@astrasyncai/verification-gateway 3.3.0 → 3.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +86 -0
- package/dist/adapter-interface/interface.d.mts +2 -2
- package/dist/adapter-interface/interface.d.ts +2 -2
- package/dist/adapters/express.d.mts +2 -2
- package/dist/adapters/express.d.ts +2 -2
- package/dist/adapters/express.js +27 -5
- package/dist/adapters/express.js.map +1 -1
- package/dist/adapters/express.mjs +27 -5
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/mcp.d.mts +1 -1
- package/dist/adapters/mcp.d.ts +1 -1
- package/dist/adapters/mcp.js +10 -5
- package/dist/adapters/mcp.js.map +1 -1
- package/dist/adapters/mcp.mjs +10 -5
- package/dist/adapters/mcp.mjs.map +1 -1
- package/dist/adapters/nextjs.d.mts +2 -2
- package/dist/adapters/nextjs.d.ts +2 -2
- package/dist/adapters/nextjs.js +10 -5
- package/dist/adapters/nextjs.js.map +1 -1
- package/dist/adapters/nextjs.mjs +10 -5
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/adapters/sdk.d.mts +2 -2
- package/dist/adapters/sdk.d.ts +2 -2
- package/dist/adapters/sdk.js +7 -3
- package/dist/adapters/sdk.js.map +1 -1
- package/dist/adapters/sdk.mjs +7 -3
- package/dist/adapters/sdk.mjs.map +1 -1
- package/dist/agent/index.d.mts +2 -2
- package/dist/agent/index.d.ts +2 -2
- package/dist/browser/background.js +2814 -2343
- package/dist/browser/background.js.map +1 -1
- package/dist/browser/background.mjs +2814 -2343
- package/dist/browser/background.mjs.map +1 -1
- package/dist/browser/browser-adapter.d.mts +2 -2
- package/dist/browser/browser-adapter.d.ts +2 -2
- package/dist/cli/index.d.mts +2 -2
- package/dist/cli/index.d.ts +2 -2
- package/dist/cli/index.js +2813 -2346
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/index.mjs +2813 -2346
- package/dist/cli/index.mjs.map +1 -1
- package/dist/cursor/cursor-adapter.d.mts +2 -2
- package/dist/cursor/cursor-adapter.d.ts +2 -2
- package/dist/cursor/extension.d.mts +2 -2
- package/dist/cursor/extension.d.ts +2 -2
- package/dist/cursor/extension.js +2815 -2344
- package/dist/cursor/extension.js.map +1 -1
- package/dist/cursor/extension.mjs +2817 -2346
- package/dist/cursor/extension.mjs.map +1 -1
- package/dist/{express-DAOTESQo.d.mts → express-BH5ADAyb.d.mts} +1 -1
- package/dist/{express-Lb8-Ybio.d.ts → express-jUzLIoep.d.ts} +1 -1
- package/dist/gateway/gateway.d.mts +2 -2
- package/dist/gateway/gateway.d.ts +2 -2
- package/dist/gateway/gateway.js +2814 -2343
- package/dist/gateway/gateway.js.map +1 -1
- package/dist/gateway/gateway.mjs +2816 -2345
- package/dist/gateway/gateway.mjs.map +1 -1
- package/dist/git-trigger/git-hooks.d.mts +2 -2
- package/dist/git-trigger/git-hooks.d.ts +2 -2
- package/dist/{index-kxLJ873R.d.mts → index-BR2nmxBU.d.mts} +5 -1
- package/dist/{index-E3fAidVt.d.ts → index-DEixUCu0.d.ts} +5 -1
- package/dist/{index-DFwfHOGj.d.ts → index-DlCnmpJH.d.ts} +1 -1
- package/dist/{index-BLeiWFLu.d.mts → index-aZHAWujT.d.mts} +1 -1
- package/dist/index.d.mts +11 -9
- package/dist/index.d.ts +11 -9
- package/dist/index.js +56 -13
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +56 -13
- package/dist/index.mjs.map +1 -1
- package/dist/local-evaluator/evaluator.d.mts +2 -2
- package/dist/local-evaluator/evaluator.d.ts +2 -2
- package/dist/{nextjs-BXK0nD73.d.ts → nextjs-DfXOd0Au.d.ts} +1 -1
- package/dist/{nextjs-CFQ_KDFf.d.mts → nextjs-LTeoPqMH.d.mts} +1 -1
- package/dist/{sdk-D1MuiiNz.d.mts → sdk-DKhwVL9X.d.mts} +1 -1
- package/dist/{sdk-C7qAfpGB.d.ts → sdk-LmvyDVpL.d.ts} +1 -1
- package/dist/transport/index.d.mts +2 -2
- package/dist/transport/index.d.ts +2 -2
- package/dist/transport/index.js +22 -4
- package/dist/transport/index.js.map +1 -1
- package/dist/transport/index.mjs +22 -4
- package/dist/transport/index.mjs.map +1 -1
- package/dist/{types-ClvUqrEm.d.mts → types-C8HyQEaz.d.mts} +1 -1
- package/dist/{types-B_wnd7ZX.d.mts → types-DrDIouvO.d.mts} +54 -3
- package/dist/{types-B_wnd7ZX.d.ts → types-DrDIouvO.d.ts} +54 -3
- package/dist/{types-B6uD4jAI.d.ts → types-xofemo0G.d.ts} +1 -1
- package/dist/ui/index.d.mts +1 -1
- package/dist/ui/index.d.ts +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -409,6 +409,61 @@ interface VerificationResult {
|
|
|
409
409
|
}
|
|
410
410
|
```
|
|
411
411
|
|
|
412
|
+
## Settlement Authorization
|
|
413
|
+
|
|
414
|
+
For direct-path merchants settling a priced cart, call `authorizeSettlement()` **after** pricing — the middleware only verifies identity/access, not the transaction value:
|
|
415
|
+
|
|
416
|
+
```typescript
|
|
417
|
+
import { authorizeSettlement } from '@astrasyncai/verification-gateway';
|
|
418
|
+
|
|
419
|
+
const decision = await authorizeSettlement(config, {
|
|
420
|
+
agentId: req.agentVerification.agent.astraId,
|
|
421
|
+
value: cart.total, // YOUR authoritative priced total, never agent-supplied
|
|
422
|
+
currency: 'USD',
|
|
423
|
+
});
|
|
424
|
+
|
|
425
|
+
if (!decision.authorized) {
|
|
426
|
+
// decision.stepUpApproval?.pollUrl — if in the approval band, the owner can approve
|
|
427
|
+
return res.status(402).json({ error: decision.reason, stepUpApproval: decision.stepUpApproval });
|
|
428
|
+
}
|
|
429
|
+
// Safe to settle
|
|
430
|
+
```
|
|
431
|
+
|
|
432
|
+
## Step-Up Approval
|
|
433
|
+
|
|
434
|
+
When a transaction value is between the agent's Autonomous Limit and Hard Limit, verify-access returns `stepUpApproval` on the result:
|
|
435
|
+
|
|
436
|
+
```typescript
|
|
437
|
+
interface StepUpApprovalInfo {
|
|
438
|
+
approvalId: string; // Capability token (UUID)
|
|
439
|
+
pollUrl: string; // GET /api/step-up-approvals/poll/:approvalId
|
|
440
|
+
expiresAt: string; // ISO-8601, 5-minute TTL
|
|
441
|
+
}
|
|
442
|
+
```
|
|
443
|
+
|
|
444
|
+
Poll the `pollUrl` (unauthenticated, rate-limited 60 req/min) to check if the owner approved. The `getApprovalPollingInfo(result)` helper extracts it from a `VerificationResult`.
|
|
445
|
+
|
|
446
|
+
## Settlement Artifacts
|
|
447
|
+
|
|
448
|
+
On a clean merchant-mediated grant where the owner has a verified payment instrument, verify-access returns a `settlement` object:
|
|
449
|
+
|
|
450
|
+
```typescript
|
|
451
|
+
interface SettlementArtifact {
|
|
452
|
+
type: string; // e.g. "stablecoin_voucher"
|
|
453
|
+
artifact: string; // JWS compact-serialised (ES256)
|
|
454
|
+
binding: {
|
|
455
|
+
merchantId: string;
|
|
456
|
+
amount: number;
|
|
457
|
+
currency: string;
|
|
458
|
+
sessionId: string;
|
|
459
|
+
singleUse: true;
|
|
460
|
+
expiresAt: string;
|
|
461
|
+
};
|
|
462
|
+
}
|
|
463
|
+
```
|
|
464
|
+
|
|
465
|
+
Verify vouchers server-side via `POST /api/wallets/voucher/verify` or fetch the signing keys from `GET /api/wallets/voucher/.well-known/jwks.json`.
|
|
466
|
+
|
|
412
467
|
## Configuration
|
|
413
468
|
|
|
414
469
|
```typescript
|
|
@@ -494,6 +549,37 @@ Pre-v2.4.2 used the value `pass-through` — renamed in v2.4.2 to disambiguate "
|
|
|
494
549
|
|
|
495
550
|
## Changelog
|
|
496
551
|
|
|
552
|
+
### v3.4.0 — Type alignment for LMAX settlement + step-up approval
|
|
553
|
+
|
|
554
|
+
- `StepUpApprovalInfo` and `SettlementArtifact` interfaces added to `VerificationResult`
|
|
555
|
+
- `stepUpApproval` surfaced in Express/MCP/Next.js adapter deny response bodies
|
|
556
|
+
- `SettlementDecision` carries `stepUpApproval` on step-up denials via `authorizeSettlement()`
|
|
557
|
+
- `getApprovalPollingInfo()` simplified — typed field, no more `unknown` casts
|
|
558
|
+
- `Attestation.checkedAt` (required) — merchant freshness gate timestamp
|
|
559
|
+
- `VERSION` constant updated to `3.4.0`
|
|
560
|
+
|
|
561
|
+
### v3.3.0 — Direct-path value enforcement
|
|
562
|
+
|
|
563
|
+
- `authorizeSettlement(config, { agentId, value, currency })` — fail-closed settlement gate for direct-path merchants
|
|
564
|
+
- `restrictions` surfaces `approvalThreshold` (enforced per-tx) and `maxPerPeriod` (not yet enforced)
|
|
565
|
+
- ASCII-safe agent-facing strings
|
|
566
|
+
|
|
567
|
+
### v3.2.1 — Platform-agent go-live readiness
|
|
568
|
+
|
|
569
|
+
- Canonical PDLSS limits terminology (`autonomousThreshold`, `approvalThreshold`)
|
|
570
|
+
- Step-up/approval fail-closed in Express/MCP/Next.js adapters via `approval-gate.ts`
|
|
571
|
+
|
|
572
|
+
### v3.2.0 — Commerce observability
|
|
573
|
+
|
|
574
|
+
- Access-level band no longer gates (informational only); `requiresStepUp` carries the signal
|
|
575
|
+
- Trust score redacted from agent-facing responses
|
|
576
|
+
- Cross-merchant cache key fix
|
|
577
|
+
|
|
578
|
+
### v3.1.0 — Canonical PDLSS vocabulary (Bug 14)
|
|
579
|
+
|
|
580
|
+
- Two-axis purpose/action chains with dotted action tokens
|
|
581
|
+
- Route send-mapping for tool→semantic-action translation
|
|
582
|
+
|
|
497
583
|
### v2.4.6 — Round-14 partner integration testing
|
|
498
584
|
|
|
499
585
|
**⚠️ BREAKING CHANGE — `endpointUrl` → `counterpartyUrl` on `POST /api/endpoints` AND `PUT /api/endpoints/{id}`**
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { AstraSyncGateway } from '../gateway/gateway.mjs';
|
|
2
|
-
import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-
|
|
3
|
-
import '../types-
|
|
2
|
+
import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-C8HyQEaz.mjs';
|
|
3
|
+
import '../types-DrDIouvO.mjs';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* PlatformAdapter Interface
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { AstraSyncGateway } from '../gateway/gateway.js';
|
|
2
|
-
import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-
|
|
3
|
-
import '../types-
|
|
2
|
+
import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-xofemo0G.js';
|
|
3
|
+
import '../types-DrDIouvO.js';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* PlatformAdapter Interface
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import 'express';
|
|
2
|
-
import '../types-
|
|
3
|
-
export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-
|
|
2
|
+
import '../types-DrDIouvO.mjs';
|
|
3
|
+
export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-BH5ADAyb.mjs';
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import 'express';
|
|
2
|
-
import '../types-
|
|
3
|
-
export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-
|
|
2
|
+
import '../types-DrDIouvO.js';
|
|
3
|
+
export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-jUzLIoep.js';
|
package/dist/adapters/express.js
CHANGED
|
@@ -34,7 +34,7 @@ function getTrustLevel(score) {
|
|
|
34
34
|
}
|
|
35
35
|
|
|
36
36
|
// src/version.ts
|
|
37
|
-
var SDK_VERSION = "3.
|
|
37
|
+
var SDK_VERSION = "3.5.0";
|
|
38
38
|
|
|
39
39
|
// src/well-known.ts
|
|
40
40
|
var CACHE_TTL_MS = 60 * 60 * 1e3;
|
|
@@ -446,7 +446,9 @@ async function verify(config, request) {
|
|
|
446
446
|
// linking key (the sessionId-equivalent for anonymous callers).
|
|
447
447
|
correlationId: apiResponse.correlationId,
|
|
448
448
|
recommendation: apiResponse.recommendation,
|
|
449
|
-
recommendationReasons: apiResponse.recommendationReasons
|
|
449
|
+
recommendationReasons: apiResponse.recommendationReasons,
|
|
450
|
+
stepUpApproval: apiResponse.stepUpApproval,
|
|
451
|
+
settlement: apiResponse.settlement
|
|
450
452
|
};
|
|
451
453
|
return result2;
|
|
452
454
|
}
|
|
@@ -498,7 +500,9 @@ async function verify(config, request) {
|
|
|
498
500
|
tokenGuidance: apiResponse.tokenGuidance,
|
|
499
501
|
recommendation: apiResponse.recommendation,
|
|
500
502
|
recommendationReasons: apiResponse.recommendationReasons,
|
|
501
|
-
warningHeader: apiResponse.warningHeader
|
|
503
|
+
warningHeader: apiResponse.warningHeader,
|
|
504
|
+
stepUpApproval: apiResponse.stepUpApproval,
|
|
505
|
+
settlement: apiResponse.settlement
|
|
502
506
|
};
|
|
503
507
|
if (result.recommendation === "deny") {
|
|
504
508
|
result.policyAllowed = false;
|
|
@@ -692,7 +696,7 @@ function resolveHttpPdlss(input) {
|
|
|
692
696
|
}
|
|
693
697
|
|
|
694
698
|
// src/adapters/approval-gate.ts
|
|
695
|
-
var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval
|
|
699
|
+
var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval. The agent owner can approve or deny this transaction in the AstraSync dashboard.";
|
|
696
700
|
function requiresHumanApproval(result) {
|
|
697
701
|
return result.requiresStepUp === true || result.requiresApproval === true;
|
|
698
702
|
}
|
|
@@ -831,7 +835,8 @@ function defaultOnDenied(result, _req, res) {
|
|
|
831
835
|
guidance: result.guidance,
|
|
832
836
|
// Round-10: aggregated per-dimension detail + correlation handle.
|
|
833
837
|
failures: result.failures,
|
|
834
|
-
correlationId: result.correlationId
|
|
838
|
+
correlationId: result.correlationId,
|
|
839
|
+
stepUpApproval: result.stepUpApproval
|
|
835
840
|
}
|
|
836
841
|
});
|
|
837
842
|
}
|
|
@@ -981,6 +986,21 @@ function createMiddleware(options) {
|
|
|
981
986
|
);
|
|
982
987
|
}
|
|
983
988
|
const agentCardUrl = typeof req.headers["x-astrasync-agent-card"] === "string" ? req.headers["x-astrasync-agent-card"] : void 0;
|
|
989
|
+
let txValue;
|
|
990
|
+
let txCurrency;
|
|
991
|
+
if (config.extractTransactionValue) {
|
|
992
|
+
try {
|
|
993
|
+
const extracted = config.extractTransactionValue(req);
|
|
994
|
+
if (extracted) {
|
|
995
|
+
txValue = extracted.value;
|
|
996
|
+
txCurrency = extracted.currency;
|
|
997
|
+
}
|
|
998
|
+
} catch (e) {
|
|
999
|
+
if (config.debug) {
|
|
1000
|
+
console.warn("[VerificationGateway] extractTransactionValue threw:", e);
|
|
1001
|
+
}
|
|
1002
|
+
}
|
|
1003
|
+
}
|
|
984
1004
|
const result = await verify(config, {
|
|
985
1005
|
credentials,
|
|
986
1006
|
purpose,
|
|
@@ -991,6 +1011,8 @@ function createMiddleware(options) {
|
|
|
991
1011
|
counterpartyType: config.counterpartyType || "api",
|
|
992
1012
|
enableRuntimeChallenge,
|
|
993
1013
|
durationRequired: astraCreds?.pdlss?.duration?.maxSessionDuration,
|
|
1014
|
+
...txValue !== void 0 && { transactionValue: txValue },
|
|
1015
|
+
...txCurrency && { currency: txCurrency },
|
|
994
1016
|
callerMetadata: {
|
|
995
1017
|
sourceIp: originalClientIp,
|
|
996
1018
|
userAgent: req.headers["user-agent"],
|