@agentix-security/nextjs 0.1.12 → 0.1.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.cjs +13 -14
  2. package/dist/index.js +13 -14
  3. package/package.json +1 -1
package/dist/index.cjs CHANGED
@@ -473,15 +473,16 @@ function buildTools(sdk, baseUrl) {
473
473
  })
474
474
  );
475
475
  }
476
- function agentInstructions(ttlSec) {
477
- return [
478
- "1. Pick the tool below that matches what you need to do.",
479
- `2. Fetch the tool's token_url with a GET request (no body, no auth required). You will receive JSON containing an access_token. Tokens are valid for ${ttlSec} seconds.`,
480
- '3. Include the token in the Authorization header on every API request: "Authorization: Bearer <access_token>"',
481
- "4. If you receive HTTP 401 (missing_token or invalid_token), your token is missing or expired \u2014 fetch a new one from the same token_url.",
482
- "5. If you receive HTTP 403 (out_of_scope), your token's intent does not cover this route. Get a new token from the token_url of the correct tool.",
483
- "6. Each token is scoped to exactly one intent. Use a different token for each capability."
484
- ];
476
+ function buildAuthScheme(ttlSec) {
477
+ return {
478
+ type: "intent_bearer",
479
+ summary: "Routes on this service are protected by intent-scoped Bearer tokens. A caller selects the relevant tool from the tools map, obtains a short-lived token from its token_url, and presents it in the Authorization header.",
480
+ token_issuance: `GET <tool.token_url> \u2014 no credentials or request body required. Returns JSON: { access_token, token_type: "Bearer", intent, expires_in }. Tokens are valid for ${ttlSec} seconds.`,
481
+ token_usage: "Authorization: Bearer <access_token> (header on every request to the tool's routes).",
482
+ on_401_missing_or_invalid: "Token is absent or expired. A fresh token is available at the same token_url.",
483
+ on_403_out_of_scope: "Token's intent does not cover the requested route. The response body includes required_intent and a token_url for the correct scope.",
484
+ scope_model: "Each token is scoped to exactly one intent. A separate token is required for each distinct tool."
485
+ };
485
486
  }
486
487
  function agentixMiddleware(sdk) {
487
488
  return async (req) => {
@@ -507,8 +508,7 @@ function agentixMiddleware(sdk) {
507
508
  version: "0.2.0",
508
509
  tenant_id: sdk.getResolvedTenantId(),
509
510
  deployment_id: sdk.getDeploymentId(),
510
- instructions: agentInstructions(ttlSec),
511
- token_ttl_seconds: ttlSec,
511
+ auth_scheme: buildAuthScheme(ttlSec),
512
512
  discovery: {
513
513
  well_known: `${baseUrl}/.well-known/ai-agent.json`,
514
514
  token_endpoint: `${baseUrl}/agent/v1/declare_intent`,
@@ -594,9 +594,8 @@ function agentixMiddleware(sdk) {
594
594
  return server_js.NextResponse.json({
595
595
  service: "agentix-intent-sdk",
596
596
  version: "0.2.0",
597
- message: "You are an AI agent accessing a human-facing page. This site exposes a structured agent API \u2014 use it instead of scraping HTML.",
598
- instructions: agentInstructions(ttlSec),
599
- token_ttl_seconds: ttlSec,
597
+ notice: "This response is served to automated clients. A structured agent API is available at the endpoints below.",
598
+ auth_scheme: buildAuthScheme(ttlSec),
600
599
  discovery: {
601
600
  well_known: `${baseUrl}/.well-known/ai-agent.json`,
602
601
  token_endpoint: `${baseUrl}/agent/v1/declare_intent`,
package/dist/index.js CHANGED
@@ -471,15 +471,16 @@ function buildTools(sdk, baseUrl) {
471
471
  })
472
472
  );
473
473
  }
474
- function agentInstructions(ttlSec) {
475
- return [
476
- "1. Pick the tool below that matches what you need to do.",
477
- `2. Fetch the tool's token_url with a GET request (no body, no auth required). You will receive JSON containing an access_token. Tokens are valid for ${ttlSec} seconds.`,
478
- '3. Include the token in the Authorization header on every API request: "Authorization: Bearer <access_token>"',
479
- "4. If you receive HTTP 401 (missing_token or invalid_token), your token is missing or expired \u2014 fetch a new one from the same token_url.",
480
- "5. If you receive HTTP 403 (out_of_scope), your token's intent does not cover this route. Get a new token from the token_url of the correct tool.",
481
- "6. Each token is scoped to exactly one intent. Use a different token for each capability."
482
- ];
474
+ function buildAuthScheme(ttlSec) {
475
+ return {
476
+ type: "intent_bearer",
477
+ summary: "Routes on this service are protected by intent-scoped Bearer tokens. A caller selects the relevant tool from the tools map, obtains a short-lived token from its token_url, and presents it in the Authorization header.",
478
+ token_issuance: `GET <tool.token_url> \u2014 no credentials or request body required. Returns JSON: { access_token, token_type: "Bearer", intent, expires_in }. Tokens are valid for ${ttlSec} seconds.`,
479
+ token_usage: "Authorization: Bearer <access_token> (header on every request to the tool's routes).",
480
+ on_401_missing_or_invalid: "Token is absent or expired. A fresh token is available at the same token_url.",
481
+ on_403_out_of_scope: "Token's intent does not cover the requested route. The response body includes required_intent and a token_url for the correct scope.",
482
+ scope_model: "Each token is scoped to exactly one intent. A separate token is required for each distinct tool."
483
+ };
483
484
  }
484
485
  function agentixMiddleware(sdk) {
485
486
  return async (req) => {
@@ -505,8 +506,7 @@ function agentixMiddleware(sdk) {
505
506
  version: "0.2.0",
506
507
  tenant_id: sdk.getResolvedTenantId(),
507
508
  deployment_id: sdk.getDeploymentId(),
508
- instructions: agentInstructions(ttlSec),
509
- token_ttl_seconds: ttlSec,
509
+ auth_scheme: buildAuthScheme(ttlSec),
510
510
  discovery: {
511
511
  well_known: `${baseUrl}/.well-known/ai-agent.json`,
512
512
  token_endpoint: `${baseUrl}/agent/v1/declare_intent`,
@@ -592,9 +592,8 @@ function agentixMiddleware(sdk) {
592
592
  return NextResponse.json({
593
593
  service: "agentix-intent-sdk",
594
594
  version: "0.2.0",
595
- message: "You are an AI agent accessing a human-facing page. This site exposes a structured agent API \u2014 use it instead of scraping HTML.",
596
- instructions: agentInstructions(ttlSec),
597
- token_ttl_seconds: ttlSec,
595
+ notice: "This response is served to automated clients. A structured agent API is available at the endpoints below.",
596
+ auth_scheme: buildAuthScheme(ttlSec),
598
597
  discovery: {
599
598
  well_known: `${baseUrl}/.well-known/ai-agent.json`,
600
599
  token_endpoint: `${baseUrl}/agent/v1/declare_intent`,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@agentix-security/nextjs",
3
- "version": "0.1.12",
3
+ "version": "0.1.13",
4
4
  "description": "Agentix Next.js adapter — AI agent intent-based authorization for Next.js apps",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",