@kya-os/mcp-i 1.5.1 → 1.5.3-canary.0

package/dist/runtime/index.d.ts

@@ -19,6 +19,8 @@ export { type ProofDestination, type ProofBatchQueueConfig, ProofBatchQueue, KTA
 export { CloudflareKVDelegationVerifier, } from "./delegation-verifier-kv";
 export { AgentShieldAPIDelegationVerifier, } from "./delegation-verifier-agentshield";
 export { MemoryDelegationVerifier, } from "./delegation-verifier-memory";
+export { type ToolProtectionConfig, type ToolProtectionMap, type ToolProtectionConfigSource, ToolProtectionResolver, createToolProtectionResolver, InlineToolProtectionSource, FileToolProtectionSource, AgentShieldToolProtectionSource, } from "./tool-protection";
+export { toolProtectionRegistry, isToolProtected, getToolProtection, } from "./tool-protection-registry";
 export type { HandshakeRequest, SessionContext, NonceCache, NonceCacheEntry, NonceCacheConfig, } from "@kya-os/contracts/handshake";
 export type { ProofMeta, DetachedProof, CanonicalHashes, AuditRecord, } from "@kya-os/contracts/proof";
 export type { DelegationRecord, DelegationStatus, DelegationChain, DelegationConstraints, } from "@kya-os/contracts/delegation";

package/dist/runtime/index.js

@@ -6,7 +6,8 @@
  * audit logging, and well-known endpoints.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.MemoryDelegationVerifier = exports.AgentShieldAPIDelegationVerifier = exports.CloudflareKVDelegationVerifier = exports.createProofBatchQueue = exports.AgentShieldProofDestination = exports.KTAProofDestination = exports.ProofBatchQueue = exports.MemoryResumeTokenStore = exports.hasSensitiveScopes = exports.verifyOrHints = exports.extractScopes = exports.validateDelegation = exports.checkScopes = exports.createDelegationVerifier = exports.formatVerifyLink = exports.DemoConsole = exports.createDemoManager = exports.DemoManager = exports.createDebugEndpoint = exports.DebugManager = exports.extractDIDFromPath = exports.validateAgentDocument = exports.validateDIDDocument = exports.createWellKnownHandler = exports.WellKnownManager = exports.validateAuditRecord = exports.parseAuditLine = exports.logKeyRotationAudit = exports.defaultAuditLogger = exports.AuditLogger = exports.extractCanonicalData = exports.createProofResponse = exports.ProofGenerator = exports.validateHandshakeFormat = exports.createHandshakeRequest = exports.defaultSessionManager = exports.SessionManager = exports.IDENTITY_ERRORS = exports.ensureIdentity = exports.defaultIdentityManager = exports.IdentityManager = exports.RUNTIME_ERRORS = exports.RuntimeFactory = exports.createMCPIRuntime = exports.MCPIRuntime = void 0;
+exports.AgentShieldToolProtectionSource = exports.FileToolProtectionSource = exports.InlineToolProtectionSource = exports.createToolProtectionResolver = exports.ToolProtectionResolver = exports.MemoryDelegationVerifier = exports.AgentShieldAPIDelegationVerifier = exports.CloudflareKVDelegationVerifier = exports.createProofBatchQueue = exports.AgentShieldProofDestination = exports.KTAProofDestination = exports.ProofBatchQueue = exports.MemoryResumeTokenStore = exports.hasSensitiveScopes = exports.verifyOrHints = exports.extractScopes = exports.validateDelegation = exports.checkScopes = exports.createDelegationVerifier = exports.formatVerifyLink = exports.DemoConsole = exports.createDemoManager = exports.DemoManager = exports.createDebugEndpoint = exports.DebugManager = exports.extractDIDFromPath = exports.validateAgentDocument = exports.validateDIDDocument = exports.createWellKnownHandler = exports.WellKnownManager = exports.validateAuditRecord = exports.parseAuditLine = exports.logKeyRotationAudit = exports.defaultAuditLogger = exports.AuditLogger = exports.extractCanonicalData = exports.createProofResponse = exports.ProofGenerator = exports.validateHandshakeFormat = exports.createHandshakeRequest = exports.defaultSessionManager = exports.SessionManager = exports.IDENTITY_ERRORS = exports.ensureIdentity = exports.defaultIdentityManager = exports.IdentityManager = exports.RUNTIME_ERRORS = exports.RuntimeFactory = exports.createMCPIRuntime = exports.MCPIRuntime = void 0;
+exports.getToolProtection = exports.isToolProtected = exports.toolProtectionRegistry = void 0;
 // Main runtime - now using core with Node.js providers
 var mcpi_runtime_wrapper_1 = require("./mcpi-runtime-wrapper");
 Object.defineProperty(exports, "MCPIRuntime", { enumerable: true, get: function () { return mcpi_runtime_wrapper_1.MCPIRuntimeWrapper; } });
@@ -79,3 +80,14 @@ var delegation_verifier_agentshield_1 = require("./delegation-verifier-agentshie
 Object.defineProperty(exports, "AgentShieldAPIDelegationVerifier", { enumerable: true, get: function () { return delegation_verifier_agentshield_1.AgentShieldAPIDelegationVerifier; } });
 var delegation_verifier_memory_1 = require("./delegation-verifier-memory");
 Object.defineProperty(exports, "MemoryDelegationVerifier", { enumerable: true, get: function () { return delegation_verifier_memory_1.MemoryDelegationVerifier; } });
+// Tool protection (NEW - Phase 1.5)
+var tool_protection_1 = require("./tool-protection");
+Object.defineProperty(exports, "ToolProtectionResolver", { enumerable: true, get: function () { return tool_protection_1.ToolProtectionResolver; } });
+Object.defineProperty(exports, "createToolProtectionResolver", { enumerable: true, get: function () { return tool_protection_1.createToolProtectionResolver; } });
+Object.defineProperty(exports, "InlineToolProtectionSource", { enumerable: true, get: function () { return tool_protection_1.InlineToolProtectionSource; } });
+Object.defineProperty(exports, "FileToolProtectionSource", { enumerable: true, get: function () { return tool_protection_1.FileToolProtectionSource; } });
+Object.defineProperty(exports, "AgentShieldToolProtectionSource", { enumerable: true, get: function () { return tool_protection_1.AgentShieldToolProtectionSource; } });
+var tool_protection_registry_1 = require("./tool-protection-registry");
+Object.defineProperty(exports, "toolProtectionRegistry", { enumerable: true, get: function () { return tool_protection_registry_1.toolProtectionRegistry; } });
+Object.defineProperty(exports, "isToolProtected", { enumerable: true, get: function () { return tool_protection_registry_1.isToolProtected; } });
+Object.defineProperty(exports, "getToolProtection", { enumerable: true, get: function () { return tool_protection_registry_1.getToolProtection; } });

package/dist/runtime/mcpi-runtime.d.ts

@@ -10,6 +10,7 @@ import { WellKnownConfig } from "./well-known";
 import { DemoManager } from "./demo";
 import { DelegationVerifierConfig } from "./delegation-verifier";
 import { NeedsAuthorizationError } from "@kya-os/contracts/runtime";
+import { ToolProtectionMap, ToolProtectionResolver } from "./tool-protection";
 /**
  * Runtime environment check
  */
@@ -62,6 +63,15 @@ export interface MCPIRuntimeConfig {
             /** Require authorization for unknown agents */
             requireAuthForUnknown?: boolean;
         };
+        /** Tool protection configuration (NEW - Phase 1.5) */
+        toolProtections?: ToolProtectionMap;
+        /** Local tool protection file path (default: tool-protections.json) */
+        toolProtectionsFile?: string | false;
+        /** AgentShield API configuration for fetching tool protections */
+        agentShield?: {
+            apiUrl: string;
+            apiKey?: string;
+        };
     };
     runtime?: {
         showVerifyLink?: boolean;
@@ -82,6 +92,8 @@ export declare class MCPIRuntime {
     private debugManager?;
     private demoManager?;
     private delegationVerifier?;
+    private resumeTokenStore;
+    private toolProtectionResolver?;
     private config;
     private cachedIdentity?;
     constructor(config?: MCPIRuntimeConfig);
@@ -117,6 +129,10 @@ export declare class MCPIRuntime {
      * Get demo manager
      */
     getDemoManager(): DemoManager | undefined;
+    /**
+     * Get tool protection resolver (NEW - Phase 1.5)
+     */
+    getToolProtectionResolver(): ToolProtectionResolver | undefined;
     /**
      * Get runtime statistics
      */

package/dist/runtime/mcpi-runtime.js

@@ -17,6 +17,8 @@ const debug_1 = require("./debug");
 const demo_1 = require("./demo");
 const delegation_verifier_1 = require("./delegation-verifier");
 const auth_handshake_1 = require("./auth-handshake");
+const tool_protection_1 = require("./tool-protection");
+const tool_protection_registry_1 = require("./tool-protection-registry");
 /**
  * XMCP-I Runtime class
  */
@@ -28,6 +30,8 @@ class MCPIRuntime {
     debugManager;
     demoManager;
     delegationVerifier; // NEW - Phase 1
+    resumeTokenStore; // NEW - Phase 1
+    toolProtectionResolver; // NEW - Phase 1.5
     config;
     cachedIdentity;
     constructor(config = {}) {
@@ -41,10 +45,15 @@ class MCPIRuntime {
         this.sessionManager = new session_1.SessionManager(config.session);
         // Initialize audit logger
         this.auditLogger = new audit_1.AuditLogger(config.audit);
+        // Initialize resume token store (NEW - Phase 1)
+        // Use in-memory store by default (sufficient for most use cases)
+        this.resumeTokenStore = new auth_handshake_1.MemoryResumeTokenStore(config.delegation?.authorization?.resumeTokenTtl || 600_000);
         // Initialize delegation verifier (NEW - Phase 1)
         if (config.delegation?.enabled && config.delegation?.verifier) {
             this.delegationVerifier = (0, delegation_verifier_1.createDelegationVerifier)(config.delegation.verifier);
         }
+        // NOTE: Tool protection resolver is created in initialize()
+        // after identity is loaded, because AgentShield API needs the agent DID
     }
     /**
      * Initialize the runtime (async setup)
@@ -54,6 +63,21 @@ class MCPIRuntime {
         this.checkRuntimeEnvironment();
         // Ensure identity is loaded
         this.cachedIdentity = await this.identityManager.ensureIdentity();
+        // Create tool protection resolver NOW that we have the agent DID (NEW - Phase 1.5)
+        if (this.config.delegation?.enabled) {
+            this.toolProtectionResolver = (0, tool_protection_1.createToolProtectionResolver)({
+                inline: this.config.delegation.toolProtections,
+                localFile: this.config.delegation.toolProtectionsFile,
+                agentShield: this.config.delegation.agentShield
+                    ? {
+                        apiUrl: this.config.delegation.agentShield.apiUrl,
+                        agentDid: this.cachedIdentity.did, // ← FIX: Use actual DID!
+                        apiKey: this.config.delegation.agentShield.apiKey,
+                    }
+                    : undefined,
+                debug: this.config.identity?.environment === 'development',
+            });
+        }
         // Initialize well-known manager if configured
         if (this.config.wellKnown) {
             this.wellKnownManager = new well_known_1.WellKnownManager(this.cachedIdentity, this.config.wellKnown);
@@ -77,6 +101,38 @@ class MCPIRuntime {
         if (this.demoManager?.isIdentityBadgeEnabled()) {
             demo_1.DemoConsole.printDemoWarning();
         }
+        // Resolve tool protection configuration (NEW - Phase 1.5)
+        if (this.toolProtectionResolver) {
+            const toolProtections = await this.toolProtectionResolver.resolve();
+            // Populate global registry so compiled code can access it
+            tool_protection_registry_1.toolProtectionRegistry.registerAll(toolProtections);
+            tool_protection_registry_1.toolProtectionRegistry.setDelegationVerifier(this.delegationVerifier);
+            tool_protection_registry_1.toolProtectionRegistry.setDebug(this.config.identity?.environment === 'development');
+            // Build auth config for the registry
+            if (this.delegationVerifier) {
+                const authConfig = {
+                    delegationVerifier: this.delegationVerifier,
+                    resumeTokenStore: this.resumeTokenStore,
+                    kta: this.config.delegation?.authorization?.kta,
+                    bouncer: {
+                        authorizationUrl: this.config.delegation?.authorization?.authorizationUrl ||
+                            "https://agentshield.example.com/consent",
+                        resumeTokenTtl: this.config.delegation?.authorization?.resumeTokenTtl,
+                        minReputationScore: this.config.delegation?.authorization?.minReputationScore,
+                        requireAuthForUnknown: this.config.delegation?.authorization?.requireAuthForUnknown,
+                    },
+                    debug: this.config.identity?.environment === "development",
+                };
+                tool_protection_registry_1.toolProtectionRegistry.setAuthConfig(authConfig);
+            }
+            if (this.config.identity?.environment === 'development') {
+                const protectedTools = tool_protection_registry_1.toolProtectionRegistry.getProtectedTools();
+                console.error('✅ Tool protection configuration loaded');
+                if (protectedTools.length > 0) {
+                    console.error(`   Protected tools: ${protectedTools.join(', ')}`);
+                }
+            }
+        }
     }
     /**
      * Validate handshake and create session
@@ -113,6 +169,7 @@ class MCPIRuntime {
             // Build auth handshake config
             const authConfig = {
                 delegationVerifier: this.delegationVerifier,
+                resumeTokenStore: this.resumeTokenStore,
                 kta: this.config.delegation.authorization?.kta,
                 bouncer: {
                     authorizationUrl: this.config.delegation.authorization?.authorizationUrl ||
@@ -211,6 +268,12 @@ class MCPIRuntime {
     getDemoManager() {
         return this.demoManager;
     }
+    /**
+     * Get tool protection resolver (NEW - Phase 1.5)
+     */
+    getToolProtectionResolver() {
+        return this.toolProtectionResolver;
+    }
     /**
      * Get runtime statistics
      */

package/dist/runtime/proof-batch-queue.d.ts

@@ -38,6 +38,9 @@ export declare class KTAProofDestination implements ProofDestination {
 }
 /**
  * AgentShield proof submission destination
+ *
+ * Submits proofs to AgentShield's /api/v1/bouncer/proofs endpoint
+ * with proper authentication and session grouping.
  */
 export declare class AgentShieldProofDestination implements ProofDestination {
     name: string;

package/dist/runtime/proof-batch-queue.js

@@ -51,6 +51,9 @@ class KTAProofDestination {
 exports.KTAProofDestination = KTAProofDestination;
 /**
  * AgentShield proof submission destination
+ *
+ * Submits proofs to AgentShield's /api/v1/bouncer/proofs endpoint
+ * with proper authentication and session grouping.
  */
 class AgentShieldProofDestination {
     name = 'AgentShield';
@@ -61,16 +64,30 @@ class AgentShieldProofDestination {
         this.apiKey = apiKey;
     }
     async submit(proofs) {
-        const response = await fetch(`${this.apiUrl}/api/v1/proofs/batch`, {
+        if (proofs.length === 0) {
+            return;
+        }
+        // Extract session_id from first proof for AgentShield session grouping
+        // AgentShield uses this for analytics and detection monitoring
+        const sessionId = proofs[0]?.meta?.sessionId || 'unknown';
+        // AgentShield API format requires delegation_id and session_id wrapper
+        const requestBody = {
+            delegation_id: null, // null for proofs without delegation context
+            session_id: sessionId, // AgentShield session grouping (same as meta.sessionId)
+            proofs: proofs
+        };
+        const response = await fetch(`${this.apiUrl}/api/v1/bouncer/proofs`, {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json',
-                'X-API-Key': this.apiKey,
+                'Authorization': `Bearer ${this.apiKey}`, // Bearer token format
             },
-            body: JSON.stringify({ proofs }),
+            body: JSON.stringify(requestBody),
         });
         if (!response.ok) {
-            throw new Error(`AgentShield proof submission failed: ${response.status} ${response.statusText}`);
+            // Include response body in error for debugging
+            const errorBody = await response.text().catch(() => 'Unable to read error body');
+            throw new Error(`AgentShield proof submission failed: ${response.status} ${response.statusText}\n${errorBody}`);
         }
     }
 }

package/dist/runtime/proof.d.ts

@@ -1,7 +1,7 @@
 /**
- * Detached Proof Generation for XMCP-I Runtime
+ * Proof Generation for XMCP-I Runtime
  *
- * Handles JCS canonicalization, SHA-256 digest generation, and Ed25519 detached JWS signing
+ * Handles JCS canonicalization, SHA-256 digest generation, and Ed25519 JWS signing (compact format)
  * according to requirements 5.1, 5.2, 5.3, 5.6.
  */
 import { DetachedProof } from "@kya-os/contracts/proof";
@@ -38,7 +38,7 @@ export declare class ProofGenerator {
     private identity;
     constructor(identity: AgentIdentity);
     /**
-     * Generate detached proof for tool request/response
+     * Generate proof for tool request/response
      * Requirements: 5.1, 5.2, 5.3, 5.6
      */
     generateProof(request: ToolRequest, response: ToolResponse, session: SessionContext, options?: ProofOptions): Promise<DetachedProof>;
@@ -57,16 +57,18 @@ export declare class ProofGenerator {
      */
     private canonicalizeJSON;
     /**
-     * Generate Ed25519 detached JWS (compact format)
+     * Generate Ed25519 JWS in compact format (header.payload.signature)
      * Requirement: 5.3
+     *
+     * Uses standard JWT claims (aud, sub, iss) in addition to custom claims
      */
-    private generateDetachedJWS;
+    private generateJWS;
     /**
      * Format base64 private key as PKCS#8 PEM for JOSE library
      */
     private formatPrivateKeyAsPEM;
     /**
-     * Verify a detached proof (for testing/validation)
+     * Verify a proof (for testing/validation)
      */
     verifyProof(proof: DetachedProof, request: ToolRequest, response: ToolResponse): Promise<boolean>;
 }

package/dist/runtime/proof.js

@@ -1,8 +1,8 @@
 "use strict";
 /**
- * Detached Proof Generation for XMCP-I Runtime
+ * Proof Generation for XMCP-I Runtime
  *
- * Handles JCS canonicalization, SHA-256 digest generation, and Ed25519 detached JWS signing
+ * Handles JCS canonicalization, SHA-256 digest generation, and Ed25519 JWS signing (compact format)
  * according to requirements 5.1, 5.2, 5.3, 5.6.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
@@ -21,7 +21,7 @@ class ProofGenerator {
         this.identity = identity;
     }
     /**
-     * Generate detached proof for tool request/response
+     * Generate proof for tool request/response
      * Requirements: 5.1, 5.2, 5.3, 5.6
      */
     async generateProof(request, response, session, options = {}) {
@@ -39,8 +39,8 @@ class ProofGenerator {
             responseHash: hashes.responseHash,
             ...options, // Include scopeId and delegationRef if provided
         };
-        // Generate detached JWS
-        const jws = await this.generateDetachedJWS(meta);
+        // Generate JWS (compact format)
+        const jws = await this.generateJWS(meta);
         return {
             jws,
             meta,
@@ -86,27 +86,46 @@ class ProofGenerator {
         return (0, json_canonicalize_1.canonicalize)(obj);
     }
     /**
-     * Generate Ed25519 detached JWS (compact format)
+     * Generate Ed25519 JWS in compact format (header.payload.signature)
      * Requirement: 5.3
+     *
+     * Uses standard JWT claims (aud, sub, iss) in addition to custom claims
      */
-    async generateDetachedJWS(meta) {
+    async generateJWS(meta) {
         try {
             // Import the private key
             const privateKeyPem = this.formatPrivateKeyAsPEM(this.identity.privateKey);
             const privateKey = await (0, jose_1.importPKCS8)(privateKeyPem, "EdDSA");
-            // Create JWT with proof metadata as payload
-            const jwt = await new jose_1.SignJWT(meta)
+            // Create JWT payload with standard claims + custom proof data
+            // Standard JWT claims: aud (audience), sub (subject), iss (issuer)
+            // Custom claims: requestHash, responseHash, nonce, sessionId, etc.
+            const payload = {
+                // Standard JWT claims (RFC 7519)
+                aud: meta.audience, // Audience (who the token is for)
+                sub: meta.did, // Subject (agent DID)
+                iss: meta.did, // Issuer (agent DID - self-issued)
+                // Custom MCP-I proof claims
+                requestHash: meta.requestHash,
+                responseHash: meta.responseHash,
+                ts: meta.ts,
+                nonce: meta.nonce,
+                sessionId: meta.sessionId,
+                // Optional claims
+                ...(meta.scopeId && { scopeId: meta.scopeId }),
+                ...(meta.delegationRef && { delegationRef: meta.delegationRef }),
+            };
+            // Create and sign JWT (compact format: header.payload.signature)
+            const jwt = await new jose_1.SignJWT(payload)
                 .setProtectedHeader({
                 alg: "EdDSA",
                 kid: this.identity.keyId,
             })
                 .sign(privateKey);
-            // For detached JWS, we remove the payload part (middle section)
-            const [header, , signature] = jwt.split(".");
-            return `${header}..${signature}`;
+            // Return full compact JWS (NOT detached)
+            return jwt;
         }
         catch (error) {
-            throw new Error(`Failed to generate detached JWS: ${error instanceof Error ? error.message : "Unknown error"}`);
+            throw new Error(`Failed to generate JWS: ${error instanceof Error ? error.message : "Unknown error"}`);
         }
     }
     /**
@@ -143,7 +162,7 @@ class ProofGenerator {
         return header + formattedKey + footer;
     }
     /**
-     * Verify a detached proof (for testing/validation)
+     * Verify a proof (for testing/validation)
      */
     async verifyProof(proof, request, response) {
         try {
@@ -155,9 +174,9 @@ class ProofGenerator {
                 return false;
             }
             // TODO: Verify JWS signature (requires public key)
-            // For now, just validate the structure
+            // For now, just validate the structure (compact JWS: header.payload.signature)
             const jwsParts = proof.jws.split(".");
-            return jwsParts.length === 3 && jwsParts[1] === ""; // Detached format
+            return jwsParts.length === 3 && jwsParts[0] !== "" && jwsParts[1] !== "" && jwsParts[2] !== "";
         }
         catch {
             return false;

package/dist/runtime/request-context.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Request Context Management
+ *
+ * Uses AsyncLocalStorage to track request-scoped data like session information
+ * across async operations without needing to pass it through every function.
+ *
+ * This enables the compiler path to access session data (like agentDid) that
+ * was set during handshake processing.
+ */
+import type { SessionContext } from '@kya-os/contracts/handshake';
+export interface RequestContext {
+    session?: SessionContext;
+    requestId?: string;
+    startTime?: number;
+}
+/**
+ * Run a function with request context
+ */
+export declare function runWithContext<T>(context: RequestContext, fn: () => T | Promise<T>): T | Promise<T>;
+/**
+ * Get the current request context
+ */
+export declare function getContext(): RequestContext | undefined;
+/**
+ * Get the current session from context
+ */
+export declare function getCurrentSession(): SessionContext | undefined;
+/**
+ * Get the current agent DID from session
+ */
+export declare function getCurrentAgentDid(): string | undefined;
+/**
+ * Set session in current context
+ *
+ * NOTE: This only works if called within a runWithContext block
+ */
+export declare function setSession(session: SessionContext): void;

package/dist/runtime/request-context.js

@@ -0,0 +1,56 @@
+"use strict";
+/**
+ * Request Context Management
+ *
+ * Uses AsyncLocalStorage to track request-scoped data like session information
+ * across async operations without needing to pass it through every function.
+ *
+ * This enables the compiler path to access session data (like agentDid) that
+ * was set during handshake processing.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runWithContext = runWithContext;
+exports.getContext = getContext;
+exports.getCurrentSession = getCurrentSession;
+exports.getCurrentAgentDid = getCurrentAgentDid;
+exports.setSession = setSession;
+const async_hooks_1 = require("async_hooks");
+const asyncLocalStorage = new async_hooks_1.AsyncLocalStorage();
+/**
+ * Run a function with request context
+ */
+function runWithContext(context, fn) {
+    return asyncLocalStorage.run(context, fn);
+}
+/**
+ * Get the current request context
+ */
+function getContext() {
+    return asyncLocalStorage.getStore();
+}
+/**
+ * Get the current session from context
+ */
+function getCurrentSession() {
+    return getContext()?.session;
+}
+/**
+ * Get the current agent DID from session
+ */
+function getCurrentAgentDid() {
+    return getCurrentSession()?.agentDid;
+}
+/**
+ * Set session in current context
+ *
+ * NOTE: This only works if called within a runWithContext block
+ */
+function setSession(session) {
+    const context = getContext();
+    if (context) {
+        context.session = session;
+    }
+    else {
+        console.warn('[RequestContext] Attempted to set session outside of request context');
+    }
+}

package/dist/runtime/session.js

@@ -78,6 +78,7 @@ class SessionManager {
                 createdAt: now,
                 lastActivity: now,
                 ttlMinutes: this.config.sessionTtlMinutes,
+                agentDid: request.agentDid, // Pass through agent DID for delegation verification
             };
             // Store session
             this.sessions.set(sessionId, session);