npm - @kya-os/mcp-i-core - Versions diffs - 1.3.12 → 1.3.14 - Mend

@kya-os/mcp-i-core 1.3.12 → 1.3.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (254) hide show

package/dist/config/remote-config.js +9 -12
package/dist/runtime/base.js +11 -0
package/dist/services/access-control.service.js +5 -0
package/dist/services/tool-protection.service.js +17 -8
package/package.json +2 -2
package/.turbo/turbo-build.log +0 -4
package/.turbo/turbo-test$colon$coverage.log +0 -4586
package/.turbo/turbo-test.log +0 -3169
package/COMPLIANCE_IMPROVEMENT_REPORT.md +0 -483
package/Composer 3.md +0 -615
package/GPT-5.md +0 -1169
package/OPUS-plan.md +0 -352
package/PHASE_3_AND_4.1_SUMMARY.md +0 -585
package/PHASE_3_SUMMARY.md +0 -317
package/PHASE_4.1.3_SUMMARY.md +0 -428
package/PHASE_4.1_COMPLETE.md +0 -525
package/PHASE_4_USER_DID_IDENTITY_LINKING_PLAN.md +0 -1240
package/SCHEMA_COMPLIANCE_REPORT.md +0 -275
package/TEST_PLAN.md +0 -571
package/coverage/coverage-final.json +0 -60
package/dist/cache/oauth-config-cache.d.ts.map +0 -1
package/dist/cache/oauth-config-cache.js.map +0 -1
package/dist/cache/tool-protection-cache.d.ts.map +0 -1
package/dist/cache/tool-protection-cache.js.map +0 -1
package/dist/compliance/index.d.ts.map +0 -1
package/dist/compliance/index.js.map +0 -1
package/dist/compliance/schema-registry.d.ts.map +0 -1
package/dist/compliance/schema-registry.js.map +0 -1
package/dist/compliance/schema-verifier.d.ts.map +0 -1
package/dist/compliance/schema-verifier.js.map +0 -1
package/dist/config/remote-config.d.ts.map +0 -1
package/dist/config/remote-config.js.map +0 -1
package/dist/config.d.ts.map +0 -1
package/dist/config.js.map +0 -1
package/dist/delegation/audience-validator.d.ts.map +0 -1
package/dist/delegation/audience-validator.js.map +0 -1
package/dist/delegation/bitstring.d.ts.map +0 -1
package/dist/delegation/bitstring.js.map +0 -1
package/dist/delegation/cascading-revocation.d.ts.map +0 -1
package/dist/delegation/cascading-revocation.js.map +0 -1
package/dist/delegation/delegation-graph.d.ts.map +0 -1
package/dist/delegation/delegation-graph.js.map +0 -1
package/dist/delegation/did-key-resolver.d.ts.map +0 -1
package/dist/delegation/did-key-resolver.js.map +0 -1
package/dist/delegation/index.d.ts.map +0 -1
package/dist/delegation/index.js.map +0 -1
package/dist/delegation/statuslist-manager.d.ts.map +0 -1
package/dist/delegation/statuslist-manager.js.map +0 -1
package/dist/delegation/storage/index.d.ts.map +0 -1
package/dist/delegation/storage/index.js.map +0 -1
package/dist/delegation/storage/memory-graph-storage.d.ts.map +0 -1
package/dist/delegation/storage/memory-graph-storage.js.map +0 -1
package/dist/delegation/storage/memory-statuslist-storage.d.ts.map +0 -1
package/dist/delegation/storage/memory-statuslist-storage.js.map +0 -1
package/dist/delegation/utils.d.ts.map +0 -1
package/dist/delegation/utils.js.map +0 -1
package/dist/delegation/vc-issuer.d.ts.map +0 -1
package/dist/delegation/vc-issuer.js.map +0 -1
package/dist/delegation/vc-verifier.d.ts.map +0 -1
package/dist/delegation/vc-verifier.js.map +0 -1
package/dist/identity/idp-token-resolver.d.ts.map +0 -1
package/dist/identity/idp-token-resolver.js.map +0 -1
package/dist/identity/idp-token-storage.interface.d.ts.map +0 -1
package/dist/identity/idp-token-storage.interface.js.map +0 -1
package/dist/identity/user-did-manager.d.ts.map +0 -1
package/dist/identity/user-did-manager.js.map +0 -1
package/dist/index.d.ts.map +0 -1
package/dist/index.js.map +0 -1
package/dist/providers/base.d.ts.map +0 -1
package/dist/providers/base.js.map +0 -1
package/dist/providers/memory.d.ts.map +0 -1
package/dist/providers/memory.js.map +0 -1
package/dist/runtime/audit-logger.d.ts.map +0 -1
package/dist/runtime/audit-logger.js.map +0 -1
package/dist/runtime/base.d.ts.map +0 -1
package/dist/runtime/base.js.map +0 -1
package/dist/services/access-control.service.d.ts.map +0 -1
package/dist/services/access-control.service.js.map +0 -1
package/dist/services/authorization/authorization-registry.d.ts.map +0 -1
package/dist/services/authorization/authorization-registry.js.map +0 -1
package/dist/services/authorization/types.d.ts.map +0 -1
package/dist/services/authorization/types.js.map +0 -1
package/dist/services/batch-delegation.service.d.ts.map +0 -1
package/dist/services/batch-delegation.service.js.map +0 -1
package/dist/services/crypto.service.d.ts.map +0 -1
package/dist/services/crypto.service.js.map +0 -1
package/dist/services/errors.d.ts.map +0 -1
package/dist/services/errors.js.map +0 -1
package/dist/services/index.d.ts.map +0 -1
package/dist/services/index.js.map +0 -1
package/dist/services/oauth-config.service.d.ts.map +0 -1
package/dist/services/oauth-config.service.js.map +0 -1
package/dist/services/oauth-provider-registry.d.ts.map +0 -1
package/dist/services/oauth-provider-registry.js.map +0 -1
package/dist/services/oauth-service.d.ts.map +0 -1
package/dist/services/oauth-service.js.map +0 -1
package/dist/services/oauth-token-retrieval.service.d.ts.map +0 -1
package/dist/services/oauth-token-retrieval.service.js.map +0 -1
package/dist/services/proof-verifier.d.ts.map +0 -1
package/dist/services/proof-verifier.js.map +0 -1
package/dist/services/provider-resolver.d.ts.map +0 -1
package/dist/services/provider-resolver.js.map +0 -1
package/dist/services/provider-validator.d.ts.map +0 -1
package/dist/services/provider-validator.js.map +0 -1
package/dist/services/session-registration.service.d.ts.map +0 -1
package/dist/services/session-registration.service.js.map +0 -1
package/dist/services/storage.service.d.ts.map +0 -1
package/dist/services/storage.service.js.map +0 -1
package/dist/services/tool-context-builder.d.ts.map +0 -1
package/dist/services/tool-context-builder.js.map +0 -1
package/dist/services/tool-protection.service.d.ts.map +0 -1
package/dist/services/tool-protection.service.js.map +0 -1
package/dist/types/oauth-required-error.d.ts.map +0 -1
package/dist/types/oauth-required-error.js.map +0 -1
package/dist/types/tool-protection.d.ts.map +0 -1
package/dist/types/tool-protection.js.map +0 -1
package/dist/utils/base58.d.ts.map +0 -1
package/dist/utils/base58.js.map +0 -1
package/dist/utils/base64.d.ts.map +0 -1
package/dist/utils/base64.js.map +0 -1
package/dist/utils/cors.d.ts.map +0 -1
package/dist/utils/cors.js.map +0 -1
package/dist/utils/did-helpers.d.ts.map +0 -1
package/dist/utils/did-helpers.js.map +0 -1
package/dist/utils/index.d.ts.map +0 -1
package/dist/utils/index.js.map +0 -1
package/dist/utils/storage-keys.d.ts.map +0 -1
package/dist/utils/storage-keys.js.map +0 -1
package/docs/API_REFERENCE.md +0 -1362
package/docs/COMPLIANCE_MATRIX.md +0 -691
package/docs/STATUSLIST2021_GUIDE.md +0 -696
package/docs/W3C_VC_DELEGATION_GUIDE.md +0 -710
package/src/__tests__/cache/tool-protection-cache.test.ts +0 -640
package/src/__tests__/config/provider-runtime-config.test.ts +0 -309
package/src/__tests__/delegation-e2e.test.ts +0 -690
package/src/__tests__/identity/user-did-manager.test.ts +0 -232
package/src/__tests__/index.test.ts +0 -56
package/src/__tests__/integration/full-flow.test.ts +0 -789
package/src/__tests__/integration.test.ts +0 -281
package/src/__tests__/providers/base.test.ts +0 -173
package/src/__tests__/providers/memory.test.ts +0 -319
package/src/__tests__/regression/phase2-regression.test.ts +0 -429
package/src/__tests__/runtime/audit-logger.test.ts +0 -154
package/src/__tests__/runtime/base-extensions.test.ts +0 -595
package/src/__tests__/runtime/base.test.ts +0 -869
package/src/__tests__/runtime/delegation-flow.test.ts +0 -164
package/src/__tests__/runtime/proof-client-did.test.ts +0 -376
package/src/__tests__/runtime/route-interception.test.ts +0 -686
package/src/__tests__/runtime/tool-protection-enforcement.test.ts +0 -908
package/src/__tests__/services/agentshield-integration.test.ts +0 -791
package/src/__tests__/services/cache-busting.test.ts +0 -125
package/src/__tests__/services/oauth-service-pkce.test.ts +0 -556
package/src/__tests__/services/provider-resolver-edge-cases.test.ts +0 -591
package/src/__tests__/services/tool-protection-merged-config.test.ts +0 -485
package/src/__tests__/services/tool-protection-oauth-provider.test.ts +0 -480
package/src/__tests__/services/tool-protection.service.test.ts +0 -1373
package/src/__tests__/utils/mock-providers.ts +0 -340
package/src/cache/oauth-config-cache.d.ts +0 -69
package/src/cache/oauth-config-cache.d.ts.map +0 -1
package/src/cache/oauth-config-cache.js.map +0 -1
package/src/cache/oauth-config-cache.ts +0 -123
package/src/cache/tool-protection-cache.ts +0 -171
package/src/compliance/EXAMPLE.md +0 -412
package/src/compliance/__tests__/schema-verifier.test.ts +0 -797
package/src/compliance/index.ts +0 -8
package/src/compliance/schema-registry.ts +0 -460
package/src/compliance/schema-verifier.ts +0 -708
package/src/config/__tests__/merged-config.spec.ts +0 -445
package/src/config/__tests__/remote-config.spec.ts +0 -268
package/src/config/remote-config.ts +0 -264
package/src/config.ts +0 -312
package/src/delegation/__tests__/audience-validator.test.ts +0 -112
package/src/delegation/__tests__/bitstring.test.ts +0 -346
package/src/delegation/__tests__/cascading-revocation.test.ts +0 -628
package/src/delegation/__tests__/delegation-graph.test.ts +0 -584
package/src/delegation/__tests__/did-key-resolver.test.ts +0 -265
package/src/delegation/__tests__/utils.test.ts +0 -152
package/src/delegation/__tests__/vc-issuer.test.ts +0 -442
package/src/delegation/__tests__/vc-verifier.test.ts +0 -922
package/src/delegation/audience-validator.ts +0 -52
package/src/delegation/bitstring.ts +0 -278
package/src/delegation/cascading-revocation.ts +0 -370
package/src/delegation/delegation-graph.ts +0 -299
package/src/delegation/did-key-resolver.ts +0 -179
package/src/delegation/index.ts +0 -14
package/src/delegation/statuslist-manager.ts +0 -353
package/src/delegation/storage/__tests__/memory-graph-storage.test.ts +0 -366
package/src/delegation/storage/__tests__/memory-statuslist-storage.test.ts +0 -228
package/src/delegation/storage/index.ts +0 -9
package/src/delegation/storage/memory-graph-storage.ts +0 -178
package/src/delegation/storage/memory-statuslist-storage.ts +0 -77
package/src/delegation/utils.ts +0 -221
package/src/delegation/vc-issuer.ts +0 -232
package/src/delegation/vc-verifier.ts +0 -568
package/src/identity/idp-token-resolver.ts +0 -181
package/src/identity/idp-token-storage.interface.ts +0 -94
package/src/identity/user-did-manager.ts +0 -526
package/src/index.ts +0 -310
package/src/providers/base.d.ts +0 -91
package/src/providers/base.d.ts.map +0 -1
package/src/providers/base.js.map +0 -1
package/src/providers/base.ts +0 -96
package/src/providers/memory.ts +0 -142
package/src/runtime/audit-logger.ts +0 -39
package/src/runtime/base.ts +0 -1392
package/src/services/__tests__/access-control.integration.test.ts +0 -443
package/src/services/__tests__/access-control.proof-response-validation.test.ts +0 -578
package/src/services/__tests__/access-control.service.test.ts +0 -970
package/src/services/__tests__/batch-delegation.service.test.ts +0 -351
package/src/services/__tests__/crypto.service.test.ts +0 -531
package/src/services/__tests__/oauth-provider-registry.test.ts +0 -142
package/src/services/__tests__/proof-verifier.integration.test.ts +0 -485
package/src/services/__tests__/proof-verifier.test.ts +0 -489
package/src/services/__tests__/provider-resolution.integration.test.ts +0 -202
package/src/services/__tests__/provider-resolver.test.ts +0 -213
package/src/services/__tests__/storage.service.test.ts +0 -358
package/src/services/access-control.service.ts +0 -990
package/src/services/authorization/authorization-registry.ts +0 -66
package/src/services/authorization/types.ts +0 -71
package/src/services/batch-delegation.service.ts +0 -137
package/src/services/crypto.service.ts +0 -302
package/src/services/errors.ts +0 -76
package/src/services/index.ts +0 -18
package/src/services/oauth-config.service.d.ts +0 -53
package/src/services/oauth-config.service.d.ts.map +0 -1
package/src/services/oauth-config.service.js.map +0 -1
package/src/services/oauth-config.service.ts +0 -192
package/src/services/oauth-provider-registry.d.ts +0 -57
package/src/services/oauth-provider-registry.d.ts.map +0 -1
package/src/services/oauth-provider-registry.js.map +0 -1
package/src/services/oauth-provider-registry.ts +0 -141
package/src/services/oauth-service.ts +0 -544
package/src/services/oauth-token-retrieval.service.ts +0 -245
package/src/services/proof-verifier.ts +0 -478
package/src/services/provider-resolver.d.ts +0 -48
package/src/services/provider-resolver.d.ts.map +0 -1
package/src/services/provider-resolver.js.map +0 -1
package/src/services/provider-resolver.ts +0 -146
package/src/services/provider-validator.ts +0 -170
package/src/services/session-registration.service.ts +0 -251
package/src/services/storage.service.ts +0 -566
package/src/services/tool-context-builder.ts +0 -237
package/src/services/tool-protection.service.ts +0 -1070
package/src/types/oauth-required-error.ts +0 -63
package/src/types/tool-protection.ts +0 -155
package/src/utils/__tests__/did-helpers.test.ts +0 -156
package/src/utils/base58.ts +0 -109
package/src/utils/base64.ts +0 -148
package/src/utils/cors.ts +0 -83
package/src/utils/did-helpers.ts +0 -210
package/src/utils/index.ts +0 -8
package/src/utils/storage-keys.ts +0 -278
package/tsconfig.json +0 -21
package/vitest.config.ts +0 -56

package/src/index.ts DELETED Viewed

@@ -1,310 +0,0 @@
-/**
- * @kya-os/mcp-i-core
- *
- * Core provider-based architecture for MCP-I framework.
- * Platform-agnostic runtime that can be extended for any environment.
- */
-// Base providers
-export {
-  CryptoProvider,
-  ClockProvider,
-  FetchProvider,
-  StorageProvider,
-  NonceCacheProvider,
-  IdentityProvider,
-  type AgentIdentity,
-} from "./providers/base";
-// Memory providers
-export {
-  MemoryStorageProvider,
-  MemoryNonceCacheProvider,
-  MemoryIdentityProvider,
-} from "./providers/memory";
-// Runtime
-export { MCPIRuntimeBase } from "./runtime/base";
-export type { RuntimeWithAccessControl } from "./runtime/base";
-// Audit Logger Interface
-export type { IAuditLogger } from "./runtime/audit-logger";
-// Utilities
-export * from "./utils";
-// Tool Protection
-export { ToolProtectionService } from "./services/tool-protection.service";
-// Crypto Service
-export { CryptoService } from "./services/crypto.service";
-export type { Ed25519JWK, ParsedJWS } from "./services/crypto.service";
-// Proof Verifier Service
-export { ProofVerifier } from "./services/proof-verifier";
-export type {
-  ProofVerificationResult,
-  ProofVerifierConfig,
-} from "./services/proof-verifier";
-// Access Control API Service (stub for Phase 3)
-export { AccessControlApiService } from "./services/access-control.service";
-export type {
-  AccessControlApiServiceConfig,
-  AccessControlApiServiceMetrics,
-} from "./services/access-control.service";
-// Session Registration Service
-export {
-  SessionRegistrationService,
-  createSessionRegistrationService,
-} from "./services/session-registration.service";
-export type {
-  SessionRegistrationServiceConfig,
-  SessionRegistrationResult,
-} from "./services/session-registration.service";
-// OAuth Config Service (Phase 1)
-export { OAuthConfigService } from "./services/oauth-config.service";
-export type { OAuthConfigServiceConfig } from "./services/oauth-config.service";
-// OAuth Service (Phase 1)
-export { OAuthService } from "./services/oauth-service";
-export type { OAuthServiceConfig } from "./services/oauth-service";
-// Tool Context Builder (Phase 1)
-export { ToolContextBuilder } from "./services/tool-context-builder";
-export type { ToolContextBuilderConfig } from "./services/tool-context-builder";
-// OAuth Provider Registry (Phase 2)
-export { OAuthProviderRegistry } from "./services/oauth-provider-registry";
-// Provider Resolver (Phase 2)
-export { ProviderResolver } from "./services/provider-resolver";
-// Provider Validator (Phase 3)
-export { ProviderValidator, ProviderValidationError } from "./services/provider-validator";
-// OAuth Token Retrieval Service (Phase 3)
-export { OAuthTokenRetrievalService } from "./services/oauth-token-retrieval.service";
-export type { OAuthTokenRetrievalServiceConfig } from "./services/oauth-token-retrieval.service";
-// Batch Delegation Service (Phase 2)
-export { BatchDelegationService } from "./services/batch-delegation.service";
-export type { ToolGroup } from "./services/batch-delegation.service";
-// OAuth Config Cache
-export {
-  InMemoryOAuthConfigCache,
-  NoOpOAuthConfigCache,
-} from "./cache/oauth-config-cache";
-export type { OAuthConfigCache } from "./cache/oauth-config-cache";
-// Storage Service Factory
-export {
-  createStorageProviders,
-  StorageKeyHelpers,
-  migrateLegacyKeys,
-} from "./services/storage.service";
-export type {
-  StorageServiceConfig,
-  StorageProviders,
-} from "./services/storage.service";
-// Proof Verification Errors
-export {
-  ProofVerificationError,
-  PROOF_VERIFICATION_ERROR_CODES,
-  createProofVerificationError,
-} from "./services/errors";
-export type { ProofVerificationErrorCode } from "./services/errors";
-export {
-  ToolProtectionCache,
-  InMemoryToolProtectionCache,
-  NoOpToolProtectionCache,
-} from "./cache/tool-protection-cache";
-export type {
-  ToolProtection,
-  ToolProtectionConfig,
-  ToolProtectionServiceConfig,
-} from "./types/tool-protection";
-export { DelegationRequiredError } from "./types/tool-protection";
-export { OAuthRequiredError } from "./types/oauth-required-error";
-export type { OAuthRequiredErrorOptions } from "./types/oauth-required-error";
-// Delegation (W3C VC-based)
-export {
-  DelegationCredentialIssuer,
-  createDelegationIssuer,
-  type IssueDelegationOptions,
-  type VCSigningFunction,
-  type IdentityProvider as DelegationIdentityProvider,
-} from "./delegation/vc-issuer";
-export {
-  DelegationCredentialVerifier,
-  createDelegationVerifier,
-  type DelegationVCVerificationResult,
-  type VerifyDelegationVCOptions,
-  type DIDResolver,
-  type DIDDocument,
-  type VerificationMethod,
-  type StatusListResolver,
-  type SignatureVerificationFunction,
-} from "./delegation/vc-verifier";
-// StatusList2021
-export {
-  StatusList2021Manager,
-  createStatusListManager,
-  type StatusListStorageProvider,
-  type StatusListIdentityProvider,
-} from "./delegation/statuslist-manager";
-export {
-  BitstringManager,
-  isIndexSet,
-  type CompressionFunction,
-  type DecompressionFunction,
-} from "./delegation/bitstring";
-// Delegation Graph & Cascading Revocation
-export {
-  DelegationGraphManager,
-  createDelegationGraph,
-  type DelegationNode,
-  type DelegationGraphStorageProvider,
-} from "./delegation/delegation-graph";
-export {
-  CascadingRevocationManager,
-  createCascadingRevocationManager,
-  type RevocationEvent,
-  type RevocationHook,
-  type CascadingRevocationOptions,
-} from "./delegation/cascading-revocation";
-// Storage Implementations (for testing and examples)
-export { MemoryStatusListStorage } from "./delegation/storage/memory-statuslist-storage";
-export { MemoryDelegationGraphStorage } from "./delegation/storage/memory-graph-storage";
-// DID:key Resolver (Phase 3 VC Verification)
-export {
-  createDidKeyResolver,
-  isEd25519DidKey,
-  extractPublicKeyFromDidKey,
-  publicKeyToJwk,
-  resolveDidKeySync,
-} from "./delegation/did-key-resolver";
-// Base58 Utilities (for did:key encoding/decoding)
-export {
-  base58Encode,
-  base58Decode,
-  isValidBase58,
-} from "./utils/base58";
-// Compliance Verification (with JSON Schema draft-07 support)
-export {
-  SchemaVerifier,
-  createSchemaVerifier,
-  type SchemaMetadata,
-  type FieldComplianceResult,
-  type SchemaComplianceReport,
-  type FullComplianceReport,
-} from "./compliance/schema-verifier";
-export {
-  SCHEMA_REGISTRY,
-  getAllSchemas,
-  getSchemasByCategory,
-  getSchemaById,
-  getCriticalSchemas,
-  getSchemaStats,
-} from "./compliance/schema-registry";
-export {
-  canonicalizeJSON,
-  createUnsignedVCJWT,
-  completeVCJWT,
-  parseVCJWT,
-  type VCJWTHeader,
-  type VCJWTPayload,
-  type EncodeVCAsJWTOptions,
-} from "./delegation/utils";
-// Base64 utilities for VC JWT encoding
-export {
-  base64urlEncodeFromBytes,
-  base64urlEncodeFromString,
-  base64urlDecodeToBytes,
-  base64urlDecodeToString,
-  bytesToBase64,
-} from "./utils/base64";
-// Re-export commonly used types from contracts
-// Note: @kya-os/contracts exports are at the root level
-import type {
-  HandshakeRequest,
-  SessionContext,
-  NonceCache,
-  NonceCacheEntry,
-  NonceCacheConfig,
-  ProofMeta,
-  DetachedProof,
-  CanonicalHashes,
-  AuditRecord,
-} from "@kya-os/contracts";
-export type {
-  HandshakeRequest,
-  SessionContext,
-  NonceCache,
-  NonceCacheEntry,
-  NonceCacheConfig,
-  ProofMeta,
-  DetachedProof,
-  CanonicalHashes,
-  AuditRecord,
-};
-// Configuration types and utilities
-export * from "./config";
-// Remote configuration fetching
-export {
-  fetchRemoteConfig,
-  type RemoteConfigCache,
-  type RemoteConfigOptions,
-} from "./config/remote-config";
-// User DID Manager (Phase 4)
-export { UserDidManager } from "./identity/user-did-manager";
-export type {
-  UserDidStorage,
-  UserDidManagerConfig,
-  UserKeyPair,
-  OAuthIdentity,
-} from "./identity/user-did-manager";
-// IDP Token Resolver (Phase 1 - MH-7, updated for CRED-003)
-export { IdpTokenResolver } from "./identity/idp-token-resolver";
-export type { IdpTokenResolverConfig } from "./identity/idp-token-resolver";
-export type {
-  IIdpTokenStorage,
-  TokenUsageMetadata,
-  IdpTokensWithMetadata,
-} from "./identity/idp-token-storage.interface";

package/src/providers/base.d.ts DELETED Viewed

@@ -1,91 +0,0 @@
-/**
- * Base Provider Classes
- *
- * Abstract classes that define the provider interfaces for
- * platform-specific implementations.
- */
-/**
- * Cryptographic operations provider
- */
-export declare abstract class CryptoProvider {
-    abstract sign(data: Uint8Array, privateKey: string): Promise<Uint8Array>;
-    abstract verify(data: Uint8Array, signature: Uint8Array, publicKey: string): Promise<boolean>;
-    abstract generateKeyPair(): Promise<{
-        privateKey: string;
-        publicKey: string;
-    }>;
-    abstract hash(data: Uint8Array): Promise<Uint8Array>;
-    abstract randomBytes(length: number): Promise<Uint8Array>;
-}
-/**
- * Clock/timing operations provider
- */
-export declare abstract class ClockProvider {
-    abstract now(): number;
-    abstract isWithinSkew(timestamp: number, skewSeconds: number): boolean;
-    abstract hasExpired(expiresAt: number): boolean;
-    abstract calculateExpiry(ttlSeconds: number): number;
-    abstract format(timestamp: number): string;
-}
-/**
- * Network fetch operations provider
- */
-export declare abstract class FetchProvider {
-    abstract resolveDID(did: string): Promise<any>;
-    abstract fetchStatusList(url: string): Promise<any>;
-    abstract fetchDelegationChain(id: string): Promise<any[]>;
-    abstract fetch(url: string, options?: any): Promise<Response>;
-}
-/**
- * Storage operations provider
- */
-export declare abstract class StorageProvider {
-    abstract get(key: string): Promise<string | null>;
-    abstract set(key: string, value: string): Promise<void>;
-    abstract delete(key: string): Promise<void>;
-    abstract exists(key: string): Promise<boolean>;
-    abstract list(prefix?: string): Promise<string[]>;
-}
-/**
- * Nonce cache provider
- * Handles replay prevention
- *
- * Nonces should be scoped per agent to prevent cross-agent replay attacks.
- * When agentDid is provided, implementations should use agent-scoped keys.
- */
-export declare abstract class NonceCacheProvider {
-    /**
-     * Check if a nonce has been used
-     * @param nonce - The nonce to check
-     * @param agentDid - Optional agent DID for scoping (prevents cross-agent replay attacks)
-     */
-    abstract has(nonce: string, agentDid?: string): Promise<boolean>;
-    /**
-     * Add a nonce to the cache
-     * @param nonce - The nonce to cache
-     * @param ttlSeconds - Time to live in seconds (callers now pass TTL, not absolute timestamp)
-     * @param agentDid - Optional agent DID for scoping (prevents cross-agent replay attacks)
-     */
-    abstract add(nonce: string, ttlSeconds: number, agentDid?: string): Promise<void>;
-    abstract cleanup(): Promise<void>;
-    abstract destroy(): Promise<void>;
-}
-/**
- * Identity provider for managing agent identities
- */
-export interface AgentIdentity {
-    did: string;
-    kid: string;
-    privateKey: string;
-    publicKey: string;
-    createdAt: string;
-    type: 'development' | 'production';
-    metadata?: Record<string, any>;
-}
-export declare abstract class IdentityProvider {
-    abstract getIdentity(): Promise<AgentIdentity>;
-    abstract saveIdentity(identity: AgentIdentity): Promise<void>;
-    abstract rotateKeys(): Promise<AgentIdentity>;
-    abstract deleteIdentity(): Promise<void>;
-}
-//# sourceMappingURL=base.d.ts.map

package/src/providers/base.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"base.d.ts","sourceRoot":"","sources":["base.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,8BAAsB,cAAc;IAClC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IACxE,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAC7F,QAAQ,CAAC,eAAe,IAAI,OAAO,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAC9E,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACpD,QAAQ,CAAC,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;CAC1D;AAED;;GAEG;AACH,8BAAsB,aAAa;IACjC,QAAQ,CAAC,GAAG,IAAI,MAAM;IACtB,QAAQ,CAAC,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO;IACtE,QAAQ,CAAC,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAC/C,QAAQ,CAAC,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IACpD,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;CAC3C;AAED;;GAEG;AACH,8BAAsB,aAAa;IACjC,QAAQ,CAAC,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IAC9C,QAAQ,CAAC,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IACnD,QAAQ,CAAC,oBAAoB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IACzD,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC;CAC9D;AAED;;GAEG;AACH,8BAAsB,eAAe;IACnC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IACjD,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IACvD,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAC3C,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAC9C,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;CAClD;AAED;;;;;;GAMG;AACH,8BAAsB,kBAAkB;IACtC;;;;OAIG;IACH,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAEhE;;;;;OAKG;IACH,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAEjF,QAAQ,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IACjC,QAAQ,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,aAAa,GAAG,YAAY,CAAC;IACnC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAChC;AAED,8BAAsB,gBAAgB;IACpC,QAAQ,CAAC,WAAW,IAAI,OAAO,CAAC,aAAa,CAAC;IAC9C,QAAQ,CAAC,YAAY,CAAC,QAAQ,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAC7D,QAAQ,CAAC,UAAU,IAAI,OAAO,CAAC,aAAa,CAAC;IAC7C,QAAQ,CAAC,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC;CACzC"}

package/src/providers/base.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"base.js","sourceRoot":"","sources":["base.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,OAAgB,cAAc;CAMnC;AAED;;GAEG;AACH,MAAM,OAAgB,aAAa;CAMlC;AAED;;GAEG;AACH,MAAM,OAAgB,aAAa;CAKlC;AAED;;GAEG;AACH,MAAM,OAAgB,eAAe;CAMpC;AAED;;;;;;GAMG;AACH,MAAM,OAAgB,kBAAkB;CAkBvC;AAeD,MAAM,OAAgB,gBAAgB;CAKrC"}

package/src/providers/base.ts DELETED Viewed

@@ -1,96 +0,0 @@
-/**
- * Base Provider Classes
- *
- * Abstract classes that define the provider interfaces for
- * platform-specific implementations.
- */
-/**
- * Cryptographic operations provider
- */
-export abstract class CryptoProvider {
-  abstract sign(data: Uint8Array, privateKey: string): Promise<Uint8Array>;
-  abstract verify(data: Uint8Array, signature: Uint8Array, publicKey: string): Promise<boolean>;
-  abstract generateKeyPair(): Promise<{ privateKey: string; publicKey: string }>;
-  abstract hash(data: Uint8Array): Promise<Uint8Array>;
-  abstract randomBytes(length: number): Promise<Uint8Array>;
-}
-/**
- * Clock/timing operations provider
- */
-export abstract class ClockProvider {
-  abstract now(): number;
-  abstract isWithinSkew(timestamp: number, skewSeconds: number): boolean;
-  abstract hasExpired(expiresAt: number): boolean;
-  abstract calculateExpiry(ttlSeconds: number): number;
-  abstract format(timestamp: number): string;
-}
-/**
- * Network fetch operations provider
- */
-export abstract class FetchProvider {
-  abstract resolveDID(did: string): Promise<any>;
-  abstract fetchStatusList(url: string): Promise<any>;
-  abstract fetchDelegationChain(id: string): Promise<any[]>;
-  abstract fetch(url: string, options?: any): Promise<Response>;
-}
-/**
- * Storage operations provider
- */
-export abstract class StorageProvider {
-  abstract get(key: string): Promise<string | null>;
-  abstract set(key: string, value: string): Promise<void>;
-  abstract delete(key: string): Promise<void>;
-  abstract exists(key: string): Promise<boolean>;
-  abstract list(prefix?: string): Promise<string[]>;
-}
-/**
- * Nonce cache provider
- * Handles replay prevention
- *
- * Nonces should be scoped per agent to prevent cross-agent replay attacks.
- * When agentDid is provided, implementations should use agent-scoped keys.
- */
-export abstract class NonceCacheProvider {
-  /**
-   * Check if a nonce has been used
-   * @param nonce - The nonce to check
-   * @param agentDid - Optional agent DID for scoping (prevents cross-agent replay attacks)
-   */
-  abstract has(nonce: string, agentDid?: string): Promise<boolean>;
-  /**
-   * Add a nonce to the cache
-   * @param nonce - The nonce to cache
-   * @param ttlSeconds - Time to live in seconds (callers now pass TTL, not absolute timestamp)
-   * @param agentDid - Optional agent DID for scoping (prevents cross-agent replay attacks)
-   */
-  abstract add(nonce: string, ttlSeconds: number, agentDid?: string): Promise<void>;
-  abstract cleanup(): Promise<void>;
-  abstract destroy(): Promise<void>;
-}
-/**
- * Identity provider for managing agent identities
- */
-export interface AgentIdentity {
-  did: string;
-  kid: string;
-  privateKey: string;
-  publicKey: string;
-  createdAt: string;
-  type: 'development' | 'production';
-  metadata?: Record<string, any>;
-}
-export abstract class IdentityProvider {
-  abstract getIdentity(): Promise<AgentIdentity>;
-  abstract saveIdentity(identity: AgentIdentity): Promise<void>;
-  abstract rotateKeys(): Promise<AgentIdentity>;
-  abstract deleteIdentity(): Promise<void>;
-}

package/src/providers/memory.ts DELETED Viewed

@@ -1,142 +0,0 @@
-/**
- * Memory-based provider implementations
- *
- * Simple in-memory implementations for development and testing.
- */
-import {
-  StorageProvider,
-  NonceCacheProvider,
-  IdentityProvider,
-  AgentIdentity
-} from './base';
-/**
- * In-memory storage provider
- */
-export class MemoryStorageProvider extends StorageProvider {
-  private store: Map<string, string> = new Map();
-  async get(key: string): Promise<string | null> {
-    return this.store.get(key) ?? null;
-  }
-  async set(key: string, value: string): Promise<void> {
-    this.store.set(key, value);
-  }
-  async delete(key: string): Promise<void> {
-    this.store.delete(key);
-  }
-  async exists(key: string): Promise<boolean> {
-    return this.store.has(key);
-  }
-  async list(prefix?: string): Promise<string[]> {
-    const keys = Array.from(this.store.keys());
-    if (prefix) {
-      return keys.filter(k => k.startsWith(prefix));
-    }
-    return keys;
-  }
-}
-/**
- * In-memory nonce cache provider
- */
-export class MemoryNonceCacheProvider extends NonceCacheProvider {
-  private nonces: Map<string, number> = new Map();
-  async has(nonce: string, agentDid?: string): Promise<boolean> {
-    const key = agentDid ? `nonce:${agentDid}:${nonce}` : `nonce:${nonce}`;
-    const expiry = this.nonces.get(key);
-    if (!expiry) return false;
-    if (Date.now() > expiry) {
-      this.nonces.delete(key);
-      return false;
-    }
-    return true;
-  }
-  async add(nonce: string, ttlSeconds: number, agentDid?: string): Promise<void> {
-    const key = agentDid ? `nonce:${agentDid}:${nonce}` : `nonce:${nonce}`;
-    // Convert TTL seconds to absolute expiration timestamp for storage
-    const expiresAt = Date.now() + (ttlSeconds * 1000);
-    this.nonces.set(key, expiresAt);
-  }
-  async cleanup(): Promise<void> {
-    const now = Date.now();
-    for (const [nonce, expiry] of this.nonces) {
-      if (now > expiry) {
-        this.nonces.delete(nonce);
-      }
-    }
-  }
-  async destroy(): Promise<void> {
-    this.nonces.clear();
-  }
-}
-/**
- * In-memory identity provider
- */
-export class MemoryIdentityProvider extends IdentityProvider {
-  private identity?: AgentIdentity;
-  private cryptoProvider: any;
-  constructor(cryptoProvider?: any) {
-    super();
-    this.cryptoProvider = cryptoProvider;
-  }
-  async getIdentity(): Promise<AgentIdentity> {
-    if (!this.identity) {
-      this.identity = await this.generateIdentity();
-    }
-    return this.identity;
-  }
-  async saveIdentity(identity: AgentIdentity): Promise<void> {
-    this.identity = identity;
-  }
-  async rotateKeys(): Promise<AgentIdentity> {
-    this.identity = await this.generateIdentity();
-    return this.identity;
-  }
-  async deleteIdentity(): Promise<void> {
-    this.identity = undefined;
-  }
-  private async generateIdentity(): Promise<AgentIdentity> {
-    if (!this.cryptoProvider) {
-      throw new Error('Crypto provider required for identity generation');
-    }
-    const keyPair = await this.cryptoProvider.generateKeyPair();
-    const did = this.generateDIDFromPublicKey(keyPair.publicKey);
-    return {
-      did,
-      kid: `${did}#key-1`,
-      privateKey: keyPair.privateKey,
-      publicKey: keyPair.publicKey,
-      createdAt: new Date().toISOString(),
-      type: 'development'
-    };
-  }
-  private generateDIDFromPublicKey(publicKey: string): string {
-    // Simplified DID generation
-    const keyHash = Buffer.from(publicKey, 'base64')
-      .toString('base64url')
-      .substring(0, 32);
-    return `did:key:z${keyHash}`;
-  }
-}

package/src/runtime/audit-logger.ts DELETED Viewed

@@ -1,39 +0,0 @@
-/**
- * Audit Logger Interface
- *
- * Platform-agnostic interface for audit logging in the MCP-I framework.
- * Implementations should be provided by platform-specific packages.
- */
-import type { AuditContext, AuditEventContext } from "@kya-os/contracts/audit";
-/**
- * Interface for audit logging implementations
- *
- * This interface is platform-agnostic and can be implemented by:
- * - Node.js implementations (using Node.js crypto)
- * - Cloudflare Workers implementations (using Web Crypto API)
- * - Other platform-specific implementations
- */
-export interface IAuditLogger {
-  /**
-   * Log an audit record (with session deduplication)
-   *
-   * This method logs audit records using the frozen audit.v1 format.
-   * Only the first call per session is logged (deduplication).
-   *
-   * @param context - Audit context with identity, session, hashes, and verification status
-   */
-  logAuditRecord(context: AuditContext): Promise<void>;
-  /**
-   * Log an event (without session deduplication)
-   *
-   * This method logs events using the frozen audit.v1 format.
-   * Unlike logAuditRecord(), this always logs the event, allowing
-   * multiple events per session (e.g., consent events).
-   *
-   * @param context - Event context with eventType, identity, session, and optional eventData
-   */
-  logEvent(context: AuditEventContext): Promise<void>;
-}