npm - @kya-os/agentshield-nextjs - Versions diffs - 0.1.41 → 0.1.43 - Mend

@kya-os/agentshield-nextjs 0.1.41 → 0.1.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (79) hide show

package/dist/.tsbuildinfo +1 -0
package/dist/api-client.d.mts +145 -0
package/dist/api-client.d.ts +145 -0
package/dist/api-client.js +130 -0
package/dist/api-client.js.map +1 -0
package/dist/api-client.mjs +126 -0
package/dist/api-client.mjs.map +1 -0
package/dist/api-middleware.d.mts +118 -0
package/dist/api-middleware.d.ts +118 -0
package/dist/api-middleware.js +295 -0
package/dist/api-middleware.js.map +1 -0
package/dist/api-middleware.mjs +292 -0
package/dist/api-middleware.mjs.map +1 -0
package/dist/create-middleware.d.mts +2 -1
package/dist/create-middleware.d.ts +2 -1
package/dist/create-middleware.js +474 -200
package/dist/create-middleware.js.map +1 -1
package/dist/create-middleware.mjs +454 -200
package/dist/create-middleware.mjs.map +1 -1
package/dist/edge/index.d.mts +110 -0
package/dist/edge/index.d.ts +110 -0
package/dist/edge/index.js +253 -0
package/dist/edge/index.js.map +1 -0
package/dist/edge/index.mjs +251 -0
package/dist/edge/index.mjs.map +1 -0
package/dist/edge-detector-wrapper.d.mts +6 -15
package/dist/edge-detector-wrapper.d.ts +6 -15
package/dist/edge-detector-wrapper.js +314 -95
package/dist/edge-detector-wrapper.js.map +1 -1
package/dist/edge-detector-wrapper.mjs +294 -95
package/dist/edge-detector-wrapper.mjs.map +1 -1
package/dist/edge-runtime-loader.d.mts +1 -1
package/dist/edge-runtime-loader.d.ts +1 -1
package/dist/edge-runtime-loader.js +10 -25
package/dist/edge-runtime-loader.js.map +1 -1
package/dist/edge-runtime-loader.mjs +11 -23
package/dist/edge-runtime-loader.mjs.map +1 -1
package/dist/edge-wasm-middleware.js +2 -1
package/dist/edge-wasm-middleware.js.map +1 -1
package/dist/edge-wasm-middleware.mjs +2 -1
package/dist/edge-wasm-middleware.mjs.map +1 -1
package/dist/enhanced-middleware.d.mts +153 -0
package/dist/enhanced-middleware.d.ts +153 -0
package/dist/enhanced-middleware.js +1074 -0
package/dist/enhanced-middleware.js.map +1 -0
package/dist/enhanced-middleware.mjs +1072 -0
package/dist/enhanced-middleware.mjs.map +1 -0
package/dist/index.d.mts +8 -153
package/dist/index.d.ts +8 -153
package/dist/index.js +821 -233
package/dist/index.js.map +1 -1
package/dist/index.mjs +797 -234
package/dist/index.mjs.map +1 -1
package/dist/middleware.d.mts +2 -1
package/dist/middleware.d.ts +2 -1
package/dist/middleware.js +474 -200
package/dist/middleware.js.map +1 -1
package/dist/middleware.mjs +454 -200
package/dist/middleware.mjs.map +1 -1
package/dist/session-tracker.d.mts +1 -1
package/dist/session-tracker.d.ts +1 -1
package/dist/session-tracker.js.map +1 -1
package/dist/session-tracker.mjs.map +1 -1
package/dist/signature-verifier.d.mts +1 -0
package/dist/signature-verifier.d.ts +1 -0
package/dist/signature-verifier.js +204 -44
package/dist/signature-verifier.js.map +1 -1
package/dist/signature-verifier.mjs +184 -44
package/dist/signature-verifier.mjs.map +1 -1
package/dist/{types-BJTEUa4T.d.mts → types-DVmy9NE3.d.mts} +19 -2
package/dist/{types-BJTEUa4T.d.ts → types-DVmy9NE3.d.ts} +19 -2
package/dist/wasm-middleware.js +15 -6
package/dist/wasm-middleware.js.map +1 -1
package/dist/wasm-middleware.mjs +15 -6
package/dist/wasm-middleware.mjs.map +1 -1
package/package.json +42 -22
package/wasm/agentshield_wasm.js +209 -152
package/wasm/agentshield_wasm_bg.wasm +0 -0
package/wasm/package.json +30 -0

package/dist/edge/index.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/edge/index.ts"],"names":["response"],"mappings":";;;AAmHA,eAAe,cAAc,KAAA,EAAiD;AAC5E,EAAA,MAAM,SAAA,GAAY,KAAA,CAAM,SAAA,EAAW,WAAA,EAAY,IAAK,EAAA;AACpD,EAAA,MAAM,UAAoB,EAAC;AAC3B,EAAA,IAAI,UAAA,GAAa,CAAA;AACjB,EAAA,IAAI,aAAA;AAGJ,EAAA,MAAM,QAAA,GAAW;AAAA,IACf,EAAE,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,SAAA,EAAW,YAAY,EAAA,EAAG;AAAA,IAC5D,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,QAAA,EAAU,YAAY,EAAA,EAAG;AAAA,IACzD,EAAE,OAAA,EAAS,cAAA,EAAgB,IAAA,EAAM,WAAA,EAAa,YAAY,EAAA,EAAG;AAAA,IAC7D,EAAE,OAAA,EAAS,YAAA,EAAc,IAAA,EAAM,QAAA,EAAU,YAAY,EAAA,EAAG;AAAA,IACxD,EAAE,OAAA,EAAS,SAAA,EAAW,IAAA,EAAM,QAAA,EAAU,YAAY,EAAA,EAAG;AAAA,IACrD,EAAE,OAAA,EAAS,aAAA,EAAe,IAAA,EAAM,YAAA,EAAc,YAAY,EAAA,EAAG;AAAA,IAC7D,EAAE,OAAA,EAAS,SAAA,EAAW,IAAA,EAAM,QAAA,EAAU,YAAY,EAAA,EAAG;AAAA,IACrD,EAAE,OAAA,EAAS,UAAA,EAAY,IAAA,EAAM,SAAA,EAAW,YAAY,EAAA,EAAG;AAAA,IACvD,EAAE,OAAA,EAAS,SAAA,EAAW,IAAA,EAAM,QAAA,EAAU,YAAY,EAAA,EAAG;AAAA,IACrD,EAAE,OAAA,EAAS,OAAA,EAAS,IAAA,EAAM,MAAA,EAAQ,YAAY,EAAA,EAAG;AAAA;AAAA,IAEjD,EAAE,OAAA,EAAS,WAAA,EAAa,IAAA,EAAM,qBAAA,EAAuB,YAAY,EAAA,EAAG;AAAA,IACpE,EAAE,OAAA,EAAS,gBAAA,EAAkB,IAAA,EAAM,0BAAA,EAA4B,YAAY,EAAA,EAAG;AAAA,IAC9E,EAAE,OAAA,EAAS,SAAA,EAAW,IAAA,EAAM,mBAAA,EAAqB,YAAY,EAAA,EAAG;AAAA,IAChE,EAAE,OAAA,EAAS,qBAAA,EAAuB,IAAA,EAAM,wBAAA,EAA0B,YAAY,EAAA,EAAG;AAAA,IACjF,EAAE,OAAA,EAAS,iBAAA,EAAmB,IAAA,EAAM,sBAAA,EAAwB,YAAY,EAAA,EAAG;AAAA,IAC3E,EAAE,OAAA,EAAS,UAAA,EAAY,IAAA,EAAM,oBAAA,EAAsB,YAAY,EAAA,EAAG;AAAA,IAClE,EAAE,OAAA,EAAS,UAAA,EAAY,IAAA,EAAM,oBAAA,EAAsB,YAAY,EAAA,EAAG;AAAA,IAClE,EAAE,OAAA,EAAS,YAAA,EAAc,IAAA,EAAM,sBAAA,EAAwB,YAAY,EAAA,EAAG;AAAA,IACtE,EAAE,OAAA,EAAS,YAAA,EAAc,IAAA,EAAM,sBAAA,EAAwB,YAAY,EAAA;AAAG,GACxE;AAEA,EAAA,KAAA,MAAW,EAAE,OAAA,EAAS,IAAA,EAAM,UAAA,EAAY,iBAAA,MAAuB,QAAA,EAAU;AACvE,IAAA,IAAI,OAAA,CAAQ,IAAA,CAAK,SAAS,CAAA,EAAG;AAC3B,MAAA,UAAA,GAAa,iBAAA;AACb,MAAA,aAAA,GAAgB,EAAE,IAAA,EAAM,IAAA,CAAK,WAAA,IAAe,IAAA,EAAK;AACjD,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,cAAA,EAAiB,IAAA,CAAK,WAAA,EAAa,CAAA,CAAE,CAAA;AAClD,MAAA;AAAA,IACF;AAAA,EACF;AAGA,EAAA,MAAM,SAAA,GAAY,CAAC,WAAA,EAAa,cAAA,EAAgB,SAAS,iBAAiB,CAAA;AAC1E,EAAA,KAAA,MAAW,CAAC,GAAG,CAAA,IAAK,OAAO,OAAA,CAAQ,KAAA,CAAM,OAAO,CAAA,EAAG;AACjD,IAAA,IAAI,SAAA,CAAU,IAAA,CAAK,CAAC,MAAA,KAAW,GAAA,CAAI,aAAY,CAAE,UAAA,CAAW,MAAM,CAAC,CAAA,EAAG;AACpE,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,EAAE,CAAA;AACpC,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,WAAA,EAAc,GAAG,CAAA,CAAE,CAAA;AAChC,MAAA;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,SAAS,UAAA,GAAa,EAAA;AAAA,IACtB,UAAA;AAAA,IACA,gBACE,UAAA,GAAa,EAAA,IAAM,gBACf,EAAE,IAAA,EAAM,WAAoB,SAAA,EAAW,aAAA,CAAc,MAAK,GAC1D,UAAA,GAAa,KACX,EAAE,IAAA,EAAM,WAAmB,GAC3B,EAAE,MAAM,OAAA,EAAiB;AAAA,IACjC,SAAS,EAAC;AAAA,IACV,GAAI,aAAA,IAAiB,EAAE,aAAA,EAAc;AAAA,IACrC,OAAA;AAAA,IACA,kBAAA,EAAoB,SAAA;AAAA,IACpB,gBAAA,EAAkB,UAAA,GAAa,EAAA,GAAK,QAAA,GAAW,MAAA;AAAA,IAC/C,SAAA,sBAAe,IAAA;AAAK,GACtB;AACF;AAcA,eAAe,eAAe,MAAA,EAA8B;AAC1D,EAAA,IAAI,QAAA;AAMJ,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,gBAAA,EAAkB,YAAA,EAAc,cAAa,GAAI,MAAM,OAC7D,uCACF,CAAA;AACA,MAAA,MAAM,MAAA,GAAS,IAAI,gBAAA,CAAiB,MAAA,CAAO,UAAU,CAAA;AAGrD,MAAA,MAAM,YAAA,GAAe,MAAA,CAAO,MAAA,GACxB,IAAI,YAAA,CAAa;AAAA,QACf,QAAQ,MAAA,CAAO;AAAA,OAChB,CAAA,GACD,KAAA,CAAA;AAGJ,MAAA,MAAM,YAAA,GAAe,IAAI,YAAA,CAAa,MAAA,EAAQ,YAAA,EAAc;AAAA,QAC1D,QAAQ,MAAA,CAAO,MAAA;AAAA,QACf,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAED,MAAA,MAAM,aAAa,WAAA,EAAY;AAE/B,MAAA,IAAI,OAAO,KAAA,EAAO;AAChB,QAAA,OAAA,CAAQ,MAAM,yDAAA,EAA2D;AAAA,UACvE,aAAA,EAAe,CAAC,CAAC,MAAA,CAAO;AAAA,SACzB,CAAA;AAAA,MACH;AAEA,MAAA,QAAA,GAAW;AAAA,QACT,MAAA,EAAQ,OAAO,KAAA,KAAyD;AACtE,UAAA,MAAM,MAAA,GAAS,MAAM,YAAA,CAAa,MAAA,CAAO,KAAK,CAAA;AAG9C,UAAA,OAAO;AAAA,YACL,SAAS,MAAA,CAAO,OAAA;AAAA,YAChB,YAAY,MAAA,CAAO,UAAA;AAAA,YACnB,gBAAgB,MAAA,CAAO,cAAA;AAAA,YACvB,eAAe,MAAA,CAAO,aAAA;AAAA,YACtB,oBAAoB,MAAA,CAAO,kBAAA;AAAA,YAC3B,kBAAkB,MAAA,CAAO,gBAAA;AAAA,YACzB,SAAS,MAAA,CAAO,OAAA;AAAA,YAChB,WAAW,MAAA,CAAO,SAAA;AAAA,YAClB,SAAS,EAAC;AAAA;AAAA,YACV,aAAa,MAAA,CAAO,WAAA;AAAA,YACpB,aAAa,MAAA,CAAO;AAAA,WACtB;AAAA,QACF,CAAA;AAAA,QACA,OAAA,EAAS,MAAM,YAAA,CAAa,OAAA;AAAQ,OACtC;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,KAAA,EAAO;AAChB,QAAA,OAAA,CAAQ,IAAA,CAAK,sEAAsE,KAAK,CAAA;AAAA,MAC1F;AACA,MAAA,QAAA,GAAW;AAAA,QACT,MAAA,EAAQ,aAAA;AAAA,QACR,SAAS,MAAM;AAAA,OACjB;AAAA,IACF;AAAA,EACF,CAAA,MAAO;AAEL,IAAA,IAAI,OAAO,KAAA,EAAO;AAChB,MAAA,OAAA,CAAQ,MAAM,gEAAgE,CAAA;AAAA,IAChF;AACA,IAAA,QAAA,GAAW;AAAA,MACT,MAAA,EAAQ,aAAA;AAAA,MACR,SAAS,MAAM;AAAA,KACjB;AAAA,EACF;AAEA,EAAA,OAAO,QAAA;AACT;AAsBO,SAAS,oBAAA,CAAqB,MAAA,GAA+B,EAAC,EAAG;AACtE,EAAA,IAAI,eAAA,GAA8E,IAAA;AAElF,EAAA,MAAM;AAAA,IACJ,eAAA,GAAkB,KAAA;AAAA,IAClB,WAAA;AAAA,IACA,YAAY,EAAC;AAAA,IACb,mBAAA,GAAsB,EAAA;AAAA,IACtB,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,yCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA,WAAA,GAAc,UAAA;AAAA,IACd,UAAA,GAAa,UAAA;AAAA,IACb,KAAA,GAAQ;AAAA,GACV,GAAI,MAAA;AAEJ,EAAA,OAAO,OAAO,OAAA,KAAgD;AAC5D,IAAA,IAAI;AAEF,MAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,QAAA,eAAA,GAAkB,cAAA,CAAe,EAAE,GAAG,MAAA,EAAQ,OAAO,CAAA;AAAA,MACvD;AACA,MAAA,MAAM,WAAW,MAAM,eAAA;AAGvB,MAAA,MAAM,UAAA,GAAa,SAAA,CAAU,IAAA,CAAK,CAAC,OAAA,KAAY;AAC7C,QAAA,IAAI,OAAO,YAAY,QAAA,EAAU;AAC/B,UAAA,OAAO,OAAA,CAAQ,OAAA,CAAQ,QAAA,CAAS,UAAA,CAAW,OAAO,CAAA;AAAA,QACpD;AACA,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,QAAQ,CAAA;AAAA,MAC9C,CAAC,CAAA;AAED,MAAA,IAAI,UAAA,EAAY;AACd,QAAA,OAAO,aAAa,IAAA,EAAK;AAAA,MAC3B;AAGA,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAE/B,MAAA,MAAM,aAAA,GAAgB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,iBAAiB,CAAA;AAC3D,MAAA,MAAM,WAAW,aAAA,EAAe,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,GAAG,IAAA,EAAK;AACpD,MAAA,MAAM,KAAA,GAAwB;AAAA,QAC5B,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,IAAK,KAAA,CAAA;AAAA,QAChD,SAAA,EAAW,OAAA,CAAQ,EAAA,IAAM,QAAA,IAAY,KAAA,CAAA;AAAA,QACrC,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,GAAA,EAAK,GAAA,CAAI,QAAA,GAAW,GAAA,CAAI,MAAA;AAAA,QACxB,QAAQ,OAAA,CAAQ;AAAA,OAClB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,MAAA,CAAO,KAAK,CAAA;AAI1C,MAAA,IAAI,OAAO,WAAA,EAAa;AACtB,QAAA,IAAI,KAAA,EAAO;AACT,UAAA,OAAA,CAAQ,MAAM,iCAAA,EAAmC;AAAA,YAC/C,QAAQ,MAAA,CAAO,WAAA;AAAA,YACf,KAAA,EAAO,OAAO,aAAA,EAAe,IAAA;AAAA,YAC7B,YAAY,MAAA,CAAO,UAAA;AAAA,YACnB,QAAA,EAAU,QAAQ,OAAA,CAAQ;AAAA,WAC3B,CAAA;AAAA,QACH;AAGA,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,MAAM,cAAA,GAAiB,MAAM,WAAA,CAAY,OAAA,EAAS,MAAM,CAAA;AACxD,UAAA,IAAI,cAAA,EAAgB;AAClB,YAAA,OAAO,cAAA;AAAA,UACT;AAAA,QACF;AAGA,QAAA,OAAO,YAAA,CAAa,IAAA;AAAA,UAClB;AAAA,YACE,KAAA,EAAO,yBAAA;AAAA,YACP,QAAQ,MAAA,CAAO,WAAA;AAAA,YACf,QAAA,EAAU,IAAA;AAAA,YACV,YAAY,MAAA,CAAO,UAAA;AAAA,YACnB,KAAA,EAAO,OAAO,aAAA,EAAe,IAAA;AAAA,YAC7B,WAAW,MAAA,CAAO;AAAA,WACpB;AAAA,UACA;AAAA,YACE,MAAA,EAAQ,GAAA;AAAA,YACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB;AAChD,SACF;AAAA,MACF;AAIA,MAAA,IACE,OAAO,WAAA,KAAgB,KAAA,IACvB,OAAO,OAAA,IACP,MAAA,CAAO,cAAc,mBAAA,EACrB;AAEA,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,MAAM,cAAA,GAAiB,MAAM,WAAA,CAAY,OAAA,EAAS,MAAM,CAAA;AACxD,UAAA,IAAI,cAAA,EAAgB;AAClB,YAAA,OAAO,cAAA;AAAA,UACT;AAAA,QACF;AAGA,QAAA,QAAQ,eAAA;AAAiB,UACvB,KAAK,OAAA,EAAS;AACZ,YAAA,MAAMA,YAAW,YAAA,CAAa,IAAA;AAAA,cAC5B;AAAA,gBACE,OAAO,eAAA,CAAgB,OAAA;AAAA,gBACvB,QAAA,EAAU,IAAA;AAAA,gBACV,YAAY,MAAA,CAAO,UAAA;AAAA,gBACnB,WAAW,MAAA,CAAO;AAAA,eACpB;AAAA,cACA,EAAE,MAAA,EAAQ,eAAA,CAAgB,MAAA;AAAO,aACnC;AAEA,YAAA,IAAI,gBAAgB,OAAA,EAAS;AAC3B,cAAA,MAAA,CAAO,OAAA,CAAQ,gBAAgB,OAAO,CAAA,CAAE,QAAQ,CAAC,CAAC,GAAA,EAAK,KAAK,CAAA,KAAM;AAChE,gBAAAA,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,cACjC,CAAC,CAAA;AAAA,YACH;AAEA,YAAA,OAAOA,SAAAA;AAAA,UACT;AAAA,UAEA,KAAK,UAAA;AACH,YAAA,OAAO,aAAa,QAAA,CAAS,IAAI,IAAI,WAAA,EAAa,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAEhE,KAAK,SAAA;AACH,YAAA,OAAO,aAAa,OAAA,CAAQ,IAAI,IAAI,UAAA,EAAY,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,UAE9D,KAAK,KAAA;AACH,YAAA,IAAI,KAAA,IAAS,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AAClD,cAAA,OAAA,CAAQ,MAAM,6BAAA,EAA+B;AAAA,gBAC3C,WAAW,KAAA,CAAM,SAAA;AAAA,gBACjB,WAAW,KAAA,CAAM,SAAA;AAAA,gBACjB,YAAY,MAAA,CAAO,UAAA;AAAA,gBACnB,KAAA,EAAO,OAAO,aAAA,EAAe,IAAA;AAAA,gBAC7B,QAAA,EAAU,QAAQ,OAAA,CAAQ;AAAA,eAC3B,CAAA;AAAA,YACH;AACA,YAAA;AAAA,UAEF,KAAK,OAAA;AAAA,UACL;AACE,YAAA;AAAA;AACJ,MACF;AAGA,MAAA,MAAM,QAAA,GAAW,aAAa,IAAA,EAAK;AAGnC,MAAA,QAAA,CAAS,QAAQ,GAAA,CAAI,wBAAA,EAA0B,MAAA,CAAO,OAAA,CAAQ,UAAU,CAAA;AACxE,MAAA,QAAA,CAAS,QAAQ,GAAA,CAAI,0BAAA,EAA4B,MAAA,CAAO,UAAA,CAAW,UAAU,CAAA;AAC7E,MAAA,IAAI,MAAA,CAAO,eAAe,IAAA,EAAM;AAC9B,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,qBAAA,EAAuB,MAAA,CAAO,cAAc,IAAI,CAAA;AAAA,MACvE;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AACpD,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF","file":"index.mjs","sourcesContent":["/**\n * Edge Runtime Middleware with WASM Support\n *\n * This module provides Next.js middleware that uses the unified WASM runtime.\n * For Edge Runtime, consumers must provide a pre-compiled WASM module via static import:\n *\n * ```typescript\n * // In your middleware.ts\n * import wasmModule from '@kya-os/agentshield-wasm-runtime/wasm?module';\n * import { createEdgeMiddleware } from '@kya-os/agentshield-nextjs/edge';\n *\n * export const middleware = createEdgeMiddleware({\n * wasmModule,\n * apiKey: process.env.AGENTSHIELD_API_KEY,\n * onAgentDetected: 'block',\n * });\n * ```\n *\n * When an API key is provided, the middleware will:\n * 1. Load customer policies (deny lists, allow lists, thresholds) from AgentShield API\n * 2. Automatically block agents that match deny list entries\n * 3. Cache policies for 5 minutes with background refresh\n */\n\nimport { NextRequest, NextResponse } from 'next/server';\nimport type { DetectionResult } from '@kya-os/agentshield-shared';\n\n/**\n * Edge middleware configuration\n */\nexport interface EdgeMiddlewareConfig {\n /**\n * Pre-compiled WebAssembly.Module for Edge Runtime\n * Use static import: `import wasmModule from '@kya-os/agentshield-wasm-runtime/wasm?module'`\n */\n wasmModule?: WebAssembly.Module;\n\n /**\n * API key for loading customer policies from AgentShield dashboard\n * When provided, enables policy enforcement (deny lists, allow lists, thresholds)\n */\n apiKey?: string;\n\n /**\n * Custom URL for the policy API\n * @default 'https://api.agentshield.io'\n */\n policyApiUrl?: string;\n\n /**\n * Action to take when an agent is detected\n * @default 'log'\n */\n onAgentDetected?: 'block' | 'redirect' | 'rewrite' | 'log' | 'allow';\n\n /**\n * Custom handler called when an agent is detected\n * Return a NextResponse to override default behavior\n */\n onDetection?: (\n request: NextRequest,\n result: DetectionResult\n ) => Promise<NextResponse | void> | NextResponse | void;\n\n /**\n * Paths to skip detection (can be string prefixes or RegExp)\n */\n skipPaths?: (string | RegExp)[];\n\n /**\n * Minimum confidence threshold (0-100 scale) for considering a request as agent traffic\n * @default 70\n */\n confidenceThreshold?: number;\n\n /**\n * Response to send when blocking agents\n */\n blockedResponse?: {\n status?: number;\n message?: string;\n headers?: Record<string, string>;\n };\n\n /**\n * URL to redirect to when redirecting agents\n */\n redirectUrl?: string;\n\n /**\n * URL to rewrite to when rewriting agent requests\n */\n rewriteUrl?: string;\n\n /**\n * Enable debug logging\n */\n debug?: boolean;\n}\n\n/**\n * Detection input extracted from request\n */\ninterface DetectionInput {\n userAgent?: string;\n ipAddress?: string;\n headers: Record<string, string>;\n url?: string;\n method?: string;\n}\n\n/**\n * Simple edge-safe detector that uses pattern matching\n * Falls back to this when WASM is not available\n */\nasync function patternDetect(input: DetectionInput): Promise<DetectionResult> {\n const userAgent = input.userAgent?.toLowerCase() || '';\n const reasons: string[] = [];\n let confidence = 0;\n let detectedAgent: { type: string; name: string } | undefined;\n\n // AI agent patterns with confidence scores (0-100 scale)\n const patterns = [\n { pattern: /chatgpt-user/i, name: 'ChatGPT', confidence: 95 },\n { pattern: /claude-web/i, name: 'Claude', confidence: 95 },\n { pattern: /claude-?bot/i, name: 'ClaudeBot', confidence: 95 },\n { pattern: /anthropic/i, name: 'Claude', confidence: 90 },\n { pattern: /gptbot/i, name: 'GPTBot', confidence: 90 },\n { pattern: /perplexity/i, name: 'Perplexity', confidence: 90 },\n { pattern: /openai/i, name: 'OpenAI', confidence: 85 },\n { pattern: /copilot/i, name: 'Copilot', confidence: 85 },\n { pattern: /gemini/i, name: 'Gemini', confidence: 85 },\n { pattern: /bard/i, name: 'Bard', confidence: 85 },\n // HTTP client libraries (often used by AI agents/scrapers)\n { pattern: /^axios\\//i, name: 'HTTP Client (axios)', confidence: 75 },\n { pattern: /^node-fetch\\//i, name: 'HTTP Client (node-fetch)', confidence: 75 },\n { pattern: /^got\\//i, name: 'HTTP Client (got)', confidence: 75 },\n { pattern: /^python-requests\\//i, name: 'HTTP Client (requests)', confidence: 75 },\n { pattern: /^python-urllib/i, name: 'HTTP Client (urllib)', confidence: 75 },\n { pattern: /^curl\\//i, name: 'HTTP Client (curl)', confidence: 60 },\n { pattern: /^wget\\//i, name: 'HTTP Client (wget)', confidence: 60 },\n { pattern: /^httpie\\//i, name: 'HTTP Client (httpie)', confidence: 70 },\n { pattern: /^undici\\//i, name: 'HTTP Client (undici)', confidence: 75 },\n ];\n\n for (const { pattern, name, confidence: patternConfidence } of patterns) {\n if (pattern.test(userAgent)) {\n confidence = patternConfidence;\n detectedAgent = { type: name.toLowerCase(), name };\n reasons.push(`known_pattern:${name.toLowerCase()}`);\n break;\n }\n }\n\n // Check for AI-specific headers\n const aiHeaders = ['x-openai-', 'x-anthropic-', 'x-ai-', 'signature-agent'];\n for (const [key] of Object.entries(input.headers)) {\n if (aiHeaders.some((prefix) => key.toLowerCase().startsWith(prefix))) {\n confidence = Math.max(confidence, 45);\n reasons.push(`ai_headers:${key}`);\n break;\n }\n }\n\n return {\n isAgent: confidence > 30,\n confidence,\n detectionClass:\n confidence > 30 && detectedAgent\n ? { type: 'AiAgent' as const, agentType: detectedAgent.name }\n : confidence > 30\n ? { type: 'Unknown' as const }\n : { type: 'Human' as const },\n signals: [],\n ...(detectedAgent && { detectedAgent }),\n reasons,\n verificationMethod: 'pattern' as const,\n forgeabilityRisk: confidence > 80 ? 'medium' : 'high',\n timestamp: new Date(),\n };\n}\n\n/**\n * Extended detection result with policy enforcement\n */\ninterface PolicyEnforcedResult extends DetectionResult {\n shouldBlock?: boolean;\n blockReason?: 'deny_list' | 'not_in_allow_list' | 'threshold';\n}\n\n/**\n * Create detector using WASM runtime or fallback\n * When apiKey is provided, policy enforcement is enabled\n */\nasync function createDetector(config: EdgeMiddlewareConfig) {\n let detector: {\n detect: (input: DetectionInput) => Promise<PolicyEnforcedResult>;\n isReady: () => boolean;\n };\n\n // Try to use wasm-runtime if WASM module is provided\n if (config.wasmModule) {\n try {\n const { StaticWasmLoader, WasmDetector, PolicyLoader } = await import(\n '@kya-os/agentshield-wasm-runtime/edge'\n );\n const loader = new StaticWasmLoader(config.wasmModule);\n\n // Create policy loader if API key is provided\n const policyLoader = config.apiKey\n ? new PolicyLoader({\n apiUrl: config.policyApiUrl,\n })\n : undefined;\n\n // Create detector with policy support\n const wasmDetector = new WasmDetector(loader, policyLoader, {\n apiKey: config.apiKey,\n debug: config.debug,\n });\n\n await wasmDetector.ensureReady();\n\n if (config.debug) {\n console.debug('[AgentShield] WASM detector initialized in Edge Runtime', {\n policyEnabled: !!config.apiKey,\n });\n }\n\n detector = {\n detect: async (input: DetectionInput): Promise<PolicyEnforcedResult> => {\n const result = await wasmDetector.detect(input);\n // Convert IDetectionResult to DetectionResult by adding required fields\n // Type assertion needed due to different DetectionClass definitions\n return {\n isAgent: result.isAgent,\n confidence: result.confidence,\n detectionClass: result.detectionClass as DetectionResult['detectionClass'],\n detectedAgent: result.detectedAgent,\n verificationMethod: result.verificationMethod,\n forgeabilityRisk: result.forgeabilityRisk,\n reasons: result.reasons,\n timestamp: result.timestamp,\n signals: [], // Required by DetectionResult, empty for WASM results\n shouldBlock: result.shouldBlock,\n blockReason: result.blockReason as PolicyEnforcedResult['blockReason'],\n };\n },\n isReady: () => wasmDetector.isReady(),\n };\n } catch (error) {\n if (config.debug) {\n console.warn('[AgentShield] WASM runtime not available, using pattern detection:', error);\n }\n detector = {\n detect: patternDetect,\n isReady: () => true,\n };\n }\n } else {\n // Use pattern-based detection\n if (config.debug) {\n console.debug('[AgentShield] No WASM module provided, using pattern detection');\n }\n detector = {\n detect: patternDetect,\n isReady: () => true,\n };\n }\n\n return detector;\n}\n\n/**\n * Create Edge middleware with WASM support\n *\n * @example\n * ```typescript\n * // middleware.ts\n * import wasmModule from '@kya-os/agentshield-wasm-runtime/wasm?module';\n * import { createEdgeMiddleware } from '@kya-os/agentshield-nextjs/edge';\n *\n * export const middleware = createEdgeMiddleware({\n * wasmModule,\n * onAgentDetected: 'block',\n * confidenceThreshold: 70,\n * });\n *\n * export const config = {\n * matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],\n * };\n * ```\n */\nexport function createEdgeMiddleware(config: EdgeMiddlewareConfig = {}) {\n let detectorPromise: Promise<Awaited<ReturnType<typeof createDetector>>> | null = null;\n\n const {\n onAgentDetected = 'log',\n onDetection,\n skipPaths = [],\n confidenceThreshold = 70,\n blockedResponse = {\n status: 403,\n message: 'Access denied: Automated agent detected',\n headers: { 'Content-Type': 'application/json' },\n },\n redirectUrl = '/blocked',\n rewriteUrl = '/blocked',\n debug = false,\n } = config;\n\n return async (request: NextRequest): Promise<NextResponse> => {\n try {\n // Initialize detector lazily\n if (!detectorPromise) {\n detectorPromise = createDetector({ ...config, debug });\n }\n const detector = await detectorPromise;\n\n // Check if path should be skipped\n const shouldSkip = skipPaths.some((pattern) => {\n if (typeof pattern === 'string') {\n return request.nextUrl.pathname.startsWith(pattern);\n }\n return pattern.test(request.nextUrl.pathname);\n });\n\n if (shouldSkip) {\n return NextResponse.next();\n }\n\n // Extract request context\n const url = new URL(request.url);\n // Parse X-Forwarded-For header to get client IP (first in comma-separated list)\n const xForwardedFor = request.headers.get('x-forwarded-for');\n const clientIp = xForwardedFor?.split(',')[0]?.trim();\n const input: DetectionInput = {\n userAgent: request.headers.get('user-agent') || undefined,\n ipAddress: request.ip || clientIp || undefined,\n headers: Object.fromEntries(request.headers.entries()),\n url: url.pathname + url.search,\n method: request.method,\n };\n\n // Run detection\n const result = await detector.detect(input);\n\n // POLICY ENFORCEMENT: Check shouldBlock from policy rules (deny list, allow list, threshold)\n // This takes precedence over the general threshold check below\n if (result.shouldBlock) {\n if (debug) {\n console.debug('[AgentShield] Blocked by policy', {\n reason: result.blockReason,\n agent: result.detectedAgent?.name,\n confidence: result.confidence,\n pathname: request.nextUrl.pathname,\n });\n }\n\n // Call custom detection handler if provided\n if (onDetection) {\n const customResponse = await onDetection(request, result);\n if (customResponse) {\n return customResponse;\n }\n }\n\n // Return 403 with policy block reason\n return NextResponse.json(\n {\n error: 'Access denied by policy',\n reason: result.blockReason,\n detected: true,\n confidence: result.confidence,\n agent: result.detectedAgent?.name,\n timestamp: result.timestamp,\n },\n {\n status: 403,\n headers: { 'Content-Type': 'application/json' },\n }\n );\n }\n\n // Check if agent detected above threshold (when policy doesn't block)\n // Skip if shouldBlock === false (agent explicitly allowed by policy)\n if (\n result.shouldBlock !== false &&\n result.isAgent &&\n result.confidence >= confidenceThreshold\n ) {\n // Call custom detection handler if provided\n if (onDetection) {\n const customResponse = await onDetection(request, result);\n if (customResponse) {\n return customResponse;\n }\n }\n\n // Handle based on configuration\n switch (onAgentDetected) {\n case 'block': {\n const response = NextResponse.json(\n {\n error: blockedResponse.message,\n detected: true,\n confidence: result.confidence,\n timestamp: result.timestamp,\n },\n { status: blockedResponse.status }\n );\n\n if (blockedResponse.headers) {\n Object.entries(blockedResponse.headers).forEach(([key, value]) => {\n response.headers.set(key, value);\n });\n }\n\n return response;\n }\n\n case 'redirect':\n return NextResponse.redirect(new URL(redirectUrl, request.url));\n\n case 'rewrite':\n return NextResponse.rewrite(new URL(rewriteUrl, request.url));\n\n case 'log':\n if (debug || process.env.NODE_ENV !== 'production') {\n console.debug('AgentShield: Agent detected', {\n ipAddress: input.ipAddress,\n userAgent: input.userAgent,\n confidence: result.confidence,\n agent: result.detectedAgent?.name,\n pathname: request.nextUrl.pathname,\n });\n }\n break;\n\n case 'allow':\n default:\n break;\n }\n }\n\n // Continue with request\n const response = NextResponse.next();\n\n // Add detection headers\n response.headers.set('x-agentshield-detected', result.isAgent.toString());\n response.headers.set('x-agentshield-confidence', result.confidence.toString());\n if (result.detectedAgent?.name) {\n response.headers.set('x-agentshield-agent', result.detectedAgent.name);\n }\n\n return response;\n } catch (error) {\n console.error('AgentShield middleware error:', error);\n return NextResponse.next();\n }\n };\n}\n\n// Re-export types for convenience\nexport type { DetectionResult };\n"]}

package/dist/edge-detector-wrapper.d.mts CHANGED Viewed

@@ -1,3 +1,5 @@
+import { DetectionResult } from '@kya-os/agentshield-shared';
 /**
  * Wrapper for EdgeAgentDetector to match AgentDetector interface
  * This allows the middleware to work with EdgeAgentDetector in Edge Runtime
@@ -14,29 +16,18 @@ type DetectionInput = {
     method?: string;
     timestamp?: Date;
 };
-type DetectionResult = {
-    isAgent: boolean;
-    confidence: number;
-    detectedAgent?: {
-        type: string;
-        name: string;
-    };
-    reasons: string[];
-    verificationMethod?: string;
-    forgeabilityRisk?: 'low' | 'medium' | 'high';
-    timestamp: Date;
-};
-type EventHandler = (...args: any[]) => void;
+type EventHandler = (...args: unknown[]) => void;
 /**
  * Wrapper that provides event emitter functionality
  */
 declare class EdgeAgentDetectorWrapper {
     private detector;
     private events;
-    constructor(_config?: any);
+    constructor(_config?: unknown);
     analyze(input: DetectionInput): Promise<DetectionResult>;
     on(event: string, handler: EventHandler): void;
-    emit(event: string, ...args: any[]): void;
+    emit(event: string, ...args: unknown[]): void;
     init(): Promise<void>;
 }

package/dist/edge-detector-wrapper.d.ts CHANGED Viewed

@@ -1,3 +1,5 @@
+import { DetectionResult } from '@kya-os/agentshield-shared';
 /**
  * Wrapper for EdgeAgentDetector to match AgentDetector interface
  * This allows the middleware to work with EdgeAgentDetector in Edge Runtime
@@ -14,29 +16,18 @@ type DetectionInput = {
     method?: string;
     timestamp?: Date;
 };
-type DetectionResult = {
-    isAgent: boolean;
-    confidence: number;
-    detectedAgent?: {
-        type: string;
-        name: string;
-    };
-    reasons: string[];
-    verificationMethod?: string;
-    forgeabilityRisk?: 'low' | 'medium' | 'high';
-    timestamp: Date;
-};
-type EventHandler = (...args: any[]) => void;
+type EventHandler = (...args: unknown[]) => void;
 /**
  * Wrapper that provides event emitter functionality
  */
 declare class EdgeAgentDetectorWrapper {
     private detector;
     private events;
-    constructor(_config?: any);
+    constructor(_config?: unknown);
     analyze(input: DetectionInput): Promise<DetectionResult>;
     on(event: string, handler: EventHandler): void;
-    emit(event: string, ...args: any[]): void;
+    emit(event: string, ...args: unknown[]): void;
     init(): Promise<void>;
 }

package/dist/edge-detector-wrapper.js CHANGED Viewed

@@ -1,17 +1,150 @@
 'use strict';
+var ed25519 = require('@noble/ed25519');
+var sha2_js = require('@noble/hashes/sha2.js');
+var agentshieldShared = require('@kya-os/agentshield-shared');
+function _interopNamespace(e) {
+  if (e && e.__esModule) return e;
+  var n = Object.create(null);
+  if (e) {
+    Object.keys(e).forEach(function (k) {
+      if (k !== 'default') {
+        var d = Object.getOwnPropertyDescriptor(e, k);
+        Object.defineProperty(n, k, d.get ? d : {
+          enumerable: true,
+          get: function () { return e[k]; }
+        });
+      }
+    });
+  }
+  n.default = e;
+  return Object.freeze(n);
+}
+var ed25519__namespace = /*#__PURE__*/_interopNamespace(ed25519);
 // src/signature-verifier.ts
+ed25519__namespace.etc.sha512Sync = (...m) => sha2_js.sha512(ed25519__namespace.etc.concatBytes(...m));
 var KNOWN_KEYS = {
   chatgpt: [
     {
       kid: "otMqcjr17mGyruktGvJU8oojQTSMHlVm7uO-lrcqbdg",
       // ChatGPT's current Ed25519 public key (base64)
+      // Source: https://chatgpt.com/.well-known/http-message-signatures-directory
       publicKey: "7F_3jDlxaquwh291MiACkcS3Opq88NksyHiakzS-Y1g",
-      validFrom: (/* @__PURE__ */ new Date("2025-01-01")).getTime() / 1e3,
-      validUntil: (/* @__PURE__ */ new Date("2025-04-11")).getTime() / 1e3
+      validFrom: 1735689600,
+      // Jan 1, 2025 (from OpenAI's nbf)
+      // Extended expiration as fallback safety - API fetch should provide fresh keys
+      // Check OpenAI's well-known endpoint for actual expiration dates
+      validUntil: 1799625600
+      // Jan 1, 2027 (extended for fallback safety)
     }
   ]
 };
+var keyCache = /* @__PURE__ */ new Map();
+var CACHE_TTL_MS = 5 * 60 * 1e3;
+var CACHE_MAX_SIZE = 100;
+function getApiBaseUrl() {
+  if (typeof window !== "undefined") {
+    return "/api/internal";
+  }
+  const baseUrl = process.env.NEXT_PUBLIC_APP_URL || process.env.NEXT_PUBLIC_API_URL || process.env.API_URL || (process.env.VERCEL_URL ? `https://${process.env.VERCEL_URL}` : null);
+  if (baseUrl) {
+    return baseUrl.replace(/\/$/, "") + "/api/internal";
+  }
+  if (process.env.NODE_ENV !== "production") {
+    console.warn(
+      "[Signature] No base URL configured for server-side fetch. Using localhost fallback."
+    );
+    return "http://localhost:3000/api/internal";
+  }
+  console.error(
+    "[Signature] CRITICAL: No base URL configured for server-side fetch in production!"
+  );
+  return "/api/internal";
+}
+function cleanupExpiredCache() {
+  const now = Date.now();
+  const entriesToDelete = [];
+  for (const [agent, cached] of keyCache.entries()) {
+    if (now - cached.cachedAt > CACHE_TTL_MS) {
+      entriesToDelete.push(agent);
+    }
+  }
+  for (const agent of entriesToDelete) {
+    keyCache.delete(agent);
+  }
+  if (keyCache.size > CACHE_MAX_SIZE) {
+    const entries = Array.from(keyCache.entries()).map(([agent, cached]) => ({
+      agent,
+      cachedAt: cached.cachedAt
+    }));
+    entries.sort((a, b) => a.cachedAt - b.cachedAt);
+    const toRemove = entries.slice(0, keyCache.size - CACHE_MAX_SIZE);
+    for (const entry of toRemove) {
+      keyCache.delete(entry.agent);
+    }
+  }
+}
+async function fetchKeysFromApi(agent) {
+  if (keyCache.size > CACHE_MAX_SIZE) {
+    cleanupExpiredCache();
+  }
+  const cached = keyCache.get(agent);
+  if (cached && Date.now() - cached.cachedAt < CACHE_TTL_MS) {
+    return cached.keys;
+  }
+  if (typeof fetch === "undefined") {
+    console.warn("[Signature] fetch() not available in this environment");
+    return null;
+  }
+  try {
+    const apiBaseUrl = getApiBaseUrl();
+    const url = `${apiBaseUrl}/signature-keys?agent=${encodeURIComponent(agent)}`;
+    const response = await fetch(url, {
+      method: "GET",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      // 5 second timeout
+      signal: AbortSignal.timeout(5e3)
+    });
+    if (!response.ok) {
+      console.warn(`[Signature] Failed to fetch keys from API: ${response.status}`);
+      return null;
+    }
+    const data = await response.json();
+    if (!data.keys || !Array.isArray(data.keys) || data.keys.length === 0) {
+      console.warn(`[Signature] No keys returned from API for agent: ${agent}`);
+      return null;
+    }
+    keyCache.set(agent, {
+      keys: data.keys,
+      cachedAt: Date.now()
+    });
+    return data.keys;
+  } catch (error) {
+    console.warn("[Signature] Error fetching keys from API, using fallback", {
+      error: error instanceof Error ? error.message : "Unknown error",
+      agent
+    });
+    return null;
+  }
+}
+function isValidAgent(agent) {
+  return agent in KNOWN_KEYS;
+}
+async function getKeysForAgent(agent) {
+  const apiKeys = await fetchKeysFromApi(agent);
+  if (apiKeys && apiKeys.length > 0) {
+    return apiKeys;
+  }
+  if (isValidAgent(agent)) {
+    return KNOWN_KEYS[agent];
+  }
+  return [];
+}
 function parseSignatureInput(signatureInput) {
   try {
     const match = signatureInput.match(/sig1=\((.*?)\);(.+)/);
@@ -47,21 +180,29 @@ function buildSignatureBase(method, path, headers, signedHeaders) {
       case "@authority":
         value = headers["host"] || headers["Host"] || "";
         break;
-      default:
-        const key = Object.keys(headers).find(
-          (k) => k.toLowerCase() === headerName.toLowerCase()
-        );
+      default: {
+        const key = Object.keys(headers).find((k) => k.toLowerCase() === headerName.toLowerCase());
         value = key ? headers[key] || "" : "";
         break;
+      }
     }
     components.push(`"${headerName}": ${value}`);
   }
   return components.join("\n");
 }
+function base64ToBytes(base64) {
+  let standardBase64 = base64.replace(/-/g, "+").replace(/_/g, "/");
+  const padding = standardBase64.length % 4;
+  if (padding) {
+    standardBase64 += "=".repeat(4 - padding);
+  }
+  const binaryString = atob(standardBase64);
+  return Uint8Array.from(binaryString, (c) => c.charCodeAt(0));
+}
 async function verifyEd25519Signature(publicKeyBase64, signatureBase64, message) {
   try {
-    const publicKeyBytes = Uint8Array.from(atob(publicKeyBase64), (c) => c.charCodeAt(0));
-    const signatureBytes = Uint8Array.from(atob(signatureBase64), (c) => c.charCodeAt(0));
+    const publicKeyBytes = base64ToBytes(publicKeyBase64);
+    const signatureBytes = base64ToBytes(signatureBase64);
     const messageBytes = new TextEncoder().encode(message);
     if (publicKeyBytes.length !== 32) {
       console.error("[Signature] Invalid public key length:", publicKeyBytes.length);
@@ -71,34 +212,36 @@ async function verifyEd25519Signature(publicKeyBase64, signatureBase64, message)
       console.error("[Signature] Invalid signature length:", signatureBytes.length);
       return false;
     }
-    const publicKey = await crypto.subtle.importKey(
-      "raw",
-      publicKeyBytes,
-      {
-        name: "Ed25519",
-        namedCurve: "Ed25519"
-      },
-      false,
-      ["verify"]
-    );
-    const isValid = await crypto.subtle.verify(
-      "Ed25519",
-      publicKey,
-      signatureBytes,
-      messageBytes
-    );
-    return isValid;
-  } catch (error) {
-    console.error("[Signature] Ed25519 verification failed:", error);
-    if (typeof window === "undefined") {
-      try {
-        console.warn("[Signature] Ed25519 not supported in this environment");
-        return false;
-      } catch {
-        return false;
-      }
+    return ed25519__namespace.verify(signatureBytes, messageBytes, publicKeyBytes);
+  } catch (nobleError) {
+    console.warn("[Signature] @noble/ed25519 failed, trying Web Crypto fallback:", nobleError);
+    try {
+      const publicKeyBytes = base64ToBytes(publicKeyBase64);
+      const signatureBytes = base64ToBytes(signatureBase64);
+      const messageBytes = new TextEncoder().encode(message);
+      const publicKey = await crypto.subtle.importKey(
+        "raw",
+        publicKeyBytes.buffer,
+        {
+          name: "Ed25519",
+          namedCurve: "Ed25519"
+        },
+        false,
+        ["verify"]
+      );
+      return await crypto.subtle.verify(
+        "Ed25519",
+        publicKey,
+        signatureBytes.buffer,
+        messageBytes
+      );
+    } catch (cryptoError) {
+      console.error("[Signature] Both @noble/ed25519 and Web Crypto failed:", {
+        nobleError: nobleError instanceof Error ? nobleError.message : "Unknown",
+        cryptoError: cryptoError instanceof Error ? cryptoError.message : "Unknown"
+      });
+      return false;
     }
-    return false;
   }
 }
 async function verifyAgentSignature(method, path, headers) {
@@ -143,12 +286,12 @@ async function verifyAgentSignature(method, path, headers) {
     }
   }
   let agent;
-  let knownKeys;
+  let agentKey;
   if (signatureAgent === '"https://chatgpt.com"' || signatureAgent?.includes("chatgpt.com")) {
     agent = "ChatGPT";
-    knownKeys = KNOWN_KEYS.chatgpt;
+    agentKey = "chatgpt";
   }
-  if (!agent || !knownKeys) {
+  if (!agent || !agentKey) {
     return {
       isValid: false,
       confidence: 0,
@@ -156,6 +299,15 @@ async function verifyAgentSignature(method, path, headers) {
       verificationMethod: "none"
     };
   }
+  const knownKeys = await getKeysForAgent(agentKey);
+  if (knownKeys.length === 0) {
+    return {
+      isValid: false,
+      confidence: 0,
+      reason: "No keys available for agent",
+      verificationMethod: "none"
+    };
+  }
   const key = knownKeys.find((k) => k.kid === parsed.keyid);
   if (!key) {
     return {
@@ -182,11 +334,7 @@ async function verifyAgentSignature(method, path, headers) {
   if (signatureValue.endsWith(":")) {
     signatureValue = signatureValue.slice(0, -1);
   }
-  const isValid = await verifyEd25519Signature(
-    key.publicKey,
-    signatureValue,
-    signatureBase
-  );
+  const isValid = await verifyEd25519Signature(key.publicKey, signatureValue, signatureBase);
   if (isValid) {
     return {
       isValid: true,
@@ -210,27 +358,27 @@ function hasSignatureHeaders(headers) {
 }
 function isChatGPTSignature(headers) {
   const signatureAgent = headers["signature-agent"] || headers["Signature-Agent"];
-  return signatureAgent === '"https://chatgpt.com"' || (signatureAgent?.includes("chatgpt.com") || false);
+  if (!signatureAgent) {
+    return false;
+  }
+  const agentUrlStr = signatureAgent.replace(/^"+|"+$/g, "");
+  if (agentUrlStr === "https://chatgpt.com") {
+    return true;
+  }
+  try {
+    const agentUrl = new URL(agentUrlStr);
+    const allowedHosts = ["chatgpt.com", "www.chatgpt.com"];
+    return allowedHosts.includes(agentUrl.host);
+  } catch {
+    return false;
+  }
 }
-// src/edge-detector-wrapper.ts
-var AI_AGENT_PATTERNS = [
-  { pattern: /chatgpt-user/i, type: "chatgpt", name: "ChatGPT" },
-  { pattern: /claude-web/i, type: "claude", name: "Claude" },
-  { pattern: /perplexitybot/i, type: "perplexity", name: "Perplexity" },
-  { pattern: /perplexity-user/i, type: "perplexity", name: "Perplexity" },
-  { pattern: /perplexity-ai/i, type: "perplexity", name: "Perplexity" },
-  { pattern: /perplexity/i, type: "perplexity", name: "Perplexity" },
-  // Fallback
-  { pattern: /bingbot/i, type: "bing", name: "Bing AI" },
-  { pattern: /anthropic-ai/i, type: "anthropic", name: "Anthropic" }
-];
-var CLOUD_PROVIDERS = {
-  aws: ["54.", "52.", "35.", "18.", "3."],
-  gcp: ["35.", "34.", "104.", "107.", "108."],
-  azure: ["13.", "20.", "40.", "52.", "104."]
-};
+var rules = agentshieldShared.loadRulesSync();
 var EdgeAgentDetector = class {
+  rules;
+  constructor() {
+    this.rules = rules;
+  }
   async analyze(input) {
     const reasons = [];
     let detectedAgent;
@@ -249,7 +397,7 @@ var EdgeAgentDetector = class {
           headers
         );
         if (signatureResult.isValid) {
-          confidence = signatureResult.confidence;
+          confidence = signatureResult.confidence * 100;
           reasons.push(`verified_signature:${signatureResult.agent?.toLowerCase() || "unknown"}`);
           if (signatureResult.agent) {
             detectedAgent = {
@@ -262,7 +410,13 @@ var EdgeAgentDetector = class {
             reasons.push(`keyid:${signatureResult.keyid}`);
           }
         } else {
-          confidence = Math.max(confidence, 0.3);
+          console.warn("[EdgeAgentDetector] Signature verification failed:", {
+            reason: signatureResult.reason,
+            agent: signatureResult.agent,
+            hasSignatureAgent: !!headers["signature-agent"] || !!headers["Signature-Agent"],
+            signatureAgentValue: headers["signature-agent"] || headers["Signature-Agent"]
+          });
+          confidence = Math.max(confidence, 30);
           reasons.push("invalid_signature");
           if (signatureResult.reason) {
             reasons.push(`signature_error:${signatureResult.reason}`);
@@ -274,68 +428,133 @@ var EdgeAgentDetector = class {
         }
       } catch (error) {
         console.error("[EdgeAgentDetector] Signature verification error:", error);
-        confidence = Math.max(confidence, 0.2);
+        confidence = Math.max(confidence, 20);
         reasons.push("signature_verification_error");
       }
     }
     const userAgent = input.userAgent || input.headers?.["user-agent"] || "";
     if (userAgent) {
-      for (const { pattern, type, name } of AI_AGENT_PATTERNS) {
-        if (pattern.test(userAgent)) {
-          const highConfidenceAgents = [
-            "chatgpt",
-            "claude",
-            "perplexity",
-            "anthropic"
-          ];
-          const patternConfidence = highConfidenceAgents.includes(type) ? 0.85 : 0.5;
-          confidence = Math.max(confidence, patternConfidence);
-          reasons.push(`known_pattern:${type}`);
+      const userAgentEntries = Object.entries(this.rules.rules.userAgents);
+      const genericKeys = ["generic_bot", "dev_tools", "automation_tools"];
+      const sortedEntries = userAgentEntries.sort((a, b) => {
+        const aIsGeneric = genericKeys.includes(a[0]);
+        const bIsGeneric = genericKeys.includes(b[0]);
+        if (aIsGeneric && !bIsGeneric) return 1;
+        if (!aIsGeneric && bIsGeneric) return -1;
+        return 0;
+      });
+      for (const [agentKey, agentRule] of sortedEntries) {
+        const rule = agentRule;
+        const matched = rule.patterns.some((pattern) => {
+          const regex = new RegExp(pattern, "i");
+          return regex.test(userAgent);
+        });
+        if (matched) {
+          const agentType = this.getAgentType(agentKey);
+          const agentName = this.getAgentName(agentKey);
+          confidence = Math.max(confidence, rule.confidence * 100);
+          reasons.push(`known_pattern:${agentType}`);
           if (!detectedAgent) {
-            detectedAgent = { type, name };
+            detectedAgent = { type: agentType, name: agentName };
             verificationMethod = "pattern";
           }
           break;
         }
       }
     }
-    const aiHeaders = [
-      "openai-conversation-id",
-      "openai-ephemeral-user-id",
-      "anthropic-client-id",
-      "x-goog-api-client",
-      "x-ms-copilot-id"
-    ];
-    const foundAiHeaders = aiHeaders.filter(
-      (header) => normalizedHeaders[header]
+    const suspiciousHeaders = this.rules.rules.headers.suspicious;
+    const foundAiHeaders = suspiciousHeaders.filter(
+      (headerRule) => normalizedHeaders[headerRule.name.toLowerCase()]
     );
     if (foundAiHeaders.length > 0) {
-      confidence = Math.max(confidence, 0.6);
+      const maxConfidence = Math.max(...foundAiHeaders.map((h) => h.confidence * 100));
+      confidence = Math.max(confidence, maxConfidence);
       reasons.push(`ai_headers:${foundAiHeaders.length}`);
     }
     const ip = input.ip || input.ipAddress;
     if (ip && !normalizedHeaders["x-forwarded-for"] && !normalizedHeaders["x-real-ip"]) {
-      for (const [provider, prefixes] of Object.entries(CLOUD_PROVIDERS)) {
-        if (prefixes.some((prefix) => ip.startsWith(prefix))) {
-          confidence = Math.max(confidence, 0.4);
+      const ipRanges = "providers" in this.rules.rules.ipRanges ? this.rules.rules.ipRanges.providers : this.rules.rules.ipRanges;
+      for (const [provider, ipRule] of Object.entries(ipRanges)) {
+        if (!ipRule || typeof ipRule !== "object" || !("ranges" in ipRule) || !Array.isArray(ipRule.ranges))
+          continue;
+        const matched = ipRule.ranges.some((range) => {
+          const prefix = range.split("/")[0];
+          const prefixParts = prefix.split(".");
+          const ipParts = ip.split(".");
+          for (let i = 0; i < Math.min(prefixParts.length - 1, 2); i++) {
+            if (prefixParts[i] !== ipParts[i] && prefixParts[i] !== "0") {
+              return false;
+            }
+          }
+          return true;
+        });
+        if (matched) {
+          const rule = ipRule;
+          confidence = Math.max(confidence, rule.confidence * 40);
           reasons.push(`cloud_provider:${provider}`);
           break;
         }
       }
     }
-    if (reasons.length > 2 && confidence < 1) {
-      confidence = Math.min(confidence * 1.2, 0.95);
+    if (reasons.length > 2 && confidence < 100) {
+      confidence = Math.min(confidence * 1.2, 95);
     }
+    confidence = Math.min(Math.max(confidence, 0), 100);
     return {
-      isAgent: confidence > 0.3,
+      isAgent: confidence > 30,
+      // Updated to 0-100 scale (was 0.3)
       confidence,
+      detectionClass: confidence > 30 && detectedAgent ? { type: "AiAgent", agentType: detectedAgent.name } : confidence > 30 ? { type: "Unknown" } : { type: "Human" },
+      signals: [],
+      // Will be populated by enhanced detection engine in future tasks
       ...detectedAgent && { detectedAgent },
       reasons,
-      ...verificationMethod && { verificationMethod },
-      forgeabilityRisk: verificationMethod === "signature" ? "low" : confidence > 0.8 ? "medium" : "high",
+      ...verificationMethod && {
+        verificationMethod
+      },
+      forgeabilityRisk: verificationMethod === "signature" ? "low" : confidence > 80 ? "medium" : "high",
+      // Updated to 0-100 scale
       timestamp: /* @__PURE__ */ new Date()
     };
   }
+  /**
+   * Get agent type from rule key
+   */
+  getAgentType(agentKey) {
+    const typeMap = {
+      openai_gptbot: "openai",
+      anthropic_claude: "anthropic",
+      perplexity_bot: "perplexity",
+      google_ai: "google",
+      microsoft_ai: "microsoft",
+      meta_ai: "meta",
+      cohere_bot: "cohere",
+      huggingface_bot: "huggingface",
+      generic_bot: "generic",
+      dev_tools: "dev",
+      automation_tools: "automation"
+    };
+    return typeMap[agentKey] || agentKey;
+  }
+  /**
+   * Get agent name from rule key
+   */
+  getAgentName(agentKey) {
+    const nameMap = {
+      openai_gptbot: "ChatGPT/GPTBot",
+      anthropic_claude: "Claude",
+      perplexity_bot: "Perplexity",
+      google_ai: "Google AI",
+      microsoft_ai: "Microsoft Copilot",
+      meta_ai: "Meta AI",
+      cohere_bot: "Cohere",
+      huggingface_bot: "HuggingFace",
+      generic_bot: "Generic Bot",
+      dev_tools: "Development Tool",
+      automation_tools: "Automation Tool"
+    };
+    return nameMap[agentKey] || agentKey;
+  }
 };
 var EdgeAgentDetectorWrapper = class {
   detector;