@astrasyncai/verification-gateway 2.4.10 → 2.4.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/dist/adapters/express.js +9 -20
  2. package/dist/adapters/express.js.map +1 -1
  3. package/dist/adapters/express.mjs +9 -20
  4. package/dist/adapters/express.mjs.map +1 -1
  5. package/dist/adapters/mcp.js +1 -1
  6. package/dist/adapters/mcp.js.map +1 -1
  7. package/dist/adapters/mcp.mjs +1 -1
  8. package/dist/adapters/mcp.mjs.map +1 -1
  9. package/dist/adapters/nextjs.js +9 -20
  10. package/dist/adapters/nextjs.js.map +1 -1
  11. package/dist/adapters/nextjs.mjs +9 -20
  12. package/dist/adapters/nextjs.mjs.map +1 -1
  13. package/dist/adapters/sdk.js +1 -1
  14. package/dist/adapters/sdk.js.map +1 -1
  15. package/dist/adapters/sdk.mjs +1 -1
  16. package/dist/adapters/sdk.mjs.map +1 -1
  17. package/dist/browser/background.js +1 -1
  18. package/dist/browser/background.js.map +1 -1
  19. package/dist/browser/background.mjs +1 -1
  20. package/dist/browser/background.mjs.map +1 -1
  21. package/dist/cursor/extension.js +1 -1
  22. package/dist/cursor/extension.js.map +1 -1
  23. package/dist/cursor/extension.mjs +1 -1
  24. package/dist/cursor/extension.mjs.map +1 -1
  25. package/dist/gateway/gateway.js +1 -1
  26. package/dist/gateway/gateway.js.map +1 -1
  27. package/dist/gateway/gateway.mjs +1 -1
  28. package/dist/gateway/gateway.mjs.map +1 -1
  29. package/dist/index.js +13 -21
  30. package/dist/index.js.map +1 -1
  31. package/dist/index.mjs +13 -21
  32. package/dist/index.mjs.map +1 -1
  33. package/package.json +1 -1
package/dist/index.mjs CHANGED
@@ -126,7 +126,7 @@ function getCapabilities(accessLevel) {
126
126
  }
127
127
 
128
128
  // src/version.ts
129
- var SDK_VERSION = "2.4.10";
129
+ var SDK_VERSION = "2.4.12";
130
130
 
131
131
  // src/verify.ts
132
132
  var DEFAULT_CONFIG = {
@@ -679,15 +679,8 @@ function extractHttpCredentials(headers) {
679
679
  // src/pdlss-pre-check.ts
680
680
  function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
681
681
  const failures = [];
682
- if (purpose) {
683
- if (!routeConfig.allowedPurposes || routeConfig.allowedPurposes.length === 0) {
684
- failures.push({
685
- field: "purpose",
686
- requested: purpose,
687
- limit: [],
688
- message: `Purpose "${purpose}" not allowed: route declares no allowedPurposes. The endpoint owner must enumerate allowedPurposes on the route config to authorise specific purposes.`
689
- });
690
- } else if (!routeConfig.allowedPurposes.includes(purpose)) {
682
+ if (routeConfig.allowedPurposes && routeConfig.allowedPurposes.length > 0 && purpose) {
683
+ if (!routeConfig.allowedPurposes.includes(purpose)) {
691
684
  failures.push({
692
685
  field: "purpose",
693
686
  requested: purpose,
@@ -717,16 +710,9 @@ function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
717
710
  });
718
711
  }
719
712
  }
720
- if (astraCreds?.pdlss?.scope?.jurisdiction) {
713
+ if (routeConfig.allowedJurisdictions && routeConfig.allowedJurisdictions.length > 0 && astraCreds?.pdlss?.scope?.jurisdiction) {
721
714
  const requested = astraCreds.pdlss.scope.jurisdiction;
722
- if (!routeConfig.allowedJurisdictions || routeConfig.allowedJurisdictions.length === 0) {
723
- failures.push({
724
- field: "jurisdiction",
725
- requested,
726
- limit: [],
727
- message: `Jurisdiction "${requested}" not allowed: route declares no allowedJurisdictions. The endpoint owner must enumerate allowedJurisdictions on the route config to authorise specific jurisdictions.`
728
- });
729
- } else if (!routeConfig.allowedJurisdictions.includes(requested)) {
715
+ if (!routeConfig.allowedJurisdictions.includes(requested)) {
730
716
  failures.push({
731
717
  field: "jurisdiction",
732
718
  requested,
@@ -920,7 +906,10 @@ function createMiddleware(options) {
920
906
  const result = await verify(config, {
921
907
  credentials,
922
908
  purpose,
923
- action: req.method.toLowerCase(),
909
+ // RFC 7230 § 3.1.1 — HTTP method tokens uppercase by IANA convention.
910
+ // Backend evaluator tolerates either case as defense-in-depth
911
+ // (round-18.6 batch 2); SDK emits canonical form.
912
+ action: req.method.toUpperCase(),
924
913
  resource: req.path,
925
914
  createSession: shouldRecordDecisions,
926
915
  counterpartyUrl,
@@ -1338,7 +1327,10 @@ function createMiddleware2(options) {
1338
1327
  const result = await verify(config, {
1339
1328
  credentials,
1340
1329
  purpose,
1341
- action: request.method.toLowerCase(),
1330
+ // RFC 7230 § 3.1.1 — HTTP method tokens uppercase by IANA convention.
1331
+ // Backend evaluator tolerates either case as defense-in-depth
1332
+ // (round-18.6 batch 2); SDK emits canonical form.
1333
+ action: request.method.toUpperCase(),
1342
1334
  resource: pathname,
1343
1335
  counterpartyUrl,
1344
1336
  counterpartyType: config.counterpartyType || "website",