npm - @kya-os/mcp-i-cloudflare - Versions diffs - 1.6.22-canary.clientinfo.20251126130704 → 1.6.23-canary.0 - Mend

@kya-os/mcp-i-cloudflare 1.6.22-canary.clientinfo.20251126130704 → 1.6.23-canary.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/dist/adapter.d.ts.map +1 -1
package/dist/adapter.js +70 -20
package/dist/adapter.js.map +1 -1
package/dist/agent.d.ts.map +1 -1
package/dist/agent.js +103 -111
package/dist/agent.js.map +1 -1
package/dist/cache/kv-tool-protection-cache.d.ts.map +1 -1
package/dist/cache/kv-tool-protection-cache.js +11 -10
package/dist/cache/kv-tool-protection-cache.js.map +1 -1
package/dist/runtime/oauth-handler.d.ts.map +1 -1
package/dist/runtime/oauth-handler.js.map +1 -1
package/dist/services/kta-client-lookup.d.ts +3 -5
package/dist/services/kta-client-lookup.d.ts.map +1 -1
package/dist/services/kta-client-lookup.js +34 -13
package/dist/services/kta-client-lookup.js.map +1 -1
package/dist/utils/known-clients.d.ts +6 -14
package/dist/utils/known-clients.d.ts.map +1 -1
package/dist/utils/known-clients.js +11 -30
package/dist/utils/known-clients.js.map +1 -1
package/package.json +3 -3
package/dist/utils/client-info.d.ts +0 -69
package/dist/utils/client-info.d.ts.map +0 -1
package/dist/utils/client-info.js +0 -178
package/dist/utils/client-info.js.map +0 -1
package/dist/utils/error-formatter.d.ts +0 -103
package/dist/utils/error-formatter.d.ts.map +0 -1
package/dist/utils/error-formatter.js +0 -245
package/dist/utils/error-formatter.js.map +0 -1
package/dist/utils/initialize-context.d.ts +0 -91
package/dist/utils/initialize-context.d.ts.map +0 -1
package/dist/utils/initialize-context.js +0 -169
package/dist/utils/initialize-context.js.map +0 -1
package/dist/utils/oauth-identity.d.ts +0 -58
package/dist/utils/oauth-identity.d.ts.map +0 -1
package/dist/utils/oauth-identity.js +0 -215
package/dist/utils/oauth-identity.js.map +0 -1

package/dist/utils/initialize-context.js DELETED Viewed

@@ -1,169 +0,0 @@
-/**
- * Initialize Context Manager
- *
- * Manages MCP initialize context storage and retrieval for cross-request state.
- * This allows us to preserve client info between initialize and handshake calls.
- */
-// TTL for initialize contexts (60 seconds)
-const INITIALIZE_CONTEXT_TTL_MS = 60_000;
-/**
- * Manages initialize contexts for session continuity
- */
-export class InitializeContextManager {
-    contexts;
-    constructor() {
-        this.contexts = new Map();
-    }
-    /**
-     * Store initialize context for later use in handshake
-     *
-     * @param meta Request metadata for fingerprinting
-     * @param params Initialize request parameters
-     */
-    store(meta, params) {
-        if (!meta?.fingerprint || !this.isRecord(params)) {
-            return;
-        }
-        const protocolVersion = params.protocolVersion;
-        const capabilities = params.capabilities;
-        const clientInfo = this.normalizeClientInfo(params.clientInfo);
-        const context = {
-            timestamp: Date.now(),
-            protocolVersion: typeof protocolVersion === "string" ? protocolVersion : undefined,
-            capabilities: this.cloneCapabilities(capabilities),
-            clientInfo,
-        };
-        this.contexts.set(meta.fingerprint, context);
-        this.prune();
-    }
-    /**
-     * Consume initialize context (removes it after retrieval)
-     *
-     * @param meta Request metadata for fingerprinting
-     * @returns Initialize context if found and valid, undefined otherwise
-     */
-    consume(meta) {
-        if (!meta?.fingerprint) {
-            return undefined;
-        }
-        const context = this.contexts.get(meta.fingerprint);
-        if (!context) {
-            return undefined;
-        }
-        if (Date.now() - context.timestamp > INITIALIZE_CONTEXT_TTL_MS) {
-            this.contexts.delete(meta.fingerprint);
-            return undefined;
-        }
-        // Remove after consumption to prevent cross-session leakage
-        this.contexts.delete(meta.fingerprint);
-        return context;
-    }
-    /**
-     * Prune expired contexts
-     */
-    prune() {
-        const now = Date.now();
-        for (const [key, context] of this.contexts.entries()) {
-            if (now - context.timestamp > INITIALIZE_CONTEXT_TTL_MS) {
-                this.contexts.delete(key);
-            }
-        }
-    }
-    /**
-     * Normalize client info from various formats
-     *
-     * @param value Client info from request
-     * @returns Normalized client info or undefined
-     */
-    normalizeClientInfo(value) {
-        if (!this.isRecord(value)) {
-            return undefined;
-        }
-        const normalized = {};
-        const record = value;
-        const name = record.name;
-        if (typeof name === "string" && name.trim().length > 0) {
-            normalized.name = name.trim();
-        }
-        const title = record.title;
-        if (typeof title === "string" && title.trim().length > 0) {
-            normalized.title = title.trim();
-        }
-        const version = record.version;
-        if (typeof version === "string" && version.trim().length > 0) {
-            normalized.version = version.trim();
-        }
-        const platform = record.platform;
-        if (typeof platform === "string" && platform.trim().length > 0) {
-            normalized.platform = platform.trim();
-        }
-        const vendor = record.vendor;
-        if (typeof vendor === "string" && vendor.trim().length > 0) {
-            normalized.vendor = vendor.trim();
-        }
-        const persistentId = record.persistentId;
-        if (typeof persistentId === "string" && persistentId.trim().length > 0) {
-            normalized.persistentId = persistentId.trim();
-        }
-        return Object.keys(normalized).length > 0 ? normalized : undefined;
-    }
-    /**
-     * Clone capabilities object (deep copy)
-     *
-     * @param capabilities Capabilities to clone
-     * @returns Cloned capabilities or undefined
-     */
-    cloneCapabilities(capabilities) {
-        if (!this.isRecord(capabilities)) {
-            return undefined;
-        }
-        return JSON.parse(JSON.stringify(capabilities));
-    }
-    /**
-     * Type guard for record objects
-     *
-     * @param value Value to check
-     * @returns true if value is a record object
-     */
-    isRecord(value) {
-        return typeof value === "object" && value !== null && !Array.isArray(value);
-    }
-    /**
-     * Get current size of context cache (for monitoring)
-     *
-     * @returns Number of stored contexts
-     */
-    size() {
-        return this.contexts.size;
-    }
-    /**
-     * Clear all contexts (for testing)
-     */
-    clear() {
-        this.contexts.clear();
-    }
-}
-/**
- * Build request metadata from HTTP request
- *
- * @param request HTTP request
- * @returns Request metadata with fingerprint
- */
-export function buildRequestMeta(request) {
-    const ip = request.headers.get("cf-connecting-ip") ??
-        request.headers.get("x-forwarded-for") ??
-        undefined;
-    const userAgent = request.headers.get("user-agent") ?? undefined;
-    const cfRay = request.headers.get("cf-ray") ?? undefined;
-    const origin = request.headers.get("origin") ?? undefined;
-    const secChUa = request.headers.get("sec-ch-ua") ?? undefined;
-    const fingerprintParts = [ip, userAgent, cfRay, origin, secChUa].filter((value) => typeof value === "string" && value.length > 0);
-    return {
-        fingerprint: fingerprintParts.length > 0 ? fingerprintParts.join("|") : undefined,
-        ip,
-        userAgent,
-        cfRay,
-        request, // Include request for cookie access
-    };
-}
-//# sourceMappingURL=initialize-context.js.map

package/dist/utils/initialize-context.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"initialize-context.js","sourceRoot":"","sources":["../../src/utils/initialize-context.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA0BH,2CAA2C;AAC3C,MAAM,yBAAyB,GAAG,MAAM,CAAC;AAEzC;;GAEG;AACH,MAAM,OAAO,wBAAwB;IAC3B,QAAQ,CAAiC;IAEjD;QACE,IAAI,CAAC,QAAQ,GAAG,IAAI,GAAG,EAAE,CAAC;IAC5B,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,IAA6B,EAAE,MAAe;QAClD,IAAI,CAAC,IAAI,EAAE,WAAW,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACjD,OAAO;QACT,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;QAC/C,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;QACzC,MAAM,UAAU,GAAG,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAE/D,MAAM,OAAO,GAAsB;YACjC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,eAAe,EACb,OAAO,eAAe,KAAK,QAAQ,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;YACnE,YAAY,EAAE,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC;YAClD,UAAU;SACX,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAC7C,IAAI,CAAC,KAAK,EAAE,CAAC;IACf,CAAC;IAED;;;;;OAKG;IACH,OAAO,CAAC,IAA6B;QACnC,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC;YACvB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACpD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,SAAS,GAAG,yBAAyB,EAAE,CAAC;YAC/D,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvC,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,4DAA4D;QAC5D,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACvC,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,KAAK;QACX,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;YACrD,IAAI,GAAG,GAAG,OAAO,CAAC,SAAS,GAAG,yBAAyB,EAAE,CAAC;gBACxD,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,mBAAmB,CACzB,KAAc;QAEd,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,UAAU,GAA+B,EAAE,CAAC;QAClD,MAAM,MAAM,GAAG,KAAgC,CAAC;QAEhD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACzB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvD,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAChC,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAC3B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzD,UAAU,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC/B,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7D,UAAU,CAAC,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QACtC,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QACjC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/D,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxC,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QAC7B,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3D,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QACpC,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;QACzC,IAAI,OAAO,YAAY,KAAK,QAAQ,IAAI,YAAY,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvE,UAAU,CAAC,YAAY,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;QAChD,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;IACrE,CAAC;IAED;;;;;OAKG;IACK,iBAAiB,CACvB,YAAqB;QAErB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YACjC,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAA0B,CAAC;IAC3E,CAAC;IAED;;;;;OAKG;IACK,QAAQ,CAAC,KAAc;QAC7B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9E,CAAC;IAED;;;;OAIG;IACH,IAAI;QACF,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAgB;IAC/C,MAAM,EAAE,GACN,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACvC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QACtC,SAAS,CAAC;IACZ,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC;IACjE,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;IACzD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;IAC1D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC;IAE9D,MAAM,gBAAgB,GAAG,CAAC,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,MAAM,CACrE,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAC1E,CAAC;IAEF,OAAO;QACL,WAAW,EACT,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;QACtE,EAAE;QACF,SAAS;QACT,KAAK;QACL,OAAO,EAAE,oCAAoC;KAC9C,CAAC;AACJ,CAAC"}

package/dist/utils/oauth-identity.d.ts DELETED Viewed

@@ -1,58 +0,0 @@
-/**
- * OAuth Identity Utilities
- *
- * Handles OAuth identity extraction and validation from HTTP requests.
- * This module consolidates OAuth-related logic that was previously in the adapter.
- */
-import type { OAuthIdentity } from "@kya-os/contracts/consent";
-/**
- * OAuth identity validation result
- */
-export interface OAuthValidationResult {
-    valid: boolean;
-    reason?: string;
-}
-/**
- * Extract OAuth identity from request cookies
- *
- * @param request - HTTP Request object
- * @returns OAuthIdentity or null if not found/invalid
- */
-export declare function extractOAuthIdentityFromRequest(request: Request): OAuthIdentity | null;
-/**
- * Validate OAuth identity format and content
- *
- * Ensures:
- * - Provider is non-empty string (1-50 chars)
- * - Subject is non-empty string (1-255 chars)
- * - Provider matches expected format (alphanumeric, hyphens, underscores)
- * - Subject matches expected format (non-empty, reasonable length)
- *
- * @param identity - Parsed OAuth identity object
- * @returns Validation result
- */
-export declare function validateOAuthIdentity(identity: unknown): OAuthValidationResult;
-/**
- * Lookup User DID from OAuth identity mapping
- *
- * @param oauthIdentity OAuth identity to lookup
- * @param delegationStorage KV namespace for storage
- * @returns User DID or null if not found
- */
-export declare function lookupUserDidFromOAuth(oauthIdentity: OAuthIdentity, delegationStorage: any): Promise<string | null>;
-/**
- * Create a redacted OAuth identity for storage (PII protection)
- *
- * @param oauthIdentity Original OAuth identity
- * @returns Redacted identity safe for storage
- */
-export declare function redactOAuthIdentityForStorage(oauthIdentity: OAuthIdentity | null): any;
-/**
- * Test if an OAuth cookie value is valid
- * Helper function for testing and debugging
- *
- * @param cookieValue Encoded cookie value
- * @returns true if valid OAuth identity, false otherwise
- */
-export declare function isValidOAuthCookie(cookieValue: string): boolean;
-//# sourceMappingURL=oauth-identity.d.ts.map

package/dist/utils/oauth-identity.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"oauth-identity.d.ts","sourceRoot":"","sources":["../../src/utils/oauth-identity.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE/D;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;GAKG;AACH,wBAAgB,+BAA+B,CAAC,OAAO,EAAE,OAAO,GAAG,aAAa,GAAG,IAAI,CAoCtF;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,OAAO,GAAG,qBAAqB,CAkH9E;AAED;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAC1C,aAAa,EAAE,aAAa,EAC5B,iBAAiB,EAAE,GAAG,GACrB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CA+BxB;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAAC,aAAa,EAAE,aAAa,GAAG,IAAI,GAAG,GAAG,CAUtF;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAQ/D"}

package/dist/utils/oauth-identity.js DELETED Viewed

@@ -1,215 +0,0 @@
-/**
- * OAuth Identity Utilities
- *
- * Handles OAuth identity extraction and validation from HTTP requests.
- * This module consolidates OAuth-related logic that was previously in the adapter.
- */
-/**
- * Extract OAuth identity from request cookies
- *
- * @param request - HTTP Request object
- * @returns OAuthIdentity or null if not found/invalid
- */
-export function extractOAuthIdentityFromRequest(request) {
-    try {
-        const cookieHeader = request.headers.get("Cookie");
-        if (!cookieHeader)
-            return null;
-        const cookies = cookieHeader.split("; ").map((c) => c.trim());
-        const oauthCookie = cookies.find((c) => c.startsWith("oauth_identity="));
-        if (!oauthCookie)
-            return null;
-        // Extract cookie value properly handling cases where value contains '='
-        // Find the first '=' which separates key from value, then take everything after it
-        const equalsIndex = oauthCookie.indexOf("=");
-        if (equalsIndex === -1)
-            return null;
-        const cookieValue = oauthCookie.substring(equalsIndex + 1);
-        const parsed = JSON.parse(decodeURIComponent(cookieValue));
-        // ✅ SECURITY: Validate OAuth identity format and content
-        const validationResult = validateOAuthIdentity(parsed);
-        if (!validationResult.valid) {
-            console.warn("[OAuth] ⚠️ OAuth identity validation failed:", validationResult.reason, { parsed });
-            return null;
-        }
-        return parsed;
-    }
-    catch (error) {
-        console.warn("[OAuth] Failed to extract OAuth identity from cookies:", error);
-    }
-    return null;
-}
-/**
- * Validate OAuth identity format and content
- *
- * Ensures:
- * - Provider is non-empty string (1-50 chars)
- * - Subject is non-empty string (1-255 chars)
- * - Provider matches expected format (alphanumeric, hyphens, underscores)
- * - Subject matches expected format (non-empty, reasonable length)
- *
- * @param identity - Parsed OAuth identity object
- * @returns Validation result
- */
-export function validateOAuthIdentity(identity) {
-    // Check if identity is an object
-    if (!identity || typeof identity !== "object") {
-        return { valid: false, reason: "OAuth identity must be an object" };
-    }
-    const oauth = identity;
-    // Validate provider
-    if (!oauth.provider || typeof oauth.provider !== "string") {
-        return {
-            valid: false,
-            reason: "OAuth provider is required and must be a string",
-        };
-    }
-    const provider = oauth.provider.trim();
-    if (provider.length === 0) {
-        return { valid: false, reason: "OAuth provider cannot be empty" };
-    }
-    if (provider.length > 50) {
-        return {
-            valid: false,
-            reason: "OAuth provider must be 50 characters or less",
-        };
-    }
-    // Provider format: alphanumeric, hyphens, underscores, dots (e.g., "google", "microsoft", "github", "custom-provider")
-    const providerPattern = /^[a-zA-Z0-9._-]+$/;
-    if (!providerPattern.test(provider)) {
-        return {
-            valid: false,
-            reason: `OAuth provider must match pattern [a-zA-Z0-9._-]: "${provider}"`,
-        };
-    }
-    // Validate subject
-    if (!oauth.subject || typeof oauth.subject !== "string") {
-        return {
-            valid: false,
-            reason: "OAuth subject is required and must be a string",
-        };
-    }
-    const subject = oauth.subject.trim();
-    if (subject.length === 0) {
-        return { valid: false, reason: "OAuth subject cannot be empty" };
-    }
-    if (subject.length > 255) {
-        return {
-            valid: false,
-            reason: "OAuth subject must be 255 characters or less",
-        };
-    }
-    // Subject format: non-empty, reasonable characters (allows most Unicode, but prevents control chars)
-    // OAuth subjects can be numeric IDs, email-like strings, or other identifiers
-    const subjectPattern = /^[\S]+$/; // At least one non-whitespace character
-    if (!subjectPattern.test(subject)) {
-        return {
-            valid: false,
-            reason: `OAuth subject contains invalid characters: "${subject.substring(0, 20)}..."`,
-        };
-    }
-    // Validate optional email if present
-    if (oauth.email !== undefined) {
-        if (typeof oauth.email !== "string") {
-            return {
-                valid: false,
-                reason: "OAuth email must be a string if provided",
-            };
-        }
-        const email = oauth.email.trim();
-        if (email.length > 0) {
-            // Basic email format validation
-            const emailPattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-            if (!emailPattern.test(email)) {
-                return {
-                    valid: false,
-                    reason: `OAuth email format invalid: "${email}"`,
-                };
-            }
-            if (email.length > 255) {
-                return {
-                    valid: false,
-                    reason: "OAuth email must be 255 characters or less",
-                };
-            }
-        }
-    }
-    // Validate optional name if present
-    if (oauth.name !== undefined) {
-        if (typeof oauth.name !== "string") {
-            return {
-                valid: false,
-                reason: "OAuth name must be a string if provided",
-            };
-        }
-        if (oauth.name.length > 255) {
-            return {
-                valid: false,
-                reason: "OAuth name must be 255 characters or less",
-            };
-        }
-    }
-    return { valid: true };
-}
-/**
- * Lookup User DID from OAuth identity mapping
- *
- * @param oauthIdentity OAuth identity to lookup
- * @param delegationStorage KV namespace for storage
- * @returns User DID or null if not found
- */
-export async function lookupUserDidFromOAuth(oauthIdentity, delegationStorage) {
-    if (!delegationStorage || !oauthIdentity?.provider || !oauthIdentity?.subject) {
-        return null;
-    }
-    try {
-        const { STORAGE_KEYS } = await import("../constants/storage-keys");
-        const oauthKey = STORAGE_KEYS.oauthIdentity(oauthIdentity.provider, oauthIdentity.subject);
-        const userDid = await delegationStorage.get(oauthKey, "text");
-        if (userDid) {
-            console.log("[OAuth] ✅ Retrieved persistent userDid from OAuth mapping:", {
-                provider: oauthIdentity.provider,
-                userDid: userDid.slice(0, 20) + "...",
-            });
-        }
-        return userDid;
-    }
-    catch (error) {
-        console.warn("[OAuth] Failed to lookup userDid from OAuth mapping:", error);
-        return null;
-    }
-}
-/**
- * Create a redacted OAuth identity for storage (PII protection)
- *
- * @param oauthIdentity Original OAuth identity
- * @returns Redacted identity safe for storage
- */
-export function redactOAuthIdentityForStorage(oauthIdentity) {
-    if (!oauthIdentity) {
-        return undefined;
-    }
-    return {
-        provider: oauthIdentity.provider,
-        subjectHash: oauthIdentity.subject.substring(0, 8), // Redact full subject
-        // Don't store email, name, or full subject for PII protection
-    };
-}
-/**
- * Test if an OAuth cookie value is valid
- * Helper function for testing and debugging
- *
- * @param cookieValue Encoded cookie value
- * @returns true if valid OAuth identity, false otherwise
- */
-export function isValidOAuthCookie(cookieValue) {
-    try {
-        const parsed = JSON.parse(decodeURIComponent(cookieValue));
-        const result = validateOAuthIdentity(parsed);
-        return result.valid;
-    }
-    catch {
-        return false;
-    }
-}
-//# sourceMappingURL=oauth-identity.js.map

package/dist/utils/oauth-identity.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"oauth-identity.js","sourceRoot":"","sources":["../../src/utils/oauth-identity.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAYH;;;;;GAKG;AACH,MAAM,UAAU,+BAA+B,CAAC,OAAgB;IAC9D,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC;QAE/B,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC9D,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,CAAC;QACzE,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,wEAAwE;QACxE,mFAAmF;QACnF,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC7C,IAAI,WAAW,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,MAAM,WAAW,GAAG,WAAW,CAAC,SAAS,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAC;QAE3D,yDAAyD;QACzD,MAAM,gBAAgB,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACvD,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CACV,8CAA8C,EAC9C,gBAAgB,CAAC,MAAM,EACvB,EAAE,MAAM,EAAE,CACX,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,MAAuB,CAAC;IACjC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CACV,wDAAwD,EACxD,KAAK,CACN,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAiB;IACrD,iCAAiC;IACjC,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC9C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,kCAAkC,EAAE,CAAC;IACtE,CAAC;IAED,MAAM,KAAK,GAAG,QAAmC,CAAC;IAElD,oBAAoB;IACpB,IAAI,CAAC,KAAK,CAAC,QAAQ,IAAI,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1D,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,iDAAiD;SAC1D,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAC;IACpE,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACzB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,8CAA8C;SACvD,CAAC;IACJ,CAAC;IAED,uHAAuH;IACvH,MAAM,eAAe,GAAG,mBAAmB,CAAC;IAC5C,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,sDAAsD,QAAQ,GAAG;SAC1E,CAAC;IACJ,CAAC;IAED,mBAAmB;IACnB,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QACxD,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,gDAAgD;SACzD,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IACrC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;IACnE,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACzB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,8CAA8C;SACvD,CAAC;IACJ,CAAC;IAED,qGAAqG;IACrG,8EAA8E;IAC9E,MAAM,cAAc,GAAG,SAAS,CAAC,CAAC,wCAAwC;IAC1E,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,+CAA+C,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM;SACtF,CAAC;IACJ,CAAC;IAED,qCAAqC;IACrC,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC9B,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YACpC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,0CAA0C;aACnD,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QACjC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,gCAAgC;YAChC,MAAM,YAAY,GAAG,4BAA4B,CAAC;YAClD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC9B,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,gCAAgC,KAAK,GAAG;iBACjD,CAAC;YACJ,CAAC;YAED,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;gBACvB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,4CAA4C;iBACrD,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,oCAAoC;IACpC,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC7B,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,yCAAyC;aAClD,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YAC5B,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,2CAA2C;aACpD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,aAA4B,EAC5B,iBAAsB;IAEtB,IAAI,CAAC,iBAAiB,IAAI,CAAC,aAAa,EAAE,QAAQ,IAAI,CAAC,aAAa,EAAE,OAAO,EAAE,CAAC;QAC9E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,YAAY,CAAC,aAAa,CACzC,aAAa,CAAC,QAAQ,EACtB,aAAa,CAAC,OAAO,CACtB,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAE9D,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,CAAC,GAAG,CACT,4DAA4D,EAC5D;gBACE,QAAQ,EAAE,aAAa,CAAC,QAAQ;gBAChC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;aACtC,CACF,CAAC;QACJ,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CACV,sDAAsD,EACtD,KAAK,CACN,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,6BAA6B,CAAC,aAAmC;IAC/E,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,aAAa,CAAC,QAAQ;QAChC,WAAW,EAAE,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,sBAAsB;QAC1E,8DAA8D;KAC/D,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,WAAmB;IACpD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAC7C,OAAO,MAAM,CAAC,KAAK,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}