kavachos 0.0.3 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/a2a/index.d.ts +2341 -0
- package/dist/a2a/index.js +821 -0
- package/dist/a2a/index.js.map +1 -0
- package/dist/agent/index.d.ts +3 -3
- package/dist/agent/index.js +3 -2
- package/dist/audit/index.d.ts +2 -2
- package/dist/audit/index.js +2 -2
- package/dist/auth/index.d.ts +490 -92
- package/dist/auth/index.js +3 -2
- package/dist/chunk-3AZDFCQF.js +186 -0
- package/dist/chunk-3AZDFCQF.js.map +1 -0
- package/dist/{chunk-SJGSPIAD.js → chunk-4CANWZWP.js} +3 -3
- package/dist/{chunk-SJGSPIAD.js.map → chunk-4CANWZWP.js.map} +1 -1
- package/dist/{chunk-KL6XW4S4.js → chunk-62P5FJ34.js} +2375 -633
- package/dist/chunk-62P5FJ34.js.map +1 -0
- package/dist/chunk-ELGG2VW2.js +538 -0
- package/dist/chunk-ELGG2VW2.js.map +1 -0
- package/dist/{chunk-5DT4DN4Y.js → chunk-IS5FRKIS.js} +13 -13
- package/dist/chunk-IS5FRKIS.js.map +1 -0
- package/dist/{chunk-V66UUIA7.js → chunk-KNNJ4COO.js} +92 -3
- package/dist/chunk-KNNJ4COO.js.map +1 -0
- package/dist/{chunk-OVGNZ5OX.js → chunk-O7VQ2LQE.js} +6 -6
- package/dist/chunk-O7VQ2LQE.js.map +1 -0
- package/dist/index.d.ts +138 -5
- package/dist/index.js +564 -29
- package/dist/index.js.map +1 -1
- package/dist/mcp/index.d.ts +2 -2
- package/dist/mcp/index.js +11 -15
- package/dist/mcp/index.js.map +1 -1
- package/dist/permission/index.d.ts +3 -3
- package/dist/permission/index.js +3 -2
- package/dist/{types-Xk83hv4O.d.ts → types-BTui0HQU.d.ts} +1763 -98
- package/dist/vc/index.d.ts +800 -0
- package/dist/vc/index.js +5 -0
- package/dist/vc/index.js.map +1 -0
- package/package.json +17 -1
- package/dist/chunk-5DT4DN4Y.js.map +0 -1
- package/dist/chunk-KL6XW4S4.js.map +0 -1
- package/dist/chunk-OVGNZ5OX.js.map +0 -1
- package/dist/chunk-V66UUIA7.js.map +0 -1
- package/dist/{types-mwupB57A.d.ts → types-BuHrZcjE.d.ts} +2 -2
package/dist/mcp/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { M as McpAuthContext, R as Result, a as McpAuthorizeResult, A as ApproveConsentParams, b as McpServerMetadata, c as McpProtectedResourceMetadata, d as McpClientRegistrationResponse, e as McpSession, f as McpConfig, g as McpAuthModule, h as McpTokenResponse } from '../types-
|
|
2
|
-
export { K as KavachError, i as McpAccessToken, j as McpAuthorizationCode, k as McpAuthorizeRequest, l as McpAuthorizeRequestSchema, m as McpClient, n as McpClientRegistrationRequest, o as McpClientRegistrationSchema, p as McpTokenPayload, q as McpTokenRequest, r as McpTokenRequestParsed, s as McpTokenRequestSchema } from '../types-
|
|
1
|
+
import { M as McpAuthContext, R as Result, a as McpAuthorizeResult, A as ApproveConsentParams, b as McpServerMetadata, c as McpProtectedResourceMetadata, d as McpClientRegistrationResponse, e as McpSession, f as McpConfig, g as McpAuthModule, h as McpTokenResponse } from '../types-BuHrZcjE.js';
|
|
2
|
+
export { K as KavachError, i as McpAccessToken, j as McpAuthorizationCode, k as McpAuthorizeRequest, l as McpAuthorizeRequestSchema, m as McpClient, n as McpClientRegistrationRequest, o as McpClientRegistrationSchema, p as McpTokenPayload, q as McpTokenRequest, r as McpTokenRequestParsed, s as McpTokenRequestSchema } from '../types-BuHrZcjE.js';
|
|
3
3
|
import 'zod';
|
|
4
4
|
|
|
5
5
|
/**
|
package/dist/mcp/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
+
import { randomBytes, toBase64Url, generateId } from '../chunk-3AZDFCQF.js';
|
|
1
2
|
import '../chunk-PZ5AY32C.js';
|
|
2
3
|
import { z } from 'zod';
|
|
3
|
-
import { getRandomValues, randomUUID } from 'crypto';
|
|
4
4
|
import { jwtVerify, SignJWT } from 'jose';
|
|
5
5
|
|
|
6
6
|
var McpClientRegistrationSchema = z.object({
|
|
@@ -47,19 +47,20 @@ var McpTokenRequestSchema = z.discriminatedUnion("grant_type", [
|
|
|
47
47
|
resource: z.string().url().optional()
|
|
48
48
|
})
|
|
49
49
|
]);
|
|
50
|
+
|
|
51
|
+
// src/mcp/utils.ts
|
|
50
52
|
function generateSecureToken(byteLength) {
|
|
51
|
-
const bytes =
|
|
52
|
-
|
|
53
|
-
return uint8ArrayToBase64Url(bytes);
|
|
53
|
+
const bytes = randomBytes(byteLength);
|
|
54
|
+
return toBase64Url(bytes);
|
|
54
55
|
}
|
|
55
56
|
function generateAuthorizationCode() {
|
|
56
|
-
return
|
|
57
|
+
return generateId();
|
|
57
58
|
}
|
|
58
59
|
async function computeS256Challenge(codeVerifier) {
|
|
59
60
|
const encoder = new TextEncoder();
|
|
60
61
|
const data = encoder.encode(codeVerifier);
|
|
61
62
|
const digest = await globalThis.crypto.subtle.digest("SHA-256", data);
|
|
62
|
-
return
|
|
63
|
+
return toBase64Url(new Uint8Array(digest));
|
|
63
64
|
}
|
|
64
65
|
async function verifyS256(codeVerifier, codeChallenge) {
|
|
65
66
|
const computed = await computeS256Challenge(codeVerifier);
|
|
@@ -78,13 +79,6 @@ function timingSafeEqual(a, b) {
|
|
|
78
79
|
}
|
|
79
80
|
return diff === 0;
|
|
80
81
|
}
|
|
81
|
-
function uint8ArrayToBase64Url(bytes) {
|
|
82
|
-
let binary = "";
|
|
83
|
-
for (let i = 0; i < bytes.length; i++) {
|
|
84
|
-
binary += String.fromCharCode(bytes[i]);
|
|
85
|
-
}
|
|
86
|
-
return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
87
|
-
}
|
|
88
82
|
async function parseRequestBody(request) {
|
|
89
83
|
const contentType = request.headers.get("content-type") ?? "";
|
|
90
84
|
if (contentType.includes("application/x-www-form-urlencoded")) {
|
|
@@ -414,6 +408,8 @@ function getProtectedResourceMetadata(ctx) {
|
|
|
414
408
|
resource_signing_alg_values_supported: ["HS256"]
|
|
415
409
|
};
|
|
416
410
|
}
|
|
411
|
+
|
|
412
|
+
// src/mcp/registration.ts
|
|
417
413
|
async function resolveClientIdMetadataDocument(clientId) {
|
|
418
414
|
try {
|
|
419
415
|
const url = new URL(clientId);
|
|
@@ -502,7 +498,7 @@ async function registerClient(ctx, body) {
|
|
|
502
498
|
};
|
|
503
499
|
}
|
|
504
500
|
}
|
|
505
|
-
const clientId =
|
|
501
|
+
const clientId = generateId();
|
|
506
502
|
const isPublic = authMethod === "none";
|
|
507
503
|
const clientSecret = isPublic ? null : generateSecureToken(48);
|
|
508
504
|
if (data.client_uri) {
|
|
@@ -787,7 +783,7 @@ async function issueAccessTokenJwt(ctx, userId, clientId, scopes, resource) {
|
|
|
787
783
|
throw new Error("MCP signingSecret is required to issue tokens");
|
|
788
784
|
}
|
|
789
785
|
const key = await getSigningKey(secret);
|
|
790
|
-
const jti =
|
|
786
|
+
const jti = generateId();
|
|
791
787
|
const now = Math.floor(Date.now() / 1e3);
|
|
792
788
|
const exp = now + ctx.config.accessTokenTtl;
|
|
793
789
|
const expiresAt = new Date(exp * 1e3);
|