@astrasyncai/verification-gateway 3.0.0 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter-interface/interface.d.mts +2 -2
- package/dist/adapter-interface/interface.d.ts +2 -2
- package/dist/adapters/express.d.mts +2 -2
- package/dist/adapters/express.d.ts +2 -2
- package/dist/adapters/express.js +123 -33
- package/dist/adapters/express.js.map +1 -1
- package/dist/adapters/express.mjs +123 -33
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/mcp.d.mts +20 -7
- package/dist/adapters/mcp.d.ts +20 -7
- package/dist/adapters/mcp.js +6 -3
- package/dist/adapters/mcp.js.map +1 -1
- package/dist/adapters/mcp.mjs +6 -3
- package/dist/adapters/mcp.mjs.map +1 -1
- package/dist/adapters/nextjs.d.mts +2 -2
- package/dist/adapters/nextjs.d.ts +2 -2
- package/dist/adapters/nextjs.js +107 -28
- package/dist/adapters/nextjs.js.map +1 -1
- package/dist/adapters/nextjs.mjs +107 -28
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/adapters/sdk.d.mts +2 -2
- package/dist/adapters/sdk.d.ts +2 -2
- package/dist/adapters/sdk.js +1 -1
- package/dist/adapters/sdk.js.map +1 -1
- package/dist/adapters/sdk.mjs +1 -1
- package/dist/adapters/sdk.mjs.map +1 -1
- package/dist/agent/index.d.mts +2 -2
- package/dist/agent/index.d.ts +2 -2
- package/dist/agent/index.js +3 -0
- package/dist/agent/index.js.map +1 -1
- package/dist/agent/index.mjs +3 -0
- package/dist/agent/index.mjs.map +1 -1
- package/dist/browser/background.js +1 -1
- package/dist/browser/background.js.map +1 -1
- package/dist/browser/background.mjs +1 -1
- package/dist/browser/background.mjs.map +1 -1
- package/dist/browser/browser-adapter.d.mts +2 -2
- package/dist/browser/browser-adapter.d.ts +2 -2
- package/dist/cli/index.d.mts +2 -2
- package/dist/cli/index.d.ts +2 -2
- package/dist/cursor/cursor-adapter.d.mts +2 -2
- package/dist/cursor/cursor-adapter.d.ts +2 -2
- package/dist/cursor/extension.d.mts +2 -2
- package/dist/cursor/extension.d.ts +2 -2
- package/dist/cursor/extension.js +1 -1
- package/dist/cursor/extension.js.map +1 -1
- package/dist/cursor/extension.mjs +1 -1
- package/dist/cursor/extension.mjs.map +1 -1
- package/dist/{express-ienhAXps.d.mts → express-DFVBlXr_.d.mts} +1 -1
- package/dist/{express-CrfwoNAR.d.ts → express-DavQ76oF.d.ts} +1 -1
- package/dist/gateway/gateway.d.mts +2 -2
- package/dist/gateway/gateway.d.ts +2 -2
- package/dist/gateway/gateway.js +1 -1
- package/dist/gateway/gateway.js.map +1 -1
- package/dist/gateway/gateway.mjs +1 -1
- package/dist/gateway/gateway.mjs.map +1 -1
- package/dist/git-trigger/git-hooks.d.mts +2 -2
- package/dist/git-trigger/git-hooks.d.ts +2 -2
- package/dist/{index-B5e2IDWU.d.mts → index-BVxantdv.d.mts} +1 -1
- package/dist/{index-DC5f8eoQ.d.ts → index-BhEgEiJL.d.ts} +1 -1
- package/dist/{index-CEg_WG6y.d.mts → index-BhL2R65s.d.mts} +1 -1
- package/dist/{index-CCdZxvAr.d.ts → index-Dk2nIA4w.d.ts} +1 -1
- package/dist/index.d.mts +7 -7
- package/dist/index.d.ts +7 -7
- package/dist/index.js +160 -71
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +160 -71
- package/dist/index.mjs.map +1 -1
- package/dist/local-evaluator/evaluator.d.mts +2 -2
- package/dist/local-evaluator/evaluator.d.ts +2 -2
- package/dist/{nextjs-66R1KW8e.d.ts → nextjs-BXLH1hJj.d.ts} +1 -1
- package/dist/{nextjs-DSpisQst.d.mts → nextjs-D-maqrNz.d.mts} +1 -1
- package/dist/{sdk-5U_CBRpr.d.mts → sdk-767LaEP8.d.mts} +1 -1
- package/dist/{sdk-Bm8np66n.d.ts → sdk-K8IgssHI.d.ts} +1 -1
- package/dist/transport/index.d.mts +2 -2
- package/dist/transport/index.d.ts +2 -2
- package/dist/transport/index.js +10 -0
- package/dist/transport/index.js.map +1 -1
- package/dist/transport/index.mjs +10 -0
- package/dist/transport/index.mjs.map +1 -1
- package/dist/{types-B3USs-Kx.d.mts → types-Cuh7ELfr.d.mts} +25 -0
- package/dist/{types-B3USs-Kx.d.ts → types-Cuh7ELfr.d.ts} +25 -0
- package/dist/{types-CgDCUfo8.d.mts → types-CyFwZ_Yu.d.mts} +1 -1
- package/dist/{types-R5N4ET6x.d.ts → types-WIRp_BP_.d.ts} +1 -1
- package/dist/ui/index.d.mts +1 -1
- package/dist/ui/index.d.ts +1 -1
- package/package.json +1 -1
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { AstraSyncGateway } from '../gateway/gateway.mjs';
|
|
2
|
-
import { V as VerificationDecision, P as PDLSSContext } from '../types-
|
|
3
|
-
import '../types-
|
|
2
|
+
import { V as VerificationDecision, P as PDLSSContext } from '../types-CyFwZ_Yu.mjs';
|
|
3
|
+
import '../types-Cuh7ELfr.mjs';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Git Trigger — Enterprise git push / PR verification
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { AstraSyncGateway } from '../gateway/gateway.js';
|
|
2
|
-
import { V as VerificationDecision, P as PDLSSContext } from '../types-
|
|
3
|
-
import '../types-
|
|
2
|
+
import { V as VerificationDecision, P as PDLSSContext } from '../types-WIRp_BP_.js';
|
|
3
|
+
import '../types-Cuh7ELfr.js';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Git Trigger — Enterprise git push / PR verification
|
package/dist/index.d.mts
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
import { a as AgentCredentials, G as GatewayConfig, A as AccessLevel, V as VerificationRequest, i as VerificationResult } from './types-
|
|
2
|
-
export { b as AstraSyncCredentials, C as CommerceShieldProps, c as CounterpartyType, E as EnhancedVerificationResult, d as ExpressMiddlewareOptions, e as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, f as ProtocolTransport, R as RouteAccessConfig, g as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, h as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-
|
|
3
|
-
export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-
|
|
4
|
-
export { e as express } from './express-
|
|
5
|
-
export { n as nextjs } from './nextjs-
|
|
6
|
-
export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-
|
|
1
|
+
import { a as AgentCredentials, G as GatewayConfig, A as AccessLevel, V as VerificationRequest, i as VerificationResult } from './types-Cuh7ELfr.mjs';
|
|
2
|
+
export { b as AstraSyncCredentials, C as CommerceShieldProps, c as CounterpartyType, E as EnhancedVerificationResult, d as ExpressMiddlewareOptions, e as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, f as ProtocolTransport, R as RouteAccessConfig, g as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, h as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-Cuh7ELfr.mjs';
|
|
3
|
+
export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-767LaEP8.mjs';
|
|
4
|
+
export { e as express } from './express-DFVBlXr_.mjs';
|
|
5
|
+
export { n as nextjs } from './nextjs-D-maqrNz.mjs';
|
|
6
|
+
export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-BhL2R65s.mjs';
|
|
7
7
|
export { McpMiddlewareOptions, ToolGateConfig, createMcpMiddleware } from './adapters/mcp.mjs';
|
|
8
8
|
export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, BuildGuidanceParams, FrameworkConfig, GuidanceEnvelope, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions, buildGuidance } from './registration/index.mjs';
|
|
9
|
-
export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-
|
|
9
|
+
export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-BVxantdv.mjs';
|
|
10
10
|
import 'express';
|
|
11
11
|
import 'next/server';
|
|
12
12
|
import 'jose';
|
package/dist/index.d.ts
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
import { a as AgentCredentials, G as GatewayConfig, A as AccessLevel, V as VerificationRequest, i as VerificationResult } from './types-
|
|
2
|
-
export { b as AstraSyncCredentials, C as CommerceShieldProps, c as CounterpartyType, E as EnhancedVerificationResult, d as ExpressMiddlewareOptions, e as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, f as ProtocolTransport, R as RouteAccessConfig, g as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, h as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-
|
|
3
|
-
export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-
|
|
4
|
-
export { e as express } from './express-
|
|
5
|
-
export { n as nextjs } from './nextjs-
|
|
6
|
-
export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-
|
|
1
|
+
import { a as AgentCredentials, G as GatewayConfig, A as AccessLevel, V as VerificationRequest, i as VerificationResult } from './types-Cuh7ELfr.js';
|
|
2
|
+
export { b as AstraSyncCredentials, C as CommerceShieldProps, c as CounterpartyType, E as EnhancedVerificationResult, d as ExpressMiddlewareOptions, e as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, f as ProtocolTransport, R as RouteAccessConfig, g as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, h as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-Cuh7ELfr.js';
|
|
3
|
+
export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-K8IgssHI.js';
|
|
4
|
+
export { e as express } from './express-DavQ76oF.js';
|
|
5
|
+
export { n as nextjs } from './nextjs-BXLH1hJj.js';
|
|
6
|
+
export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-Dk2nIA4w.js';
|
|
7
7
|
export { McpMiddlewareOptions, ToolGateConfig, createMcpMiddleware } from './adapters/mcp.js';
|
|
8
8
|
export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, BuildGuidanceParams, FrameworkConfig, GuidanceEnvelope, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions, buildGuidance } from './registration/index.js';
|
|
9
|
-
export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-
|
|
9
|
+
export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-BhEgEiJL.js';
|
|
10
10
|
import 'express';
|
|
11
11
|
import 'next/server';
|
|
12
12
|
import 'jose';
|
package/dist/index.js
CHANGED
|
@@ -192,7 +192,7 @@ function getCapabilities(accessLevel) {
|
|
|
192
192
|
}
|
|
193
193
|
|
|
194
194
|
// src/version.ts
|
|
195
|
-
var SDK_VERSION = "3.
|
|
195
|
+
var SDK_VERSION = "3.1.0";
|
|
196
196
|
|
|
197
197
|
// src/well-known.ts
|
|
198
198
|
var CACHE_TTL_MS = 60 * 60 * 1e3;
|
|
@@ -787,6 +787,9 @@ function setHttpHeaders(headers, credentials) {
|
|
|
787
787
|
if (credentials.pdlss?.purpose) {
|
|
788
788
|
const purposeValue = credentials.pdlss.purpose.action ? `${credentials.pdlss.purpose.category}:${credentials.pdlss.purpose.action}` : credentials.pdlss.purpose.category;
|
|
789
789
|
result[`${HEADER_PREFIX}Purpose`] = purposeValue;
|
|
790
|
+
if (credentials.pdlss.purpose.action) {
|
|
791
|
+
result[`${HEADER_PREFIX}Action`] = credentials.pdlss.purpose.action;
|
|
792
|
+
}
|
|
790
793
|
}
|
|
791
794
|
if (credentials.pdlss?.duration?.maxSessionDuration) {
|
|
792
795
|
result[`${HEADER_PREFIX}Duration`] = String(credentials.pdlss.duration.maxSessionDuration);
|
|
@@ -816,6 +819,13 @@ function extractHttpCredentials(headers) {
|
|
|
816
819
|
purpose: { category, action }
|
|
817
820
|
};
|
|
818
821
|
}
|
|
822
|
+
const astraAction = getValue(`${HEADER_PREFIX}Action`) ?? getValue("x-astra-action");
|
|
823
|
+
if (astraAction) {
|
|
824
|
+
credentials.pdlss = {
|
|
825
|
+
...credentials.pdlss,
|
|
826
|
+
purpose: { category: credentials.pdlss?.purpose?.category ?? "", action: astraAction }
|
|
827
|
+
};
|
|
828
|
+
}
|
|
819
829
|
const duration = getValue(`${HEADER_PREFIX}Duration`) ?? getValue("x-astra-duration");
|
|
820
830
|
if (duration) {
|
|
821
831
|
credentials.pdlss = {
|
|
@@ -833,6 +843,85 @@ function extractHttpCredentials(headers) {
|
|
|
833
843
|
return credentials;
|
|
834
844
|
}
|
|
835
845
|
|
|
846
|
+
// src/adapters/http-pdlss.ts
|
|
847
|
+
var HTTP_METHOD_ACTION_TABLE = {
|
|
848
|
+
GET: "data.read",
|
|
849
|
+
HEAD: "data.read",
|
|
850
|
+
OPTIONS: "data.read",
|
|
851
|
+
POST: "data.write",
|
|
852
|
+
PUT: "data.write",
|
|
853
|
+
PATCH: "data.write",
|
|
854
|
+
DELETE: "data.delete"
|
|
855
|
+
};
|
|
856
|
+
var DEFAULT_HTTP_ACTION = "data.write";
|
|
857
|
+
var DEFAULT_HTTP_PURPOSE = "data";
|
|
858
|
+
function actionForHttpMethod(method) {
|
|
859
|
+
return HTTP_METHOD_ACTION_TABLE[method.toUpperCase()] ?? DEFAULT_HTTP_ACTION;
|
|
860
|
+
}
|
|
861
|
+
function normalizePurposeHeader(value) {
|
|
862
|
+
const colon = value.indexOf(":");
|
|
863
|
+
if (colon >= 0) {
|
|
864
|
+
return { purpose: value.slice(0, colon) };
|
|
865
|
+
}
|
|
866
|
+
const dot = value.indexOf(".");
|
|
867
|
+
if (dot > 0 && dot < value.length - 1) {
|
|
868
|
+
return { purpose: value.slice(0, dot), actionCandidate: value };
|
|
869
|
+
}
|
|
870
|
+
return { purpose: value };
|
|
871
|
+
}
|
|
872
|
+
function resolveHttpPdlss(input) {
|
|
873
|
+
const fromHeader = input.astraPurpose ? normalizePurposeHeader(input.astraPurpose) : void 0;
|
|
874
|
+
let action;
|
|
875
|
+
let actionSource;
|
|
876
|
+
if (input.routeAction) {
|
|
877
|
+
action = input.routeAction;
|
|
878
|
+
actionSource = "route_config";
|
|
879
|
+
} else if (input.hasCustomActionExtractor && input.customAction) {
|
|
880
|
+
action = input.customAction;
|
|
881
|
+
actionSource = "custom_extractor";
|
|
882
|
+
} else if (!input.hasCustomActionExtractor && input.astraAction) {
|
|
883
|
+
action = input.astraAction;
|
|
884
|
+
actionSource = "header";
|
|
885
|
+
} else if (!input.hasCustomActionExtractor && fromHeader?.actionCandidate) {
|
|
886
|
+
action = fromHeader.actionCandidate;
|
|
887
|
+
actionSource = "purpose_header_derived";
|
|
888
|
+
} else {
|
|
889
|
+
action = actionForHttpMethod(input.method);
|
|
890
|
+
actionSource = "method_table";
|
|
891
|
+
}
|
|
892
|
+
let purpose;
|
|
893
|
+
let purposeSource;
|
|
894
|
+
if (input.routePurpose) {
|
|
895
|
+
purpose = input.routePurpose;
|
|
896
|
+
purposeSource = "route_config";
|
|
897
|
+
} else if (input.hasCustomPurposeExtractor) {
|
|
898
|
+
if (input.customPurpose) {
|
|
899
|
+
purpose = input.customPurpose;
|
|
900
|
+
purposeSource = "custom_extractor";
|
|
901
|
+
}
|
|
902
|
+
} else if (fromHeader) {
|
|
903
|
+
purpose = fromHeader.purpose;
|
|
904
|
+
purposeSource = "header";
|
|
905
|
+
} else if (input.legacyPurpose) {
|
|
906
|
+
purpose = input.legacyPurpose;
|
|
907
|
+
purposeSource = "legacy_header";
|
|
908
|
+
} else if (input.queryPurpose) {
|
|
909
|
+
purpose = input.queryPurpose;
|
|
910
|
+
purposeSource = "query";
|
|
911
|
+
}
|
|
912
|
+
if (!purpose) {
|
|
913
|
+
const dot = action.indexOf(".");
|
|
914
|
+
if (dot > 0) {
|
|
915
|
+
purpose = action.slice(0, dot);
|
|
916
|
+
purposeSource = "action_derived";
|
|
917
|
+
} else {
|
|
918
|
+
purpose = DEFAULT_HTTP_PURPOSE;
|
|
919
|
+
purposeSource = "transport_default";
|
|
920
|
+
}
|
|
921
|
+
}
|
|
922
|
+
return { purpose, action, purposeSource, actionSource };
|
|
923
|
+
}
|
|
924
|
+
|
|
836
925
|
// src/pdlss-pre-check.ts
|
|
837
926
|
function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
|
|
838
927
|
const failures = [];
|
|
@@ -891,33 +980,25 @@ function defaultExtractCredentials(req) {
|
|
|
891
980
|
function extractAstraSyncCredentials(req) {
|
|
892
981
|
return extractHttpCredentials(req.headers);
|
|
893
982
|
}
|
|
894
|
-
function
|
|
895
|
-
|
|
896
|
-
if (
|
|
897
|
-
|
|
898
|
-
|
|
899
|
-
|
|
900
|
-
|
|
901
|
-
|
|
902
|
-
|
|
903
|
-
|
|
904
|
-
|
|
905
|
-
|
|
906
|
-
|
|
907
|
-
|
|
908
|
-
|
|
909
|
-
|
|
910
|
-
|
|
911
|
-
|
|
912
|
-
|
|
913
|
-
case "PUT":
|
|
914
|
-
case "PATCH":
|
|
915
|
-
return "write_data";
|
|
916
|
-
case "DELETE":
|
|
917
|
-
return "delete_data";
|
|
918
|
-
default:
|
|
919
|
-
return "general";
|
|
920
|
-
}
|
|
983
|
+
function headerValue(value) {
|
|
984
|
+
if (typeof value === "string") return value;
|
|
985
|
+
if (Array.isArray(value)) return value[0];
|
|
986
|
+
return void 0;
|
|
987
|
+
}
|
|
988
|
+
function resolveRequestPdlss(req, routeConfig, customExtractPurpose, customExtractAction) {
|
|
989
|
+
return resolveHttpPdlss({
|
|
990
|
+
method: req.method,
|
|
991
|
+
astraPurpose: headerValue(req.headers["x-astra-purpose"]),
|
|
992
|
+
astraAction: headerValue(req.headers["x-astra-action"]),
|
|
993
|
+
legacyPurpose: headerValue(req.headers["x-purpose"] ?? req.headers["X-Purpose"]),
|
|
994
|
+
queryPurpose: typeof req.query.purpose === "string" ? req.query.purpose : void 0,
|
|
995
|
+
routePurpose: routeConfig?.purpose,
|
|
996
|
+
routeAction: routeConfig?.action,
|
|
997
|
+
hasCustomPurposeExtractor: !!customExtractPurpose,
|
|
998
|
+
customPurpose: customExtractPurpose?.(req),
|
|
999
|
+
hasCustomActionExtractor: !!customExtractAction,
|
|
1000
|
+
customAction: customExtractAction?.(req)
|
|
1001
|
+
});
|
|
921
1002
|
}
|
|
922
1003
|
function matchRoute(pattern, path, opts) {
|
|
923
1004
|
const regexPattern = pattern.replace(/\*/g, ".*").replace(/\//g, "\\/");
|
|
@@ -977,6 +1058,7 @@ function createMiddleware(options) {
|
|
|
977
1058
|
const {
|
|
978
1059
|
extractCredentials: customExtractCredentials,
|
|
979
1060
|
extractPurpose: customExtractPurpose,
|
|
1061
|
+
extractAction: customExtractAction,
|
|
980
1062
|
skipPaths = [],
|
|
981
1063
|
onDenied = defaultOnDenied,
|
|
982
1064
|
recordDecisions,
|
|
@@ -1062,7 +1144,21 @@ function createMiddleware(options) {
|
|
|
1062
1144
|
}
|
|
1063
1145
|
return next();
|
|
1064
1146
|
}
|
|
1065
|
-
const
|
|
1147
|
+
const pdlssPair = resolveRequestPdlss(
|
|
1148
|
+
req,
|
|
1149
|
+
routeConfig,
|
|
1150
|
+
customExtractPurpose,
|
|
1151
|
+
customExtractAction
|
|
1152
|
+
);
|
|
1153
|
+
const purpose = pdlssPair.purpose;
|
|
1154
|
+
if (config.debug) {
|
|
1155
|
+
console.debug("[express-middleware] pdlss resolved", {
|
|
1156
|
+
purpose_source: pdlssPair.purposeSource,
|
|
1157
|
+
resolved_purpose: pdlssPair.purpose,
|
|
1158
|
+
action_source: pdlssPair.actionSource,
|
|
1159
|
+
resolved_action: pdlssPair.action
|
|
1160
|
+
});
|
|
1161
|
+
}
|
|
1066
1162
|
const astraCreds = extractAstraSyncCredentials(req);
|
|
1067
1163
|
const counterpartyUrl = config.counterpartyUrl || `${req.protocol}://${req.get("host")}`;
|
|
1068
1164
|
const preCheckFailures = performCounterpartyPreCheck(routeConfig, astraCreds, purpose);
|
|
@@ -1106,10 +1202,7 @@ function createMiddleware(options) {
|
|
|
1106
1202
|
const result = await verify(config, {
|
|
1107
1203
|
credentials,
|
|
1108
1204
|
purpose,
|
|
1109
|
-
|
|
1110
|
-
// Backend evaluator tolerates either case as defense-in-depth
|
|
1111
|
-
// (round-18.6 batch 2); SDK emits canonical form.
|
|
1112
|
-
action: req.method.toUpperCase(),
|
|
1205
|
+
action: pdlssPair.action,
|
|
1113
1206
|
resource: req.path,
|
|
1114
1207
|
createSession: shouldRecordDecisions,
|
|
1115
1208
|
counterpartyUrl,
|
|
@@ -1307,28 +1400,15 @@ function extractAstraSyncCredentialsFromNextRequest(request) {
|
|
|
1307
1400
|
});
|
|
1308
1401
|
return extractHttpCredentials(headers);
|
|
1309
1402
|
}
|
|
1310
|
-
function
|
|
1311
|
-
|
|
1312
|
-
|
|
1313
|
-
|
|
1314
|
-
|
|
1315
|
-
|
|
1316
|
-
|
|
1317
|
-
|
|
1318
|
-
}
|
|
1319
|
-
switch (request.method.toUpperCase()) {
|
|
1320
|
-
case "GET":
|
|
1321
|
-
return "read_data";
|
|
1322
|
-
case "POST":
|
|
1323
|
-
return "write_data";
|
|
1324
|
-
case "PUT":
|
|
1325
|
-
case "PATCH":
|
|
1326
|
-
return "write_data";
|
|
1327
|
-
case "DELETE":
|
|
1328
|
-
return "delete_data";
|
|
1329
|
-
default:
|
|
1330
|
-
return "general";
|
|
1331
|
-
}
|
|
1403
|
+
function resolveNextPdlss(request, routeConfig) {
|
|
1404
|
+
return resolveHttpPdlss({
|
|
1405
|
+
method: request.method,
|
|
1406
|
+
astraPurpose: request.headers.get("x-astra-purpose") ?? void 0,
|
|
1407
|
+
astraAction: request.headers.get("x-astra-action") ?? void 0,
|
|
1408
|
+
legacyPurpose: request.headers.get("x-purpose") ?? void 0,
|
|
1409
|
+
routePurpose: routeConfig?.purpose,
|
|
1410
|
+
routeAction: routeConfig?.action
|
|
1411
|
+
});
|
|
1332
1412
|
}
|
|
1333
1413
|
function generateCommerceShieldHtml(result, options) {
|
|
1334
1414
|
const title = escapeHtml(options.commerceShield?.title || "AstraSync Agent Verification");
|
|
@@ -1541,7 +1621,16 @@ function createMiddleware2(options) {
|
|
|
1541
1621
|
}
|
|
1542
1622
|
const credentials = extractCredentialsFromNextRequest(request);
|
|
1543
1623
|
const counterpartyUrl = config.counterpartyUrl || request.nextUrl.origin;
|
|
1544
|
-
const
|
|
1624
|
+
const pdlssPair = resolveNextPdlss(request, routeConfig);
|
|
1625
|
+
const purpose = pdlssPair.purpose;
|
|
1626
|
+
if (config.debug) {
|
|
1627
|
+
console.debug("[nextjs-middleware] pdlss resolved", {
|
|
1628
|
+
purpose_source: pdlssPair.purposeSource,
|
|
1629
|
+
resolved_purpose: pdlssPair.purpose,
|
|
1630
|
+
action_source: pdlssPair.actionSource,
|
|
1631
|
+
resolved_action: pdlssPair.action
|
|
1632
|
+
});
|
|
1633
|
+
}
|
|
1545
1634
|
const astraCreds = extractAstraSyncCredentialsFromNextRequest(request);
|
|
1546
1635
|
const preCheckFailures = performCounterpartyPreCheck(routeConfig, astraCreds, purpose);
|
|
1547
1636
|
if (preCheckFailures.length > 0) {
|
|
@@ -1595,10 +1684,7 @@ function createMiddleware2(options) {
|
|
|
1595
1684
|
const result = await verify(config, {
|
|
1596
1685
|
credentials,
|
|
1597
1686
|
purpose,
|
|
1598
|
-
|
|
1599
|
-
// Backend evaluator tolerates either case as defense-in-depth
|
|
1600
|
-
// (round-18.6 batch 2); SDK emits canonical form.
|
|
1601
|
-
action: request.method.toUpperCase(),
|
|
1687
|
+
action: pdlssPair.action,
|
|
1602
1688
|
resource: pathname,
|
|
1603
1689
|
counterpartyUrl,
|
|
1604
1690
|
counterpartyType: config.counterpartyType || "website",
|
|
@@ -3353,9 +3439,9 @@ function toBuf(bytes) {
|
|
|
3353
3439
|
new Uint8Array(out).set(bytes);
|
|
3354
3440
|
return out;
|
|
3355
3441
|
}
|
|
3356
|
-
function checkTimestamp(
|
|
3357
|
-
if (!
|
|
3358
|
-
const ts = parseTimestamp(
|
|
3442
|
+
function checkTimestamp(headerValue2, toleranceSec, nowFn) {
|
|
3443
|
+
if (!headerValue2) return { ok: false, error: "missing Timestamp header" };
|
|
3444
|
+
const ts = parseTimestamp(headerValue2);
|
|
3359
3445
|
if (ts === null) return { ok: false, error: "unparseable Timestamp header" };
|
|
3360
3446
|
const now = nowFn ? nowFn() : Math.floor(Date.now() / 1e3);
|
|
3361
3447
|
if (Math.abs(now - ts) > toleranceSec) {
|
|
@@ -3587,14 +3673,14 @@ function verifyMPP(input) {
|
|
|
3587
3673
|
var import_schemas = require("@x402/core/schemas");
|
|
3588
3674
|
var import_utils = require("@x402/core/utils");
|
|
3589
3675
|
function extractX402FromRequest(request) {
|
|
3590
|
-
const
|
|
3676
|
+
const headerValue2 = readHeader4(request.headers, "x-payment");
|
|
3591
3677
|
if (request.body && typeof request.body === "object") {
|
|
3592
3678
|
const parsed = tryParsePayload(request.body);
|
|
3593
3679
|
if (parsed) return buildPayloadContext(parsed, "body");
|
|
3594
3680
|
}
|
|
3595
|
-
if (
|
|
3681
|
+
if (headerValue2) {
|
|
3596
3682
|
try {
|
|
3597
|
-
const decoded = (0, import_utils.safeBase64Decode)(
|
|
3683
|
+
const decoded = (0, import_utils.safeBase64Decode)(headerValue2);
|
|
3598
3684
|
if (decoded) {
|
|
3599
3685
|
const json = JSON.parse(decoded);
|
|
3600
3686
|
const parsed = tryParsePayload(json);
|
|
@@ -3617,10 +3703,10 @@ function extractX402FromResponse(response) {
|
|
|
3617
3703
|
const parsed = tryParseRequired(response.body);
|
|
3618
3704
|
if (parsed) return buildRequiredContext(parsed, "body");
|
|
3619
3705
|
}
|
|
3620
|
-
const
|
|
3621
|
-
if (
|
|
3706
|
+
const headerValue2 = readHeader4(response.headers, "x-payment-required");
|
|
3707
|
+
if (headerValue2) {
|
|
3622
3708
|
try {
|
|
3623
|
-
const decoded = (0, import_utils.safeBase64Decode)(
|
|
3709
|
+
const decoded = (0, import_utils.safeBase64Decode)(headerValue2);
|
|
3624
3710
|
if (decoded) {
|
|
3625
3711
|
const json = JSON.parse(decoded);
|
|
3626
3712
|
const parsed = tryParseRequired(json);
|
|
@@ -4456,7 +4542,10 @@ function mcpToPdlss(parsed, requestPath, headerPurpose, headerAction, toolGate)
|
|
|
4456
4542
|
}
|
|
4457
4543
|
let action;
|
|
4458
4544
|
let actionSource;
|
|
4459
|
-
if (
|
|
4545
|
+
if (toolGate?.action !== void 0) {
|
|
4546
|
+
action = toolGate.action;
|
|
4547
|
+
actionSource = "tool_gate";
|
|
4548
|
+
} else if (headerAction) {
|
|
4460
4549
|
action = headerAction;
|
|
4461
4550
|
actionSource = "header";
|
|
4462
4551
|
} else if (parsed.actionFromBody && parsed.actionSourceFromBody) {
|
|
@@ -4630,7 +4719,7 @@ function createMcpMiddleware(options) {
|
|
|
4630
4719
|
req.path,
|
|
4631
4720
|
headerPurpose,
|
|
4632
4721
|
headerAction,
|
|
4633
|
-
gate ? { purpose: gate.purpose, resource: gate.resource } : void 0
|
|
4722
|
+
gate ? { purpose: gate.purpose, action: gate.action, resource: gate.resource } : void 0
|
|
4634
4723
|
);
|
|
4635
4724
|
if (config.debug) {
|
|
4636
4725
|
console.debug("[mcp-middleware] pdlss resolved", {
|