@astrasyncai/verification-gateway 3.0.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (87) hide show
  1. package/dist/adapter-interface/interface.d.mts +2 -2
  2. package/dist/adapter-interface/interface.d.ts +2 -2
  3. package/dist/adapters/express.d.mts +2 -2
  4. package/dist/adapters/express.d.ts +2 -2
  5. package/dist/adapters/express.js +145 -93
  6. package/dist/adapters/express.js.map +1 -1
  7. package/dist/adapters/express.mjs +145 -93
  8. package/dist/adapters/express.mjs.map +1 -1
  9. package/dist/adapters/mcp.d.mts +29 -11
  10. package/dist/adapters/mcp.d.ts +29 -11
  11. package/dist/adapters/mcp.js +43 -102
  12. package/dist/adapters/mcp.js.map +1 -1
  13. package/dist/adapters/mcp.mjs +43 -102
  14. package/dist/adapters/mcp.mjs.map +1 -1
  15. package/dist/adapters/nextjs.d.mts +2 -2
  16. package/dist/adapters/nextjs.d.ts +2 -2
  17. package/dist/adapters/nextjs.js +126 -56
  18. package/dist/adapters/nextjs.js.map +1 -1
  19. package/dist/adapters/nextjs.mjs +126 -56
  20. package/dist/adapters/nextjs.mjs.map +1 -1
  21. package/dist/adapters/sdk.d.mts +2 -2
  22. package/dist/adapters/sdk.d.ts +2 -2
  23. package/dist/adapters/sdk.js +25 -14
  24. package/dist/adapters/sdk.js.map +1 -1
  25. package/dist/adapters/sdk.mjs +25 -14
  26. package/dist/adapters/sdk.mjs.map +1 -1
  27. package/dist/agent/index.d.mts +2 -2
  28. package/dist/agent/index.d.ts +2 -2
  29. package/dist/agent/index.js +3 -0
  30. package/dist/agent/index.js.map +1 -1
  31. package/dist/agent/index.mjs +3 -0
  32. package/dist/agent/index.mjs.map +1 -1
  33. package/dist/browser/background.js +18 -21
  34. package/dist/browser/background.js.map +1 -1
  35. package/dist/browser/background.mjs +18 -21
  36. package/dist/browser/background.mjs.map +1 -1
  37. package/dist/browser/browser-adapter.d.mts +2 -2
  38. package/dist/browser/browser-adapter.d.ts +2 -2
  39. package/dist/cli/index.d.mts +2 -2
  40. package/dist/cli/index.d.ts +2 -2
  41. package/dist/cursor/cursor-adapter.d.mts +2 -2
  42. package/dist/cursor/cursor-adapter.d.ts +2 -2
  43. package/dist/cursor/extension.d.mts +2 -2
  44. package/dist/cursor/extension.d.ts +2 -2
  45. package/dist/cursor/extension.js +18 -21
  46. package/dist/cursor/extension.js.map +1 -1
  47. package/dist/cursor/extension.mjs +18 -21
  48. package/dist/cursor/extension.mjs.map +1 -1
  49. package/dist/{express-CrfwoNAR.d.ts → express-BowlMHQF.d.ts} +1 -1
  50. package/dist/{express-ienhAXps.d.mts → express-CeoSdOAZ.d.mts} +1 -1
  51. package/dist/gateway/gateway.d.mts +2 -2
  52. package/dist/gateway/gateway.d.ts +2 -2
  53. package/dist/gateway/gateway.js +18 -21
  54. package/dist/gateway/gateway.js.map +1 -1
  55. package/dist/gateway/gateway.mjs +18 -21
  56. package/dist/gateway/gateway.mjs.map +1 -1
  57. package/dist/git-trigger/git-hooks.d.mts +2 -2
  58. package/dist/git-trigger/git-hooks.d.ts +2 -2
  59. package/dist/{index-CEg_WG6y.d.mts → index-B51W8gn8.d.mts} +1 -1
  60. package/dist/{index-DC5f8eoQ.d.ts → index-DBmlycVm.d.ts} +1 -1
  61. package/dist/{index-B5e2IDWU.d.mts → index-DtGziFEm.d.mts} +1 -1
  62. package/dist/{index-CCdZxvAr.d.ts → index-DzXXBuLm.d.ts} +1 -1
  63. package/dist/index.d.mts +7 -7
  64. package/dist/index.d.ts +7 -7
  65. package/dist/index.js +209 -191
  66. package/dist/index.js.map +1 -1
  67. package/dist/index.mjs +209 -191
  68. package/dist/index.mjs.map +1 -1
  69. package/dist/local-evaluator/evaluator.d.mts +2 -2
  70. package/dist/local-evaluator/evaluator.d.ts +2 -2
  71. package/dist/{nextjs-DSpisQst.d.mts → nextjs-BW1rzr1I.d.mts} +1 -1
  72. package/dist/{nextjs-66R1KW8e.d.ts → nextjs-V_K0qlAQ.d.ts} +1 -1
  73. package/dist/{sdk-5U_CBRpr.d.mts → sdk-ZYgI7G9f.d.ts} +14 -3
  74. package/dist/{sdk-Bm8np66n.d.ts → sdk-e5jg7sqW.d.mts} +14 -3
  75. package/dist/transport/index.d.mts +2 -2
  76. package/dist/transport/index.d.ts +2 -2
  77. package/dist/transport/index.js +10 -0
  78. package/dist/transport/index.js.map +1 -1
  79. package/dist/transport/index.mjs +10 -0
  80. package/dist/transport/index.mjs.map +1 -1
  81. package/dist/{types-CgDCUfo8.d.mts → types-BNiLZY0i.d.mts} +1 -1
  82. package/dist/{types-R5N4ET6x.d.ts → types-DJi-u3fz.d.ts} +1 -1
  83. package/dist/{types-B3USs-Kx.d.mts → types-rFh4VMH4.d.mts} +30 -2
  84. package/dist/{types-B3USs-Kx.d.ts → types-rFh4VMH4.d.ts} +30 -2
  85. package/dist/ui/index.d.mts +1 -1
  86. package/dist/ui/index.d.ts +1 -1
  87. package/package.json +1 -1
@@ -1,4 +1,4 @@
1
- import { A as AccessLevel, c as CounterpartyType, T as TokenGuidance } from './types-B3USs-Kx.mjs';
1
+ import { A as AccessLevel, c as CounterpartyType, T as TokenGuidance } from './types-rFh4VMH4.mjs';
2
2
 
3
3
  /**
4
4
  * AstraSync Gateway - Types for gateway modes, local evaluation, and adapter interface.
@@ -1,4 +1,4 @@
1
- import { A as AccessLevel, c as CounterpartyType, T as TokenGuidance } from './types-B3USs-Kx.js';
1
+ import { A as AccessLevel, c as CounterpartyType, T as TokenGuidance } from './types-rFh4VMH4.js';
2
2
 
3
3
  /**
4
4
  * AstraSync Gateway - Types for gateway modes, local evaluation, and adapter interface.
@@ -467,8 +467,11 @@ interface RouteAccessConfig {
467
467
  pattern: string;
468
468
  /** HTTP method (or * for all) */
469
469
  method: string | '*';
470
- /** Minimum access level required */
471
- minAccessLevel: AccessLevel;
470
+ /**
471
+ * @deprecated 3.2.0 — the access-level band no longer gates (post-3.1.0 #1).
472
+ * Optional/ignored; retained for back-compat. Use `minTrustScore` to tighten.
473
+ */
474
+ minAccessLevel?: AccessLevel;
472
475
  /** Minimum trust score required (optional) */
473
476
  minTrustScore?: number;
474
477
  /** Required purposes (optional, agent must declare one of these) */
@@ -482,6 +485,22 @@ interface RouteAccessConfig {
482
485
  allowedJurisdictions?: string[];
483
486
  /** Maximum transaction value for this route */
484
487
  maxTransactionValue?: number;
488
+ /**
489
+ * Backend-evaluator strict mode (audit F-A1-09): when true AND
490
+ * `allowedPurposes` is non-empty, verify-access denies requests arriving
491
+ * WITHOUT a purpose. Configured in the dashboard; passed through here.
492
+ */
493
+ requirePurpose?: boolean;
494
+ /**
495
+ * SEND-mapping (Bug 14, §4.6) — not an allow-list: the PDLSS tokens the
496
+ * middleware STAMPS on verify-access calls matching this route, replacing
497
+ * the generic `data`/`data.*` method-table fallback. `purpose` = bare
498
+ * category noun (`shopping`, `trading`); `action` = dotted verb
499
+ * (`shopping.search`, `trading.execute`). Authoritative over agent-supplied
500
+ * headers — the dashboard is merchant policy, the way MCP toolGates are.
501
+ */
502
+ purpose?: string;
503
+ action?: string;
485
504
  }
486
505
  /**
487
506
  * Express middleware options.
@@ -500,6 +519,15 @@ interface ExpressMiddlewareOptions extends GatewayConfig {
500
519
  extractCredentials?: (req: unknown) => AgentCredentials;
501
520
  /** Function to extract purpose from request */
502
521
  extractPurpose?: (req: unknown) => string | undefined;
522
+ /**
523
+ * Function to extract the PDLSS action from a request — symmetric with
524
+ * `extractPurpose` (Bug 14, §4.6: the action axis previously had NO
525
+ * override and hardwired the HTTP verb). When configured it masks the
526
+ * `X-Astra-Action` header step; returning undefined falls through to the
527
+ * pinned method→action table (GET→data.read, POST/PUT/PATCH→data.write,
528
+ * DELETE→data.delete). Dashboard route mapping still outranks it.
529
+ */
530
+ extractAction?: (req: unknown) => string | undefined;
503
531
  /** Skip verification for certain paths */
504
532
  skipPaths?: string[];
505
533
  /** Custom response for denied requests */
@@ -467,8 +467,11 @@ interface RouteAccessConfig {
467
467
  pattern: string;
468
468
  /** HTTP method (or * for all) */
469
469
  method: string | '*';
470
- /** Minimum access level required */
471
- minAccessLevel: AccessLevel;
470
+ /**
471
+ * @deprecated 3.2.0 — the access-level band no longer gates (post-3.1.0 #1).
472
+ * Optional/ignored; retained for back-compat. Use `minTrustScore` to tighten.
473
+ */
474
+ minAccessLevel?: AccessLevel;
472
475
  /** Minimum trust score required (optional) */
473
476
  minTrustScore?: number;
474
477
  /** Required purposes (optional, agent must declare one of these) */
@@ -482,6 +485,22 @@ interface RouteAccessConfig {
482
485
  allowedJurisdictions?: string[];
483
486
  /** Maximum transaction value for this route */
484
487
  maxTransactionValue?: number;
488
+ /**
489
+ * Backend-evaluator strict mode (audit F-A1-09): when true AND
490
+ * `allowedPurposes` is non-empty, verify-access denies requests arriving
491
+ * WITHOUT a purpose. Configured in the dashboard; passed through here.
492
+ */
493
+ requirePurpose?: boolean;
494
+ /**
495
+ * SEND-mapping (Bug 14, §4.6) — not an allow-list: the PDLSS tokens the
496
+ * middleware STAMPS on verify-access calls matching this route, replacing
497
+ * the generic `data`/`data.*` method-table fallback. `purpose` = bare
498
+ * category noun (`shopping`, `trading`); `action` = dotted verb
499
+ * (`shopping.search`, `trading.execute`). Authoritative over agent-supplied
500
+ * headers — the dashboard is merchant policy, the way MCP toolGates are.
501
+ */
502
+ purpose?: string;
503
+ action?: string;
485
504
  }
486
505
  /**
487
506
  * Express middleware options.
@@ -500,6 +519,15 @@ interface ExpressMiddlewareOptions extends GatewayConfig {
500
519
  extractCredentials?: (req: unknown) => AgentCredentials;
501
520
  /** Function to extract purpose from request */
502
521
  extractPurpose?: (req: unknown) => string | undefined;
522
+ /**
523
+ * Function to extract the PDLSS action from a request — symmetric with
524
+ * `extractPurpose` (Bug 14, §4.6: the action axis previously had NO
525
+ * override and hardwired the HTTP verb). When configured it masks the
526
+ * `X-Astra-Action` header step; returning undefined falls through to the
527
+ * pinned method→action table (GET→data.read, POST/PUT/PATCH→data.write,
528
+ * DELETE→data.delete). Dashboard route mapping still outranks it.
529
+ */
530
+ extractAction?: (req: unknown) => string | undefined;
503
531
  /** Skip verification for certain paths */
504
532
  skipPaths?: string[];
505
533
  /** Custom response for denied requests */
@@ -1,4 +1,4 @@
1
- import { C as CommerceShieldProps, i as VerificationResult, a as AgentCredentials, e as GuidanceInfo, h as TrustLevel } from '../types-B3USs-Kx.mjs';
1
+ import { C as CommerceShieldProps, i as VerificationResult, a as AgentCredentials, e as GuidanceInfo, h as TrustLevel } from '../types-rFh4VMH4.mjs';
2
2
 
3
3
  /**
4
4
  * AstraSync Commerce Shield Component
@@ -1,4 +1,4 @@
1
- import { C as CommerceShieldProps, i as VerificationResult, a as AgentCredentials, e as GuidanceInfo, h as TrustLevel } from '../types-B3USs-Kx.js';
1
+ import { C as CommerceShieldProps, i as VerificationResult, a as AgentCredentials, e as GuidanceInfo, h as TrustLevel } from '../types-rFh4VMH4.js';
2
2
 
3
3
  /**
4
4
  * AstraSync Commerce Shield Component
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@astrasyncai/verification-gateway",
3
- "version": "3.0.0",
3
+ "version": "3.2.0",
4
4
  "description": "AstraSync KYA Platform SDK — counterparty verification gateway (verify incoming requests) + agent registration (register AI agents with the KYA backend).",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",