@astrasyncai/verification-gateway 3.4.0 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (84) hide show
  1. package/README.md +86 -0
  2. package/dist/adapter-interface/interface.d.mts +2 -2
  3. package/dist/adapter-interface/interface.d.ts +2 -2
  4. package/dist/adapters/express.d.mts +2 -2
  5. package/dist/adapters/express.d.ts +2 -2
  6. package/dist/adapters/express.js +18 -1
  7. package/dist/adapters/express.js.map +1 -1
  8. package/dist/adapters/express.mjs +18 -1
  9. package/dist/adapters/express.mjs.map +1 -1
  10. package/dist/adapters/mcp.d.mts +1 -1
  11. package/dist/adapters/mcp.d.ts +1 -1
  12. package/dist/adapters/mcp.js +1 -1
  13. package/dist/adapters/mcp.js.map +1 -1
  14. package/dist/adapters/mcp.mjs +1 -1
  15. package/dist/adapters/mcp.mjs.map +1 -1
  16. package/dist/adapters/nextjs.d.mts +2 -2
  17. package/dist/adapters/nextjs.d.ts +2 -2
  18. package/dist/adapters/nextjs.js +1 -1
  19. package/dist/adapters/nextjs.js.map +1 -1
  20. package/dist/adapters/nextjs.mjs +1 -1
  21. package/dist/adapters/nextjs.mjs.map +1 -1
  22. package/dist/adapters/sdk.d.mts +2 -2
  23. package/dist/adapters/sdk.d.ts +2 -2
  24. package/dist/adapters/sdk.js +1 -1
  25. package/dist/adapters/sdk.js.map +1 -1
  26. package/dist/adapters/sdk.mjs +1 -1
  27. package/dist/adapters/sdk.mjs.map +1 -1
  28. package/dist/agent/index.d.mts +2 -2
  29. package/dist/agent/index.d.ts +2 -2
  30. package/dist/browser/background.js +1 -1
  31. package/dist/browser/background.js.map +1 -1
  32. package/dist/browser/background.mjs +1 -1
  33. package/dist/browser/background.mjs.map +1 -1
  34. package/dist/browser/browser-adapter.d.mts +2 -2
  35. package/dist/browser/browser-adapter.d.ts +2 -2
  36. package/dist/cli/index.d.mts +2 -2
  37. package/dist/cli/index.d.ts +2 -2
  38. package/dist/cursor/cursor-adapter.d.mts +2 -2
  39. package/dist/cursor/cursor-adapter.d.ts +2 -2
  40. package/dist/cursor/extension.d.mts +2 -2
  41. package/dist/cursor/extension.d.ts +2 -2
  42. package/dist/cursor/extension.js +1 -1
  43. package/dist/cursor/extension.js.map +1 -1
  44. package/dist/cursor/extension.mjs +1 -1
  45. package/dist/cursor/extension.mjs.map +1 -1
  46. package/dist/{express-CeFvNWDD.d.mts → express-BH5ADAyb.d.mts} +1 -1
  47. package/dist/{express-RIh05wW2.d.ts → express-jUzLIoep.d.ts} +1 -1
  48. package/dist/gateway/gateway.d.mts +2 -2
  49. package/dist/gateway/gateway.d.ts +2 -2
  50. package/dist/gateway/gateway.js +1 -1
  51. package/dist/gateway/gateway.js.map +1 -1
  52. package/dist/gateway/gateway.mjs +1 -1
  53. package/dist/gateway/gateway.mjs.map +1 -1
  54. package/dist/git-trigger/git-hooks.d.mts +2 -2
  55. package/dist/git-trigger/git-hooks.d.ts +2 -2
  56. package/dist/{index-Bw4FeHMY.d.mts → index-BR2nmxBU.d.mts} +5 -1
  57. package/dist/{index-C-K0WCrk.d.ts → index-DEixUCu0.d.ts} +5 -1
  58. package/dist/{index-BYu1FKMy.d.ts → index-DlCnmpJH.d.ts} +1 -1
  59. package/dist/{index-DgVBEiwI.d.mts → index-aZHAWujT.d.mts} +1 -1
  60. package/dist/index.d.mts +7 -7
  61. package/dist/index.d.ts +7 -7
  62. package/dist/index.js +40 -5
  63. package/dist/index.js.map +1 -1
  64. package/dist/index.mjs +40 -5
  65. package/dist/index.mjs.map +1 -1
  66. package/dist/local-evaluator/evaluator.d.mts +2 -2
  67. package/dist/local-evaluator/evaluator.d.ts +2 -2
  68. package/dist/{nextjs--xR9zbSJ.d.ts → nextjs-DfXOd0Au.d.ts} +1 -1
  69. package/dist/{nextjs-xciaMpsZ.d.mts → nextjs-LTeoPqMH.d.mts} +1 -1
  70. package/dist/{sdk-CJYCLMI0.d.mts → sdk-DKhwVL9X.d.mts} +1 -1
  71. package/dist/{sdk-FP7xT9F8.d.ts → sdk-LmvyDVpL.d.ts} +1 -1
  72. package/dist/transport/index.d.mts +2 -2
  73. package/dist/transport/index.d.ts +2 -2
  74. package/dist/transport/index.js +22 -4
  75. package/dist/transport/index.js.map +1 -1
  76. package/dist/transport/index.mjs +22 -4
  77. package/dist/transport/index.mjs.map +1 -1
  78. package/dist/{types-Cj92yKeA.d.mts → types-C8HyQEaz.d.mts} +1 -1
  79. package/dist/{types-Cwrvo30g.d.mts → types-DrDIouvO.d.mts} +24 -2
  80. package/dist/{types-Cwrvo30g.d.ts → types-DrDIouvO.d.ts} +24 -2
  81. package/dist/{types-DOeL-dIw.d.ts → types-xofemo0G.d.ts} +1 -1
  82. package/dist/ui/index.d.mts +1 -1
  83. package/dist/ui/index.d.ts +1 -1
  84. package/package.json +1 -1
package/README.md CHANGED
@@ -409,6 +409,61 @@ interface VerificationResult {
409
409
  }
410
410
  ```
411
411
 
412
+ ## Settlement Authorization
413
+
414
+ For direct-path merchants settling a priced cart, call `authorizeSettlement()` **after** pricing — the middleware only verifies identity/access, not the transaction value:
415
+
416
+ ```typescript
417
+ import { authorizeSettlement } from '@astrasyncai/verification-gateway';
418
+
419
+ const decision = await authorizeSettlement(config, {
420
+ agentId: req.agentVerification.agent.astraId,
421
+ value: cart.total, // YOUR authoritative priced total, never agent-supplied
422
+ currency: 'USD',
423
+ });
424
+
425
+ if (!decision.authorized) {
426
+ // decision.stepUpApproval?.pollUrl — if in the approval band, the owner can approve
427
+ return res.status(402).json({ error: decision.reason, stepUpApproval: decision.stepUpApproval });
428
+ }
429
+ // Safe to settle
430
+ ```
431
+
432
+ ## Step-Up Approval
433
+
434
+ When a transaction value is between the agent's Autonomous Limit and Hard Limit, verify-access returns `stepUpApproval` on the result:
435
+
436
+ ```typescript
437
+ interface StepUpApprovalInfo {
438
+ approvalId: string; // Capability token (UUID)
439
+ pollUrl: string; // GET /api/step-up-approvals/poll/:approvalId
440
+ expiresAt: string; // ISO-8601, 5-minute TTL
441
+ }
442
+ ```
443
+
444
+ Poll the `pollUrl` (unauthenticated, rate-limited 60 req/min) to check if the owner approved. The `getApprovalPollingInfo(result)` helper extracts it from a `VerificationResult`.
445
+
446
+ ## Settlement Artifacts
447
+
448
+ On a clean merchant-mediated grant where the owner has a verified payment instrument, verify-access returns a `settlement` object:
449
+
450
+ ```typescript
451
+ interface SettlementArtifact {
452
+ type: string; // e.g. "stablecoin_voucher"
453
+ artifact: string; // JWS compact-serialised (ES256)
454
+ binding: {
455
+ merchantId: string;
456
+ amount: number;
457
+ currency: string;
458
+ sessionId: string;
459
+ singleUse: true;
460
+ expiresAt: string;
461
+ };
462
+ }
463
+ ```
464
+
465
+ Verify vouchers server-side via `POST /api/wallets/voucher/verify` or fetch the signing keys from `GET /api/wallets/voucher/.well-known/jwks.json`.
466
+
412
467
  ## Configuration
413
468
 
414
469
  ```typescript
@@ -494,6 +549,37 @@ Pre-v2.4.2 used the value `pass-through` — renamed in v2.4.2 to disambiguate "
494
549
 
495
550
  ## Changelog
496
551
 
552
+ ### v3.4.0 — Type alignment for LMAX settlement + step-up approval
553
+
554
+ - `StepUpApprovalInfo` and `SettlementArtifact` interfaces added to `VerificationResult`
555
+ - `stepUpApproval` surfaced in Express/MCP/Next.js adapter deny response bodies
556
+ - `SettlementDecision` carries `stepUpApproval` on step-up denials via `authorizeSettlement()`
557
+ - `getApprovalPollingInfo()` simplified — typed field, no more `unknown` casts
558
+ - `Attestation.checkedAt` (required) — merchant freshness gate timestamp
559
+ - `VERSION` constant updated to `3.4.0`
560
+
561
+ ### v3.3.0 — Direct-path value enforcement
562
+
563
+ - `authorizeSettlement(config, { agentId, value, currency })` — fail-closed settlement gate for direct-path merchants
564
+ - `restrictions` surfaces `approvalThreshold` (enforced per-tx) and `maxPerPeriod` (not yet enforced)
565
+ - ASCII-safe agent-facing strings
566
+
567
+ ### v3.2.1 — Platform-agent go-live readiness
568
+
569
+ - Canonical PDLSS limits terminology (`autonomousThreshold`, `approvalThreshold`)
570
+ - Step-up/approval fail-closed in Express/MCP/Next.js adapters via `approval-gate.ts`
571
+
572
+ ### v3.2.0 — Commerce observability
573
+
574
+ - Access-level band no longer gates (informational only); `requiresStepUp` carries the signal
575
+ - Trust score redacted from agent-facing responses
576
+ - Cross-merchant cache key fix
577
+
578
+ ### v3.1.0 — Canonical PDLSS vocabulary (Bug 14)
579
+
580
+ - Two-axis purpose/action chains with dotted action tokens
581
+ - Route send-mapping for tool→semantic-action translation
582
+
497
583
  ### v2.4.6 — Round-14 partner integration testing
498
584
 
499
585
  **⚠️ BREAKING CHANGE — `endpointUrl` → `counterpartyUrl` on `POST /api/endpoints` AND `PUT /api/endpoints/{id}`**
@@ -1,6 +1,6 @@
1
1
  import { AstraSyncGateway } from '../gateway/gateway.mjs';
2
- import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-Cj92yKeA.mjs';
3
- import '../types-Cwrvo30g.mjs';
2
+ import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-C8HyQEaz.mjs';
3
+ import '../types-DrDIouvO.mjs';
4
4
 
5
5
  /**
6
6
  * PlatformAdapter Interface
@@ -1,6 +1,6 @@
1
1
  import { AstraSyncGateway } from '../gateway/gateway.js';
2
- import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-DOeL-dIw.js';
3
- import '../types-Cwrvo30g.js';
2
+ import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-xofemo0G.js';
3
+ import '../types-DrDIouvO.js';
4
4
 
5
5
  /**
6
6
  * PlatformAdapter Interface
@@ -1,3 +1,3 @@
1
1
  import 'express';
2
- import '../types-Cwrvo30g.mjs';
3
- export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-CeFvNWDD.mjs';
2
+ import '../types-DrDIouvO.mjs';
3
+ export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-BH5ADAyb.mjs';
@@ -1,3 +1,3 @@
1
1
  import 'express';
2
- import '../types-Cwrvo30g.js';
3
- export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-RIh05wW2.js';
2
+ import '../types-DrDIouvO.js';
3
+ export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-jUzLIoep.js';
@@ -34,7 +34,7 @@ function getTrustLevel(score) {
34
34
  }
35
35
 
36
36
  // src/version.ts
37
- var SDK_VERSION = "3.3.0";
37
+ var SDK_VERSION = "3.5.0";
38
38
 
39
39
  // src/well-known.ts
40
40
  var CACHE_TTL_MS = 60 * 60 * 1e3;
@@ -986,6 +986,21 @@ function createMiddleware(options) {
986
986
  );
987
987
  }
988
988
  const agentCardUrl = typeof req.headers["x-astrasync-agent-card"] === "string" ? req.headers["x-astrasync-agent-card"] : void 0;
989
+ let txValue;
990
+ let txCurrency;
991
+ if (config.extractTransactionValue) {
992
+ try {
993
+ const extracted = config.extractTransactionValue(req);
994
+ if (extracted) {
995
+ txValue = extracted.value;
996
+ txCurrency = extracted.currency;
997
+ }
998
+ } catch (e) {
999
+ if (config.debug) {
1000
+ console.warn("[VerificationGateway] extractTransactionValue threw:", e);
1001
+ }
1002
+ }
1003
+ }
989
1004
  const result = await verify(config, {
990
1005
  credentials,
991
1006
  purpose,
@@ -996,6 +1011,8 @@ function createMiddleware(options) {
996
1011
  counterpartyType: config.counterpartyType || "api",
997
1012
  enableRuntimeChallenge,
998
1013
  durationRequired: astraCreds?.pdlss?.duration?.maxSessionDuration,
1014
+ ...txValue !== void 0 && { transactionValue: txValue },
1015
+ ...txCurrency && { currency: txCurrency },
999
1016
  callerMetadata: {
1000
1017
  sourceIp: originalClientIp,
1001
1018
  userAgent: req.headers["user-agent"],