@kya-os/mcp 1.7.0 → 1.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +69 -0
- package/README.md +219 -3
- package/dist/card/build.d.ts +41 -0
- package/dist/card/build.d.ts.map +1 -0
- package/dist/card/build.js +47 -0
- package/dist/card/build.js.map +1 -0
- package/dist/card/builder.d.ts +99 -0
- package/dist/card/builder.d.ts.map +1 -0
- package/dist/card/builder.js +147 -0
- package/dist/card/builder.js.map +1 -0
- package/dist/card/cimd.d.ts +92 -0
- package/dist/card/cimd.d.ts.map +1 -0
- package/dist/card/cimd.js +225 -0
- package/dist/card/cimd.js.map +1 -0
- package/dist/card/delegation.d.ts +145 -0
- package/dist/card/delegation.d.ts.map +1 -0
- package/dist/card/delegation.js +293 -0
- package/dist/card/delegation.js.map +1 -0
- package/dist/card/emit.d.ts +133 -0
- package/dist/card/emit.d.ts.map +1 -0
- package/dist/card/emit.js +127 -0
- package/dist/card/emit.js.map +1 -0
- package/dist/card/index.d.ts +43 -0
- package/dist/card/index.d.ts.map +1 -0
- package/dist/card/index.js +46 -0
- package/dist/card/index.js.map +1 -0
- package/dist/card/middleware.d.ts +112 -0
- package/dist/card/middleware.d.ts.map +1 -0
- package/dist/card/middleware.js +121 -0
- package/dist/card/middleware.js.map +1 -0
- package/dist/card/proof/build.d.ts +22 -0
- package/dist/card/proof/build.d.ts.map +1 -0
- package/dist/card/proof/build.js +55 -0
- package/dist/card/proof/build.js.map +1 -0
- package/dist/card/proof/canonical.d.ts +66 -0
- package/dist/card/proof/canonical.d.ts.map +1 -0
- package/dist/card/proof/canonical.js +131 -0
- package/dist/card/proof/canonical.js.map +1 -0
- package/dist/card/proof/http-sig.d.ts +69 -0
- package/dist/card/proof/http-sig.d.ts.map +1 -0
- package/dist/card/proof/http-sig.js +101 -0
- package/dist/card/proof/http-sig.js.map +1 -0
- package/dist/card/proof/index.d.ts +25 -0
- package/dist/card/proof/index.d.ts.map +1 -0
- package/dist/card/proof/index.js +25 -0
- package/dist/card/proof/index.js.map +1 -0
- package/dist/card/proof/nonce-cache.d.ts +67 -0
- package/dist/card/proof/nonce-cache.d.ts.map +1 -0
- package/dist/card/proof/nonce-cache.js +88 -0
- package/dist/card/proof/nonce-cache.js.map +1 -0
- package/dist/card/proof/signer.d.ts +32 -0
- package/dist/card/proof/signer.d.ts.map +1 -0
- package/dist/card/proof/signer.js +59 -0
- package/dist/card/proof/signer.js.map +1 -0
- package/dist/card/proof/types.d.ts +219 -0
- package/dist/card/proof/types.d.ts.map +1 -0
- package/dist/card/proof/types.js +87 -0
- package/dist/card/proof/types.js.map +1 -0
- package/dist/card/proof/verify.d.ts +27 -0
- package/dist/card/proof/verify.d.ts.map +1 -0
- package/dist/card/proof/verify.js +236 -0
- package/dist/card/proof/verify.js.map +1 -0
- package/dist/card/resolve.d.ts +97 -0
- package/dist/card/resolve.d.ts.map +1 -0
- package/dist/card/resolve.js +223 -0
- package/dist/card/resolve.js.map +1 -0
- package/dist/card/revocation.d.ts +96 -0
- package/dist/card/revocation.d.ts.map +1 -0
- package/dist/card/revocation.js +190 -0
- package/dist/card/revocation.js.map +1 -0
- package/dist/card/schema.d.ts +177 -0
- package/dist/card/schema.d.ts.map +1 -0
- package/dist/card/schema.js +119 -0
- package/dist/card/schema.js.map +1 -0
- package/dist/card/verify.d.ts +144 -0
- package/dist/card/verify.d.ts.map +1 -0
- package/dist/card/verify.js +132 -0
- package/dist/card/verify.js.map +1 -0
- package/dist/delegation/bitstring.d.ts +9 -7
- package/dist/delegation/bitstring.d.ts.map +1 -1
- package/dist/delegation/bitstring.js +70 -37
- package/dist/delegation/bitstring.js.map +1 -1
- package/dist/delegation/did-linkage.d.ts +23 -0
- package/dist/delegation/did-linkage.d.ts.map +1 -0
- package/dist/delegation/did-linkage.js +57 -0
- package/dist/delegation/did-linkage.js.map +1 -0
- package/dist/delegation/did-resolver-registry.d.ts +7 -0
- package/dist/delegation/did-resolver-registry.d.ts.map +1 -0
- package/dist/delegation/did-resolver-registry.js +20 -0
- package/dist/delegation/did-resolver-registry.js.map +1 -0
- package/dist/delegation/did-web-resolver.d.ts +29 -18
- package/dist/delegation/did-web-resolver.d.ts.map +1 -1
- package/dist/delegation/did-web-resolver.js +65 -35
- package/dist/delegation/did-web-resolver.js.map +1 -1
- package/dist/delegation/index.d.ts +3 -0
- package/dist/delegation/index.d.ts.map +1 -1
- package/dist/delegation/index.js +3 -0
- package/dist/delegation/index.js.map +1 -1
- package/dist/delegation/statuslist-manager.d.ts.map +1 -1
- package/dist/delegation/statuslist-manager.js +16 -1
- package/dist/delegation/statuslist-manager.js.map +1 -1
- package/dist/delegation/vc-jwt-verify.d.ts +61 -0
- package/dist/delegation/vc-jwt-verify.d.ts.map +1 -0
- package/dist/delegation/vc-jwt-verify.js +131 -0
- package/dist/delegation/vc-jwt-verify.js.map +1 -0
- package/dist/delegation/vc-verification-checks.d.ts +50 -0
- package/dist/delegation/vc-verification-checks.d.ts.map +1 -0
- package/dist/delegation/vc-verification-checks.js +212 -0
- package/dist/delegation/vc-verification-checks.js.map +1 -0
- package/dist/delegation/vc-verifier.d.ts +24 -61
- package/dist/delegation/vc-verifier.d.ts.map +1 -1
- package/dist/delegation/vc-verifier.js +57 -180
- package/dist/delegation/vc-verifier.js.map +1 -1
- package/dist/delegation/vc-verifier.types.d.ts +88 -0
- package/dist/delegation/vc-verifier.types.d.ts.map +1 -0
- package/dist/delegation/vc-verifier.types.js +9 -0
- package/dist/delegation/vc-verifier.types.js.map +1 -0
- package/dist/index.d.ts +3 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/integrations/cheqd/dlr.d.ts +44 -0
- package/dist/integrations/cheqd/dlr.d.ts.map +1 -0
- package/dist/integrations/cheqd/dlr.js +86 -0
- package/dist/integrations/cheqd/dlr.js.map +1 -0
- package/dist/integrations/cheqd/index.d.ts +5 -0
- package/dist/integrations/cheqd/index.d.ts.map +1 -0
- package/dist/integrations/cheqd/index.js +5 -0
- package/dist/integrations/cheqd/index.js.map +1 -0
- package/dist/integrations/cheqd/linkage.d.ts +20 -0
- package/dist/integrations/cheqd/linkage.d.ts.map +1 -0
- package/dist/integrations/cheqd/linkage.js +32 -0
- package/dist/integrations/cheqd/linkage.js.map +1 -0
- package/dist/integrations/cheqd/registrar.d.ts +85 -0
- package/dist/integrations/cheqd/registrar.d.ts.map +1 -0
- package/dist/integrations/cheqd/registrar.js +304 -0
- package/dist/integrations/cheqd/registrar.js.map +1 -0
- package/dist/integrations/cheqd/resolver.d.ts +38 -0
- package/dist/integrations/cheqd/resolver.d.ts.map +1 -0
- package/dist/integrations/cheqd/resolver.js +156 -0
- package/dist/integrations/cheqd/resolver.js.map +1 -0
- package/dist/middleware/index.d.ts +2 -0
- package/dist/middleware/index.d.ts.map +1 -1
- package/dist/middleware/index.js +5 -0
- package/dist/middleware/index.js.map +1 -1
- package/dist/middleware/with-kya-os.config-types.d.ts +139 -0
- package/dist/middleware/with-kya-os.config-types.d.ts.map +1 -0
- package/dist/middleware/with-kya-os.config-types.js +9 -0
- package/dist/middleware/with-kya-os.config-types.js.map +1 -0
- package/dist/middleware/with-kya-os.d.ts +3 -267
- package/dist/middleware/with-kya-os.d.ts.map +1 -1
- package/dist/middleware/with-kya-os.delegation-gate.d.ts +19 -0
- package/dist/middleware/with-kya-os.delegation-gate.d.ts.map +1 -0
- package/dist/middleware/with-kya-os.delegation-gate.js +175 -0
- package/dist/middleware/with-kya-os.delegation-gate.js.map +1 -0
- package/dist/middleware/with-kya-os.delegation-verify.d.ts +51 -0
- package/dist/middleware/with-kya-os.delegation-verify.d.ts.map +1 -0
- package/dist/middleware/with-kya-os.delegation-verify.js +165 -0
- package/dist/middleware/with-kya-os.delegation-verify.js.map +1 -0
- package/dist/middleware/with-kya-os.deps.d.ts +40 -0
- package/dist/middleware/with-kya-os.deps.d.ts.map +1 -0
- package/dist/middleware/with-kya-os.deps.js +9 -0
- package/dist/middleware/with-kya-os.deps.js.map +1 -0
- package/dist/middleware/with-kya-os.grants.d.ts +30 -0
- package/dist/middleware/with-kya-os.grants.d.ts.map +1 -0
- package/dist/middleware/with-kya-os.grants.js +145 -0
- package/dist/middleware/with-kya-os.grants.js.map +1 -0
- package/dist/middleware/with-kya-os.helpers.d.ts +24 -0
- package/dist/middleware/with-kya-os.helpers.d.ts.map +1 -0
- package/dist/middleware/with-kya-os.helpers.js +57 -0
- package/dist/middleware/with-kya-os.helpers.js.map +1 -0
- package/dist/middleware/with-kya-os.js +45 -891
- package/dist/middleware/with-kya-os.js.map +1 -1
- package/dist/middleware/with-kya-os.policy-gate.d.ts +16 -0
- package/dist/middleware/with-kya-os.policy-gate.d.ts.map +1 -0
- package/dist/middleware/with-kya-os.policy-gate.js +98 -0
- package/dist/middleware/with-kya-os.policy-gate.js.map +1 -0
- package/dist/middleware/with-kya-os.protocol.d.ts +29 -0
- package/dist/middleware/with-kya-os.protocol.d.ts.map +1 -0
- package/dist/middleware/with-kya-os.protocol.js +121 -0
- package/dist/middleware/with-kya-os.protocol.js.map +1 -0
- package/dist/middleware/with-kya-os.session.d.ts +32 -0
- package/dist/middleware/with-kya-os.session.d.ts.map +1 -0
- package/dist/middleware/with-kya-os.session.js +201 -0
- package/dist/middleware/with-kya-os.session.js.map +1 -0
- package/dist/middleware/with-kya-os.types.d.ts +178 -0
- package/dist/middleware/with-kya-os.types.d.ts.map +1 -0
- package/dist/middleware/with-kya-os.types.js +13 -0
- package/dist/middleware/with-kya-os.types.js.map +1 -0
- package/dist/providers/runtime-fetch.d.ts +8 -0
- package/dist/providers/runtime-fetch.d.ts.map +1 -1
- package/dist/providers/runtime-fetch.js +17 -0
- package/dist/providers/runtime-fetch.js.map +1 -1
- package/dist/providers/web-crypto.d.ts.map +1 -1
- package/dist/providers/web-crypto.js +15 -7
- package/dist/providers/web-crypto.js.map +1 -1
- package/dist/utils/guards.d.ts +2 -0
- package/dist/utils/guards.d.ts.map +1 -0
- package/dist/utils/guards.js +4 -0
- package/dist/utils/guards.js.map +1 -0
- package/dist/utils/index.d.ts +3 -0
- package/dist/utils/index.d.ts.map +1 -1
- package/dist/utils/index.js +3 -0
- package/dist/utils/index.js.map +1 -1
- package/dist/utils/ip-classifier.d.ts +12 -0
- package/dist/utils/ip-classifier.d.ts.map +1 -0
- package/dist/utils/ip-classifier.js +153 -0
- package/dist/utils/ip-classifier.js.map +1 -0
- package/dist/utils/safe-fetch-transports.d.ts +40 -0
- package/dist/utils/safe-fetch-transports.d.ts.map +1 -0
- package/dist/utils/safe-fetch-transports.js +121 -0
- package/dist/utils/safe-fetch-transports.js.map +1 -0
- package/dist/utils/safe-fetch-types.d.ts +66 -0
- package/dist/utils/safe-fetch-types.d.ts.map +1 -0
- package/dist/utils/safe-fetch-types.js +10 -0
- package/dist/utils/safe-fetch-types.js.map +1 -0
- package/dist/utils/safe-fetch.d.ts +40 -0
- package/dist/utils/safe-fetch.d.ts.map +1 -0
- package/dist/utils/safe-fetch.js +188 -0
- package/dist/utils/safe-fetch.js.map +1 -0
- package/dist/utils/statuslist-purpose.d.ts +12 -0
- package/dist/utils/statuslist-purpose.d.ts.map +1 -0
- package/dist/utils/statuslist-purpose.js +19 -0
- package/dist/utils/statuslist-purpose.js.map +1 -0
- package/dist/utils/url.d.ts +2 -0
- package/dist/utils/url.d.ts.map +1 -0
- package/dist/utils/url.js +8 -0
- package/dist/utils/url.js.map +1 -0
- package/package.json +25 -5
- package/schemas/README.md +2 -1
- package/schemas/card-delegation-credential.json +239 -0
- package/schemas/kya-os-card.schema.json +284 -0
|
@@ -14,273 +14,9 @@
|
|
|
14
14
|
* internally by `withKyaOs()` and for advanced use cases like the
|
|
15
15
|
* low-level `Server` API or custom request handler patterns.
|
|
16
16
|
*/
|
|
17
|
-
import { type CryptoProvider
|
|
18
|
-
import {
|
|
19
|
-
|
|
20
|
-
import { SessionManager, type SessionConfig } from "../session/manager.js";
|
|
21
|
-
import { ProofGenerator } from "../proof/generator.js";
|
|
22
|
-
import { type DIDResolver, type StatusListResolver } from "../delegation/vc-verifier.js";
|
|
23
|
-
import { type RevocationChecker } from "../delegation/chain-enforcement.js";
|
|
24
|
-
import { type DelegationCredential, type NeedsAuthorizationError } from "../types/protocol.js";
|
|
25
|
-
import { RiskClassifier } from "../policy/classifier.js";
|
|
26
|
-
import { type ApprovalGrant } from "../policy/approval.js";
|
|
27
|
-
import type { PolicyEngine } from "../policy/engine.js";
|
|
28
|
-
export interface KyaOsIdentityConfig {
|
|
29
|
-
did: string;
|
|
30
|
-
kid: string;
|
|
31
|
-
privateKey: string;
|
|
32
|
-
publicKey: string;
|
|
33
|
-
agentName?: string;
|
|
34
|
-
}
|
|
35
|
-
export declare const KYA_OS_ACTIONS: readonly ["handshake", "identity", "reputation"];
|
|
36
|
-
export interface KyaOsDelegationConfig {
|
|
37
|
-
/**
|
|
38
|
-
* Optional custom DID resolver. If it returns null, middleware falls back to
|
|
39
|
-
* built-in did:key resolution and fetch-backed did:web resolution.
|
|
40
|
-
*/
|
|
41
|
-
didResolver?: DIDResolver;
|
|
42
|
-
/**
|
|
43
|
-
* Optional fetch provider used for did:web resolution.
|
|
44
|
-
* If omitted, middleware falls back to the runtime global fetch when available.
|
|
45
|
-
*/
|
|
46
|
-
fetchProvider?: FetchProvider;
|
|
47
|
-
/**
|
|
48
|
-
* Resolver for StatusList2021 checks. Credentials with credentialStatus are
|
|
49
|
-
* rejected when no resolver is configured.
|
|
50
|
-
*/
|
|
51
|
-
statusListResolver?: StatusListResolver;
|
|
52
|
-
/**
|
|
53
|
-
* Resolve ancestor credentials for a delegated chain. The returned array may
|
|
54
|
-
* contain only ancestors (root -> parent) or the full chain (root -> leaf).
|
|
55
|
-
*/
|
|
56
|
-
resolveDelegationChain?: (leafCredential: DelegationCredential) => Promise<DelegationCredential[]>;
|
|
57
|
-
/**
|
|
58
|
-
* Graph-backed ancestor-revocation check. When provided, the chain walk also
|
|
59
|
-
* verifies the leaf is not revoked via a cascade-revoked ANCESTOR — caught
|
|
60
|
-
* independently of how `resolveDelegationChain` hydrated the chain (it walks
|
|
61
|
-
* the delegation graph + StatusList). `CascadingRevocationManager` is the
|
|
62
|
-
* reference adapter. Omit to keep the prior per-credential-status behavior.
|
|
63
|
-
*/
|
|
64
|
-
revocationChecker?: RevocationChecker;
|
|
65
|
-
/**
|
|
66
|
-
* Holder-of-key enforcement for inbound calls (spec §11.8). A valid delegation
|
|
67
|
-
* is a *bearer* credential; holder binding additionally requires the caller to
|
|
68
|
-
* present a per-request proof (`_kyaos_proof`) signed by the delegation
|
|
69
|
-
* SUBJECT's key, closing theft-replay for the key-bearing population.
|
|
70
|
-
*
|
|
71
|
-
* - `'off'` (default): no holder-binding check — current behavior, unchanged.
|
|
72
|
-
* - `'warn'`: check and log failures (missing/unbound proof), but still allow.
|
|
73
|
-
* - `'enforce'`: reject calls whose proof is missing or does not bind the
|
|
74
|
-
* subject. **Breaking for callers that don't yet send `_kyaos_proof`** — opt
|
|
75
|
-
* in only once your agents mint request proofs.
|
|
76
|
-
*
|
|
77
|
-
* Scope is did:key subjects (the DID encodes the key). did:web and other
|
|
78
|
-
* subjects are deferred to cnf-based binding (phase 2) and logged, never
|
|
79
|
-
* rejected — so enabling `'enforce'` never breaks did:web traffic.
|
|
80
|
-
*/
|
|
81
|
-
holderBinding?: "off" | "warn" | "enforce";
|
|
82
|
-
}
|
|
83
|
-
export interface KyaOsConfig {
|
|
84
|
-
/** Agent identity (DID + key material) */
|
|
85
|
-
identity: KyaOsIdentityConfig;
|
|
86
|
-
/** Session configuration overrides */
|
|
87
|
-
session?: Omit<SessionConfig, "nonceCache">;
|
|
88
|
-
/**
|
|
89
|
-
* Replay-protection store, shared by the session handshake AND inbound holder
|
|
90
|
-
* binding so both draw on one nonce namespace. Defaults to an in-memory store
|
|
91
|
-
* (single-process only); inject a Redis / Durable Object / KV-backed
|
|
92
|
-
* {@link NonceCacheProvider} for multi-instance deployments. Set here, not on
|
|
93
|
-
* `session`, so there is exactly one cache and the two cannot diverge.
|
|
94
|
-
*/
|
|
95
|
-
nonceCache?: NonceCacheProvider;
|
|
96
|
-
/**
|
|
97
|
-
* Durable store for approved authorization grants, enabling the no-paste
|
|
98
|
-
* retry: an agent that already obtained a grant can call again — even on a
|
|
99
|
-
* fresh instance with empty memory, or after a restart — without re-pasting
|
|
100
|
-
* the delegation. Defaults to an in-memory {@link MemoryGrantStore}
|
|
101
|
-
* (single-process only); inject a Redis / Durable Object / DB-backed
|
|
102
|
-
* {@link GrantStore} for multi-instance deployments. Mirrors `nonceCache?`.
|
|
103
|
-
*
|
|
104
|
-
* For the no-paste retry to actually RESOLVE a bound grant, the call must be
|
|
105
|
-
* resolvable: either holder binding is `'enforce'` and the agent presents a
|
|
106
|
-
* per-request `_kyaos_proof` (agent-anchored `getByAgent`), or the client
|
|
107
|
-
* threads its `sessionId` (session-bearer `getBySession`). A grant that would
|
|
108
|
-
* be unresolvable — holder binding `'off'` with no threaded `sessionId` — is
|
|
109
|
-
* NOT bound (it would only orphan a store row); such flows achieve durability
|
|
110
|
-
* by re-presenting the delegation instead.
|
|
111
|
-
*/
|
|
112
|
-
grantStore?: GrantStore;
|
|
113
|
-
/**
|
|
114
|
-
* Whether to ALSO emit the detached proof under the legacy bare `_meta.proof`
|
|
115
|
-
* key (in addition to the namespaced `org.kya-os/proof`). The value is
|
|
116
|
-
* identical under both keys and `_meta` is excluded from the response hash
|
|
117
|
-
* (§7.6), so the mirror never affects signatures or verification.
|
|
118
|
-
*
|
|
119
|
-
* Default `true` — a transition aid so pre-1.1 clients that still read bare
|
|
120
|
-
* `proof` keep working. Set `false` once your clients read the namespaced key
|
|
121
|
-
* (the examples do this for a clean single-key Inspector view).
|
|
122
|
-
*
|
|
123
|
-
* Stays ON by default for the whole 1.x line (a pre-1.1 reader of bare
|
|
124
|
-
* `_meta.proof` would otherwise silently get no proof); the legacy mirror is
|
|
125
|
-
* dropped at 2.0.
|
|
126
|
-
*/
|
|
127
|
-
emitLegacyProofKey?: boolean;
|
|
128
|
-
/** Delegation verification overrides */
|
|
129
|
-
delegation?: KyaOsDelegationConfig;
|
|
130
|
-
/**
|
|
131
|
-
* When true, automatically creates a session on the first tool call
|
|
132
|
-
* if no session exists. Useful for demos and development where
|
|
133
|
-
* MCP clients don't support the `_kyaos` handshake flow.
|
|
134
|
-
* In production, KYA-OS-aware runtimes should execute handshake before tool calls.
|
|
135
|
-
*/
|
|
136
|
-
autoSession?: boolean;
|
|
137
|
-
/**
|
|
138
|
-
* Sink for retaining audit records of verified tool calls. Defaults to a
|
|
139
|
-
* no-op; supply an {@link AuditLogProvider} (e.g. a durable, append-only
|
|
140
|
-
* implementation) to capture an audit trail.
|
|
141
|
-
*/
|
|
142
|
-
auditLog?: AuditLogProvider;
|
|
143
|
-
}
|
|
144
|
-
export interface KyaOsToolDefinition {
|
|
145
|
-
name: string;
|
|
146
|
-
description?: string;
|
|
147
|
-
inputSchema: {
|
|
148
|
-
type: "object";
|
|
149
|
-
properties?: Record<string, unknown>;
|
|
150
|
-
required?: string[];
|
|
151
|
-
[key: string]: unknown;
|
|
152
|
-
};
|
|
153
|
-
}
|
|
154
|
-
/**
|
|
155
|
-
* Per-call context threaded through the middleware wrappers (not part of the
|
|
156
|
-
* tool's public arguments). `wrapWithDelegation` populates `scopeId` so the
|
|
157
|
-
* proof and audit record reflect the scope the call was authorized under.
|
|
158
|
-
*/
|
|
159
|
-
export interface KyaOsCallContext {
|
|
160
|
-
scopeId?: string;
|
|
161
|
-
}
|
|
162
|
-
export interface KyaOsToolHandler<T extends Record<string, unknown> = Record<string, unknown>> {
|
|
163
|
-
(args: T, sessionId?: string, context?: KyaOsCallContext): Promise<{
|
|
164
|
-
content: Array<{
|
|
165
|
-
type: string;
|
|
166
|
-
text: string;
|
|
167
|
-
[key: string]: unknown;
|
|
168
|
-
}>;
|
|
169
|
-
isError?: boolean;
|
|
170
|
-
[key: string]: unknown;
|
|
171
|
-
}>;
|
|
172
|
-
}
|
|
173
|
-
/**
|
|
174
|
-
* Server interface — minimal subset of @modelcontextprotocol/sdk Server.
|
|
175
|
-
* This avoids a hard dependency on the SDK at the type level.
|
|
176
|
-
*/
|
|
177
|
-
export interface KyaOsServer {
|
|
178
|
-
setRequestHandler(schema: unknown, handler: (...args: unknown[]) => unknown): void;
|
|
179
|
-
}
|
|
180
|
-
export interface KyaOsMiddleware {
|
|
181
|
-
/** The identity config used by this middleware instance */
|
|
182
|
-
identity: KyaOsIdentityConfig;
|
|
183
|
-
/** The SessionManager instance for manual session operations */
|
|
184
|
-
sessionManager: SessionManager;
|
|
185
|
-
/** The ProofGenerator instance for manual proof operations */
|
|
186
|
-
proofGenerator: ProofGenerator;
|
|
187
|
-
/**
|
|
188
|
-
* Unified tool definition for `_kyaos`.
|
|
189
|
-
* Include this in your ListToolsRequest handler's tool list.
|
|
190
|
-
*/
|
|
191
|
-
kyaOsTool: KyaOsToolDefinition;
|
|
192
|
-
/**
|
|
193
|
-
* @deprecated Use `kyaOsTool` (`_kyaos` with `action: "handshake"`).
|
|
194
|
-
* Tool definition for `_kyaos_handshake`.
|
|
195
|
-
* Include this in your ListToolsRequest handler's tool list.
|
|
196
|
-
*/
|
|
197
|
-
handshakeTool: KyaOsToolDefinition;
|
|
198
|
-
/**
|
|
199
|
-
* Handle a unified `_kyaos` action. Use this in your CallToolRequest handler
|
|
200
|
-
* when `request.params.name === '_kyaos'`.
|
|
201
|
-
*/
|
|
202
|
-
handleKyaOs(args: Record<string, unknown>): Promise<{
|
|
203
|
-
content: Array<{
|
|
204
|
-
type: string;
|
|
205
|
-
text: string;
|
|
206
|
-
}>;
|
|
207
|
-
isError?: boolean;
|
|
208
|
-
}>;
|
|
209
|
-
/**
|
|
210
|
-
* @deprecated Use `handleKyaOs` with `action: "handshake"`.
|
|
211
|
-
* Handle a handshake call. Use this in your CallToolRequest handler
|
|
212
|
-
* when `request.params.name === '_kyaos_handshake'`.
|
|
213
|
-
*/
|
|
214
|
-
handleHandshake(args: Record<string, unknown>): Promise<{
|
|
215
|
-
content: Array<{
|
|
216
|
-
type: string;
|
|
217
|
-
text: string;
|
|
218
|
-
}>;
|
|
219
|
-
isError?: boolean;
|
|
220
|
-
}>;
|
|
221
|
-
/**
|
|
222
|
-
* Wrap a tool handler to automatically generate proofs.
|
|
223
|
-
* Returns a new handler that appends proof metadata to the response.
|
|
224
|
-
*/
|
|
225
|
-
wrapWithProof<T extends Record<string, unknown> = Record<string, unknown>>(toolName: string, handler: KyaOsToolHandler<T>): KyaOsToolHandler;
|
|
226
|
-
/**
|
|
227
|
-
* Wrap a tool handler to require a valid W3C Delegation Credential.
|
|
228
|
-
*
|
|
229
|
-
* Caller must pass the VC as `_kyaos_delegation` in the tool args.
|
|
230
|
-
* - If absent: returns a `needs_authorization` response with the consentUrl.
|
|
231
|
-
* - If present but invalid: returns a structured error with reason.
|
|
232
|
-
* - If valid with correct scope: strips `_kyaos_delegation` and calls the handler.
|
|
233
|
-
*/
|
|
234
|
-
wrapWithDelegation(toolName: string, config: {
|
|
235
|
-
scopeId: string;
|
|
236
|
-
consentUrl: string;
|
|
237
|
-
/**
|
|
238
|
-
* Optional presentation hook for the `needs_authorization` challenge.
|
|
239
|
-
* Given the structured challenge, return the tool-response content to emit
|
|
240
|
-
* (e.g. a markdown "Authorize" link for LLM / chat-style MCP clients that
|
|
241
|
-
* won't parse raw JSON). The signed challenge proof binds a `responseHash`
|
|
242
|
-
* over WHATEVER this returns, so the `authorizationUrl` stays tamper-evident
|
|
243
|
-
* regardless of presentation. Defaults to the structured challenge as JSON.
|
|
244
|
-
*/
|
|
245
|
-
formatChallenge?: (challenge: NeedsAuthorizationError) => Array<{
|
|
246
|
-
type: "text";
|
|
247
|
-
text: string;
|
|
248
|
-
}>;
|
|
249
|
-
}, handler: KyaOsToolHandler): KyaOsToolHandler;
|
|
250
|
-
/**
|
|
251
|
-
* Wrap a tool handler with a per-action policy / step-up gate.
|
|
252
|
-
*
|
|
253
|
-
* Compose after `wrapWithDelegation`. Classifies the action's risk and asks a
|
|
254
|
-
* pluggable PolicyEngine: allow → run handler; deny → signed denial proof;
|
|
255
|
-
* step_up → `needs_approval` until N-of-M signed approval grants (bound to the
|
|
256
|
-
* request hash) are supplied.
|
|
257
|
-
*/
|
|
258
|
-
withPolicyGate?(toolName: string, handler: KyaOsToolHandler, opts?: PolicyGateOptions): KyaOsToolHandler;
|
|
259
|
-
}
|
|
260
|
-
export interface PolicyGateOptions {
|
|
261
|
-
/** Policy decision engine. Defaults to a fail-closed DefaultPolicyEngine. */
|
|
262
|
-
engine?: PolicyEngine;
|
|
263
|
-
/** Risk classifier. Defaults to the built-in RiskClassifier. */
|
|
264
|
-
classifier?: RiskClassifier;
|
|
265
|
-
/** Derive the resource namespace from the tool args (defaults to the tool name). */
|
|
266
|
-
resolveNamespace?: (args: Record<string, unknown>) => string;
|
|
267
|
-
/** Tool-arg key carrying approval grants on resume. Default "_kyaos_approvals". */
|
|
268
|
-
approvalsArgKey?: string;
|
|
269
|
-
/** Verifier for approval-grant signatures (identity-layer). Default: reject all. */
|
|
270
|
-
isValidApprovalSignature?: (grant: ApprovalGrant) => Promise<boolean>;
|
|
271
|
-
/**
|
|
272
|
-
* Whether a prior step already authorized this action's scope/identity.
|
|
273
|
-
*
|
|
274
|
-
* Defaults to FALSE (fail-closed): used standalone, withPolicyGate enforces no
|
|
275
|
-
* scope or identity, so it must NOT be trusted to allow on its own. When you
|
|
276
|
-
* compose it AFTER wrapWithDelegation (the expected usage), pass
|
|
277
|
-
* `scopeMatched: true` to signal that the delegated scope was already verified.
|
|
278
|
-
* Note: principal facts are projected from the (unverified) `_kyaos_delegation`
|
|
279
|
-
* arg on a best-effort basis and must not be treated as authenticated unless
|
|
280
|
-
* wrapWithDelegation ran first.
|
|
281
|
-
*/
|
|
282
|
-
scopeMatched?: boolean;
|
|
283
|
-
}
|
|
17
|
+
import { type CryptoProvider } from "../providers/base.js";
|
|
18
|
+
import { type KyaOsConfig, type KyaOsMiddleware } from "./with-kya-os.types.js";
|
|
19
|
+
export * from "./with-kya-os.types.js";
|
|
284
20
|
/**
|
|
285
21
|
* Create KYA-OS middleware for a standard MCP SDK Server.
|
|
286
22
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"with-kya-os.d.ts","sourceRoot":"","sources":["../../src/middleware/with-kya-os.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,
|
|
1
|
+
{"version":3,"file":"with-kya-os.d.ts","sourceRoot":"","sources":["../../src/middleware/with-kya-os.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAa3D,OAAO,EACL,KAAK,WAAW,EAChB,KAAK,eAAe,EACrB,MAAM,wBAAwB,CAAC;AAUhC,cAAc,wBAAwB,CAAC;AAEvC;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,WAAW,EACnB,cAAc,EAAE,cAAc,GAC7B,eAAe,CA2GjB"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* KYA-OS Middleware — the delegation gate (`wrapWithDelegation`).
|
|
3
|
+
*
|
|
4
|
+
* Requires a valid W3C Delegation Credential (or a durable grant / no-paste
|
|
5
|
+
* retry), enforces holder-of-key binding (spec §11.8) and scope, then strips the
|
|
6
|
+
* `_kyaos*` control namespace and runs the handler. Extracted from
|
|
7
|
+
* `./with-kya-os.ts`; verification plumbing lives in `./with-kya-os.delegation-verify.ts`.
|
|
8
|
+
*/
|
|
9
|
+
import type { KyaOsDelegationGate } from "./with-kya-os.types.js";
|
|
10
|
+
import type { MiddlewareDeps, AttachOutcomeProof } from "./with-kya-os.deps.js";
|
|
11
|
+
import type { GrantResolution } from "./with-kya-os.grants.js";
|
|
12
|
+
/** Collaborators the delegation gate borrows from its sibling sub-factories. */
|
|
13
|
+
export interface DelegationGateWiring {
|
|
14
|
+
attachOutcomeProof: AttachOutcomeProof;
|
|
15
|
+
resolveExistingGrant: GrantResolution["resolveExistingGrant"];
|
|
16
|
+
bindGrantOnSuccess: GrantResolution["bindGrantOnSuccess"];
|
|
17
|
+
}
|
|
18
|
+
export declare function createDelegationGate(deps: MiddlewareDeps, wiring: DelegationGateWiring): Pick<KyaOsDelegationGate, "wrapWithDelegation">;
|
|
19
|
+
//# sourceMappingURL=with-kya-os.delegation-gate.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"with-kya-os.delegation-gate.d.ts","sourceRoot":"","sources":["../../src/middleware/with-kya-os.delegation-gate.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAgBH,OAAO,KAAK,EAEV,mBAAmB,EACpB,MAAM,wBAAwB,CAAC;AAChC,OAAO,KAAK,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAChF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAO/D,gFAAgF;AAChF,MAAM,WAAW,oBAAoB;IACnC,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,oBAAoB,EAAE,eAAe,CAAC,sBAAsB,CAAC,CAAC;IAC9D,kBAAkB,EAAE,eAAe,CAAC,oBAAoB,CAAC,CAAC;CAC3D;AAED,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,cAAc,EACpB,MAAM,EAAE,oBAAoB,GAC3B,IAAI,CAAC,mBAAmB,EAAE,oBAAoB,CAAC,CAuPjD"}
|
|
@@ -0,0 +1,175 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* KYA-OS Middleware — the delegation gate (`wrapWithDelegation`).
|
|
3
|
+
*
|
|
4
|
+
* Requires a valid W3C Delegation Credential (or a durable grant / no-paste
|
|
5
|
+
* retry), enforces holder-of-key binding (spec §11.8) and scope, then strips the
|
|
6
|
+
* `_kyaos*` control namespace and runs the handler. Extracted from
|
|
7
|
+
* `./with-kya-os.ts`; verification plumbing lives in `./with-kya-os.delegation-verify.ts`.
|
|
8
|
+
*/
|
|
9
|
+
import { isHolderBindingApplicable, isKyaOsControlArg, assertHolderBinding, toHolderBindingRequest, } from "../delegation/holder-binding.js";
|
|
10
|
+
import { scopeSatisfies } from "../delegation/scope-matcher.js";
|
|
11
|
+
import { parseVCJWT } from "../delegation/utils.js";
|
|
12
|
+
import { logger } from "../logging/index.js";
|
|
13
|
+
import { KYA_OS_ERROR_CODES } from "../errors.js";
|
|
14
|
+
import { sanitizeForMessage } from "./with-kya-os.helpers.js";
|
|
15
|
+
import { createDelegationVerification, } from "./with-kya-os.delegation-verify.js";
|
|
16
|
+
export function createDelegationGate(deps, wiring) {
|
|
17
|
+
const { identity, holderBindingMode, holderBindingVerifier } = deps;
|
|
18
|
+
const { attachOutcomeProof, resolveExistingGrant, bindGrantOnSuccess } = wiring;
|
|
19
|
+
const { validateDelegationChain, buildDelegationErrorResponse, buildNeedsAuthorizationChallenge, } = createDelegationVerification(deps);
|
|
20
|
+
function wrapWithDelegation(toolName, config, handler) {
|
|
21
|
+
return async (args, sessionId) => {
|
|
22
|
+
const delegationArg = args["_kyaos_delegation"];
|
|
23
|
+
if (delegationArg === undefined || delegationArg === null) {
|
|
24
|
+
// No delegation pasted — a durable grant may already authorize this call
|
|
25
|
+
// (the no-paste retry), even on a fresh instance with empty memory.
|
|
26
|
+
// Holder-of-key first (agent-anchored, proof-gated), then the session
|
|
27
|
+
// bearer capability. On a hit, skip the challenge and run the handler
|
|
28
|
+
// with exactly the call shape a verified delegation would have produced.
|
|
29
|
+
const existingGrant = await resolveExistingGrant(toolName, args, sessionId, config.scopeId);
|
|
30
|
+
if (existingGrant) {
|
|
31
|
+
const grantArgs = {};
|
|
32
|
+
for (const [k, v] of Object.entries(args)) {
|
|
33
|
+
if (!isKyaOsControlArg(k))
|
|
34
|
+
grantArgs[k] = v;
|
|
35
|
+
}
|
|
36
|
+
logger.debug(`[kya-os] Grant resolved for "${toolName}" (scope "${config.scopeId}") — no re-paste required`);
|
|
37
|
+
return handler(grantArgs, sessionId, { scopeId: config.scopeId });
|
|
38
|
+
}
|
|
39
|
+
// No delegation provided — sign & return the needs_authorization
|
|
40
|
+
// challenge. The proof binds a responseHash over the EMITTED challenge
|
|
41
|
+
// content (incl. the authorizationUrl), so a verifier that recomputes it
|
|
42
|
+
// over the content it received detects a tampered/MITM-swapped consent
|
|
43
|
+
// URL. Best-effort: attachOutcomeProof no-ops if no session resolves.
|
|
44
|
+
const { challengeContent, message } = await buildNeedsAuthorizationChallenge(toolName, config);
|
|
45
|
+
return attachOutcomeProof({ content: challengeContent }, toolName, args, sessionId, message, "needs_authorization", undefined, challengeContent);
|
|
46
|
+
}
|
|
47
|
+
// Accept delegation as either a JSON object (embedded proof) or a
|
|
48
|
+
// VC-JWT string (compact JWT). The Cloudflare consent service issues
|
|
49
|
+
// VC-JWTs; examples use embedded proofs. Support both transparently.
|
|
50
|
+
let vc;
|
|
51
|
+
let isVCJWT = false;
|
|
52
|
+
if (typeof delegationArg === "string") {
|
|
53
|
+
const parsed = parseVCJWT(delegationArg);
|
|
54
|
+
if (!parsed || !parsed.payload.vc) {
|
|
55
|
+
return attachOutcomeProof(buildDelegationErrorResponse(KYA_OS_ERROR_CODES.delegation_invalid, "Invalid VC-JWT format"), toolName, args, sessionId, "Invalid VC-JWT format");
|
|
56
|
+
}
|
|
57
|
+
vc = parsed.payload.vc;
|
|
58
|
+
// VC-JWTs don't have an embedded proof — the JWT signature is the
|
|
59
|
+
// proof. Add a marker so basic validation (which checks for proof
|
|
60
|
+
// presence) passes. The actual signature is in the JWT envelope.
|
|
61
|
+
if (!vc.proof) {
|
|
62
|
+
vc = { ...vc, proof: { type: 'JwtProof2020', jwt: delegationArg } };
|
|
63
|
+
}
|
|
64
|
+
isVCJWT = true;
|
|
65
|
+
}
|
|
66
|
+
else {
|
|
67
|
+
vc = delegationArg;
|
|
68
|
+
}
|
|
69
|
+
// For VC-JWTs the embedded-signature check is skipped (the JWT envelope
|
|
70
|
+
// signature is the proof); schema/expiry/status/scope checks still apply.
|
|
71
|
+
// validateDelegationChain performs the shape check and returns
|
|
72
|
+
// { valid, reason } for malformed input, never throwing on normal or
|
|
73
|
+
// structurally-malformed credentials. This try/catch is therefore a PURE
|
|
74
|
+
// BACKSTOP — it fires only on a truly unexpected throw (e.g. a hostile
|
|
75
|
+
// getter/Proxy accessor or a provider fault): it logs the detail
|
|
76
|
+
// server-side and returns a GENERIC reason, so no internal/implementation
|
|
77
|
+
// detail (stack, raw error text) leaks to the client or the signed proof.
|
|
78
|
+
const verificationResult = await (async () => {
|
|
79
|
+
try {
|
|
80
|
+
return await validateDelegationChain(vc, { skipSignature: isVCJWT });
|
|
81
|
+
}
|
|
82
|
+
catch (error) {
|
|
83
|
+
logger.error("[kya-os] Unexpected error verifying delegation", {
|
|
84
|
+
tool: toolName,
|
|
85
|
+
error: error instanceof Error ? error.message : String(error),
|
|
86
|
+
stack: error instanceof Error ? error.stack : undefined,
|
|
87
|
+
});
|
|
88
|
+
return { valid: false, reason: "Delegation credential could not be verified" };
|
|
89
|
+
}
|
|
90
|
+
})();
|
|
91
|
+
if (!verificationResult.valid) {
|
|
92
|
+
const reason = verificationResult.reason ?? "Unknown delegation validation error";
|
|
93
|
+
logger.warn(`[kya-os] Delegation verification failed for "${toolName}": ${sanitizeForMessage(reason)}`);
|
|
94
|
+
return attachOutcomeProof(buildDelegationErrorResponse(KYA_OS_ERROR_CODES.delegation_invalid, reason), toolName, args, sessionId, reason);
|
|
95
|
+
}
|
|
96
|
+
// Holder binding (spec §11.8): the delegation is valid, but a valid
|
|
97
|
+
// *credential* is a bearer token until we also prove the caller holds the
|
|
98
|
+
// delegation SUBJECT's key. Opt-in via `delegation.holderBinding`. did:key
|
|
99
|
+
// subjects are bound here; did:web is deferred to cnf binding (phase 2) and
|
|
100
|
+
// logged, never rejected. Runs after identity is established, before scope.
|
|
101
|
+
if (holderBindingMode !== "off" && holderBindingVerifier) {
|
|
102
|
+
const subjectDid = vc.credentialSubject?.id;
|
|
103
|
+
if (subjectDid && isHolderBindingApplicable(subjectDid)) {
|
|
104
|
+
const proofArg = args["_kyaos_proof"];
|
|
105
|
+
if (proofArg === undefined) {
|
|
106
|
+
const reason = "Holder-of-key proof (_kyaos_proof) is required for this delegation subject";
|
|
107
|
+
logger.warn(`[kya-os] Holder binding: "${toolName}" called without _kyaos_proof`);
|
|
108
|
+
if (holderBindingMode === "enforce") {
|
|
109
|
+
return attachOutcomeProof(buildDelegationErrorResponse(KYA_OS_ERROR_CODES.holder_binding_failed, reason), toolName, args, sessionId, reason);
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
else {
|
|
113
|
+
let parsedProof = proofArg;
|
|
114
|
+
if (typeof proofArg === "string") {
|
|
115
|
+
try {
|
|
116
|
+
parsedProof = JSON.parse(proofArg);
|
|
117
|
+
}
|
|
118
|
+
catch {
|
|
119
|
+
parsedProof = {};
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
const binding = await assertHolderBinding({
|
|
123
|
+
proof: parsedProof,
|
|
124
|
+
subjectDid,
|
|
125
|
+
request: toHolderBindingRequest(toolName, args),
|
|
126
|
+
expectedAudience: identity.did,
|
|
127
|
+
proofVerifier: holderBindingVerifier,
|
|
128
|
+
});
|
|
129
|
+
if (binding.status !== "bound") {
|
|
130
|
+
const reason = binding.reason ??
|
|
131
|
+
"Holder-of-key proof did not bind the delegation subject";
|
|
132
|
+
logger.warn(`[kya-os] Holder binding ${binding.status} for "${toolName}": ${sanitizeForMessage(reason)}`);
|
|
133
|
+
if (holderBindingMode === "enforce") {
|
|
134
|
+
return attachOutcomeProof(buildDelegationErrorResponse(KYA_OS_ERROR_CODES.holder_binding_failed, reason), toolName, args, sessionId, reason);
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
else if (subjectDid) {
|
|
140
|
+
// Non-did:key subject — phase 1 cannot pin its key; defer to cnf
|
|
141
|
+
// binding (phase 2) rather than reject legitimate traffic.
|
|
142
|
+
logger.warn(`[kya-os] Holder binding: subject "${subjectDid}" is not did:key; deferring to cnf binding (phase 2)`);
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
// Safe to call directly: the structural guard + validateDelegationChain
|
|
146
|
+
// above guarantee a well-formed credential here, and scopeSatisfies is
|
|
147
|
+
// bounded (ReDoS-guarded) and returns rather than throws.
|
|
148
|
+
const scopeResult = scopeSatisfies(config.scopeId, vc);
|
|
149
|
+
if (scopeResult.usedNonExactMatcher) {
|
|
150
|
+
logger.warn(`[kya-os] Scope "${config.scopeId}" for "${toolName}" granted via a non-exact ` +
|
|
151
|
+
`(prefix/regex) matcher. Verify this is intended — non-exact matchers widen authority.`);
|
|
152
|
+
}
|
|
153
|
+
if (!scopeResult.satisfied) {
|
|
154
|
+
const reason = `Required scope "${config.scopeId}" not in delegation scopes`;
|
|
155
|
+
logger.warn(`[kya-os] Delegation missing required scope "${config.scopeId}" for "${toolName}"`);
|
|
156
|
+
return attachOutcomeProof(buildDelegationErrorResponse(KYA_OS_ERROR_CODES.insufficient_scope, reason), toolName, args, sessionId, reason);
|
|
157
|
+
}
|
|
158
|
+
// Strip the reserved _kyaos* control namespace before passing to the
|
|
159
|
+
// handler — same predicate the bound request hash uses, so the handler
|
|
160
|
+
// receives exactly the call the subject signed (no smuggled control arg).
|
|
161
|
+
const cleanArgs = {};
|
|
162
|
+
for (const [k, v] of Object.entries(args)) {
|
|
163
|
+
if (!isKyaOsControlArg(k))
|
|
164
|
+
cleanArgs[k] = v;
|
|
165
|
+
}
|
|
166
|
+
// Mint a durable grant from this verified delegation so the next call —
|
|
167
|
+
// on any instance — resolves via resolveExistingGrant with no re-paste.
|
|
168
|
+
await bindGrantOnSuccess(vc, delegationArg, isVCJWT, sessionId, config.scopeId);
|
|
169
|
+
logger.debug(`[kya-os] Delegation verified for "${toolName}", scope "${config.scopeId}"`);
|
|
170
|
+
return handler(cleanArgs, sessionId, { scopeId: config.scopeId });
|
|
171
|
+
};
|
|
172
|
+
}
|
|
173
|
+
return { wrapWithDelegation };
|
|
174
|
+
}
|
|
175
|
+
//# sourceMappingURL=with-kya-os.delegation-gate.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"with-kya-os.delegation-gate.js","sourceRoot":"","sources":["../../src/middleware/with-kya-os.delegation-gate.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAKpD,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAOlD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EACL,4BAA4B,GAE7B,MAAM,oCAAoC,CAAC;AAS5C,MAAM,UAAU,oBAAoB,CAClC,IAAoB,EACpB,MAA4B;IAE5B,MAAM,EAAE,QAAQ,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,GAAG,IAAI,CAAC;IACpE,MAAM,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,GACpE,MAAM,CAAC;IACT,MAAM,EACJ,uBAAuB,EACvB,4BAA4B,EAC5B,gCAAgC,GACjC,GAAG,4BAA4B,CAAC,IAAI,CAAC,CAAC;IAEvC,SAAS,kBAAkB,CACzB,QAAgB,EAChB,MAA4B,EAC5B,OAAyB;QAEzB,OAAO,KAAK,EAAE,IAA6B,EAAE,SAAkB,EAAE,EAAE;YACjE,MAAM,aAAa,GAAG,IAAI,CAAC,mBAAmB,CAAC,CAAC;YAEhD,IAAI,aAAa,KAAK,SAAS,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;gBAC1D,yEAAyE;gBACzE,oEAAoE;gBACpE,sEAAsE;gBACtE,sEAAsE;gBACtE,yEAAyE;gBACzE,MAAM,aAAa,GAAG,MAAM,oBAAoB,CAC9C,QAAQ,EACR,IAAI,EACJ,SAAS,EACT,MAAM,CAAC,OAAO,CACf,CAAC;gBACF,IAAI,aAAa,EAAE,CAAC;oBAClB,MAAM,SAAS,GAA4B,EAAE,CAAC;oBAC9C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC1C,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;4BAAE,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;oBAC9C,CAAC;oBACD,MAAM,CAAC,KAAK,CACV,gCAAgC,QAAQ,aAAa,MAAM,CAAC,OAAO,2BAA2B,CAC/F,CAAC;oBACF,OAAO,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;gBACpE,CAAC;gBAED,iEAAiE;gBACjE,uEAAuE;gBACvE,yEAAyE;gBACzE,uEAAuE;gBACvE,sEAAsE;gBACtE,MAAM,EAAE,gBAAgB,EAAE,OAAO,EAAE,GACjC,MAAM,gCAAgC,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;gBAC3D,OAAO,kBAAkB,CACvB,EAAE,OAAO,EAAE,gBAAgB,EAAE,EAC7B,QAAQ,EACR,IAAI,EACJ,SAAS,EACT,OAAO,EACP,qBAAqB,EACrB,SAAS,EACT,gBAAgB,CACjB,CAAC;YACJ,CAAC;YAED,kEAAkE;YAClE,qEAAqE;YACrE,qEAAqE;YACrE,IAAI,EAAwB,CAAC;YAC7B,IAAI,OAAO,GAAG,KAAK,CAAC;YACpB,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;gBACtC,MAAM,MAAM,GAAG,UAAU,CAAC,aAAa,CAAC,CAAC;gBACzC,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;oBAClC,OAAO,kBAAkB,CACvB,4BAA4B,CAC1B,kBAAkB,CAAC,kBAAkB,EACrC,uBAAuB,CACxB,EACD,QAAQ,EACR,IAAI,EACJ,SAAS,EACT,uBAAuB,CACxB,CAAC;gBACJ,CAAC;gBACD,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,EAA0B,CAAC;gBAC/C,kEAAkE;gBAClE,kEAAkE;gBAClE,iEAAiE;gBACjE,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;oBACd,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,EAAE,aAAa,EAAE,EAAE,CAAC;gBACtE,CAAC;gBACD,OAAO,GAAG,IAAI,CAAC;YACjB,CAAC;iBAAM,CAAC;gBACN,EAAE,GAAG,aAAqC,CAAC;YAC7C,CAAC;YAED,wEAAwE;YACxE,0EAA0E;YAC1E,+DAA+D;YAC/D,qEAAqE;YACrE,yEAAyE;YACzE,uEAAuE;YACvE,iEAAiE;YACjE,0EAA0E;YAC1E,0EAA0E;YAC1E,MAAM,kBAAkB,GAAG,MAAM,CAAC,KAAK,IAGpC,EAAE;gBACH,IAAI,CAAC;oBACH,OAAO,MAAM,uBAAuB,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC,CAAC;gBACvE,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,KAAK,CAAC,gDAAgD,EAAE;wBAC7D,IAAI,EAAE,QAAQ;wBACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;wBAC7D,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;qBACxD,CAAC,CAAC;oBACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,6CAA6C,EAAE,CAAC;gBACjF,CAAC;YACH,CAAC,CAAC,EAAE,CAAC;YAEL,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,IAAI,qCAAqC,CAAC;gBAClF,MAAM,CAAC,IAAI,CACT,gDAAgD,QAAQ,MAAM,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAC3F,CAAC;gBACF,OAAO,kBAAkB,CACvB,4BAA4B,CAAC,kBAAkB,CAAC,kBAAkB,EAAE,MAAM,CAAC,EAC3E,QAAQ,EACR,IAAI,EACJ,SAAS,EACT,MAAM,CACP,CAAC;YACJ,CAAC;YAED,oEAAoE;YACpE,0EAA0E;YAC1E,2EAA2E;YAC3E,4EAA4E;YAC5E,4EAA4E;YAC5E,IAAI,iBAAiB,KAAK,KAAK,IAAI,qBAAqB,EAAE,CAAC;gBACzD,MAAM,UAAU,GAAG,EAAE,CAAC,iBAAiB,EAAE,EAAE,CAAC;gBAC5C,IAAI,UAAU,IAAI,yBAAyB,CAAC,UAAU,CAAC,EAAE,CAAC;oBACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;oBACtC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;wBAC3B,MAAM,MAAM,GACV,4EAA4E,CAAC;wBAC/E,MAAM,CAAC,IAAI,CACT,6BAA6B,QAAQ,+BAA+B,CACrE,CAAC;wBACF,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;4BACpC,OAAO,kBAAkB,CACvB,4BAA4B,CAC1B,kBAAkB,CAAC,qBAAqB,EACxC,MAAM,CACP,EACD,QAAQ,EACR,IAAI,EACJ,SAAS,EACT,MAAM,CACP,CAAC;wBACJ,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,IAAI,WAAW,GAAY,QAAQ,CAAC;wBACpC,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;4BACjC,IAAI,CAAC;gCACH,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;4BACrC,CAAC;4BAAC,MAAM,CAAC;gCACP,WAAW,GAAG,EAAE,CAAC;4BACnB,CAAC;wBACH,CAAC;wBACD,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC;4BACxC,KAAK,EAAE,WAA4B;4BACnC,UAAU;4BACV,OAAO,EAAE,sBAAsB,CAAC,QAAQ,EAAE,IAAI,CAAC;4BAC/C,gBAAgB,EAAE,QAAQ,CAAC,GAAG;4BAC9B,aAAa,EAAE,qBAAqB;yBACrC,CAAC,CAAC;wBACH,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;4BAC/B,MAAM,MAAM,GACV,OAAO,CAAC,MAAM;gCACd,yDAAyD,CAAC;4BAC5D,MAAM,CAAC,IAAI,CACT,2BAA2B,OAAO,CAAC,MAAM,SAAS,QAAQ,MAAM,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAC7F,CAAC;4BACF,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;gCACpC,OAAO,kBAAkB,CACvB,4BAA4B,CAC1B,kBAAkB,CAAC,qBAAqB,EACxC,MAAM,CACP,EACD,QAAQ,EACR,IAAI,EACJ,SAAS,EACT,MAAM,CACP,CAAC;4BACJ,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;qBAAM,IAAI,UAAU,EAAE,CAAC;oBACtB,iEAAiE;oBACjE,2DAA2D;oBAC3D,MAAM,CAAC,IAAI,CACT,qCAAqC,UAAU,sDAAsD,CACtG,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,wEAAwE;YACxE,uEAAuE;YACvE,0DAA0D;YAC1D,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YACvD,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;gBACpC,MAAM,CAAC,IAAI,CACT,mBAAmB,MAAM,CAAC,OAAO,UAAU,QAAQ,4BAA4B;oBAC7E,uFAAuF,CAC1F,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,CAAC;gBAC3B,MAAM,MAAM,GAAG,mBAAmB,MAAM,CAAC,OAAO,4BAA4B,CAAC;gBAC7E,MAAM,CAAC,IAAI,CACT,+CAA+C,MAAM,CAAC,OAAO,UAAU,QAAQ,GAAG,CACnF,CAAC;gBACF,OAAO,kBAAkB,CACvB,4BAA4B,CAAC,kBAAkB,CAAC,kBAAkB,EAAE,MAAM,CAAC,EAC3E,QAAQ,EACR,IAAI,EACJ,SAAS,EACT,MAAM,CACP,CAAC;YACJ,CAAC;YAED,qEAAqE;YACrE,uEAAuE;YACvE,0EAA0E;YAC1E,MAAM,SAAS,GAA4B,EAAE,CAAC;YAC9C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1C,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;oBAAE,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC;YAED,wEAAwE;YACxE,wEAAwE;YACxE,MAAM,kBAAkB,CAAC,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAEhF,MAAM,CAAC,KAAK,CACV,qCAAqC,QAAQ,aAAa,MAAM,CAAC,OAAO,GAAG,CAC5E,CAAC;YACF,OAAO,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,kBAAkB,EAAE,CAAC;AAChC,CAAC"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* KYA-OS Middleware — delegation verification plumbing.
|
|
3
|
+
*
|
|
4
|
+
* Builds the DID resolver, the embedded-proof signature verifier, the
|
|
5
|
+
* `DelegationCredentialVerifier`, and the framework-agnostic chain-validation
|
|
6
|
+
* adapter (chain-enforcement.ts) once per middleware instance. Extracted from
|
|
7
|
+
* `wrapWithDelegation` so the gate module holds only the request flow.
|
|
8
|
+
*/
|
|
9
|
+
import { type DelegationCredential, type NeedsAuthorizationError } from "../types/protocol.js";
|
|
10
|
+
import type { KyaOsToolHandler } from "./with-kya-os.types.js";
|
|
11
|
+
import type { MiddlewareDeps } from "./with-kya-os.deps.js";
|
|
12
|
+
/** Per-tool delegation-gate config shared by the gate + its challenge builder. */
|
|
13
|
+
export interface DelegationGateConfig {
|
|
14
|
+
scopeId: string;
|
|
15
|
+
consentUrl: string;
|
|
16
|
+
formatChallenge?: (challenge: NeedsAuthorizationError) => Array<{
|
|
17
|
+
type: "text";
|
|
18
|
+
text: string;
|
|
19
|
+
}>;
|
|
20
|
+
}
|
|
21
|
+
export interface DelegationVerification {
|
|
22
|
+
/**
|
|
23
|
+
* Thin adapter over the framework-agnostic core (chain-enforcement.ts): binds
|
|
24
|
+
* the host's injected verifier + server DID + resolver + the optional
|
|
25
|
+
* graph-backed RevocationChecker. Returns `{ valid, reason }`, never throws on
|
|
26
|
+
* normal or structurally-malformed credentials.
|
|
27
|
+
*/
|
|
28
|
+
validateDelegationChain(leafCredential: DelegationCredential, options?: {
|
|
29
|
+
skipSignature?: boolean;
|
|
30
|
+
}): Promise<{
|
|
31
|
+
valid: boolean;
|
|
32
|
+
reason?: string;
|
|
33
|
+
}>;
|
|
34
|
+
/** A structured `{ error, reason }` tool response with a sanitized reason. */
|
|
35
|
+
buildDelegationErrorResponse(error: string, reason: string): Awaited<ReturnType<KyaOsToolHandler>>;
|
|
36
|
+
/**
|
|
37
|
+
* Build the signed-later `needs_authorization` challenge for a call that
|
|
38
|
+
* arrived without a delegation or resolvable grant: a fresh resume token, a
|
|
39
|
+
* 5-minute expiry, and the emitted content (respecting `config.formatChallenge`,
|
|
40
|
+
* which falls back to the default JSON challenge if it throws).
|
|
41
|
+
*/
|
|
42
|
+
buildNeedsAuthorizationChallenge(toolName: string, config: DelegationGateConfig): Promise<{
|
|
43
|
+
challengeContent: Array<{
|
|
44
|
+
type: "text";
|
|
45
|
+
text: string;
|
|
46
|
+
}>;
|
|
47
|
+
message: string;
|
|
48
|
+
}>;
|
|
49
|
+
}
|
|
50
|
+
export declare function createDelegationVerification(deps: MiddlewareDeps): DelegationVerification;
|
|
51
|
+
//# sourceMappingURL=with-kya-os.delegation-verify.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"with-kya-os.delegation-verify.d.ts","sourceRoot":"","sources":["../../src/middleware/with-kya-os.delegation-verify.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAiBH,OAAO,EAEL,KAAK,oBAAoB,EACzB,KAAK,uBAAuB,EAC7B,MAAM,sBAAsB,CAAC;AAE9B,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC/D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAG5D,kFAAkF;AAClF,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,CAChB,SAAS,EAAE,uBAAuB,KAC/B,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC5C;AAED,MAAM,WAAW,sBAAsB;IACrC;;;;;OAKG;IACH,uBAAuB,CACrB,cAAc,EAAE,oBAAoB,EACpC,OAAO,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,OAAO,CAAA;KAAE,GACpC,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAChD,8EAA8E;IAC9E,4BAA4B,CAC1B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACzC;;;;;OAKG;IACH,gCAAgC,CAC9B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAAC;QACT,gBAAgB,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QACxD,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC,CAAC;CACJ;AAED,wBAAgB,4BAA4B,CAC1C,IAAI,EAAE,cAAc,GACnB,sBAAsB,CAuLxB"}
|