@astrasyncai/verification-gateway 2.4.14 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -3305,6 +3305,13 @@ function getTrustLevel(score) {
3305
3305
  // src/version.ts
3306
3306
  var SDK_VERSION = "2.4.13";
3307
3307
 
3308
+ // src/well-known.ts
3309
+ var CACHE_TTL_MS = 60 * 60 * 1e3;
3310
+ var cache = /* @__PURE__ */ new Map();
3311
+ function getCachedWellKnownUrls(apiBaseUrl) {
3312
+ return cache.get(apiBaseUrl)?.data;
3313
+ }
3314
+
3308
3315
  // src/verify.ts
3309
3316
  var DEFAULT_CONFIG = {
3310
3317
  apiBaseUrl: "https://astrasync.ai/api",
@@ -3406,21 +3413,22 @@ function cacheResult(request, result, configuredTtl) {
3406
3413
  expiresAt: Date.now() + ttlSeconds * 1e3
3407
3414
  });
3408
3415
  }
3409
- function createGuidanceResponse(config, reason, options = {}) {
3416
+ function createGuidanceResponse(_config, reason, options = {}) {
3410
3417
  const source = options.source ?? "no_credentials";
3411
3418
  const isApiError = source === "api_error";
3419
+ const urls = options.urls;
3412
3420
  const guidance = isApiError ? {
3413
3421
  message: "Verification is temporarily unavailable. Retry with exponential backoff; if the issue persists, contact support with the correlationId.",
3414
- registrationUrl: `${config.apiBaseUrl.replace("/api", "")}/agents/register`,
3415
- documentationUrl: `${config.apiBaseUrl.replace("/api", "")}/docs/agent-access`,
3422
+ registrationUrl: urls?.registrationUrl ?? "",
3423
+ documentationUrl: urls?.documentationUrl ?? "",
3416
3424
  steps: [
3417
3425
  "Retry the request with exponential backoff",
3418
3426
  "If failures persist, share the correlationId with support"
3419
3427
  ]
3420
3428
  } : {
3421
3429
  message: "This service verifies AI agents before granting access. Please register your agent with AstraSync.",
3422
- registrationUrl: `${config.apiBaseUrl.replace("/api", "")}/agents/register`,
3423
- documentationUrl: `${config.apiBaseUrl.replace("/api", "")}/docs/agent-access`,
3430
+ registrationUrl: urls?.registrationUrl ?? "",
3431
+ documentationUrl: urls?.documentationUrl ?? "",
3424
3432
  steps: [
3425
3433
  "Register for an AstraSync account",
3426
3434
  "Create and register your agent",
@@ -3462,7 +3470,7 @@ async function callVerifyAccessAPI(config, request) {
3462
3470
  const { credentials, ...requestData } = request;
3463
3471
  const body = {
3464
3472
  ...credentials.astraId && { agentId: credentials.astraId },
3465
- purpose: requestData.purpose || "general"
3473
+ ...requestData.purpose && { purpose: requestData.purpose }
3466
3474
  };
3467
3475
  if (requestData.action) body.action = requestData.action;
3468
3476
  if (requestData.resourceType) body.resourceType = requestData.resourceType;
@@ -3542,6 +3550,7 @@ async function callVerifyAccessAPI(config, request) {
3542
3550
  }
3543
3551
  async function verify(config, request) {
3544
3552
  const mergedConfig = { ...DEFAULT_CONFIG, ...config };
3553
+ const urls = mergedConfig.apiBaseUrl ? getCachedWellKnownUrls(mergedConfig.apiBaseUrl) : void 0;
3545
3554
  if (!initCheckPerformed && !mergedConfig.disableInitChecks && mergedConfig.apiBaseUrl) {
3546
3555
  if (mergedConfig.strictInit) {
3547
3556
  await performInitCheck(mergedConfig.apiBaseUrl, mergedConfig.debug, true);
@@ -3578,7 +3587,8 @@ async function verify(config, request) {
3578
3587
  if (!apiResponse.success) {
3579
3588
  return createGuidanceResponse(mergedConfig, apiResponse.error, {
3580
3589
  source: "api_error",
3581
- correlationId: apiResponse.correlationId
3590
+ correlationId: apiResponse.correlationId,
3591
+ urls
3582
3592
  });
3583
3593
  }
3584
3594
  if (!apiResponse.access?.allowed) {
@@ -3601,8 +3611,8 @@ async function verify(config, request) {
3601
3611
  requiresApproval: apiResponse.access?.requiresApproval,
3602
3612
  guidance: {
3603
3613
  message: apiResponse.access?.reason || "Access denied by PDLSS policy",
3604
- registrationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/agents/register`,
3605
- documentationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/docs/pdlss`
3614
+ registrationUrl: urls?.registrationUrl ?? "",
3615
+ documentationUrl: urls?.documentationUrl ?? ""
3606
3616
  },
3607
3617
  verifiedAt: /* @__PURE__ */ new Date(),
3608
3618
  // Extract sessionId so decisions can be recorded for denials too
@@ -3673,12 +3683,12 @@ async function verify(config, request) {
3673
3683
  ];
3674
3684
  result.guidance = result.runtimeChallenge ? {
3675
3685
  message: `Verification failed: ${result.runtimeChallenge.reason || "runtime challenge failed"}`,
3676
- registrationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/agents/register`,
3677
- documentationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/docs/runtime-challenge`
3686
+ registrationUrl: urls?.registrationUrl ?? "",
3687
+ documentationUrl: urls?.documentationUrl ?? ""
3678
3688
  } : {
3679
3689
  message: result.recommendationReasons?.[0] || "Access denied by AstraSync recommendation",
3680
- registrationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/agents/register`,
3681
- documentationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/docs/pdlss`
3690
+ registrationUrl: urls?.registrationUrl ?? "",
3691
+ documentationUrl: urls?.documentationUrl ?? ""
3682
3692
  };
3683
3693
  } else if (result.recommendation === "step_up_required") {
3684
3694
  result.requiresStepUp = true;