@astrasyncai/verification-gateway 2.4.3 → 2.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (87) hide show
  1. package/README.md +90 -0
  2. package/dist/adapter-interface/interface.d.mts +2 -2
  3. package/dist/adapter-interface/interface.d.ts +2 -2
  4. package/dist/adapters/express.d.mts +2 -2
  5. package/dist/adapters/express.d.ts +2 -2
  6. package/dist/adapters/express.js +35 -7
  7. package/dist/adapters/express.js.map +1 -1
  8. package/dist/adapters/express.mjs +35 -7
  9. package/dist/adapters/express.mjs.map +1 -1
  10. package/dist/adapters/mcp.d.mts +61 -2
  11. package/dist/adapters/mcp.d.ts +61 -2
  12. package/dist/adapters/mcp.js +95 -18
  13. package/dist/adapters/mcp.js.map +1 -1
  14. package/dist/adapters/mcp.mjs +95 -18
  15. package/dist/adapters/mcp.mjs.map +1 -1
  16. package/dist/adapters/nextjs.d.mts +2 -2
  17. package/dist/adapters/nextjs.d.ts +2 -2
  18. package/dist/adapters/nextjs.js +5 -0
  19. package/dist/adapters/nextjs.js.map +1 -1
  20. package/dist/adapters/nextjs.mjs +5 -0
  21. package/dist/adapters/nextjs.mjs.map +1 -1
  22. package/dist/adapters/sdk.d.mts +2 -2
  23. package/dist/adapters/sdk.d.ts +2 -2
  24. package/dist/adapters/sdk.js +5 -0
  25. package/dist/adapters/sdk.js.map +1 -1
  26. package/dist/adapters/sdk.mjs +5 -0
  27. package/dist/adapters/sdk.mjs.map +1 -1
  28. package/dist/agent/index.d.mts +2 -2
  29. package/dist/agent/index.d.ts +2 -2
  30. package/dist/bin/astrasync.js +10 -2
  31. package/dist/browser/background.js +5 -0
  32. package/dist/browser/background.js.map +1 -1
  33. package/dist/browser/background.mjs +5 -0
  34. package/dist/browser/background.mjs.map +1 -1
  35. package/dist/browser/browser-adapter.d.mts +2 -2
  36. package/dist/browser/browser-adapter.d.ts +2 -2
  37. package/dist/cli/index.d.mts +2 -2
  38. package/dist/cli/index.d.ts +2 -2
  39. package/dist/cursor/cursor-adapter.d.mts +2 -2
  40. package/dist/cursor/cursor-adapter.d.ts +2 -2
  41. package/dist/cursor/extension.d.mts +2 -2
  42. package/dist/cursor/extension.d.ts +2 -2
  43. package/dist/cursor/extension.js +5 -0
  44. package/dist/cursor/extension.js.map +1 -1
  45. package/dist/cursor/extension.mjs +5 -0
  46. package/dist/cursor/extension.mjs.map +1 -1
  47. package/dist/{express-DneHiMhu.d.mts → express-D5hAJ2Gv.d.mts} +1 -1
  48. package/dist/{express-DsiaQRFt.d.ts → express-XCkk7BsJ.d.ts} +1 -1
  49. package/dist/gateway/gateway.d.mts +2 -2
  50. package/dist/gateway/gateway.d.ts +2 -2
  51. package/dist/gateway/gateway.js +5 -0
  52. package/dist/gateway/gateway.js.map +1 -1
  53. package/dist/gateway/gateway.mjs +5 -0
  54. package/dist/gateway/gateway.mjs.map +1 -1
  55. package/dist/git-trigger/git-hooks.d.mts +2 -2
  56. package/dist/git-trigger/git-hooks.d.ts +2 -2
  57. package/dist/{index-NZiKvrtE.d.ts → index-Bstl43HI.d.ts} +1 -1
  58. package/dist/{index-Dd4alF0l.d.ts → index-CH4TfcbL.d.ts} +1 -1
  59. package/dist/{index-C9yWlQ2Y.d.mts → index-TS4SGvf4.d.mts} +1 -1
  60. package/dist/{index-DAGm-Sgf.d.mts → index-u08qcXq9.d.mts} +1 -1
  61. package/dist/index.d.mts +7 -7
  62. package/dist/index.d.ts +7 -7
  63. package/dist/index.js +35 -7
  64. package/dist/index.js.map +1 -1
  65. package/dist/index.mjs +35 -7
  66. package/dist/index.mjs.map +1 -1
  67. package/dist/local-evaluator/evaluator.d.mts +2 -2
  68. package/dist/local-evaluator/evaluator.d.ts +2 -2
  69. package/dist/{nextjs-vUuVCaBP.d.mts → nextjs-CFA0J_4x.d.mts} +1 -1
  70. package/dist/{nextjs-B4WmoiVm.d.ts → nextjs-DP2EpI-4.d.ts} +1 -1
  71. package/dist/registration/index.d.mts +25 -0
  72. package/dist/registration/index.d.ts +25 -0
  73. package/dist/registration/index.js +10 -2
  74. package/dist/registration/index.js.map +1 -1
  75. package/dist/registration/index.mjs +10 -2
  76. package/dist/registration/index.mjs.map +1 -1
  77. package/dist/{sdk-Cixo6pTV.d.mts → sdk-C8W54WZS.d.mts} +1 -1
  78. package/dist/{sdk-BvWp4q2q.d.ts → sdk-CwwCGDzK.d.ts} +1 -1
  79. package/dist/transport/index.d.mts +2 -2
  80. package/dist/transport/index.d.ts +2 -2
  81. package/dist/{types-DLai3jly.d.mts → types-CbZOkIr-.d.mts} +29 -0
  82. package/dist/{types-DLai3jly.d.ts → types-CbZOkIr-.d.ts} +29 -0
  83. package/dist/{types-IUzu-A4u.d.ts → types-DXNkr61h.d.ts} +1 -1
  84. package/dist/{types-C_e1IZdU.d.mts → types-tBNFSbw_.d.mts} +1 -1
  85. package/dist/ui/index.d.mts +1 -1
  86. package/dist/ui/index.d.ts +1 -1
  87. package/package.json +1 -1
package/dist/index.mjs CHANGED
@@ -125,6 +125,9 @@ function getCapabilities(accessLevel) {
125
125
  }
126
126
  }
127
127
 
128
+ // src/version.ts
129
+ var SDK_VERSION = "2.4.5";
130
+
128
131
  // src/verify.ts
129
132
  var DEFAULT_CONFIG = {
130
133
  apiBaseUrl: "https://astrasync.ai/api",
@@ -288,6 +291,8 @@ async function callVerifyAccessAPI(config, request) {
288
291
  if (config.counterpartyId) body.counterpartyId = config.counterpartyId;
289
292
  if (requestData.runtimeChallengeOptions)
290
293
  body.runtimeChallengeOptions = requestData.runtimeChallengeOptions;
294
+ if (requestData.invocationProtocol) body.invocationProtocol = requestData.invocationProtocol;
295
+ body.sdkVersion = SDK_VERSION;
291
296
  if (requestData.callerMetadata || requestData.clientIp || requestData.userAgent) {
292
297
  const meta = {
293
298
  ...requestData.clientIp && { sourceIp: requestData.clientIp },
@@ -798,14 +803,15 @@ function createMiddleware(options) {
798
803
  }
799
804
  return next();
800
805
  }
801
- if (routeConfig.minAccessLevel === "none") {
806
+ const credentials = customExtractCredentials ? customExtractCredentials(req) : defaultExtractCredentials(req);
807
+ const shouldEnforce = routeConfig.minAccessLevel !== "none";
808
+ if (routeConfig.minAccessLevel === "none" && (!config.evaluateAlwaysIfCredentialed || !credentials.astraId)) {
802
809
  if (config.setPassThroughHeader) {
803
810
  res.setHeader("X-Astra-Gateway-Mode", "unenforced");
804
811
  res.setHeader("X-Astra-Gateway-Reason", "route-none");
805
812
  }
806
813
  return next();
807
814
  }
808
- const credentials = customExtractCredentials ? customExtractCredentials(req) : defaultExtractCredentials(req);
809
815
  const purpose = customExtractPurpose ? customExtractPurpose(req) : defaultExtractPurpose(req);
810
816
  const astraCreds = extractAstraSyncCredentials(req);
811
817
  const counterpartyUrl = config.counterpartyUrl || `${req.protocol}://${req.get("host")}`;
@@ -869,9 +875,27 @@ function createMiddleware(options) {
869
875
  onDenied(result, req, res);
870
876
  return;
871
877
  }
878
+ if (!shouldEnforce) {
879
+ if (config.setPassThroughHeader) {
880
+ res.setHeader("X-Astra-Gateway-Mode", "enforced");
881
+ res.setHeader("X-Astra-Gateway-Reason", "evaluated-not-enforced");
882
+ }
883
+ if (shouldRecordDecisions && sessionId) {
884
+ recordDecision(config, sessionId, "granted").catch(() => {
885
+ });
886
+ }
887
+ return next();
888
+ }
872
889
  if (!hasMinimumAccess(result.accessLevel, routeConfig.minAccessLevel)) {
890
+ const insufficientFailure = {
891
+ dimension: "access_level.insufficient",
892
+ message: `Endpoint requires accessLevel '${routeConfig.minAccessLevel}'; agent has '${result.accessLevel}'.`,
893
+ guidance: "Request elevated access via step-up verification (coming soon \u2014 ships this month). Step-up lets the agent owner approve a one-time elevation for this specific counterparty + purpose without changing the agent's baseline trust score."
894
+ };
895
+ result.failures = [...result.failures ?? [], insufficientFailure];
896
+ result.denialReasons = [...result.denialReasons ?? [], insufficientFailure.message];
873
897
  if (shouldRecordDecisions && sessionId) {
874
- recordDecision(config, sessionId, "denied", result.denialReasons?.[0]).catch(() => {
898
+ recordDecision(config, sessionId, "denied", insufficientFailure.message).catch(() => {
875
899
  });
876
900
  }
877
901
  onDenied(result, req, res);
@@ -879,11 +903,15 @@ function createMiddleware(options) {
879
903
  }
880
904
  if (routeConfig.minTrustScore && result.agent) {
881
905
  if (result.agent.trustScore < routeConfig.minTrustScore) {
882
- result.denialReasons = [
883
- `Trust score ${result.agent.trustScore} is below required ${routeConfig.minTrustScore}`
884
- ];
906
+ const trustFailure = {
907
+ dimension: "access_level.insufficient",
908
+ message: `Trust score ${result.agent.trustScore} is below required ${routeConfig.minTrustScore} for this route.`,
909
+ guidance: "Request elevated access via step-up verification (coming soon \u2014 ships this month). Step-up lets the agent owner approve a one-time elevation for this specific counterparty + purpose without changing the agent's baseline trust score."
910
+ };
911
+ result.failures = [...result.failures ?? [], trustFailure];
912
+ result.denialReasons = [trustFailure.message];
885
913
  if (shouldRecordDecisions && sessionId) {
886
- recordDecision(config, sessionId, "denied", result.denialReasons[0]).catch(() => {
914
+ recordDecision(config, sessionId, "denied", trustFailure.message).catch(() => {
887
915
  });
888
916
  }
889
917
  onDenied(result, req, res);