@astrasyncai/verification-gateway 3.2.1 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/dist/adapter-interface/interface.d.mts +2 -2
  2. package/dist/adapter-interface/interface.d.ts +2 -2
  3. package/dist/adapters/express.d.mts +2 -2
  4. package/dist/adapters/express.d.ts +2 -2
  5. package/dist/adapters/express.js +2 -2
  6. package/dist/adapters/express.js.map +1 -1
  7. package/dist/adapters/express.mjs +2 -2
  8. package/dist/adapters/express.mjs.map +1 -1
  9. package/dist/adapters/mcp.d.mts +1 -1
  10. package/dist/adapters/mcp.d.ts +1 -1
  11. package/dist/adapters/mcp.js +2 -2
  12. package/dist/adapters/mcp.js.map +1 -1
  13. package/dist/adapters/mcp.mjs +2 -2
  14. package/dist/adapters/mcp.mjs.map +1 -1
  15. package/dist/adapters/nextjs.d.mts +2 -2
  16. package/dist/adapters/nextjs.d.ts +2 -2
  17. package/dist/adapters/nextjs.js +2 -2
  18. package/dist/adapters/nextjs.js.map +1 -1
  19. package/dist/adapters/nextjs.mjs +2 -2
  20. package/dist/adapters/nextjs.mjs.map +1 -1
  21. package/dist/adapters/sdk.d.mts +2 -2
  22. package/dist/adapters/sdk.d.ts +2 -2
  23. package/dist/adapters/sdk.js +1 -1
  24. package/dist/adapters/sdk.js.map +1 -1
  25. package/dist/adapters/sdk.mjs +1 -1
  26. package/dist/adapters/sdk.mjs.map +1 -1
  27. package/dist/agent/index.d.mts +2 -2
  28. package/dist/agent/index.d.ts +2 -2
  29. package/dist/browser/background.js +1 -1
  30. package/dist/browser/background.js.map +1 -1
  31. package/dist/browser/background.mjs +1 -1
  32. package/dist/browser/background.mjs.map +1 -1
  33. package/dist/browser/browser-adapter.d.mts +2 -2
  34. package/dist/browser/browser-adapter.d.ts +2 -2
  35. package/dist/cli/index.d.mts +2 -2
  36. package/dist/cli/index.d.ts +2 -2
  37. package/dist/cursor/cursor-adapter.d.mts +2 -2
  38. package/dist/cursor/cursor-adapter.d.ts +2 -2
  39. package/dist/cursor/extension.d.mts +2 -2
  40. package/dist/cursor/extension.d.ts +2 -2
  41. package/dist/cursor/extension.js +1 -1
  42. package/dist/cursor/extension.js.map +1 -1
  43. package/dist/cursor/extension.mjs +1 -1
  44. package/dist/cursor/extension.mjs.map +1 -1
  45. package/dist/{express-CeoSdOAZ.d.mts → express-DAOTESQo.d.mts} +1 -1
  46. package/dist/{express-BowlMHQF.d.ts → express-Lb8-Ybio.d.ts} +1 -1
  47. package/dist/gateway/gateway.d.mts +2 -2
  48. package/dist/gateway/gateway.d.ts +2 -2
  49. package/dist/gateway/gateway.js +1 -1
  50. package/dist/gateway/gateway.js.map +1 -1
  51. package/dist/gateway/gateway.mjs +1 -1
  52. package/dist/gateway/gateway.mjs.map +1 -1
  53. package/dist/git-trigger/git-hooks.d.mts +2 -2
  54. package/dist/git-trigger/git-hooks.d.ts +2 -2
  55. package/dist/{index-DtGziFEm.d.mts → index-BLeiWFLu.d.mts} +1 -1
  56. package/dist/{index-DBmlycVm.d.ts → index-DFwfHOGj.d.ts} +1 -1
  57. package/dist/{index-DzXXBuLm.d.ts → index-E3fAidVt.d.ts} +1 -1
  58. package/dist/{index-B51W8gn8.d.mts → index-kxLJ873R.d.mts} +1 -1
  59. package/dist/index.d.mts +55 -8
  60. package/dist/index.d.ts +55 -8
  61. package/dist/index.js +64 -14
  62. package/dist/index.js.map +1 -1
  63. package/dist/index.mjs +63 -14
  64. package/dist/index.mjs.map +1 -1
  65. package/dist/local-evaluator/evaluator.d.mts +2 -2
  66. package/dist/local-evaluator/evaluator.d.ts +2 -2
  67. package/dist/{nextjs-V_K0qlAQ.d.ts → nextjs-BXK0nD73.d.ts} +1 -1
  68. package/dist/{nextjs-BW1rzr1I.d.mts → nextjs-CFQ_KDFf.d.mts} +1 -1
  69. package/dist/{sdk-ZYgI7G9f.d.ts → sdk-C7qAfpGB.d.ts} +1 -1
  70. package/dist/{sdk-e5jg7sqW.d.mts → sdk-D1MuiiNz.d.mts} +1 -1
  71. package/dist/transport/index.d.mts +2 -2
  72. package/dist/transport/index.d.ts +2 -2
  73. package/dist/{types-DJi-u3fz.d.ts → types-B6uD4jAI.d.ts} +1 -1
  74. package/dist/{types-rFh4VMH4.d.mts → types-B_wnd7ZX.d.mts} +1 -1
  75. package/dist/{types-rFh4VMH4.d.ts → types-B_wnd7ZX.d.ts} +1 -1
  76. package/dist/{types-BNiLZY0i.d.mts → types-ClvUqrEm.d.mts} +1 -1
  77. package/dist/ui/index.d.mts +1 -1
  78. package/dist/ui/index.d.ts +1 -1
  79. package/package.json +1 -1
@@ -1,6 +1,6 @@
1
1
  import { AstraSyncGateway } from '../gateway/gateway.mjs';
2
- import { V as VerificationDecision, P as PDLSSContext } from '../types-BNiLZY0i.mjs';
3
- import '../types-rFh4VMH4.mjs';
2
+ import { V as VerificationDecision, P as PDLSSContext } from '../types-ClvUqrEm.mjs';
3
+ import '../types-B_wnd7ZX.mjs';
4
4
 
5
5
  /**
6
6
  * Git Trigger — Enterprise git push / PR verification
@@ -1,6 +1,6 @@
1
1
  import { AstraSyncGateway } from '../gateway/gateway.js';
2
- import { V as VerificationDecision, P as PDLSSContext } from '../types-DJi-u3fz.js';
3
- import '../types-rFh4VMH4.js';
2
+ import { V as VerificationDecision, P as PDLSSContext } from '../types-B6uD4jAI.js';
3
+ import '../types-B_wnd7ZX.js';
4
4
 
5
5
  /**
6
6
  * Git Trigger — Enterprise git push / PR verification
@@ -1,4 +1,4 @@
1
- import { b as AstraSyncCredentials, f as ProtocolTransport, G as GatewayConfig } from './types-rFh4VMH4.mjs';
1
+ import { c as AstraSyncCredentials, g as ProtocolTransport, G as GatewayConfig } from './types-B_wnd7ZX.mjs';
2
2
 
3
3
  /**
4
4
  * AgentClient — Credential Presentation
@@ -1,4 +1,4 @@
1
- import { b as AstraSyncCredentials, f as ProtocolTransport, G as GatewayConfig } from './types-rFh4VMH4.js';
1
+ import { c as AstraSyncCredentials, g as ProtocolTransport, G as GatewayConfig } from './types-B_wnd7ZX.js';
2
2
 
3
3
  /**
4
4
  * AgentClient — Credential Presentation
@@ -1,4 +1,4 @@
1
- import { b as AstraSyncCredentials, f as ProtocolTransport } from './types-rFh4VMH4.js';
1
+ import { c as AstraSyncCredentials, g as ProtocolTransport } from './types-B_wnd7ZX.js';
2
2
  import { JWK } from 'jose';
3
3
 
4
4
  /**
@@ -1,4 +1,4 @@
1
- import { b as AstraSyncCredentials, f as ProtocolTransport } from './types-rFh4VMH4.mjs';
1
+ import { c as AstraSyncCredentials, g as ProtocolTransport } from './types-B_wnd7ZX.mjs';
2
2
  import { JWK } from 'jose';
3
3
 
4
4
  /**
package/dist/index.d.mts CHANGED
@@ -1,12 +1,12 @@
1
- import { a as AgentCredentials, G as GatewayConfig, A as AccessLevel, V as VerificationRequest, i as VerificationResult } from './types-rFh4VMH4.mjs';
2
- export { b as AstraSyncCredentials, C as CommerceShieldProps, c as CounterpartyType, E as EnhancedVerificationResult, d as ExpressMiddlewareOptions, e as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, f as ProtocolTransport, R as RouteAccessConfig, g as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, h as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-rFh4VMH4.mjs';
3
- export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-e5jg7sqW.mjs';
4
- export { e as express } from './express-CeoSdOAZ.mjs';
5
- export { n as nextjs } from './nextjs-BW1rzr1I.mjs';
6
- export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-B51W8gn8.mjs';
1
+ import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, V as VerificationRequest, j as VerificationResult, E as EnhancedVerificationResult, A as AccessFailure } from './types-B_wnd7ZX.mjs';
2
+ export { c as AstraSyncCredentials, C as CommerceShieldProps, d as CounterpartyType, e as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, k as VerifiedAgent, l as VerifiedDeveloper, m as VerifiedOrganization } from './types-B_wnd7ZX.mjs';
3
+ export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-D1MuiiNz.mjs';
4
+ export { e as express } from './express-DAOTESQo.mjs';
5
+ export { n as nextjs } from './nextjs-CFQ_KDFf.mjs';
6
+ export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-kxLJ873R.mjs';
7
7
  export { McpMiddlewareOptions, ToolGateConfig, createMcpMiddleware } from './adapters/mcp.mjs';
8
8
  export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, BuildGuidanceParams, FrameworkConfig, GuidanceEnvelope, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions, buildGuidance } from './registration/index.mjs';
9
- export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-DtGziFEm.mjs';
9
+ export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-BLeiWFLu.mjs';
10
10
  import 'express';
11
11
  import 'next/server';
12
12
  import 'jose';
@@ -50,6 +50,53 @@ declare function quickVerify(config: GatewayConfig, credentials: AgentCredential
50
50
  reason?: string;
51
51
  }>;
52
52
 
53
+ /**
54
+ * Settlement authorization — the value-aware, FAIL-CLOSED gate a direct merchant
55
+ * MUST call before settling a priced cart (post-#447 partner round, finding #1).
56
+ *
57
+ * The bug it closes: the SDK request middleware performs a header-only ACCESS
58
+ * check and never sends the transaction VALUE to verify-access, so the limit
59
+ * engine never evaluates value and returns `grant` — a fully SDK-compliant
60
+ * merchant settles every band, with the agent's PDLSS spend limits silently
61
+ * unenforced. The bridge is safe only because `confirm_purchase` re-verifies
62
+ * with the authoritative session total.
63
+ *
64
+ * The authoritative value exists ONLY after the merchant prices the cart (in the
65
+ * handler, after the middleware), and it must be the MERCHANT's priced total —
66
+ * never an agent-suppliable header (spoofable). So value enforcement is a
67
+ * settlement-time, merchant-invoked call that mirrors the bridge: verify the
68
+ * priced value against the agent's limits and refuse settlement unless it
69
+ * cleanly grants.
70
+ */
71
+
72
+ interface SettlementRequest {
73
+ /** The agent's ASTRA-id (the caller you are about to settle for). */
74
+ agentId: string;
75
+ /** The MERCHANT's authoritative priced total for the cart. Never an agent-supplied amount. */
76
+ value: number;
77
+ /** ISO-4217 currency of `value`. */
78
+ currency: string;
79
+ /** Defaults to the canonical commerce pair; override for custom categories (e.g. 'trading' / 'trading.execute'). */
80
+ purpose?: string;
81
+ action?: string;
82
+ }
83
+ interface SettlementDecision {
84
+ /** TRUE only on a clean grant. A step-up/approval outcome, any deny, a missing value, or a verify error all → false. */
85
+ authorized: boolean;
86
+ recommendation?: EnhancedVerificationResult['recommendation'];
87
+ reason?: string;
88
+ failures?: AccessFailure[];
89
+ correlationId?: string;
90
+ }
91
+ /**
92
+ * Authorize a settlement of `value` for `agentId` against the agent's PDLSS
93
+ * limits. FAIL-CLOSED: returns `authorized:false` on a missing/invalid value,
94
+ * a verify-access error, a step-up/approval outcome (the value is in the
95
+ * human-approval band and cannot complete autonomously), or any policy deny.
96
+ * Settle ONLY when `authorized === true`.
97
+ */
98
+ declare function authorizeSettlement(config: GatewayConfig, req: SettlementRequest): Promise<SettlementDecision>;
99
+
53
100
  /**
54
101
  * SDK-side discovery of canonical platform URLs via `/.well-known/agentic-commerce`.
55
102
  *
@@ -107,4 +154,4 @@ declare function getCachedWellKnownUrls(apiBaseUrl: string): WellKnownAgenticCom
107
154
 
108
155
  declare const VERSION = "2.0.0";
109
156
 
110
- export { AccessLevel, AgentCredentials, GatewayConfig, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
157
+ export { AccessLevel, AgentCredentials, EnhancedVerificationResult, GatewayConfig, type SettlementDecision, type SettlementRequest, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, authorizeSettlement, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
package/dist/index.d.ts CHANGED
@@ -1,12 +1,12 @@
1
- import { a as AgentCredentials, G as GatewayConfig, A as AccessLevel, V as VerificationRequest, i as VerificationResult } from './types-rFh4VMH4.js';
2
- export { b as AstraSyncCredentials, C as CommerceShieldProps, c as CounterpartyType, E as EnhancedVerificationResult, d as ExpressMiddlewareOptions, e as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, f as ProtocolTransport, R as RouteAccessConfig, g as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, h as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-rFh4VMH4.js';
3
- export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-ZYgI7G9f.js';
4
- export { e as express } from './express-BowlMHQF.js';
5
- export { n as nextjs } from './nextjs-V_K0qlAQ.js';
6
- export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-DzXXBuLm.js';
1
+ import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, V as VerificationRequest, j as VerificationResult, E as EnhancedVerificationResult, A as AccessFailure } from './types-B_wnd7ZX.js';
2
+ export { c as AstraSyncCredentials, C as CommerceShieldProps, d as CounterpartyType, e as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, k as VerifiedAgent, l as VerifiedDeveloper, m as VerifiedOrganization } from './types-B_wnd7ZX.js';
3
+ export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-C7qAfpGB.js';
4
+ export { e as express } from './express-Lb8-Ybio.js';
5
+ export { n as nextjs } from './nextjs-BXK0nD73.js';
6
+ export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-E3fAidVt.js';
7
7
  export { McpMiddlewareOptions, ToolGateConfig, createMcpMiddleware } from './adapters/mcp.js';
8
8
  export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, BuildGuidanceParams, FrameworkConfig, GuidanceEnvelope, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions, buildGuidance } from './registration/index.js';
9
- export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-DBmlycVm.js';
9
+ export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-DFwfHOGj.js';
10
10
  import 'express';
11
11
  import 'next/server';
12
12
  import 'jose';
@@ -50,6 +50,53 @@ declare function quickVerify(config: GatewayConfig, credentials: AgentCredential
50
50
  reason?: string;
51
51
  }>;
52
52
 
53
+ /**
54
+ * Settlement authorization — the value-aware, FAIL-CLOSED gate a direct merchant
55
+ * MUST call before settling a priced cart (post-#447 partner round, finding #1).
56
+ *
57
+ * The bug it closes: the SDK request middleware performs a header-only ACCESS
58
+ * check and never sends the transaction VALUE to verify-access, so the limit
59
+ * engine never evaluates value and returns `grant` — a fully SDK-compliant
60
+ * merchant settles every band, with the agent's PDLSS spend limits silently
61
+ * unenforced. The bridge is safe only because `confirm_purchase` re-verifies
62
+ * with the authoritative session total.
63
+ *
64
+ * The authoritative value exists ONLY after the merchant prices the cart (in the
65
+ * handler, after the middleware), and it must be the MERCHANT's priced total —
66
+ * never an agent-suppliable header (spoofable). So value enforcement is a
67
+ * settlement-time, merchant-invoked call that mirrors the bridge: verify the
68
+ * priced value against the agent's limits and refuse settlement unless it
69
+ * cleanly grants.
70
+ */
71
+
72
+ interface SettlementRequest {
73
+ /** The agent's ASTRA-id (the caller you are about to settle for). */
74
+ agentId: string;
75
+ /** The MERCHANT's authoritative priced total for the cart. Never an agent-supplied amount. */
76
+ value: number;
77
+ /** ISO-4217 currency of `value`. */
78
+ currency: string;
79
+ /** Defaults to the canonical commerce pair; override for custom categories (e.g. 'trading' / 'trading.execute'). */
80
+ purpose?: string;
81
+ action?: string;
82
+ }
83
+ interface SettlementDecision {
84
+ /** TRUE only on a clean grant. A step-up/approval outcome, any deny, a missing value, or a verify error all → false. */
85
+ authorized: boolean;
86
+ recommendation?: EnhancedVerificationResult['recommendation'];
87
+ reason?: string;
88
+ failures?: AccessFailure[];
89
+ correlationId?: string;
90
+ }
91
+ /**
92
+ * Authorize a settlement of `value` for `agentId` against the agent's PDLSS
93
+ * limits. FAIL-CLOSED: returns `authorized:false` on a missing/invalid value,
94
+ * a verify-access error, a step-up/approval outcome (the value is in the
95
+ * human-approval band and cannot complete autonomously), or any policy deny.
96
+ * Settle ONLY when `authorized === true`.
97
+ */
98
+ declare function authorizeSettlement(config: GatewayConfig, req: SettlementRequest): Promise<SettlementDecision>;
99
+
53
100
  /**
54
101
  * SDK-side discovery of canonical platform URLs via `/.well-known/agentic-commerce`.
55
102
  *
@@ -107,4 +154,4 @@ declare function getCachedWellKnownUrls(apiBaseUrl: string): WellKnownAgenticCom
107
154
 
108
155
  declare const VERSION = "2.0.0";
109
156
 
110
- export { AccessLevel, AgentCredentials, GatewayConfig, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
157
+ export { AccessLevel, AgentCredentials, EnhancedVerificationResult, GatewayConfig, type SettlementDecision, type SettlementRequest, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, authorizeSettlement, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
package/dist/index.js CHANGED
@@ -45,6 +45,7 @@ __export(src_exports, {
45
45
  TRUST_LEVEL_RANGES: () => TRUST_LEVEL_RANGES,
46
46
  VERSION: () => VERSION,
47
47
  agent: () => agent_exports,
48
+ authorizeSettlement: () => authorizeSettlement,
48
49
  buildGuidance: () => buildGuidance,
49
50
  clearCache: () => clearCache,
50
51
  createMcpMiddleware: () => createMcpMiddleware,
@@ -192,7 +193,7 @@ function getCapabilities(accessLevel) {
192
193
  }
193
194
 
194
195
  // src/version.ts
195
- var SDK_VERSION = "3.2.1";
196
+ var SDK_VERSION = "3.3.0";
196
197
 
197
198
  // src/well-known.ts
198
199
  var CACHE_TTL_MS = 60 * 60 * 1e3;
@@ -742,6 +743,67 @@ async function quickVerify(config, credentials) {
742
743
  };
743
744
  }
744
745
 
746
+ // src/adapters/approval-gate.ts
747
+ var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval, which is not yet available - it cannot be completed automatically.";
748
+ function requiresHumanApproval(result) {
749
+ return result.requiresStepUp === true || result.requiresApproval === true;
750
+ }
751
+ function annotateApprovalRequired(result) {
752
+ result.failures = [
753
+ ...result.failures ?? [],
754
+ { dimension: "commerce.intent.approval_required", message: APPROVAL_REASON }
755
+ ];
756
+ result.denialReasons = [APPROVAL_REASON, ...result.denialReasons ?? []];
757
+ }
758
+
759
+ // src/settlement.ts
760
+ async function authorizeSettlement(config, req) {
761
+ if (typeof req.value !== "number" || !Number.isFinite(req.value) || req.value <= 0) {
762
+ return {
763
+ authorized: false,
764
+ recommendation: "deny",
765
+ reason: "No valid transaction value supplied to authorizeSettlement; settlement refused (fail-closed). Pass the merchant-priced cart total as `value`.",
766
+ failures: [
767
+ {
768
+ dimension: "commerce.settlement.value_missing",
769
+ message: "A positive, authoritative transaction value is required to authorize settlement."
770
+ }
771
+ ]
772
+ };
773
+ }
774
+ let result;
775
+ try {
776
+ result = await verify(config, {
777
+ credentials: { astraId: req.agentId },
778
+ purpose: req.purpose ?? "shopping",
779
+ action: req.action ?? "shopping.purchase",
780
+ transactionValue: req.value,
781
+ currency: req.currency
782
+ });
783
+ } catch (err) {
784
+ return {
785
+ authorized: false,
786
+ recommendation: "deny",
787
+ reason: `Settlement verification failed (${err instanceof Error ? err.message : String(err)}); settlement refused (fail-closed).`,
788
+ failures: [
789
+ {
790
+ dimension: "commerce.settlement.verify_error",
791
+ message: "verify-access could not be reached or returned an error; settlement is refused."
792
+ }
793
+ ]
794
+ };
795
+ }
796
+ const recommendation = result.recommendation;
797
+ const authorized = result.identityVerified === true && result.policyAllowed === true && !requiresHumanApproval(result) && (recommendation === void 0 || recommendation === "grant");
798
+ return {
799
+ authorized,
800
+ recommendation,
801
+ reason: authorized ? void 0 : result.denialReasons?.[0] ?? (requiresHumanApproval(result) ? "Transaction is above the autonomous limit and requires human approval; settlement cannot be authorized automatically." : "Settlement not authorized by the agent's PDLSS limits."),
802
+ failures: result.failures,
803
+ correlationId: result.correlationId
804
+ };
805
+ }
806
+
745
807
  // src/adapters/express.ts
746
808
  var express_exports = {};
747
809
  __export(express_exports, {
@@ -898,19 +960,6 @@ function resolveHttpPdlss(input) {
898
960
  return { purpose, action, purposeSource, actionSource };
899
961
  }
900
962
 
901
- // src/adapters/approval-gate.ts
902
- var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval, which is not yet available \u2014 it cannot be completed automatically.";
903
- function requiresHumanApproval(result) {
904
- return result.requiresStepUp === true || result.requiresApproval === true;
905
- }
906
- function annotateApprovalRequired(result) {
907
- result.failures = [
908
- ...result.failures ?? [],
909
- { dimension: "commerce.intent.approval_required", message: APPROVAL_REASON }
910
- ];
911
- result.denialReasons = [APPROVAL_REASON, ...result.denialReasons ?? []];
912
- }
913
-
914
963
  // src/pdlss-pre-check.ts
915
964
  function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
916
965
  const failures = [];
@@ -5534,6 +5583,7 @@ var VERSION = "2.0.0";
5534
5583
  TRUST_LEVEL_RANGES,
5535
5584
  VERSION,
5536
5585
  agent,
5586
+ authorizeSettlement,
5537
5587
  buildGuidance,
5538
5588
  clearCache,
5539
5589
  createMcpMiddleware,