@agentvisa/widget 0.2.2 → 0.2.4

package/README.md

@@ -1,16 +1,12 @@
 # @agentvisa/widget
 
-Lightweight JavaScript/TypeScript widget for **AgentVisa** verification.
+Server-side middleware for **AgentVisa** verification — protect your Express or Next.js API routes so only AI agents backed by a verified human can access them.
 
-Drop-in verification for websites that need to confirm a real human has approved an AI agent's action.
+When an unverified agent hits a protected route, the middleware returns a `302` redirect (or `401`) pointing the agent to [agentvisa.ai/for-agents](https://agentvisa.ai/for-agents), where it prompts the human to sign up. Verified agents pass straight through.
 
-## Features
-
-- Works with both **Basic** and **Pro** tiers
-- Unified response shape for all plans
-- Zero runtime dependencies
-- < 5KB gzipped
-- TypeScript support
+> **Which package should I use?**
+> - **`@agentvisa/widget`** (this package) — use when you want the full viral redirect loop: unverified AI agents are redirected to AgentVisa to get verified, then come back. Also works as a plain `block` or `passthrough` gate. Supports Express and Next.js.
+> - **[`@agentvisa/verify`](https://www.npmjs.com/package/@agentvisa/verify)** — use when you just want to verify a token and get a result back. Simpler API, no redirect, no growth loop. Works with any Node.js framework.
 
 ## Installation
 
@@ -18,77 +14,134 @@ Drop-in verification for websites that need to confirm a real human has approved
 npm install @agentvisa/widget
 ```
 
-Or via CDN:
+## Quick start — Express
 
-```html
-<script src="https://cdn.agentvisa.ai/widget.js"></script>
-```
+```ts
+import express from 'express';
+import { agentVisa } from '@agentvisa/widget/express';
 
-## Usage
+const app = express();
 
-### Basic Usage (Recommended)
+app.use('/api', agentVisa({
+  widgetId: process.env.AV_WIDGET_ID!,
+  apiKey:   process.env.AV_API_KEY!,
+}));
+
+app.post('/api/order', (req, res) => {
+  // Only reaches here if the agent is verified
+  console.log(req.agentVisa.result.plan);  // "basic" | "pro"
+  res.json({ ok: true });
+});
+```
+
+## Quick start — Next.js
 
 ```ts
-import { AgentVisa } from "@agentvisa/widget";
+// middleware.ts (project root)
+import { withAgentVisa } from '@agentvisa/widget/next';
 
-const result = await AgentVisa.verify({
-  widgetId: "widget_abc123",
-  plan: "basic"
+export default withAgentVisa({
+  widgetId: process.env.AV_WIDGET_ID!,
+  apiKey:   process.env.AV_API_KEY!,
 });
 
-console.log(result.valid);     // true | false
-console.log(result.reason);    // "ok" | "expired" | "invalid" ...
-console.log(result.plan);      // "basic" | "pro"
+export const config = {
+  matcher: ['/api/:path*'],
+};
 ```
 
-### Instance Usage
+## How agents send their token
+
+Agents use the [AgentVisa MCP server](https://www.npmjs.com/package/@agentvisa/mcp) (`@agentvisa/mcp`) to exchange their permanent token for a short-lived `tmp_xxx` token, then send it in one of two ways:
+
+**Standard mode:**
+```
+X-AgentVisa-Token: tmp_xxxxxxxxxxxxxxxxxxxx
+```
+
+**Web Bot Auth mode** (RFC 9421 — token bound in the signature):
+```
+AgentVisa-Assertion: tmp_xxxxxxxxxxxxxxxxxxxx
+Signature-Input: sig1=("@method" "@path" "host" "agentvisa-assertion");keyid="key-1";created=1234567890
+Signature: sig1=:base64sig:
+```
+
+## Options
+
+| Option | Type | Default | Description |
+|--------|------|---------|-------------|
+| `widgetId` | `string` | **required** | Your `wgt_xxx` widget ID |
+| `apiKey` | `string` | **required** | Your `wk_xxx` API key — **server-side only** |
+| `onUnverified` | `'redirect' \| 'block' \| 'passthrough'` | `'redirect'` | What to do when an agent is unverified |
+| `redirectUrl` | `string` | `'https://agentvisa.ai/for-agents'` | Where to redirect unverified AI agents |
+| `timeoutMs` | `number` | `5000` | Timeout for the `/v1/verify` API call |
+
+### `onUnverified` modes
+
+- **`'redirect'`** (default) — AI agents (including headless/automation browsers) get a `302` to the AgentVisa challenge page (`/verify`), with `?w=<widget_id>&from=<host>` appended for attribution. Other browser-class requests get an instructive `401` **challenge** — an HTML page for browsers, JSON otherwise — that points both agents and humans to the next step, never a bare dead-end. This is the viral growth mode: unverified agents reach the sign-up path, then come back verified.
+- **`'block'`** — All unverified requests get `401`. Quiet hard gate.
+- **`'passthrough'`** — Attach the result to `req.agentVisa` (Express) or response headers (Next.js) and continue. Use this for soft-gating or analytics.
+
+## Express — reading the result
+
+On verified requests, `req.agentVisa` is populated:
 
 ```ts
-const visa = new AgentVisa({
-  widgetId: "widget_abc123",
-  plan: "pro"
+app.post('/api/action', (req, res) => {
+  const av = req.agentVisa!;
+  console.log(av.verified);          // true
+  console.log(av.result.plan);       // "basic" | "pro"
+  console.log(av.result.valid);      // true
+  console.log(av.result.verified_at); // ISO timestamp
+  console.log(av.result.web_bot_auth_bound); // true if RFC 9421 bound (Pro)
 });
-
-const result = await visa.verify();
 ```
 
-### Browser (UMD)
+In `'passthrough'` mode, unverified requests also reach your handler:
 
-```html
-<script src="https://cdn.agentvisa.ai/widget.js"></script>
-<script>
-  const result = await AgentVisa.verify({
-    widgetId: "widget_abc123",
-    plan: "basic"
-  });
-</script>
+```ts
+app.use(agentVisa({ widgetId, apiKey, onUnverified: 'passthrough' }));
+
+app.get('/api/data', (req, res) => {
+  if (!req.agentVisa?.verified) {
+    return res.json({ data: publicData, premium: null });
+  }
+  res.json({ data: publicData, premium: premiumData });
+});
 ```
 
-## Response Shape
+## Next.js — reading the result
 
-The widget always returns the unified response:
+On the edge or in a route handler, read the forwarded headers:
+
+```ts
+// app/api/route.ts
+export async function POST(request: Request) {
+  const verified = request.headers.get('x-agentvisa-verified') === 'true';
+  const reason   = request.headers.get('x-agentvisa-reason');
+
+  if (!verified) {
+    return Response.json({ error: reason }, { status: 401 });
+  }
+  // Proceed
+}
+```
+
+## Response shape from `/v1/verify`
 
 ```json
 {
   "valid": true,
   "reason": "ok",
   "plan": "basic",
-  "widget_id": "widget_abc123",
-  "human_name": null,
-  "email": null,
-  "phone": null,
-  "verified_at": null,
-  "expires_at": null
+  "widget_id": "wgt_abc123",
+  "verified_at": "2026-06-22T10:00:00Z",
+  "expires_at": "2026-06-23T10:00:00Z",
+  "domain_verified": true
 }
 ```
 
-## Configuration
-
-| Option       | Type               | Default                  | Description                     |
-|--------------|--------------------|--------------------------|---------------------------------|
-| `widgetId`   | `string`           | **required**             | Your AgentVisa widget ID        |
-| `plan`       | `"basic" \| "pro"` | `"basic"`                | Verification tier               |
-| `apiBaseUrl` | `string`           | `"https://api.agentvisa.ai"` | Backend API base URL        |
+Pro plan additionally returns `age_over_18`, `age_over_21`, `multiple_agents_authorized`, `web_bot_auth_bound`, and AVS-style attribute confirmations. Raw PII (name, email, phone) is never returned.
 
 ## Development
 
@@ -98,17 +151,10 @@ npm run build
 ```
 
 Build output is in `dist/`:
-
-- `widget.js` — UMD bundle (browser)
-- `widget.esm.js` — ESM bundle
-- `index.d.ts` — TypeScript definitions
-
-## Examples
-
-See the `examples/` folder:
-
-- `basic.html` — Basic tier demo
-- `pro.html` — Pro tier demo with richer data
+- `dist/express/index.js` — Express middleware
+- `dist/next/index.js` — Next.js middleware
+- `dist/core.js` — Shared verification logic
+- TypeScript declarations alongside each `.js` file
 
 ## Contributing
 
@@ -120,4 +166,4 @@ See [SECURITY.md](SECURITY.md).
 
 ## License
 
-MIT © [AgentVisa](https://agentvisa.ai)
+MIT © [AgentVisa](https://agentvisa.ai)

package/dist/core.d.ts

@@ -3,7 +3,7 @@
  * Used by Express and Next.js middleware — no framework deps here.
  */
 export declare const DEFAULT_API_BASE = "https://api.agentvisa.ai";
-export declare const DEFAULT_REDIRECT_URL = "https://agentvisa.ai/for-agents";
+export declare const DEFAULT_REDIRECT_URL = "https://agentvisa.ai/verify";
 /**
  * Detect whether an incoming request looks like an AI agent.
  *
@@ -18,6 +18,28 @@ export declare const DEFAULT_REDIRECT_URL = "https://agentvisa.ai/for-agents";
  *   Weak combo (both needed): no browser fingerprint headers + no text/html in Accept
  */
 export declare function isLikelyAiAgent(headers: Record<string, string | string[] | undefined>): boolean;
+/**
+ * True when the caller will render HTML (a browser, or an agent driving one).
+ * Used to decide whether to serve an HTML challenge page vs a JSON challenge.
+ */
+export declare function wantsHtml(headers: Record<string, string | string[] | undefined>): boolean;
+/**
+ * Instructive challenge page served to browser-class unverified requests.
+ *
+ * A bare 401 dead-ends AI agents that drive a browser (they never discover
+ * /for-agents). This page guides BOTH audiences: a human sees a short
+ * explainer; an agent sees the token instructions, the <meta agentvisa-required>
+ * discovery tag, and the link to follow — so no agent is ever stranded.
+ */
+export declare function challengeHtml(widgetId: string, redirectUrl: string, host?: string): string;
+/**
+ * Append attribution params to the redirect URL so the landing page — and your
+ * analytics — know which site sent the agent: `?w=<widgetId>&from=<host>`.
+ * widget_id maps to a registered domain, so this is clean attribution with no PII.
+ * (We deliberately pass only the host, never the full path, which could carry the
+ * customer site's own query params.)
+ */
+export declare function buildRedirectUrl(redirectUrl: string, widgetId: string, host?: string): string;
 export interface AgentVisaConfig {
     /** Your widget ID from the AgentVisa dashboard */
     widgetId: string;

package/dist/core.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"core.d.ts","sourceRoot":"","sources":["../src/core.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,gBAAgB,6BAA6B,CAAC;AAC3D,eAAO,MAAM,oBAAoB,oCAAoC,CAAC;AA0BtE;;;;;;;;;;;;GAYG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,GACrD,OAAO,CAyBT;AAED,MAAM,WAAW,eAAe;IAC9B,kDAAkD;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,+EAA+E;IAC/E,MAAM,EAAE,MAAM,CAAC;IACf,+CAA+C;IAC/C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;;;;;;OAOG;IACH,YAAY,CAAC,EAAE,UAAU,GAAG,OAAO,GAAG,aAAa,CAAC;IACpD;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;;;OAMG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IAGnB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAG3B,eAAe,CAAC,EAAE,OAAO,CAAC;IAG1B,WAAW,CAAC,EAAE,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC;IACjC,WAAW,CAAC,EAAE,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC;IACjC,qBAAqB,CAAC,EAAE,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC;IAC3C,0BAA0B,CAAC,EAAE,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;IAItB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAIhC,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,UAAU,CAC9B,cAAc,EAAE,MAAM,EACtB,MAAM,EAAE,QAAQ,CAAC,eAAe,CAAC,EACjC,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,GAC7D,OAAO,CAAC,YAAY,CAAC,CAqCvB;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,eAAe,GAAG,QAAQ,CAAC,eAAe,CAAC,CAQhF"}
+{"version":3,"file":"core.d.ts","sourceRoot":"","sources":["../src/core.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,gBAAgB,6BAA6B,CAAC;AAC3D,eAAO,MAAM,oBAAoB,gCAAgC,CAAC;AAiClE;;;;;;;;;;;;GAYG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,GACrD,OAAO,CAyBT;AAED;;;GAGG;AACH,wBAAgB,SAAS,CACvB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,GACrD,OAAO,CAIT;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAiB1F;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAW7F;AAED,MAAM,WAAW,eAAe;IAC9B,kDAAkD;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,+EAA+E;IAC/E,MAAM,EAAE,MAAM,CAAC;IACf,+CAA+C;IAC/C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;;;;;;OAOG;IACH,YAAY,CAAC,EAAE,UAAU,GAAG,OAAO,GAAG,aAAa,CAAC;IACpD;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;;;OAMG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IAGnB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAG3B,eAAe,CAAC,EAAE,OAAO,CAAC;IAG1B,WAAW,CAAC,EAAE,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC;IACjC,WAAW,CAAC,EAAE,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC;IACjC,qBAAqB,CAAC,EAAE,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC;IAC3C,0BAA0B,CAAC,EAAE,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;IAItB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAIhC,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,UAAU,CAC9B,cAAc,EAAE,MAAM,EACtB,MAAM,EAAE,QAAQ,CAAC,eAAe,CAAC,EACjC,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,GAC7D,OAAO,CAAC,YAAY,CAAC,CAqCvB;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,eAAe,GAAG,QAAQ,CAAC,eAAe,CAAC,CAQhF"}

package/dist/core.js

@@ -3,7 +3,7 @@
  * Used by Express and Next.js middleware — no framework deps here.
  */
 export const DEFAULT_API_BASE = "https://api.agentvisa.ai";
-export const DEFAULT_REDIRECT_URL = "https://agentvisa.ai/for-agents";
+export const DEFAULT_REDIRECT_URL = "https://agentvisa.ai/verify";
 // ── Agent signal detection ────────────────────────────────────────────────────
 /**
  * Known AI agent / LLM user-agent substrings (case-insensitive).
@@ -25,6 +25,13 @@ const AI_UA_PATTERNS = [
     /agentvisa/i,
     /python-httpx/i,
     /python-requests/i,
+    // Browser automation frameworks — AI agents increasingly drive real or headless browsers
+    /headless/i,
+    /playwright/i,
+    /puppeteer/i,
+    /selenium/i,
+    /webdriver/i,
+    /phantomjs/i,
 ];
 /**
  * Detect whether an incoming request looks like an AI agent.
@@ -61,6 +68,62 @@ export function isLikelyAiAgent(headers) {
         return true;
     return false;
 }
+/**
+ * True when the caller will render HTML (a browser, or an agent driving one).
+ * Used to decide whether to serve an HTML challenge page vs a JSON challenge.
+ */
+export function wantsHtml(headers) {
+    const v = headers["accept"];
+    const accept = Array.isArray(v) ? v[0] : (v ?? "");
+    return accept.includes("text/html");
+}
+/**
+ * Instructive challenge page served to browser-class unverified requests.
+ *
+ * A bare 401 dead-ends AI agents that drive a browser (they never discover
+ * /for-agents). This page guides BOTH audiences: a human sees a short
+ * explainer; an agent sees the token instructions, the <meta agentvisa-required>
+ * discovery tag, and the link to follow — so no agent is ever stranded.
+ */
+export function challengeHtml(widgetId, redirectUrl, host) {
+    const link = buildRedirectUrl(redirectUrl, widgetId, host);
+    return `<!doctype html>
+<html lang="en"><head><meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>AgentVisa — verification required</title>
+<meta name="agentvisa-required" content="${widgetId}">
+</head>
+<body style="font-family:system-ui,-apple-system,sans-serif;max-width:560px;margin:64px auto;padding:0 20px;line-height:1.55;color:#111">
+  <h1 style="font-size:22px;margin-bottom:8px">Verification required</h1>
+  <p>This site grants access only to AI agents that have a verified human behind them.</p>
+  <p><strong>If you are an AI agent:</strong> obtain an AgentVisa token, then retry this request with
+  the <code>X-AgentVisa-Token</code> header. Full instructions:
+  <a href="${link}">${redirectUrl}</a></p>
+  <p><strong>If you are a human:</strong> your AI agent needs an AgentVisa — it takes about 3 minutes
+  at <a href="https://agentvisa.ai/signup">agentvisa.ai/signup</a>.</p>
+</body></html>`;
+}
+/**
+ * Append attribution params to the redirect URL so the landing page — and your
+ * analytics — know which site sent the agent: `?w=<widgetId>&from=<host>`.
+ * widget_id maps to a registered domain, so this is clean attribution with no PII.
+ * (We deliberately pass only the host, never the full path, which could carry the
+ * customer site's own query params.)
+ */
+export function buildRedirectUrl(redirectUrl, widgetId, host) {
+    try {
+        const u = new URL(redirectUrl);
+        u.searchParams.set("w", widgetId);
+        if (host)
+            u.searchParams.set("from", host);
+        return u.toString();
+    }
+    catch {
+        const sep = redirectUrl.includes("?") ? "&" : "?";
+        const qs = `w=${encodeURIComponent(widgetId)}` + (host ? `&from=${encodeURIComponent(host)}` : "");
+        return `${redirectUrl}${sep}${qs}`;
+    }
+}
 /**
  * Call /v1/verify with a TemporaryToken.
  *

package/dist/core.js.map

@@ -1 +1 @@
-{"version":3,"file":"core.js","sourceRoot":"","sources":["../src/core.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,0BAA0B,CAAC;AAC3D,MAAM,CAAC,MAAM,oBAAoB,GAAG,iCAAiC,CAAC;AAEtE,iFAAiF;AAEjF;;;;GAIG;AACH,MAAM,cAAc,GAAa;IAC/B,SAAS;IACT,YAAY;IACZ,SAAS;IACT,UAAU;IACV,YAAY;IACZ,SAAS;IACT,WAAW;IACX,WAAW;IACX,UAAU;IACV,aAAa;IACb,UAAU;IACV,YAAY;IACZ,eAAe;IACf,kBAAkB;CACnB,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,eAAe,CAC7B,OAAsD;IAEtD,MAAM,CAAC,GAAG,CAAC,IAAY,EAAU,EAAE;QACjC,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;QACtC,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC,CAAC;IAEF,mFAAmF;IACnF,IAAI,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,qBAAqB,CAAC;QAAE,OAAO,IAAI,CAAC;IAElE,8BAA8B;IAC9B,MAAM,EAAE,GAAG,CAAC,CAAC,YAAY,CAAC,CAAC;IAC3B,IAAI,EAAE,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAE9D,yDAAyD;IACzD,gFAAgF;IAChF,MAAM,qBAAqB,GACzB,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;IACrE,MAAM,MAAM,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC3B,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACjD,MAAM,kBAAkB,GACtB,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,EAAE,CAAC;IAE3E,IAAI,CAAC,qBAAqB,IAAI,CAAC,WAAW,IAAI,kBAAkB;QAAE,OAAO,IAAI,CAAC;IAE9E,OAAO,KAAK,CAAC;AACf,CAAC;AAgED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,cAAsB,EACtB,MAAiC,EACjC,cAA8D;IAE9D,yEAAyE;IACzE,+EAA+E;IAC/E,MAAM,YAAY,GAA2B,EAAE,CAAC;IAChD,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,QAAQ,GAAG,cAAc,CAAC,iBAAiB,CAAC,CAAC;QACnD,IAAI,QAAQ,EAAE,CAAC;YACb,YAAY,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACrF,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;IAErE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,CAAC,UAAU,YAAY,EAAE;YAC7D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,kBAAkB,EAAE,MAAM,CAAC,MAAM;gBACjC,GAAG,YAAY;aAChB;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM,CAAC,QAAQ;aAC3B,CAAC;YACF,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAkB,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,0DAA0D;QAC1D,uEAAuE;QACvE,qEAAqE;QACrE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IACnD,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,MAAuB;IACnD,OAAO;QACL,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,oBAAoB;QACjC,SAAS,EAAE,IAAI;QACf,GAAG,MAAM;KACV,CAAC;AACJ,CAAC"}
+{"version":3,"file":"core.js","sourceRoot":"","sources":["../src/core.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,0BAA0B,CAAC;AAC3D,MAAM,CAAC,MAAM,oBAAoB,GAAG,6BAA6B,CAAC;AAElE,iFAAiF;AAEjF;;;;GAIG;AACH,MAAM,cAAc,GAAa;IAC/B,SAAS;IACT,YAAY;IACZ,SAAS;IACT,UAAU;IACV,YAAY;IACZ,SAAS;IACT,WAAW;IACX,WAAW;IACX,UAAU;IACV,aAAa;IACb,UAAU;IACV,YAAY;IACZ,eAAe;IACf,kBAAkB;IAClB,yFAAyF;IACzF,WAAW;IACX,aAAa;IACb,YAAY;IACZ,WAAW;IACX,YAAY;IACZ,YAAY;CACb,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,eAAe,CAC7B,OAAsD;IAEtD,MAAM,CAAC,GAAG,CAAC,IAAY,EAAU,EAAE;QACjC,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;QACtC,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC,CAAC;IAEF,mFAAmF;IACnF,IAAI,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,qBAAqB,CAAC;QAAE,OAAO,IAAI,CAAC;IAElE,8BAA8B;IAC9B,MAAM,EAAE,GAAG,CAAC,CAAC,YAAY,CAAC,CAAC;IAC3B,IAAI,EAAE,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAE9D,yDAAyD;IACzD,gFAAgF;IAChF,MAAM,qBAAqB,GACzB,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;IACrE,MAAM,MAAM,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC3B,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACjD,MAAM,kBAAkB,GACtB,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,EAAE,CAAC;IAE3E,IAAI,CAAC,qBAAqB,IAAI,CAAC,WAAW,IAAI,kBAAkB;QAAE,OAAO,IAAI,CAAC;IAE9E,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,SAAS,CACvB,OAAsD;IAEtD,MAAM,CAAC,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACnD,OAAO,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACtC,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,aAAa,CAAC,QAAgB,EAAE,WAAmB,EAAE,IAAa;IAChF,MAAM,IAAI,GAAG,gBAAgB,CAAC,WAAW,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC3D,OAAO;;;;2CAIkC,QAAQ;;;;;;;aAOtC,IAAI,KAAK,WAAW;;;eAGlB,CAAC;AAChB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAAC,WAAmB,EAAE,QAAgB,EAAE,IAAa;IACnF,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;QAC/B,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAClC,IAAI,IAAI;YAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC3C,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QAClD,MAAM,EAAE,GAAG,KAAK,kBAAkB,CAAC,QAAQ,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACnG,OAAO,GAAG,WAAW,GAAG,GAAG,GAAG,EAAE,EAAE,CAAC;IACrC,CAAC;AACH,CAAC;AAgED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,cAAsB,EACtB,MAAiC,EACjC,cAA8D;IAE9D,yEAAyE;IACzE,+EAA+E;IAC/E,MAAM,YAAY,GAA2B,EAAE,CAAC;IAChD,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,QAAQ,GAAG,cAAc,CAAC,iBAAiB,CAAC,CAAC;QACnD,IAAI,QAAQ,EAAE,CAAC;YACb,YAAY,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACrF,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;IAErE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,CAAC,UAAU,YAAY,EAAE;YAC7D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,kBAAkB,EAAE,MAAM,CAAC,MAAM;gBACjC,GAAG,YAAY;aAChB;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK,EAAE,cAAc;gBACrB,SAAS,EAAE,MAAM,CAAC,QAAQ;aAC3B,CAAC;YACF,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAkB,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,0DAA0D;QAC1D,uEAAuE;QACvE,qEAAqE;QACrE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IACnD,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,MAAuB;IACnD,OAAO;QACL,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,oBAAoB;QACjC,SAAS,EAAE,IAAI;QACf,GAAG,MAAM;KACV,CAAC;AACJ,CAAC"}

package/dist/express/index.d.ts

@@ -31,6 +31,8 @@ interface Res {
     status(code: number): Res;
     json(body: unknown): void;
     setHeader(name: string, value: string): void;
+    type(contentType: string): Res;
+    send(body: string): void;
 }
 type NextFn = (err?: unknown) => void;
 export declare function agentVisa(config: AgentVisaConfig): (req: Req, res: Res, next: NextFn) => Promise<void>;

package/dist/express/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,eAAe,EAAE,YAAY,EAA8C,MAAM,YAAY,CAAC;AAEvG,YAAY,EAAE,eAAe,EAAE,YAAY,EAAE,CAAC;AAI9C,UAAU,GAAG;IACX,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;IACvD,SAAS,CAAC,EAAE;QACV,QAAQ,EAAE,OAAO,CAAC;QAClB,MAAM,CAAC,EAAE,YAAY,CAAC;QACtB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAED,UAAU,GAAG;IACX,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,GAAG,CAAC;IAC1B,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;IAC1B,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9C;AAED,KAAK,MAAM,GAAG,CAAC,GAAG,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;AAEtC,wBAAgB,SAAS,CAAC,MAAM,EAAE,eAAe,IAI7C,KAAK,GAAG,EACR,KAAK,GAAG,EACR,MAAM,MAAM,KACX,OAAO,CAAC,IAAI,CAAC,CAkGjB"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,eAAe,EAAE,YAAY,EAA0F,MAAM,YAAY,CAAC;AAEnJ,YAAY,EAAE,eAAe,EAAE,YAAY,EAAE,CAAC;AAI9C,UAAU,GAAG;IACX,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;IACvD,SAAS,CAAC,EAAE;QACV,QAAQ,EAAE,OAAO,CAAC;QAClB,MAAM,CAAC,EAAE,YAAY,CAAC;QACtB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAED,UAAU,GAAG;IACX,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,GAAG,CAAC;IAC1B,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;IAC1B,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7C,IAAI,CAAC,WAAW,EAAE,MAAM,GAAG,GAAG,CAAC;IAC/B,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,KAAK,MAAM,GAAG,CAAC,GAAG,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;AAEtC,wBAAgB,SAAS,CAAC,MAAM,EAAE,eAAe,IAI7C,KAAK,GAAG,EACR,KAAK,GAAG,EACR,MAAM,MAAM,KACX,OAAO,CAAC,IAAI,CAAC,CAoHjB"}

package/dist/express/index.js

@@ -17,7 +17,7 @@
  *   req.agentVisa.result    — full VerifyResult (if verified)
  *   req.agentVisa.reason    — failure reason (if not verified + passthrough mode)
  */
-import { callVerify, resolveConfig, isLikelyAiAgent } from "../core.js";
+import { callVerify, resolveConfig, isLikelyAiAgent, wantsHtml, challengeHtml, buildRedirectUrl } from "../core.js";
 export function agentVisa(config) {
     const resolved = resolveConfig(config);
     return async function agentVisaMiddleware(req, res, next) {
@@ -27,6 +27,9 @@ export function agentVisa(config) {
         const rawAssertion = req.headers["agentvisa-assertion"];
         const rawToken = rawAssertion ?? req.headers["x-agentvisa-token"];
         const token = Array.isArray(rawToken) ? rawToken[0] : rawToken;
+        // The blocking host — passed to the redirect for attribution (?from=).
+        const hostHeader = req.headers["host"];
+        const host = Array.isArray(hostHeader) ? hostHeader[0] : hostHeader;
         // ── No token present ────────────────────────────────────────────────────
         if (!token) {
             if (resolved.onUnverified === "passthrough") {
@@ -39,17 +42,31 @@ export function agentVisa(config) {
                 // them flooding agentvisa.ai/for-agents or triggering the growth loop
                 // for non-agent traffic.
                 if (!isLikelyAiAgent(req.headers)) {
+                    // Not clearly an agent (a browser, a human, or an agent driving a
+                    // browser). Don't dead-end with a bare 401 — serve an instructive
+                    // challenge so an agent can still find its way, while a human just
+                    // sees a clean explainer (no jarring auto-redirect).
                     res.setHeader("X-AgentVisa-Required", resolved.widgetId);
-                    res.status(401).json({
-                        error: "agentvisa_required",
-                        reason: "no_token",
-                        widget_id: resolved.widgetId,
-                        info_url: resolved.redirectUrl,
-                    });
+                    if (wantsHtml(req.headers)) {
+                        res.status(401).type("html").send(challengeHtml(resolved.widgetId, resolved.redirectUrl, host));
+                    }
+                    else {
+                        res.status(401).json({
+                            error: "agentvisa_required",
+                            reason: "no_token",
+                            widget_id: resolved.widgetId,
+                            signup_url: "https://agentvisa.ai/signup",
+                            info_url: resolved.redirectUrl,
+                            message: "This site requires an AgentVisa. If you are an AI agent, get a token at " +
+                                "https://agentvisa.ai/for-agents and retry with the X-AgentVisa-Token header. " +
+                                "If you are a human, your agent needs an AgentVisa — sign up at " +
+                                "https://agentvisa.ai/signup (about 3 minutes).",
+                        });
+                    }
                     return;
                 }
                 res.setHeader("X-AgentVisa-Required", resolved.widgetId);
-                res.setHeader("Location", resolved.redirectUrl);
+                res.setHeader("Location", buildRedirectUrl(resolved.redirectUrl, resolved.widgetId, host));
                 res.status(302).json({
                     error: "agentvisa_required",
                     reason: "no_token",
@@ -84,7 +101,7 @@ export function agentVisa(config) {
             }
             if (resolved.onUnverified === "redirect") {
                 res.setHeader("X-AgentVisa-Required", resolved.widgetId);
-                res.setHeader("Location", resolved.redirectUrl);
+                res.setHeader("Location", buildRedirectUrl(resolved.redirectUrl, resolved.widgetId, host));
                 res.status(302).json({
                     error: "agentvisa_verification_failed",
                     reason: result.reason,

package/dist/express/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAiC,UAAU,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAuBvG,MAAM,UAAU,SAAS,CAAC,MAAuB;IAC/C,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAEvC,OAAO,KAAK,UAAU,mBAAmB,CACvC,GAAQ,EACR,GAAQ,EACR,IAAY;QAEZ,4BAA4B;QAC5B,6CAA6C;QAC7C,qFAAqF;QACrF,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG,YAAY,IAAI,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAClE,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAE/D,2EAA2E;QAC3E,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,IAAI,QAAQ,CAAC,YAAY,KAAK,aAAa,EAAE,CAAC;gBAC5C,GAAG,CAAC,SAAS,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;gBACxD,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;YACD,IAAI,QAAQ,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBACzC,yDAAyD;gBACzD,kEAAkE;gBAClE,sEAAsE;gBACtE,yBAAyB;gBACzB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBAClC,GAAG,CAAC,SAAS,CAAC,sBAAsB,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;oBACzD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACnB,KAAK,EAAE,oBAAoB;wBAC3B,MAAM,EAAE,UAAU;wBAClB,SAAS,EAAE,QAAQ,CAAC,QAAQ;wBAC5B,QAAQ,EAAE,QAAQ,CAAC,WAAW;qBAC/B,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBACD,GAAG,CAAC,SAAS,CAAC,sBAAsB,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACzD,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAChD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,oBAAoB;oBAC3B,MAAM,EAAE,UAAU;oBAClB,SAAS,EAAE,QAAQ,CAAC,QAAQ;oBAC5B,UAAU,EAAE,6BAA6B;oBACzC,QAAQ,EAAE,QAAQ,CAAC,WAAW;oBAC9B,OAAO,EAAE,6LAA6L;iBACvM,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,GAAG,CAAC,SAAS,CAAC,sBAAsB,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACzD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,oBAAoB;gBAC3B,MAAM,EAAE,UAAU;gBAClB,SAAS,EAAE,QAAQ,CAAC,QAAQ;gBAC5B,UAAU,EAAE,6BAA6B;gBACzC,QAAQ,EAAE,QAAQ,CAAC,WAAW;gBAC9B,OAAO,EACL,wEAAwE;oBACxE,uEAAuE;oBACvE,kDAAkD;aACrD,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,2EAA2E;QAC3E,6EAA6E;QAC7E,oDAAoD;QACpD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QAE9D,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,IAAI,QAAQ,CAAC,YAAY,KAAK,aAAa,EAAE,CAAC;gBAC5C,GAAG,CAAC,SAAS,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;gBACnE,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;YACD,IAAI,QAAQ,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBACzC,GAAG,CAAC,SAAS,CAAC,sBAAsB,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACzD,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAChD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,+BAA+B;oBACtC,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,SAAS,EAAE,QAAQ,CAAC,QAAQ;oBAC5B,UAAU,EAAE,6BAA6B;oBACzC,QAAQ,EAAE,QAAQ,CAAC,WAAW;oBAC9B,OAAO,EAAE,oPAAoP;iBAC9P,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,GAAG,CAAC,SAAS,CAAC,sBAAsB,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACzD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,+BAA+B;gBACtC,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,SAAS,EAAE,QAAQ,CAAC,QAAQ;gBAC5B,UAAU,EAAE,6BAA6B;gBACzC,QAAQ,EAAE,QAAQ,CAAC,WAAW;gBAC9B,OAAO,EACL,mFAAmF;oBACnF,iFAAiF;oBACjF,oFAAoF;aACvF,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,2EAA2E;QAC3E,GAAG,CAAC,SAAS,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC3C,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAiC,UAAU,EAAE,aAAa,EAAE,eAAe,EAAE,SAAS,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAyBnJ,MAAM,UAAU,SAAS,CAAC,MAAuB;IAC/C,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAEvC,OAAO,KAAK,UAAU,mBAAmB,CACvC,GAAQ,EACR,GAAQ,EACR,IAAY;QAEZ,4BAA4B;QAC5B,6CAA6C;QAC7C,qFAAqF;QACrF,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG,YAAY,IAAI,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAClE,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAE/D,uEAAuE;QACvE,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;QAEpE,2EAA2E;QAC3E,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,IAAI,QAAQ,CAAC,YAAY,KAAK,aAAa,EAAE,CAAC;gBAC5C,GAAG,CAAC,SAAS,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;gBACxD,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;YACD,IAAI,QAAQ,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBACzC,yDAAyD;gBACzD,kEAAkE;gBAClE,sEAAsE;gBACtE,yBAAyB;gBACzB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBAClC,kEAAkE;oBAClE,kEAAkE;oBAClE,mEAAmE;oBACnE,qDAAqD;oBACrD,GAAG,CAAC,SAAS,CAAC,sBAAsB,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;oBACzD,IAAI,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;wBAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC;oBAClG,CAAC;yBAAM,CAAC;wBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;4BACnB,KAAK,EAAE,oBAAoB;4BAC3B,MAAM,EAAE,UAAU;4BAClB,SAAS,EAAE,QAAQ,CAAC,QAAQ;4BAC5B,UAAU,EAAE,6BAA6B;4BACzC,QAAQ,EAAE,QAAQ,CAAC,WAAW;4BAC9B,OAAO,EACL,0EAA0E;gCAC1E,+EAA+E;gCAC/E,iEAAiE;gCACjE,gDAAgD;yBACnD,CAAC,CAAC;oBACL,CAAC;oBACD,OAAO;gBACT,CAAC;gBACD,GAAG,CAAC,SAAS,CAAC,sBAAsB,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACzD,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,gBAAgB,CAAC,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC;gBAC3F,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,oBAAoB;oBAC3B,MAAM,EAAE,UAAU;oBAClB,SAAS,EAAE,QAAQ,CAAC,QAAQ;oBAC5B,UAAU,EAAE,6BAA6B;oBACzC,QAAQ,EAAE,QAAQ,CAAC,WAAW;oBAC9B,OAAO,EAAE,6LAA6L;iBACvM,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,GAAG,CAAC,SAAS,CAAC,sBAAsB,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACzD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,oBAAoB;gBAC3B,MAAM,EAAE,UAAU;gBAClB,SAAS,EAAE,QAAQ,CAAC,QAAQ;gBAC5B,UAAU,EAAE,6BAA6B;gBACzC,QAAQ,EAAE,QAAQ,CAAC,WAAW;gBAC9B,OAAO,EACL,wEAAwE;oBACxE,uEAAuE;oBACvE,kDAAkD;aACrD,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,2EAA2E;QAC3E,6EAA6E;QAC7E,oDAAoD;QACpD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QAE9D,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,IAAI,QAAQ,CAAC,YAAY,KAAK,aAAa,EAAE,CAAC;gBAC5C,GAAG,CAAC,SAAS,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;gBACnE,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;YACD,IAAI,QAAQ,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBACzC,GAAG,CAAC,SAAS,CAAC,sBAAsB,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACzD,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,gBAAgB,CAAC,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC;gBAC3F,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,+BAA+B;oBACtC,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,SAAS,EAAE,QAAQ,CAAC,QAAQ;oBAC5B,UAAU,EAAE,6BAA6B;oBACzC,QAAQ,EAAE,QAAQ,CAAC,WAAW;oBAC9B,OAAO,EAAE,oPAAoP;iBAC9P,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,GAAG,CAAC,SAAS,CAAC,sBAAsB,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACzD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,+BAA+B;gBACtC,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,SAAS,EAAE,QAAQ,CAAC,QAAQ;gBAC5B,UAAU,EAAE,6BAA6B;gBACzC,QAAQ,EAAE,QAAQ,CAAC,WAAW;gBAC9B,OAAO,EACL,mFAAmF;oBACnF,iFAAiF;oBACjF,oFAAoF;aACvF,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,2EAA2E;QAC3E,GAAG,CAAC,SAAS,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC3C,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -22,9 +22,6 @@ interface VerificationResult {
     verified_at: string | null;
     expires_at: string | null;
     domain_verified?: boolean;
-    human_name?: string | null;
-    email?: string | null;
-    phone?: string | null;
     age_over_18?: "y" | "n" | "null";
     age_over_21?: "y" | "n" | "null";
     gov_id_pic_validation?: "y" | "n" | "null";

package/dist/next/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/next/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,OAAO,EAAE,eAAe,EAAE,YAAY,EAA8C,MAAM,YAAY,CAAC;AAEvG,YAAY,EAAE,eAAe,EAAE,YAAY,EAAE,CAAC;AAE9C,KAAK,WAAW,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;AAEtE;;;;;;GAMG;AACH,wBAAgB,aAAa,CAC3B,MAAM,EAAE,eAAe,EACvB,OAAO,CAAC,EAAE,WAAW,GACpB,WAAW,CAuDb"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/next/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,OAAO,EAAE,eAAe,EAAE,YAAY,EAA0F,MAAM,YAAY,CAAC;AAEnJ,YAAY,EAAE,eAAe,EAAE,YAAY,EAAE,CAAC;AAE9C,KAAK,WAAW,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;AAEtE;;;;;;GAMG;AACH,wBAAgB,aAAa,CAC3B,MAAM,EAAE,eAAe,EACvB,OAAO,CAAC,EAAE,WAAW,GACpB,WAAW,CA4Db"}

package/dist/next/index.js

@@ -28,7 +28,7 @@
  *   X-AgentVisa-Verified: true
  *   X-AgentVisa-Reason:   ok
  */
-import { callVerify, resolveConfig, isLikelyAiAgent } from "../core.js";
+import { callVerify, resolveConfig, isLikelyAiAgent, wantsHtml, challengeHtml, buildRedirectUrl } from "../core.js";
 /**
  * Wrap a Next.js middleware handler (or use standalone).
  *
@@ -45,6 +45,8 @@ export function withAgentVisa(config, handler) {
         const token = request.headers.get("agentvisa-assertion") ??
             request.headers.get("x-agentvisa-token") ??
             undefined;
+        // The blocking host — passed to the redirect for attribution (?from=).
+        const host = request.headers.get("host") ?? undefined;
         // Convert Headers to a plain object so we can forward Signature-Input
         const forwardHeaders = {};
         request.headers.forEach((value, key) => { forwardHeaders[key] = value; });
@@ -62,9 +64,11 @@ export function withAgentVisa(config, handler) {
                 const reqHeaders = {};
                 request.headers.forEach((v, k) => { reqHeaders[k] = v; });
                 if (!isLikelyAiAgent(reqHeaders)) {
-                    return blockedResponse(resolved.widgetId, "no_token", resolved.redirectUrl);
+                    // Not clearly an agent — serve an instructive challenge instead of a
+                    // bare 401 so browser-driving agents aren't dead-ended.
+                    return challengeResponse(resolved.widgetId, resolved.redirectUrl, wantsHtml(reqHeaders), host);
                 }
-                return redirectResponse(resolved.widgetId, "no_token", resolved.redirectUrl);
+                return redirectResponse(resolved.widgetId, "no_token", resolved.redirectUrl, host);
             }
             return blockedResponse(resolved.widgetId, "no_token", resolved.redirectUrl);
         }
@@ -76,7 +80,7 @@ export function withAgentVisa(config, handler) {
                 return handler ? handler(req) : passthroughResponse(req);
             }
             if (resolved.onUnverified === "redirect") {
-                return redirectResponse(resolved.widgetId, result.reason, resolved.redirectUrl);
+                return redirectResponse(resolved.widgetId, result.reason, resolved.redirectUrl, host);
             }
             return blockedResponse(resolved.widgetId, result.reason, resolved.redirectUrl);
         }
@@ -86,7 +90,7 @@ export function withAgentVisa(config, handler) {
     };
 }
 // ── Helpers ─────────────────────────────────────────────────────────────────
-function redirectResponse(widgetId, reason, redirectUrl) {
+function redirectResponse(widgetId, reason, redirectUrl, host) {
     const isVerificationFailure = reason !== "no_token";
     return new Response(JSON.stringify({
         error: isVerificationFailure ? "agentvisa_verification_failed" : "agentvisa_required",
@@ -101,7 +105,7 @@ function redirectResponse(widgetId, reason, redirectUrl) {
         status: 302,
         headers: {
             "Content-Type": "application/json",
-            "Location": redirectUrl,
+            "Location": buildRedirectUrl(redirectUrl, widgetId, host),
             "X-AgentVisa-Required": widgetId,
         },
     });
@@ -125,6 +129,34 @@ function blockedResponse(widgetId, reason, redirectUrl) {
         },
     });
 }
+function challengeResponse(widgetId, redirectUrl, html, host) {
+    if (html) {
+        return new Response(challengeHtml(widgetId, redirectUrl, host), {
+            status: 401,
+            headers: {
+                "Content-Type": "text/html; charset=utf-8",
+                "X-AgentVisa-Required": widgetId,
+            },
+        });
+    }
+    return new Response(JSON.stringify({
+        error: "agentvisa_required",
+        reason: "no_token",
+        widget_id: widgetId,
+        signup_url: "https://agentvisa.ai/signup",
+        info_url: redirectUrl,
+        message: "This site requires an AgentVisa. If you are an AI agent, get a token at " +
+            "https://agentvisa.ai/for-agents and retry with the X-AgentVisa-Token header. " +
+            "If you are a human, your agent needs an AgentVisa — sign up at " +
+            "https://agentvisa.ai/signup (about 3 minutes).",
+    }), {
+        status: 401,
+        headers: {
+            "Content-Type": "application/json",
+            "X-AgentVisa-Required": widgetId,
+        },
+    });
+}
 function addVerificationHeaders(request, verified, reason) {
     // Clone the request and add verification headers so downstream handlers
     // can read them via request.headers.get("x-agentvisa-verified")

package/dist/next/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/next/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,OAAO,EAAiC,UAAU,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAMvG;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAC3B,MAAuB,EACvB,OAAqB;IAErB,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAEvC,OAAO,KAAK,UAAU,mBAAmB,CAAC,OAAgB;QACxD,4BAA4B;QAC5B,6CAA6C;QAC7C,qFAAqF;QACrF,MAAM,KAAK,GACT,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;YAC1C,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;YACxC,SAAS,CAAC;QAEZ,sEAAsE;QACtE,MAAM,cAAc,GAA2B,EAAE,CAAC;QAClD,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,GAAG,cAAc,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAE1E,yEAAyE;QACzE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,IAAI,QAAQ,CAAC,YAAY,KAAK,aAAa,EAAE,CAAC;gBAC5C,MAAM,GAAG,GAAG,sBAAsB,CAAC,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;gBAC/D,OAAO,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAC3D,CAAC;YACD,IAAI,QAAQ,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBACzC,yDAAyD;gBACzD,kEAAkE;gBAClE,sEAAsE;gBACtE,yBAAyB;gBACzB,MAAM,UAAU,GAAuC,EAAE,CAAC;gBAC1D,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1D,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,EAAE,CAAC;oBACjC,OAAO,eAAe,CAAC,QAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAC9E,CAAC;gBACD,OAAO,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC;YAC/E,CAAC;YACD,OAAO,eAAe,CAAC,QAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC9E,CAAC;QAED,yEAAyE;QACzE,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,KAAK,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;QAEjE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,IAAI,QAAQ,CAAC,YAAY,KAAK,aAAa,EAAE,CAAC;gBAC5C,MAAM,GAAG,GAAG,sBAAsB,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;gBAClE,OAAO,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAC3D,CAAC;YACD,IAAI,QAAQ,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBACzC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC;YAClF,CAAC;YACD,OAAO,eAAe,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC;QACjF,CAAC;QAED,yEAAyE;QACzE,MAAM,GAAG,GAAG,sBAAsB,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QACxD,OAAO,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAC3D,CAAC,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E,SAAS,gBAAgB,CAAC,QAAgB,EAAE,MAAc,EAAE,WAAmB;IAC7E,MAAM,qBAAqB,GAAG,MAAM,KAAK,UAAU,CAAC;IACpD,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;QACb,KAAK,EAAE,qBAAqB,CAAC,CAAC,CAAC,+BAA+B,CAAC,CAAC,CAAC,oBAAoB;QACrF,MAAM;QACN,SAAS,EAAE,QAAQ;QACnB,UAAU,EAAE,6BAA6B;QACzC,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,qBAAqB;YAC5B,CAAC,CAAC,oPAAoP;YACtP,CAAC,CAAC,6LAA6L;KAClM,CAAC,EACF;QACE,MAAM,EAAE,GAAG;QACX,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,UAAU,EAAE,WAAW;YACvB,sBAAsB,EAAE,QAAQ;SACjC;KACF,CACF,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB,EAAE,MAAc,EAAE,WAAmB;IAC5E,MAAM,qBAAqB,GAAG,MAAM,KAAK,UAAU,CAAC;IACpD,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;QACb,KAAK,EAAE,qBAAqB,CAAC,CAAC,CAAC,+BAA+B,CAAC,CAAC,CAAC,oBAAoB;QACrF,MAAM;QACN,SAAS,EAAE,QAAQ;QACnB,UAAU,EAAE,6BAA6B;QACzC,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,qBAAqB;YAC5B,CAAC,CAAC,oPAAoP;YACtP,CAAC,CAAC,6LAA6L;KAClM,CAAC,EACF;QACE,MAAM,EAAE,GAAG;QACX,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,sBAAsB,EAAE,QAAQ;SACjC;KACF,CACF,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAC7B,OAAgB,EAChB,QAAiB,EACjB,MAAc;IAEd,wEAAwE;IACxE,gEAAgE;IAChE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,sBAAsB,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC1C,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE;QAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,OAAO;QACP,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,mEAAmE;QACnE,MAAM,EAAE,MAAM;KACf,CAAC,CAAC;AACL,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAgB;IAC3C,sDAAsD;IACtD,uDAAuD;IACvD,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;QACxB,MAAM,EAAE,GAAG;QACX,OAAO,EAAE;YACP,mBAAmB,EAAE,GAAG;YACxB,sBAAsB,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,OAAO;YAC9E,oBAAoB,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,SAAS;SAC7E;KACF,CAAC,CAAC;AACL,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/next/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,OAAO,EAAiC,UAAU,EAAE,aAAa,EAAE,eAAe,EAAE,SAAS,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAMnJ;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAC3B,MAAuB,EACvB,OAAqB;IAErB,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAEvC,OAAO,KAAK,UAAU,mBAAmB,CAAC,OAAgB;QACxD,4BAA4B;QAC5B,6CAA6C;QAC7C,qFAAqF;QACrF,MAAM,KAAK,GACT,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;YAC1C,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;YACxC,SAAS,CAAC;QAEZ,uEAAuE;QACvE,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC;QAEtD,sEAAsE;QACtE,MAAM,cAAc,GAA2B,EAAE,CAAC;QAClD,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,GAAG,cAAc,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAE1E,yEAAyE;QACzE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,IAAI,QAAQ,CAAC,YAAY,KAAK,aAAa,EAAE,CAAC;gBAC5C,MAAM,GAAG,GAAG,sBAAsB,CAAC,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;gBAC/D,OAAO,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAC3D,CAAC;YACD,IAAI,QAAQ,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBACzC,yDAAyD;gBACzD,kEAAkE;gBAClE,sEAAsE;gBACtE,yBAAyB;gBACzB,MAAM,UAAU,GAAuC,EAAE,CAAC;gBAC1D,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1D,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,EAAE,CAAC;oBACjC,qEAAqE;oBACrE,wDAAwD;oBACxD,OAAO,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,WAAW,EAAE,SAAS,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,CAAC;gBACjG,CAAC;gBACD,OAAO,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;YACrF,CAAC;YACD,OAAO,eAAe,CAAC,QAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC9E,CAAC;QAED,yEAAyE;QACzE,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,KAAK,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;QAEjE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,IAAI,QAAQ,CAAC,YAAY,KAAK,aAAa,EAAE,CAAC;gBAC5C,MAAM,GAAG,GAAG,sBAAsB,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;gBAClE,OAAO,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAC3D,CAAC;YACD,IAAI,QAAQ,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBACzC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;YACxF,CAAC;YACD,OAAO,eAAe,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC;QACjF,CAAC;QAED,yEAAyE;QACzE,MAAM,GAAG,GAAG,sBAAsB,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QACxD,OAAO,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAC3D,CAAC,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E,SAAS,gBAAgB,CAAC,QAAgB,EAAE,MAAc,EAAE,WAAmB,EAAE,IAAa;IAC5F,MAAM,qBAAqB,GAAG,MAAM,KAAK,UAAU,CAAC;IACpD,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;QACb,KAAK,EAAE,qBAAqB,CAAC,CAAC,CAAC,+BAA+B,CAAC,CAAC,CAAC,oBAAoB;QACrF,MAAM;QACN,SAAS,EAAE,QAAQ;QACnB,UAAU,EAAE,6BAA6B;QACzC,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,qBAAqB;YAC5B,CAAC,CAAC,oPAAoP;YACtP,CAAC,CAAC,6LAA6L;KAClM,CAAC,EACF;QACE,MAAM,EAAE,GAAG;QACX,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,UAAU,EAAE,gBAAgB,CAAC,WAAW,EAAE,QAAQ,EAAE,IAAI,CAAC;YACzD,sBAAsB,EAAE,QAAQ;SACjC;KACF,CACF,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB,EAAE,MAAc,EAAE,WAAmB;IAC5E,MAAM,qBAAqB,GAAG,MAAM,KAAK,UAAU,CAAC;IACpD,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;QACb,KAAK,EAAE,qBAAqB,CAAC,CAAC,CAAC,+BAA+B,CAAC,CAAC,CAAC,oBAAoB;QACrF,MAAM;QACN,SAAS,EAAE,QAAQ;QACnB,UAAU,EAAE,6BAA6B;QACzC,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,qBAAqB;YAC5B,CAAC,CAAC,oPAAoP;YACtP,CAAC,CAAC,6LAA6L;KAClM,CAAC,EACF;QACE,MAAM,EAAE,GAAG;QACX,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,sBAAsB,EAAE,QAAQ;SACjC;KACF,CACF,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB,EAAE,WAAmB,EAAE,IAAa,EAAE,IAAa;IAC5F,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,IAAI,QAAQ,CAAC,aAAa,CAAC,QAAQ,EAAE,WAAW,EAAE,IAAI,CAAC,EAAE;YAC9D,MAAM,EAAE,GAAG;YACX,OAAO,EAAE;gBACP,cAAc,EAAE,0BAA0B;gBAC1C,sBAAsB,EAAE,QAAQ;aACjC;SACF,CAAC,CAAC;IACL,CAAC;IACD,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;QACb,KAAK,EAAE,oBAAoB;QAC3B,MAAM,EAAE,UAAU;QAClB,SAAS,EAAE,QAAQ;QACnB,UAAU,EAAE,6BAA6B;QACzC,QAAQ,EAAE,WAAW;QACrB,OAAO,EACL,0EAA0E;YAC1E,+EAA+E;YAC/E,iEAAiE;YACjE,gDAAgD;KACnD,CAAC,EACF;QACE,MAAM,EAAE,GAAG;QACX,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,sBAAsB,EAAE,QAAQ;SACjC;KACF,CACF,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAC7B,OAAgB,EAChB,QAAiB,EACjB,MAAc;IAEd,wEAAwE;IACxE,gEAAgE;IAChE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,sBAAsB,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC1C,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE;QAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,OAAO;QACP,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,mEAAmE;QACnE,MAAM,EAAE,MAAM;KACf,CAAC,CAAC;AACL,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAgB;IAC3C,sDAAsD;IACtD,uDAAuD;IACvD,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;QACxB,MAAM,EAAE,GAAG;QACX,OAAO,EAAE;YACP,mBAAmB,EAAE,GAAG;YACxB,sBAAsB,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,OAAO;YAC9E,oBAAoB,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,SAAS;SAC7E;KACF,CAAC,CAAC;AACL,CAAC"}

package/dist/widget.esm.js

@@ -24,9 +24,6 @@ async function verifyToken(options) {
             reason: "network_error",
             plan,
             widget_id: widgetId,
-            human_name: null,
-            email: null,
-            phone: null,
             verified_at: null,
             expires_at: null,
         };

package/dist/widget.js

@@ -30,9 +30,6 @@
                 reason: "network_error",
                 plan,
                 widget_id: widgetId,
-                human_name: null,
-                email: null,
-                phone: null,
                 verified_at: null,
                 expires_at: null,
             };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentvisa/widget",
-  "version": "0.2.2",
+  "version": "0.2.4",
   "description": "AgentVisa widget + server middleware for Express and Next.js",
   "keywords": [
     "agentvisa",