@astrasyncai/verification-gateway 2.4.10 → 2.4.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/dist/adapters/express.js +9 -20
  2. package/dist/adapters/express.js.map +1 -1
  3. package/dist/adapters/express.mjs +9 -20
  4. package/dist/adapters/express.mjs.map +1 -1
  5. package/dist/adapters/mcp.js +1 -1
  6. package/dist/adapters/mcp.js.map +1 -1
  7. package/dist/adapters/mcp.mjs +1 -1
  8. package/dist/adapters/mcp.mjs.map +1 -1
  9. package/dist/adapters/nextjs.js +9 -20
  10. package/dist/adapters/nextjs.js.map +1 -1
  11. package/dist/adapters/nextjs.mjs +9 -20
  12. package/dist/adapters/nextjs.mjs.map +1 -1
  13. package/dist/adapters/sdk.js +1 -1
  14. package/dist/adapters/sdk.js.map +1 -1
  15. package/dist/adapters/sdk.mjs +1 -1
  16. package/dist/adapters/sdk.mjs.map +1 -1
  17. package/dist/browser/background.js +1 -1
  18. package/dist/browser/background.js.map +1 -1
  19. package/dist/browser/background.mjs +1 -1
  20. package/dist/browser/background.mjs.map +1 -1
  21. package/dist/cursor/extension.js +1 -1
  22. package/dist/cursor/extension.js.map +1 -1
  23. package/dist/cursor/extension.mjs +1 -1
  24. package/dist/cursor/extension.mjs.map +1 -1
  25. package/dist/gateway/gateway.js +1 -1
  26. package/dist/gateway/gateway.js.map +1 -1
  27. package/dist/gateway/gateway.mjs +1 -1
  28. package/dist/gateway/gateway.mjs.map +1 -1
  29. package/dist/index.js +13 -21
  30. package/dist/index.js.map +1 -1
  31. package/dist/index.mjs +13 -21
  32. package/dist/index.mjs.map +1 -1
  33. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -189,7 +189,7 @@ function getCapabilities(accessLevel) {
189
189
  }
190
190
 
191
191
  // src/version.ts
192
- var SDK_VERSION = "2.4.10";
192
+ var SDK_VERSION = "2.4.12";
193
193
 
194
194
  // src/verify.ts
195
195
  var DEFAULT_CONFIG = {
@@ -742,15 +742,8 @@ function extractHttpCredentials(headers) {
742
742
  // src/pdlss-pre-check.ts
743
743
  function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
744
744
  const failures = [];
745
- if (purpose) {
746
- if (!routeConfig.allowedPurposes || routeConfig.allowedPurposes.length === 0) {
747
- failures.push({
748
- field: "purpose",
749
- requested: purpose,
750
- limit: [],
751
- message: `Purpose "${purpose}" not allowed: route declares no allowedPurposes. The endpoint owner must enumerate allowedPurposes on the route config to authorise specific purposes.`
752
- });
753
- } else if (!routeConfig.allowedPurposes.includes(purpose)) {
745
+ if (routeConfig.allowedPurposes && routeConfig.allowedPurposes.length > 0 && purpose) {
746
+ if (!routeConfig.allowedPurposes.includes(purpose)) {
754
747
  failures.push({
755
748
  field: "purpose",
756
749
  requested: purpose,
@@ -780,16 +773,9 @@ function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
780
773
  });
781
774
  }
782
775
  }
783
- if (astraCreds?.pdlss?.scope?.jurisdiction) {
776
+ if (routeConfig.allowedJurisdictions && routeConfig.allowedJurisdictions.length > 0 && astraCreds?.pdlss?.scope?.jurisdiction) {
784
777
  const requested = astraCreds.pdlss.scope.jurisdiction;
785
- if (!routeConfig.allowedJurisdictions || routeConfig.allowedJurisdictions.length === 0) {
786
- failures.push({
787
- field: "jurisdiction",
788
- requested,
789
- limit: [],
790
- message: `Jurisdiction "${requested}" not allowed: route declares no allowedJurisdictions. The endpoint owner must enumerate allowedJurisdictions on the route config to authorise specific jurisdictions.`
791
- });
792
- } else if (!routeConfig.allowedJurisdictions.includes(requested)) {
778
+ if (!routeConfig.allowedJurisdictions.includes(requested)) {
793
779
  failures.push({
794
780
  field: "jurisdiction",
795
781
  requested,
@@ -983,7 +969,10 @@ function createMiddleware(options) {
983
969
  const result = await verify(config, {
984
970
  credentials,
985
971
  purpose,
986
- action: req.method.toLowerCase(),
972
+ // RFC 7230 § 3.1.1 — HTTP method tokens uppercase by IANA convention.
973
+ // Backend evaluator tolerates either case as defense-in-depth
974
+ // (round-18.6 batch 2); SDK emits canonical form.
975
+ action: req.method.toUpperCase(),
987
976
  resource: req.path,
988
977
  createSession: shouldRecordDecisions,
989
978
  counterpartyUrl,
@@ -1401,7 +1390,10 @@ function createMiddleware2(options) {
1401
1390
  const result = await verify(config, {
1402
1391
  credentials,
1403
1392
  purpose,
1404
- action: request.method.toLowerCase(),
1393
+ // RFC 7230 § 3.1.1 — HTTP method tokens uppercase by IANA convention.
1394
+ // Backend evaluator tolerates either case as defense-in-depth
1395
+ // (round-18.6 batch 2); SDK emits canonical form.
1396
+ action: request.method.toUpperCase(),
1405
1397
  resource: pathname,
1406
1398
  counterpartyUrl,
1407
1399
  counterpartyType: config.counterpartyType || "website",