@kya-os/mcp-i 0.1.0-alpha.3.9 → 1.2.0

package/dist/compiler/parse-xmcp-config.js

@@ -0,0 +1,155 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getConfig = getConfig;
+exports.readConfig = readConfig;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const webpack_1 = require("webpack");
+const memfs_1 = require("memfs");
+const compiler_context_1 = require("./compiler-context");
+const config_1 = require("./config");
+const constants_1 = require("./config/constants");
+function validateConfig(config) {
+    return config_1.configSchema.parse(config);
+}
+// read if exists
+function readConfigFile(pathToConfig) {
+    const configPath = path_1.default.resolve(process.cwd(), pathToConfig);
+    if (!fs_1.default.existsSync(configPath)) {
+        return null;
+    }
+    return fs_1.default.readFileSync(configPath, "utf8");
+}
+const configPaths = {
+    ts: "xmcp.config.ts",
+    json: "xmcp.config.json",
+};
+/**
+ * Parse and validate xmcp config file
+ */
+async function getConfig() {
+    const config = await readConfig();
+    const { platforms } = compiler_context_1.compilerContext.getContext();
+    if (platforms.vercel) {
+        // Remove stdio to deploy on vercel
+        delete config.stdio;
+    }
+    return config;
+}
+/**
+ * Read config from file or return default
+ */
+async function readConfig() {
+    // Simple json config
+    const jsonFile = readConfigFile(configPaths.json);
+    if (jsonFile) {
+        return validateConfig(JSON.parse(jsonFile));
+    }
+    // TypeScript config, compile it
+    const tsFile = readConfigFile(configPaths.ts);
+    if (tsFile) {
+        try {
+            return await compileConfig();
+        }
+        catch (error) {
+            throw new Error(`Failed to compile xmcp.config.ts:\n${error}`);
+        }
+    }
+    // Default config
+    return {
+        stdio: true,
+        http: true,
+        paths: constants_1.DEFAULT_PATHS_CONFIG,
+    };
+}
+/**
+ * If the user is using a typescript config file,
+ * we need to bundle it, run it and return its copiled code
+ * */
+async function compileConfig() {
+    const configPath = path_1.default.resolve(process.cwd(), configPaths.ts);
+    // Create memory filesystem
+    const memoryFs = (0, memfs_1.createFsFromVolume)(new memfs_1.Volume());
+    // Webpack configuration
+    const webpackConfig = {
+        mode: "production",
+        entry: configPath,
+        target: "node",
+        output: {
+            path: "/",
+            filename: "config.js",
+            library: {
+                type: "commonjs2",
+            },
+        },
+        resolve: {
+            extensions: [".ts", ".js"],
+        },
+        module: {
+            rules: [
+                {
+                    test: /\.ts$/,
+                    use: {
+                        loader: "swc-loader",
+                        options: {
+                            jsc: {
+                                parser: {
+                                    syntax: "typescript",
+                                },
+                                target: "es2020",
+                            },
+                            module: {
+                                type: "commonjs",
+                            },
+                        },
+                    },
+                    exclude: /node_modules/,
+                },
+            ],
+        },
+        externals: {
+            webpack: "commonjs2 webpack",
+        },
+    };
+    return new Promise((resolve, reject) => {
+        const compiler = (0, webpack_1.webpack)(webpackConfig);
+        // Use memory filesystem for output
+        compiler.outputFileSystem = memoryFs;
+        compiler.run((err, stats) => {
+            if (err) {
+                reject(err);
+                return;
+            }
+            if (stats?.hasErrors()) {
+                reject(new Error(stats.toString({ colors: false, errors: true })));
+                return;
+            }
+            try {
+                // Read the bundled code from memory
+                const bundledCode = memoryFs.readFileSync("/config.js", "utf8");
+                // Create a temporary module to evaluate the bundled code
+                const module = { exports: {} };
+                const require = (id) => {
+                    // Handle webpack require
+                    if (id === "webpack") {
+                        return webpack_1.webpack;
+                    }
+                    throw new Error(`Cannot resolve module: ${id}`);
+                };
+                // Evaluate the bundled code
+                const func = new Function("module", "exports", "require", "__filename", "__dirname", bundledCode);
+                func(module, module.exports, require, configPath, path_1.default.dirname(configPath));
+                // Extract the config - it could be default export or direct export
+                const configExport = module.exports.default || module.exports;
+                const config = typeof configExport === "function" ? configExport() : configExport;
+                resolve(validateConfig(config));
+            }
+            catch (evalError) {
+                reject(evalError);
+            }
+        });
+    });
+}

package/dist/compiler/start-http-server.d.ts

@@ -0,0 +1 @@
+export declare function startHttpServer(): Promise<void>;

package/dist/compiler/start-http-server.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startHttpServer = startHttpServer;
+const cli_icons_1 = require("../utils/cli-icons");
+const spawn_process_1 = require("../utils/spawn-process");
+const child_process_1 = require("child_process");
+let httpServerProcess = null;
+function spawnHttpServer() {
+    const process = (0, child_process_1.spawn)("node", ["dist/http.js"], {
+        stdio: "inherit",
+        shell: true,
+    });
+    (0, spawn_process_1.watchdog)(process);
+    return process;
+}
+async function killProcess(process) {
+    process.kill("SIGKILL");
+    await new Promise((resolve) => {
+        process.on("exit", resolve);
+    });
+}
+async function startHttpServer() {
+    if (!httpServerProcess) {
+        console.log(`${cli_icons_1.yellowArrow} Starting http server`);
+        // first time starting the server
+        httpServerProcess = spawnHttpServer();
+    }
+    else {
+        console.log(`${cli_icons_1.yellowArrow} Restarting http server`);
+        // restart the server
+        await killProcess(httpServerProcess);
+        httpServerProcess = spawnHttpServer();
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+export { type Middleware } from "./types/middleware";
+export type { ToolMetadata, ToolSchema, ToolExtraArguments, InferSchema, } from "./types/tool";
+export type { XmcpConfigOuputSchema as XmcpConfig } from "./compiler/config";
+export { apiKeyAuthMiddleware } from "./auth/api-key";
+export { jwtAuthMiddleware } from "./auth/jwt";
+export type { OAuthConfigOptions } from "./auth/oauth";
+import "./types/declarations";
+export * from "./test/index";
+export * from "./cache/index";
+export * from "./runtime/identity";
+export * from "./runtime/index";
+export { compile } from "./compiler/index";

package/dist/index.js

@@ -0,0 +1,38 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.compile = exports.jwtAuthMiddleware = exports.apiKeyAuthMiddleware = void 0;
+const dotenv_1 = __importDefault(require("dotenv"));
+dotenv_1.default.config();
+var api_key_1 = require("./auth/api-key");
+Object.defineProperty(exports, "apiKeyAuthMiddleware", { enumerable: true, get: function () { return api_key_1.apiKeyAuthMiddleware; } });
+var jwt_1 = require("./auth/jwt");
+Object.defineProperty(exports, "jwtAuthMiddleware", { enumerable: true, get: function () { return jwt_1.jwtAuthMiddleware; } });
+require("./types/declarations");
+// Test infrastructure (only available when XMCP_ENV=test)
+__exportStar(require("./test/index"), exports);
+// Nonce cache for replay prevention
+__exportStar(require("./cache/index"), exports);
+// Identity management for CLI and runtime
+__exportStar(require("./runtime/identity"), exports);
+// Runtime creation and management
+__exportStar(require("./runtime/index"), exports);
+// Compiler for CLI usage
+var index_1 = require("./compiler/index");
+Object.defineProperty(exports, "compile", { enumerable: true, get: function () { return index_1.compile; } });

package/dist/index.js.LICENSE.txt

@@ -0,0 +1,49 @@
+/*
+object-assign
+(c) Sindre Sorhus
+@license MIT
+*/
+
+/*!
+ * fill-range <https://github.com/jonschlinkert/fill-range>
+ *
+ * Copyright (c) 2014-present, Jon Schlinkert.
+ * Licensed under the MIT License.
+ */
+
+/*!
+ * is-extglob <https://github.com/jonschlinkert/is-extglob>
+ *
+ * Copyright (c) 2014-2016, Jon Schlinkert.
+ * Licensed under the MIT License.
+ */
+
+/*!
+ * is-glob <https://github.com/jonschlinkert/is-glob>
+ *
+ * Copyright (c) 2014-2017, Jon Schlinkert.
+ * Released under the MIT License.
+ */
+
+/*!
+ * is-number <https://github.com/jonschlinkert/is-number>
+ *
+ * Copyright (c) 2014-present, Jon Schlinkert.
+ * Released under the MIT License.
+ */
+
+/*!
+ * normalize-path <https://github.com/jonschlinkert/normalize-path>
+ *
+ * Copyright (c) 2014-2018, Jon Schlinkert.
+ * Released under the MIT License.
+ */
+
+/*!
+ * to-regex-range <https://github.com/micromatch/to-regex-range>
+ *
+ * Copyright (c) 2015-present, Jon Schlinkert.
+ * Released under the MIT License.
+ */
+
+/*! safe-buffer. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> */

package/dist/runtime/__tests__/audit.test.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Tests for Audit Logging System
+ */
+export {};

package/dist/runtime/__tests__/audit.test.js

@@ -0,0 +1,328 @@
+"use strict";
+/**
+ * Tests for Audit Logging System
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const audit_js_1 = require("../audit.js");
+(0, vitest_1.describe)("AuditLogger", () => {
+    let auditLogger;
+    let mockLogFunction;
+    let mockIdentity;
+    let mockSession;
+    (0, vitest_1.beforeEach)(() => {
+        mockLogFunction = vitest_1.vi.fn();
+        auditLogger = new audit_js_1.AuditLogger({
+            logFunction: mockLogFunction,
+        });
+        mockIdentity = {
+            did: "did:web:example.com:agents:test-agent",
+            keyId: "key-test-123",
+            privateKey: "test-private-key",
+            publicKey: "test-public-key",
+            createdAt: new Date().toISOString(),
+        };
+        mockSession = {
+            sessionId: "sess_test_123",
+            audience: "example.com",
+            nonce: "test-nonce-456",
+            timestamp: Math.floor(Date.now() / 1000),
+            createdAt: Math.floor(Date.now() / 1000),
+            lastActivity: Math.floor(Date.now() / 1000),
+            ttlMinutes: 30,
+        };
+    });
+    (0, vitest_1.describe)("Audit Record Generation", () => {
+        (0, vitest_1.it)("should emit audit record on first call per session", async () => {
+            const context = {
+                identity: mockIdentity,
+                session: mockSession,
+                requestHash: "sha256:abc123",
+                responseHash: "sha256:def456",
+                verified: "yes",
+                scopeId: "orders.create",
+            };
+            await auditLogger.logAuditRecord(context);
+            (0, vitest_1.expect)(mockLogFunction).toHaveBeenCalledOnce();
+            const auditLine = mockLogFunction.mock.calls[0][0];
+            (0, vitest_1.expect)(auditLine).toContain("audit.v1");
+            (0, vitest_1.expect)(auditLine).toContain("session=sess_test_123");
+            (0, vitest_1.expect)(auditLine).toContain("audience=example.com");
+            (0, vitest_1.expect)(auditLine).toContain("did=did:web:example.com:agents:test-agent");
+            (0, vitest_1.expect)(auditLine).toContain("kid=key-test-123");
+            (0, vitest_1.expect)(auditLine).toContain("reqHash=sha256:abc123");
+            (0, vitest_1.expect)(auditLine).toContain("resHash=sha256:def456");
+            (0, vitest_1.expect)(auditLine).toContain("verified=yes");
+            (0, vitest_1.expect)(auditLine).toContain("scope=orders.create");
+        });
+        (0, vitest_1.it)("should not emit duplicate audit records for same session", async () => {
+            const context = {
+                identity: mockIdentity,
+                session: mockSession,
+                requestHash: "sha256:abc123",
+                responseHash: "sha256:def456",
+                verified: "yes",
+            };
+            // First call should emit audit record
+            await auditLogger.logAuditRecord(context);
+            (0, vitest_1.expect)(mockLogFunction).toHaveBeenCalledOnce();
+            // Second call for same session should not emit
+            await auditLogger.logAuditRecord(context);
+            (0, vitest_1.expect)(mockLogFunction).toHaveBeenCalledOnce(); // Still only once
+        });
+        (0, vitest_1.it)("should emit separate audit records for different sessions", async () => {
+            const context1 = {
+                identity: mockIdentity,
+                session: mockSession,
+                requestHash: "sha256:abc123",
+                responseHash: "sha256:def456",
+                verified: "yes",
+            };
+            const context2 = {
+                identity: mockIdentity,
+                session: { ...mockSession, sessionId: "sess_test_456" },
+                requestHash: "sha256:ghi789",
+                responseHash: "sha256:jkl012",
+                verified: "no",
+            };
+            await auditLogger.logAuditRecord(context1);
+            await auditLogger.logAuditRecord(context2);
+            (0, vitest_1.expect)(mockLogFunction).toHaveBeenCalledTimes(2);
+        });
+        (0, vitest_1.it)('should use "-" for missing scope', async () => {
+            const context = {
+                identity: mockIdentity,
+                session: mockSession,
+                requestHash: "sha256:abc123",
+                responseHash: "sha256:def456",
+                verified: "yes",
+                // No scopeId provided
+            };
+            await auditLogger.logAuditRecord(context);
+            const auditLine = mockLogFunction.mock.calls[0][0];
+            (0, vitest_1.expect)(auditLine).toContain("scope=-");
+        });
+        (0, vitest_1.it)("should not log when disabled", async () => {
+            const disabledLogger = new audit_js_1.AuditLogger({
+                enabled: false,
+                logFunction: mockLogFunction,
+            });
+            const context = {
+                identity: mockIdentity,
+                session: mockSession,
+                requestHash: "sha256:abc123",
+                responseHash: "sha256:def456",
+                verified: "yes",
+            };
+            await disabledLogger.logAuditRecord(context);
+            (0, vitest_1.expect)(mockLogFunction).not.toHaveBeenCalled();
+        });
+    });
+    (0, vitest_1.describe)("Audit Line Format", () => {
+        (0, vitest_1.it)("should format audit line with frozen format", async () => {
+            const context = {
+                identity: mockIdentity,
+                session: mockSession,
+                requestHash: "sha256:abc123",
+                responseHash: "sha256:def456",
+                verified: "yes",
+                scopeId: "orders.create",
+            };
+            await auditLogger.logAuditRecord(context);
+            const auditLine = mockLogFunction.mock.calls[0][0];
+            const parts = auditLine.split(" ");
+            (0, vitest_1.expect)(parts[0]).toBe("audit.v1");
+            (0, vitest_1.expect)(parts[1]).toMatch(/^ts=\d+$/);
+            (0, vitest_1.expect)(parts[2]).toBe("session=sess_test_123");
+            (0, vitest_1.expect)(parts[3]).toBe("audience=example.com");
+            (0, vitest_1.expect)(parts[4]).toBe("did=did:web:example.com:agents:test-agent");
+            (0, vitest_1.expect)(parts[5]).toBe("kid=key-test-123");
+            (0, vitest_1.expect)(parts[6]).toBe("reqHash=sha256:abc123");
+            (0, vitest_1.expect)(parts[7]).toBe("resHash=sha256:def456");
+            (0, vitest_1.expect)(parts[8]).toBe("verified=yes");
+            (0, vitest_1.expect)(parts[9]).toBe("scope=orders.create");
+        });
+        (0, vitest_1.it)("should include timestamp in unix seconds", async () => {
+            const beforeTime = Math.floor(Date.now() / 1000);
+            const context = {
+                identity: mockIdentity,
+                session: mockSession,
+                requestHash: "sha256:abc123",
+                responseHash: "sha256:def456",
+                verified: "yes",
+            };
+            await auditLogger.logAuditRecord(context);
+            const afterTime = Math.floor(Date.now() / 1000);
+            const auditLine = mockLogFunction.mock.calls[0][0];
+            const tsMatch = auditLine.match(/ts=(\d+)/);
+            (0, vitest_1.expect)(tsMatch).toBeTruthy();
+            const timestamp = parseInt(tsMatch[1], 10);
+            (0, vitest_1.expect)(timestamp).toBeGreaterThanOrEqual(beforeTime);
+            (0, vitest_1.expect)(timestamp).toBeLessThanOrEqual(afterTime);
+        });
+    });
+    (0, vitest_1.describe)("Configuration and Statistics", () => {
+        (0, vitest_1.it)("should provide accurate statistics", async () => {
+            const context = {
+                identity: mockIdentity,
+                session: mockSession,
+                requestHash: "sha256:abc123",
+                responseHash: "sha256:def456",
+                verified: "yes",
+            };
+            const initialStats = auditLogger.getStats();
+            (0, vitest_1.expect)(initialStats.sessionsLogged).toBe(0);
+            (0, vitest_1.expect)(initialStats.enabled).toBe(true);
+            (0, vitest_1.expect)(initialStats.includePayloads).toBe(false);
+            await auditLogger.logAuditRecord(context);
+            const finalStats = auditLogger.getStats();
+            (0, vitest_1.expect)(finalStats.sessionsLogged).toBe(1);
+        });
+        (0, vitest_1.it)("should allow configuration updates", () => {
+            auditLogger.updateConfig({ enabled: false, includePayloads: true });
+            const stats = auditLogger.getStats();
+            (0, vitest_1.expect)(stats.enabled).toBe(false);
+            (0, vitest_1.expect)(stats.includePayloads).toBe(true);
+        });
+        (0, vitest_1.it)("should clear session log", async () => {
+            const context = {
+                identity: mockIdentity,
+                session: mockSession,
+                requestHash: "sha256:abc123",
+                responseHash: "sha256:def456",
+                verified: "yes",
+            };
+            await auditLogger.logAuditRecord(context);
+            (0, vitest_1.expect)(auditLogger.getStats().sessionsLogged).toBe(1);
+            auditLogger.clearSessionLog();
+            (0, vitest_1.expect)(auditLogger.getStats().sessionsLogged).toBe(0);
+        });
+    });
+});
+(0, vitest_1.describe)("Key Rotation Audit", () => {
+    let mockLogFunction;
+    let mockIdentity;
+    (0, vitest_1.beforeEach)(() => {
+        mockLogFunction = vitest_1.vi.fn();
+        mockIdentity = {
+            did: "did:web:example.com:agents:test-agent",
+            keyId: "key-new-456",
+            privateKey: "test-private-key",
+            publicKey: "test-public-key",
+            createdAt: new Date().toISOString(),
+        };
+    });
+    (0, vitest_1.it)("should log key rotation audit record", () => {
+        const context = {
+            identity: mockIdentity,
+            oldKeyId: "key-old-123",
+            newKeyId: "key-new-456",
+            mode: "dev",
+            delegated: "no",
+            force: "no",
+        };
+        (0, audit_js_1.logKeyRotationAudit)(context, mockLogFunction);
+        (0, vitest_1.expect)(mockLogFunction).toHaveBeenCalledOnce();
+        const auditLine = mockLogFunction.mock.calls[0][0];
+        (0, vitest_1.expect)(auditLine).toContain("keys.rotate.v1");
+        (0, vitest_1.expect)(auditLine).toContain("did=did:web:example.com:agents:test-agent");
+        (0, vitest_1.expect)(auditLine).toContain("oldKid=key-old-123");
+        (0, vitest_1.expect)(auditLine).toContain("newKid=key-new-456");
+        (0, vitest_1.expect)(auditLine).toContain("mode=dev");
+        (0, vitest_1.expect)(auditLine).toContain("delegated=no");
+        (0, vitest_1.expect)(auditLine).toContain("force=no");
+    });
+    (0, vitest_1.it)("should log production key rotation with delegation", () => {
+        const context = {
+            identity: mockIdentity,
+            oldKeyId: "key-old-123",
+            newKeyId: "key-new-456",
+            mode: "prod",
+            delegated: "yes",
+            force: "no",
+        };
+        (0, audit_js_1.logKeyRotationAudit)(context, mockLogFunction);
+        const auditLine = mockLogFunction.mock.calls[0][0];
+        (0, vitest_1.expect)(auditLine).toContain("mode=prod");
+        (0, vitest_1.expect)(auditLine).toContain("delegated=yes");
+    });
+    (0, vitest_1.it)("should log forced key rotation", () => {
+        const context = {
+            identity: mockIdentity,
+            oldKeyId: "key-old-123",
+            newKeyId: "key-new-456",
+            mode: "prod",
+            delegated: "no",
+            force: "yes",
+        };
+        (0, audit_js_1.logKeyRotationAudit)(context, mockLogFunction);
+        const auditLine = mockLogFunction.mock.calls[0][0];
+        (0, vitest_1.expect)(auditLine).toContain("force=yes");
+    });
+});
+(0, vitest_1.describe)("Audit Line Parsing", () => {
+    (0, vitest_1.it)("should parse valid audit line", () => {
+        const auditLine = "audit.v1 ts=1640995200 session=sess_test_123 audience=example.com did=did:web:example.com:agents:test-agent kid=key-test-123 reqHash=sha256:abc123 resHash=sha256:def456 verified=yes scope=orders.create";
+        const record = (0, audit_js_1.parseAuditLine)(auditLine);
+        (0, vitest_1.expect)(record).toBeTruthy();
+        (0, vitest_1.expect)(record.version).toBe("audit.v1");
+        (0, vitest_1.expect)(record.ts).toBe(1640995200);
+        (0, vitest_1.expect)(record.session).toBe("sess_test_123");
+        (0, vitest_1.expect)(record.audience).toBe("example.com");
+        (0, vitest_1.expect)(record.did).toBe("did:web:example.com:agents:test-agent");
+        (0, vitest_1.expect)(record.kid).toBe("key-test-123");
+        (0, vitest_1.expect)(record.reqHash).toBe("sha256:abc123");
+        (0, vitest_1.expect)(record.resHash).toBe("sha256:def456");
+        (0, vitest_1.expect)(record.verified).toBe("yes");
+        (0, vitest_1.expect)(record.scope).toBe("orders.create");
+    });
+    (0, vitest_1.it)("should parse audit line with no scope", () => {
+        const auditLine = "audit.v1 ts=1640995200 session=sess_test_123 audience=example.com did=did:web:example.com:agents:test-agent kid=key-test-123 reqHash=sha256:abc123 resHash=sha256:def456 verified=no scope=-";
+        const record = (0, audit_js_1.parseAuditLine)(auditLine);
+        (0, vitest_1.expect)(record).toBeTruthy();
+        (0, vitest_1.expect)(record.verified).toBe("no");
+        (0, vitest_1.expect)(record.scope).toBe("-");
+    });
+    (0, vitest_1.it)("should return null for invalid audit line", () => {
+        const invalidLines = [
+            "invalid line",
+            "audit.v1 incomplete",
+            "wrong.version ts=123 session=test",
+            "audit.v1 ts=invalid session=test audience=test",
+        ];
+        for (const line of invalidLines) {
+            (0, vitest_1.expect)((0, audit_js_1.parseAuditLine)(line)).toBeNull();
+        }
+    });
+});
+(0, vitest_1.describe)("Audit Record Validation", () => {
+    (0, vitest_1.it)("should validate correct audit record", () => {
+        const validRecord = {
+            version: "audit.v1",
+            ts: 1640995200,
+            session: "sess_test_123",
+            audience: "example.com",
+            did: "did:web:example.com:agents:test-agent",
+            kid: "key-test-123",
+            reqHash: "sha256:abc123",
+            resHash: "sha256:def456",
+            verified: "yes",
+            scope: "orders.create",
+        };
+        (0, vitest_1.expect)((0, audit_js_1.validateAuditRecord)(validRecord)).toBe(true);
+    });
+    (0, vitest_1.it)("should reject invalid audit records", () => {
+        const invalidRecords = [
+            null,
+            undefined,
+            {},
+            { version: "wrong.version" },
+            { version: "audit.v1", ts: "invalid" },
+            { version: "audit.v1", ts: 123, verified: "maybe" },
+            { version: "audit.v1", ts: 123, reqHash: "invalid-hash" },
+        ];
+        for (const record of invalidRecords) {
+            (0, vitest_1.expect)((0, audit_js_1.validateAuditRecord)(record)).toBe(false);
+        }
+    });
+});

package/dist/runtime/__tests__/identity.test.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Tests for Identity Management System
+ */
+export {};