UNPKG

@kya-os/mcp-i

Version:

The TypeScript MCP framework with identity features built-in

github.com/modelcontextprotocol-identity/mcp-i

modelcontextprotocol-identity/mcp-i

100 lines (99 loc) 3.07 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
import type { Request, Response, NextFunction } from "express"; import type { ProofMeta, DetachedProof } from "@kya-os/contracts/proof"; import type { Receipt } from "@kya-os/contracts/registry"; import { type StructuredError } from "@kya-os/contracts/verifier"; import { type CryptoProvider } from "@kya-os/mcp-i-core"; /** * Verifier middleware for proof and receipt validation */ export interface VerifierConfig { /** * Enable receipt verification */ receiptVerification?: boolean; /** * Enable delegation checking */ delegationChecking?: boolean; /** * KTA base URL */ ktaBaseUrl?: string; /** * Policy toggle for receipt checking */ receiptPolicy?: "required" | "optional" | "disabled"; /** * Allow mock data for testing */ allowMockData?: boolean; /** * Optional CryptoProvider for signature verification * If provided, enables full JWS signature verification when DetachedProof is available */ cryptoProvider?: CryptoProvider; } export interface LocalVerifierResult { success: boolean; headers?: Record<string, string>; error?: StructuredError; } export interface VerifierContext { proof: ProofMeta; receipt?: Receipt; delegationRef?: string; /** * Optional full DetachedProof with JWS for signature verification * If provided, enables full cryptographic signature verification */ detachedProof?: DetachedProof; } /** * Core verifier implementation */ export declare class CoreVerifier { private config; private receiptVerifier; private delegationManager; private cryptoService?; constructor(config?: VerifierConfig); /** * Verify proof with optional receipt checking */ verify(context: VerifierContext): Promise<LocalVerifierResult>; /** * Verify proof signature * * Note: Full signature verification requires DetachedProof with JWS. * If only ProofMeta is available, performs structure validation only. * To enable full verification, provide detachedProof in VerifierContext. */ private verifySignature; /** * Fetch public key from DID document * * Note: This is a simplified implementation. Production code should use * a proper DID resolver that supports multiple DID methods (did:key, did:web, etc.) */ private fetchPublicKeyFromDID; /** * Verify delegation status */ private verifyDelegation; /** * Check if receipt verification should be performed */ private shouldVerifyReceipt; /** * Generate trusted headers for successful verification */ private generateHeaders; } /** * Cloudflare Worker verifier */ export declare function verifyWorker(request: Request, config?: VerifierConfig): Promise<LocalVerifierResult>; /** * Express verifier middleware */ export declare function verifyExpress(config?: VerifierConfig): (req: Request, res: Response, next: NextFunction) => Promise<Response<any, Record<string, any>> | undefined>;