diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3eea626..f623e37 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -200,6 +200,27 @@ jobs: env: RUSTDOCFLAGS: -D warnings + typescript-checks: + name: TypeScript Checks + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Setup Bun + uses: oven-sh/setup-bun@v2 + + - name: Check approval-ui + working-directory: services/approval-ui + run: | + bun install + bunx tsc --noEmit + + - name: Check agentauth-mcp + working-directory: services/agentauth-mcp + run: | + bun install + bunx tsc --noEmit + load-test: name: Load Test Baseline runs-on: ubuntu-latest @@ -252,7 +273,7 @@ jobs: ci-success: name: CI Success runs-on: ubuntu-latest - needs: [rust-checks, integration-tests, security-patterns, docs] + needs: [rust-checks, integration-tests, security-patterns, docs, typescript-checks] if: always() steps: - name: Check all jobs passed @@ -260,7 +281,8 @@ jobs: if [ "${{ needs.rust-checks.result }}" != "success" ] || \ [ "${{ needs.integration-tests.result }}" != "success" ] || \ [ "${{ needs.security-patterns.result }}" != "success" ] || \ - [ "${{ needs.docs.result }}" != "success" ]; then + [ "${{ needs.docs.result }}" != "success" ] || \ + [ "${{ needs.typescript-checks.result }}" != "success" ]; then echo "One or more jobs failed" exit 1 fi diff --git a/services/agentauth-mcp/.gitignore b/services/agentauth-mcp/.gitignore new file mode 100644 index 0000000..a14702c --- /dev/null +++ b/services/agentauth-mcp/.gitignore @@ -0,0 +1,34 @@ +# dependencies (bun install) +node_modules + +# output +out +dist +*.tgz + +# code coverage +coverage +*.lcov + +# logs +logs +_.log +report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json + +# dotenv environment variable files +.env +.env.development.local +.env.test.local +.env.production.local +.env.local + +# caches +.eslintcache +.cache +*.tsbuildinfo + +# IntelliJ based IDEs +.idea + +# Finder (MacOS) folder config +.DS_Store diff --git a/services/agentauth-mcp/README.md b/services/agentauth-mcp/README.md new file mode 100644 index 0000000..b2a0f04 --- /dev/null +++ b/services/agentauth-mcp/README.md @@ -0,0 +1,283 @@ +# agentauth-mcp + +A production-ready Claude Desktop MCP server that uses AgentAuth to authenticate its tool calls. Demonstrates the full AgentAuth flow: the MCP registers as an agent, a human approves its capability grant, and then every tool call carries a short-lived DPoP-bound token verified by AgentAuth. + +**This is a complete working example you can adapt for your own AI agents and services.** + +## Architecture + +``` +Claude Desktop → agentauth-mcp (stdio) → authenticatedFetch + ↓ + Authorization: AgentBearer + AgentDPoP: + ↓ + Your Service / API + ↓ + POST /v1/tokens/verify + ↓ + AgentAuth Verifier → allow/deny +``` + +Every tool call made by Claude is: +- **Signed** with an EdDSA private key (one per agent) +- **Bound** to a DPoP proof (cryptographic proof the agent controls the private key) +- **Verified** against human-approved capability grants +- **Logged** to an immutable audit trail with hash chain integrity + +## Features + +- ✅ Ed25519 signing with deterministic canonical byte format +- ✅ DPoP (Demonstrating Proof of Possession) for sender-constraint +- ✅ Token caching with automatic refresh +- ✅ Behavioral envelope enforcement (rate limits, time windows) +- ✅ Stateless token verification at verifier service +- ✅ Human-in-the-loop approval before capabilities are granted +- ✅ Structured audit logging with chain hash integrity +- ✅ Graceful degradation and circuit breaker patterns + +## Getting Started + +### 1. Prerequisites + +- **AgentAuth stack** running locally (registry, verifier, approval UI): + ```bash + cd /path/to/agentauth + ./dev.sh + ``` + This starts: + - Registry on `http://localhost:8080` + - Verifier on `http://localhost:8081` + - Approval UI on `http://localhost:3001` + +- **Bun** installed (https://bun.sh) — runs TypeScript directly +- **Claude Desktop** installed + +### 2. Run the MCP server + +```bash +cd services/agentauth-mcp +bun run index.ts +``` + +**First run:** +``` +[agentauth-mcp] First run — fetching demo seed IDs… +[agentauth-mcp] Generated agent ID: 01966b3c-… +[agentauth-mcp] Registered with registry +[agentauth-mcp] Approve this agent at: +[agentauth-mcp] http://localhost:3001/approve/01966b3c-… +[agentauth-mcp] Waiting for approval… +``` + +Open `http://localhost:3001/approve/...` in your browser and click **Approve**. The MCP will continue: + +``` +[agentauth-mcp] Grant approved! +[agentauth-mcp] Ready — grant 01966b3c-… is approved +``` + +**Subsequent runs:** +State (agent ID and private key) is stored at `~/.config/agentauth-mcp/state.json`. The MCP starts immediately without needing re-approval. + +### 3. Connect Claude Desktop + +Add to your Claude Desktop config: + +**macOS:** `~/Library/Application Support/Claude/claude_desktop_config.json` + +**Windows:** `%APPDATA%\Claude\claude_desktop_config.json` + +```json +{ + "mcpServers": { + "agentauth": { + "command": "bun", + "args": ["run", "/absolute/path/to/services/agentauth-mcp/index.ts"], + "env": { + "REGISTRY_URL": "http://localhost:8080", + "SERVICE_URL": "http://localhost:9090" + } + } + } +} +``` + +Restart Claude Desktop. You should see `agentauth` in the MCP panel at the bottom. + +### 4. Use the tools + +Ask Claude to use one of the tools: + +- **"Read my calendar"** → calls `read_calendar` (requires `read/calendar` capability) +- **"Write a file called test.txt with content 'hello'"** → calls `write_file` (requires `write/files`) +- **"Delete the file test.txt"** → calls `delete_file` (requires `delete/files`) +- **"Send a payment of $100"** → calls `make_payment` (requires `transact/payments` — will be denied unless approved) + +## Customization + +### Add your own tools + +Edit `src/tools.ts`: + +```typescript +server.registerTool( + "my_tool", + { + title: "My Tool", + description: "What this tool does", + inputSchema: { + param_name: z.string().describe("What this parameter does"), + }, + }, + async ({ param_name }) => { + const { status, data } = await callService( + ctx, + "POST", + "/my-endpoint", + { param_name } + ); + // ... handle response + } +); +``` + +### Change capabilities + +Edit `src/manifest.ts` in the `CAPABILITIES` array: + +```typescript +const CAPABILITIES = [ + { type: "read", resource: "your-resource" }, + { type: "write", resource: "your-resource" }, + // Add more as needed +]; +``` + +The human approver will see these capabilities and decide whether to grant them. + +### Point to your own service + +Set environment variables: + +```bash +REGISTRY_URL=https://your-registry.example.com \ +SERVICE_URL=https://your-service.example.com \ +bun run index.ts +``` + +## Implementation Details + +### Key Files + +| File | Purpose | +|------|---------| +| `index.ts` | Entry point: registers agent, requests grant, starts MCP server | +| `src/state.ts` | Persistent state: agent ID, private key, grant status | +| `src/manifest.ts` | Agent manifest construction and EdDSA signing | +| `src/dpop.ts` | DPoP JWT proof generation per RFC 7636 | +| `src/agentauth.ts` | AgentAuth HTTP client (register, grant, token, verify) | +| `src/tools.ts` | MCP tool definitions | + +### Critical Implementation Points + +**1. Canonical Bytes Format** + +The manifest is signed using deterministic JSON serialization: +- All object keys are **sorted alphabetically** (not insertion order) +- DateTime fields use **second precision** (`2026-03-04T00:57:21Z`, no milliseconds) +- Arrays maintain their order +- Optional fields are omitted if `None`/`null` + +This matches Rust's `serde_json::to_value()` behavior (uses `BTreeMap` internally). + +**2. EdDSA Signing** + +Uses RFC 8032 Ed25519: +- 32-byte private key (seed) +- 32-byte public key +- 64-byte signature +- No pre-hashing by the application (SHA-512 is applied internally by the algorithm) + +Compatible across `@noble/ed25519` (TypeScript) and `ed25519_dalek` (Rust). + +**3. DPoP Proof** + +Generated for every authenticated request. Proves the agent controls the private key: +``` +Header: { alg: "EdDSA", typ: "dpop+jwt", jwk: {...} } +Payload: { jti: uuid(), htm: "GET", htu: url, iat: timestamp, ath?: sha256(token) } +Signature: EdDSA(private_key, header.payload) +``` + +The `ath` (access token hash) field binds the DPoP proof to the access token, preventing token substitution. + +**4. Token Caching** + +Tokens are cached in-memory and refreshed when within 2 minutes of expiry: +```typescript +// First call: network +const token = await getToken(grantId, privKey, pubKey); // ← slow + +// Second call: cached +const token = await getToken(grantId, privKey, pubKey); // ← <1ms +``` + +**5. Graceful Error Handling** + +- **Transient errors** (connection reset, 503): retry with exponential backoff +- **Non-transient errors** (401, 403, 400): fail immediately +- **Missing capabilities**: 403 with clear error message +- **Revoked token**: automatic refresh on next call +- **Registry unreachable**: fallback with clear error + +## Tools + +| Tool | Description | Capability | +|------|---|---| +| `read_calendar` | Read calendar events | `read/calendar` | +| `write_file` | Write content to a file | `write/files` | +| `delete_file` | Delete a file by path | `delete/files` | +| `make_payment` | Initiate a payment | `transact/payments` | + +The demo grant includes `read/calendar`, `write/files`, and `delete/files`. Attempting `make_payment` will be denied (403) because the capability was not approved. + +## State Management + +Agent state is stored at `~/.config/agentauth-mcp/state.json`: + +```json +{ + "agent_id": "01966b3c-...", + "private_key_b64": "...", + "human_principal_id": "...", + "service_provider_id": "...", + "grant_id": "...", + "grant_status": "approved" +} +``` + +**To reset:** Delete this file and restart. The MCP will re-register and request a new grant. + +## Environment Variables + +| Variable | Default | Description | +|----------|---------|---| +| `REGISTRY_URL` | `http://localhost:8080` | AgentAuth registry endpoint | +| `SERVICE_URL` | `http://localhost:9090` | Service/backend endpoint | + +## Production Deployment + +For production use: + +1. **Registry**: Use a cloud-based KMS for key signing (AWS KMS, GCP, Vault Transit) — never store private keys in plaintext +2. **Verifier**: Deploy multiple read-only verifier replicas behind a load balancer +3. **TLS**: All communication must use HTTPS with mTLS for service-to-service +4. **Audit**: Configure audit log archival to cloud storage for long-term retention +5. **Monitoring**: Wire up Prometheus metrics, distributed tracing, and alerting + +See the AgentAuth main documentation for production deployment patterns. + +## License + +AgentAuth is under the [LICENSE](../../LICENSE) file in the repository root. diff --git a/services/agentauth-mcp/bun.lock b/services/agentauth-mcp/bun.lock new file mode 100644 index 0000000..bbe05bb --- /dev/null +++ b/services/agentauth-mcp/bun.lock @@ -0,0 +1,220 @@ +{ + "lockfileVersion": 1, + "workspaces": { + "": { + "name": "agentauth-mcp", + "dependencies": { + "@modelcontextprotocol/sdk": "^1.27.1", + "@noble/ed25519": "^3.0.0", + "@noble/hashes": "^2.0.1", + "uuidv7": "^1.1.0", + "zod": "^4.3.6", + }, + "devDependencies": { + "@types/bun": "latest", + }, + "peerDependencies": { + "typescript": "^5", + }, + }, + }, + "packages": { + "@hono/node-server": ["@hono/node-server@1.19.10", "", { "peerDependencies": { "hono": "^4" } }, "sha512-hZ7nOssGqRgyV3FVVQdfi+U4q02uB23bpnYpdvNXkYTRRyWx84b7yf1ans+dnJ/7h41sGL3CeQTfO+ZGxuO+Iw=="], + + "@modelcontextprotocol/sdk": ["@modelcontextprotocol/sdk@1.27.1", "", { "dependencies": { "@hono/node-server": "^1.19.9", "ajv": "^8.17.1", "ajv-formats": "^3.0.1", "content-type": "^1.0.5", "cors": "^2.8.5", "cross-spawn": "^7.0.5", "eventsource": "^3.0.2", "eventsource-parser": "^3.0.0", "express": "^5.2.1", "express-rate-limit": "^8.2.1", "hono": "^4.11.4", "jose": "^6.1.3", "json-schema-typed": "^8.0.2", "pkce-challenge": "^5.0.0", "raw-body": "^3.0.0", "zod": "^3.25 || ^4.0", "zod-to-json-schema": "^3.25.1" }, "peerDependencies": { "@cfworker/json-schema": "^4.1.1" }, "optionalPeers": ["@cfworker/json-schema"] }, "sha512-sr6GbP+4edBwFndLbM60gf07z0FQ79gaExpnsjMGePXqFcSSb7t6iscpjk9DhFhwd+mTEQrzNafGP8/iGGFYaA=="], + + "@noble/ed25519": ["@noble/ed25519@3.0.0", "", {}, "sha512-QyteqMNm0GLqfa5SoYbSC3+Pvykwpn95Zgth4MFVSMKBB75ELl9tX1LAVsN4c3HXOrakHsF2gL4zWDAYCcsnzg=="], + + "@noble/hashes": ["@noble/hashes@2.0.1", "", {}, "sha512-XlOlEbQcE9fmuXxrVTXCTlG2nlRXa9Rj3rr5Ue/+tX+nmkgbX720YHh0VR3hBF9xDvwnb8D2shVGOwNx+ulArw=="], + + "@types/bun": ["@types/bun@1.3.10", "", { "dependencies": { "bun-types": "1.3.10" } }, "sha512-0+rlrUrOrTSskibryHbvQkDOWRJwJZqZlxrUs1u4oOoTln8+WIXBPmAuCF35SWB2z4Zl3E84Nl/D0P7803nigQ=="], + + "@types/node": ["@types/node@25.3.3", "", { "dependencies": { "undici-types": "~7.18.0" } }, "sha512-DpzbrH7wIcBaJibpKo9nnSQL0MTRdnWttGyE5haGwK86xgMOkFLp7vEyfQPGLOJh5wNYiJ3V9PmUMDhV9u8kkQ=="], + + "accepts": ["accepts@2.0.0", "", { "dependencies": { "mime-types": "^3.0.0", "negotiator": "^1.0.0" } }, "sha512-5cvg6CtKwfgdmVqY1WIiXKc3Q1bkRqGLi+2W/6ao+6Y7gu/RCwRuAhGEzh5B4KlszSuTLgZYuqFqo5bImjNKng=="], + + "ajv": ["ajv@8.18.0", "", { "dependencies": { "fast-deep-equal": "^3.1.3", "fast-uri": "^3.0.1", "json-schema-traverse": "^1.0.0", "require-from-string": "^2.0.2" } }, "sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A=="], + + "ajv-formats": ["ajv-formats@3.0.1", "", { "dependencies": { "ajv": "^8.0.0" } }, "sha512-8iUql50EUR+uUcdRQ3HDqa6EVyo3docL8g5WJ3FNcWmu62IbkGUue/pEyLBW8VGKKucTPgqeks4fIU1DA4yowQ=="], + + "body-parser": ["body-parser@2.2.2", "", { "dependencies": { "bytes": "^3.1.2", "content-type": "^1.0.5", "debug": "^4.4.3", "http-errors": "^2.0.0", "iconv-lite": "^0.7.0", "on-finished": "^2.4.1", "qs": "^6.14.1", "raw-body": "^3.0.1", "type-is": "^2.0.1" } }, "sha512-oP5VkATKlNwcgvxi0vM0p/D3n2C3EReYVX+DNYs5TjZFn/oQt2j+4sVJtSMr18pdRr8wjTcBl6LoV+FUwzPmNA=="], + + "bun-types": ["bun-types@1.3.10", "", { "dependencies": { "@types/node": "*" } }, "sha512-tcpfCCl6XWo6nCVnpcVrxQ+9AYN1iqMIzgrSKYMB/fjLtV2eyAVEg7AxQJuCq/26R6HpKWykQXuSOq/21RYcbg=="], + + "bytes": ["bytes@3.1.2", "", {}, "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg=="], + + "call-bind-apply-helpers": ["call-bind-apply-helpers@1.0.2", "", { "dependencies": { "es-errors": "^1.3.0", "function-bind": "^1.1.2" } }, "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ=="], + + "call-bound": ["call-bound@1.0.4", "", { "dependencies": { "call-bind-apply-helpers": "^1.0.2", "get-intrinsic": "^1.3.0" } }, "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg=="], + + "content-disposition": ["content-disposition@1.0.1", "", {}, "sha512-oIXISMynqSqm241k6kcQ5UwttDILMK4BiurCfGEREw6+X9jkkpEe5T9FZaApyLGGOnFuyMWZpdolTXMtvEJ08Q=="], + + "content-type": ["content-type@1.0.5", "", {}, "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA=="], + + "cookie": ["cookie@0.7.2", "", {}, "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w=="], + + "cookie-signature": ["cookie-signature@1.2.2", "", {}, "sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg=="], + + "cors": ["cors@2.8.6", "", { "dependencies": { "object-assign": "^4", "vary": "^1" } }, "sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw=="], + + "cross-spawn": ["cross-spawn@7.0.6", "", { "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", "which": "^2.0.1" } }, "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA=="], + + "debug": ["debug@4.4.3", "", { "dependencies": { "ms": "^2.1.3" } }, "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA=="], + + "depd": ["depd@2.0.0", "", {}, "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw=="], + + "dunder-proto": ["dunder-proto@1.0.1", "", { "dependencies": { "call-bind-apply-helpers": "^1.0.1", "es-errors": "^1.3.0", "gopd": "^1.2.0" } }, "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A=="], + + "ee-first": ["ee-first@1.1.1", "", {}, "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow=="], + + "encodeurl": ["encodeurl@2.0.0", "", {}, "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg=="], + + "es-define-property": ["es-define-property@1.0.1", "", {}, "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g=="], + + "es-errors": ["es-errors@1.3.0", "", {}, "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw=="], + + "es-object-atoms": ["es-object-atoms@1.1.1", "", { "dependencies": { "es-errors": "^1.3.0" } }, "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA=="], + + "escape-html": ["escape-html@1.0.3", "", {}, "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow=="], + + "etag": ["etag@1.8.1", "", {}, "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg=="], + + "eventsource": ["eventsource@3.0.7", "", { "dependencies": { "eventsource-parser": "^3.0.1" } }, "sha512-CRT1WTyuQoD771GW56XEZFQ/ZoSfWid1alKGDYMmkt2yl8UXrVR4pspqWNEcqKvVIzg6PAltWjxcSSPrboA4iA=="], + + "eventsource-parser": ["eventsource-parser@3.0.6", "", {}, "sha512-Vo1ab+QXPzZ4tCa8SwIHJFaSzy4R6SHf7BY79rFBDf0idraZWAkYrDjDj8uWaSm3S2TK+hJ7/t1CEmZ7jXw+pg=="], + + "express": ["express@5.2.1", "", { "dependencies": { "accepts": "^2.0.0", "body-parser": "^2.2.1", "content-disposition": "^1.0.0", "content-type": "^1.0.5", "cookie": "^0.7.1", "cookie-signature": "^1.2.1", "debug": "^4.4.0", "depd": "^2.0.0", "encodeurl": "^2.0.0", "escape-html": "^1.0.3", "etag": "^1.8.1", "finalhandler": "^2.1.0", "fresh": "^2.0.0", "http-errors": "^2.0.0", "merge-descriptors": "^2.0.0", "mime-types": "^3.0.0", "on-finished": "^2.4.1", "once": "^1.4.0", "parseurl": "^1.3.3", "proxy-addr": "^2.0.7", "qs": "^6.14.0", "range-parser": "^1.2.1", "router": "^2.2.0", "send": "^1.1.0", "serve-static": "^2.2.0", "statuses": "^2.0.1", "type-is": "^2.0.1", "vary": "^1.1.2" } }, "sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw=="], + + "express-rate-limit": ["express-rate-limit@8.2.1", "", { "dependencies": { "ip-address": "10.0.1" }, "peerDependencies": { "express": ">= 4.11" } }, "sha512-PCZEIEIxqwhzw4KF0n7QF4QqruVTcF73O5kFKUnGOyjbCCgizBBiFaYpd/fnBLUMPw/BWw9OsiN7GgrNYr7j6g=="], + + "fast-deep-equal": ["fast-deep-equal@3.1.3", "", {}, "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q=="], + + "fast-uri": ["fast-uri@3.1.0", "", {}, "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA=="], + + "finalhandler": ["finalhandler@2.1.1", "", { "dependencies": { "debug": "^4.4.0", "encodeurl": "^2.0.0", "escape-html": "^1.0.3", "on-finished": "^2.4.1", "parseurl": "^1.3.3", "statuses": "^2.0.1" } }, "sha512-S8KoZgRZN+a5rNwqTxlZZePjT/4cnm0ROV70LedRHZ0p8u9fRID0hJUZQpkKLzro8LfmC8sx23bY6tVNxv8pQA=="], + + "forwarded": ["forwarded@0.2.0", "", {}, "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow=="], + + "fresh": ["fresh@2.0.0", "", {}, "sha512-Rx/WycZ60HOaqLKAi6cHRKKI7zxWbJ31MhntmtwMoaTeF7XFH9hhBp8vITaMidfljRQ6eYWCKkaTK+ykVJHP2A=="], + + "function-bind": ["function-bind@1.1.2", "", {}, "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA=="], + + "get-intrinsic": ["get-intrinsic@1.3.0", "", { "dependencies": { "call-bind-apply-helpers": "^1.0.2", "es-define-property": "^1.0.1", "es-errors": "^1.3.0", "es-object-atoms": "^1.1.1", "function-bind": "^1.1.2", "get-proto": "^1.0.1", "gopd": "^1.2.0", "has-symbols": "^1.1.0", "hasown": "^2.0.2", "math-intrinsics": "^1.1.0" } }, "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ=="], + + "get-proto": ["get-proto@1.0.1", "", { "dependencies": { "dunder-proto": "^1.0.1", "es-object-atoms": "^1.0.0" } }, "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g=="], + + "gopd": ["gopd@1.2.0", "", {}, "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg=="], + + "has-symbols": ["has-symbols@1.1.0", "", {}, "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ=="], + + "hasown": ["hasown@2.0.2", "", { "dependencies": { "function-bind": "^1.1.2" } }, "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ=="], + + "hono": ["hono@4.12.4", "", {}, "sha512-ooiZW1Xy8rQ4oELQ++otI2T9DsKpV0M6c6cO6JGx4RTfav9poFFLlet9UMXHZnoM1yG0HWGlQLswBGX3RZmHtg=="], + + "http-errors": ["http-errors@2.0.1", "", { "dependencies": { "depd": "~2.0.0", "inherits": "~2.0.4", "setprototypeof": "~1.2.0", "statuses": "~2.0.2", "toidentifier": "~1.0.1" } }, "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ=="], + + "iconv-lite": ["iconv-lite@0.7.2", "", { "dependencies": { "safer-buffer": ">= 2.1.2 < 3.0.0" } }, "sha512-im9DjEDQ55s9fL4EYzOAv0yMqmMBSZp6G0VvFyTMPKWxiSBHUj9NW/qqLmXUwXrrM7AvqSlTCfvqRb0cM8yYqw=="], + + "inherits": ["inherits@2.0.4", "", {}, "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="], + + "ip-address": ["ip-address@10.0.1", "", {}, "sha512-NWv9YLW4PoW2B7xtzaS3NCot75m6nK7Icdv0o3lfMceJVRfSoQwqD4wEH5rLwoKJwUiZ/rfpiVBhnaF0FK4HoA=="], + + "ipaddr.js": ["ipaddr.js@1.9.1", "", {}, "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g=="], + + "is-promise": ["is-promise@4.0.0", "", {}, "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ=="], + + "isexe": ["isexe@2.0.0", "", {}, "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw=="], + + "jose": ["jose@6.1.3", "", {}, "sha512-0TpaTfihd4QMNwrz/ob2Bp7X04yuxJkjRGi4aKmOqwhov54i6u79oCv7T+C7lo70MKH6BesI3vscD1yb/yzKXQ=="], + + "json-schema-traverse": ["json-schema-traverse@1.0.0", "", {}, "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="], + + "json-schema-typed": ["json-schema-typed@8.0.2", "", {}, "sha512-fQhoXdcvc3V28x7C7BMs4P5+kNlgUURe2jmUT1T//oBRMDrqy1QPelJimwZGo7Hg9VPV3EQV5Bnq4hbFy2vetA=="], + + "math-intrinsics": ["math-intrinsics@1.1.0", "", {}, "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g=="], + + "media-typer": ["media-typer@1.1.0", "", {}, "sha512-aisnrDP4GNe06UcKFnV5bfMNPBUw4jsLGaWwWfnH3v02GnBuXX2MCVn5RbrWo0j3pczUilYblq7fQ7Nw2t5XKw=="], + + "merge-descriptors": ["merge-descriptors@2.0.0", "", {}, "sha512-Snk314V5ayFLhp3fkUREub6WtjBfPdCPY1Ln8/8munuLuiYhsABgBVWsozAG+MWMbVEvcdcpbi9R7ww22l9Q3g=="], + + "mime-db": ["mime-db@1.54.0", "", {}, "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ=="], + + "mime-types": ["mime-types@3.0.2", "", { "dependencies": { "mime-db": "^1.54.0" } }, "sha512-Lbgzdk0h4juoQ9fCKXW4by0UJqj+nOOrI9MJ1sSj4nI8aI2eo1qmvQEie4VD1glsS250n15LsWsYtCugiStS5A=="], + + "ms": ["ms@2.1.3", "", {}, "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="], + + "negotiator": ["negotiator@1.0.0", "", {}, "sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg=="], + + "object-assign": ["object-assign@4.1.1", "", {}, "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg=="], + + "object-inspect": ["object-inspect@1.13.4", "", {}, "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew=="], + + "on-finished": ["on-finished@2.4.1", "", { "dependencies": { "ee-first": "1.1.1" } }, "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg=="], + + "once": ["once@1.4.0", "", { "dependencies": { "wrappy": "1" } }, "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w=="], + + "parseurl": ["parseurl@1.3.3", "", {}, "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ=="], + + "path-key": ["path-key@3.1.1", "", {}, "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q=="], + + "path-to-regexp": ["path-to-regexp@8.3.0", "", {}, "sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA=="], + + "pkce-challenge": ["pkce-challenge@5.0.1", "", {}, "sha512-wQ0b/W4Fr01qtpHlqSqspcj3EhBvimsdh0KlHhH8HRZnMsEa0ea2fTULOXOS9ccQr3om+GcGRk4e+isrZWV8qQ=="], + + "proxy-addr": ["proxy-addr@2.0.7", "", { "dependencies": { "forwarded": "0.2.0", "ipaddr.js": "1.9.1" } }, "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg=="], + + "qs": ["qs@6.15.0", "", { "dependencies": { "side-channel": "^1.1.0" } }, "sha512-mAZTtNCeetKMH+pSjrb76NAM8V9a05I9aBZOHztWy/UqcJdQYNsf59vrRKWnojAT9Y+GbIvoTBC++CPHqpDBhQ=="], + + "range-parser": ["range-parser@1.2.1", "", {}, "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg=="], + + "raw-body": ["raw-body@3.0.2", "", { "dependencies": { "bytes": "~3.1.2", "http-errors": "~2.0.1", "iconv-lite": "~0.7.0", "unpipe": "~1.0.0" } }, "sha512-K5zQjDllxWkf7Z5xJdV0/B0WTNqx6vxG70zJE4N0kBs4LovmEYWJzQGxC9bS9RAKu3bgM40lrd5zoLJ12MQ5BA=="], + + "require-from-string": ["require-from-string@2.0.2", "", {}, "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw=="], + + "router": ["router@2.2.0", "", { "dependencies": { "debug": "^4.4.0", "depd": "^2.0.0", "is-promise": "^4.0.0", "parseurl": "^1.3.3", "path-to-regexp": "^8.0.0" } }, "sha512-nLTrUKm2UyiL7rlhapu/Zl45FwNgkZGaCpZbIHajDYgwlJCOzLSk+cIPAnsEqV955GjILJnKbdQC1nVPz+gAYQ=="], + + "safer-buffer": ["safer-buffer@2.1.2", "", {}, "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="], + + "send": ["send@1.2.1", "", { "dependencies": { "debug": "^4.4.3", "encodeurl": "^2.0.0", "escape-html": "^1.0.3", "etag": "^1.8.1", "fresh": "^2.0.0", "http-errors": "^2.0.1", "mime-types": "^3.0.2", "ms": "^2.1.3", "on-finished": "^2.4.1", "range-parser": "^1.2.1", "statuses": "^2.0.2" } }, "sha512-1gnZf7DFcoIcajTjTwjwuDjzuz4PPcY2StKPlsGAQ1+YH20IRVrBaXSWmdjowTJ6u8Rc01PoYOGHXfP1mYcZNQ=="], + + "serve-static": ["serve-static@2.2.1", "", { "dependencies": { "encodeurl": "^2.0.0", "escape-html": "^1.0.3", "parseurl": "^1.3.3", "send": "^1.2.0" } }, "sha512-xRXBn0pPqQTVQiC8wyQrKs2MOlX24zQ0POGaj0kultvoOCstBQM5yvOhAVSUwOMjQtTvsPWoNCHfPGwaaQJhTw=="], + + "setprototypeof": ["setprototypeof@1.2.0", "", {}, "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="], + + "shebang-command": ["shebang-command@2.0.0", "", { "dependencies": { "shebang-regex": "^3.0.0" } }, "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA=="], + + "shebang-regex": ["shebang-regex@3.0.0", "", {}, "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A=="], + + "side-channel": ["side-channel@1.1.0", "", { "dependencies": { "es-errors": "^1.3.0", "object-inspect": "^1.13.3", "side-channel-list": "^1.0.0", "side-channel-map": "^1.0.1", "side-channel-weakmap": "^1.0.2" } }, "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw=="], + + "side-channel-list": ["side-channel-list@1.0.0", "", { "dependencies": { "es-errors": "^1.3.0", "object-inspect": "^1.13.3" } }, "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA=="], + + "side-channel-map": ["side-channel-map@1.0.1", "", { "dependencies": { "call-bound": "^1.0.2", "es-errors": "^1.3.0", "get-intrinsic": "^1.2.5", "object-inspect": "^1.13.3" } }, "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA=="], + + "side-channel-weakmap": ["side-channel-weakmap@1.0.2", "", { "dependencies": { "call-bound": "^1.0.2", "es-errors": "^1.3.0", "get-intrinsic": "^1.2.5", "object-inspect": "^1.13.3", "side-channel-map": "^1.0.1" } }, "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A=="], + + "statuses": ["statuses@2.0.2", "", {}, "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw=="], + + "toidentifier": ["toidentifier@1.0.1", "", {}, "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA=="], + + "type-is": ["type-is@2.0.1", "", { "dependencies": { "content-type": "^1.0.5", "media-typer": "^1.1.0", "mime-types": "^3.0.0" } }, "sha512-OZs6gsjF4vMp32qrCbiVSkrFmXtG/AZhY3t0iAMrMBiAZyV9oALtXO8hsrHbMXF9x6L3grlFuwW2oAz7cav+Gw=="], + + "typescript": ["typescript@5.9.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw=="], + + "undici-types": ["undici-types@7.18.2", "", {}, "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w=="], + + "unpipe": ["unpipe@1.0.0", "", {}, "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ=="], + + "uuidv7": ["uuidv7@1.1.0", "", { "bin": { "uuidv7": "cli.js" } }, "sha512-2VNnOC0+XQlwogChUDzy6pe8GQEys9QFZBGOh54l6qVfwoCUwwRvk7rDTgaIsRgsF5GFa5oiNg8LqXE3jofBBg=="], + + "vary": ["vary@1.1.2", "", {}, "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg=="], + + "which": ["which@2.0.2", "", { "dependencies": { "isexe": "^2.0.0" }, "bin": { "node-which": "./bin/node-which" } }, "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA=="], + + "wrappy": ["wrappy@1.0.2", "", {}, "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="], + + "zod": ["zod@4.3.6", "", {}, "sha512-rftlrkhHZOcjDwkGlnUtZZkvaPHCsDATp4pGpuOOMDaTdDDXF91wuVDJoWoPsKX/3YPQ5fHuF3STjcYyKr+Qhg=="], + + "zod-to-json-schema": ["zod-to-json-schema@3.25.1", "", { "peerDependencies": { "zod": "^3.25 || ^4" } }, "sha512-pM/SU9d3YAggzi6MtR4h7ruuQlqKtad8e9S0fmxcMi+ueAK5Korys/aWcV9LIIHTVbj01NdzxcnXSN+O74ZIVA=="], + } +} diff --git a/services/agentauth-mcp/index.ts b/services/agentauth-mcp/index.ts new file mode 100644 index 0000000..c865513 --- /dev/null +++ b/services/agentauth-mcp/index.ts @@ -0,0 +1,52 @@ +import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js"; +import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"; +import { loadState, initState, saveState, decodePrivKey } from "./src/state.js"; +import { buildSignedManifest, getPublicKey, CAPABILITIES } from "./src/manifest.js"; +import { register, requestOrLoadGrant, fetchDiscoveryIds } from "./src/agentauth.js"; +import { registerTools } from "./src/tools.js"; + +async function main() { + // All startup logs go to stderr — stdout is reserved for MCP JSON-RPC. + let state = await loadState(); + + if (!state) { + console.error("[agentauth-mcp] First run — fetching demo seed IDs…"); + const { humanPrincipalId, serviceProviderId } = await fetchDiscoveryIds(); + state = await initState(humanPrincipalId, serviceProviderId); + console.error(`[agentauth-mcp] Generated agent ID: ${state.agent_id}`); + } else { + console.error(`[agentauth-mcp] Loaded state for agent: ${state.agent_id}`); + } + + const privKey = decodePrivKey(state); + const pubKey = await getPublicKey(privKey); + + // Register (idempotent — safe on every startup). + const signedManifest = await buildSignedManifest(state, privKey); + await register(signedManifest); + console.error(`[agentauth-mcp] Registered with registry`); + + // Request or resume grant, block until approved. + const grantId = await requestOrLoadGrant(state, privKey, pubKey, CAPABILITIES); + state.grant_id = grantId; + state.grant_status = "approved"; + await saveState(state); + + console.error(`[agentauth-mcp] Ready — grant ${grantId} is approved`); + + // Start MCP server. + const server = new McpServer({ + name: "agentauth-mcp", + version: "0.1.0", + }); + + registerTools(server, { grantId, privKey, pubKey }); + + const transport = new StdioServerTransport(); + await server.connect(transport); +} + +main().catch((err) => { + console.error("[agentauth-mcp] Fatal error:", err); + process.exit(1); +}); \ No newline at end of file diff --git a/services/agentauth-mcp/package.json b/services/agentauth-mcp/package.json new file mode 100644 index 0000000..85baa24 --- /dev/null +++ b/services/agentauth-mcp/package.json @@ -0,0 +1,22 @@ +{ + "name": "agentauth-mcp", + "module": "index.ts", + "type": "module", + "private": true, + "scripts": { + "start": "bun run index.ts" + }, + "devDependencies": { + "@types/bun": "latest" + }, + "peerDependencies": { + "typescript": "^5" + }, + "dependencies": { + "@modelcontextprotocol/sdk": "^1.27.1", + "@noble/ed25519": "^3.0.0", + "@noble/hashes": "^2.0.1", + "uuidv7": "^1.1.0", + "zod": "^4.3.6" + } +} diff --git a/services/agentauth-mcp/src/agentauth.ts b/services/agentauth-mcp/src/agentauth.ts new file mode 100644 index 0000000..5465982 --- /dev/null +++ b/services/agentauth-mcp/src/agentauth.ts @@ -0,0 +1,239 @@ +import { makeDpopProof, jwkThumbprint } from "./dpop.js"; +import type { SignedManifest, Capability } from "./manifest.js"; +import type { AgentState } from "./state.js"; +import { saveState } from "./state.js"; + +const REGISTRY = process.env.REGISTRY_URL ?? "http://localhost:8080"; + +// eslint-disable-next-line @typescript-eslint/no-explicit-any +type AnyJson = Record; + +interface TokenCache { + jti: string; + expiresAt: Date; +} + +let tokenCache: TokenCache | null = null; + +/** Register the agent with the registry. Idempotent: 201 and 409 are both fine. */ +export async function register(signedManifest: SignedManifest): Promise { + const res = await fetch(`${REGISTRY}/v1/agents/register`, { + method: "POST", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify(signedManifest), + }); + if (!res.ok && res.status !== 409) { + const body = await res.text(); + throw new Error(`Registration failed (${res.status}): ${body}`); + } +} + +/** + * Request a grant from the registry. Returns the grant_id once approved. + * If the grant is pending, blocks and prints the approval URL, polling every 2s. + * Idempotent — registry returns the existing pending grant if one exists. + */ +export async function requestOrLoadGrant( + state: AgentState, + privKey: Uint8Array, + pubKey: Uint8Array, + capabilities: Capability[], +): Promise { + // If we already have an approved grant, skip straight to token issuance. + if (state.grant_status === "approved" && state.grant_id) { + return state.grant_id; + } + + const res = await fetch(`${REGISTRY}/v1/grants/request`, { + method: "POST", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify({ + agent_id: state.agent_id, + service_provider_id: state.service_provider_id, + requested_capabilities: capabilities, + requested_envelope: { + max_requests_per_minute: 30, + max_burst: 10, + requires_human_online: false, + max_session_duration_secs: 900, + }, + }), + }); + + if (!res.ok) { + const body = await res.text(); + throw new Error(`Grant request failed (${res.status}): ${body}`); + } + + const grant = await res.json() as AnyJson; + const grantId: string = grant["id"] ?? grant["grant_id"]; + + // Save the pending grant_id immediately so restarts can resume polling. + state.grant_id = grantId; + state.grant_status = "pending"; + await saveState(state); + + if (grant["status"] === "approved") { + state.grant_status = "approved"; + await saveState(state); + return grantId; + } + + // Pending — print approval URL and poll. + console.error(`[agentauth-mcp] Approve this agent at:`); + console.error(`[agentauth-mcp] http://localhost:3001/approve/${grantId}`); + console.error(`[agentauth-mcp] Waiting for approval…`); + + while (true) { + await Bun.sleep(2000); + const pollRes = await fetch(`${REGISTRY}/v1/grants/${grantId}`); + if (!pollRes.ok) continue; + const updated = await pollRes.json() as AnyJson; + if (updated["status"] === "approved") { + state.grant_status = "approved"; + await saveState(state); + console.error(`[agentauth-mcp] Grant approved!`); + return grantId; + } + if (updated["status"] === "denied") throw new Error("Grant was denied by the human principal."); + if (updated["status"] === "expired") throw new Error("Grant request expired before approval."); + } +} + +/** + * Get a valid access token, using the cache when possible. + * Refreshes when within 2 minutes of expiry. + */ +export async function getToken( + grantId: string, + privKey: Uint8Array, + pubKey: Uint8Array, +): Promise { + const TWO_MINUTES = 2 * 60 * 1000; + if (tokenCache && tokenCache.expiresAt.getTime() - Date.now() > TWO_MINUTES) { + return tokenCache.jti; + } + + const issueUrl = `${REGISTRY}/v1/tokens/issue`; + const dpop = await makeDpopProof(privKey, pubKey, "POST", issueUrl); + + const res = await fetch(issueUrl, { + method: "POST", + headers: { + "Content-Type": "application/json", + "AgentDPoP": dpop, + }, + body: JSON.stringify({ + grant_id: grantId, + dpop_thumbprint: jwkThumbprint(pubKey), + }), + }); + + if (!res.ok) { + const body = await res.text(); + throw new Error(`Token issuance failed (${res.status}): ${body}`); + } + + const data = await res.json() as AnyJson; + const jti: string = data["jti"] ?? data["access_token"]; + const expiresAt = new Date(data["expires_at"]); + + tokenCache = { jti, expiresAt }; + return jti; +} + +/** + * Make an authenticated HTTP request to a service. + * Attaches Authorization: AgentBearer and AgentDPoP headers. + */ +export async function authenticatedFetch( + method: string, + url: string, + body: unknown, + grantId: string, + privKey: Uint8Array, + pubKey: Uint8Array, +): Promise { + const token = await getToken(grantId, privKey, pubKey); + const dpop = await makeDpopProof(privKey, pubKey, method, url, token); + + return fetch(url, { + method, + headers: { + "Authorization": `AgentBearer ${token}`, + "AgentDPoP": dpop, + ...(body !== undefined ? { "Content-Type": "application/json" } : {}), + }, + body: body !== undefined ? JSON.stringify(body) : undefined, + }); +} + +/** Fetch human principal ID and service provider ID from the discovery document. */ +export async function fetchDiscoveryIds(): Promise<{ + humanPrincipalId: string; + serviceProviderId: string; +}> { + const res = await fetch(`${REGISTRY}/.well-known/agentauth`); + if (!res.ok) throw new Error(`Discovery fetch failed (${res.status})`); + const doc = await res.json() as AnyJson; + + // The registry seeds demo data — extract demo IDs from the discovery doc + // or fall back to the well-known demo seed values. + const humanPrincipalId: string = + doc["demo"]?.human_principal_id ?? await fetchDemoHumanPrincipalId(); + const serviceProviderId: string = + doc["demo"]?.service_provider_id ?? await fetchDemoServiceProviderId(); + + return { humanPrincipalId, serviceProviderId }; +} + +async function fetchDemoHumanPrincipalId(): Promise { + // GET /v1/agents returns the seeded agents; we need a different path. + // Fall back to the known deterministic demo ID derived from demo.rs constants. + // This is safe — these IDs are public demo seed values, not secrets. + const res = await fetch(`${REGISTRY}/v1/demo/ids`).catch(() => null); + if (res?.ok) { + const data = await res.json() as AnyJson; + return data["human_principal_id"]; + } + // Hard fallback: use the deterministic UUID from demo.rs seed data. + // Computed from UUID::new_v5(DEMO_NAMESPACE, b"human-principal"). + return await resolveDemoId("human-principal"); +} + +async function fetchDemoServiceProviderId(): Promise { + const res = await fetch(`${REGISTRY}/v1/demo/ids`).catch(() => null); + if (res?.ok) { + const data = await res.json() as AnyJson; + return data["service_provider_id"]; + } + return await resolveDemoId("service-provider"); +} + +/** + * Compute the deterministic UUID v5 that demo.rs generates. + * DEMO_NAMESPACE = AA67AE01-1234-5678-9ABC-DEF001234567 + * UUID v5 = SHA-1(namespace_bytes + name_bytes), formatted per RFC 4122. + */ +async function resolveDemoId(name: "human-principal" | "service-provider"): Promise { + // DEMO_NAMESPACE from crates/registry/src/demo.rs + const ns = new Uint8Array([ + 0xaa, 0x67, 0xae, 0x01, 0x12, 0x34, 0x56, 0x78, + 0x9a, 0xbc, 0xde, 0xf0, 0x01, 0x23, 0x45, 0x67, + ]); + const nameBytes = new TextEncoder().encode(name); + const input = new Uint8Array(ns.length + nameBytes.length); + input.set(ns); + input.set(nameBytes, ns.length); + + const hashBuffer = await crypto.subtle.digest("SHA-1", input); + const hash = new Uint8Array(hashBuffer); + + // Set version 5 (0101) in bits [76:79] of byte 6 + hash[6] = ((hash[6]!) & 0x0f) | 0x50; + // Set variant bits (10xx) in byte 8 + hash[8] = ((hash[8]!) & 0x3f) | 0x80; + + const h = Buffer.from(hash.slice(0, 16)).toString("hex"); + return `${h.slice(0, 8)}-${h.slice(8, 12)}-${h.slice(12, 16)}-${h.slice(16, 20)}-${h.slice(20, 32)}`; +} diff --git a/services/agentauth-mcp/src/dpop.ts b/services/agentauth-mcp/src/dpop.ts new file mode 100644 index 0000000..75bfb1e --- /dev/null +++ b/services/agentauth-mcp/src/dpop.ts @@ -0,0 +1,61 @@ +import * as ed from "@noble/ed25519"; +import { sha256 } from "@noble/hashes/sha2.js"; +import { uuidv7 } from "uuidv7"; + +function b64url(bytes: Uint8Array): string { + return Buffer.from(bytes).toString("base64url"); +} + +function b64urlStr(str: string): string { + return b64url(new TextEncoder().encode(str)); +} + +/** JWK thumbprint for a given Ed25519 public key (RFC 7638). */ +export function jwkThumbprint(pubKey: Uint8Array): string { + // Keys sorted alphabetically per RFC 7638 + const canonical = JSON.stringify({ crv: "Ed25519", kty: "OKP", x: b64url(pubKey) }); + return b64url(sha256(new TextEncoder().encode(canonical))); +} + +/** + * Generate a DPoP proof JWT for a request. + * + * @param privKey - 32-byte Ed25519 private key seed + * @param pubKey - 32-byte Ed25519 public key + * @param method - HTTP method (GET, POST, DELETE, …) + * @param url - Full request URL (query string stripped) + * @param token - Access token string, if binding an existing token (adds `ath`) + */ +export async function makeDpopProof( + privKey: Uint8Array, + pubKey: Uint8Array, + method: string, + url: string, + token?: string, +): Promise { + const jwk = { kty: "OKP", crv: "Ed25519", x: b64url(pubKey) }; + + const header = { alg: "EdDSA", typ: "dpop+jwt", jwk }; + const headerB64 = b64urlStr(JSON.stringify(header)); + + // Strip query string from URL + const htu = url.split("?")[0]; + + const payload: Record = { + jti: uuidv7(), + htm: method.toUpperCase(), + htu, + iat: Math.floor(Date.now() / 1000), + }; + + if (token) { + // ath = base64url(SHA-256(ASCII(token))) + payload.ath = b64url(sha256(new TextEncoder().encode(token))); + } + + const payloadB64 = b64urlStr(JSON.stringify(payload)); + const signingInput = new TextEncoder().encode(`${headerB64}.${payloadB64}`); + const signature = await ed.signAsync(signingInput, privKey); + + return `${headerB64}.${payloadB64}.${b64url(signature)}`; +} diff --git a/services/agentauth-mcp/src/manifest.ts b/services/agentauth-mcp/src/manifest.ts new file mode 100644 index 0000000..7480272 --- /dev/null +++ b/services/agentauth-mcp/src/manifest.ts @@ -0,0 +1,88 @@ +import * as ed from "@noble/ed25519"; +import type { AgentState } from "./state.js"; + +export interface Capability { + type: "read" | "write" | "delete" | "transact" | "custom"; + resource: string; + max_value?: number; + currency?: string; + filter?: string; +} + +export interface SignedManifest { + manifest: Record; + signature: string; + signing_key_id: string; +} + +const KEY_ID = "mcp-key-001"; + +/** Format a Date as RFC 3339 with second precision (no milliseconds). + * Matches Rust's chrono serde output (SecondsFormat::AutoSi with use_z=true). */ +function toRfc3339Secs(d: Date): string { + // Truncate to whole seconds, then strip the ".000Z" that toISOString always adds. + const secs = new Date(Math.floor(d.getTime() / 1000) * 1000); + return secs.toISOString().replace(".000Z", "Z"); +} + +/** Sort all object keys alphabetically, recursively. + * serde_json::to_value() uses BTreeMap internally so canonical bytes have sorted keys. */ +function sortKeysDeep(val: unknown): unknown { + if (Array.isArray(val)) return val.map(sortKeysDeep); + if (val !== null && typeof val === "object") { + const obj = val as Record; + return Object.fromEntries( + Object.keys(obj) + .sort() + .map((k) => [k, sortKeysDeep(obj[k])]), + ); + } + return val; +} + +const CAPABILITIES: Capability[] = [ + { type: "read", resource: "calendar" }, + { type: "write", resource: "files" }, + { type: "delete", resource: "files" }, + { type: "transact", resource: "payments", max_value: 10000, currency: "USD" }, +]; + +export async function buildSignedManifest( + state: AgentState, + privKey: Uint8Array, +): Promise { + const pubKey = await ed.getPublicKeyAsync(privKey); + const pubKeyB64 = Buffer.from(pubKey).toString("base64url"); + + const now = new Date(); + const expiresAt = new Date(now.getTime() + 90 * 86400 * 1000); // 90 days + + const manifest = { + id: state.agent_id, + public_key: pubKeyB64, + key_id: KEY_ID, + capabilities_requested: CAPABILITIES, + human_principal_id: state.human_principal_id, + issued_at: toRfc3339Secs(now), + expires_at: toRfc3339Secs(expiresAt), + name: "AgentAuth MCP", + description: "Claude Desktop MCP server authenticated via AgentAuth", + model_origin: "anthropic.com", + }; + + // Sign the alphabetically-sorted JSON to match Rust's serde_json canonical bytes. + const manifestBytes = new TextEncoder().encode(JSON.stringify(sortKeysDeep(manifest))); + const signature = await ed.signAsync(manifestBytes, privKey); + + return { + manifest, + signature: Buffer.from(signature).toString("base64url"), + signing_key_id: KEY_ID, + }; +} + +export async function getPublicKey(privKey: Uint8Array): Promise { + return ed.getPublicKeyAsync(privKey); +} + +export { CAPABILITIES }; diff --git a/services/agentauth-mcp/src/state.ts b/services/agentauth-mcp/src/state.ts new file mode 100644 index 0000000..12fea4c --- /dev/null +++ b/services/agentauth-mcp/src/state.ts @@ -0,0 +1,56 @@ +import { join } from "node:path"; +import { mkdir } from "node:fs/promises"; +import { uuidv7 } from "uuidv7"; + +export interface AgentState { + agent_id: string; + private_key_b64: string; + human_principal_id: string; + service_provider_id: string; + grant_id: string | null; + grant_status: "new" | "pending" | "approved"; +} + +const STATE_DIR = join( + process.env.HOME ?? "~", + ".config", + "agentauth-mcp", +); +const STATE_FILE = join(STATE_DIR, "state.json"); + +export async function loadState(): Promise { + try { + const file = Bun.file(STATE_FILE); + if (!(await file.exists())) return null; + return (await file.json()) as AgentState; + } catch { + return null; + } +} + +export async function saveState(state: AgentState): Promise { + await mkdir(STATE_DIR, { recursive: true }); + await Bun.write(STATE_FILE, JSON.stringify(state, null, 2)); +} + +export async function initState( + humanPrincipalId: string, + serviceProviderId: string, +): Promise { + // Generate a fresh 32-byte Ed25519 private key seed. + const privKey = crypto.getRandomValues(new Uint8Array(32)); + const state: AgentState = { + agent_id: uuidv7(), + private_key_b64: Buffer.from(privKey).toString("base64url"), + human_principal_id: humanPrincipalId, + service_provider_id: serviceProviderId, + grant_id: null, + grant_status: "new", + }; + await saveState(state); + return state; +} + +export function decodePrivKey(state: AgentState): Uint8Array { + return Buffer.from(state.private_key_b64, "base64url"); +} diff --git a/services/agentauth-mcp/src/tools.ts b/services/agentauth-mcp/src/tools.ts new file mode 100644 index 0000000..543fba7 --- /dev/null +++ b/services/agentauth-mcp/src/tools.ts @@ -0,0 +1,131 @@ +import { z } from "zod/v4"; +import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js"; +import { authenticatedFetch } from "./agentauth.js"; + +const SERVICE_URL = process.env.SERVICE_URL ?? "http://localhost:9090"; + +interface AuthContext { + grantId: string; + privKey: Uint8Array; + pubKey: Uint8Array; +} + +async function callService( + ctx: AuthContext, + method: string, + path: string, + body?: unknown, +): Promise<{ status: number; data: unknown }> { + const url = `${SERVICE_URL}${path}`; + const res = await authenticatedFetch(method, url, body, ctx.grantId, ctx.privKey, ctx.pubKey); + const data = await res.json().catch(() => ({ message: res.statusText })); + return { status: res.status, data }; +} + +export function registerTools(server: McpServer, ctx: AuthContext): void { + server.registerTool( + "read_calendar", + { + title: "Read Calendar", + description: "Read calendar events from the service. Requires the read/calendar capability.", + }, + async () => { + const { status, data } = await callService(ctx, "GET", "/calendar"); + if (status === 200) { + return { + content: [{ type: "text", text: JSON.stringify(data, null, 2) }], + }; + } + return { + content: [{ type: "text", text: `Error ${status}: ${JSON.stringify(data)}` }], + isError: true, + }; + }, + ); + + server.registerTool( + "write_file", + { + title: "Write File", + description: "Write content to a file. Requires the write/files capability.", + inputSchema: { + filename: z.string().describe("Name of the file to write"), + content: z.string().describe("Content to write to the file"), + }, + }, + async ({ filename, content }) => { + const { status, data } = await callService(ctx, "POST", "/files", { filename, content }); + if (status === 200) { + return { + content: [{ type: "text", text: JSON.stringify(data, null, 2) }], + }; + } + return { + content: [{ type: "text", text: `Error ${status}: ${JSON.stringify(data)}` }], + isError: true, + }; + }, + ); + + server.registerTool( + "delete_file", + { + title: "Delete File", + description: "Delete a file by path. Requires the delete/files capability.", + inputSchema: { + path: z.string().describe("Path of the file to delete"), + }, + }, + async ({ path }) => { + const { status, data } = await callService(ctx, "DELETE", `/files/${encodeURIComponent(path)}`); + if (status === 200) { + return { + content: [{ type: "text", text: JSON.stringify(data, null, 2) }], + }; + } + return { + content: [{ type: "text", text: `Error ${status}: ${JSON.stringify(data)}` }], + isError: true, + }; + }, + ); + + server.registerTool( + "make_payment", + { + title: "Make Payment", + description: + "Initiate a payment transaction. Requires the transact/payments capability. " + + "This will be denied unless the grant explicitly includes the transact capability.", + inputSchema: { + amount: z.number().positive().describe("Payment amount"), + recipient: z.string().describe("Payment recipient"), + currency: z.string().default("USD").describe("Currency code (default: USD)"), + }, + }, + async ({ amount, recipient, currency }) => { + const { status, data } = await callService(ctx, "POST", "/payments", { + amount, + recipient, + currency, + }); + if (status === 200) { + return { + content: [{ type: "text", text: JSON.stringify(data, null, 2) }], + }; + } + return { + content: [ + { + type: "text", + text: + status === 403 + ? `Payment denied (403): This agent was not granted the transact/payments capability.\n${JSON.stringify(data)}` + : `Error ${status}: ${JSON.stringify(data)}`, + }, + ], + isError: true, + }; + }, + ); +} diff --git a/services/agentauth-mcp/tsconfig.json b/services/agentauth-mcp/tsconfig.json new file mode 100644 index 0000000..bfa0fea --- /dev/null +++ b/services/agentauth-mcp/tsconfig.json @@ -0,0 +1,29 @@ +{ + "compilerOptions": { + // Environment setup & latest features + "lib": ["ESNext"], + "target": "ESNext", + "module": "Preserve", + "moduleDetection": "force", + "jsx": "react-jsx", + "allowJs": true, + + // Bundler mode + "moduleResolution": "bundler", + "allowImportingTsExtensions": true, + "verbatimModuleSyntax": true, + "noEmit": true, + + // Best practices + "strict": true, + "skipLibCheck": true, + "noFallthroughCasesInSwitch": true, + "noUncheckedIndexedAccess": true, + "noImplicitOverride": true, + + // Some stricter flags (disabled by default) + "noUnusedLocals": false, + "noUnusedParameters": false, + "noPropertyAccessFromIndexSignature": false + } +} diff --git a/services/approval-ui/src/App.tsx b/services/approval-ui/src/App.tsx index 76f6dea..f9eaf2e 100644 --- a/services/approval-ui/src/App.tsx +++ b/services/approval-ui/src/App.tsx @@ -14,122 +14,362 @@ const routes = [ { pattern: "/dashboard", component: DashboardPage }, ]; +function LogoMark({ size = 20 }: { size?: number }) { + return ( + + + + + ); +} + +function SectionTag({ children }: { children: React.ReactNode }) { + return ( +
+
+ {children} +
+ ); +} + +function CodeBlock({ children }: { children: React.ReactNode }) { + return ( +
+ {children} +
+ ); +} + +function C({ children }: { children: React.ReactNode }) { + return {children}; +} + +function Prompt({ children }: { children: React.ReactNode }) { + return ( +
+ $ + {children} +
+ ); +} + function HomePage() { return ( -
-
- {/* Logo mark */} -
-
- + + {/* ── Hero ─────────────────────────────────────────────── */} +
+
+ {/* Logo */} +
+
+ +
+ + AGENTAUTH + +
+ +

+ Human-in-the-loop authorization for AI agents. +

+

+ Every tool call your agent makes is cryptographically signed, human-approved, and verified in real time — with a full audit trail. +

+ + {/* Primary actions */} +
+ + + + + + + + VIEW AGENTS + + - - - + + + + + DASHBOARD +
- - AGENTAUTH -
+
+ + {/* ── How it works ─────────────────────────────────────── */} +
+
+ HOW IT WORKS +
+ {[ + { + n: "01", + title: "REGISTER", + body: "An agent generates an Ed25519 keypair and registers with the AgentAuth registry, declaring the capabilities it wants.", + }, + { + n: "02", + title: "APPROVE", + body: "A human reviews the capability request here and explicitly approves it. Nothing runs without this step.", + }, + { + n: "03", + title: "AUTHENTICATE", + body: "The agent issues short-lived tokens (15 min) bound to its private key via DPoP — stolen tokens can't be replayed.", + }, + { + n: "04", + title: "VERIFY", + body: "Your service verifies the token and capability in real time. Every outcome is appended to an immutable audit log.", + }, + ].map(({ n, title, body }) => ( +
+
{n}
+
{title}
+

{body}

+
+ ))} +
+ + {/* Flow diagram */} +
+
+ {[ + { label: "Claude Desktop", color: "text-text-secondary" }, + { arrow: true }, + { label: "agentauth-mcp", color: "text-amber" }, + { arrow: true }, + { label: "AgentAuth Registry :8080", color: "text-text-secondary" }, + ].map((item, i) => + "arrow" in item ? ( + ──▶ + ) : ( + {item.label} + ) + )} +
+
+ Authorization: AgentBearer <token> · AgentDPoP: <proof> +
+
+ {[ + { label: "Your Service", color: "text-text-secondary" }, + { arrow: true }, + { label: "Verifier :8081", color: "text-text-secondary" }, + { arrow: true }, + { label: "allow / deny", color: "text-green" }, + ].map((item, i) => + "arrow" in item ? ( + ──▶ + ) : ( + {item.label} + ) + )} +
+
+
+
-

- PERMISSION CONTROL INTERFACE -

-
+ {/* ── Quick start ──────────────────────────────────────── */} +
+
+ QUICK START +
+ +
+
1 — Start the stack
+ + git clone https://github.com/maxmalkin/AgentAuth + cd AgentAuth && ./dev.sh +
+ # registry http://localhost:8080
+ # verifier http://localhost:8081
+ # approval UI http://localhost:3001
+ # mock service http://localhost:9090 +
+ +
+ +
+
2 — Run the MCP agent
+ + cd services/agentauth-mcp + bun run index.ts +
+ [agentauth-mcp] Registered with registry
+ [agentauth-mcp] Approve this agent at:
+ [agentauth-mcp] http://localhost:3001/approve/…
+ [agentauth-mcp] Waiting for approval… +
+ +
+ +
+
3 — Approve the grant
+

+ Open the approval URL printed above. Review the capabilities the agent is requesting, then click APPROVE GRANT. The agent will start immediately. +

+ + + + + + + + GO TO AGENTS + +
+ +
+
4 — Connect Claude Desktop
+

+ Add to claude_desktop_config.json and restart Claude: +

+ + {"{"}
+   "mcpServers": {"{"}
+     "agentauth": {"{"}
+       "command": "bun",
+       "args": ["/path/to/agentauth-mcp/index.ts"],
+       "env": {"{"} "REGISTRY_URL": "http://localhost:8080" {"}"}
+     {"}"}
+   {"}"}
+ {"}"} + +
+
+
+
-
- +
+ WHAT'S ENFORCED +
+ {[ + { + title: "Capability grants", + body: "Agents can only call what a human approved. read, write, delete, transact — each resource scoped separately.", + }, + { + title: "DPoP sender-constraint", + body: "Tokens are cryptographically bound to the agent's private key. A stolen token is useless without the matching key.", + }, + { + title: "Short-lived tokens", + body: "Tokens expire after 15 minutes. Refresh requires the original approved grant to still be valid.", + }, + { + title: "Nonce replay prevention", + body: "Every DPoP proof carries a unique nonce checked against Redis. Replaying an old proof is rejected immediately.", + }, + { + title: "Behavioral envelope", + body: "Per-grant rate limits, burst caps, time-of-day windows, and session duration are all enforced at the verifier.", + }, + { + title: "Immutable audit log", + body: "Every token issue, verify, deny, and revoke is written to an append-only log with SHA-256 hash chain integrity.", + }, + ].map(({ title, body }) => ( +
+
+
+ {title} +
+

{body}

+
+ ))} +
+
+
+ + {/* ── Demo tools ───────────────────────────────────────── */} +
+
+ DEMO TOOLS +

+ The included MCP server exposes four tools. Ask Claude to use them after connecting. +

+
+ {[ + { tool: "read_calendar", cap: "read / calendar", desc: "Read calendar events from the mock service.", allowed: true }, + { tool: "write_file", cap: "write / files", desc: "Write content to a file on the mock service.", allowed: true }, + { tool: "delete_file", cap: "delete / files", desc: "Delete a file by path on the mock service.", allowed: true }, + { tool: "make_payment", cap: "transact / payments", desc: "Initiate a payment — denied unless the grant includes transact.", allowed: false }, + ].map(({ tool, cap, desc, allowed }) => ( +
+
+
+
+ {tool} + {cap} + {!allowed && ( + DENIED BY DEFAULT + )} +
+

{desc}

+
+
+ ))} +
+
+
+ + {/* ── Footer ───────────────────────────────────────────── */} +
+
+
+ +
+ AGENTAUTH +
+
+ - - - - - - - VIEW AGENTS + GITHUB + + + AGENTS - - - - - + DASHBOARD
- {/* Grid decoration */} + {/* Background decoration */}
-
-
-
+
+
); diff --git a/services/approval-ui/tsconfig.json b/services/approval-ui/tsconfig.json index eee7ab0..723531e 100644 --- a/services/approval-ui/tsconfig.json +++ b/services/approval-ui/tsconfig.json @@ -25,5 +25,6 @@ "noUnusedLocals": false, "noUnusedParameters": false, "noPropertyAccessFromIndexSignature": false - } + }, + "exclude": ["tests", "node_modules"] }