npm - @kya-os/mcp-i-core - Versions diffs - 1.2.3-canary.7 → 1.3.0 - Mend

@kya-os/mcp-i-core 1.2.3-canary.7 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (231) hide show

package/.claude/settings.local.json +9 -0
package/.turbo/turbo-build.log +4 -0
package/.turbo/turbo-test$colon$coverage.log +4514 -0
package/.turbo/turbo-test.log +2973 -0
package/COMPLIANCE_IMPROVEMENT_REPORT.md +483 -0
package/Composer 3.md +615 -0
package/GPT-5.md +1169 -0
package/OPUS-plan.md +352 -0
package/PHASE_3_AND_4.1_SUMMARY.md +585 -0
package/PHASE_3_SUMMARY.md +317 -0
package/PHASE_4.1.3_SUMMARY.md +428 -0
package/PHASE_4.1_COMPLETE.md +525 -0
package/PHASE_4_USER_DID_IDENTITY_LINKING_PLAN.md +1240 -0
package/SCHEMA_COMPLIANCE_REPORT.md +275 -0
package/TEST_PLAN.md +571 -0
package/coverage/coverage-final.json +57 -0
package/dist/__tests__/utils/mock-providers.d.ts +1 -2
package/dist/__tests__/utils/mock-providers.d.ts.map +1 -1
package/dist/__tests__/utils/mock-providers.js.map +1 -1
package/dist/cache/oauth-config-cache.d.ts +69 -0
package/dist/cache/oauth-config-cache.d.ts.map +1 -0
package/dist/cache/oauth-config-cache.js +76 -0
package/dist/cache/oauth-config-cache.js.map +1 -0
package/dist/identity/idp-token-resolver.d.ts +53 -0
package/dist/identity/idp-token-resolver.d.ts.map +1 -0
package/dist/identity/idp-token-resolver.js +108 -0
package/dist/identity/idp-token-resolver.js.map +1 -0
package/dist/identity/idp-token-storage.interface.d.ts +42 -0
package/dist/identity/idp-token-storage.interface.d.ts.map +1 -0
package/dist/identity/idp-token-storage.interface.js +12 -0
package/dist/identity/idp-token-storage.interface.js.map +1 -0
package/dist/identity/user-did-manager.d.ts +39 -1
package/dist/identity/user-did-manager.d.ts.map +1 -1
package/dist/identity/user-did-manager.js +69 -3
package/dist/identity/user-did-manager.js.map +1 -1
package/dist/index.d.ts +22 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +39 -1
package/dist/index.js.map +1 -1
package/dist/runtime/audit-logger.d.ts +37 -0
package/dist/runtime/audit-logger.d.ts.map +1 -0
package/dist/runtime/audit-logger.js +9 -0
package/dist/runtime/audit-logger.js.map +1 -0
package/dist/runtime/base.d.ts +58 -2
package/dist/runtime/base.d.ts.map +1 -1
package/dist/runtime/base.js +266 -11
package/dist/runtime/base.js.map +1 -1
package/dist/services/access-control.service.d.ts.map +1 -1
package/dist/services/access-control.service.js +200 -35
package/dist/services/access-control.service.js.map +1 -1
package/dist/services/authorization/authorization-registry.d.ts +29 -0
package/dist/services/authorization/authorization-registry.d.ts.map +1 -0
package/dist/services/authorization/authorization-registry.js +57 -0
package/dist/services/authorization/authorization-registry.js.map +1 -0
package/dist/services/authorization/types.d.ts +53 -0
package/dist/services/authorization/types.d.ts.map +1 -0
package/dist/services/authorization/types.js +10 -0
package/dist/services/authorization/types.js.map +1 -0
package/dist/services/batch-delegation.service.d.ts +53 -0
package/dist/services/batch-delegation.service.d.ts.map +1 -0
package/dist/services/batch-delegation.service.js +95 -0
package/dist/services/batch-delegation.service.js.map +1 -0
package/dist/services/oauth-config.service.d.ts +53 -0
package/dist/services/oauth-config.service.d.ts.map +1 -0
package/dist/services/oauth-config.service.js +117 -0
package/dist/services/oauth-config.service.js.map +1 -0
package/dist/services/oauth-provider-registry.d.ts +77 -0
package/dist/services/oauth-provider-registry.d.ts.map +1 -0
package/dist/services/oauth-provider-registry.js +112 -0
package/dist/services/oauth-provider-registry.js.map +1 -0
package/dist/services/oauth-service.d.ts +77 -0
package/dist/services/oauth-service.d.ts.map +1 -0
package/dist/services/oauth-service.js +348 -0
package/dist/services/oauth-service.js.map +1 -0
package/dist/services/oauth-token-retrieval.service.d.ts +49 -0
package/dist/services/oauth-token-retrieval.service.d.ts.map +1 -0
package/dist/services/oauth-token-retrieval.service.js +150 -0
package/dist/services/oauth-token-retrieval.service.js.map +1 -0
package/dist/services/provider-resolver.d.ts +48 -0
package/dist/services/provider-resolver.d.ts.map +1 -0
package/dist/services/provider-resolver.js +120 -0
package/dist/services/provider-resolver.js.map +1 -0
package/dist/services/provider-validator.d.ts +55 -0
package/dist/services/provider-validator.d.ts.map +1 -0
package/dist/services/provider-validator.js +135 -0
package/dist/services/provider-validator.js.map +1 -0
package/dist/services/tool-context-builder.d.ts +57 -0
package/dist/services/tool-context-builder.d.ts.map +1 -0
package/dist/services/tool-context-builder.js +125 -0
package/dist/services/tool-context-builder.js.map +1 -0
package/dist/services/tool-protection.service.d.ts +87 -10
package/dist/services/tool-protection.service.d.ts.map +1 -1
package/dist/services/tool-protection.service.js +282 -112
package/dist/services/tool-protection.service.js.map +1 -1
package/dist/types/oauth-required-error.d.ts +40 -0
package/dist/types/oauth-required-error.d.ts.map +1 -0
package/dist/types/oauth-required-error.js +40 -0
package/dist/types/oauth-required-error.js.map +1 -0
package/dist/utils/did-helpers.d.ts +33 -0
package/dist/utils/did-helpers.d.ts.map +1 -1
package/dist/utils/did-helpers.js +40 -0
package/dist/utils/did-helpers.js.map +1 -1
package/dist/utils/index.d.ts +1 -0
package/dist/utils/index.d.ts.map +1 -1
package/dist/utils/index.js +1 -0
package/dist/utils/index.js.map +1 -1
package/docs/API_REFERENCE.md +1362 -0
package/docs/COMPLIANCE_MATRIX.md +691 -0
package/docs/STATUSLIST2021_GUIDE.md +696 -0
package/docs/W3C_VC_DELEGATION_GUIDE.md +710 -0
package/package.json +24 -50
package/scripts/audit-compliance.ts +724 -0
package/src/__tests__/cache/tool-protection-cache.test.ts +640 -0
package/src/__tests__/config/provider-runtime-config.test.ts +309 -0
package/src/__tests__/delegation-e2e.test.ts +690 -0
package/src/__tests__/identity/user-did-manager.test.ts +213 -0
package/src/__tests__/index.test.ts +56 -0
package/src/__tests__/integration/full-flow.test.ts +776 -0
package/src/__tests__/integration.test.ts +281 -0
package/src/__tests__/providers/base.test.ts +173 -0
package/src/__tests__/providers/memory.test.ts +319 -0
package/src/__tests__/regression/phase2-regression.test.ts +427 -0
package/src/__tests__/runtime/audit-logger.test.ts +154 -0
package/src/__tests__/runtime/base-extensions.test.ts +593 -0
package/src/__tests__/runtime/base.test.ts +869 -0
package/src/__tests__/runtime/delegation-flow.test.ts +164 -0
package/src/__tests__/runtime/proof-client-did.test.ts +375 -0
package/src/__tests__/runtime/route-interception.test.ts +686 -0
package/src/__tests__/runtime/tool-protection-enforcement.test.ts +908 -0
package/src/__tests__/services/agentshield-integration.test.ts +784 -0
package/src/__tests__/services/provider-resolver-edge-cases.test.ts +487 -0
package/src/__tests__/services/tool-protection-oauth-provider.test.ts +480 -0
package/src/__tests__/services/tool-protection.service.test.ts +1366 -0
package/src/__tests__/utils/mock-providers.ts +340 -0
package/src/cache/oauth-config-cache.d.ts +69 -0
package/src/cache/oauth-config-cache.d.ts.map +1 -0
package/src/cache/oauth-config-cache.js +71 -0
package/src/cache/oauth-config-cache.js.map +1 -0
package/src/cache/oauth-config-cache.ts +123 -0
package/src/cache/tool-protection-cache.ts +171 -0
package/src/compliance/EXAMPLE.md +412 -0
package/src/compliance/__tests__/schema-verifier.test.ts +797 -0
package/src/compliance/index.ts +8 -0
package/src/compliance/schema-registry.ts +460 -0
package/src/compliance/schema-verifier.ts +708 -0
package/src/config/__tests__/remote-config.spec.ts +268 -0
package/src/config/remote-config.ts +174 -0
package/src/config.ts +309 -0
package/src/delegation/__tests__/audience-validator.test.ts +112 -0
package/src/delegation/__tests__/bitstring.test.ts +346 -0
package/src/delegation/__tests__/cascading-revocation.test.ts +628 -0
package/src/delegation/__tests__/delegation-graph.test.ts +584 -0
package/src/delegation/__tests__/utils.test.ts +152 -0
package/src/delegation/__tests__/vc-issuer.test.ts +442 -0
package/src/delegation/__tests__/vc-verifier.test.ts +922 -0
package/src/delegation/audience-validator.ts +52 -0
package/src/delegation/bitstring.ts +278 -0
package/src/delegation/cascading-revocation.ts +370 -0
package/src/delegation/delegation-graph.ts +299 -0
package/src/delegation/index.ts +14 -0
package/src/delegation/statuslist-manager.ts +353 -0
package/src/delegation/storage/__tests__/memory-graph-storage.test.ts +366 -0
package/src/delegation/storage/__tests__/memory-statuslist-storage.test.ts +228 -0
package/src/delegation/storage/index.ts +9 -0
package/src/delegation/storage/memory-graph-storage.ts +178 -0
package/src/delegation/storage/memory-statuslist-storage.ts +77 -0
package/src/delegation/utils.ts +42 -0
package/src/delegation/vc-issuer.ts +232 -0
package/src/delegation/vc-verifier.ts +568 -0
package/src/identity/idp-token-resolver.ts +147 -0
package/src/identity/idp-token-storage.interface.ts +59 -0
package/src/identity/user-did-manager.ts +370 -0
package/src/index.ts +260 -0
package/src/providers/base.d.ts +91 -0
package/src/providers/base.d.ts.map +1 -0
package/src/providers/base.js +38 -0
package/src/providers/base.js.map +1 -0
package/src/providers/base.ts +96 -0
package/src/providers/memory.ts +142 -0
package/src/runtime/audit-logger.ts +39 -0
package/src/runtime/base.ts +1329 -0
package/src/services/__tests__/access-control.integration.test.ts +443 -0
package/src/services/__tests__/access-control.proof-response-validation.test.ts +578 -0
package/src/services/__tests__/access-control.service.test.ts +970 -0
package/src/services/__tests__/batch-delegation.service.test.ts +351 -0
package/src/services/__tests__/crypto.service.test.ts +531 -0
package/src/services/__tests__/oauth-provider-registry.test.ts +142 -0
package/src/services/__tests__/proof-verifier.integration.test.ts +485 -0
package/src/services/__tests__/proof-verifier.test.ts +489 -0
package/src/services/__tests__/provider-resolution.integration.test.ts +198 -0
package/src/services/__tests__/provider-resolver.test.ts +217 -0
package/src/services/__tests__/storage.service.test.ts +358 -0
package/src/services/access-control.service.ts +990 -0
package/src/services/authorization/authorization-registry.ts +66 -0
package/src/services/authorization/types.ts +71 -0
package/src/services/batch-delegation.service.ts +137 -0
package/src/services/crypto.service.ts +302 -0
package/src/services/errors.ts +76 -0
package/src/services/index.ts +9 -0
package/src/services/oauth-config.service.d.ts +53 -0
package/src/services/oauth-config.service.d.ts.map +1 -0
package/src/services/oauth-config.service.js +113 -0
package/src/services/oauth-config.service.js.map +1 -0
package/src/services/oauth-config.service.ts +166 -0
package/src/services/oauth-provider-registry.d.ts +57 -0
package/src/services/oauth-provider-registry.d.ts.map +1 -0
package/src/services/oauth-provider-registry.js +73 -0
package/src/services/oauth-provider-registry.js.map +1 -0
package/src/services/oauth-provider-registry.ts +123 -0
package/src/services/oauth-service.ts +510 -0
package/src/services/oauth-token-retrieval.service.ts +245 -0
package/src/services/proof-verifier.ts +478 -0
package/src/services/provider-resolver.d.ts +48 -0
package/src/services/provider-resolver.d.ts.map +1 -0
package/src/services/provider-resolver.js +106 -0
package/src/services/provider-resolver.js.map +1 -0
package/src/services/provider-resolver.ts +144 -0
package/src/services/provider-validator.ts +170 -0
package/src/services/storage.service.ts +566 -0
package/src/services/tool-context-builder.ts +172 -0
package/src/services/tool-protection.service.ts +958 -0
package/src/types/oauth-required-error.ts +63 -0
package/src/types/tool-protection.ts +155 -0
package/src/utils/__tests__/did-helpers.test.ts +101 -0
package/src/utils/base64.ts +148 -0
package/src/utils/cors.ts +83 -0
package/src/utils/did-helpers.ts +150 -0
package/src/utils/index.ts +8 -0
package/src/utils/storage-keys.ts +278 -0
package/tsconfig.json +21 -0
package/vitest.config.ts +56 -0

package/src/__tests__/providers/memory.test.ts ADDED Viewed

@@ -0,0 +1,319 @@
+/**
+ * Tests for Memory Provider Implementations
+ */
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import {
+  MemoryStorageProvider,
+  MemoryNonceCacheProvider,
+  MemoryIdentityProvider
+} from '../../providers/memory';
+import { MockCryptoProvider } from '../utils/mock-providers';
+describe('MemoryStorageProvider', () => {
+  let provider: MemoryStorageProvider;
+  beforeEach(() => {
+    provider = new MemoryStorageProvider();
+  });
+  describe('get', () => {
+    it('should return null for non-existent keys', async () => {
+      const value = await provider.get('nonexistent');
+      expect(value).toBeNull();
+    });
+    it('should return stored values', async () => {
+      await provider.set('key1', 'value1');
+      const value = await provider.get('key1');
+      expect(value).toBe('value1');
+    });
+  });
+  describe('set', () => {
+    it('should store values', async () => {
+      await provider.set('key1', 'value1');
+      const value = await provider.get('key1');
+      expect(value).toBe('value1');
+    });
+    it('should overwrite existing values', async () => {
+      await provider.set('key1', 'value1');
+      await provider.set('key1', 'value2');
+      const value = await provider.get('key1');
+      expect(value).toBe('value2');
+    });
+    it('should handle empty string values', async () => {
+      await provider.set('key1', '');
+      const value = await provider.get('key1');
+      expect(value).toBe('');
+    });
+  });
+  describe('delete', () => {
+    it('should delete existing keys', async () => {
+      await provider.set('key1', 'value1');
+      await provider.delete('key1');
+      const value = await provider.get('key1');
+      expect(value).toBeNull();
+    });
+    it('should handle deleting non-existent keys', async () => {
+      await expect(provider.delete('nonexistent')).resolves.toBeUndefined();
+    });
+  });
+  describe('exists', () => {
+    it('should return false for non-existent keys', async () => {
+      const exists = await provider.exists('nonexistent');
+      expect(exists).toBe(false);
+    });
+    it('should return true for existing keys', async () => {
+      await provider.set('key1', 'value1');
+      const exists = await provider.exists('key1');
+      expect(exists).toBe(true);
+    });
+    it('should return true for empty string values', async () => {
+      await provider.set('key1', '');
+      const exists = await provider.exists('key1');
+      expect(exists).toBe(true);
+    });
+  });
+  describe('list', () => {
+    beforeEach(async () => {
+      await provider.set('prefix/key1', 'value1');
+      await provider.set('prefix/key2', 'value2');
+      await provider.set('other/key3', 'value3');
+      await provider.set('key4', 'value4');
+    });
+    it('should list all keys when no prefix provided', async () => {
+      const keys = await provider.list();
+      expect(keys).toHaveLength(4);
+      expect(keys).toContain('prefix/key1');
+      expect(keys).toContain('prefix/key2');
+      expect(keys).toContain('other/key3');
+      expect(keys).toContain('key4');
+    });
+    it('should filter by prefix', async () => {
+      const keys = await provider.list('prefix/');
+      expect(keys).toHaveLength(2);
+      expect(keys).toContain('prefix/key1');
+      expect(keys).toContain('prefix/key2');
+    });
+    it('should return empty array for non-matching prefix', async () => {
+      const keys = await provider.list('nonexistent/');
+      expect(keys).toHaveLength(0);
+    });
+    it('should handle empty prefix', async () => {
+      const keys = await provider.list('');
+      expect(keys).toHaveLength(4);
+    });
+  });
+});
+describe('MemoryNonceCacheProvider', () => {
+  let provider: MemoryNonceCacheProvider;
+  beforeEach(() => {
+    provider = new MemoryNonceCacheProvider();
+    vi.useFakeTimers();
+  });
+  afterEach(() => {
+    vi.useRealTimers();
+  });
+  describe('has', () => {
+    it('should return false for non-existent nonces', async () => {
+      const has = await provider.has('nonexistent');
+      expect(has).toBe(false);
+    });
+    it('should return true for valid nonces', async () => {
+      await provider.add('nonce1', 5); // 5 seconds TTL
+      const has = await provider.has('nonce1');
+      expect(has).toBe(true);
+    });
+    it('should return false for expired nonces', async () => {
+      await provider.add('nonce1', -1); // Negative TTL = expired
+      const has = await provider.has('nonce1');
+      expect(has).toBe(false);
+    });
+    it('should remove expired nonces when checking', async () => {
+      await provider.add('nonce1', -1); // Negative TTL = expired
+      await provider.has('nonce1'); // This should remove it
+      // Check internal state
+      const has = await provider.has('nonce1');
+      expect(has).toBe(false);
+    });
+  });
+  describe('add', () => {
+    it('should add nonces with expiry', async () => {
+      await provider.add('nonce1', 5); // 5 seconds TTL
+      const has = await provider.has('nonce1');
+      expect(has).toBe(true);
+    });
+    it('should overwrite existing nonces', async () => {
+      await provider.add('nonce1', 5); // 5 seconds TTL
+      await provider.add('nonce1', 10); // 10 seconds TTL
+      // Advance time by 7 seconds (between 5 and 10)
+      vi.advanceTimersByTime(7000);
+      const has = await provider.has('nonce1');
+      expect(has).toBe(true); // Should still be valid with new expiry
+    });
+  });
+  describe('cleanup', () => {
+    it('should remove expired nonces', async () => {
+      await provider.add('expired', -1); // Negative TTL = expired
+      await provider.add('valid', 5); // 5 seconds TTL
+      await provider.cleanup();
+      expect(await provider.has('expired')).toBe(false);
+      expect(await provider.has('valid')).toBe(true);
+    });
+    it('should handle empty cache', async () => {
+      await expect(provider.cleanup()).resolves.toBeUndefined();
+    });
+  });
+  describe('destroy', () => {
+    it('should clear all nonces', async () => {
+      await provider.add('nonce1', 5); // 5 seconds TTL
+      await provider.add('nonce2', 5); // 5 seconds TTL
+      await provider.destroy();
+      expect(await provider.has('nonce1')).toBe(false);
+      expect(await provider.has('nonce2')).toBe(false);
+    });
+  });
+});
+describe('MemoryIdentityProvider', () => {
+  let provider: MemoryIdentityProvider;
+  let cryptoProvider: MockCryptoProvider;
+  beforeEach(() => {
+    cryptoProvider = new MockCryptoProvider();
+    provider = new MemoryIdentityProvider(cryptoProvider);
+  });
+  describe('getIdentity', () => {
+    it('should generate identity on first call', async () => {
+      const identity = await provider.getIdentity();
+      expect(identity).toBeDefined();
+      expect(identity.did).toMatch(/^did:key:z/);
+      expect(identity.kid).toBe(`${identity.did}#key-1`);
+      expect(identity.privateKey).toMatch(/^[A-Za-z0-9+/=]+$/); // Valid base64 string
+      expect(identity.publicKey).toMatch(/^[A-Za-z0-9+/=]+$/); // Valid base64 string
+      expect(identity.type).toBe('development');
+      expect(identity.createdAt).toBeDefined();
+    });
+    it('should return same identity on subsequent calls', async () => {
+      const identity1 = await provider.getIdentity();
+      const identity2 = await provider.getIdentity();
+      expect(identity1).toEqual(identity2);
+    });
+    it('should throw without crypto provider', async () => {
+      const providerNoCrypto = new MemoryIdentityProvider();
+      await expect(providerNoCrypto.getIdentity()).rejects.toThrow('Crypto provider required');
+    });
+  });
+  describe('saveIdentity', () => {
+    it('should save and return the saved identity', async () => {
+      const customIdentity = {
+        did: 'did:key:zcustom',
+        kid: 'did:key:zcustom#key-1',
+        privateKey: 'custom-private',
+        publicKey: 'custom-public',
+        createdAt: new Date().toISOString(),
+        type: 'production' as const,
+        metadata: { custom: true }
+      };
+      await provider.saveIdentity(customIdentity);
+      const retrieved = await provider.getIdentity();
+      expect(retrieved).toEqual(customIdentity);
+    });
+  });
+  describe('rotateKeys', () => {
+    it('should generate new identity', async () => {
+      const oldIdentity = await provider.getIdentity();
+      const newIdentity = await provider.rotateKeys();
+      expect(newIdentity.did).not.toBe(oldIdentity.did);
+      expect(newIdentity.privateKey).toMatch(/^[A-Za-z0-9+/=]+$/); // Valid base64 string
+      expect(newIdentity.publicKey).toMatch(/^[A-Za-z0-9+/=]+$/); // Valid base64 string
+    });
+    it('should return new identity on subsequent calls', async () => {
+      const oldIdentity = await provider.getIdentity();
+      await provider.rotateKeys();
+      const currentIdentity = await provider.getIdentity();
+      expect(currentIdentity.did).not.toBe(oldIdentity.did);
+    });
+    it('should throw without crypto provider', async () => {
+      const providerNoCrypto = new MemoryIdentityProvider();
+      await expect(providerNoCrypto.rotateKeys()).rejects.toThrow('Crypto provider required');
+    });
+  });
+  describe('deleteIdentity', () => {
+    it('should delete existing identity', async () => {
+      const identity = await provider.getIdentity();
+      await provider.deleteIdentity();
+      // Should generate new identity after deletion
+      const newIdentity = await provider.getIdentity();
+      expect(newIdentity.did).not.toBe(identity.did);
+    });
+    it('should handle deleting when no identity exists', async () => {
+      await expect(provider.deleteIdentity()).resolves.toBeUndefined();
+    });
+  });
+  describe('DID generation', () => {
+    it('should generate consistent DID format', async () => {
+      const identity = await provider.getIdentity();
+      expect(identity.did).toMatch(/^did:key:z[A-Za-z0-9_-]+$/);
+    });
+    it('should generate DID from public key', async () => {
+      // Test the DID generation logic
+      const identity = await provider.getIdentity();
+      const publicKeyPart = Buffer.from(identity.publicKey, 'base64')
+        .toString('base64url')
+        .substring(0, 32);
+      expect(identity.did).toBe(`did:key:z${publicKeyPart}`);
+    });
+  });
+});