@astrasyncai/verification-gateway 3.2.0 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/dist/adapter-interface/interface.d.mts +2 -2
  2. package/dist/adapter-interface/interface.d.ts +2 -2
  3. package/dist/adapters/express.d.mts +2 -2
  4. package/dist/adapters/express.d.ts +2 -2
  5. package/dist/adapters/express.js +24 -1
  6. package/dist/adapters/express.js.map +1 -1
  7. package/dist/adapters/express.mjs +24 -1
  8. package/dist/adapters/express.mjs.map +1 -1
  9. package/dist/adapters/mcp.d.mts +1 -1
  10. package/dist/adapters/mcp.d.ts +1 -1
  11. package/dist/adapters/mcp.js +24 -1
  12. package/dist/adapters/mcp.js.map +1 -1
  13. package/dist/adapters/mcp.mjs +24 -1
  14. package/dist/adapters/mcp.mjs.map +1 -1
  15. package/dist/adapters/nextjs.d.mts +2 -2
  16. package/dist/adapters/nextjs.d.ts +2 -2
  17. package/dist/adapters/nextjs.js +19 -3
  18. package/dist/adapters/nextjs.js.map +1 -1
  19. package/dist/adapters/nextjs.mjs +19 -3
  20. package/dist/adapters/nextjs.mjs.map +1 -1
  21. package/dist/adapters/sdk.d.mts +2 -2
  22. package/dist/adapters/sdk.d.ts +2 -2
  23. package/dist/adapters/sdk.js +1 -1
  24. package/dist/adapters/sdk.js.map +1 -1
  25. package/dist/adapters/sdk.mjs +1 -1
  26. package/dist/adapters/sdk.mjs.map +1 -1
  27. package/dist/agent/index.d.mts +2 -2
  28. package/dist/agent/index.d.ts +2 -2
  29. package/dist/browser/background.js +1 -1
  30. package/dist/browser/background.js.map +1 -1
  31. package/dist/browser/background.mjs +1 -1
  32. package/dist/browser/background.mjs.map +1 -1
  33. package/dist/browser/browser-adapter.d.mts +2 -2
  34. package/dist/browser/browser-adapter.d.ts +2 -2
  35. package/dist/cli/index.d.mts +2 -2
  36. package/dist/cli/index.d.ts +2 -2
  37. package/dist/cursor/cursor-adapter.d.mts +2 -2
  38. package/dist/cursor/cursor-adapter.d.ts +2 -2
  39. package/dist/cursor/extension.d.mts +2 -2
  40. package/dist/cursor/extension.d.ts +2 -2
  41. package/dist/cursor/extension.js +1 -1
  42. package/dist/cursor/extension.js.map +1 -1
  43. package/dist/cursor/extension.mjs +1 -1
  44. package/dist/cursor/extension.mjs.map +1 -1
  45. package/dist/{express-CeoSdOAZ.d.mts → express-DAOTESQo.d.mts} +1 -1
  46. package/dist/{express-BowlMHQF.d.ts → express-Lb8-Ybio.d.ts} +1 -1
  47. package/dist/gateway/gateway.d.mts +2 -2
  48. package/dist/gateway/gateway.d.ts +2 -2
  49. package/dist/gateway/gateway.js +1 -1
  50. package/dist/gateway/gateway.js.map +1 -1
  51. package/dist/gateway/gateway.mjs +1 -1
  52. package/dist/gateway/gateway.mjs.map +1 -1
  53. package/dist/git-trigger/git-hooks.d.mts +2 -2
  54. package/dist/git-trigger/git-hooks.d.ts +2 -2
  55. package/dist/{index-DtGziFEm.d.mts → index-BLeiWFLu.d.mts} +1 -1
  56. package/dist/{index-DBmlycVm.d.ts → index-DFwfHOGj.d.ts} +1 -1
  57. package/dist/{index-DzXXBuLm.d.ts → index-E3fAidVt.d.ts} +1 -1
  58. package/dist/{index-B51W8gn8.d.mts → index-kxLJ873R.d.mts} +1 -1
  59. package/dist/index.d.mts +55 -8
  60. package/dist/index.d.ts +55 -8
  61. package/dist/index.js +89 -3
  62. package/dist/index.js.map +1 -1
  63. package/dist/index.mjs +88 -3
  64. package/dist/index.mjs.map +1 -1
  65. package/dist/local-evaluator/evaluator.d.mts +2 -2
  66. package/dist/local-evaluator/evaluator.d.ts +2 -2
  67. package/dist/{nextjs-V_K0qlAQ.d.ts → nextjs-BXK0nD73.d.ts} +1 -1
  68. package/dist/{nextjs-BW1rzr1I.d.mts → nextjs-CFQ_KDFf.d.mts} +1 -1
  69. package/dist/{sdk-ZYgI7G9f.d.ts → sdk-C7qAfpGB.d.ts} +1 -1
  70. package/dist/{sdk-e5jg7sqW.d.mts → sdk-D1MuiiNz.d.mts} +1 -1
  71. package/dist/transport/index.d.mts +2 -2
  72. package/dist/transport/index.d.ts +2 -2
  73. package/dist/{types-DJi-u3fz.d.ts → types-B6uD4jAI.d.ts} +1 -1
  74. package/dist/{types-rFh4VMH4.d.mts → types-B_wnd7ZX.d.mts} +1 -1
  75. package/dist/{types-rFh4VMH4.d.ts → types-B_wnd7ZX.d.ts} +1 -1
  76. package/dist/{types-BNiLZY0i.d.mts → types-ClvUqrEm.d.mts} +1 -1
  77. package/dist/ui/index.d.mts +1 -1
  78. package/dist/ui/index.d.ts +1 -1
  79. package/package.json +1 -1
package/dist/index.mjs CHANGED
@@ -126,7 +126,7 @@ function getCapabilities(accessLevel) {
126
126
  }
127
127
 
128
128
  // src/version.ts
129
- var SDK_VERSION = "3.2.0";
129
+ var SDK_VERSION = "3.3.0";
130
130
 
131
131
  // src/well-known.ts
132
132
  var CACHE_TTL_MS = 60 * 60 * 1e3;
@@ -676,6 +676,67 @@ async function quickVerify(config, credentials) {
676
676
  };
677
677
  }
678
678
 
679
+ // src/adapters/approval-gate.ts
680
+ var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval, which is not yet available - it cannot be completed automatically.";
681
+ function requiresHumanApproval(result) {
682
+ return result.requiresStepUp === true || result.requiresApproval === true;
683
+ }
684
+ function annotateApprovalRequired(result) {
685
+ result.failures = [
686
+ ...result.failures ?? [],
687
+ { dimension: "commerce.intent.approval_required", message: APPROVAL_REASON }
688
+ ];
689
+ result.denialReasons = [APPROVAL_REASON, ...result.denialReasons ?? []];
690
+ }
691
+
692
+ // src/settlement.ts
693
+ async function authorizeSettlement(config, req) {
694
+ if (typeof req.value !== "number" || !Number.isFinite(req.value) || req.value <= 0) {
695
+ return {
696
+ authorized: false,
697
+ recommendation: "deny",
698
+ reason: "No valid transaction value supplied to authorizeSettlement; settlement refused (fail-closed). Pass the merchant-priced cart total as `value`.",
699
+ failures: [
700
+ {
701
+ dimension: "commerce.settlement.value_missing",
702
+ message: "A positive, authoritative transaction value is required to authorize settlement."
703
+ }
704
+ ]
705
+ };
706
+ }
707
+ let result;
708
+ try {
709
+ result = await verify(config, {
710
+ credentials: { astraId: req.agentId },
711
+ purpose: req.purpose ?? "shopping",
712
+ action: req.action ?? "shopping.purchase",
713
+ transactionValue: req.value,
714
+ currency: req.currency
715
+ });
716
+ } catch (err) {
717
+ return {
718
+ authorized: false,
719
+ recommendation: "deny",
720
+ reason: `Settlement verification failed (${err instanceof Error ? err.message : String(err)}); settlement refused (fail-closed).`,
721
+ failures: [
722
+ {
723
+ dimension: "commerce.settlement.verify_error",
724
+ message: "verify-access could not be reached or returned an error; settlement is refused."
725
+ }
726
+ ]
727
+ };
728
+ }
729
+ const recommendation = result.recommendation;
730
+ const authorized = result.identityVerified === true && result.policyAllowed === true && !requiresHumanApproval(result) && (recommendation === void 0 || recommendation === "grant");
731
+ return {
732
+ authorized,
733
+ recommendation,
734
+ reason: authorized ? void 0 : result.denialReasons?.[0] ?? (requiresHumanApproval(result) ? "Transaction is above the autonomous limit and requires human approval; settlement cannot be authorized automatically." : "Settlement not authorized by the agent's PDLSS limits."),
735
+ failures: result.failures,
736
+ correlationId: result.correlationId
737
+ };
738
+ }
739
+
679
740
  // src/adapters/express.ts
680
741
  var express_exports = {};
681
742
  __export(express_exports, {
@@ -1139,6 +1200,16 @@ function createMiddleware(options) {
1139
1200
  onDenied(result, req, res);
1140
1201
  return;
1141
1202
  }
1203
+ if (requiresHumanApproval(result)) {
1204
+ annotateApprovalRequired(result);
1205
+ if (shouldRecordDecisions && sessionId) {
1206
+ recordDecision(config, sessionId, "denied", result.denialReasons?.[0]).catch(() => {
1207
+ });
1208
+ }
1209
+ dedupeFailures(result);
1210
+ onDenied(result, req, res);
1211
+ return;
1212
+ }
1142
1213
  if (!shouldEnforce) {
1143
1214
  if (config.setPassThroughHeader) {
1144
1215
  res.setHeader("X-Astra-Gateway-Mode", "enforced");
@@ -1586,7 +1657,9 @@ function createMiddleware2(options) {
1586
1657
  agentCardUrl: request.headers.get("x-astrasync-agent-card") || void 0
1587
1658
  }
1588
1659
  });
1589
- if (!result.identityVerified || !result.policyAllowed) {
1660
+ const approvalRequired = result.identityVerified && result.policyAllowed && requiresHumanApproval(result);
1661
+ if (approvalRequired) annotateApprovalRequired(result);
1662
+ if (!result.identityVerified || !result.policyAllowed || approvalRequired) {
1590
1663
  if (pathname.startsWith("/api/")) {
1591
1664
  return NextResponse.json(
1592
1665
  {
@@ -1596,7 +1669,8 @@ function createMiddleware2(options) {
1596
1669
  // OK, policy denied (update PDLSS / step up).
1597
1670
  code: !result.identityVerified ? "UNAUTHORIZED" : "POLICY_DENIED",
1598
1671
  message: result.denialReasons?.[0] || "Access denied",
1599
- guidance: result.guidance
1672
+ guidance: result.guidance,
1673
+ failures: result.failures
1600
1674
  }
1601
1675
  },
1602
1676
  { status: !result.identityVerified ? 401 : 403 }
@@ -4670,6 +4744,16 @@ function createMcpMiddleware(options) {
4670
4744
  onDenied(result, req, res);
4671
4745
  return;
4672
4746
  }
4747
+ if (requiresHumanApproval(result)) {
4748
+ annotateApprovalRequired(result);
4749
+ if (shouldRecordDecisions && sessionId) {
4750
+ recordDecision(config, sessionId, "denied", result.denialReasons?.[0]).catch(() => {
4751
+ });
4752
+ }
4753
+ dedupeFailures2(result);
4754
+ onDenied(result, req, res);
4755
+ return;
4756
+ }
4673
4757
  if (!shouldEnforce) {
4674
4758
  if (config.setPassThroughHeader) {
4675
4759
  res.setHeader("X-Astra-Gateway-Mode", "enforced");
@@ -5434,6 +5518,7 @@ export {
5434
5518
  TRUST_LEVEL_RANGES,
5435
5519
  VERSION,
5436
5520
  agent_exports as agent,
5521
+ authorizeSettlement,
5437
5522
  buildGuidance,
5438
5523
  clearCache,
5439
5524
  createMcpMiddleware,