@kya-os/mcp-i-core 1.3.7-canary.0 → 1.3.7-canary.clientinfo.20251126041014
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build.log +4 -0
- package/.turbo/turbo-test$colon$coverage.log +4239 -0
- package/.turbo/turbo-test.log +2973 -0
- package/COMPLIANCE_IMPROVEMENT_REPORT.md +483 -0
- package/Composer 3.md +615 -0
- package/GPT-5.md +1169 -0
- package/OPUS-plan.md +352 -0
- package/PHASE_3_AND_4.1_SUMMARY.md +585 -0
- package/PHASE_3_SUMMARY.md +317 -0
- package/PHASE_4.1.3_SUMMARY.md +428 -0
- package/PHASE_4.1_COMPLETE.md +525 -0
- package/PHASE_4_USER_DID_IDENTITY_LINKING_PLAN.md +1240 -0
- package/SCHEMA_COMPLIANCE_REPORT.md +275 -0
- package/TEST_PLAN.md +571 -0
- package/coverage/coverage-final.json +57 -0
- package/dist/__tests__/utils/mock-providers.d.ts +1 -2
- package/dist/__tests__/utils/mock-providers.d.ts.map +1 -1
- package/dist/__tests__/utils/mock-providers.js.map +1 -1
- package/dist/cache/oauth-config-cache.d.ts +69 -0
- package/dist/cache/oauth-config-cache.d.ts.map +1 -0
- package/dist/cache/oauth-config-cache.js +76 -0
- package/dist/cache/oauth-config-cache.js.map +1 -0
- package/dist/identity/idp-token-resolver.d.ts +53 -0
- package/dist/identity/idp-token-resolver.d.ts.map +1 -0
- package/dist/identity/idp-token-resolver.js +108 -0
- package/dist/identity/idp-token-resolver.js.map +1 -0
- package/dist/identity/idp-token-storage.interface.d.ts +42 -0
- package/dist/identity/idp-token-storage.interface.d.ts.map +1 -0
- package/dist/identity/idp-token-storage.interface.js +12 -0
- package/dist/identity/idp-token-storage.interface.js.map +1 -0
- package/dist/identity/user-did-manager.d.ts +39 -1
- package/dist/identity/user-did-manager.d.ts.map +1 -1
- package/dist/identity/user-did-manager.js +69 -3
- package/dist/identity/user-did-manager.js.map +1 -1
- package/dist/index.d.ts +24 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +43 -1
- package/dist/index.js.map +1 -1
- package/dist/runtime/audit-logger.d.ts +37 -0
- package/dist/runtime/audit-logger.d.ts.map +1 -0
- package/dist/runtime/audit-logger.js +9 -0
- package/dist/runtime/audit-logger.js.map +1 -0
- package/dist/runtime/base.d.ts +19 -2
- package/dist/runtime/base.d.ts.map +1 -1
- package/dist/runtime/base.js +227 -11
- package/dist/runtime/base.js.map +1 -1
- package/dist/services/access-control.service.d.ts.map +1 -1
- package/dist/services/access-control.service.js +199 -15
- package/dist/services/access-control.service.js.map +1 -1
- package/dist/services/authorization/authorization-registry.d.ts +29 -0
- package/dist/services/authorization/authorization-registry.d.ts.map +1 -0
- package/dist/services/authorization/authorization-registry.js +57 -0
- package/dist/services/authorization/authorization-registry.js.map +1 -0
- package/dist/services/authorization/types.d.ts +53 -0
- package/dist/services/authorization/types.d.ts.map +1 -0
- package/dist/services/authorization/types.js +10 -0
- package/dist/services/authorization/types.js.map +1 -0
- package/dist/services/batch-delegation.service.d.ts +53 -0
- package/dist/services/batch-delegation.service.d.ts.map +1 -0
- package/dist/services/batch-delegation.service.js +95 -0
- package/dist/services/batch-delegation.service.js.map +1 -0
- package/dist/services/index.d.ts +2 -0
- package/dist/services/index.d.ts.map +1 -1
- package/dist/services/index.js +4 -1
- package/dist/services/index.js.map +1 -1
- package/dist/services/oauth-config.service.d.ts +53 -0
- package/dist/services/oauth-config.service.d.ts.map +1 -0
- package/dist/services/oauth-config.service.js +141 -0
- package/dist/services/oauth-config.service.js.map +1 -0
- package/dist/services/oauth-provider-registry.d.ts +88 -0
- package/dist/services/oauth-provider-registry.d.ts.map +1 -0
- package/dist/services/oauth-provider-registry.js +128 -0
- package/dist/services/oauth-provider-registry.js.map +1 -0
- package/dist/services/oauth-service.d.ts +77 -0
- package/dist/services/oauth-service.d.ts.map +1 -0
- package/dist/services/oauth-service.js +373 -0
- package/dist/services/oauth-service.js.map +1 -0
- package/dist/services/oauth-token-retrieval.service.d.ts +49 -0
- package/dist/services/oauth-token-retrieval.service.d.ts.map +1 -0
- package/dist/services/oauth-token-retrieval.service.js +150 -0
- package/dist/services/oauth-token-retrieval.service.js.map +1 -0
- package/dist/services/provider-resolver.d.ts +48 -0
- package/dist/services/provider-resolver.d.ts.map +1 -0
- package/dist/services/provider-resolver.js +121 -0
- package/dist/services/provider-resolver.js.map +1 -0
- package/dist/services/provider-validator.d.ts +55 -0
- package/dist/services/provider-validator.d.ts.map +1 -0
- package/dist/services/provider-validator.js +135 -0
- package/dist/services/provider-validator.js.map +1 -0
- package/dist/services/session-registration.service.d.ts +80 -0
- package/dist/services/session-registration.service.d.ts.map +1 -0
- package/dist/services/session-registration.service.js +228 -0
- package/dist/services/session-registration.service.js.map +1 -0
- package/dist/services/tool-context-builder.d.ts +57 -0
- package/dist/services/tool-context-builder.d.ts.map +1 -0
- package/dist/services/tool-context-builder.js +125 -0
- package/dist/services/tool-context-builder.js.map +1 -0
- package/dist/services/tool-protection.service.d.ts +27 -0
- package/dist/services/tool-protection.service.d.ts.map +1 -1
- package/dist/services/tool-protection.service.js +194 -4
- package/dist/services/tool-protection.service.js.map +1 -1
- package/dist/types/oauth-required-error.d.ts +40 -0
- package/dist/types/oauth-required-error.d.ts.map +1 -0
- package/dist/types/oauth-required-error.js +40 -0
- package/dist/types/oauth-required-error.js.map +1 -0
- package/dist/utils/did-helpers.d.ts +33 -0
- package/dist/utils/did-helpers.d.ts.map +1 -1
- package/dist/utils/did-helpers.js +40 -0
- package/dist/utils/did-helpers.js.map +1 -1
- package/dist/utils/index.d.ts +1 -0
- package/dist/utils/index.d.ts.map +1 -1
- package/dist/utils/index.js +1 -0
- package/dist/utils/index.js.map +1 -1
- package/docs/API_REFERENCE.md +1362 -0
- package/docs/COMPLIANCE_MATRIX.md +691 -0
- package/docs/STATUSLIST2021_GUIDE.md +696 -0
- package/docs/W3C_VC_DELEGATION_GUIDE.md +710 -0
- package/package.json +23 -54
- package/scripts/audit-compliance.ts +724 -0
- package/src/__tests__/cache/tool-protection-cache.test.ts +640 -0
- package/src/__tests__/config/provider-runtime-config.test.ts +309 -0
- package/src/__tests__/delegation-e2e.test.ts +690 -0
- package/src/__tests__/identity/user-did-manager.test.ts +213 -0
- package/src/__tests__/index.test.ts +56 -0
- package/src/__tests__/integration/full-flow.test.ts +776 -0
- package/src/__tests__/integration.test.ts +281 -0
- package/src/__tests__/providers/base.test.ts +173 -0
- package/src/__tests__/providers/memory.test.ts +319 -0
- package/src/__tests__/regression/phase2-regression.test.ts +429 -0
- package/src/__tests__/runtime/audit-logger.test.ts +154 -0
- package/src/__tests__/runtime/base-extensions.test.ts +593 -0
- package/src/__tests__/runtime/base.test.ts +869 -0
- package/src/__tests__/runtime/delegation-flow.test.ts +164 -0
- package/src/__tests__/runtime/proof-client-did.test.ts +375 -0
- package/src/__tests__/runtime/route-interception.test.ts +686 -0
- package/src/__tests__/runtime/tool-protection-enforcement.test.ts +908 -0
- package/src/__tests__/services/agentshield-integration.test.ts +784 -0
- package/src/__tests__/services/cache-busting.test.ts +125 -0
- package/src/__tests__/services/oauth-service-pkce.test.ts +556 -0
- package/src/__tests__/services/provider-resolver-edge-cases.test.ts +591 -0
- package/src/__tests__/services/tool-protection-oauth-provider.test.ts +480 -0
- package/src/__tests__/services/tool-protection.service.test.ts +1366 -0
- package/src/__tests__/utils/mock-providers.ts +340 -0
- package/src/cache/oauth-config-cache.d.ts +69 -0
- package/src/cache/oauth-config-cache.d.ts.map +1 -0
- package/src/cache/oauth-config-cache.js.map +1 -0
- package/src/cache/oauth-config-cache.ts +123 -0
- package/src/cache/tool-protection-cache.ts +171 -0
- package/src/compliance/EXAMPLE.md +412 -0
- package/src/compliance/__tests__/schema-verifier.test.ts +797 -0
- package/src/compliance/index.ts +8 -0
- package/src/compliance/schema-registry.ts +460 -0
- package/src/compliance/schema-verifier.ts +708 -0
- package/src/config/__tests__/remote-config.spec.ts +268 -0
- package/src/config/remote-config.ts +174 -0
- package/src/config.ts +309 -0
- package/src/delegation/__tests__/audience-validator.test.ts +112 -0
- package/src/delegation/__tests__/bitstring.test.ts +346 -0
- package/src/delegation/__tests__/cascading-revocation.test.ts +628 -0
- package/src/delegation/__tests__/delegation-graph.test.ts +584 -0
- package/src/delegation/__tests__/utils.test.ts +152 -0
- package/src/delegation/__tests__/vc-issuer.test.ts +442 -0
- package/src/delegation/__tests__/vc-verifier.test.ts +922 -0
- package/src/delegation/audience-validator.ts +52 -0
- package/src/delegation/bitstring.ts +278 -0
- package/src/delegation/cascading-revocation.ts +370 -0
- package/src/delegation/delegation-graph.ts +299 -0
- package/src/delegation/index.ts +14 -0
- package/src/delegation/statuslist-manager.ts +353 -0
- package/src/delegation/storage/__tests__/memory-graph-storage.test.ts +366 -0
- package/src/delegation/storage/__tests__/memory-statuslist-storage.test.ts +228 -0
- package/src/delegation/storage/index.ts +9 -0
- package/src/delegation/storage/memory-graph-storage.ts +178 -0
- package/src/delegation/storage/memory-statuslist-storage.ts +77 -0
- package/src/delegation/utils.ts +42 -0
- package/src/delegation/vc-issuer.ts +232 -0
- package/src/delegation/vc-verifier.ts +568 -0
- package/src/identity/idp-token-resolver.ts +147 -0
- package/src/identity/idp-token-storage.interface.ts +59 -0
- package/src/identity/user-did-manager.ts +370 -0
- package/src/index.ts +271 -0
- package/src/providers/base.d.ts +91 -0
- package/src/providers/base.d.ts.map +1 -0
- package/src/providers/base.js.map +1 -0
- package/src/providers/base.ts +96 -0
- package/src/providers/memory.ts +142 -0
- package/src/runtime/audit-logger.ts +39 -0
- package/src/runtime/base.ts +1329 -0
- package/src/services/__tests__/access-control.integration.test.ts +443 -0
- package/src/services/__tests__/access-control.proof-response-validation.test.ts +578 -0
- package/src/services/__tests__/access-control.service.test.ts +970 -0
- package/src/services/__tests__/batch-delegation.service.test.ts +351 -0
- package/src/services/__tests__/crypto.service.test.ts +531 -0
- package/src/services/__tests__/oauth-provider-registry.test.ts +142 -0
- package/src/services/__tests__/proof-verifier.integration.test.ts +485 -0
- package/src/services/__tests__/proof-verifier.test.ts +489 -0
- package/src/services/__tests__/provider-resolution.integration.test.ts +202 -0
- package/src/services/__tests__/provider-resolver.test.ts +213 -0
- package/src/services/__tests__/storage.service.test.ts +358 -0
- package/src/services/access-control.service.ts +990 -0
- package/src/services/authorization/authorization-registry.ts +66 -0
- package/src/services/authorization/types.ts +71 -0
- package/src/services/batch-delegation.service.ts +137 -0
- package/src/services/crypto.service.ts +302 -0
- package/src/services/errors.ts +76 -0
- package/src/services/index.ts +18 -0
- package/src/services/oauth-config.service.d.ts +53 -0
- package/src/services/oauth-config.service.d.ts.map +1 -0
- package/src/services/oauth-config.service.js.map +1 -0
- package/src/services/oauth-config.service.ts +192 -0
- package/src/services/oauth-provider-registry.d.ts +57 -0
- package/src/services/oauth-provider-registry.d.ts.map +1 -0
- package/src/services/oauth-provider-registry.js.map +1 -0
- package/src/services/oauth-provider-registry.ts +141 -0
- package/src/services/oauth-service.ts +544 -0
- package/src/services/oauth-token-retrieval.service.ts +245 -0
- package/src/services/proof-verifier.ts +478 -0
- package/src/services/provider-resolver.d.ts +48 -0
- package/src/services/provider-resolver.d.ts.map +1 -0
- package/src/services/provider-resolver.js.map +1 -0
- package/src/services/provider-resolver.ts +146 -0
- package/src/services/provider-validator.ts +170 -0
- package/src/services/session-registration.service.ts +317 -0
- package/src/services/storage.service.ts +566 -0
- package/src/services/tool-context-builder.ts +172 -0
- package/src/services/tool-protection.service.ts +982 -0
- package/src/types/oauth-required-error.ts +63 -0
- package/src/types/tool-protection.ts +155 -0
- package/src/utils/__tests__/did-helpers.test.ts +101 -0
- package/src/utils/base64.ts +148 -0
- package/src/utils/cors.ts +83 -0
- package/src/utils/did-helpers.ts +150 -0
- package/src/utils/index.ts +8 -0
- package/src/utils/storage-keys.ts +278 -0
- package/tsconfig.json +21 -0
- package/vitest.config.ts +56 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user-did-manager.js","sourceRoot":"","sources":["../../src/identity/user-did-manager.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;
|
|
1
|
+
{"version":3,"file":"user-did-manager.js","sourceRoot":"","sources":["../../src/identity/user-did-manager.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAuFH;;;;;GAKG;AACH,MAAa,cAAc;IACjB,MAAM,CAAuB;IAC7B,eAAe,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEpD,YAAY,MAA4B;QACtC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,KAAK,CAAC,kBAAkB,CAAC,SAAiB,EAAE,aAAoC;QAC9E,oBAAoB;QACpB,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC;QAC9C,CAAC;QAED,gFAAgF;QAChF,IAAI,aAAa,IAAI,aAAa,CAAC,QAAQ,IAAI,aAAa,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC;YACxG,IAAI,CAAC;gBACH,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAC5D,aAAa,CAAC,QAAQ,EACtB,aAAa,CAAC,OAAO,CACtB,CAAC;gBACF,IAAI,iBAAiB,EAAE,CAAC;oBACtB,OAAO,CAAC,GAAG,CAAC,gEAAgE,EAAE;wBAC5E,QAAQ,EAAE,aAAa,CAAC,QAAQ;wBAChC,OAAO,EAAE,iBAAiB,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;qBACpD,CAAC,CAAC;oBACH,4BAA4B;oBAC5B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;oBACvD,0DAA0D;oBAC1D,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;wBACxB,IAAI,CAAC;4BACH,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,iBAAiB,EAAE,IAAI,CAAC,CAAC,CAAC,iBAAiB;wBACtF,CAAC;wBAAC,OAAO,KAAK,EAAE,CAAC;4BACf,wDAAwD;4BACxD,OAAO,CAAC,IAAI,CAAC,qEAAqE,EAAE,KAAK,CAAC,CAAC;wBAC7F,CAAC;oBACH,CAAC;oBACD,OAAO,iBAAiB,CAAC;gBAC3B,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,oEAAoE;gBACpE,OAAO,CAAC,IAAI,CAAC,wEAAwE,EAAE,KAAK,CAAC,CAAC;YAChG,CAAC;QACH,CAAC;QAED,iDAAiD;QACjD,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACxB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;gBAC3D,IAAI,SAAS,EAAE,CAAC;oBACd,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;oBAC/C,6EAA6E;oBAC7E,IAAI,aAAa,IAAI,aAAa,CAAC,QAAQ,IAAI,aAAa,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;wBACvG,IAAI,CAAC;4BACH,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAClC,aAAa,CAAC,QAAQ,EACtB,aAAa,CAAC,OAAO,EACrB,SAAS,EACT,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,qCAAqC;6BACxD,CAAC;4BACF,OAAO,CAAC,GAAG,CAAC,0EAA0E,EAAE;gCACtF,QAAQ,EAAE,aAAa,CAAC,QAAQ;gCAChC,OAAO,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;6BAC5C,CAAC,CAAC;wBACL,CAAC;wBAAC,OAAO,KAAK,EAAE,CAAC;4BACf,qEAAqE;4BACrE,OAAO,CAAC,IAAI,CAAC,kDAAkD,EAAE,KAAK,CAAC,CAAC;wBAC1E,CAAC;oBACH,CAAC;oBACD,OAAO,SAAS,CAAC;gBACnB,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,2CAA2C;gBAC3C,OAAO,CAAC,IAAI,CAAC,0DAA0D,EAAE,KAAK,CAAC,CAAC;YAClF,CAAC;QACH,CAAC;QAED,oCAAoC;QACpC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAE7C,WAAW;QACX,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAE7C,mCAAmC;QACnC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACxB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,iBAAiB;YAC5E,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,wDAAwD;gBACxD,OAAO,CAAC,IAAI,CAAC,kEAAkE,EAAE,KAAK,CAAC,CAAC;YAC1F,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,IAAI,aAAa,IAAI,aAAa,CAAC,QAAQ,IAAI,aAAa,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC;YACxG,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAClC,aAAa,CAAC,QAAQ,EACtB,aAAa,CAAC,OAAO,EACrB,OAAO,EACP,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,qCAAqC;iBACxD,CAAC;gBACF,OAAO,CAAC,GAAG,CAAC,qEAAqE,EAAE;oBACjF,QAAQ,EAAE,aAAa,CAAC,QAAQ;oBAChC,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;iBAC1C,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,qEAAqE;gBACrE,OAAO,CAAC,IAAI,CAAC,kDAAkD,EAAE,KAAK,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,eAAe;QAC3B,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YACvD,+CAA+C;YAC/C,gCAAgC;YAChC,+CAA+C;YAC/C,OAAO,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;QAC9E,CAAC;QAED,wCAAwC;QACxC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;QAE3D,kDAAkD;QAClD,MAAM,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAE7D,mCAAmC;QACnC,OAAO,IAAI,CAAC,2BAA2B,CAAC,cAAc,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;OAKG;IACK,2BAA2B,CAAC,cAA0B;QAC5D,wCAAwC;QACxC,MAAM,gBAAgB,GAAG,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;QAEtD,8BAA8B;QAC9B,MAAM,aAAa,GAAG,IAAI,UAAU,CAAC,gBAAgB,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACtF,aAAa,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QACpC,aAAa,CAAC,GAAG,CAAC,cAAc,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAE3D,gDAAgD;QAChD,sDAAsD;QACtD,MAAM,aAAa,GAAG,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QAEvD,0CAA0C;QAC1C,OAAO,YAAY,aAAa,EAAE,CAAC;IACrC,CAAC;IAED;;;OAGG;IACK,YAAY,CAAC,KAAiB;QACpC,MAAM,QAAQ,GAAG,4DAA4D,CAAC;QAC9E,IAAI,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QAEpB,+BAA+B;QAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7C,CAAC;QAED,oBAAoB;QACpB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,OAAO,GAAG,GAAG,CAAC,EAAE,CAAC;YACf,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC;YACrD,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;QACzB,CAAC;QAED,oBAAoB;QACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YACxD,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC;QACxB,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,MAAc;QAClC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,sBAAsB;YACtB,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QACvD,CAAC;aAAM,CAAC;YACN,8BAA8B;YAC9B,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;YAClC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAClD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC7C,KAAK,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YACxC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,SAAiB;QAChC,cAAc;QACd,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC;QAC9C,CAAC;QAED,gBAAgB;QAChB,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACxB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAC3D,IAAI,SAAS,EAAE,CAAC;gBACd,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;gBAC/C,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,SAAiB;QAClC,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEvC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACxB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC9C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,8CAA8C;gBAC9C,OAAO,CAAC,IAAI,CAAC,qDAAqD,EAAE,KAAK,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,UAAU;QACR,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;IAC/B,CAAC;CACF;AA3QD,wCA2QC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -8,6 +8,7 @@ export { CryptoProvider, ClockProvider, FetchProvider, StorageProvider, NonceCac
|
|
|
8
8
|
export { MemoryStorageProvider, MemoryNonceCacheProvider, MemoryIdentityProvider, } from "./providers/memory";
|
|
9
9
|
export { MCPIRuntimeBase } from "./runtime/base";
|
|
10
10
|
export type { RuntimeWithAccessControl } from "./runtime/base";
|
|
11
|
+
export type { IAuditLogger } from "./runtime/audit-logger";
|
|
11
12
|
export * from "./utils";
|
|
12
13
|
export { ToolProtectionService } from "./services/tool-protection.service";
|
|
13
14
|
export { CryptoService } from "./services/crypto.service";
|
|
@@ -16,6 +17,23 @@ export { ProofVerifier } from "./services/proof-verifier";
|
|
|
16
17
|
export type { ProofVerificationResult, ProofVerifierConfig, } from "./services/proof-verifier";
|
|
17
18
|
export { AccessControlApiService } from "./services/access-control.service";
|
|
18
19
|
export type { AccessControlApiServiceConfig, AccessControlApiServiceMetrics, } from "./services/access-control.service";
|
|
20
|
+
export { SessionRegistrationService, createSessionRegistrationService, } from "./services/session-registration.service";
|
|
21
|
+
export type { SessionRegistrationServiceConfig, SessionRegistrationResult, } from "./services/session-registration.service";
|
|
22
|
+
export { OAuthConfigService } from "./services/oauth-config.service";
|
|
23
|
+
export type { OAuthConfigServiceConfig } from "./services/oauth-config.service";
|
|
24
|
+
export { OAuthService } from "./services/oauth-service";
|
|
25
|
+
export type { OAuthServiceConfig } from "./services/oauth-service";
|
|
26
|
+
export { ToolContextBuilder } from "./services/tool-context-builder";
|
|
27
|
+
export type { ToolContextBuilderConfig } from "./services/tool-context-builder";
|
|
28
|
+
export { OAuthProviderRegistry } from "./services/oauth-provider-registry";
|
|
29
|
+
export { ProviderResolver } from "./services/provider-resolver";
|
|
30
|
+
export { ProviderValidator, ProviderValidationError } from "./services/provider-validator";
|
|
31
|
+
export { OAuthTokenRetrievalService } from "./services/oauth-token-retrieval.service";
|
|
32
|
+
export type { OAuthTokenRetrievalServiceConfig } from "./services/oauth-token-retrieval.service";
|
|
33
|
+
export { BatchDelegationService } from "./services/batch-delegation.service";
|
|
34
|
+
export type { ToolGroup } from "./services/batch-delegation.service";
|
|
35
|
+
export { InMemoryOAuthConfigCache, NoOpOAuthConfigCache, } from "./cache/oauth-config-cache";
|
|
36
|
+
export type { OAuthConfigCache } from "./cache/oauth-config-cache";
|
|
19
37
|
export { createStorageProviders, StorageKeyHelpers, migrateLegacyKeys, } from "./services/storage.service";
|
|
20
38
|
export type { StorageServiceConfig, StorageProviders, } from "./services/storage.service";
|
|
21
39
|
export { ProofVerificationError, PROOF_VERIFICATION_ERROR_CODES, createProofVerificationError, } from "./services/errors";
|
|
@@ -23,6 +41,8 @@ export type { ProofVerificationErrorCode } from "./services/errors";
|
|
|
23
41
|
export { ToolProtectionCache, InMemoryToolProtectionCache, NoOpToolProtectionCache, } from "./cache/tool-protection-cache";
|
|
24
42
|
export type { ToolProtection, ToolProtectionConfig, ToolProtectionServiceConfig, } from "./types/tool-protection";
|
|
25
43
|
export { DelegationRequiredError } from "./types/tool-protection";
|
|
44
|
+
export { OAuthRequiredError } from "./types/oauth-required-error";
|
|
45
|
+
export type { OAuthRequiredErrorOptions } from "./types/oauth-required-error";
|
|
26
46
|
export { DelegationCredentialIssuer, createDelegationIssuer, type IssueDelegationOptions, type VCSigningFunction, type IdentityProvider as DelegationIdentityProvider, } from "./delegation/vc-issuer";
|
|
27
47
|
export { DelegationCredentialVerifier, createDelegationVerifier, type DelegationVCVerificationResult, type VerifyDelegationVCOptions, type DIDResolver, type DIDDocument, type VerificationMethod, type StatusListResolver, type SignatureVerificationFunction, } from "./delegation/vc-verifier";
|
|
28
48
|
export { StatusList2021Manager, createStatusListManager, type StatusListStorageProvider, type StatusListIdentityProvider, } from "./delegation/statuslist-manager";
|
|
@@ -37,6 +57,10 @@ export { canonicalizeJSON } from "./delegation/utils";
|
|
|
37
57
|
import type { HandshakeRequest, SessionContext, NonceCache, NonceCacheEntry, NonceCacheConfig, ProofMeta, DetachedProof, CanonicalHashes, AuditRecord } from "@kya-os/contracts";
|
|
38
58
|
export type { HandshakeRequest, SessionContext, NonceCache, NonceCacheEntry, NonceCacheConfig, ProofMeta, DetachedProof, CanonicalHashes, AuditRecord, };
|
|
39
59
|
export * from "./config";
|
|
60
|
+
export { fetchRemoteConfig, type RemoteConfigCache, type RemoteConfigOptions, } from "./config/remote-config";
|
|
40
61
|
export { UserDidManager } from "./identity/user-did-manager";
|
|
41
62
|
export type { UserDidStorage, UserDidManagerConfig, } from "./identity/user-did-manager";
|
|
63
|
+
export { IdpTokenResolver } from "./identity/idp-token-resolver";
|
|
64
|
+
export type { IdpTokenResolverConfig } from "./identity/idp-token-resolver";
|
|
65
|
+
export type { IIdpTokenStorage } from "./identity/idp-token-storage.interface";
|
|
42
66
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EACL,cAAc,EACd,aAAa,EACb,aAAa,EACb,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,KAAK,aAAa,GACnB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,YAAY,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAG/D,cAAc,SAAS,CAAC;AAExB,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAG3E,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE1D,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAGvE,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE1D,YAAY,EACV,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,uBAAuB,EAAE,MAAM,mCAAmC,CAAC;AAE5E,YAAY,EACV,6BAA6B,EAC7B,8BAA8B,GAC/B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EACL,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,4BAA4B,CAAC;AAEpC,YAAY,EACV,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EACL,sBAAsB,EACtB,8BAA8B,EAC9B,4BAA4B,GAC7B,MAAM,mBAAmB,CAAC;AAE3B,YAAY,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAEpE,OAAO,EACL,mBAAmB,EACnB,2BAA2B,EAC3B,uBAAuB,GACxB,MAAM,+BAA+B,CAAC;AAEvC,YAAY,EACV,cAAc,EACd,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EACL,cAAc,EACd,aAAa,EACb,aAAa,EACb,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,KAAK,aAAa,GACnB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,YAAY,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAG/D,YAAY,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAG3D,cAAc,SAAS,CAAC;AAExB,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAG3E,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE1D,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAGvE,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE1D,YAAY,EACV,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,uBAAuB,EAAE,MAAM,mCAAmC,CAAC;AAE5E,YAAY,EACV,6BAA6B,EAC7B,8BAA8B,GAC/B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EACL,0BAA0B,EAC1B,gCAAgC,GACjC,MAAM,yCAAyC,CAAC;AAEjD,YAAY,EACV,gCAAgC,EAChC,yBAAyB,GAC1B,MAAM,yCAAyC,CAAC;AAGjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AAErE,YAAY,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAGhF,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD,YAAY,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAGnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AAErE,YAAY,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAGhF,OAAO,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAG3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAGhE,OAAO,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,+BAA+B,CAAC;AAG3F,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AACtF,YAAY,EAAE,gCAAgC,EAAE,MAAM,0CAA0C,CAAC;AAGjG,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,YAAY,EAAE,SAAS,EAAE,MAAM,qCAAqC,CAAC;AAGrE,OAAO,EACL,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,4BAA4B,CAAC;AAEpC,YAAY,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAGnE,OAAO,EACL,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,4BAA4B,CAAC;AAEpC,YAAY,EACV,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EACL,sBAAsB,EACtB,8BAA8B,EAC9B,4BAA4B,GAC7B,MAAM,mBAAmB,CAAC;AAE3B,YAAY,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAEpE,OAAO,EACL,mBAAmB,EACnB,2BAA2B,EAC3B,uBAAuB,GACxB,MAAM,+BAA+B,CAAC;AAEvC,YAAY,EACV,cAAc,EACd,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAClE,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,YAAY,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAC;AAG9E,OAAO,EACL,0BAA0B,EAC1B,sBAAsB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,IAAI,0BAA0B,GACpD,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,4BAA4B,EAC5B,wBAAwB,EACxB,KAAK,8BAA8B,EACnC,KAAK,yBAAyB,EAC9B,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,6BAA6B,GACnC,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,qBAAqB,EACrB,uBAAuB,EACvB,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,GAChC,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EACL,gBAAgB,EAChB,UAAU,EACV,KAAK,mBAAmB,EACxB,KAAK,qBAAqB,GAC3B,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,KAAK,cAAc,EACnB,KAAK,8BAA8B,GACpC,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EACL,0BAA0B,EAC1B,gCAAgC,EAChC,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,0BAA0B,GAChC,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAAE,uBAAuB,EAAE,MAAM,gDAAgD,CAAC;AAEzF,OAAO,EAAE,4BAA4B,EAAE,MAAM,2CAA2C,CAAC;AAGzF,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,KAAK,cAAc,EACnB,KAAK,qBAAqB,EAC1B,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,GAC1B,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EACL,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,aAAa,EACb,kBAAkB,EAClB,cAAc,GACf,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAItD,OAAO,KAAK,EACV,gBAAgB,EAChB,cAAc,EACd,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,SAAS,EACT,aAAa,EACb,eAAe,EACf,WAAW,EACZ,MAAM,mBAAmB,CAAC;AAE3B,YAAY,EACV,gBAAgB,EAChB,cAAc,EACd,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,SAAS,EACT,aAAa,EACb,eAAe,EACf,WAAW,GACZ,CAAC;AAGF,cAAc,UAAU,CAAC;AAGzB,OAAO,EACL,iBAAiB,EACjB,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,GACzB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,YAAY,EACV,cAAc,EACd,oBAAoB,GACrB,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,YAAY,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAC5E,YAAY,EAAE,gBAAgB,EAAE,MAAM,wCAAwC,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -20,7 +20,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
20
20
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
21
21
|
};
|
|
22
22
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
23
|
-
exports.
|
|
23
|
+
exports.MemoryStatusListStorage = exports.createCascadingRevocationManager = exports.CascadingRevocationManager = exports.createDelegationGraph = exports.DelegationGraphManager = exports.isIndexSet = exports.BitstringManager = exports.createStatusListManager = exports.StatusList2021Manager = exports.createDelegationVerifier = exports.DelegationCredentialVerifier = exports.createDelegationIssuer = exports.DelegationCredentialIssuer = exports.OAuthRequiredError = exports.DelegationRequiredError = exports.NoOpToolProtectionCache = exports.InMemoryToolProtectionCache = exports.createProofVerificationError = exports.PROOF_VERIFICATION_ERROR_CODES = exports.ProofVerificationError = exports.migrateLegacyKeys = exports.StorageKeyHelpers = exports.createStorageProviders = exports.NoOpOAuthConfigCache = exports.InMemoryOAuthConfigCache = exports.BatchDelegationService = exports.OAuthTokenRetrievalService = exports.ProviderValidationError = exports.ProviderValidator = exports.ProviderResolver = exports.OAuthProviderRegistry = exports.ToolContextBuilder = exports.OAuthService = exports.OAuthConfigService = exports.createSessionRegistrationService = exports.SessionRegistrationService = exports.AccessControlApiService = exports.ProofVerifier = exports.CryptoService = exports.ToolProtectionService = exports.MCPIRuntimeBase = exports.MemoryIdentityProvider = exports.MemoryNonceCacheProvider = exports.MemoryStorageProvider = exports.IdentityProvider = exports.NonceCacheProvider = exports.StorageProvider = exports.FetchProvider = exports.ClockProvider = exports.CryptoProvider = void 0;
|
|
24
|
+
exports.IdpTokenResolver = exports.UserDidManager = exports.fetchRemoteConfig = exports.canonicalizeJSON = exports.getSchemaStats = exports.getCriticalSchemas = exports.getSchemaById = exports.getSchemasByCategory = exports.getAllSchemas = exports.SCHEMA_REGISTRY = exports.createSchemaVerifier = exports.SchemaVerifier = exports.MemoryDelegationGraphStorage = void 0;
|
|
24
25
|
// Base providers
|
|
25
26
|
var base_1 = require("./providers/base");
|
|
26
27
|
Object.defineProperty(exports, "CryptoProvider", { enumerable: true, get: function () { return base_1.CryptoProvider; } });
|
|
@@ -51,6 +52,39 @@ Object.defineProperty(exports, "ProofVerifier", { enumerable: true, get: functio
|
|
|
51
52
|
// Access Control API Service (stub for Phase 3)
|
|
52
53
|
var access_control_service_1 = require("./services/access-control.service");
|
|
53
54
|
Object.defineProperty(exports, "AccessControlApiService", { enumerable: true, get: function () { return access_control_service_1.AccessControlApiService; } });
|
|
55
|
+
// Session Registration Service
|
|
56
|
+
var session_registration_service_1 = require("./services/session-registration.service");
|
|
57
|
+
Object.defineProperty(exports, "SessionRegistrationService", { enumerable: true, get: function () { return session_registration_service_1.SessionRegistrationService; } });
|
|
58
|
+
Object.defineProperty(exports, "createSessionRegistrationService", { enumerable: true, get: function () { return session_registration_service_1.createSessionRegistrationService; } });
|
|
59
|
+
// OAuth Config Service (Phase 1)
|
|
60
|
+
var oauth_config_service_1 = require("./services/oauth-config.service");
|
|
61
|
+
Object.defineProperty(exports, "OAuthConfigService", { enumerable: true, get: function () { return oauth_config_service_1.OAuthConfigService; } });
|
|
62
|
+
// OAuth Service (Phase 1)
|
|
63
|
+
var oauth_service_1 = require("./services/oauth-service");
|
|
64
|
+
Object.defineProperty(exports, "OAuthService", { enumerable: true, get: function () { return oauth_service_1.OAuthService; } });
|
|
65
|
+
// Tool Context Builder (Phase 1)
|
|
66
|
+
var tool_context_builder_1 = require("./services/tool-context-builder");
|
|
67
|
+
Object.defineProperty(exports, "ToolContextBuilder", { enumerable: true, get: function () { return tool_context_builder_1.ToolContextBuilder; } });
|
|
68
|
+
// OAuth Provider Registry (Phase 2)
|
|
69
|
+
var oauth_provider_registry_1 = require("./services/oauth-provider-registry");
|
|
70
|
+
Object.defineProperty(exports, "OAuthProviderRegistry", { enumerable: true, get: function () { return oauth_provider_registry_1.OAuthProviderRegistry; } });
|
|
71
|
+
// Provider Resolver (Phase 2)
|
|
72
|
+
var provider_resolver_1 = require("./services/provider-resolver");
|
|
73
|
+
Object.defineProperty(exports, "ProviderResolver", { enumerable: true, get: function () { return provider_resolver_1.ProviderResolver; } });
|
|
74
|
+
// Provider Validator (Phase 3)
|
|
75
|
+
var provider_validator_1 = require("./services/provider-validator");
|
|
76
|
+
Object.defineProperty(exports, "ProviderValidator", { enumerable: true, get: function () { return provider_validator_1.ProviderValidator; } });
|
|
77
|
+
Object.defineProperty(exports, "ProviderValidationError", { enumerable: true, get: function () { return provider_validator_1.ProviderValidationError; } });
|
|
78
|
+
// OAuth Token Retrieval Service (Phase 3)
|
|
79
|
+
var oauth_token_retrieval_service_1 = require("./services/oauth-token-retrieval.service");
|
|
80
|
+
Object.defineProperty(exports, "OAuthTokenRetrievalService", { enumerable: true, get: function () { return oauth_token_retrieval_service_1.OAuthTokenRetrievalService; } });
|
|
81
|
+
// Batch Delegation Service (Phase 2)
|
|
82
|
+
var batch_delegation_service_1 = require("./services/batch-delegation.service");
|
|
83
|
+
Object.defineProperty(exports, "BatchDelegationService", { enumerable: true, get: function () { return batch_delegation_service_1.BatchDelegationService; } });
|
|
84
|
+
// OAuth Config Cache
|
|
85
|
+
var oauth_config_cache_1 = require("./cache/oauth-config-cache");
|
|
86
|
+
Object.defineProperty(exports, "InMemoryOAuthConfigCache", { enumerable: true, get: function () { return oauth_config_cache_1.InMemoryOAuthConfigCache; } });
|
|
87
|
+
Object.defineProperty(exports, "NoOpOAuthConfigCache", { enumerable: true, get: function () { return oauth_config_cache_1.NoOpOAuthConfigCache; } });
|
|
54
88
|
// Storage Service Factory
|
|
55
89
|
var storage_service_1 = require("./services/storage.service");
|
|
56
90
|
Object.defineProperty(exports, "createStorageProviders", { enumerable: true, get: function () { return storage_service_1.createStorageProviders; } });
|
|
@@ -66,6 +100,8 @@ Object.defineProperty(exports, "InMemoryToolProtectionCache", { enumerable: true
|
|
|
66
100
|
Object.defineProperty(exports, "NoOpToolProtectionCache", { enumerable: true, get: function () { return tool_protection_cache_1.NoOpToolProtectionCache; } });
|
|
67
101
|
var tool_protection_1 = require("./types/tool-protection");
|
|
68
102
|
Object.defineProperty(exports, "DelegationRequiredError", { enumerable: true, get: function () { return tool_protection_1.DelegationRequiredError; } });
|
|
103
|
+
var oauth_required_error_1 = require("./types/oauth-required-error");
|
|
104
|
+
Object.defineProperty(exports, "OAuthRequiredError", { enumerable: true, get: function () { return oauth_required_error_1.OAuthRequiredError; } });
|
|
69
105
|
// Delegation (W3C VC-based)
|
|
70
106
|
var vc_issuer_1 = require("./delegation/vc-issuer");
|
|
71
107
|
Object.defineProperty(exports, "DelegationCredentialIssuer", { enumerable: true, get: function () { return vc_issuer_1.DelegationCredentialIssuer; } });
|
|
@@ -107,7 +143,13 @@ var utils_1 = require("./delegation/utils");
|
|
|
107
143
|
Object.defineProperty(exports, "canonicalizeJSON", { enumerable: true, get: function () { return utils_1.canonicalizeJSON; } });
|
|
108
144
|
// Configuration types and utilities
|
|
109
145
|
__exportStar(require("./config"), exports);
|
|
146
|
+
// Remote configuration fetching
|
|
147
|
+
var remote_config_1 = require("./config/remote-config");
|
|
148
|
+
Object.defineProperty(exports, "fetchRemoteConfig", { enumerable: true, get: function () { return remote_config_1.fetchRemoteConfig; } });
|
|
110
149
|
// User DID Manager (Phase 4)
|
|
111
150
|
var user_did_manager_1 = require("./identity/user-did-manager");
|
|
112
151
|
Object.defineProperty(exports, "UserDidManager", { enumerable: true, get: function () { return user_did_manager_1.UserDidManager; } });
|
|
152
|
+
// IDP Token Resolver (Phase 1 - MH-7)
|
|
153
|
+
var idp_token_resolver_1 = require("./identity/idp-token-resolver");
|
|
154
|
+
Object.defineProperty(exports, "IdpTokenResolver", { enumerable: true, get: function () { return idp_token_resolver_1.IdpTokenResolver; } });
|
|
113
155
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;AAEH,iBAAiB;AACjB,yCAQ0B;AAPxB,sGAAA,cAAc,OAAA;AACd,qGAAA,aAAa,OAAA;AACb,qGAAA,aAAa,OAAA;AACb,uGAAA,eAAe,OAAA;AACf,0GAAA,kBAAkB,OAAA;AAClB,wGAAA,gBAAgB,OAAA;AAIlB,mBAAmB;AACnB,6CAI4B;AAH1B,+GAAA,qBAAqB,OAAA;AACrB,kHAAA,wBAAwB,OAAA;AACxB,gHAAA,sBAAsB,OAAA;AAGxB,UAAU;AACV,uCAAiD;AAAxC,uGAAA,eAAe,OAAA;AAMxB,YAAY;AACZ,0CAAwB;AACxB,kBAAkB;AAClB,8EAA2E;AAAlE,gIAAA,qBAAqB,OAAA;AAE9B,iBAAiB;AACjB,4DAA0D;AAAjD,+GAAA,aAAa,OAAA;AAItB,yBAAyB;AACzB,4DAA0D;AAAjD,+GAAA,aAAa,OAAA;AAOtB,gDAAgD;AAChD,4EAA4E;AAAnE,iIAAA,uBAAuB,OAAA;AAOhC,+BAA+B;AAC/B,wFAGiD;AAF/C,0IAAA,0BAA0B,OAAA;AAC1B,gJAAA,gCAAgC,OAAA;AAQlC,iCAAiC;AACjC,wEAAqE;AAA5D,0HAAA,kBAAkB,OAAA;AAI3B,0BAA0B;AAC1B,0DAAwD;AAA/C,6GAAA,YAAY,OAAA;AAIrB,iCAAiC;AACjC,wEAAqE;AAA5D,0HAAA,kBAAkB,OAAA;AAI3B,oCAAoC;AACpC,8EAA2E;AAAlE,gIAAA,qBAAqB,OAAA;AAE9B,8BAA8B;AAC9B,kEAAgE;AAAvD,qHAAA,gBAAgB,OAAA;AAEzB,+BAA+B;AAC/B,oEAA2F;AAAlF,uHAAA,iBAAiB,OAAA;AAAE,6HAAA,uBAAuB,OAAA;AAEnD,0CAA0C;AAC1C,0FAAsF;AAA7E,2IAAA,0BAA0B,OAAA;AAGnC,qCAAqC;AACrC,gFAA6E;AAApE,kIAAA,sBAAsB,OAAA;AAG/B,qBAAqB;AACrB,iEAGoC;AAFlC,8HAAA,wBAAwB,OAAA;AACxB,0HAAA,oBAAoB,OAAA;AAKtB,0BAA0B;AAC1B,8DAIoC;AAHlC,yHAAA,sBAAsB,OAAA;AACtB,oHAAA,iBAAiB,OAAA;AACjB,oHAAA,iBAAiB,OAAA;AAQnB,4BAA4B;AAC5B,4CAI2B;AAHzB,gHAAA,sBAAsB,OAAA;AACtB,wHAAA,8BAA8B,OAAA;AAC9B,sHAAA,4BAA4B,OAAA;AAK9B,uEAIuC;AAFrC,oIAAA,2BAA2B,OAAA;AAC3B,gIAAA,uBAAuB,OAAA;AASzB,2DAAkE;AAAzD,0HAAA,uBAAuB,OAAA;AAChC,qEAAkE;AAAzD,0HAAA,kBAAkB,OAAA;AAG3B,4BAA4B;AAC5B,oDAMgC;AAL9B,uHAAA,0BAA0B,OAAA;AAC1B,mHAAA,sBAAsB,OAAA;AAMxB,wDAUkC;AAThC,2HAAA,4BAA4B,OAAA;AAC5B,uHAAA,wBAAwB,OAAA;AAU1B,iBAAiB;AACjB,sEAKyC;AAJvC,2HAAA,qBAAqB,OAAA;AACrB,6HAAA,uBAAuB,OAAA;AAKzB,oDAKgC;AAJ9B,6GAAA,gBAAgB,OAAA;AAChB,uGAAA,UAAU,OAAA;AAKZ,0CAA0C;AAC1C,kEAKuC;AAJrC,0HAAA,sBAAsB,OAAA;AACtB,yHAAA,qBAAqB,OAAA;AAKvB,0EAM2C;AALzC,kIAAA,0BAA0B,OAAA;AAC1B,wIAAA,gCAAgC,OAAA;AAMlC,qDAAqD;AACrD,4FAAyF;AAAhF,oIAAA,uBAAuB,OAAA;AAEhC,kFAAyF;AAAhF,oIAAA,4BAA4B,OAAA;AAErC,8DAA8D;AAC9D,gEAOsC;AANpC,iHAAA,cAAc,OAAA;AACd,uHAAA,oBAAoB,OAAA;AAOtB,gEAOsC;AANpC,kHAAA,eAAe,OAAA;AACf,gHAAA,aAAa,OAAA;AACb,uHAAA,oBAAoB,OAAA;AACpB,gHAAA,aAAa,OAAA;AACb,qHAAA,kBAAkB,OAAA;AAClB,iHAAA,cAAc,OAAA;AAGhB,4CAAsD;AAA7C,yGAAA,gBAAgB,OAAA;AA4BzB,oCAAoC;AACpC,2CAAyB;AAEzB,gCAAgC;AAChC,wDAIgC;AAH9B,kHAAA,iBAAiB,OAAA;AAKnB,6BAA6B;AAC7B,gEAA6D;AAApD,kHAAA,cAAc,OAAA;AAMvB,sCAAsC;AACtC,oEAAiE;AAAxD,sHAAA,gBAAgB,OAAA"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Audit Logger Interface
|
|
3
|
+
*
|
|
4
|
+
* Platform-agnostic interface for audit logging in the MCP-I framework.
|
|
5
|
+
* Implementations should be provided by platform-specific packages.
|
|
6
|
+
*/
|
|
7
|
+
import type { AuditContext, AuditEventContext } from "@kya-os/contracts/audit";
|
|
8
|
+
/**
|
|
9
|
+
* Interface for audit logging implementations
|
|
10
|
+
*
|
|
11
|
+
* This interface is platform-agnostic and can be implemented by:
|
|
12
|
+
* - Node.js implementations (using Node.js crypto)
|
|
13
|
+
* - Cloudflare Workers implementations (using Web Crypto API)
|
|
14
|
+
* - Other platform-specific implementations
|
|
15
|
+
*/
|
|
16
|
+
export interface IAuditLogger {
|
|
17
|
+
/**
|
|
18
|
+
* Log an audit record (with session deduplication)
|
|
19
|
+
*
|
|
20
|
+
* This method logs audit records using the frozen audit.v1 format.
|
|
21
|
+
* Only the first call per session is logged (deduplication).
|
|
22
|
+
*
|
|
23
|
+
* @param context - Audit context with identity, session, hashes, and verification status
|
|
24
|
+
*/
|
|
25
|
+
logAuditRecord(context: AuditContext): Promise<void>;
|
|
26
|
+
/**
|
|
27
|
+
* Log an event (without session deduplication)
|
|
28
|
+
*
|
|
29
|
+
* This method logs events using the frozen audit.v1 format.
|
|
30
|
+
* Unlike logAuditRecord(), this always logs the event, allowing
|
|
31
|
+
* multiple events per session (e.g., consent events).
|
|
32
|
+
*
|
|
33
|
+
* @param context - Event context with eventType, identity, session, and optional eventData
|
|
34
|
+
*/
|
|
35
|
+
logEvent(context: AuditEventContext): Promise<void>;
|
|
36
|
+
}
|
|
37
|
+
//# sourceMappingURL=audit-logger.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-logger.d.ts","sourceRoot":"","sources":["../../src/runtime/audit-logger.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE/E;;;;;;;GAOG;AACH,MAAM,WAAW,YAAY;IAC3B;;;;;;;OAOG;IACH,cAAc,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErD;;;;;;;;OAQG;IACH,QAAQ,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACrD"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Audit Logger Interface
|
|
4
|
+
*
|
|
5
|
+
* Platform-agnostic interface for audit logging in the MCP-I framework.
|
|
6
|
+
* Implementations should be provided by platform-specific packages.
|
|
7
|
+
*/
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
//# sourceMappingURL=audit-logger.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-logger.js","sourceRoot":"","sources":["../../src/runtime/audit-logger.ts"],"names":[],"mappings":";AAAA;;;;;GAKG"}
|
package/dist/runtime/base.d.ts
CHANGED
|
@@ -9,13 +9,16 @@ import { CryptoProvider, ClockProvider, FetchProvider, StorageProvider, NonceCac
|
|
|
9
9
|
import { type Ed25519JWK } from "../services/crypto.service.js";
|
|
10
10
|
import { ProofVerifier } from "../services/proof-verifier.js";
|
|
11
11
|
import type { MCPIdentity, WellKnownConfig, WellKnownResponse } from "@kya-os/contracts/well-known";
|
|
12
|
+
import type { AccessControlApiService } from "../services/access-control.service.js";
|
|
12
13
|
import type { ProviderRuntimeConfig } from "../config";
|
|
13
14
|
/**
|
|
14
15
|
* Interface for runtime instances that have AccessControlApiService available
|
|
15
16
|
* This allows type-safe access to the access control service without using `as any`
|
|
17
|
+
*
|
|
18
|
+
* @deprecated AccessControlApiService is now directly available as protected property on MCPIRuntimeBase
|
|
16
19
|
*/
|
|
17
20
|
export interface RuntimeWithAccessControl {
|
|
18
|
-
accessControlService?:
|
|
21
|
+
accessControlService?: AccessControlApiService;
|
|
19
22
|
}
|
|
20
23
|
export declare class MCPIRuntimeBase {
|
|
21
24
|
protected crypto: CryptoProvider;
|
|
@@ -32,6 +35,7 @@ export declare class MCPIRuntimeBase {
|
|
|
32
35
|
private interceptedCalls;
|
|
33
36
|
private cryptoService?;
|
|
34
37
|
protected proofVerifier?: ProofVerifier;
|
|
38
|
+
protected accessControlService?: AccessControlApiService;
|
|
35
39
|
constructor(config: ProviderRuntimeConfig);
|
|
36
40
|
/**
|
|
37
41
|
* Initialize the runtime
|
|
@@ -44,7 +48,20 @@ export declare class MCPIRuntimeBase {
|
|
|
44
48
|
/**
|
|
45
49
|
* Handle handshake request
|
|
46
50
|
*/
|
|
47
|
-
|
|
51
|
+
/**
|
|
52
|
+
* Handle MCP handshake request
|
|
53
|
+
*
|
|
54
|
+
* @param request - Handshake request object (may include oauthIdentity for persistent user DID lookup)
|
|
55
|
+
* @returns Handshake response with session ID and agent DID
|
|
56
|
+
*
|
|
57
|
+
* @remarks
|
|
58
|
+
* - Accepts optional oauthIdentity via request.oauthIdentity (backward compatible)
|
|
59
|
+
* - If OAuth identity provided, uses it to retrieve/create persistent user DID
|
|
60
|
+
* - Falls back to ephemeral user DID generation if OAuth unavailable
|
|
61
|
+
*/
|
|
62
|
+
handleHandshake(request: any & {
|
|
63
|
+
oauthIdentity?: import("../identity/user-did-manager").OAuthIdentity | null;
|
|
64
|
+
}): Promise<any>;
|
|
48
65
|
/**
|
|
49
66
|
* Process tool call with automatic proof generation
|
|
50
67
|
* Returns clean result only - proof is stored for out-of-band retrieval
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base.d.ts","sourceRoot":"","sources":["../../src/runtime/base.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,cAAc,EACd,aAAa,EACb,aAAa,EACb,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,aAAa,EACd,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAiB,KAAK,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAE9D,OAAO,KAAK,EAGV,WAAW,EACX,eAAe,EACf,iBAAiB,EAClB,MAAM,8BAA8B,CAAC;
|
|
1
|
+
{"version":3,"file":"base.d.ts","sourceRoot":"","sources":["../../src/runtime/base.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,cAAc,EACd,aAAa,EACb,aAAa,EACb,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,aAAa,EACd,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAiB,KAAK,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAE9D,OAAO,KAAK,EAGV,WAAW,EACX,eAAe,EACf,iBAAiB,EAClB,MAAM,8BAA8B,CAAC;AACtC,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAKrF,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AAIvD;;;;;GAKG;AACH,MAAM,WAAW,wBAAwB;IACvC,oBAAoB,CAAC,EAAE,uBAAuB,CAAC;CAChD;AAED,qBAAa,eAAe;IAC1B,SAAS,CAAC,MAAM,EAAE,cAAc,CAAC;IACjC,SAAS,CAAC,KAAK,EAAE,aAAa,CAAC;IAC/B,SAAS,CAAC,KAAK,EAAE,aAAa,CAAC;IAC/B,SAAS,CAAC,OAAO,EAAE,eAAe,CAAC;IACnC,SAAS,CAAC,UAAU,EAAE,kBAAkB,CAAC;IACzC,SAAS,CAAC,QAAQ,EAAE,gBAAgB,CAAC;IACrC,SAAS,CAAC,MAAM,EAAE,qBAAqB,CAAC;IACxC,OAAO,CAAC,cAAc,CAAC,CAAgB;IACvC,OAAO,CAAC,QAAQ,CAA+B;IAC/C,OAAO,CAAC,SAAS,CAAC,CAAM;IACxB,OAAO,CAAC,cAAc,CAAC,CAAiB;IACxC,OAAO,CAAC,gBAAgB,CAA+B;IACvD,OAAO,CAAC,aAAa,CAAC,CAAgB;IACtC,SAAS,CAAC,aAAa,CAAC,EAAE,aAAa,CAAC;IACxC,SAAS,CAAC,oBAAoB,CAAC,EAAE,uBAAuB,CAAC;gBAE7C,MAAM,EAAE,qBAAqB;IAYzC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IA2CjC;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,aAAa,CAAC;IAO3C;;OAEG;IACH;;;;;;;;;;OAUG;IACG,eAAe,CACnB,OAAO,EAAE,GAAG,GAAG;QACb,aAAa,CAAC,EACV,OAAO,8BAA8B,EAAE,aAAa,GACpD,IAAI,CAAC;KACV,GACA,OAAO,CAAC,GAAG,CAAC;IAgGf;;;;;;;;OAQG;IACG,eAAe,CACnB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,GAAG,EACT,OAAO,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,EACpC,OAAO,CAAC,EAAE,GAAG,GACZ,OAAO,CAAC,GAAG,CAAC;IA8Zf;;;;;;;OAOG;IACG,cAAc,CAClB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,EACpC,eAAe,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,GAAG,CAAC;IAyCf;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAoB3B;;OAEG;IACH,OAAO,CAAC,8BAA8B;IAStC;;;;;;;;;;;;;;;;;OAiBG;IACH,SAAS,CAAC,eAAe,CACvB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,EAChB,OAAO,CAAC,EAAE,GAAG,EACb,WAAW,CAAC,EAAE,MAAM,EACpB,SAAS,CAAC,EAAE,MAAM,GACjB,MAAM;IAyBT;;;OAGG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAapD;;OAEG;IACG,WAAW,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAyCzD;;;;;;;;;OASG;IACG,WAAW,CAAC,WAAW,EAAE,GAAG,EAAE,cAAc,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC;IA2D3E;;;OAGG;YACW,iBAAiB;IAqD/B;;;;;;;;;;OAUG;IACG,cAAc,CAClB,GAAG,EAAE,MAAM,EACX,YAAY,EAAE,UAAU,EACxB,eAAe,CAAC,EAAE,MAAM,GAAG,UAAU,GACpC,OAAO,CAAC,OAAO,CAAC;IAgBnB;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,GAAG,CAAC;IAUvC;;OAEG;IACH,YAAY,IAAI,GAAG;IAInB;;OAEG;IACH,sBAAsB,CACpB,MAAM,CAAC,EAAE,eAAe,GACvB,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,iBAAiB,GAAG,WAAW,GAAG,IAAI,CAAC;IA+DpE;;OAEG;IACH,mBAAmB,IAAI,GAAG;IAyB1B;;OAEG;IACH,cAAc,IAAI,GAAG;IAMrB;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,aAAa,CAAC;YAkB5B,QAAQ;YAOR,aAAa;YAKb,iBAAiB;IAK/B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAsCG;IACH,OAAO,CAAC,QAAQ;IAmBhB,OAAO,CAAC,iBAAiB;IAmBzB,OAAO,CAAC,gBAAgB;IAYxB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA+B3B,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,UAAU;CAGnB"}
|
package/dist/runtime/base.js
CHANGED
|
@@ -10,6 +10,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
10
10
|
exports.MCPIRuntimeBase = void 0;
|
|
11
11
|
const tool_protection_js_1 = require("../types/tool-protection.js");
|
|
12
12
|
const crypto_service_js_1 = require("../services/crypto.service.js");
|
|
13
|
+
const agentshield_api_1 = require("@kya-os/contracts/agentshield-api");
|
|
13
14
|
const user_did_manager_1 = require("../identity/user-did-manager");
|
|
14
15
|
class MCPIRuntimeBase {
|
|
15
16
|
crypto;
|
|
@@ -26,6 +27,7 @@ class MCPIRuntimeBase {
|
|
|
26
27
|
interceptedCalls = new Map(); // Store intercepted tool calls by resume token
|
|
27
28
|
cryptoService;
|
|
28
29
|
proofVerifier; // Optional ProofVerifier (injected by subclasses)
|
|
30
|
+
accessControlService; // Optional AccessControlApiService (injected by subclasses)
|
|
29
31
|
constructor(config) {
|
|
30
32
|
this.config = config;
|
|
31
33
|
this.crypto = config.cryptoProvider;
|
|
@@ -87,17 +89,34 @@ class MCPIRuntimeBase {
|
|
|
87
89
|
/**
|
|
88
90
|
* Handle handshake request
|
|
89
91
|
*/
|
|
92
|
+
/**
|
|
93
|
+
* Handle MCP handshake request
|
|
94
|
+
*
|
|
95
|
+
* @param request - Handshake request object (may include oauthIdentity for persistent user DID lookup)
|
|
96
|
+
* @returns Handshake response with session ID and agent DID
|
|
97
|
+
*
|
|
98
|
+
* @remarks
|
|
99
|
+
* - Accepts optional oauthIdentity via request.oauthIdentity (backward compatible)
|
|
100
|
+
* - If OAuth identity provided, uses it to retrieve/create persistent user DID
|
|
101
|
+
* - Falls back to ephemeral user DID generation if OAuth unavailable
|
|
102
|
+
*/
|
|
90
103
|
async handleHandshake(request) {
|
|
91
104
|
const identity = await this.getIdentity();
|
|
92
105
|
const timestamp = this.clock.now();
|
|
93
106
|
const sessionId = await this.generateSessionId();
|
|
94
107
|
// Generate user DID if user DID generation is enabled
|
|
108
|
+
// Use OAuth identity if provided for persistent user DID lookup
|
|
95
109
|
let userDid;
|
|
96
110
|
if (this.userDidManager) {
|
|
97
111
|
try {
|
|
98
|
-
|
|
112
|
+
const oauthIdentity = request.oauthIdentity;
|
|
113
|
+
userDid = await this.userDidManager.getOrCreateUserDid(sessionId, oauthIdentity);
|
|
99
114
|
if (this.config.audit?.enabled) {
|
|
100
|
-
console.log("[MCP-I] Generated user DID for session:",
|
|
115
|
+
console.log("[MCP-I] Generated user DID for session:", {
|
|
116
|
+
userDid: userDid.substring(0, 20) + "...",
|
|
117
|
+
hasOAuth: !!oauthIdentity,
|
|
118
|
+
provider: oauthIdentity?.provider,
|
|
119
|
+
});
|
|
101
120
|
}
|
|
102
121
|
}
|
|
103
122
|
catch (error) {
|
|
@@ -127,8 +146,7 @@ class MCPIRuntimeBase {
|
|
|
127
146
|
platform: normalizeString(requestClientInfo?.platform),
|
|
128
147
|
vendor: normalizeString(requestClientInfo?.vendor),
|
|
129
148
|
persistentId: normalizeString(requestClientInfo?.persistentId),
|
|
130
|
-
clientId: normalizeString(requestClientInfo?.clientId) ??
|
|
131
|
-
crypto.randomUUID(),
|
|
149
|
+
clientId: normalizeString(requestClientInfo?.clientId) ?? crypto.randomUUID(),
|
|
132
150
|
protocolVersion,
|
|
133
151
|
capabilities: clientCapabilities,
|
|
134
152
|
}
|
|
@@ -218,13 +236,211 @@ class MCPIRuntimeBase {
|
|
|
218
236
|
}
|
|
219
237
|
throw error;
|
|
220
238
|
}
|
|
221
|
-
// Delegation provided - verify it
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
239
|
+
// Delegation provided - verify it with AccessControlApiService
|
|
240
|
+
const delegationToken = session?.delegationToken;
|
|
241
|
+
const consentProof = session?.consentProof;
|
|
242
|
+
if (!this.accessControlService) {
|
|
243
|
+
// Access control service not available - log warning but allow execution
|
|
244
|
+
// This enables graceful degradation when service is not configured
|
|
245
|
+
if (this.config.audit?.enabled) {
|
|
246
|
+
console.warn("[MCP-I] ⚠️ Delegation token provided but AccessControlApiService not configured - skipping verification", {
|
|
247
|
+
tool: toolName,
|
|
248
|
+
agentDid: identity.did.slice(0, 20) + "...",
|
|
249
|
+
hasDelegationToken: !!delegationToken,
|
|
250
|
+
hasConsentProof: !!consentProof,
|
|
251
|
+
});
|
|
252
|
+
}
|
|
253
|
+
}
|
|
254
|
+
else {
|
|
255
|
+
// Verify delegation token with AccessControlApiService
|
|
256
|
+
try {
|
|
257
|
+
if (this.config.audit?.enabled) {
|
|
258
|
+
console.log("[MCP-I] 🔐 Verifying delegation token with AccessControlApiService", {
|
|
259
|
+
tool: toolName,
|
|
260
|
+
agentDid: identity.did.slice(0, 20) + "...",
|
|
261
|
+
hasDelegationToken: !!delegationToken,
|
|
262
|
+
hasConsentProof: !!consentProof,
|
|
263
|
+
requiredScopes: protection.requiredScopes,
|
|
264
|
+
});
|
|
265
|
+
}
|
|
266
|
+
// Build verification request
|
|
267
|
+
const verifyRequest = {
|
|
268
|
+
agent_did: identity.did,
|
|
269
|
+
scopes: protection.requiredScopes,
|
|
270
|
+
};
|
|
271
|
+
// Add delegation token if available (preferred over consent proof)
|
|
272
|
+
if (delegationToken) {
|
|
273
|
+
verifyRequest.delegation_token = delegationToken;
|
|
274
|
+
}
|
|
275
|
+
else if (consentProof) {
|
|
276
|
+
// Consent proof is a JWT credential - use as credential_jwt
|
|
277
|
+
verifyRequest.credential_jwt = consentProof;
|
|
278
|
+
}
|
|
279
|
+
// Add optional timestamp for verification
|
|
280
|
+
verifyRequest.timestamp = this.clock.now();
|
|
281
|
+
// Add client info from session if available
|
|
282
|
+
if (session?.clientDid || session?.clientId) {
|
|
283
|
+
verifyRequest.client_info = {
|
|
284
|
+
origin: session?.serverOrigin,
|
|
285
|
+
user_agent: session?.userAgent,
|
|
286
|
+
};
|
|
287
|
+
}
|
|
288
|
+
// Perform verification
|
|
289
|
+
const verificationResult = await this.accessControlService.verifyDelegation(verifyRequest, {
|
|
290
|
+
delegationToken: delegationToken || undefined,
|
|
291
|
+
credentialJwt: consentProof || undefined,
|
|
292
|
+
});
|
|
293
|
+
// Check verification result
|
|
294
|
+
if (!verificationResult.data.valid) {
|
|
295
|
+
// Delegation verification failed
|
|
296
|
+
const reason = verificationResult.data.reason ||
|
|
297
|
+
"Delegation token invalid or expired";
|
|
298
|
+
const errorDetails = verificationResult.data.error;
|
|
299
|
+
if (this.config.audit?.enabled) {
|
|
300
|
+
console.error("[MCP-I] ❌ Delegation verification FAILED", {
|
|
301
|
+
tool: toolName,
|
|
302
|
+
agentDid: identity.did.slice(0, 20) + "...",
|
|
303
|
+
reason,
|
|
304
|
+
errorCode: errorDetails?.code,
|
|
305
|
+
errorMessage: errorDetails?.message,
|
|
306
|
+
requiredScopes: protection.requiredScopes,
|
|
307
|
+
});
|
|
308
|
+
}
|
|
309
|
+
// Throw DelegationRequiredError to trigger consent flow
|
|
310
|
+
const interceptedCall = {
|
|
311
|
+
toolName,
|
|
312
|
+
args,
|
|
313
|
+
sessionId: session?.id || "unknown",
|
|
314
|
+
timestamp: this.clock.now(),
|
|
315
|
+
expiresAt: this.clock.calculateExpiry(1800), // 30 minutes
|
|
316
|
+
};
|
|
317
|
+
const resumeToken = this.generateResumeToken(interceptedCall);
|
|
318
|
+
const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken);
|
|
319
|
+
this.interceptedCalls.set(resumeToken, interceptedCall);
|
|
320
|
+
this.cleanupExpiredInterceptedCalls();
|
|
321
|
+
throw new tool_protection_js_1.DelegationRequiredError(toolName, protection.requiredScopes, consentUrl, interceptedCall, resumeToken);
|
|
322
|
+
}
|
|
323
|
+
// ✅ SECURITY: Validate user_identifier matches session userDid
|
|
324
|
+
// This ensures delegations are user-specific and prevents user isolation bypass
|
|
325
|
+
const credential = verificationResult.data.credential;
|
|
326
|
+
const delegationUserIdentifier = credential?.user_identifier;
|
|
327
|
+
const sessionUserDid = session?.userDid;
|
|
328
|
+
if (delegationUserIdentifier && sessionUserDid) {
|
|
329
|
+
if (delegationUserIdentifier !== sessionUserDid) {
|
|
330
|
+
// User identifier mismatch - potential security issue
|
|
331
|
+
const securityError = `Delegation user_identifier mismatch: delegation has "${delegationUserIdentifier.substring(0, 20)}..." but session has "${sessionUserDid.substring(0, 20)}..."`;
|
|
332
|
+
if (this.config.audit?.enabled) {
|
|
333
|
+
console.error("[MCP-I] 🔒 SECURITY: User identifier validation FAILED", {
|
|
334
|
+
tool: toolName,
|
|
335
|
+
agentDid: identity.did.slice(0, 20) + "...",
|
|
336
|
+
delegationUserIdentifier: delegationUserIdentifier.substring(0, 20) + "...",
|
|
337
|
+
sessionUserDid: sessionUserDid.substring(0, 20) + "...",
|
|
338
|
+
sessionId: session?.id?.substring(0, 20) + "...",
|
|
339
|
+
reason: "user_identifier_mismatch",
|
|
340
|
+
severity: "high",
|
|
341
|
+
});
|
|
342
|
+
}
|
|
343
|
+
// Throw DelegationRequiredError to force re-authentication
|
|
344
|
+
const interceptedCall = {
|
|
345
|
+
toolName,
|
|
346
|
+
args,
|
|
347
|
+
sessionId: session?.id || "unknown",
|
|
348
|
+
timestamp: this.clock.now(),
|
|
349
|
+
expiresAt: this.clock.calculateExpiry(1800), // 30 minutes
|
|
350
|
+
};
|
|
351
|
+
const resumeToken = this.generateResumeToken(interceptedCall);
|
|
352
|
+
const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken);
|
|
353
|
+
this.interceptedCalls.set(resumeToken, interceptedCall);
|
|
354
|
+
this.cleanupExpiredInterceptedCalls();
|
|
355
|
+
throw new tool_protection_js_1.DelegationRequiredError(toolName, protection.requiredScopes, consentUrl, interceptedCall, resumeToken);
|
|
356
|
+
}
|
|
357
|
+
// User identifier matches - log success for audit
|
|
358
|
+
if (this.config.audit?.enabled) {
|
|
359
|
+
console.log("[MCP-I] ✅ User identifier validation PASSED", {
|
|
360
|
+
tool: toolName,
|
|
361
|
+
agentDid: identity.did.slice(0, 20) + "...",
|
|
362
|
+
userDid: sessionUserDid.substring(0, 20) + "...",
|
|
363
|
+
sessionId: session?.id?.substring(0, 20) + "...",
|
|
364
|
+
});
|
|
365
|
+
}
|
|
366
|
+
}
|
|
367
|
+
else if (delegationUserIdentifier && !sessionUserDid) {
|
|
368
|
+
// Delegation has user_identifier but session doesn't - log warning
|
|
369
|
+
if (this.config.audit?.enabled) {
|
|
370
|
+
console.warn("[MCP-I] ⚠️ Delegation has user_identifier but session missing userDid", {
|
|
371
|
+
tool: toolName,
|
|
372
|
+
agentDid: identity.did.slice(0, 20) + "...",
|
|
373
|
+
delegationUserIdentifier: delegationUserIdentifier.substring(0, 20) + "...",
|
|
374
|
+
sessionId: session?.id?.substring(0, 20) + "...",
|
|
375
|
+
});
|
|
376
|
+
}
|
|
377
|
+
}
|
|
378
|
+
// Verification succeeded
|
|
379
|
+
if (this.config.audit?.enabled) {
|
|
380
|
+
console.log("[MCP-I] ✅ Delegation verification SUCCEEDED", {
|
|
381
|
+
tool: toolName,
|
|
382
|
+
agentDid: identity.did.slice(0, 20) + "...",
|
|
383
|
+
delegationId: verificationResult.data.delegation_id,
|
|
384
|
+
credentialScopes: verificationResult.data.credential?.scopes,
|
|
385
|
+
requiredScopes: protection.requiredScopes,
|
|
386
|
+
});
|
|
387
|
+
}
|
|
388
|
+
}
|
|
389
|
+
catch (error) {
|
|
390
|
+
// Handle verification errors
|
|
391
|
+
if (error instanceof tool_protection_js_1.DelegationRequiredError) {
|
|
392
|
+
// Re-throw DelegationRequiredError as-is (already handled above)
|
|
393
|
+
throw error;
|
|
394
|
+
}
|
|
395
|
+
// Handle AgentShieldAPIError (network errors, API errors, etc.)
|
|
396
|
+
if (error instanceof agentshield_api_1.AgentShieldAPIError) {
|
|
397
|
+
if (this.config.audit?.enabled) {
|
|
398
|
+
console.error("[MCP-I] ❌ Delegation verification error (API failure)", {
|
|
399
|
+
tool: toolName,
|
|
400
|
+
agentDid: identity.did.slice(0, 20) + "...",
|
|
401
|
+
errorCode: error.code,
|
|
402
|
+
errorMessage: error.message,
|
|
403
|
+
errorDetails: error.details,
|
|
404
|
+
});
|
|
405
|
+
}
|
|
406
|
+
// On API errors, fail securely by requiring delegation
|
|
407
|
+
// This prevents unauthorized access when verification service is unavailable
|
|
408
|
+
const interceptedCall = {
|
|
409
|
+
toolName,
|
|
410
|
+
args,
|
|
411
|
+
sessionId: session?.id || "unknown",
|
|
412
|
+
timestamp: this.clock.now(),
|
|
413
|
+
expiresAt: this.clock.calculateExpiry(1800),
|
|
414
|
+
};
|
|
415
|
+
const resumeToken = this.generateResumeToken(interceptedCall);
|
|
416
|
+
const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken);
|
|
417
|
+
this.interceptedCalls.set(resumeToken, interceptedCall);
|
|
418
|
+
this.cleanupExpiredInterceptedCalls();
|
|
419
|
+
throw new tool_protection_js_1.DelegationRequiredError(toolName, protection.requiredScopes, consentUrl, interceptedCall, resumeToken);
|
|
420
|
+
}
|
|
421
|
+
// Unexpected error - log and fail securely
|
|
422
|
+
if (this.config.audit?.enabled) {
|
|
423
|
+
console.error("[MCP-I] ❌ Unexpected error during delegation verification", {
|
|
424
|
+
tool: toolName,
|
|
425
|
+
agentDid: identity.did.slice(0, 20) + "...",
|
|
426
|
+
error: error.message || String(error),
|
|
427
|
+
errorStack: error.stack,
|
|
428
|
+
});
|
|
429
|
+
}
|
|
430
|
+
// Fail securely - require delegation on unexpected errors
|
|
431
|
+
const interceptedCall = {
|
|
432
|
+
toolName,
|
|
433
|
+
args,
|
|
434
|
+
sessionId: session?.id || "unknown",
|
|
435
|
+
timestamp: this.clock.now(),
|
|
436
|
+
expiresAt: this.clock.calculateExpiry(1800),
|
|
437
|
+
};
|
|
438
|
+
const resumeToken = this.generateResumeToken(interceptedCall);
|
|
439
|
+
const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken);
|
|
440
|
+
this.interceptedCalls.set(resumeToken, interceptedCall);
|
|
441
|
+
this.cleanupExpiredInterceptedCalls();
|
|
442
|
+
throw new tool_protection_js_1.DelegationRequiredError(toolName, protection.requiredScopes, consentUrl, interceptedCall, resumeToken);
|
|
443
|
+
}
|
|
228
444
|
}
|
|
229
445
|
}
|
|
230
446
|
else {
|