@openparachute/vault 0.4.0 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. package/README.md +133 -0
  2. package/core/src/core.test.ts +1171 -518
  3. package/core/src/mcp.ts +37 -426
  4. package/core/src/notes.ts +405 -32
  5. package/core/src/schema-defaults.ts +214 -170
  6. package/core/src/schema.ts +104 -32
  7. package/core/src/store.ts +90 -78
  8. package/core/src/tag-hierarchy.ts +36 -2
  9. package/core/src/types.ts +37 -42
  10. package/core/src/vault-projection.ts +309 -0
  11. package/package.json +2 -2
  12. package/src/auth-hub-jwt.test.ts +142 -13
  13. package/src/auth.ts +29 -0
  14. package/src/hub-jwt.test.ts +16 -5
  15. package/src/hub-jwt.ts +9 -0
  16. package/src/mcp-http.ts +4 -2
  17. package/src/mcp-tools.ts +101 -90
  18. package/src/routes.ts +313 -206
  19. package/src/routing.test.ts +12 -12
  20. package/src/routing.ts +0 -2
  21. package/src/tokens-routes.test.ts +11 -4
  22. package/src/vault.test.ts +875 -297
  23. package/core/src/note-schemas.ts +0 -232
package/src/tokens-routes.test.ts CHANGED
@@ -31,7 +31,7 @@ const { route } = await import("./routing.ts");
31
31
  const { writeGlobalConfig, writeVaultConfig } = await import("./config.ts");
32
32
  const { clearVaultStoreCache, getVaultStore } = await import("./vault-store.ts");
33
33
  const { generateToken, createToken, resolveToken } = await import("./token-store.ts");
34
- const { resetJwksCache } = await import("./hub-jwt.ts");
34
+ const { resetJwksCache, resetRevocationCache } = await import("./hub-jwt.ts");
35
35
 
36
36
  interface Keypair {
37
37
  privateKey: CryptoKey;
@@ -59,10 +59,16 @@ function startJwksFixture(keys: Keypair[]): JwksFixture {
59
59
  port: 0,
60
60
  fetch(req) {
61
61
  const url = new URL(req.url);
62
- if (url.pathname !== "/.well-known/jwks.json") {
63
- return new Response("not found", { status: 404 });
62
+ if (url.pathname === "/.well-known/jwks.json") {
63
+ return Response.json({ keys: keys.map((k) => k.publicJwk) });
64
64
  }
65
- return Response.json({ keys: keys.map((k) => k.publicJwk) });
65
+ // scope-guard 0.2+ consults the revocation list on every JWT validation
66
+ // (when the token has a jti). Empty list = "clear" outcome; tokens
67
+ // signed in this suite all pass the revocation check.
68
+ if (url.pathname === "/.well-known/parachute-revocation.json") {
69
+ return Response.json({ generated_at: new Date().toISOString(), jtis: [] });
70
+ }
71
+ return new Response("not found", { status: 404 });
66
72
  },
67
73
  });
68
74
  return {
@@ -132,6 +138,7 @@ beforeEach(async () => {
132
138
  prevHubOrigin = process.env.PARACHUTE_HUB_ORIGIN;
133
139
  process.env.PARACHUTE_HUB_ORIGIN = fixture.origin;
134
140
  resetJwksCache();
141
+ resetRevocationCache();
135
142
  });
136
143
 
137
144
  afterEach(() => {