@astrasyncai/verification-gateway 2.2.3 → 2.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/dist/adapter-interface/interface.d.mts +2 -2
  2. package/dist/adapter-interface/interface.d.ts +2 -2
  3. package/dist/adapters/express.d.mts +2 -2
  4. package/dist/adapters/express.d.ts +2 -2
  5. package/dist/adapters/express.js +62 -30
  6. package/dist/adapters/express.js.map +1 -1
  7. package/dist/adapters/express.mjs +61 -27
  8. package/dist/adapters/express.mjs.map +1 -1
  9. package/dist/adapters/mcp.d.mts +245 -0
  10. package/dist/adapters/mcp.d.ts +245 -0
  11. package/dist/adapters/mcp.js +589 -0
  12. package/dist/adapters/mcp.js.map +1 -0
  13. package/dist/adapters/mcp.mjs +555 -0
  14. package/dist/adapters/mcp.mjs.map +1 -0
  15. package/dist/adapters/nextjs.d.mts +2 -2
  16. package/dist/adapters/nextjs.d.ts +2 -2
  17. package/dist/adapters/nextjs.js +60 -12
  18. package/dist/adapters/nextjs.js.map +1 -1
  19. package/dist/adapters/nextjs.mjs +60 -12
  20. package/dist/adapters/nextjs.mjs.map +1 -1
  21. package/dist/adapters/sdk.d.mts +2 -2
  22. package/dist/adapters/sdk.d.ts +2 -2
  23. package/dist/adapters/sdk.js +6 -10
  24. package/dist/adapters/sdk.js.map +1 -1
  25. package/dist/adapters/sdk.mjs +6 -10
  26. package/dist/adapters/sdk.mjs.map +1 -1
  27. package/dist/agent/index.d.mts +2 -2
  28. package/dist/agent/index.d.ts +2 -2
  29. package/dist/browser/background.js +12 -10
  30. package/dist/browser/background.js.map +1 -1
  31. package/dist/browser/background.mjs +12 -10
  32. package/dist/browser/background.mjs.map +1 -1
  33. package/dist/browser/browser-adapter.d.mts +2 -2
  34. package/dist/browser/browser-adapter.d.ts +2 -2
  35. package/dist/cli/index.d.mts +2 -2
  36. package/dist/cli/index.d.ts +2 -2
  37. package/dist/cursor/cursor-adapter.d.mts +2 -2
  38. package/dist/cursor/cursor-adapter.d.ts +2 -2
  39. package/dist/cursor/extension.d.mts +2 -2
  40. package/dist/cursor/extension.d.ts +2 -2
  41. package/dist/cursor/extension.js +12 -10
  42. package/dist/cursor/extension.js.map +1 -1
  43. package/dist/cursor/extension.mjs +12 -10
  44. package/dist/cursor/extension.mjs.map +1 -1
  45. package/dist/{express-DgwpS8Ha.d.mts → express-D9oRsseg.d.mts} +17 -14
  46. package/dist/{express-BtKlLI8U.d.ts → express-DMSIl20m.d.ts} +17 -14
  47. package/dist/gateway/gateway.d.mts +2 -2
  48. package/dist/gateway/gateway.d.ts +2 -2
  49. package/dist/gateway/gateway.js +12 -10
  50. package/dist/gateway/gateway.js.map +1 -1
  51. package/dist/gateway/gateway.mjs +12 -10
  52. package/dist/gateway/gateway.mjs.map +1 -1
  53. package/dist/git-trigger/git-hooks.d.mts +2 -2
  54. package/dist/git-trigger/git-hooks.d.ts +2 -2
  55. package/dist/{index-AzhK20t0.d.mts → index-Bn_7eGjb.d.mts} +1 -1
  56. package/dist/{index-Ba0Lvsjo.d.ts → index-BtU9yFda.d.ts} +1 -1
  57. package/dist/{index-DpJS1JEI.d.ts → index-EwUWXC5T.d.ts} +1 -1
  58. package/dist/{index-BaxpmTGA.d.mts → index-YNPs800Z.d.mts} +1 -1
  59. package/dist/index.d.mts +7 -7
  60. package/dist/index.d.ts +7 -7
  61. package/dist/index.js +96 -29
  62. package/dist/index.js.map +1 -1
  63. package/dist/index.mjs +96 -29
  64. package/dist/index.mjs.map +1 -1
  65. package/dist/local-evaluator/evaluator.d.mts +2 -2
  66. package/dist/local-evaluator/evaluator.d.ts +2 -2
  67. package/dist/{nextjs-B2kg19c1.d.ts → nextjs-B5ZBpHra.d.ts} +8 -2
  68. package/dist/{nextjs-ZymQ8jDh.d.mts → nextjs-BLtjRbc-.d.mts} +8 -2
  69. package/dist/{sdk-B7id0VFS.d.mts → sdk-BhkxvqnK.d.mts} +1 -1
  70. package/dist/{sdk-Bso0FSI0.d.ts → sdk-YmE3RG8n.d.ts} +1 -1
  71. package/dist/transport/index.d.mts +2 -2
  72. package/dist/transport/index.d.ts +2 -2
  73. package/dist/{types-BYKAY6Cc.d.ts → types-BecRpozv.d.ts} +1 -1
  74. package/dist/{types-DOrqNMgy.d.mts → types-Bxqj1sKY.d.mts} +134 -24
  75. package/dist/{types-DOrqNMgy.d.ts → types-Bxqj1sKY.d.ts} +134 -24
  76. package/dist/{types-CgXPKUwi.d.mts → types-DxY5zt4z.d.mts} +1 -1
  77. package/dist/ui/index.d.mts +1 -1
  78. package/dist/ui/index.d.ts +1 -1
  79. package/package.json +6 -1
package/dist/{express-DgwpS8Ha.d.mts → express-D9oRsseg.d.mts} RENAMED
@@ -1,5 +1,5 @@
1
1
  import { RequestHandler, Request } from 'express';
2
- import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials, a as AccessLevel } from './types-DOrqNMgy.mjs';
2
+ import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials } from './types-Bxqj1sKY.mjs';
3
3
 
4
4
  /**
5
5
  * AstraSync Universal Verification Gateway - Express Middleware
@@ -41,24 +41,27 @@ declare global {
41
41
  */
42
42
  declare function extractAstraSyncCredentials(req: Request): AstraSyncCredentials | null;
43
43
  /**
44
- * Create Express middleware for agent verification
44
+ * Create Express middleware for agent verification.
45
+ *
46
+ * v2.9.7 moved per-route policy authority out of merchant-side source code
47
+ * into the AstraSync dashboard. `createMiddleware` no longer accepts a
48
+ * `routes` array — it fetches the endpoint's stored policy via
49
+ * `GET /endpoints/:counterpartyId/routes` on init and refreshes
50
+ * periodically. Policy edits in the dashboard take effect on the next
51
+ * refresh (or sooner if the operator manually restarts the SDK).
52
+ *
53
+ * `counterpartyId` is required: the SDK can't know which endpoint's policy
54
+ * to fetch without it. Local-development workflows that don't have an
55
+ * AstraSync endpoint registered can omit it — the middleware logs a
56
+ * one-time warning and falls through (allows all) until a policy is
57
+ * fetchable.
45
58
  */
46
59
  declare function createMiddleware(options: ExpressMiddlewareOptions): RequestHandler;
47
- /**
48
- * Create a middleware that requires a specific access level
49
- */
50
- declare function requireAccess(minAccessLevel: AccessLevel, options: ExpressMiddlewareOptions): RequestHandler;
51
- /**
52
- * Create a middleware that only verifies (doesn't block)
53
- */
54
- declare function verifyOnly(options: Omit<ExpressMiddlewareOptions, 'routes' | 'onDenied'>): RequestHandler;
55
60
 
56
61
  declare const express_createMiddleware: typeof createMiddleware;
57
62
  declare const express_extractAstraSyncCredentials: typeof extractAstraSyncCredentials;
58
- declare const express_requireAccess: typeof requireAccess;
59
- declare const express_verifyOnly: typeof verifyOnly;
60
63
  declare namespace express {
61
- export { express_createMiddleware as createMiddleware, express_extractAstraSyncCredentials as extractAstraSyncCredentials, express_requireAccess as requireAccess, express_verifyOnly as verifyOnly };
64
+ export { express_createMiddleware as createMiddleware, express_extractAstraSyncCredentials as extractAstraSyncCredentials };
62
65
  }
63
66
 
64
- export { extractAstraSyncCredentials as a, createMiddleware as c, express as e, requireAccess as r, verifyOnly as v };
67
+ export { extractAstraSyncCredentials as a, createMiddleware as c, express as e };
package/dist/{express-BtKlLI8U.d.ts → express-DMSIl20m.d.ts} RENAMED
@@ -1,5 +1,5 @@
1
1
  import { RequestHandler, Request } from 'express';
2
- import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials, a as AccessLevel } from './types-DOrqNMgy.js';
2
+ import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials } from './types-Bxqj1sKY.js';
3
3
 
4
4
  /**
5
5
  * AstraSync Universal Verification Gateway - Express Middleware
@@ -41,24 +41,27 @@ declare global {
41
41
  */
42
42
  declare function extractAstraSyncCredentials(req: Request): AstraSyncCredentials | null;
43
43
  /**
44
- * Create Express middleware for agent verification
44
+ * Create Express middleware for agent verification.
45
+ *
46
+ * v2.9.7 moved per-route policy authority out of merchant-side source code
47
+ * into the AstraSync dashboard. `createMiddleware` no longer accepts a
48
+ * `routes` array — it fetches the endpoint's stored policy via
49
+ * `GET /endpoints/:counterpartyId/routes` on init and refreshes
50
+ * periodically. Policy edits in the dashboard take effect on the next
51
+ * refresh (or sooner if the operator manually restarts the SDK).
52
+ *
53
+ * `counterpartyId` is required: the SDK can't know which endpoint's policy
54
+ * to fetch without it. Local-development workflows that don't have an
55
+ * AstraSync endpoint registered can omit it — the middleware logs a
56
+ * one-time warning and falls through (allows all) until a policy is
57
+ * fetchable.
45
58
  */
46
59
  declare function createMiddleware(options: ExpressMiddlewareOptions): RequestHandler;
47
- /**
48
- * Create a middleware that requires a specific access level
49
- */
50
- declare function requireAccess(minAccessLevel: AccessLevel, options: ExpressMiddlewareOptions): RequestHandler;
51
- /**
52
- * Create a middleware that only verifies (doesn't block)
53
- */
54
- declare function verifyOnly(options: Omit<ExpressMiddlewareOptions, 'routes' | 'onDenied'>): RequestHandler;
55
60
 
56
61
  declare const express_createMiddleware: typeof createMiddleware;
57
62
  declare const express_extractAstraSyncCredentials: typeof extractAstraSyncCredentials;
58
- declare const express_requireAccess: typeof requireAccess;
59
- declare const express_verifyOnly: typeof verifyOnly;
60
63
  declare namespace express {
61
- export { express_createMiddleware as createMiddleware, express_extractAstraSyncCredentials as extractAstraSyncCredentials, express_requireAccess as requireAccess, express_verifyOnly as verifyOnly };
64
+ export { express_createMiddleware as createMiddleware, express_extractAstraSyncCredentials as extractAstraSyncCredentials };
62
65
  }
63
66
 
64
- export { extractAstraSyncCredentials as a, createMiddleware as c, express as e, requireAccess as r, verifyOnly as v };
67
+ export { extractAstraSyncCredentials as a, createMiddleware as c, express as e };
package/dist/gateway/gateway.d.mts CHANGED
@@ -1,5 +1,5 @@
1
- import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-CgXPKUwi.mjs';
2
- import '../types-DOrqNMgy.mjs';
1
+ import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-DxY5zt4z.mjs';
2
+ import '../types-Bxqj1sKY.mjs';
3
3
 
4
4
  /**
5
5
  * AstraSyncGateway — Primary API surface for agent verification.
package/dist/gateway/gateway.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-BYKAY6Cc.js';
2
- import '../types-DOrqNMgy.js';
1
+ import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-BecRpozv.js';
2
+ import '../types-Bxqj1sKY.js';
3
3
 
4
4
  /**
5
5
  * AstraSyncGateway — Primary API surface for agent verification.
package/dist/gateway/gateway.js CHANGED
@@ -3229,10 +3229,12 @@ async function verify(config, request) {
3229
3229
  return createGuidanceResponse(mergedConfig, apiResponse.error);
3230
3230
  }
3231
3231
  if (!apiResponse.access?.allowed) {
3232
+ const aggregatedFailures = apiResponse.access?.failures;
3232
3233
  const result2 = {
3233
3234
  verified: false,
3234
3235
  accessLevel: "guidance",
3235
- denialReasons: apiResponse.access?.reason ? [apiResponse.access.reason] : ["Access denied"],
3236
+ denialReasons: aggregatedFailures && aggregatedFailures.length > 0 ? aggregatedFailures.map((f) => f.message) : apiResponse.access?.reason ? [apiResponse.access.reason] : ["Access denied"],
3237
+ failures: aggregatedFailures,
3236
3238
  requiresStepUp: apiResponse.access?.requiresStepUp,
3237
3239
  requiresApproval: apiResponse.access?.requiresApproval,
3238
3240
  guidance: {
@@ -3267,14 +3269,7 @@ async function verify(config, request) {
3267
3269
  verified: apiResponse.organization.verified,
3268
3270
  trustScore: apiResponse.organization.trustScore
3269
3271
  } : void 0;
3270
- const pdlss = apiResponse.access?.pdlss ? {
3271
- purposeAllowed: apiResponse.access.pdlss.purposeAllowed,
3272
- withinDuration: apiResponse.access.pdlss.withinDuration,
3273
- withinLimits: apiResponse.access.pdlss.withinLimits,
3274
- scopeAllowed: apiResponse.access.pdlss.scopeAllowed,
3275
- selfInstantiationAllowed: apiResponse.access.pdlss.selfInstantiationAllowed,
3276
- appliedPolicy: apiResponse.access.appliedPolicy
3277
- } : void 0;
3272
+ const verificationContext = apiResponse.verificationContext;
3278
3273
  const accessLevel = apiResponse.access?.accessLevel ?? "standard";
3279
3274
  const result = {
3280
3275
  verified: true,
@@ -3282,7 +3277,8 @@ async function verify(config, request) {
3282
3277
  agent,
3283
3278
  developer,
3284
3279
  organization,
3285
- pdlss,
3280
+ appliedPolicy: apiResponse.access?.appliedPolicy,
3281
+ verificationContext,
3286
3282
  requiresStepUp: apiResponse.access?.requiresStepUp,
3287
3283
  requiresApproval: apiResponse.access?.requiresApproval,
3288
3284
  verifiedAt: /* @__PURE__ */ new Date(),
@@ -3320,6 +3316,12 @@ async function verify(config, request) {
3320
3316
  return result;
3321
3317
  }
3322
3318
 
3319
+ // src/adapters/express.ts
3320
+ var DEFAULT_ROUTES_REFRESH_MS = 5 * 60 * 1e3;
3321
+
3322
+ // src/adapters/nextjs.ts
3323
+ var DEFAULT_ROUTES_REFRESH_MS2 = 5 * 60 * 1e3;
3324
+
3323
3325
  // src/transport/rfc9421.ts
3324
3326
  var import_structured_headers = require("structured-headers");
3325
3327