@kya-os/mcp-i-cloudflare 1.5.8-canary.6 → 1.5.8-canary.61

package/dist/services/tool-context-builder.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Tool Context Builder
+ *
+ * Builds ToolExecutionContext for tool handlers by resolving IDP tokens
+ * based on tool protection configuration and user identity.
+ *
+ * @package @kya-os/mcp-i-cloudflare
+ */
+import type { ToolExecutionContext } from "../types/tool-context.js";
+import type { IdpTokenResolver } from "@kya-os/mcp-i-core";
+import type { ToolProtection } from "@kya-os/mcp-i-core/types/tool-protection";
+import type { OAuthConfigService } from "@kya-os/mcp-i-core";
+export interface ToolContextBuilderConfig {
+    /** IDP token resolver for resolving tokens from User DID */
+    tokenResolver: IdpTokenResolver;
+    /** OAuth config service for fetching provider configurations */
+    configService: OAuthConfigService;
+    /** Project ID for fetching OAuth config */
+    projectId: string;
+    /** Optional logger callback for diagnostics */
+    logger?: (message: string, data?: unknown) => void;
+}
+/**
+ * Builder for tool execution context
+ *
+ * Resolves IDP tokens and builds context for tool handlers.
+ * Phase 1: Uses configured provider as temporary fallback.
+ * Phase 2+: Requires explicit oauthProvider on tool protection.
+ */
+export declare class ToolContextBuilder {
+    private config;
+    constructor(config: ToolContextBuilderConfig);
+    /**
+     * Build tool execution context
+     *
+     * @param toolName - Name of the tool being executed
+     * @param userDid - User DID (optional, required for OAuth)
+     * @param sessionId - Session ID (optional)
+     * @param delegationToken - Delegation token (optional)
+     * @param toolProtection - Tool protection configuration (optional)
+     * @returns Tool execution context or undefined if not needed
+     */
+    buildContext(toolName: string, userDid: string | undefined, sessionId: string | undefined, delegationToken: string | undefined, toolProtection: ToolProtection | null): Promise<ToolExecutionContext | undefined>;
+    /**
+     * Resolve OAuth provider for a tool
+     *
+     * Phase 1: Uses configured provider from OAuth config as temporary fallback
+     * Phase 2+: Requires explicit oauthProvider on tool protection
+     *
+     * @param toolProtection - Tool protection configuration
+     * @returns Provider name or null if not found
+     */
+    private resolveProvider;
+}
+//# sourceMappingURL=tool-context-builder.d.ts.map

package/dist/services/tool-context-builder.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-context-builder.d.ts","sourceRoot":"","sources":["../../src/services/tool-context-builder.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AACrE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,0CAA0C,CAAC;AAE/E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE7D,MAAM,WAAW,wBAAwB;IACvC,4DAA4D;IAC5D,aAAa,EAAE,gBAAgB,CAAC;IAEhC,gEAAgE;IAChE,aAAa,EAAE,kBAAkB,CAAC;IAElC,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAElB,+CAA+C;IAC/C,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CACpD;AAED;;;;;;GAMG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAEZ;gBAEU,MAAM,EAAE,wBAAwB;IAS5C;;;;;;;;;OASG;IACG,YAAY,CAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,eAAe,EAAE,MAAM,GAAG,SAAS,EACnC,cAAc,EAAE,cAAc,GAAG,IAAI,GACpC,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC;IAyD5C;;;;;;;;OAQG;YACW,eAAe;CAyC9B"}

package/dist/services/tool-context-builder.js

@@ -0,0 +1,124 @@
+/**
+ * Tool Context Builder
+ *
+ * Builds ToolExecutionContext for tool handlers by resolving IDP tokens
+ * based on tool protection configuration and user identity.
+ *
+ * @package @kya-os/mcp-i-cloudflare
+ */
+/**
+ * Builder for tool execution context
+ *
+ * Resolves IDP tokens and builds context for tool handlers.
+ * Phase 1: Uses configured provider as temporary fallback.
+ * Phase 2+: Requires explicit oauthProvider on tool protection.
+ */
+export class ToolContextBuilder {
+    config;
+    constructor(config) {
+        this.config = {
+            tokenResolver: config.tokenResolver,
+            configService: config.configService,
+            projectId: config.projectId,
+            logger: config.logger || (() => { }),
+        };
+    }
+    /**
+     * Build tool execution context
+     *
+     * @param toolName - Name of the tool being executed
+     * @param userDid - User DID (optional, required for OAuth)
+     * @param sessionId - Session ID (optional)
+     * @param delegationToken - Delegation token (optional)
+     * @param toolProtection - Tool protection configuration (optional)
+     * @returns Tool execution context or undefined if not needed
+     */
+    async buildContext(toolName, userDid, sessionId, delegationToken, toolProtection) {
+        // Only build context if tool requires OAuth
+        if (!toolProtection?.requiredScopes?.length || !userDid) {
+            return undefined;
+        }
+        // Phase 1: Resolve provider from configured providers
+        // Phase 1 uses configured provider as temporary fallback
+        // Phase 2+ requires explicit oauthProvider on tool protection
+        const provider = await this.resolveProvider(toolProtection);
+        if (!provider) {
+            this.config.logger("[ToolContextBuilder] Provider not resolved", {
+                toolName,
+                userDid: userDid.substring(0, 20) + "...",
+            });
+            return undefined;
+        }
+        // Resolve IDP token
+        const idpToken = await this.config.tokenResolver.resolveTokenFromDid(userDid, provider, toolProtection.requiredScopes);
+        if (!idpToken) {
+            // Token not available - will trigger OAuth flow
+            this.config.logger("[ToolContextBuilder] Token not available", {
+                toolName,
+                userDid: userDid.substring(0, 20) + "...",
+                provider,
+                scopes: toolProtection.requiredScopes,
+            });
+            return undefined;
+        }
+        // Build context with token
+        const context = {
+            idpToken,
+            provider,
+            scopes: toolProtection.requiredScopes,
+            userDid,
+            sessionId,
+            delegationToken,
+        };
+        this.config.logger("[ToolContextBuilder] Context built successfully", {
+            toolName,
+            userDid: userDid.substring(0, 20) + "...",
+            provider,
+            hasToken: !!idpToken,
+        });
+        return context;
+    }
+    /**
+     * Resolve OAuth provider for a tool
+     *
+     * Phase 1: Uses configured provider from OAuth config as temporary fallback
+     * Phase 2+: Requires explicit oauthProvider on tool protection
+     *
+     * @param toolProtection - Tool protection configuration
+     * @returns Provider name or null if not found
+     */
+    async resolveProvider(toolProtection) {
+        // Phase 2+: Check for explicit oauthProvider (not yet implemented)
+        // if (toolProtection.oauthProvider) {
+        //   return toolProtection.oauthProvider;
+        // }
+        // Phase 1: Use configured provider from OAuth config as temporary fallback
+        // Get first configured provider (Phase 1 assumes single provider per project)
+        try {
+            const oauthConfig = await this.config.configService.getOAuthConfig(this.config.projectId);
+            const providers = Object.keys(oauthConfig.providers);
+            if (providers.length === 0) {
+                this.config.logger("[ToolContextBuilder] No providers configured", {
+                    projectId: this.config.projectId,
+                });
+                return null;
+            }
+            // Phase 1: Use first configured provider as fallback
+            // Phase 2+: This fallback will be removed, tools must specify oauthProvider
+            const provider = providers[0];
+            this.config.logger("[ToolContextBuilder] Provider resolved (Phase 1 fallback)", {
+                provider,
+                availableProviders: providers,
+            });
+            return provider;
+        }
+        catch (error) {
+            this.config.logger("[ToolContextBuilder] Failed to fetch OAuth config", {
+                error: error instanceof Error ? error.message : String(error),
+                projectId: this.config.projectId,
+            });
+            return null;
+        }
+    }
+}
+//# sourceMappingURL=tool-context-builder.js.map

package/dist/services/tool-context-builder.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-context-builder.js","sourceRoot":"","sources":["../../src/services/tool-context-builder.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAsBH;;;;;;GAMG;AACH,MAAM,OAAO,kBAAkB;IACrB,MAAM,CAEZ;IAEF,YAAY,MAAgC;QAC1C,IAAI,CAAC,MAAM,GAAG;YACZ,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;SACpC,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,OAA2B,EAC3B,SAA6B,EAC7B,eAAmC,EACnC,cAAqC;QAErC,4CAA4C;QAC5C,IAAI,CAAC,cAAc,EAAE,cAAc,EAAE,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YACxD,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,sDAAsD;QACtD,yDAAyD;QACzD,8DAA8D;QAC9D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;QAE5D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,4CAA4C,EAAE;gBAC/D,QAAQ;gBACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;aAC1C,CAAC,CAAC;YACH,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,oBAAoB;QACpB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,mBAAmB,CAClE,OAAO,EACP,QAAQ,EACR,cAAc,CAAC,cAAc,CAC9B,CAAC;QAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,gDAAgD;YAChD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,0CAA0C,EAAE;gBAC7D,QAAQ;gBACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;gBACzC,QAAQ;gBACR,MAAM,EAAE,cAAc,CAAC,cAAc;aACtC,CAAC,CAAC;YACH,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,2BAA2B;QAC3B,MAAM,OAAO,GAAyB;YACpC,QAAQ;YACR,QAAQ;YACR,MAAM,EAAE,cAAc,CAAC,cAAc;YACrC,OAAO;YACP,SAAS;YACT,eAAe;SAChB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,iDAAiD,EAAE;YACpE,QAAQ;YACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;YACzC,QAAQ;YACR,QAAQ,EAAE,CAAC,CAAC,QAAQ;SACrB,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;;;OAQG;IACK,KAAK,CAAC,eAAe,CAC3B,cAA8B;QAE9B,mEAAmE;QACnE,sCAAsC;QACtC,yCAAyC;QACzC,IAAI;QAEJ,2EAA2E;QAC3E,8EAA8E;QAC9E,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,CAChE,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;YAEF,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YACrD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC3B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,8CAA8C,EAAE;oBACjE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;iBACjC,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC;YACd,CAAC;YAED,qDAAqD;YACrD,4EAA4E;YAC5E,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;YAE9B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,2DAA2D,EAAE;gBAC9E,QAAQ;gBACR,kBAAkB,EAAE,SAAS;aAC9B,CAAC,CAAC;YAEH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,mDAAmD,EAAE;gBACtE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;gBAC7D,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;aACjC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF"}

package/dist/types/tool-context.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Tool Execution Context
+ *
+ * Execution context passed to tool handlers, enabling tools to access
+ * IDP tokens for external API calls (GitHub, Google, etc.).
+ *
+ * All fields are optional for backward compatibility - tools that don't
+ * require OAuth will receive undefined context.
+ *
+ * @package @kya-os/mcp-i-cloudflare
+ */
+/**
+ * Execution context passed to tool handlers
+ *
+ * Enables tools to access IDP tokens for external API calls.
+ * Context is only provided when:
+ * - Tool requires OAuth (has requiredScopes)
+ * - User DID is available
+ * - IDP token is successfully resolved
+ */
+export interface ToolExecutionContext {
+    /** IDP access token for external API calls (e.g., GitHub, Google) */
+    idpToken?: string;
+    /** OAuth provider name (e.g., "github", "google") */
+    provider?: string;
+    /** Scopes granted for this token */
+    scopes?: string[];
+    /** User DID associated with this token */
+    userDid?: string;
+    /** Session ID */
+    sessionId?: string;
+    /** Delegation token (MCP-I internal authorization) */
+    delegationToken?: string;
+}
+//# sourceMappingURL=tool-context.d.ts.map

package/dist/types/tool-context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-context.d.ts","sourceRoot":"","sources":["../../src/types/tool-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH;;;;;;;;GAQG;AACH,MAAM,WAAW,oBAAoB;IACnC,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,qDAAqD;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,oCAAoC;IACpC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB,0CAA0C;IAC1C,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,iBAAiB;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,sDAAsD;IACtD,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B"}

package/dist/types/tool-context.js

@@ -0,0 +1,13 @@
+/**
+ * Tool Execution Context
+ *
+ * Execution context passed to tool handlers, enabling tools to access
+ * IDP tokens for external API calls (GitHub, Google, etc.).
+ *
+ * All fields are optional for backward compatibility - tools that don't
+ * require OAuth will receive undefined context.
+ *
+ * @package @kya-os/mcp-i-cloudflare
+ */
+export {};
+//# sourceMappingURL=tool-context.js.map

package/dist/types/tool-context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-context.js","sourceRoot":"","sources":["../../src/types/tool-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG"}

package/dist/types.d.ts

@@ -6,12 +6,39 @@
 import type { KVNamespace, DurableObjectState } from '@cloudflare/workers-types';
 /**
  * Cloudflare environment bindings for MCP-I
+ *
+ * This is the normalized format after prefix mapping. All components expect
+ * this format with standard KV binding names (e.g., `NONCE_CACHE`, not `_17429_NONCE_CACHE`).
+ *
+ * To handle prefixed KV bindings (required for multi-agent deployments in the same account),
+ * use `normalizeCloudflareEnv()` from `@kya-os/mcp-i-cloudflare/helpers/env-mapper` before
+ * passing the environment to components.
+ *
+ * @example
+ * ```typescript
+ * import { normalizeCloudflareEnv } from '@kya-os/mcp-i-cloudflare/helpers/env-mapper';
+ *
+ * // With prefixed bindings
+ * const env = { _17429_NONCE_CACHE: kvNamespace };
+ * const normalized = normalizeCloudflareEnv(env, '_17429');
+ * // normalized.NONCE_CACHE is now available
+ *
+ * // Without prefix (direct access)
+ * const env2 = { NONCE_CACHE: kvNamespace };
+ * const normalized2 = normalizeCloudflareEnv(env2);
+ * // normalized2.NONCE_CACHE is available
+ * ```
  */
 export interface CloudflareEnv {
+    /** KV namespace for nonce cache (required for replay attack prevention) */
     NONCE_CACHE: KVNamespace;
+    /** KV namespace for proof archive (optional, for auditability) */
     PROOF_ARCHIVE?: KVNamespace;
+    /** KV namespace for identity storage (optional, for persistent agent identity) */
     IDENTITY_STORAGE?: KVNamespace;
+    /** KV namespace for tool protection config cache (optional, for dashboard-controlled delegation) */
     TOOL_PROTECTION_KV?: KVNamespace;
+    /** KV namespace for delegation storage (required for OAuth/delegation flows) */
     DELEGATION_STORAGE?: KVNamespace;
     MCP_IDENTITY_PRIVATE_KEY?: string;
     MCP_IDENTITY_PUBLIC_KEY?: string;
@@ -20,9 +47,12 @@ export interface CloudflareEnv {
     AGENTSHIELD_API_URL?: string;
     AGENTSHIELD_API_KEY?: string;
     AGENTSHIELD_PROJECT_ID?: string;
+    /** Optional encryption secret for OAuth token encryption (CSRF protection) */
+    OAUTH_ENCRYPTION_SECRET?: string;
     MCPI_ENV?: string;
     ENVIRONMENT?: string;
     ADMIN_API_KEY?: string;
+    /** Optional Durable Object state for identity persistence */
     _durableObjectState?: DurableObjectState;
 }
 //# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAEjF;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,WAAW,CAAC;IACzB,aAAa,CAAC,EAAE,WAAW,CAAC;IAC5B,gBAAgB,CAAC,EAAE,WAAW,CAAC;IAC/B,kBAAkB,CAAC,EAAE,WAAW,CAAC;IACjC,kBAAkB,CAAC,EAAE,WAAW,CAAC;IACjC,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,mBAAmB,CAAC,EAAE,kBAAkB,CAAC;CAC1C"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAEjF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,WAAW,aAAa;IAC5B,2EAA2E;IAC3E,WAAW,EAAE,WAAW,CAAC;IACzB,kEAAkE;IAClE,aAAa,CAAC,EAAE,WAAW,CAAC;IAC5B,kFAAkF;IAClF,gBAAgB,CAAC,EAAE,WAAW,CAAC;IAC/B,oGAAoG;IACpG,kBAAkB,CAAC,EAAE,WAAW,CAAC;IACjC,gFAAgF;IAChF,kBAAkB,CAAC,EAAE,WAAW,CAAC;IACjC,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,8EAA8E;IAC9E,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,6DAA6D;IAC7D,mBAAmB,CAAC,EAAE,kBAAkB,CAAC;CAC1C"}

package/package.json

@@ -1,74 +1,41 @@
 {
   "name": "@kya-os/mcp-i-cloudflare",
-  "version": "1.5.8-canary.6",
-  "description": "Cloudflare Workers implementation of MCP-I framework",
+  "version": "1.5.8-canary.61",
+  "description": "Cloudflare Workers adapter for MCP-I framework",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
-  "type": "module",
-  "exports": {
-    ".": {
-      "import": "./dist/index.js",
-      "types": "./dist/index.d.ts"
-    },
-    "./config": {
-      "import": "./dist/config.js",
-      "types": "./dist/config.d.ts"
-    }
-  },
   "files": [
-    "dist/**/*",
-    "README.md"
+    "dist"
   ],
   "scripts": {
     "build": "tsc",
-    "dev": "tsc --watch",
-    "test": "vitest --run",
-    "test:coverage": "vitest --run --coverage",
-    "lint": "eslint src/**/*.ts",
-    "type-check": "tsc --noEmit",
-    "prepublishOnly": "npm run build && node ../create-mcpi-app/scripts/validate-dependencies.js"
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage",
+    "test:watch": "vitest",
+    "lint": "eslint .",
+    "clean": "rm -rf dist .turbo node_modules",
+    "prepublishOnly": "npm run build && node ../create-mcpi-app/scripts/validate-no-workspace.js"
   },
-  "keywords": [
-    "mcp-i",
-    "mcp",
-    "identity",
-    "did",
-    "cloudflare",
-    "workers",
-    "edge"
-  ],
   "dependencies": {
-    "@kya-os/contracts": "^1.5.2-canary.5",
-    "@kya-os/mcp-i-core": "^1.2.1-canary.0",
-    "@modelcontextprotocol/sdk": "^1.11.4",
-    "base-x": "^5.0.1"
-  },
-  "peerDependencies": {
-    "hono": "^4.0.0",
-    "agents": "^0.2.21"
+    "@kya-os/contracts": "^1.5.3-canary.22",
+    "@kya-os/mcp-i-core": "^1.2.2-canary.31",
+    "@modelcontextprotocol/sdk": "^1.22.0",
+    "agents": "^0.2.21",
+    "base-x": "^5.0.0",
+    "hono": "^4.6.3",
+    "jose": "^5.6.3",
+    "zod": "^3.23.8"
   },
   "devDependencies": {
-    "@cloudflare/workers-types": "^4.20251109.0",
-    "@types/node": "^20.0.0",
-    "@typescript-eslint/eslint-plugin": "^6.0.0",
-    "@typescript-eslint/parser": "^6.0.0",
+    "@cloudflare/workers-types": "^4.20240701.0",
+    "@types/node": "^20.14.9",
     "@vitest/coverage-v8": "^4.0.5",
-    "eslint": "^8.0.0",
-    "typescript": "^5.3.0",
-    "vitest": "^4.0.5",
-    "wrangler": "^3.0.0"
-  },
-  "engines": {
-    "node": ">=20.0.0"
-  },
-  "author": "MCP-I Team",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/modelcontextprotocol-identity/mcp-i.git"
-  },
-  "bugs": {
-    "url": "https://github.com/modelcontextprotocol-identity/mcp-i/issues"
-  },
-  "homepage": "https://github.com/modelcontextprotocol-identity/mcp-i#readme"
+    "dotenv": "^16.3.1",
+    "eslint": "^8.57.0",
+    "typescript": "^5.5.3",
+    "vitest": "^4.0.5"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
 }