npm - @astrasyncai/verification-gateway - Versions diffs - 2.1.0 → 2.2.3 - Mend

@astrasyncai/verification-gateway 2.1.0 → 2.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (84) hide show

package/README.md +64 -30
package/dist/adapter-interface/interface.d.mts +2 -2
package/dist/adapter-interface/interface.d.ts +2 -2
package/dist/adapters/express.d.mts +2 -2
package/dist/adapters/express.d.ts +2 -2
package/dist/adapters/express.js +74 -95
package/dist/adapters/express.js.map +1 -1
package/dist/adapters/express.mjs +74 -95
package/dist/adapters/express.mjs.map +1 -1
package/dist/adapters/nextjs.d.mts +2 -2
package/dist/adapters/nextjs.d.ts +2 -2
package/dist/adapters/nextjs.js +74 -115
package/dist/adapters/nextjs.js.map +1 -1
package/dist/adapters/nextjs.mjs +74 -115
package/dist/adapters/nextjs.mjs.map +1 -1
package/dist/adapters/sdk.d.mts +2 -2
package/dist/adapters/sdk.d.ts +2 -2
package/dist/adapters/sdk.js +56 -55
package/dist/adapters/sdk.js.map +1 -1
package/dist/adapters/sdk.mjs +56 -55
package/dist/adapters/sdk.mjs.map +1 -1
package/dist/agent/index.d.mts +2 -2
package/dist/agent/index.d.ts +2 -2
package/dist/agent/index.js +68 -2
package/dist/agent/index.js.map +1 -1
package/dist/agent/index.mjs +66 -2
package/dist/agent/index.mjs.map +1 -1
package/dist/browser/background.js +56 -55
package/dist/browser/background.js.map +1 -1
package/dist/browser/background.mjs +56 -55
package/dist/browser/background.mjs.map +1 -1
package/dist/browser/browser-adapter.d.mts +2 -2
package/dist/browser/browser-adapter.d.ts +2 -2
package/dist/cli/index.d.mts +2 -2
package/dist/cli/index.d.ts +2 -2
package/dist/cursor/cursor-adapter.d.mts +2 -2
package/dist/cursor/cursor-adapter.d.ts +2 -2
package/dist/cursor/extension.d.mts +2 -2
package/dist/cursor/extension.d.ts +2 -2
package/dist/cursor/extension.js +56 -55
package/dist/cursor/extension.js.map +1 -1
package/dist/cursor/extension.mjs +56 -55
package/dist/cursor/extension.mjs.map +1 -1
package/dist/{express-Bcl-uBUE.d.ts → express-BtKlLI8U.d.ts} +2 -2
package/dist/{express-CtwDIZyF.d.mts → express-DgwpS8Ha.d.mts} +2 -2
package/dist/gateway/gateway.d.mts +2 -2
package/dist/gateway/gateway.d.ts +2 -2
package/dist/gateway/gateway.js +56 -55
package/dist/gateway/gateway.js.map +1 -1
package/dist/gateway/gateway.mjs +56 -55
package/dist/gateway/gateway.mjs.map +1 -1
package/dist/git-trigger/git-hooks.d.mts +2 -2
package/dist/git-trigger/git-hooks.d.ts +2 -2
package/dist/{index-BY8yQ8N8.d.mts → index-AzhK20t0.d.mts} +46 -3
package/dist/{index-CME6r4uH.d.ts → index-Ba0Lvsjo.d.ts} +1 -1
package/dist/{index-3NRaBNvp.d.mts → index-BaxpmTGA.d.mts} +1 -1
package/dist/{index-CtYSYwn3.d.ts → index-DpJS1JEI.d.ts} +46 -3
package/dist/index.d.mts +7 -7
package/dist/index.d.ts +7 -7
package/dist/index.js +158 -117
package/dist/index.js.map +1 -1
package/dist/index.mjs +158 -117
package/dist/index.mjs.map +1 -1
package/dist/local-evaluator/evaluator.d.mts +2 -2
package/dist/local-evaluator/evaluator.d.ts +2 -2
package/dist/{nextjs-CEldnIJ9.d.ts → nextjs-B2kg19c1.d.ts} +1 -1
package/dist/{nextjs-BQyMCSx_.d.mts → nextjs-ZymQ8jDh.d.mts} +1 -1
package/dist/{sdk-BhvuJSrH.d.mts → sdk-B7id0VFS.d.mts} +2 -2
package/dist/{sdk-BlyVSC_S.d.ts → sdk-Bso0FSI0.d.ts} +2 -2
package/dist/transport/index.d.mts +2 -2
package/dist/transport/index.d.ts +2 -2
package/dist/{types-79qS7aON.d.ts → types-BYKAY6Cc.d.ts} +1 -1
package/dist/{types-jJnPXStc.d.mts → types-CgXPKUwi.d.mts} +1 -1
package/dist/{types-CxQwJKbd.d.mts → types-DOrqNMgy.d.mts} +79 -13
package/dist/{types-CxQwJKbd.d.ts → types-DOrqNMgy.d.ts} +79 -13
package/dist/ui/index.d.mts +1 -1
package/dist/ui/index.d.ts +1 -1
package/dist/webhooks.d.mts +59 -0
package/dist/webhooks.d.ts +59 -0
package/dist/webhooks.js +81 -0
package/dist/webhooks.js.map +1 -0
package/dist/webhooks.mjs +55 -0
package/dist/webhooks.mjs.map +1 -0
package/package.json +8 -3

package/dist/{express-Bcl-uBUE.d.ts → express-BtKlLI8U.d.ts} RENAMED Viewed

@@ -1,5 +1,5 @@
 import { RequestHandler, Request } from 'express';
-import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials, a as AccessLevel } from './types-CxQwJKbd.js';
+import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials, a as AccessLevel } from './types-DOrqNMgy.js';
 /**
  * AstraSync Universal Verification Gateway - Express Middleware
@@ -14,7 +14,7 @@ import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncC
  * const app = express();
  *
  * app.use(createMiddleware({
- *   apiBaseUrl: 'https://api.astrasync.ai',
+ *   apiBaseUrl: 'https://astrasync.ai/api',
  *   routes: [
  *     { pattern: '/api/public/*', method: '*', minAccessLevel: 'none' },
  *     { pattern: '/api/data/*', method: 'GET', minAccessLevel: 'read-only' },

package/dist/{express-CtwDIZyF.d.mts → express-DgwpS8Ha.d.mts} RENAMED Viewed

@@ -1,5 +1,5 @@
 import { RequestHandler, Request } from 'express';
-import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials, a as AccessLevel } from './types-CxQwJKbd.mjs';
+import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials, a as AccessLevel } from './types-DOrqNMgy.mjs';
 /**
  * AstraSync Universal Verification Gateway - Express Middleware
@@ -14,7 +14,7 @@ import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncC
  * const app = express();
  *
  * app.use(createMiddleware({
- *   apiBaseUrl: 'https://api.astrasync.ai',
+ *   apiBaseUrl: 'https://astrasync.ai/api',
  *   routes: [
  *     { pattern: '/api/public/*', method: '*', minAccessLevel: 'none' },
  *     { pattern: '/api/data/*', method: 'GET', minAccessLevel: 'read-only' },

package/dist/gateway/gateway.d.mts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-jJnPXStc.mjs';
-import '../types-CxQwJKbd.mjs';
+import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-CgXPKUwi.mjs';
+import '../types-DOrqNMgy.mjs';
 /**
  * AstraSyncGateway — Primary API surface for agent verification.

package/dist/gateway/gateway.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-79qS7aON.js';
-import '../types-CxQwJKbd.js';
+import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-BYKAY6Cc.js';
+import '../types-DOrqNMgy.js';
 /**
  * AstraSyncGateway — Primary API surface for agent verification.

package/dist/gateway/gateway.js CHANGED Viewed

@@ -3047,51 +3047,45 @@ var ACCESS_LEVEL_HIERARCHY = {
   full: 4,
   internal: 5
 };
-var DEFAULT_TRUST_THRESHOLDS = {
-  none: 0,
-  guidance: 0,
-  "read-only": 20,
-  standard: 40,
-  full: 70,
-  internal: 0
-  // Internal is based on org membership, not score
-};
 function getTrustLevel(score) {
   if (score >= 80) return "PLATINUM";
   if (score >= 60) return "GOLD";
   if (score >= 40) return "SILVER";
   return "BRONZE";
 }
-function getAccessLevelForScore(trustScore, thresholds = DEFAULT_TRUST_THRESHOLDS) {
-  if (trustScore >= thresholds.full) return "full";
-  if (trustScore >= thresholds.standard) return "standard";
-  if (trustScore >= thresholds["read-only"]) return "read-only";
-  return "guidance";
-}
-function determineAccessLevel(verified, trustScore, isOrgMember, customThresholds) {
-  if (!verified) {
-    return "guidance";
-  }
-  if (isOrgMember) {
-    return "internal";
-  }
-  const thresholds = {
-    ...DEFAULT_TRUST_THRESHOLDS,
-    ...customThresholds
-  };
-  return getAccessLevelForScore(trustScore, thresholds);
-}
 // src/verify.ts
 var DEFAULT_CONFIG = {
-  apiBaseUrl: "https://api.astrasync.ai",
+  apiBaseUrl: "https://astrasync.ai/api",
   defaultAccessLevel: "guidance",
-  minTrustScore: 40,
-  minTrustScoreForFull: 70,
+  // minTrustScore + minTrustScoreForFull deprecated in v2.3.0 — server decides.
   cacheTtl: 300,
   // 5 minutes
   debug: false
 };
+var initCheckPerformed = false;
+var deprecationWarningShown = false;
+async function performInitCheck(apiBaseUrl, debug) {
+  initCheckPerformed = true;
+  try {
+    const probeUrl = `${apiBaseUrl}/agents/verify-access`;
+    const response = await fetch(probeUrl, { method: "HEAD" });
+    const contentType = response.headers.get("content-type") ?? "";
+    if (contentType.startsWith("text/html")) {
+      console.warn(
+        `[VerificationGateway] apiBaseUrl '${apiBaseUrl}' returned HTML (content-type: ${contentType}). This usually means apiBaseUrl is pointing at a marketing site instead of the API. Expected: 'https://astrasync.ai/api' (prod) or 'https://staging.astrasync.ai/api' (staging). Set disableInitChecks: true on GatewayConfig to silence this warning.`
+      );
+    } else if (debug) {
+      console.log(
+        `[VerificationGateway] init check passed for ${apiBaseUrl} (content-type: ${contentType})`
+      );
+    }
+  } catch (err) {
+    if (debug) {
+      console.log(`[VerificationGateway] init check failed (non-blocking): ${String(err)}`);
+    }
+  }
+}
 var verificationCache = /* @__PURE__ */ new Map();
 function getCacheKey(credentials) {
   return `${credentials.astraId || ""}-${credentials.apiKey || ""}-${credentials.jwt || ""}`;
@@ -3114,9 +3108,6 @@ function cacheResult(credentials, result, ttlSeconds) {
     expiresAt: Date.now() + ttlSeconds * 1e3
   });
 }
-function hasCredentials(credentials) {
-  return !!(credentials.astraId || credentials.apiKey || credentials.jwt);
-}
 function createGuidanceResponse(config, reason) {
   const guidance = {
     message: "This service verifies AI agents before granting access. Please register your agent with AstraSync.",
@@ -3140,7 +3131,7 @@ function createGuidanceResponse(config, reason) {
 async function callVerifyAccessAPI(config, request) {
   const { credentials, ...requestData } = request;
   const body = {
-    agentId: credentials.astraId,
+    ...credentials.astraId && { agentId: credentials.astraId },
     purpose: requestData.purpose || "general"
   };
   if (requestData.action) body.action = requestData.action;
@@ -3152,21 +3143,34 @@ async function callVerifyAccessAPI(config, request) {
   if (requestData.isSubAgentRequest) body.isSubAgentRequest = requestData.isSubAgentRequest;
   if (requestData.parentAgentId) body.parentAgentId = requestData.parentAgentId;
   if (requestData.subAgentDepth !== void 0) body.subAgentDepth = requestData.subAgentDepth;
-  if (requestData.enableRuntimeChallenge) body.enableRuntimeChallenge = requestData.enableRuntimeChallenge;
+  if (requestData.enableRuntimeChallenge)
+    body.enableRuntimeChallenge = requestData.enableRuntimeChallenge;
   if (requestData.createSession) body.createSession = requestData.createSession;
   if (requestData.durationRequired) body.durationRequired = requestData.durationRequired;
   if (requestData.counterpartyType) body.counterpartyType = requestData.counterpartyType;
   if (requestData.counterpartyUrl) body.counterpartyUrl = requestData.counterpartyUrl;
-  if (requestData.runtimeChallengeOptions) body.runtimeChallengeOptions = requestData.runtimeChallengeOptions;
+  if (config.counterpartyId) body.counterpartyId = config.counterpartyId;
+  if (requestData.runtimeChallengeOptions)
+    body.runtimeChallengeOptions = requestData.runtimeChallengeOptions;
+  if (requestData.callerMetadata || requestData.clientIp || requestData.userAgent) {
+    const meta = {
+      ...requestData.clientIp && { sourceIp: requestData.clientIp },
+      ...requestData.userAgent && { userAgent: requestData.userAgent },
+      ...requestData.callerMetadata
+    };
+    if (Object.keys(meta).length > 0) body.callerMetadata = meta;
+  }
   const headers = {
     "Content-Type": "application/json",
     ...config.customHeaders
   };
-  if (config.apiKey) {
-    headers["X-API-Key"] = config.apiKey;
-  }
   if (credentials.authorizationHeader) {
     headers["Authorization"] = credentials.authorizationHeader;
+  } else if (config.apiKey) {
+    headers["Authorization"] = `Bearer ${config.apiKey}`;
+  }
+  if (config.apiKey) {
+    headers["X-API-Key"] = config.apiKey;
   }
   try {
     const response = await fetch(`${config.apiBaseUrl}/agents/verify-access`, {
@@ -3192,8 +3196,14 @@ async function callVerifyAccessAPI(config, request) {
 }
 async function verify(config, request) {
   const mergedConfig = { ...DEFAULT_CONFIG, ...config };
-  if (!hasCredentials(request.credentials)) {
-    return createGuidanceResponse(mergedConfig, "No agent credentials provided");
+  if (!initCheckPerformed && !mergedConfig.disableInitChecks && mergedConfig.apiBaseUrl) {
+    void performInitCheck(mergedConfig.apiBaseUrl, mergedConfig.debug);
+  }
+  if (!deprecationWarningShown && (config.minTrustScore !== void 0 || config.minTrustScoreForFull !== void 0)) {
+    deprecationWarningShown = true;
+    console.warn(
+      "[VerificationGateway] minTrustScore / minTrustScoreForFull are deprecated in v2.3.0 and have no effect. Server is now the single source of truth for access-level decisions (the SDK reads access.accessLevel from the verify-access response). To gate access to an endpoint, configure the endpoint's trust_score_requirement server-side."
+    );
   }
   if (mergedConfig.cacheTtl && mergedConfig.cacheTtl > 0) {
     const cached = getCachedResult(request.credentials);
@@ -3265,18 +3275,7 @@ async function verify(config, request) {
     selfInstantiationAllowed: apiResponse.access.pdlss.selfInstantiationAllowed,
     appliedPolicy: apiResponse.access.appliedPolicy
   } : void 0;
-  const trustScore = agent?.trustScore || 0;
-  const isOrgMember = false;
-  const accessLevel = determineAccessLevel(
-    true,
-    trustScore,
-    isOrgMember,
-    {
-      "read-only": 20,
-      standard: mergedConfig.minTrustScore || 40,
-      full: mergedConfig.minTrustScoreForFull || 70
-    }
-  );
+  const accessLevel = apiResponse.access?.accessLevel ?? "standard";
   const result = {
     verified: true,
     accessLevel,
@@ -3298,7 +3297,9 @@ async function verify(config, request) {
   if (result.recommendation === "deny") {
     result.verified = false;
     result.accessLevel = "none";
-    result.denialReasons = result.recommendationReasons || ["Access denied by AstraSync recommendation"];
+    result.denialReasons = result.recommendationReasons || [
+      "Access denied by AstraSync recommendation"
+    ];
     if (result.runtimeChallenge) {
       result.guidance = {
         message: `Verification failed: ${result.runtimeChallenge.reason || "runtime challenge failed"}`,