@arcis/node 1.6.1 → 1.6.3

package/README.md

@@ -15,7 +15,9 @@ import { arcis } from '@arcis/node';
 app.use(arcis({ block: true }));
 ```
 
-That's it. XSS, SQL injection, NoSQL injection, command injection, path traversal, prototype pollution, SSTI, XXE, SSRF, CSRF, HPP, prompt injection (V32), modern deserialization markers (V33), GraphQL alias bomb (V34), bot detection (635 patterns), rate limiting, security headers, error scrubbing, and a stateful per-IP correlation window are all wired up before your handler runs.
+What `arcis({ block: true })` actually wires into the request path: XSS, SQL injection, NoSQL injection, command injection, path traversal, prototype pollution, SSTI, XXE, LDAP injection, XPath injection, email-header injection. Plus rate limiting, security headers, and error scrubbing. Pattern matches return 403 before your handler runs.
+
+Available as opt-in helpers (not auto-wired into `arcis()`): bot detection (695-pattern corpus, `botProtection()`), per-IP correlation window (`new CorrelationWindow(...)`), HPP guard (`hppProtection()`), CSRF (`csrfProtection()`), V32 toolcall-injection signatures (`detectPromptInjection`), V33 deserialization markers (`detectDeserialization`), V34 GraphQL alias bomb / fragment cycle (`graphqlGuard`), SSRF URL validation (`validateUrl`). Compose as needed.
 
 **Docs**: [Quickstart](https://gagancm.github.io/arcis/documentation/getting-started.html) · [Detector reference](https://gagancm.github.io/arcis/documentation/detectors/) · [Framework adapters](https://gagancm.github.io/arcis/documentation/frameworks.html) · [Why Arcis](https://gagancm.github.io/arcis/documentation/why-arcis.html) · [Release notes](https://gagancm.github.io/arcis/documentation/release-notes.html)
 
@@ -52,7 +54,7 @@ That's it. XSS, SQL injection, NoSQL injection, command injection, path traversa
 
 - **10 first-party framework adapters** — Express + Fastify (`@arcis/node/fastify`) + Koa (`@arcis/node/koa`) + Hono (`@arcis/node/hono`) + Next.js (`@arcis/node/nextjs`) + NestJS + SvelteKit + Astro + Nuxt + Bun. Each subpath import keeps the framework SDK as a type-only dependency.
 - **9 new attack vectors**: GraphQL depth-bombs (`graphqlGuard`), LDAP / XPath / email-header injection wired into block-mode, mass assignment (`massAssign`), HTTP method tampering (`methodAllowlist`), response splitting (`responseSplittingGuard`), event-loop overload (`eventLoopProtection`), SSRF DNS TOCTOU (`validateUrlAsync` + `pinnedDnsLookup` + `safeFollowRedirect`).
-- **AI-era protections**: 28-signature prompt-injection library (`detectPromptInjection`), per-key `tokenBudget` middleware, 635-pattern bot corpus.
+- **AI-era protections**: 28-signature prompt-injection library (`detectPromptInjection`), per-key `tokenBudget` middleware, 695-pattern bot corpus.
 - **Composite helpers**: `protectLogin`, `protectSignup`, `protectApi`.
 - **Dry-run / `onSanitize` mode**: observe attack surface without enforcing.
 - **Guards API**: `arcis.guard({ input, context })` for queue consumers + agent tool handlers.
@@ -184,7 +186,7 @@ app.use('*', async (c, next) => {
 | CORS Misconfiguration | Whitelist-based origins, `null` origin blocked, `Vary: Origin` enforced |
 | Cookie Security | HttpOnly, Secure, SameSite enforced on all cookies |
 | Rate Limiting | Per-IP, sliding window, token bucket, in-memory or Redis, `X-RateLimit-*` headers |
-| Bot Detection | 635 patterns, 7 categories (crawlers, scrapers, AI bots, etc.), behavioral signals |
+| Bot Detection | 695 patterns, 7 categories (crawlers, scrapers, AI bots, etc.), behavioral signals |
 | Deserialization (v1.6) | `detectDeserialization()` flags Python pickle, Java FastJSON `@type`, PHP `unserialize`, Ruby Marshal, .NET BinaryFormatter payloads |
 | GraphQL Abuse | `graphqlGuard` with `maxDepth`, `maxAliases`, `blockIntrospection`, `blockFragmentCycles` (v1.6) |
 | Stateful Correlation (v1.6) | `CorrelationWindow` detects scanners, credential stuffing, race-window probes per IP |

package/dist/_third_party/rate-limit/abstract.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Abstract base for storage-backed rate limiters. Holds the `points` /
+ * `duration` / `blockDuration` / `execEvenly` configuration that any
+ * concrete limiter shares. Subclasses (`MemoryLimiter`, future Redis
+ * backend) implement `consume()` and friends.
+ *
+ * Ported to TypeScript from upstream RateLimiterAbstract. See
+ * `THIRDPARTY-LICENSES.md` for attribution.
+ */
+import type { LimiterOptions, LimiterConsumeOptions, IRateLimiterRes } from './types';
+export declare abstract class AbstractLimiter {
+    protected _points: number;
+    protected _duration: number;
+    protected _blockDuration: number;
+    protected _execEvenly: boolean;
+    protected _execEvenlyMinDelayMs: number;
+    protected _keyPrefix: string;
+    constructor(opts: LimiterOptions);
+    get points(): number;
+    get duration(): number;
+    get msDuration(): number;
+    get blockDuration(): number;
+    get msBlockDuration(): number;
+    get execEvenly(): boolean;
+    get execEvenlyMinDelayMs(): number;
+    get keyPrefix(): string;
+    protected _getKeySecDuration(options?: LimiterConsumeOptions): number;
+    protected _getKey(key: string): string;
+    abstract consume(key: string, pointsToConsume?: number, options?: LimiterConsumeOptions): Promise<IRateLimiterRes>;
+    abstract penalty(key: string, points?: number, options?: LimiterConsumeOptions): Promise<IRateLimiterRes>;
+    abstract reward(key: string, points?: number, options?: LimiterConsumeOptions): Promise<IRateLimiterRes>;
+    abstract block(key: string, secDuration: number): Promise<IRateLimiterRes>;
+    abstract get(key: string): Promise<IRateLimiterRes | null>;
+    abstract delete(key: string): Promise<boolean>;
+}
+//# sourceMappingURL=abstract.d.ts.map

package/dist/_third_party/rate-limit/abstract.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"abstract.d.ts","sourceRoot":"","sources":["../../../src/_third_party/rate-limit/abstract.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAEtF,8BAAsB,eAAe;IACnC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC;IAC5B,SAAS,CAAC,cAAc,EAAE,MAAM,CAAC;IACjC,SAAS,CAAC,WAAW,EAAE,OAAO,CAAC;IAC/B,SAAS,CAAC,qBAAqB,EAAE,MAAM,CAAC;IACxC,SAAS,CAAC,UAAU,EAAE,MAAM,CAAC;gBAEjB,IAAI,EAAE,cAAc;IAwBhC,IAAI,MAAM,IAAI,MAAM,CAEnB;IACD,IAAI,QAAQ,IAAI,MAAM,CAErB;IACD,IAAI,UAAU,IAAI,MAAM,CAEvB;IACD,IAAI,aAAa,IAAI,MAAM,CAE1B;IACD,IAAI,eAAe,IAAI,MAAM,CAE5B;IACD,IAAI,UAAU,IAAI,OAAO,CAExB;IACD,IAAI,oBAAoB,IAAI,MAAM,CAEjC;IACD,IAAI,SAAS,IAAI,MAAM,CAEtB;IAED,SAAS,CAAC,kBAAkB,CAAC,OAAO,GAAE,qBAA0B,GAAG,MAAM;IAMzE,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM;IAItC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,qBAAqB,GAAG,OAAO,CAAC,eAAe,CAAC;IAClH,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,qBAAqB,GAAG,OAAO,CAAC,eAAe,CAAC;IACzG,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,qBAAqB,GAAG,OAAO,CAAC,eAAe,CAAC;IACxG,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAC1E,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAC1D,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAC/C"}

package/dist/_third_party/rate-limit/bursty.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Bursty rate limiter that wraps two underlying limiters. The first is the
+ * steady-state limiter; if it rejects, the bursty limiter is consulted
+ * to grant short-term burst capacity. Useful for "5 req/sec normally,
+ * but allow occasional bursts of up to 15 within 10 sec" patterns.
+ *
+ * Ported to TypeScript from upstream BurstyRateLimiter. See
+ * `THIRDPARTY-LICENSES.md` for attribution.
+ */
+import type { AbstractLimiter } from './abstract';
+import { LimiterResult } from './types';
+import type { IRateLimiterRes, LimiterConsumeOptions } from './types';
+export declare class BurstyLimiter {
+    private readonly _steady;
+    private readonly _burst;
+    constructor(_steady: AbstractLimiter, _burst: AbstractLimiter);
+    consume(key: string, pointsToConsume?: number, options?: LimiterConsumeOptions): Promise<IRateLimiterRes>;
+    get(key: string): Promise<LimiterResult | null>;
+    get points(): number;
+}
+//# sourceMappingURL=bursty.d.ts.map

package/dist/_third_party/rate-limit/bursty.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bursty.d.ts","sourceRoot":"","sources":["../../../src/_third_party/rate-limit/bursty.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,KAAK,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAWtE,qBAAa,aAAa;IAEtB,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,OAAO,EAAE,eAAe,EACxB,MAAM,EAAE,eAAe;IAG1C,OAAO,CACL,GAAG,EAAE,MAAM,EACX,eAAe,GAAE,MAAU,EAC3B,OAAO,GAAE,qBAA0B,GAClC,OAAO,CAAC,eAAe,CAAC;IAiB3B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAM/C,IAAI,MAAM,IAAI,MAAM,CAEnB;CACF"}

package/dist/_third_party/rate-limit/index.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Internal limiter primitives. Not part of the public Arcis API. These
+ * are wired into `middleware/brute-force.ts` and the protect helpers.
+ *
+ * Upstream attribution lives in `THIRDPARTY-LICENSES.md` (Source E:
+ * animir/node-rate-limiter-flexible, ISC).
+ */
+export { MemoryLimiter } from './memory';
+export { BurstyLimiter } from './bursty';
+export { LimiterResult } from './types';
+export type { IRateLimiterRes, LimiterOptions, LimiterConsumeOptions, } from './types';
+//# sourceMappingURL=index.d.ts.map

package/dist/_third_party/rate-limit/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/_third_party/rate-limit/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,YAAY,EACV,eAAe,EACf,cAAc,EACd,qBAAqB,GACtB,MAAM,SAAS,CAAC"}

package/dist/_third_party/rate-limit/memory-storage.d.ts

@@ -0,0 +1,28 @@
+/**
+ * In-memory storage backend for the rate limiter. Tracks integer counters
+ * per key with optional TTL expiry. Ported to TypeScript from the upstream
+ * MemoryStorage class. See `THIRDPARTY-LICENSES.md` for attribution.
+ */
+import { LimiterResult } from './types';
+import { StorageRecord } from './record';
+export declare class MemoryStorage {
+    private _storage;
+    /**
+     * Increment the counter for `key` by `value`. If the key has no record
+     * (or its TTL has expired), a new record is created with `durationSec`
+     * lifetime.
+     */
+    incrby(key: string, value: number, durationSec: number): LimiterResult;
+    /**
+     * Write the counter for `key` to `value`, replacing any existing
+     * record. `durationSec` of 0 means "never expires".
+     */
+    set(key: string, value: number, durationSec: number): LimiterResult;
+    get(key: string): LimiterResult | null;
+    delete(key: string): boolean;
+    /** Inspect the underlying map. Test-only and not part of the public API. */
+    _dump(): IterableIterator<[string, StorageRecord]>;
+    /** Clear all records. Used by tests and by `Limiter.dispose()`. */
+    clear(): void;
+}
+//# sourceMappingURL=memory-storage.d.ts.map

package/dist/_third_party/rate-limit/memory-storage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-storage.d.ts","sourceRoot":"","sources":["../../../src/_third_party/rate-limit/memory-storage.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAyC;IAEzD;;;;OAIG;IACH,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,aAAa;IAatE;;;OAGG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,aAAa;IAsBnE,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI;IAOtC,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAU5B,4EAA4E;IAC5E,KAAK,IAAI,gBAAgB,CAAC,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAIlD,mEAAmE;IACnE,KAAK,IAAI,IAAI;CAMd"}

package/dist/_third_party/rate-limit/memory.d.ts

@@ -0,0 +1,23 @@
+/**
+ * In-memory rate limiter backed by `MemoryStorage`. Implements the
+ * `consume()` / `penalty()` / `reward()` / `block()` / `get()` /
+ * `delete()` surface from the upstream limiter library.
+ *
+ * Ported to TypeScript from RateLimiterMemory. See
+ * `THIRDPARTY-LICENSES.md` for attribution.
+ */
+import { AbstractLimiter } from './abstract';
+import type { LimiterOptions, LimiterConsumeOptions, IRateLimiterRes } from './types';
+export declare class MemoryLimiter extends AbstractLimiter {
+    private _storage;
+    constructor(opts: LimiterOptions);
+    consume(key: string, pointsToConsume?: number, options?: LimiterConsumeOptions): Promise<IRateLimiterRes>;
+    penalty(key: string, points?: number, options?: LimiterConsumeOptions): Promise<IRateLimiterRes>;
+    reward(key: string, points?: number, options?: LimiterConsumeOptions): Promise<IRateLimiterRes>;
+    block(key: string, secDuration: number): Promise<IRateLimiterRes>;
+    get(key: string): Promise<IRateLimiterRes | null>;
+    delete(key: string): Promise<boolean>;
+    /** Test/teardown helper. Drops every key and clears timers. */
+    dispose(): void;
+}
+//# sourceMappingURL=memory.d.ts.map

package/dist/_third_party/rate-limit/memory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory.d.ts","sourceRoot":"","sources":["../../../src/_third_party/rate-limit/memory.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAG7C,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAEtF,qBAAa,aAAc,SAAQ,eAAe;IAChD,OAAO,CAAC,QAAQ,CAAgB;gBAEpB,IAAI,EAAE,cAAc;IAKhC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,eAAe,GAAE,MAAU,EAAE,OAAO,GAAE,qBAA0B,GAAG,OAAO,CAAC,eAAe,CAAC;IAgChH,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,MAAU,EAAE,OAAO,GAAE,qBAA0B,GAAG,OAAO,CAAC,eAAe,CAAC;IAQvG,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,MAAU,EAAE,OAAO,GAAE,qBAA0B,GAAG,OAAO,CAAC,eAAe,CAAC;IAQtG,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAOjE,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAQjD,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAIrC,+DAA+D;IAC/D,OAAO,IAAI,IAAI;CAGhB"}

package/dist/_third_party/rate-limit/record.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Internal record stored inside the in-memory storage map. One per key.
+ * See `THIRDPARTY-LICENSES.md` for upstream attribution.
+ */
+export declare class StorageRecord {
+    value: number;
+    expiresAt: number | null;
+    timeoutId: ReturnType<typeof setTimeout> | null;
+    constructor(value: number, expiresAt: number | null, timeoutId?: ReturnType<typeof setTimeout> | null);
+}
+//# sourceMappingURL=record.d.ts.map

package/dist/_third_party/rate-limit/record.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"record.d.ts","sourceRoot":"","sources":["../../../src/_third_party/rate-limit/record.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,qBAAa,aAAa;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,UAAU,CAAC,OAAO,UAAU,CAAC,GAAG,IAAI,CAAC;gBAEpC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI,EAAE,SAAS,GAAE,UAAU,CAAC,OAAO,UAAU,CAAC,GAAG,IAAW;CAK5G"}

package/dist/_third_party/rate-limit/types.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Rate-limiter response object. The shape returned (or rejected with) by
+ * every limiter call. Mirrors the upstream `RateLimiterRes` contract.
+ *
+ * See `THIRDPARTY-LICENSES.md` for upstream attribution. This file is
+ * an internal TypeScript port; do not re-export the class name verbatim.
+ */
+export interface IRateLimiterRes {
+    remainingPoints: number;
+    msBeforeNext: number;
+    consumedPoints: number;
+    isFirstInDuration: boolean;
+}
+export declare class LimiterResult implements IRateLimiterRes {
+    remainingPoints: number;
+    msBeforeNext: number;
+    consumedPoints: number;
+    isFirstInDuration: boolean;
+    constructor(remainingPoints?: number, msBeforeNext?: number, consumedPoints?: number, isFirstInDuration?: boolean);
+}
+export interface LimiterOptions {
+    /** Total points available per duration window. */
+    points: number;
+    /** Window length in seconds. 0 = never expires. */
+    duration: number;
+    /** Seconds to block a key after it consumed more than `points`. 0 = no block. */
+    blockDuration?: number;
+    /** Spread allowed actions evenly across the window via setTimeout delays. */
+    execEvenly?: boolean;
+    /** Floor on the per-call delay introduced by `execEvenly`. */
+    execEvenlyMinDelayMs?: number;
+    /** Namespace prefix for keys inside the underlying storage. */
+    keyPrefix?: string;
+}
+export interface LimiterConsumeOptions {
+    /** Override the configured duration for this call only (seconds). */
+    customDuration?: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/_third_party/rate-limit/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/_third_party/rate-limit/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,WAAW,eAAe;IAC9B,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED,qBAAa,aAAc,YAAW,eAAe;IACnD,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,OAAO,CAAC;gBAGzB,eAAe,GAAE,MAAU,EAC3B,YAAY,GAAE,MAAU,EACxB,cAAc,GAAE,MAAU,EAC1B,iBAAiB,GAAE,OAAe;CAOrC;AAED,MAAM,WAAW,cAAc;IAC7B,kDAAkD;IAClD,MAAM,EAAE,MAAM,CAAC;IACf,mDAAmD;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,iFAAiF;IACjF,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,6EAA6E;IAC7E,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,8DAA8D;IAC9D,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,+DAA+D;IAC/D,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,qBAAqB;IACpC,qEAAqE;IACrE,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB"}

package/dist/astro/index.js

@@ -5895,6 +5895,411 @@ var bot_patterns_default = [
       "ZuperlistBot\\/"
     ],
     forbidden: []
+  },
+  {
+    id: "ext-ahrefsbotsiteaudit",
+    name: "ahrefsbotsiteaudit",
+    category: "SEO",
+    patterns: [
+      "Ahrefs(Bot|SiteAudit)"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-amazonproductdiscovery",
+    name: "amazonproductdiscovery",
+    category: "SEARCH_ENGINE",
+    patterns: [
+      "AmazonProductDiscovery"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-amazonsellerinitiatedlisting",
+    name: "amazonsellerinitiatedlisting",
+    category: "SEARCH_ENGINE",
+    patterns: [
+      "AmazonSellerInitiatedListing"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-cclaudebbot",
+    name: "cclaudebbot",
+    category: "GENERIC",
+    patterns: [
+      "[cC]laude[bB]ot"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-meta-externalagent",
+    name: "meta-externalagent",
+    category: "GENERIC",
+    patterns: [
+      "meta-externalagent\\/"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-meta-externalfetcher",
+    name: "meta-externalfetcher",
+    category: "GENERIC",
+    patterns: [
+      "meta-externalfetcher\\/"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-hydrozenio",
+    name: "hydrozenio",
+    category: "MONITORING",
+    patterns: [
+      "Hydrozen\\.io"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-yextbot",
+    name: "yextbot",
+    category: "SEO",
+    patterns: [
+      "YextBot\\/"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-datadogsynthetics",
+    name: "datadogsynthetics",
+    category: "MONITORING",
+    patterns: [
+      "DatadogSynthetics"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-observepoint",
+    name: "observepoint",
+    category: "MONITORING",
+    patterns: [
+      "ObservePoint"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-checkly",
+    name: "checkly",
+    category: "MONITORING",
+    patterns: [
+      "Checkly"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-alittleclient",
+    name: "alittleclient",
+    category: "GENERIC",
+    patterns: [
+      "ALittle Client"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-aliyunsecbot",
+    name: "aliyunsecbot",
+    category: "GENERIC",
+    patterns: [
+      "AliyunSecBot"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-claude-web",
+    name: "claude-web",
+    category: "GENERIC",
+    patterns: [
+      "Claude-Web"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-google-extended",
+    name: "google-extended",
+    category: "GENERIC",
+    patterns: [
+      "Google-Extended"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-serankingbacklinksbot",
+    name: "serankingbacklinksbot",
+    category: "SEO",
+    patterns: [
+      "SERankingBacklinksBot"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-cmschecker",
+    name: "cmschecker",
+    category: "SEO",
+    patterns: [
+      "CMSChecker"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-wayback",
+    name: "wayback",
+    category: "GENERIC",
+    patterns: [
+      "Wayback"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-playwright",
+    name: "playwright",
+    category: "GENERIC",
+    patterns: [
+      "Playwright"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-puppeteer",
+    name: "puppeteer",
+    category: "GENERIC",
+    patterns: [
+      "Puppeteer"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-selenium",
+    name: "selenium",
+    category: "GENERIC",
+    patterns: [
+      "Selenium"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-nikto",
+    name: "nikto",
+    category: "GENERIC",
+    patterns: [
+      "Nikto"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-sqlmap",
+    name: "sqlmap",
+    category: "GENERIC",
+    patterns: [
+      "sqlmap"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-zmeu",
+    name: "zmeu",
+    category: "GENERIC",
+    patterns: [
+      "ZmEu"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-masscan",
+    name: "masscan",
+    category: "GENERIC",
+    patterns: [
+      "masscan"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-wpscan",
+    name: "wpscan",
+    category: "GENERIC",
+    patterns: [
+      "WPScan"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-aacunetix",
+    name: "aacunetix",
+    category: "GENERIC",
+    patterns: [
+      "[aA]cunetix"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-nessus",
+    name: "nessus",
+    category: "GENERIC",
+    patterns: [
+      "Nessus"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-ddirbbuster",
+    name: "ddirbbuster",
+    category: "GENERIC",
+    patterns: [
+      "[dD]ir[Bb]uster"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-colly",
+    name: "colly",
+    category: "GENERIC",
+    patterns: [
+      "colly"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-mmechanize",
+    name: "mmechanize",
+    category: "GENERIC",
+    patterns: [
+      "[mM]echanize"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-airaiscanning",
+    name: "airaiscanning",
+    category: "GENERIC",
+    patterns: [
+      "air\\.ai\\/scanning"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-asnriskscorer",
+    name: "asnriskscorer",
+    category: "GENERIC",
+    patterns: [
+      "asnriskscorer"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-oicrawler",
+    name: "oicrawler",
+    category: "SEARCH_ENGINE",
+    patterns: [
+      "OICrawler"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-l9scan",
+    name: "l9scan",
+    category: "GENERIC",
+    patterns: [
+      "l9scan"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-slaccalebot",
+    name: "slaccalebot",
+    category: "SEO",
+    patterns: [
+      "SlaccaleBot"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-customasynchttpclient",
+    name: "customasynchttpclient",
+    category: "GENERIC",
+    patterns: [
+      "CustomAsyncHttpClient"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-gemini-deep-research",
+    name: "gemini-deep-research",
+    category: "SEARCH_ENGINE",
+    patterns: [
+      "Gemini-Deep-Research"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-perplexity-user",
+    name: "perplexity-user",
+    category: "SEARCH_ENGINE",
+    patterns: [
+      "Perplexity-User"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-perplexityuser",
+    name: "perplexityuser",
+    category: "SEARCH_ENGINE",
+    patterns: [
+      "PerplexityUser"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-meta-webindexer",
+    name: "meta-webindexer",
+    category: "GENERIC",
+    patterns: [
+      "meta-webindexer"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-duckassistbot",
+    name: "duckassistbot",
+    category: "SEARCH_ENGINE",
+    patterns: [
+      "DuckAssistBot"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-mistralai-user",
+    name: "mistralai-user",
+    category: "GENERIC",
+    patterns: [
+      "MistralAI-User"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-webzio",
+    name: "webzio",
+    category: "SEO",
+    patterns: [
+      "webzio"
+    ],
+    forbidden: []
+  },
+  {
+    id: "ext-newsai",
+    name: "newsai",
+    category: "GENERIC",
+    patterns: [
+      "newsai\\/"
+    ],
+    forbidden: []
   }
 ];