@vess-id/vess 0.9.0 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/dist/adapter/mcp/mcp-adapter.d.ts +2 -0
  2. package/dist/adapter/mcp/mcp-adapter.d.ts.map +1 -1
  3. package/dist/adapter/mcp/mcp-adapter.js.map +1 -1
  4. package/dist/adapter/mcp/mcp-server.factory.d.ts +2 -0
  5. package/dist/adapter/mcp/mcp-server.factory.d.ts.map +1 -1
  6. package/dist/adapter/mcp/mcp-server.factory.js +56 -17
  7. package/dist/adapter/mcp/mcp-server.factory.js.map +1 -1
  8. package/dist/bootstrap/sdk-precheck.d.ts +9 -0
  9. package/dist/bootstrap/sdk-precheck.d.ts.map +1 -0
  10. package/dist/bootstrap/sdk-precheck.js +103 -0
  11. package/dist/bootstrap/sdk-precheck.js.map +1 -0
  12. package/dist/cli/index.js +5 -0
  13. package/dist/cli/index.js.map +1 -1
  14. package/dist/core/execution-engine.d.ts.map +1 -1
  15. package/dist/core/execution-engine.js +99 -26
  16. package/dist/core/execution-engine.js.map +1 -1
  17. package/dist/core/types.d.ts +8 -0
  18. package/dist/core/types.d.ts.map +1 -1
  19. package/dist/gateway/gateway-client.d.ts +11 -1
  20. package/dist/gateway/gateway-client.d.ts.map +1 -1
  21. package/dist/gateway/gateway-client.js +34 -5
  22. package/dist/gateway/gateway-client.js.map +1 -1
  23. package/dist/utils/credential-errors.d.ts +41 -0
  24. package/dist/utils/credential-errors.d.ts.map +1 -1
  25. package/dist/utils/credential-errors.js +39 -0
  26. package/dist/utils/credential-errors.js.map +1 -1
  27. package/dist/wallet/vp-builder.d.ts +10 -2
  28. package/dist/wallet/vp-builder.d.ts.map +1 -1
  29. package/dist/wallet/vp-builder.js +16 -7
  30. package/dist/wallet/vp-builder.js.map +1 -1
  31. package/package.json +22 -31
  32. package/required-sdk-symbols.json +18 -0
package/dist/wallet/vp-builder.js CHANGED
@@ -3,12 +3,21 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.VPBuilder = void 0;
4
4
  const sd_jwt_vc_1 = require("@sd-jwt/sd-jwt-vc");
5
5
  const crypto_nodejs_1 = require("@sd-jwt/crypto-nodejs");
6
+ const ai_identity_1 = require("@vess-id/ai-identity");
6
7
  /**
7
8
  * Build a Verifiable Presentation (SD-JWT KB-JWT) for local signing.
8
9
  *
9
10
  * The VP signer is the Agent DID (not Root DID — spec §4.2).
10
- * Follows the same pattern as remote-mcp's VPCreationService.
11
- * Accepts injectable signing key for future session key switching.
11
+ *
12
+ * KB-JWT payload construction is delegated to
13
+ * `buildKbJwtPayload()` in `@vess-id/ai-identity`
14
+ * (`packages/sdk/src/vp/kb-jwt-builder.ts`), which is the SINGLE SOURCE OF
15
+ * TRUTH shared with the api / remote-mcp / SDK issuers. Do NOT inline an
16
+ * `{ iss, aud, nonce, iat }` literal here: agentd alpha builds prior to
17
+ * this change drifted from the API verifier's `exp` requirement and every
18
+ * VP was rejected with `KB-JWT missing exp`. The four-way lock-step
19
+ * (api / remote-mcp / SDK / agentd) is documented in the kb-jwt-builder
20
+ * header.
12
21
  */
13
22
  class VPBuilder {
14
23
  async buildVP(options) {
@@ -32,12 +41,12 @@ class VPBuilder {
32
41
  for (const key of presentableKeys) {
33
42
  presentationFrame[key] = true;
34
43
  }
35
- const kbJwtPayload = {
36
- iss: options.signerDid,
37
- aud: options.domain,
44
+ const kbJwtPayload = (0, ai_identity_1.buildKbJwtPayload)({
45
+ holderDid: options.signerDid,
46
+ audience: options.domain,
38
47
  nonce: options.nonce,
39
- iat: Math.floor(Date.now() / 1000),
40
- };
48
+ vcCredential: options.credentialJwt,
49
+ });
41
50
  const presentation = await sdJwtInstance.present(options.credentialJwt, presentationFrame, { kb: { payload: kbJwtPayload } });
42
51
  return presentation;
43
52
  }
package/dist/wallet/vp-builder.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"vp-builder.js","sourceRoot":"","sources":["../../src/wallet/vp-builder.ts"],"names":[],"mappings":";;;AAAA,iDAAmD;AACnD,yDAAmE;AAUnE;;;;;;GAMG;AACH,MAAa,SAAS;IACpB,KAAK,CAAC,OAAO,CAAC,OAAuB;QACnC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAA;QAC1D,MAAM,MAAM,GAAG,MAAM,qBAAK,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QAChD,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,YAAY,EAAE,GAAG,UAAqC,CAAA;QAC7E,MAAM,QAAQ,GAAG,MAAM,qBAAK,CAAC,WAAW,CAAC,YAAY,CAAC,CAAA;QAEtD,MAAM,aAAa,GAAG,IAAI,2BAAe,CAAC;YACxC,MAAM;YACN,QAAQ;YACR,OAAO,EAAE,qBAAK,CAAC,GAAG;YAClB,MAAM,EAAE,sBAAM;YACd,OAAO,EAAE,SAAS;YAClB,aAAa,EAAE,4BAAY;YAC3B,QAAQ,EAAE,MAAM;YAChB,SAAS,EAAE,qBAAK,CAAC,GAAG;SACrB,CAAC,CAAA;QAEF,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;QACnE,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,eAAe,CAAC,sBAAM,CAAC,CAAA;QAE/D,MAAM,iBAAiB,GAA4B,EAAE,CAAA;QACrD,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;YAClC,iBAAiB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAA;QAC/B,CAAC;QAED,MAAM,YAAY,GAAG;YACnB,GAAG,EAAE,OAAO,CAAC,SAAS;YACtB,GAAG,EAAE,OAAO,CAAC,MAAM;YACnB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;SACnC,CAAA;QAED,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,OAAO,CAC9C,OAAO,CAAC,aAAa,EACrB,iBAAiB,EACjB,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,EAAE,CAClC,CAAA;QAED,OAAO,YAAY,CAAA;IACrB,CAAC;CACF;AAzCD,8BAyCC"}
1
+ {"version":3,"file":"vp-builder.js","sourceRoot":"","sources":["../../src/wallet/vp-builder.ts"],"names":[],"mappings":";;;AAAA,iDAAmD;AACnD,yDAAmE;AACnE,sDAAwD;AAUxD;;;;;;;;;;;;;;GAcG;AACH,MAAa,SAAS;IACpB,KAAK,CAAC,OAAO,CAAC,OAAuB;QACnC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAA;QAC1D,MAAM,MAAM,GAAG,MAAM,qBAAK,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QAChD,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,YAAY,EAAE,GAAG,UAAqC,CAAA;QAC7E,MAAM,QAAQ,GAAG,MAAM,qBAAK,CAAC,WAAW,CAAC,YAAY,CAAC,CAAA;QAEtD,MAAM,aAAa,GAAG,IAAI,2BAAe,CAAC;YACxC,MAAM;YACN,QAAQ;YACR,OAAO,EAAE,qBAAK,CAAC,GAAG;YAClB,MAAM,EAAE,sBAAM;YACd,OAAO,EAAE,SAAS;YAClB,aAAa,EAAE,4BAAY;YAC3B,QAAQ,EAAE,MAAM;YAChB,SAAS,EAAE,qBAAK,CAAC,GAAG;SACrB,CAAC,CAAA;QAEF,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;QACnE,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,eAAe,CAAC,sBAAM,CAAC,CAAA;QAE/D,MAAM,iBAAiB,GAA4B,EAAE,CAAA;QACrD,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;YAClC,iBAAiB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAA;QAC/B,CAAC;QAED,MAAM,YAAY,GAAG,IAAA,+BAAiB,EAAC;YACrC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,QAAQ,EAAE,OAAO,CAAC,MAAM;YACxB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,YAAY,EAAE,OAAO,CAAC,aAAa;SACpC,CAAC,CAAA;QAEF,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,OAAO,CAC9C,OAAO,CAAC,aAAa,EACrB,iBAAiB,EACjB,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,EAAE,CAClC,CAAA;QAED,OAAO,YAAY,CAAA;IACrB,CAAC;CACF;AAzCD,8BAyCC"}
package/package.json CHANGED
@@ -1,50 +1,32 @@
1
1
  {
2
2
  "name": "@vess-id/vess",
3
- "version": "0.9.0",
3
+ "version": "0.12.0",
4
4
  "description": "VESS local AI agent runtime — manages agent identity, permissions, and execution boundaries",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
7
7
  "bin": {
8
8
  "vess": "./bin/vess.js"
9
9
  },
10
- "scripts": {
11
- "build": "tsc",
12
- "dev": "tsc --watch",
13
- "test": "jest --no-coverage",
14
- "test:cov": "jest",
15
- "lint": "eslint src/**/*.ts",
16
- "start": "node dist/cli/index.js",
17
- "semantic-release": "semantic-release"
18
- },
19
10
  "dependencies": {
20
- "@modelcontextprotocol/sdk": "^1.18.1",
11
+ "@modelcontextprotocol/sdk": "^1.29.0",
21
12
  "@napi-rs/keyring": "^1.2.0",
22
13
  "@sd-jwt/crypto-nodejs": "^0.15.0",
23
14
  "@sd-jwt/sd-jwt-vc": "^0.15.1",
24
- "@vess-id/ai-identity": "0.11.0",
25
- "better-sqlite3": "^11.0.0",
26
- "commander": "^12.0.0",
27
- "zod": "^3.23.0"
15
+ "better-sqlite3": "^11.10.0",
16
+ "commander": "^12.1.0",
17
+ "zod": "^3.25.76",
18
+ "@vess-id/ai-identity": "0.12.0"
28
19
  },
29
20
  "optionalDependencies": {
30
- "node-mac-auth": "^1.0.0"
21
+ "node-mac-auth": "^1.1.0"
31
22
  },
32
23
  "devDependencies": {
33
- "@semantic-release/changelog": "^6.0.3",
34
- "@semantic-release/commit-analyzer": "^13.0.1",
35
- "@semantic-release/exec": "^7.1.0",
36
- "@semantic-release/git": "^10.0.1",
37
- "@semantic-release/github": "^12.0.6",
38
- "@semantic-release/npm": "^13.0.0",
39
- "@semantic-release/release-notes-generator": "^14.1.0",
40
- "@types/better-sqlite3": "^7.6.0",
41
- "@types/jest": "^29.5.0",
42
- "@types/node": "^22.0.0",
43
- "conventional-changelog-conventionalcommits": "^9.3.0",
24
+ "@types/better-sqlite3": "^7.6.13",
25
+ "@types/jest": "^29.5.14",
26
+ "@types/node": "^22.19.17",
44
27
  "jest": "^29.7.0",
45
- "semantic-release": "^25.0.3",
46
- "ts-jest": "^29.1.0",
47
- "typescript": "^5.3.0"
28
+ "ts-jest": "^29.4.9",
29
+ "typescript": "^5.9.3"
48
30
  },
49
31
  "engines": {
50
32
  "node": ">=22.0.0"
@@ -53,6 +35,7 @@
53
35
  "files": [
54
36
  "bin",
55
37
  "dist",
38
+ "required-sdk-symbols.json",
56
39
  "LICENSE",
57
40
  "README.md"
58
41
  ],
@@ -76,5 +59,13 @@
76
59
  "homepage": "https://vess.id",
77
60
  "publishConfig": {
78
61
  "access": "public"
62
+ },
63
+ "scripts": {
64
+ "build": "tsc",
65
+ "dev": "tsc --watch",
66
+ "test": "jest --no-coverage",
67
+ "test:cov": "jest",
68
+ "lint": "eslint src/**/*.ts",
69
+ "start": "node dist/cli/index.js"
79
70
  }
80
- }
71
+ }
package/required-sdk-symbols.json ADDED
@@ -0,0 +1,18 @@
1
+ [
2
+ "ACTION_REGISTRY",
3
+ "AgentDIDManager",
4
+ "DeviceEnrollManager",
5
+ "GATEWAY_ERROR_CODE",
6
+ "GatewayClient",
7
+ "REAUTH_REQUIRED_ACTION",
8
+ "VALID_MCP_TOOLS",
9
+ "VCManager",
10
+ "buildKbJwtPayload",
11
+ "createDidJwk",
12
+ "extractProjectKey",
13
+ "generateKeyPair",
14
+ "getAllValidMcpActionNames",
15
+ "normalizeDomain",
16
+ "normalizeMcpActionName",
17
+ "readVcExpSeconds"
18
+ ]