@kya-os/provider-registry 0.1.0

package/dist/schemas.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.d.ts","sourceRoot":"","sources":["../src/schemas.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAElE;;GAEG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAYpC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAwBzC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuBnC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE/B,CAAC;AAEH;;;;;;GAMG;AACH,wBAAgB,0BAA0B,CACxC,GAAG,EAAE,OAAO,GACX,kBAAkB,CAEpB;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,OAAO,GAAG,cAAc,CAEtE"}

package/dist/schemas.js

@@ -0,0 +1,104 @@
+/**
+ * Provider Registry Zod Schemas
+ *
+ * Runtime validation schemas for provider definitions and configuration.
+ */
+import { z } from 'zod';
+/**
+ * Zod schema for OAuth provider configuration
+ */
+export const OAuthProviderConfigSchema = z.object({
+    authorizationEndpoint: z.string().url('Authorization endpoint must be a valid URL'),
+    tokenEndpoint: z.string().url('Token endpoint must be a valid URL'),
+    userInfoEndpoint: z.string().url().optional(),
+    defaultScopes: z.array(z.string()).optional(),
+    supportsPKCE: z.boolean().optional(),
+    requiresClientSecret: z.boolean().optional(),
+    tokenEndpointAuthMethod: z.enum(['client_secret_post', 'client_secret_basic']).optional(),
+    responseType: z.string().optional(),
+    grantType: z.string().optional(),
+    customParams: z.record(z.string()).optional(),
+    authUrlTemplate: z.string().optional(),
+});
+/**
+ * Zod schema for credential provider configuration
+ */
+export const CredentialProviderConfigSchema = z.object({
+    authEndpoint: z.string().url('Auth endpoint must be a valid URL'),
+    httpMethod: z.enum(['POST', 'PUT']).optional(),
+    contentType: z.enum(['application/json', 'application/x-www-form-urlencoded']).optional(),
+    requestBodyTemplate: z.object({
+        identityField: z.string().optional(),
+        passwordField: z.string().optional(),
+        additionalFields: z.record(z.string()).optional(),
+    }).optional(),
+    responseFields: z.object({
+        sessionTokenPath: z.string().optional(),
+        userIdPath: z.string().optional(),
+        userEmailPath: z.string().optional(),
+        userDisplayNamePath: z.string().optional(),
+        expiresInPath: z.string().optional(),
+    }).optional(),
+    successCheck: z.object({
+        path: z.string().optional(),
+        expectedValue: z.union([z.string(), z.boolean()]).optional(),
+    }).optional(),
+    useCookieSession: z.boolean().optional(),
+    cookieNames: z.string().optional(),
+    customHeaders: z.record(z.string()).optional(),
+    requiresCsrf: z.boolean().optional(),
+});
+/**
+ * Zod schema for ProviderDefinition
+ */
+export const ProviderDefinitionSchema = z.object({
+    id: z.string().min(1, 'Provider ID is required'),
+    displayName: z.string().optional(),
+    authType: z.enum([
+        'oauth2',
+        'password',
+        'verifiable_credential',
+        'passkey',
+        'magic_link',
+        'otp',
+        'none',
+    ]),
+    oauthProviderId: z.string().optional(),
+    defaultScopes: z.array(z.string()).optional(),
+    oauthConfig: OAuthProviderConfigSchema.optional(),
+    credentialConfig: CredentialProviderConfigSchema.optional(),
+    ui: z
+        .object({
+        icon: z.string().optional(),
+        description: z.string().optional(),
+    })
+        .optional(),
+    metadata: z.record(z.unknown()).optional(),
+});
+/**
+ * Zod schema for ProviderConfig (used for loadFromConfig)
+ */
+export const ProviderConfigSchema = z.object({
+    providers: z.array(ProviderDefinitionSchema),
+});
+/**
+ * Validate a provider definition
+ *
+ * @param def - Provider definition to validate
+ * @returns Validated provider definition
+ * @throws ZodError if validation fails
+ */
+export function validateProviderDefinition(def) {
+    return ProviderDefinitionSchema.parse(def);
+}
+/**
+ * Validate provider configuration
+ *
+ * @param config - Configuration object to validate
+ * @returns Validated provider configuration
+ * @throws ZodError if validation fails
+ */
+export function validateProviderConfig(config) {
+    return ProviderConfigSchema.parse(config);
+}
+//# sourceMappingURL=schemas.js.map

package/dist/schemas.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.js","sourceRoot":"","sources":["../src/schemas.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,4CAA4C,CAAC;IACnF,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,oCAAoC,CAAC;IACnE,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAC7C,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC7C,YAAY,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACpC,oBAAoB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC5C,uBAAuB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,oBAAoB,EAAE,qBAAqB,CAAC,CAAC,CAAC,QAAQ,EAAE;IACzF,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC7C,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,CAAC,CAAC,MAAM,CAAC;IACrD,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,mCAAmC,CAAC;IACjE,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC9C,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,kBAAkB,EAAE,mCAAmC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACzF,mBAAmB,EAAE,CAAC,CAAC,MAAM,CAAC;QAC5B,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACpC,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACpC,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;KAClD,CAAC,CAAC,QAAQ,EAAE;IACb,cAAc,EAAE,CAAC,CAAC,MAAM,CAAC;QACvB,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACvC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACjC,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACpC,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC1C,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACrC,CAAC,CAAC,QAAQ,EAAE;IACb,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC;QACrB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC3B,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;KAC7D,CAAC,CAAC,QAAQ,EAAE;IACb,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACxC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC9C,YAAY,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,yBAAyB,CAAC;IAChD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC;QACf,QAAQ;QACR,UAAU;QACV,uBAAuB;QACvB,SAAS;QACT,YAAY;QACZ,KAAK;QACL,MAAM;KACP,CAAC;IACF,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC7C,WAAW,EAAE,yBAAyB,CAAC,QAAQ,EAAE;IACjD,gBAAgB,EAAE,8BAA8B,CAAC,QAAQ,EAAE;IAC3D,EAAE,EAAE,CAAC;SACF,MAAM,CAAC;QACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC3B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACnC,CAAC;SACD,QAAQ,EAAE;IACb,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC3C,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,wBAAwB,CAAC;CAC7C,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,MAAM,UAAU,0BAA0B,CACxC,GAAY;IAEZ,OAAO,wBAAwB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAe;IACpD,OAAO,oBAAoB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AAC5C,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,214 @@
+/**
+ * Provider Registry Types
+ *
+ * Type definitions for provider registry system.
+ * This is the single source of truth for provider metadata and categorization.
+ *
+ * Architecture Note:
+ * - AuthMode is imported from @kya-os/contracts/consent for consistency with consent UI
+ * - ProviderAuthType is defined here (provider capabilities)
+ * - ConsentProviderType is defined here as a SUPERSET of what contracts defines
+ *   (includes 'passkey' and 'verifiable_credential' which contracts doesn't have yet)
+ *
+ * Conceptual Model:
+ * - AuthMode: UI/flow level (what the consent page renders) - from @kya-os/consent via contracts
+ * - ProviderAuthType: what the provider supports / how it performs auth
+ * - ConsentProviderType: canonical provider_type posted by consent UI (backend routing)
+ */
+export { AUTH_MODES } from '@kya-os/contracts/consent';
+export type { AuthMode } from '@kya-os/contracts/consent';
+/**
+ * ConsentProviderType: canonical provider_type posted by the consent UI
+ *
+ * This is the vocabulary used by the consent service/server to route user submissions.
+ * NOTE: This is a superset of @kya-os/contracts CONSENT_PROVIDER_TYPES, adding
+ * 'passkey' and 'verifiable_credential' which will be added to contracts in a future version.
+ */
+export type ConsentProviderType = 'none' | 'credential' | 'password' | 'oauth2' | 'magic_link' | 'otp' | 'passkey' | 'verifiable_credential';
+/**
+ * ProviderAuthType: what the provider supports / how it performs auth
+ *
+ * This is provider-registry specific vocabulary describing the provider's
+ * authentication capability.
+ */
+export declare const PROVIDER_AUTH_TYPES: {
+    readonly OAUTH2: "oauth2";
+    readonly PASSWORD: "password";
+    readonly VERIFIABLE_CREDENTIAL: "verifiable_credential";
+    readonly PASSKEY: "passkey";
+    readonly MAGIC_LINK: "magic_link";
+    readonly OTP: "otp";
+    readonly NONE: "none";
+};
+export type ProviderAuthType = (typeof PROVIDER_AUTH_TYPES)[keyof typeof PROVIDER_AUTH_TYPES];
+/**
+ * OAuth Provider Configuration
+ *
+ * Runtime metadata for OAuth provider flows.
+ * NOTE: Do NOT store client secrets here. Use `metadata.clientSecretName`
+ * to reference secrets stored securely in environment/vault.
+ *
+ * @example
+ * ```typescript
+ * oauthConfig: {
+ *   authorizationEndpoint: 'https://github.com/login/oauth/authorize',
+ *   tokenEndpoint: 'https://github.com/login/oauth/access_token',
+ *   userInfoEndpoint: 'https://api.github.com/user',
+ *   defaultScopes: ['read:user'],
+ *   supportsPKCE: true,
+ * }
+ * ```
+ */
+export interface OAuthProviderConfig {
+    /** OAuth authorization endpoint URL */
+    authorizationEndpoint: string;
+    /** OAuth token endpoint URL */
+    tokenEndpoint: string;
+    /** User info endpoint URL (for fetching user profile after auth) */
+    userInfoEndpoint?: string;
+    /** Default scopes to request if not specified elsewhere */
+    defaultScopes?: string[];
+    /** Whether this provider supports PKCE */
+    supportsPKCE?: boolean;
+    /** Whether client secret is required for token exchange */
+    requiresClientSecret?: boolean;
+    /** Token endpoint auth method */
+    tokenEndpointAuthMethod?: 'client_secret_post' | 'client_secret_basic';
+    /** OAuth response type (default: "code") */
+    responseType?: string;
+    /** OAuth grant type (default: "authorization_code") */
+    grantType?: string;
+    /** Custom OAuth parameters (e.g., audience, acr_values) */
+    customParams?: Record<string, string>;
+    /**
+     * URL template with {placeholders} for dynamic values
+     * e.g., "https://{domain}/authorize" for Auth0
+     */
+    authUrlTemplate?: string;
+}
+/**
+ * Credential Provider Configuration
+ *
+ * Runtime metadata for credential/password authentication flows.
+ * Describes how to POST credentials and extract session data from response.
+ *
+ * @example
+ * ```typescript
+ * credentialConfig: {
+ *   authEndpoint: 'https://api.example.com/auth/login',
+ *   httpMethod: 'POST',
+ *   contentType: 'application/json',
+ *   requestBodyTemplate: {
+ *     identityField: 'email',
+ *     passwordField: 'password',
+ *   },
+ *   responseFields: {
+ *     sessionTokenPath: 'data.token',
+ *     userIdPath: 'data.user.id',
+ *     userEmailPath: 'data.user.email',
+ *   },
+ * }
+ * ```
+ */
+export interface CredentialProviderConfig {
+    /** Endpoint to POST credentials */
+    authEndpoint: string;
+    /** HTTP method (usually POST) */
+    httpMethod?: 'POST' | 'PUT';
+    /** Content type for request (default: application/json) */
+    contentType?: 'application/json' | 'application/x-www-form-urlencoded';
+    /** Request body field mapping */
+    requestBodyTemplate?: {
+        /** Field name for identity (email/username) in request body */
+        identityField?: string;
+        /** Field name for password in request body */
+        passwordField?: string;
+        /** Additional static fields to include in request */
+        additionalFields?: Record<string, string>;
+    };
+    /** Response field extraction paths (JSON path notation) */
+    responseFields?: {
+        /** Path to session token in response (e.g., "data.token") */
+        sessionTokenPath?: string;
+        /** Path to user ID in response */
+        userIdPath?: string;
+        /** Path to user email in response */
+        userEmailPath?: string;
+        /** Path to display name in response */
+        userDisplayNamePath?: string;
+        /** Path to token expiry in response */
+        expiresInPath?: string;
+    };
+    /** Success validation configuration */
+    successCheck?: {
+        /** JSON path to check for success */
+        path?: string;
+        /** Expected value at path */
+        expectedValue?: string | boolean;
+    };
+    /** Whether to use cookies for session (vs token in body) */
+    useCookieSession?: boolean;
+    /** Cookie name(s) to extract (semicolon-separated if multiple) */
+    cookieNames?: string;
+    /** Custom headers to include in auth request */
+    customHeaders?: Record<string, string>;
+    /** Whether CSRF token is required */
+    requiresCsrf?: boolean;
+}
+/**
+ * Provider metadata definition
+ *
+ * Represents a single authentication provider with all its metadata.
+ * The authType field describes the provider's capability (how it performs auth).
+ *
+ * SECURITY NOTE: Never store actual secrets (client_secret, API keys) in
+ * provider definitions. Instead, use `metadata.clientSecretName` or similar
+ * to reference secrets stored in secure storage (env vars, Cloudflare secrets,
+ * vault, etc.). The agent reads secrets at runtime from secure storage.
+ */
+export interface ProviderDefinition {
+    /** Unique provider identifier (e.g., 'github', 'google', 'my-company-auth') */
+    id: string;
+    /** Human-friendly display name */
+    displayName?: string;
+    /** Provider's authentication capability (required) */
+    authType: ProviderAuthType;
+    /** Canonical OAuth provider ID (if authType === 'oauth2') */
+    oauthProviderId?: string;
+    /** Default OAuth scopes recommended for this provider */
+    defaultScopes?: string[];
+    /**
+     * OAuth provider configuration (for authType === 'oauth2')
+     * Contains endpoint URLs, PKCE support, etc.
+     */
+    oauthConfig?: OAuthProviderConfig;
+    /**
+     * Credential provider configuration (for authType === 'password')
+     * Contains auth endpoint, request/response field mapping, etc.
+     */
+    credentialConfig?: CredentialProviderConfig;
+    /** UI hints for consent page rendering */
+    ui?: {
+        /** Icon identifier or URL */
+        icon?: string;
+        /** Provider description */
+        description?: string;
+    };
+    /**
+     * Extra vendor or connector-specific metadata
+     *
+     * Use this for:
+     * - Secret references: `{ clientSecretName: 'GITHUB_CLIENT_SECRET' }`
+     * - Provider-specific settings not covered by oauthConfig/credentialConfig
+     *
+     * IMPORTANT: Do NOT store actual secrets here. Only store secret names/refs.
+     */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Provider configuration schema (for loading from JSON/config)
+ */
+export interface ProviderConfig {
+    providers: ProviderDefinition[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,YAAY,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAC;AAE1D;;;;;;GAMG;AACH,MAAM,MAAM,mBAAmB,GAC3B,MAAM,GACN,YAAY,GACZ,UAAU,GACV,QAAQ,GACR,YAAY,GACZ,KAAK,GACL,SAAS,GACT,uBAAuB,CAAC;AAE5B;;;;;GAKG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;CAQtB,CAAC;AAEX,MAAM,MAAM,gBAAgB,GAC1B,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,mBAAmB,CAAC,CAAC;AAEjE;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,mBAAmB;IAClC,uCAAuC;IACvC,qBAAqB,EAAE,MAAM,CAAC;IAE9B,+BAA+B;IAC/B,aAAa,EAAE,MAAM,CAAC;IAEtB,oEAAoE;IACpE,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B,2DAA2D;IAC3D,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB,0CAA0C;IAC1C,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB,2DAA2D;IAC3D,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAE/B,iCAAiC;IACjC,uBAAuB,CAAC,EAAE,oBAAoB,GAAG,qBAAqB,CAAC;IAEvE,4CAA4C;IAC5C,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,uDAAuD;IACvD,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,2DAA2D;IAC3D,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEtC;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,WAAW,wBAAwB;IACvC,mCAAmC;IACnC,YAAY,EAAE,MAAM,CAAC;IAErB,iCAAiC;IACjC,UAAU,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;IAE5B,2DAA2D;IAC3D,WAAW,CAAC,EAAE,kBAAkB,GAAG,mCAAmC,CAAC;IAEvE,iCAAiC;IACjC,mBAAmB,CAAC,EAAE;QACpB,+DAA+D;QAC/D,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,8CAA8C;QAC9C,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,qDAAqD;QACrD,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC3C,CAAC;IAEF,2DAA2D;IAC3D,cAAc,CAAC,EAAE;QACf,6DAA6D;QAC7D,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,kCAAkC;QAClC,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,qCAAqC;QACrC,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,uCAAuC;QACvC,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,uCAAuC;QACvC,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;IAEF,uCAAuC;IACvC,YAAY,CAAC,EAAE;QACb,qCAAqC;QACrC,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,6BAA6B;QAC7B,aAAa,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;KAClC,CAAC;IAEF,4DAA4D;IAC5D,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAE3B,kEAAkE;IAClE,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,gDAAgD;IAChD,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEvC,qCAAqC;IACrC,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,kBAAkB;IACjC,+EAA+E;IAC/E,EAAE,EAAE,MAAM,CAAC;IAEX,kCAAkC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,sDAAsD;IACtD,QAAQ,EAAE,gBAAgB,CAAC;IAE3B,6DAA6D;IAC7D,eAAe,CAAC,EAAE,MAAM,CAAC;IAEzB,yDAAyD;IACzD,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;;OAGG;IACH,WAAW,CAAC,EAAE,mBAAmB,CAAC;IAElC;;;OAGG;IACH,gBAAgB,CAAC,EAAE,wBAAwB,CAAC;IAE5C,0CAA0C;IAC1C,EAAE,CAAC,EAAE;QACH,6BAA6B;QAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,2BAA2B;QAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IAEF;;;;;;;;OAQG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,kBAAkB,EAAE,CAAC;CACjC"}

package/dist/types.js

@@ -0,0 +1,35 @@
+/**
+ * Provider Registry Types
+ *
+ * Type definitions for provider registry system.
+ * This is the single source of truth for provider metadata and categorization.
+ *
+ * Architecture Note:
+ * - AuthMode is imported from @kya-os/contracts/consent for consistency with consent UI
+ * - ProviderAuthType is defined here (provider capabilities)
+ * - ConsentProviderType is defined here as a SUPERSET of what contracts defines
+ *   (includes 'passkey' and 'verifiable_credential' which contracts doesn't have yet)
+ *
+ * Conceptual Model:
+ * - AuthMode: UI/flow level (what the consent page renders) - from @kya-os/consent via contracts
+ * - ProviderAuthType: what the provider supports / how it performs auth
+ * - ConsentProviderType: canonical provider_type posted by consent UI (backend routing)
+ */
+// Re-export canonical types from contracts for convenience
+export { AUTH_MODES } from '@kya-os/contracts/consent';
+/**
+ * ProviderAuthType: what the provider supports / how it performs auth
+ *
+ * This is provider-registry specific vocabulary describing the provider's
+ * authentication capability.
+ */
+export const PROVIDER_AUTH_TYPES = {
+    OAUTH2: 'oauth2',
+    PASSWORD: 'password', // username/password, credential form
+    VERIFIABLE_CREDENTIAL: 'verifiable_credential',
+    PASSKEY: 'passkey',
+    MAGIC_LINK: 'magic_link',
+    OTP: 'otp',
+    NONE: 'none',
+};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,2DAA2D;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAoBvD;;;;;GAKG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,MAAM,EAAE,QAAQ;IAChB,QAAQ,EAAE,UAAU,EAAE,qCAAqC;IAC3D,qBAAqB,EAAE,uBAAuB;IAC9C,OAAO,EAAE,SAAS;IAClB,UAAU,EAAE,YAAY;IACxB,GAAG,EAAE,KAAK;IACV,IAAI,EAAE,MAAM;CACJ,CAAC"}

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "@kya-os/provider-registry",
+  "version": "0.1.0",
+  "description": "Single source of truth for provider definitions and provider-type mapping",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage",
+    "test:watch": "vitest",
+    "lint": "eslint .",
+    "format": "prettier --write \"src/**/*.{ts,tsx}\"",
+    "clean": "rm -rf dist .turbo node_modules",
+    "prepublishOnly": "npm run build && node ../create-mcpi-app/scripts/validate-no-workspace.js"
+  },
+  "sideEffects": false,
+  "dependencies": {
+    "@kya-os/contracts": "^1.7.6",
+    "zod": "^3.25.76"
+  },
+  "devDependencies": {
+    "@types/node": "^20.14.9",
+    "@vitest/coverage-v8": "^4.0.5",
+    "eslint": "^8.57.0",
+    "typescript": "^5.5.3",
+    "vitest": "^4.0.5"
+  },
+  "files": [
+    "dist",
+    "package.json",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  }
+}