@astrasyncai/verification-gateway 2.4.14 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -3067,6 +3067,13 @@ function getTrustLevel(score) {
3067
3067
  // src/version.ts
3068
3068
  var SDK_VERSION = "2.4.13";
3069
3069
 
3070
+ // src/well-known.ts
3071
+ var CACHE_TTL_MS = 60 * 60 * 1e3;
3072
+ var cache = /* @__PURE__ */ new Map();
3073
+ function getCachedWellKnownUrls(apiBaseUrl) {
3074
+ return cache.get(apiBaseUrl)?.data;
3075
+ }
3076
+
3070
3077
  // src/verify.ts
3071
3078
  var DEFAULT_CONFIG = {
3072
3079
  apiBaseUrl: "https://astrasync.ai/api",
@@ -3168,21 +3175,22 @@ function cacheResult(request, result, configuredTtl) {
3168
3175
  expiresAt: Date.now() + ttlSeconds * 1e3
3169
3176
  });
3170
3177
  }
3171
- function createGuidanceResponse(config, reason, options = {}) {
3178
+ function createGuidanceResponse(_config, reason, options = {}) {
3172
3179
  const source = options.source ?? "no_credentials";
3173
3180
  const isApiError = source === "api_error";
3181
+ const urls = options.urls;
3174
3182
  const guidance = isApiError ? {
3175
3183
  message: "Verification is temporarily unavailable. Retry with exponential backoff; if the issue persists, contact support with the correlationId.",
3176
- registrationUrl: `${config.apiBaseUrl.replace("/api", "")}/agents/register`,
3177
- documentationUrl: `${config.apiBaseUrl.replace("/api", "")}/docs/agent-access`,
3184
+ registrationUrl: urls?.registrationUrl ?? "",
3185
+ documentationUrl: urls?.documentationUrl ?? "",
3178
3186
  steps: [
3179
3187
  "Retry the request with exponential backoff",
3180
3188
  "If failures persist, share the correlationId with support"
3181
3189
  ]
3182
3190
  } : {
3183
3191
  message: "This service verifies AI agents before granting access. Please register your agent with AstraSync.",
3184
- registrationUrl: `${config.apiBaseUrl.replace("/api", "")}/agents/register`,
3185
- documentationUrl: `${config.apiBaseUrl.replace("/api", "")}/docs/agent-access`,
3192
+ registrationUrl: urls?.registrationUrl ?? "",
3193
+ documentationUrl: urls?.documentationUrl ?? "",
3186
3194
  steps: [
3187
3195
  "Register for an AstraSync account",
3188
3196
  "Create and register your agent",
@@ -3224,7 +3232,7 @@ async function callVerifyAccessAPI(config, request) {
3224
3232
  const { credentials, ...requestData } = request;
3225
3233
  const body = {
3226
3234
  ...credentials.astraId && { agentId: credentials.astraId },
3227
- purpose: requestData.purpose || "general"
3235
+ ...requestData.purpose && { purpose: requestData.purpose }
3228
3236
  };
3229
3237
  if (requestData.action) body.action = requestData.action;
3230
3238
  if (requestData.resourceType) body.resourceType = requestData.resourceType;
@@ -3304,6 +3312,7 @@ async function callVerifyAccessAPI(config, request) {
3304
3312
  }
3305
3313
  async function verify(config, request) {
3306
3314
  const mergedConfig = { ...DEFAULT_CONFIG, ...config };
3315
+ const urls = mergedConfig.apiBaseUrl ? getCachedWellKnownUrls(mergedConfig.apiBaseUrl) : void 0;
3307
3316
  if (!initCheckPerformed && !mergedConfig.disableInitChecks && mergedConfig.apiBaseUrl) {
3308
3317
  if (mergedConfig.strictInit) {
3309
3318
  await performInitCheck(mergedConfig.apiBaseUrl, mergedConfig.debug, true);
@@ -3340,7 +3349,8 @@ async function verify(config, request) {
3340
3349
  if (!apiResponse.success) {
3341
3350
  return createGuidanceResponse(mergedConfig, apiResponse.error, {
3342
3351
  source: "api_error",
3343
- correlationId: apiResponse.correlationId
3352
+ correlationId: apiResponse.correlationId,
3353
+ urls
3344
3354
  });
3345
3355
  }
3346
3356
  if (!apiResponse.access?.allowed) {
@@ -3363,8 +3373,8 @@ async function verify(config, request) {
3363
3373
  requiresApproval: apiResponse.access?.requiresApproval,
3364
3374
  guidance: {
3365
3375
  message: apiResponse.access?.reason || "Access denied by PDLSS policy",
3366
- registrationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/agents/register`,
3367
- documentationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/docs/pdlss`
3376
+ registrationUrl: urls?.registrationUrl ?? "",
3377
+ documentationUrl: urls?.documentationUrl ?? ""
3368
3378
  },
3369
3379
  verifiedAt: /* @__PURE__ */ new Date(),
3370
3380
  // Extract sessionId so decisions can be recorded for denials too
@@ -3435,12 +3445,12 @@ async function verify(config, request) {
3435
3445
  ];
3436
3446
  result.guidance = result.runtimeChallenge ? {
3437
3447
  message: `Verification failed: ${result.runtimeChallenge.reason || "runtime challenge failed"}`,
3438
- registrationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/agents/register`,
3439
- documentationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/docs/runtime-challenge`
3448
+ registrationUrl: urls?.registrationUrl ?? "",
3449
+ documentationUrl: urls?.documentationUrl ?? ""
3440
3450
  } : {
3441
3451
  message: result.recommendationReasons?.[0] || "Access denied by AstraSync recommendation",
3442
- registrationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/agents/register`,
3443
- documentationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/docs/pdlss`
3452
+ registrationUrl: urls?.registrationUrl ?? "",
3453
+ documentationUrl: urls?.documentationUrl ?? ""
3444
3454
  };
3445
3455
  } else if (result.recommendation === "step_up_required") {
3446
3456
  result.requiresStepUp = true;