npm - @kya-os/agentshield-nextjs - Versions diffs - 0.1.40 → 0.1.42 - Mend

@kya-os/agentshield-nextjs 0.1.40 → 0.1.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (79) hide show

package/dist/.tsbuildinfo +1 -0
package/dist/api-client.d.mts +145 -0
package/dist/api-client.d.ts +145 -0
package/dist/api-client.js +130 -0
package/dist/api-client.js.map +1 -0
package/dist/api-client.mjs +126 -0
package/dist/api-client.mjs.map +1 -0
package/dist/api-middleware.d.mts +118 -0
package/dist/api-middleware.d.ts +118 -0
package/dist/api-middleware.js +295 -0
package/dist/api-middleware.js.map +1 -0
package/dist/api-middleware.mjs +292 -0
package/dist/api-middleware.mjs.map +1 -0
package/dist/create-middleware.d.mts +2 -1
package/dist/create-middleware.d.ts +2 -1
package/dist/create-middleware.js +474 -200
package/dist/create-middleware.js.map +1 -1
package/dist/create-middleware.mjs +454 -200
package/dist/create-middleware.mjs.map +1 -1
package/dist/edge/index.d.mts +110 -0
package/dist/edge/index.d.ts +110 -0
package/dist/edge/index.js +253 -0
package/dist/edge/index.js.map +1 -0
package/dist/edge/index.mjs +251 -0
package/dist/edge/index.mjs.map +1 -0
package/dist/edge-detector-wrapper.d.mts +6 -15
package/dist/edge-detector-wrapper.d.ts +6 -15
package/dist/edge-detector-wrapper.js +314 -95
package/dist/edge-detector-wrapper.js.map +1 -1
package/dist/edge-detector-wrapper.mjs +294 -95
package/dist/edge-detector-wrapper.mjs.map +1 -1
package/dist/edge-runtime-loader.d.mts +1 -1
package/dist/edge-runtime-loader.d.ts +1 -1
package/dist/edge-runtime-loader.js +10 -25
package/dist/edge-runtime-loader.js.map +1 -1
package/dist/edge-runtime-loader.mjs +11 -23
package/dist/edge-runtime-loader.mjs.map +1 -1
package/dist/edge-wasm-middleware.js +2 -1
package/dist/edge-wasm-middleware.js.map +1 -1
package/dist/edge-wasm-middleware.mjs +2 -1
package/dist/edge-wasm-middleware.mjs.map +1 -1
package/dist/enhanced-middleware.d.mts +153 -0
package/dist/enhanced-middleware.d.ts +153 -0
package/dist/enhanced-middleware.js +1074 -0
package/dist/enhanced-middleware.js.map +1 -0
package/dist/enhanced-middleware.mjs +1072 -0
package/dist/enhanced-middleware.mjs.map +1 -0
package/dist/index.d.mts +8 -153
package/dist/index.d.ts +8 -153
package/dist/index.js +1390 -680
package/dist/index.js.map +1 -1
package/dist/index.mjs +1370 -685
package/dist/index.mjs.map +1 -1
package/dist/middleware.d.mts +2 -1
package/dist/middleware.d.ts +2 -1
package/dist/middleware.js +474 -200
package/dist/middleware.js.map +1 -1
package/dist/middleware.mjs +454 -200
package/dist/middleware.mjs.map +1 -1
package/dist/session-tracker.d.mts +1 -1
package/dist/session-tracker.d.ts +1 -1
package/dist/session-tracker.js.map +1 -1
package/dist/session-tracker.mjs.map +1 -1
package/dist/signature-verifier.d.mts +1 -0
package/dist/signature-verifier.d.ts +1 -0
package/dist/signature-verifier.js +204 -44
package/dist/signature-verifier.js.map +1 -1
package/dist/signature-verifier.mjs +184 -44
package/dist/signature-verifier.mjs.map +1 -1
package/dist/{types-BJTEUa4T.d.mts → types-DVmy9NE3.d.mts} +19 -2
package/dist/{types-BJTEUa4T.d.ts → types-DVmy9NE3.d.ts} +19 -2
package/dist/wasm-middleware.js +15 -6
package/dist/wasm-middleware.js.map +1 -1
package/dist/wasm-middleware.mjs +15 -6
package/dist/wasm-middleware.mjs.map +1 -1
package/package.json +43 -21
package/wasm/agentshield_wasm.js +209 -152
package/wasm/agentshield_wasm_bg.wasm +0 -0
package/wasm/package.json +30 -0

package/dist/edge/index.d.ts ADDED Viewed

@@ -0,0 +1,110 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { DetectionResult } from '@kya-os/agentshield-shared';
+export { DetectionResult } from '@kya-os/agentshield-shared';
+/**
+ * Edge Runtime Middleware with WASM Support
+ *
+ * This module provides Next.js middleware that uses the unified WASM runtime.
+ * For Edge Runtime, consumers must provide a pre-compiled WASM module via static import:
+ *
+ * ```typescript
+ * // In your middleware.ts
+ * import wasmModule from '@kya-os/agentshield-wasm-runtime/wasm?module';
+ * import { createEdgeMiddleware } from '@kya-os/agentshield-nextjs/edge';
+ *
+ * export const middleware = createEdgeMiddleware({
+ *   wasmModule,
+ *   apiKey: process.env.AGENTSHIELD_API_KEY,
+ *   onAgentDetected: 'block',
+ * });
+ * ```
+ *
+ * When an API key is provided, the middleware will:
+ * 1. Load customer policies (deny lists, allow lists, thresholds) from AgentShield API
+ * 2. Automatically block agents that match deny list entries
+ * 3. Cache policies for 5 minutes with background refresh
+ */
+/**
+ * Edge middleware configuration
+ */
+interface EdgeMiddlewareConfig {
+    /**
+     * Pre-compiled WebAssembly.Module for Edge Runtime
+     * Use static import: `import wasmModule from '@kya-os/agentshield-wasm-runtime/wasm?module'`
+     */
+    wasmModule?: WebAssembly.Module;
+    /**
+     * API key for loading customer policies from AgentShield dashboard
+     * When provided, enables policy enforcement (deny lists, allow lists, thresholds)
+     */
+    apiKey?: string;
+    /**
+     * Custom URL for the policy API
+     * @default 'https://api.agentshield.io'
+     */
+    policyApiUrl?: string;
+    /**
+     * Action to take when an agent is detected
+     * @default 'log'
+     */
+    onAgentDetected?: 'block' | 'redirect' | 'rewrite' | 'log' | 'allow';
+    /**
+     * Custom handler called when an agent is detected
+     * Return a NextResponse to override default behavior
+     */
+    onDetection?: (request: NextRequest, result: DetectionResult) => Promise<NextResponse | void> | NextResponse | void;
+    /**
+     * Paths to skip detection (can be string prefixes or RegExp)
+     */
+    skipPaths?: (string | RegExp)[];
+    /**
+     * Minimum confidence threshold (0-100 scale) for considering a request as agent traffic
+     * @default 70
+     */
+    confidenceThreshold?: number;
+    /**
+     * Response to send when blocking agents
+     */
+    blockedResponse?: {
+        status?: number;
+        message?: string;
+        headers?: Record<string, string>;
+    };
+    /**
+     * URL to redirect to when redirecting agents
+     */
+    redirectUrl?: string;
+    /**
+     * URL to rewrite to when rewriting agent requests
+     */
+    rewriteUrl?: string;
+    /**
+     * Enable debug logging
+     */
+    debug?: boolean;
+}
+/**
+ * Create Edge middleware with WASM support
+ *
+ * @example
+ * ```typescript
+ * // middleware.ts
+ * import wasmModule from '@kya-os/agentshield-wasm-runtime/wasm?module';
+ * import { createEdgeMiddleware } from '@kya-os/agentshield-nextjs/edge';
+ *
+ * export const middleware = createEdgeMiddleware({
+ *   wasmModule,
+ *   onAgentDetected: 'block',
+ *   confidenceThreshold: 70,
+ * });
+ *
+ * export const config = {
+ *   matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],
+ * };
+ * ```
+ */
+declare function createEdgeMiddleware(config?: EdgeMiddlewareConfig): (request: NextRequest) => Promise<NextResponse>;
+export { type EdgeMiddlewareConfig, createEdgeMiddleware };

package/dist/edge/index.js ADDED Viewed

@@ -0,0 +1,253 @@
+'use strict';
+var server = require('next/server');
+// src/edge/index.ts
+async function patternDetect(input) {
+  const userAgent = input.userAgent?.toLowerCase() || "";
+  const reasons = [];
+  let confidence = 0;
+  let detectedAgent;
+  const patterns = [
+    { pattern: /chatgpt-user/i, name: "ChatGPT", confidence: 95 },
+    { pattern: /claude-web/i, name: "Claude", confidence: 95 },
+    { pattern: /claude-?bot/i, name: "ClaudeBot", confidence: 95 },
+    { pattern: /anthropic/i, name: "Claude", confidence: 90 },
+    { pattern: /gptbot/i, name: "GPTBot", confidence: 90 },
+    { pattern: /perplexity/i, name: "Perplexity", confidence: 90 },
+    { pattern: /openai/i, name: "OpenAI", confidence: 85 },
+    { pattern: /copilot/i, name: "Copilot", confidence: 85 },
+    { pattern: /gemini/i, name: "Gemini", confidence: 85 },
+    { pattern: /bard/i, name: "Bard", confidence: 85 },
+    // HTTP client libraries (often used by AI agents/scrapers)
+    { pattern: /^axios\//i, name: "HTTP Client (axios)", confidence: 75 },
+    { pattern: /^node-fetch\//i, name: "HTTP Client (node-fetch)", confidence: 75 },
+    { pattern: /^got\//i, name: "HTTP Client (got)", confidence: 75 },
+    { pattern: /^python-requests\//i, name: "HTTP Client (requests)", confidence: 75 },
+    { pattern: /^python-urllib/i, name: "HTTP Client (urllib)", confidence: 75 },
+    { pattern: /^curl\//i, name: "HTTP Client (curl)", confidence: 60 },
+    { pattern: /^wget\//i, name: "HTTP Client (wget)", confidence: 60 },
+    { pattern: /^httpie\//i, name: "HTTP Client (httpie)", confidence: 70 },
+    { pattern: /^undici\//i, name: "HTTP Client (undici)", confidence: 75 }
+  ];
+  for (const { pattern, name, confidence: patternConfidence } of patterns) {
+    if (pattern.test(userAgent)) {
+      confidence = patternConfidence;
+      detectedAgent = { type: name.toLowerCase(), name };
+      reasons.push(`known_pattern:${name.toLowerCase()}`);
+      break;
+    }
+  }
+  const aiHeaders = ["x-openai-", "x-anthropic-", "x-ai-", "signature-agent"];
+  for (const [key] of Object.entries(input.headers)) {
+    if (aiHeaders.some((prefix) => key.toLowerCase().startsWith(prefix))) {
+      confidence = Math.max(confidence, 45);
+      reasons.push(`ai_headers:${key}`);
+      break;
+    }
+  }
+  return {
+    isAgent: confidence > 30,
+    confidence,
+    detectionClass: confidence > 30 && detectedAgent ? { type: "AiAgent", agentType: detectedAgent.name } : confidence > 30 ? { type: "Unknown" } : { type: "Human" },
+    signals: [],
+    ...detectedAgent && { detectedAgent },
+    reasons,
+    verificationMethod: "pattern",
+    forgeabilityRisk: confidence > 80 ? "medium" : "high",
+    timestamp: /* @__PURE__ */ new Date()
+  };
+}
+async function createDetector(config) {
+  let detector;
+  if (config.wasmModule) {
+    try {
+      const { StaticWasmLoader, WasmDetector, PolicyLoader } = await import('@kya-os/agentshield-wasm-runtime/edge');
+      const loader = new StaticWasmLoader(config.wasmModule);
+      const policyLoader = config.apiKey ? new PolicyLoader({
+        apiUrl: config.policyApiUrl
+      }) : void 0;
+      const wasmDetector = new WasmDetector(loader, policyLoader, {
+        apiKey: config.apiKey,
+        debug: config.debug
+      });
+      await wasmDetector.ensureReady();
+      if (config.debug) {
+        console.debug("[AgentShield] WASM detector initialized in Edge Runtime", {
+          policyEnabled: !!config.apiKey
+        });
+      }
+      detector = {
+        detect: async (input) => {
+          const result = await wasmDetector.detect(input);
+          return {
+            isAgent: result.isAgent,
+            confidence: result.confidence,
+            detectionClass: result.detectionClass,
+            detectedAgent: result.detectedAgent,
+            verificationMethod: result.verificationMethod,
+            forgeabilityRisk: result.forgeabilityRisk,
+            reasons: result.reasons,
+            timestamp: result.timestamp,
+            signals: [],
+            // Required by DetectionResult, empty for WASM results
+            shouldBlock: result.shouldBlock,
+            blockReason: result.blockReason
+          };
+        },
+        isReady: () => wasmDetector.isReady()
+      };
+    } catch (error) {
+      if (config.debug) {
+        console.warn("[AgentShield] WASM runtime not available, using pattern detection:", error);
+      }
+      detector = {
+        detect: patternDetect,
+        isReady: () => true
+      };
+    }
+  } else {
+    if (config.debug) {
+      console.debug("[AgentShield] No WASM module provided, using pattern detection");
+    }
+    detector = {
+      detect: patternDetect,
+      isReady: () => true
+    };
+  }
+  return detector;
+}
+function createEdgeMiddleware(config = {}) {
+  let detectorPromise = null;
+  const {
+    onAgentDetected = "log",
+    onDetection,
+    skipPaths = [],
+    confidenceThreshold = 70,
+    blockedResponse = {
+      status: 403,
+      message: "Access denied: Automated agent detected",
+      headers: { "Content-Type": "application/json" }
+    },
+    redirectUrl = "/blocked",
+    rewriteUrl = "/blocked",
+    debug = false
+  } = config;
+  return async (request) => {
+    try {
+      if (!detectorPromise) {
+        detectorPromise = createDetector({ ...config, debug });
+      }
+      const detector = await detectorPromise;
+      const shouldSkip = skipPaths.some((pattern) => {
+        if (typeof pattern === "string") {
+          return request.nextUrl.pathname.startsWith(pattern);
+        }
+        return pattern.test(request.nextUrl.pathname);
+      });
+      if (shouldSkip) {
+        return server.NextResponse.next();
+      }
+      const url = new URL(request.url);
+      const xForwardedFor = request.headers.get("x-forwarded-for");
+      const clientIp = xForwardedFor?.split(",")[0]?.trim();
+      const input = {
+        userAgent: request.headers.get("user-agent") || void 0,
+        ipAddress: request.ip || clientIp || void 0,
+        headers: Object.fromEntries(request.headers.entries()),
+        url: url.pathname + url.search,
+        method: request.method
+      };
+      const result = await detector.detect(input);
+      if (result.shouldBlock) {
+        if (debug) {
+          console.debug("[AgentShield] Blocked by policy", {
+            reason: result.blockReason,
+            agent: result.detectedAgent?.name,
+            confidence: result.confidence,
+            pathname: request.nextUrl.pathname
+          });
+        }
+        if (onDetection) {
+          const customResponse = await onDetection(request, result);
+          if (customResponse) {
+            return customResponse;
+          }
+        }
+        return server.NextResponse.json(
+          {
+            error: "Access denied by policy",
+            reason: result.blockReason,
+            detected: true,
+            confidence: result.confidence,
+            agent: result.detectedAgent?.name,
+            timestamp: result.timestamp
+          },
+          {
+            status: 403,
+            headers: { "Content-Type": "application/json" }
+          }
+        );
+      }
+      if (result.shouldBlock !== false && result.isAgent && result.confidence >= confidenceThreshold) {
+        if (onDetection) {
+          const customResponse = await onDetection(request, result);
+          if (customResponse) {
+            return customResponse;
+          }
+        }
+        switch (onAgentDetected) {
+          case "block": {
+            const response2 = server.NextResponse.json(
+              {
+                error: blockedResponse.message,
+                detected: true,
+                confidence: result.confidence,
+                timestamp: result.timestamp
+              },
+              { status: blockedResponse.status }
+            );
+            if (blockedResponse.headers) {
+              Object.entries(blockedResponse.headers).forEach(([key, value]) => {
+                response2.headers.set(key, value);
+              });
+            }
+            return response2;
+          }
+          case "redirect":
+            return server.NextResponse.redirect(new URL(redirectUrl, request.url));
+          case "rewrite":
+            return server.NextResponse.rewrite(new URL(rewriteUrl, request.url));
+          case "log":
+            if (debug || process.env.NODE_ENV !== "production") {
+              console.debug("AgentShield: Agent detected", {
+                ipAddress: input.ipAddress,
+                userAgent: input.userAgent,
+                confidence: result.confidence,
+                agent: result.detectedAgent?.name,
+                pathname: request.nextUrl.pathname
+              });
+            }
+            break;
+          case "allow":
+          default:
+            break;
+        }
+      }
+      const response = server.NextResponse.next();
+      response.headers.set("x-agentshield-detected", result.isAgent.toString());
+      response.headers.set("x-agentshield-confidence", result.confidence.toString());
+      if (result.detectedAgent?.name) {
+        response.headers.set("x-agentshield-agent", result.detectedAgent.name);
+      }
+      return response;
+    } catch (error) {
+      console.error("AgentShield middleware error:", error);
+      return server.NextResponse.next();
+    }
+  };
+}
+exports.createEdgeMiddleware = createEdgeMiddleware;
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/edge/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/edge/index.ts"],"names":["NextResponse","response"],"mappings":";;;;;AAmHA,eAAe,cAAc,KAAA,EAAiD;AAC5E,EAAA,MAAM,SAAA,GAAY,KAAA,CAAM,SAAA,EAAW,WAAA,EAAY,IAAK,EAAA;AACpD,EAAA,MAAM,UAAoB,EAAC;AAC3B,EAAA,IAAI,UAAA,GAAa,CAAA;AACjB,EAAA,IAAI,aAAA;AAGJ,EAAA,MAAM,QAAA,GAAW;AAAA,IACf,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,SAAA,EAAW,YAAY,EAAA,EAAG;AAAA,IAC5D,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,QAAA,EAAU,YAAY,EAAA,EAAG;AAAA,IACzD,EAAE,OAAA,EAAS,cAAA,EAAgB,IAAA,EAAM,WAAA,EAAa,YAAY,EAAA,EAAG;AAAA,IAC7D,EAAE,OAAA,EAAS,YAAA,EAAc,IAAA,EAAM,QAAA,EAAU,YAAY,EAAA,EAAG;AAAA,IACxD,EAAE,OAAA,EAAS,SAAA,EAAW,IAAA,EAAM,QAAA,EAAU,YAAY,EAAA,EAAG;AAAA,IACrD,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,YAAA,EAAc,YAAY,EAAA,EAAG;AAAA,IAC7D,EAAE,OAAA,EAAS,SAAA,EAAW,IAAA,EAAM,QAAA,EAAU,YAAY,EAAA,EAAG;AAAA,IACrD,EAAE,OAAA,EAAS,UAAA,EAAY,IAAA,EAAM,SAAA,EAAW,YAAY,EAAA,EAAG;AAAA,IACvD,EAAE,OAAA,EAAS,SAAA,EAAW,IAAA,EAAM,QAAA,EAAU,YAAY,EAAA,EAAG;AAAA,IACrD,EAAE,OAAA,EAAS,OAAA,EAAS,IAAA,EAAM,MAAA,EAAQ,YAAY,EAAA,EAAG;AAAA;AAAA,IAEjD,EAAE,OAAA,EAAS,WAAA,EAAa,IAAA,EAAM,qBAAA,EAAuB,YAAY,EAAA,EAAG;AAAA,IACpE,EAAE,OAAA,EAAS,gBAAA,EAAkB,IAAA,EAAM,0BAAA,EAA4B,YAAY,EAAA,EAAG;AAAA,IAC9E,EAAE,OAAA,EAAS,SAAA,EAAW,IAAA,EAAM,mBAAA,EAAqB,YAAY,EAAA,EAAG;AAAA,IAChE,EAAE,OAAA,EAAS,qBAAA,EAAuB,IAAA,EAAM,wBAAA,EAA0B,YAAY,EAAA,EAAG;AAAA,IACjF,EAAE,OAAA,EAAS,iBAAA,EAAmB,IAAA,EAAM,sBAAA,EAAwB,YAAY,EAAA,EAAG;AAAA,IAC3E,EAAE,OAAA,EAAS,UAAA,EAAY,IAAA,EAAM,oBAAA,EAAsB,YAAY,EAAA,EAAG;AAAA,IAClE,EAAE,OAAA,EAAS,UAAA,EAAY,IAAA,EAAM,oBAAA,EAAsB,YAAY,EAAA,EAAG;AAAA,IAClE,EAAE,OAAA,EAAS,YAAA,EAAc,IAAA,EAAM,sBAAA,EAAwB,YAAY,EAAA,EAAG;AAAA,IACtE,EAAE,OAAA,EAAS,YAAA,EAAc,IAAA,EAAM,sBAAA,EAAwB,YAAY,EAAA;AAAG,GACxE;AAEA,EAAA,KAAA,MAAW,EAAE,OAAA,EAAS,IAAA,EAAM,UAAA,EAAY,iBAAA,MAAuB,QAAA,EAAU;AACvE,IAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA,EAAG;AAC3B,MAAA,UAAA,GAAa,iBAAA;AACb,MAAA,aAAA,GAAgB,EAAE,IAAA,EAAM,IAAA,CAAK,WAAA,IAAe,IAAA,EAAK;AACjD,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,cAAA,EAAiB,IAAA,CAAK,WAAA,EAAa,CAAA,CAAE,CAAA;AAClD,MAAA;AAAA,IACF;AAAA,EACF;AAGA,EAAA,MAAM,SAAA,GAAY,CAAC,WAAA,EAAa,cAAA,EAAgB,SAAS,iBAAiB,CAAA;AAC1E,EAAA,KAAA,MAAW,CAAC,GAAG,CAAA,IAAK,OAAO,OAAA,CAAQ,KAAA,CAAM,OAAO,CAAA,EAAG;AACjD,IAAA,IAAI,SAAA,CAAU,IAAA,CAAK,CAAC,MAAA,KAAW,GAAA,CAAI,aAAY,CAAE,UAAA,CAAW,MAAM,CAAC,CAAA,EAAG;AACpE,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,EAAE,CAAA;AACpC,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,WAAA,EAAc,GAAG,CAAA,CAAE,CAAA;AAChC,MAAA;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,SAAS,UAAA,GAAa,EAAA;AAAA,IACtB,UAAA;AAAA,IACA,gBACE,UAAA,GAAa,EAAA,IAAM,gBACf,EAAE,IAAA,EAAM,WAAoB,SAAA,EAAW,aAAA,CAAc,MAAK,GAC1D,UAAA,GAAa,KACX,EAAE,IAAA,EAAM,WAAmB,GAC3B,EAAE,MAAM,OAAA,EAAiB;AAAA,IACjC,SAAS,EAAC;AAAA,IACV,GAAI,aAAA,IAAiB,EAAE,aAAA,EAAc;AAAA,IACrC,OAAA;AAAA,IACA,kBAAA,EAAoB,SAAA;AAAA,IACpB,gBAAA,EAAkB,UAAA,GAAa,EAAA,GAAK,QAAA,GAAW,MAAA;AAAA,IAC/C,SAAA,sBAAe,IAAA;AAAK,GACtB;AACF;AAcA,eAAe,eAAe,MAAA,EAA8B;AAC1D,EAAA,IAAI,QAAA;AAMJ,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,gBAAA,EAAkB,YAAA,EAAc,cAAa,GAAI,MAAM,OAC7D,uCACF,CAAA;AACA,MAAA,MAAM,MAAA,GAAS,IAAI,gBAAA,CAAiB,MAAA,CAAO,UAAU,CAAA;AAGrD,MAAA,MAAM,YAAA,GAAe,MAAA,CAAO,MAAA,GACxB,IAAI,YAAA,CAAa;AAAA,QACf,QAAQ,MAAA,CAAO;AAAA,OAChB,CAAA,GACD,KAAA,CAAA;AAGJ,MAAA,MAAM,YAAA,GAAe,IAAI,YAAA,CAAa,MAAA,EAAQ,YAAA,EAAc;AAAA,QAC1D,QAAQ,MAAA,CAAO,MAAA;AAAA,QACf,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAED,MAAA,MAAM,aAAa,WAAA,EAAY;AAE/B,MAAA,IAAI,OAAO,KAAA,EAAO;AAChB,QAAA,OAAA,CAAQ,MAAM,yDAAA,EAA2D;AAAA,UACvE,aAAA,EAAe,CAAC,CAAC,MAAA,CAAO;AAAA,SACzB,CAAA;AAAA,MACH;AAEA,MAAA,QAAA,GAAW;AAAA,QACT,MAAA,EAAQ,OAAO,KAAA,KAAyD;AACtE,UAAA,MAAM,MAAA,GAAS,MAAM,YAAA,CAAa,MAAA,CAAO,KAAK,CAAA;AAG9C,UAAA,OAAO;AAAA,YACL,SAAS,MAAA,CAAO,OAAA;AAAA,YAChB,YAAY,MAAA,CAAO,UAAA;AAAA,YACnB,gBAAgB,MAAA,CAAO,cAAA;AAAA,YACvB,eAAe,MAAA,CAAO,aAAA;AAAA,YACtB,oBAAoB,MAAA,CAAO,kBAAA;AAAA,YAC3B,kBAAkB,MAAA,CAAO,gBAAA;AAAA,YACzB,SAAS,MAAA,CAAO,OAAA;AAAA,YAChB,WAAW,MAAA,CAAO,SAAA;AAAA,YAClB,SAAS,EAAC;AAAA;AAAA,YACV,aAAa,MAAA,CAAO,WAAA;AAAA,YACpB,aAAa,MAAA,CAAO;AAAA,WACtB;AAAA,QACF,CAAA;AAAA,QACA,OAAA,EAAS,MAAM,YAAA,CAAa,OAAA;AAAQ,OACtC;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,KAAA,EAAO;AAChB,QAAA,OAAA,CAAQ,IAAA,CAAK,sEAAsE,KAAK,CAAA;AAAA,MAC1F;AACA,MAAA,QAAA,GAAW;AAAA,QACT,MAAA,EAAQ,aAAA;AAAA,QACR,SAAS,MAAM;AAAA,OACjB;AAAA,IACF;AAAA,EACF,CAAA,MAAO;AAEL,IAAA,IAAI,OAAO,KAAA,EAAO;AAChB,MAAA,OAAA,CAAQ,MAAM,gEAAgE,CAAA;AAAA,IAChF;AACA,IAAA,QAAA,GAAW;AAAA,MACT,MAAA,EAAQ,aAAA;AAAA,MACR,SAAS,MAAM;AAAA,KACjB;AAAA,EACF;AAEA,EAAA,OAAO,QAAA;AACT;AAsBO,SAAS,oBAAA,CAAqB,MAAA,GAA+B,EAAC,EAAG;AACtE,EAAA,IAAI,eAAA,GAA8E,IAAA;AAElF,EAAA,MAAM;AAAA,IACJ,eAAA,GAAkB,KAAA;AAAA,IAClB,WAAA;AAAA,IACA,YAAY,EAAC;AAAA,IACb,mBAAA,GAAsB,EAAA;AAAA,IACtB,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,yCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA,WAAA,GAAc,UAAA;AAAA,IACd,UAAA,GAAa,UAAA;AAAA,IACb,KAAA,GAAQ;AAAA,GACV,GAAI,MAAA;AAEJ,EAAA,OAAO,OAAO,OAAA,KAAgD;AAC5D,IAAA,IAAI;AAEF,MAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,QAAA,eAAA,GAAkB,cAAA,CAAe,EAAE,GAAG,MAAA,EAAQ,OAAO,CAAA;AAAA,MACvD;AACA,MAAA,MAAM,WAAW,MAAM,eAAA;AAGvB,MAAA,MAAM,UAAA,GAAa,SAAA,CAAU,IAAA,CAAK,CAAC,OAAA,KAAY;AAC7C,QAAA,IAAI,OAAO,YAAY,QAAA,EAAU;AAC/B,UAAA,OAAO,OAAA,CAAQ,OAAA,CAAQ,QAAA,CAAS,UAAA,CAAW,OAAO,CAAA;AAAA,QACpD;AACA,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,QAAQ,CAAA;AAAA,MAC9C,CAAC,CAAA;AAED,MAAA,IAAI,UAAA,EAAY;AACd,QAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,MAC3B;AAGA,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAE/B,MAAA,MAAM,aAAA,GAAgB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,iBAAiB,CAAA;AAC3D,MAAA,MAAM,WAAW,aAAA,EAAe,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,GAAG,IAAA,EAAK;AACpD,MAAA,MAAM,KAAA,GAAwB;AAAA,QAC5B,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,IAAK,KAAA,CAAA;AAAA,QAChD,SAAA,EAAW,OAAA,CAAQ,EAAA,IAAM,QAAA,IAAY,KAAA,CAAA;AAAA,QACrC,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,GAAA,EAAK,GAAA,CAAI,QAAA,GAAW,GAAA,CAAI,MAAA;AAAA,QACxB,QAAQ,OAAA,CAAQ;AAAA,OAClB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,MAAA,CAAO,KAAK,CAAA;AAI1C,MAAA,IAAI,OAAO,WAAA,EAAa;AACtB,QAAA,IAAI,KAAA,EAAO;AACT,UAAA,OAAA,CAAQ,MAAM,iCAAA,EAAmC;AAAA,YAC/C,QAAQ,MAAA,CAAO,WAAA;AAAA,YACf,KAAA,EAAO,OAAO,aAAA,EAAe,IAAA;AAAA,YAC7B,YAAY,MAAA,CAAO,UAAA;AAAA,YACnB,QAAA,EAAU,QAAQ,OAAA,CAAQ;AAAA,WAC3B,CAAA;AAAA,QACH;AAGA,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,MAAM,cAAA,GAAiB,MAAM,WAAA,CAAY,OAAA,EAAS,MAAM,CAAA;AACxD,UAAA,IAAI,cAAA,EAAgB;AAClB,YAAA,OAAO,cAAA;AAAA,UACT;AAAA,QACF;AAGA,QAAA,OAAOA,mBAAA,CAAa,IAAA;AAAA,UAClB;AAAA,YACE,KAAA,EAAO,yBAAA;AAAA,YACP,QAAQ,MAAA,CAAO,WAAA;AAAA,YACf,QAAA,EAAU,IAAA;AAAA,YACV,YAAY,MAAA,CAAO,UAAA;AAAA,YACnB,KAAA,EAAO,OAAO,aAAA,EAAe,IAAA;AAAA,YAC7B,WAAW,MAAA,CAAO;AAAA,WACpB;AAAA,UACA;AAAA,YACE,MAAA,EAAQ,GAAA;AAAA,YACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB;AAChD,SACF;AAAA,MACF;AAIA,MAAA,IACE,OAAO,WAAA,KAAgB,KAAA,IACvB,OAAO,OAAA,IACP,MAAA,CAAO,cAAc,mBAAA,EACrB;AAEA,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,MAAM,cAAA,GAAiB,MAAM,WAAA,CAAY,OAAA,EAAS,MAAM,CAAA;AACxD,UAAA,IAAI,cAAA,EAAgB;AAClB,YAAA,OAAO,cAAA;AAAA,UACT;AAAA,QACF;AAGA,QAAA,QAAQ,eAAA;AAAiB,UACvB,KAAK,OAAA,EAAS;AACZ,YAAA,MAAMC,YAAWD,mBAAA,CAAa,IAAA;AAAA,cAC5B;AAAA,gBACE,OAAO,eAAA,CAAgB,OAAA;AAAA,gBACvB,QAAA,EAAU,IAAA;AAAA,gBACV,YAAY,MAAA,CAAO,UAAA;AAAA,gBACnB,WAAW,MAAA,CAAO;AAAA,eACpB;AAAA,cACA,EAAE,MAAA,EAAQ,eAAA,CAAgB,MAAA;AAAO,aACnC;AAEA,YAAA,IAAI,gBAAgB,OAAA,EAAS;AAC3B,cAAA,MAAA,CAAO,OAAA,CAAQ,gBAAgB,OAAO,CAAA,CAAE,QAAQ,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AAChE,gBAAAC,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,cACjC,CAAC,CAAA;AAAA,YACH;AAEA,YAAA,OAAOA,SAAAA;AAAA,UACT;AAAA,UAEA,KAAK,UAAA;AACH,YAAA,OAAOD,oBAAa,QAAA,CAAS,IAAI,IAAI,WAAA,EAAa,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAEhE,KAAK,SAAA;AACH,YAAA,OAAOA,oBAAa,OAAA,CAAQ,IAAI,IAAI,UAAA,EAAY,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAE9D,KAAK,KAAA;AACH,YAAA,IAAI,KAAA,IAAS,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AAClD,cAAA,OAAA,CAAQ,MAAM,6BAAA,EAA+B;AAAA,gBAC3C,WAAW,KAAA,CAAM,SAAA;AAAA,gBACjB,WAAW,KAAA,CAAM,SAAA;AAAA,gBACjB,YAAY,MAAA,CAAO,UAAA;AAAA,gBACnB,KAAA,EAAO,OAAO,aAAA,EAAe,IAAA;AAAA,gBAC7B,QAAA,EAAU,QAAQ,OAAA,CAAQ;AAAA,eAC3B,CAAA;AAAA,YACH;AACA,YAAA;AAAA,UAEF,KAAK,OAAA;AAAA,UACL;AACE,YAAA;AAAA;AACJ,MACF;AAGA,MAAA,MAAM,QAAA,GAAWA,oBAAa,IAAA,EAAK;AAGnC,MAAA,QAAA,CAAS,QAAQ,GAAA,CAAI,wBAAA,EAA0B,MAAA,CAAO,OAAA,CAAQ,UAAU,CAAA;AACxE,MAAA,QAAA,CAAS,QAAQ,GAAA,CAAI,0BAAA,EAA4B,MAAA,CAAO,UAAA,CAAW,UAAU,CAAA;AAC7E,MAAA,IAAI,MAAA,CAAO,eAAe,IAAA,EAAM;AAC9B,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,qBAAA,EAAuB,MAAA,CAAO,cAAc,IAAI,CAAA;AAAA,MACvE;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AACpD,MAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF","file":"index.js","sourcesContent":["/**\n * Edge Runtime Middleware with WASM Support\n *\n * This module provides Next.js middleware that uses the unified WASM runtime.\n * For Edge Runtime, consumers must provide a pre-compiled WASM module via static import:\n *\n * ```typescript\n * // In your middleware.ts\n * import wasmModule from '@kya-os/agentshield-wasm-runtime/wasm?module';\n * import { createEdgeMiddleware } from '@kya-os/agentshield-nextjs/edge';\n *\n * export const middleware = createEdgeMiddleware({\n * wasmModule,\n * apiKey: process.env.AGENTSHIELD_API_KEY,\n * onAgentDetected: 'block',\n * });\n * ```\n *\n * When an API key is provided, the middleware will:\n * 1. Load customer policies (deny lists, allow lists, thresholds) from AgentShield API\n * 2. Automatically block agents that match deny list entries\n * 3. Cache policies for 5 minutes with background refresh\n */\n\nimport { NextRequest, NextResponse } from 'next/server';\nimport type { DetectionResult } from '@kya-os/agentshield-shared';\n\n/**\n * Edge middleware configuration\n */\nexport interface EdgeMiddlewareConfig {\n /**\n * Pre-compiled WebAssembly.Module for Edge Runtime\n * Use static import: `import wasmModule from '@kya-os/agentshield-wasm-runtime/wasm?module'`\n */\n wasmModule?: WebAssembly.Module;\n\n /**\n * API key for loading customer policies from AgentShield dashboard\n * When provided, enables policy enforcement (deny lists, allow lists, thresholds)\n */\n apiKey?: string;\n\n /**\n * Custom URL for the policy API\n * @default 'https://api.agentshield.io'\n */\n policyApiUrl?: string;\n\n /**\n * Action to take when an agent is detected\n * @default 'log'\n */\n onAgentDetected?: 'block' | 'redirect' | 'rewrite' | 'log' | 'allow';\n\n /**\n * Custom handler called when an agent is detected\n * Return a NextResponse to override default behavior\n */\n onDetection?: (\n request: NextRequest,\n result: DetectionResult\n ) => Promise<NextResponse | void> | NextResponse | void;\n\n /**\n * Paths to skip detection (can be string prefixes or RegExp)\n */\n skipPaths?: (string | RegExp)[];\n\n /**\n * Minimum confidence threshold (0-100 scale) for considering a request as agent traffic\n * @default 70\n */\n confidenceThreshold?: number;\n\n /**\n * Response to send when blocking agents\n */\n blockedResponse?: {\n status?: number;\n message?: string;\n headers?: Record<string, string>;\n };\n\n /**\n * URL to redirect to when redirecting agents\n */\n redirectUrl?: string;\n\n /**\n * URL to rewrite to when rewriting agent requests\n */\n rewriteUrl?: string;\n\n /**\n * Enable debug logging\n */\n debug?: boolean;\n}\n\n/**\n * Detection input extracted from request\n */\ninterface DetectionInput {\n userAgent?: string;\n ipAddress?: string;\n headers: Record<string, string>;\n url?: string;\n method?: string;\n}\n\n/**\n * Simple edge-safe detector that uses pattern matching\n * Falls back to this when WASM is not available\n */\nasync function patternDetect(input: DetectionInput): Promise<DetectionResult> {\n const userAgent = input.userAgent?.toLowerCase() || '';\n const reasons: string[] = [];\n let confidence = 0;\n let detectedAgent: { type: string; name: string } | undefined;\n\n // AI agent patterns with confidence scores (0-100 scale)\n const patterns = [\n { pattern: /chatgpt-user/i, name: 'ChatGPT', confidence: 95 },\n { pattern: /claude-web/i, name: 'Claude', confidence: 95 },\n { pattern: /claude-?bot/i, name: 'ClaudeBot', confidence: 95 },\n { pattern: /anthropic/i, name: 'Claude', confidence: 90 },\n { pattern: /gptbot/i, name: 'GPTBot', confidence: 90 },\n { pattern: /perplexity/i, name: 'Perplexity', confidence: 90 },\n { pattern: /openai/i, name: 'OpenAI', confidence: 85 },\n { pattern: /copilot/i, name: 'Copilot', confidence: 85 },\n { pattern: /gemini/i, name: 'Gemini', confidence: 85 },\n { pattern: /bard/i, name: 'Bard', confidence: 85 },\n // HTTP client libraries (often used by AI agents/scrapers)\n { pattern: /^axios\\//i, name: 'HTTP Client (axios)', confidence: 75 },\n { pattern: /^node-fetch\\//i, name: 'HTTP Client (node-fetch)', confidence: 75 },\n { pattern: /^got\\//i, name: 'HTTP Client (got)', confidence: 75 },\n { pattern: /^python-requests\\//i, name: 'HTTP Client (requests)', confidence: 75 },\n { pattern: /^python-urllib/i, name: 'HTTP Client (urllib)', confidence: 75 },\n { pattern: /^curl\\//i, name: 'HTTP Client (curl)', confidence: 60 },\n { pattern: /^wget\\//i, name: 'HTTP Client (wget)', confidence: 60 },\n { pattern: /^httpie\\//i, name: 'HTTP Client (httpie)', confidence: 70 },\n { pattern: /^undici\\//i, name: 'HTTP Client (undici)', confidence: 75 },\n ];\n\n for (const { pattern, name, confidence: patternConfidence } of patterns) {\n if (pattern.test(userAgent)) {\n confidence = patternConfidence;\n detectedAgent = { type: name.toLowerCase(), name };\n reasons.push(`known_pattern:${name.toLowerCase()}`);\n break;\n }\n }\n\n // Check for AI-specific headers\n const aiHeaders = ['x-openai-', 'x-anthropic-', 'x-ai-', 'signature-agent'];\n for (const [key] of Object.entries(input.headers)) {\n if (aiHeaders.some((prefix) => key.toLowerCase().startsWith(prefix))) {\n confidence = Math.max(confidence, 45);\n reasons.push(`ai_headers:${key}`);\n break;\n }\n }\n\n return {\n isAgent: confidence > 30,\n confidence,\n detectionClass:\n confidence > 30 && detectedAgent\n ? { type: 'AiAgent' as const, agentType: detectedAgent.name }\n : confidence > 30\n ? { type: 'Unknown' as const }\n : { type: 'Human' as const },\n signals: [],\n ...(detectedAgent && { detectedAgent }),\n reasons,\n verificationMethod: 'pattern' as const,\n forgeabilityRisk: confidence > 80 ? 'medium' : 'high',\n timestamp: new Date(),\n };\n}\n\n/**\n * Extended detection result with policy enforcement\n */\ninterface PolicyEnforcedResult extends DetectionResult {\n shouldBlock?: boolean;\n blockReason?: 'deny_list' | 'not_in_allow_list' | 'threshold';\n}\n\n/**\n * Create detector using WASM runtime or fallback\n * When apiKey is provided, policy enforcement is enabled\n */\nasync function createDetector(config: EdgeMiddlewareConfig) {\n let detector: {\n detect: (input: DetectionInput) => Promise<PolicyEnforcedResult>;\n isReady: () => boolean;\n };\n\n // Try to use wasm-runtime if WASM module is provided\n if (config.wasmModule) {\n try {\n const { StaticWasmLoader, WasmDetector, PolicyLoader } = await import(\n '@kya-os/agentshield-wasm-runtime/edge'\n );\n const loader = new StaticWasmLoader(config.wasmModule);\n\n // Create policy loader if API key is provided\n const policyLoader = config.apiKey\n ? new PolicyLoader({\n apiUrl: config.policyApiUrl,\n })\n : undefined;\n\n // Create detector with policy support\n const wasmDetector = new WasmDetector(loader, policyLoader, {\n apiKey: config.apiKey,\n debug: config.debug,\n });\n\n await wasmDetector.ensureReady();\n\n if (config.debug) {\n console.debug('[AgentShield] WASM detector initialized in Edge Runtime', {\n policyEnabled: !!config.apiKey,\n });\n }\n\n detector = {\n detect: async (input: DetectionInput): Promise<PolicyEnforcedResult> => {\n const result = await wasmDetector.detect(input);\n // Convert IDetectionResult to DetectionResult by adding required fields\n // Type assertion needed due to different DetectionClass definitions\n return {\n isAgent: result.isAgent,\n confidence: result.confidence,\n detectionClass: result.detectionClass as DetectionResult['detectionClass'],\n detectedAgent: result.detectedAgent,\n verificationMethod: result.verificationMethod,\n forgeabilityRisk: result.forgeabilityRisk,\n reasons: result.reasons,\n timestamp: result.timestamp,\n signals: [], // Required by DetectionResult, empty for WASM results\n shouldBlock: result.shouldBlock,\n blockReason: result.blockReason as PolicyEnforcedResult['blockReason'],\n };\n },\n isReady: () => wasmDetector.isReady(),\n };\n } catch (error) {\n if (config.debug) {\n console.warn('[AgentShield] WASM runtime not available, using pattern detection:', error);\n }\n detector = {\n detect: patternDetect,\n isReady: () => true,\n };\n }\n } else {\n // Use pattern-based detection\n if (config.debug) {\n console.debug('[AgentShield] No WASM module provided, using pattern detection');\n }\n detector = {\n detect: patternDetect,\n isReady: () => true,\n };\n }\n\n return detector;\n}\n\n/**\n * Create Edge middleware with WASM support\n *\n * @example\n * ```typescript\n * // middleware.ts\n * import wasmModule from '@kya-os/agentshield-wasm-runtime/wasm?module';\n * import { createEdgeMiddleware } from '@kya-os/agentshield-nextjs/edge';\n *\n * export const middleware = createEdgeMiddleware({\n * wasmModule,\n * onAgentDetected: 'block',\n * confidenceThreshold: 70,\n * });\n *\n * export const config = {\n * matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],\n * };\n * ```\n */\nexport function createEdgeMiddleware(config: EdgeMiddlewareConfig = {}) {\n let detectorPromise: Promise<Awaited<ReturnType<typeof createDetector>>> | null = null;\n\n const {\n onAgentDetected = 'log',\n onDetection,\n skipPaths = [],\n confidenceThreshold = 70,\n blockedResponse = {\n status: 403,\n message: 'Access denied: Automated agent detected',\n headers: { 'Content-Type': 'application/json' },\n },\n redirectUrl = '/blocked',\n rewriteUrl = '/blocked',\n debug = false,\n } = config;\n\n return async (request: NextRequest): Promise<NextResponse> => {\n try {\n // Initialize detector lazily\n if (!detectorPromise) {\n detectorPromise = createDetector({ ...config, debug });\n }\n const detector = await detectorPromise;\n\n // Check if path should be skipped\n const shouldSkip = skipPaths.some((pattern) => {\n if (typeof pattern === 'string') {\n return request.nextUrl.pathname.startsWith(pattern);\n }\n return pattern.test(request.nextUrl.pathname);\n });\n\n if (shouldSkip) {\n return NextResponse.next();\n }\n\n // Extract request context\n const url = new URL(request.url);\n // Parse X-Forwarded-For header to get client IP (first in comma-separated list)\n const xForwardedFor = request.headers.get('x-forwarded-for');\n const clientIp = xForwardedFor?.split(',')[0]?.trim();\n const input: DetectionInput = {\n userAgent: request.headers.get('user-agent') || undefined,\n ipAddress: request.ip || clientIp || undefined,\n headers: Object.fromEntries(request.headers.entries()),\n url: url.pathname + url.search,\n method: request.method,\n };\n\n // Run detection\n const result = await detector.detect(input);\n\n // POLICY ENFORCEMENT: Check shouldBlock from policy rules (deny list, allow list, threshold)\n // This takes precedence over the general threshold check below\n if (result.shouldBlock) {\n if (debug) {\n console.debug('[AgentShield] Blocked by policy', {\n reason: result.blockReason,\n agent: result.detectedAgent?.name,\n confidence: result.confidence,\n pathname: request.nextUrl.pathname,\n });\n }\n\n // Call custom detection handler if provided\n if (onDetection) {\n const customResponse = await onDetection(request, result);\n if (customResponse) {\n return customResponse;\n }\n }\n\n // Return 403 with policy block reason\n return NextResponse.json(\n {\n error: 'Access denied by policy',\n reason: result.blockReason,\n detected: true,\n confidence: result.confidence,\n agent: result.detectedAgent?.name,\n timestamp: result.timestamp,\n },\n {\n status: 403,\n headers: { 'Content-Type': 'application/json' },\n }\n );\n }\n\n // Check if agent detected above threshold (when policy doesn't block)\n // Skip if shouldBlock === false (agent explicitly allowed by policy)\n if (\n result.shouldBlock !== false &&\n result.isAgent &&\n result.confidence >= confidenceThreshold\n ) {\n // Call custom detection handler if provided\n if (onDetection) {\n const customResponse = await onDetection(request, result);\n if (customResponse) {\n return customResponse;\n }\n }\n\n // Handle based on configuration\n switch (onAgentDetected) {\n case 'block': {\n const response = NextResponse.json(\n {\n error: blockedResponse.message,\n detected: true,\n confidence: result.confidence,\n timestamp: result.timestamp,\n },\n { status: blockedResponse.status }\n );\n\n if (blockedResponse.headers) {\n Object.entries(blockedResponse.headers).forEach(([key, value]) => {\n response.headers.set(key, value);\n });\n }\n\n return response;\n }\n\n case 'redirect':\n return NextResponse.redirect(new URL(redirectUrl, request.url));\n\n case 'rewrite':\n return NextResponse.rewrite(new URL(rewriteUrl, request.url));\n\n case 'log':\n if (debug || process.env.NODE_ENV !== 'production') {\n console.debug('AgentShield: Agent detected', {\n ipAddress: input.ipAddress,\n userAgent: input.userAgent,\n confidence: result.confidence,\n agent: result.detectedAgent?.name,\n pathname: request.nextUrl.pathname,\n });\n }\n break;\n\n case 'allow':\n default:\n break;\n }\n }\n\n // Continue with request\n const response = NextResponse.next();\n\n // Add detection headers\n response.headers.set('x-agentshield-detected', result.isAgent.toString());\n response.headers.set('x-agentshield-confidence', result.confidence.toString());\n if (result.detectedAgent?.name) {\n response.headers.set('x-agentshield-agent', result.detectedAgent.name);\n }\n\n return response;\n } catch (error) {\n console.error('AgentShield middleware error:', error);\n return NextResponse.next();\n }\n };\n}\n\n// Re-export types for convenience\nexport type { DetectionResult };\n"]}

package/dist/edge/index.mjs ADDED Viewed

@@ -0,0 +1,251 @@
+import { NextResponse } from 'next/server';
+// src/edge/index.ts
+async function patternDetect(input) {
+  const userAgent = input.userAgent?.toLowerCase() || "";
+  const reasons = [];
+  let confidence = 0;
+  let detectedAgent;
+  const patterns = [
+    { pattern: /chatgpt-user/i, name: "ChatGPT", confidence: 95 },
+    { pattern: /claude-web/i, name: "Claude", confidence: 95 },
+    { pattern: /claude-?bot/i, name: "ClaudeBot", confidence: 95 },
+    { pattern: /anthropic/i, name: "Claude", confidence: 90 },
+    { pattern: /gptbot/i, name: "GPTBot", confidence: 90 },
+    { pattern: /perplexity/i, name: "Perplexity", confidence: 90 },
+    { pattern: /openai/i, name: "OpenAI", confidence: 85 },
+    { pattern: /copilot/i, name: "Copilot", confidence: 85 },
+    { pattern: /gemini/i, name: "Gemini", confidence: 85 },
+    { pattern: /bard/i, name: "Bard", confidence: 85 },
+    // HTTP client libraries (often used by AI agents/scrapers)
+    { pattern: /^axios\//i, name: "HTTP Client (axios)", confidence: 75 },
+    { pattern: /^node-fetch\//i, name: "HTTP Client (node-fetch)", confidence: 75 },
+    { pattern: /^got\//i, name: "HTTP Client (got)", confidence: 75 },
+    { pattern: /^python-requests\//i, name: "HTTP Client (requests)", confidence: 75 },
+    { pattern: /^python-urllib/i, name: "HTTP Client (urllib)", confidence: 75 },
+    { pattern: /^curl\//i, name: "HTTP Client (curl)", confidence: 60 },
+    { pattern: /^wget\//i, name: "HTTP Client (wget)", confidence: 60 },
+    { pattern: /^httpie\//i, name: "HTTP Client (httpie)", confidence: 70 },
+    { pattern: /^undici\//i, name: "HTTP Client (undici)", confidence: 75 }
+  ];
+  for (const { pattern, name, confidence: patternConfidence } of patterns) {
+    if (pattern.test(userAgent)) {
+      confidence = patternConfidence;
+      detectedAgent = { type: name.toLowerCase(), name };
+      reasons.push(`known_pattern:${name.toLowerCase()}`);
+      break;
+    }
+  }
+  const aiHeaders = ["x-openai-", "x-anthropic-", "x-ai-", "signature-agent"];
+  for (const [key] of Object.entries(input.headers)) {
+    if (aiHeaders.some((prefix) => key.toLowerCase().startsWith(prefix))) {
+      confidence = Math.max(confidence, 45);
+      reasons.push(`ai_headers:${key}`);
+      break;
+    }
+  }
+  return {
+    isAgent: confidence > 30,
+    confidence,
+    detectionClass: confidence > 30 && detectedAgent ? { type: "AiAgent", agentType: detectedAgent.name } : confidence > 30 ? { type: "Unknown" } : { type: "Human" },
+    signals: [],
+    ...detectedAgent && { detectedAgent },
+    reasons,
+    verificationMethod: "pattern",
+    forgeabilityRisk: confidence > 80 ? "medium" : "high",
+    timestamp: /* @__PURE__ */ new Date()
+  };
+}
+async function createDetector(config) {
+  let detector;
+  if (config.wasmModule) {
+    try {
+      const { StaticWasmLoader, WasmDetector, PolicyLoader } = await import('@kya-os/agentshield-wasm-runtime/edge');
+      const loader = new StaticWasmLoader(config.wasmModule);
+      const policyLoader = config.apiKey ? new PolicyLoader({
+        apiUrl: config.policyApiUrl
+      }) : void 0;
+      const wasmDetector = new WasmDetector(loader, policyLoader, {
+        apiKey: config.apiKey,
+        debug: config.debug
+      });
+      await wasmDetector.ensureReady();
+      if (config.debug) {
+        console.debug("[AgentShield] WASM detector initialized in Edge Runtime", {
+          policyEnabled: !!config.apiKey
+        });
+      }
+      detector = {
+        detect: async (input) => {
+          const result = await wasmDetector.detect(input);
+          return {
+            isAgent: result.isAgent,
+            confidence: result.confidence,
+            detectionClass: result.detectionClass,
+            detectedAgent: result.detectedAgent,
+            verificationMethod: result.verificationMethod,
+            forgeabilityRisk: result.forgeabilityRisk,
+            reasons: result.reasons,
+            timestamp: result.timestamp,
+            signals: [],
+            // Required by DetectionResult, empty for WASM results
+            shouldBlock: result.shouldBlock,
+            blockReason: result.blockReason
+          };
+        },
+        isReady: () => wasmDetector.isReady()
+      };
+    } catch (error) {
+      if (config.debug) {
+        console.warn("[AgentShield] WASM runtime not available, using pattern detection:", error);
+      }
+      detector = {
+        detect: patternDetect,
+        isReady: () => true
+      };
+    }
+  } else {
+    if (config.debug) {
+      console.debug("[AgentShield] No WASM module provided, using pattern detection");
+    }
+    detector = {
+      detect: patternDetect,
+      isReady: () => true
+    };
+  }
+  return detector;
+}
+function createEdgeMiddleware(config = {}) {
+  let detectorPromise = null;
+  const {
+    onAgentDetected = "log",
+    onDetection,
+    skipPaths = [],
+    confidenceThreshold = 70,
+    blockedResponse = {
+      status: 403,
+      message: "Access denied: Automated agent detected",
+      headers: { "Content-Type": "application/json" }
+    },
+    redirectUrl = "/blocked",
+    rewriteUrl = "/blocked",
+    debug = false
+  } = config;
+  return async (request) => {
+    try {
+      if (!detectorPromise) {
+        detectorPromise = createDetector({ ...config, debug });
+      }
+      const detector = await detectorPromise;
+      const shouldSkip = skipPaths.some((pattern) => {
+        if (typeof pattern === "string") {
+          return request.nextUrl.pathname.startsWith(pattern);
+        }
+        return pattern.test(request.nextUrl.pathname);
+      });
+      if (shouldSkip) {
+        return NextResponse.next();
+      }
+      const url = new URL(request.url);
+      const xForwardedFor = request.headers.get("x-forwarded-for");
+      const clientIp = xForwardedFor?.split(",")[0]?.trim();
+      const input = {
+        userAgent: request.headers.get("user-agent") || void 0,
+        ipAddress: request.ip || clientIp || void 0,
+        headers: Object.fromEntries(request.headers.entries()),
+        url: url.pathname + url.search,
+        method: request.method
+      };
+      const result = await detector.detect(input);
+      if (result.shouldBlock) {
+        if (debug) {
+          console.debug("[AgentShield] Blocked by policy", {
+            reason: result.blockReason,
+            agent: result.detectedAgent?.name,
+            confidence: result.confidence,
+            pathname: request.nextUrl.pathname
+          });
+        }
+        if (onDetection) {
+          const customResponse = await onDetection(request, result);
+          if (customResponse) {
+            return customResponse;
+          }
+        }
+        return NextResponse.json(
+          {
+            error: "Access denied by policy",
+            reason: result.blockReason,
+            detected: true,
+            confidence: result.confidence,
+            agent: result.detectedAgent?.name,
+            timestamp: result.timestamp
+          },
+          {
+            status: 403,
+            headers: { "Content-Type": "application/json" }
+          }
+        );
+      }
+      if (result.shouldBlock !== false && result.isAgent && result.confidence >= confidenceThreshold) {
+        if (onDetection) {
+          const customResponse = await onDetection(request, result);
+          if (customResponse) {
+            return customResponse;
+          }
+        }
+        switch (onAgentDetected) {
+          case "block": {
+            const response2 = NextResponse.json(
+              {
+                error: blockedResponse.message,
+                detected: true,
+                confidence: result.confidence,
+                timestamp: result.timestamp
+              },
+              { status: blockedResponse.status }
+            );
+            if (blockedResponse.headers) {
+              Object.entries(blockedResponse.headers).forEach(([key, value]) => {
+                response2.headers.set(key, value);
+              });
+            }
+            return response2;
+          }
+          case "redirect":
+            return NextResponse.redirect(new URL(redirectUrl, request.url));
+          case "rewrite":
+            return NextResponse.rewrite(new URL(rewriteUrl, request.url));
+          case "log":
+            if (debug || process.env.NODE_ENV !== "production") {
+              console.debug("AgentShield: Agent detected", {
+                ipAddress: input.ipAddress,
+                userAgent: input.userAgent,
+                confidence: result.confidence,
+                agent: result.detectedAgent?.name,
+                pathname: request.nextUrl.pathname
+              });
+            }
+            break;
+          case "allow":
+          default:
+            break;
+        }
+      }
+      const response = NextResponse.next();
+      response.headers.set("x-agentshield-detected", result.isAgent.toString());
+      response.headers.set("x-agentshield-confidence", result.confidence.toString());
+      if (result.detectedAgent?.name) {
+        response.headers.set("x-agentshield-agent", result.detectedAgent.name);
+      }
+      return response;
+    } catch (error) {
+      console.error("AgentShield middleware error:", error);
+      return NextResponse.next();
+    }
+  };
+}
+export { createEdgeMiddleware };
+//# sourceMappingURL=index.mjs.map
+//# sourceMappingURL=index.mjs.map