@kya-os/mcp-i 1.6.14 → 1.6.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/dist/cli-adapter/index.js +23 -4
  2. package/dist/runtime/adapter-express.js +3 -3
  3. package/dist/runtime/adapter-nextjs.js +3 -3
  4. package/dist/runtime/auth-handshake.d.ts +5 -5
  5. package/dist/runtime/auth-handshake.js +31 -31
  6. package/dist/runtime/delegation-hooks.d.ts +1 -1
  7. package/dist/runtime/delegation-hooks.js +36 -8
  8. package/dist/runtime/delegation-verifier-agentshield.js +8 -6
  9. package/dist/runtime/delegation-verifier-kv.d.ts +2 -2
  10. package/dist/runtime/delegation-verifier-kv.js +24 -18
  11. package/dist/runtime/delegation-verifier-memory.d.ts +2 -2
  12. package/dist/runtime/delegation-verifier-memory.js +11 -7
  13. package/dist/runtime/http.js +3 -3
  14. package/dist/runtime/mcpi-runtime-wrapper.js +1 -1
  15. package/dist/runtime/migrate-identity.js +6 -6
  16. package/dist/runtime/proof-batch-queue.d.ts +1 -1
  17. package/dist/runtime/proof-batch-queue.js +24 -21
  18. package/dist/runtime/session.d.ts +1 -0
  19. package/dist/runtime/session.js +9 -3
  20. package/dist/runtime/stdio.js +3 -3
  21. package/dist/runtime/transports/http/stateless-streamable-http.js +16 -9
  22. package/dist/storage/encryption.js +3 -2
  23. package/dist/test/deterministic-keys.d.ts +1 -0
  24. package/dist/test/deterministic-keys.js +9 -4
  25. package/package.json +3 -3
package/dist/runtime/transports/http/stateless-streamable-http.js CHANGED
@@ -56,7 +56,7 @@ class StatelessHttpServerTransport extends base_streamable_http_1.BaseHttpServer
56
56
  if (requestId === undefined || requestId === null) {
57
57
  // In stateless mode, we can't handle notifications without request IDs
58
58
  if (this.debug) {
59
- console.log("[StatelessHTTP] Dropping notification without request ID");
59
+ console.error("[StatelessHTTP] Dropping notification without request ID");
60
60
  }
61
61
  return;
62
62
  }
@@ -74,6 +74,13 @@ class StatelessHttpServerTransport extends base_streamable_http_1.BaseHttpServer
74
74
  const responseBody = collector.responses.length === 1
75
75
  ? collector.responses[0]
76
76
  : collector.responses;
77
+ // Extract session ID from response for Mcp-Session-Id header (MCP protocol spec)
78
+ const firstResponse = collector.responses[0];
79
+ const sessionId = firstResponse?.result?.proof?.meta?.sessionId ||
80
+ firstResponse?.result?.sessionId;
81
+ if (sessionId) {
82
+ headers["Mcp-Session-Id"] = sessionId;
83
+ }
77
84
  collector.res
78
85
  .writeHead(200, headers)
79
86
  .end(JSON.stringify(responseBody));
@@ -228,7 +235,7 @@ class StatelessStreamableHTTPTransport {
228
235
  }
229
236
  log(message, ...args) {
230
237
  if (this.debug) {
231
- console.log(`[StatelessHTTP] ${message}`, ...args);
238
+ console.error(`[StatelessHTTP] ${message}`, ...args);
232
239
  }
233
240
  }
234
241
  setupMiddleware(bodySizeLimit) {
@@ -306,14 +313,14 @@ class StatelessStreamableHTTPTransport {
306
313
  start() {
307
314
  const host = this.options.host || "127.0.0.1";
308
315
  this.server.listen(this.port, host, () => {
309
- console.log(`${cli_icons_1.greenCheck} MCP Server running on http://${host}:${this.port}${this.endpoint}`);
316
+ console.error(`${cli_icons_1.greenCheck} MCP Server running on http://${host}:${this.port}${this.endpoint}`);
310
317
  if (this.oauthProxy && this.debug) {
311
- console.log(`🔐 OAuth endpoints available:`);
312
- console.log(` Discovery: http://${host}:${this.port}/.well-known/oauth-authorization-server`);
313
- console.log(` Authorize: http://${host}:${this.port}/oauth2/authorize`);
314
- console.log(` Token: http://${host}:${this.port}/oauth2/token`);
315
- console.log(` Revoke: http://${host}:${this.port}/oauth2/revoke`);
316
- console.log(` Introspect: http://${host}:${this.port}/oauth2/introspect`);
318
+ console.error(`🔐 OAuth endpoints available:`);
319
+ console.error(` Discovery: http://${host}:${this.port}/.well-known/oauth-authorization-server`);
320
+ console.error(` Authorize: http://${host}:${this.port}/oauth2/authorize`);
321
+ console.error(` Token: http://${host}:${this.port}/oauth2/token`);
322
+ console.error(` Revoke: http://${host}:${this.port}/oauth2/revoke`);
323
+ console.error(` Introspect: http://${host}:${this.port}/oauth2/introspect`);
317
324
  }
318
325
  this.setupShutdownHandlers();
319
326
  });
package/dist/storage/encryption.js CHANGED
@@ -92,7 +92,7 @@ class AudienceKeyEncryption {
92
92
  */
93
93
  static async importPrivateKey(privateKey) {
94
94
  const keyBytes = Buffer.from(privateKey, "base64");
95
- return await crypto_1.webcrypto.subtle.importKey("raw", keyBytes, {
95
+ return await crypto_1.webcrypto.subtle.importKey("pkcs8", keyBytes, {
96
96
  name: "X25519",
97
97
  }, false, ["deriveKey"]);
98
98
  }
@@ -107,7 +107,8 @@ class AudienceKeyEncryption {
107
107
  * Export private key to base64 string
108
108
  */
109
109
  static async exportPrivateKey(privateKey) {
110
- const keyBytes = await crypto_1.webcrypto.subtle.exportKey("raw", privateKey);
110
+ // X25519 private keys must be exported in PKCS8 format, not raw
111
+ const keyBytes = await crypto_1.webcrypto.subtle.exportKey("pkcs8", privateKey);
111
112
  return Buffer.from(keyBytes).toString("base64");
112
113
  }
113
114
  }
package/dist/test/deterministic-keys.d.ts CHANGED
@@ -27,5 +27,6 @@ export declare function getPredefinedTestIdentities(): Record<string, MockIdenti
27
27
  export declare function generateTestNonce(seed?: string): string;
28
28
  /**
29
29
  * Generate session ID for testing (deterministic if seed provided)
30
+ * Uses mcpi_test_ prefix to match production format while being identifiable as test sessions
30
31
  */
31
32
  export declare function generateTestSessionId(seed?: string): string;
package/dist/test/deterministic-keys.js CHANGED
@@ -93,16 +93,21 @@ function generateTestNonce(seed) {
93
93
  }
94
94
  /**
95
95
  * Generate session ID for testing (deterministic if seed provided)
96
+ * Uses mcpi_test_ prefix to match production format while being identifiable as test sessions
96
97
  */
97
98
  function generateTestSessionId(seed) {
98
99
  (0, test_environment_1.ensureTestMode)();
99
100
  if (seed) {
100
- // Deterministic session ID for reproducible tests
101
- return `sess_test_${(0, crypto_1.createHash)("sha256")
101
+ // Deterministic session ID for reproducible tests (uses mcpi_test_ prefix)
102
+ const hash = (0, crypto_1.createHash)("sha256")
102
103
  .update(`session-${seed}-${(0, test_environment_1.getCurrentTestSeed)()}`)
103
104
  .digest("hex")
104
- .substring(0, 16)}`;
105
+ .substring(0, 32);
106
+ // Format as UUID-like structure for consistency with production format
107
+ return `mcpi_test_${hash.slice(0, 8)}-${hash.slice(8, 12)}-${hash.slice(12, 16)}-${hash.slice(16, 20)}-${hash.slice(20, 32)}`;
105
108
  }
106
109
  // Random session ID for general testing
107
- return `sess_test_${(0, crypto_1.randomBytes)(8).toString("hex")}`;
110
+ const bytes = (0, crypto_1.randomBytes)(16);
111
+ const hex = bytes.toString("hex");
112
+ return `mcpi_test_${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20, 32)}`;
108
113
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@kya-os/mcp-i",
3
- "version": "1.6.14",
3
+ "version": "1.6.16",
4
4
  "description": "The TypeScript MCP framework with identity features built-in",
5
5
  "type": "commonjs",
6
6
  "main": "dist/index.js",
@@ -63,8 +63,8 @@
63
63
  "model-context-protocol"
64
64
  ],
65
65
  "dependencies": {
66
- "@kya-os/contracts": "^1.6.17",
67
- "@kya-os/mcp-i-core": "^1.3.24",
66
+ "@kya-os/contracts": "^1.6.19",
67
+ "@kya-os/mcp-i-core": "^1.3.27",
68
68
  "@modelcontextprotocol/sdk": "^1.11.4",
69
69
  "@swc/core": "^1.11.24",
70
70
  "@types/express": "^5.0.1",