UNPKG

@kya-os/mcp-i

Version:

The TypeScript MCP framework with identity features built-in

github.com/modelcontextprotocol-identity/mcp-i

modelcontextprotocol-identity/mcp-i

93 lines (92 loc) 2.73 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
/** * Cloudflare KV-based nonce cache implementation for Workers * * This cache prevents replay attacks by tracking used nonces in Cloudflare KV. * Each nonce is stored with a TTL matching the session timeout. */ import type { NonceCache } from "@kya-os/contracts/handshake"; /** * Cloudflare KV namespace interface */ export interface KVNamespace { get(key: string, options?: { type?: "text" | "json" | "arrayBuffer" | "stream"; }): Promise<string | null>; put(key: string, value: string | ArrayBuffer | ReadableStream, options?: { expiration?: number; expirationTtl?: number; }): Promise<void>; delete(key: string): Promise<void>; } /** * Configuration for Cloudflare KV nonce cache */ export interface CloudflareKVNonceCacheConfig { /** * KV namespace binding from Worker environment */ namespace: KVNamespace; /** * TTL for nonce entries in seconds * Should match or exceed session timeout * @default 1800 (30 minutes) */ ttl?: number; /** * Key prefix for nonce entries * @default "nonce:" */ keyPrefix?: string; } /** * Cloudflare KV nonce cache for Workers * * Usage in Worker: * ```typescript * export interface Env { * NONCE_CACHE: KVNamespace; * } * * export default { * async fetch(request: Request, env: Env): Promise<Response> { * const nonceCache = new CloudflareKVNonceCache({ * namespace: env.NONCE_CACHE, * ttl: 1800, // 30 minutes * }); * * // Use with verifier or MCP-I runtime * const runtime = new MCPIRuntime({ * nonce: { cache: nonceCache } * }); * } * } * ``` */ export declare class CloudflareKVNonceCache implements NonceCache { private kv; private ttl; private keyPrefix; constructor(config: CloudflareKVNonceCacheConfig); /** * Check if a nonce exists in the cache * * @param nonce - The nonce to check * @param agentDid - Optional agent DID for agent-scoped nonces (prevents cross-agent replay attacks) * @returns Promise<boolean> - true if exists, false if not */ has(nonce: string, agentDid?: string): Promise<boolean>; /** * Add a nonce to the cache with TTL * Implements atomic add-if-absent semantics for replay prevention * * @param nonce - The nonce to add * @param ttl - Time-to-live in seconds * @param agentDid - Optional agent DID for agent-scoped nonces (prevents cross-agent replay attacks) */ add(nonce: string, ttl: number, agentDid?: string): Promise<void>; /** * Cleanup expired nonces * Note: Cloudflare KV handles expiration automatically via TTL */ cleanup(): Promise<void>; }