@astrasyncai/verification-gateway 1.0.0

package/dist/sdk-xCbZgeZx.d.mts

@@ -0,0 +1,190 @@
+import { a as AccessLevel, i as TrustLevel, S as SDKOptions, b as VerificationResult } from './types-CS6v75-d.mjs';
+
+/**
+ * AstraSync Universal Verification Gateway - Access Level Definitions
+ *
+ * Defines the hierarchy and capabilities of each access level.
+ */
+
+/**
+ * Access level hierarchy (higher number = more access)
+ */
+declare const ACCESS_LEVEL_HIERARCHY: Record<AccessLevel, number>;
+/**
+ * Access level descriptions for UI
+ */
+declare const ACCESS_LEVEL_DESCRIPTIONS: Record<AccessLevel, string>;
+/**
+ * Default trust score thresholds for access levels
+ */
+declare const DEFAULT_TRUST_THRESHOLDS: Record<AccessLevel, number>;
+/**
+ * Trust level score ranges
+ */
+declare const TRUST_LEVEL_RANGES: Record<TrustLevel, {
+    min: number;
+    max: number;
+}>;
+/**
+ * Determine trust level from score
+ */
+declare function getTrustLevel(score: number): TrustLevel;
+/**
+ * Check if access level A is greater than or equal to access level B
+ */
+declare function hasMinimumAccess(actual: AccessLevel, required: AccessLevel): boolean;
+/**
+ * Get the highest access level for a given trust score
+ */
+declare function getAccessLevelForScore(trustScore: number, thresholds?: Record<AccessLevel, number>): AccessLevel;
+/**
+ * Determine access level from verification result
+ */
+declare function determineAccessLevel(verified: boolean, trustScore: number, isOrgMember: boolean, customThresholds?: Partial<Record<AccessLevel, number>>): AccessLevel;
+/**
+ * Access capabilities per level
+ */
+interface AccessCapabilities {
+    canRead: boolean;
+    canWrite: boolean;
+    canDelete: boolean;
+    canAdmin: boolean;
+    canAccessInternal: boolean;
+    maxTransactionValue?: number;
+    allowedPurposes?: string[];
+}
+/**
+ * Get capabilities for an access level
+ */
+declare function getCapabilities(accessLevel: AccessLevel): AccessCapabilities;
+
+/**
+ * AstraSync Universal Verification Gateway - SDK Adapter
+ *
+ * Direct SDK for verifying agents in any JavaScript/TypeScript environment.
+ * Useful for agent-to-agent verification, serverless functions, or custom integrations.
+ *
+ * @example
+ * ```typescript
+ * import { createClient } from '@astrasyncai/verification-gateway/sdk';
+ *
+ * const gateway = createClient({
+ *   apiBaseUrl: 'https://api.astrasync.ai',
+ * });
+ *
+ * // Verify another agent before interacting
+ * const result = await gateway.verify({
+ *   astraId: 'ASTRA-abc123',
+ *   purpose: 'data-exchange',
+ * });
+ *
+ * if (result.verified && result.accessLevel !== 'none') {
+ *   // Safe to interact with this agent
+ * }
+ * ```
+ */
+
+/**
+ * Verification Gateway SDK Client
+ */
+declare class VerificationGatewayClient {
+    private config;
+    private timeout;
+    private retryConfig;
+    constructor(options: SDKOptions);
+    /**
+     * Full verification with all details
+     */
+    verify(options: {
+        astraId?: string;
+        apiKey?: string;
+        jwt?: string;
+        purpose?: string;
+        action?: string;
+        resourceType?: string;
+        resource?: string;
+        jurisdiction?: string;
+        transactionValue?: number;
+        currency?: string;
+        isSubAgentRequest?: boolean;
+        parentAgentId?: string;
+        subAgentDepth?: number;
+    }): Promise<VerificationResult>;
+    /**
+     * Quick verification - just check if credentials are valid
+     */
+    quickVerify(credentials: {
+        astraId?: string;
+        apiKey?: string;
+        jwt?: string;
+    }): Promise<{
+        verified: boolean;
+        accessLevel: AccessLevel;
+        reason?: string;
+    }>;
+    /**
+     * Check if an agent has a specific access level
+     */
+    hasAccess(credentials: {
+        astraId?: string;
+        apiKey?: string;
+        jwt?: string;
+    }, requiredLevel: AccessLevel): Promise<boolean>;
+    /**
+     * Get capabilities for a verified agent
+     */
+    getCapabilities(credentials: {
+        astraId?: string;
+        apiKey?: string;
+        jwt?: string;
+    }): Promise<AccessCapabilities>;
+    /**
+     * Verify a specific ASTRA-ID
+     */
+    verifyAstraId(astraId: string, options?: {
+        purpose?: string;
+        action?: string;
+    }): Promise<VerificationResult>;
+    /**
+     * Verify using an API key
+     */
+    verifyApiKey(apiKey: string, options?: {
+        purpose?: string;
+        action?: string;
+    }): Promise<VerificationResult>;
+    /**
+     * Clear the verification cache
+     */
+    clearCache(): void;
+    /**
+     * Execute a function with retry logic
+     */
+    private executeWithRetry;
+}
+/**
+ * Create a new SDK client
+ */
+declare function createClient(options: SDKOptions): VerificationGatewayClient;
+/**
+ * One-shot verification without creating a client
+ */
+declare function verifyOnce(options: SDKOptions & {
+    astraId?: string;
+    apiKey?: string;
+    jwt?: string;
+    purpose?: string;
+    action?: string;
+}): Promise<VerificationResult>;
+
+type sdk_VerificationGatewayClient = VerificationGatewayClient;
+declare const sdk_VerificationGatewayClient: typeof VerificationGatewayClient;
+declare const sdk_createClient: typeof createClient;
+declare const sdk_getCapabilities: typeof getCapabilities;
+declare const sdk_getTrustLevel: typeof getTrustLevel;
+declare const sdk_hasMinimumAccess: typeof hasMinimumAccess;
+declare const sdk_verifyOnce: typeof verifyOnce;
+declare namespace sdk {
+  export { sdk_VerificationGatewayClient as VerificationGatewayClient, sdk_createClient as createClient, sdk_getCapabilities as getCapabilities, sdk_getTrustLevel as getTrustLevel, sdk_hasMinimumAccess as hasMinimumAccess, sdk_verifyOnce as verifyOnce };
+}
+
+export { ACCESS_LEVEL_DESCRIPTIONS as A, DEFAULT_TRUST_THRESHOLDS as D, TRUST_LEVEL_RANGES as T, VerificationGatewayClient as V, ACCESS_LEVEL_HIERARCHY as a, type AccessCapabilities as b, getCapabilities as c, determineAccessLevel as d, getTrustLevel as e, createClient as f, getAccessLevelForScore as g, hasMinimumAccess as h, sdk as s, verifyOnce as v };

package/dist/types-CS6v75-d.d.mts

@@ -0,0 +1,359 @@
+/**
+ * AstraSync Universal Verification Gateway Types
+ *
+ * TypeScript type definitions for agent verification across all counterparty types.
+ */
+/**
+ * Trust levels assigned to agents based on their composite trust score
+ */
+type TrustLevel = 'BRONZE' | 'SILVER' | 'GOLD' | 'PLATINUM';
+/**
+ * Access levels granted based on verification result
+ * - none: No credentials provided, show guidance
+ * - guidance: Commerce Shield overlay with registration info
+ * - read-only: Can browse, no mutations
+ * - standard: Normal access per PDLSS
+ * - full: Full access for high-trust agents
+ * - internal: Internal org access (same organization)
+ */
+type AccessLevel = 'none' | 'guidance' | 'read-only' | 'standard' | 'full' | 'internal';
+/**
+ * Types of counterparties that can integrate the gateway
+ */
+type CounterpartyType = 'agent' | 'api' | 'mcp_server' | 'website' | 'other';
+/**
+ * Agent credentials extracted from request
+ */
+interface AgentCredentials {
+    /** ASTRA-xxx identifier */
+    astraId?: string;
+    /** API key for authentication */
+    apiKey?: string;
+    /** JWT token */
+    jwt?: string;
+    /** Raw authorization header */
+    authorizationHeader?: string;
+}
+/**
+ * Configuration options for the verification gateway
+ */
+interface GatewayConfig {
+    /** AstraSync API base URL */
+    apiBaseUrl: string;
+    /** API key for authenticating with AstraSync (optional for public endpoints) */
+    apiKey?: string;
+    /** Default access level for unverified requests */
+    defaultAccessLevel?: AccessLevel;
+    /** Minimum trust score required for standard access */
+    minTrustScore?: number;
+    /** Minimum trust score required for full access */
+    minTrustScoreForFull?: number;
+    /** Cache verification results (TTL in seconds) */
+    cacheTtl?: number;
+    /** Enable debug logging */
+    debug?: boolean;
+    /** Custom headers to send with verification requests */
+    customHeaders?: Record<string, string>;
+}
+/**
+ * Verified agent information
+ */
+interface VerifiedAgent {
+    /** ASTRA-xxx identifier */
+    astraId: string;
+    /** Agent display name */
+    name: string;
+    /** Composite trust score (0-100) */
+    trustScore: number;
+    /** Trust level tier */
+    trustLevel: TrustLevel;
+    /** Whether agent is blockchain-verified */
+    blockchainVerified: boolean;
+    /** Agent status */
+    status: 'active' | 'inactive' | 'suspended' | 'migrating' | 'terminated' | 'retired';
+}
+/**
+ * Verified developer (KYD) information
+ */
+interface VerifiedDeveloper {
+    /** ASTRAD-xxx identifier */
+    astradId: string;
+    /** Developer name */
+    name?: string;
+    /** Developer trust score */
+    trustScore: number;
+    /** Whether developer identity is verified */
+    verified: boolean;
+}
+/**
+ * Verified organization (KYO) information
+ */
+interface VerifiedOrganization {
+    /** Organization name */
+    name: string;
+    /** Whether organization is verified */
+    verified: boolean;
+    /** Organization trust score */
+    trustScore: number;
+}
+/**
+ * PDLSS policy information returned with verification
+ */
+interface PDLSSInfo {
+    /** Whether purpose was allowed */
+    purposeAllowed: boolean;
+    /** Whether within duration constraints */
+    withinDuration: boolean;
+    /** Whether within limits */
+    withinLimits: boolean;
+    /** Whether scope is allowed */
+    scopeAllowed: boolean;
+    /** Whether self-instantiation is allowed (if applicable) */
+    selfInstantiationAllowed: boolean;
+    /** Allowed purpose categories */
+    allowedPurposes?: string[];
+    /** Transaction limits */
+    limits?: Record<string, number>;
+    /** Allowed scope/resources */
+    scope?: string[];
+    /** Applied policy details */
+    appliedPolicy?: {
+        boundaryId: string;
+        boundaryName: string;
+        policyId: string;
+        policyVersion: string;
+    };
+}
+/**
+ * Guidance information for unverified agents
+ */
+interface GuidanceInfo {
+    /** Human-readable guidance message */
+    message: string;
+    /** URL to register for AstraSync */
+    registrationUrl: string;
+    /** URL to documentation */
+    documentationUrl: string;
+    /** Steps to get verified */
+    steps?: string[];
+}
+/**
+ * Complete verification result
+ */
+interface VerificationResult {
+    /** Whether the agent is verified */
+    verified: boolean;
+    /** Access level granted */
+    accessLevel: AccessLevel;
+    /** Verified agent info (if verified) */
+    agent?: VerifiedAgent;
+    /** Developer info (if available) */
+    developer?: VerifiedDeveloper;
+    /** Organization info (if available) */
+    organization?: VerifiedOrganization;
+    /** PDLSS policy info (if verified) */
+    pdlss?: PDLSSInfo;
+    /** Guidance for unverified agents */
+    guidance?: GuidanceInfo;
+    /** Reasons for denial (if not allowed) */
+    denialReasons?: string[];
+    /** Whether step-up authentication is required */
+    requiresStepUp?: boolean;
+    /** Whether approval is required */
+    requiresApproval?: boolean;
+    /** Timestamp of verification */
+    verifiedAt: Date;
+    /** TTL for this result (seconds) */
+    cacheTtl?: number;
+}
+/**
+ * Request context for verification
+ */
+interface VerificationRequest {
+    /** Agent credentials */
+    credentials: AgentCredentials;
+    /** Purpose of the access request */
+    purpose?: string;
+    /** Specific action being performed */
+    action?: string;
+    /** Type of resource being accessed */
+    resourceType?: string;
+    /** Specific resource identifier */
+    resource?: string;
+    /** Jurisdiction for the request */
+    jurisdiction?: string;
+    /** Transaction value (if applicable) */
+    transactionValue?: number;
+    /** Currency for transaction value */
+    currency?: string;
+    /** Whether this is a sub-agent request */
+    isSubAgentRequest?: boolean;
+    /** Parent agent ID for sub-agent requests */
+    parentAgentId?: string;
+    /** Depth of sub-agent chain */
+    subAgentDepth?: number;
+    /** Client IP address */
+    clientIp?: string;
+    /** User agent string */
+    userAgent?: string;
+    /** Enable runtime challenge for this request */
+    enableRuntimeChallenge?: boolean;
+    /** Create a verification session (returns sessionId) */
+    createSession?: boolean;
+    /** Counterparty type */
+    counterpartyType?: CounterpartyType;
+    /** Runtime challenge options */
+    runtimeChallengeOptions?: {
+        timeoutOverride?: number;
+    };
+}
+/**
+ * Route-specific access configuration
+ */
+interface RouteAccessConfig {
+    /** Route pattern (supports wildcards) */
+    pattern: string;
+    /** HTTP method (or * for all) */
+    method: string | '*';
+    /** Minimum access level required */
+    minAccessLevel: AccessLevel;
+    /** Minimum trust score required (optional) */
+    minTrustScore?: number;
+    /** Required purposes (optional) */
+    requiredPurposes?: string[];
+}
+/**
+ * Express middleware options
+ */
+interface ExpressMiddlewareOptions extends GatewayConfig {
+    /** Route access configurations */
+    routes?: RouteAccessConfig[];
+    /** Function to extract credentials from request */
+    extractCredentials?: (req: unknown) => AgentCredentials;
+    /** Function to extract purpose from request */
+    extractPurpose?: (req: unknown) => string | undefined;
+    /** Skip verification for certain paths */
+    skipPaths?: string[];
+    /** Custom response for denied requests */
+    onDenied?: (result: VerificationResult, req: unknown, res: unknown) => void;
+}
+/**
+ * Next.js middleware options
+ */
+interface NextJsMiddlewareOptions extends GatewayConfig {
+    /** Route access configurations */
+    routes?: RouteAccessConfig[];
+    /** Paths to skip verification */
+    skipPaths?: string[];
+    /** Whether to show Commerce Shield overlay for unverified */
+    showCommerceShield?: boolean;
+    /** Commerce Shield configuration */
+    commerceShield?: {
+        title?: string;
+        message?: string;
+        allowGuestAccess?: boolean;
+        guestAccessLevel?: AccessLevel;
+    };
+}
+/**
+ * SDK function options
+ */
+interface SDKOptions extends GatewayConfig {
+    /** Timeout for verification requests (ms) */
+    timeout?: number;
+    /** Retry configuration */
+    retry?: {
+        maxRetries: number;
+        backoffMs: number;
+    };
+}
+/**
+ * Token guidance returned from verify-access
+ */
+interface TokenGuidance {
+    recommendedScopes: string[];
+    recommendedTtlSeconds: number;
+    recommendedRateLimit?: {
+        requestsPerMinute: number;
+        maxTransactionValue?: number;
+        currency?: string;
+    };
+    jurisdictionConstraints?: string[];
+    delegationAllowed: boolean;
+    maxDelegationDepth?: number;
+    safetyDefaults: {
+        writePrivilegesRequested: boolean;
+        shortLivedTokenRecommended: boolean;
+        scopeConvention: 'astrasync-canonical';
+    };
+}
+/**
+ * Runtime challenge result
+ */
+interface RuntimeChallengeResult {
+    status: 'passed' | 'failed' | 'skipped' | 'timeout' | 'not_supported';
+    challengeId?: string;
+    challengeSentAt?: string;
+    responseReceivedAt?: string;
+    latencyMs?: number;
+    reason?: string;
+}
+/**
+ * Enhanced verification result (extends existing VerificationResult)
+ */
+interface EnhancedVerificationResult extends VerificationResult {
+    sessionId?: string;
+    runtimeChallenge?: RuntimeChallengeResult;
+    tokenGuidance?: TokenGuidance;
+    recommendation?: 'grant' | 'deny' | 'step_up_required';
+    recommendationReasons?: string[];
+}
+/**
+ * Cross-protocol credential config
+ */
+interface AstraSyncCredentials {
+    agentId: string;
+    verifyUrl?: string;
+    challengeUrl?: string;
+    pdlss?: {
+        purpose?: {
+            category: string;
+            action?: string;
+        };
+        duration?: {
+            maxSessionDuration?: number;
+        };
+        scope?: {
+            jurisdiction?: string;
+        };
+    };
+}
+/**
+ * Protocol transport type
+ */
+type ProtocolTransport = 'http' | 'a2a' | 'mcp';
+/**
+ * Commerce Shield UI props
+ */
+interface CommerceShieldProps {
+    /** Whether the shield is visible */
+    visible: boolean;
+    /** Verification result (if any) */
+    result?: VerificationResult;
+    /** Callback when user chooses to register */
+    onRegister?: () => void;
+    /** Callback when user chooses guest access */
+    onGuestAccess?: () => void;
+    /** Callback when user dismisses */
+    onDismiss?: () => void;
+    /** Custom title */
+    title?: string;
+    /** Custom message */
+    message?: string;
+    /** Whether guest access is allowed */
+    allowGuestAccess?: boolean;
+    /** Custom styles */
+    className?: string;
+}
+
+export type { AgentCredentials as A, CommerceShieldProps as C, EnhancedVerificationResult as E, GatewayConfig as G, NextJsMiddlewareOptions as N, ProtocolTransport as P, RouteAccessConfig as R, SDKOptions as S, TokenGuidance as T, VerificationRequest as V, AccessLevel as a, VerificationResult as b, AstraSyncCredentials as c, CounterpartyType as d, ExpressMiddlewareOptions as e, GuidanceInfo as f, PDLSSInfo as g, RuntimeChallengeResult as h, TrustLevel as i, VerifiedAgent as j, VerifiedDeveloper as k, VerifiedOrganization as l };