npm - @kya-os/mcp-i - Versions diffs - 1.5.9 → 1.6.1 - Mend

@kya-os/mcp-i 1.5.9 → 1.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/295.js +1 -1
package/dist/cli-adapter/index.d.ts +2 -0
package/dist/cli-adapter/index.js +9 -5
package/dist/cli-adapter/kta-registration.d.ts +9 -0
package/dist/cli-adapter/kta-registration.js +75 -0
package/dist/compiler/get-webpack-config/index.js +11 -2
package/dist/index.js.LICENSE.txt +0 -6
package/dist/runtime/adapter-express.js +1 -1
package/dist/runtime/adapter-nextjs.js +1 -1
package/dist/runtime/audit.d.ts +53 -0
package/dist/runtime/audit.js +62 -0
package/dist/runtime/http.js +1 -1
package/dist/runtime/identity.d.ts +12 -0
package/dist/runtime/identity.js +15 -1
package/dist/runtime/index.d.ts +1 -1
package/dist/runtime/mcpi-runtime-wrapper.d.ts +2 -3
package/dist/runtime/mcpi-runtime-wrapper.js +20 -17
package/dist/runtime/stdio.js +1 -1
package/package.json +22 -18

package/dist/runtime/audit.d.ts CHANGED Viewed

@@ -1,6 +1,10 @@
 /**
  * Audit Logging System for MCP-I Runtime
  *
+ * TODO: Update AuditLogger to implement IAuditLogger from @kya-os/mcp-i-core/runtime/audit-logger.
+ * Currently using Node.js-specific implementation. This will allow the interface to be used
+ * across all platform implementations while maintaining platform-specific crypto implementations.
+ *
  * Handles audit record generation and logging with frozen format
  * according to requirements 5.4, 5.5, and 6.7 (configurable retention).
  *
@@ -257,6 +261,38 @@ export interface AuditContext {
      */
     scopeId?: string;
 }
+/**
+ * Event context for logging events that bypass session deduplication
+ *
+ * Used for consent events where multiple events occur in the same session.
+ * Unlike AuditContext, this allows multiple events per session.
+ */
+export interface AuditEventContext {
+    /**
+     * Event type identifier
+     *
+     * @example "consent:page_viewed", "consent:approved", "runtime:initialized"
+     */
+    eventType: string;
+    /**
+     * Agent identity
+     *
+     * Only `did` and `keyId` are logged. Private key is NEVER logged.
+     */
+    identity: AgentIdentity;
+    /**
+     * Session context
+     *
+     * Only `sessionId` and `audience` are logged. Nonce is NEVER logged.
+     */
+    session: SessionContext;
+    /**
+     * Optional event-specific data
+     *
+     * Used for generating event hash. Not logged directly.
+     */
+    eventData?: Record<string, any>;
+}
 /**
  * Audit logger class with event-driven rotation support
  *
@@ -291,6 +327,23 @@ export declare class AuditLogger {
      * 4. Triggers rotation hooks if threshold met
      */
     logAuditRecord(context: AuditContext): Promise<void>;
+    /**
+     * Log an event using the frozen audit format WITHOUT session deduplication.
+     *
+     * Unlike logAuditRecord(), this method ALWAYS logs the event, regardless
+     * of whether an event has already been logged for this session. This is
+     * necessary for consent events where multiple events occur in the same session.
+     *
+     * The event still uses the frozen audit.v1 format for consistency, but
+     * bypasses the "once per session" constraint.
+     *
+     * @param context - Event context including eventType, identity, session, and eventData
+     */
+    logEvent(context: AuditEventContext): Promise<void>;
+    /**
+     * Generate deterministic hash for event
+     */
+    private hashEvent;
     /**
      * Format audit record as frozen audit line
      * Format: audit.v1 ts=<unix> session=<id> audience=<host> did=<did> kid=<kid> reqHash=<sha256:..> resHash=<sha256:..> verified=yes|no scope=<scopeId|->

package/dist/runtime/audit.js CHANGED Viewed

@@ -2,6 +2,10 @@
 /**
  * Audit Logging System for MCP-I Runtime
  *
+ * TODO: Update AuditLogger to implement IAuditLogger from @kya-os/mcp-i-core/runtime/audit-logger.
+ * Currently using Node.js-specific implementation. This will allow the interface to be used
+ * across all platform implementations while maintaining platform-specific crypto implementations.
+ *
  * Handles audit record generation and logging with frozen format
  * according to requirements 5.4, 5.5, and 6.7 (configurable retention).
  *
@@ -47,6 +51,7 @@ exports.logKeyRotationAudit = logKeyRotationAudit;
 exports.parseAuditLine = parseAuditLine;
 exports.validateAuditRecord = validateAuditRecord;
 const time_1 = require("./utils/time");
+const crypto_1 = require("crypto");
 /**
  * Audit logger class with event-driven rotation support
  *
@@ -133,6 +138,63 @@ class AuditLogger {
         // Check if rotation is needed (event-driven)
         await this.checkRotation();
     }
+    /**
+     * Log an event using the frozen audit format WITHOUT session deduplication.
+     *
+     * Unlike logAuditRecord(), this method ALWAYS logs the event, regardless
+     * of whether an event has already been logged for this session. This is
+     * necessary for consent events where multiple events occur in the same session.
+     *
+     * The event still uses the frozen audit.v1 format for consistency, but
+     * bypasses the "once per session" constraint.
+     *
+     * @param context - Event context including eventType, identity, session, and eventData
+     */
+    async logEvent(context) {
+        if (this.destroyed) {
+            throw new Error("AuditLogger has been destroyed");
+        }
+        if (!this.config.enabled) {
+            return;
+        }
+        // Generate event hash
+        const eventHash = this.hashEvent(context.eventType, context.eventData);
+        // Create audit record (same format as regular audit logs)
+        const auditRecord = {
+            version: "audit.v1",
+            ts: Math.floor(Date.now() / 1000),
+            session: context.session.sessionId,
+            audience: context.session.audience,
+            did: context.identity.did,
+            kid: context.identity.kid,
+            reqHash: `sha256:${eventHash}`,
+            resHash: `sha256:${eventHash}`, // Same hash for events
+            verified: "yes",
+            scope: context.eventType, // Use eventType as scope
+        };
+        // Format and log (NO session deduplication check)
+        const auditLine = this.formatAuditLine(auditRecord);
+        // Track size and count
+        const sizeBytes = Buffer.byteLength(auditLine, "utf8");
+        this.currentLogSize += sizeBytes;
+        this.totalRecordsLogged++;
+        // Emit audit record
+        this.config.logFunction(auditLine);
+        // Check rotation
+        await this.checkRotation();
+    }
+    /**
+     * Generate deterministic hash for event
+     */
+    hashEvent(type, data) {
+        const content = JSON.stringify({
+            type,
+            data,
+            ts: Date.now(),
+            nonce: (0, crypto_1.randomBytes)(16).toString("hex"),
+        });
+        return (0, crypto_1.createHash)("sha256").update(content).digest("hex");
+    }
     /**
      * Format audit record as frozen audit line
      * Format: audit.v1 ts=<unix> session=<id> audience=<host> did=<did> kid=<kid> reqHash=<sha256:..> resHash=<sha256:..> verified=yes|no scope=<scopeId|->