npm - @kya-os/mcp-i-core - Versions diffs - 1.2.3-canary.6 → 1.3.0-canary.clientinfo.20251126003544 - Mend

@kya-os/mcp-i-core 1.2.3-canary.6 → 1.3.0-canary.clientinfo.20251126003544

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (239) hide show

package/.turbo/turbo-build.log +4 -0
package/.turbo/turbo-test$colon$coverage.log +4239 -0
package/.turbo/turbo-test.log +2973 -0
package/COMPLIANCE_IMPROVEMENT_REPORT.md +483 -0
package/Composer 3.md +615 -0
package/GPT-5.md +1169 -0
package/OPUS-plan.md +352 -0
package/PHASE_3_AND_4.1_SUMMARY.md +585 -0
package/PHASE_3_SUMMARY.md +317 -0
package/PHASE_4.1.3_SUMMARY.md +428 -0
package/PHASE_4.1_COMPLETE.md +525 -0
package/PHASE_4_USER_DID_IDENTITY_LINKING_PLAN.md +1240 -0
package/SCHEMA_COMPLIANCE_REPORT.md +275 -0
package/TEST_PLAN.md +571 -0
package/coverage/coverage-final.json +57 -0
package/dist/__tests__/utils/mock-providers.d.ts +1 -2
package/dist/__tests__/utils/mock-providers.d.ts.map +1 -1
package/dist/__tests__/utils/mock-providers.js.map +1 -1
package/dist/cache/oauth-config-cache.d.ts +69 -0
package/dist/cache/oauth-config-cache.d.ts.map +1 -0
package/dist/cache/oauth-config-cache.js +76 -0
package/dist/cache/oauth-config-cache.js.map +1 -0
package/dist/identity/idp-token-resolver.d.ts +53 -0
package/dist/identity/idp-token-resolver.d.ts.map +1 -0
package/dist/identity/idp-token-resolver.js +108 -0
package/dist/identity/idp-token-resolver.js.map +1 -0
package/dist/identity/idp-token-storage.interface.d.ts +42 -0
package/dist/identity/idp-token-storage.interface.d.ts.map +1 -0
package/dist/identity/idp-token-storage.interface.js +12 -0
package/dist/identity/idp-token-storage.interface.js.map +1 -0
package/dist/identity/user-did-manager.d.ts +39 -1
package/dist/identity/user-did-manager.d.ts.map +1 -1
package/dist/identity/user-did-manager.js +69 -3
package/dist/identity/user-did-manager.js.map +1 -1
package/dist/index.d.ts +24 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +43 -1
package/dist/index.js.map +1 -1
package/dist/runtime/audit-logger.d.ts +37 -0
package/dist/runtime/audit-logger.d.ts.map +1 -0
package/dist/runtime/audit-logger.js +9 -0
package/dist/runtime/audit-logger.js.map +1 -0
package/dist/runtime/base.d.ts +58 -2
package/dist/runtime/base.d.ts.map +1 -1
package/dist/runtime/base.js +266 -11
package/dist/runtime/base.js.map +1 -1
package/dist/services/access-control.service.d.ts.map +1 -1
package/dist/services/access-control.service.js +200 -35
package/dist/services/access-control.service.js.map +1 -1
package/dist/services/authorization/authorization-registry.d.ts +29 -0
package/dist/services/authorization/authorization-registry.d.ts.map +1 -0
package/dist/services/authorization/authorization-registry.js +57 -0
package/dist/services/authorization/authorization-registry.js.map +1 -0
package/dist/services/authorization/types.d.ts +53 -0
package/dist/services/authorization/types.d.ts.map +1 -0
package/dist/services/authorization/types.js +10 -0
package/dist/services/authorization/types.js.map +1 -0
package/dist/services/batch-delegation.service.d.ts +53 -0
package/dist/services/batch-delegation.service.d.ts.map +1 -0
package/dist/services/batch-delegation.service.js +95 -0
package/dist/services/batch-delegation.service.js.map +1 -0
package/dist/services/index.d.ts +2 -0
package/dist/services/index.d.ts.map +1 -1
package/dist/services/index.js +4 -1
package/dist/services/index.js.map +1 -1
package/dist/services/oauth-config.service.d.ts +53 -0
package/dist/services/oauth-config.service.d.ts.map +1 -0
package/dist/services/oauth-config.service.js +117 -0
package/dist/services/oauth-config.service.js.map +1 -0
package/dist/services/oauth-provider-registry.d.ts +77 -0
package/dist/services/oauth-provider-registry.d.ts.map +1 -0
package/dist/services/oauth-provider-registry.js +112 -0
package/dist/services/oauth-provider-registry.js.map +1 -0
package/dist/services/oauth-service.d.ts +77 -0
package/dist/services/oauth-service.d.ts.map +1 -0
package/dist/services/oauth-service.js +348 -0
package/dist/services/oauth-service.js.map +1 -0
package/dist/services/oauth-token-retrieval.service.d.ts +49 -0
package/dist/services/oauth-token-retrieval.service.d.ts.map +1 -0
package/dist/services/oauth-token-retrieval.service.js +150 -0
package/dist/services/oauth-token-retrieval.service.js.map +1 -0
package/dist/services/provider-resolver.d.ts +48 -0
package/dist/services/provider-resolver.d.ts.map +1 -0
package/dist/services/provider-resolver.js +120 -0
package/dist/services/provider-resolver.js.map +1 -0
package/dist/services/provider-validator.d.ts +55 -0
package/dist/services/provider-validator.d.ts.map +1 -0
package/dist/services/provider-validator.js +135 -0
package/dist/services/provider-validator.js.map +1 -0
package/dist/services/session-registration.service.d.ts +80 -0
package/dist/services/session-registration.service.d.ts.map +1 -0
package/dist/services/session-registration.service.js +172 -0
package/dist/services/session-registration.service.js.map +1 -0
package/dist/services/tool-context-builder.d.ts +57 -0
package/dist/services/tool-context-builder.d.ts.map +1 -0
package/dist/services/tool-context-builder.js +125 -0
package/dist/services/tool-context-builder.js.map +1 -0
package/dist/services/tool-protection.service.d.ts +87 -10
package/dist/services/tool-protection.service.d.ts.map +1 -1
package/dist/services/tool-protection.service.js +282 -112
package/dist/services/tool-protection.service.js.map +1 -1
package/dist/types/oauth-required-error.d.ts +40 -0
package/dist/types/oauth-required-error.d.ts.map +1 -0
package/dist/types/oauth-required-error.js +40 -0
package/dist/types/oauth-required-error.js.map +1 -0
package/dist/utils/did-helpers.d.ts +33 -0
package/dist/utils/did-helpers.d.ts.map +1 -1
package/dist/utils/did-helpers.js +40 -0
package/dist/utils/did-helpers.js.map +1 -1
package/dist/utils/index.d.ts +1 -0
package/dist/utils/index.d.ts.map +1 -1
package/dist/utils/index.js +1 -0
package/dist/utils/index.js.map +1 -1
package/docs/API_REFERENCE.md +1362 -0
package/docs/COMPLIANCE_MATRIX.md +691 -0
package/docs/STATUSLIST2021_GUIDE.md +696 -0
package/docs/W3C_VC_DELEGATION_GUIDE.md +710 -0
package/package.json +24 -50
package/scripts/audit-compliance.ts +724 -0
package/src/__tests__/cache/tool-protection-cache.test.ts +640 -0
package/src/__tests__/config/provider-runtime-config.test.ts +309 -0
package/src/__tests__/delegation-e2e.test.ts +690 -0
package/src/__tests__/identity/user-did-manager.test.ts +213 -0
package/src/__tests__/index.test.ts +56 -0
package/src/__tests__/integration/full-flow.test.ts +776 -0
package/src/__tests__/integration.test.ts +281 -0
package/src/__tests__/providers/base.test.ts +173 -0
package/src/__tests__/providers/memory.test.ts +319 -0
package/src/__tests__/regression/phase2-regression.test.ts +427 -0
package/src/__tests__/runtime/audit-logger.test.ts +154 -0
package/src/__tests__/runtime/base-extensions.test.ts +593 -0
package/src/__tests__/runtime/base.test.ts +869 -0
package/src/__tests__/runtime/delegation-flow.test.ts +164 -0
package/src/__tests__/runtime/proof-client-did.test.ts +375 -0
package/src/__tests__/runtime/route-interception.test.ts +686 -0
package/src/__tests__/runtime/tool-protection-enforcement.test.ts +908 -0
package/src/__tests__/services/agentshield-integration.test.ts +784 -0
package/src/__tests__/services/provider-resolver-edge-cases.test.ts +487 -0
package/src/__tests__/services/tool-protection-oauth-provider.test.ts +480 -0
package/src/__tests__/services/tool-protection.service.test.ts +1366 -0
package/src/__tests__/utils/mock-providers.ts +340 -0
package/src/cache/oauth-config-cache.d.ts +69 -0
package/src/cache/oauth-config-cache.d.ts.map +1 -0
package/src/cache/oauth-config-cache.js +71 -0
package/src/cache/oauth-config-cache.js.map +1 -0
package/src/cache/oauth-config-cache.ts +123 -0
package/src/cache/tool-protection-cache.ts +171 -0
package/src/compliance/EXAMPLE.md +412 -0
package/src/compliance/__tests__/schema-verifier.test.ts +797 -0
package/src/compliance/index.ts +8 -0
package/src/compliance/schema-registry.ts +460 -0
package/src/compliance/schema-verifier.ts +708 -0
package/src/config/__tests__/remote-config.spec.ts +268 -0
package/src/config/remote-config.ts +174 -0
package/src/config.ts +309 -0
package/src/delegation/__tests__/audience-validator.test.ts +112 -0
package/src/delegation/__tests__/bitstring.test.ts +346 -0
package/src/delegation/__tests__/cascading-revocation.test.ts +628 -0
package/src/delegation/__tests__/delegation-graph.test.ts +584 -0
package/src/delegation/__tests__/utils.test.ts +152 -0
package/src/delegation/__tests__/vc-issuer.test.ts +442 -0
package/src/delegation/__tests__/vc-verifier.test.ts +922 -0
package/src/delegation/audience-validator.ts +52 -0
package/src/delegation/bitstring.ts +278 -0
package/src/delegation/cascading-revocation.ts +370 -0
package/src/delegation/delegation-graph.ts +299 -0
package/src/delegation/index.ts +14 -0
package/src/delegation/statuslist-manager.ts +353 -0
package/src/delegation/storage/__tests__/memory-graph-storage.test.ts +366 -0
package/src/delegation/storage/__tests__/memory-statuslist-storage.test.ts +228 -0
package/src/delegation/storage/index.ts +9 -0
package/src/delegation/storage/memory-graph-storage.ts +178 -0
package/src/delegation/storage/memory-statuslist-storage.ts +77 -0
package/src/delegation/utils.ts +42 -0
package/src/delegation/vc-issuer.ts +232 -0
package/src/delegation/vc-verifier.ts +568 -0
package/src/identity/idp-token-resolver.ts +147 -0
package/src/identity/idp-token-storage.interface.ts +59 -0
package/src/identity/user-did-manager.ts +370 -0
package/src/index.ts +271 -0
package/src/providers/base.d.ts +91 -0
package/src/providers/base.d.ts.map +1 -0
package/src/providers/base.js +38 -0
package/src/providers/base.js.map +1 -0
package/src/providers/base.ts +96 -0
package/src/providers/memory.ts +142 -0
package/src/runtime/audit-logger.ts +39 -0
package/src/runtime/base.ts +1329 -0
package/src/services/__tests__/access-control.integration.test.ts +443 -0
package/src/services/__tests__/access-control.proof-response-validation.test.ts +578 -0
package/src/services/__tests__/access-control.service.test.ts +970 -0
package/src/services/__tests__/batch-delegation.service.test.ts +351 -0
package/src/services/__tests__/crypto.service.test.ts +531 -0
package/src/services/__tests__/oauth-provider-registry.test.ts +142 -0
package/src/services/__tests__/proof-verifier.integration.test.ts +485 -0
package/src/services/__tests__/proof-verifier.test.ts +489 -0
package/src/services/__tests__/provider-resolution.integration.test.ts +198 -0
package/src/services/__tests__/provider-resolver.test.ts +217 -0
package/src/services/__tests__/storage.service.test.ts +358 -0
package/src/services/access-control.service.ts +990 -0
package/src/services/authorization/authorization-registry.ts +66 -0
package/src/services/authorization/types.ts +71 -0
package/src/services/batch-delegation.service.ts +137 -0
package/src/services/crypto.service.ts +302 -0
package/src/services/errors.ts +76 -0
package/src/services/index.ts +18 -0
package/src/services/oauth-config.service.d.ts +53 -0
package/src/services/oauth-config.service.d.ts.map +1 -0
package/src/services/oauth-config.service.js +113 -0
package/src/services/oauth-config.service.js.map +1 -0
package/src/services/oauth-config.service.ts +166 -0
package/src/services/oauth-provider-registry.d.ts +57 -0
package/src/services/oauth-provider-registry.d.ts.map +1 -0
package/src/services/oauth-provider-registry.js +73 -0
package/src/services/oauth-provider-registry.js.map +1 -0
package/src/services/oauth-provider-registry.ts +123 -0
package/src/services/oauth-service.ts +510 -0
package/src/services/oauth-token-retrieval.service.ts +245 -0
package/src/services/proof-verifier.ts +478 -0
package/src/services/provider-resolver.d.ts +48 -0
package/src/services/provider-resolver.d.ts.map +1 -0
package/src/services/provider-resolver.js +106 -0
package/src/services/provider-resolver.js.map +1 -0
package/src/services/provider-resolver.ts +144 -0
package/src/services/provider-validator.ts +170 -0
package/src/services/session-registration.service.ts +251 -0
package/src/services/storage.service.ts +566 -0
package/src/services/tool-context-builder.ts +172 -0
package/src/services/tool-protection.service.ts +958 -0
package/src/types/oauth-required-error.ts +63 -0
package/src/types/tool-protection.ts +155 -0
package/src/utils/__tests__/did-helpers.test.ts +101 -0
package/src/utils/base64.ts +148 -0
package/src/utils/cors.ts +83 -0
package/src/utils/did-helpers.ts +150 -0
package/src/utils/index.ts +8 -0
package/src/utils/storage-keys.ts +278 -0
package/tsconfig.json +21 -0
package/vitest.config.ts +56 -0

package/src/services/session-registration.service.ts ADDED Viewed

@@ -0,0 +1,251 @@
+/**
+ * Session Registration Service
+ *
+ * Registers MCP sessions with the AgentShield dashboard, enabling
+ * visibility into which MCP clients are connecting to agents.
+ *
+ * This is a fire-and-forget service - session registration should not
+ * block tool execution or affect the user experience.
+ *
+ * @package @kya-os/mcp-i-core
+ */
+import type {
+  RegisterSessionRequest,
+  RegisterSessionResponse,
+} from "@kya-os/contracts/agentshield-api";
+import {
+  registerSessionRequestSchema,
+  registerSessionResponseSchema,
+  AGENTSHIELD_ENDPOINTS,
+} from "@kya-os/contracts/agentshield-api";
+import type { FetchProvider } from "../providers/base.js";
+/**
+ * Configuration for the session registration service
+ */
+export interface SessionRegistrationServiceConfig {
+  /** Base URL for the AgentShield API (e.g., "https://kya.vouched.id") */
+  baseUrl: string;
+  /** API key for authentication */
+  apiKey: string;
+  /** Fetch provider for making HTTP requests (platform-agnostic) */
+  fetchProvider: FetchProvider;
+  /** Optional logger callback for diagnostics */
+  logger?: (message: string, data?: unknown) => void;
+  /** Timeout in milliseconds for the registration request (default: 5000) */
+  timeoutMs?: number;
+}
+/**
+ * Result of a session registration attempt
+ */
+export interface SessionRegistrationResult {
+  /** Whether registration was successful */
+  success: boolean;
+  /** Session ID that was registered */
+  sessionId: string;
+  /** Error message if registration failed */
+  error?: string;
+}
+/**
+ * Session Registration Service
+ *
+ * Registers MCP sessions with AgentShield for dashboard visibility.
+ * Designed to be non-blocking - failures are logged but don't throw.
+ */
+export class SessionRegistrationService {
+  private config: Required<
+    Omit<SessionRegistrationServiceConfig, "logger" | "timeoutMs">
+  > & {
+    logger: NonNullable<SessionRegistrationServiceConfig["logger"]>;
+    timeoutMs: number;
+  };
+  constructor(config: SessionRegistrationServiceConfig) {
+    this.config = {
+      baseUrl: config.baseUrl,
+      apiKey: config.apiKey,
+      fetchProvider: config.fetchProvider,
+      logger: config.logger || (() => {}),
+      timeoutMs: config.timeoutMs ?? 5000,
+    };
+  }
+  /**
+   * Register a session with AgentShield
+   *
+   * This is a fire-and-forget operation. Failures are logged but don't throw.
+   * The method returns quickly and doesn't block the caller.
+   *
+   * @param request - Session registration request data
+   * @returns Result indicating success or failure
+   */
+  async registerSession(
+    request: RegisterSessionRequest
+  ): Promise<SessionRegistrationResult> {
+    const sessionId = request.session_id;
+    try {
+      // Validate request
+      const validationResult = registerSessionRequestSchema.safeParse(request);
+      if (!validationResult.success) {
+        const errorMsg = `Invalid session registration request: ${validationResult.error.message}`;
+        this.config.logger("[SessionRegistration] Validation failed", {
+          sessionId,
+          error: errorMsg,
+        });
+        return { success: false, sessionId, error: errorMsg };
+      }
+      const url = `${this.config.baseUrl}${AGENTSHIELD_ENDPOINTS.SESSIONS}`;
+      this.config.logger("[SessionRegistration] Registering session", {
+        sessionId,
+        agentDid: request.agent_did,
+        clientName: request.client_info.name,
+        url,
+      });
+      // Make the request with timeout
+      const controller = new AbortController();
+      const timeoutId = setTimeout(
+        () => controller.abort(),
+        this.config.timeoutMs
+      );
+      try {
+        const response = await this.config.fetchProvider.fetch(url, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${this.config.apiKey}`,
+          },
+          body: JSON.stringify(request),
+          signal: controller.signal,
+        });
+        clearTimeout(timeoutId);
+        if (!response.ok) {
+          // Log error but don't throw - this is fire-and-forget
+          const errorText = await response.text().catch(() => "Unknown error");
+          this.config.logger("[SessionRegistration] Registration failed", {
+            sessionId,
+            status: response.status,
+            error: errorText,
+          });
+          return {
+            success: false,
+            sessionId,
+            error: `HTTP ${response.status}: ${errorText}`,
+          };
+        }
+        // Parse response
+        const responseData = (await response.json()) as {
+          data?: RegisterSessionResponse;
+        } & RegisterSessionResponse;
+        const parseResult = registerSessionResponseSchema.safeParse(
+          responseData.data || responseData
+        );
+        if (!parseResult.success) {
+          this.config.logger(
+            "[SessionRegistration] Invalid response format",
+            {
+              sessionId,
+              response: responseData,
+            }
+          );
+          // Still consider it a success if we got a 200 OK
+          return { success: true, sessionId };
+        }
+        this.config.logger("[SessionRegistration] Session registered", {
+          sessionId,
+          registered: parseResult.data.registered,
+        });
+        return { success: true, sessionId };
+      } finally {
+        clearTimeout(timeoutId);
+      }
+    } catch (error) {
+      // Handle abort/timeout
+      if (error instanceof Error && error.name === "AbortError") {
+        this.config.logger("[SessionRegistration] Request timed out", {
+          sessionId,
+          timeoutMs: this.config.timeoutMs,
+        });
+        return { success: false, sessionId, error: "Request timed out" };
+      }
+      // Log any other error
+      const errorMsg =
+        error instanceof Error ? error.message : "Unknown error";
+      this.config.logger("[SessionRegistration] Unexpected error", {
+        sessionId,
+        error: errorMsg,
+      });
+      return { success: false, sessionId, error: errorMsg };
+    }
+  }
+  /**
+   * Fire-and-forget session registration
+   *
+   * Starts registration in the background without waiting for completion.
+   * Useful when you want to register a session but not delay the response.
+   *
+   * @param request - Session registration request data
+   */
+  registerSessionAsync(request: RegisterSessionRequest): void {
+    // Start registration in background - don't await
+    this.registerSession(request).catch((error) => {
+      // This should never happen since registerSession catches all errors,
+      // but just in case
+      this.config.logger("[SessionRegistration] Background registration failed", {
+        sessionId: request.session_id,
+        error: error instanceof Error ? error.message : "Unknown error",
+      });
+    });
+  }
+}
+/**
+ * Create a session registration service from common runtime config
+ *
+ * Helper function to create the service from typical environment config.
+ */
+export function createSessionRegistrationService(options: {
+  apiUrl: string;
+  apiKey: string;
+  fetchProvider: FetchProvider;
+  logger?: (message: string, data?: unknown) => void;
+}): SessionRegistrationService | null {
+  // Validate required config
+  if (!options.apiUrl || !options.apiKey) {
+    options.logger?.(
+      "[SessionRegistration] Missing required config - session registration disabled",
+      {
+        hasApiUrl: !!options.apiUrl,
+        hasApiKey: !!options.apiKey,
+      }
+    );
+    return null;
+  }
+  return new SessionRegistrationService({
+    baseUrl: options.apiUrl,
+    apiKey: options.apiKey,
+    fetchProvider: options.fetchProvider,
+    logger: options.logger,
+  });
+}