@astrasyncai/verification-gateway 2.3.8 → 2.3.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (84) hide show
  1. package/README.md +93 -10
  2. package/dist/adapter-interface/interface.d.mts +2 -2
  3. package/dist/adapter-interface/interface.d.ts +2 -2
  4. package/dist/adapters/express.d.mts +2 -2
  5. package/dist/adapters/express.d.ts +2 -2
  6. package/dist/adapters/express.js +39 -6
  7. package/dist/adapters/express.js.map +1 -1
  8. package/dist/adapters/express.mjs +39 -6
  9. package/dist/adapters/express.mjs.map +1 -1
  10. package/dist/adapters/mcp.d.mts +1 -1
  11. package/dist/adapters/mcp.d.ts +1 -1
  12. package/dist/adapters/mcp.js +53 -11
  13. package/dist/adapters/mcp.js.map +1 -1
  14. package/dist/adapters/mcp.mjs +53 -11
  15. package/dist/adapters/mcp.mjs.map +1 -1
  16. package/dist/adapters/nextjs.d.mts +2 -2
  17. package/dist/adapters/nextjs.d.ts +2 -2
  18. package/dist/adapters/nextjs.js +21 -5
  19. package/dist/adapters/nextjs.js.map +1 -1
  20. package/dist/adapters/nextjs.mjs +21 -5
  21. package/dist/adapters/nextjs.mjs.map +1 -1
  22. package/dist/adapters/sdk.d.mts +2 -2
  23. package/dist/adapters/sdk.d.ts +2 -2
  24. package/dist/adapters/sdk.js +21 -5
  25. package/dist/adapters/sdk.js.map +1 -1
  26. package/dist/adapters/sdk.mjs +21 -5
  27. package/dist/adapters/sdk.mjs.map +1 -1
  28. package/dist/agent/index.d.mts +2 -2
  29. package/dist/agent/index.d.ts +2 -2
  30. package/dist/browser/background.js +20 -4
  31. package/dist/browser/background.js.map +1 -1
  32. package/dist/browser/background.mjs +20 -4
  33. package/dist/browser/background.mjs.map +1 -1
  34. package/dist/browser/browser-adapter.d.mts +2 -2
  35. package/dist/browser/browser-adapter.d.ts +2 -2
  36. package/dist/cli/index.d.mts +2 -2
  37. package/dist/cli/index.d.ts +2 -2
  38. package/dist/cursor/cursor-adapter.d.mts +2 -2
  39. package/dist/cursor/cursor-adapter.d.ts +2 -2
  40. package/dist/cursor/extension.d.mts +2 -2
  41. package/dist/cursor/extension.d.ts +2 -2
  42. package/dist/cursor/extension.js +20 -4
  43. package/dist/cursor/extension.js.map +1 -1
  44. package/dist/cursor/extension.mjs +20 -4
  45. package/dist/cursor/extension.mjs.map +1 -1
  46. package/dist/{express-BNWqDVIz.d.mts → express-BiB51d5t.d.mts} +1 -1
  47. package/dist/{express-BYup_4Jg.d.ts → express-D6tEDU08.d.ts} +1 -1
  48. package/dist/gateway/gateway.d.mts +2 -2
  49. package/dist/gateway/gateway.d.ts +2 -2
  50. package/dist/gateway/gateway.js +20 -4
  51. package/dist/gateway/gateway.js.map +1 -1
  52. package/dist/gateway/gateway.mjs +20 -4
  53. package/dist/gateway/gateway.mjs.map +1 -1
  54. package/dist/git-trigger/git-hooks.d.mts +2 -2
  55. package/dist/git-trigger/git-hooks.d.ts +2 -2
  56. package/dist/{index-DN3ztP2d.d.ts → index-8DFMpITk.d.ts} +1 -1
  57. package/dist/{index-BHXa2WTO.d.mts → index-B--6fiDp.d.mts} +1 -1
  58. package/dist/{index-CK4lNLVn.d.mts → index-CAykfMWK.d.mts} +1 -1
  59. package/dist/{index-CSMpOcxV.d.ts → index-Yt02MRyu.d.ts} +1 -1
  60. package/dist/index.d.mts +7 -7
  61. package/dist/index.d.ts +7 -7
  62. package/dist/index.js +45 -12
  63. package/dist/index.js.map +1 -1
  64. package/dist/index.mjs +45 -12
  65. package/dist/index.mjs.map +1 -1
  66. package/dist/local-evaluator/evaluator.d.mts +2 -2
  67. package/dist/local-evaluator/evaluator.d.ts +2 -2
  68. package/dist/{nextjs-C4h_MpgK.d.ts → nextjs-CK5F_tVZ.d.ts} +1 -1
  69. package/dist/{nextjs-Bzdfu8Eg.d.mts → nextjs-CpxqfQqD.d.mts} +1 -1
  70. package/dist/{sdk-CDdD7EcJ.d.mts → sdk-BMvauMgP.d.ts} +9 -2
  71. package/dist/{sdk-Tzsn6s-O.d.ts → sdk-yJjO7yzn.d.mts} +9 -2
  72. package/dist/transport/index.d.mts +2 -2
  73. package/dist/transport/index.d.ts +2 -2
  74. package/dist/{types-z-QVnG4b.d.mts → types-CKafuHDn.d.mts} +1 -1
  75. package/dist/{types-D_tmbDA_.d.mts → types-UYT4GdPW.d.mts} +15 -3
  76. package/dist/{types-D_tmbDA_.d.ts → types-UYT4GdPW.d.ts} +15 -3
  77. package/dist/{types-Bzp1SMaD.d.ts → types-ppkhdldJ.d.ts} +1 -1
  78. package/dist/ui/index.d.mts +1 -1
  79. package/dist/ui/index.d.ts +1 -1
  80. package/dist/ui/index.js +3 -3
  81. package/dist/ui/index.js.map +1 -1
  82. package/dist/ui/index.mjs +3 -3
  83. package/dist/ui/index.mjs.map +1 -1
  84. package/package.json +1 -1
package/dist/{express-BNWqDVIz.d.mts → express-BiB51d5t.d.mts} RENAMED
@@ -1,5 +1,5 @@
1
1
  import { RequestHandler, Request } from 'express';
2
- import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials } from './types-D_tmbDA_.mjs';
2
+ import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials } from './types-UYT4GdPW.mjs';
3
3
 
4
4
  /**
5
5
  * AstraSync Universal Verification Gateway - Express Middleware
package/dist/{express-BYup_4Jg.d.ts → express-D6tEDU08.d.ts} RENAMED
@@ -1,5 +1,5 @@
1
1
  import { RequestHandler, Request } from 'express';
2
- import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials } from './types-D_tmbDA_.js';
2
+ import { V as VerificationResult, E as ExpressMiddlewareOptions, A as AstraSyncCredentials } from './types-UYT4GdPW.js';
3
3
 
4
4
  /**
5
5
  * AstraSync Universal Verification Gateway - Express Middleware
package/dist/gateway/gateway.d.mts CHANGED
@@ -1,5 +1,5 @@
1
- import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-z-QVnG4b.mjs';
2
- import '../types-D_tmbDA_.mjs';
1
+ import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-CKafuHDn.mjs';
2
+ import '../types-UYT4GdPW.mjs';
3
3
 
4
4
  /**
5
5
  * AstraSyncGateway — Primary API surface for agent verification.
package/dist/gateway/gateway.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-Bzp1SMaD.js';
2
- import '../types-D_tmbDA_.js';
1
+ import { b as AstraSyncGatewayConfig, P as PDLSSContext, V as VerificationDecision } from '../types-ppkhdldJ.js';
2
+ import '../types-UYT4GdPW.js';
3
3
 
4
4
  /**
5
5
  * AstraSyncGateway — Primary API surface for agent verification.
package/dist/gateway/gateway.js CHANGED
@@ -3041,7 +3041,7 @@ function verifyLocal(evaluator, context) {
3041
3041
  // src/access-levels.ts
3042
3042
  var ACCESS_LEVEL_HIERARCHY = {
3043
3043
  none: 0,
3044
- guidance: 1,
3044
+ restricted: 1,
3045
3045
  "read-only": 2,
3046
3046
  standard: 3,
3047
3047
  full: 4,
@@ -3057,7 +3057,11 @@ function getTrustLevel(score) {
3057
3057
  // src/verify.ts
3058
3058
  var DEFAULT_CONFIG = {
3059
3059
  apiBaseUrl: "https://astrasync.ai/api",
3060
- defaultAccessLevel: "guidance",
3060
+ // v2.3.9 (defect #30): default for unconfigured callers is `'none'` (no
3061
+ // access). Pre-rename this defaulted to `'guidance'`, which combined with
3062
+ // a route gated at `'guidance'` to silently let unverified traffic
3063
+ // through (`hasMinimumAccess('guidance', 'guidance') === true`).
3064
+ defaultAccessLevel: "none",
3061
3065
  // minTrustScore + minTrustScoreForFull deprecated in v2.3.0 — server decides.
3062
3066
  cacheTtl: 300,
3063
3067
  // 5 minutes
@@ -3122,7 +3126,12 @@ function createGuidanceResponse(config, reason) {
3122
3126
  };
3123
3127
  return {
3124
3128
  verified: false,
3125
- accessLevel: "guidance",
3129
+ // v2.3.9 (defect #30): denials grant `'none'`, NEVER a positive band.
3130
+ // Adapters additionally short-circuit on `verified === false` before
3131
+ // the gate check, but the access level still has to be honest at the
3132
+ // data layer so downstream consumers (SDK adapters in other languages,
3133
+ // custom integrations) inherit the correct semantics.
3134
+ accessLevel: "none",
3126
3135
  guidance,
3127
3136
  denialReasons: reason ? [reason] : ["No valid agent credentials provided"],
3128
3137
  verifiedAt: /* @__PURE__ */ new Date()
@@ -3249,7 +3258,14 @@ async function verify(config, request) {
3249
3258
  const aggregatedFailures = apiResponse.access?.failures;
3250
3259
  const result2 = {
3251
3260
  verified: false,
3252
- accessLevel: "guidance",
3261
+ // v2.3.9 (defect #30): denials grant `'none'`, NEVER a positive band.
3262
+ // Pre-rename this hardcoded `'guidance'`, which conflated with the
3263
+ // colocated `guidance: {...}` help-payload object below and let
3264
+ // denied requests pass any route gated at `'guidance'` because
3265
+ // `hasMinimumAccess('guidance', 'guidance') === true`. Adapters now
3266
+ // ALSO short-circuit on `verified === false` before the gate check —
3267
+ // belt-and-braces.
3268
+ accessLevel: "none",
3253
3269
  denialReasons: aggregatedFailures && aggregatedFailures.length > 0 ? aggregatedFailures.map((f) => f.message) : apiResponse.access?.reason ? [apiResponse.access.reason] : ["Access denied"],
3254
3270
  failures: aggregatedFailures,
3255
3271
  requiresStepUp: apiResponse.access?.requiresStepUp,