@kya-os/mcp-i 1.5.6-canary.3 → 1.5.8-canary.1

package/dist/runtime/delegation-verifier-agentshield.d.ts

@@ -33,6 +33,7 @@ export declare class AgentShieldAPIDelegationVerifier implements DelegationVerif
     private cache;
     private cacheTtl;
     private debug;
+    private accessControlService;
     constructor(config: DelegationVerifierConfig);
     /**
      * Verify agent delegation via API

package/dist/runtime/delegation-verifier-agentshield.js

@@ -26,6 +26,8 @@ exports.AgentShieldAPIDelegationVerifier = void 0;
 const delegation_1 = require("@kya-os/contracts/delegation");
 const agentshield_api_1 = require("@kya-os/contracts/agentshield-api");
 const delegation_verifier_1 = require("./delegation-verifier");
+const mcp_i_core_1 = require("@kya-os/mcp-i-core");
+const node_providers_1 = require("../providers/node-providers");
 /**
  * Simple in-memory cache (same as KV verifier)
  */
@@ -75,6 +77,7 @@ class AgentShieldAPIDelegationVerifier {
     cache;
     cacheTtl;
     debug;
+    accessControlService;
     constructor(config) {
         if (!config.agentshield?.apiUrl || !config.agentshield?.apiKey) {
             throw new Error("AgentShieldAPIDelegationVerifier requires agentshield.apiUrl and agentshield.apiKey in config");
@@ -84,6 +87,14 @@ class AgentShieldAPIDelegationVerifier {
         this.cache = new DelegationCache();
         this.cacheTtl = config.cacheTtl || 60_000; // Default 1 minute
         this.debug = config.debug || false;
+        // Create AccessControlApiService instance
+        const fetchProvider = new node_providers_1.NodeFetchProvider();
+        this.accessControlService = new mcp_i_core_1.AccessControlApiService({
+            baseUrl: this.apiUrl,
+            apiKey: this.apiKey,
+            fetchProvider,
+            logger: this.debug ? (msg, data) => console.log(`[AgentShield] ${msg}`, data) : undefined,
+        });
     }
     /**
      * Verify agent delegation via API
@@ -125,65 +136,10 @@ class AgentShieldAPIDelegationVerifier {
                 agent_did: agentDid,
                 scopes,
             });
-            // Use the correct AgentShield bouncer API endpoint
-            const response = await fetch(`${this.apiUrl}/api/v1/bouncer/delegations/verify`, {
-                method: "POST",
-                headers: {
-                    "Content-Type": "application/json",
-                    Authorization: `Bearer ${this.apiKey}`,
-                },
-                body: JSON.stringify(requestBody),
-            });
-            if (!response.ok) {
-                // Handle API errors using standard error format
-                if (response.status === 404) {
-                    const result = {
-                        valid: false,
-                        reason: "No delegation found",
-                        cached: false,
-                    };
-                    this.cache.set(cacheKey, result, this.cacheTtl / 2);
-                    return result;
-                }
-                if (response.status === 401 || response.status === 403) {
-                    const error = {
-                        error: "authentication_failed",
-                        message: `AgentShield API authentication failed: ${response.status}`,
-                        httpStatus: response.status,
-                    };
-                    throw new agentshield_api_1.AgentShieldAPIError(error.error, error.message, error.details);
-                }
-                const error = {
-                    error: "api_error",
-                    message: `AgentShield API error: ${response.status} ${response.statusText}`,
-                    httpStatus: response.status,
-                };
-                throw new agentshield_api_1.AgentShieldAPIError(error.error, error.message, error.details);
-            }
-            // Validate response using standard AgentShield API response schema
-            const responseBody = await response.json();
-            const parsedResponse = agentshield_api_1.verifyDelegationAPIResponseSchema.safeParse(responseBody);
-            if (!parsedResponse.success) {
-                // If response doesn't match standard wrapper, try direct data format
-                const directData = agentshield_api_1.verifyDelegationResponseSchema.safeParse(responseBody);
-                if (!directData.success) {
-                    throw new agentshield_api_1.AgentShieldAPIError("invalid_response", "AgentShield API returned invalid response format", { validationErrors: parsedResponse.error.errors });
-                }
-                // Use direct data format (backward compatibility)
-                const data = directData.data;
-                const result = {
-                    valid: data.valid,
-                    delegation: data.delegation,
-                    reason: data.reason,
-                    cached: false,
-                };
-                const ttl = data.valid ? this.cacheTtl : this.cacheTtl / 2;
-                this.cache.set(cacheKey, result, ttl);
-                return result;
-            }
-            // Standard wrapped response format
-            const wrappedResponse = parsedResponse.data;
-            const data = wrappedResponse.data;
+            // Use AccessControlApiService for API call
+            const response = await this.accessControlService.verifyDelegation(requestBody);
+            // Extract data from wrapped response
+            const data = response.data;
             // Build result from validated response
             const result = {
                 valid: data.valid,