@kya-os/mcp-i-core 1.1.10 → 1.1.12

package/dist/runtime/base-v2.js

@@ -0,0 +1,328 @@
+"use strict";
+/**
+ * Base MCP-I Runtime V2 - Refactored with better separation of concerns
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MCPIRuntimeBaseV2 = void 0;
+const interfaces_1 = require("../verification/interfaces");
+const resolver_1 = require("../did/resolver");
+/**
+ * Refactored MCP-I Runtime Base
+ * Accepts providers instead of implementing crypto directly
+ */
+class MCPIRuntimeBaseV2 {
+    // Core providers
+    crypto;
+    identity;
+    storage;
+    nonceCache;
+    clock;
+    fetch;
+    // Advanced components
+    proofEngine;
+    didResolver;
+    credentialVerifier;
+    delegationRegistry;
+    progressiveVerifier;
+    // Configuration
+    config;
+    // Runtime state
+    cachedIdentity;
+    sessions = new Map();
+    constructor(config) {
+        this.config = config;
+        // Set core providers
+        this.crypto = config.cryptoProvider;
+        this.identity = config.identityProvider;
+        this.storage = config.storageProvider;
+        this.nonceCache = config.nonceCacheProvider;
+        this.clock = config.clockProvider;
+        this.fetch = config.fetchProvider;
+        // Initialize advanced components
+        this.proofEngine = config.proofEngine || new (require('../proof/proof-engine').DefaultProofEngine)(this.crypto);
+        this.didResolver = config.didResolver || new resolver_1.UniversalDIDResolver(this.fetch);
+        // Set optional verification components
+        this.credentialVerifier = config.credentialVerifier;
+        this.delegationRegistry = config.delegationRegistry;
+        // Create progressive verifier if both components available
+        if (this.credentialVerifier && this.delegationRegistry) {
+            this.progressiveVerifier = new interfaces_1.ProgressiveVerifier(this.credentialVerifier, this.delegationRegistry);
+        }
+    }
+    /**
+     * Initialize runtime (load or generate identity)
+     */
+    async initialize() {
+        // Try to load existing identity
+        this.cachedIdentity = await this.identity.loadIdentity() || undefined;
+        // Generate new identity if none exists
+        if (!this.cachedIdentity) {
+            await this.generateIdentity();
+        }
+        // Audit initialization
+        if (this.config.audit?.enabled) {
+            this.auditLog('runtime_initialized', {
+                did: this.cachedIdentity?.did,
+                timestamp: this.clock.now()
+            });
+        }
+    }
+    /**
+     * Get current agent identity
+     */
+    async getIdentity() {
+        if (!this.cachedIdentity) {
+            await this.initialize();
+        }
+        if (!this.cachedIdentity) {
+            throw new Error("Identity not initialized");
+        }
+        return this.cachedIdentity;
+    }
+    /**
+     * Generate new identity using crypto provider
+     */
+    async generateIdentity() {
+        const { privateKey, publicKey } = await this.crypto.generateKeyPair();
+        // Create DID from public key
+        const did = await this.createDID(publicKey);
+        const keyId = `${did}#key-1`;
+        const identity = {
+            did,
+            keyId,
+            privateKey,
+            publicKey,
+            createdAt: new Date(this.clock.now()).toISOString()
+        };
+        await this.identity.storeIdentity(identity);
+        this.cachedIdentity = identity;
+        // Audit identity generation
+        this.auditLog('identity_generated', { did, keyId });
+    }
+    /**
+     * Create DID from public key
+     */
+    async createDID(publicKey) {
+        // Default: did:key format
+        const keyBytes = Buffer.from(publicKey, 'base64');
+        const multicodec = Buffer.concat([
+            Buffer.from([0xed, 0x01]), // Ed25519 public key multicodec
+            keyBytes
+        ]);
+        const multibase = 'z' + multicodec.toString('base64url');
+        return `did:key:${multibase}`;
+    }
+    /**
+     * Handle handshake request with improved validation
+     */
+    async handleHandshake(request) {
+        const identity = await this.getIdentity();
+        // Validate timestamp using clock provider
+        if (!this.clock.isWithinSkew(request.timestamp, this.config.session?.timestampSkewSeconds || 120)) {
+            throw new Error("Timestamp outside acceptable window");
+        }
+        // Check nonce with prefix
+        const nonceKey = `${this.nonceCache.getNoncePrefix()}${request.nonce}`;
+        if (await this.nonceCache.has(nonceKey)) {
+            throw new Error("Nonce already used");
+        }
+        // Add nonce to cache with TTL
+        const ttl = this.nonceCache.getDefaultTTL();
+        await this.nonceCache.add(nonceKey, ttl);
+        // Create session
+        const sessionId = await this.generateSessionId();
+        const now = this.clock.now();
+        const session = {
+            sessionId,
+            agentDid: identity.did,
+            keyId: identity.keyId,
+            establishedAt: now,
+            lastActivityAt: now,
+            nonce: request.nonce,
+            clientInfo: request.clientInfo
+        };
+        this.sessions.set(sessionId, session);
+        // Audit handshake
+        this.auditLog('handshake_completed', {
+            sessionId,
+            clientInfo: request.clientInfo
+        });
+        return {
+            sessionId,
+            agentDid: identity.did,
+            keyId: identity.keyId,
+            timestamp: now,
+            capabilities: await this.getCapabilities()
+        };
+    }
+    /**
+     * Create proof using ProofEngine
+     */
+    async createProof(response, session, options) {
+        const identity = await this.getIdentity();
+        // Use configured proof format
+        const proofOptions = {
+            format: options?.format || this.config.proof?.defaultFormat || {
+                type: 'DetachedJWS',
+                algorithm: 'Ed25519'
+            },
+            canonicalize: options?.canonicalize ?? this.config.proof?.canonicalize ?? true,
+            includeMeta: options?.includeMeta ?? true
+        };
+        // Add session metadata
+        const dataWithMeta = {
+            ...response,
+            _meta: {
+                agentDid: identity.did,
+                keyId: identity.keyId,
+                sessionId: session.sessionId,
+                timestamp: this.clock.now(),
+                nonce: await this.generateNonce()
+            }
+        };
+        // Create proof using engine
+        const proof = await this.proofEngine.createProof(dataWithMeta, identity.privateKey, proofOptions);
+        // Audit proof creation
+        this.auditLog('proof_created', {
+            sessionId: session.sessionId,
+            format: proofOptions.format.type
+        });
+        return proof;
+    }
+    /**
+     * Verify proof with optional credential/delegation verification
+     */
+    async verifyProof(data, proof, options) {
+        // Extract public key if not provided
+        let publicKey = options?.publicKey;
+        if (!publicKey && data._meta?.agentDid) {
+            // Resolve DID to get public key
+            publicKey = await this.didResolver.getPublicKey(data._meta.agentDid, data._meta.keyId);
+        }
+        if (!publicKey) {
+            throw new Error('No public key available for verification');
+        }
+        // Verify proof using engine
+        const proofResult = await this.proofEngine.verifyProof(data, proof, publicKey, {
+            format: { type: 'DetachedJWS', algorithm: 'Ed25519' },
+            canonicalize: true
+        });
+        if (!proofResult.valid) {
+            return false;
+        }
+        // Progressive verification if enabled
+        if (this.progressiveVerifier && (options?.verifyCredential || options?.checkDelegation)) {
+            const verificationResult = await this.progressiveVerifier.verifyProgressive(data, {
+                verifyCredential: options.verifyCredential,
+                checkRevocation: true,
+                maxChainDepth: this.config.security?.maxDelegationDepth || 5
+            });
+            if (!verificationResult.valid) {
+                this.auditLog('verification_failed', {
+                    errors: verificationResult.errors,
+                    warnings: verificationResult.warnings
+                });
+                return false;
+            }
+        }
+        // Audit successful verification
+        this.auditLog('proof_verified', {
+            did: data._meta?.agentDid
+        });
+        return true;
+    }
+    /**
+     * Process tool call with automatic proof generation
+     */
+    async processToolCall(toolName, args, handler, session) {
+        // Check session validity
+        const sessionAge = this.clock.now() - session.establishedAt;
+        const maxAge = (this.config.session?.absoluteSessionLifetime || 86400) * 1000;
+        if (sessionAge > maxAge) {
+            throw new Error('Session expired');
+        }
+        // Update session activity
+        session.lastActivityAt = this.clock.now();
+        // Execute tool
+        const startTime = this.clock.now();
+        const result = await handler(args);
+        const executionTime = this.clock.now() - startTime;
+        // Create proof for response
+        const proofedResult = await this.createProof(result, session);
+        // Audit tool execution
+        this.auditLog('tool_executed', {
+            tool: toolName,
+            sessionId: session.sessionId,
+            executionTime,
+            hasProof: true
+        });
+        return proofedResult;
+    }
+    /**
+     * Get edge verification data for offline verification
+     */
+    async getEdgeVerificationData(id) {
+        if (!this.progressiveVerifier) {
+            throw new Error('Progressive verifier not configured');
+        }
+        return this.progressiveVerifier.getEdgeVerificationData(id);
+    }
+    /**
+     * Generate cryptographically secure session ID
+     */
+    async generateSessionId() {
+        // To be implemented by platform-specific runtime
+        throw new Error('generateSessionId must be implemented by platform runtime');
+    }
+    /**
+     * Generate cryptographically secure nonce
+     */
+    async generateNonce() {
+        // To be implemented by platform-specific runtime
+        throw new Error('generateNonce must be implemented by platform runtime');
+    }
+    /**
+     * Get runtime capabilities
+     */
+    async getCapabilities() {
+        const capabilities = ['tools', 'identity', 'proof', 'session'];
+        if (this.credentialVerifier) {
+            capabilities.push('credential-verification');
+        }
+        if (this.delegationRegistry) {
+            capabilities.push('delegation');
+        }
+        if (this.progressiveVerifier) {
+            capabilities.push('progressive-verification');
+        }
+        // Add supported proof formats
+        const formats = this.proofEngine.getSupportedFormats();
+        formats.forEach(f => {
+            capabilities.push(`proof:${f.type.toLowerCase()}`);
+        });
+        return capabilities;
+    }
+    /**
+     * Audit logging
+     */
+    auditLog(event, data) {
+        if (!this.config.audit?.enabled) {
+            return;
+        }
+        const record = {
+            timestamp: this.clock.now(),
+            event,
+            data: this.config.audit.includePayloads ? data : undefined,
+            did: this.cachedIdentity?.did
+        };
+        const logLine = JSON.stringify(record);
+        if (this.config.audit.logFunction) {
+            this.config.audit.logFunction(logLine);
+        }
+        else {
+            console.log('[AUDIT]', logLine);
+        }
+    }
+}
+exports.MCPIRuntimeBaseV2 = MCPIRuntimeBaseV2;
+//# sourceMappingURL=base-v2.js.map

package/dist/runtime/base-v2.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base-v2.js","sourceRoot":"","sources":["../../src/runtime/base-v2.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAiBH,2DAAyG;AACzG,8CAAuD;AA0CvD;;;GAGG;AACH,MAAa,iBAAiB;IAC5B,iBAAiB;IACP,MAAM,CAAiB;IACvB,QAAQ,CAAmB;IAC3B,OAAO,CAAkB;IACzB,UAAU,CAAqB;IAC/B,KAAK,CAAgB;IACrB,KAAK,CAAgB;IAE/B,sBAAsB;IACZ,WAAW,CAAc;IACzB,WAAW,CAAuB;IAClC,kBAAkB,CAAsB;IACxC,kBAAkB,CAAsB;IACxC,mBAAmB,CAAuB;IAEpD,gBAAgB;IACN,MAAM,CAAsB;IAEtC,gBAAgB;IACR,cAAc,CAAiB;IAC/B,QAAQ,GAAgC,IAAI,GAAG,EAAE,CAAC;IAE1D,YAAY,MAA2B;QACrC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,qBAAqB;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC;QACpC,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC;QACxC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,eAAe,CAAC;QACtC,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,kBAAkB,CAAC;QAC5C,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,aAAa,CAAC;QAClC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,aAAa,CAAC;QAElC,iCAAiC;QACjC,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChH,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,IAAI,+BAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAE9E,uCAAuC;QACvC,IAAI,CAAC,kBAAkB,GAAG,MAAM,CAAC,kBAAkB,CAAC;QACpD,IAAI,CAAC,kBAAkB,GAAG,MAAM,CAAC,kBAAkB,CAAC;QAEpD,2DAA2D;QAC3D,IAAI,IAAI,CAAC,kBAAkB,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACvD,IAAI,CAAC,mBAAmB,GAAG,IAAI,gCAAmB,CAChD,IAAI,CAAC,kBAAkB,EACvB,IAAI,CAAC,kBAAkB,CACxB,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,gCAAgC;QAChC,IAAI,CAAC,cAAc,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,IAAI,SAAS,CAAC;QAEtE,uCAAuC;QACvC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAChC,CAAC;QAED,uBAAuB;QACvB,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;YAC/B,IAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE;gBACnC,GAAG,EAAE,IAAI,CAAC,cAAc,EAAE,GAAG;gBAC7B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;aAC5B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,gBAAgB;QAC9B,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;QAEtE,6BAA6B;QAC7B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QAC5C,MAAM,KAAK,GAAG,GAAG,GAAG,QAAQ,CAAC;QAE7B,MAAM,QAAQ,GAAkB;YAC9B,GAAG;YACH,KAAK;YACL,UAAU;YACV,SAAS;YACT,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,WAAW,EAAE;SACpD,CAAC;QAEF,MAAM,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,CAAC,cAAc,GAAG,QAAQ,CAAC;QAE/B,4BAA4B;QAC5B,IAAI,CAAC,QAAQ,CAAC,oBAAoB,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;IACtD,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,SAAS,CAAC,SAAiB;QACzC,0BAA0B;QAC1B,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAClD,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,EAAE,gCAAgC;YAC3D,QAAQ;SACT,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACzD,OAAO,WAAW,SAAS,EAAE,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,OAAyB;QAC7C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAE1C,0CAA0C;QAC1C,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAC1B,OAAO,CAAC,SAAS,EACjB,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,oBAAoB,IAAI,GAAG,CACjD,EAAE,CAAC;YACF,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,CAAC;QAED,0BAA0B;QAC1B,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC;QACvE,IAAI,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxC,CAAC;QAED,8BAA8B;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;QAC5C,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAEzC,iBAAiB;QACjB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACjD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QAE7B,MAAM,OAAO,GAAmB;YAC9B,SAAS;YACT,QAAQ,EAAE,QAAQ,CAAC,GAAG;YACtB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,aAAa,EAAE,GAAG;YAClB,cAAc,EAAE,GAAG;YACnB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,UAAU,EAAE,OAAO,CAAC,UAAU;SAC/B,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAEtC,kBAAkB;QAClB,IAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE;YACnC,SAAS;YACT,UAAU,EAAE,OAAO,CAAC,UAAU;SAC/B,CAAC,CAAC;QAEH,OAAO;YACL,SAAS;YACT,QAAQ,EAAE,QAAQ,CAAC,GAAG;YACtB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,SAAS,EAAE,GAAG;YACd,YAAY,EAAE,MAAM,IAAI,CAAC,eAAe,EAAE;SAC3C,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CACf,QAAa,EACb,OAAuB,EACvB,OAA+B;QAE/B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAE1C,8BAA8B;QAC9B,MAAM,YAAY,GAAiB;YACjC,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,aAAa,IAAI;gBAC7D,IAAI,EAAE,aAAa;gBACnB,SAAS,EAAE,SAAS;aACrB;YACD,YAAY,EAAE,OAAO,EAAE,YAAY,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,YAAY,IAAI,IAAI;YAC9E,WAAW,EAAE,OAAO,EAAE,WAAW,IAAI,IAAI;SAC1C,CAAC;QAEF,uBAAuB;QACvB,MAAM,YAAY,GAAG;YACnB,GAAG,QAAQ;YACX,KAAK,EAAE;gBACL,QAAQ,EAAE,QAAQ,CAAC,GAAG;gBACtB,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;gBAC3B,KAAK,EAAE,MAAM,IAAI,CAAC,aAAa,EAAE;aAClC;SACF,CAAC;QAEF,4BAA4B;QAC5B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAC9C,YAAY,EACZ,QAAQ,CAAC,UAAU,EACnB,YAAY,CACb,CAAC;QAEF,uBAAuB;QACvB,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE;YAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,YAAY,CAAC,MAAM,CAAC,IAAI;SACjC,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CACf,IAAS,EACT,KAAU,EACV,OAIC;QAED,qCAAqC;QACrC,IAAI,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;QAEnC,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC;YACvC,gCAAgC;YAChC,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAC7C,IAAI,CAAC,KAAK,CAAC,QAAQ,EACnB,IAAI,CAAC,KAAK,CAAC,KAAK,CACjB,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QAED,4BAA4B;QAC5B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CACpD,IAAI,EACJ,KAAK,EACL,SAAS,EACT;YACE,MAAM,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE;YACrD,YAAY,EAAE,IAAI;SACnB,CACF,CAAC;QAEF,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;YACvB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,sCAAsC;QACtC,IAAI,IAAI,CAAC,mBAAmB,IAAI,CAAC,OAAO,EAAE,gBAAgB,IAAI,OAAO,EAAE,eAAe,CAAC,EAAE,CAAC;YACxF,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,CACzE,IAAI,EACJ;gBACE,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;gBAC1C,eAAe,EAAE,IAAI;gBACrB,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,kBAAkB,IAAI,CAAC;aAC7D,CACF,CAAC;YAEF,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;gBAC9B,IAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE;oBACnC,MAAM,EAAE,kBAAkB,CAAC,MAAM;oBACjC,QAAQ,EAAE,kBAAkB,CAAC,QAAQ;iBACtC,CAAC,CAAC;gBACH,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE;YAC9B,GAAG,EAAE,IAAI,CAAC,KAAK,EAAE,QAAQ;SAC1B,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACnB,QAAgB,EAChB,IAAS,EACT,OAAoC,EACpC,OAAuB;QAEvB,yBAAyB;QACzB,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC;QAC5D,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,uBAAuB,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC;QAE9E,IAAI,UAAU,GAAG,MAAM,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACrC,CAAC;QAED,0BAA0B;QAC1B,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QAE1C,eAAe;QACf,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;QACnC,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAEnD,4BAA4B;QAC5B,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAE9D,uBAAuB;QACvB,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE;YAC7B,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,aAAa;YACb,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;QAEH,OAAO,aAAa,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,uBAAuB,CAAC,EAAU;QACtC,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,iBAAiB;QAC/B,iDAAiD;QACjD,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC/E,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,aAAa;QAC3B,iDAAiD;QACjD,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,eAAe;QAC7B,MAAM,YAAY,GAAG,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QAE/D,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,YAAY,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAClC,CAAC;QAED,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC7B,YAAY,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAChD,CAAC;QAED,8BAA8B;QAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,mBAAmB,EAAE,CAAC;QACvD,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;YAClB,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;OAEG;IACO,QAAQ,CAAC,KAAa,EAAE,IAAU;QAC1C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;YAChC,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;YAC3B,KAAK;YACL,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;YAC1D,GAAG,EAAE,IAAI,CAAC,cAAc,EAAE,GAAG;SAC9B,CAAC;QAEF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAEvC,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;YAClC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;CACF;AA7ZD,8CA6ZC"}

package/dist/runtime/base.d.ts

@@ -5,33 +5,9 @@
  * This enables the same runtime logic to work across Node.js, Cloudflare Workers,
  * and other platforms.
  */
-import { CryptoProvider, ClockProvider, FetchProvider, StorageProvider, NonceCacheProvider, IdentityProvider, AgentIdentity } from '../providers/base';
-import type { ToolProtectionService } from '../services/tool-protection.service.js';
-export interface MCPIRuntimeConfig {
-    cryptoProvider: CryptoProvider;
-    clockProvider: ClockProvider;
-    fetchProvider: FetchProvider;
-    storageProvider: StorageProvider;
-    nonceCacheProvider: NonceCacheProvider;
-    identityProvider: IdentityProvider;
-    environment?: 'development' | 'production';
-    timestampSkewSeconds?: number;
-    sessionTtlMinutes?: number;
-    audit?: {
-        enabled: boolean;
-        logFunction?: (record: string) => void;
-        includePayloads?: boolean;
-    };
-    wellKnown?: {
-        enabled: boolean;
-        serviceName?: string;
-        serviceEndpoint?: string;
-    };
-    showVerifyLink?: boolean;
-    identityBadge?: boolean;
-    toolProtectionService?: ToolProtectionService;
-    authorizationUrl?: string;
-}
+import { CryptoProvider, ClockProvider, FetchProvider, StorageProvider, NonceCacheProvider, IdentityProvider, AgentIdentity } from "../providers/base";
+import type { MCPIdentity, WellKnownConfig, WellKnownResponse } from "@kya-os/contracts/well-known";
+import type { ProviderRuntimeConfig } from "../config";
 export declare class MCPIRuntimeBase {
     protected crypto: CryptoProvider;
     protected clock: ClockProvider;
@@ -39,11 +15,13 @@ export declare class MCPIRuntimeBase {
     protected storage: StorageProvider;
     protected nonceCache: NonceCacheProvider;
     protected identity: IdentityProvider;
-    protected config: MCPIRuntimeConfig;
+    protected config: ProviderRuntimeConfig;
     private cachedIdentity?;
     private sessions;
     private lastProof?;
-    constructor(config: MCPIRuntimeConfig);
+    private userDidManager?;
+    private interceptedCalls;
+    constructor(config: ProviderRuntimeConfig);
     /**
      * Initialize the runtime
      */
@@ -66,11 +44,30 @@ export declare class MCPIRuntimeBase {
      * @param session - Session context (expected fields: id, audience, nonce?, delegationToken?, consentProof?)
      */
     processToolCall(toolName: string, args: any, handler: (args: any) => Promise<any>, session?: any): Promise<any>;
+    /**
+     * Resume a tool call after authorization
+     *
+     * @param resumeToken - Token from DelegationRequiredError
+     * @param handler - Tool execution handler
+     * @param delegationToken - Delegation token from authorization
+     * @returns Tool execution result
+     */
+    resumeToolCall(resumeToken: string, handler: (args: any) => Promise<any>, delegationToken?: string): Promise<any>;
+    /**
+     * Generate a resume token for intercepted tool call
+     */
+    private generateResumeToken;
+    /**
+     * Clean up expired intercepted calls
+     */
+    private cleanupExpiredInterceptedCalls;
     /**
      * Build consent URL for delegation flow
      * Override this method in subclasses to customize the consent URL
+     *
+     * Note: Parameter names use snake_case for AgentShield API compatibility
      */
-    protected buildConsentUrl(toolName: string, scopes: string[], session?: any): string;
+    protected buildConsentUrl(toolName: string, scopes: string[], session?: any, resumeToken?: string, projectId?: string): string;
     /**
      * Issue a new nonce and register it in the cache
      * Use this to get a nonce for the session context before calling processToolCall
@@ -95,7 +92,7 @@ export declare class MCPIRuntimeBase {
     /**
      * Create well-known handler for identity verification
      */
-    createWellKnownHandler(config?: any): any;
+    createWellKnownHandler(config?: WellKnownConfig): (path: string) => Promise<WellKnownResponse | MCPIdentity | null>;
     /**
      * Create debug endpoint (development only)
      */

package/dist/runtime/base.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"base.d.ts","sourceRoot":"","sources":["../../src/runtime/base.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,cAAc,EACd,aAAa,EACb,aAAa,EACb,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,aAAa,EACd,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAGpF,MAAM,WAAW,iBAAiB;IAEhC,cAAc,EAAE,cAAc,CAAC;IAC/B,aAAa,EAAE,aAAa,CAAC;IAC7B,aAAa,EAAE,aAAa,CAAC;IAC7B,eAAe,EAAE,eAAe,CAAC;IACjC,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,gBAAgB,EAAE,gBAAgB,CAAC;IAGnC,WAAW,CAAC,EAAE,aAAa,GAAG,YAAY,CAAC;IAC3C,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAG3B,KAAK,CAAC,EAAE;QACN,OAAO,EAAE,OAAO,CAAC;QACjB,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;QACvC,eAAe,CAAC,EAAE,OAAO,CAAC;KAC3B,CAAC;IAEF,SAAS,CAAC,EAAE;QACV,OAAO,EAAE,OAAO,CAAC;QACjB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;IAEF,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,aAAa,CAAC,EAAE,OAAO,CAAC;IAGxB,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAK9C,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,qBAAa,eAAe;IAC1B,SAAS,CAAC,MAAM,EAAE,cAAc,CAAC;IACjC,SAAS,CAAC,KAAK,EAAE,aAAa,CAAC;IAC/B,SAAS,CAAC,KAAK,EAAE,aAAa,CAAC;IAC/B,SAAS,CAAC,OAAO,EAAE,eAAe,CAAC;IACnC,SAAS,CAAC,UAAU,EAAE,kBAAkB,CAAC;IACzC,SAAS,CAAC,QAAQ,EAAE,gBAAgB,CAAC;IACrC,SAAS,CAAC,MAAM,EAAE,iBAAiB,CAAC;IACpC,OAAO,CAAC,cAAc,CAAC,CAAgB;IACvC,OAAO,CAAC,QAAQ,CAA+B;IAC/C,OAAO,CAAC,SAAS,CAAC,CAAM;gBAEZ,MAAM,EAAE,iBAAiB;IAUrC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAkBjC;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,aAAa,CAAC;IAO3C;;OAEG;IACG,eAAe,CAAC,OAAO,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAkCjD;;;;;;;;OAQG;IACG,eAAe,CACnB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,GAAG,EACT,OAAO,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,EACpC,OAAO,CAAC,EAAE,GAAG,GACZ,OAAO,CAAC,GAAG,CAAC;IAwEf;;;OAGG;IACH,SAAS,CAAC,eAAe,CACvB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,EAChB,OAAO,CAAC,EAAE,GAAG,GACZ,MAAM;IAcT;;;OAGG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IASpD;;OAEG;IACG,WAAW,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAuCzD;;OAEG;IACG,WAAW,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC;IA4C1D;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,GAAG,CAAC;IAUvC;;OAEG;IACH,YAAY,IAAI,GAAG;IAInB;;OAEG;IACH,sBAAsB,CAAC,MAAM,CAAC,EAAE,GAAG,GAAG,GAAG;IA2DzC;;OAEG;IACH,mBAAmB,IAAI,GAAG;IAyB1B;;OAEG;IACH,cAAc,IAAI,GAAG;IAMrB;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,aAAa,CAAC;YAkB5B,QAAQ;YAYR,aAAa;YAKb,iBAAiB;IAK/B,OAAO,CAAC,QAAQ;IAmBhB,OAAO,CAAC,iBAAiB;IAiBzB,OAAO,CAAC,gBAAgB;IAYxB,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,UAAU;CAGnB"}
+{"version":3,"file":"base.d.ts","sourceRoot":"","sources":["../../src/runtime/base.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,cAAc,EACd,aAAa,EACb,aAAa,EACb,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,aAAa,EACd,MAAM,mBAAmB,CAAC;AAE3B,OAAO,KAAK,EAGV,WAAW,EACX,eAAe,EACf,iBAAiB,EAClB,MAAM,8BAA8B,CAAC;AAGtC,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AAIvD,qBAAa,eAAe;IAC1B,SAAS,CAAC,MAAM,EAAE,cAAc,CAAC;IACjC,SAAS,CAAC,KAAK,EAAE,aAAa,CAAC;IAC/B,SAAS,CAAC,KAAK,EAAE,aAAa,CAAC;IAC/B,SAAS,CAAC,OAAO,EAAE,eAAe,CAAC;IACnC,SAAS,CAAC,UAAU,EAAE,kBAAkB,CAAC;IACzC,SAAS,CAAC,QAAQ,EAAE,gBAAgB,CAAC;IACrC,SAAS,CAAC,MAAM,EAAE,qBAAqB,CAAC;IACxC,OAAO,CAAC,cAAc,CAAC,CAAgB;IACvC,OAAO,CAAC,QAAQ,CAA+B;IAC/C,OAAO,CAAC,SAAS,CAAC,CAAM;IACxB,OAAO,CAAC,cAAc,CAAC,CAAiB;IACxC,OAAO,CAAC,gBAAgB,CAA+B;gBAE3C,MAAM,EAAE,qBAAqB;IAUzC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAqCjC;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,aAAa,CAAC;IAO3C;;OAEG;IACG,eAAe,CAAC,OAAO,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAoDjD;;;;;;;;OAQG;IACG,eAAe,CACnB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,GAAG,EACT,OAAO,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,EACpC,OAAO,CAAC,EAAE,GAAG,GACZ,OAAO,CAAC,GAAG,CAAC;IA8Hf;;;;;;;OAOG;IACG,cAAc,CAClB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,EACpC,eAAe,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,GAAG,CAAC;IAuCf;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAoB3B;;OAEG;IACH,OAAO,CAAC,8BAA8B;IAStC;;;;;OAKG;IACH,SAAS,CAAC,eAAe,CACvB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,EAChB,OAAO,CAAC,EAAE,GAAG,EACb,WAAW,CAAC,EAAE,MAAM,EACpB,SAAS,CAAC,EAAE,MAAM,GACjB,MAAM;IAyBT;;;OAGG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IASpD;;OAEG;IACG,WAAW,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAuCzD;;OAEG;IACG,WAAW,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC;IAwC1D;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,GAAG,CAAC;IAUvC;;OAEG;IACH,YAAY,IAAI,GAAG;IAInB;;OAEG;IACH,sBAAsB,CACpB,MAAM,CAAC,EAAE,eAAe,GACvB,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,iBAAiB,GAAG,WAAW,GAAG,IAAI,CAAC;IA+DpE;;OAEG;IACH,mBAAmB,IAAI,GAAG;IAyB1B;;OAEG;IACH,cAAc,IAAI,GAAG;IAMrB;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,aAAa,CAAC;YAkB5B,QAAQ;YAOR,aAAa;YAKb,iBAAiB;IAK/B,OAAO,CAAC,QAAQ;IAmBhB,OAAO,CAAC,iBAAiB;IAmBzB,OAAO,CAAC,gBAAgB;IAYxB,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,UAAU;CAGnB"}