@kya-os/checkpoint-nextjs 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +95 -0
- package/dist/.tsbuildinfo +1 -1
- package/dist/adapt.js +0 -2
- package/dist/adapt.mjs +0 -2
- package/dist/api-client.js +38 -24
- package/dist/api-client.mjs +38 -24
- package/dist/api-middleware.js +48 -28
- package/dist/api-middleware.mjs +48 -28
- package/dist/create-middleware.d.mts +1 -1
- package/dist/create-middleware.d.ts +1 -1
- package/dist/create-middleware.js +0 -2
- package/dist/create-middleware.mjs +0 -2
- package/dist/edge/index.d.mts +1 -1
- package/dist/edge/index.d.ts +1 -1
- package/dist/edge/index.js +4 -6
- package/dist/edge/index.mjs +4 -6
- package/dist/edge-runtime-loader.js +0 -2
- package/dist/edge-runtime-loader.mjs +0 -2
- package/dist/edge-wasm-middleware.js +0 -2
- package/dist/edge-wasm-middleware.mjs +0 -2
- package/dist/index.d.mts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +53 -33
- package/dist/index.mjs +53 -33
- package/dist/middleware-edge.js +0 -2
- package/dist/middleware-edge.mjs +0 -2
- package/dist/middleware-node.js +0 -2
- package/dist/middleware-node.mjs +0 -2
- package/dist/middleware.d.mts +1 -1
- package/dist/middleware.d.ts +1 -1
- package/dist/middleware.js +0 -2
- package/dist/middleware.mjs +0 -2
- package/dist/nodejs-wasm-loader.js +0 -2
- package/dist/nodejs-wasm-loader.mjs +0 -2
- package/dist/policy.js +3 -5
- package/dist/policy.mjs +3 -5
- package/dist/session-tracker.js +1 -3
- package/dist/session-tracker.mjs +1 -3
- package/dist/signature-verifier.js +0 -2
- package/dist/signature-verifier.mjs +0 -2
- package/dist/translate.js +0 -2
- package/dist/translate.mjs +0 -2
- package/dist/{types-C-xCUNTr.d.mts → types-D9RQvPNy.d.mts} +1 -1
- package/dist/{types-C-xCUNTr.d.ts → types-D9RQvPNy.d.ts} +1 -1
- package/dist/wasm-middleware.js +0 -2
- package/dist/wasm-middleware.mjs +0 -2
- package/dist/wasm-setup.js +0 -2
- package/dist/wasm-setup.mjs +0 -2
- package/package.json +3 -3
- package/dist/adapt.js.map +0 -1
- package/dist/adapt.mjs.map +0 -1
- package/dist/api-client.js.map +0 -1
- package/dist/api-client.mjs.map +0 -1
- package/dist/api-middleware.js.map +0 -1
- package/dist/api-middleware.mjs.map +0 -1
- package/dist/create-middleware.js.map +0 -1
- package/dist/create-middleware.mjs.map +0 -1
- package/dist/edge/index.js.map +0 -1
- package/dist/edge/index.mjs.map +0 -1
- package/dist/edge-runtime-loader.js.map +0 -1
- package/dist/edge-runtime-loader.mjs.map +0 -1
- package/dist/edge-wasm-middleware.js.map +0 -1
- package/dist/edge-wasm-middleware.mjs.map +0 -1
- package/dist/index.js.map +0 -1
- package/dist/index.mjs.map +0 -1
- package/dist/middleware-edge.js.map +0 -1
- package/dist/middleware-edge.mjs.map +0 -1
- package/dist/middleware-node.js.map +0 -1
- package/dist/middleware-node.mjs.map +0 -1
- package/dist/middleware.js.map +0 -1
- package/dist/middleware.mjs.map +0 -1
- package/dist/nodejs-wasm-loader.js.map +0 -1
- package/dist/nodejs-wasm-loader.mjs.map +0 -1
- package/dist/policy.js.map +0 -1
- package/dist/policy.mjs.map +0 -1
- package/dist/session-tracker.js.map +0 -1
- package/dist/session-tracker.mjs.map +0 -1
- package/dist/signature-verifier.js.map +0 -1
- package/dist/signature-verifier.mjs.map +0 -1
- package/dist/translate.js.map +0 -1
- package/dist/translate.mjs.map +0 -1
- package/dist/wasm-middleware.js.map +0 -1
- package/dist/wasm-middleware.mjs.map +0 -1
- package/dist/wasm-setup.js.map +0 -1
- package/dist/wasm-setup.mjs.map +0 -1
package/dist/adapt.js
CHANGED
package/dist/adapt.mjs
CHANGED
package/dist/api-client.js
CHANGED
|
@@ -12,7 +12,7 @@ var CheckpointApiClient = class {
|
|
|
12
12
|
debug;
|
|
13
13
|
constructor(config) {
|
|
14
14
|
if (!config.apiKey) {
|
|
15
|
-
throw new Error("
|
|
15
|
+
throw new Error("Checkpoint API key is required");
|
|
16
16
|
}
|
|
17
17
|
this.apiKey = config.apiKey;
|
|
18
18
|
this.useEdge = config.useEdge !== false;
|
|
@@ -43,7 +43,7 @@ var CheckpointApiClient = class {
|
|
|
43
43
|
clearTimeout(timeoutId);
|
|
44
44
|
const data = await response.json();
|
|
45
45
|
if (this.debug) {
|
|
46
|
-
console.log("[
|
|
46
|
+
console.log("[Checkpoint] Enforce response:", {
|
|
47
47
|
status: response.status,
|
|
48
48
|
action: data.data?.decision.action,
|
|
49
49
|
processingTimeMs: Date.now() - startTime
|
|
@@ -66,7 +66,7 @@ var CheckpointApiClient = class {
|
|
|
66
66
|
} catch (error) {
|
|
67
67
|
if (error instanceof Error && error.name === "AbortError") {
|
|
68
68
|
if (this.debug) {
|
|
69
|
-
console.warn("[
|
|
69
|
+
console.warn("[Checkpoint] Request timed out");
|
|
70
70
|
}
|
|
71
71
|
return {
|
|
72
72
|
success: false,
|
|
@@ -77,7 +77,7 @@ var CheckpointApiClient = class {
|
|
|
77
77
|
};
|
|
78
78
|
}
|
|
79
79
|
if (this.debug) {
|
|
80
|
-
console.error("[
|
|
80
|
+
console.error("[Checkpoint] Request failed:", error);
|
|
81
81
|
}
|
|
82
82
|
return {
|
|
83
83
|
success: false,
|
|
@@ -155,7 +155,7 @@ var CheckpointApiClient = class {
|
|
|
155
155
|
});
|
|
156
156
|
clearTimeout(timeoutId);
|
|
157
157
|
if (!response.ok && this.debug) {
|
|
158
|
-
console.warn("[
|
|
158
|
+
console.warn("[Checkpoint] Log detection returned non-2xx:", response.status);
|
|
159
159
|
}
|
|
160
160
|
} catch (error) {
|
|
161
161
|
clearTimeout(timeoutId);
|
|
@@ -163,34 +163,50 @@ var CheckpointApiClient = class {
|
|
|
163
163
|
}
|
|
164
164
|
} catch (error) {
|
|
165
165
|
if (this.debug) {
|
|
166
|
-
console.error("[
|
|
166
|
+
console.error("[Checkpoint] Log detection failed:", error);
|
|
167
167
|
}
|
|
168
168
|
throw error;
|
|
169
169
|
}
|
|
170
170
|
}
|
|
171
171
|
};
|
|
172
|
-
var
|
|
172
|
+
var clientInstances = /* @__PURE__ */ new Map();
|
|
173
|
+
function resolveClientConfig(config) {
|
|
174
|
+
const apiKey = config?.apiKey || process.env.CHECKPOINT_API_KEY;
|
|
175
|
+
if (!apiKey) {
|
|
176
|
+
throw new Error(
|
|
177
|
+
"Checkpoint API key is required. Set CHECKPOINT_API_KEY environment variable or pass apiKey in config."
|
|
178
|
+
);
|
|
179
|
+
}
|
|
180
|
+
return {
|
|
181
|
+
apiKey,
|
|
182
|
+
baseUrl: config?.baseUrl || process.env.CHECKPOINT_API_URL,
|
|
183
|
+
// Default to edge detection unless explicitly disabled
|
|
184
|
+
useEdge: config?.useEdge ?? process.env.CHECKPOINT_USE_EDGE !== "false",
|
|
185
|
+
timeout: config?.timeout,
|
|
186
|
+
debug: config?.debug || process.env.CHECKPOINT_DEBUG === "true"
|
|
187
|
+
};
|
|
188
|
+
}
|
|
189
|
+
function clientCacheKey(config) {
|
|
190
|
+
return JSON.stringify([
|
|
191
|
+
config.apiKey,
|
|
192
|
+
config.baseUrl ?? "",
|
|
193
|
+
config.useEdge ?? true,
|
|
194
|
+
config.timeout ?? DEFAULT_TIMEOUT,
|
|
195
|
+
config.debug ?? false
|
|
196
|
+
]);
|
|
197
|
+
}
|
|
173
198
|
function getCheckpointApiClient(config) {
|
|
199
|
+
const resolvedConfig = resolveClientConfig(config);
|
|
200
|
+
const key = clientCacheKey(resolvedConfig);
|
|
201
|
+
let clientInstance = clientInstances.get(key);
|
|
174
202
|
if (!clientInstance) {
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
throw new Error(
|
|
178
|
-
"AgentShield API key is required. Set CHECKPOINT_API_KEY environment variable or pass apiKey in config."
|
|
179
|
-
);
|
|
180
|
-
}
|
|
181
|
-
clientInstance = new CheckpointApiClient({
|
|
182
|
-
apiKey,
|
|
183
|
-
baseUrl: config?.baseUrl || process.env.AGENTSHIELD_API_URL,
|
|
184
|
-
// Default to edge detection unless explicitly disabled
|
|
185
|
-
useEdge: config?.useEdge ?? process.env.AGENTSHIELD_USE_EDGE !== "false",
|
|
186
|
-
timeout: config?.timeout,
|
|
187
|
-
debug: config?.debug || process.env.AGENTSHIELD_DEBUG === "true"
|
|
188
|
-
});
|
|
203
|
+
clientInstance = new CheckpointApiClient(resolvedConfig);
|
|
204
|
+
clientInstances.set(key, clientInstance);
|
|
189
205
|
}
|
|
190
206
|
return clientInstance;
|
|
191
207
|
}
|
|
192
208
|
function resetCheckpointApiClient() {
|
|
193
|
-
|
|
209
|
+
clientInstances.clear();
|
|
194
210
|
}
|
|
195
211
|
var AgentShieldClient = CheckpointApiClient;
|
|
196
212
|
var getAgentShieldClient = getCheckpointApiClient;
|
|
@@ -202,5 +218,3 @@ exports.getAgentShieldClient = getAgentShieldClient;
|
|
|
202
218
|
exports.getCheckpointApiClient = getCheckpointApiClient;
|
|
203
219
|
exports.resetAgentShieldClient = resetAgentShieldClient;
|
|
204
220
|
exports.resetCheckpointApiClient = resetCheckpointApiClient;
|
|
205
|
-
//# sourceMappingURL=api-client.js.map
|
|
206
|
-
//# sourceMappingURL=api-client.js.map
|
package/dist/api-client.mjs
CHANGED
|
@@ -10,7 +10,7 @@ var CheckpointApiClient = class {
|
|
|
10
10
|
debug;
|
|
11
11
|
constructor(config) {
|
|
12
12
|
if (!config.apiKey) {
|
|
13
|
-
throw new Error("
|
|
13
|
+
throw new Error("Checkpoint API key is required");
|
|
14
14
|
}
|
|
15
15
|
this.apiKey = config.apiKey;
|
|
16
16
|
this.useEdge = config.useEdge !== false;
|
|
@@ -41,7 +41,7 @@ var CheckpointApiClient = class {
|
|
|
41
41
|
clearTimeout(timeoutId);
|
|
42
42
|
const data = await response.json();
|
|
43
43
|
if (this.debug) {
|
|
44
|
-
console.log("[
|
|
44
|
+
console.log("[Checkpoint] Enforce response:", {
|
|
45
45
|
status: response.status,
|
|
46
46
|
action: data.data?.decision.action,
|
|
47
47
|
processingTimeMs: Date.now() - startTime
|
|
@@ -64,7 +64,7 @@ var CheckpointApiClient = class {
|
|
|
64
64
|
} catch (error) {
|
|
65
65
|
if (error instanceof Error && error.name === "AbortError") {
|
|
66
66
|
if (this.debug) {
|
|
67
|
-
console.warn("[
|
|
67
|
+
console.warn("[Checkpoint] Request timed out");
|
|
68
68
|
}
|
|
69
69
|
return {
|
|
70
70
|
success: false,
|
|
@@ -75,7 +75,7 @@ var CheckpointApiClient = class {
|
|
|
75
75
|
};
|
|
76
76
|
}
|
|
77
77
|
if (this.debug) {
|
|
78
|
-
console.error("[
|
|
78
|
+
console.error("[Checkpoint] Request failed:", error);
|
|
79
79
|
}
|
|
80
80
|
return {
|
|
81
81
|
success: false,
|
|
@@ -153,7 +153,7 @@ var CheckpointApiClient = class {
|
|
|
153
153
|
});
|
|
154
154
|
clearTimeout(timeoutId);
|
|
155
155
|
if (!response.ok && this.debug) {
|
|
156
|
-
console.warn("[
|
|
156
|
+
console.warn("[Checkpoint] Log detection returned non-2xx:", response.status);
|
|
157
157
|
}
|
|
158
158
|
} catch (error) {
|
|
159
159
|
clearTimeout(timeoutId);
|
|
@@ -161,39 +161,53 @@ var CheckpointApiClient = class {
|
|
|
161
161
|
}
|
|
162
162
|
} catch (error) {
|
|
163
163
|
if (this.debug) {
|
|
164
|
-
console.error("[
|
|
164
|
+
console.error("[Checkpoint] Log detection failed:", error);
|
|
165
165
|
}
|
|
166
166
|
throw error;
|
|
167
167
|
}
|
|
168
168
|
}
|
|
169
169
|
};
|
|
170
|
-
var
|
|
170
|
+
var clientInstances = /* @__PURE__ */ new Map();
|
|
171
|
+
function resolveClientConfig(config) {
|
|
172
|
+
const apiKey = config?.apiKey || process.env.CHECKPOINT_API_KEY;
|
|
173
|
+
if (!apiKey) {
|
|
174
|
+
throw new Error(
|
|
175
|
+
"Checkpoint API key is required. Set CHECKPOINT_API_KEY environment variable or pass apiKey in config."
|
|
176
|
+
);
|
|
177
|
+
}
|
|
178
|
+
return {
|
|
179
|
+
apiKey,
|
|
180
|
+
baseUrl: config?.baseUrl || process.env.CHECKPOINT_API_URL,
|
|
181
|
+
// Default to edge detection unless explicitly disabled
|
|
182
|
+
useEdge: config?.useEdge ?? process.env.CHECKPOINT_USE_EDGE !== "false",
|
|
183
|
+
timeout: config?.timeout,
|
|
184
|
+
debug: config?.debug || process.env.CHECKPOINT_DEBUG === "true"
|
|
185
|
+
};
|
|
186
|
+
}
|
|
187
|
+
function clientCacheKey(config) {
|
|
188
|
+
return JSON.stringify([
|
|
189
|
+
config.apiKey,
|
|
190
|
+
config.baseUrl ?? "",
|
|
191
|
+
config.useEdge ?? true,
|
|
192
|
+
config.timeout ?? DEFAULT_TIMEOUT,
|
|
193
|
+
config.debug ?? false
|
|
194
|
+
]);
|
|
195
|
+
}
|
|
171
196
|
function getCheckpointApiClient(config) {
|
|
197
|
+
const resolvedConfig = resolveClientConfig(config);
|
|
198
|
+
const key = clientCacheKey(resolvedConfig);
|
|
199
|
+
let clientInstance = clientInstances.get(key);
|
|
172
200
|
if (!clientInstance) {
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
throw new Error(
|
|
176
|
-
"AgentShield API key is required. Set CHECKPOINT_API_KEY environment variable or pass apiKey in config."
|
|
177
|
-
);
|
|
178
|
-
}
|
|
179
|
-
clientInstance = new CheckpointApiClient({
|
|
180
|
-
apiKey,
|
|
181
|
-
baseUrl: config?.baseUrl || process.env.AGENTSHIELD_API_URL,
|
|
182
|
-
// Default to edge detection unless explicitly disabled
|
|
183
|
-
useEdge: config?.useEdge ?? process.env.AGENTSHIELD_USE_EDGE !== "false",
|
|
184
|
-
timeout: config?.timeout,
|
|
185
|
-
debug: config?.debug || process.env.AGENTSHIELD_DEBUG === "true"
|
|
186
|
-
});
|
|
201
|
+
clientInstance = new CheckpointApiClient(resolvedConfig);
|
|
202
|
+
clientInstances.set(key, clientInstance);
|
|
187
203
|
}
|
|
188
204
|
return clientInstance;
|
|
189
205
|
}
|
|
190
206
|
function resetCheckpointApiClient() {
|
|
191
|
-
|
|
207
|
+
clientInstances.clear();
|
|
192
208
|
}
|
|
193
209
|
var AgentShieldClient = CheckpointApiClient;
|
|
194
210
|
var getAgentShieldClient = getCheckpointApiClient;
|
|
195
211
|
var resetAgentShieldClient = resetCheckpointApiClient;
|
|
196
212
|
|
|
197
213
|
export { AgentShieldClient, CheckpointApiClient, getAgentShieldClient, getCheckpointApiClient, resetAgentShieldClient, resetCheckpointApiClient };
|
|
198
|
-
//# sourceMappingURL=api-client.mjs.map
|
|
199
|
-
//# sourceMappingURL=api-client.mjs.map
|
package/dist/api-middleware.js
CHANGED
|
@@ -17,7 +17,7 @@ var CheckpointApiClient = class {
|
|
|
17
17
|
debug;
|
|
18
18
|
constructor(config) {
|
|
19
19
|
if (!config.apiKey) {
|
|
20
|
-
throw new Error("
|
|
20
|
+
throw new Error("Checkpoint API key is required");
|
|
21
21
|
}
|
|
22
22
|
this.apiKey = config.apiKey;
|
|
23
23
|
this.useEdge = config.useEdge !== false;
|
|
@@ -48,7 +48,7 @@ var CheckpointApiClient = class {
|
|
|
48
48
|
clearTimeout(timeoutId);
|
|
49
49
|
const data = await response.json();
|
|
50
50
|
if (this.debug) {
|
|
51
|
-
console.log("[
|
|
51
|
+
console.log("[Checkpoint] Enforce response:", {
|
|
52
52
|
status: response.status,
|
|
53
53
|
action: data.data?.decision.action,
|
|
54
54
|
processingTimeMs: Date.now() - startTime
|
|
@@ -71,7 +71,7 @@ var CheckpointApiClient = class {
|
|
|
71
71
|
} catch (error) {
|
|
72
72
|
if (error instanceof Error && error.name === "AbortError") {
|
|
73
73
|
if (this.debug) {
|
|
74
|
-
console.warn("[
|
|
74
|
+
console.warn("[Checkpoint] Request timed out");
|
|
75
75
|
}
|
|
76
76
|
return {
|
|
77
77
|
success: false,
|
|
@@ -82,7 +82,7 @@ var CheckpointApiClient = class {
|
|
|
82
82
|
};
|
|
83
83
|
}
|
|
84
84
|
if (this.debug) {
|
|
85
|
-
console.error("[
|
|
85
|
+
console.error("[Checkpoint] Request failed:", error);
|
|
86
86
|
}
|
|
87
87
|
return {
|
|
88
88
|
success: false,
|
|
@@ -160,7 +160,7 @@ var CheckpointApiClient = class {
|
|
|
160
160
|
});
|
|
161
161
|
clearTimeout(timeoutId);
|
|
162
162
|
if (!response.ok && this.debug) {
|
|
163
|
-
console.warn("[
|
|
163
|
+
console.warn("[Checkpoint] Log detection returned non-2xx:", response.status);
|
|
164
164
|
}
|
|
165
165
|
} catch (error) {
|
|
166
166
|
clearTimeout(timeoutId);
|
|
@@ -168,29 +168,45 @@ var CheckpointApiClient = class {
|
|
|
168
168
|
}
|
|
169
169
|
} catch (error) {
|
|
170
170
|
if (this.debug) {
|
|
171
|
-
console.error("[
|
|
171
|
+
console.error("[Checkpoint] Log detection failed:", error);
|
|
172
172
|
}
|
|
173
173
|
throw error;
|
|
174
174
|
}
|
|
175
175
|
}
|
|
176
176
|
};
|
|
177
|
-
var
|
|
177
|
+
var clientInstances = /* @__PURE__ */ new Map();
|
|
178
|
+
function resolveClientConfig(config) {
|
|
179
|
+
const apiKey = config?.apiKey || process.env.CHECKPOINT_API_KEY;
|
|
180
|
+
if (!apiKey) {
|
|
181
|
+
throw new Error(
|
|
182
|
+
"Checkpoint API key is required. Set CHECKPOINT_API_KEY environment variable or pass apiKey in config."
|
|
183
|
+
);
|
|
184
|
+
}
|
|
185
|
+
return {
|
|
186
|
+
apiKey,
|
|
187
|
+
baseUrl: config?.baseUrl || process.env.CHECKPOINT_API_URL,
|
|
188
|
+
// Default to edge detection unless explicitly disabled
|
|
189
|
+
useEdge: config?.useEdge ?? process.env.CHECKPOINT_USE_EDGE !== "false",
|
|
190
|
+
timeout: config?.timeout,
|
|
191
|
+
debug: config?.debug || process.env.CHECKPOINT_DEBUG === "true"
|
|
192
|
+
};
|
|
193
|
+
}
|
|
194
|
+
function clientCacheKey(config) {
|
|
195
|
+
return JSON.stringify([
|
|
196
|
+
config.apiKey,
|
|
197
|
+
config.baseUrl ?? "",
|
|
198
|
+
config.useEdge ?? true,
|
|
199
|
+
config.timeout ?? DEFAULT_TIMEOUT,
|
|
200
|
+
config.debug ?? false
|
|
201
|
+
]);
|
|
202
|
+
}
|
|
178
203
|
function getCheckpointApiClient(config) {
|
|
204
|
+
const resolvedConfig = resolveClientConfig(config);
|
|
205
|
+
const key = clientCacheKey(resolvedConfig);
|
|
206
|
+
let clientInstance = clientInstances.get(key);
|
|
179
207
|
if (!clientInstance) {
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
throw new Error(
|
|
183
|
-
"AgentShield API key is required. Set CHECKPOINT_API_KEY environment variable or pass apiKey in config."
|
|
184
|
-
);
|
|
185
|
-
}
|
|
186
|
-
clientInstance = new CheckpointApiClient({
|
|
187
|
-
apiKey,
|
|
188
|
-
baseUrl: config?.baseUrl || process.env.AGENTSHIELD_API_URL,
|
|
189
|
-
// Default to edge detection unless explicitly disabled
|
|
190
|
-
useEdge: config?.useEdge ?? process.env.AGENTSHIELD_USE_EDGE !== "false",
|
|
191
|
-
timeout: config?.timeout,
|
|
192
|
-
debug: config?.debug || process.env.AGENTSHIELD_DEBUG === "true"
|
|
193
|
-
});
|
|
208
|
+
clientInstance = new CheckpointApiClient(resolvedConfig);
|
|
209
|
+
clientInstances.set(key, clientInstance);
|
|
194
210
|
}
|
|
195
211
|
return clientInstance;
|
|
196
212
|
}
|
|
@@ -408,7 +424,7 @@ function withCheckpointApi(config = {}) {
|
|
|
408
424
|
});
|
|
409
425
|
if (!result.success || !result.data) {
|
|
410
426
|
if (config.debug) {
|
|
411
|
-
console.warn("[
|
|
427
|
+
console.warn("[Checkpoint] API error:", result.error);
|
|
412
428
|
}
|
|
413
429
|
if (failOpen) {
|
|
414
430
|
return server.NextResponse.next();
|
|
@@ -420,7 +436,7 @@ function withCheckpointApi(config = {}) {
|
|
|
420
436
|
}
|
|
421
437
|
const decision = result.data.decision;
|
|
422
438
|
if (config.debug) {
|
|
423
|
-
console.log("[
|
|
439
|
+
console.log("[Checkpoint] Decision:", {
|
|
424
440
|
path,
|
|
425
441
|
action: decision.action,
|
|
426
442
|
isAgent: decision.isAgent,
|
|
@@ -436,12 +452,18 @@ function withCheckpointApi(config = {}) {
|
|
|
436
452
|
context: { userAgent, ipAddress, path, url: request.url, method: request.method }
|
|
437
453
|
}).catch((err) => {
|
|
438
454
|
if (config.debug) {
|
|
439
|
-
console.error("[
|
|
455
|
+
console.error("[Checkpoint] Log detection failed:", err);
|
|
440
456
|
}
|
|
441
457
|
});
|
|
442
458
|
}
|
|
443
459
|
if (decision.isAgent && config.onAgentDetected) {
|
|
444
|
-
|
|
460
|
+
try {
|
|
461
|
+
await config.onAgentDetected(request, decision);
|
|
462
|
+
} catch (error) {
|
|
463
|
+
if (config.debug) {
|
|
464
|
+
console.error("[Checkpoint] onAgentDetected callback failed:", error);
|
|
465
|
+
}
|
|
466
|
+
}
|
|
445
467
|
}
|
|
446
468
|
const redirectMode = config.redirectMode ?? "instruct";
|
|
447
469
|
switch (decision.action) {
|
|
@@ -481,7 +503,7 @@ function withCheckpointApi(config = {}) {
|
|
|
481
503
|
}
|
|
482
504
|
} catch (error) {
|
|
483
505
|
if (config.debug) {
|
|
484
|
-
console.error("[
|
|
506
|
+
console.error("[Checkpoint] Middleware error:", error);
|
|
485
507
|
}
|
|
486
508
|
if (failOpen) {
|
|
487
509
|
return server.NextResponse.next();
|
|
@@ -506,5 +528,3 @@ exports.agentShieldMiddleware = agentShieldMiddleware;
|
|
|
506
528
|
exports.createEnhancedAgentShieldMiddleware = createEnhancedAgentShieldMiddleware;
|
|
507
529
|
exports.withAgentShield = withAgentShield;
|
|
508
530
|
exports.withCheckpointApi = withCheckpointApi;
|
|
509
|
-
//# sourceMappingURL=api-middleware.js.map
|
|
510
|
-
//# sourceMappingURL=api-middleware.js.map
|
package/dist/api-middleware.mjs
CHANGED
|
@@ -15,7 +15,7 @@ var CheckpointApiClient = class {
|
|
|
15
15
|
debug;
|
|
16
16
|
constructor(config) {
|
|
17
17
|
if (!config.apiKey) {
|
|
18
|
-
throw new Error("
|
|
18
|
+
throw new Error("Checkpoint API key is required");
|
|
19
19
|
}
|
|
20
20
|
this.apiKey = config.apiKey;
|
|
21
21
|
this.useEdge = config.useEdge !== false;
|
|
@@ -46,7 +46,7 @@ var CheckpointApiClient = class {
|
|
|
46
46
|
clearTimeout(timeoutId);
|
|
47
47
|
const data = await response.json();
|
|
48
48
|
if (this.debug) {
|
|
49
|
-
console.log("[
|
|
49
|
+
console.log("[Checkpoint] Enforce response:", {
|
|
50
50
|
status: response.status,
|
|
51
51
|
action: data.data?.decision.action,
|
|
52
52
|
processingTimeMs: Date.now() - startTime
|
|
@@ -69,7 +69,7 @@ var CheckpointApiClient = class {
|
|
|
69
69
|
} catch (error) {
|
|
70
70
|
if (error instanceof Error && error.name === "AbortError") {
|
|
71
71
|
if (this.debug) {
|
|
72
|
-
console.warn("[
|
|
72
|
+
console.warn("[Checkpoint] Request timed out");
|
|
73
73
|
}
|
|
74
74
|
return {
|
|
75
75
|
success: false,
|
|
@@ -80,7 +80,7 @@ var CheckpointApiClient = class {
|
|
|
80
80
|
};
|
|
81
81
|
}
|
|
82
82
|
if (this.debug) {
|
|
83
|
-
console.error("[
|
|
83
|
+
console.error("[Checkpoint] Request failed:", error);
|
|
84
84
|
}
|
|
85
85
|
return {
|
|
86
86
|
success: false,
|
|
@@ -158,7 +158,7 @@ var CheckpointApiClient = class {
|
|
|
158
158
|
});
|
|
159
159
|
clearTimeout(timeoutId);
|
|
160
160
|
if (!response.ok && this.debug) {
|
|
161
|
-
console.warn("[
|
|
161
|
+
console.warn("[Checkpoint] Log detection returned non-2xx:", response.status);
|
|
162
162
|
}
|
|
163
163
|
} catch (error) {
|
|
164
164
|
clearTimeout(timeoutId);
|
|
@@ -166,29 +166,45 @@ var CheckpointApiClient = class {
|
|
|
166
166
|
}
|
|
167
167
|
} catch (error) {
|
|
168
168
|
if (this.debug) {
|
|
169
|
-
console.error("[
|
|
169
|
+
console.error("[Checkpoint] Log detection failed:", error);
|
|
170
170
|
}
|
|
171
171
|
throw error;
|
|
172
172
|
}
|
|
173
173
|
}
|
|
174
174
|
};
|
|
175
|
-
var
|
|
175
|
+
var clientInstances = /* @__PURE__ */ new Map();
|
|
176
|
+
function resolveClientConfig(config) {
|
|
177
|
+
const apiKey = config?.apiKey || process.env.CHECKPOINT_API_KEY;
|
|
178
|
+
if (!apiKey) {
|
|
179
|
+
throw new Error(
|
|
180
|
+
"Checkpoint API key is required. Set CHECKPOINT_API_KEY environment variable or pass apiKey in config."
|
|
181
|
+
);
|
|
182
|
+
}
|
|
183
|
+
return {
|
|
184
|
+
apiKey,
|
|
185
|
+
baseUrl: config?.baseUrl || process.env.CHECKPOINT_API_URL,
|
|
186
|
+
// Default to edge detection unless explicitly disabled
|
|
187
|
+
useEdge: config?.useEdge ?? process.env.CHECKPOINT_USE_EDGE !== "false",
|
|
188
|
+
timeout: config?.timeout,
|
|
189
|
+
debug: config?.debug || process.env.CHECKPOINT_DEBUG === "true"
|
|
190
|
+
};
|
|
191
|
+
}
|
|
192
|
+
function clientCacheKey(config) {
|
|
193
|
+
return JSON.stringify([
|
|
194
|
+
config.apiKey,
|
|
195
|
+
config.baseUrl ?? "",
|
|
196
|
+
config.useEdge ?? true,
|
|
197
|
+
config.timeout ?? DEFAULT_TIMEOUT,
|
|
198
|
+
config.debug ?? false
|
|
199
|
+
]);
|
|
200
|
+
}
|
|
176
201
|
function getCheckpointApiClient(config) {
|
|
202
|
+
const resolvedConfig = resolveClientConfig(config);
|
|
203
|
+
const key = clientCacheKey(resolvedConfig);
|
|
204
|
+
let clientInstance = clientInstances.get(key);
|
|
177
205
|
if (!clientInstance) {
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
throw new Error(
|
|
181
|
-
"AgentShield API key is required. Set CHECKPOINT_API_KEY environment variable or pass apiKey in config."
|
|
182
|
-
);
|
|
183
|
-
}
|
|
184
|
-
clientInstance = new CheckpointApiClient({
|
|
185
|
-
apiKey,
|
|
186
|
-
baseUrl: config?.baseUrl || process.env.AGENTSHIELD_API_URL,
|
|
187
|
-
// Default to edge detection unless explicitly disabled
|
|
188
|
-
useEdge: config?.useEdge ?? process.env.AGENTSHIELD_USE_EDGE !== "false",
|
|
189
|
-
timeout: config?.timeout,
|
|
190
|
-
debug: config?.debug || process.env.AGENTSHIELD_DEBUG === "true"
|
|
191
|
-
});
|
|
206
|
+
clientInstance = new CheckpointApiClient(resolvedConfig);
|
|
207
|
+
clientInstances.set(key, clientInstance);
|
|
192
208
|
}
|
|
193
209
|
return clientInstance;
|
|
194
210
|
}
|
|
@@ -406,7 +422,7 @@ function withCheckpointApi(config = {}) {
|
|
|
406
422
|
});
|
|
407
423
|
if (!result.success || !result.data) {
|
|
408
424
|
if (config.debug) {
|
|
409
|
-
console.warn("[
|
|
425
|
+
console.warn("[Checkpoint] API error:", result.error);
|
|
410
426
|
}
|
|
411
427
|
if (failOpen) {
|
|
412
428
|
return NextResponse.next();
|
|
@@ -418,7 +434,7 @@ function withCheckpointApi(config = {}) {
|
|
|
418
434
|
}
|
|
419
435
|
const decision = result.data.decision;
|
|
420
436
|
if (config.debug) {
|
|
421
|
-
console.log("[
|
|
437
|
+
console.log("[Checkpoint] Decision:", {
|
|
422
438
|
path,
|
|
423
439
|
action: decision.action,
|
|
424
440
|
isAgent: decision.isAgent,
|
|
@@ -434,12 +450,18 @@ function withCheckpointApi(config = {}) {
|
|
|
434
450
|
context: { userAgent, ipAddress, path, url: request.url, method: request.method }
|
|
435
451
|
}).catch((err) => {
|
|
436
452
|
if (config.debug) {
|
|
437
|
-
console.error("[
|
|
453
|
+
console.error("[Checkpoint] Log detection failed:", err);
|
|
438
454
|
}
|
|
439
455
|
});
|
|
440
456
|
}
|
|
441
457
|
if (decision.isAgent && config.onAgentDetected) {
|
|
442
|
-
|
|
458
|
+
try {
|
|
459
|
+
await config.onAgentDetected(request, decision);
|
|
460
|
+
} catch (error) {
|
|
461
|
+
if (config.debug) {
|
|
462
|
+
console.error("[Checkpoint] onAgentDetected callback failed:", error);
|
|
463
|
+
}
|
|
464
|
+
}
|
|
443
465
|
}
|
|
444
466
|
const redirectMode = config.redirectMode ?? "instruct";
|
|
445
467
|
switch (decision.action) {
|
|
@@ -479,7 +501,7 @@ function withCheckpointApi(config = {}) {
|
|
|
479
501
|
}
|
|
480
502
|
} catch (error) {
|
|
481
503
|
if (config.debug) {
|
|
482
|
-
console.error("[
|
|
504
|
+
console.error("[Checkpoint] Middleware error:", error);
|
|
483
505
|
}
|
|
484
506
|
if (failOpen) {
|
|
485
507
|
return NextResponse.next();
|
|
@@ -501,5 +523,3 @@ function createEnhancedAgentShieldMiddleware(_config = {}) {
|
|
|
501
523
|
}
|
|
502
524
|
|
|
503
525
|
export { agentShieldMiddleware, createEnhancedAgentShieldMiddleware, withAgentShield, withCheckpointApi };
|
|
504
|
-
//# sourceMappingURL=api-middleware.mjs.map
|
|
505
|
-
//# sourceMappingURL=api-middleware.mjs.map
|
|
@@ -34,5 +34,3 @@ function createAgentShieldMiddleware2(config) {
|
|
|
34
34
|
|
|
35
35
|
exports.createAgentShieldMiddleware = createAgentShieldMiddleware2;
|
|
36
36
|
exports.createMiddleware = createAgentShieldMiddleware2;
|
|
37
|
-
//# sourceMappingURL=create-middleware.js.map
|
|
38
|
-
//# sourceMappingURL=create-middleware.js.map
|
|
@@ -31,5 +31,3 @@ function createAgentShieldMiddleware2(config) {
|
|
|
31
31
|
}
|
|
32
32
|
|
|
33
33
|
export { createAgentShieldMiddleware2 as createAgentShieldMiddleware, createAgentShieldMiddleware2 as createMiddleware };
|
|
34
|
-
//# sourceMappingURL=create-middleware.mjs.map
|
|
35
|
-
//# sourceMappingURL=create-middleware.mjs.map
|
package/dist/edge/index.d.mts
CHANGED
|
@@ -15,7 +15,7 @@ export { DetectionResult } from '@kya-os/checkpoint-shared';
|
|
|
15
15
|
*
|
|
16
16
|
* export const middleware = createEdgeMiddleware({
|
|
17
17
|
* wasmModule,
|
|
18
|
-
* apiKey: process.env.
|
|
18
|
+
* apiKey: process.env.CHECKPOINT_API_KEY,
|
|
19
19
|
* onAgentDetected: 'block',
|
|
20
20
|
* });
|
|
21
21
|
* ```
|
package/dist/edge/index.d.ts
CHANGED
|
@@ -15,7 +15,7 @@ export { DetectionResult } from '@kya-os/checkpoint-shared';
|
|
|
15
15
|
*
|
|
16
16
|
* export const middleware = createEdgeMiddleware({
|
|
17
17
|
* wasmModule,
|
|
18
|
-
* apiKey: process.env.
|
|
18
|
+
* apiKey: process.env.CHECKPOINT_API_KEY,
|
|
19
19
|
* onAgentDetected: 'block',
|
|
20
20
|
* });
|
|
21
21
|
* ```
|
package/dist/edge/index.js
CHANGED
|
@@ -93,7 +93,7 @@ async function createDetector(config) {
|
|
|
93
93
|
});
|
|
94
94
|
await wasmDetector.ensureReady();
|
|
95
95
|
if (config.debug) {
|
|
96
|
-
console.debug("[
|
|
96
|
+
console.debug("[Checkpoint] WASM detector initialized in Edge Runtime", {
|
|
97
97
|
policyEnabled: !!config.apiKey
|
|
98
98
|
});
|
|
99
99
|
}
|
|
@@ -120,7 +120,7 @@ async function createDetector(config) {
|
|
|
120
120
|
};
|
|
121
121
|
} catch (error) {
|
|
122
122
|
if (config.debug) {
|
|
123
|
-
console.warn("[
|
|
123
|
+
console.warn("[Checkpoint] WASM runtime not available, using pattern detection:", error);
|
|
124
124
|
}
|
|
125
125
|
detector = {
|
|
126
126
|
detect: patternDetect,
|
|
@@ -129,7 +129,7 @@ async function createDetector(config) {
|
|
|
129
129
|
}
|
|
130
130
|
} else {
|
|
131
131
|
if (config.debug) {
|
|
132
|
-
console.debug("[
|
|
132
|
+
console.debug("[Checkpoint] No WASM module provided, using pattern detection");
|
|
133
133
|
}
|
|
134
134
|
detector = {
|
|
135
135
|
detect: patternDetect,
|
|
@@ -180,7 +180,7 @@ function createEdgeMiddleware(config = {}) {
|
|
|
180
180
|
const result = await detector.detect(input);
|
|
181
181
|
if (result.shouldBlock) {
|
|
182
182
|
if (debug) {
|
|
183
|
-
console.debug("[
|
|
183
|
+
console.debug("[Checkpoint] Blocked by policy", {
|
|
184
184
|
reason: result.blockReason,
|
|
185
185
|
agent: result.detectedAgent?.name,
|
|
186
186
|
confidence: result.confidence,
|
|
@@ -273,5 +273,3 @@ function createEdgeMiddleware(config = {}) {
|
|
|
273
273
|
}
|
|
274
274
|
|
|
275
275
|
exports.createEdgeMiddleware = createEdgeMiddleware;
|
|
276
|
-
//# sourceMappingURL=index.js.map
|
|
277
|
-
//# sourceMappingURL=index.js.map
|