@astrasyncai/verification-gateway 2.5.1 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (93) hide show
  1. package/dist/adapter-interface/interface.d.mts +2 -2
  2. package/dist/adapter-interface/interface.d.ts +2 -2
  3. package/dist/adapters/express.d.mts +2 -2
  4. package/dist/adapters/express.d.ts +2 -2
  5. package/dist/adapters/express.js +123 -33
  6. package/dist/adapters/express.js.map +1 -1
  7. package/dist/adapters/express.mjs +123 -33
  8. package/dist/adapters/express.mjs.map +1 -1
  9. package/dist/adapters/mcp.d.mts +20 -7
  10. package/dist/adapters/mcp.d.ts +20 -7
  11. package/dist/adapters/mcp.js +6 -3
  12. package/dist/adapters/mcp.js.map +1 -1
  13. package/dist/adapters/mcp.mjs +6 -3
  14. package/dist/adapters/mcp.mjs.map +1 -1
  15. package/dist/adapters/nextjs.d.mts +2 -2
  16. package/dist/adapters/nextjs.d.ts +2 -2
  17. package/dist/adapters/nextjs.js +107 -28
  18. package/dist/adapters/nextjs.js.map +1 -1
  19. package/dist/adapters/nextjs.mjs +107 -28
  20. package/dist/adapters/nextjs.mjs.map +1 -1
  21. package/dist/adapters/sdk.d.mts +2 -2
  22. package/dist/adapters/sdk.d.ts +2 -2
  23. package/dist/adapters/sdk.js +1 -1
  24. package/dist/adapters/sdk.js.map +1 -1
  25. package/dist/adapters/sdk.mjs +1 -1
  26. package/dist/adapters/sdk.mjs.map +1 -1
  27. package/dist/agent/index.d.mts +2 -2
  28. package/dist/agent/index.d.ts +2 -2
  29. package/dist/agent/index.js +3 -0
  30. package/dist/agent/index.js.map +1 -1
  31. package/dist/agent/index.mjs +3 -0
  32. package/dist/agent/index.mjs.map +1 -1
  33. package/dist/browser/background.js +1 -1
  34. package/dist/browser/background.js.map +1 -1
  35. package/dist/browser/background.mjs +1 -1
  36. package/dist/browser/background.mjs.map +1 -1
  37. package/dist/browser/browser-adapter.d.mts +2 -2
  38. package/dist/browser/browser-adapter.d.ts +2 -2
  39. package/dist/cli/index.d.mts +2 -2
  40. package/dist/cli/index.d.ts +2 -2
  41. package/dist/cursor/cursor-adapter.d.mts +2 -2
  42. package/dist/cursor/cursor-adapter.d.ts +2 -2
  43. package/dist/cursor/extension.d.mts +2 -2
  44. package/dist/cursor/extension.d.ts +2 -2
  45. package/dist/cursor/extension.js +1 -1
  46. package/dist/cursor/extension.js.map +1 -1
  47. package/dist/cursor/extension.mjs +1 -1
  48. package/dist/cursor/extension.mjs.map +1 -1
  49. package/dist/{express-ienhAXps.d.mts → express-DFVBlXr_.d.mts} +1 -1
  50. package/dist/{express-CrfwoNAR.d.ts → express-DavQ76oF.d.ts} +1 -1
  51. package/dist/gateway/gateway.d.mts +2 -2
  52. package/dist/gateway/gateway.d.ts +2 -2
  53. package/dist/gateway/gateway.js +1 -1
  54. package/dist/gateway/gateway.js.map +1 -1
  55. package/dist/gateway/gateway.mjs +1 -1
  56. package/dist/gateway/gateway.mjs.map +1 -1
  57. package/dist/git-trigger/git-hooks.d.mts +2 -2
  58. package/dist/git-trigger/git-hooks.d.ts +2 -2
  59. package/dist/{index-B5e2IDWU.d.mts → index-BVxantdv.d.mts} +1 -1
  60. package/dist/{index-DC5f8eoQ.d.ts → index-BhEgEiJL.d.ts} +1 -1
  61. package/dist/{index-CEg_WG6y.d.mts → index-BhL2R65s.d.mts} +1 -1
  62. package/dist/{index-CCdZxvAr.d.ts → index-Dk2nIA4w.d.ts} +1 -1
  63. package/dist/index.d.mts +7 -7
  64. package/dist/index.d.ts +7 -7
  65. package/dist/index.js +164 -72
  66. package/dist/index.js.map +1 -1
  67. package/dist/index.mjs +164 -72
  68. package/dist/index.mjs.map +1 -1
  69. package/dist/local-evaluator/evaluator.d.mts +2 -2
  70. package/dist/local-evaluator/evaluator.d.ts +2 -2
  71. package/dist/{nextjs-66R1KW8e.d.ts → nextjs-BXLH1hJj.d.ts} +1 -1
  72. package/dist/{nextjs-DSpisQst.d.mts → nextjs-D-maqrNz.d.mts} +1 -1
  73. package/dist/registration/index.d.mts +4 -3
  74. package/dist/registration/index.d.ts +4 -3
  75. package/dist/registration/index.js +4 -1
  76. package/dist/registration/index.js.map +1 -1
  77. package/dist/registration/index.mjs +4 -1
  78. package/dist/registration/index.mjs.map +1 -1
  79. package/dist/{sdk-5U_CBRpr.d.mts → sdk-767LaEP8.d.mts} +1 -1
  80. package/dist/{sdk-Bm8np66n.d.ts → sdk-K8IgssHI.d.ts} +1 -1
  81. package/dist/transport/index.d.mts +2 -2
  82. package/dist/transport/index.d.ts +2 -2
  83. package/dist/transport/index.js +10 -0
  84. package/dist/transport/index.js.map +1 -1
  85. package/dist/transport/index.mjs +10 -0
  86. package/dist/transport/index.mjs.map +1 -1
  87. package/dist/{types-B3USs-Kx.d.mts → types-Cuh7ELfr.d.mts} +25 -0
  88. package/dist/{types-B3USs-Kx.d.ts → types-Cuh7ELfr.d.ts} +25 -0
  89. package/dist/{types-CgDCUfo8.d.mts → types-CyFwZ_Yu.d.mts} +1 -1
  90. package/dist/{types-R5N4ET6x.d.ts → types-WIRp_BP_.d.ts} +1 -1
  91. package/dist/ui/index.d.mts +1 -1
  92. package/dist/ui/index.d.ts +1 -1
  93. package/package.json +1 -1
@@ -18,7 +18,7 @@ function hasMinimumAccess(actual, required) {
18
18
  }
19
19
 
20
20
  // src/version.ts
21
- var SDK_VERSION = "2.4.13";
21
+ var SDK_VERSION = "3.1.0";
22
22
 
23
23
  // src/well-known.ts
24
24
  var CACHE_TTL_MS = 60 * 60 * 1e3;
@@ -576,6 +576,13 @@ function extractHttpCredentials(headers) {
576
576
  purpose: { category, action }
577
577
  };
578
578
  }
579
+ const astraAction = getValue(`${HEADER_PREFIX}Action`) ?? getValue("x-astra-action");
580
+ if (astraAction) {
581
+ credentials.pdlss = {
582
+ ...credentials.pdlss,
583
+ purpose: { category: credentials.pdlss?.purpose?.category ?? "", action: astraAction }
584
+ };
585
+ }
579
586
  const duration = getValue(`${HEADER_PREFIX}Duration`) ?? getValue("x-astra-duration");
580
587
  if (duration) {
581
588
  credentials.pdlss = {
@@ -593,6 +600,85 @@ function extractHttpCredentials(headers) {
593
600
  return credentials;
594
601
  }
595
602
 
603
+ // src/adapters/http-pdlss.ts
604
+ var HTTP_METHOD_ACTION_TABLE = {
605
+ GET: "data.read",
606
+ HEAD: "data.read",
607
+ OPTIONS: "data.read",
608
+ POST: "data.write",
609
+ PUT: "data.write",
610
+ PATCH: "data.write",
611
+ DELETE: "data.delete"
612
+ };
613
+ var DEFAULT_HTTP_ACTION = "data.write";
614
+ var DEFAULT_HTTP_PURPOSE = "data";
615
+ function actionForHttpMethod(method) {
616
+ return HTTP_METHOD_ACTION_TABLE[method.toUpperCase()] ?? DEFAULT_HTTP_ACTION;
617
+ }
618
+ function normalizePurposeHeader(value) {
619
+ const colon = value.indexOf(":");
620
+ if (colon >= 0) {
621
+ return { purpose: value.slice(0, colon) };
622
+ }
623
+ const dot = value.indexOf(".");
624
+ if (dot > 0 && dot < value.length - 1) {
625
+ return { purpose: value.slice(0, dot), actionCandidate: value };
626
+ }
627
+ return { purpose: value };
628
+ }
629
+ function resolveHttpPdlss(input) {
630
+ const fromHeader = input.astraPurpose ? normalizePurposeHeader(input.astraPurpose) : void 0;
631
+ let action;
632
+ let actionSource;
633
+ if (input.routeAction) {
634
+ action = input.routeAction;
635
+ actionSource = "route_config";
636
+ } else if (input.hasCustomActionExtractor && input.customAction) {
637
+ action = input.customAction;
638
+ actionSource = "custom_extractor";
639
+ } else if (!input.hasCustomActionExtractor && input.astraAction) {
640
+ action = input.astraAction;
641
+ actionSource = "header";
642
+ } else if (!input.hasCustomActionExtractor && fromHeader?.actionCandidate) {
643
+ action = fromHeader.actionCandidate;
644
+ actionSource = "purpose_header_derived";
645
+ } else {
646
+ action = actionForHttpMethod(input.method);
647
+ actionSource = "method_table";
648
+ }
649
+ let purpose;
650
+ let purposeSource;
651
+ if (input.routePurpose) {
652
+ purpose = input.routePurpose;
653
+ purposeSource = "route_config";
654
+ } else if (input.hasCustomPurposeExtractor) {
655
+ if (input.customPurpose) {
656
+ purpose = input.customPurpose;
657
+ purposeSource = "custom_extractor";
658
+ }
659
+ } else if (fromHeader) {
660
+ purpose = fromHeader.purpose;
661
+ purposeSource = "header";
662
+ } else if (input.legacyPurpose) {
663
+ purpose = input.legacyPurpose;
664
+ purposeSource = "legacy_header";
665
+ } else if (input.queryPurpose) {
666
+ purpose = input.queryPurpose;
667
+ purposeSource = "query";
668
+ }
669
+ if (!purpose) {
670
+ const dot = action.indexOf(".");
671
+ if (dot > 0) {
672
+ purpose = action.slice(0, dot);
673
+ purposeSource = "action_derived";
674
+ } else {
675
+ purpose = DEFAULT_HTTP_PURPOSE;
676
+ purposeSource = "transport_default";
677
+ }
678
+ }
679
+ return { purpose, action, purposeSource, actionSource };
680
+ }
681
+
596
682
  // src/pdlss-pre-check.ts
597
683
  function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
598
684
  const failures = [];
@@ -651,33 +737,25 @@ function defaultExtractCredentials(req) {
651
737
  function extractAstraSyncCredentials(req) {
652
738
  return extractHttpCredentials(req.headers);
653
739
  }
654
- function defaultExtractPurpose(req) {
655
- const astraPurpose = req.headers["x-astra-purpose"];
656
- if (astraPurpose) {
657
- const value = Array.isArray(astraPurpose) ? astraPurpose[0] : astraPurpose;
658
- const category = value.split(":")[0];
659
- return category;
660
- }
661
- const purposeHeader = req.headers["x-purpose"] || req.headers["X-Purpose"];
662
- if (purposeHeader) {
663
- return Array.isArray(purposeHeader) ? purposeHeader[0] : purposeHeader;
664
- }
665
- if (req.query.purpose && typeof req.query.purpose === "string") {
666
- return req.query.purpose;
667
- }
668
- switch (req.method) {
669
- case "GET":
670
- return "read_data";
671
- case "POST":
672
- return "write_data";
673
- case "PUT":
674
- case "PATCH":
675
- return "write_data";
676
- case "DELETE":
677
- return "delete_data";
678
- default:
679
- return "general";
680
- }
740
+ function headerValue(value) {
741
+ if (typeof value === "string") return value;
742
+ if (Array.isArray(value)) return value[0];
743
+ return void 0;
744
+ }
745
+ function resolveRequestPdlss(req, routeConfig, customExtractPurpose, customExtractAction) {
746
+ return resolveHttpPdlss({
747
+ method: req.method,
748
+ astraPurpose: headerValue(req.headers["x-astra-purpose"]),
749
+ astraAction: headerValue(req.headers["x-astra-action"]),
750
+ legacyPurpose: headerValue(req.headers["x-purpose"] ?? req.headers["X-Purpose"]),
751
+ queryPurpose: typeof req.query.purpose === "string" ? req.query.purpose : void 0,
752
+ routePurpose: routeConfig?.purpose,
753
+ routeAction: routeConfig?.action,
754
+ hasCustomPurposeExtractor: !!customExtractPurpose,
755
+ customPurpose: customExtractPurpose?.(req),
756
+ hasCustomActionExtractor: !!customExtractAction,
757
+ customAction: customExtractAction?.(req)
758
+ });
681
759
  }
682
760
  function matchRoute(pattern, path, opts) {
683
761
  const regexPattern = pattern.replace(/\*/g, ".*").replace(/\//g, "\\/");
@@ -737,6 +815,7 @@ function createMiddleware(options) {
737
815
  const {
738
816
  extractCredentials: customExtractCredentials,
739
817
  extractPurpose: customExtractPurpose,
818
+ extractAction: customExtractAction,
740
819
  skipPaths = [],
741
820
  onDenied = defaultOnDenied,
742
821
  recordDecisions,
@@ -822,7 +901,21 @@ function createMiddleware(options) {
822
901
  }
823
902
  return next();
824
903
  }
825
- const purpose = customExtractPurpose ? customExtractPurpose(req) : defaultExtractPurpose(req);
904
+ const pdlssPair = resolveRequestPdlss(
905
+ req,
906
+ routeConfig,
907
+ customExtractPurpose,
908
+ customExtractAction
909
+ );
910
+ const purpose = pdlssPair.purpose;
911
+ if (config.debug) {
912
+ console.debug("[express-middleware] pdlss resolved", {
913
+ purpose_source: pdlssPair.purposeSource,
914
+ resolved_purpose: pdlssPair.purpose,
915
+ action_source: pdlssPair.actionSource,
916
+ resolved_action: pdlssPair.action
917
+ });
918
+ }
826
919
  const astraCreds = extractAstraSyncCredentials(req);
827
920
  const counterpartyUrl = config.counterpartyUrl || `${req.protocol}://${req.get("host")}`;
828
921
  const preCheckFailures = performCounterpartyPreCheck(routeConfig, astraCreds, purpose);
@@ -866,10 +959,7 @@ function createMiddleware(options) {
866
959
  const result = await verify(config, {
867
960
  credentials,
868
961
  purpose,
869
- // RFC 7230 § 3.1.1 — HTTP method tokens uppercase by IANA convention.
870
- // Backend evaluator tolerates either case as defense-in-depth
871
- // (round-18.6 batch 2); SDK emits canonical form.
872
- action: req.method.toUpperCase(),
962
+ action: pdlssPair.action,
873
963
  resource: req.path,
874
964
  createSession: shouldRecordDecisions,
875
965
  counterpartyUrl,