@kya-os/mcp-i-cloudflare 1.7.76 → 1.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/dist/adapter.d.ts +5 -0
  2. package/dist/adapter.d.ts.map +1 -1
  3. package/dist/adapter.js +34 -4
  4. package/dist/adapter.js.map +1 -1
  5. package/dist/agent.d.ts +14 -0
  6. package/dist/agent.d.ts.map +1 -1
  7. package/dist/agent.js +788 -36
  8. package/dist/agent.js.map +1 -1
  9. package/dist/app.d.ts.map +1 -1
  10. package/dist/app.js +35 -0
  11. package/dist/app.js.map +1 -1
  12. package/dist/index.d.ts.map +1 -1
  13. package/dist/index.js +1 -0
  14. package/dist/index.js.map +1 -1
  15. package/dist/proof-generator.d.ts.map +1 -1
  16. package/dist/proof-generator.js +12 -10
  17. package/dist/proof-generator.js.map +1 -1
  18. package/dist/providers/crypto.d.ts +1 -1
  19. package/dist/providers/crypto.d.ts.map +1 -1
  20. package/dist/providers/crypto.js +5 -1
  21. package/dist/providers/crypto.js.map +1 -1
  22. package/dist/services/consent.service.d.ts +18 -0
  23. package/dist/services/consent.service.d.ts.map +1 -1
  24. package/dist/services/consent.service.js +155 -39
  25. package/dist/services/consent.service.js.map +1 -1
  26. package/dist/services/vault-resolver.d.ts +55 -0
  27. package/dist/services/vault-resolver.d.ts.map +1 -0
  28. package/dist/services/vault-resolver.js +144 -0
  29. package/dist/services/vault-resolver.js.map +1 -0
  30. package/dist/types.d.ts +2 -0
  31. package/dist/types.d.ts.map +1 -1
  32. package/package.json +18 -9
package/dist/services/vault-resolver.d.ts ADDED
@@ -0,0 +1,55 @@
1
+ /**
2
+ * VaultResolver — Runtime Secret Resolution Service
3
+ *
4
+ * Calls AgentShield's vault /resolve endpoint to retrieve per-user
5
+ * API keys at tool execution time. Generates signed assertion JWTs
6
+ * to prove request legitimacy and caches results per session.
7
+ *
8
+ * @module mcp-i-cloudflare/services/vault-resolver
9
+ */
10
+ export interface VaultResolverConfig {
11
+ /** AgentShield API base URL (e.g., https://kya.vouched.id) */
12
+ apiUrl: string;
13
+ /** AgentShield API key for X-API-Key header */
14
+ apiKey: string;
15
+ /** Worker's Ed25519 private key for signing assertion JWTs */
16
+ identityKey: CryptoKey;
17
+ /** Worker's DID (iss/sub claim in assertion) */
18
+ agentDid: string;
19
+ /** Injectable fetch (defaults to globalThis.fetch) */
20
+ fetch?: typeof globalThis.fetch;
21
+ /** Optional audit logger */
22
+ auditLogger?: {
23
+ logEvent(ctx: {
24
+ eventType: string;
25
+ eventData?: Record<string, unknown>;
26
+ }): Promise<void>;
27
+ };
28
+ }
29
+ export declare class VaultResolver {
30
+ private readonly config;
31
+ private readonly cache;
32
+ private readonly _fetch;
33
+ constructor(config: VaultResolverConfig);
34
+ /**
35
+ * Resolve per-user secrets from the vault.
36
+ *
37
+ * Returns a map of env var names to their decrypted values.
38
+ * Returns empty `{}` on 403/404 (graceful degradation).
39
+ * Throws on 5xx and network errors.
40
+ */
41
+ resolve(projectId: string, userDid: string, toolName: string, envVarNames: string[], sessionId: string): Promise<Record<string, string>>;
42
+ /** Clear all cached entries for a given session. */
43
+ invalidate(sessionId: string): void;
44
+ private isExpired;
45
+ /**
46
+ * Build a short-lived EdDSA assertion JWT.
47
+ *
48
+ * Proves to AgentShield that this resolve request is legitimate —
49
+ * not a forged call with an arbitrary userDid.
50
+ */
51
+ private buildAssertionJWT;
52
+ private base64urlEncode;
53
+ private emitAudit;
54
+ }
55
+ //# sourceMappingURL=vault-resolver.d.ts.map
package/dist/services/vault-resolver.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"vault-resolver.d.ts","sourceRoot":"","sources":["../../src/services/vault-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH,MAAM,WAAW,mBAAmB;IAClC,8DAA8D;IAC9D,MAAM,EAAE,MAAM,CAAC;IACf,+CAA+C;IAC/C,MAAM,EAAE,MAAM,CAAC;IACf,8DAA8D;IAC9D,WAAW,EAAE,SAAS,CAAC;IACvB,gDAAgD;IAChD,QAAQ,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC,4BAA4B;IAC5B,WAAW,CAAC,EAAE;QACZ,QAAQ,CAAC,GAAG,EAAE;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;SAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;KAC1F,CAAC;CACH;AAcD,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAsB;IAC7C,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAiC;IACvD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA0B;gBAErC,MAAM,EAAE,mBAAmB;IAKvC;;;;;;OAMG;IACG,OAAO,CACX,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EAAE,EACrB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAwElC,oDAAoD;IACpD,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAWnC,OAAO,CAAC,SAAS;IAIjB;;;;;OAKG;YACW,iBAAiB;IAqC/B,OAAO,CAAC,eAAe;YAWT,SAAS;CAUxB"}
package/dist/services/vault-resolver.js ADDED
@@ -0,0 +1,144 @@
1
+ /**
2
+ * VaultResolver — Runtime Secret Resolution Service
3
+ *
4
+ * Calls AgentShield's vault /resolve endpoint to retrieve per-user
5
+ * API keys at tool execution time. Generates signed assertion JWTs
6
+ * to prove request legitimacy and caches results per session.
7
+ *
8
+ * @module mcp-i-cloudflare/services/vault-resolver
9
+ */
10
+ import { VAULT_AUDIT_EVENTS } from '@kya-os/contracts/vault';
11
+ // ── Constants ────────────────────────────────────────────────────────
12
+ const CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
13
+ const ASSERTION_TTL_SEC = 60;
14
+ // ── Implementation ───────────────────────────────────────────────────
15
+ export class VaultResolver {
16
+ config;
17
+ cache = new Map();
18
+ _fetch;
19
+ constructor(config) {
20
+ this.config = config;
21
+ this._fetch = config.fetch ?? globalThis.fetch.bind(globalThis);
22
+ }
23
+ /**
24
+ * Resolve per-user secrets from the vault.
25
+ *
26
+ * Returns a map of env var names to their decrypted values.
27
+ * Returns empty `{}` on 403/404 (graceful degradation).
28
+ * Throws on 5xx and network errors.
29
+ */
30
+ async resolve(projectId, userDid, toolName, envVarNames, sessionId) {
31
+ // Cache key includes toolName (server may authorize per-tool) and
32
+ // sorted envVarNames (different tools may request different vars)
33
+ const envKey = [...envVarNames].sort().join(',');
34
+ const cacheKey = `${projectId}\0${userDid}\0${sessionId}\0${toolName}\0${envKey}`;
35
+ const cached = this.cache.get(cacheKey);
36
+ if (cached && !this.isExpired(cached)) {
37
+ return { ...cached.secrets };
38
+ }
39
+ // Build signed assertion JWT
40
+ const assertion = await this.buildAssertionJWT(projectId, userDid, toolName, sessionId);
41
+ const url = `${this.config.apiUrl.replace(/\/$/, '')}/api/v1/vault/${projectId}/resolve`;
42
+ await this.emitAudit(VAULT_AUDIT_EVENTS.RESOLVE_REQUESTED, {
43
+ projectId, userDid, toolName, sessionId,
44
+ });
45
+ const response = await this._fetch(url, {
46
+ method: 'POST',
47
+ headers: {
48
+ 'Content-Type': 'application/json',
49
+ 'X-API-Key': this.config.apiKey,
50
+ },
51
+ body: JSON.stringify({
52
+ userDid,
53
+ envVarNames,
54
+ toolName,
55
+ assertion,
56
+ }),
57
+ });
58
+ // Graceful degradation on 403/404
59
+ if (response.status === 403 || response.status === 404) {
60
+ const empty = {};
61
+ this.cache.set(cacheKey, { secrets: empty, cachedAt: Date.now() });
62
+ await this.emitAudit(VAULT_AUDIT_EVENTS.RESOLVE_DENIED, {
63
+ projectId, userDid, toolName, sessionId, status: response.status,
64
+ });
65
+ return { ...empty };
66
+ }
67
+ // Throw on server/infra errors
68
+ if (!response.ok) {
69
+ await this.emitAudit(VAULT_AUDIT_EVENTS.RESOLVE_DENIED, {
70
+ projectId, userDid, toolName, sessionId, status: response.status,
71
+ });
72
+ throw new Error(`Vault resolve failed: ${response.status} ${response.statusText}`);
73
+ }
74
+ const data = (await response.json());
75
+ const secrets = data.secrets ?? {};
76
+ // Cache the result
77
+ this.cache.set(cacheKey, { secrets, cachedAt: Date.now() });
78
+ await this.emitAudit(VAULT_AUDIT_EVENTS.RESOLVE_GRANTED, {
79
+ projectId, userDid, toolName, sessionId,
80
+ resolvedCount: Object.keys(secrets).length,
81
+ });
82
+ return { ...secrets };
83
+ }
84
+ /** Clear all cached entries for a given session. */
85
+ invalidate(sessionId) {
86
+ // Cache key format: projectId\0userDid\0sessionId\0toolName\0envKey
87
+ for (const [key] of this.cache) {
88
+ if (key.split('\0')[2] === sessionId) {
89
+ this.cache.delete(key);
90
+ }
91
+ }
92
+ }
93
+ // ── Private ──────────────────────────────────────────────────────
94
+ isExpired(entry) {
95
+ return Date.now() - entry.cachedAt > CACHE_TTL_MS;
96
+ }
97
+ /**
98
+ * Build a short-lived EdDSA assertion JWT.
99
+ *
100
+ * Proves to AgentShield that this resolve request is legitimate —
101
+ * not a forged call with an arbitrary userDid.
102
+ */
103
+ async buildAssertionJWT(projectId, userDid, toolName, sessionId) {
104
+ const now = Math.floor(Date.now() / 1000);
105
+ const header = { alg: 'EdDSA', typ: 'JWT' };
106
+ const payload = {
107
+ iss: this.config.agentDid,
108
+ sub: this.config.agentDid,
109
+ projectId,
110
+ userDid,
111
+ toolName,
112
+ sessionId,
113
+ nonce: crypto.randomUUID(),
114
+ iat: now,
115
+ exp: now + ASSERTION_TTL_SEC,
116
+ };
117
+ const headerB64 = this.base64urlEncode(JSON.stringify(header));
118
+ const payloadB64 = this.base64urlEncode(JSON.stringify(payload));
119
+ const signingInput = `${headerB64}.${payloadB64}`;
120
+ const signature = await crypto.subtle.sign('Ed25519', this.config.identityKey, new TextEncoder().encode(signingInput));
121
+ const signatureB64 = this.base64urlEncode(new Uint8Array(signature));
122
+ return `${headerB64}.${payloadB64}.${signatureB64}`;
123
+ }
124
+ base64urlEncode(data) {
125
+ let bytes;
126
+ if (typeof data === 'string') {
127
+ bytes = new TextEncoder().encode(data);
128
+ }
129
+ else {
130
+ bytes = data;
131
+ }
132
+ const base64 = btoa(String.fromCharCode(...bytes));
133
+ return base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
134
+ }
135
+ async emitAudit(eventType, eventData) {
136
+ try {
137
+ await this.config.auditLogger?.logEvent({ eventType, eventData });
138
+ }
139
+ catch {
140
+ // Audit logging is non-fatal
141
+ }
142
+ }
143
+ }
144
+ //# sourceMappingURL=vault-resolver.js.map
package/dist/services/vault-resolver.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"vault-resolver.js","sourceRoot":"","sources":["../../src/services/vault-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AA0B7D,wEAAwE;AAExE,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AAChD,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAE7B,wEAAwE;AAExE,MAAM,OAAO,aAAa;IACP,MAAM,CAAsB;IAC5B,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;IACtC,MAAM,CAA0B;IAEjD,YAAY,MAA2B;QACrC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAClE,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,OAAO,CACX,SAAiB,EACjB,OAAe,EACf,QAAgB,EAChB,WAAqB,EACrB,SAAiB;QAEjB,kEAAkE;QAClE,kEAAkE;QAClE,MAAM,MAAM,GAAG,CAAC,GAAG,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjD,MAAM,QAAQ,GAAG,GAAG,SAAS,KAAK,OAAO,KAAK,SAAS,KAAK,QAAQ,KAAK,MAAM,EAAE,CAAC;QAClF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,MAAM,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,OAAO,EAAE,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,CAAC;QAED,6BAA6B;QAC7B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAC5C,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,CACxC,CAAC;QAEF,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,iBAAiB,SAAS,UAAU,CAAC;QAEzF,MAAM,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,iBAAiB,EAAE;YACzD,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS;SACxC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE;YACtC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;aAChC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,OAAO;gBACP,WAAW;gBACX,QAAQ;gBACR,SAAS;aACV,CAAC;SACH,CAAC,CAAC;QAEH,kCAAkC;QAClC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvD,MAAM,KAAK,GAA2B,EAAE,CAAC;YACzC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YAEnE,MAAM,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,cAAc,EAAE;gBACtD,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM;aACjE,CAAC,CAAC;YAEH,OAAO,EAAE,GAAG,KAAK,EAAE,CAAC;QACtB,CAAC;QAED,+BAA+B;QAC/B,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,cAAc,EAAE;gBACtD,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM;aACjE,CAAC,CAAC;YAEH,MAAM,IAAI,KAAK,CACb,yBAAyB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAClE,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAwC,CAAC;QAC5E,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;QAEnC,mBAAmB;QACnB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAE5D,MAAM,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,eAAe,EAAE;YACvD,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS;YACvC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM;SAC3C,CAAC,CAAC;QAEH,OAAO,EAAE,GAAG,OAAO,EAAE,CAAC;IACxB,CAAC;IAED,oDAAoD;IACpD,UAAU,CAAC,SAAiB;QAC1B,oEAAoE;QACpE,KAAK,MAAM,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC/B,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;gBACrC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAED,oEAAoE;IAE5D,SAAS,CAAC,KAAiB;QACjC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,QAAQ,GAAG,YAAY,CAAC;IACpD,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,iBAAiB,CAC7B,SAAiB,EACjB,OAAe,EACf,QAAgB,EAChB,SAAiB;QAEjB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE1C,MAAM,MAAM,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;QAE5C,MAAM,OAAO,GAAG;YACd,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YACzB,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YACzB,SAAS;YACT,OAAO;YACP,QAAQ;YACR,SAAS;YACT,KAAK,EAAE,MAAM,CAAC,UAAU,EAAE;YAC1B,GAAG,EAAE,GAAG;YACR,GAAG,EAAE,GAAG,GAAG,iBAAiB;SAC7B,CAAC;QAEF,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QAC/D,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QACjE,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;QAElD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CACxC,SAAS,EACT,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CACvC,CAAC;QAEF,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;QAErE,OAAO,GAAG,SAAS,IAAI,UAAU,IAAI,YAAY,EAAE,CAAC;IACtD,CAAC;IAEO,eAAe,CAAC,IAAyB;QAC/C,IAAI,KAAiB,CAAC;QACtB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,KAAK,GAAG,IAAI,CAAC;QACf,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC;QACnD,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAC1E,CAAC;IAEO,KAAK,CAAC,SAAS,CACrB,SAAiB,EACjB,SAAkC;QAElC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;QACpE,CAAC;QAAC,MAAM,CAAC;YACP,6BAA6B;QAC/B,CAAC;IACH,CAAC;CACF"}
package/dist/types.d.ts CHANGED
@@ -64,5 +64,7 @@ export interface CloudflareEnv {
64
64
  DO_ROUTING_STRATEGY?: string;
65
65
  /** Number of shards for shard routing (default: "10") */
66
66
  DO_SHARD_COUNT?: string;
67
+ /** Enable MCP Apps inline consent UI ("true" to enable) */
68
+ MCPI_INLINE_CONSENT?: string;
67
69
  }
68
70
  //# sourceMappingURL=types.d.ts.map
package/dist/types.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AAEzG;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,WAAW,aAAa;IAC5B,2EAA2E;IAC3E,WAAW,EAAE,WAAW,CAAC;IACzB,kEAAkE;IAClE,aAAa,CAAC,EAAE,WAAW,CAAC;IAC5B,kFAAkF;IAClF,gBAAgB,CAAC,EAAE,WAAW,CAAC;IAC/B,oGAAoG;IACpG,kBAAkB,CAAC,EAAE,WAAW,CAAC;IACjC,gFAAgF;IAChF,kBAAkB,CAAC,EAAE,WAAW,CAAC;IACjC,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,yEAAyE;IACzE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,kDAAkD;IAClD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,8EAA8E;IAC9E,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,6DAA6D;IAC7D,mBAAmB,CAAC,EAAE,kBAAkB,CAAC;IACzC,wFAAwF;IACxF,UAAU,CAAC,EAAE,sBAAsB,CAAC;IACpC,oFAAoF;IACpF,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,yDAAyD;IACzD,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AAEzG;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,WAAW,aAAa;IAC5B,2EAA2E;IAC3E,WAAW,EAAE,WAAW,CAAC;IACzB,kEAAkE;IAClE,aAAa,CAAC,EAAE,WAAW,CAAC;IAC5B,kFAAkF;IAClF,gBAAgB,CAAC,EAAE,WAAW,CAAC;IAC/B,oGAAoG;IACpG,kBAAkB,CAAC,EAAE,WAAW,CAAC;IACjC,gFAAgF;IAChF,kBAAkB,CAAC,EAAE,WAAW,CAAC;IACjC,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,yEAAyE;IACzE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,kDAAkD;IAClD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,8EAA8E;IAC9E,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,6DAA6D;IAC7D,mBAAmB,CAAC,EAAE,kBAAkB,CAAC;IACzC,wFAAwF;IACxF,UAAU,CAAC,EAAE,sBAAsB,CAAC;IACpC,oFAAoF;IACpF,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,yDAAyD;IACzD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,2DAA2D;IAC3D,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@kya-os/mcp-i-cloudflare",
3
- "version": "1.7.76",
3
+ "version": "1.8.1",
4
4
  "description": "Cloudflare Workers adapter for MCP-I framework",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -29,27 +29,36 @@
29
29
  },
30
30
  "dependencies": {
31
31
  "@kya-os/consent": "^0.1.23",
32
- "@kya-os/contracts": "^1.7.21",
33
- "@kya-os/mcp-i-core": "^1.4.19",
32
+ "@kya-os/contracts": "^1.7.26",
33
+ "@kya-os/mcp-i-core": "^1.6.2",
34
34
  "@kya-os/provider-registry": "^0.1.7",
35
35
  "@modelcontextprotocol/sdk": "^1.25.2",
36
- "agents": "^0.3.6",
36
+ "agents": "^0.4.1",
37
37
  "base-x": "^5.0.0",
38
- "hono": "^4.11.7",
38
+ "hono": "^4.12.4",
39
39
  "jose": "^5.6.3",
40
- "zod": "^3.25.76"
40
+ "zod": "^3.25.67"
41
+ },
42
+ "peerDependencies": {
43
+ "@modelcontextprotocol/ext-apps": "^1.0.0"
44
+ },
45
+ "peerDependenciesMeta": {
46
+ "@modelcontextprotocol/ext-apps": {
47
+ "optional": true
48
+ }
41
49
  },
42
50
  "devDependencies": {
43
51
  "@cloudflare/workers-types": "^4.20240701.0",
52
+ "@modelcontextprotocol/ext-apps": "^1.0.0",
44
53
  "@playwright/test": "^1.57.0",
45
54
  "@types/node": "^20.14.9",
46
- "@vitest/coverage-v8": "^4.0.5",
55
+ "@vitest/coverage-v8": "^4.0.18",
47
56
  "dotenv": "^16.3.1",
48
57
  "eslint": "^9.26.0",
49
58
  "miniflare": "^3.20241218.0",
50
- "msw": "^2.12.4",
59
+ "msw": "^2.12.10",
51
60
  "typescript": "^5.5.3",
52
- "vitest": "^4.0.5",
61
+ "vitest": "^4.0.18",
53
62
  "wrangler": "^4.59.1"
54
63
  },
55
64
  "publishConfig": {