npm - @kya-os/mcp-i-core - Versions diffs - 1.2.3-canary.7 → 1.3.0 - Mend

@kya-os/mcp-i-core 1.2.3-canary.7 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (231) hide show

package/.claude/settings.local.json +9 -0
package/.turbo/turbo-build.log +4 -0
package/.turbo/turbo-test$colon$coverage.log +4514 -0
package/.turbo/turbo-test.log +2973 -0
package/COMPLIANCE_IMPROVEMENT_REPORT.md +483 -0
package/Composer 3.md +615 -0
package/GPT-5.md +1169 -0
package/OPUS-plan.md +352 -0
package/PHASE_3_AND_4.1_SUMMARY.md +585 -0
package/PHASE_3_SUMMARY.md +317 -0
package/PHASE_4.1.3_SUMMARY.md +428 -0
package/PHASE_4.1_COMPLETE.md +525 -0
package/PHASE_4_USER_DID_IDENTITY_LINKING_PLAN.md +1240 -0
package/SCHEMA_COMPLIANCE_REPORT.md +275 -0
package/TEST_PLAN.md +571 -0
package/coverage/coverage-final.json +57 -0
package/dist/__tests__/utils/mock-providers.d.ts +1 -2
package/dist/__tests__/utils/mock-providers.d.ts.map +1 -1
package/dist/__tests__/utils/mock-providers.js.map +1 -1
package/dist/cache/oauth-config-cache.d.ts +69 -0
package/dist/cache/oauth-config-cache.d.ts.map +1 -0
package/dist/cache/oauth-config-cache.js +76 -0
package/dist/cache/oauth-config-cache.js.map +1 -0
package/dist/identity/idp-token-resolver.d.ts +53 -0
package/dist/identity/idp-token-resolver.d.ts.map +1 -0
package/dist/identity/idp-token-resolver.js +108 -0
package/dist/identity/idp-token-resolver.js.map +1 -0
package/dist/identity/idp-token-storage.interface.d.ts +42 -0
package/dist/identity/idp-token-storage.interface.d.ts.map +1 -0
package/dist/identity/idp-token-storage.interface.js +12 -0
package/dist/identity/idp-token-storage.interface.js.map +1 -0
package/dist/identity/user-did-manager.d.ts +39 -1
package/dist/identity/user-did-manager.d.ts.map +1 -1
package/dist/identity/user-did-manager.js +69 -3
package/dist/identity/user-did-manager.js.map +1 -1
package/dist/index.d.ts +22 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +39 -1
package/dist/index.js.map +1 -1
package/dist/runtime/audit-logger.d.ts +37 -0
package/dist/runtime/audit-logger.d.ts.map +1 -0
package/dist/runtime/audit-logger.js +9 -0
package/dist/runtime/audit-logger.js.map +1 -0
package/dist/runtime/base.d.ts +58 -2
package/dist/runtime/base.d.ts.map +1 -1
package/dist/runtime/base.js +266 -11
package/dist/runtime/base.js.map +1 -1
package/dist/services/access-control.service.d.ts.map +1 -1
package/dist/services/access-control.service.js +200 -35
package/dist/services/access-control.service.js.map +1 -1
package/dist/services/authorization/authorization-registry.d.ts +29 -0
package/dist/services/authorization/authorization-registry.d.ts.map +1 -0
package/dist/services/authorization/authorization-registry.js +57 -0
package/dist/services/authorization/authorization-registry.js.map +1 -0
package/dist/services/authorization/types.d.ts +53 -0
package/dist/services/authorization/types.d.ts.map +1 -0
package/dist/services/authorization/types.js +10 -0
package/dist/services/authorization/types.js.map +1 -0
package/dist/services/batch-delegation.service.d.ts +53 -0
package/dist/services/batch-delegation.service.d.ts.map +1 -0
package/dist/services/batch-delegation.service.js +95 -0
package/dist/services/batch-delegation.service.js.map +1 -0
package/dist/services/oauth-config.service.d.ts +53 -0
package/dist/services/oauth-config.service.d.ts.map +1 -0
package/dist/services/oauth-config.service.js +117 -0
package/dist/services/oauth-config.service.js.map +1 -0
package/dist/services/oauth-provider-registry.d.ts +77 -0
package/dist/services/oauth-provider-registry.d.ts.map +1 -0
package/dist/services/oauth-provider-registry.js +112 -0
package/dist/services/oauth-provider-registry.js.map +1 -0
package/dist/services/oauth-service.d.ts +77 -0
package/dist/services/oauth-service.d.ts.map +1 -0
package/dist/services/oauth-service.js +348 -0
package/dist/services/oauth-service.js.map +1 -0
package/dist/services/oauth-token-retrieval.service.d.ts +49 -0
package/dist/services/oauth-token-retrieval.service.d.ts.map +1 -0
package/dist/services/oauth-token-retrieval.service.js +150 -0
package/dist/services/oauth-token-retrieval.service.js.map +1 -0
package/dist/services/provider-resolver.d.ts +48 -0
package/dist/services/provider-resolver.d.ts.map +1 -0
package/dist/services/provider-resolver.js +120 -0
package/dist/services/provider-resolver.js.map +1 -0
package/dist/services/provider-validator.d.ts +55 -0
package/dist/services/provider-validator.d.ts.map +1 -0
package/dist/services/provider-validator.js +135 -0
package/dist/services/provider-validator.js.map +1 -0
package/dist/services/tool-context-builder.d.ts +57 -0
package/dist/services/tool-context-builder.d.ts.map +1 -0
package/dist/services/tool-context-builder.js +125 -0
package/dist/services/tool-context-builder.js.map +1 -0
package/dist/services/tool-protection.service.d.ts +87 -10
package/dist/services/tool-protection.service.d.ts.map +1 -1
package/dist/services/tool-protection.service.js +282 -112
package/dist/services/tool-protection.service.js.map +1 -1
package/dist/types/oauth-required-error.d.ts +40 -0
package/dist/types/oauth-required-error.d.ts.map +1 -0
package/dist/types/oauth-required-error.js +40 -0
package/dist/types/oauth-required-error.js.map +1 -0
package/dist/utils/did-helpers.d.ts +33 -0
package/dist/utils/did-helpers.d.ts.map +1 -1
package/dist/utils/did-helpers.js +40 -0
package/dist/utils/did-helpers.js.map +1 -1
package/dist/utils/index.d.ts +1 -0
package/dist/utils/index.d.ts.map +1 -1
package/dist/utils/index.js +1 -0
package/dist/utils/index.js.map +1 -1
package/docs/API_REFERENCE.md +1362 -0
package/docs/COMPLIANCE_MATRIX.md +691 -0
package/docs/STATUSLIST2021_GUIDE.md +696 -0
package/docs/W3C_VC_DELEGATION_GUIDE.md +710 -0
package/package.json +24 -50
package/scripts/audit-compliance.ts +724 -0
package/src/__tests__/cache/tool-protection-cache.test.ts +640 -0
package/src/__tests__/config/provider-runtime-config.test.ts +309 -0
package/src/__tests__/delegation-e2e.test.ts +690 -0
package/src/__tests__/identity/user-did-manager.test.ts +213 -0
package/src/__tests__/index.test.ts +56 -0
package/src/__tests__/integration/full-flow.test.ts +776 -0
package/src/__tests__/integration.test.ts +281 -0
package/src/__tests__/providers/base.test.ts +173 -0
package/src/__tests__/providers/memory.test.ts +319 -0
package/src/__tests__/regression/phase2-regression.test.ts +427 -0
package/src/__tests__/runtime/audit-logger.test.ts +154 -0
package/src/__tests__/runtime/base-extensions.test.ts +593 -0
package/src/__tests__/runtime/base.test.ts +869 -0
package/src/__tests__/runtime/delegation-flow.test.ts +164 -0
package/src/__tests__/runtime/proof-client-did.test.ts +375 -0
package/src/__tests__/runtime/route-interception.test.ts +686 -0
package/src/__tests__/runtime/tool-protection-enforcement.test.ts +908 -0
package/src/__tests__/services/agentshield-integration.test.ts +784 -0
package/src/__tests__/services/provider-resolver-edge-cases.test.ts +487 -0
package/src/__tests__/services/tool-protection-oauth-provider.test.ts +480 -0
package/src/__tests__/services/tool-protection.service.test.ts +1366 -0
package/src/__tests__/utils/mock-providers.ts +340 -0
package/src/cache/oauth-config-cache.d.ts +69 -0
package/src/cache/oauth-config-cache.d.ts.map +1 -0
package/src/cache/oauth-config-cache.js +71 -0
package/src/cache/oauth-config-cache.js.map +1 -0
package/src/cache/oauth-config-cache.ts +123 -0
package/src/cache/tool-protection-cache.ts +171 -0
package/src/compliance/EXAMPLE.md +412 -0
package/src/compliance/__tests__/schema-verifier.test.ts +797 -0
package/src/compliance/index.ts +8 -0
package/src/compliance/schema-registry.ts +460 -0
package/src/compliance/schema-verifier.ts +708 -0
package/src/config/__tests__/remote-config.spec.ts +268 -0
package/src/config/remote-config.ts +174 -0
package/src/config.ts +309 -0
package/src/delegation/__tests__/audience-validator.test.ts +112 -0
package/src/delegation/__tests__/bitstring.test.ts +346 -0
package/src/delegation/__tests__/cascading-revocation.test.ts +628 -0
package/src/delegation/__tests__/delegation-graph.test.ts +584 -0
package/src/delegation/__tests__/utils.test.ts +152 -0
package/src/delegation/__tests__/vc-issuer.test.ts +442 -0
package/src/delegation/__tests__/vc-verifier.test.ts +922 -0
package/src/delegation/audience-validator.ts +52 -0
package/src/delegation/bitstring.ts +278 -0
package/src/delegation/cascading-revocation.ts +370 -0
package/src/delegation/delegation-graph.ts +299 -0
package/src/delegation/index.ts +14 -0
package/src/delegation/statuslist-manager.ts +353 -0
package/src/delegation/storage/__tests__/memory-graph-storage.test.ts +366 -0
package/src/delegation/storage/__tests__/memory-statuslist-storage.test.ts +228 -0
package/src/delegation/storage/index.ts +9 -0
package/src/delegation/storage/memory-graph-storage.ts +178 -0
package/src/delegation/storage/memory-statuslist-storage.ts +77 -0
package/src/delegation/utils.ts +42 -0
package/src/delegation/vc-issuer.ts +232 -0
package/src/delegation/vc-verifier.ts +568 -0
package/src/identity/idp-token-resolver.ts +147 -0
package/src/identity/idp-token-storage.interface.ts +59 -0
package/src/identity/user-did-manager.ts +370 -0
package/src/index.ts +260 -0
package/src/providers/base.d.ts +91 -0
package/src/providers/base.d.ts.map +1 -0
package/src/providers/base.js +38 -0
package/src/providers/base.js.map +1 -0
package/src/providers/base.ts +96 -0
package/src/providers/memory.ts +142 -0
package/src/runtime/audit-logger.ts +39 -0
package/src/runtime/base.ts +1329 -0
package/src/services/__tests__/access-control.integration.test.ts +443 -0
package/src/services/__tests__/access-control.proof-response-validation.test.ts +578 -0
package/src/services/__tests__/access-control.service.test.ts +970 -0
package/src/services/__tests__/batch-delegation.service.test.ts +351 -0
package/src/services/__tests__/crypto.service.test.ts +531 -0
package/src/services/__tests__/oauth-provider-registry.test.ts +142 -0
package/src/services/__tests__/proof-verifier.integration.test.ts +485 -0
package/src/services/__tests__/proof-verifier.test.ts +489 -0
package/src/services/__tests__/provider-resolution.integration.test.ts +198 -0
package/src/services/__tests__/provider-resolver.test.ts +217 -0
package/src/services/__tests__/storage.service.test.ts +358 -0
package/src/services/access-control.service.ts +990 -0
package/src/services/authorization/authorization-registry.ts +66 -0
package/src/services/authorization/types.ts +71 -0
package/src/services/batch-delegation.service.ts +137 -0
package/src/services/crypto.service.ts +302 -0
package/src/services/errors.ts +76 -0
package/src/services/index.ts +9 -0
package/src/services/oauth-config.service.d.ts +53 -0
package/src/services/oauth-config.service.d.ts.map +1 -0
package/src/services/oauth-config.service.js +113 -0
package/src/services/oauth-config.service.js.map +1 -0
package/src/services/oauth-config.service.ts +166 -0
package/src/services/oauth-provider-registry.d.ts +57 -0
package/src/services/oauth-provider-registry.d.ts.map +1 -0
package/src/services/oauth-provider-registry.js +73 -0
package/src/services/oauth-provider-registry.js.map +1 -0
package/src/services/oauth-provider-registry.ts +123 -0
package/src/services/oauth-service.ts +510 -0
package/src/services/oauth-token-retrieval.service.ts +245 -0
package/src/services/proof-verifier.ts +478 -0
package/src/services/provider-resolver.d.ts +48 -0
package/src/services/provider-resolver.d.ts.map +1 -0
package/src/services/provider-resolver.js +106 -0
package/src/services/provider-resolver.js.map +1 -0
package/src/services/provider-resolver.ts +144 -0
package/src/services/provider-validator.ts +170 -0
package/src/services/storage.service.ts +566 -0
package/src/services/tool-context-builder.ts +172 -0
package/src/services/tool-protection.service.ts +958 -0
package/src/types/oauth-required-error.ts +63 -0
package/src/types/tool-protection.ts +155 -0
package/src/utils/__tests__/did-helpers.test.ts +101 -0
package/src/utils/base64.ts +148 -0
package/src/utils/cors.ts +83 -0
package/src/utils/did-helpers.ts +150 -0
package/src/utils/index.ts +8 -0
package/src/utils/storage-keys.ts +278 -0
package/tsconfig.json +21 -0
package/vitest.config.ts +56 -0

package/src/__tests__/utils/mock-providers.ts ADDED Viewed

@@ -0,0 +1,340 @@
+/**
+ * Mock Providers for Testing
+ *
+ * These mock implementations allow controlled testing of the runtime
+ * and other components that depend on providers.
+ */
+import { vi } from 'vitest';
+import {
+  CryptoProvider,
+  ClockProvider,
+  FetchProvider,
+  StorageProvider,
+  NonceCacheProvider,
+  IdentityProvider,
+  AgentIdentity
+} from '../../providers/base';
+/**
+ * Mock Crypto Provider
+ */
+export class MockCryptoProvider extends CryptoProvider {
+  async sign(data: Uint8Array, privateKey: string): Promise<Uint8Array> {
+    // Simple mock signature
+    return new Uint8Array([1, 2, 3, 4, 5]);
+  }
+  async verify(data: Uint8Array, signature: Uint8Array, publicKey: string): Promise<boolean> {
+    // Simple verification - check signature matches expected pattern
+    // In real implementation, this would verify cryptographic signature
+    return signature.length === 5 && signature[0] === 1 && signature[1] === 2;
+  }
+  async generateKeyPair(): Promise<{ privateKey: string; publicKey: string }> {
+    // Generate valid base64-encoded keys for testing
+    // Ed25519 keys are 32 bytes, so we generate 32 random bytes and encode them
+    const randomBytes = new Uint8Array(32);
+    for (let i = 0; i < 32; i++) {
+      randomBytes[i] = Math.floor(Math.random() * 256);
+    }
+    // Convert to base64 using Node.js Buffer (works in Node.js test environment)
+    const base64PrivateKey = Buffer.from(randomBytes).toString('base64');
+    // Generate a different public key (Ed25519 public key is also 32 bytes)
+    const publicBytes = new Uint8Array(32);
+    for (let i = 0; i < 32; i++) {
+      publicBytes[i] = Math.floor(Math.random() * 256);
+    }
+    const base64PublicKey = Buffer.from(publicBytes).toString('base64');
+    return {
+      privateKey: base64PrivateKey,
+      publicKey: base64PublicKey
+    };
+  }
+  async hash(data: Uint8Array): Promise<Uint8Array> {
+    // Simple mock hash
+    return new Uint8Array([9, 8, 7, 6, 5]);
+  }
+  async randomBytes(length: number): Promise<Uint8Array> {
+    const bytes = new Uint8Array(length);
+    for (let i = 0; i < length; i++) {
+      bytes[i] = Math.floor(Math.random() * 256);
+    }
+    return bytes;
+  }
+}
+/**
+ * Mock Clock Provider
+ */
+export class MockClockProvider extends ClockProvider {
+  private currentTime: number = Date.now();
+  setTime(timestamp: number): void {
+    this.currentTime = timestamp;
+  }
+  now(): number {
+    return this.currentTime;
+  }
+  isWithinSkew(timestamp: number, skewSeconds: number): boolean {
+    const diff = Math.abs(this.currentTime - timestamp);
+    return diff <= skewSeconds * 1000;
+  }
+  hasExpired(expiresAt: number): boolean {
+    return this.currentTime > expiresAt;
+  }
+  calculateExpiry(ttlSeconds: number): number {
+    return this.currentTime + (ttlSeconds * 1000);
+  }
+  format(timestamp: number): string {
+    return new Date(timestamp).toISOString();
+  }
+}
+/**
+ * Mock Fetch Provider
+ */
+export class MockFetchProvider extends FetchProvider {
+  private didDocuments: Map<string, any> = new Map();
+  private statusLists: Map<string, any> = new Map();
+  private delegationChains: Map<string, any[]> = new Map();
+  public fetch: (url: string, options?: any) => Promise<Response>;
+  constructor() {
+    super();
+    // Initialize fetch as a vi.fn() in constructor to ensure it's always mockable
+    this.fetch = vi.fn(async (url: string, options?: any): Promise<Response> => {
+      // Simple mock Response
+      return new Response(JSON.stringify({ url, options }), {
+        status: 200,
+        headers: { 'Content-Type': 'application/json' }
+      });
+    }) as any;
+  }
+  // Test helpers
+  setDIDDocument(did: string, doc: any): void {
+    this.didDocuments.set(did, doc);
+  }
+  setStatusList(url: string, list: any): void {
+    this.statusLists.set(url, list);
+  }
+  setDelegationChain(id: string, chain: any[]): void {
+    this.delegationChains.set(id, chain);
+  }
+  async resolveDID(did: string): Promise<any> {
+    const doc = this.didDocuments.get(did);
+    if (!doc) {
+      throw new Error(`DID ${did} not found`);
+    }
+    return doc;
+  }
+  async fetchStatusList(url: string): Promise<any> {
+    const list = this.statusLists.get(url);
+    if (!list) {
+      throw new Error(`Status list ${url} not found`);
+    }
+    return list;
+  }
+  async fetchDelegationChain(id: string): Promise<any[]> {
+    const chain = this.delegationChains.get(id);
+    if (!chain) {
+      throw new Error(`Delegation chain ${id} not found`);
+    }
+    return chain;
+  }
+}
+/**
+ * Mock Storage Provider
+ */
+export class MockStorageProvider extends StorageProvider {
+  private store: Map<string, string> = new Map();
+  async get(key: string): Promise<string | null> {
+    return this.store.get(key) || null;
+  }
+  async set(key: string, value: string): Promise<void> {
+    this.store.set(key, value);
+  }
+  async delete(key: string): Promise<void> {
+    this.store.delete(key);
+  }
+  async exists(key: string): Promise<boolean> {
+    return this.store.has(key);
+  }
+  async list(prefix?: string): Promise<string[]> {
+    const keys = Array.from(this.store.keys());
+    if (prefix) {
+      return keys.filter(k => k.startsWith(prefix));
+    }
+    return keys;
+  }
+  // Test helper
+  clear(): void {
+    this.store.clear();
+  }
+}
+/**
+ * Mock Nonce Cache Provider
+ */
+export class MockNonceCacheProvider extends NonceCacheProvider {
+  private nonces: Map<string, number> = new Map();
+  public cleanupCalled = false;
+  public destroyCalled = false;
+  private clock?: ClockProvider;
+  setClock(clock: ClockProvider): void {
+    this.clock = clock;
+  }
+  async has(nonce: string, agentDid?: string): Promise<boolean> {
+    const key = agentDid ? `nonce:${agentDid}:${nonce}` : `nonce:${nonce}`;
+    const expiry = this.nonces.get(key);
+    if (!expiry) return false;
+    const now = this.clock ? this.clock.now() : Date.now();
+    if (now > expiry) {
+      this.nonces.delete(key);
+      return false;
+    }
+    return true;
+  }
+  async add(nonce: string, ttlSeconds: number, agentDid?: string): Promise<void> {
+    const key = agentDid ? `nonce:${agentDid}:${nonce}` : `nonce:${nonce}`;
+    // Convert TTL seconds to absolute expiration timestamp for storage
+    const now = this.clock ? this.clock.now() : Date.now();
+    const expiresAt = now + (ttlSeconds * 1000);
+    this.nonces.set(key, expiresAt);
+  }
+  async cleanup(): Promise<void> {
+    this.cleanupCalled = true;
+    const now = this.clock ? this.clock.now() : Date.now();
+    for (const [nonce, expiry] of this.nonces) {
+      if (now > expiry) {
+        this.nonces.delete(nonce);
+      }
+    }
+  }
+  async destroy(): Promise<void> {
+    this.destroyCalled = true;
+    this.nonces.clear();
+  }
+  // Test helper
+  clear(): void {
+    this.nonces.clear();
+  }
+  size(): number {
+    return this.nonces.size;
+  }
+}
+/**
+ * Mock Identity Provider
+ */
+export class MockIdentityProvider extends IdentityProvider {
+  private identity?: AgentIdentity;
+  public rotateKeysCalled = false;
+  public deleteIdentityCalled = false;
+  private rotateCount = 0;
+  constructor(identity?: AgentIdentity) {
+    super();
+    this.identity = identity;
+  }
+  async getIdentity(): Promise<AgentIdentity> {
+    if (!this.identity) {
+      this.identity = {
+        did: 'did:key:zmock123',
+        kid: 'did:key:zmock123#key-1',
+        privateKey: 'mock-private-key',
+        publicKey: 'mock-public-key',
+        createdAt: new Date().toISOString(),
+        type: 'development',
+        metadata: { mock: true }
+      };
+    }
+    return this.identity;
+  }
+  async saveIdentity(identity: AgentIdentity): Promise<void> {
+    this.identity = identity;
+  }
+  async rotateKeys(): Promise<AgentIdentity> {
+    this.rotateKeysCalled = true;
+    this.rotateCount++;
+    this.identity = {
+      did: `did:key:zmock456-${this.rotateCount}`,
+      kid: `did:key:zmock456-${this.rotateCount}#key-1`,
+      privateKey: `mock-private-key-rotated-${this.rotateCount}`,
+      publicKey: `mock-public-key-rotated-${this.rotateCount}`,
+      createdAt: new Date().toISOString(),
+      type: 'development',
+      metadata: { mock: true, rotated: true, rotateCount: this.rotateCount }
+    };
+    return this.identity;
+  }
+  async deleteIdentity(): Promise<void> {
+    this.deleteIdentityCalled = true;
+    this.identity = undefined;
+  }
+  // Test helper
+  setIdentity(identity: AgentIdentity): void {
+    this.identity = identity;
+  }
+}
+/**
+ * Create a full set of mock providers for testing
+ */
+export function createMockProviders() {
+  const cryptoProvider = new MockCryptoProvider();
+  const clockProvider = new MockClockProvider();
+  const fetchProvider = new MockFetchProvider();
+  const storageProvider = new MockStorageProvider();
+  const nonceCacheProvider = new MockNonceCacheProvider();
+  const identityProvider = new MockIdentityProvider();
+  // Connect nonce cache to clock for consistent time
+  nonceCacheProvider.setClock(clockProvider);
+  return {
+    cryptoProvider,
+    clockProvider,
+    fetchProvider,
+    storageProvider,
+    nonceCacheProvider,
+    identityProvider
+  };
+}

package/src/cache/oauth-config-cache.d.ts ADDED Viewed

@@ -0,0 +1,69 @@
+/**
+ * Platform-agnostic cache interface for OAuth provider configurations
+ *
+ * This interface allows different runtime adapters to provide their own
+ * caching implementations (e.g., in-memory for Node.js, KV for Cloudflare)
+ *
+ * @package @kya-os/mcp-i-core
+ */
+import type { OAuthConfig } from "@kya-os/contracts/config";
+/**
+ * Cache interface for storing and retrieving OAuth provider configurations
+ */
+export interface OAuthConfigCache {
+    /**
+     * Retrieve a cached OAuth configuration
+     * @param key Cache key (typically projectId)
+     * @returns Cached config or null if not found/expired
+     */
+    get(key: string): Promise<OAuthConfig | null>;
+    /**
+     * Store an OAuth configuration in cache
+     * @param key Cache key (typically projectId)
+     * @param value OAuth configuration to cache
+     * @param ttl Time-to-live in milliseconds
+     */
+    set(key: string, value: OAuthConfig, ttl: number): Promise<void>;
+    /**
+     * Clear all cached entries
+     */
+    clear(): Promise<void>;
+    /**
+     * Remove a specific cache entry
+     * @param key Cache key to remove
+     */
+    delete(key: string): Promise<void>;
+}
+/**
+ * In-memory cache implementation
+ *
+ * Suitable for:
+ * - Node.js runtimes
+ * - Development/testing
+ * - Single-instance deployments
+ *
+ * NOT suitable for:
+ * - Multi-instance deployments (cache not shared)
+ * - Serverless environments (state not persisted)
+ */
+export declare class InMemoryOAuthConfigCache implements OAuthConfigCache {
+    private cache;
+    get(key: string): Promise<OAuthConfig | null>;
+    set(key: string, value: OAuthConfig, ttl: number): Promise<void>;
+    clear(): Promise<void>;
+    delete(key: string): Promise<void>;
+}
+/**
+ * No-op cache implementation (disables caching)
+ *
+ * Use when:
+ * - You want to disable caching entirely
+ * - Testing scenarios that require fresh data
+ */
+export declare class NoOpOAuthConfigCache implements OAuthConfigCache {
+    get(_key: string): Promise<OAuthConfig | null>;
+    set(_key: string, _value: OAuthConfig, _ttl: number): Promise<void>;
+    clear(): Promise<void>;
+    delete(_key: string): Promise<void>;
+}
+//# sourceMappingURL=oauth-config-cache.d.ts.map

package/src/cache/oauth-config-cache.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth-config-cache.d.ts","sourceRoot":"","sources":["oauth-config-cache.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAE5D;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;;OAIG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IAE9C;;;;;OAKG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjE;;OAEG;IACH,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvB;;;OAGG;IACH,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpC;AAED;;;;;;;;;;;GAWG;AACH,qBAAa,wBAAyB,YAAW,gBAAgB;IAC/D,OAAO,CAAC,KAAK,CAGT;IAEE,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAgB7C,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAShE,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAItB,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGzC;AAED;;;;;;GAMG;AACH,qBAAa,oBAAqB,YAAW,gBAAgB;IACrD,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAI9C,GAAG,CACP,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,WAAW,EACnB,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,IAAI,CAAC;IAIV,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAItB,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAG1C"}

package/src/cache/oauth-config-cache.js ADDED Viewed

@@ -0,0 +1,71 @@
+/**
+ * Platform-agnostic cache interface for OAuth provider configurations
+ *
+ * This interface allows different runtime adapters to provide their own
+ * caching implementations (e.g., in-memory for Node.js, KV for Cloudflare)
+ *
+ * @package @kya-os/mcp-i-core
+ */
+/**
+ * In-memory cache implementation
+ *
+ * Suitable for:
+ * - Node.js runtimes
+ * - Development/testing
+ * - Single-instance deployments
+ *
+ * NOT suitable for:
+ * - Multi-instance deployments (cache not shared)
+ * - Serverless environments (state not persisted)
+ */
+export class InMemoryOAuthConfigCache {
+    cache = new Map();
+    async get(key) {
+        const entry = this.cache.get(key);
+        if (!entry) {
+            return null;
+        }
+        // Check if expired
+        if (Date.now() > entry.expiresAt) {
+            this.cache.delete(key);
+            return null;
+        }
+        return entry.value;
+    }
+    async set(key, value, ttl) {
+        // If TTL is <= 0, don't store (entry would be immediately expired)
+        if (ttl <= 0) {
+            return;
+        }
+        const expiresAt = Date.now() + ttl;
+        this.cache.set(key, { value, expiresAt });
+    }
+    async clear() {
+        this.cache.clear();
+    }
+    async delete(key) {
+        this.cache.delete(key);
+    }
+}
+/**
+ * No-op cache implementation (disables caching)
+ *
+ * Use when:
+ * - You want to disable caching entirely
+ * - Testing scenarios that require fresh data
+ */
+export class NoOpOAuthConfigCache {
+    async get(_key) {
+        return null;
+    }
+    async set(_key, _value, _ttl) {
+        // No-op
+    }
+    async clear() {
+        // No-op
+    }
+    async delete(_key) {
+        // No-op
+    }
+}
+//# sourceMappingURL=oauth-config-cache.js.map

package/src/cache/oauth-config-cache.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth-config-cache.js","sourceRoot":"","sources":["oauth-config-cache.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAmCH;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,wBAAwB;IAC3B,KAAK,GAAG,IAAI,GAAG,EAGpB,CAAC;IAEJ,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAElC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mBAAmB;QACnB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC,KAAK,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAkB,EAAE,GAAW;QACpD,mEAAmE;QACnE,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QACD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC;QACnC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;CACF;AAED;;;;;;GAMG;AACH,MAAM,OAAO,oBAAoB;IAC/B,KAAK,CAAC,GAAG,CAAC,IAAY;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,GAAG,CACP,IAAY,EACZ,MAAmB,EACnB,IAAY;QAEZ,QAAQ;IACV,CAAC;IAED,KAAK,CAAC,KAAK;QACT,QAAQ;IACV,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,IAAY;QACvB,QAAQ;IACV,CAAC;CACF"}

package/src/cache/oauth-config-cache.ts ADDED Viewed

@@ -0,0 +1,123 @@
+/**
+ * Platform-agnostic cache interface for OAuth provider configurations
+ *
+ * This interface allows different runtime adapters to provide their own
+ * caching implementations (e.g., in-memory for Node.js, KV for Cloudflare)
+ *
+ * @package @kya-os/mcp-i-core
+ */
+import type { OAuthConfig } from "@kya-os/contracts/config";
+/**
+ * Cache interface for storing and retrieving OAuth provider configurations
+ */
+export interface OAuthConfigCache {
+  /**
+   * Retrieve a cached OAuth configuration
+   * @param key Cache key (typically projectId)
+   * @returns Cached config or null if not found/expired
+   */
+  get(key: string): Promise<OAuthConfig | null>;
+  /**
+   * Store an OAuth configuration in cache
+   * @param key Cache key (typically projectId)
+   * @param value OAuth configuration to cache
+   * @param ttl Time-to-live in milliseconds
+   */
+  set(key: string, value: OAuthConfig, ttl: number): Promise<void>;
+  /**
+   * Clear all cached entries
+   */
+  clear(): Promise<void>;
+  /**
+   * Remove a specific cache entry
+   * @param key Cache key to remove
+   */
+  delete(key: string): Promise<void>;
+}
+/**
+ * In-memory cache implementation
+ *
+ * Suitable for:
+ * - Node.js runtimes
+ * - Development/testing
+ * - Single-instance deployments
+ *
+ * NOT suitable for:
+ * - Multi-instance deployments (cache not shared)
+ * - Serverless environments (state not persisted)
+ */
+export class InMemoryOAuthConfigCache implements OAuthConfigCache {
+  private cache = new Map<
+    string,
+    { value: OAuthConfig; expiresAt: number }
+  >();
+  async get(key: string): Promise<OAuthConfig | null> {
+    const entry = this.cache.get(key);
+    if (!entry) {
+      return null;
+    }
+    // Check if expired
+    if (Date.now() > entry.expiresAt) {
+      this.cache.delete(key);
+      return null;
+    }
+    return entry.value;
+  }
+  async set(key: string, value: OAuthConfig, ttl: number): Promise<void> {
+    // If TTL is <= 0, don't store (entry would be immediately expired)
+    if (ttl <= 0) {
+      return;
+    }
+    const expiresAt = Date.now() + ttl;
+    this.cache.set(key, { value, expiresAt });
+  }
+  async clear(): Promise<void> {
+    this.cache.clear();
+  }
+  async delete(key: string): Promise<void> {
+    this.cache.delete(key);
+  }
+}
+/**
+ * No-op cache implementation (disables caching)
+ *
+ * Use when:
+ * - You want to disable caching entirely
+ * - Testing scenarios that require fresh data
+ */
+export class NoOpOAuthConfigCache implements OAuthConfigCache {
+  async get(_key: string): Promise<OAuthConfig | null> {
+    return null;
+  }
+  async set(
+    _key: string,
+    _value: OAuthConfig,
+    _ttl: number
+  ): Promise<void> {
+    // No-op
+  }
+  async clear(): Promise<void> {
+    // No-op
+  }
+  async delete(_key: string): Promise<void> {
+    // No-op
+  }
+}