@vess-id/vess 0.9.0 → 0.12.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. package/dist/adapter/mcp/mcp-adapter.d.ts +2 -0
  2. package/dist/adapter/mcp/mcp-adapter.d.ts.map +1 -1
  3. package/dist/adapter/mcp/mcp-adapter.js.map +1 -1
  4. package/dist/adapter/mcp/mcp-server.factory.d.ts +2 -0
  5. package/dist/adapter/mcp/mcp-server.factory.d.ts.map +1 -1
  6. package/dist/adapter/mcp/mcp-server.factory.js +56 -17
  7. package/dist/adapter/mcp/mcp-server.factory.js.map +1 -1
  8. package/dist/bootstrap/sdk-precheck.d.ts +9 -0
  9. package/dist/bootstrap/sdk-precheck.d.ts.map +1 -0
  10. package/dist/bootstrap/sdk-precheck.js +103 -0
  11. package/dist/bootstrap/sdk-precheck.js.map +1 -0
  12. package/dist/cli/index.js +5 -0
  13. package/dist/cli/index.js.map +1 -1
  14. package/dist/cli/init.js +1 -1
  15. package/dist/cli/init.js.map +1 -1
  16. package/dist/config/config.js +1 -1
  17. package/dist/config/config.js.map +1 -1
  18. package/dist/core/execution-engine.d.ts.map +1 -1
  19. package/dist/core/execution-engine.js +99 -26
  20. package/dist/core/execution-engine.js.map +1 -1
  21. package/dist/core/types.d.ts +8 -0
  22. package/dist/core/types.d.ts.map +1 -1
  23. package/dist/gateway/gateway-client.d.ts +11 -1
  24. package/dist/gateway/gateway-client.d.ts.map +1 -1
  25. package/dist/gateway/gateway-client.js +34 -5
  26. package/dist/gateway/gateway-client.js.map +1 -1
  27. package/dist/utils/credential-errors.d.ts +41 -0
  28. package/dist/utils/credential-errors.d.ts.map +1 -1
  29. package/dist/utils/credential-errors.js +39 -0
  30. package/dist/utils/credential-errors.js.map +1 -1
  31. package/dist/wallet/vp-builder.d.ts +10 -2
  32. package/dist/wallet/vp-builder.d.ts.map +1 -1
  33. package/dist/wallet/vp-builder.js +16 -7
  34. package/dist/wallet/vp-builder.js.map +1 -1
  35. package/package.json +22 -31
  36. package/required-sdk-symbols.json +18 -0
package/dist/utils/credential-errors.d.ts CHANGED
@@ -1,3 +1,44 @@
1
1
  /** Check if an error message indicates an invalid credential (expired, revoked, etc.) */
2
2
  export declare function isCredentialInvalidError(message?: string): boolean;
3
+ /**
4
+ * Minimal shape of the reauth payload api returns on revoked/expired OAuth tokens.
5
+ * Kept loose on purpose — the api may add fields without breaking agentd.
6
+ *
7
+ * Layer note — three similar types intentionally exist in this repo:
8
+ * - `ApiReauthRequired` (this file): wire shape parsed from api bodies
9
+ * - `ReauthRequiredInfo` (gateway-client.ts): wire-level result carried
10
+ * alongside `InvokeToolResult.errorCode`
11
+ * - `ReauthRequiredExecutionInfo` (core/types.ts): user-facing ExecuteResult
12
+ * field, trimmed of wire-level knobs (e.g. `metadata`)
13
+ * The duplication is deliberate: each layer drops context the next one
14
+ * doesn't need, which keeps the CLI surface minimal.
15
+ */
16
+ export interface ApiReauthRequired {
17
+ provider: string;
18
+ reason: string;
19
+ message: string;
20
+ authUrl: string;
21
+ projectId?: string;
22
+ metadata?: Record<string, any>;
23
+ }
24
+ /**
25
+ * Probe an api response body for a reauth_required signal.
26
+ *
27
+ * The api shape is:
28
+ * `{ success:false, error, metadata: { action: 'reauth_required',
29
+ * reauthRequired: { provider, reason, message, authUrl, projectId, ... } } }`
30
+ *
31
+ * Returns the extracted payload if present, otherwise `undefined`.
32
+ *
33
+ * Guards:
34
+ * - Requires `authUrl` to be a non-empty string (without it the signal is
35
+ * useless — the CLI caller has nothing to surface to the user).
36
+ * - Does not trust the outer `success` flag. If a future api bug sets
37
+ * `success:true` on a reauth response, we still treat it as a reauth
38
+ * failure: the underlying SaaS token is gone, and any "data" in that
39
+ * envelope would be stale or misleading. `action:'reauth_required'`
40
+ * is the canonical signal, not `success`. (Spec'd in gateway-client
41
+ * reauth tests as the "contradictory body" regression guard.)
42
+ */
43
+ export declare function extractReauthRequired(body: unknown): ApiReauthRequired | undefined;
3
44
  //# sourceMappingURL=credential-errors.d.ts.map
package/dist/utils/credential-errors.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"credential-errors.d.ts","sourceRoot":"","sources":["../../src/utils/credential-errors.ts"],"names":[],"mappings":"AAcA,yFAAyF;AACzF,wBAAgB,wBAAwB,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAGlE"}
1
+ {"version":3,"file":"credential-errors.d.ts","sourceRoot":"","sources":["../../src/utils/credential-errors.ts"],"names":[],"mappings":"AAgBA,yFAAyF;AACzF,wBAAgB,wBAAwB,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAGlE;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;CAC/B;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,OAAO,GAAG,iBAAiB,GAAG,SAAS,CAclF"}
package/dist/utils/credential-errors.js CHANGED
@@ -1,6 +1,8 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.isCredentialInvalidError = isCredentialInvalidError;
4
+ exports.extractReauthRequired = extractReauthRequired;
5
+ const ai_identity_1 = require("@vess-id/ai-identity");
4
6
  /**
5
7
  * Patterns that indicate a credential/VP is invalid (expired, revoked, malformed).
6
8
  * Shared between gateway-client (HTTP response detection) and execution-engine (error classification).
@@ -20,4 +22,41 @@ function isCredentialInvalidError(message) {
20
22
  return false;
21
23
  return CREDENTIAL_ERROR_PATTERNS.some(pattern => pattern.test(message));
22
24
  }
25
+ /**
26
+ * Probe an api response body for a reauth_required signal.
27
+ *
28
+ * The api shape is:
29
+ * `{ success:false, error, metadata: { action: 'reauth_required',
30
+ * reauthRequired: { provider, reason, message, authUrl, projectId, ... } } }`
31
+ *
32
+ * Returns the extracted payload if present, otherwise `undefined`.
33
+ *
34
+ * Guards:
35
+ * - Requires `authUrl` to be a non-empty string (without it the signal is
36
+ * useless — the CLI caller has nothing to surface to the user).
37
+ * - Does not trust the outer `success` flag. If a future api bug sets
38
+ * `success:true` on a reauth response, we still treat it as a reauth
39
+ * failure: the underlying SaaS token is gone, and any "data" in that
40
+ * envelope would be stale or misleading. `action:'reauth_required'`
41
+ * is the canonical signal, not `success`. (Spec'd in gateway-client
42
+ * reauth tests as the "contradictory body" regression guard.)
43
+ */
44
+ function extractReauthRequired(body) {
45
+ if (!body || typeof body !== 'object')
46
+ return undefined;
47
+ const metadata = body.metadata;
48
+ if (!metadata || metadata.action !== ai_identity_1.REAUTH_REQUIRED_ACTION)
49
+ return undefined;
50
+ const r = metadata.reauthRequired;
51
+ if (!r || typeof r.authUrl !== 'string' || r.authUrl.length === 0)
52
+ return undefined;
53
+ return {
54
+ provider: String(r.provider ?? ''),
55
+ reason: String(r.reason ?? ''),
56
+ message: String(r.message ?? body.error ?? ''),
57
+ authUrl: r.authUrl,
58
+ projectId: r.projectId,
59
+ metadata: r.metadata,
60
+ };
61
+ }
23
62
  //# sourceMappingURL=credential-errors.js.map
package/dist/utils/credential-errors.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"credential-errors.js","sourceRoot":"","sources":["../../src/utils/credential-errors.ts"],"names":[],"mappings":";;AAeA,4DAGC;AAlBD;;;GAGG;AACH,MAAM,yBAAyB,GAAa;IAC1C,yBAAyB;IACzB,8BAA8B;IAC9B,iBAAiB;IACjB,iBAAiB;IACjB,0BAA0B;IAC1B,sBAAsB;IACtB,wBAAwB;CACzB,CAAA;AAED,yFAAyF;AACzF,SAAgB,wBAAwB,CAAC,OAAgB;IACvD,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAA;IAC1B,OAAO,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACzE,CAAC"}
1
+ {"version":3,"file":"credential-errors.js","sourceRoot":"","sources":["../../src/utils/credential-errors.ts"],"names":[],"mappings":";;AAiBA,4DAGC;AA2CD,sDAcC;AA7ED,sDAA6D;AAE7D;;;GAGG;AACH,MAAM,yBAAyB,GAAa;IAC1C,yBAAyB;IACzB,8BAA8B;IAC9B,iBAAiB;IACjB,iBAAiB;IACjB,0BAA0B;IAC1B,sBAAsB;IACtB,wBAAwB;CACzB,CAAA;AAED,yFAAyF;AACzF,SAAgB,wBAAwB,CAAC,OAAgB;IACvD,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAA;IAC1B,OAAO,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACzE,CAAC;AAwBD;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,qBAAqB,CAAC,IAAa;IACjD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAA;IACvD,MAAM,QAAQ,GAAI,IAAY,CAAC,QAAQ,CAAA;IACvC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,oCAAsB;QAAE,OAAO,SAAS,CAAA;IAC7E,MAAM,CAAC,GAAG,QAAQ,CAAC,cAAc,CAAA;IACjC,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAA;IACnF,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAC;QAClC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC;QAC9B,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAK,IAAY,CAAC,KAAK,IAAI,EAAE,CAAC;QACvD,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,QAAQ,EAAE,CAAC,CAAC,QAAQ;KACrB,CAAA;AACH,CAAC"}
package/dist/wallet/vp-builder.d.ts CHANGED
@@ -9,8 +9,16 @@ export interface VPBuildOptions {
9
9
  * Build a Verifiable Presentation (SD-JWT KB-JWT) for local signing.
10
10
  *
11
11
  * The VP signer is the Agent DID (not Root DID — spec §4.2).
12
- * Follows the same pattern as remote-mcp's VPCreationService.
13
- * Accepts injectable signing key for future session key switching.
12
+ *
13
+ * KB-JWT payload construction is delegated to
14
+ * `buildKbJwtPayload()` in `@vess-id/ai-identity`
15
+ * (`packages/sdk/src/vp/kb-jwt-builder.ts`), which is the SINGLE SOURCE OF
16
+ * TRUTH shared with the api / remote-mcp / SDK issuers. Do NOT inline an
17
+ * `{ iss, aud, nonce, iat }` literal here: agentd alpha builds prior to
18
+ * this change drifted from the API verifier's `exp` requirement and every
19
+ * VP was rejected with `KB-JWT missing exp`. The four-way lock-step
20
+ * (api / remote-mcp / SDK / agentd) is documented in the kb-jwt-builder
21
+ * header.
14
22
  */
15
23
  export declare class VPBuilder {
16
24
  buildVP(options: VPBuildOptions): Promise<string>;
package/dist/wallet/vp-builder.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"vp-builder.d.ts","sourceRoot":"","sources":["../../src/wallet/vp-builder.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,cAAc;IAC7B,aAAa,EAAE,MAAM,CAAA;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,mBAAmB,EAAE,MAAM,CAAA;IAC3B,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,MAAM,CAAA;CACf;AAED;;;;;;GAMG;AACH,qBAAa,SAAS;IACd,OAAO,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;CAwCxD"}
1
+ {"version":3,"file":"vp-builder.d.ts","sourceRoot":"","sources":["../../src/wallet/vp-builder.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,cAAc;IAC7B,aAAa,EAAE,MAAM,CAAA;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,mBAAmB,EAAE,MAAM,CAAA;IAC3B,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,MAAM,CAAA;CACf;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,SAAS;IACd,OAAO,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;CAwCxD"}
package/dist/wallet/vp-builder.js CHANGED
@@ -3,12 +3,21 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.VPBuilder = void 0;
4
4
  const sd_jwt_vc_1 = require("@sd-jwt/sd-jwt-vc");
5
5
  const crypto_nodejs_1 = require("@sd-jwt/crypto-nodejs");
6
+ const ai_identity_1 = require("@vess-id/ai-identity");
6
7
  /**
7
8
  * Build a Verifiable Presentation (SD-JWT KB-JWT) for local signing.
8
9
  *
9
10
  * The VP signer is the Agent DID (not Root DID — spec §4.2).
10
- * Follows the same pattern as remote-mcp's VPCreationService.
11
- * Accepts injectable signing key for future session key switching.
11
+ *
12
+ * KB-JWT payload construction is delegated to
13
+ * `buildKbJwtPayload()` in `@vess-id/ai-identity`
14
+ * (`packages/sdk/src/vp/kb-jwt-builder.ts`), which is the SINGLE SOURCE OF
15
+ * TRUTH shared with the api / remote-mcp / SDK issuers. Do NOT inline an
16
+ * `{ iss, aud, nonce, iat }` literal here: agentd alpha builds prior to
17
+ * this change drifted from the API verifier's `exp` requirement and every
18
+ * VP was rejected with `KB-JWT missing exp`. The four-way lock-step
19
+ * (api / remote-mcp / SDK / agentd) is documented in the kb-jwt-builder
20
+ * header.
12
21
  */
13
22
  class VPBuilder {
14
23
  async buildVP(options) {
@@ -32,12 +41,12 @@ class VPBuilder {
32
41
  for (const key of presentableKeys) {
33
42
  presentationFrame[key] = true;
34
43
  }
35
- const kbJwtPayload = {
36
- iss: options.signerDid,
37
- aud: options.domain,
44
+ const kbJwtPayload = (0, ai_identity_1.buildKbJwtPayload)({
45
+ holderDid: options.signerDid,
46
+ audience: options.domain,
38
47
  nonce: options.nonce,
39
- iat: Math.floor(Date.now() / 1000),
40
- };
48
+ vcCredential: options.credentialJwt,
49
+ });
41
50
  const presentation = await sdJwtInstance.present(options.credentialJwt, presentationFrame, { kb: { payload: kbJwtPayload } });
42
51
  return presentation;
43
52
  }
package/dist/wallet/vp-builder.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"vp-builder.js","sourceRoot":"","sources":["../../src/wallet/vp-builder.ts"],"names":[],"mappings":";;;AAAA,iDAAmD;AACnD,yDAAmE;AAUnE;;;;;;GAMG;AACH,MAAa,SAAS;IACpB,KAAK,CAAC,OAAO,CAAC,OAAuB;QACnC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAA;QAC1D,MAAM,MAAM,GAAG,MAAM,qBAAK,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QAChD,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,YAAY,EAAE,GAAG,UAAqC,CAAA;QAC7E,MAAM,QAAQ,GAAG,MAAM,qBAAK,CAAC,WAAW,CAAC,YAAY,CAAC,CAAA;QAEtD,MAAM,aAAa,GAAG,IAAI,2BAAe,CAAC;YACxC,MAAM;YACN,QAAQ;YACR,OAAO,EAAE,qBAAK,CAAC,GAAG;YAClB,MAAM,EAAE,sBAAM;YACd,OAAO,EAAE,SAAS;YAClB,aAAa,EAAE,4BAAY;YAC3B,QAAQ,EAAE,MAAM;YAChB,SAAS,EAAE,qBAAK,CAAC,GAAG;SACrB,CAAC,CAAA;QAEF,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;QACnE,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,eAAe,CAAC,sBAAM,CAAC,CAAA;QAE/D,MAAM,iBAAiB,GAA4B,EAAE,CAAA;QACrD,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;YAClC,iBAAiB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAA;QAC/B,CAAC;QAED,MAAM,YAAY,GAAG;YACnB,GAAG,EAAE,OAAO,CAAC,SAAS;YACtB,GAAG,EAAE,OAAO,CAAC,MAAM;YACnB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;SACnC,CAAA;QAED,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,OAAO,CAC9C,OAAO,CAAC,aAAa,EACrB,iBAAiB,EACjB,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,EAAE,CAClC,CAAA;QAED,OAAO,YAAY,CAAA;IACrB,CAAC;CACF;AAzCD,8BAyCC"}
1
+ {"version":3,"file":"vp-builder.js","sourceRoot":"","sources":["../../src/wallet/vp-builder.ts"],"names":[],"mappings":";;;AAAA,iDAAmD;AACnD,yDAAmE;AACnE,sDAAwD;AAUxD;;;;;;;;;;;;;;GAcG;AACH,MAAa,SAAS;IACpB,KAAK,CAAC,OAAO,CAAC,OAAuB;QACnC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAA;QAC1D,MAAM,MAAM,GAAG,MAAM,qBAAK,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QAChD,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,YAAY,EAAE,GAAG,UAAqC,CAAA;QAC7E,MAAM,QAAQ,GAAG,MAAM,qBAAK,CAAC,WAAW,CAAC,YAAY,CAAC,CAAA;QAEtD,MAAM,aAAa,GAAG,IAAI,2BAAe,CAAC;YACxC,MAAM;YACN,QAAQ;YACR,OAAO,EAAE,qBAAK,CAAC,GAAG;YAClB,MAAM,EAAE,sBAAM;YACd,OAAO,EAAE,SAAS;YAClB,aAAa,EAAE,4BAAY;YAC3B,QAAQ,EAAE,MAAM;YAChB,SAAS,EAAE,qBAAK,CAAC,GAAG;SACrB,CAAC,CAAA;QAEF,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;QACnE,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,eAAe,CAAC,sBAAM,CAAC,CAAA;QAE/D,MAAM,iBAAiB,GAA4B,EAAE,CAAA;QACrD,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;YAClC,iBAAiB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAA;QAC/B,CAAC;QAED,MAAM,YAAY,GAAG,IAAA,+BAAiB,EAAC;YACrC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,QAAQ,EAAE,OAAO,CAAC,MAAM;YACxB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,YAAY,EAAE,OAAO,CAAC,aAAa;SACpC,CAAC,CAAA;QAEF,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,OAAO,CAC9C,OAAO,CAAC,aAAa,EACrB,iBAAiB,EACjB,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,EAAE,CAClC,CAAA;QAED,OAAO,YAAY,CAAA;IACrB,CAAC;CACF;AAzCD,8BAyCC"}
package/package.json CHANGED
@@ -1,50 +1,32 @@
1
1
  {
2
2
  "name": "@vess-id/vess",
3
- "version": "0.9.0",
3
+ "version": "0.12.0-alpha.0",
4
4
  "description": "VESS local AI agent runtime — manages agent identity, permissions, and execution boundaries",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
7
7
  "bin": {
8
8
  "vess": "./bin/vess.js"
9
9
  },
10
- "scripts": {
11
- "build": "tsc",
12
- "dev": "tsc --watch",
13
- "test": "jest --no-coverage",
14
- "test:cov": "jest",
15
- "lint": "eslint src/**/*.ts",
16
- "start": "node dist/cli/index.js",
17
- "semantic-release": "semantic-release"
18
- },
19
10
  "dependencies": {
20
- "@modelcontextprotocol/sdk": "^1.18.1",
11
+ "@modelcontextprotocol/sdk": "^1.29.0",
21
12
  "@napi-rs/keyring": "^1.2.0",
22
13
  "@sd-jwt/crypto-nodejs": "^0.15.0",
23
14
  "@sd-jwt/sd-jwt-vc": "^0.15.1",
24
- "@vess-id/ai-identity": "0.11.0",
25
- "better-sqlite3": "^11.0.0",
26
- "commander": "^12.0.0",
27
- "zod": "^3.23.0"
15
+ "better-sqlite3": "^11.10.0",
16
+ "commander": "^12.1.0",
17
+ "zod": "^3.25.76",
18
+ "@vess-id/ai-identity": "0.12.0-alpha.0"
28
19
  },
29
20
  "optionalDependencies": {
30
- "node-mac-auth": "^1.0.0"
21
+ "node-mac-auth": "^1.1.0"
31
22
  },
32
23
  "devDependencies": {
33
- "@semantic-release/changelog": "^6.0.3",
34
- "@semantic-release/commit-analyzer": "^13.0.1",
35
- "@semantic-release/exec": "^7.1.0",
36
- "@semantic-release/git": "^10.0.1",
37
- "@semantic-release/github": "^12.0.6",
38
- "@semantic-release/npm": "^13.0.0",
39
- "@semantic-release/release-notes-generator": "^14.1.0",
40
- "@types/better-sqlite3": "^7.6.0",
41
- "@types/jest": "^29.5.0",
42
- "@types/node": "^22.0.0",
43
- "conventional-changelog-conventionalcommits": "^9.3.0",
24
+ "@types/better-sqlite3": "^7.6.13",
25
+ "@types/jest": "^29.5.14",
26
+ "@types/node": "^22.19.17",
44
27
  "jest": "^29.7.0",
45
- "semantic-release": "^25.0.3",
46
- "ts-jest": "^29.1.0",
47
- "typescript": "^5.3.0"
28
+ "ts-jest": "^29.4.9",
29
+ "typescript": "^5.9.3"
48
30
  },
49
31
  "engines": {
50
32
  "node": ">=22.0.0"
@@ -53,6 +35,7 @@
53
35
  "files": [
54
36
  "bin",
55
37
  "dist",
38
+ "required-sdk-symbols.json",
56
39
  "LICENSE",
57
40
  "README.md"
58
41
  ],
@@ -76,5 +59,13 @@
76
59
  "homepage": "https://vess.id",
77
60
  "publishConfig": {
78
61
  "access": "public"
62
+ },
63
+ "scripts": {
64
+ "build": "tsc",
65
+ "dev": "tsc --watch",
66
+ "test": "jest --no-coverage",
67
+ "test:cov": "jest",
68
+ "lint": "eslint src/**/*.ts",
69
+ "start": "node dist/cli/index.js"
79
70
  }
80
- }
71
+ }
package/required-sdk-symbols.json ADDED
@@ -0,0 +1,18 @@
1
+ [
2
+ "ACTION_REGISTRY",
3
+ "AgentDIDManager",
4
+ "DeviceEnrollManager",
5
+ "GATEWAY_ERROR_CODE",
6
+ "GatewayClient",
7
+ "REAUTH_REQUIRED_ACTION",
8
+ "VALID_MCP_TOOLS",
9
+ "VCManager",
10
+ "buildKbJwtPayload",
11
+ "createDidJwk",
12
+ "extractProjectKey",
13
+ "generateKeyPair",
14
+ "getAllValidMcpActionNames",
15
+ "normalizeDomain",
16
+ "normalizeMcpActionName",
17
+ "readVcExpSeconds"
18
+ ]