@kya-os/agentshield-nextjs 0.1.29 → 0.1.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. package/dist/create-middleware.js +591 -12
  2. package/dist/create-middleware.js.map +1 -1
  3. package/dist/create-middleware.mjs +591 -12
  4. package/dist/create-middleware.mjs.map +1 -1
  5. package/dist/edge-detector-wrapper.js +251 -12
  6. package/dist/edge-detector-wrapper.js.map +1 -1
  7. package/dist/edge-detector-wrapper.mjs +251 -12
  8. package/dist/edge-detector-wrapper.mjs.map +1 -1
  9. package/dist/index.js +591 -12
  10. package/dist/index.js.map +1 -1
  11. package/dist/index.mjs +591 -12
  12. package/dist/index.mjs.map +1 -1
  13. package/dist/middleware.js +587 -8
  14. package/dist/middleware.js.map +1 -1
  15. package/dist/middleware.mjs +587 -8
  16. package/dist/middleware.mjs.map +1 -1
  17. package/dist/signature-verifier.js +220 -0
  18. package/dist/signature-verifier.js.map +1 -0
  19. package/dist/signature-verifier.mjs +216 -0
  20. package/dist/signature-verifier.mjs.map +1 -0
  21. package/package.json +2 -2
  22. package/wasm/agentshield_wasm.d.ts +121 -0
  23. package/wasm/agentshield_wasm.js +576 -0
  24. package/wasm/agentshield_wasm_bg.wasm +0 -0
  25. package/dist/create-middleware.d.mts +0 -16
  26. package/dist/create-middleware.d.ts +0 -16
  27. package/dist/edge-detector-wrapper.d.mts +0 -42
  28. package/dist/edge-detector-wrapper.d.ts +0 -42
  29. package/dist/edge-runtime-loader.d.mts +0 -49
  30. package/dist/edge-runtime-loader.d.ts +0 -49
  31. package/dist/edge-wasm-middleware.d.mts +0 -58
  32. package/dist/edge-wasm-middleware.d.ts +0 -58
  33. package/dist/index.d.mts +0 -19
  34. package/dist/index.d.ts +0 -19
  35. package/dist/middleware.d.mts +0 -20
  36. package/dist/middleware.d.ts +0 -20
  37. package/dist/nodejs-wasm-loader.d.mts +0 -25
  38. package/dist/nodejs-wasm-loader.d.ts +0 -25
  39. package/dist/session-tracker.d.mts +0 -55
  40. package/dist/session-tracker.d.ts +0 -55
  41. package/dist/types-BJTEUa4T.d.mts +0 -88
  42. package/dist/types-BJTEUa4T.d.ts +0 -88
  43. package/dist/wasm-middleware.d.mts +0 -62
  44. package/dist/wasm-middleware.d.ts +0 -62
  45. package/dist/wasm-setup.d.mts +0 -46
  46. package/dist/wasm-setup.d.ts +0 -46
package/dist/edge-detector-wrapper.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/edge-detector-wrapper.ts"],"names":[],"mappings":";;;AAiCA,IAAM,iBAAA,GAAoB;AAAA,EACxB,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,SAAA,EAAW,MAAM,SAAA,EAAU;AAAA,EAC7D,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,QAAA,EAAU,MAAM,QAAA,EAAS;AAAA,EACzD,EAAE,OAAA,EAAS,gBAAA,EAAkB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACpE,EAAE,OAAA,EAAS,kBAAA,EAAoB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACtE,EAAE,OAAA,EAAS,gBAAA,EAAkB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACpE,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA;AAAA,EACjE,EAAE,OAAA,EAAS,UAAA,EAAY,IAAA,EAAM,MAAA,EAAQ,MAAM,SAAA,EAAU;AAAA,EACrD,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,WAAA,EAAa,MAAM,WAAA;AACvD,CAAA;AAGA,IAAM,eAAA,GAAkB;AAAA,EACtB,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,IAAI,CAAA;AAAA,EACtC,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,QAAQ,MAAM,CAAA;AAAA,EAC1C,OAAO,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,MAAM;AAC5C,CAAA;AAKA,IAAM,oBAAN,MAAwB;AAAA,EACtB,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,IAAI,aAAA;AACJ,IAAA,IAAI,kBAAA;AACJ,IAAA,IAAI,UAAA,GAAa,CAAA;AAEjB,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,OAAA,IAAW,EAAC;AAClC,IAAA,MAAM,oBAA4C,EAAC;AAGnD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,MAAA,iBAAA,CAAkB,GAAA,CAAI,WAAA,EAAa,CAAA,GAAI,KAAA;AAAA,IACzC;AAGA,IAAA,MAAM,mBAAmB,CAAC,EACxB,kBAAkB,WAAW,CAAA,IAAK,kBAAkB,iBAAiB,CAAA,CAAA;AAEvE,IAAA,MAAM,cAAA,GAAiB,kBAAkB,iBAAiB,CAAA;AAE1D,IAAA,IAAI,cAAA,EAAgB,QAAA,CAAS,aAAa,CAAA,EAAG;AAC3C,MAAA,UAAA,GAAa,IAAA;AACb,MAAA,OAAA,CAAQ,KAAK,yBAAyB,CAAA;AACtC,MAAA,aAAA,GAAgB,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,SAAA,EAAU;AACnD,MAAA,kBAAA,GAAqB,WAAA;AAAA,IACvB,WAAW,gBAAA,EAAkB;AAC3B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,KAAK,mBAAmB,CAAA;AAAA,IAClC;AAGA,IAAA,MAAM,YAAY,KAAA,CAAM,SAAA,IAAa,KAAA,CAAM,OAAA,GAAU,YAAY,CAAA,IAAK,EAAA;AACtE,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,KAAA,MAAW,EAAE,OAAA,EAAS,IAAA,EAAM,IAAA,MAAU,iBAAA,EAAmB;AACvD,QAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA,EAAG;AAE3B,UAAA,MAAM,oBAAA,GAAuB;AAAA,YAC3B,SAAA;AAAA,YACA,QAAA;AAAA,YACA,YAAA;AAAA,YACA;AAAA,WACF;AACA,UAAA,MAAM,iBAAA,GAAoB,oBAAA,CAAqB,QAAA,CAAS,IAAI,IACxD,IAAA,GACA,GAAA;AAEJ,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,iBAAiB,CAAA;AACnD,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,cAAA,EAAiB,IAAI,CAAA,CAAE,CAAA;AACpC,UAAA,IAAI,CAAC,aAAA,EAAe;AAClB,YAAA,aAAA,GAAgB,EAAE,MAAM,IAAA,EAAK;AAC7B,YAAA,kBAAA,GAAqB,SAAA;AAAA,UACvB;AACA,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,MAAM,SAAA,GAAY;AAAA,MAChB,wBAAA;AAAA,MACA,0BAAA;AAAA,MACA,qBAAA;AAAA,MACA,mBAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,iBAAiB,SAAA,CAAU,MAAA;AAAA,MAC/B,CAAA,MAAA,KAAU,kBAAkB,MAAM;AAAA,KACpC;AACA,IAAA,IAAI,cAAA,CAAe,SAAS,CAAA,EAAG;AAC7B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,WAAA,EAAc,cAAA,CAAe,MAAM,CAAA,CAAE,CAAA;AAAA,IACpD;AAGA,IAAA,MAAM,EAAA,GAAK,KAAA,CAAM,EAAA,IAAM,KAAA,CAAM,SAAA;AAC7B,IAAA,IACE,EAAA,IACA,CAAC,iBAAA,CAAkB,iBAAiB,KACpC,CAAC,iBAAA,CAAkB,WAAW,CAAA,EAC9B;AACA,MAAA,KAAA,MAAW,CAAC,QAAA,EAAU,QAAQ,KAAK,MAAA,CAAO,OAAA,CAAQ,eAAe,CAAA,EAAG;AAClE,QAAA,IAAI,SAAS,IAAA,CAAK,CAAA,MAAA,KAAU,GAAG,UAAA,CAAW,MAAM,CAAC,CAAA,EAAG;AAClD,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,eAAA,EAAkB,QAAQ,CAAA,CAAE,CAAA;AACzC,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,GAAa,GAAA,EAAK,IAAI,CAAA;AAAA,IAC9C;AAEA,IAAA,OAAO;AAAA,MACL,SAAS,UAAA,GAAa,GAAA;AAAA,MACtB,UAAA;AAAA,MACA,GAAI,aAAA,IAAiB,EAAE,aAAA,EAAc;AAAA,MACrC,OAAA;AAAA,MACA,GAAI,kBAAA,IAAsB,EAAE,kBAAA,EAAmB;AAAA,MAC/C,gBAAA,EAAkB,UAAA,GAAa,GAAA,GAAM,QAAA,GAAW,MAAA;AAAA,MAChD,SAAA,sBAAe,IAAA;AAAK,KACtB;AAAA,EACF;AACF,CAAA;AAKO,IAAM,2BAAN,MAA+B;AAAA,EAC5B,QAAA;AAAA,EACA,MAAA,uBAA0C,GAAA,EAAI;AAAA,EAEtD,YAAY,OAAA,EAAe;AAEzB,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,iBAAA,EAAkB;AAAA,EACxC;AAAA,EAEA,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,QAAA,CAAS,QAAQ,KAAK,CAAA;AAGhD,IAAA,IAAI,OAAO,OAAA,IAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,KAAK,EAAC;AACvD,MAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,MAAA,EAAQ,KAAK,CAAC,CAAA;AAAA,IACpD;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,EAAA,CAAG,OAAe,OAAA,EAA6B;AAC7C,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,EAAG;AAC3B,MAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAA,EAAO,EAAE,CAAA;AAAA,IAC3B;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,CAAG,KAAK,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,IAAA,CAAK,UAAkB,IAAA,EAAmB;AACxC,IAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,KAAK,EAAC;AAC5C,IAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,GAAG,IAAI,CAAC,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,IAAA,GAAsB;AAE1B,IAAA;AAAA,EACF;AACF","file":"edge-detector-wrapper.js","sourcesContent":["/**\n * Wrapper for EdgeAgentDetector to match AgentDetector interface\n * This allows the middleware to work with EdgeAgentDetector in Edge Runtime\n *\n * This is a self-contained implementation to avoid import resolution issues\n */\n\ntype DetectionInput = {\n userAgent?: string;\n ip?: string;\n ipAddress?: string;\n headers?: Record<string, string>;\n url?: string;\n method?: string;\n timestamp?: Date;\n};\n\ntype DetectionResult = {\n isAgent: boolean;\n confidence: number;\n detectedAgent?: {\n type: string;\n name: string;\n };\n reasons: string[];\n verificationMethod?: string;\n forgeabilityRisk?: 'low' | 'medium' | 'high';\n timestamp: Date;\n};\n\ntype EventHandler = (...args: any[]) => void;\n\n// Known AI agent patterns\nconst AI_AGENT_PATTERNS = [\n { pattern: /chatgpt-user/i, type: 'chatgpt', name: 'ChatGPT' },\n { pattern: /claude-web/i, type: 'claude', name: 'Claude' },\n { pattern: /perplexitybot/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity-user/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity-ai/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity/i, type: 'perplexity', name: 'Perplexity' }, // Fallback\n { pattern: /bingbot/i, type: 'bing', name: 'Bing AI' },\n { pattern: /anthropic-ai/i, type: 'anthropic', name: 'Anthropic' },\n];\n\n// Known cloud provider IP ranges (simplified)\nconst CLOUD_PROVIDERS = {\n aws: ['54.', '52.', '35.', '18.', '3.'],\n gcp: ['35.', '34.', '104.', '107.', '108.'],\n azure: ['13.', '20.', '40.', '52.', '104.'],\n};\n\n/**\n * Self-contained EdgeAgentDetector implementation\n */\nclass EdgeAgentDetector {\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const reasons: string[] = [];\n let detectedAgent: { type: string; name: string } | undefined;\n let verificationMethod: string | undefined;\n let confidence = 0;\n\n const headers = input.headers || {};\n const normalizedHeaders: Record<string, string> = {};\n\n // Normalize header names to lowercase\n for (const [key, value] of Object.entries(headers)) {\n normalizedHeaders[key.toLowerCase()] = value;\n }\n\n // Check for HTTP Message Signatures (highest confidence)\n const signaturePresent = !!(\n normalizedHeaders['signature'] || normalizedHeaders['signature-input']\n );\n const signatureAgent = normalizedHeaders['signature-agent'];\n\n if (signatureAgent?.includes('chatgpt.com')) {\n confidence = 0.85;\n reasons.push('signature_agent:chatgpt');\n detectedAgent = { type: 'chatgpt', name: 'ChatGPT' };\n verificationMethod = 'signature';\n } else if (signaturePresent) {\n confidence = Math.max(confidence, 0.4);\n reasons.push('signature_present');\n }\n\n // Check User-Agent patterns\n const userAgent = input.userAgent || input.headers?.['user-agent'] || '';\n if (userAgent) {\n for (const { pattern, type, name } of AI_AGENT_PATTERNS) {\n if (pattern.test(userAgent)) {\n // Give higher confidence to well-known AI agents that properly identify themselves\n const highConfidenceAgents = [\n 'chatgpt',\n 'claude',\n 'perplexity',\n 'anthropic',\n ];\n const patternConfidence = highConfidenceAgents.includes(type)\n ? 0.85\n : 0.5;\n\n confidence = Math.max(confidence, patternConfidence);\n reasons.push(`known_pattern:${type}`);\n if (!detectedAgent) {\n detectedAgent = { type, name };\n verificationMethod = 'pattern';\n }\n break;\n }\n }\n }\n\n // Check AI-specific headers\n const aiHeaders = [\n 'openai-conversation-id',\n 'openai-ephemeral-user-id',\n 'anthropic-client-id',\n 'x-goog-api-client',\n 'x-ms-copilot-id',\n ];\n\n const foundAiHeaders = aiHeaders.filter(\n header => normalizedHeaders[header]\n );\n if (foundAiHeaders.length > 0) {\n confidence = Math.max(confidence, 0.6);\n reasons.push(`ai_headers:${foundAiHeaders.length}`);\n }\n\n // Check cloud provider IPs\n const ip = input.ip || input.ipAddress;\n if (\n ip &&\n !normalizedHeaders['x-forwarded-for'] &&\n !normalizedHeaders['x-real-ip']\n ) {\n for (const [provider, prefixes] of Object.entries(CLOUD_PROVIDERS)) {\n if (prefixes.some(prefix => ip.startsWith(prefix))) {\n confidence = Math.max(confidence, 0.4);\n reasons.push(`cloud_provider:${provider}`);\n break;\n }\n }\n }\n\n // Boost confidence for combinations\n if (reasons.length > 2) {\n confidence = Math.min(confidence * 1.2, 0.95);\n }\n\n return {\n isAgent: confidence > 0.3,\n confidence,\n ...(detectedAgent && { detectedAgent }),\n reasons,\n ...(verificationMethod && { verificationMethod }),\n forgeabilityRisk: confidence > 0.8 ? 'medium' : 'high',\n timestamp: new Date(),\n };\n }\n}\n\n/**\n * Wrapper that provides event emitter functionality\n */\nexport class EdgeAgentDetectorWrapper {\n private detector: EdgeAgentDetector;\n private events: Map<string, EventHandler[]> = new Map();\n\n constructor(_config?: any) {\n // Config is accepted but not used by EdgeAgentDetector\n this.detector = new EdgeAgentDetector();\n }\n\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const result = await this.detector.analyze(input);\n\n // Emit events if there are listeners\n if (result.isAgent && this.events.has('agent.detected')) {\n const handlers = this.events.get('agent.detected') || [];\n handlers.forEach(handler => handler(result, input));\n }\n\n return result;\n }\n\n on(event: string, handler: EventHandler): void {\n if (!this.events.has(event)) {\n this.events.set(event, []);\n }\n this.events.get(event)!.push(handler);\n }\n\n emit(event: string, ...args: any[]): void {\n const handlers = this.events.get(event) || [];\n handlers.forEach(handler => handler(...args));\n }\n\n async init(): Promise<void> {\n // EdgeAgentDetector doesn't need initialization\n return;\n }\n}\n"]}
1
+ {"version":3,"sources":["../src/signature-verifier.ts","../src/edge-detector-wrapper.ts"],"names":["now"],"mappings":";;;AAWA,IAAM,UAAA,GAAa;AAAA,EACjB,OAAA,EAAS;AAAA,IACP;AAAA,MACE,GAAA,EAAK,6CAAA;AAAA;AAAA,MAEL,SAAA,EAAW,6CAAA;AAAA,MACX,4BAAW,IAAI,IAAA,CAAK,YAAY,CAAA,EAAE,SAAQ,GAAI,GAAA;AAAA,MAC9C,6BAAY,IAAI,IAAA,CAAK,YAAY,CAAA,EAAE,SAAQ,GAAI;AAAA;AACjD;AAEJ,CAAA;AAKA,SAAS,oBAAoB,cAAA,EAKpB;AACP,EAAA,IAAI;AAEF,IAAA,MAAM,KAAA,GAAQ,cAAA,CAAe,KAAA,CAAM,qBAAqB,CAAA;AACxD,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,MAAM,GAAG,WAAA,EAAa,MAAM,CAAA,GAAI,KAAA;AAGhC,IAAA,MAAM,gBAAgB,WAAA,CACnB,KAAA,CAAM,GAAG,CAAA,CACT,GAAA,CAAI,OAAK,CAAA,CAAE,OAAA,CAAQ,MAAM,EAAE,CAAA,CAAE,MAAM,CAAA,CACnC,OAAO,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,CAAC,CAAA;AAG3B,IAAA,MAAM,UAAA,GAAa,MAAA,CAAO,KAAA,CAAM,iBAAiB,CAAA;AACjD,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,KAAA,CAAM,eAAe,CAAA;AACjD,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,KAAA,CAAM,eAAe,CAAA;AAEjD,IAAA,IAAI,CAAC,YAAY,OAAO,IAAA;AAExB,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,WAAW,CAAC,CAAA;AAAA,MACnB,SAAS,YAAA,GAAe,QAAA,CAAS,YAAA,CAAa,CAAC,CAAC,CAAA,GAAI,KAAA,CAAA;AAAA,MACpD,SAAS,YAAA,GAAe,QAAA,CAAS,YAAA,CAAa,CAAC,CAAC,CAAA,GAAI,KAAA,CAAA;AAAA,MACpD;AAAA,KACF;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,gDAAgD,KAAK,CAAA;AACnE,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAMA,SAAS,kBAAA,CACP,MAAA,EACA,IAAA,EACA,OAAA,EACA,aAAA,EACQ;AACR,EAAA,MAAM,aAAuB,EAAC;AAE9B,EAAA,KAAA,MAAW,cAAc,aAAA,EAAe;AACtC,IAAA,IAAI,KAAA;AAEJ,IAAA,QAAQ,UAAA;AAAY,MAClB,KAAK,SAAA;AACH,QAAA,KAAA,GAAQ,OAAO,WAAA,EAAY;AAC3B,QAAA;AAAA,MACF,KAAK,OAAA;AACH,QAAA,KAAA,GAAQ,IAAA;AACR,QAAA;AAAA,MACF,KAAK,YAAA;AAEH,QAAA,KAAA,GAAQ,OAAA,CAAQ,MAAM,CAAA,IAAK,OAAA,CAAQ,MAAM,CAAA,IAAK,EAAA;AAC9C,QAAA;AAAA,MACF;AAEE,QAAA,MAAM,GAAA,GAAM,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA,CAAE,IAAA;AAAA,UAC/B,CAAA,CAAA,KAAK,CAAA,CAAE,WAAA,EAAY,KAAM,WAAW,WAAA;AAAY,SAClD;AACA,QAAA,KAAA,GAAQ,GAAA,GAAM,OAAA,CAAQ,GAAG,CAAA,GAAI,EAAA;AAC7B,QAAA;AAAA;AAIJ,IAAA,UAAA,CAAW,IAAA,CAAK,CAAA,CAAA,EAAI,UAAU,CAAA,GAAA,EAAM,KAAK,CAAA,CAAE,CAAA;AAAA,EAC7C;AAEA,EAAA,OAAO,UAAA,CAAW,KAAK,IAAI,CAAA;AAC7B;AAKA,eAAe,sBAAA,CACb,eAAA,EACA,eAAA,EACA,OAAA,EACkB;AAClB,EAAA,IAAI;AAEF,IAAA,MAAM,cAAA,GAAiB,UAAA,CAAW,IAAA,CAAK,IAAA,CAAK,eAAe,GAAG,CAAA,CAAA,KAAK,CAAA,CAAE,UAAA,CAAW,CAAC,CAAC,CAAA;AAClF,IAAA,MAAM,cAAA,GAAiB,UAAA,CAAW,IAAA,CAAK,IAAA,CAAK,eAAe,GAAG,CAAA,CAAA,KAAK,CAAA,CAAE,UAAA,CAAW,CAAC,CAAC,CAAA;AAClF,IAAA,MAAM,YAAA,GAAe,IAAI,WAAA,EAAY,CAAE,OAAO,OAAO,CAAA;AAGrD,IAAA,IAAI,cAAA,CAAe,WAAW,EAAA,EAAI;AAChC,MAAA,OAAA,CAAQ,KAAA,CAAM,wCAAA,EAA0C,cAAA,CAAe,MAAM,CAAA;AAC7E,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,IAAI,cAAA,CAAe,WAAW,EAAA,EAAI;AAChC,MAAA,OAAA,CAAQ,KAAA,CAAM,uCAAA,EAAyC,cAAA,CAAe,MAAM,CAAA;AAC5E,MAAA,OAAO,KAAA;AAAA,IACT;AAGA,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MACpC,KAAA;AAAA,MACA,cAAA;AAAA,MACA;AAAA,QACE,IAAA,EAAM,SAAA;AAAA,QACN,UAAA,EAAY;AAAA,OACd;AAAA,MACA,KAAA;AAAA,MACA,CAAC,QAAQ;AAAA,KACX;AAGA,IAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA;AAAA,MAClC,SAAA;AAAA,MACA,SAAA;AAAA,MACA,cAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,OAAO,OAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,4CAA4C,KAAK,CAAA;AAG/D,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,MAAA,IAAI;AAGF,QAAA,OAAA,CAAQ,KAAK,uDAAuD,CAAA;AACpE,QAAA,OAAO,KAAA;AAAA,MACT,CAAA,CAAA,MAAQ;AACN,QAAA,OAAO,KAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAiBA,eAAsB,oBAAA,CACpB,MAAA,EACA,IAAA,EACA,OAAA,EACsC;AAEtC,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,WAAW,CAAA,IAAK,QAAQ,WAAW,CAAA;AAC7D,EAAA,MAAM,cAAA,GAAiB,OAAA,CAAQ,iBAAiB,CAAA,IAAK,QAAQ,iBAAiB,CAAA;AAC9E,EAAA,MAAM,cAAA,GAAiB,OAAA,CAAQ,iBAAiB,CAAA,IAAK,QAAQ,iBAAiB,CAAA;AAG9E,EAAA,IAAI,CAAC,SAAA,IAAa,CAAC,cAAA,EAAgB;AACjC,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,8BAAA;AAAA,MACR,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AAGA,EAAA,MAAM,MAAA,GAAS,oBAAoB,cAAc,CAAA;AACjD,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,gCAAA;AAAA,MACR,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,MAAMA,OAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,IAAA,MAAM,GAAA,GAAMA,OAAM,MAAA,CAAO,OAAA;AAGzB,IAAA,IAAI,MAAM,GAAA,EAAK;AACb,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,UAAA,EAAY,CAAA;AAAA,QACZ,MAAA,EAAQ,0CAAA;AAAA,QACR,kBAAA,EAAoB;AAAA,OACtB;AAAA,IACF;AAGA,IAAA,IAAI,MAAM,GAAA,EAAK;AACb,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,UAAA,EAAY,CAAA;AAAA,QACZ,MAAA,EAAQ,sCAAA;AAAA,QACR,kBAAA,EAAoB;AAAA,OACtB;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,KAAA;AACJ,EAAA,IAAI,SAAA;AAEJ,EAAA,IAAI,cAAA,KAAmB,uBAAA,IAA2B,cAAA,EAAgB,QAAA,CAAS,aAAa,CAAA,EAAG;AACzF,IAAA,KAAA,GAAQ,SAAA;AACR,IAAA,SAAA,GAAY,UAAA,CAAW,OAAA;AAAA,EACzB;AAGA,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,SAAA,EAAW;AACxB,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,yBAAA;AAAA,MACR,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AAGA,EAAA,MAAM,MAAM,SAAA,CAAU,IAAA,CAAK,OAAK,CAAA,CAAE,GAAA,KAAQ,OAAO,KAAK,CAAA;AACtD,EAAA,IAAI,CAAC,GAAA,EAAK;AACR,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,CAAA,gBAAA,EAAmB,MAAA,CAAO,KAAK,CAAA,CAAA;AAAA,MACvC,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AAGA,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,EAAA,IAAI,GAAA,GAAM,GAAA,CAAI,SAAA,IAAa,GAAA,GAAM,IAAI,UAAA,EAAY;AAC/C,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,kCAAA;AAAA,MACR,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AAGA,EAAA,MAAM,gBAAgB,kBAAA,CAAmB,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,OAAO,aAAa,CAAA;AAGpF,EAAA,IAAI,cAAA,GAAiB,SAAA;AACrB,EAAA,IAAI,cAAA,CAAe,UAAA,CAAW,QAAQ,CAAA,EAAG;AACvC,IAAA,cAAA,GAAiB,cAAA,CAAe,UAAU,CAAC,CAAA;AAAA,EAC7C;AACA,EAAA,IAAI,cAAA,CAAe,QAAA,CAAS,GAAG,CAAA,EAAG;AAChC,IAAA,cAAA,GAAiB,cAAA,CAAe,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAAA,EAC7C;AAGA,EAAA,MAAM,UAAU,MAAM,sBAAA;AAAA,IACpB,GAAA,CAAI,SAAA;AAAA,IACJ,cAAA;AAAA,IACA;AAAA,GACF;AAEA,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA;AAAA,MACA,OAAO,MAAA,CAAO,KAAA;AAAA,MACd,UAAA,EAAY,CAAA;AAAA;AAAA,MACZ,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF,CAAA,MAAO;AACL,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,+BAAA;AAAA,MACR,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AACF;AAKO,SAAS,oBAAoB,OAAA,EAA0C;AAC5E,EAAA,OAAO,CAAC,EAAA,CACL,OAAA,CAAQ,WAAW,CAAA,IAAK,OAAA,CAAQ,WAAW,CAAA,MAC3C,OAAA,CAAQ,iBAAiB,CAAA,IAAK,OAAA,CAAQ,iBAAiB,CAAA,CAAA,CAAA;AAE5D;AAKO,SAAS,mBAAmB,OAAA,EAA0C;AAC3E,EAAA,MAAM,cAAA,GAAiB,OAAA,CAAQ,iBAAiB,CAAA,IAAK,QAAQ,iBAAiB,CAAA;AAC9E,EAAA,OAAO,cAAA,KAAmB,uBAAA,KAA4B,cAAA,EAAgB,QAAA,CAAS,aAAa,CAAA,IAAK,KAAA,CAAA;AACnG;;;AC3SA,IAAM,iBAAA,GAAoB;AAAA,EACxB,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,SAAA,EAAW,MAAM,SAAA,EAAU;AAAA,EAC7D,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,QAAA,EAAU,MAAM,QAAA,EAAS;AAAA,EACzD,EAAE,OAAA,EAAS,gBAAA,EAAkB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACpE,EAAE,OAAA,EAAS,kBAAA,EAAoB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACtE,EAAE,OAAA,EAAS,gBAAA,EAAkB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACpE,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA;AAAA,EACjE,EAAE,OAAA,EAAS,UAAA,EAAY,IAAA,EAAM,MAAA,EAAQ,MAAM,SAAA,EAAU;AAAA,EACrD,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,WAAA,EAAa,MAAM,WAAA;AACvD,CAAA;AAGA,IAAM,eAAA,GAAkB;AAAA,EACtB,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,IAAI,CAAA;AAAA,EACtC,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,QAAQ,MAAM,CAAA;AAAA,EAC1C,OAAO,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,MAAM;AAC5C,CAAA;AAKA,IAAM,oBAAN,MAAwB;AAAA,EACtB,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,IAAI,aAAA;AACJ,IAAA,IAAI,kBAAA;AACJ,IAAA,IAAI,UAAA,GAAa,CAAA;AAEjB,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,OAAA,IAAW,EAAC;AAClC,IAAA,MAAM,oBAA4C,EAAC;AAGnD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,MAAA,iBAAA,CAAkB,GAAA,CAAI,WAAA,EAAa,CAAA,GAAI,KAAA;AAAA,IACzC;AAGA,IAAA,IAAI,mBAAA,CAAoB,OAAO,CAAA,EAAG;AAChC,MAAA,IAAI;AAEF,QAAA,MAAM,kBAAkB,MAAM,oBAAA;AAAA,UAC5B,MAAM,MAAA,IAAU,KAAA;AAAA,UAChB,MAAM,GAAA,IAAO,GAAA;AAAA,UACb;AAAA,SACF;AAEA,QAAA,IAAI,gBAAgB,OAAA,EAAS;AAE3B,UAAA,UAAA,GAAa,eAAA,CAAgB,UAAA;AAC7B,UAAA,OAAA,CAAQ,KAAK,CAAA,mBAAA,EAAsB,eAAA,CAAgB,OAAO,WAAA,EAAY,IAAK,SAAS,CAAA,CAAE,CAAA;AACtF,UAAA,IAAI,gBAAgB,KAAA,EAAO;AACzB,YAAA,aAAA,GAAgB;AAAA,cACd,IAAA,EAAM,eAAA,CAAgB,KAAA,CAAM,WAAA,EAAY;AAAA,cACxC,MAAM,eAAA,CAAgB;AAAA,aACxB;AAAA,UACF;AACA,UAAA,kBAAA,GAAqB,eAAA,CAAgB,kBAAA;AAGrC,UAAA,IAAI,gBAAgB,KAAA,EAAO;AACzB,YAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,MAAA,EAAS,eAAA,CAAgB,KAAK,CAAA,CAAE,CAAA;AAAA,UAC/C;AAAA,QACF,CAAA,MAAO;AAEL,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,KAAK,mBAAmB,CAAA;AAChC,UAAA,IAAI,gBAAgB,MAAA,EAAQ;AAC1B,YAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,gBAAA,EAAmB,eAAA,CAAgB,MAAM,CAAA,CAAE,CAAA;AAAA,UAC1D;AAGA,UAAA,IAAI,kBAAA,CAAmB,OAAO,CAAA,EAAG;AAC/B,YAAA,OAAA,CAAQ,KAAK,gBAAgB,CAAA;AAC7B,YAAA,aAAA,GAAgB,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,sBAAA,EAAuB;AAAA,UAClE;AAAA,QACF;AAAA,MACF,SAAS,KAAA,EAAO;AAEd,QAAA,OAAA,CAAQ,KAAA,CAAM,qDAAqD,KAAK,CAAA;AACxE,QAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,QAAA,OAAA,CAAQ,KAAK,8BAA8B,CAAA;AAAA,MAC7C;AAAA,IACF;AAGA,IAAA,MAAM,YAAY,KAAA,CAAM,SAAA,IAAa,KAAA,CAAM,OAAA,GAAU,YAAY,CAAA,IAAK,EAAA;AACtE,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,KAAA,MAAW,EAAE,OAAA,EAAS,IAAA,EAAM,IAAA,MAAU,iBAAA,EAAmB;AACvD,QAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA,EAAG;AAE3B,UAAA,MAAM,oBAAA,GAAuB;AAAA,YAC3B,SAAA;AAAA,YACA,QAAA;AAAA,YACA,YAAA;AAAA,YACA;AAAA,WACF;AACA,UAAA,MAAM,iBAAA,GAAoB,oBAAA,CAAqB,QAAA,CAAS,IAAI,IACxD,IAAA,GACA,GAAA;AAEJ,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,iBAAiB,CAAA;AACnD,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,cAAA,EAAiB,IAAI,CAAA,CAAE,CAAA;AACpC,UAAA,IAAI,CAAC,aAAA,EAAe;AAClB,YAAA,aAAA,GAAgB,EAAE,MAAM,IAAA,EAAK;AAC7B,YAAA,kBAAA,GAAqB,SAAA;AAAA,UACvB;AACA,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,MAAM,SAAA,GAAY;AAAA,MAChB,wBAAA;AAAA,MACA,0BAAA;AAAA,MACA,qBAAA;AAAA,MACA,mBAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,iBAAiB,SAAA,CAAU,MAAA;AAAA,MAC/B,CAAA,MAAA,KAAU,kBAAkB,MAAM;AAAA,KACpC;AACA,IAAA,IAAI,cAAA,CAAe,SAAS,CAAA,EAAG;AAC7B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,WAAA,EAAc,cAAA,CAAe,MAAM,CAAA,CAAE,CAAA;AAAA,IACpD;AAGA,IAAA,MAAM,EAAA,GAAK,KAAA,CAAM,EAAA,IAAM,KAAA,CAAM,SAAA;AAC7B,IAAA,IACE,EAAA,IACA,CAAC,iBAAA,CAAkB,iBAAiB,KACpC,CAAC,iBAAA,CAAkB,WAAW,CAAA,EAC9B;AACA,MAAA,KAAA,MAAW,CAAC,QAAA,EAAU,QAAQ,KAAK,MAAA,CAAO,OAAA,CAAQ,eAAe,CAAA,EAAG;AAClE,QAAA,IAAI,SAAS,IAAA,CAAK,CAAA,MAAA,KAAU,GAAG,UAAA,CAAW,MAAM,CAAC,CAAA,EAAG;AAClD,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,eAAA,EAAkB,QAAQ,CAAA,CAAE,CAAA;AACzC,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,OAAA,CAAQ,MAAA,GAAS,CAAA,IAAK,UAAA,GAAa,CAAA,EAAK;AAC1C,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,GAAa,GAAA,EAAK,IAAI,CAAA;AAAA,IAC9C;AAEA,IAAA,OAAO;AAAA,MACL,SAAS,UAAA,GAAa,GAAA;AAAA,MACtB,UAAA;AAAA,MACA,GAAI,aAAA,IAAiB,EAAE,aAAA,EAAc;AAAA,MACrC,OAAA;AAAA,MACA,GAAI,kBAAA,IAAsB,EAAE,kBAAA,EAAmB;AAAA,MAC/C,kBAAkB,kBAAA,KAAuB,WAAA,GAAc,KAAA,GAAS,UAAA,GAAa,MAAM,QAAA,GAAW,MAAA;AAAA,MAC9F,SAAA,sBAAe,IAAA;AAAK,KACtB;AAAA,EACF;AACF,CAAA;AAKO,IAAM,2BAAN,MAA+B;AAAA,EAC5B,QAAA;AAAA,EACA,MAAA,uBAA0C,GAAA,EAAI;AAAA,EAEtD,YAAY,OAAA,EAAe;AAEzB,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,iBAAA,EAAkB;AAAA,EACxC;AAAA,EAEA,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,QAAA,CAAS,QAAQ,KAAK,CAAA;AAGhD,IAAA,IAAI,OAAO,OAAA,IAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,KAAK,EAAC;AACvD,MAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,MAAA,EAAQ,KAAK,CAAC,CAAA;AAAA,IACpD;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,EAAA,CAAG,OAAe,OAAA,EAA6B;AAC7C,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,EAAG;AAC3B,MAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAA,EAAO,EAAE,CAAA;AAAA,IAC3B;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,CAAG,KAAK,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,IAAA,CAAK,UAAkB,IAAA,EAAmB;AACxC,IAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,KAAK,EAAC;AAC5C,IAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,GAAG,IAAI,CAAC,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,IAAA,GAAsB;AAE1B,IAAA;AAAA,EACF;AACF","file":"edge-detector-wrapper.js","sourcesContent":["/**\n * Ed25519 Signature Verification for HTTP Message Signatures\n * Implements proper cryptographic verification for ChatGPT and other agents\n * \n * Based on RFC 9421 (HTTP Message Signatures) and ChatGPT's implementation\n * Reference: https://help.openai.com/en/articles/9785974-chatgpt-user-allowlisting\n */\n\n/**\n * Known public keys for AI agents\n */\nconst KNOWN_KEYS = {\n chatgpt: [\n {\n kid: 'otMqcjr17mGyruktGvJU8oojQTSMHlVm7uO-lrcqbdg',\n // ChatGPT's current Ed25519 public key (base64)\n publicKey: '7F_3jDlxaquwh291MiACkcS3Opq88NksyHiakzS-Y1g',\n validFrom: new Date('2025-01-01').getTime() / 1000,\n validUntil: new Date('2025-04-11').getTime() / 1000,\n },\n ],\n};\n\n/**\n * Parse the Signature-Input header according to RFC 9421\n */\nfunction parseSignatureInput(signatureInput: string): {\n keyid: string;\n created?: number;\n expires?: number;\n signedHeaders: string[];\n} | null {\n try {\n // Example: sig1=(\"@method\" \"@path\" \"@authority\" \"date\");keyid=\"...\";created=1234567890\n const match = signatureInput.match(/sig1=\\((.*?)\\);(.+)/);\n if (!match) return null;\n\n const [, headersList, params] = match;\n \n // Parse signed headers\n const signedHeaders = headersList\n .split(' ')\n .map(h => h.replace(/\"/g, '').trim())\n .filter(h => h.length > 0);\n\n // Parse parameters\n const keyidMatch = params.match(/keyid=\"([^\"]+)\"/);\n const createdMatch = params.match(/created=(\\d+)/);\n const expiresMatch = params.match(/expires=(\\d+)/);\n\n if (!keyidMatch) return null;\n\n return {\n keyid: keyidMatch[1],\n created: createdMatch ? parseInt(createdMatch[1]) : undefined,\n expires: expiresMatch ? parseInt(expiresMatch[1]) : undefined,\n signedHeaders,\n };\n } catch (error) {\n console.error('[Signature] Failed to parse Signature-Input:', error);\n return null;\n }\n}\n\n/**\n * Build the signature base string according to RFC 9421\n * This is what gets signed\n */\nfunction buildSignatureBase(\n method: string,\n path: string,\n headers: Record<string, string>,\n signedHeaders: string[]\n): string {\n const components: string[] = [];\n \n for (const headerName of signedHeaders) {\n let value: string;\n \n switch (headerName) {\n case '@method':\n value = method.toUpperCase();\n break;\n case '@path':\n value = path;\n break;\n case '@authority':\n // Get from Host header or URL\n value = headers['host'] || headers['Host'] || '';\n break;\n default:\n // Regular headers (case-insensitive lookup)\n const key = Object.keys(headers).find(\n k => k.toLowerCase() === headerName.toLowerCase()\n );\n value = key ? headers[key] : '';\n break;\n }\n \n // Format according to RFC 9421\n components.push(`\"${headerName}\": ${value}`);\n }\n \n return components.join('\\n');\n}\n\n/**\n * Verify Ed25519 signature using Web Crypto API\n */\nasync function verifyEd25519Signature(\n publicKeyBase64: string,\n signatureBase64: string,\n message: string\n): Promise<boolean> {\n try {\n // Decode base64 to Uint8Array\n const publicKeyBytes = Uint8Array.from(atob(publicKeyBase64), c => c.charCodeAt(0));\n const signatureBytes = Uint8Array.from(atob(signatureBase64), c => c.charCodeAt(0));\n const messageBytes = new TextEncoder().encode(message);\n \n // Check key and signature lengths\n if (publicKeyBytes.length !== 32) {\n console.error('[Signature] Invalid public key length:', publicKeyBytes.length);\n return false;\n }\n if (signatureBytes.length !== 64) {\n console.error('[Signature] Invalid signature length:', signatureBytes.length);\n return false;\n }\n \n // Import the public key\n const publicKey = await crypto.subtle.importKey(\n 'raw',\n publicKeyBytes,\n {\n name: 'Ed25519',\n namedCurve: 'Ed25519',\n },\n false,\n ['verify']\n );\n \n // Verify the signature\n const isValid = await crypto.subtle.verify(\n 'Ed25519',\n publicKey,\n signatureBytes,\n messageBytes\n );\n \n return isValid;\n } catch (error) {\n console.error('[Signature] Ed25519 verification failed:', error);\n \n // Fallback: Try with @noble/ed25519 if available (for environments without Ed25519 support)\n if (typeof window === 'undefined') {\n try {\n // In Node.js/Edge Runtime, we might need to use a polyfill\n // For now, we'll return false if Web Crypto doesn't support Ed25519\n console.warn('[Signature] Ed25519 not supported in this environment');\n return false;\n } catch {\n return false;\n }\n }\n \n return false;\n }\n}\n\n/**\n * Signature verification result\n */\nexport interface SignatureVerificationResult {\n isValid: boolean;\n agent?: string;\n keyid?: string;\n confidence: number;\n reason?: string;\n verificationMethod: 'signature' | 'none';\n}\n\n/**\n * Verify HTTP Message Signature for AI agents\n */\nexport async function verifyAgentSignature(\n method: string,\n path: string,\n headers: Record<string, string>\n): Promise<SignatureVerificationResult> {\n // Check for signature headers\n const signature = headers['signature'] || headers['Signature'];\n const signatureInput = headers['signature-input'] || headers['Signature-Input'];\n const signatureAgent = headers['signature-agent'] || headers['Signature-Agent'];\n \n // No signature present\n if (!signature || !signatureInput) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'No signature headers present',\n verificationMethod: 'none',\n };\n }\n \n // Parse Signature-Input header\n const parsed = parseSignatureInput(signatureInput);\n if (!parsed) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Invalid Signature-Input header',\n verificationMethod: 'none',\n };\n }\n \n // Check timestamp if present\n if (parsed.created) {\n const now = Math.floor(Date.now() / 1000);\n const age = now - parsed.created;\n \n // Reject signatures older than 5 minutes\n if (age > 300) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Signature expired (older than 5 minutes)',\n verificationMethod: 'none',\n };\n }\n \n // Reject signatures from the future (clock skew tolerance: 30 seconds)\n if (age < -30) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Signature timestamp is in the future',\n verificationMethod: 'none',\n };\n }\n }\n \n // Determine which agent based on signature-agent header\n let agent: string | undefined;\n let knownKeys: typeof KNOWN_KEYS.chatgpt | undefined;\n \n if (signatureAgent === '\"https://chatgpt.com\"' || signatureAgent?.includes('chatgpt.com')) {\n agent = 'ChatGPT';\n knownKeys = KNOWN_KEYS.chatgpt;\n }\n // Add other agents here as needed\n \n if (!agent || !knownKeys) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Unknown signature agent',\n verificationMethod: 'none',\n };\n }\n \n // Find the key by ID\n const key = knownKeys.find(k => k.kid === parsed.keyid);\n if (!key) {\n return {\n isValid: false,\n confidence: 0,\n reason: `Unknown key ID: ${parsed.keyid}`,\n verificationMethod: 'none',\n };\n }\n \n // Check key validity period\n const now = Math.floor(Date.now() / 1000);\n if (now < key.validFrom || now > key.validUntil) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Key is not valid at current time',\n verificationMethod: 'none',\n };\n }\n \n // Build the signature base string\n const signatureBase = buildSignatureBase(method, path, headers, parsed.signedHeaders);\n \n // Extract the actual signature value (remove \"sig1=:\" prefix and \"::\" suffix if present)\n let signatureValue = signature;\n if (signatureValue.startsWith('sig1=:')) {\n signatureValue = signatureValue.substring(6);\n }\n if (signatureValue.endsWith(':')) {\n signatureValue = signatureValue.slice(0, -1);\n }\n \n // Verify the signature\n const isValid = await verifyEd25519Signature(\n key.publicKey,\n signatureValue,\n signatureBase\n );\n \n if (isValid) {\n return {\n isValid: true,\n agent,\n keyid: parsed.keyid,\n confidence: 1.0, // 100% confidence for valid signature\n verificationMethod: 'signature',\n };\n } else {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Signature verification failed',\n verificationMethod: 'none',\n };\n }\n}\n\n/**\n * Quick check if signature headers are present (for performance)\n */\nexport function hasSignatureHeaders(headers: Record<string, string>): boolean {\n return !!(\n (headers['signature'] || headers['Signature']) &&\n (headers['signature-input'] || headers['Signature-Input'])\n );\n}\n\n/**\n * Check if this is a ChatGPT signature based on headers\n */\nexport function isChatGPTSignature(headers: Record<string, string>): boolean {\n const signatureAgent = headers['signature-agent'] || headers['Signature-Agent'];\n return signatureAgent === '\"https://chatgpt.com\"' || (signatureAgent?.includes('chatgpt.com') || false);\n}","/**\n * Wrapper for EdgeAgentDetector to match AgentDetector interface\n * This allows the middleware to work with EdgeAgentDetector in Edge Runtime\n *\n * This is a self-contained implementation to avoid import resolution issues\n * Includes proper Ed25519 signature verification for ChatGPT and other agents\n */\n\ntype DetectionInput = {\n userAgent?: string;\n ip?: string;\n ipAddress?: string;\n headers?: Record<string, string>;\n url?: string;\n method?: string;\n timestamp?: Date;\n};\n\ntype DetectionResult = {\n isAgent: boolean;\n confidence: number;\n detectedAgent?: {\n type: string;\n name: string;\n };\n reasons: string[];\n verificationMethod?: string;\n forgeabilityRisk?: 'low' | 'medium' | 'high';\n timestamp: Date;\n};\n\ntype EventHandler = (...args: any[]) => void;\n\n// Import signature verifier\nimport { verifyAgentSignature, hasSignatureHeaders, isChatGPTSignature } from './signature-verifier';\n\n// Known AI agent patterns\nconst AI_AGENT_PATTERNS = [\n { pattern: /chatgpt-user/i, type: 'chatgpt', name: 'ChatGPT' },\n { pattern: /claude-web/i, type: 'claude', name: 'Claude' },\n { pattern: /perplexitybot/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity-user/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity-ai/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity/i, type: 'perplexity', name: 'Perplexity' }, // Fallback\n { pattern: /bingbot/i, type: 'bing', name: 'Bing AI' },\n { pattern: /anthropic-ai/i, type: 'anthropic', name: 'Anthropic' },\n];\n\n// Known cloud provider IP ranges (simplified)\nconst CLOUD_PROVIDERS = {\n aws: ['54.', '52.', '35.', '18.', '3.'],\n gcp: ['35.', '34.', '104.', '107.', '108.'],\n azure: ['13.', '20.', '40.', '52.', '104.'],\n};\n\n/**\n * Self-contained EdgeAgentDetector implementation with proper signature verification\n */\nclass EdgeAgentDetector {\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const reasons: string[] = [];\n let detectedAgent: { type: string; name: string } | undefined;\n let verificationMethod: string | undefined;\n let confidence = 0;\n\n const headers = input.headers || {};\n const normalizedHeaders: Record<string, string> = {};\n\n // Normalize header names to lowercase\n for (const [key, value] of Object.entries(headers)) {\n normalizedHeaders[key.toLowerCase()] = value;\n }\n\n // Check for HTTP Message Signatures with proper cryptographic verification\n if (hasSignatureHeaders(headers)) {\n try {\n // Verify the signature cryptographically\n const signatureResult = await verifyAgentSignature(\n input.method || 'GET',\n input.url || '/',\n headers\n );\n\n if (signatureResult.isValid) {\n // Valid cryptographic signature - highest confidence\n confidence = signatureResult.confidence;\n reasons.push(`verified_signature:${signatureResult.agent?.toLowerCase() || 'unknown'}`);\n if (signatureResult.agent) {\n detectedAgent = { \n type: signatureResult.agent.toLowerCase(), \n name: signatureResult.agent \n };\n }\n verificationMethod = signatureResult.verificationMethod;\n \n // Add keyid to reasons for debugging\n if (signatureResult.keyid) {\n reasons.push(`keyid:${signatureResult.keyid}`);\n }\n } else {\n // Invalid signature - suspicious\n confidence = Math.max(confidence, 0.3);\n reasons.push('invalid_signature');\n if (signatureResult.reason) {\n reasons.push(`signature_error:${signatureResult.reason}`);\n }\n \n // Still check if it claims to be ChatGPT\n if (isChatGPTSignature(headers)) {\n reasons.push('claims_chatgpt');\n detectedAgent = { type: 'chatgpt', name: 'ChatGPT (unverified)' };\n }\n }\n } catch (error) {\n // Error during verification\n console.error('[EdgeAgentDetector] Signature verification error:', error);\n confidence = Math.max(confidence, 0.2);\n reasons.push('signature_verification_error');\n }\n }\n\n // Check User-Agent patterns\n const userAgent = input.userAgent || input.headers?.['user-agent'] || '';\n if (userAgent) {\n for (const { pattern, type, name } of AI_AGENT_PATTERNS) {\n if (pattern.test(userAgent)) {\n // Give higher confidence to well-known AI agents that properly identify themselves\n const highConfidenceAgents = [\n 'chatgpt',\n 'claude',\n 'perplexity',\n 'anthropic',\n ];\n const patternConfidence = highConfidenceAgents.includes(type)\n ? 0.85\n : 0.5;\n\n confidence = Math.max(confidence, patternConfidence);\n reasons.push(`known_pattern:${type}`);\n if (!detectedAgent) {\n detectedAgent = { type, name };\n verificationMethod = 'pattern';\n }\n break;\n }\n }\n }\n\n // Check AI-specific headers\n const aiHeaders = [\n 'openai-conversation-id',\n 'openai-ephemeral-user-id',\n 'anthropic-client-id',\n 'x-goog-api-client',\n 'x-ms-copilot-id',\n ];\n\n const foundAiHeaders = aiHeaders.filter(\n header => normalizedHeaders[header]\n );\n if (foundAiHeaders.length > 0) {\n confidence = Math.max(confidence, 0.6);\n reasons.push(`ai_headers:${foundAiHeaders.length}`);\n }\n\n // Check cloud provider IPs\n const ip = input.ip || input.ipAddress;\n if (\n ip &&\n !normalizedHeaders['x-forwarded-for'] &&\n !normalizedHeaders['x-real-ip']\n ) {\n for (const [provider, prefixes] of Object.entries(CLOUD_PROVIDERS)) {\n if (prefixes.some(prefix => ip.startsWith(prefix))) {\n confidence = Math.max(confidence, 0.4);\n reasons.push(`cloud_provider:${provider}`);\n break;\n }\n }\n }\n\n // Boost confidence for combinations (but not if already at 1.0 from signature)\n if (reasons.length > 2 && confidence < 1.0) {\n confidence = Math.min(confidence * 1.2, 0.95);\n }\n\n return {\n isAgent: confidence > 0.3,\n confidence,\n ...(detectedAgent && { detectedAgent }),\n reasons,\n ...(verificationMethod && { verificationMethod }),\n forgeabilityRisk: verificationMethod === 'signature' ? 'low' : (confidence > 0.8 ? 'medium' : 'high'),\n timestamp: new Date(),\n };\n }\n}\n\n/**\n * Wrapper that provides event emitter functionality\n */\nexport class EdgeAgentDetectorWrapper {\n private detector: EdgeAgentDetector;\n private events: Map<string, EventHandler[]> = new Map();\n\n constructor(_config?: any) {\n // Config is accepted but not used by EdgeAgentDetector\n this.detector = new EdgeAgentDetector();\n }\n\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const result = await this.detector.analyze(input);\n\n // Emit events if there are listeners\n if (result.isAgent && this.events.has('agent.detected')) {\n const handlers = this.events.get('agent.detected') || [];\n handlers.forEach(handler => handler(result, input));\n }\n\n return result;\n }\n\n on(event: string, handler: EventHandler): void {\n if (!this.events.has(event)) {\n this.events.set(event, []);\n }\n this.events.get(event)!.push(handler);\n }\n\n emit(event: string, ...args: any[]): void {\n const handlers = this.events.get(event) || [];\n handlers.forEach(handler => handler(...args));\n }\n\n async init(): Promise<void> {\n // EdgeAgentDetector doesn't need initialization\n return;\n }\n}\n"]}
package/dist/edge-detector-wrapper.mjs CHANGED
@@ -1,3 +1,216 @@
1
+ // src/signature-verifier.ts
2
+ var KNOWN_KEYS = {
3
+ chatgpt: [
4
+ {
5
+ kid: "otMqcjr17mGyruktGvJU8oojQTSMHlVm7uO-lrcqbdg",
6
+ // ChatGPT's current Ed25519 public key (base64)
7
+ publicKey: "7F_3jDlxaquwh291MiACkcS3Opq88NksyHiakzS-Y1g",
8
+ validFrom: (/* @__PURE__ */ new Date("2025-01-01")).getTime() / 1e3,
9
+ validUntil: (/* @__PURE__ */ new Date("2025-04-11")).getTime() / 1e3
10
+ }
11
+ ]
12
+ };
13
+ function parseSignatureInput(signatureInput) {
14
+ try {
15
+ const match = signatureInput.match(/sig1=\((.*?)\);(.+)/);
16
+ if (!match) return null;
17
+ const [, headersList, params] = match;
18
+ const signedHeaders = headersList.split(" ").map((h) => h.replace(/"/g, "").trim()).filter((h) => h.length > 0);
19
+ const keyidMatch = params.match(/keyid="([^"]+)"/);
20
+ const createdMatch = params.match(/created=(\d+)/);
21
+ const expiresMatch = params.match(/expires=(\d+)/);
22
+ if (!keyidMatch) return null;
23
+ return {
24
+ keyid: keyidMatch[1],
25
+ created: createdMatch ? parseInt(createdMatch[1]) : void 0,
26
+ expires: expiresMatch ? parseInt(expiresMatch[1]) : void 0,
27
+ signedHeaders
28
+ };
29
+ } catch (error) {
30
+ console.error("[Signature] Failed to parse Signature-Input:", error);
31
+ return null;
32
+ }
33
+ }
34
+ function buildSignatureBase(method, path, headers, signedHeaders) {
35
+ const components = [];
36
+ for (const headerName of signedHeaders) {
37
+ let value;
38
+ switch (headerName) {
39
+ case "@method":
40
+ value = method.toUpperCase();
41
+ break;
42
+ case "@path":
43
+ value = path;
44
+ break;
45
+ case "@authority":
46
+ value = headers["host"] || headers["Host"] || "";
47
+ break;
48
+ default:
49
+ const key = Object.keys(headers).find(
50
+ (k) => k.toLowerCase() === headerName.toLowerCase()
51
+ );
52
+ value = key ? headers[key] : "";
53
+ break;
54
+ }
55
+ components.push(`"${headerName}": ${value}`);
56
+ }
57
+ return components.join("\n");
58
+ }
59
+ async function verifyEd25519Signature(publicKeyBase64, signatureBase64, message) {
60
+ try {
61
+ const publicKeyBytes = Uint8Array.from(atob(publicKeyBase64), (c) => c.charCodeAt(0));
62
+ const signatureBytes = Uint8Array.from(atob(signatureBase64), (c) => c.charCodeAt(0));
63
+ const messageBytes = new TextEncoder().encode(message);
64
+ if (publicKeyBytes.length !== 32) {
65
+ console.error("[Signature] Invalid public key length:", publicKeyBytes.length);
66
+ return false;
67
+ }
68
+ if (signatureBytes.length !== 64) {
69
+ console.error("[Signature] Invalid signature length:", signatureBytes.length);
70
+ return false;
71
+ }
72
+ const publicKey = await crypto.subtle.importKey(
73
+ "raw",
74
+ publicKeyBytes,
75
+ {
76
+ name: "Ed25519",
77
+ namedCurve: "Ed25519"
78
+ },
79
+ false,
80
+ ["verify"]
81
+ );
82
+ const isValid = await crypto.subtle.verify(
83
+ "Ed25519",
84
+ publicKey,
85
+ signatureBytes,
86
+ messageBytes
87
+ );
88
+ return isValid;
89
+ } catch (error) {
90
+ console.error("[Signature] Ed25519 verification failed:", error);
91
+ if (typeof window === "undefined") {
92
+ try {
93
+ console.warn("[Signature] Ed25519 not supported in this environment");
94
+ return false;
95
+ } catch {
96
+ return false;
97
+ }
98
+ }
99
+ return false;
100
+ }
101
+ }
102
+ async function verifyAgentSignature(method, path, headers) {
103
+ const signature = headers["signature"] || headers["Signature"];
104
+ const signatureInput = headers["signature-input"] || headers["Signature-Input"];
105
+ const signatureAgent = headers["signature-agent"] || headers["Signature-Agent"];
106
+ if (!signature || !signatureInput) {
107
+ return {
108
+ isValid: false,
109
+ confidence: 0,
110
+ reason: "No signature headers present",
111
+ verificationMethod: "none"
112
+ };
113
+ }
114
+ const parsed = parseSignatureInput(signatureInput);
115
+ if (!parsed) {
116
+ return {
117
+ isValid: false,
118
+ confidence: 0,
119
+ reason: "Invalid Signature-Input header",
120
+ verificationMethod: "none"
121
+ };
122
+ }
123
+ if (parsed.created) {
124
+ const now2 = Math.floor(Date.now() / 1e3);
125
+ const age = now2 - parsed.created;
126
+ if (age > 300) {
127
+ return {
128
+ isValid: false,
129
+ confidence: 0,
130
+ reason: "Signature expired (older than 5 minutes)",
131
+ verificationMethod: "none"
132
+ };
133
+ }
134
+ if (age < -30) {
135
+ return {
136
+ isValid: false,
137
+ confidence: 0,
138
+ reason: "Signature timestamp is in the future",
139
+ verificationMethod: "none"
140
+ };
141
+ }
142
+ }
143
+ let agent;
144
+ let knownKeys;
145
+ if (signatureAgent === '"https://chatgpt.com"' || signatureAgent?.includes("chatgpt.com")) {
146
+ agent = "ChatGPT";
147
+ knownKeys = KNOWN_KEYS.chatgpt;
148
+ }
149
+ if (!agent || !knownKeys) {
150
+ return {
151
+ isValid: false,
152
+ confidence: 0,
153
+ reason: "Unknown signature agent",
154
+ verificationMethod: "none"
155
+ };
156
+ }
157
+ const key = knownKeys.find((k) => k.kid === parsed.keyid);
158
+ if (!key) {
159
+ return {
160
+ isValid: false,
161
+ confidence: 0,
162
+ reason: `Unknown key ID: ${parsed.keyid}`,
163
+ verificationMethod: "none"
164
+ };
165
+ }
166
+ const now = Math.floor(Date.now() / 1e3);
167
+ if (now < key.validFrom || now > key.validUntil) {
168
+ return {
169
+ isValid: false,
170
+ confidence: 0,
171
+ reason: "Key is not valid at current time",
172
+ verificationMethod: "none"
173
+ };
174
+ }
175
+ const signatureBase = buildSignatureBase(method, path, headers, parsed.signedHeaders);
176
+ let signatureValue = signature;
177
+ if (signatureValue.startsWith("sig1=:")) {
178
+ signatureValue = signatureValue.substring(6);
179
+ }
180
+ if (signatureValue.endsWith(":")) {
181
+ signatureValue = signatureValue.slice(0, -1);
182
+ }
183
+ const isValid = await verifyEd25519Signature(
184
+ key.publicKey,
185
+ signatureValue,
186
+ signatureBase
187
+ );
188
+ if (isValid) {
189
+ return {
190
+ isValid: true,
191
+ agent,
192
+ keyid: parsed.keyid,
193
+ confidence: 1,
194
+ // 100% confidence for valid signature
195
+ verificationMethod: "signature"
196
+ };
197
+ } else {
198
+ return {
199
+ isValid: false,
200
+ confidence: 0,
201
+ reason: "Signature verification failed",
202
+ verificationMethod: "none"
203
+ };
204
+ }
205
+ }
206
+ function hasSignatureHeaders(headers) {
207
+ return !!((headers["signature"] || headers["Signature"]) && (headers["signature-input"] || headers["Signature-Input"]));
208
+ }
209
+ function isChatGPTSignature(headers) {
210
+ const signatureAgent = headers["signature-agent"] || headers["Signature-Agent"];
211
+ return signatureAgent === '"https://chatgpt.com"' || (signatureAgent?.includes("chatgpt.com") || false);
212
+ }
213
+
1
214
  // src/edge-detector-wrapper.ts
2
215
  var AI_AGENT_PATTERNS = [
3
216
  { pattern: /chatgpt-user/i, type: "chatgpt", name: "ChatGPT" },
@@ -26,16 +239,42 @@ var EdgeAgentDetector = class {
26
239
  for (const [key, value] of Object.entries(headers)) {
27
240
  normalizedHeaders[key.toLowerCase()] = value;
28
241
  }
29
- const signaturePresent = !!(normalizedHeaders["signature"] || normalizedHeaders["signature-input"]);
30
- const signatureAgent = normalizedHeaders["signature-agent"];
31
- if (signatureAgent?.includes("chatgpt.com")) {
32
- confidence = 0.85;
33
- reasons.push("signature_agent:chatgpt");
34
- detectedAgent = { type: "chatgpt", name: "ChatGPT" };
35
- verificationMethod = "signature";
36
- } else if (signaturePresent) {
37
- confidence = Math.max(confidence, 0.4);
38
- reasons.push("signature_present");
242
+ if (hasSignatureHeaders(headers)) {
243
+ try {
244
+ const signatureResult = await verifyAgentSignature(
245
+ input.method || "GET",
246
+ input.url || "/",
247
+ headers
248
+ );
249
+ if (signatureResult.isValid) {
250
+ confidence = signatureResult.confidence;
251
+ reasons.push(`verified_signature:${signatureResult.agent?.toLowerCase() || "unknown"}`);
252
+ if (signatureResult.agent) {
253
+ detectedAgent = {
254
+ type: signatureResult.agent.toLowerCase(),
255
+ name: signatureResult.agent
256
+ };
257
+ }
258
+ verificationMethod = signatureResult.verificationMethod;
259
+ if (signatureResult.keyid) {
260
+ reasons.push(`keyid:${signatureResult.keyid}`);
261
+ }
262
+ } else {
263
+ confidence = Math.max(confidence, 0.3);
264
+ reasons.push("invalid_signature");
265
+ if (signatureResult.reason) {
266
+ reasons.push(`signature_error:${signatureResult.reason}`);
267
+ }
268
+ if (isChatGPTSignature(headers)) {
269
+ reasons.push("claims_chatgpt");
270
+ detectedAgent = { type: "chatgpt", name: "ChatGPT (unverified)" };
271
+ }
272
+ }
273
+ } catch (error) {
274
+ console.error("[EdgeAgentDetector] Signature verification error:", error);
275
+ confidence = Math.max(confidence, 0.2);
276
+ reasons.push("signature_verification_error");
277
+ }
39
278
  }
40
279
  const userAgent = input.userAgent || input.headers?.["user-agent"] || "";
41
280
  if (userAgent) {
@@ -82,7 +321,7 @@ var EdgeAgentDetector = class {
82
321
  }
83
322
  }
84
323
  }
85
- if (reasons.length > 2) {
324
+ if (reasons.length > 2 && confidence < 1) {
86
325
  confidence = Math.min(confidence * 1.2, 0.95);
87
326
  }
88
327
  return {
@@ -91,7 +330,7 @@ var EdgeAgentDetector = class {
91
330
  ...detectedAgent && { detectedAgent },
92
331
  reasons,
93
332
  ...verificationMethod && { verificationMethod },
94
- forgeabilityRisk: confidence > 0.8 ? "medium" : "high",
333
+ forgeabilityRisk: verificationMethod === "signature" ? "low" : confidence > 0.8 ? "medium" : "high",
95
334
  timestamp: /* @__PURE__ */ new Date()
96
335
  };
97
336
  }
package/dist/edge-detector-wrapper.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/edge-detector-wrapper.ts"],"names":[],"mappings":";AAiCA,IAAM,iBAAA,GAAoB;AAAA,EACxB,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,SAAA,EAAW,MAAM,SAAA,EAAU;AAAA,EAC7D,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,QAAA,EAAU,MAAM,QAAA,EAAS;AAAA,EACzD,EAAE,OAAA,EAAS,gBAAA,EAAkB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACpE,EAAE,OAAA,EAAS,kBAAA,EAAoB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACtE,EAAE,OAAA,EAAS,gBAAA,EAAkB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACpE,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA;AAAA,EACjE,EAAE,OAAA,EAAS,UAAA,EAAY,IAAA,EAAM,MAAA,EAAQ,MAAM,SAAA,EAAU;AAAA,EACrD,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,WAAA,EAAa,MAAM,WAAA;AACvD,CAAA;AAGA,IAAM,eAAA,GAAkB;AAAA,EACtB,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,IAAI,CAAA;AAAA,EACtC,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,QAAQ,MAAM,CAAA;AAAA,EAC1C,OAAO,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,MAAM;AAC5C,CAAA;AAKA,IAAM,oBAAN,MAAwB;AAAA,EACtB,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,IAAI,aAAA;AACJ,IAAA,IAAI,kBAAA;AACJ,IAAA,IAAI,UAAA,GAAa,CAAA;AAEjB,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,OAAA,IAAW,EAAC;AAClC,IAAA,MAAM,oBAA4C,EAAC;AAGnD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,MAAA,iBAAA,CAAkB,GAAA,CAAI,WAAA,EAAa,CAAA,GAAI,KAAA;AAAA,IACzC;AAGA,IAAA,MAAM,mBAAmB,CAAC,EACxB,kBAAkB,WAAW,CAAA,IAAK,kBAAkB,iBAAiB,CAAA,CAAA;AAEvE,IAAA,MAAM,cAAA,GAAiB,kBAAkB,iBAAiB,CAAA;AAE1D,IAAA,IAAI,cAAA,EAAgB,QAAA,CAAS,aAAa,CAAA,EAAG;AAC3C,MAAA,UAAA,GAAa,IAAA;AACb,MAAA,OAAA,CAAQ,KAAK,yBAAyB,CAAA;AACtC,MAAA,aAAA,GAAgB,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,SAAA,EAAU;AACnD,MAAA,kBAAA,GAAqB,WAAA;AAAA,IACvB,WAAW,gBAAA,EAAkB;AAC3B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,KAAK,mBAAmB,CAAA;AAAA,IAClC;AAGA,IAAA,MAAM,YAAY,KAAA,CAAM,SAAA,IAAa,KAAA,CAAM,OAAA,GAAU,YAAY,CAAA,IAAK,EAAA;AACtE,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,KAAA,MAAW,EAAE,OAAA,EAAS,IAAA,EAAM,IAAA,MAAU,iBAAA,EAAmB;AACvD,QAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA,EAAG;AAE3B,UAAA,MAAM,oBAAA,GAAuB;AAAA,YAC3B,SAAA;AAAA,YACA,QAAA;AAAA,YACA,YAAA;AAAA,YACA;AAAA,WACF;AACA,UAAA,MAAM,iBAAA,GAAoB,oBAAA,CAAqB,QAAA,CAAS,IAAI,IACxD,IAAA,GACA,GAAA;AAEJ,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,iBAAiB,CAAA;AACnD,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,cAAA,EAAiB,IAAI,CAAA,CAAE,CAAA;AACpC,UAAA,IAAI,CAAC,aAAA,EAAe;AAClB,YAAA,aAAA,GAAgB,EAAE,MAAM,IAAA,EAAK;AAC7B,YAAA,kBAAA,GAAqB,SAAA;AAAA,UACvB;AACA,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,MAAM,SAAA,GAAY;AAAA,MAChB,wBAAA;AAAA,MACA,0BAAA;AAAA,MACA,qBAAA;AAAA,MACA,mBAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,iBAAiB,SAAA,CAAU,MAAA;AAAA,MAC/B,CAAA,MAAA,KAAU,kBAAkB,MAAM;AAAA,KACpC;AACA,IAAA,IAAI,cAAA,CAAe,SAAS,CAAA,EAAG;AAC7B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,WAAA,EAAc,cAAA,CAAe,MAAM,CAAA,CAAE,CAAA;AAAA,IACpD;AAGA,IAAA,MAAM,EAAA,GAAK,KAAA,CAAM,EAAA,IAAM,KAAA,CAAM,SAAA;AAC7B,IAAA,IACE,EAAA,IACA,CAAC,iBAAA,CAAkB,iBAAiB,KACpC,CAAC,iBAAA,CAAkB,WAAW,CAAA,EAC9B;AACA,MAAA,KAAA,MAAW,CAAC,QAAA,EAAU,QAAQ,KAAK,MAAA,CAAO,OAAA,CAAQ,eAAe,CAAA,EAAG;AAClE,QAAA,IAAI,SAAS,IAAA,CAAK,CAAA,MAAA,KAAU,GAAG,UAAA,CAAW,MAAM,CAAC,CAAA,EAAG;AAClD,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,eAAA,EAAkB,QAAQ,CAAA,CAAE,CAAA;AACzC,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,GAAa,GAAA,EAAK,IAAI,CAAA;AAAA,IAC9C;AAEA,IAAA,OAAO;AAAA,MACL,SAAS,UAAA,GAAa,GAAA;AAAA,MACtB,UAAA;AAAA,MACA,GAAI,aAAA,IAAiB,EAAE,aAAA,EAAc;AAAA,MACrC,OAAA;AAAA,MACA,GAAI,kBAAA,IAAsB,EAAE,kBAAA,EAAmB;AAAA,MAC/C,gBAAA,EAAkB,UAAA,GAAa,GAAA,GAAM,QAAA,GAAW,MAAA;AAAA,MAChD,SAAA,sBAAe,IAAA;AAAK,KACtB;AAAA,EACF;AACF,CAAA;AAKO,IAAM,2BAAN,MAA+B;AAAA,EAC5B,QAAA;AAAA,EACA,MAAA,uBAA0C,GAAA,EAAI;AAAA,EAEtD,YAAY,OAAA,EAAe;AAEzB,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,iBAAA,EAAkB;AAAA,EACxC;AAAA,EAEA,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,QAAA,CAAS,QAAQ,KAAK,CAAA;AAGhD,IAAA,IAAI,OAAO,OAAA,IAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,KAAK,EAAC;AACvD,MAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,MAAA,EAAQ,KAAK,CAAC,CAAA;AAAA,IACpD;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,EAAA,CAAG,OAAe,OAAA,EAA6B;AAC7C,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,EAAG;AAC3B,MAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAA,EAAO,EAAE,CAAA;AAAA,IAC3B;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,CAAG,KAAK,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,IAAA,CAAK,UAAkB,IAAA,EAAmB;AACxC,IAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,KAAK,EAAC;AAC5C,IAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,GAAG,IAAI,CAAC,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,IAAA,GAAsB;AAE1B,IAAA;AAAA,EACF;AACF","file":"edge-detector-wrapper.mjs","sourcesContent":["/**\n * Wrapper for EdgeAgentDetector to match AgentDetector interface\n * This allows the middleware to work with EdgeAgentDetector in Edge Runtime\n *\n * This is a self-contained implementation to avoid import resolution issues\n */\n\ntype DetectionInput = {\n userAgent?: string;\n ip?: string;\n ipAddress?: string;\n headers?: Record<string, string>;\n url?: string;\n method?: string;\n timestamp?: Date;\n};\n\ntype DetectionResult = {\n isAgent: boolean;\n confidence: number;\n detectedAgent?: {\n type: string;\n name: string;\n };\n reasons: string[];\n verificationMethod?: string;\n forgeabilityRisk?: 'low' | 'medium' | 'high';\n timestamp: Date;\n};\n\ntype EventHandler = (...args: any[]) => void;\n\n// Known AI agent patterns\nconst AI_AGENT_PATTERNS = [\n { pattern: /chatgpt-user/i, type: 'chatgpt', name: 'ChatGPT' },\n { pattern: /claude-web/i, type: 'claude', name: 'Claude' },\n { pattern: /perplexitybot/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity-user/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity-ai/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity/i, type: 'perplexity', name: 'Perplexity' }, // Fallback\n { pattern: /bingbot/i, type: 'bing', name: 'Bing AI' },\n { pattern: /anthropic-ai/i, type: 'anthropic', name: 'Anthropic' },\n];\n\n// Known cloud provider IP ranges (simplified)\nconst CLOUD_PROVIDERS = {\n aws: ['54.', '52.', '35.', '18.', '3.'],\n gcp: ['35.', '34.', '104.', '107.', '108.'],\n azure: ['13.', '20.', '40.', '52.', '104.'],\n};\n\n/**\n * Self-contained EdgeAgentDetector implementation\n */\nclass EdgeAgentDetector {\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const reasons: string[] = [];\n let detectedAgent: { type: string; name: string } | undefined;\n let verificationMethod: string | undefined;\n let confidence = 0;\n\n const headers = input.headers || {};\n const normalizedHeaders: Record<string, string> = {};\n\n // Normalize header names to lowercase\n for (const [key, value] of Object.entries(headers)) {\n normalizedHeaders[key.toLowerCase()] = value;\n }\n\n // Check for HTTP Message Signatures (highest confidence)\n const signaturePresent = !!(\n normalizedHeaders['signature'] || normalizedHeaders['signature-input']\n );\n const signatureAgent = normalizedHeaders['signature-agent'];\n\n if (signatureAgent?.includes('chatgpt.com')) {\n confidence = 0.85;\n reasons.push('signature_agent:chatgpt');\n detectedAgent = { type: 'chatgpt', name: 'ChatGPT' };\n verificationMethod = 'signature';\n } else if (signaturePresent) {\n confidence = Math.max(confidence, 0.4);\n reasons.push('signature_present');\n }\n\n // Check User-Agent patterns\n const userAgent = input.userAgent || input.headers?.['user-agent'] || '';\n if (userAgent) {\n for (const { pattern, type, name } of AI_AGENT_PATTERNS) {\n if (pattern.test(userAgent)) {\n // Give higher confidence to well-known AI agents that properly identify themselves\n const highConfidenceAgents = [\n 'chatgpt',\n 'claude',\n 'perplexity',\n 'anthropic',\n ];\n const patternConfidence = highConfidenceAgents.includes(type)\n ? 0.85\n : 0.5;\n\n confidence = Math.max(confidence, patternConfidence);\n reasons.push(`known_pattern:${type}`);\n if (!detectedAgent) {\n detectedAgent = { type, name };\n verificationMethod = 'pattern';\n }\n break;\n }\n }\n }\n\n // Check AI-specific headers\n const aiHeaders = [\n 'openai-conversation-id',\n 'openai-ephemeral-user-id',\n 'anthropic-client-id',\n 'x-goog-api-client',\n 'x-ms-copilot-id',\n ];\n\n const foundAiHeaders = aiHeaders.filter(\n header => normalizedHeaders[header]\n );\n if (foundAiHeaders.length > 0) {\n confidence = Math.max(confidence, 0.6);\n reasons.push(`ai_headers:${foundAiHeaders.length}`);\n }\n\n // Check cloud provider IPs\n const ip = input.ip || input.ipAddress;\n if (\n ip &&\n !normalizedHeaders['x-forwarded-for'] &&\n !normalizedHeaders['x-real-ip']\n ) {\n for (const [provider, prefixes] of Object.entries(CLOUD_PROVIDERS)) {\n if (prefixes.some(prefix => ip.startsWith(prefix))) {\n confidence = Math.max(confidence, 0.4);\n reasons.push(`cloud_provider:${provider}`);\n break;\n }\n }\n }\n\n // Boost confidence for combinations\n if (reasons.length > 2) {\n confidence = Math.min(confidence * 1.2, 0.95);\n }\n\n return {\n isAgent: confidence > 0.3,\n confidence,\n ...(detectedAgent && { detectedAgent }),\n reasons,\n ...(verificationMethod && { verificationMethod }),\n forgeabilityRisk: confidence > 0.8 ? 'medium' : 'high',\n timestamp: new Date(),\n };\n }\n}\n\n/**\n * Wrapper that provides event emitter functionality\n */\nexport class EdgeAgentDetectorWrapper {\n private detector: EdgeAgentDetector;\n private events: Map<string, EventHandler[]> = new Map();\n\n constructor(_config?: any) {\n // Config is accepted but not used by EdgeAgentDetector\n this.detector = new EdgeAgentDetector();\n }\n\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const result = await this.detector.analyze(input);\n\n // Emit events if there are listeners\n if (result.isAgent && this.events.has('agent.detected')) {\n const handlers = this.events.get('agent.detected') || [];\n handlers.forEach(handler => handler(result, input));\n }\n\n return result;\n }\n\n on(event: string, handler: EventHandler): void {\n if (!this.events.has(event)) {\n this.events.set(event, []);\n }\n this.events.get(event)!.push(handler);\n }\n\n emit(event: string, ...args: any[]): void {\n const handlers = this.events.get(event) || [];\n handlers.forEach(handler => handler(...args));\n }\n\n async init(): Promise<void> {\n // EdgeAgentDetector doesn't need initialization\n return;\n }\n}\n"]}
1
+ {"version":3,"sources":["../src/signature-verifier.ts","../src/edge-detector-wrapper.ts"],"names":["now"],"mappings":";AAWA,IAAM,UAAA,GAAa;AAAA,EACjB,OAAA,EAAS;AAAA,IACP;AAAA,MACE,GAAA,EAAK,6CAAA;AAAA;AAAA,MAEL,SAAA,EAAW,6CAAA;AAAA,MACX,4BAAW,IAAI,IAAA,CAAK,YAAY,CAAA,EAAE,SAAQ,GAAI,GAAA;AAAA,MAC9C,6BAAY,IAAI,IAAA,CAAK,YAAY,CAAA,EAAE,SAAQ,GAAI;AAAA;AACjD;AAEJ,CAAA;AAKA,SAAS,oBAAoB,cAAA,EAKpB;AACP,EAAA,IAAI;AAEF,IAAA,MAAM,KAAA,GAAQ,cAAA,CAAe,KAAA,CAAM,qBAAqB,CAAA;AACxD,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,MAAM,GAAG,WAAA,EAAa,MAAM,CAAA,GAAI,KAAA;AAGhC,IAAA,MAAM,gBAAgB,WAAA,CACnB,KAAA,CAAM,GAAG,CAAA,CACT,GAAA,CAAI,OAAK,CAAA,CAAE,OAAA,CAAQ,MAAM,EAAE,CAAA,CAAE,MAAM,CAAA,CACnC,OAAO,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,CAAC,CAAA;AAG3B,IAAA,MAAM,UAAA,GAAa,MAAA,CAAO,KAAA,CAAM,iBAAiB,CAAA;AACjD,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,KAAA,CAAM,eAAe,CAAA;AACjD,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,KAAA,CAAM,eAAe,CAAA;AAEjD,IAAA,IAAI,CAAC,YAAY,OAAO,IAAA;AAExB,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,WAAW,CAAC,CAAA;AAAA,MACnB,SAAS,YAAA,GAAe,QAAA,CAAS,YAAA,CAAa,CAAC,CAAC,CAAA,GAAI,KAAA,CAAA;AAAA,MACpD,SAAS,YAAA,GAAe,QAAA,CAAS,YAAA,CAAa,CAAC,CAAC,CAAA,GAAI,KAAA,CAAA;AAAA,MACpD;AAAA,KACF;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,gDAAgD,KAAK,CAAA;AACnE,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAMA,SAAS,kBAAA,CACP,MAAA,EACA,IAAA,EACA,OAAA,EACA,aAAA,EACQ;AACR,EAAA,MAAM,aAAuB,EAAC;AAE9B,EAAA,KAAA,MAAW,cAAc,aAAA,EAAe;AACtC,IAAA,IAAI,KAAA;AAEJ,IAAA,QAAQ,UAAA;AAAY,MAClB,KAAK,SAAA;AACH,QAAA,KAAA,GAAQ,OAAO,WAAA,EAAY;AAC3B,QAAA;AAAA,MACF,KAAK,OAAA;AACH,QAAA,KAAA,GAAQ,IAAA;AACR,QAAA;AAAA,MACF,KAAK,YAAA;AAEH,QAAA,KAAA,GAAQ,OAAA,CAAQ,MAAM,CAAA,IAAK,OAAA,CAAQ,MAAM,CAAA,IAAK,EAAA;AAC9C,QAAA;AAAA,MACF;AAEE,QAAA,MAAM,GAAA,GAAM,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA,CAAE,IAAA;AAAA,UAC/B,CAAA,CAAA,KAAK,CAAA,CAAE,WAAA,EAAY,KAAM,WAAW,WAAA;AAAY,SAClD;AACA,QAAA,KAAA,GAAQ,GAAA,GAAM,OAAA,CAAQ,GAAG,CAAA,GAAI,EAAA;AAC7B,QAAA;AAAA;AAIJ,IAAA,UAAA,CAAW,IAAA,CAAK,CAAA,CAAA,EAAI,UAAU,CAAA,GAAA,EAAM,KAAK,CAAA,CAAE,CAAA;AAAA,EAC7C;AAEA,EAAA,OAAO,UAAA,CAAW,KAAK,IAAI,CAAA;AAC7B;AAKA,eAAe,sBAAA,CACb,eAAA,EACA,eAAA,EACA,OAAA,EACkB;AAClB,EAAA,IAAI;AAEF,IAAA,MAAM,cAAA,GAAiB,UAAA,CAAW,IAAA,CAAK,IAAA,CAAK,eAAe,GAAG,CAAA,CAAA,KAAK,CAAA,CAAE,UAAA,CAAW,CAAC,CAAC,CAAA;AAClF,IAAA,MAAM,cAAA,GAAiB,UAAA,CAAW,IAAA,CAAK,IAAA,CAAK,eAAe,GAAG,CAAA,CAAA,KAAK,CAAA,CAAE,UAAA,CAAW,CAAC,CAAC,CAAA;AAClF,IAAA,MAAM,YAAA,GAAe,IAAI,WAAA,EAAY,CAAE,OAAO,OAAO,CAAA;AAGrD,IAAA,IAAI,cAAA,CAAe,WAAW,EAAA,EAAI;AAChC,MAAA,OAAA,CAAQ,KAAA,CAAM,wCAAA,EAA0C,cAAA,CAAe,MAAM,CAAA;AAC7E,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,IAAI,cAAA,CAAe,WAAW,EAAA,EAAI;AAChC,MAAA,OAAA,CAAQ,KAAA,CAAM,uCAAA,EAAyC,cAAA,CAAe,MAAM,CAAA;AAC5E,MAAA,OAAO,KAAA;AAAA,IACT;AAGA,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MACpC,KAAA;AAAA,MACA,cAAA;AAAA,MACA;AAAA,QACE,IAAA,EAAM,SAAA;AAAA,QACN,UAAA,EAAY;AAAA,OACd;AAAA,MACA,KAAA;AAAA,MACA,CAAC,QAAQ;AAAA,KACX;AAGA,IAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA;AAAA,MAClC,SAAA;AAAA,MACA,SAAA;AAAA,MACA,cAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,OAAO,OAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,4CAA4C,KAAK,CAAA;AAG/D,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,MAAA,IAAI;AAGF,QAAA,OAAA,CAAQ,KAAK,uDAAuD,CAAA;AACpE,QAAA,OAAO,KAAA;AAAA,MACT,CAAA,CAAA,MAAQ;AACN,QAAA,OAAO,KAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAiBA,eAAsB,oBAAA,CACpB,MAAA,EACA,IAAA,EACA,OAAA,EACsC;AAEtC,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,WAAW,CAAA,IAAK,QAAQ,WAAW,CAAA;AAC7D,EAAA,MAAM,cAAA,GAAiB,OAAA,CAAQ,iBAAiB,CAAA,IAAK,QAAQ,iBAAiB,CAAA;AAC9E,EAAA,MAAM,cAAA,GAAiB,OAAA,CAAQ,iBAAiB,CAAA,IAAK,QAAQ,iBAAiB,CAAA;AAG9E,EAAA,IAAI,CAAC,SAAA,IAAa,CAAC,cAAA,EAAgB;AACjC,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,8BAAA;AAAA,MACR,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AAGA,EAAA,MAAM,MAAA,GAAS,oBAAoB,cAAc,CAAA;AACjD,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,gCAAA;AAAA,MACR,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,MAAMA,OAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,IAAA,MAAM,GAAA,GAAMA,OAAM,MAAA,CAAO,OAAA;AAGzB,IAAA,IAAI,MAAM,GAAA,EAAK;AACb,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,UAAA,EAAY,CAAA;AAAA,QACZ,MAAA,EAAQ,0CAAA;AAAA,QACR,kBAAA,EAAoB;AAAA,OACtB;AAAA,IACF;AAGA,IAAA,IAAI,MAAM,GAAA,EAAK;AACb,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,UAAA,EAAY,CAAA;AAAA,QACZ,MAAA,EAAQ,sCAAA;AAAA,QACR,kBAAA,EAAoB;AAAA,OACtB;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,KAAA;AACJ,EAAA,IAAI,SAAA;AAEJ,EAAA,IAAI,cAAA,KAAmB,uBAAA,IAA2B,cAAA,EAAgB,QAAA,CAAS,aAAa,CAAA,EAAG;AACzF,IAAA,KAAA,GAAQ,SAAA;AACR,IAAA,SAAA,GAAY,UAAA,CAAW,OAAA;AAAA,EACzB;AAGA,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,SAAA,EAAW;AACxB,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,yBAAA;AAAA,MACR,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AAGA,EAAA,MAAM,MAAM,SAAA,CAAU,IAAA,CAAK,OAAK,CAAA,CAAE,GAAA,KAAQ,OAAO,KAAK,CAAA;AACtD,EAAA,IAAI,CAAC,GAAA,EAAK;AACR,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,CAAA,gBAAA,EAAmB,MAAA,CAAO,KAAK,CAAA,CAAA;AAAA,MACvC,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AAGA,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,EAAA,IAAI,GAAA,GAAM,GAAA,CAAI,SAAA,IAAa,GAAA,GAAM,IAAI,UAAA,EAAY;AAC/C,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,kCAAA;AAAA,MACR,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AAGA,EAAA,MAAM,gBAAgB,kBAAA,CAAmB,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,OAAO,aAAa,CAAA;AAGpF,EAAA,IAAI,cAAA,GAAiB,SAAA;AACrB,EAAA,IAAI,cAAA,CAAe,UAAA,CAAW,QAAQ,CAAA,EAAG;AACvC,IAAA,cAAA,GAAiB,cAAA,CAAe,UAAU,CAAC,CAAA;AAAA,EAC7C;AACA,EAAA,IAAI,cAAA,CAAe,QAAA,CAAS,GAAG,CAAA,EAAG;AAChC,IAAA,cAAA,GAAiB,cAAA,CAAe,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAAA,EAC7C;AAGA,EAAA,MAAM,UAAU,MAAM,sBAAA;AAAA,IACpB,GAAA,CAAI,SAAA;AAAA,IACJ,cAAA;AAAA,IACA;AAAA,GACF;AAEA,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA;AAAA,MACA,OAAO,MAAA,CAAO,KAAA;AAAA,MACd,UAAA,EAAY,CAAA;AAAA;AAAA,MACZ,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF,CAAA,MAAO;AACL,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,+BAAA;AAAA,MACR,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AACF;AAKO,SAAS,oBAAoB,OAAA,EAA0C;AAC5E,EAAA,OAAO,CAAC,EAAA,CACL,OAAA,CAAQ,WAAW,CAAA,IAAK,OAAA,CAAQ,WAAW,CAAA,MAC3C,OAAA,CAAQ,iBAAiB,CAAA,IAAK,OAAA,CAAQ,iBAAiB,CAAA,CAAA,CAAA;AAE5D;AAKO,SAAS,mBAAmB,OAAA,EAA0C;AAC3E,EAAA,MAAM,cAAA,GAAiB,OAAA,CAAQ,iBAAiB,CAAA,IAAK,QAAQ,iBAAiB,CAAA;AAC9E,EAAA,OAAO,cAAA,KAAmB,uBAAA,KAA4B,cAAA,EAAgB,QAAA,CAAS,aAAa,CAAA,IAAK,KAAA,CAAA;AACnG;;;AC3SA,IAAM,iBAAA,GAAoB;AAAA,EACxB,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,SAAA,EAAW,MAAM,SAAA,EAAU;AAAA,EAC7D,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,QAAA,EAAU,MAAM,QAAA,EAAS;AAAA,EACzD,EAAE,OAAA,EAAS,gBAAA,EAAkB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACpE,EAAE,OAAA,EAAS,kBAAA,EAAoB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACtE,EAAE,OAAA,EAAS,gBAAA,EAAkB,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA,EACpE,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,YAAA,EAAc,MAAM,YAAA,EAAa;AAAA;AAAA,EACjE,EAAE,OAAA,EAAS,UAAA,EAAY,IAAA,EAAM,MAAA,EAAQ,MAAM,SAAA,EAAU;AAAA,EACrD,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,WAAA,EAAa,MAAM,WAAA;AACvD,CAAA;AAGA,IAAM,eAAA,GAAkB;AAAA,EACtB,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,IAAI,CAAA;AAAA,EACtC,KAAK,CAAC,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,QAAQ,MAAM,CAAA;AAAA,EAC1C,OAAO,CAAC,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,MAAM;AAC5C,CAAA;AAKA,IAAM,oBAAN,MAAwB;AAAA,EACtB,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,IAAI,aAAA;AACJ,IAAA,IAAI,kBAAA;AACJ,IAAA,IAAI,UAAA,GAAa,CAAA;AAEjB,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,OAAA,IAAW,EAAC;AAClC,IAAA,MAAM,oBAA4C,EAAC;AAGnD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,MAAA,iBAAA,CAAkB,GAAA,CAAI,WAAA,EAAa,CAAA,GAAI,KAAA;AAAA,IACzC;AAGA,IAAA,IAAI,mBAAA,CAAoB,OAAO,CAAA,EAAG;AAChC,MAAA,IAAI;AAEF,QAAA,MAAM,kBAAkB,MAAM,oBAAA;AAAA,UAC5B,MAAM,MAAA,IAAU,KAAA;AAAA,UAChB,MAAM,GAAA,IAAO,GAAA;AAAA,UACb;AAAA,SACF;AAEA,QAAA,IAAI,gBAAgB,OAAA,EAAS;AAE3B,UAAA,UAAA,GAAa,eAAA,CAAgB,UAAA;AAC7B,UAAA,OAAA,CAAQ,KAAK,CAAA,mBAAA,EAAsB,eAAA,CAAgB,OAAO,WAAA,EAAY,IAAK,SAAS,CAAA,CAAE,CAAA;AACtF,UAAA,IAAI,gBAAgB,KAAA,EAAO;AACzB,YAAA,aAAA,GAAgB;AAAA,cACd,IAAA,EAAM,eAAA,CAAgB,KAAA,CAAM,WAAA,EAAY;AAAA,cACxC,MAAM,eAAA,CAAgB;AAAA,aACxB;AAAA,UACF;AACA,UAAA,kBAAA,GAAqB,eAAA,CAAgB,kBAAA;AAGrC,UAAA,IAAI,gBAAgB,KAAA,EAAO;AACzB,YAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,MAAA,EAAS,eAAA,CAAgB,KAAK,CAAA,CAAE,CAAA;AAAA,UAC/C;AAAA,QACF,CAAA,MAAO;AAEL,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,KAAK,mBAAmB,CAAA;AAChC,UAAA,IAAI,gBAAgB,MAAA,EAAQ;AAC1B,YAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,gBAAA,EAAmB,eAAA,CAAgB,MAAM,CAAA,CAAE,CAAA;AAAA,UAC1D;AAGA,UAAA,IAAI,kBAAA,CAAmB,OAAO,CAAA,EAAG;AAC/B,YAAA,OAAA,CAAQ,KAAK,gBAAgB,CAAA;AAC7B,YAAA,aAAA,GAAgB,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,sBAAA,EAAuB;AAAA,UAClE;AAAA,QACF;AAAA,MACF,SAAS,KAAA,EAAO;AAEd,QAAA,OAAA,CAAQ,KAAA,CAAM,qDAAqD,KAAK,CAAA;AACxE,QAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,QAAA,OAAA,CAAQ,KAAK,8BAA8B,CAAA;AAAA,MAC7C;AAAA,IACF;AAGA,IAAA,MAAM,YAAY,KAAA,CAAM,SAAA,IAAa,KAAA,CAAM,OAAA,GAAU,YAAY,CAAA,IAAK,EAAA;AACtE,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,KAAA,MAAW,EAAE,OAAA,EAAS,IAAA,EAAM,IAAA,MAAU,iBAAA,EAAmB;AACvD,QAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA,EAAG;AAE3B,UAAA,MAAM,oBAAA,GAAuB;AAAA,YAC3B,SAAA;AAAA,YACA,QAAA;AAAA,YACA,YAAA;AAAA,YACA;AAAA,WACF;AACA,UAAA,MAAM,iBAAA,GAAoB,oBAAA,CAAqB,QAAA,CAAS,IAAI,IACxD,IAAA,GACA,GAAA;AAEJ,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,iBAAiB,CAAA;AACnD,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,cAAA,EAAiB,IAAI,CAAA,CAAE,CAAA;AACpC,UAAA,IAAI,CAAC,aAAA,EAAe;AAClB,YAAA,aAAA,GAAgB,EAAE,MAAM,IAAA,EAAK;AAC7B,YAAA,kBAAA,GAAqB,SAAA;AAAA,UACvB;AACA,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,MAAM,SAAA,GAAY;AAAA,MAChB,wBAAA;AAAA,MACA,0BAAA;AAAA,MACA,qBAAA;AAAA,MACA,mBAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,iBAAiB,SAAA,CAAU,MAAA;AAAA,MAC/B,CAAA,MAAA,KAAU,kBAAkB,MAAM;AAAA,KACpC;AACA,IAAA,IAAI,cAAA,CAAe,SAAS,CAAA,EAAG;AAC7B,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,WAAA,EAAc,cAAA,CAAe,MAAM,CAAA,CAAE,CAAA;AAAA,IACpD;AAGA,IAAA,MAAM,EAAA,GAAK,KAAA,CAAM,EAAA,IAAM,KAAA,CAAM,SAAA;AAC7B,IAAA,IACE,EAAA,IACA,CAAC,iBAAA,CAAkB,iBAAiB,KACpC,CAAC,iBAAA,CAAkB,WAAW,CAAA,EAC9B;AACA,MAAA,KAAA,MAAW,CAAC,QAAA,EAAU,QAAQ,KAAK,MAAA,CAAO,OAAA,CAAQ,eAAe,CAAA,EAAG;AAClE,QAAA,IAAI,SAAS,IAAA,CAAK,CAAA,MAAA,KAAU,GAAG,UAAA,CAAW,MAAM,CAAC,CAAA,EAAG;AAClD,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,GAAG,CAAA;AACrC,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,eAAA,EAAkB,QAAQ,CAAA,CAAE,CAAA;AACzC,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,OAAA,CAAQ,MAAA,GAAS,CAAA,IAAK,UAAA,GAAa,CAAA,EAAK;AAC1C,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,GAAa,GAAA,EAAK,IAAI,CAAA;AAAA,IAC9C;AAEA,IAAA,OAAO;AAAA,MACL,SAAS,UAAA,GAAa,GAAA;AAAA,MACtB,UAAA;AAAA,MACA,GAAI,aAAA,IAAiB,EAAE,aAAA,EAAc;AAAA,MACrC,OAAA;AAAA,MACA,GAAI,kBAAA,IAAsB,EAAE,kBAAA,EAAmB;AAAA,MAC/C,kBAAkB,kBAAA,KAAuB,WAAA,GAAc,KAAA,GAAS,UAAA,GAAa,MAAM,QAAA,GAAW,MAAA;AAAA,MAC9F,SAAA,sBAAe,IAAA;AAAK,KACtB;AAAA,EACF;AACF,CAAA;AAKO,IAAM,2BAAN,MAA+B;AAAA,EAC5B,QAAA;AAAA,EACA,MAAA,uBAA0C,GAAA,EAAI;AAAA,EAEtD,YAAY,OAAA,EAAe;AAEzB,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,iBAAA,EAAkB;AAAA,EACxC;AAAA,EAEA,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,QAAA,CAAS,QAAQ,KAAK,CAAA;AAGhD,IAAA,IAAI,OAAO,OAAA,IAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,KAAK,EAAC;AACvD,MAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,MAAA,EAAQ,KAAK,CAAC,CAAA;AAAA,IACpD;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,EAAA,CAAG,OAAe,OAAA,EAA6B;AAC7C,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,EAAG;AAC3B,MAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAA,EAAO,EAAE,CAAA;AAAA,IAC3B;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,CAAG,KAAK,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,IAAA,CAAK,UAAkB,IAAA,EAAmB;AACxC,IAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,KAAK,EAAC;AAC5C,IAAA,QAAA,CAAS,OAAA,CAAQ,CAAA,OAAA,KAAW,OAAA,CAAQ,GAAG,IAAI,CAAC,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,IAAA,GAAsB;AAE1B,IAAA;AAAA,EACF;AACF","file":"edge-detector-wrapper.mjs","sourcesContent":["/**\n * Ed25519 Signature Verification for HTTP Message Signatures\n * Implements proper cryptographic verification for ChatGPT and other agents\n * \n * Based on RFC 9421 (HTTP Message Signatures) and ChatGPT's implementation\n * Reference: https://help.openai.com/en/articles/9785974-chatgpt-user-allowlisting\n */\n\n/**\n * Known public keys for AI agents\n */\nconst KNOWN_KEYS = {\n chatgpt: [\n {\n kid: 'otMqcjr17mGyruktGvJU8oojQTSMHlVm7uO-lrcqbdg',\n // ChatGPT's current Ed25519 public key (base64)\n publicKey: '7F_3jDlxaquwh291MiACkcS3Opq88NksyHiakzS-Y1g',\n validFrom: new Date('2025-01-01').getTime() / 1000,\n validUntil: new Date('2025-04-11').getTime() / 1000,\n },\n ],\n};\n\n/**\n * Parse the Signature-Input header according to RFC 9421\n */\nfunction parseSignatureInput(signatureInput: string): {\n keyid: string;\n created?: number;\n expires?: number;\n signedHeaders: string[];\n} | null {\n try {\n // Example: sig1=(\"@method\" \"@path\" \"@authority\" \"date\");keyid=\"...\";created=1234567890\n const match = signatureInput.match(/sig1=\\((.*?)\\);(.+)/);\n if (!match) return null;\n\n const [, headersList, params] = match;\n \n // Parse signed headers\n const signedHeaders = headersList\n .split(' ')\n .map(h => h.replace(/\"/g, '').trim())\n .filter(h => h.length > 0);\n\n // Parse parameters\n const keyidMatch = params.match(/keyid=\"([^\"]+)\"/);\n const createdMatch = params.match(/created=(\\d+)/);\n const expiresMatch = params.match(/expires=(\\d+)/);\n\n if (!keyidMatch) return null;\n\n return {\n keyid: keyidMatch[1],\n created: createdMatch ? parseInt(createdMatch[1]) : undefined,\n expires: expiresMatch ? parseInt(expiresMatch[1]) : undefined,\n signedHeaders,\n };\n } catch (error) {\n console.error('[Signature] Failed to parse Signature-Input:', error);\n return null;\n }\n}\n\n/**\n * Build the signature base string according to RFC 9421\n * This is what gets signed\n */\nfunction buildSignatureBase(\n method: string,\n path: string,\n headers: Record<string, string>,\n signedHeaders: string[]\n): string {\n const components: string[] = [];\n \n for (const headerName of signedHeaders) {\n let value: string;\n \n switch (headerName) {\n case '@method':\n value = method.toUpperCase();\n break;\n case '@path':\n value = path;\n break;\n case '@authority':\n // Get from Host header or URL\n value = headers['host'] || headers['Host'] || '';\n break;\n default:\n // Regular headers (case-insensitive lookup)\n const key = Object.keys(headers).find(\n k => k.toLowerCase() === headerName.toLowerCase()\n );\n value = key ? headers[key] : '';\n break;\n }\n \n // Format according to RFC 9421\n components.push(`\"${headerName}\": ${value}`);\n }\n \n return components.join('\\n');\n}\n\n/**\n * Verify Ed25519 signature using Web Crypto API\n */\nasync function verifyEd25519Signature(\n publicKeyBase64: string,\n signatureBase64: string,\n message: string\n): Promise<boolean> {\n try {\n // Decode base64 to Uint8Array\n const publicKeyBytes = Uint8Array.from(atob(publicKeyBase64), c => c.charCodeAt(0));\n const signatureBytes = Uint8Array.from(atob(signatureBase64), c => c.charCodeAt(0));\n const messageBytes = new TextEncoder().encode(message);\n \n // Check key and signature lengths\n if (publicKeyBytes.length !== 32) {\n console.error('[Signature] Invalid public key length:', publicKeyBytes.length);\n return false;\n }\n if (signatureBytes.length !== 64) {\n console.error('[Signature] Invalid signature length:', signatureBytes.length);\n return false;\n }\n \n // Import the public key\n const publicKey = await crypto.subtle.importKey(\n 'raw',\n publicKeyBytes,\n {\n name: 'Ed25519',\n namedCurve: 'Ed25519',\n },\n false,\n ['verify']\n );\n \n // Verify the signature\n const isValid = await crypto.subtle.verify(\n 'Ed25519',\n publicKey,\n signatureBytes,\n messageBytes\n );\n \n return isValid;\n } catch (error) {\n console.error('[Signature] Ed25519 verification failed:', error);\n \n // Fallback: Try with @noble/ed25519 if available (for environments without Ed25519 support)\n if (typeof window === 'undefined') {\n try {\n // In Node.js/Edge Runtime, we might need to use a polyfill\n // For now, we'll return false if Web Crypto doesn't support Ed25519\n console.warn('[Signature] Ed25519 not supported in this environment');\n return false;\n } catch {\n return false;\n }\n }\n \n return false;\n }\n}\n\n/**\n * Signature verification result\n */\nexport interface SignatureVerificationResult {\n isValid: boolean;\n agent?: string;\n keyid?: string;\n confidence: number;\n reason?: string;\n verificationMethod: 'signature' | 'none';\n}\n\n/**\n * Verify HTTP Message Signature for AI agents\n */\nexport async function verifyAgentSignature(\n method: string,\n path: string,\n headers: Record<string, string>\n): Promise<SignatureVerificationResult> {\n // Check for signature headers\n const signature = headers['signature'] || headers['Signature'];\n const signatureInput = headers['signature-input'] || headers['Signature-Input'];\n const signatureAgent = headers['signature-agent'] || headers['Signature-Agent'];\n \n // No signature present\n if (!signature || !signatureInput) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'No signature headers present',\n verificationMethod: 'none',\n };\n }\n \n // Parse Signature-Input header\n const parsed = parseSignatureInput(signatureInput);\n if (!parsed) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Invalid Signature-Input header',\n verificationMethod: 'none',\n };\n }\n \n // Check timestamp if present\n if (parsed.created) {\n const now = Math.floor(Date.now() / 1000);\n const age = now - parsed.created;\n \n // Reject signatures older than 5 minutes\n if (age > 300) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Signature expired (older than 5 minutes)',\n verificationMethod: 'none',\n };\n }\n \n // Reject signatures from the future (clock skew tolerance: 30 seconds)\n if (age < -30) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Signature timestamp is in the future',\n verificationMethod: 'none',\n };\n }\n }\n \n // Determine which agent based on signature-agent header\n let agent: string | undefined;\n let knownKeys: typeof KNOWN_KEYS.chatgpt | undefined;\n \n if (signatureAgent === '\"https://chatgpt.com\"' || signatureAgent?.includes('chatgpt.com')) {\n agent = 'ChatGPT';\n knownKeys = KNOWN_KEYS.chatgpt;\n }\n // Add other agents here as needed\n \n if (!agent || !knownKeys) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Unknown signature agent',\n verificationMethod: 'none',\n };\n }\n \n // Find the key by ID\n const key = knownKeys.find(k => k.kid === parsed.keyid);\n if (!key) {\n return {\n isValid: false,\n confidence: 0,\n reason: `Unknown key ID: ${parsed.keyid}`,\n verificationMethod: 'none',\n };\n }\n \n // Check key validity period\n const now = Math.floor(Date.now() / 1000);\n if (now < key.validFrom || now > key.validUntil) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Key is not valid at current time',\n verificationMethod: 'none',\n };\n }\n \n // Build the signature base string\n const signatureBase = buildSignatureBase(method, path, headers, parsed.signedHeaders);\n \n // Extract the actual signature value (remove \"sig1=:\" prefix and \"::\" suffix if present)\n let signatureValue = signature;\n if (signatureValue.startsWith('sig1=:')) {\n signatureValue = signatureValue.substring(6);\n }\n if (signatureValue.endsWith(':')) {\n signatureValue = signatureValue.slice(0, -1);\n }\n \n // Verify the signature\n const isValid = await verifyEd25519Signature(\n key.publicKey,\n signatureValue,\n signatureBase\n );\n \n if (isValid) {\n return {\n isValid: true,\n agent,\n keyid: parsed.keyid,\n confidence: 1.0, // 100% confidence for valid signature\n verificationMethod: 'signature',\n };\n } else {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Signature verification failed',\n verificationMethod: 'none',\n };\n }\n}\n\n/**\n * Quick check if signature headers are present (for performance)\n */\nexport function hasSignatureHeaders(headers: Record<string, string>): boolean {\n return !!(\n (headers['signature'] || headers['Signature']) &&\n (headers['signature-input'] || headers['Signature-Input'])\n );\n}\n\n/**\n * Check if this is a ChatGPT signature based on headers\n */\nexport function isChatGPTSignature(headers: Record<string, string>): boolean {\n const signatureAgent = headers['signature-agent'] || headers['Signature-Agent'];\n return signatureAgent === '\"https://chatgpt.com\"' || (signatureAgent?.includes('chatgpt.com') || false);\n}","/**\n * Wrapper for EdgeAgentDetector to match AgentDetector interface\n * This allows the middleware to work with EdgeAgentDetector in Edge Runtime\n *\n * This is a self-contained implementation to avoid import resolution issues\n * Includes proper Ed25519 signature verification for ChatGPT and other agents\n */\n\ntype DetectionInput = {\n userAgent?: string;\n ip?: string;\n ipAddress?: string;\n headers?: Record<string, string>;\n url?: string;\n method?: string;\n timestamp?: Date;\n};\n\ntype DetectionResult = {\n isAgent: boolean;\n confidence: number;\n detectedAgent?: {\n type: string;\n name: string;\n };\n reasons: string[];\n verificationMethod?: string;\n forgeabilityRisk?: 'low' | 'medium' | 'high';\n timestamp: Date;\n};\n\ntype EventHandler = (...args: any[]) => void;\n\n// Import signature verifier\nimport { verifyAgentSignature, hasSignatureHeaders, isChatGPTSignature } from './signature-verifier';\n\n// Known AI agent patterns\nconst AI_AGENT_PATTERNS = [\n { pattern: /chatgpt-user/i, type: 'chatgpt', name: 'ChatGPT' },\n { pattern: /claude-web/i, type: 'claude', name: 'Claude' },\n { pattern: /perplexitybot/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity-user/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity-ai/i, type: 'perplexity', name: 'Perplexity' },\n { pattern: /perplexity/i, type: 'perplexity', name: 'Perplexity' }, // Fallback\n { pattern: /bingbot/i, type: 'bing', name: 'Bing AI' },\n { pattern: /anthropic-ai/i, type: 'anthropic', name: 'Anthropic' },\n];\n\n// Known cloud provider IP ranges (simplified)\nconst CLOUD_PROVIDERS = {\n aws: ['54.', '52.', '35.', '18.', '3.'],\n gcp: ['35.', '34.', '104.', '107.', '108.'],\n azure: ['13.', '20.', '40.', '52.', '104.'],\n};\n\n/**\n * Self-contained EdgeAgentDetector implementation with proper signature verification\n */\nclass EdgeAgentDetector {\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const reasons: string[] = [];\n let detectedAgent: { type: string; name: string } | undefined;\n let verificationMethod: string | undefined;\n let confidence = 0;\n\n const headers = input.headers || {};\n const normalizedHeaders: Record<string, string> = {};\n\n // Normalize header names to lowercase\n for (const [key, value] of Object.entries(headers)) {\n normalizedHeaders[key.toLowerCase()] = value;\n }\n\n // Check for HTTP Message Signatures with proper cryptographic verification\n if (hasSignatureHeaders(headers)) {\n try {\n // Verify the signature cryptographically\n const signatureResult = await verifyAgentSignature(\n input.method || 'GET',\n input.url || '/',\n headers\n );\n\n if (signatureResult.isValid) {\n // Valid cryptographic signature - highest confidence\n confidence = signatureResult.confidence;\n reasons.push(`verified_signature:${signatureResult.agent?.toLowerCase() || 'unknown'}`);\n if (signatureResult.agent) {\n detectedAgent = { \n type: signatureResult.agent.toLowerCase(), \n name: signatureResult.agent \n };\n }\n verificationMethod = signatureResult.verificationMethod;\n \n // Add keyid to reasons for debugging\n if (signatureResult.keyid) {\n reasons.push(`keyid:${signatureResult.keyid}`);\n }\n } else {\n // Invalid signature - suspicious\n confidence = Math.max(confidence, 0.3);\n reasons.push('invalid_signature');\n if (signatureResult.reason) {\n reasons.push(`signature_error:${signatureResult.reason}`);\n }\n \n // Still check if it claims to be ChatGPT\n if (isChatGPTSignature(headers)) {\n reasons.push('claims_chatgpt');\n detectedAgent = { type: 'chatgpt', name: 'ChatGPT (unverified)' };\n }\n }\n } catch (error) {\n // Error during verification\n console.error('[EdgeAgentDetector] Signature verification error:', error);\n confidence = Math.max(confidence, 0.2);\n reasons.push('signature_verification_error');\n }\n }\n\n // Check User-Agent patterns\n const userAgent = input.userAgent || input.headers?.['user-agent'] || '';\n if (userAgent) {\n for (const { pattern, type, name } of AI_AGENT_PATTERNS) {\n if (pattern.test(userAgent)) {\n // Give higher confidence to well-known AI agents that properly identify themselves\n const highConfidenceAgents = [\n 'chatgpt',\n 'claude',\n 'perplexity',\n 'anthropic',\n ];\n const patternConfidence = highConfidenceAgents.includes(type)\n ? 0.85\n : 0.5;\n\n confidence = Math.max(confidence, patternConfidence);\n reasons.push(`known_pattern:${type}`);\n if (!detectedAgent) {\n detectedAgent = { type, name };\n verificationMethod = 'pattern';\n }\n break;\n }\n }\n }\n\n // Check AI-specific headers\n const aiHeaders = [\n 'openai-conversation-id',\n 'openai-ephemeral-user-id',\n 'anthropic-client-id',\n 'x-goog-api-client',\n 'x-ms-copilot-id',\n ];\n\n const foundAiHeaders = aiHeaders.filter(\n header => normalizedHeaders[header]\n );\n if (foundAiHeaders.length > 0) {\n confidence = Math.max(confidence, 0.6);\n reasons.push(`ai_headers:${foundAiHeaders.length}`);\n }\n\n // Check cloud provider IPs\n const ip = input.ip || input.ipAddress;\n if (\n ip &&\n !normalizedHeaders['x-forwarded-for'] &&\n !normalizedHeaders['x-real-ip']\n ) {\n for (const [provider, prefixes] of Object.entries(CLOUD_PROVIDERS)) {\n if (prefixes.some(prefix => ip.startsWith(prefix))) {\n confidence = Math.max(confidence, 0.4);\n reasons.push(`cloud_provider:${provider}`);\n break;\n }\n }\n }\n\n // Boost confidence for combinations (but not if already at 1.0 from signature)\n if (reasons.length > 2 && confidence < 1.0) {\n confidence = Math.min(confidence * 1.2, 0.95);\n }\n\n return {\n isAgent: confidence > 0.3,\n confidence,\n ...(detectedAgent && { detectedAgent }),\n reasons,\n ...(verificationMethod && { verificationMethod }),\n forgeabilityRisk: verificationMethod === 'signature' ? 'low' : (confidence > 0.8 ? 'medium' : 'high'),\n timestamp: new Date(),\n };\n }\n}\n\n/**\n * Wrapper that provides event emitter functionality\n */\nexport class EdgeAgentDetectorWrapper {\n private detector: EdgeAgentDetector;\n private events: Map<string, EventHandler[]> = new Map();\n\n constructor(_config?: any) {\n // Config is accepted but not used by EdgeAgentDetector\n this.detector = new EdgeAgentDetector();\n }\n\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const result = await this.detector.analyze(input);\n\n // Emit events if there are listeners\n if (result.isAgent && this.events.has('agent.detected')) {\n const handlers = this.events.get('agent.detected') || [];\n handlers.forEach(handler => handler(result, input));\n }\n\n return result;\n }\n\n on(event: string, handler: EventHandler): void {\n if (!this.events.has(event)) {\n this.events.set(event, []);\n }\n this.events.get(event)!.push(handler);\n }\n\n emit(event: string, ...args: any[]): void {\n const handlers = this.events.get(event) || [];\n handlers.forEach(handler => handler(...args));\n }\n\n async init(): Promise<void> {\n // EdgeAgentDetector doesn't need initialization\n return;\n }\n}\n"]}