@astrasyncai/verification-gateway 2.4.11 → 2.4.14

package/dist/git-trigger/git-hooks.d.mts

@@ -1,6 +1,6 @@
 import { AstraSyncGateway } from '../gateway/gateway.mjs';
-import { V as VerificationDecision, P as PDLSSContext } from '../types-DNK2BgIf.mjs';
-import '../types-L15pYd2c.mjs';
+import { V as VerificationDecision, P as PDLSSContext } from '../types-CgDCUfo8.mjs';
+import '../types-B3USs-Kx.mjs';
 
 /**
  * Git Trigger — Enterprise git push / PR verification

package/dist/git-trigger/git-hooks.d.ts

@@ -1,6 +1,6 @@
 import { AstraSyncGateway } from '../gateway/gateway.js';
-import { V as VerificationDecision, P as PDLSSContext } from '../types-DoWIuzfj.js';
-import '../types-L15pYd2c.js';
+import { V as VerificationDecision, P as PDLSSContext } from '../types-R5N4ET6x.js';
+import '../types-B3USs-Kx.js';
 
 /**
  * Git Trigger — Enterprise git push / PR verification

package/dist/{index-ChPX4WHl.d.mts → index-B5e2IDWU.d.mts}

@@ -1,4 +1,4 @@
-import { b as AstraSyncCredentials, f as ProtocolTransport, G as GatewayConfig } from './types-L15pYd2c.mjs';
+import { b as AstraSyncCredentials, f as ProtocolTransport, G as GatewayConfig } from './types-B3USs-Kx.mjs';
 
 /**
  * AgentClient — Credential Presentation

package/dist/{index-CzJMCgEy.d.ts → index-CCdZxvAr.d.ts}

@@ -1,4 +1,4 @@
-import { b as AstraSyncCredentials, f as ProtocolTransport } from './types-L15pYd2c.js';
+import { b as AstraSyncCredentials, f as ProtocolTransport } from './types-B3USs-Kx.js';
 import { JWK } from 'jose';
 
 /**
@@ -207,6 +207,37 @@ interface ResolveContext {
     algorithm?: string;
 }
 
+/**
+ * Shared nonce/signature replay-protection store for transport verifiers.
+ *
+ * Audit F-A1-05: every transport-signature verifier (RFC9421, VI, AP2, ACP,
+ * MPP) validates a created/expires window but none consult a seen-nonce
+ * cache. Any captured signed request can be replayed within the (default
+ * 300s, now tightened to 60s) tolerance window.
+ *
+ * This module ships a bounded in-memory LRU as the default. Production
+ * deployments with multi-pod horizontal scaling SHOULD pass a shared store
+ * (Redis-backed) via the verifier options to make replay protection global
+ * rather than per-pod.
+ *
+ * The store interface is intentionally minimal: a single `seen(key,
+ * expiresAt)` method that returns true iff the key was already recorded
+ * (i.e. caller should reject as a replay). Callers compose the key from
+ * whichever identifiers are unique to the signature (kid + nonce + sig
+ * digest, typically).
+ */
+interface NonceStore {
+    /**
+     * Record `key` as seen. Returns true iff the key was ALREADY present —
+     * i.e. caller should reject the request as a replay. Returns false on
+     * first sighting (caller should proceed).
+     *
+     * `expiresAtMs` is a hint for the store to evict entries that can no
+     * longer cause harm (their signature window has elapsed).
+     */
+    seen(key: string, expiresAtMs: number): boolean;
+}
+
 /**
  * RFC 9421 HTTP Message Signatures verification.
  *
@@ -229,10 +260,12 @@ interface RFC9421VerifyRequest {
 }
 interface RFC9421VerifyOptions {
     resolver: RegistryResolver;
-    /** Seconds of tolerance around created/expires. Default 300. */
+    /** Seconds of tolerance around created/expires. Default 60 (audit F-A1-05 tightening from 300). */
     clockSkewSec?: number;
     /** Injectable for deterministic tests. */
     now?: () => number;
+    /** Optional replay-protection store. Defaults to in-process LRU. Audit F-A1-05. */
+    nonceStore?: NonceStore;
 }
 interface RFC9421VerifyResult {
     ok: boolean;
@@ -684,8 +717,19 @@ declare function extractAP2Mandates(input: AP2MandateTripleInput): AP2MandateTri
 
 interface AP2VerifyInput {
     triple: AP2MandateTriple;
+    /**
+     * Clock skew tolerance in seconds for expiry checks. Default 60s (audit
+     * F-A1-05 tightening from the previous 300s default).
+     */
     clockSkewSec?: number;
     now?: () => number;
+    /**
+     * Optional replay-protection store. Defaults to in-process LRU. When the
+     * payment mandate carries an id, this verifier registers it as seen so
+     * the same payment mandate replayed within the expiry window is rejected.
+     * Audit F-A1-05.
+     */
+    nonceStore?: NonceStore;
 }
 interface AP2ChainResult {
     ok: boolean;
@@ -732,10 +776,12 @@ interface ACPVerifyInput {
         jwk: JWK;
         alg?: ACPSignatureAlgorithm | string;
     }>;
-    /** Clock skew tolerance in seconds (default 300). */
+    /** Clock skew tolerance in seconds (default 60, audit F-A1-05 tightening from 300). */
     clockSkewSec?: number;
     /** Injectable now for tests. */
     now?: () => number;
+    /** Optional replay-protection store. Defaults to in-process LRU. Audit F-A1-05. */
+    nonceStore?: NonceStore;
 }
 interface ACPVerifyResult {
     ok: boolean;
@@ -867,10 +913,12 @@ interface MPPVerifyInput {
     context: MPPRequestContext;
     /** Raw request body to validate BodyDigest against, if the challenge declares one. */
     rawBody?: string;
-    /** Seconds of clock-skew tolerance on challenge.expires. Default 300. */
+    /** Seconds of clock-skew tolerance on challenge.expires. Default 60 (audit F-A1-05). */
     clockSkewSec?: number;
     /** Injectable for deterministic tests. */
     now?: () => number;
+    /** Optional replay-protection store. Defaults to in-process LRU. Audit F-A1-05. */
+    nonceStore?: NonceStore;
 }
 interface MPPVerifyResult {
     ok: boolean;
@@ -994,8 +1042,11 @@ interface VILayer {
 }
 interface VIVerifyInput {
     /**
-     * Layers in chain order. L1 may be omitted when the caller has already
-     * resolved the chain via a trusted wallet binding.
+     * Layers in chain order. L1 is REQUIRED by default (audit F-A1-02) —
+     * without L1 there is no chain root and L2 can be verified against any
+     * attacker-supplied key. Callers who have resolved L2's signing key by
+     * a trusted out-of-band mechanism (wallet binding, prior protocol step)
+     * MUST set `allowUnboundChain: true` AND supply `expectedL2Key`.
      */
     layers: {
         l1?: VILayer;
@@ -1010,8 +1061,22 @@ interface VIVerifyInput {
      * JWKS per `iss` claim).
      */
     verifySignature: (layer: VILayer, expectedKey: JWK | null) => Promise<boolean>;
+    /**
+     * Clock skew tolerance in seconds for expiry checks. Default 60s (audit
+     * F-A1-05 tightening from the previous 300s default).
+     */
     clockSkewSec?: number;
     now?: () => number;
+    /**
+     * Explicit opt-in to verify a chain with L1 omitted. Audit F-A1-02 fix
+     * — defaults to false. When true, `expectedL2Key` MUST also be supplied
+     * (used as the expected signing key for L2 verification).
+     */
+    allowUnboundChain?: boolean;
+    /** Required when allowUnboundChain === true. */
+    expectedL2Key?: JWK;
+    /** Optional replay-protection store. Defaults to in-process LRU. */
+    nonceStore?: NonceStore;
 }
 interface VIVerifyResult {
     ok: boolean;

package/dist/{index-D8IEntil.d.mts → index-CEg_WG6y.d.mts}

@@ -1,4 +1,4 @@
-import { b as AstraSyncCredentials, f as ProtocolTransport } from './types-L15pYd2c.mjs';
+import { b as AstraSyncCredentials, f as ProtocolTransport } from './types-B3USs-Kx.mjs';
 import { JWK } from 'jose';
 
 /**
@@ -207,6 +207,37 @@ interface ResolveContext {
     algorithm?: string;
 }
 
+/**
+ * Shared nonce/signature replay-protection store for transport verifiers.
+ *
+ * Audit F-A1-05: every transport-signature verifier (RFC9421, VI, AP2, ACP,
+ * MPP) validates a created/expires window but none consult a seen-nonce
+ * cache. Any captured signed request can be replayed within the (default
+ * 300s, now tightened to 60s) tolerance window.
+ *
+ * This module ships a bounded in-memory LRU as the default. Production
+ * deployments with multi-pod horizontal scaling SHOULD pass a shared store
+ * (Redis-backed) via the verifier options to make replay protection global
+ * rather than per-pod.
+ *
+ * The store interface is intentionally minimal: a single `seen(key,
+ * expiresAt)` method that returns true iff the key was already recorded
+ * (i.e. caller should reject as a replay). Callers compose the key from
+ * whichever identifiers are unique to the signature (kid + nonce + sig
+ * digest, typically).
+ */
+interface NonceStore {
+    /**
+     * Record `key` as seen. Returns true iff the key was ALREADY present —
+     * i.e. caller should reject the request as a replay. Returns false on
+     * first sighting (caller should proceed).
+     *
+     * `expiresAtMs` is a hint for the store to evict entries that can no
+     * longer cause harm (their signature window has elapsed).
+     */
+    seen(key: string, expiresAtMs: number): boolean;
+}
+
 /**
  * RFC 9421 HTTP Message Signatures verification.
  *
@@ -229,10 +260,12 @@ interface RFC9421VerifyRequest {
 }
 interface RFC9421VerifyOptions {
     resolver: RegistryResolver;
-    /** Seconds of tolerance around created/expires. Default 300. */
+    /** Seconds of tolerance around created/expires. Default 60 (audit F-A1-05 tightening from 300). */
     clockSkewSec?: number;
     /** Injectable for deterministic tests. */
     now?: () => number;
+    /** Optional replay-protection store. Defaults to in-process LRU. Audit F-A1-05. */
+    nonceStore?: NonceStore;
 }
 interface RFC9421VerifyResult {
     ok: boolean;
@@ -684,8 +717,19 @@ declare function extractAP2Mandates(input: AP2MandateTripleInput): AP2MandateTri
 
 interface AP2VerifyInput {
     triple: AP2MandateTriple;
+    /**
+     * Clock skew tolerance in seconds for expiry checks. Default 60s (audit
+     * F-A1-05 tightening from the previous 300s default).
+     */
     clockSkewSec?: number;
     now?: () => number;
+    /**
+     * Optional replay-protection store. Defaults to in-process LRU. When the
+     * payment mandate carries an id, this verifier registers it as seen so
+     * the same payment mandate replayed within the expiry window is rejected.
+     * Audit F-A1-05.
+     */
+    nonceStore?: NonceStore;
 }
 interface AP2ChainResult {
     ok: boolean;
@@ -732,10 +776,12 @@ interface ACPVerifyInput {
         jwk: JWK;
         alg?: ACPSignatureAlgorithm | string;
     }>;
-    /** Clock skew tolerance in seconds (default 300). */
+    /** Clock skew tolerance in seconds (default 60, audit F-A1-05 tightening from 300). */
     clockSkewSec?: number;
     /** Injectable now for tests. */
     now?: () => number;
+    /** Optional replay-protection store. Defaults to in-process LRU. Audit F-A1-05. */
+    nonceStore?: NonceStore;
 }
 interface ACPVerifyResult {
     ok: boolean;
@@ -867,10 +913,12 @@ interface MPPVerifyInput {
     context: MPPRequestContext;
     /** Raw request body to validate BodyDigest against, if the challenge declares one. */
     rawBody?: string;
-    /** Seconds of clock-skew tolerance on challenge.expires. Default 300. */
+    /** Seconds of clock-skew tolerance on challenge.expires. Default 60 (audit F-A1-05). */
     clockSkewSec?: number;
     /** Injectable for deterministic tests. */
     now?: () => number;
+    /** Optional replay-protection store. Defaults to in-process LRU. Audit F-A1-05. */
+    nonceStore?: NonceStore;
 }
 interface MPPVerifyResult {
     ok: boolean;
@@ -994,8 +1042,11 @@ interface VILayer {
 }
 interface VIVerifyInput {
     /**
-     * Layers in chain order. L1 may be omitted when the caller has already
-     * resolved the chain via a trusted wallet binding.
+     * Layers in chain order. L1 is REQUIRED by default (audit F-A1-02) —
+     * without L1 there is no chain root and L2 can be verified against any
+     * attacker-supplied key. Callers who have resolved L2's signing key by
+     * a trusted out-of-band mechanism (wallet binding, prior protocol step)
+     * MUST set `allowUnboundChain: true` AND supply `expectedL2Key`.
      */
     layers: {
         l1?: VILayer;
@@ -1010,8 +1061,22 @@ interface VIVerifyInput {
      * JWKS per `iss` claim).
      */
     verifySignature: (layer: VILayer, expectedKey: JWK | null) => Promise<boolean>;
+    /**
+     * Clock skew tolerance in seconds for expiry checks. Default 60s (audit
+     * F-A1-05 tightening from the previous 300s default).
+     */
     clockSkewSec?: number;
     now?: () => number;
+    /**
+     * Explicit opt-in to verify a chain with L1 omitted. Audit F-A1-02 fix
+     * — defaults to false. When true, `expectedL2Key` MUST also be supplied
+     * (used as the expected signing key for L2 verification).
+     */
+    allowUnboundChain?: boolean;
+    /** Required when allowUnboundChain === true. */
+    expectedL2Key?: JWK;
+    /** Optional replay-protection store. Defaults to in-process LRU. */
+    nonceStore?: NonceStore;
 }
 interface VIVerifyResult {
     ok: boolean;

package/dist/{index-Cjm-zBeZ.d.ts → index-DC5f8eoQ.d.ts}

@@ -1,4 +1,4 @@
-import { b as AstraSyncCredentials, f as ProtocolTransport, G as GatewayConfig } from './types-L15pYd2c.js';
+import { b as AstraSyncCredentials, f as ProtocolTransport, G as GatewayConfig } from './types-B3USs-Kx.js';
 
 /**
  * AgentClient — Credential Presentation

package/dist/index.d.mts

@@ -1,12 +1,12 @@
-import { a as AgentCredentials, G as GatewayConfig, A as AccessLevel, V as VerificationRequest, i as VerificationResult } from './types-L15pYd2c.mjs';
-export { b as AstraSyncCredentials, C as CommerceShieldProps, c as CounterpartyType, E as EnhancedVerificationResult, d as ExpressMiddlewareOptions, e as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, f as ProtocolTransport, R as RouteAccessConfig, g as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, h as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-L15pYd2c.mjs';
-export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-Chhz-FcT.mjs';
-export { e as express } from './express-4WStX3PV.mjs';
-export { n as nextjs } from './nextjs-CjzHdaXA.mjs';
-export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-D8IEntil.mjs';
+import { a as AgentCredentials, G as GatewayConfig, A as AccessLevel, V as VerificationRequest, i as VerificationResult } from './types-B3USs-Kx.mjs';
+export { b as AstraSyncCredentials, C as CommerceShieldProps, c as CounterpartyType, E as EnhancedVerificationResult, d as ExpressMiddlewareOptions, e as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, f as ProtocolTransport, R as RouteAccessConfig, g as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, h as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-B3USs-Kx.mjs';
+export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-5U_CBRpr.mjs';
+export { e as express } from './express-ienhAXps.mjs';
+export { n as nextjs } from './nextjs-DSpisQst.mjs';
+export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-CEg_WG6y.mjs';
 export { McpMiddlewareOptions, createMcpMiddleware } from './adapters/mcp.mjs';
 export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, BuildGuidanceParams, FrameworkConfig, GuidanceEnvelope, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions, buildGuidance } from './registration/index.mjs';
-export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-ChPX4WHl.mjs';
+export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-B5e2IDWU.mjs';
 import 'express';
 import 'next/server';
 import 'jose';

package/dist/index.d.ts

@@ -1,12 +1,12 @@
-import { a as AgentCredentials, G as GatewayConfig, A as AccessLevel, V as VerificationRequest, i as VerificationResult } from './types-L15pYd2c.js';
-export { b as AstraSyncCredentials, C as CommerceShieldProps, c as CounterpartyType, E as EnhancedVerificationResult, d as ExpressMiddlewareOptions, e as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, f as ProtocolTransport, R as RouteAccessConfig, g as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, h as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-L15pYd2c.js';
-export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-CqTEQAc6.js';
-export { e as express } from './express-C1ePFB7n.js';
-export { n as nextjs } from './nextjs-BIORS__0.js';
-export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-CzJMCgEy.js';
+import { a as AgentCredentials, G as GatewayConfig, A as AccessLevel, V as VerificationRequest, i as VerificationResult } from './types-B3USs-Kx.js';
+export { b as AstraSyncCredentials, C as CommerceShieldProps, c as CounterpartyType, E as EnhancedVerificationResult, d as ExpressMiddlewareOptions, e as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, f as ProtocolTransport, R as RouteAccessConfig, g as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, h as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-B3USs-Kx.js';
+export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-Bm8np66n.js';
+export { e as express } from './express-CrfwoNAR.js';
+export { n as nextjs } from './nextjs-66R1KW8e.js';
+export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-CCdZxvAr.js';
 export { McpMiddlewareOptions, createMcpMiddleware } from './adapters/mcp.js';
 export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, BuildGuidanceParams, FrameworkConfig, GuidanceEnvelope, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions, buildGuidance } from './registration/index.js';
-export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-Cjm-zBeZ.js';
+export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-DC5f8eoQ.js';
 import 'express';
 import 'next/server';
 import 'jose';