@kya-os/mcp-i-core 1.3.18 → 1.3.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/runtime/base.js +22 -2
  2. package/package.json +1 -1
package/dist/runtime/base.js CHANGED
@@ -393,9 +393,20 @@ class MCPIRuntimeBase {
393
393
  // This ensures delegations are user-specific and prevents user isolation bypass
394
394
  const credential = verificationResult.data.credential;
395
395
  const delegationUserIdentifier = credential?.user_identifier;
396
+ // Also check for user_id field (AgentShield may return DID or ID directly)
397
+ const delegationUserId = credential?.user_id;
396
398
  const sessionUserDid = session?.userDid;
397
399
  if (delegationUserIdentifier && sessionUserDid) {
398
- if (delegationUserIdentifier !== sessionUserDid) {
400
+ // Check if identifiers match (direct match or via user_id field)
401
+ const identifiersMatch = delegationUserIdentifier === sessionUserDid ||
402
+ delegationUserId === sessionUserDid;
403
+ // Special case: If delegationUserIdentifier is NOT a DID (e.g., email),
404
+ // but AgentShield verified the delegation, trust it.
405
+ // AgentShield internally links email → DID, so the verification is valid.
406
+ // Only fail if BOTH are DIDs and they don't match.
407
+ const isDelegationIdentifierDid = delegationUserIdentifier.startsWith("did:");
408
+ const shouldEnforceMatch = isDelegationIdentifierDid || delegationUserId;
409
+ if (shouldEnforceMatch && !identifiersMatch) {
399
410
  // User identifier mismatch - potential security issue
400
411
  const securityError = `Delegation user_identifier mismatch: delegation has "${delegationUserIdentifier.substring(0, 20)}..." but session has "${sessionUserDid.substring(0, 20)}..."`;
401
412
  if (this.config.audit?.enabled) {
@@ -403,6 +414,9 @@ class MCPIRuntimeBase {
403
414
  tool: toolName,
404
415
  agentDid: identity.did.slice(0, 20) + "...",
405
416
  delegationUserIdentifier: delegationUserIdentifier.substring(0, 20) + "...",
417
+ delegationUserId: delegationUserId
418
+ ? delegationUserId.substring(0, 20) + "..."
419
+ : "N/A",
406
420
  sessionUserDid: sessionUserDid.substring(0, 20) + "...",
407
421
  sessionId: session?.id?.substring(0, 20) + "...",
408
422
  reason: "user_identifier_mismatch",
@@ -425,13 +439,19 @@ class MCPIRuntimeBase {
425
439
  this.cleanupExpiredInterceptedCalls();
426
440
  throw new tool_protection_js_1.DelegationRequiredError(toolName, protection.requiredScopes, consentUrl, interceptedCall, resumeToken);
427
441
  }
428
- // User identifier matches - log success for audit
442
+ // User identifier validation passed (direct match or trusted AgentShield verification)
429
443
  if (this.config.audit?.enabled) {
430
444
  console.log("[MCP-I] ✅ User identifier validation PASSED", {
431
445
  tool: toolName,
432
446
  agentDid: identity.did.slice(0, 20) + "...",
433
447
  userDid: sessionUserDid.substring(0, 20) + "...",
434
448
  sessionId: session?.id?.substring(0, 20) + "...",
449
+ matchType: identifiersMatch
450
+ ? "direct"
451
+ : "trusted_agentshield_verification",
452
+ delegationIdentifierFormat: isDelegationIdentifierDid
453
+ ? "did"
454
+ : "email_or_other",
435
455
  });
436
456
  }
437
457
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@kya-os/mcp-i-core",
3
- "version": "1.3.18",
3
+ "version": "1.3.19",
4
4
  "description": "Core runtime and types for MCP-I framework",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",