@astrasyncai/verification-gateway 3.0.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (87) hide show
  1. package/dist/adapter-interface/interface.d.mts +2 -2
  2. package/dist/adapter-interface/interface.d.ts +2 -2
  3. package/dist/adapters/express.d.mts +2 -2
  4. package/dist/adapters/express.d.ts +2 -2
  5. package/dist/adapters/express.js +123 -33
  6. package/dist/adapters/express.js.map +1 -1
  7. package/dist/adapters/express.mjs +123 -33
  8. package/dist/adapters/express.mjs.map +1 -1
  9. package/dist/adapters/mcp.d.mts +20 -7
  10. package/dist/adapters/mcp.d.ts +20 -7
  11. package/dist/adapters/mcp.js +6 -3
  12. package/dist/adapters/mcp.js.map +1 -1
  13. package/dist/adapters/mcp.mjs +6 -3
  14. package/dist/adapters/mcp.mjs.map +1 -1
  15. package/dist/adapters/nextjs.d.mts +2 -2
  16. package/dist/adapters/nextjs.d.ts +2 -2
  17. package/dist/adapters/nextjs.js +107 -28
  18. package/dist/adapters/nextjs.js.map +1 -1
  19. package/dist/adapters/nextjs.mjs +107 -28
  20. package/dist/adapters/nextjs.mjs.map +1 -1
  21. package/dist/adapters/sdk.d.mts +2 -2
  22. package/dist/adapters/sdk.d.ts +2 -2
  23. package/dist/adapters/sdk.js +1 -1
  24. package/dist/adapters/sdk.js.map +1 -1
  25. package/dist/adapters/sdk.mjs +1 -1
  26. package/dist/adapters/sdk.mjs.map +1 -1
  27. package/dist/agent/index.d.mts +2 -2
  28. package/dist/agent/index.d.ts +2 -2
  29. package/dist/agent/index.js +3 -0
  30. package/dist/agent/index.js.map +1 -1
  31. package/dist/agent/index.mjs +3 -0
  32. package/dist/agent/index.mjs.map +1 -1
  33. package/dist/browser/background.js +1 -1
  34. package/dist/browser/background.js.map +1 -1
  35. package/dist/browser/background.mjs +1 -1
  36. package/dist/browser/background.mjs.map +1 -1
  37. package/dist/browser/browser-adapter.d.mts +2 -2
  38. package/dist/browser/browser-adapter.d.ts +2 -2
  39. package/dist/cli/index.d.mts +2 -2
  40. package/dist/cli/index.d.ts +2 -2
  41. package/dist/cursor/cursor-adapter.d.mts +2 -2
  42. package/dist/cursor/cursor-adapter.d.ts +2 -2
  43. package/dist/cursor/extension.d.mts +2 -2
  44. package/dist/cursor/extension.d.ts +2 -2
  45. package/dist/cursor/extension.js +1 -1
  46. package/dist/cursor/extension.js.map +1 -1
  47. package/dist/cursor/extension.mjs +1 -1
  48. package/dist/cursor/extension.mjs.map +1 -1
  49. package/dist/{express-ienhAXps.d.mts → express-DFVBlXr_.d.mts} +1 -1
  50. package/dist/{express-CrfwoNAR.d.ts → express-DavQ76oF.d.ts} +1 -1
  51. package/dist/gateway/gateway.d.mts +2 -2
  52. package/dist/gateway/gateway.d.ts +2 -2
  53. package/dist/gateway/gateway.js +1 -1
  54. package/dist/gateway/gateway.js.map +1 -1
  55. package/dist/gateway/gateway.mjs +1 -1
  56. package/dist/gateway/gateway.mjs.map +1 -1
  57. package/dist/git-trigger/git-hooks.d.mts +2 -2
  58. package/dist/git-trigger/git-hooks.d.ts +2 -2
  59. package/dist/{index-B5e2IDWU.d.mts → index-BVxantdv.d.mts} +1 -1
  60. package/dist/{index-DC5f8eoQ.d.ts → index-BhEgEiJL.d.ts} +1 -1
  61. package/dist/{index-CEg_WG6y.d.mts → index-BhL2R65s.d.mts} +1 -1
  62. package/dist/{index-CCdZxvAr.d.ts → index-Dk2nIA4w.d.ts} +1 -1
  63. package/dist/index.d.mts +7 -7
  64. package/dist/index.d.ts +7 -7
  65. package/dist/index.js +160 -71
  66. package/dist/index.js.map +1 -1
  67. package/dist/index.mjs +160 -71
  68. package/dist/index.mjs.map +1 -1
  69. package/dist/local-evaluator/evaluator.d.mts +2 -2
  70. package/dist/local-evaluator/evaluator.d.ts +2 -2
  71. package/dist/{nextjs-66R1KW8e.d.ts → nextjs-BXLH1hJj.d.ts} +1 -1
  72. package/dist/{nextjs-DSpisQst.d.mts → nextjs-D-maqrNz.d.mts} +1 -1
  73. package/dist/{sdk-5U_CBRpr.d.mts → sdk-767LaEP8.d.mts} +1 -1
  74. package/dist/{sdk-Bm8np66n.d.ts → sdk-K8IgssHI.d.ts} +1 -1
  75. package/dist/transport/index.d.mts +2 -2
  76. package/dist/transport/index.d.ts +2 -2
  77. package/dist/transport/index.js +10 -0
  78. package/dist/transport/index.js.map +1 -1
  79. package/dist/transport/index.mjs +10 -0
  80. package/dist/transport/index.mjs.map +1 -1
  81. package/dist/{types-B3USs-Kx.d.mts → types-Cuh7ELfr.d.mts} +25 -0
  82. package/dist/{types-B3USs-Kx.d.ts → types-Cuh7ELfr.d.ts} +25 -0
  83. package/dist/{types-CgDCUfo8.d.mts → types-CyFwZ_Yu.d.mts} +1 -1
  84. package/dist/{types-R5N4ET6x.d.ts → types-WIRp_BP_.d.ts} +1 -1
  85. package/dist/ui/index.d.mts +1 -1
  86. package/dist/ui/index.d.ts +1 -1
  87. package/package.json +1 -1
@@ -1,5 +1,5 @@
1
1
  import { Request, Response, RequestHandler } from 'express';
2
- import { A as AccessLevel, G as GatewayConfig, i as VerificationResult } from '../types-B3USs-Kx.mjs';
2
+ import { A as AccessLevel, G as GatewayConfig, i as VerificationResult } from '../types-Cuh7ELfr.mjs';
3
3
 
4
4
  /**
5
5
  * MCP server-side helpers — companion to `transport/mcp.ts` (which handles the
@@ -137,7 +137,7 @@ interface McpPdlssMapping {
137
137
  action: string;
138
138
  resource: string;
139
139
  purposeSource: 'header' | 'meta' | 'tool_argument' | 'tool_gate' | undefined;
140
- actionSource: 'header' | 'meta' | 'tool_argument' | 'transport_layer';
140
+ actionSource: 'header' | 'meta' | 'tool_argument' | 'tool_gate' | 'transport_layer';
141
141
  }
142
142
  /**
143
143
  * v2.5.0 — PDLSS field derivation for MCP requests.
@@ -149,14 +149,18 @@ interface McpPdlssMapping {
149
149
  * Resource precedence:
150
150
  * - `toolGate.resource` if provided, else `requestPath`.
151
151
  *
152
- * Action precedence (unchanged from v2.4.14):
153
- * - header body `_meta` → body `arguments` → bare tool name / method.
152
+ * Action precedence (3.1.0, Bug 14 §4.6 — toolGate override added for
153
+ * symmetry with purpose):
154
+ * - `toolGate.action` authoritative → header → body `_meta` → body
155
+ * `arguments` → bare tool name / method (transport_layer, unchanged —
156
+ * bare tool names are legitimate enumerated actions, never aliased).
154
157
  *
155
158
  * @param requestPath The HTTP request path (e.g. '/mcp'). Required.
156
159
  * @param toolGate Resolved per-tool config from `toolGates`, if present.
157
160
  */
158
161
  declare function mcpToPdlss(parsed: ParsedMcpRequest, requestPath: string, headerPurpose?: string, headerAction?: string, toolGate?: {
159
162
  purpose?: string;
163
+ action?: string;
160
164
  resource?: string;
161
165
  }): McpPdlssMapping;
162
166
  /**
@@ -234,18 +238,25 @@ declare global {
234
238
  }
235
239
  }
236
240
  /**
237
- * Extended per-tool gate with optional PDLSS purpose + resource overrides.
241
+ * Extended per-tool gate with optional PDLSS purpose + action + resource
242
+ * overrides.
238
243
  *
239
244
  * When `purpose` is set, it is authoritative for that tool — the agent's
240
245
  * `X-Astra-Purpose` header is ignored. This lets the merchant declare what
241
246
  * semantic purpose each tool fulfils rather than trusting agent self-declaration.
242
247
  *
248
+ * When `action` is set (Bug 14, §4.6 — symmetric with `purpose`), it is
249
+ * authoritative over `X-Astra-Action` / body declarations, letting the
250
+ * merchant pin a dotted-verb action (e.g. `shopping.search`) for a tool
251
+ * whose callers would otherwise fall to the bare tool-name transport default.
252
+ *
243
253
  * When `resource` is set, it overrides the default (`req.path`) for that
244
254
  * tool's verify-access call — e.g. mapping `list_products` to `/api/catalog`.
245
255
  */
246
256
  interface ToolGateConfig {
247
257
  minAccessLevel: AccessLevel;
248
258
  purpose?: string;
259
+ action?: string;
249
260
  resource?: string;
250
261
  }
251
262
  interface McpMiddlewareOptions extends GatewayConfig {
@@ -258,10 +269,12 @@ interface McpMiddlewareOptions extends GatewayConfig {
258
269
  * toolGates: {
259
270
  * browse_catalog: 'read-only', // shorthand
260
271
  * list_products: { minAccessLevel: 'none', // full shape
261
- * purpose: 'shopping.search',
272
+ * purpose: 'shopping',
273
+ * action: 'shopping.search',
262
274
  * resource: '/api/catalog' },
263
275
  * start_checkout: { minAccessLevel: 'standard',
264
- * purpose: 'shopping.purchase',
276
+ * purpose: 'shopping',
277
+ * action: 'shopping.purchase',
265
278
  * resource: '/api/checkout/*' },
266
279
  * }
267
280
  * ```
@@ -1,5 +1,5 @@
1
1
  import { Request, Response, RequestHandler } from 'express';
2
- import { A as AccessLevel, G as GatewayConfig, i as VerificationResult } from '../types-B3USs-Kx.js';
2
+ import { A as AccessLevel, G as GatewayConfig, i as VerificationResult } from '../types-Cuh7ELfr.js';
3
3
 
4
4
  /**
5
5
  * MCP server-side helpers — companion to `transport/mcp.ts` (which handles the
@@ -137,7 +137,7 @@ interface McpPdlssMapping {
137
137
  action: string;
138
138
  resource: string;
139
139
  purposeSource: 'header' | 'meta' | 'tool_argument' | 'tool_gate' | undefined;
140
- actionSource: 'header' | 'meta' | 'tool_argument' | 'transport_layer';
140
+ actionSource: 'header' | 'meta' | 'tool_argument' | 'tool_gate' | 'transport_layer';
141
141
  }
142
142
  /**
143
143
  * v2.5.0 — PDLSS field derivation for MCP requests.
@@ -149,14 +149,18 @@ interface McpPdlssMapping {
149
149
  * Resource precedence:
150
150
  * - `toolGate.resource` if provided, else `requestPath`.
151
151
  *
152
- * Action precedence (unchanged from v2.4.14):
153
- * - header body `_meta` → body `arguments` → bare tool name / method.
152
+ * Action precedence (3.1.0, Bug 14 §4.6 — toolGate override added for
153
+ * symmetry with purpose):
154
+ * - `toolGate.action` authoritative → header → body `_meta` → body
155
+ * `arguments` → bare tool name / method (transport_layer, unchanged —
156
+ * bare tool names are legitimate enumerated actions, never aliased).
154
157
  *
155
158
  * @param requestPath The HTTP request path (e.g. '/mcp'). Required.
156
159
  * @param toolGate Resolved per-tool config from `toolGates`, if present.
157
160
  */
158
161
  declare function mcpToPdlss(parsed: ParsedMcpRequest, requestPath: string, headerPurpose?: string, headerAction?: string, toolGate?: {
159
162
  purpose?: string;
163
+ action?: string;
160
164
  resource?: string;
161
165
  }): McpPdlssMapping;
162
166
  /**
@@ -234,18 +238,25 @@ declare global {
234
238
  }
235
239
  }
236
240
  /**
237
- * Extended per-tool gate with optional PDLSS purpose + resource overrides.
241
+ * Extended per-tool gate with optional PDLSS purpose + action + resource
242
+ * overrides.
238
243
  *
239
244
  * When `purpose` is set, it is authoritative for that tool — the agent's
240
245
  * `X-Astra-Purpose` header is ignored. This lets the merchant declare what
241
246
  * semantic purpose each tool fulfils rather than trusting agent self-declaration.
242
247
  *
248
+ * When `action` is set (Bug 14, §4.6 — symmetric with `purpose`), it is
249
+ * authoritative over `X-Astra-Action` / body declarations, letting the
250
+ * merchant pin a dotted-verb action (e.g. `shopping.search`) for a tool
251
+ * whose callers would otherwise fall to the bare tool-name transport default.
252
+ *
243
253
  * When `resource` is set, it overrides the default (`req.path`) for that
244
254
  * tool's verify-access call — e.g. mapping `list_products` to `/api/catalog`.
245
255
  */
246
256
  interface ToolGateConfig {
247
257
  minAccessLevel: AccessLevel;
248
258
  purpose?: string;
259
+ action?: string;
249
260
  resource?: string;
250
261
  }
251
262
  interface McpMiddlewareOptions extends GatewayConfig {
@@ -258,10 +269,12 @@ interface McpMiddlewareOptions extends GatewayConfig {
258
269
  * toolGates: {
259
270
  * browse_catalog: 'read-only', // shorthand
260
271
  * list_products: { minAccessLevel: 'none', // full shape
261
- * purpose: 'shopping.search',
272
+ * purpose: 'shopping',
273
+ * action: 'shopping.search',
262
274
  * resource: '/api/catalog' },
263
275
  * start_checkout: { minAccessLevel: 'standard',
264
- * purpose: 'shopping.purchase',
276
+ * purpose: 'shopping',
277
+ * action: 'shopping.purchase',
265
278
  * resource: '/api/checkout/*' },
266
279
  * }
267
280
  * ```
@@ -51,7 +51,7 @@ function hasMinimumAccess(actual, required) {
51
51
  }
52
52
 
53
53
  // src/version.ts
54
- var SDK_VERSION = "3.0.0";
54
+ var SDK_VERSION = "3.1.0";
55
55
 
56
56
  // src/well-known.ts
57
57
  var CACHE_TTL_MS = 60 * 60 * 1e3;
@@ -677,7 +677,10 @@ function mcpToPdlss(parsed, requestPath, headerPurpose, headerAction, toolGate)
677
677
  }
678
678
  let action;
679
679
  let actionSource;
680
- if (headerAction) {
680
+ if (toolGate?.action !== void 0) {
681
+ action = toolGate.action;
682
+ actionSource = "tool_gate";
683
+ } else if (headerAction) {
681
684
  action = headerAction;
682
685
  actionSource = "header";
683
686
  } else if (parsed.actionFromBody && parsed.actionSourceFromBody) {
@@ -851,7 +854,7 @@ function createMcpMiddleware(options) {
851
854
  req.path,
852
855
  headerPurpose,
853
856
  headerAction,
854
- gate ? { purpose: gate.purpose, resource: gate.resource } : void 0
857
+ gate ? { purpose: gate.purpose, action: gate.action, resource: gate.resource } : void 0
855
858
  );
856
859
  if (config.debug) {
857
860
  console.debug("[mcp-middleware] pdlss resolved", {