@astrasyncai/verification-gateway 3.4.0 → 3.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +86 -0
- package/dist/adapter-interface/interface.d.mts +2 -2
- package/dist/adapter-interface/interface.d.ts +2 -2
- package/dist/adapters/express.d.mts +2 -2
- package/dist/adapters/express.d.ts +2 -2
- package/dist/adapters/express.js +18 -1
- package/dist/adapters/express.js.map +1 -1
- package/dist/adapters/express.mjs +18 -1
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/mcp.d.mts +1 -1
- package/dist/adapters/mcp.d.ts +1 -1
- package/dist/adapters/mcp.js +1 -1
- package/dist/adapters/mcp.js.map +1 -1
- package/dist/adapters/mcp.mjs +1 -1
- package/dist/adapters/mcp.mjs.map +1 -1
- package/dist/adapters/nextjs.d.mts +2 -2
- package/dist/adapters/nextjs.d.ts +2 -2
- package/dist/adapters/nextjs.js +1 -1
- package/dist/adapters/nextjs.js.map +1 -1
- package/dist/adapters/nextjs.mjs +1 -1
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/adapters/sdk.d.mts +2 -2
- package/dist/adapters/sdk.d.ts +2 -2
- package/dist/adapters/sdk.js +1 -1
- package/dist/adapters/sdk.js.map +1 -1
- package/dist/adapters/sdk.mjs +1 -1
- package/dist/adapters/sdk.mjs.map +1 -1
- package/dist/agent/index.d.mts +2 -2
- package/dist/agent/index.d.ts +2 -2
- package/dist/browser/background.js +1 -1
- package/dist/browser/background.js.map +1 -1
- package/dist/browser/background.mjs +1 -1
- package/dist/browser/background.mjs.map +1 -1
- package/dist/browser/browser-adapter.d.mts +2 -2
- package/dist/browser/browser-adapter.d.ts +2 -2
- package/dist/cli/index.d.mts +2 -2
- package/dist/cli/index.d.ts +2 -2
- package/dist/cursor/cursor-adapter.d.mts +2 -2
- package/dist/cursor/cursor-adapter.d.ts +2 -2
- package/dist/cursor/extension.d.mts +2 -2
- package/dist/cursor/extension.d.ts +2 -2
- package/dist/cursor/extension.js +1 -1
- package/dist/cursor/extension.js.map +1 -1
- package/dist/cursor/extension.mjs +1 -1
- package/dist/cursor/extension.mjs.map +1 -1
- package/dist/{express-CeFvNWDD.d.mts → express-BH5ADAyb.d.mts} +1 -1
- package/dist/{express-RIh05wW2.d.ts → express-jUzLIoep.d.ts} +1 -1
- package/dist/gateway/gateway.d.mts +2 -2
- package/dist/gateway/gateway.d.ts +2 -2
- package/dist/gateway/gateway.js +1 -1
- package/dist/gateway/gateway.js.map +1 -1
- package/dist/gateway/gateway.mjs +1 -1
- package/dist/gateway/gateway.mjs.map +1 -1
- package/dist/git-trigger/git-hooks.d.mts +2 -2
- package/dist/git-trigger/git-hooks.d.ts +2 -2
- package/dist/{index-Bw4FeHMY.d.mts → index-BR2nmxBU.d.mts} +5 -1
- package/dist/{index-C-K0WCrk.d.ts → index-DEixUCu0.d.ts} +5 -1
- package/dist/{index-BYu1FKMy.d.ts → index-DlCnmpJH.d.ts} +1 -1
- package/dist/{index-DgVBEiwI.d.mts → index-aZHAWujT.d.mts} +1 -1
- package/dist/index.d.mts +7 -7
- package/dist/index.d.ts +7 -7
- package/dist/index.js +40 -5
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +40 -5
- package/dist/index.mjs.map +1 -1
- package/dist/local-evaluator/evaluator.d.mts +2 -2
- package/dist/local-evaluator/evaluator.d.ts +2 -2
- package/dist/{nextjs--xR9zbSJ.d.ts → nextjs-DfXOd0Au.d.ts} +1 -1
- package/dist/{nextjs-xciaMpsZ.d.mts → nextjs-LTeoPqMH.d.mts} +1 -1
- package/dist/{sdk-CJYCLMI0.d.mts → sdk-DKhwVL9X.d.mts} +1 -1
- package/dist/{sdk-FP7xT9F8.d.ts → sdk-LmvyDVpL.d.ts} +1 -1
- package/dist/transport/index.d.mts +2 -2
- package/dist/transport/index.d.ts +2 -2
- package/dist/transport/index.js +22 -4
- package/dist/transport/index.js.map +1 -1
- package/dist/transport/index.mjs +22 -4
- package/dist/transport/index.mjs.map +1 -1
- package/dist/{types-Cj92yKeA.d.mts → types-C8HyQEaz.d.mts} +1 -1
- package/dist/{types-Cwrvo30g.d.mts → types-DrDIouvO.d.mts} +24 -2
- package/dist/{types-Cwrvo30g.d.ts → types-DrDIouvO.d.ts} +24 -2
- package/dist/{types-DOeL-dIw.d.ts → types-xofemo0G.d.ts} +1 -1
- package/dist/ui/index.d.mts +1 -1
- package/dist/ui/index.d.ts +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -409,6 +409,61 @@ interface VerificationResult {
|
|
|
409
409
|
}
|
|
410
410
|
```
|
|
411
411
|
|
|
412
|
+
## Settlement Authorization
|
|
413
|
+
|
|
414
|
+
For direct-path merchants settling a priced cart, call `authorizeSettlement()` **after** pricing — the middleware only verifies identity/access, not the transaction value:
|
|
415
|
+
|
|
416
|
+
```typescript
|
|
417
|
+
import { authorizeSettlement } from '@astrasyncai/verification-gateway';
|
|
418
|
+
|
|
419
|
+
const decision = await authorizeSettlement(config, {
|
|
420
|
+
agentId: req.agentVerification.agent.astraId,
|
|
421
|
+
value: cart.total, // YOUR authoritative priced total, never agent-supplied
|
|
422
|
+
currency: 'USD',
|
|
423
|
+
});
|
|
424
|
+
|
|
425
|
+
if (!decision.authorized) {
|
|
426
|
+
// decision.stepUpApproval?.pollUrl — if in the approval band, the owner can approve
|
|
427
|
+
return res.status(402).json({ error: decision.reason, stepUpApproval: decision.stepUpApproval });
|
|
428
|
+
}
|
|
429
|
+
// Safe to settle
|
|
430
|
+
```
|
|
431
|
+
|
|
432
|
+
## Step-Up Approval
|
|
433
|
+
|
|
434
|
+
When a transaction value is between the agent's Autonomous Limit and Hard Limit, verify-access returns `stepUpApproval` on the result:
|
|
435
|
+
|
|
436
|
+
```typescript
|
|
437
|
+
interface StepUpApprovalInfo {
|
|
438
|
+
approvalId: string; // Capability token (UUID)
|
|
439
|
+
pollUrl: string; // GET /api/step-up-approvals/poll/:approvalId
|
|
440
|
+
expiresAt: string; // ISO-8601, 5-minute TTL
|
|
441
|
+
}
|
|
442
|
+
```
|
|
443
|
+
|
|
444
|
+
Poll the `pollUrl` (unauthenticated, rate-limited 60 req/min) to check if the owner approved. The `getApprovalPollingInfo(result)` helper extracts it from a `VerificationResult`.
|
|
445
|
+
|
|
446
|
+
## Settlement Artifacts
|
|
447
|
+
|
|
448
|
+
On a clean merchant-mediated grant where the owner has a verified payment instrument, verify-access returns a `settlement` object:
|
|
449
|
+
|
|
450
|
+
```typescript
|
|
451
|
+
interface SettlementArtifact {
|
|
452
|
+
type: string; // e.g. "stablecoin_voucher"
|
|
453
|
+
artifact: string; // JWS compact-serialised (ES256)
|
|
454
|
+
binding: {
|
|
455
|
+
merchantId: string;
|
|
456
|
+
amount: number;
|
|
457
|
+
currency: string;
|
|
458
|
+
sessionId: string;
|
|
459
|
+
singleUse: true;
|
|
460
|
+
expiresAt: string;
|
|
461
|
+
};
|
|
462
|
+
}
|
|
463
|
+
```
|
|
464
|
+
|
|
465
|
+
Verify vouchers server-side via `POST /api/wallets/voucher/verify` or fetch the signing keys from `GET /api/wallets/voucher/.well-known/jwks.json`.
|
|
466
|
+
|
|
412
467
|
## Configuration
|
|
413
468
|
|
|
414
469
|
```typescript
|
|
@@ -494,6 +549,37 @@ Pre-v2.4.2 used the value `pass-through` — renamed in v2.4.2 to disambiguate "
|
|
|
494
549
|
|
|
495
550
|
## Changelog
|
|
496
551
|
|
|
552
|
+
### v3.4.0 — Type alignment for LMAX settlement + step-up approval
|
|
553
|
+
|
|
554
|
+
- `StepUpApprovalInfo` and `SettlementArtifact` interfaces added to `VerificationResult`
|
|
555
|
+
- `stepUpApproval` surfaced in Express/MCP/Next.js adapter deny response bodies
|
|
556
|
+
- `SettlementDecision` carries `stepUpApproval` on step-up denials via `authorizeSettlement()`
|
|
557
|
+
- `getApprovalPollingInfo()` simplified — typed field, no more `unknown` casts
|
|
558
|
+
- `Attestation.checkedAt` (required) — merchant freshness gate timestamp
|
|
559
|
+
- `VERSION` constant updated to `3.4.0`
|
|
560
|
+
|
|
561
|
+
### v3.3.0 — Direct-path value enforcement
|
|
562
|
+
|
|
563
|
+
- `authorizeSettlement(config, { agentId, value, currency })` — fail-closed settlement gate for direct-path merchants
|
|
564
|
+
- `restrictions` surfaces `approvalThreshold` (enforced per-tx) and `maxPerPeriod` (not yet enforced)
|
|
565
|
+
- ASCII-safe agent-facing strings
|
|
566
|
+
|
|
567
|
+
### v3.2.1 — Platform-agent go-live readiness
|
|
568
|
+
|
|
569
|
+
- Canonical PDLSS limits terminology (`autonomousThreshold`, `approvalThreshold`)
|
|
570
|
+
- Step-up/approval fail-closed in Express/MCP/Next.js adapters via `approval-gate.ts`
|
|
571
|
+
|
|
572
|
+
### v3.2.0 — Commerce observability
|
|
573
|
+
|
|
574
|
+
- Access-level band no longer gates (informational only); `requiresStepUp` carries the signal
|
|
575
|
+
- Trust score redacted from agent-facing responses
|
|
576
|
+
- Cross-merchant cache key fix
|
|
577
|
+
|
|
578
|
+
### v3.1.0 — Canonical PDLSS vocabulary (Bug 14)
|
|
579
|
+
|
|
580
|
+
- Two-axis purpose/action chains with dotted action tokens
|
|
581
|
+
- Route send-mapping for tool→semantic-action translation
|
|
582
|
+
|
|
497
583
|
### v2.4.6 — Round-14 partner integration testing
|
|
498
584
|
|
|
499
585
|
**⚠️ BREAKING CHANGE — `endpointUrl` → `counterpartyUrl` on `POST /api/endpoints` AND `PUT /api/endpoints/{id}`**
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { AstraSyncGateway } from '../gateway/gateway.mjs';
|
|
2
|
-
import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-
|
|
3
|
-
import '../types-
|
|
2
|
+
import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-C8HyQEaz.mjs';
|
|
3
|
+
import '../types-DrDIouvO.mjs';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* PlatformAdapter Interface
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { AstraSyncGateway } from '../gateway/gateway.js';
|
|
2
|
-
import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-
|
|
3
|
-
import '../types-
|
|
2
|
+
import { A as AgentAction, I as InterceptResult, P as PDLSSContext, V as VerificationDecision } from '../types-xofemo0G.js';
|
|
3
|
+
import '../types-DrDIouvO.js';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* PlatformAdapter Interface
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import 'express';
|
|
2
|
-
import '../types-
|
|
3
|
-
export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-
|
|
2
|
+
import '../types-DrDIouvO.mjs';
|
|
3
|
+
export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-BH5ADAyb.mjs';
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import 'express';
|
|
2
|
-
import '../types-
|
|
3
|
-
export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-
|
|
2
|
+
import '../types-DrDIouvO.js';
|
|
3
|
+
export { c as createMiddleware, a as extractAstraSyncCredentials } from '../express-jUzLIoep.js';
|
package/dist/adapters/express.js
CHANGED
|
@@ -34,7 +34,7 @@ function getTrustLevel(score) {
|
|
|
34
34
|
}
|
|
35
35
|
|
|
36
36
|
// src/version.ts
|
|
37
|
-
var SDK_VERSION = "3.
|
|
37
|
+
var SDK_VERSION = "3.5.0";
|
|
38
38
|
|
|
39
39
|
// src/well-known.ts
|
|
40
40
|
var CACHE_TTL_MS = 60 * 60 * 1e3;
|
|
@@ -986,6 +986,21 @@ function createMiddleware(options) {
|
|
|
986
986
|
);
|
|
987
987
|
}
|
|
988
988
|
const agentCardUrl = typeof req.headers["x-astrasync-agent-card"] === "string" ? req.headers["x-astrasync-agent-card"] : void 0;
|
|
989
|
+
let txValue;
|
|
990
|
+
let txCurrency;
|
|
991
|
+
if (config.extractTransactionValue) {
|
|
992
|
+
try {
|
|
993
|
+
const extracted = config.extractTransactionValue(req);
|
|
994
|
+
if (extracted) {
|
|
995
|
+
txValue = extracted.value;
|
|
996
|
+
txCurrency = extracted.currency;
|
|
997
|
+
}
|
|
998
|
+
} catch (e) {
|
|
999
|
+
if (config.debug) {
|
|
1000
|
+
console.warn("[VerificationGateway] extractTransactionValue threw:", e);
|
|
1001
|
+
}
|
|
1002
|
+
}
|
|
1003
|
+
}
|
|
989
1004
|
const result = await verify(config, {
|
|
990
1005
|
credentials,
|
|
991
1006
|
purpose,
|
|
@@ -996,6 +1011,8 @@ function createMiddleware(options) {
|
|
|
996
1011
|
counterpartyType: config.counterpartyType || "api",
|
|
997
1012
|
enableRuntimeChallenge,
|
|
998
1013
|
durationRequired: astraCreds?.pdlss?.duration?.maxSessionDuration,
|
|
1014
|
+
...txValue !== void 0 && { transactionValue: txValue },
|
|
1015
|
+
...txCurrency && { currency: txCurrency },
|
|
999
1016
|
callerMetadata: {
|
|
1000
1017
|
sourceIp: originalClientIp,
|
|
1001
1018
|
userAgent: req.headers["user-agent"],
|