@astrasyncai/verification-gateway 2.4.0 → 2.4.2

package/dist/local-evaluator/evaluator.d.mts

@@ -1,5 +1,5 @@
-import { L as LocalPolicy, P as PDLSSContext, V as VerificationDecision, a as LocalPurposeRule } from '../types-pU2O0BFq.mjs';
-import '../types-BVp22KkN.mjs';
+import { L as LocalPolicy, P as PDLSSContext, V as VerificationDecision, a as LocalPurposeRule } from '../types-C_e1IZdU.mjs';
+import '../types-DLai3jly.mjs';
 
 /**
  * Local PDLSS Evaluator

package/dist/local-evaluator/evaluator.d.ts

@@ -1,5 +1,5 @@
-import { L as LocalPolicy, P as PDLSSContext, V as VerificationDecision, a as LocalPurposeRule } from '../types-DVCWReEN.js';
-import '../types-BVp22KkN.js';
+import { L as LocalPolicy, P as PDLSSContext, V as VerificationDecision, a as LocalPurposeRule } from '../types-IUzu-A4u.js';
+import '../types-DLai3jly.js';
 
 /**
  * Local PDLSS Evaluator

package/dist/{nextjs-DO_4crcp.d.ts → nextjs-B4WmoiVm.d.ts}

@@ -1,6 +1,6 @@
 import * as next_server from 'next/server';
 import { NextRequest } from 'next/server';
-import { N as NextJsMiddlewareOptions } from './types-BVp22KkN.js';
+import { N as NextJsMiddlewareOptions } from './types-DLai3jly.js';
 
 /**
  * Create Next.js middleware for agent verification.

package/dist/{nextjs-BTR7Oix-.d.mts → nextjs-vUuVCaBP.d.mts}

@@ -1,6 +1,6 @@
 import * as next_server from 'next/server';
 import { NextRequest } from 'next/server';
-import { N as NextJsMiddlewareOptions } from './types-BVp22KkN.mjs';
+import { N as NextJsMiddlewareOptions } from './types-DLai3jly.mjs';
 
 /**
  * Create Next.js middleware for agent verification.

package/dist/registration/index.d.mts

@@ -9,11 +9,27 @@ interface AstraSyncConfig {
     /** secp256k1 private key for crypto signing. Used WITH apiKey or email+password. */
     privateKey?: string;
     /**
-     * Base URL for the AstraSync API.
-     * Defaults to ASTRASYNC_API_URL env or `https://astrasync.ai` (production).
-     * For staging, pass `https://staging.astrasync.ai`.
+     * Base URL for the AstraSync API. Pass the bare ORIGIN — the SDK appends
+     * `/api/agents/...` for each call.
+     *
+     * - Production: `https://astrasync.ai` (default)
+     * - Staging: `https://staging.astrasync.ai`
+     *
+     * A trailing `/api` is tolerated for compatibility with the
+     * `GatewayConfig.apiBaseUrl` convention used by the verification gateway
+     * — if you pass `https://astrasync.ai/api` the SDK strips the suffix and
+     * emits a one-time console.warn so you can fix the source.
+     *
+     * Defaults to the `ASTRASYNC_API_URL` env var, then production.
      */
     baseUrl?: string;
+    /**
+     * Suppress the one-time console.warn emitted on baseUrl normalization,
+     * deprecation, or other non-fatal SDK conditions. Default: `false`
+     * (warnings emit). Set `true` in test runners or where logs are
+     * structured.
+     */
+    silent?: boolean;
 }
 /**
  * Multi-protocol declarations the agent participates in.
@@ -93,6 +109,12 @@ interface RegisterOptions {
     name: string;
     description?: string;
     agentType?: string;
+    /**
+     * URL where your agent's verification-gateway SDK is mounted for runtime
+     * challenges. Optional — if omitted, your agent declares no runtime-challenge
+     * support and some counterparties may decline access requests. Mirrors the
+     * webUI "API endpoint" field.
+     */
     apiEndpoint?: string;
     model?: ModelConfig;
     framework?: FrameworkConfig;
@@ -101,7 +123,59 @@ interface RegisterOptions {
     metadata?: Record<string, unknown>;
     pdlss?: PDLSSConfig;
 }
-/** Response from agent registration. */
+/**
+ * Optional blocking-mode flags for `register()`. When `waitForApproval` is
+ * true and the backend returns 202 pending, the SDK polls until the request
+ * resolves (approved → returns Agent; denied/expired → throws; timeout →
+ * throws). The default is non-blocking: the SDK returns the pending result
+ * immediately and the caller handles polling itself.
+ */
+interface WaitForApprovalOptions {
+    /** Block until the request resolves. Default: false. */
+    waitForApproval?: boolean;
+    /** How long to wait in blocking mode. Default: 600_000ms (10 min). */
+    timeoutMs?: number;
+    /** Poll cadence in blocking mode. Default: 5000ms. */
+    pollIntervalMs?: number;
+    /** Called once per poll while still pending; useful for progress UX. */
+    onPending?: (event: {
+        requestId: string;
+        ageMs: number;
+    }) => void;
+}
+/**
+ * Discriminated registration result.
+ *
+ * - `active`: synchronous path (crypto-keypair signature verified, or
+ *   email+password auth). `agent` is the live record.
+ * - `pending_approval`: API-key auth path. The owner has been notified by
+ *   email and a dashboard alert. Poll `pollUrl` or call
+ *   `sdk.pollRegistration(requestId)` to track progress, or re-call
+ *   `register` with `waitForApproval: true` to block.
+ */
+type RegisterResult = {
+    status: 'active';
+    agent: AgentRecord;
+} | {
+    status: 'pending_approval';
+    requestId: string;
+    expiresAt: string;
+    pollUrl: string;
+    message?: string;
+};
+/**
+ * Response shape from `pollRegistration(requestId)` and the internal poll
+ * loop. State `pending` means still awaiting owner; the others are terminal.
+ */
+interface PollRegistrationResult {
+    state: 'pending' | 'approved' | 'denied' | 'expired';
+    agent?: AgentRecord;
+    reason?: string;
+}
+/**
+ * Response from agent registration (raw 201 body). Use {@link RegisterResult}
+ * for the consumer-facing shape returned from `sdk.register()`.
+ */
 interface RegistrationResponse {
     success: boolean;
     message: string;
@@ -109,6 +183,15 @@ interface RegistrationResponse {
         agent: AgentRecord;
     };
 }
+/** Raw 202 body — internal type, exposed via {@link RegisterResult}. */
+interface PendingRegistrationResponse {
+    success: true;
+    status: 'pending_approval';
+    requestId: string;
+    expiresAt: string;
+    pollUrl: string;
+    message?: string;
+}
 /** Agent record from the API. */
 interface AgentRecord {
     kyaAgentId: string;
@@ -175,9 +258,59 @@ declare class AstraSync {
     constructor(config?: AstraSyncConfig);
     /**
      * Register a new AI agent on the AstraSync KYA Platform.
-     * Sends full payload including model, framework, PDLSS, and metadata.
+     *
+     * The backend response depends on auth context:
+     * - **Crypto-keypair signed** (`privateKey` configured): synchronous 201,
+     *   returns `{ status: 'active', agent }`.
+     * - **API-key only** (no signature): 202 pending, returns
+     *   `{ status: 'pending_approval', requestId, pollUrl, expiresAt }`. The
+     *   owner is notified by email and a dashboard alert is emitted; the agent
+     *   becomes active only after the owner approves.
+     *
+     * Blocking mode: pass `{ waitForApproval: true }` to have the SDK poll the
+     * request until it resolves, then return the live agent record. The promise
+     * rejects with `RegistrationDeniedError`, `RegistrationExpiredError`, or
+     * `RegistrationTimeoutError` on the corresponding terminal states.
+     *
+     * @example Non-blocking (default — best for serverless / scheduled agents):
+     * ```typescript
+     * const result = await sdk.register({ name, pdlss });
+     * if (result.status === 'pending_approval') {
+     *   storeRequestId(result.requestId);
+     *   return; // function exits; resume later via pollRegistration()
+     * }
+     * ```
+     *
+     * @example Blocking (best for long-running services + CLI):
+     * ```typescript
+     * const agent = await sdk.register({
+     *   name, pdlss, waitForApproval: true, timeoutMs: 600_000,
+     *   onPending: ({ ageMs }) => console.log(`waiting ${ageMs}ms`),
+     * });
+     * ```
      */
-    register(options: RegisterOptions): Promise<RegistrationResponse>;
+    register(options: RegisterOptions & WaitForApprovalOptions): Promise<RegisterResult | AgentRecord>;
+    /**
+     * Poll the current state of a pending-approval registration request.
+     *
+     * Useful for caller-driven polling when `waitForApproval: false` (the
+     * default). The endpoint is unauthenticated — pass the `requestId` that
+     * was returned from the 202 response.
+     *
+     * @returns `state: 'pending'` while awaiting; `'approved'` carries the
+     *          minted agent in `agent`; `'denied'` may carry the owner's
+     *          `reason`; `'expired'` is terminal after 14 days.
+     */
+    pollRegistration(requestId: string): Promise<PollRegistrationResult>;
+    /**
+     * Block until a pending registration request resolves to a terminal state.
+     * Resolves to the live `AgentRecord` on approval; rejects with the matching
+     * Registration*Error on deny/expire/timeout. Usually called via
+     * `register({ waitForApproval: true })`, but exposed for callers that want
+     * to fire-and-forget the initial register call and resume waiting later
+     * (e.g. after restoring a stored `requestId` on cold start).
+     */
+    waitForApproval(requestId: string, options?: WaitForApprovalOptions): Promise<AgentRecord>;
     /**
      * Look up an agent's public profile by ASTRA ID or UUID.
      */
@@ -187,6 +320,12 @@ declare class AstraSync {
      */
     health(): Promise<HealthResponse>;
     private request;
+    /**
+     * Variant of {@link request} that also returns the HTTP status code, so
+     * callers can branch on 201 vs 202 (or other success codes) without losing
+     * type information about the response body.
+     */
+    private requestWithStatus;
     private getAuthToken;
     /**
      * Sign a request using secp256k1 (ethers.js).
@@ -214,5 +353,33 @@ declare class KYDRequiredError extends AstraSyncError {
 declare class AuthenticationError extends AstraSyncError {
     constructor(message: string);
 }
+/**
+ * Thrown by `register({ waitForApproval: true })` when the owner denies the
+ * pending registration request. The `reason` field, when present, mirrors the
+ * deny note the owner left in the dashboard.
+ */
+declare class RegistrationDeniedError extends AstraSyncError {
+    readonly requestId: string;
+    readonly reason?: string;
+    constructor(requestId: string, reason?: string);
+}
+/**
+ * Thrown by `register({ waitForApproval: true })` when the pending request
+ * passes its 14-day TTL with no owner decision. The agent must re-submit.
+ */
+declare class RegistrationExpiredError extends AstraSyncError {
+    readonly requestId: string;
+    constructor(requestId: string);
+}
+/**
+ * Thrown by `register({ waitForApproval: true })` when the caller's local
+ * `timeoutMs` elapses before the owner makes a decision. The request is still
+ * live server-side — poll `pollRegistration(requestId)` to resume waiting, or
+ * call `waitForApproval` again with a longer timeout.
+ */
+declare class RegistrationTimeoutError extends AstraSyncError {
+    readonly requestId: string;
+    constructor(requestId: string);
+}
 
-export { type AgentProtocol, type AgentRecord, AstraSync, type AstraSyncConfig, AstraSyncError, AuthenticationError, type FrameworkConfig, type HealthResponse, KYDRequiredError, type ModelConfig, type PDLSSConfig, type PDLSSDuration, type PDLSSLimits, type PDLSSPurpose, type PDLSSScope, type PDLSSSelfInstantiation, type RegisterOptions, type RegistrationResponse, type VerifyResponse };
+export { type AgentProtocol, type AgentRecord, AstraSync, type AstraSyncConfig, AstraSyncError, AuthenticationError, type FrameworkConfig, type HealthResponse, KYDRequiredError, type ModelConfig, type PDLSSConfig, type PDLSSDuration, type PDLSSLimits, type PDLSSPurpose, type PDLSSScope, type PDLSSSelfInstantiation, type PendingRegistrationResponse, type PollRegistrationResult, type RegisterOptions, type RegisterResult, RegistrationDeniedError, RegistrationExpiredError, type RegistrationResponse, RegistrationTimeoutError, type VerifyResponse, type WaitForApprovalOptions };

package/dist/registration/index.d.ts

@@ -9,11 +9,27 @@ interface AstraSyncConfig {
     /** secp256k1 private key for crypto signing. Used WITH apiKey or email+password. */
     privateKey?: string;
     /**
-     * Base URL for the AstraSync API.
-     * Defaults to ASTRASYNC_API_URL env or `https://astrasync.ai` (production).
-     * For staging, pass `https://staging.astrasync.ai`.
+     * Base URL for the AstraSync API. Pass the bare ORIGIN — the SDK appends
+     * `/api/agents/...` for each call.
+     *
+     * - Production: `https://astrasync.ai` (default)
+     * - Staging: `https://staging.astrasync.ai`
+     *
+     * A trailing `/api` is tolerated for compatibility with the
+     * `GatewayConfig.apiBaseUrl` convention used by the verification gateway
+     * — if you pass `https://astrasync.ai/api` the SDK strips the suffix and
+     * emits a one-time console.warn so you can fix the source.
+     *
+     * Defaults to the `ASTRASYNC_API_URL` env var, then production.
      */
     baseUrl?: string;
+    /**
+     * Suppress the one-time console.warn emitted on baseUrl normalization,
+     * deprecation, or other non-fatal SDK conditions. Default: `false`
+     * (warnings emit). Set `true` in test runners or where logs are
+     * structured.
+     */
+    silent?: boolean;
 }
 /**
  * Multi-protocol declarations the agent participates in.
@@ -93,6 +109,12 @@ interface RegisterOptions {
     name: string;
     description?: string;
     agentType?: string;
+    /**
+     * URL where your agent's verification-gateway SDK is mounted for runtime
+     * challenges. Optional — if omitted, your agent declares no runtime-challenge
+     * support and some counterparties may decline access requests. Mirrors the
+     * webUI "API endpoint" field.
+     */
     apiEndpoint?: string;
     model?: ModelConfig;
     framework?: FrameworkConfig;
@@ -101,7 +123,59 @@ interface RegisterOptions {
     metadata?: Record<string, unknown>;
     pdlss?: PDLSSConfig;
 }
-/** Response from agent registration. */
+/**
+ * Optional blocking-mode flags for `register()`. When `waitForApproval` is
+ * true and the backend returns 202 pending, the SDK polls until the request
+ * resolves (approved → returns Agent; denied/expired → throws; timeout →
+ * throws). The default is non-blocking: the SDK returns the pending result
+ * immediately and the caller handles polling itself.
+ */
+interface WaitForApprovalOptions {
+    /** Block until the request resolves. Default: false. */
+    waitForApproval?: boolean;
+    /** How long to wait in blocking mode. Default: 600_000ms (10 min). */
+    timeoutMs?: number;
+    /** Poll cadence in blocking mode. Default: 5000ms. */
+    pollIntervalMs?: number;
+    /** Called once per poll while still pending; useful for progress UX. */
+    onPending?: (event: {
+        requestId: string;
+        ageMs: number;
+    }) => void;
+}
+/**
+ * Discriminated registration result.
+ *
+ * - `active`: synchronous path (crypto-keypair signature verified, or
+ *   email+password auth). `agent` is the live record.
+ * - `pending_approval`: API-key auth path. The owner has been notified by
+ *   email and a dashboard alert. Poll `pollUrl` or call
+ *   `sdk.pollRegistration(requestId)` to track progress, or re-call
+ *   `register` with `waitForApproval: true` to block.
+ */
+type RegisterResult = {
+    status: 'active';
+    agent: AgentRecord;
+} | {
+    status: 'pending_approval';
+    requestId: string;
+    expiresAt: string;
+    pollUrl: string;
+    message?: string;
+};
+/**
+ * Response shape from `pollRegistration(requestId)` and the internal poll
+ * loop. State `pending` means still awaiting owner; the others are terminal.
+ */
+interface PollRegistrationResult {
+    state: 'pending' | 'approved' | 'denied' | 'expired';
+    agent?: AgentRecord;
+    reason?: string;
+}
+/**
+ * Response from agent registration (raw 201 body). Use {@link RegisterResult}
+ * for the consumer-facing shape returned from `sdk.register()`.
+ */
 interface RegistrationResponse {
     success: boolean;
     message: string;
@@ -109,6 +183,15 @@ interface RegistrationResponse {
         agent: AgentRecord;
     };
 }
+/** Raw 202 body — internal type, exposed via {@link RegisterResult}. */
+interface PendingRegistrationResponse {
+    success: true;
+    status: 'pending_approval';
+    requestId: string;
+    expiresAt: string;
+    pollUrl: string;
+    message?: string;
+}
 /** Agent record from the API. */
 interface AgentRecord {
     kyaAgentId: string;
@@ -175,9 +258,59 @@ declare class AstraSync {
     constructor(config?: AstraSyncConfig);
     /**
      * Register a new AI agent on the AstraSync KYA Platform.
-     * Sends full payload including model, framework, PDLSS, and metadata.
+     *
+     * The backend response depends on auth context:
+     * - **Crypto-keypair signed** (`privateKey` configured): synchronous 201,
+     *   returns `{ status: 'active', agent }`.
+     * - **API-key only** (no signature): 202 pending, returns
+     *   `{ status: 'pending_approval', requestId, pollUrl, expiresAt }`. The
+     *   owner is notified by email and a dashboard alert is emitted; the agent
+     *   becomes active only after the owner approves.
+     *
+     * Blocking mode: pass `{ waitForApproval: true }` to have the SDK poll the
+     * request until it resolves, then return the live agent record. The promise
+     * rejects with `RegistrationDeniedError`, `RegistrationExpiredError`, or
+     * `RegistrationTimeoutError` on the corresponding terminal states.
+     *
+     * @example Non-blocking (default — best for serverless / scheduled agents):
+     * ```typescript
+     * const result = await sdk.register({ name, pdlss });
+     * if (result.status === 'pending_approval') {
+     *   storeRequestId(result.requestId);
+     *   return; // function exits; resume later via pollRegistration()
+     * }
+     * ```
+     *
+     * @example Blocking (best for long-running services + CLI):
+     * ```typescript
+     * const agent = await sdk.register({
+     *   name, pdlss, waitForApproval: true, timeoutMs: 600_000,
+     *   onPending: ({ ageMs }) => console.log(`waiting ${ageMs}ms`),
+     * });
+     * ```
      */
-    register(options: RegisterOptions): Promise<RegistrationResponse>;
+    register(options: RegisterOptions & WaitForApprovalOptions): Promise<RegisterResult | AgentRecord>;
+    /**
+     * Poll the current state of a pending-approval registration request.
+     *
+     * Useful for caller-driven polling when `waitForApproval: false` (the
+     * default). The endpoint is unauthenticated — pass the `requestId` that
+     * was returned from the 202 response.
+     *
+     * @returns `state: 'pending'` while awaiting; `'approved'` carries the
+     *          minted agent in `agent`; `'denied'` may carry the owner's
+     *          `reason`; `'expired'` is terminal after 14 days.
+     */
+    pollRegistration(requestId: string): Promise<PollRegistrationResult>;
+    /**
+     * Block until a pending registration request resolves to a terminal state.
+     * Resolves to the live `AgentRecord` on approval; rejects with the matching
+     * Registration*Error on deny/expire/timeout. Usually called via
+     * `register({ waitForApproval: true })`, but exposed for callers that want
+     * to fire-and-forget the initial register call and resume waiting later
+     * (e.g. after restoring a stored `requestId` on cold start).
+     */
+    waitForApproval(requestId: string, options?: WaitForApprovalOptions): Promise<AgentRecord>;
     /**
      * Look up an agent's public profile by ASTRA ID or UUID.
      */
@@ -187,6 +320,12 @@ declare class AstraSync {
      */
     health(): Promise<HealthResponse>;
     private request;
+    /**
+     * Variant of {@link request} that also returns the HTTP status code, so
+     * callers can branch on 201 vs 202 (or other success codes) without losing
+     * type information about the response body.
+     */
+    private requestWithStatus;
     private getAuthToken;
     /**
      * Sign a request using secp256k1 (ethers.js).
@@ -214,5 +353,33 @@ declare class KYDRequiredError extends AstraSyncError {
 declare class AuthenticationError extends AstraSyncError {
     constructor(message: string);
 }
+/**
+ * Thrown by `register({ waitForApproval: true })` when the owner denies the
+ * pending registration request. The `reason` field, when present, mirrors the
+ * deny note the owner left in the dashboard.
+ */
+declare class RegistrationDeniedError extends AstraSyncError {
+    readonly requestId: string;
+    readonly reason?: string;
+    constructor(requestId: string, reason?: string);
+}
+/**
+ * Thrown by `register({ waitForApproval: true })` when the pending request
+ * passes its 14-day TTL with no owner decision. The agent must re-submit.
+ */
+declare class RegistrationExpiredError extends AstraSyncError {
+    readonly requestId: string;
+    constructor(requestId: string);
+}
+/**
+ * Thrown by `register({ waitForApproval: true })` when the caller's local
+ * `timeoutMs` elapses before the owner makes a decision. The request is still
+ * live server-side — poll `pollRegistration(requestId)` to resume waiting, or
+ * call `waitForApproval` again with a longer timeout.
+ */
+declare class RegistrationTimeoutError extends AstraSyncError {
+    readonly requestId: string;
+    constructor(requestId: string);
+}
 
-export { type AgentProtocol, type AgentRecord, AstraSync, type AstraSyncConfig, AstraSyncError, AuthenticationError, type FrameworkConfig, type HealthResponse, KYDRequiredError, type ModelConfig, type PDLSSConfig, type PDLSSDuration, type PDLSSLimits, type PDLSSPurpose, type PDLSSScope, type PDLSSSelfInstantiation, type RegisterOptions, type RegistrationResponse, type VerifyResponse };
+export { type AgentProtocol, type AgentRecord, AstraSync, type AstraSyncConfig, AstraSyncError, AuthenticationError, type FrameworkConfig, type HealthResponse, KYDRequiredError, type ModelConfig, type PDLSSConfig, type PDLSSDuration, type PDLSSLimits, type PDLSSPurpose, type PDLSSScope, type PDLSSSelfInstantiation, type PendingRegistrationResponse, type PollRegistrationResult, type RegisterOptions, type RegisterResult, RegistrationDeniedError, RegistrationExpiredError, type RegistrationResponse, RegistrationTimeoutError, type VerifyResponse, type WaitForApprovalOptions };