@kya-os/mcp 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (182) hide show
  1. package/CHANGELOG.md +64 -0
  2. package/LICENSE +21 -0
  3. package/README.md +135 -0
  4. package/dist/auth/handshake.d.ts +119 -0
  5. package/dist/auth/handshake.d.ts.map +1 -0
  6. package/dist/auth/handshake.js +267 -0
  7. package/dist/auth/handshake.js.map +1 -0
  8. package/dist/auth/index.d.ts +3 -0
  9. package/dist/auth/index.d.ts.map +1 -0
  10. package/dist/auth/index.js +2 -0
  11. package/dist/auth/index.js.map +1 -0
  12. package/dist/auth/types.d.ts +31 -0
  13. package/dist/auth/types.d.ts.map +1 -0
  14. package/dist/auth/types.js +7 -0
  15. package/dist/auth/types.js.map +1 -0
  16. package/dist/delegation/audience-validator.d.ts +9 -0
  17. package/dist/delegation/audience-validator.d.ts.map +1 -0
  18. package/dist/delegation/audience-validator.js +17 -0
  19. package/dist/delegation/audience-validator.js.map +1 -0
  20. package/dist/delegation/bitstring.d.ts +37 -0
  21. package/dist/delegation/bitstring.d.ts.map +1 -0
  22. package/dist/delegation/bitstring.js +117 -0
  23. package/dist/delegation/bitstring.js.map +1 -0
  24. package/dist/delegation/cascading-revocation.d.ts +45 -0
  25. package/dist/delegation/cascading-revocation.d.ts.map +1 -0
  26. package/dist/delegation/cascading-revocation.js +150 -0
  27. package/dist/delegation/cascading-revocation.js.map +1 -0
  28. package/dist/delegation/delegation-graph.d.ts +49 -0
  29. package/dist/delegation/delegation-graph.d.ts.map +1 -0
  30. package/dist/delegation/delegation-graph.js +99 -0
  31. package/dist/delegation/delegation-graph.js.map +1 -0
  32. package/dist/delegation/did-key-resolver.d.ts +64 -0
  33. package/dist/delegation/did-key-resolver.d.ts.map +1 -0
  34. package/dist/delegation/did-key-resolver.js +157 -0
  35. package/dist/delegation/did-key-resolver.js.map +1 -0
  36. package/dist/delegation/did-web-resolver.d.ts +83 -0
  37. package/dist/delegation/did-web-resolver.d.ts.map +1 -0
  38. package/dist/delegation/did-web-resolver.js +218 -0
  39. package/dist/delegation/did-web-resolver.js.map +1 -0
  40. package/dist/delegation/index.d.ts +21 -0
  41. package/dist/delegation/index.d.ts.map +1 -0
  42. package/dist/delegation/index.js +21 -0
  43. package/dist/delegation/index.js.map +1 -0
  44. package/dist/delegation/outbound-headers.d.ts +79 -0
  45. package/dist/delegation/outbound-headers.d.ts.map +1 -0
  46. package/dist/delegation/outbound-headers.js +138 -0
  47. package/dist/delegation/outbound-headers.js.map +1 -0
  48. package/dist/delegation/outbound-proof.d.ts +43 -0
  49. package/dist/delegation/outbound-proof.d.ts.map +1 -0
  50. package/dist/delegation/outbound-proof.js +52 -0
  51. package/dist/delegation/outbound-proof.js.map +1 -0
  52. package/dist/delegation/statuslist-manager.d.ts +47 -0
  53. package/dist/delegation/statuslist-manager.d.ts.map +1 -0
  54. package/dist/delegation/statuslist-manager.js +139 -0
  55. package/dist/delegation/statuslist-manager.js.map +1 -0
  56. package/dist/delegation/storage/memory-graph-storage.d.ts +70 -0
  57. package/dist/delegation/storage/memory-graph-storage.d.ts.map +1 -0
  58. package/dist/delegation/storage/memory-graph-storage.js +145 -0
  59. package/dist/delegation/storage/memory-graph-storage.js.map +1 -0
  60. package/dist/delegation/storage/memory-statuslist-storage.d.ts +19 -0
  61. package/dist/delegation/storage/memory-statuslist-storage.d.ts.map +1 -0
  62. package/dist/delegation/storage/memory-statuslist-storage.js +33 -0
  63. package/dist/delegation/storage/memory-statuslist-storage.js.map +1 -0
  64. package/dist/delegation/utils.d.ts +49 -0
  65. package/dist/delegation/utils.d.ts.map +1 -0
  66. package/dist/delegation/utils.js +131 -0
  67. package/dist/delegation/utils.js.map +1 -0
  68. package/dist/delegation/vc-issuer.d.ts +56 -0
  69. package/dist/delegation/vc-issuer.d.ts.map +1 -0
  70. package/dist/delegation/vc-issuer.js +80 -0
  71. package/dist/delegation/vc-issuer.js.map +1 -0
  72. package/dist/delegation/vc-verifier.d.ts +112 -0
  73. package/dist/delegation/vc-verifier.d.ts.map +1 -0
  74. package/dist/delegation/vc-verifier.js +280 -0
  75. package/dist/delegation/vc-verifier.js.map +1 -0
  76. package/dist/errors.d.ts +42 -0
  77. package/dist/errors.d.ts.map +1 -0
  78. package/dist/errors.js +45 -0
  79. package/dist/errors.js.map +1 -0
  80. package/dist/index.d.ts +47 -0
  81. package/dist/index.d.ts.map +1 -0
  82. package/dist/index.js +56 -0
  83. package/dist/index.js.map +1 -0
  84. package/dist/logging/index.d.ts +2 -0
  85. package/dist/logging/index.d.ts.map +1 -0
  86. package/dist/logging/index.js +2 -0
  87. package/dist/logging/index.js.map +1 -0
  88. package/dist/logging/logger.d.ts +23 -0
  89. package/dist/logging/logger.d.ts.map +1 -0
  90. package/dist/logging/logger.js +82 -0
  91. package/dist/logging/logger.js.map +1 -0
  92. package/dist/middleware/index.d.ts +12 -0
  93. package/dist/middleware/index.d.ts.map +1 -0
  94. package/dist/middleware/index.js +12 -0
  95. package/dist/middleware/index.js.map +1 -0
  96. package/dist/middleware/mcpi-transport.d.ts +39 -0
  97. package/dist/middleware/mcpi-transport.d.ts.map +1 -0
  98. package/dist/middleware/mcpi-transport.js +121 -0
  99. package/dist/middleware/mcpi-transport.js.map +1 -0
  100. package/dist/middleware/with-mcpi-server.d.ts +78 -0
  101. package/dist/middleware/with-mcpi-server.d.ts.map +1 -0
  102. package/dist/middleware/with-mcpi-server.js +109 -0
  103. package/dist/middleware/with-mcpi-server.js.map +1 -0
  104. package/dist/middleware/with-mcpi.d.ts +202 -0
  105. package/dist/middleware/with-mcpi.d.ts.map +1 -0
  106. package/dist/middleware/with-mcpi.js +625 -0
  107. package/dist/middleware/with-mcpi.js.map +1 -0
  108. package/dist/proof/errors.d.ts +49 -0
  109. package/dist/proof/errors.d.ts.map +1 -0
  110. package/dist/proof/errors.js +61 -0
  111. package/dist/proof/errors.js.map +1 -0
  112. package/dist/proof/generator.d.ts +65 -0
  113. package/dist/proof/generator.d.ts.map +1 -0
  114. package/dist/proof/generator.js +163 -0
  115. package/dist/proof/generator.js.map +1 -0
  116. package/dist/proof/index.d.ts +4 -0
  117. package/dist/proof/index.d.ts.map +1 -0
  118. package/dist/proof/index.js +4 -0
  119. package/dist/proof/index.js.map +1 -0
  120. package/dist/proof/verifier.d.ts +108 -0
  121. package/dist/proof/verifier.d.ts.map +1 -0
  122. package/dist/proof/verifier.js +299 -0
  123. package/dist/proof/verifier.js.map +1 -0
  124. package/dist/providers/base.d.ts +64 -0
  125. package/dist/providers/base.d.ts.map +1 -0
  126. package/dist/providers/base.js +19 -0
  127. package/dist/providers/base.js.map +1 -0
  128. package/dist/providers/index.d.ts +4 -0
  129. package/dist/providers/index.d.ts.map +1 -0
  130. package/dist/providers/index.js +4 -0
  131. package/dist/providers/index.js.map +1 -0
  132. package/dist/providers/memory.d.ts +33 -0
  133. package/dist/providers/memory.d.ts.map +1 -0
  134. package/dist/providers/memory.js +102 -0
  135. package/dist/providers/memory.js.map +1 -0
  136. package/dist/providers/node-crypto.d.ts +26 -0
  137. package/dist/providers/node-crypto.d.ts.map +1 -0
  138. package/dist/providers/node-crypto.js +69 -0
  139. package/dist/providers/node-crypto.js.map +1 -0
  140. package/dist/session/index.d.ts +2 -0
  141. package/dist/session/index.d.ts.map +1 -0
  142. package/dist/session/index.js +2 -0
  143. package/dist/session/index.js.map +1 -0
  144. package/dist/session/manager.d.ts +83 -0
  145. package/dist/session/manager.d.ts.map +1 -0
  146. package/dist/session/manager.js +267 -0
  147. package/dist/session/manager.js.map +1 -0
  148. package/dist/types/protocol.d.ts +320 -0
  149. package/dist/types/protocol.d.ts.map +1 -0
  150. package/dist/types/protocol.js +229 -0
  151. package/dist/types/protocol.js.map +1 -0
  152. package/dist/utils/base58.d.ts +31 -0
  153. package/dist/utils/base58.d.ts.map +1 -0
  154. package/dist/utils/base58.js +104 -0
  155. package/dist/utils/base58.js.map +1 -0
  156. package/dist/utils/base64.d.ts +13 -0
  157. package/dist/utils/base64.d.ts.map +1 -0
  158. package/dist/utils/base64.js +99 -0
  159. package/dist/utils/base64.js.map +1 -0
  160. package/dist/utils/crypto-service.d.ts +37 -0
  161. package/dist/utils/crypto-service.d.ts.map +1 -0
  162. package/dist/utils/crypto-service.js +154 -0
  163. package/dist/utils/crypto-service.js.map +1 -0
  164. package/dist/utils/did-helpers.d.ts +168 -0
  165. package/dist/utils/did-helpers.d.ts.map +1 -0
  166. package/dist/utils/did-helpers.js +211 -0
  167. package/dist/utils/did-helpers.js.map +1 -0
  168. package/dist/utils/ed25519-constants.d.ts +18 -0
  169. package/dist/utils/ed25519-constants.d.ts.map +1 -0
  170. package/dist/utils/ed25519-constants.js +21 -0
  171. package/dist/utils/ed25519-constants.js.map +1 -0
  172. package/dist/utils/index.d.ts +5 -0
  173. package/dist/utils/index.d.ts.map +1 -0
  174. package/dist/utils/index.js +5 -0
  175. package/dist/utils/index.js.map +1 -0
  176. package/package.json +115 -0
  177. package/schemas/README.md +117 -0
  178. package/schemas/delegation-credential.json +312 -0
  179. package/schemas/detached-proof.json +97 -0
  180. package/schemas/handshake-request.json +84 -0
  181. package/schemas/handshake-response.json +67 -0
  182. package/schemas/well-known-mcpi.json +176 -0
package/CHANGELOG.md ADDED
@@ -0,0 +1,64 @@
1
+ # Changelog
2
+
3
+ All notable changes to @kya-os/mcp will be documented here.
4
+
5
+ Format: https://keepachangelog.com/en/1.0.0/
6
+ Versioning: https://semver.org/spec/v2.0.0.html
7
+
8
+ ## [Unreleased]
9
+
10
+ ### Changed
11
+
12
+ - **Package renamed from `@mcp-i/core` to `@kya-os/mcp`.** Reframed under
13
+ the KYA-OS taxonomy: MCP-I is the identity surface of KYA-OS (Know
14
+ Your Agent Operating System), the umbrella protocol for agent
15
+ identity, authorization, and observability. Version stays at 1.2.0 —
16
+ the wire format, exports (`MCPI*`), and behavior are unchanged. The
17
+ old `@mcp-i/core` package is deprecated and points at this one.
18
+ - **Spec cut to `1.0.0`** (was `0.1.0-draft` in `SPEC.md`, `1.0.0-draft`
19
+ in `CONFORMANCE.md`). The wire format was already pinned at `1.0.0`
20
+ in the handshake protocol-version field; the spec docs now match.
21
+ Status: Stable — donated to DIF TAAWG for ratification review. Spec
22
+ semver is independent of package semver: the spec describes the wire
23
+ protocol, the package describes the implementation shipping it.
24
+ - Delegation middleware remains strict by default for chain and status-list validation.
25
+ - Added `delegation.allowLegacyUnsafeDelegation` to `createMCPIMiddleware` as a temporary migration escape hatch for legacy integrations.
26
+ - Added middleware tests covering legacy-compatibility behavior for parent-linked and status-list credentials.
27
+
28
+ ## [1.0.0-draft] - 2026-03-12
29
+
30
+ ### Added
31
+
32
+ - SPEC.md protocol specification defining MCP-I extension for cryptographic identity
33
+ - Supported DID methods: `did:key` (ephemeral/dev) and `did:web` (production)
34
+ - Ed25519/EdDSA cryptography for signing and verification
35
+ - Delegation module with W3C Verifiable Credential issuance and verification
36
+ - CRISP constraint envelopes for scope, budget, temporal bounds, and audience
37
+ - Delegation graph management with parent-child relationships
38
+ - Cascading revocation via StatusList2021
39
+ - `did:key` resolver for synchronous DID Document resolution
40
+ - `did:web` resolver with HTTPS fetching and caching
41
+ - Proof module with detached JWS generation over canonicalized request/response
42
+ - Proof verification with DID resolution and timestamp validation
43
+ - SHA-256 hashing with RFC 8785 JCS canonicalization
44
+ - Session module with handshake validation and nonce-based replay prevention
45
+ - Session TTL management with idle timeout tracking
46
+ - Auth module with `verifyOrHints` orchestration and sensitive scope detection
47
+ - Resume token storage for authorization flows
48
+ - `needs_authorization` hint response pattern
49
+ - MCP SDK middleware wrapper (`createMCPIMiddleware`)
50
+ - Tool wrapping with automatic proof generation
51
+ - Handshake tool registration and handling
52
+ - Provider abstractions: CryptoProvider, ClockProvider, FetchProvider, StorageProvider, NonceCacheProvider, IdentityProvider
53
+ - In-memory implementations for all providers (testing)
54
+ - Configurable logging with debug, info, warn, error levels
55
+ - Pure TypeScript protocol type definitions (zero runtime dependencies)
56
+ - Well-known endpoint (`/.well-known/mcpi`) for server discovery
57
+ - Outbound delegation proof JWT builder for downstream API calls
58
+ - Three-tier conformance levels:
59
+ - Level 1: Core Crypto (key generation, signing, hashing, DID resolution)
60
+ - Level 2: Full Session (handshake, nonce, replay prevention, proofs)
61
+ - Level 3: Full Delegation (VCs, CRISP, graphs, revocation, chain validation)
62
+ - Example implementations: Node.js server, proof verification, delegation issuance
63
+ - Vitest test suite covering all conformance levels
64
+ - GitHub Actions CI with type checking, build, test, and coverage
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 MCP-Identity
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md ADDED
@@ -0,0 +1,135 @@
1
+ <p align="center">
2
+ <a href="https://modelcontextprotocol-identity.io">
3
+ <picture>
4
+ <source media="(prefers-color-scheme: dark)" srcset="https://modelcontextprotocol-identity.io/images/logo-mark_white.svg">
5
+ <img alt="MCP-I" src="https://modelcontextprotocol-identity.io/images/logo-mark_black.svg" width="64">
6
+ </picture>
7
+ </a>
8
+ </p>
9
+
10
+ <p align="center">
11
+ <strong>Identity, delegation, and proof for the Model Context Protocol.</strong>
12
+ </p>
13
+
14
+ <p align="center">
15
+ <a href="https://www.npmjs.com/package/@kya-os/mcp"><img src="https://img.shields.io/npm/v/@kya-os/mcp" alt="npm"></a>
16
+ <a href="https://modelcontextprotocol-identity.io"><img src="https://img.shields.io/badge/spec-modelcontextprotocol--identity.io-blue" alt="spec"></a>
17
+ <a href="https://identity.foundation/working-groups/agent-and-authorization.html"><img src="https://img.shields.io/badge/DIF-TAAWG-purple" alt="DIF TAAWG"></a>
18
+ <a href="./LICENSE"><img src="https://img.shields.io/github/license/modelcontextprotocol-identity/mcp-i-core" alt="license"></a>
19
+ </p>
20
+
21
+ <p align="center">
22
+ <em><code>@kya-os/mcp</code> is the reference implementation of <strong>MCP-I</strong>, the identity surface of <strong>KYA-OS</strong> (Know Your Agent Operating System). KYA-OS is the umbrella protocol for agent identity, authorization, and observability; MCP-I is its first surface, binding those primitives to Model Context Protocol servers.</em>
23
+ </p>
24
+
25
+ ---
26
+
27
+ AI agents call tools on your behalf. But today, there's no way to know *who* called, *whether they were allowed to*, or *what actually happened*. MCP-I fixes that for Model Context Protocol servers.
28
+
29
+ - **Every server gets a cryptographic identity** (DID) — no accounts, no API keys, no central registry
30
+ - **Every tool call gets a signed proof** — a tamper-evident receipt the agent can't forge or deny
31
+ - **Protected tools require human consent** — per-tool authorization via W3C Delegation Credentials
32
+ - **The AI never knows** — identity, proofs, and consent happen transparently in the protocol layer
33
+
34
+ ```
35
+ npm install @kya-os/mcp
36
+ ```
37
+
38
+ ---
39
+
40
+ ## Migrate Any MCP Server in 2 Lines
41
+
42
+ **Before** — a standard MCP server with no identity or proofs:
43
+
44
+ ```typescript
45
+ import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
46
+
47
+ const server = new McpServer({ name: 'my-server', version: '1.0.0' });
48
+
49
+ server.registerTool('greet', { description: 'Say hello' }, async (args) => ({
50
+ content: [{ type: 'text', text: `Hello, ${args.name}!` }],
51
+ }));
52
+ ```
53
+
54
+ **After** — every tool response now carries a signed cryptographic proof:
55
+
56
+ ```typescript
57
+ import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
58
+ import { withMCPI, NodeCryptoProvider } from '@kya-os/mcp'; // +1 line
59
+
60
+ const server = new McpServer({ name: 'my-server', version: '1.0.0' });
61
+ await withMCPI(server, { crypto: new NodeCryptoProvider() }); // +1 line
62
+
63
+ server.registerTool('greet', { description: 'Say hello' }, async (args) => ({
64
+ content: [{ type: 'text', text: `Hello, ${args.name}!` }],
65
+ }));
66
+ ```
67
+
68
+ That's it. `withMCPI` auto-generates an Ed25519 identity, registers the `_mcpi` protocol tool, and wraps the transport so every tool response includes a detached JWS proof in `_meta` — invisible to the LLM, verifiable by anyone.
69
+
70
+ > See the full working example: [examples/context7-with-mcpi](./examples/context7-with-mcpi/) — a real MCP server (Context7) migrated with exactly 2 lines of code.
71
+
72
+ ---
73
+
74
+ ## Protect Tools with Human Consent
75
+
76
+ Some tools shouldn't run without a human saying "yes." MCP-I adds per-tool authorization using W3C Verifiable Credentials:
77
+
78
+ ```typescript
79
+ const checkout = mcpi.wrapWithDelegation(
80
+ 'checkout',
81
+ { scopeId: 'cart:write', consentUrl: 'https://example.com/consent' },
82
+ mcpi.wrapWithProof('checkout', async (args) => ({
83
+ content: [{ type: 'text', text: `Order placed: ${args.item}` }],
84
+ })),
85
+ );
86
+ ```
87
+
88
+ When an agent calls `checkout` without a delegation credential, it gets back a `needs_authorization` response with a consent URL. The human approves, a scoped credential is issued, and the agent retries — now authorized.
89
+
90
+ > Try it yourself: [examples/consent-basic](./examples/consent-basic/) walks through the full consent flow end-to-end.
91
+
92
+ ---
93
+
94
+ ## See It in Action
95
+
96
+ ```bash
97
+ git clone https://github.com/modelcontextprotocol-identity/mcp-i-core.git
98
+ cd mcp-i-core && npm install
99
+ bash scripts/demo.sh
100
+ ```
101
+
102
+ This starts all example servers and opens [MCP Inspector](https://github.com/modelcontextprotocol/inspector). Connect to any server, call a tool, and inspect the proof in `_meta`:
103
+
104
+ | Port | Example | What it demonstrates |
105
+ |------|---------|---------------------|
106
+ | 3001 | [node-server](./examples/node-server/) | Proofs + restricted tools (low-level API) |
107
+ | 3002 | [consent-basic](./examples/consent-basic/) | Human consent flow with built-in UI |
108
+ | 3003 | [consent-full](./examples/consent-full/) | Production consent UI ([@kya-os/consent](https://www.npmjs.com/package/@kya-os/consent)) |
109
+ | 3004 | [context7-with-mcpi](./examples/context7-with-mcpi/) | 2-line migration of a real MCP server |
110
+
111
+ Also available: [outbound-delegation](./examples/outbound-delegation/) (gateway pattern), [verify-proof](./examples/verify-proof/) (standalone verification), [statuslist](./examples/statuslist/) (revocation lifecycle).
112
+
113
+ ---
114
+
115
+ ## What's Under the Hood
116
+
117
+ | Capability | How it works |
118
+ |-----------|-------------|
119
+ | **Cryptographic identity** | Ed25519 key pairs, `did:key` and `did:web` resolution |
120
+ | **Signed proofs** | Detached JWS over JCS-canonicalized request/response hashes |
121
+ | **Delegation credentials** | W3C Verifiable Credentials with scope constraints |
122
+ | **Revocation** | StatusList2021 bitstring with cascading revocation |
123
+ | **Replay prevention** | Nonce-based handshake with timestamp skew validation |
124
+ | **Extensible** | Bring your own KMS, HSM, nonce cache (Redis, DynamoDB, KV), or DID method |
125
+
126
+ ---
127
+
128
+ ## Links
129
+
130
+ - [Spec](https://modelcontextprotocol-identity.io) | [DIF TAAWG](https://identity.foundation/working-groups/agent-and-authorization.html) | [npm](https://www.npmjs.com/package/@kya-os/mcp)
131
+ - [CONTRIBUTING.md](./CONTRIBUTING.md) | [CONFORMANCE.md](./CONFORMANCE.md) | [SECURITY.md](./SECURITY.md) | [GOVERNANCE.md](./GOVERNANCE.md)
132
+
133
+ ## License
134
+
135
+ MIT
@@ -0,0 +1,119 @@
1
+ /**
2
+ * Authorization Handshake — Platform-agnostic Protocol Reference
3
+ *
4
+ * Orchestrates the MCP-I authorization flow:
5
+ * 1. Check agent reputation (optional)
6
+ * 2. Verify delegation exists
7
+ * 3. Return needs_authorization error if missing
8
+ *
9
+ * Uses only the global fetch API — no Node-specific imports.
10
+ * Safe to run on Node.js, Cloudflare Workers, and any fetch-capable runtime.
11
+ */
12
+ import type { NeedsAuthorizationError } from '../types/protocol.js';
13
+ import type { DelegationRecord } from '../types/protocol.js';
14
+ import type { DelegationVerifier, VerifyDelegationResult } from './types.js';
15
+ export type { DelegationVerifier, VerifyDelegationResult };
16
+ export interface AgentReputation {
17
+ agentDid: string;
18
+ score: number | null;
19
+ totalInteractions: number;
20
+ successRate: number;
21
+ riskLevel: 'low' | 'medium' | 'high' | 'unknown';
22
+ updatedAt: number;
23
+ }
24
+ /**
25
+ * Policy for handling agents with no reputation history.
26
+ *
27
+ * - 'deny' — reject unknown agents outright (strict environments)
28
+ * - 'require-consent' — route to the consent/authorization flow (default)
29
+ * - 'allow' — let unknown agents through (reputation is advisory only)
30
+ */
31
+ export type UnknownAgentPolicy = 'deny' | 'require-consent' | 'allow';
32
+ export interface AuthHandshakeConfig {
33
+ delegationVerifier: DelegationVerifier;
34
+ resumeTokenStore: ResumeTokenStore;
35
+ reputationService?: {
36
+ apiUrl: string;
37
+ apiKey?: string;
38
+ apiFormat?: 'v1' | 'v2';
39
+ };
40
+ authorization: {
41
+ authorizationUrl: string;
42
+ resumeTokenTtl?: number;
43
+ /**
44
+ * How to handle agents with no reputation history (404 from reputation
45
+ * service, network error, or first-time agent).
46
+ *
47
+ * - 'deny' — reject outright
48
+ * - 'require-consent' — route to consent flow (default)
49
+ * - 'allow' — skip reputation gate for unknowns
50
+ */
51
+ unknownAgentPolicy?: UnknownAgentPolicy;
52
+ minReputationScore?: number;
53
+ };
54
+ debug?: boolean;
55
+ }
56
+ export interface VerifyOrHintsResult {
57
+ authorized: boolean;
58
+ delegation?: DelegationRecord;
59
+ credential?: {
60
+ agent_did: string;
61
+ user_did: string;
62
+ scopes: string[];
63
+ authorization: {
64
+ type: 'oauth' | 'oauth2' | 'password' | 'credential' | 'webauthn' | 'siwe' | 'none';
65
+ provider?: string;
66
+ credentialType?: string;
67
+ rpId?: string;
68
+ userVerification?: 'required' | 'preferred' | 'discouraged';
69
+ chainId?: number;
70
+ domain?: string;
71
+ };
72
+ [key: string]: unknown;
73
+ };
74
+ authError?: NeedsAuthorizationError;
75
+ reputation?: AgentReputation;
76
+ reason?: string;
77
+ }
78
+ export interface ResumeTokenStore {
79
+ create(agentDid: string, scopes: string[], metadata?: Record<string, unknown>): Promise<string>;
80
+ get(token: string): Promise<{
81
+ agentDid: string;
82
+ scopes: string[];
83
+ createdAt: number;
84
+ expiresAt: number;
85
+ metadata?: Record<string, unknown>;
86
+ } | null>;
87
+ fulfill(token: string): Promise<void>;
88
+ }
89
+ export declare class MemoryResumeTokenStore implements ResumeTokenStore {
90
+ private tokens;
91
+ private ttl;
92
+ constructor(ttlMs?: number);
93
+ create(agentDid: string, scopes: string[], metadata?: Record<string, unknown>): Promise<string>;
94
+ get(token: string): Promise<{
95
+ agentDid: string;
96
+ scopes: string[];
97
+ createdAt: number;
98
+ expiresAt: number;
99
+ metadata?: Record<string, unknown>;
100
+ } | null>;
101
+ fulfill(token: string): Promise<void>;
102
+ clear(): void;
103
+ }
104
+ /**
105
+ * Verify agent delegation or return authorization hints.
106
+ *
107
+ * Orchestrates the authorization flow:
108
+ * 1. Optionally check agent reputation against threshold
109
+ * 2. Verify existing delegation via DelegationVerifier
110
+ * 3. Return authorization hints if delegation is missing/invalid
111
+ *
112
+ * @param agentDid - The agent's DID to verify
113
+ * @param scopes - Required scopes for the operation
114
+ * @param config - Authorization configuration including verifier, token store, etc.
115
+ * @returns Result indicating authorization status, delegation, or auth hints
116
+ */
117
+ export declare function verifyOrHints(agentDid: string, scopes: string[], config: AuthHandshakeConfig): Promise<VerifyOrHintsResult>;
118
+ export declare function hasSensitiveScopes(scopes: string[]): boolean;
119
+ //# sourceMappingURL=handshake.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"handshake.d.ts","sourceRoot":"","sources":["../../src/auth/handshake.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EACV,uBAAuB,EAExB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAE7D,OAAO,KAAK,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAE7E,YAAY,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,CAAC;AAE3D,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;IACjD,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;GAMG;AACH,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG,iBAAiB,GAAG,OAAO,CAAC;AAEtE,MAAM,WAAW,mBAAmB;IAClC,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,iBAAiB,CAAC,EAAE;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;KACzB,CAAC;IACF,aAAa,EAAE;QACb,gBAAgB,EAAE,MAAM,CAAC;QACzB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB;;;;;;;WAOG;QACH,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;QACxC,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC;IACF,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,UAAU,CAAC,EAAE;QACX,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,aAAa,EAAE;YACb,IAAI,EACA,OAAO,GACP,QAAQ,GACR,UAAU,GACV,YAAY,GACZ,UAAU,GACV,MAAM,GACN,MAAM,CAAC;YACX,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,cAAc,CAAC,EAAE,MAAM,CAAC;YACxB,IAAI,CAAC,EAAE,MAAM,CAAC;YACd,gBAAgB,CAAC,EAAE,UAAU,GAAG,WAAW,GAAG,aAAa,CAAC;YAC5D,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,MAAM,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,SAAS,CAAC,EAAE,uBAAuB,CAAC;IACpC,UAAU,CAAC,EAAE,eAAe,CAAC;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,CACJ,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,EAChB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACjC,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAC1B,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACpC,GAAG,IAAI,CAAC,CAAC;IAEV,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACvC;AAED,qBAAa,sBAAuB,YAAW,gBAAgB;IAC7D,OAAO,CAAC,MAAM,CAUV;IACJ,OAAO,CAAC,GAAG,CAAS;gBAER,KAAK,SAAU;IAIrB,MAAM,CACV,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,EAChB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACjC,OAAO,CAAC,MAAM,CAAC;IAmBZ,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAChC,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACpC,GAAG,IAAI,CAAC;IAoBH,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAO3C,KAAK,IAAI,IAAI;CAGd;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,aAAa,CACjC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,EAChB,MAAM,EAAE,mBAAmB,GAC1B,OAAO,CAAC,mBAAmB,CAAC,CA+I9B;AA8GD,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAc5D"}
@@ -0,0 +1,267 @@
1
+ /**
2
+ * Authorization Handshake — Platform-agnostic Protocol Reference
3
+ *
4
+ * Orchestrates the MCP-I authorization flow:
5
+ * 1. Check agent reputation (optional)
6
+ * 2. Verify delegation exists
7
+ * 3. Return needs_authorization error if missing
8
+ *
9
+ * Uses only the global fetch API — no Node-specific imports.
10
+ * Safe to run on Node.js, Cloudflare Workers, and any fetch-capable runtime.
11
+ */
12
+ import { createNeedsAuthorizationError } from '../types/protocol.js';
13
+ import { logger } from '../logging/index.js';
14
+ export class MemoryResumeTokenStore {
15
+ tokens = new Map();
16
+ ttl;
17
+ constructor(ttlMs = 600_000) {
18
+ this.ttl = ttlMs;
19
+ }
20
+ async create(agentDid, scopes, metadata) {
21
+ const bytes = new Uint8Array(16);
22
+ globalThis.crypto.getRandomValues(bytes);
23
+ const hex = Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join('');
24
+ const token = `rt_${hex}`;
25
+ const now = Date.now();
26
+ this.tokens.set(token, {
27
+ agentDid,
28
+ scopes,
29
+ createdAt: now,
30
+ expiresAt: now + this.ttl,
31
+ metadata,
32
+ fulfilled: false,
33
+ });
34
+ return token;
35
+ }
36
+ async get(token) {
37
+ const data = this.tokens.get(token);
38
+ if (!data)
39
+ return null;
40
+ if (Date.now() > data.expiresAt) {
41
+ this.tokens.delete(token);
42
+ return null;
43
+ }
44
+ if (data.fulfilled)
45
+ return null;
46
+ return {
47
+ agentDid: data.agentDid,
48
+ scopes: data.scopes,
49
+ createdAt: data.createdAt,
50
+ expiresAt: data.expiresAt,
51
+ metadata: data.metadata,
52
+ };
53
+ }
54
+ async fulfill(token) {
55
+ const data = this.tokens.get(token);
56
+ if (data) {
57
+ data.fulfilled = true;
58
+ }
59
+ }
60
+ clear() {
61
+ this.tokens.clear();
62
+ }
63
+ }
64
+ /**
65
+ * Verify agent delegation or return authorization hints.
66
+ *
67
+ * Orchestrates the authorization flow:
68
+ * 1. Optionally check agent reputation against threshold
69
+ * 2. Verify existing delegation via DelegationVerifier
70
+ * 3. Return authorization hints if delegation is missing/invalid
71
+ *
72
+ * @param agentDid - The agent's DID to verify
73
+ * @param scopes - Required scopes for the operation
74
+ * @param config - Authorization configuration including verifier, token store, etc.
75
+ * @returns Result indicating authorization status, delegation, or auth hints
76
+ */
77
+ export async function verifyOrHints(agentDid, scopes, config) {
78
+ const startTime = Date.now();
79
+ if (config.debug) {
80
+ logger.debug(`[AuthHandshake] Verifying ${agentDid} for scopes: ${scopes.join(', ')}`);
81
+ }
82
+ let reputation;
83
+ if (config.reputationService && config.authorization.minReputationScore !== undefined) {
84
+ const unknownPolicy = config.authorization.unknownAgentPolicy ?? 'require-consent';
85
+ try {
86
+ reputation = await fetchAgentReputation(agentDid, config.reputationService);
87
+ }
88
+ catch (error) {
89
+ logger.error('[AuthHandshake] Reputation service unreachable, treating agent as unknown:', error);
90
+ reputation = {
91
+ agentDid,
92
+ score: null,
93
+ totalInteractions: 0,
94
+ successRate: 0,
95
+ riskLevel: 'unknown',
96
+ updatedAt: Date.now(),
97
+ };
98
+ }
99
+ if (config.debug) {
100
+ logger.debug(`[AuthHandshake] Reputation score: ${reputation.score}`);
101
+ }
102
+ // Unknown agent (no reputation data)
103
+ if (reputation.score === null) {
104
+ if (unknownPolicy === 'deny') {
105
+ const authError = await buildNeedsAuthorizationError(agentDid, scopes, config, 'Unknown agent denied by policy');
106
+ return {
107
+ authorized: false,
108
+ authError,
109
+ reputation,
110
+ reason: 'Unknown agent — policy: deny',
111
+ };
112
+ }
113
+ if (unknownPolicy === 'require-consent') {
114
+ const authError = await buildNeedsAuthorizationError(agentDid, scopes, config, 'Unknown agent requires consent');
115
+ return {
116
+ authorized: false,
117
+ authError,
118
+ reputation,
119
+ reason: 'Unknown agent — policy: require-consent',
120
+ };
121
+ }
122
+ // unknownPolicy === 'allow' — skip reputation gate, continue to delegation check
123
+ if (config.debug) {
124
+ logger.debug('[AuthHandshake] Unknown agent allowed by policy, skipping reputation gate');
125
+ }
126
+ }
127
+ // Known agent with score below threshold
128
+ if (reputation.score !== null && reputation.score < config.authorization.minReputationScore) {
129
+ if (config.debug) {
130
+ logger.debug(`[AuthHandshake] Reputation ${reputation.score} < ${config.authorization.minReputationScore}, requiring authorization`);
131
+ }
132
+ const authError = await buildNeedsAuthorizationError(agentDid, scopes, config, 'Agent reputation score below threshold');
133
+ return {
134
+ authorized: false,
135
+ authError,
136
+ reputation,
137
+ reason: 'Low reputation score',
138
+ };
139
+ }
140
+ }
141
+ let delegationResult;
142
+ try {
143
+ delegationResult = await config.delegationVerifier.verify(agentDid, scopes);
144
+ }
145
+ catch (error) {
146
+ logger.error('[AuthHandshake] Delegation verification failed:', error);
147
+ const errorMessage = `Delegation verification error: ${error instanceof Error ? error.message : 'Unknown error'}`;
148
+ const authError = await buildNeedsAuthorizationError(agentDid, scopes, config, errorMessage);
149
+ return {
150
+ authorized: false,
151
+ authError,
152
+ reason: errorMessage,
153
+ };
154
+ }
155
+ if (delegationResult.valid && delegationResult.delegation) {
156
+ if (config.debug) {
157
+ logger.debug(`[AuthHandshake] Delegation valid, authorized (${Date.now() - startTime}ms)`);
158
+ }
159
+ return {
160
+ authorized: true,
161
+ delegation: delegationResult.delegation,
162
+ credential: delegationResult.credential,
163
+ reputation,
164
+ reason: 'Valid delegation found',
165
+ };
166
+ }
167
+ if (config.debug) {
168
+ logger.debug(`[AuthHandshake] No delegation found, returning needs_authorization (${Date.now() - startTime}ms)`);
169
+ }
170
+ const authError = await buildNeedsAuthorizationError(agentDid, scopes, config, delegationResult.reason ?? 'No valid delegation found');
171
+ return {
172
+ authorized: false,
173
+ authError,
174
+ reputation,
175
+ reason: delegationResult.reason ?? 'No delegation',
176
+ };
177
+ }
178
+ async function fetchAgentReputation(agentDid, reputationConfig) {
179
+ const apiUrl = reputationConfig.apiUrl.replace(/\/$/, '');
180
+ const headers = {
181
+ 'Content-Type': 'application/json',
182
+ };
183
+ if (reputationConfig.apiKey) {
184
+ headers['X-API-Key'] = reputationConfig.apiKey;
185
+ }
186
+ const isV2Format = reputationConfig.apiFormat === 'v2';
187
+ let response;
188
+ if (isV2Format) {
189
+ response = await fetch(`${apiUrl}/v1/reputation/${encodeURIComponent(agentDid)}`, {
190
+ method: 'POST',
191
+ headers,
192
+ body: JSON.stringify({ include_details: false }),
193
+ });
194
+ }
195
+ else {
196
+ response = await fetch(`${apiUrl}/api/v1/reputation/${encodeURIComponent(agentDid)}`, { method: 'GET', headers });
197
+ }
198
+ if (!response.ok) {
199
+ if (response.status === 404) {
200
+ return {
201
+ agentDid,
202
+ score: null,
203
+ totalInteractions: 0,
204
+ successRate: 0,
205
+ riskLevel: 'unknown',
206
+ updatedAt: Date.now(),
207
+ };
208
+ }
209
+ throw new Error(`Reputation API error: ${response.status} ${response.statusText}`);
210
+ }
211
+ const data = (await response.json());
212
+ const score = data['score'] ?? 0;
213
+ const levelRaw = (data['level'] ??
214
+ data['riskLevel'] ??
215
+ 'unknown').toLowerCase();
216
+ const riskLevel = levelRaw === 'low' || levelRaw === 'medium' || levelRaw === 'high' ? levelRaw : 'unknown';
217
+ return {
218
+ agentDid: data['agent_did'] ??
219
+ data['agentDid'] ??
220
+ agentDid,
221
+ score,
222
+ totalInteractions: data['totalInteractions'] ?? 0,
223
+ successRate: data['successRate'] ?? 0,
224
+ riskLevel,
225
+ updatedAt: data['calculatedAt']
226
+ ? new Date(data['calculatedAt']).getTime()
227
+ : (data['updatedAt'] ?? Date.now()),
228
+ };
229
+ }
230
+ async function buildNeedsAuthorizationError(agentDid, scopes, config, message) {
231
+ const resumeToken = await config.resumeTokenStore.create(agentDid, scopes, {
232
+ requestedAt: Date.now(),
233
+ });
234
+ const expiresAt = Date.now() + (config.authorization.resumeTokenTtl ?? 600_000);
235
+ const authUrl = new URL(config.authorization.authorizationUrl);
236
+ authUrl.searchParams.set('agent_did', agentDid);
237
+ authUrl.searchParams.set('scopes', scopes.join(','));
238
+ authUrl.searchParams.set('resume_token', resumeToken);
239
+ const authCode = resumeToken.substring(0, 8).toUpperCase();
240
+ const display = {
241
+ title: 'Authorization Required',
242
+ hint: ['link', 'qr'],
243
+ authorizationCode: authCode,
244
+ qrUrl: `https://api.qrserver.com/v1/create-qr-code/?data=${encodeURIComponent(authUrl.toString())}`,
245
+ };
246
+ return createNeedsAuthorizationError({
247
+ message,
248
+ authorizationUrl: authUrl.toString(),
249
+ resumeToken,
250
+ expiresAt,
251
+ scopes,
252
+ display,
253
+ });
254
+ }
255
+ export function hasSensitiveScopes(scopes) {
256
+ const sensitivePatterns = [
257
+ 'write',
258
+ 'delete',
259
+ 'admin',
260
+ 'payment',
261
+ 'transfer',
262
+ 'execute',
263
+ 'modify',
264
+ ];
265
+ return scopes.some((scope) => sensitivePatterns.some((pattern) => scope.toLowerCase().includes(pattern)));
266
+ }
267
+ //# sourceMappingURL=handshake.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"handshake.js","sourceRoot":"","sources":["../../src/auth/handshake.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,EAAE,6BAA6B,EAAE,MAAM,sBAAsB,CAAC;AAErE,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAgG7C,MAAM,OAAO,sBAAsB;IACzB,MAAM,GAAG,IAAI,GAAG,EAUrB,CAAC;IACI,GAAG,CAAS;IAEpB,YAAY,KAAK,GAAG,OAAO;QACzB,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,MAAM,CACV,QAAgB,EAChB,MAAgB,EAChB,QAAkC;QAElC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QACjC,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QACzC,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjF,MAAM,KAAK,GAAG,MAAM,GAAG,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE;YACrB,QAAQ;YACR,MAAM;YACN,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,GAAG;YACzB,QAAQ;YACR,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,KAAa;QAOrB,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEvB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAChC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAEhC,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,KAAa;QACzB,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACxB,CAAC;IACH,CAAC;IAED,KAAK;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;CACF;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAgB,EAChB,MAAgB,EAChB,MAA2B;IAE3B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,CAAC,KAAK,CAAC,6BAA6B,QAAQ,gBAAgB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzF,CAAC;IAED,IAAI,UAAuC,CAAC;IAC5C,IAAI,MAAM,CAAC,iBAAiB,IAAI,MAAM,CAAC,aAAa,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QACtF,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC,kBAAkB,IAAI,iBAAiB,CAAC;QAEnF,IAAI,CAAC;YACH,UAAU,GAAG,MAAM,oBAAoB,CAAC,QAAQ,EAAE,MAAM,CAAC,iBAAiB,CAAC,CAAC;QAC9E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,4EAA4E,EAAE,KAAK,CAAC,CAAC;YAClG,UAAU,GAAG;gBACX,QAAQ;gBACR,KAAK,EAAE,IAAI;gBACX,iBAAiB,EAAE,CAAC;gBACpB,WAAW,EAAE,CAAC;gBACd,SAAS,EAAE,SAAS;gBACpB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,MAAM,CAAC,KAAK,CAAC,qCAAqC,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;QACxE,CAAC;QAED,qCAAqC;QACrC,IAAI,UAAU,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YAC9B,IAAI,aAAa,KAAK,MAAM,EAAE,CAAC;gBAC7B,MAAM,SAAS,GAAG,MAAM,4BAA4B,CAClD,QAAQ,EACR,MAAM,EACN,MAAM,EACN,gCAAgC,CACjC,CAAC;gBACF,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,SAAS;oBACT,UAAU;oBACV,MAAM,EAAE,8BAA8B;iBACvC,CAAC;YACJ,CAAC;YAED,IAAI,aAAa,KAAK,iBAAiB,EAAE,CAAC;gBACxC,MAAM,SAAS,GAAG,MAAM,4BAA4B,CAClD,QAAQ,EACR,MAAM,EACN,MAAM,EACN,gCAAgC,CACjC,CAAC;gBACF,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,SAAS;oBACT,UAAU;oBACV,MAAM,EAAE,yCAAyC;iBAClD,CAAC;YACJ,CAAC;YAED,iFAAiF;YACjF,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,MAAM,CAAC,KAAK,CAAC,2EAA2E,CAAC,CAAC;YAC5F,CAAC;QACH,CAAC;QAED,yCAAyC;QACzC,IAAI,UAAU,CAAC,KAAK,KAAK,IAAI,IAAI,UAAU,CAAC,KAAK,GAAG,MAAM,CAAC,aAAa,CAAC,kBAAkB,EAAE,CAAC;YAC5F,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,MAAM,CAAC,KAAK,CACV,8BAA8B,UAAU,CAAC,KAAK,MAAM,MAAM,CAAC,aAAa,CAAC,kBAAkB,2BAA2B,CACvH,CAAC;YACJ,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,4BAA4B,CAClD,QAAQ,EACR,MAAM,EACN,MAAM,EACN,wCAAwC,CACzC,CAAC;YAEF,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,SAAS;gBACT,UAAU;gBACV,MAAM,EAAE,sBAAsB;aAC/B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,gBAAwC,CAAC;IAE7C,IAAI,CAAC;QACH,gBAAgB,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC9E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,iDAAiD,EAAE,KAAK,CAAC,CAAC;QACvE,MAAM,YAAY,GAAG,kCAAkC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC;QAElH,MAAM,SAAS,GAAG,MAAM,4BAA4B,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;QAE7F,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,SAAS;YACT,MAAM,EAAE,YAAY;SACrB,CAAC;IACJ,CAAC;IAED,IAAI,gBAAgB,CAAC,KAAK,IAAI,gBAAgB,CAAC,UAAU,EAAE,CAAC;QAC1D,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,MAAM,CAAC,KAAK,CACV,iDAAiD,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,KAAK,CAC7E,CAAC;QACJ,CAAC;QAED,OAAO;YACL,UAAU,EAAE,IAAI;YAChB,UAAU,EAAE,gBAAgB,CAAC,UAAU;YACvC,UAAU,EAAE,gBAAgB,CAAC,UAAU;YACvC,UAAU;YACV,MAAM,EAAE,wBAAwB;SACjC,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,CAAC,KAAK,CACV,uEAAuE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,KAAK,CACnG,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,4BAA4B,CAClD,QAAQ,EACR,MAAM,EACN,MAAM,EACN,gBAAgB,CAAC,MAAM,IAAI,2BAA2B,CACvD,CAAC;IAEF,OAAO;QACL,UAAU,EAAE,KAAK;QACjB,SAAS;QACT,UAAU;QACV,MAAM,EAAE,gBAAgB,CAAC,MAAM,IAAI,eAAe;KACnD,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,QAAgB,EAChB,gBAA8E;IAE9E,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC1D,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;KACnC,CAAC;IAEF,IAAI,gBAAgB,CAAC,MAAM,EAAE,CAAC;QAC5B,OAAO,CAAC,WAAW,CAAC,GAAG,gBAAgB,CAAC,MAAM,CAAC;IACjD,CAAC;IAED,MAAM,UAAU,GAAG,gBAAgB,CAAC,SAAS,KAAK,IAAI,CAAC;IACvD,IAAI,QAAkB,CAAC;IAEvB,IAAI,UAAU,EAAE,CAAC;QACf,QAAQ,GAAG,MAAM,KAAK,CACpB,GAAG,MAAM,kBAAkB,kBAAkB,CAAC,QAAQ,CAAC,EAAE,EACzD;YACE,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;SACjD,CACF,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,QAAQ,GAAG,MAAM,KAAK,CACpB,GAAG,MAAM,sBAAsB,kBAAkB,CAAC,QAAQ,CAAC,EAAE,EAC7D,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,CAC3B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,OAAO;gBACL,QAAQ;gBACR,KAAK,EAAE,IAAI;gBACX,iBAAiB,EAAE,CAAC;gBACpB,WAAW,EAAE,CAAC;gBACd,SAAS,EAAE,SAAS;gBACpB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;IAEhE,MAAM,KAAK,GAAI,IAAI,CAAC,OAAO,CAAwB,IAAI,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,CACd,IAAI,CAAC,OAAO,CAAwB;QACpC,IAAI,CAAC,WAAW,CAAwB;QACzC,SAAS,CACV,CAAC,WAAW,EAAE,CAAC;IAChB,MAAM,SAAS,GACb,QAAQ,KAAK,KAAK,IAAI,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IAE5F,OAAO;QACL,QAAQ,EACL,IAAI,CAAC,WAAW,CAAwB;YACxC,IAAI,CAAC,UAAU,CAAwB;YACxC,QAAQ;QACV,KAAK;QACL,iBAAiB,EAAG,IAAI,CAAC,mBAAmB,CAAwB,IAAI,CAAC;QACzE,WAAW,EAAG,IAAI,CAAC,aAAa,CAAwB,IAAI,CAAC;QAC7D,SAAS;QACT,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC;YAC7B,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,cAAc,CAAW,CAAC,CAAC,OAAO,EAAE;YACpD,CAAC,CAAC,CAAE,IAAI,CAAC,WAAW,CAAwB,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;KAC9D,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,4BAA4B,CACzC,QAAgB,EAChB,MAAgB,EAChB,MAA2B,EAC3B,OAAe;IAEf,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE;QACzE,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE;KACxB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,IAAI,OAAO,CAAC,CAAC;IAEhF,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAC/D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAChD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IAEtD,MAAM,QAAQ,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IAE3D,MAAM,OAAO,GAAyB;QACpC,KAAK,EAAE,wBAAwB;QAC/B,IAAI,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC;QACpB,iBAAiB,EAAE,QAAQ;QAC3B,KAAK,EAAE,oDAAoD,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,EAAE;KACpG,CAAC;IAEF,OAAO,6BAA6B,CAAC;QACnC,OAAO;QACP,gBAAgB,EAAE,OAAO,CAAC,QAAQ,EAAE;QACpC,WAAW;QACX,SAAS;QACT,MAAM;QACN,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,MAAgB;IACjD,MAAM,iBAAiB,GAAG;QACxB,OAAO;QACP,QAAQ;QACR,OAAO;QACP,SAAS;QACT,UAAU;QACV,SAAS;QACT,QAAQ;KACT,CAAC;IAEF,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAC3B,iBAAiB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAC3E,CAAC;AACJ,CAAC"}
@@ -0,0 +1,3 @@
1
+ export { verifyOrHints, hasSensitiveScopes, MemoryResumeTokenStore, type AuthHandshakeConfig, type VerifyOrHintsResult, type AgentReputation, type ResumeTokenStore, type UnknownAgentPolicy, } from './handshake.js';
2
+ export type { DelegationVerifier, VerifyDelegationResult } from './types.js';
3
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,sBAAsB,EACtB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,GACxB,MAAM,gBAAgB,CAAC;AAExB,YAAY,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC"}
@@ -0,0 +1,2 @@
1
+ export { verifyOrHints, hasSensitiveScopes, MemoryResumeTokenStore, } from './handshake.js';
2
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,sBAAsB,GAMvB,MAAM,gBAAgB,CAAC"}