@kya-os/agentshield-nextjs 0.1.26 → 0.1.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. package/README.md +24 -36
  2. package/dist/create-middleware.d.mts +1 -1
  3. package/dist/create-middleware.d.ts +1 -1
  4. package/dist/create-middleware.js +168 -2
  5. package/dist/create-middleware.js.map +1 -1
  6. package/dist/create-middleware.mjs +168 -2
  7. package/dist/create-middleware.mjs.map +1 -1
  8. package/dist/edge-detector-wrapper.js +8 -1
  9. package/dist/edge-detector-wrapper.js.map +1 -1
  10. package/dist/edge-detector-wrapper.mjs +8 -1
  11. package/dist/edge-detector-wrapper.mjs.map +1 -1
  12. package/dist/edge-wasm-middleware.d.mts +58 -0
  13. package/dist/edge-wasm-middleware.d.ts +58 -0
  14. package/dist/edge-wasm-middleware.js +245 -0
  15. package/dist/edge-wasm-middleware.js.map +1 -0
  16. package/dist/edge-wasm-middleware.mjs +242 -0
  17. package/dist/edge-wasm-middleware.mjs.map +1 -0
  18. package/dist/index.d.mts +2 -1
  19. package/dist/index.d.ts +2 -1
  20. package/dist/index.js +223 -2
  21. package/dist/index.js.map +1 -1
  22. package/dist/index.mjs +222 -3
  23. package/dist/index.mjs.map +1 -1
  24. package/dist/middleware.d.mts +1 -1
  25. package/dist/middleware.d.ts +1 -1
  26. package/dist/middleware.js +168 -2
  27. package/dist/middleware.js.map +1 -1
  28. package/dist/middleware.mjs +168 -2
  29. package/dist/middleware.mjs.map +1 -1
  30. package/dist/session-tracker.d.mts +55 -0
  31. package/dist/session-tracker.d.ts +55 -0
  32. package/dist/session-tracker.js +176 -0
  33. package/dist/session-tracker.js.map +1 -0
  34. package/dist/session-tracker.mjs +173 -0
  35. package/dist/session-tracker.mjs.map +1 -0
  36. package/dist/{types-Hsgc8Gry.d.mts → types-BJTEUa4T.d.mts} +28 -0
  37. package/dist/{types-Hsgc8Gry.d.ts → types-BJTEUa4T.d.ts} +28 -0
  38. package/package.json +7 -2
package/dist/index.mjs CHANGED
@@ -45,7 +45,14 @@ var EdgeAgentDetector = class {
45
45
  if (userAgent) {
46
46
  for (const { pattern, type, name } of AI_AGENT_PATTERNS) {
47
47
  if (pattern.test(userAgent)) {
48
- confidence = Math.max(confidence, 0.5);
48
+ const highConfidenceAgents = [
49
+ "chatgpt",
50
+ "claude",
51
+ "perplexity",
52
+ "anthropic"
53
+ ];
54
+ const patternConfidence = highConfidenceAgents.includes(type) ? 0.85 : 0.5;
55
+ confidence = Math.max(confidence, patternConfidence);
49
56
  reasons.push(`known_pattern:${type}`);
50
57
  if (!detectedAgent) {
51
58
  detectedAgent = { type, name };
@@ -122,9 +129,183 @@ var EdgeAgentDetectorWrapper = class {
122
129
  }
123
130
  };
124
131
 
132
+ // src/session-tracker.ts
133
+ var EdgeSessionTracker = class {
134
+ config;
135
+ constructor(config) {
136
+ this.config = {
137
+ enabled: config.enabled,
138
+ cookieName: config.cookieName || "__agentshield_session",
139
+ cookieMaxAge: config.cookieMaxAge || 3600,
140
+ // 1 hour default
141
+ encryptionKey: config.encryptionKey || process.env.AGENTSHIELD_SECRET || "agentshield-default-key"
142
+ };
143
+ }
144
+ /**
145
+ * Track a new AI agent session
146
+ */
147
+ async track(_request, response, result) {
148
+ try {
149
+ if (!this.config.enabled || !result.isAgent) {
150
+ return response;
151
+ }
152
+ const sessionData = {
153
+ id: crypto.randomUUID(),
154
+ agent: result.detectedAgent?.name || "unknown",
155
+ confidence: result.confidence,
156
+ detectedAt: Date.now(),
157
+ expires: Date.now() + this.config.cookieMaxAge * 1e3
158
+ };
159
+ const encrypted = await this.encrypt(JSON.stringify(sessionData));
160
+ response.cookies.set(this.config.cookieName, encrypted, {
161
+ httpOnly: true,
162
+ secure: process.env.NODE_ENV === "production",
163
+ sameSite: "lax",
164
+ maxAge: this.config.cookieMaxAge,
165
+ path: "/"
166
+ });
167
+ return response;
168
+ } catch (error) {
169
+ if (process.env.DEBUG_AGENTSHIELD) {
170
+ console.warn("AgentShield: Failed to track session:", error);
171
+ }
172
+ return response;
173
+ }
174
+ }
175
+ /**
176
+ * Check for existing AI agent session
177
+ */
178
+ async check(request) {
179
+ try {
180
+ if (!this.config.enabled) {
181
+ return null;
182
+ }
183
+ const cookie = request.cookies.get(this.config.cookieName);
184
+ if (!cookie?.value) {
185
+ return null;
186
+ }
187
+ const decrypted = await this.decrypt(cookie.value);
188
+ const session = JSON.parse(decrypted);
189
+ if (session.expires < Date.now()) {
190
+ return null;
191
+ }
192
+ return session;
193
+ } catch (error) {
194
+ if (process.env.DEBUG_AGENTSHIELD) {
195
+ console.warn("AgentShield: Failed to check session:", error);
196
+ }
197
+ return null;
198
+ }
199
+ }
200
+ /**
201
+ * Clear an existing session
202
+ */
203
+ clear(response) {
204
+ try {
205
+ response.cookies.delete(this.config.cookieName);
206
+ } catch (error) {
207
+ if (process.env.DEBUG_AGENTSHIELD) {
208
+ console.warn("AgentShield: Failed to clear session:", error);
209
+ }
210
+ }
211
+ return response;
212
+ }
213
+ /**
214
+ * Simple encryption using Web Crypto API (Edge-compatible)
215
+ */
216
+ async encrypt(data) {
217
+ try {
218
+ const key = this.config.encryptionKey;
219
+ const encoded = new TextEncoder().encode(data);
220
+ const obfuscated = new Uint8Array(encoded.length);
221
+ for (let i = 0; i < encoded.length; i++) {
222
+ obfuscated[i] = (encoded[i] || 0) ^ key.charCodeAt(i % key.length);
223
+ }
224
+ return btoa(
225
+ Array.from(obfuscated, (byte) => String.fromCharCode(byte)).join("")
226
+ );
227
+ } catch (error) {
228
+ return btoa(data);
229
+ }
230
+ }
231
+ /**
232
+ * Simple decryption (Edge-compatible)
233
+ */
234
+ async decrypt(data) {
235
+ try {
236
+ const key = this.config.encryptionKey;
237
+ const decoded = Uint8Array.from(atob(data), (c) => c.charCodeAt(0));
238
+ const deobfuscated = new Uint8Array(decoded.length);
239
+ for (let i = 0; i < decoded.length; i++) {
240
+ deobfuscated[i] = (decoded[i] || 0) ^ key.charCodeAt(i % key.length);
241
+ }
242
+ return new TextDecoder().decode(deobfuscated);
243
+ } catch (error) {
244
+ return atob(data);
245
+ }
246
+ }
247
+ };
248
+ var StatelessSessionChecker = class {
249
+ static check(headers) {
250
+ try {
251
+ const agent = headers["x-agentshield-session-agent"];
252
+ const confidence = headers["x-agentshield-session-confidence"];
253
+ const sessionId = headers["x-agentshield-session-id"];
254
+ if (agent && confidence && sessionId) {
255
+ return {
256
+ id: sessionId,
257
+ agent,
258
+ confidence: parseFloat(confidence),
259
+ detectedAt: Date.now(),
260
+ expires: Date.now() + 36e5
261
+ // 1 hour
262
+ };
263
+ }
264
+ const cookieHeader = headers["cookie"];
265
+ if (cookieHeader && cookieHeader.includes("__agentshield_session=")) {
266
+ const match = cookieHeader.match(/__agentshield_session=([^;]+)/);
267
+ if (match && match[1]) {
268
+ try {
269
+ const decoded = atob(match[1]);
270
+ return JSON.parse(decoded);
271
+ } catch {
272
+ }
273
+ }
274
+ }
275
+ return null;
276
+ } catch {
277
+ return null;
278
+ }
279
+ }
280
+ static setHeaders(response, session) {
281
+ try {
282
+ if (response.setHeader) {
283
+ response.setHeader("X-AgentShield-Session-Agent", session.agent);
284
+ response.setHeader(
285
+ "X-AgentShield-Session-Confidence",
286
+ session.confidence.toString()
287
+ );
288
+ response.setHeader("X-AgentShield-Session-Id", session.id);
289
+ } else if (response.headers && response.headers.set) {
290
+ response.headers.set("x-agentshield-session-agent", session.agent);
291
+ response.headers.set(
292
+ "x-agentshield-session-confidence",
293
+ session.confidence.toString()
294
+ );
295
+ response.headers.set("x-agentshield-session-id", session.id);
296
+ }
297
+ } catch {
298
+ }
299
+ }
300
+ };
301
+
125
302
  // src/middleware.ts
126
303
  function createAgentShieldMiddleware(config = {}) {
127
304
  const detector = new EdgeAgentDetectorWrapper(config);
305
+ const sessionTracker = config.sessionTracking?.enabled || config.enableWasm ? new EdgeSessionTracker({
306
+ enabled: true,
307
+ ...config.sessionTracking
308
+ }) : null;
128
309
  if (config.events) {
129
310
  Object.entries(config.events).forEach(([event, handler]) => {
130
311
  detector.on(event, handler);
@@ -154,6 +335,39 @@ function createAgentShieldMiddleware(config = {}) {
154
335
  request.agentShield = { skipped: true };
155
336
  return NextResponse.next();
156
337
  }
338
+ const existingSession = sessionTracker ? await sessionTracker.check(request) : null;
339
+ if (existingSession) {
340
+ const response2 = NextResponse.next();
341
+ response2.headers.set("x-agentshield-detected", "true");
342
+ response2.headers.set("x-agentshield-agent", existingSession.agent);
343
+ response2.headers.set(
344
+ "x-agentshield-confidence",
345
+ existingSession.confidence.toString()
346
+ );
347
+ response2.headers.set("x-agentshield-session", "continued");
348
+ response2.headers.set("x-agentshield-session-id", existingSession.id);
349
+ request.agentShield = {
350
+ result: {
351
+ isAgent: true,
352
+ confidence: existingSession.confidence,
353
+ detectedAgent: { name: existingSession.agent },
354
+ timestamp: /* @__PURE__ */ new Date(),
355
+ verificationMethod: "session"
356
+ },
357
+ session: existingSession,
358
+ skipped: false
359
+ };
360
+ const context2 = {
361
+ userAgent: request.headers.get("user-agent") || "",
362
+ ipAddress: (request.ip ?? request.headers.get("x-forwarded-for")) || "",
363
+ headers: Object.fromEntries(request.headers.entries()),
364
+ url: request.url,
365
+ method: request.method,
366
+ timestamp: /* @__PURE__ */ new Date()
367
+ };
368
+ detector.emit("agent.session.continued", existingSession, context2);
369
+ return response2;
370
+ }
157
371
  const userAgent = request.headers.get("user-agent");
158
372
  const ipAddress = request.ip ?? request.headers.get("x-forwarded-for");
159
373
  const context = {
@@ -218,7 +432,7 @@ function createAgentShieldMiddleware(config = {}) {
218
432
  result,
219
433
  skipped: false
220
434
  };
221
- const response = NextResponse.next();
435
+ let response = NextResponse.next();
222
436
  response.headers.set("x-agentshield-detected", result.isAgent.toString());
223
437
  response.headers.set(
224
438
  "x-agentshield-confidence",
@@ -227,6 +441,11 @@ function createAgentShieldMiddleware(config = {}) {
227
441
  if (result.detectedAgent?.name) {
228
442
  response.headers.set("x-agentshield-agent", result.detectedAgent.name);
229
443
  }
444
+ if (sessionTracker && result.isAgent && result.confidence >= (config.confidenceThreshold ?? 0.7)) {
445
+ response = await sessionTracker.track(request, response, result);
446
+ response.headers.set("x-agentshield-session", "new");
447
+ detector.emit("agent.session.started", result, context);
448
+ }
230
449
  return response;
231
450
  } catch (error) {
232
451
  console.error("AgentShield middleware error:", error);
@@ -265,6 +484,6 @@ var VERSION = "0.1.0";
265
484
  * @license MIT OR Apache-2.0
266
485
  */
267
486
 
268
- export { VERSION, createAgentShieldMiddleware2 as createAgentShieldMiddleware, createAgentShieldMiddleware as createAgentShieldMiddlewareBase, createAgentShieldMiddleware2 as createMiddleware };
487
+ export { EdgeSessionTracker, StatelessSessionChecker, VERSION, createAgentShieldMiddleware2 as createAgentShieldMiddleware, createAgentShieldMiddleware as createAgentShieldMiddlewareBase, createAgentShieldMiddleware2 as createMiddleware };
269
488
  //# sourceMappingURL=index.mjs.map
270
489
  //# sourceMappingURL=index.mjs.map
package/dist/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/edge-detector-wrapper.ts","../src/middleware.ts","../src/create-middleware.ts","../src/index.ts"],"names":["response","createAgentShieldMiddleware","NextResponse"],"mappings":";;;;;AAiCA,IAAM,iBAAA,GAAoB;AAAA,EACxB,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,SAAA,EAAW,MAAM,SAAA,EAAU;AAAA,EAC7D,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,QAAA,EAAU,MAAM,QAAA,EAAS;AAAA,EACzD,EAAE,OAAA,EAAS,gBAAA,EAAkB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACpE,EAAE,OAAA,EAAS,kBAAA,EAAoB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACtE,EAAE,OAAA,EAAS,gBAAA,EAAkB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACpE,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA;AAAA,EACjE,EAAE,OAAA,EAAS,UAAA,EAAY,IAAA,EAAM,MAAA,EAAQ,MAAM,SAAA,EAAU;AAAA,EACrD,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,WAAA,EAAa,MAAM,WAAA;AACvD,CAAA;AAGA,IAAM,eAAA,GAAkB;AAAA,EACtB,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,IAAI,CAAA;AAAA,EACtC,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,QAAQ,MAAM,CAAA;AAAA,EAC1C,OAAO,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,MAAM;AAC5C,CAAA;AAKA,IAAM,oBAAN,MAAwB;AAAA,EACtB,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,IAAI,aAAA;AACJ,IAAA,IAAI,kBAAA;AACJ,IAAA,IAAI,UAAA,GAAa,CAAA;AAEjB,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,OAAA,IAAW,EAAC;AAClC,IAAA,MAAM,oBAA4C,EAAC;AAGnD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,MAAA,iBAAA,CAAkB,GAAA,CAAI,WAAA,EAAa,CAAA,GAAI,KAAA;AAAA,IACzC;AAGA,IAAA,MAAM,mBAAmB,CAAC,EACxB,kBAAkB,WAAW,CAAA,IAAK,kBAAkB,iBAAiB,CAAA,CAAA;AAEvE,IAAA,MAAM,cAAA,GAAiB,kBAAkB,iBAAiB,CAAA;AAE1D,IAAA,IAAI,cAAA,EAAgB,QAAA,CAAS,aAAa,CAAA,EAAG;AAC3C,MAAA,UAAA,GAAa,IAAA;AACb,MAAA,OAAA,CAAQ,KAAK,yBAAyB,CAAA;AACtC,MAAA,aAAA,GAAgB,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,SAAA,EAAU;AACnD,MAAA,kBAAA,GAAqB,WAAA;AAAA,IACvB,WAAW,gBAAA,EAAkB;AAC3B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,KAAK,mBAAmB,CAAA;AAAA,IAClC;AAGA,IAAA,MAAM,YAAY,KAAA,CAAM,SAAA,IAAa,KAAA,CAAM,OAAA,GAAU,YAAY,CAAA,IAAK,EAAA;AACtE,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,KAAA,MAAW,EAAE,OAAA,EAAS,IAAA,EAAM,IAAA,MAAU,iBAAA,EAAmB;AACvD,QAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA,EAAG;AAC3B,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,cAAA,EAAiB,IAAI,CAAA,CAAE,CAAA;AACpC,UAAA,IAAI,CAAC,aAAA,EAAe;AAClB,YAAA,aAAA,GAAgB,EAAE,MAAM,IAAA,EAAK;AAC7B,YAAA,kBAAA,GAAqB,SAAA;AAAA,UACvB;AACA,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,MAAM,SAAA,GAAY;AAAA,MAChB,wBAAA;AAAA,MACA,0BAAA;AAAA,MACA,qBAAA;AAAA,MACA,mBAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,iBAAiB,SAAA,CAAU,MAAA;AAAA,MAC/B,CAAA,MAAA,KAAU,kBAAkB,MAAM;AAAA,KACpC;AACA,IAAA,IAAI,cAAA,CAAe,SAAS,CAAA,EAAG;AAC7B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,WAAA,EAAc,cAAA,CAAe,MAAM,CAAA,CAAE,CAAA;AAAA,IACpD;AAGA,IAAA,MAAM,EAAA,GAAK,KAAA,CAAM,EAAA,IAAM,KAAA,CAAM,SAAA;AAC7B,IAAA,IACE,EAAA,IACA,CAAC,iBAAA,CAAkB,iBAAiB,KACpC,CAAC,iBAAA,CAAkB,WAAW,CAAA,EAC9B;AACA,MAAA,KAAA,MAAW,CAAC,QAAA,EAAU,QAAQ,KAAK,MAAA,CAAO,OAAA,CAAQ,eAAe,CAAA,EAAG;AAClE,QAAA,IAAI,SAAS,IAAA,CAAK,CAAA,MAAA,KAAU,GAAG,UAAA,CAAW,MAAM,CAAC,CAAA,EAAG;AAClD,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,eAAA,EAAkB,QAAQ,CAAA,CAAE,CAAA;AACzC,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,GAAa,GAAA,EAAK,IAAI,CAAA;AAAA,IAC9C;AAEA,IAAA,OAAO;AAAA,MACL,SAAS,UAAA,GAAa,GAAA;AAAA,MACtB,UAAA;AAAA,MACA,GAAI,aAAA,IAAiB,EAAE,aAAA,EAAc;AAAA,MACrC,OAAA;AAAA,MACA,GAAI,kBAAA,IAAsB,EAAE,kBAAA,EAAmB;AAAA,MAC/C,gBAAA,EAAkB,UAAA,GAAa,GAAA,GAAM,QAAA,GAAW,MAAA;AAAA,MAChD,SAAA,sBAAe,IAAA;AAAK,KACtB;AAAA,EACF;AACF,CAAA;AAKO,IAAM,2BAAN,MAA+B;AAAA,EAC5B,QAAA;AAAA,EACA,MAAA,uBAA0C,GAAA,EAAI;AAAA,EAEtD,YAAY,OAAA,EAAe;AAEzB,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,iBAAA,EAAkB;AAAA,EACxC;AAAA,EAEA,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,QAAA,CAAS,QAAQ,KAAK,CAAA;AAGhD,IAAA,IAAI,OAAO,OAAA,IAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,KAAK,EAAC;AACvD,MAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,MAAA,EAAQ,KAAK,CAAC,CAAA;AAAA,IACpD;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,EAAA,CAAG,OAAe,OAAA,EAA6B;AAC7C,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,EAAG;AAC3B,MAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAA,EAAO,EAAE,CAAA;AAAA,IAC3B;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,CAAG,KAAK,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,IAAA,CAAK,UAAkB,IAAA,EAAmB;AACxC,IAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,KAAK,EAAC;AAC5C,IAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,GAAG,IAAI,CAAC,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,IAAA,GAAsB;AAE1B,IAAA;AAAA,EACF;AACF,CAAA;;;ACjLO,SAAS,2BAAA,CACd,MAAA,GAA0C,EAAC,EAC3C;AACA,EAAA,MAAM,QAAA,GAAW,IAAI,wBAAA,CAAc,MAAM,CAAA;AAGzC,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,MAAA,CAAO,OAAA,CAAQ,OAAO,MAAM,CAAA,CAAE,QAAQ,CAAC,CAAC,KAAA,EAAO,OAAO,CAAA,KAAM;AAC1D,MAAA,QAAA,CAAS,EAAA,CAAG,OAAc,OAAc,CAAA;AAAA,IAC1C,CAAC,CAAA;AAAA,EACH;AAEA,EAAA,MAAM;AAAA,IACJ,eAAA,GAAkB,KAAA;AAAA,IAClB,WAAA;AAAA,IACA,YAAY,EAAC;AAAA,IACb,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,yCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA,WAAA,GAAc,UAAA;AAAA,IACd,UAAA,GAAa;AAAA,GACf,GAAI,MAAA;AAEJ,EAAA,OAAO,OAAO,OAAA,KAAgD;AAC5D,IAAA,IAAI;AAEF,MAAA,MAAM,UAAA,GAAa,SAAA,CAAU,IAAA,CAAK,CAAA,OAAA,KAAW;AAC3C,QAAA,IAAI,OAAO,YAAY,QAAA,EAAU;AAC/B,UAAA,OAAO,OAAA,CAAQ,OAAA,CAAQ,QAAA,CAAS,UAAA,CAAW,OAAO,CAAA;AAAA,QACpD;AACA,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,QAAQ,CAAA;AAAA,MAC9C,CAAC,CAAA;AAED,MAAA,IAAI,UAAA,EAAY;AAEd,QAAC,OAAA,CAAgB,WAAA,GAAc,EAAE,OAAA,EAAS,IAAA,EAAK;AAC/C,QAAA,OAAO,aAAa,IAAA,EAAK;AAAA,MAC3B;AAGA,MAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA;AAClD,MAAA,MAAM,YAAY,OAAA,CAAQ,EAAA,IAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,iBAAiB,CAAA;AAErE,MAAA,MAAM,OAAA,GAAU;AAAA,QACd,GAAI,SAAA,IAAa,EAAE,SAAA,EAAU;AAAA,QAC7B,GAAI,SAAA,IAAa,EAAE,SAAA,EAAU;AAAA,QAC7B,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,KAAK,OAAA,CAAQ,GAAA;AAAA,QACb,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,SAAA,sBAAe,IAAA;AAAK,OACtB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,OAAO,CAAA;AAG7C,MAAA,IACE,OAAO,OAAA,IACP,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EACpD;AAEA,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,MAAM,cAAA,GAAiB,MAAM,WAAA,CAAY,OAAA,EAAS,MAAM,CAAA;AACxD,UAAA,IAAI,cAAA,EAAgB;AAClB,YAAA,OAAO,cAAA;AAAA,UACT;AAAA,QACF;AAGA,QAAA,QAAQ,eAAA;AAAiB,UACvB,KAAK,OAAA,EAAS;AACZ,YAAA,MAAMA,YAAW,YAAA,CAAa,IAAA;AAAA,cAC5B;AAAA,gBACE,OAAO,eAAA,CAAgB,OAAA;AAAA,gBACvB,QAAA,EAAU,IAAA;AAAA,gBACV,YAAY,MAAA,CAAO,UAAA;AAAA,gBACnB,WAAW,MAAA,CAAO;AAAA,eACpB;AAAA,cACA,EAAE,MAAA,EAAQ,eAAA,CAAgB,MAAA;AAAO,aACnC;AAEA,YAAA,IAAI,gBAAgB,OAAA,EAAS;AAC3B,cAAA,MAAA,CAAO,OAAA,CAAQ,eAAA,CAAgB,OAAO,CAAA,CAAE,OAAA;AAAA,gBACtC,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AAChB,kBAAAA,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,gBACjC;AAAA,eACF;AAAA,YACF;AAGA,YAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAE9C,YAAA,OAAOA,SAAAA;AAAA,UACT;AAAA,UAEA,KAAK,UAAA;AACH,YAAA,OAAO,aAAa,QAAA,CAAS,IAAI,IAAI,WAAA,EAAa,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAEhE,KAAK,SAAA;AACH,YAAA,OAAO,aAAa,OAAA,CAAQ,IAAI,IAAI,UAAA,EAAY,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAE9D,KAAK,KAAA;AACH,YAAA,OAAA,CAAQ,KAAK,6BAAA,EAA+B;AAAA,cAC1C,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,YAAY,MAAA,CAAO,UAAA;AAAA,cACnB,SAAS,MAAA,CAAO,OAAA;AAAA,cAChB,QAAA,EAAU,QAAQ,OAAA,CAAQ;AAAA,aAC3B,CAAA;AACD,YAAA;AAAA,UAEF,KAAK,OAAA;AAAA,UACL;AAEE,YAAA,IAAI,OAAO,OAAA,IAAW,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EAAM;AAC9E,cAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAAA,YAChD;AAEA,YAAA;AAAA;AACJ,MACF;AAGA,MAAC,QAAgB,WAAA,GAAc;AAAA,QAC7B,MAAA;AAAA,QACA,OAAA,EAAS;AAAA,OACX;AAGA,MAAA,MAAM,QAAA,GAAW,aAAa,IAAA,EAAK;AACnC,MAAA,QAAA,CAAS,QAAQ,GAAA,CAAI,wBAAA,EAA0B,MAAA,CAAO,OAAA,CAAQ,UAAU,CAAA;AACxE,MAAA,QAAA,CAAS,OAAA,CAAQ,GAAA;AAAA,QACf,0BAAA;AAAA,QACA,MAAA,CAAO,WAAW,QAAA;AAAS,OAC7B;AAGA,MAAA,IAAI,MAAA,CAAO,eAAe,IAAA,EAAM;AAC9B,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,qBAAA,EAAuB,MAAA,CAAO,cAAc,IAAI,CAAA;AAAA,MACvE;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AACpD,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF;;;ACzJA,IAAI,kBAAA,GAA0B,IAAA;AAC9B,IAAI,cAAA,GAAiB,KAAA;AACrB,IAAI,WAAA,GAAmC,IAAA;AAMhC,SAASC,6BAA4B,MAAA,EAAgC;AAC1E,EAAA,OAAO,eAAe,sBACpB,OAAA,EACuB;AAEvB,IAAA,IAAI,CAAC,kBAAA,EAAoB;AACvB,MAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,QAAA,cAAA,GAAiB,IAAA;AACjB,QAAA,WAAA,GAAA,CAAe,YAAY;AAIzB,UAAA,kBAAA,GAAqB,4BAAqB,MAAM,CAAA;AAChD,UAAA,OAAO,kBAAA;AAAA,QACT,CAAA,GAAG;AAAA,MACL;AAGA,MAAA,IAAI,WAAA,EAAa;AACf,QAAA,kBAAA,GAAqB,MAAM,WAAA;AAAA,MAC7B;AAAA,IACF;AAGA,IAAA,OAAO,kBAAA,GACH,kBAAA,CAAmB,OAAO,CAAA,GAC1BC,aAAa,IAAA,EAAK;AAAA,EACxB,CAAA;AACF;;;AC3BO,IAAM,OAAA,GAAU","file":"index.mjs","sourcesContent":["/**\n * Wrapper for EdgeAgentDetector to match AgentDetector interface\n * This allows the middleware to work with EdgeAgentDetector in Edge Runtime\n *\n * This is a self-contained implementation to avoid import resolution issues\n */\n\ntype DetectionInput = {\n userAgent?: string;\n ip?: string;\n ipAddress?: string;\n headers?: Record<string, string>;\n url?: string;\n method?: string;\n timestamp?: Date;\n};\n\ntype DetectionResult = {\n isAgent: boolean;\n confidence: number;\n detectedAgent?: {\n type: string;\n name: string;\n };\n reasons: string[];\n verificationMethod?: string;\n forgeabilityRisk?: 'low' | 'medium' | 'high';\n timestamp: Date;\n};\n\ntype EventHandler = (...args: any[]) => void;\n\n// Known AI agent patterns\nconst AI_AGENT_PATTERNS = [\n { pattern: /chatgpt-user/i, type: 'chatgpt', name: 'ChatGPT' },\n { pattern: /claude-web/i, type: 'claude', name: 'Claude' },\n { pattern: /perplexitybot/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity-user/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity-ai/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity/i, type: 'perplexity', name: 'Perplexity' }, // Fallback\n { pattern: /bingbot/i, type: 'bing', name: 'Bing AI' },\n { pattern: /anthropic-ai/i, type: 'anthropic', name: 'Anthropic' },\n];\n\n// Known cloud provider IP ranges (simplified)\nconst CLOUD_PROVIDERS = {\n aws: ['54.', '52.', '35.', '18.', '3.'],\n gcp: ['35.', '34.', '104.', '107.', '108.'],\n azure: ['13.', '20.', '40.', '52.', '104.'],\n};\n\n/**\n * Self-contained EdgeAgentDetector implementation\n */\nclass EdgeAgentDetector {\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const reasons: string[] = [];\n let detectedAgent: { type: string; name: string } | undefined;\n let verificationMethod: string | undefined;\n let confidence = 0;\n\n const headers = input.headers || {};\n const normalizedHeaders: Record<string, string> = {};\n\n // Normalize header names to lowercase\n for (const [key, value] of Object.entries(headers)) {\n normalizedHeaders[key.toLowerCase()] = value;\n }\n\n // Check for HTTP Message Signatures (highest confidence)\n const signaturePresent = !!(\n normalizedHeaders['signature'] || normalizedHeaders['signature-input']\n );\n const signatureAgent = normalizedHeaders['signature-agent'];\n\n if (signatureAgent?.includes('chatgpt.com')) {\n confidence = 0.85;\n reasons.push('signature_agent:chatgpt');\n detectedAgent = { type: 'chatgpt', name: 'ChatGPT' };\n verificationMethod = 'signature';\n } else if (signaturePresent) {\n confidence = Math.max(confidence, 0.4);\n reasons.push('signature_present');\n }\n\n // Check User-Agent patterns\n const userAgent = input.userAgent || input.headers?.['user-agent'] || '';\n if (userAgent) {\n for (const { pattern, type, name } of AI_AGENT_PATTERNS) {\n if (pattern.test(userAgent)) {\n confidence = Math.max(confidence, 0.5);\n reasons.push(`known_pattern:${type}`);\n if (!detectedAgent) {\n detectedAgent = { type, name };\n verificationMethod = 'pattern';\n }\n break;\n }\n }\n }\n\n // Check AI-specific headers\n const aiHeaders = [\n 'openai-conversation-id',\n 'openai-ephemeral-user-id',\n 'anthropic-client-id',\n 'x-goog-api-client',\n 'x-ms-copilot-id',\n ];\n\n const foundAiHeaders = aiHeaders.filter(\n header => normalizedHeaders[header]\n );\n if (foundAiHeaders.length > 0) {\n confidence = Math.max(confidence, 0.6);\n reasons.push(`ai_headers:${foundAiHeaders.length}`);\n }\n\n // Check cloud provider IPs\n const ip = input.ip || input.ipAddress;\n if (\n ip &&\n !normalizedHeaders['x-forwarded-for'] &&\n !normalizedHeaders['x-real-ip']\n ) {\n for (const [provider, prefixes] of Object.entries(CLOUD_PROVIDERS)) {\n if (prefixes.some(prefix => ip.startsWith(prefix))) {\n confidence = Math.max(confidence, 0.4);\n reasons.push(`cloud_provider:${provider}`);\n break;\n }\n }\n }\n\n // Boost confidence for combinations\n if (reasons.length > 2) {\n confidence = Math.min(confidence * 1.2, 0.95);\n }\n\n return {\n isAgent: confidence > 0.3,\n confidence,\n ...(detectedAgent && { detectedAgent }),\n reasons,\n ...(verificationMethod && { verificationMethod }),\n forgeabilityRisk: confidence > 0.8 ? 'medium' : 'high',\n timestamp: new Date(),\n };\n }\n}\n\n/**\n * Wrapper that provides event emitter functionality\n */\nexport class EdgeAgentDetectorWrapper {\n private detector: EdgeAgentDetector;\n private events: Map<string, EventHandler[]> = new Map();\n\n constructor(_config?: any) {\n // Config is accepted but not used by EdgeAgentDetector\n this.detector = new EdgeAgentDetector();\n }\n\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const result = await this.detector.analyze(input);\n\n // Emit events if there are listeners\n if (result.isAgent && this.events.has('agent.detected')) {\n const handlers = this.events.get('agent.detected') || [];\n handlers.forEach(handler => handler(result, input));\n }\n\n return result;\n }\n\n on(event: string, handler: EventHandler): void {\n if (!this.events.has(event)) {\n this.events.set(event, []);\n }\n this.events.get(event)!.push(handler);\n }\n\n emit(event: string, ...args: any[]): void {\n const handlers = this.events.get(event) || [];\n handlers.forEach(handler => handler(...args));\n }\n\n async init(): Promise<void> {\n // EdgeAgentDetector doesn't need initialization\n return;\n }\n}\n","/**\n * Next.js middleware for AgentShield\n * \n * Uses edge-safe imports to avoid WASM in Edge Runtime\n */\n\nimport { NextRequest, NextResponse } from 'next/server';\n// Use wrapper for EdgeAgentDetector to match expected interface\nimport { EdgeAgentDetectorWrapper as AgentDetector } from './edge-detector-wrapper';\nimport type { NextJSMiddlewareConfig } from './types';\n\n/**\n * Create AgentShield middleware for Next.js\n */\nexport function createAgentShieldMiddleware(\n config: Partial<NextJSMiddlewareConfig> = {}\n) {\n const detector = new AgentDetector(config);\n \n // Wire up event handlers if provided\n if (config.events) {\n Object.entries(config.events).forEach(([event, handler]) => {\n detector.on(event as any, handler as any);\n });\n }\n\n const {\n onAgentDetected = 'log',\n onDetection,\n skipPaths = [],\n blockedResponse = {\n status: 403,\n message: 'Access denied: Automated agent detected',\n headers: { 'Content-Type': 'application/json' },\n },\n redirectUrl = '/blocked',\n rewriteUrl = '/blocked',\n } = config;\n\n return async (request: NextRequest): Promise<NextResponse> => {\n try {\n // Check if path should be skipped\n const shouldSkip = skipPaths.some(pattern => {\n if (typeof pattern === 'string') {\n return request.nextUrl.pathname.startsWith(pattern);\n }\n return pattern.test(request.nextUrl.pathname);\n });\n\n if (shouldSkip) {\n // Mark as skipped in request\n (request as any).agentShield = { skipped: true };\n return NextResponse.next();\n }\n\n // Prepare request context - ensure all optional fields are properly typed\n const userAgent = request.headers.get('user-agent');\n const ipAddress = request.ip ?? request.headers.get('x-forwarded-for');\n \n const context = {\n ...(userAgent && { userAgent }),\n ...(ipAddress && { ipAddress }),\n headers: Object.fromEntries(request.headers.entries()),\n url: request.url,\n method: request.method,\n timestamp: new Date(),\n };\n\n // Analyze request\n const result = await detector.analyze(context);\n\n // Handle detection result\n if (\n result.isAgent &&\n result.confidence >= (config.confidenceThreshold ?? 0.7)\n ) {\n // Call custom detection handler if provided\n if (onDetection) {\n const customResponse = await onDetection(request, result);\n if (customResponse) {\n return customResponse;\n }\n }\n\n // Handle based on configuration\n switch (onAgentDetected) {\n case 'block': {\n const response = NextResponse.json(\n {\n error: blockedResponse.message,\n detected: true,\n confidence: result.confidence,\n timestamp: result.timestamp,\n },\n { status: blockedResponse.status }\n );\n\n if (blockedResponse.headers) {\n Object.entries(blockedResponse.headers).forEach(\n ([key, value]) => {\n response.headers.set(key, value);\n }\n );\n }\n \n // Emit blocked event\n detector.emit('agent.blocked', result, context);\n\n return response;\n }\n\n case 'redirect':\n return NextResponse.redirect(new URL(redirectUrl, request.url));\n\n case 'rewrite':\n return NextResponse.rewrite(new URL(rewriteUrl, request.url));\n\n case 'log':\n console.warn('AgentShield: Agent detected', {\n ipAddress: context.ipAddress,\n userAgent: context.userAgent,\n confidence: result.confidence,\n reasons: result.reasons,\n pathname: request.nextUrl.pathname,\n });\n break;\n\n case 'allow':\n default:\n // Emit allowed event for high-confidence agents\n if (result.isAgent && result.confidence >= (config.confidenceThreshold ?? 0.7)) {\n detector.emit('agent.allowed', result, context);\n }\n // Continue processing\n break;\n }\n }\n\n // Add detection result to request for API routes\n (request as any).agentShield = {\n result,\n skipped: false,\n };\n\n // Add detection result to response headers for debugging\n const response = NextResponse.next();\n response.headers.set('x-agentshield-detected', result.isAgent.toString());\n response.headers.set(\n 'x-agentshield-confidence',\n result.confidence.toString()\n );\n \n // Add agent name if detected\n if (result.detectedAgent?.name) {\n response.headers.set('x-agentshield-agent', result.detectedAgent.name);\n }\n\n return response;\n } catch (error) {\n console.error('AgentShield middleware error:', error);\n return NextResponse.next(); // Continue on error\n }\n };\n}\n\n/**\n * Convenience function for basic setup\n */\nexport function agentShield(config: Partial<NextJSMiddlewareConfig> = {}) {\n return createAgentShieldMiddleware(config);\n}\n","/**\n * Enhanced middleware creator for Edge Runtime\n * Uses EdgeAgentDetector which doesn't require WASM\n */\n\nimport { NextResponse } from 'next/server';\nimport type { NextRequest } from 'next/server';\nimport { createAgentShieldMiddleware as createBaseMiddleware } from './middleware';\nimport type { NextJSMiddlewareConfig } from './types';\n\nlet middlewareInstance: any = null;\nlet isInitializing = false;\nlet initPromise: Promise<any> | null = null;\n\n/**\n * Create an AgentShield middleware with automatic WASM initialization\n * This version handles initialization internally to avoid top-level await\n */\nexport function createAgentShieldMiddleware(config: NextJSMiddlewareConfig) {\n return async function agentShieldMiddleware(\n request: NextRequest\n ): Promise<NextResponse> {\n // Initialize middleware on first request (no WASM needed in Edge Runtime)\n if (!middlewareInstance) {\n if (!isInitializing) {\n isInitializing = true;\n initPromise = (async () => {\n // No WASM initialization needed - EdgeAgentDetector works without it\n\n // Create the actual middleware instance\n middlewareInstance = createBaseMiddleware(config);\n return middlewareInstance;\n })();\n }\n\n // Wait for initialization to complete\n if (initPromise) {\n middlewareInstance = await initPromise;\n }\n }\n\n // Run the middleware\n return middlewareInstance\n ? middlewareInstance(request)\n : NextResponse.next();\n };\n}\n\n/**\n * Export the original function as well for backward compatibility\n */\nexport { createAgentShieldMiddleware as createMiddleware };\n","/**\n * @fileoverview AgentShield Next.js Integration\n * @version 0.1.0\n * @license MIT OR Apache-2.0\n */\n\n// Export the enhanced middleware that handles initialization internally\nexport { createAgentShieldMiddleware, createMiddleware } from './create-middleware';\n\n// Also export original middleware for advanced users\nexport { createAgentShieldMiddleware as createAgentShieldMiddlewareBase } from './middleware';\n\nexport * from './types';\n// Hooks are not exported from main entry - they're client-only\n// If someone needs hooks, they should import from '@kya-os/agentshield-nextjs/hooks'\n\n/**\n * Library version\n */\nexport const VERSION = '0.1.0';\n"]}
1
+ {"version":3,"sources":["../src/edge-detector-wrapper.ts","../src/session-tracker.ts","../src/middleware.ts","../src/create-middleware.ts","../src/index.ts"],"names":["response","context","createAgentShieldMiddleware","NextResponse"],"mappings":";;;;;AAiCA,IAAM,iBAAA,GAAoB;AAAA,EACxB,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,SAAA,EAAW,MAAM,SAAA,EAAU;AAAA,EAC7D,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,QAAA,EAAU,MAAM,QAAA,EAAS;AAAA,EACzD,EAAE,OAAA,EAAS,gBAAA,EAAkB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACpE,EAAE,OAAA,EAAS,kBAAA,EAAoB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACtE,EAAE,OAAA,EAAS,gBAAA,EAAkB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACpE,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA;AAAA,EACjE,EAAE,OAAA,EAAS,UAAA,EAAY,IAAA,EAAM,MAAA,EAAQ,MAAM,SAAA,EAAU;AAAA,EACrD,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,WAAA,EAAa,MAAM,WAAA;AACvD,CAAA;AAGA,IAAM,eAAA,GAAkB;AAAA,EACtB,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,IAAI,CAAA;AAAA,EACtC,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,QAAQ,MAAM,CAAA;AAAA,EAC1C,OAAO,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,MAAM;AAC5C,CAAA;AAKA,IAAM,oBAAN,MAAwB;AAAA,EACtB,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,IAAI,aAAA;AACJ,IAAA,IAAI,kBAAA;AACJ,IAAA,IAAI,UAAA,GAAa,CAAA;AAEjB,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,OAAA,IAAW,EAAC;AAClC,IAAA,MAAM,oBAA4C,EAAC;AAGnD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,MAAA,iBAAA,CAAkB,GAAA,CAAI,WAAA,EAAa,CAAA,GAAI,KAAA;AAAA,IACzC;AAGA,IAAA,MAAM,mBAAmB,CAAC,EACxB,kBAAkB,WAAW,CAAA,IAAK,kBAAkB,iBAAiB,CAAA,CAAA;AAEvE,IAAA,MAAM,cAAA,GAAiB,kBAAkB,iBAAiB,CAAA;AAE1D,IAAA,IAAI,cAAA,EAAgB,QAAA,CAAS,aAAa,CAAA,EAAG;AAC3C,MAAA,UAAA,GAAa,IAAA;AACb,MAAA,OAAA,CAAQ,KAAK,yBAAyB,CAAA;AACtC,MAAA,aAAA,GAAgB,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,SAAA,EAAU;AACnD,MAAA,kBAAA,GAAqB,WAAA;AAAA,IACvB,WAAW,gBAAA,EAAkB;AAC3B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,KAAK,mBAAmB,CAAA;AAAA,IAClC;AAGA,IAAA,MAAM,YAAY,KAAA,CAAM,SAAA,IAAa,KAAA,CAAM,OAAA,GAAU,YAAY,CAAA,IAAK,EAAA;AACtE,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,KAAA,MAAW,EAAE,OAAA,EAAS,IAAA,EAAM,IAAA,MAAU,iBAAA,EAAmB;AACvD,QAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA,EAAG;AAE3B,UAAA,MAAM,oBAAA,GAAuB;AAAA,YAC3B,SAAA;AAAA,YACA,QAAA;AAAA,YACA,YAAA;AAAA,YACA;AAAA,WACF;AACA,UAAA,MAAM,iBAAA,GAAoB,oBAAA,CAAqB,QAAA,CAAS,IAAI,IACxD,IAAA,GACA,GAAA;AAEJ,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,iBAAiB,CAAA;AACnD,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,cAAA,EAAiB,IAAI,CAAA,CAAE,CAAA;AACpC,UAAA,IAAI,CAAC,aAAA,EAAe;AAClB,YAAA,aAAA,GAAgB,EAAE,MAAM,IAAA,EAAK;AAC7B,YAAA,kBAAA,GAAqB,SAAA;AAAA,UACvB;AACA,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,MAAM,SAAA,GAAY;AAAA,MAChB,wBAAA;AAAA,MACA,0BAAA;AAAA,MACA,qBAAA;AAAA,MACA,mBAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,iBAAiB,SAAA,CAAU,MAAA;AAAA,MAC/B,CAAA,MAAA,KAAU,kBAAkB,MAAM;AAAA,KACpC;AACA,IAAA,IAAI,cAAA,CAAe,SAAS,CAAA,EAAG;AAC7B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,WAAA,EAAc,cAAA,CAAe,MAAM,CAAA,CAAE,CAAA;AAAA,IACpD;AAGA,IAAA,MAAM,EAAA,GAAK,KAAA,CAAM,EAAA,IAAM,KAAA,CAAM,SAAA;AAC7B,IAAA,IACE,EAAA,IACA,CAAC,iBAAA,CAAkB,iBAAiB,KACpC,CAAC,iBAAA,CAAkB,WAAW,CAAA,EAC9B;AACA,MAAA,KAAA,MAAW,CAAC,QAAA,EAAU,QAAQ,KAAK,MAAA,CAAO,OAAA,CAAQ,eAAe,CAAA,EAAG;AAClE,QAAA,IAAI,SAAS,IAAA,CAAK,CAAA,MAAA,KAAU,GAAG,UAAA,CAAW,MAAM,CAAC,CAAA,EAAG;AAClD,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,eAAA,EAAkB,QAAQ,CAAA,CAAE,CAAA;AACzC,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,GAAa,GAAA,EAAK,IAAI,CAAA;AAAA,IAC9C;AAEA,IAAA,OAAO;AAAA,MACL,SAAS,UAAA,GAAa,GAAA;AAAA,MACtB,UAAA;AAAA,MACA,GAAI,aAAA,IAAiB,EAAE,aAAA,EAAc;AAAA,MACrC,OAAA;AAAA,MACA,GAAI,kBAAA,IAAsB,EAAE,kBAAA,EAAmB;AAAA,MAC/C,gBAAA,EAAkB,UAAA,GAAa,GAAA,GAAM,QAAA,GAAW,MAAA;AAAA,MAChD,SAAA,sBAAe,IAAA;AAAK,KACtB;AAAA,EACF;AACF,CAAA;AAKO,IAAM,2BAAN,MAA+B;AAAA,EAC5B,QAAA;AAAA,EACA,MAAA,uBAA0C,GAAA,EAAI;AAAA,EAEtD,YAAY,OAAA,EAAe;AAEzB,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,iBAAA,EAAkB;AAAA,EACxC;AAAA,EAEA,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,QAAA,CAAS,QAAQ,KAAK,CAAA;AAGhD,IAAA,IAAI,OAAO,OAAA,IAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,KAAK,EAAC;AACvD,MAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,MAAA,EAAQ,KAAK,CAAC,CAAA;AAAA,IACpD;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,EAAA,CAAG,OAAe,OAAA,EAA6B;AAC7C,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,EAAG;AAC3B,MAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAA,EAAO,EAAE,CAAA;AAAA,IAC3B;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,CAAG,KAAK,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,IAAA,CAAK,UAAkB,IAAA,EAAmB;AACxC,IAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,KAAK,EAAC;AAC5C,IAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,GAAG,IAAI,CAAC,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,IAAA,GAAsB;AAE1B,IAAA;AAAA,EACF;AACF,CAAA;;;ACnLO,IAAM,qBAAN,MAAyB;AAAA,EACb,MAAA;AAAA,EAEjB,YAAY,MAAA,EAA+B;AACzC,IAAA,IAAA,CAAK,MAAA,GAAS;AAAA,MACZ,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,UAAA,EAAY,OAAO,UAAA,IAAc,uBAAA;AAAA,MACjC,YAAA,EAAc,OAAO,YAAA,IAAgB,IAAA;AAAA;AAAA,MACrC,aAAA,EACE,MAAA,CAAO,aAAA,IACP,OAAA,CAAQ,IAAI,kBAAA,IACZ;AAAA,KACJ;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,KAAA,CACJ,QAAA,EACA,QAAA,EACA,MAAA,EACuB;AACvB,IAAA,IAAI;AACF,MAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,OAAA,IAAW,CAAC,OAAO,OAAA,EAAS;AAC3C,QAAA,OAAO,QAAA;AAAA,MACT;AAEA,MAAA,MAAM,WAAA,GAA2B;AAAA,QAC/B,EAAA,EAAI,OAAO,UAAA,EAAW;AAAA,QACtB,KAAA,EAAO,MAAA,CAAO,aAAA,EAAe,IAAA,IAAQ,SAAA;AAAA,QACrC,YAAY,MAAA,CAAO,UAAA;AAAA,QACnB,UAAA,EAAY,KAAK,GAAA,EAAI;AAAA,QACrB,SAAS,IAAA,CAAK,GAAA,EAAI,GAAI,IAAA,CAAK,OAAO,YAAA,GAAe;AAAA,OACnD;AAGA,MAAA,MAAM,YAAY,MAAM,IAAA,CAAK,QAAQ,IAAA,CAAK,SAAA,CAAU,WAAW,CAAC,CAAA;AAGhE,MAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,IAAA,CAAK,MAAA,CAAO,YAAY,SAAA,EAAW;AAAA,QACtD,QAAA,EAAU,IAAA;AAAA,QACV,MAAA,EAAQ,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA;AAAA,QACjC,QAAA,EAAU,KAAA;AAAA,QACV,MAAA,EAAQ,KAAK,MAAA,CAAO,YAAA;AAAA,QACpB,IAAA,EAAM;AAAA,OACP,CAAA;AAED,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AAEd,MAAA,IAAI,OAAA,CAAQ,IAAI,iBAAA,EAAmB;AACjC,QAAA,OAAA,CAAQ,IAAA,CAAK,yCAAyC,KAAK,CAAA;AAAA,MAC7D;AACA,MAAA,OAAO,QAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,MAAM,OAAA,EAAmD;AAC7D,IAAA,IAAI;AACF,MAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,OAAA,EAAS;AACxB,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,MAAM,SAAS,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,IAAA,CAAK,OAAO,UAAU,CAAA;AACzD,MAAA,IAAI,CAAC,QAAQ,KAAA,EAAO;AAClB,QAAA,OAAO,IAAA;AAAA,MACT;AAGA,MAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,OAAA,CAAQ,OAAO,KAAK,CAAA;AACjD,MAAA,MAAM,OAAA,GAAuB,IAAA,CAAK,KAAA,CAAM,SAAS,CAAA;AAGjD,MAAA,IAAI,OAAA,CAAQ,OAAA,GAAU,IAAA,CAAK,GAAA,EAAI,EAAG;AAChC,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,OAAO,OAAA;AAAA,IACT,SAAS,KAAA,EAAO;AAEd,MAAA,IAAI,OAAA,CAAQ,IAAI,iBAAA,EAAmB;AACjC,QAAA,OAAA,CAAQ,IAAA,CAAK,yCAAyC,KAAK,CAAA;AAAA,MAC7D;AACA,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAA,EAAsC;AAC1C,IAAA,IAAI;AACF,MAAA,QAAA,CAAS,OAAA,CAAQ,MAAA,CAAO,IAAA,CAAK,MAAA,CAAO,UAAU,CAAA;AAAA,IAChD,SAAS,KAAA,EAAO;AAEd,MAAA,IAAI,OAAA,CAAQ,IAAI,iBAAA,EAAmB;AACjC,QAAA,OAAA,CAAQ,IAAA,CAAK,yCAAyC,KAAK,CAAA;AAAA,MAC7D;AAAA,IACF;AACA,IAAA,OAAO,QAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,QAAQ,IAAA,EAA+B;AACnD,IAAA,IAAI;AAGF,MAAA,MAAM,GAAA,GAAM,KAAK,MAAA,CAAO,aAAA;AACxB,MAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY,CAAE,OAAO,IAAI,CAAA;AAG7C,MAAA,MAAM,UAAA,GAAa,IAAI,UAAA,CAAW,OAAA,CAAQ,MAAM,CAAA;AAChD,MAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,OAAA,CAAQ,QAAQ,CAAA,EAAA,EAAK;AACvC,QAAA,UAAA,CAAW,CAAC,CAAA,GAAA,CAAK,OAAA,CAAQ,CAAC,CAAA,IAAK,KAAK,GAAA,CAAI,UAAA,CAAW,CAAA,GAAI,GAAA,CAAI,MAAM,CAAA;AAAA,MACnE;AAGA,MAAA,OAAO,IAAA;AAAA,QACL,KAAA,CAAM,IAAA,CAAK,UAAA,EAAY,CAAA,IAAA,KAAQ,MAAA,CAAO,aAAa,IAAI,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE;AAAA,OACnE;AAAA,IACF,SAAS,KAAA,EAAO;AAEd,MAAA,OAAO,KAAK,IAAI,CAAA;AAAA,IAClB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,QAAQ,IAAA,EAA+B;AACnD,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,KAAK,MAAA,CAAO,aAAA;AACxB,MAAA,MAAM,OAAA,GAAU,UAAA,CAAW,IAAA,CAAK,IAAA,CAAK,IAAI,GAAG,CAAA,CAAA,KAAK,CAAA,CAAE,UAAA,CAAW,CAAC,CAAC,CAAA;AAGhE,MAAA,MAAM,YAAA,GAAe,IAAI,UAAA,CAAW,OAAA,CAAQ,MAAM,CAAA;AAClD,MAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,OAAA,CAAQ,QAAQ,CAAA,EAAA,EAAK;AACvC,QAAA,YAAA,CAAa,CAAC,CAAA,GAAA,CAAK,OAAA,CAAQ,CAAC,CAAA,IAAK,KAAK,GAAA,CAAI,UAAA,CAAW,CAAA,GAAI,GAAA,CAAI,MAAM,CAAA;AAAA,MACrE;AAEA,MAAA,OAAO,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,YAAY,CAAA;AAAA,IAC9C,SAAS,KAAA,EAAO;AAEd,MAAA,OAAO,KAAK,IAAI,CAAA;AAAA,IAClB;AAAA,EACF;AACF;AAMO,IAAM,0BAAN,MAA8B;AAAA,EACnC,OAAO,MAAM,OAAA,EAAqD;AAChE,IAAA,IAAI;AAEF,MAAA,MAAM,KAAA,GAAQ,QAAQ,6BAA6B,CAAA;AACnD,MAAA,MAAM,UAAA,GAAa,QAAQ,kCAAkC,CAAA;AAC7D,MAAA,MAAM,SAAA,GAAY,QAAQ,0BAA0B,CAAA;AAEpD,MAAA,IAAI,KAAA,IAAS,cAAc,SAAA,EAAW;AACpC,QAAA,OAAO;AAAA,UACL,EAAA,EAAI,SAAA;AAAA,UACJ,KAAA;AAAA,UACA,UAAA,EAAY,WAAW,UAAU,CAAA;AAAA,UACjC,UAAA,EAAY,KAAK,GAAA,EAAI;AAAA,UACrB,OAAA,EAAS,IAAA,CAAK,GAAA,EAAI,GAAI;AAAA;AAAA,SACxB;AAAA,MACF;AAGA,MAAA,MAAM,YAAA,GAAe,QAAQ,QAAQ,CAAA;AACrC,MAAA,IAAI,YAAA,IAAgB,YAAA,CAAa,QAAA,CAAS,wBAAwB,CAAA,EAAG;AAEnE,QAAA,MAAM,KAAA,GAAQ,YAAA,CAAa,KAAA,CAAM,+BAA+B,CAAA;AAChE,QAAA,IAAI,KAAA,IAAS,KAAA,CAAM,CAAC,CAAA,EAAG;AACrB,UAAA,IAAI;AACF,YAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,CAAM,CAAC,CAAC,CAAA;AAC7B,YAAA,OAAO,IAAA,CAAK,MAAM,OAAO,CAAA;AAAA,UAC3B,CAAA,CAAA,MAAQ;AAAA,UAER;AAAA,QACF;AAAA,MACF;AAEA,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,OAAO,UAAA,CAAW,QAAA,EAAe,OAAA,EAA4B;AAC3D,IAAA,IAAI;AAEF,MAAA,IAAI,SAAS,SAAA,EAAW;AACtB,QAAA,QAAA,CAAS,SAAA,CAAU,6BAAA,EAA+B,OAAA,CAAQ,KAAK,CAAA;AAC/D,QAAA,QAAA,CAAS,SAAA;AAAA,UACP,kCAAA;AAAA,UACA,OAAA,CAAQ,WAAW,QAAA;AAAS,SAC9B;AACA,QAAA,QAAA,CAAS,SAAA,CAAU,0BAAA,EAA4B,OAAA,CAAQ,EAAE,CAAA;AAAA,MAC3D,CAAA,MAAA,IAAW,QAAA,CAAS,OAAA,IAAW,QAAA,CAAS,QAAQ,GAAA,EAAK;AACnD,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,6BAAA,EAA+B,OAAA,CAAQ,KAAK,CAAA;AACjE,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA;AAAA,UACf,kCAAA;AAAA,UACA,OAAA,CAAQ,WAAW,QAAA;AAAS,SAC9B;AACA,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,0BAAA,EAA4B,OAAA,CAAQ,EAAE,CAAA;AAAA,MAC7D;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AACF;;;ACnOO,SAAS,2BAAA,CACd,MAAA,GAA0C,EAAC,EAC3C;AACA,EAAA,MAAM,QAAA,GAAW,IAAI,wBAAA,CAAc,MAAM,CAAA;AAGzC,EAAA,MAAM,iBACJ,MAAA,CAAO,eAAA,EAAiB,WAAW,MAAA,CAAO,UAAA,GACtC,IAAI,kBAAA,CAAmB;AAAA,IACrB,OAAA,EAAS,IAAA;AAAA,IACT,GAAG,MAAA,CAAO;AAAA,GACX,CAAA,GACD,IAAA;AAGN,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,MAAA,CAAO,OAAA,CAAQ,OAAO,MAAM,CAAA,CAAE,QAAQ,CAAC,CAAC,KAAA,EAAO,OAAO,CAAA,KAAM;AAC1D,MAAA,QAAA,CAAS,EAAA,CAAG,OAAc,OAAc,CAAA;AAAA,IAC1C,CAAC,CAAA;AAAA,EACH;AAEA,EAAA,MAAM;AAAA,IACJ,eAAA,GAAkB,KAAA;AAAA,IAClB,WAAA;AAAA,IACA,YAAY,EAAC;AAAA,IACb,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,yCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA,WAAA,GAAc,UAAA;AAAA,IACd,UAAA,GAAa;AAAA,GACf,GAAI,MAAA;AAEJ,EAAA,OAAO,OAAO,OAAA,KAAgD;AAC5D,IAAA,IAAI;AAEF,MAAA,MAAM,UAAA,GAAa,SAAA,CAAU,IAAA,CAAK,CAAA,OAAA,KAAW;AAC3C,QAAA,IAAI,OAAO,YAAY,QAAA,EAAU;AAC/B,UAAA,OAAO,OAAA,CAAQ,OAAA,CAAQ,QAAA,CAAS,UAAA,CAAW,OAAO,CAAA;AAAA,QACpD;AACA,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,QAAQ,CAAA;AAAA,MAC9C,CAAC,CAAA;AAED,MAAA,IAAI,UAAA,EAAY;AAEd,QAAC,OAAA,CAAgB,WAAA,GAAc,EAAE,OAAA,EAAS,IAAA,EAAK;AAC/C,QAAA,OAAO,aAAa,IAAA,EAAK;AAAA,MAC3B;AAGA,MAAA,MAAM,kBAAkB,cAAA,GACpB,MAAM,cAAA,CAAe,KAAA,CAAM,OAAO,CAAA,GAClC,IAAA;AAEJ,MAAA,IAAI,eAAA,EAAiB;AAEnB,QAAA,MAAMA,SAAAA,GAAW,aAAa,IAAA,EAAK;AAGnC,QAAAA,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,wBAAA,EAA0B,MAAM,CAAA;AACrD,QAAAA,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,qBAAA,EAAuB,gBAAgB,KAAK,CAAA;AACjE,QAAAA,UAAS,OAAA,CAAQ,GAAA;AAAA,UACf,0BAAA;AAAA,UACA,eAAA,CAAgB,WAAW,QAAA;AAAS,SACtC;AACA,QAAAA,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,uBAAA,EAAyB,WAAW,CAAA;AACzD,QAAAA,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,0BAAA,EAA4B,gBAAgB,EAAE,CAAA;AAGnE,QAAC,QAAgB,WAAA,GAAc;AAAA,UAC7B,MAAA,EAAQ;AAAA,YACN,OAAA,EAAS,IAAA;AAAA,YACT,YAAY,eAAA,CAAgB,UAAA;AAAA,YAC5B,aAAA,EAAe,EAAE,IAAA,EAAM,eAAA,CAAgB,KAAA,EAAM;AAAA,YAC7C,SAAA,sBAAe,IAAA,EAAK;AAAA,YACpB,kBAAA,EAAoB;AAAA,WACtB;AAAA,UACA,OAAA,EAAS,eAAA;AAAA,UACT,OAAA,EAAS;AAAA,SACX;AAGA,QAAA,MAAMC,QAAAA,GAAU;AAAA,UACd,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,IAAK,EAAA;AAAA,UAChD,YACG,OAAA,CAAQ,EAAA,IAAM,QAAQ,OAAA,CAAQ,GAAA,CAAI,iBAAiB,CAAA,KAAM,EAAA;AAAA,UAC5D,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,UACrD,KAAK,OAAA,CAAQ,GAAA;AAAA,UACb,QAAQ,OAAA,CAAQ,MAAA;AAAA,UAChB,SAAA,sBAAe,IAAA;AAAK,SACtB;AAEA,QAAA,QAAA,CAAS,IAAA,CAAK,yBAAA,EAA2B,eAAA,EAAiBA,QAAO,CAAA;AAEjE,QAAA,OAAOD,SAAAA;AAAA,MACT;AAGA,MAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA;AAClD,MAAA,MAAM,YAAY,OAAA,CAAQ,EAAA,IAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,iBAAiB,CAAA;AAErE,MAAA,MAAM,OAAA,GAAU;AAAA,QACd,GAAI,SAAA,IAAa,EAAE,SAAA,EAAU;AAAA,QAC7B,GAAI,SAAA,IAAa,EAAE,SAAA,EAAU;AAAA,QAC7B,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,KAAK,OAAA,CAAQ,GAAA;AAAA,QACb,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,SAAA,sBAAe,IAAA;AAAK,OACtB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,OAAO,CAAA;AAG7C,MAAA,IACE,OAAO,OAAA,IACP,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EACpD;AAEA,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,MAAM,cAAA,GAAiB,MAAM,WAAA,CAAY,OAAA,EAAS,MAAM,CAAA;AACxD,UAAA,IAAI,cAAA,EAAgB;AAClB,YAAA,OAAO,cAAA;AAAA,UACT;AAAA,QACF;AAGA,QAAA,QAAQ,eAAA;AAAiB,UACvB,KAAK,OAAA,EAAS;AACZ,YAAA,MAAMA,YAAW,YAAA,CAAa,IAAA;AAAA,cAC5B;AAAA,gBACE,OAAO,eAAA,CAAgB,OAAA;AAAA,gBACvB,QAAA,EAAU,IAAA;AAAA,gBACV,YAAY,MAAA,CAAO,UAAA;AAAA,gBACnB,WAAW,MAAA,CAAO;AAAA,eACpB;AAAA,cACA,EAAE,MAAA,EAAQ,eAAA,CAAgB,MAAA;AAAO,aACnC;AAEA,YAAA,IAAI,gBAAgB,OAAA,EAAS;AAC3B,cAAA,MAAA,CAAO,OAAA,CAAQ,eAAA,CAAgB,OAAO,CAAA,CAAE,OAAA;AAAA,gBACtC,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AAChB,kBAAAA,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,gBACjC;AAAA,eACF;AAAA,YACF;AAGA,YAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAE9C,YAAA,OAAOA,SAAAA;AAAA,UACT;AAAA,UAEA,KAAK,UAAA;AACH,YAAA,OAAO,aAAa,QAAA,CAAS,IAAI,IAAI,WAAA,EAAa,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAEhE,KAAK,SAAA;AACH,YAAA,OAAO,aAAa,OAAA,CAAQ,IAAI,IAAI,UAAA,EAAY,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAE9D,KAAK,KAAA;AACH,YAAA,OAAA,CAAQ,KAAK,6BAAA,EAA+B;AAAA,cAC1C,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,WAAW,OAAA,CAAQ,SAAA;AAAA,cACnB,YAAY,MAAA,CAAO,UAAA;AAAA,cACnB,SAAS,MAAA,CAAO,OAAA;AAAA,cAChB,QAAA,EAAU,QAAQ,OAAA,CAAQ;AAAA,aAC3B,CAAA;AACD,YAAA;AAAA,UAEF,KAAK,OAAA;AAAA,UACL;AAEE,YAAA,IACE,OAAO,OAAA,IACP,MAAA,CAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EACpD;AACA,cAAA,QAAA,CAAS,IAAA,CAAK,eAAA,EAAiB,MAAA,EAAQ,OAAO,CAAA;AAAA,YAChD;AAEA,YAAA;AAAA;AACJ,MACF;AAGA,MAAC,QAAgB,WAAA,GAAc;AAAA,QAC7B,MAAA;AAAA,QACA,OAAA,EAAS;AAAA,OACX;AAGA,MAAA,IAAI,QAAA,GAAW,aAAa,IAAA,EAAK;AACjC,MAAA,QAAA,CAAS,QAAQ,GAAA,CAAI,wBAAA,EAA0B,MAAA,CAAO,OAAA,CAAQ,UAAU,CAAA;AACxE,MAAA,QAAA,CAAS,OAAA,CAAQ,GAAA;AAAA,QACf,0BAAA;AAAA,QACA,MAAA,CAAO,WAAW,QAAA;AAAS,OAC7B;AAGA,MAAA,IAAI,MAAA,CAAO,eAAe,IAAA,EAAM;AAC9B,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,qBAAA,EAAuB,MAAA,CAAO,cAAc,IAAI,CAAA;AAAA,MACvE;AAGA,MAAA,IACE,kBACA,MAAA,CAAO,OAAA,IACP,OAAO,UAAA,KAAe,MAAA,CAAO,uBAAuB,GAAA,CAAA,EACpD;AACA,QAAA,QAAA,GAAW,MAAM,cAAA,CAAe,KAAA,CAAM,OAAA,EAAS,UAAU,MAAM,CAAA;AAC/D,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,uBAAA,EAAyB,KAAK,CAAA;AAGnD,QAAA,QAAA,CAAS,IAAA,CAAK,uBAAA,EAAyB,MAAA,EAAQ,OAAO,CAAA;AAAA,MACxD;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AACpD,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF;;;ACnOA,IAAI,kBAAA,GAA0B,IAAA;AAC9B,IAAI,cAAA,GAAiB,KAAA;AACrB,IAAI,WAAA,GAAmC,IAAA;AAMhC,SAASE,6BAA4B,MAAA,EAAgC;AAC1E,EAAA,OAAO,eAAe,sBACpB,OAAA,EACuB;AAEvB,IAAA,IAAI,CAAC,kBAAA,EAAoB;AACvB,MAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,QAAA,cAAA,GAAiB,IAAA;AACjB,QAAA,WAAA,GAAA,CAAe,YAAY;AAIzB,UAAA,kBAAA,GAAqB,4BAAqB,MAAM,CAAA;AAChD,UAAA,OAAO,kBAAA;AAAA,QACT,CAAA,GAAG;AAAA,MACL;AAGA,MAAA,IAAI,WAAA,EAAa;AACf,QAAA,kBAAA,GAAqB,MAAM,WAAA;AAAA,MAC7B;AAAA,IACF;AAGA,IAAA,OAAO,kBAAA,GACH,kBAAA,CAAmB,OAAO,CAAA,GAC1BC,aAAa,IAAA,EAAK;AAAA,EACxB,CAAA;AACF;;;ACpBO,IAAM,OAAA,GAAU","file":"index.mjs","sourcesContent":["/**\n * Wrapper for EdgeAgentDetector to match AgentDetector interface\n * This allows the middleware to work with EdgeAgentDetector in Edge Runtime\n *\n * This is a self-contained implementation to avoid import resolution issues\n */\n\ntype DetectionInput = {\n userAgent?: string;\n ip?: string;\n ipAddress?: string;\n headers?: Record<string, string>;\n url?: string;\n method?: string;\n timestamp?: Date;\n};\n\ntype DetectionResult = {\n isAgent: boolean;\n confidence: number;\n detectedAgent?: {\n type: string;\n name: string;\n };\n reasons: string[];\n verificationMethod?: string;\n forgeabilityRisk?: 'low' | 'medium' | 'high';\n timestamp: Date;\n};\n\ntype EventHandler = (...args: any[]) => void;\n\n// Known AI agent patterns\nconst AI_AGENT_PATTERNS = [\n { pattern: /chatgpt-user/i, type: 'chatgpt', name: 'ChatGPT' },\n { pattern: /claude-web/i, type: 'claude', name: 'Claude' },\n { pattern: /perplexitybot/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity-user/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity-ai/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity/i, type: 'perplexity', name: 'Perplexity' }, // Fallback\n { pattern: /bingbot/i, type: 'bing', name: 'Bing AI' },\n { pattern: /anthropic-ai/i, type: 'anthropic', name: 'Anthropic' },\n];\n\n// Known cloud provider IP ranges (simplified)\nconst CLOUD_PROVIDERS = {\n aws: ['54.', '52.', '35.', '18.', '3.'],\n gcp: ['35.', '34.', '104.', '107.', '108.'],\n azure: ['13.', '20.', '40.', '52.', '104.'],\n};\n\n/**\n * Self-contained EdgeAgentDetector implementation\n */\nclass EdgeAgentDetector {\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const reasons: string[] = [];\n let detectedAgent: { type: string; name: string } | undefined;\n let verificationMethod: string | undefined;\n let confidence = 0;\n\n const headers = input.headers || {};\n const normalizedHeaders: Record<string, string> = {};\n\n // Normalize header names to lowercase\n for (const [key, value] of Object.entries(headers)) {\n normalizedHeaders[key.toLowerCase()] = value;\n }\n\n // Check for HTTP Message Signatures (highest confidence)\n const signaturePresent = !!(\n normalizedHeaders['signature'] || normalizedHeaders['signature-input']\n );\n const signatureAgent = normalizedHeaders['signature-agent'];\n\n if (signatureAgent?.includes('chatgpt.com')) {\n confidence = 0.85;\n reasons.push('signature_agent:chatgpt');\n detectedAgent = { type: 'chatgpt', name: 'ChatGPT' };\n verificationMethod = 'signature';\n } else if (signaturePresent) {\n confidence = Math.max(confidence, 0.4);\n reasons.push('signature_present');\n }\n\n // Check User-Agent patterns\n const userAgent = input.userAgent || input.headers?.['user-agent'] || '';\n if (userAgent) {\n for (const { pattern, type, name } of AI_AGENT_PATTERNS) {\n if (pattern.test(userAgent)) {\n // Give higher confidence to well-known AI agents that properly identify themselves\n const highConfidenceAgents = [\n 'chatgpt',\n 'claude',\n 'perplexity',\n 'anthropic',\n ];\n const patternConfidence = highConfidenceAgents.includes(type)\n ? 0.85\n : 0.5;\n\n confidence = Math.max(confidence, patternConfidence);\n reasons.push(`known_pattern:${type}`);\n if (!detectedAgent) {\n detectedAgent = { type, name };\n verificationMethod = 'pattern';\n }\n break;\n }\n }\n }\n\n // Check AI-specific headers\n const aiHeaders = [\n 'openai-conversation-id',\n 'openai-ephemeral-user-id',\n 'anthropic-client-id',\n 'x-goog-api-client',\n 'x-ms-copilot-id',\n ];\n\n const foundAiHeaders = aiHeaders.filter(\n header => normalizedHeaders[header]\n );\n if (foundAiHeaders.length > 0) {\n confidence = Math.max(confidence, 0.6);\n reasons.push(`ai_headers:${foundAiHeaders.length}`);\n }\n\n // Check cloud provider IPs\n const ip = input.ip || input.ipAddress;\n if (\n ip &&\n !normalizedHeaders['x-forwarded-for'] &&\n !normalizedHeaders['x-real-ip']\n ) {\n for (const [provider, prefixes] of Object.entries(CLOUD_PROVIDERS)) {\n if (prefixes.some(prefix => ip.startsWith(prefix))) {\n confidence = Math.max(confidence, 0.4);\n reasons.push(`cloud_provider:${provider}`);\n break;\n }\n }\n }\n\n // Boost confidence for combinations\n if (reasons.length > 2) {\n confidence = Math.min(confidence * 1.2, 0.95);\n }\n\n return {\n isAgent: confidence > 0.3,\n confidence,\n ...(detectedAgent && { detectedAgent }),\n reasons,\n ...(verificationMethod && { verificationMethod }),\n forgeabilityRisk: confidence > 0.8 ? 'medium' : 'high',\n timestamp: new Date(),\n };\n }\n}\n\n/**\n * Wrapper that provides event emitter functionality\n */\nexport class EdgeAgentDetectorWrapper {\n private detector: EdgeAgentDetector;\n private events: Map<string, EventHandler[]> = new Map();\n\n constructor(_config?: any) {\n // Config is accepted but not used by EdgeAgentDetector\n this.detector = new EdgeAgentDetector();\n }\n\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const result = await this.detector.analyze(input);\n\n // Emit events if there are listeners\n if (result.isAgent && this.events.has('agent.detected')) {\n const handlers = this.events.get('agent.detected') || [];\n handlers.forEach(handler => handler(result, input));\n }\n\n return result;\n }\n\n on(event: string, handler: EventHandler): void {\n if (!this.events.has(event)) {\n this.events.set(event, []);\n }\n this.events.get(event)!.push(handler);\n }\n\n emit(event: string, ...args: any[]): void {\n const handlers = this.events.get(event) || [];\n handlers.forEach(handler => handler(...args));\n }\n\n async init(): Promise<void> {\n // EdgeAgentDetector doesn't need initialization\n return;\n }\n}\n","/**\n * Edge-compatible session tracking for AI agents\n * Uses cookie-based storage to work in Edge Runtime\n */\n\nimport type { NextRequest, NextResponse } from 'next/server';\nimport type { DetectionResult } from '@kya-os/agentshield';\n\nexport interface SessionData {\n id: string;\n agent: string;\n confidence: number;\n detectedAt: number;\n expires: number;\n}\n\nexport interface SessionTrackingConfig {\n enabled: boolean;\n cookieName?: string;\n cookieMaxAge?: number; // in seconds\n encryptionKey?: string;\n}\n\nexport class EdgeSessionTracker {\n private readonly config: Required<SessionTrackingConfig>;\n\n constructor(config: SessionTrackingConfig) {\n this.config = {\n enabled: config.enabled,\n cookieName: config.cookieName || '__agentshield_session',\n cookieMaxAge: config.cookieMaxAge || 3600, // 1 hour default\n encryptionKey:\n config.encryptionKey ||\n process.env.AGENTSHIELD_SECRET ||\n 'agentshield-default-key',\n };\n }\n\n /**\n * Track a new AI agent session\n */\n async track(\n _request: NextRequest,\n response: NextResponse,\n result: DetectionResult\n ): Promise<NextResponse> {\n try {\n if (!this.config.enabled || !result.isAgent) {\n return response;\n }\n\n const sessionData: SessionData = {\n id: crypto.randomUUID(),\n agent: result.detectedAgent?.name || 'unknown',\n confidence: result.confidence,\n detectedAt: Date.now(),\n expires: Date.now() + this.config.cookieMaxAge * 1000,\n };\n\n // Encrypt session data for security\n const encrypted = await this.encrypt(JSON.stringify(sessionData));\n\n // Set secure httpOnly cookie\n response.cookies.set(this.config.cookieName, encrypted, {\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'lax',\n maxAge: this.config.cookieMaxAge,\n path: '/',\n });\n\n return response;\n } catch (error) {\n // Fail gracefully - log error but don't break request\n if (process.env.DEBUG_AGENTSHIELD) {\n console.warn('AgentShield: Failed to track session:', error);\n }\n return response;\n }\n }\n\n /**\n * Check for existing AI agent session\n */\n async check(request: NextRequest): Promise<SessionData | null> {\n try {\n if (!this.config.enabled) {\n return null;\n }\n\n const cookie = request.cookies.get(this.config.cookieName);\n if (!cookie?.value) {\n return null;\n }\n\n // Decrypt and parse session data\n const decrypted = await this.decrypt(cookie.value);\n const session: SessionData = JSON.parse(decrypted);\n\n // Check if session is expired\n if (session.expires < Date.now()) {\n return null;\n }\n\n return session;\n } catch (error) {\n // Fail gracefully - invalid or corrupted session\n if (process.env.DEBUG_AGENTSHIELD) {\n console.warn('AgentShield: Failed to check session:', error);\n }\n return null;\n }\n }\n\n /**\n * Clear an existing session\n */\n clear(response: NextResponse): NextResponse {\n try {\n response.cookies.delete(this.config.cookieName);\n } catch (error) {\n // Fail gracefully\n if (process.env.DEBUG_AGENTSHIELD) {\n console.warn('AgentShield: Failed to clear session:', error);\n }\n }\n return response;\n }\n\n /**\n * Simple encryption using Web Crypto API (Edge-compatible)\n */\n private async encrypt(data: string): Promise<string> {\n try {\n // For Edge Runtime, use simple base64 encoding with obfuscation\n // In production, consider using Web Crypto API subtle.encrypt()\n const key = this.config.encryptionKey;\n const encoded = new TextEncoder().encode(data);\n\n // Simple XOR obfuscation\n const obfuscated = new Uint8Array(encoded.length);\n for (let i = 0; i < encoded.length; i++) {\n obfuscated[i] = (encoded[i] || 0) ^ key.charCodeAt(i % key.length);\n }\n\n // Convert to base64\n return btoa(\n Array.from(obfuscated, byte => String.fromCharCode(byte)).join('')\n );\n } catch (error) {\n // Fallback to simple base64 if encryption fails\n return btoa(data);\n }\n }\n\n /**\n * Simple decryption (Edge-compatible)\n */\n private async decrypt(data: string): Promise<string> {\n try {\n const key = this.config.encryptionKey;\n const decoded = Uint8Array.from(atob(data), c => c.charCodeAt(0));\n\n // Reverse XOR obfuscation\n const deobfuscated = new Uint8Array(decoded.length);\n for (let i = 0; i < decoded.length; i++) {\n deobfuscated[i] = (decoded[i] || 0) ^ key.charCodeAt(i % key.length);\n }\n\n return new TextDecoder().decode(deobfuscated);\n } catch (error) {\n // Fallback to simple base64 if decryption fails\n return atob(data);\n }\n }\n}\n\n/**\n * Stateless session checker for non-Next.js environments (Express, etc.)\n * Uses a combination of headers to identify continued sessions\n */\nexport class StatelessSessionChecker {\n static check(headers: Record<string, string>): SessionData | null {\n try {\n // Check for session headers (set by previous response)\n const agent = headers['x-agentshield-session-agent'];\n const confidence = headers['x-agentshield-session-confidence'];\n const sessionId = headers['x-agentshield-session-id'];\n\n if (agent && confidence && sessionId) {\n return {\n id: sessionId,\n agent,\n confidence: parseFloat(confidence),\n detectedAt: Date.now(),\n expires: Date.now() + 3600000, // 1 hour\n };\n }\n\n // Check for cookie-based session (if cookies are parsed)\n const cookieHeader = headers['cookie'];\n if (cookieHeader && cookieHeader.includes('__agentshield_session=')) {\n // Simple cookie parsing\n const match = cookieHeader.match(/__agentshield_session=([^;]+)/);\n if (match && match[1]) {\n try {\n const decoded = atob(match[1]);\n return JSON.parse(decoded);\n } catch {\n // Invalid session data\n }\n }\n }\n\n return null;\n } catch {\n return null;\n }\n }\n\n static setHeaders(response: any, session: SessionData): void {\n try {\n // Set session headers for stateless tracking\n if (response.setHeader) {\n response.setHeader('X-AgentShield-Session-Agent', session.agent);\n response.setHeader(\n 'X-AgentShield-Session-Confidence',\n session.confidence.toString()\n );\n response.setHeader('X-AgentShield-Session-Id', session.id);\n } else if (response.headers && response.headers.set) {\n response.headers.set('x-agentshield-session-agent', session.agent);\n response.headers.set(\n 'x-agentshield-session-confidence',\n session.confidence.toString()\n );\n response.headers.set('x-agentshield-session-id', session.id);\n }\n } catch {\n // Fail gracefully\n }\n }\n}\n","/**\n * Next.js middleware for AgentShield\n *\n * Uses edge-safe imports to avoid WASM in Edge Runtime\n */\n\nimport { NextRequest, NextResponse } from 'next/server';\n// Use wrapper for EdgeAgentDetector to match expected interface\nimport { EdgeAgentDetectorWrapper as AgentDetector } from './edge-detector-wrapper';\nimport { EdgeSessionTracker } from './session-tracker';\nimport type { NextJSMiddlewareConfig } from './types';\n\n/**\n * Create AgentShield middleware for Next.js\n */\nexport function createAgentShieldMiddleware(\n config: Partial<NextJSMiddlewareConfig> = {}\n) {\n const detector = new AgentDetector(config);\n\n // Initialize session tracker if enabled (or if WASM is enabled)\n const sessionTracker =\n config.sessionTracking?.enabled || config.enableWasm\n ? new EdgeSessionTracker({\n enabled: true,\n ...config.sessionTracking,\n })\n : null;\n\n // Wire up event handlers if provided\n if (config.events) {\n Object.entries(config.events).forEach(([event, handler]) => {\n detector.on(event as any, handler as any);\n });\n }\n\n const {\n onAgentDetected = 'log',\n onDetection,\n skipPaths = [],\n blockedResponse = {\n status: 403,\n message: 'Access denied: Automated agent detected',\n headers: { 'Content-Type': 'application/json' },\n },\n redirectUrl = '/blocked',\n rewriteUrl = '/blocked',\n } = config;\n\n return async (request: NextRequest): Promise<NextResponse> => {\n try {\n // Check if path should be skipped\n const shouldSkip = skipPaths.some(pattern => {\n if (typeof pattern === 'string') {\n return request.nextUrl.pathname.startsWith(pattern);\n }\n return pattern.test(request.nextUrl.pathname);\n });\n\n if (shouldSkip) {\n // Mark as skipped in request\n (request as any).agentShield = { skipped: true };\n return NextResponse.next();\n }\n\n // Check for existing session first\n const existingSession = sessionTracker\n ? await sessionTracker.check(request)\n : null;\n\n if (existingSession) {\n // This is a continued AI agent session\n const response = NextResponse.next();\n\n // Set headers to indicate continued session\n response.headers.set('x-agentshield-detected', 'true');\n response.headers.set('x-agentshield-agent', existingSession.agent);\n response.headers.set(\n 'x-agentshield-confidence',\n existingSession.confidence.toString()\n );\n response.headers.set('x-agentshield-session', 'continued');\n response.headers.set('x-agentshield-session-id', existingSession.id);\n\n // Mark request with session info\n (request as any).agentShield = {\n result: {\n isAgent: true,\n confidence: existingSession.confidence,\n detectedAgent: { name: existingSession.agent },\n timestamp: new Date(),\n verificationMethod: 'session',\n },\n session: existingSession,\n skipped: false,\n };\n\n // Emit session continued event\n const context = {\n userAgent: request.headers.get('user-agent') || '',\n ipAddress:\n (request.ip ?? request.headers.get('x-forwarded-for')) || '',\n headers: Object.fromEntries(request.headers.entries()),\n url: request.url,\n method: request.method,\n timestamp: new Date(),\n };\n\n detector.emit('agent.session.continued', existingSession, context);\n\n return response;\n }\n\n // Prepare request context for new detection\n const userAgent = request.headers.get('user-agent');\n const ipAddress = request.ip ?? request.headers.get('x-forwarded-for');\n\n const context = {\n ...(userAgent && { userAgent }),\n ...(ipAddress && { ipAddress }),\n headers: Object.fromEntries(request.headers.entries()),\n url: request.url,\n method: request.method,\n timestamp: new Date(),\n };\n\n // Analyze request\n const result = await detector.analyze(context);\n\n // Handle detection result\n if (\n result.isAgent &&\n result.confidence >= (config.confidenceThreshold ?? 0.7)\n ) {\n // Call custom detection handler if provided\n if (onDetection) {\n const customResponse = await onDetection(request, result);\n if (customResponse) {\n return customResponse;\n }\n }\n\n // Handle based on configuration\n switch (onAgentDetected) {\n case 'block': {\n const response = NextResponse.json(\n {\n error: blockedResponse.message,\n detected: true,\n confidence: result.confidence,\n timestamp: result.timestamp,\n },\n { status: blockedResponse.status }\n );\n\n if (blockedResponse.headers) {\n Object.entries(blockedResponse.headers).forEach(\n ([key, value]) => {\n response.headers.set(key, value);\n }\n );\n }\n\n // Emit blocked event\n detector.emit('agent.blocked', result, context);\n\n return response;\n }\n\n case 'redirect':\n return NextResponse.redirect(new URL(redirectUrl, request.url));\n\n case 'rewrite':\n return NextResponse.rewrite(new URL(rewriteUrl, request.url));\n\n case 'log':\n console.warn('AgentShield: Agent detected', {\n ipAddress: context.ipAddress,\n userAgent: context.userAgent,\n confidence: result.confidence,\n reasons: result.reasons,\n pathname: request.nextUrl.pathname,\n });\n break;\n\n case 'allow':\n default:\n // Emit allowed event for high-confidence agents\n if (\n result.isAgent &&\n result.confidence >= (config.confidenceThreshold ?? 0.7)\n ) {\n detector.emit('agent.allowed', result, context);\n }\n // Continue processing\n break;\n }\n }\n\n // Add detection result to request for API routes\n (request as any).agentShield = {\n result,\n skipped: false,\n };\n\n // Add detection result to response headers for debugging\n let response = NextResponse.next();\n response.headers.set('x-agentshield-detected', result.isAgent.toString());\n response.headers.set(\n 'x-agentshield-confidence',\n result.confidence.toString()\n );\n\n // Add agent name if detected\n if (result.detectedAgent?.name) {\n response.headers.set('x-agentshield-agent', result.detectedAgent.name);\n }\n\n // Track new AI agent sessions\n if (\n sessionTracker &&\n result.isAgent &&\n result.confidence >= (config.confidenceThreshold ?? 0.7)\n ) {\n response = await sessionTracker.track(request, response, result);\n response.headers.set('x-agentshield-session', 'new');\n\n // Emit new session event\n detector.emit('agent.session.started', result, context);\n }\n\n return response;\n } catch (error) {\n console.error('AgentShield middleware error:', error);\n return NextResponse.next(); // Continue on error\n }\n };\n}\n\n/**\n * Convenience function for basic setup\n */\nexport function agentShield(config: Partial<NextJSMiddlewareConfig> = {}) {\n return createAgentShieldMiddleware(config);\n}\n","/**\n * Enhanced middleware creator for Edge Runtime\n * Uses EdgeAgentDetector which doesn't require WASM\n */\n\nimport { NextResponse } from 'next/server';\nimport type { NextRequest } from 'next/server';\nimport { createAgentShieldMiddleware as createBaseMiddleware } from './middleware';\nimport type { NextJSMiddlewareConfig } from './types';\n\nlet middlewareInstance: any = null;\nlet isInitializing = false;\nlet initPromise: Promise<any> | null = null;\n\n/**\n * Create an AgentShield middleware with automatic WASM initialization\n * This version handles initialization internally to avoid top-level await\n */\nexport function createAgentShieldMiddleware(config: NextJSMiddlewareConfig) {\n return async function agentShieldMiddleware(\n request: NextRequest\n ): Promise<NextResponse> {\n // Initialize middleware on first request (no WASM needed in Edge Runtime)\n if (!middlewareInstance) {\n if (!isInitializing) {\n isInitializing = true;\n initPromise = (async () => {\n // No WASM initialization needed - EdgeAgentDetector works without it\n\n // Create the actual middleware instance\n middlewareInstance = createBaseMiddleware(config);\n return middlewareInstance;\n })();\n }\n\n // Wait for initialization to complete\n if (initPromise) {\n middlewareInstance = await initPromise;\n }\n }\n\n // Run the middleware\n return middlewareInstance\n ? middlewareInstance(request)\n : NextResponse.next();\n };\n}\n\n/**\n * Export the original function as well for backward compatibility\n */\nexport { createAgentShieldMiddleware as createMiddleware };\n","/**\n * @fileoverview AgentShield Next.js Integration\n * @version 0.1.0\n * @license MIT OR Apache-2.0\n */\n\n// Export the enhanced middleware that handles initialization internally\nexport {\n createAgentShieldMiddleware,\n createMiddleware,\n} from './create-middleware';\n\n// Also export original middleware for advanced users\nexport { createAgentShieldMiddleware as createAgentShieldMiddlewareBase } from './middleware';\n\n// Export session tracking utilities\nexport { EdgeSessionTracker, StatelessSessionChecker } from './session-tracker';\nexport type { SessionData, SessionTrackingConfig } from './session-tracker';\n\nexport * from './types';\n// Hooks are not exported from main entry - they're client-only\n// If someone needs hooks, they should import from '@kya-os/agentshield-nextjs/hooks'\n\n/**\n * Library version\n */\nexport const VERSION = '0.1.0';\n"]}
package/dist/middleware.d.mts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { NextRequest, NextResponse } from 'next/server';
2
- import { N as NextJSMiddlewareConfig } from './types-Hsgc8Gry.mjs';
2
+ import { N as NextJSMiddlewareConfig } from './types-BJTEUa4T.mjs';
3
3
  import '@kya-os/agentshield';
4
4
 
5
5
  /**
package/dist/middleware.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { NextRequest, NextResponse } from 'next/server';
2
- import { N as NextJSMiddlewareConfig } from './types-Hsgc8Gry.js';
2
+ import { N as NextJSMiddlewareConfig } from './types-BJTEUa4T.js';
3
3
  import '@kya-os/agentshield';
4
4
 
5
5
  /**
package/dist/middleware.js CHANGED
@@ -47,7 +47,14 @@ var EdgeAgentDetector = class {
47
47
  if (userAgent) {
48
48
  for (const { pattern, type, name } of AI_AGENT_PATTERNS) {
49
49
  if (pattern.test(userAgent)) {
50
- confidence = Math.max(confidence, 0.5);
50
+ const highConfidenceAgents = [
51
+ "chatgpt",
52
+ "claude",
53
+ "perplexity",
54
+ "anthropic"
55
+ ];
56
+ const patternConfidence = highConfidenceAgents.includes(type) ? 0.85 : 0.5;
57
+ confidence = Math.max(confidence, patternConfidence);
51
58
  reasons.push(`known_pattern:${type}`);
52
59
  if (!detectedAgent) {
53
60
  detectedAgent = { type, name };
@@ -124,9 +131,130 @@ var EdgeAgentDetectorWrapper = class {
124
131
  }
125
132
  };
126
133
 
134
+ // src/session-tracker.ts
135
+ var EdgeSessionTracker = class {
136
+ config;
137
+ constructor(config) {
138
+ this.config = {
139
+ enabled: config.enabled,
140
+ cookieName: config.cookieName || "__agentshield_session",
141
+ cookieMaxAge: config.cookieMaxAge || 3600,
142
+ // 1 hour default
143
+ encryptionKey: config.encryptionKey || process.env.AGENTSHIELD_SECRET || "agentshield-default-key"
144
+ };
145
+ }
146
+ /**
147
+ * Track a new AI agent session
148
+ */
149
+ async track(_request, response, result) {
150
+ try {
151
+ if (!this.config.enabled || !result.isAgent) {
152
+ return response;
153
+ }
154
+ const sessionData = {
155
+ id: crypto.randomUUID(),
156
+ agent: result.detectedAgent?.name || "unknown",
157
+ confidence: result.confidence,
158
+ detectedAt: Date.now(),
159
+ expires: Date.now() + this.config.cookieMaxAge * 1e3
160
+ };
161
+ const encrypted = await this.encrypt(JSON.stringify(sessionData));
162
+ response.cookies.set(this.config.cookieName, encrypted, {
163
+ httpOnly: true,
164
+ secure: process.env.NODE_ENV === "production",
165
+ sameSite: "lax",
166
+ maxAge: this.config.cookieMaxAge,
167
+ path: "/"
168
+ });
169
+ return response;
170
+ } catch (error) {
171
+ if (process.env.DEBUG_AGENTSHIELD) {
172
+ console.warn("AgentShield: Failed to track session:", error);
173
+ }
174
+ return response;
175
+ }
176
+ }
177
+ /**
178
+ * Check for existing AI agent session
179
+ */
180
+ async check(request) {
181
+ try {
182
+ if (!this.config.enabled) {
183
+ return null;
184
+ }
185
+ const cookie = request.cookies.get(this.config.cookieName);
186
+ if (!cookie?.value) {
187
+ return null;
188
+ }
189
+ const decrypted = await this.decrypt(cookie.value);
190
+ const session = JSON.parse(decrypted);
191
+ if (session.expires < Date.now()) {
192
+ return null;
193
+ }
194
+ return session;
195
+ } catch (error) {
196
+ if (process.env.DEBUG_AGENTSHIELD) {
197
+ console.warn("AgentShield: Failed to check session:", error);
198
+ }
199
+ return null;
200
+ }
201
+ }
202
+ /**
203
+ * Clear an existing session
204
+ */
205
+ clear(response) {
206
+ try {
207
+ response.cookies.delete(this.config.cookieName);
208
+ } catch (error) {
209
+ if (process.env.DEBUG_AGENTSHIELD) {
210
+ console.warn("AgentShield: Failed to clear session:", error);
211
+ }
212
+ }
213
+ return response;
214
+ }
215
+ /**
216
+ * Simple encryption using Web Crypto API (Edge-compatible)
217
+ */
218
+ async encrypt(data) {
219
+ try {
220
+ const key = this.config.encryptionKey;
221
+ const encoded = new TextEncoder().encode(data);
222
+ const obfuscated = new Uint8Array(encoded.length);
223
+ for (let i = 0; i < encoded.length; i++) {
224
+ obfuscated[i] = (encoded[i] || 0) ^ key.charCodeAt(i % key.length);
225
+ }
226
+ return btoa(
227
+ Array.from(obfuscated, (byte) => String.fromCharCode(byte)).join("")
228
+ );
229
+ } catch (error) {
230
+ return btoa(data);
231
+ }
232
+ }
233
+ /**
234
+ * Simple decryption (Edge-compatible)
235
+ */
236
+ async decrypt(data) {
237
+ try {
238
+ const key = this.config.encryptionKey;
239
+ const decoded = Uint8Array.from(atob(data), (c) => c.charCodeAt(0));
240
+ const deobfuscated = new Uint8Array(decoded.length);
241
+ for (let i = 0; i < decoded.length; i++) {
242
+ deobfuscated[i] = (decoded[i] || 0) ^ key.charCodeAt(i % key.length);
243
+ }
244
+ return new TextDecoder().decode(deobfuscated);
245
+ } catch (error) {
246
+ return atob(data);
247
+ }
248
+ }
249
+ };
250
+
127
251
  // src/middleware.ts
128
252
  function createAgentShieldMiddleware(config = {}) {
129
253
  const detector = new EdgeAgentDetectorWrapper(config);
254
+ const sessionTracker = config.sessionTracking?.enabled || config.enableWasm ? new EdgeSessionTracker({
255
+ enabled: true,
256
+ ...config.sessionTracking
257
+ }) : null;
130
258
  if (config.events) {
131
259
  Object.entries(config.events).forEach(([event, handler]) => {
132
260
  detector.on(event, handler);
@@ -156,6 +284,39 @@ function createAgentShieldMiddleware(config = {}) {
156
284
  request.agentShield = { skipped: true };
157
285
  return server.NextResponse.next();
158
286
  }
287
+ const existingSession = sessionTracker ? await sessionTracker.check(request) : null;
288
+ if (existingSession) {
289
+ const response2 = server.NextResponse.next();
290
+ response2.headers.set("x-agentshield-detected", "true");
291
+ response2.headers.set("x-agentshield-agent", existingSession.agent);
292
+ response2.headers.set(
293
+ "x-agentshield-confidence",
294
+ existingSession.confidence.toString()
295
+ );
296
+ response2.headers.set("x-agentshield-session", "continued");
297
+ response2.headers.set("x-agentshield-session-id", existingSession.id);
298
+ request.agentShield = {
299
+ result: {
300
+ isAgent: true,
301
+ confidence: existingSession.confidence,
302
+ detectedAgent: { name: existingSession.agent },
303
+ timestamp: /* @__PURE__ */ new Date(),
304
+ verificationMethod: "session"
305
+ },
306
+ session: existingSession,
307
+ skipped: false
308
+ };
309
+ const context2 = {
310
+ userAgent: request.headers.get("user-agent") || "",
311
+ ipAddress: (request.ip ?? request.headers.get("x-forwarded-for")) || "",
312
+ headers: Object.fromEntries(request.headers.entries()),
313
+ url: request.url,
314
+ method: request.method,
315
+ timestamp: /* @__PURE__ */ new Date()
316
+ };
317
+ detector.emit("agent.session.continued", existingSession, context2);
318
+ return response2;
319
+ }
159
320
  const userAgent = request.headers.get("user-agent");
160
321
  const ipAddress = request.ip ?? request.headers.get("x-forwarded-for");
161
322
  const context = {
@@ -220,7 +381,7 @@ function createAgentShieldMiddleware(config = {}) {
220
381
  result,
221
382
  skipped: false
222
383
  };
223
- const response = server.NextResponse.next();
384
+ let response = server.NextResponse.next();
224
385
  response.headers.set("x-agentshield-detected", result.isAgent.toString());
225
386
  response.headers.set(
226
387
  "x-agentshield-confidence",
@@ -229,6 +390,11 @@ function createAgentShieldMiddleware(config = {}) {
229
390
  if (result.detectedAgent?.name) {
230
391
  response.headers.set("x-agentshield-agent", result.detectedAgent.name);
231
392
  }
393
+ if (sessionTracker && result.isAgent && result.confidence >= (config.confidenceThreshold ?? 0.7)) {
394
+ response = await sessionTracker.track(request, response, result);
395
+ response.headers.set("x-agentshield-session", "new");
396
+ detector.emit("agent.session.started", result, context);
397
+ }
232
398
  return response;
233
399
  } catch (error) {
234
400
  console.error("AgentShield middleware error:", error);