@openmobilehub/attestomcp-gate 0.1.0

package/dist/types.d.ts

@@ -0,0 +1,146 @@
+export interface DcqlClaim {
+    path: string[];
+    intent_to_retain?: boolean;
+}
+export interface DcqlCredentialOption {
+    id: string;
+    format: "mso_mdoc";
+    meta: Record<string, string>;
+    claims: DcqlClaim[];
+}
+export interface DcqlQuery {
+    credentials: DcqlCredentialOption[];
+}
+/**
+ * How honestly the presented mdoc is trusted. v0.1 enforces *disclosure*
+ * (explicit positive claim) and *binding* (nonce / ephemeral key), but NOT
+ * *trust* (issuer / device signatures) — a self-crafted mdoc would pass. The
+ * manifest and the envelope both carry this so the limitation is stated in the
+ * type, not buried in prose: it's a flow demo, not a real safety control yet.
+ */
+export type TrustLevel = "presence-only-demo" | "issuer-verified";
+export type Effect = {
+    kind: "gate";
+} | {
+    kind: "discount";
+    percent?: number;
+    amount?: number;
+} | {
+    kind: "authorize";
+};
+export interface OrderLine {
+    /** Product id. */
+    id: string;
+    /** Quantity (matches the demo's `PricedCartLine.quantity`). */
+    quantity: number;
+    /** Cents; authoritative (catalog). */
+    unitPrice: number;
+    /**
+     * Per-product age threshold (21 for alcohol), re-derived server-side onto the
+     * line from the catalog (invariant #2). `PricedCartLine` doesn't carry it
+     * natively — the gate enriches the order before resolving the policy.
+     */
+    minimumAge?: number;
+    /** Product category (e.g. "Beverages"); available to custom `.when()` predicates. */
+    category?: string;
+    /** Example custom flag a `prescription` `appliesTo` reads. */
+    requiresRx?: boolean;
+}
+export interface GateOrder {
+    /** Stable per checkout (created once). */
+    id: string;
+    /** Cents; re-derived server-side. */
+    total: number;
+    /** ISO 4217. */
+    currency: string;
+    /** Carries the data conditional predicates read. */
+    lines: OrderLine[];
+}
+/**
+ * A gate in the policy. Built-ins (`age.over(21)`, `membership.discount(10)`,
+ * `payment.in("usd")`) and customs (`defineCredential`) are the same shape; the
+ * resolver reads `effect` + `params` + `ui` and runs `when` / `appliesTo`.
+ */
+export interface Credential {
+    /** `"age"` / `"membership"` / `"payment"` / custom. */
+    id: string;
+    /** What to ask the wallet. */
+    request: DcqlQuery;
+    /** Reads disclosed claims → proven? (Security: explicit positive claim.) */
+    verify: (claims: Record<string, unknown>) => boolean;
+    /** `gate()` | `discount({percent})` | `authorize()`. */
+    effect: Effect;
+    /**
+     * Inclusion predicate — the gate is in the manifest only when this returns
+     * true (absent ⇒ always applies). `defineCredential` sets the definition-time
+     * conditional here (e.g. prescription only for Rx); `.when()` composes a
+     * call-site conditional onto it (AND). One field, one check in the resolver.
+     */
+    appliesTo?: (order: GateOrder) => boolean;
+    /** The card shown in Context 2 (the checkout page). */
+    ui: {
+        label: string;
+        action: string;
+    };
+    /** Builder-derived parameters (`age.over(21)` → `{ minAge: 21 }`). */
+    params?: {
+        minAge?: number;
+        percent?: number;
+        currency?: string;
+    };
+    /**
+     * Attach a call-site conditional (e.g. `age.over(21).when(hasAlcohol)`).
+     * Returns a NEW Credential (chainable, non-mutating); the predicate is AND-ed
+     * onto any existing `appliesTo`.
+     */
+    when(predicate: (order: GateOrder) => boolean): Credential;
+}
+export interface Step {
+    /** The gate. */
+    credential: Credential;
+    /** `required(c)` → true; `optional(c)` → false. */
+    required: boolean;
+}
+/** The flat, JSON-safe element of `requires`. No functions. */
+export interface VerificationManifestEntry {
+    credential: string;
+    required: boolean;
+    effect: "gate" | "discount" | "authorize";
+    /** Where it runs (Principle VII — honesty in the type). */
+    enforcedAt: "tool" | "checkout";
+    /** mdoc trust (Principle VII; matches the envelope's field — no regression). */
+    trust_level: TrustLevel;
+    /** From `ui.label`; human-readable for agent / widget. */
+    label: string;
+    /** age only. */
+    minAge?: number;
+    /** discount only. */
+    discountPct?: number;
+    /** Per-order link (gate / authorize effects). */
+    approveUrl?: string;
+}
+export interface VerificationRecord {
+    ageVerified?: boolean;
+    loyalty?: {
+        applied: boolean;
+        membershipNumber: string | null;
+    };
+    /** Custom credential results, keyed by credential id. */
+    [credentialId: string]: unknown;
+}
+export interface VerificationStore {
+    read(orderId: string): VerificationRecord | undefined | Promise<VerificationRecord | undefined>;
+    write(orderId: string, record: VerificationRecord): void | Promise<void>;
+    clear(orderId: string): void | Promise<void>;
+}
+export interface AttestoMcpOptions {
+    /**
+     * Absolute origin the wallet ceremony binds to (e.g. `https://shop.example`).
+     * Optional — defaults to `http://localhost:<PORT|3000>` so zero-config local
+     * dev works. Warns (never throws) if it's not absolute, or if it resolves to
+     * localhost in production. Set it to your public origin for any deployment.
+     */
+    walletOrigin?: string;
+    /** Per-order verification state; default in-memory, pluggable (Redis). */
+    store?: VerificationStore;
+}

package/dist/types.js

@@ -0,0 +1,7 @@
+// @openmobilehub/attestomcp-gate — public types (the contract, in TypeScript).
+//
+// Two layers (see specs/001-attesto-sdk/data-model.md):
+//   • policy   — code: builders carry functions (.when / verify / appliesTo) and live in your server.
+//   • manifest — data: `requirements()` resolves the policy server-side and emits a flat, JSON-safe
+//                manifest. Functions NEVER cross the wire. `requirements()` is that code→data boundary.
+export {};

package/package.json

@@ -0,0 +1,62 @@
+{
+  "name": "@openmobilehub/attestomcp-gate",
+  "version": "0.1.0",
+  "description": "The consent layer for AI agents — require a verifiable credential from the user's wallet before a consequential MCP tool completes. Identity leads; payments is one application.",
+  "license": "Apache-2.0",
+  "author": "Open Mobile Hub (Linux Foundation)",
+  "homepage": "https://github.com/openmobilehub/mcp-apps-shopping-demo/tree/main/packages/attestomcp-gate#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/openmobilehub/mcp-apps-shopping-demo.git",
+    "directory": "packages/attestomcp-gate"
+  },
+  "bugs": {
+    "url": "https://github.com/openmobilehub/mcp-apps-shopping-demo/issues"
+  },
+  "type": "module",
+  "sideEffects": false,
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "engines": {
+    "node": ">=20"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json && tsc -p tsconfig.test.json",
+    "test": "vitest run"
+  },
+  "keywords": [
+    "mcp",
+    "agent",
+    "verifiable-credentials",
+    "openid4vp",
+    "mdoc",
+    "consent",
+    "agentic-commerce"
+  ],
+  "dependencies": {
+    "@hpke/core": "^1.9.0",
+    "@peculiar/x509": "^1.14.3",
+    "@simplewebauthn/browser": "^13.3.0",
+    "@simplewebauthn/server": "^13.3.1",
+    "cbor-x": "^1.6.4",
+    "jose": "^5.10.0"
+  },
+  "devDependencies": {
+    "@types/supertest": "^7.2.0",
+    "supertest": "^7.2.2"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}