@kya-os/mcp-i 1.6.9 → 1.6.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/295.js +1 -1
- package/dist/runtime/adapter-express.js +3 -3
- package/dist/runtime/adapter-nextjs.js +3 -3
- package/dist/runtime/auth-handshake.d.ts +12 -0
- package/dist/runtime/auth-handshake.js +1 -0
- package/dist/runtime/delegation-verifier-agentshield.js +2 -0
- package/dist/runtime/delegation-verifier.d.ts +12 -0
- package/dist/runtime/http.js +3 -3
- package/dist/runtime/stdio.js +3 -3
- package/dist/runtime/tool-protection.d.ts +6 -0
- package/dist/runtime/utils/tools.js +89 -0
- package/package.json +3 -3
|
@@ -21,6 +21,12 @@ export interface ToolProtectionConfig {
|
|
|
21
21
|
riskLevel?: 'low' | 'medium' | 'high' | 'critical';
|
|
22
22
|
/** Optional custom authorization URL for this specific tool */
|
|
23
23
|
authorizationUrl?: string;
|
|
24
|
+
/** Authorization method required for this tool */
|
|
25
|
+
authorization?: {
|
|
26
|
+
type: 'oauth' | 'credential' | 'none';
|
|
27
|
+
provider?: string;
|
|
28
|
+
credentialType?: string;
|
|
29
|
+
};
|
|
24
30
|
}
|
|
25
31
|
/**
|
|
26
32
|
* Map of tool names to their protection configurations
|
|
@@ -508,6 +508,95 @@ async function addToolsToServer(server, toolModules, identityConfig) {
|
|
|
508
508
|
isError: true,
|
|
509
509
|
};
|
|
510
510
|
}
|
|
511
|
+
// Check if authorization method matches current tool requirements
|
|
512
|
+
// This prevents stale delegations from working after tool auth method changes
|
|
513
|
+
if (verifyResult.authorized && toolProtection.authorization) {
|
|
514
|
+
const toolAuth = toolProtection.authorization;
|
|
515
|
+
const delegationAuth = verifyResult.credential?.authorization;
|
|
516
|
+
// If tool requires authorization but credential doesn't have auth data, reject
|
|
517
|
+
// This prevents bypassing auth checks with incomplete credential data
|
|
518
|
+
if (!delegationAuth) {
|
|
519
|
+
if (identityConfig?.debug) {
|
|
520
|
+
console.error(`[MCPI] Tool "${name}" blocked - credential missing authorization data`);
|
|
521
|
+
}
|
|
522
|
+
// Build authorization URL for re-authorization
|
|
523
|
+
const authUrl = new URL(authConfig.bouncer.authorizationUrl);
|
|
524
|
+
authUrl.searchParams.set("agent_did", agentDid);
|
|
525
|
+
authUrl.searchParams.set("scopes", (toolProtection.requiredScopes || []).join(","));
|
|
526
|
+
authUrl.searchParams.set("tool", name);
|
|
527
|
+
return {
|
|
528
|
+
content: [
|
|
529
|
+
{
|
|
530
|
+
type: "text",
|
|
531
|
+
text: JSON.stringify({
|
|
532
|
+
error: "authorization_data_missing",
|
|
533
|
+
message: `Tool "${name}" requires authorization method ${toolAuth.type}` +
|
|
534
|
+
`${toolAuth.provider ? `:${toolAuth.provider}` : ""}` +
|
|
535
|
+
`${toolAuth.credentialType ? `:${toolAuth.credentialType}` : ""} ` +
|
|
536
|
+
`but delegation credential does not contain authorization data. Please re-authorize.`,
|
|
537
|
+
authorizationUrl: authUrl.toString(),
|
|
538
|
+
scopes: toolProtection.requiredScopes || [],
|
|
539
|
+
requiredAuth: toolAuth,
|
|
540
|
+
}),
|
|
541
|
+
},
|
|
542
|
+
],
|
|
543
|
+
isError: true,
|
|
544
|
+
};
|
|
545
|
+
}
|
|
546
|
+
// Compare authorization types
|
|
547
|
+
let authMatches = delegationAuth.type === toolAuth.type;
|
|
548
|
+
// For OAuth, also compare provider (undefined in toolAuth means "any provider acceptable")
|
|
549
|
+
if (authMatches &&
|
|
550
|
+
delegationAuth.type === "oauth" &&
|
|
551
|
+
toolAuth.type === "oauth") {
|
|
552
|
+
// If tool doesn't specify a provider, any provider is acceptable
|
|
553
|
+
if (toolAuth.provider) {
|
|
554
|
+
authMatches = delegationAuth.provider === toolAuth.provider;
|
|
555
|
+
}
|
|
556
|
+
}
|
|
557
|
+
// For credential, also compare credentialType (undefined in toolAuth means "any type acceptable")
|
|
558
|
+
if (authMatches &&
|
|
559
|
+
delegationAuth.type === "credential" &&
|
|
560
|
+
toolAuth.type === "credential") {
|
|
561
|
+
// If tool doesn't specify a credential type, any type is acceptable
|
|
562
|
+
if (toolAuth.credentialType) {
|
|
563
|
+
authMatches =
|
|
564
|
+
delegationAuth.credentialType === toolAuth.credentialType;
|
|
565
|
+
}
|
|
566
|
+
}
|
|
567
|
+
if (!authMatches) {
|
|
568
|
+
if (identityConfig?.debug) {
|
|
569
|
+
console.error(`[MCPI] Tool "${name}" blocked - authorization method mismatch`);
|
|
570
|
+
}
|
|
571
|
+
// Build authorization URL for re-authorization
|
|
572
|
+
const authUrl = new URL(authConfig.bouncer.authorizationUrl);
|
|
573
|
+
authUrl.searchParams.set("agent_did", agentDid);
|
|
574
|
+
authUrl.searchParams.set("scopes", (toolProtection.requiredScopes || []).join(","));
|
|
575
|
+
authUrl.searchParams.set("tool", name);
|
|
576
|
+
return {
|
|
577
|
+
content: [
|
|
578
|
+
{
|
|
579
|
+
type: "text",
|
|
580
|
+
text: JSON.stringify({
|
|
581
|
+
error: "authorization_method_mismatch",
|
|
582
|
+
message: `Tool "${name}" requires re-authorization. ` +
|
|
583
|
+
`Delegation was created with ${delegationAuth.type}` +
|
|
584
|
+
`${delegationAuth.provider ? `:${delegationAuth.provider}` : ""}` +
|
|
585
|
+
`${delegationAuth.credentialType ? `:${delegationAuth.credentialType}` : ""} ` +
|
|
586
|
+
`but tool now requires ${toolAuth.type}` +
|
|
587
|
+
`${toolAuth.provider ? `:${toolAuth.provider}` : ""}` +
|
|
588
|
+
`${toolAuth.credentialType ? `:${toolAuth.credentialType}` : ""}.`,
|
|
589
|
+
authorizationUrl: authUrl.toString(),
|
|
590
|
+
scopes: toolProtection.requiredScopes || [],
|
|
591
|
+
currentAuth: delegationAuth,
|
|
592
|
+
requiredAuth: toolAuth,
|
|
593
|
+
}),
|
|
594
|
+
},
|
|
595
|
+
],
|
|
596
|
+
isError: true,
|
|
597
|
+
};
|
|
598
|
+
}
|
|
599
|
+
}
|
|
511
600
|
if (identityConfig?.debug) {
|
|
512
601
|
console.error(`[MCPI] Tool "${name}" authorized - executing handler`);
|
|
513
602
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kya-os/mcp-i",
|
|
3
|
-
"version": "1.6.
|
|
3
|
+
"version": "1.6.11",
|
|
4
4
|
"description": "The TypeScript MCP framework with identity features built-in",
|
|
5
5
|
"type": "commonjs",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -63,8 +63,8 @@
|
|
|
63
63
|
"model-context-protocol"
|
|
64
64
|
],
|
|
65
65
|
"dependencies": {
|
|
66
|
-
"@kya-os/contracts": "^1.6.
|
|
67
|
-
"@kya-os/mcp-i-core": "^1.3.
|
|
66
|
+
"@kya-os/contracts": "^1.6.15",
|
|
67
|
+
"@kya-os/mcp-i-core": "^1.3.22",
|
|
68
68
|
"@modelcontextprotocol/sdk": "^1.11.4",
|
|
69
69
|
"@swc/core": "^1.11.24",
|
|
70
70
|
"@types/express": "^5.0.1",
|