npm - @kya-os/verifier - Versions diffs - 1.3.0 - Mend

@kya-os/verifier 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/worker.js ADDED Viewed

@@ -0,0 +1,237 @@
+import { VerifierCore } from "./core.js";
+/**
+ * Extract proof from Cloudflare Worker request
+ */
+async function extractProofFromRequest(request) {
+    try {
+        // Try to get proof from X-XMCP-I-Proof header
+        const proofHeader = request.headers.get("X-XMCP-I-Proof");
+        if (proofHeader) {
+            return JSON.parse(proofHeader);
+        }
+        // Try to get proof from request body if it's a POST/PUT
+        if (request.method === "POST" || request.method === "PUT") {
+            const contentType = request.headers.get("content-type");
+            if (contentType?.includes("application/json")) {
+                const body = (await request.clone().json());
+                if (body?.meta?.proof) {
+                    return body.meta.proof;
+                }
+            }
+        }
+        return null;
+    }
+    catch (error) {
+        console.warn("Failed to extract proof from request:", error);
+        return null;
+    }
+}
+/**
+ * Extract audience from request
+ */
+function extractAudienceFromRequest(request) {
+    const url = new URL(request.url);
+    return url.host;
+}
+/**
+ * Create verifier config from Worker environment
+ *
+ * @param env - Worker environment bindings
+ * @param overrides - Optional config overrides
+ * @returns WorkerVerifierConfig
+ */
+export function createConfigFromEnv(env, overrides) {
+    return {
+        ktaBaseUrl: env.KYA_API_URL || "https://knowthat.ai",
+        enableDelegationCheck: true,
+        clockSkewTolerance: env.XMCP_I_TS_SKEW_SEC
+            ? parseInt(env.XMCP_I_TS_SKEW_SEC, 10)
+            : 120,
+        sessionTimeout: env.XMCP_I_SESSION_TTL
+            ? parseInt(env.XMCP_I_SESSION_TTL, 10)
+            : 1800,
+        kvNamespace: env.NONCE_CACHE,
+        nonceTtl: 1800,
+        ...overrides,
+    };
+}
+/**
+ * Cloudflare Worker verifier function
+ *
+ * Usage with environment bindings:
+ * ```typescript
+ * export default {
+ *   async fetch(request: Request, env: WorkerEnv): Promise<Response> {
+ *     const config = createConfigFromEnv(env);
+ *     const result = await verifyWorker(request, config);
+ *
+ *     if (!result.success) {
+ *       return applyVerificationToResponse(result);
+ *     }
+ *
+ *     // Continue with verified request...
+ *   }
+ * }
+ * ```
+ *
+ * @param request - The incoming request
+ * @param config - Optional verifier configuration
+ * @returns Promise<VerifierResult> - Verification result with headers or error
+ */
+export async function verifyWorker(request, config) {
+    try {
+        // Extract proof from request
+        const proof = await extractProofFromRequest(request);
+        if (!proof) {
+            return {
+                success: false,
+                error: {
+                    code: "XMCP_I_ENOIDENTITY",
+                    message: "No proof found in request",
+                    httpStatus: 401,
+                    details: {
+                        reason: "Request must include proof in X-XMCP-I-Proof header or request body",
+                        remediation: "Ensure XMCP-I client is properly configured",
+                    },
+                },
+            };
+        }
+        // Extract audience from request
+        const audience = extractAudienceFromRequest(request);
+        // Create verifier and verify proof
+        const verifier = new VerifierCore(config);
+        const result = await verifier.verify({
+            proof,
+            audience,
+            timestamp: Math.floor(Date.now() / 1000),
+        });
+        return result;
+    }
+    catch (error) {
+        return {
+            success: false,
+            error: {
+                code: "XMCP_I_EVERIFY",
+                message: error instanceof Error ? error.message : "Verification failed",
+                httpStatus: 500,
+                details: {
+                    reason: "Unexpected error during Worker verification",
+                    remediation: "Check request format and try again",
+                },
+            },
+        };
+    }
+}
+/**
+ * Cloudflare Worker middleware factory
+ *
+ * Creates a middleware function that can be used in Worker request handlers
+ *
+ * @param config - Optional verifier configuration
+ * @returns Middleware function
+ */
+export function createWorkerMiddleware(config) {
+    return async (request) => {
+        return verifyWorker(request, config);
+    };
+}
+/**
+ * Helper to apply verification result to a Response
+ *
+ * @param result - Verification result
+ * @param response - Response to modify
+ * @returns Modified response with headers or error response
+ */
+export function applyVerificationToResponse(result, response) {
+    if (!result.success) {
+        return new Response(JSON.stringify({
+            code: result.error.code,
+            message: result.error.message,
+            details: result.error.details,
+        }), {
+            status: result.error.httpStatus,
+            headers: {
+                "Content-Type": "application/json",
+            },
+        });
+    }
+    // Apply headers to existing response or create new one
+    const headers = new Headers(response?.headers);
+    if (result.headers) {
+        Object.entries(result.headers).forEach(([key, value]) => {
+            headers.set(key, value);
+        });
+    }
+    if (response) {
+        return new Response(response.body, {
+            status: response.status,
+            statusText: response.statusText,
+            headers,
+        });
+    }
+    return new Response(null, { status: 200, headers });
+}
+/**
+ * Complete example with environment bindings and KV nonce cache
+ *
+ * wrangler.toml:
+ * ```toml
+ * name = "my-mcp-verifier"
+ * main = "src/index.ts"
+ * compatibility_date = "2024-01-01"
+ *
+ * [[kv_namespaces]]
+ * binding = "NONCE_CACHE"
+ * id = "your-kv-namespace-id"
+ *
+ * [vars]
+ * KYA_API_URL = "https://knowthat.ai"
+ * ```
+ *
+ * src/index.ts:
+ * ```typescript
+ * import { verifyWorker, applyVerificationToResponse, createConfigFromEnv, type WorkerEnv } from "@kya-os/verifier/worker";
+ *
+ * export default {
+ *   async fetch(request: Request, env: WorkerEnv): Promise<Response> {
+ *     // Create config from environment
+ *     const config = createConfigFromEnv(env);
+ *
+ *     // Verify the request
+ *     const result = await verifyWorker(request, config);
+ *
+ *     if (!result.success) {
+ *       return applyVerificationToResponse(result);
+ *     }
+ *
+ *     // Access verified agent context
+ *     const agentDID = result.agentContext?.did;
+ *     const agentScopes = result.agentContext?.scopes || [];
+ *
+ *     // Continue with verified request
+ *     const response = new Response(JSON.stringify({
+ *       message: "Verified!",
+ *       agent: result.agentContext
+ *     }), {
+ *       headers: { "Content-Type": "application/json" }
+ *     });
+ *
+ *     // Add verification headers to response
+ *     return applyVerificationToResponse(result, response);
+ *   }
+ * }
+ * ```
+ *
+ * Deploy:
+ * ```bash
+ * # Create KV namespace
+ * wrangler kv:namespace create NONCE_CACHE
+ *
+ * # Add secrets
+ * wrangler secret put KYA_VOUCHED_API_KEY
+ *
+ * # Deploy
+ * wrangler deploy
+ * ```
+ */
+//# sourceMappingURL=worker.js.map

package/dist/worker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"worker.js","sourceRoot":"","sources":["../src/worker.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAuB,MAAM,WAAW,CAAC;AAoD9D;;GAEG;AACH,KAAK,UAAU,uBAAuB,CACpC,OAAgB;IAEhB,IAAI,CAAC;QACH,8CAA8C;QAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC1D,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACjC,CAAC;QAED,wDAAwD;QACxD,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAC1D,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACxD,IAAI,WAAW,EAAE,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC9C,MAAM,IAAI,GAAG,CAAC,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAQ,CAAC;gBACnD,IAAI,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;oBACtB,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;gBACzB,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;QAC7D,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CAAC,OAAgB;IAClD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,OAAO,GAAG,CAAC,IAAI,CAAC;AAClB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CACjC,GAAc,EACd,SAAyC;IAEzC,OAAO;QACL,UAAU,EAAE,GAAG,CAAC,WAAW,IAAI,qBAAqB;QACpD,qBAAqB,EAAE,IAAI;QAC3B,kBAAkB,EAAE,GAAG,CAAC,kBAAkB;YACxC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,kBAAkB,EAAE,EAAE,CAAC;YACtC,CAAC,CAAC,GAAG;QACP,cAAc,EAAE,GAAG,CAAC,kBAAkB;YACpC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,kBAAkB,EAAE,EAAE,CAAC;YACtC,CAAC,CAAC,IAAI;QACR,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,QAAQ,EAAE,IAAI;QACd,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,OAAgB,EAChB,MAA6B;IAE7B,IAAI,CAAC;QACH,6BAA6B;QAC7B,MAAM,KAAK,GAAG,MAAM,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACrD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,oBAAoB;oBAC1B,OAAO,EAAE,2BAA2B;oBACpC,UAAU,EAAE,GAAG;oBACf,OAAO,EAAE;wBACP,MAAM,EACJ,qEAAqE;wBACvE,WAAW,EAAE,6CAA6C;qBAC3D;iBACF;aACF,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,MAAM,QAAQ,GAAG,0BAA0B,CAAC,OAAO,CAAC,CAAC;QAErD,mCAAmC;QACnC,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;YACnC,KAAK;YACL,QAAQ;YACR,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;SACzC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE;gBACL,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,qBAAqB;gBACvE,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE;oBACP,MAAM,EAAE,6CAA6C;oBACrD,WAAW,EAAE,oCAAoC;iBAClD;aACF;SACF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAuB;IAC5D,OAAO,KAAK,EAAE,OAAgB,EAA2B,EAAE;QACzD,OAAO,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,2BAA2B,CACzC,MAAsB,EACtB,QAAmB;IAEnB,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;YACb,IAAI,EAAE,MAAM,CAAC,KAAM,CAAC,IAAI;YACxB,OAAO,EAAE,MAAM,CAAC,KAAM,CAAC,OAAO;YAC9B,OAAO,EAAE,MAAM,CAAC,KAAM,CAAC,OAAO;SAC/B,CAAC,EACF;YACE,MAAM,EAAE,MAAM,CAAC,KAAM,CAAC,UAAU;YAChC,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;SACF,CACF,CAAC;IACJ,CAAC;IAED,uDAAuD;IACvD,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC/C,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE;YACtD,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE;YACjC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,OAAO;SACR,CAAC,CAAC;IACL,CAAC;IAED,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;AACtD,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8DG"}

package/package.json ADDED Viewed

@@ -0,0 +1,66 @@
+{
+  "name": "@kya-os/verifier",
+  "version": "1.3.0",
+  "description": "Isomorphic verifier middleware for XMCP-I proof validation",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./worker": {
+      "types": "./dist/worker.d.ts",
+      "import": "./dist/worker.js"
+    },
+    "./express": {
+      "types": "./dist/express.d.ts",
+      "import": "./dist/express.js"
+    }
+  },
+  "files": [
+    "dist/**/*",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "dev": "tsc -p tsconfig.build.json --watch",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "clean": "rm -rf dist"
+  },
+  "dependencies": {
+    "@kya-os/contracts": "^1.2.0",
+    "jose": "^5.2.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.11.0",
+    "typescript": "^5.3.0",
+    "vitest": "^1.2.0"
+  },
+  "peerDependencies": {
+    "@types/express": "^4.17.0"
+  },
+  "peerDependenciesMeta": {
+    "@types/express": {
+      "optional": true
+    }
+  },
+  "keywords": [
+    "xmcp-i",
+    "verifier",
+    "middleware",
+    "identity",
+    "proof",
+    "cloudflare-workers",
+    "express"
+  ],
+  "author": "KYA OS",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/kya-os/xmcp-i.git",
+    "directory": "packages/verifier"
+  }
+}