@kya-os/mcp 1.7.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (232) hide show
  1. package/CHANGELOG.md +69 -0
  2. package/README.md +219 -3
  3. package/dist/card/build.d.ts +41 -0
  4. package/dist/card/build.d.ts.map +1 -0
  5. package/dist/card/build.js +47 -0
  6. package/dist/card/build.js.map +1 -0
  7. package/dist/card/builder.d.ts +99 -0
  8. package/dist/card/builder.d.ts.map +1 -0
  9. package/dist/card/builder.js +147 -0
  10. package/dist/card/builder.js.map +1 -0
  11. package/dist/card/cimd.d.ts +92 -0
  12. package/dist/card/cimd.d.ts.map +1 -0
  13. package/dist/card/cimd.js +225 -0
  14. package/dist/card/cimd.js.map +1 -0
  15. package/dist/card/delegation.d.ts +145 -0
  16. package/dist/card/delegation.d.ts.map +1 -0
  17. package/dist/card/delegation.js +293 -0
  18. package/dist/card/delegation.js.map +1 -0
  19. package/dist/card/emit.d.ts +133 -0
  20. package/dist/card/emit.d.ts.map +1 -0
  21. package/dist/card/emit.js +127 -0
  22. package/dist/card/emit.js.map +1 -0
  23. package/dist/card/index.d.ts +43 -0
  24. package/dist/card/index.d.ts.map +1 -0
  25. package/dist/card/index.js +46 -0
  26. package/dist/card/index.js.map +1 -0
  27. package/dist/card/middleware.d.ts +112 -0
  28. package/dist/card/middleware.d.ts.map +1 -0
  29. package/dist/card/middleware.js +121 -0
  30. package/dist/card/middleware.js.map +1 -0
  31. package/dist/card/proof/build.d.ts +22 -0
  32. package/dist/card/proof/build.d.ts.map +1 -0
  33. package/dist/card/proof/build.js +55 -0
  34. package/dist/card/proof/build.js.map +1 -0
  35. package/dist/card/proof/canonical.d.ts +66 -0
  36. package/dist/card/proof/canonical.d.ts.map +1 -0
  37. package/dist/card/proof/canonical.js +131 -0
  38. package/dist/card/proof/canonical.js.map +1 -0
  39. package/dist/card/proof/http-sig.d.ts +69 -0
  40. package/dist/card/proof/http-sig.d.ts.map +1 -0
  41. package/dist/card/proof/http-sig.js +101 -0
  42. package/dist/card/proof/http-sig.js.map +1 -0
  43. package/dist/card/proof/index.d.ts +25 -0
  44. package/dist/card/proof/index.d.ts.map +1 -0
  45. package/dist/card/proof/index.js +25 -0
  46. package/dist/card/proof/index.js.map +1 -0
  47. package/dist/card/proof/nonce-cache.d.ts +67 -0
  48. package/dist/card/proof/nonce-cache.d.ts.map +1 -0
  49. package/dist/card/proof/nonce-cache.js +88 -0
  50. package/dist/card/proof/nonce-cache.js.map +1 -0
  51. package/dist/card/proof/signer.d.ts +32 -0
  52. package/dist/card/proof/signer.d.ts.map +1 -0
  53. package/dist/card/proof/signer.js +59 -0
  54. package/dist/card/proof/signer.js.map +1 -0
  55. package/dist/card/proof/types.d.ts +219 -0
  56. package/dist/card/proof/types.d.ts.map +1 -0
  57. package/dist/card/proof/types.js +87 -0
  58. package/dist/card/proof/types.js.map +1 -0
  59. package/dist/card/proof/verify.d.ts +27 -0
  60. package/dist/card/proof/verify.d.ts.map +1 -0
  61. package/dist/card/proof/verify.js +236 -0
  62. package/dist/card/proof/verify.js.map +1 -0
  63. package/dist/card/resolve.d.ts +97 -0
  64. package/dist/card/resolve.d.ts.map +1 -0
  65. package/dist/card/resolve.js +223 -0
  66. package/dist/card/resolve.js.map +1 -0
  67. package/dist/card/revocation.d.ts +96 -0
  68. package/dist/card/revocation.d.ts.map +1 -0
  69. package/dist/card/revocation.js +190 -0
  70. package/dist/card/revocation.js.map +1 -0
  71. package/dist/card/schema.d.ts +177 -0
  72. package/dist/card/schema.d.ts.map +1 -0
  73. package/dist/card/schema.js +119 -0
  74. package/dist/card/schema.js.map +1 -0
  75. package/dist/card/verify.d.ts +144 -0
  76. package/dist/card/verify.d.ts.map +1 -0
  77. package/dist/card/verify.js +132 -0
  78. package/dist/card/verify.js.map +1 -0
  79. package/dist/delegation/bitstring.d.ts +9 -7
  80. package/dist/delegation/bitstring.d.ts.map +1 -1
  81. package/dist/delegation/bitstring.js +70 -37
  82. package/dist/delegation/bitstring.js.map +1 -1
  83. package/dist/delegation/did-linkage.d.ts +23 -0
  84. package/dist/delegation/did-linkage.d.ts.map +1 -0
  85. package/dist/delegation/did-linkage.js +57 -0
  86. package/dist/delegation/did-linkage.js.map +1 -0
  87. package/dist/delegation/did-resolver-registry.d.ts +7 -0
  88. package/dist/delegation/did-resolver-registry.d.ts.map +1 -0
  89. package/dist/delegation/did-resolver-registry.js +20 -0
  90. package/dist/delegation/did-resolver-registry.js.map +1 -0
  91. package/dist/delegation/did-web-resolver.d.ts +29 -18
  92. package/dist/delegation/did-web-resolver.d.ts.map +1 -1
  93. package/dist/delegation/did-web-resolver.js +65 -35
  94. package/dist/delegation/did-web-resolver.js.map +1 -1
  95. package/dist/delegation/index.d.ts +3 -0
  96. package/dist/delegation/index.d.ts.map +1 -1
  97. package/dist/delegation/index.js +3 -0
  98. package/dist/delegation/index.js.map +1 -1
  99. package/dist/delegation/statuslist-manager.d.ts.map +1 -1
  100. package/dist/delegation/statuslist-manager.js +16 -1
  101. package/dist/delegation/statuslist-manager.js.map +1 -1
  102. package/dist/delegation/vc-jwt-verify.d.ts +61 -0
  103. package/dist/delegation/vc-jwt-verify.d.ts.map +1 -0
  104. package/dist/delegation/vc-jwt-verify.js +131 -0
  105. package/dist/delegation/vc-jwt-verify.js.map +1 -0
  106. package/dist/delegation/vc-verification-checks.d.ts +50 -0
  107. package/dist/delegation/vc-verification-checks.d.ts.map +1 -0
  108. package/dist/delegation/vc-verification-checks.js +212 -0
  109. package/dist/delegation/vc-verification-checks.js.map +1 -0
  110. package/dist/delegation/vc-verifier.d.ts +24 -61
  111. package/dist/delegation/vc-verifier.d.ts.map +1 -1
  112. package/dist/delegation/vc-verifier.js +57 -180
  113. package/dist/delegation/vc-verifier.js.map +1 -1
  114. package/dist/delegation/vc-verifier.types.d.ts +88 -0
  115. package/dist/delegation/vc-verifier.types.d.ts.map +1 -0
  116. package/dist/delegation/vc-verifier.types.js +9 -0
  117. package/dist/delegation/vc-verifier.types.js.map +1 -0
  118. package/dist/index.d.ts +3 -1
  119. package/dist/index.d.ts.map +1 -1
  120. package/dist/index.js +2 -0
  121. package/dist/index.js.map +1 -1
  122. package/dist/integrations/cheqd/dlr.d.ts +44 -0
  123. package/dist/integrations/cheqd/dlr.d.ts.map +1 -0
  124. package/dist/integrations/cheqd/dlr.js +86 -0
  125. package/dist/integrations/cheqd/dlr.js.map +1 -0
  126. package/dist/integrations/cheqd/index.d.ts +5 -0
  127. package/dist/integrations/cheqd/index.d.ts.map +1 -0
  128. package/dist/integrations/cheqd/index.js +5 -0
  129. package/dist/integrations/cheqd/index.js.map +1 -0
  130. package/dist/integrations/cheqd/linkage.d.ts +20 -0
  131. package/dist/integrations/cheqd/linkage.d.ts.map +1 -0
  132. package/dist/integrations/cheqd/linkage.js +32 -0
  133. package/dist/integrations/cheqd/linkage.js.map +1 -0
  134. package/dist/integrations/cheqd/registrar.d.ts +85 -0
  135. package/dist/integrations/cheqd/registrar.d.ts.map +1 -0
  136. package/dist/integrations/cheqd/registrar.js +304 -0
  137. package/dist/integrations/cheqd/registrar.js.map +1 -0
  138. package/dist/integrations/cheqd/resolver.d.ts +38 -0
  139. package/dist/integrations/cheqd/resolver.d.ts.map +1 -0
  140. package/dist/integrations/cheqd/resolver.js +156 -0
  141. package/dist/integrations/cheqd/resolver.js.map +1 -0
  142. package/dist/middleware/index.d.ts +2 -0
  143. package/dist/middleware/index.d.ts.map +1 -1
  144. package/dist/middleware/index.js +5 -0
  145. package/dist/middleware/index.js.map +1 -1
  146. package/dist/middleware/with-kya-os.config-types.d.ts +139 -0
  147. package/dist/middleware/with-kya-os.config-types.d.ts.map +1 -0
  148. package/dist/middleware/with-kya-os.config-types.js +9 -0
  149. package/dist/middleware/with-kya-os.config-types.js.map +1 -0
  150. package/dist/middleware/with-kya-os.d.ts +3 -267
  151. package/dist/middleware/with-kya-os.d.ts.map +1 -1
  152. package/dist/middleware/with-kya-os.delegation-gate.d.ts +19 -0
  153. package/dist/middleware/with-kya-os.delegation-gate.d.ts.map +1 -0
  154. package/dist/middleware/with-kya-os.delegation-gate.js +175 -0
  155. package/dist/middleware/with-kya-os.delegation-gate.js.map +1 -0
  156. package/dist/middleware/with-kya-os.delegation-verify.d.ts +51 -0
  157. package/dist/middleware/with-kya-os.delegation-verify.d.ts.map +1 -0
  158. package/dist/middleware/with-kya-os.delegation-verify.js +165 -0
  159. package/dist/middleware/with-kya-os.delegation-verify.js.map +1 -0
  160. package/dist/middleware/with-kya-os.deps.d.ts +40 -0
  161. package/dist/middleware/with-kya-os.deps.d.ts.map +1 -0
  162. package/dist/middleware/with-kya-os.deps.js +9 -0
  163. package/dist/middleware/with-kya-os.deps.js.map +1 -0
  164. package/dist/middleware/with-kya-os.grants.d.ts +30 -0
  165. package/dist/middleware/with-kya-os.grants.d.ts.map +1 -0
  166. package/dist/middleware/with-kya-os.grants.js +145 -0
  167. package/dist/middleware/with-kya-os.grants.js.map +1 -0
  168. package/dist/middleware/with-kya-os.helpers.d.ts +24 -0
  169. package/dist/middleware/with-kya-os.helpers.d.ts.map +1 -0
  170. package/dist/middleware/with-kya-os.helpers.js +57 -0
  171. package/dist/middleware/with-kya-os.helpers.js.map +1 -0
  172. package/dist/middleware/with-kya-os.js +45 -891
  173. package/dist/middleware/with-kya-os.js.map +1 -1
  174. package/dist/middleware/with-kya-os.policy-gate.d.ts +16 -0
  175. package/dist/middleware/with-kya-os.policy-gate.d.ts.map +1 -0
  176. package/dist/middleware/with-kya-os.policy-gate.js +98 -0
  177. package/dist/middleware/with-kya-os.policy-gate.js.map +1 -0
  178. package/dist/middleware/with-kya-os.protocol.d.ts +29 -0
  179. package/dist/middleware/with-kya-os.protocol.d.ts.map +1 -0
  180. package/dist/middleware/with-kya-os.protocol.js +121 -0
  181. package/dist/middleware/with-kya-os.protocol.js.map +1 -0
  182. package/dist/middleware/with-kya-os.session.d.ts +32 -0
  183. package/dist/middleware/with-kya-os.session.d.ts.map +1 -0
  184. package/dist/middleware/with-kya-os.session.js +201 -0
  185. package/dist/middleware/with-kya-os.session.js.map +1 -0
  186. package/dist/middleware/with-kya-os.types.d.ts +178 -0
  187. package/dist/middleware/with-kya-os.types.d.ts.map +1 -0
  188. package/dist/middleware/with-kya-os.types.js +13 -0
  189. package/dist/middleware/with-kya-os.types.js.map +1 -0
  190. package/dist/providers/runtime-fetch.d.ts +8 -0
  191. package/dist/providers/runtime-fetch.d.ts.map +1 -1
  192. package/dist/providers/runtime-fetch.js +17 -0
  193. package/dist/providers/runtime-fetch.js.map +1 -1
  194. package/dist/providers/web-crypto.d.ts.map +1 -1
  195. package/dist/providers/web-crypto.js +15 -7
  196. package/dist/providers/web-crypto.js.map +1 -1
  197. package/dist/utils/guards.d.ts +2 -0
  198. package/dist/utils/guards.d.ts.map +1 -0
  199. package/dist/utils/guards.js +4 -0
  200. package/dist/utils/guards.js.map +1 -0
  201. package/dist/utils/index.d.ts +3 -0
  202. package/dist/utils/index.d.ts.map +1 -1
  203. package/dist/utils/index.js +3 -0
  204. package/dist/utils/index.js.map +1 -1
  205. package/dist/utils/ip-classifier.d.ts +12 -0
  206. package/dist/utils/ip-classifier.d.ts.map +1 -0
  207. package/dist/utils/ip-classifier.js +153 -0
  208. package/dist/utils/ip-classifier.js.map +1 -0
  209. package/dist/utils/safe-fetch-transports.d.ts +40 -0
  210. package/dist/utils/safe-fetch-transports.d.ts.map +1 -0
  211. package/dist/utils/safe-fetch-transports.js +121 -0
  212. package/dist/utils/safe-fetch-transports.js.map +1 -0
  213. package/dist/utils/safe-fetch-types.d.ts +66 -0
  214. package/dist/utils/safe-fetch-types.d.ts.map +1 -0
  215. package/dist/utils/safe-fetch-types.js +10 -0
  216. package/dist/utils/safe-fetch-types.js.map +1 -0
  217. package/dist/utils/safe-fetch.d.ts +40 -0
  218. package/dist/utils/safe-fetch.d.ts.map +1 -0
  219. package/dist/utils/safe-fetch.js +188 -0
  220. package/dist/utils/safe-fetch.js.map +1 -0
  221. package/dist/utils/statuslist-purpose.d.ts +12 -0
  222. package/dist/utils/statuslist-purpose.d.ts.map +1 -0
  223. package/dist/utils/statuslist-purpose.js +19 -0
  224. package/dist/utils/statuslist-purpose.js.map +1 -0
  225. package/dist/utils/url.d.ts +2 -0
  226. package/dist/utils/url.d.ts.map +1 -0
  227. package/dist/utils/url.js +8 -0
  228. package/dist/utils/url.js.map +1 -0
  229. package/package.json +25 -5
  230. package/schemas/README.md +2 -1
  231. package/schemas/card-delegation-credential.json +239 -0
  232. package/schemas/kya-os-card.schema.json +284 -0
package/package.json CHANGED
@@ -1,9 +1,10 @@
1
1
  {
2
2
  "name": "@kya-os/mcp",
3
- "version": "1.7.0",
3
+ "version": "1.9.0",
4
4
  "description": "Reference implementation of the KYA-OS protocol for Model Context Protocol servers: delegation, proof, and session primitives",
5
5
  "license": "MIT",
6
6
  "type": "module",
7
+ "sideEffects": false,
7
8
  "main": "dist/index.js",
8
9
  "types": "dist/index.d.ts",
9
10
  "exports": {
@@ -11,6 +12,10 @@
11
12
  "types": "./dist/index.d.ts",
12
13
  "default": "./dist/index.js"
13
14
  },
15
+ "./card": {
16
+ "types": "./dist/card/index.d.ts",
17
+ "default": "./dist/card/index.js"
18
+ },
14
19
  "./delegation": {
15
20
  "types": "./dist/delegation/index.d.ts",
16
21
  "default": "./dist/delegation/index.js"
@@ -51,6 +56,10 @@
51
56
  "types": "./dist/authz/index.d.ts",
52
57
  "default": "./dist/authz/index.js"
53
58
  },
59
+ "./cheqd": {
60
+ "types": "./dist/integrations/cheqd/index.d.ts",
61
+ "default": "./dist/integrations/cheqd/index.js"
62
+ },
54
63
  "./schemas/*.json": "./schemas/*.json",
55
64
  "./package.json": "./package.json"
56
65
  },
@@ -64,9 +73,15 @@
64
73
  "scripts": {
65
74
  "build": "tsc",
66
75
  "test": "vitest run",
76
+ "test:e2e:cheqd:testnet": "vitest run src/integrations/cheqd/__tests__/registrar.live.test.ts",
67
77
  "test:watch": "vitest",
68
78
  "test:coverage": "vitest run --coverage",
69
79
  "typecheck": "tsc --noEmit",
80
+ "conformance": "tsx conformance/bin.ts",
81
+ "conformance:generate": "tsx conformance/generate-vectors.ts",
82
+ "conformance:generate:card": "tsx conformance/card-vectors.ts",
83
+ "conformance:verify:crosslang": "python3 conformance/verify.py",
84
+ "conformance:typecheck": "tsc --noEmit -p conformance/tsconfig.json",
70
85
  "lint": "eslint src --ext .ts",
71
86
  "clean": "rm -rf dist",
72
87
  "prepublishOnly": "npm run clean && npm run build && npm run test",
@@ -75,13 +90,17 @@
75
90
  "example:inspector": "npx @modelcontextprotocol/inspector npx tsx examples/node-server/server.ts --stdio",
76
91
  "example:verify-proof": "npx tsx examples/verify-proof/verify.ts",
77
92
  "example:anti-mitm": "npx tsx examples/verify-proof/anti-mitm-demo.ts",
93
+ "example:entity-card": "npx tsx examples/entity-card/walkthrough.ts",
94
+ "example:entity-card:server": "npx tsx examples/entity-card/server.ts",
95
+ "example:embedded-agent": "npx tsx examples/embedded-agent/walkthrough.ts",
78
96
  "example:authz-inspector": "npx @modelcontextprotocol/inspector npx tsx examples/authz-inspector/src/stdio.ts",
79
97
  "example:authz-inspector:http": "npx tsx examples/authz-inspector/src/inspector-http.ts",
80
98
  "example:authz-inspector:http:server": "npx tsx examples/authz-inspector/src/http.ts",
81
- "example:authz-inspector:stdio:server": "npx tsx examples/authz-inspector/src/stdio.ts"
99
+ "example:authz-inspector:stdio:server": "npx tsx examples/authz-inspector/src/stdio.ts",
100
+ "example:cheqd-dlr": "npx tsx examples/cheqd-dlr/operator-flow.ts"
82
101
  },
83
102
  "dependencies": {
84
- "jose": "^5.6.3",
103
+ "jose": "^6.2.3",
85
104
  "json-canonicalize": "^2.0.0",
86
105
  "zod": "^4.3.6"
87
106
  },
@@ -98,13 +117,14 @@
98
117
  "@kya-os/consent": "^0.1.37",
99
118
  "@modelcontextprotocol/sdk": "^1.12.1",
100
119
  "@types/express": "^5.0.6",
101
- "@types/node": "^20.14.9",
120
+ "@types/node": "^26.0.1",
102
121
  "@typescript-eslint/eslint-plugin": "^8.57.0",
103
122
  "@typescript-eslint/parser": "^8.57.0",
104
123
  "@vitest/coverage-v8": "^2.0.0",
105
- "commander": "^14.0.3",
124
+ "commander": "^15.0.0",
106
125
  "eslint": "^10.0.3",
107
126
  "express": "^5.2.1",
127
+ "tsx": "^4.22.4",
108
128
  "typescript": "^5.5.3",
109
129
  "typescript-eslint": "^8.57.0",
110
130
  "vitest": "^2.0.0"
package/schemas/README.md CHANGED
@@ -8,7 +8,8 @@ This directory contains JSON Schema definitions for the core KYA-OS (Model Conte
8
8
  |--------|-------------|
9
9
  | [handshake-request.json](./handshake-request.json) | Client-initiated session establishment request |
10
10
  | [handshake-response.json](./handshake-response.json) | Server response with session context |
11
- | [delegation-credential.json](./delegation-credential.json) | W3C Verifiable Credential for delegations |
11
+ | [delegation-credential.json](./delegation-credential.json) | W3C Verifiable Credential for delegations (legacy VC 1.0 shape) |
12
+ | [card-delegation-credential.json](./card-delegation-credential.json) | W3C VC 2.0 + ZCAP-LD delegation profile (Entity Card) |
12
13
  | [detached-proof.json](./detached-proof.json) | Cryptographic proof for tool request/response |
13
14
  | [well-known-kyaos.json](./well-known-kyaos.json) | Service discovery document |
14
15
 
@@ -0,0 +1,239 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://schema.kya-os.org/v1/protocol/delegation/credential/v1.1.0",
4
+ "title": "KYA-OS Delegation Credential (W3C VC 2.0 + ZCAP-LD profile)",
5
+ "description": "A W3C Verifiable Credential 2.0 whose credentialSubject IS an attenuated ZCAP-LD capability. One credential per delegation HOP; a chain runs root -> ... -> leaf. CRISP attenuation is enforced on resolve, fail-closed: a child's allowedAction MUST be a subset of its parent's; caveats are monotone-narrowing (child MaxAmount <= parent, child ValidUntil <= parent, and a parent caveat may never be silently dropped); the parent's delegate (invoker/controller) MUST be the child's issuer; child.parentCapability MUST reference the parent capability id; the invocationTarget is constant along the chain; depth <= 10; and the ROOT's parentCapability equals its invocationTarget with issuer/invocationTarget = the resource owner / resource. responsibleParty is recomputed as the issuer of the root credential; the leaf invoker is asserted equal to the per-request proof key. This schema is a re-profile of the prior draft, not a new artifact.",
6
+ "type": "object",
7
+ "required": ["@context", "type", "issuer", "credentialSubject"],
8
+ "properties": {
9
+ "@context": {
10
+ "type": "array",
11
+ "items": {
12
+ "oneOf": [
13
+ { "type": "string", "format": "uri" },
14
+ { "type": "object" }
15
+ ]
16
+ },
17
+ "minItems": 2,
18
+ "description": "JSON-LD context. MUST include the W3C VC 2.0 context 'https://www.w3.org/ns/credentials/v2' as the first element, the ZCAP-LD context 'https://w3id.org/security/zcap/v1', and the KYA-OS delegation namespace 'https://kya-os.org/ns/delegation/v1'."
19
+ },
20
+ "id": {
21
+ "type": "string",
22
+ "format": "uri",
23
+ "description": "Unique credential identifier (URN or URL)."
24
+ },
25
+ "type": {
26
+ "type": "array",
27
+ "items": { "type": "string" },
28
+ "contains": { "const": "VerifiableCredential" },
29
+ "minItems": 2,
30
+ "description": "Credential types. MUST include 'VerifiableCredential' and 'DelegationCredential'."
31
+ },
32
+ "issuer": {
33
+ "oneOf": [
34
+ { "type": "string", "pattern": "^did:.+$" },
35
+ {
36
+ "type": "object",
37
+ "required": ["id"],
38
+ "properties": {
39
+ "id": { "type": "string", "pattern": "^did:.+$" }
40
+ }
41
+ }
42
+ ],
43
+ "description": "Delegator DID (or an issuer object carrying id). For the ROOT credential this is the resource owner and the recomputed responsibleParty."
44
+ },
45
+ "validFrom": {
46
+ "type": "string",
47
+ "format": "date-time",
48
+ "description": "VC 2.0 validity start (replaces the legacy issuanceDate)."
49
+ },
50
+ "validUntil": {
51
+ "type": "string",
52
+ "format": "date-time",
53
+ "description": "VC 2.0 validity end (replaces the legacy expirationDate). A child's validUntil MUST be no later than its parent's (monotone-narrowing)."
54
+ },
55
+ "credentialSubject": {
56
+ "$ref": "#/$defs/ZcapCapability"
57
+ },
58
+ "credentialStatus": {
59
+ "$ref": "#/$defs/CredentialStatus"
60
+ },
61
+ "proof": {
62
+ "$ref": "#/$defs/Proof"
63
+ }
64
+ },
65
+ "additionalProperties": true,
66
+ "$defs": {
67
+ "ZcapCapability": {
68
+ "type": "object",
69
+ "description": "The attenuated ZCAP-LD capability carried as the VC credentialSubject.",
70
+ "required": ["id", "parentCapability", "invocationTarget", "allowedAction"],
71
+ "anyOf": [
72
+ { "required": ["controller"] },
73
+ { "required": ["invoker"] }
74
+ ],
75
+ "properties": {
76
+ "id": {
77
+ "type": "string",
78
+ "description": "Capability identifier, typically a 'urn:zcap:*' URN. A child's parentCapability MUST reference this value."
79
+ },
80
+ "controller": {
81
+ "type": "string",
82
+ "pattern": "^did:.+$",
83
+ "description": "The delegate DID that controls this capability (synonym of invoker)."
84
+ },
85
+ "invoker": {
86
+ "type": "string",
87
+ "pattern": "^did:.+$",
88
+ "description": "The delegate DID authorized to invoke this capability. For the leaf hop this is asserted equal to the per-request proof key (proof.did)."
89
+ },
90
+ "parentCapability": {
91
+ "type": "string",
92
+ "description": "The parent capability id. For the ROOT hop this MUST equal invocationTarget (the resource itself)."
93
+ },
94
+ "invocationTarget": {
95
+ "type": "string",
96
+ "description": "The resource DID/URI this capability authorizes. Constant along the whole chain."
97
+ },
98
+ "allowedAction": {
99
+ "type": "array",
100
+ "items": { "type": "string" },
101
+ "description": "Permitted action strings. A child's allowedAction MUST be a subset of its parent's (no escalation)."
102
+ },
103
+ "caveats": {
104
+ "type": "array",
105
+ "items": { "$ref": "#/$defs/Caveat" },
106
+ "description": "Monotone-narrowing constraints accumulated down the chain."
107
+ }
108
+ },
109
+ "additionalProperties": true
110
+ },
111
+ "Caveat": {
112
+ "type": "object",
113
+ "description": "A monotone-narrowing constraint. A child MUST carry, for every parent caveat, a caveat of the same type that is at least as narrow; unknown caveat types MUST be replicated verbatim (fail-closed).",
114
+ "required": ["type"],
115
+ "properties": {
116
+ "type": {
117
+ "type": "string",
118
+ "description": "Caveat type, e.g. 'ValidUntil' or 'MaxAmount'."
119
+ },
120
+ "date": {
121
+ "type": "string",
122
+ "format": "date-time",
123
+ "description": "ValidUntil caveat: the expiry; a child's date MUST be <= its parent's."
124
+ },
125
+ "limit": {
126
+ "type": "string",
127
+ "description": "MaxAmount caveat: a decimal cap; a child's limit MUST be <= its parent's for the same currency."
128
+ },
129
+ "currency": {
130
+ "type": "string",
131
+ "description": "MaxAmount caveat: the ISO currency code (e.g. 'USD')."
132
+ }
133
+ },
134
+ "additionalProperties": true
135
+ },
136
+ "CredentialStatus": {
137
+ "type": "object",
138
+ "description": "W3C Bitstring Status List v1.0 entry (the StatusList2021Entry successor), evaluated through the injected RevocationChecker seam; a revoked ancestor cascades to invalidate the subtree.",
139
+ "required": ["type", "statusListIndex", "statusListCredential"],
140
+ "properties": {
141
+ "id": {
142
+ "type": "string",
143
+ "format": "uri",
144
+ "description": "Status entry identifier."
145
+ },
146
+ "type": {
147
+ "type": "string",
148
+ "const": "BitstringStatusListEntry"
149
+ },
150
+ "statusPurpose": {
151
+ "type": "string",
152
+ "enum": ["revocation", "suspension"]
153
+ },
154
+ "statusListIndex": {
155
+ "type": "string",
156
+ "pattern": "^[0-9]+$",
157
+ "description": "Index in the status-list bitstring."
158
+ },
159
+ "statusListCredential": {
160
+ "type": "string",
161
+ "format": "uri",
162
+ "description": "URL of the Bitstring Status List credential."
163
+ }
164
+ }
165
+ },
166
+ "Proof": {
167
+ "type": "object",
168
+ "description": "Data Integrity proof over the credential.",
169
+ "required": ["type", "cryptosuite"],
170
+ "properties": {
171
+ "type": {
172
+ "type": "string",
173
+ "const": "DataIntegrityProof"
174
+ },
175
+ "cryptosuite": {
176
+ "type": "string",
177
+ "const": "eddsa-jcs-2022"
178
+ },
179
+ "created": {
180
+ "type": "string",
181
+ "format": "date-time"
182
+ },
183
+ "verificationMethod": {
184
+ "type": "string",
185
+ "description": "DID URL of the verification key."
186
+ },
187
+ "proofPurpose": {
188
+ "type": "string",
189
+ "description": "Purpose of the proof (e.g., 'assertionMethod')."
190
+ },
191
+ "proofValue": {
192
+ "type": "string",
193
+ "description": "Multibase-encoded signature value."
194
+ }
195
+ },
196
+ "additionalProperties": true
197
+ }
198
+ },
199
+ "examples": [
200
+ {
201
+ "@context": [
202
+ "https://www.w3.org/ns/credentials/v2",
203
+ "https://w3id.org/security/zcap/v1",
204
+ "https://kya-os.org/ns/delegation/v1"
205
+ ],
206
+ "id": "urn:uuid:12345678-1234-1234-1234-123456789abc",
207
+ "type": ["VerifiableCredential", "DelegationCredential"],
208
+ "issuer": "did:web:agent-a.example",
209
+ "validFrom": "2026-03-12T00:00:00Z",
210
+ "validUntil": "2026-06-01T00:00:00Z",
211
+ "credentialSubject": {
212
+ "id": "urn:zcap:del_123",
213
+ "invoker": "did:web:agent-b.example",
214
+ "parentCapability": "urn:zcap:root",
215
+ "invocationTarget": "did:web:api.example:payments",
216
+ "allowedAction": ["payments.transfer"],
217
+ "caveats": [
218
+ { "type": "ValidUntil", "date": "2026-06-01T00:00:00Z" },
219
+ { "type": "MaxAmount", "limit": "500.00", "currency": "USD" }
220
+ ]
221
+ },
222
+ "credentialStatus": {
223
+ "id": "https://issuer.example/status/1#94567",
224
+ "type": "BitstringStatusListEntry",
225
+ "statusPurpose": "revocation",
226
+ "statusListIndex": "94567",
227
+ "statusListCredential": "https://issuer.example/status/1"
228
+ },
229
+ "proof": {
230
+ "type": "DataIntegrityProof",
231
+ "cryptosuite": "eddsa-jcs-2022",
232
+ "created": "2026-03-12T00:00:01Z",
233
+ "verificationMethod": "did:web:agent-a.example#key-1",
234
+ "proofPurpose": "assertionMethod",
235
+ "proofValue": "z3FXQ..."
236
+ }
237
+ }
238
+ ]
239
+ }
@@ -0,0 +1,284 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://schema.kya-os.org/v1/protocol/identity/card/v1.1.0",
4
+ "title": "KYA-OS Entity Card",
5
+ "description": "A typed, DID-anchored identity card for a KYA-OS entity (mcp | agent | client | verifier | human). One canonical card is anchored by a `KyaOsEntityCard` service entry on the entity's did:web DID document and projected onto the four discovery surfaces the ecosystem already indexes (MCP server.json / catalog.json `_meta['org.kya-os/card']`, A2A AgentExtension, NANDA AgentFacts, and the MCP catalog entry). The card asserts identity + type + declared capabilities; everything trust-bearing (accountability, attested capabilities, KYC/KYB) is proven by referenced credentials, not self-claimed (claim-minimalism). The sender-constrained holder-of-key proof (`org.kya-os/proof@1`) is NEVER on the static card — it rides per-request `_meta` on top (see detached-proof); `proofProfile` only names the profile a verifier should expect.",
6
+ "type": "object",
7
+ "required": ["id", "entityType", "name"],
8
+ "properties": {
9
+ "id": {
10
+ "type": "string",
11
+ "pattern": "^did:(key|web):.+$",
12
+ "description": "The entity's DID. did:web cards are registry-anchored (trust tiers 1-2 + L2 + KYC/KYB eligible); did:key cards are self-asserted (dev/ephemeral; trust from holder-of-key-on-use only)."
13
+ },
14
+ "entityType": {
15
+ "type": "string",
16
+ "enum": ["mcp", "agent", "client", "verifier", "human"],
17
+ "description": "The kind of entity. tool/skill are sub-resources (capabilities), not entity types. Named 'entityType' to avoid colliding with the deployment-flavour AgentIdentity.type (development|production)."
18
+ },
19
+ "name": {
20
+ "type": "string",
21
+ "minLength": 1,
22
+ "description": "Human-readable display name."
23
+ },
24
+ "kid": {
25
+ "type": "string",
26
+ "description": "Key identifier for the entity's signing key (matches a verification method in the DID document and the JWS header kid of its proofs)."
27
+ },
28
+ "publicKeyJwk": {
29
+ "$ref": "#/$defs/Ed25519PublicJwk",
30
+ "description": "Optional inline public key. MUST match the key published in the DID document; omit to require resolution from didDocument."
31
+ },
32
+ "createdAt": {
33
+ "type": "string",
34
+ "format": "date-time",
35
+ "description": "When the entity/card was created."
36
+ },
37
+ "capabilities": {
38
+ "type": "array",
39
+ "items": { "$ref": "#/$defs/Capability" },
40
+ "description": "Declared capabilities. Bare strings are L1 (self-declared, unattested); objects with attestations are L2 (capability-attested). tool/skill sub-resources appear here, not as top-level cards."
41
+ },
42
+ "conformanceLevel": {
43
+ "type": "string",
44
+ "enum": ["L1", "L2", "L3"],
45
+ "description": "DERIVED, verifier-recomputable summary of the entity's conformance floor: L1 self-declared, L2 capability-attested, L3 holder-of-key + delegation-chain resolution. NOT an independent claim — a verifier recomputes it from capabilities + the live per-request proof."
46
+ },
47
+ "responsibleParty": {
48
+ "type": "string",
49
+ "pattern": "^did:(key|web):.+$",
50
+ "description": "DID of the entity ultimately accountable (= root issuerDid of the delegation chain; SPEC Responsible Party). SHOULD be did:web. Verified via delegationRef against the signed DelegationCredential, not self-asserted."
51
+ },
52
+ "principal": {
53
+ "type": "string",
54
+ "pattern": "^did:(key|web):.+$",
55
+ "description": "Optional DID of the immediate delegator / authorizing human (the runtime userDid), when it differs from responsibleParty (SPEC Principal)."
56
+ },
57
+ "delegationRef": {
58
+ "type": "string",
59
+ "description": "Reference to the signed DelegationCredential chain backing responsibleParty/principal. Format 'vcId>delId', multi-hop joined with '>'. The DelegationCredential VC is authoritative (ADR-001); KYA-OS-Delegation-Chain/-Granted-Scopes headers are advisory."
60
+ },
61
+ "attestations": {
62
+ "type": "array",
63
+ "items": { "$ref": "#/$defs/Attestation" },
64
+ "description": "Resolvable, signed credentials about the entity or its responsibleParty (e.g. IdentityVerification = KYC/KYB). Referenced, not inlined; verified via the trusted-issuer + signature + expiry path. Assert the verification fact + level, not raw PII."
65
+ },
66
+ "didDocument": {
67
+ "type": "string",
68
+ "format": "uri",
69
+ "description": "URL of the entity's DID document (the trust anchor for did:web; integrity derives from domain control). The DID document carries the `KyaOsEntityCard` service entry that anchors this card."
70
+ },
71
+ "proofProfile": {
72
+ "const": "org.kya-os/proof@1",
73
+ "description": "Names the per-request holder-of-key proof profile this entity's requests carry — the stateless, sender-constrained `org.kya-os/proof@1` envelope (distinct from the legacy session-bound ProofMeta). The proof itself is NEVER on this static card; it rides per-request `_meta`. This field only advertises the profile a verifier should expect."
74
+ },
75
+ "cimd": {
76
+ "$ref": "#/$defs/CimdBinding",
77
+ "description": "L1 CIMD (draft-ietf-oauth-client-id-metadata-document) on-ramp coordinates binding the entity's did:web to its OAuth client identity and DID-keyed JWKS."
78
+ },
79
+ "revocation": {
80
+ "$ref": "#/$defs/BitstringStatusListEntry",
81
+ "description": "W3C Bitstring Status List v1.0 revocation entry for this card's backing credential, evaluated through the injected RevocationChecker seam (live at L3, cached/offline at L2)."
82
+ }
83
+ },
84
+ "additionalProperties": false,
85
+ "$defs": {
86
+ "Capability": {
87
+ "description": "A declared capability: an L1 bare-string name, or an L2 object carrying attestations.",
88
+ "oneOf": [
89
+ {
90
+ "type": "string",
91
+ "minLength": 1,
92
+ "description": "L1: self-declared capability name (unattested)."
93
+ },
94
+ { "$ref": "#/$defs/Level2Capability" }
95
+ ]
96
+ },
97
+ "Level2Capability": {
98
+ "type": "object",
99
+ "required": ["name", "attestations"],
100
+ "properties": {
101
+ "name": {
102
+ "type": "string",
103
+ "minLength": 1,
104
+ "description": "Capability name, e.g. 'payments.transfer'."
105
+ },
106
+ "attestations": {
107
+ "type": "array",
108
+ "minItems": 1,
109
+ "items": { "$ref": "#/$defs/CapabilityAttestation" },
110
+ "description": "At least one attestation; the capability is L2 if at least one verifies (signature + trusted issuer + subject + capability match + validity)."
111
+ }
112
+ },
113
+ "additionalProperties": false
114
+ },
115
+ "CapabilityAttestation": {
116
+ "type": "object",
117
+ "required": ["vc"],
118
+ "properties": {
119
+ "vc": {
120
+ "type": ["string", "object"],
121
+ "description": "A CapabilityAttestationCredential — compact VC-JWT string or pre-parsed object. issuer MUST be a trusted issuer (default did:web:example.com); credentialSubject.id MUST equal the card id; credentialSubject.capability MUST equal the capability name; validUntil MUST be in the future."
122
+ }
123
+ },
124
+ "additionalProperties": true
125
+ },
126
+ "Attestation": {
127
+ "type": "object",
128
+ "required": ["type", "vc"],
129
+ "properties": {
130
+ "type": {
131
+ "type": "string",
132
+ "enum": ["IdentityVerification", "CapabilityAttestation"],
133
+ "description": "Attestation kind. IdentityVerification is the registry-issued KYC (individual) / KYB (organization) credential."
134
+ },
135
+ "vc": {
136
+ "type": ["string", "object"],
137
+ "description": "The signed Verifiable Credential (compact VC-JWT string or object), resolved + verified via the trusted-issuer path. For IdentityVerification: credentialSubject = { id: <subject DID>, subjectType: 'individual'|'organization', verificationLevel: 'basic'|'enhanced'|'loa3', provider }."
138
+ },
139
+ "subject": {
140
+ "type": "string",
141
+ "pattern": "^did:(key|web):.+$",
142
+ "description": "DID the attestation is about. For KYC/KYB this is the responsibleParty, not the agent."
143
+ },
144
+ "issuer": {
145
+ "type": "string",
146
+ "pattern": "^did:(key|web):.+$",
147
+ "description": "Issuer DID. MUST be in the trusted-issuer allowlist (default did:web:example.com)."
148
+ }
149
+ },
150
+ "additionalProperties": false
151
+ },
152
+ "Ed25519PublicJwk": {
153
+ "type": "object",
154
+ "required": ["kty", "crv", "x"],
155
+ "properties": {
156
+ "kty": { "const": "OKP" },
157
+ "crv": { "const": "Ed25519" },
158
+ "x": { "type": "string", "description": "Base64url-encoded Ed25519 public key." },
159
+ "kid": { "type": "string" },
160
+ "use": { "type": "string" }
161
+ },
162
+ "additionalProperties": false
163
+ },
164
+ "CimdBinding": {
165
+ "type": "object",
166
+ "description": "CIMD on-ramp binding: the client_id ↔ did:web bijection and the DID-keyed JWKS the AS validates private_key_jwt against (so OAuth client-auth IS a DID-key proof, closing L1→L3).",
167
+ "required": ["clientId", "jwksUri"],
168
+ "properties": {
169
+ "clientId": {
170
+ "type": "string",
171
+ "minLength": 1,
172
+ "description": "The OAuth client_id — the did:web HTTPS form (did:web:host:a:b ⇄ https://host/a/b). Its origin MUST equal the did:web host and the jwksUri origin (origin-equality, fail-closed)."
173
+ },
174
+ "jwksUri": {
175
+ "type": "string",
176
+ "minLength": 1,
177
+ "description": "JWKS endpoint that is a mechanical projection of the DID document's verificationMethod[] (Ed25519 → OKP JWK, kid preserved)."
178
+ }
179
+ },
180
+ "additionalProperties": false
181
+ },
182
+ "BitstringStatusListEntry": {
183
+ "type": "object",
184
+ "description": "W3C Bitstring Status List v1.0 credentialStatus entry — the StatusList2021Entry successor. `statusListIndex` is an integer expressed as a string per the spec.",
185
+ "required": ["statusListCredential", "statusListIndex"],
186
+ "properties": {
187
+ "statusListCredential": {
188
+ "type": "string",
189
+ "minLength": 1,
190
+ "description": "URL of the Bitstring Status List credential."
191
+ },
192
+ "statusListIndex": {
193
+ "type": "string",
194
+ "pattern": "^[0-9]+$",
195
+ "description": "Index in the status-list bitstring — a non-negative canonical decimal string (no whitespace, hex, or scientific notation), matching the fail-closed runtime parse."
196
+ }
197
+ },
198
+ "additionalProperties": false
199
+ }
200
+ },
201
+ "examples": [
202
+ {
203
+ "id": "did:web:example.com:agents:acme-pay",
204
+ "entityType": "agent",
205
+ "name": "Acme Pay Agent",
206
+ "kid": "did:web:example.com:agents:acme-pay#key-1",
207
+ "createdAt": "2026-06-01T00:00:00Z",
208
+ "capabilities": [
209
+ "handshake",
210
+ {
211
+ "name": "payments.transfer",
212
+ "attestations": [
213
+ { "vc": "eyJhbGciOiJFZERTQSJ9.eyJ2YyI6e319.sig" }
214
+ ]
215
+ }
216
+ ],
217
+ "conformanceLevel": "L2",
218
+ "responsibleParty": "did:web:example.com:org:acme",
219
+ "principal": "did:web:example.com:users:jane",
220
+ "delegationRef": "vc_root>del_123",
221
+ "attestations": [
222
+ {
223
+ "type": "IdentityVerification",
224
+ "vc": "eyJhbGciOiJFZERTQSJ9.eyJ2YyI6e319.sig",
225
+ "subject": "did:web:example.com:org:acme",
226
+ "issuer": "did:web:example.com"
227
+ }
228
+ ],
229
+ "didDocument": "https://example.com/agents/acme-pay/did.json"
230
+ },
231
+ {
232
+ "id": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
233
+ "entityType": "client",
234
+ "name": "KYA-OS Inspector (dev)",
235
+ "capabilities": ["handshake", "signing", "verification"],
236
+ "conformanceLevel": "L1",
237
+ "proofProfile": "org.kya-os/proof@1"
238
+ },
239
+ {
240
+ "id": "did:web:example.com:mcp:acme-search",
241
+ "entityType": "mcp",
242
+ "name": "Acme Search MCP",
243
+ "kid": "did:web:example.com:mcp:acme-search#key-1",
244
+ "createdAt": "2026-06-01T00:00:00Z",
245
+ "capabilities": [
246
+ "tools.list",
247
+ {
248
+ "name": "tools.call",
249
+ "attestations": [
250
+ { "vc": "eyJhbGciOiJFZERTQSJ9.eyJ2YyI6e319.sig" }
251
+ ]
252
+ }
253
+ ],
254
+ "conformanceLevel": "L3",
255
+ "responsibleParty": "did:web:example.com:org:acme",
256
+ "delegationRef": "vc_root>del_mcp",
257
+ "didDocument": "https://example.com/mcp/acme-search/did.json",
258
+ "proofProfile": "org.kya-os/proof@1",
259
+ "cimd": {
260
+ "clientId": "https://example.com/mcp/acme-search",
261
+ "jwksUri": "https://example.com/mcp/acme-search/jwks.json"
262
+ },
263
+ "revocation": {
264
+ "statusListCredential": "https://example.com/status/1",
265
+ "statusListIndex": "94567"
266
+ }
267
+ },
268
+ {
269
+ "id": "did:web:example.com:clients:acme-cli",
270
+ "entityType": "client",
271
+ "name": "Acme CLI",
272
+ "kid": "did:web:example.com:clients:acme-cli#key-1",
273
+ "capabilities": ["handshake"],
274
+ "conformanceLevel": "L1",
275
+ "responsibleParty": "did:web:example.com:org:acme",
276
+ "didDocument": "https://example.com/clients/acme-cli/did.json",
277
+ "proofProfile": "org.kya-os/proof@1",
278
+ "cimd": {
279
+ "clientId": "https://example.com/clients/acme-cli",
280
+ "jwksUri": "https://example.com/clients/acme-cli/jwks.json"
281
+ }
282
+ }
283
+ ]
284
+ }