@kya-os/mcp-i-core 1.4.14 → 1.4.17

package/dist/compliance/schema-registry.d.ts

@@ -1,15 +1,15 @@
 /**
  * Schema Registry
  *
- * Canonical list of all schemas from schemas.kya-os.ai
+ * Canonical list of all schemas from schema.modelcontextprotocol-identity.io
  * Used for automated compliance verification.
  *
- * Auto-generated from https://schemas.kya-os.ai/schema-index.json
+ * Auto-generated from https://schema.modelcontextprotocol-identity.io/schema-index.json
  * Last updated: 2025-10-17
  */
 import type { SchemaMetadata } from './schema-verifier';
 /**
- * Complete registry of schemas from schemas.kya-os.ai
+ * Complete registry of schemas from schema.modelcontextprotocol-identity.io
  *
  * As of 2025-10-17, there are 38 schemas covering:
  * - W3C Verifiable Credentials

package/dist/compliance/schema-registry.js

@@ -2,10 +2,10 @@
 /**
  * Schema Registry
  *
- * Canonical list of all schemas from schemas.kya-os.ai
+ * Canonical list of all schemas from schema.modelcontextprotocol-identity.io
  * Used for automated compliance verification.
  *
- * Auto-generated from https://schemas.kya-os.ai/schema-index.json
+ * Auto-generated from https://schema.modelcontextprotocol-identity.io/schema-index.json
  * Last updated: 2025-10-17
  */
 Object.defineProperty(exports, "__esModule", { value: true });
@@ -15,9 +15,9 @@ exports.getSchemasByCategory = getSchemasByCategory;
 exports.getSchemaById = getSchemaById;
 exports.getCriticalSchemas = getCriticalSchemas;
 exports.getSchemaStats = getSchemaStats;
-const SCHEMAS_BASE_URL = 'https://schemas.kya-os.ai/xmcp-i';
+const SCHEMAS_BASE_URL = 'https://schema.modelcontextprotocol-identity.io/xmcp-i';
 /**
- * Complete registry of schemas from schemas.kya-os.ai
+ * Complete registry of schemas from schema.modelcontextprotocol-identity.io
  *
  * As of 2025-10-17, there are 38 schemas covering:
  * - W3C Verifiable Credentials

package/dist/compliance/schema-verifier.js

@@ -17,7 +17,7 @@ exports.createSchemaVerifier = createSchemaVerifier;
  * Schema Verifier with JSON Schema draft-07 support
  */
 class SchemaVerifier {
-    schemasBaseUrl = 'https://schemas.kya-os.ai';
+    schemasBaseUrl = 'https://schema.modelcontextprotocol-identity.io';
     schemaCache = new Map();
     constructor(options) {
         if (options?.schemasBaseUrl) {

package/dist/config/remote-config.d.ts

@@ -8,6 +8,7 @@
  */
 import type { MCPIConfig } from '@kya-os/contracts/config';
 import type { ToolProtection, ToolProtectionMap } from '@kya-os/contracts/tool-protection';
+import type { PolicyConfig } from '@kya-os/contracts';
 /**
  * Options for fetching remote configuration
  */
@@ -117,4 +118,56 @@ export declare function hasMergedToolProtections(config: unknown): config is {
         tools: ToolProtectionMap;
     };
 };
+/**
+ * Get policy configuration from a merged config
+ *
+ * This helper function extracts policy configuration from a merged config response.
+ * Returns null if no policy is present in the config.
+ *
+ * @param config - Config object that may contain policy
+ * @returns Policy configuration or null if not present
+ *
+ * @since 1.7.0
+ */
+export declare function getPolicy(config: {
+    policy?: PolicyConfig;
+} | null | undefined): PolicyConfig | null;
+/**
+ * Extract policy configuration from merged config with defaults
+ *
+ * This helper function extracts the policy from a merged config.
+ * Returns the default policy config if no policy is found.
+ *
+ * @param config - Config object that may contain policy
+ * @returns Policy configuration (never null, returns defaults if missing)
+ *
+ * @since 1.7.0
+ */
+export declare function extractPolicy(config: {
+    policy?: PolicyConfig;
+} | null | undefined): PolicyConfig;
+/**
+ * Check if config has embedded policy configuration
+ *
+ * Utility to check if a config response includes policy configuration.
+ *
+ * @param config - Config object to check
+ * @returns True if config has policy, false otherwise
+ *
+ * @since 1.7.0
+ */
+export declare function hasMergedPolicy(config: unknown): config is {
+    policy: PolicyConfig;
+};
+/**
+ * Check if policy enforcement is enabled for a config
+ *
+ * @param config - Config object that may contain policy
+ * @returns True if policy is present and enabled
+ *
+ * @since 1.7.0
+ */
+export declare function isPolicyEnabled(config: {
+    policy?: PolicyConfig;
+} | null | undefined): boolean;
 //# sourceMappingURL=remote-config.d.ts.map

package/dist/config/remote-config.js

@@ -12,7 +12,12 @@ exports.fetchRemoteConfig = fetchRemoteConfig;
 exports.getToolProtection = getToolProtection;
 exports.extractToolProtections = extractToolProtections;
 exports.hasMergedToolProtections = hasMergedToolProtections;
+exports.getPolicy = getPolicy;
+exports.extractPolicy = extractPolicy;
+exports.hasMergedPolicy = hasMergedPolicy;
+exports.isPolicyEnabled = isPolicyEnabled;
 const agentshield_api_1 = require("@kya-os/contracts/agentshield-api");
+const contracts_1 = require("@kya-os/contracts");
 /**
  * Fetch configuration from remote API (AgentShield dashboard)
  *
@@ -175,4 +180,74 @@ function hasMergedToolProtections(config) {
         c.toolProtection.tools !== null // typeof null === 'object' in JS
     );
 }
+// ============================================================================
+// Policy Configuration Helpers
+// ============================================================================
+/**
+ * Get policy configuration from a merged config
+ *
+ * This helper function extracts policy configuration from a merged config response.
+ * Returns null if no policy is present in the config.
+ *
+ * @param config - Config object that may contain policy
+ * @returns Policy configuration or null if not present
+ *
+ * @since 1.7.0
+ */
+function getPolicy(config) {
+    if (!config?.policy) {
+        return null;
+    }
+    return config.policy;
+}
+/**
+ * Extract policy configuration from merged config with defaults
+ *
+ * This helper function extracts the policy from a merged config.
+ * Returns the default policy config if no policy is found.
+ *
+ * @param config - Config object that may contain policy
+ * @returns Policy configuration (never null, returns defaults if missing)
+ *
+ * @since 1.7.0
+ */
+function extractPolicy(config) {
+    if (!config?.policy) {
+        // Return a deep clone to prevent mutation of the shared default
+        return structuredClone(contracts_1.DEFAULT_POLICY_CONFIG);
+    }
+    return config.policy;
+}
+/**
+ * Check if config has embedded policy configuration
+ *
+ * Utility to check if a config response includes policy configuration.
+ *
+ * @param config - Config object to check
+ * @returns True if config has policy, false otherwise
+ *
+ * @since 1.7.0
+ */
+function hasMergedPolicy(config) {
+    if (!config || typeof config !== 'object') {
+        return false;
+    }
+    const c = config;
+    return (c.policy !== undefined &&
+        typeof c.policy === 'object' &&
+        c.policy !== null);
+}
+/**
+ * Check if policy enforcement is enabled for a config
+ *
+ * @param config - Config object that may contain policy
+ * @returns True if policy is present and enabled
+ *
+ * @since 1.7.0
+ */
+function isPolicyEnabled(config) {
+    const policy = getPolicy(config);
+    // Default to true to match DEFAULT_POLICY_CONFIG.enabled and PolicyService.isEnabled()
+    return policy?.enabled ?? true;
+}
 //# sourceMappingURL=remote-config.js.map

package/dist/delegation/delegation-graph.js

@@ -168,6 +168,21 @@ class DelegationGraphManager {
                     reason: `Invalid chain: ${child.id} parentId=${child.parentId} but actual parent is ${parent.id}`,
                 };
             }
+            // TODO(security): Add constraint attenuation validation for multi-level chains
+            //
+            // When multi-agent delegation is supported (Agent → Sub-Agent), this should call:
+            //   areChildConstraintsValid(parentConstraints, childConstraints)
+            // from @kya-os/contracts/delegation to enforce constraint monotonicity:
+            //   - Child time bounds must be within parent bounds
+            //   - Child budget must be ≤ parent budget
+            //   - Child scopes must be subset of parent scopes
+            //
+            // Currently only single-level delegations (User → Agent) are used in production,
+            // so constraint attenuation is not enforced. The DelegationNode interface would
+            // need a `constraints?: DelegationConstraints` field to enable this.
+            //
+            // See: packages/contracts/src/delegation/constraints.ts:163 (areChildConstraintsValid)
+            // Spec: MCP-I §4.2 (CRISP Constraints)
         }
         return { valid: true };
     }

package/dist/index.d.ts

@@ -11,6 +11,8 @@ export type { RuntimeWithAccessControl } from "./runtime/base";
 export type { IAuditLogger } from "./runtime/audit-logger";
 export * from "./utils";
 export { ToolProtectionService } from "./services/tool-protection.service";
+export { PolicyService } from "./services/policy.service";
+export type { PolicyEvaluationContext, PolicyEvaluationResult, PolicyServiceConfig, } from "./services/policy.service";
 export { CryptoService } from "./services/crypto.service";
 export type { Ed25519JWK, ParsedJWS } from "./services/crypto.service";
 export { ProofVerifier } from "./services/proof-verifier";
@@ -62,7 +64,7 @@ export { base64urlEncodeFromBytes, base64urlEncodeFromString, base64urlDecodeToB
 import type { HandshakeRequest, SessionContext, NonceCache, NonceCacheEntry, NonceCacheConfig, ProofMeta, DetachedProof, CanonicalHashes, AuditRecord } from "@kya-os/contracts";
 export type { HandshakeRequest, SessionContext, NonceCache, NonceCacheEntry, NonceCacheConfig, ProofMeta, DetachedProof, CanonicalHashes, AuditRecord, };
 export * from "./config";
-export { fetchRemoteConfig, type RemoteConfigCache, type RemoteConfigOptions, } from "./config/remote-config";
+export { fetchRemoteConfig, type RemoteConfigCache, type RemoteConfigOptions, getToolProtection, extractToolProtections, hasMergedToolProtections, getPolicy, extractPolicy, hasMergedPolicy, isPolicyEnabled, } from "./config/remote-config";
 export { UserDidManager } from "./identity/user-did-manager";
 export type { UserDidStorage, UserDidManagerConfig, UserKeyPair, OAuthIdentity, } from "./identity/user-did-manager";
 export { IdpTokenResolver } from "./identity/idp-token-resolver";

package/dist/index.js

@@ -20,8 +20,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.BitstringManager = exports.createStatusListManager = exports.StatusList2021Manager = exports.createDelegationVerifier = exports.DelegationCredentialVerifier = exports.createDelegationIssuer = exports.DelegationCredentialIssuer = exports.createDelegationErrorFormatter = exports.DelegationErrorFormatter = exports.OAuthRequiredError = exports.DelegationRequiredError = exports.NoOpToolProtectionCache = exports.InMemoryToolProtectionCache = exports.createProofVerificationError = exports.PROOF_VERIFICATION_ERROR_CODES = exports.ProofVerificationError = exports.migrateLegacyKeys = exports.StorageKeyHelpers = exports.createStorageProviders = exports.NoOpOAuthConfigCache = exports.InMemoryOAuthConfigCache = exports.BatchDelegationService = exports.OAuthTokenRetrievalService = exports.ProviderValidationError = exports.ProviderValidator = exports.CredentialAuthModeError = exports.ConsentOnlyModeError = exports.ProviderResolver = exports.OAuthProviderRegistry = exports.ToolContextBuilder = exports.defaultSecretResolver = exports.OAuthService = exports.OAuthConfigService = exports.createSessionRegistrationService = exports.SessionRegistrationService = exports.authorizationMatches = exports.AccessControlApiService = exports.ProofVerifier = exports.CryptoService = exports.ToolProtectionService = exports.MCPIRuntimeBase = exports.MemoryIdentityProvider = exports.MemoryNonceCacheProvider = exports.MemoryStorageProvider = exports.IdentityProvider = exports.NonceCacheProvider = exports.StorageProvider = exports.FetchProvider = exports.ClockProvider = exports.CryptoProvider = void 0;
-exports.createDefaultConsoleLogger = exports.logger = exports.IdpTokenResolver = exports.UserDidManager = exports.fetchRemoteConfig = exports.bytesToBase64 = exports.base64urlDecodeToString = exports.base64urlDecodeToBytes = exports.base64urlEncodeFromString = exports.base64urlEncodeFromBytes = exports.parseVCJWT = exports.completeVCJWT = exports.createUnsignedVCJWT = exports.canonicalizeJSON = exports.getSchemaStats = exports.getCriticalSchemas = exports.getSchemaById = exports.getSchemasByCategory = exports.getAllSchemas = exports.SCHEMA_REGISTRY = exports.createSchemaVerifier = exports.SchemaVerifier = exports.isValidBase58 = exports.base58Decode = exports.base58Encode = exports.resolveDidKeySync = exports.publicKeyToJwk = exports.extractPublicKeyFromDidKey = exports.isEd25519DidKey = exports.createDidKeyResolver = exports.MemoryDelegationGraphStorage = exports.MemoryStatusListStorage = exports.createCascadingRevocationManager = exports.CascadingRevocationManager = exports.createDelegationGraph = exports.DelegationGraphManager = exports.isIndexSet = void 0;
+exports.createStatusListManager = exports.StatusList2021Manager = exports.createDelegationVerifier = exports.DelegationCredentialVerifier = exports.createDelegationIssuer = exports.DelegationCredentialIssuer = exports.createDelegationErrorFormatter = exports.DelegationErrorFormatter = exports.OAuthRequiredError = exports.DelegationRequiredError = exports.NoOpToolProtectionCache = exports.InMemoryToolProtectionCache = exports.createProofVerificationError = exports.PROOF_VERIFICATION_ERROR_CODES = exports.ProofVerificationError = exports.migrateLegacyKeys = exports.StorageKeyHelpers = exports.createStorageProviders = exports.NoOpOAuthConfigCache = exports.InMemoryOAuthConfigCache = exports.BatchDelegationService = exports.OAuthTokenRetrievalService = exports.ProviderValidationError = exports.ProviderValidator = exports.CredentialAuthModeError = exports.ConsentOnlyModeError = exports.ProviderResolver = exports.OAuthProviderRegistry = exports.ToolContextBuilder = exports.defaultSecretResolver = exports.OAuthService = exports.OAuthConfigService = exports.createSessionRegistrationService = exports.SessionRegistrationService = exports.authorizationMatches = exports.AccessControlApiService = exports.ProofVerifier = exports.CryptoService = exports.PolicyService = exports.ToolProtectionService = exports.MCPIRuntimeBase = exports.MemoryIdentityProvider = exports.MemoryNonceCacheProvider = exports.MemoryStorageProvider = exports.IdentityProvider = exports.NonceCacheProvider = exports.StorageProvider = exports.FetchProvider = exports.ClockProvider = exports.CryptoProvider = void 0;
+exports.createDefaultConsoleLogger = exports.logger = exports.IdpTokenResolver = exports.UserDidManager = exports.isPolicyEnabled = exports.hasMergedPolicy = exports.extractPolicy = exports.getPolicy = exports.hasMergedToolProtections = exports.extractToolProtections = exports.getToolProtection = exports.fetchRemoteConfig = exports.bytesToBase64 = exports.base64urlDecodeToString = exports.base64urlDecodeToBytes = exports.base64urlEncodeFromString = exports.base64urlEncodeFromBytes = exports.parseVCJWT = exports.completeVCJWT = exports.createUnsignedVCJWT = exports.canonicalizeJSON = exports.getSchemaStats = exports.getCriticalSchemas = exports.getSchemaById = exports.getSchemasByCategory = exports.getAllSchemas = exports.SCHEMA_REGISTRY = exports.createSchemaVerifier = exports.SchemaVerifier = exports.isValidBase58 = exports.base58Decode = exports.base58Encode = exports.resolveDidKeySync = exports.publicKeyToJwk = exports.extractPublicKeyFromDidKey = exports.isEd25519DidKey = exports.createDidKeyResolver = exports.MemoryDelegationGraphStorage = exports.MemoryStatusListStorage = exports.createCascadingRevocationManager = exports.CascadingRevocationManager = exports.createDelegationGraph = exports.DelegationGraphManager = exports.isIndexSet = exports.BitstringManager = void 0;
 // Base providers
 var base_1 = require("./providers/base");
 Object.defineProperty(exports, "CryptoProvider", { enumerable: true, get: function () { return base_1.CryptoProvider; } });
@@ -43,6 +43,9 @@ __exportStar(require("./utils"), exports);
 // Tool Protection
 var tool_protection_service_1 = require("./services/tool-protection.service");
 Object.defineProperty(exports, "ToolProtectionService", { enumerable: true, get: function () { return tool_protection_service_1.ToolProtectionService; } });
+// Policy Service (v1.7.0)
+var policy_service_1 = require("./services/policy.service");
+Object.defineProperty(exports, "PolicyService", { enumerable: true, get: function () { return policy_service_1.PolicyService; } });
 // Crypto Service
 var crypto_service_1 = require("./services/crypto.service");
 Object.defineProperty(exports, "CryptoService", { enumerable: true, get: function () { return crypto_service_1.CryptoService; } });
@@ -176,6 +179,15 @@ __exportStar(require("./config"), exports);
 // Remote configuration fetching
 var remote_config_1 = require("./config/remote-config");
 Object.defineProperty(exports, "fetchRemoteConfig", { enumerable: true, get: function () { return remote_config_1.fetchRemoteConfig; } });
+// Tool protection helpers
+Object.defineProperty(exports, "getToolProtection", { enumerable: true, get: function () { return remote_config_1.getToolProtection; } });
+Object.defineProperty(exports, "extractToolProtections", { enumerable: true, get: function () { return remote_config_1.extractToolProtections; } });
+Object.defineProperty(exports, "hasMergedToolProtections", { enumerable: true, get: function () { return remote_config_1.hasMergedToolProtections; } });
+// Policy helpers (v1.7.0)
+Object.defineProperty(exports, "getPolicy", { enumerable: true, get: function () { return remote_config_1.getPolicy; } });
+Object.defineProperty(exports, "extractPolicy", { enumerable: true, get: function () { return remote_config_1.extractPolicy; } });
+Object.defineProperty(exports, "hasMergedPolicy", { enumerable: true, get: function () { return remote_config_1.hasMergedPolicy; } });
+Object.defineProperty(exports, "isPolicyEnabled", { enumerable: true, get: function () { return remote_config_1.isPolicyEnabled; } });
 // User DID Manager (Phase 4)
 var user_did_manager_1 = require("./identity/user-did-manager");
 Object.defineProperty(exports, "UserDidManager", { enumerable: true, get: function () { return user_did_manager_1.UserDidManager; } });

package/dist/services/policy.service.d.ts

@@ -0,0 +1,130 @@
+/**
+ * PolicyService - Evaluates agent access policies
+ *
+ * This service evaluates incoming requests against configured policy rules
+ * to determine the appropriate enforcement action (allow, block, challenge, redirect).
+ *
+ * Policy evaluation order:
+ * 1. Allow list (exempt agents, always allowed)
+ * 2. Deny list (blocked agents, always blocked)
+ * 3. Threshold checks (confidence, reputation)
+ * 4. Custom rules (evaluated by priority, first match wins)
+ * 5. Default action (if no rules match)
+ *
+ * @package @kya-os/mcp-i-core
+ * @since 1.7.0
+ */
+import type { PolicyConfig, EnforcementAction } from '@kya-os/contracts';
+/**
+ * Context for policy evaluation
+ * Contains all attributes about the request/agent that can be matched against
+ */
+export interface PolicyEvaluationContext {
+    agentType?: string;
+    agentName?: string;
+    agentVendor?: string;
+    clientDid?: string;
+    agentDid?: string;
+    confidence?: number;
+    reputationScore?: number;
+    riskLevel?: 'low' | 'medium' | 'high' | 'critical';
+    path?: string;
+    method?: string;
+    origin?: string;
+    userAgent?: string;
+    signatureVerified?: boolean;
+    isAuthenticated?: boolean;
+    hasValidDelegation?: boolean;
+}
+/**
+ * Result of policy evaluation
+ */
+export interface PolicyEvaluationResult {
+    /** Enforcement action to take */
+    action: EnforcementAction;
+    /** Reason for the action */
+    reason: string;
+    /** Rule ID that matched (if any) */
+    ruleId?: string;
+    /** Rule name that matched (if any) */
+    ruleName?: string;
+    /** Redirect URL (if action is 'redirect') */
+    redirectUrl?: string;
+    /** Custom message from the matched rule */
+    message?: string;
+    /** Whether this was matched by allow/deny list */
+    matchType: 'allow-list' | 'deny-list' | 'threshold' | 'rule' | 'default';
+}
+/**
+ * Service configuration
+ */
+export interface PolicyServiceConfig {
+    /** Enable debug logging */
+    debug?: boolean;
+}
+export declare class PolicyService {
+    private config;
+    private policy;
+    constructor(policy?: PolicyConfig, config?: PolicyServiceConfig);
+    /**
+     * Update the policy configuration
+     */
+    setPolicy(policy: PolicyConfig): void;
+    /**
+     * Get the current policy configuration
+     */
+    getPolicy(): PolicyConfig;
+    /**
+     * Check if policy enforcement is enabled
+     */
+    isEnabled(): boolean;
+    /**
+     * Evaluate a request against the policy
+     *
+     * @param context - Request/agent context to evaluate
+     * @returns Evaluation result with action and reason
+     */
+    evaluate(context: PolicyEvaluationContext): PolicyEvaluationResult;
+    /**
+     * Check if context matches any allow list entry
+     */
+    private checkAllowList;
+    /**
+     * Check if context matches any deny list entry
+     */
+    private checkDenyList;
+    /**
+     * Check if context matches a list entry (allow or deny)
+     */
+    private matchesListEntry;
+    /**
+     * Check threshold-based enforcement
+     */
+    private checkThresholds;
+    /**
+     * Evaluate custom policy rules
+     */
+    private evaluateRules;
+    /**
+     * Check if context matches a rule (all conditions must match)
+     */
+    private matchesRule;
+    /**
+     * Check if context matches a single condition
+     */
+    private matchesCondition;
+    /**
+     * Get a value from the context by field name
+     */
+    private getContextValue;
+    /**
+     * Compare two values for equality
+     */
+    private compareEqual;
+    /**
+     * Sanitize context for logging (mask sensitive values)
+     */
+    private sanitizeContext;
+}
+export default PolicyService;
+//# sourceMappingURL=policy.service.d.ts.map

package/dist/services/policy.service.js

@@ -0,0 +1,399 @@
+"use strict";
+/**
+ * PolicyService - Evaluates agent access policies
+ *
+ * This service evaluates incoming requests against configured policy rules
+ * to determine the appropriate enforcement action (allow, block, challenge, redirect).
+ *
+ * Policy evaluation order:
+ * 1. Allow list (exempt agents, always allowed)
+ * 2. Deny list (blocked agents, always blocked)
+ * 3. Threshold checks (confidence, reputation)
+ * 4. Custom rules (evaluated by priority, first match wins)
+ * 5. Default action (if no rules match)
+ *
+ * @package @kya-os/mcp-i-core
+ * @since 1.7.0
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PolicyService = void 0;
+const contracts_1 = require("@kya-os/contracts");
+// ============================================================================
+// PolicyService Implementation
+// ============================================================================
+class PolicyService {
+    config;
+    policy;
+    constructor(policy, config) {
+        // Clone the default config to prevent mutation of the shared default
+        this.policy = policy ?? structuredClone(contracts_1.DEFAULT_POLICY_CONFIG);
+        this.config = config ?? {};
+    }
+    /**
+     * Update the policy configuration
+     */
+    setPolicy(policy) {
+        this.policy = policy;
+    }
+    /**
+     * Get the current policy configuration
+     */
+    getPolicy() {
+        return this.policy;
+    }
+    /**
+     * Check if policy enforcement is enabled
+     */
+    isEnabled() {
+        return this.policy.enabled ?? true;
+    }
+    /**
+     * Evaluate a request against the policy
+     *
+     * @param context - Request/agent context to evaluate
+     * @returns Evaluation result with action and reason
+     */
+    evaluate(context) {
+        // If policy is disabled, always allow
+        if (!this.isEnabled()) {
+            return {
+                action: 'allow',
+                reason: 'Policy enforcement disabled',
+                matchType: 'default',
+            };
+        }
+        // 1. Check allow list first (exempt agents)
+        const allowListMatch = this.checkAllowList(context);
+        if (allowListMatch) {
+            if (this.config.debug) {
+                console.error('[PolicyService] Allow list match', {
+                    context: this.sanitizeContext(context),
+                    match: allowListMatch,
+                });
+            }
+            return {
+                action: 'allow',
+                reason: `Allowed: ${allowListMatch.reason ?? 'On allow list'}`,
+                matchType: 'allow-list',
+            };
+        }
+        // 2. Check deny list (blocked agents)
+        const denyListMatch = this.checkDenyList(context);
+        if (denyListMatch) {
+            if (this.config.debug) {
+                console.error('[PolicyService] Deny list match', {
+                    context: this.sanitizeContext(context),
+                    match: denyListMatch,
+                });
+            }
+            return {
+                action: 'block',
+                reason: denyListMatch.reason ?? 'On deny list',
+                matchType: 'deny-list',
+            };
+        }
+        // 3. Check threshold-based enforcement
+        const thresholdResult = this.checkThresholds(context);
+        if (thresholdResult) {
+            if (this.config.debug) {
+                console.error('[PolicyService] Threshold match', {
+                    context: this.sanitizeContext(context),
+                    result: thresholdResult,
+                });
+            }
+            return thresholdResult;
+        }
+        // 4. Evaluate custom rules (by priority)
+        const ruleResult = this.evaluateRules(context);
+        if (ruleResult) {
+            if (this.config.debug) {
+                console.error('[PolicyService] Rule match', {
+                    context: this.sanitizeContext(context),
+                    result: ruleResult,
+                });
+            }
+            return ruleResult;
+        }
+        // 5. Default action
+        return {
+            action: this.policy.defaultAction ?? 'allow',
+            reason: 'No matching rules, using default action',
+            matchType: 'default',
+            redirectUrl: this.policy.defaultAction === 'redirect' ? this.policy.redirectUrl : undefined,
+        };
+    }
+    // ============================================================================
+    // Private Methods
+    // ============================================================================
+    /**
+     * Check if context matches any allow list entry
+     */
+    checkAllowList(context) {
+        if (!this.policy.allowList?.length) {
+            return null;
+        }
+        for (const entry of this.policy.allowList) {
+            if (this.matchesListEntry(context, entry)) {
+                return entry;
+            }
+        }
+        return null;
+    }
+    /**
+     * Check if context matches any deny list entry
+     */
+    checkDenyList(context) {
+        if (!this.policy.denyList?.length) {
+            return null;
+        }
+        for (const entry of this.policy.denyList) {
+            // Check if entry is active and not expired
+            if (entry.active === false)
+                continue;
+            if (entry.expiresAt && new Date(entry.expiresAt) < new Date())
+                continue;
+            if (this.matchesListEntry(context, entry)) {
+                return entry;
+            }
+        }
+        return null;
+    }
+    /**
+     * Check if context matches a list entry (allow or deny)
+     */
+    matchesListEntry(context, entry) {
+        // At least one identifier must match
+        if (entry.clientDid && context.clientDid === entry.clientDid)
+            return true;
+        if (entry.agentDid && context.agentDid === entry.agentDid)
+            return true;
+        if (entry.clientName && context.agentName?.toLowerCase() === entry.clientName.toLowerCase())
+            return true;
+        if (entry.agentType && context.agentType === entry.agentType)
+            return true;
+        return false;
+    }
+    /**
+     * Check threshold-based enforcement
+     */
+    checkThresholds(context) {
+        const thresholds = this.policy.thresholds;
+        if (!thresholds)
+            return null;
+        // If signed requests bypass thresholds and request is signed, skip threshold checks
+        if (thresholds.trustSignedRequests && context.signatureVerified) {
+            return null;
+        }
+        // Check trusted reputation threshold (bypass other checks)
+        if (context.reputationScore !== undefined &&
+            context.reputationScore >= thresholds.trustedReputationThreshold) {
+            return null; // Trusted, continue to rules
+        }
+        // Check confidence threshold
+        if (context.confidence !== undefined &&
+            context.confidence >= thresholds.confidenceThreshold) {
+            return {
+                action: thresholds.confidenceAction,
+                reason: `Detection confidence (${context.confidence}) exceeds threshold (${thresholds.confidenceThreshold})`,
+                matchType: 'threshold',
+                redirectUrl: thresholds.confidenceAction === 'redirect' ? this.policy.redirectUrl : undefined,
+            };
+        }
+        // Check minimum reputation score
+        if (thresholds.minReputationScore > 0 &&
+            context.reputationScore !== undefined &&
+            context.reputationScore < thresholds.minReputationScore) {
+            return {
+                action: thresholds.lowReputationAction,
+                reason: `Reputation score (${context.reputationScore}) below minimum (${thresholds.minReputationScore})`,
+                matchType: 'threshold',
+                redirectUrl: thresholds.lowReputationAction === 'redirect' ? this.policy.redirectUrl : undefined,
+            };
+        }
+        return null;
+    }
+    /**
+     * Evaluate custom policy rules
+     */
+    evaluateRules(context) {
+        const rules = this.policy.rules;
+        if (!rules?.length)
+            return null;
+        // Sort rules by priority (lower = higher priority)
+        const sortedRules = [...rules]
+            .filter((r) => r.enabled !== false)
+            .sort((a, b) => (a.priority ?? 100) - (b.priority ?? 100));
+        for (const rule of sortedRules) {
+            if (this.matchesRule(context, rule)) {
+                return {
+                    action: rule.action,
+                    reason: rule.description ?? rule.name,
+                    ruleId: rule.id,
+                    ruleName: rule.name,
+                    redirectUrl: rule.action === 'redirect' ? rule.redirectUrl : undefined,
+                    message: rule.message,
+                    matchType: 'rule',
+                };
+            }
+        }
+        return null;
+    }
+    /**
+     * Check if context matches a rule (all conditions must match)
+     */
+    matchesRule(context, rule) {
+        // All conditions must match (AND logic)
+        return rule.conditions.every((condition) => this.matchesCondition(context, condition));
+    }
+    /**
+     * Check if context matches a single condition
+     */
+    matchesCondition(context, condition) {
+        const value = this.getContextValue(context, condition.field);
+        const targetValue = condition.value;
+        // Handle null/undefined - these operators should return true when value is missing
+        if (value === undefined || value === null) {
+            return (condition.operator === 'notEquals' ||
+                condition.operator === 'notIn' ||
+                condition.operator === 'notContains');
+        }
+        switch (condition.operator) {
+            case 'equals':
+                return this.compareEqual(value, targetValue, condition.caseInsensitive);
+            case 'notEquals':
+                return !this.compareEqual(value, targetValue, condition.caseInsensitive);
+            case 'contains':
+                return typeof value === 'string' && typeof targetValue === 'string'
+                    ? condition.caseInsensitive
+                        ? value.toLowerCase().includes(targetValue.toLowerCase())
+                        : value.includes(targetValue)
+                    : false;
+            case 'notContains':
+                return typeof value === 'string' && typeof targetValue === 'string'
+                    ? condition.caseInsensitive
+                        ? !value.toLowerCase().includes(targetValue.toLowerCase())
+                        : !value.includes(targetValue)
+                    : true;
+            case 'startsWith':
+                return typeof value === 'string' && typeof targetValue === 'string'
+                    ? condition.caseInsensitive
+                        ? value.toLowerCase().startsWith(targetValue.toLowerCase())
+                        : value.startsWith(targetValue)
+                    : false;
+            case 'endsWith':
+                return typeof value === 'string' && typeof targetValue === 'string'
+                    ? condition.caseInsensitive
+                        ? value.toLowerCase().endsWith(targetValue.toLowerCase())
+                        : value.endsWith(targetValue)
+                    : false;
+            case 'greaterThan':
+                return typeof value === 'number' && typeof targetValue === 'number'
+                    ? value > targetValue
+                    : false;
+            case 'lessThan':
+                return typeof value === 'number' && typeof targetValue === 'number'
+                    ? value < targetValue
+                    : false;
+            case 'greaterThanOrEquals':
+                return typeof value === 'number' && typeof targetValue === 'number'
+                    ? value >= targetValue
+                    : false;
+            case 'lessThanOrEquals':
+                return typeof value === 'number' && typeof targetValue === 'number'
+                    ? value <= targetValue
+                    : false;
+            case 'matches':
+                if (typeof value !== 'string' || typeof targetValue !== 'string') {
+                    return false;
+                }
+                try {
+                    const flags = condition.caseInsensitive ? 'i' : '';
+                    return new RegExp(targetValue, flags).test(value);
+                }
+                catch {
+                    return false;
+                }
+            case 'in':
+                return Array.isArray(targetValue)
+                    ? targetValue.some((v) => this.compareEqual(value, v, condition.caseInsensitive))
+                    : false;
+            case 'notIn':
+                return Array.isArray(targetValue)
+                    ? !targetValue.some((v) => this.compareEqual(value, v, condition.caseInsensitive))
+                    : true;
+            default:
+                return false;
+        }
+    }
+    /**
+     * Get a value from the context by field name
+     */
+    getContextValue(context, field) {
+        switch (field) {
+            case 'agentType':
+                return context.agentType;
+            case 'agentName':
+                return context.agentName;
+            case 'agentVendor':
+                return context.agentVendor;
+            case 'clientDid':
+                return context.clientDid;
+            case 'agentDid':
+                return context.agentDid;
+            case 'confidence':
+                return context.confidence;
+            case 'reputationScore':
+                return context.reputationScore;
+            case 'riskLevel':
+                return context.riskLevel;
+            case 'path':
+                return context.path;
+            case 'method':
+                return context.method;
+            case 'origin':
+                return context.origin;
+            case 'userAgent':
+                return context.userAgent;
+            case 'signatureVerified':
+                return context.signatureVerified;
+            case 'isAuthenticated':
+                return context.isAuthenticated;
+            case 'hasValidDelegation':
+                return context.hasValidDelegation;
+            default:
+                return undefined;
+        }
+    }
+    /**
+     * Compare two values for equality
+     */
+    compareEqual(a, b, caseInsensitive) {
+        if (typeof a === 'string' && typeof b === 'string') {
+            return caseInsensitive ? a.toLowerCase() === b.toLowerCase() : a === b;
+        }
+        return a === b;
+    }
+    /**
+     * Sanitize context for logging (mask sensitive values)
+     */
+    sanitizeContext(context) {
+        return {
+            agentType: context.agentType,
+            agentName: context.agentName,
+            agentVendor: context.agentVendor,
+            clientDid: context.clientDid ? `${context.clientDid.slice(0, 20)}...` : undefined,
+            agentDid: context.agentDid ? `${context.agentDid.slice(0, 20)}...` : undefined,
+            confidence: context.confidence,
+            reputationScore: context.reputationScore,
+            riskLevel: context.riskLevel,
+            path: context.path,
+            method: context.method,
+            signatureVerified: context.signatureVerified,
+            isAuthenticated: context.isAuthenticated,
+            hasValidDelegation: context.hasValidDelegation,
+        };
+    }
+}
+exports.PolicyService = PolicyService;
+exports.default = PolicyService;
+//# sourceMappingURL=policy.service.js.map

package/dist/services/tool-context-builder.js

@@ -77,7 +77,28 @@ class ToolContextBuilder {
         // This includes tokenUsage, cookieFormat, apiHeaders for credential providers
         const tokenData = await this.config.tokenResolver.resolveTokenDataFromDid(userDid, provider, toolProtection.requiredScopes);
         if (!tokenData) {
-            // Token not available - throw OAuthRequiredError to trigger auth flow
+            // IDP token not available - check if delegation token exists
+            // If delegation exists, tool can still execute without IDP token
+            // (the tool handler should check for idpToken if it needs external API access)
+            if (delegationToken) {
+                this.config.logger("[ToolContextBuilder] IDP token not found, but delegation exists - returning minimal context", {
+                    toolName,
+                    userDid: userDid.substring(0, 20) + "...",
+                    provider,
+                    scopes: toolProtection.requiredScopes,
+                    note: "Tool can execute with delegation-only authorization",
+                });
+                // Return minimal context with delegation info
+                // Tools that need IDP token for external API calls should check for idpToken
+                return {
+                    provider,
+                    scopes: toolProtection.requiredScopes,
+                    userDid,
+                    sessionId,
+                    delegationToken,
+                };
+            }
+            // No delegation token either - throw OAuthRequiredError to trigger auth flow
             this.config.logger("[ToolContextBuilder] Token not available, throwing OAuthRequiredError", {
                 toolName,
                 userDid: userDid.substring(0, 20) + "...",

package/dist/types/oauth-required-error.d.ts

@@ -21,6 +21,11 @@ export interface OAuthRequiredErrorOptions {
     userDid?: string;
     /** Optional session ID */
     sessionId?: string;
+    /**
+     * Auth type from tool protection config (e.g., "password", "oauth")
+     * Used to determine correct consent flow when catching the error
+     */
+    authType?: string;
 }
 /**
  * Error thrown when a tool requires OAuth but IDP token is not available
@@ -35,6 +40,7 @@ export declare class OAuthRequiredError extends Error {
     readonly resumeToken?: string;
     readonly userDid?: string;
     readonly sessionId?: string;
+    readonly authType?: string;
     constructor(options: OAuthRequiredErrorOptions);
 }
 //# sourceMappingURL=oauth-required-error.d.ts.map

package/dist/types/oauth-required-error.js

@@ -22,6 +22,7 @@ class OAuthRequiredError extends Error {
     resumeToken;
     userDid;
     sessionId;
+    authType;
     constructor(options) {
         const { toolName, requiredScopes, provider, oauthUrl } = options;
         super(`OAuth required for tool "${toolName}" with provider "${provider}". ` +
@@ -34,6 +35,7 @@ class OAuthRequiredError extends Error {
         this.resumeToken = options.resumeToken;
         this.userDid = options.userDid;
         this.sessionId = options.sessionId;
+        this.authType = options.authType;
     }
 }
 exports.OAuthRequiredError = OAuthRequiredError;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kya-os/mcp-i-core",
-  "version": "1.4.14",
+  "version": "1.4.17",
   "description": "Core runtime and types for MCP-I framework",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -18,6 +18,15 @@
       "default": "./dist/*.js"
     }
   },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage",
+    "test:watch": "vitest",
+    "lint": "eslint .",
+    "clean": "rm -rf dist .turbo node_modules",
+    "prepublishOnly": "npm run build && node ../create-mcpi-app/scripts/validate-no-workspace.js"
+  },
   "dependencies": {
     "@kya-os/contracts": "^1.7.20",
     "jose": "^5.6.3",
@@ -33,13 +42,5 @@
   },
   "publishConfig": {
     "access": "public"
-  },
-  "scripts": {
-    "build": "tsc",
-    "test": "vitest run",
-    "test:coverage": "vitest run --coverage",
-    "test:watch": "vitest",
-    "lint": "eslint .",
-    "clean": "rm -rf dist .turbo node_modules"
   }
-}
+}

package/scripts/audit-compliance.ts

@@ -583,7 +583,7 @@ async function runAudit() {
   console.log('================================================================================\n');
 
   const verifier = createSchemaVerifier({
-    schemasBaseUrl: 'https://schemas.kya-os.ai/xmcp-i',
+    schemasBaseUrl: 'https://schema.modelcontextprotocol-identity.io/xmcp-i',
   });
 
   const implementations = createSampleImplementations();