@astrasyncai/verification-gateway 3.2.1 → 3.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter-interface/interface.d.mts +2 -2
- package/dist/adapter-interface/interface.d.ts +2 -2
- package/dist/adapters/express.d.mts +2 -2
- package/dist/adapters/express.d.ts +2 -2
- package/dist/adapters/express.js +2 -2
- package/dist/adapters/express.js.map +1 -1
- package/dist/adapters/express.mjs +2 -2
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/mcp.d.mts +1 -1
- package/dist/adapters/mcp.d.ts +1 -1
- package/dist/adapters/mcp.js +2 -2
- package/dist/adapters/mcp.js.map +1 -1
- package/dist/adapters/mcp.mjs +2 -2
- package/dist/adapters/mcp.mjs.map +1 -1
- package/dist/adapters/nextjs.d.mts +2 -2
- package/dist/adapters/nextjs.d.ts +2 -2
- package/dist/adapters/nextjs.js +2 -2
- package/dist/adapters/nextjs.js.map +1 -1
- package/dist/adapters/nextjs.mjs +2 -2
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/adapters/sdk.d.mts +2 -2
- package/dist/adapters/sdk.d.ts +2 -2
- package/dist/adapters/sdk.js +1 -1
- package/dist/adapters/sdk.js.map +1 -1
- package/dist/adapters/sdk.mjs +1 -1
- package/dist/adapters/sdk.mjs.map +1 -1
- package/dist/agent/index.d.mts +2 -2
- package/dist/agent/index.d.ts +2 -2
- package/dist/browser/background.js +1 -1
- package/dist/browser/background.js.map +1 -1
- package/dist/browser/background.mjs +1 -1
- package/dist/browser/background.mjs.map +1 -1
- package/dist/browser/browser-adapter.d.mts +2 -2
- package/dist/browser/browser-adapter.d.ts +2 -2
- package/dist/cli/index.d.mts +2 -2
- package/dist/cli/index.d.ts +2 -2
- package/dist/cursor/cursor-adapter.d.mts +2 -2
- package/dist/cursor/cursor-adapter.d.ts +2 -2
- package/dist/cursor/extension.d.mts +2 -2
- package/dist/cursor/extension.d.ts +2 -2
- package/dist/cursor/extension.js +1 -1
- package/dist/cursor/extension.js.map +1 -1
- package/dist/cursor/extension.mjs +1 -1
- package/dist/cursor/extension.mjs.map +1 -1
- package/dist/{express-CeoSdOAZ.d.mts → express-DAOTESQo.d.mts} +1 -1
- package/dist/{express-BowlMHQF.d.ts → express-Lb8-Ybio.d.ts} +1 -1
- package/dist/gateway/gateway.d.mts +2 -2
- package/dist/gateway/gateway.d.ts +2 -2
- package/dist/gateway/gateway.js +1 -1
- package/dist/gateway/gateway.js.map +1 -1
- package/dist/gateway/gateway.mjs +1 -1
- package/dist/gateway/gateway.mjs.map +1 -1
- package/dist/git-trigger/git-hooks.d.mts +2 -2
- package/dist/git-trigger/git-hooks.d.ts +2 -2
- package/dist/{index-DtGziFEm.d.mts → index-BLeiWFLu.d.mts} +1 -1
- package/dist/{index-DBmlycVm.d.ts → index-DFwfHOGj.d.ts} +1 -1
- package/dist/{index-DzXXBuLm.d.ts → index-E3fAidVt.d.ts} +1 -1
- package/dist/{index-B51W8gn8.d.mts → index-kxLJ873R.d.mts} +1 -1
- package/dist/index.d.mts +55 -8
- package/dist/index.d.ts +55 -8
- package/dist/index.js +64 -14
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +63 -14
- package/dist/index.mjs.map +1 -1
- package/dist/local-evaluator/evaluator.d.mts +2 -2
- package/dist/local-evaluator/evaluator.d.ts +2 -2
- package/dist/{nextjs-V_K0qlAQ.d.ts → nextjs-BXK0nD73.d.ts} +1 -1
- package/dist/{nextjs-BW1rzr1I.d.mts → nextjs-CFQ_KDFf.d.mts} +1 -1
- package/dist/{sdk-ZYgI7G9f.d.ts → sdk-C7qAfpGB.d.ts} +1 -1
- package/dist/{sdk-e5jg7sqW.d.mts → sdk-D1MuiiNz.d.mts} +1 -1
- package/dist/transport/index.d.mts +2 -2
- package/dist/transport/index.d.ts +2 -2
- package/dist/{types-DJi-u3fz.d.ts → types-B6uD4jAI.d.ts} +1 -1
- package/dist/{types-rFh4VMH4.d.mts → types-B_wnd7ZX.d.mts} +1 -1
- package/dist/{types-rFh4VMH4.d.ts → types-B_wnd7ZX.d.ts} +1 -1
- package/dist/{types-BNiLZY0i.d.mts → types-ClvUqrEm.d.mts} +1 -1
- package/dist/ui/index.d.mts +1 -1
- package/dist/ui/index.d.ts +1 -1
- package/package.json +1 -1
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { AstraSyncGateway } from '../gateway/gateway.mjs';
|
|
2
|
-
import { V as VerificationDecision, P as PDLSSContext } from '../types-
|
|
3
|
-
import '../types-
|
|
2
|
+
import { V as VerificationDecision, P as PDLSSContext } from '../types-ClvUqrEm.mjs';
|
|
3
|
+
import '../types-B_wnd7ZX.mjs';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Git Trigger — Enterprise git push / PR verification
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { AstraSyncGateway } from '../gateway/gateway.js';
|
|
2
|
-
import { V as VerificationDecision, P as PDLSSContext } from '../types-
|
|
3
|
-
import '../types-
|
|
2
|
+
import { V as VerificationDecision, P as PDLSSContext } from '../types-B6uD4jAI.js';
|
|
3
|
+
import '../types-B_wnd7ZX.js';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Git Trigger — Enterprise git push / PR verification
|
package/dist/index.d.mts
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
import {
|
|
2
|
-
export {
|
|
3
|
-
export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-
|
|
4
|
-
export { e as express } from './express-
|
|
5
|
-
export { n as nextjs } from './nextjs-
|
|
6
|
-
export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-
|
|
1
|
+
import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, V as VerificationRequest, j as VerificationResult, E as EnhancedVerificationResult, A as AccessFailure } from './types-B_wnd7ZX.mjs';
|
|
2
|
+
export { c as AstraSyncCredentials, C as CommerceShieldProps, d as CounterpartyType, e as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, k as VerifiedAgent, l as VerifiedDeveloper, m as VerifiedOrganization } from './types-B_wnd7ZX.mjs';
|
|
3
|
+
export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-D1MuiiNz.mjs';
|
|
4
|
+
export { e as express } from './express-DAOTESQo.mjs';
|
|
5
|
+
export { n as nextjs } from './nextjs-CFQ_KDFf.mjs';
|
|
6
|
+
export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-kxLJ873R.mjs';
|
|
7
7
|
export { McpMiddlewareOptions, ToolGateConfig, createMcpMiddleware } from './adapters/mcp.mjs';
|
|
8
8
|
export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, BuildGuidanceParams, FrameworkConfig, GuidanceEnvelope, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions, buildGuidance } from './registration/index.mjs';
|
|
9
|
-
export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-
|
|
9
|
+
export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-BLeiWFLu.mjs';
|
|
10
10
|
import 'express';
|
|
11
11
|
import 'next/server';
|
|
12
12
|
import 'jose';
|
|
@@ -50,6 +50,53 @@ declare function quickVerify(config: GatewayConfig, credentials: AgentCredential
|
|
|
50
50
|
reason?: string;
|
|
51
51
|
}>;
|
|
52
52
|
|
|
53
|
+
/**
|
|
54
|
+
* Settlement authorization — the value-aware, FAIL-CLOSED gate a direct merchant
|
|
55
|
+
* MUST call before settling a priced cart (post-#447 partner round, finding #1).
|
|
56
|
+
*
|
|
57
|
+
* The bug it closes: the SDK request middleware performs a header-only ACCESS
|
|
58
|
+
* check and never sends the transaction VALUE to verify-access, so the limit
|
|
59
|
+
* engine never evaluates value and returns `grant` — a fully SDK-compliant
|
|
60
|
+
* merchant settles every band, with the agent's PDLSS spend limits silently
|
|
61
|
+
* unenforced. The bridge is safe only because `confirm_purchase` re-verifies
|
|
62
|
+
* with the authoritative session total.
|
|
63
|
+
*
|
|
64
|
+
* The authoritative value exists ONLY after the merchant prices the cart (in the
|
|
65
|
+
* handler, after the middleware), and it must be the MERCHANT's priced total —
|
|
66
|
+
* never an agent-suppliable header (spoofable). So value enforcement is a
|
|
67
|
+
* settlement-time, merchant-invoked call that mirrors the bridge: verify the
|
|
68
|
+
* priced value against the agent's limits and refuse settlement unless it
|
|
69
|
+
* cleanly grants.
|
|
70
|
+
*/
|
|
71
|
+
|
|
72
|
+
interface SettlementRequest {
|
|
73
|
+
/** The agent's ASTRA-id (the caller you are about to settle for). */
|
|
74
|
+
agentId: string;
|
|
75
|
+
/** The MERCHANT's authoritative priced total for the cart. Never an agent-supplied amount. */
|
|
76
|
+
value: number;
|
|
77
|
+
/** ISO-4217 currency of `value`. */
|
|
78
|
+
currency: string;
|
|
79
|
+
/** Defaults to the canonical commerce pair; override for custom categories (e.g. 'trading' / 'trading.execute'). */
|
|
80
|
+
purpose?: string;
|
|
81
|
+
action?: string;
|
|
82
|
+
}
|
|
83
|
+
interface SettlementDecision {
|
|
84
|
+
/** TRUE only on a clean grant. A step-up/approval outcome, any deny, a missing value, or a verify error all → false. */
|
|
85
|
+
authorized: boolean;
|
|
86
|
+
recommendation?: EnhancedVerificationResult['recommendation'];
|
|
87
|
+
reason?: string;
|
|
88
|
+
failures?: AccessFailure[];
|
|
89
|
+
correlationId?: string;
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* Authorize a settlement of `value` for `agentId` against the agent's PDLSS
|
|
93
|
+
* limits. FAIL-CLOSED: returns `authorized:false` on a missing/invalid value,
|
|
94
|
+
* a verify-access error, a step-up/approval outcome (the value is in the
|
|
95
|
+
* human-approval band and cannot complete autonomously), or any policy deny.
|
|
96
|
+
* Settle ONLY when `authorized === true`.
|
|
97
|
+
*/
|
|
98
|
+
declare function authorizeSettlement(config: GatewayConfig, req: SettlementRequest): Promise<SettlementDecision>;
|
|
99
|
+
|
|
53
100
|
/**
|
|
54
101
|
* SDK-side discovery of canonical platform URLs via `/.well-known/agentic-commerce`.
|
|
55
102
|
*
|
|
@@ -107,4 +154,4 @@ declare function getCachedWellKnownUrls(apiBaseUrl: string): WellKnownAgenticCom
|
|
|
107
154
|
|
|
108
155
|
declare const VERSION = "2.0.0";
|
|
109
156
|
|
|
110
|
-
export { AccessLevel, AgentCredentials, GatewayConfig, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
|
|
157
|
+
export { AccessLevel, AgentCredentials, EnhancedVerificationResult, GatewayConfig, type SettlementDecision, type SettlementRequest, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, authorizeSettlement, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
import {
|
|
2
|
-
export {
|
|
3
|
-
export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-
|
|
4
|
-
export { e as express } from './express-
|
|
5
|
-
export { n as nextjs } from './nextjs-
|
|
6
|
-
export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-
|
|
1
|
+
import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, V as VerificationRequest, j as VerificationResult, E as EnhancedVerificationResult, A as AccessFailure } from './types-B_wnd7ZX.js';
|
|
2
|
+
export { c as AstraSyncCredentials, C as CommerceShieldProps, d as CounterpartyType, e as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, k as VerifiedAgent, l as VerifiedDeveloper, m as VerifiedOrganization } from './types-B_wnd7ZX.js';
|
|
3
|
+
export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-C7qAfpGB.js';
|
|
4
|
+
export { e as express } from './express-Lb8-Ybio.js';
|
|
5
|
+
export { n as nextjs } from './nextjs-BXK0nD73.js';
|
|
6
|
+
export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-E3fAidVt.js';
|
|
7
7
|
export { McpMiddlewareOptions, ToolGateConfig, createMcpMiddleware } from './adapters/mcp.js';
|
|
8
8
|
export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, BuildGuidanceParams, FrameworkConfig, GuidanceEnvelope, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions, buildGuidance } from './registration/index.js';
|
|
9
|
-
export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-
|
|
9
|
+
export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-DFwfHOGj.js';
|
|
10
10
|
import 'express';
|
|
11
11
|
import 'next/server';
|
|
12
12
|
import 'jose';
|
|
@@ -50,6 +50,53 @@ declare function quickVerify(config: GatewayConfig, credentials: AgentCredential
|
|
|
50
50
|
reason?: string;
|
|
51
51
|
}>;
|
|
52
52
|
|
|
53
|
+
/**
|
|
54
|
+
* Settlement authorization — the value-aware, FAIL-CLOSED gate a direct merchant
|
|
55
|
+
* MUST call before settling a priced cart (post-#447 partner round, finding #1).
|
|
56
|
+
*
|
|
57
|
+
* The bug it closes: the SDK request middleware performs a header-only ACCESS
|
|
58
|
+
* check and never sends the transaction VALUE to verify-access, so the limit
|
|
59
|
+
* engine never evaluates value and returns `grant` — a fully SDK-compliant
|
|
60
|
+
* merchant settles every band, with the agent's PDLSS spend limits silently
|
|
61
|
+
* unenforced. The bridge is safe only because `confirm_purchase` re-verifies
|
|
62
|
+
* with the authoritative session total.
|
|
63
|
+
*
|
|
64
|
+
* The authoritative value exists ONLY after the merchant prices the cart (in the
|
|
65
|
+
* handler, after the middleware), and it must be the MERCHANT's priced total —
|
|
66
|
+
* never an agent-suppliable header (spoofable). So value enforcement is a
|
|
67
|
+
* settlement-time, merchant-invoked call that mirrors the bridge: verify the
|
|
68
|
+
* priced value against the agent's limits and refuse settlement unless it
|
|
69
|
+
* cleanly grants.
|
|
70
|
+
*/
|
|
71
|
+
|
|
72
|
+
interface SettlementRequest {
|
|
73
|
+
/** The agent's ASTRA-id (the caller you are about to settle for). */
|
|
74
|
+
agentId: string;
|
|
75
|
+
/** The MERCHANT's authoritative priced total for the cart. Never an agent-supplied amount. */
|
|
76
|
+
value: number;
|
|
77
|
+
/** ISO-4217 currency of `value`. */
|
|
78
|
+
currency: string;
|
|
79
|
+
/** Defaults to the canonical commerce pair; override for custom categories (e.g. 'trading' / 'trading.execute'). */
|
|
80
|
+
purpose?: string;
|
|
81
|
+
action?: string;
|
|
82
|
+
}
|
|
83
|
+
interface SettlementDecision {
|
|
84
|
+
/** TRUE only on a clean grant. A step-up/approval outcome, any deny, a missing value, or a verify error all → false. */
|
|
85
|
+
authorized: boolean;
|
|
86
|
+
recommendation?: EnhancedVerificationResult['recommendation'];
|
|
87
|
+
reason?: string;
|
|
88
|
+
failures?: AccessFailure[];
|
|
89
|
+
correlationId?: string;
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* Authorize a settlement of `value` for `agentId` against the agent's PDLSS
|
|
93
|
+
* limits. FAIL-CLOSED: returns `authorized:false` on a missing/invalid value,
|
|
94
|
+
* a verify-access error, a step-up/approval outcome (the value is in the
|
|
95
|
+
* human-approval band and cannot complete autonomously), or any policy deny.
|
|
96
|
+
* Settle ONLY when `authorized === true`.
|
|
97
|
+
*/
|
|
98
|
+
declare function authorizeSettlement(config: GatewayConfig, req: SettlementRequest): Promise<SettlementDecision>;
|
|
99
|
+
|
|
53
100
|
/**
|
|
54
101
|
* SDK-side discovery of canonical platform URLs via `/.well-known/agentic-commerce`.
|
|
55
102
|
*
|
|
@@ -107,4 +154,4 @@ declare function getCachedWellKnownUrls(apiBaseUrl: string): WellKnownAgenticCom
|
|
|
107
154
|
|
|
108
155
|
declare const VERSION = "2.0.0";
|
|
109
156
|
|
|
110
|
-
export { AccessLevel, AgentCredentials, GatewayConfig, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
|
|
157
|
+
export { AccessLevel, AgentCredentials, EnhancedVerificationResult, GatewayConfig, type SettlementDecision, type SettlementRequest, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, authorizeSettlement, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
|
package/dist/index.js
CHANGED
|
@@ -45,6 +45,7 @@ __export(src_exports, {
|
|
|
45
45
|
TRUST_LEVEL_RANGES: () => TRUST_LEVEL_RANGES,
|
|
46
46
|
VERSION: () => VERSION,
|
|
47
47
|
agent: () => agent_exports,
|
|
48
|
+
authorizeSettlement: () => authorizeSettlement,
|
|
48
49
|
buildGuidance: () => buildGuidance,
|
|
49
50
|
clearCache: () => clearCache,
|
|
50
51
|
createMcpMiddleware: () => createMcpMiddleware,
|
|
@@ -192,7 +193,7 @@ function getCapabilities(accessLevel) {
|
|
|
192
193
|
}
|
|
193
194
|
|
|
194
195
|
// src/version.ts
|
|
195
|
-
var SDK_VERSION = "3.
|
|
196
|
+
var SDK_VERSION = "3.3.0";
|
|
196
197
|
|
|
197
198
|
// src/well-known.ts
|
|
198
199
|
var CACHE_TTL_MS = 60 * 60 * 1e3;
|
|
@@ -742,6 +743,67 @@ async function quickVerify(config, credentials) {
|
|
|
742
743
|
};
|
|
743
744
|
}
|
|
744
745
|
|
|
746
|
+
// src/adapters/approval-gate.ts
|
|
747
|
+
var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval, which is not yet available - it cannot be completed automatically.";
|
|
748
|
+
function requiresHumanApproval(result) {
|
|
749
|
+
return result.requiresStepUp === true || result.requiresApproval === true;
|
|
750
|
+
}
|
|
751
|
+
function annotateApprovalRequired(result) {
|
|
752
|
+
result.failures = [
|
|
753
|
+
...result.failures ?? [],
|
|
754
|
+
{ dimension: "commerce.intent.approval_required", message: APPROVAL_REASON }
|
|
755
|
+
];
|
|
756
|
+
result.denialReasons = [APPROVAL_REASON, ...result.denialReasons ?? []];
|
|
757
|
+
}
|
|
758
|
+
|
|
759
|
+
// src/settlement.ts
|
|
760
|
+
async function authorizeSettlement(config, req) {
|
|
761
|
+
if (typeof req.value !== "number" || !Number.isFinite(req.value) || req.value <= 0) {
|
|
762
|
+
return {
|
|
763
|
+
authorized: false,
|
|
764
|
+
recommendation: "deny",
|
|
765
|
+
reason: "No valid transaction value supplied to authorizeSettlement; settlement refused (fail-closed). Pass the merchant-priced cart total as `value`.",
|
|
766
|
+
failures: [
|
|
767
|
+
{
|
|
768
|
+
dimension: "commerce.settlement.value_missing",
|
|
769
|
+
message: "A positive, authoritative transaction value is required to authorize settlement."
|
|
770
|
+
}
|
|
771
|
+
]
|
|
772
|
+
};
|
|
773
|
+
}
|
|
774
|
+
let result;
|
|
775
|
+
try {
|
|
776
|
+
result = await verify(config, {
|
|
777
|
+
credentials: { astraId: req.agentId },
|
|
778
|
+
purpose: req.purpose ?? "shopping",
|
|
779
|
+
action: req.action ?? "shopping.purchase",
|
|
780
|
+
transactionValue: req.value,
|
|
781
|
+
currency: req.currency
|
|
782
|
+
});
|
|
783
|
+
} catch (err) {
|
|
784
|
+
return {
|
|
785
|
+
authorized: false,
|
|
786
|
+
recommendation: "deny",
|
|
787
|
+
reason: `Settlement verification failed (${err instanceof Error ? err.message : String(err)}); settlement refused (fail-closed).`,
|
|
788
|
+
failures: [
|
|
789
|
+
{
|
|
790
|
+
dimension: "commerce.settlement.verify_error",
|
|
791
|
+
message: "verify-access could not be reached or returned an error; settlement is refused."
|
|
792
|
+
}
|
|
793
|
+
]
|
|
794
|
+
};
|
|
795
|
+
}
|
|
796
|
+
const recommendation = result.recommendation;
|
|
797
|
+
const authorized = result.identityVerified === true && result.policyAllowed === true && !requiresHumanApproval(result) && (recommendation === void 0 || recommendation === "grant");
|
|
798
|
+
return {
|
|
799
|
+
authorized,
|
|
800
|
+
recommendation,
|
|
801
|
+
reason: authorized ? void 0 : result.denialReasons?.[0] ?? (requiresHumanApproval(result) ? "Transaction is above the autonomous limit and requires human approval; settlement cannot be authorized automatically." : "Settlement not authorized by the agent's PDLSS limits."),
|
|
802
|
+
failures: result.failures,
|
|
803
|
+
correlationId: result.correlationId
|
|
804
|
+
};
|
|
805
|
+
}
|
|
806
|
+
|
|
745
807
|
// src/adapters/express.ts
|
|
746
808
|
var express_exports = {};
|
|
747
809
|
__export(express_exports, {
|
|
@@ -898,19 +960,6 @@ function resolveHttpPdlss(input) {
|
|
|
898
960
|
return { purpose, action, purposeSource, actionSource };
|
|
899
961
|
}
|
|
900
962
|
|
|
901
|
-
// src/adapters/approval-gate.ts
|
|
902
|
-
var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval, which is not yet available \u2014 it cannot be completed automatically.";
|
|
903
|
-
function requiresHumanApproval(result) {
|
|
904
|
-
return result.requiresStepUp === true || result.requiresApproval === true;
|
|
905
|
-
}
|
|
906
|
-
function annotateApprovalRequired(result) {
|
|
907
|
-
result.failures = [
|
|
908
|
-
...result.failures ?? [],
|
|
909
|
-
{ dimension: "commerce.intent.approval_required", message: APPROVAL_REASON }
|
|
910
|
-
];
|
|
911
|
-
result.denialReasons = [APPROVAL_REASON, ...result.denialReasons ?? []];
|
|
912
|
-
}
|
|
913
|
-
|
|
914
963
|
// src/pdlss-pre-check.ts
|
|
915
964
|
function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
|
|
916
965
|
const failures = [];
|
|
@@ -5534,6 +5583,7 @@ var VERSION = "2.0.0";
|
|
|
5534
5583
|
TRUST_LEVEL_RANGES,
|
|
5535
5584
|
VERSION,
|
|
5536
5585
|
agent,
|
|
5586
|
+
authorizeSettlement,
|
|
5537
5587
|
buildGuidance,
|
|
5538
5588
|
clearCache,
|
|
5539
5589
|
createMcpMiddleware,
|