npm - @kya-os/mcp-i-cloudflare - Versions diffs - 1.8.2 → 1.8.3 - Mend

@kya-os/mcp-i-cloudflare 1.8.2 → 1.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/__tests__/e2e/test-config.d.ts +37 -0
package/dist/__tests__/e2e/test-config.d.ts.map +1 -0
package/dist/__tests__/e2e/test-config.js +62 -0
package/dist/__tests__/e2e/test-config.js.map +1 -0
package/dist/consent-fallback-html.d.ts +11 -0
package/dist/consent-fallback-html.d.ts.map +1 -0
package/dist/consent-fallback-html.js +303 -0
package/dist/consent-fallback-html.js.map +1 -0
package/dist/services/consent-templates/template-renderer.d.ts +23 -12
package/dist/services/consent-templates/template-renderer.d.ts.map +1 -1
package/dist/services/consent-templates/template-renderer.js +17 -12
package/dist/services/consent-templates/template-renderer.js.map +1 -1
package/dist/services/consent.service.d.ts.map +1 -1
package/dist/services/consent.service.js +55 -5
package/dist/services/consent.service.js.map +1 -1
package/package.json +1 -1

package/dist/__tests__/e2e/test-config.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * E2E Test Configuration
+ *
+ * This file contains configuration for end-to-end tests that use real AgentShield API.
+ * Set these environment variables before running E2E tests:
+ *
+ * ```bash
+ * export E2E_AGENTSHIELD_API_KEY="sk_test_..."
+ * export E2E_AGENTSHIELD_PROJECT_ID="test-project-id"
+ * export E2E_AGENTSHIELD_API_URL="https://kya.vouched.id"  # Optional, defaults to production
+ * ```
+ *
+ * Or create a `.env.e2e` file in the package root:
+ * ```
+ * E2E_AGENTSHIELD_API_KEY=sk_test_...
+ * E2E_AGENTSHIELD_PROJECT_ID=test-project-id
+ * ```
+ */
+export interface E2ETestConfig {
+    apiKey: string;
+    projectId: string;
+    apiUrl: string;
+    enabled: boolean;
+}
+/**
+ * Load E2E test configuration from environment variables
+ */
+export declare function loadE2EConfig(): E2ETestConfig | null;
+/**
+ * Check if E2E tests should run
+ */
+export declare function shouldRunE2ETests(): boolean;
+/**
+ * Get E2E test configuration or throw if not configured
+ */
+export declare function getE2EConfig(): E2ETestConfig;
+//# sourceMappingURL=test-config.d.ts.map

package/dist/__tests__/e2e/test-config.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"test-config.d.ts","sourceRoot":"","sources":["../../../src/__tests__/e2e/test-config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAWH,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,aAAa,GAAG,IAAI,CAyBpD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,OAAO,CAG3C;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,aAAa,CAU5C"}

package/dist/__tests__/e2e/test-config.js ADDED Viewed

@@ -0,0 +1,62 @@
+/**
+ * E2E Test Configuration
+ *
+ * This file contains configuration for end-to-end tests that use real AgentShield API.
+ * Set these environment variables before running E2E tests:
+ *
+ * ```bash
+ * export E2E_AGENTSHIELD_API_KEY="sk_test_..."
+ * export E2E_AGENTSHIELD_PROJECT_ID="test-project-id"
+ * export E2E_AGENTSHIELD_API_URL="https://kya.vouched.id"  # Optional, defaults to production
+ * ```
+ *
+ * Or create a `.env.e2e` file in the package root:
+ * ```
+ * E2E_AGENTSHIELD_API_KEY=sk_test_...
+ * E2E_AGENTSHIELD_PROJECT_ID=test-project-id
+ * ```
+ */
+/**
+ * Load E2E test configuration from environment variables
+ */
+export function loadE2EConfig() {
+    // Access environment variables - works in Node.js (vitest) environment
+    const apiKey = typeof process !== "undefined" && process.env
+        ? process.env.E2E_AGENTSHIELD_API_KEY
+        : undefined;
+    const projectId = typeof process !== "undefined" && process.env
+        ? process.env.E2E_AGENTSHIELD_PROJECT_ID
+        : undefined;
+    const apiUrl = typeof process !== "undefined" && process.env
+        ? process.env.E2E_AGENTSHIELD_API_URL || "https://kya.vouched.id"
+        : "https://kya.vouched.id";
+    if (!apiKey || !projectId) {
+        return null;
+    }
+    return {
+        apiKey,
+        projectId,
+        apiUrl,
+        enabled: true,
+    };
+}
+/**
+ * Check if E2E tests should run
+ */
+export function shouldRunE2ETests() {
+    const config = loadE2EConfig();
+    return config !== null && config.enabled;
+}
+/**
+ * Get E2E test configuration or throw if not configured
+ */
+export function getE2EConfig() {
+    const config = loadE2EConfig();
+    if (!config) {
+        throw new Error("E2E tests require E2E_AGENTSHIELD_API_KEY and E2E_AGENTSHIELD_PROJECT_ID environment variables.\n" +
+            "Set them in your environment or create a .env.e2e file.\n" +
+            "See packages/mcp-i-cloudflare/src/__tests__/e2e/test-config.ts for details.");
+    }
+    return config;
+}
+//# sourceMappingURL=test-config.js.map

package/dist/__tests__/e2e/test-config.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"test-config.js","sourceRoot":"","sources":["../../../src/__tests__/e2e/test-config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAkBH;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,uEAAuE;IACvE,MAAM,MAAM,GACV,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG;QAC3C,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB;QACrC,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,SAAS,GACb,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG;QAC3C,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B;QACxC,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,MAAM,GACV,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG;QAC3C,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,wBAAwB;QACjE,CAAC,CAAC,wBAAwB,CAAC;IAE/B,IAAI,CAAC,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,MAAM;QACN,SAAS;QACT,MAAM;QACN,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;IAC/B,OAAO,MAAM,KAAK,IAAI,IAAI,MAAM,CAAC,OAAO,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY;IAC1B,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;IAC/B,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,mGAAmG;YACjG,2DAA2D;YAC3D,6EAA6E,CAChF,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/consent-fallback-html.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * Minimal inline consent UI fallback.
+ *
+ * Used when @kya-os/consent is not available (optional peer dependency).
+ * This is the vanilla HTML/JS/CSS consent form with inline MCP Apps
+ * handshake that proves the data pipeline works end-to-end.
+ *
+ * The full Lit-based UI in @kya-os/consent/mcp-app is preferred when available.
+ */
+export declare const CONSENT_FALLBACK_HTML = "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n  <meta name=\"color-scheme\" content=\"light dark\">\n  <title>MCPI Consent</title>\n  <style>\n    * { box-sizing: border-box; margin: 0; padding: 0; }\n    body { font-family: system-ui, -apple-system, sans-serif; padding: 16px; background: transparent; }\n    .card { border-radius: 12px; padding: 20px; border: 1px solid rgba(128,128,128,0.2); }\n    h2 { font-size: 16px; font-weight: 600; margin-bottom: 8px; }\n    p { font-size: 13px; opacity: 0.7; line-height: 1.5; margin-bottom: 6px; }\n    .scopes { margin: 10px 0; }\n    .scope { display: inline-block; padding: 3px 10px; border-radius: 10px; font-size: 12px; font-weight: 500; margin: 2px 4px 2px 0; background: rgba(46,125,50,0.1); color: #2e7d32; }\n    .btn { display: inline-block; padding: 8px 20px; border-radius: 8px; border: none; font-size: 14px; font-weight: 500; cursor: pointer; margin-right: 8px; margin-top: 10px; }\n    .btn-approve { background: #2563eb; color: #fff; }\n    .btn-approve:disabled { opacity: 0.5; cursor: not-allowed; }\n    .btn-deny { background: transparent; border: 1px solid rgba(128,128,128,0.3); }\n    .info { font-size: 11px; opacity: 0.5; margin-top: 12px; }\n    .fallback { font-size: 12px; margin-top: 8px; }\n    .fallback a { color: #2563eb; }\n    #loading { font-size: 13px; opacity: 0.6; }\n    #consent { display: none; }\n    #approved { display: none; font-size: 14px; color: #16a34a; font-weight: 500; }\n    .cred-fields { display: none; margin: 12px 0; }\n    .cred-fields label { display: block; font-size: 12px; font-weight: 500; margin-bottom: 4px; opacity: 0.8; }\n    .cred-fields input[type=\"text\"],\n    .cred-fields input[type=\"password\"] { width: 100%; padding: 8px 10px; border-radius: 6px; border: 1px solid rgba(128,128,128,0.3); font-size: 14px; margin-bottom: 10px; background: transparent; color: inherit; }\n    .cred-fields input:focus { outline: none; border-color: #2563eb; }\n    .pw-wrap { position: relative; }\n    .pw-toggle { position: absolute; right: 8px; top: 8px; background: none; border: none; cursor: pointer; font-size: 13px; opacity: 0.5; color: inherit; }\n    .terms-row { display: flex; align-items: flex-start; gap: 8px; margin: 10px 0 4px; }\n    .terms-row input[type=\"checkbox\"] { margin-top: 2px; }\n    .terms-row label { font-size: 12px; opacity: 0.7; cursor: pointer; }\n    .auth-error { display: none; font-size: 13px; color: #dc2626; margin: 8px 0; padding: 8px 10px; border-radius: 6px; background: rgba(220,38,38,0.08); }\n  </style>\n</head>\n<body>\n  <div id=\"loading\">Waiting for consent data&hellip;</div>\n  <div id=\"consent\" class=\"card\">\n    <h2>Authorization Required</h2>\n    <p id=\"tool-desc\"></p>\n    <div id=\"scopes-container\" class=\"scopes\"></div>\n    <div id=\"cred-fields\" class=\"cred-fields\">\n      <label for=\"cred-username\">Username / Email</label>\n      <input type=\"text\" id=\"cred-username\" autocomplete=\"username\" placeholder=\"Enter your username or email\">\n      <label for=\"cred-password\">Password</label>\n      <div class=\"pw-wrap\">\n        <input type=\"password\" id=\"cred-password\" autocomplete=\"current-password\" placeholder=\"Enter your password\">\n        <button type=\"button\" class=\"pw-toggle\" id=\"pw-toggle\" aria-label=\"Toggle password visibility\">Show</button>\n      </div>\n    </div>\n    <div id=\"auth-error\" class=\"auth-error\"></div>\n    <div id=\"terms-row\" class=\"terms-row\" style=\"display:none;\">\n      <input type=\"checkbox\" id=\"terms-check\">\n      <label for=\"terms-check\">I agree to authorize this tool and accept the terms of service</label>\n    </div>\n    <p id=\"agent-info\" class=\"info\"></p>\n    <div>\n      <button class=\"btn btn-approve\" id=\"approve-btn\">Approve</button>\n      <button class=\"btn btn-deny\" id=\"deny-btn\">Deny</button>\n    </div>\n    <div class=\"fallback\" id=\"fallback\"></div>\n  </div>\n  <div id=\"approved\"></div>\n  <script>\n    (function() {\n      var send = function(msg) { window.parent.postMessage(msg, \"*\"); };\n      var consentData = null;\n      var authMode = \"consent-only\";\n\n      function resizeNotify() {\n        send({ jsonrpc: \"2.0\", method: \"ui/notifications/size-changed\", params: {\n          width: document.documentElement.scrollWidth,\n          height: document.documentElement.scrollHeight\n        }});\n      }\n\n      function showConsent(data) {\n        consentData = data;\n        authMode = data.authMode || \"consent-only\";\n        document.getElementById(\"loading\").style.display = \"none\";\n        document.getElementById(\"consent\").style.display = \"block\";\n\n        if (authMode === \"credentials\") {\n          document.getElementById(\"tool-desc\").textContent =\n            \"Tool \\u201c\" + (data.tool || \"unknown\") + \"\\u201d requires authentication.\";\n          document.getElementById(\"cred-fields\").style.display = \"block\";\n          document.getElementById(\"terms-row\").style.display = \"flex\";\n          document.getElementById(\"approve-btn\").textContent = \"Sign In & Authorize\";\n          document.getElementById(\"approve-btn\").disabled = true;\n          document.getElementById(\"terms-check\").addEventListener(\"change\", function() {\n            document.getElementById(\"approve-btn\").disabled = !this.checked;\n          });\n        } else {\n          document.getElementById(\"tool-desc\").textContent =\n            \"Tool \\u201c\" + (data.tool || \"unknown\") + \"\\u201d requires your approval.\";\n        }\n\n        var scopesEl = document.getElementById(\"scopes-container\");\n        var scopes = data.scopes || [];\n        scopesEl.textContent = \"\";\n        scopes.forEach(function(s) {\n          var span = document.createElement(\"span\");\n          span.className = \"scope\";\n          span.textContent = s;\n          scopesEl.appendChild(span);\n        });\n        document.getElementById(\"agent-info\").textContent =\n          \"Agent: \" + (data.agentName || data.agentDid || \"unknown\");\n        if (data.consentUrl) {\n          var fallbackEl = document.getElementById(\"fallback\");\n          fallbackEl.textContent = \"\";\n          var a = document.createElement(\"a\");\n          a.href = data.consentUrl;\n          a.target = \"_blank\";\n          a.rel = \"noopener\";\n          a.textContent = \"Open in browser\";\n          fallbackEl.appendChild(a);\n        }\n        resizeNotify();\n      }\n\n      document.getElementById(\"pw-toggle\").addEventListener(\"click\", function() {\n        var pwInput = document.getElementById(\"cred-password\");\n        if (pwInput.type === \"password\") {\n          pwInput.type = \"text\";\n          this.textContent = \"Hide\";\n        } else {\n          pwInput.type = \"password\";\n          this.textContent = \"Show\";\n        }\n      });\n\n      var pendingRequests = {};\n      var nextId = 100;\n\n      function handleApprovalResponse(result, error) {\n        var statusEl = document.getElementById(\"approved\");\n        if (error) {\n          if (authMode === \"credentials\") {\n            var errEl = document.getElementById(\"auth-error\");\n            errEl.textContent = error.message || JSON.stringify(error);\n            errEl.style.display = \"block\";\n            document.getElementById(\"consent\").style.display = \"block\";\n            statusEl.style.display = \"none\";\n            document.getElementById(\"approve-btn\").disabled = !document.getElementById(\"terms-check\").checked;\n            resizeNotify();\n            return;\n          }\n          statusEl.textContent = \"Approval error: \" + (error.message || JSON.stringify(error));\n          statusEl.style.color = \"#dc2626\";\n        } else {\n          try {\n            var text = result && result.content && result.content[0] && result.content[0].text;\n            var respData = text ? JSON.parse(text) : {};\n            if (respData.success) {\n              statusEl.textContent = \"Authorization granted. You can now retry the tool.\";\n              statusEl.style.color = \"#22c55e\";\n            } else {\n              if (authMode === \"credentials\" && (respData.error_code === \"auth_failed\" || respData.error_code === \"validation_error\")) {\n                var errEl = document.getElementById(\"auth-error\");\n                errEl.textContent = respData.error || \"Authentication failed. Please check your credentials.\";\n                errEl.style.display = \"block\";\n                document.getElementById(\"consent\").style.display = \"block\";\n                statusEl.style.display = \"none\";\n                document.getElementById(\"approve-btn\").disabled = !document.getElementById(\"terms-check\").checked;\n                resizeNotify();\n                return;\n              }\n              statusEl.textContent = \"Approval error: \" + (respData.error || respData.error_code || \"Unknown\");\n              statusEl.style.color = \"#f59e0b\";\n            }\n          } catch(e) {\n            statusEl.textContent = \"Unexpected response\";\n            statusEl.style.color = \"#f59e0b\";\n          }\n        }\n        resizeNotify();\n      }\n\n      document.getElementById(\"approve-btn\").addEventListener(\"click\", function() {\n        if (!consentData) return;\n        document.getElementById(\"auth-error\").style.display = \"none\";\n        var statusEl = document.getElementById(\"approved\");\n        document.getElementById(\"consent\").style.display = \"none\";\n        statusEl.style.display = \"block\";\n        statusEl.textContent = authMode === \"credentials\" ? \"Authenticating...\" : \"Sending approval...\";\n        statusEl.style.color = \"\";\n        var reqId = nextId++;\n        pendingRequests[reqId] = handleApprovalResponse;\n\n        if (authMode === \"credentials\") {\n          var username = document.getElementById(\"cred-username\").value;\n          var password = document.getElementById(\"cred-password\").value;\n          if (!username || !password) {\n            statusEl.style.display = \"none\";\n            document.getElementById(\"consent\").style.display = \"block\";\n            var errEl = document.getElementById(\"auth-error\");\n            errEl.textContent = \"Please enter both username and password.\";\n            errEl.style.display = \"block\";\n            resizeNotify();\n            return;\n          }\n          send({\n            jsonrpc: \"2.0\", id: reqId, method: \"tools/call\",\n            params: {\n              name: \"_mcpi_credential_auth\",\n              arguments: {\n                tool: consentData.tool,\n                scopes: consentData.scopes,\n                session_id: consentData.sessionId,\n                agent_did: consentData.agentDid,\n                project_id: consentData.projectId,\n                resume_token: consentData.resumeToken,\n                username: username,\n                password: password,\n                provider: consentData.provider || \"credentials\"\n              }\n            }\n          });\n        } else {\n          send({\n            jsonrpc: \"2.0\", id: reqId, method: \"tools/call\",\n            params: {\n              name: \"_mcpi_approve_consent\",\n              arguments: {\n                tool: consentData.tool,\n                scopes: consentData.scopes,\n                session_id: consentData.sessionId,\n                agent_did: consentData.agentDid,\n                project_id: consentData.projectId,\n                resume_token: consentData.resumeToken\n              }\n            }\n          });\n        }\n        resizeNotify();\n      });\n\n      document.getElementById(\"deny-btn\").addEventListener(\"click\", function() {\n        document.getElementById(\"consent\").style.display = \"none\";\n        document.getElementById(\"approved\").style.display = \"block\";\n        document.getElementById(\"approved\").textContent = \"Authorization denied.\";\n        document.getElementById(\"approved\").style.color = \"#dc2626\";\n        resizeNotify();\n      });\n\n      window.addEventListener(\"message\", function(e) {\n        if (e.source !== window.parent) return;\n        var msg = e.data;\n        if (!msg || msg.jsonrpc !== \"2.0\") return;\n\n        if (msg.id === 0 && msg.result) {\n          var ctx = msg.result.hostContext || {};\n          if (ctx.theme === \"dark\") document.documentElement.style.colorScheme = \"dark\";\n          send({ jsonrpc: \"2.0\", method: \"ui/notifications/initialized\" });\n          resizeNotify();\n        }\n        if (msg.id != null && pendingRequests[msg.id]) {\n          pendingRequests[msg.id](msg.result, msg.error);\n          delete pendingRequests[msg.id];\n        }\n        if (msg.method === \"ui/notifications/tool-result\" && msg.params) {\n          var sc = msg.params.structuredContent;\n          if (sc && sc.type === \"consent_required\") showConsent(sc);\n        }\n        if (msg.method === \"ui/notifications/tool-input\" && msg.params) {\n          var args = msg.params.arguments;\n          if (args && args.type === \"consent_required\") showConsent(args);\n        }\n        if (msg.method === \"ping\" && msg.id != null) {\n          send({ jsonrpc: \"2.0\", id: msg.id, result: {} });\n        }\n        if (msg.method === \"ui/resource-teardown\" && msg.id != null) {\n          send({ jsonrpc: \"2.0\", id: msg.id, result: {} });\n        }\n      });\n\n      send({\n        jsonrpc: \"2.0\", id: 0, method: \"ui/initialize\",\n        params: {\n          appInfo: { name: \"MCPI Consent\", version: \"1.0.0\" },\n          appCapabilities: {},\n          protocolVersion: \"2026-01-26\"\n        }\n      });\n    })();\n  </script>\n</body>\n</html>";
+//# sourceMappingURL=consent-fallback-html.d.ts.map

package/dist/consent-fallback-html.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"consent-fallback-html.d.ts","sourceRoot":"","sources":["../src/consent-fallback-html.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,eAAO,MAAM,qBAAqB,usbAmS1B,CAAC"}

package/dist/consent-fallback-html.js ADDED Viewed

@@ -0,0 +1,303 @@
+/**
+ * Minimal inline consent UI fallback.
+ *
+ * Used when @kya-os/consent is not available (optional peer dependency).
+ * This is the vanilla HTML/JS/CSS consent form with inline MCP Apps
+ * handshake that proves the data pipeline works end-to-end.
+ *
+ * The full Lit-based UI in @kya-os/consent/mcp-app is preferred when available.
+ */
+// eslint-disable-next-line @typescript-eslint/naming-convention
+export const CONSENT_FALLBACK_HTML = `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta name="color-scheme" content="light dark">
+  <title>MCPI Consent</title>
+  <style>
+    * { box-sizing: border-box; margin: 0; padding: 0; }
+    body { font-family: system-ui, -apple-system, sans-serif; padding: 16px; background: transparent; }
+    .card { border-radius: 12px; padding: 20px; border: 1px solid rgba(128,128,128,0.2); }
+    h2 { font-size: 16px; font-weight: 600; margin-bottom: 8px; }
+    p { font-size: 13px; opacity: 0.7; line-height: 1.5; margin-bottom: 6px; }
+    .scopes { margin: 10px 0; }
+    .scope { display: inline-block; padding: 3px 10px; border-radius: 10px; font-size: 12px; font-weight: 500; margin: 2px 4px 2px 0; background: rgba(46,125,50,0.1); color: #2e7d32; }
+    .btn { display: inline-block; padding: 8px 20px; border-radius: 8px; border: none; font-size: 14px; font-weight: 500; cursor: pointer; margin-right: 8px; margin-top: 10px; }
+    .btn-approve { background: #2563eb; color: #fff; }
+    .btn-approve:disabled { opacity: 0.5; cursor: not-allowed; }
+    .btn-deny { background: transparent; border: 1px solid rgba(128,128,128,0.3); }
+    .info { font-size: 11px; opacity: 0.5; margin-top: 12px; }
+    .fallback { font-size: 12px; margin-top: 8px; }
+    .fallback a { color: #2563eb; }
+    #loading { font-size: 13px; opacity: 0.6; }
+    #consent { display: none; }
+    #approved { display: none; font-size: 14px; color: #16a34a; font-weight: 500; }
+    .cred-fields { display: none; margin: 12px 0; }
+    .cred-fields label { display: block; font-size: 12px; font-weight: 500; margin-bottom: 4px; opacity: 0.8; }
+    .cred-fields input[type="text"],
+    .cred-fields input[type="password"] { width: 100%; padding: 8px 10px; border-radius: 6px; border: 1px solid rgba(128,128,128,0.3); font-size: 14px; margin-bottom: 10px; background: transparent; color: inherit; }
+    .cred-fields input:focus { outline: none; border-color: #2563eb; }
+    .pw-wrap { position: relative; }
+    .pw-toggle { position: absolute; right: 8px; top: 8px; background: none; border: none; cursor: pointer; font-size: 13px; opacity: 0.5; color: inherit; }
+    .terms-row { display: flex; align-items: flex-start; gap: 8px; margin: 10px 0 4px; }
+    .terms-row input[type="checkbox"] { margin-top: 2px; }
+    .terms-row label { font-size: 12px; opacity: 0.7; cursor: pointer; }
+    .auth-error { display: none; font-size: 13px; color: #dc2626; margin: 8px 0; padding: 8px 10px; border-radius: 6px; background: rgba(220,38,38,0.08); }
+  </style>
+</head>
+<body>
+  <div id="loading">Waiting for consent data&hellip;</div>
+  <div id="consent" class="card">
+    <h2>Authorization Required</h2>
+    <p id="tool-desc"></p>
+    <div id="scopes-container" class="scopes"></div>
+    <div id="cred-fields" class="cred-fields">
+      <label for="cred-username">Username / Email</label>
+      <input type="text" id="cred-username" autocomplete="username" placeholder="Enter your username or email">
+      <label for="cred-password">Password</label>
+      <div class="pw-wrap">
+        <input type="password" id="cred-password" autocomplete="current-password" placeholder="Enter your password">
+        <button type="button" class="pw-toggle" id="pw-toggle" aria-label="Toggle password visibility">Show</button>
+      </div>
+    </div>
+    <div id="auth-error" class="auth-error"></div>
+    <div id="terms-row" class="terms-row" style="display:none;">
+      <input type="checkbox" id="terms-check">
+      <label for="terms-check">I agree to authorize this tool and accept the terms of service</label>
+    </div>
+    <p id="agent-info" class="info"></p>
+    <div>
+      <button class="btn btn-approve" id="approve-btn">Approve</button>
+      <button class="btn btn-deny" id="deny-btn">Deny</button>
+    </div>
+    <div class="fallback" id="fallback"></div>
+  </div>
+  <div id="approved"></div>
+  <script>
+    (function() {
+      var send = function(msg) { window.parent.postMessage(msg, "*"); };
+      var consentData = null;
+      var authMode = "consent-only";
+      function resizeNotify() {
+        send({ jsonrpc: "2.0", method: "ui/notifications/size-changed", params: {
+          width: document.documentElement.scrollWidth,
+          height: document.documentElement.scrollHeight
+        }});
+      }
+      function showConsent(data) {
+        consentData = data;
+        authMode = data.authMode || "consent-only";
+        document.getElementById("loading").style.display = "none";
+        document.getElementById("consent").style.display = "block";
+        if (authMode === "credentials") {
+          document.getElementById("tool-desc").textContent =
+            "Tool \\u201c" + (data.tool || "unknown") + "\\u201d requires authentication.";
+          document.getElementById("cred-fields").style.display = "block";
+          document.getElementById("terms-row").style.display = "flex";
+          document.getElementById("approve-btn").textContent = "Sign In & Authorize";
+          document.getElementById("approve-btn").disabled = true;
+          document.getElementById("terms-check").addEventListener("change", function() {
+            document.getElementById("approve-btn").disabled = !this.checked;
+          });
+        } else {
+          document.getElementById("tool-desc").textContent =
+            "Tool \\u201c" + (data.tool || "unknown") + "\\u201d requires your approval.";
+        }
+        var scopesEl = document.getElementById("scopes-container");
+        var scopes = data.scopes || [];
+        scopesEl.textContent = "";
+        scopes.forEach(function(s) {
+          var span = document.createElement("span");
+          span.className = "scope";
+          span.textContent = s;
+          scopesEl.appendChild(span);
+        });
+        document.getElementById("agent-info").textContent =
+          "Agent: " + (data.agentName || data.agentDid || "unknown");
+        if (data.consentUrl) {
+          var fallbackEl = document.getElementById("fallback");
+          fallbackEl.textContent = "";
+          var a = document.createElement("a");
+          a.href = data.consentUrl;
+          a.target = "_blank";
+          a.rel = "noopener";
+          a.textContent = "Open in browser";
+          fallbackEl.appendChild(a);
+        }
+        resizeNotify();
+      }
+      document.getElementById("pw-toggle").addEventListener("click", function() {
+        var pwInput = document.getElementById("cred-password");
+        if (pwInput.type === "password") {
+          pwInput.type = "text";
+          this.textContent = "Hide";
+        } else {
+          pwInput.type = "password";
+          this.textContent = "Show";
+        }
+      });
+      var pendingRequests = {};
+      var nextId = 100;
+      function handleApprovalResponse(result, error) {
+        var statusEl = document.getElementById("approved");
+        if (error) {
+          if (authMode === "credentials") {
+            var errEl = document.getElementById("auth-error");
+            errEl.textContent = error.message || JSON.stringify(error);
+            errEl.style.display = "block";
+            document.getElementById("consent").style.display = "block";
+            statusEl.style.display = "none";
+            document.getElementById("approve-btn").disabled = !document.getElementById("terms-check").checked;
+            resizeNotify();
+            return;
+          }
+          statusEl.textContent = "Approval error: " + (error.message || JSON.stringify(error));
+          statusEl.style.color = "#dc2626";
+        } else {
+          try {
+            var text = result && result.content && result.content[0] && result.content[0].text;
+            var respData = text ? JSON.parse(text) : {};
+            if (respData.success) {
+              statusEl.textContent = "Authorization granted. You can now retry the tool.";
+              statusEl.style.color = "#22c55e";
+            } else {
+              if (authMode === "credentials" && (respData.error_code === "auth_failed" || respData.error_code === "validation_error")) {
+                var errEl = document.getElementById("auth-error");
+                errEl.textContent = respData.error || "Authentication failed. Please check your credentials.";
+                errEl.style.display = "block";
+                document.getElementById("consent").style.display = "block";
+                statusEl.style.display = "none";
+                document.getElementById("approve-btn").disabled = !document.getElementById("terms-check").checked;
+                resizeNotify();
+                return;
+              }
+              statusEl.textContent = "Approval error: " + (respData.error || respData.error_code || "Unknown");
+              statusEl.style.color = "#f59e0b";
+            }
+          } catch(e) {
+            statusEl.textContent = "Unexpected response";
+            statusEl.style.color = "#f59e0b";
+          }
+        }
+        resizeNotify();
+      }
+      document.getElementById("approve-btn").addEventListener("click", function() {
+        if (!consentData) return;
+        document.getElementById("auth-error").style.display = "none";
+        var statusEl = document.getElementById("approved");
+        document.getElementById("consent").style.display = "none";
+        statusEl.style.display = "block";
+        statusEl.textContent = authMode === "credentials" ? "Authenticating..." : "Sending approval...";
+        statusEl.style.color = "";
+        var reqId = nextId++;
+        pendingRequests[reqId] = handleApprovalResponse;
+        if (authMode === "credentials") {
+          var username = document.getElementById("cred-username").value;
+          var password = document.getElementById("cred-password").value;
+          if (!username || !password) {
+            statusEl.style.display = "none";
+            document.getElementById("consent").style.display = "block";
+            var errEl = document.getElementById("auth-error");
+            errEl.textContent = "Please enter both username and password.";
+            errEl.style.display = "block";
+            resizeNotify();
+            return;
+          }
+          send({
+            jsonrpc: "2.0", id: reqId, method: "tools/call",
+            params: {
+              name: "_mcpi_credential_auth",
+              arguments: {
+                tool: consentData.tool,
+                scopes: consentData.scopes,
+                session_id: consentData.sessionId,
+                agent_did: consentData.agentDid,
+                project_id: consentData.projectId,
+                resume_token: consentData.resumeToken,
+                username: username,
+                password: password,
+                provider: consentData.provider || "credentials"
+              }
+            }
+          });
+        } else {
+          send({
+            jsonrpc: "2.0", id: reqId, method: "tools/call",
+            params: {
+              name: "_mcpi_approve_consent",
+              arguments: {
+                tool: consentData.tool,
+                scopes: consentData.scopes,
+                session_id: consentData.sessionId,
+                agent_did: consentData.agentDid,
+                project_id: consentData.projectId,
+                resume_token: consentData.resumeToken
+              }
+            }
+          });
+        }
+        resizeNotify();
+      });
+      document.getElementById("deny-btn").addEventListener("click", function() {
+        document.getElementById("consent").style.display = "none";
+        document.getElementById("approved").style.display = "block";
+        document.getElementById("approved").textContent = "Authorization denied.";
+        document.getElementById("approved").style.color = "#dc2626";
+        resizeNotify();
+      });
+      window.addEventListener("message", function(e) {
+        if (e.source !== window.parent) return;
+        var msg = e.data;
+        if (!msg || msg.jsonrpc !== "2.0") return;
+        if (msg.id === 0 && msg.result) {
+          var ctx = msg.result.hostContext || {};
+          if (ctx.theme === "dark") document.documentElement.style.colorScheme = "dark";
+          send({ jsonrpc: "2.0", method: "ui/notifications/initialized" });
+          resizeNotify();
+        }
+        if (msg.id != null && pendingRequests[msg.id]) {
+          pendingRequests[msg.id](msg.result, msg.error);
+          delete pendingRequests[msg.id];
+        }
+        if (msg.method === "ui/notifications/tool-result" && msg.params) {
+          var sc = msg.params.structuredContent;
+          if (sc && sc.type === "consent_required") showConsent(sc);
+        }
+        if (msg.method === "ui/notifications/tool-input" && msg.params) {
+          var args = msg.params.arguments;
+          if (args && args.type === "consent_required") showConsent(args);
+        }
+        if (msg.method === "ping" && msg.id != null) {
+          send({ jsonrpc: "2.0", id: msg.id, result: {} });
+        }
+        if (msg.method === "ui/resource-teardown" && msg.id != null) {
+          send({ jsonrpc: "2.0", id: msg.id, result: {} });
+        }
+      });
+      send({
+        jsonrpc: "2.0", id: 0, method: "ui/initialize",
+        params: {
+          appInfo: { name: "MCPI Consent", version: "1.0.0" },
+          appCapabilities: {},
+          protocolVersion: "2026-01-26"
+        }
+      });
+    })();
+  </script>
+</body>
+</html>`;
+//# sourceMappingURL=consent-fallback-html.js.map

package/dist/consent-fallback-html.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"consent-fallback-html.js","sourceRoot":"","sources":["../src/consent-fallback-html.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,gEAAgE;AAChE,MAAM,CAAC,MAAM,qBAAqB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAmS7B,CAAC"}

package/dist/services/consent-templates/template-renderer.d.ts CHANGED Viewed

@@ -11,6 +11,26 @@
  */
 import type { ConsentPageConfig, OAuthIdentity } from "@kya-os/contracts/consent";
 import type { CredentialProviderConfig } from "@kya-os/contracts/config";
+import { type ConsentUI, type CredentialsConfig } from "@kya-os/consent";
+/**
+ * ConsentPageConfig extended with fields that flow through from AgentShield
+ * remote config but are intentionally excluded from the contracts type.
+ */
+type RendererPageConfig = ConsentPageConfig & {
+    oauthRequired?: boolean;
+    oauthUrl?: string;
+    credentialProviderType?: string;
+    credentialProvider?: string;
+    userDid?: string;
+    credentialUserEmail?: string;
+    credentialProviderUserId?: string;
+    oauthProviderType?: string;
+    oauthProviderName?: string;
+    ui?: ConsentUI;
+    credentials?: CredentialsConfig;
+    expirationDays?: number;
+    agentName?: string;
+};
 /**
  * Template-based consent page renderer.
  *
@@ -38,17 +58,7 @@ export declare class TemplateRenderer {
      * @param oauthIdentity - Optional OAuth identity from cookie
      * @returns HTML string
      */
-    render(config: ConsentPageConfig & {
-        oauthRequired?: boolean;
-        oauthUrl?: string;
-        credentialProviderType?: string;
-        credentialProvider?: string;
-        userDid?: string;
-        credentialUserEmail?: string;
-        credentialProviderUserId?: string;
-        oauthProviderType?: string;
-        oauthProviderName?: string;
-    }, oauthIdentity?: OAuthIdentity): string;
+    render(config: RendererPageConfig, oauthIdentity?: OAuthIdentity): string;
     /**
      * Render consent page using Client-Side Rendering (CSR).
      *
@@ -73,7 +83,7 @@ export declare class TemplateRenderer {
      * @param authorizationType - Authorization type from tool protection config (default: 'password')
      * @returns HTML string
      */
-    renderCredentialPage(config: ConsentPageConfig, credentialConfig: CredentialProviderConfig, provider: string, csrfToken: string, authorizationType?: string): string;
+    renderCredentialPage(config: RendererPageConfig, credentialConfig: CredentialProviderConfig, provider: string, csrfToken: string, authorizationType?: string): string;
     /**
      * Render credential login page using CSR (Client-Side Rendering).
      *
@@ -125,4 +135,5 @@ export declare function createTemplateRenderer(options?: {
     useCSR?: boolean;
     bundlePath?: string;
 }): TemplateRenderer;
+export {};
 //# sourceMappingURL=template-renderer.d.ts.map

package/dist/services/consent-templates/template-renderer.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"template-renderer.d.ts","sourceRoot":"","sources":["../../../src/services/consent-templates/template-renderer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAYH,OAAO,KAAK,EACV,iBAAiB,EACjB,aAAa,EACd,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;~~AAazE;;;;;;;;;GASG~~;AACH,~~qBAAa~~,~~gBAAgB~~;~~IAC3B~~,~~OAAO~~,CAAC,~~MAAM~~,~~CAAU~~;IACxB,~~OAAO~~,CAAC,~~UAAU~~,~~CAAS~~;~~gBAEf~~,~~OAAO~~,CAAC,EAAE~~;QAAE~~,MAAM,CAAC,EAAE,~~OAAO~~,CAAC;~~QAAC~~,~~UAAU~~,CAAC,EAAE,MAAM,~~CAAA~~;~~KAAE;IAK/D;;;;;;;;;OASG;IACH~~,~~MAAM~~,~~CACJ~~,~~MAAM,~~EAAE,~~iBAAiB~~,~~GAAG~~;~~QAC1B~~,~~aAAa~~,CAAC,EAAE,~~OAAO~~,CAAC;~~QACxB~~,~~QAAQ~~,CAAC,EAAE,MAAM,CAAC;~~QAClB~~,~~sBAAsB~~,CAAC,EAAE,MAAM,CAAC;~~QAChC~~,~~kBAAkB~~,CAAC,EAAE,~~MAAM~~,CAAC;~~QAC5B~~,~~OAAO~~,CAAC,EAAE,~~MAAM~~,CAAC;~~QACjB~~,~~mBAAmB~~,CAAC,EAAE,MAAM,CAAC;~~QAC7B~~,~~wBAAwB~~,CAAC,EAAE,MAAM,CAAC;~~QAClC~~,~~iBAAiB~~,CAAC,EAAE,MAAM,CAAC;~~QAC3B~~,~~iBAAiB~~,CAAC,EAAE,MAAM,~~CAAC~~;~~KAC5B~~,~~EACD~~,aAAa,CAAC,EAAE,aAAa,GAC5B,MAAM;IAoCT;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,SAAS;~~IAuEjB~~;;;;;;;;;OASG;IACH,oBAAoB,CAClB,MAAM,EAAE,~~iBAAiB~~,~~EACzB~~,gBAAgB,EAAE,wBAAwB,EAC1C,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,iBAAiB,GAAE,MAAmB,GACrC,MAAM;IA+BT;;;;;;;;;OASG;IACH,OAAO,CAAC,uBAAuB;~~IAmD~~/B;;;;;;OAMG;IACH,aAAa,CAAC,OAAO,EAAE;QACrB,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,CAAC,EAAE,OAAO,CAAC;KACrB,GAAG,MAAM;IAIV;;;;;;;OAOG;IACH,iBAAiB,CACf,YAAY,EAAE,MAAM,EACpB,SAAS,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,OAAO,GAClB,MAAM;IAsDT;;OAEG;IACH,OAAO,CAAC,mBAAmB;~~IAqC3B~~;;OAEG;IACH,OAAO,CAAC,iBAAiB;~~CAuC1B~~;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,CAAC,EAAE;IAC/C,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,gBAAgB,CAEnB"}
1	+ {"version":3,"file":"template-renderer.d.ts","sourceRoot":"","sources":["../../../src/services/consent-templates/template-renderer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAYH,OAAO,KAAK,EACV,iBAAiB,EACjB,aAAa,EACd,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AACzE,OAAO,EAIL,KAAK,SAAS,EACd,KAAK,iBAAiB,EACvB,MAAM,iBAAiB,CAAC;AAQzB;;;GAGG;AACH,KAAK,kBAAkB,GAAG,iBAAiB,GAAG;IAC5C,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,EAAE,CAAC,EAAE,SAAS,CAAC;IACf,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAChC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF;;;;;;;;;GASG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAU;IACxB,OAAO,CAAC,UAAU,CAAS;gBAEf,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,OAAO,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE;IAK/D;;;;;;;;;OASG;IACH,MAAM,CACJ,MAAM,EAAE,kBAAkB,EAC1B,aAAa,CAAC,EAAE,aAAa,GAC5B,MAAM;IAoCT;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,SAAS;IAgEjB;;;;;;;;;OASG;IACH,oBAAoB,CAClB,MAAM,EAAE,kBAAkB,EAC1B,gBAAgB,EAAE,wBAAwB,EAC1C,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,iBAAiB,GAAE,MAAmB,GACrC,MAAM;IA+BT;;;;;;;;;OASG;IACH,OAAO,CAAC,uBAAuB;IAuD/B;;;;;;OAMG;IACH,aAAa,CAAC,OAAO,EAAE;QACrB,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,CAAC,EAAE,OAAO,CAAC;KACrB,GAAG,MAAM;IAIV;;;;;;;OAOG;IACH,iBAAiB,CACf,YAAY,EAAE,MAAM,EACpB,SAAS,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,OAAO,GAClB,MAAM;IAsDT;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA2B3B;;OAEG;IACH,OAAO,CAAC,iBAAiB;CAqC1B;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,CAAC,EAAE;IAC/C,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,gBAAgB,CAEnB"}

package/dist/services/consent-templates/template-renderer.js CHANGED Viewed

@@ -91,6 +91,8 @@ export class TemplateRenderer {
             ui: config.ui,
             // Map credentials config if available
             credentials: config.credentials,
+            // Map expiration days from AgentShield config
+            expirationDays: config.expirationDays,
             // Map other mode configs
             // CRITICAL: Include providerId for proper OAuth button URL construction
             oauth: config.oauthRequired
@@ -116,6 +118,7 @@ export class TemplateRenderer {
             // Set authMode explicitly for OAuth flow
             // This ensures the mcp-consent component renders the OAuth button
             authMode: config.oauthRequired ? "oauth" : undefined,
+            agentName: config.agentName, // Human-readable agent name for display
             provider: config.provider, // Pass the OAuth provider name (e.g., 'github')
             // CRITICAL: Pass pre-built OAuth URL directly to avoid constructing wrong URL
             // This is the actual OAuth authorization URL (e.g., https://github.com/login/oauth/authorize?...)
@@ -191,6 +194,9 @@ export class TemplateRenderer {
             terms: config.terms,
             customFields: config.customFields,
             ui: config.ui,
+            // Pass expiration days so the credential page shows the correct value
+            // (parity with renderCSR — otherwise the Lit component falls back to default)
+            expirationDays: config.expirationDays,
             // Include credentials config for the Lit component
             credentials: {
                 usernameLabel: cpc.usernameLabel || "Username",
@@ -215,6 +221,7 @@ export class TemplateRenderer {
             pageTitle: consentConfig.ui?.title || "Permission Request",
             // Force credentials mode
             authMode: "credentials",
+            agentName: config.agentName,
             provider: provider,
             // Include CSRF token for form security
             csrfToken: csrfToken,
@@ -307,7 +314,7 @@ export class TemplateRenderer {
             provider: config.provider,
             oauthUrl: config.oauthUrl,
             oauthRequired: config.oauthRequired,
-            expirationDays: 30, // Default, could be pulled from config
+            expirationDays: config.expirationDays ?? 30,
             // Pass through credential auth params for 3-screen flow
             credentialProviderType: config.credentialProviderType,
             credentialProvider: config.credentialProvider,
@@ -323,8 +330,6 @@ export class TemplateRenderer {
      * Build ConsentConfigWithMeta from page config's branding/terms/ui.
      */
     buildRemoteConfig(config) {
-        // Cast to any to access optional fields that may come from AgentShield
-        const extendedConfig = config;
         const branding = config.branding;
         return {
             branding: config.branding
@@ -344,20 +349,20 @@ export class TemplateRenderer {
                 : undefined,
             customFields: config.customFields,
             // Map UI config for title, description, button text, etc.
-            ui: extendedConfig.ui
+            ui: config.ui
                 ? {
-                    title: extendedConfig.ui.title,
-                    description: extendedConfig.ui.description,
-                    expirationText: extendedConfig.ui.expirationText,
-                    cancelButtonText: extendedConfig.ui.cancelButtonText,
-                    submitButtonText: extendedConfig.ui.submitButtonText,
-                    permissionsHeader: extendedConfig.ui.permissionsHeader,
+                    title: config.ui.title,
+                    description: config.ui.description,
+                    expirationText: config.ui.expirationText,
+                    cancelButtonText: config.ui.cancelButtonText,
+                    submitButtonText: config.ui.submitButtonText,
+                    permissionsHeader: config.ui.permissionsHeader,
                 }
                 : undefined,
             // Map credentials config
-            credentials: extendedConfig.credentials,
+            credentials: config.credentials,
             // Map expiration days
-            expirationDays: extendedConfig.expirationDays,
+            expirationDays: config.expirationDays,
         };
     }
 }