@astrasyncai/verification-gateway 2.3.4 → 2.3.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/dist/adapter-interface/interface.d.mts +2 -2
  2. package/dist/adapter-interface/interface.d.ts +2 -2
  3. package/dist/adapters/express.d.mts +2 -2
  4. package/dist/adapters/express.d.ts +2 -2
  5. package/dist/adapters/express.js +101 -22
  6. package/dist/adapters/express.js.map +1 -1
  7. package/dist/adapters/express.mjs +100 -19
  8. package/dist/adapters/express.mjs.map +1 -1
  9. package/dist/adapters/mcp.d.mts +245 -0
  10. package/dist/adapters/mcp.d.ts +245 -0
  11. package/dist/adapters/mcp.js +619 -0
  12. package/dist/adapters/mcp.js.map +1 -0
  13. package/dist/adapters/mcp.mjs +585 -0
  14. package/dist/adapters/mcp.mjs.map +1 -0
  15. package/dist/adapters/nextjs.d.mts +2 -2
  16. package/dist/adapters/nextjs.d.ts +2 -2
  17. package/dist/adapters/nextjs.js +76 -4
  18. package/dist/adapters/nextjs.js.map +1 -1
  19. package/dist/adapters/nextjs.mjs +76 -4
  20. package/dist/adapters/nextjs.mjs.map +1 -1
  21. package/dist/adapters/sdk.d.mts +2 -2
  22. package/dist/adapters/sdk.d.ts +2 -2
  23. package/dist/adapters/sdk.js +22 -2
  24. package/dist/adapters/sdk.js.map +1 -1
  25. package/dist/adapters/sdk.mjs +22 -2
  26. package/dist/adapters/sdk.mjs.map +1 -1
  27. package/dist/agent/index.d.mts +2 -2
  28. package/dist/agent/index.d.ts +2 -2
  29. package/dist/browser/background.js +28 -2
  30. package/dist/browser/background.js.map +1 -1
  31. package/dist/browser/background.mjs +28 -2
  32. package/dist/browser/background.mjs.map +1 -1
  33. package/dist/browser/browser-adapter.d.mts +2 -2
  34. package/dist/browser/browser-adapter.d.ts +2 -2
  35. package/dist/cli/index.d.mts +2 -2
  36. package/dist/cli/index.d.ts +2 -2
  37. package/dist/cursor/cursor-adapter.d.mts +2 -2
  38. package/dist/cursor/cursor-adapter.d.ts +2 -2
  39. package/dist/cursor/extension.d.mts +2 -2
  40. package/dist/cursor/extension.d.ts +2 -2
  41. package/dist/cursor/extension.js +28 -2
  42. package/dist/cursor/extension.js.map +1 -1
  43. package/dist/cursor/extension.mjs +28 -2
  44. package/dist/cursor/extension.mjs.map +1 -1
  45. package/dist/{express-DtvJ6BGt.d.mts → express-BNWqDVIz.d.mts} +17 -14
  46. package/dist/{express-CraCA8_t.d.ts → express-BYup_4Jg.d.ts} +17 -14
  47. package/dist/gateway/gateway.d.mts +2 -2
  48. package/dist/gateway/gateway.d.ts +2 -2
  49. package/dist/gateway/gateway.js +28 -2
  50. package/dist/gateway/gateway.js.map +1 -1
  51. package/dist/gateway/gateway.mjs +28 -2
  52. package/dist/gateway/gateway.mjs.map +1 -1
  53. package/dist/git-trigger/git-hooks.d.mts +2 -2
  54. package/dist/git-trigger/git-hooks.d.ts +2 -2
  55. package/dist/{index-SEgnWzkf.d.mts → index-BHXa2WTO.d.mts} +1 -1
  56. package/dist/{index-BZ85CeEr.d.mts → index-CK4lNLVn.d.mts} +1 -1
  57. package/dist/{index--KzVRa32.d.ts → index-CSMpOcxV.d.ts} +1 -1
  58. package/dist/{index-BzAFmemy.d.ts → index-DN3ztP2d.d.ts} +1 -1
  59. package/dist/index.d.mts +7 -7
  60. package/dist/index.d.ts +7 -7
  61. package/dist/index.js +135 -21
  62. package/dist/index.js.map +1 -1
  63. package/dist/index.mjs +135 -21
  64. package/dist/index.mjs.map +1 -1
  65. package/dist/local-evaluator/evaluator.d.mts +2 -2
  66. package/dist/local-evaluator/evaluator.d.ts +2 -2
  67. package/dist/{nextjs-DZHAn9j-.d.mts → nextjs-Bzdfu8Eg.d.mts} +8 -2
  68. package/dist/{nextjs-B8o9C0t6.d.ts → nextjs-C4h_MpgK.d.ts} +8 -2
  69. package/dist/{sdk-CRSUFQH2.d.mts → sdk-CDdD7EcJ.d.mts} +1 -1
  70. package/dist/{sdk-BQ3olp3v.d.ts → sdk-Tzsn6s-O.d.ts} +1 -1
  71. package/dist/transport/index.d.mts +2 -2
  72. package/dist/transport/index.d.ts +2 -2
  73. package/dist/{types-osMd_dpT.d.ts → types-Bzp1SMaD.d.ts} +1 -1
  74. package/dist/{types-JMgPake9.d.mts → types-D_tmbDA_.d.mts} +75 -7
  75. package/dist/{types-JMgPake9.d.ts → types-D_tmbDA_.d.ts} +75 -7
  76. package/dist/{types-aN1UHhyy.d.mts → types-z-QVnG4b.d.mts} +1 -1
  77. package/dist/ui/index.d.mts +1 -1
  78. package/dist/ui/index.d.ts +1 -1
  79. package/package.json +6 -1
package/dist/{express-DtvJ6BGt.d.mts → express-BNWqDVIz.d.mts} RENAMED
@@ -1,5 +1,5 @@
1
1
  import { RequestHandler, Request } from 'express';
2
- import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials, a as AccessLevel } from './types-JMgPake9.mjs';
2
+ import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials } from './types-D_tmbDA_.mjs';
3
3
 
4
4
  /**
5
5
  * AstraSync Universal Verification Gateway - Express Middleware
@@ -41,24 +41,27 @@ declare global {
41
41
  */
42
42
  declare function extractAstraSyncCredentials(req: Request): AstraSyncCredentials | null;
43
43
  /**
44
- * Create Express middleware for agent verification
44
+ * Create Express middleware for agent verification.
45
+ *
46
+ * v2.9.7 moved per-route policy authority out of merchant-side source code
47
+ * into the AstraSync dashboard. `createMiddleware` no longer accepts a
48
+ * `routes` array — it fetches the endpoint's stored policy via
49
+ * `GET /endpoints/:counterpartyId/routes` on init and refreshes
50
+ * periodically. Policy edits in the dashboard take effect on the next
51
+ * refresh (or sooner if the operator manually restarts the SDK).
52
+ *
53
+ * `counterpartyId` is required: the SDK can't know which endpoint's policy
54
+ * to fetch without it. Local-development workflows that don't have an
55
+ * AstraSync endpoint registered can omit it — the middleware logs a
56
+ * one-time warning and falls through (allows all) until a policy is
57
+ * fetchable.
45
58
  */
46
59
  declare function createMiddleware(options: ExpressMiddlewareOptions): RequestHandler;
47
- /**
48
- * Create a middleware that requires a specific access level
49
- */
50
- declare function requireAccess(minAccessLevel: AccessLevel, options: ExpressMiddlewareOptions): RequestHandler;
51
- /**
52
- * Create a middleware that only verifies (doesn't block)
53
- */
54
- declare function verifyOnly(options: Omit<ExpressMiddlewareOptions, 'routes' | 'onDenied'>): RequestHandler;
55
60
 
56
61
  declare const express_createMiddleware: typeof createMiddleware;
57
62
  declare const express_extractAstraSyncCredentials: typeof extractAstraSyncCredentials;
58
- declare const express_requireAccess: typeof requireAccess;
59
- declare const express_verifyOnly: typeof verifyOnly;
60
63
  declare namespace express {
61
- export { express_createMiddleware as createMiddleware, express_extractAstraSyncCredentials as extractAstraSyncCredentials, express_requireAccess as requireAccess, express_verifyOnly as verifyOnly };
64
+ export { express_createMiddleware as createMiddleware, express_extractAstraSyncCredentials as extractAstraSyncCredentials };
62
65
  }
63
66
 
64
- export { extractAstraSyncCredentials as a, createMiddleware as c, express as e, requireAccess as r, verifyOnly as v };
67
+ export { extractAstraSyncCredentials as a, createMiddleware as c, express as e };
package/dist/{express-CraCA8_t.d.ts → express-BYup_4Jg.d.ts} RENAMED
@@ -1,5 +1,5 @@
1
1
  import { RequestHandler, Request } from 'express';
2
- import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials, a as AccessLevel } from './types-JMgPake9.js';
2
+ import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials } from './types-D_tmbDA_.js';
3
3
 
4
4
  /**
5
5
  * AstraSync Universal Verification Gateway - Express Middleware
@@ -41,24 +41,27 @@ declare global {
41
41
  */
42
42
  declare function extractAstraSyncCredentials(req: Request): AstraSyncCredentials | null;
43
43
  /**
44
- * Create Express middleware for agent verification
44
+ * Create Express middleware for agent verification.
45
+ *
46
+ * v2.9.7 moved per-route policy authority out of merchant-side source code
47
+ * into the AstraSync dashboard. `createMiddleware` no longer accepts a
48
+ * `routes` array — it fetches the endpoint's stored policy via
49
+ * `GET /endpoints/:counterpartyId/routes` on init and refreshes
50
+ * periodically. Policy edits in the dashboard take effect on the next
51
+ * refresh (or sooner if the operator manually restarts the SDK).
52
+ *
53
+ * `counterpartyId` is required: the SDK can't know which endpoint's policy
54
+ * to fetch without it. Local-development workflows that don't have an
55
+ * AstraSync endpoint registered can omit it — the middleware logs a
56
+ * one-time warning and falls through (allows all) until a policy is
57
+ * fetchable.
45
58
  */
46
59
  declare function createMiddleware(options: ExpressMiddlewareOptions): RequestHandler;
47
- /**
48
- * Create a middleware that requires a specific access level
49
- */
50
- declare function requireAccess(minAccessLevel: AccessLevel, options: ExpressMiddlewareOptions): RequestHandler;
51
- /**
52
- * Create a middleware that only verifies (doesn't block)
53
- */
54
- declare function verifyOnly(options: Omit<ExpressMiddlewareOptions, 'routes' | 'onDenied'>): RequestHandler;
55
60
 
56
61
  declare const express_createMiddleware: typeof createMiddleware;
57
62
  declare const express_extractAstraSyncCredentials: typeof extractAstraSyncCredentials;
58
- declare const express_requireAccess: typeof requireAccess;
59
- declare const express_verifyOnly: typeof verifyOnly;
60
63
  declare namespace express {
61
- export { express_createMiddleware as createMiddleware, express_extractAstraSyncCredentials as extractAstraSyncCredentials, express_requireAccess as requireAccess, express_verifyOnly as verifyOnly };
64
+ export { express_createMiddleware as createMiddleware, express_extractAstraSyncCredentials as extractAstraSyncCredentials };
62
65
  }
63
66
 
64
- export { extractAstraSyncCredentials as a, createMiddleware as c, express as e, requireAccess as r, verifyOnly as v };
67
+ export { extractAstraSyncCredentials as a, createMiddleware as c, express as e };
package/dist/gateway/gateway.d.mts CHANGED
@@ -1,5 +1,5 @@
1
- import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-aN1UHhyy.mjs';
2
- import '../types-JMgPake9.mjs';
1
+ import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-z-QVnG4b.mjs';
2
+ import '../types-D_tmbDA_.mjs';
3
3
 
4
4
  /**
5
5
  * AstraSyncGateway — Primary API surface for agent verification.
package/dist/gateway/gateway.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-osMd_dpT.js';
2
- import '../types-JMgPake9.js';
1
+ import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-Bzp1SMaD.js';
2
+ import '../types-D_tmbDA_.js';
3
3
 
4
4
  /**
5
5
  * AstraSyncGateway — Primary API surface for agent verification.
package/dist/gateway/gateway.js CHANGED
@@ -3179,6 +3179,23 @@ async function callVerifyAccessAPI(config, request) {
3179
3179
  body: JSON.stringify(body)
3180
3180
  });
3181
3181
  const data = await response.json();
3182
+ if (response.status === 410) {
3183
+ return {
3184
+ success: true,
3185
+ access: {
3186
+ allowed: false,
3187
+ accessLevel: "none",
3188
+ reason: "endpoint_deactivated",
3189
+ failures: [
3190
+ {
3191
+ dimension: "endpoint.deactivated",
3192
+ message: typeof data?.message === "string" ? data.message : "Endpoint has been deactivated",
3193
+ guidance: typeof data?.guidance === "string" ? data.guidance : "Reactivate via POST /api/endpoints/{id}/reactivate, or update the URL on the calling agent."
3194
+ }
3195
+ ]
3196
+ }
3197
+ };
3198
+ }
3182
3199
  if (!response.ok) {
3183
3200
  return {
3184
3201
  success: false,
@@ -3229,10 +3246,12 @@ async function verify(config, request) {
3229
3246
  return createGuidanceResponse(mergedConfig, apiResponse.error);
3230
3247
  }
3231
3248
  if (!apiResponse.access?.allowed) {
3249
+ const aggregatedFailures = apiResponse.access?.failures;
3232
3250
  const result2 = {
3233
3251
  verified: false,
3234
3252
  accessLevel: "guidance",
3235
- denialReasons: apiResponse.access?.reason ? [apiResponse.access.reason] : ["Access denied"],
3253
+ denialReasons: aggregatedFailures && aggregatedFailures.length > 0 ? aggregatedFailures.map((f) => f.message) : apiResponse.access?.reason ? [apiResponse.access.reason] : ["Access denied"],
3254
+ failures: aggregatedFailures,
3236
3255
  requiresStepUp: apiResponse.access?.requiresStepUp,
3237
3256
  requiresApproval: apiResponse.access?.requiresApproval,
3238
3257
  guidance: {
@@ -3286,7 +3305,8 @@ async function verify(config, request) {
3286
3305
  runtimeChallenge: apiResponse.runtimeChallenge,
3287
3306
  tokenGuidance: apiResponse.tokenGuidance,
3288
3307
  recommendation: apiResponse.recommendation,
3289
- recommendationReasons: apiResponse.recommendationReasons
3308
+ recommendationReasons: apiResponse.recommendationReasons,
3309
+ warningHeader: apiResponse.warningHeader
3290
3310
  };
3291
3311
  if (result.recommendation === "deny") {
3292
3312
  result.verified = false;
@@ -3314,6 +3334,12 @@ async function verify(config, request) {
3314
3334
  return result;
3315
3335
  }
3316
3336
 
3337
+ // src/adapters/express.ts
3338
+ var DEFAULT_ROUTES_REFRESH_MS = 5 * 60 * 1e3;
3339
+
3340
+ // src/adapters/nextjs.ts
3341
+ var DEFAULT_ROUTES_REFRESH_MS2 = 5 * 60 * 1e3;
3342
+
3317
3343
  // src/transport/rfc9421.ts
3318
3344
  var import_structured_headers = require("structured-headers");
3319
3345