@mcp-i/core 1.1.3 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/handshake.d.ts +19 -4
- package/dist/auth/handshake.d.ts.map +1 -1
- package/dist/auth/handshake.js +52 -15
- package/dist/auth/handshake.js.map +1 -1
- package/dist/auth/index.d.ts +1 -1
- package/dist/auth/index.d.ts.map +1 -1
- package/dist/auth/index.js.map +1 -1
- package/dist/delegation/cascading-revocation.d.ts.map +1 -1
- package/dist/delegation/cascading-revocation.js +3 -1
- package/dist/delegation/cascading-revocation.js.map +1 -1
- package/dist/delegation/did-key-resolver.d.ts.map +1 -1
- package/dist/delegation/did-key-resolver.js +9 -6
- package/dist/delegation/did-key-resolver.js.map +1 -1
- package/dist/delegation/outbound-headers.d.ts +14 -16
- package/dist/delegation/outbound-headers.d.ts.map +1 -1
- package/dist/delegation/outbound-headers.js +14 -15
- package/dist/delegation/outbound-headers.js.map +1 -1
- package/dist/delegation/outbound-proof.d.ts +1 -1
- package/dist/delegation/outbound-proof.js +1 -1
- package/dist/delegation/statuslist-manager.d.ts +3 -0
- package/dist/delegation/statuslist-manager.d.ts.map +1 -1
- package/dist/delegation/statuslist-manager.js +14 -1
- package/dist/delegation/statuslist-manager.js.map +1 -1
- package/dist/delegation/vc-verifier.d.ts.map +1 -1
- package/dist/delegation/vc-verifier.js +2 -2
- package/dist/delegation/vc-verifier.js.map +1 -1
- package/dist/errors.d.ts +42 -0
- package/dist/errors.d.ts.map +1 -0
- package/dist/errors.js +45 -0
- package/dist/errors.js.map +1 -0
- package/dist/index.d.ts +3 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +3 -1
- package/dist/index.js.map +1 -1
- package/dist/middleware/index.d.ts +1 -0
- package/dist/middleware/index.d.ts.map +1 -1
- package/dist/middleware/index.js +1 -0
- package/dist/middleware/index.js.map +1 -1
- package/dist/middleware/mcpi-transport.d.ts +39 -0
- package/dist/middleware/mcpi-transport.d.ts.map +1 -0
- package/dist/middleware/mcpi-transport.js +121 -0
- package/dist/middleware/mcpi-transport.js.map +1 -0
- package/dist/middleware/with-mcpi-server.d.ts +25 -9
- package/dist/middleware/with-mcpi-server.d.ts.map +1 -1
- package/dist/middleware/with-mcpi-server.js +62 -47
- package/dist/middleware/with-mcpi-server.js.map +1 -1
- package/dist/middleware/with-mcpi.d.ts +40 -5
- package/dist/middleware/with-mcpi.d.ts.map +1 -1
- package/dist/middleware/with-mcpi.js +120 -10
- package/dist/middleware/with-mcpi.js.map +1 -1
- package/dist/providers/memory.js +2 -2
- package/dist/providers/memory.js.map +1 -1
- package/dist/session/manager.d.ts +7 -1
- package/dist/session/manager.d.ts.map +1 -1
- package/dist/session/manager.js +20 -4
- package/dist/session/manager.js.map +1 -1
- package/dist/utils/crypto-service.d.ts.map +1 -1
- package/dist/utils/crypto-service.js +11 -10
- package/dist/utils/crypto-service.js.map +1 -1
- package/dist/utils/did-helpers.d.ts +12 -0
- package/dist/utils/did-helpers.d.ts.map +1 -1
- package/dist/utils/did-helpers.js +18 -0
- package/dist/utils/did-helpers.js.map +1 -1
- package/package.json +2 -2
- package/src/__tests__/audit/canonicalization-integrity.test.ts +243 -0
- package/src/__tests__/audit/graph-revocation-roundtrip.test.ts +280 -0
- package/src/__tests__/audit/helpers/crypto-helpers.ts +245 -0
- package/src/__tests__/audit/proof-boundary.test.ts +269 -0
- package/src/__tests__/audit/statuslist-bitstring-roundtrip.test.ts +135 -0
- package/src/__tests__/audit/vc-roundtrip.test.ts +290 -0
- package/src/delegation/__tests__/outbound-headers.test.ts +16 -16
- package/src/delegation/__tests__/transitive-access.test.ts +1233 -0
- package/src/delegation/__tests__/vc-issuer.integration.test.ts +136 -0
- package/src/delegation/__tests__/vc-jwt.test.ts +318 -0
- package/src/delegation/__tests__/vc-verifier.integration.test.ts +199 -0
- package/src/delegation/cascading-revocation.ts +3 -1
- package/src/delegation/outbound-headers.ts +16 -16
- package/src/delegation/outbound-proof.ts +1 -1
- package/src/delegation/statuslist-manager.ts +17 -0
- package/src/middleware/with-mcpi.ts +29 -0
- package/src/proof/__tests__/verifier.integration.test.ts +181 -0
package/dist/auth/handshake.d.ts
CHANGED
|
@@ -15,12 +15,20 @@ import type { DelegationVerifier, VerifyDelegationResult } from './types.js';
|
|
|
15
15
|
export type { DelegationVerifier, VerifyDelegationResult };
|
|
16
16
|
export interface AgentReputation {
|
|
17
17
|
agentDid: string;
|
|
18
|
-
score: number;
|
|
18
|
+
score: number | null;
|
|
19
19
|
totalInteractions: number;
|
|
20
20
|
successRate: number;
|
|
21
21
|
riskLevel: 'low' | 'medium' | 'high' | 'unknown';
|
|
22
22
|
updatedAt: number;
|
|
23
23
|
}
|
|
24
|
+
/**
|
|
25
|
+
* Policy for handling agents with no reputation history.
|
|
26
|
+
*
|
|
27
|
+
* - 'deny' — reject unknown agents outright (strict environments)
|
|
28
|
+
* - 'require-consent' — route to the consent/authorization flow (default)
|
|
29
|
+
* - 'allow' — let unknown agents through (reputation is advisory only)
|
|
30
|
+
*/
|
|
31
|
+
export type UnknownAgentPolicy = 'deny' | 'require-consent' | 'allow';
|
|
24
32
|
export interface AuthHandshakeConfig {
|
|
25
33
|
delegationVerifier: DelegationVerifier;
|
|
26
34
|
resumeTokenStore: ResumeTokenStore;
|
|
@@ -32,7 +40,15 @@ export interface AuthHandshakeConfig {
|
|
|
32
40
|
authorization: {
|
|
33
41
|
authorizationUrl: string;
|
|
34
42
|
resumeTokenTtl?: number;
|
|
35
|
-
|
|
43
|
+
/**
|
|
44
|
+
* How to handle agents with no reputation history (404 from reputation
|
|
45
|
+
* service, network error, or first-time agent).
|
|
46
|
+
*
|
|
47
|
+
* - 'deny' — reject outright
|
|
48
|
+
* - 'require-consent' — route to consent flow (default)
|
|
49
|
+
* - 'allow' — skip reputation gate for unknowns
|
|
50
|
+
*/
|
|
51
|
+
unknownAgentPolicy?: UnknownAgentPolicy;
|
|
36
52
|
minReputationScore?: number;
|
|
37
53
|
};
|
|
38
54
|
debug?: boolean;
|
|
@@ -96,9 +112,8 @@ export declare class MemoryResumeTokenStore implements ResumeTokenStore {
|
|
|
96
112
|
* @param agentDid - The agent's DID to verify
|
|
97
113
|
* @param scopes - Required scopes for the operation
|
|
98
114
|
* @param config - Authorization configuration including verifier, token store, etc.
|
|
99
|
-
* @param _resumeToken - Optional resume token from previous authorization attempt
|
|
100
115
|
* @returns Result indicating authorization status, delegation, or auth hints
|
|
101
116
|
*/
|
|
102
|
-
export declare function verifyOrHints(agentDid: string, scopes: string[], config: AuthHandshakeConfig
|
|
117
|
+
export declare function verifyOrHints(agentDid: string, scopes: string[], config: AuthHandshakeConfig): Promise<VerifyOrHintsResult>;
|
|
103
118
|
export declare function hasSensitiveScopes(scopes: string[]): boolean;
|
|
104
119
|
//# sourceMappingURL=handshake.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handshake.d.ts","sourceRoot":"","sources":["../../src/auth/handshake.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EACV,uBAAuB,EAExB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAE7D,OAAO,KAAK,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAE7E,YAAY,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,CAAC;AAE3D,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"handshake.d.ts","sourceRoot":"","sources":["../../src/auth/handshake.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EACV,uBAAuB,EAExB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAE7D,OAAO,KAAK,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAE7E,YAAY,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,CAAC;AAE3D,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;IACjD,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;GAMG;AACH,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG,iBAAiB,GAAG,OAAO,CAAC;AAEtE,MAAM,WAAW,mBAAmB;IAClC,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,iBAAiB,CAAC,EAAE;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;KACzB,CAAC;IACF,aAAa,EAAE;QACb,gBAAgB,EAAE,MAAM,CAAC;QACzB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB;;;;;;;WAOG;QACH,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;QACxC,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC;IACF,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,UAAU,CAAC,EAAE;QACX,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,aAAa,EAAE;YACb,IAAI,EACA,OAAO,GACP,QAAQ,GACR,UAAU,GACV,YAAY,GACZ,UAAU,GACV,MAAM,GACN,MAAM,CAAC;YACX,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,cAAc,CAAC,EAAE,MAAM,CAAC;YACxB,IAAI,CAAC,EAAE,MAAM,CAAC;YACd,gBAAgB,CAAC,EAAE,UAAU,GAAG,WAAW,GAAG,aAAa,CAAC;YAC5D,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,MAAM,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,SAAS,CAAC,EAAE,uBAAuB,CAAC;IACpC,UAAU,CAAC,EAAE,eAAe,CAAC;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,CACJ,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,EAChB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACjC,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAC1B,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACpC,GAAG,IAAI,CAAC,CAAC;IAEV,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACvC;AAED,qBAAa,sBAAuB,YAAW,gBAAgB;IAC7D,OAAO,CAAC,MAAM,CAUV;IACJ,OAAO,CAAC,GAAG,CAAS;gBAER,KAAK,SAAU;IAIrB,MAAM,CACV,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,EAChB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACjC,OAAO,CAAC,MAAM,CAAC;IAmBZ,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAChC,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACpC,GAAG,IAAI,CAAC;IAoBH,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAO3C,KAAK,IAAI,IAAI;CAGd;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,aAAa,CACjC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,EAChB,MAAM,EAAE,mBAAmB,GAC1B,OAAO,CAAC,mBAAmB,CAAC,CA+I9B;AA8GD,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAc5D"}
|
package/dist/auth/handshake.js
CHANGED
|
@@ -18,7 +18,10 @@ export class MemoryResumeTokenStore {
|
|
|
18
18
|
this.ttl = ttlMs;
|
|
19
19
|
}
|
|
20
20
|
async create(agentDid, scopes, metadata) {
|
|
21
|
-
const
|
|
21
|
+
const bytes = new Uint8Array(16);
|
|
22
|
+
globalThis.crypto.getRandomValues(bytes);
|
|
23
|
+
const hex = Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join('');
|
|
24
|
+
const token = `rt_${hex}`;
|
|
22
25
|
const now = Date.now();
|
|
23
26
|
this.tokens.set(token, {
|
|
24
27
|
agentDid,
|
|
@@ -69,36 +72,70 @@ export class MemoryResumeTokenStore {
|
|
|
69
72
|
* @param agentDid - The agent's DID to verify
|
|
70
73
|
* @param scopes - Required scopes for the operation
|
|
71
74
|
* @param config - Authorization configuration including verifier, token store, etc.
|
|
72
|
-
* @param _resumeToken - Optional resume token from previous authorization attempt
|
|
73
75
|
* @returns Result indicating authorization status, delegation, or auth hints
|
|
74
76
|
*/
|
|
75
|
-
export async function verifyOrHints(agentDid, scopes, config
|
|
77
|
+
export async function verifyOrHints(agentDid, scopes, config) {
|
|
76
78
|
const startTime = Date.now();
|
|
77
79
|
if (config.debug) {
|
|
78
80
|
logger.debug(`[AuthHandshake] Verifying ${agentDid} for scopes: ${scopes.join(', ')}`);
|
|
79
81
|
}
|
|
80
82
|
let reputation;
|
|
81
83
|
if (config.reputationService && config.authorization.minReputationScore !== undefined) {
|
|
84
|
+
const unknownPolicy = config.authorization.unknownAgentPolicy ?? 'require-consent';
|
|
82
85
|
try {
|
|
83
86
|
reputation = await fetchAgentReputation(agentDid, config.reputationService);
|
|
84
|
-
|
|
85
|
-
|
|
87
|
+
}
|
|
88
|
+
catch (error) {
|
|
89
|
+
logger.error('[AuthHandshake] Reputation service unreachable, treating agent as unknown:', error);
|
|
90
|
+
reputation = {
|
|
91
|
+
agentDid,
|
|
92
|
+
score: null,
|
|
93
|
+
totalInteractions: 0,
|
|
94
|
+
successRate: 0,
|
|
95
|
+
riskLevel: 'unknown',
|
|
96
|
+
updatedAt: Date.now(),
|
|
97
|
+
};
|
|
98
|
+
}
|
|
99
|
+
if (config.debug) {
|
|
100
|
+
logger.debug(`[AuthHandshake] Reputation score: ${reputation.score}`);
|
|
101
|
+
}
|
|
102
|
+
// Unknown agent (no reputation data)
|
|
103
|
+
if (reputation.score === null) {
|
|
104
|
+
if (unknownPolicy === 'deny') {
|
|
105
|
+
const authError = await buildNeedsAuthorizationError(agentDid, scopes, config, 'Unknown agent denied by policy');
|
|
106
|
+
return {
|
|
107
|
+
authorized: false,
|
|
108
|
+
authError,
|
|
109
|
+
reputation,
|
|
110
|
+
reason: 'Unknown agent — policy: deny',
|
|
111
|
+
};
|
|
86
112
|
}
|
|
87
|
-
if (
|
|
88
|
-
|
|
89
|
-
logger.debug(`[AuthHandshake] Reputation ${reputation.score} < ${config.authorization.minReputationScore}, requiring authorization`);
|
|
90
|
-
}
|
|
91
|
-
const authError = await buildNeedsAuthorizationError(agentDid, scopes, config, 'Agent reputation score below threshold');
|
|
113
|
+
if (unknownPolicy === 'require-consent') {
|
|
114
|
+
const authError = await buildNeedsAuthorizationError(agentDid, scopes, config, 'Unknown agent requires consent');
|
|
92
115
|
return {
|
|
93
116
|
authorized: false,
|
|
94
117
|
authError,
|
|
95
118
|
reputation,
|
|
96
|
-
reason: '
|
|
119
|
+
reason: 'Unknown agent — policy: require-consent',
|
|
97
120
|
};
|
|
98
121
|
}
|
|
122
|
+
// unknownPolicy === 'allow' — skip reputation gate, continue to delegation check
|
|
123
|
+
if (config.debug) {
|
|
124
|
+
logger.debug('[AuthHandshake] Unknown agent allowed by policy, skipping reputation gate');
|
|
125
|
+
}
|
|
99
126
|
}
|
|
100
|
-
|
|
101
|
-
|
|
127
|
+
// Known agent with score below threshold
|
|
128
|
+
if (reputation.score !== null && reputation.score < config.authorization.minReputationScore) {
|
|
129
|
+
if (config.debug) {
|
|
130
|
+
logger.debug(`[AuthHandshake] Reputation ${reputation.score} < ${config.authorization.minReputationScore}, requiring authorization`);
|
|
131
|
+
}
|
|
132
|
+
const authError = await buildNeedsAuthorizationError(agentDid, scopes, config, 'Agent reputation score below threshold');
|
|
133
|
+
return {
|
|
134
|
+
authorized: false,
|
|
135
|
+
authError,
|
|
136
|
+
reputation,
|
|
137
|
+
reason: 'Low reputation score',
|
|
138
|
+
};
|
|
102
139
|
}
|
|
103
140
|
}
|
|
104
141
|
let delegationResult;
|
|
@@ -162,7 +199,7 @@ async function fetchAgentReputation(agentDid, reputationConfig) {
|
|
|
162
199
|
if (response.status === 404) {
|
|
163
200
|
return {
|
|
164
201
|
agentDid,
|
|
165
|
-
score:
|
|
202
|
+
score: null,
|
|
166
203
|
totalInteractions: 0,
|
|
167
204
|
successRate: 0,
|
|
168
205
|
riskLevel: 'unknown',
|
|
@@ -172,7 +209,7 @@ async function fetchAgentReputation(agentDid, reputationConfig) {
|
|
|
172
209
|
throw new Error(`Reputation API error: ${response.status} ${response.statusText}`);
|
|
173
210
|
}
|
|
174
211
|
const data = (await response.json());
|
|
175
|
-
const score = data['score'] ??
|
|
212
|
+
const score = data['score'] ?? 0;
|
|
176
213
|
const levelRaw = (data['level'] ??
|
|
177
214
|
data['riskLevel'] ??
|
|
178
215
|
'unknown').toLowerCase();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handshake.js","sourceRoot":"","sources":["../../src/auth/handshake.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,EAAE,6BAA6B,EAAE,MAAM,sBAAsB,CAAC;AAErE,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"handshake.js","sourceRoot":"","sources":["../../src/auth/handshake.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,EAAE,6BAA6B,EAAE,MAAM,sBAAsB,CAAC;AAErE,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAgG7C,MAAM,OAAO,sBAAsB;IACzB,MAAM,GAAG,IAAI,GAAG,EAUrB,CAAC;IACI,GAAG,CAAS;IAEpB,YAAY,KAAK,GAAG,OAAO;QACzB,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,MAAM,CACV,QAAgB,EAChB,MAAgB,EAChB,QAAkC;QAElC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QACjC,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QACzC,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjF,MAAM,KAAK,GAAG,MAAM,GAAG,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE;YACrB,QAAQ;YACR,MAAM;YACN,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,GAAG;YACzB,QAAQ;YACR,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,KAAa;QAOrB,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEvB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAChC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAEhC,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,KAAa;QACzB,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACxB,CAAC;IACH,CAAC;IAED,KAAK;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;CACF;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAgB,EAChB,MAAgB,EAChB,MAA2B;IAE3B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,CAAC,KAAK,CAAC,6BAA6B,QAAQ,gBAAgB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzF,CAAC;IAED,IAAI,UAAuC,CAAC;IAC5C,IAAI,MAAM,CAAC,iBAAiB,IAAI,MAAM,CAAC,aAAa,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QACtF,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC,kBAAkB,IAAI,iBAAiB,CAAC;QAEnF,IAAI,CAAC;YACH,UAAU,GAAG,MAAM,oBAAoB,CAAC,QAAQ,EAAE,MAAM,CAAC,iBAAiB,CAAC,CAAC;QAC9E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,4EAA4E,EAAE,KAAK,CAAC,CAAC;YAClG,UAAU,GAAG;gBACX,QAAQ;gBACR,KAAK,EAAE,IAAI;gBACX,iBAAiB,EAAE,CAAC;gBACpB,WAAW,EAAE,CAAC;gBACd,SAAS,EAAE,SAAS;gBACpB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,MAAM,CAAC,KAAK,CAAC,qCAAqC,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;QACxE,CAAC;QAED,qCAAqC;QACrC,IAAI,UAAU,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YAC9B,IAAI,aAAa,KAAK,MAAM,EAAE,CAAC;gBAC7B,MAAM,SAAS,GAAG,MAAM,4BAA4B,CAClD,QAAQ,EACR,MAAM,EACN,MAAM,EACN,gCAAgC,CACjC,CAAC;gBACF,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,SAAS;oBACT,UAAU;oBACV,MAAM,EAAE,8BAA8B;iBACvC,CAAC;YACJ,CAAC;YAED,IAAI,aAAa,KAAK,iBAAiB,EAAE,CAAC;gBACxC,MAAM,SAAS,GAAG,MAAM,4BAA4B,CAClD,QAAQ,EACR,MAAM,EACN,MAAM,EACN,gCAAgC,CACjC,CAAC;gBACF,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,SAAS;oBACT,UAAU;oBACV,MAAM,EAAE,yCAAyC;iBAClD,CAAC;YACJ,CAAC;YAED,iFAAiF;YACjF,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,MAAM,CAAC,KAAK,CAAC,2EAA2E,CAAC,CAAC;YAC5F,CAAC;QACH,CAAC;QAED,yCAAyC;QACzC,IAAI,UAAU,CAAC,KAAK,KAAK,IAAI,IAAI,UAAU,CAAC,KAAK,GAAG,MAAM,CAAC,aAAa,CAAC,kBAAkB,EAAE,CAAC;YAC5F,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,MAAM,CAAC,KAAK,CACV,8BAA8B,UAAU,CAAC,KAAK,MAAM,MAAM,CAAC,aAAa,CAAC,kBAAkB,2BAA2B,CACvH,CAAC;YACJ,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,4BAA4B,CAClD,QAAQ,EACR,MAAM,EACN,MAAM,EACN,wCAAwC,CACzC,CAAC;YAEF,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,SAAS;gBACT,UAAU;gBACV,MAAM,EAAE,sBAAsB;aAC/B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,gBAAwC,CAAC;IAE7C,IAAI,CAAC;QACH,gBAAgB,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC9E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,iDAAiD,EAAE,KAAK,CAAC,CAAC;QACvE,MAAM,YAAY,GAAG,kCAAkC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC;QAElH,MAAM,SAAS,GAAG,MAAM,4BAA4B,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;QAE7F,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,SAAS;YACT,MAAM,EAAE,YAAY;SACrB,CAAC;IACJ,CAAC;IAED,IAAI,gBAAgB,CAAC,KAAK,IAAI,gBAAgB,CAAC,UAAU,EAAE,CAAC;QAC1D,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,MAAM,CAAC,KAAK,CACV,iDAAiD,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,KAAK,CAC7E,CAAC;QACJ,CAAC;QAED,OAAO;YACL,UAAU,EAAE,IAAI;YAChB,UAAU,EAAE,gBAAgB,CAAC,UAAU;YACvC,UAAU,EAAE,gBAAgB,CAAC,UAAU;YACvC,UAAU;YACV,MAAM,EAAE,wBAAwB;SACjC,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,CAAC,KAAK,CACV,uEAAuE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,KAAK,CACnG,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,4BAA4B,CAClD,QAAQ,EACR,MAAM,EACN,MAAM,EACN,gBAAgB,CAAC,MAAM,IAAI,2BAA2B,CACvD,CAAC;IAEF,OAAO;QACL,UAAU,EAAE,KAAK;QACjB,SAAS;QACT,UAAU;QACV,MAAM,EAAE,gBAAgB,CAAC,MAAM,IAAI,eAAe;KACnD,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,QAAgB,EAChB,gBAA8E;IAE9E,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC1D,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;KACnC,CAAC;IAEF,IAAI,gBAAgB,CAAC,MAAM,EAAE,CAAC;QAC5B,OAAO,CAAC,WAAW,CAAC,GAAG,gBAAgB,CAAC,MAAM,CAAC;IACjD,CAAC;IAED,MAAM,UAAU,GAAG,gBAAgB,CAAC,SAAS,KAAK,IAAI,CAAC;IACvD,IAAI,QAAkB,CAAC;IAEvB,IAAI,UAAU,EAAE,CAAC;QACf,QAAQ,GAAG,MAAM,KAAK,CACpB,GAAG,MAAM,kBAAkB,kBAAkB,CAAC,QAAQ,CAAC,EAAE,EACzD;YACE,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;SACjD,CACF,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,QAAQ,GAAG,MAAM,KAAK,CACpB,GAAG,MAAM,sBAAsB,kBAAkB,CAAC,QAAQ,CAAC,EAAE,EAC7D,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,CAC3B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,OAAO;gBACL,QAAQ;gBACR,KAAK,EAAE,IAAI;gBACX,iBAAiB,EAAE,CAAC;gBACpB,WAAW,EAAE,CAAC;gBACd,SAAS,EAAE,SAAS;gBACpB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;IAEhE,MAAM,KAAK,GAAI,IAAI,CAAC,OAAO,CAAwB,IAAI,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,CACd,IAAI,CAAC,OAAO,CAAwB;QACpC,IAAI,CAAC,WAAW,CAAwB;QACzC,SAAS,CACV,CAAC,WAAW,EAAE,CAAC;IAChB,MAAM,SAAS,GACb,QAAQ,KAAK,KAAK,IAAI,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IAE5F,OAAO;QACL,QAAQ,EACL,IAAI,CAAC,WAAW,CAAwB;YACxC,IAAI,CAAC,UAAU,CAAwB;YACxC,QAAQ;QACV,KAAK;QACL,iBAAiB,EAAG,IAAI,CAAC,mBAAmB,CAAwB,IAAI,CAAC;QACzE,WAAW,EAAG,IAAI,CAAC,aAAa,CAAwB,IAAI,CAAC;QAC7D,SAAS;QACT,SAAS,EAAE,IAAI,CAAC,cAAc,CAAC;YAC7B,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,cAAc,CAAW,CAAC,CAAC,OAAO,EAAE;YACpD,CAAC,CAAC,CAAE,IAAI,CAAC,WAAW,CAAwB,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;KAC9D,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,4BAA4B,CACzC,QAAgB,EAChB,MAAgB,EAChB,MAA2B,EAC3B,OAAe;IAEf,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE;QACzE,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE;KACxB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,IAAI,OAAO,CAAC,CAAC;IAEhF,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAC/D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAChD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IAEtD,MAAM,QAAQ,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IAE3D,MAAM,OAAO,GAAyB;QACpC,KAAK,EAAE,wBAAwB;QAC/B,IAAI,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC;QACpB,iBAAiB,EAAE,QAAQ;QAC3B,KAAK,EAAE,oDAAoD,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,EAAE;KACpG,CAAC;IAEF,OAAO,6BAA6B,CAAC;QACnC,OAAO;QACP,gBAAgB,EAAE,OAAO,CAAC,QAAQ,EAAE;QACpC,WAAW;QACX,SAAS;QACT,MAAM;QACN,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,MAAgB;IACjD,MAAM,iBAAiB,GAAG;QACxB,OAAO;QACP,QAAQ;QACR,OAAO;QACP,SAAS;QACT,UAAU;QACV,SAAS;QACT,QAAQ;KACT,CAAC;IAEF,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAC3B,iBAAiB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAC3E,CAAC;AACJ,CAAC"}
|
package/dist/auth/index.d.ts
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
export { verifyOrHints, hasSensitiveScopes, MemoryResumeTokenStore, type AuthHandshakeConfig, type VerifyOrHintsResult, type AgentReputation, type ResumeTokenStore, } from './handshake.js';
|
|
1
|
+
export { verifyOrHints, hasSensitiveScopes, MemoryResumeTokenStore, type AuthHandshakeConfig, type VerifyOrHintsResult, type AgentReputation, type ResumeTokenStore, type UnknownAgentPolicy, } from './handshake.js';
|
|
2
2
|
export type { DelegationVerifier, VerifyDelegationResult } from './types.js';
|
|
3
3
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/auth/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,sBAAsB,EACtB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACpB,KAAK,gBAAgB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,sBAAsB,EACtB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,GACxB,MAAM,gBAAgB,CAAC;AAExB,YAAY,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC"}
|
package/dist/auth/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,sBAAsB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,sBAAsB,GAMvB,MAAM,gBAAgB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cascading-revocation.d.ts","sourceRoot":"","sources":["../../src/delegation/cascading-revocation.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,sBAAsB,EAAuB,MAAM,uBAAuB,CAAC;AACpF,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAEhE,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,cAAc,GAAG,CAAC,KAAK,EAAE,eAAe,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AAE9E,MAAM,WAAW,0BAA0B;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,0BAA0B;IAEnC,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,UAAU;gBADV,KAAK,EAAE,sBAAsB,EAC7B,UAAU,EAAE,qBAAqB;IAGrC,gBAAgB,CACpB,YAAY,EAAE,MAAM,EACpB,OAAO,GAAE,0BAA+B,GACvC,OAAO,CAAC,eAAe,EAAE,CAAC;YA8Cf,UAAU;IA6BlB,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAuBjE,SAAS,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC;QAC7C,OAAO,EAAE,OAAO,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;
|
|
1
|
+
{"version":3,"file":"cascading-revocation.d.ts","sourceRoot":"","sources":["../../src/delegation/cascading-revocation.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,sBAAsB,EAAuB,MAAM,uBAAuB,CAAC;AACpF,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAEhE,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,cAAc,GAAG,CAAC,KAAK,EAAE,eAAe,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AAE9E,MAAM,WAAW,0BAA0B;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,0BAA0B;IAEnC,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,UAAU;gBADV,KAAK,EAAE,sBAAsB,EAC7B,UAAU,EAAE,qBAAqB;IAGrC,gBAAgB,CACpB,YAAY,EAAE,MAAM,EACpB,OAAO,GAAE,0BAA+B,GACvC,OAAO,CAAC,eAAe,EAAE,CAAC;YA8Cf,UAAU;IA6BlB,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAuBjE,SAAS,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC;QAC7C,OAAO,EAAE,OAAO,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;IAwBI,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAmB5D,OAAO,CAAC,qBAAqB;IAgBvB,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAkB7F;AAED,wBAAgB,gCAAgC,CAC9C,KAAK,EAAE,sBAAsB,EAC7B,UAAU,EAAE,qBAAqB,GAChC,0BAA0B,CAE5B"}
|
|
@@ -78,8 +78,10 @@ export class CascadingRevocationManager {
|
|
|
78
78
|
return event;
|
|
79
79
|
}
|
|
80
80
|
async isRevoked(delegationId) {
|
|
81
|
+
// Walk root → target so ancestor revocation is detected before the
|
|
82
|
+
// target's own (cascade-set) bit. getChain() already returns root-first order.
|
|
81
83
|
const chain = await this.graph.getChain(delegationId);
|
|
82
|
-
for (const node of chain
|
|
84
|
+
for (const node of chain) {
|
|
83
85
|
if (node.credentialStatusId) {
|
|
84
86
|
const credentialStatus = this.parseCredentialStatus(node.credentialStatusId);
|
|
85
87
|
if (credentialStatus) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cascading-revocation.js","sourceRoot":"","sources":["../../src/delegation/cascading-revocation.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAuBH,MAAM,OAAO,0BAA0B;IAE3B;IACA;IAFV,YACU,KAA6B,EAC7B,UAAiC;QADjC,UAAK,GAAL,KAAK,CAAwB;QAC7B,eAAU,GAAV,UAAU,CAAuB;IACxC,CAAC;IAEJ,KAAK,CAAC,gBAAgB,CACpB,YAAoB,EACpB,UAAsC,EAAE;QAExC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,GAAG,CAAC;QACzC,MAAM,MAAM,GAAsB,EAAE,CAAC;QAErC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QACtD,IAAI,KAAK,GAAG,QAAQ,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,oBAAoB,KAAK,oBAAoB,QAAQ,EAAE,CAAC,CAAC;QAC3E,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CACrC,UAAU,EACV,IAAI,EACJ,OAAO,CAAC,MAAM,EACd,OAAO,CAAC,MAAM,CACf,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAEvB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,MAAM,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACpC,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;QAElE,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CACjC,UAAU,EACV,KAAK,EACL,iBAAiB,YAAY,EAAE,EAC/B,OAAO,CAAC,MAAM,EACd,YAAY,CACb,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAEnB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,MAAM,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,IAAoB,EACpB,MAAe,EACf,MAAe,EACf,MAAgB,EAChB,QAAiB;QAEjB,MAAM,KAAK,GAAoB;YAC7B,YAAY,EAAE,IAAI,CAAC,EAAE;YACrB,MAAM;YACN,QAAQ;YACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,MAAM;SACP,CAAC;QAEF,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC7E,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,YAAoB;QAC1C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACpD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,KAAK,GAAoB;YAC7B,YAAY,EAAE,IAAI,CAAC,EAAE;YACrB,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,MAAM,EAAE,UAAU;SACnB,CAAC;QAEF,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC7E,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,YAAoB;QAKlC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAEtD,KAAK,MAAM,IAAI,IAAI,KAAK,
|
|
1
|
+
{"version":3,"file":"cascading-revocation.js","sourceRoot":"","sources":["../../src/delegation/cascading-revocation.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAuBH,MAAM,OAAO,0BAA0B;IAE3B;IACA;IAFV,YACU,KAA6B,EAC7B,UAAiC;QADjC,UAAK,GAAL,KAAK,CAAwB;QAC7B,eAAU,GAAV,UAAU,CAAuB;IACxC,CAAC;IAEJ,KAAK,CAAC,gBAAgB,CACpB,YAAoB,EACpB,UAAsC,EAAE;QAExC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,GAAG,CAAC;QACzC,MAAM,MAAM,GAAsB,EAAE,CAAC;QAErC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QACtD,IAAI,KAAK,GAAG,QAAQ,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,oBAAoB,KAAK,oBAAoB,QAAQ,EAAE,CAAC,CAAC;QAC3E,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CACrC,UAAU,EACV,IAAI,EACJ,OAAO,CAAC,MAAM,EACd,OAAO,CAAC,MAAM,CACf,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAEvB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,MAAM,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACpC,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;QAElE,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CACjC,UAAU,EACV,KAAK,EACL,iBAAiB,YAAY,EAAE,EAC/B,OAAO,CAAC,MAAM,EACd,YAAY,CACb,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAEnB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,MAAM,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,IAAoB,EACpB,MAAe,EACf,MAAe,EACf,MAAgB,EAChB,QAAiB;QAEjB,MAAM,KAAK,GAAoB;YAC7B,YAAY,EAAE,IAAI,CAAC,EAAE;YACrB,MAAM;YACN,QAAQ;YACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,MAAM;SACP,CAAC;QAEF,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC7E,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,YAAoB;QAC1C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACpD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,KAAK,GAAoB;YAC7B,YAAY,EAAE,IAAI,CAAC,EAAE;YACrB,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,MAAM,EAAE,UAAU;SACnB,CAAC;QAEF,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC7E,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,YAAoB;QAKlC,mEAAmE;QACnE,+EAA+E;QAC/E,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAEtD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC5B,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;gBAC7E,IAAI,gBAAgB,EAAE,CAAC;oBACrB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAAC;oBACtE,IAAI,SAAS,EAAE,CAAC;wBACd,OAAO;4BACL,OAAO,EAAE,IAAI;4BACb,MAAM,EAAE,IAAI,CAAC,EAAE,KAAK,YAAY,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,kBAAkB;4BAC1E,eAAe,EAAE,IAAI,CAAC,EAAE,KAAK,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE;yBAChE,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,MAAc;QACtC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAa,EAAE,CAAC;QAE7B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACjD,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAChD,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;gBACtB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,qBAAqB,CAAC,kBAA0B;QACtD,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QACvD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,MAAM,CAAC,EAAE,oBAAoB,EAAE,QAAQ,CAAC,GAAG,KAAK,CAAC;QACjD,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAS,EAAE,EAAE,CAAC,CAAC;QAEtC,OAAO;YACL,EAAE,EAAE,kBAAkB;YACtB,IAAI,EAAE,qBAAqB;YAC3B,aAAa,EAAE,YAAY;YAC3B,eAAe,EAAE,KAAK,CAAC,QAAQ,EAAE;YACjC,oBAAoB,EAAE,oBAAqB;SAC5C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,YAAoB;QAC3C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,YAAY,CAAC,eAAe;oBAClC,CAAC,CAAC,YAAY,YAAY,CAAC,eAAe,aAAa;oBACvD,CAAC,CAAC,uBAAuB;aAC5B,CAAC;QACJ,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;QACrE,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;YAC3B,OAAO,eAAe,CAAC;QACzB,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;CACF;AAED,MAAM,UAAU,gCAAgC,CAC9C,KAA6B,EAC7B,UAAiC;IAEjC,OAAO,IAAI,0BAA0B,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;AAC3D,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"did-key-resolver.d.ts","sourceRoot":"","sources":["../../src/delegation/did-key-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;
|
|
1
|
+
{"version":3,"file":"did-key-resolver.d.ts","sourceRoot":"","sources":["../../src/delegation/did-key-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAsB,MAAM,kBAAkB,CAAC;AASrF;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAEpD;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI,CA8BzE;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,cAAc,EAAE,UAAU,GAAG;IAC1D,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC;CACX,CAMA;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,IAAI,WAAW,CAwClD;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CA6BjE"}
|
|
@@ -14,6 +14,7 @@
|
|
|
14
14
|
* @see https://w3c-ccg.github.io/did-method-key/
|
|
15
15
|
*/
|
|
16
16
|
import { base58Decode } from '../utils/base58.js';
|
|
17
|
+
import { didKeyFragment } from '../utils/did-helpers.js';
|
|
17
18
|
import { base64urlEncodeFromBytes } from '../utils/base64.js';
|
|
18
19
|
import { logger } from '../logging/index.js';
|
|
19
20
|
/** Ed25519 multicodec prefix (0xed 0x01) */
|
|
@@ -102,8 +103,9 @@ export function createDidKeyResolver() {
|
|
|
102
103
|
// Get the multibase-encoded key for publicKeyMultibase
|
|
103
104
|
const multibaseKey = did.replace('did:key:', '');
|
|
104
105
|
// Construct the verification method
|
|
106
|
+
const fragment = didKeyFragment(did);
|
|
105
107
|
const verificationMethod = {
|
|
106
|
-
id: `${did}
|
|
108
|
+
id: `${did}#${fragment}`,
|
|
107
109
|
type: 'Ed25519VerificationKey2020',
|
|
108
110
|
controller: did,
|
|
109
111
|
publicKeyJwk,
|
|
@@ -113,8 +115,8 @@ export function createDidKeyResolver() {
|
|
|
113
115
|
return {
|
|
114
116
|
id: did,
|
|
115
117
|
verificationMethod: [verificationMethod],
|
|
116
|
-
authentication: [`${did}
|
|
117
|
-
assertionMethod: [`${did}
|
|
118
|
+
authentication: [`${did}#${fragment}`],
|
|
119
|
+
assertionMethod: [`${did}#${fragment}`],
|
|
118
120
|
};
|
|
119
121
|
},
|
|
120
122
|
};
|
|
@@ -137,8 +139,9 @@ export function resolveDidKeySync(did) {
|
|
|
137
139
|
}
|
|
138
140
|
const publicKeyJwk = publicKeyToJwk(publicKeyBytes);
|
|
139
141
|
const multibaseKey = did.replace('did:key:', '');
|
|
142
|
+
const fragment = didKeyFragment(did);
|
|
140
143
|
const verificationMethod = {
|
|
141
|
-
id: `${did}
|
|
144
|
+
id: `${did}#${fragment}`,
|
|
142
145
|
type: 'Ed25519VerificationKey2020',
|
|
143
146
|
controller: did,
|
|
144
147
|
publicKeyJwk,
|
|
@@ -147,8 +150,8 @@ export function resolveDidKeySync(did) {
|
|
|
147
150
|
return {
|
|
148
151
|
id: did,
|
|
149
152
|
verificationMethod: [verificationMethod],
|
|
150
|
-
authentication: [`${did}
|
|
151
|
-
assertionMethod: [`${did}
|
|
153
|
+
authentication: [`${did}#${fragment}`],
|
|
154
|
+
assertionMethod: [`${did}#${fragment}`],
|
|
152
155
|
};
|
|
153
156
|
}
|
|
154
157
|
//# sourceMappingURL=did-key-resolver.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"did-key-resolver.js","sourceRoot":"","sources":["../../src/delegation/did-key-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAE9D,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C,4CAA4C;AAC5C,MAAM,yBAAyB,GAAG,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;AAE/D,gCAAgC;AAChC,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAErC;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,OAAO,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;AACxC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CAAC,GAAW;IACpD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,wDAAwD;QACxD,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAEjD,8CAA8C;QAC9C,MAAM,aAAa,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAE5C,qBAAqB;QACrB,MAAM,eAAe,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;QAEpD,kDAAkD;QAClD,IACE,eAAe,CAAC,MAAM,GAAG,yBAAyB,CAAC,MAAM,GAAG,yBAAyB;YACrF,eAAe,CAAC,CAAC,CAAC,KAAK,yBAAyB,CAAC,CAAC,CAAC;YACnD,eAAe,CAAC,CAAC,CAAC,KAAK,yBAAyB,CAAC,CAAC,CAAC,EACnD,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kDAAkD;QAClD,OAAO,eAAe,CAAC,KAAK,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;IACjE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAC;QACjE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,cAA0B;IAKvD,OAAO;QACL,GAAG,EAAE,KAAK;QACV,GAAG,EAAE,SAAS;QACd,CAAC,EAAE,wBAAwB,CAAC,cAAc,CAAC;KAC5C,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO;QACL,OAAO,EAAE,KAAK,EAAE,GAAW,EAA+B,EAAE;YAC1D,uCAAuC;YACvC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,yBAAyB;YACzB,MAAM,cAAc,GAAG,0BAA0B,CAAC,GAAG,CAAC,CAAC;YACvD,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,iBAAiB;YACjB,MAAM,YAAY,GAAG,cAAc,CAAC,cAAc,CAAC,CAAC;YAEpD,uDAAuD;YACvD,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;YAEjD,oCAAoC;YACpC,MAAM,kBAAkB,GAAuB;gBAC7C,EAAE,EAAE,GAAG,GAAG,
|
|
1
|
+
{"version":3,"file":"did-key-resolver.js","sourceRoot":"","sources":["../../src/delegation/did-key-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAE9D,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C,4CAA4C;AAC5C,MAAM,yBAAyB,GAAG,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;AAE/D,gCAAgC;AAChC,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAErC;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,OAAO,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;AACxC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CAAC,GAAW;IACpD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,wDAAwD;QACxD,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAEjD,8CAA8C;QAC9C,MAAM,aAAa,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAE5C,qBAAqB;QACrB,MAAM,eAAe,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;QAEpD,kDAAkD;QAClD,IACE,eAAe,CAAC,MAAM,GAAG,yBAAyB,CAAC,MAAM,GAAG,yBAAyB;YACrF,eAAe,CAAC,CAAC,CAAC,KAAK,yBAAyB,CAAC,CAAC,CAAC;YACnD,eAAe,CAAC,CAAC,CAAC,KAAK,yBAAyB,CAAC,CAAC,CAAC,EACnD,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kDAAkD;QAClD,OAAO,eAAe,CAAC,KAAK,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;IACjE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAC;QACjE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,cAA0B;IAKvD,OAAO;QACL,GAAG,EAAE,KAAK;QACV,GAAG,EAAE,SAAS;QACd,CAAC,EAAE,wBAAwB,CAAC,cAAc,CAAC;KAC5C,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO;QACL,OAAO,EAAE,KAAK,EAAE,GAAW,EAA+B,EAAE;YAC1D,uCAAuC;YACvC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,yBAAyB;YACzB,MAAM,cAAc,GAAG,0BAA0B,CAAC,GAAG,CAAC,CAAC;YACvD,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,iBAAiB;YACjB,MAAM,YAAY,GAAG,cAAc,CAAC,cAAc,CAAC,CAAC;YAEpD,uDAAuD;YACvD,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;YAEjD,oCAAoC;YACpC,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;YAErC,MAAM,kBAAkB,GAAuB;gBAC7C,EAAE,EAAE,GAAG,GAAG,IAAI,QAAQ,EAAE;gBACxB,IAAI,EAAE,4BAA4B;gBAClC,UAAU,EAAE,GAAG;gBACf,YAAY;gBACZ,kBAAkB,EAAE,YAAY;aACjC,CAAC;YAEF,wCAAwC;YACxC,OAAO;gBACL,EAAE,EAAE,GAAG;gBACP,kBAAkB,EAAE,CAAC,kBAAkB,CAAC;gBACxC,cAAc,EAAE,CAAC,GAAG,GAAG,IAAI,QAAQ,EAAE,CAAC;gBACtC,eAAe,EAAE,CAAC,GAAG,GAAG,IAAI,QAAQ,EAAE,CAAC;aACxC,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAW;IAC3C,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,cAAc,GAAG,0BAA0B,CAAC,GAAG,CAAC,CAAC;IACvD,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,YAAY,GAAG,cAAc,CAAC,cAAc,CAAC,CAAC;IACpD,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAEjD,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IAErC,MAAM,kBAAkB,GAAuB;QAC7C,EAAE,EAAE,GAAG,GAAG,IAAI,QAAQ,EAAE;QACxB,IAAI,EAAE,4BAA4B;QAClC,UAAU,EAAE,GAAG;QACf,YAAY;QACZ,kBAAkB,EAAE,YAAY;KACjC,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,GAAG;QACP,kBAAkB,EAAE,CAAC,kBAAkB,CAAC;QACxC,cAAc,EAAE,CAAC,GAAG,GAAG,IAAI,QAAQ,EAAE,CAAC;QACtC,eAAe,EAAE,CAAC,GAAG,GAAG,IAAI,QAAQ,EAAE,CAAC;KACxC,CAAC;AACJ,CAAC"}
|
|
@@ -5,23 +5,22 @@
|
|
|
5
5
|
* delegation context to downstream services.
|
|
6
6
|
*
|
|
7
7
|
* Headers (MCP-I §7):
|
|
8
|
-
* -
|
|
9
|
-
* -
|
|
10
|
-
* -
|
|
11
|
-
* -
|
|
8
|
+
* - KYA-Agent-DID: the original agent's DID
|
|
9
|
+
* - KYA-Delegation-Chain: the delegation chain ID (vcId of the root delegation)
|
|
10
|
+
* - KYA-Session-Id: the current session ID
|
|
11
|
+
* - KYA-Delegation-Proof: a signed JWT proving the delegation is being forwarded
|
|
12
12
|
*
|
|
13
13
|
* Related Spec: MCP-I §7 — Outbound Delegation Propagation
|
|
14
14
|
*/
|
|
15
15
|
import type { SessionContext, DelegationRecord } from '../types/protocol.js';
|
|
16
|
-
import type { CryptoProvider } from '../providers/base.js';
|
|
17
16
|
/**
|
|
18
17
|
* Header names for outbound delegation propagation
|
|
19
18
|
*/
|
|
20
19
|
export declare const OUTBOUND_HEADER_NAMES: {
|
|
21
|
-
readonly AGENT_DID: "
|
|
22
|
-
readonly DELEGATION_CHAIN: "
|
|
23
|
-
readonly SESSION_ID: "
|
|
24
|
-
readonly DELEGATION_PROOF: "
|
|
20
|
+
readonly AGENT_DID: "KYA-Agent-DID";
|
|
21
|
+
readonly DELEGATION_CHAIN: "KYA-Delegation-Chain";
|
|
22
|
+
readonly SESSION_ID: "KYA-Session-Id";
|
|
23
|
+
readonly DELEGATION_PROOF: "KYA-Delegation-Proof";
|
|
25
24
|
};
|
|
26
25
|
/**
|
|
27
26
|
* Context required to build outbound delegation headers
|
|
@@ -44,10 +43,10 @@ export interface OutboundDelegationContext {
|
|
|
44
43
|
* Outbound delegation headers to attach to downstream requests
|
|
45
44
|
*/
|
|
46
45
|
export interface OutboundDelegationHeaders {
|
|
47
|
-
'
|
|
48
|
-
'
|
|
49
|
-
'
|
|
50
|
-
'
|
|
46
|
+
'KYA-Agent-DID': string;
|
|
47
|
+
'KYA-Delegation-Chain': string;
|
|
48
|
+
'KYA-Session-Id': string;
|
|
49
|
+
'KYA-Delegation-Proof': string;
|
|
51
50
|
}
|
|
52
51
|
/**
|
|
53
52
|
* Build outbound delegation headers for forwarding to downstream services.
|
|
@@ -57,7 +56,6 @@ export interface OutboundDelegationHeaders {
|
|
|
57
56
|
* downstream service can independently verify the delegation chain.
|
|
58
57
|
*
|
|
59
58
|
* @param context - The delegation context including session, delegation, and server identity
|
|
60
|
-
* @param _cryptoProvider - CryptoProvider (reserved for future use)
|
|
61
59
|
* @returns Headers object to attach to the outbound request
|
|
62
60
|
*
|
|
63
61
|
* @throws {Error} If session is missing agentDid or sessionId
|
|
@@ -71,11 +69,11 @@ export interface OutboundDelegationHeaders {
|
|
|
71
69
|
* delegation,
|
|
72
70
|
* serverIdentity: { did: serverDid, kid: serverKid, privateKey },
|
|
73
71
|
* targetUrl: 'https://downstream-api.example.com/resource',
|
|
74
|
-
* }
|
|
72
|
+
* });
|
|
75
73
|
*
|
|
76
74
|
* // Attach headers to your HTTP request
|
|
77
75
|
* fetch(targetUrl, { headers });
|
|
78
76
|
* ```
|
|
79
77
|
*/
|
|
80
|
-
export declare function buildOutboundDelegationHeaders(context: OutboundDelegationContext
|
|
78
|
+
export declare function buildOutboundDelegationHeaders(context: OutboundDelegationContext): Promise<OutboundDelegationHeaders>;
|
|
81
79
|
//# sourceMappingURL=outbound-headers.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"outbound-headers.d.ts","sourceRoot":"","sources":["../../src/delegation/outbound-headers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"outbound-headers.d.ts","sourceRoot":"","sources":["../../src/delegation/outbound-headers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAM7E;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;;CAKxB,CAAC;AAEX;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,kCAAkC;IAClC,OAAO,EAAE,cAAc,CAAC;IACxB,4CAA4C;IAC5C,UAAU,EAAE,gBAAgB,CAAC;IAC7B,sDAAsD;IACtD,cAAc,EAAE;QACd,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,eAAe,EAAE,MAAM,CAAC;IACxB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,MAAM,CAAC;IACzB,sBAAsB,EAAE,MAAM,CAAC;CAChC;AAgDD;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,wBAAsB,8BAA8B,CAClD,OAAO,EAAE,yBAAyB,GACjC,OAAO,CAAC,yBAAyB,CAAC,CAuDpC"}
|
|
@@ -5,10 +5,10 @@
|
|
|
5
5
|
* delegation context to downstream services.
|
|
6
6
|
*
|
|
7
7
|
* Headers (MCP-I §7):
|
|
8
|
-
* -
|
|
9
|
-
* -
|
|
10
|
-
* -
|
|
11
|
-
* -
|
|
8
|
+
* - KYA-Agent-DID: the original agent's DID
|
|
9
|
+
* - KYA-Delegation-Chain: the delegation chain ID (vcId of the root delegation)
|
|
10
|
+
* - KYA-Session-Id: the current session ID
|
|
11
|
+
* - KYA-Delegation-Proof: a signed JWT proving the delegation is being forwarded
|
|
12
12
|
*
|
|
13
13
|
* Related Spec: MCP-I §7 — Outbound Delegation Propagation
|
|
14
14
|
*/
|
|
@@ -20,10 +20,10 @@ import { logger } from '../logging/index.js';
|
|
|
20
20
|
* Header names for outbound delegation propagation
|
|
21
21
|
*/
|
|
22
22
|
export const OUTBOUND_HEADER_NAMES = {
|
|
23
|
-
AGENT_DID: '
|
|
24
|
-
DELEGATION_CHAIN: '
|
|
25
|
-
SESSION_ID: '
|
|
26
|
-
DELEGATION_PROOF: '
|
|
23
|
+
AGENT_DID: 'KYA-Agent-DID',
|
|
24
|
+
DELEGATION_CHAIN: 'KYA-Delegation-Chain',
|
|
25
|
+
SESSION_ID: 'KYA-Session-Id',
|
|
26
|
+
DELEGATION_PROOF: 'KYA-Delegation-Proof',
|
|
27
27
|
};
|
|
28
28
|
/**
|
|
29
29
|
* Extract hostname from a URL
|
|
@@ -71,7 +71,6 @@ function buildPrivateKeyJwk(privateKeyBase64, serverDid) {
|
|
|
71
71
|
* downstream service can independently verify the delegation chain.
|
|
72
72
|
*
|
|
73
73
|
* @param context - The delegation context including session, delegation, and server identity
|
|
74
|
-
* @param _cryptoProvider - CryptoProvider (reserved for future use)
|
|
75
74
|
* @returns Headers object to attach to the outbound request
|
|
76
75
|
*
|
|
77
76
|
* @throws {Error} If session is missing agentDid or sessionId
|
|
@@ -85,13 +84,13 @@ function buildPrivateKeyJwk(privateKeyBase64, serverDid) {
|
|
|
85
84
|
* delegation,
|
|
86
85
|
* serverIdentity: { did: serverDid, kid: serverKid, privateKey },
|
|
87
86
|
* targetUrl: 'https://downstream-api.example.com/resource',
|
|
88
|
-
* }
|
|
87
|
+
* });
|
|
89
88
|
*
|
|
90
89
|
* // Attach headers to your HTTP request
|
|
91
90
|
* fetch(targetUrl, { headers });
|
|
92
91
|
* ```
|
|
93
92
|
*/
|
|
94
|
-
export async function buildOutboundDelegationHeaders(context
|
|
93
|
+
export async function buildOutboundDelegationHeaders(context) {
|
|
95
94
|
const { session, delegation, serverIdentity, targetUrl } = context;
|
|
96
95
|
// Validate required fields
|
|
97
96
|
if (!session.agentDid) {
|
|
@@ -130,10 +129,10 @@ export async function buildOutboundDelegationHeaders(context, _cryptoProvider) {
|
|
|
130
129
|
targetHostname,
|
|
131
130
|
});
|
|
132
131
|
return {
|
|
133
|
-
'
|
|
134
|
-
'
|
|
135
|
-
'
|
|
136
|
-
'
|
|
132
|
+
'KYA-Agent-DID': session.agentDid,
|
|
133
|
+
'KYA-Delegation-Chain': delegation.vcId,
|
|
134
|
+
'KYA-Session-Id': session.sessionId,
|
|
135
|
+
'KYA-Delegation-Proof': jwt,
|
|
137
136
|
};
|
|
138
137
|
}
|
|
139
138
|
//# sourceMappingURL=outbound-headers.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"outbound-headers.js","sourceRoot":"","sources":["../../src/delegation/outbound-headers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;
|
|
1
|
+
{"version":3,"file":"outbound-headers.js","sourceRoot":"","sources":["../../src/delegation/outbound-headers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,EAAE,uBAAuB,EAA0B,MAAM,qBAAqB,CAAC;AACtF,OAAO,EAAE,0BAA0B,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACpF,OAAO,EAAE,aAAa,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,SAAS,EAAE,eAAe;IAC1B,gBAAgB,EAAE,sBAAsB;IACxC,UAAU,EAAE,gBAAgB;IAC5B,gBAAgB,EAAE,sBAAsB;CAChC,CAAC;AA8BX;;GAEG;AACH,SAAS,eAAe,CAAC,GAAW;IAClC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,MAAM,CAAC,QAAQ,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,CAAC,IAAI,CAAC,yCAAyC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAChE,OAAO,GAAG,CAAC;IACb,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CACzB,gBAAwB,EACxB,SAAiB;IAEjB,qCAAqC;IACrC,MAAM,eAAe,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAExD,qEAAqE;IACrE,MAAM,IAAI,GAAG,eAAe,CAAC,MAAM,KAAK,EAAE;QACxC,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC;QACjC,CAAC,CAAC,eAAe,CAAC;IAEpB,kCAAkC;IAClC,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,4CAA4C,SAAS,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,cAAc,GAAG,0BAA0B,CAAC,SAAS,CAAC,CAAC;IAC7D,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,0CAA0C,SAAS,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,OAAO;QACL,GAAG,EAAE,KAAK;QACV,GAAG,EAAE,SAAS;QACd,CAAC,EAAE,wBAAwB,CAAC,cAAc,CAAC;QAC3C,CAAC,EAAE,wBAAwB,CAAC,IAAI,CAAC;KAClC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,OAAkC;IAElC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;IAEnE,2BAA2B;IAC3B,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACxE,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,oCAAoC;IACpC,MAAM,cAAc,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;IAElD,qDAAqD;IACrD,MAAM,aAAa,GAAG,kBAAkB,CACtC,cAAc,CAAC,UAAU,EACzB,cAAc,CAAC,GAAG,CACnB,CAAC;IAEF,iCAAiC;IACjC,6BAA6B;IAC7B,2DAA2D;IAC3D,uCAAuC;IACvC,iDAAiD;IACjD,kCAAkC;IAClC,MAAM,GAAG,GAAG,MAAM,uBAAuB,CAAC;QACxC,QAAQ,EAAE,cAAc,CAAC,GAAG,EAAM,kCAAkC;QACpE,OAAO,EAAE,OAAO,CAAC,QAAQ,EAAS,+BAA+B;QACjE,YAAY,EAAE,UAAU,CAAC,EAAE;QAC3B,eAAe,EAAE,UAAU,CAAC,IAAI;QAChC,MAAM,EAAE,CAAC,sBAAsB,CAAC;QAChC,aAAa;QACb,GAAG,EAAE,cAAc,CAAC,GAAG;QACvB,cAAc;KACf,CAAC,CAAC;IAEH,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE;QAChD,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,eAAe,EAAE,UAAU,CAAC,IAAI;QAChC,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,cAAc;KACf,CAAC,CAAC;IAEH,OAAO;QACL,eAAe,EAAE,OAAO,CAAC,QAAQ;QACjC,sBAAsB,EAAE,UAAU,CAAC,IAAI;QACvC,gBAAgB,EAAE,OAAO,CAAC,SAAS;QACnC,sBAAsB,EAAE,GAAG;KAC5B,CAAC;AACJ,CAAC"}
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
* Enables downstream services to independently verify the delegation chain.
|
|
6
6
|
*
|
|
7
7
|
* Wire format: signed compact EdDSA JWT (60s TTL, per-call jti)
|
|
8
|
-
* Header injection:
|
|
8
|
+
* Header injection: KYA-Delegation-Id, KYA-Delegation-Chain, KYA-Delegation-Proof, KYA-Granted-Scopes
|
|
9
9
|
*
|
|
10
10
|
* Related Spec: MCP-I §2 — Outbound Delegation Propagation
|
|
11
11
|
*/
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
* Enables downstream services to independently verify the delegation chain.
|
|
6
6
|
*
|
|
7
7
|
* Wire format: signed compact EdDSA JWT (60s TTL, per-call jti)
|
|
8
|
-
* Header injection:
|
|
8
|
+
* Header injection: KYA-Delegation-Id, KYA-Delegation-Chain, KYA-Delegation-Proof, KYA-Granted-Scopes
|
|
9
9
|
*
|
|
10
10
|
* Related Spec: MCP-I §2 — Outbound Delegation Propagation
|
|
11
11
|
*/
|
|
@@ -25,12 +25,15 @@ export declare class StatusList2021Manager {
|
|
|
25
25
|
private decompressor;
|
|
26
26
|
private statusListBaseUrl;
|
|
27
27
|
private defaultListSize;
|
|
28
|
+
/** Per-status-list mutex to serialize updateStatus calls and prevent race conditions. */
|
|
29
|
+
private updateLocks;
|
|
28
30
|
constructor(storage: StatusListStorageProvider, identity: StatusListIdentityProvider, signingFunction: VCSigningFunction, compressor: CompressionFunction, decompressor: DecompressionFunction, options?: {
|
|
29
31
|
statusListBaseUrl?: string;
|
|
30
32
|
defaultListSize?: number;
|
|
31
33
|
});
|
|
32
34
|
allocateStatusEntry(purpose: 'revocation' | 'suspension'): Promise<CredentialStatus>;
|
|
33
35
|
updateStatus(credentialStatus: CredentialStatus, revoked: boolean): Promise<void>;
|
|
36
|
+
private doUpdateStatus;
|
|
34
37
|
checkStatus(credentialStatus: CredentialStatus): Promise<boolean>;
|
|
35
38
|
getRevokedIndices(statusListId: string): Promise<number[]>;
|
|
36
39
|
private ensureStatusListExists;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"statuslist-manager.d.ts","sourceRoot":"","sources":["../../src/delegation/statuslist-manager.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EACV,wBAAwB,EACxB,gBAAgB,EACjB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAoB,KAAK,mBAAmB,EAAE,KAAK,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AACxG,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAGxD,MAAM,WAAW,yBAAyB;IACxC,aAAa,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,GAAG,IAAI,CAAC,CAAC;IAC9E,aAAa,CAAC,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzF,aAAa,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACtD;AAED,MAAM,WAAW,0BAA0B;IACzC,MAAM,IAAI,MAAM,CAAC;IACjB,QAAQ,IAAI,MAAM,CAAC;CACpB;AAED,qBAAa,qBAAqB;
|
|
1
|
+
{"version":3,"file":"statuslist-manager.d.ts","sourceRoot":"","sources":["../../src/delegation/statuslist-manager.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EACV,wBAAwB,EACxB,gBAAgB,EACjB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAoB,KAAK,mBAAmB,EAAE,KAAK,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AACxG,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAGxD,MAAM,WAAW,yBAAyB;IACxC,aAAa,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,GAAG,IAAI,CAAC,CAAC;IAC9E,aAAa,CAAC,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzF,aAAa,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACtD;AAED,MAAM,WAAW,0BAA0B;IACzC,MAAM,IAAI,MAAM,CAAC;IACjB,QAAQ,IAAI,MAAM,CAAC;CACpB;AAED,qBAAa,qBAAqB;IAO9B,OAAO,CAAC,OAAO;IACf,OAAO,CAAC,QAAQ;IAChB,OAAO,CAAC,eAAe;IACvB,OAAO,CAAC,UAAU;IAClB,OAAO,CAAC,YAAY;IAVtB,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,eAAe,CAAS;IAChC,yFAAyF;IACzF,OAAO,CAAC,WAAW,CAAoC;gBAG7C,OAAO,EAAE,yBAAyB,EAClC,QAAQ,EAAE,0BAA0B,EACpC,eAAe,EAAE,iBAAiB,EAClC,UAAU,EAAE,mBAAmB,EAC/B,YAAY,EAAE,qBAAqB,EAC3C,OAAO,CAAC,EAAE;QACR,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B;IAMG,mBAAmB,CAAC,OAAO,EAAE,YAAY,GAAG,YAAY,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAkBpF,YAAY,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;YAezE,cAAc;IA6CtB,WAAW,CAAC,gBAAgB,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;IAoBjE,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;YAelD,sBAAsB;IAgDpC,oBAAoB,IAAI,MAAM;IAI9B,kBAAkB,IAAI,MAAM;CAG7B;AAED,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,yBAAyB,EAClC,QAAQ,EAAE,0BAA0B,EACpC,eAAe,EAAE,iBAAiB,EAClC,UAAU,EAAE,mBAAmB,EAC/B,YAAY,EAAE,qBAAqB,EACnC,OAAO,CAAC,EAAE;IACR,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,GACA,qBAAqB,CASvB"}
|
|
@@ -15,6 +15,8 @@ export class StatusList2021Manager {
|
|
|
15
15
|
decompressor;
|
|
16
16
|
statusListBaseUrl;
|
|
17
17
|
defaultListSize;
|
|
18
|
+
/** Per-status-list mutex to serialize updateStatus calls and prevent race conditions. */
|
|
19
|
+
updateLocks = new Map();
|
|
18
20
|
constructor(storage, identity, signingFunction, compressor, decompressor, options) {
|
|
19
21
|
this.storage = storage;
|
|
20
22
|
this.identity = identity;
|
|
@@ -38,6 +40,17 @@ export class StatusList2021Manager {
|
|
|
38
40
|
return credentialStatus;
|
|
39
41
|
}
|
|
40
42
|
async updateStatus(credentialStatus, revoked) {
|
|
43
|
+
const { statusListCredential } = credentialStatus;
|
|
44
|
+
// Serialize updates per status list to prevent concurrent read-modify-write races.
|
|
45
|
+
// Each call chains on the previous operation for the same list.
|
|
46
|
+
const previous = this.updateLocks.get(statusListCredential) ?? Promise.resolve();
|
|
47
|
+
const operation = previous.then(() => this.doUpdateStatus(credentialStatus, revoked));
|
|
48
|
+
// Store a non-rejecting version so the chain continues even if one update fails
|
|
49
|
+
this.updateLocks.set(statusListCredential, operation.catch(() => { }));
|
|
50
|
+
// Propagate the actual error to the caller
|
|
51
|
+
await operation;
|
|
52
|
+
}
|
|
53
|
+
async doUpdateStatus(credentialStatus, revoked) {
|
|
41
54
|
const { statusListCredential, statusListIndex } = credentialStatus;
|
|
42
55
|
const statusList = await this.storage.getStatusList(statusListCredential);
|
|
43
56
|
if (!statusList) {
|
|
@@ -68,7 +81,7 @@ export class StatusList2021Manager {
|
|
|
68
81
|
const { statusListCredential, statusListIndex } = credentialStatus;
|
|
69
82
|
const statusList = await this.storage.getStatusList(statusListCredential);
|
|
70
83
|
if (!statusList) {
|
|
71
|
-
|
|
84
|
+
throw new Error(`Status list not found: ${statusListCredential} — cannot determine revocation status`);
|
|
72
85
|
}
|
|
73
86
|
const manager = await BitstringManager.decode(statusList.credentialSubject.encodedList, this.compressor, this.decompressor);
|
|
74
87
|
const index = parseInt(statusListIndex, 10);
|