npm - @kya-os/mcp-i-cloudflare - Versions diffs - 1.6.62 → 1.7.0 - Mend

@kya-os/mcp-i-cloudflare 1.6.62 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (83) hide show

package/dist/services/consent-templates/modes/otp.template.js ADDED Viewed

@@ -0,0 +1,311 @@
+/**
+ * OTP Template
+ *
+ * One-Time Password authentication via SMS/email.
+ *
+ * @module consent-templates/modes/otp
+ */
+import { BaseConsentTemplate } from "../base/base-template";
+import { renderInput, renderFullWidthButton, renderErrorContainer, } from "../base/components";
+import { escapeJs, escapeHtml } from "../base/escape";
+/**
+ * OTP Template
+ *
+ * Renders a two-step OTP flow:
+ * 1. Phone/email input to request code
+ * 2. Code input to verify
+ */
+export class OTPTemplate extends BaseConsentTemplate {
+    get authMode() {
+        return "otp";
+    }
+    get otpConfig() {
+        return this.config.modeConfig?.otp;
+    }
+    renderAuthContent() {
+        const config = this.otpConfig;
+        const digits = config?.digits || 6;
+        return `
+      <div id="otp-request-container">
+        <form id="otp-request-form" class="space-y-4">
+          ${this.renderPhoneField(config)}
+          ${renderErrorContainer("otp-request-error")}
+          ${renderFullWidthButton("Send verification code", "submit")}
+        </form>
+      </div>
+      <div id="otp-verify-container" class="hidden">
+        <form id="otp-verify-form" class="space-y-4">
+          <div class="text-center mb-4">
+            <p class="text-sm text-gray-600">
+              ${escapeHtml(config?.instructions || `Enter the ${digits}-digit code sent to your phone`)}
+            </p>
+          </div>
+          <div class="flex justify-center gap-2" id="otp-inputs">
+            ${this.renderOTPInputs(digits)}
+          </div>
+          ${renderErrorContainer("otp-verify-error")}
+          ${renderFullWidthButton("Verify", "submit")}
+          <div class="text-center">
+            <button type="button" id="resend-otp" class="text-sm link-primary disabled:opacity-50">
+              Resend code
+            </button>
+          </div>
+        </form>
+      </div>
+    `;
+    }
+    /**
+     * Render phone/email input field.
+     */
+    renderPhoneField(config) {
+        return renderInput("tel", "phone", config?.phoneLabel || "Phone number", config?.phonePlaceholder || "+1 (555) 123-4567", true, "tel");
+    }
+    /**
+     * Render OTP digit input boxes.
+     */
+    renderOTPInputs(digits) {
+        const inputs = [];
+        for (let i = 0; i < digits; i++) {
+            inputs.push(`
+        <input type="text" inputmode="numeric" pattern="[0-9]" maxlength="1"
+               class="w-12 h-14 text-center text-2xl font-bold border border-gray-300 rounded-lg shadow-sm focus-primary"
+               data-otp-index="${i}"
+               autocomplete="one-time-code" />
+      `);
+        }
+        return inputs.join("");
+    }
+    /**
+     * Override action buttons - form has its own submit.
+     */
+    renderActionButtons() {
+        return "";
+    }
+    renderModeScript() {
+        const serverUrl = escapeJs(this.config.serverUrl);
+        const projectId = escapeJs(this.config.projectId);
+        const sessionId = escapeJs(this.config.sessionId);
+        const agentDid = escapeJs(this.config.agentDid);
+        const tool = escapeJs(this.config.tool);
+        const scopes = JSON.stringify(this.config.scopes);
+        const digits = this.otpConfig?.digits || 6;
+        const resendCooldown = this.otpConfig?.resendCooldown || 60;
+        return `
+<script>
+(function() {
+  const requestContainer = document.getElementById('otp-request-container');
+  const verifyContainer = document.getElementById('otp-verify-container');
+  const requestForm = document.getElementById('otp-request-form');
+  const verifyForm = document.getElementById('otp-verify-form');
+  const resendBtn = document.getElementById('resend-otp');
+  const otpInputs = document.querySelectorAll('[data-otp-index]');
+  const serverUrl = ${serverUrl};
+  const digits = ${digits};
+  const cooldown = ${resendCooldown};
+  let lastPhone = '';
+  let verificationId = '';
+  function getError(id) {
+    const container = document.getElementById(id);
+    return { container, div: container?.querySelector('div') };
+  }
+  function showError(id, message) {
+    const { container, div } = getError(id);
+    if (div) {
+      div.textContent = message;
+      container.classList.remove('hidden');
+    }
+  }
+  function hideError(id) {
+    const { container } = getError(id);
+    if (container) container.classList.add('hidden');
+  }
+  // OTP input auto-focus behavior
+  otpInputs.forEach((input, idx) => {
+    input.addEventListener('input', (e) => {
+      const value = e.target.value;
+      if (value && idx < otpInputs.length - 1) {
+        otpInputs[idx + 1].focus();
+      }
+    });
+    input.addEventListener('keydown', (e) => {
+      if (e.key === 'Backspace' && !e.target.value && idx > 0) {
+        otpInputs[idx - 1].focus();
+      }
+    });
+    input.addEventListener('paste', (e) => {
+      e.preventDefault();
+      const paste = (e.clipboardData || window.clipboardData).getData('text');
+      const chars = paste.replace(/\\D/g, '').slice(0, digits).split('');
+      chars.forEach((char, i) => {
+        if (otpInputs[i]) otpInputs[i].value = char;
+      });
+      if (chars.length > 0 && otpInputs[chars.length - 1]) {
+        otpInputs[chars.length - 1].focus();
+      }
+    });
+  });
+  // Request OTP
+  requestForm?.addEventListener('submit', async (e) => {
+    e.preventDefault();
+    hideError('otp-request-error');
+    const button = requestForm.querySelector('button[type="submit"]');
+    const phoneInput = requestForm.querySelector('input[name="phone"]');
+    lastPhone = phoneInput.value;
+    button.disabled = true;
+    button.textContent = 'Sending...';
+    try {
+      const response = await fetch(serverUrl + '/consent/otp/request', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          phone: lastPhone,
+          tool: ${tool},
+          scopes: ${scopes},
+          agent_did: ${agentDid},
+          session_id: ${sessionId},
+          project_id: ${projectId},
+        })
+      });
+      const result = await response.json();
+      if (result.success) {
+        verificationId = result.verificationId || '';
+        requestContainer.classList.add('hidden');
+        verifyContainer.classList.remove('hidden');
+        otpInputs[0]?.focus();
+        startResendCooldown();
+      } else {
+        showError('otp-request-error', result.error || 'Failed to send code');
+        button.disabled = false;
+        button.textContent = 'Send verification code';
+      }
+    } catch (err) {
+      showError('otp-request-error', 'Network error. Please try again.');
+      button.disabled = false;
+      button.textContent = 'Send verification code';
+    }
+  });
+  // Verify OTP
+  verifyForm?.addEventListener('submit', async (e) => {
+    e.preventDefault();
+    hideError('otp-verify-error');
+    const button = verifyForm.querySelector('button[type="submit"]');
+    const code = Array.from(otpInputs).map(i => i.value).join('');
+    if (code.length !== digits) {
+      showError('otp-verify-error', 'Please enter the full code');
+      return;
+    }
+    button.disabled = true;
+    button.textContent = 'Verifying...';
+    try {
+      const response = await fetch(serverUrl + '/consent/otp/verify', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          phone: lastPhone,
+          code: code,
+          verification_id: verificationId,
+          tool: ${tool},
+          scopes: ${scopes},
+          agent_did: ${agentDid},
+          session_id: ${sessionId},
+          project_id: ${projectId},
+        })
+      });
+      const result = await response.json();
+      if (result.success) {
+        button.textContent = 'Success!';
+        button.style.backgroundColor = '#10B981';
+        if (result.redirectUrl) {
+          window.location.href = result.redirectUrl;
+        } else if (result.delegation_id) {
+          window.location.href = serverUrl + '/consent/success?delegation_id=' +
+            encodeURIComponent(result.delegation_id) +
+            '&project_id=' + encodeURIComponent(${projectId});
+        }
+      } else {
+        showError('otp-verify-error', result.error || 'Invalid code');
+        button.disabled = false;
+        button.textContent = 'Verify';
+      }
+    } catch (err) {
+      showError('otp-verify-error', 'Network error. Please try again.');
+      button.disabled = false;
+      button.textContent = 'Verify';
+    }
+  });
+  // Resend cooldown
+  function startResendCooldown() {
+    resendBtn.disabled = true;
+    let remaining = cooldown;
+    resendBtn.textContent = 'Resend code (' + remaining + 's)';
+    const timer = setInterval(() => {
+      remaining--;
+      if (remaining <= 0) {
+        clearInterval(timer);
+        resendBtn.disabled = false;
+        resendBtn.textContent = 'Resend code';
+      } else {
+        resendBtn.textContent = 'Resend code (' + remaining + 's)';
+      }
+    }, 1000);
+  }
+  resendBtn?.addEventListener('click', async () => {
+    if (resendBtn.disabled) return;
+    resendBtn.disabled = true;
+    try {
+      const response = await fetch(serverUrl + '/consent/otp/request', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          phone: lastPhone,
+          tool: ${tool},
+          scopes: ${scopes},
+          agent_did: ${agentDid},
+          session_id: ${sessionId},
+          project_id: ${projectId},
+        })
+      });
+      const result = await response.json();
+      if (result.success) {
+        verificationId = result.verificationId || verificationId;
+        startResendCooldown();
+      } else {
+        resendBtn.disabled = false;
+        alert(result.error || 'Failed to resend');
+      }
+    } catch (err) {
+      resendBtn.disabled = false;
+      alert('Network error');
+    }
+  });
+})();
+</script>`;
+    }
+}
+//# sourceMappingURL=otp.template.js.map

package/dist/services/consent-templates/modes/otp.template.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"otp.template.js","sourceRoot":"","sources":["../../../../src/services/consent-templates/modes/otp.template.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EACL,WAAW,EACX,qBAAqB,EACrB,oBAAoB,GACrB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAGtD;;;;;;GAMG;AACH,MAAM,OAAO,WAAY,SAAQ,mBAAmB;IAClD,IAAI,QAAQ;QACV,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAY,SAAS;QACnB,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,CAAC;IACrC,CAAC;IAED,iBAAiB;QACf,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC;QAC9B,MAAM,MAAM,GAAG,MAAM,EAAE,MAAM,IAAI,CAAC,CAAC;QAEnC,OAAO;;;YAGC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;YAC7B,oBAAoB,CAAC,mBAAmB,CAAC;YACzC,qBAAqB,CAAC,wBAAwB,EAAE,QAAQ,CAAC;;;;;;;gBAOrD,UAAU,CAAC,MAAM,EAAE,YAAY,IAAI,aAAa,MAAM,gCAAgC,CAAC;;;;cAIzF,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;;YAE9B,oBAAoB,CAAC,kBAAkB,CAAC;YACxC,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,CAAC;;;;;;;;KAQhD,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,MAAkB;QACzC,OAAO,WAAW,CAChB,KAAK,EACL,OAAO,EACP,MAAM,EAAE,UAAU,IAAI,cAAc,EACpC,MAAM,EAAE,gBAAgB,IAAI,mBAAmB,EAC/C,IAAI,EACJ,KAAK,CACN,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,MAAc;QACpC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChC,MAAM,CAAC,IAAI,CAAC;;;iCAGe,CAAC;;OAE3B,CAAC,CAAC;QACL,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzB,CAAC;IAED;;OAEG;IACO,mBAAmB;QAC3B,OAAO,EAAE,CAAC;IACZ,CAAC;IAES,gBAAgB;QACxB,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAChD,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,MAAM,IAAI,CAAC,CAAC;QAC3C,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,EAAE,cAAc,IAAI,EAAE,CAAC;QAE5D,OAAO;;;;;;;;;;sBAUW,SAAS;mBACZ,MAAM;qBACJ,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAoEjB,IAAI;oBACF,MAAM;uBACH,QAAQ;wBACP,SAAS;wBACT,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAgDf,IAAI;oBACF,MAAM;uBACH,QAAQ;wBACP,SAAS;wBACT,SAAS;;;;;;;;;;;;;;;kDAeiB,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBA0CzC,IAAI;oBACF,MAAM;uBACH,QAAQ;wBACP,SAAS;wBACT,SAAS;;;;;;;;;;;;;;;;;;UAkBvB,CAAC;IACT,CAAC;CACF"}

package/dist/services/consent-templates/registry.d.ts ADDED Viewed

@@ -0,0 +1,61 @@
+/**
+ * Template Registry
+ *
+ * Central registry for consent page templates.
+ * Provides factory methods for creating templates by auth mode.
+ *
+ * @module consent-templates/registry
+ */
+import { BaseConsentTemplate } from "./base/base-template";
+import type { AuthMode, ExtendedConsentPageConfig, ConsentConfigWithMeta } from "./types";
+import type { ConsentPageConfig } from "@kya-os/contracts/consent";
+/**
+ * Get a template instance for the specified auth mode.
+ *
+ * @param authMode - The authentication mode
+ * @param config - Extended page config with mode-specific settings
+ * @param remoteConfig - Remote consent configuration from AgentShield
+ * @returns Template instance ready to render
+ */
+export declare function getTemplateForMode(authMode: AuthMode, config: ExtendedConsentPageConfig, remoteConfig?: ConsentConfigWithMeta): BaseConsentTemplate;
+/**
+ * Determine the auth mode from config.
+ *
+ * @param config - Page config with optional OAuth settings
+ * @returns Detected auth mode
+ */
+export declare function detectAuthMode(config: ConsentPageConfig): AuthMode;
+/**
+ * Check if an auth mode is valid.
+ *
+ * @param mode - Mode string to check
+ * @returns True if valid auth mode
+ */
+export declare function isValidAuthMode(mode: string): mode is AuthMode;
+/**
+ * Get all registered auth modes.
+ *
+ * @returns Array of auth mode identifiers
+ */
+export declare function getRegisteredModes(): AuthMode[];
+/**
+ * Render a consent page for the given config.
+ *
+ * This is the main entry point for rendering consent pages.
+ *
+ * @param config - Extended page config
+ * @param remoteConfig - Remote consent configuration from AgentShield
+ * @param authMode - Optional explicit auth mode (auto-detected if not provided)
+ * @returns Rendered HTML string
+ */
+export declare function renderConsentPage(config: ExtendedConsentPageConfig, remoteConfig?: ConsentConfigWithMeta, authMode?: AuthMode): string;
+/**
+ * Render an OAuth consent page with pre-configured OAuth URL.
+ *
+ * @param config - Extended page config
+ * @param oauthUrl - OAuth authorization URL
+ * @param remoteConfig - Remote consent configuration from AgentShield
+ * @returns Rendered HTML string
+ */
+export declare function renderOAuthConsentPage(config: ExtendedConsentPageConfig, oauthUrl: string, remoteConfig?: ConsentConfigWithMeta): string;
+//# sourceMappingURL=registry.d.ts.map

package/dist/services/consent-templates/registry.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../../src/services/consent-templates/registry.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAS3D,OAAO,KAAK,EACV,QAAQ,EAER,yBAAyB,EACzB,qBAAqB,EAEtB,MAAM,SAAS,CAAC;AACjB,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAqBnE;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,QAAQ,EAClB,MAAM,EAAE,yBAAyB,EACjC,YAAY,CAAC,EAAE,qBAAqB,GACnC,mBAAmB,CAyBrB;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,iBAAiB,GAAG,QAAQ,CAkClE;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,IAAI,QAAQ,CAQ9D;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,IAAI,QAAQ,EAAE,CAE/C;AAED;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,yBAAyB,EACjC,YAAY,CAAC,EAAE,qBAAqB,EACpC,QAAQ,CAAC,EAAE,QAAQ,GAClB,MAAM,CAIR;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,yBAAyB,EACjC,QAAQ,EAAE,MAAM,EAChB,YAAY,CAAC,EAAE,qBAAqB,GACnC,MAAM,CAOR"}

package/dist/services/consent-templates/registry.js ADDED Viewed

@@ -0,0 +1,136 @@
+/**
+ * Template Registry
+ *
+ * Central registry for consent page templates.
+ * Provides factory methods for creating templates by auth mode.
+ *
+ * @module consent-templates/registry
+ */
+import { ConsentOnlyTemplate, CredentialsTemplate, OAuthTemplate, MagicLinkTemplate, OTPTemplate, } from "./modes";
+import { resolveConsentConfig, getDefaultConsentConfig } from "./helpers";
+/**
+ * Template registry mapping auth modes to their templates.
+ */
+const TEMPLATE_REGISTRY = {
+    "consent-only": ConsentOnlyTemplate,
+    credentials: CredentialsTemplate,
+    oauth: OAuthTemplate,
+    "magic-link": MagicLinkTemplate,
+    otp: OTPTemplate,
+};
+/**
+ * Get a template instance for the specified auth mode.
+ *
+ * @param authMode - The authentication mode
+ * @param config - Extended page config with mode-specific settings
+ * @param remoteConfig - Remote consent configuration from AgentShield
+ * @returns Template instance ready to render
+ */
+export function getTemplateForMode(authMode, config, remoteConfig) {
+    const TemplateClass = TEMPLATE_REGISTRY[authMode];
+    if (!TemplateClass) {
+        // Fallback to consent-only for unknown modes
+        console.warn(`Unknown auth mode: ${authMode}, falling back to consent-only`);
+        return getTemplateForMode("consent-only", config, remoteConfig);
+    }
+    // Resolve config values
+    const mergedRemoteConfig = remoteConfig || getDefaultConsentConfig();
+    const resolved = resolveConsentConfig(mergedRemoteConfig, config.tool);
+    // Special handling for credentials template to pass remote credentials config
+    if (authMode === "credentials") {
+        return new CredentialsTemplate(config, resolved, mergedRemoteConfig.credentials);
+    }
+    return new TemplateClass(config, resolved);
+}
+/**
+ * Determine the auth mode from config.
+ *
+ * @param config - Page config with optional OAuth settings
+ * @returns Detected auth mode
+ */
+export function detectAuthMode(config) {
+    // Check for OAuth requirement
+    if (config.oauthRequired || config.oauthUrl) {
+        return "oauth";
+    }
+    // Check for provider hint
+    if (config.provider) {
+        const provider = config.provider.toLowerCase();
+        // Credentials provider uses form-based auth, not OAuth
+        if (provider === "credentials") {
+            return "credentials";
+        }
+        if (provider.includes("oauth") ||
+            ["github", "google", "microsoft", "slack", "auth0"].includes(provider)) {
+            return "oauth";
+        }
+    }
+    // Check mode config
+    const modeConfig = config.modeConfig;
+    if (modeConfig) {
+        if (modeConfig.oauth)
+            return "oauth";
+        if (modeConfig.credentials)
+            return "credentials";
+        if (modeConfig.magicLink?.enabled)
+            return "magic-link";
+        if (modeConfig.otp?.enabled)
+            return "otp";
+    }
+    // Default to consent-only
+    return "consent-only";
+}
+/**
+ * Check if an auth mode is valid.
+ *
+ * @param mode - Mode string to check
+ * @returns True if valid auth mode
+ */
+export function isValidAuthMode(mode) {
+    return Object.values({
+        CONSENT_ONLY: "consent-only",
+        CREDENTIALS: "credentials",
+        OAUTH: "oauth",
+        MAGIC_LINK: "magic-link",
+        OTP: "otp",
+    }).includes(mode);
+}
+/**
+ * Get all registered auth modes.
+ *
+ * @returns Array of auth mode identifiers
+ */
+export function getRegisteredModes() {
+    return Object.keys(TEMPLATE_REGISTRY);
+}
+/**
+ * Render a consent page for the given config.
+ *
+ * This is the main entry point for rendering consent pages.
+ *
+ * @param config - Extended page config
+ * @param remoteConfig - Remote consent configuration from AgentShield
+ * @param authMode - Optional explicit auth mode (auto-detected if not provided)
+ * @returns Rendered HTML string
+ */
+export function renderConsentPage(config, remoteConfig, authMode) {
+    const mode = authMode || detectAuthMode(config);
+    const template = getTemplateForMode(mode, config, remoteConfig);
+    return template.render();
+}
+/**
+ * Render an OAuth consent page with pre-configured OAuth URL.
+ *
+ * @param config - Extended page config
+ * @param oauthUrl - OAuth authorization URL
+ * @param remoteConfig - Remote consent configuration from AgentShield
+ * @returns Rendered HTML string
+ */
+export function renderOAuthConsentPage(config, oauthUrl, remoteConfig) {
+    const mergedRemoteConfig = remoteConfig || getDefaultConsentConfig();
+    const resolved = resolveConsentConfig(mergedRemoteConfig, config.tool);
+    const template = new OAuthTemplate(config, resolved);
+    template.setOAuthUrl(oauthUrl);
+    return template.render();
+}
+//# sourceMappingURL=registry.js.map

package/dist/services/consent-templates/registry.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"registry.js","sourceRoot":"","sources":["../../../src/services/consent-templates/registry.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,aAAa,EACb,iBAAiB,EACjB,WAAW,GACZ,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,oBAAoB,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC;AAkB1E;;GAEG;AACH,MAAM,iBAAiB,GAA0C;IAC/D,cAAc,EAAE,mBAAmB;IACnC,WAAW,EAAE,mBAAmB;IAChC,KAAK,EAAE,aAAa;IACpB,YAAY,EAAE,iBAAiB;IAC/B,GAAG,EAAE,WAAW;CACjB,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,UAAU,kBAAkB,CAChC,QAAkB,EAClB,MAAiC,EACjC,YAAoC;IAEpC,MAAM,aAAa,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAElD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,6CAA6C;QAC7C,OAAO,CAAC,IAAI,CACV,sBAAsB,QAAQ,gCAAgC,CAC/D,CAAC;QACF,OAAO,kBAAkB,CAAC,cAAc,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IAClE,CAAC;IAED,wBAAwB;IACxB,MAAM,kBAAkB,GAAG,YAAY,IAAI,uBAAuB,EAAE,CAAC;IACrE,MAAM,QAAQ,GAAG,oBAAoB,CAAC,kBAAkB,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAEvE,8EAA8E;IAC9E,IAAI,QAAQ,KAAK,aAAa,EAAE,CAAC;QAC/B,OAAO,IAAI,mBAAmB,CAC5B,MAAM,EACN,QAAQ,EACR,kBAAkB,CAAC,WAAW,CAC/B,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,MAAyB;IACtD,8BAA8B;IAC9B,IAAK,MAAc,CAAC,aAAa,IAAK,MAAc,CAAC,QAAQ,EAAE,CAAC;QAC9D,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,0BAA0B;IAC1B,IAAK,MAAc,CAAC,QAAQ,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAI,MAAc,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAExD,uDAAuD;QACvD,IAAI,QAAQ,KAAK,aAAa,EAAE,CAAC;YAC/B,OAAO,aAAa,CAAC;QACvB,CAAC;QAED,IACE,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC;YAC1B,CAAC,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EACtE,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,MAAM,UAAU,GAAI,MAAoC,CAAC,UAAU,CAAC;IACpE,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,UAAU,CAAC,KAAK;YAAE,OAAO,OAAO,CAAC;QACrC,IAAI,UAAU,CAAC,WAAW;YAAE,OAAO,aAAa,CAAC;QACjD,IAAI,UAAU,CAAC,SAAS,EAAE,OAAO;YAAE,OAAO,YAAY,CAAC;QACvD,IAAI,UAAU,CAAC,GAAG,EAAE,OAAO;YAAE,OAAO,KAAK,CAAC;IAC5C,CAAC;IAED,0BAA0B;IAC1B,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,OAAO,MAAM,CAAC,MAAM,CAAC;QACnB,YAAY,EAAE,cAAc;QAC5B,WAAW,EAAE,aAAa;QAC1B,KAAK,EAAE,OAAO;QACd,UAAU,EAAE,YAAY;QACxB,GAAG,EAAE,KAAK;KACU,CAAC,CAAC,QAAQ,CAAC,IAAgB,CAAC,CAAC;AACrD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB;IAChC,OAAO,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAe,CAAC;AACtD,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAC/B,MAAiC,EACjC,YAAoC,EACpC,QAAmB;IAEnB,MAAM,IAAI,GAAG,QAAQ,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IAChE,OAAO,QAAQ,CAAC,MAAM,EAAE,CAAC;AAC3B,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CACpC,MAAiC,EACjC,QAAgB,EAChB,YAAoC;IAEpC,MAAM,kBAAkB,GAAG,YAAY,IAAI,uBAAuB,EAAE,CAAC;IACrE,MAAM,QAAQ,GAAG,oBAAoB,CAAC,kBAAkB,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAG,IAAI,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACrD,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC/B,OAAO,QAAQ,CAAC,MAAM,EAAE,CAAC;AAC3B,CAAC"}

package/dist/services/consent-templates/template-renderer.d.ts ADDED Viewed

@@ -0,0 +1,118 @@
+/**
+ * Template-Based Consent Page Renderer
+ *
+ * Adapter that provides the same interface as ConsentPageRenderer
+ * but uses the new modular template system internally.
+ *
+ * Now supports CSR (Client-Side Rendering) mode using @kya-os/consent
+ * Lit Web Components for pixel-perfect AgentShield parity.
+ *
+ * @module consent-templates/template-renderer
+ */
+import type { ConsentPageConfig, OAuthIdentity } from "@kya-os/contracts/consent";
+import type { CredentialProviderConfig } from "@kya-os/contracts/config";
+/**
+ * Template-based consent page renderer.
+ *
+ * Drop-in replacement for ConsentPageRenderer that uses the new
+ * modular template system with pixel-perfect AgentShield parity.
+ *
+ * Supports two rendering modes:
+ * - SSR (Server-Side Rendering) - Default, renders full HTML on server
+ * - CSR (Client-Side Rendering) - Serves HTML shell, Lit renders in browser
+ */
+export declare class TemplateRenderer {
+    private useCSR;
+    private bundlePath;
+    constructor(options?: {
+        useCSR?: boolean;
+        bundlePath?: string;
+    });
+    /**
+     * Render consent page HTML.
+     *
+     * If CSR mode is enabled, generates a minimal HTML shell that loads
+     * the @kya-os/consent Lit components. Otherwise, uses SSR templates.
+     *
+     * @param config - Consent page configuration
+     * @param oauthIdentity - Optional OAuth identity from cookie
+     * @returns HTML string
+     */
+    render(config: ConsentPageConfig & {
+        oauthRequired?: boolean;
+        oauthUrl?: string;
+    }, oauthIdentity?: OAuthIdentity): string;
+    /**
+     * Render consent page using Client-Side Rendering (CSR).
+     *
+     * Generates a minimal HTML shell that:
+     * 1. Loads the bundled consent.js from @kya-os/consent
+     * 2. Renders the <mcp-consent> Lit Web Component
+     * 3. Provides a loading skeleton while JS loads
+     * 4. Falls back to basic form for no-JS users
+     *
+     * @param config - Consent page configuration
+     * @param oauthIdentity - Optional OAuth identity from cookie
+     * @returns HTML string
+     */
+    private renderCSR;
+    /**
+     * Render credential login page.
+     *
+     * @param config - Consent page configuration
+     * @param credentialConfig - Credential provider configuration
+     * @param provider - Provider name
+     * @param csrfToken - CSRF token for form security
+     * @returns HTML string
+     */
+    renderCredentialPage(config: ConsentPageConfig, credentialConfig: CredentialProviderConfig, provider: string, csrfToken: string): string;
+    /**
+     * Render credential login page using CSR (Client-Side Rendering).
+     *
+     * @param config - Consent page configuration
+     * @param credentialConfig - Credential provider configuration
+     * @param provider - Provider name
+     * @returns HTML string
+     */
+    private renderCredentialPageCSR;
+    /**
+     * Render success page after consent approval.
+     * (Legacy signature for backward compatibility)
+     *
+     * @param options - Success page options
+     * @returns HTML string
+     */
+    renderSuccess(options: {
+        delegationId: string;
+        autoClose?: boolean;
+    }): string;
+    /**
+     * Render success page after consent approval.
+     *
+     * @param delegationId - The created delegation ID
+     * @param projectId - Project ID
+     * @param autoClose - Whether to auto-close the window
+     * @returns HTML string
+     */
+    renderSuccessPage(delegationId: string, projectId: string, autoClose?: boolean): string;
+    /**
+     * Build ExtendedConsentPageConfig from ConsentPageConfig.
+     */
+    private buildExtendedConfig;
+    /**
+     * Build ConsentConfigWithMeta from page config's branding/terms/ui.
+     */
+    private buildRemoteConfig;
+}
+/**
+ * Factory function for creating a template renderer.
+ *
+ * @param options - Optional configuration for CSR mode
+ * @param options.useCSR - Enable Client-Side Rendering (default: false)
+ * @param options.bundlePath - Path to consent.js bundle (default: '/consent.js')
+ */
+export declare function createTemplateRenderer(options?: {
+    useCSR?: boolean;
+    bundlePath?: string;
+}): TemplateRenderer;
+//# sourceMappingURL=template-renderer.d.ts.map

package/dist/services/consent-templates/template-renderer.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"template-renderer.d.ts","sourceRoot":"","sources":["../../../src/services/consent-templates/template-renderer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAYH,OAAO,KAAK,EACV,iBAAiB,EACjB,aAAa,EACd,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AAazE;;;;;;;;;GASG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAU;IACxB,OAAO,CAAC,UAAU,CAAS;gBAEf,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,OAAO,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE;IAK/D;;;;;;;;;OASG;IACH,MAAM,CACJ,MAAM,EAAE,iBAAiB,GAAG;QAAE,aAAa,CAAC,EAAE,OAAO,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,EAC1E,aAAa,CAAC,EAAE,aAAa,GAC5B,MAAM;IAoCT;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,SAAS;IAuCjB;;;;;;;;OAQG;IACH,oBAAoB,CAClB,MAAM,EAAE,iBAAiB,EACzB,gBAAgB,EAAE,wBAAwB,EAC1C,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,GAChB,MAAM;IA6BT;;;;;;;OAOG;IACH,OAAO,CAAC,uBAAuB;IA6C/B;;;;;;OAMG;IACH,aAAa,CAAC,OAAO,EAAE;QACrB,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,CAAC,EAAE,OAAO,CAAC;KACrB,GAAG,MAAM;IAIV;;;;;;;OAOG;IACH,iBAAiB,CACf,YAAY,EAAE,MAAM,EACpB,SAAS,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,OAAO,GAClB,MAAM;IAsDT;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAqB3B;;OAEG;IACH,OAAO,CAAC,iBAAiB;CAuC1B;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,CAAC,EAAE;IAC/C,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,gBAAgB,CAEnB"}