@kya-os/agentshield-nextjs 0.1.30 → 0.1.32

package/dist/create-middleware.js

@@ -4,6 +4,219 @@ var server = require('next/server');
 
 // src/create-middleware.ts
 
+// src/signature-verifier.ts
+var KNOWN_KEYS = {
+  chatgpt: [
+    {
+      kid: "otMqcjr17mGyruktGvJU8oojQTSMHlVm7uO-lrcqbdg",
+      // ChatGPT's current Ed25519 public key (base64)
+      publicKey: "7F_3jDlxaquwh291MiACkcS3Opq88NksyHiakzS-Y1g",
+      validFrom: (/* @__PURE__ */ new Date("2025-01-01")).getTime() / 1e3,
+      validUntil: (/* @__PURE__ */ new Date("2025-04-11")).getTime() / 1e3
+    }
+  ]
+};
+function parseSignatureInput(signatureInput) {
+  try {
+    const match = signatureInput.match(/sig1=\((.*?)\);(.+)/);
+    if (!match) return null;
+    const [, headersList, params] = match;
+    const signedHeaders = headersList ? headersList.split(" ").map((h) => h.replace(/"/g, "").trim()).filter((h) => h.length > 0) : [];
+    const keyidMatch = params ? params.match(/keyid="([^"]+)"/) : null;
+    const createdMatch = params ? params.match(/created=(\d+)/) : null;
+    const expiresMatch = params ? params.match(/expires=(\d+)/) : null;
+    if (!keyidMatch || !keyidMatch[1]) return null;
+    return {
+      keyid: keyidMatch[1],
+      created: createdMatch && createdMatch[1] ? parseInt(createdMatch[1]) : void 0,
+      expires: expiresMatch && expiresMatch[1] ? parseInt(expiresMatch[1]) : void 0,
+      signedHeaders
+    };
+  } catch (error) {
+    console.error("[Signature] Failed to parse Signature-Input:", error);
+    return null;
+  }
+}
+function buildSignatureBase(method, path, headers, signedHeaders) {
+  const components = [];
+  for (const headerName of signedHeaders) {
+    let value;
+    switch (headerName) {
+      case "@method":
+        value = method.toUpperCase();
+        break;
+      case "@path":
+        value = path;
+        break;
+      case "@authority":
+        value = headers["host"] || headers["Host"] || "";
+        break;
+      default:
+        const key = Object.keys(headers).find(
+          (k) => k.toLowerCase() === headerName.toLowerCase()
+        );
+        value = key ? headers[key] || "" : "";
+        break;
+    }
+    components.push(`"${headerName}": ${value}`);
+  }
+  return components.join("\n");
+}
+async function verifyEd25519Signature(publicKeyBase64, signatureBase64, message) {
+  try {
+    const publicKeyBytes = Uint8Array.from(atob(publicKeyBase64), (c) => c.charCodeAt(0));
+    const signatureBytes = Uint8Array.from(atob(signatureBase64), (c) => c.charCodeAt(0));
+    const messageBytes = new TextEncoder().encode(message);
+    if (publicKeyBytes.length !== 32) {
+      console.error("[Signature] Invalid public key length:", publicKeyBytes.length);
+      return false;
+    }
+    if (signatureBytes.length !== 64) {
+      console.error("[Signature] Invalid signature length:", signatureBytes.length);
+      return false;
+    }
+    const publicKey = await crypto.subtle.importKey(
+      "raw",
+      publicKeyBytes,
+      {
+        name: "Ed25519",
+        namedCurve: "Ed25519"
+      },
+      false,
+      ["verify"]
+    );
+    const isValid = await crypto.subtle.verify(
+      "Ed25519",
+      publicKey,
+      signatureBytes,
+      messageBytes
+    );
+    return isValid;
+  } catch (error) {
+    console.error("[Signature] Ed25519 verification failed:", error);
+    if (typeof window === "undefined") {
+      try {
+        console.warn("[Signature] Ed25519 not supported in this environment");
+        return false;
+      } catch {
+        return false;
+      }
+    }
+    return false;
+  }
+}
+async function verifyAgentSignature(method, path, headers) {
+  const signature = headers["signature"] || headers["Signature"];
+  const signatureInput = headers["signature-input"] || headers["Signature-Input"];
+  const signatureAgent = headers["signature-agent"] || headers["Signature-Agent"];
+  if (!signature || !signatureInput) {
+    return {
+      isValid: false,
+      confidence: 0,
+      reason: "No signature headers present",
+      verificationMethod: "none"
+    };
+  }
+  const parsed = parseSignatureInput(signatureInput);
+  if (!parsed) {
+    return {
+      isValid: false,
+      confidence: 0,
+      reason: "Invalid Signature-Input header",
+      verificationMethod: "none"
+    };
+  }
+  if (parsed.created) {
+    const now2 = Math.floor(Date.now() / 1e3);
+    const age = now2 - parsed.created;
+    if (age > 300) {
+      return {
+        isValid: false,
+        confidence: 0,
+        reason: "Signature expired (older than 5 minutes)",
+        verificationMethod: "none"
+      };
+    }
+    if (age < -30) {
+      return {
+        isValid: false,
+        confidence: 0,
+        reason: "Signature timestamp is in the future",
+        verificationMethod: "none"
+      };
+    }
+  }
+  let agent;
+  let knownKeys;
+  if (signatureAgent === '"https://chatgpt.com"' || signatureAgent?.includes("chatgpt.com")) {
+    agent = "ChatGPT";
+    knownKeys = KNOWN_KEYS.chatgpt;
+  }
+  if (!agent || !knownKeys) {
+    return {
+      isValid: false,
+      confidence: 0,
+      reason: "Unknown signature agent",
+      verificationMethod: "none"
+    };
+  }
+  const key = knownKeys.find((k) => k.kid === parsed.keyid);
+  if (!key) {
+    return {
+      isValid: false,
+      confidence: 0,
+      reason: `Unknown key ID: ${parsed.keyid}`,
+      verificationMethod: "none"
+    };
+  }
+  const now = Math.floor(Date.now() / 1e3);
+  if (now < key.validFrom || now > key.validUntil) {
+    return {
+      isValid: false,
+      confidence: 0,
+      reason: "Key is not valid at current time",
+      verificationMethod: "none"
+    };
+  }
+  const signatureBase = buildSignatureBase(method, path, headers, parsed.signedHeaders);
+  let signatureValue = signature;
+  if (signatureValue.startsWith("sig1=:")) {
+    signatureValue = signatureValue.substring(6);
+  }
+  if (signatureValue.endsWith(":")) {
+    signatureValue = signatureValue.slice(0, -1);
+  }
+  const isValid = await verifyEd25519Signature(
+    key.publicKey,
+    signatureValue,
+    signatureBase
+  );
+  if (isValid) {
+    return {
+      isValid: true,
+      agent,
+      keyid: parsed.keyid,
+      confidence: 1,
+      // 100% confidence for valid signature
+      verificationMethod: "signature"
+    };
+  } else {
+    return {
+      isValid: false,
+      confidence: 0,
+      reason: "Signature verification failed",
+      verificationMethod: "none"
+    };
+  }
+}
+function hasSignatureHeaders(headers) {
+  return !!((headers["signature"] || headers["Signature"]) && (headers["signature-input"] || headers["Signature-Input"]));
+}
+function isChatGPTSignature(headers) {
+  const signatureAgent = headers["signature-agent"] || headers["Signature-Agent"];
+  return signatureAgent === '"https://chatgpt.com"' || (signatureAgent?.includes("chatgpt.com") || false);
+}
+
 // src/edge-detector-wrapper.ts
 var AI_AGENT_PATTERNS = [
   { pattern: /chatgpt-user/i, type: "chatgpt", name: "ChatGPT" },
@@ -32,16 +245,42 @@ var EdgeAgentDetector = class {
     for (const [key, value] of Object.entries(headers)) {
       normalizedHeaders[key.toLowerCase()] = value;
     }
-    const signaturePresent = !!(normalizedHeaders["signature"] || normalizedHeaders["signature-input"]);
-    const signatureAgent = normalizedHeaders["signature-agent"];
-    if (signatureAgent?.includes("chatgpt.com")) {
-      confidence = 0.85;
-      reasons.push("signature_agent:chatgpt");
-      detectedAgent = { type: "chatgpt", name: "ChatGPT" };
-      verificationMethod = "signature";
-    } else if (signaturePresent) {
-      confidence = Math.max(confidence, 0.4);
-      reasons.push("signature_present");
+    if (hasSignatureHeaders(headers)) {
+      try {
+        const signatureResult = await verifyAgentSignature(
+          input.method || "GET",
+          input.url || "/",
+          headers
+        );
+        if (signatureResult.isValid) {
+          confidence = signatureResult.confidence;
+          reasons.push(`verified_signature:${signatureResult.agent?.toLowerCase() || "unknown"}`);
+          if (signatureResult.agent) {
+            detectedAgent = {
+              type: signatureResult.agent.toLowerCase(),
+              name: signatureResult.agent
+            };
+          }
+          verificationMethod = signatureResult.verificationMethod;
+          if (signatureResult.keyid) {
+            reasons.push(`keyid:${signatureResult.keyid}`);
+          }
+        } else {
+          confidence = Math.max(confidence, 0.3);
+          reasons.push("invalid_signature");
+          if (signatureResult.reason) {
+            reasons.push(`signature_error:${signatureResult.reason}`);
+          }
+          if (isChatGPTSignature(headers)) {
+            reasons.push("claims_chatgpt");
+            detectedAgent = { type: "chatgpt", name: "ChatGPT (unverified)" };
+          }
+        }
+      } catch (error) {
+        console.error("[EdgeAgentDetector] Signature verification error:", error);
+        confidence = Math.max(confidence, 0.2);
+        reasons.push("signature_verification_error");
+      }
     }
     const userAgent = input.userAgent || input.headers?.["user-agent"] || "";
     if (userAgent) {
@@ -88,7 +327,7 @@ var EdgeAgentDetector = class {
         }
       }
     }
-    if (reasons.length > 2) {
+    if (reasons.length > 2 && confidence < 1) {
       confidence = Math.min(confidence * 1.2, 0.95);
     }
     return {
@@ -97,7 +336,7 @@ var EdgeAgentDetector = class {
       ...detectedAgent && { detectedAgent },
       reasons,
       ...verificationMethod && { verificationMethod },
-      forgeabilityRisk: confidence > 0.8 ? "medium" : "high",
+      forgeabilityRisk: verificationMethod === "signature" ? "low" : confidence > 0.8 ? "medium" : "high",
       timestamp: /* @__PURE__ */ new Date()
     };
   }
@@ -144,6 +383,34 @@ async function initWasm() {
   }
   initPromise = (async () => {
     try {
+      if (typeof WebAssembly.instantiateStreaming === "function") {
+        try {
+          const response2 = await fetch(WASM_PATH);
+          if (!response2.ok) {
+            throw new Error(`Failed to fetch WASM: ${response2.status}`);
+          }
+          const streamResponse = response2.clone();
+          const { instance } = await WebAssembly.instantiateStreaming(
+            streamResponse,
+            {
+              wbg: {
+                __wbg_log_1d3ae13c3d5e6b8e: (ptr, len) => {
+                  console.log("WASM:", ptr, len);
+                },
+                __wbindgen_throw: (ptr, len) => {
+                  throw new Error(`WASM Error at ${ptr}, length ${len}`);
+                }
+              }
+            }
+          );
+          wasmInstance = instance;
+          wasmExports = instance.exports;
+          console.log("[AgentShield] \u2705 WASM module initialized with streaming");
+          return;
+        } catch (streamError) {
+          console.log("[AgentShield] Streaming compilation failed, falling back to standard compilation");
+        }
+      }
       const response = await fetch(WASM_PATH);
       if (!response.ok) {
         throw new Error(`Failed to fetch WASM: ${response.status}`);
@@ -628,11 +895,14 @@ function createAgentShieldMiddleware(config = {}) {
       }
       const userAgent = request.headers.get("user-agent");
       const ipAddress = request.ip ?? request.headers.get("x-forwarded-for");
+      const url = new URL(request.url);
+      const pathWithQuery = url.pathname + url.search;
       const context = {
         ...userAgent && { userAgent },
         ...ipAddress && { ipAddress },
         headers: Object.fromEntries(request.headers.entries()),
-        url: request.url,
+        url: pathWithQuery,
+        // Use path instead of full URL for signature verification
         method: request.method,
         timestamp: /* @__PURE__ */ new Date()
       };