npm - @agent-id/nextjs - Versions diffs - 0.1.0 → 0.1.1 - Mend

@agent-id/nextjs 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # @agent-id/nextjs
-Next.js middleware that automatically detects AI-agent traffic and requires a valid [AgentPass](https://agentpass.vercel.app) JWT. Human browser traffic always passes through untouched.
+Next.js proxy that automatically detects AI-agent traffic and requires a valid [AgentID](https://agentpass.vercel.app) JWT. Human browser traffic always passes through untouched.
 ## Install
@@ -8,22 +8,22 @@ Next.js middleware that automatically detects AI-agent traffic and requires a va
 npm install @agent-id/nextjs
 ```
-Requires `next >= 14`.
+Requires `next >= 16`.
 ## Setup — 2 steps
-### 1. Add the middleware
+### 1. Add the proxy
-Create (or update) `middleware.ts` in your project root:
+Create `proxy.ts` in your project root (same level as `app/`):
 ```ts
-import { createAgentPassMiddleware } from '@agent-id/nextjs';
+import { createAgentIDMiddleware } from '@agent-id/nextjs';
 import type { NextRequest } from 'next/server';
-const agentPass = createAgentPassMiddleware();
+const agentID = createAgentIDMiddleware();
-export function middleware(request: NextRequest) {
-  return agentPass(request);
+export function proxy(request: NextRequest) {
+  return agentID(request);
 }
 // Protect your API routes
@@ -32,20 +32,20 @@ export const config = {
 };
 ```
-That's it. The middleware now:
+That's it. The proxy now:
 - Lets all human browser traffic through unchanged
-- Requires a valid AgentPass JWT from any AI agent / bot
+- Requires a valid AgentID JWT from any AI agent / bot
 - Returns `403 AGENT_UNAUTHORIZED` when the JWT is missing or invalid
 ### 2. Read the verified identity in your route handlers (optional)
 ```ts
 // app/api/anything/route.ts
-import { getAgentPassResult } from '@agent-id/nextjs';
+import { getAgentIDResult } from '@agent-id/nextjs';
 import type { NextRequest } from 'next/server';
 export async function GET(request: NextRequest) {
-  const agent = getAgentPassResult(request);
+  const agent = getAgentIDResult(request);
   if (agent.verified) {
     // Verified AI agent — claims are fully typed
@@ -63,41 +63,41 @@ export async function GET(request: NextRequest) {
 Agents add one header to every request:
 ```
-Authorization: Bearer <agentpass-jwt>
+Authorization: Bearer <agentid-jwt>
 ```
 The JWT is obtained by completing a BankID flow at [agentpass.vercel.app](https://agentpass.vercel.app). Tokens are valid for 1 hour.
 ## Options
-All options are optional — `createAgentPassMiddleware()` with no arguments works out of the box.
+All options are optional — `createAgentIDMiddleware()` with no arguments works out of the box.
 ```ts
-createAgentPassMiddleware({
+createAgentIDMiddleware({
   // Return 403 when an agent has no valid token (default: true).
   // Set to false to let unverified agents through (useful for logging / gradual rollout).
   blockUnauthorizedAgents: true,
-  // Override the JWKS endpoint — only needed if you self-host AgentPass.
-  jwksUrl: 'https://your-agentpass.example.com/api/jwks',
+  // Override the JWKS endpoint — only needed if you self-host AgentID.
+  jwksUrl: 'https://your-agentid.example.com/api/jwks',
   // Clock skew tolerance in seconds (default: 30).
   clockTolerance: 30,
   // Fully custom response when an agent is rejected.
   onUnauthorizedAgent: (request, reason) =>
-    NextResponse.json({ error: 'No AgentPass token', reason }, { status: 403 }),
+    NextResponse.json({ error: 'No AgentID token', reason }, { status: 403 }),
 })
 ```
 ## What gets verified
-Verification is **fully offline** after the first request. The public key is fetched once from the AgentPass JWKS endpoint and cached for 1 hour — no per-request network call.
+Verification is **fully offline** after the first request. The public key is fetched once from the AgentID JWKS endpoint and cached for 1 hour — no per-request network call.
 | Check | Requirement |
 |---|---|
 | Signature | RS256 — `alg:none` and HS256 are explicitly rejected |
-| Issuer (`iss`) | Must equal `"agentpass"` |
+| Issuer (`iss`) | Must equal `"agentid"` |
 | Expiry (`exp`) | Must be in the future |
 | `auth_method` | Must equal `"bankid"` |
@@ -107,7 +107,7 @@ Verification is **fully offline** after the first request. The public key is fet
 |---|---|
 | `sub` | Pseudonymous stable user ID (HMAC-SHA256 of BankID personal number — non-reversible, same person always gets the same ID) |
 | `auth_method` | Always `"bankid"` |
-| `iss` | `"agentpass"` |
+| `iss` | `"agentid"` |
 | `exp` | Unix timestamp — 1 hour from issue |
 | `iat` | Unix timestamp — when issued |
 | `jti` | Unique token ID |

package/dist/index.d.mts CHANGED Viewed

@@ -1,16 +1,16 @@
 import { NextRequest, NextResponse } from 'next/server';
 /**
- * JWT claims present in every AgentPass token.
+ * JWT claims present in every AgentID token.
  *
  * The `sub` field is a pseudonymous identifier derived via HMAC-SHA256 of the
  * user's BankID personal number. It is stable per person but non-reversible —
  * organisations cannot extract the personal number from it.
  */
-interface AgentPassClaims {
+interface AgentIDClaims {
     /** Pseudonymous, stable per-user identifier (HMAC-SHA256 of personal number). */
     sub: string;
-    /** Issuer — always "agentpass". */
+    /** Issuer — always "agentid". */
     iss: string;
     /** Issued-at Unix timestamp. */
     iat: number;
@@ -21,27 +21,27 @@ interface AgentPassClaims {
     /** Authentication method — always "bankid" in this version. */
     auth_method: "bankid";
 }
-interface AgentPassVerified {
+interface AgentIDVerified {
     verified: true;
-    claims: AgentPassClaims;
+    claims: AgentIDClaims;
 }
-interface AgentPassUnverified {
+interface AgentIDUnverified {
     verified: false;
     /** Why verification was skipped or failed. */
     reason: "not_agent" | "no_token" | "invalid_token";
 }
-/** Result attached to every request processed by the AgentPass middleware. */
-type AgentPassResult = AgentPassVerified | AgentPassUnverified;
+/** Result attached to every request processed by the AgentID middleware. */
+type AgentIDResult = AgentIDVerified | AgentIDUnverified;
 interface VerifierOptions {
     /**
-     * URL of the AgentPass JWKS endpoint.
+     * URL of the AgentID JWKS endpoint.
      * Must use HTTPS (except `localhost` / `127.0.0.1` in development).
      *
      * @default 'https://agentpass.vercel.app/api/jwks'
      */
     jwksUrl?: string;
     /**
-     * Block agent requests that carry no valid AgentPass token.
+     * Block agent requests that carry no valid AgentID token.
      * When `false` the middleware still runs but sets an unverified result
      * on the request instead of returning 403.
      *
@@ -57,7 +57,7 @@ interface VerifierOptions {
     clockTolerance?: number;
 }
-type AgentPassMiddlewareOptions = VerifierOptions & {
+type AgentIDMiddlewareOptions = VerifierOptions & {
     /**
      * Optional callback invoked when an agent is detected but carries no
      * valid token. Return a `NextResponse` to override the default 403.
@@ -65,47 +65,47 @@ type AgentPassMiddlewareOptions = VerifierOptions & {
     onUnauthorizedAgent?: (request: NextRequest, reason: string) => NextResponse | void;
 };
 /**
- * Factory that returns a Next.js middleware function which detects AI-agent
- * traffic and enforces AgentPass JWT authentication.
+ * Factory that returns a Next.js proxy function which detects AI-agent
+ * traffic and enforces AgentID JWT authentication.
  *
  * @example
  * ```ts
- * // middleware.ts (project root)
- * import { createAgentPassMiddleware } from '@agent-id/nextjs';
+ * // proxy.ts (project root)
+ * import { createAgentIDMiddleware } from '@agent-id/nextjs';
  *
- * const agentPass = createAgentPassMiddleware({
+ * const agentID = createAgentIDMiddleware({
  *   blockUnauthorizedAgents: true,
  * });
  *
- * export function middleware(request: NextRequest) {
- *   return agentPass(request);
+ * export function proxy(request: NextRequest) {
+ *   return agentID(request);
  * }
  *
  * export const config = { matcher: '/api/:path*' };
  * ```
  */
-declare function createAgentPassMiddleware(options?: AgentPassMiddlewareOptions): (request: NextRequest) => Promise<NextResponse>;
+declare function createAgentIDMiddleware(options?: AgentIDMiddlewareOptions): (request: NextRequest) => Promise<NextResponse>;
 interface VerifyTokenOptions {
     jwksUrl?: string;
     clockTolerance?: number;
 }
 /**
- * Verify an AgentPass JWT and return its decoded claims.
+ * Verify an AgentID JWT and return its decoded claims.
  *
  * Security guarantees
  * ───────────────────
  * • Signature   — RS256, verified against the live JWKS public key.
  * • Algorithm   — strict allowlist `['RS256']`; alg:none and HS256 are
  *                 rejected before signature verification even begins.
- * • Issuer      — must be exactly "agentpass".
+ * • Issuer      — must be exactly "agentid".
  * • Expiry      — enforced; configurable clock tolerance (default 30 s).
  * • kid         — jose matches the JWT `kid` header to the JWKS automatically.
  * • auth_method — validated at runtime; must equal "bankid".
  *
  * @throws if the token is invalid, expired, or fails any check.
  */
-declare function verifyAgentPassToken(token: string, options?: VerifyTokenOptions): Promise<AgentPassClaims>;
+declare function verifyAgentIDToken(token: string, options?: VerifyTokenOptions): Promise<AgentIDClaims>;
 /**
  * Bot / AI-agent detection for Next.js (Edge Runtime compatible).
@@ -128,36 +128,36 @@ declare function verifyAgentPassToken(token: string, options?: VerifyTokenOption
  */
 declare function isAgentRequest(headers: Headers): boolean;
 /**
- * Extract the AgentPass JWT from request headers.
+ * Extract the AgentID JWT from request headers.
  *
  * Checks in order:
  *  1. `Authorization: Bearer <token>` (preferred)
- *  2. `X-AgentPass-Token` (fallback when Authorization is stripped by proxies)
+ *  2. `X-AgentID-Token` (fallback when Authorization is stripped by proxies)
  *
  * @returns The raw JWT string, or `null` if absent.
  */
 declare function extractToken(headers: Headers): string | null;
 /**
- * Extract the verified AgentPass identity from a Next.js App Router request.
+ * Extract the verified AgentID identity from a Next.js App Router request.
  *
- * This function reads the headers set by `createAgentPassMiddleware`. It must
- * only be called from route handlers that sit behind the middleware.
+ * This function reads the headers set by `createAgentIDMiddleware`. It must
+ * only be called from route handlers that sit behind the proxy.
  *
  * @example
  * ```ts
  * // app/api/data/route.ts
- * import { getAgentPassResult } from '@agent-id/nextjs';
+ * import { getAgentIDResult } from '@agent-id/nextjs';
  *
  * export async function GET(request: NextRequest) {
- *   const agentPass = getAgentPassResult(request);
- *   if (!agentPass.verified) {
+ *   const agent = getAgentIDResult(request);
+ *   if (!agent.verified) {
  *     return Response.json({ error: 'Unauthorized' }, { status: 403 });
  *   }
- *   return Response.json({ sub: agentPass.claims.sub });
+ *   return Response.json({ sub: agent.claims.sub });
  * }
  * ```
  */
-declare function getAgentPassResult(request: NextRequest): AgentPassResult;
+declare function getAgentIDResult(request: NextRequest): AgentIDResult;
-export { type AgentPassClaims, type AgentPassMiddlewareOptions, type AgentPassResult, type AgentPassUnverified, type AgentPassVerified, type VerifierOptions, type VerifyTokenOptions, createAgentPassMiddleware, extractToken, getAgentPassResult, isAgentRequest, verifyAgentPassToken };
+export { type AgentIDClaims, type AgentIDMiddlewareOptions, type AgentIDResult, type AgentIDUnverified, type AgentIDVerified, type VerifierOptions, type VerifyTokenOptions, createAgentIDMiddleware, extractToken, getAgentIDResult, isAgentRequest, verifyAgentIDToken };

package/dist/index.d.ts CHANGED Viewed

@@ -1,16 +1,16 @@
 import { NextRequest, NextResponse } from 'next/server';
 /**
- * JWT claims present in every AgentPass token.
+ * JWT claims present in every AgentID token.
  *
  * The `sub` field is a pseudonymous identifier derived via HMAC-SHA256 of the
  * user's BankID personal number. It is stable per person but non-reversible —
  * organisations cannot extract the personal number from it.
  */
-interface AgentPassClaims {
+interface AgentIDClaims {
     /** Pseudonymous, stable per-user identifier (HMAC-SHA256 of personal number). */
     sub: string;
-    /** Issuer — always "agentpass". */
+    /** Issuer — always "agentid". */
     iss: string;
     /** Issued-at Unix timestamp. */
     iat: number;
@@ -21,27 +21,27 @@ interface AgentPassClaims {
     /** Authentication method — always "bankid" in this version. */
     auth_method: "bankid";
 }
-interface AgentPassVerified {
+interface AgentIDVerified {
     verified: true;
-    claims: AgentPassClaims;
+    claims: AgentIDClaims;
 }
-interface AgentPassUnverified {
+interface AgentIDUnverified {
     verified: false;
     /** Why verification was skipped or failed. */
     reason: "not_agent" | "no_token" | "invalid_token";
 }
-/** Result attached to every request processed by the AgentPass middleware. */
-type AgentPassResult = AgentPassVerified | AgentPassUnverified;
+/** Result attached to every request processed by the AgentID middleware. */
+type AgentIDResult = AgentIDVerified | AgentIDUnverified;
 interface VerifierOptions {
     /**
-     * URL of the AgentPass JWKS endpoint.
+     * URL of the AgentID JWKS endpoint.
      * Must use HTTPS (except `localhost` / `127.0.0.1` in development).
      *
      * @default 'https://agentpass.vercel.app/api/jwks'
      */
     jwksUrl?: string;
     /**
-     * Block agent requests that carry no valid AgentPass token.
+     * Block agent requests that carry no valid AgentID token.
      * When `false` the middleware still runs but sets an unverified result
      * on the request instead of returning 403.
      *
@@ -57,7 +57,7 @@ interface VerifierOptions {
     clockTolerance?: number;
 }
-type AgentPassMiddlewareOptions = VerifierOptions & {
+type AgentIDMiddlewareOptions = VerifierOptions & {
     /**
      * Optional callback invoked when an agent is detected but carries no
      * valid token. Return a `NextResponse` to override the default 403.
@@ -65,47 +65,47 @@ type AgentPassMiddlewareOptions = VerifierOptions & {
     onUnauthorizedAgent?: (request: NextRequest, reason: string) => NextResponse | void;
 };
 /**
- * Factory that returns a Next.js middleware function which detects AI-agent
- * traffic and enforces AgentPass JWT authentication.
+ * Factory that returns a Next.js proxy function which detects AI-agent
+ * traffic and enforces AgentID JWT authentication.
  *
  * @example
  * ```ts
- * // middleware.ts (project root)
- * import { createAgentPassMiddleware } from '@agent-id/nextjs';
+ * // proxy.ts (project root)
+ * import { createAgentIDMiddleware } from '@agent-id/nextjs';
  *
- * const agentPass = createAgentPassMiddleware({
+ * const agentID = createAgentIDMiddleware({
  *   blockUnauthorizedAgents: true,
  * });
  *
- * export function middleware(request: NextRequest) {
- *   return agentPass(request);
+ * export function proxy(request: NextRequest) {
+ *   return agentID(request);
  * }
  *
  * export const config = { matcher: '/api/:path*' };
  * ```
  */
-declare function createAgentPassMiddleware(options?: AgentPassMiddlewareOptions): (request: NextRequest) => Promise<NextResponse>;
+declare function createAgentIDMiddleware(options?: AgentIDMiddlewareOptions): (request: NextRequest) => Promise<NextResponse>;
 interface VerifyTokenOptions {
     jwksUrl?: string;
     clockTolerance?: number;
 }
 /**
- * Verify an AgentPass JWT and return its decoded claims.
+ * Verify an AgentID JWT and return its decoded claims.
  *
  * Security guarantees
  * ───────────────────
  * • Signature   — RS256, verified against the live JWKS public key.
  * • Algorithm   — strict allowlist `['RS256']`; alg:none and HS256 are
  *                 rejected before signature verification even begins.
- * • Issuer      — must be exactly "agentpass".
+ * • Issuer      — must be exactly "agentid".
  * • Expiry      — enforced; configurable clock tolerance (default 30 s).
  * • kid         — jose matches the JWT `kid` header to the JWKS automatically.
  * • auth_method — validated at runtime; must equal "bankid".
  *
  * @throws if the token is invalid, expired, or fails any check.
  */
-declare function verifyAgentPassToken(token: string, options?: VerifyTokenOptions): Promise<AgentPassClaims>;
+declare function verifyAgentIDToken(token: string, options?: VerifyTokenOptions): Promise<AgentIDClaims>;
 /**
  * Bot / AI-agent detection for Next.js (Edge Runtime compatible).
@@ -128,36 +128,36 @@ declare function verifyAgentPassToken(token: string, options?: VerifyTokenOption
  */
 declare function isAgentRequest(headers: Headers): boolean;
 /**
- * Extract the AgentPass JWT from request headers.
+ * Extract the AgentID JWT from request headers.
  *
  * Checks in order:
  *  1. `Authorization: Bearer <token>` (preferred)
- *  2. `X-AgentPass-Token` (fallback when Authorization is stripped by proxies)
+ *  2. `X-AgentID-Token` (fallback when Authorization is stripped by proxies)
  *
  * @returns The raw JWT string, or `null` if absent.
  */
 declare function extractToken(headers: Headers): string | null;
 /**
- * Extract the verified AgentPass identity from a Next.js App Router request.
+ * Extract the verified AgentID identity from a Next.js App Router request.
  *
- * This function reads the headers set by `createAgentPassMiddleware`. It must
- * only be called from route handlers that sit behind the middleware.
+ * This function reads the headers set by `createAgentIDMiddleware`. It must
+ * only be called from route handlers that sit behind the proxy.
  *
  * @example
  * ```ts
  * // app/api/data/route.ts
- * import { getAgentPassResult } from '@agent-id/nextjs';
+ * import { getAgentIDResult } from '@agent-id/nextjs';
  *
  * export async function GET(request: NextRequest) {
- *   const agentPass = getAgentPassResult(request);
- *   if (!agentPass.verified) {
+ *   const agent = getAgentIDResult(request);
+ *   if (!agent.verified) {
  *     return Response.json({ error: 'Unauthorized' }, { status: 403 });
  *   }
- *   return Response.json({ sub: agentPass.claims.sub });
+ *   return Response.json({ sub: agent.claims.sub });
  * }
  * ```
  */
-declare function getAgentPassResult(request: NextRequest): AgentPassResult;
+declare function getAgentIDResult(request: NextRequest): AgentIDResult;
-export { type AgentPassClaims, type AgentPassMiddlewareOptions, type AgentPassResult, type AgentPassUnverified, type AgentPassVerified, type VerifierOptions, type VerifyTokenOptions, createAgentPassMiddleware, extractToken, getAgentPassResult, isAgentRequest, verifyAgentPassToken };
+export { type AgentIDClaims, type AgentIDMiddlewareOptions, type AgentIDResult, type AgentIDUnverified, type AgentIDVerified, type VerifierOptions, type VerifyTokenOptions, createAgentIDMiddleware, extractToken, getAgentIDResult, isAgentRequest, verifyAgentIDToken };

package/dist/index.js CHANGED Viewed

@@ -20,11 +20,11 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
-  createAgentPassMiddleware: () => createAgentPassMiddleware,
+  createAgentIDMiddleware: () => createAgentIDMiddleware,
   extractToken: () => extractToken,
-  getAgentPassResult: () => getAgentPassResult,
+  getAgentIDResult: () => getAgentIDResult,
   isAgentRequest: () => isAgentRequest,
-  verifyAgentPassToken: () => verifyAgentPassToken
+  verifyAgentIDToken: () => verifyAgentIDToken
 });
 module.exports = __toCommonJS(index_exports);
@@ -41,6 +41,7 @@ var BOT_UA_PATTERNS = [
   /ClaudeBot/i,
   /Claude-Web/i,
   /anthropic-ai/i,
+  /Claude-User/i,
   // Google
   /Googlebot/i,
   /Google-Extended/i,
@@ -66,9 +67,9 @@ var BOT_UA_PATTERNS = [
   /\bspider\b/i,
   /\bscraper\b/i,
   /\bfetcher\b/i,
-  // MCP / AgentPass clients
+  // MCP / AgentID clients
   /mcp-client/i,
-  /agentpass-client/i
+  /agentid-client/i
 ];
 var BROWSER_UA_RE = /Mozilla\/5\.0/i;
 function isAgentRequest(headers) {
@@ -92,7 +93,7 @@ function extractToken(headers) {
     const token = auth.slice(7).trim();
     if (token) return token;
   }
-  const custom = headers.get("x-agentpass-token")?.trim();
+  const custom = headers.get("x-agentid-token")?.trim();
   if (custom) return custom;
   return null;
 }
@@ -120,11 +121,11 @@ function getJwks(rawUrl) {
   }
   return jwksSets.get(rawUrl);
 }
-async function verifyAgentPassToken(token, options = {}) {
+async function verifyAgentIDToken(token, options = {}) {
   const jwksUrl = options.jwksUrl ?? DEFAULT_JWKS_URL;
   const JWKS = getJwks(jwksUrl);
   const { payload } = await (0, import_jose.jwtVerify)(token, JWKS, {
-    issuer: "agentpass",
+    issuer: "agentid",
     // ↓ Critical — explicit allowlist prevents algorithm-confusion attacks.
     //   Any token claiming alg:"none", alg:"HS256", or anything else is
     //   rejected before signature verification.
@@ -144,18 +145,18 @@ async function verifyAgentPassToken(token, options = {}) {
 // src/middleware.ts
 var MANAGED_HEADERS = [
-  "x-agentpass-verified",
-  "x-agentpass-sub",
-  "x-agentpass-claims"
+  "x-agentid-verified",
+  "x-agentid-sub",
+  "x-agentid-claims"
 ];
-function createAgentPassMiddleware(options = {}) {
+function createAgentIDMiddleware(options = {}) {
   const {
     jwksUrl,
     blockUnauthorizedAgents = true,
     clockTolerance = 30,
     onUnauthorizedAgent
   } = options;
-  return async function agentPassMiddleware(request) {
+  return async function agentIDMiddleware(request) {
     const requestHeaders = new Headers(request.headers);
     for (const name of MANAGED_HEADERS) {
       requestHeaders.delete(name);
@@ -168,14 +169,14 @@ function createAgentPassMiddleware(options = {}) {
       return unauthorized(
         request,
         requestHeaders,
-        'Agent request missing AgentPass token. Provide "Authorization: Bearer <token>".',
+        'Agent request missing AgentID token. Provide "Authorization: Bearer <token>".',
         blockUnauthorizedAgents,
         onUnauthorizedAgent
       );
     }
     let claims;
     try {
-      claims = await verifyAgentPassToken(token, {
+      claims = await verifyAgentIDToken(token, {
         ...jwksUrl !== void 0 && { jwksUrl },
         clockTolerance
       });
@@ -187,14 +188,14 @@ function createAgentPassMiddleware(options = {}) {
       return unauthorized(
         request,
         requestHeaders,
-        "Invalid or expired AgentPass token.",
+        "Invalid or expired AgentID token.",
         blockUnauthorizedAgents,
         onUnauthorizedAgent
       );
     }
-    requestHeaders.set("x-agentpass-verified", "true");
-    requestHeaders.set("x-agentpass-sub", claims.sub);
-    requestHeaders.set("x-agentpass-claims", JSON.stringify(claims));
+    requestHeaders.set("x-agentid-verified", "true");
+    requestHeaders.set("x-agentid-sub", claims.sub);
+    requestHeaders.set("x-agentid-claims", JSON.stringify(claims));
     return import_server.NextResponse.next({ request: { headers: requestHeaders } });
   };
 }
@@ -209,20 +210,20 @@ function unauthorized(request, requestHeaders, message, block, onUnauthorized) {
       { status: 403 }
     );
   }
-  requestHeaders.set("x-agentpass-verified", "false");
+  requestHeaders.set("x-agentid-verified", "false");
   return import_server.NextResponse.next({ request: { headers: requestHeaders } });
 }
 // src/index.ts
-function getAgentPassResult(request) {
-  const verified = request.headers.get("x-agentpass-verified");
+function getAgentIDResult(request) {
+  const verified = request.headers.get("x-agentid-verified");
   if (verified !== "true") {
     return {
       verified: false,
       reason: verified === "false" ? "no_token" : "not_agent"
     };
   }
-  const claimsJson = request.headers.get("x-agentpass-claims");
+  const claimsJson = request.headers.get("x-agentid-claims");
   if (!claimsJson) {
     return { verified: false, reason: "invalid_token" };
   }
@@ -235,10 +236,10 @@ function getAgentPassResult(request) {
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  createAgentPassMiddleware,
+  createAgentIDMiddleware,
   extractToken,
-  getAgentPassResult,
+  getAgentIDResult,
   isAgentRequest,
-  verifyAgentPassToken
+  verifyAgentIDToken
 });
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/index.ts","../src/middleware.ts","../src/detect.ts","../src/verify.ts"],"sourcesContent":["export { createAgentPassMiddleware } from \"./middleware.js\";\nexport type { AgentPassMiddlewareOptions } from \"./middleware.js\";\n\nexport { verifyAgentPassToken } from \"./verify.js\";\nexport type { VerifyTokenOptions } from \"./verify.js\";\n\nexport { isAgentRequest, extractToken } from \"./detect.js\";\n\nexport type {\n AgentPassClaims,\n AgentPassResult,\n AgentPassVerified,\n AgentPassUnverified,\n VerifierOptions,\n} from \"./types.js\";\n\n// ── App Router helper ────────────────────────────────────────────────────────\n\nimport type { NextRequest } from \"next/server\";\nimport type { AgentPassResult, AgentPassClaims } from \"./types.js\";\n\n/*\n Extract the verified AgentPass identity from a Next.js App Router request.\n \n This function reads the headers set by `createAgentPassMiddleware`. It must\n * only be called from route handlers that sit behind the middleware.\n \n @example\n * ```ts\n * // app/api/data/route.ts\n * import { getAgentPassResult } from '@agent-id/nextjs';\n \n export async function GET(request: NextRequest) {\n * const agentPass = getAgentPassResult(request);\n * if (!agentPass.verified) {\n * return Response.json({ error: 'Unauthorized' }, { status: 403 });\n * }\n * return Response.json({ sub: agentPass.claims.sub });\n * }\n * ```\n /\nexport function getAgentPassResult(request: NextRequest): AgentPassResult {\n const verified = request.headers.get(\"x-agentpass-verified\");\n\n if (verified !== \"true\") {\n return {\n verified: false,\n reason: verified === \"false\" ? \"no_token\" : \"not_agent\",\n };\n }\n\n const claimsJson = request.headers.get(\"x-agentpass-claims\");\n if (!claimsJson) {\n return { verified: false, reason: \"invalid_token\" };\n }\n\n try {\n const claims = JSON.parse(claimsJson) as AgentPassClaims;\n return { verified: true, claims };\n } catch {\n return { verified: false, reason: \"invalid_token\" };\n }\n}\n","import { NextRequest, NextResponse } from \"next/server\";\nimport { isAgentRequest, extractToken } from \"./detect.js\";\nimport { verifyAgentPassToken } from \"./verify.js\";\nimport type { VerifierOptions, AgentPassClaims } from \"./types.js\";\n\nexport type AgentPassMiddlewareOptions = VerifierOptions & {\n /\n Optional callback invoked when an agent is detected but carries no\n * valid token. Return a `NextResponse` to override the default 403.\n /\n onUnauthorizedAgent?: (\n request: NextRequest,\n reason: string\n ) => NextResponse \| void;\n};\n\n/\n Headers injected by this middleware into downstream route handlers.\n * They are stripped from the incoming request first to prevent spoofing.\n /\nconst MANAGED_HEADERS = [\n \"x-agentpass-verified\",\n \"x-agentpass-sub\",\n \"x-agentpass-claims\",\n] as const;\n\n/\n Factory that returns a Next.js middleware function which detects AI-agent\n * traffic and enforces AgentPass JWT authentication.\n \n @example\n * ```ts\n * // middleware.ts (project root)\n * import { createAgentPassMiddleware } from '@agent-id/nextjs';\n \n const agentPass = createAgentPassMiddleware({\n * blockUnauthorizedAgents: true,\n * });\n \n export function middleware(request: NextRequest) {\n * return agentPass(request);\n * }\n \n export const config = { matcher: '/api/:path' };\n ```\n /\nexport function createAgentPassMiddleware(\n options: AgentPassMiddlewareOptions = {}\n) {\n const {\n jwksUrl,\n blockUnauthorizedAgents = true,\n clockTolerance = 30,\n onUnauthorizedAgent,\n } = options;\n\n return async function agentPassMiddleware(\n request: NextRequest\n ): Promise<NextResponse> {\n // Clone incoming headers so we can safely mutate them.\n const requestHeaders = new Headers(request.headers);\n\n // ── Security: strip client-supplied AgentPass headers ──────────────────\n // Without this, a malicious agent could send x-agentpass-verified: true\n // and bypass the check in route handlers.\n for (const name of MANAGED_HEADERS) {\n requestHeaders.delete(name);\n }\n\n // ── Non-agent traffic ──────────────────────────────────────────────────\n if (!isAgentRequest(requestHeaders)) {\n return NextResponse.next({ request: { headers: requestHeaders } });\n }\n\n // ── Agent detected — require a valid JWT ───────────────────────────────\n const token = extractToken(requestHeaders);\n\n if (!token) {\n return unauthorized(\n request,\n requestHeaders,\n 'Agent request missing AgentPass token. Provide \"Authorization: Bearer <token>\".',\n blockUnauthorizedAgents,\n onUnauthorizedAgent\n );\n }\n\n // ── Verify the JWT ─────────────────────────────────────────────────────\n let claims: AgentPassClaims;\n try {\n claims = await verifyAgentPassToken(token, {\n ...(jwksUrl !== undefined && { jwksUrl }),\n clockTolerance,\n });\n } catch (err) {\n // Never surface the raw error to the caller — it might leak internals.\n console.warn(\n \"[agent-id] Token verification failed:\",\n err instanceof Error ? err.message : String(err)\n );\n return unauthorized(\n request,\n requestHeaders,\n \"Invalid or expired AgentPass token.\",\n blockUnauthorizedAgents,\n onUnauthorizedAgent\n );\n }\n\n // ── Verified — inject identity into request headers ────────────────────\n // Route handlers read these via getAgentPassResult(request).\n requestHeaders.set(\"x-agentpass-verified\", \"true\");\n requestHeaders.set(\"x-agentpass-sub\", claims.sub);\n // Full claims encoded as JSON for type-safe extraction by helpers.\n requestHeaders.set(\"x-agentpass-claims\", JSON.stringify(claims));\n\n return NextResponse.next({ request: { headers: requestHeaders } });\n };\n}\n\n// ── Internal helper ──────────────────────────────────────────────────────────\n\nfunction unauthorized(\n request: NextRequest,\n requestHeaders: Headers,\n message: string,\n block: boolean,\n onUnauthorized: AgentPassMiddlewareOptions[\"onUnauthorizedAgent\"]\n): NextResponse {\n if (onUnauthorized) {\n const custom = onUnauthorized(request, message);\n if (custom) return custom;\n }\n\n if (block) {\n return NextResponse.json(\n { error: \"AGENT_UNAUTHORIZED\", message },\n { status: 403 }\n );\n }\n\n // Pass through with a \"not verified\" marker so route handlers can still\n // distinguish agent traffic from human traffic.\n requestHeaders.set(\"x-agentpass-verified\", \"false\");\n return NextResponse.next({ request: { headers: requestHeaders } });\n}\n","/\n Bot / AI-agent detection for Next.js (Edge Runtime compatible).\n \n Uses layered heuristics:\n * 1. Explicit bot / AI-agent User-Agent strings\n * 2. Cloudflare Bot Management score (if header is present)\n * 3. Absence of browser signals (no Accept-Language + non-browser UA)\n \n The detector is intentionally conservative — when in doubt it lets the\n * request through (fail open). A false negative (undetected bot) means the\n * request passes without a JWT check. A false positive (human flagged as bot)\n * would block legitimate traffic, which is much worse.\n /\n\nconst BOT_UA_PATTERNS: RegExp[] = [\n // OpenAI\n /GPTBot/i,\n /ChatGPT-User/i,\n /OAI-SearchBot/i,\n // Anthropic / Claude\n /ClaudeBot/i,\n /Claude-Web/i,\n /anthropic-ai/i,\n // Google\n /Googlebot/i,\n /Google-Extended/i,\n /AdsBot-Google/i,\n // Microsoft / Bing\n /bingbot/i,\n /msnbot/i,\n // AI search engines\n /PerplexityBot/i,\n /YouBot/i,\n // Common HTTP automation libraries\n /python-requests/i,\n /node-fetch/i,\n /\\baxios\\b/i,\n /\\bgot\\b\\//i,\n /\\bundici\\b/i,\n /\\bcurl\\b/i,\n /\\bwget\\b/i,\n /\\bhttpie\\b/i,\n // Generic crawler signals (word-boundary matched to reduce false positives)\n /\\bbot\\b/i,\n /\\bcrawler\\b/i,\n /\\bspider\\b/i,\n /\\bscraper\\b/i,\n /\\bfetcher\\b/i,\n // MCP / AgentPass clients\n /mcp-client/i,\n /agentpass-client/i,\n];\n\n// Every major browser includes \"Mozilla/5.0\" — its absence is a strong signal\nconst BROWSER_UA_RE = /Mozilla\\/5\\.0/i;\n\n/\n Returns `true` if the request appears to originate from an automated\n * agent or bot rather than a human browser.\n \n @param headers - The `Headers` object from a Next.js `NextRequest`\n /\nexport function isAgentRequest(headers: Headers): boolean {\n const ua = headers.get(\"user-agent\") ?? \"\";\n\n // No User-Agent → definitely automated\n if (!ua) return true;\n\n // Explicit bot / agent UA match\n if (BOT_UA_PATTERNS.some((p) => p.test(ua))) return true;\n\n // Cloudflare Bot Management: the `cf-bot-management` header contains a\n // JSON blob with a `score` field (0–100). Score < 30 → highly likely bot.\n const cfRaw = headers.get(\"cf-bot-management\");\n if (cfRaw) {\n try {\n const parsed = JSON.parse(cfRaw) as { score?: unknown };\n if (typeof parsed.score === \"number\" && parsed.score < 30) return true;\n } catch {\n // Malformed header — fail open (pass through)\n }\n }\n\n // Heuristic: non-browser UA + no Accept-Language → likely automated\n if (!BROWSER_UA_RE.test(ua) && !headers.get(\"accept-language\")) return true;\n\n return false;\n}\n\n/\n Extract the AgentPass JWT from request headers.\n \n Checks in order:\n * 1. `Authorization: Bearer <token>` (preferred)\n * 2. `X-AgentPass-Token` (fallback when Authorization is stripped by proxies)\n \n @returns The raw JWT string, or `null` if absent.\n /\nexport function extractToken(headers: Headers): string \| null {\n // Primary: standard Authorization header\n const auth = headers.get(\"authorization\") ?? \"\";\n if (auth.startsWith(\"Bearer \")) {\n const token = auth.slice(7).trim();\n if (token) return token;\n }\n\n // Fallback: custom header\n const custom = headers.get(\"x-agentpass-token\")?.trim();\n if (custom) return custom;\n\n return null;\n}\n","import { createRemoteJWKSet, jwtVerify } from \"jose\";\nimport type { AgentPassClaims } from \"./types.js\";\n\nconst DEFAULT_JWKS_URL = \"https://agentpass.vercel.app/api/jwks\";\n\n/\n Module-level JWKS cache — one RemoteJWKSet instance per unique URL.\n * jose caches the fetched key material internally; re-fetches when the\n * cache TTL (1 h) expires or a new `kid` is seen.\n /\nconst jwksSets = new Map<string, ReturnType<typeof createRemoteJWKSet>>();\n\nfunction getJwks(rawUrl: string): ReturnType<typeof createRemoteJWKSet> {\n if (!jwksSets.has(rawUrl)) {\n const url = new URL(rawUrl); // throws on malformed URL\n\n // Security: HTTPS is mandatory to prevent MITM on the public-key fetch.\n // Localhost is whitelisted for local development / CI.\n const isLocal =\n url.hostname === \"localhost\" \|\|\n url.hostname === \"127.0.0.1\" \|\|\n url.hostname === \"::1\";\n\n if (url.protocol !== \"https:\" && !isLocal) {\n throw new Error(\n `[agent-id] jwksUrl must use HTTPS, received: ${rawUrl}`\n );\n }\n\n jwksSets.set(\n rawUrl,\n createRemoteJWKSet(url, {\n cacheMaxAge: 60 60 * 1_000, // 1 hour in ms\n })\n );\n }\n\n return jwksSets.get(rawUrl)!;\n}\n\nexport interface VerifyTokenOptions {\n jwksUrl?: string;\n clockTolerance?: number;\n}\n\n/*\n Verify an AgentPass JWT and return its decoded claims.\n \n Security guarantees\n * ───────────────────\n * • Signature — RS256, verified against the live JWKS public key.\n * • Algorithm — strict allowlist `['RS256']`; alg:none and HS256 are\n * rejected before signature verification even begins.\n * • Issuer — must be exactly \"agentpass\".\n * • Expiry — enforced; configurable clock tolerance (default 30 s).\n * • kid — jose matches the JWT `kid` header to the JWKS automatically.\n * • auth_method — validated at runtime; must equal \"bankid\".\n \n @throws if the token is invalid, expired, or fails any check.\n */\nexport async function verifyAgentPassToken(\n token: string,\n options: VerifyTokenOptions = {}\n): Promise<AgentPassClaims> {\n const jwksUrl = options.jwksUrl ?? DEFAULT_JWKS_URL;\n const JWKS = getJwks(jwksUrl);\n\n const { payload } = await jwtVerify(token, JWKS, {\n issuer: \"agentpass\",\n // ↓ Critical — explicit allowlist prevents algorithm-confusion attacks.\n // Any token claiming alg:\"none\", alg:\"HS256\", or anything else is\n // rejected before signature verification.\n algorithms: [\"RS256\"],\n clockTolerance: options.clockTolerance ?? 30,\n });\n\n // Runtime validation of AgentPass-specific claims.\n if (payload.auth_method !== \"bankid\") {\n throw new Error(\n `[agent-id] JWT has invalid auth_method: expected \"bankid\", got \"${\n payload.auth_method ?? \"undefined\"\n }\"`\n );\n }\n if (typeof payload.sub !== \"string\" \|\| payload.sub.length === 0) {\n throw new Error(\"[agent-id] JWT is missing the sub claim\");\n }\n\n return payload as unknown as AgentPassClaims;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,oBAA0C;;;ACc1C,IAAM,kBAA4B;AAAA;AAAA,EAEhC;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AACF;AAGA,IAAM,gBAAgB;AAQf,SAAS,eAAe,SAA2B;AACxD,QAAM,KAAK,QAAQ,IAAI,YAAY,KAAK;AAGxC,MAAI,CAAC,GAAI,QAAO;AAGhB,MAAI,gBAAgB,KAAK,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,EAAG,QAAO;AAIpD,QAAM,QAAQ,QAAQ,IAAI,mBAAmB;AAC7C,MAAI,OAAO;AACT,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,KAAK;AAC/B,UAAI,OAAO,OAAO,UAAU,YAAY,OAAO,QAAQ,GAAI,QAAO;AAAA,IACpE,QAAQ;AAAA,IAER;AAAA,EACF;AAGA,MAAI,CAAC,cAAc,KAAK,EAAE,KAAK,CAAC,QAAQ,IAAI,iBAAiB,EAAG,QAAO;AAEvE,SAAO;AACT;AAWO,SAAS,aAAa,SAAiC;AAE5D,QAAM,OAAO,QAAQ,IAAI,eAAe,KAAK;AAC7C,MAAI,KAAK,WAAW,SAAS,GAAG;AAC9B,UAAM,QAAQ,KAAK,MAAM,CAAC,EAAE,KAAK;AACjC,QAAI,MAAO,QAAO;AAAA,EACpB;AAGA,QAAM,SAAS,QAAQ,IAAI,mBAAmB,GAAG,KAAK;AACtD,MAAI,OAAQ,QAAO;AAEnB,SAAO;AACT;;;AC/GA,kBAA8C;AAG9C,IAAM,mBAAmB;AAOzB,IAAM,WAAW,oBAAI,IAAmD;AAExE,SAAS,QAAQ,QAAuD;AACtE,MAAI,CAAC,SAAS,IAAI,MAAM,GAAG;AACzB,UAAM,MAAM,IAAI,IAAI,MAAM;AAI1B,UAAM,UACJ,IAAI,aAAa,eACjB,IAAI,aAAa,eACjB,IAAI,aAAa;AAEnB,QAAI,IAAI,aAAa,YAAY,CAAC,SAAS;AACzC,YAAM,IAAI;AAAA,QACR,gDAAgD,MAAM;AAAA,MACxD;AAAA,IACF;AAEA,aAAS;AAAA,MACP;AAAA,UACA,gCAAmB,KAAK;AAAA,QACtB,aAAa,KAAK,KAAK;AAAA;AAAA,MACzB,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO,SAAS,IAAI,MAAM;AAC5B;AAsBA,eAAsB,qBACpB,OACA,UAA8B,CAAC,GACL;AAC1B,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,OAAO,QAAQ,OAAO;AAE5B,QAAM,EAAE,QAAQ,IAAI,UAAM,uBAAU,OAAO,MAAM;AAAA,IAC/C,QAAQ;AAAA;AAAA;AAAA;AAAA,IAIR,YAAY,CAAC,OAAO;AAAA,IACpB,gBAAgB,QAAQ,kBAAkB;AAAA,EAC5C,CAAC;AAGD,MAAI,QAAQ,gBAAgB,UAAU;AACpC,UAAM,IAAI;AAAA,MACR,mEACE,QAAQ,eAAe,WACzB;AAAA,IACF;AAAA,EACF;AACA,MAAI,OAAO,QAAQ,QAAQ,YAAY,QAAQ,IAAI,WAAW,GAAG;AAC/D,UAAM,IAAI,MAAM,yCAAyC;AAAA,EAC3D;AAEA,SAAO;AACT;;;AFrEA,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AACF;AAsBO,SAAS,0BACd,UAAsC,CAAC,GACvC;AACA,QAAM;AAAA,IACJ;AAAA,IACA,0BAA0B;AAAA,IAC1B,iBAAiB;AAAA,IACjB;AAAA,EACF,IAAI;AAEJ,SAAO,eAAe,oBACpB,SACuB;AAEvB,UAAM,iBAAiB,IAAI,QAAQ,QAAQ,OAAO;AAKlD,eAAW,QAAQ,iBAAiB;AAClC,qBAAe,OAAO,IAAI;AAAA,IAC5B;AAGA,QAAI,CAAC,eAAe,cAAc,GAAG;AACnC,aAAO,2BAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AAAA,IACnE;AAGA,UAAM,QAAQ,aAAa,cAAc;AAEzC,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAGA,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,qBAAqB,OAAO;AAAA,QACzC,GAAI,YAAY,UAAa,EAAE,QAAQ;AAAA,QACvC;AAAA,MACF,CAAC;AAAA,IACH,SAAS,KAAK;AAEZ,cAAQ;AAAA,QACN;AAAA,QACA,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,MACjD;AACA,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAIA,mBAAe,IAAI,wBAAwB,MAAM;AACjD,mBAAe,IAAI,mBAAmB,OAAO,GAAG;AAEhD,mBAAe,IAAI,sBAAsB,KAAK,UAAU,MAAM,CAAC;AAE/D,WAAO,2BAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AAAA,EACnE;AACF;AAIA,SAAS,aACP,SACA,gBACA,SACA,OACA,gBACc;AACd,MAAI,gBAAgB;AAClB,UAAM,SAAS,eAAe,SAAS,OAAO;AAC9C,QAAI,OAAQ,QAAO;AAAA,EACrB;AAEA,MAAI,OAAO;AACT,WAAO,2BAAa;AAAA,MAClB,EAAE,OAAO,sBAAsB,QAAQ;AAAA,MACvC,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAIA,iBAAe,IAAI,wBAAwB,OAAO;AAClD,SAAO,2BAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AACnE;;;ADxGO,SAAS,mBAAmB,SAAuC;AACxE,QAAM,WAAW,QAAQ,QAAQ,IAAI,sBAAsB;AAE3D,MAAI,aAAa,QAAQ;AACvB,WAAO;AAAA,MACL,UAAU;AAAA,MACV,QAAQ,aAAa,UAAU,aAAa;AAAA,IAC9C;AAAA,EACF;AAEA,QAAM,aAAa,QAAQ,QAAQ,IAAI,oBAAoB;AAC3D,MAAI,CAAC,YAAY;AACf,WAAO,EAAE,UAAU,OAAO,QAAQ,gBAAgB;AAAA,EACpD;AAEA,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,UAAU;AACpC,WAAO,EAAE,UAAU,MAAM,OAAO;AAAA,EAClC,QAAQ;AACN,WAAO,EAAE,UAAU,OAAO,QAAQ,gBAAgB;AAAA,EACpD;AACF;","names":[]}
1	+ {"version":3,"sources":["../src/index.ts","../src/middleware.ts","../src/detect.ts","../src/verify.ts"],"sourcesContent":["export { createAgentIDMiddleware } from \"./middleware.js\";\nexport type { AgentIDMiddlewareOptions } from \"./middleware.js\";\n\nexport { verifyAgentIDToken } from \"./verify.js\";\nexport type { VerifyTokenOptions } from \"./verify.js\";\n\nexport { isAgentRequest, extractToken } from \"./detect.js\";\n\nexport type {\n AgentIDClaims,\n AgentIDResult,\n AgentIDVerified,\n AgentIDUnverified,\n VerifierOptions,\n} from \"./types.js\";\n\n// ── App Router helper ────────────────────────────────────────────────────────\n\nimport type { NextRequest } from \"next/server\";\nimport type { AgentIDResult, AgentIDClaims } from \"./types.js\";\n\n/*\n Extract the verified AgentID identity from a Next.js App Router request.\n \n This function reads the headers set by `createAgentIDMiddleware`. It must\n * only be called from route handlers that sit behind the proxy.\n \n @example\n * ```ts\n * // app/api/data/route.ts\n * import { getAgentIDResult } from '@agent-id/nextjs';\n \n export async function GET(request: NextRequest) {\n * const agent = getAgentIDResult(request);\n * if (!agent.verified) {\n * return Response.json({ error: 'Unauthorized' }, { status: 403 });\n * }\n * return Response.json({ sub: agent.claims.sub });\n * }\n * ```\n /\nexport function getAgentIDResult(request: NextRequest): AgentIDResult {\n const verified = request.headers.get(\"x-agentid-verified\");\n\n if (verified !== \"true\") {\n return {\n verified: false,\n reason: verified === \"false\" ? \"no_token\" : \"not_agent\",\n };\n }\n\n const claimsJson = request.headers.get(\"x-agentid-claims\");\n if (!claimsJson) {\n return { verified: false, reason: \"invalid_token\" };\n }\n\n try {\n const claims = JSON.parse(claimsJson) as AgentIDClaims;\n return { verified: true, claims };\n } catch {\n return { verified: false, reason: \"invalid_token\" };\n }\n}\n","import { NextRequest, NextResponse } from \"next/server\";\nimport { isAgentRequest, extractToken } from \"./detect.js\";\nimport { verifyAgentIDToken } from \"./verify.js\";\nimport type { VerifierOptions, AgentIDClaims } from \"./types.js\";\n\nexport type AgentIDMiddlewareOptions = VerifierOptions & {\n /\n Optional callback invoked when an agent is detected but carries no\n * valid token. Return a `NextResponse` to override the default 403.\n /\n onUnauthorizedAgent?: (\n request: NextRequest,\n reason: string\n ) => NextResponse \| void;\n};\n\n/\n Headers injected by this proxy into downstream route handlers.\n * They are stripped from the incoming request first to prevent spoofing.\n /\nconst MANAGED_HEADERS = [\n \"x-agentid-verified\",\n \"x-agentid-sub\",\n \"x-agentid-claims\",\n] as const;\n\n/\n Factory that returns a Next.js proxy function which detects AI-agent\n * traffic and enforces AgentID JWT authentication.\n \n @example\n * ```ts\n * // proxy.ts (project root)\n * import { createAgentIDMiddleware } from '@agent-id/nextjs';\n \n const agentID = createAgentIDMiddleware({\n * blockUnauthorizedAgents: true,\n * });\n \n export function proxy(request: NextRequest) {\n * return agentID(request);\n * }\n \n export const config = { matcher: '/api/:path' };\n ```\n /\nexport function createAgentIDMiddleware(\n options: AgentIDMiddlewareOptions = {}\n) {\n const {\n jwksUrl,\n blockUnauthorizedAgents = true,\n clockTolerance = 30,\n onUnauthorizedAgent,\n } = options;\n\n return async function agentIDMiddleware(\n request: NextRequest\n ): Promise<NextResponse> {\n // Clone incoming headers so we can safely mutate them.\n const requestHeaders = new Headers(request.headers);\n\n // ── Security: strip client-supplied AgentID headers ──────────────────\n // Without this, a malicious agent could send x-agentid-verified: true\n // and bypass the check in route handlers.\n for (const name of MANAGED_HEADERS) {\n requestHeaders.delete(name);\n }\n\n // ── Non-agent traffic ──────────────────────────────────────────────────\n if (!isAgentRequest(requestHeaders)) {\n return NextResponse.next({ request: { headers: requestHeaders } });\n }\n\n // ── Agent detected — require a valid JWT ───────────────────────────────\n const token = extractToken(requestHeaders);\n\n if (!token) {\n return unauthorized(\n request,\n requestHeaders,\n 'Agent request missing AgentID token. Provide \"Authorization: Bearer <token>\".',\n blockUnauthorizedAgents,\n onUnauthorizedAgent\n );\n }\n\n // ── Verify the JWT ─────────────────────────────────────────────────────\n let claims: AgentIDClaims;\n try {\n claims = await verifyAgentIDToken(token, {\n ...(jwksUrl !== undefined && { jwksUrl }),\n clockTolerance,\n });\n } catch (err) {\n // Never surface the raw error to the caller — it might leak internals.\n console.warn(\n \"[agent-id] Token verification failed:\",\n err instanceof Error ? err.message : String(err)\n );\n return unauthorized(\n request,\n requestHeaders,\n \"Invalid or expired AgentID token.\",\n blockUnauthorizedAgents,\n onUnauthorizedAgent\n );\n }\n\n // ── Verified — inject identity into request headers ────────────────────\n // Route handlers read these via getAgentIDResult(request).\n requestHeaders.set(\"x-agentid-verified\", \"true\");\n requestHeaders.set(\"x-agentid-sub\", claims.sub);\n // Full claims encoded as JSON for type-safe extraction by helpers.\n requestHeaders.set(\"x-agentid-claims\", JSON.stringify(claims));\n\n return NextResponse.next({ request: { headers: requestHeaders } });\n };\n}\n\n// ── Internal helper ──────────────────────────────────────────────────────────\n\nfunction unauthorized(\n request: NextRequest,\n requestHeaders: Headers,\n message: string,\n block: boolean,\n onUnauthorized: AgentIDMiddlewareOptions[\"onUnauthorizedAgent\"]\n): NextResponse {\n if (onUnauthorized) {\n const custom = onUnauthorized(request, message);\n if (custom) return custom;\n }\n\n if (block) {\n return NextResponse.json(\n { error: \"AGENT_UNAUTHORIZED\", message },\n { status: 403 }\n );\n }\n\n // Pass through with a \"not verified\" marker so route handlers can still\n // distinguish agent traffic from human traffic.\n requestHeaders.set(\"x-agentid-verified\", \"false\");\n return NextResponse.next({ request: { headers: requestHeaders } });\n}\n","/\n Bot / AI-agent detection for Next.js (Edge Runtime compatible).\n \n Uses layered heuristics:\n * 1. Explicit bot / AI-agent User-Agent strings\n * 2. Cloudflare Bot Management score (if header is present)\n * 3. Absence of browser signals (no Accept-Language + non-browser UA)\n \n The detector is intentionally conservative — when in doubt it lets the\n * request through (fail open). A false negative (undetected bot) means the\n * request passes without a JWT check. A false positive (human flagged as bot)\n * would block legitimate traffic, which is much worse.\n /\n\nconst BOT_UA_PATTERNS: RegExp[] = [\n // OpenAI\n /GPTBot/i,\n /ChatGPT-User/i,\n /OAI-SearchBot/i,\n // Anthropic / Claude\n /ClaudeBot/i,\n /Claude-Web/i,\n /anthropic-ai/i,\n /Claude-User/i,\n // Google\n /Googlebot/i,\n /Google-Extended/i,\n /AdsBot-Google/i,\n // Microsoft / Bing\n /bingbot/i,\n /msnbot/i,\n // AI search engines\n /PerplexityBot/i,\n /YouBot/i,\n // Common HTTP automation libraries\n /python-requests/i,\n /node-fetch/i,\n /\\baxios\\b/i,\n /\\bgot\\b\\//i,\n /\\bundici\\b/i,\n /\\bcurl\\b/i,\n /\\bwget\\b/i,\n /\\bhttpie\\b/i,\n // Generic crawler signals (word-boundary matched to reduce false positives)\n /\\bbot\\b/i,\n /\\bcrawler\\b/i,\n /\\bspider\\b/i,\n /\\bscraper\\b/i,\n /\\bfetcher\\b/i,\n // MCP / AgentID clients\n /mcp-client/i,\n /agentid-client/i,\n];\n\n// Every major browser includes \"Mozilla/5.0\" — its absence is a strong signal\nconst BROWSER_UA_RE = /Mozilla\\/5\\.0/i;\n\n/\n Returns `true` if the request appears to originate from an automated\n * agent or bot rather than a human browser.\n \n @param headers - The `Headers` object from a Next.js `NextRequest`\n /\nexport function isAgentRequest(headers: Headers): boolean {\n const ua = headers.get(\"user-agent\") ?? \"\";\n\n // No User-Agent → definitely automated\n if (!ua) return true;\n\n // Explicit bot / agent UA match\n if (BOT_UA_PATTERNS.some((p) => p.test(ua))) return true;\n\n // Cloudflare Bot Management: the `cf-bot-management` header contains a\n // JSON blob with a `score` field (0–100). Score < 30 → highly likely bot.\n const cfRaw = headers.get(\"cf-bot-management\");\n if (cfRaw) {\n try {\n const parsed = JSON.parse(cfRaw) as { score?: unknown };\n if (typeof parsed.score === \"number\" && parsed.score < 30) return true;\n } catch {\n // Malformed header — fail open (pass through)\n }\n }\n\n // Heuristic: non-browser UA + no Accept-Language → likely automated\n if (!BROWSER_UA_RE.test(ua) && !headers.get(\"accept-language\")) return true;\n\n return false;\n}\n\n/\n Extract the AgentID JWT from request headers.\n \n Checks in order:\n * 1. `Authorization: Bearer <token>` (preferred)\n * 2. `X-AgentID-Token` (fallback when Authorization is stripped by proxies)\n \n @returns The raw JWT string, or `null` if absent.\n /\nexport function extractToken(headers: Headers): string \| null {\n // Primary: standard Authorization header\n const auth = headers.get(\"authorization\") ?? \"\";\n if (auth.startsWith(\"Bearer \")) {\n const token = auth.slice(7).trim();\n if (token) return token;\n }\n\n // Fallback: custom header\n const custom = headers.get(\"x-agentid-token\")?.trim();\n if (custom) return custom;\n\n return null;\n}\n","import { createRemoteJWKSet, jwtVerify } from \"jose\";\nimport type { AgentIDClaims } from \"./types.js\";\n\nconst DEFAULT_JWKS_URL = \"https://agentpass.vercel.app/api/jwks\";\n\n/\n Module-level JWKS cache — one RemoteJWKSet instance per unique URL.\n * jose caches the fetched key material internally; re-fetches when the\n * cache TTL (1 h) expires or a new `kid` is seen.\n /\nconst jwksSets = new Map<string, ReturnType<typeof createRemoteJWKSet>>();\n\nfunction getJwks(rawUrl: string): ReturnType<typeof createRemoteJWKSet> {\n if (!jwksSets.has(rawUrl)) {\n const url = new URL(rawUrl); // throws on malformed URL\n\n // Security: HTTPS is mandatory to prevent MITM on the public-key fetch.\n // Localhost is whitelisted for local development / CI.\n const isLocal =\n url.hostname === \"localhost\" \|\|\n url.hostname === \"127.0.0.1\" \|\|\n url.hostname === \"::1\";\n\n if (url.protocol !== \"https:\" && !isLocal) {\n throw new Error(\n `[agent-id] jwksUrl must use HTTPS, received: ${rawUrl}`\n );\n }\n\n jwksSets.set(\n rawUrl,\n createRemoteJWKSet(url, {\n cacheMaxAge: 60 60 * 1_000, // 1 hour in ms\n })\n );\n }\n\n return jwksSets.get(rawUrl)!;\n}\n\nexport interface VerifyTokenOptions {\n jwksUrl?: string;\n clockTolerance?: number;\n}\n\n/*\n Verify an AgentID JWT and return its decoded claims.\n \n Security guarantees\n * ───────────────────\n * • Signature — RS256, verified against the live JWKS public key.\n * • Algorithm — strict allowlist `['RS256']`; alg:none and HS256 are\n * rejected before signature verification even begins.\n * • Issuer — must be exactly \"agentid\".\n * • Expiry — enforced; configurable clock tolerance (default 30 s).\n * • kid — jose matches the JWT `kid` header to the JWKS automatically.\n * • auth_method — validated at runtime; must equal \"bankid\".\n \n @throws if the token is invalid, expired, or fails any check.\n */\nexport async function verifyAgentIDToken(\n token: string,\n options: VerifyTokenOptions = {}\n): Promise<AgentIDClaims> {\n const jwksUrl = options.jwksUrl ?? DEFAULT_JWKS_URL;\n const JWKS = getJwks(jwksUrl);\n\n const { payload } = await jwtVerify(token, JWKS, {\n issuer: \"agentid\",\n // ↓ Critical — explicit allowlist prevents algorithm-confusion attacks.\n // Any token claiming alg:\"none\", alg:\"HS256\", or anything else is\n // rejected before signature verification.\n algorithms: [\"RS256\"],\n clockTolerance: options.clockTolerance ?? 30,\n });\n\n // Runtime validation of AgentID-specific claims.\n if (payload.auth_method !== \"bankid\") {\n throw new Error(\n `[agent-id] JWT has invalid auth_method: expected \"bankid\", got \"${\n payload.auth_method ?? \"undefined\"\n }\"`\n );\n }\n if (typeof payload.sub !== \"string\" \|\| payload.sub.length === 0) {\n throw new Error(\"[agent-id] JWT is missing the sub claim\");\n }\n\n return payload as unknown as AgentIDClaims;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,oBAA0C;;;ACc1C,IAAM,kBAA4B;AAAA;AAAA,EAEhC;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AACF;AAGA,IAAM,gBAAgB;AAQf,SAAS,eAAe,SAA2B;AACxD,QAAM,KAAK,QAAQ,IAAI,YAAY,KAAK;AAGxC,MAAI,CAAC,GAAI,QAAO;AAGhB,MAAI,gBAAgB,KAAK,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,EAAG,QAAO;AAIpD,QAAM,QAAQ,QAAQ,IAAI,mBAAmB;AAC7C,MAAI,OAAO;AACT,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,KAAK;AAC/B,UAAI,OAAO,OAAO,UAAU,YAAY,OAAO,QAAQ,GAAI,QAAO;AAAA,IACpE,QAAQ;AAAA,IAER;AAAA,EACF;AAGA,MAAI,CAAC,cAAc,KAAK,EAAE,KAAK,CAAC,QAAQ,IAAI,iBAAiB,EAAG,QAAO;AAEvE,SAAO;AACT;AAWO,SAAS,aAAa,SAAiC;AAE5D,QAAM,OAAO,QAAQ,IAAI,eAAe,KAAK;AAC7C,MAAI,KAAK,WAAW,SAAS,GAAG;AAC9B,UAAM,QAAQ,KAAK,MAAM,CAAC,EAAE,KAAK;AACjC,QAAI,MAAO,QAAO;AAAA,EACpB;AAGA,QAAM,SAAS,QAAQ,IAAI,iBAAiB,GAAG,KAAK;AACpD,MAAI,OAAQ,QAAO;AAEnB,SAAO;AACT;;;AChHA,kBAA8C;AAG9C,IAAM,mBAAmB;AAOzB,IAAM,WAAW,oBAAI,IAAmD;AAExE,SAAS,QAAQ,QAAuD;AACtE,MAAI,CAAC,SAAS,IAAI,MAAM,GAAG;AACzB,UAAM,MAAM,IAAI,IAAI,MAAM;AAI1B,UAAM,UACJ,IAAI,aAAa,eACjB,IAAI,aAAa,eACjB,IAAI,aAAa;AAEnB,QAAI,IAAI,aAAa,YAAY,CAAC,SAAS;AACzC,YAAM,IAAI;AAAA,QACR,gDAAgD,MAAM;AAAA,MACxD;AAAA,IACF;AAEA,aAAS;AAAA,MACP;AAAA,UACA,gCAAmB,KAAK;AAAA,QACtB,aAAa,KAAK,KAAK;AAAA;AAAA,MACzB,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO,SAAS,IAAI,MAAM;AAC5B;AAsBA,eAAsB,mBACpB,OACA,UAA8B,CAAC,GACP;AACxB,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,OAAO,QAAQ,OAAO;AAE5B,QAAM,EAAE,QAAQ,IAAI,UAAM,uBAAU,OAAO,MAAM;AAAA,IAC/C,QAAQ;AAAA;AAAA;AAAA;AAAA,IAIR,YAAY,CAAC,OAAO;AAAA,IACpB,gBAAgB,QAAQ,kBAAkB;AAAA,EAC5C,CAAC;AAGD,MAAI,QAAQ,gBAAgB,UAAU;AACpC,UAAM,IAAI;AAAA,MACR,mEACE,QAAQ,eAAe,WACzB;AAAA,IACF;AAAA,EACF;AACA,MAAI,OAAO,QAAQ,QAAQ,YAAY,QAAQ,IAAI,WAAW,GAAG;AAC/D,UAAM,IAAI,MAAM,yCAAyC;AAAA,EAC3D;AAEA,SAAO;AACT;;;AFrEA,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AACF;AAsBO,SAAS,wBACd,UAAoC,CAAC,GACrC;AACA,QAAM;AAAA,IACJ;AAAA,IACA,0BAA0B;AAAA,IAC1B,iBAAiB;AAAA,IACjB;AAAA,EACF,IAAI;AAEJ,SAAO,eAAe,kBACpB,SACuB;AAEvB,UAAM,iBAAiB,IAAI,QAAQ,QAAQ,OAAO;AAKlD,eAAW,QAAQ,iBAAiB;AAClC,qBAAe,OAAO,IAAI;AAAA,IAC5B;AAGA,QAAI,CAAC,eAAe,cAAc,GAAG;AACnC,aAAO,2BAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AAAA,IACnE;AAGA,UAAM,QAAQ,aAAa,cAAc;AAEzC,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAGA,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,mBAAmB,OAAO;AAAA,QACvC,GAAI,YAAY,UAAa,EAAE,QAAQ;AAAA,QACvC;AAAA,MACF,CAAC;AAAA,IACH,SAAS,KAAK;AAEZ,cAAQ;AAAA,QACN;AAAA,QACA,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,MACjD;AACA,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAIA,mBAAe,IAAI,sBAAsB,MAAM;AAC/C,mBAAe,IAAI,iBAAiB,OAAO,GAAG;AAE9C,mBAAe,IAAI,oBAAoB,KAAK,UAAU,MAAM,CAAC;AAE7D,WAAO,2BAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AAAA,EACnE;AACF;AAIA,SAAS,aACP,SACA,gBACA,SACA,OACA,gBACc;AACd,MAAI,gBAAgB;AAClB,UAAM,SAAS,eAAe,SAAS,OAAO;AAC9C,QAAI,OAAQ,QAAO;AAAA,EACrB;AAEA,MAAI,OAAO;AACT,WAAO,2BAAa;AAAA,MAClB,EAAE,OAAO,sBAAsB,QAAQ;AAAA,MACvC,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAIA,iBAAe,IAAI,sBAAsB,OAAO;AAChD,SAAO,2BAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AACnE;;;ADxGO,SAAS,iBAAiB,SAAqC;AACpE,QAAM,WAAW,QAAQ,QAAQ,IAAI,oBAAoB;AAEzD,MAAI,aAAa,QAAQ;AACvB,WAAO;AAAA,MACL,UAAU;AAAA,MACV,QAAQ,aAAa,UAAU,aAAa;AAAA,IAC9C;AAAA,EACF;AAEA,QAAM,aAAa,QAAQ,QAAQ,IAAI,kBAAkB;AACzD,MAAI,CAAC,YAAY;AACf,WAAO,EAAE,UAAU,OAAO,QAAQ,gBAAgB;AAAA,EACpD;AAEA,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,UAAU;AACpC,WAAO,EAAE,UAAU,MAAM,OAAO;AAAA,EAClC,QAAQ;AACN,WAAO,EAAE,UAAU,OAAO,QAAQ,gBAAgB;AAAA,EACpD;AACF;","names":[]}

package/dist/index.mjs CHANGED Viewed

@@ -11,6 +11,7 @@ var BOT_UA_PATTERNS = [
   /ClaudeBot/i,
   /Claude-Web/i,
   /anthropic-ai/i,
+  /Claude-User/i,
   // Google
   /Googlebot/i,
   /Google-Extended/i,
@@ -36,9 +37,9 @@ var BOT_UA_PATTERNS = [
   /\bspider\b/i,
   /\bscraper\b/i,
   /\bfetcher\b/i,
-  // MCP / AgentPass clients
+  // MCP / AgentID clients
   /mcp-client/i,
-  /agentpass-client/i
+  /agentid-client/i
 ];
 var BROWSER_UA_RE = /Mozilla\/5\.0/i;
 function isAgentRequest(headers) {
@@ -62,7 +63,7 @@ function extractToken(headers) {
     const token = auth.slice(7).trim();
     if (token) return token;
   }
-  const custom = headers.get("x-agentpass-token")?.trim();
+  const custom = headers.get("x-agentid-token")?.trim();
   if (custom) return custom;
   return null;
 }
@@ -90,11 +91,11 @@ function getJwks(rawUrl) {
   }
   return jwksSets.get(rawUrl);
 }
-async function verifyAgentPassToken(token, options = {}) {
+async function verifyAgentIDToken(token, options = {}) {
   const jwksUrl = options.jwksUrl ?? DEFAULT_JWKS_URL;
   const JWKS = getJwks(jwksUrl);
   const { payload } = await jwtVerify(token, JWKS, {
-    issuer: "agentpass",
+    issuer: "agentid",
     // ↓ Critical — explicit allowlist prevents algorithm-confusion attacks.
     //   Any token claiming alg:"none", alg:"HS256", or anything else is
     //   rejected before signature verification.
@@ -114,18 +115,18 @@ async function verifyAgentPassToken(token, options = {}) {
 // src/middleware.ts
 var MANAGED_HEADERS = [
-  "x-agentpass-verified",
-  "x-agentpass-sub",
-  "x-agentpass-claims"
+  "x-agentid-verified",
+  "x-agentid-sub",
+  "x-agentid-claims"
 ];
-function createAgentPassMiddleware(options = {}) {
+function createAgentIDMiddleware(options = {}) {
   const {
     jwksUrl,
     blockUnauthorizedAgents = true,
     clockTolerance = 30,
     onUnauthorizedAgent
   } = options;
-  return async function agentPassMiddleware(request) {
+  return async function agentIDMiddleware(request) {
     const requestHeaders = new Headers(request.headers);
     for (const name of MANAGED_HEADERS) {
       requestHeaders.delete(name);
@@ -138,14 +139,14 @@ function createAgentPassMiddleware(options = {}) {
       return unauthorized(
         request,
         requestHeaders,
-        'Agent request missing AgentPass token. Provide "Authorization: Bearer <token>".',
+        'Agent request missing AgentID token. Provide "Authorization: Bearer <token>".',
         blockUnauthorizedAgents,
         onUnauthorizedAgent
       );
     }
     let claims;
     try {
-      claims = await verifyAgentPassToken(token, {
+      claims = await verifyAgentIDToken(token, {
         ...jwksUrl !== void 0 && { jwksUrl },
         clockTolerance
       });
@@ -157,14 +158,14 @@ function createAgentPassMiddleware(options = {}) {
       return unauthorized(
         request,
         requestHeaders,
-        "Invalid or expired AgentPass token.",
+        "Invalid or expired AgentID token.",
         blockUnauthorizedAgents,
         onUnauthorizedAgent
       );
     }
-    requestHeaders.set("x-agentpass-verified", "true");
-    requestHeaders.set("x-agentpass-sub", claims.sub);
-    requestHeaders.set("x-agentpass-claims", JSON.stringify(claims));
+    requestHeaders.set("x-agentid-verified", "true");
+    requestHeaders.set("x-agentid-sub", claims.sub);
+    requestHeaders.set("x-agentid-claims", JSON.stringify(claims));
     return NextResponse.next({ request: { headers: requestHeaders } });
   };
 }
@@ -179,20 +180,20 @@ function unauthorized(request, requestHeaders, message, block, onUnauthorized) {
       { status: 403 }
     );
   }
-  requestHeaders.set("x-agentpass-verified", "false");
+  requestHeaders.set("x-agentid-verified", "false");
   return NextResponse.next({ request: { headers: requestHeaders } });
 }
 // src/index.ts
-function getAgentPassResult(request) {
-  const verified = request.headers.get("x-agentpass-verified");
+function getAgentIDResult(request) {
+  const verified = request.headers.get("x-agentid-verified");
   if (verified !== "true") {
     return {
       verified: false,
       reason: verified === "false" ? "no_token" : "not_agent"
     };
   }
-  const claimsJson = request.headers.get("x-agentpass-claims");
+  const claimsJson = request.headers.get("x-agentid-claims");
   if (!claimsJson) {
     return { verified: false, reason: "invalid_token" };
   }
@@ -204,10 +205,10 @@ function getAgentPassResult(request) {
   }
 }
 export {
-  createAgentPassMiddleware,
+  createAgentIDMiddleware,
   extractToken,
-  getAgentPassResult,
+  getAgentIDResult,
   isAgentRequest,
-  verifyAgentPassToken
+  verifyAgentIDToken
 };
 //# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/middleware.ts","../src/detect.ts","../src/verify.ts","../src/index.ts"],"sourcesContent":["import { NextRequest, NextResponse } from \"next/server\";\nimport { isAgentRequest, extractToken } from \"./detect.js\";\nimport { verifyAgentPassToken } from \"./verify.js\";\nimport type { VerifierOptions, AgentPassClaims } from \"./types.js\";\n\nexport type AgentPassMiddlewareOptions = VerifierOptions & {\n /*\n Optional callback invoked when an agent is detected but carries no\n * valid token. Return a `NextResponse` to override the default 403.\n /\n onUnauthorizedAgent?: (\n request: NextRequest,\n reason: string\n ) => NextResponse \| void;\n};\n\n/\n Headers injected by this middleware into downstream route handlers.\n * They are stripped from the incoming request first to prevent spoofing.\n /\nconst MANAGED_HEADERS = [\n \"x-agentpass-verified\",\n \"x-agentpass-sub\",\n \"x-agentpass-claims\",\n] as const;\n\n/\n Factory that returns a Next.js middleware function which detects AI-agent\n * traffic and enforces AgentPass JWT authentication.\n \n @example\n * ```ts\n * // middleware.ts (project root)\n * import { createAgentPassMiddleware } from '@agent-id/nextjs';\n \n const agentPass = createAgentPassMiddleware({\n * blockUnauthorizedAgents: true,\n * });\n \n export function middleware(request: NextRequest) {\n * return agentPass(request);\n * }\n \n export const config = { matcher: '/api/:path' };\n ```\n /\nexport function createAgentPassMiddleware(\n options: AgentPassMiddlewareOptions = {}\n) {\n const {\n jwksUrl,\n blockUnauthorizedAgents = true,\n clockTolerance = 30,\n onUnauthorizedAgent,\n } = options;\n\n return async function agentPassMiddleware(\n request: NextRequest\n ): Promise<NextResponse> {\n // Clone incoming headers so we can safely mutate them.\n const requestHeaders = new Headers(request.headers);\n\n // ── Security: strip client-supplied AgentPass headers ──────────────────\n // Without this, a malicious agent could send x-agentpass-verified: true\n // and bypass the check in route handlers.\n for (const name of MANAGED_HEADERS) {\n requestHeaders.delete(name);\n }\n\n // ── Non-agent traffic ──────────────────────────────────────────────────\n if (!isAgentRequest(requestHeaders)) {\n return NextResponse.next({ request: { headers: requestHeaders } });\n }\n\n // ── Agent detected — require a valid JWT ───────────────────────────────\n const token = extractToken(requestHeaders);\n\n if (!token) {\n return unauthorized(\n request,\n requestHeaders,\n 'Agent request missing AgentPass token. Provide \"Authorization: Bearer <token>\".',\n blockUnauthorizedAgents,\n onUnauthorizedAgent\n );\n }\n\n // ── Verify the JWT ─────────────────────────────────────────────────────\n let claims: AgentPassClaims;\n try {\n claims = await verifyAgentPassToken(token, {\n ...(jwksUrl !== undefined && { jwksUrl }),\n clockTolerance,\n });\n } catch (err) {\n // Never surface the raw error to the caller — it might leak internals.\n console.warn(\n \"[agent-id] Token verification failed:\",\n err instanceof Error ? err.message : String(err)\n );\n return unauthorized(\n request,\n requestHeaders,\n \"Invalid or expired AgentPass token.\",\n blockUnauthorizedAgents,\n onUnauthorizedAgent\n );\n }\n\n // ── Verified — inject identity into request headers ────────────────────\n // Route handlers read these via getAgentPassResult(request).\n requestHeaders.set(\"x-agentpass-verified\", \"true\");\n requestHeaders.set(\"x-agentpass-sub\", claims.sub);\n // Full claims encoded as JSON for type-safe extraction by helpers.\n requestHeaders.set(\"x-agentpass-claims\", JSON.stringify(claims));\n\n return NextResponse.next({ request: { headers: requestHeaders } });\n };\n}\n\n// ── Internal helper ──────────────────────────────────────────────────────────\n\nfunction unauthorized(\n request: NextRequest,\n requestHeaders: Headers,\n message: string,\n block: boolean,\n onUnauthorized: AgentPassMiddlewareOptions[\"onUnauthorizedAgent\"]\n): NextResponse {\n if (onUnauthorized) {\n const custom = onUnauthorized(request, message);\n if (custom) return custom;\n }\n\n if (block) {\n return NextResponse.json(\n { error: \"AGENT_UNAUTHORIZED\", message },\n { status: 403 }\n );\n }\n\n // Pass through with a \"not verified\" marker so route handlers can still\n // distinguish agent traffic from human traffic.\n requestHeaders.set(\"x-agentpass-verified\", \"false\");\n return NextResponse.next({ request: { headers: requestHeaders } });\n}\n","/\n Bot / AI-agent detection for Next.js (Edge Runtime compatible).\n \n Uses layered heuristics:\n * 1. Explicit bot / AI-agent User-Agent strings\n * 2. Cloudflare Bot Management score (if header is present)\n * 3. Absence of browser signals (no Accept-Language + non-browser UA)\n \n The detector is intentionally conservative — when in doubt it lets the\n * request through (fail open). A false negative (undetected bot) means the\n * request passes without a JWT check. A false positive (human flagged as bot)\n * would block legitimate traffic, which is much worse.\n /\n\nconst BOT_UA_PATTERNS: RegExp[] = [\n // OpenAI\n /GPTBot/i,\n /ChatGPT-User/i,\n /OAI-SearchBot/i,\n // Anthropic / Claude\n /ClaudeBot/i,\n /Claude-Web/i,\n /anthropic-ai/i,\n // Google\n /Googlebot/i,\n /Google-Extended/i,\n /AdsBot-Google/i,\n // Microsoft / Bing\n /bingbot/i,\n /msnbot/i,\n // AI search engines\n /PerplexityBot/i,\n /YouBot/i,\n // Common HTTP automation libraries\n /python-requests/i,\n /node-fetch/i,\n /\\baxios\\b/i,\n /\\bgot\\b\\//i,\n /\\bundici\\b/i,\n /\\bcurl\\b/i,\n /\\bwget\\b/i,\n /\\bhttpie\\b/i,\n // Generic crawler signals (word-boundary matched to reduce false positives)\n /\\bbot\\b/i,\n /\\bcrawler\\b/i,\n /\\bspider\\b/i,\n /\\bscraper\\b/i,\n /\\bfetcher\\b/i,\n // MCP / AgentPass clients\n /mcp-client/i,\n /agentpass-client/i,\n];\n\n// Every major browser includes \"Mozilla/5.0\" — its absence is a strong signal\nconst BROWSER_UA_RE = /Mozilla\\/5\\.0/i;\n\n/\n Returns `true` if the request appears to originate from an automated\n * agent or bot rather than a human browser.\n \n @param headers - The `Headers` object from a Next.js `NextRequest`\n /\nexport function isAgentRequest(headers: Headers): boolean {\n const ua = headers.get(\"user-agent\") ?? \"\";\n\n // No User-Agent → definitely automated\n if (!ua) return true;\n\n // Explicit bot / agent UA match\n if (BOT_UA_PATTERNS.some((p) => p.test(ua))) return true;\n\n // Cloudflare Bot Management: the `cf-bot-management` header contains a\n // JSON blob with a `score` field (0–100). Score < 30 → highly likely bot.\n const cfRaw = headers.get(\"cf-bot-management\");\n if (cfRaw) {\n try {\n const parsed = JSON.parse(cfRaw) as { score?: unknown };\n if (typeof parsed.score === \"number\" && parsed.score < 30) return true;\n } catch {\n // Malformed header — fail open (pass through)\n }\n }\n\n // Heuristic: non-browser UA + no Accept-Language → likely automated\n if (!BROWSER_UA_RE.test(ua) && !headers.get(\"accept-language\")) return true;\n\n return false;\n}\n\n/\n Extract the AgentPass JWT from request headers.\n \n Checks in order:\n * 1. `Authorization: Bearer <token>` (preferred)\n * 2. `X-AgentPass-Token` (fallback when Authorization is stripped by proxies)\n \n @returns The raw JWT string, or `null` if absent.\n /\nexport function extractToken(headers: Headers): string \| null {\n // Primary: standard Authorization header\n const auth = headers.get(\"authorization\") ?? \"\";\n if (auth.startsWith(\"Bearer \")) {\n const token = auth.slice(7).trim();\n if (token) return token;\n }\n\n // Fallback: custom header\n const custom = headers.get(\"x-agentpass-token\")?.trim();\n if (custom) return custom;\n\n return null;\n}\n","import { createRemoteJWKSet, jwtVerify } from \"jose\";\nimport type { AgentPassClaims } from \"./types.js\";\n\nconst DEFAULT_JWKS_URL = \"https://agentpass.vercel.app/api/jwks\";\n\n/\n Module-level JWKS cache — one RemoteJWKSet instance per unique URL.\n * jose caches the fetched key material internally; re-fetches when the\n * cache TTL (1 h) expires or a new `kid` is seen.\n /\nconst jwksSets = new Map<string, ReturnType<typeof createRemoteJWKSet>>();\n\nfunction getJwks(rawUrl: string): ReturnType<typeof createRemoteJWKSet> {\n if (!jwksSets.has(rawUrl)) {\n const url = new URL(rawUrl); // throws on malformed URL\n\n // Security: HTTPS is mandatory to prevent MITM on the public-key fetch.\n // Localhost is whitelisted for local development / CI.\n const isLocal =\n url.hostname === \"localhost\" \|\|\n url.hostname === \"127.0.0.1\" \|\|\n url.hostname === \"::1\";\n\n if (url.protocol !== \"https:\" && !isLocal) {\n throw new Error(\n `[agent-id] jwksUrl must use HTTPS, received: ${rawUrl}`\n );\n }\n\n jwksSets.set(\n rawUrl,\n createRemoteJWKSet(url, {\n cacheMaxAge: 60 60 * 1_000, // 1 hour in ms\n })\n );\n }\n\n return jwksSets.get(rawUrl)!;\n}\n\nexport interface VerifyTokenOptions {\n jwksUrl?: string;\n clockTolerance?: number;\n}\n\n/*\n Verify an AgentPass JWT and return its decoded claims.\n \n Security guarantees\n * ───────────────────\n * • Signature — RS256, verified against the live JWKS public key.\n * • Algorithm — strict allowlist `['RS256']`; alg:none and HS256 are\n * rejected before signature verification even begins.\n * • Issuer — must be exactly \"agentpass\".\n * • Expiry — enforced; configurable clock tolerance (default 30 s).\n * • kid — jose matches the JWT `kid` header to the JWKS automatically.\n * • auth_method — validated at runtime; must equal \"bankid\".\n \n @throws if the token is invalid, expired, or fails any check.\n /\nexport async function verifyAgentPassToken(\n token: string,\n options: VerifyTokenOptions = {}\n): Promise<AgentPassClaims> {\n const jwksUrl = options.jwksUrl ?? DEFAULT_JWKS_URL;\n const JWKS = getJwks(jwksUrl);\n\n const { payload } = await jwtVerify(token, JWKS, {\n issuer: \"agentpass\",\n // ↓ Critical — explicit allowlist prevents algorithm-confusion attacks.\n // Any token claiming alg:\"none\", alg:\"HS256\", or anything else is\n // rejected before signature verification.\n algorithms: [\"RS256\"],\n clockTolerance: options.clockTolerance ?? 30,\n });\n\n // Runtime validation of AgentPass-specific claims.\n if (payload.auth_method !== \"bankid\") {\n throw new Error(\n `[agent-id] JWT has invalid auth_method: expected \"bankid\", got \"${\n payload.auth_method ?? \"undefined\"\n }\"`\n );\n }\n if (typeof payload.sub !== \"string\" \|\| payload.sub.length === 0) {\n throw new Error(\"[agent-id] JWT is missing the sub claim\");\n }\n\n return payload as unknown as AgentPassClaims;\n}\n","export { createAgentPassMiddleware } from \"./middleware.js\";\nexport type { AgentPassMiddlewareOptions } from \"./middleware.js\";\n\nexport { verifyAgentPassToken } from \"./verify.js\";\nexport type { VerifyTokenOptions } from \"./verify.js\";\n\nexport { isAgentRequest, extractToken } from \"./detect.js\";\n\nexport type {\n AgentPassClaims,\n AgentPassResult,\n AgentPassVerified,\n AgentPassUnverified,\n VerifierOptions,\n} from \"./types.js\";\n\n// ── App Router helper ────────────────────────────────────────────────────────\n\nimport type { NextRequest } from \"next/server\";\nimport type { AgentPassResult, AgentPassClaims } from \"./types.js\";\n\n/\n Extract the verified AgentPass identity from a Next.js App Router request.\n \n This function reads the headers set by `createAgentPassMiddleware`. It must\n * only be called from route handlers that sit behind the middleware.\n \n @example\n * ```ts\n * // app/api/data/route.ts\n * import { getAgentPassResult } from '@agent-id/nextjs';\n \n export async function GET(request: NextRequest) {\n * const agentPass = getAgentPassResult(request);\n * if (!agentPass.verified) {\n * return Response.json({ error: 'Unauthorized' }, { status: 403 });\n * }\n * return Response.json({ sub: agentPass.claims.sub });\n * }\n * ```\n */\nexport function getAgentPassResult(request: NextRequest): AgentPassResult {\n const verified = request.headers.get(\"x-agentpass-verified\");\n\n if (verified !== \"true\") {\n return {\n verified: false,\n reason: verified === \"false\" ? \"no_token\" : \"not_agent\",\n };\n }\n\n const claimsJson = request.headers.get(\"x-agentpass-claims\");\n if (!claimsJson) {\n return { verified: false, reason: \"invalid_token\" };\n }\n\n try {\n const claims = JSON.parse(claimsJson) as AgentPassClaims;\n return { verified: true, claims };\n } catch {\n return { verified: false, reason: \"invalid_token\" };\n }\n}\n"],"mappings":";AAAA,SAAsB,oBAAoB;;;ACc1C,IAAM,kBAA4B;AAAA;AAAA,EAEhC;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AACF;AAGA,IAAM,gBAAgB;AAQf,SAAS,eAAe,SAA2B;AACxD,QAAM,KAAK,QAAQ,IAAI,YAAY,KAAK;AAGxC,MAAI,CAAC,GAAI,QAAO;AAGhB,MAAI,gBAAgB,KAAK,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,EAAG,QAAO;AAIpD,QAAM,QAAQ,QAAQ,IAAI,mBAAmB;AAC7C,MAAI,OAAO;AACT,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,KAAK;AAC/B,UAAI,OAAO,OAAO,UAAU,YAAY,OAAO,QAAQ,GAAI,QAAO;AAAA,IACpE,QAAQ;AAAA,IAER;AAAA,EACF;AAGA,MAAI,CAAC,cAAc,KAAK,EAAE,KAAK,CAAC,QAAQ,IAAI,iBAAiB,EAAG,QAAO;AAEvE,SAAO;AACT;AAWO,SAAS,aAAa,SAAiC;AAE5D,QAAM,OAAO,QAAQ,IAAI,eAAe,KAAK;AAC7C,MAAI,KAAK,WAAW,SAAS,GAAG;AAC9B,UAAM,QAAQ,KAAK,MAAM,CAAC,EAAE,KAAK;AACjC,QAAI,MAAO,QAAO;AAAA,EACpB;AAGA,QAAM,SAAS,QAAQ,IAAI,mBAAmB,GAAG,KAAK;AACtD,MAAI,OAAQ,QAAO;AAEnB,SAAO;AACT;;;AC/GA,SAAS,oBAAoB,iBAAiB;AAG9C,IAAM,mBAAmB;AAOzB,IAAM,WAAW,oBAAI,IAAmD;AAExE,SAAS,QAAQ,QAAuD;AACtE,MAAI,CAAC,SAAS,IAAI,MAAM,GAAG;AACzB,UAAM,MAAM,IAAI,IAAI,MAAM;AAI1B,UAAM,UACJ,IAAI,aAAa,eACjB,IAAI,aAAa,eACjB,IAAI,aAAa;AAEnB,QAAI,IAAI,aAAa,YAAY,CAAC,SAAS;AACzC,YAAM,IAAI;AAAA,QACR,gDAAgD,MAAM;AAAA,MACxD;AAAA,IACF;AAEA,aAAS;AAAA,MACP;AAAA,MACA,mBAAmB,KAAK;AAAA,QACtB,aAAa,KAAK,KAAK;AAAA;AAAA,MACzB,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO,SAAS,IAAI,MAAM;AAC5B;AAsBA,eAAsB,qBACpB,OACA,UAA8B,CAAC,GACL;AAC1B,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,OAAO,QAAQ,OAAO;AAE5B,QAAM,EAAE,QAAQ,IAAI,MAAM,UAAU,OAAO,MAAM;AAAA,IAC/C,QAAQ;AAAA;AAAA;AAAA;AAAA,IAIR,YAAY,CAAC,OAAO;AAAA,IACpB,gBAAgB,QAAQ,kBAAkB;AAAA,EAC5C,CAAC;AAGD,MAAI,QAAQ,gBAAgB,UAAU;AACpC,UAAM,IAAI;AAAA,MACR,mEACE,QAAQ,eAAe,WACzB;AAAA,IACF;AAAA,EACF;AACA,MAAI,OAAO,QAAQ,QAAQ,YAAY,QAAQ,IAAI,WAAW,GAAG;AAC/D,UAAM,IAAI,MAAM,yCAAyC;AAAA,EAC3D;AAEA,SAAO;AACT;;;AFrEA,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AACF;AAsBO,SAAS,0BACd,UAAsC,CAAC,GACvC;AACA,QAAM;AAAA,IACJ;AAAA,IACA,0BAA0B;AAAA,IAC1B,iBAAiB;AAAA,IACjB;AAAA,EACF,IAAI;AAEJ,SAAO,eAAe,oBACpB,SACuB;AAEvB,UAAM,iBAAiB,IAAI,QAAQ,QAAQ,OAAO;AAKlD,eAAW,QAAQ,iBAAiB;AAClC,qBAAe,OAAO,IAAI;AAAA,IAC5B;AAGA,QAAI,CAAC,eAAe,cAAc,GAAG;AACnC,aAAO,aAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AAAA,IACnE;AAGA,UAAM,QAAQ,aAAa,cAAc;AAEzC,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAGA,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,qBAAqB,OAAO;AAAA,QACzC,GAAI,YAAY,UAAa,EAAE,QAAQ;AAAA,QACvC;AAAA,MACF,CAAC;AAAA,IACH,SAAS,KAAK;AAEZ,cAAQ;AAAA,QACN;AAAA,QACA,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,MACjD;AACA,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAIA,mBAAe,IAAI,wBAAwB,MAAM;AACjD,mBAAe,IAAI,mBAAmB,OAAO,GAAG;AAEhD,mBAAe,IAAI,sBAAsB,KAAK,UAAU,MAAM,CAAC;AAE/D,WAAO,aAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AAAA,EACnE;AACF;AAIA,SAAS,aACP,SACA,gBACA,SACA,OACA,gBACc;AACd,MAAI,gBAAgB;AAClB,UAAM,SAAS,eAAe,SAAS,OAAO;AAC9C,QAAI,OAAQ,QAAO;AAAA,EACrB;AAEA,MAAI,OAAO;AACT,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,sBAAsB,QAAQ;AAAA,MACvC,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAIA,iBAAe,IAAI,wBAAwB,OAAO;AAClD,SAAO,aAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AACnE;;;AGxGO,SAAS,mBAAmB,SAAuC;AACxE,QAAM,WAAW,QAAQ,QAAQ,IAAI,sBAAsB;AAE3D,MAAI,aAAa,QAAQ;AACvB,WAAO;AAAA,MACL,UAAU;AAAA,MACV,QAAQ,aAAa,UAAU,aAAa;AAAA,IAC9C;AAAA,EACF;AAEA,QAAM,aAAa,QAAQ,QAAQ,IAAI,oBAAoB;AAC3D,MAAI,CAAC,YAAY;AACf,WAAO,EAAE,UAAU,OAAO,QAAQ,gBAAgB;AAAA,EACpD;AAEA,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,UAAU;AACpC,WAAO,EAAE,UAAU,MAAM,OAAO;AAAA,EAClC,QAAQ;AACN,WAAO,EAAE,UAAU,OAAO,QAAQ,gBAAgB;AAAA,EACpD;AACF;","names":[]}
1	+ {"version":3,"sources":["../src/middleware.ts","../src/detect.ts","../src/verify.ts","../src/index.ts"],"sourcesContent":["import { NextRequest, NextResponse } from \"next/server\";\nimport { isAgentRequest, extractToken } from \"./detect.js\";\nimport { verifyAgentIDToken } from \"./verify.js\";\nimport type { VerifierOptions, AgentIDClaims } from \"./types.js\";\n\nexport type AgentIDMiddlewareOptions = VerifierOptions & {\n /*\n Optional callback invoked when an agent is detected but carries no\n * valid token. Return a `NextResponse` to override the default 403.\n /\n onUnauthorizedAgent?: (\n request: NextRequest,\n reason: string\n ) => NextResponse \| void;\n};\n\n/\n Headers injected by this proxy into downstream route handlers.\n * They are stripped from the incoming request first to prevent spoofing.\n /\nconst MANAGED_HEADERS = [\n \"x-agentid-verified\",\n \"x-agentid-sub\",\n \"x-agentid-claims\",\n] as const;\n\n/\n Factory that returns a Next.js proxy function which detects AI-agent\n * traffic and enforces AgentID JWT authentication.\n \n @example\n * ```ts\n * // proxy.ts (project root)\n * import { createAgentIDMiddleware } from '@agent-id/nextjs';\n \n const agentID = createAgentIDMiddleware({\n * blockUnauthorizedAgents: true,\n * });\n \n export function proxy(request: NextRequest) {\n * return agentID(request);\n * }\n \n export const config = { matcher: '/api/:path' };\n ```\n /\nexport function createAgentIDMiddleware(\n options: AgentIDMiddlewareOptions = {}\n) {\n const {\n jwksUrl,\n blockUnauthorizedAgents = true,\n clockTolerance = 30,\n onUnauthorizedAgent,\n } = options;\n\n return async function agentIDMiddleware(\n request: NextRequest\n ): Promise<NextResponse> {\n // Clone incoming headers so we can safely mutate them.\n const requestHeaders = new Headers(request.headers);\n\n // ── Security: strip client-supplied AgentID headers ──────────────────\n // Without this, a malicious agent could send x-agentid-verified: true\n // and bypass the check in route handlers.\n for (const name of MANAGED_HEADERS) {\n requestHeaders.delete(name);\n }\n\n // ── Non-agent traffic ──────────────────────────────────────────────────\n if (!isAgentRequest(requestHeaders)) {\n return NextResponse.next({ request: { headers: requestHeaders } });\n }\n\n // ── Agent detected — require a valid JWT ───────────────────────────────\n const token = extractToken(requestHeaders);\n\n if (!token) {\n return unauthorized(\n request,\n requestHeaders,\n 'Agent request missing AgentID token. Provide \"Authorization: Bearer <token>\".',\n blockUnauthorizedAgents,\n onUnauthorizedAgent\n );\n }\n\n // ── Verify the JWT ─────────────────────────────────────────────────────\n let claims: AgentIDClaims;\n try {\n claims = await verifyAgentIDToken(token, {\n ...(jwksUrl !== undefined && { jwksUrl }),\n clockTolerance,\n });\n } catch (err) {\n // Never surface the raw error to the caller — it might leak internals.\n console.warn(\n \"[agent-id] Token verification failed:\",\n err instanceof Error ? err.message : String(err)\n );\n return unauthorized(\n request,\n requestHeaders,\n \"Invalid or expired AgentID token.\",\n blockUnauthorizedAgents,\n onUnauthorizedAgent\n );\n }\n\n // ── Verified — inject identity into request headers ────────────────────\n // Route handlers read these via getAgentIDResult(request).\n requestHeaders.set(\"x-agentid-verified\", \"true\");\n requestHeaders.set(\"x-agentid-sub\", claims.sub);\n // Full claims encoded as JSON for type-safe extraction by helpers.\n requestHeaders.set(\"x-agentid-claims\", JSON.stringify(claims));\n\n return NextResponse.next({ request: { headers: requestHeaders } });\n };\n}\n\n// ── Internal helper ──────────────────────────────────────────────────────────\n\nfunction unauthorized(\n request: NextRequest,\n requestHeaders: Headers,\n message: string,\n block: boolean,\n onUnauthorized: AgentIDMiddlewareOptions[\"onUnauthorizedAgent\"]\n): NextResponse {\n if (onUnauthorized) {\n const custom = onUnauthorized(request, message);\n if (custom) return custom;\n }\n\n if (block) {\n return NextResponse.json(\n { error: \"AGENT_UNAUTHORIZED\", message },\n { status: 403 }\n );\n }\n\n // Pass through with a \"not verified\" marker so route handlers can still\n // distinguish agent traffic from human traffic.\n requestHeaders.set(\"x-agentid-verified\", \"false\");\n return NextResponse.next({ request: { headers: requestHeaders } });\n}\n","/\n Bot / AI-agent detection for Next.js (Edge Runtime compatible).\n \n Uses layered heuristics:\n * 1. Explicit bot / AI-agent User-Agent strings\n * 2. Cloudflare Bot Management score (if header is present)\n * 3. Absence of browser signals (no Accept-Language + non-browser UA)\n \n The detector is intentionally conservative — when in doubt it lets the\n * request through (fail open). A false negative (undetected bot) means the\n * request passes without a JWT check. A false positive (human flagged as bot)\n * would block legitimate traffic, which is much worse.\n /\n\nconst BOT_UA_PATTERNS: RegExp[] = [\n // OpenAI\n /GPTBot/i,\n /ChatGPT-User/i,\n /OAI-SearchBot/i,\n // Anthropic / Claude\n /ClaudeBot/i,\n /Claude-Web/i,\n /anthropic-ai/i,\n /Claude-User/i,\n // Google\n /Googlebot/i,\n /Google-Extended/i,\n /AdsBot-Google/i,\n // Microsoft / Bing\n /bingbot/i,\n /msnbot/i,\n // AI search engines\n /PerplexityBot/i,\n /YouBot/i,\n // Common HTTP automation libraries\n /python-requests/i,\n /node-fetch/i,\n /\\baxios\\b/i,\n /\\bgot\\b\\//i,\n /\\bundici\\b/i,\n /\\bcurl\\b/i,\n /\\bwget\\b/i,\n /\\bhttpie\\b/i,\n // Generic crawler signals (word-boundary matched to reduce false positives)\n /\\bbot\\b/i,\n /\\bcrawler\\b/i,\n /\\bspider\\b/i,\n /\\bscraper\\b/i,\n /\\bfetcher\\b/i,\n // MCP / AgentID clients\n /mcp-client/i,\n /agentid-client/i,\n];\n\n// Every major browser includes \"Mozilla/5.0\" — its absence is a strong signal\nconst BROWSER_UA_RE = /Mozilla\\/5\\.0/i;\n\n/\n Returns `true` if the request appears to originate from an automated\n * agent or bot rather than a human browser.\n \n @param headers - The `Headers` object from a Next.js `NextRequest`\n /\nexport function isAgentRequest(headers: Headers): boolean {\n const ua = headers.get(\"user-agent\") ?? \"\";\n\n // No User-Agent → definitely automated\n if (!ua) return true;\n\n // Explicit bot / agent UA match\n if (BOT_UA_PATTERNS.some((p) => p.test(ua))) return true;\n\n // Cloudflare Bot Management: the `cf-bot-management` header contains a\n // JSON blob with a `score` field (0–100). Score < 30 → highly likely bot.\n const cfRaw = headers.get(\"cf-bot-management\");\n if (cfRaw) {\n try {\n const parsed = JSON.parse(cfRaw) as { score?: unknown };\n if (typeof parsed.score === \"number\" && parsed.score < 30) return true;\n } catch {\n // Malformed header — fail open (pass through)\n }\n }\n\n // Heuristic: non-browser UA + no Accept-Language → likely automated\n if (!BROWSER_UA_RE.test(ua) && !headers.get(\"accept-language\")) return true;\n\n return false;\n}\n\n/\n Extract the AgentID JWT from request headers.\n \n Checks in order:\n * 1. `Authorization: Bearer <token>` (preferred)\n * 2. `X-AgentID-Token` (fallback when Authorization is stripped by proxies)\n \n @returns The raw JWT string, or `null` if absent.\n /\nexport function extractToken(headers: Headers): string \| null {\n // Primary: standard Authorization header\n const auth = headers.get(\"authorization\") ?? \"\";\n if (auth.startsWith(\"Bearer \")) {\n const token = auth.slice(7).trim();\n if (token) return token;\n }\n\n // Fallback: custom header\n const custom = headers.get(\"x-agentid-token\")?.trim();\n if (custom) return custom;\n\n return null;\n}\n","import { createRemoteJWKSet, jwtVerify } from \"jose\";\nimport type { AgentIDClaims } from \"./types.js\";\n\nconst DEFAULT_JWKS_URL = \"https://agentpass.vercel.app/api/jwks\";\n\n/\n Module-level JWKS cache — one RemoteJWKSet instance per unique URL.\n * jose caches the fetched key material internally; re-fetches when the\n * cache TTL (1 h) expires or a new `kid` is seen.\n /\nconst jwksSets = new Map<string, ReturnType<typeof createRemoteJWKSet>>();\n\nfunction getJwks(rawUrl: string): ReturnType<typeof createRemoteJWKSet> {\n if (!jwksSets.has(rawUrl)) {\n const url = new URL(rawUrl); // throws on malformed URL\n\n // Security: HTTPS is mandatory to prevent MITM on the public-key fetch.\n // Localhost is whitelisted for local development / CI.\n const isLocal =\n url.hostname === \"localhost\" \|\|\n url.hostname === \"127.0.0.1\" \|\|\n url.hostname === \"::1\";\n\n if (url.protocol !== \"https:\" && !isLocal) {\n throw new Error(\n `[agent-id] jwksUrl must use HTTPS, received: ${rawUrl}`\n );\n }\n\n jwksSets.set(\n rawUrl,\n createRemoteJWKSet(url, {\n cacheMaxAge: 60 60 * 1_000, // 1 hour in ms\n })\n );\n }\n\n return jwksSets.get(rawUrl)!;\n}\n\nexport interface VerifyTokenOptions {\n jwksUrl?: string;\n clockTolerance?: number;\n}\n\n/*\n Verify an AgentID JWT and return its decoded claims.\n \n Security guarantees\n * ───────────────────\n * • Signature — RS256, verified against the live JWKS public key.\n * • Algorithm — strict allowlist `['RS256']`; alg:none and HS256 are\n * rejected before signature verification even begins.\n * • Issuer — must be exactly \"agentid\".\n * • Expiry — enforced; configurable clock tolerance (default 30 s).\n * • kid — jose matches the JWT `kid` header to the JWKS automatically.\n * • auth_method — validated at runtime; must equal \"bankid\".\n \n @throws if the token is invalid, expired, or fails any check.\n /\nexport async function verifyAgentIDToken(\n token: string,\n options: VerifyTokenOptions = {}\n): Promise<AgentIDClaims> {\n const jwksUrl = options.jwksUrl ?? DEFAULT_JWKS_URL;\n const JWKS = getJwks(jwksUrl);\n\n const { payload } = await jwtVerify(token, JWKS, {\n issuer: \"agentid\",\n // ↓ Critical — explicit allowlist prevents algorithm-confusion attacks.\n // Any token claiming alg:\"none\", alg:\"HS256\", or anything else is\n // rejected before signature verification.\n algorithms: [\"RS256\"],\n clockTolerance: options.clockTolerance ?? 30,\n });\n\n // Runtime validation of AgentID-specific claims.\n if (payload.auth_method !== \"bankid\") {\n throw new Error(\n `[agent-id] JWT has invalid auth_method: expected \"bankid\", got \"${\n payload.auth_method ?? \"undefined\"\n }\"`\n );\n }\n if (typeof payload.sub !== \"string\" \|\| payload.sub.length === 0) {\n throw new Error(\"[agent-id] JWT is missing the sub claim\");\n }\n\n return payload as unknown as AgentIDClaims;\n}\n","export { createAgentIDMiddleware } from \"./middleware.js\";\nexport type { AgentIDMiddlewareOptions } from \"./middleware.js\";\n\nexport { verifyAgentIDToken } from \"./verify.js\";\nexport type { VerifyTokenOptions } from \"./verify.js\";\n\nexport { isAgentRequest, extractToken } from \"./detect.js\";\n\nexport type {\n AgentIDClaims,\n AgentIDResult,\n AgentIDVerified,\n AgentIDUnverified,\n VerifierOptions,\n} from \"./types.js\";\n\n// ── App Router helper ────────────────────────────────────────────────────────\n\nimport type { NextRequest } from \"next/server\";\nimport type { AgentIDResult, AgentIDClaims } from \"./types.js\";\n\n/\n Extract the verified AgentID identity from a Next.js App Router request.\n \n This function reads the headers set by `createAgentIDMiddleware`. It must\n * only be called from route handlers that sit behind the proxy.\n \n @example\n * ```ts\n * // app/api/data/route.ts\n * import { getAgentIDResult } from '@agent-id/nextjs';\n \n export async function GET(request: NextRequest) {\n * const agent = getAgentIDResult(request);\n * if (!agent.verified) {\n * return Response.json({ error: 'Unauthorized' }, { status: 403 });\n * }\n * return Response.json({ sub: agent.claims.sub });\n * }\n * ```\n */\nexport function getAgentIDResult(request: NextRequest): AgentIDResult {\n const verified = request.headers.get(\"x-agentid-verified\");\n\n if (verified !== \"true\") {\n return {\n verified: false,\n reason: verified === \"false\" ? \"no_token\" : \"not_agent\",\n };\n }\n\n const claimsJson = request.headers.get(\"x-agentid-claims\");\n if (!claimsJson) {\n return { verified: false, reason: \"invalid_token\" };\n }\n\n try {\n const claims = JSON.parse(claimsJson) as AgentIDClaims;\n return { verified: true, claims };\n } catch {\n return { verified: false, reason: \"invalid_token\" };\n }\n}\n"],"mappings":";AAAA,SAAsB,oBAAoB;;;ACc1C,IAAM,kBAA4B;AAAA;AAAA,EAEhC;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AACF;AAGA,IAAM,gBAAgB;AAQf,SAAS,eAAe,SAA2B;AACxD,QAAM,KAAK,QAAQ,IAAI,YAAY,KAAK;AAGxC,MAAI,CAAC,GAAI,QAAO;AAGhB,MAAI,gBAAgB,KAAK,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,EAAG,QAAO;AAIpD,QAAM,QAAQ,QAAQ,IAAI,mBAAmB;AAC7C,MAAI,OAAO;AACT,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,KAAK;AAC/B,UAAI,OAAO,OAAO,UAAU,YAAY,OAAO,QAAQ,GAAI,QAAO;AAAA,IACpE,QAAQ;AAAA,IAER;AAAA,EACF;AAGA,MAAI,CAAC,cAAc,KAAK,EAAE,KAAK,CAAC,QAAQ,IAAI,iBAAiB,EAAG,QAAO;AAEvE,SAAO;AACT;AAWO,SAAS,aAAa,SAAiC;AAE5D,QAAM,OAAO,QAAQ,IAAI,eAAe,KAAK;AAC7C,MAAI,KAAK,WAAW,SAAS,GAAG;AAC9B,UAAM,QAAQ,KAAK,MAAM,CAAC,EAAE,KAAK;AACjC,QAAI,MAAO,QAAO;AAAA,EACpB;AAGA,QAAM,SAAS,QAAQ,IAAI,iBAAiB,GAAG,KAAK;AACpD,MAAI,OAAQ,QAAO;AAEnB,SAAO;AACT;;;AChHA,SAAS,oBAAoB,iBAAiB;AAG9C,IAAM,mBAAmB;AAOzB,IAAM,WAAW,oBAAI,IAAmD;AAExE,SAAS,QAAQ,QAAuD;AACtE,MAAI,CAAC,SAAS,IAAI,MAAM,GAAG;AACzB,UAAM,MAAM,IAAI,IAAI,MAAM;AAI1B,UAAM,UACJ,IAAI,aAAa,eACjB,IAAI,aAAa,eACjB,IAAI,aAAa;AAEnB,QAAI,IAAI,aAAa,YAAY,CAAC,SAAS;AACzC,YAAM,IAAI;AAAA,QACR,gDAAgD,MAAM;AAAA,MACxD;AAAA,IACF;AAEA,aAAS;AAAA,MACP;AAAA,MACA,mBAAmB,KAAK;AAAA,QACtB,aAAa,KAAK,KAAK;AAAA;AAAA,MACzB,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO,SAAS,IAAI,MAAM;AAC5B;AAsBA,eAAsB,mBACpB,OACA,UAA8B,CAAC,GACP;AACxB,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,OAAO,QAAQ,OAAO;AAE5B,QAAM,EAAE,QAAQ,IAAI,MAAM,UAAU,OAAO,MAAM;AAAA,IAC/C,QAAQ;AAAA;AAAA;AAAA;AAAA,IAIR,YAAY,CAAC,OAAO;AAAA,IACpB,gBAAgB,QAAQ,kBAAkB;AAAA,EAC5C,CAAC;AAGD,MAAI,QAAQ,gBAAgB,UAAU;AACpC,UAAM,IAAI;AAAA,MACR,mEACE,QAAQ,eAAe,WACzB;AAAA,IACF;AAAA,EACF;AACA,MAAI,OAAO,QAAQ,QAAQ,YAAY,QAAQ,IAAI,WAAW,GAAG;AAC/D,UAAM,IAAI,MAAM,yCAAyC;AAAA,EAC3D;AAEA,SAAO;AACT;;;AFrEA,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AACF;AAsBO,SAAS,wBACd,UAAoC,CAAC,GACrC;AACA,QAAM;AAAA,IACJ;AAAA,IACA,0BAA0B;AAAA,IAC1B,iBAAiB;AAAA,IACjB;AAAA,EACF,IAAI;AAEJ,SAAO,eAAe,kBACpB,SACuB;AAEvB,UAAM,iBAAiB,IAAI,QAAQ,QAAQ,OAAO;AAKlD,eAAW,QAAQ,iBAAiB;AAClC,qBAAe,OAAO,IAAI;AAAA,IAC5B;AAGA,QAAI,CAAC,eAAe,cAAc,GAAG;AACnC,aAAO,aAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AAAA,IACnE;AAGA,UAAM,QAAQ,aAAa,cAAc;AAEzC,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAGA,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,mBAAmB,OAAO;AAAA,QACvC,GAAI,YAAY,UAAa,EAAE,QAAQ;AAAA,QACvC;AAAA,MACF,CAAC;AAAA,IACH,SAAS,KAAK;AAEZ,cAAQ;AAAA,QACN;AAAA,QACA,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,MACjD;AACA,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAIA,mBAAe,IAAI,sBAAsB,MAAM;AAC/C,mBAAe,IAAI,iBAAiB,OAAO,GAAG;AAE9C,mBAAe,IAAI,oBAAoB,KAAK,UAAU,MAAM,CAAC;AAE7D,WAAO,aAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AAAA,EACnE;AACF;AAIA,SAAS,aACP,SACA,gBACA,SACA,OACA,gBACc;AACd,MAAI,gBAAgB;AAClB,UAAM,SAAS,eAAe,SAAS,OAAO;AAC9C,QAAI,OAAQ,QAAO;AAAA,EACrB;AAEA,MAAI,OAAO;AACT,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,sBAAsB,QAAQ;AAAA,MACvC,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAIA,iBAAe,IAAI,sBAAsB,OAAO;AAChD,SAAO,aAAa,KAAK,EAAE,SAAS,EAAE,SAAS,eAAe,EAAE,CAAC;AACnE;;;AGxGO,SAAS,iBAAiB,SAAqC;AACpE,QAAM,WAAW,QAAQ,QAAQ,IAAI,oBAAoB;AAEzD,MAAI,aAAa,QAAQ;AACvB,WAAO;AAAA,MACL,UAAU;AAAA,MACV,QAAQ,aAAa,UAAU,aAAa;AAAA,IAC9C;AAAA,EACF;AAEA,QAAM,aAAa,QAAQ,QAAQ,IAAI,kBAAkB;AACzD,MAAI,CAAC,YAAY;AACf,WAAO,EAAE,UAAU,OAAO,QAAQ,gBAAgB;AAAA,EACpD;AAEA,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,UAAU;AACpC,WAAO,EAAE,UAAU,MAAM,OAAO;AAAA,EAClC,QAAQ;AACN,WAAO,EAAE,UAAU,OAAO,QAAQ,gBAAgB;AAAA,EACpD;AACF;","names":[]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@agent-id/nextjs",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Agent-ID verifier middleware for Next.js — blocks unauthorized AI agents from your API routes",
   "keywords": ["agent-id", "agentpass", "bankid", "jwt", "nextjs", "middleware", "ai-agent", "mcp", "bot-detection"],
   "license": "MIT",