npm - @astrasyncai/verification-gateway - Versions diffs - 2.4.0 → 2.4.2 - Mend

@astrasyncai/verification-gateway 2.4.0 → 2.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/README.md +137 -22
package/dist/adapter-interface/interface.d.mts +2 -2
package/dist/adapter-interface/interface.d.ts +2 -2
package/dist/adapters/express.d.mts +2 -2
package/dist/adapters/express.d.ts +2 -2
package/dist/adapters/express.js +37 -7
package/dist/adapters/express.js.map +1 -1
package/dist/adapters/express.mjs +37 -7
package/dist/adapters/express.mjs.map +1 -1
package/dist/adapters/mcp.d.mts +1 -1
package/dist/adapters/mcp.d.ts +1 -1
package/dist/adapters/mcp.js +37 -7
package/dist/adapters/mcp.js.map +1 -1
package/dist/adapters/mcp.mjs +37 -7
package/dist/adapters/mcp.mjs.map +1 -1
package/dist/adapters/nextjs.d.mts +2 -2
package/dist/adapters/nextjs.d.ts +2 -2
package/dist/adapters/nextjs.js +30 -4
package/dist/adapters/nextjs.js.map +1 -1
package/dist/adapters/nextjs.mjs +30 -4
package/dist/adapters/nextjs.mjs.map +1 -1
package/dist/adapters/sdk.d.mts +2 -2
package/dist/adapters/sdk.d.ts +2 -2
package/dist/adapters/sdk.js +30 -4
package/dist/adapters/sdk.js.map +1 -1
package/dist/adapters/sdk.mjs +30 -4
package/dist/adapters/sdk.mjs.map +1 -1
package/dist/agent/index.d.mts +2 -2
package/dist/agent/index.d.ts +2 -2
package/dist/bin/astrasync.js +163 -4
package/dist/browser/background.js +30 -4
package/dist/browser/background.js.map +1 -1
package/dist/browser/background.mjs +30 -4
package/dist/browser/background.mjs.map +1 -1
package/dist/browser/browser-adapter.d.mts +2 -2
package/dist/browser/browser-adapter.d.ts +2 -2
package/dist/cli/index.d.mts +2 -2
package/dist/cli/index.d.ts +2 -2
package/dist/cursor/cursor-adapter.d.mts +2 -2
package/dist/cursor/cursor-adapter.d.ts +2 -2
package/dist/cursor/extension.d.mts +2 -2
package/dist/cursor/extension.d.ts +2 -2
package/dist/cursor/extension.js +30 -4
package/dist/cursor/extension.js.map +1 -1
package/dist/cursor/extension.mjs +30 -4
package/dist/cursor/extension.mjs.map +1 -1
package/dist/{express-4Vau6x6X.d.mts → express-DneHiMhu.d.mts} +1 -1
package/dist/{express-Nq-wWICa.d.ts → express-DsiaQRFt.d.ts} +1 -1
package/dist/gateway/gateway.d.mts +2 -2
package/dist/gateway/gateway.d.ts +2 -2
package/dist/gateway/gateway.js +30 -4
package/dist/gateway/gateway.js.map +1 -1
package/dist/gateway/gateway.mjs +30 -4
package/dist/gateway/gateway.mjs.map +1 -1
package/dist/git-trigger/git-hooks.d.mts +2 -2
package/dist/git-trigger/git-hooks.d.ts +2 -2
package/dist/{index-DkyPV14Y.d.mts → index-C9yWlQ2Y.d.mts} +1 -1
package/dist/{index-DiToN8gh.d.mts → index-DAGm-Sgf.d.mts} +1 -1
package/dist/{index-B-EovXnY.d.ts → index-Dd4alF0l.d.ts} +1 -1
package/dist/{index-CxwCN7AC.d.ts → index-NZiKvrtE.d.ts} +1 -1
package/dist/index.d.mts +7 -7
package/dist/index.d.ts +7 -7
package/dist/index.js +37 -7
package/dist/index.js.map +1 -1
package/dist/index.mjs +37 -7
package/dist/index.mjs.map +1 -1
package/dist/local-evaluator/evaluator.d.mts +2 -2
package/dist/local-evaluator/evaluator.d.ts +2 -2
package/dist/{nextjs-DO_4crcp.d.ts → nextjs-B4WmoiVm.d.ts} +1 -1
package/dist/{nextjs-BTR7Oix-.d.mts → nextjs-vUuVCaBP.d.mts} +1 -1
package/dist/registration/index.d.mts +174 -7
package/dist/registration/index.d.ts +174 -7
package/dist/registration/index.js +171 -6
package/dist/registration/index.js.map +1 -1
package/dist/registration/index.mjs +167 -5
package/dist/registration/index.mjs.map +1 -1
package/dist/{sdk-TnHXD-Oh.d.ts → sdk-BvWp4q2q.d.ts} +1 -1
package/dist/{sdk-DSLCyXIX.d.mts → sdk-Cixo6pTV.d.mts} +1 -1
package/dist/transport/index.d.mts +2 -2
package/dist/transport/index.d.ts +2 -2
package/dist/{types-pU2O0BFq.d.mts → types-C_e1IZdU.d.mts} +1 -1
package/dist/{types-BVp22KkN.d.mts → types-DLai3jly.d.mts} +16 -13
package/dist/{types-BVp22KkN.d.ts → types-DLai3jly.d.ts} +16 -13
package/dist/{types-DVCWReEN.d.ts → types-IUzu-A4u.d.ts} +1 -1
package/dist/ui/index.d.mts +1 -1
package/dist/ui/index.d.ts +1 -1
package/package.json +1 -1

package/dist/index.mjs CHANGED Viewed

@@ -217,8 +217,18 @@ function extractCredentials(headers, query) {
 function hasCredentials(credentials) {
   return !!(credentials.astraId || credentials.apiKey || credentials.jwt);
 }
-function createGuidanceResponse(config, reason) {
-  const guidance = {
+function createGuidanceResponse(config, reason, options = {}) {
+  const source = options.source ?? "no_credentials";
+  const isApiError = source === "api_error";
+  const guidance = isApiError ? {
+    message: "Verification is temporarily unavailable. Retry with exponential backoff; if the issue persists, contact support with the correlationId.",
+    registrationUrl: `${config.apiBaseUrl.replace("/api", "")}/register`,
+    documentationUrl: `${config.apiBaseUrl.replace("/api", "")}/docs/agent-access`,
+    steps: [
+      "Retry the request with exponential backoff",
+      "If failures persist, share the correlationId with support"
+    ]
+  } : {
     message: "This service verifies AI agents before granting access. Please register your agent with AstraSync.",
     registrationUrl: `${config.apiBaseUrl.replace("/api", "")}/register`,
     documentationUrl: `${config.apiBaseUrl.replace("/api", "")}/docs/agent-access`,
@@ -239,6 +249,18 @@ function createGuidanceResponse(config, reason) {
     accessLevel: "none",
     guidance,
     denialReasons: reason ? [reason] : ["No valid agent credentials provided"],
+    // Round-10 (#47, O5): on API-error fallback, surface a typed failure so
+    // partners (and their custom onDenied handlers) can branch on
+    // dimension. Without this, the synthesised stub was indistinguishable
+    // from a real policy deny.
+    failures: isApiError ? [
+      {
+        dimension: "verify_access.api_error",
+        message: reason ?? "Verification temporarily unavailable",
+        guidance: guidance.message
+      }
+    ] : void 0,
+    correlationId: options.correlationId,
     verifiedAt: /* @__PURE__ */ new Date()
   };
 }
@@ -313,7 +335,8 @@ async function callVerifyAccessAPI(config, request) {
     if (!response.ok) {
       return {
         success: false,
-        error: data.message || data.error || `API returned ${response.status}`
+        error: data.message || data.error || `API returned ${response.status}`,
+        correlationId: typeof data?.correlationId === "string" ? data.correlationId : void 0
       };
     }
     return data;
@@ -357,7 +380,10 @@ async function verify(config, request) {
   }
   const apiResponse = await callVerifyAccessAPI(mergedConfig, enrichedRequest);
   if (!apiResponse.success) {
-    return createGuidanceResponse(mergedConfig, apiResponse.error);
+    return createGuidanceResponse(mergedConfig, apiResponse.error, {
+      source: "api_error",
+      correlationId: apiResponse.correlationId
+    });
   }
   if (!apiResponse.access?.allowed) {
     const aggregatedFailures = apiResponse.access?.failures;
@@ -689,13 +715,17 @@ function findRouteConfig(routes, path, method) {
 }
 function defaultOnDenied(result, _req, res) {
   const statusCode = result.verified ? 403 : 401;
+  res.setHeader("X-Astra-Gateway-Mode", "enforced");
   res.status(statusCode).json({
     success: false,
     error: {
       code: result.verified ? "INSUFFICIENT_ACCESS" : "UNAUTHORIZED",
       message: result.denialReasons?.[0] || "Access denied",
       accessLevel: result.accessLevel,
-      guidance: result.guidance
+      guidance: result.guidance,
+      // Round-10: aggregated per-dimension detail + correlation handle.
+      failures: result.failures,
+      correlationId: result.correlationId
     }
   });
 }
@@ -760,7 +790,7 @@ function createMiddleware(options) {
       const routeConfig = findRouteConfig(cachedRoutes, req.path, req.method);
       if (!routeConfig) {
         if (config.setPassThroughHeader) {
-          res.setHeader("X-Astra-Gateway-Mode", "pass-through");
+          res.setHeader("X-Astra-Gateway-Mode", "unenforced");
           res.setHeader(
             "X-Astra-Gateway-Reason",
             cachedRoutes.length === 0 ? "no-policy" : "no-match"
@@ -770,7 +800,7 @@ function createMiddleware(options) {
       }
       if (routeConfig.minAccessLevel === "none") {
         if (config.setPassThroughHeader) {
-          res.setHeader("X-Astra-Gateway-Mode", "pass-through");
+          res.setHeader("X-Astra-Gateway-Mode", "unenforced");
           res.setHeader("X-Astra-Gateway-Reason", "route-none");
         }
         return next();