@kya-os/mcp-i-core 1.3.6 → 1.3.7-canary.clientinfo.20251126041014

package/dist/services/session-registration.service.js

@@ -0,0 +1,228 @@
+"use strict";
+/**
+ * Session Registration Service
+ *
+ * Registers MCP sessions with the AgentShield dashboard, enabling
+ * visibility into which MCP clients are connecting to agents.
+ *
+ * This is a fire-and-forget service - session registration should not
+ * block tool execution or affect the user experience.
+ *
+ * @package @kya-os/mcp-i-core
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionRegistrationService = void 0;
+exports.createSessionRegistrationService = createSessionRegistrationService;
+const agentshield_api_1 = require("@kya-os/contracts/agentshield-api");
+/**
+ * Session Registration Service
+ *
+ * Registers MCP sessions with AgentShield for dashboard visibility.
+ * Designed to be non-blocking - failures are logged but don't throw.
+ */
+class SessionRegistrationService {
+    config;
+    constructor(config) {
+        this.config = {
+            baseUrl: config.baseUrl,
+            apiKey: config.apiKey,
+            fetchProvider: config.fetchProvider,
+            logger: config.logger || (() => { }),
+            timeoutMs: config.timeoutMs ?? 5000,
+        };
+    }
+    /**
+     * Register a session with AgentShield
+     *
+     * This is a fire-and-forget operation. Failures are logged but don't throw.
+     * The method returns quickly and doesn't block the caller.
+     *
+     * @param request - Session registration request data
+     * @returns Result indicating success or failure
+     */
+    async registerSession(request) {
+        const sessionId = request.session_id;
+        try {
+            // Validate request
+            const validationResult = agentshield_api_1.registerSessionRequestSchema.safeParse(request);
+            if (!validationResult.success) {
+                const errorMsg = `Invalid session registration request: ${validationResult.error.message}`;
+                this.config.logger("[SessionRegistration] Validation failed", {
+                    sessionId,
+                    error: errorMsg,
+                });
+                return { success: false, sessionId, error: errorMsg };
+            }
+            const url = `${this.config.baseUrl}${agentshield_api_1.AGENTSHIELD_ENDPOINTS.SESSIONS}`;
+            this.config.logger("[SessionRegistration] Registering session", {
+                sessionId,
+                agentDid: request.agent_did,
+                clientName: request.client_info.name,
+                url,
+            });
+            // ✅ EMPIRICAL PROOF: Prepare request headers with correct auth format
+            const requestHeaders = {
+                "Content-Type": "application/json",
+                "X-AgentShield-Key": this.config.apiKey, // Fixed: Use X-AgentShield-Key instead of Authorization: Bearer
+            };
+            // ✅ EMPIRICAL PROOF: Log exact request details (sanitized for security)
+            const sanitizedHeaders = {
+                ...requestHeaders,
+                "X-AgentShield-Key": `${this.config.apiKey.slice(0, 8)}...${this.config.apiKey.slice(-4)}`, // Show first 8 and last 4 chars
+            };
+            const sanitizedBody = {
+                session_id: request.session_id,
+                agent_did: request.agent_did,
+                project_id: request.project_id,
+                created_at: request.created_at,
+                client_info: request.client_info,
+                client_identity: request.client_identity,
+                server_did: request.server_did,
+                ttl_minutes: request.ttl_minutes,
+            };
+            this.config.logger("[SessionRegistration] 🔍 EMPIRICAL DEBUG - Request details", {
+                url,
+                method: "POST",
+                headers: sanitizedHeaders,
+                headerKeys: Object.keys(requestHeaders),
+                authHeaderPresent: !!requestHeaders["X-AgentShield-Key"],
+                authHeaderName: "X-AgentShield-Key",
+                body: sanitizedBody,
+                bodySize: JSON.stringify(request).length,
+            });
+            // Make the request with timeout
+            const controller = new AbortController();
+            const timeoutId = setTimeout(() => controller.abort(), this.config.timeoutMs);
+            try {
+                const response = await this.config.fetchProvider.fetch(url, {
+                    method: "POST",
+                    headers: requestHeaders,
+                    body: JSON.stringify(request),
+                    signal: controller.signal,
+                });
+                clearTimeout(timeoutId);
+                // ✅ EMPIRICAL PROOF: Capture exact response details
+                const responseHeaders = {};
+                response.headers.forEach((value, key) => {
+                    responseHeaders[key] = value;
+                });
+                const responseText = await response
+                    .text()
+                    .catch(() => "Failed to read response");
+                let responseBody;
+                try {
+                    responseBody = JSON.parse(responseText);
+                }
+                catch {
+                    responseBody = responseText;
+                }
+                // ✅ EMPIRICAL PROOF: Log exact response details
+                this.config.logger("[SessionRegistration] 🔍 EMPIRICAL DEBUG - Response details", {
+                    status: response.status,
+                    statusText: response.statusText,
+                    ok: response.ok,
+                    headers: responseHeaders,
+                    body: responseBody,
+                    bodyLength: responseText.length,
+                    clientName: request.client_info.name,
+                });
+                if (!response.ok) {
+                    // Log error but don't throw - this is fire-and-forget
+                    this.config.logger("[SessionRegistration] Registration failed", {
+                        sessionId,
+                        status: response.status,
+                        error: responseText,
+                        // ✅ EMPIRICAL PROOF: Include full response details
+                        responseHeaders,
+                        responseBody,
+                        clientName: request.client_info.name,
+                    });
+                    return {
+                        success: false,
+                        sessionId,
+                        error: `HTTP ${response.status}: ${responseText}`,
+                    };
+                }
+                // Parse response (using already-captured responseBody)
+                const responseData = responseBody;
+                const parseResult = agentshield_api_1.registerSessionResponseSchema.safeParse(responseData.data ||
+                    responseData);
+                if (!parseResult.success) {
+                    this.config.logger("[SessionRegistration] Invalid response format", {
+                        sessionId,
+                        response: responseData,
+                    });
+                    // Still consider it a success if we got a 200 OK
+                    return { success: true, sessionId };
+                }
+                this.config.logger("[SessionRegistration] Session registered", {
+                    sessionId,
+                    registered: parseResult.data.registered,
+                });
+                return { success: true, sessionId };
+            }
+            finally {
+                clearTimeout(timeoutId);
+            }
+        }
+        catch (error) {
+            // Handle abort/timeout
+            if (error instanceof Error && error.name === "AbortError") {
+                this.config.logger("[SessionRegistration] Request timed out", {
+                    sessionId,
+                    timeoutMs: this.config.timeoutMs,
+                });
+                return { success: false, sessionId, error: "Request timed out" };
+            }
+            // Log any other error
+            const errorMsg = error instanceof Error ? error.message : "Unknown error";
+            this.config.logger("[SessionRegistration] Unexpected error", {
+                sessionId,
+                error: errorMsg,
+            });
+            return { success: false, sessionId, error: errorMsg };
+        }
+    }
+    /**
+     * Fire-and-forget session registration
+     *
+     * Starts registration in the background without waiting for completion.
+     * Useful when you want to register a session but not delay the response.
+     *
+     * @param request - Session registration request data
+     */
+    registerSessionAsync(request) {
+        // Start registration in background - don't await
+        this.registerSession(request).catch((error) => {
+            // This should never happen since registerSession catches all errors,
+            // but just in case
+            this.config.logger("[SessionRegistration] Background registration failed", {
+                sessionId: request.session_id,
+                error: error instanceof Error ? error.message : "Unknown error",
+            });
+        });
+    }
+}
+exports.SessionRegistrationService = SessionRegistrationService;
+/**
+ * Create a session registration service from common runtime config
+ *
+ * Helper function to create the service from typical environment config.
+ */
+function createSessionRegistrationService(options) {
+    // Validate required config
+    if (!options.apiUrl || !options.apiKey) {
+        options.logger?.("[SessionRegistration] Missing required config - session registration disabled", {
+            hasApiUrl: !!options.apiUrl,
+            hasApiKey: !!options.apiKey,
+        });
+        return null;
+    }
+    return new SessionRegistrationService({
+        baseUrl: options.apiUrl,
+        apiKey: options.apiKey,
+        fetchProvider: options.fetchProvider,
+        logger: options.logger,
+    });
+}
+//# sourceMappingURL=session-registration.service.js.map

package/dist/services/session-registration.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-registration.service.js","sourceRoot":"","sources":["../../src/services/session-registration.service.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AA0RH,4EAwBC;AA5SD,uEAI2C;AAmC3C;;;;;GAKG;AACH,MAAa,0BAA0B;IAC7B,MAAM,CAKZ;IAEF,YAAY,MAAwC;QAClD,IAAI,CAAC,MAAM,GAAG;YACZ,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;YACnC,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI;SACpC,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,eAAe,CACnB,OAA+B;QAE/B,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC;QAErC,IAAI,CAAC;YACH,mBAAmB;YACnB,MAAM,gBAAgB,GAAG,8CAA4B,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YACzE,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC;gBAC9B,MAAM,QAAQ,GAAG,yCAAyC,gBAAgB,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;gBAC3F,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,yCAAyC,EAAE;oBAC5D,SAAS;oBACT,KAAK,EAAE,QAAQ;iBAChB,CAAC,CAAC;gBACH,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;YACxD,CAAC;YAED,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,GAAG,uCAAqB,CAAC,QAAQ,EAAE,CAAC;YAEtE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,2CAA2C,EAAE;gBAC9D,SAAS;gBACT,QAAQ,EAAE,OAAO,CAAC,SAAS;gBAC3B,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,IAAI;gBACpC,GAAG;aACJ,CAAC,CAAC;YAEH,sEAAsE;YACtE,MAAM,cAAc,GAAG;gBACrB,cAAc,EAAE,kBAAkB;gBAClC,mBAAmB,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,gEAAgE;aAC1G,CAAC;YAEF,wEAAwE;YACxE,MAAM,gBAAgB,GAAG;gBACvB,GAAG,cAAc;gBACjB,mBAAmB,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,gCAAgC;aAC7H,CAAC;YAEF,MAAM,aAAa,GAAG;gBACpB,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC;YAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAChB,4DAA4D,EAC5D;gBACE,GAAG;gBACH,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,gBAAgB;gBACzB,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC;gBACvC,iBAAiB,EAAE,CAAC,CAAC,cAAc,CAAC,mBAAmB,CAAC;gBACxD,cAAc,EAAE,mBAAmB;gBACnC,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,MAAM;aACzC,CACF,CAAC;YAEF,gCAAgC;YAChC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,SAAS,GAAG,UAAU,CAC1B,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EACxB,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;YAEF,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,EAAE;oBAC1D,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,cAAc;oBACvB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;oBAC7B,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B,CAAC,CAAC;gBAEH,YAAY,CAAC,SAAS,CAAC,CAAC;gBAExB,oDAAoD;gBACpD,MAAM,eAAe,GAA2B,EAAE,CAAC;gBACnD,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;oBACtC,eAAe,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;gBAC/B,CAAC,CAAC,CAAC;gBAEH,MAAM,YAAY,GAAG,MAAM,QAAQ;qBAChC,IAAI,EAAE;qBACN,KAAK,CAAC,GAAG,EAAE,CAAC,yBAAyB,CAAC,CAAC;gBAC1C,IAAI,YAAqB,CAAC;gBAC1B,IAAI,CAAC;oBACH,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;gBAC1C,CAAC;gBAAC,MAAM,CAAC;oBACP,YAAY,GAAG,YAAY,CAAC;gBAC9B,CAAC;gBAED,gDAAgD;gBAChD,IAAI,CAAC,MAAM,CAAC,MAAM,CAChB,6DAA6D,EAC7D;oBACE,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;oBAC/B,EAAE,EAAE,QAAQ,CAAC,EAAE;oBACf,OAAO,EAAE,eAAe;oBACxB,IAAI,EAAE,YAAY;oBAClB,UAAU,EAAE,YAAY,CAAC,MAAM;oBAC/B,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,IAAI;iBACrC,CACF,CAAC;gBAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;oBACjB,sDAAsD;oBACtD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,2CAA2C,EAAE;wBAC9D,SAAS;wBACT,MAAM,EAAE,QAAQ,CAAC,MAAM;wBACvB,KAAK,EAAE,YAAY;wBACnB,mDAAmD;wBACnD,eAAe;wBACf,YAAY;wBACZ,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,IAAI;qBACrC,CAAC,CAAC;oBACH,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,SAAS;wBACT,KAAK,EAAE,QAAQ,QAAQ,CAAC,MAAM,KAAK,YAAY,EAAE;qBAClD,CAAC;gBACJ,CAAC;gBAED,uDAAuD;gBACvD,MAAM,YAAY,GAAG,YAEM,CAAC;gBAC5B,MAAM,WAAW,GAAG,+CAA6B,CAAC,SAAS,CACxD,YAAmD,CAAC,IAAI;oBACvD,YAAY,CACf,CAAC;gBAEF,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;oBACzB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,+CAA+C,EAAE;wBAClE,SAAS;wBACT,QAAQ,EAAE,YAAY;qBACvB,CAAC,CAAC;oBACH,iDAAiD;oBACjD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;gBACtC,CAAC;gBAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,0CAA0C,EAAE;oBAC7D,SAAS;oBACT,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,UAAU;iBACxC,CAAC,CAAC;gBAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;YACtC,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,SAAS,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,uBAAuB;YACvB,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC1D,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,yCAAyC,EAAE;oBAC5D,SAAS;oBACT,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;iBACjC,CAAC,CAAC;gBACH,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;YACnE,CAAC;YAED,sBAAsB;YACtB,MAAM,QAAQ,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC1E,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,wCAAwC,EAAE;gBAC3D,SAAS;gBACT,KAAK,EAAE,QAAQ;aAChB,CAAC,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,oBAAoB,CAAC,OAA+B;QAClD,iDAAiD;QACjD,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YAC5C,qEAAqE;YACrE,mBAAmB;YACnB,IAAI,CAAC,MAAM,CAAC,MAAM,CAChB,sDAAsD,EACtD;gBACE,SAAS,EAAE,OAAO,CAAC,UAAU;gBAC7B,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;aAChE,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAhOD,gEAgOC;AAED;;;;GAIG;AACH,SAAgB,gCAAgC,CAAC,OAKhD;IACC,2BAA2B;IAC3B,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QACvC,OAAO,CAAC,MAAM,EAAE,CACd,+EAA+E,EAC/E;YACE,SAAS,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM;YAC3B,SAAS,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM;SAC5B,CACF,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,IAAI,0BAA0B,CAAC;QACpC,OAAO,EAAE,OAAO,CAAC,MAAM;QACvB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC,CAAC;AACL,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kya-os/mcp-i-core",
-  "version": "1.3.6",
+  "version": "1.3.7-canary.clientinfo.20251126041014",
   "description": "Core runtime and types for MCP-I framework",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/index.ts

@@ -56,6 +56,17 @@ export type {
   AccessControlApiServiceMetrics,
 } from "./services/access-control.service";
 
+// Session Registration Service
+export {
+  SessionRegistrationService,
+  createSessionRegistrationService,
+} from "./services/session-registration.service";
+
+export type {
+  SessionRegistrationServiceConfig,
+  SessionRegistrationResult,
+} from "./services/session-registration.service";
+
 // OAuth Config Service (Phase 1)
 export { OAuthConfigService } from "./services/oauth-config.service";
 

package/src/services/index.ts

@@ -7,3 +7,12 @@ export type {
   AccessControlApiServiceMetrics,
 } from './access-control.service.js';
 
+export {
+  SessionRegistrationService,
+  createSessionRegistrationService,
+} from './session-registration.service.js';
+export type {
+  SessionRegistrationServiceConfig,
+  SessionRegistrationResult,
+} from './session-registration.service.js';
+

package/src/services/session-registration.service.ts

@@ -0,0 +1,317 @@
+/**
+ * Session Registration Service
+ *
+ * Registers MCP sessions with the AgentShield dashboard, enabling
+ * visibility into which MCP clients are connecting to agents.
+ *
+ * This is a fire-and-forget service - session registration should not
+ * block tool execution or affect the user experience.
+ *
+ * @package @kya-os/mcp-i-core
+ */
+
+import type {
+  RegisterSessionRequest,
+  RegisterSessionResponse,
+} from "@kya-os/contracts/agentshield-api";
+import {
+  registerSessionRequestSchema,
+  registerSessionResponseSchema,
+  AGENTSHIELD_ENDPOINTS,
+} from "@kya-os/contracts/agentshield-api";
+import type { FetchProvider } from "../providers/base.js";
+
+/**
+ * Configuration for the session registration service
+ */
+export interface SessionRegistrationServiceConfig {
+  /** Base URL for the AgentShield API (e.g., "https://kya.vouched.id") */
+  baseUrl: string;
+
+  /** API key for authentication */
+  apiKey: string;
+
+  /** Fetch provider for making HTTP requests (platform-agnostic) */
+  fetchProvider: FetchProvider;
+
+  /** Optional logger callback for diagnostics */
+  logger?: (message: string, data?: unknown) => void;
+
+  /** Timeout in milliseconds for the registration request (default: 5000) */
+  timeoutMs?: number;
+}
+
+/**
+ * Result of a session registration attempt
+ */
+export interface SessionRegistrationResult {
+  /** Whether registration was successful */
+  success: boolean;
+  /** Session ID that was registered */
+  sessionId: string;
+  /** Error message if registration failed */
+  error?: string;
+}
+
+/**
+ * Session Registration Service
+ *
+ * Registers MCP sessions with AgentShield for dashboard visibility.
+ * Designed to be non-blocking - failures are logged but don't throw.
+ */
+export class SessionRegistrationService {
+  private config: Required<
+    Omit<SessionRegistrationServiceConfig, "logger" | "timeoutMs">
+  > & {
+    logger: NonNullable<SessionRegistrationServiceConfig["logger"]>;
+    timeoutMs: number;
+  };
+
+  constructor(config: SessionRegistrationServiceConfig) {
+    this.config = {
+      baseUrl: config.baseUrl,
+      apiKey: config.apiKey,
+      fetchProvider: config.fetchProvider,
+      logger: config.logger || (() => {}),
+      timeoutMs: config.timeoutMs ?? 5000,
+    };
+  }
+
+  /**
+   * Register a session with AgentShield
+   *
+   * This is a fire-and-forget operation. Failures are logged but don't throw.
+   * The method returns quickly and doesn't block the caller.
+   *
+   * @param request - Session registration request data
+   * @returns Result indicating success or failure
+   */
+  async registerSession(
+    request: RegisterSessionRequest
+  ): Promise<SessionRegistrationResult> {
+    const sessionId = request.session_id;
+
+    try {
+      // Validate request
+      const validationResult = registerSessionRequestSchema.safeParse(request);
+      if (!validationResult.success) {
+        const errorMsg = `Invalid session registration request: ${validationResult.error.message}`;
+        this.config.logger("[SessionRegistration] Validation failed", {
+          sessionId,
+          error: errorMsg,
+        });
+        return { success: false, sessionId, error: errorMsg };
+      }
+
+      const url = `${this.config.baseUrl}${AGENTSHIELD_ENDPOINTS.SESSIONS}`;
+
+      this.config.logger("[SessionRegistration] Registering session", {
+        sessionId,
+        agentDid: request.agent_did,
+        clientName: request.client_info.name,
+        url,
+      });
+
+      // ✅ EMPIRICAL PROOF: Prepare request headers with correct auth format
+      const requestHeaders = {
+        "Content-Type": "application/json",
+        "X-AgentShield-Key": this.config.apiKey, // Fixed: Use X-AgentShield-Key instead of Authorization: Bearer
+      };
+
+      // ✅ EMPIRICAL PROOF: Log exact request details (sanitized for security)
+      const sanitizedHeaders = {
+        ...requestHeaders,
+        "X-AgentShield-Key": `${this.config.apiKey.slice(0, 8)}...${this.config.apiKey.slice(-4)}`, // Show first 8 and last 4 chars
+      };
+
+      const sanitizedBody = {
+        session_id: request.session_id,
+        agent_did: request.agent_did,
+        project_id: request.project_id,
+        created_at: request.created_at,
+        client_info: request.client_info,
+        client_identity: request.client_identity,
+        server_did: request.server_did,
+        ttl_minutes: request.ttl_minutes,
+      };
+
+      this.config.logger(
+        "[SessionRegistration] 🔍 EMPIRICAL DEBUG - Request details",
+        {
+          url,
+          method: "POST",
+          headers: sanitizedHeaders,
+          headerKeys: Object.keys(requestHeaders),
+          authHeaderPresent: !!requestHeaders["X-AgentShield-Key"],
+          authHeaderName: "X-AgentShield-Key",
+          body: sanitizedBody,
+          bodySize: JSON.stringify(request).length,
+        }
+      );
+
+      // Make the request with timeout
+      const controller = new AbortController();
+      const timeoutId = setTimeout(
+        () => controller.abort(),
+        this.config.timeoutMs
+      );
+
+      try {
+        const response = await this.config.fetchProvider.fetch(url, {
+          method: "POST",
+          headers: requestHeaders,
+          body: JSON.stringify(request),
+          signal: controller.signal,
+        });
+
+        clearTimeout(timeoutId);
+
+        // ✅ EMPIRICAL PROOF: Capture exact response details
+        const responseHeaders: Record<string, string> = {};
+        response.headers.forEach((value, key) => {
+          responseHeaders[key] = value;
+        });
+
+        const responseText = await response
+          .text()
+          .catch(() => "Failed to read response");
+        let responseBody: unknown;
+        try {
+          responseBody = JSON.parse(responseText);
+        } catch {
+          responseBody = responseText;
+        }
+
+        // ✅ EMPIRICAL PROOF: Log exact response details
+        this.config.logger(
+          "[SessionRegistration] 🔍 EMPIRICAL DEBUG - Response details",
+          {
+            status: response.status,
+            statusText: response.statusText,
+            ok: response.ok,
+            headers: responseHeaders,
+            body: responseBody,
+            bodyLength: responseText.length,
+            clientName: request.client_info.name,
+          }
+        );
+
+        if (!response.ok) {
+          // Log error but don't throw - this is fire-and-forget
+          this.config.logger("[SessionRegistration] Registration failed", {
+            sessionId,
+            status: response.status,
+            error: responseText,
+            // ✅ EMPIRICAL PROOF: Include full response details
+            responseHeaders,
+            responseBody,
+            clientName: request.client_info.name,
+          });
+          return {
+            success: false,
+            sessionId,
+            error: `HTTP ${response.status}: ${responseText}`,
+          };
+        }
+
+        // Parse response (using already-captured responseBody)
+        const responseData = responseBody as
+          | { data?: RegisterSessionResponse }
+          | RegisterSessionResponse;
+        const parseResult = registerSessionResponseSchema.safeParse(
+          (responseData as { data?: RegisterSessionResponse }).data ||
+            responseData
+        );
+
+        if (!parseResult.success) {
+          this.config.logger("[SessionRegistration] Invalid response format", {
+            sessionId,
+            response: responseData,
+          });
+          // Still consider it a success if we got a 200 OK
+          return { success: true, sessionId };
+        }
+
+        this.config.logger("[SessionRegistration] Session registered", {
+          sessionId,
+          registered: parseResult.data.registered,
+        });
+
+        return { success: true, sessionId };
+      } finally {
+        clearTimeout(timeoutId);
+      }
+    } catch (error) {
+      // Handle abort/timeout
+      if (error instanceof Error && error.name === "AbortError") {
+        this.config.logger("[SessionRegistration] Request timed out", {
+          sessionId,
+          timeoutMs: this.config.timeoutMs,
+        });
+        return { success: false, sessionId, error: "Request timed out" };
+      }
+
+      // Log any other error
+      const errorMsg = error instanceof Error ? error.message : "Unknown error";
+      this.config.logger("[SessionRegistration] Unexpected error", {
+        sessionId,
+        error: errorMsg,
+      });
+      return { success: false, sessionId, error: errorMsg };
+    }
+  }
+
+  /**
+   * Fire-and-forget session registration
+   *
+   * Starts registration in the background without waiting for completion.
+   * Useful when you want to register a session but not delay the response.
+   *
+   * @param request - Session registration request data
+   */
+  registerSessionAsync(request: RegisterSessionRequest): void {
+    // Start registration in background - don't await
+    this.registerSession(request).catch((error) => {
+      // This should never happen since registerSession catches all errors,
+      // but just in case
+      this.config.logger(
+        "[SessionRegistration] Background registration failed",
+        {
+          sessionId: request.session_id,
+          error: error instanceof Error ? error.message : "Unknown error",
+        }
+      );
+    });
+  }
+}
+
+/**
+ * Create a session registration service from common runtime config
+ *
+ * Helper function to create the service from typical environment config.
+ */
+export function createSessionRegistrationService(options: {
+  apiUrl: string;
+  apiKey: string;
+  fetchProvider: FetchProvider;
+  logger?: (message: string, data?: unknown) => void;
+}): SessionRegistrationService | null {
+  // Validate required config
+  if (!options.apiUrl || !options.apiKey) {
+    options.logger?.(
+      "[SessionRegistration] Missing required config - session registration disabled",
+      {
+        hasApiUrl: !!options.apiUrl,
+        hasApiKey: !!options.apiKey,
+      }
+    );
+    return null;
+  }
+
+  return new SessionRegistrationService({
+    baseUrl: options.apiUrl,
+    apiKey: options.apiKey,
+    fetchProvider: options.fetchProvider,
+    logger: options.logger,
+  });
+}

package/.claude/settings.local.json

@@ -1,9 +0,0 @@
-{
-  "permissions": {
-    "allow": [
-      "Read(//Users/dylanhobbs/Documents/@kya-os/xmcp-i/packages/contracts/**)"
-    ],
-    "deny": [],
-    "ask": []
-  }
-}