kavachos 0.2.1 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/a2a/index.d.ts +2 -2
- package/dist/agent/index.d.ts +3 -3
- package/dist/agent/index.js +4 -0
- package/dist/agent/index.js.map +1 -1
- package/dist/audit/index.d.ts +2 -2
- package/dist/audit/index.js +4 -0
- package/dist/audit/index.js.map +1 -1
- package/dist/auth/index.d.ts +64 -3
- package/dist/auth/index.js +91 -2
- package/dist/auth/index.js.map +1 -1
- package/dist/index.d.ts +40 -6
- package/dist/index.js +1239 -202
- package/dist/index.js.map +1 -1
- package/dist/mcp/index.d.ts +2 -2
- package/dist/mcp/index.js +38 -1
- package/dist/mcp/index.js.map +1 -1
- package/dist/permission/index.d.ts +8 -3
- package/dist/permission/index.js +68 -59
- package/dist/permission/index.js.map +1 -1
- package/dist/{types-BuHrZcjE.d.ts → types-BiUe9e8u.d.ts} +24 -0
- package/dist/{types-B02D3kZy.d.ts → types-RJPOU4un.d.ts} +114 -2
- package/dist/vc/index.d.ts +254 -65
- package/dist/vc/index.js +160 -12
- package/dist/vc/index.js.map +1 -1
- package/package.json +2 -1
package/dist/mcp/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { M as McpAuthContext, R as Result, a as McpAuthorizeResult, A as ApproveConsentParams, b as McpServerMetadata, c as McpProtectedResourceMetadata, d as McpClientRegistrationResponse, e as McpSession, f as McpConfig, g as McpAuthModule, h as McpTokenResponse } from '../types-
|
|
2
|
-
export { K as KavachError, i as McpAccessToken, j as McpAuthorizationCode, k as McpAuthorizeRequest, l as McpAuthorizeRequestSchema, m as McpClient, n as McpClientRegistrationRequest, o as McpClientRegistrationSchema, p as McpTokenPayload, q as McpTokenRequest, r as McpTokenRequestParsed, s as McpTokenRequestSchema } from '../types-
|
|
1
|
+
import { M as McpAuthContext, R as Result, a as McpAuthorizeResult, A as ApproveConsentParams, b as McpServerMetadata, c as McpProtectedResourceMetadata, d as McpClientRegistrationResponse, e as McpSession, f as McpConfig, g as McpAuthModule, h as McpTokenResponse } from '../types-BiUe9e8u.js';
|
|
2
|
+
export { K as KavachError, i as McpAccessToken, j as McpAuthorizationCode, k as McpAuthorizeRequest, l as McpAuthorizeRequestSchema, m as McpClient, n as McpClientRegistrationRequest, o as McpClientRegistrationSchema, p as McpTokenPayload, q as McpTokenRequest, r as McpTokenRequestParsed, s as McpTokenRequestSchema } from '../types-BiUe9e8u.js';
|
|
3
3
|
import 'zod';
|
|
4
4
|
|
|
5
5
|
/**
|
package/dist/mcp/index.js
CHANGED
|
@@ -784,6 +784,29 @@ async function requireScopes(ctx, request, requiredScopes) {
|
|
|
784
784
|
}
|
|
785
785
|
return { authorized: true, session };
|
|
786
786
|
}
|
|
787
|
+
|
|
788
|
+
// src/standards/claims.ts
|
|
789
|
+
var AGENTIC_JWT_CLAIMS = {
|
|
790
|
+
/**
|
|
791
|
+
* Stable identifier of the agent making the call.
|
|
792
|
+
*
|
|
793
|
+
* @see draft-goswami-agentic-jwt-00 §3.1
|
|
794
|
+
*/
|
|
795
|
+
AGENT_ID: "agent_id",
|
|
796
|
+
/**
|
|
797
|
+
* Operational mode of the agent: `autonomous`, `delegated`, or `supervised`.
|
|
798
|
+
*
|
|
799
|
+
* @see draft-goswami-agentic-jwt-00 §3.2
|
|
800
|
+
*/
|
|
801
|
+
AGENT_TYPE: "agent_type",
|
|
802
|
+
/**
|
|
803
|
+
* Trust score band at token issuance (e.g. `standard`, `elevated`).
|
|
804
|
+
*
|
|
805
|
+
* @see draft-goswami-agentic-jwt-00 §3.6
|
|
806
|
+
*/
|
|
807
|
+
TRUST_TIER: "trust_tier"};
|
|
808
|
+
|
|
809
|
+
// src/mcp/token.ts
|
|
787
810
|
async function getSigningKey(secret) {
|
|
788
811
|
const encoder = new TextEncoder();
|
|
789
812
|
return globalThis.crypto.subtle.importKey(
|
|
@@ -805,11 +828,25 @@ async function issueAccessTokenJwt(ctx, userId, clientId, scopes, resource) {
|
|
|
805
828
|
const exp = now + ctx.config.accessTokenTtl;
|
|
806
829
|
const expiresAt = new Date(exp * 1e3);
|
|
807
830
|
const audience = resource ?? ctx.config.issuer;
|
|
831
|
+
const agenticClaims = {};
|
|
832
|
+
if (ctx.config.emitAgenticJwtClaims === true && ctx.config.getAgenticContext !== void 0) {
|
|
833
|
+
const ac = await ctx.config.getAgenticContext(userId);
|
|
834
|
+
if (ac.agentId !== void 0) {
|
|
835
|
+
agenticClaims[AGENTIC_JWT_CLAIMS.AGENT_ID] = ac.agentId;
|
|
836
|
+
}
|
|
837
|
+
if (ac.agentType !== void 0) {
|
|
838
|
+
agenticClaims[AGENTIC_JWT_CLAIMS.AGENT_TYPE] = ac.agentType;
|
|
839
|
+
}
|
|
840
|
+
if (ac.trustTier !== void 0) {
|
|
841
|
+
agenticClaims[AGENTIC_JWT_CLAIMS.TRUST_TIER] = ac.trustTier;
|
|
842
|
+
}
|
|
843
|
+
}
|
|
808
844
|
const jwt = await new SignJWT({
|
|
809
845
|
sub: userId,
|
|
810
846
|
client_id: clientId,
|
|
811
847
|
scope: scopes.join(" "),
|
|
812
|
-
jti
|
|
848
|
+
jti,
|
|
849
|
+
...agenticClaims
|
|
813
850
|
}).setProtectedHeader({ alg: "HS256", typ: "at+jwt" }).setIssuer(ctx.config.issuer).setAudience(audience).setIssuedAt(now).setExpirationTime(exp).sign(key);
|
|
814
851
|
return { jwt, jti, expiresAt };
|
|
815
852
|
}
|