@agentix-security/nextjs 0.1.0 → 0.1.2

package/dist/index.cjs

@@ -302,7 +302,13 @@ var AgentixSDK = class {
     return this.engine;
   }
   registerIntent(intent, mode = "enforce") {
-    this.intentRegistry.set(intent, mode);
+    if (!this.intentRegistry.has(intent)) {
+      this.intentRegistry.set(intent, { mode, routes: /* @__PURE__ */ new Set() });
+    }
+  }
+  registerIntentRoute(intent, route) {
+    const entry = this.intentRegistry.get(intent);
+    if (entry) entry.routes.add(route);
   }
   getIntentRegistry() {
     return this.intentRegistry;
@@ -411,13 +417,13 @@ function bearer(req) {
   if (!auth?.startsWith("Bearer ")) return null;
   return auth.slice("Bearer ".length).trim();
 }
-async function shipAudit2(url, key, row) {
-  if (!key) return;
+async function shipAudit2(url, licenseKey, row) {
+  if (!licenseKey || !url) return;
   try {
-    await fetch(`${url}/v1/audit/decisions`, {
+    await fetch(`${url}/v1/audit/events`, {
       method: "POST",
-      headers: { authorization: `Bearer ${key}`, "content-type": "application/json" },
-      body: JSON.stringify(row)
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({ license_key: licenseKey, rows: [row] })
     });
   } catch {
   }
@@ -443,11 +449,14 @@ function agentixMiddleware(sdk) {
     const fp = await fingerprint2(req);
     const baseUrl = req.nextUrl.origin;
     const cp = (sdk.config.controlPlaneUrl ?? "https://agentix-control-plane.onrender.com").replace(/\/$/, "");
-    const adminKey = sdk.config.controlPlaneAdminKey;
+    const licenseKey = sdk.config.licenseKey;
     const tokenSecret = sdk.getResolvedTokenSecret();
     if (req.method === "GET" && pathname === "/.well-known/ai-agent.json") {
-      const allIntents = [...sdk.getIntentRegistry().keys()];
-      void shipAudit2(cp, adminKey, auditRow(sdk, req, pathname, 200, fp, {
+      const registry = sdk.getIntentRegistry();
+      const tools = Object.fromEntries(
+        [...registry.entries()].map(([intent, entry]) => [intent, { routes: [...entry.routes] }])
+      );
+      void shipAudit2(cp, licenseKey, auditRow(sdk, req, pathname, 200, fp, {
         trust_mode: "unknown",
         intent_scope: "none",
         token_id: null,
@@ -461,7 +470,8 @@ function agentixMiddleware(sdk) {
         tenant_id: sdk.getResolvedTenantId(),
         deployment_id: sdk.getDeploymentId(),
         discovery: { well_known: `${baseUrl}/.well-known/ai-agent.json`, token_endpoint: `${baseUrl}/agent/v1/declare_intent` },
-        intents: allIntents
+        intents: [...registry.keys()],
+        tools
       }, { headers: { "cache-control": "no-store" } });
     }
     if (req.method === "POST" && pathname === "/agent/v1/declare_intent") {
@@ -472,7 +482,7 @@ function agentixMiddleware(sdk) {
       }
       const validIntents = [...sdk.getIntentRegistry().keys()];
       if (!body.intent || !isValidIntent(body.intent, validIntents)) {
-        void shipAudit2(cp, adminKey, auditRow(sdk, req, pathname, 400, fp, {
+        void shipAudit2(cp, licenseKey, auditRow(sdk, req, pathname, 400, fp, {
           trust_mode: "unmanaged_automation",
           intent_scope: "none",
           token_id: null,
@@ -489,7 +499,7 @@ function agentixMiddleware(sdk) {
       const exp = iat + Math.floor(ttl / 1e3);
       const raw = await issueTokenWeb(tokenSecret, { intent, domain: sdk.getResolvedDomain(), binding: fp, iat, exp });
       const jti = tokenIdWeb(raw);
-      void shipAudit2(cp, adminKey, auditRow(sdk, req, pathname, 200, fp, {
+      void shipAudit2(cp, licenseKey, auditRow(sdk, req, pathname, 200, fp, {
         trust_mode: "managed_agent",
         intent_scope: intent,
         token_id: jti,
@@ -506,12 +516,15 @@ function agentixMiddleware(sdk) {
         expires_in: exp - iat
       });
     }
-    return server_js.NextResponse.next();
+    const res = server_js.NextResponse.next();
+    res.headers.set("link", `<${baseUrl}/.well-known/ai-agent.json>; rel="agent-discovery"`);
+    return res;
   };
 }
 function secure(sdk, intent, handler, opts = {}) {
   const mode = opts.mode ?? "enforce";
   sdk.registerIntent(intent, mode);
+  if (opts.path) sdk.registerIntentRoute(intent, opts.path);
   return async (req, ctx) => {
     await sdk.ensureInitialized();
     const fp = await fingerprint2(req);

package/dist/index.d.cts

@@ -41,7 +41,10 @@ interface EngineOptions {
     controlPlaneUrl: string;
     controlPlaneAdminKey?: string;
     getLease: () => LicenseLease | null;
-    getRegisteredIntents?: () => ReadonlyMap<string, 'enforce' | 'shadow'>;
+    getRegisteredIntents?: () => ReadonlyMap<string, {
+        mode: 'enforce' | 'shadow';
+        routes: Set<string>;
+    }>;
     devMode?: boolean;
 }
 declare class Engine {
@@ -86,7 +89,11 @@ declare class AgentixSDK {
     private _init;
     getEngine(): Engine;
     registerIntent(intent: string, mode?: 'enforce' | 'shadow'): void;
-    getIntentRegistry(): ReadonlyMap<string, 'enforce' | 'shadow'>;
+    registerIntentRoute(intent: string, route: string): void;
+    getIntentRegistry(): ReadonlyMap<string, {
+        mode: 'enforce' | 'shadow';
+        routes: Set<string>;
+    }>;
     getResolvedDomain(): string;
     getResolvedTenantId(): string;
     getResolvedTokenSecret(): string;
@@ -109,6 +116,7 @@ declare function agentixMiddleware(sdk: AgentixSDK): NextMiddleware;
  */
 declare function secure(sdk: AgentixSDK, intent: string, handler: (req: NextRequest, ctx?: unknown) => Promise<Response> | Response, opts?: {
     mode?: 'enforce' | 'shadow';
+    path?: string;
 }): (req: NextRequest, ctx?: unknown) => Promise<Response>;
 interface PagesRes {
     status(code: number): PagesRes;

package/dist/index.d.ts

@@ -41,7 +41,10 @@ interface EngineOptions {
     controlPlaneUrl: string;
     controlPlaneAdminKey?: string;
     getLease: () => LicenseLease | null;
-    getRegisteredIntents?: () => ReadonlyMap<string, 'enforce' | 'shadow'>;
+    getRegisteredIntents?: () => ReadonlyMap<string, {
+        mode: 'enforce' | 'shadow';
+        routes: Set<string>;
+    }>;
     devMode?: boolean;
 }
 declare class Engine {
@@ -86,7 +89,11 @@ declare class AgentixSDK {
     private _init;
     getEngine(): Engine;
     registerIntent(intent: string, mode?: 'enforce' | 'shadow'): void;
-    getIntentRegistry(): ReadonlyMap<string, 'enforce' | 'shadow'>;
+    registerIntentRoute(intent: string, route: string): void;
+    getIntentRegistry(): ReadonlyMap<string, {
+        mode: 'enforce' | 'shadow';
+        routes: Set<string>;
+    }>;
     getResolvedDomain(): string;
     getResolvedTenantId(): string;
     getResolvedTokenSecret(): string;
@@ -109,6 +116,7 @@ declare function agentixMiddleware(sdk: AgentixSDK): NextMiddleware;
  */
 declare function secure(sdk: AgentixSDK, intent: string, handler: (req: NextRequest, ctx?: unknown) => Promise<Response> | Response, opts?: {
     mode?: 'enforce' | 'shadow';
+    path?: string;
 }): (req: NextRequest, ctx?: unknown) => Promise<Response>;
 interface PagesRes {
     status(code: number): PagesRes;

package/dist/index.js

@@ -300,7 +300,13 @@ var AgentixSDK = class {
     return this.engine;
   }
   registerIntent(intent, mode = "enforce") {
-    this.intentRegistry.set(intent, mode);
+    if (!this.intentRegistry.has(intent)) {
+      this.intentRegistry.set(intent, { mode, routes: /* @__PURE__ */ new Set() });
+    }
+  }
+  registerIntentRoute(intent, route) {
+    const entry = this.intentRegistry.get(intent);
+    if (entry) entry.routes.add(route);
   }
   getIntentRegistry() {
     return this.intentRegistry;
@@ -409,13 +415,13 @@ function bearer(req) {
   if (!auth?.startsWith("Bearer ")) return null;
   return auth.slice("Bearer ".length).trim();
 }
-async function shipAudit2(url, key, row) {
-  if (!key) return;
+async function shipAudit2(url, licenseKey, row) {
+  if (!licenseKey || !url) return;
   try {
-    await fetch(`${url}/v1/audit/decisions`, {
+    await fetch(`${url}/v1/audit/events`, {
       method: "POST",
-      headers: { authorization: `Bearer ${key}`, "content-type": "application/json" },
-      body: JSON.stringify(row)
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({ license_key: licenseKey, rows: [row] })
     });
   } catch {
   }
@@ -441,11 +447,14 @@ function agentixMiddleware(sdk) {
     const fp = await fingerprint2(req);
     const baseUrl = req.nextUrl.origin;
     const cp = (sdk.config.controlPlaneUrl ?? "https://agentix-control-plane.onrender.com").replace(/\/$/, "");
-    const adminKey = sdk.config.controlPlaneAdminKey;
+    const licenseKey = sdk.config.licenseKey;
     const tokenSecret = sdk.getResolvedTokenSecret();
     if (req.method === "GET" && pathname === "/.well-known/ai-agent.json") {
-      const allIntents = [...sdk.getIntentRegistry().keys()];
-      void shipAudit2(cp, adminKey, auditRow(sdk, req, pathname, 200, fp, {
+      const registry = sdk.getIntentRegistry();
+      const tools = Object.fromEntries(
+        [...registry.entries()].map(([intent, entry]) => [intent, { routes: [...entry.routes] }])
+      );
+      void shipAudit2(cp, licenseKey, auditRow(sdk, req, pathname, 200, fp, {
         trust_mode: "unknown",
         intent_scope: "none",
         token_id: null,
@@ -459,7 +468,8 @@ function agentixMiddleware(sdk) {
         tenant_id: sdk.getResolvedTenantId(),
         deployment_id: sdk.getDeploymentId(),
         discovery: { well_known: `${baseUrl}/.well-known/ai-agent.json`, token_endpoint: `${baseUrl}/agent/v1/declare_intent` },
-        intents: allIntents
+        intents: [...registry.keys()],
+        tools
       }, { headers: { "cache-control": "no-store" } });
     }
     if (req.method === "POST" && pathname === "/agent/v1/declare_intent") {
@@ -470,7 +480,7 @@ function agentixMiddleware(sdk) {
       }
       const validIntents = [...sdk.getIntentRegistry().keys()];
       if (!body.intent || !isValidIntent(body.intent, validIntents)) {
-        void shipAudit2(cp, adminKey, auditRow(sdk, req, pathname, 400, fp, {
+        void shipAudit2(cp, licenseKey, auditRow(sdk, req, pathname, 400, fp, {
           trust_mode: "unmanaged_automation",
           intent_scope: "none",
           token_id: null,
@@ -487,7 +497,7 @@ function agentixMiddleware(sdk) {
       const exp = iat + Math.floor(ttl / 1e3);
       const raw = await issueTokenWeb(tokenSecret, { intent, domain: sdk.getResolvedDomain(), binding: fp, iat, exp });
       const jti = tokenIdWeb(raw);
-      void shipAudit2(cp, adminKey, auditRow(sdk, req, pathname, 200, fp, {
+      void shipAudit2(cp, licenseKey, auditRow(sdk, req, pathname, 200, fp, {
         trust_mode: "managed_agent",
         intent_scope: intent,
         token_id: jti,
@@ -504,12 +514,15 @@ function agentixMiddleware(sdk) {
         expires_in: exp - iat
       });
     }
-    return NextResponse.next();
+    const res = NextResponse.next();
+    res.headers.set("link", `<${baseUrl}/.well-known/ai-agent.json>; rel="agent-discovery"`);
+    return res;
   };
 }
 function secure(sdk, intent, handler, opts = {}) {
   const mode = opts.mode ?? "enforce";
   sdk.registerIntent(intent, mode);
+  if (opts.path) sdk.registerIntentRoute(intent, opts.path);
   return async (req, ctx) => {
     await sdk.ensureInitialized();
     const fp = await fingerprint2(req);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentix-security/nextjs",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Agentix Next.js adapter — AI agent intent-based authorization for Next.js apps",
   "type": "module",
   "main": "./dist/index.cjs",