npm - @kya-os/mcp-i-core - Versions diffs - 1.4.17 → 1.4.19 - Mend

@kya-os/mcp-i-core 1.4.17 → 1.4.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/runtime/base.d.ts CHANGED Viewed

@@ -79,6 +79,19 @@ export declare class MCPIRuntimeBase {
      * Get session by ID
      */
     getSession(sessionId: string): any | undefined;
+    /**
+     * Extract the correct provider for consent URL from tool protection config
+     *
+     * For password auth tools, the provider is in authorization.provider.
+     * For OAuth auth tools, the provider is in oauthProvider (legacy) or authorization.provider.
+     *
+     * Note: Not all authorization types have a provider field (e.g., 'none', 'mdl', 'webauthn').
+     * Only 'oauth', 'oauth2', 'password', and 'idv' types have provider.
+     *
+     * @param protection - Tool protection configuration
+     * @returns Provider name to use in consent URL, or undefined
+     */
+    private getConsentProvider;
     /**
      * Process tool call with automatic proof generation
      * Returns clean result only - proof is stored for out-of-band retrieval

package/dist/runtime/base.js CHANGED Viewed

@@ -233,6 +233,38 @@ class MCPIRuntimeBase {
     getSession(sessionId) {
         return this.sessions.get(sessionId);
     }
+    /**
+     * Extract the correct provider for consent URL from tool protection config
+     *
+     * For password auth tools, the provider is in authorization.provider.
+     * For OAuth auth tools, the provider is in oauthProvider (legacy) or authorization.provider.
+     *
+     * Note: Not all authorization types have a provider field (e.g., 'none', 'mdl', 'webauthn').
+     * Only 'oauth', 'oauth2', 'password', and 'idv' types have provider.
+     *
+     * @param protection - Tool protection configuration
+     * @returns Provider name to use in consent URL, or undefined
+     */
+    getConsentProvider(protection) {
+        // Check authorization field - only some types have provider
+        if (protection.authorization) {
+            const auth = protection.authorization;
+            // Types with provider: oauth, oauth2, password, idv
+            if (auth.type === "oauth" ||
+                auth.type === "oauth2" ||
+                auth.type === "password" ||
+                auth.type === "idv") {
+                // Return auth.provider if set, otherwise fall through to legacy oauthProvider
+                if (auth.provider) {
+                    return auth.provider;
+                }
+            }
+            // Other types don't have provider (none, mdl, verifiable_credential, webauthn, siwe)
+            // Fall through to legacy oauthProvider
+        }
+        // Fall back to legacy oauthProvider (deprecated)
+        return protection.oauthProvider;
+    }
     /**
      * Process tool call with automatic proof generation
      * Returns clean result only - proof is stored for out-of-band retrieval
@@ -274,7 +306,7 @@ class MCPIRuntimeBase {
                     // Note: projectId is not available in base class - subclasses should override buildConsentUrl
                     // Pass oauthProvider to ensure correct auth method is selected (e.g., "credentials" vs "github")
                     const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, // projectId - handled by subclass override
-                    protection.oauthProvider // Provider from tool config
+                    this.getConsentProvider(protection) // Provider from tool config (supports both password and oauth auth)
                     );
                     // Create error with intercepted call context and pre-generated resume token
                     const error = new tool_protection_js_1.DelegationRequiredError(toolName, protection.requiredScopes, consentUrl, interceptedCall, resumeToken);
@@ -384,7 +416,7 @@ class MCPIRuntimeBase {
                             };
                             const resumeToken = this.generateResumeToken(interceptedCall);
                             const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, // projectId - handled by subclass override
-                            protection.oauthProvider // Provider from tool config
+                            this.getConsentProvider(protection) // Provider from tool config (supports both password and oauth auth)
                             );
                             this.interceptedCalls.set(resumeToken, interceptedCall);
                             this.cleanupExpiredInterceptedCalls();
@@ -434,7 +466,7 @@ class MCPIRuntimeBase {
                                 };
                                 const resumeToken = this.generateResumeToken(interceptedCall);
                                 const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, // projectId - handled by subclass override
-                                protection.oauthProvider // Provider from tool config
+                                this.getConsentProvider(protection) // Provider from tool config (supports both password and oauth auth)
                                 );
                                 this.interceptedCalls.set(resumeToken, interceptedCall);
                                 this.cleanupExpiredInterceptedCalls();
@@ -497,7 +529,7 @@ class MCPIRuntimeBase {
                                     expiresAt: this.clock.calculateExpiry(1800),
                                 };
                                 const resumeToken = this.generateResumeToken(interceptedCall);
-                                const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, protection.oauthProvider);
+                                const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, this.getConsentProvider(protection));
                                 this.interceptedCalls.set(resumeToken, interceptedCall);
                                 this.cleanupExpiredInterceptedCalls();
                                 throw new tool_protection_js_1.DelegationRequiredError(toolName, protection.requiredScopes, consentUrl, interceptedCall, resumeToken);
@@ -523,7 +555,7 @@ class MCPIRuntimeBase {
                                     expiresAt: this.clock.calculateExpiry(1800),
                                 };
                                 const resumeToken = this.generateResumeToken(interceptedCall);
-                                const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, protection.oauthProvider);
+                                const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, this.getConsentProvider(protection));
                                 this.interceptedCalls.set(resumeToken, interceptedCall);
                                 this.cleanupExpiredInterceptedCalls();
                                 throw new tool_protection_js_1.DelegationRequiredError(toolName, protection.requiredScopes, consentUrl, interceptedCall, resumeToken);
@@ -578,7 +610,7 @@ class MCPIRuntimeBase {
                             };
                             const resumeToken = this.generateResumeToken(interceptedCall);
                             const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, // projectId - handled by subclass override
-                            protection.oauthProvider // Provider from tool config
+                            this.getConsentProvider(protection) // Provider from tool config (supports both password and oauth auth)
                             );
                             this.interceptedCalls.set(resumeToken, interceptedCall);
                             this.cleanupExpiredInterceptedCalls();
@@ -603,7 +635,7 @@ class MCPIRuntimeBase {
                         };
                         const resumeToken = this.generateResumeToken(interceptedCall);
                         const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, // projectId - handled by subclass override
-                        protection.oauthProvider // Provider from tool config
+                        this.getConsentProvider(protection) // Provider from tool config (supports both password and oauth auth)
                         );
                         this.interceptedCalls.set(resumeToken, interceptedCall);
                         this.cleanupExpiredInterceptedCalls();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kya-os/mcp-i-core",
-  "version": "1.4.17",
+  "version": "1.4.19",
   "description": "Core runtime and types for MCP-I framework",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -28,7 +28,7 @@
     "prepublishOnly": "npm run build && node ../create-mcpi-app/scripts/validate-no-workspace.js"
   },
   "dependencies": {
-    "@kya-os/contracts": "^1.7.20",
+    "@kya-os/contracts": "^1.7.21",
     "jose": "^5.6.3",
     "json-canonicalize": "^2.0.0",
     "zod": "^3.25.76"
@@ -36,7 +36,7 @@
   "devDependencies": {
     "@types/node": "^20.14.9",
     "@vitest/coverage-v8": "^4.0.5",
-    "eslint": "^8.57.0",
+    "eslint": "^9.26.0",
     "typescript": "^5.5.3",
     "vitest": "^4.0.5"
   },