@astrasyncai/verification-gateway 2.5.1 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (93) hide show
  1. package/dist/adapter-interface/interface.d.mts +2 -2
  2. package/dist/adapter-interface/interface.d.ts +2 -2
  3. package/dist/adapters/express.d.mts +2 -2
  4. package/dist/adapters/express.d.ts +2 -2
  5. package/dist/adapters/express.js +123 -33
  6. package/dist/adapters/express.js.map +1 -1
  7. package/dist/adapters/express.mjs +123 -33
  8. package/dist/adapters/express.mjs.map +1 -1
  9. package/dist/adapters/mcp.d.mts +20 -7
  10. package/dist/adapters/mcp.d.ts +20 -7
  11. package/dist/adapters/mcp.js +6 -3
  12. package/dist/adapters/mcp.js.map +1 -1
  13. package/dist/adapters/mcp.mjs +6 -3
  14. package/dist/adapters/mcp.mjs.map +1 -1
  15. package/dist/adapters/nextjs.d.mts +2 -2
  16. package/dist/adapters/nextjs.d.ts +2 -2
  17. package/dist/adapters/nextjs.js +107 -28
  18. package/dist/adapters/nextjs.js.map +1 -1
  19. package/dist/adapters/nextjs.mjs +107 -28
  20. package/dist/adapters/nextjs.mjs.map +1 -1
  21. package/dist/adapters/sdk.d.mts +2 -2
  22. package/dist/adapters/sdk.d.ts +2 -2
  23. package/dist/adapters/sdk.js +1 -1
  24. package/dist/adapters/sdk.js.map +1 -1
  25. package/dist/adapters/sdk.mjs +1 -1
  26. package/dist/adapters/sdk.mjs.map +1 -1
  27. package/dist/agent/index.d.mts +2 -2
  28. package/dist/agent/index.d.ts +2 -2
  29. package/dist/agent/index.js +3 -0
  30. package/dist/agent/index.js.map +1 -1
  31. package/dist/agent/index.mjs +3 -0
  32. package/dist/agent/index.mjs.map +1 -1
  33. package/dist/browser/background.js +1 -1
  34. package/dist/browser/background.js.map +1 -1
  35. package/dist/browser/background.mjs +1 -1
  36. package/dist/browser/background.mjs.map +1 -1
  37. package/dist/browser/browser-adapter.d.mts +2 -2
  38. package/dist/browser/browser-adapter.d.ts +2 -2
  39. package/dist/cli/index.d.mts +2 -2
  40. package/dist/cli/index.d.ts +2 -2
  41. package/dist/cursor/cursor-adapter.d.mts +2 -2
  42. package/dist/cursor/cursor-adapter.d.ts +2 -2
  43. package/dist/cursor/extension.d.mts +2 -2
  44. package/dist/cursor/extension.d.ts +2 -2
  45. package/dist/cursor/extension.js +1 -1
  46. package/dist/cursor/extension.js.map +1 -1
  47. package/dist/cursor/extension.mjs +1 -1
  48. package/dist/cursor/extension.mjs.map +1 -1
  49. package/dist/{express-ienhAXps.d.mts → express-DFVBlXr_.d.mts} +1 -1
  50. package/dist/{express-CrfwoNAR.d.ts → express-DavQ76oF.d.ts} +1 -1
  51. package/dist/gateway/gateway.d.mts +2 -2
  52. package/dist/gateway/gateway.d.ts +2 -2
  53. package/dist/gateway/gateway.js +1 -1
  54. package/dist/gateway/gateway.js.map +1 -1
  55. package/dist/gateway/gateway.mjs +1 -1
  56. package/dist/gateway/gateway.mjs.map +1 -1
  57. package/dist/git-trigger/git-hooks.d.mts +2 -2
  58. package/dist/git-trigger/git-hooks.d.ts +2 -2
  59. package/dist/{index-B5e2IDWU.d.mts → index-BVxantdv.d.mts} +1 -1
  60. package/dist/{index-DC5f8eoQ.d.ts → index-BhEgEiJL.d.ts} +1 -1
  61. package/dist/{index-CEg_WG6y.d.mts → index-BhL2R65s.d.mts} +1 -1
  62. package/dist/{index-CCdZxvAr.d.ts → index-Dk2nIA4w.d.ts} +1 -1
  63. package/dist/index.d.mts +7 -7
  64. package/dist/index.d.ts +7 -7
  65. package/dist/index.js +164 -72
  66. package/dist/index.js.map +1 -1
  67. package/dist/index.mjs +164 -72
  68. package/dist/index.mjs.map +1 -1
  69. package/dist/local-evaluator/evaluator.d.mts +2 -2
  70. package/dist/local-evaluator/evaluator.d.ts +2 -2
  71. package/dist/{nextjs-66R1KW8e.d.ts → nextjs-BXLH1hJj.d.ts} +1 -1
  72. package/dist/{nextjs-DSpisQst.d.mts → nextjs-D-maqrNz.d.mts} +1 -1
  73. package/dist/registration/index.d.mts +4 -3
  74. package/dist/registration/index.d.ts +4 -3
  75. package/dist/registration/index.js +4 -1
  76. package/dist/registration/index.js.map +1 -1
  77. package/dist/registration/index.mjs +4 -1
  78. package/dist/registration/index.mjs.map +1 -1
  79. package/dist/{sdk-5U_CBRpr.d.mts → sdk-767LaEP8.d.mts} +1 -1
  80. package/dist/{sdk-Bm8np66n.d.ts → sdk-K8IgssHI.d.ts} +1 -1
  81. package/dist/transport/index.d.mts +2 -2
  82. package/dist/transport/index.d.ts +2 -2
  83. package/dist/transport/index.js +10 -0
  84. package/dist/transport/index.js.map +1 -1
  85. package/dist/transport/index.mjs +10 -0
  86. package/dist/transport/index.mjs.map +1 -1
  87. package/dist/{types-B3USs-Kx.d.mts → types-Cuh7ELfr.d.mts} +25 -0
  88. package/dist/{types-B3USs-Kx.d.ts → types-Cuh7ELfr.d.ts} +25 -0
  89. package/dist/{types-CgDCUfo8.d.mts → types-CyFwZ_Yu.d.mts} +1 -1
  90. package/dist/{types-R5N4ET6x.d.ts → types-WIRp_BP_.d.ts} +1 -1
  91. package/dist/ui/index.d.mts +1 -1
  92. package/dist/ui/index.d.ts +1 -1
  93. package/package.json +1 -1
@@ -1,3 +1,3 @@
1
1
  import 'next/server';
2
- import '../types-B3USs-Kx.mjs';
3
- export { c as createMatcherConfig, a as createMiddleware } from '../nextjs-DSpisQst.mjs';
2
+ import '../types-Cuh7ELfr.mjs';
3
+ export { c as createMatcherConfig, a as createMiddleware } from '../nextjs-D-maqrNz.mjs';
@@ -1,3 +1,3 @@
1
1
  import 'next/server';
2
- import '../types-B3USs-Kx.js';
3
- export { c as createMatcherConfig, a as createMiddleware } from '../nextjs-66R1KW8e.js';
2
+ import '../types-Cuh7ELfr.js';
3
+ export { c as createMatcherConfig, a as createMiddleware } from '../nextjs-BXLH1hJj.js';
@@ -55,7 +55,7 @@ function hasMinimumAccess(actual, required) {
55
55
  }
56
56
 
57
57
  // src/version.ts
58
- var SDK_VERSION = "2.4.13";
58
+ var SDK_VERSION = "3.1.0";
59
59
 
60
60
  // src/well-known.ts
61
61
  var CACHE_TTL_MS = 60 * 60 * 1e3;
@@ -505,6 +505,13 @@ function extractHttpCredentials(headers) {
505
505
  purpose: { category, action }
506
506
  };
507
507
  }
508
+ const astraAction = getValue(`${HEADER_PREFIX}Action`) ?? getValue("x-astra-action");
509
+ if (astraAction) {
510
+ credentials.pdlss = {
511
+ ...credentials.pdlss,
512
+ purpose: { category: credentials.pdlss?.purpose?.category ?? "", action: astraAction }
513
+ };
514
+ }
508
515
  const duration = getValue(`${HEADER_PREFIX}Duration`) ?? getValue("x-astra-duration");
509
516
  if (duration) {
510
517
  credentials.pdlss = {
@@ -570,6 +577,85 @@ function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
570
577
  return failures;
571
578
  }
572
579
 
580
+ // src/adapters/http-pdlss.ts
581
+ var HTTP_METHOD_ACTION_TABLE = {
582
+ GET: "data.read",
583
+ HEAD: "data.read",
584
+ OPTIONS: "data.read",
585
+ POST: "data.write",
586
+ PUT: "data.write",
587
+ PATCH: "data.write",
588
+ DELETE: "data.delete"
589
+ };
590
+ var DEFAULT_HTTP_ACTION = "data.write";
591
+ var DEFAULT_HTTP_PURPOSE = "data";
592
+ function actionForHttpMethod(method) {
593
+ return HTTP_METHOD_ACTION_TABLE[method.toUpperCase()] ?? DEFAULT_HTTP_ACTION;
594
+ }
595
+ function normalizePurposeHeader(value) {
596
+ const colon = value.indexOf(":");
597
+ if (colon >= 0) {
598
+ return { purpose: value.slice(0, colon) };
599
+ }
600
+ const dot = value.indexOf(".");
601
+ if (dot > 0 && dot < value.length - 1) {
602
+ return { purpose: value.slice(0, dot), actionCandidate: value };
603
+ }
604
+ return { purpose: value };
605
+ }
606
+ function resolveHttpPdlss(input) {
607
+ const fromHeader = input.astraPurpose ? normalizePurposeHeader(input.astraPurpose) : void 0;
608
+ let action;
609
+ let actionSource;
610
+ if (input.routeAction) {
611
+ action = input.routeAction;
612
+ actionSource = "route_config";
613
+ } else if (input.hasCustomActionExtractor && input.customAction) {
614
+ action = input.customAction;
615
+ actionSource = "custom_extractor";
616
+ } else if (!input.hasCustomActionExtractor && input.astraAction) {
617
+ action = input.astraAction;
618
+ actionSource = "header";
619
+ } else if (!input.hasCustomActionExtractor && fromHeader?.actionCandidate) {
620
+ action = fromHeader.actionCandidate;
621
+ actionSource = "purpose_header_derived";
622
+ } else {
623
+ action = actionForHttpMethod(input.method);
624
+ actionSource = "method_table";
625
+ }
626
+ let purpose;
627
+ let purposeSource;
628
+ if (input.routePurpose) {
629
+ purpose = input.routePurpose;
630
+ purposeSource = "route_config";
631
+ } else if (input.hasCustomPurposeExtractor) {
632
+ if (input.customPurpose) {
633
+ purpose = input.customPurpose;
634
+ purposeSource = "custom_extractor";
635
+ }
636
+ } else if (fromHeader) {
637
+ purpose = fromHeader.purpose;
638
+ purposeSource = "header";
639
+ } else if (input.legacyPurpose) {
640
+ purpose = input.legacyPurpose;
641
+ purposeSource = "legacy_header";
642
+ } else if (input.queryPurpose) {
643
+ purpose = input.queryPurpose;
644
+ purposeSource = "query";
645
+ }
646
+ if (!purpose) {
647
+ const dot = action.indexOf(".");
648
+ if (dot > 0) {
649
+ purpose = action.slice(0, dot);
650
+ purposeSource = "action_derived";
651
+ } else {
652
+ purpose = DEFAULT_HTTP_PURPOSE;
653
+ purposeSource = "transport_default";
654
+ }
655
+ }
656
+ return { purpose, action, purposeSource, actionSource };
657
+ }
658
+
573
659
  // src/adapters/nextjs.ts
574
660
  function escapeHtml(value) {
575
661
  return value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
@@ -630,28 +716,15 @@ function extractAstraSyncCredentialsFromNextRequest(request) {
630
716
  });
631
717
  return extractHttpCredentials(headers);
632
718
  }
633
- function extractPurpose(request) {
634
- const astraPurpose = request.headers.get("x-astra-purpose");
635
- if (astraPurpose) {
636
- return astraPurpose.split(":")[0];
637
- }
638
- const purposeHeader = request.headers.get("x-purpose");
639
- if (purposeHeader) {
640
- return purposeHeader;
641
- }
642
- switch (request.method.toUpperCase()) {
643
- case "GET":
644
- return "read_data";
645
- case "POST":
646
- return "write_data";
647
- case "PUT":
648
- case "PATCH":
649
- return "write_data";
650
- case "DELETE":
651
- return "delete_data";
652
- default:
653
- return "general";
654
- }
719
+ function resolveNextPdlss(request, routeConfig) {
720
+ return resolveHttpPdlss({
721
+ method: request.method,
722
+ astraPurpose: request.headers.get("x-astra-purpose") ?? void 0,
723
+ astraAction: request.headers.get("x-astra-action") ?? void 0,
724
+ legacyPurpose: request.headers.get("x-purpose") ?? void 0,
725
+ routePurpose: routeConfig?.purpose,
726
+ routeAction: routeConfig?.action
727
+ });
655
728
  }
656
729
  function generateCommerceShieldHtml(result, options) {
657
730
  const title = escapeHtml(options.commerceShield?.title || "AstraSync Agent Verification");
@@ -864,7 +937,16 @@ function createMiddleware(options) {
864
937
  }
865
938
  const credentials = extractCredentialsFromNextRequest(request);
866
939
  const counterpartyUrl = config.counterpartyUrl || request.nextUrl.origin;
867
- const purpose = extractPurpose(request);
940
+ const pdlssPair = resolveNextPdlss(request, routeConfig);
941
+ const purpose = pdlssPair.purpose;
942
+ if (config.debug) {
943
+ console.debug("[nextjs-middleware] pdlss resolved", {
944
+ purpose_source: pdlssPair.purposeSource,
945
+ resolved_purpose: pdlssPair.purpose,
946
+ action_source: pdlssPair.actionSource,
947
+ resolved_action: pdlssPair.action
948
+ });
949
+ }
868
950
  const astraCreds = extractAstraSyncCredentialsFromNextRequest(request);
869
951
  const preCheckFailures = performCounterpartyPreCheck(routeConfig, astraCreds, purpose);
870
952
  if (preCheckFailures.length > 0) {
@@ -918,10 +1000,7 @@ function createMiddleware(options) {
918
1000
  const result = await verify(config, {
919
1001
  credentials,
920
1002
  purpose,
921
- // RFC 7230 § 3.1.1 — HTTP method tokens uppercase by IANA convention.
922
- // Backend evaluator tolerates either case as defense-in-depth
923
- // (round-18.6 batch 2); SDK emits canonical form.
924
- action: request.method.toUpperCase(),
1003
+ action: pdlssPair.action,
925
1004
  resource: pathname,
926
1005
  counterpartyUrl,
927
1006
  counterpartyType: config.counterpartyType || "website",