@kya-os/mcp-i 1.4.0 → 1.5.1

package/dist/runtime/delegation-verifier-memory.js

@@ -0,0 +1,128 @@
+"use strict";
+/**
+ * Memory Delegation Verifier
+ *
+ * Simple in-memory delegation storage for testing and development.
+ * NOT suitable for production - delegations lost on restart.
+ *
+ * Use for:
+ * - Unit tests
+ * - Local development
+ * - Integration tests
+ *
+ * Related: PHASE_1_XMCP_I_SERVER.md Testing section
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MemoryDelegationVerifier = void 0;
+const delegation_1 = require("@kya-os/contracts/delegation");
+const delegation_verifier_1 = require("./delegation-verifier");
+/**
+ * Memory Delegation Verifier
+ *
+ * Simple in-memory storage (for testing only)
+ */
+class MemoryDelegationVerifier {
+    delegations = new Map();
+    agentIndex = new Map(); // agentDid -> Set<delegationId>
+    debug;
+    constructor(config) {
+        this.debug = config.debug || false;
+    }
+    /**
+     * Verify agent delegation
+     */
+    async verify(agentDid, scopes, _options) {
+        // Find all delegations for this agent
+        const delegationIds = this.agentIndex.get(agentDid);
+        if (!delegationIds || delegationIds.size === 0) {
+            return {
+                valid: false,
+                reason: 'No delegation found for agent',
+                cached: false,
+            };
+        }
+        // Check each delegation to find one with matching scopes
+        for (const id of delegationIds) {
+            const delegation = this.delegations.get(id);
+            if (!delegation)
+                continue;
+            // Validate delegation
+            const validation = (0, delegation_verifier_1.validateDelegation)(delegation);
+            if (!validation.valid)
+                continue;
+            // Check scopes
+            const delegationScopes = (0, delegation_verifier_1.extractScopes)(delegation);
+            if ((0, delegation_verifier_1.checkScopes)(delegationScopes, scopes)) {
+                return {
+                    valid: true,
+                    delegation,
+                    cached: false,
+                };
+            }
+        }
+        // No matching delegation found
+        return {
+            valid: false,
+            reason: 'No delegation with required scopes',
+            cached: false,
+        };
+    }
+    /**
+     * Get delegation by ID
+     */
+    async get(delegationId) {
+        return this.delegations.get(delegationId) || null;
+    }
+    /**
+     * Store delegation
+     */
+    async put(delegation) {
+        // Validate first
+        const parsed = delegation_1.DelegationRecordSchema.safeParse(delegation);
+        if (!parsed.success) {
+            throw new Error(`Invalid delegation record: ${parsed.error.message}`);
+        }
+        const validated = parsed.data;
+        // Store delegation
+        this.delegations.set(validated.id, validated);
+        // Update agent index
+        if (!this.agentIndex.has(validated.subjectDid)) {
+            this.agentIndex.set(validated.subjectDid, new Set());
+        }
+        this.agentIndex.get(validated.subjectDid).add(validated.id);
+        if (this.debug) {
+            console.log(`[Memory] Stored delegation ${validated.id}`);
+        }
+    }
+    /**
+     * Revoke delegation
+     */
+    async revoke(delegationId, reason) {
+        const delegation = this.delegations.get(delegationId);
+        if (!delegation) {
+            throw new Error(`Delegation not found: ${delegationId}`);
+        }
+        delegation.status = 'revoked';
+        delegation.revokedAt = Date.now();
+        if (reason) {
+            delegation.revokedReason = reason;
+        }
+        if (this.debug) {
+            console.log(`[Memory] Revoked delegation ${delegationId}`);
+        }
+    }
+    /**
+     * Clear all delegations (for testing)
+     */
+    clear() {
+        this.delegations.clear();
+        this.agentIndex.clear();
+    }
+    /**
+     * Get all delegations (for testing/debugging)
+     */
+    getAll() {
+        return Array.from(this.delegations.values());
+    }
+}
+exports.MemoryDelegationVerifier = MemoryDelegationVerifier;

package/dist/runtime/delegation-verifier.d.ts

@@ -0,0 +1,133 @@
+/**
+ * Delegation Verification Module
+ *
+ * This module provides the core interfaces and implementations for verifying
+ * agent delegations in the MCP-I bouncer architecture.
+ *
+ * Architecture:
+ * - DelegationVerifier: Abstract interface (Dependency Inversion Principle)
+ * - Concrete adapters: CloudflareKVVerifier, AgentShieldAPIVerifier
+ * - Factory: createDelegationVerifier() selects adapter based on config
+ *
+ * Related: PHASE_1_XMCP_I_SERVER.md Epic 1 (Delegation Storage Layer)
+ */
+import { DelegationRecord } from '@kya-os/contracts/delegation';
+/**
+ * Result of delegation verification
+ */
+export interface VerifyDelegationResult {
+    /** Whether delegation exists and is valid */
+    valid: boolean;
+    /** The delegation record (if found) */
+    delegation?: DelegationRecord;
+    /** Reason for invalid result */
+    reason?: string;
+    /** Whether result came from cache */
+    cached?: boolean;
+}
+/**
+ * Options for delegation verification
+ */
+export interface VerifyDelegationOptions {
+    /** Skip cache and force fresh lookup */
+    skipCache?: boolean;
+    /** Maximum cache age in milliseconds (default: 60000 = 1 minute) */
+    maxCacheAge?: number;
+}
+/**
+ * Abstract Delegation Verifier Interface
+ *
+ * Implementations:
+ * - CloudflareKVDelegationVerifier (local storage)
+ * - AgentShieldAPIDelegationVerifier (remote managed service)
+ *
+ * Follows Interface Segregation Principle (SOLID) - minimal required methods
+ */
+export interface DelegationVerifier {
+    /**
+     * Verify if agent has valid delegation for requested scopes
+     *
+     * @param agentDid - DID of the agent requesting access
+     * @param scopes - Required permission scopes
+     * @param options - Verification options
+     * @returns Verification result
+     */
+    verify(agentDid: string, scopes: string[], options?: VerifyDelegationOptions): Promise<VerifyDelegationResult>;
+    /**
+     * Get delegation record by ID
+     *
+     * @param delegationId - Unique delegation identifier
+     * @returns Delegation record or null if not found
+     */
+    get(delegationId: string): Promise<DelegationRecord | null>;
+    /**
+     * Store/update delegation record
+     *
+     * @param delegation - Delegation record to store
+     */
+    put(delegation: DelegationRecord): Promise<void>;
+    /**
+     * Revoke delegation
+     *
+     * @param delegationId - Delegation ID to revoke
+     * @param reason - Optional revocation reason
+     */
+    revoke(delegationId: string, reason?: string): Promise<void>;
+    /**
+     * Close any open connections (cleanup)
+     */
+    close?(): Promise<void>;
+}
+/**
+ * Helper: Extract scopes from delegation (handles both simple and CRISP formats)
+ *
+ * @param delegation - Delegation record
+ * @returns Array of scope strings
+ */
+export declare function extractScopes(delegation: DelegationRecord): string[];
+/**
+ * Helper: Check if delegation scopes satisfy required scopes
+ *
+ * @param delegationScopes - Scopes granted by delegation
+ * @param requiredScopes - Scopes required for operation
+ * @returns true if all required scopes are present
+ */
+export declare function checkScopes(delegationScopes: string[], requiredScopes: string[]): boolean;
+/**
+ * Helper: Validate delegation record completeness
+ *
+ * @param delegation - Delegation to validate
+ * @returns Validation result with reason
+ */
+export declare function validateDelegation(delegation: DelegationRecord): {
+    valid: boolean;
+    reason?: string;
+};
+/**
+ * Configuration for delegation verifiers
+ */
+export interface DelegationVerifierConfig {
+    /** Verifier type */
+    type: 'cloudflare-kv' | 'agentshield-api' | 'memory';
+    /** Cloudflare KV namespace (for cloudflare-kv type) */
+    kvNamespace?: any;
+    /** AgentShield API configuration (for agentshield-api type) */
+    agentshield?: {
+        apiUrl: string;
+        apiKey: string;
+    };
+    /** Cache TTL in milliseconds (default: 60000 = 1 minute) */
+    cacheTtl?: number;
+    /** Enable debug logging */
+    debug?: boolean;
+}
+/**
+ * Factory: Create delegation verifier based on config
+ *
+ * Note: We import all adapters statically for better compatibility.
+ * Tree-shaking will remove unused adapters in production builds.
+ *
+ * @param config - Verifier configuration
+ * @returns DelegationVerifier instance
+ */
+export declare function createDelegationVerifier(config: DelegationVerifierConfig): DelegationVerifier;

package/dist/runtime/delegation-verifier.js

@@ -0,0 +1,107 @@
+"use strict";
+/**
+ * Delegation Verification Module
+ *
+ * This module provides the core interfaces and implementations for verifying
+ * agent delegations in the MCP-I bouncer architecture.
+ *
+ * Architecture:
+ * - DelegationVerifier: Abstract interface (Dependency Inversion Principle)
+ * - Concrete adapters: CloudflareKVVerifier, AgentShieldAPIVerifier
+ * - Factory: createDelegationVerifier() selects adapter based on config
+ *
+ * Related: PHASE_1_XMCP_I_SERVER.md Epic 1 (Delegation Storage Layer)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractScopes = extractScopes;
+exports.checkScopes = checkScopes;
+exports.validateDelegation = validateDelegation;
+exports.createDelegationVerifier = createDelegationVerifier;
+const delegation_1 = require("@kya-os/contracts/delegation");
+/**
+ * Helper: Extract scopes from delegation (handles both simple and CRISP formats)
+ *
+ * @param delegation - Delegation record
+ * @returns Array of scope strings
+ */
+function extractScopes(delegation) {
+    // Try simple scopes first (Phase 1 format)
+    if (delegation.constraints?.scopes && delegation.constraints.scopes.length > 0) {
+        return delegation.constraints.scopes;
+    }
+    // Fall back to CRISP scopes
+    if (delegation.constraints?.crisp?.scopes && delegation.constraints.crisp.scopes.length > 0) {
+        // Convert CRISP scopes to simple strings (use resource as scope name)
+        return delegation.constraints.crisp.scopes.map((s) => s.resource);
+    }
+    return [];
+}
+/**
+ * Helper: Check if delegation scopes satisfy required scopes
+ *
+ * @param delegationScopes - Scopes granted by delegation
+ * @param requiredScopes - Scopes required for operation
+ * @returns true if all required scopes are present
+ */
+function checkScopes(delegationScopes, requiredScopes) {
+    // Check if delegation has all required scopes
+    return requiredScopes.every((required) => delegationScopes.includes(required));
+}
+/**
+ * Helper: Validate delegation record completeness
+ *
+ * @param delegation - Delegation to validate
+ * @returns Validation result with reason
+ */
+function validateDelegation(delegation) {
+    // Check if delegation is currently valid (active + time bounds)
+    if (!(0, delegation_1.isDelegationCurrentlyValid)(delegation)) {
+        if (delegation.status === 'revoked') {
+            return { valid: false, reason: 'Delegation revoked' };
+        }
+        if (delegation.status === 'expired') {
+            return { valid: false, reason: 'Delegation expired' };
+        }
+        return { valid: false, reason: 'Delegation not currently valid' };
+    }
+    // Check required fields
+    if (!delegation.subjectDid) {
+        return { valid: false, reason: 'Missing subjectDid' };
+    }
+    // Check for scopes (either simple array or CRISP scopes)
+    const hasScopes = (delegation.constraints?.scopes && delegation.constraints.scopes.length > 0) ||
+        (delegation.constraints?.crisp?.scopes && delegation.constraints.crisp.scopes.length > 0);
+    if (!hasScopes) {
+        return { valid: false, reason: 'Missing scopes' };
+    }
+    return { valid: true };
+}
+/**
+ * Factory: Create delegation verifier based on config
+ *
+ * Note: We import all adapters statically for better compatibility.
+ * Tree-shaking will remove unused adapters in production builds.
+ *
+ * @param config - Verifier configuration
+ * @returns DelegationVerifier instance
+ */
+function createDelegationVerifier(config) {
+    // Import adapters dynamically to avoid circular dependencies
+    // but keep them in the same file scope
+    let CloudflareKVDelegationVerifier;
+    let AgentShieldAPIDelegationVerifier;
+    let MemoryDelegationVerifier;
+    switch (config.type) {
+        case 'cloudflare-kv':
+            CloudflareKVDelegationVerifier = require('./delegation-verifier-kv').CloudflareKVDelegationVerifier;
+            return new CloudflareKVDelegationVerifier(config);
+        case 'agentshield-api':
+            AgentShieldAPIDelegationVerifier = require('./delegation-verifier-agentshield').AgentShieldAPIDelegationVerifier;
+            return new AgentShieldAPIDelegationVerifier(config);
+        case 'memory':
+            MemoryDelegationVerifier = require('./delegation-verifier-memory').MemoryDelegationVerifier;
+            return new MemoryDelegationVerifier(config);
+        default:
+            throw new Error(`Unknown delegation verifier type: ${config.type}`);
+    }
+}

package/dist/runtime/index.d.ts

@@ -13,5 +13,12 @@ export { AuditLogger, defaultAuditLogger, logKeyRotationAudit, parseAuditLine, v
 export { WellKnownManager, createWellKnownHandler, validateDIDDocument, validateAgentDocument, extractDIDFromPath, type DIDDocument, type VerificationMethod, type ServiceEndpoint, type AgentDocument, type WellKnownConfig, type WellKnownHandler, } from "./well-known";
 export { DebugManager, createDebugEndpoint, type DebugVerificationResult, type DebugPageData, } from "./debug";
 export { DemoManager, createDemoManager, DemoConsole, formatVerifyLink, type DemoConfig, } from "./demo";
+export { type DelegationVerifier, type DelegationVerifierConfig, type VerifyDelegationResult, type VerifyDelegationOptions, createDelegationVerifier, checkScopes, validateDelegation, extractScopes, } from "./delegation-verifier";
+export { type AuthHandshakeConfig, type VerifyOrHintsResult, type AgentReputation, type ResumeTokenStore, verifyOrHints, hasSensitiveScopes, MemoryResumeTokenStore, } from "./auth-handshake";
+export { type ProofDestination, type ProofBatchQueueConfig, ProofBatchQueue, KTAProofDestination, AgentShieldProofDestination, createProofBatchQueue, } from "./proof-batch-queue";
+export { CloudflareKVDelegationVerifier, } from "./delegation-verifier-kv";
+export { AgentShieldAPIDelegationVerifier, } from "./delegation-verifier-agentshield";
+export { MemoryDelegationVerifier, } from "./delegation-verifier-memory";
 export type { HandshakeRequest, SessionContext, NonceCache, NonceCacheEntry, NonceCacheConfig, } from "@kya-os/contracts/handshake";
 export type { ProofMeta, DetachedProof, CanonicalHashes, AuditRecord, } from "@kya-os/contracts/proof";
+export type { DelegationRecord, DelegationStatus, DelegationChain, DelegationConstraints, } from "@kya-os/contracts/delegation";

package/dist/runtime/index.js

@@ -6,7 +6,7 @@
  * audit logging, and well-known endpoints.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.formatVerifyLink = exports.DemoConsole = exports.createDemoManager = exports.DemoManager = exports.createDebugEndpoint = exports.DebugManager = exports.extractDIDFromPath = exports.validateAgentDocument = exports.validateDIDDocument = exports.createWellKnownHandler = exports.WellKnownManager = exports.validateAuditRecord = exports.parseAuditLine = exports.logKeyRotationAudit = exports.defaultAuditLogger = exports.AuditLogger = exports.extractCanonicalData = exports.createProofResponse = exports.ProofGenerator = exports.validateHandshakeFormat = exports.createHandshakeRequest = exports.defaultSessionManager = exports.SessionManager = exports.IDENTITY_ERRORS = exports.ensureIdentity = exports.defaultIdentityManager = exports.IdentityManager = exports.RUNTIME_ERRORS = exports.RuntimeFactory = exports.createMCPIRuntime = exports.MCPIRuntime = void 0;
+exports.MemoryDelegationVerifier = exports.AgentShieldAPIDelegationVerifier = exports.CloudflareKVDelegationVerifier = exports.createProofBatchQueue = exports.AgentShieldProofDestination = exports.KTAProofDestination = exports.ProofBatchQueue = exports.MemoryResumeTokenStore = exports.hasSensitiveScopes = exports.verifyOrHints = exports.extractScopes = exports.validateDelegation = exports.checkScopes = exports.createDelegationVerifier = exports.formatVerifyLink = exports.DemoConsole = exports.createDemoManager = exports.DemoManager = exports.createDebugEndpoint = exports.DebugManager = exports.extractDIDFromPath = exports.validateAgentDocument = exports.validateDIDDocument = exports.createWellKnownHandler = exports.WellKnownManager = exports.validateAuditRecord = exports.parseAuditLine = exports.logKeyRotationAudit = exports.defaultAuditLogger = exports.AuditLogger = exports.extractCanonicalData = exports.createProofResponse = exports.ProofGenerator = exports.validateHandshakeFormat = exports.createHandshakeRequest = exports.defaultSessionManager = exports.SessionManager = exports.IDENTITY_ERRORS = exports.ensureIdentity = exports.defaultIdentityManager = exports.IdentityManager = exports.RUNTIME_ERRORS = exports.RuntimeFactory = exports.createMCPIRuntime = exports.MCPIRuntime = void 0;
 // Main runtime - now using core with Node.js providers
 var mcpi_runtime_wrapper_1 = require("./mcpi-runtime-wrapper");
 Object.defineProperty(exports, "MCPIRuntime", { enumerable: true, get: function () { return mcpi_runtime_wrapper_1.MCPIRuntimeWrapper; } });
@@ -56,3 +56,26 @@ Object.defineProperty(exports, "DemoManager", { enumerable: true, get: function
 Object.defineProperty(exports, "createDemoManager", { enumerable: true, get: function () { return demo_1.createDemoManager; } });
 Object.defineProperty(exports, "DemoConsole", { enumerable: true, get: function () { return demo_1.DemoConsole; } });
 Object.defineProperty(exports, "formatVerifyLink", { enumerable: true, get: function () { return demo_1.formatVerifyLink; } });
+// Delegation verification (NEW - Phase 1)
+var delegation_verifier_1 = require("./delegation-verifier");
+Object.defineProperty(exports, "createDelegationVerifier", { enumerable: true, get: function () { return delegation_verifier_1.createDelegationVerifier; } });
+Object.defineProperty(exports, "checkScopes", { enumerable: true, get: function () { return delegation_verifier_1.checkScopes; } });
+Object.defineProperty(exports, "validateDelegation", { enumerable: true, get: function () { return delegation_verifier_1.validateDelegation; } });
+Object.defineProperty(exports, "extractScopes", { enumerable: true, get: function () { return delegation_verifier_1.extractScopes; } });
+// Authorization handshake (NEW - Phase 1)
+var auth_handshake_1 = require("./auth-handshake");
+Object.defineProperty(exports, "verifyOrHints", { enumerable: true, get: function () { return auth_handshake_1.verifyOrHints; } });
+Object.defineProperty(exports, "hasSensitiveScopes", { enumerable: true, get: function () { return auth_handshake_1.hasSensitiveScopes; } });
+Object.defineProperty(exports, "MemoryResumeTokenStore", { enumerable: true, get: function () { return auth_handshake_1.MemoryResumeTokenStore; } });
+// Proof batching (NEW - Phase 1)
+var proof_batch_queue_1 = require("./proof-batch-queue");
+Object.defineProperty(exports, "ProofBatchQueue", { enumerable: true, get: function () { return proof_batch_queue_1.ProofBatchQueue; } });
+Object.defineProperty(exports, "KTAProofDestination", { enumerable: true, get: function () { return proof_batch_queue_1.KTAProofDestination; } });
+Object.defineProperty(exports, "AgentShieldProofDestination", { enumerable: true, get: function () { return proof_batch_queue_1.AgentShieldProofDestination; } });
+Object.defineProperty(exports, "createProofBatchQueue", { enumerable: true, get: function () { return proof_batch_queue_1.createProofBatchQueue; } });
+var delegation_verifier_kv_1 = require("./delegation-verifier-kv");
+Object.defineProperty(exports, "CloudflareKVDelegationVerifier", { enumerable: true, get: function () { return delegation_verifier_kv_1.CloudflareKVDelegationVerifier; } });
+var delegation_verifier_agentshield_1 = require("./delegation-verifier-agentshield");
+Object.defineProperty(exports, "AgentShieldAPIDelegationVerifier", { enumerable: true, get: function () { return delegation_verifier_agentshield_1.AgentShieldAPIDelegationVerifier; } });
+var delegation_verifier_memory_1 = require("./delegation-verifier-memory");
+Object.defineProperty(exports, "MemoryDelegationVerifier", { enumerable: true, get: function () { return delegation_verifier_memory_1.MemoryDelegationVerifier; } });

package/dist/runtime/mcpi-runtime.d.ts

@@ -8,6 +8,8 @@ import { SessionContext, HandshakeRequest } from "@kya-os/contracts/handshake";
 import { ToolRequest, ToolResponse } from "./proof";
 import { WellKnownConfig } from "./well-known";
 import { DemoManager } from "./demo";
+import { DelegationVerifierConfig } from "./delegation-verifier";
+import { NeedsAuthorizationError } from "@kya-os/contracts/runtime";
 /**
  * Runtime environment check
  */
@@ -39,6 +41,28 @@ export interface MCPIRuntimeConfig {
         includePayloads?: boolean;
     };
     wellKnown?: WellKnownConfig;
+    delegation?: {
+        /** Enable delegation checks (default: false for backward compatibility) */
+        enabled?: boolean;
+        /** Delegation verifier configuration */
+        verifier?: DelegationVerifierConfig;
+        /** Authorization handshake configuration */
+        authorization?: {
+            /** Authorization URL base for consent flow */
+            authorizationUrl?: string;
+            /** KTA API configuration for reputation checks */
+            kta?: {
+                apiUrl: string;
+                apiKey?: string;
+            };
+            /** Minimum reputation score to bypass authorization (0-100) */
+            minReputationScore?: number;
+            /** Resume token TTL in milliseconds */
+            resumeTokenTtl?: number;
+            /** Require authorization for unknown agents */
+            requireAuthForUnknown?: boolean;
+        };
+    };
     runtime?: {
         showVerifyLink?: boolean;
         identityBadge?: boolean;
@@ -57,6 +81,7 @@ export declare class MCPIRuntime {
     private wellKnownManager?;
     private debugManager?;
     private demoManager?;
+    private delegationVerifier?;
     private config;
     private cachedIdentity?;
     constructor(config?: MCPIRuntimeConfig);
@@ -70,11 +95,16 @@ export declare class MCPIRuntime {
     validateHandshake(request: HandshakeRequest): Promise<SessionContext | null>;
     /**
      * Process tool call with identity-aware proof generation
+     *
+     * NEW (Phase 1): Includes delegation verification interceptor
      */
     processToolCall(request: ToolRequest, session: SessionContext, toolHandler: (request: ToolRequest) => Promise<any>, options?: {
         scopeId?: string;
         delegationRef?: string;
-    }): Promise<ToolResponse>;
+        requiresDelegation?: boolean;
+        requiredScopes?: string[];
+        agentDid?: string;
+    }): Promise<ToolResponse | NeedsAuthorizationError>;
     /**
      * Get well-known endpoint handler
      */

package/dist/runtime/mcpi-runtime.js

@@ -15,6 +15,8 @@ const audit_1 = require("./audit");
 const well_known_1 = require("./well-known");
 const debug_1 = require("./debug");
 const demo_1 = require("./demo");
+const delegation_verifier_1 = require("./delegation-verifier");
+const auth_handshake_1 = require("./auth-handshake");
 /**
  * XMCP-I Runtime class
  */
@@ -25,6 +27,7 @@ class MCPIRuntime {
     wellKnownManager;
     debugManager;
     demoManager;
+    delegationVerifier; // NEW - Phase 1
     config;
     cachedIdentity;
     constructor(config = {}) {
@@ -38,6 +41,10 @@ class MCPIRuntime {
         this.sessionManager = new session_1.SessionManager(config.session);
         // Initialize audit logger
         this.auditLogger = new audit_1.AuditLogger(config.audit);
+        // Initialize delegation verifier (NEW - Phase 1)
+        if (config.delegation?.enabled && config.delegation?.verifier) {
+            this.delegationVerifier = (0, delegation_verifier_1.createDelegationVerifier)(config.delegation.verifier);
+        }
     }
     /**
      * Initialize the runtime (async setup)
@@ -87,13 +94,51 @@ class MCPIRuntime {
     }
     /**
      * Process tool call with identity-aware proof generation
+     *
+     * NEW (Phase 1): Includes delegation verification interceptor
      */
     async processToolCall(request, session, toolHandler, options = {}) {
         if (!this.cachedIdentity) {
             throw new Error("Runtime not initialized - call initialize() first");
         }
+        // PHASE 1 INTERCEPTOR: Check delegation BEFORE executing tool
+        if (this.config.delegation?.enabled && options.requiresDelegation) {
+            if (!this.delegationVerifier) {
+                throw new Error("Delegation verifier not configured");
+            }
+            if (!options.agentDid) {
+                throw new Error("agentDid required when requiresDelegation=true");
+            }
+            const requiredScopes = options.requiredScopes || [];
+            // Build auth handshake config
+            const authConfig = {
+                delegationVerifier: this.delegationVerifier,
+                kta: this.config.delegation.authorization?.kta,
+                bouncer: {
+                    authorizationUrl: this.config.delegation.authorization?.authorizationUrl ||
+                        "https://agentshield.example.com/consent",
+                    resumeTokenTtl: this.config.delegation.authorization?.resumeTokenTtl,
+                    minReputationScore: this.config.delegation.authorization?.minReputationScore,
+                    requireAuthForUnknown: this.config.delegation.authorization?.requireAuthForUnknown,
+                },
+                debug: this.config.identity?.environment === "development",
+            };
+            // Verify delegation or return authorization hints
+            const verifyResult = await (0, auth_handshake_1.verifyOrHints)(options.agentDid, requiredScopes, authConfig);
+            // If not authorized, return needs_authorization error
+            if (!verifyResult.authorized) {
+                if (!verifyResult.authError) {
+                    throw new Error('Authorization failed but no authError was provided');
+                }
+                return verifyResult.authError;
+            }
+            // If authorized, log the delegation ID for audit trail
+            if (verifyResult.delegation) {
+                options.delegationRef = verifyResult.delegation.id;
+            }
+        }
         try {
-            // Execute the tool
+            // Execute the tool (only if delegation check passed)
             let data = await toolHandler(request);
             // Add identity badge if enabled
             if (this.demoManager?.isIdentityBadgeEnabled()) {

package/dist/runtime/proof-batch-queue.d.ts

@@ -0,0 +1,117 @@
+/**
+ * Proof Batch Queue
+ *
+ * Collects proofs in memory and submits them in batches to KTA and AgentShield.
+ * This prevents blocking tool execution while ensuring proofs are eventually submitted.
+ *
+ * Performance:
+ * - Batch size: 10 proofs (configurable)
+ * - Flush interval: 5 seconds (configurable)
+ * - Fire-and-forget submission (doesn't block tool execution)
+ *
+ * Retry Strategy:
+ * - Exponential backoff: 1s, 2s, 4s, 8s, 16s
+ * - Max retries: 5
+ * - Failed proofs logged and dropped after max retries
+ *
+ * Related: PHASE_1_XMCP_I_SERVER.md Epic 3 (Proof Batching)
+ */
+import { DetachedProof } from '@kya-os/contracts/proof';
+/**
+ * Proof submission destination
+ */
+export interface ProofDestination {
+    /** Destination name (for logging) */
+    name: string;
+    /** Submit batch of proofs */
+    submit(proofs: DetachedProof[]): Promise<void>;
+}
+/**
+ * KTA proof submission destination
+ */
+export declare class KTAProofDestination implements ProofDestination {
+    name: string;
+    private apiUrl;
+    private apiKey?;
+    constructor(apiUrl: string, apiKey?: string);
+    submit(proofs: DetachedProof[]): Promise<void>;
+}
+/**
+ * AgentShield proof submission destination
+ */
+export declare class AgentShieldProofDestination implements ProofDestination {
+    name: string;
+    private apiUrl;
+    private apiKey;
+    constructor(apiUrl: string, apiKey: string);
+    submit(proofs: DetachedProof[]): Promise<void>;
+}
+/**
+ * Proof batch queue configuration
+ */
+export interface ProofBatchQueueConfig {
+    /** Destinations to submit proofs to */
+    destinations: ProofDestination[];
+    /** Maximum batch size (default: 10) */
+    maxBatchSize?: number;
+    /** Flush interval in milliseconds (default: 5000 = 5 seconds) */
+    flushIntervalMs?: number;
+    /** Maximum retries per batch (default: 5) */
+    maxRetries?: number;
+    /** Enable debug logging */
+    debug?: boolean;
+}
+/**
+ * Proof Batch Queue
+ *
+ * Collects proofs and submits them in batches to multiple destinations
+ */
+export declare class ProofBatchQueue {
+    private queue;
+    private pendingBatches;
+    private config;
+    private flushTimer?;
+    private retryTimer?;
+    private closed;
+    private stats;
+    constructor(config: ProofBatchQueueConfig);
+    /**
+     * Add proof to queue
+     */
+    enqueue(proof: DetachedProof): void;
+    /**
+     * Flush queue immediately (submit all queued proofs)
+     */
+    flush(): Promise<void>;
+    /**
+     * Submit batch to destination (with retries)
+     */
+    private submitBatch;
+    /**
+     * Start flush timer
+     */
+    private startFlushTimer;
+    /**
+     * Start retry timer
+     */
+    private startRetryTimer;
+    /**
+     * Close queue and flush remaining proofs
+     */
+    close(): Promise<void>;
+    /**
+     * Get queue statistics
+     */
+    getStats(): {
+        queueSize: number;
+        pendingBatches: number;
+        queued: number;
+        submitted: number;
+        failed: number;
+        batchesSubmitted: number;
+    };
+}
+/**
+ * Create proof batch queue from config
+ */
+export declare function createProofBatchQueue(config: ProofBatchQueueConfig): ProofBatchQueue;