@astrasyncai/verification-gateway 2.5.1 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter-interface/interface.d.mts +2 -2
- package/dist/adapter-interface/interface.d.ts +2 -2
- package/dist/adapters/express.d.mts +2 -2
- package/dist/adapters/express.d.ts +2 -2
- package/dist/adapters/express.js +123 -33
- package/dist/adapters/express.js.map +1 -1
- package/dist/adapters/express.mjs +123 -33
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/mcp.d.mts +20 -7
- package/dist/adapters/mcp.d.ts +20 -7
- package/dist/adapters/mcp.js +6 -3
- package/dist/adapters/mcp.js.map +1 -1
- package/dist/adapters/mcp.mjs +6 -3
- package/dist/adapters/mcp.mjs.map +1 -1
- package/dist/adapters/nextjs.d.mts +2 -2
- package/dist/adapters/nextjs.d.ts +2 -2
- package/dist/adapters/nextjs.js +107 -28
- package/dist/adapters/nextjs.js.map +1 -1
- package/dist/adapters/nextjs.mjs +107 -28
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/adapters/sdk.d.mts +2 -2
- package/dist/adapters/sdk.d.ts +2 -2
- package/dist/adapters/sdk.js +1 -1
- package/dist/adapters/sdk.js.map +1 -1
- package/dist/adapters/sdk.mjs +1 -1
- package/dist/adapters/sdk.mjs.map +1 -1
- package/dist/agent/index.d.mts +2 -2
- package/dist/agent/index.d.ts +2 -2
- package/dist/agent/index.js +3 -0
- package/dist/agent/index.js.map +1 -1
- package/dist/agent/index.mjs +3 -0
- package/dist/agent/index.mjs.map +1 -1
- package/dist/browser/background.js +1 -1
- package/dist/browser/background.js.map +1 -1
- package/dist/browser/background.mjs +1 -1
- package/dist/browser/background.mjs.map +1 -1
- package/dist/browser/browser-adapter.d.mts +2 -2
- package/dist/browser/browser-adapter.d.ts +2 -2
- package/dist/cli/index.d.mts +2 -2
- package/dist/cli/index.d.ts +2 -2
- package/dist/cursor/cursor-adapter.d.mts +2 -2
- package/dist/cursor/cursor-adapter.d.ts +2 -2
- package/dist/cursor/extension.d.mts +2 -2
- package/dist/cursor/extension.d.ts +2 -2
- package/dist/cursor/extension.js +1 -1
- package/dist/cursor/extension.js.map +1 -1
- package/dist/cursor/extension.mjs +1 -1
- package/dist/cursor/extension.mjs.map +1 -1
- package/dist/{express-ienhAXps.d.mts → express-DFVBlXr_.d.mts} +1 -1
- package/dist/{express-CrfwoNAR.d.ts → express-DavQ76oF.d.ts} +1 -1
- package/dist/gateway/gateway.d.mts +2 -2
- package/dist/gateway/gateway.d.ts +2 -2
- package/dist/gateway/gateway.js +1 -1
- package/dist/gateway/gateway.js.map +1 -1
- package/dist/gateway/gateway.mjs +1 -1
- package/dist/gateway/gateway.mjs.map +1 -1
- package/dist/git-trigger/git-hooks.d.mts +2 -2
- package/dist/git-trigger/git-hooks.d.ts +2 -2
- package/dist/{index-B5e2IDWU.d.mts → index-BVxantdv.d.mts} +1 -1
- package/dist/{index-DC5f8eoQ.d.ts → index-BhEgEiJL.d.ts} +1 -1
- package/dist/{index-CEg_WG6y.d.mts → index-BhL2R65s.d.mts} +1 -1
- package/dist/{index-CCdZxvAr.d.ts → index-Dk2nIA4w.d.ts} +1 -1
- package/dist/index.d.mts +7 -7
- package/dist/index.d.ts +7 -7
- package/dist/index.js +164 -72
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +164 -72
- package/dist/index.mjs.map +1 -1
- package/dist/local-evaluator/evaluator.d.mts +2 -2
- package/dist/local-evaluator/evaluator.d.ts +2 -2
- package/dist/{nextjs-66R1KW8e.d.ts → nextjs-BXLH1hJj.d.ts} +1 -1
- package/dist/{nextjs-DSpisQst.d.mts → nextjs-D-maqrNz.d.mts} +1 -1
- package/dist/registration/index.d.mts +4 -3
- package/dist/registration/index.d.ts +4 -3
- package/dist/registration/index.js +4 -1
- package/dist/registration/index.js.map +1 -1
- package/dist/registration/index.mjs +4 -1
- package/dist/registration/index.mjs.map +1 -1
- package/dist/{sdk-5U_CBRpr.d.mts → sdk-767LaEP8.d.mts} +1 -1
- package/dist/{sdk-Bm8np66n.d.ts → sdk-K8IgssHI.d.ts} +1 -1
- package/dist/transport/index.d.mts +2 -2
- package/dist/transport/index.d.ts +2 -2
- package/dist/transport/index.js +10 -0
- package/dist/transport/index.js.map +1 -1
- package/dist/transport/index.mjs +10 -0
- package/dist/transport/index.mjs.map +1 -1
- package/dist/{types-B3USs-Kx.d.mts → types-Cuh7ELfr.d.mts} +25 -0
- package/dist/{types-B3USs-Kx.d.ts → types-Cuh7ELfr.d.ts} +25 -0
- package/dist/{types-CgDCUfo8.d.mts → types-CyFwZ_Yu.d.mts} +1 -1
- package/dist/{types-R5N4ET6x.d.ts → types-WIRp_BP_.d.ts} +1 -1
- package/dist/ui/index.d.mts +1 -1
- package/dist/ui/index.d.ts +1 -1
- package/package.json +1 -1
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { AstraSyncGateway } from '../gateway/gateway.mjs';
|
|
2
|
-
import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-
|
|
3
|
-
import '../types-
|
|
2
|
+
import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-CyFwZ_Yu.mjs';
|
|
3
|
+
import '../types-Cuh7ELfr.mjs';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* PlatformAdapter Interface
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { AstraSyncGateway } from '../gateway/gateway.js';
|
|
2
|
-
import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-
|
|
3
|
-
import '../types-
|
|
2
|
+
import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-WIRp_BP_.js';
|
|
3
|
+
import '../types-Cuh7ELfr.js';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* PlatformAdapter Interface
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import 'express';
|
|
2
|
-
import '../types-
|
|
3
|
-
export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-
|
|
2
|
+
import '../types-Cuh7ELfr.mjs';
|
|
3
|
+
export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-DFVBlXr_.mjs';
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import 'express';
|
|
2
|
-
import '../types-
|
|
3
|
-
export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-
|
|
2
|
+
import '../types-Cuh7ELfr.js';
|
|
3
|
+
export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-DavQ76oF.js';
|
package/dist/adapters/express.js
CHANGED
|
@@ -45,7 +45,7 @@ function hasMinimumAccess(actual, required) {
|
|
|
45
45
|
}
|
|
46
46
|
|
|
47
47
|
// src/version.ts
|
|
48
|
-
var SDK_VERSION = "
|
|
48
|
+
var SDK_VERSION = "3.1.0";
|
|
49
49
|
|
|
50
50
|
// src/well-known.ts
|
|
51
51
|
var CACHE_TTL_MS = 60 * 60 * 1e3;
|
|
@@ -603,6 +603,13 @@ function extractHttpCredentials(headers) {
|
|
|
603
603
|
purpose: { category, action }
|
|
604
604
|
};
|
|
605
605
|
}
|
|
606
|
+
const astraAction = getValue(`${HEADER_PREFIX}Action`) ?? getValue("x-astra-action");
|
|
607
|
+
if (astraAction) {
|
|
608
|
+
credentials.pdlss = {
|
|
609
|
+
...credentials.pdlss,
|
|
610
|
+
purpose: { category: credentials.pdlss?.purpose?.category ?? "", action: astraAction }
|
|
611
|
+
};
|
|
612
|
+
}
|
|
606
613
|
const duration = getValue(`${HEADER_PREFIX}Duration`) ?? getValue("x-astra-duration");
|
|
607
614
|
if (duration) {
|
|
608
615
|
credentials.pdlss = {
|
|
@@ -620,6 +627,85 @@ function extractHttpCredentials(headers) {
|
|
|
620
627
|
return credentials;
|
|
621
628
|
}
|
|
622
629
|
|
|
630
|
+
// src/adapters/http-pdlss.ts
|
|
631
|
+
var HTTP_METHOD_ACTION_TABLE = {
|
|
632
|
+
GET: "data.read",
|
|
633
|
+
HEAD: "data.read",
|
|
634
|
+
OPTIONS: "data.read",
|
|
635
|
+
POST: "data.write",
|
|
636
|
+
PUT: "data.write",
|
|
637
|
+
PATCH: "data.write",
|
|
638
|
+
DELETE: "data.delete"
|
|
639
|
+
};
|
|
640
|
+
var DEFAULT_HTTP_ACTION = "data.write";
|
|
641
|
+
var DEFAULT_HTTP_PURPOSE = "data";
|
|
642
|
+
function actionForHttpMethod(method) {
|
|
643
|
+
return HTTP_METHOD_ACTION_TABLE[method.toUpperCase()] ?? DEFAULT_HTTP_ACTION;
|
|
644
|
+
}
|
|
645
|
+
function normalizePurposeHeader(value) {
|
|
646
|
+
const colon = value.indexOf(":");
|
|
647
|
+
if (colon >= 0) {
|
|
648
|
+
return { purpose: value.slice(0, colon) };
|
|
649
|
+
}
|
|
650
|
+
const dot = value.indexOf(".");
|
|
651
|
+
if (dot > 0 && dot < value.length - 1) {
|
|
652
|
+
return { purpose: value.slice(0, dot), actionCandidate: value };
|
|
653
|
+
}
|
|
654
|
+
return { purpose: value };
|
|
655
|
+
}
|
|
656
|
+
function resolveHttpPdlss(input) {
|
|
657
|
+
const fromHeader = input.astraPurpose ? normalizePurposeHeader(input.astraPurpose) : void 0;
|
|
658
|
+
let action;
|
|
659
|
+
let actionSource;
|
|
660
|
+
if (input.routeAction) {
|
|
661
|
+
action = input.routeAction;
|
|
662
|
+
actionSource = "route_config";
|
|
663
|
+
} else if (input.hasCustomActionExtractor && input.customAction) {
|
|
664
|
+
action = input.customAction;
|
|
665
|
+
actionSource = "custom_extractor";
|
|
666
|
+
} else if (!input.hasCustomActionExtractor && input.astraAction) {
|
|
667
|
+
action = input.astraAction;
|
|
668
|
+
actionSource = "header";
|
|
669
|
+
} else if (!input.hasCustomActionExtractor && fromHeader?.actionCandidate) {
|
|
670
|
+
action = fromHeader.actionCandidate;
|
|
671
|
+
actionSource = "purpose_header_derived";
|
|
672
|
+
} else {
|
|
673
|
+
action = actionForHttpMethod(input.method);
|
|
674
|
+
actionSource = "method_table";
|
|
675
|
+
}
|
|
676
|
+
let purpose;
|
|
677
|
+
let purposeSource;
|
|
678
|
+
if (input.routePurpose) {
|
|
679
|
+
purpose = input.routePurpose;
|
|
680
|
+
purposeSource = "route_config";
|
|
681
|
+
} else if (input.hasCustomPurposeExtractor) {
|
|
682
|
+
if (input.customPurpose) {
|
|
683
|
+
purpose = input.customPurpose;
|
|
684
|
+
purposeSource = "custom_extractor";
|
|
685
|
+
}
|
|
686
|
+
} else if (fromHeader) {
|
|
687
|
+
purpose = fromHeader.purpose;
|
|
688
|
+
purposeSource = "header";
|
|
689
|
+
} else if (input.legacyPurpose) {
|
|
690
|
+
purpose = input.legacyPurpose;
|
|
691
|
+
purposeSource = "legacy_header";
|
|
692
|
+
} else if (input.queryPurpose) {
|
|
693
|
+
purpose = input.queryPurpose;
|
|
694
|
+
purposeSource = "query";
|
|
695
|
+
}
|
|
696
|
+
if (!purpose) {
|
|
697
|
+
const dot = action.indexOf(".");
|
|
698
|
+
if (dot > 0) {
|
|
699
|
+
purpose = action.slice(0, dot);
|
|
700
|
+
purposeSource = "action_derived";
|
|
701
|
+
} else {
|
|
702
|
+
purpose = DEFAULT_HTTP_PURPOSE;
|
|
703
|
+
purposeSource = "transport_default";
|
|
704
|
+
}
|
|
705
|
+
}
|
|
706
|
+
return { purpose, action, purposeSource, actionSource };
|
|
707
|
+
}
|
|
708
|
+
|
|
623
709
|
// src/pdlss-pre-check.ts
|
|
624
710
|
function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
|
|
625
711
|
const failures = [];
|
|
@@ -678,33 +764,25 @@ function defaultExtractCredentials(req) {
|
|
|
678
764
|
function extractAstraSyncCredentials(req) {
|
|
679
765
|
return extractHttpCredentials(req.headers);
|
|
680
766
|
}
|
|
681
|
-
function
|
|
682
|
-
|
|
683
|
-
if (
|
|
684
|
-
|
|
685
|
-
|
|
686
|
-
|
|
687
|
-
|
|
688
|
-
|
|
689
|
-
|
|
690
|
-
|
|
691
|
-
|
|
692
|
-
|
|
693
|
-
|
|
694
|
-
|
|
695
|
-
|
|
696
|
-
|
|
697
|
-
|
|
698
|
-
|
|
699
|
-
|
|
700
|
-
case "PUT":
|
|
701
|
-
case "PATCH":
|
|
702
|
-
return "write_data";
|
|
703
|
-
case "DELETE":
|
|
704
|
-
return "delete_data";
|
|
705
|
-
default:
|
|
706
|
-
return "general";
|
|
707
|
-
}
|
|
767
|
+
function headerValue(value) {
|
|
768
|
+
if (typeof value === "string") return value;
|
|
769
|
+
if (Array.isArray(value)) return value[0];
|
|
770
|
+
return void 0;
|
|
771
|
+
}
|
|
772
|
+
function resolveRequestPdlss(req, routeConfig, customExtractPurpose, customExtractAction) {
|
|
773
|
+
return resolveHttpPdlss({
|
|
774
|
+
method: req.method,
|
|
775
|
+
astraPurpose: headerValue(req.headers["x-astra-purpose"]),
|
|
776
|
+
astraAction: headerValue(req.headers["x-astra-action"]),
|
|
777
|
+
legacyPurpose: headerValue(req.headers["x-purpose"] ?? req.headers["X-Purpose"]),
|
|
778
|
+
queryPurpose: typeof req.query.purpose === "string" ? req.query.purpose : void 0,
|
|
779
|
+
routePurpose: routeConfig?.purpose,
|
|
780
|
+
routeAction: routeConfig?.action,
|
|
781
|
+
hasCustomPurposeExtractor: !!customExtractPurpose,
|
|
782
|
+
customPurpose: customExtractPurpose?.(req),
|
|
783
|
+
hasCustomActionExtractor: !!customExtractAction,
|
|
784
|
+
customAction: customExtractAction?.(req)
|
|
785
|
+
});
|
|
708
786
|
}
|
|
709
787
|
function matchRoute(pattern, path, opts) {
|
|
710
788
|
const regexPattern = pattern.replace(/\*/g, ".*").replace(/\//g, "\\/");
|
|
@@ -764,6 +842,7 @@ function createMiddleware(options) {
|
|
|
764
842
|
const {
|
|
765
843
|
extractCredentials: customExtractCredentials,
|
|
766
844
|
extractPurpose: customExtractPurpose,
|
|
845
|
+
extractAction: customExtractAction,
|
|
767
846
|
skipPaths = [],
|
|
768
847
|
onDenied = defaultOnDenied,
|
|
769
848
|
recordDecisions,
|
|
@@ -849,7 +928,21 @@ function createMiddleware(options) {
|
|
|
849
928
|
}
|
|
850
929
|
return next();
|
|
851
930
|
}
|
|
852
|
-
const
|
|
931
|
+
const pdlssPair = resolveRequestPdlss(
|
|
932
|
+
req,
|
|
933
|
+
routeConfig,
|
|
934
|
+
customExtractPurpose,
|
|
935
|
+
customExtractAction
|
|
936
|
+
);
|
|
937
|
+
const purpose = pdlssPair.purpose;
|
|
938
|
+
if (config.debug) {
|
|
939
|
+
console.debug("[express-middleware] pdlss resolved", {
|
|
940
|
+
purpose_source: pdlssPair.purposeSource,
|
|
941
|
+
resolved_purpose: pdlssPair.purpose,
|
|
942
|
+
action_source: pdlssPair.actionSource,
|
|
943
|
+
resolved_action: pdlssPair.action
|
|
944
|
+
});
|
|
945
|
+
}
|
|
853
946
|
const astraCreds = extractAstraSyncCredentials(req);
|
|
854
947
|
const counterpartyUrl = config.counterpartyUrl || `${req.protocol}://${req.get("host")}`;
|
|
855
948
|
const preCheckFailures = performCounterpartyPreCheck(routeConfig, astraCreds, purpose);
|
|
@@ -893,10 +986,7 @@ function createMiddleware(options) {
|
|
|
893
986
|
const result = await verify(config, {
|
|
894
987
|
credentials,
|
|
895
988
|
purpose,
|
|
896
|
-
|
|
897
|
-
// Backend evaluator tolerates either case as defense-in-depth
|
|
898
|
-
// (round-18.6 batch 2); SDK emits canonical form.
|
|
899
|
-
action: req.method.toUpperCase(),
|
|
989
|
+
action: pdlssPair.action,
|
|
900
990
|
resource: req.path,
|
|
901
991
|
createSession: shouldRecordDecisions,
|
|
902
992
|
counterpartyUrl,
|