npm - @astrasyncai/verification-gateway - Versions diffs - 2.3.8 → 2.3.10 - Mend

@astrasyncai/verification-gateway 2.3.8 → 2.3.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (84) hide show

package/README.md +93 -10
package/dist/adapter-interface/interface.d.mts +2 -2
package/dist/adapter-interface/interface.d.ts +2 -2
package/dist/adapters/express.d.mts +2 -2
package/dist/adapters/express.d.ts +2 -2
package/dist/adapters/express.js +45 -6
package/dist/adapters/express.js.map +1 -1
package/dist/adapters/express.mjs +45 -6
package/dist/adapters/express.mjs.map +1 -1
package/dist/adapters/mcp.d.mts +1 -1
package/dist/adapters/mcp.d.ts +1 -1
package/dist/adapters/mcp.js +93 -11
package/dist/adapters/mcp.js.map +1 -1
package/dist/adapters/mcp.mjs +93 -11
package/dist/adapters/mcp.mjs.map +1 -1
package/dist/adapters/nextjs.d.mts +2 -2
package/dist/adapters/nextjs.d.ts +2 -2
package/dist/adapters/nextjs.js +27 -5
package/dist/adapters/nextjs.js.map +1 -1
package/dist/adapters/nextjs.mjs +27 -5
package/dist/adapters/nextjs.mjs.map +1 -1
package/dist/adapters/sdk.d.mts +2 -2
package/dist/adapters/sdk.d.ts +2 -2
package/dist/adapters/sdk.js +27 -5
package/dist/adapters/sdk.js.map +1 -1
package/dist/adapters/sdk.mjs +27 -5
package/dist/adapters/sdk.mjs.map +1 -1
package/dist/agent/index.d.mts +2 -2
package/dist/agent/index.d.ts +2 -2
package/dist/browser/background.js +26 -4
package/dist/browser/background.js.map +1 -1
package/dist/browser/background.mjs +26 -4
package/dist/browser/background.mjs.map +1 -1
package/dist/browser/browser-adapter.d.mts +2 -2
package/dist/browser/browser-adapter.d.ts +2 -2
package/dist/cli/index.d.mts +2 -2
package/dist/cli/index.d.ts +2 -2
package/dist/cursor/cursor-adapter.d.mts +2 -2
package/dist/cursor/cursor-adapter.d.ts +2 -2
package/dist/cursor/extension.d.mts +2 -2
package/dist/cursor/extension.d.ts +2 -2
package/dist/cursor/extension.js +26 -4
package/dist/cursor/extension.js.map +1 -1
package/dist/cursor/extension.mjs +26 -4
package/dist/cursor/extension.mjs.map +1 -1
package/dist/{express-BNWqDVIz.d.mts → express-4Vau6x6X.d.mts} +1 -1
package/dist/{express-BYup_4Jg.d.ts → express-Nq-wWICa.d.ts} +1 -1
package/dist/gateway/gateway.d.mts +2 -2
package/dist/gateway/gateway.d.ts +2 -2
package/dist/gateway/gateway.js +26 -4
package/dist/gateway/gateway.js.map +1 -1
package/dist/gateway/gateway.mjs +26 -4
package/dist/gateway/gateway.mjs.map +1 -1
package/dist/git-trigger/git-hooks.d.mts +2 -2
package/dist/git-trigger/git-hooks.d.ts +2 -2
package/dist/{index-DN3ztP2d.d.ts → index-B-EovXnY.d.ts} +1 -1
package/dist/{index-CSMpOcxV.d.ts → index-CxwCN7AC.d.ts} +1 -1
package/dist/{index-CK4lNLVn.d.mts → index-DiToN8gh.d.mts} +1 -1
package/dist/{index-BHXa2WTO.d.mts → index-DkyPV14Y.d.mts} +1 -1
package/dist/index.d.mts +7 -7
package/dist/index.d.ts +7 -7
package/dist/index.js +51 -12
package/dist/index.js.map +1 -1
package/dist/index.mjs +51 -12
package/dist/index.mjs.map +1 -1
package/dist/local-evaluator/evaluator.d.mts +2 -2
package/dist/local-evaluator/evaluator.d.ts +2 -2
package/dist/{nextjs-Bzdfu8Eg.d.mts → nextjs-BTR7Oix-.d.mts} +1 -1
package/dist/{nextjs-C4h_MpgK.d.ts → nextjs-DO_4crcp.d.ts} +1 -1
package/dist/{sdk-Tzsn6s-O.d.ts → sdk-DSLCyXIX.d.mts} +9 -2
package/dist/{sdk-CDdD7EcJ.d.mts → sdk-TnHXD-Oh.d.ts} +9 -2
package/dist/transport/index.d.mts +2 -2
package/dist/transport/index.d.ts +2 -2
package/dist/{types-D_tmbDA_.d.mts → types-BVp22KkN.d.mts} +27 -3
package/dist/{types-D_tmbDA_.d.ts → types-BVp22KkN.d.ts} +27 -3
package/dist/{types-Bzp1SMaD.d.ts → types-DVCWReEN.d.ts} +1 -1
package/dist/{types-z-QVnG4b.d.mts → types-pU2O0BFq.d.mts} +1 -1
package/dist/ui/index.d.mts +1 -1
package/dist/ui/index.d.ts +1 -1
package/dist/ui/index.js +3 -3
package/dist/ui/index.js.map +1 -1
package/dist/ui/index.mjs +3 -3
package/dist/ui/index.mjs.map +1 -1
package/package.json +1 -1

package/dist/gateway/gateway.mjs CHANGED Viewed

@@ -3015,7 +3015,7 @@ function verifyLocal(evaluator, context) {
 // src/access-levels.ts
 var ACCESS_LEVEL_HIERARCHY = {
   none: 0,
-  guidance: 1,
+  restricted: 1,
   "read-only": 2,
   standard: 3,
   full: 4,
@@ -3031,7 +3031,11 @@ function getTrustLevel(score) {
 // src/verify.ts
 var DEFAULT_CONFIG = {
   apiBaseUrl: "https://astrasync.ai/api",
-  defaultAccessLevel: "guidance",
+  // v2.3.9 (defect #30): default for unconfigured callers is `'none'` (no
+  // access). Pre-rename this defaulted to `'guidance'`, which combined with
+  // a route gated at `'guidance'` to silently let unverified traffic
+  // through (`hasMinimumAccess('guidance', 'guidance') === true`).
+  defaultAccessLevel: "none",
   // minTrustScore + minTrustScoreForFull deprecated in v2.3.0 — server decides.
   cacheTtl: 300,
   // 5 minutes
@@ -3096,7 +3100,12 @@ function createGuidanceResponse(config, reason) {
   };
   return {
     verified: false,
-    accessLevel: "guidance",
+    // v2.3.9 (defect #30): denials grant `'none'`, NEVER a positive band.
+    // Adapters additionally short-circuit on `verified === false` before
+    // the gate check, but the access level still has to be honest at the
+    // data layer so downstream consumers (SDK adapters in other languages,
+    // custom integrations) inherit the correct semantics.
+    accessLevel: "none",
     guidance,
     denialReasons: reason ? [reason] : ["No valid agent credentials provided"],
     verifiedAt: /* @__PURE__ */ new Date()
@@ -3223,7 +3232,14 @@ async function verify(config, request) {
     const aggregatedFailures = apiResponse.access?.failures;
     const result2 = {
       verified: false,
-      accessLevel: "guidance",
+      // v2.3.9 (defect #30): denials grant `'none'`, NEVER a positive band.
+      // Pre-rename this hardcoded `'guidance'`, which conflated with the
+      // colocated `guidance: {...}` help-payload object below and let
+      // denied requests pass any route gated at `'guidance'` because
+      // `hasMinimumAccess('guidance', 'guidance') === true`. Adapters now
+      // ALSO short-circuit on `verified === false` before the gate check —
+      // belt-and-braces.
+      accessLevel: "none",
       denialReasons: aggregatedFailures && aggregatedFailures.length > 0 ? aggregatedFailures.map((f) => f.message) : apiResponse.access?.reason ? [apiResponse.access.reason] : ["Access denied"],
       failures: aggregatedFailures,
       requiresStepUp: apiResponse.access?.requiresStepUp,
@@ -3236,6 +3252,9 @@ async function verify(config, request) {
       verifiedAt: /* @__PURE__ */ new Date(),
       // Extract sessionId so decisions can be recorded for denials too
       sessionId: apiResponse.sessionId,
+      // v2.3.10 (defect #34, round-4): anonymous traffic has no session →
+      // correlationId is the linking key for paired local_override events.
+      correlationId: apiResponse.correlationId,
       recommendation: apiResponse.recommendation,
       recommendationReasons: apiResponse.recommendationReasons
     };
@@ -3276,6 +3295,9 @@ async function verify(config, request) {
     cacheTtl: mergedConfig.cacheTtl,
     // Handshake Protocol v10 enhanced fields (present when backend returns them)
     sessionId: apiResponse.sessionId,
+    // v2.3.10 (defect #34, round-4): anonymous responses surface correlationId
+    // (no session row exists for unverified callers).
+    correlationId: apiResponse.correlationId,
     runtimeChallenge: apiResponse.runtimeChallenge,
     tokenGuidance: apiResponse.tokenGuidance,
     recommendation: apiResponse.recommendation,