@astrasyncai/verification-gateway 3.2.0 → 3.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -192,7 +192,7 @@ function getCapabilities(accessLevel) {
192
192
  }
193
193
 
194
194
  // src/version.ts
195
- var SDK_VERSION = "3.2.0";
195
+ var SDK_VERSION = "3.2.1";
196
196
 
197
197
  // src/well-known.ts
198
198
  var CACHE_TTL_MS = 60 * 60 * 1e3;
@@ -898,6 +898,19 @@ function resolveHttpPdlss(input) {
898
898
  return { purpose, action, purposeSource, actionSource };
899
899
  }
900
900
 
901
+ // src/adapters/approval-gate.ts
902
+ var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval, which is not yet available \u2014 it cannot be completed automatically.";
903
+ function requiresHumanApproval(result) {
904
+ return result.requiresStepUp === true || result.requiresApproval === true;
905
+ }
906
+ function annotateApprovalRequired(result) {
907
+ result.failures = [
908
+ ...result.failures ?? [],
909
+ { dimension: "commerce.intent.approval_required", message: APPROVAL_REASON }
910
+ ];
911
+ result.denialReasons = [APPROVAL_REASON, ...result.denialReasons ?? []];
912
+ }
913
+
901
914
  // src/pdlss-pre-check.ts
902
915
  function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
903
916
  const failures = [];
@@ -1205,6 +1218,16 @@ function createMiddleware(options) {
1205
1218
  onDenied(result, req, res);
1206
1219
  return;
1207
1220
  }
1221
+ if (requiresHumanApproval(result)) {
1222
+ annotateApprovalRequired(result);
1223
+ if (shouldRecordDecisions && sessionId) {
1224
+ recordDecision(config, sessionId, "denied", result.denialReasons?.[0]).catch(() => {
1225
+ });
1226
+ }
1227
+ dedupeFailures(result);
1228
+ onDenied(result, req, res);
1229
+ return;
1230
+ }
1208
1231
  if (!shouldEnforce) {
1209
1232
  if (config.setPassThroughHeader) {
1210
1233
  res.setHeader("X-Astra-Gateway-Mode", "enforced");
@@ -1652,7 +1675,9 @@ function createMiddleware2(options) {
1652
1675
  agentCardUrl: request.headers.get("x-astrasync-agent-card") || void 0
1653
1676
  }
1654
1677
  });
1655
- if (!result.identityVerified || !result.policyAllowed) {
1678
+ const approvalRequired = result.identityVerified && result.policyAllowed && requiresHumanApproval(result);
1679
+ if (approvalRequired) annotateApprovalRequired(result);
1680
+ if (!result.identityVerified || !result.policyAllowed || approvalRequired) {
1656
1681
  if (pathname.startsWith("/api/")) {
1657
1682
  return NextResponse.json(
1658
1683
  {
@@ -1662,7 +1687,8 @@ function createMiddleware2(options) {
1662
1687
  // OK, policy denied (update PDLSS / step up).
1663
1688
  code: !result.identityVerified ? "UNAUTHORIZED" : "POLICY_DENIED",
1664
1689
  message: result.denialReasons?.[0] || "Access denied",
1665
- guidance: result.guidance
1690
+ guidance: result.guidance,
1691
+ failures: result.failures
1666
1692
  }
1667
1693
  },
1668
1694
  { status: !result.identityVerified ? 401 : 403 }
@@ -4733,6 +4759,16 @@ function createMcpMiddleware(options) {
4733
4759
  onDenied(result, req, res);
4734
4760
  return;
4735
4761
  }
4762
+ if (requiresHumanApproval(result)) {
4763
+ annotateApprovalRequired(result);
4764
+ if (shouldRecordDecisions && sessionId) {
4765
+ recordDecision(config, sessionId, "denied", result.denialReasons?.[0]).catch(() => {
4766
+ });
4767
+ }
4768
+ dedupeFailures2(result);
4769
+ onDenied(result, req, res);
4770
+ return;
4771
+ }
4736
4772
  if (!shouldEnforce) {
4737
4773
  if (config.setPassThroughHeader) {
4738
4774
  res.setHeader("X-Astra-Gateway-Mode", "enforced");