@astrasyncai/verification-gateway 2.0.0 → 2.1.0

package/dist/{types-Bf8pML07.d.ts → types-CxQwJKbd.d.ts}

@@ -208,6 +208,8 @@ interface VerificationRequest {
     counterpartyType?: CounterpartyType;
     /** Counterparty URL */
     counterpartyUrl?: string;
+    /** Requested session duration in seconds (from agent's X-Astra-Duration header) */
+    durationRequired?: number;
     /** Runtime challenge options */
     runtimeChallengeOptions?: {
         timeoutOverride?: number;
@@ -225,8 +227,17 @@ interface RouteAccessConfig {
     minAccessLevel: AccessLevel;
     /** Minimum trust score required (optional) */
     minTrustScore?: number;
-    /** Required purposes (optional) */
+    /** Required purposes (optional, agent must declare one of these) */
     requiredPurposes?: string[];
+    /** Counterparty-defined PDLSS maximums — agent requests exceeding these are rejected before calling AstraSync */
+    /** Maximum session duration in seconds the counterparty will allow */
+    maxDuration?: number;
+    /** Whitelist of allowed purposes — agent's declared purpose must be in this list */
+    allowedPurposes?: string[];
+    /** Whitelist of allowed jurisdictions */
+    allowedJurisdictions?: string[];
+    /** Maximum transaction value for this route */
+    maxTransactionValue?: number;
 }
 /**
  * Express middleware options
@@ -244,6 +255,8 @@ interface ExpressMiddlewareOptions extends GatewayConfig {
     onDenied?: (result: VerificationResult, req: unknown, res: unknown) => void;
     /** Automatically create sessions and record grant/deny decisions (default: true) */
     recordDecisions?: boolean;
+    /** Enable runtime challenge for all verify-access calls (default: true) */
+    enableRuntimeChallenge?: boolean;
 }
 /**
  * Next.js middleware options
@@ -262,6 +275,8 @@ interface NextJsMiddlewareOptions extends GatewayConfig {
         allowGuestAccess?: boolean;
         guestAccessLevel?: AccessLevel;
     };
+    /** Enable runtime challenge for all verify-access calls (default: true) */
+    enableRuntimeChallenge?: boolean;
 }
 /**
  * SDK function options
@@ -364,4 +379,4 @@ interface CommerceShieldProps {
     className?: string;
 }
 
-export type { AgentCredentials as A, CommerceShieldProps as C, EnhancedVerificationResult as E, GatewayConfig as G, NextJsMiddlewareOptions as N, PDLSSInfo as P, RouteAccessConfig as R, SDKOptions as S, TokenGuidance as T, VerificationRequest as V, AccessLevel as a, VerificationResult as b, AstraSyncCredentials as c, CounterpartyType as d, ExpressMiddlewareOptions as e, GuidanceInfo as f, ProtocolTransport as g, RuntimeChallengeResult as h, TrustLevel as i, VerifiedAgent as j, VerifiedDeveloper as k, VerifiedOrganization as l };
+export type { AstraSyncCredentials as A, CounterpartyType as C, ExpressMiddlewareOptions as E, GatewayConfig as G, NextJsMiddlewareOptions as N, PDLSSInfo as P, RouteAccessConfig as R, SDKOptions as S, TokenGuidance as T, VerificationResult as V, AccessLevel as a, AgentCredentials as b, VerificationRequest as c, CommerceShieldProps as d, EnhancedVerificationResult as e, GuidanceInfo as f, ProtocolTransport as g, RuntimeChallengeResult as h, TrustLevel as i, VerifiedAgent as j, VerifiedDeveloper as k, VerifiedOrganization as l };

package/dist/{types-BvpGdsv1.d.mts → types-jJnPXStc.d.mts}

@@ -1,4 +1,4 @@
-import { a as AccessLevel, d as CounterpartyType, T as TokenGuidance } from './types-Bf8pML07.mjs';
+import { a as AccessLevel, C as CounterpartyType, T as TokenGuidance } from './types-CxQwJKbd.mjs';
 
 /**
  * AstraSync Gateway - Types for gateway modes, local evaluation, and adapter interface.
@@ -150,4 +150,4 @@ interface InterceptResult {
     skipReason?: string;
 }
 
-export type { AgentAction as A, InterceptResult as I, LocalPolicy as L, PDLSSContext as P, VerificationDecision as V, LocalPurposeRule as a, LocalScope as b, LocalRiskThresholds as c, AstraSyncGatewayConfig as d };
+export type { AgentAction as A, InterceptResult as I, LocalPolicy as L, PDLSSContext as P, VerificationDecision as V, LocalPurposeRule as a, AstraSyncGatewayConfig as b, LocalScope as c, LocalRiskThresholds as d };

package/dist/ui/index.d.mts

@@ -1,4 +1,4 @@
-import { C as CommerceShieldProps, b as VerificationResult, A as AgentCredentials, f as GuidanceInfo, i as TrustLevel } from '../types-Bf8pML07.mjs';
+import { d as CommerceShieldProps, V as VerificationResult, b as AgentCredentials, f as GuidanceInfo, i as TrustLevel } from '../types-CxQwJKbd.mjs';
 
 /**
  * AstraSync Commerce Shield Component

package/dist/ui/index.d.ts

@@ -1,4 +1,4 @@
-import { C as CommerceShieldProps, b as VerificationResult, A as AgentCredentials, f as GuidanceInfo, i as TrustLevel } from '../types-Bf8pML07.js';
+import { d as CommerceShieldProps, V as VerificationResult, b as AgentCredentials, f as GuidanceInfo, i as TrustLevel } from '../types-CxQwJKbd.js';
 
 /**
  * AstraSync Commerce Shield Component

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@astrasyncai/verification-gateway",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "Universal Verification Gateway for AstraSync KYA Platform - verify AI agents across any counterparty type",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -82,13 +82,15 @@
     "README.md"
   ],
   "scripts": {
-    "build": "tsup",
+    "build": "cross-env NODE_OPTIONS=--max-old-space-size=4096 tsup",
     "dev": "tsup --watch",
     "lint": "eslint src --ext .ts,.tsx",
     "typecheck": "tsc --noEmit",
     "test": "vitest run",
     "test:watch": "vitest watch",
-    "clean": "rm -rf dist"
+    "clean": "rm -rf dist extensions",
+    "package:extensions": "bash scripts/package-extensions.sh",
+    "prepublishOnly": "npm run clean && npm run typecheck && npm run build"
   },
   "keywords": [
     "astrasync",
@@ -106,6 +108,18 @@
     "url": "https://github.com/AstraSync-KYA/KYA-Platform.git",
     "directory": "packages/verification-gateway"
   },
+  "dependencies": {
+    "@sd-jwt/core": "^0.19.0",
+    "@sd-jwt/decode": "^0.19.0",
+    "@sd-jwt/utils": "^0.19.0",
+    "ajv": "^8.17.1",
+    "http-message-signatures": "^1.0.5",
+    "structured-headers": "^2.0.1",
+    "jose": "^5.9.6",
+    "mppx": "0.5.13",
+    "@x402/core": "^2.10.0",
+    "web-bot-auth": "^0.1.3"
+  },
   "peerDependencies": {
     "express": ">=4.0.0",
     "next": ">=13.0.0",
@@ -124,6 +138,7 @@
   },
   "devDependencies": {
     "@types/express": "^4.17.21",
+    "@types/js-yaml": "^4.0.9",
     "@types/node": "^20.10.0",
     "@types/react": "^18.2.45",
     "eslint": "^8.56.0",

package/dist/index-CNkmHmpi.d.ts

@@ -1,89 +0,0 @@
-import { c as AstraSyncCredentials, g as ProtocolTransport } from './types-Bf8pML07.js';
-
-/**
- * HTTP Transport Adapter
- *
- * Maps AstraSync credentials to/from HTTP headers (X-Astra-* convention).
- */
-
-/**
- * Inject AstraSync credentials into HTTP headers.
- */
-declare function setHttpHeaders(headers: Record<string, string>, credentials: AstraSyncCredentials): Record<string, string>;
-/**
- * Extract AstraSync credentials from HTTP headers.
- */
-declare function extractHttpCredentials(headers: Record<string, string | string[] | undefined>): AstraSyncCredentials | null;
-
-/**
- * A2A (Agent-to-Agent) Transport Adapter
- *
- * Maps AstraSync credentials to/from A2A task metadata.astrasync block.
- */
-
-interface A2ATask {
-    metadata?: Record<string, unknown>;
-    [key: string]: unknown;
-}
-/**
- * Add AstraSync credentials to an A2A task's metadata block.
- */
-declare function setA2AMetadata(task: A2ATask, credentials: AstraSyncCredentials): A2ATask;
-/**
- * Extract AstraSync credentials from an A2A task's metadata block.
- */
-declare function extractA2ACredentials(task: A2ATask): AstraSyncCredentials | null;
-
-/**
- * MCP (Model Context Protocol) Transport Adapter
- *
- * Maps AstraSync credentials to/from MCP params._meta.astrasync block.
- */
-
-interface McpParams {
-    _meta?: Record<string, unknown>;
-    [key: string]: unknown;
-}
-/**
- * Add AstraSync credentials to MCP params' _meta block.
- */
-declare function setMcpMeta(params: McpParams, credentials: AstraSyncCredentials): McpParams;
-/**
- * Extract AstraSync credentials from MCP params' _meta block.
- */
-declare function extractMcpCredentials(params: McpParams): AstraSyncCredentials | null;
-
-/**
- * Cross-Protocol Transport Module
- *
- * Provides adapters for injecting/extracting AstraSync credentials
- * across HTTP, A2A, and MCP protocols.
- */
-
-/**
- * Auto-detect protocol from request/context shape.
- */
-declare function detectProtocol(context: Record<string, unknown>): ProtocolTransport;
-/**
- * Apply credentials to any protocol target.
- */
-declare function applyCredentials(protocol: ProtocolTransport, target: Record<string, unknown>, credentials: AstraSyncCredentials): Record<string, unknown>;
-/**
- * Extract credentials from any protocol context.
- */
-declare function extractCredentialsFromProtocol(protocol: ProtocolTransport, context: Record<string, unknown>): AstraSyncCredentials | null;
-
-declare const index_applyCredentials: typeof applyCredentials;
-declare const index_detectProtocol: typeof detectProtocol;
-declare const index_extractA2ACredentials: typeof extractA2ACredentials;
-declare const index_extractCredentialsFromProtocol: typeof extractCredentialsFromProtocol;
-declare const index_extractHttpCredentials: typeof extractHttpCredentials;
-declare const index_extractMcpCredentials: typeof extractMcpCredentials;
-declare const index_setA2AMetadata: typeof setA2AMetadata;
-declare const index_setHttpHeaders: typeof setHttpHeaders;
-declare const index_setMcpMeta: typeof setMcpMeta;
-declare namespace index {
-  export { index_applyCredentials as applyCredentials, index_detectProtocol as detectProtocol, index_extractA2ACredentials as extractA2ACredentials, index_extractCredentialsFromProtocol as extractCredentialsFromProtocol, index_extractHttpCredentials as extractHttpCredentials, index_extractMcpCredentials as extractMcpCredentials, index_setA2AMetadata as setA2AMetadata, index_setHttpHeaders as setHttpHeaders, index_setMcpMeta as setMcpMeta };
-}
-
-export { applyCredentials as a, extractCredentialsFromProtocol as b, extractHttpCredentials as c, detectProtocol as d, extractA2ACredentials as e, extractMcpCredentials as f, setHttpHeaders as g, setMcpMeta as h, index as i, setA2AMetadata as s };

package/dist/index-CoLebmwv.d.mts

@@ -1,89 +0,0 @@
-import { c as AstraSyncCredentials, g as ProtocolTransport } from './types-Bf8pML07.mjs';
-
-/**
- * HTTP Transport Adapter
- *
- * Maps AstraSync credentials to/from HTTP headers (X-Astra-* convention).
- */
-
-/**
- * Inject AstraSync credentials into HTTP headers.
- */
-declare function setHttpHeaders(headers: Record<string, string>, credentials: AstraSyncCredentials): Record<string, string>;
-/**
- * Extract AstraSync credentials from HTTP headers.
- */
-declare function extractHttpCredentials(headers: Record<string, string | string[] | undefined>): AstraSyncCredentials | null;
-
-/**
- * A2A (Agent-to-Agent) Transport Adapter
- *
- * Maps AstraSync credentials to/from A2A task metadata.astrasync block.
- */
-
-interface A2ATask {
-    metadata?: Record<string, unknown>;
-    [key: string]: unknown;
-}
-/**
- * Add AstraSync credentials to an A2A task's metadata block.
- */
-declare function setA2AMetadata(task: A2ATask, credentials: AstraSyncCredentials): A2ATask;
-/**
- * Extract AstraSync credentials from an A2A task's metadata block.
- */
-declare function extractA2ACredentials(task: A2ATask): AstraSyncCredentials | null;
-
-/**
- * MCP (Model Context Protocol) Transport Adapter
- *
- * Maps AstraSync credentials to/from MCP params._meta.astrasync block.
- */
-
-interface McpParams {
-    _meta?: Record<string, unknown>;
-    [key: string]: unknown;
-}
-/**
- * Add AstraSync credentials to MCP params' _meta block.
- */
-declare function setMcpMeta(params: McpParams, credentials: AstraSyncCredentials): McpParams;
-/**
- * Extract AstraSync credentials from MCP params' _meta block.
- */
-declare function extractMcpCredentials(params: McpParams): AstraSyncCredentials | null;
-
-/**
- * Cross-Protocol Transport Module
- *
- * Provides adapters for injecting/extracting AstraSync credentials
- * across HTTP, A2A, and MCP protocols.
- */
-
-/**
- * Auto-detect protocol from request/context shape.
- */
-declare function detectProtocol(context: Record<string, unknown>): ProtocolTransport;
-/**
- * Apply credentials to any protocol target.
- */
-declare function applyCredentials(protocol: ProtocolTransport, target: Record<string, unknown>, credentials: AstraSyncCredentials): Record<string, unknown>;
-/**
- * Extract credentials from any protocol context.
- */
-declare function extractCredentialsFromProtocol(protocol: ProtocolTransport, context: Record<string, unknown>): AstraSyncCredentials | null;
-
-declare const index_applyCredentials: typeof applyCredentials;
-declare const index_detectProtocol: typeof detectProtocol;
-declare const index_extractA2ACredentials: typeof extractA2ACredentials;
-declare const index_extractCredentialsFromProtocol: typeof extractCredentialsFromProtocol;
-declare const index_extractHttpCredentials: typeof extractHttpCredentials;
-declare const index_extractMcpCredentials: typeof extractMcpCredentials;
-declare const index_setA2AMetadata: typeof setA2AMetadata;
-declare const index_setHttpHeaders: typeof setHttpHeaders;
-declare const index_setMcpMeta: typeof setMcpMeta;
-declare namespace index {
-  export { index_applyCredentials as applyCredentials, index_detectProtocol as detectProtocol, index_extractA2ACredentials as extractA2ACredentials, index_extractCredentialsFromProtocol as extractCredentialsFromProtocol, index_extractHttpCredentials as extractHttpCredentials, index_extractMcpCredentials as extractMcpCredentials, index_setA2AMetadata as setA2AMetadata, index_setHttpHeaders as setHttpHeaders, index_setMcpMeta as setMcpMeta };
-}
-
-export { applyCredentials as a, extractCredentialsFromProtocol as b, extractHttpCredentials as c, detectProtocol as d, extractA2ACredentials as e, extractMcpCredentials as f, setHttpHeaders as g, setMcpMeta as h, index as i, setA2AMetadata as s };