@astrasyncai/verification-gateway 1.0.0

package/dist/express-BhD3mWsL.d.ts

@@ -0,0 +1,64 @@
+import { RequestHandler, Request } from 'express';
+import { b as VerificationResult, e as ExpressMiddlewareOptions, c as AstraSyncCredentials, a as AccessLevel } from './types-CS6v75-d.js';
+
+/**
+ * AstraSync Universal Verification Gateway - Express Middleware
+ *
+ * Express.js middleware for verifying AI agents on API endpoints.
+ *
+ * @example
+ * ```typescript
+ * import express from 'express';
+ * import { createMiddleware } from '@astrasyncai/verification-gateway/express';
+ *
+ * const app = express();
+ *
+ * app.use(createMiddleware({
+ *   apiBaseUrl: 'https://api.astrasync.ai',
+ *   routes: [
+ *     { pattern: '/api/public/*', method: '*', minAccessLevel: 'none' },
+ *     { pattern: '/api/data/*', method: 'GET', minAccessLevel: 'read-only' },
+ *     { pattern: '/api/data/*', method: '*', minAccessLevel: 'standard' },
+ *     { pattern: '/api/admin/*', method: '*', minAccessLevel: 'internal' },
+ *   ],
+ * }));
+ * ```
+ */
+
+/**
+ * Extend Express Request with verification result
+ */
+declare global {
+    namespace Express {
+        interface Request {
+            agentVerification?: VerificationResult;
+        }
+    }
+}
+/**
+ * Extract extended AstraSync credentials (X-Astra-* headers) from Express request.
+ * Returns null if no AstraSync headers are present.
+ */
+declare function extractAstraSyncCredentials(req: Request): AstraSyncCredentials | null;
+/**
+ * Create Express middleware for agent verification
+ */
+declare function createMiddleware(options: ExpressMiddlewareOptions): RequestHandler;
+/**
+ * Create a middleware that requires a specific access level
+ */
+declare function requireAccess(minAccessLevel: AccessLevel, options: ExpressMiddlewareOptions): RequestHandler;
+/**
+ * Create a middleware that only verifies (doesn't block)
+ */
+declare function verifyOnly(options: Omit<ExpressMiddlewareOptions, 'routes' | 'onDenied'>): RequestHandler;
+
+declare const express_createMiddleware: typeof createMiddleware;
+declare const express_extractAstraSyncCredentials: typeof extractAstraSyncCredentials;
+declare const express_requireAccess: typeof requireAccess;
+declare const express_verifyOnly: typeof verifyOnly;
+declare namespace express {
+  export { express_createMiddleware as createMiddleware, express_extractAstraSyncCredentials as extractAstraSyncCredentials, express_requireAccess as requireAccess, express_verifyOnly as verifyOnly };
+}
+
+export { extractAstraSyncCredentials as a, createMiddleware as c, express as e, requireAccess as r, verifyOnly as v };

package/dist/express-DUDYpvNZ.d.mts

@@ -0,0 +1,64 @@
+import { RequestHandler, Request } from 'express';
+import { b as VerificationResult, e as ExpressMiddlewareOptions, c as AstraSyncCredentials, a as AccessLevel } from './types-CS6v75-d.mjs';
+
+/**
+ * AstraSync Universal Verification Gateway - Express Middleware
+ *
+ * Express.js middleware for verifying AI agents on API endpoints.
+ *
+ * @example
+ * ```typescript
+ * import express from 'express';
+ * import { createMiddleware } from '@astrasyncai/verification-gateway/express';
+ *
+ * const app = express();
+ *
+ * app.use(createMiddleware({
+ *   apiBaseUrl: 'https://api.astrasync.ai',
+ *   routes: [
+ *     { pattern: '/api/public/*', method: '*', minAccessLevel: 'none' },
+ *     { pattern: '/api/data/*', method: 'GET', minAccessLevel: 'read-only' },
+ *     { pattern: '/api/data/*', method: '*', minAccessLevel: 'standard' },
+ *     { pattern: '/api/admin/*', method: '*', minAccessLevel: 'internal' },
+ *   ],
+ * }));
+ * ```
+ */
+
+/**
+ * Extend Express Request with verification result
+ */
+declare global {
+    namespace Express {
+        interface Request {
+            agentVerification?: VerificationResult;
+        }
+    }
+}
+/**
+ * Extract extended AstraSync credentials (X-Astra-* headers) from Express request.
+ * Returns null if no AstraSync headers are present.
+ */
+declare function extractAstraSyncCredentials(req: Request): AstraSyncCredentials | null;
+/**
+ * Create Express middleware for agent verification
+ */
+declare function createMiddleware(options: ExpressMiddlewareOptions): RequestHandler;
+/**
+ * Create a middleware that requires a specific access level
+ */
+declare function requireAccess(minAccessLevel: AccessLevel, options: ExpressMiddlewareOptions): RequestHandler;
+/**
+ * Create a middleware that only verifies (doesn't block)
+ */
+declare function verifyOnly(options: Omit<ExpressMiddlewareOptions, 'routes' | 'onDenied'>): RequestHandler;
+
+declare const express_createMiddleware: typeof createMiddleware;
+declare const express_extractAstraSyncCredentials: typeof extractAstraSyncCredentials;
+declare const express_requireAccess: typeof requireAccess;
+declare const express_verifyOnly: typeof verifyOnly;
+declare namespace express {
+  export { express_createMiddleware as createMiddleware, express_extractAstraSyncCredentials as extractAstraSyncCredentials, express_requireAccess as requireAccess, express_verifyOnly as verifyOnly };
+}
+
+export { extractAstraSyncCredentials as a, createMiddleware as c, express as e, requireAccess as r, verifyOnly as v };

package/dist/index.d.mts

@@ -0,0 +1,353 @@
+import { A as AgentCredentials, G as GatewayConfig, a as AccessLevel, V as VerificationRequest, b as VerificationResult, c as AstraSyncCredentials, P as ProtocolTransport } from './types-CS6v75-d.mjs';
+export { C as CommerceShieldProps, d as CounterpartyType, E as EnhancedVerificationResult, e as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, g as PDLSSInfo, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-CS6v75-d.mjs';
+export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, c as getCapabilities, e as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-xCbZgeZx.mjs';
+export { e as express } from './express-DUDYpvNZ.mjs';
+export { n as nextjs } from './nextjs-BtqyLSVQ.mjs';
+import 'express';
+import 'next/server';
+
+/**
+ * AstraSync Universal Verification Gateway - Core Verification Logic
+ *
+ * This module handles the core verification logic, calling the AstraSync API
+ * and processing the response into a standardized VerificationResult.
+ */
+
+/**
+ * Clear the verification cache
+ */
+declare function clearCache(): void;
+/**
+ * Extract agent credentials from various sources
+ */
+declare function extractCredentials(headers: Record<string, string | string[] | undefined>, query?: Record<string, string | undefined>): AgentCredentials;
+/**
+ * Check if credentials are present
+ */
+declare function hasCredentials(credentials: AgentCredentials): boolean;
+/**
+ * Main verification function
+ */
+declare function verify(config: GatewayConfig, request: VerificationRequest): Promise<VerificationResult>;
+/**
+ * Quick verification - just check if credentials are valid
+ */
+declare function quickVerify(config: GatewayConfig, credentials: AgentCredentials): Promise<{
+    verified: boolean;
+    accessLevel: AccessLevel;
+    reason?: string;
+}>;
+
+/**
+ * HTTP Transport Adapter
+ *
+ * Maps AstraSync credentials to/from HTTP headers (X-Astra-* convention).
+ */
+
+/**
+ * Inject AstraSync credentials into HTTP headers.
+ */
+declare function setHttpHeaders(headers: Record<string, string>, credentials: AstraSyncCredentials): Record<string, string>;
+/**
+ * Extract AstraSync credentials from HTTP headers.
+ */
+declare function extractHttpCredentials(headers: Record<string, string | string[] | undefined>): AstraSyncCredentials | null;
+
+/**
+ * A2A (Agent-to-Agent) Transport Adapter
+ *
+ * Maps AstraSync credentials to/from A2A task metadata.astrasync block.
+ */
+
+interface A2ATask {
+    metadata?: Record<string, unknown>;
+    [key: string]: unknown;
+}
+/**
+ * Add AstraSync credentials to an A2A task's metadata block.
+ */
+declare function setA2AMetadata(task: A2ATask, credentials: AstraSyncCredentials): A2ATask;
+/**
+ * Extract AstraSync credentials from an A2A task's metadata block.
+ */
+declare function extractA2ACredentials(task: A2ATask): AstraSyncCredentials | null;
+
+/**
+ * MCP (Model Context Protocol) Transport Adapter
+ *
+ * Maps AstraSync credentials to/from MCP params._meta.astrasync block.
+ */
+
+interface McpParams {
+    _meta?: Record<string, unknown>;
+    [key: string]: unknown;
+}
+/**
+ * Add AstraSync credentials to MCP params' _meta block.
+ */
+declare function setMcpMeta(params: McpParams, credentials: AstraSyncCredentials): McpParams;
+/**
+ * Extract AstraSync credentials from MCP params' _meta block.
+ */
+declare function extractMcpCredentials(params: McpParams): AstraSyncCredentials | null;
+
+/**
+ * Cross-Protocol Transport Module
+ *
+ * Provides adapters for injecting/extracting AstraSync credentials
+ * across HTTP, A2A, and MCP protocols.
+ */
+
+/**
+ * Auto-detect protocol from request/context shape.
+ */
+declare function detectProtocol(context: Record<string, unknown>): ProtocolTransport;
+/**
+ * Apply credentials to any protocol target.
+ */
+declare function applyCredentials(protocol: ProtocolTransport, target: Record<string, unknown>, credentials: AstraSyncCredentials): Record<string, unknown>;
+/**
+ * Extract credentials from any protocol context.
+ */
+declare function extractCredentialsFromProtocol(protocol: ProtocolTransport, context: Record<string, unknown>): AstraSyncCredentials | null;
+
+declare const index$1_applyCredentials: typeof applyCredentials;
+declare const index$1_detectProtocol: typeof detectProtocol;
+declare const index$1_extractA2ACredentials: typeof extractA2ACredentials;
+declare const index$1_extractCredentialsFromProtocol: typeof extractCredentialsFromProtocol;
+declare const index$1_extractHttpCredentials: typeof extractHttpCredentials;
+declare const index$1_extractMcpCredentials: typeof extractMcpCredentials;
+declare const index$1_setA2AMetadata: typeof setA2AMetadata;
+declare const index$1_setHttpHeaders: typeof setHttpHeaders;
+declare const index$1_setMcpMeta: typeof setMcpMeta;
+declare namespace index$1 {
+  export { index$1_applyCredentials as applyCredentials, index$1_detectProtocol as detectProtocol, index$1_extractA2ACredentials as extractA2ACredentials, index$1_extractCredentialsFromProtocol as extractCredentialsFromProtocol, index$1_extractHttpCredentials as extractHttpCredentials, index$1_extractMcpCredentials as extractMcpCredentials, index$1_setA2AMetadata as setA2AMetadata, index$1_setHttpHeaders as setHttpHeaders, index$1_setMcpMeta as setMcpMeta };
+}
+
+/**
+ * AgentClient — Credential Presentation
+ *
+ * Agent-side SDK for automatically injecting AstraSync credentials
+ * into outgoing requests across all supported protocols.
+ */
+
+interface AgentClientConfig {
+    agentId: string;
+    verifyUrl?: string;
+    challengeUrl?: string;
+    pdlss?: AstraSyncCredentials['pdlss'];
+}
+interface FetchOptions extends RequestInit {
+    purpose?: string;
+    action?: string;
+}
+declare class AgentClient {
+    private credentials;
+    constructor(config: AgentClientConfig);
+    /**
+     * Make an HTTP request with AstraSync headers automatically injected.
+     */
+    fetch(url: string, options?: FetchOptions): Promise<Response>;
+    /**
+     * Prepare A2A task metadata with AstraSync credentials.
+     */
+    prepareA2AMetadata(task: Record<string, unknown>, overrides?: {
+        purpose?: string;
+        action?: string;
+    }): Record<string, unknown>;
+    /**
+     * Prepare MCP params with AstraSync _meta.
+     */
+    prepareMcpMeta(params: Record<string, unknown>, overrides?: {
+        purpose?: string;
+        action?: string;
+    }): Record<string, unknown>;
+    /**
+     * Generic: apply credentials to any protocol.
+     */
+    applyCredentials(protocol: ProtocolTransport, target: Record<string, unknown>, overrides?: {
+        purpose?: string;
+        action?: string;
+    }): Record<string, unknown>;
+    private buildCredentials;
+}
+
+/**
+ * ChallengeHandler — Agent-Side Runtime Challenge Responder
+ *
+ * Handles incoming runtime challenges from AstraSync's verification service.
+ * Agents register pending counterparties before initiating contact,
+ * then this handler validates and responds to challenges.
+ */
+interface ChallengeResponse {
+    status: number;
+    body: {
+        challengeId: string;
+        acknowledged: boolean;
+        pendingCounterparties: string[];
+        respondedAt: string;
+        error?: string;
+    };
+}
+interface ChallengeHandlerConfig {
+    agentId: string;
+}
+declare class ChallengeHandler {
+    private agentId;
+    private pendingCounterparties;
+    constructor(config: ChallengeHandlerConfig);
+    /**
+     * Register a counterparty as pending (before initiating contact).
+     */
+    registerPending(counterpartyId: string): void;
+    /**
+     * Remove a counterparty from pending list (after interaction complete).
+     */
+    removePending(counterpartyId: string): void;
+    /**
+     * Get current pending counterparties list.
+     */
+    getPendingList(): string[];
+    /**
+     * Express middleware for the challenge endpoint.
+     * Mount at: app.post('/astrasync/challenge', handler.expressMiddleware())
+     */
+    expressMiddleware(): (req: {
+        body: unknown;
+    }, res: {
+        status: (code: number) => {
+            json: (body: unknown) => void;
+        };
+    }) => void;
+    /**
+     * Generic handler (framework-agnostic).
+     * Returns { status, body } for the caller to send.
+     */
+    handleChallenge(body: unknown): ChallengeResponse;
+}
+
+/**
+ * PDLSS Formatter — Transport Format Conversion
+ *
+ * Converts between full PDLSS boundaries and compact transport format
+ * used in HTTP headers, A2A metadata, and MCP _meta blocks.
+ */
+
+/**
+ * Full PDLSS configuration (as returned by the backend).
+ */
+interface PDLSSConfig {
+    purpose?: {
+        categories?: string[];
+        allowedActions?: string[];
+        deniedActions?: string[];
+    };
+    duration?: {
+        maxSessionDuration?: number;
+        ttl?: number;
+        allowedDays?: number[];
+        allowedHours?: {
+            start: number;
+            end: number;
+        };
+    };
+    limits?: {
+        autonomousThreshold?: number;
+        stepUpThreshold?: number;
+        approvalThreshold?: number;
+        currency?: string;
+    };
+    scope?: {
+        jurisdictions?: string[];
+        resources?: string[];
+        resourceTypes?: string[];
+    };
+    selfInstantiation?: {
+        allowed: boolean;
+        maxDepth?: number;
+        maxSubAgents?: number;
+    };
+}
+/**
+ * Compact transport format (embedded in headers/metadata).
+ */
+type TransportPDLSS = NonNullable<AstraSyncCredentials['pdlss']>;
+/**
+ * Convert full PDLSS boundaries into compact transport format.
+ * Used by AgentClient when building credential headers/metadata.
+ */
+declare function formatPDLSSForTransport(pdlss: PDLSSConfig): TransportPDLSS;
+/**
+ * Parse transport format back into full PDLSS config.
+ * Used by counterparty-side when receiving credentials.
+ */
+declare function parsePDLSSFromTransport(transport: TransportPDLSS): PDLSSConfig;
+
+/**
+ * Decision Client — Counterparty-Side Decision Recording
+ *
+ * Helper for counterparties to record their grant/deny decisions
+ * back to AstraSync after receiving a verification result.
+ */
+
+interface RecordDecisionParams {
+    sessionId: string;
+    decision: 'granted' | 'denied';
+    reason?: string;
+    tokenIssued?: boolean;
+    auditId?: string;
+}
+interface RecordDecisionResult {
+    recorded: boolean;
+    blockchainTxHash?: string;
+}
+/**
+ * Record a counterparty's grant/deny decision for a verification session.
+ * POST to /agents/verify-access/:sessionId/decision
+ */
+declare function recordDecision(config: GatewayConfig, params: RecordDecisionParams): Promise<RecordDecisionResult>;
+
+/**
+ * Agent-Side SDK Module
+ *
+ * Tools for AI agents to present credentials, handle challenges,
+ * and interact with the AstraSync verification protocol.
+ */
+
+type index_AgentClient = AgentClient;
+declare const index_AgentClient: typeof AgentClient;
+type index_ChallengeHandler = ChallengeHandler;
+declare const index_ChallengeHandler: typeof ChallengeHandler;
+type index_PDLSSConfig = PDLSSConfig;
+type index_TransportPDLSS = TransportPDLSS;
+declare const index_formatPDLSSForTransport: typeof formatPDLSSForTransport;
+declare const index_parsePDLSSFromTransport: typeof parsePDLSSFromTransport;
+declare const index_recordDecision: typeof recordDecision;
+declare namespace index {
+  export { index_AgentClient as AgentClient, index_ChallengeHandler as ChallengeHandler, type index_PDLSSConfig as PDLSSConfig, type index_TransportPDLSS as TransportPDLSS, index_formatPDLSSForTransport as formatPDLSSForTransport, index_parsePDLSSFromTransport as parsePDLSSFromTransport, index_recordDecision as recordDecision };
+}
+
+/**
+ * AstraSync Universal Verification Gateway
+ *
+ * A single verification library for any system to verify AI agents.
+ * One codebase, multiple deployment targets.
+ *
+ * @example
+ * ```typescript
+ * import { verify, extractCredentials } from '@astrasyncai/verification-gateway';
+ *
+ * const credentials = extractCredentials(request.headers);
+ * const result = await verify(config, { credentials, purpose: 'data-access' });
+ *
+ * if (result.verified && result.accessLevel !== 'none') {
+ *   // Grant access based on result.accessLevel
+ * }
+ * ```
+ *
+ * @packageDocumentation
+ */
+
+declare const VERSION = "2.0.0";
+
+export { AccessLevel, AgentClient, AgentCredentials, AstraSyncCredentials, ChallengeHandler, GatewayConfig, ProtocolTransport, VERSION, VerificationRequest, VerificationResult, index as agent, clearCache, extractCredentials, hasCredentials, quickVerify, recordDecision, index$1 as transport, verify };