@astrasyncai/verification-gateway 2.4.7 → 2.4.9

package/dist/git-trigger/git-hooks.d.mts

@@ -1,6 +1,6 @@
 import { AstraSyncGateway } from '../gateway/gateway.mjs';
-import { V as VerificationDecision, P as PDLSSContext } from '../types-tBNFSbw_.mjs';
-import '../types-CbZOkIr-.mjs';
+import { V as VerificationDecision, P as PDLSSContext } from '../types-DNK2BgIf.mjs';
+import '../types-L15pYd2c.mjs';
 
 /**
  * Git Trigger — Enterprise git push / PR verification

package/dist/git-trigger/git-hooks.d.ts

@@ -1,6 +1,6 @@
 import { AstraSyncGateway } from '../gateway/gateway.js';
-import { V as VerificationDecision, P as PDLSSContext } from '../types-DXNkr61h.js';
-import '../types-CbZOkIr-.js';
+import { V as VerificationDecision, P as PDLSSContext } from '../types-DoWIuzfj.js';
+import '../types-L15pYd2c.js';
 
 /**
  * Git Trigger — Enterprise git push / PR verification

package/dist/{index-u08qcXq9.d.mts → index-ChPX4WHl.d.mts}

@@ -1,4 +1,4 @@
-import { A as AstraSyncCredentials, g as ProtocolTransport, G as GatewayConfig } from './types-CbZOkIr-.mjs';
+import { b as AstraSyncCredentials, f as ProtocolTransport, G as GatewayConfig } from './types-L15pYd2c.mjs';
 
 /**
  * AgentClient — Credential Presentation

package/dist/{index-CH4TfcbL.d.ts → index-Cjm-zBeZ.d.ts}

@@ -1,4 +1,4 @@
-import { A as AstraSyncCredentials, g as ProtocolTransport, G as GatewayConfig } from './types-CbZOkIr-.js';
+import { b as AstraSyncCredentials, f as ProtocolTransport, G as GatewayConfig } from './types-L15pYd2c.js';
 
 /**
  * AgentClient — Credential Presentation

package/dist/{index-WL4d9e9_.d.ts → index-CzJMCgEy.d.ts}

@@ -1,4 +1,4 @@
-import { A as AstraSyncCredentials, g as ProtocolTransport } from './types-CbZOkIr-.js';
+import { b as AstraSyncCredentials, f as ProtocolTransport } from './types-L15pYd2c.js';
 import { JWK } from 'jose';
 
 /**
@@ -1394,4 +1394,4 @@ declare namespace index {
   export { type index_ACPEndpoint as ACPEndpoint, type index_ACPPaymentTokenType as ACPPaymentTokenType, type index_ACPRequestContext as ACPRequestContext, type index_ACPRequestLike as ACPRequestLike, type index_ACPSignatureAlgorithm as ACPSignatureAlgorithm, type index_ACPTotal as ACPTotal, type index_ACPVerifyInput as ACPVerifyInput, type index_ACPVerifyResult as ACPVerifyResult, type index_AP2CartMandateClaims as AP2CartMandateClaims, type index_AP2ChainResult as AP2ChainResult, type index_AP2IntentMandateClaims as AP2IntentMandateClaims, type index_AP2MandateClaims as AP2MandateClaims, type index_AP2MandateTriple as AP2MandateTriple, type index_AP2MandateTripleInput as AP2MandateTripleInput, type index_AP2MandateType as AP2MandateType, type index_AP2PaymentDetailsTotal as AP2PaymentDetailsTotal, type index_AP2PaymentMandateClaims as AP2PaymentMandateClaims, type index_AP2PaymentMandateForValue as AP2PaymentMandateForValue, type index_AP2VerifyInput as AP2VerifyInput, type index_CommerceContext as CommerceContext, type index_CommercePipelineInput as CommercePipelineInput, type index_CommerceProtocol as CommerceProtocol, type index_CommercePurpose as CommercePurpose, type index_CommerceSignatureStack as CommerceSignatureStack, type index_ConstraintEvalResult as ConstraintEvalResult, type index_ConstraintKey as ConstraintKey, type index_ConstraintResult as ConstraintResult, type index_ExtractorRequestLike as ExtractorRequestLike, type index_IdentityBindingResult as IdentityBindingResult, type index_IdentityClaim as IdentityClaim, type index_IdentityResolver as IdentityResolver, type index_MPPChallengeForValue as MPPChallengeForValue, type index_MPPChallengeSummary as MPPChallengeSummary, type index_MPPCredentialSummary as MPPCredentialSummary, type index_MPPIntent as MPPIntent, type index_MPPKind as MPPKind, type index_MPPReceiptSummary as MPPReceiptSummary, type index_MPPRequestContext as MPPRequestContext, type index_MPPRequestLike as MPPRequestLike, type index_MPPResponseLike as MPPResponseLike, type index_MPPVerifyInput as MPPVerifyInput, type index_MPPVerifyResult as MPPVerifyResult, type index_ParsedRFC9421 as ParsedRFC9421, type index_PaymentMethodAllowlistInput as PaymentMethodAllowlistInput, type index_RFC9421SignatureParams as RFC9421SignatureParams, type index_RFC9421Tag as RFC9421Tag, type index_RFC9421VerifyOptions as RFC9421VerifyOptions, type index_RFC9421VerifyRequest as RFC9421VerifyRequest, type index_RFC9421VerifyResult as RFC9421VerifyResult, type index_RegistryName as RegistryName, type index_RegistryResolver as RegistryResolver, type index_ResolveContext as ResolveContext, index_STRIPE_WEBHOOK_INFORMATIONAL_EVENTS as STRIPE_WEBHOOK_INFORMATIONAL_EVENTS, type index_SpendingLimitInput as SpendingLimitInput, type index_StripeWebhookInformationalEvent as StripeWebhookInformationalEvent, type index_TransactionContext as TransactionContext, type index_TransactionValueContext as TransactionValueContext, type index_TransportExtractor as TransportExtractor, type index_UCPCheckoutContext as UCPCheckoutContext, type index_UCPManifestValidationResult as UCPManifestValidationResult, type index_UCPRequestLike as UCPRequestLike, type index_UCPTotal as UCPTotal, type index_VIAllowedParty as VIAllowedParty, type index_VIBudgetLimit as VIBudgetLimit, type index_VIClaimsForValue as VIClaimsForValue, type index_VIConstraintEvalInput as VIConstraintEvalInput, type index_VIConstraints as VIConstraints, type index_VIExecutionMode as VIExecutionMode, type index_VIExtractedClaims as VIExtractedClaims, type index_VILayer as VILayer, type index_VILineItem as VILineItem, type index_VIMandateType as VIMandateType, type index_VIPaymentAmount as VIPaymentAmount, type index_VIRecurrence as VIRecurrence, type index_VIVerifyInput as VIVerifyInput, type index_VIVerifyResult as VIVerifyResult, type index_VerifyStripeWebhookOptions as VerifyStripeWebhookOptions, type index_VerifyStripeWebhookResult as VerifyStripeWebhookResult, type index_X402Kind as X402Kind, type index_X402RequestContext as X402RequestContext, type index_X402RequestForValue as X402RequestForValue, type index_X402RequestLike as X402RequestLike, type index_X402RequirementsSummary as X402RequirementsSummary, type index_X402ResponseLike as X402ResponseLike, index_applyCredentials as applyCredentials, index_bindIdentity as bindIdentity, index_claim as claim, index_clearTransportExtractors as clearTransportExtractors, index_createMastercardRegistry as createMastercardRegistry, index_createVisaRegistry as createVisaRegistry, index_createWebBotAuthRegistry as createWebBotAuthRegistry, index_detectProtocol as detectProtocol, index_evaluatePaymentMethodAllowlist as evaluatePaymentMethodAllowlist, index_evaluateSpendingLimit as evaluateSpendingLimit, index_evaluateVIConstraints as evaluateVIConstraints, index_extractA2ACredentials as extractA2ACredentials, index_extractACPContext as extractACPContext, index_extractACPTransactionValue as extractACPTransactionValue, index_extractAP2Mandate as extractAP2Mandate, index_extractAP2Mandates as extractAP2Mandates, index_extractAP2TransactionValue as extractAP2TransactionValue, index_extractCredentialsFromProtocol as extractCredentialsFromProtocol, index_extractHttpCredentials as extractHttpCredentials, index_extractMPPContext as extractMPPContext, index_extractMPPFromRequest as extractMPPFromRequest, index_extractMPPFromResponse as extractMPPFromResponse, index_extractMPPTransactionValue as extractMPPTransactionValue, index_extractMcpCredentials as extractMcpCredentials, index_extractUCPContext as extractUCPContext, index_extractUCPTransactionValue as extractUCPTransactionValue, index_extractVIClaims as extractVIClaims, index_extractVITransactionValue as extractVITransactionValue, index_extractX402Context as extractX402Context, index_extractX402FromRequest as extractX402FromRequest, index_extractX402FromResponse as extractX402FromResponse, index_extractX402TransactionValue as extractX402TransactionValue, index_fetchUCPManifest as fetchUCPManifest, index_getTransportExtractor as getTransportExtractor, index_getTransportExtractors as getTransportExtractors, index_isStripeWebhookInformational as isStripeWebhookInformational, index_mapACPRequestToPurpose as mapACPRequestToPurpose, index_mapAP2MandateToPurpose as mapAP2MandateToPurpose, index_mapMPPRequestToPurpose as mapMPPRequestToPurpose, index_mapRFC9421TagToPurpose as mapRFC9421TagToPurpose, index_mapUCPRequestToPurpose as mapUCPRequestToPurpose, index_mapVIMandateToPurpose as mapVIMandateToPurpose, index_mapX402RequestToPurpose as mapX402RequestToPurpose, index_parseRFC9421 as parseRFC9421, index_registerTransportExtractor as registerTransportExtractor, index_runCommercePipeline as runCommercePipeline, index_runMatchingExtractors as runMatchingExtractors, index_setA2AMetadata as setA2AMetadata, index_setHttpHeaders as setHttpHeaders, index_setMcpMeta as setMcpMeta, index_validateUCPManifest as validateUCPManifest, index_verifyACPSignature as verifyACPSignature, index_verifyAP2Chain as verifyAP2Chain, index_verifyMPP as verifyMPP, index_verifyRFC9421 as verifyRFC9421, index_verifyStripeWebhook as verifyStripeWebhook, index_verifyVIChain as verifyVIChain };
 }
 
-export { type RegistryResolver as $, type ACPEndpoint as A, type ConstraintKey as B, type CommerceContext as C, type ConstraintResult as D, type ExtractorRequestLike as E, type IdentityClaim as F, type IdentityResolver as G, type MPPChallengeSummary as H, type IdentityBindingResult as I, type MPPCredentialSummary as J, type MPPIntent as K, type MPPKind as L, type MPPChallengeForValue as M, type MPPReceiptSummary as N, type MPPRequestContext as O, type MPPRequestLike as P, type MPPResponseLike as Q, type MPPVerifyInput as R, type MPPVerifyResult as S, type ParsedRFC9421 as T, type PaymentMethodAllowlistInput as U, type RFC9421SignatureParams as V, type RFC9421Tag as W, type RFC9421VerifyOptions as X, type RFC9421VerifyRequest as Y, type RFC9421VerifyResult as Z, type RegistryName as _, type ACPPaymentTokenType as a, extractX402TransactionValue as a$, type ResolveContext as a0, STRIPE_WEBHOOK_INFORMATIONAL_EVENTS as a1, type SpendingLimitInput as a2, type StripeWebhookInformationalEvent as a3, type TransactionContext as a4, type TransactionValueContext as a5, type TransportExtractor as a6, type UCPCheckoutContext as a7, type UCPManifestValidationResult as a8, type UCPRequestLike as a9, clearTransportExtractors as aA, createMastercardRegistry as aB, createVisaRegistry as aC, createWebBotAuthRegistry as aD, detectProtocol as aE, evaluatePaymentMethodAllowlist as aF, evaluateSpendingLimit as aG, evaluateVIConstraints as aH, extractA2ACredentials as aI, extractACPContext as aJ, extractACPTransactionValue as aK, extractAP2Mandate as aL, extractAP2Mandates as aM, extractAP2TransactionValue as aN, extractCredentialsFromProtocol as aO, extractHttpCredentials as aP, extractMPPContext as aQ, extractMPPFromRequest as aR, extractMPPFromResponse as aS, extractMPPTransactionValue as aT, extractUCPContext as aU, extractUCPTransactionValue as aV, extractVIClaims as aW, extractVITransactionValue as aX, extractX402Context as aY, extractX402FromRequest as aZ, extractX402FromResponse as a_, type UCPTotal as aa, type VIAllowedParty as ab, type VIBudgetLimit as ac, type VIClaimsForValue as ad, type VIConstraintEvalInput as ae, type VIConstraints as af, type VIExecutionMode as ag, type VIExtractedClaims as ah, type VILayer as ai, type VILineItem as aj, type VIMandateType as ak, type VIPaymentAmount as al, type VIRecurrence as am, type VIVerifyInput as an, type VIVerifyResult as ao, type VerifyStripeWebhookOptions as ap, type VerifyStripeWebhookResult as aq, type X402Kind as ar, type X402RequestContext as as, type X402RequestForValue as at, type X402RequestLike as au, type X402RequirementsSummary as av, type X402ResponseLike as aw, applyCredentials as ax, bindIdentity as ay, claim as az, type ACPRequestContext as b, fetchUCPManifest as b0, getTransportExtractor as b1, getTransportExtractors as b2, isStripeWebhookInformational as b3, mapACPRequestToPurpose as b4, mapAP2MandateToPurpose as b5, mapMPPRequestToPurpose as b6, mapRFC9421TagToPurpose as b7, mapUCPRequestToPurpose as b8, mapVIMandateToPurpose as b9, mapX402RequestToPurpose as ba, parseRFC9421 as bb, registerTransportExtractor as bc, runCommercePipeline as bd, runMatchingExtractors as be, setA2AMetadata as bf, setHttpHeaders as bg, validateUCPManifest as bh, verifyACPSignature as bi, verifyAP2Chain as bj, verifyMPP as bk, verifyRFC9421 as bl, verifyStripeWebhook as bm, verifyVIChain as bn, type ACPRequestLike as c, type ACPSignatureAlgorithm as d, extractMcpCredentials as e, type ACPTotal as f, type ACPVerifyInput as g, type ACPVerifyResult as h, index as i, type AP2CartMandateClaims as j, type AP2ChainResult as k, type AP2IntentMandateClaims as l, type AP2MandateClaims as m, type AP2MandateTriple as n, type AP2MandateTripleInput as o, type AP2MandateType as p, type AP2PaymentDetailsTotal as q, type AP2PaymentMandateClaims as r, setMcpMeta as s, type AP2PaymentMandateForValue as t, type AP2VerifyInput as u, type CommercePipelineInput as v, type CommerceProtocol as w, type CommercePurpose as x, type CommerceSignatureStack as y, type ConstraintEvalResult as z };
+export { type SpendingLimitInput as $, type ACPEndpoint as A, type IdentityResolver as B, type CommerceContext as C, type MPPChallengeSummary as D, type ExtractorRequestLike as E, type MPPCredentialSummary as F, type MPPIntent as G, type MPPKind as H, type IdentityBindingResult as I, type MPPReceiptSummary as J, type MPPRequestContext as K, type MPPRequestLike as L, type MPPChallengeForValue as M, type MPPResponseLike as N, type MPPVerifyInput as O, type MPPVerifyResult as P, type ParsedRFC9421 as Q, type PaymentMethodAllowlistInput as R, type RFC9421SignatureParams as S, type RFC9421Tag as T, type RFC9421VerifyOptions as U, type RFC9421VerifyRequest as V, type RFC9421VerifyResult as W, type RegistryName as X, type RegistryResolver as Y, type ResolveContext as Z, STRIPE_WEBHOOK_INFORMATIONAL_EVENTS as _, type ACPPaymentTokenType as a, getTransportExtractor as a$, type StripeWebhookInformationalEvent as a0, type TransactionContext as a1, type TransactionValueContext as a2, type TransportExtractor as a3, type UCPCheckoutContext as a4, type UCPManifestValidationResult as a5, type UCPRequestLike as a6, type UCPTotal as a7, type VIAllowedParty as a8, type VIBudgetLimit as a9, createWebBotAuthRegistry as aA, detectProtocol as aB, evaluatePaymentMethodAllowlist as aC, evaluateSpendingLimit as aD, evaluateVIConstraints as aE, extractA2ACredentials as aF, extractACPContext as aG, extractACPTransactionValue as aH, extractAP2Mandate as aI, extractAP2Mandates as aJ, extractAP2TransactionValue as aK, extractCredentialsFromProtocol as aL, extractHttpCredentials as aM, extractMPPContext as aN, extractMPPFromRequest as aO, extractMPPFromResponse as aP, extractMPPTransactionValue as aQ, extractMcpCredentials as aR, extractUCPContext as aS, extractUCPTransactionValue as aT, extractVIClaims as aU, extractVITransactionValue as aV, extractX402Context as aW, extractX402FromRequest as aX, extractX402FromResponse as aY, extractX402TransactionValue as aZ, fetchUCPManifest as a_, type VIClaimsForValue as aa, type VIConstraintEvalInput as ab, type VIConstraints as ac, type VIExecutionMode as ad, type VIExtractedClaims as ae, type VILayer as af, type VILineItem as ag, type VIMandateType as ah, type VIPaymentAmount as ai, type VIRecurrence as aj, type VIVerifyInput as ak, type VIVerifyResult as al, type VerifyStripeWebhookOptions as am, type VerifyStripeWebhookResult as an, type X402Kind as ao, type X402RequestContext as ap, type X402RequestForValue as aq, type X402RequestLike as ar, type X402RequirementsSummary as as, type X402ResponseLike as at, applyCredentials as au, bindIdentity as av, claim as aw, clearTransportExtractors as ax, createMastercardRegistry as ay, createVisaRegistry as az, type ACPRequestContext as b, getTransportExtractors as b0, index as b1, isStripeWebhookInformational as b2, mapACPRequestToPurpose as b3, mapAP2MandateToPurpose as b4, mapMPPRequestToPurpose as b5, mapRFC9421TagToPurpose as b6, mapUCPRequestToPurpose as b7, mapVIMandateToPurpose as b8, mapX402RequestToPurpose as b9, parseRFC9421 as ba, registerTransportExtractor as bb, runCommercePipeline as bc, runMatchingExtractors as bd, setA2AMetadata as be, setHttpHeaders as bf, setMcpMeta as bg, validateUCPManifest as bh, verifyACPSignature as bi, verifyAP2Chain as bj, verifyMPP as bk, verifyRFC9421 as bl, verifyStripeWebhook as bm, verifyVIChain as bn, type ACPRequestLike as c, type ACPSignatureAlgorithm as d, type ACPTotal as e, type ACPVerifyInput as f, type ACPVerifyResult as g, type AP2CartMandateClaims as h, type AP2ChainResult as i, type AP2IntentMandateClaims as j, type AP2MandateClaims as k, type AP2MandateTriple as l, type AP2MandateTripleInput as m, type AP2MandateType as n, type AP2PaymentDetailsTotal as o, type AP2PaymentMandateClaims as p, type AP2PaymentMandateForValue as q, type AP2VerifyInput as r, type CommercePipelineInput as s, type CommerceProtocol as t, type CommercePurpose as u, type CommerceSignatureStack as v, type ConstraintEvalResult as w, type ConstraintKey as x, type ConstraintResult as y, type IdentityClaim as z };

package/dist/{index-ZkHvXsMo.d.mts → index-D8IEntil.d.mts}

@@ -1,4 +1,4 @@
-import { A as AstraSyncCredentials, g as ProtocolTransport } from './types-CbZOkIr-.mjs';
+import { b as AstraSyncCredentials, f as ProtocolTransport } from './types-L15pYd2c.mjs';
 import { JWK } from 'jose';
 
 /**
@@ -1394,4 +1394,4 @@ declare namespace index {
   export { type index_ACPEndpoint as ACPEndpoint, type index_ACPPaymentTokenType as ACPPaymentTokenType, type index_ACPRequestContext as ACPRequestContext, type index_ACPRequestLike as ACPRequestLike, type index_ACPSignatureAlgorithm as ACPSignatureAlgorithm, type index_ACPTotal as ACPTotal, type index_ACPVerifyInput as ACPVerifyInput, type index_ACPVerifyResult as ACPVerifyResult, type index_AP2CartMandateClaims as AP2CartMandateClaims, type index_AP2ChainResult as AP2ChainResult, type index_AP2IntentMandateClaims as AP2IntentMandateClaims, type index_AP2MandateClaims as AP2MandateClaims, type index_AP2MandateTriple as AP2MandateTriple, type index_AP2MandateTripleInput as AP2MandateTripleInput, type index_AP2MandateType as AP2MandateType, type index_AP2PaymentDetailsTotal as AP2PaymentDetailsTotal, type index_AP2PaymentMandateClaims as AP2PaymentMandateClaims, type index_AP2PaymentMandateForValue as AP2PaymentMandateForValue, type index_AP2VerifyInput as AP2VerifyInput, type index_CommerceContext as CommerceContext, type index_CommercePipelineInput as CommercePipelineInput, type index_CommerceProtocol as CommerceProtocol, type index_CommercePurpose as CommercePurpose, type index_CommerceSignatureStack as CommerceSignatureStack, type index_ConstraintEvalResult as ConstraintEvalResult, type index_ConstraintKey as ConstraintKey, type index_ConstraintResult as ConstraintResult, type index_ExtractorRequestLike as ExtractorRequestLike, type index_IdentityBindingResult as IdentityBindingResult, type index_IdentityClaim as IdentityClaim, type index_IdentityResolver as IdentityResolver, type index_MPPChallengeForValue as MPPChallengeForValue, type index_MPPChallengeSummary as MPPChallengeSummary, type index_MPPCredentialSummary as MPPCredentialSummary, type index_MPPIntent as MPPIntent, type index_MPPKind as MPPKind, type index_MPPReceiptSummary as MPPReceiptSummary, type index_MPPRequestContext as MPPRequestContext, type index_MPPRequestLike as MPPRequestLike, type index_MPPResponseLike as MPPResponseLike, type index_MPPVerifyInput as MPPVerifyInput, type index_MPPVerifyResult as MPPVerifyResult, type index_ParsedRFC9421 as ParsedRFC9421, type index_PaymentMethodAllowlistInput as PaymentMethodAllowlistInput, type index_RFC9421SignatureParams as RFC9421SignatureParams, type index_RFC9421Tag as RFC9421Tag, type index_RFC9421VerifyOptions as RFC9421VerifyOptions, type index_RFC9421VerifyRequest as RFC9421VerifyRequest, type index_RFC9421VerifyResult as RFC9421VerifyResult, type index_RegistryName as RegistryName, type index_RegistryResolver as RegistryResolver, type index_ResolveContext as ResolveContext, index_STRIPE_WEBHOOK_INFORMATIONAL_EVENTS as STRIPE_WEBHOOK_INFORMATIONAL_EVENTS, type index_SpendingLimitInput as SpendingLimitInput, type index_StripeWebhookInformationalEvent as StripeWebhookInformationalEvent, type index_TransactionContext as TransactionContext, type index_TransactionValueContext as TransactionValueContext, type index_TransportExtractor as TransportExtractor, type index_UCPCheckoutContext as UCPCheckoutContext, type index_UCPManifestValidationResult as UCPManifestValidationResult, type index_UCPRequestLike as UCPRequestLike, type index_UCPTotal as UCPTotal, type index_VIAllowedParty as VIAllowedParty, type index_VIBudgetLimit as VIBudgetLimit, type index_VIClaimsForValue as VIClaimsForValue, type index_VIConstraintEvalInput as VIConstraintEvalInput, type index_VIConstraints as VIConstraints, type index_VIExecutionMode as VIExecutionMode, type index_VIExtractedClaims as VIExtractedClaims, type index_VILayer as VILayer, type index_VILineItem as VILineItem, type index_VIMandateType as VIMandateType, type index_VIPaymentAmount as VIPaymentAmount, type index_VIRecurrence as VIRecurrence, type index_VIVerifyInput as VIVerifyInput, type index_VIVerifyResult as VIVerifyResult, type index_VerifyStripeWebhookOptions as VerifyStripeWebhookOptions, type index_VerifyStripeWebhookResult as VerifyStripeWebhookResult, type index_X402Kind as X402Kind, type index_X402RequestContext as X402RequestContext, type index_X402RequestForValue as X402RequestForValue, type index_X402RequestLike as X402RequestLike, type index_X402RequirementsSummary as X402RequirementsSummary, type index_X402ResponseLike as X402ResponseLike, index_applyCredentials as applyCredentials, index_bindIdentity as bindIdentity, index_claim as claim, index_clearTransportExtractors as clearTransportExtractors, index_createMastercardRegistry as createMastercardRegistry, index_createVisaRegistry as createVisaRegistry, index_createWebBotAuthRegistry as createWebBotAuthRegistry, index_detectProtocol as detectProtocol, index_evaluatePaymentMethodAllowlist as evaluatePaymentMethodAllowlist, index_evaluateSpendingLimit as evaluateSpendingLimit, index_evaluateVIConstraints as evaluateVIConstraints, index_extractA2ACredentials as extractA2ACredentials, index_extractACPContext as extractACPContext, index_extractACPTransactionValue as extractACPTransactionValue, index_extractAP2Mandate as extractAP2Mandate, index_extractAP2Mandates as extractAP2Mandates, index_extractAP2TransactionValue as extractAP2TransactionValue, index_extractCredentialsFromProtocol as extractCredentialsFromProtocol, index_extractHttpCredentials as extractHttpCredentials, index_extractMPPContext as extractMPPContext, index_extractMPPFromRequest as extractMPPFromRequest, index_extractMPPFromResponse as extractMPPFromResponse, index_extractMPPTransactionValue as extractMPPTransactionValue, index_extractMcpCredentials as extractMcpCredentials, index_extractUCPContext as extractUCPContext, index_extractUCPTransactionValue as extractUCPTransactionValue, index_extractVIClaims as extractVIClaims, index_extractVITransactionValue as extractVITransactionValue, index_extractX402Context as extractX402Context, index_extractX402FromRequest as extractX402FromRequest, index_extractX402FromResponse as extractX402FromResponse, index_extractX402TransactionValue as extractX402TransactionValue, index_fetchUCPManifest as fetchUCPManifest, index_getTransportExtractor as getTransportExtractor, index_getTransportExtractors as getTransportExtractors, index_isStripeWebhookInformational as isStripeWebhookInformational, index_mapACPRequestToPurpose as mapACPRequestToPurpose, index_mapAP2MandateToPurpose as mapAP2MandateToPurpose, index_mapMPPRequestToPurpose as mapMPPRequestToPurpose, index_mapRFC9421TagToPurpose as mapRFC9421TagToPurpose, index_mapUCPRequestToPurpose as mapUCPRequestToPurpose, index_mapVIMandateToPurpose as mapVIMandateToPurpose, index_mapX402RequestToPurpose as mapX402RequestToPurpose, index_parseRFC9421 as parseRFC9421, index_registerTransportExtractor as registerTransportExtractor, index_runCommercePipeline as runCommercePipeline, index_runMatchingExtractors as runMatchingExtractors, index_setA2AMetadata as setA2AMetadata, index_setHttpHeaders as setHttpHeaders, index_setMcpMeta as setMcpMeta, index_validateUCPManifest as validateUCPManifest, index_verifyACPSignature as verifyACPSignature, index_verifyAP2Chain as verifyAP2Chain, index_verifyMPP as verifyMPP, index_verifyRFC9421 as verifyRFC9421, index_verifyStripeWebhook as verifyStripeWebhook, index_verifyVIChain as verifyVIChain };
 }
 
-export { type RegistryResolver as $, type ACPEndpoint as A, type ConstraintKey as B, type CommerceContext as C, type ConstraintResult as D, type ExtractorRequestLike as E, type IdentityClaim as F, type IdentityResolver as G, type MPPChallengeSummary as H, type IdentityBindingResult as I, type MPPCredentialSummary as J, type MPPIntent as K, type MPPKind as L, type MPPChallengeForValue as M, type MPPReceiptSummary as N, type MPPRequestContext as O, type MPPRequestLike as P, type MPPResponseLike as Q, type MPPVerifyInput as R, type MPPVerifyResult as S, type ParsedRFC9421 as T, type PaymentMethodAllowlistInput as U, type RFC9421SignatureParams as V, type RFC9421Tag as W, type RFC9421VerifyOptions as X, type RFC9421VerifyRequest as Y, type RFC9421VerifyResult as Z, type RegistryName as _, type ACPPaymentTokenType as a, extractX402TransactionValue as a$, type ResolveContext as a0, STRIPE_WEBHOOK_INFORMATIONAL_EVENTS as a1, type SpendingLimitInput as a2, type StripeWebhookInformationalEvent as a3, type TransactionContext as a4, type TransactionValueContext as a5, type TransportExtractor as a6, type UCPCheckoutContext as a7, type UCPManifestValidationResult as a8, type UCPRequestLike as a9, clearTransportExtractors as aA, createMastercardRegistry as aB, createVisaRegistry as aC, createWebBotAuthRegistry as aD, detectProtocol as aE, evaluatePaymentMethodAllowlist as aF, evaluateSpendingLimit as aG, evaluateVIConstraints as aH, extractA2ACredentials as aI, extractACPContext as aJ, extractACPTransactionValue as aK, extractAP2Mandate as aL, extractAP2Mandates as aM, extractAP2TransactionValue as aN, extractCredentialsFromProtocol as aO, extractHttpCredentials as aP, extractMPPContext as aQ, extractMPPFromRequest as aR, extractMPPFromResponse as aS, extractMPPTransactionValue as aT, extractUCPContext as aU, extractUCPTransactionValue as aV, extractVIClaims as aW, extractVITransactionValue as aX, extractX402Context as aY, extractX402FromRequest as aZ, extractX402FromResponse as a_, type UCPTotal as aa, type VIAllowedParty as ab, type VIBudgetLimit as ac, type VIClaimsForValue as ad, type VIConstraintEvalInput as ae, type VIConstraints as af, type VIExecutionMode as ag, type VIExtractedClaims as ah, type VILayer as ai, type VILineItem as aj, type VIMandateType as ak, type VIPaymentAmount as al, type VIRecurrence as am, type VIVerifyInput as an, type VIVerifyResult as ao, type VerifyStripeWebhookOptions as ap, type VerifyStripeWebhookResult as aq, type X402Kind as ar, type X402RequestContext as as, type X402RequestForValue as at, type X402RequestLike as au, type X402RequirementsSummary as av, type X402ResponseLike as aw, applyCredentials as ax, bindIdentity as ay, claim as az, type ACPRequestContext as b, fetchUCPManifest as b0, getTransportExtractor as b1, getTransportExtractors as b2, isStripeWebhookInformational as b3, mapACPRequestToPurpose as b4, mapAP2MandateToPurpose as b5, mapMPPRequestToPurpose as b6, mapRFC9421TagToPurpose as b7, mapUCPRequestToPurpose as b8, mapVIMandateToPurpose as b9, mapX402RequestToPurpose as ba, parseRFC9421 as bb, registerTransportExtractor as bc, runCommercePipeline as bd, runMatchingExtractors as be, setA2AMetadata as bf, setHttpHeaders as bg, validateUCPManifest as bh, verifyACPSignature as bi, verifyAP2Chain as bj, verifyMPP as bk, verifyRFC9421 as bl, verifyStripeWebhook as bm, verifyVIChain as bn, type ACPRequestLike as c, type ACPSignatureAlgorithm as d, extractMcpCredentials as e, type ACPTotal as f, type ACPVerifyInput as g, type ACPVerifyResult as h, index as i, type AP2CartMandateClaims as j, type AP2ChainResult as k, type AP2IntentMandateClaims as l, type AP2MandateClaims as m, type AP2MandateTriple as n, type AP2MandateTripleInput as o, type AP2MandateType as p, type AP2PaymentDetailsTotal as q, type AP2PaymentMandateClaims as r, setMcpMeta as s, type AP2PaymentMandateForValue as t, type AP2VerifyInput as u, type CommercePipelineInput as v, type CommerceProtocol as w, type CommercePurpose as x, type CommerceSignatureStack as y, type ConstraintEvalResult as z };
+export { type SpendingLimitInput as $, type ACPEndpoint as A, type IdentityResolver as B, type CommerceContext as C, type MPPChallengeSummary as D, type ExtractorRequestLike as E, type MPPCredentialSummary as F, type MPPIntent as G, type MPPKind as H, type IdentityBindingResult as I, type MPPReceiptSummary as J, type MPPRequestContext as K, type MPPRequestLike as L, type MPPChallengeForValue as M, type MPPResponseLike as N, type MPPVerifyInput as O, type MPPVerifyResult as P, type ParsedRFC9421 as Q, type PaymentMethodAllowlistInput as R, type RFC9421SignatureParams as S, type RFC9421Tag as T, type RFC9421VerifyOptions as U, type RFC9421VerifyRequest as V, type RFC9421VerifyResult as W, type RegistryName as X, type RegistryResolver as Y, type ResolveContext as Z, STRIPE_WEBHOOK_INFORMATIONAL_EVENTS as _, type ACPPaymentTokenType as a, getTransportExtractor as a$, type StripeWebhookInformationalEvent as a0, type TransactionContext as a1, type TransactionValueContext as a2, type TransportExtractor as a3, type UCPCheckoutContext as a4, type UCPManifestValidationResult as a5, type UCPRequestLike as a6, type UCPTotal as a7, type VIAllowedParty as a8, type VIBudgetLimit as a9, createWebBotAuthRegistry as aA, detectProtocol as aB, evaluatePaymentMethodAllowlist as aC, evaluateSpendingLimit as aD, evaluateVIConstraints as aE, extractA2ACredentials as aF, extractACPContext as aG, extractACPTransactionValue as aH, extractAP2Mandate as aI, extractAP2Mandates as aJ, extractAP2TransactionValue as aK, extractCredentialsFromProtocol as aL, extractHttpCredentials as aM, extractMPPContext as aN, extractMPPFromRequest as aO, extractMPPFromResponse as aP, extractMPPTransactionValue as aQ, extractMcpCredentials as aR, extractUCPContext as aS, extractUCPTransactionValue as aT, extractVIClaims as aU, extractVITransactionValue as aV, extractX402Context as aW, extractX402FromRequest as aX, extractX402FromResponse as aY, extractX402TransactionValue as aZ, fetchUCPManifest as a_, type VIClaimsForValue as aa, type VIConstraintEvalInput as ab, type VIConstraints as ac, type VIExecutionMode as ad, type VIExtractedClaims as ae, type VILayer as af, type VILineItem as ag, type VIMandateType as ah, type VIPaymentAmount as ai, type VIRecurrence as aj, type VIVerifyInput as ak, type VIVerifyResult as al, type VerifyStripeWebhookOptions as am, type VerifyStripeWebhookResult as an, type X402Kind as ao, type X402RequestContext as ap, type X402RequestForValue as aq, type X402RequestLike as ar, type X402RequirementsSummary as as, type X402ResponseLike as at, applyCredentials as au, bindIdentity as av, claim as aw, clearTransportExtractors as ax, createMastercardRegistry as ay, createVisaRegistry as az, type ACPRequestContext as b, getTransportExtractors as b0, index as b1, isStripeWebhookInformational as b2, mapACPRequestToPurpose as b3, mapAP2MandateToPurpose as b4, mapMPPRequestToPurpose as b5, mapRFC9421TagToPurpose as b6, mapUCPRequestToPurpose as b7, mapVIMandateToPurpose as b8, mapX402RequestToPurpose as b9, parseRFC9421 as ba, registerTransportExtractor as bb, runCommercePipeline as bc, runMatchingExtractors as bd, setA2AMetadata as be, setHttpHeaders as bf, setMcpMeta as bg, validateUCPManifest as bh, verifyACPSignature as bi, verifyAP2Chain as bj, verifyMPP as bk, verifyRFC9421 as bl, verifyStripeWebhook as bm, verifyVIChain as bn, type ACPRequestLike as c, type ACPSignatureAlgorithm as d, type ACPTotal as e, type ACPVerifyInput as f, type ACPVerifyResult as g, type AP2CartMandateClaims as h, type AP2ChainResult as i, type AP2IntentMandateClaims as j, type AP2MandateClaims as k, type AP2MandateTriple as l, type AP2MandateTripleInput as m, type AP2MandateType as n, type AP2PaymentDetailsTotal as o, type AP2PaymentMandateClaims as p, type AP2PaymentMandateForValue as q, type AP2VerifyInput as r, type CommercePipelineInput as s, type CommerceProtocol as t, type CommercePurpose as u, type CommerceSignatureStack as v, type ConstraintEvalResult as w, type ConstraintKey as x, type ConstraintResult as y, type IdentityClaim as z };

package/dist/index.d.mts

@@ -1,12 +1,12 @@
-import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, c as VerificationRequest, V as VerificationResult } from './types-CbZOkIr-.mjs';
-export { A as AstraSyncCredentials, d as CommerceShieldProps, C as CounterpartyType, e as EnhancedVerificationResult, E as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-CbZOkIr-.mjs';
-export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, c as getCapabilities, e as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-C8W54WZS.mjs';
-export { e as express } from './express-D5hAJ2Gv.mjs';
-export { n as nextjs } from './nextjs-CFA0J_4x.mjs';
-export { e as extractMcpCredentials, s as setMcpMeta, i as transport } from './index-ZkHvXsMo.mjs';
+import { a as AgentCredentials, G as GatewayConfig, A as AccessLevel, V as VerificationRequest, i as VerificationResult } from './types-L15pYd2c.mjs';
+export { b as AstraSyncCredentials, C as CommerceShieldProps, c as CounterpartyType, E as EnhancedVerificationResult, d as ExpressMiddlewareOptions, e as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, f as ProtocolTransport, R as RouteAccessConfig, g as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, h as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-L15pYd2c.mjs';
+export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-Chhz-FcT.mjs';
+export { e as express } from './express-4WStX3PV.mjs';
+export { n as nextjs } from './nextjs-CjzHdaXA.mjs';
+export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-D8IEntil.mjs';
 export { McpMiddlewareOptions, createMcpMiddleware } from './adapters/mcp.mjs';
-export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, FrameworkConfig, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions } from './registration/index.mjs';
-export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-u08qcXq9.mjs';
+export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, BuildGuidanceParams, FrameworkConfig, GuidanceEnvelope, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions, buildGuidance } from './registration/index.mjs';
+export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-ChPX4WHl.mjs';
 import 'express';
 import 'next/server';
 import 'jose';
@@ -35,10 +35,17 @@ declare function hasCredentials(credentials: AgentCredentials): boolean;
  */
 declare function verify(config: GatewayConfig, request: VerificationRequest): Promise<VerificationResult>;
 /**
- * Quick verification - just check if credentials are valid
+ * Quick verification — checks credentials and policy in one call.
+ *
+ * Round-18 G4: return shape mirrors `VerificationResult`'s split — partners
+ * writing custom handlers around `quickVerify` get the same identity/policy
+ * distinction as those calling `verify()` directly. Map to HTTP status the
+ * same way: `!identityVerified` → 401; `identityVerified && !policyAllowed`
+ * → 403.
  */
 declare function quickVerify(config: GatewayConfig, credentials: AgentCredentials): Promise<{
-    verified: boolean;
+    identityVerified: boolean;
+    policyAllowed: boolean;
     accessLevel: AccessLevel;
     reason?: string;
 }>;
@@ -56,9 +63,13 @@ declare function quickVerify(config: GatewayConfig, credentials: AgentCredential
  * const credentials = extractCredentials(request.headers);
  * const result = await verify(config, { credentials, purpose: 'data-access' });
  *
- * if (result.verified && result.accessLevel !== 'none') {
+ * if (result.identityVerified && result.policyAllowed && result.accessLevel !== 'none') {
  *   // Grant access based on result.accessLevel
  * }
+ *
+ * // Or map to HTTP status codes directly:
+ * if (!result.identityVerified) return res.status(401).json({ ... });   // re-auth
+ * if (!result.policyAllowed)    return res.status(403).json({ ... });   // step up / update PDLSS
  * ```
  *
  * @packageDocumentation

package/dist/index.d.ts

@@ -1,12 +1,12 @@
-import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, c as VerificationRequest, V as VerificationResult } from './types-CbZOkIr-.js';
-export { A as AstraSyncCredentials, d as CommerceShieldProps, C as CounterpartyType, e as EnhancedVerificationResult, E as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-CbZOkIr-.js';
-export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, c as getCapabilities, e as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-CwwCGDzK.js';
-export { e as express } from './express-XCkk7BsJ.js';
-export { n as nextjs } from './nextjs-DP2EpI-4.js';
-export { e as extractMcpCredentials, s as setMcpMeta, i as transport } from './index-WL4d9e9_.js';
+import { a as AgentCredentials, G as GatewayConfig, A as AccessLevel, V as VerificationRequest, i as VerificationResult } from './types-L15pYd2c.js';
+export { b as AstraSyncCredentials, C as CommerceShieldProps, c as CounterpartyType, E as EnhancedVerificationResult, d as ExpressMiddlewareOptions, e as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, f as ProtocolTransport, R as RouteAccessConfig, g as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, h as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-L15pYd2c.js';
+export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-CqTEQAc6.js';
+export { e as express } from './express-C1ePFB7n.js';
+export { n as nextjs } from './nextjs-BIORS__0.js';
+export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-CzJMCgEy.js';
 export { McpMiddlewareOptions, createMcpMiddleware } from './adapters/mcp.js';
-export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, FrameworkConfig, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions } from './registration/index.js';
-export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-CH4TfcbL.js';
+export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, BuildGuidanceParams, FrameworkConfig, GuidanceEnvelope, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions, buildGuidance } from './registration/index.js';
+export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-Cjm-zBeZ.js';
 import 'express';
 import 'next/server';
 import 'jose';
@@ -35,10 +35,17 @@ declare function hasCredentials(credentials: AgentCredentials): boolean;
  */
 declare function verify(config: GatewayConfig, request: VerificationRequest): Promise<VerificationResult>;
 /**
- * Quick verification - just check if credentials are valid
+ * Quick verification — checks credentials and policy in one call.
+ *
+ * Round-18 G4: return shape mirrors `VerificationResult`'s split — partners
+ * writing custom handlers around `quickVerify` get the same identity/policy
+ * distinction as those calling `verify()` directly. Map to HTTP status the
+ * same way: `!identityVerified` → 401; `identityVerified && !policyAllowed`
+ * → 403.
  */
 declare function quickVerify(config: GatewayConfig, credentials: AgentCredentials): Promise<{
-    verified: boolean;
+    identityVerified: boolean;
+    policyAllowed: boolean;
     accessLevel: AccessLevel;
     reason?: string;
 }>;
@@ -56,9 +63,13 @@ declare function quickVerify(config: GatewayConfig, credentials: AgentCredential
  * const credentials = extractCredentials(request.headers);
  * const result = await verify(config, { credentials, purpose: 'data-access' });
  *
- * if (result.verified && result.accessLevel !== 'none') {
+ * if (result.identityVerified && result.policyAllowed && result.accessLevel !== 'none') {
  *   // Grant access based on result.accessLevel
  * }
+ *
+ * // Or map to HTTP status codes directly:
+ * if (!result.identityVerified) return res.status(401).json({ ... });   // re-auth
+ * if (!result.policyAllowed)    return res.status(403).json({ ... });   // step up / update PDLSS
  * ```
  *
  * @packageDocumentation

package/dist/index.js

@@ -45,6 +45,7 @@ __export(src_exports, {
   TRUST_LEVEL_RANGES: () => TRUST_LEVEL_RANGES,
   VERSION: () => VERSION,
   agent: () => agent_exports,
+  buildGuidance: () => buildGuidance,
   clearCache: () => clearCache,
   createMcpMiddleware: () => createMcpMiddleware,
   determineAccessLevel: () => determineAccessLevel,
@@ -188,7 +189,7 @@ function getCapabilities(accessLevel) {
 }
 
 // src/version.ts
-var SDK_VERSION = "2.4.7";
+var SDK_VERSION = "2.4.9";
 
 // src/verify.ts
 var DEFAULT_CONFIG = {
@@ -305,12 +306,17 @@ function createGuidanceResponse(config, reason, options = {}) {
     ]
   };
   return {
-    verified: false,
+    // Round-18 G4: createGuidanceResponse fires for unverified-agent path or
+    // API-error fallback. Identity is not verified (no agent resolved);
+    // policy is not evaluated (we never reached the gate).
+    identityVerified: false,
+    policyAllowed: false,
     // v2.3.9 (defect #30): denials grant `'none'`, NEVER a positive band.
-    // Adapters additionally short-circuit on `verified === false` before
-    // the gate check, but the access level still has to be honest at the
-    // data layer so downstream consumers (SDK adapters in other languages,
-    // custom integrations) inherit the correct semantics.
+    // Adapters additionally short-circuit on `!identityVerified ||
+    // !policyAllowed` before the gate check, but the access level still has
+    // to be honest at the data layer so downstream consumers (SDK adapters
+    // in other languages, custom integrations) inherit the correct
+    // semantics.
     accessLevel: "none",
     guidance,
     denialReasons: reason ? [reason] : ["No valid agent credentials provided"],
@@ -454,15 +460,17 @@ async function verify(config, request) {
   }
   if (!apiResponse.access?.allowed) {
     const aggregatedFailures = apiResponse.access?.failures;
+    const idVerifiedFromBackend = apiResponse.verificationContext?.idVerified === true;
     const result2 = {
-      verified: false,
+      identityVerified: idVerifiedFromBackend,
+      policyAllowed: false,
       // v2.3.9 (defect #30): denials grant `'none'`, NEVER a positive band.
       // Pre-rename this hardcoded `'guidance'`, which conflated with the
       // colocated `guidance: {...}` help-payload object below and let
       // denied requests pass any route gated at `'guidance'` because
       // `hasMinimumAccess('guidance', 'guidance') === true`. Adapters now
-      // ALSO short-circuit on `verified === false` before the gate check —
-      // belt-and-braces.
+      // ALSO short-circuit on `!identityVerified || !policyAllowed` before
+      // the gate check — belt-and-braces.
       accessLevel: "none",
       denialReasons: aggregatedFailures && aggregatedFailures.length > 0 ? aggregatedFailures.map((f) => f.message) : apiResponse.access?.reason ? [apiResponse.access.reason] : ["Access denied"],
       failures: aggregatedFailures,
@@ -506,7 +514,13 @@ async function verify(config, request) {
   const verificationContext = apiResponse.verificationContext;
   const accessLevel = apiResponse.access?.accessLevel ?? "standard";
   const result = {
-    verified: true,
+    // Round-18 G4: backend allowed access. Identity is verified (we resolved
+    // the caller to an agent) and policy passed all gates. Read idVerified
+    // from verificationContext for symmetry with the deny branch; default true
+    // on success path since `access.allowed === true` implies identity was
+    // resolvable (anonymous-allow paths flow through createGuidanceResponse).
+    identityVerified: apiResponse.verificationContext?.idVerified !== false,
+    policyAllowed: true,
     accessLevel,
     agent,
     developer,
@@ -529,7 +543,7 @@ async function verify(config, request) {
     warningHeader: apiResponse.warningHeader
   };
   if (result.recommendation === "deny") {
-    result.verified = false;
+    result.policyAllowed = false;
     result.accessLevel = "none";
     result.denialReasons = result.recommendationReasons || [
       "Access denied by AstraSync recommendation"
@@ -629,7 +643,8 @@ async function quickVerify(config, credentials) {
     purpose: "verification"
   });
   return {
-    verified: result.verified,
+    identityVerified: result.identityVerified,
+    policyAllowed: result.policyAllowed,
     accessLevel: result.accessLevel,
     reason: result.denialReasons?.[0]
   };
@@ -801,12 +816,12 @@ function findRouteConfig(routes, path, method) {
   });
 }
 function defaultOnDenied(result, _req, res) {
-  const statusCode = result.verified ? 403 : 401;
+  const statusCode = !result.identityVerified ? 401 : 403;
   res.setHeader("X-Astra-Gateway-Mode", "enforced");
   res.status(statusCode).json({
     success: false,
     error: {
-      code: result.verified ? "INSUFFICIENT_ACCESS" : "UNAUTHORIZED",
+      code: !result.identityVerified ? "UNAUTHORIZED" : "INSUFFICIENT_ACCESS",
       message: result.denialReasons?.[0] || "Access denied",
       accessLevel: result.accessLevel,
       guidance: result.guidance,
@@ -900,7 +915,8 @@ function createMiddleware(options) {
       const preCheckFailures = performCounterpartyPreCheck(routeConfig, astraCreds, purpose);
       if (preCheckFailures.length > 0) {
         const result2 = {
-          verified: false,
+          identityVerified: false,
+          policyAllowed: false,
           accessLevel: "none",
           denialReasons: preCheckFailures.map((f) => f.message),
           guidance: {
@@ -949,7 +965,7 @@ function createMiddleware(options) {
       });
       req.agentVerification = result;
       const sessionId = result.sessionId;
-      if (!result.verified) {
+      if (!result.identityVerified || !result.policyAllowed) {
         if (shouldRecordDecisions && sessionId) {
           recordDecision(config, sessionId, "denied", result.denialReasons?.[0]).catch(() => {
           });
@@ -1300,7 +1316,8 @@ function createMiddleware2(options) {
     const preCheckFailures = performCounterpartyPreCheck(routeConfig, astraCreds, purpose);
     if (preCheckFailures.length > 0) {
       const preCheckResult = {
-        verified: false,
+        identityVerified: false,
+        policyAllowed: false,
         accessLevel: "none",
         denialReasons: preCheckFailures.map((f) => f.message),
         guidance: {
@@ -1363,20 +1380,22 @@ function createMiddleware2(options) {
         agentCardUrl: request.headers.get("x-astrasync-agent-card") || void 0
       }
     });
-    if (!result.verified || !hasMinimumAccess(result.accessLevel, routeConfig.minAccessLevel)) {
+    if (!result.identityVerified || !result.policyAllowed || !hasMinimumAccess(result.accessLevel, routeConfig.minAccessLevel)) {
       if (pathname.startsWith("/api/")) {
         return NextResponse.json(
           {
             success: false,
             error: {
-              code: result.verified ? "INSUFFICIENT_ACCESS" : "UNAUTHORIZED",
+              // Round-18 G4: 401 → identity missing (re-auth); 403 → identity
+              // OK, policy denied (update PDLSS / step up).
+              code: !result.identityVerified ? "UNAUTHORIZED" : "INSUFFICIENT_ACCESS",
               message: result.denialReasons?.[0] || "Access denied",
               accessLevel: result.accessLevel,
               required: routeConfig.minAccessLevel,
               guidance: result.guidance
             }
           },
-          { status: result.verified ? 403 : 401 }
+          { status: !result.identityVerified ? 401 : 403 }
         );
       }
       if (showCommerceShield) {
@@ -1391,7 +1410,12 @@ function createMiddleware2(options) {
       return NextResponse.redirect(new URL("/unauthorized", request.url));
     }
     const response = NextResponse.next();
-    response.headers.set("X-AstraSync-Verified", result.verified.toString());
+    response.headers.set(
+      "X-AstraSync-Verified",
+      (result.identityVerified && result.policyAllowed).toString()
+    );
+    response.headers.set("X-AstraSync-Identity-Verified", result.identityVerified.toString());
+    response.headers.set("X-AstraSync-Policy-Allowed", result.policyAllowed.toString());
     response.headers.set("X-AstraSync-Access-Level", result.accessLevel);
     if (result.agent) {
       response.headers.set("X-AstraSync-Agent-Id", result.agent.astraId);
@@ -1459,7 +1483,11 @@ var VerificationGatewayClient = class {
     );
   }
   /**
-   * Quick verification - just check if credentials are valid
+   * Quick verification — checks credentials and policy in one call.
+   *
+   * Round-18 G4: return shape mirrors `VerificationResult`'s identity/policy
+   * split. Map to HTTP status the same way: `!identityVerified` → 401,
+   * `identityVerified && !policyAllowed` → 403.
    */
   async quickVerify(credentials) {
     return this.executeWithRetry(() => quickVerify(this.config, credentials));
@@ -4102,13 +4130,16 @@ function readSingleHeader(value) {
 }
 function defaultMcpDenied(result, req, res) {
   const id = req.body?.id ?? null;
-  const status = result.verified ? 403 : 401;
+  const status = !result.identityVerified ? 401 : 403;
   res.setHeader("X-Astra-Gateway-Mode", "enforced");
   res.status(status).json({
     jsonrpc: "2.0",
     id,
     error: {
-      code: result.verified ? -32001 : -32e3,
+      // JSON-RPC error codes:
+      //   -32000 → unauthorized (no identity resolved)
+      //   -32001 → insufficient access (identity OK, policy denied)
+      code: !result.identityVerified ? -32e3 : -32001,
       message: result.denialReasons?.[0] ?? "Access denied",
       data: {
         accessLevel: result.accessLevel,
@@ -4242,7 +4273,7 @@ function createMcpMiddleware(options) {
       req.agentVerification = result;
       const sessionId = result.sessionId;
       const correlationId = result.correlationId;
-      if (!result.verified) {
+      if (!result.identityVerified || !result.policyAllowed) {
         if (shouldRecordDecisions && sessionId) {
           recordDecision(config, sessionId, "denied", result.denialReasons?.[0]).catch(() => {
           });
@@ -4403,10 +4434,15 @@ var AstraSync = class {
       }
     }
     this.baseUrl = raw;
-    this.apiKey = config.apiKey || process.env.ASTRASYNC_API_KEY;
+    this.apiKey = config.disableEnvFallback ? config.apiKey : config.apiKey || process.env.ASTRASYNC_API_KEY;
     this.email = config.email;
     this.password = config.password;
     this.privateKey = config.privateKey;
+    if (!config.apiKey && !config.disableEnvFallback && process.env.ASTRASYNC_API_KEY && !config.silent) {
+      console.warn(
+        "[AstraSync] No apiKey passed to constructor; using process.env.ASTRASYNC_API_KEY. If this code wraps user-facing flows (e.g. MCP tool handlers), pass disableEnvFallback: true to prevent ambient credentials from impersonating callers. See https://astrasync.ai/docs/agent-access#disableenvfallback for details."
+      );
+    }
     if (!this.apiKey && !this.email) {
       throw new AuthenticationError(
         "Authentication required. Provide apiKey, or email+password. Set ASTRASYNC_API_KEY env var or pass config to constructor."
@@ -4654,6 +4690,29 @@ var AstraSync = class {
   }
 };
 
+// src/registration/guidance.ts
+function buildGuidance(params) {
+  const origin = params.origin.replace(/\/+$/, "");
+  const docsPath = params.documentationPath ?? "/docs/agent-access";
+  const message = params.message ?? "AstraSync registration requires credentials.";
+  return {
+    status: "credentials_required",
+    message,
+    guidance: {
+      message: "AstraSync registration requires credentials. Get an account + API key, then call register_agent again.",
+      registrationUrl: `${origin}/register`,
+      documentationUrl: `${origin}${docsPath.startsWith("/") ? docsPath : `/${docsPath}`}`,
+      steps: [
+        "Visit registrationUrl and create an AstraSync account (or log in if you have one).",
+        "Generate an API key from Settings \u2192 API Keys.",
+        "Re-call register_agent with the apiKey populated.",
+        "After registration returns status: pending_approval, the owner approves via email.",
+        "Use poll_registration({ requestId }) to retrieve the astraId once approved."
+      ]
+    }
+  };
+}
+
 // src/agent/index.ts
 var agent_exports = {};
 __export(agent_exports, {
@@ -4987,6 +5046,7 @@ var VERSION = "2.0.0";
   TRUST_LEVEL_RANGES,
   VERSION,
   agent,
+  buildGuidance,
   clearCache,
   createMcpMiddleware,
   determineAccessLevel,