@kya-os/mcp-i 1.6.13 → 1.6.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli-adapter/index.js +23 -4
- package/dist/runtime/adapter-express.js +3 -3
- package/dist/runtime/adapter-nextjs.js +3 -3
- package/dist/runtime/auth-handshake.d.ts +5 -5
- package/dist/runtime/auth-handshake.js +31 -31
- package/dist/runtime/delegation-hooks.d.ts +1 -1
- package/dist/runtime/delegation-hooks.js +36 -8
- package/dist/runtime/delegation-verifier-agentshield.js +8 -6
- package/dist/runtime/delegation-verifier-kv.d.ts +2 -2
- package/dist/runtime/delegation-verifier-kv.js +24 -18
- package/dist/runtime/delegation-verifier-memory.d.ts +2 -2
- package/dist/runtime/delegation-verifier-memory.js +11 -7
- package/dist/runtime/http.js +3 -3
- package/dist/runtime/mcpi-runtime-wrapper.js +1 -1
- package/dist/runtime/migrate-identity.js +6 -6
- package/dist/runtime/proof-batch-queue.d.ts +1 -1
- package/dist/runtime/proof-batch-queue.js +24 -21
- package/dist/runtime/stdio.js +3 -3
- package/dist/runtime/transports/http/stateless-streamable-http.js +9 -9
- package/dist/storage/encryption.js +3 -2
- package/package.json +3 -3
|
@@ -83,7 +83,7 @@ class MCPINodeRuntimeWrapper extends mcp_i_core_1.MCPIRuntimeBase {
|
|
|
83
83
|
fetchProvider: coreConfig.fetchProvider,
|
|
84
84
|
logger: (msg, data) => {
|
|
85
85
|
if (coreConfig.environment === "development") {
|
|
86
|
-
console.
|
|
86
|
+
console.error(`[AccessControl] ${msg}`, data);
|
|
87
87
|
}
|
|
88
88
|
},
|
|
89
89
|
});
|
|
@@ -22,7 +22,7 @@ async function migrateIdentityFile(identityPath) {
|
|
|
22
22
|
const identity = JSON.parse(content);
|
|
23
23
|
// Check if already migrated (has kid field)
|
|
24
24
|
if (identity.kid) {
|
|
25
|
-
console.
|
|
25
|
+
console.error("Identity file already migrated to kid format");
|
|
26
26
|
return false;
|
|
27
27
|
}
|
|
28
28
|
// Check if has old format keyId
|
|
@@ -30,7 +30,7 @@ async function migrateIdentityFile(identityPath) {
|
|
|
30
30
|
throw new Error("Identity file has neither kid nor keyId field");
|
|
31
31
|
}
|
|
32
32
|
// Check if it's the old format (key-[hex])
|
|
33
|
-
if (identity.keyId.startsWith(
|
|
33
|
+
if (identity.keyId.startsWith("key-")) {
|
|
34
34
|
// Generate multibase kid from public key
|
|
35
35
|
const kid = generateMultibaseKid(identity.publicKey);
|
|
36
36
|
// Create migrated identity
|
|
@@ -47,9 +47,9 @@ async function migrateIdentityFile(identityPath) {
|
|
|
47
47
|
await (0, promises_1.writeFile)(identityPath, JSON.stringify(migratedIdentity, null, 2), {
|
|
48
48
|
mode: 0o600,
|
|
49
49
|
});
|
|
50
|
-
console.
|
|
51
|
-
console.
|
|
52
|
-
console.
|
|
50
|
+
console.error(`✅ Migrated identity file to new multibase kid format`);
|
|
51
|
+
console.error(` Old keyId: ${identity.keyId}`);
|
|
52
|
+
console.error(` New kid: ${kid}`);
|
|
53
53
|
return true;
|
|
54
54
|
}
|
|
55
55
|
// Already in multibase format, just rename field
|
|
@@ -65,7 +65,7 @@ async function migrateIdentityFile(identityPath) {
|
|
|
65
65
|
await (0, promises_1.writeFile)(identityPath, JSON.stringify(renamedIdentity, null, 2), {
|
|
66
66
|
mode: 0o600,
|
|
67
67
|
});
|
|
68
|
-
console.
|
|
68
|
+
console.error(`✅ Renamed keyId field to kid`);
|
|
69
69
|
return true;
|
|
70
70
|
}
|
|
71
71
|
/**
|
|
@@ -24,22 +24,22 @@ exports.createProofBatchQueue = createProofBatchQueue;
|
|
|
24
24
|
* KTA proof submission destination
|
|
25
25
|
*/
|
|
26
26
|
class KTAProofDestination {
|
|
27
|
-
name =
|
|
27
|
+
name = "KTA";
|
|
28
28
|
apiUrl;
|
|
29
29
|
apiKey;
|
|
30
30
|
constructor(apiUrl, apiKey) {
|
|
31
|
-
this.apiUrl = apiUrl.replace(/\/$/,
|
|
31
|
+
this.apiUrl = apiUrl.replace(/\/$/, "");
|
|
32
32
|
this.apiKey = apiKey;
|
|
33
33
|
}
|
|
34
34
|
async submit(proofs) {
|
|
35
35
|
const headers = {
|
|
36
|
-
|
|
36
|
+
"Content-Type": "application/json",
|
|
37
37
|
};
|
|
38
38
|
if (this.apiKey) {
|
|
39
|
-
headers[
|
|
39
|
+
headers["X-API-Key"] = this.apiKey;
|
|
40
40
|
}
|
|
41
41
|
const response = await fetch(`${this.apiUrl}/api/v1/proofs/batch`, {
|
|
42
|
-
method:
|
|
42
|
+
method: "POST",
|
|
43
43
|
headers,
|
|
44
44
|
body: JSON.stringify({ proofs }),
|
|
45
45
|
});
|
|
@@ -56,11 +56,11 @@ exports.KTAProofDestination = KTAProofDestination;
|
|
|
56
56
|
* with proper authentication and session grouping.
|
|
57
57
|
*/
|
|
58
58
|
class AgentShieldProofDestination {
|
|
59
|
-
name =
|
|
59
|
+
name = "AgentShield";
|
|
60
60
|
apiUrl;
|
|
61
61
|
apiKey;
|
|
62
62
|
constructor(apiUrl, apiKey) {
|
|
63
|
-
this.apiUrl = apiUrl.replace(/\/$/,
|
|
63
|
+
this.apiUrl = apiUrl.replace(/\/$/, "");
|
|
64
64
|
this.apiKey = apiKey;
|
|
65
65
|
}
|
|
66
66
|
async submit(proofs) {
|
|
@@ -69,24 +69,26 @@ class AgentShieldProofDestination {
|
|
|
69
69
|
}
|
|
70
70
|
// Extract session_id from first proof for AgentShield session grouping
|
|
71
71
|
// AgentShield uses this for analytics and detection monitoring
|
|
72
|
-
const sessionId = proofs[0]?.meta?.sessionId ||
|
|
72
|
+
const sessionId = proofs[0]?.meta?.sessionId || "unknown";
|
|
73
73
|
// AgentShield API format requires delegation_id and session_id wrapper
|
|
74
74
|
const requestBody = {
|
|
75
75
|
delegation_id: null, // null for proofs without delegation context
|
|
76
76
|
session_id: sessionId, // AgentShield session grouping (same as meta.sessionId)
|
|
77
|
-
proofs: proofs
|
|
77
|
+
proofs: proofs,
|
|
78
78
|
};
|
|
79
79
|
const response = await fetch(`${this.apiUrl}/api/v1/bouncer/proofs`, {
|
|
80
|
-
method:
|
|
80
|
+
method: "POST",
|
|
81
81
|
headers: {
|
|
82
|
-
|
|
83
|
-
|
|
82
|
+
"Content-Type": "application/json",
|
|
83
|
+
Authorization: `Bearer ${this.apiKey}`, // Bearer token format
|
|
84
84
|
},
|
|
85
85
|
body: JSON.stringify(requestBody),
|
|
86
86
|
});
|
|
87
87
|
if (!response.ok) {
|
|
88
88
|
// Include response body in error for debugging
|
|
89
|
-
const errorBody = await response
|
|
89
|
+
const errorBody = await response
|
|
90
|
+
.text()
|
|
91
|
+
.catch(() => "Unable to read error body");
|
|
90
92
|
throw new Error(`AgentShield proof submission failed: ${response.status} ${response.statusText}\n${errorBody}`);
|
|
91
93
|
}
|
|
92
94
|
}
|
|
@@ -129,13 +131,13 @@ class ProofBatchQueue {
|
|
|
129
131
|
*/
|
|
130
132
|
enqueue(proof) {
|
|
131
133
|
if (this.closed) {
|
|
132
|
-
console.warn(
|
|
134
|
+
console.warn("[ProofBatchQueue] Queue is closed, dropping proof");
|
|
133
135
|
return;
|
|
134
136
|
}
|
|
135
137
|
this.queue.push(proof);
|
|
136
138
|
this.stats.queued++;
|
|
137
139
|
if (this.config.debug) {
|
|
138
|
-
console.
|
|
140
|
+
console.error(`[ProofBatchQueue] Enqueued proof (queue size: ${this.queue.length})`);
|
|
139
141
|
}
|
|
140
142
|
// Flush immediately if batch size reached
|
|
141
143
|
if (this.queue.length >= this.config.maxBatchSize) {
|
|
@@ -151,7 +153,7 @@ class ProofBatchQueue {
|
|
|
151
153
|
}
|
|
152
154
|
const proofs = this.queue.splice(0, this.config.maxBatchSize);
|
|
153
155
|
if (this.config.debug) {
|
|
154
|
-
console.
|
|
156
|
+
console.error(`[ProofBatchQueue] Flushing ${proofs.length} proofs to ${this.config.destinations.length} destinations`);
|
|
155
157
|
}
|
|
156
158
|
// Submit to each destination (fire-and-forget)
|
|
157
159
|
for (const destination of this.config.destinations) {
|
|
@@ -172,7 +174,7 @@ class ProofBatchQueue {
|
|
|
172
174
|
this.stats.submitted += batch.proofs.length;
|
|
173
175
|
this.stats.batchesSubmitted++;
|
|
174
176
|
if (this.config.debug) {
|
|
175
|
-
console.
|
|
177
|
+
console.error(`[ProofBatchQueue] Successfully submitted ${batch.proofs.length} proofs to ${batch.destination.name}`);
|
|
176
178
|
}
|
|
177
179
|
}
|
|
178
180
|
catch (error) {
|
|
@@ -184,7 +186,7 @@ class ProofBatchQueue {
|
|
|
184
186
|
batch.nextRetryAt = Date.now() + backoffMs;
|
|
185
187
|
this.pendingBatches.push(batch);
|
|
186
188
|
if (this.config.debug) {
|
|
187
|
-
console.
|
|
189
|
+
console.error(`[ProofBatchQueue] Scheduling retry ${batch.retryCount}/${this.config.maxRetries} in ${backoffMs}ms`);
|
|
188
190
|
}
|
|
189
191
|
}
|
|
190
192
|
else {
|
|
@@ -204,7 +206,7 @@ class ProofBatchQueue {
|
|
|
204
206
|
}
|
|
205
207
|
}, this.config.flushIntervalMs);
|
|
206
208
|
// Prevent timer from keeping process alive
|
|
207
|
-
if (typeof this.flushTimer.unref ===
|
|
209
|
+
if (typeof this.flushTimer.unref === "function") {
|
|
208
210
|
this.flushTimer.unref();
|
|
209
211
|
}
|
|
210
212
|
}
|
|
@@ -226,7 +228,7 @@ class ProofBatchQueue {
|
|
|
226
228
|
}
|
|
227
229
|
}, 1000);
|
|
228
230
|
// Prevent timer from keeping process alive
|
|
229
|
-
if (typeof this.retryTimer.unref ===
|
|
231
|
+
if (typeof this.retryTimer.unref === "function") {
|
|
230
232
|
this.retryTimer.unref();
|
|
231
233
|
}
|
|
232
234
|
}
|
|
@@ -247,7 +249,8 @@ class ProofBatchQueue {
|
|
|
247
249
|
// Wait for pending retries (with timeout)
|
|
248
250
|
const maxWaitMs = 30000; // 30 seconds
|
|
249
251
|
const startTime = Date.now();
|
|
250
|
-
while (this.pendingBatches.length > 0 &&
|
|
252
|
+
while (this.pendingBatches.length > 0 &&
|
|
253
|
+
Date.now() - startTime < maxWaitMs) {
|
|
251
254
|
await new Promise((resolve) => setTimeout(resolve, 100));
|
|
252
255
|
}
|
|
253
256
|
if (this.pendingBatches.length > 0) {
|