@kya-os/mcp-i 1.2.11 → 1.3.0

package/dist/providers/node-providers.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Node.js Provider Implementations
+ *
+ * Wraps existing Node.js implementations to work with the provider-based core.
+ * This maintains backward compatibility while enabling the new architecture.
+ */
+import { CryptoProvider, ClockProvider, FetchProvider, StorageProvider, NonceCacheProvider, IdentityProvider, type AgentIdentity } from '@kya-os/mcp-i-core';
+/**
+ * Node.js Crypto Provider using built-in crypto module
+ */
+export declare class NodeCryptoProvider extends CryptoProvider {
+    sign(data: Uint8Array, privateKeyBase64: string): Promise<Uint8Array>;
+    verify(data: Uint8Array, signature: Uint8Array, publicKeyBase64: string): Promise<boolean>;
+    generateKeyPair(): Promise<{
+        privateKey: string;
+        publicKey: string;
+    }>;
+    hash(data: Uint8Array): Promise<Uint8Array>;
+    randomBytes(length: number): Promise<Uint8Array>;
+}
+/**
+ * Node.js Clock Provider
+ */
+export declare class NodeClockProvider extends ClockProvider {
+    now(): number;
+    isWithinSkew(timestamp: number, skewSeconds: number): boolean;
+    hasExpired(expiresAt: number): boolean;
+    calculateExpiry(ttlSeconds: number): number;
+    format(timestamp: number): string;
+}
+/**
+ * Node.js Fetch Provider using axios
+ */
+export declare class NodeFetchProvider extends FetchProvider {
+    resolveDID(did: string): Promise<any>;
+    fetchStatusList(url: string): Promise<any>;
+    fetchDelegationChain(id: string): Promise<any[]>;
+    fetch(url: string, options?: any): Promise<Response>;
+}
+/**
+ * File System Storage Provider
+ */
+export declare class FileStorageProvider extends StorageProvider {
+    private basePath;
+    constructor(basePath: string);
+    get(key: string): Promise<string | null>;
+    set(key: string, value: string): Promise<void>;
+    delete(key: string): Promise<void>;
+    exists(key: string): Promise<boolean>;
+    list(prefix?: string): Promise<string[]>;
+}
+/**
+ * File System Identity Provider
+ */
+export declare class FileIdentityProvider extends IdentityProvider {
+    private basePath;
+    private cryptoProvider;
+    private identityFile;
+    constructor(basePath: string, cryptoProvider: CryptoProvider);
+    getIdentity(): Promise<AgentIdentity>;
+    saveIdentity(identity: AgentIdentity): Promise<void>;
+    rotateKeys(): Promise<AgentIdentity>;
+    deleteIdentity(): Promise<void>;
+    private generateDIDFromPublicKey;
+}
+/**
+ * Get nonce cache provider based on environment
+ */
+export declare function getNonceCacheProvider(): NonceCacheProvider;

package/dist/providers/node-providers.js

@@ -0,0 +1,368 @@
+"use strict";
+/**
+ * Node.js Provider Implementations
+ *
+ * Wraps existing Node.js implementations to work with the provider-based core.
+ * This maintains backward compatibility while enabling the new architecture.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FileIdentityProvider = exports.FileStorageProvider = exports.NodeFetchProvider = exports.NodeClockProvider = exports.NodeCryptoProvider = void 0;
+exports.getNonceCacheProvider = getNonceCacheProvider;
+const crypto = __importStar(require("crypto"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const axios_1 = __importDefault(require("axios"));
+const mcp_i_core_1 = require("@kya-os/mcp-i-core");
+/**
+ * Node.js Crypto Provider using built-in crypto module
+ */
+class NodeCryptoProvider extends mcp_i_core_1.CryptoProvider {
+    async sign(data, privateKeyBase64) {
+        const privateKey = Buffer.from(privateKeyBase64, 'base64');
+        // Handle both raw 32-byte and full 64-byte Ed25519 keys
+        const keyBytes = privateKey.length === 64 ? privateKey.subarray(0, 32) : privateKey;
+        // Wrap in PKCS8 format for Node.js crypto
+        const pkcs8 = Buffer.concat([
+            Buffer.from('302e020100300506032b657004220420', 'hex'),
+            keyBytes
+        ]);
+        const keyObject = crypto.createPrivateKey({
+            key: pkcs8,
+            format: 'der',
+            type: 'pkcs8'
+        });
+        const signature = crypto.sign(null, Buffer.from(data), keyObject);
+        return new Uint8Array(signature);
+    }
+    async verify(data, signature, publicKeyBase64) {
+        try {
+            const publicKey = Buffer.from(publicKeyBase64, 'base64');
+            // Wrap in SPKI format for Node.js crypto
+            const spki = Buffer.concat([
+                Buffer.from('302a300506032b6570032100', 'hex'),
+                publicKey
+            ]);
+            const keyObject = crypto.createPublicKey({
+                key: spki,
+                format: 'der',
+                type: 'spki'
+            });
+            return crypto.verify(null, Buffer.from(data), keyObject, Buffer.from(signature));
+        }
+        catch {
+            return false;
+        }
+    }
+    async generateKeyPair() {
+        const { publicKey, privateKey } = crypto.generateKeyPairSync('ed25519', {
+            publicKeyEncoding: { type: 'spki', format: 'der' },
+            privateKeyEncoding: { type: 'pkcs8', format: 'der' }
+        });
+        // Extract raw keys from DER encoding
+        const rawPrivate = privateKey.subarray(16, 48);
+        const rawPublic = publicKey.subarray(12, 44);
+        return {
+            privateKey: rawPrivate.toString('base64'),
+            publicKey: rawPublic.toString('base64')
+        };
+    }
+    async hash(data) {
+        const hash = crypto.createHash('sha256').update(Buffer.from(data)).digest();
+        return new Uint8Array(hash);
+    }
+    async randomBytes(length) {
+        return new Uint8Array(crypto.randomBytes(length));
+    }
+}
+exports.NodeCryptoProvider = NodeCryptoProvider;
+/**
+ * Node.js Clock Provider
+ */
+class NodeClockProvider extends mcp_i_core_1.ClockProvider {
+    now() {
+        return Date.now();
+    }
+    isWithinSkew(timestamp, skewSeconds) {
+        const now = this.now();
+        const skewMs = skewSeconds * 1000;
+        return Math.abs(now - timestamp) <= skewMs;
+    }
+    hasExpired(expiresAt) {
+        return this.now() > expiresAt;
+    }
+    calculateExpiry(ttlSeconds) {
+        return this.now() + (ttlSeconds * 1000);
+    }
+    format(timestamp) {
+        return new Date(timestamp).toISOString();
+    }
+}
+exports.NodeClockProvider = NodeClockProvider;
+/**
+ * Node.js Fetch Provider using axios
+ */
+class NodeFetchProvider extends mcp_i_core_1.FetchProvider {
+    async resolveDID(did) {
+        if (did.startsWith('did:key:')) {
+            const publicKeyMultibase = did.slice('did:key:'.length);
+            return {
+                '@context': ['https://www.w3.org/ns/did/v1'],
+                id: did,
+                verificationMethod: [{
+                        id: `${did}#key-1`,
+                        type: 'Ed25519VerificationKey2020',
+                        controller: did,
+                        publicKeyMultibase
+                    }],
+                authentication: [`${did}#key-1`],
+                assertionMethod: [`${did}#key-1`]
+            };
+        }
+        if (did.startsWith('did:web:')) {
+            const domain = did.slice('did:web:'.length).replace(/:/g, '/');
+            const url = `https://${domain}/.well-known/did.json`;
+            const response = await axios_1.default.get(url);
+            return response.data;
+        }
+        throw new Error(`Unsupported DID method: ${did}`);
+    }
+    async fetchStatusList(url) {
+        const response = await axios_1.default.get(url);
+        return response.data;
+    }
+    async fetchDelegationChain(id) {
+        // Would fetch from a delegation registry
+        return [];
+    }
+    async fetch(url, options) {
+        const response = await (0, axios_1.default)({
+            url,
+            method: options?.method || 'GET',
+            headers: options?.headers || {},
+            data: options?.body
+        });
+        // Create a Response-like object
+        return {
+            ok: response.status >= 200 && response.status < 300,
+            status: response.status,
+            statusText: response.statusText,
+            headers: new Headers(response.headers),
+            json: async () => response.data,
+            text: async () => JSON.stringify(response.data),
+            blob: async () => new Blob([JSON.stringify(response.data)]),
+            arrayBuffer: async () => {
+                const encoder = new TextEncoder();
+                return encoder.encode(JSON.stringify(response.data)).buffer;
+            },
+            bytes: async () => {
+                const encoder = new TextEncoder();
+                return encoder.encode(JSON.stringify(response.data));
+            },
+            formData: async () => { throw new Error('Not implemented'); },
+            clone: () => { throw new Error('Not implemented'); },
+            body: null,
+            bodyUsed: false,
+            redirected: false,
+            type: 'basic',
+            url
+        };
+    }
+}
+exports.NodeFetchProvider = NodeFetchProvider;
+/**
+ * File System Storage Provider
+ */
+class FileStorageProvider extends mcp_i_core_1.StorageProvider {
+    basePath;
+    constructor(basePath) {
+        super();
+        this.basePath = basePath;
+        fs.mkdirSync(basePath, { recursive: true });
+    }
+    async get(key) {
+        try {
+            const filePath = path.join(this.basePath, key);
+            return fs.readFileSync(filePath, 'utf-8');
+        }
+        catch {
+            return null;
+        }
+    }
+    async set(key, value) {
+        const filePath = path.join(this.basePath, key);
+        const dir = path.dirname(filePath);
+        fs.mkdirSync(dir, { recursive: true });
+        fs.writeFileSync(filePath, value);
+    }
+    async delete(key) {
+        try {
+            const filePath = path.join(this.basePath, key);
+            fs.unlinkSync(filePath);
+        }
+        catch {
+            // Ignore if file doesn't exist
+        }
+    }
+    async exists(key) {
+        const filePath = path.join(this.basePath, key);
+        return fs.existsSync(filePath);
+    }
+    async list(prefix) {
+        const files = [];
+        const basePath = this.basePath;
+        function walk(dir) {
+            const entries = fs.readdirSync(dir, { withFileTypes: true });
+            for (const entry of entries) {
+                const fullPath = path.join(dir, entry.name);
+                if (entry.isDirectory()) {
+                    walk(fullPath);
+                }
+                else {
+                    const relativePath = path.relative(basePath, fullPath);
+                    if (!prefix || relativePath.startsWith(prefix)) {
+                        files.push(relativePath);
+                    }
+                }
+            }
+        }
+        walk(this.basePath);
+        return files;
+    }
+}
+exports.FileStorageProvider = FileStorageProvider;
+/**
+ * File System Identity Provider
+ */
+class FileIdentityProvider extends mcp_i_core_1.IdentityProvider {
+    basePath;
+    cryptoProvider;
+    identityFile;
+    constructor(basePath, cryptoProvider) {
+        super();
+        this.basePath = basePath;
+        this.cryptoProvider = cryptoProvider;
+        this.identityFile = path.join(basePath, 'identity.json');
+        fs.mkdirSync(basePath, { recursive: true });
+    }
+    async getIdentity() {
+        // Try to load from environment first
+        if (process.env.MCP_IDENTITY_PRIVATE_KEY &&
+            process.env.MCP_IDENTITY_PUBLIC_KEY &&
+            process.env.MCP_IDENTITY_AGENT_DID) {
+            return {
+                did: process.env.MCP_IDENTITY_AGENT_DID,
+                keyId: `${process.env.MCP_IDENTITY_AGENT_DID}#key-1`,
+                privateKey: process.env.MCP_IDENTITY_PRIVATE_KEY,
+                publicKey: process.env.MCP_IDENTITY_PUBLIC_KEY,
+                createdAt: new Date().toISOString(),
+                type: 'production'
+            };
+        }
+        // Try to load from file
+        if (fs.existsSync(this.identityFile)) {
+            const data = fs.readFileSync(this.identityFile, 'utf-8');
+            return JSON.parse(data);
+        }
+        // Generate new identity
+        const keyPair = await this.cryptoProvider.generateKeyPair();
+        const did = this.generateDIDFromPublicKey(keyPair.publicKey);
+        const identity = {
+            did,
+            keyId: `${did}#key-1`,
+            privateKey: keyPair.privateKey,
+            publicKey: keyPair.publicKey,
+            createdAt: new Date().toISOString(),
+            type: 'development'
+        };
+        await this.saveIdentity(identity);
+        return identity;
+    }
+    async saveIdentity(identity) {
+        fs.writeFileSync(this.identityFile, JSON.stringify(identity, null, 2));
+    }
+    async rotateKeys() {
+        const keyPair = await this.cryptoProvider.generateKeyPair();
+        const did = this.generateDIDFromPublicKey(keyPair.publicKey);
+        const identity = {
+            did,
+            keyId: `${did}#key-1`,
+            privateKey: keyPair.privateKey,
+            publicKey: keyPair.publicKey,
+            createdAt: new Date().toISOString(),
+            type: 'development'
+        };
+        await this.saveIdentity(identity);
+        return identity;
+    }
+    async deleteIdentity() {
+        try {
+            fs.unlinkSync(this.identityFile);
+        }
+        catch {
+            // Ignore if file doesn't exist
+        }
+    }
+    generateDIDFromPublicKey(publicKey) {
+        const keyHash = Buffer.from(publicKey, 'base64')
+            .toString('base64url')
+            .substring(0, 32);
+        return `did:key:z${keyHash}`;
+    }
+}
+exports.FileIdentityProvider = FileIdentityProvider;
+/**
+ * Get nonce cache provider based on environment
+ */
+function getNonceCacheProvider() {
+    const cacheType = process.env.MCPI_NONCE_CACHE_TYPE ||
+        process.env.XMCPI_NONCE_CACHE_TYPE ||
+        'memory';
+    switch (cacheType) {
+        case 'redis':
+            // TODO: Add Redis support
+            console.warn('Redis cache not yet supported in this version, falling back to memory');
+            return new mcp_i_core_1.MemoryNonceCacheProvider();
+        case 'dynamodb':
+            // TODO: Add DynamoDB support
+            console.warn('DynamoDB cache not yet supported in this version, falling back to memory');
+            return new mcp_i_core_1.MemoryNonceCacheProvider();
+        default:
+            return new mcp_i_core_1.MemoryNonceCacheProvider();
+    }
+}

package/dist/runtime/index.d.ts

@@ -4,7 +4,8 @@
  * Identity-aware MCP runtime with proof generation, session management,
  * audit logging, and well-known endpoints.
  */
-export { MCPIRuntime, createMCPIRuntime, RuntimeFactory, RUNTIME_ERRORS, type MCPIRuntimeConfig, type RuntimeEnvironment, } from "./mcpi-runtime";
+export { MCPIRuntimeWrapper as MCPIRuntime, createMCPIRuntime } from "./mcpi-runtime-wrapper";
+export { RuntimeFactory, RUNTIME_ERRORS, type MCPIRuntimeConfig, type RuntimeEnvironment, } from "./mcpi-runtime";
 export { IdentityManager, defaultIdentityManager, ensureIdentity, IDENTITY_ERRORS, type AgentIdentity, type DevIdentityFile, type ProdEnvironment, type IdentityConfig, } from "./identity";
 export { SessionManager, defaultSessionManager, createHandshakeRequest, validateHandshakeFormat, type SessionConfig, type HandshakeResult, } from "./session";
 export { ProofGenerator, createProofResponse, extractCanonicalData, type ToolRequest, type ToolResponse, type ProofOptions, } from "./proof";

package/dist/runtime/index.js

@@ -7,10 +7,12 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.formatVerifyLink = exports.DemoConsole = exports.createDemoManager = exports.DemoManager = exports.createDebugEndpoint = exports.DebugManager = exports.extractDIDFromPath = exports.validateAgentDocument = exports.validateDIDDocument = exports.createWellKnownHandler = exports.WellKnownManager = exports.validateAuditRecord = exports.parseAuditLine = exports.logKeyRotationAudit = exports.defaultAuditLogger = exports.AuditLogger = exports.extractCanonicalData = exports.createProofResponse = exports.ProofGenerator = exports.validateHandshakeFormat = exports.createHandshakeRequest = exports.defaultSessionManager = exports.SessionManager = exports.IDENTITY_ERRORS = exports.ensureIdentity = exports.defaultIdentityManager = exports.IdentityManager = exports.RUNTIME_ERRORS = exports.RuntimeFactory = exports.createMCPIRuntime = exports.MCPIRuntime = void 0;
-// Main runtime
+// Main runtime - now using core with Node.js providers
+var mcpi_runtime_wrapper_1 = require("./mcpi-runtime-wrapper");
+Object.defineProperty(exports, "MCPIRuntime", { enumerable: true, get: function () { return mcpi_runtime_wrapper_1.MCPIRuntimeWrapper; } });
+Object.defineProperty(exports, "createMCPIRuntime", { enumerable: true, get: function () { return mcpi_runtime_wrapper_1.createMCPIRuntime; } });
+// Legacy exports for compatibility
 var mcpi_runtime_1 = require("./mcpi-runtime");
-Object.defineProperty(exports, "MCPIRuntime", { enumerable: true, get: function () { return mcpi_runtime_1.MCPIRuntime; } });
-Object.defineProperty(exports, "createMCPIRuntime", { enumerable: true, get: function () { return mcpi_runtime_1.createMCPIRuntime; } });
 Object.defineProperty(exports, "RuntimeFactory", { enumerable: true, get: function () { return mcpi_runtime_1.RuntimeFactory; } });
 Object.defineProperty(exports, "RUNTIME_ERRORS", { enumerable: true, get: function () { return mcpi_runtime_1.RUNTIME_ERRORS; } });
 // Identity management

package/dist/runtime/mcpi-runtime-wrapper.d.ts

@@ -0,0 +1,19 @@
+/**
+ * MCPIRuntime Wrapper
+ *
+ * Extends the core runtime with Node.js-specific providers while
+ * maintaining the exact same API for backward compatibility.
+ */
+import { MCPIRuntimeBase } from '@kya-os/mcp-i-core';
+import type { MCPIRuntimeConfig } from './mcpi-runtime';
+/**
+ * Enhanced MCPIRuntime using the core with Node.js providers
+ */
+export declare class MCPIRuntimeWrapper extends MCPIRuntimeBase {
+    private legacyConfig;
+    constructor(config?: MCPIRuntimeConfig);
+}
+/**
+ * Factory function for creating runtime
+ */
+export declare function createMCPIRuntime(config?: MCPIRuntimeConfig): MCPIRuntimeWrapper;

package/dist/runtime/mcpi-runtime-wrapper.js

@@ -0,0 +1,70 @@
+"use strict";
+/**
+ * MCPIRuntime Wrapper
+ *
+ * Extends the core runtime with Node.js-specific providers while
+ * maintaining the exact same API for backward compatibility.
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MCPIRuntimeWrapper = void 0;
+exports.createMCPIRuntime = createMCPIRuntime;
+const mcp_i_core_1 = require("@kya-os/mcp-i-core");
+const node_providers_1 = require("../providers/node-providers");
+const path_1 = __importDefault(require("path"));
+/**
+ * Convert legacy config to provider-based config
+ */
+function createProvidersFromConfig(config) {
+    const cryptoProvider = new node_providers_1.NodeCryptoProvider();
+    const clockProvider = new node_providers_1.NodeClockProvider();
+    const fetchProvider = new node_providers_1.NodeFetchProvider();
+    const identityPath = config.identity?.devIdentityPath ||
+        path_1.default.join(process.cwd(), '.mcp-i');
+    const storageProvider = new node_providers_1.FileStorageProvider(identityPath);
+    const identityProvider = new node_providers_1.FileIdentityProvider(identityPath, cryptoProvider);
+    const nonceCacheProvider = (0, node_providers_1.getNonceCacheProvider)();
+    return {
+        cryptoProvider,
+        clockProvider,
+        fetchProvider,
+        storageProvider,
+        nonceCacheProvider,
+        identityProvider,
+        environment: config.identity?.environment || 'development',
+        timestampSkewSeconds: config.session?.timestampSkewSeconds || 120,
+        sessionTtlMinutes: config.session?.sessionTtlMinutes || 30,
+        audit: config.audit ? {
+            enabled: config.audit.enabled !== false,
+            logFunction: config.audit.logFunction,
+            includePayloads: config.audit.includePayloads
+        } : undefined,
+        wellKnown: config.wellKnown ? {
+            enabled: true,
+            serviceName: config.wellKnown.agentMetadata?.name,
+            serviceEndpoint: config.wellKnown.baseUrl
+        } : undefined,
+        showVerifyLink: config.runtime?.showVerifyLink !== false,
+        identityBadge: config.demo?.identityBadge || config.runtime?.identityBadge || false
+    };
+}
+/**
+ * Enhanced MCPIRuntime using the core with Node.js providers
+ */
+class MCPIRuntimeWrapper extends mcp_i_core_1.MCPIRuntimeBase {
+    legacyConfig;
+    constructor(config = {}) {
+        const coreConfig = createProvidersFromConfig(config);
+        super(coreConfig);
+        this.legacyConfig = config;
+    }
+}
+exports.MCPIRuntimeWrapper = MCPIRuntimeWrapper;
+/**
+ * Factory function for creating runtime
+ */
+function createMCPIRuntime(config) {
+    return new MCPIRuntimeWrapper(config);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kya-os/mcp-i",
-  "version": "1.2.11",
+  "version": "1.3.0",
   "description": "The TypeScript MCP framework with identity features built-in",
   "type": "commonjs",
   "main": "dist/index.js",
@@ -47,6 +47,7 @@
   ],
   "dependencies": {
     "@kya-os/contracts": "^1.2.0",
+    "@kya-os/mcp-i-core": "^1.0.0",
     "@modelcontextprotocol/sdk": "^1.11.4",
     "@swc/core": "^1.11.24",
     "@types/express": "^5.0.1",