@astrasyncai/verification-gateway 3.2.1 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. package/dist/adapter-interface/interface.d.mts +2 -2
  2. package/dist/adapter-interface/interface.d.ts +2 -2
  3. package/dist/adapters/express.d.mts +2 -2
  4. package/dist/adapters/express.d.ts +2 -2
  5. package/dist/adapters/express.js +10 -5
  6. package/dist/adapters/express.js.map +1 -1
  7. package/dist/adapters/express.mjs +10 -5
  8. package/dist/adapters/express.mjs.map +1 -1
  9. package/dist/adapters/mcp.d.mts +1 -1
  10. package/dist/adapters/mcp.d.ts +1 -1
  11. package/dist/adapters/mcp.js +10 -5
  12. package/dist/adapters/mcp.js.map +1 -1
  13. package/dist/adapters/mcp.mjs +10 -5
  14. package/dist/adapters/mcp.mjs.map +1 -1
  15. package/dist/adapters/nextjs.d.mts +2 -2
  16. package/dist/adapters/nextjs.d.ts +2 -2
  17. package/dist/adapters/nextjs.js +10 -5
  18. package/dist/adapters/nextjs.js.map +1 -1
  19. package/dist/adapters/nextjs.mjs +10 -5
  20. package/dist/adapters/nextjs.mjs.map +1 -1
  21. package/dist/adapters/sdk.d.mts +2 -2
  22. package/dist/adapters/sdk.d.ts +2 -2
  23. package/dist/adapters/sdk.js +7 -3
  24. package/dist/adapters/sdk.js.map +1 -1
  25. package/dist/adapters/sdk.mjs +7 -3
  26. package/dist/adapters/sdk.mjs.map +1 -1
  27. package/dist/agent/index.d.mts +2 -2
  28. package/dist/agent/index.d.ts +2 -2
  29. package/dist/browser/background.js +2814 -2343
  30. package/dist/browser/background.js.map +1 -1
  31. package/dist/browser/background.mjs +2814 -2343
  32. package/dist/browser/background.mjs.map +1 -1
  33. package/dist/browser/browser-adapter.d.mts +2 -2
  34. package/dist/browser/browser-adapter.d.ts +2 -2
  35. package/dist/cli/index.d.mts +2 -2
  36. package/dist/cli/index.d.ts +2 -2
  37. package/dist/cli/index.js +2813 -2346
  38. package/dist/cli/index.js.map +1 -1
  39. package/dist/cli/index.mjs +2813 -2346
  40. package/dist/cli/index.mjs.map +1 -1
  41. package/dist/cursor/cursor-adapter.d.mts +2 -2
  42. package/dist/cursor/cursor-adapter.d.ts +2 -2
  43. package/dist/cursor/extension.d.mts +2 -2
  44. package/dist/cursor/extension.d.ts +2 -2
  45. package/dist/cursor/extension.js +2815 -2344
  46. package/dist/cursor/extension.js.map +1 -1
  47. package/dist/cursor/extension.mjs +2817 -2346
  48. package/dist/cursor/extension.mjs.map +1 -1
  49. package/dist/{express-CeoSdOAZ.d.mts → express-CeFvNWDD.d.mts} +1 -1
  50. package/dist/{express-BowlMHQF.d.ts → express-RIh05wW2.d.ts} +1 -1
  51. package/dist/gateway/gateway.d.mts +2 -2
  52. package/dist/gateway/gateway.d.ts +2 -2
  53. package/dist/gateway/gateway.js +2814 -2343
  54. package/dist/gateway/gateway.js.map +1 -1
  55. package/dist/gateway/gateway.mjs +2816 -2345
  56. package/dist/gateway/gateway.mjs.map +1 -1
  57. package/dist/git-trigger/git-hooks.d.mts +2 -2
  58. package/dist/git-trigger/git-hooks.d.ts +2 -2
  59. package/dist/{index-DBmlycVm.d.ts → index-BYu1FKMy.d.ts} +1 -1
  60. package/dist/{index-B51W8gn8.d.mts → index-Bw4FeHMY.d.mts} +1 -1
  61. package/dist/{index-DzXXBuLm.d.ts → index-C-K0WCrk.d.ts} +1 -1
  62. package/dist/{index-DtGziFEm.d.mts → index-DgVBEiwI.d.mts} +1 -1
  63. package/dist/index.d.mts +58 -9
  64. package/dist/index.d.ts +58 -9
  65. package/dist/index.js +78 -20
  66. package/dist/index.js.map +1 -1
  67. package/dist/index.mjs +77 -20
  68. package/dist/index.mjs.map +1 -1
  69. package/dist/local-evaluator/evaluator.d.mts +2 -2
  70. package/dist/local-evaluator/evaluator.d.ts +2 -2
  71. package/dist/{nextjs-V_K0qlAQ.d.ts → nextjs--xR9zbSJ.d.ts} +1 -1
  72. package/dist/{nextjs-BW1rzr1I.d.mts → nextjs-xciaMpsZ.d.mts} +1 -1
  73. package/dist/{sdk-e5jg7sqW.d.mts → sdk-CJYCLMI0.d.mts} +1 -1
  74. package/dist/{sdk-ZYgI7G9f.d.ts → sdk-FP7xT9F8.d.ts} +1 -1
  75. package/dist/transport/index.d.mts +2 -2
  76. package/dist/transport/index.d.ts +2 -2
  77. package/dist/{types-BNiLZY0i.d.mts → types-Cj92yKeA.d.mts} +1 -1
  78. package/dist/{types-rFh4VMH4.d.mts → types-Cwrvo30g.d.mts} +30 -1
  79. package/dist/{types-rFh4VMH4.d.ts → types-Cwrvo30g.d.ts} +30 -1
  80. package/dist/{types-DJi-u3fz.d.ts → types-DOeL-dIw.d.ts} +1 -1
  81. package/dist/ui/index.d.mts +1 -1
  82. package/dist/ui/index.d.ts +1 -1
  83. package/package.json +1 -1
@@ -1,6 +1,6 @@
1
1
  import { AstraSyncGateway } from '../gateway/gateway.mjs';
2
- import { V as VerificationDecision, P as PDLSSContext } from '../types-BNiLZY0i.mjs';
3
- import '../types-rFh4VMH4.mjs';
2
+ import { V as VerificationDecision, P as PDLSSContext } from '../types-Cj92yKeA.mjs';
3
+ import '../types-Cwrvo30g.mjs';
4
4
 
5
5
  /**
6
6
  * Git Trigger — Enterprise git push / PR verification
@@ -1,6 +1,6 @@
1
1
  import { AstraSyncGateway } from '../gateway/gateway.js';
2
- import { V as VerificationDecision, P as PDLSSContext } from '../types-DJi-u3fz.js';
3
- import '../types-rFh4VMH4.js';
2
+ import { V as VerificationDecision, P as PDLSSContext } from '../types-DOeL-dIw.js';
3
+ import '../types-Cwrvo30g.js';
4
4
 
5
5
  /**
6
6
  * Git Trigger — Enterprise git push / PR verification
@@ -1,4 +1,4 @@
1
- import { b as AstraSyncCredentials, f as ProtocolTransport, G as GatewayConfig } from './types-rFh4VMH4.js';
1
+ import { c as AstraSyncCredentials, g as ProtocolTransport, G as GatewayConfig } from './types-Cwrvo30g.js';
2
2
 
3
3
  /**
4
4
  * AgentClient — Credential Presentation
@@ -1,4 +1,4 @@
1
- import { b as AstraSyncCredentials, f as ProtocolTransport } from './types-rFh4VMH4.mjs';
1
+ import { c as AstraSyncCredentials, g as ProtocolTransport } from './types-Cwrvo30g.mjs';
2
2
  import { JWK } from 'jose';
3
3
 
4
4
  /**
@@ -1,4 +1,4 @@
1
- import { b as AstraSyncCredentials, f as ProtocolTransport } from './types-rFh4VMH4.js';
1
+ import { c as AstraSyncCredentials, g as ProtocolTransport } from './types-Cwrvo30g.js';
2
2
  import { JWK } from 'jose';
3
3
 
4
4
  /**
@@ -1,4 +1,4 @@
1
- import { b as AstraSyncCredentials, f as ProtocolTransport, G as GatewayConfig } from './types-rFh4VMH4.mjs';
1
+ import { c as AstraSyncCredentials, g as ProtocolTransport, G as GatewayConfig } from './types-Cwrvo30g.mjs';
2
2
 
3
3
  /**
4
4
  * AgentClient — Credential Presentation
package/dist/index.d.mts CHANGED
@@ -1,12 +1,12 @@
1
- import { a as AgentCredentials, G as GatewayConfig, A as AccessLevel, V as VerificationRequest, i as VerificationResult } from './types-rFh4VMH4.mjs';
2
- export { b as AstraSyncCredentials, C as CommerceShieldProps, c as CounterpartyType, E as EnhancedVerificationResult, d as ExpressMiddlewareOptions, e as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, f as ProtocolTransport, R as RouteAccessConfig, g as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, h as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-rFh4VMH4.mjs';
3
- export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-e5jg7sqW.mjs';
4
- export { e as express } from './express-CeoSdOAZ.mjs';
5
- export { n as nextjs } from './nextjs-BW1rzr1I.mjs';
6
- export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-B51W8gn8.mjs';
1
+ import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, V as VerificationRequest, l as VerificationResult, E as EnhancedVerificationResult, A as AccessFailure, j as StepUpApprovalInfo } from './types-Cwrvo30g.mjs';
2
+ export { c as AstraSyncCredentials, C as CommerceShieldProps, d as CounterpartyType, e as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, i as SettlementArtifact, T as TokenGuidance, k as TrustLevel, m as VerifiedAgent, n as VerifiedDeveloper, o as VerifiedOrganization } from './types-Cwrvo30g.mjs';
3
+ export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-CJYCLMI0.mjs';
4
+ export { e as express } from './express-CeFvNWDD.mjs';
5
+ export { n as nextjs } from './nextjs-xciaMpsZ.mjs';
6
+ export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-Bw4FeHMY.mjs';
7
7
  export { McpMiddlewareOptions, ToolGateConfig, createMcpMiddleware } from './adapters/mcp.mjs';
8
8
  export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, BuildGuidanceParams, FrameworkConfig, GuidanceEnvelope, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions, buildGuidance } from './registration/index.mjs';
9
- export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-DtGziFEm.mjs';
9
+ export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-DgVBEiwI.mjs';
10
10
  import 'express';
11
11
  import 'next/server';
12
12
  import 'jose';
@@ -50,6 +50,55 @@ declare function quickVerify(config: GatewayConfig, credentials: AgentCredential
50
50
  reason?: string;
51
51
  }>;
52
52
 
53
+ /**
54
+ * Settlement authorization — the value-aware, FAIL-CLOSED gate a direct merchant
55
+ * MUST call before settling a priced cart (post-#447 partner round, finding #1).
56
+ *
57
+ * The bug it closes: the SDK request middleware performs a header-only ACCESS
58
+ * check and never sends the transaction VALUE to verify-access, so the limit
59
+ * engine never evaluates value and returns `grant` — a fully SDK-compliant
60
+ * merchant settles every band, with the agent's PDLSS spend limits silently
61
+ * unenforced. The bridge is safe only because `confirm_purchase` re-verifies
62
+ * with the authoritative session total.
63
+ *
64
+ * The authoritative value exists ONLY after the merchant prices the cart (in the
65
+ * handler, after the middleware), and it must be the MERCHANT's priced total —
66
+ * never an agent-suppliable header (spoofable). So value enforcement is a
67
+ * settlement-time, merchant-invoked call that mirrors the bridge: verify the
68
+ * priced value against the agent's limits and refuse settlement unless it
69
+ * cleanly grants.
70
+ */
71
+
72
+ interface SettlementRequest {
73
+ /** The agent's ASTRA-id (the caller you are about to settle for). */
74
+ agentId: string;
75
+ /** The MERCHANT's authoritative priced total for the cart. Never an agent-supplied amount. */
76
+ value: number;
77
+ /** ISO-4217 currency of `value`. */
78
+ currency: string;
79
+ /** Defaults to the canonical commerce pair; override for custom categories (e.g. 'trading' / 'trading.execute'). */
80
+ purpose?: string;
81
+ action?: string;
82
+ }
83
+ interface SettlementDecision {
84
+ /** TRUE only on a clean grant. A step-up/approval outcome, any deny, a missing value, or a verify error all → false. */
85
+ authorized: boolean;
86
+ recommendation?: EnhancedVerificationResult['recommendation'];
87
+ reason?: string;
88
+ failures?: AccessFailure[];
89
+ correlationId?: string;
90
+ /** Present when the transaction is in the human-approval band — the owner can approve via the poll URL. */
91
+ stepUpApproval?: StepUpApprovalInfo;
92
+ }
93
+ /**
94
+ * Authorize a settlement of `value` for `agentId` against the agent's PDLSS
95
+ * limits. FAIL-CLOSED: returns `authorized:false` on a missing/invalid value,
96
+ * a verify-access error, a step-up/approval outcome (the value is in the
97
+ * human-approval band and cannot complete autonomously), or any policy deny.
98
+ * Settle ONLY when `authorized === true`.
99
+ */
100
+ declare function authorizeSettlement(config: GatewayConfig, req: SettlementRequest): Promise<SettlementDecision>;
101
+
53
102
  /**
54
103
  * SDK-side discovery of canonical platform URLs via `/.well-known/agentic-commerce`.
55
104
  *
@@ -105,6 +154,6 @@ declare function getCachedWellKnownUrls(apiBaseUrl: string): WellKnownAgenticCom
105
154
  * @packageDocumentation
106
155
  */
107
156
 
108
- declare const VERSION = "2.0.0";
157
+ declare const VERSION = "3.4.0";
109
158
 
110
- export { AccessLevel, AgentCredentials, GatewayConfig, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
159
+ export { AccessLevel, AgentCredentials, EnhancedVerificationResult, GatewayConfig, type SettlementDecision, type SettlementRequest, StepUpApprovalInfo, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, authorizeSettlement, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
package/dist/index.d.ts CHANGED
@@ -1,12 +1,12 @@
1
- import { a as AgentCredentials, G as GatewayConfig, A as AccessLevel, V as VerificationRequest, i as VerificationResult } from './types-rFh4VMH4.js';
2
- export { b as AstraSyncCredentials, C as CommerceShieldProps, c as CounterpartyType, E as EnhancedVerificationResult, d as ExpressMiddlewareOptions, e as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, f as ProtocolTransport, R as RouteAccessConfig, g as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, h as TrustLevel, j as VerifiedAgent, k as VerifiedDeveloper, l as VerifiedOrganization } from './types-rFh4VMH4.js';
3
- export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-ZYgI7G9f.js';
4
- export { e as express } from './express-BowlMHQF.js';
5
- export { n as nextjs } from './nextjs-V_K0qlAQ.js';
6
- export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-DzXXBuLm.js';
1
+ import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, V as VerificationRequest, l as VerificationResult, E as EnhancedVerificationResult, A as AccessFailure, j as StepUpApprovalInfo } from './types-Cwrvo30g.js';
2
+ export { c as AstraSyncCredentials, C as CommerceShieldProps, d as CounterpartyType, e as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, i as SettlementArtifact, T as TokenGuidance, k as TrustLevel, m as VerifiedAgent, n as VerifiedDeveloper, o as VerifiedOrganization } from './types-Cwrvo30g.js';
3
+ export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-FP7xT9F8.js';
4
+ export { e as express } from './express-RIh05wW2.js';
5
+ export { n as nextjs } from './nextjs--xR9zbSJ.js';
6
+ export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-C-K0WCrk.js';
7
7
  export { McpMiddlewareOptions, ToolGateConfig, createMcpMiddleware } from './adapters/mcp.js';
8
8
  export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, BuildGuidanceParams, FrameworkConfig, GuidanceEnvelope, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions, buildGuidance } from './registration/index.js';
9
- export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-DBmlycVm.js';
9
+ export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-BYu1FKMy.js';
10
10
  import 'express';
11
11
  import 'next/server';
12
12
  import 'jose';
@@ -50,6 +50,55 @@ declare function quickVerify(config: GatewayConfig, credentials: AgentCredential
50
50
  reason?: string;
51
51
  }>;
52
52
 
53
+ /**
54
+ * Settlement authorization — the value-aware, FAIL-CLOSED gate a direct merchant
55
+ * MUST call before settling a priced cart (post-#447 partner round, finding #1).
56
+ *
57
+ * The bug it closes: the SDK request middleware performs a header-only ACCESS
58
+ * check and never sends the transaction VALUE to verify-access, so the limit
59
+ * engine never evaluates value and returns `grant` — a fully SDK-compliant
60
+ * merchant settles every band, with the agent's PDLSS spend limits silently
61
+ * unenforced. The bridge is safe only because `confirm_purchase` re-verifies
62
+ * with the authoritative session total.
63
+ *
64
+ * The authoritative value exists ONLY after the merchant prices the cart (in the
65
+ * handler, after the middleware), and it must be the MERCHANT's priced total —
66
+ * never an agent-suppliable header (spoofable). So value enforcement is a
67
+ * settlement-time, merchant-invoked call that mirrors the bridge: verify the
68
+ * priced value against the agent's limits and refuse settlement unless it
69
+ * cleanly grants.
70
+ */
71
+
72
+ interface SettlementRequest {
73
+ /** The agent's ASTRA-id (the caller you are about to settle for). */
74
+ agentId: string;
75
+ /** The MERCHANT's authoritative priced total for the cart. Never an agent-supplied amount. */
76
+ value: number;
77
+ /** ISO-4217 currency of `value`. */
78
+ currency: string;
79
+ /** Defaults to the canonical commerce pair; override for custom categories (e.g. 'trading' / 'trading.execute'). */
80
+ purpose?: string;
81
+ action?: string;
82
+ }
83
+ interface SettlementDecision {
84
+ /** TRUE only on a clean grant. A step-up/approval outcome, any deny, a missing value, or a verify error all → false. */
85
+ authorized: boolean;
86
+ recommendation?: EnhancedVerificationResult['recommendation'];
87
+ reason?: string;
88
+ failures?: AccessFailure[];
89
+ correlationId?: string;
90
+ /** Present when the transaction is in the human-approval band — the owner can approve via the poll URL. */
91
+ stepUpApproval?: StepUpApprovalInfo;
92
+ }
93
+ /**
94
+ * Authorize a settlement of `value` for `agentId` against the agent's PDLSS
95
+ * limits. FAIL-CLOSED: returns `authorized:false` on a missing/invalid value,
96
+ * a verify-access error, a step-up/approval outcome (the value is in the
97
+ * human-approval band and cannot complete autonomously), or any policy deny.
98
+ * Settle ONLY when `authorized === true`.
99
+ */
100
+ declare function authorizeSettlement(config: GatewayConfig, req: SettlementRequest): Promise<SettlementDecision>;
101
+
53
102
  /**
54
103
  * SDK-side discovery of canonical platform URLs via `/.well-known/agentic-commerce`.
55
104
  *
@@ -105,6 +154,6 @@ declare function getCachedWellKnownUrls(apiBaseUrl: string): WellKnownAgenticCom
105
154
  * @packageDocumentation
106
155
  */
107
156
 
108
- declare const VERSION = "2.0.0";
157
+ declare const VERSION = "3.4.0";
109
158
 
110
- export { AccessLevel, AgentCredentials, GatewayConfig, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
159
+ export { AccessLevel, AgentCredentials, EnhancedVerificationResult, GatewayConfig, type SettlementDecision, type SettlementRequest, StepUpApprovalInfo, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, authorizeSettlement, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
package/dist/index.js CHANGED
@@ -45,6 +45,7 @@ __export(src_exports, {
45
45
  TRUST_LEVEL_RANGES: () => TRUST_LEVEL_RANGES,
46
46
  VERSION: () => VERSION,
47
47
  agent: () => agent_exports,
48
+ authorizeSettlement: () => authorizeSettlement,
48
49
  buildGuidance: () => buildGuidance,
49
50
  clearCache: () => clearCache,
50
51
  createMcpMiddleware: () => createMcpMiddleware,
@@ -192,7 +193,7 @@ function getCapabilities(accessLevel) {
192
193
  }
193
194
 
194
195
  // src/version.ts
195
- var SDK_VERSION = "3.2.1";
196
+ var SDK_VERSION = "3.3.0";
196
197
 
197
198
  // src/well-known.ts
198
199
  var CACHE_TTL_MS = 60 * 60 * 1e3;
@@ -610,7 +611,9 @@ async function verify(config, request) {
610
611
  // linking key (the sessionId-equivalent for anonymous callers).
611
612
  correlationId: apiResponse.correlationId,
612
613
  recommendation: apiResponse.recommendation,
613
- recommendationReasons: apiResponse.recommendationReasons
614
+ recommendationReasons: apiResponse.recommendationReasons,
615
+ stepUpApproval: apiResponse.stepUpApproval,
616
+ settlement: apiResponse.settlement
614
617
  };
615
618
  return result2;
616
619
  }
@@ -662,7 +665,9 @@ async function verify(config, request) {
662
665
  tokenGuidance: apiResponse.tokenGuidance,
663
666
  recommendation: apiResponse.recommendation,
664
667
  recommendationReasons: apiResponse.recommendationReasons,
665
- warningHeader: apiResponse.warningHeader
668
+ warningHeader: apiResponse.warningHeader,
669
+ stepUpApproval: apiResponse.stepUpApproval,
670
+ settlement: apiResponse.settlement
666
671
  };
667
672
  if (result.recommendation === "deny") {
668
673
  result.policyAllowed = false;
@@ -742,6 +747,68 @@ async function quickVerify(config, credentials) {
742
747
  };
743
748
  }
744
749
 
750
+ // src/adapters/approval-gate.ts
751
+ var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval. The agent owner can approve or deny this transaction in the AstraSync dashboard.";
752
+ function requiresHumanApproval(result) {
753
+ return result.requiresStepUp === true || result.requiresApproval === true;
754
+ }
755
+ function annotateApprovalRequired(result) {
756
+ result.failures = [
757
+ ...result.failures ?? [],
758
+ { dimension: "commerce.intent.approval_required", message: APPROVAL_REASON }
759
+ ];
760
+ result.denialReasons = [APPROVAL_REASON, ...result.denialReasons ?? []];
761
+ }
762
+
763
+ // src/settlement.ts
764
+ async function authorizeSettlement(config, req) {
765
+ if (typeof req.value !== "number" || !Number.isFinite(req.value) || req.value <= 0) {
766
+ return {
767
+ authorized: false,
768
+ recommendation: "deny",
769
+ reason: "No valid transaction value supplied to authorizeSettlement; settlement refused (fail-closed). Pass the merchant-priced cart total as `value`.",
770
+ failures: [
771
+ {
772
+ dimension: "commerce.settlement.value_missing",
773
+ message: "A positive, authoritative transaction value is required to authorize settlement."
774
+ }
775
+ ]
776
+ };
777
+ }
778
+ let result;
779
+ try {
780
+ result = await verify(config, {
781
+ credentials: { astraId: req.agentId },
782
+ purpose: req.purpose ?? "shopping",
783
+ action: req.action ?? "shopping.purchase",
784
+ transactionValue: req.value,
785
+ currency: req.currency
786
+ });
787
+ } catch (err) {
788
+ return {
789
+ authorized: false,
790
+ recommendation: "deny",
791
+ reason: `Settlement verification failed (${err instanceof Error ? err.message : String(err)}); settlement refused (fail-closed).`,
792
+ failures: [
793
+ {
794
+ dimension: "commerce.settlement.verify_error",
795
+ message: "verify-access could not be reached or returned an error; settlement is refused."
796
+ }
797
+ ]
798
+ };
799
+ }
800
+ const recommendation = result.recommendation;
801
+ const authorized = result.identityVerified === true && result.policyAllowed === true && !requiresHumanApproval(result) && (recommendation === void 0 || recommendation === "grant");
802
+ return {
803
+ authorized,
804
+ recommendation,
805
+ reason: authorized ? void 0 : result.denialReasons?.[0] ?? (requiresHumanApproval(result) ? "Transaction is above the autonomous limit and requires human approval; settlement cannot be authorized automatically." : "Settlement not authorized by the agent's PDLSS limits."),
806
+ failures: result.failures,
807
+ correlationId: result.correlationId,
808
+ stepUpApproval: requiresHumanApproval(result) ? result.stepUpApproval : void 0
809
+ };
810
+ }
811
+
745
812
  // src/adapters/express.ts
746
813
  var express_exports = {};
747
814
  __export(express_exports, {
@@ -898,19 +965,6 @@ function resolveHttpPdlss(input) {
898
965
  return { purpose, action, purposeSource, actionSource };
899
966
  }
900
967
 
901
- // src/adapters/approval-gate.ts
902
- var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval, which is not yet available \u2014 it cannot be completed automatically.";
903
- function requiresHumanApproval(result) {
904
- return result.requiresStepUp === true || result.requiresApproval === true;
905
- }
906
- function annotateApprovalRequired(result) {
907
- result.failures = [
908
- ...result.failures ?? [],
909
- { dimension: "commerce.intent.approval_required", message: APPROVAL_REASON }
910
- ];
911
- result.denialReasons = [APPROVAL_REASON, ...result.denialReasons ?? []];
912
- }
913
-
914
968
  // src/pdlss-pre-check.ts
915
969
  function performCounterpartyPreCheck(routeConfig, astraCreds, purpose) {
916
970
  const failures = [];
@@ -1038,7 +1092,8 @@ function defaultOnDenied(result, _req, res) {
1038
1092
  guidance: result.guidance,
1039
1093
  // Round-10: aggregated per-dimension detail + correlation handle.
1040
1094
  failures: result.failures,
1041
- correlationId: result.correlationId
1095
+ correlationId: result.correlationId,
1096
+ stepUpApproval: result.stepUpApproval
1042
1097
  }
1043
1098
  });
1044
1099
  }
@@ -1688,7 +1743,8 @@ function createMiddleware2(options) {
1688
1743
  code: !result.identityVerified ? "UNAUTHORIZED" : "POLICY_DENIED",
1689
1744
  message: result.denialReasons?.[0] || "Access denied",
1690
1745
  guidance: result.guidance,
1691
- failures: result.failures
1746
+ failures: result.failures,
1747
+ stepUpApproval: result.stepUpApproval
1692
1748
  }
1693
1749
  },
1694
1750
  { status: !result.identityVerified ? 401 : 403 }
@@ -4588,7 +4644,8 @@ function defaultMcpDenied(result, req, res) {
4588
4644
  guidance: result.guidance,
4589
4645
  // Round-10: aggregated per-dimension detail + correlation handle.
4590
4646
  failures: result.failures,
4591
- correlationId: result.correlationId
4647
+ correlationId: result.correlationId,
4648
+ stepUpApproval: result.stepUpApproval
4592
4649
  }
4593
4650
  }
4594
4651
  });
@@ -5516,7 +5573,7 @@ async function recordDecision2(config, params) {
5516
5573
  }
5517
5574
 
5518
5575
  // src/index.ts
5519
- var VERSION = "2.0.0";
5576
+ var VERSION = "3.4.0";
5520
5577
  // Annotate the CommonJS export names for ESM import in node:
5521
5578
  0 && (module.exports = {
5522
5579
  ACCESS_LEVEL_DESCRIPTIONS,
@@ -5534,6 +5591,7 @@ var VERSION = "2.0.0";
5534
5591
  TRUST_LEVEL_RANGES,
5535
5592
  VERSION,
5536
5593
  agent,
5594
+ authorizeSettlement,
5537
5595
  buildGuidance,
5538
5596
  clearCache,
5539
5597
  createMcpMiddleware,