@astrasyncai/verification-gateway 2.3.8 → 2.3.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +93 -10
- package/dist/adapter-interface/interface.d.mts +2 -2
- package/dist/adapter-interface/interface.d.ts +2 -2
- package/dist/adapters/express.d.mts +2 -2
- package/dist/adapters/express.d.ts +2 -2
- package/dist/adapters/express.js +45 -6
- package/dist/adapters/express.js.map +1 -1
- package/dist/adapters/express.mjs +45 -6
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/mcp.d.mts +1 -1
- package/dist/adapters/mcp.d.ts +1 -1
- package/dist/adapters/mcp.js +93 -11
- package/dist/adapters/mcp.js.map +1 -1
- package/dist/adapters/mcp.mjs +93 -11
- package/dist/adapters/mcp.mjs.map +1 -1
- package/dist/adapters/nextjs.d.mts +2 -2
- package/dist/adapters/nextjs.d.ts +2 -2
- package/dist/adapters/nextjs.js +27 -5
- package/dist/adapters/nextjs.js.map +1 -1
- package/dist/adapters/nextjs.mjs +27 -5
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/adapters/sdk.d.mts +2 -2
- package/dist/adapters/sdk.d.ts +2 -2
- package/dist/adapters/sdk.js +27 -5
- package/dist/adapters/sdk.js.map +1 -1
- package/dist/adapters/sdk.mjs +27 -5
- package/dist/adapters/sdk.mjs.map +1 -1
- package/dist/agent/index.d.mts +2 -2
- package/dist/agent/index.d.ts +2 -2
- package/dist/browser/background.js +26 -4
- package/dist/browser/background.js.map +1 -1
- package/dist/browser/background.mjs +26 -4
- package/dist/browser/background.mjs.map +1 -1
- package/dist/browser/browser-adapter.d.mts +2 -2
- package/dist/browser/browser-adapter.d.ts +2 -2
- package/dist/cli/index.d.mts +2 -2
- package/dist/cli/index.d.ts +2 -2
- package/dist/cursor/cursor-adapter.d.mts +2 -2
- package/dist/cursor/cursor-adapter.d.ts +2 -2
- package/dist/cursor/extension.d.mts +2 -2
- package/dist/cursor/extension.d.ts +2 -2
- package/dist/cursor/extension.js +26 -4
- package/dist/cursor/extension.js.map +1 -1
- package/dist/cursor/extension.mjs +26 -4
- package/dist/cursor/extension.mjs.map +1 -1
- package/dist/{express-BNWqDVIz.d.mts → express-4Vau6x6X.d.mts} +1 -1
- package/dist/{express-BYup_4Jg.d.ts → express-Nq-wWICa.d.ts} +1 -1
- package/dist/gateway/gateway.d.mts +2 -2
- package/dist/gateway/gateway.d.ts +2 -2
- package/dist/gateway/gateway.js +26 -4
- package/dist/gateway/gateway.js.map +1 -1
- package/dist/gateway/gateway.mjs +26 -4
- package/dist/gateway/gateway.mjs.map +1 -1
- package/dist/git-trigger/git-hooks.d.mts +2 -2
- package/dist/git-trigger/git-hooks.d.ts +2 -2
- package/dist/{index-DN3ztP2d.d.ts → index-B-EovXnY.d.ts} +1 -1
- package/dist/{index-CSMpOcxV.d.ts → index-CxwCN7AC.d.ts} +1 -1
- package/dist/{index-CK4lNLVn.d.mts → index-DiToN8gh.d.mts} +1 -1
- package/dist/{index-BHXa2WTO.d.mts → index-DkyPV14Y.d.mts} +1 -1
- package/dist/index.d.mts +7 -7
- package/dist/index.d.ts +7 -7
- package/dist/index.js +51 -12
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +51 -12
- package/dist/index.mjs.map +1 -1
- package/dist/local-evaluator/evaluator.d.mts +2 -2
- package/dist/local-evaluator/evaluator.d.ts +2 -2
- package/dist/{nextjs-Bzdfu8Eg.d.mts → nextjs-BTR7Oix-.d.mts} +1 -1
- package/dist/{nextjs-C4h_MpgK.d.ts → nextjs-DO_4crcp.d.ts} +1 -1
- package/dist/{sdk-Tzsn6s-O.d.ts → sdk-DSLCyXIX.d.mts} +9 -2
- package/dist/{sdk-CDdD7EcJ.d.mts → sdk-TnHXD-Oh.d.ts} +9 -2
- package/dist/transport/index.d.mts +2 -2
- package/dist/transport/index.d.ts +2 -2
- package/dist/{types-D_tmbDA_.d.mts → types-BVp22KkN.d.mts} +27 -3
- package/dist/{types-D_tmbDA_.d.ts → types-BVp22KkN.d.ts} +27 -3
- package/dist/{types-Bzp1SMaD.d.ts → types-DVCWReEN.d.ts} +1 -1
- package/dist/{types-z-QVnG4b.d.mts → types-pU2O0BFq.d.mts} +1 -1
- package/dist/ui/index.d.mts +1 -1
- package/dist/ui/index.d.ts +1 -1
- package/dist/ui/index.js +3 -3
- package/dist/ui/index.js.map +1 -1
- package/dist/ui/index.mjs +3 -3
- package/dist/ui/index.mjs.map +1 -1
- package/package.json +1 -1
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { RequestHandler, Request } from 'express';
|
|
2
|
-
import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials } from './types-
|
|
2
|
+
import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials } from './types-BVp22KkN.mjs';
|
|
3
3
|
|
|
4
4
|
/**
|
|
5
5
|
* AstraSync Universal Verification Gateway - Express Middleware
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { RequestHandler, Request } from 'express';
|
|
2
|
-
import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials } from './types-
|
|
2
|
+
import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials } from './types-BVp22KkN.js';
|
|
3
3
|
|
|
4
4
|
/**
|
|
5
5
|
* AstraSync Universal Verification Gateway - Express Middleware
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-
|
|
2
|
-
import '../types-
|
|
1
|
+
import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-pU2O0BFq.mjs';
|
|
2
|
+
import '../types-BVp22KkN.mjs';
|
|
3
3
|
|
|
4
4
|
/**
|
|
5
5
|
* AstraSyncGateway — Primary API surface for agent verification.
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-
|
|
2
|
-
import '../types-
|
|
1
|
+
import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-DVCWReEN.js';
|
|
2
|
+
import '../types-BVp22KkN.js';
|
|
3
3
|
|
|
4
4
|
/**
|
|
5
5
|
* AstraSyncGateway — Primary API surface for agent verification.
|
package/dist/gateway/gateway.js
CHANGED
|
@@ -3041,7 +3041,7 @@ function verifyLocal(evaluator, context) {
|
|
|
3041
3041
|
// src/access-levels.ts
|
|
3042
3042
|
var ACCESS_LEVEL_HIERARCHY = {
|
|
3043
3043
|
none: 0,
|
|
3044
|
-
|
|
3044
|
+
restricted: 1,
|
|
3045
3045
|
"read-only": 2,
|
|
3046
3046
|
standard: 3,
|
|
3047
3047
|
full: 4,
|
|
@@ -3057,7 +3057,11 @@ function getTrustLevel(score) {
|
|
|
3057
3057
|
// src/verify.ts
|
|
3058
3058
|
var DEFAULT_CONFIG = {
|
|
3059
3059
|
apiBaseUrl: "https://astrasync.ai/api",
|
|
3060
|
-
|
|
3060
|
+
// v2.3.9 (defect #30): default for unconfigured callers is `'none'` (no
|
|
3061
|
+
// access). Pre-rename this defaulted to `'guidance'`, which combined with
|
|
3062
|
+
// a route gated at `'guidance'` to silently let unverified traffic
|
|
3063
|
+
// through (`hasMinimumAccess('guidance', 'guidance') === true`).
|
|
3064
|
+
defaultAccessLevel: "none",
|
|
3061
3065
|
// minTrustScore + minTrustScoreForFull deprecated in v2.3.0 — server decides.
|
|
3062
3066
|
cacheTtl: 300,
|
|
3063
3067
|
// 5 minutes
|
|
@@ -3122,7 +3126,12 @@ function createGuidanceResponse(config, reason) {
|
|
|
3122
3126
|
};
|
|
3123
3127
|
return {
|
|
3124
3128
|
verified: false,
|
|
3125
|
-
|
|
3129
|
+
// v2.3.9 (defect #30): denials grant `'none'`, NEVER a positive band.
|
|
3130
|
+
// Adapters additionally short-circuit on `verified === false` before
|
|
3131
|
+
// the gate check, but the access level still has to be honest at the
|
|
3132
|
+
// data layer so downstream consumers (SDK adapters in other languages,
|
|
3133
|
+
// custom integrations) inherit the correct semantics.
|
|
3134
|
+
accessLevel: "none",
|
|
3126
3135
|
guidance,
|
|
3127
3136
|
denialReasons: reason ? [reason] : ["No valid agent credentials provided"],
|
|
3128
3137
|
verifiedAt: /* @__PURE__ */ new Date()
|
|
@@ -3249,7 +3258,14 @@ async function verify(config, request) {
|
|
|
3249
3258
|
const aggregatedFailures = apiResponse.access?.failures;
|
|
3250
3259
|
const result2 = {
|
|
3251
3260
|
verified: false,
|
|
3252
|
-
|
|
3261
|
+
// v2.3.9 (defect #30): denials grant `'none'`, NEVER a positive band.
|
|
3262
|
+
// Pre-rename this hardcoded `'guidance'`, which conflated with the
|
|
3263
|
+
// colocated `guidance: {...}` help-payload object below and let
|
|
3264
|
+
// denied requests pass any route gated at `'guidance'` because
|
|
3265
|
+
// `hasMinimumAccess('guidance', 'guidance') === true`. Adapters now
|
|
3266
|
+
// ALSO short-circuit on `verified === false` before the gate check —
|
|
3267
|
+
// belt-and-braces.
|
|
3268
|
+
accessLevel: "none",
|
|
3253
3269
|
denialReasons: aggregatedFailures && aggregatedFailures.length > 0 ? aggregatedFailures.map((f) => f.message) : apiResponse.access?.reason ? [apiResponse.access.reason] : ["Access denied"],
|
|
3254
3270
|
failures: aggregatedFailures,
|
|
3255
3271
|
requiresStepUp: apiResponse.access?.requiresStepUp,
|
|
@@ -3262,6 +3278,9 @@ async function verify(config, request) {
|
|
|
3262
3278
|
verifiedAt: /* @__PURE__ */ new Date(),
|
|
3263
3279
|
// Extract sessionId so decisions can be recorded for denials too
|
|
3264
3280
|
sessionId: apiResponse.sessionId,
|
|
3281
|
+
// v2.3.10 (defect #34, round-4): anonymous traffic has no session →
|
|
3282
|
+
// correlationId is the linking key for paired local_override events.
|
|
3283
|
+
correlationId: apiResponse.correlationId,
|
|
3265
3284
|
recommendation: apiResponse.recommendation,
|
|
3266
3285
|
recommendationReasons: apiResponse.recommendationReasons
|
|
3267
3286
|
};
|
|
@@ -3302,6 +3321,9 @@ async function verify(config, request) {
|
|
|
3302
3321
|
cacheTtl: mergedConfig.cacheTtl,
|
|
3303
3322
|
// Handshake Protocol v10 enhanced fields (present when backend returns them)
|
|
3304
3323
|
sessionId: apiResponse.sessionId,
|
|
3324
|
+
// v2.3.10 (defect #34, round-4): anonymous responses surface correlationId
|
|
3325
|
+
// (no session row exists for unverified callers).
|
|
3326
|
+
correlationId: apiResponse.correlationId,
|
|
3305
3327
|
runtimeChallenge: apiResponse.runtimeChallenge,
|
|
3306
3328
|
tokenGuidance: apiResponse.tokenGuidance,
|
|
3307
3329
|
recommendation: apiResponse.recommendation,
|