@kya-os/mcp-i 1.6.1-canary.clientinfo.20251125183419 → 1.6.2-canary.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. package/dist/295.js +1 -1
  2. package/dist/cli-adapter/index.d.ts +0 -2
  3. package/dist/cli-adapter/index.js +5 -9
  4. package/dist/cli-adapter/kta-registration.d.ts +0 -9
  5. package/dist/cli-adapter/kta-registration.js +0 -75
  6. package/dist/compiler/get-webpack-config/index.js +2 -11
  7. package/dist/index.js.LICENSE.txt +6 -0
  8. package/dist/runtime/adapter-express.js +1 -1
  9. package/dist/runtime/adapter-nextjs.js +1 -1
  10. package/dist/runtime/audit.d.ts +0 -4
  11. package/dist/runtime/audit.js +2 -6
  12. package/dist/runtime/http.js +1 -1
  13. package/dist/runtime/identity.d.ts +0 -12
  14. package/dist/runtime/identity.js +1 -15
  15. package/dist/runtime/mcpi-runtime-wrapper.d.ts +3 -2
  16. package/dist/runtime/mcpi-runtime-wrapper.js +17 -20
  17. package/dist/runtime/mcpi-runtime.js +1 -7
  18. package/dist/runtime/session.d.ts +0 -13
  19. package/dist/runtime/session.js +0 -43
  20. package/dist/runtime/stdio.js +1 -1
  21. package/dist/runtime/utils/tools.js +23 -196
  22. package/dist/test/examples/test-usage-example.d.ts +2 -2
  23. package/package.json +20 -19
package/dist/runtime/utils/tools.js CHANGED
@@ -9,12 +9,12 @@ const auth_handshake_1 = require("../auth-handshake");
9
9
  const session_1 = require("../session");
10
10
  const request_context_1 = require("../request-context");
11
11
  const proof_batch_queue_1 = require("../proof-batch-queue");
12
+ // Parse runtime config path from injected variable
13
+ // @ts-expect-error: injected by compiler
12
14
  const rawRuntimeConfigPath = typeof RUNTIME_CONFIG_PATH !== "undefined" ? RUNTIME_CONFIG_PATH : undefined;
13
15
  // Single-parse to match single-stringify from webpack DefinePlugin
14
16
  const runtimeConfigPath = rawRuntimeConfigPath
15
- ? typeof rawRuntimeConfigPath === "string"
16
- ? JSON.parse(rawRuntimeConfigPath)
17
- : rawRuntimeConfigPath
17
+ ? (typeof rawRuntimeConfigPath === 'string' ? JSON.parse(rawRuntimeConfigPath) : rawRuntimeConfigPath)
18
18
  : null;
19
19
  /** Validates if a value is a valid Zod schema object */
20
20
  function isZodRawShape(value) {
@@ -68,8 +68,7 @@ async function initializeProofBatchQueue(debug) {
68
68
  return null;
69
69
  }
70
70
  const proofingConfig = runtimeConfig.proofing;
71
- if (!proofingConfig.batchQueue?.destinations ||
72
- proofingConfig.batchQueue.destinations.length === 0) {
71
+ if (!proofingConfig.batchQueue?.destinations || proofingConfig.batchQueue.destinations.length === 0) {
73
72
  if (debug) {
74
73
  console.error("[MCPI] No proof destinations configured");
75
74
  }
@@ -114,15 +113,14 @@ async function initializeProofBatchQueue(debug) {
114
113
  return null;
115
114
  }
116
115
  }
117
- if (typeof global !== "undefined") {
118
- global.__MCPI_HANDLERS_REGISTERED__ =
119
- global.__MCPI_HANDLERS_REGISTERED__ || false;
116
+ if (typeof global !== 'undefined') {
117
+ global.__MCPI_HANDLERS_REGISTERED__ = global.__MCPI_HANDLERS_REGISTERED__ || false;
120
118
  }
121
119
  /** Loads tools and injects them into the server */
122
120
  async function addToolsToServer(server, toolModules, identityConfig) {
123
121
  // Guard against double registration using global scope
124
122
  // Set this IMMEDIATELY to prevent race conditions
125
- if (typeof global !== "undefined") {
123
+ if (typeof global !== 'undefined') {
126
124
  if (global.__MCPI_HANDLERS_REGISTERED__) {
127
125
  if (identityConfig?.debug) {
128
126
  console.error("[MCPI] Handlers already registered, skipping duplicate registration");
@@ -151,7 +149,7 @@ async function addToolsToServer(server, toolModules, identityConfig) {
151
149
  const identity = await identityManager.ensureIdentity();
152
150
  if (identityConfig.debug) {
153
151
  console.error(`[MCPI] Identity enabled - DID: ${identity.did}`);
154
- console.error(`[MCPI] Identity path: ${identityConfig.devIdentityPath || ".mcpi/identity.json"}`);
152
+ console.error(`[MCPI] Identity path: ${identityConfig.devIdentityPath || '.mcpi/identity.json'}`);
155
153
  }
156
154
  }
157
155
  catch (error) {
@@ -159,8 +157,6 @@ async function addToolsToServer(server, toolModules, identityConfig) {
159
157
  console.error("[MCPI] Failed to initialize identity:", error);
160
158
  }
161
159
  // Continue without identity if initialization fails
162
- // Set identityManager to null to prevent later unhandled calls to ensureIdentity()
163
- identityManager = null;
164
160
  }
165
161
  }
166
162
  // Initialize ProofBatchQueue for proof submission (if runtime config exists)
@@ -210,180 +206,12 @@ async function addToolsToServer(server, toolModules, identityConfig) {
210
206
  });
211
207
  // Debug: log server state before registering handler
212
208
  if (identityConfig?.debug) {
213
- console.error("[MCPI] About to register handlers (tools/list, tools/call, handshake)");
209
+ console.error("[MCPI] About to register handlers (tools/list, tools/call)");
214
210
  }
215
- // Set server DID on session manager after identity is loaded
216
- if (identityManager) {
217
- try {
218
- const identity = await identityManager.ensureIdentity();
219
- sessionManager.setServerDid(identity.did);
220
- }
221
- catch (error) {
222
- // If identity initialization failed earlier, ensureIdentity() may throw again
223
- // Log but don't crash - server can operate without identity
224
- if (identityConfig?.debug) {
225
- console.error("[MCPI] Failed to set server DID on session manager:", error);
226
- }
227
- // Set to null to prevent future attempts
228
- identityManager = null;
229
- }
230
- }
231
- // Add internal handshake tool for MCP-I session establishment
232
- // This allows MCP clients to perform a handshake and receive a sessionId
233
- const handshakeTool = {
234
- name: "_mcpi_handshake",
235
- description: "Internal MCP-I handshake tool for session establishment. Clients should call this before protected tools.",
236
- inputSchema: {
237
- type: "object",
238
- properties: {
239
- nonce: {
240
- type: "string",
241
- description: "Unique nonce for replay prevention",
242
- },
243
- audience: {
244
- type: "string",
245
- description: "Target audience (server DID or URL)",
246
- },
247
- timestamp: { type: "number", description: "Unix timestamp in seconds" },
248
- agentDid: {
249
- type: "string",
250
- description: "Agent DID for delegation verification (optional)",
251
- },
252
- clientInfo: {
253
- type: "object",
254
- description: "MCP client metadata (optional)",
255
- properties: {
256
- name: { type: "string" },
257
- version: { type: "string" },
258
- platform: { type: "string" },
259
- vendor: { type: "string" },
260
- },
261
- },
262
- clientProtocolVersion: {
263
- type: "string",
264
- description: "MCP protocol version (optional)",
265
- },
266
- clientCapabilities: {
267
- type: "object",
268
- description: "MCP client capabilities (optional)",
269
- additionalProperties: true,
270
- },
271
- },
272
- required: ["nonce", "audience", "timestamp"],
273
- },
274
- };
275
- tools.push(handshakeTool);
276
- // Handshake tool handler
277
- toolHandlers.set("_mcpi_handshake", async (args) => {
278
- // Validate required fields explicitly before conversion
279
- const missingFields = [];
280
- if (!args.nonce ||
281
- (typeof args.nonce === "string" && args.nonce.trim().length === 0)) {
282
- missingFields.push("nonce");
283
- }
284
- if (!args.audience ||
285
- (typeof args.audience === "string" && args.audience.trim().length === 0)) {
286
- missingFields.push("audience");
287
- }
288
- // Validate timestamp is present and valid
289
- if (args.timestamp === undefined ||
290
- args.timestamp === null ||
291
- typeof args.timestamp !== "number" ||
292
- args.timestamp <= 0 ||
293
- !Number.isInteger(args.timestamp)) {
294
- if (args.timestamp === undefined || args.timestamp === null) {
295
- missingFields.push("timestamp");
296
- }
297
- else {
298
- // Invalid format (not a positive integer)
299
- return {
300
- success: false,
301
- error: {
302
- code: "XMCP_I_EHANDSHAKE",
303
- message: "Invalid timestamp: must be a positive integer (Unix timestamp in seconds)",
304
- details: {
305
- received: typeof args.timestamp,
306
- value: args.timestamp,
307
- },
308
- },
309
- };
310
- }
311
- }
312
- if (missingFields.length > 0) {
313
- return {
314
- success: false,
315
- error: {
316
- code: "XMCP_I_EHANDSHAKE",
317
- message: `Missing required field(s): ${missingFields.join(", ")}`,
318
- details: {
319
- missingFields,
320
- requiredFields: ["nonce", "audience", "timestamp"],
321
- },
322
- },
323
- };
324
- }
325
- // At this point, timestamp is guaranteed to be a valid positive integer
326
- const timestamp = args.timestamp;
327
- // Build handshake request from validated tool arguments
328
- const handshakeRequest = {
329
- nonce: String(args.nonce).trim(),
330
- audience: String(args.audience).trim(),
331
- timestamp,
332
- agentDid: typeof args.agentDid === "string" && args.agentDid.trim().length > 0
333
- ? args.agentDid.trim()
334
- : undefined,
335
- clientInfo: typeof args.clientInfo === "object" && args.clientInfo !== null
336
- ? args.clientInfo
337
- : undefined,
338
- clientProtocolVersion: typeof args.clientProtocolVersion === "string" &&
339
- args.clientProtocolVersion.trim().length > 0
340
- ? args.clientProtocolVersion.trim()
341
- : undefined,
342
- clientCapabilities: typeof args.clientCapabilities === "object" &&
343
- args.clientCapabilities !== null
344
- ? args.clientCapabilities
345
- : undefined,
346
- };
347
- // Double-check format (should always pass at this point, but defensive)
348
- if (!(0, session_1.validateHandshakeFormat)(handshakeRequest)) {
349
- return {
350
- success: false,
351
- error: {
352
- code: "XMCP_I_EHANDSHAKE",
353
- message: "Invalid handshake request format. Required: nonce, audience, timestamp",
354
- },
355
- };
356
- }
357
- // Validate handshake and create session
358
- const result = await sessionManager.validateHandshake(handshakeRequest);
359
- // Log clientInfo in development mode
360
- if (identityConfig?.debug &&
361
- result.success &&
362
- result.session?.clientInfo) {
363
- console.error("[MCPI] Client connected:", {
364
- name: result.session.clientInfo.name,
365
- version: result.session.clientInfo.version,
366
- platform: result.session.clientInfo.platform,
367
- vendor: result.session.clientInfo.vendor,
368
- clientId: result.session.clientInfo.clientId,
369
- });
370
- }
371
- if (result.success && result.session) {
372
- return {
373
- success: true,
374
- sessionId: result.session.sessionId,
375
- serverDid: result.session.serverDid,
376
- ttlMinutes: result.session.ttlMinutes,
377
- ...(result.session.clientInfo && {
378
- clientInfo: result.session.clientInfo,
379
- }),
380
- };
381
- }
382
- return {
383
- success: false,
384
- error: result.error,
385
- };
386
- });
211
+ // NOTE: Custom handshake handler removed - it was causing registration errors
212
+ // Handshake/session management should be handled via HTTP headers or custom tools
213
+ // The setRequestHandler expects a Zod schema, not a request object
214
+ // TODO: Implement handshake as a custom tool if needed
387
215
  // Register tools/list handler
388
216
  server.setRequestHandler(types_js_1.ListToolsRequestSchema, async (request) => {
389
217
  return {
@@ -469,7 +297,7 @@ async function addToolsToServer(server, toolModules, identityConfig) {
469
297
  ` "agentDid": "did:key:z6Mk...",\n` +
470
298
  ` "nonce": "unique-value",\n` +
471
299
  ` "audience": "server-did",\n` +
472
- ` "timestamp": ${Math.floor(Date.now() / 1000)}\n` +
300
+ ` "timestamp": ${Date.now()}\n` +
473
301
  ` }\n\n` +
474
302
  `2. **Handshake missing agentDid**: Ensure the handshake request includes the 'agentDid' field.\n\n` +
475
303
  `3. **Session expired**: The session may have expired. Try performing a new handshake.\n\n` +
@@ -481,7 +309,7 @@ async function addToolsToServer(server, toolModules, identityConfig) {
481
309
  };
482
310
  }
483
311
  if (identityConfig?.debug) {
484
- console.error(`[MCPI] Tool "${name}" requires delegation - verifying scopes: ${toolProtection.requiredScopes?.join(", ")}`);
312
+ console.error(`[MCPI] Tool "${name}" requires delegation - verifying scopes: ${toolProtection.requiredScopes?.join(', ')}`);
485
313
  }
486
314
  // Verify delegation
487
315
  const verifyResult = await (0, auth_handshake_1.verifyOrHints)(agentDid, toolProtection.requiredScopes || [], authConfig);
@@ -520,9 +348,7 @@ async function addToolsToServer(server, toolModules, identityConfig) {
520
348
  content: [
521
349
  {
522
350
  type: "text",
523
- text: typeof result === "string"
524
- ? result
525
- : JSON.stringify(result),
351
+ text: typeof result === "string" ? result : JSON.stringify(result),
526
352
  },
527
353
  ],
528
354
  };
@@ -539,9 +365,11 @@ async function addToolsToServer(server, toolModules, identityConfig) {
539
365
  const toolResponse = {
540
366
  data: result,
541
367
  };
542
- // Reuse the active session if available, otherwise synthesize one
368
+ // Create a session context for standalone tool calls
369
+ // In a full implementation, this would use proper handshake
370
+ // TODO: Use proper handshake
543
371
  const timestamp = Math.floor(Date.now() / 1000);
544
- const proofSession = session ?? {
372
+ const session = {
545
373
  sessionId: `tool-${Date.now()}`,
546
374
  nonce: `${Date.now()}`,
547
375
  audience: "client",
@@ -554,8 +382,7 @@ async function addToolsToServer(server, toolModules, identityConfig) {
554
382
  // This enables AgentShield tool auto-discovery
555
383
  let scopeId;
556
384
  const toolProtection = tool_protection_registry_1.toolProtectionRegistry.get(name);
557
- if (toolProtection?.requiredScopes &&
558
- toolProtection.requiredScopes.length > 0) {
385
+ if (toolProtection?.requiredScopes && toolProtection.requiredScopes.length > 0) {
559
386
  // Use the first required scope as the scopeId (e.g., "files:read")
560
387
  scopeId = toolProtection.requiredScopes[0];
561
388
  }
@@ -568,9 +395,9 @@ async function addToolsToServer(server, toolModules, identityConfig) {
568
395
  }
569
396
  // Generate proof using the proof generator with scopeId
570
397
  const proofGen = new proof_1.ProofGenerator(identity);
571
- const proof = await proofGen.generateProof(toolRequest, toolResponse, proofSession, {
398
+ const proof = await proofGen.generateProof(toolRequest, toolResponse, session, {
572
399
  scopeId, // Pass scopeId for tool auto-discovery
573
- clientDid: session?.clientDid,
400
+ clientDid: session?.clientDid, // Pass clientDid if available
574
401
  });
575
402
  if (identityConfig?.debug) {
576
403
  console.error(`[MCPI] Generated proof for tool "${name}" - DID: ${proof.meta.did}`);
package/dist/test/examples/test-usage-example.d.ts CHANGED
@@ -24,7 +24,6 @@ export declare function exampleProofTesting(): Promise<{
24
24
  expired: boolean;
25
25
  error?: string | undefined;
26
26
  };
27
- errors: string[];
28
27
  signature: {
29
28
  valid: boolean;
30
29
  algorithm: string;
@@ -37,6 +36,7 @@ export declare function exampleProofTesting(): Promise<{
37
36
  hashes: boolean;
38
37
  error?: string | undefined;
39
38
  };
39
+ errors: string[];
40
40
  did?: string | undefined;
41
41
  kid?: string | undefined;
42
42
  }>;
@@ -90,7 +90,6 @@ export declare function exampleCompleteTestScenario(): Promise<{
90
90
  expired: boolean;
91
91
  error?: string | undefined;
92
92
  };
93
- errors: string[];
94
93
  signature: {
95
94
  valid: boolean;
96
95
  algorithm: string;
@@ -103,6 +102,7 @@ export declare function exampleCompleteTestScenario(): Promise<{
103
102
  hashes: boolean;
104
103
  error?: string | undefined;
105
104
  };
105
+ errors: string[];
106
106
  did?: string | undefined;
107
107
  kid?: string | undefined;
108
108
  };
package/package.json CHANGED
@@ -1,45 +1,45 @@
1
1
  {
2
2
  "name": "@kya-os/mcp-i",
3
- "version": "1.6.1-canary.clientinfo.20251125183419",
3
+ "version": "1.6.2-canary.0",
4
4
  "description": "The TypeScript MCP framework with identity features built-in",
5
5
  "type": "commonjs",
6
6
  "main": "dist/index.js",
7
7
  "types": "dist/index.d.ts",
8
8
  "exports": {
9
9
  ".": {
10
- "types": "./dist/index.d.ts",
11
10
  "require": "./dist/index.js",
12
- "import": "./dist/index.js"
11
+ "import": "./dist/index.js",
12
+ "types": "./dist/index.d.ts"
13
13
  },
14
14
  "./platforms": {
15
- "types": "./dist/identity/platforms.d.ts",
16
15
  "require": "./dist/identity/platforms.js",
17
- "import": "./dist/identity/platforms.js"
16
+ "import": "./dist/identity/platforms.js",
17
+ "types": "./dist/identity/platforms.d.ts"
18
18
  },
19
19
  "./test": {
20
- "types": "./dist/test/index.d.ts",
21
20
  "require": "./dist/test/index.js",
22
- "import": "./dist/test/index.js"
21
+ "import": "./dist/test/index.js",
22
+ "types": "./dist/test/index.d.ts"
23
23
  },
24
24
  "./headers": {
25
- "types": "./dist/runtime/headers.d.ts",
26
25
  "require": "./dist/runtime/headers.js",
27
- "import": "./dist/runtime/headers.js"
26
+ "import": "./dist/runtime/headers.js",
27
+ "types": "./dist/runtime/headers.d.ts"
28
28
  },
29
29
  "./cli-internal": {
30
- "types": "./dist/cli-adapter/index.d.ts",
31
30
  "require": "./dist/cli-adapter/index.js",
32
- "import": "./dist/cli-adapter/index.js"
31
+ "import": "./dist/cli-adapter/index.js",
32
+ "types": "./dist/cli-adapter/index.d.ts"
33
33
  },
34
34
  "./config": {
35
- "types": "./dist/config.d.ts",
36
35
  "require": "./dist/config.js",
37
- "import": "./dist/config.js"
36
+ "import": "./dist/config.js",
37
+ "types": "./dist/config.d.ts"
38
38
  },
39
39
  "./runtime": {
40
- "types": "./dist/runtime/index.d.ts",
41
40
  "require": "./dist/runtime/index.js",
42
- "import": "./dist/runtime/index.js"
41
+ "import": "./dist/runtime/index.js",
42
+ "types": "./dist/runtime/index.d.ts"
43
43
  }
44
44
  },
45
45
  "files": [
@@ -63,8 +63,8 @@
63
63
  "model-context-protocol"
64
64
  ],
65
65
  "dependencies": {
66
- "@kya-os/contracts": "^1.6.0",
67
- "@kya-os/mcp-i-core": "^1.3.0",
66
+ "@kya-os/contracts": "^1.6.2-canary.0",
67
+ "@kya-os/mcp-i-core": "^1.3.7-canary.0",
68
68
  "@modelcontextprotocol/sdk": "^1.11.4",
69
69
  "@swc/core": "^1.11.24",
70
70
  "@types/express": "^5.0.1",
@@ -74,17 +74,18 @@
74
74
  "base-x": "^5.0.1",
75
75
  "chalk": "^5.2.0",
76
76
  "chokidar": "^3.6.0",
77
+ "clean-webpack-plugin": "^4.0.0",
77
78
  "commander": "^10.0.0",
78
79
  "content-type": "^1.0.5",
79
80
  "cross-env": "^7.0.3",
80
- "del": "^8.0.1",
81
+ "del": "^7.0.0",
81
82
  "dotenv": "^16.5.0",
82
83
  "esbuild": "^0.25.0",
83
84
  "execa": "^9.6.0",
84
85
  "express": "^4.18.0",
85
86
  "fork-ts-checker-webpack-plugin": "^8.0.0",
86
87
  "fs-extra": "^11.3.0",
87
- "glob": "^11.1.0",
88
+ "glob": "^11.0.2",
88
89
  "handlebars": "^4.7.7",
89
90
  "jose": "^5.2.0",
90
91
  "json-canonicalize": "^2.0.0",