@kya-os/agentshield-nextjs 0.2.9 → 0.2.11

package/dist/index.mjs

@@ -2065,6 +2065,70 @@ var AgentShieldClient = class {
       action: result.data.decision.action
     };
   }
+  /**
+   * Check if this client is using edge detection (Gateway Worker)
+   */
+  isUsingEdge() {
+    return this.useEdge;
+  }
+  /**
+   * Log a detection result to AgentShield database.
+   * Use after Gateway Worker detection to persist results.
+   * Fire-and-forget - returns immediately without waiting for DB write.
+   *
+   * @example
+   * ```typescript
+   * // After receiving Gateway response
+   * if (client.isUsingEdge() && response.data?.detection) {
+   *   client.logDetection({
+   *     detection: response.data.detection,
+   *     context: { userAgent, ipAddress, path, url, method }
+   *   }).catch(err => console.error('Log failed:', err));
+   * }
+   * ```
+   */
+  async logDetection(input) {
+    const logEndpoint = this.useEdge ? `${DEFAULT_BASE_URL}/api/v1/log-detection` : `${this.baseUrl}/api/v1/log-detection`;
+    try {
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+      try {
+        const response = await fetch(logEndpoint, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${this.apiKey}`
+          },
+          body: JSON.stringify({
+            detection: {
+              isAgent: input.detection.isAgent,
+              confidence: input.detection.confidence,
+              agentName: input.detection.agentName,
+              agentType: input.detection.agentType,
+              detectionClass: input.detection.detectionClass,
+              verificationMethod: input.detection.verificationMethod,
+              reasons: input.detection.reasons
+            },
+            context: input.context,
+            source: input.source || "gateway"
+          }),
+          signal: controller.signal
+        });
+        clearTimeout(timeoutId);
+        if (!response.ok && this.debug) {
+          console.warn("[AgentShield] Log detection returned non-2xx:", response.status);
+        }
+      } catch (error) {
+        clearTimeout(timeoutId);
+        throw error;
+      }
+    } catch (error) {
+      if (this.debug) {
+        console.error("[AgentShield] Log detection failed:", error);
+      }
+      throw error;
+    }
+  }
 };
 var clientInstance = null;
 function getAgentShieldClient(config) {
@@ -2111,16 +2175,21 @@ function shouldIncludePath(path, includePaths) {
 }
 function buildBlockedResponse(decision, config) {
   const status = config.blockedResponse?.status ?? 403;
-  const message = config.blockedResponse?.message ?? decision.message ?? "Access denied";
-  const response = NextResponse.json(
-    {
-      error: message,
-      code: "AGENT_BLOCKED",
-      reason: decision.reason,
-      agentType: decision.agentType
-    },
-    { status }
-  );
+  const redirectUrl = config.redirectUrl || decision.redirectUrl;
+  const baseMessage = config.blockedResponse?.message ?? decision.message ?? "Access denied";
+  const errorMessage = redirectUrl ? `${baseMessage}. Please go to ${redirectUrl}` : baseMessage;
+  const message = config.blockedResponse?.message ?? decision.message ?? (redirectUrl ? `AI agents are not permitted on this resource. Please go to ${redirectUrl} for more information.` : "AI agents are not permitted on this resource.");
+  const responseBody = {
+    error: errorMessage,
+    code: "AGENT_BLOCKED",
+    reason: decision.reason,
+    agentType: decision.agentType,
+    message
+  };
+  if (redirectUrl) {
+    responseBody.redirectUrl = redirectUrl;
+  }
+  const response = NextResponse.json(responseBody, { status });
   if (config.blockedResponse?.headers) {
     for (const [key, value] of Object.entries(config.blockedResponse.headers)) {
       response.headers.set(key, value);
@@ -2128,6 +2197,9 @@ function buildBlockedResponse(decision, config) {
   }
   response.headers.set("X-AgentShield-Action", decision.action);
   response.headers.set("X-AgentShield-Reason", decision.reason);
+  if (redirectUrl) {
+    response.headers.set("X-AgentShield-Redirect", redirectUrl);
+  }
   return response;
 }
 function buildRedirectResponse(request, decision, config) {
@@ -2172,16 +2244,20 @@ function withAgentShield(config = {}) {
       return NextResponse.next();
     }
     try {
-      const result = await getClient().enforce({
+      const client2 = getClient();
+      const userAgent = request.headers.get("user-agent") || void 0;
+      const ipAddress = request.ip || request.headers.get("x-forwarded-for")?.split(",")[0]?.trim() || request.headers.get("x-real-ip") || void 0;
+      const result = await client2.enforce({
         headers: Object.fromEntries(request.headers.entries()),
-        userAgent: request.headers.get("user-agent") || void 0,
-        ipAddress: request.ip || request.headers.get("x-forwarded-for")?.split(",")[0]?.trim() || request.headers.get("x-real-ip") || void 0,
+        userAgent,
+        ipAddress,
         path,
         url: request.url,
         method: request.method,
         requestId: request.headers.get("x-request-id") || void 0,
         options: {
-          includeDetectionResult: config.debug
+          // Always include detection results for logging (needed when using edge)
+          includeDetectionResult: true
         }
       });
       if (!result.success || !result.data) {
@@ -2208,6 +2284,16 @@ function withAgentShield(config = {}) {
           processingTimeMs: Date.now() - startTime
         });
       }
+      if (client2.isUsingEdge() && result.data.detection) {
+        client2.logDetection({
+          detection: result.data.detection,
+          context: { userAgent, ipAddress, path, url: request.url, method: request.method }
+        }).catch((err) => {
+          if (config.debug) {
+            console.error("[AgentShield] Log detection failed:", err);
+          }
+        });
+      }
       if (decision.isAgent && config.onAgentDetected) {
         await config.onAgentDetected(request, decision);
       }