@kya-os/mcp-i 1.5.0 → 1.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -120,9 +120,12 @@ async function verifyOrHints(agentDid, scopes, config, resumeToken) {
|
|
|
120
120
|
}
|
|
121
121
|
catch (error) {
|
|
122
122
|
console.error('[AuthHandshake] Delegation verification failed:', error);
|
|
123
|
+
const errorMessage = `Delegation verification error: ${error instanceof Error ? error.message : 'Unknown error'}`;
|
|
124
|
+
const authError = await buildNeedsAuthorizationError(agentDid, scopes, config, errorMessage);
|
|
123
125
|
return {
|
|
124
126
|
authorized: false,
|
|
125
|
-
|
|
127
|
+
authError,
|
|
128
|
+
reason: errorMessage,
|
|
126
129
|
};
|
|
127
130
|
}
|
|
128
131
|
// Step 3: If delegation exists and valid, authorize immediately
|
|
@@ -100,10 +100,9 @@ class CloudflareKVDelegationVerifier {
|
|
|
100
100
|
if (this.debug) {
|
|
101
101
|
console.log(`[KV] Cache MISS for ${agentDid}, querying KV...`);
|
|
102
102
|
}
|
|
103
|
-
//
|
|
104
|
-
const
|
|
105
|
-
|
|
106
|
-
if (!delegationId) {
|
|
103
|
+
// List all delegations for this agent (to support subset scope matching)
|
|
104
|
+
const listResult = await this.kv.list({ prefix: `agent:${agentDid}:scopes:` });
|
|
105
|
+
if (!listResult.keys || listResult.keys.length === 0) {
|
|
107
106
|
const result = {
|
|
108
107
|
valid: false,
|
|
109
108
|
reason: 'No delegation found for agent',
|
|
@@ -116,17 +115,37 @@ class CloudflareKVDelegationVerifier {
|
|
|
116
115
|
}
|
|
117
116
|
return result;
|
|
118
117
|
}
|
|
119
|
-
//
|
|
120
|
-
|
|
121
|
-
|
|
118
|
+
// Try each delegation to find one that matches the requested scopes
|
|
119
|
+
let matchingDelegation = null;
|
|
120
|
+
for (const key of listResult.keys) {
|
|
121
|
+
const delegationId = await this.kv.get(key.name, 'text');
|
|
122
|
+
if (!delegationId)
|
|
123
|
+
continue;
|
|
124
|
+
const delegation = await this.get(delegationId);
|
|
125
|
+
if (!delegation)
|
|
126
|
+
continue;
|
|
127
|
+
// Check if this delegation has the required scopes
|
|
128
|
+
const delegationScopes = (0, delegation_verifier_1.extractScopes)(delegation);
|
|
129
|
+
const scopesMatch = (0, delegation_verifier_1.checkScopes)(delegationScopes, scopes);
|
|
130
|
+
if (scopesMatch) {
|
|
131
|
+
// Found a matching delegation!
|
|
132
|
+
matchingDelegation = delegation;
|
|
133
|
+
break;
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
if (!matchingDelegation) {
|
|
122
137
|
const result = {
|
|
123
138
|
valid: false,
|
|
124
|
-
reason: '
|
|
139
|
+
reason: 'No delegation found with required scopes',
|
|
125
140
|
cached: false,
|
|
126
141
|
};
|
|
127
142
|
this.cache.set(cacheKey, result, this.cacheTtl / 2);
|
|
143
|
+
if (this.debug) {
|
|
144
|
+
console.log(`[KV] No matching delegation found (${Date.now() - startTime}ms)`);
|
|
145
|
+
}
|
|
128
146
|
return result;
|
|
129
147
|
}
|
|
148
|
+
const delegation = matchingDelegation;
|
|
130
149
|
// Validate delegation
|
|
131
150
|
const validation = (0, delegation_verifier_1.validateDelegation)(delegation);
|
|
132
151
|
if (!validation.valid) {
|
|
@@ -127,6 +127,9 @@ class MCPIRuntime {
|
|
|
127
127
|
const verifyResult = await (0, auth_handshake_1.verifyOrHints)(options.agentDid, requiredScopes, authConfig);
|
|
128
128
|
// If not authorized, return needs_authorization error
|
|
129
129
|
if (!verifyResult.authorized) {
|
|
130
|
+
if (!verifyResult.authError) {
|
|
131
|
+
throw new Error('Authorization failed but no authError was provided');
|
|
132
|
+
}
|
|
130
133
|
return verifyResult.authError;
|
|
131
134
|
}
|
|
132
135
|
// If authorized, log the delegation ID for audit trail
|