@astrasyncai/verification-gateway 3.3.0 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (88) hide show
  1. package/README.md +86 -0
  2. package/dist/adapter-interface/interface.d.mts +2 -2
  3. package/dist/adapter-interface/interface.d.ts +2 -2
  4. package/dist/adapters/express.d.mts +2 -2
  5. package/dist/adapters/express.d.ts +2 -2
  6. package/dist/adapters/express.js +27 -5
  7. package/dist/adapters/express.js.map +1 -1
  8. package/dist/adapters/express.mjs +27 -5
  9. package/dist/adapters/express.mjs.map +1 -1
  10. package/dist/adapters/mcp.d.mts +1 -1
  11. package/dist/adapters/mcp.d.ts +1 -1
  12. package/dist/adapters/mcp.js +10 -5
  13. package/dist/adapters/mcp.js.map +1 -1
  14. package/dist/adapters/mcp.mjs +10 -5
  15. package/dist/adapters/mcp.mjs.map +1 -1
  16. package/dist/adapters/nextjs.d.mts +2 -2
  17. package/dist/adapters/nextjs.d.ts +2 -2
  18. package/dist/adapters/nextjs.js +10 -5
  19. package/dist/adapters/nextjs.js.map +1 -1
  20. package/dist/adapters/nextjs.mjs +10 -5
  21. package/dist/adapters/nextjs.mjs.map +1 -1
  22. package/dist/adapters/sdk.d.mts +2 -2
  23. package/dist/adapters/sdk.d.ts +2 -2
  24. package/dist/adapters/sdk.js +7 -3
  25. package/dist/adapters/sdk.js.map +1 -1
  26. package/dist/adapters/sdk.mjs +7 -3
  27. package/dist/adapters/sdk.mjs.map +1 -1
  28. package/dist/agent/index.d.mts +2 -2
  29. package/dist/agent/index.d.ts +2 -2
  30. package/dist/browser/background.js +2814 -2343
  31. package/dist/browser/background.js.map +1 -1
  32. package/dist/browser/background.mjs +2814 -2343
  33. package/dist/browser/background.mjs.map +1 -1
  34. package/dist/browser/browser-adapter.d.mts +2 -2
  35. package/dist/browser/browser-adapter.d.ts +2 -2
  36. package/dist/cli/index.d.mts +2 -2
  37. package/dist/cli/index.d.ts +2 -2
  38. package/dist/cli/index.js +2813 -2346
  39. package/dist/cli/index.js.map +1 -1
  40. package/dist/cli/index.mjs +2813 -2346
  41. package/dist/cli/index.mjs.map +1 -1
  42. package/dist/cursor/cursor-adapter.d.mts +2 -2
  43. package/dist/cursor/cursor-adapter.d.ts +2 -2
  44. package/dist/cursor/extension.d.mts +2 -2
  45. package/dist/cursor/extension.d.ts +2 -2
  46. package/dist/cursor/extension.js +2815 -2344
  47. package/dist/cursor/extension.js.map +1 -1
  48. package/dist/cursor/extension.mjs +2817 -2346
  49. package/dist/cursor/extension.mjs.map +1 -1
  50. package/dist/{express-DAOTESQo.d.mts → express-BH5ADAyb.d.mts} +1 -1
  51. package/dist/{express-Lb8-Ybio.d.ts → express-jUzLIoep.d.ts} +1 -1
  52. package/dist/gateway/gateway.d.mts +2 -2
  53. package/dist/gateway/gateway.d.ts +2 -2
  54. package/dist/gateway/gateway.js +2814 -2343
  55. package/dist/gateway/gateway.js.map +1 -1
  56. package/dist/gateway/gateway.mjs +2816 -2345
  57. package/dist/gateway/gateway.mjs.map +1 -1
  58. package/dist/git-trigger/git-hooks.d.mts +2 -2
  59. package/dist/git-trigger/git-hooks.d.ts +2 -2
  60. package/dist/{index-kxLJ873R.d.mts → index-BR2nmxBU.d.mts} +5 -1
  61. package/dist/{index-E3fAidVt.d.ts → index-DEixUCu0.d.ts} +5 -1
  62. package/dist/{index-DFwfHOGj.d.ts → index-DlCnmpJH.d.ts} +1 -1
  63. package/dist/{index-BLeiWFLu.d.mts → index-aZHAWujT.d.mts} +1 -1
  64. package/dist/index.d.mts +11 -9
  65. package/dist/index.d.ts +11 -9
  66. package/dist/index.js +56 -13
  67. package/dist/index.js.map +1 -1
  68. package/dist/index.mjs +56 -13
  69. package/dist/index.mjs.map +1 -1
  70. package/dist/local-evaluator/evaluator.d.mts +2 -2
  71. package/dist/local-evaluator/evaluator.d.ts +2 -2
  72. package/dist/{nextjs-BXK0nD73.d.ts → nextjs-DfXOd0Au.d.ts} +1 -1
  73. package/dist/{nextjs-CFQ_KDFf.d.mts → nextjs-LTeoPqMH.d.mts} +1 -1
  74. package/dist/{sdk-D1MuiiNz.d.mts → sdk-DKhwVL9X.d.mts} +1 -1
  75. package/dist/{sdk-C7qAfpGB.d.ts → sdk-LmvyDVpL.d.ts} +1 -1
  76. package/dist/transport/index.d.mts +2 -2
  77. package/dist/transport/index.d.ts +2 -2
  78. package/dist/transport/index.js +22 -4
  79. package/dist/transport/index.js.map +1 -1
  80. package/dist/transport/index.mjs +22 -4
  81. package/dist/transport/index.mjs.map +1 -1
  82. package/dist/{types-ClvUqrEm.d.mts → types-C8HyQEaz.d.mts} +1 -1
  83. package/dist/{types-B_wnd7ZX.d.mts → types-DrDIouvO.d.mts} +54 -3
  84. package/dist/{types-B_wnd7ZX.d.ts → types-DrDIouvO.d.ts} +54 -3
  85. package/dist/{types-B6uD4jAI.d.ts → types-xofemo0G.d.ts} +1 -1
  86. package/dist/ui/index.d.mts +1 -1
  87. package/dist/ui/index.d.ts +1 -1
  88. package/package.json +1 -1
@@ -1,4 +1,4 @@
1
- import { a as AccessLevel, d as CounterpartyType, T as TokenGuidance } from './types-B_wnd7ZX.mjs';
1
+ import { a as AccessLevel, d as CounterpartyType, T as TokenGuidance } from './types-DrDIouvO.mjs';
2
2
 
3
3
  /**
4
4
  * AstraSync Gateway - Types for gateway modes, local evaluation, and adapter interface.
@@ -280,6 +280,14 @@ interface Attestation {
280
280
  /** Attestation kind (e.g. `verified_human_party`). */
281
281
  type: string;
282
282
  status: 'passed' | 'failed';
283
+ /**
284
+ * ISO-8601 timestamp of the underlying check (when KYC/IDV/AML actually ran).
285
+ * Merchants compare this against their `maxAgeDays` requirement on the
286
+ * endpoint to enforce per-attestation freshness. Distinct from `validUntil`:
287
+ * `checkedAt` is when the data was sourced; `validUntil` is when the issuer
288
+ * stops vouching for it.
289
+ */
290
+ checkedAt: string;
283
291
  validUntil?: string;
284
292
  proofType: 'reference' | 'zkp';
285
293
  proof: string;
@@ -297,6 +305,23 @@ interface GuidanceInfo {
297
305
  /** Steps to get verified */
298
306
  steps?: string[];
299
307
  }
308
+ interface StepUpApprovalInfo {
309
+ approvalId: string;
310
+ pollUrl: string;
311
+ expiresAt: string;
312
+ }
313
+ interface SettlementArtifact {
314
+ type: string;
315
+ artifact: string;
316
+ binding: {
317
+ merchantId: string;
318
+ amount: number;
319
+ currency: string;
320
+ sessionId: string;
321
+ singleUse: true;
322
+ expiresAt: string;
323
+ };
324
+ }
300
325
  /**
301
326
  * Complete verification result
302
327
  */
@@ -374,6 +399,10 @@ interface VerificationResult {
374
399
  requiresStepUp?: boolean;
375
400
  /** Whether approval is required */
376
401
  requiresApproval?: boolean;
402
+ /** Step-up approval info (present when transaction is in the human-approval band). */
403
+ stepUpApproval?: StepUpApprovalInfo;
404
+ /** Settlement voucher (present on clean merchant-mediated grants with a verified wallet). */
405
+ settlement?: SettlementArtifact;
377
406
  /** Timestamp of verification */
378
407
  verifiedAt: Date;
379
408
  /** TTL for this result (seconds) */
@@ -415,9 +444,14 @@ interface VerificationRequest {
415
444
  resource?: string;
416
445
  /** Jurisdiction for the request */
417
446
  jurisdiction?: string;
418
- /** Transaction value (if applicable) */
447
+ /**
448
+ * Transaction value in MAJOR units (dollars, euros, native token units —
449
+ * NOT cents/minor units). Diverges from Stripe (minor units). UCP/ACP
450
+ * extractors auto-convert from cents (÷100). x402 uses per-token decimals.
451
+ * See `transport/transaction-value.ts` for per-protocol normalization.
452
+ */
419
453
  transactionValue?: number;
420
- /** Currency for transaction value */
454
+ /** ISO-4217 currency code for transactionValue (e.g. 'USD', 'AUD', 'ETH'). Falls back to 'USD' server-side when unset. */
421
455
  currency?: string;
422
456
  /** Whether this is a sub-agent request */
423
457
  isSubAgentRequest?: boolean;
@@ -528,6 +562,23 @@ interface ExpressMiddlewareOptions extends GatewayConfig {
528
562
  * DELETE→data.delete). Dashboard route mapping still outranks it.
529
563
  */
530
564
  extractAction?: (req: unknown) => string | undefined;
565
+ /**
566
+ * Optional extractor for the transaction value from the incoming request.
567
+ * Must return the value in MAJOR units (dollars, euros — NOT cents/minor
568
+ * units). This diverges from Stripe and most payment rails which use minor
569
+ * units. If your source is in minor units (cents), divide by 100 before
570
+ * returning.
571
+ *
572
+ * When configured, the extracted value and currency are forwarded to
573
+ * verify-access so PDLSS limit evaluation runs at middleware time.
574
+ *
575
+ * NOTE: this is opt-in upfront enforcement. `authorizeSettlement()` remains
576
+ * the REQUIRED fail-closed settlement gate at settlement time.
577
+ */
578
+ extractTransactionValue?: (req: unknown) => {
579
+ value: number;
580
+ currency: string;
581
+ } | undefined;
531
582
  /** Skip verification for certain paths */
532
583
  skipPaths?: string[];
533
584
  /** Custom response for denied requests */
@@ -723,4 +774,4 @@ interface CommerceShieldProps {
723
774
  className?: string;
724
775
  }
725
776
 
726
- export type { AccessFailure as A, CommerceShieldProps as C, EnhancedVerificationResult as E, GatewayConfig as G, NextJsMiddlewareOptions as N, PDLSSInfo as P, RouteAccessConfig as R, SDKOptions as S, TokenGuidance as T, VerificationRequest as V, AccessLevel as a, AgentCredentials as b, AstraSyncCredentials as c, CounterpartyType as d, ExpressMiddlewareOptions as e, GuidanceInfo as f, ProtocolTransport as g, RuntimeChallengeResult as h, TrustLevel as i, VerificationResult as j, VerifiedAgent as k, VerifiedDeveloper as l, VerifiedOrganization as m };
777
+ export type { AccessFailure as A, CommerceShieldProps as C, EnhancedVerificationResult as E, GatewayConfig as G, NextJsMiddlewareOptions as N, PDLSSInfo as P, RouteAccessConfig as R, SDKOptions as S, TokenGuidance as T, VerificationRequest as V, AccessLevel as a, AgentCredentials as b, AstraSyncCredentials as c, CounterpartyType as d, ExpressMiddlewareOptions as e, GuidanceInfo as f, ProtocolTransport as g, RuntimeChallengeResult as h, SettlementArtifact as i, StepUpApprovalInfo as j, TrustLevel as k, VerificationResult as l, VerifiedAgent as m, VerifiedDeveloper as n, VerifiedOrganization as o };
@@ -280,6 +280,14 @@ interface Attestation {
280
280
  /** Attestation kind (e.g. `verified_human_party`). */
281
281
  type: string;
282
282
  status: 'passed' | 'failed';
283
+ /**
284
+ * ISO-8601 timestamp of the underlying check (when KYC/IDV/AML actually ran).
285
+ * Merchants compare this against their `maxAgeDays` requirement on the
286
+ * endpoint to enforce per-attestation freshness. Distinct from `validUntil`:
287
+ * `checkedAt` is when the data was sourced; `validUntil` is when the issuer
288
+ * stops vouching for it.
289
+ */
290
+ checkedAt: string;
283
291
  validUntil?: string;
284
292
  proofType: 'reference' | 'zkp';
285
293
  proof: string;
@@ -297,6 +305,23 @@ interface GuidanceInfo {
297
305
  /** Steps to get verified */
298
306
  steps?: string[];
299
307
  }
308
+ interface StepUpApprovalInfo {
309
+ approvalId: string;
310
+ pollUrl: string;
311
+ expiresAt: string;
312
+ }
313
+ interface SettlementArtifact {
314
+ type: string;
315
+ artifact: string;
316
+ binding: {
317
+ merchantId: string;
318
+ amount: number;
319
+ currency: string;
320
+ sessionId: string;
321
+ singleUse: true;
322
+ expiresAt: string;
323
+ };
324
+ }
300
325
  /**
301
326
  * Complete verification result
302
327
  */
@@ -374,6 +399,10 @@ interface VerificationResult {
374
399
  requiresStepUp?: boolean;
375
400
  /** Whether approval is required */
376
401
  requiresApproval?: boolean;
402
+ /** Step-up approval info (present when transaction is in the human-approval band). */
403
+ stepUpApproval?: StepUpApprovalInfo;
404
+ /** Settlement voucher (present on clean merchant-mediated grants with a verified wallet). */
405
+ settlement?: SettlementArtifact;
377
406
  /** Timestamp of verification */
378
407
  verifiedAt: Date;
379
408
  /** TTL for this result (seconds) */
@@ -415,9 +444,14 @@ interface VerificationRequest {
415
444
  resource?: string;
416
445
  /** Jurisdiction for the request */
417
446
  jurisdiction?: string;
418
- /** Transaction value (if applicable) */
447
+ /**
448
+ * Transaction value in MAJOR units (dollars, euros, native token units —
449
+ * NOT cents/minor units). Diverges from Stripe (minor units). UCP/ACP
450
+ * extractors auto-convert from cents (÷100). x402 uses per-token decimals.
451
+ * See `transport/transaction-value.ts` for per-protocol normalization.
452
+ */
419
453
  transactionValue?: number;
420
- /** Currency for transaction value */
454
+ /** ISO-4217 currency code for transactionValue (e.g. 'USD', 'AUD', 'ETH'). Falls back to 'USD' server-side when unset. */
421
455
  currency?: string;
422
456
  /** Whether this is a sub-agent request */
423
457
  isSubAgentRequest?: boolean;
@@ -528,6 +562,23 @@ interface ExpressMiddlewareOptions extends GatewayConfig {
528
562
  * DELETE→data.delete). Dashboard route mapping still outranks it.
529
563
  */
530
564
  extractAction?: (req: unknown) => string | undefined;
565
+ /**
566
+ * Optional extractor for the transaction value from the incoming request.
567
+ * Must return the value in MAJOR units (dollars, euros — NOT cents/minor
568
+ * units). This diverges from Stripe and most payment rails which use minor
569
+ * units. If your source is in minor units (cents), divide by 100 before
570
+ * returning.
571
+ *
572
+ * When configured, the extracted value and currency are forwarded to
573
+ * verify-access so PDLSS limit evaluation runs at middleware time.
574
+ *
575
+ * NOTE: this is opt-in upfront enforcement. `authorizeSettlement()` remains
576
+ * the REQUIRED fail-closed settlement gate at settlement time.
577
+ */
578
+ extractTransactionValue?: (req: unknown) => {
579
+ value: number;
580
+ currency: string;
581
+ } | undefined;
531
582
  /** Skip verification for certain paths */
532
583
  skipPaths?: string[];
533
584
  /** Custom response for denied requests */
@@ -723,4 +774,4 @@ interface CommerceShieldProps {
723
774
  className?: string;
724
775
  }
725
776
 
726
- export type { AccessFailure as A, CommerceShieldProps as C, EnhancedVerificationResult as E, GatewayConfig as G, NextJsMiddlewareOptions as N, PDLSSInfo as P, RouteAccessConfig as R, SDKOptions as S, TokenGuidance as T, VerificationRequest as V, AccessLevel as a, AgentCredentials as b, AstraSyncCredentials as c, CounterpartyType as d, ExpressMiddlewareOptions as e, GuidanceInfo as f, ProtocolTransport as g, RuntimeChallengeResult as h, TrustLevel as i, VerificationResult as j, VerifiedAgent as k, VerifiedDeveloper as l, VerifiedOrganization as m };
777
+ export type { AccessFailure as A, CommerceShieldProps as C, EnhancedVerificationResult as E, GatewayConfig as G, NextJsMiddlewareOptions as N, PDLSSInfo as P, RouteAccessConfig as R, SDKOptions as S, TokenGuidance as T, VerificationRequest as V, AccessLevel as a, AgentCredentials as b, AstraSyncCredentials as c, CounterpartyType as d, ExpressMiddlewareOptions as e, GuidanceInfo as f, ProtocolTransport as g, RuntimeChallengeResult as h, SettlementArtifact as i, StepUpApprovalInfo as j, TrustLevel as k, VerificationResult as l, VerifiedAgent as m, VerifiedDeveloper as n, VerifiedOrganization as o };
@@ -1,4 +1,4 @@
1
- import { a as AccessLevel, d as CounterpartyType, T as TokenGuidance } from './types-B_wnd7ZX.js';
1
+ import { a as AccessLevel, d as CounterpartyType, T as TokenGuidance } from './types-DrDIouvO.js';
2
2
 
3
3
  /**
4
4
  * AstraSync Gateway - Types for gateway modes, local evaluation, and adapter interface.
@@ -1,4 +1,4 @@
1
- import { C as CommerceShieldProps, j as VerificationResult, b as AgentCredentials, f as GuidanceInfo, i as TrustLevel } from '../types-B_wnd7ZX.mjs';
1
+ import { C as CommerceShieldProps, l as VerificationResult, b as AgentCredentials, f as GuidanceInfo, k as TrustLevel } from '../types-DrDIouvO.mjs';
2
2
 
3
3
  /**
4
4
  * AstraSync Commerce Shield Component
@@ -1,4 +1,4 @@
1
- import { C as CommerceShieldProps, j as VerificationResult, b as AgentCredentials, f as GuidanceInfo, i as TrustLevel } from '../types-B_wnd7ZX.js';
1
+ import { C as CommerceShieldProps, l as VerificationResult, b as AgentCredentials, f as GuidanceInfo, k as TrustLevel } from '../types-DrDIouvO.js';
2
2
 
3
3
  /**
4
4
  * AstraSync Commerce Shield Component
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@astrasyncai/verification-gateway",
3
- "version": "3.3.0",
3
+ "version": "3.5.0",
4
4
  "description": "AstraSync KYA Platform SDK — counterparty verification gateway (verify incoming requests) + agent registration (register AI agents with the KYA backend).",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",