@kya-os/mcp-i 1.5.6-canary.1 → 1.5.6-canary.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/runtime/adapter-express.js +1 -1
- package/dist/runtime/adapter-nextjs.js +1 -1
- package/dist/runtime/http.js +1 -1
- package/dist/runtime/proof.d.ts +4 -0
- package/dist/runtime/proof.js +36 -5
- package/dist/runtime/stdio.js +1 -1
- package/dist/runtime/verifier-middleware.d.ts +25 -2
- package/dist/runtime/verifier-middleware.js +82 -6
- package/package.json +2 -2
package/dist/runtime/proof.d.ts
CHANGED
|
@@ -72,6 +72,10 @@ export declare class ProofGenerator {
|
|
|
72
72
|
* Verify a proof (for testing/validation)
|
|
73
73
|
*/
|
|
74
74
|
verifyProof(proof: DetachedProof, request: ToolRequest, response: ToolResponse): Promise<boolean>;
|
|
75
|
+
/**
|
|
76
|
+
* Convert base64 public key to Ed25519 JWK format
|
|
77
|
+
*/
|
|
78
|
+
private base64PublicKeyToJWK;
|
|
75
79
|
}
|
|
76
80
|
/**
|
|
77
81
|
* Utility functions
|
package/dist/runtime/proof.js
CHANGED
|
@@ -12,6 +12,8 @@ exports.extractCanonicalData = extractCanonicalData;
|
|
|
12
12
|
const crypto_1 = require("crypto");
|
|
13
13
|
const jose_1 = require("jose");
|
|
14
14
|
const json_canonicalize_1 = require("json-canonicalize");
|
|
15
|
+
const mcp_i_core_1 = require("@kya-os/mcp-i-core");
|
|
16
|
+
const node_providers_1 = require("../providers/node-providers");
|
|
15
17
|
/**
|
|
16
18
|
* Proof generator class
|
|
17
19
|
*/
|
|
@@ -174,15 +176,44 @@ class ProofGenerator {
|
|
|
174
176
|
proof.meta.responseHash !== expectedHashes.responseHash) {
|
|
175
177
|
return false;
|
|
176
178
|
}
|
|
177
|
-
//
|
|
178
|
-
|
|
179
|
-
const
|
|
180
|
-
|
|
179
|
+
// Verify JWS signature using CryptoService
|
|
180
|
+
const publicKeyJwk = this.base64PublicKeyToJWK(this.identity.publicKey);
|
|
181
|
+
const cryptoProvider = new node_providers_1.NodeCryptoProvider();
|
|
182
|
+
const cryptoService = new mcp_i_core_1.CryptoService(cryptoProvider);
|
|
183
|
+
const isValid = await cryptoService.verifyJWS(proof.jws, publicKeyJwk, {
|
|
184
|
+
expectedKid: this.identity.kid,
|
|
185
|
+
alg: "EdDSA",
|
|
186
|
+
});
|
|
187
|
+
return isValid;
|
|
181
188
|
}
|
|
182
|
-
catch {
|
|
189
|
+
catch (error) {
|
|
190
|
+
console.error("[ProofGenerator] Proof verification error:", error);
|
|
183
191
|
return false;
|
|
184
192
|
}
|
|
185
193
|
}
|
|
194
|
+
/**
|
|
195
|
+
* Convert base64 public key to Ed25519 JWK format
|
|
196
|
+
*/
|
|
197
|
+
base64PublicKeyToJWK(publicKeyBase64) {
|
|
198
|
+
// Decode base64 to bytes
|
|
199
|
+
const publicKeyBytes = Buffer.from(publicKeyBase64, "base64");
|
|
200
|
+
// Verify key length (Ed25519 public keys are 32 bytes)
|
|
201
|
+
if (publicKeyBytes.length !== 32) {
|
|
202
|
+
throw new Error(`Invalid Ed25519 public key length: ${publicKeyBytes.length}`);
|
|
203
|
+
}
|
|
204
|
+
// Convert to base64url encoding
|
|
205
|
+
const base64url = Buffer.from(publicKeyBytes)
|
|
206
|
+
.toString("base64")
|
|
207
|
+
.replace(/\+/g, "-")
|
|
208
|
+
.replace(/\//g, "_")
|
|
209
|
+
.replace(/=/g, "");
|
|
210
|
+
return {
|
|
211
|
+
kty: "OKP",
|
|
212
|
+
crv: "Ed25519",
|
|
213
|
+
x: base64url,
|
|
214
|
+
kid: this.identity.kid,
|
|
215
|
+
};
|
|
216
|
+
}
|
|
186
217
|
}
|
|
187
218
|
exports.ProofGenerator = ProofGenerator;
|
|
188
219
|
/**
|