@astrasyncai/verification-gateway 2.5.1 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter-interface/interface.d.mts +2 -2
- package/dist/adapter-interface/interface.d.ts +2 -2
- package/dist/adapters/express.d.mts +2 -2
- package/dist/adapters/express.d.ts +2 -2
- package/dist/adapters/express.js +123 -33
- package/dist/adapters/express.js.map +1 -1
- package/dist/adapters/express.mjs +123 -33
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/mcp.d.mts +20 -7
- package/dist/adapters/mcp.d.ts +20 -7
- package/dist/adapters/mcp.js +6 -3
- package/dist/adapters/mcp.js.map +1 -1
- package/dist/adapters/mcp.mjs +6 -3
- package/dist/adapters/mcp.mjs.map +1 -1
- package/dist/adapters/nextjs.d.mts +2 -2
- package/dist/adapters/nextjs.d.ts +2 -2
- package/dist/adapters/nextjs.js +107 -28
- package/dist/adapters/nextjs.js.map +1 -1
- package/dist/adapters/nextjs.mjs +107 -28
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/adapters/sdk.d.mts +2 -2
- package/dist/adapters/sdk.d.ts +2 -2
- package/dist/adapters/sdk.js +1 -1
- package/dist/adapters/sdk.js.map +1 -1
- package/dist/adapters/sdk.mjs +1 -1
- package/dist/adapters/sdk.mjs.map +1 -1
- package/dist/agent/index.d.mts +2 -2
- package/dist/agent/index.d.ts +2 -2
- package/dist/agent/index.js +3 -0
- package/dist/agent/index.js.map +1 -1
- package/dist/agent/index.mjs +3 -0
- package/dist/agent/index.mjs.map +1 -1
- package/dist/browser/background.js +1 -1
- package/dist/browser/background.js.map +1 -1
- package/dist/browser/background.mjs +1 -1
- package/dist/browser/background.mjs.map +1 -1
- package/dist/browser/browser-adapter.d.mts +2 -2
- package/dist/browser/browser-adapter.d.ts +2 -2
- package/dist/cli/index.d.mts +2 -2
- package/dist/cli/index.d.ts +2 -2
- package/dist/cursor/cursor-adapter.d.mts +2 -2
- package/dist/cursor/cursor-adapter.d.ts +2 -2
- package/dist/cursor/extension.d.mts +2 -2
- package/dist/cursor/extension.d.ts +2 -2
- package/dist/cursor/extension.js +1 -1
- package/dist/cursor/extension.js.map +1 -1
- package/dist/cursor/extension.mjs +1 -1
- package/dist/cursor/extension.mjs.map +1 -1
- package/dist/{express-ienhAXps.d.mts → express-DFVBlXr_.d.mts} +1 -1
- package/dist/{express-CrfwoNAR.d.ts → express-DavQ76oF.d.ts} +1 -1
- package/dist/gateway/gateway.d.mts +2 -2
- package/dist/gateway/gateway.d.ts +2 -2
- package/dist/gateway/gateway.js +1 -1
- package/dist/gateway/gateway.js.map +1 -1
- package/dist/gateway/gateway.mjs +1 -1
- package/dist/gateway/gateway.mjs.map +1 -1
- package/dist/git-trigger/git-hooks.d.mts +2 -2
- package/dist/git-trigger/git-hooks.d.ts +2 -2
- package/dist/{index-B5e2IDWU.d.mts → index-BVxantdv.d.mts} +1 -1
- package/dist/{index-DC5f8eoQ.d.ts → index-BhEgEiJL.d.ts} +1 -1
- package/dist/{index-CEg_WG6y.d.mts → index-BhL2R65s.d.mts} +1 -1
- package/dist/{index-CCdZxvAr.d.ts → index-Dk2nIA4w.d.ts} +1 -1
- package/dist/index.d.mts +7 -7
- package/dist/index.d.ts +7 -7
- package/dist/index.js +164 -72
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +164 -72
- package/dist/index.mjs.map +1 -1
- package/dist/local-evaluator/evaluator.d.mts +2 -2
- package/dist/local-evaluator/evaluator.d.ts +2 -2
- package/dist/{nextjs-66R1KW8e.d.ts → nextjs-BXLH1hJj.d.ts} +1 -1
- package/dist/{nextjs-DSpisQst.d.mts → nextjs-D-maqrNz.d.mts} +1 -1
- package/dist/registration/index.d.mts +4 -3
- package/dist/registration/index.d.ts +4 -3
- package/dist/registration/index.js +4 -1
- package/dist/registration/index.js.map +1 -1
- package/dist/registration/index.mjs +4 -1
- package/dist/registration/index.mjs.map +1 -1
- package/dist/{sdk-5U_CBRpr.d.mts → sdk-767LaEP8.d.mts} +1 -1
- package/dist/{sdk-Bm8np66n.d.ts → sdk-K8IgssHI.d.ts} +1 -1
- package/dist/transport/index.d.mts +2 -2
- package/dist/transport/index.d.ts +2 -2
- package/dist/transport/index.js +10 -0
- package/dist/transport/index.js.map +1 -1
- package/dist/transport/index.mjs +10 -0
- package/dist/transport/index.mjs.map +1 -1
- package/dist/{types-B3USs-Kx.d.mts → types-Cuh7ELfr.d.mts} +25 -0
- package/dist/{types-B3USs-Kx.d.ts → types-Cuh7ELfr.d.ts} +25 -0
- package/dist/{types-CgDCUfo8.d.mts → types-CyFwZ_Yu.d.mts} +1 -1
- package/dist/{types-R5N4ET6x.d.ts → types-WIRp_BP_.d.ts} +1 -1
- package/dist/ui/index.d.mts +1 -1
- package/dist/ui/index.d.ts +1 -1
- package/package.json +1 -1
package/dist/adapters/mcp.d.mts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { Request, Response, RequestHandler } from 'express';
|
|
2
|
-
import { A as AccessLevel, G as GatewayConfig, i as VerificationResult } from '../types-
|
|
2
|
+
import { A as AccessLevel, G as GatewayConfig, i as VerificationResult } from '../types-Cuh7ELfr.mjs';
|
|
3
3
|
|
|
4
4
|
/**
|
|
5
5
|
* MCP server-side helpers — companion to `transport/mcp.ts` (which handles the
|
|
@@ -137,7 +137,7 @@ interface McpPdlssMapping {
|
|
|
137
137
|
action: string;
|
|
138
138
|
resource: string;
|
|
139
139
|
purposeSource: 'header' | 'meta' | 'tool_argument' | 'tool_gate' | undefined;
|
|
140
|
-
actionSource: 'header' | 'meta' | 'tool_argument' | 'transport_layer';
|
|
140
|
+
actionSource: 'header' | 'meta' | 'tool_argument' | 'tool_gate' | 'transport_layer';
|
|
141
141
|
}
|
|
142
142
|
/**
|
|
143
143
|
* v2.5.0 — PDLSS field derivation for MCP requests.
|
|
@@ -149,14 +149,18 @@ interface McpPdlssMapping {
|
|
|
149
149
|
* Resource precedence:
|
|
150
150
|
* - `toolGate.resource` if provided, else `requestPath`.
|
|
151
151
|
*
|
|
152
|
-
* Action precedence (
|
|
153
|
-
*
|
|
152
|
+
* Action precedence (3.1.0, Bug 14 §4.6 — toolGate override added for
|
|
153
|
+
* symmetry with purpose):
|
|
154
|
+
* - `toolGate.action` authoritative → header → body `_meta` → body
|
|
155
|
+
* `arguments` → bare tool name / method (transport_layer, unchanged —
|
|
156
|
+
* bare tool names are legitimate enumerated actions, never aliased).
|
|
154
157
|
*
|
|
155
158
|
* @param requestPath The HTTP request path (e.g. '/mcp'). Required.
|
|
156
159
|
* @param toolGate Resolved per-tool config from `toolGates`, if present.
|
|
157
160
|
*/
|
|
158
161
|
declare function mcpToPdlss(parsed: ParsedMcpRequest, requestPath: string, headerPurpose?: string, headerAction?: string, toolGate?: {
|
|
159
162
|
purpose?: string;
|
|
163
|
+
action?: string;
|
|
160
164
|
resource?: string;
|
|
161
165
|
}): McpPdlssMapping;
|
|
162
166
|
/**
|
|
@@ -234,18 +238,25 @@ declare global {
|
|
|
234
238
|
}
|
|
235
239
|
}
|
|
236
240
|
/**
|
|
237
|
-
* Extended per-tool gate with optional PDLSS purpose + resource
|
|
241
|
+
* Extended per-tool gate with optional PDLSS purpose + action + resource
|
|
242
|
+
* overrides.
|
|
238
243
|
*
|
|
239
244
|
* When `purpose` is set, it is authoritative for that tool — the agent's
|
|
240
245
|
* `X-Astra-Purpose` header is ignored. This lets the merchant declare what
|
|
241
246
|
* semantic purpose each tool fulfils rather than trusting agent self-declaration.
|
|
242
247
|
*
|
|
248
|
+
* When `action` is set (Bug 14, §4.6 — symmetric with `purpose`), it is
|
|
249
|
+
* authoritative over `X-Astra-Action` / body declarations, letting the
|
|
250
|
+
* merchant pin a dotted-verb action (e.g. `shopping.search`) for a tool
|
|
251
|
+
* whose callers would otherwise fall to the bare tool-name transport default.
|
|
252
|
+
*
|
|
243
253
|
* When `resource` is set, it overrides the default (`req.path`) for that
|
|
244
254
|
* tool's verify-access call — e.g. mapping `list_products` to `/api/catalog`.
|
|
245
255
|
*/
|
|
246
256
|
interface ToolGateConfig {
|
|
247
257
|
minAccessLevel: AccessLevel;
|
|
248
258
|
purpose?: string;
|
|
259
|
+
action?: string;
|
|
249
260
|
resource?: string;
|
|
250
261
|
}
|
|
251
262
|
interface McpMiddlewareOptions extends GatewayConfig {
|
|
@@ -258,10 +269,12 @@ interface McpMiddlewareOptions extends GatewayConfig {
|
|
|
258
269
|
* toolGates: {
|
|
259
270
|
* browse_catalog: 'read-only', // shorthand
|
|
260
271
|
* list_products: { minAccessLevel: 'none', // full shape
|
|
261
|
-
* purpose: 'shopping
|
|
272
|
+
* purpose: 'shopping',
|
|
273
|
+
* action: 'shopping.search',
|
|
262
274
|
* resource: '/api/catalog' },
|
|
263
275
|
* start_checkout: { minAccessLevel: 'standard',
|
|
264
|
-
* purpose: 'shopping
|
|
276
|
+
* purpose: 'shopping',
|
|
277
|
+
* action: 'shopping.purchase',
|
|
265
278
|
* resource: '/api/checkout/*' },
|
|
266
279
|
* }
|
|
267
280
|
* ```
|
package/dist/adapters/mcp.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { Request, Response, RequestHandler } from 'express';
|
|
2
|
-
import { A as AccessLevel, G as GatewayConfig, i as VerificationResult } from '../types-
|
|
2
|
+
import { A as AccessLevel, G as GatewayConfig, i as VerificationResult } from '../types-Cuh7ELfr.js';
|
|
3
3
|
|
|
4
4
|
/**
|
|
5
5
|
* MCP server-side helpers — companion to `transport/mcp.ts` (which handles the
|
|
@@ -137,7 +137,7 @@ interface McpPdlssMapping {
|
|
|
137
137
|
action: string;
|
|
138
138
|
resource: string;
|
|
139
139
|
purposeSource: 'header' | 'meta' | 'tool_argument' | 'tool_gate' | undefined;
|
|
140
|
-
actionSource: 'header' | 'meta' | 'tool_argument' | 'transport_layer';
|
|
140
|
+
actionSource: 'header' | 'meta' | 'tool_argument' | 'tool_gate' | 'transport_layer';
|
|
141
141
|
}
|
|
142
142
|
/**
|
|
143
143
|
* v2.5.0 — PDLSS field derivation for MCP requests.
|
|
@@ -149,14 +149,18 @@ interface McpPdlssMapping {
|
|
|
149
149
|
* Resource precedence:
|
|
150
150
|
* - `toolGate.resource` if provided, else `requestPath`.
|
|
151
151
|
*
|
|
152
|
-
* Action precedence (
|
|
153
|
-
*
|
|
152
|
+
* Action precedence (3.1.0, Bug 14 §4.6 — toolGate override added for
|
|
153
|
+
* symmetry with purpose):
|
|
154
|
+
* - `toolGate.action` authoritative → header → body `_meta` → body
|
|
155
|
+
* `arguments` → bare tool name / method (transport_layer, unchanged —
|
|
156
|
+
* bare tool names are legitimate enumerated actions, never aliased).
|
|
154
157
|
*
|
|
155
158
|
* @param requestPath The HTTP request path (e.g. '/mcp'). Required.
|
|
156
159
|
* @param toolGate Resolved per-tool config from `toolGates`, if present.
|
|
157
160
|
*/
|
|
158
161
|
declare function mcpToPdlss(parsed: ParsedMcpRequest, requestPath: string, headerPurpose?: string, headerAction?: string, toolGate?: {
|
|
159
162
|
purpose?: string;
|
|
163
|
+
action?: string;
|
|
160
164
|
resource?: string;
|
|
161
165
|
}): McpPdlssMapping;
|
|
162
166
|
/**
|
|
@@ -234,18 +238,25 @@ declare global {
|
|
|
234
238
|
}
|
|
235
239
|
}
|
|
236
240
|
/**
|
|
237
|
-
* Extended per-tool gate with optional PDLSS purpose + resource
|
|
241
|
+
* Extended per-tool gate with optional PDLSS purpose + action + resource
|
|
242
|
+
* overrides.
|
|
238
243
|
*
|
|
239
244
|
* When `purpose` is set, it is authoritative for that tool — the agent's
|
|
240
245
|
* `X-Astra-Purpose` header is ignored. This lets the merchant declare what
|
|
241
246
|
* semantic purpose each tool fulfils rather than trusting agent self-declaration.
|
|
242
247
|
*
|
|
248
|
+
* When `action` is set (Bug 14, §4.6 — symmetric with `purpose`), it is
|
|
249
|
+
* authoritative over `X-Astra-Action` / body declarations, letting the
|
|
250
|
+
* merchant pin a dotted-verb action (e.g. `shopping.search`) for a tool
|
|
251
|
+
* whose callers would otherwise fall to the bare tool-name transport default.
|
|
252
|
+
*
|
|
243
253
|
* When `resource` is set, it overrides the default (`req.path`) for that
|
|
244
254
|
* tool's verify-access call — e.g. mapping `list_products` to `/api/catalog`.
|
|
245
255
|
*/
|
|
246
256
|
interface ToolGateConfig {
|
|
247
257
|
minAccessLevel: AccessLevel;
|
|
248
258
|
purpose?: string;
|
|
259
|
+
action?: string;
|
|
249
260
|
resource?: string;
|
|
250
261
|
}
|
|
251
262
|
interface McpMiddlewareOptions extends GatewayConfig {
|
|
@@ -258,10 +269,12 @@ interface McpMiddlewareOptions extends GatewayConfig {
|
|
|
258
269
|
* toolGates: {
|
|
259
270
|
* browse_catalog: 'read-only', // shorthand
|
|
260
271
|
* list_products: { minAccessLevel: 'none', // full shape
|
|
261
|
-
* purpose: 'shopping
|
|
272
|
+
* purpose: 'shopping',
|
|
273
|
+
* action: 'shopping.search',
|
|
262
274
|
* resource: '/api/catalog' },
|
|
263
275
|
* start_checkout: { minAccessLevel: 'standard',
|
|
264
|
-
* purpose: 'shopping
|
|
276
|
+
* purpose: 'shopping',
|
|
277
|
+
* action: 'shopping.purchase',
|
|
265
278
|
* resource: '/api/checkout/*' },
|
|
266
279
|
* }
|
|
267
280
|
* ```
|
package/dist/adapters/mcp.js
CHANGED
|
@@ -51,7 +51,7 @@ function hasMinimumAccess(actual, required) {
|
|
|
51
51
|
}
|
|
52
52
|
|
|
53
53
|
// src/version.ts
|
|
54
|
-
var SDK_VERSION = "
|
|
54
|
+
var SDK_VERSION = "3.1.0";
|
|
55
55
|
|
|
56
56
|
// src/well-known.ts
|
|
57
57
|
var CACHE_TTL_MS = 60 * 60 * 1e3;
|
|
@@ -677,7 +677,10 @@ function mcpToPdlss(parsed, requestPath, headerPurpose, headerAction, toolGate)
|
|
|
677
677
|
}
|
|
678
678
|
let action;
|
|
679
679
|
let actionSource;
|
|
680
|
-
if (
|
|
680
|
+
if (toolGate?.action !== void 0) {
|
|
681
|
+
action = toolGate.action;
|
|
682
|
+
actionSource = "tool_gate";
|
|
683
|
+
} else if (headerAction) {
|
|
681
684
|
action = headerAction;
|
|
682
685
|
actionSource = "header";
|
|
683
686
|
} else if (parsed.actionFromBody && parsed.actionSourceFromBody) {
|
|
@@ -851,7 +854,7 @@ function createMcpMiddleware(options) {
|
|
|
851
854
|
req.path,
|
|
852
855
|
headerPurpose,
|
|
853
856
|
headerAction,
|
|
854
|
-
gate ? { purpose: gate.purpose, resource: gate.resource } : void 0
|
|
857
|
+
gate ? { purpose: gate.purpose, action: gate.action, resource: gate.resource } : void 0
|
|
855
858
|
);
|
|
856
859
|
if (config.debug) {
|
|
857
860
|
console.debug("[mcp-middleware] pdlss resolved", {
|