@astrasyncai/verification-gateway 2.3.9 → 2.4.0

package/dist/registration/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/registration/index.ts","../../src/registration/errors.ts","../../src/registration/api.ts"],"sourcesContent":["export { AstraSync } from './api';\nexport { AstraSyncError, KYDRequiredError, AuthenticationError } from './errors';\nexport type {\n  AstraSyncConfig,\n  RegisterOptions,\n  RegistrationResponse,\n  AgentRecord,\n  VerifyResponse,\n  HealthResponse,\n  PDLSSConfig,\n  PDLSSPurpose,\n  PDLSSDuration,\n  PDLSSLimits,\n  PDLSSScope,\n  PDLSSSelfInstantiation,\n  ModelConfig,\n  FrameworkConfig,\n  AgentProtocol,\n} from './types';\n","import type { ApiErrorResponse } from './types';\n\n/** Base error class for AstraSync SDK errors. */\nexport class AstraSyncError extends Error {\n  public readonly code?: string;\n  public readonly statusCode: number;\n\n  constructor(message: string, statusCode: number, code?: string) {\n    super(message);\n    this.name = 'AstraSyncError';\n    this.statusCode = statusCode;\n    this.code = code;\n  }\n}\n\n/** Thrown when KYD verification is required before agent registration. */\nexport class KYDRequiredError extends AstraSyncError {\n  public readonly kydUrl: string;\n  public readonly ownerNotified: boolean;\n\n  constructor(response: ApiErrorResponse) {\n    const kydUrl = response.kydUrl || 'https://astrasync.ai/developer-profile';\n    super(\n      `KYD verification required before registering agents.\\nComplete your KYD profile at: ${kydUrl}`,\n      403,\n      'KYD_REQUIRED'\n    );\n    this.name = 'KYDRequiredError';\n    this.kydUrl = kydUrl;\n    this.ownerNotified = response.ownerNotified || false;\n  }\n}\n\n/** Thrown when authentication fails. */\nexport class AuthenticationError extends AstraSyncError {\n  constructor(message: string) {\n    super(message, 401, 'AUTH_FAILED');\n    this.name = 'AuthenticationError';\n  }\n}\n","import type {\n  AstraSyncConfig,\n  RegisterOptions,\n  RegistrationResponse,\n  VerifyResponse,\n  HealthResponse,\n  ApiErrorResponse,\n} from './types';\nimport { AstraSyncError, KYDRequiredError, AuthenticationError } from './errors';\n\nconst DEFAULT_BASE_URL = 'https://astrasync.ai';\n\n/**\n * AstraSync SDK client for registering and managing AI agents.\n *\n * @example\n * ```typescript\n * const client = new AstraSync({ apiKey: 'kya_your_api_key' });\n * const result = await client.register({\n *   name: 'My Agent',\n *   model: { modelName: 'gpt-4o', modelProvider: 'openai', modelType: 'llm' },\n * });\n * ```\n *\n * For staging, pass `baseUrl: 'https://staging.astrasync.ai'`.\n */\nexport class AstraSync {\n  private readonly baseUrl: string;\n  private readonly apiKey?: string;\n  private readonly email?: string;\n  private readonly password?: string;\n  private readonly privateKey?: string;\n  private cachedJwt?: string;\n  private jwtExpiresAt?: number;\n\n  constructor(config: AstraSyncConfig = {}) {\n    this.baseUrl = (config.baseUrl || process.env.ASTRASYNC_API_URL || DEFAULT_BASE_URL).replace(\n      /\\/+$/,\n      ''\n    );\n\n    this.apiKey = config.apiKey || process.env.ASTRASYNC_API_KEY;\n    this.email = config.email;\n    this.password = config.password;\n    this.privateKey = config.privateKey;\n\n    if (!this.apiKey && !this.email) {\n      throw new AuthenticationError(\n        'Authentication required. Provide apiKey, or email+password. ' +\n          'Set ASTRASYNC_API_KEY env var or pass config to constructor.'\n      );\n    }\n\n    if (this.email && !this.password) {\n      throw new AuthenticationError('Password is required when using email authentication.');\n    }\n  }\n\n  /**\n   * Register a new AI agent on the AstraSync KYA Platform.\n   * Sends full payload including model, framework, PDLSS, and metadata.\n   */\n  async register(options: RegisterOptions): Promise<RegistrationResponse> {\n    const body: Record<string, unknown> = {\n      name: options.name,\n      ...(options.description && { description: options.description }),\n      ...(options.agentType && { agentType: options.agentType }),\n      ...(options.apiEndpoint && { apiEndpoint: options.apiEndpoint }),\n      ...(options.model && { model: options.model }),\n      ...(options.framework && { framework: options.framework }),\n      ...(options.protocols && { protocols: options.protocols }),\n      ...(options.metadata && { metadata: options.metadata }),\n      ...(options.pdlss && { pdlss: options.pdlss }),\n    };\n\n    return this.request<RegistrationResponse>('POST', '/api/agents/register', body);\n  }\n\n  /**\n   * Look up an agent's public profile by ASTRA ID or UUID.\n   */\n  async verify(agentId: string): Promise<VerifyResponse> {\n    return this.request<VerifyResponse>('GET', `/api/agents/verify/${agentId}`);\n  }\n\n  /**\n   * Check API health.\n   */\n  async health(): Promise<HealthResponse> {\n    const res = await fetch(`${this.baseUrl}/api/health/`);\n    if (!res.ok) {\n      throw new AstraSyncError(`Health check failed: ${res.status}`, res.status);\n    }\n    return res.json() as Promise<HealthResponse>;\n  }\n\n  // ── Private helpers ──────────────────────────────────────────────\n\n  private async request<T>(method: string, endpoint: string, body?: unknown): Promise<T> {\n    const url = `${this.baseUrl}${endpoint}`;\n    const headers: Record<string, string> = {\n      'Content-Type': 'application/json',\n    };\n\n    // Set auth header\n    const token = await this.getAuthToken();\n    headers['Authorization'] = `Bearer ${token}`;\n\n    // Sign request if private key is configured\n    if (this.privateKey) {\n      const signature = await this.signRequest(method, endpoint, body || {});\n      headers['X-AstraSync-Signature'] = signature;\n    }\n\n    const res = await fetch(url, {\n      method,\n      headers,\n      ...(body ? { body: JSON.stringify(body) } : {}),\n    });\n\n    if (!res.ok) {\n      const errorBody = (await res\n        .json()\n        .catch(() => ({ error: res.statusText }))) as ApiErrorResponse;\n\n      // Handle KYD_REQUIRED specifically\n      if (res.status === 403 && errorBody.code === 'KYD_REQUIRED') {\n        throw new KYDRequiredError(errorBody);\n      }\n\n      throw new AstraSyncError(\n        errorBody.error || `Request failed: ${res.status}`,\n        res.status,\n        errorBody.code\n      );\n    }\n\n    return res.json() as Promise<T>;\n  }\n\n  private async getAuthToken(): Promise<string> {\n    // API key auth — use directly\n    if (this.apiKey) {\n      return this.apiKey;\n    }\n\n    // Email+password — login and cache JWT\n    if (this.cachedJwt && this.jwtExpiresAt && Date.now() < this.jwtExpiresAt) {\n      return this.cachedJwt;\n    }\n\n    const res = await fetch(`${this.baseUrl}/api/auth/login`, {\n      method: 'POST',\n      headers: { 'Content-Type': 'application/json' },\n      body: JSON.stringify({ email: this.email, password: this.password }),\n    });\n\n    if (!res.ok) {\n      const errorBody = (await res.json().catch(() => ({}))) as Record<string, unknown>;\n      throw new AuthenticationError(\n        (errorBody.message as string) || (errorBody.error as string) || 'Login failed'\n      );\n    }\n\n    const data = (await res.json()) as { data: { token: string } };\n    this.cachedJwt = data.data.token;\n    // Cache for 6 days (tokens expire in 7)\n    this.jwtExpiresAt = Date.now() + 6 * 24 * 60 * 60 * 1000;\n\n    return this.cachedJwt;\n  }\n\n  /**\n   * Sign a request using secp256k1 (ethers.js).\n   * Canonical message format: METHOD:ENDPOINT:SORTED_JSON_BODY\n   * Must match apps/backend/src/services/signature-verify.service.ts exactly.\n   */\n  private async signRequest(method: string, endpoint: string, body: unknown): Promise<string> {\n    const { Wallet } = await import('ethers');\n    const sorted = this.sortObjectKeys(body);\n    const canonical = `${method}:${endpoint}:${JSON.stringify(sorted)}`;\n    const wallet = new Wallet(this.privateKey!);\n    return wallet.signMessage(canonical);\n  }\n\n  /** Recursively sort object keys for canonical JSON representation. */\n  private sortObjectKeys(obj: unknown): unknown {\n    if (obj === null || typeof obj !== 'object') {\n      return obj;\n    }\n    if (Array.isArray(obj)) {\n      return obj.map((item) => this.sortObjectKeys(item));\n    }\n    const sorted: Record<string, unknown> = {};\n    for (const key of Object.keys(obj).sort()) {\n      sorted[key] = this.sortObjectKeys((obj as Record<string, unknown>)[key]);\n    }\n    return sorted;\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACGO,IAAM,iBAAN,cAA6B,MAAM;AAAA,EAIxC,YAAY,SAAiB,YAAoB,MAAe;AAC9D,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,OAAO;AAAA,EACd;AACF;AAGO,IAAM,mBAAN,cAA+B,eAAe;AAAA,EAInD,YAAY,UAA4B;AACtC,UAAM,SAAS,SAAS,UAAU;AAClC;AAAA,MACE;AAAA,gCAAuF,MAAM;AAAA,MAC7F;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,gBAAgB,SAAS,iBAAiB;AAAA,EACjD;AACF;AAGO,IAAM,sBAAN,cAAkC,eAAe;AAAA,EACtD,YAAY,SAAiB;AAC3B,UAAM,SAAS,KAAK,aAAa;AACjC,SAAK,OAAO;AAAA,EACd;AACF;;;AC7BA,IAAM,mBAAmB;AAgBlB,IAAM,YAAN,MAAgB;AAAA,EASrB,YAAY,SAA0B,CAAC,GAAG;AACxC,SAAK,WAAW,OAAO,WAAW,QAAQ,IAAI,qBAAqB,kBAAkB;AAAA,MACnF;AAAA,MACA;AAAA,IACF;AAEA,SAAK,SAAS,OAAO,UAAU,QAAQ,IAAI;AAC3C,SAAK,QAAQ,OAAO;AACpB,SAAK,WAAW,OAAO;AACvB,SAAK,aAAa,OAAO;AAEzB,QAAI,CAAC,KAAK,UAAU,CAAC,KAAK,OAAO;AAC/B,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAEA,QAAI,KAAK,SAAS,CAAC,KAAK,UAAU;AAChC,YAAM,IAAI,oBAAoB,uDAAuD;AAAA,IACvF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,SAAS,SAAyD;AACtE,UAAM,OAAgC;AAAA,MACpC,MAAM,QAAQ;AAAA,MACd,GAAI,QAAQ,eAAe,EAAE,aAAa,QAAQ,YAAY;AAAA,MAC9D,GAAI,QAAQ,aAAa,EAAE,WAAW,QAAQ,UAAU;AAAA,MACxD,GAAI,QAAQ,eAAe,EAAE,aAAa,QAAQ,YAAY;AAAA,MAC9D,GAAI,QAAQ,SAAS,EAAE,OAAO,QAAQ,MAAM;AAAA,MAC5C,GAAI,QAAQ,aAAa,EAAE,WAAW,QAAQ,UAAU;AAAA,MACxD,GAAI,QAAQ,aAAa,EAAE,WAAW,QAAQ,UAAU;AAAA,MACxD,GAAI,QAAQ,YAAY,EAAE,UAAU,QAAQ,SAAS;AAAA,MACrD,GAAI,QAAQ,SAAS,EAAE,OAAO,QAAQ,MAAM;AAAA,IAC9C;AAEA,WAAO,KAAK,QAA8B,QAAQ,wBAAwB,IAAI;AAAA,EAChF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAO,SAA0C;AACrD,WAAO,KAAK,QAAwB,OAAO,sBAAsB,OAAO,EAAE;AAAA,EAC5E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAkC;AACtC,UAAM,MAAM,MAAM,MAAM,GAAG,KAAK,OAAO,cAAc;AACrD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI,eAAe,wBAAwB,IAAI,MAAM,IAAI,IAAI,MAAM;AAAA,IAC3E;AACA,WAAO,IAAI,KAAK;AAAA,EAClB;AAAA;AAAA,EAIA,MAAc,QAAW,QAAgB,UAAkB,MAA4B;AACrF,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,QAAQ;AACtC,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,IAClB;AAGA,UAAM,QAAQ,MAAM,KAAK,aAAa;AACtC,YAAQ,eAAe,IAAI,UAAU,KAAK;AAG1C,QAAI,KAAK,YAAY;AACnB,YAAM,YAAY,MAAM,KAAK,YAAY,QAAQ,UAAU,QAAQ,CAAC,CAAC;AACrE,cAAQ,uBAAuB,IAAI;AAAA,IACrC;AAEA,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B;AAAA,MACA;AAAA,MACA,GAAI,OAAO,EAAE,MAAM,KAAK,UAAU,IAAI,EAAE,IAAI,CAAC;AAAA,IAC/C,CAAC;AAED,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,YAAa,MAAM,IACtB,KAAK,EACL,MAAM,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE;AAG1C,UAAI,IAAI,WAAW,OAAO,UAAU,SAAS,gBAAgB;AAC3D,cAAM,IAAI,iBAAiB,SAAS;AAAA,MACtC;AAEA,YAAM,IAAI;AAAA,QACR,UAAU,SAAS,mBAAmB,IAAI,MAAM;AAAA,QAChD,IAAI;AAAA,QACJ,UAAU;AAAA,MACZ;AAAA,IACF;AAEA,WAAO,IAAI,KAAK;AAAA,EAClB;AAAA,EAEA,MAAc,eAAgC;AAE5C,QAAI,KAAK,QAAQ;AACf,aAAO,KAAK;AAAA,IACd;AAGA,QAAI,KAAK,aAAa,KAAK,gBAAgB,KAAK,IAAI,IAAI,KAAK,cAAc;AACzE,aAAO,KAAK;AAAA,IACd;AAEA,UAAM,MAAM,MAAM,MAAM,GAAG,KAAK,OAAO,mBAAmB;AAAA,MACxD,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU,EAAE,OAAO,KAAK,OAAO,UAAU,KAAK,SAAS,CAAC;AAAA,IACrE,CAAC;AAED,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,YAAa,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACpD,YAAM,IAAI;AAAA,QACP,UAAU,WAAuB,UAAU,SAAoB;AAAA,MAClE;AAAA,IACF;AAEA,UAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,SAAK,YAAY,KAAK,KAAK;AAE3B,SAAK,eAAe,KAAK,IAAI,IAAI,IAAI,KAAK,KAAK,KAAK;AAEpD,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,YAAY,QAAgB,UAAkB,MAAgC;AAC1F,UAAM,EAAE,OAAO,IAAI,MAAM,OAAO,QAAQ;AACxC,UAAM,SAAS,KAAK,eAAe,IAAI;AACvC,UAAM,YAAY,GAAG,MAAM,IAAI,QAAQ,IAAI,KAAK,UAAU,MAAM,CAAC;AACjE,UAAM,SAAS,IAAI,OAAO,KAAK,UAAW;AAC1C,WAAO,OAAO,YAAY,SAAS;AAAA,EACrC;AAAA;AAAA,EAGQ,eAAe,KAAuB;AAC5C,QAAI,QAAQ,QAAQ,OAAO,QAAQ,UAAU;AAC3C,aAAO;AAAA,IACT;AACA,QAAI,MAAM,QAAQ,GAAG,GAAG;AACtB,aAAO,IAAI,IAAI,CAAC,SAAS,KAAK,eAAe,IAAI,CAAC;AAAA,IACpD;AACA,UAAM,SAAkC,CAAC;AACzC,eAAW,OAAO,OAAO,KAAK,GAAG,EAAE,KAAK,GAAG;AACzC,aAAO,GAAG,IAAI,KAAK,eAAgB,IAAgC,GAAG,CAAC;AAAA,IACzE;AACA,WAAO;AAAA,EACT;AACF;","names":[]}

package/dist/registration/index.mjs

@@ -0,0 +1,172 @@
+// src/registration/errors.ts
+var AstraSyncError = class extends Error {
+  constructor(message, statusCode, code) {
+    super(message);
+    this.name = "AstraSyncError";
+    this.statusCode = statusCode;
+    this.code = code;
+  }
+};
+var KYDRequiredError = class extends AstraSyncError {
+  constructor(response) {
+    const kydUrl = response.kydUrl || "https://astrasync.ai/developer-profile";
+    super(
+      `KYD verification required before registering agents.
+Complete your KYD profile at: ${kydUrl}`,
+      403,
+      "KYD_REQUIRED"
+    );
+    this.name = "KYDRequiredError";
+    this.kydUrl = kydUrl;
+    this.ownerNotified = response.ownerNotified || false;
+  }
+};
+var AuthenticationError = class extends AstraSyncError {
+  constructor(message) {
+    super(message, 401, "AUTH_FAILED");
+    this.name = "AuthenticationError";
+  }
+};
+
+// src/registration/api.ts
+var DEFAULT_BASE_URL = "https://astrasync.ai";
+var AstraSync = class {
+  constructor(config = {}) {
+    this.baseUrl = (config.baseUrl || process.env.ASTRASYNC_API_URL || DEFAULT_BASE_URL).replace(
+      /\/+$/,
+      ""
+    );
+    this.apiKey = config.apiKey || process.env.ASTRASYNC_API_KEY;
+    this.email = config.email;
+    this.password = config.password;
+    this.privateKey = config.privateKey;
+    if (!this.apiKey && !this.email) {
+      throw new AuthenticationError(
+        "Authentication required. Provide apiKey, or email+password. Set ASTRASYNC_API_KEY env var or pass config to constructor."
+      );
+    }
+    if (this.email && !this.password) {
+      throw new AuthenticationError("Password is required when using email authentication.");
+    }
+  }
+  /**
+   * Register a new AI agent on the AstraSync KYA Platform.
+   * Sends full payload including model, framework, PDLSS, and metadata.
+   */
+  async register(options) {
+    const body = {
+      name: options.name,
+      ...options.description && { description: options.description },
+      ...options.agentType && { agentType: options.agentType },
+      ...options.apiEndpoint && { apiEndpoint: options.apiEndpoint },
+      ...options.model && { model: options.model },
+      ...options.framework && { framework: options.framework },
+      ...options.protocols && { protocols: options.protocols },
+      ...options.metadata && { metadata: options.metadata },
+      ...options.pdlss && { pdlss: options.pdlss }
+    };
+    return this.request("POST", "/api/agents/register", body);
+  }
+  /**
+   * Look up an agent's public profile by ASTRA ID or UUID.
+   */
+  async verify(agentId) {
+    return this.request("GET", `/api/agents/verify/${agentId}`);
+  }
+  /**
+   * Check API health.
+   */
+  async health() {
+    const res = await fetch(`${this.baseUrl}/api/health/`);
+    if (!res.ok) {
+      throw new AstraSyncError(`Health check failed: ${res.status}`, res.status);
+    }
+    return res.json();
+  }
+  // ── Private helpers ──────────────────────────────────────────────
+  async request(method, endpoint, body) {
+    const url = `${this.baseUrl}${endpoint}`;
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    const token = await this.getAuthToken();
+    headers["Authorization"] = `Bearer ${token}`;
+    if (this.privateKey) {
+      const signature = await this.signRequest(method, endpoint, body || {});
+      headers["X-AstraSync-Signature"] = signature;
+    }
+    const res = await fetch(url, {
+      method,
+      headers,
+      ...body ? { body: JSON.stringify(body) } : {}
+    });
+    if (!res.ok) {
+      const errorBody = await res.json().catch(() => ({ error: res.statusText }));
+      if (res.status === 403 && errorBody.code === "KYD_REQUIRED") {
+        throw new KYDRequiredError(errorBody);
+      }
+      throw new AstraSyncError(
+        errorBody.error || `Request failed: ${res.status}`,
+        res.status,
+        errorBody.code
+      );
+    }
+    return res.json();
+  }
+  async getAuthToken() {
+    if (this.apiKey) {
+      return this.apiKey;
+    }
+    if (this.cachedJwt && this.jwtExpiresAt && Date.now() < this.jwtExpiresAt) {
+      return this.cachedJwt;
+    }
+    const res = await fetch(`${this.baseUrl}/api/auth/login`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ email: this.email, password: this.password })
+    });
+    if (!res.ok) {
+      const errorBody = await res.json().catch(() => ({}));
+      throw new AuthenticationError(
+        errorBody.message || errorBody.error || "Login failed"
+      );
+    }
+    const data = await res.json();
+    this.cachedJwt = data.data.token;
+    this.jwtExpiresAt = Date.now() + 6 * 24 * 60 * 60 * 1e3;
+    return this.cachedJwt;
+  }
+  /**
+   * Sign a request using secp256k1 (ethers.js).
+   * Canonical message format: METHOD:ENDPOINT:SORTED_JSON_BODY
+   * Must match apps/backend/src/services/signature-verify.service.ts exactly.
+   */
+  async signRequest(method, endpoint, body) {
+    const { Wallet } = await import("ethers");
+    const sorted = this.sortObjectKeys(body);
+    const canonical = `${method}:${endpoint}:${JSON.stringify(sorted)}`;
+    const wallet = new Wallet(this.privateKey);
+    return wallet.signMessage(canonical);
+  }
+  /** Recursively sort object keys for canonical JSON representation. */
+  sortObjectKeys(obj) {
+    if (obj === null || typeof obj !== "object") {
+      return obj;
+    }
+    if (Array.isArray(obj)) {
+      return obj.map((item) => this.sortObjectKeys(item));
+    }
+    const sorted = {};
+    for (const key of Object.keys(obj).sort()) {
+      sorted[key] = this.sortObjectKeys(obj[key]);
+    }
+    return sorted;
+  }
+};
+export {
+  AstraSync,
+  AstraSyncError,
+  AuthenticationError,
+  KYDRequiredError
+};
+//# sourceMappingURL=index.mjs.map

package/dist/registration/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/registration/errors.ts","../../src/registration/api.ts"],"sourcesContent":["import type { ApiErrorResponse } from './types';\n\n/** Base error class for AstraSync SDK errors. */\nexport class AstraSyncError extends Error {\n  public readonly code?: string;\n  public readonly statusCode: number;\n\n  constructor(message: string, statusCode: number, code?: string) {\n    super(message);\n    this.name = 'AstraSyncError';\n    this.statusCode = statusCode;\n    this.code = code;\n  }\n}\n\n/** Thrown when KYD verification is required before agent registration. */\nexport class KYDRequiredError extends AstraSyncError {\n  public readonly kydUrl: string;\n  public readonly ownerNotified: boolean;\n\n  constructor(response: ApiErrorResponse) {\n    const kydUrl = response.kydUrl || 'https://astrasync.ai/developer-profile';\n    super(\n      `KYD verification required before registering agents.\\nComplete your KYD profile at: ${kydUrl}`,\n      403,\n      'KYD_REQUIRED'\n    );\n    this.name = 'KYDRequiredError';\n    this.kydUrl = kydUrl;\n    this.ownerNotified = response.ownerNotified || false;\n  }\n}\n\n/** Thrown when authentication fails. */\nexport class AuthenticationError extends AstraSyncError {\n  constructor(message: string) {\n    super(message, 401, 'AUTH_FAILED');\n    this.name = 'AuthenticationError';\n  }\n}\n","import type {\n  AstraSyncConfig,\n  RegisterOptions,\n  RegistrationResponse,\n  VerifyResponse,\n  HealthResponse,\n  ApiErrorResponse,\n} from './types';\nimport { AstraSyncError, KYDRequiredError, AuthenticationError } from './errors';\n\nconst DEFAULT_BASE_URL = 'https://astrasync.ai';\n\n/**\n * AstraSync SDK client for registering and managing AI agents.\n *\n * @example\n * ```typescript\n * const client = new AstraSync({ apiKey: 'kya_your_api_key' });\n * const result = await client.register({\n *   name: 'My Agent',\n *   model: { modelName: 'gpt-4o', modelProvider: 'openai', modelType: 'llm' },\n * });\n * ```\n *\n * For staging, pass `baseUrl: 'https://staging.astrasync.ai'`.\n */\nexport class AstraSync {\n  private readonly baseUrl: string;\n  private readonly apiKey?: string;\n  private readonly email?: string;\n  private readonly password?: string;\n  private readonly privateKey?: string;\n  private cachedJwt?: string;\n  private jwtExpiresAt?: number;\n\n  constructor(config: AstraSyncConfig = {}) {\n    this.baseUrl = (config.baseUrl || process.env.ASTRASYNC_API_URL || DEFAULT_BASE_URL).replace(\n      /\\/+$/,\n      ''\n    );\n\n    this.apiKey = config.apiKey || process.env.ASTRASYNC_API_KEY;\n    this.email = config.email;\n    this.password = config.password;\n    this.privateKey = config.privateKey;\n\n    if (!this.apiKey && !this.email) {\n      throw new AuthenticationError(\n        'Authentication required. Provide apiKey, or email+password. ' +\n          'Set ASTRASYNC_API_KEY env var or pass config to constructor.'\n      );\n    }\n\n    if (this.email && !this.password) {\n      throw new AuthenticationError('Password is required when using email authentication.');\n    }\n  }\n\n  /**\n   * Register a new AI agent on the AstraSync KYA Platform.\n   * Sends full payload including model, framework, PDLSS, and metadata.\n   */\n  async register(options: RegisterOptions): Promise<RegistrationResponse> {\n    const body: Record<string, unknown> = {\n      name: options.name,\n      ...(options.description && { description: options.description }),\n      ...(options.agentType && { agentType: options.agentType }),\n      ...(options.apiEndpoint && { apiEndpoint: options.apiEndpoint }),\n      ...(options.model && { model: options.model }),\n      ...(options.framework && { framework: options.framework }),\n      ...(options.protocols && { protocols: options.protocols }),\n      ...(options.metadata && { metadata: options.metadata }),\n      ...(options.pdlss && { pdlss: options.pdlss }),\n    };\n\n    return this.request<RegistrationResponse>('POST', '/api/agents/register', body);\n  }\n\n  /**\n   * Look up an agent's public profile by ASTRA ID or UUID.\n   */\n  async verify(agentId: string): Promise<VerifyResponse> {\n    return this.request<VerifyResponse>('GET', `/api/agents/verify/${agentId}`);\n  }\n\n  /**\n   * Check API health.\n   */\n  async health(): Promise<HealthResponse> {\n    const res = await fetch(`${this.baseUrl}/api/health/`);\n    if (!res.ok) {\n      throw new AstraSyncError(`Health check failed: ${res.status}`, res.status);\n    }\n    return res.json() as Promise<HealthResponse>;\n  }\n\n  // ── Private helpers ──────────────────────────────────────────────\n\n  private async request<T>(method: string, endpoint: string, body?: unknown): Promise<T> {\n    const url = `${this.baseUrl}${endpoint}`;\n    const headers: Record<string, string> = {\n      'Content-Type': 'application/json',\n    };\n\n    // Set auth header\n    const token = await this.getAuthToken();\n    headers['Authorization'] = `Bearer ${token}`;\n\n    // Sign request if private key is configured\n    if (this.privateKey) {\n      const signature = await this.signRequest(method, endpoint, body || {});\n      headers['X-AstraSync-Signature'] = signature;\n    }\n\n    const res = await fetch(url, {\n      method,\n      headers,\n      ...(body ? { body: JSON.stringify(body) } : {}),\n    });\n\n    if (!res.ok) {\n      const errorBody = (await res\n        .json()\n        .catch(() => ({ error: res.statusText }))) as ApiErrorResponse;\n\n      // Handle KYD_REQUIRED specifically\n      if (res.status === 403 && errorBody.code === 'KYD_REQUIRED') {\n        throw new KYDRequiredError(errorBody);\n      }\n\n      throw new AstraSyncError(\n        errorBody.error || `Request failed: ${res.status}`,\n        res.status,\n        errorBody.code\n      );\n    }\n\n    return res.json() as Promise<T>;\n  }\n\n  private async getAuthToken(): Promise<string> {\n    // API key auth — use directly\n    if (this.apiKey) {\n      return this.apiKey;\n    }\n\n    // Email+password — login and cache JWT\n    if (this.cachedJwt && this.jwtExpiresAt && Date.now() < this.jwtExpiresAt) {\n      return this.cachedJwt;\n    }\n\n    const res = await fetch(`${this.baseUrl}/api/auth/login`, {\n      method: 'POST',\n      headers: { 'Content-Type': 'application/json' },\n      body: JSON.stringify({ email: this.email, password: this.password }),\n    });\n\n    if (!res.ok) {\n      const errorBody = (await res.json().catch(() => ({}))) as Record<string, unknown>;\n      throw new AuthenticationError(\n        (errorBody.message as string) || (errorBody.error as string) || 'Login failed'\n      );\n    }\n\n    const data = (await res.json()) as { data: { token: string } };\n    this.cachedJwt = data.data.token;\n    // Cache for 6 days (tokens expire in 7)\n    this.jwtExpiresAt = Date.now() + 6 * 24 * 60 * 60 * 1000;\n\n    return this.cachedJwt;\n  }\n\n  /**\n   * Sign a request using secp256k1 (ethers.js).\n   * Canonical message format: METHOD:ENDPOINT:SORTED_JSON_BODY\n   * Must match apps/backend/src/services/signature-verify.service.ts exactly.\n   */\n  private async signRequest(method: string, endpoint: string, body: unknown): Promise<string> {\n    const { Wallet } = await import('ethers');\n    const sorted = this.sortObjectKeys(body);\n    const canonical = `${method}:${endpoint}:${JSON.stringify(sorted)}`;\n    const wallet = new Wallet(this.privateKey!);\n    return wallet.signMessage(canonical);\n  }\n\n  /** Recursively sort object keys for canonical JSON representation. */\n  private sortObjectKeys(obj: unknown): unknown {\n    if (obj === null || typeof obj !== 'object') {\n      return obj;\n    }\n    if (Array.isArray(obj)) {\n      return obj.map((item) => this.sortObjectKeys(item));\n    }\n    const sorted: Record<string, unknown> = {};\n    for (const key of Object.keys(obj).sort()) {\n      sorted[key] = this.sortObjectKeys((obj as Record<string, unknown>)[key]);\n    }\n    return sorted;\n  }\n}\n"],"mappings":";AAGO,IAAM,iBAAN,cAA6B,MAAM;AAAA,EAIxC,YAAY,SAAiB,YAAoB,MAAe;AAC9D,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,OAAO;AAAA,EACd;AACF;AAGO,IAAM,mBAAN,cAA+B,eAAe;AAAA,EAInD,YAAY,UAA4B;AACtC,UAAM,SAAS,SAAS,UAAU;AAClC;AAAA,MACE;AAAA,gCAAuF,MAAM;AAAA,MAC7F;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,gBAAgB,SAAS,iBAAiB;AAAA,EACjD;AACF;AAGO,IAAM,sBAAN,cAAkC,eAAe;AAAA,EACtD,YAAY,SAAiB;AAC3B,UAAM,SAAS,KAAK,aAAa;AACjC,SAAK,OAAO;AAAA,EACd;AACF;;;AC7BA,IAAM,mBAAmB;AAgBlB,IAAM,YAAN,MAAgB;AAAA,EASrB,YAAY,SAA0B,CAAC,GAAG;AACxC,SAAK,WAAW,OAAO,WAAW,QAAQ,IAAI,qBAAqB,kBAAkB;AAAA,MACnF;AAAA,MACA;AAAA,IACF;AAEA,SAAK,SAAS,OAAO,UAAU,QAAQ,IAAI;AAC3C,SAAK,QAAQ,OAAO;AACpB,SAAK,WAAW,OAAO;AACvB,SAAK,aAAa,OAAO;AAEzB,QAAI,CAAC,KAAK,UAAU,CAAC,KAAK,OAAO;AAC/B,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAEA,QAAI,KAAK,SAAS,CAAC,KAAK,UAAU;AAChC,YAAM,IAAI,oBAAoB,uDAAuD;AAAA,IACvF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,SAAS,SAAyD;AACtE,UAAM,OAAgC;AAAA,MACpC,MAAM,QAAQ;AAAA,MACd,GAAI,QAAQ,eAAe,EAAE,aAAa,QAAQ,YAAY;AAAA,MAC9D,GAAI,QAAQ,aAAa,EAAE,WAAW,QAAQ,UAAU;AAAA,MACxD,GAAI,QAAQ,eAAe,EAAE,aAAa,QAAQ,YAAY;AAAA,MAC9D,GAAI,QAAQ,SAAS,EAAE,OAAO,QAAQ,MAAM;AAAA,MAC5C,GAAI,QAAQ,aAAa,EAAE,WAAW,QAAQ,UAAU;AAAA,MACxD,GAAI,QAAQ,aAAa,EAAE,WAAW,QAAQ,UAAU;AAAA,MACxD,GAAI,QAAQ,YAAY,EAAE,UAAU,QAAQ,SAAS;AAAA,MACrD,GAAI,QAAQ,SAAS,EAAE,OAAO,QAAQ,MAAM;AAAA,IAC9C;AAEA,WAAO,KAAK,QAA8B,QAAQ,wBAAwB,IAAI;AAAA,EAChF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAO,SAA0C;AACrD,WAAO,KAAK,QAAwB,OAAO,sBAAsB,OAAO,EAAE;AAAA,EAC5E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAkC;AACtC,UAAM,MAAM,MAAM,MAAM,GAAG,KAAK,OAAO,cAAc;AACrD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI,eAAe,wBAAwB,IAAI,MAAM,IAAI,IAAI,MAAM;AAAA,IAC3E;AACA,WAAO,IAAI,KAAK;AAAA,EAClB;AAAA;AAAA,EAIA,MAAc,QAAW,QAAgB,UAAkB,MAA4B;AACrF,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,QAAQ;AACtC,UAAM,UAAkC;AAAA,MACtC,gBAAgB;AAAA,IAClB;AAGA,UAAM,QAAQ,MAAM,KAAK,aAAa;AACtC,YAAQ,eAAe,IAAI,UAAU,KAAK;AAG1C,QAAI,KAAK,YAAY;AACnB,YAAM,YAAY,MAAM,KAAK,YAAY,QAAQ,UAAU,QAAQ,CAAC,CAAC;AACrE,cAAQ,uBAAuB,IAAI;AAAA,IACrC;AAEA,UAAM,MAAM,MAAM,MAAM,KAAK;AAAA,MAC3B;AAAA,MACA;AAAA,MACA,GAAI,OAAO,EAAE,MAAM,KAAK,UAAU,IAAI,EAAE,IAAI,CAAC;AAAA,IAC/C,CAAC;AAED,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,YAAa,MAAM,IACtB,KAAK,EACL,MAAM,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE;AAG1C,UAAI,IAAI,WAAW,OAAO,UAAU,SAAS,gBAAgB;AAC3D,cAAM,IAAI,iBAAiB,SAAS;AAAA,MACtC;AAEA,YAAM,IAAI;AAAA,QACR,UAAU,SAAS,mBAAmB,IAAI,MAAM;AAAA,QAChD,IAAI;AAAA,QACJ,UAAU;AAAA,MACZ;AAAA,IACF;AAEA,WAAO,IAAI,KAAK;AAAA,EAClB;AAAA,EAEA,MAAc,eAAgC;AAE5C,QAAI,KAAK,QAAQ;AACf,aAAO,KAAK;AAAA,IACd;AAGA,QAAI,KAAK,aAAa,KAAK,gBAAgB,KAAK,IAAI,IAAI,KAAK,cAAc;AACzE,aAAO,KAAK;AAAA,IACd;AAEA,UAAM,MAAM,MAAM,MAAM,GAAG,KAAK,OAAO,mBAAmB;AAAA,MACxD,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU,EAAE,OAAO,KAAK,OAAO,UAAU,KAAK,SAAS,CAAC;AAAA,IACrE,CAAC;AAED,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,YAAa,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACpD,YAAM,IAAI;AAAA,QACP,UAAU,WAAuB,UAAU,SAAoB;AAAA,MAClE;AAAA,IACF;AAEA,UAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,SAAK,YAAY,KAAK,KAAK;AAE3B,SAAK,eAAe,KAAK,IAAI,IAAI,IAAI,KAAK,KAAK,KAAK;AAEpD,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,YAAY,QAAgB,UAAkB,MAAgC;AAC1F,UAAM,EAAE,OAAO,IAAI,MAAM,OAAO,QAAQ;AACxC,UAAM,SAAS,KAAK,eAAe,IAAI;AACvC,UAAM,YAAY,GAAG,MAAM,IAAI,QAAQ,IAAI,KAAK,UAAU,MAAM,CAAC;AACjE,UAAM,SAAS,IAAI,OAAO,KAAK,UAAW;AAC1C,WAAO,OAAO,YAAY,SAAS;AAAA,EACrC;AAAA;AAAA,EAGQ,eAAe,KAAuB;AAC5C,QAAI,QAAQ,QAAQ,OAAO,QAAQ,UAAU;AAC3C,aAAO;AAAA,IACT;AACA,QAAI,MAAM,QAAQ,GAAG,GAAG;AACtB,aAAO,IAAI,IAAI,CAAC,SAAS,KAAK,eAAe,IAAI,CAAC;AAAA,IACpD;AACA,UAAM,SAAkC,CAAC;AACzC,eAAW,OAAO,OAAO,KAAK,GAAG,EAAE,KAAK,GAAG;AACzC,aAAO,GAAG,IAAI,KAAK,eAAgB,IAAgC,GAAG,CAAC;AAAA,IACzE;AACA,WAAO;AAAA,EACT;AACF;","names":[]}

package/dist/{sdk-yJjO7yzn.d.mts → sdk-DSLCyXIX.d.mts}

@@ -1,4 +1,4 @@
-import { a as AccessLevel, i as TrustLevel, S as SDKOptions, V as VerificationResult } from './types-UYT4GdPW.mjs';
+import { a as AccessLevel, i as TrustLevel, S as SDKOptions, V as VerificationResult } from './types-BVp22KkN.mjs';
 
 /**
  * AstraSync Universal Verification Gateway - Access Level Definitions

package/dist/{sdk-BMvauMgP.d.ts → sdk-TnHXD-Oh.d.ts}

@@ -1,4 +1,4 @@
-import { a as AccessLevel, i as TrustLevel, S as SDKOptions, V as VerificationResult } from './types-UYT4GdPW.js';
+import { a as AccessLevel, i as TrustLevel, S as SDKOptions, V as VerificationResult } from './types-BVp22KkN.js';
 
 /**
  * AstraSync Universal Verification Gateway - Access Level Definitions

package/dist/transport/index.d.mts

@@ -1,3 +1,3 @@
-import '../types-UYT4GdPW.mjs';
-export { A as ACPEndpoint, a as ACPPaymentTokenType, b as ACPRequestContext, c as ACPRequestLike, d as ACPSignatureAlgorithm, e as ACPTotal, f as ACPVerifyInput, g as ACPVerifyResult, h as AP2CartMandateClaims, j as AP2ChainResult, k as AP2IntentMandateClaims, l as AP2MandateClaims, m as AP2MandateTriple, n as AP2MandateTripleInput, o as AP2MandateType, p as AP2PaymentDetailsTotal, q as AP2PaymentMandateClaims, r as AP2PaymentMandateForValue, s as AP2VerifyInput, C as CommerceContext, t as CommercePipelineInput, u as CommerceProtocol, v as CommercePurpose, w as CommerceSignatureStack, x as ConstraintEvalResult, y as ConstraintKey, z as ConstraintResult, E as ExtractorRequestLike, I as IdentityBindingResult, B as IdentityClaim, D as IdentityResolver, M as MPPChallengeForValue, F as MPPChallengeSummary, G as MPPCredentialSummary, H as MPPIntent, J as MPPKind, K as MPPReceiptSummary, L as MPPRequestContext, N as MPPRequestLike, O as MPPResponseLike, P as MPPVerifyInput, Q as MPPVerifyResult, R as ParsedRFC9421, S as PaymentMethodAllowlistInput, T as RFC9421SignatureParams, U as RFC9421Tag, V as RFC9421VerifyOptions, W as RFC9421VerifyRequest, X as RFC9421VerifyResult, Y as RegistryName, Z as RegistryResolver, _ as ResolveContext, $ as STRIPE_WEBHOOK_INFORMATIONAL_EVENTS, a0 as SpendingLimitInput, a1 as StripeWebhookInformationalEvent, a2 as TransactionContext, a3 as TransactionValueContext, a4 as TransportExtractor, a5 as UCPCheckoutContext, a6 as UCPManifestValidationResult, a7 as UCPRequestLike, a8 as UCPTotal, a9 as VIAllowedParty, aa as VIBudgetLimit, ab as VIClaimsForValue, ac as VIConstraintEvalInput, ad as VIConstraints, ae as VIExecutionMode, af as VIExtractedClaims, ag as VILayer, ah as VILineItem, ai as VIMandateType, aj as VIPaymentAmount, ak as VIRecurrence, al as VIVerifyInput, am as VIVerifyResult, an as VerifyStripeWebhookOptions, ao as VerifyStripeWebhookResult, ap as X402Kind, aq as X402RequestContext, ar as X402RequestForValue, as as X402RequestLike, at as X402RequirementsSummary, au as X402ResponseLike, av as applyCredentials, aw as bindIdentity, ax as claim, ay as clearTransportExtractors, az as createMastercardRegistry, aA as createVisaRegistry, aB as createWebBotAuthRegistry, aC as detectProtocol, aD as evaluatePaymentMethodAllowlist, aE as evaluateSpendingLimit, aF as evaluateVIConstraints, aG as extractA2ACredentials, aH as extractACPContext, aI as extractACPTransactionValue, aJ as extractAP2Mandate, aK as extractAP2Mandates, aL as extractAP2TransactionValue, aM as extractCredentialsFromProtocol, aN as extractHttpCredentials, aO as extractMPPContext, aP as extractMPPFromRequest, aQ as extractMPPFromResponse, aR as extractMPPTransactionValue, aS as extractMcpCredentials, aT as extractUCPContext, aU as extractUCPTransactionValue, aV as extractVIClaims, aW as extractVITransactionValue, aX as extractX402Context, aY as extractX402FromRequest, aZ as extractX402FromResponse, a_ as extractX402TransactionValue, a$ as fetchUCPManifest, b0 as getTransportExtractor, b1 as getTransportExtractors, b2 as isStripeWebhookInformational, b3 as mapACPRequestToPurpose, b4 as mapAP2MandateToPurpose, b5 as mapMPPRequestToPurpose, b6 as mapRFC9421TagToPurpose, b7 as mapUCPRequestToPurpose, b8 as mapVIMandateToPurpose, b9 as mapX402RequestToPurpose, ba as parseRFC9421, bb as registerTransportExtractor, bc as runCommercePipeline, bd as runMatchingExtractors, be as setA2AMetadata, bf as setHttpHeaders, bg as setMcpMeta, bh as validateUCPManifest, bi as verifyACPSignature, bj as verifyAP2Chain, bk as verifyMPP, bl as verifyRFC9421, bm as verifyStripeWebhook, bn as verifyVIChain } from '../index-B--6fiDp.mjs';
+import '../types-BVp22KkN.mjs';
+export { A as ACPEndpoint, a as ACPPaymentTokenType, b as ACPRequestContext, c as ACPRequestLike, d as ACPSignatureAlgorithm, e as ACPTotal, f as ACPVerifyInput, g as ACPVerifyResult, h as AP2CartMandateClaims, j as AP2ChainResult, k as AP2IntentMandateClaims, l as AP2MandateClaims, m as AP2MandateTriple, n as AP2MandateTripleInput, o as AP2MandateType, p as AP2PaymentDetailsTotal, q as AP2PaymentMandateClaims, r as AP2PaymentMandateForValue, s as AP2VerifyInput, C as CommerceContext, t as CommercePipelineInput, u as CommerceProtocol, v as CommercePurpose, w as CommerceSignatureStack, x as ConstraintEvalResult, y as ConstraintKey, z as ConstraintResult, E as ExtractorRequestLike, I as IdentityBindingResult, B as IdentityClaim, D as IdentityResolver, M as MPPChallengeForValue, F as MPPChallengeSummary, G as MPPCredentialSummary, H as MPPIntent, J as MPPKind, K as MPPReceiptSummary, L as MPPRequestContext, N as MPPRequestLike, O as MPPResponseLike, P as MPPVerifyInput, Q as MPPVerifyResult, R as ParsedRFC9421, S as PaymentMethodAllowlistInput, T as RFC9421SignatureParams, U as RFC9421Tag, V as RFC9421VerifyOptions, W as RFC9421VerifyRequest, X as RFC9421VerifyResult, Y as RegistryName, Z as RegistryResolver, _ as ResolveContext, $ as STRIPE_WEBHOOK_INFORMATIONAL_EVENTS, a0 as SpendingLimitInput, a1 as StripeWebhookInformationalEvent, a2 as TransactionContext, a3 as TransactionValueContext, a4 as TransportExtractor, a5 as UCPCheckoutContext, a6 as UCPManifestValidationResult, a7 as UCPRequestLike, a8 as UCPTotal, a9 as VIAllowedParty, aa as VIBudgetLimit, ab as VIClaimsForValue, ac as VIConstraintEvalInput, ad as VIConstraints, ae as VIExecutionMode, af as VIExtractedClaims, ag as VILayer, ah as VILineItem, ai as VIMandateType, aj as VIPaymentAmount, ak as VIRecurrence, al as VIVerifyInput, am as VIVerifyResult, an as VerifyStripeWebhookOptions, ao as VerifyStripeWebhookResult, ap as X402Kind, aq as X402RequestContext, ar as X402RequestForValue, as as X402RequestLike, at as X402RequirementsSummary, au as X402ResponseLike, av as applyCredentials, aw as bindIdentity, ax as claim, ay as clearTransportExtractors, az as createMastercardRegistry, aA as createVisaRegistry, aB as createWebBotAuthRegistry, aC as detectProtocol, aD as evaluatePaymentMethodAllowlist, aE as evaluateSpendingLimit, aF as evaluateVIConstraints, aG as extractA2ACredentials, aH as extractACPContext, aI as extractACPTransactionValue, aJ as extractAP2Mandate, aK as extractAP2Mandates, aL as extractAP2TransactionValue, aM as extractCredentialsFromProtocol, aN as extractHttpCredentials, aO as extractMPPContext, aP as extractMPPFromRequest, aQ as extractMPPFromResponse, aR as extractMPPTransactionValue, aS as extractMcpCredentials, aT as extractUCPContext, aU as extractUCPTransactionValue, aV as extractVIClaims, aW as extractVITransactionValue, aX as extractX402Context, aY as extractX402FromRequest, aZ as extractX402FromResponse, a_ as extractX402TransactionValue, a$ as fetchUCPManifest, b0 as getTransportExtractor, b1 as getTransportExtractors, b2 as isStripeWebhookInformational, b3 as mapACPRequestToPurpose, b4 as mapAP2MandateToPurpose, b5 as mapMPPRequestToPurpose, b6 as mapRFC9421TagToPurpose, b7 as mapUCPRequestToPurpose, b8 as mapVIMandateToPurpose, b9 as mapX402RequestToPurpose, ba as parseRFC9421, bb as registerTransportExtractor, bc as runCommercePipeline, bd as runMatchingExtractors, be as setA2AMetadata, bf as setHttpHeaders, bg as setMcpMeta, bh as validateUCPManifest, bi as verifyACPSignature, bj as verifyAP2Chain, bk as verifyMPP, bl as verifyRFC9421, bm as verifyStripeWebhook, bn as verifyVIChain } from '../index-DkyPV14Y.mjs';
 import 'jose';

package/dist/transport/index.d.ts

@@ -1,3 +1,3 @@
-import '../types-UYT4GdPW.js';
-export { A as ACPEndpoint, a as ACPPaymentTokenType, b as ACPRequestContext, c as ACPRequestLike, d as ACPSignatureAlgorithm, e as ACPTotal, f as ACPVerifyInput, g as ACPVerifyResult, h as AP2CartMandateClaims, j as AP2ChainResult, k as AP2IntentMandateClaims, l as AP2MandateClaims, m as AP2MandateTriple, n as AP2MandateTripleInput, o as AP2MandateType, p as AP2PaymentDetailsTotal, q as AP2PaymentMandateClaims, r as AP2PaymentMandateForValue, s as AP2VerifyInput, C as CommerceContext, t as CommercePipelineInput, u as CommerceProtocol, v as CommercePurpose, w as CommerceSignatureStack, x as ConstraintEvalResult, y as ConstraintKey, z as ConstraintResult, E as ExtractorRequestLike, I as IdentityBindingResult, B as IdentityClaim, D as IdentityResolver, M as MPPChallengeForValue, F as MPPChallengeSummary, G as MPPCredentialSummary, H as MPPIntent, J as MPPKind, K as MPPReceiptSummary, L as MPPRequestContext, N as MPPRequestLike, O as MPPResponseLike, P as MPPVerifyInput, Q as MPPVerifyResult, R as ParsedRFC9421, S as PaymentMethodAllowlistInput, T as RFC9421SignatureParams, U as RFC9421Tag, V as RFC9421VerifyOptions, W as RFC9421VerifyRequest, X as RFC9421VerifyResult, Y as RegistryName, Z as RegistryResolver, _ as ResolveContext, $ as STRIPE_WEBHOOK_INFORMATIONAL_EVENTS, a0 as SpendingLimitInput, a1 as StripeWebhookInformationalEvent, a2 as TransactionContext, a3 as TransactionValueContext, a4 as TransportExtractor, a5 as UCPCheckoutContext, a6 as UCPManifestValidationResult, a7 as UCPRequestLike, a8 as UCPTotal, a9 as VIAllowedParty, aa as VIBudgetLimit, ab as VIClaimsForValue, ac as VIConstraintEvalInput, ad as VIConstraints, ae as VIExecutionMode, af as VIExtractedClaims, ag as VILayer, ah as VILineItem, ai as VIMandateType, aj as VIPaymentAmount, ak as VIRecurrence, al as VIVerifyInput, am as VIVerifyResult, an as VerifyStripeWebhookOptions, ao as VerifyStripeWebhookResult, ap as X402Kind, aq as X402RequestContext, ar as X402RequestForValue, as as X402RequestLike, at as X402RequirementsSummary, au as X402ResponseLike, av as applyCredentials, aw as bindIdentity, ax as claim, ay as clearTransportExtractors, az as createMastercardRegistry, aA as createVisaRegistry, aB as createWebBotAuthRegistry, aC as detectProtocol, aD as evaluatePaymentMethodAllowlist, aE as evaluateSpendingLimit, aF as evaluateVIConstraints, aG as extractA2ACredentials, aH as extractACPContext, aI as extractACPTransactionValue, aJ as extractAP2Mandate, aK as extractAP2Mandates, aL as extractAP2TransactionValue, aM as extractCredentialsFromProtocol, aN as extractHttpCredentials, aO as extractMPPContext, aP as extractMPPFromRequest, aQ as extractMPPFromResponse, aR as extractMPPTransactionValue, aS as extractMcpCredentials, aT as extractUCPContext, aU as extractUCPTransactionValue, aV as extractVIClaims, aW as extractVITransactionValue, aX as extractX402Context, aY as extractX402FromRequest, aZ as extractX402FromResponse, a_ as extractX402TransactionValue, a$ as fetchUCPManifest, b0 as getTransportExtractor, b1 as getTransportExtractors, b2 as isStripeWebhookInformational, b3 as mapACPRequestToPurpose, b4 as mapAP2MandateToPurpose, b5 as mapMPPRequestToPurpose, b6 as mapRFC9421TagToPurpose, b7 as mapUCPRequestToPurpose, b8 as mapVIMandateToPurpose, b9 as mapX402RequestToPurpose, ba as parseRFC9421, bb as registerTransportExtractor, bc as runCommercePipeline, bd as runMatchingExtractors, be as setA2AMetadata, bf as setHttpHeaders, bg as setMcpMeta, bh as validateUCPManifest, bi as verifyACPSignature, bj as verifyAP2Chain, bk as verifyMPP, bl as verifyRFC9421, bm as verifyStripeWebhook, bn as verifyVIChain } from '../index-Yt02MRyu.js';
+import '../types-BVp22KkN.js';
+export { A as ACPEndpoint, a as ACPPaymentTokenType, b as ACPRequestContext, c as ACPRequestLike, d as ACPSignatureAlgorithm, e as ACPTotal, f as ACPVerifyInput, g as ACPVerifyResult, h as AP2CartMandateClaims, j as AP2ChainResult, k as AP2IntentMandateClaims, l as AP2MandateClaims, m as AP2MandateTriple, n as AP2MandateTripleInput, o as AP2MandateType, p as AP2PaymentDetailsTotal, q as AP2PaymentMandateClaims, r as AP2PaymentMandateForValue, s as AP2VerifyInput, C as CommerceContext, t as CommercePipelineInput, u as CommerceProtocol, v as CommercePurpose, w as CommerceSignatureStack, x as ConstraintEvalResult, y as ConstraintKey, z as ConstraintResult, E as ExtractorRequestLike, I as IdentityBindingResult, B as IdentityClaim, D as IdentityResolver, M as MPPChallengeForValue, F as MPPChallengeSummary, G as MPPCredentialSummary, H as MPPIntent, J as MPPKind, K as MPPReceiptSummary, L as MPPRequestContext, N as MPPRequestLike, O as MPPResponseLike, P as MPPVerifyInput, Q as MPPVerifyResult, R as ParsedRFC9421, S as PaymentMethodAllowlistInput, T as RFC9421SignatureParams, U as RFC9421Tag, V as RFC9421VerifyOptions, W as RFC9421VerifyRequest, X as RFC9421VerifyResult, Y as RegistryName, Z as RegistryResolver, _ as ResolveContext, $ as STRIPE_WEBHOOK_INFORMATIONAL_EVENTS, a0 as SpendingLimitInput, a1 as StripeWebhookInformationalEvent, a2 as TransactionContext, a3 as TransactionValueContext, a4 as TransportExtractor, a5 as UCPCheckoutContext, a6 as UCPManifestValidationResult, a7 as UCPRequestLike, a8 as UCPTotal, a9 as VIAllowedParty, aa as VIBudgetLimit, ab as VIClaimsForValue, ac as VIConstraintEvalInput, ad as VIConstraints, ae as VIExecutionMode, af as VIExtractedClaims, ag as VILayer, ah as VILineItem, ai as VIMandateType, aj as VIPaymentAmount, ak as VIRecurrence, al as VIVerifyInput, am as VIVerifyResult, an as VerifyStripeWebhookOptions, ao as VerifyStripeWebhookResult, ap as X402Kind, aq as X402RequestContext, ar as X402RequestForValue, as as X402RequestLike, at as X402RequirementsSummary, au as X402ResponseLike, av as applyCredentials, aw as bindIdentity, ax as claim, ay as clearTransportExtractors, az as createMastercardRegistry, aA as createVisaRegistry, aB as createWebBotAuthRegistry, aC as detectProtocol, aD as evaluatePaymentMethodAllowlist, aE as evaluateSpendingLimit, aF as evaluateVIConstraints, aG as extractA2ACredentials, aH as extractACPContext, aI as extractACPTransactionValue, aJ as extractAP2Mandate, aK as extractAP2Mandates, aL as extractAP2TransactionValue, aM as extractCredentialsFromProtocol, aN as extractHttpCredentials, aO as extractMPPContext, aP as extractMPPFromRequest, aQ as extractMPPFromResponse, aR as extractMPPTransactionValue, aS as extractMcpCredentials, aT as extractUCPContext, aU as extractUCPTransactionValue, aV as extractVIClaims, aW as extractVITransactionValue, aX as extractX402Context, aY as extractX402FromRequest, aZ as extractX402FromResponse, a_ as extractX402TransactionValue, a$ as fetchUCPManifest, b0 as getTransportExtractor, b1 as getTransportExtractors, b2 as isStripeWebhookInformational, b3 as mapACPRequestToPurpose, b4 as mapAP2MandateToPurpose, b5 as mapMPPRequestToPurpose, b6 as mapRFC9421TagToPurpose, b7 as mapUCPRequestToPurpose, b8 as mapVIMandateToPurpose, b9 as mapX402RequestToPurpose, ba as parseRFC9421, bb as registerTransportExtractor, bc as runCommercePipeline, bd as runMatchingExtractors, be as setA2AMetadata, bf as setHttpHeaders, bg as setMcpMeta, bh as validateUCPManifest, bi as verifyACPSignature, bj as verifyAP2Chain, bk as verifyMPP, bl as verifyRFC9421, bm as verifyStripeWebhook, bn as verifyVIChain } from '../index-CxwCN7AC.js';
 import 'jose';

package/dist/{types-UYT4GdPW.d.mts → types-BVp22KkN.d.mts}

@@ -526,6 +526,18 @@ interface RuntimeChallengeResult {
  */
 interface EnhancedVerificationResult extends VerificationResult {
     sessionId?: string;
+    /**
+     * v2.3.10 (defect #34, round-4): correlation key returned by the backend
+     * on anonymous verify-access responses. Anonymous traffic has no agent
+     * → no session row → no `sessionId` to thread through `recordDecision`.
+     * `correlationId` lets the SDK report a paired `verification.local_override`
+     * event (e.g. when a toolGate floor exceeds the server-granted band)
+     * via the sessionless `/verify-access/local-override` endpoint, linking
+     * it back to the original `verification.unverified_audit` event.
+     * Present only on anonymous responses; authenticated responses use
+     * `sessionId` instead.
+     */
+    correlationId?: string;
     runtimeChallenge?: RuntimeChallengeResult;
     tokenGuidance?: TokenGuidance;
     appliedPolicy?: AppliedPolicy;

package/dist/{types-UYT4GdPW.d.ts → types-BVp22KkN.d.ts}

@@ -526,6 +526,18 @@ interface RuntimeChallengeResult {
  */
 interface EnhancedVerificationResult extends VerificationResult {
     sessionId?: string;
+    /**
+     * v2.3.10 (defect #34, round-4): correlation key returned by the backend
+     * on anonymous verify-access responses. Anonymous traffic has no agent
+     * → no session row → no `sessionId` to thread through `recordDecision`.
+     * `correlationId` lets the SDK report a paired `verification.local_override`
+     * event (e.g. when a toolGate floor exceeds the server-granted band)
+     * via the sessionless `/verify-access/local-override` endpoint, linking
+     * it back to the original `verification.unverified_audit` event.
+     * Present only on anonymous responses; authenticated responses use
+     * `sessionId` instead.
+     */
+    correlationId?: string;
     runtimeChallenge?: RuntimeChallengeResult;
     tokenGuidance?: TokenGuidance;
     appliedPolicy?: AppliedPolicy;

package/dist/{types-ppkhdldJ.d.ts → types-DVCWReEN.d.ts}

@@ -1,4 +1,4 @@
-import { a as AccessLevel, C as CounterpartyType, T as TokenGuidance } from './types-UYT4GdPW.js';
+import { a as AccessLevel, C as CounterpartyType, T as TokenGuidance } from './types-BVp22KkN.js';
 
 /**
  * AstraSync Gateway - Types for gateway modes, local evaluation, and adapter interface.

package/dist/{types-CKafuHDn.d.mts → types-pU2O0BFq.d.mts}

@@ -1,4 +1,4 @@
-import { a as AccessLevel, C as CounterpartyType, T as TokenGuidance } from './types-UYT4GdPW.mjs';
+import { a as AccessLevel, C as CounterpartyType, T as TokenGuidance } from './types-BVp22KkN.mjs';
 
 /**
  * AstraSync Gateway - Types for gateway modes, local evaluation, and adapter interface.

package/dist/ui/index.d.mts

@@ -1,4 +1,4 @@
-import { d as CommerceShieldProps, V as VerificationResult, b as AgentCredentials, f as GuidanceInfo, i as TrustLevel } from '../types-UYT4GdPW.mjs';
+import { d as CommerceShieldProps, V as VerificationResult, b as AgentCredentials, f as GuidanceInfo, i as TrustLevel } from '../types-BVp22KkN.mjs';
 
 /**
  * AstraSync Commerce Shield Component

package/dist/ui/index.d.ts

@@ -1,4 +1,4 @@
-import { d as CommerceShieldProps, V as VerificationResult, b as AgentCredentials, f as GuidanceInfo, i as TrustLevel } from '../types-UYT4GdPW.js';
+import { d as CommerceShieldProps, V as VerificationResult, b as AgentCredentials, f as GuidanceInfo, i as TrustLevel } from '../types-BVp22KkN.js';
 
 /**
  * AstraSync Commerce Shield Component

package/package.json

@@ -1,10 +1,13 @@
 {
   "name": "@astrasyncai/verification-gateway",
-  "version": "2.3.9",
-  "description": "Universal Verification Gateway for AstraSync KYA Platform - verify AI agents across any counterparty type",
+  "version": "2.4.0",
+  "description": "AstraSync KYA Platform SDK — counterparty verification gateway (verify incoming requests) + agent registration (register AI agents with the KYA backend).",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
   "types": "./dist/index.d.ts",
+  "bin": {
+    "astrasync": "./dist/bin/astrasync.js"
+  },
   "exports": {
     ".": {
       "types": "./dist/index.d.ts",
@@ -41,6 +44,11 @@
       "import": "./dist/agent/index.mjs",
       "require": "./dist/agent/index.js"
     },
+    "./registration": {
+      "types": "./dist/registration/index.d.ts",
+      "import": "./dist/registration/index.mjs",
+      "require": "./dist/registration/index.js"
+    },
     "./transport": {
       "types": "./dist/transport/index.d.ts",
       "import": "./dist/transport/index.mjs",
@@ -105,9 +113,12 @@
   "keywords": [
     "astrasync",
     "kya",
+    "kyd",
     "ai-agents",
+    "agent-registration",
     "verification",
     "trust",
+    "identity",
     "pdlss",
     "middleware"
   ],
@@ -124,6 +135,7 @@
     "@sd-jwt/utils": "^0.19.0",
     "@x402/core": "^2.10.0",
     "ajv": "^8.17.1",
+    "ethers": "^6.13.0",
     "http-message-signatures": "^1.0.5",
     "jose": "^5.9.6",
     "mppx": "0.5.13",