@kya-os/agentshield-nextjs 0.1.20 → 0.1.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. package/dist/create-middleware.d.mts +2 -2
  2. package/dist/create-middleware.d.ts +2 -2
  3. package/dist/create-middleware.js +112 -135
  4. package/dist/create-middleware.js.map +1 -1
  5. package/dist/create-middleware.mjs +113 -131
  6. package/dist/create-middleware.mjs.map +1 -1
  7. package/dist/edge-detector-wrapper.d.mts +42 -0
  8. package/dist/edge-detector-wrapper.d.ts +42 -0
  9. package/dist/edge-detector-wrapper.js +119 -0
  10. package/dist/edge-detector-wrapper.js.map +1 -0
  11. package/dist/edge-detector-wrapper.mjs +117 -0
  12. package/dist/edge-detector-wrapper.mjs.map +1 -0
  13. package/dist/index.js +112 -135
  14. package/dist/index.js.map +1 -1
  15. package/dist/index.mjs +113 -131
  16. package/dist/index.mjs.map +1 -1
  17. package/dist/middleware.d.mts +2 -0
  18. package/dist/middleware.d.ts +2 -0
  19. package/dist/middleware.js +121 -4
  20. package/dist/middleware.js.map +1 -1
  21. package/dist/middleware.mjs +121 -4
  22. package/dist/middleware.mjs.map +1 -1
  23. package/package.json +2 -2
package/dist/index.mjs CHANGED
@@ -1,143 +1,124 @@
1
- import fs from 'fs';
2
- import path from 'path';
3
- import { setWasmModule, AgentDetector } from '@kya-os/agentshield';
4
1
  import { NextResponse } from 'next/server';
5
2
 
6
- var __defProp = Object.defineProperty;
7
- var __getOwnPropNames = Object.getOwnPropertyNames;
8
- var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
9
- get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
10
- }) : x)(function(x) {
11
- if (typeof require !== "undefined") return require.apply(this, arguments);
12
- throw Error('Dynamic require of "' + x + '" is not supported');
13
- });
14
- var __esm = (fn, res) => function __init() {
15
- return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
16
- };
17
- var __export = (target, all) => {
18
- for (var name in all)
19
- __defProp(target, name, { get: all[name], enumerable: true });
20
- };
3
+ // src/create-middleware.ts
21
4
 
22
- // src/nodejs-wasm-loader.ts
23
- var nodejs_wasm_loader_exports = {};
24
- __export(nodejs_wasm_loader_exports, {
25
- getWasmModule: () => getWasmModule,
26
- isNodejsRuntime: () => isNodejsRuntime,
27
- isWasmInitialized: () => isWasmInitialized,
28
- loadWasmNodejs: () => loadWasmNodejs
29
- });
30
- async function loadWasmNodejs() {
31
- if (wasmInitialized) {
32
- return true;
33
- }
34
- try {
35
- const possiblePaths = [
36
- // In node_modules (most likely)
37
- path.join(process.cwd(), "node_modules", "@kya-os", "agentshield", "dist", "wasm", "agentshield_wasm_bg.wasm"),
38
- // In project root (if user copied it)
39
- path.join(process.cwd(), "agentshield_wasm_bg.wasm"),
40
- // Relative to current file
41
- path.join(__dirname, "..", "..", "..", "agentshield", "dist", "wasm", "agentshield_wasm_bg.wasm")
5
+ // src/edge-detector-wrapper.ts
6
+ var AI_AGENT_PATTERNS = [
7
+ { pattern: /chatgpt-user/i, type: "chatgpt", name: "ChatGPT" },
8
+ { pattern: /claude-web/i, type: "claude", name: "Claude" },
9
+ { pattern: /perplexity/i, type: "perplexity", name: "Perplexity" },
10
+ { pattern: /bingbot/i, type: "bing", name: "Bing AI" },
11
+ { pattern: /anthropic-ai/i, type: "anthropic", name: "Anthropic" }
12
+ ];
13
+ var CLOUD_PROVIDERS = {
14
+ aws: ["54.", "52.", "35.", "18.", "3."],
15
+ gcp: ["35.", "34.", "104.", "107.", "108."],
16
+ azure: ["13.", "20.", "40.", "52.", "104."]
17
+ };
18
+ var EdgeAgentDetector = class {
19
+ async analyze(input) {
20
+ const reasons = [];
21
+ let detectedAgent;
22
+ let verificationMethod;
23
+ let confidence = 0;
24
+ const headers = input.headers || {};
25
+ const normalizedHeaders = {};
26
+ for (const [key, value] of Object.entries(headers)) {
27
+ normalizedHeaders[key.toLowerCase()] = value;
28
+ }
29
+ const signaturePresent = !!(normalizedHeaders["signature"] || normalizedHeaders["signature-input"]);
30
+ const signatureAgent = normalizedHeaders["signature-agent"];
31
+ if (signatureAgent?.includes("chatgpt.com")) {
32
+ confidence = 0.85;
33
+ reasons.push("signature_agent:chatgpt");
34
+ detectedAgent = { type: "chatgpt", name: "ChatGPT" };
35
+ verificationMethod = "signature";
36
+ } else if (signaturePresent) {
37
+ confidence = Math.max(confidence, 0.4);
38
+ reasons.push("signature_present");
39
+ }
40
+ const userAgent = input.userAgent || input.headers?.["user-agent"] || "";
41
+ if (userAgent) {
42
+ for (const { pattern, type, name } of AI_AGENT_PATTERNS) {
43
+ if (pattern.test(userAgent)) {
44
+ confidence = Math.max(confidence, 0.5);
45
+ reasons.push(`known_pattern:${type}`);
46
+ if (!detectedAgent) {
47
+ detectedAgent = { type, name };
48
+ verificationMethod = "pattern";
49
+ }
50
+ break;
51
+ }
52
+ }
53
+ }
54
+ const aiHeaders = [
55
+ "openai-conversation-id",
56
+ "openai-ephemeral-user-id",
57
+ "anthropic-client-id",
58
+ "x-goog-api-client",
59
+ "x-ms-copilot-id"
42
60
  ];
43
- let wasmBuffer = null;
44
- let loadedPath = null;
45
- for (const wasmPath of possiblePaths) {
46
- try {
47
- if (fs.existsSync(wasmPath)) {
48
- wasmBuffer = fs.readFileSync(wasmPath);
49
- loadedPath = wasmPath;
61
+ const foundAiHeaders = aiHeaders.filter((header) => normalizedHeaders[header]);
62
+ if (foundAiHeaders.length > 0) {
63
+ confidence = Math.max(confidence, 0.6);
64
+ reasons.push(`ai_headers:${foundAiHeaders.length}`);
65
+ }
66
+ const ip = input.ip || input.ipAddress;
67
+ if (ip && !normalizedHeaders["x-forwarded-for"] && !normalizedHeaders["x-real-ip"]) {
68
+ for (const [provider, prefixes] of Object.entries(CLOUD_PROVIDERS)) {
69
+ if (prefixes.some((prefix) => ip.startsWith(prefix))) {
70
+ confidence = Math.max(confidence, 0.4);
71
+ reasons.push(`cloud_provider:${provider}`);
50
72
  break;
51
73
  }
52
- } catch (e) {
53
- continue;
54
74
  }
55
75
  }
56
- if (!wasmBuffer) {
57
- console.warn("AgentShield: WASM file not found in any expected location");
58
- return false;
76
+ if (reasons.length > 2) {
77
+ confidence = Math.min(confidence * 1.2, 0.95);
59
78
  }
60
- const bytes = new Uint8Array(wasmBuffer);
61
- wasmModule = await WebAssembly.compile(bytes);
62
- setWasmModule(wasmModule);
63
- wasmInitialized = true;
64
- console.log(`\u2705 AgentShield: WASM loaded successfully from ${loadedPath} (Node.js runtime)`);
65
- console.log("\u{1F510} Cryptographic verification enabled (95-100% confidence)");
66
- return true;
67
- } catch (error) {
68
- console.warn("\u26A0\uFE0F AgentShield: Failed to load WASM in Node.js runtime:", error);
69
- console.log("\u{1F4CA} Falling back to pattern detection (85% confidence)");
70
- return false;
79
+ return {
80
+ isAgent: confidence > 0.3,
81
+ confidence,
82
+ ...detectedAgent && { detectedAgent },
83
+ reasons,
84
+ ...verificationMethod && { verificationMethod },
85
+ forgeabilityRisk: confidence > 0.8 ? "medium" : "high",
86
+ timestamp: /* @__PURE__ */ new Date()
87
+ };
71
88
  }
72
- }
73
- function isNodejsRuntime() {
74
- return typeof process !== "undefined" && typeof process.versions !== "undefined" && typeof process.versions.node !== "undefined" && typeof __require !== "undefined";
75
- }
76
- function getWasmModule() {
77
- return wasmModule;
78
- }
79
- function isWasmInitialized() {
80
- return wasmInitialized;
81
- }
82
- var wasmInitialized, wasmModule;
83
- var init_nodejs_wasm_loader = __esm({
84
- "src/nodejs-wasm-loader.ts"() {
85
- wasmInitialized = false;
86
- wasmModule = null;
89
+ };
90
+ var EdgeAgentDetectorWrapper = class {
91
+ detector;
92
+ events = /* @__PURE__ */ new Map();
93
+ constructor(_config) {
94
+ this.detector = new EdgeAgentDetector();
87
95
  }
88
- });
89
-
90
- // src/wasm-setup.ts
91
- var wasmInitialized2 = false;
92
- var initPromise = null;
93
- var initAttempted = false;
94
- async function setupWasm() {
95
- if (wasmInitialized2) {
96
- return;
96
+ async analyze(input) {
97
+ const result = await this.detector.analyze(input);
98
+ if (result.isAgent && this.events.has("agent.detected")) {
99
+ const handlers = this.events.get("agent.detected") || [];
100
+ handlers.forEach((handler) => handler(result, input));
101
+ }
102
+ return result;
97
103
  }
98
- if (initPromise) {
99
- return initPromise;
104
+ on(event, handler) {
105
+ if (!this.events.has(event)) {
106
+ this.events.set(event, []);
107
+ }
108
+ this.events.get(event).push(handler);
100
109
  }
101
- initPromise = doSetupWasm();
102
- return initPromise;
103
- }
104
- async function doSetupWasm() {
105
- if (initAttempted) {
106
- return;
110
+ emit(event, ...args) {
111
+ const handlers = this.events.get(event) || [];
112
+ handlers.forEach((handler) => handler(...args));
107
113
  }
108
- initAttempted = true;
109
- try {
110
- if (typeof process !== "undefined" && process.env.NODE_ENV === "test") {
111
- wasmInitialized2 = true;
112
- return;
113
- }
114
- const isNodejs = typeof process !== "undefined" && typeof __require !== "undefined" && process.env.NEXT_RUNTIME === "nodejs";
115
- if (isNodejs) {
116
- try {
117
- const { loadWasmNodejs: loadWasmNodejs2 } = await Promise.resolve().then(() => (init_nodejs_wasm_loader(), nodejs_wasm_loader_exports));
118
- const loaded = await loadWasmNodejs2();
119
- wasmInitialized2 = true;
120
- if (loaded) {
121
- console.log("\u{1F680} AgentShield: Running with full WASM support (Node.js runtime)");
122
- } else {
123
- console.log("\u{1F4CA} AgentShield: Using pattern detection (WASM not found)");
124
- }
125
- return;
126
- } catch (error) {
127
- console.warn("\u26A0\uFE0F AgentShield: Node.js WASM loader failed:", error);
128
- }
129
- }
130
- wasmInitialized2 = true;
131
- if (process.env.NEXT_RUNTIME === "edge") {
132
- console.log("\u26A1 AgentShield: Edge Runtime detected - using pattern detection (85% confidence)");
133
- console.log("\u2705 AgentShield: Ready for AI agent detection");
134
- }
135
- } catch (error) {
136
- wasmInitialized2 = true;
114
+ async init() {
115
+ return;
137
116
  }
138
- }
117
+ };
118
+
119
+ // src/middleware.ts
139
120
  function createAgentShieldMiddleware(config = {}) {
140
- const detector = new AgentDetector(config);
121
+ const detector = new EdgeAgentDetectorWrapper(config);
141
122
  if (config.events) {
142
123
  Object.entries(config.events).forEach(([event, handler]) => {
143
124
  detector.on(event, handler);
@@ -167,9 +148,11 @@ function createAgentShieldMiddleware(config = {}) {
167
148
  request.agentShield = { skipped: true };
168
149
  return NextResponse.next();
169
150
  }
151
+ const userAgent = request.headers.get("user-agent");
152
+ const ipAddress = request.ip ?? request.headers.get("x-forwarded-for");
170
153
  const context = {
171
- userAgent: request.headers.get("user-agent") ?? void 0,
172
- ipAddress: request.ip ?? request.headers.get("x-forwarded-for") ?? void 0,
154
+ ...userAgent && { userAgent },
155
+ ...ipAddress && { ipAddress },
173
156
  headers: Object.fromEntries(request.headers.entries()),
174
157
  url: request.url,
175
158
  method: request.method,
@@ -246,20 +229,19 @@ function createAgentShieldMiddleware(config = {}) {
246
229
  // src/create-middleware.ts
247
230
  var middlewareInstance = null;
248
231
  var isInitializing = false;
249
- var initPromise2 = null;
232
+ var initPromise = null;
250
233
  function createAgentShieldMiddleware2(config) {
251
234
  return async function agentShieldMiddleware(request) {
252
235
  if (!middlewareInstance) {
253
236
  if (!isInitializing) {
254
237
  isInitializing = true;
255
- initPromise2 = (async () => {
256
- await setupWasm();
238
+ initPromise = (async () => {
257
239
  middlewareInstance = createAgentShieldMiddleware(config);
258
240
  return middlewareInstance;
259
241
  })();
260
242
  }
261
- if (initPromise2) {
262
- middlewareInstance = await initPromise2;
243
+ if (initPromise) {
244
+ middlewareInstance = await initPromise;
263
245
  }
264
246
  }
265
247
  return middlewareInstance ? middlewareInstance(request) : NextResponse.next();
package/dist/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/nodejs-wasm-loader.ts","../src/wasm-setup.ts","../src/middleware.ts","../src/create-middleware.ts","../src/index.ts"],"names":["wasmInitialized","loadWasmNodejs","response","initPromise","createAgentShieldMiddleware","NextResponse"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,IAAA,0BAAA,GAAA,EAAA;AAAA,QAAA,CAAA,0BAAA,EAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,cAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAkBA,eAAsB,cAAA,GAAmC;AACvD,EAAA,IAAI,eAAA,EAAiB;AACnB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI;AAEF,IAAA,MAAM,aAAA,GAAgB;AAAA;AAAA,MAEpB,IAAA,CAAK,IAAA,CAAK,OAAA,CAAQ,GAAA,EAAI,EAAG,gBAAgB,SAAA,EAAW,aAAA,EAAe,MAAA,EAAQ,MAAA,EAAQ,0BAA0B,CAAA;AAAA;AAAA,MAE7G,IAAA,CAAK,IAAA,CAAK,OAAA,CAAQ,GAAA,IAAO,0BAA0B,CAAA;AAAA;AAAA,MAEnD,IAAA,CAAK,KAAK,SAAA,EAAW,IAAA,EAAM,MAAM,IAAA,EAAM,aAAA,EAAe,MAAA,EAAQ,MAAA,EAAQ,0BAA0B;AAAA,KAClG;AAEA,IAAA,IAAI,UAAA,GAA4B,IAAA;AAChC,IAAA,IAAI,UAAA,GAA4B,IAAA;AAEhC,IAAA,KAAA,MAAW,YAAY,aAAA,EAAe;AACpC,MAAA,IAAI;AACF,QAAA,IAAI,EAAA,CAAG,UAAA,CAAW,QAAQ,CAAA,EAAG;AAC3B,UAAA,UAAA,GAAa,EAAA,CAAG,aAAa,QAAQ,CAAA;AACrC,UAAA,UAAA,GAAa,QAAA;AACb,UAAA;AAAA,QACF;AAAA,MACF,SAAS,CAAA,EAAG;AAEV,QAAA;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,OAAA,CAAQ,KAAK,2DAA2D,CAAA;AACxE,MAAA,OAAO,KAAA;AAAA,IACT;AAIA,IAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,UAAU,CAAA;AACvC,IAAA,UAAA,GAAa,MAAM,WAAA,CAAY,OAAA,CAAQ,KAAK,CAAA;AAG5C,IAAA,aAAA,CAAc,UAAU,CAAA;AAExB,IAAA,eAAA,GAAkB,IAAA;AAClB,IAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,kDAAA,EAAgD,UAAU,CAAA,kBAAA,CAAoB,CAAA;AAC1F,IAAA,OAAA,CAAQ,IAAI,mEAA4D,CAAA;AAExE,IAAA,OAAO,IAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,IAAA,CAAK,qEAA2D,KAAK,CAAA;AAC7E,IAAA,OAAA,CAAQ,IAAI,8DAAuD,CAAA;AACnE,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAKO,SAAS,eAAA,GAA2B;AACzC,EAAA,OAAO,OAAO,OAAA,KAAY,WAAA,IACnB,OAAO,OAAA,CAAQ,QAAA,KAAa,WAAA,IAC5B,OAAO,OAAA,CAAQ,QAAA,CAAS,IAAA,KAAS,WAAA,IACjC,OAAO,SAAA,KAAY,WAAA;AAC5B;AAKO,SAAS,aAAA,GAA2C;AACzD,EAAA,OAAO,UAAA;AACT;AAKO,SAAS,iBAAA,GAA6B;AAC3C,EAAA,OAAO,eAAA;AACT;AAjGA,IAWI,eAAA,EACA,UAAA;AAZJ,IAAA,uBAAA,GAAA,KAAA,CAAA;AAAA,EAAA,2BAAA,GAAA;AAWA,IAAI,eAAA,GAAkB,KAAA;AACtB,IAAI,UAAA,GAAwC,IAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACS5C,IAAIA,gBAAAA,GAAkB,KAAA;AACtB,IAAI,WAAA,GAAoC,IAAA;AACxC,IAAI,aAAA,GAAgB,KAAA;AAapB,eAAsB,SAAA,GAA2B;AAE/C,EAAA,IAAIA,gBAAAA,EAAiB;AACnB,IAAA;AAAA,EACF;AAGA,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO,WAAA;AAAA,EACT;AAGA,EAAA,WAAA,GAAc,WAAA,EAAY;AAC1B,EAAA,OAAO,WAAA;AACT;AAEA,eAAe,WAAA,GAA6B;AAE1C,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA;AAAA,EACF;AACA,EAAA,aAAA,GAAgB,IAAA;AAEhB,EAAA,IAAI;AAEF,IAAA,IAAI,OAAO,OAAA,KAAY,WAAA,IAAe,OAAA,CAAQ,GAAA,CAAI,aAAa,MAAA,EAAQ;AACrE,MAAAA,gBAAAA,GAAkB,IAAA;AAClB,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,QAAA,GAAW,OAAO,OAAA,KAAY,WAAA,IACnB,OAAO,SAAA,KAAY,WAAA,IACnB,OAAA,CAAQ,GAAA,CAAI,YAAA,KAAiB,QAAA;AAE9C,IAAA,IAAI,QAAA,EAAU;AAEZ,MAAA,IAAI;AACF,QAAA,MAAM,EAAE,cAAA,EAAAC,eAAAA,EAAe,GAAI,MAAM,OAAA,CAAA,OAAA,EAAA,CAAA,IAAA,CAAA,OAAA,uBAAA,EAAA,EAAA,0BAAA,CAAA,CAAA;AACjC,QAAA,MAAM,MAAA,GAAS,MAAMA,eAAAA,EAAe;AACpC,QAAAD,gBAAAA,GAAkB,IAAA;AAElB,QAAA,IAAI,MAAA,EAAQ;AACV,UAAA,OAAA,CAAQ,IAAI,yEAAkE,CAAA;AAAA,QAChF,CAAA,MAAO;AACL,UAAA,OAAA,CAAQ,IAAI,iEAA0D,CAAA;AAAA,QACxE;AACA,QAAA;AAAA,MACF,SAAS,KAAA,EAAO;AACd,QAAA,OAAA,CAAQ,IAAA,CAAK,yDAA+C,KAAK,CAAA;AAAA,MACnE;AAAA,IACF;AAIA,IAAAA,gBAAAA,GAAkB,IAAA;AAElB,IAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,YAAA,KAAiB,MAAA,EAAQ;AACvC,MAAA,OAAA,CAAQ,IAAI,sFAAiF,CAAA;AAC7F,MAAA,OAAA,CAAQ,IAAI,kDAA6C,CAAA;AAAA,IAC3D;AAAA,EACF,SAAS,KAAA,EAAO;AAEd,IAAAA,gBAAAA,GAAkB,IAAA;AAAA,EACpB;AACF;AC1FO,SAAS,2BAAA,CACd,MAAA,GAA0C,EAAC,EAC3C;AACA,EAAA,MAAM,QAAA,GAAW,IAAI,aAAA,CAAc,MAAM,CAAA;AAGzC,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,MAAA,CAAO,OAAA,CAAQ,OAAO,MAAM,CAAA,CAAE,QAAQ,CAAC,CAAC,KAAA,EAAO,OAAO,CAAA,KAAM;AAC1D,MAAA,QAAA,CAAS,EAAA,CAAG,OAAc,OAAc,CAAA;AAAA,IAC1C,CAAC,CAAA;AAAA,EACH;AAEA,EAAA,MAAM;AAAA,IACJ,eAAA,GAAkB,KAAA;AAAA,IAClB,WAAA;AAAA,IACA,YAAY,EAAC;AAAA,IACb,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,yCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA,WAAA,GAAc,UAAA;AAAA,IACd,UAAA,GAAa;AAAA,GACf,GAAI,MAAA;AAEJ,EAAA,OAAO,OAAO,OAAA,KAAgD;AAC5D,IAAA,IAAI;AAEF,MAAA,MAAM,UAAA,GAAa,SAAA,CAAU,IAAA,CAAK,CAAA,OAAA,KAAW;AAC3C,QAAA,IAAI,OAAO,YAAY,QAAA,EAAU;AAC/B,UAAA,OAAO,OAAA,CAAQ,OAAA,CAAQ,QAAA,CAAS,UAAA,CAAW,OAAO,CAAA;AAAA,QACpD;AACA,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,QAAQ,CAAA;AAAA,MAC9C,CAAC,CAAA;AAED,MAAA,IAAI,UAAA,EAAY;AAEd,QAAC,OAAA,CAAgB,WAAA,GAAc,EAAE,OAAA,EAAS,IAAA,EAAK;AAC/C,QAAA,OAAO,aAAa,IAAA,EAAK;AAAA,MAC3B;AAGA,MAAA,MAAM,OAAA,GAAU;AAAA,QACd,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,IAAK,KAAA,CAAA;AAAA,QAChD,WAAW,OAAA,CAAQ,EAAA,IAAM,QAAQ,OAAA,CAAQ,GAAA,CAAI,iBAAiB,CAAA,IAAK,KAAA,CAAA;AAAA,QACnE,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,KAAK,OAAA,CAAQ,GAAA;AAAA,QACb,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,SAAA,sBAAe,IAAA;AAAK,OACtB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,OAAO,CAAA;AAG7C,MAAA,IACE,OAAO,OAAA,IACP,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EACpD;AAEA,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,MAAM,cAAA,GAAiB,MAAM,WAAA,CAAY,OAAA,EAAS,MAAM,CAAA;AACxD,UAAA,IAAI,cAAA,EAAgB;AAClB,YAAA,OAAO,cAAA;AAAA,UACT;AAAA,QACF;AAGA,QAAA,QAAQ,eAAA;AAAiB,UACvB,KAAK,OAAA,EAAS;AACZ,YAAA,MAAME,YAAW,YAAA,CAAa,IAAA;AAAA,cAC5B;AAAA,gBACE,OAAO,eAAA,CAAgB,OAAA;AAAA,gBACvB,QAAA,EAAU,IAAA;AAAA,gBACV,YAAY,MAAA,CAAO,UAAA;AAAA,gBACnB,WAAW,MAAA,CAAO;AAAA,eACpB;AAAA,cACA,EAAE,MAAA,EAAQ,eAAA,CAAgB,MAAA;AAAO,aACnC;AAEA,YAAA,IAAI,gBAAgB,OAAA,EAAS;AAC3B,cAAA,MAAA,CAAO,OAAA,CAAQ,eAAA,CAAgB,OAAO,CAAA,CAAE,OAAA;AAAA,gBACtC,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AAChB,kBAAAA,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,gBACjC;AAAA,eACF;AAAA,YACF;AAGA,YAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAE9C,YAAA,OAAOA,SAAAA;AAAA,UACT;AAAA,UAEA,KAAK,UAAA;AACH,YAAA,OAAO,aAAa,QAAA,CAAS,IAAI,IAAI,WAAA,EAAa,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAEhE,KAAK,SAAA;AACH,YAAA,OAAO,aAAa,OAAA,CAAQ,IAAI,IAAI,UAAA,EAAY,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAE9D,KAAK,KAAA;AACH,YAAA,OAAA,CAAQ,KAAK,6BAAA,EAA+B;AAAA,cAC1C,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,YAAY,MAAA,CAAO,UAAA;AAAA,cACnB,SAAS,MAAA,CAAO,OAAA;AAAA,cAChB,QAAA,EAAU,QAAQ,OAAA,CAAQ;AAAA,aAC3B,CAAA;AACD,YAAA;AAAA,UAEF,KAAK,OAAA;AAAA,UACL;AAEE,YAAA,IAAI,OAAO,OAAA,IAAW,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EAAM;AAC9E,cAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAAA,YAChD;AAEA,YAAA;AAAA;AACJ,MACF;AAGA,MAAC,QAAgB,WAAA,GAAc;AAAA,QAC7B,MAAA;AAAA,QACA,OAAA,EAAS;AAAA,OACX;AAGA,MAAA,MAAM,QAAA,GAAW,aAAa,IAAA,EAAK;AACnC,MAAA,QAAA,CAAS,QAAQ,GAAA,CAAI,wBAAA,EAA0B,MAAA,CAAO,OAAA,CAAQ,UAAU,CAAA;AACxE,MAAA,QAAA,CAAS,OAAA,CAAQ,GAAA;AAAA,QACf,0BAAA;AAAA,QACA,MAAA,CAAO,WAAW,QAAA;AAAS,OAC7B;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AACpD,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF;;;AC7IA,IAAI,kBAAA,GAA0B,IAAA;AAC9B,IAAI,cAAA,GAAiB,KAAA;AACrB,IAAIC,YAAAA,GAAmC,IAAA;AAMhC,SAASC,6BAA4B,MAAA,EAAgC;AAC1E,EAAA,OAAO,eAAe,sBACpB,OAAA,EACuB;AAEvB,IAAA,IAAI,CAAC,kBAAA,EAAoB;AACvB,MAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,QAAA,cAAA,GAAiB,IAAA;AACjB,QAAAD,gBAAe,YAAY;AAEzB,UAAA,MAAM,SAAA,EAAU;AAGhB,UAAA,kBAAA,GAAqB,4BAAqB,MAAM,CAAA;AAChD,UAAA,OAAO,kBAAA;AAAA,QACT,CAAA,GAAG;AAAA,MACL;AAGA,MAAA,IAAIA,YAAAA,EAAa;AACf,QAAA,kBAAA,GAAqB,MAAMA,YAAAA;AAAA,MAC7B;AAAA,IACF;AAGA,IAAA,OAAO,kBAAA,GACH,kBAAA,CAAmB,OAAO,CAAA,GAC1BE,aAAa,IAAA,EAAK;AAAA,EACxB,CAAA;AACF;;;AC7BO,IAAM,OAAA,GAAU","file":"index.mjs","sourcesContent":["/**\n * Node.js Runtime WASM Loader for AgentShield\n * \n * This loader uses fs.readFileSync to load WASM in Node.js runtime.\n * It provides full cryptographic verification capabilities.\n */\n\nimport fs from 'fs';\nimport path from 'path';\nimport { setWasmModule } from '@kya-os/agentshield';\n\nlet wasmInitialized = false;\nlet wasmModule: WebAssembly.Module | null = null;\n\n/**\n * Load WASM module using Node.js fs module\n * This only works in Node.js runtime, not Edge Runtime\n */\nexport async function loadWasmNodejs(): Promise<boolean> {\n if (wasmInitialized) {\n return true;\n }\n\n try {\n // Try multiple possible WASM locations\n const possiblePaths = [\n // In node_modules (most likely)\n path.join(process.cwd(), 'node_modules', '@kya-os', 'agentshield', 'dist', 'wasm', 'agentshield_wasm_bg.wasm'),\n // In project root (if user copied it)\n path.join(process.cwd(), 'agentshield_wasm_bg.wasm'),\n // Relative to current file\n path.join(__dirname, '..', '..', '..', 'agentshield', 'dist', 'wasm', 'agentshield_wasm_bg.wasm'),\n ];\n\n let wasmBuffer: Buffer | null = null;\n let loadedPath: string | null = null;\n\n for (const wasmPath of possiblePaths) {\n try {\n if (fs.existsSync(wasmPath)) {\n wasmBuffer = fs.readFileSync(wasmPath);\n loadedPath = wasmPath;\n break;\n }\n } catch (e) {\n // Try next path\n continue;\n }\n }\n\n if (!wasmBuffer) {\n console.warn('AgentShield: WASM file not found in any expected location');\n return false;\n }\n\n // Convert Buffer to Uint8Array for WebAssembly\n // This is the proper way to handle Buffer -> ArrayBuffer conversion\n const bytes = new Uint8Array(wasmBuffer);\n wasmModule = await WebAssembly.compile(bytes);\n \n // Set the module in AgentShield\n setWasmModule(wasmModule);\n \n wasmInitialized = true;\n console.log(`✅ AgentShield: WASM loaded successfully from ${loadedPath} (Node.js runtime)`);\n console.log('🔐 Cryptographic verification enabled (95-100% confidence)');\n \n return true;\n } catch (error) {\n console.warn('⚠️ AgentShield: Failed to load WASM in Node.js runtime:', error);\n console.log('📊 Falling back to pattern detection (85% confidence)');\n return false;\n }\n}\n\n/**\n * Check if we're in Node.js runtime\n */\nexport function isNodejsRuntime(): boolean {\n return typeof process !== 'undefined' && \n typeof process.versions !== 'undefined' && \n typeof process.versions.node !== 'undefined' &&\n typeof require !== 'undefined';\n}\n\n/**\n * Get the loaded WASM module\n */\nexport function getWasmModule(): WebAssembly.Module | null {\n return wasmModule;\n}\n\n/**\n * Check if WASM is initialized\n */\nexport function isWasmInitialized(): boolean {\n return wasmInitialized;\n}","/**\n * WASM Setup for AgentShield in Next.js Edge Runtime\n * \n * This module handles WASM initialization for cryptographic signature verification.\n * Designed to work without top-level await to avoid Next.js middleware issues.\n * \n * Usage in middleware.ts:\n * ```typescript\n * import { setupWasm } from '@kya-os/agentshield-nextjs/wasm-setup';\n * import { createAgentShieldMiddleware } from '@kya-os/agentshield-nextjs';\n * \n * export async function middleware(request: NextRequest) {\n * // Initialize WASM inside the middleware function\n * await setupWasm();\n * \n * const agentShieldMiddleware = createAgentShieldMiddleware({...});\n * return agentShieldMiddleware(request);\n * }\n * ```\n */\n\nlet wasmInitialized = false;\nlet initPromise: Promise<void> | null = null;\nlet initAttempted = false;\n\n/**\n * Initialize WASM module for AgentShield\n * \n * This function:\n * - Loads WASM in production/Edge Runtime for cryptographic verification\n * - Skips WASM in test environments (Jest) automatically\n * - Is safe to call multiple times (idempotent)\n * - Handles errors gracefully with fallback to pattern detection\n * \n * @returns Promise that resolves when initialization is complete\n */\nexport async function setupWasm(): Promise<void> {\n // Already initialized, return immediately\n if (wasmInitialized) {\n return;\n }\n\n // Initialization in progress, return the existing promise\n if (initPromise) {\n return initPromise;\n }\n\n // Start initialization\n initPromise = doSetupWasm();\n return initPromise;\n}\n\nasync function doSetupWasm(): Promise<void> {\n // Prevent multiple initialization attempts\n if (initAttempted) {\n return;\n }\n initAttempted = true;\n\n try {\n // Skip WASM in test environments\n if (typeof process !== 'undefined' && process.env.NODE_ENV === 'test') {\n wasmInitialized = true;\n return;\n }\n\n // Check if we're in Node.js runtime (middleware with runtime: 'nodejs')\n const isNodejs = typeof process !== 'undefined' && \n typeof require !== 'undefined' &&\n process.env.NEXT_RUNTIME === 'nodejs';\n\n if (isNodejs) {\n // We're in Node.js runtime - use fs to load WASM!\n try {\n const { loadWasmNodejs } = await import('./nodejs-wasm-loader');\n const loaded = await loadWasmNodejs();\n wasmInitialized = true;\n \n if (loaded) {\n console.log('🚀 AgentShield: Running with full WASM support (Node.js runtime)');\n } else {\n console.log('📊 AgentShield: Using pattern detection (WASM not found)');\n }\n return;\n } catch (error) {\n console.warn('⚠️ AgentShield: Node.js WASM loader failed:', error);\n }\n }\n\n // Edge Runtime or build time - skip WASM loading\n // Pattern detection will be used (85% confidence)\n wasmInitialized = true;\n \n if (process.env.NEXT_RUNTIME === 'edge') {\n console.log('⚡ AgentShield: Edge Runtime detected - using pattern detection (85% confidence)');\n console.log('✅ AgentShield: Ready for AI agent detection');\n }\n } catch (error) {\n // Mark as initialized to prevent retries\n wasmInitialized = true;\n }\n}\n\n/**\n * Check if WASM has been initialized\n * \n * @returns true if WASM setup has been attempted (success or failure)\n */\nexport function isWasmInitialized(): boolean {\n return wasmInitialized;\n}\n\n/**\n * Reset WASM initialization state (mainly for testing)\n * \n * @internal\n */\nexport function resetWasmState(): void {\n wasmInitialized = false;\n initPromise = null;\n}","/**\n * Next.js middleware for AgentShield\n */\n\nimport { NextRequest, NextResponse } from 'next/server';\nimport { AgentDetector } from '@kya-os/agentshield';\nimport type { NextJSMiddlewareConfig } from './types';\n\n/**\n * Create AgentShield middleware for Next.js\n */\nexport function createAgentShieldMiddleware(\n config: Partial<NextJSMiddlewareConfig> = {}\n) {\n const detector = new AgentDetector(config);\n \n // Wire up event handlers if provided\n if (config.events) {\n Object.entries(config.events).forEach(([event, handler]) => {\n detector.on(event as any, handler as any);\n });\n }\n\n const {\n onAgentDetected = 'log',\n onDetection,\n skipPaths = [],\n blockedResponse = {\n status: 403,\n message: 'Access denied: Automated agent detected',\n headers: { 'Content-Type': 'application/json' },\n },\n redirectUrl = '/blocked',\n rewriteUrl = '/blocked',\n } = config;\n\n return async (request: NextRequest): Promise<NextResponse> => {\n try {\n // Check if path should be skipped\n const shouldSkip = skipPaths.some(pattern => {\n if (typeof pattern === 'string') {\n return request.nextUrl.pathname.startsWith(pattern);\n }\n return pattern.test(request.nextUrl.pathname);\n });\n\n if (shouldSkip) {\n // Mark as skipped in request\n (request as any).agentShield = { skipped: true };\n return NextResponse.next();\n }\n\n // Prepare request context\n const context = {\n userAgent: request.headers.get('user-agent') ?? undefined,\n ipAddress: request.ip ?? request.headers.get('x-forwarded-for') ?? undefined,\n headers: Object.fromEntries(request.headers.entries()),\n url: request.url,\n method: request.method,\n timestamp: new Date(),\n };\n\n // Analyze request\n const result = await detector.analyze(context);\n\n // Handle detection result\n if (\n result.isAgent &&\n result.confidence >= (config.confidenceThreshold ?? 0.7)\n ) {\n // Call custom detection handler if provided\n if (onDetection) {\n const customResponse = await onDetection(request, result);\n if (customResponse) {\n return customResponse;\n }\n }\n\n // Handle based on configuration\n switch (onAgentDetected) {\n case 'block': {\n const response = NextResponse.json(\n {\n error: blockedResponse.message,\n detected: true,\n confidence: result.confidence,\n timestamp: result.timestamp,\n },\n { status: blockedResponse.status }\n );\n\n if (blockedResponse.headers) {\n Object.entries(blockedResponse.headers).forEach(\n ([key, value]) => {\n response.headers.set(key, value);\n }\n );\n }\n \n // Emit blocked event\n detector.emit('agent.blocked', result, context);\n\n return response;\n }\n\n case 'redirect':\n return NextResponse.redirect(new URL(redirectUrl, request.url));\n\n case 'rewrite':\n return NextResponse.rewrite(new URL(rewriteUrl, request.url));\n\n case 'log':\n console.warn('AgentShield: Agent detected', {\n ipAddress: context.ipAddress,\n userAgent: context.userAgent,\n confidence: result.confidence,\n reasons: result.reasons,\n pathname: request.nextUrl.pathname,\n });\n break;\n\n case 'allow':\n default:\n // Emit allowed event for high-confidence agents\n if (result.isAgent && result.confidence >= (config.confidenceThreshold ?? 0.7)) {\n detector.emit('agent.allowed', result, context);\n }\n // Continue processing\n break;\n }\n }\n\n // Add detection result to request for API routes\n (request as any).agentShield = {\n result,\n skipped: false,\n };\n\n // Add detection result to response headers for debugging\n const response = NextResponse.next();\n response.headers.set('x-agentshield-detected', result.isAgent.toString());\n response.headers.set(\n 'x-agentshield-confidence',\n result.confidence.toString()\n );\n\n return response;\n } catch (error) {\n console.error('AgentShield middleware error:', error);\n return NextResponse.next(); // Continue on error\n }\n };\n}\n\n/**\n * Convenience function for basic setup\n */\nexport function agentShield(config: Partial<NextJSMiddlewareConfig> = {}) {\n return createAgentShieldMiddleware(config);\n}\n","/**\n * Enhanced middleware creator that handles WASM initialization internally\n * This avoids top-level await issues in Next.js middleware\n */\n\nimport { NextResponse } from 'next/server';\nimport type { NextRequest } from 'next/server';\nimport { setupWasm } from './wasm-setup';\nimport { createAgentShieldMiddleware as createBaseMiddleware } from './middleware';\nimport type { NextJSMiddlewareConfig } from './types';\n\nlet middlewareInstance: any = null;\nlet isInitializing = false;\nlet initPromise: Promise<any> | null = null;\n\n/**\n * Create an AgentShield middleware with automatic WASM initialization\n * This version handles initialization internally to avoid top-level await\n */\nexport function createAgentShieldMiddleware(config: NextJSMiddlewareConfig) {\n return async function agentShieldMiddleware(\n request: NextRequest\n ): Promise<NextResponse> {\n // Initialize WASM and middleware on first request\n if (!middlewareInstance) {\n if (!isInitializing) {\n isInitializing = true;\n initPromise = (async () => {\n // Initialize WASM (will gracefully fallback if not available)\n await setupWasm();\n\n // Create the actual middleware instance\n middlewareInstance = createBaseMiddleware(config);\n return middlewareInstance;\n })();\n }\n\n // Wait for initialization to complete\n if (initPromise) {\n middlewareInstance = await initPromise;\n }\n }\n\n // Run the middleware\n return middlewareInstance\n ? middlewareInstance(request)\n : NextResponse.next();\n };\n}\n\n/**\n * Export the original function as well for backward compatibility\n */\nexport { createAgentShieldMiddleware as createMiddleware };\n","/**\n * @fileoverview AgentShield Next.js Integration\n * @version 0.1.0\n * @license MIT OR Apache-2.0\n */\n\n// Export the enhanced middleware that handles initialization internally\nexport { createAgentShieldMiddleware, createMiddleware } from './create-middleware';\n\n// Also export original middleware for advanced users\nexport { createAgentShieldMiddleware as createAgentShieldMiddlewareBase } from './middleware';\n\nexport * from './types';\n// Hooks are not exported from main entry - they're client-only\n// If someone needs hooks, they should import from '@kya-os/agentshield-nextjs/hooks'\n\n/**\n * Library version\n */\nexport const VERSION = '0.1.0';\n"]}
1
+ {"version":3,"sources":["../src/edge-detector-wrapper.ts","../src/middleware.ts","../src/create-middleware.ts","../src/index.ts"],"names":["response","createAgentShieldMiddleware","NextResponse"],"mappings":";;;;;AAiCA,IAAM,iBAAA,GAAoB;AAAA,EACxB,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,SAAA,EAAW,MAAM,SAAA,EAAU;AAAA,EAC7D,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,QAAA,EAAU,MAAM,QAAA,EAAS;AAAA,EACzD,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACjE,EAAE,OAAA,EAAS,UAAA,EAAY,IAAA,EAAM,MAAA,EAAQ,MAAM,SAAA,EAAU;AAAA,EACrD,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,WAAA,EAAa,MAAM,WAAA;AACvD,CAAA;AAGA,IAAM,eAAA,GAAkB;AAAA,EACtB,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,IAAI,CAAA;AAAA,EACtC,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,QAAQ,MAAM,CAAA;AAAA,EAC1C,OAAO,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,MAAM;AAC5C,CAAA;AAKA,IAAM,oBAAN,MAAwB;AAAA,EACtB,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,IAAI,aAAA;AACJ,IAAA,IAAI,kBAAA;AACJ,IAAA,IAAI,UAAA,GAAa,CAAA;AAEjB,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,OAAA,IAAW,EAAC;AAClC,IAAA,MAAM,oBAA4C,EAAC;AAGnD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,MAAA,iBAAA,CAAkB,GAAA,CAAI,WAAA,EAAa,CAAA,GAAI,KAAA;AAAA,IACzC;AAGA,IAAA,MAAM,mBAAmB,CAAC,EAAE,kBAAkB,WAAW,CAAA,IAAK,kBAAkB,iBAAiB,CAAA,CAAA;AACjG,IAAA,MAAM,cAAA,GAAiB,kBAAkB,iBAAiB,CAAA;AAE1D,IAAA,IAAI,cAAA,EAAgB,QAAA,CAAS,aAAa,CAAA,EAAG;AAC3C,MAAA,UAAA,GAAa,IAAA;AACb,MAAA,OAAA,CAAQ,KAAK,yBAAyB,CAAA;AACtC,MAAA,aAAA,GAAgB,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,SAAA,EAAU;AACnD,MAAA,kBAAA,GAAqB,WAAA;AAAA,IACvB,WAAW,gBAAA,EAAkB;AAC3B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,KAAK,mBAAmB,CAAA;AAAA,IAClC;AAGA,IAAA,MAAM,YAAY,KAAA,CAAM,SAAA,IAAa,KAAA,CAAM,OAAA,GAAU,YAAY,CAAA,IAAK,EAAA;AACtE,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,KAAA,MAAW,EAAE,OAAA,EAAS,IAAA,EAAM,IAAA,MAAU,iBAAA,EAAmB;AACvD,QAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA,EAAG;AAC3B,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,cAAA,EAAiB,IAAI,CAAA,CAAE,CAAA;AACpC,UAAA,IAAI,CAAC,aAAA,EAAe;AAClB,YAAA,aAAA,GAAgB,EAAE,MAAM,IAAA,EAAK;AAC7B,YAAA,kBAAA,GAAqB,SAAA;AAAA,UACvB;AACA,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,MAAM,SAAA,GAAY;AAAA,MAChB,wBAAA;AAAA,MACA,0BAAA;AAAA,MACA,qBAAA;AAAA,MACA,mBAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,iBAAiB,SAAA,CAAU,MAAA,CAAO,CAAA,MAAA,KAAU,iBAAA,CAAkB,MAAM,CAAC,CAAA;AAC3E,IAAA,IAAI,cAAA,CAAe,SAAS,CAAA,EAAG;AAC7B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,WAAA,EAAc,cAAA,CAAe,MAAM,CAAA,CAAE,CAAA;AAAA,IACpD;AAGA,IAAA,MAAM,EAAA,GAAK,KAAA,CAAM,EAAA,IAAM,KAAA,CAAM,SAAA;AAC7B,IAAA,IAAI,EAAA,IAAM,CAAC,iBAAA,CAAkB,iBAAiB,KAAK,CAAC,iBAAA,CAAkB,WAAW,CAAA,EAAG;AAClF,MAAA,KAAA,MAAW,CAAC,QAAA,EAAU,QAAQ,KAAK,MAAA,CAAO,OAAA,CAAQ,eAAe,CAAA,EAAG;AAClE,QAAA,IAAI,SAAS,IAAA,CAAK,CAAA,MAAA,KAAU,GAAG,UAAA,CAAW,MAAM,CAAC,CAAA,EAAG;AAClD,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,eAAA,EAAkB,QAAQ,CAAA,CAAE,CAAA;AACzC,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,GAAa,GAAA,EAAK,IAAI,CAAA;AAAA,IAC9C;AAEA,IAAA,OAAO;AAAA,MACL,SAAS,UAAA,GAAa,GAAA;AAAA,MACtB,UAAA;AAAA,MACA,GAAI,aAAA,IAAiB,EAAE,aAAA,EAAc;AAAA,MACrC,OAAA;AAAA,MACA,GAAI,kBAAA,IAAsB,EAAE,kBAAA,EAAmB;AAAA,MAC/C,gBAAA,EAAkB,UAAA,GAAa,GAAA,GAAM,QAAA,GAAW,MAAA;AAAA,MAChD,SAAA,sBAAe,IAAA;AAAK,KACtB;AAAA,EACF;AACF,CAAA;AAKO,IAAM,2BAAN,MAA+B;AAAA,EAC5B,QAAA;AAAA,EACA,MAAA,uBAA0C,GAAA,EAAI;AAAA,EAEtD,YAAY,OAAA,EAAe;AAEzB,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,iBAAA,EAAkB;AAAA,EACxC;AAAA,EAEA,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,QAAA,CAAS,QAAQ,KAAK,CAAA;AAGhD,IAAA,IAAI,OAAO,OAAA,IAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,KAAK,EAAC;AACvD,MAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,MAAA,EAAQ,KAAK,CAAC,CAAA;AAAA,IACpD;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,EAAA,CAAG,OAAe,OAAA,EAA6B;AAC7C,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,EAAG;AAC3B,MAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAA,EAAO,EAAE,CAAA;AAAA,IAC3B;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,CAAG,KAAK,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,IAAA,CAAK,UAAkB,IAAA,EAAmB;AACxC,IAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,KAAK,EAAC;AAC5C,IAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,GAAG,IAAI,CAAC,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,IAAA,GAAsB;AAE1B,IAAA;AAAA,EACF;AACF,CAAA;;;ACtKO,SAAS,2BAAA,CACd,MAAA,GAA0C,EAAC,EAC3C;AACA,EAAA,MAAM,QAAA,GAAW,IAAI,wBAAA,CAAc,MAAM,CAAA;AAGzC,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,MAAA,CAAO,OAAA,CAAQ,OAAO,MAAM,CAAA,CAAE,QAAQ,CAAC,CAAC,KAAA,EAAO,OAAO,CAAA,KAAM;AAC1D,MAAA,QAAA,CAAS,EAAA,CAAG,OAAc,OAAc,CAAA;AAAA,IAC1C,CAAC,CAAA;AAAA,EACH;AAEA,EAAA,MAAM;AAAA,IACJ,eAAA,GAAkB,KAAA;AAAA,IAClB,WAAA;AAAA,IACA,YAAY,EAAC;AAAA,IACb,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,yCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA,WAAA,GAAc,UAAA;AAAA,IACd,UAAA,GAAa;AAAA,GACf,GAAI,MAAA;AAEJ,EAAA,OAAO,OAAO,OAAA,KAAgD;AAC5D,IAAA,IAAI;AAEF,MAAA,MAAM,UAAA,GAAa,SAAA,CAAU,IAAA,CAAK,CAAA,OAAA,KAAW;AAC3C,QAAA,IAAI,OAAO,YAAY,QAAA,EAAU;AAC/B,UAAA,OAAO,OAAA,CAAQ,OAAA,CAAQ,QAAA,CAAS,UAAA,CAAW,OAAO,CAAA;AAAA,QACpD;AACA,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,QAAQ,CAAA;AAAA,MAC9C,CAAC,CAAA;AAED,MAAA,IAAI,UAAA,EAAY;AAEd,QAAC,OAAA,CAAgB,WAAA,GAAc,EAAE,OAAA,EAAS,IAAA,EAAK;AAC/C,QAAA,OAAO,aAAa,IAAA,EAAK;AAAA,MAC3B;AAGA,MAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA;AAClD,MAAA,MAAM,YAAY,OAAA,CAAQ,EAAA,IAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,iBAAiB,CAAA;AAErE,MAAA,MAAM,OAAA,GAAU;AAAA,QACd,GAAI,SAAA,IAAa,EAAE,SAAA,EAAU;AAAA,QAC7B,GAAI,SAAA,IAAa,EAAE,SAAA,EAAU;AAAA,QAC7B,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,KAAK,OAAA,CAAQ,GAAA;AAAA,QACb,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,SAAA,sBAAe,IAAA;AAAK,OACtB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,OAAO,CAAA;AAG7C,MAAA,IACE,OAAO,OAAA,IACP,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EACpD;AAEA,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,MAAM,cAAA,GAAiB,MAAM,WAAA,CAAY,OAAA,EAAS,MAAM,CAAA;AACxD,UAAA,IAAI,cAAA,EAAgB;AAClB,YAAA,OAAO,cAAA;AAAA,UACT;AAAA,QACF;AAGA,QAAA,QAAQ,eAAA;AAAiB,UACvB,KAAK,OAAA,EAAS;AACZ,YAAA,MAAMA,YAAW,YAAA,CAAa,IAAA;AAAA,cAC5B;AAAA,gBACE,OAAO,eAAA,CAAgB,OAAA;AAAA,gBACvB,QAAA,EAAU,IAAA;AAAA,gBACV,YAAY,MAAA,CAAO,UAAA;AAAA,gBACnB,WAAW,MAAA,CAAO;AAAA,eACpB;AAAA,cACA,EAAE,MAAA,EAAQ,eAAA,CAAgB,MAAA;AAAO,aACnC;AAEA,YAAA,IAAI,gBAAgB,OAAA,EAAS;AAC3B,cAAA,MAAA,CAAO,OAAA,CAAQ,eAAA,CAAgB,OAAO,CAAA,CAAE,OAAA;AAAA,gBACtC,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AAChB,kBAAAA,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,gBACjC;AAAA,eACF;AAAA,YACF;AAGA,YAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAE9C,YAAA,OAAOA,SAAAA;AAAA,UACT;AAAA,UAEA,KAAK,UAAA;AACH,YAAA,OAAO,aAAa,QAAA,CAAS,IAAI,IAAI,WAAA,EAAa,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAEhE,KAAK,SAAA;AACH,YAAA,OAAO,aAAa,OAAA,CAAQ,IAAI,IAAI,UAAA,EAAY,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAE9D,KAAK,KAAA;AACH,YAAA,OAAA,CAAQ,KAAK,6BAAA,EAA+B;AAAA,cAC1C,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,YAAY,MAAA,CAAO,UAAA;AAAA,cACnB,SAAS,MAAA,CAAO,OAAA;AAAA,cAChB,QAAA,EAAU,QAAQ,OAAA,CAAQ;AAAA,aAC3B,CAAA;AACD,YAAA;AAAA,UAEF,KAAK,OAAA;AAAA,UACL;AAEE,YAAA,IAAI,OAAO,OAAA,IAAW,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EAAM;AAC9E,cAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAAA,YAChD;AAEA,YAAA;AAAA;AACJ,MACF;AAGA,MAAC,QAAgB,WAAA,GAAc;AAAA,QAC7B,MAAA;AAAA,QACA,OAAA,EAAS;AAAA,OACX;AAGA,MAAA,MAAM,QAAA,GAAW,aAAa,IAAA,EAAK;AACnC,MAAA,QAAA,CAAS,QAAQ,GAAA,CAAI,wBAAA,EAA0B,MAAA,CAAO,OAAA,CAAQ,UAAU,CAAA;AACxE,MAAA,QAAA,CAAS,OAAA,CAAQ,GAAA;AAAA,QACf,0BAAA;AAAA,QACA,MAAA,CAAO,WAAW,QAAA;AAAS,OAC7B;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AACpD,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF;;;ACpJA,IAAI,kBAAA,GAA0B,IAAA;AAC9B,IAAI,cAAA,GAAiB,KAAA;AACrB,IAAI,WAAA,GAAmC,IAAA;AAMhC,SAASC,6BAA4B,MAAA,EAAgC;AAC1E,EAAA,OAAO,eAAe,sBACpB,OAAA,EACuB;AAEvB,IAAA,IAAI,CAAC,kBAAA,EAAoB;AACvB,MAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,QAAA,cAAA,GAAiB,IAAA;AACjB,QAAA,WAAA,GAAA,CAAe,YAAY;AAIzB,UAAA,kBAAA,GAAqB,4BAAqB,MAAM,CAAA;AAChD,UAAA,OAAO,kBAAA;AAAA,QACT,CAAA,GAAG;AAAA,MACL;AAGA,MAAA,IAAI,WAAA,EAAa;AACf,QAAA,kBAAA,GAAqB,MAAM,WAAA;AAAA,MAC7B;AAAA,IACF;AAGA,IAAA,OAAO,kBAAA,GACH,kBAAA,CAAmB,OAAO,CAAA,GAC1BC,aAAa,IAAA,EAAK;AAAA,EACxB,CAAA;AACF;;;AC3BO,IAAM,OAAA,GAAU","file":"index.mjs","sourcesContent":["/**\n * Wrapper for EdgeAgentDetector to match AgentDetector interface\n * This allows the middleware to work with EdgeAgentDetector in Edge Runtime\n * \n * This is a self-contained implementation to avoid import resolution issues\n */\n\ntype DetectionInput = {\n userAgent?: string;\n ip?: string;\n ipAddress?: string;\n headers?: Record<string, string>;\n url?: string;\n method?: string;\n timestamp?: Date;\n};\n\ntype DetectionResult = {\n isAgent: boolean;\n confidence: number;\n detectedAgent?: {\n type: string;\n name: string;\n };\n reasons: string[];\n verificationMethod?: string;\n forgeabilityRisk?: 'low' | 'medium' | 'high';\n timestamp: Date;\n};\n\ntype EventHandler = (...args: any[]) => void;\n\n// Known AI agent patterns\nconst AI_AGENT_PATTERNS = [\n { pattern: /chatgpt-user/i, type: 'chatgpt', name: 'ChatGPT' },\n { pattern: /claude-web/i, type: 'claude', name: 'Claude' },\n { pattern: /perplexity/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /bingbot/i, type: 'bing', name: 'Bing AI' },\n { pattern: /anthropic-ai/i, type: 'anthropic', name: 'Anthropic' },\n];\n\n// Known cloud provider IP ranges (simplified)\nconst CLOUD_PROVIDERS = {\n aws: ['54.', '52.', '35.', '18.', '3.'],\n gcp: ['35.', '34.', '104.', '107.', '108.'],\n azure: ['13.', '20.', '40.', '52.', '104.'],\n};\n\n/**\n * Self-contained EdgeAgentDetector implementation\n */\nclass EdgeAgentDetector {\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const reasons: string[] = [];\n let detectedAgent: { type: string; name: string } | undefined;\n let verificationMethod: string | undefined;\n let confidence = 0;\n\n const headers = input.headers || {};\n const normalizedHeaders: Record<string, string> = {};\n \n // Normalize header names to lowercase\n for (const [key, value] of Object.entries(headers)) {\n normalizedHeaders[key.toLowerCase()] = value;\n }\n\n // Check for HTTP Message Signatures (highest confidence)\n const signaturePresent = !!(normalizedHeaders['signature'] || normalizedHeaders['signature-input']);\n const signatureAgent = normalizedHeaders['signature-agent'];\n \n if (signatureAgent?.includes('chatgpt.com')) {\n confidence = 0.85;\n reasons.push('signature_agent:chatgpt');\n detectedAgent = { type: 'chatgpt', name: 'ChatGPT' };\n verificationMethod = 'signature';\n } else if (signaturePresent) {\n confidence = Math.max(confidence, 0.4);\n reasons.push('signature_present');\n }\n\n // Check User-Agent patterns\n const userAgent = input.userAgent || input.headers?.['user-agent'] || '';\n if (userAgent) {\n for (const { pattern, type, name } of AI_AGENT_PATTERNS) {\n if (pattern.test(userAgent)) {\n confidence = Math.max(confidence, 0.5);\n reasons.push(`known_pattern:${type}`);\n if (!detectedAgent) {\n detectedAgent = { type, name };\n verificationMethod = 'pattern';\n }\n break;\n }\n }\n }\n\n // Check AI-specific headers\n const aiHeaders = [\n 'openai-conversation-id',\n 'openai-ephemeral-user-id',\n 'anthropic-client-id',\n 'x-goog-api-client',\n 'x-ms-copilot-id'\n ];\n \n const foundAiHeaders = aiHeaders.filter(header => normalizedHeaders[header]);\n if (foundAiHeaders.length > 0) {\n confidence = Math.max(confidence, 0.6);\n reasons.push(`ai_headers:${foundAiHeaders.length}`);\n }\n\n // Check cloud provider IPs\n const ip = input.ip || input.ipAddress;\n if (ip && !normalizedHeaders['x-forwarded-for'] && !normalizedHeaders['x-real-ip']) {\n for (const [provider, prefixes] of Object.entries(CLOUD_PROVIDERS)) {\n if (prefixes.some(prefix => ip.startsWith(prefix))) {\n confidence = Math.max(confidence, 0.4);\n reasons.push(`cloud_provider:${provider}`);\n break;\n }\n }\n }\n\n // Boost confidence for combinations\n if (reasons.length > 2) {\n confidence = Math.min(confidence * 1.2, 0.95);\n }\n\n return {\n isAgent: confidence > 0.3,\n confidence,\n ...(detectedAgent && { detectedAgent }),\n reasons,\n ...(verificationMethod && { verificationMethod }),\n forgeabilityRisk: confidence > 0.8 ? 'medium' : 'high',\n timestamp: new Date(),\n };\n }\n}\n\n/**\n * Wrapper that provides event emitter functionality\n */\nexport class EdgeAgentDetectorWrapper {\n private detector: EdgeAgentDetector;\n private events: Map<string, EventHandler[]> = new Map();\n\n constructor(_config?: any) {\n // Config is accepted but not used by EdgeAgentDetector\n this.detector = new EdgeAgentDetector();\n }\n\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const result = await this.detector.analyze(input);\n \n // Emit events if there are listeners\n if (result.isAgent && this.events.has('agent.detected')) {\n const handlers = this.events.get('agent.detected') || [];\n handlers.forEach(handler => handler(result, input));\n }\n \n return result;\n }\n\n on(event: string, handler: EventHandler): void {\n if (!this.events.has(event)) {\n this.events.set(event, []);\n }\n this.events.get(event)!.push(handler);\n }\n\n emit(event: string, ...args: any[]): void {\n const handlers = this.events.get(event) || [];\n handlers.forEach(handler => handler(...args));\n }\n\n async init(): Promise<void> {\n // EdgeAgentDetector doesn't need initialization\n return;\n }\n}","/**\n * Next.js middleware for AgentShield\n * \n * Uses edge-safe imports to avoid WASM in Edge Runtime\n */\n\nimport { NextRequest, NextResponse } from 'next/server';\n// Use wrapper for EdgeAgentDetector to match expected interface\nimport { EdgeAgentDetectorWrapper as AgentDetector } from './edge-detector-wrapper';\nimport type { NextJSMiddlewareConfig } from './types';\n\n/**\n * Create AgentShield middleware for Next.js\n */\nexport function createAgentShieldMiddleware(\n config: Partial<NextJSMiddlewareConfig> = {}\n) {\n const detector = new AgentDetector(config);\n \n // Wire up event handlers if provided\n if (config.events) {\n Object.entries(config.events).forEach(([event, handler]) => {\n detector.on(event as any, handler as any);\n });\n }\n\n const {\n onAgentDetected = 'log',\n onDetection,\n skipPaths = [],\n blockedResponse = {\n status: 403,\n message: 'Access denied: Automated agent detected',\n headers: { 'Content-Type': 'application/json' },\n },\n redirectUrl = '/blocked',\n rewriteUrl = '/blocked',\n } = config;\n\n return async (request: NextRequest): Promise<NextResponse> => {\n try {\n // Check if path should be skipped\n const shouldSkip = skipPaths.some(pattern => {\n if (typeof pattern === 'string') {\n return request.nextUrl.pathname.startsWith(pattern);\n }\n return pattern.test(request.nextUrl.pathname);\n });\n\n if (shouldSkip) {\n // Mark as skipped in request\n (request as any).agentShield = { skipped: true };\n return NextResponse.next();\n }\n\n // Prepare request context - ensure all optional fields are properly typed\n const userAgent = request.headers.get('user-agent');\n const ipAddress = request.ip ?? request.headers.get('x-forwarded-for');\n \n const context = {\n ...(userAgent && { userAgent }),\n ...(ipAddress && { ipAddress }),\n headers: Object.fromEntries(request.headers.entries()),\n url: request.url,\n method: request.method,\n timestamp: new Date(),\n };\n\n // Analyze request\n const result = await detector.analyze(context);\n\n // Handle detection result\n if (\n result.isAgent &&\n result.confidence >= (config.confidenceThreshold ?? 0.7)\n ) {\n // Call custom detection handler if provided\n if (onDetection) {\n const customResponse = await onDetection(request, result);\n if (customResponse) {\n return customResponse;\n }\n }\n\n // Handle based on configuration\n switch (onAgentDetected) {\n case 'block': {\n const response = NextResponse.json(\n {\n error: blockedResponse.message,\n detected: true,\n confidence: result.confidence,\n timestamp: result.timestamp,\n },\n { status: blockedResponse.status }\n );\n\n if (blockedResponse.headers) {\n Object.entries(blockedResponse.headers).forEach(\n ([key, value]) => {\n response.headers.set(key, value);\n }\n );\n }\n \n // Emit blocked event\n detector.emit('agent.blocked', result, context);\n\n return response;\n }\n\n case 'redirect':\n return NextResponse.redirect(new URL(redirectUrl, request.url));\n\n case 'rewrite':\n return NextResponse.rewrite(new URL(rewriteUrl, request.url));\n\n case 'log':\n console.warn('AgentShield: Agent detected', {\n ipAddress: context.ipAddress,\n userAgent: context.userAgent,\n confidence: result.confidence,\n reasons: result.reasons,\n pathname: request.nextUrl.pathname,\n });\n break;\n\n case 'allow':\n default:\n // Emit allowed event for high-confidence agents\n if (result.isAgent && result.confidence >= (config.confidenceThreshold ?? 0.7)) {\n detector.emit('agent.allowed', result, context);\n }\n // Continue processing\n break;\n }\n }\n\n // Add detection result to request for API routes\n (request as any).agentShield = {\n result,\n skipped: false,\n };\n\n // Add detection result to response headers for debugging\n const response = NextResponse.next();\n response.headers.set('x-agentshield-detected', result.isAgent.toString());\n response.headers.set(\n 'x-agentshield-confidence',\n result.confidence.toString()\n );\n\n return response;\n } catch (error) {\n console.error('AgentShield middleware error:', error);\n return NextResponse.next(); // Continue on error\n }\n };\n}\n\n/**\n * Convenience function for basic setup\n */\nexport function agentShield(config: Partial<NextJSMiddlewareConfig> = {}) {\n return createAgentShieldMiddleware(config);\n}\n","/**\n * Enhanced middleware creator for Edge Runtime\n * Uses EdgeAgentDetector which doesn't require WASM\n */\n\nimport { NextResponse } from 'next/server';\nimport type { NextRequest } from 'next/server';\nimport { createAgentShieldMiddleware as createBaseMiddleware } from './middleware';\nimport type { NextJSMiddlewareConfig } from './types';\n\nlet middlewareInstance: any = null;\nlet isInitializing = false;\nlet initPromise: Promise<any> | null = null;\n\n/**\n * Create an AgentShield middleware with automatic WASM initialization\n * This version handles initialization internally to avoid top-level await\n */\nexport function createAgentShieldMiddleware(config: NextJSMiddlewareConfig) {\n return async function agentShieldMiddleware(\n request: NextRequest\n ): Promise<NextResponse> {\n // Initialize middleware on first request (no WASM needed in Edge Runtime)\n if (!middlewareInstance) {\n if (!isInitializing) {\n isInitializing = true;\n initPromise = (async () => {\n // No WASM initialization needed - EdgeAgentDetector works without it\n\n // Create the actual middleware instance\n middlewareInstance = createBaseMiddleware(config);\n return middlewareInstance;\n })();\n }\n\n // Wait for initialization to complete\n if (initPromise) {\n middlewareInstance = await initPromise;\n }\n }\n\n // Run the middleware\n return middlewareInstance\n ? middlewareInstance(request)\n : NextResponse.next();\n };\n}\n\n/**\n * Export the original function as well for backward compatibility\n */\nexport { createAgentShieldMiddleware as createMiddleware };\n","/**\n * @fileoverview AgentShield Next.js Integration\n * @version 0.1.0\n * @license MIT OR Apache-2.0\n */\n\n// Export the enhanced middleware that handles initialization internally\nexport { createAgentShieldMiddleware, createMiddleware } from './create-middleware';\n\n// Also export original middleware for advanced users\nexport { createAgentShieldMiddleware as createAgentShieldMiddlewareBase } from './middleware';\n\nexport * from './types';\n// Hooks are not exported from main entry - they're client-only\n// If someone needs hooks, they should import from '@kya-os/agentshield-nextjs/hooks'\n\n/**\n * Library version\n */\nexport const VERSION = '0.1.0';\n"]}
package/dist/middleware.d.mts CHANGED
@@ -4,6 +4,8 @@ import '@kya-os/agentshield';
4
4
 
5
5
  /**
6
6
  * Next.js middleware for AgentShield
7
+ *
8
+ * Uses edge-safe imports to avoid WASM in Edge Runtime
7
9
  */
8
10
 
9
11
  /**
package/dist/middleware.d.ts CHANGED
@@ -4,6 +4,8 @@ import '@kya-os/agentshield';
4
4
 
5
5
  /**
6
6
  * Next.js middleware for AgentShield
7
+ *
8
+ * Uses edge-safe imports to avoid WASM in Edge Runtime
7
9
  */
8
10
 
9
11
  /**
package/dist/middleware.js CHANGED
@@ -1,11 +1,126 @@
1
1
  'use strict';
2
2
 
3
3
  var server = require('next/server');
4
- var agentshield = require('@kya-os/agentshield');
4
+
5
+ // src/middleware.ts
6
+
7
+ // src/edge-detector-wrapper.ts
8
+ var AI_AGENT_PATTERNS = [
9
+ { pattern: /chatgpt-user/i, type: "chatgpt", name: "ChatGPT" },
10
+ { pattern: /claude-web/i, type: "claude", name: "Claude" },
11
+ { pattern: /perplexity/i, type: "perplexity", name: "Perplexity" },
12
+ { pattern: /bingbot/i, type: "bing", name: "Bing AI" },
13
+ { pattern: /anthropic-ai/i, type: "anthropic", name: "Anthropic" }
14
+ ];
15
+ var CLOUD_PROVIDERS = {
16
+ aws: ["54.", "52.", "35.", "18.", "3."],
17
+ gcp: ["35.", "34.", "104.", "107.", "108."],
18
+ azure: ["13.", "20.", "40.", "52.", "104."]
19
+ };
20
+ var EdgeAgentDetector = class {
21
+ async analyze(input) {
22
+ const reasons = [];
23
+ let detectedAgent;
24
+ let verificationMethod;
25
+ let confidence = 0;
26
+ const headers = input.headers || {};
27
+ const normalizedHeaders = {};
28
+ for (const [key, value] of Object.entries(headers)) {
29
+ normalizedHeaders[key.toLowerCase()] = value;
30
+ }
31
+ const signaturePresent = !!(normalizedHeaders["signature"] || normalizedHeaders["signature-input"]);
32
+ const signatureAgent = normalizedHeaders["signature-agent"];
33
+ if (signatureAgent?.includes("chatgpt.com")) {
34
+ confidence = 0.85;
35
+ reasons.push("signature_agent:chatgpt");
36
+ detectedAgent = { type: "chatgpt", name: "ChatGPT" };
37
+ verificationMethod = "signature";
38
+ } else if (signaturePresent) {
39
+ confidence = Math.max(confidence, 0.4);
40
+ reasons.push("signature_present");
41
+ }
42
+ const userAgent = input.userAgent || input.headers?.["user-agent"] || "";
43
+ if (userAgent) {
44
+ for (const { pattern, type, name } of AI_AGENT_PATTERNS) {
45
+ if (pattern.test(userAgent)) {
46
+ confidence = Math.max(confidence, 0.5);
47
+ reasons.push(`known_pattern:${type}`);
48
+ if (!detectedAgent) {
49
+ detectedAgent = { type, name };
50
+ verificationMethod = "pattern";
51
+ }
52
+ break;
53
+ }
54
+ }
55
+ }
56
+ const aiHeaders = [
57
+ "openai-conversation-id",
58
+ "openai-ephemeral-user-id",
59
+ "anthropic-client-id",
60
+ "x-goog-api-client",
61
+ "x-ms-copilot-id"
62
+ ];
63
+ const foundAiHeaders = aiHeaders.filter((header) => normalizedHeaders[header]);
64
+ if (foundAiHeaders.length > 0) {
65
+ confidence = Math.max(confidence, 0.6);
66
+ reasons.push(`ai_headers:${foundAiHeaders.length}`);
67
+ }
68
+ const ip = input.ip || input.ipAddress;
69
+ if (ip && !normalizedHeaders["x-forwarded-for"] && !normalizedHeaders["x-real-ip"]) {
70
+ for (const [provider, prefixes] of Object.entries(CLOUD_PROVIDERS)) {
71
+ if (prefixes.some((prefix) => ip.startsWith(prefix))) {
72
+ confidence = Math.max(confidence, 0.4);
73
+ reasons.push(`cloud_provider:${provider}`);
74
+ break;
75
+ }
76
+ }
77
+ }
78
+ if (reasons.length > 2) {
79
+ confidence = Math.min(confidence * 1.2, 0.95);
80
+ }
81
+ return {
82
+ isAgent: confidence > 0.3,
83
+ confidence,
84
+ ...detectedAgent && { detectedAgent },
85
+ reasons,
86
+ ...verificationMethod && { verificationMethod },
87
+ forgeabilityRisk: confidence > 0.8 ? "medium" : "high",
88
+ timestamp: /* @__PURE__ */ new Date()
89
+ };
90
+ }
91
+ };
92
+ var EdgeAgentDetectorWrapper = class {
93
+ detector;
94
+ events = /* @__PURE__ */ new Map();
95
+ constructor(_config) {
96
+ this.detector = new EdgeAgentDetector();
97
+ }
98
+ async analyze(input) {
99
+ const result = await this.detector.analyze(input);
100
+ if (result.isAgent && this.events.has("agent.detected")) {
101
+ const handlers = this.events.get("agent.detected") || [];
102
+ handlers.forEach((handler) => handler(result, input));
103
+ }
104
+ return result;
105
+ }
106
+ on(event, handler) {
107
+ if (!this.events.has(event)) {
108
+ this.events.set(event, []);
109
+ }
110
+ this.events.get(event).push(handler);
111
+ }
112
+ emit(event, ...args) {
113
+ const handlers = this.events.get(event) || [];
114
+ handlers.forEach((handler) => handler(...args));
115
+ }
116
+ async init() {
117
+ return;
118
+ }
119
+ };
5
120
 
6
121
  // src/middleware.ts
7
122
  function createAgentShieldMiddleware(config = {}) {
8
- const detector = new agentshield.AgentDetector(config);
123
+ const detector = new EdgeAgentDetectorWrapper(config);
9
124
  if (config.events) {
10
125
  Object.entries(config.events).forEach(([event, handler]) => {
11
126
  detector.on(event, handler);
@@ -35,9 +150,11 @@ function createAgentShieldMiddleware(config = {}) {
35
150
  request.agentShield = { skipped: true };
36
151
  return server.NextResponse.next();
37
152
  }
153
+ const userAgent = request.headers.get("user-agent");
154
+ const ipAddress = request.ip ?? request.headers.get("x-forwarded-for");
38
155
  const context = {
39
- userAgent: request.headers.get("user-agent") ?? void 0,
40
- ipAddress: request.ip ?? request.headers.get("x-forwarded-for") ?? void 0,
156
+ ...userAgent && { userAgent },
157
+ ...ipAddress && { ipAddress },
41
158
  headers: Object.fromEntries(request.headers.entries()),
42
159
  url: request.url,
43
160
  method: request.method,
package/dist/middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/middleware.ts"],"names":["AgentDetector","NextResponse","response"],"mappings":";;;;;;AAWO,SAAS,2BAAA,CACd,MAAA,GAA0C,EAAC,EAC3C;AACA,EAAA,MAAM,QAAA,GAAW,IAAIA,yBAAA,CAAc,MAAM,CAAA;AAGzC,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,MAAA,CAAO,OAAA,CAAQ,OAAO,MAAM,CAAA,CAAE,QAAQ,CAAC,CAAC,KAAA,EAAO,OAAO,CAAA,KAAM;AAC1D,MAAA,QAAA,CAAS,EAAA,CAAG,OAAc,OAAc,CAAA;AAAA,IAC1C,CAAC,CAAA;AAAA,EACH;AAEA,EAAA,MAAM;AAAA,IACJ,eAAA,GAAkB,KAAA;AAAA,IAClB,WAAA;AAAA,IACA,YAAY,EAAC;AAAA,IACb,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,yCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA,WAAA,GAAc,UAAA;AAAA,IACd,UAAA,GAAa;AAAA,GACf,GAAI,MAAA;AAEJ,EAAA,OAAO,OAAO,OAAA,KAAgD;AAC5D,IAAA,IAAI;AAEF,MAAA,MAAM,UAAA,GAAa,SAAA,CAAU,IAAA,CAAK,CAAA,OAAA,KAAW;AAC3C,QAAA,IAAI,OAAO,YAAY,QAAA,EAAU;AAC/B,UAAA,OAAO,OAAA,CAAQ,OAAA,CAAQ,QAAA,CAAS,UAAA,CAAW,OAAO,CAAA;AAAA,QACpD;AACA,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,QAAQ,CAAA;AAAA,MAC9C,CAAC,CAAA;AAED,MAAA,IAAI,UAAA,EAAY;AAEd,QAAC,OAAA,CAAgB,WAAA,GAAc,EAAE,OAAA,EAAS,IAAA,EAAK;AAC/C,QAAA,OAAOC,oBAAa,IAAA,EAAK;AAAA,MAC3B;AAGA,MAAA,MAAM,OAAA,GAAU;AAAA,QACd,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,IAAK,KAAA,CAAA;AAAA,QAChD,WAAW,OAAA,CAAQ,EAAA,IAAM,QAAQ,OAAA,CAAQ,GAAA,CAAI,iBAAiB,CAAA,IAAK,KAAA,CAAA;AAAA,QACnE,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,KAAK,OAAA,CAAQ,GAAA;AAAA,QACb,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,SAAA,sBAAe,IAAA;AAAK,OACtB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,OAAO,CAAA;AAG7C,MAAA,IACE,OAAO,OAAA,IACP,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EACpD;AAEA,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,MAAM,cAAA,GAAiB,MAAM,WAAA,CAAY,OAAA,EAAS,MAAM,CAAA;AACxD,UAAA,IAAI,cAAA,EAAgB;AAClB,YAAA,OAAO,cAAA;AAAA,UACT;AAAA,QACF;AAGA,QAAA,QAAQ,eAAA;AAAiB,UACvB,KAAK,OAAA,EAAS;AACZ,YAAA,MAAMC,YAAWD,mBAAA,CAAa,IAAA;AAAA,cAC5B;AAAA,gBACE,OAAO,eAAA,CAAgB,OAAA;AAAA,gBACvB,QAAA,EAAU,IAAA;AAAA,gBACV,YAAY,MAAA,CAAO,UAAA;AAAA,gBACnB,WAAW,MAAA,CAAO;AAAA,eACpB;AAAA,cACA,EAAE,MAAA,EAAQ,eAAA,CAAgB,MAAA;AAAO,aACnC;AAEA,YAAA,IAAI,gBAAgB,OAAA,EAAS;AAC3B,cAAA,MAAA,CAAO,OAAA,CAAQ,eAAA,CAAgB,OAAO,CAAA,CAAE,OAAA;AAAA,gBACtC,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AAChB,kBAAAC,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,gBACjC;AAAA,eACF;AAAA,YACF;AAGA,YAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAE9C,YAAA,OAAOA,SAAAA;AAAA,UACT;AAAA,UAEA,KAAK,UAAA;AACH,YAAA,OAAOD,oBAAa,QAAA,CAAS,IAAI,IAAI,WAAA,EAAa,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAEhE,KAAK,SAAA;AACH,YAAA,OAAOA,oBAAa,OAAA,CAAQ,IAAI,IAAI,UAAA,EAAY,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAE9D,KAAK,KAAA;AACH,YAAA,OAAA,CAAQ,KAAK,6BAAA,EAA+B;AAAA,cAC1C,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,YAAY,MAAA,CAAO,UAAA;AAAA,cACnB,SAAS,MAAA,CAAO,OAAA;AAAA,cAChB,QAAA,EAAU,QAAQ,OAAA,CAAQ;AAAA,aAC3B,CAAA;AACD,YAAA;AAAA,UAEF,KAAK,OAAA;AAAA,UACL;AAEE,YAAA,IAAI,OAAO,OAAA,IAAW,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EAAM;AAC9E,cAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAAA,YAChD;AAEA,YAAA;AAAA;AACJ,MACF;AAGA,MAAC,QAAgB,WAAA,GAAc;AAAA,QAC7B,MAAA;AAAA,QACA,OAAA,EAAS;AAAA,OACX;AAGA,MAAA,MAAM,QAAA,GAAWA,oBAAa,IAAA,EAAK;AACnC,MAAA,QAAA,CAAS,QAAQ,GAAA,CAAI,wBAAA,EAA0B,MAAA,CAAO,OAAA,CAAQ,UAAU,CAAA;AACxE,MAAA,QAAA,CAAS,OAAA,CAAQ,GAAA;AAAA,QACf,0BAAA;AAAA,QACA,MAAA,CAAO,WAAW,QAAA;AAAS,OAC7B;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AACpD,MAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF;AAKO,SAAS,WAAA,CAAY,MAAA,GAA0C,EAAC,EAAG;AACxE,EAAA,OAAO,4BAA4B,MAAM,CAAA;AAC3C","file":"middleware.js","sourcesContent":["/**\n * Next.js middleware for AgentShield\n */\n\nimport { NextRequest, NextResponse } from 'next/server';\nimport { AgentDetector } from '@kya-os/agentshield';\nimport type { NextJSMiddlewareConfig } from './types';\n\n/**\n * Create AgentShield middleware for Next.js\n */\nexport function createAgentShieldMiddleware(\n config: Partial<NextJSMiddlewareConfig> = {}\n) {\n const detector = new AgentDetector(config);\n \n // Wire up event handlers if provided\n if (config.events) {\n Object.entries(config.events).forEach(([event, handler]) => {\n detector.on(event as any, handler as any);\n });\n }\n\n const {\n onAgentDetected = 'log',\n onDetection,\n skipPaths = [],\n blockedResponse = {\n status: 403,\n message: 'Access denied: Automated agent detected',\n headers: { 'Content-Type': 'application/json' },\n },\n redirectUrl = '/blocked',\n rewriteUrl = '/blocked',\n } = config;\n\n return async (request: NextRequest): Promise<NextResponse> => {\n try {\n // Check if path should be skipped\n const shouldSkip = skipPaths.some(pattern => {\n if (typeof pattern === 'string') {\n return request.nextUrl.pathname.startsWith(pattern);\n }\n return pattern.test(request.nextUrl.pathname);\n });\n\n if (shouldSkip) {\n // Mark as skipped in request\n (request as any).agentShield = { skipped: true };\n return NextResponse.next();\n }\n\n // Prepare request context\n const context = {\n userAgent: request.headers.get('user-agent') ?? undefined,\n ipAddress: request.ip ?? request.headers.get('x-forwarded-for') ?? undefined,\n headers: Object.fromEntries(request.headers.entries()),\n url: request.url,\n method: request.method,\n timestamp: new Date(),\n };\n\n // Analyze request\n const result = await detector.analyze(context);\n\n // Handle detection result\n if (\n result.isAgent &&\n result.confidence >= (config.confidenceThreshold ?? 0.7)\n ) {\n // Call custom detection handler if provided\n if (onDetection) {\n const customResponse = await onDetection(request, result);\n if (customResponse) {\n return customResponse;\n }\n }\n\n // Handle based on configuration\n switch (onAgentDetected) {\n case 'block': {\n const response = NextResponse.json(\n {\n error: blockedResponse.message,\n detected: true,\n confidence: result.confidence,\n timestamp: result.timestamp,\n },\n { status: blockedResponse.status }\n );\n\n if (blockedResponse.headers) {\n Object.entries(blockedResponse.headers).forEach(\n ([key, value]) => {\n response.headers.set(key, value);\n }\n );\n }\n \n // Emit blocked event\n detector.emit('agent.blocked', result, context);\n\n return response;\n }\n\n case 'redirect':\n return NextResponse.redirect(new URL(redirectUrl, request.url));\n\n case 'rewrite':\n return NextResponse.rewrite(new URL(rewriteUrl, request.url));\n\n case 'log':\n console.warn('AgentShield: Agent detected', {\n ipAddress: context.ipAddress,\n userAgent: context.userAgent,\n confidence: result.confidence,\n reasons: result.reasons,\n pathname: request.nextUrl.pathname,\n });\n break;\n\n case 'allow':\n default:\n // Emit allowed event for high-confidence agents\n if (result.isAgent && result.confidence >= (config.confidenceThreshold ?? 0.7)) {\n detector.emit('agent.allowed', result, context);\n }\n // Continue processing\n break;\n }\n }\n\n // Add detection result to request for API routes\n (request as any).agentShield = {\n result,\n skipped: false,\n };\n\n // Add detection result to response headers for debugging\n const response = NextResponse.next();\n response.headers.set('x-agentshield-detected', result.isAgent.toString());\n response.headers.set(\n 'x-agentshield-confidence',\n result.confidence.toString()\n );\n\n return response;\n } catch (error) {\n console.error('AgentShield middleware error:', error);\n return NextResponse.next(); // Continue on error\n }\n };\n}\n\n/**\n * Convenience function for basic setup\n */\nexport function agentShield(config: Partial<NextJSMiddlewareConfig> = {}) {\n return createAgentShieldMiddleware(config);\n}\n"]}
1
+ {"version":3,"sources":["../src/edge-detector-wrapper.ts","../src/middleware.ts"],"names":["NextResponse","response"],"mappings":";;;;;;;AAiCA,IAAM,iBAAA,GAAoB;AAAA,EACxB,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,SAAA,EAAW,MAAM,SAAA,EAAU;AAAA,EAC7D,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,QAAA,EAAU,MAAM,QAAA,EAAS;AAAA,EACzD,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACjE,EAAE,OAAA,EAAS,UAAA,EAAY,IAAA,EAAM,MAAA,EAAQ,MAAM,SAAA,EAAU;AAAA,EACrD,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,WAAA,EAAa,MAAM,WAAA;AACvD,CAAA;AAGA,IAAM,eAAA,GAAkB;AAAA,EACtB,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,IAAI,CAAA;AAAA,EACtC,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,QAAQ,MAAM,CAAA;AAAA,EAC1C,OAAO,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,MAAM;AAC5C,CAAA;AAKA,IAAM,oBAAN,MAAwB;AAAA,EACtB,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,IAAI,aAAA;AACJ,IAAA,IAAI,kBAAA;AACJ,IAAA,IAAI,UAAA,GAAa,CAAA;AAEjB,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,OAAA,IAAW,EAAC;AAClC,IAAA,MAAM,oBAA4C,EAAC;AAGnD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,MAAA,iBAAA,CAAkB,GAAA,CAAI,WAAA,EAAa,CAAA,GAAI,KAAA;AAAA,IACzC;AAGA,IAAA,MAAM,mBAAmB,CAAC,EAAE,kBAAkB,WAAW,CAAA,IAAK,kBAAkB,iBAAiB,CAAA,CAAA;AACjG,IAAA,MAAM,cAAA,GAAiB,kBAAkB,iBAAiB,CAAA;AAE1D,IAAA,IAAI,cAAA,EAAgB,QAAA,CAAS,aAAa,CAAA,EAAG;AAC3C,MAAA,UAAA,GAAa,IAAA;AACb,MAAA,OAAA,CAAQ,KAAK,yBAAyB,CAAA;AACtC,MAAA,aAAA,GAAgB,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,SAAA,EAAU;AACnD,MAAA,kBAAA,GAAqB,WAAA;AAAA,IACvB,WAAW,gBAAA,EAAkB;AAC3B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,KAAK,mBAAmB,CAAA;AAAA,IAClC;AAGA,IAAA,MAAM,YAAY,KAAA,CAAM,SAAA,IAAa,KAAA,CAAM,OAAA,GAAU,YAAY,CAAA,IAAK,EAAA;AACtE,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,KAAA,MAAW,EAAE,OAAA,EAAS,IAAA,EAAM,IAAA,MAAU,iBAAA,EAAmB;AACvD,QAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA,EAAG;AAC3B,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,cAAA,EAAiB,IAAI,CAAA,CAAE,CAAA;AACpC,UAAA,IAAI,CAAC,aAAA,EAAe;AAClB,YAAA,aAAA,GAAgB,EAAE,MAAM,IAAA,EAAK;AAC7B,YAAA,kBAAA,GAAqB,SAAA;AAAA,UACvB;AACA,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,MAAM,SAAA,GAAY;AAAA,MAChB,wBAAA;AAAA,MACA,0BAAA;AAAA,MACA,qBAAA;AAAA,MACA,mBAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,iBAAiB,SAAA,CAAU,MAAA,CAAO,CAAA,MAAA,KAAU,iBAAA,CAAkB,MAAM,CAAC,CAAA;AAC3E,IAAA,IAAI,cAAA,CAAe,SAAS,CAAA,EAAG;AAC7B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,WAAA,EAAc,cAAA,CAAe,MAAM,CAAA,CAAE,CAAA;AAAA,IACpD;AAGA,IAAA,MAAM,EAAA,GAAK,KAAA,CAAM,EAAA,IAAM,KAAA,CAAM,SAAA;AAC7B,IAAA,IAAI,EAAA,IAAM,CAAC,iBAAA,CAAkB,iBAAiB,KAAK,CAAC,iBAAA,CAAkB,WAAW,CAAA,EAAG;AAClF,MAAA,KAAA,MAAW,CAAC,QAAA,EAAU,QAAQ,KAAK,MAAA,CAAO,OAAA,CAAQ,eAAe,CAAA,EAAG;AAClE,QAAA,IAAI,SAAS,IAAA,CAAK,CAAA,MAAA,KAAU,GAAG,UAAA,CAAW,MAAM,CAAC,CAAA,EAAG;AAClD,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,eAAA,EAAkB,QAAQ,CAAA,CAAE,CAAA;AACzC,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,GAAa,GAAA,EAAK,IAAI,CAAA;AAAA,IAC9C;AAEA,IAAA,OAAO;AAAA,MACL,SAAS,UAAA,GAAa,GAAA;AAAA,MACtB,UAAA;AAAA,MACA,GAAI,aAAA,IAAiB,EAAE,aAAA,EAAc;AAAA,MACrC,OAAA;AAAA,MACA,GAAI,kBAAA,IAAsB,EAAE,kBAAA,EAAmB;AAAA,MAC/C,gBAAA,EAAkB,UAAA,GAAa,GAAA,GAAM,QAAA,GAAW,MAAA;AAAA,MAChD,SAAA,sBAAe,IAAA;AAAK,KACtB;AAAA,EACF;AACF,CAAA;AAKO,IAAM,2BAAN,MAA+B;AAAA,EAC5B,QAAA;AAAA,EACA,MAAA,uBAA0C,GAAA,EAAI;AAAA,EAEtD,YAAY,OAAA,EAAe;AAEzB,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,iBAAA,EAAkB;AAAA,EACxC;AAAA,EAEA,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,QAAA,CAAS,QAAQ,KAAK,CAAA;AAGhD,IAAA,IAAI,OAAO,OAAA,IAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,KAAK,EAAC;AACvD,MAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,MAAA,EAAQ,KAAK,CAAC,CAAA;AAAA,IACpD;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,EAAA,CAAG,OAAe,OAAA,EAA6B;AAC7C,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,EAAG;AAC3B,MAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAA,EAAO,EAAE,CAAA;AAAA,IAC3B;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,CAAG,KAAK,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,IAAA,CAAK,UAAkB,IAAA,EAAmB;AACxC,IAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,KAAK,EAAC;AAC5C,IAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,GAAG,IAAI,CAAC,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,IAAA,GAAsB;AAE1B,IAAA;AAAA,EACF;AACF,CAAA;;;ACtKO,SAAS,2BAAA,CACd,MAAA,GAA0C,EAAC,EAC3C;AACA,EAAA,MAAM,QAAA,GAAW,IAAI,wBAAA,CAAc,MAAM,CAAA;AAGzC,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,MAAA,CAAO,OAAA,CAAQ,OAAO,MAAM,CAAA,CAAE,QAAQ,CAAC,CAAC,KAAA,EAAO,OAAO,CAAA,KAAM;AAC1D,MAAA,QAAA,CAAS,EAAA,CAAG,OAAc,OAAc,CAAA;AAAA,IAC1C,CAAC,CAAA;AAAA,EACH;AAEA,EAAA,MAAM;AAAA,IACJ,eAAA,GAAkB,KAAA;AAAA,IAClB,WAAA;AAAA,IACA,YAAY,EAAC;AAAA,IACb,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,yCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA,WAAA,GAAc,UAAA;AAAA,IACd,UAAA,GAAa;AAAA,GACf,GAAI,MAAA;AAEJ,EAAA,OAAO,OAAO,OAAA,KAAgD;AAC5D,IAAA,IAAI;AAEF,MAAA,MAAM,UAAA,GAAa,SAAA,CAAU,IAAA,CAAK,CAAA,OAAA,KAAW;AAC3C,QAAA,IAAI,OAAO,YAAY,QAAA,EAAU;AAC/B,UAAA,OAAO,OAAA,CAAQ,OAAA,CAAQ,QAAA,CAAS,UAAA,CAAW,OAAO,CAAA;AAAA,QACpD;AACA,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,QAAQ,CAAA;AAAA,MAC9C,CAAC,CAAA;AAED,MAAA,IAAI,UAAA,EAAY;AAEd,QAAC,OAAA,CAAgB,WAAA,GAAc,EAAE,OAAA,EAAS,IAAA,EAAK;AAC/C,QAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,MAC3B;AAGA,MAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA;AAClD,MAAA,MAAM,YAAY,OAAA,CAAQ,EAAA,IAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,iBAAiB,CAAA;AAErE,MAAA,MAAM,OAAA,GAAU;AAAA,QACd,GAAI,SAAA,IAAa,EAAE,SAAA,EAAU;AAAA,QAC7B,GAAI,SAAA,IAAa,EAAE,SAAA,EAAU;AAAA,QAC7B,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,KAAK,OAAA,CAAQ,GAAA;AAAA,QACb,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,SAAA,sBAAe,IAAA;AAAK,OACtB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,OAAO,CAAA;AAG7C,MAAA,IACE,OAAO,OAAA,IACP,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EACpD;AAEA,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,MAAM,cAAA,GAAiB,MAAM,WAAA,CAAY,OAAA,EAAS,MAAM,CAAA;AACxD,UAAA,IAAI,cAAA,EAAgB;AAClB,YAAA,OAAO,cAAA;AAAA,UACT;AAAA,QACF;AAGA,QAAA,QAAQ,eAAA;AAAiB,UACvB,KAAK,OAAA,EAAS;AACZ,YAAA,MAAMC,YAAWD,mBAAA,CAAa,IAAA;AAAA,cAC5B;AAAA,gBACE,OAAO,eAAA,CAAgB,OAAA;AAAA,gBACvB,QAAA,EAAU,IAAA;AAAA,gBACV,YAAY,MAAA,CAAO,UAAA;AAAA,gBACnB,WAAW,MAAA,CAAO;AAAA,eACpB;AAAA,cACA,EAAE,MAAA,EAAQ,eAAA,CAAgB,MAAA;AAAO,aACnC;AAEA,YAAA,IAAI,gBAAgB,OAAA,EAAS;AAC3B,cAAA,MAAA,CAAO,OAAA,CAAQ,eAAA,CAAgB,OAAO,CAAA,CAAE,OAAA;AAAA,gBACtC,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AAChB,kBAAAC,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,gBACjC;AAAA,eACF;AAAA,YACF;AAGA,YAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAE9C,YAAA,OAAOA,SAAAA;AAAA,UACT;AAAA,UAEA,KAAK,UAAA;AACH,YAAA,OAAOD,oBAAa,QAAA,CAAS,IAAI,IAAI,WAAA,EAAa,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAEhE,KAAK,SAAA;AACH,YAAA,OAAOA,oBAAa,OAAA,CAAQ,IAAI,IAAI,UAAA,EAAY,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAE9D,KAAK,KAAA;AACH,YAAA,OAAA,CAAQ,KAAK,6BAAA,EAA+B;AAAA,cAC1C,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,YAAY,MAAA,CAAO,UAAA;AAAA,cACnB,SAAS,MAAA,CAAO,OAAA;AAAA,cAChB,QAAA,EAAU,QAAQ,OAAA,CAAQ;AAAA,aAC3B,CAAA;AACD,YAAA;AAAA,UAEF,KAAK,OAAA;AAAA,UACL;AAEE,YAAA,IAAI,OAAO,OAAA,IAAW,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EAAM;AAC9E,cAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAAA,YAChD;AAEA,YAAA;AAAA;AACJ,MACF;AAGA,MAAC,QAAgB,WAAA,GAAc;AAAA,QAC7B,MAAA;AAAA,QACA,OAAA,EAAS;AAAA,OACX;AAGA,MAAA,MAAM,QAAA,GAAWA,oBAAa,IAAA,EAAK;AACnC,MAAA,QAAA,CAAS,QAAQ,GAAA,CAAI,wBAAA,EAA0B,MAAA,CAAO,OAAA,CAAQ,UAAU,CAAA;AACxE,MAAA,QAAA,CAAS,OAAA,CAAQ,GAAA;AAAA,QACf,0BAAA;AAAA,QACA,MAAA,CAAO,WAAW,QAAA;AAAS,OAC7B;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AACpD,MAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF;AAKO,SAAS,WAAA,CAAY,MAAA,GAA0C,EAAC,EAAG;AACxE,EAAA,OAAO,4BAA4B,MAAM,CAAA;AAC3C","file":"middleware.js","sourcesContent":["/**\n * Wrapper for EdgeAgentDetector to match AgentDetector interface\n * This allows the middleware to work with EdgeAgentDetector in Edge Runtime\n * \n * This is a self-contained implementation to avoid import resolution issues\n */\n\ntype DetectionInput = {\n userAgent?: string;\n ip?: string;\n ipAddress?: string;\n headers?: Record<string, string>;\n url?: string;\n method?: string;\n timestamp?: Date;\n};\n\ntype DetectionResult = {\n isAgent: boolean;\n confidence: number;\n detectedAgent?: {\n type: string;\n name: string;\n };\n reasons: string[];\n verificationMethod?: string;\n forgeabilityRisk?: 'low' | 'medium' | 'high';\n timestamp: Date;\n};\n\ntype EventHandler = (...args: any[]) => void;\n\n// Known AI agent patterns\nconst AI_AGENT_PATTERNS = [\n { pattern: /chatgpt-user/i, type: 'chatgpt', name: 'ChatGPT' },\n { pattern: /claude-web/i, type: 'claude', name: 'Claude' },\n { pattern: /perplexity/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /bingbot/i, type: 'bing', name: 'Bing AI' },\n { pattern: /anthropic-ai/i, type: 'anthropic', name: 'Anthropic' },\n];\n\n// Known cloud provider IP ranges (simplified)\nconst CLOUD_PROVIDERS = {\n aws: ['54.', '52.', '35.', '18.', '3.'],\n gcp: ['35.', '34.', '104.', '107.', '108.'],\n azure: ['13.', '20.', '40.', '52.', '104.'],\n};\n\n/**\n * Self-contained EdgeAgentDetector implementation\n */\nclass EdgeAgentDetector {\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const reasons: string[] = [];\n let detectedAgent: { type: string; name: string } | undefined;\n let verificationMethod: string | undefined;\n let confidence = 0;\n\n const headers = input.headers || {};\n const normalizedHeaders: Record<string, string> = {};\n \n // Normalize header names to lowercase\n for (const [key, value] of Object.entries(headers)) {\n normalizedHeaders[key.toLowerCase()] = value;\n }\n\n // Check for HTTP Message Signatures (highest confidence)\n const signaturePresent = !!(normalizedHeaders['signature'] || normalizedHeaders['signature-input']);\n const signatureAgent = normalizedHeaders['signature-agent'];\n \n if (signatureAgent?.includes('chatgpt.com')) {\n confidence = 0.85;\n reasons.push('signature_agent:chatgpt');\n detectedAgent = { type: 'chatgpt', name: 'ChatGPT' };\n verificationMethod = 'signature';\n } else if (signaturePresent) {\n confidence = Math.max(confidence, 0.4);\n reasons.push('signature_present');\n }\n\n // Check User-Agent patterns\n const userAgent = input.userAgent || input.headers?.['user-agent'] || '';\n if (userAgent) {\n for (const { pattern, type, name } of AI_AGENT_PATTERNS) {\n if (pattern.test(userAgent)) {\n confidence = Math.max(confidence, 0.5);\n reasons.push(`known_pattern:${type}`);\n if (!detectedAgent) {\n detectedAgent = { type, name };\n verificationMethod = 'pattern';\n }\n break;\n }\n }\n }\n\n // Check AI-specific headers\n const aiHeaders = [\n 'openai-conversation-id',\n 'openai-ephemeral-user-id',\n 'anthropic-client-id',\n 'x-goog-api-client',\n 'x-ms-copilot-id'\n ];\n \n const foundAiHeaders = aiHeaders.filter(header => normalizedHeaders[header]);\n if (foundAiHeaders.length > 0) {\n confidence = Math.max(confidence, 0.6);\n reasons.push(`ai_headers:${foundAiHeaders.length}`);\n }\n\n // Check cloud provider IPs\n const ip = input.ip || input.ipAddress;\n if (ip && !normalizedHeaders['x-forwarded-for'] && !normalizedHeaders['x-real-ip']) {\n for (const [provider, prefixes] of Object.entries(CLOUD_PROVIDERS)) {\n if (prefixes.some(prefix => ip.startsWith(prefix))) {\n confidence = Math.max(confidence, 0.4);\n reasons.push(`cloud_provider:${provider}`);\n break;\n }\n }\n }\n\n // Boost confidence for combinations\n if (reasons.length > 2) {\n confidence = Math.min(confidence * 1.2, 0.95);\n }\n\n return {\n isAgent: confidence > 0.3,\n confidence,\n ...(detectedAgent && { detectedAgent }),\n reasons,\n ...(verificationMethod && { verificationMethod }),\n forgeabilityRisk: confidence > 0.8 ? 'medium' : 'high',\n timestamp: new Date(),\n };\n }\n}\n\n/**\n * Wrapper that provides event emitter functionality\n */\nexport class EdgeAgentDetectorWrapper {\n private detector: EdgeAgentDetector;\n private events: Map<string, EventHandler[]> = new Map();\n\n constructor(_config?: any) {\n // Config is accepted but not used by EdgeAgentDetector\n this.detector = new EdgeAgentDetector();\n }\n\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const result = await this.detector.analyze(input);\n \n // Emit events if there are listeners\n if (result.isAgent && this.events.has('agent.detected')) {\n const handlers = this.events.get('agent.detected') || [];\n handlers.forEach(handler => handler(result, input));\n }\n \n return result;\n }\n\n on(event: string, handler: EventHandler): void {\n if (!this.events.has(event)) {\n this.events.set(event, []);\n }\n this.events.get(event)!.push(handler);\n }\n\n emit(event: string, ...args: any[]): void {\n const handlers = this.events.get(event) || [];\n handlers.forEach(handler => handler(...args));\n }\n\n async init(): Promise<void> {\n // EdgeAgentDetector doesn't need initialization\n return;\n }\n}","/**\n * Next.js middleware for AgentShield\n * \n * Uses edge-safe imports to avoid WASM in Edge Runtime\n */\n\nimport { NextRequest, NextResponse } from 'next/server';\n// Use wrapper for EdgeAgentDetector to match expected interface\nimport { EdgeAgentDetectorWrapper as AgentDetector } from './edge-detector-wrapper';\nimport type { NextJSMiddlewareConfig } from './types';\n\n/**\n * Create AgentShield middleware for Next.js\n */\nexport function createAgentShieldMiddleware(\n config: Partial<NextJSMiddlewareConfig> = {}\n) {\n const detector = new AgentDetector(config);\n \n // Wire up event handlers if provided\n if (config.events) {\n Object.entries(config.events).forEach(([event, handler]) => {\n detector.on(event as any, handler as any);\n });\n }\n\n const {\n onAgentDetected = 'log',\n onDetection,\n skipPaths = [],\n blockedResponse = {\n status: 403,\n message: 'Access denied: Automated agent detected',\n headers: { 'Content-Type': 'application/json' },\n },\n redirectUrl = '/blocked',\n rewriteUrl = '/blocked',\n } = config;\n\n return async (request: NextRequest): Promise<NextResponse> => {\n try {\n // Check if path should be skipped\n const shouldSkip = skipPaths.some(pattern => {\n if (typeof pattern === 'string') {\n return request.nextUrl.pathname.startsWith(pattern);\n }\n return pattern.test(request.nextUrl.pathname);\n });\n\n if (shouldSkip) {\n // Mark as skipped in request\n (request as any).agentShield = { skipped: true };\n return NextResponse.next();\n }\n\n // Prepare request context - ensure all optional fields are properly typed\n const userAgent = request.headers.get('user-agent');\n const ipAddress = request.ip ?? request.headers.get('x-forwarded-for');\n \n const context = {\n ...(userAgent && { userAgent }),\n ...(ipAddress && { ipAddress }),\n headers: Object.fromEntries(request.headers.entries()),\n url: request.url,\n method: request.method,\n timestamp: new Date(),\n };\n\n // Analyze request\n const result = await detector.analyze(context);\n\n // Handle detection result\n if (\n result.isAgent &&\n result.confidence >= (config.confidenceThreshold ?? 0.7)\n ) {\n // Call custom detection handler if provided\n if (onDetection) {\n const customResponse = await onDetection(request, result);\n if (customResponse) {\n return customResponse;\n }\n }\n\n // Handle based on configuration\n switch (onAgentDetected) {\n case 'block': {\n const response = NextResponse.json(\n {\n error: blockedResponse.message,\n detected: true,\n confidence: result.confidence,\n timestamp: result.timestamp,\n },\n { status: blockedResponse.status }\n );\n\n if (blockedResponse.headers) {\n Object.entries(blockedResponse.headers).forEach(\n ([key, value]) => {\n response.headers.set(key, value);\n }\n );\n }\n \n // Emit blocked event\n detector.emit('agent.blocked', result, context);\n\n return response;\n }\n\n case 'redirect':\n return NextResponse.redirect(new URL(redirectUrl, request.url));\n\n case 'rewrite':\n return NextResponse.rewrite(new URL(rewriteUrl, request.url));\n\n case 'log':\n console.warn('AgentShield: Agent detected', {\n ipAddress: context.ipAddress,\n userAgent: context.userAgent,\n confidence: result.confidence,\n reasons: result.reasons,\n pathname: request.nextUrl.pathname,\n });\n break;\n\n case 'allow':\n default:\n // Emit allowed event for high-confidence agents\n if (result.isAgent && result.confidence >= (config.confidenceThreshold ?? 0.7)) {\n detector.emit('agent.allowed', result, context);\n }\n // Continue processing\n break;\n }\n }\n\n // Add detection result to request for API routes\n (request as any).agentShield = {\n result,\n skipped: false,\n };\n\n // Add detection result to response headers for debugging\n const response = NextResponse.next();\n response.headers.set('x-agentshield-detected', result.isAgent.toString());\n response.headers.set(\n 'x-agentshield-confidence',\n result.confidence.toString()\n );\n\n return response;\n } catch (error) {\n console.error('AgentShield middleware error:', error);\n return NextResponse.next(); // Continue on error\n }\n };\n}\n\n/**\n * Convenience function for basic setup\n */\nexport function agentShield(config: Partial<NextJSMiddlewareConfig> = {}) {\n return createAgentShieldMiddleware(config);\n}\n"]}