@kya-os/mcp-i 1.5.1 → 1.5.3-canary.0

package/dist/runtime/tool-protection-registry.d.ts

@@ -0,0 +1,94 @@
+/**
+ * Global Tool Protection Registry
+ *
+ * Provides a global registry for tool protection configuration that can be
+ * accessed from compiled bundle code where the MCPIRuntime instance is not directly available.
+ *
+ * This is used by the compiler-generated tool handlers to check if a tool requires delegation
+ * BEFORE executing the handler function.
+ */
+import type { ToolProtectionConfig } from './tool-protection';
+import type { SessionContext } from '@kya-os/contracts/handshake';
+/**
+ * Global registry for tool protection configuration
+ */
+declare class ToolProtectionRegistry {
+    private config;
+    private delegationVerifier;
+    private authConfig;
+    private debug;
+    private currentSession;
+    /**
+     * Register tool protection configuration
+     */
+    register(toolName: string, config: ToolProtectionConfig): void;
+    /**
+     * Bulk register multiple tool protections
+     */
+    registerAll(configs: Record<string, ToolProtectionConfig>): void;
+    /**
+     * Get tool protection configuration
+     */
+    get(toolName: string): ToolProtectionConfig | null;
+    /**
+     * Check if a tool requires delegation
+     */
+    requiresDelegation(toolName: string): boolean;
+    /**
+     * Get required scopes for a tool
+     */
+    getRequiredScopes(toolName: string): string[];
+    /**
+     * Set delegation verifier (for runtime verification)
+     */
+    setDelegationVerifier(verifier: any): void;
+    /**
+     * Set auth config (for authorization handshake)
+     */
+    setAuthConfig(config: any): void;
+    /**
+     * Get delegation verifier
+     */
+    getDelegationVerifier(): any;
+    /**
+     * Get auth config
+     */
+    getAuthConfig(): any;
+    /**
+     * Enable debug logging
+     */
+    setDebug(enabled: boolean): void;
+    /**
+     * Set current session for tool execution context
+     */
+    setCurrentSession(session: SessionContext | null): void;
+    /**
+     * Get current session (for extracting client DID during tool execution)
+     */
+    getCurrentSession(): SessionContext | null;
+    /**
+     * Get current agent DID from session
+     */
+    getCurrentAgentDid(): string | null;
+    /**
+     * Clear all registrations
+     */
+    clear(): void;
+    /**
+     * Get all registered tool names
+     */
+    getProtectedTools(): string[];
+}
+/**
+ * Global singleton instance
+ */
+export declare const toolProtectionRegistry: ToolProtectionRegistry;
+/**
+ * Helper to check if a tool is protected
+ */
+export declare function isToolProtected(toolName: string): boolean;
+/**
+ * Helper to get tool protection config
+ */
+export declare function getToolProtection(toolName: string): ToolProtectionConfig | null;
+export {};

package/dist/runtime/tool-protection-registry.js

@@ -0,0 +1,140 @@
+"use strict";
+/**
+ * Global Tool Protection Registry
+ *
+ * Provides a global registry for tool protection configuration that can be
+ * accessed from compiled bundle code where the MCPIRuntime instance is not directly available.
+ *
+ * This is used by the compiler-generated tool handlers to check if a tool requires delegation
+ * BEFORE executing the handler function.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.toolProtectionRegistry = void 0;
+exports.isToolProtected = isToolProtected;
+exports.getToolProtection = getToolProtection;
+/**
+ * Global registry for tool protection configuration
+ */
+class ToolProtectionRegistry {
+    config = new Map();
+    delegationVerifier = null;
+    authConfig = null;
+    debug = false;
+    currentSession = null;
+    /**
+     * Register tool protection configuration
+     */
+    register(toolName, config) {
+        this.config.set(toolName, config);
+        if (this.debug) {
+            console.error(`[ToolProtectionRegistry] Registered protection for tool: ${toolName}`, config);
+        }
+    }
+    /**
+     * Bulk register multiple tool protections
+     */
+    registerAll(configs) {
+        for (const [toolName, config] of Object.entries(configs)) {
+            this.register(toolName, config);
+        }
+    }
+    /**
+     * Get tool protection configuration
+     */
+    get(toolName) {
+        return this.config.get(toolName) || null;
+    }
+    /**
+     * Check if a tool requires delegation
+     */
+    requiresDelegation(toolName) {
+        const config = this.get(toolName);
+        return config?.requiresDelegation || false;
+    }
+    /**
+     * Get required scopes for a tool
+     */
+    getRequiredScopes(toolName) {
+        const config = this.get(toolName);
+        return config?.requiredScopes || [];
+    }
+    /**
+     * Set delegation verifier (for runtime verification)
+     */
+    setDelegationVerifier(verifier) {
+        this.delegationVerifier = verifier;
+    }
+    /**
+     * Set auth config (for authorization handshake)
+     */
+    setAuthConfig(config) {
+        this.authConfig = config;
+    }
+    /**
+     * Get delegation verifier
+     */
+    getDelegationVerifier() {
+        return this.delegationVerifier;
+    }
+    /**
+     * Get auth config
+     */
+    getAuthConfig() {
+        return this.authConfig;
+    }
+    /**
+     * Enable debug logging
+     */
+    setDebug(enabled) {
+        this.debug = enabled;
+    }
+    /**
+     * Set current session for tool execution context
+     */
+    setCurrentSession(session) {
+        this.currentSession = session;
+    }
+    /**
+     * Get current session (for extracting client DID during tool execution)
+     */
+    getCurrentSession() {
+        return this.currentSession;
+    }
+    /**
+     * Get current agent DID from session
+     */
+    getCurrentAgentDid() {
+        return this.currentSession?.agentDid || null;
+    }
+    /**
+     * Clear all registrations
+     */
+    clear() {
+        this.config.clear();
+        this.delegationVerifier = null;
+        this.authConfig = null;
+        this.currentSession = null;
+    }
+    /**
+     * Get all registered tool names
+     */
+    getProtectedTools() {
+        return Array.from(this.config.keys());
+    }
+}
+/**
+ * Global singleton instance
+ */
+exports.toolProtectionRegistry = new ToolProtectionRegistry();
+/**
+ * Helper to check if a tool is protected
+ */
+function isToolProtected(toolName) {
+    return exports.toolProtectionRegistry.requiresDelegation(toolName);
+}
+/**
+ * Helper to get tool protection config
+ */
+function getToolProtection(toolName) {
+    return exports.toolProtectionRegistry.get(toolName);
+}

package/dist/runtime/tool-protection.d.ts

@@ -0,0 +1,120 @@
+/**
+ * Tool Protection Configuration and Resolution System (Phase 1.5)
+ *
+ * Enables zero-code tool protection by configuring which tools require delegation
+ * through configuration rather than manual code wrapping.
+ *
+ * Configuration Resolution Priority (highest to lowest):
+ * 1. Inline config (passed to runtime) - for testing and overrides
+ * 2. Local file (tool-protections.json) - for development
+ * 3. AgentShield API - for production (NOT IMPLEMENTED YET)
+ */
+/**
+ * Protection configuration for a single tool
+ */
+export interface ToolProtectionConfig {
+    /** Whether this tool requires delegation authorization */
+    requiresDelegation: boolean;
+    /** Required scopes for this tool (Phase 1: simple string array) */
+    requiredScopes?: string[];
+    /** Optional risk level indicator (for AgentShield UI) */
+    riskLevel?: 'low' | 'medium' | 'high' | 'critical';
+    /** Optional custom authorization URL for this specific tool */
+    authorizationUrl?: string;
+}
+/**
+ * Map of tool names to their protection configurations
+ */
+export type ToolProtectionMap = Record<string, ToolProtectionConfig>;
+/**
+ * Tool protection configuration source
+ */
+export interface ToolProtectionConfigSource {
+    /** Source name for debugging */
+    name: string;
+    /** Priority level (higher = higher priority) */
+    priority: number;
+    /** Load the configuration */
+    load(): Promise<ToolProtectionMap | null>;
+}
+/**
+ * Inline configuration source (highest priority)
+ */
+export declare class InlineToolProtectionSource implements ToolProtectionConfigSource {
+    private config;
+    name: string;
+    priority: number;
+    constructor(config: ToolProtectionMap);
+    load(): Promise<ToolProtectionMap | null>;
+}
+/**
+ * Local file configuration source
+ */
+export declare class FileToolProtectionSource implements ToolProtectionConfigSource {
+    private filePath;
+    name: string;
+    priority: number;
+    constructor(filePath: string);
+    load(): Promise<ToolProtectionMap | null>;
+}
+/**
+ * AgentShield API configuration source (lowest priority)
+ * NOTE: This is a placeholder for future implementation
+ */
+export declare class AgentShieldToolProtectionSource implements ToolProtectionConfigSource {
+    private apiUrl;
+    private agentDid;
+    private apiKey?;
+    name: string;
+    priority: number;
+    constructor(apiUrl: string, agentDid: string, apiKey?: string | undefined);
+    load(): Promise<ToolProtectionMap | null>;
+}
+/**
+ * Tool protection resolver - merges configs from multiple sources
+ */
+export declare class ToolProtectionResolver {
+    private sources;
+    private mergedConfig;
+    private debug;
+    constructor(options?: {
+        debug?: boolean;
+    });
+    /**
+     * Add a configuration source
+     */
+    addSource(source: ToolProtectionConfigSource): void;
+    /**
+     * Load and merge all configurations
+     */
+    resolve(): Promise<ToolProtectionMap>;
+    /**
+     * Get protection config for a specific tool
+     */
+    getToolProtection(toolName: string): ToolProtectionConfig | null;
+    /**
+     * Check if a tool requires delegation
+     */
+    requiresDelegation(toolName: string): boolean;
+    /**
+     * Get required scopes for a tool
+     */
+    getRequiredScopes(toolName: string): string[];
+}
+/**
+ * Create default tool protection resolver
+ */
+export declare function createToolProtectionResolver(options: {
+    /** Inline configuration (highest priority) */
+    inline?: ToolProtectionMap;
+    /** Local file path (default: tool-protections.json) */
+    localFile?: string | false;
+    /** AgentShield API configuration */
+    agentShield?: {
+        apiUrl: string;
+        agentDid: string;
+        apiKey?: string;
+    };
+    /** Enable debug logging */
+    debug?: boolean;
+}): ToolProtectionResolver;

package/dist/runtime/tool-protection.js

@@ -0,0 +1,192 @@
+"use strict";
+/**
+ * Tool Protection Configuration and Resolution System (Phase 1.5)
+ *
+ * Enables zero-code tool protection by configuring which tools require delegation
+ * through configuration rather than manual code wrapping.
+ *
+ * Configuration Resolution Priority (highest to lowest):
+ * 1. Inline config (passed to runtime) - for testing and overrides
+ * 2. Local file (tool-protections.json) - for development
+ * 3. AgentShield API - for production (NOT IMPLEMENTED YET)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ToolProtectionResolver = exports.AgentShieldToolProtectionSource = exports.FileToolProtectionSource = exports.InlineToolProtectionSource = void 0;
+exports.createToolProtectionResolver = createToolProtectionResolver;
+/**
+ * Inline configuration source (highest priority)
+ */
+class InlineToolProtectionSource {
+    config;
+    name = 'inline';
+    priority = 100;
+    constructor(config) {
+        this.config = config;
+    }
+    async load() {
+        return this.config;
+    }
+}
+exports.InlineToolProtectionSource = InlineToolProtectionSource;
+/**
+ * Local file configuration source
+ */
+class FileToolProtectionSource {
+    filePath;
+    name = 'file';
+    priority = 50;
+    constructor(filePath) {
+        this.filePath = filePath;
+    }
+    async load() {
+        try {
+            // Dynamic import to avoid bundling issues
+            const fs = await import('fs/promises');
+            const path = await import('path');
+            const fullPath = path.resolve(process.cwd(), this.filePath);
+            const content = await fs.readFile(fullPath, 'utf-8');
+            const config = JSON.parse(content);
+            // Validate structure
+            if (typeof config !== 'object' || config === null) {
+                console.warn(`[ToolProtection] Invalid config file at ${fullPath}: not an object`);
+                return null;
+            }
+            return config;
+        }
+        catch (error) {
+            // File not found is OK - just means no local config
+            if (error.code === 'ENOENT') {
+                return null;
+            }
+            console.warn(`[ToolProtection] Error loading config from ${this.filePath}:`, error);
+            return null;
+        }
+    }
+}
+exports.FileToolProtectionSource = FileToolProtectionSource;
+/**
+ * AgentShield API configuration source (lowest priority)
+ * NOTE: This is a placeholder for future implementation
+ */
+class AgentShieldToolProtectionSource {
+    apiUrl;
+    agentDid;
+    apiKey;
+    name = 'agentshield';
+    priority = 10;
+    constructor(apiUrl, agentDid, apiKey) {
+        this.apiUrl = apiUrl;
+        this.agentDid = agentDid;
+        this.apiKey = apiKey;
+    }
+    async load() {
+        // TODO: Implement AgentShield API fetch
+        // GET /v1/agents/{agentDid}/tool-protections
+        // Headers: { Authorization: `Bearer ${apiKey}` }
+        console.warn('[ToolProtection] AgentShield API source not yet implemented');
+        return null;
+    }
+}
+exports.AgentShieldToolProtectionSource = AgentShieldToolProtectionSource;
+/**
+ * Tool protection resolver - merges configs from multiple sources
+ */
+class ToolProtectionResolver {
+    sources = [];
+    mergedConfig = null;
+    debug;
+    constructor(options = {}) {
+        this.debug = options.debug || false;
+    }
+    /**
+     * Add a configuration source
+     */
+    addSource(source) {
+        this.sources.push(source);
+        // Sort by priority (highest first)
+        this.sources.sort((a, b) => b.priority - a.priority);
+    }
+    /**
+     * Load and merge all configurations
+     */
+    async resolve() {
+        if (this.mergedConfig) {
+            return this.mergedConfig;
+        }
+        const configs = [];
+        // Load from all sources in priority order
+        for (const source of this.sources) {
+            if (this.debug) {
+                console.error(`[ToolProtection] Loading config from source: ${source.name} (priority: ${source.priority})`);
+            }
+            const config = await source.load();
+            if (config) {
+                configs.push({ source: source.name, config });
+                if (this.debug) {
+                    console.error(`[ToolProtection] Loaded ${Object.keys(config).length} tool configs from ${source.name}`);
+                }
+            }
+        }
+        // Merge configs (higher priority sources override lower priority)
+        // Start with lowest priority and overlay higher priority configs
+        this.mergedConfig = {};
+        for (let i = configs.length - 1; i >= 0; i--) {
+            const { source, config } = configs[i];
+            for (const [toolName, toolConfig] of Object.entries(config)) {
+                if (this.debug && this.mergedConfig[toolName]) {
+                    console.error(`[ToolProtection] Tool "${toolName}" config from ${source} overrides previous config`);
+                }
+                this.mergedConfig[toolName] = toolConfig;
+            }
+        }
+        if (this.debug) {
+            console.error(`[ToolProtection] Final merged config has ${Object.keys(this.mergedConfig).length} protected tools`);
+            console.error('[ToolProtection] Protected tools:', Object.keys(this.mergedConfig));
+        }
+        return this.mergedConfig;
+    }
+    /**
+     * Get protection config for a specific tool
+     */
+    getToolProtection(toolName) {
+        if (!this.mergedConfig) {
+            throw new Error('ToolProtectionResolver not initialized - call resolve() first');
+        }
+        return this.mergedConfig[toolName] || null;
+    }
+    /**
+     * Check if a tool requires delegation
+     */
+    requiresDelegation(toolName) {
+        const config = this.getToolProtection(toolName);
+        return config?.requiresDelegation || false;
+    }
+    /**
+     * Get required scopes for a tool
+     */
+    getRequiredScopes(toolName) {
+        const config = this.getToolProtection(toolName);
+        return config?.requiredScopes || [];
+    }
+}
+exports.ToolProtectionResolver = ToolProtectionResolver;
+/**
+ * Create default tool protection resolver
+ */
+function createToolProtectionResolver(options) {
+    const resolver = new ToolProtectionResolver({ debug: options.debug });
+    // Add inline source if provided
+    if (options.inline) {
+        resolver.addSource(new InlineToolProtectionSource(options.inline));
+    }
+    // Add local file source unless explicitly disabled
+    if (options.localFile !== false) {
+        const filePath = options.localFile || 'tool-protections.json';
+        resolver.addSource(new FileToolProtectionSource(filePath));
+    }
+    // Add AgentShield source if configured
+    if (options.agentShield) {
+        resolver.addSource(new AgentShieldToolProtectionSource(options.agentShield.apiUrl, options.agentShield.agentDid, options.agentShield.apiKey));
+    }
+    return resolver;
+}

package/dist/runtime/transports/http/index.js

@@ -11,7 +11,8 @@ const corsConfig = HTTP_CORS_CONFIG;
 const middleware = INJECTED_MIDDLEWARE;
 // oauth config
 // @ts-expect-error: injected by compiler
-const oauthConfig = OAUTH_CONFIG;
+const oauthConfigRaw = OAUTH_CONFIG;
+const oauthConfig = (oauthConfigRaw && JSON.parse(oauthConfigRaw));
 async function main() {
     const options = {
         port: httpConfig?.port,