npm - @kya-os/mcp-i - Versions diffs - 1.7.8 → 1.7.9 - Mend

@kya-os/mcp-i 1.7.8 → 1.7.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/runtime/delegation/vc-verifier.js +23 -4
package/package.json +1 -1

package/dist/runtime/delegation/vc-verifier.js CHANGED Viewed

@@ -245,15 +245,34 @@ class DelegationCredentialVerifier {
             const vcWithoutProof = { ...vc };
             delete vcWithoutProof.proof;
             // The proof.proofValue is base64url-encoded Ed25519 signature
-            // The proof.jws is an alternative JWS-based signature format
-            const proofValue = vc.proof?.proofValue || vc.proof?.jws;
-            if (!proofValue) {
+            // The proof.jws is an alternative JWS-based signature format (header.payload.signature)
+            const rawProofValue = vc.proof?.proofValue || vc.proof?.jws;
+            if (!rawProofValue) {
                 return {
                     valid: false,
                     reason: 'Proof missing proofValue or jws',
                     durationMs: Date.now() - startTime,
                 };
             }
+            // Extract signature bytes - handle JWS format (header.payload.signature)
+            // JWS compact serialization splits into 3 parts; only the 3rd is the signature
+            let signatureBase64url;
+            if (rawProofValue.includes('.')) {
+                // JWS format: extract the signature (third segment)
+                const jwsParts = rawProofValue.split('.');
+                if (jwsParts.length !== 3) {
+                    return {
+                        valid: false,
+                        reason: `Invalid JWS format: expected 3 parts, got ${jwsParts.length}`,
+                        durationMs: Date.now() - startTime,
+                    };
+                }
+                signatureBase64url = jwsParts[2];
+            }
+            else {
+                // proofValue is raw base64url signature
+                signatureBase64url = rawProofValue;
+            }
             try {
                 // For Ed25519Signature2020, we need to:
                 // 1. Canonicalize the VC without proofValue
@@ -274,7 +293,7 @@ class DelegationCredentialVerifier {
                 const proofHash = (0, crypto_1.createHash)('sha256').update(canonicalProof, 'utf8').digest();
                 const signingInput = Buffer.concat([proofHash, docHash]);
                 // Decode the base64url signature
-                const signatureBytes = Buffer.from(proofValue, 'base64url');
+                const signatureBytes = Buffer.from(signatureBase64url, 'base64url');
                 // Use subtle crypto for Ed25519 verification
                 const cryptoKey = await globalThis.crypto.subtle.importKey('jwk', publicKeyJwk, { name: 'Ed25519' }, false, ['verify']);
                 const isValid = await globalThis.crypto.subtle.verify({ name: 'Ed25519' }, cryptoKey, signatureBytes, signingInput);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kya-os/mcp-i",
-  "version": "1.7.8",
+  "version": "1.7.9",
   "description": "The TypeScript MCP framework with identity features built-in",
   "type": "commonjs",
   "main": "dist/index.js",