npm - @astrasyncai/verification-gateway - Versions diffs - 2.4.3 → 2.4.5 - Mend

@astrasyncai/verification-gateway 2.4.3 → 2.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/README.md +90 -0
package/dist/adapter-interface/interface.d.mts +2 -2
package/dist/adapter-interface/interface.d.ts +2 -2
package/dist/adapters/express.d.mts +2 -2
package/dist/adapters/express.d.ts +2 -2
package/dist/adapters/express.js +35 -7
package/dist/adapters/express.js.map +1 -1
package/dist/adapters/express.mjs +35 -7
package/dist/adapters/express.mjs.map +1 -1
package/dist/adapters/mcp.d.mts +61 -2
package/dist/adapters/mcp.d.ts +61 -2
package/dist/adapters/mcp.js +95 -18
package/dist/adapters/mcp.js.map +1 -1
package/dist/adapters/mcp.mjs +95 -18
package/dist/adapters/mcp.mjs.map +1 -1
package/dist/adapters/nextjs.d.mts +2 -2
package/dist/adapters/nextjs.d.ts +2 -2
package/dist/adapters/nextjs.js +5 -0
package/dist/adapters/nextjs.js.map +1 -1
package/dist/adapters/nextjs.mjs +5 -0
package/dist/adapters/nextjs.mjs.map +1 -1
package/dist/adapters/sdk.d.mts +2 -2
package/dist/adapters/sdk.d.ts +2 -2
package/dist/adapters/sdk.js +5 -0
package/dist/adapters/sdk.js.map +1 -1
package/dist/adapters/sdk.mjs +5 -0
package/dist/adapters/sdk.mjs.map +1 -1
package/dist/agent/index.d.mts +2 -2
package/dist/agent/index.d.ts +2 -2
package/dist/bin/astrasync.js +10 -2
package/dist/browser/background.js +5 -0
package/dist/browser/background.js.map +1 -1
package/dist/browser/background.mjs +5 -0
package/dist/browser/background.mjs.map +1 -1
package/dist/browser/browser-adapter.d.mts +2 -2
package/dist/browser/browser-adapter.d.ts +2 -2
package/dist/cli/index.d.mts +2 -2
package/dist/cli/index.d.ts +2 -2
package/dist/cursor/cursor-adapter.d.mts +2 -2
package/dist/cursor/cursor-adapter.d.ts +2 -2
package/dist/cursor/extension.d.mts +2 -2
package/dist/cursor/extension.d.ts +2 -2
package/dist/cursor/extension.js +5 -0
package/dist/cursor/extension.js.map +1 -1
package/dist/cursor/extension.mjs +5 -0
package/dist/cursor/extension.mjs.map +1 -1
package/dist/{express-DneHiMhu.d.mts → express-D5hAJ2Gv.d.mts} +1 -1
package/dist/{express-DsiaQRFt.d.ts → express-XCkk7BsJ.d.ts} +1 -1
package/dist/gateway/gateway.d.mts +2 -2
package/dist/gateway/gateway.d.ts +2 -2
package/dist/gateway/gateway.js +5 -0
package/dist/gateway/gateway.js.map +1 -1
package/dist/gateway/gateway.mjs +5 -0
package/dist/gateway/gateway.mjs.map +1 -1
package/dist/git-trigger/git-hooks.d.mts +2 -2
package/dist/git-trigger/git-hooks.d.ts +2 -2
package/dist/{index-NZiKvrtE.d.ts → index-Bstl43HI.d.ts} +1 -1
package/dist/{index-Dd4alF0l.d.ts → index-CH4TfcbL.d.ts} +1 -1
package/dist/{index-C9yWlQ2Y.d.mts → index-TS4SGvf4.d.mts} +1 -1
package/dist/{index-DAGm-Sgf.d.mts → index-u08qcXq9.d.mts} +1 -1
package/dist/index.d.mts +7 -7
package/dist/index.d.ts +7 -7
package/dist/index.js +35 -7
package/dist/index.js.map +1 -1
package/dist/index.mjs +35 -7
package/dist/index.mjs.map +1 -1
package/dist/local-evaluator/evaluator.d.mts +2 -2
package/dist/local-evaluator/evaluator.d.ts +2 -2
package/dist/{nextjs-vUuVCaBP.d.mts → nextjs-CFA0J_4x.d.mts} +1 -1
package/dist/{nextjs-B4WmoiVm.d.ts → nextjs-DP2EpI-4.d.ts} +1 -1
package/dist/registration/index.d.mts +25 -0
package/dist/registration/index.d.ts +25 -0
package/dist/registration/index.js +10 -2
package/dist/registration/index.js.map +1 -1
package/dist/registration/index.mjs +10 -2
package/dist/registration/index.mjs.map +1 -1
package/dist/{sdk-Cixo6pTV.d.mts → sdk-C8W54WZS.d.mts} +1 -1
package/dist/{sdk-BvWp4q2q.d.ts → sdk-CwwCGDzK.d.ts} +1 -1
package/dist/transport/index.d.mts +2 -2
package/dist/transport/index.d.ts +2 -2
package/dist/{types-DLai3jly.d.mts → types-CbZOkIr-.d.mts} +29 -0
package/dist/{types-DLai3jly.d.ts → types-CbZOkIr-.d.ts} +29 -0
package/dist/{types-IUzu-A4u.d.ts → types-DXNkr61h.d.ts} +1 -1
package/dist/{types-C_e1IZdU.d.mts → types-tBNFSbw_.d.mts} +1 -1
package/dist/ui/index.d.mts +1 -1
package/dist/ui/index.d.ts +1 -1
package/package.json +1 -1

package/dist/git-trigger/git-hooks.d.mts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { AstraSyncGateway } from '../gateway/gateway.mjs';
-import { V as VerificationDecision, P as PDLSSContext } from '../types-C_e1IZdU.mjs';
-import '../types-DLai3jly.mjs';
+import { V as VerificationDecision, P as PDLSSContext } from '../types-tBNFSbw_.mjs';
+import '../types-CbZOkIr-.mjs';
 /**
  * Git Trigger — Enterprise git push / PR verification

package/dist/git-trigger/git-hooks.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { AstraSyncGateway } from '../gateway/gateway.js';
-import { V as VerificationDecision, P as PDLSSContext } from '../types-IUzu-A4u.js';
-import '../types-DLai3jly.js';
+import { V as VerificationDecision, P as PDLSSContext } from '../types-DXNkr61h.js';
+import '../types-CbZOkIr-.js';
 /**
  * Git Trigger — Enterprise git push / PR verification

package/dist/{index-NZiKvrtE.d.ts → index-Bstl43HI.d.ts} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { A as AstraSyncCredentials, g as ProtocolTransport } from './types-DLai3jly.js';
+import { A as AstraSyncCredentials, g as ProtocolTransport } from './types-CbZOkIr-.js';
 import { JWK } from 'jose';
 /**

package/dist/{index-Dd4alF0l.d.ts → index-CH4TfcbL.d.ts} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { A as AstraSyncCredentials, g as ProtocolTransport, G as GatewayConfig } from './types-DLai3jly.js';
+import { A as AstraSyncCredentials, g as ProtocolTransport, G as GatewayConfig } from './types-CbZOkIr-.js';
 /**
  * AgentClient — Credential Presentation

package/dist/{index-C9yWlQ2Y.d.mts → index-TS4SGvf4.d.mts} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { A as AstraSyncCredentials, g as ProtocolTransport } from './types-DLai3jly.mjs';
+import { A as AstraSyncCredentials, g as ProtocolTransport } from './types-CbZOkIr-.mjs';
 import { JWK } from 'jose';
 /**

package/dist/{index-DAGm-Sgf.d.mts → index-u08qcXq9.d.mts} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { A as AstraSyncCredentials, g as ProtocolTransport, G as GatewayConfig } from './types-DLai3jly.mjs';
+import { A as AstraSyncCredentials, g as ProtocolTransport, G as GatewayConfig } from './types-CbZOkIr-.mjs';
 /**
  * AgentClient — Credential Presentation

package/dist/index.d.mts CHANGED Viewed

@@ -1,10 +1,10 @@
-import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, c as VerificationRequest, V as VerificationResult } from './types-DLai3jly.mjs';
-export { A as AstraSyncCredentials, d as CommerceShieldProps, C as CounterpartyType, e as EnhancedVerificationResult, E as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-DLai3jly.mjs';
-export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, c as getCapabilities, e as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-Cixo6pTV.mjs';
-export { e as express } from './express-DneHiMhu.mjs';
-export { n as nextjs } from './nextjs-vUuVCaBP.mjs';
-export { i as transport } from './index-C9yWlQ2Y.mjs';
-export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-DAGm-Sgf.mjs';
+import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, c as VerificationRequest, V as VerificationResult } from './types-CbZOkIr-.mjs';
+export { A as AstraSyncCredentials, d as CommerceShieldProps, C as CounterpartyType, e as EnhancedVerificationResult, E as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-CbZOkIr-.mjs';
+export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, c as getCapabilities, e as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-C8W54WZS.mjs';
+export { e as express } from './express-D5hAJ2Gv.mjs';
+export { n as nextjs } from './nextjs-CFA0J_4x.mjs';
+export { i as transport } from './index-TS4SGvf4.mjs';
+export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-u08qcXq9.mjs';
 import 'express';
 import 'next/server';
 import 'jose';

package/dist/index.d.ts CHANGED Viewed

@@ -1,10 +1,10 @@
-import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, c as VerificationRequest, V as VerificationResult } from './types-DLai3jly.js';
-export { A as AstraSyncCredentials, d as CommerceShieldProps, C as CounterpartyType, e as EnhancedVerificationResult, E as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-DLai3jly.js';
-export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, c as getCapabilities, e as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-BvWp4q2q.js';
-export { e as express } from './express-DsiaQRFt.js';
-export { n as nextjs } from './nextjs-B4WmoiVm.js';
-export { i as transport } from './index-NZiKvrtE.js';
-export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-Dd4alF0l.js';
+import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, c as VerificationRequest, V as VerificationResult } from './types-CbZOkIr-.js';
+export { A as AstraSyncCredentials, d as CommerceShieldProps, C as CounterpartyType, e as EnhancedVerificationResult, E as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-CbZOkIr-.js';
+export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, c as getCapabilities, e as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-CwwCGDzK.js';
+export { e as express } from './express-XCkk7BsJ.js';
+export { n as nextjs } from './nextjs-DP2EpI-4.js';
+export { i as transport } from './index-Bstl43HI.js';
+export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-CH4TfcbL.js';
 import 'express';
 import 'next/server';
 import 'jose';

package/dist/index.js CHANGED Viewed

@@ -177,6 +177,9 @@ function getCapabilities(accessLevel) {
   }
 }
+// src/version.ts
+var SDK_VERSION = "2.4.5";
 // src/verify.ts
 var DEFAULT_CONFIG = {
   apiBaseUrl: "https://astrasync.ai/api",
@@ -340,6 +343,8 @@ async function callVerifyAccessAPI(config, request) {
   if (config.counterpartyId) body.counterpartyId = config.counterpartyId;
   if (requestData.runtimeChallengeOptions)
     body.runtimeChallengeOptions = requestData.runtimeChallengeOptions;
+  if (requestData.invocationProtocol) body.invocationProtocol = requestData.invocationProtocol;
+  body.sdkVersion = SDK_VERSION;
   if (requestData.callerMetadata || requestData.clientIp || requestData.userAgent) {
     const meta = {
       ...requestData.clientIp && { sourceIp: requestData.clientIp },
@@ -850,14 +855,15 @@ function createMiddleware(options) {
         }
         return next();
       }
-      if (routeConfig.minAccessLevel === "none") {
+      const credentials = customExtractCredentials ? customExtractCredentials(req) : defaultExtractCredentials(req);
+      const shouldEnforce = routeConfig.minAccessLevel !== "none";
+      if (routeConfig.minAccessLevel === "none" && (!config.evaluateAlwaysIfCredentialed || !credentials.astraId)) {
         if (config.setPassThroughHeader) {
           res.setHeader("X-Astra-Gateway-Mode", "unenforced");
           res.setHeader("X-Astra-Gateway-Reason", "route-none");
         }
         return next();
       }
-      const credentials = customExtractCredentials ? customExtractCredentials(req) : defaultExtractCredentials(req);
       const purpose = customExtractPurpose ? customExtractPurpose(req) : defaultExtractPurpose(req);
       const astraCreds = extractAstraSyncCredentials(req);
       const counterpartyUrl = config.counterpartyUrl || `${req.protocol}://${req.get("host")}`;
@@ -921,9 +927,27 @@ function createMiddleware(options) {
         onDenied(result, req, res);
         return;
       }
+      if (!shouldEnforce) {
+        if (config.setPassThroughHeader) {
+          res.setHeader("X-Astra-Gateway-Mode", "enforced");
+          res.setHeader("X-Astra-Gateway-Reason", "evaluated-not-enforced");
+        }
+        if (shouldRecordDecisions && sessionId) {
+          recordDecision(config, sessionId, "granted").catch(() => {
+          });
+        }
+        return next();
+      }
       if (!hasMinimumAccess(result.accessLevel, routeConfig.minAccessLevel)) {
+        const insufficientFailure = {
+          dimension: "access_level.insufficient",
+          message: `Endpoint requires accessLevel '${routeConfig.minAccessLevel}'; agent has '${result.accessLevel}'.`,
+          guidance: "Request elevated access via step-up verification (coming soon \u2014 ships this month). Step-up lets the agent owner approve a one-time elevation for this specific counterparty + purpose without changing the agent's baseline trust score."
+        };
+        result.failures = [...result.failures ?? [], insufficientFailure];
+        result.denialReasons = [...result.denialReasons ?? [], insufficientFailure.message];
         if (shouldRecordDecisions && sessionId) {
-          recordDecision(config, sessionId, "denied", result.denialReasons?.[0]).catch(() => {
+          recordDecision(config, sessionId, "denied", insufficientFailure.message).catch(() => {
           });
         }
         onDenied(result, req, res);
@@ -931,11 +955,15 @@ function createMiddleware(options) {
       }
       if (routeConfig.minTrustScore && result.agent) {
         if (result.agent.trustScore < routeConfig.minTrustScore) {
-          result.denialReasons = [
-            `Trust score ${result.agent.trustScore} is below required ${routeConfig.minTrustScore}`
-          ];
+          const trustFailure = {
+            dimension: "access_level.insufficient",
+            message: `Trust score ${result.agent.trustScore} is below required ${routeConfig.minTrustScore} for this route.`,
+            guidance: "Request elevated access via step-up verification (coming soon \u2014 ships this month). Step-up lets the agent owner approve a one-time elevation for this specific counterparty + purpose without changing the agent's baseline trust score."
+          };
+          result.failures = [...result.failures ?? [], trustFailure];
+          result.denialReasons = [trustFailure.message];
           if (shouldRecordDecisions && sessionId) {
-            recordDecision(config, sessionId, "denied", result.denialReasons[0]).catch(() => {
+            recordDecision(config, sessionId, "denied", trustFailure.message).catch(() => {
             });
           }
           onDenied(result, req, res);