@astrasyncai/verification-gateway 3.3.0 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (88) hide show
  1. package/README.md +86 -0
  2. package/dist/adapter-interface/interface.d.mts +2 -2
  3. package/dist/adapter-interface/interface.d.ts +2 -2
  4. package/dist/adapters/express.d.mts +2 -2
  5. package/dist/adapters/express.d.ts +2 -2
  6. package/dist/adapters/express.js +27 -5
  7. package/dist/adapters/express.js.map +1 -1
  8. package/dist/adapters/express.mjs +27 -5
  9. package/dist/adapters/express.mjs.map +1 -1
  10. package/dist/adapters/mcp.d.mts +1 -1
  11. package/dist/adapters/mcp.d.ts +1 -1
  12. package/dist/adapters/mcp.js +10 -5
  13. package/dist/adapters/mcp.js.map +1 -1
  14. package/dist/adapters/mcp.mjs +10 -5
  15. package/dist/adapters/mcp.mjs.map +1 -1
  16. package/dist/adapters/nextjs.d.mts +2 -2
  17. package/dist/adapters/nextjs.d.ts +2 -2
  18. package/dist/adapters/nextjs.js +10 -5
  19. package/dist/adapters/nextjs.js.map +1 -1
  20. package/dist/adapters/nextjs.mjs +10 -5
  21. package/dist/adapters/nextjs.mjs.map +1 -1
  22. package/dist/adapters/sdk.d.mts +2 -2
  23. package/dist/adapters/sdk.d.ts +2 -2
  24. package/dist/adapters/sdk.js +7 -3
  25. package/dist/adapters/sdk.js.map +1 -1
  26. package/dist/adapters/sdk.mjs +7 -3
  27. package/dist/adapters/sdk.mjs.map +1 -1
  28. package/dist/agent/index.d.mts +2 -2
  29. package/dist/agent/index.d.ts +2 -2
  30. package/dist/browser/background.js +2814 -2343
  31. package/dist/browser/background.js.map +1 -1
  32. package/dist/browser/background.mjs +2814 -2343
  33. package/dist/browser/background.mjs.map +1 -1
  34. package/dist/browser/browser-adapter.d.mts +2 -2
  35. package/dist/browser/browser-adapter.d.ts +2 -2
  36. package/dist/cli/index.d.mts +2 -2
  37. package/dist/cli/index.d.ts +2 -2
  38. package/dist/cli/index.js +2813 -2346
  39. package/dist/cli/index.js.map +1 -1
  40. package/dist/cli/index.mjs +2813 -2346
  41. package/dist/cli/index.mjs.map +1 -1
  42. package/dist/cursor/cursor-adapter.d.mts +2 -2
  43. package/dist/cursor/cursor-adapter.d.ts +2 -2
  44. package/dist/cursor/extension.d.mts +2 -2
  45. package/dist/cursor/extension.d.ts +2 -2
  46. package/dist/cursor/extension.js +2815 -2344
  47. package/dist/cursor/extension.js.map +1 -1
  48. package/dist/cursor/extension.mjs +2817 -2346
  49. package/dist/cursor/extension.mjs.map +1 -1
  50. package/dist/{express-DAOTESQo.d.mts → express-BH5ADAyb.d.mts} +1 -1
  51. package/dist/{express-Lb8-Ybio.d.ts → express-jUzLIoep.d.ts} +1 -1
  52. package/dist/gateway/gateway.d.mts +2 -2
  53. package/dist/gateway/gateway.d.ts +2 -2
  54. package/dist/gateway/gateway.js +2814 -2343
  55. package/dist/gateway/gateway.js.map +1 -1
  56. package/dist/gateway/gateway.mjs +2816 -2345
  57. package/dist/gateway/gateway.mjs.map +1 -1
  58. package/dist/git-trigger/git-hooks.d.mts +2 -2
  59. package/dist/git-trigger/git-hooks.d.ts +2 -2
  60. package/dist/{index-kxLJ873R.d.mts → index-BR2nmxBU.d.mts} +5 -1
  61. package/dist/{index-E3fAidVt.d.ts → index-DEixUCu0.d.ts} +5 -1
  62. package/dist/{index-DFwfHOGj.d.ts → index-DlCnmpJH.d.ts} +1 -1
  63. package/dist/{index-BLeiWFLu.d.mts → index-aZHAWujT.d.mts} +1 -1
  64. package/dist/index.d.mts +11 -9
  65. package/dist/index.d.ts +11 -9
  66. package/dist/index.js +56 -13
  67. package/dist/index.js.map +1 -1
  68. package/dist/index.mjs +56 -13
  69. package/dist/index.mjs.map +1 -1
  70. package/dist/local-evaluator/evaluator.d.mts +2 -2
  71. package/dist/local-evaluator/evaluator.d.ts +2 -2
  72. package/dist/{nextjs-BXK0nD73.d.ts → nextjs-DfXOd0Au.d.ts} +1 -1
  73. package/dist/{nextjs-CFQ_KDFf.d.mts → nextjs-LTeoPqMH.d.mts} +1 -1
  74. package/dist/{sdk-D1MuiiNz.d.mts → sdk-DKhwVL9X.d.mts} +1 -1
  75. package/dist/{sdk-C7qAfpGB.d.ts → sdk-LmvyDVpL.d.ts} +1 -1
  76. package/dist/transport/index.d.mts +2 -2
  77. package/dist/transport/index.d.ts +2 -2
  78. package/dist/transport/index.js +22 -4
  79. package/dist/transport/index.js.map +1 -1
  80. package/dist/transport/index.mjs +22 -4
  81. package/dist/transport/index.mjs.map +1 -1
  82. package/dist/{types-ClvUqrEm.d.mts → types-C8HyQEaz.d.mts} +1 -1
  83. package/dist/{types-B_wnd7ZX.d.mts → types-DrDIouvO.d.mts} +54 -3
  84. package/dist/{types-B_wnd7ZX.d.ts → types-DrDIouvO.d.ts} +54 -3
  85. package/dist/{types-B6uD4jAI.d.ts → types-xofemo0G.d.ts} +1 -1
  86. package/dist/ui/index.d.mts +1 -1
  87. package/dist/ui/index.d.ts +1 -1
  88. package/package.json +1 -1
@@ -1,6 +1,6 @@
1
1
  import { AstraSyncGateway } from '../gateway/gateway.mjs';
2
- import { V as VerificationDecision, P as PDLSSContext } from '../types-ClvUqrEm.mjs';
3
- import '../types-B_wnd7ZX.mjs';
2
+ import { V as VerificationDecision, P as PDLSSContext } from '../types-C8HyQEaz.mjs';
3
+ import '../types-DrDIouvO.mjs';
4
4
 
5
5
  /**
6
6
  * Git Trigger — Enterprise git push / PR verification
@@ -1,6 +1,6 @@
1
1
  import { AstraSyncGateway } from '../gateway/gateway.js';
2
- import { V as VerificationDecision, P as PDLSSContext } from '../types-B6uD4jAI.js';
3
- import '../types-B_wnd7ZX.js';
2
+ import { V as VerificationDecision, P as PDLSSContext } from '../types-xofemo0G.js';
3
+ import '../types-DrDIouvO.js';
4
4
 
5
5
  /**
6
6
  * Git Trigger — Enterprise git push / PR verification
@@ -1,4 +1,4 @@
1
- import { c as AstraSyncCredentials, g as ProtocolTransport } from './types-B_wnd7ZX.mjs';
1
+ import { c as AstraSyncCredentials, g as ProtocolTransport } from './types-DrDIouvO.mjs';
2
2
  import { JWK } from 'jose';
3
3
 
4
4
  /**
@@ -96,6 +96,10 @@ interface TransactionValueContext {
96
96
  amount: number;
97
97
  currency: string;
98
98
  source: string;
99
+ /** When true, the amount is in raw atomic/minor units and could NOT be
100
+ * converted to major units (unknown token decimals). The limit engine
101
+ * must fail-closed — never compare raw units against major-unit limits. */
102
+ rawUnits?: boolean;
99
103
  }
100
104
  declare function extractUCPTransactionValue(input: {
101
105
  totals?: Array<{
@@ -1,4 +1,4 @@
1
- import { c as AstraSyncCredentials, g as ProtocolTransport } from './types-B_wnd7ZX.js';
1
+ import { c as AstraSyncCredentials, g as ProtocolTransport } from './types-DrDIouvO.js';
2
2
  import { JWK } from 'jose';
3
3
 
4
4
  /**
@@ -96,6 +96,10 @@ interface TransactionValueContext {
96
96
  amount: number;
97
97
  currency: string;
98
98
  source: string;
99
+ /** When true, the amount is in raw atomic/minor units and could NOT be
100
+ * converted to major units (unknown token decimals). The limit engine
101
+ * must fail-closed — never compare raw units against major-unit limits. */
102
+ rawUnits?: boolean;
99
103
  }
100
104
  declare function extractUCPTransactionValue(input: {
101
105
  totals?: Array<{
@@ -1,4 +1,4 @@
1
- import { c as AstraSyncCredentials, g as ProtocolTransport, G as GatewayConfig } from './types-B_wnd7ZX.js';
1
+ import { c as AstraSyncCredentials, g as ProtocolTransport, G as GatewayConfig } from './types-DrDIouvO.js';
2
2
 
3
3
  /**
4
4
  * AgentClient — Credential Presentation
@@ -1,4 +1,4 @@
1
- import { c as AstraSyncCredentials, g as ProtocolTransport, G as GatewayConfig } from './types-B_wnd7ZX.mjs';
1
+ import { c as AstraSyncCredentials, g as ProtocolTransport, G as GatewayConfig } from './types-DrDIouvO.mjs';
2
2
 
3
3
  /**
4
4
  * AgentClient — Credential Presentation
package/dist/index.d.mts CHANGED
@@ -1,12 +1,12 @@
1
- import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, V as VerificationRequest, j as VerificationResult, E as EnhancedVerificationResult, A as AccessFailure } from './types-B_wnd7ZX.mjs';
2
- export { c as AstraSyncCredentials, C as CommerceShieldProps, d as CounterpartyType, e as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, k as VerifiedAgent, l as VerifiedDeveloper, m as VerifiedOrganization } from './types-B_wnd7ZX.mjs';
3
- export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-D1MuiiNz.mjs';
4
- export { e as express } from './express-DAOTESQo.mjs';
5
- export { n as nextjs } from './nextjs-CFQ_KDFf.mjs';
6
- export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-kxLJ873R.mjs';
1
+ import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, V as VerificationRequest, l as VerificationResult, E as EnhancedVerificationResult, A as AccessFailure, j as StepUpApprovalInfo } from './types-DrDIouvO.mjs';
2
+ export { c as AstraSyncCredentials, C as CommerceShieldProps, d as CounterpartyType, e as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, i as SettlementArtifact, T as TokenGuidance, k as TrustLevel, m as VerifiedAgent, n as VerifiedDeveloper, o as VerifiedOrganization } from './types-DrDIouvO.mjs';
3
+ export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-DKhwVL9X.mjs';
4
+ export { e as express } from './express-BH5ADAyb.mjs';
5
+ export { n as nextjs } from './nextjs-LTeoPqMH.mjs';
6
+ export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-BR2nmxBU.mjs';
7
7
  export { McpMiddlewareOptions, ToolGateConfig, createMcpMiddleware } from './adapters/mcp.mjs';
8
8
  export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, BuildGuidanceParams, FrameworkConfig, GuidanceEnvelope, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions, buildGuidance } from './registration/index.mjs';
9
- export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-BLeiWFLu.mjs';
9
+ export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-aZHAWujT.mjs';
10
10
  import 'express';
11
11
  import 'next/server';
12
12
  import 'jose';
@@ -87,6 +87,8 @@ interface SettlementDecision {
87
87
  reason?: string;
88
88
  failures?: AccessFailure[];
89
89
  correlationId?: string;
90
+ /** Present when the transaction is in the human-approval band — the owner can approve via the poll URL. */
91
+ stepUpApproval?: StepUpApprovalInfo;
90
92
  }
91
93
  /**
92
94
  * Authorize a settlement of `value` for `agentId` against the agent's PDLSS
@@ -152,6 +154,6 @@ declare function getCachedWellKnownUrls(apiBaseUrl: string): WellKnownAgenticCom
152
154
  * @packageDocumentation
153
155
  */
154
156
 
155
- declare const VERSION = "2.0.0";
157
+ declare const VERSION = "3.4.0";
156
158
 
157
- export { AccessLevel, AgentCredentials, EnhancedVerificationResult, GatewayConfig, type SettlementDecision, type SettlementRequest, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, authorizeSettlement, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
159
+ export { AccessLevel, AgentCredentials, EnhancedVerificationResult, GatewayConfig, type SettlementDecision, type SettlementRequest, StepUpApprovalInfo, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, authorizeSettlement, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
package/dist/index.d.ts CHANGED
@@ -1,12 +1,12 @@
1
- import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, V as VerificationRequest, j as VerificationResult, E as EnhancedVerificationResult, A as AccessFailure } from './types-B_wnd7ZX.js';
2
- export { c as AstraSyncCredentials, C as CommerceShieldProps, d as CounterpartyType, e as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, T as TokenGuidance, i as TrustLevel, k as VerifiedAgent, l as VerifiedDeveloper, m as VerifiedOrganization } from './types-B_wnd7ZX.js';
3
- export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-C7qAfpGB.js';
4
- export { e as express } from './express-Lb8-Ybio.js';
5
- export { n as nextjs } from './nextjs-BXK0nD73.js';
6
- export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-E3fAidVt.js';
1
+ import { b as AgentCredentials, G as GatewayConfig, a as AccessLevel, V as VerificationRequest, l as VerificationResult, E as EnhancedVerificationResult, A as AccessFailure, j as StepUpApprovalInfo } from './types-DrDIouvO.js';
2
+ export { c as AstraSyncCredentials, C as CommerceShieldProps, d as CounterpartyType, e as ExpressMiddlewareOptions, f as GuidanceInfo, N as NextJsMiddlewareOptions, P as PDLSSInfo, g as ProtocolTransport, R as RouteAccessConfig, h as RuntimeChallengeResult, S as SDKOptions, i as SettlementArtifact, T as TokenGuidance, k as TrustLevel, m as VerifiedAgent, n as VerifiedDeveloper, o as VerifiedOrganization } from './types-DrDIouvO.js';
3
+ export { A as ACCESS_LEVEL_DESCRIPTIONS, a as ACCESS_LEVEL_HIERARCHY, b as AccessCapabilities, D as DEFAULT_TRUST_THRESHOLDS, T as TRUST_LEVEL_RANGES, d as determineAccessLevel, g as getAccessLevelForScore, e as getCapabilities, f as getTrustLevel, h as hasMinimumAccess, s as sdk } from './sdk-LmvyDVpL.js';
4
+ export { e as express } from './express-jUzLIoep.js';
5
+ export { n as nextjs } from './nextjs-DfXOd0Au.js';
6
+ export { aR as extractMcpCredentials, bg as setMcpMeta, b1 as transport } from './index-DEixUCu0.js';
7
7
  export { McpMiddlewareOptions, ToolGateConfig, createMcpMiddleware } from './adapters/mcp.js';
8
8
  export { AgentProtocol, AgentRecord, AstraSync, AstraSyncConfig, AstraSyncError, AuthenticationError, BuildGuidanceParams, FrameworkConfig, GuidanceEnvelope, HealthResponse, KYDRequiredError, ModelConfig, PDLSSConfig, PDLSSDuration, PDLSSLimits, PDLSSPurpose, PDLSSScope, PDLSSSelfInstantiation, PendingRegistrationResponse, PollRegistrationResult, RegisterOptions, RegisterResult, RegistrationDeniedError, RegistrationExpiredError, RegistrationResponse, RegistrationTimeoutError, VerifyResponse, WaitForApprovalOptions, buildGuidance } from './registration/index.js';
9
- export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-DFwfHOGj.js';
9
+ export { A as AgentClient, C as ChallengeHandler, i as agent, r as recordDecision } from './index-DlCnmpJH.js';
10
10
  import 'express';
11
11
  import 'next/server';
12
12
  import 'jose';
@@ -87,6 +87,8 @@ interface SettlementDecision {
87
87
  reason?: string;
88
88
  failures?: AccessFailure[];
89
89
  correlationId?: string;
90
+ /** Present when the transaction is in the human-approval band — the owner can approve via the poll URL. */
91
+ stepUpApproval?: StepUpApprovalInfo;
90
92
  }
91
93
  /**
92
94
  * Authorize a settlement of `value` for `agentId` against the agent's PDLSS
@@ -152,6 +154,6 @@ declare function getCachedWellKnownUrls(apiBaseUrl: string): WellKnownAgenticCom
152
154
  * @packageDocumentation
153
155
  */
154
156
 
155
- declare const VERSION = "2.0.0";
157
+ declare const VERSION = "3.4.0";
156
158
 
157
- export { AccessLevel, AgentCredentials, EnhancedVerificationResult, GatewayConfig, type SettlementDecision, type SettlementRequest, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, authorizeSettlement, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
159
+ export { AccessLevel, AgentCredentials, EnhancedVerificationResult, GatewayConfig, type SettlementDecision, type SettlementRequest, StepUpApprovalInfo, VERSION, VerificationRequest, VerificationResult, type WellKnownAgenticCommerce, authorizeSettlement, clearCache, extractCredentials, getCachedWellKnownUrls, getWellKnownUrls, hasCredentials, prefetchWellKnown, quickVerify, verify };
package/dist/index.js CHANGED
@@ -193,7 +193,7 @@ function getCapabilities(accessLevel) {
193
193
  }
194
194
 
195
195
  // src/version.ts
196
- var SDK_VERSION = "3.3.0";
196
+ var SDK_VERSION = "3.5.0";
197
197
 
198
198
  // src/well-known.ts
199
199
  var CACHE_TTL_MS = 60 * 60 * 1e3;
@@ -611,7 +611,9 @@ async function verify(config, request) {
611
611
  // linking key (the sessionId-equivalent for anonymous callers).
612
612
  correlationId: apiResponse.correlationId,
613
613
  recommendation: apiResponse.recommendation,
614
- recommendationReasons: apiResponse.recommendationReasons
614
+ recommendationReasons: apiResponse.recommendationReasons,
615
+ stepUpApproval: apiResponse.stepUpApproval,
616
+ settlement: apiResponse.settlement
615
617
  };
616
618
  return result2;
617
619
  }
@@ -663,7 +665,9 @@ async function verify(config, request) {
663
665
  tokenGuidance: apiResponse.tokenGuidance,
664
666
  recommendation: apiResponse.recommendation,
665
667
  recommendationReasons: apiResponse.recommendationReasons,
666
- warningHeader: apiResponse.warningHeader
668
+ warningHeader: apiResponse.warningHeader,
669
+ stepUpApproval: apiResponse.stepUpApproval,
670
+ settlement: apiResponse.settlement
667
671
  };
668
672
  if (result.recommendation === "deny") {
669
673
  result.policyAllowed = false;
@@ -744,7 +748,7 @@ async function quickVerify(config, credentials) {
744
748
  }
745
749
 
746
750
  // src/adapters/approval-gate.ts
747
- var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval, which is not yet available - it cannot be completed automatically.";
751
+ var APPROVAL_REASON = "Transaction is above the autonomous limit and requires human approval. The agent owner can approve or deny this transaction in the AstraSync dashboard.";
748
752
  function requiresHumanApproval(result) {
749
753
  return result.requiresStepUp === true || result.requiresApproval === true;
750
754
  }
@@ -800,7 +804,8 @@ async function authorizeSettlement(config, req) {
800
804
  recommendation,
801
805
  reason: authorized ? void 0 : result.denialReasons?.[0] ?? (requiresHumanApproval(result) ? "Transaction is above the autonomous limit and requires human approval; settlement cannot be authorized automatically." : "Settlement not authorized by the agent's PDLSS limits."),
802
806
  failures: result.failures,
803
- correlationId: result.correlationId
807
+ correlationId: result.correlationId,
808
+ stepUpApproval: requiresHumanApproval(result) ? result.stepUpApproval : void 0
804
809
  };
805
810
  }
806
811
 
@@ -1087,7 +1092,8 @@ function defaultOnDenied(result, _req, res) {
1087
1092
  guidance: result.guidance,
1088
1093
  // Round-10: aggregated per-dimension detail + correlation handle.
1089
1094
  failures: result.failures,
1090
- correlationId: result.correlationId
1095
+ correlationId: result.correlationId,
1096
+ stepUpApproval: result.stepUpApproval
1091
1097
  }
1092
1098
  });
1093
1099
  }
@@ -1237,6 +1243,21 @@ function createMiddleware(options) {
1237
1243
  );
1238
1244
  }
1239
1245
  const agentCardUrl = typeof req.headers["x-astrasync-agent-card"] === "string" ? req.headers["x-astrasync-agent-card"] : void 0;
1246
+ let txValue;
1247
+ let txCurrency;
1248
+ if (config.extractTransactionValue) {
1249
+ try {
1250
+ const extracted = config.extractTransactionValue(req);
1251
+ if (extracted) {
1252
+ txValue = extracted.value;
1253
+ txCurrency = extracted.currency;
1254
+ }
1255
+ } catch (e) {
1256
+ if (config.debug) {
1257
+ console.warn("[VerificationGateway] extractTransactionValue threw:", e);
1258
+ }
1259
+ }
1260
+ }
1240
1261
  const result = await verify(config, {
1241
1262
  credentials,
1242
1263
  purpose,
@@ -1247,6 +1268,8 @@ function createMiddleware(options) {
1247
1268
  counterpartyType: config.counterpartyType || "api",
1248
1269
  enableRuntimeChallenge,
1249
1270
  durationRequired: astraCreds?.pdlss?.duration?.maxSessionDuration,
1271
+ ...txValue !== void 0 && { transactionValue: txValue },
1272
+ ...txCurrency && { currency: txCurrency },
1250
1273
  callerMetadata: {
1251
1274
  sourceIp: originalClientIp,
1252
1275
  userAgent: req.headers["user-agent"],
@@ -1737,7 +1760,8 @@ function createMiddleware2(options) {
1737
1760
  code: !result.identityVerified ? "UNAUTHORIZED" : "POLICY_DENIED",
1738
1761
  message: result.denialReasons?.[0] || "Access denied",
1739
1762
  guidance: result.guidance,
1740
- failures: result.failures
1763
+ failures: result.failures,
1764
+ stepUpApproval: result.stepUpApproval
1741
1765
  }
1742
1766
  },
1743
1767
  { status: !result.identityVerified ? 401 : 403 }
@@ -2226,15 +2250,33 @@ function extractMPPTransactionValue(challenge) {
2226
2250
  source: `challenge.request.amount (method=${challenge.method ?? "unknown"})`
2227
2251
  };
2228
2252
  }
2253
+ var KNOWN_TOKEN_DECIMALS = {
2254
+ USDC: 6,
2255
+ USDT: 6,
2256
+ DAI: 18,
2257
+ ETH: 18,
2258
+ WETH: 18
2259
+ };
2229
2260
  function extractX402TransactionValue(req) {
2230
- const amount = req.maxAmountRequired ?? req.amount;
2261
+ const rawAmount = req.maxAmountRequired ?? req.amount;
2231
2262
  const currency = req.currency ?? req.asset;
2232
- if (typeof amount !== "number" || !currency) return null;
2263
+ if (typeof rawAmount !== "number" || !currency) return null;
2264
+ const source = req.maxAmountRequired !== void 0 ? "maxAmountRequired" : "amount";
2265
+ const decimals = KNOWN_TOKEN_DECIMALS[currency.toUpperCase()];
2266
+ if (decimals !== void 0) {
2267
+ return {
2268
+ protocol: "x402",
2269
+ amount: rawAmount / Math.pow(10, decimals),
2270
+ currency,
2271
+ source
2272
+ };
2273
+ }
2233
2274
  return {
2234
2275
  protocol: "x402",
2235
- amount,
2276
+ amount: rawAmount,
2236
2277
  currency,
2237
- source: req.maxAmountRequired !== void 0 ? "maxAmountRequired" : "amount"
2278
+ source,
2279
+ rawUnits: true
2238
2280
  };
2239
2281
  }
2240
2282
 
@@ -4637,7 +4679,8 @@ function defaultMcpDenied(result, req, res) {
4637
4679
  guidance: result.guidance,
4638
4680
  // Round-10: aggregated per-dimension detail + correlation handle.
4639
4681
  failures: result.failures,
4640
- correlationId: result.correlationId
4682
+ correlationId: result.correlationId,
4683
+ stepUpApproval: result.stepUpApproval
4641
4684
  }
4642
4685
  }
4643
4686
  });
@@ -5565,7 +5608,7 @@ async function recordDecision2(config, params) {
5565
5608
  }
5566
5609
 
5567
5610
  // src/index.ts
5568
- var VERSION = "2.0.0";
5611
+ var VERSION = "3.4.0";
5569
5612
  // Annotate the CommonJS export names for ESM import in node:
5570
5613
  0 && (module.exports = {
5571
5614
  ACCESS_LEVEL_DESCRIPTIONS,