@kya-os/mcp-i 1.6.2-canary.0 → 1.6.2-canary.1

package/dist/runtime/identity.d.ts

@@ -111,6 +111,18 @@ export declare class IdentityManager {
  * Default identity manager instance
  */
 export declare const defaultIdentityManager: IdentityManager;
+/**
+ * Extract agent ID from DID
+ * @deprecated Use extractAgentId from @kya-os/mcp-i-core/utils/did-helpers instead
+ * This re-export is maintained for backward compatibility
+ */
+export { extractAgentId } from '@kya-os/mcp-i-core/utils/did-helpers';
+/**
+ * Extract agent slug from DID
+ * @deprecated Use extractAgentSlug from @kya-os/mcp-i-core/utils/did-helpers instead
+ * This re-export is maintained for backward compatibility
+ */
+export { extractAgentSlug } from '@kya-os/mcp-i-core/utils/did-helpers';
 /**
  * Convenience function to ensure identity
  */

package/dist/runtime/identity.js

@@ -6,7 +6,7 @@
  * and production environments according to requirements 4.1-4.4.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.defaultIdentityManager = exports.IdentityManager = exports.IDENTITY_ERRORS = void 0;
+exports.extractAgentSlug = exports.extractAgentId = exports.defaultIdentityManager = exports.IdentityManager = exports.IDENTITY_ERRORS = void 0;
 exports.ensureIdentity = ensureIdentity;
 const promises_1 = require("fs/promises");
 const fs_1 = require("fs");
@@ -291,6 +291,20 @@ exports.IdentityManager = IdentityManager;
  * Default identity manager instance
  */
 exports.defaultIdentityManager = new IdentityManager();
+/**
+ * Extract agent ID from DID
+ * @deprecated Use extractAgentId from @kya-os/mcp-i-core/utils/did-helpers instead
+ * This re-export is maintained for backward compatibility
+ */
+var did_helpers_1 = require("@kya-os/mcp-i-core/utils/did-helpers");
+Object.defineProperty(exports, "extractAgentId", { enumerable: true, get: function () { return did_helpers_1.extractAgentId; } });
+/**
+ * Extract agent slug from DID
+ * @deprecated Use extractAgentSlug from @kya-os/mcp-i-core/utils/did-helpers instead
+ * This re-export is maintained for backward compatibility
+ */
+var did_helpers_2 = require("@kya-os/mcp-i-core/utils/did-helpers");
+Object.defineProperty(exports, "extractAgentSlug", { enumerable: true, get: function () { return did_helpers_2.extractAgentSlug; } });
 /**
  * Convenience function to ensure identity
  */

package/dist/runtime/mcpi-runtime-wrapper.d.ts

@@ -4,14 +4,13 @@
  * Node.js-specific runtime that extends the core runtime with Node.js providers.
  * Provides backward compatibility by accepting legacy configuration format.
  */
-import { MCPIRuntimeBase, AccessControlApiService, ProofVerifier } from '@kya-os/mcp-i-core';
-import type { MCPIRuntimeConfig } from './mcpi-runtime';
+import { MCPIRuntimeBase, AccessControlApiService, ProofVerifier } from "@kya-os/mcp-i-core";
+import type { MCPIRuntimeConfig } from "./mcpi-runtime";
 /**
  * Node.js-specific runtime implementation
  */
 export declare class MCPINodeRuntimeWrapper extends MCPIRuntimeBase {
     private legacyConfig;
-    protected accessControlService?: AccessControlApiService;
     constructor(config?: MCPIRuntimeConfig);
     /**
      * Set AccessControlApiService (for testing or manual injection)

package/dist/runtime/mcpi-runtime-wrapper.js

@@ -21,8 +21,7 @@ function createProvidersFromConfig(config) {
     const cryptoProvider = new node_providers_1.NodeCryptoProvider();
     const clockProvider = new node_providers_1.NodeClockProvider();
     const fetchProvider = new node_providers_1.NodeFetchProvider();
-    const identityPath = config.identity?.devIdentityPath ||
-        path_1.default.join(process.cwd(), '.mcp-i');
+    const identityPath = config.identity?.devIdentityPath || path_1.default.join(process.cwd(), ".mcp-i");
     const storageProvider = new node_providers_1.FileStorageProvider(identityPath);
     const identityProvider = new node_providers_1.FileIdentityProvider(identityPath, cryptoProvider);
     const nonceCacheProvider = (0, node_providers_1.getNonceCacheProvider)();
@@ -33,21 +32,25 @@ function createProvidersFromConfig(config) {
         storageProvider,
         nonceCacheProvider,
         identityProvider,
-        environment: config.identity?.environment || 'development',
+        environment: config.identity?.environment || "development",
         session: {
             timestampSkewSeconds: config.session?.timestampSkewSeconds || 120,
-            ttlMinutes: config.session?.sessionTtlMinutes || 30
+            ttlMinutes: config.session?.sessionTtlMinutes || 30,
         },
-        audit: config.audit ? {
-            enabled: config.audit.enabled !== false,
-            logFunction: config.audit.logFunction,
-            includePayloads: config.audit.includePayloads,
-            includeProofHashes: config.audit.includeProofHashes
-        } : undefined,
-        wellKnown: config.wellKnown ? {
-            enabled: true,
-            serviceName: config.wellKnown.agentMetadata?.name
-        } : undefined
+        audit: config.audit
+            ? {
+                enabled: config.audit.enabled !== false,
+                logFunction: config.audit.logFunction,
+                includePayloads: config.audit.includePayloads,
+                includeProofHashes: config.audit.includeProofHashes,
+            }
+            : undefined,
+        wellKnown: config.wellKnown
+            ? {
+                enabled: true,
+                serviceName: config.wellKnown.agentMetadata?.name,
+            }
+            : undefined,
     };
 }
 /**
@@ -55,7 +58,7 @@ function createProvidersFromConfig(config) {
  */
 class MCPINodeRuntimeWrapper extends mcp_i_core_1.MCPIRuntimeBase {
     legacyConfig;
-    accessControlService; // Access control API service
+    // accessControlService is inherited from MCPIRuntimeBase (protected), no need to redeclare
     // proofVerifier is inherited from MCPIRuntimeBase (protected), no need to redeclare
     constructor(config = {}) {
         const coreConfig = createProvidersFromConfig(config);
@@ -72,14 +75,14 @@ class MCPINodeRuntimeWrapper extends mcp_i_core_1.MCPIRuntimeBase {
         });
         // Instantiate AccessControlApiService if API key is available
         const apiKey = process.env.AGENTSHIELD_API_KEY;
-        const apiUrl = process.env.AGENTSHIELD_API_URL || 'https://kya.vouched.id';
+        const apiUrl = process.env.AGENTSHIELD_API_URL || "https://kya.vouched.id";
         if (apiKey) {
             this.accessControlService = new mcp_i_core_1.AccessControlApiService({
                 baseUrl: apiUrl,
                 apiKey,
                 fetchProvider: coreConfig.fetchProvider,
                 logger: (msg, data) => {
-                    if (coreConfig.environment === 'development') {
+                    if (coreConfig.environment === "development") {
                         console.log(`[AccessControl] ${msg}`, data);
                     }
                 },

package/dist/runtime/mcpi-runtime.js

@@ -208,7 +208,13 @@ class MCPIRuntime {
                 data = this.demoManager.addIdentityBadgeToResponse(data);
             }
             // Create response with proof
-            const response = await (0, proof_1.createProofResponse)(request, data, this.cachedIdentity, session, options);
+            const proofOptions = {
+                ...options,
+                ...(session && session.clientDid
+                    ? { clientDid: session.clientDid }
+                    : {}),
+            };
+            const response = await (0, proof_1.createProofResponse)(request, data, this.cachedIdentity, session, proofOptions);
             // Update debug state with latest proof
             if (this.debugManager && response.meta?.proof) {
                 this.debugManager.updateDebugState(response.meta.proof, session);

package/dist/runtime/session.d.ts

@@ -52,6 +52,19 @@ export declare class SessionManager {
      * Generate a unique session ID
      */
     private generateSessionId;
+    /**
+     * Generate a deterministic client identifier when the client
+     * does not provide one during the handshake.
+     */
+    private generateClientId;
+    /**
+     * Normalize string fields from handshake metadata
+     */
+    private normalizeClientInfoString;
+    /**
+     * Build MCP client metadata for the session when provided during handshake
+     */
+    private buildClientInfo;
     /**
      * Generate a cryptographically secure nonce
      */

package/dist/runtime/session.js

@@ -76,6 +76,7 @@ class SessionManager {
             await this.config.nonceCache.add(request.nonce, nonceTtlSeconds, request.agentDid);
             // Generate session ID
             const sessionId = this.generateSessionId();
+            const clientInfo = this.buildClientInfo(request);
             // Create session context
             const session = {
                 sessionId,
@@ -87,6 +88,7 @@ class SessionManager {
                 ttlMinutes: this.config.sessionTtlMinutes,
                 agentDid: request.agentDid, // Pass through agent DID for delegation verification
                 ...(this.config.serverDid && { serverDid: this.config.serverDid }), // Include server DID if provided
+                ...(clientInfo && { clientInfo }),
             };
             // Store session
             this.sessions.set(sessionId, session);
@@ -143,6 +145,47 @@ class SessionManager {
         const random = (0, crypto_1.randomBytes)(8).toString("hex");
         return `sess_${timestamp}_${random}`;
     }
+    /**
+     * Generate a deterministic client identifier when the client
+     * does not provide one during the handshake.
+     */
+    generateClientId() {
+        return `client_${(0, crypto_1.randomBytes)(6).toString("hex")}`;
+    }
+    /**
+     * Normalize string fields from handshake metadata
+     */
+    normalizeClientInfoString(value) {
+        if (typeof value !== "string") {
+            return undefined;
+        }
+        const trimmed = value.trim();
+        return trimmed.length > 0 ? trimmed : undefined;
+    }
+    /**
+     * Build MCP client metadata for the session when provided during handshake
+     */
+    buildClientInfo(request) {
+        const hasMetadata = !!request.clientInfo ||
+            typeof request.clientProtocolVersion === "string" ||
+            request.clientCapabilities !== undefined;
+        if (!hasMetadata) {
+            return undefined;
+        }
+        const source = request.clientInfo;
+        return {
+            name: this.normalizeClientInfoString(source?.name) ?? "unknown",
+            title: this.normalizeClientInfoString(source?.title),
+            version: this.normalizeClientInfoString(source?.version),
+            platform: this.normalizeClientInfoString(source?.platform),
+            vendor: this.normalizeClientInfoString(source?.vendor),
+            persistentId: this.normalizeClientInfoString(source?.persistentId),
+            clientId: this.normalizeClientInfoString(source?.clientId) ??
+                this.generateClientId(),
+            protocolVersion: this.normalizeClientInfoString(request.clientProtocolVersion),
+            capabilities: request.clientCapabilities,
+        };
+    }
     /**
      * Generate a cryptographically secure nonce
      */