npm - @kya-os/mcp-i-cloudflare - Versions diffs - 1.6.62 → 1.7.0 - Mend

@kya-os/mcp-i-cloudflare 1.6.62 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (83) hide show

package/dist/services/consent.service.js CHANGED Viewed

@@ -7,7 +7,7 @@
  * Related Spec: MCP-I Phase 0 Implementation Plan, Task B.5
  */
 import { ConsentConfigService } from "./consent-config.service";
-import { ConsentPageRenderer } from "./consent-page-renderer";
+import { TemplateRenderer } from "./consent-templates/template-renderer";
 import { DEFAULT_AGENTSHIELD_URL, DEFAULT_SESSION_CACHE_TTL, KEY_PAIR_TTL_SECONDS, CONSENT_PROVIDER_TYPES, } from "../constants";
 import { STORAGE_KEYS } from "../constants/storage-keys";
 import { loadDay0Config, getDelegationFieldName } from "../utils/day0-config";
@@ -22,6 +22,7 @@ import { ProofService } from "./proof.service";
 import { createCredentialAuthHandler } from "./credential-auth.handler";
 import { IdpTokenStorage } from "./idp-token-storage";
 import { OAuthSecurityService } from "./oauth-security.service";
+import { CONSENT_BUNDLE, CONSENT_BUNDLE_SIZE } from "@kya-os/consent";
 export class ConsentService {
     configService;
     renderer;
@@ -42,7 +43,7 @@ export class ConsentService {
         this.env = env;
         this.runtime = runtime;
         this.configService = new ConsentConfigService(env);
-        this.renderer = new ConsentPageRenderer();
+        this.renderer = new TemplateRenderer({ useCSR: true });
         this.providerResolver = providerResolver;
         this.providerRegistry = providerRegistry;
         // No initialization here - keep constructor synchronous
@@ -1231,6 +1232,10 @@ export class ConsentService {
      */
     async handle(request) {
         const url = new URL(request.url);
+        // GET /consent.js - Serve consent bundle for CSR mode
+        if (request.method === "GET" && url.pathname === "/consent.js") {
+            return this.serveConsentBundle();
+        }
         // GET /consent - Render page
         if (request.method === "GET" && url.pathname === "/consent") {
             return this.renderConsentPage(url.searchParams, request);
@@ -1245,6 +1250,28 @@ export class ConsentService {
         }
         return new Response("Method not allowed", { status: 405 });
     }
+    /**
+     * Serve the consent.js bundle for CSR mode
+     *
+     * Returns the bundled Lit Web Components as JavaScript that browsers
+     * can execute to render the <mcp-consent> element.
+     *
+     * @returns JavaScript response with aggressive caching
+     */
+    serveConsentBundle() {
+        return new Response(CONSENT_BUNDLE, {
+            status: 200,
+            headers: {
+                "Content-Type": "application/javascript; charset=utf-8",
+                // Cache for 1 year (bundle is versioned via package version)
+                "Cache-Control": "public, max-age=31536000, immutable",
+                // Add content length for better client handling
+                "Content-Length": CONSENT_BUNDLE_SIZE.toString(),
+                // CORS headers for cross-origin script loading
+                "Access-Control-Allow-Origin": "*",
+            },
+        });
+    }
     /**
      * Render consent page
      *
@@ -1423,7 +1450,12 @@ export class ConsentService {
             }
             let resolvedOAuthUrl;
             let isOAuthRequired = false;
-            if (oauthRequired) {
+            // Skip OAuth flow for credentials provider - credentials uses form-based auth, not OAuth
+            const isCredentialsProvider = provider?.toLowerCase() === "credentials";
+            if (isCredentialsProvider && oauthRequired) {
+                console.error("[ConsentService] Credentials provider detected - skipping OAuth flow, will render credential form", { provider, projectId, tool });
+            }
+            if (oauthRequired && !isCredentialsProvider) {
                 // OAuth is required - redirect to OAuth provider instead of showing consent page
                 // Note: oauthSecurityService is optional - if not provided, falls back to insecure encoding
                 const oauthSecurityService = this.env.DELEGATION_STORAGE
@@ -1470,6 +1502,7 @@ export class ConsentService {
                 });
             }
             // Build consent page config
+            // ✅ CRITICAL: Pass the FULL consent config (ui, credentials, etc.) not just branding/terms
             // Type assertion to handle updated schema before rebuild
             const pageConfig = {
                 tool,
@@ -1481,9 +1514,19 @@ export class ConsentService {
                 serverUrl,
                 provider, // Phase 2: Include provider if resolved
                 branding: consentConfig.branding,
-                terms: consentConfig.terms,
+                // ✅ Ensure terms.required has a default value (contracts requires boolean, not boolean | undefined)
+                terms: consentConfig.terms ? {
+                    ...consentConfig.terms,
+                    required: consentConfig.terms.required ?? true,
+                } : undefined,
                 customFields: consentConfig.customFields,
-                autoClose: consentConfig.ui?.autoClose,
+                autoClose: consentConfig.ui?.autoClose ?? false,
+                // ✅ FIX: Pass full UI config (title, description, button text, etc.)
+                ui: consentConfig.ui,
+                // ✅ FIX: Pass credentials config (username/password labels, forgot password, etc.)
+                credentials: consentConfig.credentials,
+                // ✅ FIX: Pass expiration days
+                expirationDays: consentConfig.expirationDays,
                 // Pass OAuth details for client-side handling
                 oauthRequired: isOAuthRequired,
                 oauthUrl: resolvedOAuthUrl,
@@ -3362,10 +3405,11 @@ export class ConsentService {
                 agent_did: agent_did,
                 session_id: session_id,
                 project_id: project_id,
+                auth_mode: "credentials",
+                provider_type: CONSENT_PROVIDER_TYPES.CREDENTIAL,
                 termsAccepted: true,
                 user_did: identityResult.userDid,
                 customFields: {
-                    provider_type: CONSENT_PROVIDER_TYPES.CREDENTIAL,
                     provider: provider,
                 },
             };