@astrasyncai/verification-gateway 2.4.14 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -3041,6 +3041,13 @@ function getTrustLevel(score) {
3041
3041
  // src/version.ts
3042
3042
  var SDK_VERSION = "2.4.13";
3043
3043
 
3044
+ // src/well-known.ts
3045
+ var CACHE_TTL_MS = 60 * 60 * 1e3;
3046
+ var cache = /* @__PURE__ */ new Map();
3047
+ function getCachedWellKnownUrls(apiBaseUrl) {
3048
+ return cache.get(apiBaseUrl)?.data;
3049
+ }
3050
+
3044
3051
  // src/verify.ts
3045
3052
  var DEFAULT_CONFIG = {
3046
3053
  apiBaseUrl: "https://astrasync.ai/api",
@@ -3142,21 +3149,22 @@ function cacheResult(request, result, configuredTtl) {
3142
3149
  expiresAt: Date.now() + ttlSeconds * 1e3
3143
3150
  });
3144
3151
  }
3145
- function createGuidanceResponse(config, reason, options = {}) {
3152
+ function createGuidanceResponse(_config, reason, options = {}) {
3146
3153
  const source = options.source ?? "no_credentials";
3147
3154
  const isApiError = source === "api_error";
3155
+ const urls = options.urls;
3148
3156
  const guidance = isApiError ? {
3149
3157
  message: "Verification is temporarily unavailable. Retry with exponential backoff; if the issue persists, contact support with the correlationId.",
3150
- registrationUrl: `${config.apiBaseUrl.replace("/api", "")}/agents/register`,
3151
- documentationUrl: `${config.apiBaseUrl.replace("/api", "")}/docs/agent-access`,
3158
+ registrationUrl: urls?.registrationUrl ?? "",
3159
+ documentationUrl: urls?.documentationUrl ?? "",
3152
3160
  steps: [
3153
3161
  "Retry the request with exponential backoff",
3154
3162
  "If failures persist, share the correlationId with support"
3155
3163
  ]
3156
3164
  } : {
3157
3165
  message: "This service verifies AI agents before granting access. Please register your agent with AstraSync.",
3158
- registrationUrl: `${config.apiBaseUrl.replace("/api", "")}/agents/register`,
3159
- documentationUrl: `${config.apiBaseUrl.replace("/api", "")}/docs/agent-access`,
3166
+ registrationUrl: urls?.registrationUrl ?? "",
3167
+ documentationUrl: urls?.documentationUrl ?? "",
3160
3168
  steps: [
3161
3169
  "Register for an AstraSync account",
3162
3170
  "Create and register your agent",
@@ -3198,7 +3206,7 @@ async function callVerifyAccessAPI(config, request) {
3198
3206
  const { credentials, ...requestData } = request;
3199
3207
  const body = {
3200
3208
  ...credentials.astraId && { agentId: credentials.astraId },
3201
- purpose: requestData.purpose || "general"
3209
+ ...requestData.purpose && { purpose: requestData.purpose }
3202
3210
  };
3203
3211
  if (requestData.action) body.action = requestData.action;
3204
3212
  if (requestData.resourceType) body.resourceType = requestData.resourceType;
@@ -3278,6 +3286,7 @@ async function callVerifyAccessAPI(config, request) {
3278
3286
  }
3279
3287
  async function verify(config, request) {
3280
3288
  const mergedConfig = { ...DEFAULT_CONFIG, ...config };
3289
+ const urls = mergedConfig.apiBaseUrl ? getCachedWellKnownUrls(mergedConfig.apiBaseUrl) : void 0;
3281
3290
  if (!initCheckPerformed && !mergedConfig.disableInitChecks && mergedConfig.apiBaseUrl) {
3282
3291
  if (mergedConfig.strictInit) {
3283
3292
  await performInitCheck(mergedConfig.apiBaseUrl, mergedConfig.debug, true);
@@ -3314,7 +3323,8 @@ async function verify(config, request) {
3314
3323
  if (!apiResponse.success) {
3315
3324
  return createGuidanceResponse(mergedConfig, apiResponse.error, {
3316
3325
  source: "api_error",
3317
- correlationId: apiResponse.correlationId
3326
+ correlationId: apiResponse.correlationId,
3327
+ urls
3318
3328
  });
3319
3329
  }
3320
3330
  if (!apiResponse.access?.allowed) {
@@ -3337,8 +3347,8 @@ async function verify(config, request) {
3337
3347
  requiresApproval: apiResponse.access?.requiresApproval,
3338
3348
  guidance: {
3339
3349
  message: apiResponse.access?.reason || "Access denied by PDLSS policy",
3340
- registrationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/agents/register`,
3341
- documentationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/docs/pdlss`
3350
+ registrationUrl: urls?.registrationUrl ?? "",
3351
+ documentationUrl: urls?.documentationUrl ?? ""
3342
3352
  },
3343
3353
  verifiedAt: /* @__PURE__ */ new Date(),
3344
3354
  // Extract sessionId so decisions can be recorded for denials too
@@ -3409,12 +3419,12 @@ async function verify(config, request) {
3409
3419
  ];
3410
3420
  result.guidance = result.runtimeChallenge ? {
3411
3421
  message: `Verification failed: ${result.runtimeChallenge.reason || "runtime challenge failed"}`,
3412
- registrationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/agents/register`,
3413
- documentationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/docs/runtime-challenge`
3422
+ registrationUrl: urls?.registrationUrl ?? "",
3423
+ documentationUrl: urls?.documentationUrl ?? ""
3414
3424
  } : {
3415
3425
  message: result.recommendationReasons?.[0] || "Access denied by AstraSync recommendation",
3416
- registrationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/agents/register`,
3417
- documentationUrl: `${mergedConfig.apiBaseUrl?.replace("/api", "")}/docs/pdlss`
3426
+ registrationUrl: urls?.registrationUrl ?? "",
3427
+ documentationUrl: urls?.documentationUrl ?? ""
3418
3428
  };
3419
3429
  } else if (result.recommendation === "step_up_required") {
3420
3430
  result.requiresStepUp = true;