@astrasyncai/verification-gateway 3.0.0 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter-interface/interface.d.mts +2 -2
- package/dist/adapter-interface/interface.d.ts +2 -2
- package/dist/adapters/express.d.mts +2 -2
- package/dist/adapters/express.d.ts +2 -2
- package/dist/adapters/express.js +123 -33
- package/dist/adapters/express.js.map +1 -1
- package/dist/adapters/express.mjs +123 -33
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/mcp.d.mts +20 -7
- package/dist/adapters/mcp.d.ts +20 -7
- package/dist/adapters/mcp.js +6 -3
- package/dist/adapters/mcp.js.map +1 -1
- package/dist/adapters/mcp.mjs +6 -3
- package/dist/adapters/mcp.mjs.map +1 -1
- package/dist/adapters/nextjs.d.mts +2 -2
- package/dist/adapters/nextjs.d.ts +2 -2
- package/dist/adapters/nextjs.js +107 -28
- package/dist/adapters/nextjs.js.map +1 -1
- package/dist/adapters/nextjs.mjs +107 -28
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/adapters/sdk.d.mts +2 -2
- package/dist/adapters/sdk.d.ts +2 -2
- package/dist/adapters/sdk.js +1 -1
- package/dist/adapters/sdk.js.map +1 -1
- package/dist/adapters/sdk.mjs +1 -1
- package/dist/adapters/sdk.mjs.map +1 -1
- package/dist/agent/index.d.mts +2 -2
- package/dist/agent/index.d.ts +2 -2
- package/dist/agent/index.js +3 -0
- package/dist/agent/index.js.map +1 -1
- package/dist/agent/index.mjs +3 -0
- package/dist/agent/index.mjs.map +1 -1
- package/dist/browser/background.js +1 -1
- package/dist/browser/background.js.map +1 -1
- package/dist/browser/background.mjs +1 -1
- package/dist/browser/background.mjs.map +1 -1
- package/dist/browser/browser-adapter.d.mts +2 -2
- package/dist/browser/browser-adapter.d.ts +2 -2
- package/dist/cli/index.d.mts +2 -2
- package/dist/cli/index.d.ts +2 -2
- package/dist/cursor/cursor-adapter.d.mts +2 -2
- package/dist/cursor/cursor-adapter.d.ts +2 -2
- package/dist/cursor/extension.d.mts +2 -2
- package/dist/cursor/extension.d.ts +2 -2
- package/dist/cursor/extension.js +1 -1
- package/dist/cursor/extension.js.map +1 -1
- package/dist/cursor/extension.mjs +1 -1
- package/dist/cursor/extension.mjs.map +1 -1
- package/dist/{express-ienhAXps.d.mts → express-DFVBlXr_.d.mts} +1 -1
- package/dist/{express-CrfwoNAR.d.ts → express-DavQ76oF.d.ts} +1 -1
- package/dist/gateway/gateway.d.mts +2 -2
- package/dist/gateway/gateway.d.ts +2 -2
- package/dist/gateway/gateway.js +1 -1
- package/dist/gateway/gateway.js.map +1 -1
- package/dist/gateway/gateway.mjs +1 -1
- package/dist/gateway/gateway.mjs.map +1 -1
- package/dist/git-trigger/git-hooks.d.mts +2 -2
- package/dist/git-trigger/git-hooks.d.ts +2 -2
- package/dist/{index-B5e2IDWU.d.mts → index-BVxantdv.d.mts} +1 -1
- package/dist/{index-DC5f8eoQ.d.ts → index-BhEgEiJL.d.ts} +1 -1
- package/dist/{index-CEg_WG6y.d.mts → index-BhL2R65s.d.mts} +1 -1
- package/dist/{index-CCdZxvAr.d.ts → index-Dk2nIA4w.d.ts} +1 -1
- package/dist/index.d.mts +7 -7
- package/dist/index.d.ts +7 -7
- package/dist/index.js +160 -71
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +160 -71
- package/dist/index.mjs.map +1 -1
- package/dist/local-evaluator/evaluator.d.mts +2 -2
- package/dist/local-evaluator/evaluator.d.ts +2 -2
- package/dist/{nextjs-66R1KW8e.d.ts → nextjs-BXLH1hJj.d.ts} +1 -1
- package/dist/{nextjs-DSpisQst.d.mts → nextjs-D-maqrNz.d.mts} +1 -1
- package/dist/{sdk-5U_CBRpr.d.mts → sdk-767LaEP8.d.mts} +1 -1
- package/dist/{sdk-Bm8np66n.d.ts → sdk-K8IgssHI.d.ts} +1 -1
- package/dist/transport/index.d.mts +2 -2
- package/dist/transport/index.d.ts +2 -2
- package/dist/transport/index.js +10 -0
- package/dist/transport/index.js.map +1 -1
- package/dist/transport/index.mjs +10 -0
- package/dist/transport/index.mjs.map +1 -1
- package/dist/{types-B3USs-Kx.d.mts → types-Cuh7ELfr.d.mts} +25 -0
- package/dist/{types-B3USs-Kx.d.ts → types-Cuh7ELfr.d.ts} +25 -0
- package/dist/{types-CgDCUfo8.d.mts → types-CyFwZ_Yu.d.mts} +1 -1
- package/dist/{types-R5N4ET6x.d.ts → types-WIRp_BP_.d.ts} +1 -1
- package/dist/ui/index.d.mts +1 -1
- package/dist/ui/index.d.ts +1 -1
- package/package.json +1 -1
|
@@ -18,7 +18,7 @@ function hasMinimumAccess(actual, required) {
|
|
|
18
18
|
}
|
|
19
19
|
|
|
20
20
|
// src/version.ts
|
|
21
|
-
var SDK_VERSION = "3.
|
|
21
|
+
var SDK_VERSION = "3.1.0";
|
|
22
22
|
|
|
23
23
|
// src/well-known.ts
|
|
24
24
|
var CACHE_TTL_MS = 60 * 60 * 1e3;
|
|
@@ -576,6 +576,13 @@ function extractHttpCredentials(headers) {
|
|
|
576
576
|
purpose: { category, action }
|
|
577
577
|
};
|
|
578
578
|
}
|
|
579
|
+
const astraAction = getValue(`${HEADER_PREFIX}Action`) ?? getValue("x-astra-action");
|
|
580
|
+
if (astraAction) {
|
|
581
|
+
credentials.pdlss = {
|
|
582
|
+
...credentials.pdlss,
|
|
583
|
+
purpose: { category: credentials.pdlss?.purpose?.category ?? "", action: astraAction }
|
|
584
|
+
};
|
|
585
|
+
}
|
|
579
586
|
const duration = getValue(`${HEADER_PREFIX}Duration`) ?? getValue("x-astra-duration");
|
|
580
587
|
if (duration) {
|
|
581
588
|
credentials.pdlss = {
|
|
@@ -593,6 +600,85 @@ function extractHttpCredentials(headers) {
|
|
|
593
600
|
return credentials;
|
|
594
601
|
}
|
|
595
602
|
|
|
603
|
+
// src/adapters/http-pdlss.ts
|
|
604
|
+
var HTTP_METHOD_ACTION_TABLE = {
|
|
605
|
+
GET: "data.read",
|
|
606
|
+
HEAD: "data.read",
|
|
607
|
+
OPTIONS: "data.read",
|
|
608
|
+
POST: "data.write",
|
|
609
|
+
PUT: "data.write",
|
|
610
|
+
PATCH: "data.write",
|
|
611
|
+
DELETE: "data.delete"
|
|
612
|
+
};
|
|
613
|
+
var DEFAULT_HTTP_ACTION = "data.write";
|
|
614
|
+
var DEFAULT_HTTP_PURPOSE = "data";
|
|
615
|
+
function actionForHttpMethod(method) {
|
|
616
|
+
return HTTP_METHOD_ACTION_TABLE[method.toUpperCase()] ?? DEFAULT_HTTP_ACTION;
|
|
617
|
+
}
|
|
618
|
+
function normalizePurposeHeader(value) {
|
|
619
|
+
const colon = value.indexOf(":");
|
|
620
|
+
if (colon >= 0) {
|
|
621
|
+
return { purpose: value.slice(0, colon) };
|
|
622
|
+
}
|
|
623
|
+
const dot = value.indexOf(".");
|
|
624
|
+
if (dot > 0 && dot < value.length - 1) {
|
|
625
|
+
return { purpose: value.slice(0, dot), actionCandidate: value };
|
|
626
|
+
}
|
|
627
|
+
return { purpose: value };
|
|
628
|
+
}
|
|
629
|
+
function resolveHttpPdlss(input) {
|
|
630
|
+
const fromHeader = input.astraPurpose ? normalizePurposeHeader(input.astraPurpose) : void 0;
|
|
631
|
+
let action;
|
|
632
|
+
let actionSource;
|
|
633
|
+
if (input.routeAction) {
|
|
634
|
+
action = input.routeAction;
|
|
635
|
+
actionSource = "route_config";
|
|
636
|
+
} else if (input.hasCustomActionExtractor && input.customAction) {
|
|
637
|
+
action = input.customAction;
|
|
638
|
+
actionSource = "custom_extractor";
|
|
639
|
+
} else if (!input.hasCustomActionExtractor && input.astraAction) {
|
|
640
|
+
action = input.astraAction;
|
|
641
|
+
actionSource = "header";
|
|
642
|
+
} else if (!input.hasCustomActionExtractor && fromHeader?.actionCandidate) {
|
|
643
|
+
action = fromHeader.actionCandidate;
|
|
644
|
+
actionSource = "purpose_header_derived";
|
|
645
|
+
} else {
|
|
646
|
+
action = actionForHttpMethod(input.method);
|
|
647
|
+
actionSource = "method_table";
|
|
648
|
+
}
|
|
649
|
+
let purpose;
|
|
650
|
+
let purposeSource;
|
|
651
|
+
if (input.routePurpose) {
|
|
652
|
+
purpose = input.routePurpose;
|
|
653
|
+
purposeSource = "route_config";
|
|
654
|
+
} else if (input.hasCustomPurposeExtractor) {
|
|
655
|
+
if (input.customPurpose) {
|
|
656
|
+
purpose = input.customPurpose;
|
|
657
|
+
purposeSource = "custom_extractor";
|
|
658
|
+
}
|
|
659
|
+
} else if (fromHeader) {
|
|
660
|
+
purpose = fromHeader.purpose;
|
|
661
|
+
purposeSource = "header";
|
|
662
|
+
} else if (input.legacyPurpose) {
|
|
663
|
+
purpose = input.legacyPurpose;
|
|
664
|
+
purposeSource = "legacy_header";
|
|
665
|
+
} else if (input.queryPurpose) {
|
|
666
|
+
purpose = input.queryPurpose;
|
|
667
|
+
purposeSource = "query";
|
|
668
|
+
}
|
|
669
|
+
if (!purpose) {
|
|
670
|
+
const dot = action.indexOf(".");
|
|
671
|
+
if (dot > 0) {
|
|
672
|
+
purpose = action.slice(0, dot);
|
|
673
|
+
purposeSource = "action_derived";
|
|
674
|
+
} else {
|
|
675
|
+
purpose = DEFAULT_HTTP_PURPOSE;
|
|
676
|
+
purposeSource = "transport_default";
|
|
677
|
+
}
|
|
678
|
+
}
|
|
679
|
+
return { purpose, action, purposeSource, actionSource };
|
|
680
|
+
}
|
|
681
|
+
|
|
596
682
|
// src/pdlss-pre-check.ts
|
|
597
683
|
function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
|
|
598
684
|
const failures = [];
|
|
@@ -651,33 +737,25 @@ function defaultExtractCredentials(req) {
|
|
|
651
737
|
function extractAstraSyncCredentials(req) {
|
|
652
738
|
return extractHttpCredentials(req.headers);
|
|
653
739
|
}
|
|
654
|
-
function
|
|
655
|
-
|
|
656
|
-
if (
|
|
657
|
-
|
|
658
|
-
|
|
659
|
-
|
|
660
|
-
|
|
661
|
-
|
|
662
|
-
|
|
663
|
-
|
|
664
|
-
|
|
665
|
-
|
|
666
|
-
|
|
667
|
-
|
|
668
|
-
|
|
669
|
-
|
|
670
|
-
|
|
671
|
-
|
|
672
|
-
|
|
673
|
-
case "PUT":
|
|
674
|
-
case "PATCH":
|
|
675
|
-
return "write_data";
|
|
676
|
-
case "DELETE":
|
|
677
|
-
return "delete_data";
|
|
678
|
-
default:
|
|
679
|
-
return "general";
|
|
680
|
-
}
|
|
740
|
+
function headerValue(value) {
|
|
741
|
+
if (typeof value === "string") return value;
|
|
742
|
+
if (Array.isArray(value)) return value[0];
|
|
743
|
+
return void 0;
|
|
744
|
+
}
|
|
745
|
+
function resolveRequestPdlss(req, routeConfig, customExtractPurpose, customExtractAction) {
|
|
746
|
+
return resolveHttpPdlss({
|
|
747
|
+
method: req.method,
|
|
748
|
+
astraPurpose: headerValue(req.headers["x-astra-purpose"]),
|
|
749
|
+
astraAction: headerValue(req.headers["x-astra-action"]),
|
|
750
|
+
legacyPurpose: headerValue(req.headers["x-purpose"] ?? req.headers["X-Purpose"]),
|
|
751
|
+
queryPurpose: typeof req.query.purpose === "string" ? req.query.purpose : void 0,
|
|
752
|
+
routePurpose: routeConfig?.purpose,
|
|
753
|
+
routeAction: routeConfig?.action,
|
|
754
|
+
hasCustomPurposeExtractor: !!customExtractPurpose,
|
|
755
|
+
customPurpose: customExtractPurpose?.(req),
|
|
756
|
+
hasCustomActionExtractor: !!customExtractAction,
|
|
757
|
+
customAction: customExtractAction?.(req)
|
|
758
|
+
});
|
|
681
759
|
}
|
|
682
760
|
function matchRoute(pattern, path, opts) {
|
|
683
761
|
const regexPattern = pattern.replace(/\*/g, ".*").replace(/\//g, "\\/");
|
|
@@ -737,6 +815,7 @@ function createMiddleware(options) {
|
|
|
737
815
|
const {
|
|
738
816
|
extractCredentials: customExtractCredentials,
|
|
739
817
|
extractPurpose: customExtractPurpose,
|
|
818
|
+
extractAction: customExtractAction,
|
|
740
819
|
skipPaths = [],
|
|
741
820
|
onDenied = defaultOnDenied,
|
|
742
821
|
recordDecisions,
|
|
@@ -822,7 +901,21 @@ function createMiddleware(options) {
|
|
|
822
901
|
}
|
|
823
902
|
return next();
|
|
824
903
|
}
|
|
825
|
-
const
|
|
904
|
+
const pdlssPair = resolveRequestPdlss(
|
|
905
|
+
req,
|
|
906
|
+
routeConfig,
|
|
907
|
+
customExtractPurpose,
|
|
908
|
+
customExtractAction
|
|
909
|
+
);
|
|
910
|
+
const purpose = pdlssPair.purpose;
|
|
911
|
+
if (config.debug) {
|
|
912
|
+
console.debug("[express-middleware] pdlss resolved", {
|
|
913
|
+
purpose_source: pdlssPair.purposeSource,
|
|
914
|
+
resolved_purpose: pdlssPair.purpose,
|
|
915
|
+
action_source: pdlssPair.actionSource,
|
|
916
|
+
resolved_action: pdlssPair.action
|
|
917
|
+
});
|
|
918
|
+
}
|
|
826
919
|
const astraCreds = extractAstraSyncCredentials(req);
|
|
827
920
|
const counterpartyUrl = config.counterpartyUrl || `${req.protocol}://${req.get("host")}`;
|
|
828
921
|
const preCheckFailures = performCounterpartyPreCheck(routeConfig, astraCreds, purpose);
|
|
@@ -866,10 +959,7 @@ function createMiddleware(options) {
|
|
|
866
959
|
const result = await verify(config, {
|
|
867
960
|
credentials,
|
|
868
961
|
purpose,
|
|
869
|
-
|
|
870
|
-
// Backend evaluator tolerates either case as defense-in-depth
|
|
871
|
-
// (round-18.6 batch 2); SDK emits canonical form.
|
|
872
|
-
action: req.method.toUpperCase(),
|
|
962
|
+
action: pdlssPair.action,
|
|
873
963
|
resource: req.path,
|
|
874
964
|
createSession: shouldRecordDecisions,
|
|
875
965
|
counterpartyUrl,
|