npm - @kya-os/mcp-i - Versions diffs - 0.1.0 → 1.2.1 - Mend

@kya-os/mcp-i 0.1.0 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (229) hide show

package/README.md +406 -71
package/dist/149.js +1 -0
package/dist/189.js +1 -0
package/dist/261.js +1 -0
package/dist/28.js +1 -0
package/dist/295.js +1 -0
package/dist/460.js +1 -0
package/dist/570.js +1 -0
package/dist/634.js +1 -0
package/dist/647.js +1 -0
package/dist/67.js +1 -0
package/dist/739.js +1 -0
package/dist/742.js +1 -0
package/dist/904.js +1 -0
package/dist/938.js +1 -0
package/dist/auth/api-key.d.ts +16 -0
package/dist/auth/api-key.js +82 -0
package/dist/auth/jwt.d.ts +43 -0
package/dist/auth/jwt.js +51 -0
package/dist/auth/oauth/factory.d.ts +12 -0
package/dist/auth/oauth/factory.js +36 -0
package/dist/auth/oauth/index.d.ts +5 -0
package/dist/auth/oauth/index.js +27 -0
package/dist/auth/oauth/providers/proxy-provider.d.ts +13 -0
package/dist/auth/oauth/providers/proxy-provider.js +159 -0
package/dist/auth/oauth/router.d.ts +4 -0
package/dist/auth/oauth/router.js +294 -0
package/dist/auth/oauth/storage/memory-storage.d.ts +12 -0
package/dist/auth/oauth/storage/memory-storage.js +40 -0
package/dist/auth/oauth/types.d.ts +112 -0
package/dist/auth/oauth/types.js +2 -0
package/dist/cache/__tests__/cloudflare-kv-nonce-cache.test.d.ts +4 -0
package/dist/cache/__tests__/cloudflare-kv-nonce-cache.test.js +176 -0
package/dist/cache/__tests__/concurrency.test.d.ts +5 -0
package/dist/cache/__tests__/concurrency.test.js +300 -0
package/dist/cache/__tests__/dynamodb-nonce-cache.test.d.ts +4 -0
package/dist/cache/__tests__/dynamodb-nonce-cache.test.js +176 -0
package/dist/cache/__tests__/memory-nonce-cache.test.d.ts +4 -0
package/dist/cache/__tests__/memory-nonce-cache.test.js +132 -0
package/dist/cache/__tests__/nonce-cache-factory-simple.test.d.ts +4 -0
package/dist/cache/__tests__/nonce-cache-factory-simple.test.js +133 -0
package/dist/cache/__tests__/nonce-cache-factory.test.d.ts +4 -0
package/dist/cache/__tests__/nonce-cache-factory.test.js +252 -0
package/dist/cache/__tests__/redis-nonce-cache.test.d.ts +4 -0
package/dist/cache/__tests__/redis-nonce-cache.test.js +95 -0
package/dist/cache/cloudflare-kv-nonce-cache.d.ts +14 -0
package/dist/cache/cloudflare-kv-nonce-cache.js +93 -0
package/dist/cache/dynamodb-nonce-cache.d.ts +15 -0
package/dist/cache/dynamodb-nonce-cache.js +92 -0
package/dist/cache/index.d.ts +16 -0
package/dist/cache/index.js +32 -0
package/dist/cache/memory-nonce-cache.d.ts +44 -0
package/dist/cache/memory-nonce-cache.js +105 -0
package/dist/cache/nonce-cache-factory.d.ts +20 -0
package/dist/cache/nonce-cache-factory.js +208 -0
package/dist/cache/redis-nonce-cache.d.ts +14 -0
package/dist/cache/redis-nonce-cache.js +53 -0
package/dist/compiler/compiler-context.d.ts +23 -0
package/dist/compiler/compiler-context.js +24 -0
package/dist/compiler/config/constants.d.ts +41 -0
package/dist/compiler/config/constants.js +45 -0
package/dist/compiler/config/index.d.ts +252 -0
package/dist/compiler/config/index.js +15 -0
package/dist/compiler/config/injection.d.ts +26 -0
package/dist/compiler/config/injection.js +58 -0
package/dist/compiler/config/schemas/experimental/index.d.ts +91 -0
package/dist/compiler/config/schemas/experimental/index.js +16 -0
package/dist/compiler/config/schemas/experimental/oauth.d.ts +74 -0
package/dist/compiler/config/schemas/experimental/oauth.js +25 -0
package/dist/compiler/config/schemas/index.d.ts +6 -0
package/dist/compiler/config/schemas/index.js +17 -0
package/dist/compiler/config/schemas/paths.d.ts +9 -0
package/dist/compiler/config/schemas/paths.js +12 -0
package/dist/compiler/config/schemas/transport/http.d.ts +82 -0
package/dist/compiler/config/schemas/transport/http.js +33 -0
package/dist/compiler/config/schemas/transport/stdio.d.ts +9 -0
package/dist/compiler/config/schemas/transport/stdio.js +15 -0
package/dist/compiler/config/schemas/webpack.d.ts +3 -0
package/dist/compiler/config/schemas/webpack.js +15 -0
package/dist/compiler/config/types.d.ts +1 -0
package/dist/compiler/config/types.js +2 -0
package/dist/compiler/config/utils.d.ts +20 -0
package/dist/compiler/config/utils.js +36 -0
package/dist/compiler/generate-env-code.d.ts +1 -0
package/dist/compiler/generate-env-code.js +8 -0
package/dist/compiler/generate-import-code.d.ts +1 -0
package/dist/compiler/generate-import-code.js +24 -0
package/dist/compiler/get-webpack-config/get-entries.d.ts +3 -0
package/dist/compiler/get-webpack-config/get-entries.js +29 -0
package/dist/compiler/get-webpack-config/get-externals.d.ts +7 -0
package/dist/compiler/get-webpack-config/get-externals.js +88 -0
package/dist/compiler/get-webpack-config/get-injected-variables.d.ts +8 -0
package/dist/compiler/get-webpack-config/get-injected-variables.js +25 -0
package/dist/compiler/get-webpack-config/index.d.ts +4 -0
package/dist/compiler/get-webpack-config/index.js +101 -0
package/dist/compiler/get-webpack-config/plugins.d.ts +8 -0
package/dist/compiler/get-webpack-config/plugins.js +132 -0
package/dist/compiler/get-webpack-config/resolve-tsconfig-paths.d.ts +9 -0
package/dist/compiler/get-webpack-config/resolve-tsconfig-paths.js +40 -0
package/dist/compiler/index.d.ts +6 -0
package/dist/compiler/index.js +194 -0
package/dist/compiler/on-first-build.d.ts +3 -0
package/dist/compiler/on-first-build.js +58 -0
package/dist/compiler/parse-xmcp-config.d.ts +9 -0
package/dist/compiler/parse-xmcp-config.js +155 -0
package/dist/compiler/start-http-server.d.ts +1 -0
package/dist/compiler/start-http-server.js +34 -0
package/dist/index.d.ts +12 -54
package/dist/index.js +22 -190
package/dist/index.js.LICENSE.txt +49 -0
package/dist/runtime/__tests__/audit.test.d.ts +4 -0
package/dist/runtime/__tests__/audit.test.js +328 -0
package/dist/runtime/__tests__/identity.test.d.ts +4 -0
package/dist/runtime/__tests__/identity.test.js +164 -0
package/dist/runtime/__tests__/mcpi-runtime.test.d.ts +4 -0
package/dist/runtime/__tests__/mcpi-runtime.test.js +372 -0
package/dist/runtime/__tests__/proof.test.d.ts +4 -0
package/dist/runtime/__tests__/proof.test.js +302 -0
package/dist/runtime/__tests__/session.test.d.ts +4 -0
package/dist/runtime/__tests__/session.test.js +254 -0
package/dist/runtime/__tests__/well-known.test.d.ts +4 -0
package/dist/runtime/__tests__/well-known.test.js +312 -0
package/dist/runtime/adapter-express.js +2 -0
package/dist/runtime/adapter-express.js.LICENSE.txt +252 -0
package/dist/runtime/adapter-nextjs.js +2 -0
package/dist/runtime/adapter-nextjs.js.LICENSE.txt +53 -0
package/dist/runtime/adapters/express/index.d.ts +2 -0
package/dist/runtime/adapters/express/index.js +48 -0
package/dist/runtime/adapters/nextjs/index.d.ts +8 -0
package/dist/runtime/adapters/nextjs/index.js +18 -0
package/dist/runtime/audit.d.ts +93 -0
package/dist/runtime/audit.js +212 -0
package/dist/runtime/debug.d.ts +118 -0
package/dist/runtime/debug.js +612 -0
package/dist/runtime/delegation-hooks.d.ts +85 -0
package/dist/runtime/delegation-hooks.js +116 -0
package/dist/runtime/demo.d.ts +71 -0
package/dist/runtime/demo.js +135 -0
package/dist/runtime/headers.d.ts +1 -0
package/dist/runtime/headers.js +9 -0
package/dist/runtime/http.js +2 -0
package/dist/runtime/http.js.LICENSE.txt +252 -0
package/dist/runtime/identity.d.ts +105 -0
package/dist/runtime/identity.js +232 -0
package/dist/runtime/index.d.ts +16 -0
package/dist/runtime/index.js +56 -0
package/dist/runtime/mcpi-runtime.d.ts +164 -0
package/dist/runtime/mcpi-runtime.js +352 -0
package/dist/runtime/proof.d.ts +87 -0
package/dist/runtime/proof.js +223 -0
package/dist/runtime/session.d.ts +88 -0
package/dist/runtime/session.js +216 -0
package/dist/runtime/stdio.js +2 -0
package/dist/runtime/stdio.js.LICENSE.txt +1 -0
package/dist/runtime/templates/home.d.ts +2 -0
package/dist/runtime/templates/home.js +50 -0
package/dist/runtime/transports/http/base-streamable-http.d.ts +25 -0
package/dist/runtime/transports/http/base-streamable-http.js +16 -0
package/dist/runtime/transports/http/http-context.d.ts +9 -0
package/dist/runtime/transports/http/http-context.js +8 -0
package/dist/runtime/transports/http/index.d.ts +1 -0
package/dist/runtime/transports/http/index.js +55 -0
package/dist/runtime/transports/http/setup-cors.d.ts +4 -0
package/dist/runtime/transports/http/setup-cors.js +24 -0
package/dist/runtime/transports/http/stateless-streamable-http.d.ts +39 -0
package/dist/runtime/transports/http/stateless-streamable-http.js +331 -0
package/dist/runtime/transports/stdio/index.d.ts +1 -0
package/dist/runtime/transports/stdio/index.js +51 -0
package/dist/runtime/utils/server.d.ts +42 -0
package/dist/runtime/utils/server.js +39 -0
package/dist/runtime/utils/tools.d.ts +8 -0
package/dist/runtime/utils/tools.js +115 -0
package/dist/runtime/verifier-middleware.d.ts +76 -0
package/dist/runtime/verifier-middleware.js +322 -0
package/dist/runtime/well-known.d.ts +151 -0
package/dist/runtime/well-known.js +258 -0
package/dist/storage/config.d.ts +28 -0
package/dist/storage/config.js +79 -0
package/dist/storage/delegation.d.ts +59 -0
package/dist/storage/delegation.js +130 -0
package/dist/storage/merkle-verifier.d.ts +84 -0
package/dist/storage/merkle-verifier.js +261 -0
package/dist/test/__tests__/nonce-cache-integration.test.d.ts +1 -0
package/dist/test/__tests__/nonce-cache-integration.test.js +116 -0
package/dist/test/__tests__/nonce-cache.test.d.ts +1 -0
package/dist/test/__tests__/nonce-cache.test.js +122 -0
package/dist/test/__tests__/runtime-integration.test.d.ts +4 -0
package/dist/test/__tests__/runtime-integration.test.js +192 -0
package/dist/test/__tests__/test-infrastructure.test.d.ts +4 -0
package/dist/test/__tests__/test-infrastructure.test.js +178 -0
package/dist/test/deterministic-keys.d.ts +31 -0
package/dist/test/deterministic-keys.js +108 -0
package/dist/test/examples/test-usage-example.d.ts +140 -0
package/dist/test/examples/test-usage-example.js +175 -0
package/dist/test/index.d.ts +11 -0
package/dist/test/index.js +27 -0
package/dist/test/local-verification.d.ts +28 -0
package/dist/test/local-verification.js +342 -0
package/dist/test/mock-identity-provider.d.ts +96 -0
package/dist/test/mock-identity-provider.js +243 -0
package/dist/test/runtime-integration.d.ts +63 -0
package/dist/test/runtime-integration.js +140 -0
package/dist/test/test-environment.d.ts +26 -0
package/dist/test/test-environment.js +50 -0
package/dist/types/declarations.d.ts +1 -0
package/dist/types/declarations.js +6 -0
package/dist/types/middleware.d.ts +2 -0
package/dist/types/middleware.js +2 -0
package/dist/types/tool.d.ts +80 -0
package/dist/types/tool.js +2 -0
package/dist/utils/cli-icons.d.ts +3 -0
package/dist/utils/cli-icons.js +7 -0
package/dist/utils/constants.d.ts +6 -0
package/dist/utils/constants.js +13 -0
package/dist/utils/context.d.ts +33 -0
package/dist/utils/context.js +58 -0
package/dist/utils/file-watcher.d.ts +19 -0
package/dist/utils/file-watcher.js +49 -0
package/dist/utils/fs-utils.d.ts +2 -0
package/dist/utils/fs-utils.js +22 -0
package/dist/utils/path-validation.d.ts +3 -0
package/dist/utils/path-validation.js +56 -0
package/dist/utils/spawn-process.d.ts +9 -0
package/dist/utils/spawn-process.js +50 -0
package/dist/utils/subscribable.d.ts +12 -0
package/dist/utils/subscribable.js +44 -0
package/package.json +99 -21
package/dist/index.d.ts.map +0 -1
package/dist/index.js.map +0 -1

package/dist/runtime/debug.js ADDED Viewed

@@ -0,0 +1,612 @@
+"use strict";
+/**
+ * XMCP-I Debug Tools - Development-only debug endpoints
+ *
+ * Provides /verify endpoint for proof inspection and debugging
+ * in development environments only.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DebugManager = void 0;
+exports.createDebugEndpoint = createDebugEndpoint;
+/**
+ * Debug endpoint manager
+ */
+class DebugManager {
+    identity;
+    environment;
+    lastProof;
+    lastSession;
+    logRoot;
+    constructor(identity, environment = "development") {
+        this.identity = identity;
+        this.environment = environment;
+    }
+    /**
+     * Update debug state with latest proof and session
+     */
+    updateDebugState(proof, session) {
+        if (this.environment === "development") {
+            this.lastProof = proof;
+            this.lastSession = session;
+        }
+    }
+    /**
+     * Set log root for receipt verification
+     */
+    setLogRoot(logRoot) {
+        this.logRoot = logRoot;
+    }
+    /**
+     * Generate debug page data
+     */
+    async generateDebugPageData(_didDocument, agentDocument, logRoot) {
+        if (this.environment !== "development") {
+            throw new Error("Debug endpoint only available in development");
+        }
+        const data = {
+            identity: {
+                did: this.identity.did,
+                keyId: this.identity.keyId,
+                didDocumentUrl: this.generateDIDDocumentUrl(this.identity.did),
+            },
+            registry: {
+                ktaUrl: this.generateKTAUrl(this.identity.did),
+                mcpMirrorStatus: "unknown", // Would be fetched from KTA in real implementation
+            },
+            capabilities: {
+                protocol: ["handshake", "signing", "verification"],
+                identity: ["handshake", "signing", "verification"],
+                source: agentDocument ? "well-known" : "handshake",
+            },
+            timestamp: Date.now(),
+            environment: this.environment,
+        };
+        // Add proof data if available
+        if (this.lastProof) {
+            data.proof = {
+                jws: this.lastProof.jws,
+                meta: this.lastProof.meta,
+                canonicalHashes: {
+                    requestHash: this.lastProof.meta.requestHash,
+                    responseHash: this.lastProof.meta.responseHash,
+                },
+            };
+            // Perform local verification
+            data.verification = await this.performLocalVerification(this.lastProof, this.lastSession);
+        }
+        // Add log root for receipt verification
+        if (logRoot) {
+            data.logRoot = logRoot;
+        }
+        return data;
+    }
+    /**
+     * Create debug endpoint handler
+     */
+    createDebugHandler() {
+        return async (_request) => {
+            if (this.environment !== "development") {
+                return new Response("Debug endpoint not available in production", {
+                    status: 404,
+                });
+            }
+            try {
+                const debugData = await this.generateDebugPageData(undefined, undefined, this.logRoot);
+                const html = this.generateDebugHTML(debugData);
+                return new Response(html, {
+                    headers: {
+                        "Content-Type": "text/html",
+                        "Cache-Control": "no-store",
+                    },
+                });
+            }
+            catch (error) {
+                console.error("Debug endpoint error:", error);
+                return new Response("Internal server error", { status: 500 });
+            }
+        };
+    }
+    /**
+     * Perform local verification of proof
+     */
+    async performLocalVerification(proof, session) {
+        const result = {
+            success: false,
+            signature: {
+                valid: false,
+                algorithm: "EdDSA",
+                keyId: proof.meta.kid,
+            },
+            proof: {
+                valid: false,
+                timestamp: {
+                    valid: false,
+                    skew: 0,
+                },
+                hashes: {
+                    requestValid: false,
+                    responseValid: false,
+                },
+            },
+            session: {
+                valid: false,
+                expired: false,
+                ttl: 0,
+            },
+            errors: [],
+        };
+        try {
+            // Validate timestamp
+            const now = Math.floor(Date.now() / 1000);
+            const skew = Math.abs(now - proof.meta.ts);
+            result.proof.timestamp.skew = skew;
+            result.proof.timestamp.valid = skew <= 120; // Default 120s tolerance
+            if (!result.proof.timestamp.valid) {
+                result.errors?.push(`Timestamp skew too large: ${skew}s (max 120s). Check NTP sync.`);
+                result.proof.timestamp.remediation =
+                    "Check NTP sync; adjust XMCP_I_TS_SKEW_SEC";
+            }
+            // Validate hash format
+            result.proof.hashes.requestValid = /^sha256:[a-f0-9]{64}$/.test(proof.meta.requestHash);
+            result.proof.hashes.responseValid = /^sha256:[a-f0-9]{64}$/.test(proof.meta.responseHash);
+            if (!result.proof.hashes.requestValid) {
+                result.errors?.push("Invalid request hash format");
+            }
+            if (!result.proof.hashes.responseValid) {
+                result.errors?.push("Invalid response hash format");
+            }
+            // Validate session if available
+            if (session) {
+                const sessionAge = now - Math.floor(session.createdAt / 1000);
+                const sessionTtl = session.ttlMinutes || 30;
+                result.session.ttl = sessionTtl * 60 - sessionAge;
+                result.session.expired = result.session.ttl <= 0;
+                result.session.valid = !result.session.expired;
+                if (result.session.expired) {
+                    result.errors?.push("Session expired");
+                }
+            }
+            // Overall validation
+            result.proof.valid =
+                result.proof.timestamp.valid &&
+                    result.proof.hashes.requestValid &&
+                    result.proof.hashes.responseValid;
+            result.success =
+                result.proof.valid && result.session.valid && !result.errors?.length;
+            // Note: In a real implementation, we would verify the JWS signature
+            // using the public key from the DID document
+            result.signature.valid = true; // Placeholder for actual signature verification
+        }
+        catch (error) {
+            result.errors?.push(`Verification error: ${error}`);
+        }
+        return result;
+    }
+    /**
+     * Generate DID document URL
+     */
+    generateDIDDocumentUrl(did) {
+        if (did.startsWith("did:web:")) {
+            const domain = did.replace("did:web:", "").replace(/:/g, "/");
+            return `https://${domain}/.well-known/did.json`;
+        }
+        return `${did}/.well-known/did.json`;
+    }
+    /**
+     * Generate KTA URL
+     */
+    generateKTAUrl(did) {
+        // Extract agent identifier from DID for KTA URL
+        const agentId = did.split(":").pop() || "unknown";
+        return `https://knowthat.ai/agents/${agentId}`;
+    }
+    /**
+     * Generate debug HTML page
+     */
+    generateDebugHTML(data) {
+        return `<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>XMCP-I Debug - Proof Verification</title>
+    <style>
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+            line-height: 1.6;
+            margin: 0;
+            padding: 20px;
+            background: #f5f5f5;
+        }
+        .container {
+            max-width: 1200px;
+            margin: 0 auto;
+            background: white;
+            border-radius: 8px;
+            box-shadow: 0 2px 10px rgba(0,0,0,0.1);
+            overflow: hidden;
+        }
+        .header {
+            background: #2563eb;
+            color: white;
+            padding: 20px;
+        }
+        .header h1 {
+            margin: 0;
+            font-size: 24px;
+        }
+        .header .subtitle {
+            opacity: 0.9;
+            margin-top: 5px;
+        }
+        .section {
+            padding: 20px;
+            border-bottom: 1px solid #e5e7eb;
+        }
+        .section:last-child {
+            border-bottom: none;
+        }
+        .section h2 {
+            margin: 0 0 15px 0;
+            color: #1f2937;
+            font-size: 18px;
+        }
+        .grid {
+            display: grid;
+            grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
+            gap: 20px;
+        }
+        .card {
+            background: #f9fafb;
+            border: 1px solid #e5e7eb;
+            border-radius: 6px;
+            padding: 15px;
+        }
+        .card h3 {
+            margin: 0 0 10px 0;
+            color: #374151;
+            font-size: 16px;
+        }
+        .field {
+            margin-bottom: 10px;
+        }
+        .field label {
+            display: block;
+            font-weight: 600;
+            color: #4b5563;
+            margin-bottom: 2px;
+            font-size: 14px;
+        }
+        .field .value {
+            font-family: 'SF Mono', Monaco, monospace;
+            font-size: 13px;
+            background: white;
+            border: 1px solid #d1d5db;
+            border-radius: 4px;
+            padding: 8px;
+            word-break: break-all;
+        }
+        .status {
+            display: inline-block;
+            padding: 2px 8px;
+            border-radius: 12px;
+            font-size: 12px;
+            font-weight: 600;
+        }
+        .status.success {
+            background: #dcfce7;
+            color: #166534;
+        }
+        .status.error {
+            background: #fef2f2;
+            color: #dc2626;
+        }
+        .status.warning {
+            background: #fef3c7;
+            color: #d97706;
+        }
+        .status.unknown {
+            background: #f3f4f6;
+            color: #6b7280;
+        }
+        .code-block {
+            background: #1f2937;
+            color: #f9fafb;
+            padding: 15px;
+            border-radius: 6px;
+            font-family: 'SF Mono', Monaco, monospace;
+            font-size: 13px;
+            overflow-x: auto;
+            white-space: pre-wrap;
+            word-break: break-all;
+        }
+        .warning-banner {
+            background: #fef3c7;
+            border: 1px solid #f59e0b;
+            border-radius: 6px;
+            padding: 15px;
+            margin-bottom: 20px;
+        }
+        .warning-banner strong {
+            color: #92400e;
+        }
+        .link {
+            color: #2563eb;
+            text-decoration: none;
+        }
+        .link:hover {
+            text-decoration: underline;
+        }
+        .timestamp {
+            color: #6b7280;
+            font-size: 12px;
+            margin-top: 20px;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="header">
+            <h1>🔍 XMCP-I Debug Console</h1>
+            <div class="subtitle">Proof Verification & Identity Inspection</div>
+        </div>
+        <div class="warning-banner">
+            <strong>Development Only:</strong> This debug endpoint is only available in development mode and does not expose payload bodies or secrets.
+        </div>
+        <div class="section">
+            <h2>Agent Identity</h2>
+            <div class="grid">
+                <div class="card">
+                    <h3>Identity Information</h3>
+                    <div class="field">
+                        <label>DID</label>
+                        <div class="value">${data.identity.did}</div>
+                    </div>
+                    <div class="field">
+                        <label>Key ID</label>
+                        <div class="value">${data.identity.keyId}</div>
+                    </div>
+                    <div class="field">
+                        <label>DID Document</label>
+                        <div class="value">
+                            <a href="${data.identity.didDocumentUrl}" class="link" target="_blank">
+                                ${data.identity.didDocumentUrl}
+                            </a>
+                        </div>
+                    </div>
+                </div>
+                <div class="card">
+                    <h3>Registry Status</h3>
+                    <div class="field">
+                        <label>Know-That-AI</label>
+                        <div class="value">
+                            <a href="${data.registry.ktaUrl}" class="link" target="_blank">
+                                ${data.registry.ktaUrl}
+                            </a>
+                        </div>
+                    </div>
+                    <div class="field">
+                        <label>MCP Mirror Status</label>
+                        <div class="value">
+                            <span class="status ${data.registry.mcpMirrorStatus}">
+                                ${data.registry.mcpMirrorStatus}
+                            </span>
+                        </div>
+                    </div>
+                    ${data.logRoot
+            ? `
+                    <div class="field">
+                        <label>Log Root (Receipt Verification)</label>
+                        <div class="value">${data.logRoot}</div>
+                    </div>
+                    `
+            : ""}
+                </div>
+            </div>
+        </div>
+        <div class="section">
+            <h2>Protocol Capabilities</h2>
+            <div class="card">
+                <h3>Advertised Capabilities</h3>
+                <div class="field">
+                    <label>MCP-I Features</label>
+                    <div class="value">${JSON.stringify(data.capabilities.identity)}</div>
+                </div>
+                <div class="field">
+                    <label>Source</label>
+                    <div class="value">${data.capabilities.source}</div>
+                </div>
+            </div>
+        </div>
+        ${data.proof
+            ? `
+        <div class="section">
+            <h2>Latest Proof</h2>
+            <div class="grid">
+                <div class="card">
+                    <h3>Proof Metadata</h3>
+                    <div class="field">
+                        <label>Session ID</label>
+                        <div class="value">${data.proof.meta.sessionId}</div>
+                    </div>
+                    <div class="field">
+                        <label>Audience</label>
+                        <div class="value">${data.proof.meta.audience}</div>
+                    </div>
+                    <div class="field">
+                        <label>Timestamp</label>
+                        <div class="value">${new Date(data.proof.meta.ts * 1000).toISOString()}</div>
+                    </div>
+                    <div class="field">
+                        <label>Nonce</label>
+                        <div class="value">${data.proof.meta.nonce}</div>
+                    </div>
+                    ${data.proof.meta.scopeId
+                ? `
+                    <div class="field">
+                        <label>Scope ID</label>
+                        <div class="value">${data.proof.meta.scopeId}</div>
+                    </div>
+                    `
+                : ""}
+                    ${data.proof.meta.delegationRef
+                ? `
+                    <div class="field">
+                        <label>Delegation Ref</label>
+                        <div class="value">${data.proof.meta.delegationRef}</div>
+                    </div>
+                    `
+                : ""}
+                </div>
+                <div class="card">
+                    <h3>Canonical Hashes</h3>
+                    <div class="field">
+                        <label>Request Hash</label>
+                        <div class="value">${data.proof.canonicalHashes.requestHash}</div>
+                    </div>
+                    <div class="field">
+                        <label>Response Hash</label>
+                        <div class="value">${data.proof.canonicalHashes.responseHash}</div>
+                    </div>
+                </div>
+            </div>
+            <div class="card" style="margin-top: 20px;">
+                <h3>Detached JWS</h3>
+                <div class="code-block">${data.proof.jws}</div>
+            </div>
+        </div>
+        `
+            : `
+        <div class="section">
+            <h2>Latest Proof</h2>
+            <div class="card">
+                <p style="color: #6b7280; font-style: italic;">
+                    No proof data available. Make a tool call to see proof verification details.
+                </p>
+            </div>
+        </div>
+        `}
+        ${data.verification
+            ? `
+        <div class="section">
+            <h2>Local Verification Result</h2>
+            <div class="grid">
+                <div class="card">
+                    <h3>Overall Status</h3>
+                    <div class="field">
+                        <label>Verification</label>
+                        <div class="value">
+                            <span class="status ${data.verification.success ? "success" : "error"}">
+                                ${data.verification.success ? "VALID" : "INVALID"}
+                            </span>
+                        </div>
+                    </div>
+                    ${data.verification.errors?.length
+                ? `
+                    <div class="field">
+                        <label>Errors</label>
+                        <div class="value" style="color: #dc2626;">
+                            ${data.verification.errors.join("; ")}
+                        </div>
+                    </div>
+                    `
+                : ""}
+                </div>
+                <div class="card">
+                    <h3>Signature Check</h3>
+                    <div class="field">
+                        <label>Valid</label>
+                        <div class="value">
+                            <span class="status ${data.verification.signature.valid
+                ? "success"
+                : "error"}">
+                                ${data.verification.signature.valid
+                ? "VALID"
+                : "INVALID"}
+                            </span>
+                        </div>
+                    </div>
+                    <div class="field">
+                        <label>Algorithm</label>
+                        <div class="value">${data.verification.signature.algorithm}</div>
+                    </div>
+                </div>
+                <div class="card">
+                    <h3>Timestamp Check</h3>
+                    <div class="field">
+                        <label>Valid</label>
+                        <div class="value">
+                            <span class="status ${data.verification.proof.timestamp.valid
+                ? "success"
+                : "error"}">
+                                ${data.verification.proof.timestamp.valid
+                ? "VALID"
+                : "INVALID"}
+                            </span>
+                        </div>
+                    </div>
+                    <div class="field">
+                        <label>Clock Skew</label>
+                        <div class="value">${data.verification.proof.timestamp.skew}s</div>
+                    </div>
+                    ${data.verification.proof.timestamp.remediation
+                ? `
+                    <div class="field">
+                        <label>Remediation</label>
+                        <div class="value" style="color: #d97706;">
+                            ${data.verification.proof.timestamp.remediation}
+                        </div>
+                    </div>
+                    `
+                : ""}
+                </div>
+                <div class="card">
+                    <h3>Session Check</h3>
+                    <div class="field">
+                        <label>Valid</label>
+                        <div class="value">
+                            <span class="status ${data.verification.session.valid
+                ? "success"
+                : "error"}">
+                                ${data.verification.session.valid
+                ? "VALID"
+                : "INVALID"}
+                            </span>
+                        </div>
+                    </div>
+                    <div class="field">
+                        <label>TTL Remaining</label>
+                        <div class="value">${Math.max(0, data.verification.session.ttl)}s</div>
+                    </div>
+                </div>
+            </div>
+        </div>
+        `
+            : ""}
+        <div class="timestamp">
+            Generated at ${new Date(data.timestamp).toISOString()} • Environment: ${data.environment}
+        </div>
+    </div>
+</body>
+</html>`;
+    }
+}
+exports.DebugManager = DebugManager;
+/**
+ * Create debug endpoint handler for development
+ */
+function createDebugEndpoint(identity, environment = "development") {
+    return new DebugManager(identity, environment);
+}

package/dist/runtime/delegation-hooks.d.ts ADDED Viewed

@@ -0,0 +1,85 @@
+import { ProofMeta } from "@kya-os/contracts/proof";
+import { DelegationManager } from "../storage/delegation";
+/**
+ * Runtime hooks for delegation support
+ */
+export interface DelegationHooks {
+    /**
+     * Called before proof generation to attach delegation context
+     */
+    beforeProof?: (meta: Partial<ProofMeta>) => Promise<Partial<ProofMeta>>;
+    /**
+     * Called after proof generation to validate delegation
+     */
+    afterProof?: (meta: ProofMeta) => Promise<void>;
+    /**
+     * Called to resolve delegation reference for a request
+     */
+    resolveDelegation?: (context: RequestContext) => Promise<string | undefined>;
+}
+export interface RequestContext {
+    audience: string;
+    scopes?: string[];
+    sessionId: string;
+    did: string;
+    kid: string;
+}
+/**
+ * Default delegation hooks implementation
+ */
+export declare class DefaultDelegationHooks implements DelegationHooks {
+    private delegationManager;
+    private options;
+    constructor(delegationManager: DelegationManager, options?: DelegationHookOptions);
+    beforeProof(meta: Partial<ProofMeta>): Promise<Partial<ProofMeta>>;
+    afterProof(meta: ProofMeta): Promise<void>;
+    resolveDelegation(_context: RequestContext): Promise<string | undefined>;
+}
+export interface DelegationHookOptions {
+    /**
+     * Automatically resolve delegation references for requests
+     */
+    autoResolveDelegation?: boolean;
+    /**
+     * Require delegation for all requests
+     */
+    requireDelegation?: boolean;
+    /**
+     * Default delegation duration in seconds
+     */
+    defaultDuration?: number;
+}
+/**
+ * Create delegation hooks instance
+ */
+export declare function createDelegationHooks(delegationManager: DelegationManager, options?: DelegationHookOptions): DelegationHooks;
+/**
+ * Delegation middleware for runtime integration
+ */
+export declare class DelegationMiddleware {
+    private hooks;
+    private options;
+    constructor(hooks: DelegationHooks, options?: DelegationMiddlewareOptions);
+    /**
+     * Process request and attach delegation context
+     */
+    processRequest(meta: Partial<ProofMeta>, context: RequestContext): Promise<Partial<ProofMeta>>;
+    /**
+     * Validate proof after generation
+     */
+    validateProof(meta: ProofMeta): Promise<void>;
+}
+export interface DelegationMiddlewareOptions {
+    /**
+     * Require delegation for all requests
+     */
+    requireDelegation?: boolean;
+    /**
+     * Skip delegation validation in test mode
+     */
+    skipValidationInTest?: boolean;
+}
+/**
+ * Create delegation middleware instance
+ */
+export declare function createDelegationMiddleware(hooks: DelegationHooks, options?: DelegationMiddlewareOptions): DelegationMiddleware;