@kya-os/mcp-i-core 1.3.7-canary.0 → 1.3.7-canary.clientinfo.20251126041014

package/dist/services/authorization/types.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Authorization Service Types
+ *
+ * Shared types for authorization services and flows.
+ *
+ * @package @kya-os/mcp-i-core
+ */
+import type { ToolProtection } from "@kya-os/contracts/tool-protection";
+/**
+ * Authorization Flow Result
+ */
+export interface AuthorizationResult {
+    success: boolean;
+    credential?: unknown;
+    userDid?: string;
+    metadata?: Record<string, unknown>;
+    error?: Error;
+}
+/**
+ * Authorization Flow
+ * Represents an initiated authorization flow
+ */
+export interface AuthorizationFlow {
+    /** URL to redirect the user to */
+    url: string;
+    /** Unique identifier for this flow */
+    flowId?: string;
+    /** Metadata about the flow */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Authorization Service Interface
+ * Each authorization type implements this
+ */
+export interface AuthorizationService {
+    /** Unique type identifier (e.g., 'oauth', 'mdl', 'idv') */
+    type: string;
+    /**
+     * Check if authorization is required for the given tool protection
+     */
+    isRequired(toolProtection: ToolProtection): boolean;
+    /**
+     * Initiate authorization flow
+     * Returns URL or flow identifier
+     */
+    initiateFlow(toolProtection: ToolProtection, sessionId: string, projectId: string, agentDid: string, serverUrl: string): Promise<AuthorizationFlow>;
+    /**
+     * Verify authorization result
+     * Called after user completes flow
+     */
+    verifyAuthorization(flowId: string, result: unknown): Promise<AuthorizationResult>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/services/authorization/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/services/authorization/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AAExE;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;IAEZ,sCAAsC;IACtC,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,8BAA8B;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,2DAA2D;IAC3D,IAAI,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,UAAU,CAAC,cAAc,EAAE,cAAc,GAAG,OAAO,CAAC;IAEpD;;;OAGG;IACH,YAAY,CACV,cAAc,EAAE,cAAc,EAC9B,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAE9B;;;OAGG;IACH,mBAAmB,CACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,OAAO,GACd,OAAO,CAAC,mBAAmB,CAAC,CAAC;CACjC"}

package/dist/services/authorization/types.js

@@ -0,0 +1,10 @@
+"use strict";
+/**
+ * Authorization Service Types
+ *
+ * Shared types for authorization services and flows.
+ *
+ * @package @kya-os/mcp-i-core
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/services/authorization/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/services/authorization/types.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG"}

package/dist/services/batch-delegation.service.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Batch Delegation Service
+ *
+ * Groups tools by OAuth provider for batch delegation flows.
+ * Enables single OAuth flow for multiple tools requiring the same provider.
+ *
+ * @package @kya-os/mcp-i-core
+ */
+import type { ProviderResolver } from "./provider-resolver.js";
+import type { ToolProtectionService } from "./tool-protection.service.js";
+/**
+ * Tool group by provider
+ */
+export interface ToolGroup {
+    /** OAuth provider name */
+    provider: string;
+    /** Tool names in this group */
+    tools: string[];
+    /** Merged scopes from all tools in group */
+    scopes: string[];
+    /** Highest risk level in group */
+    riskLevel: "low" | "medium" | "high";
+}
+/**
+ * Service for grouping tools by OAuth provider
+ */
+export declare class BatchDelegationService {
+    private providerResolver;
+    private toolProtectionService;
+    constructor(providerResolver: ProviderResolver, toolProtectionService: ToolProtectionService);
+    /**
+     * Group tools by OAuth provider
+     *
+     * Returns a map of provider → tools that require that provider.
+     * Tools that don't require delegation are skipped.
+     *
+     * @param toolNames - Array of tool names to group
+     * @param projectId - Project ID for provider resolution
+     * @param agentDid - Agent DID for fetching tool protections
+     * @returns Map of provider name to ToolGroup
+     */
+    groupToolsByProvider(toolNames: string[], projectId: string, agentDid: string): Promise<Map<string, ToolGroup>>;
+    /**
+     * Get all tools that require a specific provider
+     *
+     * @param provider - Provider name to filter by
+     * @param projectId - Project ID for provider resolution
+     * @param agentDid - Agent DID for fetching tool protections
+     * @returns Array of tool names requiring the specified provider
+     */
+    getToolsForProvider(provider: string, projectId: string, agentDid: string): Promise<string[]>;
+}
+//# sourceMappingURL=batch-delegation.service.d.ts.map

package/dist/services/batch-delegation.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"batch-delegation.service.d.ts","sourceRoot":"","sources":["../../src/services/batch-delegation.service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC/D,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AAE1E;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,0BAA0B;IAC1B,QAAQ,EAAE,MAAM,CAAC;IAEjB,+BAA+B;IAC/B,KAAK,EAAE,MAAM,EAAE,CAAC;IAEhB,4CAA4C;IAC5C,MAAM,EAAE,MAAM,EAAE,CAAC;IAEjB,kCAAkC;IAClC,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;CACtC;AAED;;GAEG;AACH,qBAAa,sBAAsB;IAE/B,OAAO,CAAC,gBAAgB;IACxB,OAAO,CAAC,qBAAqB;gBADrB,gBAAgB,EAAE,gBAAgB,EAClC,qBAAqB,EAAE,qBAAqB;IAGtD;;;;;;;;;;OAUG;IACG,oBAAoB,CACxB,SAAS,EAAE,MAAM,EAAE,EACnB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IA+DlC;;;;;;;OAOG;IACG,mBAAmB,CACvB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,MAAM,EAAE,CAAC;CAMrB"}

package/dist/services/batch-delegation.service.js

@@ -0,0 +1,95 @@
+"use strict";
+/**
+ * Batch Delegation Service
+ *
+ * Groups tools by OAuth provider for batch delegation flows.
+ * Enables single OAuth flow for multiple tools requiring the same provider.
+ *
+ * @package @kya-os/mcp-i-core
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BatchDelegationService = void 0;
+/**
+ * Service for grouping tools by OAuth provider
+ */
+class BatchDelegationService {
+    providerResolver;
+    toolProtectionService;
+    constructor(providerResolver, toolProtectionService) {
+        this.providerResolver = providerResolver;
+        this.toolProtectionService = toolProtectionService;
+    }
+    /**
+     * Group tools by OAuth provider
+     *
+     * Returns a map of provider → tools that require that provider.
+     * Tools that don't require delegation are skipped.
+     *
+     * @param toolNames - Array of tool names to group
+     * @param projectId - Project ID for provider resolution
+     * @param agentDid - Agent DID for fetching tool protections
+     * @returns Map of provider name to ToolGroup
+     */
+    async groupToolsByProvider(toolNames, projectId, agentDid) {
+        const groups = new Map();
+        for (const toolName of toolNames) {
+            const protection = await this.toolProtectionService.checkToolProtection(toolName, agentDid);
+            if (!protection?.requiresDelegation) {
+                continue; // Skip tools that don't require delegation
+            }
+            // Resolve provider for this tool
+            let provider;
+            try {
+                provider = await this.providerResolver.resolveProvider(protection, projectId);
+            }
+            catch (error) {
+                console.warn(`[BatchDelegation] Could not resolve provider for tool "${toolName}", skipping`, error instanceof Error ? error.message : String(error));
+                continue;
+            }
+            // Get or create group for this provider
+            if (!groups.has(provider)) {
+                groups.set(provider, {
+                    provider,
+                    tools: [],
+                    scopes: [],
+                    riskLevel: "medium", // Default
+                });
+            }
+            const group = groups.get(provider);
+            group.tools.push(toolName);
+            // Merge scopes (deduplicate)
+            const allScopes = new Set([
+                ...group.scopes,
+                ...(protection.requiredScopes || []),
+            ]);
+            group.scopes = Array.from(allScopes);
+            // Use highest risk level
+            if (protection.riskLevel) {
+                const riskOrder = { low: 1, medium: 2, high: 3, critical: 4 };
+                const currentRisk = riskOrder[group.riskLevel] || 1;
+                const toolRisk = riskOrder[protection.riskLevel] || 1;
+                if (toolRisk > currentRisk) {
+                    // Map critical to high for ToolGroup interface
+                    group.riskLevel = protection.riskLevel === "critical" ? "high" : protection.riskLevel;
+                }
+            }
+        }
+        return groups;
+    }
+    /**
+     * Get all tools that require a specific provider
+     *
+     * @param provider - Provider name to filter by
+     * @param projectId - Project ID for provider resolution
+     * @param agentDid - Agent DID for fetching tool protections
+     * @returns Array of tool names requiring the specified provider
+     */
+    async getToolsForProvider(provider, projectId, agentDid) {
+        // This would require fetching all tool protections
+        // For now, return empty array (can be enhanced later)
+        // TODO: Implement if needed for Phase 4 batch delegation UI
+        return [];
+    }
+}
+exports.BatchDelegationService = BatchDelegationService;
+//# sourceMappingURL=batch-delegation.service.js.map

package/dist/services/batch-delegation.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"batch-delegation.service.js","sourceRoot":"","sources":["../../src/services/batch-delegation.service.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAuBH;;GAEG;AACH,MAAa,sBAAsB;IAEvB;IACA;IAFV,YACU,gBAAkC,EAClC,qBAA4C;QAD5C,qBAAgB,GAAhB,gBAAgB,CAAkB;QAClC,0BAAqB,GAArB,qBAAqB,CAAuB;IACnD,CAAC;IAEJ;;;;;;;;;;OAUG;IACH,KAAK,CAAC,oBAAoB,CACxB,SAAmB,EACnB,SAAiB,EACjB,QAAgB;QAEhB,MAAM,MAAM,GAAG,IAAI,GAAG,EAAqB,CAAC;QAE5C,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,mBAAmB,CACrE,QAAQ,EACR,QAAQ,CACT,CAAC;YAEF,IAAI,CAAC,UAAU,EAAE,kBAAkB,EAAE,CAAC;gBACpC,SAAS,CAAC,2CAA2C;YACvD,CAAC;YAED,iCAAiC;YACjC,IAAI,QAAgB,CAAC;YACrB,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,eAAe,CACpD,UAAU,EACV,SAAS,CACV,CAAC;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CACV,0DAA0D,QAAQ,aAAa,EAC/E,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CACvD,CAAC;gBACF,SAAS;YACX,CAAC;YAED,wCAAwC;YACxC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE;oBACnB,QAAQ;oBACR,KAAK,EAAE,EAAE;oBACT,MAAM,EAAE,EAAE;oBACV,SAAS,EAAE,QAAQ,EAAE,UAAU;iBAChC,CAAC,CAAC;YACL,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC;YACpC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAE3B,6BAA6B;YAC7B,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC;gBACxB,GAAG,KAAK,CAAC,MAAM;gBACf,GAAG,CAAC,UAAU,CAAC,cAAc,IAAI,EAAE,CAAC;aACrC,CAAC,CAAC;YACH,KAAK,CAAC,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAErC,yBAAyB;YACzB,IAAI,UAAU,CAAC,SAAS,EAAE,CAAC;gBACzB,MAAM,SAAS,GAA2B,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;gBACtF,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBACpD,MAAM,QAAQ,GAAG,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBACtD,IAAI,QAAQ,GAAG,WAAW,EAAE,CAAC;oBAC3B,+CAA+C;oBAC/C,KAAK,CAAC,SAAS,GAAG,UAAU,CAAC,SAAS,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC;gBACxF,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,mBAAmB,CACvB,QAAgB,EAChB,SAAiB,EACjB,QAAgB;QAEhB,mDAAmD;QACnD,sDAAsD;QACtD,4DAA4D;QAC5D,OAAO,EAAE,CAAC;IACZ,CAAC;CACF;AAtGD,wDAsGC"}

package/dist/services/index.d.ts

@@ -2,4 +2,6 @@ export { CryptoService } from './crypto.service.js';
 export type { Ed25519JWK, ParsedJWS } from './crypto.service.js';
 export { AccessControlApiService } from './access-control.service.js';
 export type { AccessControlApiServiceConfig, AccessControlApiServiceMetrics, } from './access-control.service.js';
+export { SessionRegistrationService, createSessionRegistrationService, } from './session-registration.service.js';
+export type { SessionRegistrationServiceConfig, SessionRegistrationResult, } from './session-registration.service.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/services/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAEjE,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,YAAY,EACV,6BAA6B,EAC7B,8BAA8B,GAC/B,MAAM,6BAA6B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAEjE,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,YAAY,EACV,6BAA6B,EAC7B,8BAA8B,GAC/B,MAAM,6BAA6B,CAAC;AAErC,OAAO,EACL,0BAA0B,EAC1B,gCAAgC,GACjC,MAAM,mCAAmC,CAAC;AAC3C,YAAY,EACV,gCAAgC,EAChC,yBAAyB,GAC1B,MAAM,mCAAmC,CAAC"}

package/dist/services/index.js

@@ -1,8 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AccessControlApiService = exports.CryptoService = void 0;
+exports.createSessionRegistrationService = exports.SessionRegistrationService = exports.AccessControlApiService = exports.CryptoService = void 0;
 var crypto_service_js_1 = require("./crypto.service.js");
 Object.defineProperty(exports, "CryptoService", { enumerable: true, get: function () { return crypto_service_js_1.CryptoService; } });
 var access_control_service_js_1 = require("./access-control.service.js");
 Object.defineProperty(exports, "AccessControlApiService", { enumerable: true, get: function () { return access_control_service_js_1.AccessControlApiService; } });
+var session_registration_service_js_1 = require("./session-registration.service.js");
+Object.defineProperty(exports, "SessionRegistrationService", { enumerable: true, get: function () { return session_registration_service_js_1.SessionRegistrationService; } });
+Object.defineProperty(exports, "createSessionRegistrationService", { enumerable: true, get: function () { return session_registration_service_js_1.createSessionRegistrationService; } });
 //# sourceMappingURL=index.js.map

package/dist/services/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":";;;AAAA,yDAAoD;AAA3C,kHAAA,aAAa,OAAA;AAGtB,yEAAsE;AAA7D,oIAAA,uBAAuB,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":";;;AAAA,yDAAoD;AAA3C,kHAAA,aAAa,OAAA;AAGtB,yEAAsE;AAA7D,oIAAA,uBAAuB,OAAA;AAMhC,qFAG2C;AAFzC,6IAAA,0BAA0B,OAAA;AAC1B,mJAAA,gCAAgC,OAAA"}

package/dist/services/oauth-config.service.d.ts

@@ -0,0 +1,53 @@
+/**
+ * OAuth Config Service
+ *
+ * Fetches and caches OAuth provider configurations from AgentShield API.
+ * Provides caching with TTL to reduce API calls.
+ *
+ * @package @kya-os/mcp-i-core
+ */
+import type { FetchProvider } from "../providers/base.js";
+import type { OAuthConfig } from "@kya-os/contracts/config";
+import type { OAuthConfigCache } from "../cache/oauth-config-cache.js";
+export interface OAuthConfigServiceConfig {
+    /** Base URL for AgentShield API (e.g., "https://kya.vouched.id") */
+    baseUrl: string;
+    /** API key for authentication */
+    apiKey: string;
+    /** Fetch provider for making HTTP requests */
+    fetchProvider: FetchProvider;
+    /** Cache implementation (defaults to in-memory) */
+    cache?: OAuthConfigCache;
+    /** Cache TTL in milliseconds (default: 5 minutes) */
+    cacheTtl?: number;
+    /** Optional logger callback for diagnostics */
+    logger?: (message: string, data?: unknown) => void;
+}
+/**
+ * Service for fetching OAuth provider configurations from AgentShield API
+ */
+export declare class OAuthConfigService {
+    private config;
+    constructor(config: OAuthConfigServiceConfig);
+    /**
+     * Get OAuth configuration for a project
+     *
+     * Fetches from AgentShield API: GET /api/v1/bouncer/projects/{projectId}/providers
+     * Caches responses with TTL to reduce API calls.
+     *
+     * @param projectId - Project ID to fetch config for
+     * @returns OAuth configuration with providers object
+     */
+    getOAuthConfig(projectId: string): Promise<OAuthConfig>;
+    /**
+     * Clear cached config for a project
+     *
+     * @param projectId - Project ID to clear cache for
+     */
+    clearCache(projectId: string): Promise<void>;
+    /**
+     * Clear all cached configs
+     */
+    clearAllCache(): Promise<void>;
+}
+//# sourceMappingURL=oauth-config.service.d.ts.map

package/dist/services/oauth-config.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-config.service.d.ts","sourceRoot":"","sources":["../../src/services/oauth-config.service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAiB,MAAM,0BAA0B,CAAC;AAC3E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAGvE,MAAM,WAAW,wBAAwB;IACvC,oEAAoE;IACpE,OAAO,EAAE,MAAM,CAAC;IAEhB,iCAAiC;IACjC,MAAM,EAAE,MAAM,CAAC;IAEf,8CAA8C;IAC9C,aAAa,EAAE,aAAa,CAAC;IAE7B,mDAAmD;IACnD,KAAK,CAAC,EAAE,gBAAgB,CAAC;IAEzB,qDAAqD;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,+CAA+C;IAC/C,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CACpD;AAED;;GAEG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAGZ;gBAEU,MAAM,EAAE,wBAAwB;IAW5C;;;;;;;;OAQG;IACG,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IA8G7D;;;;OAIG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKlD;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;CAIrC"}

package/dist/services/oauth-config.service.js

@@ -0,0 +1,141 @@
+"use strict";
+/**
+ * OAuth Config Service
+ *
+ * Fetches and caches OAuth provider configurations from AgentShield API.
+ * Provides caching with TTL to reduce API calls.
+ *
+ * @package @kya-os/mcp-i-core
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuthConfigService = void 0;
+const oauth_config_cache_js_1 = require("../cache/oauth-config-cache.js");
+/**
+ * Service for fetching OAuth provider configurations from AgentShield API
+ */
+class OAuthConfigService {
+    config;
+    constructor(config) {
+        this.config = {
+            baseUrl: config.baseUrl,
+            apiKey: config.apiKey,
+            fetchProvider: config.fetchProvider,
+            cacheTtl: config.cacheTtl ?? 5 * 60 * 1000, // Default 5 minutes
+            logger: config.logger || (() => { }),
+            cache: config.cache || new oauth_config_cache_js_1.InMemoryOAuthConfigCache(),
+        };
+    }
+    /**
+     * Get OAuth configuration for a project
+     *
+     * Fetches from AgentShield API: GET /api/v1/bouncer/projects/{projectId}/providers
+     * Caches responses with TTL to reduce API calls.
+     *
+     * @param projectId - Project ID to fetch config for
+     * @returns OAuth configuration with providers object
+     */
+    async getOAuthConfig(projectId) {
+        // Check cache
+        const cached = await this.config.cache.get(projectId);
+        if (cached) {
+            this.config.logger("[OAuthConfigService] Cache hit", {
+                projectId,
+            });
+            return cached;
+        }
+        // Fetch from AgentShield API
+        const url = `${this.config.baseUrl}/api/v1/bouncer/projects/${encodeURIComponent(projectId)}/providers`;
+        this.config.logger("[OAuthConfigService] Fetching config from API", {
+            projectId,
+            url,
+        });
+        try {
+            const response = await this.config.fetchProvider.fetch(url, {
+                method: "GET",
+                headers: {
+                    Authorization: `Bearer ${this.config.apiKey}`,
+                    "Content-Type": "application/json",
+                },
+            });
+            if (!response.ok) {
+                const errorText = await response.text().catch(() => "Unknown error");
+                throw new Error(`Failed to fetch OAuth config: ${response.status} ${response.statusText} - ${errorText}`);
+            }
+            const result = await response.json();
+            // Validate response structure
+            if (!result.success || !result.data) {
+                throw new Error("Invalid API response: missing success or data field");
+            }
+            // Parse providers object with snake_case → camelCase mapping
+            // AgentShield API may return snake_case fields, but OAuthProvider interface uses camelCase
+            const rawProviders = result.data.providers || {};
+            if (typeof rawProviders !== "object" || Array.isArray(rawProviders)) {
+                throw new Error("Invalid API response: providers must be an object, not an array");
+            }
+            // Map each provider's fields from snake_case to camelCase
+            const providers = {};
+            for (const [name, raw] of Object.entries(rawProviders)) {
+                const p = raw;
+                providers[name] = {
+                    clientId: (p.clientId ?? p.client_id ?? ""),
+                    clientSecret: (p.clientSecret ?? p.client_secret ?? null),
+                    authorizationUrl: (p.authorizationUrl ?? p.authorization_url ?? ""),
+                    tokenUrl: (p.tokenUrl ?? p.token_url ?? ""),
+                    userInfoUrl: (p.userInfoUrl ?? p.user_info_url),
+                    supportsPKCE: (p.supportsPKCE ?? p.supports_pkce ?? false),
+                    requiresClientSecret: (p.requiresClientSecret ?? p.requires_client_secret ?? true),
+                    scopes: (p.scopes ?? []),
+                    defaultScopes: (p.defaultScopes ?? p.default_scopes),
+                    proxyMode: (p.proxyMode ?? p.proxy_mode ?? false),
+                    customParams: (p.customParams ?? p.custom_params),
+                    tokenEndpointAuthMethod: (p.tokenEndpointAuthMethod ?? p.token_endpoint_auth_method),
+                    responseType: (p.responseType ?? p.response_type),
+                    grantType: (p.grantType ?? p.grant_type),
+                };
+            }
+            // Build OAuthConfig object
+            // Extract configuredProvider from API response - this indicates which provider
+            // the user has actually configured in AgentShield dashboard
+            const configuredProvider = result.data.configuredProvider ?? result.data.configured_provider ?? null;
+            const config = {
+                providers,
+                configuredProvider,
+            };
+            // Cache config
+            await this.config.cache.set(projectId, config, this.config.cacheTtl);
+            this.config.logger("[OAuthConfigService] Config fetched and cached", {
+                projectId,
+                providerCount: Object.keys(providers).length,
+                providers: Object.keys(providers),
+                configuredProvider,
+                expiresAt: new Date(Date.now() + this.config.cacheTtl).toISOString(),
+            });
+            return config;
+        }
+        catch (error) {
+            this.config.logger("[OAuthConfigService] API fetch failed", {
+                projectId,
+                error: error instanceof Error ? error.message : String(error),
+            });
+            throw error;
+        }
+    }
+    /**
+     * Clear cached config for a project
+     *
+     * @param projectId - Project ID to clear cache for
+     */
+    async clearCache(projectId) {
+        await this.config.cache.delete(projectId);
+        this.config.logger("[OAuthConfigService] Cache cleared", { projectId });
+    }
+    /**
+     * Clear all cached configs
+     */
+    async clearAllCache() {
+        await this.config.cache.clear();
+        this.config.logger("[OAuthConfigService] All cache cleared");
+    }
+}
+exports.OAuthConfigService = OAuthConfigService;
+//# sourceMappingURL=oauth-config.service.js.map

package/dist/services/oauth-config.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-config.service.js","sourceRoot":"","sources":["../../src/services/oauth-config.service.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAKH,0EAA0E;AAsB1E;;GAEG;AACH,MAAa,kBAAkB;IACrB,MAAM,CAGZ;IAEF,YAAY,MAAgC;QAC1C,IAAI,CAAC,MAAM,GAAG;YACZ,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,oBAAoB;YAChE,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;YACnC,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,IAAI,gDAAwB,EAAE;SACtD,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,cAAc,CAAC,SAAiB;QACpC,cAAc;QACd,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACtD,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,gCAAgC,EAAE;gBACnD,SAAS;aACV,CAAC,CAAC;YACH,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,6BAA6B;QAC7B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,4BAA4B,kBAAkB,CAAC,SAAS,CAAC,YAAY,CAAC;QAExG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,+CAA+C,EAAE;YAClE,SAAS;YACT,GAAG;SACJ,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,EAAE;gBAC1D,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;oBAC7C,cAAc,EAAE,kBAAkB;iBACnC;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,CAAC;gBACrE,MAAM,IAAI,KAAK,CACb,iCAAiC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,MAAM,SAAS,EAAE,CACzF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAMjC,CAAC;YAEF,8BAA8B;YAC9B,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACpC,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;YACzE,CAAC;YAED,6DAA6D;YAC7D,2FAA2F;YAC3F,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC;YACjD,IAAI,OAAO,YAAY,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;gBACpE,MAAM,IAAI,KAAK,CACb,iEAAiE,CAClE,CAAC;YACJ,CAAC;YAED,0DAA0D;YAC1D,MAAM,SAAS,GAAkC,EAAE,CAAC;YACpD,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;gBACvD,MAAM,CAAC,GAAG,GAA8B,CAAC;gBACzC,SAAS,CAAC,IAAI,CAAC,GAAG;oBAChB,QAAQ,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,SAAS,IAAI,EAAE,CAAW;oBACrD,YAAY,EAAE,CAAC,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,aAAa,IAAI,IAAI,CAAkB;oBAC1E,gBAAgB,EAAE,CAAC,CAAC,CAAC,gBAAgB,IAAI,CAAC,CAAC,iBAAiB,IAAI,EAAE,CAAW;oBAC7E,QAAQ,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,SAAS,IAAI,EAAE,CAAW;oBACrD,WAAW,EAAE,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,aAAa,CAAuB;oBACrE,YAAY,EAAE,CAAC,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,aAAa,IAAI,KAAK,CAAY;oBACrE,oBAAoB,EAAE,CAAC,CAAC,CAAC,oBAAoB,IAAI,CAAC,CAAC,sBAAsB,IAAI,IAAI,CAAY;oBAC7F,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAa;oBACpC,aAAa,EAAE,CAAC,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,cAAc,CAAyB;oBAC5E,SAAS,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,IAAI,KAAK,CAAY;oBAC5D,YAAY,EAAE,CAAC,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,aAAa,CAAuC;oBACvF,uBAAuB,EAAE,CAAC,CAAC,CAAC,uBAAuB,IAAI,CAAC,CAAC,0BAA0B,CAA6D;oBAChJ,YAAY,EAAE,CAAC,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,aAAa,CAAuB;oBACvE,SAAS,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,UAAU,CAAuB;iBAC/D,CAAC;YACJ,CAAC;YAED,2BAA2B;YAC3B,+EAA+E;YAC/E,4DAA4D;YAC5D,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,IAAK,MAAM,CAAC,IAAY,CAAC,mBAAmB,IAAI,IAAI,CAAC;YAC9G,MAAM,MAAM,GAAgB;gBAC1B,SAAS;gBACT,kBAAkB;aACnB,CAAC;YAEF,eAAe;YACf,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAErE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,gDAAgD,EAAE;gBACnE,SAAS;gBACT,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM;gBAC5C,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;gBACjC,kBAAkB;gBAClB,SAAS,EAAE,IAAI,IAAI,CACjB,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAClC,CAAC,WAAW,EAAE;aAChB,CAAC,CAAC;YAEH,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,uCAAuC,EAAE;gBAC1D,SAAS;gBACT,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,UAAU,CAAC,SAAiB;QAChC,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,oCAAoC,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QACjB,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QAChC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,wCAAwC,CAAC,CAAC;IAC/D,CAAC;CACF;AAzJD,gDAyJC"}

package/dist/services/oauth-provider-registry.d.ts

@@ -0,0 +1,88 @@
+/**
+ * OAuth Provider Registry
+ *
+ * Manages OAuth provider configurations loaded from AgentShield API.
+ * Provides efficient lookup and caching of provider configurations.
+ *
+ * @package @kya-os/mcp-i-core
+ */
+import type { OAuthProvider } from "@kya-os/contracts/config";
+import type { OAuthConfigService } from "./oauth-config.service.js";
+import type { ProviderValidator } from "./provider-validator.js";
+/**
+ * Registry for OAuth providers
+ *
+ * Wraps OAuthConfigService to provide a simple lookup interface
+ * for provider configurations.
+ */
+export declare class OAuthProviderRegistry {
+    private configService;
+    private validator?;
+    private providers;
+    private _configuredProvider;
+    constructor(configService: OAuthConfigService, validator?: ProviderValidator | undefined);
+    /**
+     * Load providers from AgentShield API
+     *
+     * Fetches OAuth configuration and caches providers in memory.
+     * Clears existing providers before loading new ones.
+     * Also stores the configured provider from the API response.
+     *
+     * @param projectId - Project ID to load providers for
+     */
+    loadFromAgentShield(projectId: string): Promise<void>;
+    /**
+     * Get the explicitly configured provider for this project
+     *
+     * Returns the provider that the user has configured in AgentShield dashboard.
+     * Used by ProviderResolver as fallback when tool doesn't specify oauthProvider.
+     *
+     * @returns Configured provider name, or null if no provider is configured
+     */
+    getConfiguredProvider(): string | null;
+    /**
+     * Get provider by name
+     *
+     * @param name - Provider name (e.g., "github", "google")
+     * @returns Provider configuration or null if not found
+     */
+    getProvider(name: string): OAuthProvider | null;
+    /**
+     * Get all providers
+     *
+     * @returns Array of all registered provider configurations
+     */
+    getAllProviders(): OAuthProvider[];
+    /**
+     * Check if provider exists
+     *
+     * @param name - Provider name to check
+     * @returns True if provider is registered, false otherwise
+     */
+    hasProvider(name: string): boolean;
+    /**
+     * Get all provider names
+     *
+     * @returns Array of provider names
+     */
+    getProviderNames(): string[];
+    /**
+     * Register a custom provider with validation
+     *
+     * @param name - Provider name (e.g., "custom-idp")
+     * @param provider - Provider configuration
+     * @throws ProviderValidationError if validation fails
+     */
+    registerCustomProvider(name: string, provider: OAuthProvider): void;
+    /**
+     * Get provider with custom parameters merged
+     *
+     * Convenience method that returns provider config with custom parameters
+     * already applied to authorization URL building context.
+     *
+     * @param name - Provider name
+     * @returns Provider configuration with custom params, or null if not found
+     */
+    getProviderWithParams(name: string): OAuthProvider | null;
+}
+//# sourceMappingURL=oauth-provider-registry.d.ts.map

package/dist/services/oauth-provider-registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-provider-registry.d.ts","sourceRoot":"","sources":["../../src/services/oauth-provider-registry.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAEjE;;;;;GAKG;AACH,qBAAa,qBAAqB;IAK9B,OAAO,CAAC,aAAa;IACrB,OAAO,CAAC,SAAS,CAAC;IALpB,OAAO,CAAC,SAAS,CAAyC;IAC1D,OAAO,CAAC,mBAAmB,CAAuB;gBAGxC,aAAa,EAAE,kBAAkB,EACjC,SAAS,CAAC,EAAE,iBAAiB,YAAA;IAGvC;;;;;;;;OAQG;IACG,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAgB3D;;;;;;;OAOG;IACH,qBAAqB,IAAI,MAAM,GAAG,IAAI;IAItC;;;;;OAKG;IACH,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI;IAI/C;;;;OAIG;IACH,eAAe,IAAI,aAAa,EAAE;IAIlC;;;;;OAKG;IACH,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIlC;;;;OAIG;IACH,gBAAgB,IAAI,MAAM,EAAE;IAI5B;;;;;;OAMG;IACH,sBAAsB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,GAAG,IAAI;IAUnE;;;;;;;;OAQG;IACH,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI;CAU1D"}