@kya-os/mcp-i-core 1.3.23 → 1.3.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/runtime/base.js +32 -18
- package/package.json +2 -2
package/dist/runtime/base.js
CHANGED
|
@@ -469,12 +469,39 @@ class MCPIRuntimeBase {
|
|
|
469
469
|
}
|
|
470
470
|
// ✅ SECURITY: Validate authorization method matches tool requirements
|
|
471
471
|
// This prevents stale delegations from working after tool auth method changes
|
|
472
|
-
//
|
|
473
|
-
//
|
|
474
|
-
// 2. Credential contains authorization data (AgentShield API verifier)
|
|
472
|
+
// NOTE: Authorization validation only applies when credential is present (AgentShield API verifier).
|
|
473
|
+
// KV/Memory verifiers don't return credential data, so we skip auth method validation for them.
|
|
475
474
|
const toolAuth = protection.authorization;
|
|
476
475
|
const delegationAuth = credential?.authorization;
|
|
477
|
-
|
|
476
|
+
// Only validate when:
|
|
477
|
+
// 1. Tool has authorization requirement defined
|
|
478
|
+
// 2. Credential is present (AgentShield API verifier)
|
|
479
|
+
if (toolAuth && credential) {
|
|
480
|
+
// If tool requires authorization but credential doesn't have auth data, reject
|
|
481
|
+
// This prevents bypassing auth checks with incomplete credential data
|
|
482
|
+
if (!delegationAuth) {
|
|
483
|
+
if (this.config.audit?.enabled) {
|
|
484
|
+
console.error("[MCP-I] ❌ Tool requires authorization but credential missing auth data", {
|
|
485
|
+
tool: toolName,
|
|
486
|
+
agentDid: identity.did.slice(0, 20) + "...",
|
|
487
|
+
toolAuth,
|
|
488
|
+
note: "Credential exists but missing authorization metadata - rejecting for security",
|
|
489
|
+
});
|
|
490
|
+
}
|
|
491
|
+
// Throw DelegationRequiredError to force re-authorization
|
|
492
|
+
const interceptedCall = {
|
|
493
|
+
toolName,
|
|
494
|
+
args,
|
|
495
|
+
sessionId: session?.id || "unknown",
|
|
496
|
+
timestamp: this.clock.now(),
|
|
497
|
+
expiresAt: this.clock.calculateExpiry(1800),
|
|
498
|
+
};
|
|
499
|
+
const resumeToken = this.generateResumeToken(interceptedCall);
|
|
500
|
+
const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, protection.oauthProvider);
|
|
501
|
+
this.interceptedCalls.set(resumeToken, interceptedCall);
|
|
502
|
+
this.cleanupExpiredInterceptedCalls();
|
|
503
|
+
throw new tool_protection_js_1.DelegationRequiredError(toolName, protection.requiredScopes, consentUrl, interceptedCall, resumeToken);
|
|
504
|
+
}
|
|
478
505
|
// Both tool and delegation have authorization - compare them
|
|
479
506
|
if (!(0, access_control_service_js_1.authorizationMatches)(delegationAuth, toolAuth)) {
|
|
480
507
|
const authMismatchReason = `Authorization method mismatch: delegation has ${delegationAuth.type}${delegationAuth.provider ? `:${delegationAuth.provider}` : ""}${delegationAuth.credentialType ? `:${delegationAuth.credentialType}` : ""} but tool requires ${toolAuth.type}${toolAuth.provider ? `:${toolAuth.provider}` : ""}${toolAuth.credentialType ? `:${toolAuth.credentialType}` : ""}`;
|
|
@@ -511,20 +538,7 @@ class MCPIRuntimeBase {
|
|
|
511
538
|
});
|
|
512
539
|
}
|
|
513
540
|
}
|
|
514
|
-
|
|
515
|
-
// Tool requires authorization but credential doesn't have auth data
|
|
516
|
-
// This can happen with legacy delegations or incomplete credential data
|
|
517
|
-
if (this.config.audit?.enabled) {
|
|
518
|
-
console.warn("[MCP-I] ⚠️ Tool requires authorization but credential missing auth data", {
|
|
519
|
-
tool: toolName,
|
|
520
|
-
agentDid: identity.did.slice(0, 20) + "...",
|
|
521
|
-
toolAuth,
|
|
522
|
-
note: "Allowing execution - legacy delegation or incomplete data",
|
|
523
|
-
});
|
|
524
|
-
}
|
|
525
|
-
// Allow execution for backward compatibility with legacy delegations
|
|
526
|
-
// New delegations from AgentShield will always have authorization data
|
|
527
|
-
}
|
|
541
|
+
// If credential is missing entirely (KV/Memory verifiers), skip validation for backward compatibility
|
|
528
542
|
// Verification succeeded
|
|
529
543
|
if (this.config.audit?.enabled) {
|
|
530
544
|
console.log("[MCP-I] ✅ Delegation verification SUCCEEDED", {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kya-os/mcp-i-core",
|
|
3
|
-
"version": "1.3.
|
|
3
|
+
"version": "1.3.24",
|
|
4
4
|
"description": "Core runtime and types for MCP-I framework",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -28,7 +28,7 @@
|
|
|
28
28
|
"prepublishOnly": "npm run build && node ../create-mcpi-app/scripts/validate-no-workspace.js"
|
|
29
29
|
},
|
|
30
30
|
"dependencies": {
|
|
31
|
-
"@kya-os/contracts": "^1.6.
|
|
31
|
+
"@kya-os/contracts": "^1.6.17",
|
|
32
32
|
"jose": "^5.6.3",
|
|
33
33
|
"json-canonicalize": "^2.0.0",
|
|
34
34
|
"zod": "^3.25.76"
|