@astrasyncai/verification-gateway 3.2.1 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter-interface/interface.d.mts +2 -2
- package/dist/adapter-interface/interface.d.ts +2 -2
- package/dist/adapters/express.d.mts +2 -2
- package/dist/adapters/express.d.ts +2 -2
- package/dist/adapters/express.js +10 -5
- package/dist/adapters/express.js.map +1 -1
- package/dist/adapters/express.mjs +10 -5
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/mcp.d.mts +1 -1
- package/dist/adapters/mcp.d.ts +1 -1
- package/dist/adapters/mcp.js +10 -5
- package/dist/adapters/mcp.js.map +1 -1
- package/dist/adapters/mcp.mjs +10 -5
- package/dist/adapters/mcp.mjs.map +1 -1
- package/dist/adapters/nextjs.d.mts +2 -2
- package/dist/adapters/nextjs.d.ts +2 -2
- package/dist/adapters/nextjs.js +10 -5
- package/dist/adapters/nextjs.js.map +1 -1
- package/dist/adapters/nextjs.mjs +10 -5
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/adapters/sdk.d.mts +2 -2
- package/dist/adapters/sdk.d.ts +2 -2
- package/dist/adapters/sdk.js +7 -3
- package/dist/adapters/sdk.js.map +1 -1
- package/dist/adapters/sdk.mjs +7 -3
- package/dist/adapters/sdk.mjs.map +1 -1
- package/dist/agent/index.d.mts +2 -2
- package/dist/agent/index.d.ts +2 -2
- package/dist/browser/background.js +2814 -2343
- package/dist/browser/background.js.map +1 -1
- package/dist/browser/background.mjs +2814 -2343
- package/dist/browser/background.mjs.map +1 -1
- package/dist/browser/browser-adapter.d.mts +2 -2
- package/dist/browser/browser-adapter.d.ts +2 -2
- package/dist/cli/index.d.mts +2 -2
- package/dist/cli/index.d.ts +2 -2
- package/dist/cli/index.js +2813 -2346
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/index.mjs +2813 -2346
- package/dist/cli/index.mjs.map +1 -1
- package/dist/cursor/cursor-adapter.d.mts +2 -2
- package/dist/cursor/cursor-adapter.d.ts +2 -2
- package/dist/cursor/extension.d.mts +2 -2
- package/dist/cursor/extension.d.ts +2 -2
- package/dist/cursor/extension.js +2815 -2344
- package/dist/cursor/extension.js.map +1 -1
- package/dist/cursor/extension.mjs +2817 -2346
- package/dist/cursor/extension.mjs.map +1 -1
- package/dist/{express-CeoSdOAZ.d.mts → express-CeFvNWDD.d.mts} +1 -1
- package/dist/{express-BowlMHQF.d.ts → express-RIh05wW2.d.ts} +1 -1
- package/dist/gateway/gateway.d.mts +2 -2
- package/dist/gateway/gateway.d.ts +2 -2
- package/dist/gateway/gateway.js +2814 -2343
- package/dist/gateway/gateway.js.map +1 -1
- package/dist/gateway/gateway.mjs +2816 -2345
- package/dist/gateway/gateway.mjs.map +1 -1
- package/dist/git-trigger/git-hooks.d.mts +2 -2
- package/dist/git-trigger/git-hooks.d.ts +2 -2
- package/dist/{index-DBmlycVm.d.ts → index-BYu1FKMy.d.ts} +1 -1
- package/dist/{index-B51W8gn8.d.mts → index-Bw4FeHMY.d.mts} +1 -1
- package/dist/{index-DzXXBuLm.d.ts → index-C-K0WCrk.d.ts} +1 -1
- package/dist/{index-DtGziFEm.d.mts → index-DgVBEiwI.d.mts} +1 -1
- package/dist/index.d.mts +58 -9
- package/dist/index.d.ts +58 -9
- package/dist/index.js +78 -20
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +77 -20
- package/dist/index.mjs.map +1 -1
- package/dist/local-evaluator/evaluator.d.mts +2 -2
- package/dist/local-evaluator/evaluator.d.ts +2 -2
- package/dist/{nextjs-V_K0qlAQ.d.ts → nextjs--xR9zbSJ.d.ts} +1 -1
- package/dist/{nextjs-BW1rzr1I.d.mts → nextjs-xciaMpsZ.d.mts} +1 -1
- package/dist/{sdk-e5jg7sqW.d.mts → sdk-CJYCLMI0.d.mts} +1 -1
- package/dist/{sdk-ZYgI7G9f.d.ts → sdk-FP7xT9F8.d.ts} +1 -1
- package/dist/transport/index.d.mts +2 -2
- package/dist/transport/index.d.ts +2 -2
- package/dist/{types-BNiLZY0i.d.mts → types-Cj92yKeA.d.mts} +1 -1
- package/dist/{types-rFh4VMH4.d.mts → types-Cwrvo30g.d.mts} +30 -1
- package/dist/{types-rFh4VMH4.d.ts → types-Cwrvo30g.d.ts} +30 -1
- package/dist/{types-DJi-u3fz.d.ts → types-DOeL-dIw.d.ts} +1 -1
- package/dist/ui/index.d.mts +1 -1
- package/dist/ui/index.d.ts +1 -1
- package/package.json +1 -1
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { AstraSyncGateway } from '../gateway/gateway.mjs';
|
|
2
|
-
import { V as VerificationDecision, P as PDLSSContext } from '../types-
|
|
3
|
-
import '../types-
|
|
2
|
+
import { V as VerificationDecision, P as PDLSSContext } from '../types-Cj92yKeA.mjs';
|
|
3
|
+
import '../types-Cwrvo30g.mjs';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Git Trigger — Enterprise git push / PR verification
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { AstraSyncGateway } from '../gateway/gateway.js';
|
|
2
|
-
import { V as VerificationDecision, P as PDLSSContext } from '../types-
|
|
3
|
-
import '../types-
|
|
2
|
+
import { V as VerificationDecision, P as PDLSSContext } from '../types-DOeL-dIw.js';
|
|
3
|
+
import '../types-Cwrvo30g.js';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Git Trigger — Enterprise git push / PR verification
|
package/dist/index.d.mts
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
import {
|
|
2
|
-
export {
|
|
3
|
-
export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-
|
|
4
|
-
export { e as express } from './express-
|
|
5
|
-
export { n as nextjs } from './nextjs-
|
|
6
|
-
export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-
|
|
1
|
+
import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, V as VerificationRequest, l as VerificationResult, E as EnhancedVerificationResult, A as AccessFailure, j as StepUpApprovalInfo } from './types-Cwrvo30g.mjs';
|
|
2
|
+
export { c as AstraSyncCredentials, C as CommerceShieldProps, d as CounterpartyType, e as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, i as SettlementArtifact, T as TokenGuidance, k as TrustLevel, m as VerifiedAgent, n as VerifiedDeveloper, o as VerifiedOrganization } from './types-Cwrvo30g.mjs';
|
|
3
|
+
export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-CJYCLMI0.mjs';
|
|
4
|
+
export { e as express } from './express-CeFvNWDD.mjs';
|
|
5
|
+
export { n as nextjs } from './nextjs-xciaMpsZ.mjs';
|
|
6
|
+
export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-Bw4FeHMY.mjs';
|
|
7
7
|
export { McpMiddlewareOptions, ToolGateConfig, createMcpMiddleware } from './adapters/mcp.mjs';
|
|
8
8
|
export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, BuildGuidanceParams, FrameworkConfig, GuidanceEnvelope, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions, buildGuidance } from './registration/index.mjs';
|
|
9
|
-
export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-
|
|
9
|
+
export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-DgVBEiwI.mjs';
|
|
10
10
|
import 'express';
|
|
11
11
|
import 'next/server';
|
|
12
12
|
import 'jose';
|
|
@@ -50,6 +50,55 @@ declare function quickVerify(config: GatewayConfig, credentials: AgentCredential
|
|
|
50
50
|
reason?: string;
|
|
51
51
|
}>;
|
|
52
52
|
|
|
53
|
+
/**
|
|
54
|
+
* Settlement authorization — the value-aware, FAIL-CLOSED gate a direct merchant
|
|
55
|
+
* MUST call before settling a priced cart (post-#447 partner round, finding #1).
|
|
56
|
+
*
|
|
57
|
+
* The bug it closes: the SDK request middleware performs a header-only ACCESS
|
|
58
|
+
* check and never sends the transaction VALUE to verify-access, so the limit
|
|
59
|
+
* engine never evaluates value and returns `grant` — a fully SDK-compliant
|
|
60
|
+
* merchant settles every band, with the agent's PDLSS spend limits silently
|
|
61
|
+
* unenforced. The bridge is safe only because `confirm_purchase` re-verifies
|
|
62
|
+
* with the authoritative session total.
|
|
63
|
+
*
|
|
64
|
+
* The authoritative value exists ONLY after the merchant prices the cart (in the
|
|
65
|
+
* handler, after the middleware), and it must be the MERCHANT's priced total —
|
|
66
|
+
* never an agent-suppliable header (spoofable). So value enforcement is a
|
|
67
|
+
* settlement-time, merchant-invoked call that mirrors the bridge: verify the
|
|
68
|
+
* priced value against the agent's limits and refuse settlement unless it
|
|
69
|
+
* cleanly grants.
|
|
70
|
+
*/
|
|
71
|
+
|
|
72
|
+
interface SettlementRequest {
|
|
73
|
+
/** The agent's ASTRA-id (the caller you are about to settle for). */
|
|
74
|
+
agentId: string;
|
|
75
|
+
/** The MERCHANT's authoritative priced total for the cart. Never an agent-supplied amount. */
|
|
76
|
+
value: number;
|
|
77
|
+
/** ISO-4217 currency of `value`. */
|
|
78
|
+
currency: string;
|
|
79
|
+
/** Defaults to the canonical commerce pair; override for custom categories (e.g. 'trading' / 'trading.execute'). */
|
|
80
|
+
purpose?: string;
|
|
81
|
+
action?: string;
|
|
82
|
+
}
|
|
83
|
+
interface SettlementDecision {
|
|
84
|
+
/** TRUE only on a clean grant. A step-up/approval outcome, any deny, a missing value, or a verify error all → false. */
|
|
85
|
+
authorized: boolean;
|
|
86
|
+
recommendation?: EnhancedVerificationResult['recommendation'];
|
|
87
|
+
reason?: string;
|
|
88
|
+
failures?: AccessFailure[];
|
|
89
|
+
correlationId?: string;
|
|
90
|
+
/** Present when the transaction is in the human-approval band — the owner can approve via the poll URL. */
|
|
91
|
+
stepUpApproval?: StepUpApprovalInfo;
|
|
92
|
+
}
|
|
93
|
+
/**
|
|
94
|
+
* Authorize a settlement of `value` for `agentId` against the agent's PDLSS
|
|
95
|
+
* limits. FAIL-CLOSED: returns `authorized:false` on a missing/invalid value,
|
|
96
|
+
* a verify-access error, a step-up/approval outcome (the value is in the
|
|
97
|
+
* human-approval band and cannot complete autonomously), or any policy deny.
|
|
98
|
+
* Settle ONLY when `authorized === true`.
|
|
99
|
+
*/
|
|
100
|
+
declare function authorizeSettlement(config: GatewayConfig, req: SettlementRequest): Promise<SettlementDecision>;
|
|
101
|
+
|
|
53
102
|
/**
|
|
54
103
|
* SDK-side discovery of canonical platform URLs via `/.well-known/agentic-commerce`.
|
|
55
104
|
*
|
|
@@ -105,6 +154,6 @@ declare function getCachedWellKnownUrls(apiBaseUrl: string): WellKnownAgenticCom
|
|
|
105
154
|
* @packageDocumentation
|
|
106
155
|
*/
|
|
107
156
|
|
|
108
|
-
declare const VERSION = "
|
|
157
|
+
declare const VERSION = "3.4.0";
|
|
109
158
|
|
|
110
|
-
export { AccessLevel, AgentCredentials, GatewayConfig, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
|
|
159
|
+
export { AccessLevel, AgentCredentials, EnhancedVerificationResult, GatewayConfig, type SettlementDecision, type SettlementRequest, StepUpApprovalInfo, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, authorizeSettlement, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
import {
|
|
2
|
-
export {
|
|
3
|
-
export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-
|
|
4
|
-
export { e as express } from './express-
|
|
5
|
-
export { n as nextjs } from './nextjs
|
|
6
|
-
export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-
|
|
1
|
+
import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, V as VerificationRequest, l as VerificationResult, E as EnhancedVerificationResult, A as AccessFailure, j as StepUpApprovalInfo } from './types-Cwrvo30g.js';
|
|
2
|
+
export { c as AstraSyncCredentials, C as CommerceShieldProps, d as CounterpartyType, e as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, i as SettlementArtifact, T as TokenGuidance, k as TrustLevel, m as VerifiedAgent, n as VerifiedDeveloper, o as VerifiedOrganization } from './types-Cwrvo30g.js';
|
|
3
|
+
export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-FP7xT9F8.js';
|
|
4
|
+
export { e as express } from './express-RIh05wW2.js';
|
|
5
|
+
export { n as nextjs } from './nextjs--xR9zbSJ.js';
|
|
6
|
+
export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-C-K0WCrk.js';
|
|
7
7
|
export { McpMiddlewareOptions, ToolGateConfig, createMcpMiddleware } from './adapters/mcp.js';
|
|
8
8
|
export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, BuildGuidanceParams, FrameworkConfig, GuidanceEnvelope, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions, buildGuidance } from './registration/index.js';
|
|
9
|
-
export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-
|
|
9
|
+
export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-BYu1FKMy.js';
|
|
10
10
|
import 'express';
|
|
11
11
|
import 'next/server';
|
|
12
12
|
import 'jose';
|
|
@@ -50,6 +50,55 @@ declare function quickVerify(config: GatewayConfig, credentials: AgentCredential
|
|
|
50
50
|
reason?: string;
|
|
51
51
|
}>;
|
|
52
52
|
|
|
53
|
+
/**
|
|
54
|
+
* Settlement authorization — the value-aware, FAIL-CLOSED gate a direct merchant
|
|
55
|
+
* MUST call before settling a priced cart (post-#447 partner round, finding #1).
|
|
56
|
+
*
|
|
57
|
+
* The bug it closes: the SDK request middleware performs a header-only ACCESS
|
|
58
|
+
* check and never sends the transaction VALUE to verify-access, so the limit
|
|
59
|
+
* engine never evaluates value and returns `grant` — a fully SDK-compliant
|
|
60
|
+
* merchant settles every band, with the agent's PDLSS spend limits silently
|
|
61
|
+
* unenforced. The bridge is safe only because `confirm_purchase` re-verifies
|
|
62
|
+
* with the authoritative session total.
|
|
63
|
+
*
|
|
64
|
+
* The authoritative value exists ONLY after the merchant prices the cart (in the
|
|
65
|
+
* handler, after the middleware), and it must be the MERCHANT's priced total —
|
|
66
|
+
* never an agent-suppliable header (spoofable). So value enforcement is a
|
|
67
|
+
* settlement-time, merchant-invoked call that mirrors the bridge: verify the
|
|
68
|
+
* priced value against the agent's limits and refuse settlement unless it
|
|
69
|
+
* cleanly grants.
|
|
70
|
+
*/
|
|
71
|
+
|
|
72
|
+
interface SettlementRequest {
|
|
73
|
+
/** The agent's ASTRA-id (the caller you are about to settle for). */
|
|
74
|
+
agentId: string;
|
|
75
|
+
/** The MERCHANT's authoritative priced total for the cart. Never an agent-supplied amount. */
|
|
76
|
+
value: number;
|
|
77
|
+
/** ISO-4217 currency of `value`. */
|
|
78
|
+
currency: string;
|
|
79
|
+
/** Defaults to the canonical commerce pair; override for custom categories (e.g. 'trading' / 'trading.execute'). */
|
|
80
|
+
purpose?: string;
|
|
81
|
+
action?: string;
|
|
82
|
+
}
|
|
83
|
+
interface SettlementDecision {
|
|
84
|
+
/** TRUE only on a clean grant. A step-up/approval outcome, any deny, a missing value, or a verify error all → false. */
|
|
85
|
+
authorized: boolean;
|
|
86
|
+
recommendation?: EnhancedVerificationResult['recommendation'];
|
|
87
|
+
reason?: string;
|
|
88
|
+
failures?: AccessFailure[];
|
|
89
|
+
correlationId?: string;
|
|
90
|
+
/** Present when the transaction is in the human-approval band — the owner can approve via the poll URL. */
|
|
91
|
+
stepUpApproval?: StepUpApprovalInfo;
|
|
92
|
+
}
|
|
93
|
+
/**
|
|
94
|
+
* Authorize a settlement of `value` for `agentId` against the agent's PDLSS
|
|
95
|
+
* limits. FAIL-CLOSED: returns `authorized:false` on a missing/invalid value,
|
|
96
|
+
* a verify-access error, a step-up/approval outcome (the value is in the
|
|
97
|
+
* human-approval band and cannot complete autonomously), or any policy deny.
|
|
98
|
+
* Settle ONLY when `authorized === true`.
|
|
99
|
+
*/
|
|
100
|
+
declare function authorizeSettlement(config: GatewayConfig, req: SettlementRequest): Promise<SettlementDecision>;
|
|
101
|
+
|
|
53
102
|
/**
|
|
54
103
|
* SDK-side discovery of canonical platform URLs via `/.well-known/agentic-commerce`.
|
|
55
104
|
*
|
|
@@ -105,6 +154,6 @@ declare function getCachedWellKnownUrls(apiBaseUrl: string): WellKnownAgenticCom
|
|
|
105
154
|
* @packageDocumentation
|
|
106
155
|
*/
|
|
107
156
|
|
|
108
|
-
declare const VERSION = "
|
|
157
|
+
declare const VERSION = "3.4.0";
|
|
109
158
|
|
|
110
|
-
export { AccessLevel, AgentCredentials, GatewayConfig, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
|
|
159
|
+
export { AccessLevel, AgentCredentials, EnhancedVerificationResult, GatewayConfig, type SettlementDecision, type SettlementRequest, StepUpApprovalInfo, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, authorizeSettlement, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
|
package/dist/index.js
CHANGED
|
@@ -45,6 +45,7 @@ __export(src_exports, {
|
|
|
45
45
|
TRUST_LEVEL_RANGES: () => TRUST_LEVEL_RANGES,
|
|
46
46
|
VERSION: () => VERSION,
|
|
47
47
|
agent: () => agent_exports,
|
|
48
|
+
authorizeSettlement: () => authorizeSettlement,
|
|
48
49
|
buildGuidance: () => buildGuidance,
|
|
49
50
|
clearCache: () => clearCache,
|
|
50
51
|
createMcpMiddleware: () => createMcpMiddleware,
|
|
@@ -192,7 +193,7 @@ function getCapabilities(accessLevel) {
|
|
|
192
193
|
}
|
|
193
194
|
|
|
194
195
|
// src/version.ts
|
|
195
|
-
var SDK_VERSION = "3.
|
|
196
|
+
var SDK_VERSION = "3.3.0";
|
|
196
197
|
|
|
197
198
|
// src/well-known.ts
|
|
198
199
|
var CACHE_TTL_MS = 60 * 60 * 1e3;
|
|
@@ -610,7 +611,9 @@ async function verify(config, request) {
|
|
|
610
611
|
// linking key (the sessionId-equivalent for anonymous callers).
|
|
611
612
|
correlationId: apiResponse.correlationId,
|
|
612
613
|
recommendation: apiResponse.recommendation,
|
|
613
|
-
recommendationReasons: apiResponse.recommendationReasons
|
|
614
|
+
recommendationReasons: apiResponse.recommendationReasons,
|
|
615
|
+
stepUpApproval: apiResponse.stepUpApproval,
|
|
616
|
+
settlement: apiResponse.settlement
|
|
614
617
|
};
|
|
615
618
|
return result2;
|
|
616
619
|
}
|
|
@@ -662,7 +665,9 @@ async function verify(config, request) {
|
|
|
662
665
|
tokenGuidance: apiResponse.tokenGuidance,
|
|
663
666
|
recommendation: apiResponse.recommendation,
|
|
664
667
|
recommendationReasons: apiResponse.recommendationReasons,
|
|
665
|
-
warningHeader: apiResponse.warningHeader
|
|
668
|
+
warningHeader: apiResponse.warningHeader,
|
|
669
|
+
stepUpApproval: apiResponse.stepUpApproval,
|
|
670
|
+
settlement: apiResponse.settlement
|
|
666
671
|
};
|
|
667
672
|
if (result.recommendation === "deny") {
|
|
668
673
|
result.policyAllowed = false;
|
|
@@ -742,6 +747,68 @@ async function quickVerify(config, credentials) {
|
|
|
742
747
|
};
|
|
743
748
|
}
|
|
744
749
|
|
|
750
|
+
// src/adapters/approval-gate.ts
|
|
751
|
+
var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval. The agent owner can approve or deny this transaction in the AstraSync dashboard.";
|
|
752
|
+
function requiresHumanApproval(result) {
|
|
753
|
+
return result.requiresStepUp === true || result.requiresApproval === true;
|
|
754
|
+
}
|
|
755
|
+
function annotateApprovalRequired(result) {
|
|
756
|
+
result.failures = [
|
|
757
|
+
...result.failures ?? [],
|
|
758
|
+
{ dimension: "commerce.intent.approval_required", message: APPROVAL_REASON }
|
|
759
|
+
];
|
|
760
|
+
result.denialReasons = [APPROVAL_REASON, ...result.denialReasons ?? []];
|
|
761
|
+
}
|
|
762
|
+
|
|
763
|
+
// src/settlement.ts
|
|
764
|
+
async function authorizeSettlement(config, req) {
|
|
765
|
+
if (typeof req.value !== "number" || !Number.isFinite(req.value) || req.value <= 0) {
|
|
766
|
+
return {
|
|
767
|
+
authorized: false,
|
|
768
|
+
recommendation: "deny",
|
|
769
|
+
reason: "No valid transaction value supplied to authorizeSettlement; settlement refused (fail-closed). Pass the merchant-priced cart total as `value`.",
|
|
770
|
+
failures: [
|
|
771
|
+
{
|
|
772
|
+
dimension: "commerce.settlement.value_missing",
|
|
773
|
+
message: "A positive, authoritative transaction value is required to authorize settlement."
|
|
774
|
+
}
|
|
775
|
+
]
|
|
776
|
+
};
|
|
777
|
+
}
|
|
778
|
+
let result;
|
|
779
|
+
try {
|
|
780
|
+
result = await verify(config, {
|
|
781
|
+
credentials: { astraId: req.agentId },
|
|
782
|
+
purpose: req.purpose ?? "shopping",
|
|
783
|
+
action: req.action ?? "shopping.purchase",
|
|
784
|
+
transactionValue: req.value,
|
|
785
|
+
currency: req.currency
|
|
786
|
+
});
|
|
787
|
+
} catch (err) {
|
|
788
|
+
return {
|
|
789
|
+
authorized: false,
|
|
790
|
+
recommendation: "deny",
|
|
791
|
+
reason: `Settlement verification failed (${err instanceof Error ? err.message : String(err)}); settlement refused (fail-closed).`,
|
|
792
|
+
failures: [
|
|
793
|
+
{
|
|
794
|
+
dimension: "commerce.settlement.verify_error",
|
|
795
|
+
message: "verify-access could not be reached or returned an error; settlement is refused."
|
|
796
|
+
}
|
|
797
|
+
]
|
|
798
|
+
};
|
|
799
|
+
}
|
|
800
|
+
const recommendation = result.recommendation;
|
|
801
|
+
const authorized = result.identityVerified === true && result.policyAllowed === true && !requiresHumanApproval(result) && (recommendation === void 0 || recommendation === "grant");
|
|
802
|
+
return {
|
|
803
|
+
authorized,
|
|
804
|
+
recommendation,
|
|
805
|
+
reason: authorized ? void 0 : result.denialReasons?.[0] ?? (requiresHumanApproval(result) ? "Transaction is above the autonomous limit and requires human approval; settlement cannot be authorized automatically." : "Settlement not authorized by the agent's PDLSS limits."),
|
|
806
|
+
failures: result.failures,
|
|
807
|
+
correlationId: result.correlationId,
|
|
808
|
+
stepUpApproval: requiresHumanApproval(result) ? result.stepUpApproval : void 0
|
|
809
|
+
};
|
|
810
|
+
}
|
|
811
|
+
|
|
745
812
|
// src/adapters/express.ts
|
|
746
813
|
var express_exports = {};
|
|
747
814
|
__export(express_exports, {
|
|
@@ -898,19 +965,6 @@ function resolveHttpPdlss(input) {
|
|
|
898
965
|
return { purpose, action, purposeSource, actionSource };
|
|
899
966
|
}
|
|
900
967
|
|
|
901
|
-
// src/adapters/approval-gate.ts
|
|
902
|
-
var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval, which is not yet available \u2014 it cannot be completed automatically.";
|
|
903
|
-
function requiresHumanApproval(result) {
|
|
904
|
-
return result.requiresStepUp === true || result.requiresApproval === true;
|
|
905
|
-
}
|
|
906
|
-
function annotateApprovalRequired(result) {
|
|
907
|
-
result.failures = [
|
|
908
|
-
...result.failures ?? [],
|
|
909
|
-
{ dimension: "commerce.intent.approval_required", message: APPROVAL_REASON }
|
|
910
|
-
];
|
|
911
|
-
result.denialReasons = [APPROVAL_REASON, ...result.denialReasons ?? []];
|
|
912
|
-
}
|
|
913
|
-
|
|
914
968
|
// src/pdlss-pre-check.ts
|
|
915
969
|
function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
|
|
916
970
|
const failures = [];
|
|
@@ -1038,7 +1092,8 @@ function defaultOnDenied(result, _req, res) {
|
|
|
1038
1092
|
guidance: result.guidance,
|
|
1039
1093
|
// Round-10: aggregated per-dimension detail + correlation handle.
|
|
1040
1094
|
failures: result.failures,
|
|
1041
|
-
correlationId: result.correlationId
|
|
1095
|
+
correlationId: result.correlationId,
|
|
1096
|
+
stepUpApproval: result.stepUpApproval
|
|
1042
1097
|
}
|
|
1043
1098
|
});
|
|
1044
1099
|
}
|
|
@@ -1688,7 +1743,8 @@ function createMiddleware2(options) {
|
|
|
1688
1743
|
code: !result.identityVerified ? "UNAUTHORIZED" : "POLICY_DENIED",
|
|
1689
1744
|
message: result.denialReasons?.[0] || "Access denied",
|
|
1690
1745
|
guidance: result.guidance,
|
|
1691
|
-
failures: result.failures
|
|
1746
|
+
failures: result.failures,
|
|
1747
|
+
stepUpApproval: result.stepUpApproval
|
|
1692
1748
|
}
|
|
1693
1749
|
},
|
|
1694
1750
|
{ status: !result.identityVerified ? 401 : 403 }
|
|
@@ -4588,7 +4644,8 @@ function defaultMcpDenied(result, req, res) {
|
|
|
4588
4644
|
guidance: result.guidance,
|
|
4589
4645
|
// Round-10: aggregated per-dimension detail + correlation handle.
|
|
4590
4646
|
failures: result.failures,
|
|
4591
|
-
correlationId: result.correlationId
|
|
4647
|
+
correlationId: result.correlationId,
|
|
4648
|
+
stepUpApproval: result.stepUpApproval
|
|
4592
4649
|
}
|
|
4593
4650
|
}
|
|
4594
4651
|
});
|
|
@@ -5516,7 +5573,7 @@ async function recordDecision2(config, params) {
|
|
|
5516
5573
|
}
|
|
5517
5574
|
|
|
5518
5575
|
// src/index.ts
|
|
5519
|
-
var VERSION = "
|
|
5576
|
+
var VERSION = "3.4.0";
|
|
5520
5577
|
// Annotate the CommonJS export names for ESM import in node:
|
|
5521
5578
|
0 && (module.exports = {
|
|
5522
5579
|
ACCESS_LEVEL_DESCRIPTIONS,
|
|
@@ -5534,6 +5591,7 @@ var VERSION = "2.0.0";
|
|
|
5534
5591
|
TRUST_LEVEL_RANGES,
|
|
5535
5592
|
VERSION,
|
|
5536
5593
|
agent,
|
|
5594
|
+
authorizeSettlement,
|
|
5537
5595
|
buildGuidance,
|
|
5538
5596
|
clearCache,
|
|
5539
5597
|
createMcpMiddleware,
|