@astrasyncai/verification-gateway 2.2.0 → 2.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +64 -30
- package/dist/adapter-interface/interface.d.mts +2 -2
- package/dist/adapter-interface/interface.d.ts +2 -2
- package/dist/adapters/express.d.mts +2 -2
- package/dist/adapters/express.d.ts +2 -2
- package/dist/adapters/express.js +40 -89
- package/dist/adapters/express.js.map +1 -1
- package/dist/adapters/express.mjs +40 -89
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/nextjs.d.mts +2 -2
- package/dist/adapters/nextjs.d.ts +2 -2
- package/dist/adapters/nextjs.js +39 -109
- package/dist/adapters/nextjs.js.map +1 -1
- package/dist/adapters/nextjs.mjs +39 -109
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/adapters/sdk.d.mts +2 -2
- package/dist/adapters/sdk.d.ts +2 -2
- package/dist/adapters/sdk.js +39 -53
- package/dist/adapters/sdk.js.map +1 -1
- package/dist/adapters/sdk.mjs +39 -53
- package/dist/adapters/sdk.mjs.map +1 -1
- package/dist/agent/index.d.mts +2 -2
- package/dist/agent/index.d.ts +2 -2
- package/dist/agent/index.js +2 -2
- package/dist/agent/index.js.map +1 -1
- package/dist/agent/index.mjs +2 -2
- package/dist/agent/index.mjs.map +1 -1
- package/dist/browser/background.js +39 -53
- package/dist/browser/background.js.map +1 -1
- package/dist/browser/background.mjs +39 -53
- package/dist/browser/background.mjs.map +1 -1
- package/dist/browser/browser-adapter.d.mts +2 -2
- package/dist/browser/browser-adapter.d.ts +2 -2
- package/dist/cli/index.d.mts +2 -2
- package/dist/cli/index.d.ts +2 -2
- package/dist/cursor/cursor-adapter.d.mts +2 -2
- package/dist/cursor/cursor-adapter.d.ts +2 -2
- package/dist/cursor/extension.d.mts +2 -2
- package/dist/cursor/extension.d.ts +2 -2
- package/dist/cursor/extension.js +39 -53
- package/dist/cursor/extension.js.map +1 -1
- package/dist/cursor/extension.mjs +39 -53
- package/dist/cursor/extension.mjs.map +1 -1
- package/dist/{express-DpwYW08E.d.ts → express-CraCA8_t.d.ts} +2 -2
- package/dist/{express-C9KqJNWV.d.mts → express-DtvJ6BGt.d.mts} +2 -2
- package/dist/gateway/gateway.d.mts +2 -2
- package/dist/gateway/gateway.d.ts +2 -2
- package/dist/gateway/gateway.js +39 -53
- package/dist/gateway/gateway.js.map +1 -1
- package/dist/gateway/gateway.mjs +39 -53
- package/dist/gateway/gateway.mjs.map +1 -1
- package/dist/git-trigger/git-hooks.d.mts +2 -2
- package/dist/git-trigger/git-hooks.d.ts +2 -2
- package/dist/{index-gM-lgX_X.d.ts → index--KzVRa32.d.ts} +1 -1
- package/dist/{index-BMZdjGT4.d.mts → index-BZ85CeEr.d.mts} +2 -2
- package/dist/{index-Dm2xA6j1.d.ts → index-BzAFmemy.d.ts} +2 -2
- package/dist/{index-DlsYN3Et.d.mts → index-SEgnWzkf.d.mts} +1 -1
- package/dist/index.d.mts +7 -7
- package/dist/index.d.ts +7 -7
- package/dist/index.js +42 -107
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +42 -107
- package/dist/index.mjs.map +1 -1
- package/dist/local-evaluator/evaluator.d.mts +2 -2
- package/dist/local-evaluator/evaluator.d.ts +2 -2
- package/dist/{nextjs-yNzimC3a.d.ts → nextjs-B8o9C0t6.d.ts} +1 -1
- package/dist/{nextjs-BEqidT0U.d.mts → nextjs-DZHAn9j-.d.mts} +1 -1
- package/dist/{sdk-CP9C9Qu0.d.ts → sdk-BQ3olp3v.d.ts} +2 -2
- package/dist/{sdk-7fa9H0qa.d.mts → sdk-CRSUFQH2.d.mts} +2 -2
- package/dist/transport/index.d.mts +2 -2
- package/dist/transport/index.d.ts +2 -2
- package/dist/{types-CrVMq_Td.d.mts → types-JMgPake9.d.mts} +135 -28
- package/dist/{types-CrVMq_Td.d.ts → types-JMgPake9.d.ts} +135 -28
- package/dist/{types-DE0ooQJ6.d.mts → types-aN1UHhyy.d.mts} +1 -1
- package/dist/{types-rigu2bH3.d.ts → types-osMd_dpT.d.ts} +1 -1
- package/dist/ui/index.d.mts +1 -1
- package/dist/ui/index.d.ts +1 -1
- package/dist/webhooks.d.mts +59 -0
- package/dist/webhooks.d.ts +59 -0
- package/dist/webhooks.js +81 -0
- package/dist/webhooks.js.map +1 -0
- package/dist/webhooks.mjs +55 -0
- package/dist/webhooks.mjs.map +1 -0
- package/package.json +6 -1
package/dist/gateway/gateway.mjs
CHANGED
|
@@ -3021,51 +3021,45 @@ var ACCESS_LEVEL_HIERARCHY = {
|
|
|
3021
3021
|
full: 4,
|
|
3022
3022
|
internal: 5
|
|
3023
3023
|
};
|
|
3024
|
-
var DEFAULT_TRUST_THRESHOLDS = {
|
|
3025
|
-
none: 0,
|
|
3026
|
-
guidance: 0,
|
|
3027
|
-
"read-only": 20,
|
|
3028
|
-
standard: 40,
|
|
3029
|
-
full: 70,
|
|
3030
|
-
internal: 0
|
|
3031
|
-
// Internal is based on org membership, not score
|
|
3032
|
-
};
|
|
3033
3024
|
function getTrustLevel(score) {
|
|
3034
3025
|
if (score >= 80) return "PLATINUM";
|
|
3035
3026
|
if (score >= 60) return "GOLD";
|
|
3036
3027
|
if (score >= 40) return "SILVER";
|
|
3037
3028
|
return "BRONZE";
|
|
3038
3029
|
}
|
|
3039
|
-
function getAccessLevelForScore(trustScore, thresholds = DEFAULT_TRUST_THRESHOLDS) {
|
|
3040
|
-
if (trustScore >= thresholds.full) return "full";
|
|
3041
|
-
if (trustScore >= thresholds.standard) return "standard";
|
|
3042
|
-
if (trustScore >= thresholds["read-only"]) return "read-only";
|
|
3043
|
-
return "guidance";
|
|
3044
|
-
}
|
|
3045
|
-
function determineAccessLevel(verified, trustScore, isOrgMember, customThresholds) {
|
|
3046
|
-
if (!verified) {
|
|
3047
|
-
return "guidance";
|
|
3048
|
-
}
|
|
3049
|
-
if (isOrgMember) {
|
|
3050
|
-
return "internal";
|
|
3051
|
-
}
|
|
3052
|
-
const thresholds = {
|
|
3053
|
-
...DEFAULT_TRUST_THRESHOLDS,
|
|
3054
|
-
...customThresholds
|
|
3055
|
-
};
|
|
3056
|
-
return getAccessLevelForScore(trustScore, thresholds);
|
|
3057
|
-
}
|
|
3058
3030
|
|
|
3059
3031
|
// src/verify.ts
|
|
3060
3032
|
var DEFAULT_CONFIG = {
|
|
3061
|
-
apiBaseUrl: "https://
|
|
3033
|
+
apiBaseUrl: "https://astrasync.ai/api",
|
|
3062
3034
|
defaultAccessLevel: "guidance",
|
|
3063
|
-
minTrustScore
|
|
3064
|
-
minTrustScoreForFull: 70,
|
|
3035
|
+
// minTrustScore + minTrustScoreForFull deprecated in v2.3.0 — server decides.
|
|
3065
3036
|
cacheTtl: 300,
|
|
3066
3037
|
// 5 minutes
|
|
3067
3038
|
debug: false
|
|
3068
3039
|
};
|
|
3040
|
+
var initCheckPerformed = false;
|
|
3041
|
+
var deprecationWarningShown = false;
|
|
3042
|
+
async function performInitCheck(apiBaseUrl, debug) {
|
|
3043
|
+
initCheckPerformed = true;
|
|
3044
|
+
try {
|
|
3045
|
+
const probeUrl = `${apiBaseUrl}/agents/verify-access`;
|
|
3046
|
+
const response = await fetch(probeUrl, { method: "HEAD" });
|
|
3047
|
+
const contentType = response.headers.get("content-type") ?? "";
|
|
3048
|
+
if (contentType.startsWith("text/html")) {
|
|
3049
|
+
console.warn(
|
|
3050
|
+
`[VerificationGateway] apiBaseUrl '${apiBaseUrl}' returned HTML (content-type: ${contentType}). This usually means apiBaseUrl is pointing at a marketing site instead of the API. Expected: 'https://astrasync.ai/api' (prod) or 'https://staging.astrasync.ai/api' (staging). Set disableInitChecks: true on GatewayConfig to silence this warning.`
|
|
3051
|
+
);
|
|
3052
|
+
} else if (debug) {
|
|
3053
|
+
console.log(
|
|
3054
|
+
`[VerificationGateway] init check passed for ${apiBaseUrl} (content-type: ${contentType})`
|
|
3055
|
+
);
|
|
3056
|
+
}
|
|
3057
|
+
} catch (err) {
|
|
3058
|
+
if (debug) {
|
|
3059
|
+
console.log(`[VerificationGateway] init check failed (non-blocking): ${String(err)}`);
|
|
3060
|
+
}
|
|
3061
|
+
}
|
|
3062
|
+
}
|
|
3069
3063
|
var verificationCache = /* @__PURE__ */ new Map();
|
|
3070
3064
|
function getCacheKey(credentials) {
|
|
3071
3065
|
return `${credentials.astraId || ""}-${credentials.apiKey || ""}-${credentials.jwt || ""}`;
|
|
@@ -3088,9 +3082,6 @@ function cacheResult(credentials, result, ttlSeconds) {
|
|
|
3088
3082
|
expiresAt: Date.now() + ttlSeconds * 1e3
|
|
3089
3083
|
});
|
|
3090
3084
|
}
|
|
3091
|
-
function hasCredentials(credentials) {
|
|
3092
|
-
return !!(credentials.astraId || credentials.apiKey || credentials.jwt);
|
|
3093
|
-
}
|
|
3094
3085
|
function createGuidanceResponse(config, reason) {
|
|
3095
3086
|
const guidance = {
|
|
3096
3087
|
message: "This service verifies AI agents before granting access. Please register your agent with AstraSync.",
|
|
@@ -3114,7 +3105,7 @@ function createGuidanceResponse(config, reason) {
|
|
|
3114
3105
|
async function callVerifyAccessAPI(config, request) {
|
|
3115
3106
|
const { credentials, ...requestData } = request;
|
|
3116
3107
|
const body = {
|
|
3117
|
-
agentId: credentials.astraId,
|
|
3108
|
+
...credentials.astraId && { agentId: credentials.astraId },
|
|
3118
3109
|
purpose: requestData.purpose || "general"
|
|
3119
3110
|
};
|
|
3120
3111
|
if (requestData.action) body.action = requestData.action;
|
|
@@ -3132,6 +3123,7 @@ async function callVerifyAccessAPI(config, request) {
|
|
|
3132
3123
|
if (requestData.durationRequired) body.durationRequired = requestData.durationRequired;
|
|
3133
3124
|
if (requestData.counterpartyType) body.counterpartyType = requestData.counterpartyType;
|
|
3134
3125
|
if (requestData.counterpartyUrl) body.counterpartyUrl = requestData.counterpartyUrl;
|
|
3126
|
+
if (config.counterpartyId) body.counterpartyId = config.counterpartyId;
|
|
3135
3127
|
if (requestData.runtimeChallengeOptions)
|
|
3136
3128
|
body.runtimeChallengeOptions = requestData.runtimeChallengeOptions;
|
|
3137
3129
|
if (requestData.callerMetadata || requestData.clientIp || requestData.userAgent) {
|
|
@@ -3178,8 +3170,14 @@ async function callVerifyAccessAPI(config, request) {
|
|
|
3178
3170
|
}
|
|
3179
3171
|
async function verify(config, request) {
|
|
3180
3172
|
const mergedConfig = { ...DEFAULT_CONFIG, ...config };
|
|
3181
|
-
if (!
|
|
3182
|
-
|
|
3173
|
+
if (!initCheckPerformed && !mergedConfig.disableInitChecks && mergedConfig.apiBaseUrl) {
|
|
3174
|
+
void performInitCheck(mergedConfig.apiBaseUrl, mergedConfig.debug);
|
|
3175
|
+
}
|
|
3176
|
+
if (!deprecationWarningShown && (config.minTrustScore !== void 0 || config.minTrustScoreForFull !== void 0)) {
|
|
3177
|
+
deprecationWarningShown = true;
|
|
3178
|
+
console.warn(
|
|
3179
|
+
"[VerificationGateway] minTrustScore / minTrustScoreForFull are deprecated in v2.3.0 and have no effect. Server is now the single source of truth for access-level decisions (the SDK reads access.accessLevel from the verify-access response). To gate access to an endpoint, configure the endpoint's trust_score_requirement server-side."
|
|
3180
|
+
);
|
|
3183
3181
|
}
|
|
3184
3182
|
if (mergedConfig.cacheTtl && mergedConfig.cacheTtl > 0) {
|
|
3185
3183
|
const cached = getCachedResult(request.credentials);
|
|
@@ -3243,28 +3241,16 @@ async function verify(config, request) {
|
|
|
3243
3241
|
verified: apiResponse.organization.verified,
|
|
3244
3242
|
trustScore: apiResponse.organization.trustScore
|
|
3245
3243
|
} : void 0;
|
|
3246
|
-
const
|
|
3247
|
-
|
|
3248
|
-
withinDuration: apiResponse.access.pdlss.withinDuration,
|
|
3249
|
-
withinLimits: apiResponse.access.pdlss.withinLimits,
|
|
3250
|
-
scopeAllowed: apiResponse.access.pdlss.scopeAllowed,
|
|
3251
|
-
selfInstantiationAllowed: apiResponse.access.pdlss.selfInstantiationAllowed,
|
|
3252
|
-
appliedPolicy: apiResponse.access.appliedPolicy
|
|
3253
|
-
} : void 0;
|
|
3254
|
-
const trustScore = agent?.trustScore || 0;
|
|
3255
|
-
const isOrgMember = false;
|
|
3256
|
-
const accessLevel = determineAccessLevel(true, trustScore, isOrgMember, {
|
|
3257
|
-
"read-only": 20,
|
|
3258
|
-
standard: mergedConfig.minTrustScore || 40,
|
|
3259
|
-
full: mergedConfig.minTrustScoreForFull || 70
|
|
3260
|
-
});
|
|
3244
|
+
const verificationContext = apiResponse.verificationContext;
|
|
3245
|
+
const accessLevel = apiResponse.access?.accessLevel ?? "standard";
|
|
3261
3246
|
const result = {
|
|
3262
3247
|
verified: true,
|
|
3263
3248
|
accessLevel,
|
|
3264
3249
|
agent,
|
|
3265
3250
|
developer,
|
|
3266
3251
|
organization,
|
|
3267
|
-
|
|
3252
|
+
appliedPolicy: apiResponse.access?.appliedPolicy,
|
|
3253
|
+
verificationContext,
|
|
3268
3254
|
requiresStepUp: apiResponse.access?.requiresStepUp,
|
|
3269
3255
|
requiresApproval: apiResponse.access?.requiresApproval,
|
|
3270
3256
|
verifiedAt: /* @__PURE__ */ new Date(),
|