npm - @astrasyncai/verification-gateway - Versions diffs - 2.3.7 → 2.3.9 - Mend

@astrasyncai/verification-gateway 2.3.7 → 2.3.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (84) hide show

package/README.md +93 -10
package/dist/adapter-interface/interface.d.mts +2 -2
package/dist/adapter-interface/interface.d.ts +2 -2
package/dist/adapters/express.d.mts +2 -2
package/dist/adapters/express.d.ts +2 -2
package/dist/adapters/express.js +81 -7
package/dist/adapters/express.js.map +1 -1
package/dist/adapters/express.mjs +81 -7
package/dist/adapters/express.mjs.map +1 -1
package/dist/adapters/mcp.d.mts +1 -1
package/dist/adapters/mcp.d.ts +1 -1
package/dist/adapters/mcp.js +84 -12
package/dist/adapters/mcp.js.map +1 -1
package/dist/adapters/mcp.mjs +84 -12
package/dist/adapters/mcp.mjs.map +1 -1
package/dist/adapters/nextjs.d.mts +2 -2
package/dist/adapters/nextjs.d.ts +2 -2
package/dist/adapters/nextjs.js +40 -6
package/dist/adapters/nextjs.js.map +1 -1
package/dist/adapters/nextjs.mjs +40 -6
package/dist/adapters/nextjs.mjs.map +1 -1
package/dist/adapters/sdk.d.mts +2 -2
package/dist/adapters/sdk.d.ts +2 -2
package/dist/adapters/sdk.js +40 -6
package/dist/adapters/sdk.js.map +1 -1
package/dist/adapters/sdk.mjs +40 -6
package/dist/adapters/sdk.mjs.map +1 -1
package/dist/agent/index.d.mts +2 -2
package/dist/agent/index.d.ts +2 -2
package/dist/browser/background.js +39 -5
package/dist/browser/background.js.map +1 -1
package/dist/browser/background.mjs +39 -5
package/dist/browser/background.mjs.map +1 -1
package/dist/browser/browser-adapter.d.mts +2 -2
package/dist/browser/browser-adapter.d.ts +2 -2
package/dist/cli/index.d.mts +2 -2
package/dist/cli/index.d.ts +2 -2
package/dist/cursor/cursor-adapter.d.mts +2 -2
package/dist/cursor/cursor-adapter.d.ts +2 -2
package/dist/cursor/extension.d.mts +2 -2
package/dist/cursor/extension.d.ts +2 -2
package/dist/cursor/extension.js +39 -5
package/dist/cursor/extension.js.map +1 -1
package/dist/cursor/extension.mjs +39 -5
package/dist/cursor/extension.mjs.map +1 -1
package/dist/{express-D9oRsseg.d.mts → express-BiB51d5t.d.mts} +1 -1
package/dist/{express-DMSIl20m.d.ts → express-D6tEDU08.d.ts} +1 -1
package/dist/gateway/gateway.d.mts +2 -2
package/dist/gateway/gateway.d.ts +2 -2
package/dist/gateway/gateway.js +39 -5
package/dist/gateway/gateway.js.map +1 -1
package/dist/gateway/gateway.mjs +39 -5
package/dist/gateway/gateway.mjs.map +1 -1
package/dist/git-trigger/git-hooks.d.mts +2 -2
package/dist/git-trigger/git-hooks.d.ts +2 -2
package/dist/{index-EwUWXC5T.d.ts → index-8DFMpITk.d.ts} +1 -1
package/dist/{index-YNPs800Z.d.mts → index-B--6fiDp.d.mts} +1 -1
package/dist/{index-Bn_7eGjb.d.mts → index-CAykfMWK.d.mts} +1 -1
package/dist/{index-BtU9yFda.d.ts → index-Yt02MRyu.d.ts} +1 -1
package/dist/index.d.mts +7 -7
package/dist/index.d.ts +7 -7
package/dist/index.js +87 -13
package/dist/index.js.map +1 -1
package/dist/index.mjs +87 -13
package/dist/index.mjs.map +1 -1
package/dist/local-evaluator/evaluator.d.mts +2 -2
package/dist/local-evaluator/evaluator.d.ts +2 -2
package/dist/{nextjs-B5ZBpHra.d.ts → nextjs-CK5F_tVZ.d.ts} +1 -1
package/dist/{nextjs-BLtjRbc-.d.mts → nextjs-CpxqfQqD.d.mts} +1 -1
package/dist/{sdk-BhkxvqnK.d.mts → sdk-BMvauMgP.d.ts} +9 -2
package/dist/{sdk-YmE3RG8n.d.ts → sdk-yJjO7yzn.d.mts} +9 -2
package/dist/transport/index.d.mts +2 -2
package/dist/transport/index.d.ts +2 -2
package/dist/{types-DxY5zt4z.d.mts → types-CKafuHDn.d.mts} +1 -1
package/dist/{types-Bxqj1sKY.d.mts → types-UYT4GdPW.d.mts} +42 -4
package/dist/{types-Bxqj1sKY.d.ts → types-UYT4GdPW.d.ts} +42 -4
package/dist/{types-BecRpozv.d.ts → types-ppkhdldJ.d.ts} +1 -1
package/dist/ui/index.d.mts +1 -1
package/dist/ui/index.d.ts +1 -1
package/dist/ui/index.js +3 -3
package/dist/ui/index.js.map +1 -1
package/dist/ui/index.mjs +3 -3
package/dist/ui/index.mjs.map +1 -1
package/package.json +1 -1

package/dist/agent/index.d.mts CHANGED Viewed

@@ -1,2 +1,2 @@
-export { A as AgentClient, a as AstraSyncSdkError, C as ChallengeHandler, O as OwnershipMismatchError, P as PDLSSConfig, T as TransportPDLSS, f as formatPDLSSForTransport, p as parsePDLSSFromTransport, r as recordDecision } from '../index-Bn_7eGjb.mjs';
-import '../types-Bxqj1sKY.mjs';
+export { A as AgentClient, a as AstraSyncSdkError, C as ChallengeHandler, O as OwnershipMismatchError, P as PDLSSConfig, T as TransportPDLSS, f as formatPDLSSForTransport, p as parsePDLSSFromTransport, r as recordDecision } from '../index-CAykfMWK.mjs';
+import '../types-UYT4GdPW.mjs';

package/dist/agent/index.d.ts CHANGED Viewed

@@ -1,2 +1,2 @@
-export { A as AgentClient, a as AstraSyncSdkError, C as ChallengeHandler, O as OwnershipMismatchError, P as PDLSSConfig, T as TransportPDLSS, f as formatPDLSSForTransport, p as parsePDLSSFromTransport, r as recordDecision } from '../index-EwUWXC5T.js';
-import '../types-Bxqj1sKY.js';
+export { A as AgentClient, a as AstraSyncSdkError, C as ChallengeHandler, O as OwnershipMismatchError, P as PDLSSConfig, T as TransportPDLSS, f as formatPDLSSForTransport, p as parsePDLSSFromTransport, r as recordDecision } from '../index-8DFMpITk.js';
+import '../types-UYT4GdPW.js';

package/dist/browser/background.js CHANGED Viewed

@@ -3281,7 +3281,7 @@ function verifyLocal(evaluator, context) {
 // src/access-levels.ts
 var ACCESS_LEVEL_HIERARCHY = {
   none: 0,
-  guidance: 1,
+  restricted: 1,
   "read-only": 2,
   standard: 3,
   full: 4,
@@ -3297,7 +3297,11 @@ function getTrustLevel(score) {
 // src/verify.ts
 var DEFAULT_CONFIG = {
   apiBaseUrl: "https://astrasync.ai/api",
-  defaultAccessLevel: "guidance",
+  // v2.3.9 (defect #30): default for unconfigured callers is `'none'` (no
+  // access). Pre-rename this defaulted to `'guidance'`, which combined with
+  // a route gated at `'guidance'` to silently let unverified traffic
+  // through (`hasMinimumAccess('guidance', 'guidance') === true`).
+  defaultAccessLevel: "none",
   // minTrustScore + minTrustScoreForFull deprecated in v2.3.0 — server decides.
   cacheTtl: 300,
   // 5 minutes
@@ -3362,7 +3366,12 @@ function createGuidanceResponse(config, reason) {
   };
   return {
     verified: false,
-    accessLevel: "guidance",
+    // v2.3.9 (defect #30): denials grant `'none'`, NEVER a positive band.
+    // Adapters additionally short-circuit on `verified === false` before
+    // the gate check, but the access level still has to be honest at the
+    // data layer so downstream consumers (SDK adapters in other languages,
+    // custom integrations) inherit the correct semantics.
+    accessLevel: "none",
     guidance,
     denialReasons: reason ? [reason] : ["No valid agent credentials provided"],
     verifiedAt: /* @__PURE__ */ new Date()
@@ -3419,6 +3428,23 @@ async function callVerifyAccessAPI(config, request) {
       body: JSON.stringify(body)
     });
     const data = await response.json();
+    if (response.status === 410) {
+      return {
+        success: true,
+        access: {
+          allowed: false,
+          accessLevel: "none",
+          reason: "endpoint_deactivated",
+          failures: [
+            {
+              dimension: "endpoint.deactivated",
+              message: typeof data?.message === "string" ? data.message : "Endpoint has been deactivated",
+              guidance: typeof data?.guidance === "string" ? data.guidance : "Reactivate via POST /api/endpoints/{id}/reactivate, or update the URL on the calling agent."
+            }
+          ]
+        }
+      };
+    }
     if (!response.ok) {
       return {
         success: false,
@@ -3472,7 +3498,14 @@ async function verify(config, request) {
     const aggregatedFailures = apiResponse.access?.failures;
     const result2 = {
       verified: false,
-      accessLevel: "guidance",
+      // v2.3.9 (defect #30): denials grant `'none'`, NEVER a positive band.
+      // Pre-rename this hardcoded `'guidance'`, which conflated with the
+      // colocated `guidance: {...}` help-payload object below and let
+      // denied requests pass any route gated at `'guidance'` because
+      // `hasMinimumAccess('guidance', 'guidance') === true`. Adapters now
+      // ALSO short-circuit on `verified === false` before the gate check —
+      // belt-and-braces.
+      accessLevel: "none",
       denialReasons: aggregatedFailures && aggregatedFailures.length > 0 ? aggregatedFailures.map((f) => f.message) : apiResponse.access?.reason ? [apiResponse.access.reason] : ["Access denied"],
       failures: aggregatedFailures,
       requiresStepUp: apiResponse.access?.requiresStepUp,
@@ -3528,7 +3561,8 @@ async function verify(config, request) {
     runtimeChallenge: apiResponse.runtimeChallenge,
     tokenGuidance: apiResponse.tokenGuidance,
     recommendation: apiResponse.recommendation,
-    recommendationReasons: apiResponse.recommendationReasons
+    recommendationReasons: apiResponse.recommendationReasons,
+    warningHeader: apiResponse.warningHeader
   };
   if (result.recommendation === "deny") {
     result.verified = false;