@astrasyncai/verification-gateway 3.0.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (87) hide show
  1. package/dist/adapter-interface/interface.d.mts +2 -2
  2. package/dist/adapter-interface/interface.d.ts +2 -2
  3. package/dist/adapters/express.d.mts +2 -2
  4. package/dist/adapters/express.d.ts +2 -2
  5. package/dist/adapters/express.js +123 -33
  6. package/dist/adapters/express.js.map +1 -1
  7. package/dist/adapters/express.mjs +123 -33
  8. package/dist/adapters/express.mjs.map +1 -1
  9. package/dist/adapters/mcp.d.mts +20 -7
  10. package/dist/adapters/mcp.d.ts +20 -7
  11. package/dist/adapters/mcp.js +6 -3
  12. package/dist/adapters/mcp.js.map +1 -1
  13. package/dist/adapters/mcp.mjs +6 -3
  14. package/dist/adapters/mcp.mjs.map +1 -1
  15. package/dist/adapters/nextjs.d.mts +2 -2
  16. package/dist/adapters/nextjs.d.ts +2 -2
  17. package/dist/adapters/nextjs.js +107 -28
  18. package/dist/adapters/nextjs.js.map +1 -1
  19. package/dist/adapters/nextjs.mjs +107 -28
  20. package/dist/adapters/nextjs.mjs.map +1 -1
  21. package/dist/adapters/sdk.d.mts +2 -2
  22. package/dist/adapters/sdk.d.ts +2 -2
  23. package/dist/adapters/sdk.js +1 -1
  24. package/dist/adapters/sdk.js.map +1 -1
  25. package/dist/adapters/sdk.mjs +1 -1
  26. package/dist/adapters/sdk.mjs.map +1 -1
  27. package/dist/agent/index.d.mts +2 -2
  28. package/dist/agent/index.d.ts +2 -2
  29. package/dist/agent/index.js +3 -0
  30. package/dist/agent/index.js.map +1 -1
  31. package/dist/agent/index.mjs +3 -0
  32. package/dist/agent/index.mjs.map +1 -1
  33. package/dist/browser/background.js +1 -1
  34. package/dist/browser/background.js.map +1 -1
  35. package/dist/browser/background.mjs +1 -1
  36. package/dist/browser/background.mjs.map +1 -1
  37. package/dist/browser/browser-adapter.d.mts +2 -2
  38. package/dist/browser/browser-adapter.d.ts +2 -2
  39. package/dist/cli/index.d.mts +2 -2
  40. package/dist/cli/index.d.ts +2 -2
  41. package/dist/cursor/cursor-adapter.d.mts +2 -2
  42. package/dist/cursor/cursor-adapter.d.ts +2 -2
  43. package/dist/cursor/extension.d.mts +2 -2
  44. package/dist/cursor/extension.d.ts +2 -2
  45. package/dist/cursor/extension.js +1 -1
  46. package/dist/cursor/extension.js.map +1 -1
  47. package/dist/cursor/extension.mjs +1 -1
  48. package/dist/cursor/extension.mjs.map +1 -1
  49. package/dist/{express-ienhAXps.d.mts → express-DFVBlXr_.d.mts} +1 -1
  50. package/dist/{express-CrfwoNAR.d.ts → express-DavQ76oF.d.ts} +1 -1
  51. package/dist/gateway/gateway.d.mts +2 -2
  52. package/dist/gateway/gateway.d.ts +2 -2
  53. package/dist/gateway/gateway.js +1 -1
  54. package/dist/gateway/gateway.js.map +1 -1
  55. package/dist/gateway/gateway.mjs +1 -1
  56. package/dist/gateway/gateway.mjs.map +1 -1
  57. package/dist/git-trigger/git-hooks.d.mts +2 -2
  58. package/dist/git-trigger/git-hooks.d.ts +2 -2
  59. package/dist/{index-B5e2IDWU.d.mts → index-BVxantdv.d.mts} +1 -1
  60. package/dist/{index-DC5f8eoQ.d.ts → index-BhEgEiJL.d.ts} +1 -1
  61. package/dist/{index-CEg_WG6y.d.mts → index-BhL2R65s.d.mts} +1 -1
  62. package/dist/{index-CCdZxvAr.d.ts → index-Dk2nIA4w.d.ts} +1 -1
  63. package/dist/index.d.mts +7 -7
  64. package/dist/index.d.ts +7 -7
  65. package/dist/index.js +160 -71
  66. package/dist/index.js.map +1 -1
  67. package/dist/index.mjs +160 -71
  68. package/dist/index.mjs.map +1 -1
  69. package/dist/local-evaluator/evaluator.d.mts +2 -2
  70. package/dist/local-evaluator/evaluator.d.ts +2 -2
  71. package/dist/{nextjs-66R1KW8e.d.ts → nextjs-BXLH1hJj.d.ts} +1 -1
  72. package/dist/{nextjs-DSpisQst.d.mts → nextjs-D-maqrNz.d.mts} +1 -1
  73. package/dist/{sdk-5U_CBRpr.d.mts → sdk-767LaEP8.d.mts} +1 -1
  74. package/dist/{sdk-Bm8np66n.d.ts → sdk-K8IgssHI.d.ts} +1 -1
  75. package/dist/transport/index.d.mts +2 -2
  76. package/dist/transport/index.d.ts +2 -2
  77. package/dist/transport/index.js +10 -0
  78. package/dist/transport/index.js.map +1 -1
  79. package/dist/transport/index.mjs +10 -0
  80. package/dist/transport/index.mjs.map +1 -1
  81. package/dist/{types-B3USs-Kx.d.mts → types-Cuh7ELfr.d.mts} +25 -0
  82. package/dist/{types-B3USs-Kx.d.ts → types-Cuh7ELfr.d.ts} +25 -0
  83. package/dist/{types-CgDCUfo8.d.mts → types-CyFwZ_Yu.d.mts} +1 -1
  84. package/dist/{types-R5N4ET6x.d.ts → types-WIRp_BP_.d.ts} +1 -1
  85. package/dist/ui/index.d.mts +1 -1
  86. package/dist/ui/index.d.ts +1 -1
  87. package/package.json +1 -1
@@ -1,6 +1,6 @@
1
1
  import { AstraSyncGateway } from '../gateway/gateway.mjs';
2
- import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-CgDCUfo8.mjs';
3
- import '../types-B3USs-Kx.mjs';
2
+ import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-CyFwZ_Yu.mjs';
3
+ import '../types-Cuh7ELfr.mjs';
4
4
 
5
5
  /**
6
6
  * PlatformAdapter Interface
@@ -1,6 +1,6 @@
1
1
  import { AstraSyncGateway } from '../gateway/gateway.js';
2
- import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-R5N4ET6x.js';
3
- import '../types-B3USs-Kx.js';
2
+ import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-WIRp_BP_.js';
3
+ import '../types-Cuh7ELfr.js';
4
4
 
5
5
  /**
6
6
  * PlatformAdapter Interface
@@ -1,3 +1,3 @@
1
1
  import 'express';
2
- import '../types-B3USs-Kx.mjs';
3
- export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-ienhAXps.mjs';
2
+ import '../types-Cuh7ELfr.mjs';
3
+ export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-DFVBlXr_.mjs';
@@ -1,3 +1,3 @@
1
1
  import 'express';
2
- import '../types-B3USs-Kx.js';
3
- export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-CrfwoNAR.js';
2
+ import '../types-Cuh7ELfr.js';
3
+ export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-DavQ76oF.js';
@@ -45,7 +45,7 @@ function hasMinimumAccess(actual, required) {
45
45
  }
46
46
 
47
47
  // src/version.ts
48
- var SDK_VERSION = "3.0.0";
48
+ var SDK_VERSION = "3.1.0";
49
49
 
50
50
  // src/well-known.ts
51
51
  var CACHE_TTL_MS = 60 * 60 * 1e3;
@@ -603,6 +603,13 @@ function extractHttpCredentials(headers) {
603
603
  purpose: { category, action }
604
604
  };
605
605
  }
606
+ const astraAction = getValue(`${HEADER_PREFIX}Action`) ?? getValue("x-astra-action");
607
+ if (astraAction) {
608
+ credentials.pdlss = {
609
+ ...credentials.pdlss,
610
+ purpose: { category: credentials.pdlss?.purpose?.category ?? "", action: astraAction }
611
+ };
612
+ }
606
613
  const duration = getValue(`${HEADER_PREFIX}Duration`) ?? getValue("x-astra-duration");
607
614
  if (duration) {
608
615
  credentials.pdlss = {
@@ -620,6 +627,85 @@ function extractHttpCredentials(headers) {
620
627
  return credentials;
621
628
  }
622
629
 
630
+ // src/adapters/http-pdlss.ts
631
+ var HTTP_METHOD_ACTION_TABLE = {
632
+ GET: "data.read",
633
+ HEAD: "data.read",
634
+ OPTIONS: "data.read",
635
+ POST: "data.write",
636
+ PUT: "data.write",
637
+ PATCH: "data.write",
638
+ DELETE: "data.delete"
639
+ };
640
+ var DEFAULT_HTTP_ACTION = "data.write";
641
+ var DEFAULT_HTTP_PURPOSE = "data";
642
+ function actionForHttpMethod(method) {
643
+ return HTTP_METHOD_ACTION_TABLE[method.toUpperCase()] ?? DEFAULT_HTTP_ACTION;
644
+ }
645
+ function normalizePurposeHeader(value) {
646
+ const colon = value.indexOf(":");
647
+ if (colon >= 0) {
648
+ return { purpose: value.slice(0, colon) };
649
+ }
650
+ const dot = value.indexOf(".");
651
+ if (dot > 0 && dot < value.length - 1) {
652
+ return { purpose: value.slice(0, dot), actionCandidate: value };
653
+ }
654
+ return { purpose: value };
655
+ }
656
+ function resolveHttpPdlss(input) {
657
+ const fromHeader = input.astraPurpose ? normalizePurposeHeader(input.astraPurpose) : void 0;
658
+ let action;
659
+ let actionSource;
660
+ if (input.routeAction) {
661
+ action = input.routeAction;
662
+ actionSource = "route_config";
663
+ } else if (input.hasCustomActionExtractor && input.customAction) {
664
+ action = input.customAction;
665
+ actionSource = "custom_extractor";
666
+ } else if (!input.hasCustomActionExtractor && input.astraAction) {
667
+ action = input.astraAction;
668
+ actionSource = "header";
669
+ } else if (!input.hasCustomActionExtractor && fromHeader?.actionCandidate) {
670
+ action = fromHeader.actionCandidate;
671
+ actionSource = "purpose_header_derived";
672
+ } else {
673
+ action = actionForHttpMethod(input.method);
674
+ actionSource = "method_table";
675
+ }
676
+ let purpose;
677
+ let purposeSource;
678
+ if (input.routePurpose) {
679
+ purpose = input.routePurpose;
680
+ purposeSource = "route_config";
681
+ } else if (input.hasCustomPurposeExtractor) {
682
+ if (input.customPurpose) {
683
+ purpose = input.customPurpose;
684
+ purposeSource = "custom_extractor";
685
+ }
686
+ } else if (fromHeader) {
687
+ purpose = fromHeader.purpose;
688
+ purposeSource = "header";
689
+ } else if (input.legacyPurpose) {
690
+ purpose = input.legacyPurpose;
691
+ purposeSource = "legacy_header";
692
+ } else if (input.queryPurpose) {
693
+ purpose = input.queryPurpose;
694
+ purposeSource = "query";
695
+ }
696
+ if (!purpose) {
697
+ const dot = action.indexOf(".");
698
+ if (dot > 0) {
699
+ purpose = action.slice(0, dot);
700
+ purposeSource = "action_derived";
701
+ } else {
702
+ purpose = DEFAULT_HTTP_PURPOSE;
703
+ purposeSource = "transport_default";
704
+ }
705
+ }
706
+ return { purpose, action, purposeSource, actionSource };
707
+ }
708
+
623
709
  // src/pdlss-pre-check.ts
624
710
  function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
625
711
  const failures = [];
@@ -678,33 +764,25 @@ function defaultExtractCredentials(req) {
678
764
  function extractAstraSyncCredentials(req) {
679
765
  return extractHttpCredentials(req.headers);
680
766
  }
681
- function defaultExtractPurpose(req) {
682
- const astraPurpose = req.headers["x-astra-purpose"];
683
- if (astraPurpose) {
684
- const value = Array.isArray(astraPurpose) ? astraPurpose[0] : astraPurpose;
685
- const category = value.split(":")[0];
686
- return category;
687
- }
688
- const purposeHeader = req.headers["x-purpose"] || req.headers["X-Purpose"];
689
- if (purposeHeader) {
690
- return Array.isArray(purposeHeader) ? purposeHeader[0] : purposeHeader;
691
- }
692
- if (req.query.purpose && typeof req.query.purpose === "string") {
693
- return req.query.purpose;
694
- }
695
- switch (req.method) {
696
- case "GET":
697
- return "read_data";
698
- case "POST":
699
- return "write_data";
700
- case "PUT":
701
- case "PATCH":
702
- return "write_data";
703
- case "DELETE":
704
- return "delete_data";
705
- default:
706
- return "general";
707
- }
767
+ function headerValue(value) {
768
+ if (typeof value === "string") return value;
769
+ if (Array.isArray(value)) return value[0];
770
+ return void 0;
771
+ }
772
+ function resolveRequestPdlss(req, routeConfig, customExtractPurpose, customExtractAction) {
773
+ return resolveHttpPdlss({
774
+ method: req.method,
775
+ astraPurpose: headerValue(req.headers["x-astra-purpose"]),
776
+ astraAction: headerValue(req.headers["x-astra-action"]),
777
+ legacyPurpose: headerValue(req.headers["x-purpose"] ?? req.headers["X-Purpose"]),
778
+ queryPurpose: typeof req.query.purpose === "string" ? req.query.purpose : void 0,
779
+ routePurpose: routeConfig?.purpose,
780
+ routeAction: routeConfig?.action,
781
+ hasCustomPurposeExtractor: !!customExtractPurpose,
782
+ customPurpose: customExtractPurpose?.(req),
783
+ hasCustomActionExtractor: !!customExtractAction,
784
+ customAction: customExtractAction?.(req)
785
+ });
708
786
  }
709
787
  function matchRoute(pattern, path, opts) {
710
788
  const regexPattern = pattern.replace(/\*/g, ".*").replace(/\//g, "\\/");
@@ -764,6 +842,7 @@ function createMiddleware(options) {
764
842
  const {
765
843
  extractCredentials: customExtractCredentials,
766
844
  extractPurpose: customExtractPurpose,
845
+ extractAction: customExtractAction,
767
846
  skipPaths = [],
768
847
  onDenied = defaultOnDenied,
769
848
  recordDecisions,
@@ -849,7 +928,21 @@ function createMiddleware(options) {
849
928
  }
850
929
  return next();
851
930
  }
852
- const purpose = customExtractPurpose ? customExtractPurpose(req) : defaultExtractPurpose(req);
931
+ const pdlssPair = resolveRequestPdlss(
932
+ req,
933
+ routeConfig,
934
+ customExtractPurpose,
935
+ customExtractAction
936
+ );
937
+ const purpose = pdlssPair.purpose;
938
+ if (config.debug) {
939
+ console.debug("[express-middleware] pdlss resolved", {
940
+ purpose_source: pdlssPair.purposeSource,
941
+ resolved_purpose: pdlssPair.purpose,
942
+ action_source: pdlssPair.actionSource,
943
+ resolved_action: pdlssPair.action
944
+ });
945
+ }
853
946
  const astraCreds = extractAstraSyncCredentials(req);
854
947
  const counterpartyUrl = config.counterpartyUrl || `${req.protocol}://${req.get("host")}`;
855
948
  const preCheckFailures = performCounterpartyPreCheck(routeConfig, astraCreds, purpose);
@@ -893,10 +986,7 @@ function createMiddleware(options) {
893
986
  const result = await verify(config, {
894
987
  credentials,
895
988
  purpose,
896
- // RFC 7230 § 3.1.1 — HTTP method tokens uppercase by IANA convention.
897
- // Backend evaluator tolerates either case as defense-in-depth
898
- // (round-18.6 batch 2); SDK emits canonical form.
899
- action: req.method.toUpperCase(),
989
+ action: pdlssPair.action,
900
990
  resource: req.path,
901
991
  createSession: shouldRecordDecisions,
902
992
  counterpartyUrl,