@astrasyncai/verification-gateway 3.3.0 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (88) hide show
  1. package/README.md +86 -0
  2. package/dist/adapter-interface/interface.d.mts +2 -2
  3. package/dist/adapter-interface/interface.d.ts +2 -2
  4. package/dist/adapters/express.d.mts +2 -2
  5. package/dist/adapters/express.d.ts +2 -2
  6. package/dist/adapters/express.js +27 -5
  7. package/dist/adapters/express.js.map +1 -1
  8. package/dist/adapters/express.mjs +27 -5
  9. package/dist/adapters/express.mjs.map +1 -1
  10. package/dist/adapters/mcp.d.mts +1 -1
  11. package/dist/adapters/mcp.d.ts +1 -1
  12. package/dist/adapters/mcp.js +10 -5
  13. package/dist/adapters/mcp.js.map +1 -1
  14. package/dist/adapters/mcp.mjs +10 -5
  15. package/dist/adapters/mcp.mjs.map +1 -1
  16. package/dist/adapters/nextjs.d.mts +2 -2
  17. package/dist/adapters/nextjs.d.ts +2 -2
  18. package/dist/adapters/nextjs.js +10 -5
  19. package/dist/adapters/nextjs.js.map +1 -1
  20. package/dist/adapters/nextjs.mjs +10 -5
  21. package/dist/adapters/nextjs.mjs.map +1 -1
  22. package/dist/adapters/sdk.d.mts +2 -2
  23. package/dist/adapters/sdk.d.ts +2 -2
  24. package/dist/adapters/sdk.js +7 -3
  25. package/dist/adapters/sdk.js.map +1 -1
  26. package/dist/adapters/sdk.mjs +7 -3
  27. package/dist/adapters/sdk.mjs.map +1 -1
  28. package/dist/agent/index.d.mts +2 -2
  29. package/dist/agent/index.d.ts +2 -2
  30. package/dist/browser/background.js +2814 -2343
  31. package/dist/browser/background.js.map +1 -1
  32. package/dist/browser/background.mjs +2814 -2343
  33. package/dist/browser/background.mjs.map +1 -1
  34. package/dist/browser/browser-adapter.d.mts +2 -2
  35. package/dist/browser/browser-adapter.d.ts +2 -2
  36. package/dist/cli/index.d.mts +2 -2
  37. package/dist/cli/index.d.ts +2 -2
  38. package/dist/cli/index.js +2813 -2346
  39. package/dist/cli/index.js.map +1 -1
  40. package/dist/cli/index.mjs +2813 -2346
  41. package/dist/cli/index.mjs.map +1 -1
  42. package/dist/cursor/cursor-adapter.d.mts +2 -2
  43. package/dist/cursor/cursor-adapter.d.ts +2 -2
  44. package/dist/cursor/extension.d.mts +2 -2
  45. package/dist/cursor/extension.d.ts +2 -2
  46. package/dist/cursor/extension.js +2815 -2344
  47. package/dist/cursor/extension.js.map +1 -1
  48. package/dist/cursor/extension.mjs +2817 -2346
  49. package/dist/cursor/extension.mjs.map +1 -1
  50. package/dist/{express-DAOTESQo.d.mts → express-BH5ADAyb.d.mts} +1 -1
  51. package/dist/{express-Lb8-Ybio.d.ts → express-jUzLIoep.d.ts} +1 -1
  52. package/dist/gateway/gateway.d.mts +2 -2
  53. package/dist/gateway/gateway.d.ts +2 -2
  54. package/dist/gateway/gateway.js +2814 -2343
  55. package/dist/gateway/gateway.js.map +1 -1
  56. package/dist/gateway/gateway.mjs +2816 -2345
  57. package/dist/gateway/gateway.mjs.map +1 -1
  58. package/dist/git-trigger/git-hooks.d.mts +2 -2
  59. package/dist/git-trigger/git-hooks.d.ts +2 -2
  60. package/dist/{index-kxLJ873R.d.mts → index-BR2nmxBU.d.mts} +5 -1
  61. package/dist/{index-E3fAidVt.d.ts → index-DEixUCu0.d.ts} +5 -1
  62. package/dist/{index-DFwfHOGj.d.ts → index-DlCnmpJH.d.ts} +1 -1
  63. package/dist/{index-BLeiWFLu.d.mts → index-aZHAWujT.d.mts} +1 -1
  64. package/dist/index.d.mts +11 -9
  65. package/dist/index.d.ts +11 -9
  66. package/dist/index.js +56 -13
  67. package/dist/index.js.map +1 -1
  68. package/dist/index.mjs +56 -13
  69. package/dist/index.mjs.map +1 -1
  70. package/dist/local-evaluator/evaluator.d.mts +2 -2
  71. package/dist/local-evaluator/evaluator.d.ts +2 -2
  72. package/dist/{nextjs-BXK0nD73.d.ts → nextjs-DfXOd0Au.d.ts} +1 -1
  73. package/dist/{nextjs-CFQ_KDFf.d.mts → nextjs-LTeoPqMH.d.mts} +1 -1
  74. package/dist/{sdk-D1MuiiNz.d.mts → sdk-DKhwVL9X.d.mts} +1 -1
  75. package/dist/{sdk-C7qAfpGB.d.ts → sdk-LmvyDVpL.d.ts} +1 -1
  76. package/dist/transport/index.d.mts +2 -2
  77. package/dist/transport/index.d.ts +2 -2
  78. package/dist/transport/index.js +22 -4
  79. package/dist/transport/index.js.map +1 -1
  80. package/dist/transport/index.mjs +22 -4
  81. package/dist/transport/index.mjs.map +1 -1
  82. package/dist/{types-ClvUqrEm.d.mts → types-C8HyQEaz.d.mts} +1 -1
  83. package/dist/{types-B_wnd7ZX.d.mts → types-DrDIouvO.d.mts} +54 -3
  84. package/dist/{types-B_wnd7ZX.d.ts → types-DrDIouvO.d.ts} +54 -3
  85. package/dist/{types-B6uD4jAI.d.ts → types-xofemo0G.d.ts} +1 -1
  86. package/dist/ui/index.d.mts +1 -1
  87. package/dist/ui/index.d.ts +1 -1
  88. package/package.json +1 -1
package/README.md CHANGED
@@ -409,6 +409,61 @@ interface VerificationResult {
409
409
  }
410
410
  ```
411
411
 
412
+ ## Settlement Authorization
413
+
414
+ For direct-path merchants settling a priced cart, call `authorizeSettlement()` **after** pricing — the middleware only verifies identity/access, not the transaction value:
415
+
416
+ ```typescript
417
+ import { authorizeSettlement } from '@astrasyncai/verification-gateway';
418
+
419
+ const decision = await authorizeSettlement(config, {
420
+ agentId: req.agentVerification.agent.astraId,
421
+ value: cart.total, // YOUR authoritative priced total, never agent-supplied
422
+ currency: 'USD',
423
+ });
424
+
425
+ if (!decision.authorized) {
426
+ // decision.stepUpApproval?.pollUrl — if in the approval band, the owner can approve
427
+ return res.status(402).json({ error: decision.reason, stepUpApproval: decision.stepUpApproval });
428
+ }
429
+ // Safe to settle
430
+ ```
431
+
432
+ ## Step-Up Approval
433
+
434
+ When a transaction value is between the agent's Autonomous Limit and Hard Limit, verify-access returns `stepUpApproval` on the result:
435
+
436
+ ```typescript
437
+ interface StepUpApprovalInfo {
438
+ approvalId: string; // Capability token (UUID)
439
+ pollUrl: string; // GET /api/step-up-approvals/poll/:approvalId
440
+ expiresAt: string; // ISO-8601, 5-minute TTL
441
+ }
442
+ ```
443
+
444
+ Poll the `pollUrl` (unauthenticated, rate-limited 60 req/min) to check if the owner approved. The `getApprovalPollingInfo(result)` helper extracts it from a `VerificationResult`.
445
+
446
+ ## Settlement Artifacts
447
+
448
+ On a clean merchant-mediated grant where the owner has a verified payment instrument, verify-access returns a `settlement` object:
449
+
450
+ ```typescript
451
+ interface SettlementArtifact {
452
+ type: string; // e.g. "stablecoin_voucher"
453
+ artifact: string; // JWS compact-serialised (ES256)
454
+ binding: {
455
+ merchantId: string;
456
+ amount: number;
457
+ currency: string;
458
+ sessionId: string;
459
+ singleUse: true;
460
+ expiresAt: string;
461
+ };
462
+ }
463
+ ```
464
+
465
+ Verify vouchers server-side via `POST /api/wallets/voucher/verify` or fetch the signing keys from `GET /api/wallets/voucher/.well-known/jwks.json`.
466
+
412
467
  ## Configuration
413
468
 
414
469
  ```typescript
@@ -494,6 +549,37 @@ Pre-v2.4.2 used the value `pass-through` — renamed in v2.4.2 to disambiguate "
494
549
 
495
550
  ## Changelog
496
551
 
552
+ ### v3.4.0 — Type alignment for LMAX settlement + step-up approval
553
+
554
+ - `StepUpApprovalInfo` and `SettlementArtifact` interfaces added to `VerificationResult`
555
+ - `stepUpApproval` surfaced in Express/MCP/Next.js adapter deny response bodies
556
+ - `SettlementDecision` carries `stepUpApproval` on step-up denials via `authorizeSettlement()`
557
+ - `getApprovalPollingInfo()` simplified — typed field, no more `unknown` casts
558
+ - `Attestation.checkedAt` (required) — merchant freshness gate timestamp
559
+ - `VERSION` constant updated to `3.4.0`
560
+
561
+ ### v3.3.0 — Direct-path value enforcement
562
+
563
+ - `authorizeSettlement(config, { agentId, value, currency })` — fail-closed settlement gate for direct-path merchants
564
+ - `restrictions` surfaces `approvalThreshold` (enforced per-tx) and `maxPerPeriod` (not yet enforced)
565
+ - ASCII-safe agent-facing strings
566
+
567
+ ### v3.2.1 — Platform-agent go-live readiness
568
+
569
+ - Canonical PDLSS limits terminology (`autonomousThreshold`, `approvalThreshold`)
570
+ - Step-up/approval fail-closed in Express/MCP/Next.js adapters via `approval-gate.ts`
571
+
572
+ ### v3.2.0 — Commerce observability
573
+
574
+ - Access-level band no longer gates (informational only); `requiresStepUp` carries the signal
575
+ - Trust score redacted from agent-facing responses
576
+ - Cross-merchant cache key fix
577
+
578
+ ### v3.1.0 — Canonical PDLSS vocabulary (Bug 14)
579
+
580
+ - Two-axis purpose/action chains with dotted action tokens
581
+ - Route send-mapping for tool→semantic-action translation
582
+
497
583
  ### v2.4.6 — Round-14 partner integration testing
498
584
 
499
585
  **⚠️ BREAKING CHANGE — `endpointUrl` → `counterpartyUrl` on `POST /api/endpoints` AND `PUT /api/endpoints/{id}`**
@@ -1,6 +1,6 @@
1
1
  import { AstraSyncGateway } from '../gateway/gateway.mjs';
2
- import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-ClvUqrEm.mjs';
3
- import '../types-B_wnd7ZX.mjs';
2
+ import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-C8HyQEaz.mjs';
3
+ import '../types-DrDIouvO.mjs';
4
4
 
5
5
  /**
6
6
  * PlatformAdapter Interface
@@ -1,6 +1,6 @@
1
1
  import { AstraSyncGateway } from '../gateway/gateway.js';
2
- import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-B6uD4jAI.js';
3
- import '../types-B_wnd7ZX.js';
2
+ import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-xofemo0G.js';
3
+ import '../types-DrDIouvO.js';
4
4
 
5
5
  /**
6
6
  * PlatformAdapter Interface
@@ -1,3 +1,3 @@
1
1
  import 'express';
2
- import '../types-B_wnd7ZX.mjs';
3
- export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-DAOTESQo.mjs';
2
+ import '../types-DrDIouvO.mjs';
3
+ export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-BH5ADAyb.mjs';
@@ -1,3 +1,3 @@
1
1
  import 'express';
2
- import '../types-B_wnd7ZX.js';
3
- export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-Lb8-Ybio.js';
2
+ import '../types-DrDIouvO.js';
3
+ export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-jUzLIoep.js';
@@ -34,7 +34,7 @@ function getTrustLevel(score) {
34
34
  }
35
35
 
36
36
  // src/version.ts
37
- var SDK_VERSION = "3.3.0";
37
+ var SDK_VERSION = "3.5.0";
38
38
 
39
39
  // src/well-known.ts
40
40
  var CACHE_TTL_MS = 60 * 60 * 1e3;
@@ -446,7 +446,9 @@ async function verify(config, request) {
446
446
  // linking key (the sessionId-equivalent for anonymous callers).
447
447
  correlationId: apiResponse.correlationId,
448
448
  recommendation: apiResponse.recommendation,
449
- recommendationReasons: apiResponse.recommendationReasons
449
+ recommendationReasons: apiResponse.recommendationReasons,
450
+ stepUpApproval: apiResponse.stepUpApproval,
451
+ settlement: apiResponse.settlement
450
452
  };
451
453
  return result2;
452
454
  }
@@ -498,7 +500,9 @@ async function verify(config, request) {
498
500
  tokenGuidance: apiResponse.tokenGuidance,
499
501
  recommendation: apiResponse.recommendation,
500
502
  recommendationReasons: apiResponse.recommendationReasons,
501
- warningHeader: apiResponse.warningHeader
503
+ warningHeader: apiResponse.warningHeader,
504
+ stepUpApproval: apiResponse.stepUpApproval,
505
+ settlement: apiResponse.settlement
502
506
  };
503
507
  if (result.recommendation === "deny") {
504
508
  result.policyAllowed = false;
@@ -692,7 +696,7 @@ function resolveHttpPdlss(input) {
692
696
  }
693
697
 
694
698
  // src/adapters/approval-gate.ts
695
- var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval, which is not yet available - it cannot be completed automatically.";
699
+ var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval. The agent owner can approve or deny this transaction in the AstraSync dashboard.";
696
700
  function requiresHumanApproval(result) {
697
701
  return result.requiresStepUp === true || result.requiresApproval === true;
698
702
  }
@@ -831,7 +835,8 @@ function defaultOnDenied(result, _req, res) {
831
835
  guidance: result.guidance,
832
836
  // Round-10: aggregated per-dimension detail + correlation handle.
833
837
  failures: result.failures,
834
- correlationId: result.correlationId
838
+ correlationId: result.correlationId,
839
+ stepUpApproval: result.stepUpApproval
835
840
  }
836
841
  });
837
842
  }
@@ -981,6 +986,21 @@ function createMiddleware(options) {
981
986
  );
982
987
  }
983
988
  const agentCardUrl = typeof req.headers["x-astrasync-agent-card"] === "string" ? req.headers["x-astrasync-agent-card"] : void 0;
989
+ let txValue;
990
+ let txCurrency;
991
+ if (config.extractTransactionValue) {
992
+ try {
993
+ const extracted = config.extractTransactionValue(req);
994
+ if (extracted) {
995
+ txValue = extracted.value;
996
+ txCurrency = extracted.currency;
997
+ }
998
+ } catch (e) {
999
+ if (config.debug) {
1000
+ console.warn("[VerificationGateway] extractTransactionValue threw:", e);
1001
+ }
1002
+ }
1003
+ }
984
1004
  const result = await verify(config, {
985
1005
  credentials,
986
1006
  purpose,
@@ -991,6 +1011,8 @@ function createMiddleware(options) {
991
1011
  counterpartyType: config.counterpartyType || "api",
992
1012
  enableRuntimeChallenge,
993
1013
  durationRequired: astraCreds?.pdlss?.duration?.maxSessionDuration,
1014
+ ...txValue !== void 0 && { transactionValue: txValue },
1015
+ ...txCurrency && { currency: txCurrency },
994
1016
  callerMetadata: {
995
1017
  sourceIp: originalClientIp,
996
1018
  userAgent: req.headers["user-agent"],