npm - @kya-os/agentshield-nextjs - Versions diffs - 0.1.30 → 0.1.32 - Mend

@kya-os/agentshield-nextjs 0.1.30 → 0.1.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/dist/create-middleware.js +283 -13
package/dist/create-middleware.js.map +1 -1
package/dist/create-middleware.mjs +283 -13
package/dist/create-middleware.mjs.map +1 -1
package/dist/edge-detector-wrapper.d.mts +1 -0
package/dist/edge-detector-wrapper.d.ts +1 -0
package/dist/edge-detector-wrapper.js +251 -12
package/dist/edge-detector-wrapper.js.map +1 -1
package/dist/edge-detector-wrapper.mjs +251 -12
package/dist/edge-detector-wrapper.mjs.map +1 -1
package/dist/index.js +283 -13
package/dist/index.js.map +1 -1
package/dist/index.mjs +283 -13
package/dist/index.mjs.map +1 -1
package/dist/middleware.js +283 -13
package/dist/middleware.js.map +1 -1
package/dist/middleware.mjs +283 -13
package/dist/middleware.mjs.map +1 -1
package/dist/signature-verifier.d.mts +32 -0
package/dist/signature-verifier.d.ts +32 -0
package/dist/signature-verifier.js +220 -0
package/dist/signature-verifier.js.map +1 -0
package/dist/signature-verifier.mjs +216 -0
package/dist/signature-verifier.mjs.map +1 -0
package/package.json +2 -2

package/dist/middleware.mjs CHANGED Viewed

@@ -2,6 +2,219 @@ import { NextResponse } from 'next/server';
 // src/middleware.ts
+// src/signature-verifier.ts
+var KNOWN_KEYS = {
+  chatgpt: [
+    {
+      kid: "otMqcjr17mGyruktGvJU8oojQTSMHlVm7uO-lrcqbdg",
+      // ChatGPT's current Ed25519 public key (base64)
+      publicKey: "7F_3jDlxaquwh291MiACkcS3Opq88NksyHiakzS-Y1g",
+      validFrom: (/* @__PURE__ */ new Date("2025-01-01")).getTime() / 1e3,
+      validUntil: (/* @__PURE__ */ new Date("2025-04-11")).getTime() / 1e3
+    }
+  ]
+};
+function parseSignatureInput(signatureInput) {
+  try {
+    const match = signatureInput.match(/sig1=\((.*?)\);(.+)/);
+    if (!match) return null;
+    const [, headersList, params] = match;
+    const signedHeaders = headersList ? headersList.split(" ").map((h) => h.replace(/"/g, "").trim()).filter((h) => h.length > 0) : [];
+    const keyidMatch = params ? params.match(/keyid="([^"]+)"/) : null;
+    const createdMatch = params ? params.match(/created=(\d+)/) : null;
+    const expiresMatch = params ? params.match(/expires=(\d+)/) : null;
+    if (!keyidMatch || !keyidMatch[1]) return null;
+    return {
+      keyid: keyidMatch[1],
+      created: createdMatch && createdMatch[1] ? parseInt(createdMatch[1]) : void 0,
+      expires: expiresMatch && expiresMatch[1] ? parseInt(expiresMatch[1]) : void 0,
+      signedHeaders
+    };
+  } catch (error) {
+    console.error("[Signature] Failed to parse Signature-Input:", error);
+    return null;
+  }
+}
+function buildSignatureBase(method, path, headers, signedHeaders) {
+  const components = [];
+  for (const headerName of signedHeaders) {
+    let value;
+    switch (headerName) {
+      case "@method":
+        value = method.toUpperCase();
+        break;
+      case "@path":
+        value = path;
+        break;
+      case "@authority":
+        value = headers["host"] || headers["Host"] || "";
+        break;
+      default:
+        const key = Object.keys(headers).find(
+          (k) => k.toLowerCase() === headerName.toLowerCase()
+        );
+        value = key ? headers[key] || "" : "";
+        break;
+    }
+    components.push(`"${headerName}": ${value}`);
+  }
+  return components.join("\n");
+}
+async function verifyEd25519Signature(publicKeyBase64, signatureBase64, message) {
+  try {
+    const publicKeyBytes = Uint8Array.from(atob(publicKeyBase64), (c) => c.charCodeAt(0));
+    const signatureBytes = Uint8Array.from(atob(signatureBase64), (c) => c.charCodeAt(0));
+    const messageBytes = new TextEncoder().encode(message);
+    if (publicKeyBytes.length !== 32) {
+      console.error("[Signature] Invalid public key length:", publicKeyBytes.length);
+      return false;
+    }
+    if (signatureBytes.length !== 64) {
+      console.error("[Signature] Invalid signature length:", signatureBytes.length);
+      return false;
+    }
+    const publicKey = await crypto.subtle.importKey(
+      "raw",
+      publicKeyBytes,
+      {
+        name: "Ed25519",
+        namedCurve: "Ed25519"
+      },
+      false,
+      ["verify"]
+    );
+    const isValid = await crypto.subtle.verify(
+      "Ed25519",
+      publicKey,
+      signatureBytes,
+      messageBytes
+    );
+    return isValid;
+  } catch (error) {
+    console.error("[Signature] Ed25519 verification failed:", error);
+    if (typeof window === "undefined") {
+      try {
+        console.warn("[Signature] Ed25519 not supported in this environment");
+        return false;
+      } catch {
+        return false;
+      }
+    }
+    return false;
+  }
+}
+async function verifyAgentSignature(method, path, headers) {
+  const signature = headers["signature"] || headers["Signature"];
+  const signatureInput = headers["signature-input"] || headers["Signature-Input"];
+  const signatureAgent = headers["signature-agent"] || headers["Signature-Agent"];
+  if (!signature || !signatureInput) {
+    return {
+      isValid: false,
+      confidence: 0,
+      reason: "No signature headers present",
+      verificationMethod: "none"
+    };
+  }
+  const parsed = parseSignatureInput(signatureInput);
+  if (!parsed) {
+    return {
+      isValid: false,
+      confidence: 0,
+      reason: "Invalid Signature-Input header",
+      verificationMethod: "none"
+    };
+  }
+  if (parsed.created) {
+    const now2 = Math.floor(Date.now() / 1e3);
+    const age = now2 - parsed.created;
+    if (age > 300) {
+      return {
+        isValid: false,
+        confidence: 0,
+        reason: "Signature expired (older than 5 minutes)",
+        verificationMethod: "none"
+      };
+    }
+    if (age < -30) {
+      return {
+        isValid: false,
+        confidence: 0,
+        reason: "Signature timestamp is in the future",
+        verificationMethod: "none"
+      };
+    }
+  }
+  let agent;
+  let knownKeys;
+  if (signatureAgent === '"https://chatgpt.com"' || signatureAgent?.includes("chatgpt.com")) {
+    agent = "ChatGPT";
+    knownKeys = KNOWN_KEYS.chatgpt;
+  }
+  if (!agent || !knownKeys) {
+    return {
+      isValid: false,
+      confidence: 0,
+      reason: "Unknown signature agent",
+      verificationMethod: "none"
+    };
+  }
+  const key = knownKeys.find((k) => k.kid === parsed.keyid);
+  if (!key) {
+    return {
+      isValid: false,
+      confidence: 0,
+      reason: `Unknown key ID: ${parsed.keyid}`,
+      verificationMethod: "none"
+    };
+  }
+  const now = Math.floor(Date.now() / 1e3);
+  if (now < key.validFrom || now > key.validUntil) {
+    return {
+      isValid: false,
+      confidence: 0,
+      reason: "Key is not valid at current time",
+      verificationMethod: "none"
+    };
+  }
+  const signatureBase = buildSignatureBase(method, path, headers, parsed.signedHeaders);
+  let signatureValue = signature;
+  if (signatureValue.startsWith("sig1=:")) {
+    signatureValue = signatureValue.substring(6);
+  }
+  if (signatureValue.endsWith(":")) {
+    signatureValue = signatureValue.slice(0, -1);
+  }
+  const isValid = await verifyEd25519Signature(
+    key.publicKey,
+    signatureValue,
+    signatureBase
+  );
+  if (isValid) {
+    return {
+      isValid: true,
+      agent,
+      keyid: parsed.keyid,
+      confidence: 1,
+      // 100% confidence for valid signature
+      verificationMethod: "signature"
+    };
+  } else {
+    return {
+      isValid: false,
+      confidence: 0,
+      reason: "Signature verification failed",
+      verificationMethod: "none"
+    };
+  }
+}
+function hasSignatureHeaders(headers) {
+  return !!((headers["signature"] || headers["Signature"]) && (headers["signature-input"] || headers["Signature-Input"]));
+}
+function isChatGPTSignature(headers) {
+  const signatureAgent = headers["signature-agent"] || headers["Signature-Agent"];
+  return signatureAgent === '"https://chatgpt.com"' || (signatureAgent?.includes("chatgpt.com") || false);
+}
 // src/edge-detector-wrapper.ts
 var AI_AGENT_PATTERNS = [
   { pattern: /chatgpt-user/i, type: "chatgpt", name: "ChatGPT" },
@@ -30,16 +243,42 @@ var EdgeAgentDetector = class {
     for (const [key, value] of Object.entries(headers)) {
       normalizedHeaders[key.toLowerCase()] = value;
     }
-    const signaturePresent = !!(normalizedHeaders["signature"] || normalizedHeaders["signature-input"]);
-    const signatureAgent = normalizedHeaders["signature-agent"];
-    if (signatureAgent?.includes("chatgpt.com")) {
-      confidence = 0.85;
-      reasons.push("signature_agent:chatgpt");
-      detectedAgent = { type: "chatgpt", name: "ChatGPT" };
-      verificationMethod = "signature";
-    } else if (signaturePresent) {
-      confidence = Math.max(confidence, 0.4);
-      reasons.push("signature_present");
+    if (hasSignatureHeaders(headers)) {
+      try {
+        const signatureResult = await verifyAgentSignature(
+          input.method || "GET",
+          input.url || "/",
+          headers
+        );
+        if (signatureResult.isValid) {
+          confidence = signatureResult.confidence;
+          reasons.push(`verified_signature:${signatureResult.agent?.toLowerCase() || "unknown"}`);
+          if (signatureResult.agent) {
+            detectedAgent = {
+              type: signatureResult.agent.toLowerCase(),
+              name: signatureResult.agent
+            };
+          }
+          verificationMethod = signatureResult.verificationMethod;
+          if (signatureResult.keyid) {
+            reasons.push(`keyid:${signatureResult.keyid}`);
+          }
+        } else {
+          confidence = Math.max(confidence, 0.3);
+          reasons.push("invalid_signature");
+          if (signatureResult.reason) {
+            reasons.push(`signature_error:${signatureResult.reason}`);
+          }
+          if (isChatGPTSignature(headers)) {
+            reasons.push("claims_chatgpt");
+            detectedAgent = { type: "chatgpt", name: "ChatGPT (unverified)" };
+          }
+        }
+      } catch (error) {
+        console.error("[EdgeAgentDetector] Signature verification error:", error);
+        confidence = Math.max(confidence, 0.2);
+        reasons.push("signature_verification_error");
+      }
     }
     const userAgent = input.userAgent || input.headers?.["user-agent"] || "";
     if (userAgent) {
@@ -86,7 +325,7 @@ var EdgeAgentDetector = class {
         }
       }
     }
-    if (reasons.length > 2) {
+    if (reasons.length > 2 && confidence < 1) {
       confidence = Math.min(confidence * 1.2, 0.95);
     }
     return {
@@ -95,7 +334,7 @@ var EdgeAgentDetector = class {
       ...detectedAgent && { detectedAgent },
       reasons,
       ...verificationMethod && { verificationMethod },
-      forgeabilityRisk: confidence > 0.8 ? "medium" : "high",
+      forgeabilityRisk: verificationMethod === "signature" ? "low" : confidence > 0.8 ? "medium" : "high",
       timestamp: /* @__PURE__ */ new Date()
     };
   }
@@ -142,6 +381,34 @@ async function initWasm() {
   }
   initPromise = (async () => {
     try {
+      if (typeof WebAssembly.instantiateStreaming === "function") {
+        try {
+          const response2 = await fetch(WASM_PATH);
+          if (!response2.ok) {
+            throw new Error(`Failed to fetch WASM: ${response2.status}`);
+          }
+          const streamResponse = response2.clone();
+          const { instance } = await WebAssembly.instantiateStreaming(
+            streamResponse,
+            {
+              wbg: {
+                __wbg_log_1d3ae13c3d5e6b8e: (ptr, len) => {
+                  console.log("WASM:", ptr, len);
+                },
+                __wbindgen_throw: (ptr, len) => {
+                  throw new Error(`WASM Error at ${ptr}, length ${len}`);
+                }
+              }
+            }
+          );
+          wasmInstance = instance;
+          wasmExports = instance.exports;
+          console.log("[AgentShield] \u2705 WASM module initialized with streaming");
+          return;
+        } catch (streamError) {
+          console.log("[AgentShield] Streaming compilation failed, falling back to standard compilation");
+        }
+      }
       const response = await fetch(WASM_PATH);
       if (!response.ok) {
         throw new Error(`Failed to fetch WASM: ${response.status}`);
@@ -626,11 +893,14 @@ function createAgentShieldMiddleware(config = {}) {
       }
       const userAgent = request.headers.get("user-agent");
       const ipAddress = request.ip ?? request.headers.get("x-forwarded-for");
+      const url = new URL(request.url);
+      const pathWithQuery = url.pathname + url.search;
       const context = {
         ...userAgent && { userAgent },
         ...ipAddress && { ipAddress },
         headers: Object.fromEntries(request.headers.entries()),
-        url: request.url,
+        url: pathWithQuery,
+        // Use path instead of full URL for signature verification
         method: request.method,
         timestamp: /* @__PURE__ */ new Date()
       };