kavachos 0.0.3 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/dist/a2a/index.d.ts +2341 -0
  2. package/dist/a2a/index.js +821 -0
  3. package/dist/a2a/index.js.map +1 -0
  4. package/dist/agent/index.d.ts +3 -3
  5. package/dist/agent/index.js +3 -2
  6. package/dist/audit/index.d.ts +2 -2
  7. package/dist/audit/index.js +2 -2
  8. package/dist/auth/index.d.ts +490 -92
  9. package/dist/auth/index.js +3 -2
  10. package/dist/chunk-3AZDFCQF.js +186 -0
  11. package/dist/chunk-3AZDFCQF.js.map +1 -0
  12. package/dist/{chunk-SJGSPIAD.js → chunk-4CANWZWP.js} +3 -3
  13. package/dist/{chunk-SJGSPIAD.js.map → chunk-4CANWZWP.js.map} +1 -1
  14. package/dist/{chunk-KL6XW4S4.js → chunk-62P5FJ34.js} +2375 -633
  15. package/dist/chunk-62P5FJ34.js.map +1 -0
  16. package/dist/chunk-ELGG2VW2.js +538 -0
  17. package/dist/chunk-ELGG2VW2.js.map +1 -0
  18. package/dist/{chunk-5DT4DN4Y.js → chunk-IS5FRKIS.js} +13 -13
  19. package/dist/chunk-IS5FRKIS.js.map +1 -0
  20. package/dist/{chunk-V66UUIA7.js → chunk-KNNJ4COO.js} +92 -3
  21. package/dist/chunk-KNNJ4COO.js.map +1 -0
  22. package/dist/{chunk-OVGNZ5OX.js → chunk-O7VQ2LQE.js} +6 -6
  23. package/dist/chunk-O7VQ2LQE.js.map +1 -0
  24. package/dist/index.d.ts +138 -5
  25. package/dist/index.js +564 -29
  26. package/dist/index.js.map +1 -1
  27. package/dist/mcp/index.d.ts +2 -2
  28. package/dist/mcp/index.js +11 -15
  29. package/dist/mcp/index.js.map +1 -1
  30. package/dist/permission/index.d.ts +3 -3
  31. package/dist/permission/index.js +3 -2
  32. package/dist/{types-Xk83hv4O.d.ts → types-BTui0HQU.d.ts} +1763 -98
  33. package/dist/vc/index.d.ts +800 -0
  34. package/dist/vc/index.js +5 -0
  35. package/dist/vc/index.js.map +1 -0
  36. package/package.json +17 -1
  37. package/dist/chunk-5DT4DN4Y.js.map +0 -1
  38. package/dist/chunk-KL6XW4S4.js.map +0 -1
  39. package/dist/chunk-OVGNZ5OX.js.map +0 -1
  40. package/dist/chunk-V66UUIA7.js.map +0 -1
  41. package/dist/{types-mwupB57A.d.ts → types-BuHrZcjE.d.ts} +2 -2
@@ -1,5 +1,5 @@
1
- import { M as McpAuthContext, R as Result, a as McpAuthorizeResult, A as ApproveConsentParams, b as McpServerMetadata, c as McpProtectedResourceMetadata, d as McpClientRegistrationResponse, e as McpSession, f as McpConfig, g as McpAuthModule, h as McpTokenResponse } from '../types-mwupB57A.js';
2
- export { K as KavachError, i as McpAccessToken, j as McpAuthorizationCode, k as McpAuthorizeRequest, l as McpAuthorizeRequestSchema, m as McpClient, n as McpClientRegistrationRequest, o as McpClientRegistrationSchema, p as McpTokenPayload, q as McpTokenRequest, r as McpTokenRequestParsed, s as McpTokenRequestSchema } from '../types-mwupB57A.js';
1
+ import { M as McpAuthContext, R as Result, a as McpAuthorizeResult, A as ApproveConsentParams, b as McpServerMetadata, c as McpProtectedResourceMetadata, d as McpClientRegistrationResponse, e as McpSession, f as McpConfig, g as McpAuthModule, h as McpTokenResponse } from '../types-BuHrZcjE.js';
2
+ export { K as KavachError, i as McpAccessToken, j as McpAuthorizationCode, k as McpAuthorizeRequest, l as McpAuthorizeRequestSchema, m as McpClient, n as McpClientRegistrationRequest, o as McpClientRegistrationSchema, p as McpTokenPayload, q as McpTokenRequest, r as McpTokenRequestParsed, s as McpTokenRequestSchema } from '../types-BuHrZcjE.js';
3
3
  import 'zod';
4
4
 
5
5
  /**
package/dist/mcp/index.js CHANGED
@@ -1,6 +1,6 @@
1
+ import { randomBytes, toBase64Url, generateId } from '../chunk-3AZDFCQF.js';
1
2
  import '../chunk-PZ5AY32C.js';
2
3
  import { z } from 'zod';
3
- import { getRandomValues, randomUUID } from 'crypto';
4
4
  import { jwtVerify, SignJWT } from 'jose';
5
5
 
6
6
  var McpClientRegistrationSchema = z.object({
@@ -47,19 +47,20 @@ var McpTokenRequestSchema = z.discriminatedUnion("grant_type", [
47
47
  resource: z.string().url().optional()
48
48
  })
49
49
  ]);
50
+
51
+ // src/mcp/utils.ts
50
52
  function generateSecureToken(byteLength) {
51
- const bytes = new Uint8Array(byteLength);
52
- getRandomValues(bytes);
53
- return uint8ArrayToBase64Url(bytes);
53
+ const bytes = randomBytes(byteLength);
54
+ return toBase64Url(bytes);
54
55
  }
55
56
  function generateAuthorizationCode() {
56
- return randomUUID();
57
+ return generateId();
57
58
  }
58
59
  async function computeS256Challenge(codeVerifier) {
59
60
  const encoder = new TextEncoder();
60
61
  const data = encoder.encode(codeVerifier);
61
62
  const digest = await globalThis.crypto.subtle.digest("SHA-256", data);
62
- return uint8ArrayToBase64Url(new Uint8Array(digest));
63
+ return toBase64Url(new Uint8Array(digest));
63
64
  }
64
65
  async function verifyS256(codeVerifier, codeChallenge) {
65
66
  const computed = await computeS256Challenge(codeVerifier);
@@ -78,13 +79,6 @@ function timingSafeEqual(a, b) {
78
79
  }
79
80
  return diff === 0;
80
81
  }
81
- function uint8ArrayToBase64Url(bytes) {
82
- let binary = "";
83
- for (let i = 0; i < bytes.length; i++) {
84
- binary += String.fromCharCode(bytes[i]);
85
- }
86
- return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
87
- }
88
82
  async function parseRequestBody(request) {
89
83
  const contentType = request.headers.get("content-type") ?? "";
90
84
  if (contentType.includes("application/x-www-form-urlencoded")) {
@@ -414,6 +408,8 @@ function getProtectedResourceMetadata(ctx) {
414
408
  resource_signing_alg_values_supported: ["HS256"]
415
409
  };
416
410
  }
411
+
412
+ // src/mcp/registration.ts
417
413
  async function resolveClientIdMetadataDocument(clientId) {
418
414
  try {
419
415
  const url = new URL(clientId);
@@ -502,7 +498,7 @@ async function registerClient(ctx, body) {
502
498
  };
503
499
  }
504
500
  }
505
- const clientId = randomUUID();
501
+ const clientId = generateId();
506
502
  const isPublic = authMethod === "none";
507
503
  const clientSecret = isPublic ? null : generateSecureToken(48);
508
504
  if (data.client_uri) {
@@ -787,7 +783,7 @@ async function issueAccessTokenJwt(ctx, userId, clientId, scopes, resource) {
787
783
  throw new Error("MCP signingSecret is required to issue tokens");
788
784
  }
789
785
  const key = await getSigningKey(secret);
790
- const jti = randomUUID();
786
+ const jti = generateId();
791
787
  const now = Math.floor(Date.now() / 1e3);
792
788
  const exp = now + ctx.config.accessTokenTtl;
793
789
  const expiresAt = new Date(exp * 1e3);