@aamp/protocol 1.1.2 → 1.1.3

package/dist/agent.d.ts

@@ -1,7 +1,7 @@
 /**
  * Layer 2: Agent SDK
  */
-import { AccessPurpose, SignedAccessRequest, FeedbackSignal, QualityFlag } from './types';
+import { AccessPurpose, SignedAccessRequest, FeedbackSignal, QualityFlag, AgentIdentityManifest } from './types';
 export interface AccessOptions {
     adsDisplayed?: boolean;
 }
@@ -10,10 +10,15 @@ export declare class AAMPAgent {
     agentId: string;
     /**
      * Initialize the Agent Identity (Ephemeral or Persisted)
-     * @param customAgentId Optional persistent ID for this agent. If omitted, generates a session ID.
+     * @param customAgentId For PRODUCTION, this should be your domain (e.g., "bot.openai.com")
      */
     initialize(customAgentId?: string): Promise<void>;
     createAccessRequest(resource: string, purpose: AccessPurpose, options?: AccessOptions): Promise<SignedAccessRequest>;
+    /**
+     * Helper: Generate the JSON file you must host on your domain
+     * Host this at: https://{agentId}/.well-known/aamp-agent.json
+     */
+    getIdentityManifest(contactEmail?: string): Promise<AgentIdentityManifest>;
     /**
      * NEW IN V1.1: Quality Feedback Loop
      * Allows the Agent to report spam or verify quality of a resource.

package/dist/agent.js

@@ -10,7 +10,7 @@ class AAMPAgent {
     }
     /**
      * Initialize the Agent Identity (Ephemeral or Persisted)
-     * @param customAgentId Optional persistent ID for this agent. If omitted, generates a session ID.
+     * @param customAgentId For PRODUCTION, this should be your domain (e.g., "bot.openai.com")
      */
     async initialize(customAgentId) {
         this.keyPair = await (0, crypto_1.generateKeyPair)();
@@ -34,6 +34,20 @@ class AAMPAgent {
         const publicKeyExport = await (0, crypto_1.exportPublicKey)(this.keyPair.publicKey);
         return { header, signature, publicKey: publicKeyExport };
     }
+    /**
+     * Helper: Generate the JSON file you must host on your domain
+     * Host this at: https://{agentId}/.well-known/aamp-agent.json
+     */
+    async getIdentityManifest(contactEmail) {
+        if (!this.keyPair)
+            throw new Error("Agent not initialized.");
+        const publicKey = await (0, crypto_1.exportPublicKey)(this.keyPair.publicKey);
+        return {
+            agent_id: this.agentId,
+            public_key: publicKey,
+            contact_email: contactEmail
+        };
+    }
     /**
      * NEW IN V1.1: Quality Feedback Loop
      * Allows the Agent to report spam or verify quality of a resource.

package/dist/constants.d.ts

@@ -3,6 +3,7 @@
  * These values are immutable and defined by the AAMP Specification.
  */
 export declare const AAMP_VERSION = "1.1";
+export declare const WELL_KNOWN_AGENT_PATH = "/.well-known/aamp-agent.json";
 export declare const HEADERS: {
     readonly PAYLOAD: "x-aamp-payload";
     readonly SIGNATURE: "x-aamp-signature";

package/dist/constants.js

@@ -4,8 +4,11 @@
  * These values are immutable and defined by the AAMP Specification.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.MAX_CLOCK_SKEW_MS = exports.CRYPTO_CONFIG = exports.HEADERS = exports.AAMP_VERSION = void 0;
+exports.MAX_CLOCK_SKEW_MS = exports.CRYPTO_CONFIG = exports.HEADERS = exports.WELL_KNOWN_AGENT_PATH = exports.AAMP_VERSION = void 0;
 exports.AAMP_VERSION = '1.1';
+// The path where Agents MUST host their public key to prove identity.
+// Example: https://bot.openai.com/.well-known/aamp-agent.json
+exports.WELL_KNOWN_AGENT_PATH = '/.well-known/aamp-agent.json';
 // HTTP Headers used for the handshake
 exports.HEADERS = {
     // Transport: The signed payload (Base64 encoded JSON of ProtocolHeader)

package/dist/express.d.ts

@@ -1,10 +1,12 @@
-import { AccessPolicy, ContentOrigin } from './types';
+import { AccessPolicy, ContentOrigin, UnauthenticatedStrategy, IdentityCache } from './types';
 export interface AAMPConfig {
     policy: Omit<AccessPolicy, 'version'>;
     meta: {
         origin: keyof typeof ContentOrigin;
         paymentPointer?: string;
     };
+    strategy?: UnauthenticatedStrategy;
+    cache?: IdentityCache;
 }
 export declare class AAMP {
     private publisher;

package/dist/express.js

@@ -8,13 +8,9 @@ exports.AAMP = void 0;
 const publisher_1 = require("./publisher");
 const types_1 = require("./types");
 const crypto_1 = require("./crypto");
-const constants_1 = require("./constants");
 class AAMP {
     constructor(config) {
-        this.publisher = new publisher_1.AAMPPublisher({
-            version: '1.1',
-            ...config.policy
-        });
+        this.publisher = new publisher_1.AAMPPublisher({ version: '1.1', ...config.policy }, config.strategy || 'PASSIVE', config.cache);
         this.origin = types_1.ContentOrigin[config.meta.origin];
         this.ready = (0, crypto_1.generateKeyPair)().then(keys => {
             return this.publisher.initialize(keys);
@@ -29,39 +25,35 @@ class AAMP {
     middleware() {
         return async (req, res, next) => {
             await this.ready;
-            // 1. Inject Provenance Headers (Passive Protection)
-            const headers = await this.publisher.generateResponseHeaders(this.origin);
-            Object.entries(headers).forEach(([k, v]) => {
-                res.setHeader(k, v);
+            // Normalize headers to lowercase dictionary
+            const headers = {};
+            Object.keys(req.headers).forEach(key => {
+                headers[key.toLowerCase()] = req.headers[key];
             });
-            // 2. Active Verification (If Agent sends signed headers)
-            const payloadHeader = req.headers[constants_1.HEADERS.PAYLOAD];
-            const sigHeader = req.headers[constants_1.HEADERS.SIGNATURE];
-            const keyHeader = req.headers[constants_1.HEADERS.PUBLIC_KEY];
-            if (payloadHeader && sigHeader && keyHeader) {
-                try {
-                    const headerJson = atob(payloadHeader); // RAW STRING
-                    const requestHeader = JSON.parse(headerJson);
-                    const signedRequest = {
-                        header: requestHeader,
-                        signature: sigHeader,
-                        publicKey: keyHeader
-                    };
-                    const agentKey = await crypto.subtle.importKey("spki", new Uint8Array(atob(keyHeader).split('').map(c => c.charCodeAt(0))), { name: "ECDSA", namedCurve: "P-256" }, true, ["verify"]);
-                    // Pass raw headerJson to ensure signature matches exactly what was signed
-                    const result = await this.publisher.verifyRequest(signedRequest, agentKey, headerJson);
-                    if (!result.allowed) {
-                        res.status(403).json({ error: result.reason });
-                        return;
-                    }
-                    // Verified!
-                    req.aamp = { verified: true, ...requestHeader };
-                }
-                catch (e) {
-                    res.status(400).json({ error: "Invalid AAMP Signature" });
-                    return;
-                }
+            // Retrieve Raw Payload if available (optional but good for crypto)
+            // Note: Express body parsing might interfere, so we usually rely on the header content.
+            const rawPayload = headers['x-aamp-payload'];
+            // Evaluate Visitor
+            const result = await this.publisher.evaluateVisitor(headers, rawPayload);
+            // Enforce Decision
+            if (!result.allowed) {
+                res.status(result.status).json({
+                    error: result.reason,
+                    visitor_type: result.visitorType
+                });
+                return;
             }
+            // Inject Provenance Headers (For the humans/agents that got through)
+            const respHeaders = await this.publisher.generateResponseHeaders(this.origin);
+            Object.entries(respHeaders).forEach(([k, v]) => {
+                res.setHeader(k, v);
+            });
+            // Attach metadata to request for downstream use
+            req.aamp = {
+                verified: result.visitorType === 'VERIFIED_AGENT',
+                type: result.visitorType,
+                ...result.metadata
+            };
             next();
         };
     }

package/dist/nextjs.d.ts

@@ -1,4 +1,4 @@
-import { AccessPolicy, ContentOrigin } from './types';
+import { AccessPolicy, ContentOrigin, UnauthenticatedStrategy, IdentityCache } from './types';
 type NextRequest = any;
 type NextResponse = any;
 export interface AAMPConfig {
@@ -7,6 +7,8 @@ export interface AAMPConfig {
         origin: keyof typeof ContentOrigin;
         paymentPointer?: string;
     };
+    strategy?: UnauthenticatedStrategy;
+    cache?: IdentityCache;
 }
 export declare class AAMPNext {
     private publisher;

package/dist/nextjs.js

@@ -8,7 +8,6 @@ exports.AAMPNext = void 0;
 const publisher_1 = require("./publisher");
 const types_1 = require("./types");
 const crypto_1 = require("./crypto");
-const constants_1 = require("./constants");
 const createJsonResponse = (body, status = 200) => {
     return new Response(JSON.stringify(body), {
         status,
@@ -17,10 +16,7 @@ const createJsonResponse = (body, status = 200) => {
 };
 class AAMPNext {
     constructor(config) {
-        this.publisher = new publisher_1.AAMPPublisher({
-            version: '1.1',
-            ...config.policy
-        });
+        this.publisher = new publisher_1.AAMPPublisher({ version: '1.1', ...config.policy }, config.strategy || 'PASSIVE', config.cache);
         this.origin = types_1.ContentOrigin[config.meta.origin];
         this.ready = (0, crypto_1.generateKeyPair)().then(keys => this.publisher.initialize(keys));
     }
@@ -33,33 +29,22 @@ class AAMPNext {
     withProtection(handler) {
         return async (req) => {
             await this.ready;
-            // 1. Active Verification
-            const payloadHeader = req.headers.get(constants_1.HEADERS.PAYLOAD);
-            const sigHeader = req.headers.get(constants_1.HEADERS.SIGNATURE);
-            const keyHeader = req.headers.get(constants_1.HEADERS.PUBLIC_KEY);
-            if (payloadHeader && sigHeader && keyHeader) {
-                try {
-                    const headerJson = atob(payloadHeader); // RAW STRING
-                    const requestHeader = JSON.parse(headerJson);
-                    const signedRequest = {
-                        header: requestHeader,
-                        signature: sigHeader,
-                        publicKey: keyHeader
-                    };
-                    const agentKey = await crypto.subtle.importKey("spki", new Uint8Array(atob(keyHeader).split('').map(c => c.charCodeAt(0))), { name: "ECDSA", namedCurve: "P-256" }, true, ["verify"]);
-                    // Pass raw headerJson to ensure signature matches exactly what was signed
-                    const result = await this.publisher.verifyRequest(signedRequest, agentKey, headerJson);
-                    if (!result.allowed) {
-                        return createJsonResponse({ error: result.reason }, 403);
-                    }
-                }
-                catch (e) {
-                    return createJsonResponse({ error: "Invalid AAMP Signature" }, 400);
-                }
+            // Extract Headers map
+            const headers = {};
+            req.headers.forEach((value, key) => {
+                headers[key.toLowerCase()] = value;
+            });
+            // Evaluate
+            const result = await this.publisher.evaluateVisitor(headers, headers['x-aamp-payload']);
+            if (!result.allowed) {
+                return createJsonResponse({
+                    error: result.reason,
+                    visitor_type: result.visitorType
+                }, result.status);
             }
-            // 2. Execute Handler
+            // Execute Handler
             const response = await handler(req);
-            // 3. Inject Provenance Headers (Passive)
+            // Inject Provenance
             const aampHeaders = await this.publisher.generateResponseHeaders(this.origin);
             if (response && response.headers) {
                 Object.entries(aampHeaders).forEach(([k, v]) => {

package/dist/publisher.d.ts

@@ -1,31 +1,34 @@
 /**
  * Layer 2: Publisher Middleware
- * Used by content owners to enforce policy and log access.
+ * Used by content owners to enforce policy, log access, and filter bots.
  */
-import { AccessPolicy, SignedAccessRequest, ContentOrigin, FeedbackSignal } from './types';
-export interface VerificationResult {
-    allowed: boolean;
-    reason: string;
-    responseHeaders?: Record<string, string>;
-}
+import { AccessPolicy, ContentOrigin, EvaluationResult, UnauthenticatedStrategy, IdentityCache } from './types';
 export declare class AAMPPublisher {
     private policy;
     private keyPair;
-    constructor(policy: AccessPolicy);
+    private unauthenticatedStrategy;
+    private cache;
+    private readonly CACHE_TTL_SECONDS;
+    constructor(policy: AccessPolicy, strategy?: UnauthenticatedStrategy, cacheImpl?: IdentityCache);
     initialize(keyPair: CryptoKeyPair): Promise<void>;
     getPolicy(): AccessPolicy;
     /**
-     * Verifies an incoming AI access request.
-     *
-     * @param request The parsed request object
-     * @param requestPublicKey The agent's public key
-     * @param rawPayload (Optional) The raw string received over the wire. REQUIRED for robust verification.
+     * Main Entry Point: Evaluate ANY visitor (Human, Bot, or Agent)
+     */
+    evaluateVisitor(reqHeaders: Record<string, string | undefined>, rawPayload?: string): Promise<EvaluationResult>;
+    /**
+     * Browser Heuristics (Hardened)
+     * 1. Checks Known Bot Signatures (Fast Fail)
+     * 2. Checks Trusted Upstream Signals (Cloudflare/Vercel)
+     * 3. Checks Browser Header Consistency
      */
-    verifyRequest(request: SignedAccessRequest, requestPublicKey: CryptoKey, rawPayload?: string): Promise<VerificationResult>;
+    private performBrowserHeuristics;
     /**
-     * Verifies a Feedback Signal (Spam Report) from an Agent.
-     * Part of the AAMP Immune System.
+     * Handle AAMP Protocol Logic
      */
-    verifyFeedback(signal: FeedbackSignal, signature: string, agentPublicKey: CryptoKey): Promise<boolean>;
+    private handleAgent;
+    private verifyRequestLogic;
+    private verifyDnsBinding;
+    private isDomain;
     generateResponseHeaders(origin: ContentOrigin): Promise<Record<string, string>>;
 }

package/dist/publisher.js

@@ -3,17 +3,45 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.AAMPPublisher = void 0;
 /**
  * Layer 2: Publisher Middleware
- * Used by content owners to enforce policy and log access.
+ * Used by content owners to enforce policy, log access, and filter bots.
  */
 const types_1 = require("./types");
 const crypto_1 = require("./crypto");
 const constants_1 = require("./constants");
+/**
+ * Default In-Memory Cache (Fallback only)
+ * NOT recommended for high-traffic Serverless production.
+ */
+class MemoryCache {
+    constructor() {
+        this.store = new Map();
+    }
+    async get(key) {
+        const item = this.store.get(key);
+        if (!item)
+            return null;
+        if (Date.now() > item.exp) {
+            this.store.delete(key);
+            return null;
+        }
+        return item.val;
+    }
+    async set(key, value, ttlSeconds) {
+        this.store.set(key, {
+            val: value,
+            exp: Date.now() + (ttlSeconds * 1000)
+        });
+    }
+}
 class AAMPPublisher {
-    constructor(policy) {
+    constructor(policy, strategy = 'PASSIVE', cacheImpl) {
         this.keyPair = null;
+        // Default TTL: 1 Hour
+        this.CACHE_TTL_SECONDS = 3600;
         this.policy = policy;
+        this.unauthenticatedStrategy = strategy;
+        this.cache = cacheImpl || new MemoryCache();
     }
-    // Publishers now need keys too, to sign their Content Origin declarations
     async initialize(keyPair) {
         this.keyPair = keyPair;
     }
@@ -21,54 +49,192 @@ class AAMPPublisher {
         return this.policy;
     }
     /**
-     * Verifies an incoming AI access request.
-     *
-     * @param request The parsed request object
-     * @param requestPublicKey The agent's public key
-     * @param rawPayload (Optional) The raw string received over the wire. REQUIRED for robust verification.
+     * Main Entry Point: Evaluate ANY visitor (Human, Bot, or Agent)
      */
-    async verifyRequest(request, requestPublicKey, rawPayload) {
-        // 1. Replay Attack Prevention (Timestamp Check)
-        const requestTime = new Date(request.header.ts).getTime();
-        const now = Date.now();
-        if (Math.abs(now - requestTime) > constants_1.MAX_CLOCK_SKEW_MS) {
-            return { allowed: false, reason: 'TIMESTAMP_INVALID: Clock skew exceeded.' };
+    async evaluateVisitor(reqHeaders, rawPayload) {
+        // 1. Check for AAMP Headers
+        const hasAamp = reqHeaders[constants_1.HEADERS.PAYLOAD] && reqHeaders[constants_1.HEADERS.SIGNATURE] && reqHeaders[constants_1.HEADERS.PUBLIC_KEY];
+        if (hasAamp) {
+            // It claims to be an Agent. Verify it.
+            return await this.handleAgent(reqHeaders, rawPayload);
         }
-        // 2. Policy Enforcement (Usage Type)
-        // STRICT CHECK: Training
-        if (request.header.purpose === types_1.AccessPurpose.CRAWL_TRAINING && !this.policy.allowTraining) {
-            return { allowed: false, reason: 'POLICY_DENIED: Training not allowed by site owner.' };
+        // 2. It's not an AAMP Agent. Apply Strategy.
+        if (this.unauthenticatedStrategy === 'STRICT') {
+            return {
+                allowed: false,
+                status: 401,
+                reason: "STRICT_MODE: Only AAMP verified agents allowed.",
+                visitorType: 'UNIDENTIFIED_BOT'
+            };
         }
-        // STRICT CHECK: RAG / Retrieval
-        if (request.header.purpose === types_1.AccessPurpose.RAG_RETRIEVAL && !this.policy.allowRAG) {
-            return { allowed: false, reason: 'POLICY_DENIED: RAG Retrieval not allowed.' };
+        if (this.unauthenticatedStrategy === 'PASSIVE') {
+            return {
+                allowed: true,
+                status: 200,
+                reason: "PASSIVE_MODE: Allowed without verification.",
+                visitorType: 'LIKELY_HUMAN'
+            };
         }
-        // 3. Economic Policy Enforcement
-        if (this.policy.requiresPayment) {
-            const isExemptViaAds = this.policy.allowAdSupportedAccess && request.header.context.ads_displayed;
-            if (!isExemptViaAds) {
+        // 3. HYBRID MODE: Heuristic Analysis (The "Lazy Bot" Filter)
+        const isHuman = this.performBrowserHeuristics(reqHeaders);
+        if (isHuman) {
+            return {
+                allowed: true,
+                status: 200,
+                reason: "BROWSER_VERIFIED: Heuristics passed.",
+                visitorType: 'LIKELY_HUMAN'
+            };
+        }
+        else {
+            return {
+                allowed: false,
+                status: 403,
+                reason: "BOT_DETECTED: Request lacks browser signatures and AAMP headers.",
+                visitorType: 'UNIDENTIFIED_BOT'
+            };
+        }
+    }
+    /**
+     * Browser Heuristics (Hardened)
+     * 1. Checks Known Bot Signatures (Fast Fail)
+     * 2. Checks Trusted Upstream Signals (Cloudflare/Vercel)
+     * 3. Checks Browser Header Consistency
+     */
+    performBrowserHeuristics(headers) {
+        const userAgent = headers['user-agent'] || '';
+        // A. The "Obvious Bot" Blocklist (Fast Fail)
+        const botSignatures = ['python-requests', 'curl', 'wget', 'scrapy', 'bot', 'crawler', 'spider'];
+        // Exception: Googlebot (if you want SEO). We'll treat Googlebot as a bot, 
+        // real implementations might white-list it via IP verification (not possible in just JS headers).
+        if (botSignatures.some(sig => userAgent.toLowerCase().includes(sig))) {
+            return false;
+        }
+        // B. Trusted Infrastructure Signals (The Real World Solution)
+        // If Cloudflare or Vercel says "This is a real user", we trust them.
+        // Cloudflare: 'cf-visitor' exists. 'cf-ipcountry' exists.
+        if (headers['cf-visitor'] || headers['cf-ray'])
+            return true;
+        // Vercel: 'x-vercel-id'
+        if (headers['x-vercel-id'])
+            return true;
+        // AWS CloudFront: 'cloudfront-viewer-address'
+        if (headers['cloudfront-viewer-address'])
+            return true;
+        // C. The "Browser Fingerprint" (Fallback for direct connections)
+        // Real browsers almost always send these headers
+        const hasAcceptLanguage = !!headers['accept-language'];
+        const hasSecFetchDest = !!headers['sec-fetch-dest'];
+        const hasUpgradeInsecure = !!headers['upgrade-insecure-requests'];
+        // If it has typical browser headers, we allow it.
+        if (hasAcceptLanguage && (hasSecFetchDest || hasUpgradeInsecure)) {
+            return true;
+        }
+        // If it has no browser headers and no trusted proxy headers -> It's likely a script.
+        return false;
+    }
+    /**
+     * Handle AAMP Protocol Logic
+     */
+    async handleAgent(reqHeaders, rawPayload) {
+        try {
+            const payloadHeader = reqHeaders[constants_1.HEADERS.PAYLOAD];
+            const sigHeader = reqHeaders[constants_1.HEADERS.SIGNATURE];
+            const keyHeader = reqHeaders[constants_1.HEADERS.PUBLIC_KEY];
+            const headerJson = atob(payloadHeader);
+            const requestHeader = JSON.parse(headerJson);
+            const signedRequest = {
+                header: requestHeader,
+                signature: sigHeader,
+                publicKey: keyHeader
+            };
+            const agentKey = await crypto.subtle.importKey("spki", new Uint8Array(atob(keyHeader).split('').map(c => c.charCodeAt(0))), { name: "ECDSA", namedCurve: "P-256" }, true, ["verify"]);
+            // Verify Core Logic
+            const result = await this.verifyRequestLogic(signedRequest, agentKey, headerJson);
+            if (!result.allowed) {
                 return {
                     allowed: false,
-                    reason: 'PAYMENT_REQUIRED: Site requires payment or ad-supported access.'
+                    status: 403,
+                    reason: result.reason,
+                    visitorType: 'VERIFIED_AGENT'
                 };
             }
+            return {
+                allowed: true,
+                status: 200,
+                reason: "AAMP_VERIFIED",
+                visitorType: 'VERIFIED_AGENT',
+                metadata: requestHeader
+            };
+        }
+        catch (e) {
+            return { allowed: false, status: 400, reason: "INVALID_SIGNATURE", visitorType: 'UNIDENTIFIED_BOT' };
+        }
+    }
+    async verifyRequestLogic(request, requestPublicKey, rawPayload) {
+        // 1. Replay Attack Prevention
+        const requestTime = new Date(request.header.ts).getTime();
+        if (Math.abs(Date.now() - requestTime) > constants_1.MAX_CLOCK_SKEW_MS) {
+            return { allowed: false, reason: 'TIMESTAMP_INVALID', identityVerified: false };
         }
-        // 4. Cryptographic Verification (The "Proof")
-        // CRITICAL: We prefer the rawPayload if available to avoid JSON parsing/stringify mismatches.
+        // 2. Crypto Verification
         const signableString = rawPayload || JSON.stringify(request.header);
-        const isValid = await (0, crypto_1.verifySignature)(requestPublicKey, signableString, request.signature);
-        if (!isValid) {
-            return { allowed: false, reason: 'CRYPTO_FAIL: Signature verification failed.' };
+        const isCryptoValid = await (0, crypto_1.verifySignature)(requestPublicKey, signableString, request.signature);
+        if (!isCryptoValid)
+            return { allowed: false, reason: 'CRYPTO_FAIL', identityVerified: false };
+        // 3. Identity Verification (DNS Binding) with Cache
+        let identityVerified = false;
+        const claimedDomain = request.header.agent_id;
+        const pubKeyString = await (0, crypto_1.exportPublicKey)(requestPublicKey);
+        // Check Cache First
+        const cachedKey = await this.cache.get(claimedDomain);
+        if (cachedKey === pubKeyString) {
+            identityVerified = true;
+        }
+        else if (this.isDomain(claimedDomain)) {
+            // Cache Miss: Perform DNS Fetch
+            identityVerified = await this.verifyDnsBinding(claimedDomain, pubKeyString);
+            if (identityVerified) {
+                await this.cache.set(claimedDomain, pubKeyString, this.CACHE_TTL_SECONDS);
+            }
+        }
+        if (this.policy.requireIdentityBinding && !identityVerified) {
+            return { allowed: false, reason: 'IDENTITY_FAIL: DNS Binding could not be verified.', identityVerified: false };
+        }
+        // 4. Policy Check: Purpose
+        if (request.header.purpose === types_1.AccessPurpose.CRAWL_TRAINING && !this.policy.allowTraining) {
+            return { allowed: false, reason: 'POLICY_DENIED: Training not allowed.', identityVerified };
         }
-        return { allowed: true, reason: 'OK' };
+        if (request.header.purpose === types_1.AccessPurpose.RAG_RETRIEVAL && !this.policy.allowRAG) {
+            return { allowed: false, reason: 'POLICY_DENIED: RAG not allowed.', identityVerified };
+        }
+        // 5. Policy Check: Economics
+        if (this.policy.requiresPayment) {
+            const isAdExempt = this.policy.allowAdSupportedAccess && request.header.context.ads_displayed;
+            if (!isAdExempt) {
+                return { allowed: false, reason: 'PAYMENT_REQUIRED: Content requires payment or ads.', identityVerified };
+            }
+        }
+        return { allowed: true, reason: 'OK', identityVerified };
     }
-    /**
-     * Verifies a Feedback Signal (Spam Report) from an Agent.
-     * Part of the AAMP Immune System.
-     */
-    async verifyFeedback(signal, signature, agentPublicKey) {
-        const signableString = JSON.stringify(signal);
-        return await (0, crypto_1.verifySignature)(agentPublicKey, signableString, signature);
+    async verifyDnsBinding(domain, requestKeySpki) {
+        try {
+            const url = `https://${domain}${constants_1.WELL_KNOWN_AGENT_PATH}`;
+            // In production, we need a short timeout to prevent hanging
+            const controller = new AbortController();
+            const timeoutId = setTimeout(() => controller.abort(), 1500); // 1.5s max for DNS check
+            const response = await fetch(url, { signal: controller.signal });
+            clearTimeout(timeoutId);
+            if (!response.ok)
+                return false;
+            const manifest = await response.json();
+            return manifest.agent_id === domain && manifest.public_key === requestKeySpki;
+        }
+        catch {
+            return false;
+        }
+    }
+    isDomain(s) {
+        return /^[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/.test(s);
     }
     async generateResponseHeaders(origin) {
         if (!this.keyPair)