@kya-os/mcp-i-core 1.2.2-canary.25 → 1.2.2-canary.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (150) hide show
  1. package/.claude/settings.local.json +9 -0
  2. package/.turbo/turbo-build.log +4 -0
  3. package/.turbo/turbo-test$colon$coverage.log +28 -0
  4. package/.turbo/turbo-test.log +2398 -0
  5. package/COMPLIANCE_IMPROVEMENT_REPORT.md +483 -0
  6. package/Composer 3.md +615 -0
  7. package/GPT-5.md +1169 -0
  8. package/OPUS-plan.md +352 -0
  9. package/PHASE_3_AND_4.1_SUMMARY.md +585 -0
  10. package/PHASE_3_SUMMARY.md +317 -0
  11. package/PHASE_4.1.3_SUMMARY.md +428 -0
  12. package/PHASE_4.1_COMPLETE.md +525 -0
  13. package/PHASE_4_USER_DID_IDENTITY_LINKING_PLAN.md +1240 -0
  14. package/SCHEMA_COMPLIANCE_REPORT.md +275 -0
  15. package/TEST_PLAN.md +571 -0
  16. package/dist/__tests__/utils/mock-providers.d.ts +1 -2
  17. package/dist/__tests__/utils/mock-providers.d.ts.map +1 -1
  18. package/dist/__tests__/utils/mock-providers.js.map +1 -1
  19. package/dist/services/authorization/authorization-registry.d.ts +29 -0
  20. package/dist/services/authorization/authorization-registry.d.ts.map +1 -0
  21. package/dist/services/authorization/authorization-registry.js +57 -0
  22. package/dist/services/authorization/authorization-registry.js.map +1 -0
  23. package/dist/services/authorization/types.d.ts +53 -0
  24. package/dist/services/authorization/types.d.ts.map +1 -0
  25. package/dist/services/authorization/types.js +10 -0
  26. package/dist/services/authorization/types.js.map +1 -0
  27. package/docs/API_REFERENCE.md +1362 -0
  28. package/docs/COMPLIANCE_MATRIX.md +691 -0
  29. package/docs/STATUSLIST2021_GUIDE.md +696 -0
  30. package/docs/W3C_VC_DELEGATION_GUIDE.md +710 -0
  31. package/package.json +21 -63
  32. package/scripts/audit-compliance.ts +724 -0
  33. package/src/__tests__/cache/tool-protection-cache.test.ts +640 -0
  34. package/src/__tests__/config/provider-runtime-config.test.ts +309 -0
  35. package/src/__tests__/delegation-e2e.test.ts +690 -0
  36. package/src/__tests__/identity/user-did-manager.test.ts +213 -0
  37. package/src/__tests__/index.test.ts +56 -0
  38. package/src/__tests__/integration/full-flow.test.ts +776 -0
  39. package/src/__tests__/integration.test.ts +281 -0
  40. package/src/__tests__/providers/base.test.ts +173 -0
  41. package/src/__tests__/providers/memory.test.ts +319 -0
  42. package/src/__tests__/regression/phase2-regression.test.ts +427 -0
  43. package/src/__tests__/runtime/audit-logger.test.ts +154 -0
  44. package/src/__tests__/runtime/base-extensions.test.ts +593 -0
  45. package/src/__tests__/runtime/base.test.ts +869 -0
  46. package/src/__tests__/runtime/delegation-flow.test.ts +164 -0
  47. package/src/__tests__/runtime/proof-client-did.test.ts +375 -0
  48. package/src/__tests__/runtime/route-interception.test.ts +686 -0
  49. package/src/__tests__/runtime/tool-protection-enforcement.test.ts +908 -0
  50. package/src/__tests__/services/agentshield-integration.test.ts +784 -0
  51. package/src/__tests__/services/provider-resolver-edge-cases.test.ts +487 -0
  52. package/src/__tests__/services/tool-protection-oauth-provider.test.ts +480 -0
  53. package/src/__tests__/services/tool-protection.service.test.ts +1366 -0
  54. package/src/__tests__/utils/mock-providers.ts +340 -0
  55. package/src/cache/oauth-config-cache.d.ts +69 -0
  56. package/src/cache/oauth-config-cache.d.ts.map +1 -0
  57. package/src/cache/oauth-config-cache.js +71 -0
  58. package/src/cache/oauth-config-cache.js.map +1 -0
  59. package/src/cache/oauth-config-cache.ts +123 -0
  60. package/src/cache/tool-protection-cache.ts +171 -0
  61. package/src/compliance/EXAMPLE.md +412 -0
  62. package/src/compliance/__tests__/schema-verifier.test.ts +797 -0
  63. package/src/compliance/index.ts +8 -0
  64. package/src/compliance/schema-registry.ts +460 -0
  65. package/src/compliance/schema-verifier.ts +708 -0
  66. package/src/config/__tests__/remote-config.spec.ts +268 -0
  67. package/src/config/remote-config.ts +174 -0
  68. package/src/config.ts +309 -0
  69. package/src/delegation/__tests__/audience-validator.test.ts +112 -0
  70. package/src/delegation/__tests__/bitstring.test.ts +346 -0
  71. package/src/delegation/__tests__/cascading-revocation.test.ts +628 -0
  72. package/src/delegation/__tests__/delegation-graph.test.ts +584 -0
  73. package/src/delegation/__tests__/utils.test.ts +152 -0
  74. package/src/delegation/__tests__/vc-issuer.test.ts +442 -0
  75. package/src/delegation/__tests__/vc-verifier.test.ts +922 -0
  76. package/src/delegation/audience-validator.ts +52 -0
  77. package/src/delegation/bitstring.ts +278 -0
  78. package/src/delegation/cascading-revocation.ts +370 -0
  79. package/src/delegation/delegation-graph.ts +299 -0
  80. package/src/delegation/index.ts +14 -0
  81. package/src/delegation/statuslist-manager.ts +353 -0
  82. package/src/delegation/storage/__tests__/memory-graph-storage.test.ts +366 -0
  83. package/src/delegation/storage/__tests__/memory-statuslist-storage.test.ts +228 -0
  84. package/src/delegation/storage/index.ts +9 -0
  85. package/src/delegation/storage/memory-graph-storage.ts +178 -0
  86. package/src/delegation/storage/memory-statuslist-storage.ts +77 -0
  87. package/src/delegation/utils.ts +42 -0
  88. package/src/delegation/vc-issuer.ts +232 -0
  89. package/src/delegation/vc-verifier.ts +568 -0
  90. package/src/identity/idp-token-resolver.ts +147 -0
  91. package/src/identity/idp-token-storage.interface.ts +59 -0
  92. package/src/identity/user-did-manager.ts +370 -0
  93. package/src/index.ts +260 -0
  94. package/src/providers/base.d.ts +91 -0
  95. package/src/providers/base.d.ts.map +1 -0
  96. package/src/providers/base.js +38 -0
  97. package/src/providers/base.js.map +1 -0
  98. package/src/providers/base.ts +96 -0
  99. package/src/providers/memory.ts +142 -0
  100. package/src/runtime/audit-logger.ts +39 -0
  101. package/src/runtime/base.ts +1329 -0
  102. package/src/services/__tests__/access-control.integration.test.ts +443 -0
  103. package/src/services/__tests__/access-control.service.test.ts +970 -0
  104. package/src/services/__tests__/batch-delegation.service.test.ts +351 -0
  105. package/src/services/__tests__/crypto.service.test.ts +531 -0
  106. package/src/services/__tests__/oauth-provider-registry.test.ts +142 -0
  107. package/src/services/__tests__/proof-verifier.integration.test.ts +485 -0
  108. package/src/services/__tests__/proof-verifier.test.ts +489 -0
  109. package/src/services/__tests__/provider-resolution.integration.test.ts +198 -0
  110. package/src/services/__tests__/provider-resolver.test.ts +217 -0
  111. package/src/services/__tests__/storage.service.test.ts +358 -0
  112. package/src/services/access-control.service.ts +877 -0
  113. package/src/services/authorization/authorization-registry.ts +66 -0
  114. package/src/services/authorization/types.ts +71 -0
  115. package/src/services/batch-delegation.service.ts +137 -0
  116. package/src/services/crypto.service.ts +302 -0
  117. package/src/services/errors.ts +76 -0
  118. package/src/services/index.ts +9 -0
  119. package/src/services/oauth-config.service.d.ts +53 -0
  120. package/src/services/oauth-config.service.d.ts.map +1 -0
  121. package/src/services/oauth-config.service.js +113 -0
  122. package/src/services/oauth-config.service.js.map +1 -0
  123. package/src/services/oauth-config.service.ts +166 -0
  124. package/src/services/oauth-provider-registry.d.ts +57 -0
  125. package/src/services/oauth-provider-registry.d.ts.map +1 -0
  126. package/src/services/oauth-provider-registry.js +73 -0
  127. package/src/services/oauth-provider-registry.js.map +1 -0
  128. package/src/services/oauth-provider-registry.ts +123 -0
  129. package/src/services/oauth-service.ts +510 -0
  130. package/src/services/oauth-token-retrieval.service.ts +245 -0
  131. package/src/services/proof-verifier.ts +478 -0
  132. package/src/services/provider-resolver.d.ts +48 -0
  133. package/src/services/provider-resolver.d.ts.map +1 -0
  134. package/src/services/provider-resolver.js +106 -0
  135. package/src/services/provider-resolver.js.map +1 -0
  136. package/src/services/provider-resolver.ts +144 -0
  137. package/src/services/provider-validator.ts +170 -0
  138. package/src/services/storage.service.ts +566 -0
  139. package/src/services/tool-context-builder.ts +172 -0
  140. package/src/services/tool-protection.service.ts +798 -0
  141. package/src/types/oauth-required-error.ts +63 -0
  142. package/src/types/tool-protection.ts +155 -0
  143. package/src/utils/__tests__/did-helpers.test.ts +101 -0
  144. package/src/utils/base64.ts +148 -0
  145. package/src/utils/cors.ts +83 -0
  146. package/src/utils/did-helpers.ts +150 -0
  147. package/src/utils/index.ts +8 -0
  148. package/src/utils/storage-keys.ts +278 -0
  149. package/tsconfig.json +21 -0
  150. package/vitest.config.ts +56 -0
package/dist/services/authorization/authorization-registry.js ADDED
@@ -0,0 +1,57 @@
1
+ "use strict";
2
+ /**
3
+ * Authorization Registry
4
+ *
5
+ * Registry for managing available authorization services.
6
+ * Allows looking up the appropriate service for a given authorization type.
7
+ *
8
+ * @package @kya-os/mcp-i-core
9
+ */
10
+ Object.defineProperty(exports, "__esModule", { value: true });
11
+ exports.AuthorizationRegistry = void 0;
12
+ class AuthorizationRegistry {
13
+ services = new Map();
14
+ /**
15
+ * Register an authorization service
16
+ */
17
+ register(service) {
18
+ this.services.set(service.type, service);
19
+ }
20
+ /**
21
+ * Get an authorization service by type
22
+ */
23
+ getService(type) {
24
+ return this.services.get(type) || null;
25
+ }
26
+ /**
27
+ * Resolve authorization requirement for a tool
28
+ *
29
+ * Determines the authorization requirement based on the tool protection config.
30
+ * Handles backward compatibility with legacy `oauthProvider` field.
31
+ */
32
+ resolveRequirement(toolProtection) {
33
+ if (!toolProtection.requiresDelegation) {
34
+ return null;
35
+ }
36
+ // Use the explicit authorization field if present
37
+ if (toolProtection.authorization) {
38
+ return toolProtection.authorization;
39
+ }
40
+ // Legacy fallback: oauthProvider field
41
+ if (toolProtection.oauthProvider) {
42
+ return {
43
+ type: 'oauth',
44
+ provider: toolProtection.oauthProvider,
45
+ };
46
+ }
47
+ // If requiresDelegation is true but no auth specified, default to 'none' (consent only)
48
+ // UNLESS we are in a transition period where ProviderResolver might infer scopes.
49
+ // This logic will be refined as we move logic from ProviderResolver to here.
50
+ // For now, return null to let downstream logic handle fallbacks if needed,
51
+ // or return 'none' if we want to enforce explicit config.
52
+ // Returning null allows the legacy ProviderResolver to attempt scope inference
53
+ return null;
54
+ }
55
+ }
56
+ exports.AuthorizationRegistry = AuthorizationRegistry;
57
+ //# sourceMappingURL=authorization-registry.js.map
package/dist/services/authorization/authorization-registry.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"authorization-registry.js","sourceRoot":"","sources":["../../../src/services/authorization/authorization-registry.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAKH,MAAa,qBAAqB;IACxB,QAAQ,GAAsC,IAAI,GAAG,EAAE,CAAC;IAEhE;;OAEG;IACH,QAAQ,CAAC,OAA6B;QACpC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,IAAY;QACrB,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;IACzC,CAAC;IAED;;;;;OAKG;IACH,kBAAkB,CAChB,cAA8B;QAE9B,IAAI,CAAC,cAAc,CAAC,kBAAkB,EAAE,CAAC;YACvC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kDAAkD;QAClD,IAAI,cAAc,CAAC,aAAa,EAAE,CAAC;YACjC,OAAO,cAAc,CAAC,aAAa,CAAC;QACtC,CAAC;QAED,uCAAuC;QACvC,IAAI,cAAc,CAAC,aAAa,EAAE,CAAC;YACjC,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,QAAQ,EAAE,cAAc,CAAC,aAAa;aACvC,CAAC;QACJ,CAAC;QAED,wFAAwF;QACxF,kFAAkF;QAClF,6EAA6E;QAC7E,2EAA2E;QAC3E,0DAA0D;QAE1D,+EAA+E;QAC/E,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AApDD,sDAoDC"}
package/dist/services/authorization/types.d.ts ADDED
@@ -0,0 +1,53 @@
1
+ /**
2
+ * Authorization Service Types
3
+ *
4
+ * Shared types for authorization services and flows.
5
+ *
6
+ * @package @kya-os/mcp-i-core
7
+ */
8
+ import type { ToolProtection } from "@kya-os/contracts/tool-protection";
9
+ /**
10
+ * Authorization Flow Result
11
+ */
12
+ export interface AuthorizationResult {
13
+ success: boolean;
14
+ credential?: unknown;
15
+ userDid?: string;
16
+ metadata?: Record<string, unknown>;
17
+ error?: Error;
18
+ }
19
+ /**
20
+ * Authorization Flow
21
+ * Represents an initiated authorization flow
22
+ */
23
+ export interface AuthorizationFlow {
24
+ /** URL to redirect the user to */
25
+ url: string;
26
+ /** Unique identifier for this flow */
27
+ flowId?: string;
28
+ /** Metadata about the flow */
29
+ metadata?: Record<string, unknown>;
30
+ }
31
+ /**
32
+ * Authorization Service Interface
33
+ * Each authorization type implements this
34
+ */
35
+ export interface AuthorizationService {
36
+ /** Unique type identifier (e.g., 'oauth', 'mdl', 'idv') */
37
+ type: string;
38
+ /**
39
+ * Check if authorization is required for the given tool protection
40
+ */
41
+ isRequired(toolProtection: ToolProtection): boolean;
42
+ /**
43
+ * Initiate authorization flow
44
+ * Returns URL or flow identifier
45
+ */
46
+ initiateFlow(toolProtection: ToolProtection, sessionId: string, projectId: string, agentDid: string, serverUrl: string): Promise<AuthorizationFlow>;
47
+ /**
48
+ * Verify authorization result
49
+ * Called after user completes flow
50
+ */
51
+ verifyAuthorization(flowId: string, result: unknown): Promise<AuthorizationResult>;
52
+ }
53
+ //# sourceMappingURL=types.d.ts.map
package/dist/services/authorization/types.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/services/authorization/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AAExE;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;IAEZ,sCAAsC;IACtC,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,8BAA8B;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,2DAA2D;IAC3D,IAAI,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,UAAU,CAAC,cAAc,EAAE,cAAc,GAAG,OAAO,CAAC;IAEpD;;;OAGG;IACH,YAAY,CACV,cAAc,EAAE,cAAc,EAC9B,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAE9B;;;OAGG;IACH,mBAAmB,CACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,OAAO,GACd,OAAO,CAAC,mBAAmB,CAAC,CAAC;CACjC"}
package/dist/services/authorization/types.js ADDED
@@ -0,0 +1,10 @@
1
+ "use strict";
2
+ /**
3
+ * Authorization Service Types
4
+ *
5
+ * Shared types for authorization services and flows.
6
+ *
7
+ * @package @kya-os/mcp-i-core
8
+ */
9
+ Object.defineProperty(exports, "__esModule", { value: true });
10
+ //# sourceMappingURL=types.js.map
package/dist/services/authorization/types.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/services/authorization/types.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG"}