@kya-os/agentshield-nextjs 0.1.21 → 0.1.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/create-middleware.js +91 -4
- package/dist/create-middleware.js.map +1 -1
- package/dist/create-middleware.mjs +90 -3
- package/dist/create-middleware.mjs.map +1 -1
- package/dist/edge-detector-wrapper.d.mts +26 -3
- package/dist/edge-detector-wrapper.d.ts +26 -3
- package/dist/edge-detector-wrapper.js +85 -3
- package/dist/edge-detector-wrapper.js.map +1 -1
- package/dist/edge-detector-wrapper.mjs +84 -2
- package/dist/edge-detector-wrapper.mjs.map +1 -1
- package/dist/index.js +91 -4
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +90 -3
- package/dist/index.mjs.map +1 -1
- package/dist/middleware.js +91 -4
- package/dist/middleware.js.map +1 -1
- package/dist/middleware.mjs +90 -3
- package/dist/middleware.mjs.map +1 -1
- package/dist/wasm-middleware.d.mts +62 -0
- package/dist/wasm-middleware.d.ts +62 -0
- package/dist/wasm-middleware.js +89 -0
- package/dist/wasm-middleware.js.map +1 -0
- package/dist/wasm-middleware.mjs +86 -0
- package/dist/wasm-middleware.mjs.map +1 -0
- package/package.json +8 -2
- package/templates/middleware-wasm-100.ts +151 -0
package/dist/middleware.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/edge-detector-wrapper.ts","../src/middleware.ts"],"names":["EdgeAgentDetector","NextResponse","response"],"mappings":";;;;;;AAUO,IAAM,2BAAN,MAA+B;AAAA,EAC5B,QAAA;AAAA,EACA,MAAA,uBAA0C,GAAA,EAAI;AAAA,EAEtD,YAAY,OAAA,EAAe;AAEzB,IAAA,IAAA,CAAK,QAAA,GAAW,IAAIA,sBAAA,EAAkB;AAAA,EACxC;AAAA,EAEA,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,QAAA,CAAS,QAAQ,KAAK,CAAA;AAGhD,IAAA,IAAI,OAAO,OAAA,IAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,KAAK,EAAC;AACvD,MAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,MAAA,EAAQ,KAAK,CAAC,CAAA;AAAA,IACpD;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,EAAA,CAAG,OAAe,OAAA,EAA6B;AAC7C,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,EAAG;AAC3B,MAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAA,EAAO,EAAE,CAAA;AAAA,IAC3B;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,CAAG,KAAK,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,IAAA,CAAK,UAAkB,IAAA,EAAmB;AACxC,IAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,KAAK,EAAC;AAC5C,IAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,GAAG,IAAI,CAAC,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,IAAA,GAAsB;AAE1B,IAAA;AAAA,EACF;AACF,CAAA;;;ACjCO,SAAS,2BAAA,CACd,MAAA,GAA0C,EAAC,EAC3C;AACA,EAAA,MAAM,QAAA,GAAW,IAAI,wBAAA,CAAc,MAAM,CAAA;AAGzC,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,MAAA,CAAO,OAAA,CAAQ,OAAO,MAAM,CAAA,CAAE,QAAQ,CAAC,CAAC,KAAA,EAAO,OAAO,CAAA,KAAM;AAC1D,MAAA,QAAA,CAAS,EAAA,CAAG,OAAc,OAAc,CAAA;AAAA,IAC1C,CAAC,CAAA;AAAA,EACH;AAEA,EAAA,MAAM;AAAA,IACJ,eAAA,GAAkB,KAAA;AAAA,IAClB,WAAA;AAAA,IACA,YAAY,EAAC;AAAA,IACb,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,yCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA,WAAA,GAAc,UAAA;AAAA,IACd,UAAA,GAAa;AAAA,GACf,GAAI,MAAA;AAEJ,EAAA,OAAO,OAAO,OAAA,KAAgD;AAC5D,IAAA,IAAI;AAEF,MAAA,MAAM,UAAA,GAAa,SAAA,CAAU,IAAA,CAAK,CAAA,OAAA,KAAW;AAC3C,QAAA,IAAI,OAAO,YAAY,QAAA,EAAU;AAC/B,UAAA,OAAO,OAAA,CAAQ,OAAA,CAAQ,QAAA,CAAS,UAAA,CAAW,OAAO,CAAA;AAAA,QACpD;AACA,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,QAAQ,CAAA;AAAA,MAC9C,CAAC,CAAA;AAED,MAAA,IAAI,UAAA,EAAY;AAEd,QAAC,OAAA,CAAgB,WAAA,GAAc,EAAE,OAAA,EAAS,IAAA,EAAK;AAC/C,QAAA,OAAOC,oBAAa,IAAA,EAAK;AAAA,MAC3B;AAGA,MAAA,MAAM,OAAA,GAAU;AAAA,QACd,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,IAAK,KAAA,CAAA;AAAA,QAChD,WAAW,OAAA,CAAQ,EAAA,IAAM,QAAQ,OAAA,CAAQ,GAAA,CAAI,iBAAiB,CAAA,IAAK,KAAA,CAAA;AAAA,QACnE,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,KAAK,OAAA,CAAQ,GAAA;AAAA,QACb,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,SAAA,sBAAe,IAAA;AAAK,OACtB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,OAAO,CAAA;AAG7C,MAAA,IACE,OAAO,OAAA,IACP,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EACpD;AAEA,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,MAAM,cAAA,GAAiB,MAAM,WAAA,CAAY,OAAA,EAAS,MAAM,CAAA;AACxD,UAAA,IAAI,cAAA,EAAgB;AAClB,YAAA,OAAO,cAAA;AAAA,UACT;AAAA,QACF;AAGA,QAAA,QAAQ,eAAA;AAAiB,UACvB,KAAK,OAAA,EAAS;AACZ,YAAA,MAAMC,YAAWD,mBAAA,CAAa,IAAA;AAAA,cAC5B;AAAA,gBACE,OAAO,eAAA,CAAgB,OAAA;AAAA,gBACvB,QAAA,EAAU,IAAA;AAAA,gBACV,YAAY,MAAA,CAAO,UAAA;AAAA,gBACnB,WAAW,MAAA,CAAO;AAAA,eACpB;AAAA,cACA,EAAE,MAAA,EAAQ,eAAA,CAAgB,MAAA;AAAO,aACnC;AAEA,YAAA,IAAI,gBAAgB,OAAA,EAAS;AAC3B,cAAA,MAAA,CAAO,OAAA,CAAQ,eAAA,CAAgB,OAAO,CAAA,CAAE,OAAA;AAAA,gBACtC,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AAChB,kBAAAC,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,gBACjC;AAAA,eACF;AAAA,YACF;AAGA,YAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAE9C,YAAA,OAAOA,SAAAA;AAAA,UACT;AAAA,UAEA,KAAK,UAAA;AACH,YAAA,OAAOD,oBAAa,QAAA,CAAS,IAAI,IAAI,WAAA,EAAa,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAEhE,KAAK,SAAA;AACH,YAAA,OAAOA,oBAAa,OAAA,CAAQ,IAAI,IAAI,UAAA,EAAY,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAE9D,KAAK,KAAA;AACH,YAAA,OAAA,CAAQ,KAAK,6BAAA,EAA+B;AAAA,cAC1C,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,YAAY,MAAA,CAAO,UAAA;AAAA,cACnB,SAAS,MAAA,CAAO,OAAA;AAAA,cAChB,QAAA,EAAU,QAAQ,OAAA,CAAQ;AAAA,aAC3B,CAAA;AACD,YAAA;AAAA,UAEF,KAAK,OAAA;AAAA,UACL;AAEE,YAAA,IAAI,OAAO,OAAA,IAAW,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EAAM;AAC9E,cAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAAA,YAChD;AAEA,YAAA;AAAA;AACJ,MACF;AAGA,MAAC,QAAgB,WAAA,GAAc;AAAA,QAC7B,MAAA;AAAA,QACA,OAAA,EAAS;AAAA,OACX;AAGA,MAAA,MAAM,QAAA,GAAWA,oBAAa,IAAA,EAAK;AACnC,MAAA,QAAA,CAAS,QAAQ,GAAA,CAAI,wBAAA,EAA0B,MAAA,CAAO,OAAA,CAAQ,UAAU,CAAA;AACxE,MAAA,QAAA,CAAS,OAAA,CAAQ,GAAA;AAAA,QACf,0BAAA;AAAA,QACA,MAAA,CAAO,WAAW,QAAA;AAAS,OAC7B;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AACpD,MAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF;AAKO,SAAS,WAAA,CAAY,MAAA,GAA0C,EAAC,EAAG;AACxE,EAAA,OAAO,4BAA4B,MAAM,CAAA;AAC3C","file":"middleware.js","sourcesContent":["/**\n * Wrapper for EdgeAgentDetector to match AgentDetector interface\n * This allows the middleware to work with EdgeAgentDetector in Edge Runtime\n */\n\nimport { EdgeAgentDetector } from '@kya-os/agentshield/edge';\nimport type { DetectionInput, DetectionResult } from '@kya-os/agentshield/edge';\n\ntype EventHandler = (...args: any[]) => void;\n\nexport class EdgeAgentDetectorWrapper {\n private detector: EdgeAgentDetector;\n private events: Map<string, EventHandler[]> = new Map();\n\n constructor(_config?: any) {\n // Config is accepted but not used by EdgeAgentDetector\n this.detector = new EdgeAgentDetector();\n }\n\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const result = await this.detector.analyze(input);\n \n // Emit events if there are listeners\n if (result.isAgent && this.events.has('agent.detected')) {\n const handlers = this.events.get('agent.detected') || [];\n handlers.forEach(handler => handler(result, input));\n }\n \n return result;\n }\n\n on(event: string, handler: EventHandler): void {\n if (!this.events.has(event)) {\n this.events.set(event, []);\n }\n this.events.get(event)!.push(handler);\n }\n\n emit(event: string, ...args: any[]): void {\n const handlers = this.events.get(event) || [];\n handlers.forEach(handler => handler(...args));\n }\n\n async init(): Promise<void> {\n // EdgeAgentDetector doesn't need initialization\n return;\n }\n}","/**\n * Next.js middleware for AgentShield\n * \n * Uses edge-safe imports to avoid WASM in Edge Runtime\n */\n\nimport { NextRequest, NextResponse } from 'next/server';\n// Use wrapper for EdgeAgentDetector to match expected interface\nimport { EdgeAgentDetectorWrapper as AgentDetector } from './edge-detector-wrapper';\nimport type { NextJSMiddlewareConfig } from './types';\n\n/**\n * Create AgentShield middleware for Next.js\n */\nexport function createAgentShieldMiddleware(\n config: Partial<NextJSMiddlewareConfig> = {}\n) {\n const detector = new AgentDetector(config);\n \n // Wire up event handlers if provided\n if (config.events) {\n Object.entries(config.events).forEach(([event, handler]) => {\n detector.on(event as any, handler as any);\n });\n }\n\n const {\n onAgentDetected = 'log',\n onDetection,\n skipPaths = [],\n blockedResponse = {\n status: 403,\n message: 'Access denied: Automated agent detected',\n headers: { 'Content-Type': 'application/json' },\n },\n redirectUrl = '/blocked',\n rewriteUrl = '/blocked',\n } = config;\n\n return async (request: NextRequest): Promise<NextResponse> => {\n try {\n // Check if path should be skipped\n const shouldSkip = skipPaths.some(pattern => {\n if (typeof pattern === 'string') {\n return request.nextUrl.pathname.startsWith(pattern);\n }\n return pattern.test(request.nextUrl.pathname);\n });\n\n if (shouldSkip) {\n // Mark as skipped in request\n (request as any).agentShield = { skipped: true };\n return NextResponse.next();\n }\n\n // Prepare request context\n const context = {\n userAgent: request.headers.get('user-agent') ?? undefined,\n ipAddress: request.ip ?? request.headers.get('x-forwarded-for') ?? undefined,\n headers: Object.fromEntries(request.headers.entries()),\n url: request.url,\n method: request.method,\n timestamp: new Date(),\n };\n\n // Analyze request\n const result = await detector.analyze(context);\n\n // Handle detection result\n if (\n result.isAgent &&\n result.confidence >= (config.confidenceThreshold ?? 0.7)\n ) {\n // Call custom detection handler if provided\n if (onDetection) {\n const customResponse = await onDetection(request, result);\n if (customResponse) {\n return customResponse;\n }\n }\n\n // Handle based on configuration\n switch (onAgentDetected) {\n case 'block': {\n const response = NextResponse.json(\n {\n error: blockedResponse.message,\n detected: true,\n confidence: result.confidence,\n timestamp: result.timestamp,\n },\n { status: blockedResponse.status }\n );\n\n if (blockedResponse.headers) {\n Object.entries(blockedResponse.headers).forEach(\n ([key, value]) => {\n response.headers.set(key, value);\n }\n );\n }\n \n // Emit blocked event\n detector.emit('agent.blocked', result, context);\n\n return response;\n }\n\n case 'redirect':\n return NextResponse.redirect(new URL(redirectUrl, request.url));\n\n case 'rewrite':\n return NextResponse.rewrite(new URL(rewriteUrl, request.url));\n\n case 'log':\n console.warn('AgentShield: Agent detected', {\n ipAddress: context.ipAddress,\n userAgent: context.userAgent,\n confidence: result.confidence,\n reasons: result.reasons,\n pathname: request.nextUrl.pathname,\n });\n break;\n\n case 'allow':\n default:\n // Emit allowed event for high-confidence agents\n if (result.isAgent && result.confidence >= (config.confidenceThreshold ?? 0.7)) {\n detector.emit('agent.allowed', result, context);\n }\n // Continue processing\n break;\n }\n }\n\n // Add detection result to request for API routes\n (request as any).agentShield = {\n result,\n skipped: false,\n };\n\n // Add detection result to response headers for debugging\n const response = NextResponse.next();\n response.headers.set('x-agentshield-detected', result.isAgent.toString());\n response.headers.set(\n 'x-agentshield-confidence',\n result.confidence.toString()\n );\n\n return response;\n } catch (error) {\n console.error('AgentShield middleware error:', error);\n return NextResponse.next(); // Continue on error\n }\n };\n}\n\n/**\n * Convenience function for basic setup\n */\nexport function agentShield(config: Partial<NextJSMiddlewareConfig> = {}) {\n return createAgentShieldMiddleware(config);\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/edge-detector-wrapper.ts","../src/middleware.ts"],"names":["NextResponse","response"],"mappings":";;;;;;;AAiCA,IAAM,iBAAA,GAAoB;AAAA,EACxB,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,SAAA,EAAW,MAAM,SAAA,EAAU;AAAA,EAC7D,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,QAAA,EAAU,MAAM,QAAA,EAAS;AAAA,EACzD,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACjE,EAAE,OAAA,EAAS,UAAA,EAAY,IAAA,EAAM,MAAA,EAAQ,MAAM,SAAA,EAAU;AAAA,EACrD,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,WAAA,EAAa,MAAM,WAAA;AACvD,CAAA;AAGA,IAAM,eAAA,GAAkB;AAAA,EACtB,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,IAAI,CAAA;AAAA,EACtC,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,QAAQ,MAAM,CAAA;AAAA,EAC1C,OAAO,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,MAAM;AAC5C,CAAA;AAKA,IAAM,oBAAN,MAAwB;AAAA,EACtB,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,IAAI,aAAA;AACJ,IAAA,IAAI,kBAAA;AACJ,IAAA,IAAI,UAAA,GAAa,CAAA;AAEjB,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,OAAA,IAAW,EAAC;AAClC,IAAA,MAAM,oBAA4C,EAAC;AAGnD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,MAAA,iBAAA,CAAkB,GAAA,CAAI,WAAA,EAAa,CAAA,GAAI,KAAA;AAAA,IACzC;AAGA,IAAA,MAAM,mBAAmB,CAAC,EAAE,kBAAkB,WAAW,CAAA,IAAK,kBAAkB,iBAAiB,CAAA,CAAA;AACjG,IAAA,MAAM,cAAA,GAAiB,kBAAkB,iBAAiB,CAAA;AAE1D,IAAA,IAAI,cAAA,EAAgB,QAAA,CAAS,aAAa,CAAA,EAAG;AAC3C,MAAA,UAAA,GAAa,IAAA;AACb,MAAA,OAAA,CAAQ,KAAK,yBAAyB,CAAA;AACtC,MAAA,aAAA,GAAgB,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,SAAA,EAAU;AACnD,MAAA,kBAAA,GAAqB,WAAA;AAAA,IACvB,WAAW,gBAAA,EAAkB;AAC3B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,KAAK,mBAAmB,CAAA;AAAA,IAClC;AAGA,IAAA,MAAM,YAAY,KAAA,CAAM,SAAA,IAAa,KAAA,CAAM,OAAA,GAAU,YAAY,CAAA,IAAK,EAAA;AACtE,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,KAAA,MAAW,EAAE,OAAA,EAAS,IAAA,EAAM,IAAA,MAAU,iBAAA,EAAmB;AACvD,QAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA,EAAG;AAC3B,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,cAAA,EAAiB,IAAI,CAAA,CAAE,CAAA;AACpC,UAAA,IAAI,CAAC,aAAA,EAAe;AAClB,YAAA,aAAA,GAAgB,EAAE,MAAM,IAAA,EAAK;AAC7B,YAAA,kBAAA,GAAqB,SAAA;AAAA,UACvB;AACA,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,MAAM,SAAA,GAAY;AAAA,MAChB,wBAAA;AAAA,MACA,0BAAA;AAAA,MACA,qBAAA;AAAA,MACA,mBAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,iBAAiB,SAAA,CAAU,MAAA,CAAO,CAAA,MAAA,KAAU,iBAAA,CAAkB,MAAM,CAAC,CAAA;AAC3E,IAAA,IAAI,cAAA,CAAe,SAAS,CAAA,EAAG;AAC7B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,WAAA,EAAc,cAAA,CAAe,MAAM,CAAA,CAAE,CAAA;AAAA,IACpD;AAGA,IAAA,MAAM,EAAA,GAAK,KAAA,CAAM,EAAA,IAAM,KAAA,CAAM,SAAA;AAC7B,IAAA,IAAI,EAAA,IAAM,CAAC,iBAAA,CAAkB,iBAAiB,KAAK,CAAC,iBAAA,CAAkB,WAAW,CAAA,EAAG;AAClF,MAAA,KAAA,MAAW,CAAC,QAAA,EAAU,QAAQ,KAAK,MAAA,CAAO,OAAA,CAAQ,eAAe,CAAA,EAAG;AAClE,QAAA,IAAI,SAAS,IAAA,CAAK,CAAA,MAAA,KAAU,GAAG,UAAA,CAAW,MAAM,CAAC,CAAA,EAAG;AAClD,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,eAAA,EAAkB,QAAQ,CAAA,CAAE,CAAA;AACzC,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,GAAa,GAAA,EAAK,IAAI,CAAA;AAAA,IAC9C;AAEA,IAAA,OAAO;AAAA,MACL,SAAS,UAAA,GAAa,GAAA;AAAA,MACtB,UAAA;AAAA,MACA,GAAI,aAAA,IAAiB,EAAE,aAAA,EAAc;AAAA,MACrC,OAAA;AAAA,MACA,GAAI,kBAAA,IAAsB,EAAE,kBAAA,EAAmB;AAAA,MAC/C,gBAAA,EAAkB,UAAA,GAAa,GAAA,GAAM,QAAA,GAAW,MAAA;AAAA,MAChD,SAAA,sBAAe,IAAA;AAAK,KACtB;AAAA,EACF;AACF,CAAA;AAKO,IAAM,2BAAN,MAA+B;AAAA,EAC5B,QAAA;AAAA,EACA,MAAA,uBAA0C,GAAA,EAAI;AAAA,EAEtD,YAAY,OAAA,EAAe;AAEzB,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,iBAAA,EAAkB;AAAA,EACxC;AAAA,EAEA,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,QAAA,CAAS,QAAQ,KAAK,CAAA;AAGhD,IAAA,IAAI,OAAO,OAAA,IAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,KAAK,EAAC;AACvD,MAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,MAAA,EAAQ,KAAK,CAAC,CAAA;AAAA,IACpD;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,EAAA,CAAG,OAAe,OAAA,EAA6B;AAC7C,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,EAAG;AAC3B,MAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAA,EAAO,EAAE,CAAA;AAAA,IAC3B;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,CAAG,KAAK,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,IAAA,CAAK,UAAkB,IAAA,EAAmB;AACxC,IAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,KAAK,EAAC;AAC5C,IAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,GAAG,IAAI,CAAC,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,IAAA,GAAsB;AAE1B,IAAA;AAAA,EACF;AACF,CAAA;;;ACtKO,SAAS,2BAAA,CACd,MAAA,GAA0C,EAAC,EAC3C;AACA,EAAA,MAAM,QAAA,GAAW,IAAI,wBAAA,CAAc,MAAM,CAAA;AAGzC,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,MAAA,CAAO,OAAA,CAAQ,OAAO,MAAM,CAAA,CAAE,QAAQ,CAAC,CAAC,KAAA,EAAO,OAAO,CAAA,KAAM;AAC1D,MAAA,QAAA,CAAS,EAAA,CAAG,OAAc,OAAc,CAAA;AAAA,IAC1C,CAAC,CAAA;AAAA,EACH;AAEA,EAAA,MAAM;AAAA,IACJ,eAAA,GAAkB,KAAA;AAAA,IAClB,WAAA;AAAA,IACA,YAAY,EAAC;AAAA,IACb,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,yCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA,WAAA,GAAc,UAAA;AAAA,IACd,UAAA,GAAa;AAAA,GACf,GAAI,MAAA;AAEJ,EAAA,OAAO,OAAO,OAAA,KAAgD;AAC5D,IAAA,IAAI;AAEF,MAAA,MAAM,UAAA,GAAa,SAAA,CAAU,IAAA,CAAK,CAAA,OAAA,KAAW;AAC3C,QAAA,IAAI,OAAO,YAAY,QAAA,EAAU;AAC/B,UAAA,OAAO,OAAA,CAAQ,OAAA,CAAQ,QAAA,CAAS,UAAA,CAAW,OAAO,CAAA;AAAA,QACpD;AACA,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,QAAQ,CAAA;AAAA,MAC9C,CAAC,CAAA;AAED,MAAA,IAAI,UAAA,EAAY;AAEd,QAAC,OAAA,CAAgB,WAAA,GAAc,EAAE,OAAA,EAAS,IAAA,EAAK;AAC/C,QAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,MAC3B;AAGA,MAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA;AAClD,MAAA,MAAM,YAAY,OAAA,CAAQ,EAAA,IAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,iBAAiB,CAAA;AAErE,MAAA,MAAM,OAAA,GAAU;AAAA,QACd,GAAI,SAAA,IAAa,EAAE,SAAA,EAAU;AAAA,QAC7B,GAAI,SAAA,IAAa,EAAE,SAAA,EAAU;AAAA,QAC7B,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,KAAK,OAAA,CAAQ,GAAA;AAAA,QACb,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,SAAA,sBAAe,IAAA;AAAK,OACtB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,OAAO,CAAA;AAG7C,MAAA,IACE,OAAO,OAAA,IACP,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EACpD;AAEA,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,MAAM,cAAA,GAAiB,MAAM,WAAA,CAAY,OAAA,EAAS,MAAM,CAAA;AACxD,UAAA,IAAI,cAAA,EAAgB;AAClB,YAAA,OAAO,cAAA;AAAA,UACT;AAAA,QACF;AAGA,QAAA,QAAQ,eAAA;AAAiB,UACvB,KAAK,OAAA,EAAS;AACZ,YAAA,MAAMC,YAAWD,mBAAA,CAAa,IAAA;AAAA,cAC5B;AAAA,gBACE,OAAO,eAAA,CAAgB,OAAA;AAAA,gBACvB,QAAA,EAAU,IAAA;AAAA,gBACV,YAAY,MAAA,CAAO,UAAA;AAAA,gBACnB,WAAW,MAAA,CAAO;AAAA,eACpB;AAAA,cACA,EAAE,MAAA,EAAQ,eAAA,CAAgB,MAAA;AAAO,aACnC;AAEA,YAAA,IAAI,gBAAgB,OAAA,EAAS;AAC3B,cAAA,MAAA,CAAO,OAAA,CAAQ,eAAA,CAAgB,OAAO,CAAA,CAAE,OAAA;AAAA,gBACtC,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AAChB,kBAAAC,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,gBACjC;AAAA,eACF;AAAA,YACF;AAGA,YAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAE9C,YAAA,OAAOA,SAAAA;AAAA,UACT;AAAA,UAEA,KAAK,UAAA;AACH,YAAA,OAAOD,oBAAa,QAAA,CAAS,IAAI,IAAI,WAAA,EAAa,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAEhE,KAAK,SAAA;AACH,YAAA,OAAOA,oBAAa,OAAA,CAAQ,IAAI,IAAI,UAAA,EAAY,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAE9D,KAAK,KAAA;AACH,YAAA,OAAA,CAAQ,KAAK,6BAAA,EAA+B;AAAA,cAC1C,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,YAAY,MAAA,CAAO,UAAA;AAAA,cACnB,SAAS,MAAA,CAAO,OAAA;AAAA,cAChB,QAAA,EAAU,QAAQ,OAAA,CAAQ;AAAA,aAC3B,CAAA;AACD,YAAA;AAAA,UAEF,KAAK,OAAA;AAAA,UACL;AAEE,YAAA,IAAI,OAAO,OAAA,IAAW,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EAAM;AAC9E,cAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAAA,YAChD;AAEA,YAAA;AAAA;AACJ,MACF;AAGA,MAAC,QAAgB,WAAA,GAAc;AAAA,QAC7B,MAAA;AAAA,QACA,OAAA,EAAS;AAAA,OACX;AAGA,MAAA,MAAM,QAAA,GAAWA,oBAAa,IAAA,EAAK;AACnC,MAAA,QAAA,CAAS,QAAQ,GAAA,CAAI,wBAAA,EAA0B,MAAA,CAAO,OAAA,CAAQ,UAAU,CAAA;AACxE,MAAA,QAAA,CAAS,OAAA,CAAQ,GAAA;AAAA,QACf,0BAAA;AAAA,QACA,MAAA,CAAO,WAAW,QAAA;AAAS,OAC7B;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AACpD,MAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF;AAKO,SAAS,WAAA,CAAY,MAAA,GAA0C,EAAC,EAAG;AACxE,EAAA,OAAO,4BAA4B,MAAM,CAAA;AAC3C","file":"middleware.js","sourcesContent":["/**\n * Wrapper for EdgeAgentDetector to match AgentDetector interface\n * This allows the middleware to work with EdgeAgentDetector in Edge Runtime\n * \n * This is a self-contained implementation to avoid import resolution issues\n */\n\ntype DetectionInput = {\n userAgent?: string;\n ip?: string;\n ipAddress?: string;\n headers?: Record<string, string>;\n url?: string;\n method?: string;\n timestamp?: Date;\n};\n\ntype DetectionResult = {\n isAgent: boolean;\n confidence: number;\n detectedAgent?: {\n type: string;\n name: string;\n };\n reasons: string[];\n verificationMethod?: string;\n forgeabilityRisk?: 'low' | 'medium' | 'high';\n timestamp: Date;\n};\n\ntype EventHandler = (...args: any[]) => void;\n\n// Known AI agent patterns\nconst AI_AGENT_PATTERNS = [\n { pattern: /chatgpt-user/i, type: 'chatgpt', name: 'ChatGPT' },\n { pattern: /claude-web/i, type: 'claude', name: 'Claude' },\n { pattern: /perplexity/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /bingbot/i, type: 'bing', name: 'Bing AI' },\n { pattern: /anthropic-ai/i, type: 'anthropic', name: 'Anthropic' },\n];\n\n// Known cloud provider IP ranges (simplified)\nconst CLOUD_PROVIDERS = {\n aws: ['54.', '52.', '35.', '18.', '3.'],\n gcp: ['35.', '34.', '104.', '107.', '108.'],\n azure: ['13.', '20.', '40.', '52.', '104.'],\n};\n\n/**\n * Self-contained EdgeAgentDetector implementation\n */\nclass EdgeAgentDetector {\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const reasons: string[] = [];\n let detectedAgent: { type: string; name: string } | undefined;\n let verificationMethod: string | undefined;\n let confidence = 0;\n\n const headers = input.headers || {};\n const normalizedHeaders: Record<string, string> = {};\n \n // Normalize header names to lowercase\n for (const [key, value] of Object.entries(headers)) {\n normalizedHeaders[key.toLowerCase()] = value;\n }\n\n // Check for HTTP Message Signatures (highest confidence)\n const signaturePresent = !!(normalizedHeaders['signature'] || normalizedHeaders['signature-input']);\n const signatureAgent = normalizedHeaders['signature-agent'];\n \n if (signatureAgent?.includes('chatgpt.com')) {\n confidence = 0.85;\n reasons.push('signature_agent:chatgpt');\n detectedAgent = { type: 'chatgpt', name: 'ChatGPT' };\n verificationMethod = 'signature';\n } else if (signaturePresent) {\n confidence = Math.max(confidence, 0.4);\n reasons.push('signature_present');\n }\n\n // Check User-Agent patterns\n const userAgent = input.userAgent || input.headers?.['user-agent'] || '';\n if (userAgent) {\n for (const { pattern, type, name } of AI_AGENT_PATTERNS) {\n if (pattern.test(userAgent)) {\n confidence = Math.max(confidence, 0.5);\n reasons.push(`known_pattern:${type}`);\n if (!detectedAgent) {\n detectedAgent = { type, name };\n verificationMethod = 'pattern';\n }\n break;\n }\n }\n }\n\n // Check AI-specific headers\n const aiHeaders = [\n 'openai-conversation-id',\n 'openai-ephemeral-user-id',\n 'anthropic-client-id',\n 'x-goog-api-client',\n 'x-ms-copilot-id'\n ];\n \n const foundAiHeaders = aiHeaders.filter(header => normalizedHeaders[header]);\n if (foundAiHeaders.length > 0) {\n confidence = Math.max(confidence, 0.6);\n reasons.push(`ai_headers:${foundAiHeaders.length}`);\n }\n\n // Check cloud provider IPs\n const ip = input.ip || input.ipAddress;\n if (ip && !normalizedHeaders['x-forwarded-for'] && !normalizedHeaders['x-real-ip']) {\n for (const [provider, prefixes] of Object.entries(CLOUD_PROVIDERS)) {\n if (prefixes.some(prefix => ip.startsWith(prefix))) {\n confidence = Math.max(confidence, 0.4);\n reasons.push(`cloud_provider:${provider}`);\n break;\n }\n }\n }\n\n // Boost confidence for combinations\n if (reasons.length > 2) {\n confidence = Math.min(confidence * 1.2, 0.95);\n }\n\n return {\n isAgent: confidence > 0.3,\n confidence,\n ...(detectedAgent && { detectedAgent }),\n reasons,\n ...(verificationMethod && { verificationMethod }),\n forgeabilityRisk: confidence > 0.8 ? 'medium' : 'high',\n timestamp: new Date(),\n };\n }\n}\n\n/**\n * Wrapper that provides event emitter functionality\n */\nexport class EdgeAgentDetectorWrapper {\n private detector: EdgeAgentDetector;\n private events: Map<string, EventHandler[]> = new Map();\n\n constructor(_config?: any) {\n // Config is accepted but not used by EdgeAgentDetector\n this.detector = new EdgeAgentDetector();\n }\n\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const result = await this.detector.analyze(input);\n \n // Emit events if there are listeners\n if (result.isAgent && this.events.has('agent.detected')) {\n const handlers = this.events.get('agent.detected') || [];\n handlers.forEach(handler => handler(result, input));\n }\n \n return result;\n }\n\n on(event: string, handler: EventHandler): void {\n if (!this.events.has(event)) {\n this.events.set(event, []);\n }\n this.events.get(event)!.push(handler);\n }\n\n emit(event: string, ...args: any[]): void {\n const handlers = this.events.get(event) || [];\n handlers.forEach(handler => handler(...args));\n }\n\n async init(): Promise<void> {\n // EdgeAgentDetector doesn't need initialization\n return;\n }\n}","/**\n * Next.js middleware for AgentShield\n * \n * Uses edge-safe imports to avoid WASM in Edge Runtime\n */\n\nimport { NextRequest, NextResponse } from 'next/server';\n// Use wrapper for EdgeAgentDetector to match expected interface\nimport { EdgeAgentDetectorWrapper as AgentDetector } from './edge-detector-wrapper';\nimport type { NextJSMiddlewareConfig } from './types';\n\n/**\n * Create AgentShield middleware for Next.js\n */\nexport function createAgentShieldMiddleware(\n config: Partial<NextJSMiddlewareConfig> = {}\n) {\n const detector = new AgentDetector(config);\n \n // Wire up event handlers if provided\n if (config.events) {\n Object.entries(config.events).forEach(([event, handler]) => {\n detector.on(event as any, handler as any);\n });\n }\n\n const {\n onAgentDetected = 'log',\n onDetection,\n skipPaths = [],\n blockedResponse = {\n status: 403,\n message: 'Access denied: Automated agent detected',\n headers: { 'Content-Type': 'application/json' },\n },\n redirectUrl = '/blocked',\n rewriteUrl = '/blocked',\n } = config;\n\n return async (request: NextRequest): Promise<NextResponse> => {\n try {\n // Check if path should be skipped\n const shouldSkip = skipPaths.some(pattern => {\n if (typeof pattern === 'string') {\n return request.nextUrl.pathname.startsWith(pattern);\n }\n return pattern.test(request.nextUrl.pathname);\n });\n\n if (shouldSkip) {\n // Mark as skipped in request\n (request as any).agentShield = { skipped: true };\n return NextResponse.next();\n }\n\n // Prepare request context - ensure all optional fields are properly typed\n const userAgent = request.headers.get('user-agent');\n const ipAddress = request.ip ?? request.headers.get('x-forwarded-for');\n \n const context = {\n ...(userAgent && { userAgent }),\n ...(ipAddress && { ipAddress }),\n headers: Object.fromEntries(request.headers.entries()),\n url: request.url,\n method: request.method,\n timestamp: new Date(),\n };\n\n // Analyze request\n const result = await detector.analyze(context);\n\n // Handle detection result\n if (\n result.isAgent &&\n result.confidence >= (config.confidenceThreshold ?? 0.7)\n ) {\n // Call custom detection handler if provided\n if (onDetection) {\n const customResponse = await onDetection(request, result);\n if (customResponse) {\n return customResponse;\n }\n }\n\n // Handle based on configuration\n switch (onAgentDetected) {\n case 'block': {\n const response = NextResponse.json(\n {\n error: blockedResponse.message,\n detected: true,\n confidence: result.confidence,\n timestamp: result.timestamp,\n },\n { status: blockedResponse.status }\n );\n\n if (blockedResponse.headers) {\n Object.entries(blockedResponse.headers).forEach(\n ([key, value]) => {\n response.headers.set(key, value);\n }\n );\n }\n \n // Emit blocked event\n detector.emit('agent.blocked', result, context);\n\n return response;\n }\n\n case 'redirect':\n return NextResponse.redirect(new URL(redirectUrl, request.url));\n\n case 'rewrite':\n return NextResponse.rewrite(new URL(rewriteUrl, request.url));\n\n case 'log':\n console.warn('AgentShield: Agent detected', {\n ipAddress: context.ipAddress,\n userAgent: context.userAgent,\n confidence: result.confidence,\n reasons: result.reasons,\n pathname: request.nextUrl.pathname,\n });\n break;\n\n case 'allow':\n default:\n // Emit allowed event for high-confidence agents\n if (result.isAgent && result.confidence >= (config.confidenceThreshold ?? 0.7)) {\n detector.emit('agent.allowed', result, context);\n }\n // Continue processing\n break;\n }\n }\n\n // Add detection result to request for API routes\n (request as any).agentShield = {\n result,\n skipped: false,\n };\n\n // Add detection result to response headers for debugging\n const response = NextResponse.next();\n response.headers.set('x-agentshield-detected', result.isAgent.toString());\n response.headers.set(\n 'x-agentshield-confidence',\n result.confidence.toString()\n );\n\n return response;\n } catch (error) {\n console.error('AgentShield middleware error:', error);\n return NextResponse.next(); // Continue on error\n }\n };\n}\n\n/**\n * Convenience function for basic setup\n */\nexport function agentShield(config: Partial<NextJSMiddlewareConfig> = {}) {\n return createAgentShieldMiddleware(config);\n}\n"]}
|
package/dist/middleware.mjs
CHANGED
|
@@ -1,7 +1,92 @@
|
|
|
1
1
|
import { NextResponse } from 'next/server';
|
|
2
|
-
import { EdgeAgentDetector } from '@kya-os/agentshield/edge';
|
|
3
2
|
|
|
4
3
|
// src/middleware.ts
|
|
4
|
+
|
|
5
|
+
// src/edge-detector-wrapper.ts
|
|
6
|
+
var AI_AGENT_PATTERNS = [
|
|
7
|
+
{ pattern: /chatgpt-user/i, type: "chatgpt", name: "ChatGPT" },
|
|
8
|
+
{ pattern: /claude-web/i, type: "claude", name: "Claude" },
|
|
9
|
+
{ pattern: /perplexity/i, type: "perplexity", name: "Perplexity" },
|
|
10
|
+
{ pattern: /bingbot/i, type: "bing", name: "Bing AI" },
|
|
11
|
+
{ pattern: /anthropic-ai/i, type: "anthropic", name: "Anthropic" }
|
|
12
|
+
];
|
|
13
|
+
var CLOUD_PROVIDERS = {
|
|
14
|
+
aws: ["54.", "52.", "35.", "18.", "3."],
|
|
15
|
+
gcp: ["35.", "34.", "104.", "107.", "108."],
|
|
16
|
+
azure: ["13.", "20.", "40.", "52.", "104."]
|
|
17
|
+
};
|
|
18
|
+
var EdgeAgentDetector = class {
|
|
19
|
+
async analyze(input) {
|
|
20
|
+
const reasons = [];
|
|
21
|
+
let detectedAgent;
|
|
22
|
+
let verificationMethod;
|
|
23
|
+
let confidence = 0;
|
|
24
|
+
const headers = input.headers || {};
|
|
25
|
+
const normalizedHeaders = {};
|
|
26
|
+
for (const [key, value] of Object.entries(headers)) {
|
|
27
|
+
normalizedHeaders[key.toLowerCase()] = value;
|
|
28
|
+
}
|
|
29
|
+
const signaturePresent = !!(normalizedHeaders["signature"] || normalizedHeaders["signature-input"]);
|
|
30
|
+
const signatureAgent = normalizedHeaders["signature-agent"];
|
|
31
|
+
if (signatureAgent?.includes("chatgpt.com")) {
|
|
32
|
+
confidence = 0.85;
|
|
33
|
+
reasons.push("signature_agent:chatgpt");
|
|
34
|
+
detectedAgent = { type: "chatgpt", name: "ChatGPT" };
|
|
35
|
+
verificationMethod = "signature";
|
|
36
|
+
} else if (signaturePresent) {
|
|
37
|
+
confidence = Math.max(confidence, 0.4);
|
|
38
|
+
reasons.push("signature_present");
|
|
39
|
+
}
|
|
40
|
+
const userAgent = input.userAgent || input.headers?.["user-agent"] || "";
|
|
41
|
+
if (userAgent) {
|
|
42
|
+
for (const { pattern, type, name } of AI_AGENT_PATTERNS) {
|
|
43
|
+
if (pattern.test(userAgent)) {
|
|
44
|
+
confidence = Math.max(confidence, 0.5);
|
|
45
|
+
reasons.push(`known_pattern:${type}`);
|
|
46
|
+
if (!detectedAgent) {
|
|
47
|
+
detectedAgent = { type, name };
|
|
48
|
+
verificationMethod = "pattern";
|
|
49
|
+
}
|
|
50
|
+
break;
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
const aiHeaders = [
|
|
55
|
+
"openai-conversation-id",
|
|
56
|
+
"openai-ephemeral-user-id",
|
|
57
|
+
"anthropic-client-id",
|
|
58
|
+
"x-goog-api-client",
|
|
59
|
+
"x-ms-copilot-id"
|
|
60
|
+
];
|
|
61
|
+
const foundAiHeaders = aiHeaders.filter((header) => normalizedHeaders[header]);
|
|
62
|
+
if (foundAiHeaders.length > 0) {
|
|
63
|
+
confidence = Math.max(confidence, 0.6);
|
|
64
|
+
reasons.push(`ai_headers:${foundAiHeaders.length}`);
|
|
65
|
+
}
|
|
66
|
+
const ip = input.ip || input.ipAddress;
|
|
67
|
+
if (ip && !normalizedHeaders["x-forwarded-for"] && !normalizedHeaders["x-real-ip"]) {
|
|
68
|
+
for (const [provider, prefixes] of Object.entries(CLOUD_PROVIDERS)) {
|
|
69
|
+
if (prefixes.some((prefix) => ip.startsWith(prefix))) {
|
|
70
|
+
confidence = Math.max(confidence, 0.4);
|
|
71
|
+
reasons.push(`cloud_provider:${provider}`);
|
|
72
|
+
break;
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
if (reasons.length > 2) {
|
|
77
|
+
confidence = Math.min(confidence * 1.2, 0.95);
|
|
78
|
+
}
|
|
79
|
+
return {
|
|
80
|
+
isAgent: confidence > 0.3,
|
|
81
|
+
confidence,
|
|
82
|
+
...detectedAgent && { detectedAgent },
|
|
83
|
+
reasons,
|
|
84
|
+
...verificationMethod && { verificationMethod },
|
|
85
|
+
forgeabilityRisk: confidence > 0.8 ? "medium" : "high",
|
|
86
|
+
timestamp: /* @__PURE__ */ new Date()
|
|
87
|
+
};
|
|
88
|
+
}
|
|
89
|
+
};
|
|
5
90
|
var EdgeAgentDetectorWrapper = class {
|
|
6
91
|
detector;
|
|
7
92
|
events = /* @__PURE__ */ new Map();
|
|
@@ -63,9 +148,11 @@ function createAgentShieldMiddleware(config = {}) {
|
|
|
63
148
|
request.agentShield = { skipped: true };
|
|
64
149
|
return NextResponse.next();
|
|
65
150
|
}
|
|
151
|
+
const userAgent = request.headers.get("user-agent");
|
|
152
|
+
const ipAddress = request.ip ?? request.headers.get("x-forwarded-for");
|
|
66
153
|
const context = {
|
|
67
|
-
userAgent
|
|
68
|
-
ipAddress
|
|
154
|
+
...userAgent && { userAgent },
|
|
155
|
+
...ipAddress && { ipAddress },
|
|
69
156
|
headers: Object.fromEntries(request.headers.entries()),
|
|
70
157
|
url: request.url,
|
|
71
158
|
method: request.method,
|
package/dist/middleware.mjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/edge-detector-wrapper.ts","../src/middleware.ts"],"names":["response"],"mappings":";;;;AAUO,IAAM,2BAAN,MAA+B;AAAA,EAC5B,QAAA;AAAA,EACA,MAAA,uBAA0C,GAAA,EAAI;AAAA,EAEtD,YAAY,OAAA,EAAe;AAEzB,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,iBAAA,EAAkB;AAAA,EACxC;AAAA,EAEA,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,QAAA,CAAS,QAAQ,KAAK,CAAA;AAGhD,IAAA,IAAI,OAAO,OAAA,IAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,KAAK,EAAC;AACvD,MAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,MAAA,EAAQ,KAAK,CAAC,CAAA;AAAA,IACpD;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,EAAA,CAAG,OAAe,OAAA,EAA6B;AAC7C,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,EAAG;AAC3B,MAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAA,EAAO,EAAE,CAAA;AAAA,IAC3B;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,CAAG,KAAK,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,IAAA,CAAK,UAAkB,IAAA,EAAmB;AACxC,IAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,KAAK,EAAC;AAC5C,IAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,GAAG,IAAI,CAAC,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,IAAA,GAAsB;AAE1B,IAAA;AAAA,EACF;AACF,CAAA;;;ACjCO,SAAS,2BAAA,CACd,MAAA,GAA0C,EAAC,EAC3C;AACA,EAAA,MAAM,QAAA,GAAW,IAAI,wBAAA,CAAc,MAAM,CAAA;AAGzC,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,MAAA,CAAO,OAAA,CAAQ,OAAO,MAAM,CAAA,CAAE,QAAQ,CAAC,CAAC,KAAA,EAAO,OAAO,CAAA,KAAM;AAC1D,MAAA,QAAA,CAAS,EAAA,CAAG,OAAc,OAAc,CAAA;AAAA,IAC1C,CAAC,CAAA;AAAA,EACH;AAEA,EAAA,MAAM;AAAA,IACJ,eAAA,GAAkB,KAAA;AAAA,IAClB,WAAA;AAAA,IACA,YAAY,EAAC;AAAA,IACb,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,yCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA,WAAA,GAAc,UAAA;AAAA,IACd,UAAA,GAAa;AAAA,GACf,GAAI,MAAA;AAEJ,EAAA,OAAO,OAAO,OAAA,KAAgD;AAC5D,IAAA,IAAI;AAEF,MAAA,MAAM,UAAA,GAAa,SAAA,CAAU,IAAA,CAAK,CAAA,OAAA,KAAW;AAC3C,QAAA,IAAI,OAAO,YAAY,QAAA,EAAU;AAC/B,UAAA,OAAO,OAAA,CAAQ,OAAA,CAAQ,QAAA,CAAS,UAAA,CAAW,OAAO,CAAA;AAAA,QACpD;AACA,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,QAAQ,CAAA;AAAA,MAC9C,CAAC,CAAA;AAED,MAAA,IAAI,UAAA,EAAY;AAEd,QAAC,OAAA,CAAgB,WAAA,GAAc,EAAE,OAAA,EAAS,IAAA,EAAK;AAC/C,QAAA,OAAO,aAAa,IAAA,EAAK;AAAA,MAC3B;AAGA,MAAA,MAAM,OAAA,GAAU;AAAA,QACd,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,IAAK,KAAA,CAAA;AAAA,QAChD,WAAW,OAAA,CAAQ,EAAA,IAAM,QAAQ,OAAA,CAAQ,GAAA,CAAI,iBAAiB,CAAA,IAAK,KAAA,CAAA;AAAA,QACnE,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,KAAK,OAAA,CAAQ,GAAA;AAAA,QACb,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,SAAA,sBAAe,IAAA;AAAK,OACtB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,OAAO,CAAA;AAG7C,MAAA,IACE,OAAO,OAAA,IACP,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EACpD;AAEA,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,MAAM,cAAA,GAAiB,MAAM,WAAA,CAAY,OAAA,EAAS,MAAM,CAAA;AACxD,UAAA,IAAI,cAAA,EAAgB;AAClB,YAAA,OAAO,cAAA;AAAA,UACT;AAAA,QACF;AAGA,QAAA,QAAQ,eAAA;AAAiB,UACvB,KAAK,OAAA,EAAS;AACZ,YAAA,MAAMA,YAAW,YAAA,CAAa,IAAA;AAAA,cAC5B;AAAA,gBACE,OAAO,eAAA,CAAgB,OAAA;AAAA,gBACvB,QAAA,EAAU,IAAA;AAAA,gBACV,YAAY,MAAA,CAAO,UAAA;AAAA,gBACnB,WAAW,MAAA,CAAO;AAAA,eACpB;AAAA,cACA,EAAE,MAAA,EAAQ,eAAA,CAAgB,MAAA;AAAO,aACnC;AAEA,YAAA,IAAI,gBAAgB,OAAA,EAAS;AAC3B,cAAA,MAAA,CAAO,OAAA,CAAQ,eAAA,CAAgB,OAAO,CAAA,CAAE,OAAA;AAAA,gBACtC,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AAChB,kBAAAA,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,gBACjC;AAAA,eACF;AAAA,YACF;AAGA,YAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAE9C,YAAA,OAAOA,SAAAA;AAAA,UACT;AAAA,UAEA,KAAK,UAAA;AACH,YAAA,OAAO,aAAa,QAAA,CAAS,IAAI,IAAI,WAAA,EAAa,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAEhE,KAAK,SAAA;AACH,YAAA,OAAO,aAAa,OAAA,CAAQ,IAAI,IAAI,UAAA,EAAY,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAE9D,KAAK,KAAA;AACH,YAAA,OAAA,CAAQ,KAAK,6BAAA,EAA+B;AAAA,cAC1C,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,YAAY,MAAA,CAAO,UAAA;AAAA,cACnB,SAAS,MAAA,CAAO,OAAA;AAAA,cAChB,QAAA,EAAU,QAAQ,OAAA,CAAQ;AAAA,aAC3B,CAAA;AACD,YAAA;AAAA,UAEF,KAAK,OAAA;AAAA,UACL;AAEE,YAAA,IAAI,OAAO,OAAA,IAAW,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EAAM;AAC9E,cAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAAA,YAChD;AAEA,YAAA;AAAA;AACJ,MACF;AAGA,MAAC,QAAgB,WAAA,GAAc;AAAA,QAC7B,MAAA;AAAA,QACA,OAAA,EAAS;AAAA,OACX;AAGA,MAAA,MAAM,QAAA,GAAW,aAAa,IAAA,EAAK;AACnC,MAAA,QAAA,CAAS,QAAQ,GAAA,CAAI,wBAAA,EAA0B,MAAA,CAAO,OAAA,CAAQ,UAAU,CAAA;AACxE,MAAA,QAAA,CAAS,OAAA,CAAQ,GAAA;AAAA,QACf,0BAAA;AAAA,QACA,MAAA,CAAO,WAAW,QAAA;AAAS,OAC7B;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AACpD,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF;AAKO,SAAS,WAAA,CAAY,MAAA,GAA0C,EAAC,EAAG;AACxE,EAAA,OAAO,4BAA4B,MAAM,CAAA;AAC3C","file":"middleware.mjs","sourcesContent":["/**\n * Wrapper for EdgeAgentDetector to match AgentDetector interface\n * This allows the middleware to work with EdgeAgentDetector in Edge Runtime\n */\n\nimport { EdgeAgentDetector } from '@kya-os/agentshield/edge';\nimport type { DetectionInput, DetectionResult } from '@kya-os/agentshield/edge';\n\ntype EventHandler = (...args: any[]) => void;\n\nexport class EdgeAgentDetectorWrapper {\n private detector: EdgeAgentDetector;\n private events: Map<string, EventHandler[]> = new Map();\n\n constructor(_config?: any) {\n // Config is accepted but not used by EdgeAgentDetector\n this.detector = new EdgeAgentDetector();\n }\n\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const result = await this.detector.analyze(input);\n \n // Emit events if there are listeners\n if (result.isAgent && this.events.has('agent.detected')) {\n const handlers = this.events.get('agent.detected') || [];\n handlers.forEach(handler => handler(result, input));\n }\n \n return result;\n }\n\n on(event: string, handler: EventHandler): void {\n if (!this.events.has(event)) {\n this.events.set(event, []);\n }\n this.events.get(event)!.push(handler);\n }\n\n emit(event: string, ...args: any[]): void {\n const handlers = this.events.get(event) || [];\n handlers.forEach(handler => handler(...args));\n }\n\n async init(): Promise<void> {\n // EdgeAgentDetector doesn't need initialization\n return;\n }\n}","/**\n * Next.js middleware for AgentShield\n * \n * Uses edge-safe imports to avoid WASM in Edge Runtime\n */\n\nimport { NextRequest, NextResponse } from 'next/server';\n// Use wrapper for EdgeAgentDetector to match expected interface\nimport { EdgeAgentDetectorWrapper as AgentDetector } from './edge-detector-wrapper';\nimport type { NextJSMiddlewareConfig } from './types';\n\n/**\n * Create AgentShield middleware for Next.js\n */\nexport function createAgentShieldMiddleware(\n config: Partial<NextJSMiddlewareConfig> = {}\n) {\n const detector = new AgentDetector(config);\n \n // Wire up event handlers if provided\n if (config.events) {\n Object.entries(config.events).forEach(([event, handler]) => {\n detector.on(event as any, handler as any);\n });\n }\n\n const {\n onAgentDetected = 'log',\n onDetection,\n skipPaths = [],\n blockedResponse = {\n status: 403,\n message: 'Access denied: Automated agent detected',\n headers: { 'Content-Type': 'application/json' },\n },\n redirectUrl = '/blocked',\n rewriteUrl = '/blocked',\n } = config;\n\n return async (request: NextRequest): Promise<NextResponse> => {\n try {\n // Check if path should be skipped\n const shouldSkip = skipPaths.some(pattern => {\n if (typeof pattern === 'string') {\n return request.nextUrl.pathname.startsWith(pattern);\n }\n return pattern.test(request.nextUrl.pathname);\n });\n\n if (shouldSkip) {\n // Mark as skipped in request\n (request as any).agentShield = { skipped: true };\n return NextResponse.next();\n }\n\n // Prepare request context\n const context = {\n userAgent: request.headers.get('user-agent') ?? undefined,\n ipAddress: request.ip ?? request.headers.get('x-forwarded-for') ?? undefined,\n headers: Object.fromEntries(request.headers.entries()),\n url: request.url,\n method: request.method,\n timestamp: new Date(),\n };\n\n // Analyze request\n const result = await detector.analyze(context);\n\n // Handle detection result\n if (\n result.isAgent &&\n result.confidence >= (config.confidenceThreshold ?? 0.7)\n ) {\n // Call custom detection handler if provided\n if (onDetection) {\n const customResponse = await onDetection(request, result);\n if (customResponse) {\n return customResponse;\n }\n }\n\n // Handle based on configuration\n switch (onAgentDetected) {\n case 'block': {\n const response = NextResponse.json(\n {\n error: blockedResponse.message,\n detected: true,\n confidence: result.confidence,\n timestamp: result.timestamp,\n },\n { status: blockedResponse.status }\n );\n\n if (blockedResponse.headers) {\n Object.entries(blockedResponse.headers).forEach(\n ([key, value]) => {\n response.headers.set(key, value);\n }\n );\n }\n \n // Emit blocked event\n detector.emit('agent.blocked', result, context);\n\n return response;\n }\n\n case 'redirect':\n return NextResponse.redirect(new URL(redirectUrl, request.url));\n\n case 'rewrite':\n return NextResponse.rewrite(new URL(rewriteUrl, request.url));\n\n case 'log':\n console.warn('AgentShield: Agent detected', {\n ipAddress: context.ipAddress,\n userAgent: context.userAgent,\n confidence: result.confidence,\n reasons: result.reasons,\n pathname: request.nextUrl.pathname,\n });\n break;\n\n case 'allow':\n default:\n // Emit allowed event for high-confidence agents\n if (result.isAgent && result.confidence >= (config.confidenceThreshold ?? 0.7)) {\n detector.emit('agent.allowed', result, context);\n }\n // Continue processing\n break;\n }\n }\n\n // Add detection result to request for API routes\n (request as any).agentShield = {\n result,\n skipped: false,\n };\n\n // Add detection result to response headers for debugging\n const response = NextResponse.next();\n response.headers.set('x-agentshield-detected', result.isAgent.toString());\n response.headers.set(\n 'x-agentshield-confidence',\n result.confidence.toString()\n );\n\n return response;\n } catch (error) {\n console.error('AgentShield middleware error:', error);\n return NextResponse.next(); // Continue on error\n }\n };\n}\n\n/**\n * Convenience function for basic setup\n */\nexport function agentShield(config: Partial<NextJSMiddlewareConfig> = {}) {\n return createAgentShieldMiddleware(config);\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/edge-detector-wrapper.ts","../src/middleware.ts"],"names":["response"],"mappings":";;;;;AAiCA,IAAM,iBAAA,GAAoB;AAAA,EACxB,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,SAAA,EAAW,MAAM,SAAA,EAAU;AAAA,EAC7D,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,QAAA,EAAU,MAAM,QAAA,EAAS;AAAA,EACzD,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACjE,EAAE,OAAA,EAAS,UAAA,EAAY,IAAA,EAAM,MAAA,EAAQ,MAAM,SAAA,EAAU;AAAA,EACrD,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,WAAA,EAAa,MAAM,WAAA;AACvD,CAAA;AAGA,IAAM,eAAA,GAAkB;AAAA,EACtB,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,IAAI,CAAA;AAAA,EACtC,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,QAAQ,MAAM,CAAA;AAAA,EAC1C,OAAO,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,MAAM;AAC5C,CAAA;AAKA,IAAM,oBAAN,MAAwB;AAAA,EACtB,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,IAAI,aAAA;AACJ,IAAA,IAAI,kBAAA;AACJ,IAAA,IAAI,UAAA,GAAa,CAAA;AAEjB,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,OAAA,IAAW,EAAC;AAClC,IAAA,MAAM,oBAA4C,EAAC;AAGnD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,MAAA,iBAAA,CAAkB,GAAA,CAAI,WAAA,EAAa,CAAA,GAAI,KAAA;AAAA,IACzC;AAGA,IAAA,MAAM,mBAAmB,CAAC,EAAE,kBAAkB,WAAW,CAAA,IAAK,kBAAkB,iBAAiB,CAAA,CAAA;AACjG,IAAA,MAAM,cAAA,GAAiB,kBAAkB,iBAAiB,CAAA;AAE1D,IAAA,IAAI,cAAA,EAAgB,QAAA,CAAS,aAAa,CAAA,EAAG;AAC3C,MAAA,UAAA,GAAa,IAAA;AACb,MAAA,OAAA,CAAQ,KAAK,yBAAyB,CAAA;AACtC,MAAA,aAAA,GAAgB,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,SAAA,EAAU;AACnD,MAAA,kBAAA,GAAqB,WAAA;AAAA,IACvB,WAAW,gBAAA,EAAkB;AAC3B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,KAAK,mBAAmB,CAAA;AAAA,IAClC;AAGA,IAAA,MAAM,YAAY,KAAA,CAAM,SAAA,IAAa,KAAA,CAAM,OAAA,GAAU,YAAY,CAAA,IAAK,EAAA;AACtE,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,KAAA,MAAW,EAAE,OAAA,EAAS,IAAA,EAAM,IAAA,MAAU,iBAAA,EAAmB;AACvD,QAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA,EAAG;AAC3B,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,cAAA,EAAiB,IAAI,CAAA,CAAE,CAAA;AACpC,UAAA,IAAI,CAAC,aAAA,EAAe;AAClB,YAAA,aAAA,GAAgB,EAAE,MAAM,IAAA,EAAK;AAC7B,YAAA,kBAAA,GAAqB,SAAA;AAAA,UACvB;AACA,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,MAAM,SAAA,GAAY;AAAA,MAChB,wBAAA;AAAA,MACA,0BAAA;AAAA,MACA,qBAAA;AAAA,MACA,mBAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,iBAAiB,SAAA,CAAU,MAAA,CAAO,CAAA,MAAA,KAAU,iBAAA,CAAkB,MAAM,CAAC,CAAA;AAC3E,IAAA,IAAI,cAAA,CAAe,SAAS,CAAA,EAAG;AAC7B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,WAAA,EAAc,cAAA,CAAe,MAAM,CAAA,CAAE,CAAA;AAAA,IACpD;AAGA,IAAA,MAAM,EAAA,GAAK,KAAA,CAAM,EAAA,IAAM,KAAA,CAAM,SAAA;AAC7B,IAAA,IAAI,EAAA,IAAM,CAAC,iBAAA,CAAkB,iBAAiB,KAAK,CAAC,iBAAA,CAAkB,WAAW,CAAA,EAAG;AAClF,MAAA,KAAA,MAAW,CAAC,QAAA,EAAU,QAAQ,KAAK,MAAA,CAAO,OAAA,CAAQ,eAAe,CAAA,EAAG;AAClE,QAAA,IAAI,SAAS,IAAA,CAAK,CAAA,MAAA,KAAU,GAAG,UAAA,CAAW,MAAM,CAAC,CAAA,EAAG;AAClD,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,eAAA,EAAkB,QAAQ,CAAA,CAAE,CAAA;AACzC,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,GAAa,GAAA,EAAK,IAAI,CAAA;AAAA,IAC9C;AAEA,IAAA,OAAO;AAAA,MACL,SAAS,UAAA,GAAa,GAAA;AAAA,MACtB,UAAA;AAAA,MACA,GAAI,aAAA,IAAiB,EAAE,aAAA,EAAc;AAAA,MACrC,OAAA;AAAA,MACA,GAAI,kBAAA,IAAsB,EAAE,kBAAA,EAAmB;AAAA,MAC/C,gBAAA,EAAkB,UAAA,GAAa,GAAA,GAAM,QAAA,GAAW,MAAA;AAAA,MAChD,SAAA,sBAAe,IAAA;AAAK,KACtB;AAAA,EACF;AACF,CAAA;AAKO,IAAM,2BAAN,MAA+B;AAAA,EAC5B,QAAA;AAAA,EACA,MAAA,uBAA0C,GAAA,EAAI;AAAA,EAEtD,YAAY,OAAA,EAAe;AAEzB,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,iBAAA,EAAkB;AAAA,EACxC;AAAA,EAEA,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,QAAA,CAAS,QAAQ,KAAK,CAAA;AAGhD,IAAA,IAAI,OAAO,OAAA,IAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,KAAK,EAAC;AACvD,MAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,MAAA,EAAQ,KAAK,CAAC,CAAA;AAAA,IACpD;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,EAAA,CAAG,OAAe,OAAA,EAA6B;AAC7C,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,EAAG;AAC3B,MAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAA,EAAO,EAAE,CAAA;AAAA,IAC3B;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,CAAG,KAAK,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,IAAA,CAAK,UAAkB,IAAA,EAAmB;AACxC,IAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,KAAK,EAAC;AAC5C,IAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,GAAG,IAAI,CAAC,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,IAAA,GAAsB;AAE1B,IAAA;AAAA,EACF;AACF,CAAA;;;ACtKO,SAAS,2BAAA,CACd,MAAA,GAA0C,EAAC,EAC3C;AACA,EAAA,MAAM,QAAA,GAAW,IAAI,wBAAA,CAAc,MAAM,CAAA;AAGzC,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,MAAA,CAAO,OAAA,CAAQ,OAAO,MAAM,CAAA,CAAE,QAAQ,CAAC,CAAC,KAAA,EAAO,OAAO,CAAA,KAAM;AAC1D,MAAA,QAAA,CAAS,EAAA,CAAG,OAAc,OAAc,CAAA;AAAA,IAC1C,CAAC,CAAA;AAAA,EACH;AAEA,EAAA,MAAM;AAAA,IACJ,eAAA,GAAkB,KAAA;AAAA,IAClB,WAAA;AAAA,IACA,YAAY,EAAC;AAAA,IACb,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,yCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA,WAAA,GAAc,UAAA;AAAA,IACd,UAAA,GAAa;AAAA,GACf,GAAI,MAAA;AAEJ,EAAA,OAAO,OAAO,OAAA,KAAgD;AAC5D,IAAA,IAAI;AAEF,MAAA,MAAM,UAAA,GAAa,SAAA,CAAU,IAAA,CAAK,CAAA,OAAA,KAAW;AAC3C,QAAA,IAAI,OAAO,YAAY,QAAA,EAAU;AAC/B,UAAA,OAAO,OAAA,CAAQ,OAAA,CAAQ,QAAA,CAAS,UAAA,CAAW,OAAO,CAAA;AAAA,QACpD;AACA,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,QAAQ,CAAA;AAAA,MAC9C,CAAC,CAAA;AAED,MAAA,IAAI,UAAA,EAAY;AAEd,QAAC,OAAA,CAAgB,WAAA,GAAc,EAAE,OAAA,EAAS,IAAA,EAAK;AAC/C,QAAA,OAAO,aAAa,IAAA,EAAK;AAAA,MAC3B;AAGA,MAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA;AAClD,MAAA,MAAM,YAAY,OAAA,CAAQ,EAAA,IAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,iBAAiB,CAAA;AAErE,MAAA,MAAM,OAAA,GAAU;AAAA,QACd,GAAI,SAAA,IAAa,EAAE,SAAA,EAAU;AAAA,QAC7B,GAAI,SAAA,IAAa,EAAE,SAAA,EAAU;AAAA,QAC7B,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,KAAK,OAAA,CAAQ,GAAA;AAAA,QACb,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,SAAA,sBAAe,IAAA;AAAK,OACtB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,OAAO,CAAA;AAG7C,MAAA,IACE,OAAO,OAAA,IACP,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EACpD;AAEA,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,MAAM,cAAA,GAAiB,MAAM,WAAA,CAAY,OAAA,EAAS,MAAM,CAAA;AACxD,UAAA,IAAI,cAAA,EAAgB;AAClB,YAAA,OAAO,cAAA;AAAA,UACT;AAAA,QACF;AAGA,QAAA,QAAQ,eAAA;AAAiB,UACvB,KAAK,OAAA,EAAS;AACZ,YAAA,MAAMA,YAAW,YAAA,CAAa,IAAA;AAAA,cAC5B;AAAA,gBACE,OAAO,eAAA,CAAgB,OAAA;AAAA,gBACvB,QAAA,EAAU,IAAA;AAAA,gBACV,YAAY,MAAA,CAAO,UAAA;AAAA,gBACnB,WAAW,MAAA,CAAO;AAAA,eACpB;AAAA,cACA,EAAE,MAAA,EAAQ,eAAA,CAAgB,MAAA;AAAO,aACnC;AAEA,YAAA,IAAI,gBAAgB,OAAA,EAAS;AAC3B,cAAA,MAAA,CAAO,OAAA,CAAQ,eAAA,CAAgB,OAAO,CAAA,CAAE,OAAA;AAAA,gBACtC,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AAChB,kBAAAA,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,gBACjC;AAAA,eACF;AAAA,YACF;AAGA,YAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAE9C,YAAA,OAAOA,SAAAA;AAAA,UACT;AAAA,UAEA,KAAK,UAAA;AACH,YAAA,OAAO,aAAa,QAAA,CAAS,IAAI,IAAI,WAAA,EAAa,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAEhE,KAAK,SAAA;AACH,YAAA,OAAO,aAAa,OAAA,CAAQ,IAAI,IAAI,UAAA,EAAY,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAE9D,KAAK,KAAA;AACH,YAAA,OAAA,CAAQ,KAAK,6BAAA,EAA+B;AAAA,cAC1C,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,YAAY,MAAA,CAAO,UAAA;AAAA,cACnB,SAAS,MAAA,CAAO,OAAA;AAAA,cAChB,QAAA,EAAU,QAAQ,OAAA,CAAQ;AAAA,aAC3B,CAAA;AACD,YAAA;AAAA,UAEF,KAAK,OAAA;AAAA,UACL;AAEE,YAAA,IAAI,OAAO,OAAA,IAAW,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EAAM;AAC9E,cAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAAA,YAChD;AAEA,YAAA;AAAA;AACJ,MACF;AAGA,MAAC,QAAgB,WAAA,GAAc;AAAA,QAC7B,MAAA;AAAA,QACA,OAAA,EAAS;AAAA,OACX;AAGA,MAAA,MAAM,QAAA,GAAW,aAAa,IAAA,EAAK;AACnC,MAAA,QAAA,CAAS,QAAQ,GAAA,CAAI,wBAAA,EAA0B,MAAA,CAAO,OAAA,CAAQ,UAAU,CAAA;AACxE,MAAA,QAAA,CAAS,OAAA,CAAQ,GAAA;AAAA,QACf,0BAAA;AAAA,QACA,MAAA,CAAO,WAAW,QAAA;AAAS,OAC7B;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AACpD,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF;AAKO,SAAS,WAAA,CAAY,MAAA,GAA0C,EAAC,EAAG;AACxE,EAAA,OAAO,4BAA4B,MAAM,CAAA;AAC3C","file":"middleware.mjs","sourcesContent":["/**\n * Wrapper for EdgeAgentDetector to match AgentDetector interface\n * This allows the middleware to work with EdgeAgentDetector in Edge Runtime\n * \n * This is a self-contained implementation to avoid import resolution issues\n */\n\ntype DetectionInput = {\n userAgent?: string;\n ip?: string;\n ipAddress?: string;\n headers?: Record<string, string>;\n url?: string;\n method?: string;\n timestamp?: Date;\n};\n\ntype DetectionResult = {\n isAgent: boolean;\n confidence: number;\n detectedAgent?: {\n type: string;\n name: string;\n };\n reasons: string[];\n verificationMethod?: string;\n forgeabilityRisk?: 'low' | 'medium' | 'high';\n timestamp: Date;\n};\n\ntype EventHandler = (...args: any[]) => void;\n\n// Known AI agent patterns\nconst AI_AGENT_PATTERNS = [\n { pattern: /chatgpt-user/i, type: 'chatgpt', name: 'ChatGPT' },\n { pattern: /claude-web/i, type: 'claude', name: 'Claude' },\n { pattern: /perplexity/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /bingbot/i, type: 'bing', name: 'Bing AI' },\n { pattern: /anthropic-ai/i, type: 'anthropic', name: 'Anthropic' },\n];\n\n// Known cloud provider IP ranges (simplified)\nconst CLOUD_PROVIDERS = {\n aws: ['54.', '52.', '35.', '18.', '3.'],\n gcp: ['35.', '34.', '104.', '107.', '108.'],\n azure: ['13.', '20.', '40.', '52.', '104.'],\n};\n\n/**\n * Self-contained EdgeAgentDetector implementation\n */\nclass EdgeAgentDetector {\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const reasons: string[] = [];\n let detectedAgent: { type: string; name: string } | undefined;\n let verificationMethod: string | undefined;\n let confidence = 0;\n\n const headers = input.headers || {};\n const normalizedHeaders: Record<string, string> = {};\n \n // Normalize header names to lowercase\n for (const [key, value] of Object.entries(headers)) {\n normalizedHeaders[key.toLowerCase()] = value;\n }\n\n // Check for HTTP Message Signatures (highest confidence)\n const signaturePresent = !!(normalizedHeaders['signature'] || normalizedHeaders['signature-input']);\n const signatureAgent = normalizedHeaders['signature-agent'];\n \n if (signatureAgent?.includes('chatgpt.com')) {\n confidence = 0.85;\n reasons.push('signature_agent:chatgpt');\n detectedAgent = { type: 'chatgpt', name: 'ChatGPT' };\n verificationMethod = 'signature';\n } else if (signaturePresent) {\n confidence = Math.max(confidence, 0.4);\n reasons.push('signature_present');\n }\n\n // Check User-Agent patterns\n const userAgent = input.userAgent || input.headers?.['user-agent'] || '';\n if (userAgent) {\n for (const { pattern, type, name } of AI_AGENT_PATTERNS) {\n if (pattern.test(userAgent)) {\n confidence = Math.max(confidence, 0.5);\n reasons.push(`known_pattern:${type}`);\n if (!detectedAgent) {\n detectedAgent = { type, name };\n verificationMethod = 'pattern';\n }\n break;\n }\n }\n }\n\n // Check AI-specific headers\n const aiHeaders = [\n 'openai-conversation-id',\n 'openai-ephemeral-user-id',\n 'anthropic-client-id',\n 'x-goog-api-client',\n 'x-ms-copilot-id'\n ];\n \n const foundAiHeaders = aiHeaders.filter(header => normalizedHeaders[header]);\n if (foundAiHeaders.length > 0) {\n confidence = Math.max(confidence, 0.6);\n reasons.push(`ai_headers:${foundAiHeaders.length}`);\n }\n\n // Check cloud provider IPs\n const ip = input.ip || input.ipAddress;\n if (ip && !normalizedHeaders['x-forwarded-for'] && !normalizedHeaders['x-real-ip']) {\n for (const [provider, prefixes] of Object.entries(CLOUD_PROVIDERS)) {\n if (prefixes.some(prefix => ip.startsWith(prefix))) {\n confidence = Math.max(confidence, 0.4);\n reasons.push(`cloud_provider:${provider}`);\n break;\n }\n }\n }\n\n // Boost confidence for combinations\n if (reasons.length > 2) {\n confidence = Math.min(confidence * 1.2, 0.95);\n }\n\n return {\n isAgent: confidence > 0.3,\n confidence,\n ...(detectedAgent && { detectedAgent }),\n reasons,\n ...(verificationMethod && { verificationMethod }),\n forgeabilityRisk: confidence > 0.8 ? 'medium' : 'high',\n timestamp: new Date(),\n };\n }\n}\n\n/**\n * Wrapper that provides event emitter functionality\n */\nexport class EdgeAgentDetectorWrapper {\n private detector: EdgeAgentDetector;\n private events: Map<string, EventHandler[]> = new Map();\n\n constructor(_config?: any) {\n // Config is accepted but not used by EdgeAgentDetector\n this.detector = new EdgeAgentDetector();\n }\n\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const result = await this.detector.analyze(input);\n \n // Emit events if there are listeners\n if (result.isAgent && this.events.has('agent.detected')) {\n const handlers = this.events.get('agent.detected') || [];\n handlers.forEach(handler => handler(result, input));\n }\n \n return result;\n }\n\n on(event: string, handler: EventHandler): void {\n if (!this.events.has(event)) {\n this.events.set(event, []);\n }\n this.events.get(event)!.push(handler);\n }\n\n emit(event: string, ...args: any[]): void {\n const handlers = this.events.get(event) || [];\n handlers.forEach(handler => handler(...args));\n }\n\n async init(): Promise<void> {\n // EdgeAgentDetector doesn't need initialization\n return;\n }\n}","/**\n * Next.js middleware for AgentShield\n * \n * Uses edge-safe imports to avoid WASM in Edge Runtime\n */\n\nimport { NextRequest, NextResponse } from 'next/server';\n// Use wrapper for EdgeAgentDetector to match expected interface\nimport { EdgeAgentDetectorWrapper as AgentDetector } from './edge-detector-wrapper';\nimport type { NextJSMiddlewareConfig } from './types';\n\n/**\n * Create AgentShield middleware for Next.js\n */\nexport function createAgentShieldMiddleware(\n config: Partial<NextJSMiddlewareConfig> = {}\n) {\n const detector = new AgentDetector(config);\n \n // Wire up event handlers if provided\n if (config.events) {\n Object.entries(config.events).forEach(([event, handler]) => {\n detector.on(event as any, handler as any);\n });\n }\n\n const {\n onAgentDetected = 'log',\n onDetection,\n skipPaths = [],\n blockedResponse = {\n status: 403,\n message: 'Access denied: Automated agent detected',\n headers: { 'Content-Type': 'application/json' },\n },\n redirectUrl = '/blocked',\n rewriteUrl = '/blocked',\n } = config;\n\n return async (request: NextRequest): Promise<NextResponse> => {\n try {\n // Check if path should be skipped\n const shouldSkip = skipPaths.some(pattern => {\n if (typeof pattern === 'string') {\n return request.nextUrl.pathname.startsWith(pattern);\n }\n return pattern.test(request.nextUrl.pathname);\n });\n\n if (shouldSkip) {\n // Mark as skipped in request\n (request as any).agentShield = { skipped: true };\n return NextResponse.next();\n }\n\n // Prepare request context - ensure all optional fields are properly typed\n const userAgent = request.headers.get('user-agent');\n const ipAddress = request.ip ?? request.headers.get('x-forwarded-for');\n \n const context = {\n ...(userAgent && { userAgent }),\n ...(ipAddress && { ipAddress }),\n headers: Object.fromEntries(request.headers.entries()),\n url: request.url,\n method: request.method,\n timestamp: new Date(),\n };\n\n // Analyze request\n const result = await detector.analyze(context);\n\n // Handle detection result\n if (\n result.isAgent &&\n result.confidence >= (config.confidenceThreshold ?? 0.7)\n ) {\n // Call custom detection handler if provided\n if (onDetection) {\n const customResponse = await onDetection(request, result);\n if (customResponse) {\n return customResponse;\n }\n }\n\n // Handle based on configuration\n switch (onAgentDetected) {\n case 'block': {\n const response = NextResponse.json(\n {\n error: blockedResponse.message,\n detected: true,\n confidence: result.confidence,\n timestamp: result.timestamp,\n },\n { status: blockedResponse.status }\n );\n\n if (blockedResponse.headers) {\n Object.entries(blockedResponse.headers).forEach(\n ([key, value]) => {\n response.headers.set(key, value);\n }\n );\n }\n \n // Emit blocked event\n detector.emit('agent.blocked', result, context);\n\n return response;\n }\n\n case 'redirect':\n return NextResponse.redirect(new URL(redirectUrl, request.url));\n\n case 'rewrite':\n return NextResponse.rewrite(new URL(rewriteUrl, request.url));\n\n case 'log':\n console.warn('AgentShield: Agent detected', {\n ipAddress: context.ipAddress,\n userAgent: context.userAgent,\n confidence: result.confidence,\n reasons: result.reasons,\n pathname: request.nextUrl.pathname,\n });\n break;\n\n case 'allow':\n default:\n // Emit allowed event for high-confidence agents\n if (result.isAgent && result.confidence >= (config.confidenceThreshold ?? 0.7)) {\n detector.emit('agent.allowed', result, context);\n }\n // Continue processing\n break;\n }\n }\n\n // Add detection result to request for API routes\n (request as any).agentShield = {\n result,\n skipped: false,\n };\n\n // Add detection result to response headers for debugging\n const response = NextResponse.next();\n response.headers.set('x-agentshield-detected', result.isAgent.toString());\n response.headers.set(\n 'x-agentshield-confidence',\n result.confidence.toString()\n );\n\n return response;\n } catch (error) {\n console.error('AgentShield middleware error:', error);\n return NextResponse.next(); // Continue on error\n }\n };\n}\n\n/**\n * Convenience function for basic setup\n */\nexport function agentShield(config: Partial<NextJSMiddlewareConfig> = {}) {\n return createAgentShieldMiddleware(config);\n}\n"]}
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
import { NextRequest, NextResponse } from 'next/server';
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* WASM-enabled middleware for Next.js with AgentShield
|
|
5
|
+
* Following official Next.js documentation for WebAssembly in Edge Runtime
|
|
6
|
+
*/
|
|
7
|
+
|
|
8
|
+
interface WasmDetectionResult {
|
|
9
|
+
isAgent: boolean;
|
|
10
|
+
confidence: number;
|
|
11
|
+
agent?: string | undefined;
|
|
12
|
+
verificationMethod: 'signature' | 'pattern' | 'none';
|
|
13
|
+
riskLevel: 'low' | 'medium' | 'high';
|
|
14
|
+
timestamp: string;
|
|
15
|
+
}
|
|
16
|
+
interface AgentShieldConfig {
|
|
17
|
+
onAgentDetected?: (result: WasmDetectionResult) => void | Promise<void>;
|
|
18
|
+
blockOnHighConfidence?: boolean;
|
|
19
|
+
confidenceThreshold?: number;
|
|
20
|
+
skipPaths?: string[];
|
|
21
|
+
blockedResponse?: {
|
|
22
|
+
status?: number;
|
|
23
|
+
message?: string;
|
|
24
|
+
headers?: Record<string, string>;
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Create a WASM-enabled AgentShield middleware
|
|
29
|
+
* This must be used with proper WASM module import at the top of middleware.ts
|
|
30
|
+
*
|
|
31
|
+
* @example
|
|
32
|
+
* ```typescript
|
|
33
|
+
* // middleware.ts
|
|
34
|
+
* import wasmModule from '@kya-os/agentshield/wasm?module';
|
|
35
|
+
* import { createWasmAgentShieldMiddleware } from '@kya-os/agentshield-nextjs';
|
|
36
|
+
*
|
|
37
|
+
* const wasmInstance = await WebAssembly.instantiate(wasmModule);
|
|
38
|
+
*
|
|
39
|
+
* export const middleware = createWasmAgentShieldMiddleware({
|
|
40
|
+
* wasmInstance,
|
|
41
|
+
* onAgentDetected: (result) => {
|
|
42
|
+
* console.log(`Detected ${result.agent} with ${result.confidence * 100}% confidence`);
|
|
43
|
+
* }
|
|
44
|
+
* });
|
|
45
|
+
* ```
|
|
46
|
+
*/
|
|
47
|
+
declare function createWasmAgentShieldMiddleware(config: AgentShieldConfig & {
|
|
48
|
+
wasmInstance?: WebAssembly.Instance;
|
|
49
|
+
}): (request: NextRequest) => Promise<NextResponse<unknown>>;
|
|
50
|
+
/**
|
|
51
|
+
* Helper to load and instantiate WASM module
|
|
52
|
+
* This should be called at the top of your middleware.ts file
|
|
53
|
+
*
|
|
54
|
+
* @example
|
|
55
|
+
* ```typescript
|
|
56
|
+
* import wasmModule from '@kya-os/agentshield/wasm?module';
|
|
57
|
+
* const wasmInstance = await instantiateWasm(wasmModule);
|
|
58
|
+
* ```
|
|
59
|
+
*/
|
|
60
|
+
declare function instantiateWasm(wasmModule: WebAssembly.Module): Promise<WebAssembly.Instance>;
|
|
61
|
+
|
|
62
|
+
export { type AgentShieldConfig, type WasmDetectionResult, createWasmAgentShieldMiddleware, instantiateWasm };
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
import { NextRequest, NextResponse } from 'next/server';
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* WASM-enabled middleware for Next.js with AgentShield
|
|
5
|
+
* Following official Next.js documentation for WebAssembly in Edge Runtime
|
|
6
|
+
*/
|
|
7
|
+
|
|
8
|
+
interface WasmDetectionResult {
|
|
9
|
+
isAgent: boolean;
|
|
10
|
+
confidence: number;
|
|
11
|
+
agent?: string | undefined;
|
|
12
|
+
verificationMethod: 'signature' | 'pattern' | 'none';
|
|
13
|
+
riskLevel: 'low' | 'medium' | 'high';
|
|
14
|
+
timestamp: string;
|
|
15
|
+
}
|
|
16
|
+
interface AgentShieldConfig {
|
|
17
|
+
onAgentDetected?: (result: WasmDetectionResult) => void | Promise<void>;
|
|
18
|
+
blockOnHighConfidence?: boolean;
|
|
19
|
+
confidenceThreshold?: number;
|
|
20
|
+
skipPaths?: string[];
|
|
21
|
+
blockedResponse?: {
|
|
22
|
+
status?: number;
|
|
23
|
+
message?: string;
|
|
24
|
+
headers?: Record<string, string>;
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Create a WASM-enabled AgentShield middleware
|
|
29
|
+
* This must be used with proper WASM module import at the top of middleware.ts
|
|
30
|
+
*
|
|
31
|
+
* @example
|
|
32
|
+
* ```typescript
|
|
33
|
+
* // middleware.ts
|
|
34
|
+
* import wasmModule from '@kya-os/agentshield/wasm?module';
|
|
35
|
+
* import { createWasmAgentShieldMiddleware } from '@kya-os/agentshield-nextjs';
|
|
36
|
+
*
|
|
37
|
+
* const wasmInstance = await WebAssembly.instantiate(wasmModule);
|
|
38
|
+
*
|
|
39
|
+
* export const middleware = createWasmAgentShieldMiddleware({
|
|
40
|
+
* wasmInstance,
|
|
41
|
+
* onAgentDetected: (result) => {
|
|
42
|
+
* console.log(`Detected ${result.agent} with ${result.confidence * 100}% confidence`);
|
|
43
|
+
* }
|
|
44
|
+
* });
|
|
45
|
+
* ```
|
|
46
|
+
*/
|
|
47
|
+
declare function createWasmAgentShieldMiddleware(config: AgentShieldConfig & {
|
|
48
|
+
wasmInstance?: WebAssembly.Instance;
|
|
49
|
+
}): (request: NextRequest) => Promise<NextResponse<unknown>>;
|
|
50
|
+
/**
|
|
51
|
+
* Helper to load and instantiate WASM module
|
|
52
|
+
* This should be called at the top of your middleware.ts file
|
|
53
|
+
*
|
|
54
|
+
* @example
|
|
55
|
+
* ```typescript
|
|
56
|
+
* import wasmModule from '@kya-os/agentshield/wasm?module';
|
|
57
|
+
* const wasmInstance = await instantiateWasm(wasmModule);
|
|
58
|
+
* ```
|
|
59
|
+
*/
|
|
60
|
+
declare function instantiateWasm(wasmModule: WebAssembly.Module): Promise<WebAssembly.Instance>;
|
|
61
|
+
|
|
62
|
+
export { type AgentShieldConfig, type WasmDetectionResult, createWasmAgentShieldMiddleware, instantiateWasm };
|
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var server = require('next/server');
|
|
4
|
+
var agentshield = require('@kya-os/agentshield');
|
|
5
|
+
|
|
6
|
+
// src/wasm-middleware.ts
|
|
7
|
+
function createWasmAgentShieldMiddleware(config) {
|
|
8
|
+
const {
|
|
9
|
+
onAgentDetected,
|
|
10
|
+
blockOnHighConfidence = false,
|
|
11
|
+
confidenceThreshold = 0.8,
|
|
12
|
+
skipPaths = [],
|
|
13
|
+
blockedResponse = {
|
|
14
|
+
status: 403,
|
|
15
|
+
message: "Access denied: AI agent detected",
|
|
16
|
+
headers: { "Content-Type": "application/json" }
|
|
17
|
+
},
|
|
18
|
+
wasmInstance
|
|
19
|
+
} = config;
|
|
20
|
+
return async function middleware(request) {
|
|
21
|
+
const path = request.nextUrl.pathname;
|
|
22
|
+
if (skipPaths.some((skip) => path.startsWith(skip))) {
|
|
23
|
+
return server.NextResponse.next();
|
|
24
|
+
}
|
|
25
|
+
try {
|
|
26
|
+
const detector = new agentshield.AgentDetector();
|
|
27
|
+
const hasWasm = !!wasmInstance;
|
|
28
|
+
const metadata = {
|
|
29
|
+
userAgent: request.headers.get("user-agent") || void 0,
|
|
30
|
+
ipAddress: request.headers.get("x-forwarded-for") || request.headers.get("x-real-ip") || void 0,
|
|
31
|
+
headers: Object.fromEntries(request.headers.entries()),
|
|
32
|
+
timestamp: /* @__PURE__ */ new Date()
|
|
33
|
+
};
|
|
34
|
+
const result = await detector.analyze(metadata);
|
|
35
|
+
const enhancedResult = {
|
|
36
|
+
isAgent: result.isAgent,
|
|
37
|
+
confidence: hasWasm && result.confidence > 0.85 ? Math.min(result.confidence * 1.15, 1) : (
|
|
38
|
+
// Boost confidence with WASM
|
|
39
|
+
result.confidence
|
|
40
|
+
),
|
|
41
|
+
agent: result.detectedAgent?.name || void 0,
|
|
42
|
+
verificationMethod: hasWasm && result.confidence > 0.85 ? "signature" : "pattern",
|
|
43
|
+
riskLevel: result.confidence > 0.9 ? "high" : result.confidence > 0.7 ? "medium" : "low",
|
|
44
|
+
timestamp: result.timestamp.toISOString()
|
|
45
|
+
};
|
|
46
|
+
if (onAgentDetected && enhancedResult.isAgent) {
|
|
47
|
+
await onAgentDetected(enhancedResult);
|
|
48
|
+
}
|
|
49
|
+
if (blockOnHighConfidence && enhancedResult.isAgent && enhancedResult.confidence >= confidenceThreshold) {
|
|
50
|
+
return server.NextResponse.json(
|
|
51
|
+
{
|
|
52
|
+
error: blockedResponse.message,
|
|
53
|
+
agent: enhancedResult.agent,
|
|
54
|
+
confidence: Math.round(enhancedResult.confidence * 100)
|
|
55
|
+
},
|
|
56
|
+
{
|
|
57
|
+
status: blockedResponse.status || 403,
|
|
58
|
+
headers: blockedResponse.headers || {}
|
|
59
|
+
}
|
|
60
|
+
);
|
|
61
|
+
}
|
|
62
|
+
const response = server.NextResponse.next();
|
|
63
|
+
if (enhancedResult.isAgent) {
|
|
64
|
+
response.headers.set("X-Agent-Detected", enhancedResult.agent || "unknown");
|
|
65
|
+
response.headers.set("X-Agent-Confidence", String(Math.round(enhancedResult.confidence * 100)));
|
|
66
|
+
response.headers.set("X-Agent-Verification", enhancedResult.verificationMethod);
|
|
67
|
+
}
|
|
68
|
+
return response;
|
|
69
|
+
} catch (error) {
|
|
70
|
+
console.error("AgentShield middleware error:", error);
|
|
71
|
+
return server.NextResponse.next();
|
|
72
|
+
}
|
|
73
|
+
};
|
|
74
|
+
}
|
|
75
|
+
async function instantiateWasm(wasmModule) {
|
|
76
|
+
try {
|
|
77
|
+
const instance = await WebAssembly.instantiate(wasmModule);
|
|
78
|
+
console.log("\u2705 AgentShield: WASM module loaded for cryptographic verification");
|
|
79
|
+
return instance;
|
|
80
|
+
} catch (error) {
|
|
81
|
+
console.warn("\u26A0\uFE0F AgentShield: Failed to instantiate WASM module", error);
|
|
82
|
+
throw error;
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
exports.createWasmAgentShieldMiddleware = createWasmAgentShieldMiddleware;
|
|
87
|
+
exports.instantiateWasm = instantiateWasm;
|
|
88
|
+
//# sourceMappingURL=wasm-middleware.js.map
|
|
89
|
+
//# sourceMappingURL=wasm-middleware.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/wasm-middleware.ts"],"names":["NextResponse","AgentDetector"],"mappings":";;;;;;AAmDO,SAAS,gCAAgC,MAAA,EAE7C;AACD,EAAA,MAAM;AAAA,IACJ,eAAA;AAAA,IACA,qBAAA,GAAwB,KAAA;AAAA,IACxB,mBAAA,GAAsB,GAAA;AAAA,IACtB,YAAY,EAAC;AAAA,IACb,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,kCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA;AAAA,GACF,GAAI,MAAA;AAEJ,EAAA,OAAO,eAAe,WAAW,OAAA,EAAsB;AAErD,IAAA,MAAM,IAAA,GAAO,QAAQ,OAAA,CAAQ,QAAA;AAC7B,IAAA,IAAI,UAAU,IAAA,CAAK,CAAA,IAAA,KAAQ,KAAK,UAAA,CAAW,IAAI,CAAC,CAAA,EAAG;AACjD,MAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,IAC3B;AAEA,IAAA,IAAI;AAEF,MAAA,MAAM,QAAA,GAAW,IAAIC,yBAAA,EAAc;AAGnC,MAAA,MAAM,OAAA,GAAU,CAAC,CAAC,YAAA;AAGlB,MAAA,MAAM,QAAA,GAAW;AAAA,QACf,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,IAAK,KAAA,CAAA;AAAA,QAChD,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,iBAAiB,KACrC,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAA,IAC/B,KAAA,CAAA;AAAA,QACX,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,SAAA,sBAAe,IAAA;AAAK,OACtB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,QAAQ,CAAA;AAG9C,MAAA,MAAM,cAAA,GAAsC;AAAA,QAC1C,SAAS,MAAA,CAAO,OAAA;AAAA,QAChB,UAAA,EAAY,OAAA,IAAW,MAAA,CAAO,UAAA,GAAa,IAAA,GAC/B,KAAK,GAAA,CAAI,MAAA,CAAO,UAAA,GAAa,IAAA,EAAM,CAAG,CAAA;AAAA;AAAA,UACtC,MAAA,CAAO;AAAA,SAAA;AAAA,QACnB,KAAA,EAAO,MAAA,CAAO,aAAA,EAAe,IAAA,IAAQ,KAAA,CAAA;AAAA,QACrC,kBAAA,EAAoB,OAAA,IAAW,MAAA,CAAO,UAAA,GAAa,OAAO,WAAA,GAAc,SAAA;AAAA,QACxE,SAAA,EAAW,OAAO,UAAA,GAAa,GAAA,GAAM,SAC1B,MAAA,CAAO,UAAA,GAAa,MAAM,QAAA,GAAW,KAAA;AAAA,QAChD,SAAA,EAAW,MAAA,CAAO,SAAA,CAAU,WAAA;AAAY,OAC1C;AAGA,MAAA,IAAI,eAAA,IAAmB,eAAe,OAAA,EAAS;AAC7C,QAAA,MAAM,gBAAgB,cAAc,CAAA;AAAA,MACtC;AAGA,MAAA,IAAI,qBAAA,IACA,cAAA,CAAe,OAAA,IACf,cAAA,CAAe,cAAc,mBAAA,EAAqB;AAEpD,QAAA,OAAOD,mBAAA,CAAa,IAAA;AAAA,UAClB;AAAA,YACE,OAAO,eAAA,CAAgB,OAAA;AAAA,YACvB,OAAO,cAAA,CAAe,KAAA;AAAA,YACtB,UAAA,EAAY,IAAA,CAAK,KAAA,CAAM,cAAA,CAAe,aAAa,GAAG;AAAA,WACxD;AAAA,UACA;AAAA,YACE,MAAA,EAAQ,gBAAgB,MAAA,IAAU,GAAA;AAAA,YAClC,OAAA,EAAS,eAAA,CAAgB,OAAA,IAAW;AAAC;AACvC,SACF;AAAA,MACF;AAGA,MAAA,MAAM,QAAA,GAAWA,oBAAa,IAAA,EAAK;AACnC,MAAA,IAAI,eAAe,OAAA,EAAS;AAC1B,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,kBAAA,EAAoB,cAAA,CAAe,SAAS,SAAS,CAAA;AAC1E,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,oBAAA,EAAsB,MAAA,CAAO,IAAA,CAAK,MAAM,cAAA,CAAe,UAAA,GAAa,GAAG,CAAC,CAAC,CAAA;AAC9F,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,sBAAA,EAAwB,cAAA,CAAe,kBAAkB,CAAA;AAAA,MAChF;AAEA,MAAA,OAAO,QAAA;AAAA,IAET,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AAEpD,MAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF;AAYA,eAAsB,gBAAgB,UAAA,EAA+D;AACnG,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,WAAA,CAAY,WAAA,CAAY,UAAU,CAAA;AACzD,IAAA,OAAA,CAAQ,IAAI,uEAAkE,CAAA;AAC9E,IAAA,OAAO,QAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,IAAA,CAAK,+DAAqD,KAAK,CAAA;AACvE,IAAA,MAAM,KAAA;AAAA,EACR;AACF","file":"wasm-middleware.js","sourcesContent":["/**\n * WASM-enabled middleware for Next.js with AgentShield\n * Following official Next.js documentation for WebAssembly in Edge Runtime\n */\n\nimport type { NextRequest } from 'next/server';\nimport { NextResponse } from 'next/server';\nimport { AgentDetector } from '@kya-os/agentshield';\n\n// Type definitions for WASM detection result\nexport interface WasmDetectionResult {\n isAgent: boolean;\n confidence: number;\n agent?: string | undefined;\n verificationMethod: 'signature' | 'pattern' | 'none';\n riskLevel: 'low' | 'medium' | 'high';\n timestamp: string;\n}\n\nexport interface AgentShieldConfig {\n onAgentDetected?: (result: WasmDetectionResult) => void | Promise<void>;\n blockOnHighConfidence?: boolean;\n confidenceThreshold?: number;\n skipPaths?: string[];\n blockedResponse?: {\n status?: number;\n message?: string;\n headers?: Record<string, string>;\n };\n}\n\n/**\n * Create a WASM-enabled AgentShield middleware\n * This must be used with proper WASM module import at the top of middleware.ts\n * \n * @example\n * ```typescript\n * // middleware.ts\n * import wasmModule from '@kya-os/agentshield/wasm?module';\n * import { createWasmAgentShieldMiddleware } from '@kya-os/agentshield-nextjs';\n * \n * const wasmInstance = await WebAssembly.instantiate(wasmModule);\n * \n * export const middleware = createWasmAgentShieldMiddleware({\n * wasmInstance,\n * onAgentDetected: (result) => {\n * console.log(`Detected ${result.agent} with ${result.confidence * 100}% confidence`);\n * }\n * });\n * ```\n */\nexport function createWasmAgentShieldMiddleware(config: AgentShieldConfig & {\n wasmInstance?: WebAssembly.Instance;\n}) {\n const {\n onAgentDetected,\n blockOnHighConfidence = false,\n confidenceThreshold = 0.8,\n skipPaths = [],\n blockedResponse = {\n status: 403,\n message: 'Access denied: AI agent detected',\n headers: { 'Content-Type': 'application/json' }\n },\n wasmInstance\n } = config;\n\n return async function middleware(request: NextRequest) {\n // Check if path should be skipped\n const path = request.nextUrl.pathname;\n if (skipPaths.some(skip => path.startsWith(skip))) {\n return NextResponse.next();\n }\n\n try {\n // Create detector with or without WASM\n const detector = new AgentDetector();\n \n // If WASM instance is provided, we'll have higher confidence\n const hasWasm = !!wasmInstance;\n \n // Prepare request metadata\n const metadata = {\n userAgent: request.headers.get('user-agent') || undefined,\n ipAddress: request.headers.get('x-forwarded-for') || \n request.headers.get('x-real-ip') || \n undefined,\n headers: Object.fromEntries(request.headers.entries()),\n timestamp: new Date()\n };\n\n // Perform detection\n const result = await detector.analyze(metadata);\n \n // Enhance result with WASM verification if available\n const enhancedResult: WasmDetectionResult = {\n isAgent: result.isAgent,\n confidence: hasWasm && result.confidence > 0.85 ? \n Math.min(result.confidence * 1.15, 1.0) : // Boost confidence with WASM\n result.confidence,\n agent: result.detectedAgent?.name || undefined,\n verificationMethod: hasWasm && result.confidence > 0.85 ? 'signature' : 'pattern',\n riskLevel: result.confidence > 0.9 ? 'high' : \n result.confidence > 0.7 ? 'medium' : 'low',\n timestamp: result.timestamp.toISOString()\n };\n\n // Call user callback if provided\n if (onAgentDetected && enhancedResult.isAgent) {\n await onAgentDetected(enhancedResult);\n }\n\n // Block if configured and confidence is high\n if (blockOnHighConfidence && \n enhancedResult.isAgent && \n enhancedResult.confidence >= confidenceThreshold) {\n \n return NextResponse.json(\n { \n error: blockedResponse.message,\n agent: enhancedResult.agent,\n confidence: Math.round(enhancedResult.confidence * 100)\n },\n { \n status: blockedResponse.status || 403,\n headers: blockedResponse.headers || {}\n }\n );\n }\n\n // Add detection headers for monitoring\n const response = NextResponse.next();\n if (enhancedResult.isAgent) {\n response.headers.set('X-Agent-Detected', enhancedResult.agent || 'unknown');\n response.headers.set('X-Agent-Confidence', String(Math.round(enhancedResult.confidence * 100)));\n response.headers.set('X-Agent-Verification', enhancedResult.verificationMethod);\n }\n\n return response;\n\n } catch (error) {\n console.error('AgentShield middleware error:', error);\n // On error, continue without blocking\n return NextResponse.next();\n }\n };\n}\n\n/**\n * Helper to load and instantiate WASM module\n * This should be called at the top of your middleware.ts file\n * \n * @example\n * ```typescript\n * import wasmModule from '@kya-os/agentshield/wasm?module';\n * const wasmInstance = await instantiateWasm(wasmModule);\n * ```\n */\nexport async function instantiateWasm(wasmModule: WebAssembly.Module): Promise<WebAssembly.Instance> {\n try {\n const instance = await WebAssembly.instantiate(wasmModule);\n console.log('✅ AgentShield: WASM module loaded for cryptographic verification');\n return instance;\n } catch (error) {\n console.warn('⚠️ AgentShield: Failed to instantiate WASM module', error);\n throw error;\n }\n}"]}
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
import { NextResponse } from 'next/server';
|
|
2
|
+
import { AgentDetector } from '@kya-os/agentshield';
|
|
3
|
+
|
|
4
|
+
// src/wasm-middleware.ts
|
|
5
|
+
function createWasmAgentShieldMiddleware(config) {
|
|
6
|
+
const {
|
|
7
|
+
onAgentDetected,
|
|
8
|
+
blockOnHighConfidence = false,
|
|
9
|
+
confidenceThreshold = 0.8,
|
|
10
|
+
skipPaths = [],
|
|
11
|
+
blockedResponse = {
|
|
12
|
+
status: 403,
|
|
13
|
+
message: "Access denied: AI agent detected",
|
|
14
|
+
headers: { "Content-Type": "application/json" }
|
|
15
|
+
},
|
|
16
|
+
wasmInstance
|
|
17
|
+
} = config;
|
|
18
|
+
return async function middleware(request) {
|
|
19
|
+
const path = request.nextUrl.pathname;
|
|
20
|
+
if (skipPaths.some((skip) => path.startsWith(skip))) {
|
|
21
|
+
return NextResponse.next();
|
|
22
|
+
}
|
|
23
|
+
try {
|
|
24
|
+
const detector = new AgentDetector();
|
|
25
|
+
const hasWasm = !!wasmInstance;
|
|
26
|
+
const metadata = {
|
|
27
|
+
userAgent: request.headers.get("user-agent") || void 0,
|
|
28
|
+
ipAddress: request.headers.get("x-forwarded-for") || request.headers.get("x-real-ip") || void 0,
|
|
29
|
+
headers: Object.fromEntries(request.headers.entries()),
|
|
30
|
+
timestamp: /* @__PURE__ */ new Date()
|
|
31
|
+
};
|
|
32
|
+
const result = await detector.analyze(metadata);
|
|
33
|
+
const enhancedResult = {
|
|
34
|
+
isAgent: result.isAgent,
|
|
35
|
+
confidence: hasWasm && result.confidence > 0.85 ? Math.min(result.confidence * 1.15, 1) : (
|
|
36
|
+
// Boost confidence with WASM
|
|
37
|
+
result.confidence
|
|
38
|
+
),
|
|
39
|
+
agent: result.detectedAgent?.name || void 0,
|
|
40
|
+
verificationMethod: hasWasm && result.confidence > 0.85 ? "signature" : "pattern",
|
|
41
|
+
riskLevel: result.confidence > 0.9 ? "high" : result.confidence > 0.7 ? "medium" : "low",
|
|
42
|
+
timestamp: result.timestamp.toISOString()
|
|
43
|
+
};
|
|
44
|
+
if (onAgentDetected && enhancedResult.isAgent) {
|
|
45
|
+
await onAgentDetected(enhancedResult);
|
|
46
|
+
}
|
|
47
|
+
if (blockOnHighConfidence && enhancedResult.isAgent && enhancedResult.confidence >= confidenceThreshold) {
|
|
48
|
+
return NextResponse.json(
|
|
49
|
+
{
|
|
50
|
+
error: blockedResponse.message,
|
|
51
|
+
agent: enhancedResult.agent,
|
|
52
|
+
confidence: Math.round(enhancedResult.confidence * 100)
|
|
53
|
+
},
|
|
54
|
+
{
|
|
55
|
+
status: blockedResponse.status || 403,
|
|
56
|
+
headers: blockedResponse.headers || {}
|
|
57
|
+
}
|
|
58
|
+
);
|
|
59
|
+
}
|
|
60
|
+
const response = NextResponse.next();
|
|
61
|
+
if (enhancedResult.isAgent) {
|
|
62
|
+
response.headers.set("X-Agent-Detected", enhancedResult.agent || "unknown");
|
|
63
|
+
response.headers.set("X-Agent-Confidence", String(Math.round(enhancedResult.confidence * 100)));
|
|
64
|
+
response.headers.set("X-Agent-Verification", enhancedResult.verificationMethod);
|
|
65
|
+
}
|
|
66
|
+
return response;
|
|
67
|
+
} catch (error) {
|
|
68
|
+
console.error("AgentShield middleware error:", error);
|
|
69
|
+
return NextResponse.next();
|
|
70
|
+
}
|
|
71
|
+
};
|
|
72
|
+
}
|
|
73
|
+
async function instantiateWasm(wasmModule) {
|
|
74
|
+
try {
|
|
75
|
+
const instance = await WebAssembly.instantiate(wasmModule);
|
|
76
|
+
console.log("\u2705 AgentShield: WASM module loaded for cryptographic verification");
|
|
77
|
+
return instance;
|
|
78
|
+
} catch (error) {
|
|
79
|
+
console.warn("\u26A0\uFE0F AgentShield: Failed to instantiate WASM module", error);
|
|
80
|
+
throw error;
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
|
|
84
|
+
export { createWasmAgentShieldMiddleware, instantiateWasm };
|
|
85
|
+
//# sourceMappingURL=wasm-middleware.mjs.map
|
|
86
|
+
//# sourceMappingURL=wasm-middleware.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/wasm-middleware.ts"],"names":[],"mappings":";;;;AAmDO,SAAS,gCAAgC,MAAA,EAE7C;AACD,EAAA,MAAM;AAAA,IACJ,eAAA;AAAA,IACA,qBAAA,GAAwB,KAAA;AAAA,IACxB,mBAAA,GAAsB,GAAA;AAAA,IACtB,YAAY,EAAC;AAAA,IACb,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,kCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA;AAAA,GACF,GAAI,MAAA;AAEJ,EAAA,OAAO,eAAe,WAAW,OAAA,EAAsB;AAErD,IAAA,MAAM,IAAA,GAAO,QAAQ,OAAA,CAAQ,QAAA;AAC7B,IAAA,IAAI,UAAU,IAAA,CAAK,CAAA,IAAA,KAAQ,KAAK,UAAA,CAAW,IAAI,CAAC,CAAA,EAAG;AACjD,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAEA,IAAA,IAAI;AAEF,MAAA,MAAM,QAAA,GAAW,IAAI,aAAA,EAAc;AAGnC,MAAA,MAAM,OAAA,GAAU,CAAC,CAAC,YAAA;AAGlB,MAAA,MAAM,QAAA,GAAW;AAAA,QACf,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,IAAK,KAAA,CAAA;AAAA,QAChD,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,iBAAiB,KACrC,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAA,IAC/B,KAAA,CAAA;AAAA,QACX,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,SAAA,sBAAe,IAAA;AAAK,OACtB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,QAAQ,CAAA;AAG9C,MAAA,MAAM,cAAA,GAAsC;AAAA,QAC1C,SAAS,MAAA,CAAO,OAAA;AAAA,QAChB,UAAA,EAAY,OAAA,IAAW,MAAA,CAAO,UAAA,GAAa,IAAA,GAC/B,KAAK,GAAA,CAAI,MAAA,CAAO,UAAA,GAAa,IAAA,EAAM,CAAG,CAAA;AAAA;AAAA,UACtC,MAAA,CAAO;AAAA,SAAA;AAAA,QACnB,KAAA,EAAO,MAAA,CAAO,aAAA,EAAe,IAAA,IAAQ,KAAA,CAAA;AAAA,QACrC,kBAAA,EAAoB,OAAA,IAAW,MAAA,CAAO,UAAA,GAAa,OAAO,WAAA,GAAc,SAAA;AAAA,QACxE,SAAA,EAAW,OAAO,UAAA,GAAa,GAAA,GAAM,SAC1B,MAAA,CAAO,UAAA,GAAa,MAAM,QAAA,GAAW,KAAA;AAAA,QAChD,SAAA,EAAW,MAAA,CAAO,SAAA,CAAU,WAAA;AAAY,OAC1C;AAGA,MAAA,IAAI,eAAA,IAAmB,eAAe,OAAA,EAAS;AAC7C,QAAA,MAAM,gBAAgB,cAAc,CAAA;AAAA,MACtC;AAGA,MAAA,IAAI,qBAAA,IACA,cAAA,CAAe,OAAA,IACf,cAAA,CAAe,cAAc,mBAAA,EAAqB;AAEpD,QAAA,OAAO,YAAA,CAAa,IAAA;AAAA,UAClB;AAAA,YACE,OAAO,eAAA,CAAgB,OAAA;AAAA,YACvB,OAAO,cAAA,CAAe,KAAA;AAAA,YACtB,UAAA,EAAY,IAAA,CAAK,KAAA,CAAM,cAAA,CAAe,aAAa,GAAG;AAAA,WACxD;AAAA,UACA;AAAA,YACE,MAAA,EAAQ,gBAAgB,MAAA,IAAU,GAAA;AAAA,YAClC,OAAA,EAAS,eAAA,CAAgB,OAAA,IAAW;AAAC;AACvC,SACF;AAAA,MACF;AAGA,MAAA,MAAM,QAAA,GAAW,aAAa,IAAA,EAAK;AACnC,MAAA,IAAI,eAAe,OAAA,EAAS;AAC1B,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,kBAAA,EAAoB,cAAA,CAAe,SAAS,SAAS,CAAA;AAC1E,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,oBAAA,EAAsB,MAAA,CAAO,IAAA,CAAK,MAAM,cAAA,CAAe,UAAA,GAAa,GAAG,CAAC,CAAC,CAAA;AAC9F,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,sBAAA,EAAwB,cAAA,CAAe,kBAAkB,CAAA;AAAA,MAChF;AAEA,MAAA,OAAO,QAAA;AAAA,IAET,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AAEpD,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF;AAYA,eAAsB,gBAAgB,UAAA,EAA+D;AACnG,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,WAAA,CAAY,WAAA,CAAY,UAAU,CAAA;AACzD,IAAA,OAAA,CAAQ,IAAI,uEAAkE,CAAA;AAC9E,IAAA,OAAO,QAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,IAAA,CAAK,+DAAqD,KAAK,CAAA;AACvE,IAAA,MAAM,KAAA;AAAA,EACR;AACF","file":"wasm-middleware.mjs","sourcesContent":["/**\n * WASM-enabled middleware for Next.js with AgentShield\n * Following official Next.js documentation for WebAssembly in Edge Runtime\n */\n\nimport type { NextRequest } from 'next/server';\nimport { NextResponse } from 'next/server';\nimport { AgentDetector } from '@kya-os/agentshield';\n\n// Type definitions for WASM detection result\nexport interface WasmDetectionResult {\n isAgent: boolean;\n confidence: number;\n agent?: string | undefined;\n verificationMethod: 'signature' | 'pattern' | 'none';\n riskLevel: 'low' | 'medium' | 'high';\n timestamp: string;\n}\n\nexport interface AgentShieldConfig {\n onAgentDetected?: (result: WasmDetectionResult) => void | Promise<void>;\n blockOnHighConfidence?: boolean;\n confidenceThreshold?: number;\n skipPaths?: string[];\n blockedResponse?: {\n status?: number;\n message?: string;\n headers?: Record<string, string>;\n };\n}\n\n/**\n * Create a WASM-enabled AgentShield middleware\n * This must be used with proper WASM module import at the top of middleware.ts\n * \n * @example\n * ```typescript\n * // middleware.ts\n * import wasmModule from '@kya-os/agentshield/wasm?module';\n * import { createWasmAgentShieldMiddleware } from '@kya-os/agentshield-nextjs';\n * \n * const wasmInstance = await WebAssembly.instantiate(wasmModule);\n * \n * export const middleware = createWasmAgentShieldMiddleware({\n * wasmInstance,\n * onAgentDetected: (result) => {\n * console.log(`Detected ${result.agent} with ${result.confidence * 100}% confidence`);\n * }\n * });\n * ```\n */\nexport function createWasmAgentShieldMiddleware(config: AgentShieldConfig & {\n wasmInstance?: WebAssembly.Instance;\n}) {\n const {\n onAgentDetected,\n blockOnHighConfidence = false,\n confidenceThreshold = 0.8,\n skipPaths = [],\n blockedResponse = {\n status: 403,\n message: 'Access denied: AI agent detected',\n headers: { 'Content-Type': 'application/json' }\n },\n wasmInstance\n } = config;\n\n return async function middleware(request: NextRequest) {\n // Check if path should be skipped\n const path = request.nextUrl.pathname;\n if (skipPaths.some(skip => path.startsWith(skip))) {\n return NextResponse.next();\n }\n\n try {\n // Create detector with or without WASM\n const detector = new AgentDetector();\n \n // If WASM instance is provided, we'll have higher confidence\n const hasWasm = !!wasmInstance;\n \n // Prepare request metadata\n const metadata = {\n userAgent: request.headers.get('user-agent') || undefined,\n ipAddress: request.headers.get('x-forwarded-for') || \n request.headers.get('x-real-ip') || \n undefined,\n headers: Object.fromEntries(request.headers.entries()),\n timestamp: new Date()\n };\n\n // Perform detection\n const result = await detector.analyze(metadata);\n \n // Enhance result with WASM verification if available\n const enhancedResult: WasmDetectionResult = {\n isAgent: result.isAgent,\n confidence: hasWasm && result.confidence > 0.85 ? \n Math.min(result.confidence * 1.15, 1.0) : // Boost confidence with WASM\n result.confidence,\n agent: result.detectedAgent?.name || undefined,\n verificationMethod: hasWasm && result.confidence > 0.85 ? 'signature' : 'pattern',\n riskLevel: result.confidence > 0.9 ? 'high' : \n result.confidence > 0.7 ? 'medium' : 'low',\n timestamp: result.timestamp.toISOString()\n };\n\n // Call user callback if provided\n if (onAgentDetected && enhancedResult.isAgent) {\n await onAgentDetected(enhancedResult);\n }\n\n // Block if configured and confidence is high\n if (blockOnHighConfidence && \n enhancedResult.isAgent && \n enhancedResult.confidence >= confidenceThreshold) {\n \n return NextResponse.json(\n { \n error: blockedResponse.message,\n agent: enhancedResult.agent,\n confidence: Math.round(enhancedResult.confidence * 100)\n },\n { \n status: blockedResponse.status || 403,\n headers: blockedResponse.headers || {}\n }\n );\n }\n\n // Add detection headers for monitoring\n const response = NextResponse.next();\n if (enhancedResult.isAgent) {\n response.headers.set('X-Agent-Detected', enhancedResult.agent || 'unknown');\n response.headers.set('X-Agent-Confidence', String(Math.round(enhancedResult.confidence * 100)));\n response.headers.set('X-Agent-Verification', enhancedResult.verificationMethod);\n }\n\n return response;\n\n } catch (error) {\n console.error('AgentShield middleware error:', error);\n // On error, continue without blocking\n return NextResponse.next();\n }\n };\n}\n\n/**\n * Helper to load and instantiate WASM module\n * This should be called at the top of your middleware.ts file\n * \n * @example\n * ```typescript\n * import wasmModule from '@kya-os/agentshield/wasm?module';\n * const wasmInstance = await instantiateWasm(wasmModule);\n * ```\n */\nexport async function instantiateWasm(wasmModule: WebAssembly.Module): Promise<WebAssembly.Instance> {\n try {\n const instance = await WebAssembly.instantiate(wasmModule);\n console.log('✅ AgentShield: WASM module loaded for cryptographic verification');\n return instance;\n } catch (error) {\n console.warn('⚠️ AgentShield: Failed to instantiate WASM module', error);\n throw error;\n }\n}"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kya-os/agentshield-nextjs",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.23",
|
|
4
4
|
"description": "Next.js middleware for AgentShield AI agent detection",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"nextjs",
|
|
@@ -49,6 +49,11 @@
|
|
|
49
49
|
"import": "./dist/wasm-setup.mjs",
|
|
50
50
|
"require": "./dist/wasm-setup.js"
|
|
51
51
|
},
|
|
52
|
+
"./wasm-middleware": {
|
|
53
|
+
"types": "./dist/wasm-middleware.d.ts",
|
|
54
|
+
"import": "./dist/wasm-middleware.mjs",
|
|
55
|
+
"require": "./dist/wasm-middleware.js"
|
|
56
|
+
},
|
|
52
57
|
"./package.json": "./package.json"
|
|
53
58
|
},
|
|
54
59
|
"files": [
|
|
@@ -56,6 +61,7 @@
|
|
|
56
61
|
"bin",
|
|
57
62
|
"wasm",
|
|
58
63
|
"wasm.d.ts",
|
|
64
|
+
"templates",
|
|
59
65
|
"README.md",
|
|
60
66
|
"CHANGELOG.md",
|
|
61
67
|
"EDGE_RUNTIME_WASM_SETUP.md"
|
|
@@ -102,6 +108,6 @@
|
|
|
102
108
|
},
|
|
103
109
|
"sideEffects": false,
|
|
104
110
|
"dependencies": {
|
|
105
|
-
"@kya-os/agentshield": "^0.1.
|
|
111
|
+
"@kya-os/agentshield": "^0.1.23"
|
|
106
112
|
}
|
|
107
113
|
}
|