@kya-os/agentshield-nextjs 0.3.3 → 0.3.5

package/dist/types-DVmy9NE3.d.ts

@@ -1,105 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { AgentShieldConfig, DetectionResult } from '@kya-os/agentshield-shared';
-import { AgentShieldEvents } from '@kya-os/agentshield';
-
-/**
- * Next.js-specific type definitions
- */
-
-/**
- * Next.js middleware configuration
- */
-interface NextJSMiddlewareConfig extends Partial<AgentShieldConfig> {
-    /**
-     * Action to take when an agent is detected
-     */
-    onAgentDetected?: 'block' | 'redirect' | 'rewrite' | 'allow' | 'log';
-    /**
-     * Custom handler for agent detection
-     * @deprecated Use 'events' instead. Will be removed in v1.0.0
-     */
-    onDetection?: (req: NextRequest, result: DetectionResult) => NextResponse | Promise<NextResponse> | void | Promise<void>;
-    /**
-     * Event handlers for detection events
-     */
-    events?: Partial<AgentShieldEvents>;
-    /**
-     * Path patterns to skip detection
-     */
-    skipPaths?: string[] | RegExp[];
-    /**
-     * Response when blocking agents
-     */
-    blockedResponse?: {
-        status: number;
-        message: string;
-        headers?: Record<string, string>;
-    };
-    /**
-     * Redirect URL when redirecting detected agents
-     */
-    redirectUrl?: string;
-    /**
-     * Rewrite URL when rewriting requests from detected agents
-     */
-    rewriteUrl?: string;
-    /**
-     * Confidence threshold for agent detection
-     */
-    confidenceThreshold?: number;
-    /**
-     * Enable WASM for enhanced detection
-     */
-    enableWasm?: boolean;
-    /**
-     * Session tracking configuration
-     */
-    sessionTracking?: {
-        /**
-         * Enable session tracking
-         */
-        enabled: boolean;
-        /**
-         * Cookie name for session storage
-         * Default: '__agentshield_session'
-         */
-        cookieName?: string;
-        /**
-         * Cookie max age in seconds
-         * Default: 3600 (1 hour)
-         */
-        cookieMaxAge?: number;
-        /**
-         * Encryption key for session data
-         * Default: Uses AGENTSHIELD_SECRET env var or default key
-         */
-        encryptionKey?: string;
-    };
-}
-/**
- * Extended NextRequest with AgentShield data
- */
-interface AgentShieldRequest extends NextRequest {
-    agentShield?: {
-        result?: DetectionResult;
-        skipped: boolean;
-        session?: {
-            id: string;
-            agent: string;
-            confidence: number;
-            detectedAt: number;
-            expires: number;
-        };
-    };
-}
-/**
- * Detection context for hooks
- */
-interface DetectionContext {
-    result: DetectionResult;
-    request: NextRequest;
-    userAgent?: string;
-    ip?: string;
-}
-
-export type { AgentShieldRequest as A, DetectionContext as D, NextJSMiddlewareConfig as N };

package/dist/wasm-middleware.d.mts

@@ -1,63 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server';
-
-/**
- * WASM-enabled middleware for Next.js with AgentShield
- * Following official Next.js documentation for WebAssembly in Edge Runtime
- */
-
-interface WasmDetectionResult {
-    isAgent: boolean;
-    isAiCrawler?: boolean;
-    confidence: number;
-    agent?: string | undefined;
-    verificationMethod: 'signature' | 'pattern' | 'none';
-    riskLevel: 'low' | 'medium' | 'high';
-    timestamp: string;
-}
-interface AgentShieldConfig {
-    onAgentDetected?: (result: WasmDetectionResult) => void | Promise<void>;
-    blockOnHighConfidence?: boolean;
-    confidenceThreshold?: number;
-    skipPaths?: string[];
-    blockedResponse?: {
-        status?: number;
-        message?: string;
-        headers?: Record<string, string>;
-    };
-}
-/**
- * Create a WASM-enabled AgentShield middleware
- * This must be used with proper WASM module import at the top of middleware.ts
- *
- * @example
- * ```typescript
- * // middleware.ts
- * import wasmModule from '@kya-os/agentshield/wasm?module';
- * import { createWasmAgentShieldMiddleware } from '@kya-os/agentshield-nextjs';
- *
- * const wasmInstance = await WebAssembly.instantiate(wasmModule);
- *
- * export const middleware = createWasmAgentShieldMiddleware({
- *   wasmInstance,
- *   onAgentDetected: (result) => {
- *     console.log(`Detected ${result.agent} with ${result.confidence * 100}% confidence`);
- *   }
- * });
- * ```
- */
-declare function createWasmAgentShieldMiddleware(config: AgentShieldConfig & {
-    wasmInstance?: WebAssembly.Instance;
-}): (request: NextRequest) => Promise<NextResponse<unknown>>;
-/**
- * Helper to load and instantiate WASM module
- * This should be called at the top of your middleware.ts file
- *
- * @example
- * ```typescript
- * import wasmModule from '@kya-os/agentshield/wasm?module';
- * const wasmInstance = await instantiateWasm(wasmModule);
- * ```
- */
-declare function instantiateWasm(wasmModule: WebAssembly.Module): Promise<WebAssembly.Instance>;
-
-export { type AgentShieldConfig, type WasmDetectionResult, createWasmAgentShieldMiddleware, instantiateWasm };

package/dist/wasm-middleware.d.ts

@@ -1,63 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server';
-
-/**
- * WASM-enabled middleware for Next.js with AgentShield
- * Following official Next.js documentation for WebAssembly in Edge Runtime
- */
-
-interface WasmDetectionResult {
-    isAgent: boolean;
-    isAiCrawler?: boolean;
-    confidence: number;
-    agent?: string | undefined;
-    verificationMethod: 'signature' | 'pattern' | 'none';
-    riskLevel: 'low' | 'medium' | 'high';
-    timestamp: string;
-}
-interface AgentShieldConfig {
-    onAgentDetected?: (result: WasmDetectionResult) => void | Promise<void>;
-    blockOnHighConfidence?: boolean;
-    confidenceThreshold?: number;
-    skipPaths?: string[];
-    blockedResponse?: {
-        status?: number;
-        message?: string;
-        headers?: Record<string, string>;
-    };
-}
-/**
- * Create a WASM-enabled AgentShield middleware
- * This must be used with proper WASM module import at the top of middleware.ts
- *
- * @example
- * ```typescript
- * // middleware.ts
- * import wasmModule from '@kya-os/agentshield/wasm?module';
- * import { createWasmAgentShieldMiddleware } from '@kya-os/agentshield-nextjs';
- *
- * const wasmInstance = await WebAssembly.instantiate(wasmModule);
- *
- * export const middleware = createWasmAgentShieldMiddleware({
- *   wasmInstance,
- *   onAgentDetected: (result) => {
- *     console.log(`Detected ${result.agent} with ${result.confidence * 100}% confidence`);
- *   }
- * });
- * ```
- */
-declare function createWasmAgentShieldMiddleware(config: AgentShieldConfig & {
-    wasmInstance?: WebAssembly.Instance;
-}): (request: NextRequest) => Promise<NextResponse<unknown>>;
-/**
- * Helper to load and instantiate WASM module
- * This should be called at the top of your middleware.ts file
- *
- * @example
- * ```typescript
- * import wasmModule from '@kya-os/agentshield/wasm?module';
- * const wasmInstance = await instantiateWasm(wasmModule);
- * ```
- */
-declare function instantiateWasm(wasmModule: WebAssembly.Module): Promise<WebAssembly.Instance>;
-
-export { type AgentShieldConfig, type WasmDetectionResult, createWasmAgentShieldMiddleware, instantiateWasm };

package/dist/wasm-middleware.js

@@ -1,98 +0,0 @@
-'use strict';
-
-var server = require('next/server');
-var agentshield = require('@kya-os/agentshield');
-var agentshieldShared = require('@kya-os/agentshield-shared');
-
-// src/wasm-middleware.ts
-function createWasmAgentShieldMiddleware(config) {
-  const {
-    onAgentDetected,
-    blockOnHighConfidence = false,
-    confidenceThreshold = 80,
-    // Updated to 0-100 scale (was 0.8)
-    skipPaths = [],
-    blockedResponse = {
-      status: 403,
-      message: "Access denied: AI agent detected",
-      headers: { "Content-Type": "application/json" }
-    },
-    wasmInstance
-  } = config;
-  return async function middleware(request) {
-    const path = request.nextUrl.pathname;
-    if (skipPaths.some((skip) => path.startsWith(skip))) {
-      return server.NextResponse.next();
-    }
-    try {
-      const detector = new agentshield.AgentDetector();
-      const hasWasm = !!wasmInstance;
-      const metadata = {
-        userAgent: request.headers.get("user-agent") || void 0,
-        ipAddress: request.headers.get("x-forwarded-for") || request.headers.get("x-real-ip") || void 0,
-        headers: Object.fromEntries(request.headers.entries()),
-        timestamp: /* @__PURE__ */ new Date()
-      };
-      const result = await detector.analyze(metadata);
-      const enhancedResult = {
-        isAgent: result.isAgent,
-        isAiCrawler: result.isAiCrawler,
-        confidence: hasWasm && result.confidence > 85 ? Math.min(result.confidence * 1.15, 100) : result.confidence,
-        agent: result.detectedAgent?.name || void 0,
-        verificationMethod: hasWasm && result.confidence > 85 ? "signature" : "pattern",
-        // Updated to 0-100 scale
-        riskLevel: result.confidence > 90 ? "high" : result.confidence > 70 ? "medium" : "low",
-        // Updated to 0-100 scale (was 0.7)
-        timestamp: result.timestamp instanceof Date ? result.timestamp.toISOString() : new Date(result.timestamp).toISOString()
-      };
-      const decision = agentshieldShared.evaluateEnforcement(enhancedResult, {
-        confidenceThreshold,
-        defaultAction: blockOnHighConfidence ? "block" : "allow"
-      });
-      if (onAgentDetected && agentshieldShared.shouldEnforce(enhancedResult)) {
-        await onAgentDetected(enhancedResult);
-      }
-      if (decision.action === "block") {
-        return server.NextResponse.json(
-          {
-            error: blockedResponse.message,
-            agent: enhancedResult.agent,
-            confidence: Math.round(enhancedResult.confidence)
-          },
-          {
-            status: blockedResponse.status || 403,
-            headers: blockedResponse.headers || {}
-          }
-        );
-      }
-      const response = server.NextResponse.next();
-      if (enhancedResult.isAgent) {
-        response.headers.set("X-Agent-Detected", enhancedResult.agent || "unknown");
-        response.headers.set(
-          "X-Agent-Confidence",
-          String(Math.round(enhancedResult.confidence * 100))
-        );
-        response.headers.set("X-Agent-Verification", enhancedResult.verificationMethod);
-      }
-      return response;
-    } catch (error) {
-      console.error("AgentShield middleware error:", error);
-      return server.NextResponse.next();
-    }
-  };
-}
-async function instantiateWasm(wasmModule) {
-  try {
-    const instance = await WebAssembly.instantiate(wasmModule);
-    console.log("\u2705 AgentShield: WASM module loaded for cryptographic verification");
-    return instance;
-  } catch (error) {
-    console.warn("\u26A0\uFE0F AgentShield: Failed to instantiate WASM module", error);
-    throw error;
-  }
-}
-
-exports.createWasmAgentShieldMiddleware = createWasmAgentShieldMiddleware;
-exports.instantiateWasm = instantiateWasm;
-//# sourceMappingURL=wasm-middleware.js.map
-//# sourceMappingURL=wasm-middleware.js.map

package/dist/wasm-middleware.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/wasm-middleware.ts"],"names":["NextResponse","AgentDetector","evaluateEnforcement","shouldEnforce"],"mappings":";;;;;;;AAqDO,SAAS,gCACd,MAAA,EAGA;AACA,EAAA,MAAM;AAAA,IACJ,eAAA;AAAA,IACA,qBAAA,GAAwB,KAAA;AAAA,IACxB,mBAAA,GAAsB,EAAA;AAAA;AAAA,IACtB,YAAY,EAAC;AAAA,IACb,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,kCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA;AAAA,GACF,GAAI,MAAA;AAEJ,EAAA,OAAO,eAAe,WAAW,OAAA,EAAsB;AAErD,IAAA,MAAM,IAAA,GAAO,QAAQ,OAAA,CAAQ,QAAA;AAC7B,IAAA,IAAI,SAAA,CAAU,KAAK,CAAC,IAAA,KAAS,KAAK,UAAA,CAAW,IAAI,CAAC,CAAA,EAAG;AACnD,MAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,IAC3B;AAEA,IAAA,IAAI;AAEF,MAAA,MAAM,QAAA,GAAW,IAAIC,yBAAA,EAAc;AAGnC,MAAA,MAAM,OAAA,GAAU,CAAC,CAAC,YAAA;AAGlB,MAAA,MAAM,QAAA,GAAW;AAAA,QACf,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,IAAK,KAAA,CAAA;AAAA,QAChD,SAAA,EACE,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,iBAAiB,KAAK,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAA,IAAK,KAAA,CAAA;AAAA,QAChF,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,SAAA,sBAAe,IAAA;AAAK,OACtB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,QAAQ,CAAA;AAG9C,MAAA,MAAM,cAAA,GAAsC;AAAA,QAC1C,SAAS,MAAA,CAAO,OAAA;AAAA,QAChB,aAAc,MAAA,CAA8C,WAAA;AAAA,QAG5D,UAAA,EACE,OAAA,IAAW,MAAA,CAAO,UAAA,GAAa,EAAA,GAC3B,IAAA,CAAK,GAAA,CAAI,MAAA,CAAO,UAAA,GAAa,IAAA,EAAM,GAAG,CAAA,GACtC,MAAA,CAAO,UAAA;AAAA,QACb,KAAA,EAAO,MAAA,CAAO,aAAA,EAAe,IAAA,IAAQ,KAAA,CAAA;AAAA,QACrC,kBAAA,EAAoB,OAAA,IAAW,MAAA,CAAO,UAAA,GAAa,KAAK,WAAA,GAAc,SAAA;AAAA;AAAA,QACtE,SAAA,EACE,OAAO,UAAA,GAAa,EAAA,GAChB,SACA,MAAA,CAAO,UAAA,GAAa,KAClB,QAAA,GACA,KAAA;AAAA;AAAA,QACR,SAAA,EACE,MAAA,CAAO,SAAA,YAAqB,IAAA,GACxB,MAAA,CAAO,SAAA,CAAU,WAAA,EAAY,GAC7B,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,EAAE,WAAA;AAAY,OAC/C;AAGA,MAAA,MAAM,QAAA,GAAWC,sCAAoB,cAAA,EAAgB;AAAA,QACnD,mBAAA;AAAA,QACA,aAAA,EAAe,wBAAwB,OAAA,GAAU;AAAA,OAClD,CAAA;AAGD,MAAA,IAAI,eAAA,IAAmBC,+BAAA,CAAc,cAAc,CAAA,EAAG;AACpD,QAAA,MAAM,gBAAgB,cAAc,CAAA;AAAA,MACtC;AAGA,MAAA,IAAI,QAAA,CAAS,WAAW,OAAA,EAAS;AAC/B,QAAA,OAAOH,mBAAA,CAAa,IAAA;AAAA,UAClB;AAAA,YACE,OAAO,eAAA,CAAgB,OAAA;AAAA,YACvB,OAAO,cAAA,CAAe,KAAA;AAAA,YACtB,UAAA,EAAY,IAAA,CAAK,KAAA,CAAM,cAAA,CAAe,UAAU;AAAA,WAClD;AAAA,UACA;AAAA,YACE,MAAA,EAAQ,gBAAgB,MAAA,IAAU,GAAA;AAAA,YAClC,OAAA,EAAS,eAAA,CAAgB,OAAA,IAAW;AAAC;AACvC,SACF;AAAA,MACF;AAGA,MAAA,MAAM,QAAA,GAAWA,oBAAa,IAAA,EAAK;AACnC,MAAA,IAAI,eAAe,OAAA,EAAS;AAC1B,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,kBAAA,EAAoB,cAAA,CAAe,SAAS,SAAS,CAAA;AAC1E,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA;AAAA,UACf,oBAAA;AAAA,UACA,OAAO,IAAA,CAAK,KAAA,CAAM,cAAA,CAAe,UAAA,GAAa,GAAG,CAAC;AAAA,SACpD;AACA,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,sBAAA,EAAwB,cAAA,CAAe,kBAAkB,CAAA;AAAA,MAChF;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AAEpD,MAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF;AAYA,eAAsB,gBACpB,UAAA,EAC+B;AAC/B,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,WAAA,CAAY,WAAA,CAAY,UAAU,CAAA;AACzD,IAAA,OAAA,CAAQ,IAAI,uEAAkE,CAAA;AAC9E,IAAA,OAAO,QAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,IAAA,CAAK,+DAAqD,KAAK,CAAA;AACvE,IAAA,MAAM,KAAA;AAAA,EACR;AACF","file":"wasm-middleware.js","sourcesContent":["/**\n * WASM-enabled middleware for Next.js with AgentShield\n * Following official Next.js documentation for WebAssembly in Edge Runtime\n */\n\nimport type { NextRequest } from 'next/server';\nimport { NextResponse } from 'next/server';\nimport { AgentDetector } from '@kya-os/agentshield';\nimport { evaluateEnforcement, shouldEnforce } from '@kya-os/agentshield-shared';\n\n// Type definitions for WASM detection result\nexport interface WasmDetectionResult {\n  isAgent: boolean;\n  isAiCrawler?: boolean;\n  confidence: number;\n  agent?: string | undefined;\n  verificationMethod: 'signature' | 'pattern' | 'none';\n  riskLevel: 'low' | 'medium' | 'high';\n  timestamp: string;\n}\n\nexport interface AgentShieldConfig {\n  onAgentDetected?: (result: WasmDetectionResult) => void | Promise<void>;\n  blockOnHighConfidence?: boolean;\n  confidenceThreshold?: number;\n  skipPaths?: string[];\n  blockedResponse?: {\n    status?: number;\n    message?: string;\n    headers?: Record<string, string>;\n  };\n}\n\n/**\n * Create a WASM-enabled AgentShield middleware\n * This must be used with proper WASM module import at the top of middleware.ts\n *\n * @example\n * ```typescript\n * // middleware.ts\n * import wasmModule from '@kya-os/agentshield/wasm?module';\n * import { createWasmAgentShieldMiddleware } from '@kya-os/agentshield-nextjs';\n *\n * const wasmInstance = await WebAssembly.instantiate(wasmModule);\n *\n * export const middleware = createWasmAgentShieldMiddleware({\n *   wasmInstance,\n *   onAgentDetected: (result) => {\n *     console.log(`Detected ${result.agent} with ${result.confidence * 100}% confidence`);\n *   }\n * });\n * ```\n */\nexport function createWasmAgentShieldMiddleware(\n  config: AgentShieldConfig & {\n    wasmInstance?: WebAssembly.Instance;\n  }\n) {\n  const {\n    onAgentDetected,\n    blockOnHighConfidence = false,\n    confidenceThreshold = 80, // Updated to 0-100 scale (was 0.8)\n    skipPaths = [],\n    blockedResponse = {\n      status: 403,\n      message: 'Access denied: AI agent detected',\n      headers: { 'Content-Type': 'application/json' },\n    },\n    wasmInstance,\n  } = config;\n\n  return async function middleware(request: NextRequest) {\n    // Check if path should be skipped\n    const path = request.nextUrl.pathname;\n    if (skipPaths.some((skip) => path.startsWith(skip))) {\n      return NextResponse.next();\n    }\n\n    try {\n      // Create detector with or without WASM\n      const detector = new AgentDetector();\n\n      // If WASM instance is provided, we'll have higher confidence\n      const hasWasm = !!wasmInstance;\n\n      // Prepare request metadata\n      const metadata = {\n        userAgent: request.headers.get('user-agent') || undefined,\n        ipAddress:\n          request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || undefined,\n        headers: Object.fromEntries(request.headers.entries()),\n        timestamp: new Date(),\n      };\n\n      // Perform detection\n      const result = await detector.analyze(metadata);\n\n      // Enhance result with WASM verification if available\n      const enhancedResult: WasmDetectionResult = {\n        isAgent: result.isAgent,\n        isAiCrawler: (result as unknown as Record<string, unknown>).isAiCrawler as\n          | boolean\n          | undefined,\n        confidence:\n          hasWasm && result.confidence > 85 // Updated to 0-100 scale (was 0.85)\n            ? Math.min(result.confidence * 1.15, 100) // Boost confidence with WASM, cap at 100\n            : result.confidence,\n        agent: result.detectedAgent?.name || undefined,\n        verificationMethod: hasWasm && result.confidence > 85 ? 'signature' : 'pattern', // Updated to 0-100 scale\n        riskLevel:\n          result.confidence > 90\n            ? 'high' // Updated to 0-100 scale (was 0.9)\n            : result.confidence > 70\n              ? 'medium'\n              : 'low', // Updated to 0-100 scale (was 0.7)\n        timestamp:\n          result.timestamp instanceof Date\n            ? result.timestamp.toISOString()\n            : new Date(result.timestamp).toISOString(),\n      };\n\n      // Evaluate enforcement decision\n      const decision = evaluateEnforcement(enhancedResult, {\n        confidenceThreshold,\n        defaultAction: blockOnHighConfidence ? 'block' : 'allow',\n      });\n\n      // Call user callback for any enforced agent (regardless of threshold)\n      if (onAgentDetected && shouldEnforce(enhancedResult)) {\n        await onAgentDetected(enhancedResult);\n      }\n\n      // Block if enforcement decision says to block\n      if (decision.action === 'block') {\n        return NextResponse.json(\n          {\n            error: blockedResponse.message,\n            agent: enhancedResult.agent,\n            confidence: Math.round(enhancedResult.confidence),\n          },\n          {\n            status: blockedResponse.status || 403,\n            headers: blockedResponse.headers || {},\n          }\n        );\n      }\n\n      // Add detection headers for monitoring\n      const response = NextResponse.next();\n      if (enhancedResult.isAgent) {\n        response.headers.set('X-Agent-Detected', enhancedResult.agent || 'unknown');\n        response.headers.set(\n          'X-Agent-Confidence',\n          String(Math.round(enhancedResult.confidence * 100))\n        );\n        response.headers.set('X-Agent-Verification', enhancedResult.verificationMethod);\n      }\n\n      return response;\n    } catch (error) {\n      console.error('AgentShield middleware error:', error);\n      // On error, continue without blocking\n      return NextResponse.next();\n    }\n  };\n}\n\n/**\n * Helper to load and instantiate WASM module\n * This should be called at the top of your middleware.ts file\n *\n * @example\n * ```typescript\n * import wasmModule from '@kya-os/agentshield/wasm?module';\n * const wasmInstance = await instantiateWasm(wasmModule);\n * ```\n */\nexport async function instantiateWasm(\n  wasmModule: WebAssembly.Module\n): Promise<WebAssembly.Instance> {\n  try {\n    const instance = await WebAssembly.instantiate(wasmModule);\n    console.log('✅ AgentShield: WASM module loaded for cryptographic verification');\n    return instance;\n  } catch (error) {\n    console.warn('⚠️ AgentShield: Failed to instantiate WASM module', error);\n    throw error;\n  }\n}\n"]}

package/dist/wasm-middleware.mjs

@@ -1,95 +0,0 @@
-import { NextResponse } from 'next/server';
-import { AgentDetector } from '@kya-os/agentshield';
-import { evaluateEnforcement, shouldEnforce } from '@kya-os/agentshield-shared';
-
-// src/wasm-middleware.ts
-function createWasmAgentShieldMiddleware(config) {
-  const {
-    onAgentDetected,
-    blockOnHighConfidence = false,
-    confidenceThreshold = 80,
-    // Updated to 0-100 scale (was 0.8)
-    skipPaths = [],
-    blockedResponse = {
-      status: 403,
-      message: "Access denied: AI agent detected",
-      headers: { "Content-Type": "application/json" }
-    },
-    wasmInstance
-  } = config;
-  return async function middleware(request) {
-    const path = request.nextUrl.pathname;
-    if (skipPaths.some((skip) => path.startsWith(skip))) {
-      return NextResponse.next();
-    }
-    try {
-      const detector = new AgentDetector();
-      const hasWasm = !!wasmInstance;
-      const metadata = {
-        userAgent: request.headers.get("user-agent") || void 0,
-        ipAddress: request.headers.get("x-forwarded-for") || request.headers.get("x-real-ip") || void 0,
-        headers: Object.fromEntries(request.headers.entries()),
-        timestamp: /* @__PURE__ */ new Date()
-      };
-      const result = await detector.analyze(metadata);
-      const enhancedResult = {
-        isAgent: result.isAgent,
-        isAiCrawler: result.isAiCrawler,
-        confidence: hasWasm && result.confidence > 85 ? Math.min(result.confidence * 1.15, 100) : result.confidence,
-        agent: result.detectedAgent?.name || void 0,
-        verificationMethod: hasWasm && result.confidence > 85 ? "signature" : "pattern",
-        // Updated to 0-100 scale
-        riskLevel: result.confidence > 90 ? "high" : result.confidence > 70 ? "medium" : "low",
-        // Updated to 0-100 scale (was 0.7)
-        timestamp: result.timestamp instanceof Date ? result.timestamp.toISOString() : new Date(result.timestamp).toISOString()
-      };
-      const decision = evaluateEnforcement(enhancedResult, {
-        confidenceThreshold,
-        defaultAction: blockOnHighConfidence ? "block" : "allow"
-      });
-      if (onAgentDetected && shouldEnforce(enhancedResult)) {
-        await onAgentDetected(enhancedResult);
-      }
-      if (decision.action === "block") {
-        return NextResponse.json(
-          {
-            error: blockedResponse.message,
-            agent: enhancedResult.agent,
-            confidence: Math.round(enhancedResult.confidence)
-          },
-          {
-            status: blockedResponse.status || 403,
-            headers: blockedResponse.headers || {}
-          }
-        );
-      }
-      const response = NextResponse.next();
-      if (enhancedResult.isAgent) {
-        response.headers.set("X-Agent-Detected", enhancedResult.agent || "unknown");
-        response.headers.set(
-          "X-Agent-Confidence",
-          String(Math.round(enhancedResult.confidence * 100))
-        );
-        response.headers.set("X-Agent-Verification", enhancedResult.verificationMethod);
-      }
-      return response;
-    } catch (error) {
-      console.error("AgentShield middleware error:", error);
-      return NextResponse.next();
-    }
-  };
-}
-async function instantiateWasm(wasmModule) {
-  try {
-    const instance = await WebAssembly.instantiate(wasmModule);
-    console.log("\u2705 AgentShield: WASM module loaded for cryptographic verification");
-    return instance;
-  } catch (error) {
-    console.warn("\u26A0\uFE0F AgentShield: Failed to instantiate WASM module", error);
-    throw error;
-  }
-}
-
-export { createWasmAgentShieldMiddleware, instantiateWasm };
-//# sourceMappingURL=wasm-middleware.mjs.map
-//# sourceMappingURL=wasm-middleware.mjs.map

package/dist/wasm-middleware.mjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/wasm-middleware.ts"],"names":[],"mappings":";;;;;AAqDO,SAAS,gCACd,MAAA,EAGA;AACA,EAAA,MAAM;AAAA,IACJ,eAAA;AAAA,IACA,qBAAA,GAAwB,KAAA;AAAA,IACxB,mBAAA,GAAsB,EAAA;AAAA;AAAA,IACtB,YAAY,EAAC;AAAA,IACb,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,kCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA;AAAA,GACF,GAAI,MAAA;AAEJ,EAAA,OAAO,eAAe,WAAW,OAAA,EAAsB;AAErD,IAAA,MAAM,IAAA,GAAO,QAAQ,OAAA,CAAQ,QAAA;AAC7B,IAAA,IAAI,SAAA,CAAU,KAAK,CAAC,IAAA,KAAS,KAAK,UAAA,CAAW,IAAI,CAAC,CAAA,EAAG;AACnD,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAEA,IAAA,IAAI;AAEF,MAAA,MAAM,QAAA,GAAW,IAAI,aAAA,EAAc;AAGnC,MAAA,MAAM,OAAA,GAAU,CAAC,CAAC,YAAA;AAGlB,MAAA,MAAM,QAAA,GAAW;AAAA,QACf,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,IAAK,KAAA,CAAA;AAAA,QAChD,SAAA,EACE,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,iBAAiB,KAAK,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAA,IAAK,KAAA,CAAA;AAAA,QAChF,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,SAAA,sBAAe,IAAA;AAAK,OACtB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,QAAQ,CAAA;AAG9C,MAAA,MAAM,cAAA,GAAsC;AAAA,QAC1C,SAAS,MAAA,CAAO,OAAA;AAAA,QAChB,aAAc,MAAA,CAA8C,WAAA;AAAA,QAG5D,UAAA,EACE,OAAA,IAAW,MAAA,CAAO,UAAA,GAAa,EAAA,GAC3B,IAAA,CAAK,GAAA,CAAI,MAAA,CAAO,UAAA,GAAa,IAAA,EAAM,GAAG,CAAA,GACtC,MAAA,CAAO,UAAA;AAAA,QACb,KAAA,EAAO,MAAA,CAAO,aAAA,EAAe,IAAA,IAAQ,KAAA,CAAA;AAAA,QACrC,kBAAA,EAAoB,OAAA,IAAW,MAAA,CAAO,UAAA,GAAa,KAAK,WAAA,GAAc,SAAA;AAAA;AAAA,QACtE,SAAA,EACE,OAAO,UAAA,GAAa,EAAA,GAChB,SACA,MAAA,CAAO,UAAA,GAAa,KAClB,QAAA,GACA,KAAA;AAAA;AAAA,QACR,SAAA,EACE,MAAA,CAAO,SAAA,YAAqB,IAAA,GACxB,MAAA,CAAO,SAAA,CAAU,WAAA,EAAY,GAC7B,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,EAAE,WAAA;AAAY,OAC/C;AAGA,MAAA,MAAM,QAAA,GAAW,oBAAoB,cAAA,EAAgB;AAAA,QACnD,mBAAA;AAAA,QACA,aAAA,EAAe,wBAAwB,OAAA,GAAU;AAAA,OAClD,CAAA;AAGD,MAAA,IAAI,eAAA,IAAmB,aAAA,CAAc,cAAc,CAAA,EAAG;AACpD,QAAA,MAAM,gBAAgB,cAAc,CAAA;AAAA,MACtC;AAGA,MAAA,IAAI,QAAA,CAAS,WAAW,OAAA,EAAS;AAC/B,QAAA,OAAO,YAAA,CAAa,IAAA;AAAA,UAClB;AAAA,YACE,OAAO,eAAA,CAAgB,OAAA;AAAA,YACvB,OAAO,cAAA,CAAe,KAAA;AAAA,YACtB,UAAA,EAAY,IAAA,CAAK,KAAA,CAAM,cAAA,CAAe,UAAU;AAAA,WAClD;AAAA,UACA;AAAA,YACE,MAAA,EAAQ,gBAAgB,MAAA,IAAU,GAAA;AAAA,YAClC,OAAA,EAAS,eAAA,CAAgB,OAAA,IAAW;AAAC;AACvC,SACF;AAAA,MACF;AAGA,MAAA,MAAM,QAAA,GAAW,aAAa,IAAA,EAAK;AACnC,MAAA,IAAI,eAAe,OAAA,EAAS;AAC1B,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,kBAAA,EAAoB,cAAA,CAAe,SAAS,SAAS,CAAA;AAC1E,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA;AAAA,UACf,oBAAA;AAAA,UACA,OAAO,IAAA,CAAK,KAAA,CAAM,cAAA,CAAe,UAAA,GAAa,GAAG,CAAC;AAAA,SACpD;AACA,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,sBAAA,EAAwB,cAAA,CAAe,kBAAkB,CAAA;AAAA,MAChF;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AAEpD,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF;AAYA,eAAsB,gBACpB,UAAA,EAC+B;AAC/B,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,WAAA,CAAY,WAAA,CAAY,UAAU,CAAA;AACzD,IAAA,OAAA,CAAQ,IAAI,uEAAkE,CAAA;AAC9E,IAAA,OAAO,QAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,IAAA,CAAK,+DAAqD,KAAK,CAAA;AACvE,IAAA,MAAM,KAAA;AAAA,EACR;AACF","file":"wasm-middleware.mjs","sourcesContent":["/**\n * WASM-enabled middleware for Next.js with AgentShield\n * Following official Next.js documentation for WebAssembly in Edge Runtime\n */\n\nimport type { NextRequest } from 'next/server';\nimport { NextResponse } from 'next/server';\nimport { AgentDetector } from '@kya-os/agentshield';\nimport { evaluateEnforcement, shouldEnforce } from '@kya-os/agentshield-shared';\n\n// Type definitions for WASM detection result\nexport interface WasmDetectionResult {\n  isAgent: boolean;\n  isAiCrawler?: boolean;\n  confidence: number;\n  agent?: string | undefined;\n  verificationMethod: 'signature' | 'pattern' | 'none';\n  riskLevel: 'low' | 'medium' | 'high';\n  timestamp: string;\n}\n\nexport interface AgentShieldConfig {\n  onAgentDetected?: (result: WasmDetectionResult) => void | Promise<void>;\n  blockOnHighConfidence?: boolean;\n  confidenceThreshold?: number;\n  skipPaths?: string[];\n  blockedResponse?: {\n    status?: number;\n    message?: string;\n    headers?: Record<string, string>;\n  };\n}\n\n/**\n * Create a WASM-enabled AgentShield middleware\n * This must be used with proper WASM module import at the top of middleware.ts\n *\n * @example\n * ```typescript\n * // middleware.ts\n * import wasmModule from '@kya-os/agentshield/wasm?module';\n * import { createWasmAgentShieldMiddleware } from '@kya-os/agentshield-nextjs';\n *\n * const wasmInstance = await WebAssembly.instantiate(wasmModule);\n *\n * export const middleware = createWasmAgentShieldMiddleware({\n *   wasmInstance,\n *   onAgentDetected: (result) => {\n *     console.log(`Detected ${result.agent} with ${result.confidence * 100}% confidence`);\n *   }\n * });\n * ```\n */\nexport function createWasmAgentShieldMiddleware(\n  config: AgentShieldConfig & {\n    wasmInstance?: WebAssembly.Instance;\n  }\n) {\n  const {\n    onAgentDetected,\n    blockOnHighConfidence = false,\n    confidenceThreshold = 80, // Updated to 0-100 scale (was 0.8)\n    skipPaths = [],\n    blockedResponse = {\n      status: 403,\n      message: 'Access denied: AI agent detected',\n      headers: { 'Content-Type': 'application/json' },\n    },\n    wasmInstance,\n  } = config;\n\n  return async function middleware(request: NextRequest) {\n    // Check if path should be skipped\n    const path = request.nextUrl.pathname;\n    if (skipPaths.some((skip) => path.startsWith(skip))) {\n      return NextResponse.next();\n    }\n\n    try {\n      // Create detector with or without WASM\n      const detector = new AgentDetector();\n\n      // If WASM instance is provided, we'll have higher confidence\n      const hasWasm = !!wasmInstance;\n\n      // Prepare request metadata\n      const metadata = {\n        userAgent: request.headers.get('user-agent') || undefined,\n        ipAddress:\n          request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || undefined,\n        headers: Object.fromEntries(request.headers.entries()),\n        timestamp: new Date(),\n      };\n\n      // Perform detection\n      const result = await detector.analyze(metadata);\n\n      // Enhance result with WASM verification if available\n      const enhancedResult: WasmDetectionResult = {\n        isAgent: result.isAgent,\n        isAiCrawler: (result as unknown as Record<string, unknown>).isAiCrawler as\n          | boolean\n          | undefined,\n        confidence:\n          hasWasm && result.confidence > 85 // Updated to 0-100 scale (was 0.85)\n            ? Math.min(result.confidence * 1.15, 100) // Boost confidence with WASM, cap at 100\n            : result.confidence,\n        agent: result.detectedAgent?.name || undefined,\n        verificationMethod: hasWasm && result.confidence > 85 ? 'signature' : 'pattern', // Updated to 0-100 scale\n        riskLevel:\n          result.confidence > 90\n            ? 'high' // Updated to 0-100 scale (was 0.9)\n            : result.confidence > 70\n              ? 'medium'\n              : 'low', // Updated to 0-100 scale (was 0.7)\n        timestamp:\n          result.timestamp instanceof Date\n            ? result.timestamp.toISOString()\n            : new Date(result.timestamp).toISOString(),\n      };\n\n      // Evaluate enforcement decision\n      const decision = evaluateEnforcement(enhancedResult, {\n        confidenceThreshold,\n        defaultAction: blockOnHighConfidence ? 'block' : 'allow',\n      });\n\n      // Call user callback for any enforced agent (regardless of threshold)\n      if (onAgentDetected && shouldEnforce(enhancedResult)) {\n        await onAgentDetected(enhancedResult);\n      }\n\n      // Block if enforcement decision says to block\n      if (decision.action === 'block') {\n        return NextResponse.json(\n          {\n            error: blockedResponse.message,\n            agent: enhancedResult.agent,\n            confidence: Math.round(enhancedResult.confidence),\n          },\n          {\n            status: blockedResponse.status || 403,\n            headers: blockedResponse.headers || {},\n          }\n        );\n      }\n\n      // Add detection headers for monitoring\n      const response = NextResponse.next();\n      if (enhancedResult.isAgent) {\n        response.headers.set('X-Agent-Detected', enhancedResult.agent || 'unknown');\n        response.headers.set(\n          'X-Agent-Confidence',\n          String(Math.round(enhancedResult.confidence * 100))\n        );\n        response.headers.set('X-Agent-Verification', enhancedResult.verificationMethod);\n      }\n\n      return response;\n    } catch (error) {\n      console.error('AgentShield middleware error:', error);\n      // On error, continue without blocking\n      return NextResponse.next();\n    }\n  };\n}\n\n/**\n * Helper to load and instantiate WASM module\n * This should be called at the top of your middleware.ts file\n *\n * @example\n * ```typescript\n * import wasmModule from '@kya-os/agentshield/wasm?module';\n * const wasmInstance = await instantiateWasm(wasmModule);\n * ```\n */\nexport async function instantiateWasm(\n  wasmModule: WebAssembly.Module\n): Promise<WebAssembly.Instance> {\n  try {\n    const instance = await WebAssembly.instantiate(wasmModule);\n    console.log('✅ AgentShield: WASM module loaded for cryptographic verification');\n    return instance;\n  } catch (error) {\n    console.warn('⚠️ AgentShield: Failed to instantiate WASM module', error);\n    throw error;\n  }\n}\n"]}

package/dist/wasm-setup.d.mts

@@ -1,46 +0,0 @@
-/**
- * WASM Setup for AgentShield in Next.js Edge Runtime
- *
- * This module handles WASM initialization for cryptographic signature verification.
- * Designed to work without top-level await to avoid Next.js middleware issues.
- *
- * Usage in middleware.ts:
- * ```typescript
- * import { setupWasm } from '@kya-os/agentshield-nextjs/wasm-setup';
- * import { createAgentShieldMiddleware } from '@kya-os/agentshield-nextjs';
- *
- * export async function middleware(request: NextRequest) {
- *   // Initialize WASM inside the middleware function
- *   await setupWasm();
- *
- *   const agentShieldMiddleware = createAgentShieldMiddleware({...});
- *   return agentShieldMiddleware(request);
- * }
- * ```
- */
-/**
- * Initialize WASM module for AgentShield
- *
- * This function:
- * - Loads WASM in production/Edge Runtime for cryptographic verification
- * - Skips WASM in test environments (Jest) automatically
- * - Is safe to call multiple times (idempotent)
- * - Handles errors gracefully with fallback to pattern detection
- *
- * @returns Promise that resolves when initialization is complete
- */
-declare function setupWasm(): Promise<void>;
-/**
- * Check if WASM has been initialized
- *
- * @returns true if WASM setup has been attempted (success or failure)
- */
-declare function isWasmInitialized(): boolean;
-/**
- * Reset WASM initialization state (mainly for testing)
- *
- * @internal
- */
-declare function resetWasmState(): void;
-
-export { isWasmInitialized, resetWasmState, setupWasm };

package/dist/wasm-setup.d.ts

@@ -1,46 +0,0 @@
-/**
- * WASM Setup for AgentShield in Next.js Edge Runtime
- *
- * This module handles WASM initialization for cryptographic signature verification.
- * Designed to work without top-level await to avoid Next.js middleware issues.
- *
- * Usage in middleware.ts:
- * ```typescript
- * import { setupWasm } from '@kya-os/agentshield-nextjs/wasm-setup';
- * import { createAgentShieldMiddleware } from '@kya-os/agentshield-nextjs';
- *
- * export async function middleware(request: NextRequest) {
- *   // Initialize WASM inside the middleware function
- *   await setupWasm();
- *
- *   const agentShieldMiddleware = createAgentShieldMiddleware({...});
- *   return agentShieldMiddleware(request);
- * }
- * ```
- */
-/**
- * Initialize WASM module for AgentShield
- *
- * This function:
- * - Loads WASM in production/Edge Runtime for cryptographic verification
- * - Skips WASM in test environments (Jest) automatically
- * - Is safe to call multiple times (idempotent)
- * - Handles errors gracefully with fallback to pattern detection
- *
- * @returns Promise that resolves when initialization is complete
- */
-declare function setupWasm(): Promise<void>;
-/**
- * Check if WASM has been initialized
- *
- * @returns true if WASM setup has been attempted (success or failure)
- */
-declare function isWasmInitialized(): boolean;
-/**
- * Reset WASM initialization state (mainly for testing)
- *
- * @internal
- */
-declare function resetWasmState(): void;
-
-export { isWasmInitialized, resetWasmState, setupWasm };