npm - @kya-os/agentshield-nextjs - Versions diffs - 0.3.2 → 0.3.5 - Mend

@kya-os/agentshield-nextjs 0.3.2 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (110) hide show

package/README.md +21 -369
package/index.js +9 -0
package/package.json +6 -141
package/EDGE_RUNTIME_WASM_SETUP.md +0 -348
package/bin/setup-edge-wasm.js +0 -525
package/dist/.tsbuildinfo +0 -1
package/dist/api-client.d.mts +0 -196
package/dist/api-client.d.ts +0 -196
package/dist/api-client.js +0 -200
package/dist/api-client.js.map +0 -1
package/dist/api-client.mjs +0 -196
package/dist/api-client.mjs.map +0 -1
package/dist/api-middleware.d.mts +0 -140
package/dist/api-middleware.d.ts +0 -140
package/dist/api-middleware.js +0 -511
package/dist/api-middleware.js.map +0 -1
package/dist/api-middleware.mjs +0 -508
package/dist/api-middleware.mjs.map +0 -1
package/dist/create-middleware.d.mts +0 -17
package/dist/create-middleware.d.ts +0 -17
package/dist/create-middleware.js +0 -1381
package/dist/create-middleware.js.map +0 -1
package/dist/create-middleware.mjs +0 -1358
package/dist/create-middleware.mjs.map +0 -1
package/dist/edge/index.d.mts +0 -110
package/dist/edge/index.d.ts +0 -110
package/dist/edge/index.js +0 -277
package/dist/edge/index.js.map +0 -1
package/dist/edge/index.mjs +0 -275
package/dist/edge/index.mjs.map +0 -1
package/dist/edge-detector-wrapper.d.mts +0 -34
package/dist/edge-detector-wrapper.d.ts +0 -34
package/dist/edge-detector-wrapper.js +0 -596
package/dist/edge-detector-wrapper.js.map +0 -1
package/dist/edge-detector-wrapper.mjs +0 -574
package/dist/edge-detector-wrapper.mjs.map +0 -1
package/dist/edge-runtime-loader.d.mts +0 -50
package/dist/edge-runtime-loader.d.ts +0 -50
package/dist/edge-runtime-loader.js +0 -204
package/dist/edge-runtime-loader.js.map +0 -1
package/dist/edge-runtime-loader.mjs +0 -201
package/dist/edge-runtime-loader.mjs.map +0 -1
package/dist/edge-wasm-middleware.d.mts +0 -68
package/dist/edge-wasm-middleware.d.ts +0 -68
package/dist/edge-wasm-middleware.js +0 -318
package/dist/edge-wasm-middleware.js.map +0 -1
package/dist/edge-wasm-middleware.mjs +0 -315
package/dist/edge-wasm-middleware.mjs.map +0 -1
package/dist/enhanced-middleware.d.mts +0 -153
package/dist/enhanced-middleware.d.ts +0 -153
package/dist/enhanced-middleware.js +0 -1082
package/dist/enhanced-middleware.js.map +0 -1
package/dist/enhanced-middleware.mjs +0 -1080
package/dist/enhanced-middleware.mjs.map +0 -1
package/dist/index.d.mts +0 -24
package/dist/index.d.ts +0 -24
package/dist/index.js +0 -2717
package/dist/index.js.map +0 -1
package/dist/index.mjs +0 -2662
package/dist/index.mjs.map +0 -1
package/dist/middleware.d.mts +0 -21
package/dist/middleware.d.ts +0 -21
package/dist/middleware.js +0 -1362
package/dist/middleware.js.map +0 -1
package/dist/middleware.mjs +0 -1339
package/dist/middleware.mjs.map +0 -1
package/dist/nodejs-wasm-loader.d.mts +0 -25
package/dist/nodejs-wasm-loader.d.ts +0 -25
package/dist/nodejs-wasm-loader.js +0 -78
package/dist/nodejs-wasm-loader.js.map +0 -1
package/dist/nodejs-wasm-loader.mjs +0 -68
package/dist/nodejs-wasm-loader.mjs.map +0 -1
package/dist/policy.d.mts +0 -162
package/dist/policy.d.ts +0 -162
package/dist/policy.js +0 -189
package/dist/policy.js.map +0 -1
package/dist/policy.mjs +0 -165
package/dist/policy.mjs.map +0 -1
package/dist/session-tracker.d.mts +0 -55
package/dist/session-tracker.d.ts +0 -55
package/dist/session-tracker.js +0 -170
package/dist/session-tracker.js.map +0 -1
package/dist/session-tracker.mjs +0 -167
package/dist/session-tracker.mjs.map +0 -1
package/dist/signature-verifier.d.mts +0 -33
package/dist/signature-verifier.d.ts +0 -33
package/dist/signature-verifier.js +0 -386
package/dist/signature-verifier.js.map +0 -1
package/dist/signature-verifier.mjs +0 -362
package/dist/signature-verifier.mjs.map +0 -1
package/dist/types-DVmy9NE3.d.mts +0 -105
package/dist/types-DVmy9NE3.d.ts +0 -105
package/dist/wasm-middleware.d.mts +0 -63
package/dist/wasm-middleware.d.ts +0 -63
package/dist/wasm-middleware.js +0 -98
package/dist/wasm-middleware.js.map +0 -1
package/dist/wasm-middleware.mjs +0 -95
package/dist/wasm-middleware.mjs.map +0 -1
package/dist/wasm-setup.d.mts +0 -46
package/dist/wasm-setup.d.ts +0 -46
package/dist/wasm-setup.js +0 -157
package/dist/wasm-setup.js.map +0 -1
package/dist/wasm-setup.mjs +0 -148
package/dist/wasm-setup.mjs.map +0 -1
package/templates/middleware-wasm-100.ts +0 -151
package/wasm/agentshield_wasm.d.ts +0 -479
package/wasm/agentshield_wasm.js +0 -1536
package/wasm/agentshield_wasm_bg.wasm +0 -0
package/wasm/package.json +0 -30
package/wasm.d.ts +0 -21

package/dist/api-middleware.d.mts DELETED Viewed

@@ -1,140 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { EnforcementDecision } from './api-client.mjs';
-import '@kya-os/agentshield-shared';
-/**
- * API-based AgentShield Middleware for Next.js
- *
- * This middleware uses the AgentShield API for detection and enforcement,
- * instead of running detection locally. This approach:
- *
- * 1. Works reliably in Edge Runtime (no WASM loading issues)
- * 2. Ensures consistent detection across all platforms
- * 3. Applies centralized policies from the dashboard
- * 4. Supports deny lists, thresholds, and path rules
- *
- * @example
- * ```typescript
- * // middleware.ts
- * import { withAgentShield } from '@kya-os/agentshield-nextjs/api-middleware';
- *
- * export default withAgentShield({
- *   apiKey: process.env.AGENTSHIELD_API_KEY!,
- *   // Optional overrides:
- *   onBlock: 'redirect', // 'block' | 'redirect' | 'challenge'
- *   redirectUrl: '/blocked',
- *   skipPaths: ['/api/health', '/_next/*'],
- * });
- *
- * export const config = {
- *   matcher: ['/((?!_next/static|favicon.ico).*)'],
- * };
- * ```
- */
-/**
- * Middleware configuration
- */
-interface AgentShieldMiddlewareConfig {
-    /** API key (or use AGENTSHIELD_API_KEY env var) */
-    apiKey?: string;
-    /** API base URL (defaults to production) */
-    apiUrl?: string;
-    /**
-     * Use edge detection for lower latency (~30-50ms vs ~150ms) and better coverage.
-     * Edge detection can identify non-JS clients (curl, Python, Claude Code WebFetch)
-     * that the pixel cannot detect since they don't execute JavaScript.
-     * Set to false to use the Vercel API instead.
-     * @default true
-     */
-    useEdge?: boolean;
-    /** Request timeout in ms (default: 5000) */
-    timeout?: number;
-    /**
-     * Action to take when an agent should be blocked
-     * - 'block': Return 403 response
-     * - 'redirect': Redirect to redirectUrl
-     * - 'challenge': Show a challenge page (future)
-     * Default: uses policy from dashboard
-     */
-    onBlock?: 'block' | 'redirect' | 'challenge';
-    /**
-     * URL to redirect to when blocking (if onBlock is 'redirect')
-     * Default: uses redirectUrl from dashboard policy
-     */
-    redirectUrl?: string;
-    /**
-     * How the middleware handles a `redirect` / `instruct` action.
-     *
-     * - `'instruct'` (default): return HTTP 401 with an MCP-I Link header + JSON
-     *   body pointing the agent at the redirect URL. LLMs surface the URL as a
-     *   clickable link for the user. Matches the Cloudflare Gateway contract.
-     * - `'http'`: legacy behavior — return HTTP 302 with `Location`. Most LLM
-     *   fetchers won't follow the redirect, so this is only useful when your
-     *   traffic is real browsers.
-     *
-     * @default 'instruct'
-     */
-    redirectMode?: 'instruct' | 'http';
-    /**
-     * Custom blocked response
-     */
-    blockedResponse?: {
-        status?: number;
-        message?: string;
-        headers?: Record<string, string>;
-    };
-    /**
-     * Paths to skip (in addition to dashboard policy)
-     * Supports glob patterns: '/api/*', '/_next/*'
-     */
-    skipPaths?: string[];
-    /**
-     * Only enforce on these paths (overrides dashboard policy)
-     */
-    includePaths?: string[];
-    /**
-     * Callback when an agent is detected
-     */
-    onAgentDetected?: (request: NextRequest, decision: EnforcementDecision) => void | Promise<void>;
-    /**
-     * Callback to customize the blocked response
-     */
-    customBlockedResponse?: (request: NextRequest, decision: EnforcementDecision) => NextResponse | Promise<NextResponse>;
-    /**
-     * Whether to fail open (allow) on API errors
-     * Default: true (recommended for production)
-     */
-    failOpen?: boolean;
-    /**
-     * Enable debug logging
-     */
-    debug?: boolean;
-}
-/**
- * Create AgentShield middleware with API-based detection
- *
- * @example
- * ```typescript
- * // middleware.ts
- * import { withAgentShield } from '@kya-os/agentshield-nextjs/api-middleware';
- *
- * export default withAgentShield({
- *   onBlock: 'block',
- *   skipPaths: ['/api/health'],
- * });
- * ```
- */
-declare function withAgentShield(config?: AgentShieldMiddlewareConfig): (request: NextRequest) => Promise<NextResponse>;
-/**
- * Convenience export for simple setup
- *
- * @example
- * ```typescript
- * // middleware.ts
- * export { agentShieldMiddleware as default } from '@kya-os/agentshield-nextjs/api-middleware';
- * ```
- */
-declare const agentShieldMiddleware: (request: NextRequest) => Promise<NextResponse>;
-export { type AgentShieldMiddlewareConfig, agentShieldMiddleware, withAgentShield };

package/dist/api-middleware.d.ts DELETED Viewed

@@ -1,140 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { EnforcementDecision } from './api-client.js';
-import '@kya-os/agentshield-shared';
-/**
- * API-based AgentShield Middleware for Next.js
- *
- * This middleware uses the AgentShield API for detection and enforcement,
- * instead of running detection locally. This approach:
- *
- * 1. Works reliably in Edge Runtime (no WASM loading issues)
- * 2. Ensures consistent detection across all platforms
- * 3. Applies centralized policies from the dashboard
- * 4. Supports deny lists, thresholds, and path rules
- *
- * @example
- * ```typescript
- * // middleware.ts
- * import { withAgentShield } from '@kya-os/agentshield-nextjs/api-middleware';
- *
- * export default withAgentShield({
- *   apiKey: process.env.AGENTSHIELD_API_KEY!,
- *   // Optional overrides:
- *   onBlock: 'redirect', // 'block' | 'redirect' | 'challenge'
- *   redirectUrl: '/blocked',
- *   skipPaths: ['/api/health', '/_next/*'],
- * });
- *
- * export const config = {
- *   matcher: ['/((?!_next/static|favicon.ico).*)'],
- * };
- * ```
- */
-/**
- * Middleware configuration
- */
-interface AgentShieldMiddlewareConfig {
-    /** API key (or use AGENTSHIELD_API_KEY env var) */
-    apiKey?: string;
-    /** API base URL (defaults to production) */
-    apiUrl?: string;
-    /**
-     * Use edge detection for lower latency (~30-50ms vs ~150ms) and better coverage.
-     * Edge detection can identify non-JS clients (curl, Python, Claude Code WebFetch)
-     * that the pixel cannot detect since they don't execute JavaScript.
-     * Set to false to use the Vercel API instead.
-     * @default true
-     */
-    useEdge?: boolean;
-    /** Request timeout in ms (default: 5000) */
-    timeout?: number;
-    /**
-     * Action to take when an agent should be blocked
-     * - 'block': Return 403 response
-     * - 'redirect': Redirect to redirectUrl
-     * - 'challenge': Show a challenge page (future)
-     * Default: uses policy from dashboard
-     */
-    onBlock?: 'block' | 'redirect' | 'challenge';
-    /**
-     * URL to redirect to when blocking (if onBlock is 'redirect')
-     * Default: uses redirectUrl from dashboard policy
-     */
-    redirectUrl?: string;
-    /**
-     * How the middleware handles a `redirect` / `instruct` action.
-     *
-     * - `'instruct'` (default): return HTTP 401 with an MCP-I Link header + JSON
-     *   body pointing the agent at the redirect URL. LLMs surface the URL as a
-     *   clickable link for the user. Matches the Cloudflare Gateway contract.
-     * - `'http'`: legacy behavior — return HTTP 302 with `Location`. Most LLM
-     *   fetchers won't follow the redirect, so this is only useful when your
-     *   traffic is real browsers.
-     *
-     * @default 'instruct'
-     */
-    redirectMode?: 'instruct' | 'http';
-    /**
-     * Custom blocked response
-     */
-    blockedResponse?: {
-        status?: number;
-        message?: string;
-        headers?: Record<string, string>;
-    };
-    /**
-     * Paths to skip (in addition to dashboard policy)
-     * Supports glob patterns: '/api/*', '/_next/*'
-     */
-    skipPaths?: string[];
-    /**
-     * Only enforce on these paths (overrides dashboard policy)
-     */
-    includePaths?: string[];
-    /**
-     * Callback when an agent is detected
-     */
-    onAgentDetected?: (request: NextRequest, decision: EnforcementDecision) => void | Promise<void>;
-    /**
-     * Callback to customize the blocked response
-     */
-    customBlockedResponse?: (request: NextRequest, decision: EnforcementDecision) => NextResponse | Promise<NextResponse>;
-    /**
-     * Whether to fail open (allow) on API errors
-     * Default: true (recommended for production)
-     */
-    failOpen?: boolean;
-    /**
-     * Enable debug logging
-     */
-    debug?: boolean;
-}
-/**
- * Create AgentShield middleware with API-based detection
- *
- * @example
- * ```typescript
- * // middleware.ts
- * import { withAgentShield } from '@kya-os/agentshield-nextjs/api-middleware';
- *
- * export default withAgentShield({
- *   onBlock: 'block',
- *   skipPaths: ['/api/health'],
- * });
- * ```
- */
-declare function withAgentShield(config?: AgentShieldMiddlewareConfig): (request: NextRequest) => Promise<NextResponse>;
-/**
- * Convenience export for simple setup
- *
- * @example
- * ```typescript
- * // middleware.ts
- * export { agentShieldMiddleware as default } from '@kya-os/agentshield-nextjs/api-middleware';
- * ```
- */
-declare const agentShieldMiddleware: (request: NextRequest) => Promise<NextResponse>;
-export { type AgentShieldMiddlewareConfig, agentShieldMiddleware, withAgentShield };