@kya-os/mcp-i-core 1.3.7-canary.0 → 1.3.7-canary.clientinfo.20251126041014
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build.log +4 -0
- package/.turbo/turbo-test$colon$coverage.log +4239 -0
- package/.turbo/turbo-test.log +2973 -0
- package/COMPLIANCE_IMPROVEMENT_REPORT.md +483 -0
- package/Composer 3.md +615 -0
- package/GPT-5.md +1169 -0
- package/OPUS-plan.md +352 -0
- package/PHASE_3_AND_4.1_SUMMARY.md +585 -0
- package/PHASE_3_SUMMARY.md +317 -0
- package/PHASE_4.1.3_SUMMARY.md +428 -0
- package/PHASE_4.1_COMPLETE.md +525 -0
- package/PHASE_4_USER_DID_IDENTITY_LINKING_PLAN.md +1240 -0
- package/SCHEMA_COMPLIANCE_REPORT.md +275 -0
- package/TEST_PLAN.md +571 -0
- package/coverage/coverage-final.json +57 -0
- package/dist/__tests__/utils/mock-providers.d.ts +1 -2
- package/dist/__tests__/utils/mock-providers.d.ts.map +1 -1
- package/dist/__tests__/utils/mock-providers.js.map +1 -1
- package/dist/cache/oauth-config-cache.d.ts +69 -0
- package/dist/cache/oauth-config-cache.d.ts.map +1 -0
- package/dist/cache/oauth-config-cache.js +76 -0
- package/dist/cache/oauth-config-cache.js.map +1 -0
- package/dist/identity/idp-token-resolver.d.ts +53 -0
- package/dist/identity/idp-token-resolver.d.ts.map +1 -0
- package/dist/identity/idp-token-resolver.js +108 -0
- package/dist/identity/idp-token-resolver.js.map +1 -0
- package/dist/identity/idp-token-storage.interface.d.ts +42 -0
- package/dist/identity/idp-token-storage.interface.d.ts.map +1 -0
- package/dist/identity/idp-token-storage.interface.js +12 -0
- package/dist/identity/idp-token-storage.interface.js.map +1 -0
- package/dist/identity/user-did-manager.d.ts +39 -1
- package/dist/identity/user-did-manager.d.ts.map +1 -1
- package/dist/identity/user-did-manager.js +69 -3
- package/dist/identity/user-did-manager.js.map +1 -1
- package/dist/index.d.ts +24 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +43 -1
- package/dist/index.js.map +1 -1
- package/dist/runtime/audit-logger.d.ts +37 -0
- package/dist/runtime/audit-logger.d.ts.map +1 -0
- package/dist/runtime/audit-logger.js +9 -0
- package/dist/runtime/audit-logger.js.map +1 -0
- package/dist/runtime/base.d.ts +19 -2
- package/dist/runtime/base.d.ts.map +1 -1
- package/dist/runtime/base.js +227 -11
- package/dist/runtime/base.js.map +1 -1
- package/dist/services/access-control.service.d.ts.map +1 -1
- package/dist/services/access-control.service.js +199 -15
- package/dist/services/access-control.service.js.map +1 -1
- package/dist/services/authorization/authorization-registry.d.ts +29 -0
- package/dist/services/authorization/authorization-registry.d.ts.map +1 -0
- package/dist/services/authorization/authorization-registry.js +57 -0
- package/dist/services/authorization/authorization-registry.js.map +1 -0
- package/dist/services/authorization/types.d.ts +53 -0
- package/dist/services/authorization/types.d.ts.map +1 -0
- package/dist/services/authorization/types.js +10 -0
- package/dist/services/authorization/types.js.map +1 -0
- package/dist/services/batch-delegation.service.d.ts +53 -0
- package/dist/services/batch-delegation.service.d.ts.map +1 -0
- package/dist/services/batch-delegation.service.js +95 -0
- package/dist/services/batch-delegation.service.js.map +1 -0
- package/dist/services/index.d.ts +2 -0
- package/dist/services/index.d.ts.map +1 -1
- package/dist/services/index.js +4 -1
- package/dist/services/index.js.map +1 -1
- package/dist/services/oauth-config.service.d.ts +53 -0
- package/dist/services/oauth-config.service.d.ts.map +1 -0
- package/dist/services/oauth-config.service.js +141 -0
- package/dist/services/oauth-config.service.js.map +1 -0
- package/dist/services/oauth-provider-registry.d.ts +88 -0
- package/dist/services/oauth-provider-registry.d.ts.map +1 -0
- package/dist/services/oauth-provider-registry.js +128 -0
- package/dist/services/oauth-provider-registry.js.map +1 -0
- package/dist/services/oauth-service.d.ts +77 -0
- package/dist/services/oauth-service.d.ts.map +1 -0
- package/dist/services/oauth-service.js +373 -0
- package/dist/services/oauth-service.js.map +1 -0
- package/dist/services/oauth-token-retrieval.service.d.ts +49 -0
- package/dist/services/oauth-token-retrieval.service.d.ts.map +1 -0
- package/dist/services/oauth-token-retrieval.service.js +150 -0
- package/dist/services/oauth-token-retrieval.service.js.map +1 -0
- package/dist/services/provider-resolver.d.ts +48 -0
- package/dist/services/provider-resolver.d.ts.map +1 -0
- package/dist/services/provider-resolver.js +121 -0
- package/dist/services/provider-resolver.js.map +1 -0
- package/dist/services/provider-validator.d.ts +55 -0
- package/dist/services/provider-validator.d.ts.map +1 -0
- package/dist/services/provider-validator.js +135 -0
- package/dist/services/provider-validator.js.map +1 -0
- package/dist/services/session-registration.service.d.ts +80 -0
- package/dist/services/session-registration.service.d.ts.map +1 -0
- package/dist/services/session-registration.service.js +228 -0
- package/dist/services/session-registration.service.js.map +1 -0
- package/dist/services/tool-context-builder.d.ts +57 -0
- package/dist/services/tool-context-builder.d.ts.map +1 -0
- package/dist/services/tool-context-builder.js +125 -0
- package/dist/services/tool-context-builder.js.map +1 -0
- package/dist/services/tool-protection.service.d.ts +27 -0
- package/dist/services/tool-protection.service.d.ts.map +1 -1
- package/dist/services/tool-protection.service.js +194 -4
- package/dist/services/tool-protection.service.js.map +1 -1
- package/dist/types/oauth-required-error.d.ts +40 -0
- package/dist/types/oauth-required-error.d.ts.map +1 -0
- package/dist/types/oauth-required-error.js +40 -0
- package/dist/types/oauth-required-error.js.map +1 -0
- package/dist/utils/did-helpers.d.ts +33 -0
- package/dist/utils/did-helpers.d.ts.map +1 -1
- package/dist/utils/did-helpers.js +40 -0
- package/dist/utils/did-helpers.js.map +1 -1
- package/dist/utils/index.d.ts +1 -0
- package/dist/utils/index.d.ts.map +1 -1
- package/dist/utils/index.js +1 -0
- package/dist/utils/index.js.map +1 -1
- package/docs/API_REFERENCE.md +1362 -0
- package/docs/COMPLIANCE_MATRIX.md +691 -0
- package/docs/STATUSLIST2021_GUIDE.md +696 -0
- package/docs/W3C_VC_DELEGATION_GUIDE.md +710 -0
- package/package.json +23 -54
- package/scripts/audit-compliance.ts +724 -0
- package/src/__tests__/cache/tool-protection-cache.test.ts +640 -0
- package/src/__tests__/config/provider-runtime-config.test.ts +309 -0
- package/src/__tests__/delegation-e2e.test.ts +690 -0
- package/src/__tests__/identity/user-did-manager.test.ts +213 -0
- package/src/__tests__/index.test.ts +56 -0
- package/src/__tests__/integration/full-flow.test.ts +776 -0
- package/src/__tests__/integration.test.ts +281 -0
- package/src/__tests__/providers/base.test.ts +173 -0
- package/src/__tests__/providers/memory.test.ts +319 -0
- package/src/__tests__/regression/phase2-regression.test.ts +429 -0
- package/src/__tests__/runtime/audit-logger.test.ts +154 -0
- package/src/__tests__/runtime/base-extensions.test.ts +593 -0
- package/src/__tests__/runtime/base.test.ts +869 -0
- package/src/__tests__/runtime/delegation-flow.test.ts +164 -0
- package/src/__tests__/runtime/proof-client-did.test.ts +375 -0
- package/src/__tests__/runtime/route-interception.test.ts +686 -0
- package/src/__tests__/runtime/tool-protection-enforcement.test.ts +908 -0
- package/src/__tests__/services/agentshield-integration.test.ts +784 -0
- package/src/__tests__/services/cache-busting.test.ts +125 -0
- package/src/__tests__/services/oauth-service-pkce.test.ts +556 -0
- package/src/__tests__/services/provider-resolver-edge-cases.test.ts +591 -0
- package/src/__tests__/services/tool-protection-oauth-provider.test.ts +480 -0
- package/src/__tests__/services/tool-protection.service.test.ts +1366 -0
- package/src/__tests__/utils/mock-providers.ts +340 -0
- package/src/cache/oauth-config-cache.d.ts +69 -0
- package/src/cache/oauth-config-cache.d.ts.map +1 -0
- package/src/cache/oauth-config-cache.js.map +1 -0
- package/src/cache/oauth-config-cache.ts +123 -0
- package/src/cache/tool-protection-cache.ts +171 -0
- package/src/compliance/EXAMPLE.md +412 -0
- package/src/compliance/__tests__/schema-verifier.test.ts +797 -0
- package/src/compliance/index.ts +8 -0
- package/src/compliance/schema-registry.ts +460 -0
- package/src/compliance/schema-verifier.ts +708 -0
- package/src/config/__tests__/remote-config.spec.ts +268 -0
- package/src/config/remote-config.ts +174 -0
- package/src/config.ts +309 -0
- package/src/delegation/__tests__/audience-validator.test.ts +112 -0
- package/src/delegation/__tests__/bitstring.test.ts +346 -0
- package/src/delegation/__tests__/cascading-revocation.test.ts +628 -0
- package/src/delegation/__tests__/delegation-graph.test.ts +584 -0
- package/src/delegation/__tests__/utils.test.ts +152 -0
- package/src/delegation/__tests__/vc-issuer.test.ts +442 -0
- package/src/delegation/__tests__/vc-verifier.test.ts +922 -0
- package/src/delegation/audience-validator.ts +52 -0
- package/src/delegation/bitstring.ts +278 -0
- package/src/delegation/cascading-revocation.ts +370 -0
- package/src/delegation/delegation-graph.ts +299 -0
- package/src/delegation/index.ts +14 -0
- package/src/delegation/statuslist-manager.ts +353 -0
- package/src/delegation/storage/__tests__/memory-graph-storage.test.ts +366 -0
- package/src/delegation/storage/__tests__/memory-statuslist-storage.test.ts +228 -0
- package/src/delegation/storage/index.ts +9 -0
- package/src/delegation/storage/memory-graph-storage.ts +178 -0
- package/src/delegation/storage/memory-statuslist-storage.ts +77 -0
- package/src/delegation/utils.ts +42 -0
- package/src/delegation/vc-issuer.ts +232 -0
- package/src/delegation/vc-verifier.ts +568 -0
- package/src/identity/idp-token-resolver.ts +147 -0
- package/src/identity/idp-token-storage.interface.ts +59 -0
- package/src/identity/user-did-manager.ts +370 -0
- package/src/index.ts +271 -0
- package/src/providers/base.d.ts +91 -0
- package/src/providers/base.d.ts.map +1 -0
- package/src/providers/base.js.map +1 -0
- package/src/providers/base.ts +96 -0
- package/src/providers/memory.ts +142 -0
- package/src/runtime/audit-logger.ts +39 -0
- package/src/runtime/base.ts +1329 -0
- package/src/services/__tests__/access-control.integration.test.ts +443 -0
- package/src/services/__tests__/access-control.proof-response-validation.test.ts +578 -0
- package/src/services/__tests__/access-control.service.test.ts +970 -0
- package/src/services/__tests__/batch-delegation.service.test.ts +351 -0
- package/src/services/__tests__/crypto.service.test.ts +531 -0
- package/src/services/__tests__/oauth-provider-registry.test.ts +142 -0
- package/src/services/__tests__/proof-verifier.integration.test.ts +485 -0
- package/src/services/__tests__/proof-verifier.test.ts +489 -0
- package/src/services/__tests__/provider-resolution.integration.test.ts +202 -0
- package/src/services/__tests__/provider-resolver.test.ts +213 -0
- package/src/services/__tests__/storage.service.test.ts +358 -0
- package/src/services/access-control.service.ts +990 -0
- package/src/services/authorization/authorization-registry.ts +66 -0
- package/src/services/authorization/types.ts +71 -0
- package/src/services/batch-delegation.service.ts +137 -0
- package/src/services/crypto.service.ts +302 -0
- package/src/services/errors.ts +76 -0
- package/src/services/index.ts +18 -0
- package/src/services/oauth-config.service.d.ts +53 -0
- package/src/services/oauth-config.service.d.ts.map +1 -0
- package/src/services/oauth-config.service.js.map +1 -0
- package/src/services/oauth-config.service.ts +192 -0
- package/src/services/oauth-provider-registry.d.ts +57 -0
- package/src/services/oauth-provider-registry.d.ts.map +1 -0
- package/src/services/oauth-provider-registry.js.map +1 -0
- package/src/services/oauth-provider-registry.ts +141 -0
- package/src/services/oauth-service.ts +544 -0
- package/src/services/oauth-token-retrieval.service.ts +245 -0
- package/src/services/proof-verifier.ts +478 -0
- package/src/services/provider-resolver.d.ts +48 -0
- package/src/services/provider-resolver.d.ts.map +1 -0
- package/src/services/provider-resolver.js.map +1 -0
- package/src/services/provider-resolver.ts +146 -0
- package/src/services/provider-validator.ts +170 -0
- package/src/services/session-registration.service.ts +317 -0
- package/src/services/storage.service.ts +566 -0
- package/src/services/tool-context-builder.ts +172 -0
- package/src/services/tool-protection.service.ts +982 -0
- package/src/types/oauth-required-error.ts +63 -0
- package/src/types/tool-protection.ts +155 -0
- package/src/utils/__tests__/did-helpers.test.ts +101 -0
- package/src/utils/base64.ts +148 -0
- package/src/utils/cors.ts +83 -0
- package/src/utils/did-helpers.ts +150 -0
- package/src/utils/index.ts +8 -0
- package/src/utils/storage-keys.ts +278 -0
- package/tsconfig.json +21 -0
- package/vitest.config.ts +56 -0
|
@@ -0,0 +1,228 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Session Registration Service
|
|
4
|
+
*
|
|
5
|
+
* Registers MCP sessions with the AgentShield dashboard, enabling
|
|
6
|
+
* visibility into which MCP clients are connecting to agents.
|
|
7
|
+
*
|
|
8
|
+
* This is a fire-and-forget service - session registration should not
|
|
9
|
+
* block tool execution or affect the user experience.
|
|
10
|
+
*
|
|
11
|
+
* @package @kya-os/mcp-i-core
|
|
12
|
+
*/
|
|
13
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
14
|
+
exports.SessionRegistrationService = void 0;
|
|
15
|
+
exports.createSessionRegistrationService = createSessionRegistrationService;
|
|
16
|
+
const agentshield_api_1 = require("@kya-os/contracts/agentshield-api");
|
|
17
|
+
/**
|
|
18
|
+
* Session Registration Service
|
|
19
|
+
*
|
|
20
|
+
* Registers MCP sessions with AgentShield for dashboard visibility.
|
|
21
|
+
* Designed to be non-blocking - failures are logged but don't throw.
|
|
22
|
+
*/
|
|
23
|
+
class SessionRegistrationService {
|
|
24
|
+
config;
|
|
25
|
+
constructor(config) {
|
|
26
|
+
this.config = {
|
|
27
|
+
baseUrl: config.baseUrl,
|
|
28
|
+
apiKey: config.apiKey,
|
|
29
|
+
fetchProvider: config.fetchProvider,
|
|
30
|
+
logger: config.logger || (() => { }),
|
|
31
|
+
timeoutMs: config.timeoutMs ?? 5000,
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Register a session with AgentShield
|
|
36
|
+
*
|
|
37
|
+
* This is a fire-and-forget operation. Failures are logged but don't throw.
|
|
38
|
+
* The method returns quickly and doesn't block the caller.
|
|
39
|
+
*
|
|
40
|
+
* @param request - Session registration request data
|
|
41
|
+
* @returns Result indicating success or failure
|
|
42
|
+
*/
|
|
43
|
+
async registerSession(request) {
|
|
44
|
+
const sessionId = request.session_id;
|
|
45
|
+
try {
|
|
46
|
+
// Validate request
|
|
47
|
+
const validationResult = agentshield_api_1.registerSessionRequestSchema.safeParse(request);
|
|
48
|
+
if (!validationResult.success) {
|
|
49
|
+
const errorMsg = `Invalid session registration request: ${validationResult.error.message}`;
|
|
50
|
+
this.config.logger("[SessionRegistration] Validation failed", {
|
|
51
|
+
sessionId,
|
|
52
|
+
error: errorMsg,
|
|
53
|
+
});
|
|
54
|
+
return { success: false, sessionId, error: errorMsg };
|
|
55
|
+
}
|
|
56
|
+
const url = `${this.config.baseUrl}${agentshield_api_1.AGENTSHIELD_ENDPOINTS.SESSIONS}`;
|
|
57
|
+
this.config.logger("[SessionRegistration] Registering session", {
|
|
58
|
+
sessionId,
|
|
59
|
+
agentDid: request.agent_did,
|
|
60
|
+
clientName: request.client_info.name,
|
|
61
|
+
url,
|
|
62
|
+
});
|
|
63
|
+
// ✅ EMPIRICAL PROOF: Prepare request headers with correct auth format
|
|
64
|
+
const requestHeaders = {
|
|
65
|
+
"Content-Type": "application/json",
|
|
66
|
+
"X-AgentShield-Key": this.config.apiKey, // Fixed: Use X-AgentShield-Key instead of Authorization: Bearer
|
|
67
|
+
};
|
|
68
|
+
// ✅ EMPIRICAL PROOF: Log exact request details (sanitized for security)
|
|
69
|
+
const sanitizedHeaders = {
|
|
70
|
+
...requestHeaders,
|
|
71
|
+
"X-AgentShield-Key": `${this.config.apiKey.slice(0, 8)}...${this.config.apiKey.slice(-4)}`, // Show first 8 and last 4 chars
|
|
72
|
+
};
|
|
73
|
+
const sanitizedBody = {
|
|
74
|
+
session_id: request.session_id,
|
|
75
|
+
agent_did: request.agent_did,
|
|
76
|
+
project_id: request.project_id,
|
|
77
|
+
created_at: request.created_at,
|
|
78
|
+
client_info: request.client_info,
|
|
79
|
+
client_identity: request.client_identity,
|
|
80
|
+
server_did: request.server_did,
|
|
81
|
+
ttl_minutes: request.ttl_minutes,
|
|
82
|
+
};
|
|
83
|
+
this.config.logger("[SessionRegistration] 🔍 EMPIRICAL DEBUG - Request details", {
|
|
84
|
+
url,
|
|
85
|
+
method: "POST",
|
|
86
|
+
headers: sanitizedHeaders,
|
|
87
|
+
headerKeys: Object.keys(requestHeaders),
|
|
88
|
+
authHeaderPresent: !!requestHeaders["X-AgentShield-Key"],
|
|
89
|
+
authHeaderName: "X-AgentShield-Key",
|
|
90
|
+
body: sanitizedBody,
|
|
91
|
+
bodySize: JSON.stringify(request).length,
|
|
92
|
+
});
|
|
93
|
+
// Make the request with timeout
|
|
94
|
+
const controller = new AbortController();
|
|
95
|
+
const timeoutId = setTimeout(() => controller.abort(), this.config.timeoutMs);
|
|
96
|
+
try {
|
|
97
|
+
const response = await this.config.fetchProvider.fetch(url, {
|
|
98
|
+
method: "POST",
|
|
99
|
+
headers: requestHeaders,
|
|
100
|
+
body: JSON.stringify(request),
|
|
101
|
+
signal: controller.signal,
|
|
102
|
+
});
|
|
103
|
+
clearTimeout(timeoutId);
|
|
104
|
+
// ✅ EMPIRICAL PROOF: Capture exact response details
|
|
105
|
+
const responseHeaders = {};
|
|
106
|
+
response.headers.forEach((value, key) => {
|
|
107
|
+
responseHeaders[key] = value;
|
|
108
|
+
});
|
|
109
|
+
const responseText = await response
|
|
110
|
+
.text()
|
|
111
|
+
.catch(() => "Failed to read response");
|
|
112
|
+
let responseBody;
|
|
113
|
+
try {
|
|
114
|
+
responseBody = JSON.parse(responseText);
|
|
115
|
+
}
|
|
116
|
+
catch {
|
|
117
|
+
responseBody = responseText;
|
|
118
|
+
}
|
|
119
|
+
// ✅ EMPIRICAL PROOF: Log exact response details
|
|
120
|
+
this.config.logger("[SessionRegistration] 🔍 EMPIRICAL DEBUG - Response details", {
|
|
121
|
+
status: response.status,
|
|
122
|
+
statusText: response.statusText,
|
|
123
|
+
ok: response.ok,
|
|
124
|
+
headers: responseHeaders,
|
|
125
|
+
body: responseBody,
|
|
126
|
+
bodyLength: responseText.length,
|
|
127
|
+
clientName: request.client_info.name,
|
|
128
|
+
});
|
|
129
|
+
if (!response.ok) {
|
|
130
|
+
// Log error but don't throw - this is fire-and-forget
|
|
131
|
+
this.config.logger("[SessionRegistration] Registration failed", {
|
|
132
|
+
sessionId,
|
|
133
|
+
status: response.status,
|
|
134
|
+
error: responseText,
|
|
135
|
+
// ✅ EMPIRICAL PROOF: Include full response details
|
|
136
|
+
responseHeaders,
|
|
137
|
+
responseBody,
|
|
138
|
+
clientName: request.client_info.name,
|
|
139
|
+
});
|
|
140
|
+
return {
|
|
141
|
+
success: false,
|
|
142
|
+
sessionId,
|
|
143
|
+
error: `HTTP ${response.status}: ${responseText}`,
|
|
144
|
+
};
|
|
145
|
+
}
|
|
146
|
+
// Parse response (using already-captured responseBody)
|
|
147
|
+
const responseData = responseBody;
|
|
148
|
+
const parseResult = agentshield_api_1.registerSessionResponseSchema.safeParse(responseData.data ||
|
|
149
|
+
responseData);
|
|
150
|
+
if (!parseResult.success) {
|
|
151
|
+
this.config.logger("[SessionRegistration] Invalid response format", {
|
|
152
|
+
sessionId,
|
|
153
|
+
response: responseData,
|
|
154
|
+
});
|
|
155
|
+
// Still consider it a success if we got a 200 OK
|
|
156
|
+
return { success: true, sessionId };
|
|
157
|
+
}
|
|
158
|
+
this.config.logger("[SessionRegistration] Session registered", {
|
|
159
|
+
sessionId,
|
|
160
|
+
registered: parseResult.data.registered,
|
|
161
|
+
});
|
|
162
|
+
return { success: true, sessionId };
|
|
163
|
+
}
|
|
164
|
+
finally {
|
|
165
|
+
clearTimeout(timeoutId);
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
catch (error) {
|
|
169
|
+
// Handle abort/timeout
|
|
170
|
+
if (error instanceof Error && error.name === "AbortError") {
|
|
171
|
+
this.config.logger("[SessionRegistration] Request timed out", {
|
|
172
|
+
sessionId,
|
|
173
|
+
timeoutMs: this.config.timeoutMs,
|
|
174
|
+
});
|
|
175
|
+
return { success: false, sessionId, error: "Request timed out" };
|
|
176
|
+
}
|
|
177
|
+
// Log any other error
|
|
178
|
+
const errorMsg = error instanceof Error ? error.message : "Unknown error";
|
|
179
|
+
this.config.logger("[SessionRegistration] Unexpected error", {
|
|
180
|
+
sessionId,
|
|
181
|
+
error: errorMsg,
|
|
182
|
+
});
|
|
183
|
+
return { success: false, sessionId, error: errorMsg };
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
/**
|
|
187
|
+
* Fire-and-forget session registration
|
|
188
|
+
*
|
|
189
|
+
* Starts registration in the background without waiting for completion.
|
|
190
|
+
* Useful when you want to register a session but not delay the response.
|
|
191
|
+
*
|
|
192
|
+
* @param request - Session registration request data
|
|
193
|
+
*/
|
|
194
|
+
registerSessionAsync(request) {
|
|
195
|
+
// Start registration in background - don't await
|
|
196
|
+
this.registerSession(request).catch((error) => {
|
|
197
|
+
// This should never happen since registerSession catches all errors,
|
|
198
|
+
// but just in case
|
|
199
|
+
this.config.logger("[SessionRegistration] Background registration failed", {
|
|
200
|
+
sessionId: request.session_id,
|
|
201
|
+
error: error instanceof Error ? error.message : "Unknown error",
|
|
202
|
+
});
|
|
203
|
+
});
|
|
204
|
+
}
|
|
205
|
+
}
|
|
206
|
+
exports.SessionRegistrationService = SessionRegistrationService;
|
|
207
|
+
/**
|
|
208
|
+
* Create a session registration service from common runtime config
|
|
209
|
+
*
|
|
210
|
+
* Helper function to create the service from typical environment config.
|
|
211
|
+
*/
|
|
212
|
+
function createSessionRegistrationService(options) {
|
|
213
|
+
// Validate required config
|
|
214
|
+
if (!options.apiUrl || !options.apiKey) {
|
|
215
|
+
options.logger?.("[SessionRegistration] Missing required config - session registration disabled", {
|
|
216
|
+
hasApiUrl: !!options.apiUrl,
|
|
217
|
+
hasApiKey: !!options.apiKey,
|
|
218
|
+
});
|
|
219
|
+
return null;
|
|
220
|
+
}
|
|
221
|
+
return new SessionRegistrationService({
|
|
222
|
+
baseUrl: options.apiUrl,
|
|
223
|
+
apiKey: options.apiKey,
|
|
224
|
+
fetchProvider: options.fetchProvider,
|
|
225
|
+
logger: options.logger,
|
|
226
|
+
});
|
|
227
|
+
}
|
|
228
|
+
//# sourceMappingURL=session-registration.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"session-registration.service.js","sourceRoot":"","sources":["../../src/services/session-registration.service.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AA0RH,4EAwBC;AA5SD,uEAI2C;AAmC3C;;;;;GAKG;AACH,MAAa,0BAA0B;IAC7B,MAAM,CAKZ;IAEF,YAAY,MAAwC;QAClD,IAAI,CAAC,MAAM,GAAG;YACZ,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;YACnC,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI;SACpC,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,eAAe,CACnB,OAA+B;QAE/B,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC;QAErC,IAAI,CAAC;YACH,mBAAmB;YACnB,MAAM,gBAAgB,GAAG,8CAA4B,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YACzE,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC;gBAC9B,MAAM,QAAQ,GAAG,yCAAyC,gBAAgB,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;gBAC3F,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,yCAAyC,EAAE;oBAC5D,SAAS;oBACT,KAAK,EAAE,QAAQ;iBAChB,CAAC,CAAC;gBACH,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;YACxD,CAAC;YAED,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,GAAG,uCAAqB,CAAC,QAAQ,EAAE,CAAC;YAEtE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,2CAA2C,EAAE;gBAC9D,SAAS;gBACT,QAAQ,EAAE,OAAO,CAAC,SAAS;gBAC3B,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,IAAI;gBACpC,GAAG;aACJ,CAAC,CAAC;YAEH,sEAAsE;YACtE,MAAM,cAAc,GAAG;gBACrB,cAAc,EAAE,kBAAkB;gBAClC,mBAAmB,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,gEAAgE;aAC1G,CAAC;YAEF,wEAAwE;YACxE,MAAM,gBAAgB,GAAG;gBACvB,GAAG,cAAc;gBACjB,mBAAmB,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,gCAAgC;aAC7H,CAAC;YAEF,MAAM,aAAa,GAAG;gBACpB,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC;YAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAChB,4DAA4D,EAC5D;gBACE,GAAG;gBACH,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,gBAAgB;gBACzB,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC;gBACvC,iBAAiB,EAAE,CAAC,CAAC,cAAc,CAAC,mBAAmB,CAAC;gBACxD,cAAc,EAAE,mBAAmB;gBACnC,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,MAAM;aACzC,CACF,CAAC;YAEF,gCAAgC;YAChC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,SAAS,GAAG,UAAU,CAC1B,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EACxB,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;YAEF,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,EAAE;oBAC1D,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,cAAc;oBACvB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;oBAC7B,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B,CAAC,CAAC;gBAEH,YAAY,CAAC,SAAS,CAAC,CAAC;gBAExB,oDAAoD;gBACpD,MAAM,eAAe,GAA2B,EAAE,CAAC;gBACnD,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;oBACtC,eAAe,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;gBAC/B,CAAC,CAAC,CAAC;gBAEH,MAAM,YAAY,GAAG,MAAM,QAAQ;qBAChC,IAAI,EAAE;qBACN,KAAK,CAAC,GAAG,EAAE,CAAC,yBAAyB,CAAC,CAAC;gBAC1C,IAAI,YAAqB,CAAC;gBAC1B,IAAI,CAAC;oBACH,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;gBAC1C,CAAC;gBAAC,MAAM,CAAC;oBACP,YAAY,GAAG,YAAY,CAAC;gBAC9B,CAAC;gBAED,gDAAgD;gBAChD,IAAI,CAAC,MAAM,CAAC,MAAM,CAChB,6DAA6D,EAC7D;oBACE,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;oBAC/B,EAAE,EAAE,QAAQ,CAAC,EAAE;oBACf,OAAO,EAAE,eAAe;oBACxB,IAAI,EAAE,YAAY;oBAClB,UAAU,EAAE,YAAY,CAAC,MAAM;oBAC/B,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,IAAI;iBACrC,CACF,CAAC;gBAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;oBACjB,sDAAsD;oBACtD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,2CAA2C,EAAE;wBAC9D,SAAS;wBACT,MAAM,EAAE,QAAQ,CAAC,MAAM;wBACvB,KAAK,EAAE,YAAY;wBACnB,mDAAmD;wBACnD,eAAe;wBACf,YAAY;wBACZ,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,IAAI;qBACrC,CAAC,CAAC;oBACH,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,SAAS;wBACT,KAAK,EAAE,QAAQ,QAAQ,CAAC,MAAM,KAAK,YAAY,EAAE;qBAClD,CAAC;gBACJ,CAAC;gBAED,uDAAuD;gBACvD,MAAM,YAAY,GAAG,YAEM,CAAC;gBAC5B,MAAM,WAAW,GAAG,+CAA6B,CAAC,SAAS,CACxD,YAAmD,CAAC,IAAI;oBACvD,YAAY,CACf,CAAC;gBAEF,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;oBACzB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,+CAA+C,EAAE;wBAClE,SAAS;wBACT,QAAQ,EAAE,YAAY;qBACvB,CAAC,CAAC;oBACH,iDAAiD;oBACjD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;gBACtC,CAAC;gBAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,0CAA0C,EAAE;oBAC7D,SAAS;oBACT,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,UAAU;iBACxC,CAAC,CAAC;gBAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;YACtC,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,SAAS,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,uBAAuB;YACvB,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC1D,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,yCAAyC,EAAE;oBAC5D,SAAS;oBACT,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;iBACjC,CAAC,CAAC;gBACH,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;YACnE,CAAC;YAED,sBAAsB;YACtB,MAAM,QAAQ,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC1E,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,wCAAwC,EAAE;gBAC3D,SAAS;gBACT,KAAK,EAAE,QAAQ;aAChB,CAAC,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,oBAAoB,CAAC,OAA+B;QAClD,iDAAiD;QACjD,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YAC5C,qEAAqE;YACrE,mBAAmB;YACnB,IAAI,CAAC,MAAM,CAAC,MAAM,CAChB,sDAAsD,EACtD;gBACE,SAAS,EAAE,OAAO,CAAC,UAAU;gBAC7B,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;aAChE,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAhOD,gEAgOC;AAED;;;;GAIG;AACH,SAAgB,gCAAgC,CAAC,OAKhD;IACC,2BAA2B;IAC3B,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QACvC,OAAO,CAAC,MAAM,EAAE,CACd,+EAA+E,EAC/E;YACE,SAAS,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM;YAC3B,SAAS,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM;SAC5B,CACF,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,IAAI,0BAA0B,CAAC;QACpC,OAAO,EAAE,OAAO,CAAC,MAAM;QACvB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Tool Context Builder
|
|
3
|
+
*
|
|
4
|
+
* Builds ToolExecutionContext for tool handlers by resolving IDP tokens
|
|
5
|
+
* based on tool protection configuration and user identity.
|
|
6
|
+
*
|
|
7
|
+
* @package @kya-os/mcp-i-core
|
|
8
|
+
*/
|
|
9
|
+
import type { ToolExecutionContext } from "@kya-os/contracts/config";
|
|
10
|
+
import type { IdpTokenResolver } from "../identity/idp-token-resolver.js";
|
|
11
|
+
import type { ToolProtection } from "../types/tool-protection.js";
|
|
12
|
+
import type { OAuthConfigService } from "./oauth-config.service.js";
|
|
13
|
+
import type { ProviderResolver } from "./provider-resolver.js";
|
|
14
|
+
export interface ToolContextBuilderConfig {
|
|
15
|
+
/** IDP token resolver for resolving tokens from User DID */
|
|
16
|
+
tokenResolver: IdpTokenResolver;
|
|
17
|
+
/** OAuth config service for fetching provider configurations */
|
|
18
|
+
configService: OAuthConfigService;
|
|
19
|
+
/** Provider resolver for resolving OAuth providers for tools */
|
|
20
|
+
providerResolver: ProviderResolver;
|
|
21
|
+
/** Project ID for fetching OAuth config */
|
|
22
|
+
projectId: string;
|
|
23
|
+
/** Optional logger callback for diagnostics */
|
|
24
|
+
logger?: (message: string, data?: unknown) => void;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Builder for tool execution context
|
|
28
|
+
*
|
|
29
|
+
* Resolves IDP tokens and builds context for tool handlers.
|
|
30
|
+
* Phase 1: Uses configured provider as temporary fallback.
|
|
31
|
+
* Phase 2+: Requires explicit oauthProvider on tool protection.
|
|
32
|
+
*/
|
|
33
|
+
export declare class ToolContextBuilder {
|
|
34
|
+
private config;
|
|
35
|
+
constructor(config: ToolContextBuilderConfig);
|
|
36
|
+
/**
|
|
37
|
+
* Build tool execution context
|
|
38
|
+
*
|
|
39
|
+
* @param toolName - Name of the tool being executed
|
|
40
|
+
* @param userDid - User DID (optional, required for OAuth)
|
|
41
|
+
* @param sessionId - Session ID (optional)
|
|
42
|
+
* @param delegationToken - Delegation token (optional)
|
|
43
|
+
* @param toolProtection - Tool protection configuration (optional)
|
|
44
|
+
* @returns Tool execution context or undefined if not needed
|
|
45
|
+
*/
|
|
46
|
+
buildContext(toolName: string, userDid: string | undefined, sessionId: string | undefined, delegationToken: string | undefined, toolProtection: ToolProtection | null): Promise<ToolExecutionContext | undefined>;
|
|
47
|
+
/**
|
|
48
|
+
* Resolve OAuth provider for a tool
|
|
49
|
+
*
|
|
50
|
+
* Phase 2: Uses ProviderResolver with priority-based resolution
|
|
51
|
+
*
|
|
52
|
+
* @param toolProtection - Tool protection configuration
|
|
53
|
+
* @returns Provider name or throws error if not found
|
|
54
|
+
*/
|
|
55
|
+
private resolveProvider;
|
|
56
|
+
}
|
|
57
|
+
//# sourceMappingURL=tool-context-builder.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tool-context-builder.d.ts","sourceRoot":"","sources":["../../src/services/tool-context-builder.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AACrE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AAC1E,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG/D,MAAM,WAAW,wBAAwB;IACvC,4DAA4D;IAC5D,aAAa,EAAE,gBAAgB,CAAC;IAEhC,gEAAgE;IAChE,aAAa,EAAE,kBAAkB,CAAC;IAElC,gEAAgE;IAChE,gBAAgB,EAAE,gBAAgB,CAAC;IAEnC,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAElB,+CAA+C;IAC/C,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CACpD;AAED;;;;;;GAMG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAEZ;gBAEU,MAAM,EAAE,wBAAwB;IAU5C;;;;;;;;;OASG;IACG,YAAY,CAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,eAAe,EAAE,MAAM,GAAG,SAAS,EACnC,cAAc,EAAE,cAAc,GAAG,IAAI,GACpC,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC;IAqE5C;;;;;;;OAOG;YACW,eAAe;CAsB9B"}
|
|
@@ -0,0 +1,125 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Tool Context Builder
|
|
4
|
+
*
|
|
5
|
+
* Builds ToolExecutionContext for tool handlers by resolving IDP tokens
|
|
6
|
+
* based on tool protection configuration and user identity.
|
|
7
|
+
*
|
|
8
|
+
* @package @kya-os/mcp-i-core
|
|
9
|
+
*/
|
|
10
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
11
|
+
exports.ToolContextBuilder = void 0;
|
|
12
|
+
const oauth_required_error_js_1 = require("../types/oauth-required-error.js");
|
|
13
|
+
/**
|
|
14
|
+
* Builder for tool execution context
|
|
15
|
+
*
|
|
16
|
+
* Resolves IDP tokens and builds context for tool handlers.
|
|
17
|
+
* Phase 1: Uses configured provider as temporary fallback.
|
|
18
|
+
* Phase 2+: Requires explicit oauthProvider on tool protection.
|
|
19
|
+
*/
|
|
20
|
+
class ToolContextBuilder {
|
|
21
|
+
config;
|
|
22
|
+
constructor(config) {
|
|
23
|
+
this.config = {
|
|
24
|
+
tokenResolver: config.tokenResolver,
|
|
25
|
+
configService: config.configService,
|
|
26
|
+
providerResolver: config.providerResolver,
|
|
27
|
+
projectId: config.projectId,
|
|
28
|
+
logger: config.logger || (() => { }),
|
|
29
|
+
};
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Build tool execution context
|
|
33
|
+
*
|
|
34
|
+
* @param toolName - Name of the tool being executed
|
|
35
|
+
* @param userDid - User DID (optional, required for OAuth)
|
|
36
|
+
* @param sessionId - Session ID (optional)
|
|
37
|
+
* @param delegationToken - Delegation token (optional)
|
|
38
|
+
* @param toolProtection - Tool protection configuration (optional)
|
|
39
|
+
* @returns Tool execution context or undefined if not needed
|
|
40
|
+
*/
|
|
41
|
+
async buildContext(toolName, userDid, sessionId, delegationToken, toolProtection) {
|
|
42
|
+
// Only build context if tool requires OAuth
|
|
43
|
+
if (!toolProtection?.requiredScopes?.length || !userDid) {
|
|
44
|
+
return undefined;
|
|
45
|
+
}
|
|
46
|
+
// Phase 2: Resolve provider using ProviderResolver
|
|
47
|
+
// ProviderResolver handles priority-based resolution with fallbacks
|
|
48
|
+
let provider;
|
|
49
|
+
try {
|
|
50
|
+
provider = await this.resolveProvider(toolProtection);
|
|
51
|
+
}
|
|
52
|
+
catch (error) {
|
|
53
|
+
// Provider resolution failed - cannot build context
|
|
54
|
+
this.config.logger("[ToolContextBuilder] Provider not resolved", {
|
|
55
|
+
toolName,
|
|
56
|
+
userDid: userDid.substring(0, 20) + "...",
|
|
57
|
+
error: error instanceof Error ? error.message : String(error),
|
|
58
|
+
});
|
|
59
|
+
return undefined;
|
|
60
|
+
}
|
|
61
|
+
// Resolve IDP token
|
|
62
|
+
const idpToken = await this.config.tokenResolver.resolveTokenFromDid(userDid, provider, toolProtection.requiredScopes);
|
|
63
|
+
if (!idpToken) {
|
|
64
|
+
// Token not available - throw OAuthRequiredError to trigger OAuth flow
|
|
65
|
+
this.config.logger("[ToolContextBuilder] Token not available, throwing OAuthRequiredError", {
|
|
66
|
+
toolName,
|
|
67
|
+
userDid: userDid.substring(0, 20) + "...",
|
|
68
|
+
provider,
|
|
69
|
+
scopes: toolProtection.requiredScopes,
|
|
70
|
+
});
|
|
71
|
+
// Throw error with provider and scopes info
|
|
72
|
+
// OAuth URL will be built by the Cloudflare layer (agent.ts)
|
|
73
|
+
throw new oauth_required_error_js_1.OAuthRequiredError({
|
|
74
|
+
toolName,
|
|
75
|
+
requiredScopes: toolProtection.requiredScopes,
|
|
76
|
+
provider,
|
|
77
|
+
oauthUrl: "", // Will be populated by Cloudflare layer
|
|
78
|
+
userDid,
|
|
79
|
+
sessionId,
|
|
80
|
+
});
|
|
81
|
+
}
|
|
82
|
+
// Build context with token
|
|
83
|
+
const context = {
|
|
84
|
+
idpToken,
|
|
85
|
+
provider,
|
|
86
|
+
scopes: toolProtection.requiredScopes,
|
|
87
|
+
userDid,
|
|
88
|
+
sessionId,
|
|
89
|
+
delegationToken,
|
|
90
|
+
};
|
|
91
|
+
this.config.logger("[ToolContextBuilder] Context built successfully", {
|
|
92
|
+
toolName,
|
|
93
|
+
userDid: userDid.substring(0, 20) + "...",
|
|
94
|
+
provider,
|
|
95
|
+
hasToken: !!idpToken,
|
|
96
|
+
});
|
|
97
|
+
return context;
|
|
98
|
+
}
|
|
99
|
+
/**
|
|
100
|
+
* Resolve OAuth provider for a tool
|
|
101
|
+
*
|
|
102
|
+
* Phase 2: Uses ProviderResolver with priority-based resolution
|
|
103
|
+
*
|
|
104
|
+
* @param toolProtection - Tool protection configuration
|
|
105
|
+
* @returns Provider name or throws error if not found
|
|
106
|
+
*/
|
|
107
|
+
async resolveProvider(toolProtection) {
|
|
108
|
+
try {
|
|
109
|
+
const provider = await this.config.providerResolver.resolveProvider(toolProtection, this.config.projectId);
|
|
110
|
+
this.config.logger("[ToolContextBuilder] Provider resolved", {
|
|
111
|
+
provider,
|
|
112
|
+
});
|
|
113
|
+
return provider;
|
|
114
|
+
}
|
|
115
|
+
catch (error) {
|
|
116
|
+
this.config.logger("[ToolContextBuilder] Provider resolution failed", {
|
|
117
|
+
error: error instanceof Error ? error.message : String(error),
|
|
118
|
+
projectId: this.config.projectId,
|
|
119
|
+
});
|
|
120
|
+
throw error; // Re-throw to let caller handle
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
}
|
|
124
|
+
exports.ToolContextBuilder = ToolContextBuilder;
|
|
125
|
+
//# sourceMappingURL=tool-context-builder.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tool-context-builder.js","sourceRoot":"","sources":["../../src/services/tool-context-builder.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAOH,8EAAsE;AAmBtE;;;;;;GAMG;AACH,MAAa,kBAAkB;IACrB,MAAM,CAEZ;IAEF,YAAY,MAAgC;QAC1C,IAAI,CAAC,MAAM,GAAG;YACZ,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;SACpC,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,OAA2B,EAC3B,SAA6B,EAC7B,eAAmC,EACnC,cAAqC;QAErC,4CAA4C;QAC5C,IAAI,CAAC,cAAc,EAAE,cAAc,EAAE,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YACxD,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,mDAAmD;QACnD,oEAAoE;QACpE,IAAI,QAAgB,CAAC;QACrB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,oDAAoD;YACpD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,4CAA4C,EAAE;gBAC/D,QAAQ;gBACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;gBACzC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,oBAAoB;QACpB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,mBAAmB,CAClE,OAAO,EACP,QAAQ,EACR,cAAc,CAAC,cAAc,CAC9B,CAAC;QAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,uEAAuE;YACvE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,uEAAuE,EAAE;gBAC1F,QAAQ;gBACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;gBACzC,QAAQ;gBACR,MAAM,EAAE,cAAc,CAAC,cAAc;aACtC,CAAC,CAAC;YAEH,4CAA4C;YAC5C,6DAA6D;YAC7D,MAAM,IAAI,4CAAkB,CAAC;gBAC3B,QAAQ;gBACR,cAAc,EAAE,cAAc,CAAC,cAAc;gBAC7C,QAAQ;gBACR,QAAQ,EAAE,EAAE,EAAE,wCAAwC;gBACtD,OAAO;gBACP,SAAS;aACV,CAAC,CAAC;QACL,CAAC;QAED,2BAA2B;QAC3B,MAAM,OAAO,GAAyB;YACpC,QAAQ;YACR,QAAQ;YACR,MAAM,EAAE,cAAc,CAAC,cAAc;YACrC,OAAO;YACP,SAAS;YACT,eAAe;SAChB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,iDAAiD,EAAE;YACpE,QAAQ;YACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;YACzC,QAAQ;YACR,QAAQ,EAAE,CAAC,CAAC,QAAQ;SACrB,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;;OAOG;IACK,KAAK,CAAC,eAAe,CAC3B,cAA8B;QAE9B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,eAAe,CACjE,cAAc,EACd,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;YAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,wCAAwC,EAAE;gBAC3D,QAAQ;aACT,CAAC,CAAC;YAEH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,iDAAiD,EAAE;gBACpE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;gBAC7D,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;aACjC,CAAC,CAAC;YACH,MAAM,KAAK,CAAC,CAAC,gCAAgC;QAC/C,CAAC;IACH,CAAC;CACF;AAlID,gDAkIC"}
|
|
@@ -126,6 +126,8 @@ export declare class ToolProtectionService {
|
|
|
126
126
|
* Uses projectId endpoint if available (preferred, project-scoped), otherwise falls back to agent_did query param
|
|
127
127
|
*
|
|
128
128
|
* @param agentDid DID of the agent to fetch config for
|
|
129
|
+
* @param options Optional fetch options
|
|
130
|
+
* @param options.bypassCDNCache When true, adds cache-busting to bypass CDN caches (used by clearAndRefresh)
|
|
129
131
|
*/
|
|
130
132
|
private fetchFromApi;
|
|
131
133
|
/**
|
|
@@ -137,5 +139,30 @@ export declare class ToolProtectionService {
|
|
|
137
139
|
* @param agentDid DID of the agent (used for fallback if projectId not available)
|
|
138
140
|
*/
|
|
139
141
|
clearCache(agentDid: string): Promise<void>;
|
|
142
|
+
/**
|
|
143
|
+
* Clear cache and immediately fetch fresh config from API
|
|
144
|
+
*
|
|
145
|
+
* This method is designed for Cloudflare Workers where KV has edge caching.
|
|
146
|
+
* After clearing the KV entry, it fetches fresh data from the API and writes
|
|
147
|
+
* it back to KV. This ensures:
|
|
148
|
+
* 1. The global KV entry is deleted
|
|
149
|
+
* 2. Fresh data is fetched from API (with CDN cache bypass!)
|
|
150
|
+
* 3. New data is written to KV (updating edge cache)
|
|
151
|
+
*
|
|
152
|
+
* The next request from the same edge location will get the fresh data.
|
|
153
|
+
*
|
|
154
|
+
* IMPORTANT: This method uses bypassCDNCache to ensure we get fresh data
|
|
155
|
+
* from AgentShield's origin server, not stale CDN-cached data. This is
|
|
156
|
+
* critical for instant cache invalidation when tool protection settings
|
|
157
|
+
* are changed in the AgentShield dashboard.
|
|
158
|
+
*
|
|
159
|
+
* @param agentDid DID of the agent (used for cache key)
|
|
160
|
+
* @returns The fresh tool protection config from API
|
|
161
|
+
*/
|
|
162
|
+
clearAndRefresh(agentDid: string): Promise<{
|
|
163
|
+
config: ToolProtectionConfig;
|
|
164
|
+
cacheKey: string;
|
|
165
|
+
source: 'api' | 'fallback';
|
|
166
|
+
}>;
|
|
140
167
|
}
|
|
141
168
|
//# sourceMappingURL=tool-protection.service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tool-protection.service.d.ts","sourceRoot":"","sources":["../../src/services/tool-protection.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8EG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,oBAAoB,EACpB,2BAA2B,EAE5B,MAAM,6BAA6B,CAAC;AACrC,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;
|
|
1
|
+
{"version":3,"file":"tool-protection.service.d.ts","sourceRoot":"","sources":["../../src/services/tool-protection.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8EG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,oBAAoB,EACpB,2BAA2B,EAE5B,MAAM,6BAA6B,CAAC;AACrC,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AA8D7E;;GAEG;AACH,qBAAa,qBAAqB;IAChC,OAAO,CAAC,MAAM,CAA8B;IAC5C,OAAO,CAAC,KAAK,CAAsB;gBAEvB,MAAM,EAAE,2BAA2B,EAAE,KAAK,EAAE,mBAAmB;IAK3E;;;OAGG;IACH,YAAY,IAAI,MAAM,GAAG,SAAS;IAIlC;;;;;;;;OAQG;YACW,aAAa;IA4C3B;;;;;;;;;;OAUG;IACG,uBAAuB,CAC3B,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,oBAAoB,CAAC;IAuYhC;;;;;;OAMG;IACG,mBAAmB,CACvB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IA8BjC;;;;;;;OAOG;YACW,YAAY;IAsH1B;;;;;;;OAOG;IACG,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAiBjD;;;;;;;;;;;;;;;;;;;OAmBG;IACG,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;QAC/C,MAAM,EAAE,oBAAoB,CAAC;QAC7B,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,KAAK,GAAG,UAAU,CAAC;KAC5B,CAAC;CA6IH"}
|