@astrasyncai/verification-gateway 2.4.2 → 2.4.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +25 -0
- package/dist/adapter-interface/interface.d.mts +2 -2
- package/dist/adapter-interface/interface.d.ts +2 -2
- package/dist/adapters/express.d.mts +2 -2
- package/dist/adapters/express.d.ts +2 -2
- package/dist/adapters/express.js +31 -7
- package/dist/adapters/express.js.map +1 -1
- package/dist/adapters/express.mjs +31 -7
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/mcp.d.mts +25 -2
- package/dist/adapters/mcp.d.ts +25 -2
- package/dist/adapters/mcp.js +31 -7
- package/dist/adapters/mcp.js.map +1 -1
- package/dist/adapters/mcp.mjs +31 -7
- package/dist/adapters/mcp.mjs.map +1 -1
- package/dist/adapters/nextjs.d.mts +2 -2
- package/dist/adapters/nextjs.d.ts +2 -2
- package/dist/adapters/nextjs.js +1 -0
- package/dist/adapters/nextjs.js.map +1 -1
- package/dist/adapters/nextjs.mjs +1 -0
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/adapters/sdk.d.mts +2 -2
- package/dist/adapters/sdk.d.ts +2 -2
- package/dist/adapters/sdk.js +1 -0
- package/dist/adapters/sdk.js.map +1 -1
- package/dist/adapters/sdk.mjs +1 -0
- package/dist/adapters/sdk.mjs.map +1 -1
- package/dist/agent/index.d.mts +2 -2
- package/dist/agent/index.d.ts +2 -2
- package/dist/bin/astrasync.js +10 -2
- package/dist/browser/background.js +1 -0
- package/dist/browser/background.js.map +1 -1
- package/dist/browser/background.mjs +1 -0
- package/dist/browser/background.mjs.map +1 -1
- package/dist/browser/browser-adapter.d.mts +2 -2
- package/dist/browser/browser-adapter.d.ts +2 -2
- package/dist/cli/index.d.mts +2 -2
- package/dist/cli/index.d.ts +2 -2
- package/dist/cursor/cursor-adapter.d.mts +2 -2
- package/dist/cursor/cursor-adapter.d.ts +2 -2
- package/dist/cursor/extension.d.mts +2 -2
- package/dist/cursor/extension.d.ts +2 -2
- package/dist/cursor/extension.js +1 -0
- package/dist/cursor/extension.js.map +1 -1
- package/dist/cursor/extension.mjs +1 -0
- package/dist/cursor/extension.mjs.map +1 -1
- package/dist/{express-DneHiMhu.d.mts → express-Ck2RHZLT.d.mts} +1 -1
- package/dist/{express-DsiaQRFt.d.ts → express-DZmEzCgo.d.ts} +1 -1
- package/dist/gateway/gateway.d.mts +2 -2
- package/dist/gateway/gateway.d.ts +2 -2
- package/dist/gateway/gateway.js +1 -0
- package/dist/gateway/gateway.js.map +1 -1
- package/dist/gateway/gateway.mjs +1 -0
- package/dist/gateway/gateway.mjs.map +1 -1
- package/dist/git-trigger/git-hooks.d.mts +2 -2
- package/dist/git-trigger/git-hooks.d.ts +2 -2
- package/dist/{index-NZiKvrtE.d.ts → index-6Jus6yWU.d.ts} +1 -1
- package/dist/{index-DAGm-Sgf.d.mts → index-BZZTOfrI.d.mts} +1 -1
- package/dist/{index-Dd4alF0l.d.ts → index-BgKghi19.d.ts} +1 -1
- package/dist/{index-C9yWlQ2Y.d.mts → index-D698fDOk.d.mts} +1 -1
- package/dist/index.d.mts +7 -7
- package/dist/index.d.ts +7 -7
- package/dist/index.js +31 -7
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +31 -7
- package/dist/index.mjs.map +1 -1
- package/dist/local-evaluator/evaluator.d.mts +2 -2
- package/dist/local-evaluator/evaluator.d.ts +2 -2
- package/dist/{nextjs-vUuVCaBP.d.mts → nextjs-93PHcE-i.d.mts} +1 -1
- package/dist/{nextjs-B4WmoiVm.d.ts → nextjs-t_ix2zQZ.d.ts} +1 -1
- package/dist/registration/index.d.mts +37 -0
- package/dist/registration/index.d.ts +37 -0
- package/dist/registration/index.js +10 -2
- package/dist/registration/index.js.map +1 -1
- package/dist/registration/index.mjs +10 -2
- package/dist/registration/index.mjs.map +1 -1
- package/dist/{sdk-Cixo6pTV.d.mts → sdk-BFwzjYjl.d.mts} +1 -1
- package/dist/{sdk-BvWp4q2q.d.ts → sdk-Chq02d82.d.ts} +1 -1
- package/dist/transport/index.d.mts +2 -2
- package/dist/transport/index.d.ts +2 -2
- package/dist/{types-IUzu-A4u.d.ts → types-CLP_TDu5.d.ts} +1 -1
- package/dist/{types-DLai3jly.d.mts → types-CVT-sorC.d.mts} +23 -0
- package/dist/{types-DLai3jly.d.ts → types-CVT-sorC.d.ts} +23 -0
- package/dist/{types-C_e1IZdU.d.mts → types-y13mmzbA.d.mts} +1 -1
- package/dist/ui/index.d.mts +1 -1
- package/dist/ui/index.d.ts +1 -1
- package/package.json +1 -1
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { AstraSyncGateway } from '../gateway/gateway.mjs';
|
|
2
|
-
import { V as VerificationDecision, P as PDLSSContext } from '../types-
|
|
3
|
-
import '../types-
|
|
2
|
+
import { V as VerificationDecision, P as PDLSSContext } from '../types-y13mmzbA.mjs';
|
|
3
|
+
import '../types-CVT-sorC.mjs';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Git Trigger — Enterprise git push / PR verification
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { AstraSyncGateway } from '../gateway/gateway.js';
|
|
2
|
-
import { V as VerificationDecision, P as PDLSSContext } from '../types-
|
|
3
|
-
import '../types-
|
|
2
|
+
import { V as VerificationDecision, P as PDLSSContext } from '../types-CLP_TDu5.js';
|
|
3
|
+
import '../types-CVT-sorC.js';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Git Trigger — Enterprise git push / PR verification
|
package/dist/index.d.mts
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, c as VerificationRequest, V as VerificationResult } from './types-
|
|
2
|
-
export { A as AstraSyncCredentials, d as CommerceShieldProps, C as CounterpartyType, e as EnhancedVerificationResult, E as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-
|
|
3
|
-
export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, c as getCapabilities, e as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-
|
|
4
|
-
export { e as express } from './express-
|
|
5
|
-
export { n as nextjs } from './nextjs-
|
|
6
|
-
export { i as transport } from './index-
|
|
7
|
-
export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-
|
|
1
|
+
import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, c as VerificationRequest, V as VerificationResult } from './types-CVT-sorC.mjs';
|
|
2
|
+
export { A as AstraSyncCredentials, d as CommerceShieldProps, C as CounterpartyType, e as EnhancedVerificationResult, E as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-CVT-sorC.mjs';
|
|
3
|
+
export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, c as getCapabilities, e as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-BFwzjYjl.mjs';
|
|
4
|
+
export { e as express } from './express-Ck2RHZLT.mjs';
|
|
5
|
+
export { n as nextjs } from './nextjs-93PHcE-i.mjs';
|
|
6
|
+
export { i as transport } from './index-D698fDOk.mjs';
|
|
7
|
+
export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-BZZTOfrI.mjs';
|
|
8
8
|
import 'express';
|
|
9
9
|
import 'next/server';
|
|
10
10
|
import 'jose';
|
package/dist/index.d.ts
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, c as VerificationRequest, V as VerificationResult } from './types-
|
|
2
|
-
export { A as AstraSyncCredentials, d as CommerceShieldProps, C as CounterpartyType, e as EnhancedVerificationResult, E as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-
|
|
3
|
-
export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, c as getCapabilities, e as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-
|
|
4
|
-
export { e as express } from './express-
|
|
5
|
-
export { n as nextjs } from './nextjs-
|
|
6
|
-
export { i as transport } from './index-
|
|
7
|
-
export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-
|
|
1
|
+
import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, c as VerificationRequest, V as VerificationResult } from './types-CVT-sorC.js';
|
|
2
|
+
export { A as AstraSyncCredentials, d as CommerceShieldProps, C as CounterpartyType, e as EnhancedVerificationResult, E as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-CVT-sorC.js';
|
|
3
|
+
export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, c as getCapabilities, e as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-Chq02d82.js';
|
|
4
|
+
export { e as express } from './express-DZmEzCgo.js';
|
|
5
|
+
export { n as nextjs } from './nextjs-t_ix2zQZ.js';
|
|
6
|
+
export { i as transport } from './index-6Jus6yWU.js';
|
|
7
|
+
export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-BgKghi19.js';
|
|
8
8
|
import 'express';
|
|
9
9
|
import 'next/server';
|
|
10
10
|
import 'jose';
|
package/dist/index.js
CHANGED
|
@@ -340,6 +340,7 @@ async function callVerifyAccessAPI(config, request) {
|
|
|
340
340
|
if (config.counterpartyId) body.counterpartyId = config.counterpartyId;
|
|
341
341
|
if (requestData.runtimeChallengeOptions)
|
|
342
342
|
body.runtimeChallengeOptions = requestData.runtimeChallengeOptions;
|
|
343
|
+
if (requestData.invocationProtocol) body.invocationProtocol = requestData.invocationProtocol;
|
|
343
344
|
if (requestData.callerMetadata || requestData.clientIp || requestData.userAgent) {
|
|
344
345
|
const meta = {
|
|
345
346
|
...requestData.clientIp && { sourceIp: requestData.clientIp },
|
|
@@ -850,14 +851,15 @@ function createMiddleware(options) {
|
|
|
850
851
|
}
|
|
851
852
|
return next();
|
|
852
853
|
}
|
|
853
|
-
|
|
854
|
+
const credentials = customExtractCredentials ? customExtractCredentials(req) : defaultExtractCredentials(req);
|
|
855
|
+
const shouldEnforce = routeConfig.minAccessLevel !== "none";
|
|
856
|
+
if (routeConfig.minAccessLevel === "none" && (!config.evaluateAlwaysIfCredentialed || !credentials.astraId)) {
|
|
854
857
|
if (config.setPassThroughHeader) {
|
|
855
858
|
res.setHeader("X-Astra-Gateway-Mode", "unenforced");
|
|
856
859
|
res.setHeader("X-Astra-Gateway-Reason", "route-none");
|
|
857
860
|
}
|
|
858
861
|
return next();
|
|
859
862
|
}
|
|
860
|
-
const credentials = customExtractCredentials ? customExtractCredentials(req) : defaultExtractCredentials(req);
|
|
861
863
|
const purpose = customExtractPurpose ? customExtractPurpose(req) : defaultExtractPurpose(req);
|
|
862
864
|
const astraCreds = extractAstraSyncCredentials(req);
|
|
863
865
|
const counterpartyUrl = config.counterpartyUrl || `${req.protocol}://${req.get("host")}`;
|
|
@@ -921,9 +923,27 @@ function createMiddleware(options) {
|
|
|
921
923
|
onDenied(result, req, res);
|
|
922
924
|
return;
|
|
923
925
|
}
|
|
926
|
+
if (!shouldEnforce) {
|
|
927
|
+
if (config.setPassThroughHeader) {
|
|
928
|
+
res.setHeader("X-Astra-Gateway-Mode", "enforced");
|
|
929
|
+
res.setHeader("X-Astra-Gateway-Reason", "evaluated-not-enforced");
|
|
930
|
+
}
|
|
931
|
+
if (shouldRecordDecisions && sessionId) {
|
|
932
|
+
recordDecision(config, sessionId, "granted").catch(() => {
|
|
933
|
+
});
|
|
934
|
+
}
|
|
935
|
+
return next();
|
|
936
|
+
}
|
|
924
937
|
if (!hasMinimumAccess(result.accessLevel, routeConfig.minAccessLevel)) {
|
|
938
|
+
const insufficientFailure = {
|
|
939
|
+
dimension: "access_level.insufficient",
|
|
940
|
+
message: `Endpoint requires accessLevel '${routeConfig.minAccessLevel}'; agent has '${result.accessLevel}'.`,
|
|
941
|
+
guidance: "Request elevated access via step-up verification (coming soon \u2014 ships this month). Step-up lets the agent owner approve a one-time elevation for this specific counterparty + purpose without changing the agent's baseline trust score."
|
|
942
|
+
};
|
|
943
|
+
result.failures = [...result.failures ?? [], insufficientFailure];
|
|
944
|
+
result.denialReasons = [...result.denialReasons ?? [], insufficientFailure.message];
|
|
925
945
|
if (shouldRecordDecisions && sessionId) {
|
|
926
|
-
recordDecision(config, sessionId, "denied",
|
|
946
|
+
recordDecision(config, sessionId, "denied", insufficientFailure.message).catch(() => {
|
|
927
947
|
});
|
|
928
948
|
}
|
|
929
949
|
onDenied(result, req, res);
|
|
@@ -931,11 +951,15 @@ function createMiddleware(options) {
|
|
|
931
951
|
}
|
|
932
952
|
if (routeConfig.minTrustScore && result.agent) {
|
|
933
953
|
if (result.agent.trustScore < routeConfig.minTrustScore) {
|
|
934
|
-
|
|
935
|
-
|
|
936
|
-
|
|
954
|
+
const trustFailure = {
|
|
955
|
+
dimension: "access_level.insufficient",
|
|
956
|
+
message: `Trust score ${result.agent.trustScore} is below required ${routeConfig.minTrustScore} for this route.`,
|
|
957
|
+
guidance: "Request elevated access via step-up verification (coming soon \u2014 ships this month). Step-up lets the agent owner approve a one-time elevation for this specific counterparty + purpose without changing the agent's baseline trust score."
|
|
958
|
+
};
|
|
959
|
+
result.failures = [...result.failures ?? [], trustFailure];
|
|
960
|
+
result.denialReasons = [trustFailure.message];
|
|
937
961
|
if (shouldRecordDecisions && sessionId) {
|
|
938
|
-
recordDecision(config, sessionId, "denied",
|
|
962
|
+
recordDecision(config, sessionId, "denied", trustFailure.message).catch(() => {
|
|
939
963
|
});
|
|
940
964
|
}
|
|
941
965
|
onDenied(result, req, res);
|