@astrasyncai/verification-gateway 3.2.0 → 3.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter-interface/interface.d.mts +2 -2
- package/dist/adapter-interface/interface.d.ts +2 -2
- package/dist/adapters/express.d.mts +2 -2
- package/dist/adapters/express.d.ts +2 -2
- package/dist/adapters/express.js +24 -1
- package/dist/adapters/express.js.map +1 -1
- package/dist/adapters/express.mjs +24 -1
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/mcp.d.mts +1 -1
- package/dist/adapters/mcp.d.ts +1 -1
- package/dist/adapters/mcp.js +24 -1
- package/dist/adapters/mcp.js.map +1 -1
- package/dist/adapters/mcp.mjs +24 -1
- package/dist/adapters/mcp.mjs.map +1 -1
- package/dist/adapters/nextjs.d.mts +2 -2
- package/dist/adapters/nextjs.d.ts +2 -2
- package/dist/adapters/nextjs.js +19 -3
- package/dist/adapters/nextjs.js.map +1 -1
- package/dist/adapters/nextjs.mjs +19 -3
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/adapters/sdk.d.mts +2 -2
- package/dist/adapters/sdk.d.ts +2 -2
- package/dist/adapters/sdk.js +1 -1
- package/dist/adapters/sdk.js.map +1 -1
- package/dist/adapters/sdk.mjs +1 -1
- package/dist/adapters/sdk.mjs.map +1 -1
- package/dist/agent/index.d.mts +2 -2
- package/dist/agent/index.d.ts +2 -2
- package/dist/browser/background.js +1 -1
- package/dist/browser/background.js.map +1 -1
- package/dist/browser/background.mjs +1 -1
- package/dist/browser/background.mjs.map +1 -1
- package/dist/browser/browser-adapter.d.mts +2 -2
- package/dist/browser/browser-adapter.d.ts +2 -2
- package/dist/cli/index.d.mts +2 -2
- package/dist/cli/index.d.ts +2 -2
- package/dist/cursor/cursor-adapter.d.mts +2 -2
- package/dist/cursor/cursor-adapter.d.ts +2 -2
- package/dist/cursor/extension.d.mts +2 -2
- package/dist/cursor/extension.d.ts +2 -2
- package/dist/cursor/extension.js +1 -1
- package/dist/cursor/extension.js.map +1 -1
- package/dist/cursor/extension.mjs +1 -1
- package/dist/cursor/extension.mjs.map +1 -1
- package/dist/{express-CeoSdOAZ.d.mts → express-DAOTESQo.d.mts} +1 -1
- package/dist/{express-BowlMHQF.d.ts → express-Lb8-Ybio.d.ts} +1 -1
- package/dist/gateway/gateway.d.mts +2 -2
- package/dist/gateway/gateway.d.ts +2 -2
- package/dist/gateway/gateway.js +1 -1
- package/dist/gateway/gateway.js.map +1 -1
- package/dist/gateway/gateway.mjs +1 -1
- package/dist/gateway/gateway.mjs.map +1 -1
- package/dist/git-trigger/git-hooks.d.mts +2 -2
- package/dist/git-trigger/git-hooks.d.ts +2 -2
- package/dist/{index-DtGziFEm.d.mts → index-BLeiWFLu.d.mts} +1 -1
- package/dist/{index-DBmlycVm.d.ts → index-DFwfHOGj.d.ts} +1 -1
- package/dist/{index-DzXXBuLm.d.ts → index-E3fAidVt.d.ts} +1 -1
- package/dist/{index-B51W8gn8.d.mts → index-kxLJ873R.d.mts} +1 -1
- package/dist/index.d.mts +55 -8
- package/dist/index.d.ts +55 -8
- package/dist/index.js +89 -3
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +88 -3
- package/dist/index.mjs.map +1 -1
- package/dist/local-evaluator/evaluator.d.mts +2 -2
- package/dist/local-evaluator/evaluator.d.ts +2 -2
- package/dist/{nextjs-V_K0qlAQ.d.ts → nextjs-BXK0nD73.d.ts} +1 -1
- package/dist/{nextjs-BW1rzr1I.d.mts → nextjs-CFQ_KDFf.d.mts} +1 -1
- package/dist/{sdk-ZYgI7G9f.d.ts → sdk-C7qAfpGB.d.ts} +1 -1
- package/dist/{sdk-e5jg7sqW.d.mts → sdk-D1MuiiNz.d.mts} +1 -1
- package/dist/transport/index.d.mts +2 -2
- package/dist/transport/index.d.ts +2 -2
- package/dist/{types-DJi-u3fz.d.ts → types-B6uD4jAI.d.ts} +1 -1
- package/dist/{types-rFh4VMH4.d.mts → types-B_wnd7ZX.d.mts} +1 -1
- package/dist/{types-rFh4VMH4.d.ts → types-B_wnd7ZX.d.ts} +1 -1
- package/dist/{types-BNiLZY0i.d.mts → types-ClvUqrEm.d.mts} +1 -1
- package/dist/ui/index.d.mts +1 -1
- package/dist/ui/index.d.ts +1 -1
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -126,7 +126,7 @@ function getCapabilities(accessLevel) {
|
|
|
126
126
|
}
|
|
127
127
|
|
|
128
128
|
// src/version.ts
|
|
129
|
-
var SDK_VERSION = "3.
|
|
129
|
+
var SDK_VERSION = "3.3.0";
|
|
130
130
|
|
|
131
131
|
// src/well-known.ts
|
|
132
132
|
var CACHE_TTL_MS = 60 * 60 * 1e3;
|
|
@@ -676,6 +676,67 @@ async function quickVerify(config, credentials) {
|
|
|
676
676
|
};
|
|
677
677
|
}
|
|
678
678
|
|
|
679
|
+
// src/adapters/approval-gate.ts
|
|
680
|
+
var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval, which is not yet available - it cannot be completed automatically.";
|
|
681
|
+
function requiresHumanApproval(result) {
|
|
682
|
+
return result.requiresStepUp === true || result.requiresApproval === true;
|
|
683
|
+
}
|
|
684
|
+
function annotateApprovalRequired(result) {
|
|
685
|
+
result.failures = [
|
|
686
|
+
...result.failures ?? [],
|
|
687
|
+
{ dimension: "commerce.intent.approval_required", message: APPROVAL_REASON }
|
|
688
|
+
];
|
|
689
|
+
result.denialReasons = [APPROVAL_REASON, ...result.denialReasons ?? []];
|
|
690
|
+
}
|
|
691
|
+
|
|
692
|
+
// src/settlement.ts
|
|
693
|
+
async function authorizeSettlement(config, req) {
|
|
694
|
+
if (typeof req.value !== "number" || !Number.isFinite(req.value) || req.value <= 0) {
|
|
695
|
+
return {
|
|
696
|
+
authorized: false,
|
|
697
|
+
recommendation: "deny",
|
|
698
|
+
reason: "No valid transaction value supplied to authorizeSettlement; settlement refused (fail-closed). Pass the merchant-priced cart total as `value`.",
|
|
699
|
+
failures: [
|
|
700
|
+
{
|
|
701
|
+
dimension: "commerce.settlement.value_missing",
|
|
702
|
+
message: "A positive, authoritative transaction value is required to authorize settlement."
|
|
703
|
+
}
|
|
704
|
+
]
|
|
705
|
+
};
|
|
706
|
+
}
|
|
707
|
+
let result;
|
|
708
|
+
try {
|
|
709
|
+
result = await verify(config, {
|
|
710
|
+
credentials: { astraId: req.agentId },
|
|
711
|
+
purpose: req.purpose ?? "shopping",
|
|
712
|
+
action: req.action ?? "shopping.purchase",
|
|
713
|
+
transactionValue: req.value,
|
|
714
|
+
currency: req.currency
|
|
715
|
+
});
|
|
716
|
+
} catch (err) {
|
|
717
|
+
return {
|
|
718
|
+
authorized: false,
|
|
719
|
+
recommendation: "deny",
|
|
720
|
+
reason: `Settlement verification failed (${err instanceof Error ? err.message : String(err)}); settlement refused (fail-closed).`,
|
|
721
|
+
failures: [
|
|
722
|
+
{
|
|
723
|
+
dimension: "commerce.settlement.verify_error",
|
|
724
|
+
message: "verify-access could not be reached or returned an error; settlement is refused."
|
|
725
|
+
}
|
|
726
|
+
]
|
|
727
|
+
};
|
|
728
|
+
}
|
|
729
|
+
const recommendation = result.recommendation;
|
|
730
|
+
const authorized = result.identityVerified === true && result.policyAllowed === true && !requiresHumanApproval(result) && (recommendation === void 0 || recommendation === "grant");
|
|
731
|
+
return {
|
|
732
|
+
authorized,
|
|
733
|
+
recommendation,
|
|
734
|
+
reason: authorized ? void 0 : result.denialReasons?.[0] ?? (requiresHumanApproval(result) ? "Transaction is above the autonomous limit and requires human approval; settlement cannot be authorized automatically." : "Settlement not authorized by the agent's PDLSS limits."),
|
|
735
|
+
failures: result.failures,
|
|
736
|
+
correlationId: result.correlationId
|
|
737
|
+
};
|
|
738
|
+
}
|
|
739
|
+
|
|
679
740
|
// src/adapters/express.ts
|
|
680
741
|
var express_exports = {};
|
|
681
742
|
__export(express_exports, {
|
|
@@ -1139,6 +1200,16 @@ function createMiddleware(options) {
|
|
|
1139
1200
|
onDenied(result, req, res);
|
|
1140
1201
|
return;
|
|
1141
1202
|
}
|
|
1203
|
+
if (requiresHumanApproval(result)) {
|
|
1204
|
+
annotateApprovalRequired(result);
|
|
1205
|
+
if (shouldRecordDecisions && sessionId) {
|
|
1206
|
+
recordDecision(config, sessionId, "denied", result.denialReasons?.[0]).catch(() => {
|
|
1207
|
+
});
|
|
1208
|
+
}
|
|
1209
|
+
dedupeFailures(result);
|
|
1210
|
+
onDenied(result, req, res);
|
|
1211
|
+
return;
|
|
1212
|
+
}
|
|
1142
1213
|
if (!shouldEnforce) {
|
|
1143
1214
|
if (config.setPassThroughHeader) {
|
|
1144
1215
|
res.setHeader("X-Astra-Gateway-Mode", "enforced");
|
|
@@ -1586,7 +1657,9 @@ function createMiddleware2(options) {
|
|
|
1586
1657
|
agentCardUrl: request.headers.get("x-astrasync-agent-card") || void 0
|
|
1587
1658
|
}
|
|
1588
1659
|
});
|
|
1589
|
-
|
|
1660
|
+
const approvalRequired = result.identityVerified && result.policyAllowed && requiresHumanApproval(result);
|
|
1661
|
+
if (approvalRequired) annotateApprovalRequired(result);
|
|
1662
|
+
if (!result.identityVerified || !result.policyAllowed || approvalRequired) {
|
|
1590
1663
|
if (pathname.startsWith("/api/")) {
|
|
1591
1664
|
return NextResponse.json(
|
|
1592
1665
|
{
|
|
@@ -1596,7 +1669,8 @@ function createMiddleware2(options) {
|
|
|
1596
1669
|
// OK, policy denied (update PDLSS / step up).
|
|
1597
1670
|
code: !result.identityVerified ? "UNAUTHORIZED" : "POLICY_DENIED",
|
|
1598
1671
|
message: result.denialReasons?.[0] || "Access denied",
|
|
1599
|
-
guidance: result.guidance
|
|
1672
|
+
guidance: result.guidance,
|
|
1673
|
+
failures: result.failures
|
|
1600
1674
|
}
|
|
1601
1675
|
},
|
|
1602
1676
|
{ status: !result.identityVerified ? 401 : 403 }
|
|
@@ -4670,6 +4744,16 @@ function createMcpMiddleware(options) {
|
|
|
4670
4744
|
onDenied(result, req, res);
|
|
4671
4745
|
return;
|
|
4672
4746
|
}
|
|
4747
|
+
if (requiresHumanApproval(result)) {
|
|
4748
|
+
annotateApprovalRequired(result);
|
|
4749
|
+
if (shouldRecordDecisions && sessionId) {
|
|
4750
|
+
recordDecision(config, sessionId, "denied", result.denialReasons?.[0]).catch(() => {
|
|
4751
|
+
});
|
|
4752
|
+
}
|
|
4753
|
+
dedupeFailures2(result);
|
|
4754
|
+
onDenied(result, req, res);
|
|
4755
|
+
return;
|
|
4756
|
+
}
|
|
4673
4757
|
if (!shouldEnforce) {
|
|
4674
4758
|
if (config.setPassThroughHeader) {
|
|
4675
4759
|
res.setHeader("X-Astra-Gateway-Mode", "enforced");
|
|
@@ -5434,6 +5518,7 @@ export {
|
|
|
5434
5518
|
TRUST_LEVEL_RANGES,
|
|
5435
5519
|
VERSION,
|
|
5436
5520
|
agent_exports as agent,
|
|
5521
|
+
authorizeSettlement,
|
|
5437
5522
|
buildGuidance,
|
|
5438
5523
|
clearCache,
|
|
5439
5524
|
createMcpMiddleware,
|