@kya-os/mcp 1.3.1 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +228 -1
- package/README.md +3 -3
- package/dist/delegation/index.d.ts +2 -1
- package/dist/delegation/index.d.ts.map +1 -1
- package/dist/delegation/index.js +2 -1
- package/dist/delegation/index.js.map +1 -1
- package/dist/delegation/scope-matcher.d.ts +35 -0
- package/dist/delegation/scope-matcher.d.ts.map +1 -0
- package/dist/delegation/scope-matcher.js +83 -0
- package/dist/delegation/scope-matcher.js.map +1 -0
- package/dist/delegation/vc-verifier.d.ts +7 -0
- package/dist/delegation/vc-verifier.d.ts.map +1 -1
- package/dist/delegation/vc-verifier.js +27 -0
- package/dist/delegation/vc-verifier.js.map +1 -1
- package/dist/errors.d.ts +2 -1
- package/dist/errors.d.ts.map +1 -1
- package/dist/errors.js +2 -1
- package/dist/errors.js.map +1 -1
- package/dist/index.d.ts +9 -4
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +10 -4
- package/dist/index.js.map +1 -1
- package/dist/middleware/with-kya-os.d.ts +88 -31
- package/dist/middleware/with-kya-os.d.ts.map +1 -1
- package/dist/middleware/with-kya-os.js +327 -88
- package/dist/middleware/with-kya-os.js.map +1 -1
- package/dist/policy/approval.d.ts +34 -0
- package/dist/policy/approval.d.ts.map +1 -0
- package/dist/policy/approval.js +29 -0
- package/dist/policy/approval.js.map +1 -0
- package/dist/policy/classifier.d.ts +38 -0
- package/dist/policy/classifier.d.ts.map +1 -0
- package/dist/policy/classifier.js +97 -0
- package/dist/policy/classifier.js.map +1 -0
- package/dist/policy/default-engine.d.ts +24 -0
- package/dist/policy/default-engine.d.ts.map +1 -0
- package/dist/policy/default-engine.js +41 -0
- package/dist/policy/default-engine.js.map +1 -0
- package/dist/policy/engine.d.ts +12 -0
- package/dist/policy/engine.d.ts.map +1 -0
- package/dist/policy/engine.js +2 -0
- package/dist/policy/engine.js.map +1 -0
- package/dist/policy/index.d.ts +6 -0
- package/dist/policy/index.d.ts.map +1 -0
- package/dist/policy/index.js +6 -0
- package/dist/policy/index.js.map +1 -0
- package/dist/policy/types.d.ts +52 -0
- package/dist/policy/types.d.ts.map +1 -0
- package/dist/policy/types.js +10 -0
- package/dist/policy/types.js.map +1 -0
- package/dist/proof/errors.d.ts +1 -0
- package/dist/proof/errors.d.ts.map +1 -1
- package/dist/proof/errors.js +4 -0
- package/dist/proof/errors.js.map +1 -1
- package/dist/proof/generator.d.ts +28 -4
- package/dist/proof/generator.d.ts.map +1 -1
- package/dist/proof/generator.js +48 -20
- package/dist/proof/generator.js.map +1 -1
- package/dist/proof/verifier.d.ts +32 -3
- package/dist/proof/verifier.d.ts.map +1 -1
- package/dist/proof/verifier.js +85 -6
- package/dist/proof/verifier.js.map +1 -1
- package/dist/providers/audit-log.d.ts +62 -0
- package/dist/providers/audit-log.d.ts.map +1 -0
- package/dist/providers/audit-log.js +75 -0
- package/dist/providers/audit-log.js.map +1 -0
- package/dist/providers/index.d.ts +3 -0
- package/dist/providers/index.d.ts.map +1 -1
- package/dist/providers/index.js +3 -0
- package/dist/providers/index.js.map +1 -1
- package/dist/providers/runtime-fetch.d.ts +73 -0
- package/dist/providers/runtime-fetch.d.ts.map +1 -0
- package/dist/providers/runtime-fetch.js +169 -0
- package/dist/providers/runtime-fetch.js.map +1 -0
- package/dist/providers/system-clock.d.ts +39 -0
- package/dist/providers/system-clock.d.ts.map +1 -0
- package/dist/providers/system-clock.js +49 -0
- package/dist/providers/system-clock.js.map +1 -0
- package/dist/types/protocol.d.ts +38 -3
- package/dist/types/protocol.d.ts.map +1 -1
- package/dist/types/protocol.js +44 -9
- package/dist/types/protocol.js.map +1 -1
- package/package.json +4 -2
- package/schemas/README.md +1 -1
- package/schemas/delegation-credential.json +2 -2
- package/schemas/detached-proof.json +12 -3
- package/schemas/handshake-request.json +1 -1
- package/schemas/handshake-response.json +1 -1
- package/schemas/well-known-mcpi.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -5,7 +5,234 @@ All notable changes to @kya-os/mcp will be documented here.
|
|
|
5
5
|
Format: https://keepachangelog.com/en/1.0.0/
|
|
6
6
|
Versioning: https://semver.org/spec/v2.0.0.html
|
|
7
7
|
|
|
8
|
-
## [
|
|
8
|
+
## [1.4.0] - 2026-05-31
|
|
9
|
+
|
|
10
|
+
Ports the KYA-OS authorization primitives developed upstream (xmcp-i) into
|
|
11
|
+
`@kya-os/mcp`: a per-action policy / step-up gate, scope-matcher enforcement,
|
|
12
|
+
signed `needs_authorization` challenges with verifier content binding, and
|
|
13
|
+
shipped runtime providers. Additive over 1.3.x except where noted under
|
|
14
|
+
**Changed** and **Removed**.
|
|
15
|
+
|
|
16
|
+
### Added
|
|
17
|
+
|
|
18
|
+
- **Signed `needs_authorization` challenge.** The delegation challenge returned
|
|
19
|
+
when a protected tool is invoked without a credential now carries a signed
|
|
20
|
+
detached-JWS proof in `_meta` (`outcome: 'needs_authorization'`). The proof
|
|
21
|
+
binds a `responseHash` over the challenge content — including the
|
|
22
|
+
`authorizationUrl`. A verifier that recomputes the response hash over the
|
|
23
|
+
content it received — via the new `ProofVerifier` content binding (below) —
|
|
24
|
+
detects a tampered / MITM-swapped consent URL; the signature alone proves
|
|
25
|
+
authenticity, not content-match. The challenge content/shape is unchanged; attachment
|
|
26
|
+
is best-effort (no-ops when no session can be resolved). The proof `outcome`
|
|
27
|
+
enum widened to include `'needs_authorization'` across `ProofMeta`,
|
|
28
|
+
`ProofOptions`, `validateDetachedProof`, and the `detached-proof` JSON Schema.
|
|
29
|
+
Success proofs are byte-identical (unaffected).
|
|
30
|
+
- **`wrapWithDelegation` `formatChallenge` hook.** An optional config callback
|
|
31
|
+
that renders the `needs_authorization` challenge content (e.g. a clickable
|
|
32
|
+
markdown consent link for LLM / chat-style MCP clients) **before** the proof is
|
|
33
|
+
signed — so the challenge `responseHash` binds exactly what the client
|
|
34
|
+
receives, keeping the `authorizationUrl` tamper-evident regardless of
|
|
35
|
+
presentation. Defaults to the structured JSON challenge. The consent-basic /
|
|
36
|
+
consent-full examples now render their consent link via this hook instead of
|
|
37
|
+
rewriting the response after signing (which had left the proof bound to stale
|
|
38
|
+
content).
|
|
39
|
+
- **`ProofVerifier` content binding.** `verifyProof(proof, jwk, { request, response })`
|
|
40
|
+
recomputes `requestHash`/`responseHash` over the request/response the verifier
|
|
41
|
+
actually received — via a shared `computeCanonicalHashes` (single source of
|
|
42
|
+
truth with the signer, so they can't drift) — and fails `CONTENT_BINDING_MISMATCH`
|
|
43
|
+
on divergence. This is what realizes substitution detection (the signed
|
|
44
|
+
challenge's anti-MITM, and content-binding for any proof); the signature alone
|
|
45
|
+
proves only authenticity. New `CONTENT_BINDING_MISMATCH` proof-verification
|
|
46
|
+
error code.
|
|
47
|
+
- **Concrete `SystemClockProvider` + `RuntimeFetchProvider`.** The package now
|
|
48
|
+
ships a wall-clock `ClockProvider` and a network-capable `FetchProvider`
|
|
49
|
+
(did:key resolved locally, did:web over HTTPS, StatusList2021 fetch) so a
|
|
50
|
+
consumer no longer hand-rolls them to drive `ProofVerifier`. `RuntimeFetchProvider`
|
|
51
|
+
is the default the middleware uses and replaces the prior internal stub (whose
|
|
52
|
+
`resolveDID` returned `null`); it refuses private-network targets by default
|
|
53
|
+
(see **Security**). The verify-proof / anti-MITM examples now consume both.
|
|
54
|
+
- **Per-action policy / step-up gate (`withPolicyGate`).** A new opt-in
|
|
55
|
+
middleware wrapper that classifies an action's risk (reversibility, blast
|
|
56
|
+
radius, severity) and consults a pluggable Policy-as-Code `PolicyEngine`:
|
|
57
|
+
`allow` runs the handler, `deny` returns a `policy_denied` error, and
|
|
58
|
+
`step_up` returns a `needs_approval` error until N-of-M signed `ApprovalGrant`s
|
|
59
|
+
— each bound to the request hash (TOCTOU-safe) — are supplied. Ships a
|
|
60
|
+
fail-closed `DefaultPolicyEngine` and a built-in `RiskClassifier`; OPA/Rego and
|
|
61
|
+
Cedar adapters are intended follow-ups. Composes after `wrapWithDelegation`;
|
|
62
|
+
no behavior change unless adopted.
|
|
63
|
+
- **`PolicyEngine` PaC port + `policy/` subsystem** (`PolicyRequest`,
|
|
64
|
+
`PolicyDecision`, `RiskClassifier`, `DefaultPolicyEngine`, `ApprovalGrant`,
|
|
65
|
+
`verifyApprovalQuorum`), exported from the package root.
|
|
66
|
+
- **`needs_approval` error** (`NeedsApprovalError`, `createNeedsApprovalError`,
|
|
67
|
+
`isNeedsApprovalError`) and the `policy_denied` error code.
|
|
68
|
+
- **`bytesToBase64` / `base64ToBytes`** are now re-exported from the package root
|
|
69
|
+
(standard-base64 byte helpers, alongside the existing base64url variants).
|
|
70
|
+
- **`AuditLogProvider` — pluggable sink for audit-record retention.** A new
|
|
71
|
+
provider (abstract base + `MemoryAuditLogProvider` / `NoopAuditLogProvider`
|
|
72
|
+
defaults, exported from the root and `./providers`) for persisting the frozen
|
|
73
|
+
`audit.v1` record of each verified tool call. Wire it via `KyaOsConfig.auditLog`
|
|
74
|
+
(default: no-op); `createKyaOsMiddleware` emits a record after each proofed
|
|
75
|
+
call, and a sink failure never breaks the tool response. `buildAuditRecord(ctx)`
|
|
76
|
+
exposes the context→record mapping. Records carry only DID/key id, session,
|
|
77
|
+
audience, scope, request/response hashes, and the verification result — never
|
|
78
|
+
key material or nonces. The storage backend is operator-provided (durable,
|
|
79
|
+
append-only); the package stays storage-agnostic, like the other providers.
|
|
80
|
+
- **Delegation scope on audit records.** Delegation-protected tools record the
|
|
81
|
+
scope they were authorized under: `wrapWithDelegation` threads its `scopeId`
|
|
82
|
+
through a new optional `KyaOsCallContext` (3rd handler argument) into the proof
|
|
83
|
+
meta, so the audit record's `scope` reflects it (was `'-'`). The argument is
|
|
84
|
+
optional and backward-compatible; tool handlers that ignore it are unaffected.
|
|
85
|
+
|
|
86
|
+
### Changed
|
|
87
|
+
|
|
88
|
+
- **`ProofMeta.responseHash` is now optional** (`string | undefined`). Denial /
|
|
89
|
+
step-up proofs carry no response, so code reading `responseHash` must treat it
|
|
90
|
+
as possibly-absent. `validateDetachedProof` and the `detached-proof` JSON
|
|
91
|
+
Schema no longer require it (and now permit `outcome`/`reason`).
|
|
92
|
+
- **`CrispScope` `prefix`/`regex` matchers are now enforced** (previously inert —
|
|
93
|
+
only exact membership in the flat `scopes[]` was checked). A credential
|
|
94
|
+
declaring a non-exact matcher now grants its pattern set, with ReDoS-safe regex
|
|
95
|
+
evaluation; flat `scopes[]` remain exact-match (unchanged). **Behavioral
|
|
96
|
+
change** for any credential that declared a `prefix`/`regex` matcher: it now
|
|
97
|
+
grants where it previously granted nothing, and a one-time warning is logged on
|
|
98
|
+
first non-exact use. Re-delegations may not introduce crisp matchers absent
|
|
99
|
+
from the parent.
|
|
100
|
+
- **`withPolicyGate`'s `scopeMatched` defaults to `false`** (fail-closed): compose
|
|
101
|
+
it after `wrapWithDelegation` and pass `scopeMatched: true`, or it denies.
|
|
102
|
+
`withPolicyGate` is an optional member of the `KyaOsMiddleware` interface
|
|
103
|
+
(additive; structural implementers/mocks are not broken). New in this release,
|
|
104
|
+
so no prior consumer is affected.
|
|
105
|
+
- **Bundled examples now consume the built `@kya-os/mcp` package** rather than
|
|
106
|
+
reaching into `src/` via relative paths. Nested example packages (consent-basic,
|
|
107
|
+
consent-full, context7, brave-search) link the local build via `file:../..`;
|
|
108
|
+
root-tree examples (node-server, verify-proof, outbound-delegation, statuslist)
|
|
109
|
+
resolve it by package self-reference. Fixes the context7 example, which had
|
|
110
|
+
pinned a stale published `@kya-os/mcp@^1.3.0` (pre-`withKyaOs` rename).
|
|
111
|
+
|
|
112
|
+
### Spec
|
|
113
|
+
|
|
114
|
+
- **§4.2 — normative MUST on key generation.** An agent's key pair MUST be
|
|
115
|
+
generated by the agent or its designated custodian; the secret key MUST NOT be
|
|
116
|
+
generated by, transmitted to, or escrowed with any registration, DID,
|
|
117
|
+
directory, or reputation service (which receive only the public key). Carves
|
|
118
|
+
out agent-side proxy/HSM custody (§11.0). Closes the key-escrow / IBE-style
|
|
119
|
+
concern where a directory service implicitly holds agents' secret keys.
|
|
120
|
+
- **§6.6 — revocation needs no global list.** Clarified that a verifier checks
|
|
121
|
+
revocation only for the resources it gates and MAY hold revocation state
|
|
122
|
+
locally; `StatusList2021` is the interoperable publish format, not a required
|
|
123
|
+
public certificate-revocation list.
|
|
124
|
+
- **§11.0 — "L2+ is not OAuth-style client registration."** Direct (Level 2+)
|
|
125
|
+
verification still gates on the presented delegation chain, not the agent's
|
|
126
|
+
identity alone — inverting the OAuth Dynamic Client Registration pattern.
|
|
127
|
+
- **§12.5 — per-delegation keys (delegate unlinkability).** Non-normative
|
|
128
|
+
pattern: delegate to a fresh one-off public key per delegation to prevent
|
|
129
|
+
cross-delegation correlation through a shared subject DID.
|
|
130
|
+
- **§2 — reputation scope.** The Responsible Party definition now states that
|
|
131
|
+
reputation and accountability signals are scoped primarily to the Responsible
|
|
132
|
+
Party, not an agent's ephemeral identity.
|
|
133
|
+
- **Terminology.** Standardized on _secret key_ (synonymous with _private key_,
|
|
134
|
+
retained in PKCS#8 / JWK references); fixed the one residual _private key_
|
|
135
|
+
usage in §7.
|
|
136
|
+
|
|
137
|
+
### Security
|
|
138
|
+
|
|
139
|
+
- **Malformed delegation input no longer crashes.** A malformed `_kyaos_delegation`
|
|
140
|
+
(non-object, missing `credentialSubject.delegation`, or even a throwing
|
|
141
|
+
getter/Proxy accessor) previously surfaced as a JSON-RPC internal error (`-32603`);
|
|
142
|
+
it now returns a clean, signed `delegation_invalid` denial. `validateDelegationChain`
|
|
143
|
+
shape-checks the leaf and returns `{ valid, reason }` (honouring the
|
|
144
|
+
`verify*`/`validate*` never-throw contract); `extractDelegationFromVC` fails
|
|
145
|
+
with a clear error instead of a cryptic `TypeError`; the middleware try/catch is
|
|
146
|
+
now a pure backstop that logs the detail server-side and returns a generic
|
|
147
|
+
reason (no internal/stack detail leaks to the client). The invalid-VC-JWT path
|
|
148
|
+
is now signed as well.
|
|
149
|
+
- **Log-injection / reflection hardening.** Caller-derived values (credential
|
|
150
|
+
ids, scopes) interpolated into delegation-failure reasons and logs are now
|
|
151
|
+
stripped of control characters and length-capped before emission, so a hostile
|
|
152
|
+
credential cannot forge log lines, corrupt a terminal, or reflect raw control
|
|
153
|
+
bytes into a client response.
|
|
154
|
+
- **`RuntimeFetchProvider` refuses private-network targets by default (SSRF).**
|
|
155
|
+
did:web resolution and StatusList2021 fetches reject loopback / link-local /
|
|
156
|
+
RFC-1918 IP-literal hosts (e.g. `did:web:169.254.169.254`, the cloud-metadata
|
|
157
|
+
endpoint) unless constructed with `{ allowPrivateNetworkHosts: true }`. This
|
|
158
|
+
is best-effort defense-in-depth for IP literals — not DNS rebinding; run
|
|
159
|
+
verifiers behind an egress allowlist (`SECURITY.md`).
|
|
160
|
+
- **Signed proofs are now emitted on denial and step-up.** Delegation/scope
|
|
161
|
+
denials and policy step-ups previously produced no proof; they now attach a
|
|
162
|
+
signed detached-JWS proof (`outcome: 'denied' | 'step_up_required'`, no
|
|
163
|
+
`responseHash`), so rejected privileged attempts are non-repudiably auditable.
|
|
164
|
+
- **Fail-closed policy default.** Unclassified ("unknown") high-risk actions are
|
|
165
|
+
denied by the `DefaultPolicyEngine` rather than forwarded.
|
|
166
|
+
- **Denial/step-up proofs are verifiable end-to-end.** `validateDetachedProof`
|
|
167
|
+
and `ProofVerifier` accept response-less proofs (the earlier fix only corrected
|
|
168
|
+
canonical-payload reconstruction); added a real-crypto end-to-end test.
|
|
169
|
+
- **Crisp-scope attenuation.** Re-delegations cannot widen authority via crisp
|
|
170
|
+
matchers absent from the parent — closes a privilege-escalation path that
|
|
171
|
+
enforcing the matcher would otherwise have opened.
|
|
172
|
+
- **ReDoS hardening.** The `regex` matcher rejects nested-quantifier patterns and
|
|
173
|
+
bounds input length. This is a conservative guard, **not** a guarantee — prefer
|
|
174
|
+
`exact`/`prefix` for untrusted issuers, or evaluate via a linear-time engine.
|
|
175
|
+
The `prefix` matcher refuses an empty/`*`-only base (no universal grant).
|
|
176
|
+
|
|
177
|
+
### Removed
|
|
178
|
+
|
|
179
|
+
- **BREAKING: removed the three unsafe delegation opt-outs.** The
|
|
180
|
+
secure-by-default behavior they bypassed is now unconditional and cannot be
|
|
181
|
+
disabled:
|
|
182
|
+
- `delegation.requireAudienceOnRedelegation` — audience binding on every
|
|
183
|
+
non-root credential in a chain is now mandatory (`SPEC.md` §11.6).
|
|
184
|
+
- `delegation.allowLegacyUnsafeDelegation` — full delegation-chain resolution
|
|
185
|
+
and `credentialStatus` / StatusList revocation checks are always enforced;
|
|
186
|
+
parent-linked credentials without a `resolveDelegationChain` handler, and
|
|
187
|
+
`credentialStatus` without a `statusListResolver`, are rejected.
|
|
188
|
+
- `VerifyDelegationVCOptions.allowNonDelegationSubjectFields` — the
|
|
189
|
+
`credentialSubject` shape check (only `id` + `delegation`) is always
|
|
190
|
+
enforced (`SPEC.md` §6.2; conformance L3.5a).
|
|
191
|
+
|
|
192
|
+
The associated one-time `console.warn` notices are removed along with the
|
|
193
|
+
flags. Migration guidance: `SECURITY.md` → Mandatory Delegation Protections.
|
|
194
|
+
Consumers that did not set these flags are unaffected — the reference issuer
|
|
195
|
+
and all bundled examples already emit conformant credentials.
|
|
196
|
+
|
|
197
|
+
### Known limitations (policy gate — experimental, non-normative)
|
|
198
|
+
|
|
199
|
+
- Step-up approval grants are **not yet single-use or expiry-bound** (replayable
|
|
200
|
+
for the same action); a server-issued single-use challenge is a planned follow-up.
|
|
201
|
+
- The default approval-signature verifier **rejects all** — integrators must supply
|
|
202
|
+
a real verifier; `isValidApprovalSignature: async () => true` is test-only.
|
|
203
|
+
- `policy_denied` / `needs_approval`, the step-up flow, and the now-normative
|
|
204
|
+
`CrispScope` matcher semantics are **not yet documented in `SPEC.md` /
|
|
205
|
+
`CONFORMANCE.md`** (tracked as follow-ups).
|
|
206
|
+
|
|
207
|
+
## [1.3.2] - 2026-05-26
|
|
208
|
+
|
|
209
|
+
### Security
|
|
210
|
+
|
|
211
|
+
- **Verifier rejects claim-contaminated delegation credentials.** A
|
|
212
|
+
`DelegationCredential` whose `credentialSubject` carries properties beyond
|
|
213
|
+
`id` and `delegation` is now rejected by default — claim-bearing fields in a
|
|
214
|
+
permission credential separate designation from authorization (the
|
|
215
|
+
confused-deputy class, `SPEC.md` §6.2 / §11.6). The reference verifier exposes
|
|
216
|
+
`allowNonDelegationSubjectFields` (default `false`) as an audited opt-out that
|
|
217
|
+
logs a one-time per-process warning. Spec-conformant issuers are unaffected;
|
|
218
|
+
the reference issuer already emits `{ id, delegation }` subjects. New
|
|
219
|
+
conformance requirement L3.5a. (#67)
|
|
220
|
+
|
|
221
|
+
### Changed
|
|
222
|
+
|
|
223
|
+
- **Schema `$id` and JSON-LD `@context` hosts migrated** off the
|
|
224
|
+
`modelcontextprotocol-identity.io` trademark domain to the foundation-owned
|
|
225
|
+
`schema.kya-os.ai`. All five shipped JSON Schemas (`schemas/*.json`), the
|
|
226
|
+
spec's context references, and the `DELEGATION_CREDENTIAL_CONTEXT` constant
|
|
227
|
+
now resolve under `schema.kya-os.ai`; schemas are served identically at both
|
|
228
|
+
hosts during the migration window (no `$id` is 301-redirected). (#65)
|
|
229
|
+
|
|
230
|
+
## [1.3.1] - 2026-05-26
|
|
231
|
+
|
|
232
|
+
> These entries accreted across the 1.2.0 → 1.3.1 donation cutover and were
|
|
233
|
+
> published without strict per-version sectioning. They are grouped here for
|
|
234
|
+
> completeness; see `npm view @kya-os/mcp time` and git history for exact ship
|
|
235
|
+
> points. A clean per-version backfill is tracked separately.
|
|
9
236
|
|
|
10
237
|
### Added
|
|
11
238
|
|
package/README.md
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
<p align="center">
|
|
2
2
|
<a href="https://kya-os.ai">
|
|
3
3
|
<picture>
|
|
4
|
-
<source media="(prefers-color-scheme: dark)" srcset="https://
|
|
5
|
-
<img alt="" src="https://
|
|
4
|
+
<source media="(prefers-color-scheme: dark)" srcset="https://kya-os.ai/mcp/images/logo-mark_white.svg">
|
|
5
|
+
<img alt="" src="https://kya-os.ai/mcp/images/logo-mark_black.svg" width="64">
|
|
6
6
|
</picture>
|
|
7
7
|
</a>
|
|
8
8
|
</p>
|
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
|
|
14
14
|
<p align="center">
|
|
15
15
|
<a href="https://www.npmjs.com/package/@kya-os/mcp"><img src="https://img.shields.io/npm/v/@kya-os/mcp" alt="npm"></a>
|
|
16
|
-
<a href="https://
|
|
16
|
+
<a href="https://kya-os.ai/mcp"><img src="https://img.shields.io/badge/spec-KYA--OS-blue" alt="spec"></a>
|
|
17
17
|
<a href="https://identity.foundation/working-groups/agent-and-authorization.html"><img src="https://img.shields.io/badge/DIF-TAAWG-purple" alt="DIF TAAWG"></a>
|
|
18
18
|
<a href="./LICENSE"><img src="https://img.shields.io/github/license/decentralized-identity/kya-os-mcp" alt="license"></a>
|
|
19
19
|
</p>
|
|
@@ -14,8 +14,9 @@ export * from './utils.js';
|
|
|
14
14
|
export * from './outbound-proof.js';
|
|
15
15
|
export * from './outbound-headers.js';
|
|
16
16
|
export * from './audience-validator.js';
|
|
17
|
+
export * from './scope-matcher.js';
|
|
17
18
|
export { createDidKeyResolver, resolveDidKeySync, isEd25519DidKey, extractPublicKeyFromDidKey, publicKeyToJwk, } from './did-key-resolver.js';
|
|
18
|
-
export { DidWebResolver, createDidWebResolver, isDidWeb, parseDidWeb, didWebToUrl, } from './did-web-resolver.js';
|
|
19
|
+
export { DidWebResolver, createDidWebResolver, isDidWeb, parseDidWeb, didWebToUrl, buildDidWebDocument, } from './did-web-resolver.js';
|
|
19
20
|
export { MemoryStatusListStorage } from './storage/memory-statuslist-storage.js';
|
|
20
21
|
export { MemoryDelegationGraphStorage } from './storage/memory-graph-storage.js';
|
|
21
22
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/delegation/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,cAAc,gBAAgB,CAAC;AAC/B,cAAc,kBAAkB,CAAC;AACjC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC;AACtC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,YAAY,CAAC;AAC3B,cAAc,qBAAqB,CAAC;AACpC,cAAc,uBAAuB,CAAC;AACtC,cAAc,yBAAyB,CAAC;AACxC,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,0BAA0B,EAC1B,cAAc,GACf,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,QAAQ,EACR,WAAW,EACX,WAAW,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/delegation/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,cAAc,gBAAgB,CAAC;AAC/B,cAAc,kBAAkB,CAAC;AACjC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC;AACtC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,YAAY,CAAC;AAC3B,cAAc,qBAAqB,CAAC;AACpC,cAAc,uBAAuB,CAAC;AACtC,cAAc,yBAAyB,CAAC;AACxC,cAAc,oBAAoB,CAAC;AACnC,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,0BAA0B,EAC1B,cAAc,GACf,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,QAAQ,EACR,WAAW,EACX,WAAW,EACX,mBAAmB,GACpB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC;AACjF,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC"}
|
package/dist/delegation/index.js
CHANGED
|
@@ -14,8 +14,9 @@ export * from './utils.js';
|
|
|
14
14
|
export * from './outbound-proof.js';
|
|
15
15
|
export * from './outbound-headers.js';
|
|
16
16
|
export * from './audience-validator.js';
|
|
17
|
+
export * from './scope-matcher.js';
|
|
17
18
|
export { createDidKeyResolver, resolveDidKeySync, isEd25519DidKey, extractPublicKeyFromDidKey, publicKeyToJwk, } from './did-key-resolver.js';
|
|
18
|
-
export { DidWebResolver, createDidWebResolver, isDidWeb, parseDidWeb, didWebToUrl, } from './did-web-resolver.js';
|
|
19
|
+
export { DidWebResolver, createDidWebResolver, isDidWeb, parseDidWeb, didWebToUrl, buildDidWebDocument, } from './did-web-resolver.js';
|
|
19
20
|
export { MemoryStatusListStorage } from './storage/memory-statuslist-storage.js';
|
|
20
21
|
export { MemoryDelegationGraphStorage } from './storage/memory-graph-storage.js';
|
|
21
22
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/delegation/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,cAAc,gBAAgB,CAAC;AAC/B,cAAc,kBAAkB,CAAC;AACjC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC;AACtC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,YAAY,CAAC;AAC3B,cAAc,qBAAqB,CAAC;AACpC,cAAc,uBAAuB,CAAC;AACtC,cAAc,yBAAyB,CAAC;AACxC,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,0BAA0B,EAC1B,cAAc,GACf,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,QAAQ,EACR,WAAW,EACX,WAAW,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/delegation/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,cAAc,gBAAgB,CAAC;AAC/B,cAAc,kBAAkB,CAAC;AACjC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC;AACtC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,YAAY,CAAC;AAC3B,cAAc,qBAAqB,CAAC;AACpC,cAAc,uBAAuB,CAAC;AACtC,cAAc,yBAAyB,CAAC;AACxC,cAAc,oBAAoB,CAAC;AACnC,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,0BAA0B,EAC1B,cAAc,GACf,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,QAAQ,EACR,WAAW,EACX,WAAW,EACX,mBAAmB,GACpB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC;AACjF,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC"}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
import type { DelegationCredential } from '../types/protocol.js';
|
|
2
|
+
export type ScopeMatcher = 'exact' | 'prefix' | 'regex';
|
|
3
|
+
/**
|
|
4
|
+
* Match a single requested scope/resource value against a pattern by matcher kind.
|
|
5
|
+
*
|
|
6
|
+
* - `exact` : strict string equality.
|
|
7
|
+
* - `prefix` : value starts with the pattern (a single trailing `*` is optional sugar).
|
|
8
|
+
* An empty base ('' or lone '*') matches nothing — it will NOT grant
|
|
9
|
+
* universal scope.
|
|
10
|
+
* - `regex` : anchored full-string match; never throws (invalid patterns → false).
|
|
11
|
+
*
|
|
12
|
+
* SECURITY: the regex pattern is supplied by the credential ISSUER. JS `RegExp`
|
|
13
|
+
* is not linear-time, so this guards against the common catastrophic-backtracking
|
|
14
|
+
* shapes (nested quantifiers) and bounds input length — but it is a conservative
|
|
15
|
+
* mitigation, not a guarantee. Deployments accepting `regex` matchers from
|
|
16
|
+
* untrusted issuers should prefer `exact`/`prefix` or evaluate via a linear-time
|
|
17
|
+
* engine (e.g. RE2).
|
|
18
|
+
*/
|
|
19
|
+
export declare function matchScope(pattern: string, matcher: ScopeMatcher, value: string): boolean;
|
|
20
|
+
export interface ScopeSatisfaction {
|
|
21
|
+
satisfied: boolean;
|
|
22
|
+
/**
|
|
23
|
+
* True when satisfaction came via a non-exact (prefix|regex) CrispScope matcher.
|
|
24
|
+
* Callers should surface a warning — non-exact matchers widen effective authority.
|
|
25
|
+
*/
|
|
26
|
+
usedNonExactMatcher: boolean;
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
29
|
+
* Decide whether a required scope id is satisfied by a credential.
|
|
30
|
+
*
|
|
31
|
+
* Flat `scopes[]` are matched EXACTLY (backwards-compatible). The opt-in
|
|
32
|
+
* `constraints.crisp.scopes[]` entries are honored per their declared matcher.
|
|
33
|
+
*/
|
|
34
|
+
export declare function scopeSatisfies(requiredScopeId: string, credential: DelegationCredential): ScopeSatisfaction;
|
|
35
|
+
//# sourceMappingURL=scope-matcher.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scope-matcher.d.ts","sourceRoot":"","sources":["../../src/delegation/scope-matcher.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAc,MAAM,sBAAsB,CAAC;AAY7E,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC;AAExD;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAsBzF;AAkBD,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,OAAO,CAAC;IACnB;;;OAGG;IACH,mBAAmB,EAAE,OAAO,CAAC;CAC9B;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAC5B,eAAe,EAAE,MAAM,EACvB,UAAU,EAAE,oBAAoB,GAC/B,iBAAiB,CAUnB"}
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
const MAX_REGEX_LEN = 256;
|
|
2
|
+
const MAX_VALUE_LEN = 256;
|
|
3
|
+
/**
|
|
4
|
+
* Conservative detector for the classic catastrophic-backtracking shape — a
|
|
5
|
+
* quantified group whose body also contains a quantifier, e.g. `(a+)+`, `(a*)*`,
|
|
6
|
+
* `(.{1,9})+`. This is a heuristic reject, NOT a proof of safety.
|
|
7
|
+
*/
|
|
8
|
+
const NESTED_QUANTIFIER = /\([^()]*[+*?{][^()]*\)\s*[+*{]/;
|
|
9
|
+
/**
|
|
10
|
+
* Match a single requested scope/resource value against a pattern by matcher kind.
|
|
11
|
+
*
|
|
12
|
+
* - `exact` : strict string equality.
|
|
13
|
+
* - `prefix` : value starts with the pattern (a single trailing `*` is optional sugar).
|
|
14
|
+
* An empty base ('' or lone '*') matches nothing — it will NOT grant
|
|
15
|
+
* universal scope.
|
|
16
|
+
* - `regex` : anchored full-string match; never throws (invalid patterns → false).
|
|
17
|
+
*
|
|
18
|
+
* SECURITY: the regex pattern is supplied by the credential ISSUER. JS `RegExp`
|
|
19
|
+
* is not linear-time, so this guards against the common catastrophic-backtracking
|
|
20
|
+
* shapes (nested quantifiers) and bounds input length — but it is a conservative
|
|
21
|
+
* mitigation, not a guarantee. Deployments accepting `regex` matchers from
|
|
22
|
+
* untrusted issuers should prefer `exact`/`prefix` or evaluate via a linear-time
|
|
23
|
+
* engine (e.g. RE2).
|
|
24
|
+
*/
|
|
25
|
+
export function matchScope(pattern, matcher, value) {
|
|
26
|
+
switch (matcher) {
|
|
27
|
+
case 'exact':
|
|
28
|
+
return pattern === value;
|
|
29
|
+
case 'prefix': {
|
|
30
|
+
const base = pattern.endsWith('*') ? pattern.slice(0, -1) : pattern;
|
|
31
|
+
// Refuse to grant universal scope via an empty/`*`-only prefix.
|
|
32
|
+
if (base.length === 0)
|
|
33
|
+
return false;
|
|
34
|
+
return value.startsWith(base);
|
|
35
|
+
}
|
|
36
|
+
case 'regex': {
|
|
37
|
+
if (pattern.length > MAX_REGEX_LEN || value.length > MAX_VALUE_LEN)
|
|
38
|
+
return false;
|
|
39
|
+
if (NESTED_QUANTIFIER.test(pattern))
|
|
40
|
+
return false;
|
|
41
|
+
try {
|
|
42
|
+
return new RegExp(`^(?:${pattern})$`).test(value);
|
|
43
|
+
}
|
|
44
|
+
catch {
|
|
45
|
+
return false;
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
default:
|
|
49
|
+
return false;
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* Flat exact-match scope set: delegation.scopes ∪ constraints.scopes.
|
|
54
|
+
* Null-safe by design: scopeSatisfies is a public, never-throw predicate, so a
|
|
55
|
+
* structurally malformed credential (missing constraints) yields an empty set
|
|
56
|
+
* rather than a TypeError.
|
|
57
|
+
*/
|
|
58
|
+
function flatScopes(credential) {
|
|
59
|
+
const d = credential?.credentialSubject?.delegation;
|
|
60
|
+
return [...(d?.scopes ?? []), ...(d?.constraints?.scopes ?? [])];
|
|
61
|
+
}
|
|
62
|
+
/** Opt-in CrispScope[] entries (constraints.crisp.scopes), if any. Null-safe. */
|
|
63
|
+
function crispScopes(credential) {
|
|
64
|
+
return credential?.credentialSubject?.delegation?.constraints?.crisp?.scopes ?? [];
|
|
65
|
+
}
|
|
66
|
+
/**
|
|
67
|
+
* Decide whether a required scope id is satisfied by a credential.
|
|
68
|
+
*
|
|
69
|
+
* Flat `scopes[]` are matched EXACTLY (backwards-compatible). The opt-in
|
|
70
|
+
* `constraints.crisp.scopes[]` entries are honored per their declared matcher.
|
|
71
|
+
*/
|
|
72
|
+
export function scopeSatisfies(requiredScopeId, credential) {
|
|
73
|
+
if (flatScopes(credential).includes(requiredScopeId)) {
|
|
74
|
+
return { satisfied: true, usedNonExactMatcher: false };
|
|
75
|
+
}
|
|
76
|
+
for (const cs of crispScopes(credential)) {
|
|
77
|
+
if (matchScope(cs.resource, cs.matcher, requiredScopeId)) {
|
|
78
|
+
return { satisfied: true, usedNonExactMatcher: cs.matcher !== 'exact' };
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
return { satisfied: false, usedNonExactMatcher: false };
|
|
82
|
+
}
|
|
83
|
+
//# sourceMappingURL=scope-matcher.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scope-matcher.js","sourceRoot":"","sources":["../../src/delegation/scope-matcher.ts"],"names":[],"mappings":"AAEA,MAAM,aAAa,GAAG,GAAG,CAAC;AAC1B,MAAM,aAAa,GAAG,GAAG,CAAC;AAE1B;;;;GAIG;AACH,MAAM,iBAAiB,GAAG,gCAAgC,CAAC;AAI3D;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,UAAU,CAAC,OAAe,EAAE,OAAqB,EAAE,KAAa;IAC9E,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,OAAO;YACV,OAAO,OAAO,KAAK,KAAK,CAAC;QAC3B,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YACpE,gEAAgE;YAChE,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YACpC,OAAO,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,IAAI,OAAO,CAAC,MAAM,GAAG,aAAa,IAAI,KAAK,CAAC,MAAM,GAAG,aAAa;gBAAE,OAAO,KAAK,CAAC;YACjF,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YAClD,IAAI,CAAC;gBACH,OAAO,IAAI,MAAM,CAAC,OAAO,OAAO,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,UAAU,CAAC,UAAgC;IAClD,MAAM,CAAC,GAAG,UAAU,EAAE,iBAAiB,EAAE,UAAU,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC;AACnE,CAAC;AAED,iFAAiF;AACjF,SAAS,WAAW,CAAC,UAAgC;IACnD,OAAO,UAAU,EAAE,iBAAiB,EAAE,UAAU,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,IAAI,EAAE,CAAC;AACrF,CAAC;AAWD;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAC5B,eAAuB,EACvB,UAAgC;IAEhC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QACrD,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,CAAC;IACzD,CAAC;IACD,KAAK,MAAM,EAAE,IAAI,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;QACzC,IAAI,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,OAAO,EAAE,eAAe,CAAC,EAAE,CAAC;YACzD,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,mBAAmB,EAAE,EAAE,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;QAC1E,CAAC;IACH,CAAC;IACD,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK,EAAE,CAAC;AAC1D,CAAC"}
|
|
@@ -96,6 +96,13 @@ export declare class DelegationCredentialVerifier {
|
|
|
96
96
|
*/
|
|
97
97
|
verifyDelegationCredential(vc: DelegationCredential, options?: VerifyDelegationVCOptions): Promise<DelegationVCVerificationResult>;
|
|
98
98
|
private validateBasicProperties;
|
|
99
|
+
/**
|
|
100
|
+
* Reject a delegation credential whose `credentialSubject` carries properties
|
|
101
|
+
* other than `id` and `delegation`. Claim-bearing fields in a permission
|
|
102
|
+
* credential separate designation from authorization — the confused-deputy
|
|
103
|
+
* class (KYA-OS §11.6). Unconditional as of 1.4.0.
|
|
104
|
+
*/
|
|
105
|
+
private validateSubjectShape;
|
|
99
106
|
private verifySignature;
|
|
100
107
|
private checkCredentialStatus;
|
|
101
108
|
private findVerificationMethod;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vc-verifier.d.ts","sourceRoot":"","sources":["../../src/delegation/vc-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EACV,oBAAoB,EACpB,gBAAgB,EACjB,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"vc-verifier.d.ts","sourceRoot":"","sources":["../../src/delegation/vc-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EACV,oBAAoB,EACpB,gBAAgB,EACjB,MAAM,sBAAsB,CAAC;AAc9B,MAAM,WAAW,8BAA8B;IAC7C,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,OAAO,GAAG,WAAW,GAAG,QAAQ,GAAG,UAAU,CAAC;IACrD,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE;QACR,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,MAAM,CAAC,EAAE;QACP,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,WAAW,CAAC,EAAE,OAAO,CAAC;KACvB,CAAC;CACH;AAED,MAAM,WAAW,yBAAyB;IACxC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;CACzC;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;CACnD;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,kBAAkB,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAC1C,cAAc,CAAC,EAAE,CAAC,MAAM,GAAG,kBAAkB,CAAC,EAAE,CAAC;IACjD,eAAe,CAAC,EAAE,CAAC,MAAM,GAAG,kBAAkB,CAAC,EAAE,CAAC;CACnD;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,CAAC,MAAM,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACzD;AAED,MAAM,WAAW,6BAA6B;IAC5C,CACE,EAAE,EAAE,oBAAoB,EACxB,YAAY,EAAE,OAAO,GACpB,OAAO,CAAC;QACT,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC,CAAC;CACJ;AAED,qBAAa,4BAA4B;IACvC,OAAO,CAAC,WAAW,CAAC,CAAc;IAClC,OAAO,CAAC,kBAAkB,CAAC,CAAqB;IAChD,OAAO,CAAC,iBAAiB,CAAC,CAAgC;IAC1D,OAAO,CAAC,KAAK,CAGT;IACJ,OAAO,CAAC,mBAAmB,CAAgB;IAC3C,OAAO,CAAC,QAAQ,CAAS;IACzB;;;;OAIG;IACH,OAAO,CAAC,YAAY,CAAS;gBAEjB,OAAO,CAAC,EAAE;QACpB,WAAW,CAAC,EAAE,WAAW,CAAC;QAC1B,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;QACxC,iBAAiB,CAAC,EAAE,6BAA6B,CAAC;QAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,2CAA2C;QAC3C,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB;IAQD;;;;;;;;;;OAUG;IACG,0BAA0B,CAC9B,EAAE,EAAE,oBAAoB,EACxB,OAAO,GAAE,yBAA8B,GACtC,OAAO,CAAC,8BAA8B,CAAC;IA6F1C,OAAO,CAAC,uBAAuB;IA4C/B;;;;;OAKG;IACH,OAAO,CAAC,oBAAoB;YAoBd,eAAe;YAkFf,qBAAqB;IAuCnC,OAAO,CAAC,sBAAsB;IAS9B,OAAO,CAAC,YAAY;IAYpB,OAAO,CAAC,UAAU;IAgBlB,UAAU,IAAI,IAAI;IAKlB,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;CAOlC;AAED,wBAAgB,wBAAwB,CAAC,OAAO,CAAC,EAAE;IACjD,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,iBAAiB,CAAC,EAAE,6BAA6B,CAAC;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GAAG,4BAA4B,CAE/B"}
|
|
@@ -11,6 +11,12 @@
|
|
|
11
11
|
* Related Spec: KYA-OS §4.3, W3C VC Data Model 1.1
|
|
12
12
|
*/
|
|
13
13
|
import { isDelegationCredentialExpired, isDelegationCredentialNotYetValid, validateDelegationCredential, } from "../types/protocol.js";
|
|
14
|
+
/**
|
|
15
|
+
* Properties a DelegationCredential `credentialSubject` may carry. Anything
|
|
16
|
+
* else is treated as a claim-intended field and rejected by default — a
|
|
17
|
+
* permission credential must not smuggle claims (KYA-OS §11.6).
|
|
18
|
+
*/
|
|
19
|
+
const DELEGATION_SUBJECT_KEYS = ["id", "delegation"];
|
|
14
20
|
export class DelegationCredentialVerifier {
|
|
15
21
|
didResolver;
|
|
16
22
|
statusListResolver;
|
|
@@ -137,8 +143,29 @@ export class DelegationCredentialVerifier {
|
|
|
137
143
|
if (!vc.proof) {
|
|
138
144
|
return { valid: false, reason: "Missing proof" };
|
|
139
145
|
}
|
|
146
|
+
const subjectShape = this.validateSubjectShape(vc);
|
|
147
|
+
if (!subjectShape.valid) {
|
|
148
|
+
return subjectShape;
|
|
149
|
+
}
|
|
140
150
|
return { valid: true };
|
|
141
151
|
}
|
|
152
|
+
/**
|
|
153
|
+
* Reject a delegation credential whose `credentialSubject` carries properties
|
|
154
|
+
* other than `id` and `delegation`. Claim-bearing fields in a permission
|
|
155
|
+
* credential separate designation from authorization — the confused-deputy
|
|
156
|
+
* class (KYA-OS §11.6). Unconditional as of 1.4.0.
|
|
157
|
+
*/
|
|
158
|
+
validateSubjectShape(vc) {
|
|
159
|
+
const extraneous = Object.keys(vc.credentialSubject).filter((key) => !DELEGATION_SUBJECT_KEYS.includes(key));
|
|
160
|
+
if (extraneous.length === 0) {
|
|
161
|
+
return { valid: true };
|
|
162
|
+
}
|
|
163
|
+
return {
|
|
164
|
+
valid: false,
|
|
165
|
+
reason: `credentialSubject contains non-delegation field(s): ${extraneous.join(", ")}. ` +
|
|
166
|
+
`A DelegationCredential subject MUST carry only 'id' and 'delegation' (KYA-OS §11.6).`,
|
|
167
|
+
};
|
|
168
|
+
}
|
|
142
169
|
async verifySignature(vc, didResolver) {
|
|
143
170
|
const startTime = Date.now();
|
|
144
171
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vc-verifier.js","sourceRoot":"","sources":["../../src/delegation/vc-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAMH,OAAO,EACL,6BAA6B,EAC7B,iCAAiC,EACjC,4BAA4B,GAC7B,MAAM,sBAAsB,CAAC;AA+
|
|
1
|
+
{"version":3,"file":"vc-verifier.js","sourceRoot":"","sources":["../../src/delegation/vc-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAMH,OAAO,EACL,6BAA6B,EAC7B,iCAAiC,EACjC,4BAA4B,GAC7B,MAAM,sBAAsB,CAAC;AAE9B;;;;GAIG;AACH,MAAM,uBAAuB,GAAsB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;AA+DxE,MAAM,OAAO,4BAA4B;IAC/B,WAAW,CAAe;IAC1B,kBAAkB,CAAsB;IACxC,iBAAiB,CAAiC;IAClD,KAAK,GAAG,IAAI,GAAG,EAGpB,CAAC;IACI,mBAAmB,GAAa,EAAE,CAAC;IACnC,QAAQ,CAAS;IACzB;;;;OAIG;IACK,YAAY,CAAS;IAE7B,YAAY,OAOX;QACC,IAAI,CAAC,WAAW,GAAG,OAAO,EAAE,WAAW,CAAC;QACxC,IAAI,CAAC,kBAAkB,GAAG,OAAO,EAAE,kBAAkB,CAAC;QACtD,IAAI,CAAC,iBAAiB,GAAG,OAAO,EAAE,iBAAiB,CAAC;QACpD,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,MAAM,CAAC;QAC5C,IAAI,CAAC,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,IAAI,CAAC;IACpD,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,0BAA0B,CAC9B,EAAwB,EACxB,UAAqC,EAAE;QAEvC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;YAC9C,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;YACrC,CAAC;QACH,CAAC;QAED,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACnC,MAAM,eAAe,GAAG,IAAI,CAAC,uBAAuB,CAAC,EAAE,CAAC,CAAC;QACzD,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC;QAElD,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAmC;gBAC7C,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,eAAe,CAAC,MAAM;gBAC9B,KAAK,EAAE,OAAO;gBACd,OAAO,EAAE;oBACP,YAAY;oBACZ,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBAChC;gBACD,MAAM,EAAE;oBACN,UAAU,EAAE,KAAK;iBAClB;aACF,CAAC;YACF,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,MAAM,gBAAgB,GAAG,CAAC,OAAO,CAAC,aAAa;YAC7C,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,CAAC;YACnE,CAAC,CAAC,OAAO,CAAC,OAAO,CAIZ;gBACD,KAAK,EAAE,IAAI;gBACX,UAAU,EAAE,CAAC;aACd,CAAC,CAAC;QAEP,MAAM,aAAa,GACjB,CAAC,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC,gBAAgB;YACxC,CAAC,CAAC,IAAI,CAAC,qBAAqB,CACxB,EAAE,CAAC,gBAAgB,EACnB,OAAO,CAAC,kBAAkB,IAAI,IAAI,CAAC,kBAAkB,CACtD;YACH,CAAC,CAAC,OAAO,CAAC,OAAO,CAIZ;gBACD,KAAK,EAAE,IAAI;gBACX,UAAU,EAAE,CAAC;aACd,CAAC,CAAC;QAET,MAAM,CAAC,eAAe,EAAE,YAAY,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACxD,gBAAgB;YAChB,aAAa;SACd,CAAC,CAAC;QAEH,MAAM,gBAAgB,GAAG,eAAe,CAAC,UAAU,IAAI,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,YAAY,CAAC,UAAU,IAAI,CAAC,CAAC;QAEnD,MAAM,QAAQ,GACZ,eAAe,CAAC,KAAK,IAAI,eAAe,CAAC,KAAK,IAAI,YAAY,CAAC,KAAK,CAAC;QAEvE,MAAM,MAAM,GAAmC;YAC7C,KAAK,EAAE,QAAQ;YACf,MAAM,EAAE,CAAC,QAAQ;gBACf,CAAC,CAAC,eAAe,CAAC,MAAM,IAAI,YAAY,CAAC,MAAM,IAAI,iBAAiB;gBACpE,CAAC,CAAC,SAAS;YACb,KAAK,EAAE,UAAU;YACjB,OAAO,EAAE;gBACP,YAAY;gBACZ,gBAAgB;gBAChB,aAAa;gBACb,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aAChC;YACD,MAAM,EAAE;gBACN,UAAU,EAAE,eAAe,CAAC,KAAK;gBACjC,cAAc,EAAE,eAAe,CAAC,KAAK;gBACrC,WAAW,EAAE,YAAY,CAAC,KAAK;aAChC;SACF,CAAC;QAEF,IAAI,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1B,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QACjC,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,uBAAuB,CAAC,EAAwB;QAItD,MAAM,gBAAgB,GAAG,4BAA4B,CAAC,EAAE,CAAC,CAAC;QAC1D,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC;YAC9B,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,6BAA6B,gBAAgB,CAAC,KAAK,EAAE,OAAO,EAAE;aACvE,CAAC;QACJ,CAAC;QAED,IAAI,6BAA6B,CAAC,EAAE,CAAC,EAAE,CAAC;YACtC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;QACnE,CAAC;QAED,IAAI,iCAAiC,CAAC,EAAE,CAAC,EAAE,CAAC;YAC1C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,qCAAqC,EAAE,CAAC;QACzE,CAAC;QAED,MAAM,UAAU,GAAG,EAAE,CAAC,iBAAiB,CAAC,UAAU,CAAC;QACnD,IAAI,UAAU,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACpC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,8BAA8B,EAAE,CAAC;QAClE,CAAC;QACD,IAAI,UAAU,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACpC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,8BAA8B,EAAE,CAAC;QAClE,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;YACpD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;QACnE,CAAC;QAED,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;YACd,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;QACnD,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,oBAAoB,CAAC,EAAE,CAAC,CAAC;QACnD,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;YACxB,OAAO,YAAY,CAAC;QACtB,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED;;;;;OAKG;IACK,oBAAoB,CAAC,EAAwB;QAInD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,iBAAiB,CAAC,CAAC,MAAM,CACzD,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,uBAAuB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAChD,CAAC;QAEF,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACzB,CAAC;QAED,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EACJ,uDAAuD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;gBAChF,sFAAsF;SACzF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,eAAe,CAC3B,EAAwB,EACxB,WAAyB;QAEzB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,IAAI,CAAC;YACH,MAAM,SAAS,GACb,OAAO,EAAE,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;YAE3D,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC5C,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EACJ,iFAAiF;oBACnF,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,iCAAiC,SAAS,EAAE;oBACpD,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;gBACd,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,kBAAkB;oBAC1B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,MAAM,oBAAoB,GAAG,EAAE,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YAC5D,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC1B,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,kCAAkC;oBAC1C,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,MAAM,kBAAkB,GAAG,IAAI,CAAC,sBAAsB,CACpD,MAAM,EACN,oBAA8B,CAC/B,CAAC;YACF,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,uBAAuB,oBAAoB,YAAY;oBAC/D,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,MAAM,YAAY,GAAG,kBAAkB,CAAC,YAAY,CAAC;YACrD,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,0CAA0C;oBAClD,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC;YAE1E,OAAO;gBACL,KAAK,EAAE,kBAAkB,CAAC,KAAK;gBAC/B,MAAM,EAAE,kBAAkB,CAAC,MAAM;gBACjC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACnC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,iCAAiC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;gBACnG,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACnC,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,qBAAqB,CACjC,MAAwB,EACxB,kBAAuC;QAEvC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,IAAI,CAAC;YACH,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EACJ,6GAA6G;oBAC/G,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAE/D,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,0CAA0C,MAAM,CAAC,aAAa,GAAG;oBACzE,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACnC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,uBAAuB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;gBACzF,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACnC,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,sBAAsB,CAC5B,MAAmB,EACnB,oBAA4B;QAE5B,OAAO,MAAM,CAAC,kBAAkB,EAAE,IAAI,CACpC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,oBAAoB,CACvC,CAAC;IACJ,CAAC;IAEO,YAAY,CAAC,EAAU;QAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACjC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACtB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC,MAAM,CAAC;IACtB,CAAC;IAEO,UAAU,CAAC,EAAU,EAAE,MAAsC;QACnE,iEAAiE;QACjE,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnF,MAAM,QAAQ,GAAG,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAClD,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE;YACjB,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ;SACtC,CAAC,CAAC;QACH,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpC,CAAC;IAED,UAAU;QACR,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACnB,IAAI,CAAC,mBAAmB,GAAG,EAAE,CAAC;IAChC,CAAC;IAED,eAAe,CAAC,EAAU;QACxB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACjD,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;YACf,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;CACF;AAED,MAAM,UAAU,wBAAwB,CAAC,OAKxC;IACC,OAAO,IAAI,4BAA4B,CAAC,OAAO,CAAC,CAAC;AACnD,CAAC"}
|
package/dist/errors.d.ts
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* KYA-OS Canonical Error Codes
|
|
3
3
|
*
|
|
4
4
|
* Single source of truth for all wire-format error codes.
|
|
5
|
-
* Aligned with the error catalog at
|
|
5
|
+
* Aligned with the error catalog at kya-os.ai/mcp.
|
|
6
6
|
*
|
|
7
7
|
* Naming convention: snake_case, no protocol prefix.
|
|
8
8
|
* Follows OAuth 2.0 / Stripe conventions for readability and portability.
|
|
@@ -19,6 +19,7 @@ export declare const KYA_OS_ERROR_CODES: {
|
|
|
19
19
|
readonly invalid_request: "invalid_request";
|
|
20
20
|
readonly needs_authorization: "needs_authorization";
|
|
21
21
|
readonly insufficient_scope: "insufficient_scope";
|
|
22
|
+
readonly policy_denied: "policy_denied";
|
|
22
23
|
readonly delegation_expired: "delegation_expired";
|
|
23
24
|
readonly delegation_not_yet_valid: "delegation_not_yet_valid";
|
|
24
25
|
readonly delegation_revoked: "delegation_revoked";
|
package/dist/errors.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,eAAO,MAAM,kBAAkB
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;CAsCrB,CAAC;AAEX,MAAM,MAAM,cAAc,GACxB,CAAC,OAAO,kBAAkB,CAAC,CAAC,MAAM,OAAO,kBAAkB,CAAC,CAAC;AAE/D,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,cAAc,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,cAAc,EACpB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,kBAAkB,CAEpB"}
|
package/dist/errors.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* KYA-OS Canonical Error Codes
|
|
3
3
|
*
|
|
4
4
|
* Single source of truth for all wire-format error codes.
|
|
5
|
-
* Aligned with the error catalog at
|
|
5
|
+
* Aligned with the error catalog at kya-os.ai/mcp.
|
|
6
6
|
*
|
|
7
7
|
* Naming convention: snake_case, no protocol prefix.
|
|
8
8
|
* Follows OAuth 2.0 / Stripe conventions for readability and portability.
|
|
@@ -23,6 +23,7 @@ export const KYA_OS_ERROR_CODES = {
|
|
|
23
23
|
// Delegation errors
|
|
24
24
|
needs_authorization: "needs_authorization",
|
|
25
25
|
insufficient_scope: "insufficient_scope",
|
|
26
|
+
policy_denied: "policy_denied",
|
|
26
27
|
delegation_expired: "delegation_expired",
|
|
27
28
|
delegation_not_yet_valid: "delegation_not_yet_valid",
|
|
28
29
|
delegation_revoked: "delegation_revoked",
|
package/dist/errors.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,eAAe;IACf,aAAa,EAAE,eAAe;IAC9B,WAAW,EAAE,aAAa;IAC1B,YAAY,EAAE,cAAc;IAC5B,cAAc,EAAE,gBAAgB;IAEhC,wBAAwB;IACxB,aAAa,EAAE,eAAe;IAC9B,kBAAkB,EAAE,oBAAoB;IAExC,6BAA6B;IAC7B,gBAAgB,EAAE,kBAAkB;IACpC,eAAe,EAAE,iBAAiB;IAClC,eAAe,EAAE,iBAAiB;IAElC,oBAAoB;IACpB,mBAAmB,EAAE,qBAAqB;IAC1C,kBAAkB,EAAE,oBAAoB;IACxC,kBAAkB,EAAE,oBAAoB;IACxC,wBAAwB,EAAE,0BAA0B;IACpD,kBAAkB,EAAE,oBAAoB;IACxC,kBAAkB,EAAE,oBAAoB;IACxC,eAAe,EAAE,iBAAiB;IAClC,mBAAmB,EAAE,qBAAqB;IAE1C,eAAe;IACf,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAE9B,kBAAkB;IAClB,cAAc,EAAE,gBAAgB;IAChC,YAAY,EAAE,cAAc;IAE5B,gBAAgB;IAChB,mBAAmB,EAAE,qBAAqB;IAC1C,aAAa,EAAE,eAAe;CACtB,CAAC;AAWX,MAAM,UAAU,gBAAgB,CAC9B,IAAoB,EACpB,OAAe,EACf,OAAiC;IAEjC,OAAO,OAAO,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAClE,CAAC"}
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,eAAe;IACf,aAAa,EAAE,eAAe;IAC9B,WAAW,EAAE,aAAa;IAC1B,YAAY,EAAE,cAAc;IAC5B,cAAc,EAAE,gBAAgB;IAEhC,wBAAwB;IACxB,aAAa,EAAE,eAAe;IAC9B,kBAAkB,EAAE,oBAAoB;IAExC,6BAA6B;IAC7B,gBAAgB,EAAE,kBAAkB;IACpC,eAAe,EAAE,iBAAiB;IAClC,eAAe,EAAE,iBAAiB;IAElC,oBAAoB;IACpB,mBAAmB,EAAE,qBAAqB;IAC1C,kBAAkB,EAAE,oBAAoB;IACxC,aAAa,EAAE,eAAe;IAC9B,kBAAkB,EAAE,oBAAoB;IACxC,wBAAwB,EAAE,0BAA0B;IACpD,kBAAkB,EAAE,oBAAoB;IACxC,kBAAkB,EAAE,oBAAoB;IACxC,eAAe,EAAE,iBAAiB;IAClC,mBAAmB,EAAE,qBAAqB;IAE1C,eAAe;IACf,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAE9B,kBAAkB;IAClB,cAAc,EAAE,gBAAgB;IAChC,YAAY,EAAE,cAAc;IAE5B,gBAAgB;IAChB,mBAAmB,EAAE,qBAAqB;IAC1C,aAAa,EAAE,eAAe;CACtB,CAAC;AAWX,MAAM,UAAU,gBAAgB,CAC9B,IAAoB,EACpB,OAAe,EACf,OAAiC;IAEjC,OAAO,OAAO,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAClE,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* Delegation, proof, and session for Model Context Protocol Identity.
|
|
5
5
|
* This package is a DIF TAAWG protocol reference implementation.
|
|
6
6
|
*
|
|
7
|
-
* Related Spec: https://
|
|
7
|
+
* Related Spec: https://kya-os.ai/mcp
|
|
8
8
|
*
|
|
9
9
|
* ## Error handling strategy
|
|
10
10
|
*
|
|
@@ -15,9 +15,9 @@
|
|
|
15
15
|
* This ensures callers can always handle failures without try/catch on validation paths.
|
|
16
16
|
*/
|
|
17
17
|
export { KYA_OS_ERROR_CODES, createKyaOsError, type KyaOsErrorCode, type KyaOsErrorResponse, } from './errors.js';
|
|
18
|
-
export { base64urlEncodeFromBytes, base64urlDecodeToBytes, } from './utils/base64.js';
|
|
19
|
-
export type { DelegationConstraints, DelegationRecord, DelegationCredential, DelegationStatus, CredentialStatus, StatusList2021Credential, Proof, HandshakeRequest, SessionContext, NonceCache, MCPClientInfo, MCPClientSessionInfo, SessionIdentityState, DetachedProof, ProofMeta, CanonicalHashes, AuditRecord, AuditContext, AuditEventContext, NeedsAuthorizationError, AuthorizationDisplay, CrispBudget, CrispScope, } from './types/protocol.js';
|
|
20
|
-
export { wrapDelegationAsVC, extractDelegationFromVC, isDelegationCredentialExpired, isDelegationCredentialNotYetValid, validateDelegationCredential, validateDetachedProof, createNeedsAuthorizationError, isNeedsAuthorizationError, DELEGATION_CREDENTIAL_CONTEXT, DEFAULT_SESSION_TTL_MINUTES, DEFAULT_TIMESTAMP_SKEW_SECONDS, NONCE_LENGTH_BYTES, AUTH_NONCE_TTL_MS, ANON_NONCE_TTL_MS, type MetaPolicy, } from './types/protocol.js';
|
|
18
|
+
export { base64urlEncodeFromBytes, base64urlDecodeToBytes, bytesToBase64, base64ToBytes, } from './utils/base64.js';
|
|
19
|
+
export type { DelegationConstraints, DelegationRecord, DelegationCredential, DelegationStatus, CredentialStatus, StatusList2021Credential, Proof, HandshakeRequest, SessionContext, NonceCache, MCPClientInfo, MCPClientSessionInfo, SessionIdentityState, DetachedProof, ProofMeta, CanonicalHashes, AuditRecord, AuditContext, AuditEventContext, NeedsAuthorizationError, NeedsApprovalError, AuthorizationDisplay, CrispBudget, CrispScope, } from './types/protocol.js';
|
|
20
|
+
export { wrapDelegationAsVC, extractDelegationFromVC, isDelegationCredentialExpired, isDelegationCredentialNotYetValid, validateDelegationCredential, validateDetachedProof, createNeedsAuthorizationError, isNeedsAuthorizationError, createNeedsApprovalError, isNeedsApprovalError, DELEGATION_CREDENTIAL_CONTEXT, DEFAULT_SESSION_TTL_MINUTES, DEFAULT_TIMESTAMP_SKEW_SECONDS, NONCE_LENGTH_BYTES, AUTH_NONCE_TTL_MS, ANON_NONCE_TTL_MS, type MetaPolicy, } from './types/protocol.js';
|
|
21
21
|
export { DelegationCredentialIssuer, createDelegationIssuer, type IssueDelegationOptions, type VCSigningFunction, type IdentityProvider as DelegationIdentityProvider, } from './delegation/vc-issuer.js';
|
|
22
22
|
export { DelegationCredentialVerifier, createDelegationVerifier, type DelegationVCVerificationResult, type VerifyDelegationVCOptions, type DIDResolver, type DIDDocument, type VerificationMethod, type StatusListResolver, type SignatureVerificationFunction, } from './delegation/vc-verifier.js';
|
|
23
23
|
export { DelegationGraphManager, createDelegationGraph, type DelegationNode, type DelegationGraphStorageProvider, } from './delegation/delegation-graph.js';
|
|
@@ -42,7 +42,12 @@ export { SessionManager, createHandshakeRequest, validateHandshakeFormat, type S
|
|
|
42
42
|
export { CryptoProvider, ClockProvider, FetchProvider, StorageProvider, NonceCacheProvider, IdentityProvider, type Identity, type AgentIdentity, } from './providers/base.js';
|
|
43
43
|
export { MemoryStorageProvider, MemoryNonceCacheProvider, MemoryIdentityProvider, } from './providers/memory.js';
|
|
44
44
|
export { NodeCryptoProvider } from './providers/node-crypto.js';
|
|
45
|
+
export { SystemClockProvider } from './providers/system-clock.js';
|
|
46
|
+
export { RuntimeFetchProvider } from './providers/runtime-fetch.js';
|
|
47
|
+
export { AuditLogProvider, MemoryAuditLogProvider, NoopAuditLogProvider, buildAuditRecord, } from './providers/audit-log.js';
|
|
45
48
|
export { createKyaOsMiddleware, type KyaOsConfig, type KyaOsDelegationConfig, type KyaOsIdentityConfig, type KyaOsMiddleware, type KyaOsToolDefinition, type KyaOsToolHandler, type KyaOsServer, withKyaOs, generateIdentity, type WithKyaOsOptions, } from './middleware/index.js';
|
|
49
|
+
export * from './policy/index.js';
|
|
50
|
+
export { matchScope, scopeSatisfies, type ScopeMatcher, type ScopeSatisfaction, } from './delegation/scope-matcher.js';
|
|
46
51
|
export { logger, createDefaultConsoleLogger, type Logger, type Level, } from './logging/index.js';
|
|
47
52
|
export { ED25519_PKCS8_DER_HEADER, ED25519_SPKI_DER_HEADER_LENGTH, ED25519_KEY_SIZE, } from './utils/index.js';
|
|
48
53
|
//# sourceMappingURL=index.d.ts.map
|