@astrasyncai/verification-gateway 3.1.0 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter-interface/interface.d.mts +2 -2
- package/dist/adapter-interface/interface.d.ts +2 -2
- package/dist/adapters/express.d.mts +2 -2
- package/dist/adapters/express.d.ts +2 -2
- package/dist/adapters/express.js +23 -61
- package/dist/adapters/express.js.map +1 -1
- package/dist/adapters/express.mjs +23 -61
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/mcp.d.mts +12 -7
- package/dist/adapters/mcp.d.ts +12 -7
- package/dist/adapters/mcp.js +38 -100
- package/dist/adapters/mcp.js.map +1 -1
- package/dist/adapters/mcp.mjs +38 -100
- package/dist/adapters/mcp.mjs.map +1 -1
- package/dist/adapters/nextjs.d.mts +2 -2
- package/dist/adapters/nextjs.d.ts +2 -2
- package/dist/adapters/nextjs.js +20 -29
- package/dist/adapters/nextjs.js.map +1 -1
- package/dist/adapters/nextjs.mjs +20 -29
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/adapters/sdk.d.mts +2 -2
- package/dist/adapters/sdk.d.ts +2 -2
- package/dist/adapters/sdk.js +25 -14
- package/dist/adapters/sdk.js.map +1 -1
- package/dist/adapters/sdk.mjs +25 -14
- package/dist/adapters/sdk.mjs.map +1 -1
- package/dist/agent/index.d.mts +2 -2
- package/dist/agent/index.d.ts +2 -2
- package/dist/browser/background.js +18 -21
- package/dist/browser/background.js.map +1 -1
- package/dist/browser/background.mjs +18 -21
- package/dist/browser/background.mjs.map +1 -1
- package/dist/browser/browser-adapter.d.mts +2 -2
- package/dist/browser/browser-adapter.d.ts +2 -2
- package/dist/cli/index.d.mts +2 -2
- package/dist/cli/index.d.ts +2 -2
- package/dist/cursor/cursor-adapter.d.mts +2 -2
- package/dist/cursor/cursor-adapter.d.ts +2 -2
- package/dist/cursor/extension.d.mts +2 -2
- package/dist/cursor/extension.d.ts +2 -2
- package/dist/cursor/extension.js +18 -21
- package/dist/cursor/extension.js.map +1 -1
- package/dist/cursor/extension.mjs +18 -21
- package/dist/cursor/extension.mjs.map +1 -1
- package/dist/{express-DavQ76oF.d.ts → express-BowlMHQF.d.ts} +1 -1
- package/dist/{express-DFVBlXr_.d.mts → express-CeoSdOAZ.d.mts} +1 -1
- package/dist/gateway/gateway.d.mts +2 -2
- package/dist/gateway/gateway.d.ts +2 -2
- package/dist/gateway/gateway.js +18 -21
- package/dist/gateway/gateway.js.map +1 -1
- package/dist/gateway/gateway.mjs +18 -21
- package/dist/gateway/gateway.mjs.map +1 -1
- package/dist/git-trigger/git-hooks.d.mts +2 -2
- package/dist/git-trigger/git-hooks.d.ts +2 -2
- package/dist/{index-BhL2R65s.d.mts → index-B51W8gn8.d.mts} +1 -1
- package/dist/{index-BhEgEiJL.d.ts → index-DBmlycVm.d.ts} +1 -1
- package/dist/{index-BVxantdv.d.mts → index-DtGziFEm.d.mts} +1 -1
- package/dist/{index-Dk2nIA4w.d.ts → index-DzXXBuLm.d.ts} +1 -1
- package/dist/index.d.mts +7 -7
- package/dist/index.d.ts +7 -7
- package/dist/index.js +50 -121
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +50 -121
- package/dist/index.mjs.map +1 -1
- package/dist/local-evaluator/evaluator.d.mts +2 -2
- package/dist/local-evaluator/evaluator.d.ts +2 -2
- package/dist/{nextjs-D-maqrNz.d.mts → nextjs-BW1rzr1I.d.mts} +1 -1
- package/dist/{nextjs-BXLH1hJj.d.ts → nextjs-V_K0qlAQ.d.ts} +1 -1
- package/dist/{sdk-767LaEP8.d.mts → sdk-ZYgI7G9f.d.ts} +14 -3
- package/dist/{sdk-K8IgssHI.d.ts → sdk-e5jg7sqW.d.mts} +14 -3
- package/dist/transport/index.d.mts +2 -2
- package/dist/transport/index.d.ts +2 -2
- package/dist/{types-CyFwZ_Yu.d.mts → types-BNiLZY0i.d.mts} +1 -1
- package/dist/{types-WIRp_BP_.d.ts → types-DJi-u3fz.d.ts} +1 -1
- package/dist/{types-Cuh7ELfr.d.mts → types-rFh4VMH4.d.mts} +5 -2
- package/dist/{types-Cuh7ELfr.d.ts → types-rFh4VMH4.d.ts} +5 -2
- package/dist/ui/index.d.mts +1 -1
- package/dist/ui/index.d.ts +1 -1
- package/package.json +1 -1
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { PlatformAdapter, AdapterConfig } from '../adapter-interface/interface.mjs';
|
|
2
|
-
import { P as PDLSSContext, V as VerificationDecision, A as AgentAction, I as InterceptResult } from '../types-
|
|
2
|
+
import { P as PDLSSContext, V as VerificationDecision, A as AgentAction, I as InterceptResult } from '../types-BNiLZY0i.mjs';
|
|
3
3
|
import '../gateway/gateway.mjs';
|
|
4
|
-
import '../types-
|
|
4
|
+
import '../types-rFh4VMH4.mjs';
|
|
5
5
|
|
|
6
6
|
/**
|
|
7
7
|
* @astrasyncai/adapter-openclaw-browser
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { PlatformAdapter, AdapterConfig } from '../adapter-interface/interface.js';
|
|
2
|
-
import { P as PDLSSContext, V as VerificationDecision, A as AgentAction, I as InterceptResult } from '../types-
|
|
2
|
+
import { P as PDLSSContext, V as VerificationDecision, A as AgentAction, I as InterceptResult } from '../types-DJi-u3fz.js';
|
|
3
3
|
import '../gateway/gateway.js';
|
|
4
|
-
import '../types-
|
|
4
|
+
import '../types-rFh4VMH4.js';
|
|
5
5
|
|
|
6
6
|
/**
|
|
7
7
|
* @astrasyncai/adapter-openclaw-browser
|
package/dist/cli/index.d.mts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { b as LocalPurposeRule, d as LocalScope, c as LocalRiskThresholds, L as LocalPolicy, P as PDLSSContext, V as VerificationDecision, A as AgentAction, I as InterceptResult } from '../types-
|
|
1
|
+
import { b as LocalPurposeRule, d as LocalScope, c as LocalRiskThresholds, L as LocalPolicy, P as PDLSSContext, V as VerificationDecision, A as AgentAction, I as InterceptResult } from '../types-BNiLZY0i.mjs';
|
|
2
2
|
import { PlatformAdapter, AdapterConfig } from '../adapter-interface/interface.mjs';
|
|
3
|
-
import '../types-
|
|
3
|
+
import '../types-rFh4VMH4.mjs';
|
|
4
4
|
import '../gateway/gateway.mjs';
|
|
5
5
|
|
|
6
6
|
/**
|
package/dist/cli/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { b as LocalPurposeRule, d as LocalScope, c as LocalRiskThresholds, L as LocalPolicy, P as PDLSSContext, V as VerificationDecision, A as AgentAction, I as InterceptResult } from '../types-
|
|
1
|
+
import { b as LocalPurposeRule, d as LocalScope, c as LocalRiskThresholds, L as LocalPolicy, P as PDLSSContext, V as VerificationDecision, A as AgentAction, I as InterceptResult } from '../types-DJi-u3fz.js';
|
|
2
2
|
import { PlatformAdapter, AdapterConfig } from '../adapter-interface/interface.js';
|
|
3
|
-
import '../types-
|
|
3
|
+
import '../types-rFh4VMH4.js';
|
|
4
4
|
import '../gateway/gateway.js';
|
|
5
5
|
|
|
6
6
|
/**
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { PlatformAdapter, AdapterConfig } from '../adapter-interface/interface.mjs';
|
|
2
|
-
import { P as PDLSSContext, V as VerificationDecision, A as AgentAction, I as InterceptResult } from '../types-
|
|
2
|
+
import { P as PDLSSContext, V as VerificationDecision, A as AgentAction, I as InterceptResult } from '../types-BNiLZY0i.mjs';
|
|
3
3
|
import '../gateway/gateway.mjs';
|
|
4
|
-
import '../types-
|
|
4
|
+
import '../types-rFh4VMH4.mjs';
|
|
5
5
|
|
|
6
6
|
/**
|
|
7
7
|
* @astrasyncai/adapter-cursor
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { PlatformAdapter, AdapterConfig } from '../adapter-interface/interface.js';
|
|
2
|
-
import { P as PDLSSContext, V as VerificationDecision, A as AgentAction, I as InterceptResult } from '../types-
|
|
2
|
+
import { P as PDLSSContext, V as VerificationDecision, A as AgentAction, I as InterceptResult } from '../types-DJi-u3fz.js';
|
|
3
3
|
import '../gateway/gateway.js';
|
|
4
|
-
import '../types-
|
|
4
|
+
import '../types-rFh4VMH4.js';
|
|
5
5
|
|
|
6
6
|
/**
|
|
7
7
|
* @astrasyncai/adapter-cursor
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { VSCodeAPI } from './cursor-adapter.mjs';
|
|
2
2
|
import '../adapter-interface/interface.mjs';
|
|
3
3
|
import '../gateway/gateway.mjs';
|
|
4
|
-
import '../types-
|
|
5
|
-
import '../types-
|
|
4
|
+
import '../types-BNiLZY0i.mjs';
|
|
5
|
+
import '../types-rFh4VMH4.mjs';
|
|
6
6
|
|
|
7
7
|
/**
|
|
8
8
|
* VS Code Extension entry point for AstraSync Local Guard (Cursor/VS Code).
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { VSCodeAPI } from './cursor-adapter.js';
|
|
2
2
|
import '../adapter-interface/interface.js';
|
|
3
3
|
import '../gateway/gateway.js';
|
|
4
|
-
import '../types-
|
|
5
|
-
import '../types-
|
|
4
|
+
import '../types-DJi-u3fz.js';
|
|
5
|
+
import '../types-rFh4VMH4.js';
|
|
6
6
|
|
|
7
7
|
/**
|
|
8
8
|
* VS Code Extension entry point for AstraSync Local Guard (Cursor/VS Code).
|
package/dist/cursor/extension.js
CHANGED
|
@@ -3293,14 +3293,6 @@ function verifyLocal(evaluator, context) {
|
|
|
3293
3293
|
}
|
|
3294
3294
|
|
|
3295
3295
|
// src/access-levels.ts
|
|
3296
|
-
var ACCESS_LEVEL_HIERARCHY = {
|
|
3297
|
-
none: 0,
|
|
3298
|
-
restricted: 1,
|
|
3299
|
-
"read-only": 2,
|
|
3300
|
-
standard: 3,
|
|
3301
|
-
full: 4,
|
|
3302
|
-
internal: 5
|
|
3303
|
-
};
|
|
3304
3296
|
function getTrustLevel(score) {
|
|
3305
3297
|
if (score >= 80) return "PLATINUM";
|
|
3306
3298
|
if (score >= 60) return "GOLD";
|
|
@@ -3309,7 +3301,7 @@ function getTrustLevel(score) {
|
|
|
3309
3301
|
}
|
|
3310
3302
|
|
|
3311
3303
|
// src/version.ts
|
|
3312
|
-
var SDK_VERSION = "3.
|
|
3304
|
+
var SDK_VERSION = "3.2.0";
|
|
3313
3305
|
|
|
3314
3306
|
// src/well-known.ts
|
|
3315
3307
|
var CACHE_TTL_MS = 60 * 60 * 1e3;
|
|
@@ -3362,7 +3354,7 @@ async function performInitCheck(apiBaseUrl, debug, strictInit) {
|
|
|
3362
3354
|
}
|
|
3363
3355
|
}
|
|
3364
3356
|
var verificationCache = /* @__PURE__ */ new Map();
|
|
3365
|
-
function getCacheKey(request) {
|
|
3357
|
+
function getCacheKey(request, counterpartyId) {
|
|
3366
3358
|
const c = request.credentials;
|
|
3367
3359
|
return [
|
|
3368
3360
|
c.astraId || "",
|
|
@@ -3375,6 +3367,14 @@ function getCacheKey(request) {
|
|
|
3375
3367
|
request.jurisdiction || "",
|
|
3376
3368
|
request.transactionValue ?? "",
|
|
3377
3369
|
request.currency || "",
|
|
3370
|
+
// SECURITY (cross-merchant cache leak): the merchant identity is sent via
|
|
3371
|
+
// `config.counterpartyId`, NOT on the request, so it was previously absent
|
|
3372
|
+
// from the key — two verifies for the SAME agent/purpose/action/value but
|
|
3373
|
+
// DIFFERENT merchants collided, and a grant at a permissive merchant (low
|
|
3374
|
+
// trust floor) was served for a stricter one. Same bug class as the
|
|
3375
|
+
// duration omission (F-A1-07). counterpartyId affects the backend verdict
|
|
3376
|
+
// (trust floor / per-route policy), so it MUST key the cache.
|
|
3377
|
+
counterpartyId || "",
|
|
3378
3378
|
request.counterpartyUrl || "",
|
|
3379
3379
|
request.counterpartyType || "",
|
|
3380
3380
|
request.isSubAgentRequest ? "1" : "0",
|
|
@@ -3398,8 +3398,8 @@ function getCacheKey(request) {
|
|
|
3398
3398
|
request.callerMetadata?.agentCardUrl || ""
|
|
3399
3399
|
].join("|");
|
|
3400
3400
|
}
|
|
3401
|
-
function getCachedResult(request) {
|
|
3402
|
-
const key = getCacheKey(request);
|
|
3401
|
+
function getCachedResult(request, counterpartyId) {
|
|
3402
|
+
const key = getCacheKey(request, counterpartyId);
|
|
3403
3403
|
const cached = verificationCache.get(key);
|
|
3404
3404
|
if (cached && cached.expiresAt > Date.now()) {
|
|
3405
3405
|
return cached.result;
|
|
@@ -3411,9 +3411,9 @@ function getCachedResult(request) {
|
|
|
3411
3411
|
}
|
|
3412
3412
|
var DEFAULT_AUTONOMOUS_TTL_SECONDS = 60;
|
|
3413
3413
|
var DEFAULT_STEP_UP_TTL_SECONDS = 300;
|
|
3414
|
-
function cacheResult(request, result, configuredTtl) {
|
|
3414
|
+
function cacheResult(request, result, configuredTtl, counterpartyId) {
|
|
3415
3415
|
const ttlSeconds = configuredTtl && configuredTtl > 0 ? configuredTtl : result.requiresStepUp ? DEFAULT_STEP_UP_TTL_SECONDS : DEFAULT_AUTONOMOUS_TTL_SECONDS;
|
|
3416
|
-
const key = getCacheKey(request);
|
|
3416
|
+
const key = getCacheKey(request, counterpartyId);
|
|
3417
3417
|
verificationCache.set(key, {
|
|
3418
3418
|
result,
|
|
3419
3419
|
expiresAt: Date.now() + ttlSeconds * 1e3
|
|
@@ -3571,7 +3571,7 @@ async function verify(config, request) {
|
|
|
3571
3571
|
);
|
|
3572
3572
|
}
|
|
3573
3573
|
if (mergedConfig.cacheTtl !== 0) {
|
|
3574
|
-
const cached = getCachedResult(request);
|
|
3574
|
+
const cached = getCachedResult(request, mergedConfig.counterpartyId);
|
|
3575
3575
|
if (cached) {
|
|
3576
3576
|
if (mergedConfig.debug) {
|
|
3577
3577
|
console.log("[VerificationGateway] Returning cached result");
|
|
@@ -3623,8 +3623,8 @@ async function verify(config, request) {
|
|
|
3623
3623
|
verifiedAt: /* @__PURE__ */ new Date(),
|
|
3624
3624
|
// Extract sessionId so decisions can be recorded for denials too
|
|
3625
3625
|
sessionId: apiResponse.sessionId,
|
|
3626
|
-
//
|
|
3627
|
-
//
|
|
3626
|
+
// Anonymous traffic has no session → correlationId is the per-attempt
|
|
3627
|
+
// linking key (the sessionId-equivalent for anonymous callers).
|
|
3628
3628
|
correlationId: apiResponse.correlationId,
|
|
3629
3629
|
recommendation: apiResponse.recommendation,
|
|
3630
3630
|
recommendationReasons: apiResponse.recommendationReasons
|
|
@@ -3698,13 +3698,10 @@ async function verify(config, request) {
|
|
|
3698
3698
|
};
|
|
3699
3699
|
} else if (result.recommendation === "step_up_required") {
|
|
3700
3700
|
result.requiresStepUp = true;
|
|
3701
|
-
if (ACCESS_LEVEL_HIERARCHY[result.accessLevel] > ACCESS_LEVEL_HIERARCHY["read-only"]) {
|
|
3702
|
-
result.accessLevel = "read-only";
|
|
3703
|
-
}
|
|
3704
3701
|
result.denialReasons = result.recommendationReasons || ["Step-up verification required"];
|
|
3705
3702
|
}
|
|
3706
3703
|
if (mergedConfig.cacheTtl !== 0 && result.recommendation !== "deny") {
|
|
3707
|
-
cacheResult(request, result, mergedConfig.cacheTtl);
|
|
3704
|
+
cacheResult(request, result, mergedConfig.cacheTtl, mergedConfig.counterpartyId);
|
|
3708
3705
|
}
|
|
3709
3706
|
return result;
|
|
3710
3707
|
}
|