@kya-os/mcp-i-cloudflare 1.7.5 → 1.7.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/dist/agent.d.ts.map +1 -1
  2. package/dist/agent.js +85 -75
  3. package/dist/agent.js.map +1 -1
  4. package/dist/app.d.ts.map +1 -1
  5. package/dist/app.js +82 -52
  6. package/dist/app.js.map +1 -1
  7. package/dist/index.d.ts.map +1 -1
  8. package/dist/index.js +6 -3
  9. package/dist/index.js.map +1 -1
  10. package/dist/services/provider-loader.service.d.ts +110 -0
  11. package/dist/services/provider-loader.service.d.ts.map +1 -0
  12. package/dist/services/provider-loader.service.js +237 -0
  13. package/dist/services/provider-loader.service.js.map +1 -0
  14. package/package.json +3 -3
package/dist/agent.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"agent.d.ts","sourceRoot":"","sources":["../src/agent.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAEtC,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7C,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAM9C,OAAO,EAUL,KAAK,oBAAoB,EAC1B,MAAM,oBAAoB,CAAC;AAY5B,OAAO,EAEL,KAAK,cAAc,EACpB,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EAEL,KAAK,iBAAiB,EACvB,MAAM,2BAA2B,CAAC;AAanC;;GAEG;AACH,MAAM,WAAW,qBACf,SAAQ,IAAI,CACV,aAAa,EACX,aAAa,GACb,eAAe,GACf,kBAAkB,GAClB,oBAAoB,GACpB,oBAAoB,CACvB;IACD,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,GAAG,MAAM,GAAG,kBAAkB,GAAG,SAAS,CAAC;IACrE,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,aAAa,CAAC,EAAE,WAAW,CAAC;IAC5B,gBAAgB,CAAC,EAAE,WAAW,CAAC;IAC/B,kBAAkB,CAAC,EAAE,WAAW,CAAC;IACjC,kBAAkB,CAAC,EAAE,WAAW,CAAC;CAClC;AAED;;;;;;;;;;;;;;;GAeG;AACH,8BAAsB,mBAAoB,SAAQ,QAAQ;IAGxD,MAAM,EAGA,GAAG,CAAC;IAEV,SAAS,CAAC,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAC1C,SAAS,CAAC,GAAG,EAAE,qBAAqB,CAAC;IACrC,SAAS,CAAC,gBAAgB,EAAE,iBAAiB,CAAC;IAC9C,OAAO,CAAC,YAAY,CAA8C;IAClE,OAAO,CAAC,mBAAmB,CAAC,CAAS;IACrC,OAAO,CAAC,qBAAqB,CAAC,CAAuB;gBAGnD,KAAK,EAAE,kBAAkB,EACzB,GAAG,EAAE,qBAAqB,EAC1B,gBAAgB,GAAE,iBAA2C;IAuF/D;;;;OAIG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ9B;;;OAGG;YACW,uBAAuB;IA6GrC;;;;;;;;;OASG;YACW,wBAAwB;IA6BtC;;;;;;;;;;;;OAYG;YACW,wBAAwB;IAgFtC;;;OAGG;YACW,8BAA8B;IAkG5C;;OAEG;IACG,gBAAgB,IAAI,OAAO,CAC7B;QACE,UAAU,CAAC,EAAE;YACX,IAAI,CAAC,EAAE,MAAM,CAAC;YACd,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,MAAM,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GACD,SAAS,CACZ;IAID;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,cAAc,GAAG,SAAS,CAAC;IAI9D;;;OAGG;IACH,SAAS,CAAC,QAAQ,CAAC,YAAY,IAAI,MAAM;IAEzC;;;OAGG;IACH,SAAS,CAAC,eAAe,IAAI,MAAM;IAInC;;;OAGG;IACH,SAAS,CAAC,YAAY,IAAI,MAAM,GAAG,SAAS;IAI5C;;;;;;;;;;;;;;;;OAgBG;IACH,SAAS,CAAC,uBAAuB,IAAI,oBAAoB,GAAG,SAAS;IAIrE;;;OAGG;IACH,SAAS,CAAC,uBAAuB,CAAC,MAAM,EAAE,oBAAoB,GAAG,IAAI;IAIrE;;;OAGG;IACH,SAAS,CAAC,QAAQ,CAAC,wBAAwB,CACzC,GAAG,EAAE,aAAa,GACjB,uBAAuB;IAE1B;;;OAGG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAqB3B;;;OAGG;IACH,SAAS,CAAC,QAAQ,CAAC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI;IAExD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACH,SAAS,CAAC,qBAAqB,CAAC,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7D,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,GAAG,EAAE,gDAAgD;IAC7D,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,KAAK,OAAO,CAAC,GAAG,CAAC,GACrC,IAAI;IA8FP;;;;;;;;;;OAUG;cACa,oBAAoB,CAClC,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,GAAG,OAAO,EAEjB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,KAAK,EACX,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,CAAC,EAC1C,iBAAiB,CAAC,EAAE,MAAM,GACzB,OAAO,CAAC,OAAO,CAAC;IAukBnB;;;;OAIG;YACW,gBAAgB;IA6R9B;;;;;;OAMG;YACW,qBAAqB;IA4NnC;;;;;;;OAOG;YACW,6BAA6B;IAwD3C;;OAEG;IACH,aAAa,IAAI,MAAM;IA2BvB;;;;;;;;;;;;OAYG;IACG,KAAK,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IA8FhD;;;;;;;;;;;;;;;;OAgBG;IACG,wBAAwB,IAAI,OAAO,CAAC;QACxC,OAAO,EAAE,OAAO,CAAC;QACjB,YAAY,EAAE,OAAO,CAAC;QACtB,eAAe,EAAE,OAAO,CAAC;QACzB,SAAS,EAAE,MAAM,CAAC;QAClB,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CA6GH"}
1
+ {"version":3,"file":"agent.d.ts","sourceRoot":"","sources":["../src/agent.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAEtC,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7C,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAM9C,OAAO,EAUL,KAAK,oBAAoB,EAE1B,MAAM,oBAAoB,CAAC;AAY5B,OAAO,EAEL,KAAK,cAAc,EACpB,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EAEL,KAAK,iBAAiB,EACvB,MAAM,2BAA2B,CAAC;AAcnC;;GAEG;AACH,MAAM,WAAW,qBACf,SAAQ,IAAI,CACV,aAAa,EACX,aAAa,GACb,eAAe,GACf,kBAAkB,GAClB,oBAAoB,GACpB,oBAAoB,CACvB;IACD,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,GAAG,MAAM,GAAG,kBAAkB,GAAG,SAAS,CAAC;IACrE,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,aAAa,CAAC,EAAE,WAAW,CAAC;IAC5B,gBAAgB,CAAC,EAAE,WAAW,CAAC;IAC/B,kBAAkB,CAAC,EAAE,WAAW,CAAC;IACjC,kBAAkB,CAAC,EAAE,WAAW,CAAC;CAClC;AAED;;;;;;;;;;;;;;;GAeG;AACH,8BAAsB,mBAAoB,SAAQ,QAAQ;IAGxD,MAAM,EAGA,GAAG,CAAC;IAEV,SAAS,CAAC,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAC1C,SAAS,CAAC,GAAG,EAAE,qBAAqB,CAAC;IACrC,SAAS,CAAC,gBAAgB,EAAE,iBAAiB,CAAC;IAC9C,OAAO,CAAC,YAAY,CAA8C;IAClE,OAAO,CAAC,mBAAmB,CAAC,CAAS;IACrC,OAAO,CAAC,qBAAqB,CAAC,CAAuB;gBAGnD,KAAK,EAAE,kBAAkB,EACzB,GAAG,EAAE,qBAAqB,EAC1B,gBAAgB,GAAE,iBAA2C;IAuF/D;;;;OAIG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAkB9B;;;OAGG;YACW,uBAAuB;IA6GrC;;;;;;;;;OASG;YACW,wBAAwB;IA6BtC;;;;;;;;;;;;OAYG;YACW,wBAAwB;IAgFtC;;;OAGG;YACW,8BAA8B;IAkG5C;;OAEG;IACG,gBAAgB,IAAI,OAAO,CAC7B;QACE,UAAU,CAAC,EAAE;YACX,IAAI,CAAC,EAAE,MAAM,CAAC;YACd,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,MAAM,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GACD,SAAS,CACZ;IAID;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,cAAc,GAAG,SAAS,CAAC;IAI9D;;;OAGG;IACH,SAAS,CAAC,QAAQ,CAAC,YAAY,IAAI,MAAM;IAEzC;;;OAGG;IACH,SAAS,CAAC,eAAe,IAAI,MAAM;IAInC;;;OAGG;IACH,SAAS,CAAC,YAAY,IAAI,MAAM,GAAG,SAAS;IAI5C;;;;;;;;;;;;;;;;OAgBG;IACH,SAAS,CAAC,uBAAuB,IAAI,oBAAoB,GAAG,SAAS;IAIrE;;;OAGG;IACH,SAAS,CAAC,uBAAuB,CAAC,MAAM,EAAE,oBAAoB,GAAG,IAAI;IAIrE;;;OAGG;IACH,SAAS,CAAC,QAAQ,CAAC,wBAAwB,CACzC,GAAG,EAAE,aAAa,GACjB,uBAAuB;IAE1B;;;OAGG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAqB3B;;;OAGG;IACH,SAAS,CAAC,QAAQ,CAAC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI;IAExD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACH,SAAS,CAAC,qBAAqB,CAAC,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7D,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,GAAG,EAAE,gDAAgD;IAC7D,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,KAAK,OAAO,CAAC,GAAG,CAAC,GACrC,IAAI;IA8FP;;;;;;;;;;OAUG;cACa,oBAAoB,CAClC,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,GAAG,OAAO,EAEjB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,KAAK,EACX,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,CAAC,EAC1C,iBAAiB,CAAC,EAAE,MAAM,GACzB,OAAO,CAAC,OAAO,CAAC;IAukBnB;;;;OAIG;YACW,gBAAgB;IA6R9B;;;;;;OAMG;YACW,qBAAqB;IA4NnC;;;;;;;OAOG;YACW,6BAA6B;IAwD3C;;OAEG;IACH,aAAa,IAAI,MAAM;IA2BvB;;;;;;;;;;;;OAYG;IACG,KAAK,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IA8FhD;;;;;;;;;;;;;;;;OAgBG;IACG,wBAAwB,IAAI,OAAO,CAAC;QACxC,OAAO,EAAE,OAAO,CAAC;QACjB,YAAY,EAAE,OAAO,CAAC;QACtB,eAAe,EAAE,OAAO,CAAC;QACzB,SAAS,EAAE,MAAM,CAAC;QAClB,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CA6GH"}
package/dist/agent.js CHANGED
@@ -12,7 +12,7 @@ import { createCloudflareRuntime } from "./index";
12
12
  import { mapPrefixedEnv } from "./helpers/env-mapper";
13
13
  import { STORAGE_KEYS } from "./constants/storage-keys";
14
14
  import { z } from "zod";
15
- import { OAuthService, IdpTokenResolver, ToolContextBuilder, OAuthRequiredError, DelegationRequiredError, DelegationErrorFormatter, SessionRegistrationService, generateDidKeyFromBase64, } from "@kya-os/mcp-i-core";
15
+ import { OAuthService, IdpTokenResolver, ToolContextBuilder, OAuthRequiredError, DelegationRequiredError, DelegationErrorFormatter, SessionRegistrationService, generateDidKeyFromBase64, logger, } from "@kya-os/mcp-i-core";
16
16
  import { WebCryptoProvider } from "./providers/crypto";
17
17
  // CRITICAL: Import the OAuth service registry - this triggers globalThis registration
18
18
  // at module load time, preventing esbuild from tree-shaking the OAuth services
@@ -30,6 +30,7 @@ import { defaultProviderRegistry, } from "@kya-os/provider-registry";
30
30
  // because the exports are only used inside conditional async code
31
31
  const _oauthRegistryLoaded = isOAuthServicesAvailable();
32
32
  if (!_oauthRegistryLoaded) {
33
+ // Logger not yet configured at module init, use console.warn as fallback
33
34
  console.warn("[MCPICloudflareAgent] OAuth service registry not loaded at module init - services may be unavailable");
34
35
  }
35
36
  /**
@@ -122,7 +123,7 @@ export class MCPICloudflareAgent extends McpAgent {
122
123
  audit: {
123
124
  enabled: runtimeConfig.audit?.enabled ?? true,
124
125
  logFunction: runtimeConfig.audit?.logFunction ||
125
- ((record) => console.error("[MCP-I Audit]", record)),
126
+ ((record) => logger.info("[MCP-I Audit]", record)),
126
127
  },
127
128
  toolProtectionService,
128
129
  runtimeConfig, // Pass full CloudflareRuntimeConfig for proofing support
@@ -134,6 +135,15 @@ export class MCPICloudflareAgent extends McpAgent {
134
135
  * doesn't work via RPC dispatch (the agents library bypasses our override).
135
136
  */
136
137
  async onStart() {
138
+ // Configure logger for this Durable Object isolate
139
+ // DOs run in separate isolates, so they don't inherit the middleware's logger config.
140
+ // Set log level based on environment to enable debug logs in development.
141
+ logger.configure({
142
+ level: this._environment === "development" ? "debug" : "info",
143
+ // Use normal console routing for Cloudflare Workers (not stdio)
144
+ // This ensures wrangler tail shows correct log levels
145
+ transport: "sse",
146
+ });
137
147
  // Call parent to do all setup (init, transport, reinitialize)
138
148
  await super.onStart();
139
149
  // Now extract and log clientInfo from stored initialize request
@@ -191,32 +201,32 @@ export class MCPICloudflareAgent extends McpAgent {
191
201
  const agentIdentity = await this.mcpiRuntime?.getIdentity();
192
202
  const agentDid = agentIdentity?.did || "unknown";
193
203
  const isAgentRegistered = agentDid.startsWith("did:web:knowthat.ai:");
194
- console.error("");
195
- console.error("╔════════════════════════════════════════════════════════╗");
196
- console.error("║ CONNECTING AGENT TO MCP CLIENT ║");
197
- console.error("╠════════════════════════════════════════════════════════╣");
198
- console.error(`║ Client: ${clientName.padEnd(44)}║`);
199
- console.error(`║ Version: ${clientVersion.padEnd(44)}║`);
200
- console.error(`║ Protocol: ${protocol.padEnd(44)}║`);
204
+ logger.info("");
205
+ logger.info("╔════════════════════════════════════════════════════════╗");
206
+ logger.info("║ CONNECTING AGENT TO MCP CLIENT ║");
207
+ logger.info("╠════════════════════════════════════════════════════════╣");
208
+ logger.info(`║ Client: ${clientName.padEnd(44)}║`);
209
+ logger.info(`║ Version: ${clientVersion.padEnd(44)}║`);
210
+ logger.info(`║ Protocol: ${protocol.padEnd(44)}║`);
201
211
  if (clientInfo?.vendor || knownClient?.vendor) {
202
212
  const vendor = clientInfo?.vendor || knownClient?.vendor || "";
203
- console.error(`║ Vendor: ${vendor.padEnd(44)}║`);
213
+ logger.info(`║ Vendor: ${vendor.padEnd(44)}║`);
204
214
  }
205
215
  if (clientInfo?.platform) {
206
- console.error(`║ Platform: ${clientInfo.platform.padEnd(44)}║`);
216
+ logger.info(`║ Platform: ${clientInfo.platform.padEnd(44)}║`);
207
217
  }
208
- console.error("╠════════════════════════════════════════════════════════╣");
209
- console.error(`║ Client KTA Status: ${clientStatusIcon} ${clientStatusText.padEnd(33)}║`);
210
- console.error(`║ Client DID: ${clientIdentity.did.slice(0, 40).padEnd(42)}║`);
211
- console.error(`║ DID Source: ${clientIdentity.source.padEnd(42)}║`);
212
- console.error("╠════════════════════════════════════════════════════════╣");
213
- console.error(`║ Your Agent: ${isAgentRegistered ? "✓ REGISTERED" : "○ LOCAL"} ${agentDid.slice(0, 33).padEnd(36)}║`);
214
- console.error("╚════════════════════════════════════════════════════════╝");
215
- console.error("");
218
+ logger.info("╠════════════════════════════════════════════════════════╣");
219
+ logger.info(`║ Client KTA Status: ${clientStatusIcon} ${clientStatusText.padEnd(33)}║`);
220
+ logger.info(`║ Client DID: ${clientIdentity.did.slice(0, 40).padEnd(42)}║`);
221
+ logger.info(`║ DID Source: ${clientIdentity.source.padEnd(42)}║`);
222
+ logger.info("╠════════════════════════════════════════════════════════╣");
223
+ logger.info(`║ Your Agent: ${isAgentRegistered ? "✓ REGISTERED" : "○ LOCAL"} ${agentDid.slice(0, 33).padEnd(36)}║`);
224
+ logger.info("╚════════════════════════════════════════════════════════╝");
225
+ logger.info("");
216
226
  }
217
227
  catch (error) {
218
228
  // Don't fail if we can't extract clientInfo
219
- console.warn("[MCPICloudflareAgent] Failed to extract clientInfo:", error);
229
+ logger.warn("[MCPICloudflareAgent] Failed to extract clientInfo:", error);
220
230
  }
221
231
  }
222
232
  /**
@@ -241,7 +251,7 @@ export class MCPICloudflareAgent extends McpAgent {
241
251
  privateKey: rawKeyPair.privateKey,
242
252
  keyId,
243
253
  };
244
- console.error("[MCPICloudflareAgent] Generated real did:key with key pair:", {
254
+ logger.info("[MCPICloudflareAgent] Generated real did:key with key pair:", {
245
255
  sessionId: sessionId.substring(0, 20) + "...",
246
256
  userDid: userDid.substring(0, 30) + "...",
247
257
  hasPrivateKey: true,
@@ -278,7 +288,7 @@ export class MCPICloudflareAgent extends McpAgent {
278
288
  if (existingSession?.userDid) {
279
289
  // Session already has identity - skip initialization
280
290
  if (this._environment === "development") {
281
- console.error("[SessionInit] Session already has userDid:", {
291
+ logger.debug("[SessionInit] Session already has userDid:", {
282
292
  sessionId: sessionId.slice(0, 20) + "...",
283
293
  userDid: existingSession.userDid.slice(0, 25) + "...",
284
294
  identityState: existingSession.identityState || "unknown",
@@ -303,7 +313,7 @@ export class MCPICloudflareAgent extends McpAgent {
303
313
  expirationTtl: 30 * 60, // 30 minutes (session TTL)
304
314
  });
305
315
  if (this._environment === "development") {
306
- console.error("[SessionInit] ✅ Initialized session with did:key and key pair:", {
316
+ logger.debug("[SessionInit] ✅ Initialized session with did:key and key pair:", {
307
317
  sessionId: sessionId.slice(0, 20) + "...",
308
318
  userDid: userDid.slice(0, 30) + "...",
309
319
  identityState: "ephemeral",
@@ -314,7 +324,7 @@ export class MCPICloudflareAgent extends McpAgent {
314
324
  }
315
325
  catch (error) {
316
326
  // Don't fail the main flow - session init is best-effort
317
- console.warn("[SessionInit] Failed to initialize session storage:", error);
327
+ logger.warn("[SessionInit] Failed to initialize session storage:", error);
318
328
  }
319
329
  }
320
330
  /**
@@ -335,7 +345,7 @@ export class MCPICloudflareAgent extends McpAgent {
335
345
  const sessionId = mcpSessionId || doId || `mcpi_${crypto.randomUUID()}`;
336
346
  // Log session ID source for debugging (matches executeToolWithProof pattern)
337
347
  if (this._environment === "development") {
338
- console.error("[SessionRegistration] Session ID resolved:", {
348
+ logger.debug("[SessionRegistration] Session ID resolved:", {
339
349
  fromGetSessionId: !!mcpSessionId,
340
350
  fromDoId: !mcpSessionId && !!doId,
341
351
  isEphemeral: !mcpSessionId && !doId,
@@ -353,7 +363,7 @@ export class MCPICloudflareAgent extends McpAgent {
353
363
  // Get agent DID
354
364
  const identity = await this.mcpiRuntime?.getIdentity();
355
365
  if (!identity?.did) {
356
- console.warn("[SessionRegistration] No agent DID available");
366
+ logger.warn("[SessionRegistration] No agent DID available");
357
367
  return;
358
368
  }
359
369
  // Create fetch provider wrapper for the service
@@ -368,7 +378,7 @@ export class MCPICloudflareAgent extends McpAgent {
368
378
  apiKey: mappedEnv.AGENTSHIELD_API_KEY,
369
379
  fetchProvider,
370
380
  logger: this._environment === "development"
371
- ? (msg, data) => console.error(msg, data)
381
+ ? (msg, data) => logger.debug(msg, data)
372
382
  : undefined,
373
383
  });
374
384
  // Register session (fire-and-forget)
@@ -399,7 +409,7 @@ export class MCPICloudflareAgent extends McpAgent {
399
409
  }
400
410
  catch (error) {
401
411
  // Don't fail the main flow if session registration fails
402
- console.warn("[SessionRegistration] Failed to register session:", error);
412
+ logger.warn("[SessionRegistration] Failed to register session:", error);
403
413
  }
404
414
  }
405
415
  /**
@@ -463,7 +473,7 @@ export class MCPICloudflareAgent extends McpAgent {
463
473
  try {
464
474
  await this.mcpiRuntime?.initialize();
465
475
  const identity = await this.mcpiRuntime?.getIdentity();
466
- console.error("[MCP-I] Initialized with DID:", identity?.did);
476
+ logger.info("[MCP-I] Initialized with DID:", identity?.did);
467
477
  // Ensure server is initialized before registering tools
468
478
  if (!this.server) {
469
479
  throw new Error("Server not initialized. This should not happen - server is initialized in constructor.");
@@ -472,7 +482,7 @@ export class MCPICloudflareAgent extends McpAgent {
472
482
  await this.registerTools();
473
483
  }
474
484
  catch (error) {
475
- console.error("[MCPICloudflareAgent] Initialization failed:", error);
485
+ logger.error("[MCPICloudflareAgent] Initialization failed:", error);
476
486
  throw error;
477
487
  }
478
488
  }
@@ -580,7 +590,7 @@ export class MCPICloudflareAgent extends McpAgent {
580
590
  });
581
591
  }
582
592
  catch (error) {
583
- console.error(`[MCPICloudflareAgent] Failed to register tool "${name}":`, error);
593
+ logger.error(`[MCPICloudflareAgent] Failed to register tool "${name}":`, error);
584
594
  throw error;
585
595
  }
586
596
  }
@@ -613,7 +623,7 @@ export class MCPICloudflareAgent extends McpAgent {
613
623
  ? mapPrefixedEnv(this.env, envPrefix)
614
624
  : this.env;
615
625
  if (this.getRuntimeConfigInternal(mappedEnv).environment === "development") {
616
- console.error("[MCPICloudflareAgent] Session ID source:", {
626
+ logger.debug("[MCPICloudflareAgent] Session ID source:", {
617
627
  provided: !!providedSessionId,
618
628
  fromGetSessionId: !!this.getSessionId(),
619
629
  isEphemeral: !providedSessionId && !this.getSessionId(),
@@ -634,7 +644,7 @@ export class MCPICloudflareAgent extends McpAgent {
634
644
  }
635
645
  // Log server URL source for debugging
636
646
  if (this._environment === "development") {
637
- console.error("[MCPICloudflareAgent] Server URL for consent:", {
647
+ logger.debug("[MCPICloudflareAgent] Server URL for consent:", {
638
648
  source: mappedEnv.MCP_SERVER_URL
639
649
  ? "MCP_SERVER_URL env var"
640
650
  : this._autoDetectedOrigin
@@ -651,7 +661,7 @@ export class MCPICloudflareAgent extends McpAgent {
651
661
  if (delegationStorage) {
652
662
  try {
653
663
  const agentDid = (await this.mcpiRuntime.getIdentity()).did;
654
- console.error("[MCPICloudflareAgent] 🔍 Starting delegation token lookup:", {
664
+ logger.debug("[MCPICloudflareAgent] 🔍 Starting delegation token lookup:", {
655
665
  sessionId: sessionId.slice(0, 20) + "...",
656
666
  agentDid: agentDid.slice(0, 20) + "...",
657
667
  hasDelegationStorage: !!delegationStorage,
@@ -669,13 +679,13 @@ export class MCPICloudflareAgent extends McpAgent {
669
679
  let tokenSource;
670
680
  if (userDid) {
671
681
  const userAgentKey = STORAGE_KEYS.delegation(userDid, agentDid);
672
- console.error("[MCPICloudflareAgent] 🔍 PRIORITY 1: Checking user+agent scoped key:", {
682
+ logger.debug("[MCPICloudflareAgent] 🔍 PRIORITY 1: Checking user+agent scoped key:", {
673
683
  key: userAgentKey,
674
684
  userDid: userDid.slice(0, 20) + "...",
675
685
  agentDid: agentDid.slice(0, 20) + "...",
676
686
  });
677
687
  const userAgentToken = await delegationStorage.get(userAgentKey, "text");
678
- console.error("[MCPICloudflareAgent] 🔍 PRIORITY 1: User+agent scoped lookup result:", {
688
+ logger.debug("[MCPICloudflareAgent] 🔍 PRIORITY 1: User+agent scoped lookup result:", {
679
689
  found: !!userAgentToken,
680
690
  tokenLength: userAgentToken?.length || 0,
681
691
  });
@@ -686,12 +696,12 @@ export class MCPICloudflareAgent extends McpAgent {
686
696
  }
687
697
  // PRIORITY 2: Session-scoped token (if session ID persists)
688
698
  if (!delegationToken) {
689
- console.error("[MCPICloudflareAgent] 🔍 PRIORITY 2: Checking session-scoped key:", {
699
+ logger.debug("[MCPICloudflareAgent] 🔍 PRIORITY 2: Checking session-scoped key:", {
690
700
  key: sessionKey,
691
701
  sessionId: sessionId.slice(0, 20) + "...",
692
702
  });
693
703
  const sessionTokenData = (await delegationStorage.get(sessionKey, "json"));
694
- console.error("[MCPICloudflareAgent] 🔍 PRIORITY 2: Session-scoped lookup result:", {
704
+ logger.debug("[MCPICloudflareAgent] 🔍 PRIORITY 2: Session-scoped lookup result:", {
695
705
  found: !!sessionTokenData,
696
706
  hasDelegationToken: !!sessionTokenData?.delegationToken,
697
707
  hasDelegationId: !!sessionTokenData?.delegationId,
@@ -711,7 +721,7 @@ export class MCPICloudflareAgent extends McpAgent {
711
721
  // Delegations are now strictly session-scoped or user+agent scoped.
712
722
  // See: Security fix for cross-user delegation leakage
713
723
  if (delegationToken) {
714
- console.error("[MCPICloudflareAgent] ✅ Delegation token retrieved:", {
724
+ logger.debug("[MCPICloudflareAgent] ✅ Delegation token retrieved:", {
715
725
  sessionId: sessionId.slice(0, 20) + "...",
716
726
  tokenLength: delegationToken.length,
717
727
  source: tokenSource,
@@ -722,7 +732,7 @@ export class MCPICloudflareAgent extends McpAgent {
722
732
  // This handles the case where consent was approved on a different edge/DO instance
723
733
  // and the KV write hasn't propagated to this instance's edge cache yet.
724
734
  // We retry with cacheTtl: 60 to force a fresh read from KV global store.
725
- console.error("[MCPICloudflareAgent] 🔄 Cache miss - retrying session key with edge cache bypass:", {
735
+ logger.debug("[MCPICloudflareAgent] 🔄 Cache miss - retrying session key with edge cache bypass:", {
726
736
  sessionId: sessionId.slice(0, 20) + "...",
727
737
  reason: "Potential stale edge cache after recent consent",
728
738
  });
@@ -737,7 +747,7 @@ export class MCPICloudflareAgent extends McpAgent {
737
747
  if (!delegationId && sessionTokenData.delegationId) {
738
748
  delegationId = sessionTokenData.delegationId;
739
749
  }
740
- console.error("[MCPICloudflareAgent] ✅ Delegation token found after cache bypass:", {
750
+ logger.debug("[MCPICloudflareAgent] ✅ Delegation token found after cache bypass:", {
741
751
  sessionId: sessionId.slice(0, 20) + "...",
742
752
  tokenLength: delegationToken.length,
743
753
  hasDelegationId: !!delegationId,
@@ -747,7 +757,7 @@ export class MCPICloudflareAgent extends McpAgent {
747
757
  else {
748
758
  // NOTE: This is informational - delegation is only required for protected tools
749
759
  // If the tool doesn't require delegation, this message can be ignored
750
- console.error("[MCPICloudflareAgent] ℹ️ No delegation token in session (normal if tool doesn't require delegation):", {
760
+ logger.debug("[MCPICloudflareAgent] ℹ️ No delegation token in session (normal if tool doesn't require delegation):", {
751
761
  sessionId: sessionId.slice(0, 20) + "...",
752
762
  note: "Delegation only required for tools configured with 'requiresDelegation: true'",
753
763
  });
@@ -755,7 +765,7 @@ export class MCPICloudflareAgent extends McpAgent {
755
765
  }
756
766
  }
757
767
  catch (error) {
758
- console.warn("[MCPICloudflareAgent] Failed to retrieve delegation token:", error);
768
+ logger.warn("[MCPICloudflareAgent] Failed to retrieve delegation token:", error);
759
769
  }
760
770
  }
761
771
  // ✅ FIX: Extract userDid from delegation token if not available from session storage
@@ -771,7 +781,7 @@ export class MCPICloudflareAgent extends McpAgent {
771
781
  payload.sub;
772
782
  if (extractedUserDid && extractedUserDid.startsWith("did:")) {
773
783
  userDid = extractedUserDid;
774
- console.error("[MCPICloudflareAgent] ✅ Extracted userDid from delegation token:", {
784
+ logger.debug("[MCPICloudflareAgent] ✅ Extracted userDid from delegation token:", {
775
785
  userDid: extractedUserDid.slice(0, 20) + "...",
776
786
  source: "delegation-token-jwt",
777
787
  });
@@ -779,7 +789,7 @@ export class MCPICloudflareAgent extends McpAgent {
779
789
  }
780
790
  }
781
791
  catch (extractError) {
782
- console.warn("[MCPICloudflareAgent] Failed to extract userDid from delegation token:", extractError);
792
+ logger.warn("[MCPICloudflareAgent] Failed to extract userDid from delegation token:", extractError);
783
793
  }
784
794
  }
785
795
  const session = {
@@ -827,7 +837,7 @@ export class MCPICloudflareAgent extends McpAgent {
827
837
  // Build consent page URL with credentials mode
828
838
  const consentUrl = await this.buildConsentUrlForCredentials(toolName, provider, scopes, sessionId, mappedEnv);
829
839
  const resumeToken = `resume_${Date.now()}_${Math.random().toString(36).substring(2, 11)}`;
830
- console.error("[MCPICloudflareAgent] 🔑 Credential auth required:", {
840
+ logger.info("[MCPICloudflareAgent] 🔑 Credential auth required:", {
831
841
  tool: toolName,
832
842
  provider,
833
843
  scopes,
@@ -871,7 +881,7 @@ export class MCPICloudflareAgent extends McpAgent {
871
881
  let authUrl;
872
882
  if (isCredentialProvider) {
873
883
  // For credential/password providers, build consent URL pointing to credential form
874
- console.error("[MCPICloudflareAgent] 🔑 Credential auth required (from OAuthRequiredError):", {
884
+ logger.info("[MCPICloudflareAgent] 🔑 Credential auth required (from OAuthRequiredError):", {
875
885
  tool: oauthError.toolName,
876
886
  provider: oauthError.provider,
877
887
  scopes: oauthError.requiredScopes,
@@ -897,7 +907,7 @@ export class MCPICloudflareAgent extends McpAgent {
897
907
  }
898
908
  }
899
909
  // Log other errors but don't fail tool execution (backward compatibility)
900
- console.warn("[MCPICloudflareAgent] Failed to build tool context:", error);
910
+ logger.warn("[MCPICloudflareAgent] Failed to build tool context:", error);
901
911
  }
902
912
  // Wrap handler to pass context as optional second parameter
903
913
  // For backward compatibility, handlers can accept (args) or (args, context)
@@ -944,7 +954,7 @@ export class MCPICloudflareAgent extends McpAgent {
944
954
  const clientIdentity = await this.ctx.storage.get("clientIdentity");
945
955
  const clientId = clientIdentity?.knownClientId;
946
956
  // Log for server-side debugging (consent URL still appears in logs)
947
- console.error("[MCPICloudflareAgent] 🔐 Authorization required:", {
957
+ logger.info("[MCPICloudflareAgent] 🔐 Authorization required:", {
948
958
  tool: toolNameForError,
949
959
  scopes,
950
960
  consentUrl: delegationError.consentUrl?.substring(0, 80) + "...",
@@ -988,7 +998,7 @@ export class MCPICloudflareAgent extends McpAgent {
988
998
  const clientIdentity = await this.ctx.storage.get("clientIdentity");
989
999
  const clientId = clientIdentity?.knownClientId;
990
1000
  // Log for server-side debugging
991
- console.error("[MCPICloudflareAgent] 🔑 OAuth required:", {
1001
+ logger.info("[MCPICloudflareAgent] 🔑 OAuth required:", {
992
1002
  tool: toolNameForError,
993
1003
  provider,
994
1004
  oauthUrl: oauthError.oauthUrl?.substring(0, 80) + "...",
@@ -1052,7 +1062,7 @@ export class MCPICloudflareAgent extends McpAgent {
1052
1062
  ? protection.authorization.provider
1053
1063
  : "credentials");
1054
1064
  if (this._environment === "development") {
1055
- console.error("[MCPICloudflareAgent] Building context for password-based tool:", {
1065
+ logger.debug("[MCPICloudflareAgent] Building context for password-based tool:", {
1056
1066
  tool: toolName,
1057
1067
  provider,
1058
1068
  authType: protection.authorization?.type || "legacy-oauthProvider",
@@ -1097,7 +1107,7 @@ export class MCPICloudflareAgent extends McpAgent {
1097
1107
  userId: tokenWithMeta.userId,
1098
1108
  };
1099
1109
  if (this._environment === "development") {
1100
- console.error("[MCPICloudflareAgent] ✅ Credential context built:", {
1110
+ logger.debug("[MCPICloudflareAgent] ✅ Credential context built:", {
1101
1111
  tool: toolName,
1102
1112
  hasToken: !!storedToken.access_token,
1103
1113
  tokenUsage: tokenWithMeta.tokenUsage,
@@ -1111,7 +1121,7 @@ export class MCPICloudflareAgent extends McpAgent {
1111
1121
  // No password auth token found - throw OAuthRequiredError to trigger auth flow
1112
1122
  // This ensures the user is redirected to the consent page for password-based tools
1113
1123
  if (this._environment === "development") {
1114
- console.warn("[MCPICloudflareAgent] No password auth token found, throwing OAuthRequiredError:", {
1124
+ logger.warn("[MCPICloudflareAgent] No password auth token found, throwing OAuthRequiredError:", {
1115
1125
  tool: toolName,
1116
1126
  userDid: userDid?.slice(0, 20) + "...",
1117
1127
  provider,
@@ -1141,7 +1151,7 @@ export class MCPICloudflareAgent extends McpAgent {
1141
1151
  "requiredScopes" in error))) {
1142
1152
  throw error;
1143
1153
  }
1144
- console.warn("[MCPICloudflareAgent] Failed to retrieve credential token:", error);
1154
+ logger.warn("[MCPICloudflareAgent] Failed to retrieve credential token:", error);
1145
1155
  return undefined;
1146
1156
  }
1147
1157
  }
@@ -1157,7 +1167,7 @@ export class MCPICloudflareAgent extends McpAgent {
1157
1167
  }
1158
1168
  // Check if OAuth services are available (registered via oauth-service-registry)
1159
1169
  if (!isOAuthServicesAvailable()) {
1160
- console.warn("[MCPICloudflareAgent] OAuth services not available - skipping tool context build");
1170
+ logger.warn("[MCPICloudflareAgent] OAuth services not available - skipping tool context build");
1161
1171
  return undefined;
1162
1172
  }
1163
1173
  // Get OAuth services from centralized registry (DRY - single source of truth)
@@ -1184,7 +1194,7 @@ export class MCPICloudflareAgent extends McpAgent {
1184
1194
  const oauthSecurityService = new OAuthSecurityService(env.DELEGATION_STORAGE, env.OAUTH_ENCRYPTION_SECRET);
1185
1195
  // Only create IdpTokenStorage if DELEGATION_STORAGE is available
1186
1196
  if (!env.DELEGATION_STORAGE) {
1187
- console.warn("[MCPICloudflareAgent] DELEGATION_STORAGE not configured, skipping IDP token storage");
1197
+ logger.warn("[MCPICloudflareAgent] DELEGATION_STORAGE not configured, skipping IDP token storage");
1188
1198
  return undefined;
1189
1199
  }
1190
1200
  const idpTokenStorage = new IdpTokenStorage({
@@ -1215,7 +1225,7 @@ export class MCPICloudflareAgent extends McpAgent {
1215
1225
  "requiredScopes" in error))) {
1216
1226
  throw error;
1217
1227
  }
1218
- console.warn("[MCPICloudflareAgent] Failed to build tool context:", error);
1228
+ logger.warn("[MCPICloudflareAgent] Failed to build tool context:", error);
1219
1229
  return undefined;
1220
1230
  }
1221
1231
  }
@@ -1284,7 +1294,7 @@ export class MCPICloudflareAgent extends McpAgent {
1284
1294
  }
1285
1295
  }
1286
1296
  catch (err) {
1287
- console.warn("[MCPICloudflareAgent] Failed to get provider config, will use fallback:", err);
1297
+ logger.warn("[MCPICloudflareAgent] Failed to get provider config, will use fallback:", err);
1288
1298
  }
1289
1299
  }
1290
1300
  // Generate PKCE challenge if OAuthSecurityService is available
@@ -1324,7 +1334,7 @@ export class MCPICloudflareAgent extends McpAgent {
1324
1334
  stateParam = stateValue;
1325
1335
  }
1326
1336
  catch (err) {
1327
- console.warn("[MCPICloudflareAgent] Failed to generate PKCE challenge, using insecure state:", err);
1337
+ logger.warn("[MCPICloudflareAgent] Failed to generate PKCE challenge, using insecure state:", err);
1328
1338
  // CRITICAL: Disable direct PKCE mode for fallback paths
1329
1339
  // Without proper PKCE state storage, the callback handler won't have
1330
1340
  // code_verifier for token exchange, causing authentication failures
@@ -1360,7 +1370,7 @@ export class MCPICloudflareAgent extends McpAgent {
1360
1370
  let clientId = safeProjectId;
1361
1371
  // Use direct OAuth mode if we determined earlier that provider supports PKCE
1362
1372
  if (isDirectPKCE && configuredProvider && providerConfig) {
1363
- console.error("[MCPICloudflareAgent] Using direct OAuth mode (PKCE)", {
1373
+ logger.info("[MCPICloudflareAgent] Using direct OAuth mode (PKCE)", {
1364
1374
  provider: configuredProvider,
1365
1375
  authorizationUrl: providerConfig.authorizationUrl,
1366
1376
  supportsPKCE: providerConfig.supportsPKCE,
@@ -1379,7 +1389,7 @@ export class MCPICloudflareAgent extends McpAgent {
1379
1389
  return oauthUrl.toString();
1380
1390
  }
1381
1391
  // Fallback to AgentShield bouncer endpoint for non-PKCE or proxy-mode providers
1382
- console.error("[MCPICloudflareAgent] Using AgentShield bouncer OAuth (fallback mode)");
1392
+ logger.info("[MCPICloudflareAgent] Using AgentShield bouncer OAuth (fallback mode)");
1383
1393
  oauthUrl = new URL(`${agentShieldUrl}/bouncer/oauth/authorize`);
1384
1394
  oauthUrl.searchParams.set("response_type", "code");
1385
1395
  oauthUrl.searchParams.set("client_id", clientId);
@@ -1436,7 +1446,7 @@ export class MCPICloudflareAgent extends McpAgent {
1436
1446
  // Add agent name for display
1437
1447
  const agentName = this.getAgentName() || env.MCP_SERVER_NAME || "Unknown Agent";
1438
1448
  consentUrl.searchParams.set("agent_name", agentName);
1439
- console.error("[MCPICloudflareAgent] Built credential consent URL:", consentUrl.toString().substring(0, 100) + "...");
1449
+ logger.info("[MCPICloudflareAgent] Built credential consent URL:", consentUrl.toString().substring(0, 100) + "...");
1440
1450
  return consentUrl.toString();
1441
1451
  }
1442
1452
  /**
@@ -1463,7 +1473,7 @@ export class MCPICloudflareAgent extends McpAgent {
1463
1473
  return "default";
1464
1474
  }
1465
1475
  catch (error) {
1466
- console.error("[DO Routing] Failed to extract session ID:", error);
1476
+ logger.error("[DO Routing] Failed to extract session ID:", error);
1467
1477
  return "default";
1468
1478
  }
1469
1479
  }
@@ -1499,7 +1509,7 @@ export class MCPICloudflareAgent extends McpAgent {
1499
1509
  // Header present - use it and update if different
1500
1510
  if (this._autoDetectedOrigin !== originalOrigin) {
1501
1511
  this._autoDetectedOrigin = originalOrigin;
1502
- console.error("[MCPICloudflareAgent] Auto-detected server origin:", this._autoDetectedOrigin, "(from X-MCP-Original-Origin header)");
1512
+ logger.debug("[MCPICloudflareAgent] Auto-detected server origin:", this._autoDetectedOrigin, "(from X-MCP-Original-Origin header)");
1503
1513
  }
1504
1514
  }
1505
1515
  else if (!this._autoDetectedOrigin &&
@@ -1507,15 +1517,15 @@ export class MCPICloudflareAgent extends McpAgent {
1507
1517
  !isInternalDomain) {
1508
1518
  // No header and no stored origin - use url.origin if not internal
1509
1519
  this._autoDetectedOrigin = url.origin;
1510
- console.error("[MCPICloudflareAgent] Auto-detected server origin:", this._autoDetectedOrigin, "(from url.origin)");
1520
+ logger.debug("[MCPICloudflareAgent] Auto-detected server origin:", this._autoDetectedOrigin, "(from url.origin)");
1511
1521
  }
1512
1522
  else if (!this._autoDetectedOrigin) {
1513
1523
  // Internal request without stored origin - log but don't set
1514
- console.error("[MCPICloudflareAgent] Skipping internal Cloudflare URL for origin detection:", url.origin, { isInternalPath, isInternalDomain, pathname: url.pathname });
1524
+ logger.debug("[MCPICloudflareAgent] Skipping internal Cloudflare URL for origin detection:", url.origin, { isInternalPath, isInternalDomain, pathname: url.pathname });
1515
1525
  }
1516
1526
  // Handle internal cache-clear request
1517
1527
  if (url.pathname === "/_do/cache-clear" && request.method === "POST") {
1518
- console.error("[MCPICloudflareAgent] Handling internal cache-clear request");
1528
+ logger.info("[MCPICloudflareAgent] Handling internal cache-clear request");
1519
1529
  try {
1520
1530
  const result = await this.clearToolProtectionCache();
1521
1531
  return new Response(JSON.stringify({
@@ -1535,7 +1545,7 @@ export class MCPICloudflareAgent extends McpAgent {
1535
1545
  });
1536
1546
  }
1537
1547
  catch (error) {
1538
- console.error("[MCPICloudflareAgent] Cache-clear request failed:", error);
1548
+ logger.error("[MCPICloudflareAgent] Cache-clear request failed:", error);
1539
1549
  return new Response(JSON.stringify({
1540
1550
  success: false,
1541
1551
  error: error instanceof Error ? error.message : String(error),
@@ -1563,7 +1573,7 @@ export class MCPICloudflareAgent extends McpAgent {
1563
1573
  * @returns Result of cache clear operation
1564
1574
  */
1565
1575
  async clearToolProtectionCache() {
1566
- console.error("[MCPICloudflareAgent] clearToolProtectionCache called");
1576
+ logger.info("[MCPICloudflareAgent] clearToolProtectionCache called");
1567
1577
  let consentConfigCleared = false;
1568
1578
  try {
1569
1579
  // Get the ToolProtectionService from the runtime
@@ -1577,17 +1587,17 @@ export class MCPICloudflareAgent extends McpAgent {
1577
1587
  const consentCacheKey = `consent:config:${projectId}`;
1578
1588
  await this.env.TOOL_PROTECTION_KV.delete(consentCacheKey);
1579
1589
  consentConfigCleared = true;
1580
- console.error("[MCPICloudflareAgent] Consent config cache cleared", {
1590
+ logger.info("[MCPICloudflareAgent] Consent config cache cleared", {
1581
1591
  cacheKey: consentCacheKey,
1582
1592
  });
1583
1593
  }
1584
1594
  }
1585
1595
  catch (consentError) {
1586
- console.warn("[MCPICloudflareAgent] Failed to clear consent config cache:", consentError);
1596
+ logger.warn("[MCPICloudflareAgent] Failed to clear consent config cache:", consentError);
1587
1597
  // Non-fatal - continue with tool protection cache clear
1588
1598
  }
1589
1599
  if (!toolProtectionService) {
1590
- console.warn("[MCPICloudflareAgent] No tool protection service available");
1600
+ logger.warn("[MCPICloudflareAgent] No tool protection service available");
1591
1601
  return {
1592
1602
  success: consentConfigCleared, // Partial success if consent cache cleared
1593
1603
  cacheCleared: consentConfigCleared,
@@ -1608,7 +1618,7 @@ export class MCPICloudflareAgent extends McpAgent {
1608
1618
  const protectedTools = Object.entries(result.config.toolProtections || {})
1609
1619
  .filter(([_, cfg]) => cfg.requiresDelegation)
1610
1620
  .map(([name]) => name);
1611
- console.error("[MCPICloudflareAgent] Cache cleared and refreshed", {
1621
+ logger.info("[MCPICloudflareAgent] Cache cleared and refreshed", {
1612
1622
  cacheKey: result.cacheKey,
1613
1623
  source: result.source,
1614
1624
  toolCount: Object.keys(result.config.toolProtections || {}).length,
@@ -1627,7 +1637,7 @@ export class MCPICloudflareAgent extends McpAgent {
1627
1637
  else {
1628
1638
  // Fallback for older mcp-i-core versions: just clear cache
1629
1639
  await toolProtectionService.clearCache(agentDid);
1630
- console.error("[MCPICloudflareAgent] Cache cleared (legacy mode - no refresh)");
1640
+ logger.info("[MCPICloudflareAgent] Cache cleared (legacy mode - no refresh)");
1631
1641
  return {
1632
1642
  success: true,
1633
1643
  cacheCleared: true,
@@ -1639,7 +1649,7 @@ export class MCPICloudflareAgent extends McpAgent {
1639
1649
  }
1640
1650
  }
1641
1651
  catch (error) {
1642
- console.error("[MCPICloudflareAgent] clearToolProtectionCache failed:", error);
1652
+ logger.error("[MCPICloudflareAgent] clearToolProtectionCache failed:", error);
1643
1653
  return {
1644
1654
  success: false,
1645
1655
  cacheCleared: consentConfigCleared,