@kya-os/mcp-i 0.1.0 → 1.2.1

package/README.md

@@ -1,117 +1,452 @@
-# @kya-os/mcp-i
+<div align="center">
+  <a href="https://github.com/modelcontextprotocol-identity/xmcp-i">
+    <picture>
+      <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/modelcontextprotocol-identity/xmcp-i/main/assets/mcp-i-logo-dark.png">
+      <img alt="MCP-I logo" src="https://raw.githubusercontent.com/modelcontextprotocol-identity/xmcp-i/main/assets/mcp-i-logo-light.png" height="128">
+    </picture>
+  </a>
+  <h1>xmcp-i</h1>
 
-Ultra-light MCP Identity auto-registration - Get agent identity with just 2 lines of code!
+<a href="https://github.com/modelcontextprotocol-identity/xmcp-i"><img alt="XMCP-I" src="https://img.shields.io/badge/XMCP--I-000000.svg?style=for-the-badge&labelColor=000"></a>
+<a href="https://www.npmjs.com/package/xmcp-i"><img alt="NPM version" src="https://img.shields.io/npm/v/xmcp-i.svg?style=for-the-badge&labelColor=000000"></a>
+<a href="https://github.com/modelcontextprotocol-identity/xmcp-i/blob/main/license.md"><img alt="License" src="https://img.shields.io/npm/l/xmcp-i.svg?style=for-the-badge&labelColor=000000"></a>
 
-## 🚀 Installation
+</div>
+
+## Own Your AI Agent with Cryptographic Identity
+
+`xmcp-i` enables you to **create your own AI agents** with cryptographic identity and secure delegation. Register and claim your agents with [knowthat.ai](https://knowthat.ai), store your identity securely within them, and delegate or revoke permissions as needed. Built on the XMCP framework with identity features baked in from day one.
+
+## Quick Start
+
+Create your first owned AI agent:
+
+```bash
+npx @kya-os/create-xmcpi-app@latest my-agent
+```
+
+Then register and claim ownership at [knowthat.ai](https://knowthat.ai)
+
+> **New to XMCP-I?** Use [`@kya-os/create-xmcpi-app`](https://www.npmjs.com/package/@kya-os/create-xmcpi-app) to scaffold a complete agent with identity. For existing projects, install `@kya-os/xmcpi` directly.
+
+## Installation
+
+### For New Projects
+
+```bash
+npx create-xmcpi-app@latest my-agent
+```
+
+### For Existing Projects
+
+```bash
+npx init-xmcp-i@latest
+```
+
+This will add identity features to your existing Node.js/TypeScript project with automatic framework detection and configuration.
+
+## Why Agent Ownership Matters
+
+⊹ **True Ownership** - Your agent belongs to you, not a platform\
+⊹ **Cryptographic Security** - Ed25519 keys and DID-based identity\
+⊹ **Permission Control** - Delegate and revoke capabilities securely\
+⊹ **Verifiable Actions** - All responses are cryptographically signed\
+⊹ **Decentralized Trust** - No central authority controls your agent\
+⊹ **Portable Identity** - Move your agent between platforms while keeping ownership
+
+### Cryptographic Foundation
+
+- **DID Generation**: Decentralized identifiers from public keys
+- **Automatic Signing**: All responses signed with your private key
+- **Key Security**: Private keys never leave your control
+
+## Security and Trust
+
+**Agent Ownership Verification**: Every XMCP-I agent generates a cryptographic proof of ownership that can be verified independently. When you register your agent with knowthat.ai, you establish a permanent, tamper-proof claim to your agent's identity.
+
+**Decentralized Trust**: Your agent's identity doesn't depend on any central authority. The cryptographic keys are generated locally and never shared. Even if knowthat.ai goes offline, your agent retains its identity and ownership proof.
+
+**Secure Delegation**: Permission delegation uses time-bound, cryptographically signed tokens. You can grant specific capabilities to other users or systems, with full audit trails and instant revocation capabilities.
+
+## Real-World Benefits for Developers & Businesses
+
+### Privacy-First Tracking & Analytics
+
+Unlike traditional web tracking (cookies, pixels), XMCP-I provides **ethical data collection**:
+
+- Users can see exactly what data is stored about them
+- Users can revoke access instantly at any time
+- Businesses get analytics for retargeting without violating privacy
+- Think "GDPR-compliant by design" - users control their data completely
+
+### XMCP-I Allows AI in Regulated Industries
+
+Industries like healthcare, law, and finance can now use AI while maintaining compliance:
+
+**The Problem**: These industries need AI efficiency but can't use most AI services due to:
+
+- Data privacy regulations (HIPAA, GDPR, SOX)
+- Audit requirements (who did what, when?)
+- Client confidentiality obligations
+
+**The Solution**: XMCP-I provides:
+
+- **Provable Privacy**: Cryptographic proof of data handling
+- **Complete Audit Trails**: Every AI action is signed and traceable
+- **User Control**: Clients can revoke AI access to their data instantly
+- **Regulatory Compliance**: Built-in features for GDPR, HIPAA, etc.
+- **EU AI Act Compliance**: Built-in audit trails and user consent mechanisms
+
+**Real Example**: A law firm can now use AI for document review because:
+
+- Clients control exactly which documents the AI can access
+- All AI actions are cryptographically logged
+- Clients can revoke access immediately if they switch firms
+- The firm can prove to regulators exactly how data was handled
+
+## Installation
+
+### For New Projects
+
+```bash
+npx @kya-os/create-xmcpi-app@latest my-agent
+```
+
+### For Existing Projects
+
+```bash
+npm install @kya-os/xmcpi
+# or
+yarn add @kya-os/xmcpi
+# or
+pnpm add @kya-os/xmcpi
+```
+
+## Migrating from XMCP
+
+Your existing XMCP agents can gain ownership capabilities:
+
+```typescript
+// Before (original XMCP - platform owned)
+import { createXMCPServer } from "xmcp";
+
+// After (XMCP-I - you own the agent!)
+import { createXMCPServer } from "xmcp-i";
+```
+
+Your existing code works unchanged, but now your agent:
+
+- ✅ Has its own cryptographic identity
+- ✅ Can be registered and claimed by you at knowthat.ai
+- ✅ Signs all responses automatically
+- ✅ Supports secure permission delegation
+- ✅ Provides verifiable ownership proof
+
+## Core Identity Features
+
+### Agent Identity Verification
+
+Your agent provides cryptographic proof of ownership:
 
 ```bash
-npm install @kya-os/mcp-i
+# Your agent's identity includes:
+{
+  "did": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
+  "publicKey": "-----BEGIN PUBLIC KEY-----\n...",
+  "privateKey": "-----BEGIN PRIVATE KEY-----\n...",  // Never shared
+  "agentId": "agent-abc123...",
+  "capabilities": {
+    "tools": true,
+    "signing": true,
+    "verification": true,
+    "delegation": true
+  }
+}
 ```
 
-## 💡 Usage
+- **Public Key**: Can be shared and verified by anyone
+- **Private Key**: Never leaves your control, stored securely locally
+- **DID**: Globally unique identifier generated from your public key
+- **Signatures**: All agent responses include cryptographic signatures
+
+### Trust Infrastructure
+
+- `GET /.well-known/mcp-identity/health` - Health check with identity
+- `GET /.well-known/mcp-identity/self` - Agent identity information
+- `POST /.well-known/mcp-identity/verify` - Verify signatures
+- `GET /.well-known/mcp-identity/resolve/:did` - Resolve DIDs
+
+### Built-in Identity Tools & Self-Sovereign Features
+
+- `get-identity-info` - Comprehensive agent identity details
+- `sign-message` - Sign messages with your private key
+- `verify-signature` - Verify signatures against DIDs
+- `get-server-status` - Agent status with identity information
+- `get-user-data` - Allow users to see all stored data about them
+- `revoke-user-access` - Let users instantly revoke AI access to their data
+- `export-user-data` - Enable users to export their data for portability
+
+## Secure Permission Delegation
+
+Control what your agent can do and for whom:
 
 ```typescript
-import { MCPIdentity } from "@kya-os/mcp-i";
+// Delegate specific permissions to other DIDs
+await agent.delegate({
+  to: "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
+  permissions: ["read:data", "execute:safe-actions"],
+  expires: new Date("2025-12-31"),
+  conditions: {
+    rate_limit: "100/hour",
+    allowed_tools: ["get-weather", "search-docs"],
+  },
+});
+
+// Revoke permissions instantly
+await agent.revoke({
+  delegation_id: "del_abc123",
+  reason: "Project completed",
+});
+
+// All delegation changes are cryptographically signed and verifiable
+```
+
+### Secure Delegation Example
 
-// That's it! Your MCP server now has identity
-const identity = await MCPIdentity.init();
+Grant specific permissions to other users while maintaining ownership:
 
-console.log("My DID:", identity.did);
-// Output: did:web:knowthat.ai:agents:your-server-name
+```typescript
+// Example: Grant read-only access to specific tools
+await agent.delegate({
+  to: "user@example.com",
+  permissions: ["read:weather", "read:docs"],
+  expires: "2025-12-31T23:59:59Z",
+  conditions: { rate_limit: "100/hour" },
+});
 ```
 
-## 🎯 What It Does
+## Platform Support with Identity Persistence
+
+Deploy your owned agents anywhere with secure identity storage:
+
+### Vercel
+
+- **Edge Runtime**: Fast cold starts with identity context
+- **KV Storage**: Secure identity persistence using Vercel KV
+- **Zero Config**: Deploy with `vercel --prod` and identity works
+- **Environment**: Automatic identity configuration and key management
 
-1. **First Run**: Automatically registers your MCP server with knowthat.ai
-2. **Gets DID**: Receives a decentralized identifier for your agent
-3. **Saves Identity**: Stores credentials in `.env.local` and `.mcp-identity.json`
-4. **Future Runs**: Loads existing identity (no re-registration)
+### AWS Lambda
 
-## ✨ Features
+- **Cold Start Optimized**: Minimal initialization with cached identity
+- **DynamoDB**: Secure identity storage with DynamoDB persistence
+- **Serverless**: Built-in serverless framework configuration
+- **IAM Integration**: Pre-configured identity and permission policies
 
-- **Zero Configuration**: Works out of the box
-- **Ultra-Light**: Only depends on `axios`
-- **No Other Dependencies**: Completely standalone package
-- **Persistent Identity**: Same DID across restarts
-- **Verification Badges**: Get verified status in MCP directories
+### Next.js
 
-## 🔧 Options
+- **API Routes**: Identity-enabled API endpoints out of the box
+- **Middleware**: Request-level identity verification and delegation
+- **SSR Support**: Server-side identity rendering and verification
+- **Full Stack**: Complete client and server identity integration
+
+### Express
+
+- **Middleware Stack**: Identity verification middleware for existing apps
+- **Flexible Routing**: Identity-aware route handlers and permission checking
+- **Production Ready**: Battle-tested middleware for production workloads
+- **Custom Auth**: Extensible identity providers and authentication flows
+
+### Standalone
+
+- **File Persistence**: Local identity storage with file-based backend
+- **Docker Ready**: Containerized deployment with identity intact
+- **Self Hosted**: Complete control over your agent and its identity
+- **Process Management**: PM2 and systemd configurations included
+
+## CLI Usage
+
+```bash
+# Development with identity features
+xmcp-i dev
+
+# Build for production deployment
+mcpi build
+
+# Platform-specific builds with identity optimization
+mcpi build --vercel
+mcpi build --lambda
+mcpi build --docker
+```
+
+## Framework Integration
+
+### Agent Ownership in Action
 
 ```typescript
-const identity = await MCPIdentity.init({
-  name: "My Awesome MCP Server",        // Optional: Server name
-  description: "Does amazing things",   // Optional: Description
-  repository: "https://github.com/...", // Optional: GitHub URL
-  apiEndpoint: "https://knowthat.ai"    // Optional: Custom endpoint
+import { createXMCPServer } from "@kya-os/xmcpi";
+
+// Create an agent with built-in cryptographic identity
+const agent = await createXMCPServer({
+  name: "my-personal-agent",
+  identity: {
+    // Identity generated automatically with Ed25519 keys
+    autoSign: true, // All responses signed with your key
+    trustEndpoints: true, // Verification endpoints enabled
+    persistence: "file", // Store identity securely
+  },
+  tools: [
+    {
+      name: "secure-action",
+      description: "Execute action with verified identity",
+      parameters: { action: { type: "string", required: true } },
+      handler: async ({ action }, context) => {
+        // Every response includes your cryptographic signature
+        return {
+          action: `Executed: ${action}`,
+          agent_did: context.server.identity.did,
+          owner: "you@knowthat.ai",
+          timestamp: new Date().toISOString(),
+          // ↑ This response is automatically signed with your private key
+        };
+      },
+    },
+  ],
+});
+
+// Register your agent's DID with knowthat.ai to claim ownership
+await agent.register("https://knowthat.ai");
+
+agent.listen(3000, () => {
+  console.log(`🤖 Your agent is running: ${agent.identity.did}`);
+  console.log(
+    `🔐 Claim ownership: https://knowthat.ai/claim/${agent.identity.did}`
+  );
 });
 ```
 
-## 📁 Identity Storage
+## Migrating from XMCP
+
+Your existing XMCP agents can gain ownership capabilities:
 
-The package stores identity in multiple locations (checked in order):
+```typescript
+// Before (original XMCP - platform owned)
+import { createXMCPServer } from "xmcp";
 
-1. **Environment Variables**
-   - `AGENT_DID`
-   - `AGENT_PUBLIC_KEY`
-   - `AGENT_PRIVATE_KEY`
+// After (XMCP-I - you own the agent!)
+import { createXMCPServer } from "xmcp-i";
+```
 
-2. **Local Files**
-   - `.env.local` (auto-generated)
-   - `.mcp-identity.json` (auto-generated)
+Your existing code works unchanged, but now your agent:
 
-## 🔐 Security
+- ✅ Has its own cryptographic identity
+- ✅ Can be registered and claimed by you at knowthat.ai
+- ✅ Signs all responses automatically
+- ✅ Supports secure permission delegation
+- ✅ Provides verifiable ownership proof
 
-- Private keys are stored locally only
-- Never share your `.env.local` or `.mcp-identity.json` files
-- Add them to `.gitignore`
+## Advanced Identity Features
 
-## 🤝 Integration with MCP Servers
+### Custom Identity Providers
 
 ```typescript
-import { Server } from "@modelcontextprotocol/sdk/server/index.js";
-import { MCPIdentity } from "@kya-os/mcp-i";
+import { createCustomIdentityProvider } from "@kya-os/xmcpi/platforms";
+
+const customProvider = createCustomIdentityProvider({
+  keyType: "secp256k1", // Alternative key types
+  generateDID: (pubKey) => `did:custom:${hash(pubKey)}`,
+  persistence: "redis", // Custom storage backends
+  knowthat: {
+    apiKey: process.env.KNOWTHAT_API_KEY,
+    autoRegister: true, // Automatic agent registration
+  },
+});
 
-// Initialize identity
-const identity = await MCPIdentity.init({
-  name: "Calendar Booker"
+const agent = await createXMCPServer({
+  name: "my-custom-agent",
+  identity: { provider: customProvider },
 });
+```
+
+### Identity Middleware Integration
 
-// Pass to your MCP server
-const server = new Server({
-  name: "calendar-booker",
-  version: "1.0.0",
-  identity // Your server now has verifiable identity!
+```typescript
+import { identityMiddleware, delegationMiddleware } from "@kya-os/xmcpi";
+
+const agent = await createXMCPServer({
+  name: "my-secure-agent",
+  middlewares: [
+    identityMiddleware({
+      requireSignature: true, // Require signed requests
+      trustLevel: "verified", // Only accept verified DIDs
+    }),
+    delegationMiddleware({
+      checkPermissions: true, // Validate delegated permissions
+      rateLimiting: true, // Enforce delegation rate limits
+    }),
+  ],
 });
 ```
 
-## 📊 What Happens After Registration
+## Dependencies and Architecture
+
+XMCP-I builds on proven cryptographic foundations:
+
+### Core Identity Stack
+
+- **@kya-os/mcp-i** - Core identity protocol implementation with knowthat.ai integration
+- **jose** - JWT and cryptographic operations (JWS, JWE, JWK)
+- **@modelcontextprotocol/sdk** - MCP protocol SDK for agent communication
+- **axios** - HTTP client for identity resolution and knowthat.ai API calls
 
-1. **Profile Created**: `https://knowthat.ai/agents/your-server-slug`
-2. **Verification Badge**: Shows "Auto-Registered" status
-3. **DID Resolution**: Your DID becomes resolvable immediately
-4. **Trust Building**: Usage builds reputation over time
+### Development Stack
 
-## 🚨 Troubleshooting
+- **express** - Web server framework for identity endpoints
+- **webpack** - Module bundler with identity-aware compilation
+- **chalk** - Beautiful CLI output for identity operations
+- **chokidar** - File watching with identity file monitoring
 
-### Rate Limiting
-If you see "Rate limit exceeded", wait a few minutes and try again. The API allows 10 registrations per hour per IP.
+### Cryptographic Security
 
-### No Identity Found
-Make sure you have write permissions in your project directory for saving the identity files.
+- **Ed25519** - Elliptic curve digital signatures (default)
+- **secp256k1** - Bitcoin-compatible signatures (optional)
+- **DID Keys** - Decentralized identifier generation from public keys
+- **JWS/JWE** - JSON Web Signatures and Encryption for secure transport
 
-### Network Issues
-The package needs to reach `https://knowthat.ai` for auto-registration. Check your network connection and proxy settings.
+## Development
+
+Build your own identity-enabled MCP agents:
+
+```bash
+# Clone the repository
+git clone https://github.com/modelcontextprotocol-identity/xmcp-i.git
+
+# Install dependencies
+pnpm install
+
+# Start development with identity features
+pnpm run dev
+
+# Build for production with identity optimization
+pnpm run build
+
+# Run identity-aware tests
+pnpm run test
+
+# Lint code including identity modules
+pnpm run lint
+```
 
-## 📄 License
+## Learn more
 
-MIT
+⊹ **Register Your Agent**: [knowthat.ai](https://knowthat.ai) - Claim ownership of your AI agents\
+⊹ **Original XMCP Framework**: [xmcp.dev](https://xmcp.dev) - Base framework documentation\
+⊹ **Model Context Protocol**: [modelcontextprotocol.io](https://modelcontextprotocol.io) - Core protocol specification
 
-## 🔗 Links
+## Security
 
-- [KYA-OS Documentation](https://docs.kya-os.com)
-- [MCP-I Specification](https://github.com/vouched/kya-os/blob/main/docs/mcp-i.md)
-- [Report Issues](https://github.com/vouched/kya-os/issues)
+If you believe you have found a security vulnerability, please report it to [security@xmcp-i.dev](mailto:security@xmcp-i.dev). We take agent ownership security seriously and will investigate all reports promptly.
 
----
+## License
 
-Made with ❤️ by the KYA-OS team
+This project is licensed under the MIT License - see the [LICENSE](https://github.com/modelcontextprotocol-identity/xmcp-i/blob/main/license.md) file for details.

package/dist/149.js

@@ -0,0 +1 @@
+"use strict";exports.id=149,exports.ids=[149],exports.modules={10602:(e,t,s)=>{s.d(t,{$:()=>o});const o="***SensitiveInformation***"},11149:(e,t,s)=>{s.d(t,{GetRoleCredentialsCommand:()=>M,SSOClient:()=>dt});var o=s(66403),n=s(53340),r=s(3594);const i={UseFIPS:{type:"builtInParams",name:"useFipsEndpoint"},Endpoint:{type:"builtInParams",name:"endpoint"},Region:{type:"builtInParams",name:"region"},UseDualStack:{type:"builtInParams",name:"useDualstackEndpoint"}};var a=s(10602),c=s(92309);class d extends c.T{constructor(e){super(e),Object.setPrototypeOf(this,d.prototype)}}class u extends d{name="InvalidRequestException";$fault="client";constructor(e){super({name:"InvalidRequestException",$fault:"client",...e}),Object.setPrototypeOf(this,u.prototype)}}class p extends d{name="ResourceNotFoundException";$fault="client";constructor(e){super({name:"ResourceNotFoundException",$fault:"client",...e}),Object.setPrototypeOf(this,p.prototype)}}class h extends d{name="TooManyRequestsException";$fault="client";constructor(e){super({name:"TooManyRequestsException",$fault:"client",...e}),Object.setPrototypeOf(this,h.prototype)}}class l extends d{name="UnauthorizedException";$fault="client";constructor(e){super({name:"UnauthorizedException",$fault:"client",...e}),Object.setPrototypeOf(this,l.prototype)}}const m=e=>({...e,...e.accessToken&&{accessToken:a.$}}),g=e=>({...e,...e.secretAccessKey&&{secretAccessKey:a.$},...e.sessionToken&&{sessionToken:a.$}}),y=e=>({...e,...e.roleCredentials&&{roleCredentials:g(e.roleCredentials)}});var f=s(46071),S=s(65875),b=s(93907);const v=e=>null!=e;var P=s(86343),w=s(10001),x=s(63976);const I=async(e,t)=>{const s=(0,S.l)(e,t),o=(0,b.Tj)({},v,{[U]:e[O]});s.bp("/federation/credentials");const n=(0,b.Tj)({[F]:[,(0,P.Y0)(e[z],"roleName")],[D]:[,(0,P.Y0)(e[j],"accountId")]});return s.m("GET").h(o).q(n).b(void 0),s.build()},E=async(e,t)=>{if(200!==e.statusCode&&e.statusCode>=300)return k(e,t);const s=(0,b.Tj)({$metadata:T(e)}),o=(0,P.Y0)((0,P.Xk)(await(0,f.Y2)(e.body,t)),"body"),n=(0,b.s)(o,{roleCredentials:w.S});return Object.assign(s,n),s},k=async(e,t)=>{const s={...e,body:await(0,f.CG)(e.body,t)},o=(0,f.cJ)(e,s.body);switch(o){case"InvalidRequestException":case"com.amazonaws.sso#InvalidRequestException":throw await A(s,t);case"ResourceNotFoundException":case"com.amazonaws.sso#ResourceNotFoundException":throw await C(s,t);case"TooManyRequestsException":case"com.amazonaws.sso#TooManyRequestsException":throw await $(s,t);case"UnauthorizedException":case"com.amazonaws.sso#UnauthorizedException":throw await q(s,t);default:const n=s.body;return R({output:e,parsedBody:n,errorCode:o})}},R=(0,x.j)(d),A=async(e,t)=>{const s=(0,b.Tj)({}),o=e.body,n=(0,b.s)(o,{message:P.lK});Object.assign(s,n);const r=new u({$metadata:T(e),...s});return(0,c.M)(r,e.body)},C=async(e,t)=>{const s=(0,b.Tj)({}),o=e.body,n=(0,b.s)(o,{message:P.lK});Object.assign(s,n);const r=new p({$metadata:T(e),...s});return(0,c.M)(r,e.body)},$=async(e,t)=>{const s=(0,b.Tj)({}),o=e.body,n=(0,b.s)(o,{message:P.lK});Object.assign(s,n);const r=new h({$metadata:T(e),...s});return(0,c.M)(r,e.body)},q=async(e,t)=>{const s=(0,b.Tj)({}),o=e.body,n=(0,b.s)(o,{message:P.lK});Object.assign(s,n);const r=new l({$metadata:T(e),...s});return(0,c.M)(r,e.body)},T=e=>({httpStatusCode:e.statusCode,requestId:e.headers["x-amzn-requestid"]??e.headers["x-amzn-request-id"]??e.headers["x-amz-request-id"],extendedRequestId:e.headers["x-amz-id-2"],cfId:e.headers["x-amz-cf-id"]}),j="accountId",O="accessToken",D="account_id",z="roleName",F="role_name",U="x-amz-sso_bearer_token";class M extends(r.u.classBuilder().ep(i).m(function(e,t,s,r){return[(0,n.TM)(s,this.serialize,this.deserialize),(0,o.r)(s,e.getEndpointParameterInstructions())]}).s("SWBPortalService","GetRoleCredentials",{}).n("SSOClient","GetRoleCredentialsCommand").f(m,y).ser(I).de(E).build()){}var K=s(67317),N=s(27847),H=s(33182),G=s(67868),Z=s(4518),L=s(20459),V=s(23369),Y=s(83007),B=s(58001),_=s(88244),W=s(79244),J=s(74499),X=s(29163),Q=s(8928),ee=s(27792),te=s(80835),se=s(6670);const oe=async(e,t,s)=>({operation:(0,te.u)(t).operation,region:await(0,se.t)(e.region)()||(()=>{throw new Error("expected `region` to be configured for `aws.auth#sigv4`")})()}),ne=e=>{const t=[];switch(e.operation){case"GetRoleCredentials":case"ListAccountRoles":case"ListAccounts":case"Logout":t.push({schemeId:"smithy.api#noAuth"});break;default:t.push(function(e){return{schemeId:"aws.auth#sigv4",signingProperties:{name:"awsssoportal",region:e.region},propertiesExtractor:(e,t)=>({signingProperties:{config:e,context:t}})}}(e))}return t};var re=s(21674),ie=s(61008),ae=s(4425),ce=s(34767),de=s(91968),ue=s(28164),pe=s(41942),he=s(13820),le=s(43316),me=s(41911),ge=s(46553),ye=s(31680),fe=s(88468),Se=s(57180),be=s(31305),ve=s(96527),Pe=s(72804),we=s(69367),xe=s(19506),Ie=s(40935),Ee=s(2914),ke=s(56771),Re=s(2257),Ae=s(63305),Ce=s(60248);const $e="required",qe="fn",Te="argv",je="ref",Oe=!0,De="isSet",ze="booleanEquals",Fe="error",Ue="endpoint",Me="tree",Ke="PartitionResult",Ne="getAttr",He={[$e]:!1,type:"String"},Ge={[$e]:!0,default:!1,type:"Boolean"},Ze={[je]:"Endpoint"},Le={[qe]:ze,[Te]:[{[je]:"UseFIPS"},!0]},Ve={[qe]:ze,[Te]:[{[je]:"UseDualStack"},!0]},Ye={},Be={[qe]:Ne,[Te]:[{[je]:Ke},"supportsFIPS"]},_e={[je]:Ke},We={[qe]:ze,[Te]:[!0,{[qe]:Ne,[Te]:[_e,"supportsDualStack"]}]},Je=[Le],Xe=[Ve],Qe=[{[je]:"Region"}],et={version:"1.0",parameters:{Region:He,UseDualStack:Ge,UseFIPS:Ge,Endpoint:He},rules:[{conditions:[{[qe]:De,[Te]:[Ze]}],rules:[{conditions:Je,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:Fe},{conditions:Xe,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:Fe},{endpoint:{url:Ze,properties:Ye,headers:Ye},type:Ue}],type:Me},{conditions:[{[qe]:De,[Te]:Qe}],rules:[{conditions:[{[qe]:"aws.partition",[Te]:Qe,assign:Ke}],rules:[{conditions:[Le,Ve],rules:[{conditions:[{[qe]:ze,[Te]:[Oe,Be]},We],rules:[{endpoint:{url:"https://portal.sso-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:Ye,headers:Ye},type:Ue}],type:Me},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:Fe}],type:Me},{conditions:Je,rules:[{conditions:[{[qe]:ze,[Te]:[Be,Oe]}],rules:[{conditions:[{[qe]:"stringEquals",[Te]:[{[qe]:Ne,[Te]:[_e,"name"]},"aws-us-gov"]}],endpoint:{url:"https://portal.sso.{Region}.amazonaws.com",properties:Ye,headers:Ye},type:Ue},{endpoint:{url:"https://portal.sso-fips.{Region}.{PartitionResult#dnsSuffix}",properties:Ye,headers:Ye},type:Ue}],type:Me},{error:"FIPS is enabled but this partition does not support FIPS",type:Fe}],type:Me},{conditions:Xe,rules:[{conditions:[We],rules:[{endpoint:{url:"https://portal.sso.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:Ye,headers:Ye},type:Ue}],type:Me},{error:"DualStack is enabled but this partition does not support DualStack",type:Fe}],type:Me},{endpoint:{url:"https://portal.sso.{Region}.{PartitionResult#dnsSuffix}",properties:Ye,headers:Ye},type:Ue}],type:Me}],type:Me},{error:"Invalid Configuration: Missing Region",type:Fe}]},tt=new Re.k({size:50,params:["Endpoint","Region","UseDualStack","UseFIPS"]}),st=(e,t={})=>tt.get(e,()=>(0,Ae.s)(et,{endpointParams:e,logger:t.logger}));Ce.m.aws=ke.UF;var ot=s(72617),nt=s(70758),rt=s(97252);var it=s(96374),at=s(59326),ct=s(61701);class dt extends Q.K{config;constructor(...[e]){const t=(e=>{(0,rt.I)(process.version);const t=(0,nt.I)(e),s=()=>t().then(ot.l),o=(e=>({apiVersion:"2019-06-10",base64Decoder:e?.base64Decoder??we.E,base64Encoder:e?.base64Encoder??xe.n,disableHostPrefix:e?.disableHostPrefix??!1,endpointProvider:e?.endpointProvider??st,extensions:e?.extensions??[],httpAuthSchemeProvider:e?.httpAuthSchemeProvider??ne,httpAuthSchemes:e?.httpAuthSchemes??[{schemeId:"aws.auth#sigv4",identityProvider:e=>e.getIdentityProvider("aws.auth#sigv4"),signer:new Se.f2},{schemeId:"smithy.api#noAuth",identityProvider:e=>e.getIdentityProvider("smithy.api#noAuth")||(async()=>({})),signer:new be.m}],logger:e?.logger??new ve.N,serviceId:e?.serviceId??"SSO",urlParser:e?.urlParser??Pe.D,utf8Decoder:e?.utf8Decoder??Ie.a,utf8Encoder:e?.utf8Encoder??Ee.P}))(e);(0,re.I)(process.version);const n={profile:e?.profile,logger:o.logger};return{...o,...e,runtime:"node",defaultsMode:t,authSchemePreference:e?.authSchemePreference??(0,le.Z)(ie.$,n),bodyLengthChecker:e?.bodyLengthChecker??ye.n,defaultUserAgentProvider:e?.defaultUserAgentProvider??(0,ae.pf)({serviceId:o.serviceId,clientVersion:"3.901.0"}),maxAttempts:e?.maxAttempts??(0,le.Z)(J.qs,e),region:e?.region??(0,le.Z)(de.GG,{...de.zH,...n}),requestHandler:me.$.create(e?.requestHandler??s),retryMode:e?.retryMode??(0,le.Z)({...J.kN,default:async()=>(await s()).retryMode||fe.L0},e),sha256:e?.sha256??he.V.bind(null,"sha256"),streamCollector:e?.streamCollector??ge.k,useDualstackEndpoint:e?.useDualstackEndpoint??(0,le.Z)(ue.e$,n),useFipsEndpoint:e?.useFipsEndpoint??(0,le.Z)(pe.Ko,n),userAgentAppId:e?.userAgentAppId??(0,le.Z)(ce.hV,n)}})(e||{});super(t),this.initConfig=t;const s=(o=t,Object.assign(o,{useDualstackEndpoint:o.useDualstackEndpoint??!1,useFipsEndpoint:o.useFipsEndpoint??!1,defaultSigningName:"awsssoportal"}));var o;const n=(0,G.D)(s),r=(0,J.$z)(n),i=(0,L.T)(r),a=(0,K.OV)(i),c=((e,t)=>{const s=Object.assign((0,it.R)(e),(0,ct.xA)(e),(0,at.e)(e),(e=>{const t=e.httpAuthSchemes;let s=e.httpAuthSchemeProvider,o=e.credentials;return{setHttpAuthScheme(e){const s=t.findIndex(t=>t.schemeId===e.schemeId);-1===s?t.push(e):t.splice(s,1,e)},httpAuthSchemes:()=>t,setHttpAuthSchemeProvider(e){s=e},httpAuthSchemeProvider:()=>s,setCredentials(e){o=e},credentials:()=>o}})(e));return t.forEach(e=>e.configure(s)),Object.assign(e,(0,it.$)(s),(0,ct.uv)(s),(0,at.j)(s),{httpAuthSchemes:(o=s).httpAuthSchemes(),httpAuthSchemeProvider:o.httpAuthSchemeProvider(),credentials:o.credentials()});var o})((e=>{const t=(0,ee.h)(e);return Object.assign(t,{authSchemePreference:(0,se.t)(e.authSchemePreference??[])})})((0,W.C)(a)),e?.extensions||[]);this.config=c,this.middlewareStack.use((0,Z.sM)(this.config)),this.middlewareStack.use((0,X.ey)(this.config)),this.middlewareStack.use((0,_.vK)(this.config)),this.middlewareStack.use((0,K.TC)(this.config)),this.middlewareStack.use((0,N.Y7)(this.config)),this.middlewareStack.use((0,H.n)(this.config)),this.middlewareStack.use((0,V.w)(this.config,{httpAuthSchemeParametersProvider:oe,identityProviderConfigProvider:async e=>new Y.h({"aws.auth#sigv4":e.credentials})})),this.middlewareStack.use((0,B.l)(this.config))}destroy(){super.destroy()}}},31305:(e,t,s)=>{s.d(t,{m:()=>o});class o{async sign(e,t,s){return e}}},37579:(e,t,s)=>{function o(e){return encodeURIComponent(e).replace(/[!'()*]/g,function(e){return"%"+e.charCodeAt(0).toString(16).toUpperCase()})}s.d(t,{$:()=>o})},65875:(e,t,s)=>{s.d(t,{l:()=>r});var o=s(32141),n=s(37579);function r(e,t){return new i(e,t)}class i{input;context;query={};method="";headers={};path="";body=null;hostname="";resolvePathStack=[];constructor(e,t){this.input=e,this.context=t}async build(){const{hostname:e,protocol:t="https",port:s,path:n}=await this.context.endpoint();this.path=n;for(const e of this.resolvePathStack)e(this.path);return new o.K({protocol:t,hostname:this.hostname||e,port:s,method:this.method,path:this.path,query:this.query,body:this.body,headers:this.headers})}hn(e){return this.hostname=e,this}bp(e){return this.resolvePathStack.push(t=>{this.path=`${t?.endsWith("/")?t.slice(0,-1):t||""}`+e}),this}p(e,t,s,o){return this.resolvePathStack.push(r=>{this.path=((e,t,s,o,r,i)=>{if(null==t||void 0===t[s])throw new Error("No value provided for input HTTP label: "+s+".");{const t=o();if(t.length<=0)throw new Error("Empty value provided for input HTTP label: "+s+".");e=e.replace(r,i?t.split("/").map(e=>(0,n.$)(e)).join("/"):(0,n.$)(t))}return e})(r,this.input,e,t,s,o)}),this}h(e){return this.headers=e,this}q(e){return this.query=e,this}b(e){return this.body=e,this}m(e){return this.method=e,this}}}};

package/dist/189.js

@@ -0,0 +1 @@
+"use strict";exports.id=189,exports.ids=[189],exports.modules={37481:(e,r,o)=>{o.d(r,{Z:()=>c});var t=o(51869),s=o(31493);const c={getFileRecord:()=>s.Jj,interceptFile(e,r){s.Jj[e]=Promise.resolve(r)},getTokenRecord:()=>t.a,interceptToken(e,r){t.a[e]=r}}},51869:(e,r,o)=>{o.d(r,{a:()=>i,v:()=>n});var t=o(79896),s=o(55786);const{readFile:c}=t.promises,i={},n=async e=>{if(i[e])return i[e];const r=(0,s.C)(e),o=await c(r,"utf8");return JSON.parse(o)}},55786:(e,r,o)=>{o.d(r,{C:()=>i});var t=o(76982),s=o(16928),c=o(47741);const i=e=>{const r=(0,t.createHash)("sha1").update(e).digest("hex");return(0,s.join)((0,c.R)(),".aws","sso","cache",`${r}.json`)}},66189:(e,r,o)=>{o.r(r),o.d(r,{fromProcess:()=>l});var t=o(98306),s=o(67789),c=o(3721),i=o(37481),n=o(35317),a=o(39023),d=o(64172);const l=(e={})=>async({callerClientConfig:r}={})=>{e.logger?.debug("@aws-sdk/credential-provider-process - fromProcess");const o=await(0,t.Y)(e);return(async(e,r,o)=>{const t=r[e];if(!r[e])throw new c.C(`Profile ${e} could not be found in shared credentials file.`,{logger:o});{const s=t.credential_process;if(void 0===s)throw new c.C(`Profile ${e} did not contain credential_process.`,{logger:o});{const t=(0,a.promisify)(i.Z?.getTokenRecord?.().exec??n.exec);try{const{stdout:o}=await t(s);let c;try{c=JSON.parse(o.trim())}catch{throw Error(`Profile ${e} credential_process returned invalid JSON.`)}return((e,r,o)=>{if(1!==r.Version)throw Error(`Profile ${e} credential_process did not return Version 1.`);if(void 0===r.AccessKeyId||void 0===r.SecretAccessKey)throw Error(`Profile ${e} credential_process returned invalid credentials.`);if(r.Expiration){const o=new Date;if(new Date(r.Expiration)<o)throw Error(`Profile ${e} credential_process returned expired credentials.`)}let t=r.AccountId;!t&&o?.[e]?.aws_account_id&&(t=o[e].aws_account_id);const s={accessKeyId:r.AccessKeyId,secretAccessKey:r.SecretAccessKey,...r.SessionToken&&{sessionToken:r.SessionToken},...r.Expiration&&{expiration:new Date(r.Expiration)},...r.CredentialScope&&{credentialScope:r.CredentialScope},...t&&{accountId:t}};return(0,d.g)(s,"CREDENTIALS_PROCESS","w"),s})(e,c,r)}catch(e){throw new c.C(e.message,{logger:o})}}}})((0,s.Bz)({profile:e.profile??r?.profile}),o,e.logger)}}};