@astrasyncai/verification-gateway 3.2.0 → 3.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/express.js +24 -1
- package/dist/adapters/express.js.map +1 -1
- package/dist/adapters/express.mjs +24 -1
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/mcp.js +24 -1
- package/dist/adapters/mcp.js.map +1 -1
- package/dist/adapters/mcp.mjs +24 -1
- package/dist/adapters/mcp.mjs.map +1 -1
- package/dist/adapters/nextjs.js +19 -3
- package/dist/adapters/nextjs.js.map +1 -1
- package/dist/adapters/nextjs.mjs +19 -3
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/adapters/sdk.js +1 -1
- package/dist/adapters/sdk.js.map +1 -1
- package/dist/adapters/sdk.mjs +1 -1
- package/dist/adapters/sdk.mjs.map +1 -1
- package/dist/browser/background.js +1 -1
- package/dist/browser/background.js.map +1 -1
- package/dist/browser/background.mjs +1 -1
- package/dist/browser/background.mjs.map +1 -1
- package/dist/cursor/extension.js +1 -1
- package/dist/cursor/extension.js.map +1 -1
- package/dist/cursor/extension.mjs +1 -1
- package/dist/cursor/extension.mjs.map +1 -1
- package/dist/gateway/gateway.js +1 -1
- package/dist/gateway/gateway.js.map +1 -1
- package/dist/gateway/gateway.mjs +1 -1
- package/dist/gateway/gateway.mjs.map +1 -1
- package/dist/index.js +39 -3
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +39 -3
- package/dist/index.mjs.map +1 -1
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -126,7 +126,7 @@ function getCapabilities(accessLevel) {
|
|
|
126
126
|
}
|
|
127
127
|
|
|
128
128
|
// src/version.ts
|
|
129
|
-
var SDK_VERSION = "3.2.
|
|
129
|
+
var SDK_VERSION = "3.2.1";
|
|
130
130
|
|
|
131
131
|
// src/well-known.ts
|
|
132
132
|
var CACHE_TTL_MS = 60 * 60 * 1e3;
|
|
@@ -832,6 +832,19 @@ function resolveHttpPdlss(input) {
|
|
|
832
832
|
return { purpose, action, purposeSource, actionSource };
|
|
833
833
|
}
|
|
834
834
|
|
|
835
|
+
// src/adapters/approval-gate.ts
|
|
836
|
+
var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval, which is not yet available \u2014 it cannot be completed automatically.";
|
|
837
|
+
function requiresHumanApproval(result) {
|
|
838
|
+
return result.requiresStepUp === true || result.requiresApproval === true;
|
|
839
|
+
}
|
|
840
|
+
function annotateApprovalRequired(result) {
|
|
841
|
+
result.failures = [
|
|
842
|
+
...result.failures ?? [],
|
|
843
|
+
{ dimension: "commerce.intent.approval_required", message: APPROVAL_REASON }
|
|
844
|
+
];
|
|
845
|
+
result.denialReasons = [APPROVAL_REASON, ...result.denialReasons ?? []];
|
|
846
|
+
}
|
|
847
|
+
|
|
835
848
|
// src/pdlss-pre-check.ts
|
|
836
849
|
function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
|
|
837
850
|
const failures = [];
|
|
@@ -1139,6 +1152,16 @@ function createMiddleware(options) {
|
|
|
1139
1152
|
onDenied(result, req, res);
|
|
1140
1153
|
return;
|
|
1141
1154
|
}
|
|
1155
|
+
if (requiresHumanApproval(result)) {
|
|
1156
|
+
annotateApprovalRequired(result);
|
|
1157
|
+
if (shouldRecordDecisions && sessionId) {
|
|
1158
|
+
recordDecision(config, sessionId, "denied", result.denialReasons?.[0]).catch(() => {
|
|
1159
|
+
});
|
|
1160
|
+
}
|
|
1161
|
+
dedupeFailures(result);
|
|
1162
|
+
onDenied(result, req, res);
|
|
1163
|
+
return;
|
|
1164
|
+
}
|
|
1142
1165
|
if (!shouldEnforce) {
|
|
1143
1166
|
if (config.setPassThroughHeader) {
|
|
1144
1167
|
res.setHeader("X-Astra-Gateway-Mode", "enforced");
|
|
@@ -1586,7 +1609,9 @@ function createMiddleware2(options) {
|
|
|
1586
1609
|
agentCardUrl: request.headers.get("x-astrasync-agent-card") || void 0
|
|
1587
1610
|
}
|
|
1588
1611
|
});
|
|
1589
|
-
|
|
1612
|
+
const approvalRequired = result.identityVerified && result.policyAllowed && requiresHumanApproval(result);
|
|
1613
|
+
if (approvalRequired) annotateApprovalRequired(result);
|
|
1614
|
+
if (!result.identityVerified || !result.policyAllowed || approvalRequired) {
|
|
1590
1615
|
if (pathname.startsWith("/api/")) {
|
|
1591
1616
|
return NextResponse.json(
|
|
1592
1617
|
{
|
|
@@ -1596,7 +1621,8 @@ function createMiddleware2(options) {
|
|
|
1596
1621
|
// OK, policy denied (update PDLSS / step up).
|
|
1597
1622
|
code: !result.identityVerified ? "UNAUTHORIZED" : "POLICY_DENIED",
|
|
1598
1623
|
message: result.denialReasons?.[0] || "Access denied",
|
|
1599
|
-
guidance: result.guidance
|
|
1624
|
+
guidance: result.guidance,
|
|
1625
|
+
failures: result.failures
|
|
1600
1626
|
}
|
|
1601
1627
|
},
|
|
1602
1628
|
{ status: !result.identityVerified ? 401 : 403 }
|
|
@@ -4670,6 +4696,16 @@ function createMcpMiddleware(options) {
|
|
|
4670
4696
|
onDenied(result, req, res);
|
|
4671
4697
|
return;
|
|
4672
4698
|
}
|
|
4699
|
+
if (requiresHumanApproval(result)) {
|
|
4700
|
+
annotateApprovalRequired(result);
|
|
4701
|
+
if (shouldRecordDecisions && sessionId) {
|
|
4702
|
+
recordDecision(config, sessionId, "denied", result.denialReasons?.[0]).catch(() => {
|
|
4703
|
+
});
|
|
4704
|
+
}
|
|
4705
|
+
dedupeFailures2(result);
|
|
4706
|
+
onDenied(result, req, res);
|
|
4707
|
+
return;
|
|
4708
|
+
}
|
|
4673
4709
|
if (!shouldEnforce) {
|
|
4674
4710
|
if (config.setPassThroughHeader) {
|
|
4675
4711
|
res.setHeader("X-Astra-Gateway-Mode", "enforced");
|