@astrasyncai/verification-gateway 2.5.1 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (93) hide show
  1. package/dist/adapter-interface/interface.d.mts +2 -2
  2. package/dist/adapter-interface/interface.d.ts +2 -2
  3. package/dist/adapters/express.d.mts +2 -2
  4. package/dist/adapters/express.d.ts +2 -2
  5. package/dist/adapters/express.js +123 -33
  6. package/dist/adapters/express.js.map +1 -1
  7. package/dist/adapters/express.mjs +123 -33
  8. package/dist/adapters/express.mjs.map +1 -1
  9. package/dist/adapters/mcp.d.mts +20 -7
  10. package/dist/adapters/mcp.d.ts +20 -7
  11. package/dist/adapters/mcp.js +6 -3
  12. package/dist/adapters/mcp.js.map +1 -1
  13. package/dist/adapters/mcp.mjs +6 -3
  14. package/dist/adapters/mcp.mjs.map +1 -1
  15. package/dist/adapters/nextjs.d.mts +2 -2
  16. package/dist/adapters/nextjs.d.ts +2 -2
  17. package/dist/adapters/nextjs.js +107 -28
  18. package/dist/adapters/nextjs.js.map +1 -1
  19. package/dist/adapters/nextjs.mjs +107 -28
  20. package/dist/adapters/nextjs.mjs.map +1 -1
  21. package/dist/adapters/sdk.d.mts +2 -2
  22. package/dist/adapters/sdk.d.ts +2 -2
  23. package/dist/adapters/sdk.js +1 -1
  24. package/dist/adapters/sdk.js.map +1 -1
  25. package/dist/adapters/sdk.mjs +1 -1
  26. package/dist/adapters/sdk.mjs.map +1 -1
  27. package/dist/agent/index.d.mts +2 -2
  28. package/dist/agent/index.d.ts +2 -2
  29. package/dist/agent/index.js +3 -0
  30. package/dist/agent/index.js.map +1 -1
  31. package/dist/agent/index.mjs +3 -0
  32. package/dist/agent/index.mjs.map +1 -1
  33. package/dist/browser/background.js +1 -1
  34. package/dist/browser/background.js.map +1 -1
  35. package/dist/browser/background.mjs +1 -1
  36. package/dist/browser/background.mjs.map +1 -1
  37. package/dist/browser/browser-adapter.d.mts +2 -2
  38. package/dist/browser/browser-adapter.d.ts +2 -2
  39. package/dist/cli/index.d.mts +2 -2
  40. package/dist/cli/index.d.ts +2 -2
  41. package/dist/cursor/cursor-adapter.d.mts +2 -2
  42. package/dist/cursor/cursor-adapter.d.ts +2 -2
  43. package/dist/cursor/extension.d.mts +2 -2
  44. package/dist/cursor/extension.d.ts +2 -2
  45. package/dist/cursor/extension.js +1 -1
  46. package/dist/cursor/extension.js.map +1 -1
  47. package/dist/cursor/extension.mjs +1 -1
  48. package/dist/cursor/extension.mjs.map +1 -1
  49. package/dist/{express-ienhAXps.d.mts → express-DFVBlXr_.d.mts} +1 -1
  50. package/dist/{express-CrfwoNAR.d.ts → express-DavQ76oF.d.ts} +1 -1
  51. package/dist/gateway/gateway.d.mts +2 -2
  52. package/dist/gateway/gateway.d.ts +2 -2
  53. package/dist/gateway/gateway.js +1 -1
  54. package/dist/gateway/gateway.js.map +1 -1
  55. package/dist/gateway/gateway.mjs +1 -1
  56. package/dist/gateway/gateway.mjs.map +1 -1
  57. package/dist/git-trigger/git-hooks.d.mts +2 -2
  58. package/dist/git-trigger/git-hooks.d.ts +2 -2
  59. package/dist/{index-B5e2IDWU.d.mts → index-BVxantdv.d.mts} +1 -1
  60. package/dist/{index-DC5f8eoQ.d.ts → index-BhEgEiJL.d.ts} +1 -1
  61. package/dist/{index-CEg_WG6y.d.mts → index-BhL2R65s.d.mts} +1 -1
  62. package/dist/{index-CCdZxvAr.d.ts → index-Dk2nIA4w.d.ts} +1 -1
  63. package/dist/index.d.mts +7 -7
  64. package/dist/index.d.ts +7 -7
  65. package/dist/index.js +164 -72
  66. package/dist/index.js.map +1 -1
  67. package/dist/index.mjs +164 -72
  68. package/dist/index.mjs.map +1 -1
  69. package/dist/local-evaluator/evaluator.d.mts +2 -2
  70. package/dist/local-evaluator/evaluator.d.ts +2 -2
  71. package/dist/{nextjs-66R1KW8e.d.ts → nextjs-BXLH1hJj.d.ts} +1 -1
  72. package/dist/{nextjs-DSpisQst.d.mts → nextjs-D-maqrNz.d.mts} +1 -1
  73. package/dist/registration/index.d.mts +4 -3
  74. package/dist/registration/index.d.ts +4 -3
  75. package/dist/registration/index.js +4 -1
  76. package/dist/registration/index.js.map +1 -1
  77. package/dist/registration/index.mjs +4 -1
  78. package/dist/registration/index.mjs.map +1 -1
  79. package/dist/{sdk-5U_CBRpr.d.mts → sdk-767LaEP8.d.mts} +1 -1
  80. package/dist/{sdk-Bm8np66n.d.ts → sdk-K8IgssHI.d.ts} +1 -1
  81. package/dist/transport/index.d.mts +2 -2
  82. package/dist/transport/index.d.ts +2 -2
  83. package/dist/transport/index.js +10 -0
  84. package/dist/transport/index.js.map +1 -1
  85. package/dist/transport/index.mjs +10 -0
  86. package/dist/transport/index.mjs.map +1 -1
  87. package/dist/{types-B3USs-Kx.d.mts → types-Cuh7ELfr.d.mts} +25 -0
  88. package/dist/{types-B3USs-Kx.d.ts → types-Cuh7ELfr.d.ts} +25 -0
  89. package/dist/{types-CgDCUfo8.d.mts → types-CyFwZ_Yu.d.mts} +1 -1
  90. package/dist/{types-R5N4ET6x.d.ts → types-WIRp_BP_.d.ts} +1 -1
  91. package/dist/ui/index.d.mts +1 -1
  92. package/dist/ui/index.d.ts +1 -1
  93. package/package.json +1 -1
@@ -18,7 +18,7 @@ function hasMinimumAccess(actual, required) {
18
18
  }
19
19
 
20
20
  // src/version.ts
21
- var SDK_VERSION = "2.4.13";
21
+ var SDK_VERSION = "3.1.0";
22
22
 
23
23
  // src/well-known.ts
24
24
  var CACHE_TTL_MS = 60 * 60 * 1e3;
@@ -468,6 +468,13 @@ function extractHttpCredentials(headers) {
468
468
  purpose: { category, action }
469
469
  };
470
470
  }
471
+ const astraAction = getValue(`${HEADER_PREFIX}Action`) ?? getValue("x-astra-action");
472
+ if (astraAction) {
473
+ credentials.pdlss = {
474
+ ...credentials.pdlss,
475
+ purpose: { category: credentials.pdlss?.purpose?.category ?? "", action: astraAction }
476
+ };
477
+ }
471
478
  const duration = getValue(`${HEADER_PREFIX}Duration`) ?? getValue("x-astra-duration");
472
479
  if (duration) {
473
480
  credentials.pdlss = {
@@ -533,6 +540,85 @@ function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
533
540
  return failures;
534
541
  }
535
542
 
543
+ // src/adapters/http-pdlss.ts
544
+ var HTTP_METHOD_ACTION_TABLE = {
545
+ GET: "data.read",
546
+ HEAD: "data.read",
547
+ OPTIONS: "data.read",
548
+ POST: "data.write",
549
+ PUT: "data.write",
550
+ PATCH: "data.write",
551
+ DELETE: "data.delete"
552
+ };
553
+ var DEFAULT_HTTP_ACTION = "data.write";
554
+ var DEFAULT_HTTP_PURPOSE = "data";
555
+ function actionForHttpMethod(method) {
556
+ return HTTP_METHOD_ACTION_TABLE[method.toUpperCase()] ?? DEFAULT_HTTP_ACTION;
557
+ }
558
+ function normalizePurposeHeader(value) {
559
+ const colon = value.indexOf(":");
560
+ if (colon >= 0) {
561
+ return { purpose: value.slice(0, colon) };
562
+ }
563
+ const dot = value.indexOf(".");
564
+ if (dot > 0 && dot < value.length - 1) {
565
+ return { purpose: value.slice(0, dot), actionCandidate: value };
566
+ }
567
+ return { purpose: value };
568
+ }
569
+ function resolveHttpPdlss(input) {
570
+ const fromHeader = input.astraPurpose ? normalizePurposeHeader(input.astraPurpose) : void 0;
571
+ let action;
572
+ let actionSource;
573
+ if (input.routeAction) {
574
+ action = input.routeAction;
575
+ actionSource = "route_config";
576
+ } else if (input.hasCustomActionExtractor && input.customAction) {
577
+ action = input.customAction;
578
+ actionSource = "custom_extractor";
579
+ } else if (!input.hasCustomActionExtractor && input.astraAction) {
580
+ action = input.astraAction;
581
+ actionSource = "header";
582
+ } else if (!input.hasCustomActionExtractor && fromHeader?.actionCandidate) {
583
+ action = fromHeader.actionCandidate;
584
+ actionSource = "purpose_header_derived";
585
+ } else {
586
+ action = actionForHttpMethod(input.method);
587
+ actionSource = "method_table";
588
+ }
589
+ let purpose;
590
+ let purposeSource;
591
+ if (input.routePurpose) {
592
+ purpose = input.routePurpose;
593
+ purposeSource = "route_config";
594
+ } else if (input.hasCustomPurposeExtractor) {
595
+ if (input.customPurpose) {
596
+ purpose = input.customPurpose;
597
+ purposeSource = "custom_extractor";
598
+ }
599
+ } else if (fromHeader) {
600
+ purpose = fromHeader.purpose;
601
+ purposeSource = "header";
602
+ } else if (input.legacyPurpose) {
603
+ purpose = input.legacyPurpose;
604
+ purposeSource = "legacy_header";
605
+ } else if (input.queryPurpose) {
606
+ purpose = input.queryPurpose;
607
+ purposeSource = "query";
608
+ }
609
+ if (!purpose) {
610
+ const dot = action.indexOf(".");
611
+ if (dot > 0) {
612
+ purpose = action.slice(0, dot);
613
+ purposeSource = "action_derived";
614
+ } else {
615
+ purpose = DEFAULT_HTTP_PURPOSE;
616
+ purposeSource = "transport_default";
617
+ }
618
+ }
619
+ return { purpose, action, purposeSource, actionSource };
620
+ }
621
+
536
622
  // src/adapters/nextjs.ts
537
623
  function escapeHtml(value) {
538
624
  return value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
@@ -593,28 +679,15 @@ function extractAstraSyncCredentialsFromNextRequest(request) {
593
679
  });
594
680
  return extractHttpCredentials(headers);
595
681
  }
596
- function extractPurpose(request) {
597
- const astraPurpose = request.headers.get("x-astra-purpose");
598
- if (astraPurpose) {
599
- return astraPurpose.split(":")[0];
600
- }
601
- const purposeHeader = request.headers.get("x-purpose");
602
- if (purposeHeader) {
603
- return purposeHeader;
604
- }
605
- switch (request.method.toUpperCase()) {
606
- case "GET":
607
- return "read_data";
608
- case "POST":
609
- return "write_data";
610
- case "PUT":
611
- case "PATCH":
612
- return "write_data";
613
- case "DELETE":
614
- return "delete_data";
615
- default:
616
- return "general";
617
- }
682
+ function resolveNextPdlss(request, routeConfig) {
683
+ return resolveHttpPdlss({
684
+ method: request.method,
685
+ astraPurpose: request.headers.get("x-astra-purpose") ?? void 0,
686
+ astraAction: request.headers.get("x-astra-action") ?? void 0,
687
+ legacyPurpose: request.headers.get("x-purpose") ?? void 0,
688
+ routePurpose: routeConfig?.purpose,
689
+ routeAction: routeConfig?.action
690
+ });
618
691
  }
619
692
  function generateCommerceShieldHtml(result, options) {
620
693
  const title = escapeHtml(options.commerceShield?.title || "AstraSync Agent Verification");
@@ -827,7 +900,16 @@ function createMiddleware(options) {
827
900
  }
828
901
  const credentials = extractCredentialsFromNextRequest(request);
829
902
  const counterpartyUrl = config.counterpartyUrl || request.nextUrl.origin;
830
- const purpose = extractPurpose(request);
903
+ const pdlssPair = resolveNextPdlss(request, routeConfig);
904
+ const purpose = pdlssPair.purpose;
905
+ if (config.debug) {
906
+ console.debug("[nextjs-middleware] pdlss resolved", {
907
+ purpose_source: pdlssPair.purposeSource,
908
+ resolved_purpose: pdlssPair.purpose,
909
+ action_source: pdlssPair.actionSource,
910
+ resolved_action: pdlssPair.action
911
+ });
912
+ }
831
913
  const astraCreds = extractAstraSyncCredentialsFromNextRequest(request);
832
914
  const preCheckFailures = performCounterpartyPreCheck(routeConfig, astraCreds, purpose);
833
915
  if (preCheckFailures.length > 0) {
@@ -881,10 +963,7 @@ function createMiddleware(options) {
881
963
  const result = await verify(config, {
882
964
  credentials,
883
965
  purpose,
884
- // RFC 7230 § 3.1.1 — HTTP method tokens uppercase by IANA convention.
885
- // Backend evaluator tolerates either case as defense-in-depth
886
- // (round-18.6 batch 2); SDK emits canonical form.
887
- action: request.method.toUpperCase(),
966
+ action: pdlssPair.action,
888
967
  resource: pathname,
889
968
  counterpartyUrl,
890
969
  counterpartyType: config.counterpartyType || "website",