@kya-os/mcp-i 1.2.1 → 1.2.3

package/dist/runtime/__tests__/audit.test.js

@@ -1,328 +0,0 @@
-"use strict";
-/**
- * Tests for Audit Logging System
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-const vitest_1 = require("vitest");
-const audit_js_1 = require("../audit.js");
-(0, vitest_1.describe)("AuditLogger", () => {
-    let auditLogger;
-    let mockLogFunction;
-    let mockIdentity;
-    let mockSession;
-    (0, vitest_1.beforeEach)(() => {
-        mockLogFunction = vitest_1.vi.fn();
-        auditLogger = new audit_js_1.AuditLogger({
-            logFunction: mockLogFunction,
-        });
-        mockIdentity = {
-            did: "did:web:example.com:agents:test-agent",
-            keyId: "key-test-123",
-            privateKey: "test-private-key",
-            publicKey: "test-public-key",
-            createdAt: new Date().toISOString(),
-        };
-        mockSession = {
-            sessionId: "sess_test_123",
-            audience: "example.com",
-            nonce: "test-nonce-456",
-            timestamp: Math.floor(Date.now() / 1000),
-            createdAt: Math.floor(Date.now() / 1000),
-            lastActivity: Math.floor(Date.now() / 1000),
-            ttlMinutes: 30,
-        };
-    });
-    (0, vitest_1.describe)("Audit Record Generation", () => {
-        (0, vitest_1.it)("should emit audit record on first call per session", async () => {
-            const context = {
-                identity: mockIdentity,
-                session: mockSession,
-                requestHash: "sha256:abc123",
-                responseHash: "sha256:def456",
-                verified: "yes",
-                scopeId: "orders.create",
-            };
-            await auditLogger.logAuditRecord(context);
-            (0, vitest_1.expect)(mockLogFunction).toHaveBeenCalledOnce();
-            const auditLine = mockLogFunction.mock.calls[0][0];
-            (0, vitest_1.expect)(auditLine).toContain("audit.v1");
-            (0, vitest_1.expect)(auditLine).toContain("session=sess_test_123");
-            (0, vitest_1.expect)(auditLine).toContain("audience=example.com");
-            (0, vitest_1.expect)(auditLine).toContain("did=did:web:example.com:agents:test-agent");
-            (0, vitest_1.expect)(auditLine).toContain("kid=key-test-123");
-            (0, vitest_1.expect)(auditLine).toContain("reqHash=sha256:abc123");
-            (0, vitest_1.expect)(auditLine).toContain("resHash=sha256:def456");
-            (0, vitest_1.expect)(auditLine).toContain("verified=yes");
-            (0, vitest_1.expect)(auditLine).toContain("scope=orders.create");
-        });
-        (0, vitest_1.it)("should not emit duplicate audit records for same session", async () => {
-            const context = {
-                identity: mockIdentity,
-                session: mockSession,
-                requestHash: "sha256:abc123",
-                responseHash: "sha256:def456",
-                verified: "yes",
-            };
-            // First call should emit audit record
-            await auditLogger.logAuditRecord(context);
-            (0, vitest_1.expect)(mockLogFunction).toHaveBeenCalledOnce();
-            // Second call for same session should not emit
-            await auditLogger.logAuditRecord(context);
-            (0, vitest_1.expect)(mockLogFunction).toHaveBeenCalledOnce(); // Still only once
-        });
-        (0, vitest_1.it)("should emit separate audit records for different sessions", async () => {
-            const context1 = {
-                identity: mockIdentity,
-                session: mockSession,
-                requestHash: "sha256:abc123",
-                responseHash: "sha256:def456",
-                verified: "yes",
-            };
-            const context2 = {
-                identity: mockIdentity,
-                session: { ...mockSession, sessionId: "sess_test_456" },
-                requestHash: "sha256:ghi789",
-                responseHash: "sha256:jkl012",
-                verified: "no",
-            };
-            await auditLogger.logAuditRecord(context1);
-            await auditLogger.logAuditRecord(context2);
-            (0, vitest_1.expect)(mockLogFunction).toHaveBeenCalledTimes(2);
-        });
-        (0, vitest_1.it)('should use "-" for missing scope', async () => {
-            const context = {
-                identity: mockIdentity,
-                session: mockSession,
-                requestHash: "sha256:abc123",
-                responseHash: "sha256:def456",
-                verified: "yes",
-                // No scopeId provided
-            };
-            await auditLogger.logAuditRecord(context);
-            const auditLine = mockLogFunction.mock.calls[0][0];
-            (0, vitest_1.expect)(auditLine).toContain("scope=-");
-        });
-        (0, vitest_1.it)("should not log when disabled", async () => {
-            const disabledLogger = new audit_js_1.AuditLogger({
-                enabled: false,
-                logFunction: mockLogFunction,
-            });
-            const context = {
-                identity: mockIdentity,
-                session: mockSession,
-                requestHash: "sha256:abc123",
-                responseHash: "sha256:def456",
-                verified: "yes",
-            };
-            await disabledLogger.logAuditRecord(context);
-            (0, vitest_1.expect)(mockLogFunction).not.toHaveBeenCalled();
-        });
-    });
-    (0, vitest_1.describe)("Audit Line Format", () => {
-        (0, vitest_1.it)("should format audit line with frozen format", async () => {
-            const context = {
-                identity: mockIdentity,
-                session: mockSession,
-                requestHash: "sha256:abc123",
-                responseHash: "sha256:def456",
-                verified: "yes",
-                scopeId: "orders.create",
-            };
-            await auditLogger.logAuditRecord(context);
-            const auditLine = mockLogFunction.mock.calls[0][0];
-            const parts = auditLine.split(" ");
-            (0, vitest_1.expect)(parts[0]).toBe("audit.v1");
-            (0, vitest_1.expect)(parts[1]).toMatch(/^ts=\d+$/);
-            (0, vitest_1.expect)(parts[2]).toBe("session=sess_test_123");
-            (0, vitest_1.expect)(parts[3]).toBe("audience=example.com");
-            (0, vitest_1.expect)(parts[4]).toBe("did=did:web:example.com:agents:test-agent");
-            (0, vitest_1.expect)(parts[5]).toBe("kid=key-test-123");
-            (0, vitest_1.expect)(parts[6]).toBe("reqHash=sha256:abc123");
-            (0, vitest_1.expect)(parts[7]).toBe("resHash=sha256:def456");
-            (0, vitest_1.expect)(parts[8]).toBe("verified=yes");
-            (0, vitest_1.expect)(parts[9]).toBe("scope=orders.create");
-        });
-        (0, vitest_1.it)("should include timestamp in unix seconds", async () => {
-            const beforeTime = Math.floor(Date.now() / 1000);
-            const context = {
-                identity: mockIdentity,
-                session: mockSession,
-                requestHash: "sha256:abc123",
-                responseHash: "sha256:def456",
-                verified: "yes",
-            };
-            await auditLogger.logAuditRecord(context);
-            const afterTime = Math.floor(Date.now() / 1000);
-            const auditLine = mockLogFunction.mock.calls[0][0];
-            const tsMatch = auditLine.match(/ts=(\d+)/);
-            (0, vitest_1.expect)(tsMatch).toBeTruthy();
-            const timestamp = parseInt(tsMatch[1], 10);
-            (0, vitest_1.expect)(timestamp).toBeGreaterThanOrEqual(beforeTime);
-            (0, vitest_1.expect)(timestamp).toBeLessThanOrEqual(afterTime);
-        });
-    });
-    (0, vitest_1.describe)("Configuration and Statistics", () => {
-        (0, vitest_1.it)("should provide accurate statistics", async () => {
-            const context = {
-                identity: mockIdentity,
-                session: mockSession,
-                requestHash: "sha256:abc123",
-                responseHash: "sha256:def456",
-                verified: "yes",
-            };
-            const initialStats = auditLogger.getStats();
-            (0, vitest_1.expect)(initialStats.sessionsLogged).toBe(0);
-            (0, vitest_1.expect)(initialStats.enabled).toBe(true);
-            (0, vitest_1.expect)(initialStats.includePayloads).toBe(false);
-            await auditLogger.logAuditRecord(context);
-            const finalStats = auditLogger.getStats();
-            (0, vitest_1.expect)(finalStats.sessionsLogged).toBe(1);
-        });
-        (0, vitest_1.it)("should allow configuration updates", () => {
-            auditLogger.updateConfig({ enabled: false, includePayloads: true });
-            const stats = auditLogger.getStats();
-            (0, vitest_1.expect)(stats.enabled).toBe(false);
-            (0, vitest_1.expect)(stats.includePayloads).toBe(true);
-        });
-        (0, vitest_1.it)("should clear session log", async () => {
-            const context = {
-                identity: mockIdentity,
-                session: mockSession,
-                requestHash: "sha256:abc123",
-                responseHash: "sha256:def456",
-                verified: "yes",
-            };
-            await auditLogger.logAuditRecord(context);
-            (0, vitest_1.expect)(auditLogger.getStats().sessionsLogged).toBe(1);
-            auditLogger.clearSessionLog();
-            (0, vitest_1.expect)(auditLogger.getStats().sessionsLogged).toBe(0);
-        });
-    });
-});
-(0, vitest_1.describe)("Key Rotation Audit", () => {
-    let mockLogFunction;
-    let mockIdentity;
-    (0, vitest_1.beforeEach)(() => {
-        mockLogFunction = vitest_1.vi.fn();
-        mockIdentity = {
-            did: "did:web:example.com:agents:test-agent",
-            keyId: "key-new-456",
-            privateKey: "test-private-key",
-            publicKey: "test-public-key",
-            createdAt: new Date().toISOString(),
-        };
-    });
-    (0, vitest_1.it)("should log key rotation audit record", () => {
-        const context = {
-            identity: mockIdentity,
-            oldKeyId: "key-old-123",
-            newKeyId: "key-new-456",
-            mode: "dev",
-            delegated: "no",
-            force: "no",
-        };
-        (0, audit_js_1.logKeyRotationAudit)(context, mockLogFunction);
-        (0, vitest_1.expect)(mockLogFunction).toHaveBeenCalledOnce();
-        const auditLine = mockLogFunction.mock.calls[0][0];
-        (0, vitest_1.expect)(auditLine).toContain("keys.rotate.v1");
-        (0, vitest_1.expect)(auditLine).toContain("did=did:web:example.com:agents:test-agent");
-        (0, vitest_1.expect)(auditLine).toContain("oldKid=key-old-123");
-        (0, vitest_1.expect)(auditLine).toContain("newKid=key-new-456");
-        (0, vitest_1.expect)(auditLine).toContain("mode=dev");
-        (0, vitest_1.expect)(auditLine).toContain("delegated=no");
-        (0, vitest_1.expect)(auditLine).toContain("force=no");
-    });
-    (0, vitest_1.it)("should log production key rotation with delegation", () => {
-        const context = {
-            identity: mockIdentity,
-            oldKeyId: "key-old-123",
-            newKeyId: "key-new-456",
-            mode: "prod",
-            delegated: "yes",
-            force: "no",
-        };
-        (0, audit_js_1.logKeyRotationAudit)(context, mockLogFunction);
-        const auditLine = mockLogFunction.mock.calls[0][0];
-        (0, vitest_1.expect)(auditLine).toContain("mode=prod");
-        (0, vitest_1.expect)(auditLine).toContain("delegated=yes");
-    });
-    (0, vitest_1.it)("should log forced key rotation", () => {
-        const context = {
-            identity: mockIdentity,
-            oldKeyId: "key-old-123",
-            newKeyId: "key-new-456",
-            mode: "prod",
-            delegated: "no",
-            force: "yes",
-        };
-        (0, audit_js_1.logKeyRotationAudit)(context, mockLogFunction);
-        const auditLine = mockLogFunction.mock.calls[0][0];
-        (0, vitest_1.expect)(auditLine).toContain("force=yes");
-    });
-});
-(0, vitest_1.describe)("Audit Line Parsing", () => {
-    (0, vitest_1.it)("should parse valid audit line", () => {
-        const auditLine = "audit.v1 ts=1640995200 session=sess_test_123 audience=example.com did=did:web:example.com:agents:test-agent kid=key-test-123 reqHash=sha256:abc123 resHash=sha256:def456 verified=yes scope=orders.create";
-        const record = (0, audit_js_1.parseAuditLine)(auditLine);
-        (0, vitest_1.expect)(record).toBeTruthy();
-        (0, vitest_1.expect)(record.version).toBe("audit.v1");
-        (0, vitest_1.expect)(record.ts).toBe(1640995200);
-        (0, vitest_1.expect)(record.session).toBe("sess_test_123");
-        (0, vitest_1.expect)(record.audience).toBe("example.com");
-        (0, vitest_1.expect)(record.did).toBe("did:web:example.com:agents:test-agent");
-        (0, vitest_1.expect)(record.kid).toBe("key-test-123");
-        (0, vitest_1.expect)(record.reqHash).toBe("sha256:abc123");
-        (0, vitest_1.expect)(record.resHash).toBe("sha256:def456");
-        (0, vitest_1.expect)(record.verified).toBe("yes");
-        (0, vitest_1.expect)(record.scope).toBe("orders.create");
-    });
-    (0, vitest_1.it)("should parse audit line with no scope", () => {
-        const auditLine = "audit.v1 ts=1640995200 session=sess_test_123 audience=example.com did=did:web:example.com:agents:test-agent kid=key-test-123 reqHash=sha256:abc123 resHash=sha256:def456 verified=no scope=-";
-        const record = (0, audit_js_1.parseAuditLine)(auditLine);
-        (0, vitest_1.expect)(record).toBeTruthy();
-        (0, vitest_1.expect)(record.verified).toBe("no");
-        (0, vitest_1.expect)(record.scope).toBe("-");
-    });
-    (0, vitest_1.it)("should return null for invalid audit line", () => {
-        const invalidLines = [
-            "invalid line",
-            "audit.v1 incomplete",
-            "wrong.version ts=123 session=test",
-            "audit.v1 ts=invalid session=test audience=test",
-        ];
-        for (const line of invalidLines) {
-            (0, vitest_1.expect)((0, audit_js_1.parseAuditLine)(line)).toBeNull();
-        }
-    });
-});
-(0, vitest_1.describe)("Audit Record Validation", () => {
-    (0, vitest_1.it)("should validate correct audit record", () => {
-        const validRecord = {
-            version: "audit.v1",
-            ts: 1640995200,
-            session: "sess_test_123",
-            audience: "example.com",
-            did: "did:web:example.com:agents:test-agent",
-            kid: "key-test-123",
-            reqHash: "sha256:abc123",
-            resHash: "sha256:def456",
-            verified: "yes",
-            scope: "orders.create",
-        };
-        (0, vitest_1.expect)((0, audit_js_1.validateAuditRecord)(validRecord)).toBe(true);
-    });
-    (0, vitest_1.it)("should reject invalid audit records", () => {
-        const invalidRecords = [
-            null,
-            undefined,
-            {},
-            { version: "wrong.version" },
-            { version: "audit.v1", ts: "invalid" },
-            { version: "audit.v1", ts: 123, verified: "maybe" },
-            { version: "audit.v1", ts: 123, reqHash: "invalid-hash" },
-        ];
-        for (const record of invalidRecords) {
-            (0, vitest_1.expect)((0, audit_js_1.validateAuditRecord)(record)).toBe(false);
-        }
-    });
-});

package/dist/runtime/__tests__/identity.test.d.ts

@@ -1,4 +0,0 @@
-/**
- * Tests for Identity Management System
- */
-export {};

package/dist/runtime/__tests__/identity.test.js

@@ -1,164 +0,0 @@
-"use strict";
-/**
- * Tests for Identity Management System
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-const vitest_1 = require("vitest");
-const fs_1 = require("fs");
-const promises_1 = require("fs/promises");
-const path_1 = require("path");
-const identity_js_1 = require("../identity.js");
-// Mock environment variables
-const originalEnv = process.env;
-(0, vitest_1.describe)("IdentityManager", () => {
-    let tempDir;
-    let identityManager;
-    (0, vitest_1.beforeEach)(async () => {
-        // Create temp directory for tests
-        tempDir = (0, path_1.join)(process.cwd(), ".test-mcpi");
-        await (0, promises_1.mkdir)(tempDir, { recursive: true });
-        // Reset environment
-        process.env = { ...originalEnv };
-        delete process.env.AGENT_PRIVATE_KEY;
-        delete process.env.AGENT_KEY_ID;
-        delete process.env.AGENT_DID;
-        delete process.env.KYA_VOUCHED_API_KEY;
-    });
-    (0, vitest_1.afterEach)(async () => {
-        // Cleanup
-        try {
-            if ((0, fs_1.existsSync)(tempDir)) {
-                await (0, promises_1.rmdir)(tempDir, { recursive: true });
-            }
-        }
-        catch (error) {
-            // Ignore cleanup errors
-        }
-        // Restore environment
-        process.env = originalEnv;
-    });
-    (0, vitest_1.describe)("Development Environment", () => {
-        (0, vitest_1.beforeEach)(() => {
-            identityManager = new identity_js_1.IdentityManager({
-                environment: "development",
-                devIdentityPath: (0, path_1.join)(tempDir, "identity.json"),
-            });
-        });
-        (0, vitest_1.it)("should generate new identity when none exists", async () => {
-            const identity = await identityManager.ensureIdentity();
-            (0, vitest_1.expect)(identity).toBeDefined();
-            (0, vitest_1.expect)(identity.did).toMatch(/^did:web:localhost:3000:agents:key-[a-f0-9]{8}$/);
-            (0, vitest_1.expect)(identity.keyId).toMatch(/^key-[a-f0-9]{8}$/);
-            (0, vitest_1.expect)(identity.privateKey).toBeTruthy();
-            (0, vitest_1.expect)(identity.publicKey).toBeTruthy();
-            (0, vitest_1.expect)(identity.createdAt).toBeTruthy();
-            // Verify keys are base64 encoded
-            (0, vitest_1.expect)(() => Buffer.from(identity.privateKey, "base64")).not.toThrow();
-            (0, vitest_1.expect)(() => Buffer.from(identity.publicKey, "base64")).not.toThrow();
-        });
-        (0, vitest_1.it)("should load existing identity from file", async () => {
-            // Generate first identity
-            const identity1 = await identityManager.ensureIdentity();
-            // Create new manager instance
-            const identityManager2 = new identity_js_1.IdentityManager({
-                environment: "development",
-                devIdentityPath: (0, path_1.join)(tempDir, "identity.json"),
-            });
-            // Should load the same identity
-            const identity2 = await identityManager2.ensureIdentity();
-            (0, vitest_1.expect)(identity2.did).toBe(identity1.did);
-            (0, vitest_1.expect)(identity2.keyId).toBe(identity1.keyId);
-            (0, vitest_1.expect)(identity2.privateKey).toBe(identity1.privateKey);
-            (0, vitest_1.expect)(identity2.publicKey).toBe(identity1.publicKey);
-        });
-        (0, vitest_1.it)("should cache identity after first load", async () => {
-            const identity1 = await identityManager.ensureIdentity();
-            const identity2 = await identityManager.ensureIdentity();
-            (0, vitest_1.expect)(identity1).toBe(identity2); // Same object reference
-        });
-        (0, vitest_1.it)("should regenerate identity if file is corrupted", async () => {
-            const identityPath = (0, path_1.join)(tempDir, "identity.json");
-            // Write corrupted file
-            await import("fs/promises").then((fs) => fs.writeFile(identityPath, "invalid json", "utf-8"));
-            // Should generate new identity
-            const identity = await identityManager.ensureIdentity();
-            (0, vitest_1.expect)(identity).toBeDefined();
-            (0, vitest_1.expect)(identity.did).toMatch(/^did:web:localhost:3000:agents:key-[a-f0-9]{8}$/);
-        });
-        (0, vitest_1.it)("should validate identity correctly", async () => {
-            const identity = await identityManager.ensureIdentity();
-            const isValid = await identityManager.validateIdentity(identity);
-            (0, vitest_1.expect)(isValid).toBe(true);
-        });
-        (0, vitest_1.it)("should reject invalid identity", async () => {
-            const invalidIdentity = {
-                did: "invalid-did",
-                keyId: "key-1",
-                privateKey: "invalid-key",
-                publicKey: "invalid-key",
-                createdAt: new Date().toISOString(),
-            };
-            const isValid = await identityManager.validateIdentity(invalidIdentity);
-            (0, vitest_1.expect)(isValid).toBe(false);
-        });
-    });
-    (0, vitest_1.describe)("Production Environment", () => {
-        (0, vitest_1.beforeEach)(() => {
-            identityManager = new identity_js_1.IdentityManager({
-                environment: "production",
-            });
-        });
-        (0, vitest_1.it)("should load identity from environment variables", async () => {
-            // Set up environment variables
-            process.env.AGENT_PRIVATE_KEY = Buffer.from("test-private-key-32-bytes-long!!").toString("base64");
-            process.env.AGENT_KEY_ID = "key-prod-123";
-            process.env.AGENT_DID = "did:web:example.com:agents:my-agent";
-            process.env.KYA_VOUCHED_API_KEY = "test-api-key";
-            const identity = await identityManager.ensureIdentity();
-            (0, vitest_1.expect)(identity.did).toBe("did:web:example.com:agents:my-agent");
-            (0, vitest_1.expect)(identity.keyId).toBe("key-prod-123");
-            (0, vitest_1.expect)(identity.privateKey).toBe(process.env.AGENT_PRIVATE_KEY);
-            (0, vitest_1.expect)(identity.publicKey).toBeTruthy();
-        });
-        (0, vitest_1.it)("should fail fast when environment variables are missing", async () => {
-            // Only set some variables
-            process.env.AGENT_DID = "did:web:example.com:agents:my-agent";
-            process.env.AGENT_KEY_ID = "key-prod-123";
-            await (0, vitest_1.expect)(identityManager.ensureIdentity()).rejects.toThrow(vitest_1.expect.objectContaining({
-                message: vitest_1.expect.stringContaining("Missing required environment variables"),
-                code: identity_js_1.IDENTITY_ERRORS.ENOIDENTITY,
-            }));
-        });
-        (0, vitest_1.it)("should list all missing environment variables", async () => {
-            const error = await identityManager.ensureIdentity().catch((e) => e);
-            (0, vitest_1.expect)(error.message).toContain("AGENT_PRIVATE_KEY, AGENT_KEY_ID, AGENT_DID, KYA_VOUCHED_API_KEY");
-        });
-    });
-    (0, vitest_1.describe)("Configuration", () => {
-        (0, vitest_1.it)("should use single public DID by default", () => {
-            const manager = new identity_js_1.IdentityManager();
-            const config = manager.getConfig();
-            (0, vitest_1.expect)(config.privacyMode).toBe(false);
-        });
-        (0, vitest_1.it)("should allow privacy mode configuration", () => {
-            const manager = new identity_js_1.IdentityManager({
-                environment: "development",
-                privacyMode: true,
-            });
-            const config = manager.getConfig();
-            (0, vitest_1.expect)(config.privacyMode).toBe(true);
-        });
-        (0, vitest_1.it)("should clear cache when requested", async () => {
-            const manager = new identity_js_1.IdentityManager({
-                environment: "development",
-                devIdentityPath: (0, path_1.join)(tempDir, "identity.json"),
-            });
-            const identity1 = await manager.ensureIdentity();
-            manager.clearCache();
-            const identity2 = await manager.ensureIdentity();
-            // Should be different object references but same content
-            (0, vitest_1.expect)(identity1).not.toBe(identity2);
-            (0, vitest_1.expect)(identity1.did).toBe(identity2.did);
-        });
-    });
-});

package/dist/runtime/__tests__/mcpi-runtime.test.d.ts

@@ -1,4 +0,0 @@
-/**
- * Tests for XMCP-I Runtime Integration
- */
-export {};