@kya-os/mcp-i-core 1.3.10 → 1.3.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/settings.local.json +9 -0
- package/.turbo/turbo-build.log +1 -1
- package/.turbo/turbo-test$colon$coverage.log +3419 -3072
- package/.turbo/turbo-test.log +1664 -1539
- package/coverage/coverage-final.json +60 -0
- package/dist/identity/idp-token-resolver.d.ts +17 -1
- package/dist/identity/idp-token-resolver.d.ts.map +1 -1
- package/dist/identity/idp-token-resolver.js +34 -6
- package/dist/identity/idp-token-resolver.js.map +1 -1
- package/dist/identity/idp-token-storage.interface.d.ts +38 -7
- package/dist/identity/idp-token-storage.interface.d.ts.map +1 -1
- package/dist/identity/idp-token-storage.interface.js +2 -0
- package/dist/identity/idp-token-storage.interface.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/services/tool-context-builder.d.ts +18 -1
- package/dist/services/tool-context-builder.d.ts.map +1 -1
- package/dist/services/tool-context-builder.js +63 -10
- package/dist/services/tool-context-builder.js.map +1 -1
- package/dist/services/tool-protection.service.d.ts +1 -1
- package/dist/services/tool-protection.service.d.ts.map +1 -1
- package/dist/services/tool-protection.service.js +17 -10
- package/dist/services/tool-protection.service.js.map +1 -1
- package/dist/utils/did-helpers.d.ts +33 -0
- package/dist/utils/did-helpers.d.ts.map +1 -1
- package/dist/utils/did-helpers.js +53 -0
- package/dist/utils/did-helpers.js.map +1 -1
- package/package.json +2 -2
- package/src/delegation/__tests__/vc-issuer.test.ts +1 -1
- package/src/identity/idp-token-resolver.ts +41 -7
- package/src/identity/idp-token-storage.interface.ts +42 -7
- package/src/index.ts +6 -2
- package/src/services/tool-context-builder.ts +75 -10
- package/src/services/tool-protection.service.ts +51 -32
- package/src/utils/__tests__/did-helpers.test.ts +55 -0
- package/src/utils/did-helpers.ts +60 -0
- package/dist/__tests__/utils/mock-providers.d.ts +0 -104
- package/dist/__tests__/utils/mock-providers.d.ts.map +0 -1
- package/dist/__tests__/utils/mock-providers.js +0 -293
- package/dist/__tests__/utils/mock-providers.js.map +0 -1
|
@@ -4,10 +4,13 @@
|
|
|
4
4
|
* Resolves User DID to IDP access token (MH-7 requirement).
|
|
5
5
|
* Handles token lookup, expiration checking, and automatic refresh.
|
|
6
6
|
*
|
|
7
|
+
* Updated for CRED-003: Returns full token data including usage metadata
|
|
8
|
+
* to support credential providers with custom token usage patterns.
|
|
9
|
+
*
|
|
7
10
|
* @package @kya-os/mcp-i-core
|
|
8
11
|
*/
|
|
9
12
|
import type { IdpTokens } from "@kya-os/contracts/config";
|
|
10
|
-
import type { IIdpTokenStorage } from "./idp-token-storage.interface.js";
|
|
13
|
+
import type { IIdpTokenStorage, IdpTokensWithMetadata } from "./idp-token-storage.interface.js";
|
|
11
14
|
export interface IdpTokenResolverConfig {
|
|
12
15
|
/** Token storage implementation */
|
|
13
16
|
tokenStorage: IIdpTokenStorage;
|
|
@@ -49,5 +52,18 @@ export declare class IdpTokenResolver {
|
|
|
49
52
|
* @returns Access token or null if not found/expired
|
|
50
53
|
*/
|
|
51
54
|
resolveTokenFromDid(userDid: string, provider: string, scopes: string[]): Promise<string | null>;
|
|
55
|
+
/**
|
|
56
|
+
* Resolve User DID to full IDP token data (CRED-003)
|
|
57
|
+
*
|
|
58
|
+
* Returns the full token data including usage metadata for credential providers.
|
|
59
|
+
* This allows ToolContextBuilder to construct appropriate headers based on
|
|
60
|
+
* tokenUsage (cookie/bearer/header) and cookieFormat.
|
|
61
|
+
*
|
|
62
|
+
* @param userDid - User DID to resolve
|
|
63
|
+
* @param provider - OAuth provider name or credential provider
|
|
64
|
+
* @param scopes - Required scopes for token
|
|
65
|
+
* @returns Full token data with metadata or null if not found/expired
|
|
66
|
+
*/
|
|
67
|
+
resolveTokenDataFromDid(userDid: string, provider: string, scopes: string[]): Promise<IdpTokensWithMetadata | null>;
|
|
52
68
|
}
|
|
53
69
|
//# sourceMappingURL=idp-token-resolver.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"idp-token-resolver.d.ts","sourceRoot":"","sources":["../../src/identity/idp-token-resolver.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"idp-token-resolver.d.ts","sourceRoot":"","sources":["../../src/identity/idp-token-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,KAAK,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAC;AAEhG,MAAM,WAAW,sBAAsB;IACrC,mCAAmC;IACnC,YAAY,EAAE,gBAAgB,CAAC;IAE/B,sCAAsC;IACtC,YAAY,EAAE;QACZ,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;KACjF,CAAC;IAEF,+CAA+C;IAC/C,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CACpD;AAED;;;;;;;;;GASG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAEZ;gBAEU,MAAM,EAAE,sBAAsB;IAQ1C;;;;;;;;;;;;;;;;OAgBG;IACG,mBAAmB,CACvB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,GACf,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKzB;;;;;;;;;;;OAWG;IACG,uBAAuB,CAC3B,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,GACf,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC;CAsFzC"}
|
|
@@ -5,6 +5,9 @@
|
|
|
5
5
|
* Resolves User DID to IDP access token (MH-7 requirement).
|
|
6
6
|
* Handles token lookup, expiration checking, and automatic refresh.
|
|
7
7
|
*
|
|
8
|
+
* Updated for CRED-003: Returns full token data including usage metadata
|
|
9
|
+
* to support credential providers with custom token usage patterns.
|
|
10
|
+
*
|
|
8
11
|
* @package @kya-os/mcp-i-core
|
|
9
12
|
*/
|
|
10
13
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
@@ -46,6 +49,22 @@ class IdpTokenResolver {
|
|
|
46
49
|
* @returns Access token or null if not found/expired
|
|
47
50
|
*/
|
|
48
51
|
async resolveTokenFromDid(userDid, provider, scopes) {
|
|
52
|
+
const tokenData = await this.resolveTokenDataFromDid(userDid, provider, scopes);
|
|
53
|
+
return tokenData?.access_token ?? null;
|
|
54
|
+
}
|
|
55
|
+
/**
|
|
56
|
+
* Resolve User DID to full IDP token data (CRED-003)
|
|
57
|
+
*
|
|
58
|
+
* Returns the full token data including usage metadata for credential providers.
|
|
59
|
+
* This allows ToolContextBuilder to construct appropriate headers based on
|
|
60
|
+
* tokenUsage (cookie/bearer/header) and cookieFormat.
|
|
61
|
+
*
|
|
62
|
+
* @param userDid - User DID to resolve
|
|
63
|
+
* @param provider - OAuth provider name or credential provider
|
|
64
|
+
* @param scopes - Required scopes for token
|
|
65
|
+
* @returns Full token data with metadata or null if not found/expired
|
|
66
|
+
*/
|
|
67
|
+
async resolveTokenDataFromDid(userDid, provider, scopes) {
|
|
49
68
|
// 1. Look up token from storage
|
|
50
69
|
const storedToken = await this.config.tokenStorage.getToken(userDid, provider, scopes);
|
|
51
70
|
if (!storedToken) {
|
|
@@ -66,18 +85,26 @@ class IdpTokenResolver {
|
|
|
66
85
|
hasRefreshToken: !!storedToken.refresh_token,
|
|
67
86
|
});
|
|
68
87
|
// 3. Refresh if refresh_token available
|
|
88
|
+
// Note: Credential tokens don't support refresh - they require re-authentication
|
|
69
89
|
if (storedToken.refresh_token) {
|
|
70
90
|
const refreshed = await this.config.oauthService.refreshToken(provider, storedToken.refresh_token);
|
|
71
91
|
if (refreshed) {
|
|
72
|
-
// 4. Update storage with new tokens
|
|
73
|
-
|
|
92
|
+
// 4. Update storage with new tokens, preserving usage metadata
|
|
93
|
+
const refreshedWithMetadata = {
|
|
94
|
+
...refreshed,
|
|
95
|
+
tokenUsage: storedToken.tokenUsage,
|
|
96
|
+
tokenHeader: storedToken.tokenHeader,
|
|
97
|
+
cookieFormat: storedToken.cookieFormat,
|
|
98
|
+
apiHeaders: storedToken.apiHeaders,
|
|
99
|
+
};
|
|
100
|
+
await this.config.tokenStorage.storeToken(userDid, provider, scopes, refreshedWithMetadata);
|
|
74
101
|
this.config.logger("[IdpTokenResolver] Token refreshed successfully", {
|
|
75
102
|
userDid: userDid.substring(0, 20) + "...",
|
|
76
103
|
provider,
|
|
77
104
|
expiresAt: new Date(refreshed.expires_at).toISOString(),
|
|
78
105
|
});
|
|
79
|
-
// 5. Return new
|
|
80
|
-
return
|
|
106
|
+
// 5. Return new token data
|
|
107
|
+
return refreshedWithMetadata;
|
|
81
108
|
}
|
|
82
109
|
else {
|
|
83
110
|
this.config.logger("[IdpTokenResolver] Token refresh failed", {
|
|
@@ -95,13 +122,14 @@ class IdpTokenResolver {
|
|
|
95
122
|
return null;
|
|
96
123
|
}
|
|
97
124
|
}
|
|
98
|
-
// 4. Return valid
|
|
125
|
+
// 4. Return valid token data
|
|
99
126
|
this.config.logger("[IdpTokenResolver] Token resolved successfully", {
|
|
100
127
|
userDid: userDid.substring(0, 20) + "...",
|
|
101
128
|
provider,
|
|
102
129
|
expiresAt: new Date(storedToken.expires_at).toISOString(),
|
|
130
|
+
tokenUsage: storedToken.tokenUsage,
|
|
103
131
|
});
|
|
104
|
-
return storedToken
|
|
132
|
+
return storedToken;
|
|
105
133
|
}
|
|
106
134
|
}
|
|
107
135
|
exports.IdpTokenResolver = IdpTokenResolver;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"idp-token-resolver.js","sourceRoot":"","sources":["../../src/identity/idp-token-resolver.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"idp-token-resolver.js","sourceRoot":"","sources":["../../src/identity/idp-token-resolver.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AAkBH;;;;;;;;;GASG;AACH,MAAa,gBAAgB;IACnB,MAAM,CAEZ;IAEF,YAAY,MAA8B;QACxC,IAAI,CAAC,MAAM,GAAG;YACZ,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;SACpC,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACH,KAAK,CAAC,mBAAmB,CACvB,OAAe,EACf,QAAgB,EAChB,MAAgB;QAEhB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QAChF,OAAO,SAAS,EAAE,YAAY,IAAI,IAAI,CAAC;IACzC,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,uBAAuB,CAC3B,OAAe,EACf,QAAgB,EAChB,MAAgB;QAEhB,gCAAgC;QAChC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CACzD,OAAO,EACP,QAAQ,EACR,MAAM,CACP,CAAC;QAEF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,oCAAoC,EAAE;gBACvD,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;gBACzC,QAAQ;gBACR,MAAM;aACP,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;QAED,sBAAsB;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,WAAW,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC;YACjC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,sDAAsD,EAAE;gBACzE,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;gBACzC,QAAQ;gBACR,SAAS,EAAE,IAAI,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE;gBACzD,eAAe,EAAE,CAAC,CAAC,WAAW,CAAC,aAAa;aAC7C,CAAC,CAAC;YAEH,wCAAwC;YACxC,iFAAiF;YACjF,IAAI,WAAW,CAAC,aAAa,EAAE,CAAC;gBAC9B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,YAAY,CAC3D,QAAQ,EACR,WAAW,CAAC,aAAa,CAC1B,CAAC;gBAEF,IAAI,SAAS,EAAE,CAAC;oBACd,+DAA+D;oBAC/D,MAAM,qBAAqB,GAA0B;wBACnD,GAAG,SAAS;wBACZ,UAAU,EAAE,WAAW,CAAC,UAAU;wBAClC,WAAW,EAAE,WAAW,CAAC,WAAW;wBACpC,YAAY,EAAE,WAAW,CAAC,YAAY;wBACtC,UAAU,EAAE,WAAW,CAAC,UAAU;qBACnC,CAAC;oBAEF,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,UAAU,CACvC,OAAO,EACP,QAAQ,EACR,MAAM,EACN,qBAAqB,CACtB,CAAC;oBAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,iDAAiD,EAAE;wBACpE,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wBACzC,QAAQ;wBACR,SAAS,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE;qBACxD,CAAC,CAAC;oBAEH,2BAA2B;oBAC3B,OAAO,qBAAqB,CAAC;gBAC/B,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,yCAAyC,EAAE;wBAC5D,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wBACzC,QAAQ;qBACT,CAAC,CAAC;oBACH,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,uDAAuD,EAAE;oBAC1E,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;oBACzC,QAAQ;iBACT,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,gDAAgD,EAAE;YACnE,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;YACzC,QAAQ;YACR,SAAS,EAAE,IAAI,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE;YACzD,UAAU,EAAE,WAAW,CAAC,UAAU;SACnC,CAAC,CAAC;QAEH,OAAO,WAAW,CAAC;IACrB,CAAC;CACF;AA7ID,4CA6IC"}
|
|
@@ -5,9 +5,40 @@
|
|
|
5
5
|
* Platform-specific implementations (Cloudflare KV, Node.js database, etc.)
|
|
6
6
|
* implement this interface.
|
|
7
7
|
*
|
|
8
|
+
* Supports both OAuth tokens and credential-based session tokens (CRED-003).
|
|
9
|
+
*
|
|
8
10
|
* @package @kya-os/mcp-i-core
|
|
9
11
|
*/
|
|
10
12
|
import type { IdpTokens } from "@kya-os/contracts/config";
|
|
13
|
+
/**
|
|
14
|
+
* Token usage metadata for credential providers (CRED-003)
|
|
15
|
+
*
|
|
16
|
+
* Specifies how the token should be used in subsequent API calls.
|
|
17
|
+
*/
|
|
18
|
+
export interface TokenUsageMetadata {
|
|
19
|
+
/**
|
|
20
|
+
* How to use the token in requests
|
|
21
|
+
* - "cookie": Send as Cookie header
|
|
22
|
+
* - "bearer": Send as Authorization: Bearer xxx
|
|
23
|
+
* - "header": Send as custom header (specify tokenHeader)
|
|
24
|
+
*/
|
|
25
|
+
tokenUsage?: "cookie" | "bearer" | "header";
|
|
26
|
+
/** Custom header name when tokenUsage is "header" */
|
|
27
|
+
tokenHeader?: string;
|
|
28
|
+
/**
|
|
29
|
+
* Cookie format template when tokenUsage is "cookie"
|
|
30
|
+
* Use {{token}} placeholder for the token value
|
|
31
|
+
* @example "CIX={{token}}; customerCookie={{token}}"
|
|
32
|
+
*/
|
|
33
|
+
cookieFormat?: string;
|
|
34
|
+
/** Additional headers to include in API calls */
|
|
35
|
+
apiHeaders?: Record<string, string>;
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Extended IdpTokens with usage metadata (CRED-003)
|
|
39
|
+
*/
|
|
40
|
+
export interface IdpTokensWithMetadata extends IdpTokens, TokenUsageMetadata {
|
|
41
|
+
}
|
|
11
42
|
/**
|
|
12
43
|
* Interface for IDP token storage
|
|
13
44
|
*/
|
|
@@ -16,25 +47,25 @@ export interface IIdpTokenStorage {
|
|
|
16
47
|
* Store IDP tokens
|
|
17
48
|
*
|
|
18
49
|
* @param userDid - User DID to associate tokens with
|
|
19
|
-
* @param provider - OAuth provider name
|
|
50
|
+
* @param provider - OAuth provider name or credential provider
|
|
20
51
|
* @param scopes - Scopes granted for these tokens
|
|
21
|
-
* @param tokens - IDP tokens to store
|
|
52
|
+
* @param tokens - IDP tokens to store (may include usage metadata for credentials)
|
|
22
53
|
*/
|
|
23
|
-
storeToken(userDid: string, provider: string, scopes: string[], tokens: IdpTokens): Promise<void>;
|
|
54
|
+
storeToken(userDid: string, provider: string, scopes: string[], tokens: IdpTokens | IdpTokensWithMetadata): Promise<void>;
|
|
24
55
|
/**
|
|
25
56
|
* Retrieve IDP tokens
|
|
26
57
|
*
|
|
27
58
|
* @param userDid - User DID to retrieve tokens for
|
|
28
|
-
* @param provider - OAuth provider name
|
|
59
|
+
* @param provider - OAuth provider name or credential provider
|
|
29
60
|
* @param scopes - Scopes to retrieve tokens for
|
|
30
|
-
* @returns IDP tokens or null if not found
|
|
61
|
+
* @returns IDP tokens with optional usage metadata or null if not found
|
|
31
62
|
*/
|
|
32
|
-
getToken(userDid: string, provider: string, scopes: string[]): Promise<
|
|
63
|
+
getToken(userDid: string, provider: string, scopes: string[]): Promise<IdpTokensWithMetadata | null>;
|
|
33
64
|
/**
|
|
34
65
|
* Delete IDP tokens
|
|
35
66
|
*
|
|
36
67
|
* @param userDid - User DID
|
|
37
|
-
* @param provider - OAuth provider name
|
|
68
|
+
* @param provider - OAuth provider name or credential provider
|
|
38
69
|
* @param scopes - Scopes
|
|
39
70
|
*/
|
|
40
71
|
deleteToken(userDid: string, provider: string, scopes: string[]): Promise<void>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"idp-token-storage.interface.d.ts","sourceRoot":"","sources":["../../src/identity/idp-token-storage.interface.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"idp-token-storage.interface.d.ts","sourceRoot":"","sources":["../../src/identity/idp-token-storage.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AAE1D;;;;GAIG;AACH,MAAM,WAAW,kBAAkB;IACjC;;;;;OAKG;IACH,UAAU,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAE5C,qDAAqD;IACrD,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,iDAAiD;IACjD,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,qBAAsB,SAAQ,SAAS,EAAE,kBAAkB;CAAG;AAE/E;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;;;;;OAOG;IACH,UAAU,CACR,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,EAChB,MAAM,EAAE,SAAS,GAAG,qBAAqB,GACxC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB;;;;;;;OAOG;IACH,QAAQ,CACN,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,GACf,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAAC;IAEzC;;;;;;OAMG;IACH,WAAW,CACT,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,GACf,OAAO,CAAC,IAAI,CAAC,CAAC;CAClB"}
|
|
@@ -6,6 +6,8 @@
|
|
|
6
6
|
* Platform-specific implementations (Cloudflare KV, Node.js database, etc.)
|
|
7
7
|
* implement this interface.
|
|
8
8
|
*
|
|
9
|
+
* Supports both OAuth tokens and credential-based session tokens (CRED-003).
|
|
10
|
+
*
|
|
9
11
|
* @package @kya-os/mcp-i-core
|
|
10
12
|
*/
|
|
11
13
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"idp-token-storage.interface.js","sourceRoot":"","sources":["../../src/identity/idp-token-storage.interface.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"idp-token-storage.interface.js","sourceRoot":"","sources":["../../src/identity/idp-token-storage.interface.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG"}
|
package/dist/index.d.ts
CHANGED
|
@@ -65,5 +65,5 @@ export { UserDidManager } from "./identity/user-did-manager";
|
|
|
65
65
|
export type { UserDidStorage, UserDidManagerConfig, UserKeyPair, OAuthIdentity, } from "./identity/user-did-manager";
|
|
66
66
|
export { IdpTokenResolver } from "./identity/idp-token-resolver";
|
|
67
67
|
export type { IdpTokenResolverConfig } from "./identity/idp-token-resolver";
|
|
68
|
-
export type { IIdpTokenStorage } from "./identity/idp-token-storage.interface";
|
|
68
|
+
export type { IIdpTokenStorage, TokenUsageMetadata, IdpTokensWithMetadata, } from "./identity/idp-token-storage.interface";
|
|
69
69
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EACL,cAAc,EACd,aAAa,EACb,aAAa,EACb,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,KAAK,aAAa,GACnB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,YAAY,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAG/D,YAAY,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAG3D,cAAc,SAAS,CAAC;AAExB,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAG3E,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE1D,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAGvE,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE1D,YAAY,EACV,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,uBAAuB,EAAE,MAAM,mCAAmC,CAAC;AAE5E,YAAY,EACV,6BAA6B,EAC7B,8BAA8B,GAC/B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EACL,0BAA0B,EAC1B,gCAAgC,GACjC,MAAM,yCAAyC,CAAC;AAEjD,YAAY,EACV,gCAAgC,EAChC,yBAAyB,GAC1B,MAAM,yCAAyC,CAAC;AAGjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AAErE,YAAY,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAGhF,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD,YAAY,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAGnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AAErE,YAAY,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAGhF,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAG3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAGhE,OAAO,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,+BAA+B,CAAC;AAG3F,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AACtF,YAAY,EAAE,gCAAgC,EAAE,MAAM,0CAA0C,CAAC;AAGjG,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,YAAY,EAAE,SAAS,EAAE,MAAM,qCAAqC,CAAC;AAGrE,OAAO,EACL,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,4BAA4B,CAAC;AAEpC,YAAY,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAGnE,OAAO,EACL,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,4BAA4B,CAAC;AAEpC,YAAY,EACV,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EACL,sBAAsB,EACtB,8BAA8B,EAC9B,4BAA4B,GAC7B,MAAM,mBAAmB,CAAC;AAE3B,YAAY,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAEpE,OAAO,EACL,mBAAmB,EACnB,2BAA2B,EAC3B,uBAAuB,GACxB,MAAM,+BAA+B,CAAC;AAEvC,YAAY,EACV,cAAc,EACd,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAClE,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,YAAY,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAC;AAG9E,OAAO,EACL,0BAA0B,EAC1B,sBAAsB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,IAAI,0BAA0B,GACpD,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,4BAA4B,EAC5B,wBAAwB,EACxB,KAAK,8BAA8B,EACnC,KAAK,yBAAyB,EAC9B,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,6BAA6B,GACnC,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,qBAAqB,EACrB,uBAAuB,EACvB,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,GAChC,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EACL,gBAAgB,EAChB,UAAU,EACV,KAAK,mBAAmB,EACxB,KAAK,qBAAqB,GAC3B,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,KAAK,cAAc,EACnB,KAAK,8BAA8B,GACpC,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EACL,0BAA0B,EAC1B,gCAAgC,EAChC,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,0BAA0B,GAChC,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAAE,uBAAuB,EAAE,MAAM,gDAAgD,CAAC;AAEzF,OAAO,EAAE,4BAA4B,EAAE,MAAM,2CAA2C,CAAC;AAGzF,OAAO,EACL,oBAAoB,EACpB,eAAe,EACf,0BAA0B,EAC1B,cAAc,EACd,iBAAiB,GAClB,MAAM,+BAA+B,CAAC;AAGvC,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,aAAa,GACd,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,KAAK,cAAc,EACnB,KAAK,qBAAqB,EAC1B,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,GAC1B,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EACL,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,aAAa,EACb,kBAAkB,EAClB,cAAc,GACf,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,oBAAoB,GAC1B,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,wBAAwB,EACxB,yBAAyB,EACzB,sBAAsB,EACtB,uBAAuB,EACvB,aAAa,GACd,MAAM,gBAAgB,CAAC;AAIxB,OAAO,KAAK,EACV,gBAAgB,EAChB,cAAc,EACd,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,SAAS,EACT,aAAa,EACb,eAAe,EACf,WAAW,EACZ,MAAM,mBAAmB,CAAC;AAE3B,YAAY,EACV,gBAAgB,EAChB,cAAc,EACd,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,SAAS,EACT,aAAa,EACb,eAAe,EACf,WAAW,GACZ,CAAC;AAGF,cAAc,UAAU,CAAC;AAGzB,OAAO,EACL,iBAAiB,EACjB,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,GACzB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,YAAY,EACV,cAAc,EACd,oBAAoB,EACpB,WAAW,EACX,aAAa,GACd,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,YAAY,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAC5E,YAAY,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EACL,cAAc,EACd,aAAa,EACb,aAAa,EACb,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,KAAK,aAAa,GACnB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,YAAY,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAG/D,YAAY,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAG3D,cAAc,SAAS,CAAC;AAExB,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAG3E,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE1D,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAGvE,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE1D,YAAY,EACV,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,uBAAuB,EAAE,MAAM,mCAAmC,CAAC;AAE5E,YAAY,EACV,6BAA6B,EAC7B,8BAA8B,GAC/B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EACL,0BAA0B,EAC1B,gCAAgC,GACjC,MAAM,yCAAyC,CAAC;AAEjD,YAAY,EACV,gCAAgC,EAChC,yBAAyB,GAC1B,MAAM,yCAAyC,CAAC;AAGjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AAErE,YAAY,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAGhF,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD,YAAY,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAGnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AAErE,YAAY,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAGhF,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAG3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAGhE,OAAO,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,+BAA+B,CAAC;AAG3F,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AACtF,YAAY,EAAE,gCAAgC,EAAE,MAAM,0CAA0C,CAAC;AAGjG,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,YAAY,EAAE,SAAS,EAAE,MAAM,qCAAqC,CAAC;AAGrE,OAAO,EACL,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,4BAA4B,CAAC;AAEpC,YAAY,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAGnE,OAAO,EACL,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,4BAA4B,CAAC;AAEpC,YAAY,EACV,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EACL,sBAAsB,EACtB,8BAA8B,EAC9B,4BAA4B,GAC7B,MAAM,mBAAmB,CAAC;AAE3B,YAAY,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAEpE,OAAO,EACL,mBAAmB,EACnB,2BAA2B,EAC3B,uBAAuB,GACxB,MAAM,+BAA+B,CAAC;AAEvC,YAAY,EACV,cAAc,EACd,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAClE,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,YAAY,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAC;AAG9E,OAAO,EACL,0BAA0B,EAC1B,sBAAsB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,IAAI,0BAA0B,GACpD,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,4BAA4B,EAC5B,wBAAwB,EACxB,KAAK,8BAA8B,EACnC,KAAK,yBAAyB,EAC9B,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,6BAA6B,GACnC,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,qBAAqB,EACrB,uBAAuB,EACvB,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,GAChC,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EACL,gBAAgB,EAChB,UAAU,EACV,KAAK,mBAAmB,EACxB,KAAK,qBAAqB,GAC3B,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,KAAK,cAAc,EACnB,KAAK,8BAA8B,GACpC,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EACL,0BAA0B,EAC1B,gCAAgC,EAChC,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,0BAA0B,GAChC,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAAE,uBAAuB,EAAE,MAAM,gDAAgD,CAAC;AAEzF,OAAO,EAAE,4BAA4B,EAAE,MAAM,2CAA2C,CAAC;AAGzF,OAAO,EACL,oBAAoB,EACpB,eAAe,EACf,0BAA0B,EAC1B,cAAc,EACd,iBAAiB,GAClB,MAAM,+BAA+B,CAAC;AAGvC,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,aAAa,GACd,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,KAAK,cAAc,EACnB,KAAK,qBAAqB,EAC1B,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,GAC1B,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EACL,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,aAAa,EACb,kBAAkB,EAClB,cAAc,GACf,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,oBAAoB,GAC1B,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,wBAAwB,EACxB,yBAAyB,EACzB,sBAAsB,EACtB,uBAAuB,EACvB,aAAa,GACd,MAAM,gBAAgB,CAAC;AAIxB,OAAO,KAAK,EACV,gBAAgB,EAChB,cAAc,EACd,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,SAAS,EACT,aAAa,EACb,eAAe,EACf,WAAW,EACZ,MAAM,mBAAmB,CAAC;AAE3B,YAAY,EACV,gBAAgB,EAChB,cAAc,EACd,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,SAAS,EACT,aAAa,EACb,eAAe,EACf,WAAW,GACZ,CAAC;AAGF,cAAc,UAAU,CAAC;AAGzB,OAAO,EACL,iBAAiB,EACjB,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,GACzB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,YAAY,EACV,cAAc,EACd,oBAAoB,EACpB,WAAW,EACX,aAAa,GACd,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,YAAY,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAC5E,YAAY,EACV,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,GACtB,MAAM,wCAAwC,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -171,7 +171,7 @@ Object.defineProperty(exports, "fetchRemoteConfig", { enumerable: true, get: fun
|
|
|
171
171
|
// User DID Manager (Phase 4)
|
|
172
172
|
var user_did_manager_1 = require("./identity/user-did-manager");
|
|
173
173
|
Object.defineProperty(exports, "UserDidManager", { enumerable: true, get: function () { return user_did_manager_1.UserDidManager; } });
|
|
174
|
-
// IDP Token Resolver (Phase 1 - MH-7)
|
|
174
|
+
// IDP Token Resolver (Phase 1 - MH-7, updated for CRED-003)
|
|
175
175
|
var idp_token_resolver_1 = require("./identity/idp-token-resolver");
|
|
176
176
|
Object.defineProperty(exports, "IdpTokenResolver", { enumerable: true, get: function () { return idp_token_resolver_1.IdpTokenResolver; } });
|
|
177
177
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;AAEH,iBAAiB;AACjB,yCAQ0B;AAPxB,sGAAA,cAAc,OAAA;AACd,qGAAA,aAAa,OAAA;AACb,qGAAA,aAAa,OAAA;AACb,uGAAA,eAAe,OAAA;AACf,0GAAA,kBAAkB,OAAA;AAClB,wGAAA,gBAAgB,OAAA;AAIlB,mBAAmB;AACnB,6CAI4B;AAH1B,+GAAA,qBAAqB,OAAA;AACrB,kHAAA,wBAAwB,OAAA;AACxB,gHAAA,sBAAsB,OAAA;AAGxB,UAAU;AACV,uCAAiD;AAAxC,uGAAA,eAAe,OAAA;AAMxB,YAAY;AACZ,0CAAwB;AACxB,kBAAkB;AAClB,8EAA2E;AAAlE,gIAAA,qBAAqB,OAAA;AAE9B,iBAAiB;AACjB,4DAA0D;AAAjD,+GAAA,aAAa,OAAA;AAItB,yBAAyB;AACzB,4DAA0D;AAAjD,+GAAA,aAAa,OAAA;AAOtB,gDAAgD;AAChD,4EAA4E;AAAnE,iIAAA,uBAAuB,OAAA;AAOhC,+BAA+B;AAC/B,wFAGiD;AAF/C,0IAAA,0BAA0B,OAAA;AAC1B,gJAAA,gCAAgC,OAAA;AAQlC,iCAAiC;AACjC,wEAAqE;AAA5D,0HAAA,kBAAkB,OAAA;AAI3B,0BAA0B;AAC1B,0DAAwD;AAA/C,6GAAA,YAAY,OAAA;AAIrB,iCAAiC;AACjC,wEAAqE;AAA5D,0HAAA,kBAAkB,OAAA;AAI3B,oCAAoC;AACpC,8EAA2E;AAAlE,gIAAA,qBAAqB,OAAA;AAE9B,8BAA8B;AAC9B,kEAAgE;AAAvD,qHAAA,gBAAgB,OAAA;AAEzB,+BAA+B;AAC/B,oEAA2F;AAAlF,uHAAA,iBAAiB,OAAA;AAAE,6HAAA,uBAAuB,OAAA;AAEnD,0CAA0C;AAC1C,0FAAsF;AAA7E,2IAAA,0BAA0B,OAAA;AAGnC,qCAAqC;AACrC,gFAA6E;AAApE,kIAAA,sBAAsB,OAAA;AAG/B,qBAAqB;AACrB,iEAGoC;AAFlC,8HAAA,wBAAwB,OAAA;AACxB,0HAAA,oBAAoB,OAAA;AAKtB,0BAA0B;AAC1B,8DAIoC;AAHlC,yHAAA,sBAAsB,OAAA;AACtB,oHAAA,iBAAiB,OAAA;AACjB,oHAAA,iBAAiB,OAAA;AAQnB,4BAA4B;AAC5B,4CAI2B;AAHzB,gHAAA,sBAAsB,OAAA;AACtB,wHAAA,8BAA8B,OAAA;AAC9B,sHAAA,4BAA4B,OAAA;AAK9B,uEAIuC;AAFrC,oIAAA,2BAA2B,OAAA;AAC3B,gIAAA,uBAAuB,OAAA;AASzB,2DAAkE;AAAzD,0HAAA,uBAAuB,OAAA;AAChC,qEAAkE;AAAzD,0HAAA,kBAAkB,OAAA;AAG3B,4BAA4B;AAC5B,oDAMgC;AAL9B,uHAAA,0BAA0B,OAAA;AAC1B,mHAAA,sBAAsB,OAAA;AAMxB,wDAUkC;AAThC,2HAAA,4BAA4B,OAAA;AAC5B,uHAAA,wBAAwB,OAAA;AAU1B,iBAAiB;AACjB,sEAKyC;AAJvC,2HAAA,qBAAqB,OAAA;AACrB,6HAAA,uBAAuB,OAAA;AAKzB,oDAKgC;AAJ9B,6GAAA,gBAAgB,OAAA;AAChB,uGAAA,UAAU,OAAA;AAKZ,0CAA0C;AAC1C,kEAKuC;AAJrC,0HAAA,sBAAsB,OAAA;AACtB,yHAAA,qBAAqB,OAAA;AAKvB,0EAM2C;AALzC,kIAAA,0BAA0B,OAAA;AAC1B,wIAAA,gCAAgC,OAAA;AAMlC,qDAAqD;AACrD,4FAAyF;AAAhF,oIAAA,uBAAuB,OAAA;AAEhC,kFAAyF;AAAhF,oIAAA,4BAA4B,OAAA;AAErC,6CAA6C;AAC7C,kEAMuC;AALrC,wHAAA,oBAAoB,OAAA;AACpB,mHAAA,eAAe,OAAA;AACf,8HAAA,0BAA0B,OAAA;AAC1B,kHAAA,cAAc,OAAA;AACd,qHAAA,iBAAiB,OAAA;AAGnB,mDAAmD;AACnD,yCAIwB;AAHtB,sGAAA,YAAY,OAAA;AACZ,sGAAA,YAAY,OAAA;AACZ,uGAAA,aAAa,OAAA;AAGf,8DAA8D;AAC9D,gEAOsC;AANpC,iHAAA,cAAc,OAAA;AACd,uHAAA,oBAAoB,OAAA;AAOtB,gEAOsC;AANpC,kHAAA,eAAe,OAAA;AACf,gHAAA,aAAa,OAAA;AACb,uHAAA,oBAAoB,OAAA;AACpB,gHAAA,aAAa,OAAA;AACb,qHAAA,kBAAkB,OAAA;AAClB,iHAAA,cAAc,OAAA;AAGhB,4CAQ4B;AAP1B,yGAAA,gBAAgB,OAAA;AAChB,4GAAA,mBAAmB,OAAA;AACnB,sGAAA,aAAa,OAAA;AACb,mGAAA,UAAU,OAAA;AAMZ,uCAAuC;AACvC,yCAMwB;AALtB,kHAAA,wBAAwB,OAAA;AACxB,mHAAA,yBAAyB,OAAA;AACzB,gHAAA,sBAAsB,OAAA;AACtB,iHAAA,uBAAuB,OAAA;AACvB,uGAAA,aAAa,OAAA;AA6Bf,oCAAoC;AACpC,2CAAyB;AAEzB,gCAAgC;AAChC,wDAIgC;AAH9B,kHAAA,iBAAiB,OAAA;AAKnB,6BAA6B;AAC7B,gEAA6D;AAApD,kHAAA,cAAc,OAAA;AAQvB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;AAEH,iBAAiB;AACjB,yCAQ0B;AAPxB,sGAAA,cAAc,OAAA;AACd,qGAAA,aAAa,OAAA;AACb,qGAAA,aAAa,OAAA;AACb,uGAAA,eAAe,OAAA;AACf,0GAAA,kBAAkB,OAAA;AAClB,wGAAA,gBAAgB,OAAA;AAIlB,mBAAmB;AACnB,6CAI4B;AAH1B,+GAAA,qBAAqB,OAAA;AACrB,kHAAA,wBAAwB,OAAA;AACxB,gHAAA,sBAAsB,OAAA;AAGxB,UAAU;AACV,uCAAiD;AAAxC,uGAAA,eAAe,OAAA;AAMxB,YAAY;AACZ,0CAAwB;AACxB,kBAAkB;AAClB,8EAA2E;AAAlE,gIAAA,qBAAqB,OAAA;AAE9B,iBAAiB;AACjB,4DAA0D;AAAjD,+GAAA,aAAa,OAAA;AAItB,yBAAyB;AACzB,4DAA0D;AAAjD,+GAAA,aAAa,OAAA;AAOtB,gDAAgD;AAChD,4EAA4E;AAAnE,iIAAA,uBAAuB,OAAA;AAOhC,+BAA+B;AAC/B,wFAGiD;AAF/C,0IAAA,0BAA0B,OAAA;AAC1B,gJAAA,gCAAgC,OAAA;AAQlC,iCAAiC;AACjC,wEAAqE;AAA5D,0HAAA,kBAAkB,OAAA;AAI3B,0BAA0B;AAC1B,0DAAwD;AAA/C,6GAAA,YAAY,OAAA;AAIrB,iCAAiC;AACjC,wEAAqE;AAA5D,0HAAA,kBAAkB,OAAA;AAI3B,oCAAoC;AACpC,8EAA2E;AAAlE,gIAAA,qBAAqB,OAAA;AAE9B,8BAA8B;AAC9B,kEAAgE;AAAvD,qHAAA,gBAAgB,OAAA;AAEzB,+BAA+B;AAC/B,oEAA2F;AAAlF,uHAAA,iBAAiB,OAAA;AAAE,6HAAA,uBAAuB,OAAA;AAEnD,0CAA0C;AAC1C,0FAAsF;AAA7E,2IAAA,0BAA0B,OAAA;AAGnC,qCAAqC;AACrC,gFAA6E;AAApE,kIAAA,sBAAsB,OAAA;AAG/B,qBAAqB;AACrB,iEAGoC;AAFlC,8HAAA,wBAAwB,OAAA;AACxB,0HAAA,oBAAoB,OAAA;AAKtB,0BAA0B;AAC1B,8DAIoC;AAHlC,yHAAA,sBAAsB,OAAA;AACtB,oHAAA,iBAAiB,OAAA;AACjB,oHAAA,iBAAiB,OAAA;AAQnB,4BAA4B;AAC5B,4CAI2B;AAHzB,gHAAA,sBAAsB,OAAA;AACtB,wHAAA,8BAA8B,OAAA;AAC9B,sHAAA,4BAA4B,OAAA;AAK9B,uEAIuC;AAFrC,oIAAA,2BAA2B,OAAA;AAC3B,gIAAA,uBAAuB,OAAA;AASzB,2DAAkE;AAAzD,0HAAA,uBAAuB,OAAA;AAChC,qEAAkE;AAAzD,0HAAA,kBAAkB,OAAA;AAG3B,4BAA4B;AAC5B,oDAMgC;AAL9B,uHAAA,0BAA0B,OAAA;AAC1B,mHAAA,sBAAsB,OAAA;AAMxB,wDAUkC;AAThC,2HAAA,4BAA4B,OAAA;AAC5B,uHAAA,wBAAwB,OAAA;AAU1B,iBAAiB;AACjB,sEAKyC;AAJvC,2HAAA,qBAAqB,OAAA;AACrB,6HAAA,uBAAuB,OAAA;AAKzB,oDAKgC;AAJ9B,6GAAA,gBAAgB,OAAA;AAChB,uGAAA,UAAU,OAAA;AAKZ,0CAA0C;AAC1C,kEAKuC;AAJrC,0HAAA,sBAAsB,OAAA;AACtB,yHAAA,qBAAqB,OAAA;AAKvB,0EAM2C;AALzC,kIAAA,0BAA0B,OAAA;AAC1B,wIAAA,gCAAgC,OAAA;AAMlC,qDAAqD;AACrD,4FAAyF;AAAhF,oIAAA,uBAAuB,OAAA;AAEhC,kFAAyF;AAAhF,oIAAA,4BAA4B,OAAA;AAErC,6CAA6C;AAC7C,kEAMuC;AALrC,wHAAA,oBAAoB,OAAA;AACpB,mHAAA,eAAe,OAAA;AACf,8HAAA,0BAA0B,OAAA;AAC1B,kHAAA,cAAc,OAAA;AACd,qHAAA,iBAAiB,OAAA;AAGnB,mDAAmD;AACnD,yCAIwB;AAHtB,sGAAA,YAAY,OAAA;AACZ,sGAAA,YAAY,OAAA;AACZ,uGAAA,aAAa,OAAA;AAGf,8DAA8D;AAC9D,gEAOsC;AANpC,iHAAA,cAAc,OAAA;AACd,uHAAA,oBAAoB,OAAA;AAOtB,gEAOsC;AANpC,kHAAA,eAAe,OAAA;AACf,gHAAA,aAAa,OAAA;AACb,uHAAA,oBAAoB,OAAA;AACpB,gHAAA,aAAa,OAAA;AACb,qHAAA,kBAAkB,OAAA;AAClB,iHAAA,cAAc,OAAA;AAGhB,4CAQ4B;AAP1B,yGAAA,gBAAgB,OAAA;AAChB,4GAAA,mBAAmB,OAAA;AACnB,sGAAA,aAAa,OAAA;AACb,mGAAA,UAAU,OAAA;AAMZ,uCAAuC;AACvC,yCAMwB;AALtB,kHAAA,wBAAwB,OAAA;AACxB,mHAAA,yBAAyB,OAAA;AACzB,gHAAA,sBAAsB,OAAA;AACtB,iHAAA,uBAAuB,OAAA;AACvB,uGAAA,aAAa,OAAA;AA6Bf,oCAAoC;AACpC,2CAAyB;AAEzB,gCAAgC;AAChC,wDAIgC;AAH9B,kHAAA,iBAAiB,OAAA;AAKnB,6BAA6B;AAC7B,gEAA6D;AAApD,kHAAA,cAAc,OAAA;AAQvB,4DAA4D;AAC5D,oEAAiE;AAAxD,sHAAA,gBAAgB,OAAA"}
|
|
@@ -4,6 +4,9 @@
|
|
|
4
4
|
* Builds ToolExecutionContext for tool handlers by resolving IDP tokens
|
|
5
5
|
* based on tool protection configuration and user identity.
|
|
6
6
|
*
|
|
7
|
+
* Updated for CRED-003: Builds idpHeaders based on tokenUsage metadata
|
|
8
|
+
* to support credential providers with custom token usage patterns.
|
|
9
|
+
*
|
|
7
10
|
* @package @kya-os/mcp-i-core
|
|
8
11
|
*/
|
|
9
12
|
import type { ToolExecutionContext } from "@kya-os/contracts/config";
|
|
@@ -37,13 +40,27 @@ export declare class ToolContextBuilder {
|
|
|
37
40
|
* Build tool execution context
|
|
38
41
|
*
|
|
39
42
|
* @param toolName - Name of the tool being executed
|
|
40
|
-
* @param userDid - User DID (optional, required for OAuth)
|
|
43
|
+
* @param userDid - User DID (optional, required for OAuth/credentials)
|
|
41
44
|
* @param sessionId - Session ID (optional)
|
|
42
45
|
* @param delegationToken - Delegation token (optional)
|
|
43
46
|
* @param toolProtection - Tool protection configuration (optional)
|
|
44
47
|
* @returns Tool execution context or undefined if not needed
|
|
45
48
|
*/
|
|
46
49
|
buildContext(toolName: string, userDid: string | undefined, sessionId: string | undefined, delegationToken: string | undefined, toolProtection: ToolProtection | null): Promise<ToolExecutionContext | undefined>;
|
|
50
|
+
/**
|
|
51
|
+
* Build authentication headers based on token usage metadata (CRED-003)
|
|
52
|
+
*
|
|
53
|
+
* Supports three modes:
|
|
54
|
+
* - "cookie": Cookie header (with optional cookieFormat template)
|
|
55
|
+
* - "bearer": Authorization: Bearer xxx
|
|
56
|
+
* - "header": Custom header name
|
|
57
|
+
*
|
|
58
|
+
* Also includes any apiHeaders from provider config.
|
|
59
|
+
*
|
|
60
|
+
* @param tokenData - Token data with usage metadata
|
|
61
|
+
* @returns Headers object for API calls
|
|
62
|
+
*/
|
|
63
|
+
private buildAuthHeaders;
|
|
47
64
|
/**
|
|
48
65
|
* Resolve OAuth provider for a tool
|
|
49
66
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tool-context-builder.d.ts","sourceRoot":"","sources":["../../src/services/tool-context-builder.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"tool-context-builder.d.ts","sourceRoot":"","sources":["../../src/services/tool-context-builder.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AACrE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AAE1E,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG/D,MAAM,WAAW,wBAAwB;IACvC,4DAA4D;IAC5D,aAAa,EAAE,gBAAgB,CAAC;IAEhC,gEAAgE;IAChE,aAAa,EAAE,kBAAkB,CAAC;IAElC,gEAAgE;IAChE,gBAAgB,EAAE,gBAAgB,CAAC;IAEnC,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAElB,+CAA+C;IAC/C,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CACpD;AAED;;;;;;GAMG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAEZ;gBAEU,MAAM,EAAE,wBAAwB;IAU5C;;;;;;;;;OASG;IACG,YAAY,CAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,eAAe,EAAE,MAAM,GAAG,SAAS,EACnC,cAAc,EAAE,cAAc,GAAG,IAAI,GACpC,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC;IA4E5C;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,gBAAgB;IAyCxB;;;;;;;OAOG;YACW,eAAe;CAsB9B"}
|
|
@@ -5,6 +5,9 @@
|
|
|
5
5
|
* Builds ToolExecutionContext for tool handlers by resolving IDP tokens
|
|
6
6
|
* based on tool protection configuration and user identity.
|
|
7
7
|
*
|
|
8
|
+
* Updated for CRED-003: Builds idpHeaders based on tokenUsage metadata
|
|
9
|
+
* to support credential providers with custom token usage patterns.
|
|
10
|
+
*
|
|
8
11
|
* @package @kya-os/mcp-i-core
|
|
9
12
|
*/
|
|
10
13
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
@@ -32,14 +35,14 @@ class ToolContextBuilder {
|
|
|
32
35
|
* Build tool execution context
|
|
33
36
|
*
|
|
34
37
|
* @param toolName - Name of the tool being executed
|
|
35
|
-
* @param userDid - User DID (optional, required for OAuth)
|
|
38
|
+
* @param userDid - User DID (optional, required for OAuth/credentials)
|
|
36
39
|
* @param sessionId - Session ID (optional)
|
|
37
40
|
* @param delegationToken - Delegation token (optional)
|
|
38
41
|
* @param toolProtection - Tool protection configuration (optional)
|
|
39
42
|
* @returns Tool execution context or undefined if not needed
|
|
40
43
|
*/
|
|
41
44
|
async buildContext(toolName, userDid, sessionId, delegationToken, toolProtection) {
|
|
42
|
-
// Only build context if tool requires OAuth
|
|
45
|
+
// Only build context if tool requires OAuth/credentials
|
|
43
46
|
if (!toolProtection?.requiredScopes?.length || !userDid) {
|
|
44
47
|
return undefined;
|
|
45
48
|
}
|
|
@@ -58,10 +61,11 @@ class ToolContextBuilder {
|
|
|
58
61
|
});
|
|
59
62
|
return undefined;
|
|
60
63
|
}
|
|
61
|
-
// Resolve
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
64
|
+
// CRED-003: Resolve full token data (not just access_token)
|
|
65
|
+
// This includes tokenUsage, cookieFormat, apiHeaders for credential providers
|
|
66
|
+
const tokenData = await this.config.tokenResolver.resolveTokenDataFromDid(userDid, provider, toolProtection.requiredScopes);
|
|
67
|
+
if (!tokenData) {
|
|
68
|
+
// Token not available - throw OAuthRequiredError to trigger auth flow
|
|
65
69
|
this.config.logger("[ToolContextBuilder] Token not available, throwing OAuthRequiredError", {
|
|
66
70
|
toolName,
|
|
67
71
|
userDid: userDid.substring(0, 20) + "...",
|
|
@@ -69,7 +73,7 @@ class ToolContextBuilder {
|
|
|
69
73
|
scopes: toolProtection.requiredScopes,
|
|
70
74
|
});
|
|
71
75
|
// Throw error with provider and scopes info
|
|
72
|
-
//
|
|
76
|
+
// Auth URL will be built by the Cloudflare layer (agent.ts)
|
|
73
77
|
throw new oauth_required_error_js_1.OAuthRequiredError({
|
|
74
78
|
toolName,
|
|
75
79
|
requiredScopes: toolProtection.requiredScopes,
|
|
@@ -79,9 +83,12 @@ class ToolContextBuilder {
|
|
|
79
83
|
sessionId,
|
|
80
84
|
});
|
|
81
85
|
}
|
|
82
|
-
// Build
|
|
86
|
+
// CRED-003: Build headers based on tokenUsage
|
|
87
|
+
const idpHeaders = this.buildAuthHeaders(tokenData);
|
|
88
|
+
// Build context with token and headers
|
|
83
89
|
const context = {
|
|
84
|
-
idpToken,
|
|
90
|
+
idpToken: tokenData.access_token,
|
|
91
|
+
idpHeaders,
|
|
85
92
|
provider,
|
|
86
93
|
scopes: toolProtection.requiredScopes,
|
|
87
94
|
userDid,
|
|
@@ -92,10 +99,56 @@ class ToolContextBuilder {
|
|
|
92
99
|
toolName,
|
|
93
100
|
userDid: userDid.substring(0, 20) + "...",
|
|
94
101
|
provider,
|
|
95
|
-
hasToken: !!
|
|
102
|
+
hasToken: !!tokenData.access_token,
|
|
103
|
+
tokenUsage: tokenData.tokenUsage,
|
|
104
|
+
headerKeys: Object.keys(idpHeaders),
|
|
96
105
|
});
|
|
97
106
|
return context;
|
|
98
107
|
}
|
|
108
|
+
/**
|
|
109
|
+
* Build authentication headers based on token usage metadata (CRED-003)
|
|
110
|
+
*
|
|
111
|
+
* Supports three modes:
|
|
112
|
+
* - "cookie": Cookie header (with optional cookieFormat template)
|
|
113
|
+
* - "bearer": Authorization: Bearer xxx
|
|
114
|
+
* - "header": Custom header name
|
|
115
|
+
*
|
|
116
|
+
* Also includes any apiHeaders from provider config.
|
|
117
|
+
*
|
|
118
|
+
* @param tokenData - Token data with usage metadata
|
|
119
|
+
* @returns Headers object for API calls
|
|
120
|
+
*/
|
|
121
|
+
buildAuthHeaders(tokenData) {
|
|
122
|
+
const authHeaders = {};
|
|
123
|
+
const tokenUsage = tokenData.tokenUsage || "bearer"; // Default to bearer for OAuth
|
|
124
|
+
const token = tokenData.access_token;
|
|
125
|
+
switch (tokenUsage) {
|
|
126
|
+
case "cookie":
|
|
127
|
+
// Use cookieFormat if specified, otherwise send raw token
|
|
128
|
+
if (tokenData.cookieFormat) {
|
|
129
|
+
authHeaders["Cookie"] = tokenData.cookieFormat.replace(/\{\{token\}\}/g, token);
|
|
130
|
+
}
|
|
131
|
+
else {
|
|
132
|
+
authHeaders["Cookie"] = token;
|
|
133
|
+
}
|
|
134
|
+
break;
|
|
135
|
+
case "bearer":
|
|
136
|
+
authHeaders["Authorization"] = `Bearer ${token}`;
|
|
137
|
+
break;
|
|
138
|
+
case "header":
|
|
139
|
+
const headerName = tokenData.tokenHeader || "X-Session-Token";
|
|
140
|
+
authHeaders[headerName] = token;
|
|
141
|
+
break;
|
|
142
|
+
default:
|
|
143
|
+
// Unknown usage - default to bearer
|
|
144
|
+
authHeaders["Authorization"] = `Bearer ${token}`;
|
|
145
|
+
}
|
|
146
|
+
// Add any additional API headers from provider config
|
|
147
|
+
if (tokenData.apiHeaders) {
|
|
148
|
+
Object.assign(authHeaders, tokenData.apiHeaders);
|
|
149
|
+
}
|
|
150
|
+
return authHeaders;
|
|
151
|
+
}
|
|
99
152
|
/**
|
|
100
153
|
* Resolve OAuth provider for a tool
|
|
101
154
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tool-context-builder.js","sourceRoot":"","sources":["../../src/services/tool-context-builder.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"tool-context-builder.js","sourceRoot":"","sources":["../../src/services/tool-context-builder.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AAQH,8EAAsE;AAmBtE;;;;;;GAMG;AACH,MAAa,kBAAkB;IACrB,MAAM,CAEZ;IAEF,YAAY,MAAgC;QAC1C,IAAI,CAAC,MAAM,GAAG;YACZ,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;SACpC,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,OAA2B,EAC3B,SAA6B,EAC7B,eAAmC,EACnC,cAAqC;QAErC,wDAAwD;QACxD,IAAI,CAAC,cAAc,EAAE,cAAc,EAAE,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YACxD,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,mDAAmD;QACnD,oEAAoE;QACpE,IAAI,QAAgB,CAAC;QACrB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,oDAAoD;YACpD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,4CAA4C,EAAE;gBAC/D,QAAQ;gBACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;gBACzC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,4DAA4D;QAC5D,8EAA8E;QAC9E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,uBAAuB,CACvE,OAAO,EACP,QAAQ,EACR,cAAc,CAAC,cAAc,CAC9B,CAAC;QAEF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,sEAAsE;YACtE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,uEAAuE,EAAE;gBAC1F,QAAQ;gBACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;gBACzC,QAAQ;gBACR,MAAM,EAAE,cAAc,CAAC,cAAc;aACtC,CAAC,CAAC;YAEH,4CAA4C;YAC5C,4DAA4D;YAC5D,MAAM,IAAI,4CAAkB,CAAC;gBAC3B,QAAQ;gBACR,cAAc,EAAE,cAAc,CAAC,cAAc;gBAC7C,QAAQ;gBACR,QAAQ,EAAE,EAAE,EAAE,wCAAwC;gBACtD,OAAO;gBACP,SAAS;aACV,CAAC,CAAC;QACL,CAAC;QAED,8CAA8C;QAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;QAEpD,uCAAuC;QACvC,MAAM,OAAO,GAAyB;YACpC,QAAQ,EAAE,SAAS,CAAC,YAAY;YAChC,UAAU;YACV,QAAQ;YACR,MAAM,EAAE,cAAc,CAAC,cAAc;YACrC,OAAO;YACP,SAAS;YACT,eAAe;SAChB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,iDAAiD,EAAE;YACpE,QAAQ;YACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;YACzC,QAAQ;YACR,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,YAAY;YAClC,UAAU,EAAE,SAAS,CAAC,UAAU;YAChC,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;SACpC,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;;;;;;;OAYG;IACK,gBAAgB,CAAC,SAAgC;QACvD,MAAM,WAAW,GAA2B,EAAE,CAAC;QAE/C,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,IAAI,QAAQ,CAAC,CAAC,8BAA8B;QACnF,MAAM,KAAK,GAAG,SAAS,CAAC,YAAY,CAAC;QAErC,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,QAAQ;gBACX,0DAA0D;gBAC1D,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC;oBAC3B,WAAW,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC,YAAY,CAAC,OAAO,CACpD,gBAAgB,EAChB,KAAK,CACN,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,WAAW,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC;gBAChC,CAAC;gBACD,MAAM;YAER,KAAK,QAAQ;gBACX,WAAW,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;gBACjD,MAAM;YAER,KAAK,QAAQ;gBACX,MAAM,UAAU,GAAG,SAAS,CAAC,WAAW,IAAI,iBAAiB,CAAC;gBAC9D,WAAW,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC;gBAChC,MAAM;YAER;gBACE,oCAAoC;gBACpC,WAAW,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;QACrD,CAAC;QAED,sDAAsD;QACtD,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;YACzB,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;QACnD,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAED;;;;;;;OAOG;IACK,KAAK,CAAC,eAAe,CAC3B,cAA8B;QAE9B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,eAAe,CACjE,cAAc,EACd,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;YAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,wCAAwC,EAAE;gBAC3D,QAAQ;aACT,CAAC,CAAC;YAEH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,iDAAiD,EAAE;gBACpE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;gBAC7D,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;aACjC,CAAC,CAAC;YACH,MAAM,KAAK,CAAC,CAAC,gCAAgC;QAC/C,CAAC;IACH,CAAC;CACF;AA/LD,gDA+LC"}
|
|
@@ -165,7 +165,7 @@ export declare class ToolProtectionService {
|
|
|
165
165
|
clearAndRefresh(agentDid: string): Promise<{
|
|
166
166
|
config: ToolProtectionConfig;
|
|
167
167
|
cacheKey: string;
|
|
168
|
-
source:
|
|
168
|
+
source: "api" | "fallback";
|
|
169
169
|
}>;
|
|
170
170
|
}
|
|
171
171
|
//# sourceMappingURL=tool-protection.service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tool-protection.service.d.ts","sourceRoot":"","sources":["../../src/services/tool-protection.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8EG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,oBAAoB,EACpB,2BAA2B,EAE5B,MAAM,6BAA6B,CAAC;AACrC,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AA0E7E;;GAEG;AACH,qBAAa,qBAAqB;IAChC,OAAO,CAAC,MAAM,CAA8B;IAC5C,OAAO,CAAC,KAAK,CAAsB;gBAEvB,MAAM,EAAE,2BAA2B,EAAE,KAAK,EAAE,mBAAmB;IAK3E;;;OAGG;IACH,YAAY,IAAI,MAAM,GAAG,SAAS;IAIlC;;;;;;;;OAQG;YACW,aAAa;IA4C3B;;;;;;;;;;OAUG;IACG,uBAAuB,CAC3B,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"tool-protection.service.d.ts","sourceRoot":"","sources":["../../src/services/tool-protection.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8EG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,oBAAoB,EACpB,2BAA2B,EAE5B,MAAM,6BAA6B,CAAC;AACrC,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AA0E7E;;GAEG;AACH,qBAAa,qBAAqB;IAChC,OAAO,CAAC,MAAM,CAA8B;IAC5C,OAAO,CAAC,KAAK,CAAsB;gBAEvB,MAAM,EAAE,2BAA2B,EAAE,KAAK,EAAE,mBAAmB;IAK3E;;;OAGG;IACH,YAAY,IAAI,MAAM,GAAG,SAAS;IAIlC;;;;;;;;OAQG;YACW,aAAa;IA4C3B;;;;;;;;;;OAUG;IACG,uBAAuB,CAC3B,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,oBAAoB,CAAC;IAwbhC;;;;;;OAMG;IACG,mBAAmB,CACvB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IA8BjC;;;;;;;;;;OAUG;YACW,YAAY;IAmI1B;;;;;;;OAOG;IACG,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAiBjD;;;;;;;;;;;;;;;;;;;OAmBG;IACG,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;QAC/C,MAAM,EAAE,oBAAoB,CAAC;QAC7B,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,KAAK,GAAG,UAAU,CAAC;KAC5B,CAAC;CAwJH"}
|
|
@@ -298,9 +298,7 @@ class ToolProtectionService {
|
|
|
298
298
|
const oauthProvider = tool.oauthProvider ??
|
|
299
299
|
tool.oauth_provider ??
|
|
300
300
|
undefined;
|
|
301
|
-
const riskLevel = tool.riskLevel ??
|
|
302
|
-
tool.risk_level ??
|
|
303
|
-
undefined;
|
|
301
|
+
const riskLevel = tool.riskLevel ?? tool.risk_level ?? undefined;
|
|
304
302
|
toolProtections[toolName] = {
|
|
305
303
|
requiresDelegation,
|
|
306
304
|
requiredScopes,
|
|
@@ -344,7 +342,9 @@ class ToolProtectionService {
|
|
|
344
342
|
for (const [toolName, localConfig] of Object.entries(this.config.fallbackConfig.toolProtections)) {
|
|
345
343
|
// Skip if localConfig is empty or not a valid ToolProtection object
|
|
346
344
|
// This prevents empty objects from corrupting the merged config
|
|
347
|
-
if (!localConfig ||
|
|
345
|
+
if (!localConfig ||
|
|
346
|
+
typeof localConfig !== "object" ||
|
|
347
|
+
Object.keys(localConfig).length === 0) {
|
|
348
348
|
if (this.config.debug) {
|
|
349
349
|
console.log("[ToolProtectionService] Skipping empty/invalid fallback config entry", { tool: toolName });
|
|
350
350
|
}
|
|
@@ -703,7 +703,9 @@ class ToolProtectionService {
|
|
|
703
703
|
// 2. Fetch fresh config from API with CDN cache bypass
|
|
704
704
|
// This ensures we get fresh data from origin, not stale CDN data
|
|
705
705
|
try {
|
|
706
|
-
const response = await this.fetchFromApi(agentDid, {
|
|
706
|
+
const response = await this.fetchFromApi(agentDid, {
|
|
707
|
+
bypassCDNCache: true,
|
|
708
|
+
});
|
|
707
709
|
// Transform API response to internal format (same logic as getToolProtectionConfig)
|
|
708
710
|
const toolProtections = {};
|
|
709
711
|
if (response.data.toolProtections) {
|
|
@@ -735,12 +737,16 @@ class ToolProtectionService {
|
|
|
735
737
|
const toolName = tool.name;
|
|
736
738
|
if (!toolName)
|
|
737
739
|
continue;
|
|
738
|
-
const requiresDelegation = tool.requiresDelegation ??
|
|
740
|
+
const requiresDelegation = tool.requiresDelegation ??
|
|
741
|
+
tool.requires_delegation ??
|
|
742
|
+
false;
|
|
739
743
|
const requiredScopes = tool.requiredScopes ??
|
|
740
744
|
tool.required_scopes ??
|
|
741
745
|
tool.scopes ??
|
|
742
746
|
[];
|
|
743
|
-
const oauthProvider = tool.oauthProvider ??
|
|
747
|
+
const oauthProvider = tool.oauthProvider ??
|
|
748
|
+
tool.oauth_provider ??
|
|
749
|
+
undefined;
|
|
744
750
|
const riskLevel = tool.riskLevel ?? tool.risk_level ?? undefined;
|
|
745
751
|
toolProtections[toolName] = {
|
|
746
752
|
requiresDelegation,
|
|
@@ -789,7 +795,7 @@ class ToolProtectionService {
|
|
|
789
795
|
.map(([name]) => name),
|
|
790
796
|
source: "api",
|
|
791
797
|
});
|
|
792
|
-
return { config: freshConfig, cacheKey, source:
|
|
798
|
+
return { config: freshConfig, cacheKey, source: "api" };
|
|
793
799
|
}
|
|
794
800
|
catch (error) {
|
|
795
801
|
console.warn("[ToolProtectionService] API fetch failed during refresh, using fallback", {
|
|
@@ -797,10 +803,11 @@ class ToolProtectionService {
|
|
|
797
803
|
cacheKey,
|
|
798
804
|
});
|
|
799
805
|
// Use fallback config if API fails
|
|
800
|
-
const fallbackConfig = this.config
|
|
806
|
+
const fallbackConfig = this.config
|
|
807
|
+
.fallbackConfig || {
|
|
801
808
|
toolProtections: {},
|
|
802
809
|
};
|
|
803
|
-
return { config: fallbackConfig, cacheKey, source:
|
|
810
|
+
return { config: fallbackConfig, cacheKey, source: "fallback" };
|
|
804
811
|
}
|
|
805
812
|
}
|
|
806
813
|
}
|