npm - @agent-id/nextjs - Versions diffs - 0.1.0 - Mend

@agent-id/nextjs 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 agent-id
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,113 @@
+# @agent-id/nextjs
+Next.js middleware that automatically detects AI-agent traffic and requires a valid [AgentPass](https://agentpass.vercel.app) JWT. Human browser traffic always passes through untouched.
+## Install
+```bash
+npm install @agent-id/nextjs
+```
+Requires `next >= 14`.
+## Setup — 2 steps
+### 1. Add the middleware
+Create (or update) `middleware.ts` in your project root:
+```ts
+import { createAgentPassMiddleware } from '@agent-id/nextjs';
+import type { NextRequest } from 'next/server';
+const agentPass = createAgentPassMiddleware();
+export function middleware(request: NextRequest) {
+  return agentPass(request);
+}
+// Protect your API routes
+export const config = {
+  matcher: '/api/:path*',
+};
+```
+That's it. The middleware now:
+- Lets all human browser traffic through unchanged
+- Requires a valid AgentPass JWT from any AI agent / bot
+- Returns `403 AGENT_UNAUTHORIZED` when the JWT is missing or invalid
+### 2. Read the verified identity in your route handlers (optional)
+```ts
+// app/api/anything/route.ts
+import { getAgentPassResult } from '@agent-id/nextjs';
+import type { NextRequest } from 'next/server';
+export async function GET(request: NextRequest) {
+  const agent = getAgentPassResult(request);
+  if (agent.verified) {
+    // Verified AI agent — claims are fully typed
+    console.log(agent.claims.sub);          // pseudonymous stable user ID
+    console.log(agent.claims.auth_method);  // "bankid"
+  }
+  // Human traffic: agent.verified === false, agent.reason === 'not_agent'
+  return Response.json({ ok: true });
+}
+```
+## How agents authenticate
+Agents add one header to every request:
+```
+Authorization: Bearer <agentpass-jwt>
+```
+The JWT is obtained by completing a BankID flow at [agentpass.vercel.app](https://agentpass.vercel.app). Tokens are valid for 1 hour.
+## Options
+All options are optional — `createAgentPassMiddleware()` with no arguments works out of the box.
+```ts
+createAgentPassMiddleware({
+  // Return 403 when an agent has no valid token (default: true).
+  // Set to false to let unverified agents through (useful for logging / gradual rollout).
+  blockUnauthorizedAgents: true,
+  // Override the JWKS endpoint — only needed if you self-host AgentPass.
+  jwksUrl: 'https://your-agentpass.example.com/api/jwks',
+  // Clock skew tolerance in seconds (default: 30).
+  clockTolerance: 30,
+  // Fully custom response when an agent is rejected.
+  onUnauthorizedAgent: (request, reason) =>
+    NextResponse.json({ error: 'No AgentPass token', reason }, { status: 403 }),
+})
+```
+## What gets verified
+Verification is **fully offline** after the first request. The public key is fetched once from the AgentPass JWKS endpoint and cached for 1 hour — no per-request network call.
+| Check | Requirement |
+|---|---|
+| Signature | RS256 — `alg:none` and HS256 are explicitly rejected |
+| Issuer (`iss`) | Must equal `"agentpass"` |
+| Expiry (`exp`) | Must be in the future |
+| `auth_method` | Must equal `"bankid"` |
+## JWT claims
+| Field | Description |
+|---|---|
+| `sub` | Pseudonymous stable user ID (HMAC-SHA256 of BankID personal number — non-reversible, same person always gets the same ID) |
+| `auth_method` | Always `"bankid"` |
+| `iss` | `"agentpass"` |
+| `exp` | Unix timestamp — 1 hour from issue |
+| `iat` | Unix timestamp — when issued |
+| `jti` | Unique token ID |

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,163 @@
+import { NextRequest, NextResponse } from 'next/server';
+/**
+ * JWT claims present in every AgentPass token.
+ *
+ * The `sub` field is a pseudonymous identifier derived via HMAC-SHA256 of the
+ * user's BankID personal number. It is stable per person but non-reversible —
+ * organisations cannot extract the personal number from it.
+ */
+interface AgentPassClaims {
+    /** Pseudonymous, stable per-user identifier (HMAC-SHA256 of personal number). */
+    sub: string;
+    /** Issuer — always "agentpass". */
+    iss: string;
+    /** Issued-at Unix timestamp. */
+    iat: number;
+    /** Expiry Unix timestamp (1 hour after iat). */
+    exp: number;
+    /** Unique JWT ID — enables token logging / replay detection on your side. */
+    jti: string;
+    /** Authentication method — always "bankid" in this version. */
+    auth_method: "bankid";
+}
+interface AgentPassVerified {
+    verified: true;
+    claims: AgentPassClaims;
+}
+interface AgentPassUnverified {
+    verified: false;
+    /** Why verification was skipped or failed. */
+    reason: "not_agent" | "no_token" | "invalid_token";
+}
+/** Result attached to every request processed by the AgentPass middleware. */
+type AgentPassResult = AgentPassVerified | AgentPassUnverified;
+interface VerifierOptions {
+    /**
+     * URL of the AgentPass JWKS endpoint.
+     * Must use HTTPS (except `localhost` / `127.0.0.1` in development).
+     *
+     * @default 'https://agentpass.vercel.app/api/jwks'
+     */
+    jwksUrl?: string;
+    /**
+     * Block agent requests that carry no valid AgentPass token.
+     * When `false` the middleware still runs but sets an unverified result
+     * on the request instead of returning 403.
+     *
+     * @default true
+     */
+    blockUnauthorizedAgents?: boolean;
+    /**
+     * Allowed clock skew in seconds when verifying JWT expiry.
+     * Protects against minor clock drift between issuer and verifier.
+     *
+     * @default 30
+     */
+    clockTolerance?: number;
+}
+type AgentPassMiddlewareOptions = VerifierOptions & {
+    /**
+     * Optional callback invoked when an agent is detected but carries no
+     * valid token. Return a `NextResponse` to override the default 403.
+     */
+    onUnauthorizedAgent?: (request: NextRequest, reason: string) => NextResponse | void;
+};
+/**
+ * Factory that returns a Next.js middleware function which detects AI-agent
+ * traffic and enforces AgentPass JWT authentication.
+ *
+ * @example
+ * ```ts
+ * // middleware.ts (project root)
+ * import { createAgentPassMiddleware } from '@agent-id/nextjs';
+ *
+ * const agentPass = createAgentPassMiddleware({
+ *   blockUnauthorizedAgents: true,
+ * });
+ *
+ * export function middleware(request: NextRequest) {
+ *   return agentPass(request);
+ * }
+ *
+ * export const config = { matcher: '/api/:path*' };
+ * ```
+ */
+declare function createAgentPassMiddleware(options?: AgentPassMiddlewareOptions): (request: NextRequest) => Promise<NextResponse>;
+interface VerifyTokenOptions {
+    jwksUrl?: string;
+    clockTolerance?: number;
+}
+/**
+ * Verify an AgentPass JWT and return its decoded claims.
+ *
+ * Security guarantees
+ * ───────────────────
+ * • Signature   — RS256, verified against the live JWKS public key.
+ * • Algorithm   — strict allowlist `['RS256']`; alg:none and HS256 are
+ *                 rejected before signature verification even begins.
+ * • Issuer      — must be exactly "agentpass".
+ * • Expiry      — enforced; configurable clock tolerance (default 30 s).
+ * • kid         — jose matches the JWT `kid` header to the JWKS automatically.
+ * • auth_method — validated at runtime; must equal "bankid".
+ *
+ * @throws if the token is invalid, expired, or fails any check.
+ */
+declare function verifyAgentPassToken(token: string, options?: VerifyTokenOptions): Promise<AgentPassClaims>;
+/**
+ * Bot / AI-agent detection for Next.js (Edge Runtime compatible).
+ *
+ * Uses layered heuristics:
+ *  1. Explicit bot / AI-agent User-Agent strings
+ *  2. Cloudflare Bot Management score (if header is present)
+ *  3. Absence of browser signals (no Accept-Language + non-browser UA)
+ *
+ * The detector is intentionally conservative — when in doubt it lets the
+ * request through (fail open). A false negative (undetected bot) means the
+ * request passes without a JWT check. A false positive (human flagged as bot)
+ * would block legitimate traffic, which is much worse.
+ */
+/**
+ * Returns `true` if the request appears to originate from an automated
+ * agent or bot rather than a human browser.
+ *
+ * @param headers - The `Headers` object from a Next.js `NextRequest`
+ */
+declare function isAgentRequest(headers: Headers): boolean;
+/**
+ * Extract the AgentPass JWT from request headers.
+ *
+ * Checks in order:
+ *  1. `Authorization: Bearer <token>` (preferred)
+ *  2. `X-AgentPass-Token` (fallback when Authorization is stripped by proxies)
+ *
+ * @returns The raw JWT string, or `null` if absent.
+ */
+declare function extractToken(headers: Headers): string | null;
+/**
+ * Extract the verified AgentPass identity from a Next.js App Router request.
+ *
+ * This function reads the headers set by `createAgentPassMiddleware`. It must
+ * only be called from route handlers that sit behind the middleware.
+ *
+ * @example
+ * ```ts
+ * // app/api/data/route.ts
+ * import { getAgentPassResult } from '@agent-id/nextjs';
+ *
+ * export async function GET(request: NextRequest) {
+ *   const agentPass = getAgentPassResult(request);
+ *   if (!agentPass.verified) {
+ *     return Response.json({ error: 'Unauthorized' }, { status: 403 });
+ *   }
+ *   return Response.json({ sub: agentPass.claims.sub });
+ * }
+ * ```
+ */
+declare function getAgentPassResult(request: NextRequest): AgentPassResult;
+export { type AgentPassClaims, type AgentPassMiddlewareOptions, type AgentPassResult, type AgentPassUnverified, type AgentPassVerified, type VerifierOptions, type VerifyTokenOptions, createAgentPassMiddleware, extractToken, getAgentPassResult, isAgentRequest, verifyAgentPassToken };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,163 @@
+import { NextRequest, NextResponse } from 'next/server';
+/**
+ * JWT claims present in every AgentPass token.
+ *
+ * The `sub` field is a pseudonymous identifier derived via HMAC-SHA256 of the
+ * user's BankID personal number. It is stable per person but non-reversible —
+ * organisations cannot extract the personal number from it.
+ */
+interface AgentPassClaims {
+    /** Pseudonymous, stable per-user identifier (HMAC-SHA256 of personal number). */
+    sub: string;
+    /** Issuer — always "agentpass". */
+    iss: string;
+    /** Issued-at Unix timestamp. */
+    iat: number;
+    /** Expiry Unix timestamp (1 hour after iat). */
+    exp: number;
+    /** Unique JWT ID — enables token logging / replay detection on your side. */
+    jti: string;
+    /** Authentication method — always "bankid" in this version. */
+    auth_method: "bankid";
+}
+interface AgentPassVerified {
+    verified: true;
+    claims: AgentPassClaims;
+}
+interface AgentPassUnverified {
+    verified: false;
+    /** Why verification was skipped or failed. */
+    reason: "not_agent" | "no_token" | "invalid_token";
+}
+/** Result attached to every request processed by the AgentPass middleware. */
+type AgentPassResult = AgentPassVerified | AgentPassUnverified;
+interface VerifierOptions {
+    /**
+     * URL of the AgentPass JWKS endpoint.
+     * Must use HTTPS (except `localhost` / `127.0.0.1` in development).
+     *
+     * @default 'https://agentpass.vercel.app/api/jwks'
+     */
+    jwksUrl?: string;
+    /**
+     * Block agent requests that carry no valid AgentPass token.
+     * When `false` the middleware still runs but sets an unverified result
+     * on the request instead of returning 403.
+     *
+     * @default true
+     */
+    blockUnauthorizedAgents?: boolean;
+    /**
+     * Allowed clock skew in seconds when verifying JWT expiry.
+     * Protects against minor clock drift between issuer and verifier.
+     *
+     * @default 30
+     */
+    clockTolerance?: number;
+}
+type AgentPassMiddlewareOptions = VerifierOptions & {
+    /**
+     * Optional callback invoked when an agent is detected but carries no
+     * valid token. Return a `NextResponse` to override the default 403.
+     */
+    onUnauthorizedAgent?: (request: NextRequest, reason: string) => NextResponse | void;
+};
+/**
+ * Factory that returns a Next.js middleware function which detects AI-agent
+ * traffic and enforces AgentPass JWT authentication.
+ *
+ * @example
+ * ```ts
+ * // middleware.ts (project root)
+ * import { createAgentPassMiddleware } from '@agent-id/nextjs';
+ *
+ * const agentPass = createAgentPassMiddleware({
+ *   blockUnauthorizedAgents: true,
+ * });
+ *
+ * export function middleware(request: NextRequest) {
+ *   return agentPass(request);
+ * }
+ *
+ * export const config = { matcher: '/api/:path*' };
+ * ```
+ */
+declare function createAgentPassMiddleware(options?: AgentPassMiddlewareOptions): (request: NextRequest) => Promise<NextResponse>;
+interface VerifyTokenOptions {
+    jwksUrl?: string;
+    clockTolerance?: number;
+}
+/**
+ * Verify an AgentPass JWT and return its decoded claims.
+ *
+ * Security guarantees
+ * ───────────────────
+ * • Signature   — RS256, verified against the live JWKS public key.
+ * • Algorithm   — strict allowlist `['RS256']`; alg:none and HS256 are
+ *                 rejected before signature verification even begins.
+ * • Issuer      — must be exactly "agentpass".
+ * • Expiry      — enforced; configurable clock tolerance (default 30 s).
+ * • kid         — jose matches the JWT `kid` header to the JWKS automatically.
+ * • auth_method — validated at runtime; must equal "bankid".
+ *
+ * @throws if the token is invalid, expired, or fails any check.
+ */
+declare function verifyAgentPassToken(token: string, options?: VerifyTokenOptions): Promise<AgentPassClaims>;
+/**
+ * Bot / AI-agent detection for Next.js (Edge Runtime compatible).
+ *
+ * Uses layered heuristics:
+ *  1. Explicit bot / AI-agent User-Agent strings
+ *  2. Cloudflare Bot Management score (if header is present)
+ *  3. Absence of browser signals (no Accept-Language + non-browser UA)
+ *
+ * The detector is intentionally conservative — when in doubt it lets the
+ * request through (fail open). A false negative (undetected bot) means the
+ * request passes without a JWT check. A false positive (human flagged as bot)
+ * would block legitimate traffic, which is much worse.
+ */
+/**
+ * Returns `true` if the request appears to originate from an automated
+ * agent or bot rather than a human browser.
+ *
+ * @param headers - The `Headers` object from a Next.js `NextRequest`
+ */
+declare function isAgentRequest(headers: Headers): boolean;
+/**
+ * Extract the AgentPass JWT from request headers.
+ *
+ * Checks in order:
+ *  1. `Authorization: Bearer <token>` (preferred)
+ *  2. `X-AgentPass-Token` (fallback when Authorization is stripped by proxies)
+ *
+ * @returns The raw JWT string, or `null` if absent.
+ */
+declare function extractToken(headers: Headers): string | null;
+/**
+ * Extract the verified AgentPass identity from a Next.js App Router request.
+ *
+ * This function reads the headers set by `createAgentPassMiddleware`. It must
+ * only be called from route handlers that sit behind the middleware.
+ *
+ * @example
+ * ```ts
+ * // app/api/data/route.ts
+ * import { getAgentPassResult } from '@agent-id/nextjs';
+ *
+ * export async function GET(request: NextRequest) {
+ *   const agentPass = getAgentPassResult(request);
+ *   if (!agentPass.verified) {
+ *     return Response.json({ error: 'Unauthorized' }, { status: 403 });
+ *   }
+ *   return Response.json({ sub: agentPass.claims.sub });
+ * }
+ * ```
+ */
+declare function getAgentPassResult(request: NextRequest): AgentPassResult;
+export { type AgentPassClaims, type AgentPassMiddlewareOptions, type AgentPassResult, type AgentPassUnverified, type AgentPassVerified, type VerifierOptions, type VerifyTokenOptions, createAgentPassMiddleware, extractToken, getAgentPassResult, isAgentRequest, verifyAgentPassToken };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,244 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  createAgentPassMiddleware: () => createAgentPassMiddleware,
+  extractToken: () => extractToken,
+  getAgentPassResult: () => getAgentPassResult,
+  isAgentRequest: () => isAgentRequest,
+  verifyAgentPassToken: () => verifyAgentPassToken
+});
+module.exports = __toCommonJS(index_exports);
+// src/middleware.ts
+var import_server = require("next/server");
+// src/detect.ts
+var BOT_UA_PATTERNS = [
+  // OpenAI
+  /GPTBot/i,
+  /ChatGPT-User/i,
+  /OAI-SearchBot/i,
+  // Anthropic / Claude
+  /ClaudeBot/i,
+  /Claude-Web/i,
+  /anthropic-ai/i,
+  // Google
+  /Googlebot/i,
+  /Google-Extended/i,
+  /AdsBot-Google/i,
+  // Microsoft / Bing
+  /bingbot/i,
+  /msnbot/i,
+  // AI search engines
+  /PerplexityBot/i,
+  /YouBot/i,
+  // Common HTTP automation libraries
+  /python-requests/i,
+  /node-fetch/i,
+  /\baxios\b/i,
+  /\bgot\b\//i,
+  /\bundici\b/i,
+  /\bcurl\b/i,
+  /\bwget\b/i,
+  /\bhttpie\b/i,
+  // Generic crawler signals (word-boundary matched to reduce false positives)
+  /\bbot\b/i,
+  /\bcrawler\b/i,
+  /\bspider\b/i,
+  /\bscraper\b/i,
+  /\bfetcher\b/i,
+  // MCP / AgentPass clients
+  /mcp-client/i,
+  /agentpass-client/i
+];
+var BROWSER_UA_RE = /Mozilla\/5\.0/i;
+function isAgentRequest(headers) {
+  const ua = headers.get("user-agent") ?? "";
+  if (!ua) return true;
+  if (BOT_UA_PATTERNS.some((p) => p.test(ua))) return true;
+  const cfRaw = headers.get("cf-bot-management");
+  if (cfRaw) {
+    try {
+      const parsed = JSON.parse(cfRaw);
+      if (typeof parsed.score === "number" && parsed.score < 30) return true;
+    } catch {
+    }
+  }
+  if (!BROWSER_UA_RE.test(ua) && !headers.get("accept-language")) return true;
+  return false;
+}
+function extractToken(headers) {
+  const auth = headers.get("authorization") ?? "";
+  if (auth.startsWith("Bearer ")) {
+    const token = auth.slice(7).trim();
+    if (token) return token;
+  }
+  const custom = headers.get("x-agentpass-token")?.trim();
+  if (custom) return custom;
+  return null;
+}
+// src/verify.ts
+var import_jose = require("jose");
+var DEFAULT_JWKS_URL = "https://agentpass.vercel.app/api/jwks";
+var jwksSets = /* @__PURE__ */ new Map();
+function getJwks(rawUrl) {
+  if (!jwksSets.has(rawUrl)) {
+    const url = new URL(rawUrl);
+    const isLocal = url.hostname === "localhost" || url.hostname === "127.0.0.1" || url.hostname === "::1";
+    if (url.protocol !== "https:" && !isLocal) {
+      throw new Error(
+        `[agent-id] jwksUrl must use HTTPS, received: ${rawUrl}`
+      );
+    }
+    jwksSets.set(
+      rawUrl,
+      (0, import_jose.createRemoteJWKSet)(url, {
+        cacheMaxAge: 60 * 60 * 1e3
+        // 1 hour in ms
+      })
+    );
+  }
+  return jwksSets.get(rawUrl);
+}
+async function verifyAgentPassToken(token, options = {}) {
+  const jwksUrl = options.jwksUrl ?? DEFAULT_JWKS_URL;
+  const JWKS = getJwks(jwksUrl);
+  const { payload } = await (0, import_jose.jwtVerify)(token, JWKS, {
+    issuer: "agentpass",
+    // ↓ Critical — explicit allowlist prevents algorithm-confusion attacks.
+    //   Any token claiming alg:"none", alg:"HS256", or anything else is
+    //   rejected before signature verification.
+    algorithms: ["RS256"],
+    clockTolerance: options.clockTolerance ?? 30
+  });
+  if (payload.auth_method !== "bankid") {
+    throw new Error(
+      `[agent-id] JWT has invalid auth_method: expected "bankid", got "${payload.auth_method ?? "undefined"}"`
+    );
+  }
+  if (typeof payload.sub !== "string" || payload.sub.length === 0) {
+    throw new Error("[agent-id] JWT is missing the sub claim");
+  }
+  return payload;
+}
+// src/middleware.ts
+var MANAGED_HEADERS = [
+  "x-agentpass-verified",
+  "x-agentpass-sub",
+  "x-agentpass-claims"
+];
+function createAgentPassMiddleware(options = {}) {
+  const {
+    jwksUrl,
+    blockUnauthorizedAgents = true,
+    clockTolerance = 30,
+    onUnauthorizedAgent
+  } = options;
+  return async function agentPassMiddleware(request) {
+    const requestHeaders = new Headers(request.headers);
+    for (const name of MANAGED_HEADERS) {
+      requestHeaders.delete(name);
+    }
+    if (!isAgentRequest(requestHeaders)) {
+      return import_server.NextResponse.next({ request: { headers: requestHeaders } });
+    }
+    const token = extractToken(requestHeaders);
+    if (!token) {
+      return unauthorized(
+        request,
+        requestHeaders,
+        'Agent request missing AgentPass token. Provide "Authorization: Bearer <token>".',
+        blockUnauthorizedAgents,
+        onUnauthorizedAgent
+      );
+    }
+    let claims;
+    try {
+      claims = await verifyAgentPassToken(token, {
+        ...jwksUrl !== void 0 && { jwksUrl },
+        clockTolerance
+      });
+    } catch (err) {
+      console.warn(
+        "[agent-id] Token verification failed:",
+        err instanceof Error ? err.message : String(err)
+      );
+      return unauthorized(
+        request,
+        requestHeaders,
+        "Invalid or expired AgentPass token.",
+        blockUnauthorizedAgents,
+        onUnauthorizedAgent
+      );
+    }
+    requestHeaders.set("x-agentpass-verified", "true");
+    requestHeaders.set("x-agentpass-sub", claims.sub);
+    requestHeaders.set("x-agentpass-claims", JSON.stringify(claims));
+    return import_server.NextResponse.next({ request: { headers: requestHeaders } });
+  };
+}
+function unauthorized(request, requestHeaders, message, block, onUnauthorized) {
+  if (onUnauthorized) {
+    const custom = onUnauthorized(request, message);
+    if (custom) return custom;
+  }
+  if (block) {
+    return import_server.NextResponse.json(
+      { error: "AGENT_UNAUTHORIZED", message },
+      { status: 403 }
+    );
+  }
+  requestHeaders.set("x-agentpass-verified", "false");
+  return import_server.NextResponse.next({ request: { headers: requestHeaders } });
+}
+// src/index.ts
+function getAgentPassResult(request) {
+  const verified = request.headers.get("x-agentpass-verified");
+  if (verified !== "true") {
+    return {
+      verified: false,
+      reason: verified === "false" ? "no_token" : "not_agent"
+    };
+  }
+  const claimsJson = request.headers.get("x-agentpass-claims");
+  if (!claimsJson) {
+    return { verified: false, reason: "invalid_token" };
+  }
+  try {
+    const claims = JSON.parse(claimsJson);
+    return { verified: true, claims };
+  } catch {
+    return { verified: false, reason: "invalid_token" };
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createAgentPassMiddleware,
+  extractToken,
+  getAgentPassResult,
+  isAgentRequest,
+  verifyAgentPassToken
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts","../src/middleware.ts","../src/detect.ts","../src/verify.ts"],"sourcesContent":["export { createAgentPassMiddleware } from \"./middleware.js\";\nexport type { AgentPassMiddlewareOptions } from \"./middleware.js\";\n\nexport { verifyAgentPassToken } from \"./verify.js\";\nexport type { VerifyTokenOptions } from \"./verify.js\";\n\nexport { isAgentRequest, extractToken } from \"./detect.js\";\n\nexport type {\n AgentPassClaims,\n AgentPassResult,\n AgentPassVerified,\n AgentPassUnverified,\n VerifierOptions,\n} from \"./types.js\";\n\n// ── App Router helper ────────────────────────────────────────────────────────\n\nimport type { NextRequest } from \"next/server\";\nimport type { AgentPassResult, AgentPassClaims } from \"./types.js\";\n\n/**\n * Extract the verified AgentPass identity from a Next.js App Router request.\n *\n * This function reads the headers set by `createAgentPassMiddleware`. It must\n * only be called from route handlers that sit behind the middleware.\n *\n * @example\n * ```ts\n * // app/api/data/route.ts\n * import { getAgentPassResult } from '@agent-id/nextjs';\n *\n * export async function GET(request: NextRequest) {\n * const agentPass = getAgentPassResult(request);\n * if (!agentPass.verified) {\n * return Response.json({ error: 'Unauthorized' }, { status: 403 });\n * }\n * return Response.json({ sub: agentPass.claims.sub });\n * }\n * ```\n */\nexport function getAgentPassResult(request: NextRequest): AgentPassResult {\n const verified = request.headers.get(\"x-agentpass-verified\");\n\n if (verified !== \"true\") {\n return {\n verified: false,\n reason: verified === \"false\" ? \"no_token\" : \"not_agent\",\n };\n }\n\n const claimsJson = request.headers.get(\"x-agentpass-claims\");\n if (!claimsJson) {\n return { verified: false, reason: \"invalid_token\" };\n }\n\n try {\n const claims = JSON.parse(claimsJson) as AgentPassClaims;\n return { verified: true, claims };\n } catch {\n return { verified: false, reason: \"invalid_token\" };\n }\n}\n","import { NextRequest, NextResponse } from \"next/server\";\nimport { isAgentRequest, extractToken } from \"./detect.js\";\nimport { verifyAgentPassToken } from \"./verify.js\";\nimport type { VerifierOptions, AgentPassClaims } from \"./types.js\";\n\nexport type AgentPassMiddlewareOptions = VerifierOptions & {\n /**\n * Optional callback invoked when an agent is detected but carries no\n * valid token. Return a `NextResponse` to override the default 403.\n */\n onUnauthorizedAgent?: (\n request: NextRequest,\n reason: string\n ) => NextResponse | void;\n};\n\n/**\n * Headers injected by this middleware into downstream route handlers.\n * They are stripped from the *incoming* request first to prevent spoofing.\n */\nconst MANAGED_HEADERS = [\n \"x-agentpass-verified\",\n \"x-agentpass-sub\",\n \"x-agentpass-claims\",\n] as const;\n\n/**\n * Factory that returns a Next.js middleware function which detects AI-agent\n * traffic and enforces AgentPass JWT authentication.\n *\n * @example\n * ```ts\n * // middleware.ts (project root)\n * import { createAgentPassMiddleware } from '@agent-id/nextjs';\n *\n * const agentPass = createAgentPassMiddleware({\n * blockUnauthorizedAgents: true,\n * });\n *\n * export function middleware(request: NextRequest) {\n * return agentPass(request);\n * }\n *\n * export const config = { matcher: '/api/:path*' };\n * ```\n */\nexport function createAgentPassMiddleware(\n options: AgentPassMiddlewareOptions = {}\n) {\n const {\n jwksUrl,\n blockUnauthorizedAgents = true,\n clockTolerance = 30,\n onUnauthorizedAgent,\n } = options;\n\n return async function agentPassMiddleware(\n request: NextRequest\n ): Promise<NextResponse> {\n // Clone incoming headers so we can safely mutate them.\n const requestHeaders = new Headers(request.headers);\n\n // ── Security: strip client-supplied AgentPass headers ──────────────────\n // Without this, a malicious agent could send x-agentpass-verified: true\n // and bypass the check in route handlers.\n for (const name of MANAGED_HEADERS) {\n requestHeaders.delete(name);\n }\n\n // ── Non-agent traffic ──────────────────────────────────────────────────\n if (!isAgentRequest(requestHeaders)) {\n return NextResponse.next({ request: { headers: requestHeaders } });\n }\n\n // ── Agent detected — require a valid JWT ───────────────────────────────\n const token = extractToken(requestHeaders);\n\n if (!token) {\n return unauthorized(\n request,\n requestHeaders,\n 'Agent request missing AgentPass token. Provide \"Authorization: Bearer <token>\".',\n blockUnauthorizedAgents,\n onUnauthorizedAgent\n );\n }\n\n // ── Verify the JWT ─────────────────────────────────────────────────────\n let claims: AgentPassClaims;\n try {\n claims = await verifyAgentPassToken(token, {\n ...(jwksUrl !== undefined && { jwksUrl }),\n clockTolerance,\n });\n } catch (err) {\n // Never surface the raw error to the caller — it might leak internals.\n console.warn(\n \"[agent-id] Token verification failed:\",\n err instanceof Error ? err.message : String(err)\n );\n return unauthorized(\n request,\n requestHeaders,\n \"Invalid or expired AgentPass token.\",\n blockUnauthorizedAgents,\n onUnauthorizedAgent\n );\n }\n\n // ── Verified — inject identity into request headers ────────────────────\n // Route handlers read these via getAgentPassResult(request).\n requestHeaders.set(\"x-agentpass-verified\", \"true\");\n requestHeaders.set(\"x-agentpass-sub\", claims.sub);\n // Full claims encoded as JSON for type-safe extraction by helpers.\n requestHeaders.set(\"x-agentpass-claims\", JSON.stringify(claims));\n\n return NextResponse.next({ request: { headers: requestHeaders } });\n };\n}\n\n// ── Internal helper ──────────────────────────────────────────────────────────\n\nfunction unauthorized(\n request: NextRequest,\n requestHeaders: Headers,\n message: string,\n block: boolean,\n onUnauthorized: AgentPassMiddlewareOptions[\"onUnauthorizedAgent\"]\n): NextResponse {\n if (onUnauthorized) {\n const custom = onUnauthorized(request, message);\n if (custom) return custom;\n }\n\n if (block) {\n return NextResponse.json(\n { error: \"AGENT_UNAUTHORIZED\", message },\n { status: 403 }\n );\n }\n\n // Pass through with a \"not verified\" marker so route handlers can still\n // distinguish agent traffic from human traffic.\n requestHeaders.set(\"x-agentpass-verified\", \"false\");\n return NextResponse.next({ request: { headers: requestHeaders } });\n}\n","/**\n * Bot / AI-agent detection for Next.js (Edge Runtime compatible).\n *\n * Uses layered heuristics:\n * 1. Explicit bot / AI-agent User-Agent strings\n * 2. Cloudflare Bot Management score (if header is present)\n * 3. Absence of browser signals (no Accept-Language + non-browser UA)\n *\n * The detector is intentionally conservative — when in doubt it lets the\n * request through (fail open). A false negative (undetected bot) means the\n * request passes without a JWT check. A false positive (human flagged as bot)\n * would block legitimate traffic, which is much worse.\n */\n\nconst BOT_UA_PATTERNS: RegExp[] = [\n // OpenAI\n /GPTBot/i,\n /ChatGPT-User/i,\n /OAI-SearchBot/i,\n // Anthropic / Claude\n /ClaudeBot/i,\n /Claude-Web/i,\n /anthropic-ai/i,\n // Google\n /Googlebot/i,\n /Google-Extended/i,\n /AdsBot-Google/i,\n // Microsoft / Bing\n /bingbot/i,\n /msnbot/i,\n // AI search engines\n /PerplexityBot/i,\n /YouBot/i,\n // Common HTTP automation libraries\n /python-requests/i,\n /node-fetch/i,\n /\\baxios\\b/i,\n /\\bgot\\b\\//i,\n /\\bundici\\b/i,\n /\\bcurl\\b/i,\n /\\bwget\\b/i,\n /\\bhttpie\\b/i,\n // Generic crawler signals (word-boundary matched to reduce false positives)\n /\\bbot\\b/i,\n /\\bcrawler\\b/i,\n /\\bspider\\b/i,\n /\\bscraper\\b/i,\n /\\bfetcher\\b/i,\n // MCP / AgentPass clients\n /mcp-client/i,\n /agentpass-client/i,\n];\n\n// Every major browser includes \"Mozilla/5.0\" — its absence is a strong signal\nconst BROWSER_UA_RE = /Mozilla\\/5\\.0/i;\n\n/**\n * Returns `true` if the request appears to originate from an automated\n * agent or bot rather than a human browser.\n *\n * @param headers - The `Headers` object from a Next.js `NextRequest`\n */\nexport function isAgentRequest(headers: Headers): boolean {\n const ua = headers.get(\"user-agent\") ?? \"\";\n\n // No User-Agent → definitely automated\n if (!ua) return true;\n\n // Explicit bot / agent UA match\n if (BOT_UA_PATTERNS.some((p) => p.test(ua))) return true;\n\n // Cloudflare Bot Management: the `cf-bot-management` header contains a\n // JSON blob with a `score` field (0–100). Score < 30 → highly likely bot.\n const cfRaw = headers.get(\"cf-bot-management\");\n if (cfRaw) {\n try {\n const parsed = JSON.parse(cfRaw) as { score?: unknown };\n if (typeof parsed.score === \"number\" && parsed.score < 30) return true;\n } catch {\n // Malformed header — fail open (pass through)\n }\n }\n\n // Heuristic: non-browser UA + no Accept-Language → likely automated\n if (!BROWSER_UA_RE.test(ua) && !headers.get(\"accept-language\")) return true;\n\n return false;\n}\n\n/**\n * Extract the AgentPass JWT from request headers.\n *\n * Checks in order:\n * 1. `Authorization: Bearer <token>` (preferred)\n * 2. `X-AgentPass-Token` (fallback when Authorization is stripped by proxies)\n *\n * @returns The raw JWT string, or `null` if absent.\n */\nexport function extractToken(headers: Headers): string | null {\n // Primary: standard Authorization header\n const auth = headers.get(\"authorization\") ?? \"\";\n if (auth.startsWith(\"Bearer \")) {\n const token = auth.slice(7).trim();\n if (token) return token;\n }\n\n // Fallback: custom header\n const custom = headers.get(\"x-agentpass-token\")?.trim();\n if (custom) return custom;\n\n return null;\n}\n","import { createRemoteJWKSet, jwtVerify } from \"jose\";\nimport type { AgentPassClaims } from \"./types.js\";\n\nconst DEFAULT_JWKS_URL = \"https://agentpass.vercel.app/api/jwks\";\n\n/**\n * Module-level JWKS cache — one RemoteJWKSet instance per unique URL.\n * jose caches the fetched key material internally; re-fetches when the\n * cache TTL (1 h) expires or a new `kid` is seen.\n */\nconst jwksSets = new Map<string, ReturnType<typeof createRemoteJWKSet>>();\n\nfunction getJwks(rawUrl: string): ReturnType<typeof createRemoteJWKSet> {\n if (!jwksSets.has(rawUrl)) {\n const url = new URL(rawUrl); // throws on malformed URL\n\n // Security: HTTPS is mandatory to prevent MITM on the public-key fetch.\n // Localhost is whitelisted for local development / CI.\n const isLocal =\n url.hostname === \"localhost\" ||\n url.hostname === \"127.0.0.1\" ||\n url.hostname === \"::1\";\n\n if (url.protocol !== \"https:\" && !isLocal) {\n throw new Error(\n `[agent-id] jwksUrl must use HTTPS, received: ${rawUrl}`\n );\n }\n\n jwksSets.set(\n rawUrl,\n createRemoteJWKSet(url, {\n cacheMaxAge: 60 * 60 * 1_000, // 1 hour in ms\n })\n );\n }\n\n return jwksSets.get(rawUrl)!;\n}\n\nexport interface VerifyTokenOptions {\n jwksUrl?: string;\n clockTolerance?: number;\n}\n\n/**\n * Verify an AgentPass JWT and return its decoded claims.\n *\n * Security guarantees\n * ───────────────────\n * • Signature — RS256, verified against the live JWKS public key.\n * • Algorithm — strict allowlist `['RS256']`; alg:none and HS256 are\n * rejected before signature verification even begins.\n * • Issuer — must be exactly \"agentpass\".\n * • Expiry — enforced; configurable clock tolerance (default 30 s).\n * • kid — jose matches the JWT `kid` header to the JWKS automatically.\n * • auth_method — validated at runtime; must equal \"bankid\".\n *\n * @throws if the token is invalid, expired, or fails any check.\n */\nexport async function verifyAgentPassToken(\n token: string,\n options: VerifyTokenOptions = {}\n): Promise<AgentPassClaims> {\n const jwksUrl = options.jwksUrl ?? DEFAULT_JWKS_URL;\n const JWKS = getJwks(jwksUrl);\n\n const { payload } = await jwtVerify(token, JWKS, {\n issuer: \"agentpass\",\n // ↓ Critical — explicit allowlist prevents algorithm-confusion attacks.\n // Any token claiming alg:\"none\", alg:\"HS256\", or anything else is\n // rejected before signature verification.\n algorithms: [\"RS256\"],\n clockTolerance: options.clockTolerance ?? 30,\n });\n\n // Runtime validation of AgentPass-specific claims.\n if (payload.auth_method !== \"bankid\") {\n throw new Error(\n `[agent-id] JWT has invalid auth_method: expected \"bankid\", got \"${\n payload.auth_method ?? \"undefined\"\n }\"`\n );\n }\n if (typeof payload.sub !== \"string\" || payload.sub.length === 0) {\n throw new Error(\"[agent-id] JWT is missing the sub claim\");\n }\n\n return payload as unknown as AgentPassClaims;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,oBAA0C;;;ACc1C,IAAM,kBAA4B;AAAA;AAAA,EAEhC;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AACF;AAGA,IAAM,gBAAgB;AAQf,SAAS,eAAe,SAA2B;AACxD,QAAM,KAAK,QAAQ,IAAI,YAAY,KAAK;AAGxC,MAAI,CAAC,GAAI,QAAO;AAGhB,MAAI,gBAAgB,KAAK,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,EAAG,QAAO;AAIpD,QAAM,QAAQ,QAAQ,IAAI,mBAAmB;AAC7C,MAAI,OAAO;AACT,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,KAAK;AAC/B,UAAI,OAAO,OAAO,UAAU,YAAY,OAAO,QAAQ,GAAI,QAAO;AAAA,IACpE,QAAQ;AAAA,IAER;AAAA,EACF;AAGA,MAAI,CAAC,cAAc,KAAK,EAAE,KAAK,CAAC,QAAQ,IAAI,iBAAiB,EAAG,QAAO;AAEvE,SAAO;AACT;AAWO,SAAS,aAAa,SAAiC;AAE5D,QAAM,OAAO,QAAQ,IAAI,eAAe,KAAK;AAC7C,MAAI,KAAK,WAAW,SAAS,GAAG;AAC9B,UAAM,QAAQ,KAAK,MAAM,CAAC,EAAE,KAAK;AACjC,QAAI,MAAO,QAAO;AAAA,EACpB;AAGA,QAAM,SAAS,QAAQ,IAAI,mBAAmB,GAAG,KAAK;AACtD,MAAI,OAAQ,QAAO;AAEnB,SAAO;AACT;;;AC/GA,kBAA8C;AAG9C,IAAM,mBAAmB;AAOzB,IAAM,WAAW,oBAAI,IAAmD;AAExE,SAAS,QAAQ,QAAuD;AACtE,MAAI,CAAC,SAAS,IAAI,MAAM,GAAG;AACzB,UAAM,MAAM,IAAI,IAAI,MAAM;AAI1B,UAAM,UACJ,IAAI,aAAa,eACjB,IAAI,aAAa,eACjB,IAAI,aAAa;AAEnB,QAAI,IAAI,aAAa,YAAY,CAAC,SAAS;AACzC,YAAM,IAAI;AAAA,QACR,gDAAgD,MAAM;AAAA,MACxD;AAAA,IACF;AAEA,aAAS;AAAA,MACP;AAAA,UACA,gCAAmB,KAAK;AAAA,QACtB,aAAa,KAAK,KAAK;AAAA;AAAA,MACzB,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO,SAAS,IAAI,MAAM;AAC5B;AAsBA,eAAsB,qBACpB,OACA,UAA8B,CAAC,GACL;AAC1B,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,OAAO,QAAQ,OAAO;AAE5B,QAAM,EAAE,QAAQ,IAAI,UAAM,uBAAU,OAAO,MAAM;AAAA,IAC/C,QAAQ;AAAA;AAAA;AAAA;AAAA,IAIR,YAAY,CAAC,OAAO;AAAA,IACpB,gBAAgB,QAAQ,kBAAkB;AAAA,EAC5C,CAAC;AAGD,MAAI,QAAQ,gBAAgB,UAAU;AACpC,UAAM,IAAI;AAAA,MACR,mEACE,QAAQ,eAAe,WACzB;AAAA,IACF;AAAA,EACF;AACA,MAAI,OAAO,QAAQ,QAAQ,YAAY,QAAQ,IAAI,WAAW,GAAG;AAC/D,UAAM,IAAI,MAAM,yCAAyC;AAAA,EAC3D;AAEA,SAAO;AACT;;;AFrEA,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AACF;AAsBO,SAAS,0BACd,UAAsC,CAAC,GACvC;AACA,QAAM;AAAA,IACJ;AAAA,IACA,0BAA0B;AAAA,IAC1B,iBAAiB;AAAA,IACjB;AAAA,EACF,IAAI;AAEJ,SAAO,eAAe,oBACpB,SACuB;AAEvB,UAAM,iBAAiB,IAAI,QAAQ,QAAQ,OAAO;AAKlD,eAAW,QAAQ,iBAAiB;AAClC,qBAAe,OAAO,IAAI;AAAA,IAC5B;AAGA,QAAI,CAAC,eAAe,cAAc,GAAG;AACnC,aAAO,2BAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AAAA,IACnE;AAGA,UAAM,QAAQ,aAAa,cAAc;AAEzC,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAGA,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,qBAAqB,OAAO;AAAA,QACzC,GAAI,YAAY,UAAa,EAAE,QAAQ;AAAA,QACvC;AAAA,MACF,CAAC;AAAA,IACH,SAAS,KAAK;AAEZ,cAAQ;AAAA,QACN;AAAA,QACA,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,MACjD;AACA,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAIA,mBAAe,IAAI,wBAAwB,MAAM;AACjD,mBAAe,IAAI,mBAAmB,OAAO,GAAG;AAEhD,mBAAe,IAAI,sBAAsB,KAAK,UAAU,MAAM,CAAC;AAE/D,WAAO,2BAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AAAA,EACnE;AACF;AAIA,SAAS,aACP,SACA,gBACA,SACA,OACA,gBACc;AACd,MAAI,gBAAgB;AAClB,UAAM,SAAS,eAAe,SAAS,OAAO;AAC9C,QAAI,OAAQ,QAAO;AAAA,EACrB;AAEA,MAAI,OAAO;AACT,WAAO,2BAAa;AAAA,MAClB,EAAE,OAAO,sBAAsB,QAAQ;AAAA,MACvC,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAIA,iBAAe,IAAI,wBAAwB,OAAO;AAClD,SAAO,2BAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AACnE;;;ADxGO,SAAS,mBAAmB,SAAuC;AACxE,QAAM,WAAW,QAAQ,QAAQ,IAAI,sBAAsB;AAE3D,MAAI,aAAa,QAAQ;AACvB,WAAO;AAAA,MACL,UAAU;AAAA,MACV,QAAQ,aAAa,UAAU,aAAa;AAAA,IAC9C;AAAA,EACF;AAEA,QAAM,aAAa,QAAQ,QAAQ,IAAI,oBAAoB;AAC3D,MAAI,CAAC,YAAY;AACf,WAAO,EAAE,UAAU,OAAO,QAAQ,gBAAgB;AAAA,EACpD;AAEA,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,UAAU;AACpC,WAAO,EAAE,UAAU,MAAM,OAAO;AAAA,EAClC,QAAQ;AACN,WAAO,EAAE,UAAU,OAAO,QAAQ,gBAAgB;AAAA,EACpD;AACF;","names":[]}

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,213 @@
+// src/middleware.ts
+import { NextResponse } from "next/server";
+// src/detect.ts
+var BOT_UA_PATTERNS = [
+  // OpenAI
+  /GPTBot/i,
+  /ChatGPT-User/i,
+  /OAI-SearchBot/i,
+  // Anthropic / Claude
+  /ClaudeBot/i,
+  /Claude-Web/i,
+  /anthropic-ai/i,
+  // Google
+  /Googlebot/i,
+  /Google-Extended/i,
+  /AdsBot-Google/i,
+  // Microsoft / Bing
+  /bingbot/i,
+  /msnbot/i,
+  // AI search engines
+  /PerplexityBot/i,
+  /YouBot/i,
+  // Common HTTP automation libraries
+  /python-requests/i,
+  /node-fetch/i,
+  /\baxios\b/i,
+  /\bgot\b\//i,
+  /\bundici\b/i,
+  /\bcurl\b/i,
+  /\bwget\b/i,
+  /\bhttpie\b/i,
+  // Generic crawler signals (word-boundary matched to reduce false positives)
+  /\bbot\b/i,
+  /\bcrawler\b/i,
+  /\bspider\b/i,
+  /\bscraper\b/i,
+  /\bfetcher\b/i,
+  // MCP / AgentPass clients
+  /mcp-client/i,
+  /agentpass-client/i
+];
+var BROWSER_UA_RE = /Mozilla\/5\.0/i;
+function isAgentRequest(headers) {
+  const ua = headers.get("user-agent") ?? "";
+  if (!ua) return true;
+  if (BOT_UA_PATTERNS.some((p) => p.test(ua))) return true;
+  const cfRaw = headers.get("cf-bot-management");
+  if (cfRaw) {
+    try {
+      const parsed = JSON.parse(cfRaw);
+      if (typeof parsed.score === "number" && parsed.score < 30) return true;
+    } catch {
+    }
+  }
+  if (!BROWSER_UA_RE.test(ua) && !headers.get("accept-language")) return true;
+  return false;
+}
+function extractToken(headers) {
+  const auth = headers.get("authorization") ?? "";
+  if (auth.startsWith("Bearer ")) {
+    const token = auth.slice(7).trim();
+    if (token) return token;
+  }
+  const custom = headers.get("x-agentpass-token")?.trim();
+  if (custom) return custom;
+  return null;
+}
+// src/verify.ts
+import { createRemoteJWKSet, jwtVerify } from "jose";
+var DEFAULT_JWKS_URL = "https://agentpass.vercel.app/api/jwks";
+var jwksSets = /* @__PURE__ */ new Map();
+function getJwks(rawUrl) {
+  if (!jwksSets.has(rawUrl)) {
+    const url = new URL(rawUrl);
+    const isLocal = url.hostname === "localhost" || url.hostname === "127.0.0.1" || url.hostname === "::1";
+    if (url.protocol !== "https:" && !isLocal) {
+      throw new Error(
+        `[agent-id] jwksUrl must use HTTPS, received: ${rawUrl}`
+      );
+    }
+    jwksSets.set(
+      rawUrl,
+      createRemoteJWKSet(url, {
+        cacheMaxAge: 60 * 60 * 1e3
+        // 1 hour in ms
+      })
+    );
+  }
+  return jwksSets.get(rawUrl);
+}
+async function verifyAgentPassToken(token, options = {}) {
+  const jwksUrl = options.jwksUrl ?? DEFAULT_JWKS_URL;
+  const JWKS = getJwks(jwksUrl);
+  const { payload } = await jwtVerify(token, JWKS, {
+    issuer: "agentpass",
+    // ↓ Critical — explicit allowlist prevents algorithm-confusion attacks.
+    //   Any token claiming alg:"none", alg:"HS256", or anything else is
+    //   rejected before signature verification.
+    algorithms: ["RS256"],
+    clockTolerance: options.clockTolerance ?? 30
+  });
+  if (payload.auth_method !== "bankid") {
+    throw new Error(
+      `[agent-id] JWT has invalid auth_method: expected "bankid", got "${payload.auth_method ?? "undefined"}"`
+    );
+  }
+  if (typeof payload.sub !== "string" || payload.sub.length === 0) {
+    throw new Error("[agent-id] JWT is missing the sub claim");
+  }
+  return payload;
+}
+// src/middleware.ts
+var MANAGED_HEADERS = [
+  "x-agentpass-verified",
+  "x-agentpass-sub",
+  "x-agentpass-claims"
+];
+function createAgentPassMiddleware(options = {}) {
+  const {
+    jwksUrl,
+    blockUnauthorizedAgents = true,
+    clockTolerance = 30,
+    onUnauthorizedAgent
+  } = options;
+  return async function agentPassMiddleware(request) {
+    const requestHeaders = new Headers(request.headers);
+    for (const name of MANAGED_HEADERS) {
+      requestHeaders.delete(name);
+    }
+    if (!isAgentRequest(requestHeaders)) {
+      return NextResponse.next({ request: { headers: requestHeaders } });
+    }
+    const token = extractToken(requestHeaders);
+    if (!token) {
+      return unauthorized(
+        request,
+        requestHeaders,
+        'Agent request missing AgentPass token. Provide "Authorization: Bearer <token>".',
+        blockUnauthorizedAgents,
+        onUnauthorizedAgent
+      );
+    }
+    let claims;
+    try {
+      claims = await verifyAgentPassToken(token, {
+        ...jwksUrl !== void 0 && { jwksUrl },
+        clockTolerance
+      });
+    } catch (err) {
+      console.warn(
+        "[agent-id] Token verification failed:",
+        err instanceof Error ? err.message : String(err)
+      );
+      return unauthorized(
+        request,
+        requestHeaders,
+        "Invalid or expired AgentPass token.",
+        blockUnauthorizedAgents,
+        onUnauthorizedAgent
+      );
+    }
+    requestHeaders.set("x-agentpass-verified", "true");
+    requestHeaders.set("x-agentpass-sub", claims.sub);
+    requestHeaders.set("x-agentpass-claims", JSON.stringify(claims));
+    return NextResponse.next({ request: { headers: requestHeaders } });
+  };
+}
+function unauthorized(request, requestHeaders, message, block, onUnauthorized) {
+  if (onUnauthorized) {
+    const custom = onUnauthorized(request, message);
+    if (custom) return custom;
+  }
+  if (block) {
+    return NextResponse.json(
+      { error: "AGENT_UNAUTHORIZED", message },
+      { status: 403 }
+    );
+  }
+  requestHeaders.set("x-agentpass-verified", "false");
+  return NextResponse.next({ request: { headers: requestHeaders } });
+}
+// src/index.ts
+function getAgentPassResult(request) {
+  const verified = request.headers.get("x-agentpass-verified");
+  if (verified !== "true") {
+    return {
+      verified: false,
+      reason: verified === "false" ? "no_token" : "not_agent"
+    };
+  }
+  const claimsJson = request.headers.get("x-agentpass-claims");
+  if (!claimsJson) {
+    return { verified: false, reason: "invalid_token" };
+  }
+  try {
+    const claims = JSON.parse(claimsJson);
+    return { verified: true, claims };
+  } catch {
+    return { verified: false, reason: "invalid_token" };
+  }
+}
+export {
+  createAgentPassMiddleware,
+  extractToken,
+  getAgentPassResult,
+  isAgentRequest,
+  verifyAgentPassToken
+};
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/middleware.ts","../src/detect.ts","../src/verify.ts","../src/index.ts"],"sourcesContent":["import { NextRequest, NextResponse } from \"next/server\";\nimport { isAgentRequest, extractToken } from \"./detect.js\";\nimport { verifyAgentPassToken } from \"./verify.js\";\nimport type { VerifierOptions, AgentPassClaims } from \"./types.js\";\n\nexport type AgentPassMiddlewareOptions = VerifierOptions & {\n /**\n * Optional callback invoked when an agent is detected but carries no\n * valid token. Return a `NextResponse` to override the default 403.\n */\n onUnauthorizedAgent?: (\n request: NextRequest,\n reason: string\n ) => NextResponse | void;\n};\n\n/**\n * Headers injected by this middleware into downstream route handlers.\n * They are stripped from the *incoming* request first to prevent spoofing.\n */\nconst MANAGED_HEADERS = [\n \"x-agentpass-verified\",\n \"x-agentpass-sub\",\n \"x-agentpass-claims\",\n] as const;\n\n/**\n * Factory that returns a Next.js middleware function which detects AI-agent\n * traffic and enforces AgentPass JWT authentication.\n *\n * @example\n * ```ts\n * // middleware.ts (project root)\n * import { createAgentPassMiddleware } from '@agent-id/nextjs';\n *\n * const agentPass = createAgentPassMiddleware({\n * blockUnauthorizedAgents: true,\n * });\n *\n * export function middleware(request: NextRequest) {\n * return agentPass(request);\n * }\n *\n * export const config = { matcher: '/api/:path*' };\n * ```\n */\nexport function createAgentPassMiddleware(\n options: AgentPassMiddlewareOptions = {}\n) {\n const {\n jwksUrl,\n blockUnauthorizedAgents = true,\n clockTolerance = 30,\n onUnauthorizedAgent,\n } = options;\n\n return async function agentPassMiddleware(\n request: NextRequest\n ): Promise<NextResponse> {\n // Clone incoming headers so we can safely mutate them.\n const requestHeaders = new Headers(request.headers);\n\n // ── Security: strip client-supplied AgentPass headers ──────────────────\n // Without this, a malicious agent could send x-agentpass-verified: true\n // and bypass the check in route handlers.\n for (const name of MANAGED_HEADERS) {\n requestHeaders.delete(name);\n }\n\n // ── Non-agent traffic ──────────────────────────────────────────────────\n if (!isAgentRequest(requestHeaders)) {\n return NextResponse.next({ request: { headers: requestHeaders } });\n }\n\n // ── Agent detected — require a valid JWT ───────────────────────────────\n const token = extractToken(requestHeaders);\n\n if (!token) {\n return unauthorized(\n request,\n requestHeaders,\n 'Agent request missing AgentPass token. Provide \"Authorization: Bearer <token>\".',\n blockUnauthorizedAgents,\n onUnauthorizedAgent\n );\n }\n\n // ── Verify the JWT ─────────────────────────────────────────────────────\n let claims: AgentPassClaims;\n try {\n claims = await verifyAgentPassToken(token, {\n ...(jwksUrl !== undefined && { jwksUrl }),\n clockTolerance,\n });\n } catch (err) {\n // Never surface the raw error to the caller — it might leak internals.\n console.warn(\n \"[agent-id] Token verification failed:\",\n err instanceof Error ? err.message : String(err)\n );\n return unauthorized(\n request,\n requestHeaders,\n \"Invalid or expired AgentPass token.\",\n blockUnauthorizedAgents,\n onUnauthorizedAgent\n );\n }\n\n // ── Verified — inject identity into request headers ────────────────────\n // Route handlers read these via getAgentPassResult(request).\n requestHeaders.set(\"x-agentpass-verified\", \"true\");\n requestHeaders.set(\"x-agentpass-sub\", claims.sub);\n // Full claims encoded as JSON for type-safe extraction by helpers.\n requestHeaders.set(\"x-agentpass-claims\", JSON.stringify(claims));\n\n return NextResponse.next({ request: { headers: requestHeaders } });\n };\n}\n\n// ── Internal helper ──────────────────────────────────────────────────────────\n\nfunction unauthorized(\n request: NextRequest,\n requestHeaders: Headers,\n message: string,\n block: boolean,\n onUnauthorized: AgentPassMiddlewareOptions[\"onUnauthorizedAgent\"]\n): NextResponse {\n if (onUnauthorized) {\n const custom = onUnauthorized(request, message);\n if (custom) return custom;\n }\n\n if (block) {\n return NextResponse.json(\n { error: \"AGENT_UNAUTHORIZED\", message },\n { status: 403 }\n );\n }\n\n // Pass through with a \"not verified\" marker so route handlers can still\n // distinguish agent traffic from human traffic.\n requestHeaders.set(\"x-agentpass-verified\", \"false\");\n return NextResponse.next({ request: { headers: requestHeaders } });\n}\n","/**\n * Bot / AI-agent detection for Next.js (Edge Runtime compatible).\n *\n * Uses layered heuristics:\n * 1. Explicit bot / AI-agent User-Agent strings\n * 2. Cloudflare Bot Management score (if header is present)\n * 3. Absence of browser signals (no Accept-Language + non-browser UA)\n *\n * The detector is intentionally conservative — when in doubt it lets the\n * request through (fail open). A false negative (undetected bot) means the\n * request passes without a JWT check. A false positive (human flagged as bot)\n * would block legitimate traffic, which is much worse.\n */\n\nconst BOT_UA_PATTERNS: RegExp[] = [\n // OpenAI\n /GPTBot/i,\n /ChatGPT-User/i,\n /OAI-SearchBot/i,\n // Anthropic / Claude\n /ClaudeBot/i,\n /Claude-Web/i,\n /anthropic-ai/i,\n // Google\n /Googlebot/i,\n /Google-Extended/i,\n /AdsBot-Google/i,\n // Microsoft / Bing\n /bingbot/i,\n /msnbot/i,\n // AI search engines\n /PerplexityBot/i,\n /YouBot/i,\n // Common HTTP automation libraries\n /python-requests/i,\n /node-fetch/i,\n /\\baxios\\b/i,\n /\\bgot\\b\\//i,\n /\\bundici\\b/i,\n /\\bcurl\\b/i,\n /\\bwget\\b/i,\n /\\bhttpie\\b/i,\n // Generic crawler signals (word-boundary matched to reduce false positives)\n /\\bbot\\b/i,\n /\\bcrawler\\b/i,\n /\\bspider\\b/i,\n /\\bscraper\\b/i,\n /\\bfetcher\\b/i,\n // MCP / AgentPass clients\n /mcp-client/i,\n /agentpass-client/i,\n];\n\n// Every major browser includes \"Mozilla/5.0\" — its absence is a strong signal\nconst BROWSER_UA_RE = /Mozilla\\/5\\.0/i;\n\n/**\n * Returns `true` if the request appears to originate from an automated\n * agent or bot rather than a human browser.\n *\n * @param headers - The `Headers` object from a Next.js `NextRequest`\n */\nexport function isAgentRequest(headers: Headers): boolean {\n const ua = headers.get(\"user-agent\") ?? \"\";\n\n // No User-Agent → definitely automated\n if (!ua) return true;\n\n // Explicit bot / agent UA match\n if (BOT_UA_PATTERNS.some((p) => p.test(ua))) return true;\n\n // Cloudflare Bot Management: the `cf-bot-management` header contains a\n // JSON blob with a `score` field (0–100). Score < 30 → highly likely bot.\n const cfRaw = headers.get(\"cf-bot-management\");\n if (cfRaw) {\n try {\n const parsed = JSON.parse(cfRaw) as { score?: unknown };\n if (typeof parsed.score === \"number\" && parsed.score < 30) return true;\n } catch {\n // Malformed header — fail open (pass through)\n }\n }\n\n // Heuristic: non-browser UA + no Accept-Language → likely automated\n if (!BROWSER_UA_RE.test(ua) && !headers.get(\"accept-language\")) return true;\n\n return false;\n}\n\n/**\n * Extract the AgentPass JWT from request headers.\n *\n * Checks in order:\n * 1. `Authorization: Bearer <token>` (preferred)\n * 2. `X-AgentPass-Token` (fallback when Authorization is stripped by proxies)\n *\n * @returns The raw JWT string, or `null` if absent.\n */\nexport function extractToken(headers: Headers): string | null {\n // Primary: standard Authorization header\n const auth = headers.get(\"authorization\") ?? \"\";\n if (auth.startsWith(\"Bearer \")) {\n const token = auth.slice(7).trim();\n if (token) return token;\n }\n\n // Fallback: custom header\n const custom = headers.get(\"x-agentpass-token\")?.trim();\n if (custom) return custom;\n\n return null;\n}\n","import { createRemoteJWKSet, jwtVerify } from \"jose\";\nimport type { AgentPassClaims } from \"./types.js\";\n\nconst DEFAULT_JWKS_URL = \"https://agentpass.vercel.app/api/jwks\";\n\n/**\n * Module-level JWKS cache — one RemoteJWKSet instance per unique URL.\n * jose caches the fetched key material internally; re-fetches when the\n * cache TTL (1 h) expires or a new `kid` is seen.\n */\nconst jwksSets = new Map<string, ReturnType<typeof createRemoteJWKSet>>();\n\nfunction getJwks(rawUrl: string): ReturnType<typeof createRemoteJWKSet> {\n if (!jwksSets.has(rawUrl)) {\n const url = new URL(rawUrl); // throws on malformed URL\n\n // Security: HTTPS is mandatory to prevent MITM on the public-key fetch.\n // Localhost is whitelisted for local development / CI.\n const isLocal =\n url.hostname === \"localhost\" ||\n url.hostname === \"127.0.0.1\" ||\n url.hostname === \"::1\";\n\n if (url.protocol !== \"https:\" && !isLocal) {\n throw new Error(\n `[agent-id] jwksUrl must use HTTPS, received: ${rawUrl}`\n );\n }\n\n jwksSets.set(\n rawUrl,\n createRemoteJWKSet(url, {\n cacheMaxAge: 60 * 60 * 1_000, // 1 hour in ms\n })\n );\n }\n\n return jwksSets.get(rawUrl)!;\n}\n\nexport interface VerifyTokenOptions {\n jwksUrl?: string;\n clockTolerance?: number;\n}\n\n/**\n * Verify an AgentPass JWT and return its decoded claims.\n *\n * Security guarantees\n * ───────────────────\n * • Signature — RS256, verified against the live JWKS public key.\n * • Algorithm — strict allowlist `['RS256']`; alg:none and HS256 are\n * rejected before signature verification even begins.\n * • Issuer — must be exactly \"agentpass\".\n * • Expiry — enforced; configurable clock tolerance (default 30 s).\n * • kid — jose matches the JWT `kid` header to the JWKS automatically.\n * • auth_method — validated at runtime; must equal \"bankid\".\n *\n * @throws if the token is invalid, expired, or fails any check.\n */\nexport async function verifyAgentPassToken(\n token: string,\n options: VerifyTokenOptions = {}\n): Promise<AgentPassClaims> {\n const jwksUrl = options.jwksUrl ?? DEFAULT_JWKS_URL;\n const JWKS = getJwks(jwksUrl);\n\n const { payload } = await jwtVerify(token, JWKS, {\n issuer: \"agentpass\",\n // ↓ Critical — explicit allowlist prevents algorithm-confusion attacks.\n // Any token claiming alg:\"none\", alg:\"HS256\", or anything else is\n // rejected before signature verification.\n algorithms: [\"RS256\"],\n clockTolerance: options.clockTolerance ?? 30,\n });\n\n // Runtime validation of AgentPass-specific claims.\n if (payload.auth_method !== \"bankid\") {\n throw new Error(\n `[agent-id] JWT has invalid auth_method: expected \"bankid\", got \"${\n payload.auth_method ?? \"undefined\"\n }\"`\n );\n }\n if (typeof payload.sub !== \"string\" || payload.sub.length === 0) {\n throw new Error(\"[agent-id] JWT is missing the sub claim\");\n }\n\n return payload as unknown as AgentPassClaims;\n}\n","export { createAgentPassMiddleware } from \"./middleware.js\";\nexport type { AgentPassMiddlewareOptions } from \"./middleware.js\";\n\nexport { verifyAgentPassToken } from \"./verify.js\";\nexport type { VerifyTokenOptions } from \"./verify.js\";\n\nexport { isAgentRequest, extractToken } from \"./detect.js\";\n\nexport type {\n AgentPassClaims,\n AgentPassResult,\n AgentPassVerified,\n AgentPassUnverified,\n VerifierOptions,\n} from \"./types.js\";\n\n// ── App Router helper ────────────────────────────────────────────────────────\n\nimport type { NextRequest } from \"next/server\";\nimport type { AgentPassResult, AgentPassClaims } from \"./types.js\";\n\n/**\n * Extract the verified AgentPass identity from a Next.js App Router request.\n *\n * This function reads the headers set by `createAgentPassMiddleware`. It must\n * only be called from route handlers that sit behind the middleware.\n *\n * @example\n * ```ts\n * // app/api/data/route.ts\n * import { getAgentPassResult } from '@agent-id/nextjs';\n *\n * export async function GET(request: NextRequest) {\n * const agentPass = getAgentPassResult(request);\n * if (!agentPass.verified) {\n * return Response.json({ error: 'Unauthorized' }, { status: 403 });\n * }\n * return Response.json({ sub: agentPass.claims.sub });\n * }\n * ```\n */\nexport function getAgentPassResult(request: NextRequest): AgentPassResult {\n const verified = request.headers.get(\"x-agentpass-verified\");\n\n if (verified !== \"true\") {\n return {\n verified: false,\n reason: verified === \"false\" ? \"no_token\" : \"not_agent\",\n };\n }\n\n const claimsJson = request.headers.get(\"x-agentpass-claims\");\n if (!claimsJson) {\n return { verified: false, reason: \"invalid_token\" };\n }\n\n try {\n const claims = JSON.parse(claimsJson) as AgentPassClaims;\n return { verified: true, claims };\n } catch {\n return { verified: false, reason: \"invalid_token\" };\n }\n}\n"],"mappings":";AAAA,SAAsB,oBAAoB;;;ACc1C,IAAM,kBAA4B;AAAA;AAAA,EAEhC;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AACF;AAGA,IAAM,gBAAgB;AAQf,SAAS,eAAe,SAA2B;AACxD,QAAM,KAAK,QAAQ,IAAI,YAAY,KAAK;AAGxC,MAAI,CAAC,GAAI,QAAO;AAGhB,MAAI,gBAAgB,KAAK,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,EAAG,QAAO;AAIpD,QAAM,QAAQ,QAAQ,IAAI,mBAAmB;AAC7C,MAAI,OAAO;AACT,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,KAAK;AAC/B,UAAI,OAAO,OAAO,UAAU,YAAY,OAAO,QAAQ,GAAI,QAAO;AAAA,IACpE,QAAQ;AAAA,IAER;AAAA,EACF;AAGA,MAAI,CAAC,cAAc,KAAK,EAAE,KAAK,CAAC,QAAQ,IAAI,iBAAiB,EAAG,QAAO;AAEvE,SAAO;AACT;AAWO,SAAS,aAAa,SAAiC;AAE5D,QAAM,OAAO,QAAQ,IAAI,eAAe,KAAK;AAC7C,MAAI,KAAK,WAAW,SAAS,GAAG;AAC9B,UAAM,QAAQ,KAAK,MAAM,CAAC,EAAE,KAAK;AACjC,QAAI,MAAO,QAAO;AAAA,EACpB;AAGA,QAAM,SAAS,QAAQ,IAAI,mBAAmB,GAAG,KAAK;AACtD,MAAI,OAAQ,QAAO;AAEnB,SAAO;AACT;;;AC/GA,SAAS,oBAAoB,iBAAiB;AAG9C,IAAM,mBAAmB;AAOzB,IAAM,WAAW,oBAAI,IAAmD;AAExE,SAAS,QAAQ,QAAuD;AACtE,MAAI,CAAC,SAAS,IAAI,MAAM,GAAG;AACzB,UAAM,MAAM,IAAI,IAAI,MAAM;AAI1B,UAAM,UACJ,IAAI,aAAa,eACjB,IAAI,aAAa,eACjB,IAAI,aAAa;AAEnB,QAAI,IAAI,aAAa,YAAY,CAAC,SAAS;AACzC,YAAM,IAAI;AAAA,QACR,gDAAgD,MAAM;AAAA,MACxD;AAAA,IACF;AAEA,aAAS;AAAA,MACP;AAAA,MACA,mBAAmB,KAAK;AAAA,QACtB,aAAa,KAAK,KAAK;AAAA;AAAA,MACzB,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO,SAAS,IAAI,MAAM;AAC5B;AAsBA,eAAsB,qBACpB,OACA,UAA8B,CAAC,GACL;AAC1B,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,OAAO,QAAQ,OAAO;AAE5B,QAAM,EAAE,QAAQ,IAAI,MAAM,UAAU,OAAO,MAAM;AAAA,IAC/C,QAAQ;AAAA;AAAA;AAAA;AAAA,IAIR,YAAY,CAAC,OAAO;AAAA,IACpB,gBAAgB,QAAQ,kBAAkB;AAAA,EAC5C,CAAC;AAGD,MAAI,QAAQ,gBAAgB,UAAU;AACpC,UAAM,IAAI;AAAA,MACR,mEACE,QAAQ,eAAe,WACzB;AAAA,IACF;AAAA,EACF;AACA,MAAI,OAAO,QAAQ,QAAQ,YAAY,QAAQ,IAAI,WAAW,GAAG;AAC/D,UAAM,IAAI,MAAM,yCAAyC;AAAA,EAC3D;AAEA,SAAO;AACT;;;AFrEA,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AACF;AAsBO,SAAS,0BACd,UAAsC,CAAC,GACvC;AACA,QAAM;AAAA,IACJ;AAAA,IACA,0BAA0B;AAAA,IAC1B,iBAAiB;AAAA,IACjB;AAAA,EACF,IAAI;AAEJ,SAAO,eAAe,oBACpB,SACuB;AAEvB,UAAM,iBAAiB,IAAI,QAAQ,QAAQ,OAAO;AAKlD,eAAW,QAAQ,iBAAiB;AAClC,qBAAe,OAAO,IAAI;AAAA,IAC5B;AAGA,QAAI,CAAC,eAAe,cAAc,GAAG;AACnC,aAAO,aAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AAAA,IACnE;AAGA,UAAM,QAAQ,aAAa,cAAc;AAEzC,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAGA,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,qBAAqB,OAAO;AAAA,QACzC,GAAI,YAAY,UAAa,EAAE,QAAQ;AAAA,QACvC;AAAA,MACF,CAAC;AAAA,IACH,SAAS,KAAK;AAEZ,cAAQ;AAAA,QACN;AAAA,QACA,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,MACjD;AACA,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAIA,mBAAe,IAAI,wBAAwB,MAAM;AACjD,mBAAe,IAAI,mBAAmB,OAAO,GAAG;AAEhD,mBAAe,IAAI,sBAAsB,KAAK,UAAU,MAAM,CAAC;AAE/D,WAAO,aAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AAAA,EACnE;AACF;AAIA,SAAS,aACP,SACA,gBACA,SACA,OACA,gBACc;AACd,MAAI,gBAAgB;AAClB,UAAM,SAAS,eAAe,SAAS,OAAO;AAC9C,QAAI,OAAQ,QAAO;AAAA,EACrB;AAEA,MAAI,OAAO;AACT,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,sBAAsB,QAAQ;AAAA,MACvC,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAIA,iBAAe,IAAI,wBAAwB,OAAO;AAClD,SAAO,aAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AACnE;;;AGxGO,SAAS,mBAAmB,SAAuC;AACxE,QAAM,WAAW,QAAQ,QAAQ,IAAI,sBAAsB;AAE3D,MAAI,aAAa,QAAQ;AACvB,WAAO;AAAA,MACL,UAAU;AAAA,MACV,QAAQ,aAAa,UAAU,aAAa;AAAA,IAC9C;AAAA,EACF;AAEA,QAAM,aAAa,QAAQ,QAAQ,IAAI,oBAAoB;AAC3D,MAAI,CAAC,YAAY;AACf,WAAO,EAAE,UAAU,OAAO,QAAQ,gBAAgB;AAAA,EACpD;AAEA,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,UAAU;AACpC,WAAO,EAAE,UAAU,MAAM,OAAO;AAAA,EAClC,QAAQ;AACN,WAAO,EAAE,UAAU,OAAO,QAAQ,gBAAgB;AAAA,EACpD;AACF;","names":[]}

package/package.json ADDED Viewed

@@ -0,0 +1,51 @@
+{
+  "name": "@agent-id/nextjs",
+  "version": "0.1.0",
+  "description": "Agent-ID verifier middleware for Next.js — blocks unauthorized AI agents from your API routes",
+  "keywords": ["agent-id", "agentpass", "bankid", "jwt", "nextjs", "middleware", "ai-agent", "mcp", "bot-detection"],
+  "license": "MIT",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      },
+      "require": {
+        "types": "./dist/index.d.cts",
+        "default": "./dist/index.cjs"
+      }
+    }
+  },
+  "files": ["dist", "README.md", "LICENSE"],
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "npm run typecheck && npm run build"
+  },
+  "peerDependencies": {
+    "next": ">=14.0.0"
+  },
+  "dependencies": {
+    "jose": "^6.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "next": "^16.0.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.6.0",
+    "vitest": "^3.0.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/your-org/agentpass"
+  }
+}