@kya-os/mcp-i 1.5.6-canary.3 → 1.5.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cache/cloudflare-kv-nonce-cache.d.ts +20 -3
- package/dist/cache/cloudflare-kv-nonce-cache.js +16 -11
- package/dist/cache/cloudflare-kv.d.ts +5 -3
- package/dist/cache/cloudflare-kv.js +6 -4
- package/dist/cache/dynamodb-nonce-cache.d.ts +10 -3
- package/dist/cache/dynamodb-nonce-cache.js +31 -15
- package/dist/cache/memory-nonce-cache.d.ts +2 -2
- package/dist/cache/memory-nonce-cache.js +8 -6
- package/dist/cache/nonce-cache-factory.js +11 -8
- package/dist/cache/redis-nonce-cache.d.ts +2 -2
- package/dist/cache/redis-nonce-cache.js +8 -5
- package/dist/runtime/adapter-express.js +1 -1
- package/dist/runtime/adapter-nextjs.js +1 -1
- package/dist/runtime/delegation-verifier-agentshield.d.ts +1 -0
- package/dist/runtime/delegation-verifier-agentshield.js +15 -59
- package/dist/runtime/http.js +1 -1
- package/dist/runtime/mcpi-runtime-wrapper.d.ts +10 -1
- package/dist/runtime/mcpi-runtime-wrapper.js +40 -0
- package/dist/runtime/session.js +2 -2
- package/dist/runtime/stdio.js +1 -1
- package/package.json +4 -4
|
@@ -4,14 +4,23 @@
|
|
|
4
4
|
* Node.js-specific runtime that extends the core runtime with Node.js providers.
|
|
5
5
|
* Provides backward compatibility by accepting legacy configuration format.
|
|
6
6
|
*/
|
|
7
|
-
import { MCPIRuntimeBase } from '@kya-os/mcp-i-core';
|
|
7
|
+
import { MCPIRuntimeBase, AccessControlApiService, ProofVerifier } from '@kya-os/mcp-i-core';
|
|
8
8
|
import type { MCPIRuntimeConfig } from './mcpi-runtime';
|
|
9
9
|
/**
|
|
10
10
|
* Node.js-specific runtime implementation
|
|
11
11
|
*/
|
|
12
12
|
export declare class MCPINodeRuntimeWrapper extends MCPIRuntimeBase {
|
|
13
13
|
private legacyConfig;
|
|
14
|
+
protected accessControlService?: AccessControlApiService;
|
|
14
15
|
constructor(config?: MCPIRuntimeConfig);
|
|
16
|
+
/**
|
|
17
|
+
* Set AccessControlApiService (for testing or manual injection)
|
|
18
|
+
*/
|
|
19
|
+
setAccessControlService(service: AccessControlApiService): void;
|
|
20
|
+
/**
|
|
21
|
+
* Set ProofVerifier (for testing or manual injection)
|
|
22
|
+
*/
|
|
23
|
+
setProofVerifier(verifier: ProofVerifier): void;
|
|
15
24
|
}
|
|
16
25
|
/**
|
|
17
26
|
* Factory function for creating Node.js runtime
|
|
@@ -55,10 +55,50 @@ function createProvidersFromConfig(config) {
|
|
|
55
55
|
*/
|
|
56
56
|
class MCPINodeRuntimeWrapper extends mcp_i_core_1.MCPIRuntimeBase {
|
|
57
57
|
legacyConfig;
|
|
58
|
+
accessControlService; // Access control API service
|
|
59
|
+
// proofVerifier is inherited from MCPIRuntimeBase (protected), no need to redeclare
|
|
58
60
|
constructor(config = {}) {
|
|
59
61
|
const coreConfig = createProvidersFromConfig(config);
|
|
60
62
|
super(coreConfig);
|
|
61
63
|
this.legacyConfig = config;
|
|
64
|
+
// Instantiate ProofVerifier
|
|
65
|
+
// Access protected property from base class using type assertion
|
|
66
|
+
this.proofVerifier = new mcp_i_core_1.ProofVerifier({
|
|
67
|
+
cryptoProvider: coreConfig.cryptoProvider,
|
|
68
|
+
clockProvider: coreConfig.clockProvider,
|
|
69
|
+
nonceCacheProvider: coreConfig.nonceCacheProvider,
|
|
70
|
+
fetchProvider: coreConfig.fetchProvider,
|
|
71
|
+
timestampSkewSeconds: coreConfig.session?.timestampSkewSeconds || 120,
|
|
72
|
+
});
|
|
73
|
+
// Instantiate AccessControlApiService if API key is available
|
|
74
|
+
const apiKey = process.env.AGENTSHIELD_API_KEY;
|
|
75
|
+
const apiUrl = process.env.AGENTSHIELD_API_URL || 'https://kya.vouched.id';
|
|
76
|
+
if (apiKey) {
|
|
77
|
+
this.accessControlService = new mcp_i_core_1.AccessControlApiService({
|
|
78
|
+
baseUrl: apiUrl,
|
|
79
|
+
apiKey,
|
|
80
|
+
fetchProvider: coreConfig.fetchProvider,
|
|
81
|
+
logger: (msg, data) => {
|
|
82
|
+
if (coreConfig.environment === 'development') {
|
|
83
|
+
console.log(`[AccessControl] ${msg}`, data);
|
|
84
|
+
}
|
|
85
|
+
},
|
|
86
|
+
});
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
/**
|
|
90
|
+
* Set AccessControlApiService (for testing or manual injection)
|
|
91
|
+
*/
|
|
92
|
+
setAccessControlService(service) {
|
|
93
|
+
this.accessControlService = service;
|
|
94
|
+
}
|
|
95
|
+
/**
|
|
96
|
+
* Set ProofVerifier (for testing or manual injection)
|
|
97
|
+
*/
|
|
98
|
+
setProofVerifier(verifier) {
|
|
99
|
+
// Set the base class protected property directly
|
|
100
|
+
// Use type assertion to access protected property from base class
|
|
101
|
+
this.proofVerifier = verifier;
|
|
62
102
|
}
|
|
63
103
|
}
|
|
64
104
|
exports.MCPINodeRuntimeWrapper = MCPINodeRuntimeWrapper;
|
package/dist/runtime/session.js
CHANGED
|
@@ -60,7 +60,7 @@ class SessionManager {
|
|
|
60
60
|
};
|
|
61
61
|
}
|
|
62
62
|
// Validate nonce (must be unique within session window)
|
|
63
|
-
const nonceExists = await this.config.nonceCache.has(request.nonce);
|
|
63
|
+
const nonceExists = await this.config.nonceCache.has(request.nonce, request.agentDid);
|
|
64
64
|
if (nonceExists) {
|
|
65
65
|
return {
|
|
66
66
|
success: false,
|
|
@@ -73,7 +73,7 @@ class SessionManager {
|
|
|
73
73
|
}
|
|
74
74
|
// Add nonce to cache with TTL >= session TTL
|
|
75
75
|
const nonceTtlSeconds = this.config.sessionTtlMinutes * 60 + 60; // Session TTL + 1 minute buffer
|
|
76
|
-
await this.config.nonceCache.add(request.nonce, nonceTtlSeconds);
|
|
76
|
+
await this.config.nonceCache.add(request.nonce, nonceTtlSeconds, request.agentDid);
|
|
77
77
|
// Generate session ID
|
|
78
78
|
const sessionId = this.generateSessionId();
|
|
79
79
|
// Create session context
|