npm - @kya-os/verifier - Versions diffs - 1.3.4-canary.9 → 1.4.1 - Mend

@kya-os/verifier 1.3.4-canary.9 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/worker.js DELETED Viewed

@@ -1,302 +0,0 @@
-import { VerifierCore } from "./core.js";
-/**
- * Extract proof from Cloudflare Worker request
- */
-async function extractProofFromRequest(request) {
-    try {
-        // Try to get proof from X-XMCP-I-Proof header
-        const proofHeader = request.headers.get("X-XMCP-I-Proof");
-        if (proofHeader) {
-            return JSON.parse(proofHeader);
-        }
-        // Try to get proof from request body if it's a POST/PUT
-        if (request.method === "POST" || request.method === "PUT") {
-            const contentType = request.headers.get("content-type");
-            if (contentType?.includes("application/json")) {
-                const body = (await request.clone().json());
-                if (body?.meta?.proof) {
-                    return body.meta.proof;
-                }
-            }
-        }
-        return null;
-    }
-    catch (error) {
-        console.warn("Failed to extract proof from request:", error);
-        return null;
-    }
-}
-/**
- * Extract audience from request
- */
-function extractAudienceFromRequest(request) {
-    const url = new URL(request.url);
-    return url.host;
-}
-/**
- * Safely parse environment integer with bounds validation
- * Prevents NaN bypass attacks where parseInt returns NaN and disables validators
- */
-function parseEnvInt(value, defaultValue, min, max) {
-    if (!value)
-        return defaultValue;
-    const parsed = parseInt(value, 10);
-    // Reject NaN to prevent bypass attacks
-    if (isNaN(parsed)) {
-        console.warn(`Invalid integer env value: ${value}, using default: ${defaultValue}`);
-        return defaultValue;
-    }
-    // Clamp to safe bounds
-    if (parsed < min) {
-        console.warn(`Env value ${parsed} below minimum ${min}, using minimum`);
-        return min;
-    }
-    if (parsed > max) {
-        console.warn(`Env value ${parsed} above maximum ${max}, using maximum`);
-        return max;
-    }
-    return parsed;
-}
-/**
- * Create verifier config from Worker environment
- *
- * @param env - Worker environment bindings
- * @param overrides - Optional config overrides
- * @returns WorkerVerifierConfig
- */
-export function createConfigFromEnv(env, overrides) {
-    return {
-        ktaBaseUrl: env.KYA_API_URL || "https://knowthat.ai",
-        enableDelegationCheck: true,
-        clockSkewTolerance: parseEnvInt(env.XMCP_I_TS_SKEW_SEC, 120, 0, 3600),
-        sessionTimeout: parseEnvInt(env.XMCP_I_SESSION_TTL, 1800, 60, 86400),
-        proofMaxAge: parseEnvInt(env.PROOF_MAX_AGE_SEC, 300, 60, 3600),
-        kvNamespace: env.NONCE_CACHE,
-        nonceTtl: 1800,
-        ...overrides,
-    };
-}
-/**
- * Cached config to avoid parsing env on every request
- */
-let cachedConfig = null;
-let cachedEnvSignature = null;
-/**
- * Create a signature from env to detect changes
- */
-function getEnvSignature(env) {
-    return [
-        env.KYA_API_URL || "",
-        env.XMCP_I_TS_SKEW_SEC || "",
-        env.XMCP_I_SESSION_TTL || "",
-        env.PROOF_MAX_AGE_SEC || "",
-    ].join("|");
-}
-/**
- * Get or create config from env with caching
- * Caches config per worker instance to avoid parsing env on every request
- */
-function getConfigFromEnv(env, overrides) {
-    const signature = getEnvSignature(env);
-    // Return cached config if env hasn't changed
-    if (cachedConfig && cachedEnvSignature === signature && !overrides) {
-        return cachedConfig;
-    }
-    // Parse env and cache result
-    const config = createConfigFromEnv(env, overrides);
-    if (!overrides) {
-        cachedConfig = config;
-        cachedEnvSignature = signature;
-    }
-    return config;
-}
-/**
- * Cloudflare Worker verifier function
- *
- * Usage with environment bindings:
- * ```typescript
- * export default {
- *   async fetch(request: Request, env: WorkerEnv): Promise<Response> {
- *     // Config is automatically cached per worker instance
- *     const result = await verifyWorker(request, env);
- *
- *     if (!result.success) {
- *       return applyVerificationToResponse(result);
- *     }
- *
- *     // Continue with verified request...
- *   }
- * }
- * ```
- *
- * @param request - The incoming request
- * @param envOrConfig - Worker environment or verifier configuration
- * @returns Promise<VerifierResult> - Verification result with headers or error
- */
-export async function verifyWorker(request, envOrConfig) {
-    try {
-        // Resolve config from env or use provided config (with caching)
-        let config;
-        if (!envOrConfig) {
-            throw new Error("Either env or config must be provided");
-        }
-        else if ("kvNamespace" in envOrConfig || "ktaBaseUrl" in envOrConfig || "enableDelegationCheck" in envOrConfig) {
-            // It's already a WorkerVerifierConfig
-            config = envOrConfig;
-        }
-        else {
-            // It's a WorkerEnv, use cached config
-            config = getConfigFromEnv(envOrConfig);
-        }
-        // Extract proof from request
-        const proof = await extractProofFromRequest(request);
-        if (!proof) {
-            return {
-                success: false,
-                error: {
-                    code: "XMCP_I_ENOIDENTITY",
-                    message: "No proof found in request",
-                    httpStatus: 401,
-                    details: {
-                        reason: "Request must include proof in X-XMCP-I-Proof header or request body",
-                        remediation: "Ensure XMCP-I client is properly configured",
-                    },
-                },
-            };
-        }
-        // Extract audience from request
-        const audience = extractAudienceFromRequest(request);
-        // Create verifier and verify proof
-        const verifier = new VerifierCore(config);
-        const result = await verifier.verify({
-            proof,
-            audience,
-            timestamp: Math.floor(Date.now() / 1000),
-        });
-        return result;
-    }
-    catch (error) {
-        return {
-            success: false,
-            error: {
-                code: "XMCP_I_EVERIFY",
-                message: error instanceof Error ? error.message : "Verification failed",
-                httpStatus: 500,
-                details: {
-                    reason: "Unexpected error during Worker verification",
-                    remediation: "Check request format and try again",
-                },
-            },
-        };
-    }
-}
-/**
- * Cloudflare Worker middleware factory
- *
- * Creates a middleware function that can be used in Worker request handlers
- *
- * @param config - Optional verifier configuration
- * @returns Middleware function
- */
-export function createWorkerMiddleware(config) {
-    return async (request) => {
-        return verifyWorker(request, config);
-    };
-}
-/**
- * Helper to apply verification result to a Response
- *
- * @param result - Verification result
- * @param response - Response to modify
- * @returns Modified response with headers or error response
- */
-export function applyVerificationToResponse(result, response) {
-    if (!result.success) {
-        return new Response(JSON.stringify({
-            code: result.error.code,
-            message: result.error.message,
-            details: result.error.details,
-        }), {
-            status: result.error.httpStatus,
-            headers: {
-                "Content-Type": "application/json",
-            },
-        });
-    }
-    // Apply headers to existing response or create new one
-    const headers = new Headers(response?.headers);
-    if (result.headers) {
-        Object.entries(result.headers).forEach(([key, value]) => {
-            headers.set(key, value);
-        });
-    }
-    if (response) {
-        return new Response(response.body, {
-            status: response.status,
-            statusText: response.statusText,
-            headers,
-        });
-    }
-    return new Response(null, { status: 200, headers });
-}
-/**
- * Complete example with environment bindings and KV nonce cache
- *
- * wrangler.toml:
- * ```toml
- * name = "my-mcp-verifier"
- * main = "src/index.ts"
- * compatibility_date = "2024-01-01"
- *
- * [[kv_namespaces]]
- * binding = "NONCE_CACHE"
- * id = "your-kv-namespace-id"
- *
- * [vars]
- * KYA_API_URL = "https://knowthat.ai"
- * ```
- *
- * src/index.ts:
- * ```typescript
- * import { verifyWorker, applyVerificationToResponse, type WorkerEnv } from "@kya-os/verifier/worker";
- *
- * export default {
- *   async fetch(request: Request, env: WorkerEnv): Promise<Response> {
- *     // Pass env directly - config is automatically cached per worker instance
- *     const result = await verifyWorker(request, env);
- *
- *     if (!result.success) {
- *       return applyVerificationToResponse(result);
- *     }
- *
- *     // Access verified agent context
- *     const agentDID = result.agentContext?.did;
- *     const agentScopes = result.agentContext?.scopes || [];
- *
- *     // Continue with verified request
- *     const response = new Response(JSON.stringify({
- *       message: "Verified!",
- *       agent: result.agentContext
- *     }), {
- *       headers: { "Content-Type": "application/json" }
- *     });
- *
- *     // Add verification headers to response
- *     return applyVerificationToResponse(result, response);
- *   }
- * }
- * ```
- *
- * Deploy:
- * ```bash
- * # Create KV namespace
- * wrangler kv:namespace create NONCE_CACHE
- *
- * # Add secrets
- * wrangler secret put KYA_VOUCHED_API_KEY
- *
- * # Deploy
- * wrangler deploy
- * ```
- */
-//# sourceMappingURL=worker.js.map

package/dist/worker.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"worker.js","sourceRoot":"","sources":["../src/worker.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAuB,MAAM,WAAW,CAAC;AAqD9D;;GAEG;AACH,KAAK,UAAU,uBAAuB,CACpC,OAAgB;IAEhB,IAAI,CAAC;QACH,8CAA8C;QAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC1D,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACjC,CAAC;QAED,wDAAwD;QACxD,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAC1D,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACxD,IAAI,WAAW,EAAE,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC9C,MAAM,IAAI,GAAG,CAAC,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAQ,CAAC;gBACnD,IAAI,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;oBACtB,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;gBACzB,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;QAC7D,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CAAC,OAAgB;IAClD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,OAAO,GAAG,CAAC,IAAI,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAClB,KAAyB,EACzB,YAAoB,EACpB,GAAW,EACX,GAAW;IAEX,IAAI,CAAC,KAAK;QAAE,OAAO,YAAY,CAAC;IAEhC,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAEnC,uCAAuC;IACvC,IAAI,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,8BAA8B,KAAK,oBAAoB,YAAY,EAAE,CAAC,CAAC;QACpF,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,uBAAuB;IACvB,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,aAAa,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,CAAC;QACxE,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,aAAa,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,CAAC;QACxE,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CACjC,GAAc,EACd,SAAyC;IAEzC,OAAO;QACL,UAAU,EAAE,GAAG,CAAC,WAAW,IAAI,qBAAqB;QACpD,qBAAqB,EAAE,IAAI;QAC3B,kBAAkB,EAAE,WAAW,CAAC,GAAG,CAAC,kBAAkB,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC;QACrE,cAAc,EAAE,WAAW,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,CAAC;QACpE,WAAW,EAAE,WAAW,CAAC,GAAG,CAAC,iBAAiB,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,CAAC;QAC9D,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,QAAQ,EAAE,IAAI;QACd,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,IAAI,YAAY,GAAgC,IAAI,CAAC;AACrD,IAAI,kBAAkB,GAAkB,IAAI,CAAC;AAE7C;;GAEG;AACH,SAAS,eAAe,CAAC,GAAc;IACrC,OAAO;QACL,GAAG,CAAC,WAAW,IAAI,EAAE;QACrB,GAAG,CAAC,kBAAkB,IAAI,EAAE;QAC5B,GAAG,CAAC,kBAAkB,IAAI,EAAE;QAC5B,GAAG,CAAC,iBAAiB,IAAI,EAAE;KAC5B,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CACvB,GAAc,EACd,SAAyC;IAEzC,MAAM,SAAS,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IAEvC,6CAA6C;IAC7C,IAAI,YAAY,IAAI,kBAAkB,KAAK,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;QACnE,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,6BAA6B;IAC7B,MAAM,MAAM,GAAG,mBAAmB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IACnD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,YAAY,GAAG,MAAM,CAAC;QACtB,kBAAkB,GAAG,SAAS,CAAC;IACjC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,OAAgB,EAChB,WAA8C;IAE9C,IAAI,CAAC;QACH,gEAAgE;QAChE,IAAI,MAA4B,CAAC;QACjC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;aAAM,IAAI,aAAa,IAAI,WAAW,IAAI,YAAY,IAAI,WAAW,IAAI,uBAAuB,IAAI,WAAW,EAAE,CAAC;YACjH,sCAAsC;YACtC,MAAM,GAAG,WAAmC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,sCAAsC;YACtC,MAAM,GAAG,gBAAgB,CAAC,WAAwB,CAAC,CAAC;QACtD,CAAC;QAED,6BAA6B;QAC7B,MAAM,KAAK,GAAG,MAAM,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACrD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,oBAAoB;oBAC1B,OAAO,EAAE,2BAA2B;oBACpC,UAAU,EAAE,GAAG;oBACf,OAAO,EAAE;wBACP,MAAM,EACJ,qEAAqE;wBACvE,WAAW,EAAE,6CAA6C;qBAC3D;iBACF;aACF,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,MAAM,QAAQ,GAAG,0BAA0B,CAAC,OAAO,CAAC,CAAC;QAErD,mCAAmC;QACnC,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;YACnC,KAAK;YACL,QAAQ;YACR,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;SACzC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE;gBACL,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,qBAAqB;gBACvE,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE;oBACP,MAAM,EAAE,6CAA6C;oBACrD,WAAW,EAAE,oCAAoC;iBAClD;aACF;SACF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAuB;IAC5D,OAAO,KAAK,EAAE,OAAgB,EAA2B,EAAE;QACzD,OAAO,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,2BAA2B,CACzC,MAAsB,EACtB,QAAmB;IAEnB,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;YACb,IAAI,EAAE,MAAM,CAAC,KAAM,CAAC,IAAI;YACxB,OAAO,EAAE,MAAM,CAAC,KAAM,CAAC,OAAO;YAC9B,OAAO,EAAE,MAAM,CAAC,KAAM,CAAC,OAAO;SAC/B,CAAC,EACF;YACE,MAAM,EAAE,MAAM,CAAC,KAAM,CAAC,UAAU;YAChC,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;SACF,CACF,CAAC;IACJ,CAAC;IAED,uDAAuD;IACvD,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC/C,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE;YACtD,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE;YACjC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,OAAO;SACR,CAAC,CAAC;IACL,CAAC;IAED,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;AACtD,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2DG"}