@kya-os/mcp 1.7.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (232) hide show
  1. package/CHANGELOG.md +69 -0
  2. package/README.md +219 -3
  3. package/dist/card/build.d.ts +41 -0
  4. package/dist/card/build.d.ts.map +1 -0
  5. package/dist/card/build.js +47 -0
  6. package/dist/card/build.js.map +1 -0
  7. package/dist/card/builder.d.ts +99 -0
  8. package/dist/card/builder.d.ts.map +1 -0
  9. package/dist/card/builder.js +147 -0
  10. package/dist/card/builder.js.map +1 -0
  11. package/dist/card/cimd.d.ts +92 -0
  12. package/dist/card/cimd.d.ts.map +1 -0
  13. package/dist/card/cimd.js +225 -0
  14. package/dist/card/cimd.js.map +1 -0
  15. package/dist/card/delegation.d.ts +145 -0
  16. package/dist/card/delegation.d.ts.map +1 -0
  17. package/dist/card/delegation.js +293 -0
  18. package/dist/card/delegation.js.map +1 -0
  19. package/dist/card/emit.d.ts +133 -0
  20. package/dist/card/emit.d.ts.map +1 -0
  21. package/dist/card/emit.js +127 -0
  22. package/dist/card/emit.js.map +1 -0
  23. package/dist/card/index.d.ts +43 -0
  24. package/dist/card/index.d.ts.map +1 -0
  25. package/dist/card/index.js +46 -0
  26. package/dist/card/index.js.map +1 -0
  27. package/dist/card/middleware.d.ts +112 -0
  28. package/dist/card/middleware.d.ts.map +1 -0
  29. package/dist/card/middleware.js +121 -0
  30. package/dist/card/middleware.js.map +1 -0
  31. package/dist/card/proof/build.d.ts +22 -0
  32. package/dist/card/proof/build.d.ts.map +1 -0
  33. package/dist/card/proof/build.js +55 -0
  34. package/dist/card/proof/build.js.map +1 -0
  35. package/dist/card/proof/canonical.d.ts +66 -0
  36. package/dist/card/proof/canonical.d.ts.map +1 -0
  37. package/dist/card/proof/canonical.js +131 -0
  38. package/dist/card/proof/canonical.js.map +1 -0
  39. package/dist/card/proof/http-sig.d.ts +69 -0
  40. package/dist/card/proof/http-sig.d.ts.map +1 -0
  41. package/dist/card/proof/http-sig.js +101 -0
  42. package/dist/card/proof/http-sig.js.map +1 -0
  43. package/dist/card/proof/index.d.ts +25 -0
  44. package/dist/card/proof/index.d.ts.map +1 -0
  45. package/dist/card/proof/index.js +25 -0
  46. package/dist/card/proof/index.js.map +1 -0
  47. package/dist/card/proof/nonce-cache.d.ts +67 -0
  48. package/dist/card/proof/nonce-cache.d.ts.map +1 -0
  49. package/dist/card/proof/nonce-cache.js +88 -0
  50. package/dist/card/proof/nonce-cache.js.map +1 -0
  51. package/dist/card/proof/signer.d.ts +32 -0
  52. package/dist/card/proof/signer.d.ts.map +1 -0
  53. package/dist/card/proof/signer.js +59 -0
  54. package/dist/card/proof/signer.js.map +1 -0
  55. package/dist/card/proof/types.d.ts +219 -0
  56. package/dist/card/proof/types.d.ts.map +1 -0
  57. package/dist/card/proof/types.js +87 -0
  58. package/dist/card/proof/types.js.map +1 -0
  59. package/dist/card/proof/verify.d.ts +27 -0
  60. package/dist/card/proof/verify.d.ts.map +1 -0
  61. package/dist/card/proof/verify.js +236 -0
  62. package/dist/card/proof/verify.js.map +1 -0
  63. package/dist/card/resolve.d.ts +97 -0
  64. package/dist/card/resolve.d.ts.map +1 -0
  65. package/dist/card/resolve.js +223 -0
  66. package/dist/card/resolve.js.map +1 -0
  67. package/dist/card/revocation.d.ts +96 -0
  68. package/dist/card/revocation.d.ts.map +1 -0
  69. package/dist/card/revocation.js +190 -0
  70. package/dist/card/revocation.js.map +1 -0
  71. package/dist/card/schema.d.ts +177 -0
  72. package/dist/card/schema.d.ts.map +1 -0
  73. package/dist/card/schema.js +119 -0
  74. package/dist/card/schema.js.map +1 -0
  75. package/dist/card/verify.d.ts +144 -0
  76. package/dist/card/verify.d.ts.map +1 -0
  77. package/dist/card/verify.js +132 -0
  78. package/dist/card/verify.js.map +1 -0
  79. package/dist/delegation/bitstring.d.ts +9 -7
  80. package/dist/delegation/bitstring.d.ts.map +1 -1
  81. package/dist/delegation/bitstring.js +70 -37
  82. package/dist/delegation/bitstring.js.map +1 -1
  83. package/dist/delegation/did-linkage.d.ts +23 -0
  84. package/dist/delegation/did-linkage.d.ts.map +1 -0
  85. package/dist/delegation/did-linkage.js +57 -0
  86. package/dist/delegation/did-linkage.js.map +1 -0
  87. package/dist/delegation/did-resolver-registry.d.ts +7 -0
  88. package/dist/delegation/did-resolver-registry.d.ts.map +1 -0
  89. package/dist/delegation/did-resolver-registry.js +20 -0
  90. package/dist/delegation/did-resolver-registry.js.map +1 -0
  91. package/dist/delegation/did-web-resolver.d.ts +29 -18
  92. package/dist/delegation/did-web-resolver.d.ts.map +1 -1
  93. package/dist/delegation/did-web-resolver.js +65 -35
  94. package/dist/delegation/did-web-resolver.js.map +1 -1
  95. package/dist/delegation/index.d.ts +3 -0
  96. package/dist/delegation/index.d.ts.map +1 -1
  97. package/dist/delegation/index.js +3 -0
  98. package/dist/delegation/index.js.map +1 -1
  99. package/dist/delegation/statuslist-manager.d.ts.map +1 -1
  100. package/dist/delegation/statuslist-manager.js +16 -1
  101. package/dist/delegation/statuslist-manager.js.map +1 -1
  102. package/dist/delegation/vc-jwt-verify.d.ts +61 -0
  103. package/dist/delegation/vc-jwt-verify.d.ts.map +1 -0
  104. package/dist/delegation/vc-jwt-verify.js +131 -0
  105. package/dist/delegation/vc-jwt-verify.js.map +1 -0
  106. package/dist/delegation/vc-verification-checks.d.ts +50 -0
  107. package/dist/delegation/vc-verification-checks.d.ts.map +1 -0
  108. package/dist/delegation/vc-verification-checks.js +212 -0
  109. package/dist/delegation/vc-verification-checks.js.map +1 -0
  110. package/dist/delegation/vc-verifier.d.ts +24 -61
  111. package/dist/delegation/vc-verifier.d.ts.map +1 -1
  112. package/dist/delegation/vc-verifier.js +57 -180
  113. package/dist/delegation/vc-verifier.js.map +1 -1
  114. package/dist/delegation/vc-verifier.types.d.ts +88 -0
  115. package/dist/delegation/vc-verifier.types.d.ts.map +1 -0
  116. package/dist/delegation/vc-verifier.types.js +9 -0
  117. package/dist/delegation/vc-verifier.types.js.map +1 -0
  118. package/dist/index.d.ts +3 -1
  119. package/dist/index.d.ts.map +1 -1
  120. package/dist/index.js +2 -0
  121. package/dist/index.js.map +1 -1
  122. package/dist/integrations/cheqd/dlr.d.ts +44 -0
  123. package/dist/integrations/cheqd/dlr.d.ts.map +1 -0
  124. package/dist/integrations/cheqd/dlr.js +86 -0
  125. package/dist/integrations/cheqd/dlr.js.map +1 -0
  126. package/dist/integrations/cheqd/index.d.ts +5 -0
  127. package/dist/integrations/cheqd/index.d.ts.map +1 -0
  128. package/dist/integrations/cheqd/index.js +5 -0
  129. package/dist/integrations/cheqd/index.js.map +1 -0
  130. package/dist/integrations/cheqd/linkage.d.ts +20 -0
  131. package/dist/integrations/cheqd/linkage.d.ts.map +1 -0
  132. package/dist/integrations/cheqd/linkage.js +32 -0
  133. package/dist/integrations/cheqd/linkage.js.map +1 -0
  134. package/dist/integrations/cheqd/registrar.d.ts +85 -0
  135. package/dist/integrations/cheqd/registrar.d.ts.map +1 -0
  136. package/dist/integrations/cheqd/registrar.js +304 -0
  137. package/dist/integrations/cheqd/registrar.js.map +1 -0
  138. package/dist/integrations/cheqd/resolver.d.ts +38 -0
  139. package/dist/integrations/cheqd/resolver.d.ts.map +1 -0
  140. package/dist/integrations/cheqd/resolver.js +156 -0
  141. package/dist/integrations/cheqd/resolver.js.map +1 -0
  142. package/dist/middleware/index.d.ts +2 -0
  143. package/dist/middleware/index.d.ts.map +1 -1
  144. package/dist/middleware/index.js +5 -0
  145. package/dist/middleware/index.js.map +1 -1
  146. package/dist/middleware/with-kya-os.config-types.d.ts +139 -0
  147. package/dist/middleware/with-kya-os.config-types.d.ts.map +1 -0
  148. package/dist/middleware/with-kya-os.config-types.js +9 -0
  149. package/dist/middleware/with-kya-os.config-types.js.map +1 -0
  150. package/dist/middleware/with-kya-os.d.ts +3 -267
  151. package/dist/middleware/with-kya-os.d.ts.map +1 -1
  152. package/dist/middleware/with-kya-os.delegation-gate.d.ts +19 -0
  153. package/dist/middleware/with-kya-os.delegation-gate.d.ts.map +1 -0
  154. package/dist/middleware/with-kya-os.delegation-gate.js +175 -0
  155. package/dist/middleware/with-kya-os.delegation-gate.js.map +1 -0
  156. package/dist/middleware/with-kya-os.delegation-verify.d.ts +51 -0
  157. package/dist/middleware/with-kya-os.delegation-verify.d.ts.map +1 -0
  158. package/dist/middleware/with-kya-os.delegation-verify.js +165 -0
  159. package/dist/middleware/with-kya-os.delegation-verify.js.map +1 -0
  160. package/dist/middleware/with-kya-os.deps.d.ts +40 -0
  161. package/dist/middleware/with-kya-os.deps.d.ts.map +1 -0
  162. package/dist/middleware/with-kya-os.deps.js +9 -0
  163. package/dist/middleware/with-kya-os.deps.js.map +1 -0
  164. package/dist/middleware/with-kya-os.grants.d.ts +30 -0
  165. package/dist/middleware/with-kya-os.grants.d.ts.map +1 -0
  166. package/dist/middleware/with-kya-os.grants.js +145 -0
  167. package/dist/middleware/with-kya-os.grants.js.map +1 -0
  168. package/dist/middleware/with-kya-os.helpers.d.ts +24 -0
  169. package/dist/middleware/with-kya-os.helpers.d.ts.map +1 -0
  170. package/dist/middleware/with-kya-os.helpers.js +57 -0
  171. package/dist/middleware/with-kya-os.helpers.js.map +1 -0
  172. package/dist/middleware/with-kya-os.js +45 -891
  173. package/dist/middleware/with-kya-os.js.map +1 -1
  174. package/dist/middleware/with-kya-os.policy-gate.d.ts +16 -0
  175. package/dist/middleware/with-kya-os.policy-gate.d.ts.map +1 -0
  176. package/dist/middleware/with-kya-os.policy-gate.js +98 -0
  177. package/dist/middleware/with-kya-os.policy-gate.js.map +1 -0
  178. package/dist/middleware/with-kya-os.protocol.d.ts +29 -0
  179. package/dist/middleware/with-kya-os.protocol.d.ts.map +1 -0
  180. package/dist/middleware/with-kya-os.protocol.js +121 -0
  181. package/dist/middleware/with-kya-os.protocol.js.map +1 -0
  182. package/dist/middleware/with-kya-os.session.d.ts +32 -0
  183. package/dist/middleware/with-kya-os.session.d.ts.map +1 -0
  184. package/dist/middleware/with-kya-os.session.js +201 -0
  185. package/dist/middleware/with-kya-os.session.js.map +1 -0
  186. package/dist/middleware/with-kya-os.types.d.ts +178 -0
  187. package/dist/middleware/with-kya-os.types.d.ts.map +1 -0
  188. package/dist/middleware/with-kya-os.types.js +13 -0
  189. package/dist/middleware/with-kya-os.types.js.map +1 -0
  190. package/dist/providers/runtime-fetch.d.ts +8 -0
  191. package/dist/providers/runtime-fetch.d.ts.map +1 -1
  192. package/dist/providers/runtime-fetch.js +17 -0
  193. package/dist/providers/runtime-fetch.js.map +1 -1
  194. package/dist/providers/web-crypto.d.ts.map +1 -1
  195. package/dist/providers/web-crypto.js +15 -7
  196. package/dist/providers/web-crypto.js.map +1 -1
  197. package/dist/utils/guards.d.ts +2 -0
  198. package/dist/utils/guards.d.ts.map +1 -0
  199. package/dist/utils/guards.js +4 -0
  200. package/dist/utils/guards.js.map +1 -0
  201. package/dist/utils/index.d.ts +3 -0
  202. package/dist/utils/index.d.ts.map +1 -1
  203. package/dist/utils/index.js +3 -0
  204. package/dist/utils/index.js.map +1 -1
  205. package/dist/utils/ip-classifier.d.ts +12 -0
  206. package/dist/utils/ip-classifier.d.ts.map +1 -0
  207. package/dist/utils/ip-classifier.js +153 -0
  208. package/dist/utils/ip-classifier.js.map +1 -0
  209. package/dist/utils/safe-fetch-transports.d.ts +40 -0
  210. package/dist/utils/safe-fetch-transports.d.ts.map +1 -0
  211. package/dist/utils/safe-fetch-transports.js +121 -0
  212. package/dist/utils/safe-fetch-transports.js.map +1 -0
  213. package/dist/utils/safe-fetch-types.d.ts +66 -0
  214. package/dist/utils/safe-fetch-types.d.ts.map +1 -0
  215. package/dist/utils/safe-fetch-types.js +10 -0
  216. package/dist/utils/safe-fetch-types.js.map +1 -0
  217. package/dist/utils/safe-fetch.d.ts +40 -0
  218. package/dist/utils/safe-fetch.d.ts.map +1 -0
  219. package/dist/utils/safe-fetch.js +188 -0
  220. package/dist/utils/safe-fetch.js.map +1 -0
  221. package/dist/utils/statuslist-purpose.d.ts +12 -0
  222. package/dist/utils/statuslist-purpose.d.ts.map +1 -0
  223. package/dist/utils/statuslist-purpose.js +19 -0
  224. package/dist/utils/statuslist-purpose.js.map +1 -0
  225. package/dist/utils/url.d.ts +2 -0
  226. package/dist/utils/url.d.ts.map +1 -0
  227. package/dist/utils/url.js +8 -0
  228. package/dist/utils/url.js.map +1 -0
  229. package/package.json +25 -5
  230. package/schemas/README.md +2 -1
  231. package/schemas/card-delegation-credential.json +239 -0
  232. package/schemas/kya-os-card.schema.json +284 -0
@@ -0,0 +1,165 @@
1
+ /**
2
+ * KYA-OS Middleware — delegation verification plumbing.
3
+ *
4
+ * Builds the DID resolver, the embedded-proof signature verifier, the
5
+ * `DelegationCredentialVerifier`, and the framework-agnostic chain-validation
6
+ * adapter (chain-enforcement.ts) once per middleware instance. Extracted from
7
+ * `wrapWithDelegation` so the gate module holds only the request flow.
8
+ */
9
+ import { createDidKeyResolver } from "../delegation/did-key-resolver.js";
10
+ import { createDidWebResolver } from "../delegation/did-web-resolver.js";
11
+ import { buildDidResolverRegistry, } from "../delegation/did-resolver-registry.js";
12
+ import { getDidMethod } from "../utils/did-helpers.js";
13
+ import { DelegationCredentialVerifier, } from "../delegation/vc-verifier.js";
14
+ import { validateDelegationChain as validateDelegationChainCore } from "../delegation/chain-enforcement.js";
15
+ import { RuntimeFetchProvider } from "../providers/runtime-fetch.js";
16
+ import { canonicalizeJSON } from "../delegation/utils.js";
17
+ import { base64urlDecodeToBytes, bytesToBase64 } from "../utils/base64.js";
18
+ import { createNeedsAuthorizationError, } from "../types/protocol.js";
19
+ import { logger } from "../logging/index.js";
20
+ import { sanitizeForMessage } from "./with-kya-os.helpers.js";
21
+ export function createDelegationVerification(deps) {
22
+ const { identity, cryptoProvider, delegationConfig } = deps;
23
+ const didKeyResolver = createDidKeyResolver();
24
+ const fetchProvider = delegationConfig?.fetchProvider ??
25
+ (typeof globalThis.fetch === "function"
26
+ ? new RuntimeFetchProvider()
27
+ : undefined);
28
+ const didWebResolver = fetchProvider
29
+ ? createDidWebResolver(fetchProvider)
30
+ : undefined;
31
+ const configuredDidResolvers = buildDidResolverRegistry(delegationConfig?.didResolvers, fetchProvider);
32
+ const didResolver = {
33
+ async resolve(did) {
34
+ const customResolver = delegationConfig?.didResolver;
35
+ if (customResolver) {
36
+ const resolved = await customResolver.resolve(did);
37
+ if (resolved) {
38
+ return resolved;
39
+ }
40
+ }
41
+ const method = getDidMethod(did);
42
+ const configuredResolver = method ? configuredDidResolvers[method] : undefined;
43
+ if (configuredResolver) {
44
+ try {
45
+ const resolved = await configuredResolver.resolve(did);
46
+ if (resolved) {
47
+ return resolved;
48
+ }
49
+ }
50
+ catch {
51
+ return null;
52
+ }
53
+ }
54
+ if (did.startsWith("did:key:")) {
55
+ return didKeyResolver.resolve(did);
56
+ }
57
+ if (did.startsWith("did:web:")) {
58
+ return didWebResolver?.resolve(did) ?? null;
59
+ }
60
+ return null;
61
+ },
62
+ };
63
+ const signatureVerifier = async (vc, publicKeyJwk) => {
64
+ const proof = vc.proof;
65
+ if (!proof) {
66
+ return { valid: false, reason: "Missing proof" };
67
+ }
68
+ const proofValue = proof["proofValue"];
69
+ if (!proofValue) {
70
+ return { valid: false, reason: "Missing proofValue in proof" };
71
+ }
72
+ // Reconstruct the unsigned VC (without proof) for signature verification
73
+ const vcRecord = vc;
74
+ const vcWithoutProof = {};
75
+ for (const [k, v] of Object.entries(vcRecord)) {
76
+ if (k !== "proof")
77
+ vcWithoutProof[k] = v;
78
+ }
79
+ const canonical = canonicalizeJSON(vcWithoutProof);
80
+ const data = new TextEncoder().encode(canonical);
81
+ // Decode signature from base64url proof value
82
+ const sigBytes = base64urlDecodeToBytes(proofValue);
83
+ // Get public key from JWK (x is base64url-encoded raw key bytes)
84
+ const jwk = publicKeyJwk;
85
+ if (!jwk.x) {
86
+ return { valid: false, reason: "No x field in publicKeyJwk" };
87
+ }
88
+ // Convert base64url key to standard base64 for the crypto provider
89
+ const pubKeyBytes = base64urlDecodeToBytes(jwk.x);
90
+ const pubKeyBase64 = bytesToBase64(pubKeyBytes);
91
+ const valid = await cryptoProvider.verify(data, sigBytes, pubKeyBase64);
92
+ return {
93
+ valid,
94
+ reason: valid ? undefined : "Signature verification failed",
95
+ };
96
+ };
97
+ const verifier = new DelegationCredentialVerifier({
98
+ didResolver,
99
+ signatureVerifier,
100
+ statusListResolver: delegationConfig?.statusListResolver,
101
+ });
102
+ const buildDelegationErrorResponse = (error, reason) => ({
103
+ content: [
104
+ {
105
+ type: "text",
106
+ text: JSON.stringify({ error, reason: sanitizeForMessage(reason) }),
107
+ },
108
+ ],
109
+ isError: true,
110
+ });
111
+ const validateDelegationChain = (leafCredential, options) => validateDelegationChainCore(leafCredential, {
112
+ serverDid: identity.did,
113
+ verifier,
114
+ resolveDelegationChain: delegationConfig?.resolveDelegationChain,
115
+ statusListConfigured: !!delegationConfig?.statusListResolver,
116
+ revocationChecker: delegationConfig?.revocationChecker,
117
+ }, options);
118
+ async function buildNeedsAuthorizationChallenge(toolName, config) {
119
+ const tokenBytes = await cryptoProvider.randomBytes(16);
120
+ const hex = Array.from(tokenBytes)
121
+ .map((b) => b.toString(16).padStart(2, "0"))
122
+ .join("");
123
+ const resumeToken = [
124
+ hex.slice(0, 8),
125
+ hex.slice(8, 12),
126
+ hex.slice(12, 16),
127
+ hex.slice(16, 20),
128
+ hex.slice(20),
129
+ ].join("-");
130
+ const expiresAt = Math.floor(Date.now() / 1000) + 300;
131
+ const authError = createNeedsAuthorizationError({
132
+ message: `Tool "${toolName}" requires delegation with scope: ${config.scopeId}`,
133
+ authorizationUrl: config.consentUrl,
134
+ resumeToken,
135
+ expiresAt,
136
+ scopes: [config.scopeId],
137
+ });
138
+ // config.formatChallenge lets a server render the challenge (e.g. a markdown
139
+ // link for LLM clients) BEFORE it is signed, so the proof binds exactly what
140
+ // the client receives. A throwing hook falls back to the default challenge.
141
+ const defaultChallengeContent = [
142
+ { type: "text", text: JSON.stringify(authError) },
143
+ ];
144
+ let challengeContent = defaultChallengeContent;
145
+ if (config.formatChallenge) {
146
+ try {
147
+ challengeContent = config.formatChallenge(authError);
148
+ }
149
+ catch (error) {
150
+ logger.error("[kya-os] formatChallenge threw; using the default challenge", {
151
+ tool: toolName,
152
+ error: error instanceof Error ? error.message : String(error),
153
+ });
154
+ challengeContent = defaultChallengeContent;
155
+ }
156
+ }
157
+ return { challengeContent, message: authError.message };
158
+ }
159
+ return {
160
+ validateDelegationChain,
161
+ buildDelegationErrorResponse,
162
+ buildNeedsAuthorizationChallenge,
163
+ };
164
+ }
165
+ //# sourceMappingURL=with-kya-os.delegation-verify.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"with-kya-os.delegation-verify.js","sourceRoot":"","sources":["../../src/middleware/with-kya-os.delegation-verify.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EACL,wBAAwB,GACzB,MAAM,wCAAwC,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EACL,4BAA4B,GAG7B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,uBAAuB,IAAI,2BAA2B,EAAE,MAAM,oCAAoC,CAAC;AAC5G,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,sBAAsB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAC3E,OAAO,EACL,6BAA6B,GAG9B,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAG7C,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AA0C9D,MAAM,UAAU,4BAA4B,CAC1C,IAAoB;IAEpB,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,gBAAgB,EAAE,GAAG,IAAI,CAAC;IAE5D,MAAM,cAAc,GAAG,oBAAoB,EAAE,CAAC;IAC9C,MAAM,aAAa,GACjB,gBAAgB,EAAE,aAAa;QAC/B,CAAC,OAAO,UAAU,CAAC,KAAK,KAAK,UAAU;YACrC,CAAC,CAAC,IAAI,oBAAoB,EAAE;YAC5B,CAAC,CAAC,SAAS,CAAC,CAAC;IACjB,MAAM,cAAc,GAAG,aAAa;QAClC,CAAC,CAAC,oBAAoB,CAAC,aAAa,CAAC;QACrC,CAAC,CAAC,SAAS,CAAC;IACd,MAAM,sBAAsB,GAAG,wBAAwB,CACrD,gBAAgB,EAAE,YAAY,EAC9B,aAAa,CACd,CAAC;IACF,MAAM,WAAW,GAAgB;QAC/B,KAAK,CAAC,OAAO,CAAC,GAAW;YACvB,MAAM,cAAc,GAAG,gBAAgB,EAAE,WAAW,CAAC;YACrD,IAAI,cAAc,EAAE,CAAC;gBACnB,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACnD,IAAI,QAAQ,EAAE,CAAC;oBACb,OAAO,QAAQ,CAAC;gBAClB,CAAC;YACH,CAAC;YAED,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,kBAAkB,GAAG,MAAM,CAAC,CAAC,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC/E,IAAI,kBAAkB,EAAE,CAAC;gBACvB,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;oBACvD,IAAI,QAAQ,EAAE,CAAC;wBACb,OAAO,QAAQ,CAAC;oBAClB,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC/B,OAAO,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACrC,CAAC;YAED,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC/B,OAAO,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;YAC9C,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;IAEF,MAAM,iBAAiB,GAAkC,KAAK,EAC5D,EAAwB,EACxB,YAAqB,EACyB,EAAE;QAChD,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC;QACvB,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;QACnD,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,CAAuB,CAAC;QAC7D,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;QACjE,CAAC;QAED,yEAAyE;QACzE,MAAM,QAAQ,GAAG,EAA6B,CAAC;QAC/C,MAAM,cAAc,GAA4B,EAAE,CAAC;QACnD,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9C,IAAI,CAAC,KAAK,OAAO;gBAAE,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC3C,CAAC;QACD,MAAM,SAAS,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,8CAA8C;QAC9C,MAAM,QAAQ,GAAG,sBAAsB,CAAC,UAAU,CAAC,CAAC;QAEpD,iEAAiE;QACjE,MAAM,GAAG,GAAG,YAA8B,CAAC;QAC3C,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,4BAA4B,EAAE,CAAC;QAChE,CAAC;QAED,mEAAmE;QACnE,MAAM,WAAW,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAClD,MAAM,YAAY,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;QAEhD,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;QACxE,OAAO;YACL,KAAK;YACL,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,+BAA+B;SAC5D,CAAC;IACJ,CAAC,CAAC;IAEF,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAAC;QAChD,WAAW;QACX,iBAAiB;QACjB,kBAAkB,EAAE,gBAAgB,EAAE,kBAAkB;KACzD,CAAC,CAAC;IAEH,MAAM,4BAA4B,GAAG,CACnC,KAAa,EACb,MAAc,EACyB,EAAE,CAAC,CAAC;QAC3C,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAe;gBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC;aACpE;SACF;QACD,OAAO,EAAE,IAAI;KACd,CAAC,CAAC;IAEH,MAAM,uBAAuB,GAAG,CAC9B,cAAoC,EACpC,OAAqC,EACS,EAAE,CAChD,2BAA2B,CACzB,cAAc,EACd;QACE,SAAS,EAAE,QAAQ,CAAC,GAAG;QACvB,QAAQ;QACR,sBAAsB,EAAE,gBAAgB,EAAE,sBAAsB;QAChE,oBAAoB,EAAE,CAAC,CAAC,gBAAgB,EAAE,kBAAkB;QAC5D,iBAAiB,EAAE,gBAAgB,EAAE,iBAAiB;KACvD,EACD,OAAO,CACR,CAAC;IAEJ,KAAK,UAAU,gCAAgC,CAC7C,QAAgB,EAChB,MAA4B;QAK5B,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACxD,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;aAC/B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;QACZ,MAAM,WAAW,GAAG;YAClB,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YACf,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAChB,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;YACjB,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;YACjB,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;SACd,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACZ,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC;QAEtD,MAAM,SAAS,GAAG,6BAA6B,CAAC;YAC9C,OAAO,EAAE,SAAS,QAAQ,qCAAqC,MAAM,CAAC,OAAO,EAAE;YAC/E,gBAAgB,EAAE,MAAM,CAAC,UAAU;YACnC,WAAW;YACX,SAAS;YACT,MAAM,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC;SACzB,CAAC,CAAC;QAEH,6EAA6E;QAC7E,6EAA6E;QAC7E,4EAA4E;QAC5E,MAAM,uBAAuB,GAAG;YAC9B,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE;SAC3D,CAAC;QACF,IAAI,gBAAgB,GAAG,uBAAuB,CAAC;QAC/C,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YAC3B,IAAI,CAAC;gBACH,gBAAgB,GAAG,MAAM,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;YACvD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,6DAA6D,EAAE;oBAC1E,IAAI,EAAE,QAAQ;oBACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC,CAAC;gBACH,gBAAgB,GAAG,uBAAuB,CAAC;YAC7C,CAAC;QACH,CAAC;QACD,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;IAC1D,CAAC;IAED,OAAO;QACL,uBAAuB;QACvB,4BAA4B;QAC5B,gCAAgC;KACjC,CAAC;AACJ,CAAC"}
@@ -0,0 +1,40 @@
1
+ /**
2
+ * KYA-OS Middleware — the internal dependency bag.
3
+ *
4
+ * `createKyaOsMiddleware` constructs these collaborators once and threads this
5
+ * bag into each sub-factory (session/proof, grant-resolution, delegation-gate,
6
+ * policy-gate). Internal to the middleware package — not part of the public API.
7
+ */
8
+ import type { CryptoProvider } from "../providers/base.js";
9
+ import type { AuditLogProvider } from "../providers/audit-log.js";
10
+ import type { GrantStore } from "../providers/grant-store.js";
11
+ import type { SessionManager } from "../session/manager.js";
12
+ import type { ProofGenerator, ProofAgentIdentity } from "../proof/generator.js";
13
+ import type { ProofVerifier } from "../proof/verifier.js";
14
+ import type { KyaOsConfig, KyaOsDelegationConfig, KyaOsToolHandler } from "./with-kya-os.types.js";
15
+ /**
16
+ * Attach a signed proof recording an authorization OUTCOME (denied / step-up /
17
+ * needs-authorization) to a response. Provided by the session/proof sub-factory
18
+ * and consumed by the delegation- and policy-gate sub-factories, so it is typed
19
+ * here as the shared internal contract between them.
20
+ */
21
+ export type AttachOutcomeProof = (response: Awaited<ReturnType<KyaOsToolHandler>>, toolName: string, args: Record<string, unknown>, sessionId: string | undefined, reason: string, outcome?: "denied" | "step_up_required" | "needs_authorization", paramsOverride?: Record<string, unknown>, responseData?: unknown) => Promise<Awaited<ReturnType<KyaOsToolHandler>>>;
22
+ /** The constructed dependencies shared across the middleware sub-factories. */
23
+ export interface MiddlewareDeps {
24
+ /** Proof-generation identity (DID + key material). */
25
+ identity: ProofAgentIdentity;
26
+ /** The full user config (for `identity.agentName`, `autoSession`, …). */
27
+ config: KyaOsConfig;
28
+ cryptoProvider: CryptoProvider;
29
+ sessionManager: SessionManager;
30
+ proofGenerator: ProofGenerator;
31
+ auditLog: AuditLogProvider;
32
+ grantStore: GrantStore;
33
+ delegationConfig: KyaOsDelegationConfig | undefined;
34
+ holderBindingMode: "off" | "warn" | "enforce";
35
+ /** Present iff holder binding is enabled; the inbound per-request proof verifier. */
36
+ holderBindingVerifier: ProofVerifier | undefined;
37
+ /** Mirror the proof under the legacy bare `_meta.proof` key (pre-1.1 back-compat). */
38
+ emitLegacyProofKey: boolean;
39
+ }
40
+ //# sourceMappingURL=with-kya-os.deps.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"with-kya-os.deps.d.ts","sourceRoot":"","sources":["../../src/middleware/with-kya-os.deps.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,KAAK,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAChF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,KAAK,EACV,WAAW,EACX,qBAAqB,EACrB,gBAAgB,EACjB,MAAM,wBAAwB,CAAC;AAEhC;;;;;GAKG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAC/B,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,EAC/C,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,QAAQ,GAAG,kBAAkB,GAAG,qBAAqB,EAC/D,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACxC,YAAY,CAAC,EAAE,OAAO,KACnB,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;AAEpD,+EAA+E;AAC/E,MAAM,WAAW,cAAc;IAC7B,sDAAsD;IACtD,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,yEAAyE;IACzE,MAAM,EAAE,WAAW,CAAC;IACpB,cAAc,EAAE,cAAc,CAAC;IAC/B,cAAc,EAAE,cAAc,CAAC;IAC/B,cAAc,EAAE,cAAc,CAAC;IAC/B,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,UAAU,EAAE,UAAU,CAAC;IACvB,gBAAgB,EAAE,qBAAqB,GAAG,SAAS,CAAC;IACpD,iBAAiB,EAAE,KAAK,GAAG,MAAM,GAAG,SAAS,CAAC;IAC9C,qFAAqF;IACrF,qBAAqB,EAAE,aAAa,GAAG,SAAS,CAAC;IACjD,sFAAsF;IACtF,kBAAkB,EAAE,OAAO,CAAC;CAC7B"}
@@ -0,0 +1,9 @@
1
+ /**
2
+ * KYA-OS Middleware — the internal dependency bag.
3
+ *
4
+ * `createKyaOsMiddleware` constructs these collaborators once and threads this
5
+ * bag into each sub-factory (session/proof, grant-resolution, delegation-gate,
6
+ * policy-gate). Internal to the middleware package — not part of the public API.
7
+ */
8
+ export {};
9
+ //# sourceMappingURL=with-kya-os.deps.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"with-kya-os.deps.js","sourceRoot":"","sources":["../../src/middleware/with-kya-os.deps.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG"}
@@ -0,0 +1,30 @@
1
+ /**
2
+ * KYA-OS Middleware — durable-grant resolution (the no-paste retry).
3
+ *
4
+ * Resolves and mints agent-anchored / session-bound authorization grants so a
5
+ * verified delegation need not be re-pasted on the next call — even on a fresh
6
+ * instance with empty memory. Extracted from `./with-kya-os.ts`; depends only on
7
+ * the immutable {@link MiddlewareDeps} (no shared session state).
8
+ */
9
+ import type { Grant } from "../providers/grant-store.js";
10
+ import type { DelegationCredential } from "../types/protocol.js";
11
+ import type { MiddlewareDeps } from "./with-kya-os.deps.js";
12
+ export interface GrantResolution {
13
+ /**
14
+ * Resolve an existing durable grant for a no-delegation (retry) call, so a
15
+ * fresh instance with empty memory authorizes the retry from the shared store.
16
+ * Fail-closed, holder-of-key first (agent-anchored, portable), then the
17
+ * session bearer capability. Returns undefined to fall through to the
18
+ * needs_authorization challenge.
19
+ */
20
+ resolveExistingGrant(toolName: string, args: Record<string, unknown>, sessionId: string | undefined, scopeId: string): Promise<Grant | undefined>;
21
+ /**
22
+ * Mint a durable grant from a freshly-verified delegation so the NEXT call —
23
+ * on any instance — resolves via {@link resolveExistingGrant} without
24
+ * re-pasting the VC. Best-effort: a store failure must not break the
25
+ * already-authorized response.
26
+ */
27
+ bindGrantOnSuccess(vc: DelegationCredential, delegationArg: unknown, isVCJWT: boolean, sessionId: string | undefined, scopeId: string): Promise<void>;
28
+ }
29
+ export declare function createGrantResolution(deps: MiddlewareDeps): GrantResolution;
30
+ //# sourceMappingURL=with-kya-os.grants.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"with-kya-os.grants.d.ts","sourceRoot":"","sources":["../../src/middleware/with-kya-os.grants.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,KAAK,EACV,oBAAoB,EAErB,MAAM,sBAAsB,CAAC;AAQ9B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAE5D,MAAM,WAAW,eAAe;IAC9B;;;;;;OAMG;IACH,oBAAoB,CAClB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,KAAK,GAAG,SAAS,CAAC,CAAC;IAC9B;;;;;OAKG;IACH,kBAAkB,CAChB,EAAE,EAAE,oBAAoB,EACxB,aAAa,EAAE,OAAO,EACtB,OAAO,EAAE,OAAO,EAChB,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC,CAAC;CAClB;AAED,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,cAAc,GAAG,eAAe,CAiK3E"}
@@ -0,0 +1,145 @@
1
+ /**
2
+ * KYA-OS Middleware — durable-grant resolution (the no-paste retry).
3
+ *
4
+ * Resolves and mints agent-anchored / session-bound authorization grants so a
5
+ * verified delegation need not be re-pasted on the next call — even on a fresh
6
+ * instance with empty memory. Extracted from `./with-kya-os.ts`; depends only on
7
+ * the immutable {@link MiddlewareDeps} (no shared session state).
8
+ */
9
+ import { getDelegationScopes } from "../delegation/chain-enforcement.js";
10
+ import { assertHolderBinding, isHolderBindingApplicable, toHolderBindingRequest, } from "../delegation/holder-binding.js";
11
+ import { logger } from "../logging/index.js";
12
+ export function createGrantResolution(deps) {
13
+ const { identity, cryptoProvider, grantStore, holderBindingMode, holderBindingVerifier, } = deps;
14
+ /**
15
+ * Deterministic grant id from (agentDid, sessionId, sorted scopes). Stable for
16
+ * the same tuple so a repeated VC-paste UPSERTS one grant rather than piling
17
+ * duplicate rows in a durable store.
18
+ */
19
+ async function grantId(agentDid, sessionId, scopes) {
20
+ const key = `${agentDid}|${sessionId ?? ""}|${[...scopes].sort().join(",")}`;
21
+ const digest = await cryptoProvider.hash(new TextEncoder().encode(key));
22
+ return `grant_${digest.replace(/^sha256:/, "")}`;
23
+ }
24
+ /** Grant expiry (ms epoch) derived from the VC, or undefined for no expiry. */
25
+ function delegationExpiryMs(vc) {
26
+ if (vc.expirationDate) {
27
+ const parsed = Date.parse(vc.expirationDate);
28
+ if (!Number.isNaN(parsed))
29
+ return parsed;
30
+ }
31
+ const notAfter = vc.credentialSubject?.delegation?.constraints?.notAfter;
32
+ if (typeof notAfter === "number")
33
+ return notAfter * 1000;
34
+ return undefined;
35
+ }
36
+ /**
37
+ * Resolve a durable, agent-anchored grant for a no-delegation call — BUT ONLY
38
+ * behind a verified holder-of-key proof. The agent DID is taken from the
39
+ * `_kyaos_proof` and re-proven per request (possession of the subject key over
40
+ * THIS request), never trusted from a bearer hint. This is the single most
41
+ * security-sensitive gate of the durable-consent change: without it, any
42
+ * caller who knows agent A's DID could replay A's grant (confused-deputy
43
+ * escalation, spec §A.4). Returns undefined unless possession is proven.
44
+ */
45
+ async function resolveAgentGrant(toolName, args, sessionId, scopeId) {
46
+ if (!holderBindingVerifier)
47
+ return undefined; // inert unless holder binding is on
48
+ const proofArg = args["_kyaos_proof"];
49
+ if (proofArg === undefined)
50
+ return undefined;
51
+ let parsedProof = proofArg;
52
+ if (typeof proofArg === "string") {
53
+ try {
54
+ parsedProof = JSON.parse(proofArg);
55
+ }
56
+ catch {
57
+ return undefined;
58
+ }
59
+ }
60
+ const proof = parsedProof;
61
+ const agentDid = proof?.meta?.did;
62
+ if (typeof agentDid !== "string" || !isHolderBindingApplicable(agentDid)) {
63
+ return undefined;
64
+ }
65
+ const binding = await assertHolderBinding({
66
+ proof,
67
+ subjectDid: agentDid,
68
+ request: toHolderBindingRequest(toolName, args),
69
+ expectedAudience: identity.did,
70
+ proofVerifier: holderBindingVerifier,
71
+ });
72
+ if (binding.status !== "bound")
73
+ return undefined;
74
+ const grants = await grantStore.getByAgent(agentDid, [scopeId]);
75
+ // A session-bound grant is usable only from its own session; an
76
+ // agent-anchored (session-less) grant is portable across transports.
77
+ return grants.find((g) => g.sessionId === undefined || g.sessionId === sessionId);
78
+ }
79
+ async function resolveExistingGrant(toolName, args, sessionId, scopeId) {
80
+ const agentGrant = await resolveAgentGrant(toolName, args, sessionId, scopeId);
81
+ if (agentGrant)
82
+ return agentGrant;
83
+ if (sessionId) {
84
+ const [sessionGrant] = await grantStore.getBySession(sessionId, [scopeId]);
85
+ if (sessionGrant)
86
+ return sessionGrant;
87
+ }
88
+ return undefined;
89
+ }
90
+ async function bindGrantOnSuccess(vc, delegationArg, isVCJWT, sessionId, scopeId) {
91
+ try {
92
+ const agentDid = vc.credentialSubject?.id;
93
+ if (!agentDid)
94
+ return;
95
+ // A session-less grant minted with holder binding OFF is unresolvable on
96
+ // retry (getByAgent needs a holder-of-key proof; getBySession needs a
97
+ // sessionId), so DON'T bind it — that would only orphan a row in a durable
98
+ // store. Durability for such flows comes from re-presenting the delegation,
99
+ // not from a grant. Enable holderBinding 'enforce' or thread a sessionId to
100
+ // use the grant-backed no-paste retry.
101
+ if (holderBindingMode === "off" && sessionId === undefined) {
102
+ logger.debug(`[kya-os] Skipping an unresolvable session-less grant for scope "${scopeId}" (holderBinding 'off', no sessionId).`);
103
+ return;
104
+ }
105
+ let delegatedScopes;
106
+ try {
107
+ delegatedScopes = getDelegationScopes(vc);
108
+ }
109
+ catch {
110
+ delegatedScopes = [];
111
+ }
112
+ // Store the EXACT required scope alongside the delegated scopes. The retry
113
+ // queries by the tool's exact scopeId, but the delegation may have granted
114
+ // a prefix/regex scope (e.g. "cart:*"); the store's exact `coversScopes`
115
+ // would never match the wildcard, so the no-paste retry would silently
116
+ // re-challenge. Including scopeId makes the grant resolvable.
117
+ const scopes = Array.from(new Set([scopeId, ...delegatedScopes]));
118
+ const userDid = vc.credentialSubject?.delegation?.controller;
119
+ const expiresAt = delegationExpiryMs(vc);
120
+ const grant = {
121
+ id: await grantId(agentDid, sessionId, scopes),
122
+ agentDid,
123
+ ...(userDid !== undefined ? { userDid } : {}),
124
+ scopes,
125
+ ...(sessionId !== undefined ? { sessionId } : {}),
126
+ authorization: { type: "delegation" },
127
+ ...(isVCJWT && typeof delegationArg === "string"
128
+ ? { credentialJwt: delegationArg }
129
+ : {}),
130
+ issuedAt: Date.now(),
131
+ ...(expiresAt !== undefined ? { expiresAt } : {}),
132
+ status: "active",
133
+ };
134
+ await grantStore.bind(grant);
135
+ }
136
+ catch (error) {
137
+ logger.error("[kya-os] Grant bind failed", {
138
+ scope: scopeId,
139
+ error: error instanceof Error ? error.message : String(error),
140
+ });
141
+ }
142
+ }
143
+ return { resolveExistingGrant, bindGrantOnSuccess };
144
+ }
145
+ //# sourceMappingURL=with-kya-os.grants.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"with-kya-os.grants.js","sourceRoot":"","sources":["../../src/middleware/with-kya-os.grants.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,EACL,mBAAmB,EACnB,yBAAyB,EACzB,sBAAsB,GACvB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAgC7C,MAAM,UAAU,qBAAqB,CAAC,IAAoB;IACxD,MAAM,EACJ,QAAQ,EACR,cAAc,EACd,UAAU,EACV,iBAAiB,EACjB,qBAAqB,GACtB,GAAG,IAAI,CAAC;IAET;;;;OAIG;IACH,KAAK,UAAU,OAAO,CACpB,QAAgB,EAChB,SAA6B,EAC7B,MAAgB;QAEhB,MAAM,GAAG,GAAG,GAAG,QAAQ,IAAI,SAAS,IAAI,EAAE,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7E,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QACxE,OAAO,SAAS,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC;IACnD,CAAC;IAED,+EAA+E;IAC/E,SAAS,kBAAkB,CAAC,EAAwB;QAClD,IAAI,EAAE,CAAC,cAAc,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC;YAC7C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC;gBAAE,OAAO,MAAM,CAAC;QAC3C,CAAC;QACD,MAAM,QAAQ,GAAG,EAAE,CAAC,iBAAiB,EAAE,UAAU,EAAE,WAAW,EAAE,QAAQ,CAAC;QACzE,IAAI,OAAO,QAAQ,KAAK,QAAQ;YAAE,OAAO,QAAQ,GAAG,IAAI,CAAC;QACzD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,UAAU,iBAAiB,CAC9B,QAAgB,EAChB,IAA6B,EAC7B,SAA6B,EAC7B,OAAe;QAEf,IAAI,CAAC,qBAAqB;YAAE,OAAO,SAAS,CAAC,CAAC,oCAAoC;QAClF,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;QACtC,IAAI,QAAQ,KAAK,SAAS;YAAE,OAAO,SAAS,CAAC;QAC7C,IAAI,WAAW,GAAY,QAAQ,CAAC;QACpC,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACjC,IAAI,CAAC;gBACH,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACrC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC;QACD,MAAM,KAAK,GAAG,WAA4B,CAAC;QAC3C,MAAM,QAAQ,GAAG,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC;QAClC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzE,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC;YACxC,KAAK;YACL,UAAU,EAAE,QAAQ;YACpB,OAAO,EAAE,sBAAsB,CAAC,QAAQ,EAAE,IAAI,CAAC;YAC/C,gBAAgB,EAAE,QAAQ,CAAC,GAAG;YAC9B,aAAa,EAAE,qBAAqB;SACrC,CAAC,CAAC;QACH,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO;YAAE,OAAO,SAAS,CAAC;QACjD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QAChE,gEAAgE;QAChE,qEAAqE;QACrE,OAAO,MAAM,CAAC,IAAI,CAChB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,CAC9D,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,oBAAoB,CACjC,QAAgB,EAChB,IAA6B,EAC7B,SAA6B,EAC7B,OAAe;QAEf,MAAM,UAAU,GAAG,MAAM,iBAAiB,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAC/E,IAAI,UAAU;YAAE,OAAO,UAAU,CAAC;QAElC,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,YAAY,CAAC,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;YAC3E,IAAI,YAAY;gBAAE,OAAO,YAAY,CAAC;QACxC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,KAAK,UAAU,kBAAkB,CAC/B,EAAwB,EACxB,aAAsB,EACtB,OAAgB,EAChB,SAA6B,EAC7B,OAAe;QAEf,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,EAAE,CAAC,iBAAiB,EAAE,EAAE,CAAC;YAC1C,IAAI,CAAC,QAAQ;gBAAE,OAAO;YAEtB,yEAAyE;YACzE,sEAAsE;YACtE,2EAA2E;YAC3E,4EAA4E;YAC5E,4EAA4E;YAC5E,uCAAuC;YACvC,IAAI,iBAAiB,KAAK,KAAK,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC3D,MAAM,CAAC,KAAK,CACV,mEAAmE,OAAO,wCAAwC,CACnH,CAAC;gBACF,OAAO;YACT,CAAC;YAED,IAAI,eAAyB,CAAC;YAC9B,IAAI,CAAC;gBACH,eAAe,GAAG,mBAAmB,CAAC,EAAE,CAAC,CAAC;YAC5C,CAAC;YAAC,MAAM,CAAC;gBACP,eAAe,GAAG,EAAE,CAAC;YACvB,CAAC;YACD,2EAA2E;YAC3E,2EAA2E;YAC3E,yEAAyE;YACzE,uEAAuE;YACvE,8DAA8D;YAC9D,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;YAClE,MAAM,OAAO,GAAG,EAAE,CAAC,iBAAiB,EAAE,UAAU,EAAE,UAAU,CAAC;YAC7D,MAAM,SAAS,GAAG,kBAAkB,CAAC,EAAE,CAAC,CAAC;YAEzC,MAAM,KAAK,GAAU;gBACnB,EAAE,EAAE,MAAM,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC;gBAC9C,QAAQ;gBACR,GAAG,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC7C,MAAM;gBACN,GAAG,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjD,aAAa,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE;gBACrC,GAAG,CAAC,OAAO,IAAI,OAAO,aAAa,KAAK,QAAQ;oBAC9C,CAAC,CAAC,EAAE,aAAa,EAAE,aAAa,EAAE;oBAClC,CAAC,CAAC,EAAE,CAAC;gBACP,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;gBACpB,GAAG,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjD,MAAM,EAAE,QAAQ;aACjB,CAAC;YACF,MAAM,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE;gBACzC,KAAK,EAAE,OAAO;gBACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,CAAC;AACtD,CAAC"}
@@ -0,0 +1,24 @@
1
+ /**
2
+ * KYA-OS Middleware — pure, dependency-free helpers.
3
+ *
4
+ * Referentially-transparent utilities used by `createKyaOsMiddleware`, split out
5
+ * of `./with-kya-os.ts` so the factory module stays focused on wiring. No shared
6
+ * mutable state, no I/O — safe to unit test in isolation.
7
+ */
8
+ /**
9
+ * Strip control characters and cap length on caller-derived values before they
10
+ * are interpolated into client-facing reasons or log lines. A hostile
11
+ * credential could otherwise embed newlines / control chars in an id or scope to
12
+ * forge or corrupt log entries (log injection) or break a terminal. The fixed
13
+ * parts of a reason contain no control chars, so sanitizing the whole assembled
14
+ * string at the emission boundary is equivalent to sanitizing each interpolated
15
+ * value, and is idempotent.
16
+ */
17
+ export declare function sanitizeForMessage(value: unknown, maxLen?: number): string;
18
+ /** Best-effort projection of a delegation VC into policy principal facts. */
19
+ export declare function extractPolicyPrincipal(del: unknown): {
20
+ agentDid: string;
21
+ responsibleParty?: string;
22
+ delegatedScopes: string[];
23
+ };
24
+ //# sourceMappingURL=with-kya-os.helpers.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"with-kya-os.helpers.d.ts","sourceRoot":"","sources":["../../src/middleware/with-kya-os.helpers.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,SAAM,GAAG,MAAM,CAWvE;AAED,6EAA6E;AAC7E,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,OAAO,GAAG;IACpD,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B,CA0BA"}
@@ -0,0 +1,57 @@
1
+ /**
2
+ * KYA-OS Middleware — pure, dependency-free helpers.
3
+ *
4
+ * Referentially-transparent utilities used by `createKyaOsMiddleware`, split out
5
+ * of `./with-kya-os.ts` so the factory module stays focused on wiring. No shared
6
+ * mutable state, no I/O — safe to unit test in isolation.
7
+ */
8
+ import { getDelegationScopes } from "../delegation/chain-enforcement.js";
9
+ /**
10
+ * Strip control characters and cap length on caller-derived values before they
11
+ * are interpolated into client-facing reasons or log lines. A hostile
12
+ * credential could otherwise embed newlines / control chars in an id or scope to
13
+ * forge or corrupt log entries (log injection) or break a terminal. The fixed
14
+ * parts of a reason contain no control chars, so sanitizing the whole assembled
15
+ * string at the emission boundary is equivalent to sanitizing each interpolated
16
+ * value, and is idempotent.
17
+ */
18
+ export function sanitizeForMessage(value, maxLen = 256) {
19
+ const s = typeof value === "string" ? value : String(value);
20
+ // Replace C0/C1 control chars (incl. CR, LF, TAB, ESC, DEL) with U+FFFD so a
21
+ // hostile id/scope cannot forge log lines or break a terminal. Filtered by
22
+ // code point to keep this source ASCII-only (no literal control chars).
23
+ let out = "";
24
+ for (const ch of s) {
25
+ const code = ch.codePointAt(0) ?? 0;
26
+ out += code <= 0x1f || (code >= 0x7f && code <= 0x9f) ? "\uFFFD" : ch;
27
+ }
28
+ return out.length > maxLen ? `${out.slice(0, maxLen)}\u2026` : out;
29
+ }
30
+ /** Best-effort projection of a delegation VC into policy principal facts. */
31
+ export function extractPolicyPrincipal(del) {
32
+ if (!del || typeof del !== "object") {
33
+ return { agentDid: "unknown", delegatedScopes: [] };
34
+ }
35
+ try {
36
+ const vc = del;
37
+ const subject = vc.credentialSubject;
38
+ const agentDid = subject?.delegation?.subjectDid ?? subject?.id ?? "unknown";
39
+ const responsibleParty = subject?.delegation?.controller;
40
+ let delegatedScopes = [];
41
+ try {
42
+ delegatedScopes = getDelegationScopes(vc);
43
+ }
44
+ catch {
45
+ delegatedScopes = [];
46
+ }
47
+ return {
48
+ agentDid,
49
+ ...(responsibleParty ? { responsibleParty } : {}),
50
+ delegatedScopes,
51
+ };
52
+ }
53
+ catch {
54
+ return { agentDid: "unknown", delegatedScopes: [] };
55
+ }
56
+ }
57
+ //# sourceMappingURL=with-kya-os.helpers.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"with-kya-os.helpers.js","sourceRoot":"","sources":["../../src/middleware/with-kya-os.helpers.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAEzE;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAc,EAAE,MAAM,GAAG,GAAG;IAC7D,MAAM,CAAC,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5D,6EAA6E;IAC7E,2EAA2E;IAC3E,wEAAwE;IACxE,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACpC,GAAG,IAAI,IAAI,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;IACxE,CAAC;IACD,OAAO,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;AACrE,CAAC;AAED,6EAA6E;AAC7E,MAAM,UAAU,sBAAsB,CAAC,GAAY;IAKjD,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;IACtD,CAAC;IACD,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,GAA2B,CAAC;QACvC,MAAM,OAAO,GAAG,EAAE,CAAC,iBAGlB,CAAC;QACF,MAAM,QAAQ,GAAG,OAAO,EAAE,UAAU,EAAE,UAAU,IAAI,OAAO,EAAE,EAAE,IAAI,SAAS,CAAC;QAC7E,MAAM,gBAAgB,GAAG,OAAO,EAAE,UAAU,EAAE,UAAU,CAAC;QACzD,IAAI,eAAe,GAAa,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,eAAe,GAAG,mBAAmB,CAAC,EAAE,CAAC,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,eAAe,GAAG,EAAE,CAAC;QACvB,CAAC;QACD,OAAO;YACL,QAAQ;YACR,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,eAAe;SAChB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;IACtD,CAAC;AACH,CAAC"}