@astrasyncai/verification-gateway 2.4.3 → 2.4.5

package/dist/adapters/mcp.mjs

@@ -17,6 +17,9 @@ function hasMinimumAccess(actual, required) {
   return ACCESS_LEVEL_HIERARCHY[actual] >= ACCESS_LEVEL_HIERARCHY[required];
 }
 
+// src/version.ts
+var SDK_VERSION = "2.4.5";
+
 // src/verify.ts
 var DEFAULT_CONFIG = {
   apiBaseUrl: "https://astrasync.ai/api",
@@ -174,6 +177,8 @@ async function callVerifyAccessAPI(config, request) {
   if (config.counterpartyId) body.counterpartyId = config.counterpartyId;
   if (requestData.runtimeChallengeOptions)
     body.runtimeChallengeOptions = requestData.runtimeChallengeOptions;
+  if (requestData.invocationProtocol) body.invocationProtocol = requestData.invocationProtocol;
+  body.sdkVersion = SDK_VERSION;
   if (requestData.callerMetadata || requestData.clientIp || requestData.userAgent) {
     const meta = {
       ...requestData.clientIp && { sourceIp: requestData.clientIp },
@@ -457,15 +462,17 @@ function parseMcpJsonRpc(body) {
   if (method === "initialize" && params && typeof params.protocolVersion === "string") {
     protocolVersion = params.protocolVersion;
   }
-  let agentIdFromBody;
   const meta = params?._meta;
   const astrasyncMeta = meta?.astrasync;
+  const args = params?.arguments;
+  let agentIdFromBody;
   if (astrasyncMeta && typeof astrasyncMeta.agentId === "string") {
     agentIdFromBody = astrasyncMeta.agentId;
-  } else {
-    const args = params?.arguments;
-    if (args && typeof args.agent_id === "string") agentIdFromBody = args.agent_id;
+  } else if (args && typeof args.agent_id === "string") {
+    agentIdFromBody = args.agent_id;
   }
+  const purposeBodyResult = extractFromMcpBody(astrasyncMeta, args, "purpose");
+  const actionBodyResult = extractFromMcpBody(astrasyncMeta, args, "action");
   const isInitialize = method === "initialize";
   const isToolCall = method === "tools/call";
   const isIntrospection = method === "tools/list" || method === "prompts/list" || method === "resources/list" || method === "ping" || method === "notifications/initialized";
@@ -474,19 +481,51 @@ function parseMcpJsonRpc(body) {
     ...toolName ? { toolName } : {},
     ...protocolVersion ? { protocolVersion } : {},
     ...agentIdFromBody ? { agentIdFromBody } : {},
+    ...purposeBodyResult.value ? { purposeFromBody: purposeBodyResult.value } : {},
+    ...purposeBodyResult.source ? { purposeSourceFromBody: purposeBodyResult.source } : {},
+    ...actionBodyResult.value ? { actionFromBody: actionBodyResult.value } : {},
+    ...actionBodyResult.source ? { actionSourceFromBody: actionBodyResult.source } : {},
     isInitialize,
     isToolCall,
     isIntrospection
   };
 }
-function mcpToPdlss(parsed) {
-  const action = parsed.toolName ? `${parsed.method}:${parsed.toolName}` : parsed.method;
+function extractFromMcpBody(astrasyncMeta, args, key) {
+  if (astrasyncMeta && typeof astrasyncMeta[key] === "string") {
+    return { value: astrasyncMeta[key], source: "meta" };
+  }
+  if (args && typeof args[key] === "string") {
+    return { value: args[key], source: "tool_argument" };
+  }
+  return { value: void 0, source: void 0 };
+}
+function mcpToPdlss(parsed, headerPurpose, headerAction) {
   const resource = parsed.toolName ? `mcp:tool/${parsed.toolName}` : `mcp:method/${parsed.method}`;
-  return {
-    purpose: "mcp_invoke",
-    action,
-    resource
-  };
+  let purpose;
+  let purposeSource;
+  if (headerPurpose) {
+    purpose = headerPurpose;
+    purposeSource = "header";
+  } else if (parsed.purposeFromBody && parsed.purposeSourceFromBody) {
+    purpose = parsed.purposeFromBody;
+    purposeSource = parsed.purposeSourceFromBody;
+  } else {
+    purpose = "mcp_invoke";
+    purposeSource = "default_mcp_invoke";
+  }
+  let action;
+  let actionSource;
+  if (headerAction) {
+    action = headerAction;
+    actionSource = "header";
+  } else if (parsed.actionFromBody && parsed.actionSourceFromBody) {
+    action = parsed.actionFromBody;
+    actionSource = parsed.actionSourceFromBody;
+  } else {
+    action = parsed.toolName ? `${parsed.method}:${parsed.toolName}` : parsed.method;
+    actionSource = "transport_layer";
+  }
+  return { purpose, action, resource, purposeSource, actionSource };
 }
 function mcpRiskTier(parsed) {
   if (parsed.isInitialize || parsed.method === "notifications/initialized") return "none";
@@ -497,6 +536,11 @@ function mcpRiskTier(parsed) {
 }
 
 // src/adapters/mcp.ts
+function readSingleHeader(value) {
+  if (typeof value === "string") return value;
+  if (Array.isArray(value)) return value[0];
+  return void 0;
+}
 function defaultMcpDenied(result, req, res) {
   const id = req.body?.id ?? null;
   const status = result.verified ? 403 : 401;
@@ -591,19 +635,30 @@ function createMcpMiddleware(options) {
         toolGates,
         methodGates
       });
-      if (minAccessLevel === "none") {
+      const credentials = extractCredentials(
+        req.headers,
+        req.query
+      );
+      if (effectiveAstraId) credentials.astraId = effectiveAstraId;
+      const shouldEnforce = minAccessLevel !== "none";
+      if (minAccessLevel === "none" && (!config.evaluateAlwaysIfCredentialed || !credentials.astraId)) {
         if (config.setPassThroughHeader) {
           res.setHeader("X-Astra-Gateway-Mode", "unenforced");
           res.setHeader("X-Astra-Gateway-Reason", "mcp-tier-none");
         }
         return next();
       }
-      const credentials = extractCredentials(
-        req.headers,
-        req.query
-      );
-      if (effectiveAstraId) credentials.astraId = effectiveAstraId;
-      const pdlss = mcpToPdlss(parsed);
+      const headerPurpose = readSingleHeader(req.headers["x-astra-purpose"]);
+      const headerAction = readSingleHeader(req.headers["x-astra-action"]);
+      const pdlss = mcpToPdlss(parsed, headerPurpose, headerAction);
+      if (config.debug) {
+        console.debug("[mcp-middleware] pdlss resolved", {
+          purpose_source: pdlss.purposeSource,
+          resolved_purpose: pdlss.purpose,
+          action_source: pdlss.actionSource,
+          resolved_action: pdlss.action
+        });
+      }
       const counterpartyUrl = config.counterpartyUrl || `${req.protocol}://${req.get("host")}${req.path}`;
       const shouldRecordDecisions = recordDecisions !== false;
       const result = await verify(config, {
@@ -611,6 +666,10 @@ function createMcpMiddleware(options) {
         purpose: pdlss.purpose,
         action: pdlss.action,
         resource: pdlss.resource,
+        // Round-12 (F19): mark transport protocol separately from intent.
+        // The MCP middleware always sets this to 'mcp'; non-MCP callers
+        // leave it unset (server-side default is 'rest').
+        invocationProtocol: "mcp",
         createSession: shouldRecordDecisions,
         counterpartyUrl,
         counterpartyType: config.counterpartyType || "mcp_server",
@@ -632,7 +691,25 @@ function createMcpMiddleware(options) {
         onDenied(result, req, res);
         return;
       }
+      if (!shouldEnforce) {
+        if (config.setPassThroughHeader) {
+          res.setHeader("X-Astra-Gateway-Mode", "enforced");
+          res.setHeader("X-Astra-Gateway-Reason", "evaluated-not-enforced");
+        }
+        if (shouldRecordDecisions && sessionId) {
+          recordDecision(config, sessionId, "granted").catch(() => {
+          });
+        }
+        return next();
+      }
       if (!hasMinimumAccess(result.accessLevel, minAccessLevel)) {
+        const insufficientFailure = {
+          dimension: "access_level.insufficient",
+          message: `Tool requires accessLevel '${minAccessLevel}'; agent has '${result.accessLevel}'.`,
+          guidance: "Request elevated access via step-up verification (coming soon \u2014 ships this month). Step-up lets the agent owner approve a one-time elevation for this specific counterparty + purpose without changing the agent's baseline trust score."
+        };
+        result.failures = [...result.failures ?? [], insufficientFailure];
+        result.denialReasons = [...result.denialReasons ?? [], insufficientFailure.message];
         if (shouldRecordDecisions) {
           const overrideKind = gateSource === "toolGate" ? "toolGate" : gateSource === "methodGate" ? "methodGate" : "other";
           const override = {