@astrasyncai/verification-gateway 3.2.0 → 3.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -40,7 +40,7 @@ function getTrustLevel(score) {
40
40
  }
41
41
 
42
42
  // src/version.ts
43
- var SDK_VERSION = "3.2.0";
43
+ var SDK_VERSION = "3.2.1";
44
44
 
45
45
  // src/well-known.ts
46
46
  var CACHE_TTL_MS = 60 * 60 * 1e3;
@@ -544,6 +544,19 @@ async function recordDecision(config, sessionId, decision, reason) {
544
544
  });
545
545
  }
546
546
 
547
+ // src/adapters/approval-gate.ts
548
+ var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval, which is not yet available \u2014 it cannot be completed automatically.";
549
+ function requiresHumanApproval(result) {
550
+ return result.requiresStepUp === true || result.requiresApproval === true;
551
+ }
552
+ function annotateApprovalRequired(result) {
553
+ result.failures = [
554
+ ...result.failures ?? [],
555
+ { dimension: "commerce.intent.approval_required", message: APPROVAL_REASON }
556
+ ];
557
+ result.denialReasons = [APPROVAL_REASON, ...result.denialReasons ?? []];
558
+ }
559
+
547
560
  // src/transport/mcp-server.ts
548
561
  var MCP_VERIFIED_HOP_HEADER = "X-Astra-Verified-Hop";
549
562
  var MCP_VERIFIED_HOP_MAX_AGE_MS = 6e4;
@@ -877,6 +890,16 @@ function createMcpMiddleware(options) {
877
890
  onDenied(result, req, res);
878
891
  return;
879
892
  }
893
+ if (requiresHumanApproval(result)) {
894
+ annotateApprovalRequired(result);
895
+ if (shouldRecordDecisions && sessionId) {
896
+ recordDecision(config, sessionId, "denied", result.denialReasons?.[0]).catch(() => {
897
+ });
898
+ }
899
+ dedupeFailures(result);
900
+ onDenied(result, req, res);
901
+ return;
902
+ }
880
903
  if (!shouldEnforce) {
881
904
  if (config.setPassThroughHeader) {
882
905
  res.setHeader("X-Astra-Gateway-Mode", "enforced");