@kya-os/mcp-i 1.5.4 → 1.5.6-canary.0

package/dist/runtime/identity.d.ts

@@ -37,9 +37,12 @@ export interface ProdEnvironment {
     KYA_VOUCHED_API_KEY: string;
 }
 /**
- * Identity management configuration
+ * Runtime Identity Manager Configuration
+ *
+ * Configuration for the IdentityManager class in the MCP-I runtime.
+ * Controls how identity is loaded and managed at runtime.
  */
-export interface IdentityConfig {
+export interface RuntimeIdentityManagerConfig {
     environment: "development" | "production";
     devIdentityPath?: string;
     privacyMode?: boolean;
@@ -58,7 +61,7 @@ export declare const IDENTITY_ERRORS: {
 export declare class IdentityManager {
     private config;
     private cachedIdentity?;
-    constructor(config?: IdentityConfig);
+    constructor(config?: RuntimeIdentityManagerConfig);
     /**
      * Load or generate agent identity
      * Requirements: 4.1, 4.2, 4.3, 4.4
@@ -102,7 +105,7 @@ export declare class IdentityManager {
     /**
      * Get current configuration
      */
-    getConfig(): IdentityConfig;
+    getConfig(): RuntimeIdentityManagerConfig;
 }
 /**
  * Default identity manager instance
@@ -111,4 +114,4 @@ export declare const defaultIdentityManager: IdentityManager;
 /**
  * Convenience function to ensure identity
  */
-export declare function ensureIdentity(config?: IdentityConfig): Promise<AgentIdentity>;
+export declare function ensureIdentity(config?: RuntimeIdentityManagerConfig): Promise<AgentIdentity>;

package/dist/runtime/index.d.ts

@@ -4,9 +4,10 @@
  * Identity-aware MCP runtime with proof generation, session management,
  * audit logging, and well-known endpoints.
  */
-export { MCPIRuntimeWrapper as MCPIRuntime, createMCPIRuntime } from "./mcpi-runtime-wrapper";
+export { MCPINodeRuntimeWrapper, MCPINodeRuntimeWrapper as MCPIRuntime, // Backward compatibility alias
+createMCPIRuntime } from "./mcpi-runtime-wrapper";
 export { RuntimeFactory, RUNTIME_ERRORS, type MCPIRuntimeConfig, type RuntimeEnvironment, } from "./mcpi-runtime";
-export { IdentityManager, defaultIdentityManager, ensureIdentity, IDENTITY_ERRORS, type AgentIdentity, type DevIdentityFile, type ProdEnvironment, type IdentityConfig, } from "./identity";
+export { IdentityManager, defaultIdentityManager, ensureIdentity, IDENTITY_ERRORS, type AgentIdentity, type DevIdentityFile, type ProdEnvironment, type RuntimeIdentityManagerConfig, } from "./identity";
 export { SessionManager, defaultSessionManager, createHandshakeRequest, validateHandshakeFormat, type SessionConfig, type HandshakeResult, } from "./session";
 export { ProofGenerator, createProofResponse, extractCanonicalData, type ToolRequest, type ToolResponse, type ProofOptions, } from "./proof";
 export { AuditLogger, defaultAuditLogger, logKeyRotationAudit, parseAuditLine, validateAuditRecord, type AuditConfig, type AuditContext, type KeyRotationAuditContext, } from "./audit";

package/dist/runtime/index.js

@@ -6,11 +6,12 @@
  * audit logging, and well-known endpoints.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AgentShieldToolProtectionSource = exports.FileToolProtectionSource = exports.InlineToolProtectionSource = exports.createToolProtectionResolver = exports.ToolProtectionResolver = exports.MemoryDelegationVerifier = exports.AgentShieldAPIDelegationVerifier = exports.CloudflareKVDelegationVerifier = exports.createProofBatchQueue = exports.AgentShieldProofDestination = exports.KTAProofDestination = exports.ProofBatchQueue = exports.MemoryResumeTokenStore = exports.hasSensitiveScopes = exports.verifyOrHints = exports.extractScopes = exports.validateDelegation = exports.checkScopes = exports.createDelegationVerifier = exports.formatVerifyLink = exports.DemoConsole = exports.createDemoManager = exports.DemoManager = exports.createDebugEndpoint = exports.DebugManager = exports.extractDIDFromPath = exports.validateAgentDocument = exports.validateDIDDocument = exports.createWellKnownHandler = exports.WellKnownManager = exports.validateAuditRecord = exports.parseAuditLine = exports.logKeyRotationAudit = exports.defaultAuditLogger = exports.AuditLogger = exports.extractCanonicalData = exports.createProofResponse = exports.ProofGenerator = exports.validateHandshakeFormat = exports.createHandshakeRequest = exports.defaultSessionManager = exports.SessionManager = exports.IDENTITY_ERRORS = exports.ensureIdentity = exports.defaultIdentityManager = exports.IdentityManager = exports.RUNTIME_ERRORS = exports.RuntimeFactory = exports.createMCPIRuntime = exports.MCPIRuntime = void 0;
-exports.getToolProtection = exports.isToolProtected = exports.toolProtectionRegistry = void 0;
-// Main runtime - now using core with Node.js providers
+exports.FileToolProtectionSource = exports.InlineToolProtectionSource = exports.createToolProtectionResolver = exports.ToolProtectionResolver = exports.MemoryDelegationVerifier = exports.AgentShieldAPIDelegationVerifier = exports.CloudflareKVDelegationVerifier = exports.createProofBatchQueue = exports.AgentShieldProofDestination = exports.KTAProofDestination = exports.ProofBatchQueue = exports.MemoryResumeTokenStore = exports.hasSensitiveScopes = exports.verifyOrHints = exports.extractScopes = exports.validateDelegation = exports.checkScopes = exports.createDelegationVerifier = exports.formatVerifyLink = exports.DemoConsole = exports.createDemoManager = exports.DemoManager = exports.createDebugEndpoint = exports.DebugManager = exports.extractDIDFromPath = exports.validateAgentDocument = exports.validateDIDDocument = exports.createWellKnownHandler = exports.WellKnownManager = exports.validateAuditRecord = exports.parseAuditLine = exports.logKeyRotationAudit = exports.defaultAuditLogger = exports.AuditLogger = exports.extractCanonicalData = exports.createProofResponse = exports.ProofGenerator = exports.validateHandshakeFormat = exports.createHandshakeRequest = exports.defaultSessionManager = exports.SessionManager = exports.IDENTITY_ERRORS = exports.ensureIdentity = exports.defaultIdentityManager = exports.IdentityManager = exports.RUNTIME_ERRORS = exports.RuntimeFactory = exports.createMCPIRuntime = exports.MCPIRuntime = exports.MCPINodeRuntimeWrapper = void 0;
+exports.getToolProtection = exports.isToolProtected = exports.toolProtectionRegistry = exports.AgentShieldToolProtectionSource = void 0;
+// Main runtime - Node.js implementation with providers
 var mcpi_runtime_wrapper_1 = require("./mcpi-runtime-wrapper");
-Object.defineProperty(exports, "MCPIRuntime", { enumerable: true, get: function () { return mcpi_runtime_wrapper_1.MCPIRuntimeWrapper; } });
+Object.defineProperty(exports, "MCPINodeRuntimeWrapper", { enumerable: true, get: function () { return mcpi_runtime_wrapper_1.MCPINodeRuntimeWrapper; } });
+Object.defineProperty(exports, "MCPIRuntime", { enumerable: true, get: function () { return mcpi_runtime_wrapper_1.MCPINodeRuntimeWrapper; } });
 Object.defineProperty(exports, "createMCPIRuntime", { enumerable: true, get: function () { return mcpi_runtime_wrapper_1.createMCPIRuntime; } });
 // Legacy exports for compatibility
 var mcpi_runtime_1 = require("./mcpi-runtime");

package/dist/runtime/mcpi-runtime-wrapper.d.ts

@@ -1,19 +1,24 @@
 /**
- * MCPIRuntime Wrapper
+ * MCPINodeRuntimeWrapper
  *
- * Extends the core runtime with Node.js-specific providers while
- * maintaining the exact same API for backward compatibility.
+ * Node.js-specific runtime that extends the core runtime with Node.js providers.
+ * Provides backward compatibility by accepting legacy configuration format.
  */
 import { MCPIRuntimeBase } from '@kya-os/mcp-i-core';
 import type { MCPIRuntimeConfig } from './mcpi-runtime';
 /**
- * Enhanced MCPIRuntime using the core with Node.js providers
+ * Node.js-specific runtime implementation
  */
-export declare class MCPIRuntimeWrapper extends MCPIRuntimeBase {
+export declare class MCPINodeRuntimeWrapper extends MCPIRuntimeBase {
     private legacyConfig;
     constructor(config?: MCPIRuntimeConfig);
 }
 /**
- * Factory function for creating runtime
+ * Factory function for creating Node.js runtime
  */
-export declare function createMCPIRuntime(config?: MCPIRuntimeConfig): MCPIRuntimeWrapper;
+export declare function createMCPIRuntime(config?: MCPIRuntimeConfig): MCPINodeRuntimeWrapper;
+/**
+ * Alias for backward compatibility
+ * @deprecated Use MCPINodeRuntimeWrapper
+ */
+export declare const MCPIRuntimeWrapper: typeof MCPINodeRuntimeWrapper;

package/dist/runtime/mcpi-runtime-wrapper.js

@@ -1,15 +1,15 @@
 "use strict";
 /**
- * MCPIRuntime Wrapper
+ * MCPINodeRuntimeWrapper
  *
- * Extends the core runtime with Node.js-specific providers while
- * maintaining the exact same API for backward compatibility.
+ * Node.js-specific runtime that extends the core runtime with Node.js providers.
+ * Provides backward compatibility by accepting legacy configuration format.
  */
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.MCPIRuntimeWrapper = void 0;
+exports.MCPIRuntimeWrapper = exports.MCPINodeRuntimeWrapper = void 0;
 exports.createMCPIRuntime = createMCPIRuntime;
 const mcp_i_core_1 = require("@kya-os/mcp-i-core");
 const node_providers_1 = require("../providers/node-providers");
@@ -34,26 +34,26 @@ function createProvidersFromConfig(config) {
         nonceCacheProvider,
         identityProvider,
         environment: config.identity?.environment || 'development',
-        timestampSkewSeconds: config.session?.timestampSkewSeconds || 120,
-        sessionTtlMinutes: config.session?.sessionTtlMinutes || 30,
+        session: {
+            timestampSkewSeconds: config.session?.timestampSkewSeconds || 120,
+            ttlMinutes: config.session?.sessionTtlMinutes || 30
+        },
         audit: config.audit ? {
             enabled: config.audit.enabled !== false,
             logFunction: config.audit.logFunction,
-            includePayloads: config.audit.includePayloads
+            includePayloads: config.audit.includePayloads,
+            includeProofHashes: config.audit.includeProofHashes
         } : undefined,
         wellKnown: config.wellKnown ? {
             enabled: true,
-            serviceName: config.wellKnown.agentMetadata?.name,
-            serviceEndpoint: config.wellKnown.baseUrl
-        } : undefined,
-        showVerifyLink: config.runtime?.showVerifyLink !== false,
-        identityBadge: config.demo?.identityBadge || config.runtime?.identityBadge || false
+            serviceName: config.wellKnown.agentMetadata?.name
+        } : undefined
     };
 }
 /**
- * Enhanced MCPIRuntime using the core with Node.js providers
+ * Node.js-specific runtime implementation
  */
-class MCPIRuntimeWrapper extends mcp_i_core_1.MCPIRuntimeBase {
+class MCPINodeRuntimeWrapper extends mcp_i_core_1.MCPIRuntimeBase {
     legacyConfig;
     constructor(config = {}) {
         const coreConfig = createProvidersFromConfig(config);
@@ -61,10 +61,15 @@ class MCPIRuntimeWrapper extends mcp_i_core_1.MCPIRuntimeBase {
         this.legacyConfig = config;
     }
 }
-exports.MCPIRuntimeWrapper = MCPIRuntimeWrapper;
+exports.MCPINodeRuntimeWrapper = MCPINodeRuntimeWrapper;
 /**
- * Factory function for creating runtime
+ * Factory function for creating Node.js runtime
  */
 function createMCPIRuntime(config) {
-    return new MCPIRuntimeWrapper(config);
+    return new MCPINodeRuntimeWrapper(config);
 }
+/**
+ * Alias for backward compatibility
+ * @deprecated Use MCPINodeRuntimeWrapper
+ */
+exports.MCPIRuntimeWrapper = MCPINodeRuntimeWrapper;

package/dist/runtime/mcpi-runtime.d.ts

@@ -24,6 +24,8 @@ export interface RuntimeEnvironment {
 }
 /**
  * XMCP-I Runtime configuration
+ * @deprecated Use NodeRuntimeConfig from @kya-os/mcp-i/config instead.
+ * This interface is maintained for backward compatibility only.
  */
 export interface MCPIRuntimeConfig {
     identity?: {
@@ -40,6 +42,7 @@ export interface MCPIRuntimeConfig {
         enabled?: boolean;
         logFunction?: (record: string) => void;
         includePayloads?: boolean;
+        includeProofHashes?: boolean;
     };
     proofing?: {
         /** Enable proof generation and submission */
@@ -108,6 +111,10 @@ export interface MCPIRuntimeConfig {
 /**
  * XMCP-I Runtime class
  */
+/**
+ * @deprecated Use MCPINodeRuntimeWrapper instead.
+ * This class is maintained for backward compatibility only.
+ */
 export declare class MCPIRuntime {
     private identityManager;
     private sessionManager;

package/dist/runtime/mcpi-runtime.js

@@ -22,6 +22,10 @@ const tool_protection_registry_1 = require("./tool-protection-registry");
 /**
  * XMCP-I Runtime class
  */
+/**
+ * @deprecated Use MCPINodeRuntimeWrapper instead.
+ * This class is maintained for backward compatibility only.
+ */
 class MCPIRuntime {
     identityManager;
     sessionManager;
@@ -63,6 +67,8 @@ class MCPIRuntime {
         this.checkRuntimeEnvironment();
         // Ensure identity is loaded
         this.cachedIdentity = await this.identityManager.ensureIdentity();
+        // Set server DID in session manager (for session context)
+        this.sessionManager.setServerDid(this.cachedIdentity.did);
         // Create tool protection resolver NOW that we have the agent DID (NEW - Phase 1.5)
         if (this.config.delegation?.enabled) {
             this.toolProtectionResolver = (0, tool_protection_1.createToolProtectionResolver)({

package/dist/runtime/proof.d.ts

@@ -30,6 +30,7 @@ export interface ToolResponse {
 export interface ProofOptions {
     scopeId?: string;
     delegationRef?: string;
+    clientDid?: string;
 }
 /**
  * Proof generator class

package/dist/runtime/proof.js

@@ -37,7 +37,7 @@ class ProofGenerator {
             sessionId: session.sessionId,
             requestHash: hashes.requestHash,
             responseHash: hashes.responseHash,
-            ...options, // Include scopeId and delegationRef if provided
+            ...options, // Include scopeId, delegationRef, and clientDid if provided
         };
         // Generate JWS (compact format)
         const jws = await this.generateJWS(meta);
@@ -113,6 +113,7 @@ class ProofGenerator {
                 // Optional claims
                 ...(meta.scopeId && { scopeId: meta.scopeId }),
                 ...(meta.delegationRef && { delegationRef: meta.delegationRef }),
+                ...(meta.clientDid && { clientDid: meta.clientDid }),
             };
             // Create and sign JWT (compact format: header.payload.signature)
             const jwt = await new jose_1.SignJWT(payload)

package/dist/runtime/session.d.ts

@@ -13,6 +13,7 @@ export interface SessionConfig {
     sessionTtlMinutes?: number;
     absoluteSessionLifetime?: number;
     nonceCache?: NonceCache;
+    serverDid?: string;
 }
 /**
  * Handshake validation result
@@ -33,6 +34,11 @@ export declare class SessionManager {
     private config;
     private sessions;
     constructor(config?: SessionConfig);
+    /**
+     * Set server DID for session creation
+     * Called after identity is loaded
+     */
+    setServerDid(serverDid: string): void;
     /**
      * Validate handshake and create or retrieve session
      * Requirements: 4.5, 4.6, 4.7, 4.8, 4.9

package/dist/runtime/session.js

@@ -33,6 +33,13 @@ class SessionManager {
                 "Consider using Redis, DynamoDB, or Cloudflare KV for production.");
         }
     }
+    /**
+     * Set server DID for session creation
+     * Called after identity is loaded
+     */
+    setServerDid(serverDid) {
+        this.config.serverDid = serverDid;
+    }
     /**
      * Validate handshake and create or retrieve session
      * Requirements: 4.5, 4.6, 4.7, 4.8, 4.9
@@ -79,6 +86,7 @@ class SessionManager {
                 lastActivity: now,
                 ttlMinutes: this.config.sessionTtlMinutes,
                 agentDid: request.agentDid, // Pass through agent DID for delegation verification
+                ...(this.config.serverDid && { serverDid: this.config.serverDid }), // Include server DID if provided
             };
             // Store session
             this.sessions.set(sessionId, session);