,IAAI,oBAAoB,EAAE,CAAC;IACjD,MAAM,eAAe,GAAG,IAAI,iBAAiB,CAC3C,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,IAAI,MAAM,CAAC,GAAG,CAAC,WAAW,CAAQ,CAC/D,CAAC;IACF,MAAM,kBAAkB,GAAG,IAAI,oBAAoB,CACjD,MAAM,CAAC,GAAG,CAAC,WAAkB,CAC9B,CAAC;IAEF,uDAAuD;IACvD,MAAM,oBAAoB,GAAG,IAAI,uBAAuB,CACtD,MAAM,CAAC,GAAG,EACV,cAAc,EACd,MAAM,CAAC,GAAG,CAAC,mBAA0B,CAAC,yCAAyC;KAChF,CAAC;IAEF,uEAAuE;IACvE,uEAAuE;IACvE,MAAM,gBAAgB,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB;QAClD,CAAC,CAAC,IAAI,kBAAkB,CACpB,MAAM,CAAC,GAAG,CAAC,gBAAuB,EAClC,oBAAoB,EACpB,cAAc,CACf;QACH,CAAC,CAAC,oBAAoB,CAAC;IAEzB,4BAA4B;IAC5B,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC;QACtC,cAAc;QACd,aAAa;QACb,kBAAkB;QAClB,aAAa;QACb,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,IAAI,GAAG;KACzD,CAAC,CAAC;IAEH,8DAA8D;IAC9D,IAAI,oBAAyD,CAAC;IAC9D,IAAI,MAAM,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC;QACnC,oBAAoB,GAAG,IAAI,uBAAuB,CAAC;YACjD,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,mBAAmB,IAAI,wBAAwB;YACnE,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,mBAAmB;YACtC,aAAa,EAAE,aAAa;YAC5B,MAAM,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;gBACpB,gEAAgE;gBAChE,MAAM,OAAO,GACX,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC;oBACnC,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBACpC,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;gBAE3C,IAAI,OAAO,IAAI,MAAM,CAAC,WAAW,KAAK,aAAa,EAAE,CAAC;oBACpD,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,EAAE,EAAE,IAAI,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC;SACF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,aAAa,GAA0B;QAC3C,cAAc;QACd,aAAa;QACb,aAAa;QACb,eAAe;QACf,kBAAkB;QAClB,gBAAgB;QAChB,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,YAAY;QAC/C,OAAO,EAAE;YACP,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,IAAI,GAAG;YACxD,UAAU,EAAE,MAAM,CAAC,iBAAiB,IAAI,EAAE;SAC3C;QACD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,qBAAqB,EAAE,MAAM,CAAC,qBAAqB;KACpD,CAAC;IAEF,0DAA0D;IAC1D,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC;IAE5C,uEAAuE;IACvE,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,CAAC;IAE9C,MAAM,OAAO,GAAG,IAAI,iBAAiB,CACnC,aAAa,EACb,SAAS,EACT,gBAAgB,CACjB,CAAC;IAEF,+BAA+B;IAC/B,IAAI,oBAAoB,EAAE,CAAC;QACzB,OAAO,CAAC,uBAAuB,CAAC,oBAAoB,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAExC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAA4B;IAC5D,MAAM,OAAO,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC;IAEhD,OAAO;QACL,KAAK,CAAC,KAAK,CAAC,OAAgB;YAC1B,sCAAsC;YACtC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;gBACzB,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;YAC7B,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAEjC,8BAA8B;YAC9B,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;gBAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,sBAAsB,EAAE,CAAC;gBACjD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBAE3C,IAAI,MAAM,EAAE,CAAC;oBACX,gEAAgE;oBAChE,IAAI,QAAQ,IAAI,MAAM,IAAI,SAAS,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,EAAE,CAAC;wBAClE,OAAO,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE;4BAC/B,MAAM,EAAE,MAAM,CAAC,MAAM;4BACrB,OAAO,EAAE;gCACP,GAAG,MAAM,CAAC,OAAO;gCACjB,GAAG,uBAAuB;6BAC3B;yBACF,CAAC,CAAC;oBACL,CAAC;oBACD,uDAAuD;oBACvD,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE;wBAC1C,MAAM,EAAE,GAAG;wBACX,OAAO,EAAE;4BACP,cAAc,EAAE,kBAAkB;4BAClC,GAAG,uBAAuB;yBAC3B;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,sBAAsB;YACtB,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC9B,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAQ,CAAC;oBAE3C,mBAAmB;oBACnB,IAAI,IAAI,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;wBAChC,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;wBAC1D,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE;4BAC1C,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;yBAChD,CAAC,CAAC;oBACL,CAAC;oBAED,oBAAoB;oBACpB,IAAI,IAAI,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;wBACjC,2CAA2C;wBAC3C,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;4BACb,MAAM,EAAE,mBAAmB;yBAC5B,CAAC,EACF;4BACE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;yBAChD,CACF,CAAC;oBACJ,CAAC;oBAED,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;wBACb,KAAK,EAAE,gBAAgB;qBACxB,CAAC,EACF;wBACE,MAAM,EAAE,GAAG;wBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;qBAChD,CACF,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAU,EAAE,CAAC;oBACpB,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;wBACb,KAAK,EAAE,KAAK,CAAC,OAAO,IAAI,gBAAgB;qBACzC,CAAC,EACF;wBACE,MAAM,EAAE,GAAG;wBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;qBAChD,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,OAAO,IAAI,QAAQ,CAAC,oBAAoB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC7D,CAAC;KACF,CAAC;AACJ,CAAC;AAED,mDAAmD;AACnD,OAAO,EACL,2BAA2B,GAG5B,MAAM,WAAW,CAAC;AAEnB,2CAA2C;AAC3C,cAAc,UAAU,CAAC"}
package/dist/runtime/audit-logger.d.ts ADDED
@@ -0,0 +1,96 @@
1
+ /**
2
+ * Cloudflare Audit Logger
3
+ *
4
+ * Cloudflare Workers-compatible implementation of IAuditLogger using Web Crypto API.
5
+ * This implementation uses Web Crypto API instead of Node.js crypto for compatibility
6
+ * with Cloudflare Workers environment.
7
+ */
8
+ import type { AuditContext, AuditEventContext } from "@kya-os/contracts/audit";
9
+ import type { IAuditLogger } from "@kya-os/mcp-i-core/runtime/audit-logger";
10
+ /**
11
+ * Audit log rotation strategy
12
+ */
13
+ type AuditRotationStrategy = "size" | "time" | "count" | "custom";
14
+ /**
15
+ * Audit rotation context passed to hooks
16
+ */
17
+ interface AuditRotationContext {
18
+ strategy: AuditRotationStrategy;
19
+ trigger: string;
20
+ recordsLogged: number;
21
+ timestamp: number;
22
+ }
23
+ /**
24
+ * Audit rotation hooks
25
+ */
26
+ interface AuditRotationHooks {
27
+ onRotation?: (context: AuditRotationContext) => Promise<void>;
28
+ onSizeLimit?: (sizeBytes: number, limit: number) => Promise<void>;
29
+ onTimeBased?: (interval: string) => Promise<void>;
30
+ onCountThreshold?: (count: number, threshold: number) => Promise<void>;
31
+ }
32
+ /**
33
+ * Audit logging configuration
34
+ */
35
+ interface AuditConfig {
36
+ enabled?: boolean;
37
+ logFunction?: (record: string) => void;
38
+ includePayloads?: boolean;
39
+ rotation?: {
40
+ strategy?: AuditRotationStrategy;
41
+ sizeLimit?: number;
42
+ timeInterval?: number;
43
+ countThreshold?: number;
44
+ hooks?: AuditRotationHooks;
45
+ };
46
+ }
47
+ /**
48
+ * Cloudflare-compatible audit logger implementation
49
+ *
50
+ * Uses Web Crypto API for cryptographic operations instead of Node.js crypto.
51
+ * Implements the same audit.v1 format and rotation logic as the Node.js version.
52
+ */
53
+ export declare class CloudflareAuditLogger implements IAuditLogger {
54
+ private config;
55
+ private sessionAuditLog;
56
+ private totalRecordsLogged;
57
+ private currentLogSize;
58
+ private lastRotationTime;
59
+ private destroyed;
60
+ constructor(config?: AuditConfig);
61
+ /**
62
+ * Log an audit record (with session deduplication)
63
+ */
64
+ logAuditRecord(context: AuditContext): Promise<void>;
65
+ /**
66
+ * Log an event (without session deduplication)
67
+ */
68
+ logEvent(context: AuditEventContext): Promise<void>;
69
+ /**
70
+ * Generate deterministic hash for event using Web Crypto API
71
+ */
72
+ private hashEvent;
73
+ /**
74
+ * Generate random hex string using Web Crypto API
75
+ */
76
+ private generateRandomHex;
77
+ /**
78
+ * Format audit record as frozen audit line
79
+ * Format: audit.v1 ts=<unix> session=<id> audience=<host> did=<did> kid=<kid> reqHash=<sha256:..> resHash=<sha256:..> verified=yes|no scope=<scopeId|->
80
+ */
81
+ private formatAuditLine;
82
+ /**
83
+ * Check if rotation is needed and trigger if necessary (event-driven)
84
+ */
85
+ private checkRotation;
86
+ /**
87
+ * Rotate audit log now (manually triggered)
88
+ */
89
+ rotateNow(trigger?: string): Promise<void>;
90
+ /**
91
+ * Destroy the logger (cleanup)
92
+ */
93
+ destroy(): void;
94
+ }
95
+ export {};
96
+ //# sourceMappingURL=audit-logger.d.ts.map
package/dist/runtime/audit-logger.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"audit-logger.d.ts","sourceRoot":"","sources":["../../src/runtime/audit-logger.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EACV,YAAY,EACZ,iBAAiB,EAElB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yCAAyC,CAAC;AAE5E;;GAEG;AACH,KAAK,qBAAqB,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;AAElE;;GAEG;AACH,UAAU,oBAAoB;IAC5B,QAAQ,EAAE,qBAAqB,CAAC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,UAAU,kBAAkB;IAC1B,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9D,WAAW,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAClE,WAAW,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAClD,gBAAgB,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACxE;AAED;;GAEG;AACH,UAAU,WAAW;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;IACvC,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,EAAE;QACT,QAAQ,CAAC,EAAE,qBAAqB,CAAC;QACjC,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,KAAK,CAAC,EAAE,kBAAkB,CAAC;KAC5B,CAAC;CACH;AAwCD;;;;;GAKG;AACH,qBAAa,qBAAsB,YAAW,YAAY;IACxD,OAAO,CAAC,MAAM,CAAwB;IACtC,OAAO,CAAC,eAAe,CAAqB;IAC5C,OAAO,CAAC,kBAAkB,CAAK;IAC/B,OAAO,CAAC,cAAc,CAAK;IAC3B,OAAO,CAAC,gBAAgB,CAAc;IACtC,OAAO,CAAC,SAAS,CAAS;gBAEd,MAAM,GAAE,WAAgB;IAiBpC;;OAEG;IACG,cAAc,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAuD1D;;OAEG;IACG,QAAQ,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAoDzD;;OAEG;YACW,SAAS;IAoBvB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAOzB;;;OAGG;IACH,OAAO,CAAC,eAAe;IAiBvB;;OAEG;YACW,aAAa;IA+C3B;;OAEG;IACG,SAAS,CAAC,OAAO,GAAE,MAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAqB1D;;OAEG;IACH,OAAO,IAAI,IAAI;CAIhB"}
package/dist/runtime/audit-logger.js ADDED
@@ -0,0 +1,276 @@
1
+ /**
2
+ * Cloudflare Audit Logger
3
+ *
4
+ * Cloudflare Workers-compatible implementation of IAuditLogger using Web Crypto API.
5
+ * This implementation uses Web Crypto API instead of Node.js crypto for compatibility
6
+ * with Cloudflare Workers environment.
7
+ */
8
+ /**
9
+ * Format milliseconds into human-readable interval string
10
+ */
11
+ function formatTimeInterval(ms) {
12
+ if (ms === undefined || ms === null)
13
+ return "unknown";
14
+ if (ms === 0)
15
+ return "0ms";
16
+ const TIME_INTERVALS = {
17
+ SECOND: 1000,
18
+ MINUTE: 60 * 1000,
19
+ HOUR: 60 * 60 * 1000,
20
+ DAY: 24 * 60 * 60 * 1000,
21
+ WEEK: 7 * 24 * 60 * 60 * 1000,
22
+ };
23
+ if (ms % TIME_INTERVALS.WEEK === 0) {
24
+ const weeks = ms / TIME_INTERVALS.WEEK;
25
+ return weeks === 1 ? "weekly" : `${weeks}-weekly`;
26
+ }
27
+ if (ms % TIME_INTERVALS.DAY === 0) {
28
+ const days = ms / TIME_INTERVALS.DAY;
29
+ return days === 1 ? "daily" : `${days}-daily`;
30
+ }
31
+ if (ms % TIME_INTERVALS.HOUR === 0) {
32
+ const hours = ms / TIME_INTERVALS.HOUR;
33
+ return hours === 1 ? "hourly" : `${hours}-hourly`;
34
+ }
35
+ if (ms % TIME_INTERVALS.MINUTE === 0) {
36
+ const minutes = ms / TIME_INTERVALS.MINUTE;
37
+ return minutes === 1 ? "minutely" : `${minutes}-minutely`;
38
+ }
39
+ if (ms % TIME_INTERVALS.SECOND === 0) {
40
+ const seconds = ms / TIME_INTERVALS.SECOND;
41
+ return seconds === 1 ? "every-second" : `${seconds}-secondly`;
42
+ }
43
+ return `${ms}ms`;
44
+ }
45
+ /**
46
+ * Cloudflare-compatible audit logger implementation
47
+ *
48
+ * Uses Web Crypto API for cryptographic operations instead of Node.js crypto.
49
+ * Implements the same audit.v1 format and rotation logic as the Node.js version.
50
+ */
51
+ export class CloudflareAuditLogger {
52
+ config;
53
+ sessionAuditLog = new Set(); // Track first call per session
54
+ totalRecordsLogged = 0; // Total records logged (for count rotation)
55
+ currentLogSize = 0; // Current log size in bytes (for size rotation)
56
+ lastRotationTime = Date.now(); // Last rotation timestamp (for time rotation)
57
+ destroyed = false; // Track if logger has been destroyed
58
+ constructor(config = {}) {
59
+ const rotationConfig = config.rotation
60
+ ? {
61
+ strategy: "custom",
62
+ ...config.rotation,
63
+ }
64
+ : undefined;
65
+ this.config = {
66
+ enabled: true,
67
+ logFunction: console.log,
68
+ includePayloads: false,
69
+ ...config,
70
+ rotation: rotationConfig,
71
+ };
72
+ }
73
+ /**
74
+ * Log an audit record (with session deduplication)
75
+ */
76
+ async logAuditRecord(context) {
77
+ if (this.destroyed) {
78
+ throw new Error("CloudflareAuditLogger has been destroyed");
79
+ }
80
+ if (!this.config.enabled) {
81
+ return;
82
+ }
83
+ // Check if this is the first call for this session
84
+ const sessionKey = `${context.session.sessionId}:${context.session.audience}`;
85
+ if (this.sessionAuditLog.has(sessionKey)) {
86
+ return; // Already logged for this session
87
+ }
88
+ // Mark session as logged
89
+ this.sessionAuditLog.add(sessionKey);
90
+ // Create audit record
91
+ // Extract kid from identity (may be kid, keyId, or derived from did)
92
+ const kid = context.identity.kid ||
93
+ context.identity.keyId ||
94
+ context.identity.did.split(":").pop() ||
95
+ "unknown";
96
+ const auditRecord = {
97
+ version: "audit.v1",
98
+ ts: Math.floor(Date.now() / 1000),
99
+ session: context.session.sessionId,
100
+ audience: context.session.audience,
101
+ did: context.identity.did,
102
+ kid,
103
+ reqHash: context.requestHash,
104
+ resHash: context.responseHash,
105
+ verified: context.verified,
106
+ scope: context.scopeId || "-",
107
+ };
108
+ // Format as frozen audit line
109
+ const auditLine = this.formatAuditLine(auditRecord);
110
+ // Track size in bytes (UTF-8) - using TextEncoder instead of Buffer
111
+ const encoder = new TextEncoder();
112
+ const sizeBytes = encoder.encode(auditLine).length;
113
+ this.currentLogSize += sizeBytes;
114
+ this.totalRecordsLogged++;
115
+ // Emit audit record
116
+ this.config.logFunction(auditLine);
117
+ // Check if rotation is needed (event-driven)
118
+ await this.checkRotation();
119
+ }
120
+ /**
121
+ * Log an event (without session deduplication)
122
+ */
123
+ async logEvent(context) {
124
+ if (this.destroyed) {
125
+ throw new Error("CloudflareAuditLogger has been destroyed");
126
+ }
127
+ if (!this.config.enabled) {
128
+ return;
129
+ }
130
+ // Generate event hash using Web Crypto API
131
+ const eventHash = await this.hashEvent(context.eventType, context.eventData);
132
+ // Create audit record (same format as regular audit logs)
133
+ // Extract kid from identity (may be kid, keyId, or derived from did)
134
+ const kid = context.identity.kid ||
135
+ context.identity.keyId ||
136
+ context.identity.did.split(":").pop() ||
137
+ "unknown";
138
+ const auditRecord = {
139
+ version: "audit.v1",
140
+ ts: Math.floor(Date.now() / 1000),
141
+ session: context.session.sessionId,
142
+ audience: context.session.audience,
143
+ did: context.identity.did,
144
+ kid,
145
+ reqHash: `sha256:${eventHash}`,
146
+ resHash: `sha256:${eventHash}`, // Same hash for events
147
+ verified: "yes",
148
+ scope: context.eventType, // Use eventType as scope
149
+ };
150
+ // Format and log (NO session deduplication check)
151
+ const auditLine = this.formatAuditLine(auditRecord);
152
+ // Track size and count
153
+ const encoder = new TextEncoder();
154
+ const sizeBytes = encoder.encode(auditLine).length;
155
+ this.currentLogSize += sizeBytes;
156
+ this.totalRecordsLogged++;
157
+ // Emit audit record
158
+ this.config.logFunction(auditLine);
159
+ // Check rotation
160
+ await this.checkRotation();
161
+ }
162
+ /**
163
+ * Generate deterministic hash for event using Web Crypto API
164
+ */
165
+ async hashEvent(type, data) {
166
+ const content = JSON.stringify({
167
+ type,
168
+ data,
169
+ ts: Date.now(),
170
+ nonce: this.generateRandomHex(16),
171
+ });
172
+ // Use Web Crypto API for SHA-256 hashing
173
+ const encoder = new TextEncoder();
174
+ const dataBuffer = encoder.encode(content);
175
+ const hashBuffer = await crypto.subtle.digest("SHA-256", dataBuffer);
176
+ const hashArray = Array.from(new Uint8Array(hashBuffer));
177
+ const hashHex = hashArray
178
+ .map((b) => b.toString(16).padStart(2, "0"))
179
+ .join("");
180
+ return hashHex;
181
+ }
182
+ /**
183
+ * Generate random hex string using Web Crypto API
184
+ */
185
+ generateRandomHex(length) {
186
+ const randomBytes = crypto.getRandomValues(new Uint8Array(length));
187
+ return Array.from(randomBytes)
188
+ .map((b) => b.toString(16).padStart(2, "0"))
189
+ .join("");
190
+ }
191
+ /**
192
+ * Format audit record as frozen audit line
193
+ * Format: audit.v1 ts=<unix> session=<id> audience=<host> did=<did> kid=<kid> reqHash=<sha256:..> resHash=<sha256:..> verified=yes|no scope=<scopeId|->
194
+ */
195
+ formatAuditLine(record) {
196
+ const fields = [
197
+ `${record.version}`,
198
+ `ts=${record.ts}`,
199
+ `session=${record.session}`,
200
+ `audience=${record.audience}`,
201
+ `did=${record.did}`,
202
+ `kid=${record.kid}`,
203
+ `reqHash=${record.reqHash}`,
204
+ `resHash=${record.resHash}`,
205
+ `verified=${record.verified}`,
206
+ `scope=${record.scope}`,
207
+ ];
208
+ return fields.join(" ");
209
+ }
210
+ /**
211
+ * Check if rotation is needed and trigger if necessary (event-driven)
212
+ */
213
+ async checkRotation() {
214
+ if (!this.config.rotation) {
215
+ return;
216
+ }
217
+ const { strategy, sizeLimit, timeInterval, countThreshold, hooks } = this.config.rotation;
218
+ let shouldRotate = false;
219
+ let trigger = "";
220
+ // Size-based rotation
221
+ if (strategy === "size" && sizeLimit && this.currentLogSize >= sizeLimit) {
222
+ shouldRotate = true;
223
+ trigger = "size-limit";
224
+ await hooks?.onSizeLimit?.(this.currentLogSize, sizeLimit);
225
+ }
226
+ // Time-based rotation (event-driven, not timer-based)
227
+ if (strategy === "time" &&
228
+ timeInterval &&
229
+ Date.now() - this.lastRotationTime >= timeInterval) {
230
+ shouldRotate = true;
231
+ trigger = "time-interval";
232
+ const interval = formatTimeInterval(timeInterval);
233
+ await hooks?.onTimeBased?.(interval);
234
+ }
235
+ // Count-based rotation
236
+ if (strategy === "count" &&
237
+ countThreshold &&
238
+ this.totalRecordsLogged >= countThreshold) {
239
+ shouldRotate = true;
240
+ trigger = "count-threshold";
241
+ await hooks?.onCountThreshold?.(this.totalRecordsLogged, countThreshold);
242
+ }
243
+ // Trigger rotation if needed
244
+ if (shouldRotate) {
245
+ await this.rotateNow(trigger);
246
+ }
247
+ }
248
+ /**
249
+ * Rotate audit log now (manually triggered)
250
+ */
251
+ async rotateNow(trigger = "manual") {
252
+ if (!this.config.rotation?.hooks?.onRotation) {
253
+ return;
254
+ }
255
+ const context = {
256
+ strategy: this.config.rotation.strategy || "custom",
257
+ trigger,
258
+ recordsLogged: this.totalRecordsLogged,
259
+ timestamp: Date.now(),
260
+ };
261
+ // Call rotation hook
262
+ await this.config.rotation.hooks.onRotation(context);
263
+ // Reset rotation counters
264
+ this.currentLogSize = 0;
265
+ this.lastRotationTime = Date.now();
266
+ this.totalRecordsLogged = 0;
267
+ }
268
+ /**
269
+ * Destroy the logger (cleanup)
270
+ */
271
+ destroy() {
272
+ this.destroyed = true;
273
+ this.sessionAuditLog.clear();
274
+ }
275
+ }
276
+ //# sourceMappingURL=audit-logger.js.map