@astrasyncai/verification-gateway 3.2.0 → 3.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/express.js +24 -1
- package/dist/adapters/express.js.map +1 -1
- package/dist/adapters/express.mjs +24 -1
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/mcp.js +24 -1
- package/dist/adapters/mcp.js.map +1 -1
- package/dist/adapters/mcp.mjs +24 -1
- package/dist/adapters/mcp.mjs.map +1 -1
- package/dist/adapters/nextjs.js +19 -3
- package/dist/adapters/nextjs.js.map +1 -1
- package/dist/adapters/nextjs.mjs +19 -3
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/adapters/sdk.js +1 -1
- package/dist/adapters/sdk.js.map +1 -1
- package/dist/adapters/sdk.mjs +1 -1
- package/dist/adapters/sdk.mjs.map +1 -1
- package/dist/browser/background.js +1 -1
- package/dist/browser/background.js.map +1 -1
- package/dist/browser/background.mjs +1 -1
- package/dist/browser/background.mjs.map +1 -1
- package/dist/cursor/extension.js +1 -1
- package/dist/cursor/extension.js.map +1 -1
- package/dist/cursor/extension.mjs +1 -1
- package/dist/cursor/extension.mjs.map +1 -1
- package/dist/gateway/gateway.js +1 -1
- package/dist/gateway/gateway.js.map +1 -1
- package/dist/gateway/gateway.mjs +1 -1
- package/dist/gateway/gateway.mjs.map +1 -1
- package/dist/index.js +39 -3
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +39 -3
- package/dist/index.mjs.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -192,7 +192,7 @@ function getCapabilities(accessLevel) {
|
|
|
192
192
|
}
|
|
193
193
|
|
|
194
194
|
// src/version.ts
|
|
195
|
-
var SDK_VERSION = "3.2.
|
|
195
|
+
var SDK_VERSION = "3.2.1";
|
|
196
196
|
|
|
197
197
|
// src/well-known.ts
|
|
198
198
|
var CACHE_TTL_MS = 60 * 60 * 1e3;
|
|
@@ -898,6 +898,19 @@ function resolveHttpPdlss(input) {
|
|
|
898
898
|
return { purpose, action, purposeSource, actionSource };
|
|
899
899
|
}
|
|
900
900
|
|
|
901
|
+
// src/adapters/approval-gate.ts
|
|
902
|
+
var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval, which is not yet available \u2014 it cannot be completed automatically.";
|
|
903
|
+
function requiresHumanApproval(result) {
|
|
904
|
+
return result.requiresStepUp === true || result.requiresApproval === true;
|
|
905
|
+
}
|
|
906
|
+
function annotateApprovalRequired(result) {
|
|
907
|
+
result.failures = [
|
|
908
|
+
...result.failures ?? [],
|
|
909
|
+
{ dimension: "commerce.intent.approval_required", message: APPROVAL_REASON }
|
|
910
|
+
];
|
|
911
|
+
result.denialReasons = [APPROVAL_REASON, ...result.denialReasons ?? []];
|
|
912
|
+
}
|
|
913
|
+
|
|
901
914
|
// src/pdlss-pre-check.ts
|
|
902
915
|
function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
|
|
903
916
|
const failures = [];
|
|
@@ -1205,6 +1218,16 @@ function createMiddleware(options) {
|
|
|
1205
1218
|
onDenied(result, req, res);
|
|
1206
1219
|
return;
|
|
1207
1220
|
}
|
|
1221
|
+
if (requiresHumanApproval(result)) {
|
|
1222
|
+
annotateApprovalRequired(result);
|
|
1223
|
+
if (shouldRecordDecisions && sessionId) {
|
|
1224
|
+
recordDecision(config, sessionId, "denied", result.denialReasons?.[0]).catch(() => {
|
|
1225
|
+
});
|
|
1226
|
+
}
|
|
1227
|
+
dedupeFailures(result);
|
|
1228
|
+
onDenied(result, req, res);
|
|
1229
|
+
return;
|
|
1230
|
+
}
|
|
1208
1231
|
if (!shouldEnforce) {
|
|
1209
1232
|
if (config.setPassThroughHeader) {
|
|
1210
1233
|
res.setHeader("X-Astra-Gateway-Mode", "enforced");
|
|
@@ -1652,7 +1675,9 @@ function createMiddleware2(options) {
|
|
|
1652
1675
|
agentCardUrl: request.headers.get("x-astrasync-agent-card") || void 0
|
|
1653
1676
|
}
|
|
1654
1677
|
});
|
|
1655
|
-
|
|
1678
|
+
const approvalRequired = result.identityVerified && result.policyAllowed && requiresHumanApproval(result);
|
|
1679
|
+
if (approvalRequired) annotateApprovalRequired(result);
|
|
1680
|
+
if (!result.identityVerified || !result.policyAllowed || approvalRequired) {
|
|
1656
1681
|
if (pathname.startsWith("/api/")) {
|
|
1657
1682
|
return NextResponse.json(
|
|
1658
1683
|
{
|
|
@@ -1662,7 +1687,8 @@ function createMiddleware2(options) {
|
|
|
1662
1687
|
// OK, policy denied (update PDLSS / step up).
|
|
1663
1688
|
code: !result.identityVerified ? "UNAUTHORIZED" : "POLICY_DENIED",
|
|
1664
1689
|
message: result.denialReasons?.[0] || "Access denied",
|
|
1665
|
-
guidance: result.guidance
|
|
1690
|
+
guidance: result.guidance,
|
|
1691
|
+
failures: result.failures
|
|
1666
1692
|
}
|
|
1667
1693
|
},
|
|
1668
1694
|
{ status: !result.identityVerified ? 401 : 403 }
|
|
@@ -4733,6 +4759,16 @@ function createMcpMiddleware(options) {
|
|
|
4733
4759
|
onDenied(result, req, res);
|
|
4734
4760
|
return;
|
|
4735
4761
|
}
|
|
4762
|
+
if (requiresHumanApproval(result)) {
|
|
4763
|
+
annotateApprovalRequired(result);
|
|
4764
|
+
if (shouldRecordDecisions && sessionId) {
|
|
4765
|
+
recordDecision(config, sessionId, "denied", result.denialReasons?.[0]).catch(() => {
|
|
4766
|
+
});
|
|
4767
|
+
}
|
|
4768
|
+
dedupeFailures2(result);
|
|
4769
|
+
onDenied(result, req, res);
|
|
4770
|
+
return;
|
|
4771
|
+
}
|
|
4736
4772
|
if (!shouldEnforce) {
|
|
4737
4773
|
if (config.setPassThroughHeader) {
|
|
4738
4774
|
res.setHeader("X-Astra-Gateway-Mode", "enforced");
|