@astrasyncai/verification-gateway 2.3.4 → 2.3.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter-interface/interface.d.mts +2 -2
- package/dist/adapter-interface/interface.d.ts +2 -2
- package/dist/adapters/express.d.mts +2 -2
- package/dist/adapters/express.d.ts +2 -2
- package/dist/adapters/express.js +59 -21
- package/dist/adapters/express.js.map +1 -1
- package/dist/adapters/express.mjs +58 -18
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/mcp.d.mts +245 -0
- package/dist/adapters/mcp.d.ts +245 -0
- package/dist/adapters/mcp.js +589 -0
- package/dist/adapters/mcp.js.map +1 -0
- package/dist/adapters/mcp.mjs +555 -0
- package/dist/adapters/mcp.mjs.map +1 -0
- package/dist/adapters/nextjs.d.mts +2 -2
- package/dist/adapters/nextjs.d.ts +2 -2
- package/dist/adapters/nextjs.js +57 -3
- package/dist/adapters/nextjs.js.map +1 -1
- package/dist/adapters/nextjs.mjs +57 -3
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/adapters/sdk.d.mts +2 -2
- package/dist/adapters/sdk.d.ts +2 -2
- package/dist/adapters/sdk.js +3 -1
- package/dist/adapters/sdk.js.map +1 -1
- package/dist/adapters/sdk.mjs +3 -1
- package/dist/adapters/sdk.mjs.map +1 -1
- package/dist/agent/index.d.mts +2 -2
- package/dist/agent/index.d.ts +2 -2
- package/dist/browser/background.js +9 -1
- package/dist/browser/background.js.map +1 -1
- package/dist/browser/background.mjs +9 -1
- package/dist/browser/background.mjs.map +1 -1
- package/dist/browser/browser-adapter.d.mts +2 -2
- package/dist/browser/browser-adapter.d.ts +2 -2
- package/dist/cli/index.d.mts +2 -2
- package/dist/cli/index.d.ts +2 -2
- package/dist/cursor/cursor-adapter.d.mts +2 -2
- package/dist/cursor/cursor-adapter.d.ts +2 -2
- package/dist/cursor/extension.d.mts +2 -2
- package/dist/cursor/extension.d.ts +2 -2
- package/dist/cursor/extension.js +9 -1
- package/dist/cursor/extension.js.map +1 -1
- package/dist/cursor/extension.mjs +9 -1
- package/dist/cursor/extension.mjs.map +1 -1
- package/dist/{express-DtvJ6BGt.d.mts → express-D9oRsseg.d.mts} +17 -14
- package/dist/{express-CraCA8_t.d.ts → express-DMSIl20m.d.ts} +17 -14
- package/dist/gateway/gateway.d.mts +2 -2
- package/dist/gateway/gateway.d.ts +2 -2
- package/dist/gateway/gateway.js +9 -1
- package/dist/gateway/gateway.js.map +1 -1
- package/dist/gateway/gateway.mjs +9 -1
- package/dist/gateway/gateway.mjs.map +1 -1
- package/dist/git-trigger/git-hooks.d.mts +2 -2
- package/dist/git-trigger/git-hooks.d.ts +2 -2
- package/dist/{index-BZ85CeEr.d.mts → index-Bn_7eGjb.d.mts} +1 -1
- package/dist/{index--KzVRa32.d.ts → index-BtU9yFda.d.ts} +1 -1
- package/dist/{index-BzAFmemy.d.ts → index-EwUWXC5T.d.ts} +1 -1
- package/dist/{index-SEgnWzkf.d.mts → index-YNPs800Z.d.mts} +1 -1
- package/dist/index.d.mts +7 -7
- package/dist/index.d.ts +7 -7
- package/dist/index.js +93 -20
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +93 -20
- package/dist/index.mjs.map +1 -1
- package/dist/local-evaluator/evaluator.d.mts +2 -2
- package/dist/local-evaluator/evaluator.d.ts +2 -2
- package/dist/{nextjs-B8o9C0t6.d.ts → nextjs-B5ZBpHra.d.ts} +8 -2
- package/dist/{nextjs-DZHAn9j-.d.mts → nextjs-BLtjRbc-.d.mts} +8 -2
- package/dist/{sdk-CRSUFQH2.d.mts → sdk-BhkxvqnK.d.mts} +1 -1
- package/dist/{sdk-BQ3olp3v.d.ts → sdk-YmE3RG8n.d.ts} +1 -1
- package/dist/transport/index.d.mts +2 -2
- package/dist/transport/index.d.ts +2 -2
- package/dist/{types-osMd_dpT.d.ts → types-BecRpozv.d.ts} +1 -1
- package/dist/{types-JMgPake9.d.mts → types-Bxqj1sKY.d.mts} +48 -6
- package/dist/{types-JMgPake9.d.ts → types-Bxqj1sKY.d.ts} +48 -6
- package/dist/{types-aN1UHhyy.d.mts → types-DxY5zt4z.d.mts} +1 -1
- package/dist/ui/index.d.mts +1 -1
- package/dist/ui/index.d.ts +1 -1
- package/package.json +6 -1
package/dist/index.mjs
CHANGED
|
@@ -334,10 +334,12 @@ async function verify(config, request) {
|
|
|
334
334
|
return createGuidanceResponse(mergedConfig, apiResponse.error);
|
|
335
335
|
}
|
|
336
336
|
if (!apiResponse.access?.allowed) {
|
|
337
|
+
const aggregatedFailures = apiResponse.access?.failures;
|
|
337
338
|
const result2 = {
|
|
338
339
|
verified: false,
|
|
339
340
|
accessLevel: "guidance",
|
|
340
|
-
denialReasons: apiResponse.access?.reason ? [apiResponse.access.reason] : ["Access denied"],
|
|
341
|
+
denialReasons: aggregatedFailures && aggregatedFailures.length > 0 ? aggregatedFailures.map((f) => f.message) : apiResponse.access?.reason ? [apiResponse.access.reason] : ["Access denied"],
|
|
342
|
+
failures: aggregatedFailures,
|
|
341
343
|
requiresStepUp: apiResponse.access?.requiresStepUp,
|
|
342
344
|
requiresApproval: apiResponse.access?.requiresApproval,
|
|
343
345
|
guidance: {
|
|
@@ -431,6 +433,25 @@ async function recordDecision(config, sessionId, decision, reason) {
|
|
|
431
433
|
}).catch(() => {
|
|
432
434
|
});
|
|
433
435
|
}
|
|
436
|
+
async function fetchRoutes(config, counterpartyId) {
|
|
437
|
+
if (!counterpartyId) return null;
|
|
438
|
+
const headers = { "Content-Type": "application/json" };
|
|
439
|
+
if (config.apiKey) {
|
|
440
|
+
headers["Authorization"] = `Bearer ${config.apiKey}`;
|
|
441
|
+
headers["X-API-Key"] = config.apiKey;
|
|
442
|
+
}
|
|
443
|
+
try {
|
|
444
|
+
const response = await fetch(
|
|
445
|
+
`${config.apiBaseUrl}/endpoints/${encodeURIComponent(counterpartyId)}/routes`,
|
|
446
|
+
{ method: "GET", headers }
|
|
447
|
+
);
|
|
448
|
+
if (!response.ok) return null;
|
|
449
|
+
const body = await response.json();
|
|
450
|
+
return body.data?.routes ?? [];
|
|
451
|
+
} catch {
|
|
452
|
+
return null;
|
|
453
|
+
}
|
|
454
|
+
}
|
|
434
455
|
async function reportCounterpartyPreCheckFailure(config, data) {
|
|
435
456
|
const apiBaseUrl = config.apiBaseUrl || DEFAULT_CONFIG.apiBaseUrl;
|
|
436
457
|
await fetch(`${apiBaseUrl}/verification-activity/counterparty-pre-check-failure`, {
|
|
@@ -456,9 +477,7 @@ async function quickVerify(config, credentials) {
|
|
|
456
477
|
var express_exports = {};
|
|
457
478
|
__export(express_exports, {
|
|
458
479
|
createMiddleware: () => createMiddleware,
|
|
459
|
-
extractAstraSyncCredentials: () => extractAstraSyncCredentials
|
|
460
|
-
requireAccess: () => requireAccess,
|
|
461
|
-
verifyOnly: () => verifyOnly
|
|
480
|
+
extractAstraSyncCredentials: () => extractAstraSyncCredentials
|
|
462
481
|
});
|
|
463
482
|
|
|
464
483
|
// src/transport/http.ts
|
|
@@ -631,24 +650,57 @@ function defaultOnDenied(result, _req, res) {
|
|
|
631
650
|
}
|
|
632
651
|
});
|
|
633
652
|
}
|
|
653
|
+
var DEFAULT_ROUTES_REFRESH_MS = 5 * 60 * 1e3;
|
|
634
654
|
function createMiddleware(options) {
|
|
635
655
|
const {
|
|
636
|
-
routes = [],
|
|
637
656
|
extractCredentials: customExtractCredentials,
|
|
638
657
|
extractPurpose: customExtractPurpose,
|
|
639
658
|
skipPaths = [],
|
|
640
659
|
onDenied = defaultOnDenied,
|
|
641
660
|
recordDecisions,
|
|
642
661
|
enableRuntimeChallenge = true,
|
|
662
|
+
routesRefreshMs = DEFAULT_ROUTES_REFRESH_MS,
|
|
643
663
|
...config
|
|
644
664
|
} = options;
|
|
665
|
+
let cachedRoutes = [];
|
|
666
|
+
let lastFetchAt = 0;
|
|
667
|
+
let refreshing = null;
|
|
668
|
+
let warnedNoCounterparty = false;
|
|
669
|
+
async function refreshRoutes() {
|
|
670
|
+
if (!config.counterpartyId) {
|
|
671
|
+
if (!warnedNoCounterparty) {
|
|
672
|
+
console.warn(
|
|
673
|
+
"[VerificationGateway] No counterpartyId configured \u2014 falling through (allow all). Per-route policy lives in the AstraSync dashboard now; register the endpoint and set counterpartyId in your middleware config to enforce policy."
|
|
674
|
+
);
|
|
675
|
+
warnedNoCounterparty = true;
|
|
676
|
+
}
|
|
677
|
+
return;
|
|
678
|
+
}
|
|
679
|
+
const fetched = await fetchRoutes(config, config.counterpartyId);
|
|
680
|
+
if (fetched) {
|
|
681
|
+
cachedRoutes = fetched;
|
|
682
|
+
lastFetchAt = Date.now();
|
|
683
|
+
}
|
|
684
|
+
}
|
|
685
|
+
refreshing = refreshRoutes().finally(() => {
|
|
686
|
+
refreshing = null;
|
|
687
|
+
});
|
|
645
688
|
return async (req, res, next) => {
|
|
646
689
|
try {
|
|
647
690
|
const shouldSkip = skipPaths.some((pattern) => matchRoute(pattern, req.path));
|
|
648
691
|
if (shouldSkip) {
|
|
649
692
|
return next();
|
|
650
693
|
}
|
|
651
|
-
|
|
694
|
+
if (refreshing) {
|
|
695
|
+
await refreshing.catch(() => {
|
|
696
|
+
});
|
|
697
|
+
}
|
|
698
|
+
if (config.counterpartyId && Date.now() - lastFetchAt > routesRefreshMs) {
|
|
699
|
+
refreshing = refreshRoutes().finally(() => {
|
|
700
|
+
refreshing = null;
|
|
701
|
+
});
|
|
702
|
+
}
|
|
703
|
+
const routeConfig = findRouteConfig(cachedRoutes, req.path, req.method);
|
|
652
704
|
if (!routeConfig) {
|
|
653
705
|
return next();
|
|
654
706
|
}
|
|
@@ -743,18 +795,6 @@ function createMiddleware(options) {
|
|
|
743
795
|
}
|
|
744
796
|
};
|
|
745
797
|
}
|
|
746
|
-
function requireAccess(minAccessLevel, options) {
|
|
747
|
-
return createMiddleware({
|
|
748
|
-
...options,
|
|
749
|
-
routes: [{ pattern: "*", method: "*", minAccessLevel }]
|
|
750
|
-
});
|
|
751
|
-
}
|
|
752
|
-
function verifyOnly(options) {
|
|
753
|
-
return createMiddleware({
|
|
754
|
-
...options,
|
|
755
|
-
routes: [{ pattern: "*", method: "*", minAccessLevel: "none" }]
|
|
756
|
-
});
|
|
757
|
-
}
|
|
758
798
|
|
|
759
799
|
// src/adapters/nextjs.ts
|
|
760
800
|
var nextjs_exports = {};
|
|
@@ -978,14 +1018,38 @@ function generateCommerceShieldHtml(result, options) {
|
|
|
978
1018
|
</html>
|
|
979
1019
|
`.trim();
|
|
980
1020
|
}
|
|
1021
|
+
var DEFAULT_ROUTES_REFRESH_MS2 = 5 * 60 * 1e3;
|
|
981
1022
|
function createMiddleware2(options) {
|
|
982
1023
|
const {
|
|
983
|
-
routes = [],
|
|
984
1024
|
skipPaths = [],
|
|
985
1025
|
showCommerceShield = true,
|
|
986
1026
|
enableRuntimeChallenge = true,
|
|
1027
|
+
routesRefreshMs = DEFAULT_ROUTES_REFRESH_MS2,
|
|
987
1028
|
...config
|
|
988
1029
|
} = options;
|
|
1030
|
+
let cachedRoutes = [];
|
|
1031
|
+
let lastFetchAt = 0;
|
|
1032
|
+
let refreshing = null;
|
|
1033
|
+
let warnedNoCounterparty = false;
|
|
1034
|
+
async function refreshRoutes() {
|
|
1035
|
+
if (!config.counterpartyId) {
|
|
1036
|
+
if (!warnedNoCounterparty) {
|
|
1037
|
+
console.warn(
|
|
1038
|
+
"[VerificationGateway/Next.js] No counterpartyId configured \u2014 falling through (allow all). Per-route policy lives in the AstraSync dashboard now; register the endpoint and set counterpartyId in your middleware config to enforce policy."
|
|
1039
|
+
);
|
|
1040
|
+
warnedNoCounterparty = true;
|
|
1041
|
+
}
|
|
1042
|
+
return;
|
|
1043
|
+
}
|
|
1044
|
+
const fetched = await fetchRoutes(config, config.counterpartyId);
|
|
1045
|
+
if (fetched) {
|
|
1046
|
+
cachedRoutes = fetched;
|
|
1047
|
+
lastFetchAt = Date.now();
|
|
1048
|
+
}
|
|
1049
|
+
}
|
|
1050
|
+
refreshing = refreshRoutes().finally(() => {
|
|
1051
|
+
refreshing = null;
|
|
1052
|
+
});
|
|
989
1053
|
return async function middleware(request) {
|
|
990
1054
|
const { NextResponse } = await import("next/server");
|
|
991
1055
|
const pathname = request.nextUrl.pathname;
|
|
@@ -993,7 +1057,16 @@ function createMiddleware2(options) {
|
|
|
993
1057
|
if (shouldSkip) {
|
|
994
1058
|
return NextResponse.next();
|
|
995
1059
|
}
|
|
996
|
-
|
|
1060
|
+
if (refreshing) {
|
|
1061
|
+
await refreshing.catch(() => {
|
|
1062
|
+
});
|
|
1063
|
+
}
|
|
1064
|
+
if (config.counterpartyId && Date.now() - lastFetchAt > routesRefreshMs) {
|
|
1065
|
+
refreshing = refreshRoutes().finally(() => {
|
|
1066
|
+
refreshing = null;
|
|
1067
|
+
});
|
|
1068
|
+
}
|
|
1069
|
+
const routeConfig = findRouteConfig2(cachedRoutes, pathname, request.method);
|
|
997
1070
|
if (!routeConfig) {
|
|
998
1071
|
return NextResponse.next();
|
|
999
1072
|
}
|