@kya-os/mcp 1.3.0 → 1.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +114 -2
- package/README.md +43 -26
- package/dist/delegation/vc-verifier.d.ts +17 -0
- package/dist/delegation/vc-verifier.d.ts.map +1 -1
- package/dist/delegation/vc-verifier.js +43 -2
- package/dist/delegation/vc-verifier.js.map +1 -1
- package/dist/errors.d.ts +1 -1
- package/dist/errors.js +1 -1
- package/dist/index.d.ts +4 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -3
- package/dist/index.js.map +1 -1
- package/dist/middleware/with-kya-os.d.ts +4 -23
- package/dist/middleware/with-kya-os.d.ts.map +1 -1
- package/dist/middleware/with-kya-os.js +25 -1
- package/dist/middleware/with-kya-os.js.map +1 -1
- package/dist/proof/errors.d.ts +1 -0
- package/dist/proof/errors.d.ts.map +1 -1
- package/dist/proof/errors.js +2 -0
- package/dist/proof/errors.js.map +1 -1
- package/dist/proof/index.d.ts +1 -1
- package/dist/proof/index.d.ts.map +1 -1
- package/dist/proof/index.js +1 -1
- package/dist/proof/index.js.map +1 -1
- package/dist/proof/verifier.d.ts +49 -1
- package/dist/proof/verifier.d.ts.map +1 -1
- package/dist/proof/verifier.js +84 -1
- package/dist/proof/verifier.js.map +1 -1
- package/dist/session/manager.d.ts +3 -1
- package/dist/session/manager.d.ts.map +1 -1
- package/dist/session/manager.js +7 -1
- package/dist/session/manager.js.map +1 -1
- package/dist/types/protocol.d.ts +13 -1
- package/dist/types/protocol.d.ts.map +1 -1
- package/dist/types/protocol.js +5 -1
- package/dist/types/protocol.js.map +1 -1
- package/package.json +1 -1
- package/schemas/README.md +2 -2
- package/schemas/delegation-credential.json +3 -3
- package/schemas/detached-proof.json +1 -1
- package/schemas/handshake-request.json +1 -1
- package/schemas/handshake-response.json +1 -1
- package/schemas/well-known-mcpi.json +9 -2
package/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,79 @@ Versioning: https://semver.org/spec/v2.0.0.html
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [1.3.2] - 2026-05-26
|
|
11
|
+
|
|
12
|
+
### Security
|
|
13
|
+
|
|
14
|
+
- **Verifier rejects claim-contaminated delegation credentials.** A
|
|
15
|
+
`DelegationCredential` whose `credentialSubject` carries properties beyond
|
|
16
|
+
`id` and `delegation` is now rejected by default — claim-bearing fields in a
|
|
17
|
+
permission credential separate designation from authorization (the
|
|
18
|
+
confused-deputy class, `SPEC.md` §6.2 / §11.6). The reference verifier exposes
|
|
19
|
+
`allowNonDelegationSubjectFields` (default `false`) as an audited opt-out that
|
|
20
|
+
logs a one-time per-process warning. Spec-conformant issuers are unaffected;
|
|
21
|
+
the reference issuer already emits `{ id, delegation }` subjects. New
|
|
22
|
+
conformance requirement L3.5a. (#67)
|
|
23
|
+
|
|
24
|
+
### Changed
|
|
25
|
+
|
|
26
|
+
- **Schema `$id` and JSON-LD `@context` hosts migrated** off the
|
|
27
|
+
`modelcontextprotocol-identity.io` trademark domain to the foundation-owned
|
|
28
|
+
`schema.kya-os.ai`. All five shipped JSON Schemas (`schemas/*.json`), the
|
|
29
|
+
spec's context references, and the `DELEGATION_CREDENTIAL_CONTEXT` constant
|
|
30
|
+
now resolve under `schema.kya-os.ai`; schemas are served identically at both
|
|
31
|
+
hosts during the migration window (no `$id` is 301-redirected). (#65)
|
|
32
|
+
|
|
33
|
+
## [1.3.1] - 2026-05-26
|
|
34
|
+
|
|
35
|
+
> These entries accreted across the 1.2.0 → 1.3.1 donation cutover and were
|
|
36
|
+
> published without strict per-version sectioning. They are grouped here for
|
|
37
|
+
> completeness; see `npm view @kya-os/mcp time` and git history for exact ship
|
|
38
|
+
> points. A clean per-version backfill is tracked separately.
|
|
39
|
+
|
|
40
|
+
### Added
|
|
41
|
+
|
|
42
|
+
- Export the byte-variant base64url helpers (`base64urlEncodeFromBytes`, `base64urlDecodeToBytes`) from the package entry point. They existed in `src/utils/base64.ts` but were not on the public API; downstream consumers need them for DID/JWK key encoding.
|
|
43
|
+
|
|
44
|
+
### Docs
|
|
45
|
+
|
|
46
|
+
- Tightened two capability-language hits inside the spec that survived the Responsible Party rename: §8.2 `DelegationProofJWT.sub` comment now describes the Responsible Party explicitly (was "User DID (on whose behalf)"), and the `userDid` field description in `schemas/delegation-credential.json` now reads "whose delegated authority the agent exercises" instead of "on whose behalf the delegation acts."
|
|
47
|
+
|
|
48
|
+
### Spec
|
|
49
|
+
|
|
50
|
+
- Added §11.0 (Trust Model) naming the three trust boundaries explicitly: the agent process, the verifier (with the Edge Verifier called out as a TCB component at L1), and the service / resource owner. Includes key custody options (software, proxy-managed, hardware-attested) and a mutual-authentication recommendation for services.
|
|
51
|
+
- Added §11.1 (Threat Model Summary) as a structured table: threat → mitigation → residual risk. Covers impersonation, replay, scope escalation, confused deputy, credential theft, agent abuse, key compromise, revocation race, downgrade, and DoS — with cross-references to detailed sections and to the cap-sec invariants in §6.4.1 / §6.5.
|
|
52
|
+
- Renumbered §11 subsections to fit the new structure (Revocation Freshness moved to §11.10; previous §11.1–§11.5 shifted by one).
|
|
53
|
+
- Introduced **Principal** and **Responsible Party** as first-class terms (§2). The Responsible Party is the entity ultimately accountable for actions taken under a delegation chain — the root issuer of the chain. Distinguished from the Principal (the immediate human delegator) to support organizational deployments where the operating human is not the accountable entity.
|
|
54
|
+
- Added a normative invariant to §6.4: every delegation chain MUST terminate at a Responsible Party, identified by the `issuerDid` of the root `DelegationCredential`.
|
|
55
|
+
- Reworded the Abstract to drop "on whose behalf" (impersonation framing) in favor of "what authority they hold (a delegation chain rooted at a Responsible Party)" — capability-security framing that matches the protocol's actual semantics.
|
|
56
|
+
- Added normative _meta hash exclusion paragraph and `session.metaPolicy` opt-in (default: `strict`).
|
|
57
|
+
- Documented anonymous handshake nonce-dedupe boundary; reference impl now uses a 60s TTL for anonymous nonces.
|
|
58
|
+
- Added `clockSkewSeconds` field to `.well-known/mcp` for server-advertised skew negotiation.
|
|
59
|
+
- Added the **designation invariant** to §6.4.1 as a normative MUST: invocations must designate the specific resource being exercised, even when the delegation authorizes multiple resources. The reference implementation already enforces this via the per-tool `scopeId` check; this change makes the behavior normative and cross-references it from §11.6 (Confused Deputy Attacks).
|
|
60
|
+
- Added §6.5.1 (Revocation Rights) defining who may revoke a delegation in v1.0: direct issuer, any ancestor issuer in the chain, and the responsible party at the root. Subject-side revocation is explicitly disallowed in v1.0; UCAN-style "revocation as a delegatable permission" is tracked for v1.1.
|
|
61
|
+
- Added §6.5.2 (Concurrency and the Revocation Race) acknowledging the Lamport-concurrent race between revocation issuance and propagation, with implementation guidance on bounding the window.
|
|
62
|
+
|
|
63
|
+
### Security
|
|
64
|
+
|
|
65
|
+
- **BREAKING (default flip): `requireAudienceOnRedelegation` now defaults to `true`.**
|
|
66
|
+
Every non-root credential in a delegation chain must carry an `audience`
|
|
67
|
+
constraint. Closes the confused-deputy class flagged by Alan Karp's
|
|
68
|
+
transitive-access analysis and matches `SPEC.md` §11.6. Integrations that
|
|
69
|
+
cannot yet bind audience on every re-delegation can set the flag to `false`
|
|
70
|
+
explicitly to preserve legacy behavior; doing so logs a one-time
|
|
71
|
+
per-process warning so the configuration is auditable in production logs.
|
|
72
|
+
- **Unsafe-mode warning:** setting `allowLegacyUnsafeDelegation` to `true`
|
|
73
|
+
now emits a one-time per-process `console.warn` on first use. Default
|
|
74
|
+
is unchanged (`false` / strict). The warning surfaces accidental
|
|
75
|
+
configuration in production logs without spamming per-session.
|
|
76
|
+
- `SECURITY.md` gained a "Secure Defaults & Unsafe Delegation Modes" section
|
|
77
|
+
documenting both flags, when to opt out, and the migration path back to
|
|
78
|
+
safe defaults.
|
|
79
|
+
- Added test coverage pinning the warn-once behavior on both unsafe-mode
|
|
80
|
+
flags: warns exactly once per process on opt-in, silent on safe defaults,
|
|
81
|
+
no duplicate warnings across repeated `wrapWithDelegation` calls.
|
|
82
|
+
|
|
10
83
|
### Added
|
|
11
84
|
|
|
12
85
|
- **Generic `Identity` interface** exported from the root entry point.
|
|
@@ -32,11 +105,39 @@ Versioning: https://semver.org/spec/v2.0.0.html
|
|
|
32
105
|
to DIF TAAWG. Version stays at 1.2.0 — the wire format, public
|
|
33
106
|
exports, and behavior are unchanged. The old `@mcp-i/core` package
|
|
34
107
|
is deprecated and points at this one.
|
|
35
|
-
- **Spec renamed from
|
|
108
|
+
- **Spec renamed from MCP-I to KYA-OS** across `SPEC.md`,
|
|
36
109
|
`CONFORMANCE.md`, `GOVERNANCE.md`, and example READMEs. Wire-format
|
|
37
110
|
identifiers (`_kyaos` tool name, well-known path, JSON Schema
|
|
38
111
|
files, JSON-LD context URLs) are deferred to a later cutover so
|
|
39
112
|
this doc-only rename doesn't break running implementations.
|
|
113
|
+
|
|
114
|
+
Why the rename: two forces.
|
|
115
|
+
|
|
116
|
+
First, MCP is Anthropic's trademark and lives under Anthropic's
|
|
117
|
+
governance. Calling a DIF-track identity protocol "MCP-Identity"
|
|
118
|
+
suggested an official extension of MCP and tied the protocol to a
|
|
119
|
+
single vendor's roadmap. The Linux Foundation flagged this during
|
|
120
|
+
pre-donation review and we agreed: a foundation-owned identity
|
|
121
|
+
protocol should not carry another foundation's (or vendor's)
|
|
122
|
+
trademark in its name.
|
|
123
|
+
|
|
124
|
+
Second, the protocol was never going to be MCP-only. The design
|
|
125
|
+
intent was a primitive layer for identity, authority, and
|
|
126
|
+
accountability that other agent-facing protocols adopt, analogous
|
|
127
|
+
to how TLS is a security layer that transports adopt rather than
|
|
128
|
+
a transport itself. KYA-OS primitives are intended to embed in
|
|
129
|
+
three kinds of host surface: transport bindings (wire protocols
|
|
130
|
+
an agent's calls ride over, e.g. MCP, HTTPS, gRPC, SMTP, Matrix,
|
|
131
|
+
browser-driven actions), runtime bindings (agent harnesses where
|
|
132
|
+
the loop runs and tool invocations can be wrapped uniformly), and
|
|
133
|
+
manifest / assertion embeddings (host formats like C2PA manifests
|
|
134
|
+
that already carry signed assertions and can carry a KYA-OS proof
|
|
135
|
+
as one assertion type). Naming the protocol after one binding
|
|
136
|
+
undersold the surface.
|
|
137
|
+
|
|
138
|
+
The MCP binding ships first because MCP is the most concentrated
|
|
139
|
+
agent-to-tool RPC surface today. Additional bindings will be
|
|
140
|
+
specified in the working group as they reach consensus.
|
|
40
141
|
- **Spec cut to `1.0.0`** (was `0.1.0-draft` in `SPEC.md`, `1.0.0-draft`
|
|
41
142
|
in `CONFORMANCE.md`). The wire format was already pinned at `1.0.0`
|
|
42
143
|
in the handshake protocol-version field; the spec docs now match.
|
|
@@ -47,6 +148,17 @@ Versioning: https://semver.org/spec/v2.0.0.html
|
|
|
47
148
|
- Added `delegation.allowLegacyUnsafeDelegation` to `createKyaOsMiddleware` as a temporary migration escape hatch for legacy integrations.
|
|
48
149
|
- Added middleware tests covering legacy-compatibility behavior for parent-linked and status-list credentials.
|
|
49
150
|
|
|
151
|
+
### Docs
|
|
152
|
+
|
|
153
|
+
- L1 revocation terminology clarified (verifier-local, not global CRL).
|
|
154
|
+
- Orchestration directory scope explicitly narrowed from global to service-local.
|
|
155
|
+
- Nonce lifetime documented to prevent early-eviction replay class.
|
|
156
|
+
- Multi-level audit record example added.
|
|
157
|
+
- Conformance-tiered audit-logging requirements added.
|
|
158
|
+
- Registry types (Delegation / Credential / Trust) disambiguated.
|
|
159
|
+
- Broken link to Protocol Registry fixed.
|
|
160
|
+
- Key Topics ordering aligned with site navigation.
|
|
161
|
+
|
|
50
162
|
## [1.0.0-draft] - 2026-03-12
|
|
51
163
|
|
|
52
164
|
### Added
|
|
@@ -75,7 +187,7 @@ Versioning: https://semver.org/spec/v2.0.0.html
|
|
|
75
187
|
- In-memory implementations for all providers (testing)
|
|
76
188
|
- Configurable logging with debug, info, warn, error levels
|
|
77
189
|
- Pure TypeScript protocol type definitions (zero runtime dependencies)
|
|
78
|
-
- Well-known endpoint (`/.well-known/
|
|
190
|
+
- Well-known endpoint (`/.well-known/mcp`) for server discovery
|
|
79
191
|
- Outbound delegation proof JWT builder for downstream API calls
|
|
80
192
|
- Three-tier conformance levels:
|
|
81
193
|
- Level 1: Core Crypto (key generation, signing, hashing, DID resolution)
|
package/README.md
CHANGED
|
@@ -1,35 +1,52 @@
|
|
|
1
1
|
<p align="center">
|
|
2
|
-
<a href="https://
|
|
2
|
+
<a href="https://kya-os.ai">
|
|
3
3
|
<picture>
|
|
4
|
-
<source media="(prefers-color-scheme: dark)" srcset="https://
|
|
5
|
-
<img alt="" src="https://
|
|
4
|
+
<source media="(prefers-color-scheme: dark)" srcset="https://kya-os.ai/mcp/images/logo-mark_white.svg">
|
|
5
|
+
<img alt="" src="https://kya-os.ai/mcp/images/logo-mark_black.svg" width="64">
|
|
6
6
|
</picture>
|
|
7
7
|
</a>
|
|
8
8
|
</p>
|
|
9
9
|
|
|
10
10
|
<p align="center">
|
|
11
|
-
<strong>
|
|
11
|
+
<strong>KYA-OS: agent identity, delegation, and proof. This repo is the MCP binding.</strong>
|
|
12
12
|
</p>
|
|
13
13
|
|
|
14
14
|
<p align="center">
|
|
15
15
|
<a href="https://www.npmjs.com/package/@kya-os/mcp"><img src="https://img.shields.io/npm/v/@kya-os/mcp" alt="npm"></a>
|
|
16
|
-
<a href="https://
|
|
16
|
+
<a href="https://kya-os.ai/mcp"><img src="https://img.shields.io/badge/spec-KYA--OS-blue" alt="spec"></a>
|
|
17
17
|
<a href="https://identity.foundation/working-groups/agent-and-authorization.html"><img src="https://img.shields.io/badge/DIF-TAAWG-purple" alt="DIF TAAWG"></a>
|
|
18
18
|
<a href="./LICENSE"><img src="https://img.shields.io/github/license/decentralized-identity/kya-os-mcp" alt="license"></a>
|
|
19
19
|
</p>
|
|
20
20
|
|
|
21
|
-
<p align="center">
|
|
22
|
-
<em><code>@kya-os/mcp</code> is the reference implementation of the <strong>KYA-OS</strong> (Know Your Agent Operating System) protocol for Model Context Protocol servers — binding KYA-OS's identity, delegation, and proof primitives into MCP. KYA-OS is the agent identity, authorization, and observability protocol.</em>
|
|
23
|
-
</p>
|
|
24
|
-
|
|
25
21
|
---
|
|
26
22
|
|
|
27
|
-
|
|
23
|
+
## What KYA-OS is
|
|
24
|
+
|
|
25
|
+
**KYA-OS** (Know Your Agent Operating System) is an identity, authority, and accountability layer that other agent-facing protocols adopt, so that any time an agent acts you can verify *who* called (agent identity), *under what authority* (delegation chain rooted at a Responsible Party, plus consent where required), and *what they did* (signed proofs composing into audit trails).
|
|
26
|
+
|
|
27
|
+
The shape of the contribution is roughly analogous to TLS. TLS is not a transport, it is a security layer that transports adopt. KYA-OS is not a transport or a runtime, it is an identity and accountability layer that host protocols embed.
|
|
28
|
+
|
|
29
|
+
Three jobs, six primitives:
|
|
30
|
+
|
|
31
|
+
- **Identity.** Every agent and every server holds a Decentralized Identifier (`did:key`, `did:web`): a stable, cryptographically-controlled identifier that the agent can prove it owns, and that credentials can be issued against. Without this, there is nothing to bind authority to or hold accountable.
|
|
32
|
+
- **Authority.** W3C Verifiable Credentials carrying scoped, revocable delegation chains rooted at a Responsible Party. Per-tool consent gating for actions that require explicit human approval.
|
|
33
|
+
- **Accountability.** Detached JWS proofs over canonicalized request/response hashes, composing into tamper-evident audit trails. Invisible to the LLM, verifiable by anyone holding the agent's DID.
|
|
34
|
+
|
|
35
|
+
> **Note on the name.** This protocol was previously known as **MCP-Identity** / **MCP-I**. The rename to KYA-OS reflects the protocol's binding-agnostic scope. See the [`[Unreleased]` entry in `CHANGELOG.md`](./CHANGELOG.md#unreleased) for the full rationale.
|
|
36
|
+
|
|
37
|
+
## What this repo is
|
|
38
|
+
|
|
39
|
+
`@kya-os/mcp` is the **MCP binding** of KYA-OS, the reference implementation for [Model Context Protocol](https://modelcontextprotocol.io) servers, and the first binding to ship.
|
|
40
|
+
|
|
41
|
+
KYA-OS primitives are intended to embed in three kinds of host surface:
|
|
42
|
+
|
|
43
|
+
1. **Transport bindings.** Wire protocols an agent's calls ride over (e.g. MCP, HTTPS, gRPC, SMTP).
|
|
44
|
+
2. **Runtime bindings.** Agent harnesses where the loop runs and tool invocations can be wrapped uniformly.
|
|
45
|
+
3. **Manifest / assertion embeddings.** Host formats that already carry signed assertions, where a KYA-OS proof can serve as one assertion type (e.g. C2PA-track content provenance manifests).
|
|
46
|
+
|
|
47
|
+
The MCP binding ships first because MCP is the most concentrated agent-to-tool RPC surface today. Additional bindings will be specified in the working group as they reach consensus.
|
|
28
48
|
|
|
29
|
-
-
|
|
30
|
-
- **Every tool call gets a signed proof** — a tamper-evident receipt the agent can't forge or deny
|
|
31
|
-
- **Protected tools require human consent** — per-tool authorization via W3C Delegation Credentials
|
|
32
|
-
- **The AI never knows** — identity, proofs, and consent happen transparently in the protocol layer
|
|
49
|
+
The KYA-OS protocol itself is defined in [`SPEC.md`](./SPEC.md). Binding-specific behavior is called out so future bindings can diverge cleanly where they need to.
|
|
33
50
|
|
|
34
51
|
```
|
|
35
52
|
npm install @kya-os/mcp
|
|
@@ -37,9 +54,9 @@ npm install @kya-os/mcp
|
|
|
37
54
|
|
|
38
55
|
---
|
|
39
56
|
|
|
40
|
-
## Migrate
|
|
57
|
+
## Migrate any MCP server in 2 lines
|
|
41
58
|
|
|
42
|
-
**Before
|
|
59
|
+
**Before**, a standard MCP server with no identity or proofs:
|
|
43
60
|
|
|
44
61
|
```typescript
|
|
45
62
|
import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
|
|
@@ -51,7 +68,7 @@ server.registerTool('greet', { description: 'Say hello' }, async (args) => ({
|
|
|
51
68
|
}));
|
|
52
69
|
```
|
|
53
70
|
|
|
54
|
-
**After
|
|
71
|
+
**After**, every tool response now carries a signed cryptographic proof:
|
|
55
72
|
|
|
56
73
|
```typescript
|
|
57
74
|
import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
|
|
@@ -65,15 +82,15 @@ server.registerTool('greet', { description: 'Say hello' }, async (args) => ({
|
|
|
65
82
|
}));
|
|
66
83
|
```
|
|
67
84
|
|
|
68
|
-
That's it. `withKyaOs` auto-generates an Ed25519 identity, registers the `_kyaos` protocol tool, and wraps the transport so every tool response includes a detached JWS proof in `_meta
|
|
85
|
+
That's it. `withKyaOs` auto-generates an Ed25519 identity, registers the `_kyaos` protocol tool, and wraps the transport so every tool response includes a detached JWS proof in `_meta`. Invisible to the LLM, verifiable by anyone.
|
|
69
86
|
|
|
70
|
-
> See the full working example: [examples/context7-with-kya-os](./examples/context7-with-kya-os/)
|
|
87
|
+
> See the full working example: [examples/context7-with-kya-os](./examples/context7-with-kya-os/), a real MCP server (Context7) migrated with exactly 2 lines of code.
|
|
71
88
|
|
|
72
89
|
---
|
|
73
90
|
|
|
74
|
-
## Protect
|
|
91
|
+
## Protect tools with human consent
|
|
75
92
|
|
|
76
|
-
Some tools shouldn't run without a human saying "yes." KYA-OS
|
|
93
|
+
Some tools shouldn't run without a human saying "yes." KYA-OS adds per-tool authorization using W3C Verifiable Credentials:
|
|
77
94
|
|
|
78
95
|
```typescript
|
|
79
96
|
const checkout = kyaos.wrapWithDelegation(
|
|
@@ -85,13 +102,13 @@ const checkout = kyaos.wrapWithDelegation(
|
|
|
85
102
|
);
|
|
86
103
|
```
|
|
87
104
|
|
|
88
|
-
When an agent calls `checkout` without a delegation credential, it gets back a `needs_authorization` response with a consent URL. The human approves, a scoped credential is issued, and the agent retries
|
|
105
|
+
When an agent calls `checkout` without a delegation credential, it gets back a `needs_authorization` response with a consent URL. The human approves, a scoped credential is issued, and the agent retries, now authorized.
|
|
89
106
|
|
|
90
107
|
> Try it yourself: [examples/consent-basic](./examples/consent-basic/) walks through the full consent flow end-to-end.
|
|
91
108
|
|
|
92
109
|
---
|
|
93
110
|
|
|
94
|
-
## See
|
|
111
|
+
## See it in action
|
|
95
112
|
|
|
96
113
|
```bash
|
|
97
114
|
git clone https://github.com/decentralized-identity/kya-os-mcp.git
|
|
@@ -112,13 +129,13 @@ Also available: [outbound-delegation](./examples/outbound-delegation/) (gateway
|
|
|
112
129
|
|
|
113
130
|
---
|
|
114
131
|
|
|
115
|
-
## What's
|
|
132
|
+
## What's under the hood
|
|
116
133
|
|
|
117
134
|
| Capability | How it works |
|
|
118
135
|
|-----------|-------------|
|
|
119
136
|
| **Cryptographic identity** | Ed25519 key pairs, `did:key` and `did:web` resolution |
|
|
120
137
|
| **Signed proofs** | Detached JWS over JCS-canonicalized request/response hashes |
|
|
121
|
-
| **Delegation credentials** | W3C Verifiable Credentials with scope constraints |
|
|
138
|
+
| **Delegation credentials** | W3C Verifiable Credentials with scope constraints, rooted at a Responsible Party |
|
|
122
139
|
| **Revocation** | StatusList2021 bitstring with cascading revocation |
|
|
123
140
|
| **Replay prevention** | Nonce-based handshake with timestamp skew validation |
|
|
124
141
|
| **Extensible** | Bring your own KMS, HSM, nonce cache (Redis, DynamoDB, KV), or DID method |
|
|
@@ -127,7 +144,7 @@ Also available: [outbound-delegation](./examples/outbound-delegation/) (gateway
|
|
|
127
144
|
|
|
128
145
|
## Links
|
|
129
146
|
|
|
130
|
-
- [Spec](
|
|
147
|
+
- [Spec](./SPEC.md) | [Changelog](./CHANGELOG.md) | [DIF TAAWG](https://identity.foundation/working-groups/agent-and-authorization.html) | [npm](https://www.npmjs.com/package/@kya-os/mcp)
|
|
131
148
|
- [CONTRIBUTING.md](./CONTRIBUTING.md) | [CONFORMANCE.md](./CONFORMANCE.md) | [SECURITY.md](./SECURITY.md) | [GOVERNANCE.md](./GOVERNANCE.md)
|
|
132
149
|
|
|
133
150
|
## License
|
|
@@ -34,6 +34,15 @@ export interface VerifyDelegationVCOptions {
|
|
|
34
34
|
skipStatus?: boolean;
|
|
35
35
|
didResolver?: DIDResolver;
|
|
36
36
|
statusListResolver?: StatusListResolver;
|
|
37
|
+
/**
|
|
38
|
+
* Accept a delegation credential whose `credentialSubject` carries properties
|
|
39
|
+
* beyond `id` and `delegation` (e.g. claim-bearing fields). UNSAFE: mixing
|
|
40
|
+
* claim semantics into a permission credential separates designation from
|
|
41
|
+
* authorization — the root of the confused-deputy class (KYA-OS §11.6).
|
|
42
|
+
* Defaults to `false` (strict). When `true`, the verifier emits a one-time
|
|
43
|
+
* per-process warning and accepts the credential.
|
|
44
|
+
*/
|
|
45
|
+
allowNonDelegationSubjectFields?: boolean;
|
|
37
46
|
}
|
|
38
47
|
export interface DIDResolver {
|
|
39
48
|
resolve(did: string): Promise<DIDDocument | null>;
|
|
@@ -96,6 +105,14 @@ export declare class DelegationCredentialVerifier {
|
|
|
96
105
|
*/
|
|
97
106
|
verifyDelegationCredential(vc: DelegationCredential, options?: VerifyDelegationVCOptions): Promise<DelegationVCVerificationResult>;
|
|
98
107
|
private validateBasicProperties;
|
|
108
|
+
/**
|
|
109
|
+
* Reject a delegation credential whose `credentialSubject` carries properties
|
|
110
|
+
* other than `id` and `delegation`. Claim-bearing fields in a permission
|
|
111
|
+
* credential separate designation from authorization — the confused-deputy
|
|
112
|
+
* class (KYA-OS §11.6). Strict by default; the unsafe opt-out emits a
|
|
113
|
+
* one-time per-process warning.
|
|
114
|
+
*/
|
|
115
|
+
private validateSubjectShape;
|
|
99
116
|
private verifySignature;
|
|
100
117
|
private checkCredentialStatus;
|
|
101
118
|
private findVerificationMethod;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vc-verifier.d.ts","sourceRoot":"","sources":["../../src/delegation/vc-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EACV,oBAAoB,EACpB,gBAAgB,EACjB,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"vc-verifier.d.ts","sourceRoot":"","sources":["../../src/delegation/vc-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EACV,oBAAoB,EACpB,gBAAgB,EACjB,MAAM,sBAAsB,CAAC;AAmB9B,MAAM,WAAW,8BAA8B;IAC7C,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,OAAO,GAAG,WAAW,GAAG,QAAQ,GAAG,UAAU,CAAC;IACrD,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE;QACR,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,MAAM,CAAC,EAAE;QACP,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,WAAW,CAAC,EAAE,OAAO,CAAC;KACvB,CAAC;CACH;AAED,MAAM,WAAW,yBAAyB;IACxC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC;;;;;;;OAOG;IACH,+BAA+B,CAAC,EAAE,OAAO,CAAC;CAC3C;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;CACnD;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,kBAAkB,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAC1C,cAAc,CAAC,EAAE,CAAC,MAAM,GAAG,kBAAkB,CAAC,EAAE,CAAC;IACjD,eAAe,CAAC,EAAE,CAAC,MAAM,GAAG,kBAAkB,CAAC,EAAE,CAAC;CACnD;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,CAAC,MAAM,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACzD;AAED,MAAM,WAAW,6BAA6B;IAC5C,CACE,EAAE,EAAE,oBAAoB,EACxB,YAAY,EAAE,OAAO,GACpB,OAAO,CAAC;QACT,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC,CAAC;CACJ;AAED,qBAAa,4BAA4B;IACvC,OAAO,CAAC,WAAW,CAAC,CAAc;IAClC,OAAO,CAAC,kBAAkB,CAAC,CAAqB;IAChD,OAAO,CAAC,iBAAiB,CAAC,CAAgC;IAC1D,OAAO,CAAC,KAAK,CAGT;IACJ,OAAO,CAAC,mBAAmB,CAAgB;IAC3C,OAAO,CAAC,QAAQ,CAAS;IACzB;;;;OAIG;IACH,OAAO,CAAC,YAAY,CAAS;gBAEjB,OAAO,CAAC,EAAE;QACpB,WAAW,CAAC,EAAE,WAAW,CAAC;QAC1B,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;QACxC,iBAAiB,CAAC,EAAE,6BAA6B,CAAC;QAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,2CAA2C;QAC3C,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB;IAQD;;;;;;;;;;OAUG;IACG,0BAA0B,CAC9B,EAAE,EAAE,oBAAoB,EACxB,OAAO,GAAE,yBAA8B,GACtC,OAAO,CAAC,8BAA8B,CAAC;IA6F1C,OAAO,CAAC,uBAAuB;IA+C/B;;;;;;OAMG;IACH,OAAO,CAAC,oBAAoB;YAgCd,eAAe;YAkFf,qBAAqB;IAuCnC,OAAO,CAAC,sBAAsB;IAS9B,OAAO,CAAC,YAAY;IAYpB,OAAO,CAAC,UAAU;IAgBlB,UAAU,IAAI,IAAI;IAKlB,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;CAOlC;AAED,wBAAgB,wBAAwB,CAAC,OAAO,CAAC,EAAE;IACjD,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,iBAAiB,CAAC,EAAE,6BAA6B,CAAC;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GAAG,4BAA4B,CAE/B"}
|
|
@@ -11,6 +11,16 @@
|
|
|
11
11
|
* Related Spec: KYA-OS §4.3, W3C VC Data Model 1.1
|
|
12
12
|
*/
|
|
13
13
|
import { isDelegationCredentialExpired, isDelegationCredentialNotYetValid, validateDelegationCredential, } from "../types/protocol.js";
|
|
14
|
+
/**
|
|
15
|
+
* Properties a DelegationCredential `credentialSubject` may carry. Anything
|
|
16
|
+
* else is treated as a claim-intended field and rejected by default — a
|
|
17
|
+
* permission credential must not smuggle claims (KYA-OS §11.6).
|
|
18
|
+
*/
|
|
19
|
+
const DELEGATION_SUBJECT_KEYS = ["id", "delegation"];
|
|
20
|
+
// Module-level warn-once flag for the unsafe opt-out in validateSubjectShape.
|
|
21
|
+
// Per-process, mirroring the convention in middleware/with-kya-os.ts so
|
|
22
|
+
// operators see a single log line rather than one per verification.
|
|
23
|
+
let warnedNonDelegationSubjectFields = false;
|
|
14
24
|
export class DelegationCredentialVerifier {
|
|
15
25
|
didResolver;
|
|
16
26
|
statusListResolver;
|
|
@@ -51,7 +61,7 @@ export class DelegationCredentialVerifier {
|
|
|
51
61
|
}
|
|
52
62
|
}
|
|
53
63
|
const basicCheckStart = Date.now();
|
|
54
|
-
const basicValidation = this.validateBasicProperties(vc);
|
|
64
|
+
const basicValidation = this.validateBasicProperties(vc, options);
|
|
55
65
|
const basicCheckMs = Date.now() - basicCheckStart;
|
|
56
66
|
if (!basicValidation.valid) {
|
|
57
67
|
const result = {
|
|
@@ -110,7 +120,7 @@ export class DelegationCredentialVerifier {
|
|
|
110
120
|
}
|
|
111
121
|
return result;
|
|
112
122
|
}
|
|
113
|
-
validateBasicProperties(vc) {
|
|
123
|
+
validateBasicProperties(vc, options) {
|
|
114
124
|
const schemaValidation = validateDelegationCredential(vc);
|
|
115
125
|
if (!schemaValidation.success) {
|
|
116
126
|
return {
|
|
@@ -137,8 +147,39 @@ export class DelegationCredentialVerifier {
|
|
|
137
147
|
if (!vc.proof) {
|
|
138
148
|
return { valid: false, reason: "Missing proof" };
|
|
139
149
|
}
|
|
150
|
+
const subjectShape = this.validateSubjectShape(vc, options);
|
|
151
|
+
if (!subjectShape.valid) {
|
|
152
|
+
return subjectShape;
|
|
153
|
+
}
|
|
140
154
|
return { valid: true };
|
|
141
155
|
}
|
|
156
|
+
/**
|
|
157
|
+
* Reject a delegation credential whose `credentialSubject` carries properties
|
|
158
|
+
* other than `id` and `delegation`. Claim-bearing fields in a permission
|
|
159
|
+
* credential separate designation from authorization — the confused-deputy
|
|
160
|
+
* class (KYA-OS §11.6). Strict by default; the unsafe opt-out emits a
|
|
161
|
+
* one-time per-process warning.
|
|
162
|
+
*/
|
|
163
|
+
validateSubjectShape(vc, options) {
|
|
164
|
+
const extraneous = Object.keys(vc.credentialSubject).filter((key) => !DELEGATION_SUBJECT_KEYS.includes(key));
|
|
165
|
+
if (extraneous.length === 0) {
|
|
166
|
+
return { valid: true };
|
|
167
|
+
}
|
|
168
|
+
if (options.allowNonDelegationSubjectFields) {
|
|
169
|
+
if (!warnedNonDelegationSubjectFields) {
|
|
170
|
+
warnedNonDelegationSubjectFields = true;
|
|
171
|
+
console.warn(`[DelegationCredentialVerifier] allowNonDelegationSubjectFields is enabled — ` +
|
|
172
|
+
`accepting credentialSubject with non-delegation field(s): ${extraneous.join(", ")}. ` +
|
|
173
|
+
`Claim-bearing fields in a permission credential are a confused-deputy risk (KYA-OS §11.6).`);
|
|
174
|
+
}
|
|
175
|
+
return { valid: true };
|
|
176
|
+
}
|
|
177
|
+
return {
|
|
178
|
+
valid: false,
|
|
179
|
+
reason: `credentialSubject contains non-delegation field(s): ${extraneous.join(", ")}. ` +
|
|
180
|
+
`A DelegationCredential subject MUST carry only 'id' and 'delegation' (KYA-OS §11.6).`,
|
|
181
|
+
};
|
|
182
|
+
}
|
|
142
183
|
async verifySignature(vc, didResolver) {
|
|
143
184
|
const startTime = Date.now();
|
|
144
185
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vc-verifier.js","sourceRoot":"","sources":["../../src/delegation/vc-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAMH,OAAO,EACL,6BAA6B,EAC7B,iCAAiC,EACjC,4BAA4B,GAC7B,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"vc-verifier.js","sourceRoot":"","sources":["../../src/delegation/vc-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAMH,OAAO,EACL,6BAA6B,EAC7B,iCAAiC,EACjC,4BAA4B,GAC7B,MAAM,sBAAsB,CAAC;AAE9B;;;;GAIG;AACH,MAAM,uBAAuB,GAAsB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;AAExE,8EAA8E;AAC9E,wEAAwE;AACxE,oEAAoE;AACpE,IAAI,gCAAgC,GAAG,KAAK,CAAC;AAwE7C,MAAM,OAAO,4BAA4B;IAC/B,WAAW,CAAe;IAC1B,kBAAkB,CAAsB;IACxC,iBAAiB,CAAiC;IAClD,KAAK,GAAG,IAAI,GAAG,EAGpB,CAAC;IACI,mBAAmB,GAAa,EAAE,CAAC;IACnC,QAAQ,CAAS;IACzB;;;;OAIG;IACK,YAAY,CAAS;IAE7B,YAAY,OAOX;QACC,IAAI,CAAC,WAAW,GAAG,OAAO,EAAE,WAAW,CAAC;QACxC,IAAI,CAAC,kBAAkB,GAAG,OAAO,EAAE,kBAAkB,CAAC;QACtD,IAAI,CAAC,iBAAiB,GAAG,OAAO,EAAE,iBAAiB,CAAC;QACpD,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,MAAM,CAAC;QAC5C,IAAI,CAAC,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,IAAI,CAAC;IACpD,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,0BAA0B,CAC9B,EAAwB,EACxB,UAAqC,EAAE;QAEvC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;YAC9C,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;YACrC,CAAC;QACH,CAAC;QAED,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACnC,MAAM,eAAe,GAAG,IAAI,CAAC,uBAAuB,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAClE,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC;QAElD,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAmC;gBAC7C,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,eAAe,CAAC,MAAM;gBAC9B,KAAK,EAAE,OAAO;gBACd,OAAO,EAAE;oBACP,YAAY;oBACZ,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBAChC;gBACD,MAAM,EAAE;oBACN,UAAU,EAAE,KAAK;iBAClB;aACF,CAAC;YACF,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,MAAM,gBAAgB,GAAG,CAAC,OAAO,CAAC,aAAa;YAC7C,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,CAAC;YACnE,CAAC,CAAC,OAAO,CAAC,OAAO,CAIZ;gBACD,KAAK,EAAE,IAAI;gBACX,UAAU,EAAE,CAAC;aACd,CAAC,CAAC;QAEP,MAAM,aAAa,GACjB,CAAC,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC,gBAAgB;YACxC,CAAC,CAAC,IAAI,CAAC,qBAAqB,CACxB,EAAE,CAAC,gBAAgB,EACnB,OAAO,CAAC,kBAAkB,IAAI,IAAI,CAAC,kBAAkB,CACtD;YACH,CAAC,CAAC,OAAO,CAAC,OAAO,CAIZ;gBACD,KAAK,EAAE,IAAI;gBACX,UAAU,EAAE,CAAC;aACd,CAAC,CAAC;QAET,MAAM,CAAC,eAAe,EAAE,YAAY,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACxD,gBAAgB;YAChB,aAAa;SACd,CAAC,CAAC;QAEH,MAAM,gBAAgB,GAAG,eAAe,CAAC,UAAU,IAAI,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,YAAY,CAAC,UAAU,IAAI,CAAC,CAAC;QAEnD,MAAM,QAAQ,GACZ,eAAe,CAAC,KAAK,IAAI,eAAe,CAAC,KAAK,IAAI,YAAY,CAAC,KAAK,CAAC;QAEvE,MAAM,MAAM,GAAmC;YAC7C,KAAK,EAAE,QAAQ;YACf,MAAM,EAAE,CAAC,QAAQ;gBACf,CAAC,CAAC,eAAe,CAAC,MAAM,IAAI,YAAY,CAAC,MAAM,IAAI,iBAAiB;gBACpE,CAAC,CAAC,SAAS;YACb,KAAK,EAAE,UAAU;YACjB,OAAO,EAAE;gBACP,YAAY;gBACZ,gBAAgB;gBAChB,aAAa;gBACb,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aAChC;YACD,MAAM,EAAE;gBACN,UAAU,EAAE,eAAe,CAAC,KAAK;gBACjC,cAAc,EAAE,eAAe,CAAC,KAAK;gBACrC,WAAW,EAAE,YAAY,CAAC,KAAK;aAChC;SACF,CAAC;QAEF,IAAI,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1B,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QACjC,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,uBAAuB,CAC7B,EAAwB,EACxB,OAAkC;QAKlC,MAAM,gBAAgB,GAAG,4BAA4B,CAAC,EAAE,CAAC,CAAC;QAC1D,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC;YAC9B,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,6BAA6B,gBAAgB,CAAC,KAAK,EAAE,OAAO,EAAE;aACvE,CAAC;QACJ,CAAC;QAED,IAAI,6BAA6B,CAAC,EAAE,CAAC,EAAE,CAAC;YACtC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;QACnE,CAAC;QAED,IAAI,iCAAiC,CAAC,EAAE,CAAC,EAAE,CAAC;YAC1C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,qCAAqC,EAAE,CAAC;QACzE,CAAC;QAED,MAAM,UAAU,GAAG,EAAE,CAAC,iBAAiB,CAAC,UAAU,CAAC;QACnD,IAAI,UAAU,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACpC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,8BAA8B,EAAE,CAAC;QAClE,CAAC;QACD,IAAI,UAAU,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACpC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,8BAA8B,EAAE,CAAC;QAClE,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;YACpD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;QACnE,CAAC;QAED,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;YACd,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;QACnD,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,oBAAoB,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC5D,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;YACxB,OAAO,YAAY,CAAC;QACtB,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED;;;;;;OAMG;IACK,oBAAoB,CAC1B,EAAwB,EACxB,OAAkC;QAElC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,iBAAiB,CAAC,CAAC,MAAM,CACzD,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,uBAAuB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAChD,CAAC;QAEF,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACzB,CAAC;QAED,IAAI,OAAO,CAAC,+BAA+B,EAAE,CAAC;YAC5C,IAAI,CAAC,gCAAgC,EAAE,CAAC;gBACtC,gCAAgC,GAAG,IAAI,CAAC;gBACxC,OAAO,CAAC,IAAI,CACV,8EAA8E;oBAC5E,6DAA6D,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;oBACtF,4FAA4F,CAC/F,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACzB,CAAC;QAED,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EACJ,uDAAuD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;gBAChF,sFAAsF;SACzF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,eAAe,CAC3B,EAAwB,EACxB,WAAyB;QAEzB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,IAAI,CAAC;YACH,MAAM,SAAS,GACb,OAAO,EAAE,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;YAE3D,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC5C,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EACJ,iFAAiF;oBACnF,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,iCAAiC,SAAS,EAAE;oBACpD,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;gBACd,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,kBAAkB;oBAC1B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,MAAM,oBAAoB,GAAG,EAAE,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YAC5D,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC1B,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,kCAAkC;oBAC1C,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,MAAM,kBAAkB,GAAG,IAAI,CAAC,sBAAsB,CACpD,MAAM,EACN,oBAA8B,CAC/B,CAAC;YACF,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,uBAAuB,oBAAoB,YAAY;oBAC/D,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,MAAM,YAAY,GAAG,kBAAkB,CAAC,YAAY,CAAC;YACrD,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,0CAA0C;oBAClD,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC;YAE1E,OAAO;gBACL,KAAK,EAAE,kBAAkB,CAAC,KAAK;gBAC/B,MAAM,EAAE,kBAAkB,CAAC,MAAM;gBACjC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACnC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,iCAAiC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;gBACnG,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACnC,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,qBAAqB,CACjC,MAAwB,EACxB,kBAAuC;QAEvC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,IAAI,CAAC;YACH,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EACJ,6GAA6G;oBAC/G,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAE/D,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,0CAA0C,MAAM,CAAC,aAAa,GAAG;oBACzE,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACnC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,uBAAuB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;gBACzF,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACnC,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,sBAAsB,CAC5B,MAAmB,EACnB,oBAA4B;QAE5B,OAAO,MAAM,CAAC,kBAAkB,EAAE,IAAI,CACpC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,oBAAoB,CACvC,CAAC;IACJ,CAAC;IAEO,YAAY,CAAC,EAAU;QAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACjC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACtB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC,MAAM,CAAC;IACtB,CAAC;IAEO,UAAU,CAAC,EAAU,EAAE,MAAsC;QACnE,iEAAiE;QACjE,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnF,MAAM,QAAQ,GAAG,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAClD,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE;YACjB,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ;SACtC,CAAC,CAAC;QACH,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpC,CAAC;IAED,UAAU;QACR,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACnB,IAAI,CAAC,mBAAmB,GAAG,EAAE,CAAC;IAChC,CAAC;IAED,eAAe,CAAC,EAAU;QACxB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACjD,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;YACf,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;CACF;AAED,MAAM,UAAU,wBAAwB,CAAC,OAKxC;IACC,OAAO,IAAI,4BAA4B,CAAC,OAAO,CAAC,CAAC;AACnD,CAAC"}
|
package/dist/errors.d.ts
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* KYA-OS Canonical Error Codes
|
|
3
3
|
*
|
|
4
4
|
* Single source of truth for all wire-format error codes.
|
|
5
|
-
* Aligned with the error catalog at
|
|
5
|
+
* Aligned with the error catalog at kya-os.ai/mcp.
|
|
6
6
|
*
|
|
7
7
|
* Naming convention: snake_case, no protocol prefix.
|
|
8
8
|
* Follows OAuth 2.0 / Stripe conventions for readability and portability.
|
package/dist/errors.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* KYA-OS Canonical Error Codes
|
|
3
3
|
*
|
|
4
4
|
* Single source of truth for all wire-format error codes.
|
|
5
|
-
* Aligned with the error catalog at
|
|
5
|
+
* Aligned with the error catalog at kya-os.ai/mcp.
|
|
6
6
|
*
|
|
7
7
|
* Naming convention: snake_case, no protocol prefix.
|
|
8
8
|
* Follows OAuth 2.0 / Stripe conventions for readability and portability.
|
package/dist/index.d.ts
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* Delegation, proof, and session for Model Context Protocol Identity.
|
|
5
5
|
* This package is a DIF TAAWG protocol reference implementation.
|
|
6
6
|
*
|
|
7
|
-
* Related Spec: https://
|
|
7
|
+
* Related Spec: https://kya-os.ai/mcp
|
|
8
8
|
*
|
|
9
9
|
* ## Error handling strategy
|
|
10
10
|
*
|
|
@@ -15,8 +15,9 @@
|
|
|
15
15
|
* This ensures callers can always handle failures without try/catch on validation paths.
|
|
16
16
|
*/
|
|
17
17
|
export { KYA_OS_ERROR_CODES, createKyaOsError, type KyaOsErrorCode, type KyaOsErrorResponse, } from './errors.js';
|
|
18
|
+
export { base64urlEncodeFromBytes, base64urlDecodeToBytes, } from './utils/base64.js';
|
|
18
19
|
export type { DelegationConstraints, DelegationRecord, DelegationCredential, DelegationStatus, CredentialStatus, StatusList2021Credential, Proof, HandshakeRequest, SessionContext, NonceCache, MCPClientInfo, MCPClientSessionInfo, SessionIdentityState, DetachedProof, ProofMeta, CanonicalHashes, AuditRecord, AuditContext, AuditEventContext, NeedsAuthorizationError, AuthorizationDisplay, CrispBudget, CrispScope, } from './types/protocol.js';
|
|
19
|
-
export { wrapDelegationAsVC, extractDelegationFromVC, isDelegationCredentialExpired, isDelegationCredentialNotYetValid, validateDelegationCredential, validateDetachedProof, createNeedsAuthorizationError, isNeedsAuthorizationError, DELEGATION_CREDENTIAL_CONTEXT, DEFAULT_SESSION_TTL_MINUTES, DEFAULT_TIMESTAMP_SKEW_SECONDS, NONCE_LENGTH_BYTES, } from './types/protocol.js';
|
|
20
|
+
export { wrapDelegationAsVC, extractDelegationFromVC, isDelegationCredentialExpired, isDelegationCredentialNotYetValid, validateDelegationCredential, validateDetachedProof, createNeedsAuthorizationError, isNeedsAuthorizationError, DELEGATION_CREDENTIAL_CONTEXT, DEFAULT_SESSION_TTL_MINUTES, DEFAULT_TIMESTAMP_SKEW_SECONDS, NONCE_LENGTH_BYTES, AUTH_NONCE_TTL_MS, ANON_NONCE_TTL_MS, type MetaPolicy, } from './types/protocol.js';
|
|
20
21
|
export { DelegationCredentialIssuer, createDelegationIssuer, type IssueDelegationOptions, type VCSigningFunction, type IdentityProvider as DelegationIdentityProvider, } from './delegation/vc-issuer.js';
|
|
21
22
|
export { DelegationCredentialVerifier, createDelegationVerifier, type DelegationVCVerificationResult, type VerifyDelegationVCOptions, type DIDResolver, type DIDDocument, type VerificationMethod, type StatusListResolver, type SignatureVerificationFunction, } from './delegation/vc-verifier.js';
|
|
22
23
|
export { DelegationGraphManager, createDelegationGraph, type DelegationNode, type DelegationGraphStorageProvider, } from './delegation/delegation-graph.js';
|
|
@@ -35,7 +36,7 @@ export { base58Encode, base58Decode, isValidBase58, } from './utils/base58.js';
|
|
|
35
36
|
export { isValidDid, getDidMethod, normalizeDid, compareDids, getServerDid, extractAgentId, extractAgentSlug, generateDidKeyFromBytes, generateDidKeyFromBase64, didKeyFragment, } from './utils/did-helpers.js';
|
|
36
37
|
export { verifyOrHints, hasSensitiveScopes, MemoryResumeTokenStore, type AuthHandshakeConfig, type VerifyOrHintsResult, type AgentReputation, type ResumeTokenStore, type UnknownAgentPolicy, type DelegationVerifier, type VerifyDelegationResult, } from './auth/index.js';
|
|
37
38
|
export { ProofGenerator, createProofResponse, extractCanonicalData, type ProofAgentIdentity, type ToolRequest, type ToolResponse, type ProofOptions, } from './proof/index.js';
|
|
38
|
-
export { ProofVerifier, type ProofVerifierConfig, type ProofVerificationResult, } from './proof/verifier.js';
|
|
39
|
+
export { ProofVerifier, validateMetaStructure, extractProofFromMeta, DEFAULT_CLOCK_SKEW_SECONDS, MIN_CLOCK_SKEW_SECONDS, MAX_CLOCK_SKEW_SECONDS, type ProofVerifierConfig, type ProofVerificationResult, } from './proof/verifier.js';
|
|
39
40
|
export { ProofVerificationError, PROOF_VERIFICATION_ERROR_CODES, createProofVerificationError, type ProofVerificationErrorCode, } from './proof/errors.js';
|
|
40
41
|
export { SessionManager, createHandshakeRequest, validateHandshakeFormat, type SessionConfig, type HandshakeResult, } from './session/index.js';
|
|
41
42
|
export { CryptoProvider, ClockProvider, FetchProvider, StorageProvider, NonceCacheProvider, IdentityProvider, type Identity, type AgentIdentity, } from './providers/base.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EACL,kBAAkB,EAClB,gBAAgB,EAChB,KAAK,cAAc,EACnB,KAAK,kBAAkB,GACxB,MAAM,aAAa,CAAC;AAGrB,YAAY,EACV,qBAAqB,EACrB,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,wBAAwB,EACxB,KAAK,EACL,gBAAgB,EAChB,cAAc,EACd,UAAU,EACV,aAAa,EACb,oBAAoB,EACpB,oBAAoB,EACpB,aAAa,EACb,SAAS,EACT,eAAe,EACf,WAAW,EACX,YAAY,EACZ,iBAAiB,EACjB,uBAAuB,EACvB,oBAAoB,EACpB,WAAW,EACX,UAAU,GACX,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,6BAA6B,EAC7B,iCAAiC,EACjC,4BAA4B,EAC5B,qBAAqB,EACrB,6BAA6B,EAC7B,yBAAyB,EACzB,6BAA6B,EAC7B,2BAA2B,EAC3B,8BAA8B,EAC9B,kBAAkB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EACL,kBAAkB,EAClB,gBAAgB,EAChB,KAAK,cAAc,EACnB,KAAK,kBAAkB,GACxB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAG3B,YAAY,EACV,qBAAqB,EACrB,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,wBAAwB,EACxB,KAAK,EACL,gBAAgB,EAChB,cAAc,EACd,UAAU,EACV,aAAa,EACb,oBAAoB,EACpB,oBAAoB,EACpB,aAAa,EACb,SAAS,EACT,eAAe,EACf,WAAW,EACX,YAAY,EACZ,iBAAiB,EACjB,uBAAuB,EACvB,oBAAoB,EACpB,WAAW,EACX,UAAU,GACX,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,6BAA6B,EAC7B,iCAAiC,EACjC,4BAA4B,EAC5B,qBAAqB,EACrB,6BAA6B,EAC7B,yBAAyB,EACzB,6BAA6B,EAC7B,2BAA2B,EAC3B,8BAA8B,EAC9B,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,KAAK,UAAU,GAChB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,0BAA0B,EAC1B,sBAAsB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,IAAI,0BAA0B,GACpD,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,4BAA4B,EAC5B,wBAAwB,EACxB,KAAK,8BAA8B,EACnC,KAAK,yBAAyB,EAC9B,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,6BAA6B,GACnC,MAAM,6BAA6B,CAAC;AAErC,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,KAAK,cAAc,EACnB,KAAK,8BAA8B,GACpC,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EACL,qBAAqB,EACrB,uBAAuB,EACvB,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,GAChC,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EACL,0BAA0B,EAC1B,gCAAgC,EAChC,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,0BAA0B,GAChC,MAAM,sCAAsC,CAAC;AAE9C,OAAO,EACL,gBAAgB,EAChB,UAAU,EACV,KAAK,mBAAmB,EACxB,KAAK,qBAAqB,GAC3B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,wBAAwB,GACzB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EACL,uBAAuB,EACvB,gBAAgB,EAChB,KAAK,sBAAsB,EAC3B,KAAK,iBAAiB,GACvB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,8BAA8B,EAC9B,qBAAqB,EACrB,KAAK,yBAAyB,EAC9B,KAAK,yBAAyB,GAC/B,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,KAAK,WAAW,EAChB,KAAK,YAAY,GAClB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,uBAAuB,EAAE,MAAM,mDAAmD,CAAC;AAE5F,OAAO,EAAE,4BAA4B,EAAE,MAAM,8CAA8C,CAAC;AAE5F,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,0BAA0B,EAC1B,cAAc,GACf,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,QAAQ,EACR,WAAW,EACX,WAAW,EACX,mBAAmB,EACnB,KAAK,0BAA0B,GAChC,MAAM,kCAAkC,CAAC;AAG1C,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,aAAa,GACd,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,cAAc,EACd,gBAAgB,EAChB,uBAAuB,EACvB,wBAAwB,EACxB,cAAc,GACf,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,sBAAsB,EACtB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,sBAAsB,GAC5B,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,oBAAoB,EACpB,KAAK,kBAAkB,EACvB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,YAAY,GAClB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,oBAAoB,EACpB,0BAA0B,EAC1B,sBAAsB,EACtB,sBAAsB,EACtB,KAAK,mBAAmB,EACxB,KAAK,uBAAuB,GAC7B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,sBAAsB,EACtB,8BAA8B,EAC9B,4BAA4B,EAC5B,KAAK,0BAA0B,GAChC,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,cAAc,EACd,sBAAsB,EACtB,uBAAuB,EACvB,KAAK,aAAa,EAClB,KAAK,eAAe,GACrB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,cAAc,EACd,aAAa,EACb,aAAa,EACb,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,KAAK,QAAQ,EACb,KAAK,aAAa,GACnB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAGhE,OAAO,EACL,qBAAqB,EACrB,KAAK,WAAW,EAChB,KAAK,qBAAqB,EAC1B,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,gBAAgB,EACrB,KAAK,WAAW,EAChB,SAAS,EACT,gBAAgB,EAChB,KAAK,gBAAgB,GACtB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,MAAM,EACN,0BAA0B,EAC1B,KAAK,MAAM,EACX,KAAK,KAAK,GACX,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,wBAAwB,EACxB,8BAA8B,EAC9B,gBAAgB,GACjB,MAAM,kBAAkB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* Delegation, proof, and session for Model Context Protocol Identity.
|
|
5
5
|
* This package is a DIF TAAWG protocol reference implementation.
|
|
6
6
|
*
|
|
7
|
-
* Related Spec: https://
|
|
7
|
+
* Related Spec: https://kya-os.ai/mcp
|
|
8
8
|
*
|
|
9
9
|
* ## Error handling strategy
|
|
10
10
|
*
|
|
@@ -16,7 +16,9 @@
|
|
|
16
16
|
*/
|
|
17
17
|
// Error contract
|
|
18
18
|
export { KYA_OS_ERROR_CODES, createKyaOsError, } from './errors.js';
|
|
19
|
-
|
|
19
|
+
// Encoding utilities (RFC 4648 base64url, byte variants)
|
|
20
|
+
export { base64urlEncodeFromBytes, base64urlDecodeToBytes, } from './utils/base64.js';
|
|
21
|
+
export { wrapDelegationAsVC, extractDelegationFromVC, isDelegationCredentialExpired, isDelegationCredentialNotYetValid, validateDelegationCredential, validateDetachedProof, createNeedsAuthorizationError, isNeedsAuthorizationError, DELEGATION_CREDENTIAL_CONTEXT, DEFAULT_SESSION_TTL_MINUTES, DEFAULT_TIMESTAMP_SKEW_SECONDS, NONCE_LENGTH_BYTES, AUTH_NONCE_TTL_MS, ANON_NONCE_TTL_MS, } from './types/protocol.js';
|
|
20
22
|
// Delegation module
|
|
21
23
|
export { DelegationCredentialIssuer, createDelegationIssuer, } from './delegation/vc-issuer.js';
|
|
22
24
|
export { DelegationCredentialVerifier, createDelegationVerifier, } from './delegation/vc-verifier.js';
|
|
@@ -39,7 +41,7 @@ export { isValidDid, getDidMethod, normalizeDid, compareDids, getServerDid, extr
|
|
|
39
41
|
export { verifyOrHints, hasSensitiveScopes, MemoryResumeTokenStore, } from './auth/index.js';
|
|
40
42
|
// Proof module
|
|
41
43
|
export { ProofGenerator, createProofResponse, extractCanonicalData, } from './proof/index.js';
|
|
42
|
-
export { ProofVerifier, } from './proof/verifier.js';
|
|
44
|
+
export { ProofVerifier, validateMetaStructure, extractProofFromMeta, DEFAULT_CLOCK_SKEW_SECONDS, MIN_CLOCK_SKEW_SECONDS, MAX_CLOCK_SKEW_SECONDS, } from './proof/verifier.js';
|
|
43
45
|
export { ProofVerificationError, PROOF_VERIFICATION_ERROR_CODES, createProofVerificationError, } from './proof/errors.js';
|
|
44
46
|
// Session module
|
|
45
47
|
export { SessionManager, createHandshakeRequest, validateHandshakeFormat, } from './session/index.js';
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,iBAAiB;AACjB,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GAGjB,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,iBAAiB;AACjB,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GAGjB,MAAM,aAAa,CAAC;AAErB,yDAAyD;AACzD,OAAO,EACL,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AA6B3B,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,6BAA6B,EAC7B,iCAAiC,EACjC,4BAA4B,EAC5B,qBAAqB,EACrB,6BAA6B,EAC7B,yBAAyB,EACzB,6BAA6B,EAC7B,2BAA2B,EAC3B,8BAA8B,EAC9B,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,GAElB,MAAM,qBAAqB,CAAC;AAE7B,oBAAoB;AACpB,OAAO,EACL,0BAA0B,EAC1B,sBAAsB,GAIvB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,4BAA4B,EAC5B,wBAAwB,GAQzB,MAAM,6BAA6B,CAAC;AAErC,OAAO,EACL,sBAAsB,EACtB,qBAAqB,GAGtB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EACL,qBAAqB,EACrB,uBAAuB,GAGxB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EACL,0BAA0B,EAC1B,gCAAgC,GAIjC,MAAM,sCAAsC,CAAC;AAE9C,OAAO,EACL,gBAAgB,EAChB,UAAU,GAGX,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,wBAAwB,GACzB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EACL,uBAAuB,EACvB,gBAAgB,GAGjB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EACL,8BAA8B,EAC9B,qBAAqB,GAGtB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,EACb,UAAU,GAGX,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,uBAAuB,EAAE,MAAM,mDAAmD,CAAC;AAE5F,OAAO,EAAE,4BAA4B,EAAE,MAAM,8CAA8C,CAAC;AAE5F,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,0BAA0B,EAC1B,cAAc,GACf,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,QAAQ,EACR,WAAW,EACX,WAAW,EACX,mBAAmB,GAEpB,MAAM,kCAAkC,CAAC;AAE1C,QAAQ;AACR,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,aAAa,GACd,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,cAAc,EACd,gBAAgB,EAChB,uBAAuB,EACvB,wBAAwB,EACxB,cAAc,GACf,MAAM,wBAAwB,CAAC;AAEhC,cAAc;AACd,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,sBAAsB,GAQvB,MAAM,iBAAiB,CAAC;AAEzB,eAAe;AACf,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,oBAAoB,GAKrB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,oBAAoB,EACpB,0BAA0B,EAC1B,sBAAsB,EACtB,sBAAsB,GAGvB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,sBAAsB,EACtB,8BAA8B,EAC9B,4BAA4B,GAE7B,MAAM,mBAAmB,CAAC;AAE3B,iBAAiB;AACjB,OAAO,EACL,cAAc,EACd,sBAAsB,EACtB,uBAAuB,GAGxB,MAAM,oBAAoB,CAAC;AAE5B,YAAY;AACZ,OAAO,EACL,cAAc,EACd,aAAa,EACb,aAAa,EACb,eAAe,EACf,kBAAkB,EAClB,gBAAgB,GAGjB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAEhE,aAAa;AACb,OAAO,EACL,qBAAqB,EAQrB,SAAS,EACT,gBAAgB,GAEjB,MAAM,uBAAuB,CAAC;AAE/B,UAAU;AACV,OAAO,EACL,MAAM,EACN,0BAA0B,GAG3B,MAAM,oBAAoB,CAAC;AAE5B,oBAAoB;AACpB,OAAO,EACL,wBAAwB,EACxB,8BAA8B,EAC9B,gBAAgB,GACjB,MAAM,kBAAkB,CAAC"}
|
|
@@ -59,7 +59,10 @@ export interface KyaOsDelegationConfig {
|
|
|
59
59
|
* Recommended for production. See: Alan Karp's transitive access analysis
|
|
60
60
|
* and KYA-OS §11.6 (Confused Deputy Attacks).
|
|
61
61
|
*
|
|
62
|
-
* Default is
|
|
62
|
+
* Default is `true` as of KYA-OS 1.3.x. Existing integrations that
|
|
63
|
+
* issue re-delegations without an `audience` constraint can set this
|
|
64
|
+
* to `false` to preserve legacy behavior; doing so logs a one-time
|
|
65
|
+
* warning per process.
|
|
63
66
|
*/
|
|
64
67
|
requireAudienceOnRedelegation?: boolean;
|
|
65
68
|
/**
|
|
@@ -176,27 +179,5 @@ export interface KyaOsMiddleware {
|
|
|
176
179
|
consentUrl: string;
|
|
177
180
|
}, handler: KyaOsToolHandler): KyaOsToolHandler;
|
|
178
181
|
}
|
|
179
|
-
/**
|
|
180
|
-
* Create KYA-OS middleware for a standard MCP SDK Server.
|
|
181
|
-
*
|
|
182
|
-
* For most use cases, prefer {@link withKyaOs} from `./with-kya-os-server.ts`
|
|
183
|
-
* which wraps this function and (by default) auto-registers handshake +
|
|
184
|
-
* auto-attaches proofs.
|
|
185
|
-
*
|
|
186
|
-
* Use `createKyaOsMiddleware` directly when:
|
|
187
|
-
* - You use the low-level `Server` API (not `McpServer`)
|
|
188
|
-
* - You need custom request handler patterns
|
|
189
|
-
* - You want per-tool control over proof/delegation wrapping
|
|
190
|
-
*
|
|
191
|
-
* @param config - Agent identity and session configuration
|
|
192
|
-
* @param cryptoProvider - Platform-specific crypto implementation
|
|
193
|
-
* @returns Middleware components for session management and proof generation
|
|
194
|
-
*
|
|
195
|
-
* @remarks
|
|
196
|
-
* **Single-process only**: This middleware stores session state in memory using closure
|
|
197
|
-
* variables (`activeSessionId`, `sessionNonces`). It is NOT suitable for multi-instance
|
|
198
|
-
* deployments behind a load balancer. For distributed deployments, implement a custom
|
|
199
|
-
* `SessionStore` backed by Redis, DynamoDB, or similar and pass it via `config.session`.
|
|
200
|
-
*/
|
|
201
182
|
export declare function createKyaOsMiddleware(config: KyaOsConfig, cryptoProvider: CryptoProvider): KyaOsMiddleware;
|
|
202
183
|
//# sourceMappingURL=with-kya-os.d.ts.map
|