@kya-os/checkpoint-nextjs 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (85) hide show
  1. package/CHANGELOG.md +95 -0
  2. package/dist/.tsbuildinfo +1 -1
  3. package/dist/adapt.js +0 -2
  4. package/dist/adapt.mjs +0 -2
  5. package/dist/api-client.js +38 -24
  6. package/dist/api-client.mjs +38 -24
  7. package/dist/api-middleware.js +48 -28
  8. package/dist/api-middleware.mjs +48 -28
  9. package/dist/create-middleware.d.mts +1 -1
  10. package/dist/create-middleware.d.ts +1 -1
  11. package/dist/create-middleware.js +0 -2
  12. package/dist/create-middleware.mjs +0 -2
  13. package/dist/edge/index.d.mts +1 -1
  14. package/dist/edge/index.d.ts +1 -1
  15. package/dist/edge/index.js +4 -6
  16. package/dist/edge/index.mjs +4 -6
  17. package/dist/edge-runtime-loader.js +0 -2
  18. package/dist/edge-runtime-loader.mjs +0 -2
  19. package/dist/edge-wasm-middleware.js +0 -2
  20. package/dist/edge-wasm-middleware.mjs +0 -2
  21. package/dist/index.d.mts +1 -1
  22. package/dist/index.d.ts +1 -1
  23. package/dist/index.js +53 -33
  24. package/dist/index.mjs +53 -33
  25. package/dist/middleware-edge.js +0 -2
  26. package/dist/middleware-edge.mjs +0 -2
  27. package/dist/middleware-node.js +0 -2
  28. package/dist/middleware-node.mjs +0 -2
  29. package/dist/middleware.d.mts +1 -1
  30. package/dist/middleware.d.ts +1 -1
  31. package/dist/middleware.js +0 -2
  32. package/dist/middleware.mjs +0 -2
  33. package/dist/nodejs-wasm-loader.js +0 -2
  34. package/dist/nodejs-wasm-loader.mjs +0 -2
  35. package/dist/policy.js +3 -5
  36. package/dist/policy.mjs +3 -5
  37. package/dist/session-tracker.js +1 -3
  38. package/dist/session-tracker.mjs +1 -3
  39. package/dist/signature-verifier.js +0 -2
  40. package/dist/signature-verifier.mjs +0 -2
  41. package/dist/translate.js +0 -2
  42. package/dist/translate.mjs +0 -2
  43. package/dist/{types-C-xCUNTr.d.mts → types-D9RQvPNy.d.mts} +1 -1
  44. package/dist/{types-C-xCUNTr.d.ts → types-D9RQvPNy.d.ts} +1 -1
  45. package/dist/wasm-middleware.js +0 -2
  46. package/dist/wasm-middleware.mjs +0 -2
  47. package/dist/wasm-setup.js +0 -2
  48. package/dist/wasm-setup.mjs +0 -2
  49. package/package.json +3 -3
  50. package/dist/adapt.js.map +0 -1
  51. package/dist/adapt.mjs.map +0 -1
  52. package/dist/api-client.js.map +0 -1
  53. package/dist/api-client.mjs.map +0 -1
  54. package/dist/api-middleware.js.map +0 -1
  55. package/dist/api-middleware.mjs.map +0 -1
  56. package/dist/create-middleware.js.map +0 -1
  57. package/dist/create-middleware.mjs.map +0 -1
  58. package/dist/edge/index.js.map +0 -1
  59. package/dist/edge/index.mjs.map +0 -1
  60. package/dist/edge-runtime-loader.js.map +0 -1
  61. package/dist/edge-runtime-loader.mjs.map +0 -1
  62. package/dist/edge-wasm-middleware.js.map +0 -1
  63. package/dist/edge-wasm-middleware.mjs.map +0 -1
  64. package/dist/index.js.map +0 -1
  65. package/dist/index.mjs.map +0 -1
  66. package/dist/middleware-edge.js.map +0 -1
  67. package/dist/middleware-edge.mjs.map +0 -1
  68. package/dist/middleware-node.js.map +0 -1
  69. package/dist/middleware-node.mjs.map +0 -1
  70. package/dist/middleware.js.map +0 -1
  71. package/dist/middleware.mjs.map +0 -1
  72. package/dist/nodejs-wasm-loader.js.map +0 -1
  73. package/dist/nodejs-wasm-loader.mjs.map +0 -1
  74. package/dist/policy.js.map +0 -1
  75. package/dist/policy.mjs.map +0 -1
  76. package/dist/session-tracker.js.map +0 -1
  77. package/dist/session-tracker.mjs.map +0 -1
  78. package/dist/signature-verifier.js.map +0 -1
  79. package/dist/signature-verifier.mjs.map +0 -1
  80. package/dist/translate.js.map +0 -1
  81. package/dist/translate.mjs.map +0 -1
  82. package/dist/wasm-middleware.js.map +0 -1
  83. package/dist/wasm-middleware.mjs.map +0 -1
  84. package/dist/wasm-setup.js.map +0 -1
  85. package/dist/wasm-setup.mjs.map +0 -1
package/dist/translate.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/translate.ts"],"names":[],"mappings":";;;AA+BO,SAAS,sBAAsB,GAAA,EAAoC;AACxE,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,GAAA,CAAI,GAAG,CAAA;AAC3B,EAAA,OAAO;AAAA,IACL,QAAQ,GAAA,CAAI,MAAA;AAAA;AAAA,IAEZ,GAAA,EAAK,GAAA,CAAI,QAAA,GAAW,GAAA,CAAI,MAAA;AAAA,IACxB,OAAA,EAAS,eAAA,CAAgB,GAAA,CAAI,OAAO,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAKpC,IAAA,EAAM,IAAA;AAAA,IACN,aAAA,EAAe,qBAAqB,GAAG;AAAA,GACzC;AACF;AAUA,SAAS,gBAAgB,OAAA,EAA0C;AACjE,EAAA,MAAM,MAA8B,EAAC;AACrC,EAAA,OAAA,CAAQ,OAAA,CAAQ,CAAC,KAAA,EAAO,GAAA,KAAQ;AAC9B,IAAA,GAAA,CAAI,GAAA,CAAI,WAAA,EAAa,CAAA,GAAI,KAAA;AAAA,EAC3B,CAAC,CAAA;AACD,EAAA,OAAO,GAAA;AACT;AAWA,SAAS,qBAAqB,GAAA,EAAsC;AAClE,EAAA,MAAM,GAAA,GAAM,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,iBAAiB,CAAA;AAC7C,EAAA,IAAI,GAAA,EAAK;AACP,IAAA,MAAM,QAAQ,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,GAAG,IAAA,EAAK;AACtC,IAAA,IAAI,OAAO,OAAO,KAAA;AAAA,EACpB;AAGA,EAAA,MAAM,UAAW,GAAA,CAAmC,EAAA;AACpD,EAAA,OAAO,OAAA;AACT","file":"translate.js","sourcesContent":["/**\n * D.2 — `NextRequest` → `IncomingHttpLike` translator.\n *\n * The host wrapper's *only* job on the inbound path: take Next.js's\n * native request shape and produce the transport-agnostic\n * `IncomingHttpLike` Phase C's orchestrator consumes. Zero verification\n * logic, zero adapter calls, zero engine I/O.\n *\n * Shared between the Node-runtime and Edge-runtime entries. Next.js\n * `NextRequest` is the same shape in both runtimes — `req.headers` is\n * a `Headers` instance, `req.body` is a `ReadableStream`, `req.ip` is\n * a getter (only present in some deployment surfaces; fall back to\n * `x-forwarded-for` first IP).\n */\n\nimport type { NextRequest } from 'next/server';\n\nimport type { IncomingHttpLike } from '@kya-os/checkpoint-wasm-runtime/orchestrator';\n\n/**\n * Translate a Next.js `NextRequest` into the orchestrator's\n * `IncomingHttpLike` shape.\n *\n * The body is passed through as-is — the orchestrator's\n * `buildAgentRequest` decides whether to parse JSON (looking for an\n * MCP-I `_meta.proof.jws` envelope) or treat the request as PlainHttp.\n * On Next.js middleware the body is typically not pre-parsed; consumers\n * who want to inspect the body for routing decisions should `await\n * req.json()` themselves and pass the parsed result via a second\n * `verifyRequest` call (not common).\n */\nexport function nextRequestToHttpLike(req: NextRequest): IncomingHttpLike {\n const url = new URL(req.url);\n return {\n method: req.method,\n // Path + query only — orchestrator's URL parsing expects no scheme/host.\n url: url.pathname + url.search,\n headers: headersToRecord(req.headers),\n // NextRequest.body is a ReadableStream; we don't drain it here.\n // The orchestrator routes to PlainHttp when body is falsy, which\n // is the right call for streaming middlewares that don't want to\n // buffer the request body just to detect agents.\n body: null,\n remoteAddress: extractRemoteAddress(req),\n };\n}\n\n/**\n * Convert a `Headers` instance into a lowercase-keyed plain object.\n * HTTP header names are case-insensitive (RFC 9110 § 5.1); the\n * orchestrator does case-sensitive lookups, so we normalise to\n * lowercase here. Multi-value headers (Set-Cookie, Accept) are\n * surfaced as their `Headers.get()` view — a single string with\n * comma-joined values, matching what other host adapters produce.\n */\nfunction headersToRecord(headers: Headers): Record<string, string> {\n const out: Record<string, string> = {};\n headers.forEach((value, key) => {\n out[key.toLowerCase()] = value;\n });\n return out;\n}\n\n/**\n * Pull the originating client IP, preferring `x-forwarded-for`'s first\n * entry over `NextRequest.ip` (the latter is only populated on Vercel-\n * hosted deployments and is missing on self-hosted Next.js + nginx /\n * Fly.io / docker-compose surfaces). The `x-forwarded-for` first IP is\n * the closest the request has come to a load balancer's \"trust this is\n * the real client\" attestation — same convention as nginx, Caddy,\n * Cloudflare.\n */\nfunction extractRemoteAddress(req: NextRequest): string | undefined {\n const xff = req.headers.get('x-forwarded-for');\n if (xff) {\n const first = xff.split(',')[0]?.trim();\n if (first) return first;\n }\n // `req.ip` is typed but may be undefined off-Vercel.\n // Use `unknown` cast to avoid the type-narrowing optimism.\n const maybeIp = (req as unknown as { ip?: string }).ip;\n return maybeIp;\n}\n"]}
package/dist/translate.mjs.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/translate.ts"],"names":[],"mappings":";AA+BO,SAAS,sBAAsB,GAAA,EAAoC;AACxE,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,GAAA,CAAI,GAAG,CAAA;AAC3B,EAAA,OAAO;AAAA,IACL,QAAQ,GAAA,CAAI,MAAA;AAAA;AAAA,IAEZ,GAAA,EAAK,GAAA,CAAI,QAAA,GAAW,GAAA,CAAI,MAAA;AAAA,IACxB,OAAA,EAAS,eAAA,CAAgB,GAAA,CAAI,OAAO,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAKpC,IAAA,EAAM,IAAA;AAAA,IACN,aAAA,EAAe,qBAAqB,GAAG;AAAA,GACzC;AACF;AAUA,SAAS,gBAAgB,OAAA,EAA0C;AACjE,EAAA,MAAM,MAA8B,EAAC;AACrC,EAAA,OAAA,CAAQ,OAAA,CAAQ,CAAC,KAAA,EAAO,GAAA,KAAQ;AAC9B,IAAA,GAAA,CAAI,GAAA,CAAI,WAAA,EAAa,CAAA,GAAI,KAAA;AAAA,EAC3B,CAAC,CAAA;AACD,EAAA,OAAO,GAAA;AACT;AAWA,SAAS,qBAAqB,GAAA,EAAsC;AAClE,EAAA,MAAM,GAAA,GAAM,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,iBAAiB,CAAA;AAC7C,EAAA,IAAI,GAAA,EAAK;AACP,IAAA,MAAM,QAAQ,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,GAAG,IAAA,EAAK;AACtC,IAAA,IAAI,OAAO,OAAO,KAAA;AAAA,EACpB;AAGA,EAAA,MAAM,UAAW,GAAA,CAAmC,EAAA;AACpD,EAAA,OAAO,OAAA;AACT","file":"translate.mjs","sourcesContent":["/**\n * D.2 — `NextRequest` → `IncomingHttpLike` translator.\n *\n * The host wrapper's *only* job on the inbound path: take Next.js's\n * native request shape and produce the transport-agnostic\n * `IncomingHttpLike` Phase C's orchestrator consumes. Zero verification\n * logic, zero adapter calls, zero engine I/O.\n *\n * Shared between the Node-runtime and Edge-runtime entries. Next.js\n * `NextRequest` is the same shape in both runtimes — `req.headers` is\n * a `Headers` instance, `req.body` is a `ReadableStream`, `req.ip` is\n * a getter (only present in some deployment surfaces; fall back to\n * `x-forwarded-for` first IP).\n */\n\nimport type { NextRequest } from 'next/server';\n\nimport type { IncomingHttpLike } from '@kya-os/checkpoint-wasm-runtime/orchestrator';\n\n/**\n * Translate a Next.js `NextRequest` into the orchestrator's\n * `IncomingHttpLike` shape.\n *\n * The body is passed through as-is — the orchestrator's\n * `buildAgentRequest` decides whether to parse JSON (looking for an\n * MCP-I `_meta.proof.jws` envelope) or treat the request as PlainHttp.\n * On Next.js middleware the body is typically not pre-parsed; consumers\n * who want to inspect the body for routing decisions should `await\n * req.json()` themselves and pass the parsed result via a second\n * `verifyRequest` call (not common).\n */\nexport function nextRequestToHttpLike(req: NextRequest): IncomingHttpLike {\n const url = new URL(req.url);\n return {\n method: req.method,\n // Path + query only — orchestrator's URL parsing expects no scheme/host.\n url: url.pathname + url.search,\n headers: headersToRecord(req.headers),\n // NextRequest.body is a ReadableStream; we don't drain it here.\n // The orchestrator routes to PlainHttp when body is falsy, which\n // is the right call for streaming middlewares that don't want to\n // buffer the request body just to detect agents.\n body: null,\n remoteAddress: extractRemoteAddress(req),\n };\n}\n\n/**\n * Convert a `Headers` instance into a lowercase-keyed plain object.\n * HTTP header names are case-insensitive (RFC 9110 § 5.1); the\n * orchestrator does case-sensitive lookups, so we normalise to\n * lowercase here. Multi-value headers (Set-Cookie, Accept) are\n * surfaced as their `Headers.get()` view — a single string with\n * comma-joined values, matching what other host adapters produce.\n */\nfunction headersToRecord(headers: Headers): Record<string, string> {\n const out: Record<string, string> = {};\n headers.forEach((value, key) => {\n out[key.toLowerCase()] = value;\n });\n return out;\n}\n\n/**\n * Pull the originating client IP, preferring `x-forwarded-for`'s first\n * entry over `NextRequest.ip` (the latter is only populated on Vercel-\n * hosted deployments and is missing on self-hosted Next.js + nginx /\n * Fly.io / docker-compose surfaces). The `x-forwarded-for` first IP is\n * the closest the request has come to a load balancer's \"trust this is\n * the real client\" attestation — same convention as nginx, Caddy,\n * Cloudflare.\n */\nfunction extractRemoteAddress(req: NextRequest): string | undefined {\n const xff = req.headers.get('x-forwarded-for');\n if (xff) {\n const first = xff.split(',')[0]?.trim();\n if (first) return first;\n }\n // `req.ip` is typed but may be undefined off-Vercel.\n // Use `unknown` cast to avoid the type-narrowing optimism.\n const maybeIp = (req as unknown as { ip?: string }).ip;\n return maybeIp;\n}\n"]}
package/dist/wasm-middleware.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/wasm-middleware.ts"],"names":["NextResponse","AgentDetector","evaluateEnforcement","shouldEnforce"],"mappings":";;;;;;;AAqDO,SAAS,gCACd,MAAA,EAGA;AACA,EAAA,MAAM;AAAA,IACJ,eAAA;AAAA,IACA,qBAAA,GAAwB,KAAA;AAAA,IACxB,mBAAA,GAAsB,EAAA;AAAA;AAAA,IACtB,YAAY,EAAC;AAAA,IACb,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,kCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA;AAAA,GACF,GAAI,MAAA;AAEJ,EAAA,OAAO,eAAe,WAAW,OAAA,EAAsB;AAErD,IAAA,MAAM,IAAA,GAAO,QAAQ,OAAA,CAAQ,QAAA;AAC7B,IAAA,IAAI,SAAA,CAAU,KAAK,CAAC,IAAA,KAAS,KAAK,UAAA,CAAW,IAAI,CAAC,CAAA,EAAG;AACnD,MAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,IAC3B;AAEA,IAAA,IAAI;AAEF,MAAA,MAAM,QAAA,GAAW,IAAIC,wBAAA,EAAc;AAGnC,MAAA,MAAM,OAAA,GAAU,CAAC,CAAC,YAAA;AAGlB,MAAA,MAAM,QAAA,GAAW;AAAA,QACf,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,IAAK,KAAA,CAAA;AAAA,QAChD,SAAA,EACE,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,iBAAiB,KAAK,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAA,IAAK,KAAA,CAAA;AAAA,QAChF,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,SAAA,sBAAe,IAAA;AAAK,OACtB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,QAAQ,CAAA;AAG9C,MAAA,MAAM,cAAA,GAAsC;AAAA,QAC1C,SAAS,MAAA,CAAO,OAAA;AAAA,QAChB,aAAc,MAAA,CAA8C,WAAA;AAAA,QAG5D,UAAA,EACE,OAAA,IAAW,MAAA,CAAO,UAAA,GAAa,EAAA,GAC3B,IAAA,CAAK,GAAA,CAAI,MAAA,CAAO,UAAA,GAAa,IAAA,EAAM,GAAG,CAAA,GACtC,MAAA,CAAO,UAAA;AAAA,QACb,KAAA,EAAO,MAAA,CAAO,aAAA,EAAe,IAAA,IAAQ,KAAA,CAAA;AAAA,QACrC,kBAAA,EAAoB,OAAA,IAAW,MAAA,CAAO,UAAA,GAAa,KAAK,WAAA,GAAc,SAAA;AAAA;AAAA,QACtE,SAAA,EACE,OAAO,UAAA,GAAa,EAAA,GAChB,SACA,MAAA,CAAO,UAAA,GAAa,KAClB,QAAA,GACA,KAAA;AAAA;AAAA,QACR,SAAA,EACE,MAAA,CAAO,SAAA,YAAqB,IAAA,GACxB,MAAA,CAAO,SAAA,CAAU,WAAA,EAAY,GAC7B,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,EAAE,WAAA;AAAY,OAC/C;AAGA,MAAA,MAAM,QAAA,GAAWC,qCAAoB,cAAA,EAAgB;AAAA,QACnD,mBAAA;AAAA,QACA,aAAA,EAAe,wBAAwB,OAAA,GAAU;AAAA,OAClD,CAAA;AAGD,MAAA,IAAI,eAAA,IAAmBC,8BAAA,CAAc,cAAc,CAAA,EAAG;AACpD,QAAA,MAAM,gBAAgB,cAAc,CAAA;AAAA,MACtC;AAGA,MAAA,IAAI,QAAA,CAAS,WAAW,OAAA,EAAS;AAC/B,QAAA,OAAOH,mBAAA,CAAa,IAAA;AAAA,UAClB;AAAA,YACE,OAAO,eAAA,CAAgB,OAAA;AAAA,YACvB,OAAO,cAAA,CAAe,KAAA;AAAA,YACtB,UAAA,EAAY,IAAA,CAAK,KAAA,CAAM,cAAA,CAAe,UAAU;AAAA,WAClD;AAAA,UACA;AAAA,YACE,MAAA,EAAQ,gBAAgB,MAAA,IAAU,GAAA;AAAA,YAClC,OAAA,EAAS,eAAA,CAAgB,OAAA,IAAW;AAAC;AACvC,SACF;AAAA,MACF;AAGA,MAAA,MAAM,QAAA,GAAWA,oBAAa,IAAA,EAAK;AACnC,MAAA,IAAI,eAAe,OAAA,EAAS;AAC1B,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,kBAAA,EAAoB,cAAA,CAAe,SAAS,SAAS,CAAA;AAC1E,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA;AAAA,UACf,oBAAA;AAAA,UACA,OAAO,IAAA,CAAK,KAAA,CAAM,cAAA,CAAe,UAAA,GAAa,GAAG,CAAC;AAAA,SACpD;AACA,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,sBAAA,EAAwB,cAAA,CAAe,kBAAkB,CAAA;AAAA,MAChF;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AAEpD,MAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF;AAYA,eAAsB,gBACpB,UAAA,EAC+B;AAC/B,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,WAAA,CAAY,WAAA,CAAY,UAAU,CAAA;AACzD,IAAA,OAAA,CAAQ,IAAI,uEAAkE,CAAA;AAC9E,IAAA,OAAO,QAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,IAAA,CAAK,+DAAqD,KAAK,CAAA;AACvE,IAAA,MAAM,KAAA;AAAA,EACR;AACF","file":"wasm-middleware.js","sourcesContent":["/**\n * WASM-enabled middleware for Next.js with AgentShield\n * Following official Next.js documentation for WebAssembly in Edge Runtime\n */\n\nimport type { NextRequest } from 'next/server';\nimport { NextResponse } from 'next/server';\nimport { AgentDetector } from '@kya-os/checkpoint';\nimport { evaluateEnforcement, shouldEnforce } from '@kya-os/checkpoint-shared';\n\n// Type definitions for WASM detection result\nexport interface WasmDetectionResult {\n isAgent: boolean;\n isAiCrawler?: boolean;\n confidence: number;\n agent?: string | undefined;\n verificationMethod: 'signature' | 'pattern' | 'none';\n riskLevel: 'low' | 'medium' | 'high';\n timestamp: string;\n}\n\nexport interface AgentShieldConfig {\n onAgentDetected?: (result: WasmDetectionResult) => void | Promise<void>;\n blockOnHighConfidence?: boolean;\n confidenceThreshold?: number;\n skipPaths?: string[];\n blockedResponse?: {\n status?: number;\n message?: string;\n headers?: Record<string, string>;\n };\n}\n\n/**\n * Create a WASM-enabled AgentShield middleware\n * This must be used with proper WASM module import at the top of middleware.ts\n *\n * @example\n * ```typescript\n * // middleware.ts\n * import wasmModule from '@kya-os/checkpoint/wasm?module';\n * import { createWasmAgentShieldMiddleware } from '@kya-os/checkpoint-nextjs';\n *\n * const wasmInstance = await WebAssembly.instantiate(wasmModule);\n *\n * export const middleware = createWasmAgentShieldMiddleware({\n * wasmInstance,\n * onAgentDetected: (result) => {\n * console.log(`Detected ${result.agent} with ${result.confidence * 100}% confidence`);\n * }\n * });\n * ```\n */\nexport function createWasmAgentShieldMiddleware(\n config: AgentShieldConfig & {\n wasmInstance?: WebAssembly.Instance;\n }\n) {\n const {\n onAgentDetected,\n blockOnHighConfidence = false,\n confidenceThreshold = 80, // Updated to 0-100 scale (was 0.8)\n skipPaths = [],\n blockedResponse = {\n status: 403,\n message: 'Access denied: AI agent detected',\n headers: { 'Content-Type': 'application/json' },\n },\n wasmInstance,\n } = config;\n\n return async function middleware(request: NextRequest) {\n // Check if path should be skipped\n const path = request.nextUrl.pathname;\n if (skipPaths.some((skip) => path.startsWith(skip))) {\n return NextResponse.next();\n }\n\n try {\n // Create detector with or without WASM\n const detector = new AgentDetector();\n\n // If WASM instance is provided, we'll have higher confidence\n const hasWasm = !!wasmInstance;\n\n // Prepare request metadata\n const metadata = {\n userAgent: request.headers.get('user-agent') || undefined,\n ipAddress:\n request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || undefined,\n headers: Object.fromEntries(request.headers.entries()),\n timestamp: new Date(),\n };\n\n // Perform detection\n const result = await detector.analyze(metadata);\n\n // Enhance result with WASM verification if available\n const enhancedResult: WasmDetectionResult = {\n isAgent: result.isAgent,\n isAiCrawler: (result as unknown as Record<string, unknown>).isAiCrawler as\n | boolean\n | undefined,\n confidence:\n hasWasm && result.confidence > 85 // Updated to 0-100 scale (was 0.85)\n ? Math.min(result.confidence * 1.15, 100) // Boost confidence with WASM, cap at 100\n : result.confidence,\n agent: result.detectedAgent?.name || undefined,\n verificationMethod: hasWasm && result.confidence > 85 ? 'signature' : 'pattern', // Updated to 0-100 scale\n riskLevel:\n result.confidence > 90\n ? 'high' // Updated to 0-100 scale (was 0.9)\n : result.confidence > 70\n ? 'medium'\n : 'low', // Updated to 0-100 scale (was 0.7)\n timestamp:\n result.timestamp instanceof Date\n ? result.timestamp.toISOString()\n : new Date(result.timestamp).toISOString(),\n };\n\n // Evaluate enforcement decision\n const decision = evaluateEnforcement(enhancedResult, {\n confidenceThreshold,\n defaultAction: blockOnHighConfidence ? 'block' : 'allow',\n });\n\n // Call user callback for any enforced agent (regardless of threshold)\n if (onAgentDetected && shouldEnforce(enhancedResult)) {\n await onAgentDetected(enhancedResult);\n }\n\n // Block if enforcement decision says to block\n if (decision.action === 'block') {\n return NextResponse.json(\n {\n error: blockedResponse.message,\n agent: enhancedResult.agent,\n confidence: Math.round(enhancedResult.confidence),\n },\n {\n status: blockedResponse.status || 403,\n headers: blockedResponse.headers || {},\n }\n );\n }\n\n // Add detection headers for monitoring\n const response = NextResponse.next();\n if (enhancedResult.isAgent) {\n response.headers.set('X-Agent-Detected', enhancedResult.agent || 'unknown');\n response.headers.set(\n 'X-Agent-Confidence',\n String(Math.round(enhancedResult.confidence * 100))\n );\n response.headers.set('X-Agent-Verification', enhancedResult.verificationMethod);\n }\n\n return response;\n } catch (error) {\n console.error('AgentShield middleware error:', error);\n // On error, continue without blocking\n return NextResponse.next();\n }\n };\n}\n\n/**\n * Helper to load and instantiate WASM module\n * This should be called at the top of your middleware.ts file\n *\n * @example\n * ```typescript\n * import wasmModule from '@kya-os/checkpoint/wasm?module';\n * const wasmInstance = await instantiateWasm(wasmModule);\n * ```\n */\nexport async function instantiateWasm(\n wasmModule: WebAssembly.Module\n): Promise<WebAssembly.Instance> {\n try {\n const instance = await WebAssembly.instantiate(wasmModule);\n console.log('✅ AgentShield: WASM module loaded for cryptographic verification');\n return instance;\n } catch (error) {\n console.warn('⚠️ AgentShield: Failed to instantiate WASM module', error);\n throw error;\n }\n}\n"]}
package/dist/wasm-middleware.mjs.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/wasm-middleware.ts"],"names":[],"mappings":";;;;;AAqDO,SAAS,gCACd,MAAA,EAGA;AACA,EAAA,MAAM;AAAA,IACJ,eAAA;AAAA,IACA,qBAAA,GAAwB,KAAA;AAAA,IACxB,mBAAA,GAAsB,EAAA;AAAA;AAAA,IACtB,YAAY,EAAC;AAAA,IACb,eAAA,GAAkB;AAAA,MAChB,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS,kCAAA;AAAA,MACT,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,KAChD;AAAA,IACA;AAAA,GACF,GAAI,MAAA;AAEJ,EAAA,OAAO,eAAe,WAAW,OAAA,EAAsB;AAErD,IAAA,MAAM,IAAA,GAAO,QAAQ,OAAA,CAAQ,QAAA;AAC7B,IAAA,IAAI,SAAA,CAAU,KAAK,CAAC,IAAA,KAAS,KAAK,UAAA,CAAW,IAAI,CAAC,CAAA,EAAG;AACnD,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAEA,IAAA,IAAI;AAEF,MAAA,MAAM,QAAA,GAAW,IAAI,aAAA,EAAc;AAGnC,MAAA,MAAM,OAAA,GAAU,CAAC,CAAC,YAAA;AAGlB,MAAA,MAAM,QAAA,GAAW;AAAA,QACf,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA,IAAK,KAAA,CAAA;AAAA,QAChD,SAAA,EACE,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,iBAAiB,KAAK,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAA,IAAK,KAAA,CAAA;AAAA,QAChF,SAAS,MAAA,CAAO,WAAA,CAAY,OAAA,CAAQ,OAAA,CAAQ,SAAS,CAAA;AAAA,QACrD,SAAA,sBAAe,IAAA;AAAK,OACtB;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,QAAQ,CAAA;AAG9C,MAAA,MAAM,cAAA,GAAsC;AAAA,QAC1C,SAAS,MAAA,CAAO,OAAA;AAAA,QAChB,aAAc,MAAA,CAA8C,WAAA;AAAA,QAG5D,UAAA,EACE,OAAA,IAAW,MAAA,CAAO,UAAA,GAAa,EAAA,GAC3B,IAAA,CAAK,GAAA,CAAI,MAAA,CAAO,UAAA,GAAa,IAAA,EAAM,GAAG,CAAA,GACtC,MAAA,CAAO,UAAA;AAAA,QACb,KAAA,EAAO,MAAA,CAAO,aAAA,EAAe,IAAA,IAAQ,KAAA,CAAA;AAAA,QACrC,kBAAA,EAAoB,OAAA,IAAW,MAAA,CAAO,UAAA,GAAa,KAAK,WAAA,GAAc,SAAA;AAAA;AAAA,QACtE,SAAA,EACE,OAAO,UAAA,GAAa,EAAA,GAChB,SACA,MAAA,CAAO,UAAA,GAAa,KAClB,QAAA,GACA,KAAA;AAAA;AAAA,QACR,SAAA,EACE,MAAA,CAAO,SAAA,YAAqB,IAAA,GACxB,MAAA,CAAO,SAAA,CAAU,WAAA,EAAY,GAC7B,IAAI,IAAA,CAAK,MAAA,CAAO,SAAS,EAAE,WAAA;AAAY,OAC/C;AAGA,MAAA,MAAM,QAAA,GAAW,oBAAoB,cAAA,EAAgB;AAAA,QACnD,mBAAA;AAAA,QACA,aAAA,EAAe,wBAAwB,OAAA,GAAU;AAAA,OAClD,CAAA;AAGD,MAAA,IAAI,eAAA,IAAmB,aAAA,CAAc,cAAc,CAAA,EAAG;AACpD,QAAA,MAAM,gBAAgB,cAAc,CAAA;AAAA,MACtC;AAGA,MAAA,IAAI,QAAA,CAAS,WAAW,OAAA,EAAS;AAC/B,QAAA,OAAO,YAAA,CAAa,IAAA;AAAA,UAClB;AAAA,YACE,OAAO,eAAA,CAAgB,OAAA;AAAA,YACvB,OAAO,cAAA,CAAe,KAAA;AAAA,YACtB,UAAA,EAAY,IAAA,CAAK,KAAA,CAAM,cAAA,CAAe,UAAU;AAAA,WAClD;AAAA,UACA;AAAA,YACE,MAAA,EAAQ,gBAAgB,MAAA,IAAU,GAAA;AAAA,YAClC,OAAA,EAAS,eAAA,CAAgB,OAAA,IAAW;AAAC;AACvC,SACF;AAAA,MACF;AAGA,MAAA,MAAM,QAAA,GAAW,aAAa,IAAA,EAAK;AACnC,MAAA,IAAI,eAAe,OAAA,EAAS;AAC1B,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,kBAAA,EAAoB,cAAA,CAAe,SAAS,SAAS,CAAA;AAC1E,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA;AAAA,UACf,oBAAA;AAAA,UACA,OAAO,IAAA,CAAK,KAAA,CAAM,cAAA,CAAe,UAAA,GAAa,GAAG,CAAC;AAAA,SACpD;AACA,QAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,sBAAA,EAAwB,cAAA,CAAe,kBAAkB,CAAA;AAAA,MAChF;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,iCAAiC,KAAK,CAAA;AAEpD,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAAA,EACF,CAAA;AACF;AAYA,eAAsB,gBACpB,UAAA,EAC+B;AAC/B,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,WAAA,CAAY,WAAA,CAAY,UAAU,CAAA;AACzD,IAAA,OAAA,CAAQ,IAAI,uEAAkE,CAAA;AAC9E,IAAA,OAAO,QAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,IAAA,CAAK,+DAAqD,KAAK,CAAA;AACvE,IAAA,MAAM,KAAA;AAAA,EACR;AACF","file":"wasm-middleware.mjs","sourcesContent":["/**\n * WASM-enabled middleware for Next.js with AgentShield\n * Following official Next.js documentation for WebAssembly in Edge Runtime\n */\n\nimport type { NextRequest } from 'next/server';\nimport { NextResponse } from 'next/server';\nimport { AgentDetector } from '@kya-os/checkpoint';\nimport { evaluateEnforcement, shouldEnforce } from '@kya-os/checkpoint-shared';\n\n// Type definitions for WASM detection result\nexport interface WasmDetectionResult {\n isAgent: boolean;\n isAiCrawler?: boolean;\n confidence: number;\n agent?: string | undefined;\n verificationMethod: 'signature' | 'pattern' | 'none';\n riskLevel: 'low' | 'medium' | 'high';\n timestamp: string;\n}\n\nexport interface AgentShieldConfig {\n onAgentDetected?: (result: WasmDetectionResult) => void | Promise<void>;\n blockOnHighConfidence?: boolean;\n confidenceThreshold?: number;\n skipPaths?: string[];\n blockedResponse?: {\n status?: number;\n message?: string;\n headers?: Record<string, string>;\n };\n}\n\n/**\n * Create a WASM-enabled AgentShield middleware\n * This must be used with proper WASM module import at the top of middleware.ts\n *\n * @example\n * ```typescript\n * // middleware.ts\n * import wasmModule from '@kya-os/checkpoint/wasm?module';\n * import { createWasmAgentShieldMiddleware } from '@kya-os/checkpoint-nextjs';\n *\n * const wasmInstance = await WebAssembly.instantiate(wasmModule);\n *\n * export const middleware = createWasmAgentShieldMiddleware({\n * wasmInstance,\n * onAgentDetected: (result) => {\n * console.log(`Detected ${result.agent} with ${result.confidence * 100}% confidence`);\n * }\n * });\n * ```\n */\nexport function createWasmAgentShieldMiddleware(\n config: AgentShieldConfig & {\n wasmInstance?: WebAssembly.Instance;\n }\n) {\n const {\n onAgentDetected,\n blockOnHighConfidence = false,\n confidenceThreshold = 80, // Updated to 0-100 scale (was 0.8)\n skipPaths = [],\n blockedResponse = {\n status: 403,\n message: 'Access denied: AI agent detected',\n headers: { 'Content-Type': 'application/json' },\n },\n wasmInstance,\n } = config;\n\n return async function middleware(request: NextRequest) {\n // Check if path should be skipped\n const path = request.nextUrl.pathname;\n if (skipPaths.some((skip) => path.startsWith(skip))) {\n return NextResponse.next();\n }\n\n try {\n // Create detector with or without WASM\n const detector = new AgentDetector();\n\n // If WASM instance is provided, we'll have higher confidence\n const hasWasm = !!wasmInstance;\n\n // Prepare request metadata\n const metadata = {\n userAgent: request.headers.get('user-agent') || undefined,\n ipAddress:\n request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || undefined,\n headers: Object.fromEntries(request.headers.entries()),\n timestamp: new Date(),\n };\n\n // Perform detection\n const result = await detector.analyze(metadata);\n\n // Enhance result with WASM verification if available\n const enhancedResult: WasmDetectionResult = {\n isAgent: result.isAgent,\n isAiCrawler: (result as unknown as Record<string, unknown>).isAiCrawler as\n | boolean\n | undefined,\n confidence:\n hasWasm && result.confidence > 85 // Updated to 0-100 scale (was 0.85)\n ? Math.min(result.confidence * 1.15, 100) // Boost confidence with WASM, cap at 100\n : result.confidence,\n agent: result.detectedAgent?.name || undefined,\n verificationMethod: hasWasm && result.confidence > 85 ? 'signature' : 'pattern', // Updated to 0-100 scale\n riskLevel:\n result.confidence > 90\n ? 'high' // Updated to 0-100 scale (was 0.9)\n : result.confidence > 70\n ? 'medium'\n : 'low', // Updated to 0-100 scale (was 0.7)\n timestamp:\n result.timestamp instanceof Date\n ? result.timestamp.toISOString()\n : new Date(result.timestamp).toISOString(),\n };\n\n // Evaluate enforcement decision\n const decision = evaluateEnforcement(enhancedResult, {\n confidenceThreshold,\n defaultAction: blockOnHighConfidence ? 'block' : 'allow',\n });\n\n // Call user callback for any enforced agent (regardless of threshold)\n if (onAgentDetected && shouldEnforce(enhancedResult)) {\n await onAgentDetected(enhancedResult);\n }\n\n // Block if enforcement decision says to block\n if (decision.action === 'block') {\n return NextResponse.json(\n {\n error: blockedResponse.message,\n agent: enhancedResult.agent,\n confidence: Math.round(enhancedResult.confidence),\n },\n {\n status: blockedResponse.status || 403,\n headers: blockedResponse.headers || {},\n }\n );\n }\n\n // Add detection headers for monitoring\n const response = NextResponse.next();\n if (enhancedResult.isAgent) {\n response.headers.set('X-Agent-Detected', enhancedResult.agent || 'unknown');\n response.headers.set(\n 'X-Agent-Confidence',\n String(Math.round(enhancedResult.confidence * 100))\n );\n response.headers.set('X-Agent-Verification', enhancedResult.verificationMethod);\n }\n\n return response;\n } catch (error) {\n console.error('AgentShield middleware error:', error);\n // On error, continue without blocking\n return NextResponse.next();\n }\n };\n}\n\n/**\n * Helper to load and instantiate WASM module\n * This should be called at the top of your middleware.ts file\n *\n * @example\n * ```typescript\n * import wasmModule from '@kya-os/checkpoint/wasm?module';\n * const wasmInstance = await instantiateWasm(wasmModule);\n * ```\n */\nexport async function instantiateWasm(\n wasmModule: WebAssembly.Module\n): Promise<WebAssembly.Instance> {\n try {\n const instance = await WebAssembly.instantiate(wasmModule);\n console.log('✅ AgentShield: WASM module loaded for cryptographic verification');\n return instance;\n } catch (error) {\n console.warn('⚠️ AgentShield: Failed to instantiate WASM module', error);\n throw error;\n }\n}\n"]}
package/dist/wasm-setup.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/nodejs-wasm-loader.ts","../src/wasm-setup.ts"],"names":["path","fs","setWasmModule","wasmInitialized","loadWasmNodejs","isWasmInitialized"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,IAAA,0BAAA,GAAA,EAAA;AAAA,QAAA,CAAA,0BAAA,EAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,cAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAkBA,eAAsB,cAAA,GAAmC;AACvD,EAAA,IAAI,eAAA,EAAiB;AACnB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI;AAEF,IAAA,MAAM,aAAA,GAAgB;AAAA;AAAA,MAEpBA,qBAAA,CAAK,IAAA;AAAA,QACH,QAAQ,GAAA,EAAI;AAAA,QACZ,cAAA;AAAA,QACA,SAAA;AAAA,QACA,aAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA;AAAA,OACF;AAAA;AAAA,MAEAA,qBAAA,CAAK,IAAA,CAAK,OAAA,CAAQ,GAAA,IAAO,0BAA0B,CAAA;AAAA;AAAA,MAEnDA,qBAAA,CAAK,IAAA;AAAA,QACH,SAAA;AAAA,QACA,IAAA;AAAA,QACA,IAAA;AAAA,QACA,IAAA;AAAA,QACA,aAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA;AAAA;AACF,KACF;AAEA,IAAA,IAAI,UAAA,GAA4B,IAAA;AAChC,IAAA,IAAI,UAAA,GAA4B,IAAA;AAEhC,IAAA,KAAA,MAAW,YAAY,aAAA,EAAe;AACpC,MAAA,IAAI;AACF,QAAA,IAAIC,mBAAA,CAAG,UAAA,CAAW,QAAQ,CAAA,EAAG;AAC3B,UAAA,UAAA,GAAaA,mBAAA,CAAG,aAAa,QAAQ,CAAA;AACrC,UAAA,UAAA,GAAa,QAAA;AACb,UAAA;AAAA,QACF;AAAA,MACF,SAAS,CAAA,EAAG;AAEV,QAAA;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,OAAA,CAAQ,KAAK,2DAA2D,CAAA;AACxE,MAAA,OAAO,KAAA;AAAA,IACT;AAIA,IAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,UAAU,CAAA;AACvC,IAAA,UAAA,GAAa,MAAM,WAAA,CAAY,OAAA,CAAQ,KAAK,CAAA;AAG5C,IAAAC,wBAAA,CAAc,UAAU,CAAA;AAExB,IAAA,eAAA,GAAkB,IAAA;AAClB,IAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,kDAAA,EAAgD,UAAU,CAAA,kBAAA,CAAoB,CAAA;AAC1F,IAAA,OAAA,CAAQ,IAAI,mEAA4D,CAAA;AAExE,IAAA,OAAO,IAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,IAAA,CAAK,qEAA2D,KAAK,CAAA;AAC7E,IAAA,OAAA,CAAQ,IAAI,8DAAuD,CAAA;AACnE,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAKO,SAAS,eAAA,GAA2B;AACzC,EAAA,OACE,OAAO,OAAA,KAAY,WAAA,IACnB,OAAO,OAAA,CAAQ,QAAA,KAAa,WAAA,IAC5B,OAAO,OAAA,CAAQ,QAAA,CAAS,IAAA,KAAS,WAAA,IACjC,OAAO,SAAA,KAAY,WAAA;AAEvB;AAKO,SAAS,aAAA,GAA2C;AACzD,EAAA,OAAO,UAAA;AACT;AAKO,SAAS,iBAAA,GAA6B;AAC3C,EAAA,OAAO,eAAA;AACT;AApHA,IAWI,eAAA,EACA,UAAA;AAZJ,IAAA,uBAAA,GAAA,KAAA,CAAA;AAAA,EAAA,2BAAA,GAAA;AAWA,IAAI,eAAA,GAAkB,KAAA;AACtB,IAAI,UAAA,GAAwC,IAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACS5C,IAAIC,gBAAAA,GAAkB,KAAA;AACtB,IAAI,WAAA,GAAoC,IAAA;AACxC,IAAI,aAAA,GAAgB,KAAA;AAapB,eAAsB,SAAA,GAA2B;AAE/C,EAAA,IAAIA,gBAAAA,EAAiB;AACnB,IAAA;AAAA,EACF;AAGA,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO,WAAA;AAAA,EACT;AAGA,EAAA,WAAA,GAAc,WAAA,EAAY;AAC1B,EAAA,OAAO,WAAA;AACT;AAEA,eAAe,WAAA,GAA6B;AAE1C,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA;AAAA,EACF;AACA,EAAA,aAAA,GAAgB,IAAA;AAEhB,EAAA,IAAI;AAEF,IAAA,IAAI,OAAO,OAAA,KAAY,WAAA,IAAe,OAAA,CAAQ,GAAA,CAAI,aAAa,MAAA,EAAQ;AACrE,MAAAA,gBAAAA,GAAkB,IAAA;AAClB,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,QAAA,GACJ,OAAO,OAAA,KAAY,WAAA,IACnB,OAAO,SAAA,KAAY,WAAA,IACnB,OAAA,CAAQ,GAAA,CAAI,YAAA,KAAiB,QAAA;AAE/B,IAAA,IAAI,QAAA,EAAU;AAEZ,MAAA,IAAI;AACF,QAAA,MAAM,EAAE,cAAA,EAAAC,eAAAA,EAAe,GAAI,MAAM,OAAA,CAAA,OAAA,EAAA,CAAA,IAAA,CAAA,OAAA,uBAAA,EAAA,EAAA,0BAAA,CAAA,CAAA;AACjC,QAAA,MAAM,MAAA,GAAS,MAAMA,eAAAA,EAAe;AACpC,QAAAD,gBAAAA,GAAkB,IAAA;AAElB,QAAA,IAAI,MAAA,EAAQ;AACV,UAAA,OAAA,CAAQ,IAAI,yEAAkE,CAAA;AAAA,QAChF,CAAA,MAAO;AACL,UAAA,OAAA,CAAQ,IAAI,iEAA0D,CAAA;AAAA,QACxE;AACA,QAAA;AAAA,MACF,SAAS,KAAA,EAAO;AACd,QAAA,OAAA,CAAQ,IAAA,CAAK,yDAA+C,KAAK,CAAA;AAAA,MACnE;AAAA,IACF;AAIA,IAAAA,gBAAAA,GAAkB,IAAA;AAElB,IAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,YAAA,KAAiB,MAAA,EAAQ;AACvC,MAAA,OAAA,CAAQ,GAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,OAAA,CAAQ,IAAI,kDAA6C,CAAA;AAAA,IAC3D;AAAA,EACF,SAAS,KAAA,EAAO;AAEd,IAAAA,gBAAAA,GAAkB,IAAA;AAAA,EACpB;AACF;AAOO,SAASE,kBAAAA,GAA6B;AAC3C,EAAA,OAAOF,gBAAAA;AACT;AAOO,SAAS,cAAA,GAAuB;AACrC,EAAAA,gBAAAA,GAAkB,KAAA;AAClB,EAAA,WAAA,GAAc,IAAA;AAChB","file":"wasm-setup.js","sourcesContent":["/**\n * Node.js Runtime WASM Loader for AgentShield\n *\n * This loader uses fs.readFileSync to load WASM in Node.js runtime.\n * It provides full cryptographic verification capabilities.\n */\n\nimport fs from 'fs';\nimport path from 'path';\nimport { setWasmModule } from '@kya-os/checkpoint';\n\nlet wasmInitialized = false;\nlet wasmModule: WebAssembly.Module | null = null;\n\n/**\n * Load WASM module using Node.js fs module\n * This only works in Node.js runtime, not Edge Runtime\n */\nexport async function loadWasmNodejs(): Promise<boolean> {\n if (wasmInitialized) {\n return true;\n }\n\n try {\n // Try multiple possible WASM locations\n const possiblePaths = [\n // In node_modules (most likely)\n path.join(\n process.cwd(),\n 'node_modules',\n '@kya-os',\n 'agentshield',\n 'dist',\n 'wasm',\n 'agentshield_wasm_bg.wasm'\n ),\n // In project root (if user copied it)\n path.join(process.cwd(), 'agentshield_wasm_bg.wasm'),\n // Relative to current file\n path.join(\n __dirname,\n '..',\n '..',\n '..',\n 'agentshield',\n 'dist',\n 'wasm',\n 'agentshield_wasm_bg.wasm'\n ),\n ];\n\n let wasmBuffer: Buffer | null = null;\n let loadedPath: string | null = null;\n\n for (const wasmPath of possiblePaths) {\n try {\n if (fs.existsSync(wasmPath)) {\n wasmBuffer = fs.readFileSync(wasmPath);\n loadedPath = wasmPath;\n break;\n }\n } catch (e) {\n // Try next path\n continue;\n }\n }\n\n if (!wasmBuffer) {\n console.warn('AgentShield: WASM file not found in any expected location');\n return false;\n }\n\n // Convert Buffer to Uint8Array for WebAssembly\n // This is the proper way to handle Buffer -> ArrayBuffer conversion\n const bytes = new Uint8Array(wasmBuffer);\n wasmModule = await WebAssembly.compile(bytes);\n\n // Set the module in AgentShield\n setWasmModule(wasmModule);\n\n wasmInitialized = true;\n console.log(`✅ AgentShield: WASM loaded successfully from ${loadedPath} (Node.js runtime)`);\n console.log('🔐 Cryptographic verification enabled (95-100% confidence)');\n\n return true;\n } catch (error) {\n console.warn('⚠️ AgentShield: Failed to load WASM in Node.js runtime:', error);\n console.log('📊 Falling back to pattern detection (85% confidence)');\n return false;\n }\n}\n\n/**\n * Check if we're in Node.js runtime\n */\nexport function isNodejsRuntime(): boolean {\n return (\n typeof process !== 'undefined' &&\n typeof process.versions !== 'undefined' &&\n typeof process.versions.node !== 'undefined' &&\n typeof require !== 'undefined'\n );\n}\n\n/**\n * Get the loaded WASM module\n */\nexport function getWasmModule(): WebAssembly.Module | null {\n return wasmModule;\n}\n\n/**\n * Check if WASM is initialized\n */\nexport function isWasmInitialized(): boolean {\n return wasmInitialized;\n}\n","/**\n * WASM Setup for AgentShield in Next.js Edge Runtime\n *\n * This module handles WASM initialization for cryptographic signature verification.\n * Designed to work without top-level await to avoid Next.js middleware issues.\n *\n * Usage in middleware.ts:\n * ```typescript\n * import { setupWasm } from '@kya-os/checkpoint-nextjs/wasm-setup';\n * import { createAgentShieldMiddleware } from '@kya-os/checkpoint-nextjs';\n *\n * export async function middleware(request: NextRequest) {\n * // Initialize WASM inside the middleware function\n * await setupWasm();\n *\n * const agentShieldMiddleware = createAgentShieldMiddleware({...});\n * return agentShieldMiddleware(request);\n * }\n * ```\n */\n\nlet wasmInitialized = false;\nlet initPromise: Promise<void> | null = null;\nlet initAttempted = false;\n\n/**\n * Initialize WASM module for AgentShield\n *\n * This function:\n * - Loads WASM in production/Edge Runtime for cryptographic verification\n * - Skips WASM in test environments (Jest) automatically\n * - Is safe to call multiple times (idempotent)\n * - Handles errors gracefully with fallback to pattern detection\n *\n * @returns Promise that resolves when initialization is complete\n */\nexport async function setupWasm(): Promise<void> {\n // Already initialized, return immediately\n if (wasmInitialized) {\n return;\n }\n\n // Initialization in progress, return the existing promise\n if (initPromise) {\n return initPromise;\n }\n\n // Start initialization\n initPromise = doSetupWasm();\n return initPromise;\n}\n\nasync function doSetupWasm(): Promise<void> {\n // Prevent multiple initialization attempts\n if (initAttempted) {\n return;\n }\n initAttempted = true;\n\n try {\n // Skip WASM in test environments\n if (typeof process !== 'undefined' && process.env.NODE_ENV === 'test') {\n wasmInitialized = true;\n return;\n }\n\n // Check if we're in Node.js runtime (middleware with runtime: 'nodejs')\n const isNodejs =\n typeof process !== 'undefined' &&\n typeof require !== 'undefined' &&\n process.env.NEXT_RUNTIME === 'nodejs';\n\n if (isNodejs) {\n // We're in Node.js runtime - use fs to load WASM!\n try {\n const { loadWasmNodejs } = await import('./nodejs-wasm-loader');\n const loaded = await loadWasmNodejs();\n wasmInitialized = true;\n\n if (loaded) {\n console.log('🚀 AgentShield: Running with full WASM support (Node.js runtime)');\n } else {\n console.log('📊 AgentShield: Using pattern detection (WASM not found)');\n }\n return;\n } catch (error) {\n console.warn('⚠️ AgentShield: Node.js WASM loader failed:', error);\n }\n }\n\n // Edge Runtime or build time - skip WASM loading\n // Pattern detection will be used (85% confidence)\n wasmInitialized = true;\n\n if (process.env.NEXT_RUNTIME === 'edge') {\n console.log(\n '⚡ AgentShield: Edge Runtime detected - using pattern detection (85% confidence)'\n );\n console.log('✅ AgentShield: Ready for AI agent detection');\n }\n } catch (error) {\n // Mark as initialized to prevent retries\n wasmInitialized = true;\n }\n}\n\n/**\n * Check if WASM has been initialized\n *\n * @returns true if WASM setup has been attempted (success or failure)\n */\nexport function isWasmInitialized(): boolean {\n return wasmInitialized;\n}\n\n/**\n * Reset WASM initialization state (mainly for testing)\n *\n * @internal\n */\nexport function resetWasmState(): void {\n wasmInitialized = false;\n initPromise = null;\n}\n"]}
package/dist/wasm-setup.mjs.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/nodejs-wasm-loader.ts","../src/wasm-setup.ts"],"names":["wasmInitialized","loadWasmNodejs","isWasmInitialized"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,IAAA,0BAAA,GAAA,EAAA;AAAA,QAAA,CAAA,0BAAA,EAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,cAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAkBA,eAAsB,cAAA,GAAmC;AACvD,EAAA,IAAI,eAAA,EAAiB;AACnB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI;AAEF,IAAA,MAAM,aAAA,GAAgB;AAAA;AAAA,MAEpB,IAAA,CAAK,IAAA;AAAA,QACH,QAAQ,GAAA,EAAI;AAAA,QACZ,cAAA;AAAA,QACA,SAAA;AAAA,QACA,aAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA;AAAA,OACF;AAAA;AAAA,MAEA,IAAA,CAAK,IAAA,CAAK,OAAA,CAAQ,GAAA,IAAO,0BAA0B,CAAA;AAAA;AAAA,MAEnD,IAAA,CAAK,IAAA;AAAA,QACH,SAAA;AAAA,QACA,IAAA;AAAA,QACA,IAAA;AAAA,QACA,IAAA;AAAA,QACA,aAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA;AAAA;AACF,KACF;AAEA,IAAA,IAAI,UAAA,GAA4B,IAAA;AAChC,IAAA,IAAI,UAAA,GAA4B,IAAA;AAEhC,IAAA,KAAA,MAAW,YAAY,aAAA,EAAe;AACpC,MAAA,IAAI;AACF,QAAA,IAAI,EAAA,CAAG,UAAA,CAAW,QAAQ,CAAA,EAAG;AAC3B,UAAA,UAAA,GAAa,EAAA,CAAG,aAAa,QAAQ,CAAA;AACrC,UAAA,UAAA,GAAa,QAAA;AACb,UAAA;AAAA,QACF;AAAA,MACF,SAAS,CAAA,EAAG;AAEV,QAAA;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,OAAA,CAAQ,KAAK,2DAA2D,CAAA;AACxE,MAAA,OAAO,KAAA;AAAA,IACT;AAIA,IAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,UAAU,CAAA;AACvC,IAAA,UAAA,GAAa,MAAM,WAAA,CAAY,OAAA,CAAQ,KAAK,CAAA;AAG5C,IAAA,aAAA,CAAc,UAAU,CAAA;AAExB,IAAA,eAAA,GAAkB,IAAA;AAClB,IAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,kDAAA,EAAgD,UAAU,CAAA,kBAAA,CAAoB,CAAA;AAC1F,IAAA,OAAA,CAAQ,IAAI,mEAA4D,CAAA;AAExE,IAAA,OAAO,IAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,IAAA,CAAK,qEAA2D,KAAK,CAAA;AAC7E,IAAA,OAAA,CAAQ,IAAI,8DAAuD,CAAA;AACnE,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAKO,SAAS,eAAA,GAA2B;AACzC,EAAA,OACE,OAAO,OAAA,KAAY,WAAA,IACnB,OAAO,OAAA,CAAQ,QAAA,KAAa,WAAA,IAC5B,OAAO,OAAA,CAAQ,QAAA,CAAS,IAAA,KAAS,WAAA,IACjC,OAAO,SAAA,KAAY,WAAA;AAEvB;AAKO,SAAS,aAAA,GAA2C;AACzD,EAAA,OAAO,UAAA;AACT;AAKO,SAAS,iBAAA,GAA6B;AAC3C,EAAA,OAAO,eAAA;AACT;AApHA,IAWI,eAAA,EACA,UAAA;AAZJ,IAAA,uBAAA,GAAA,KAAA,CAAA;AAAA,EAAA,2BAAA,GAAA;AAWA,IAAI,eAAA,GAAkB,KAAA;AACtB,IAAI,UAAA,GAAwC,IAAA;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACS5C,IAAIA,gBAAAA,GAAkB,KAAA;AACtB,IAAI,WAAA,GAAoC,IAAA;AACxC,IAAI,aAAA,GAAgB,KAAA;AAapB,eAAsB,SAAA,GAA2B;AAE/C,EAAA,IAAIA,gBAAAA,EAAiB;AACnB,IAAA;AAAA,EACF;AAGA,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO,WAAA;AAAA,EACT;AAGA,EAAA,WAAA,GAAc,WAAA,EAAY;AAC1B,EAAA,OAAO,WAAA;AACT;AAEA,eAAe,WAAA,GAA6B;AAE1C,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA;AAAA,EACF;AACA,EAAA,aAAA,GAAgB,IAAA;AAEhB,EAAA,IAAI;AAEF,IAAA,IAAI,OAAO,OAAA,KAAY,WAAA,IAAe,OAAA,CAAQ,GAAA,CAAI,aAAa,MAAA,EAAQ;AACrE,MAAAA,gBAAAA,GAAkB,IAAA;AAClB,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,QAAA,GACJ,OAAO,OAAA,KAAY,WAAA,IACnB,OAAO,SAAA,KAAY,WAAA,IACnB,OAAA,CAAQ,GAAA,CAAI,YAAA,KAAiB,QAAA;AAE/B,IAAA,IAAI,QAAA,EAAU;AAEZ,MAAA,IAAI;AACF,QAAA,MAAM,EAAE,cAAA,EAAAC,eAAAA,EAAe,GAAI,MAAM,OAAA,CAAA,OAAA,EAAA,CAAA,IAAA,CAAA,OAAA,uBAAA,EAAA,EAAA,0BAAA,CAAA,CAAA;AACjC,QAAA,MAAM,MAAA,GAAS,MAAMA,eAAAA,EAAe;AACpC,QAAAD,gBAAAA,GAAkB,IAAA;AAElB,QAAA,IAAI,MAAA,EAAQ;AACV,UAAA,OAAA,CAAQ,IAAI,yEAAkE,CAAA;AAAA,QAChF,CAAA,MAAO;AACL,UAAA,OAAA,CAAQ,IAAI,iEAA0D,CAAA;AAAA,QACxE;AACA,QAAA;AAAA,MACF,SAAS,KAAA,EAAO;AACd,QAAA,OAAA,CAAQ,IAAA,CAAK,yDAA+C,KAAK,CAAA;AAAA,MACnE;AAAA,IACF;AAIA,IAAAA,gBAAAA,GAAkB,IAAA;AAElB,IAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,YAAA,KAAiB,MAAA,EAAQ;AACvC,MAAA,OAAA,CAAQ,GAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,OAAA,CAAQ,IAAI,kDAA6C,CAAA;AAAA,IAC3D;AAAA,EACF,SAAS,KAAA,EAAO;AAEd,IAAAA,gBAAAA,GAAkB,IAAA;AAAA,EACpB;AACF;AAOO,SAASE,kBAAAA,GAA6B;AAC3C,EAAA,OAAOF,gBAAAA;AACT;AAOO,SAAS,cAAA,GAAuB;AACrC,EAAAA,gBAAAA,GAAkB,KAAA;AAClB,EAAA,WAAA,GAAc,IAAA;AAChB","file":"wasm-setup.mjs","sourcesContent":["/**\n * Node.js Runtime WASM Loader for AgentShield\n *\n * This loader uses fs.readFileSync to load WASM in Node.js runtime.\n * It provides full cryptographic verification capabilities.\n */\n\nimport fs from 'fs';\nimport path from 'path';\nimport { setWasmModule } from '@kya-os/checkpoint';\n\nlet wasmInitialized = false;\nlet wasmModule: WebAssembly.Module | null = null;\n\n/**\n * Load WASM module using Node.js fs module\n * This only works in Node.js runtime, not Edge Runtime\n */\nexport async function loadWasmNodejs(): Promise<boolean> {\n if (wasmInitialized) {\n return true;\n }\n\n try {\n // Try multiple possible WASM locations\n const possiblePaths = [\n // In node_modules (most likely)\n path.join(\n process.cwd(),\n 'node_modules',\n '@kya-os',\n 'agentshield',\n 'dist',\n 'wasm',\n 'agentshield_wasm_bg.wasm'\n ),\n // In project root (if user copied it)\n path.join(process.cwd(), 'agentshield_wasm_bg.wasm'),\n // Relative to current file\n path.join(\n __dirname,\n '..',\n '..',\n '..',\n 'agentshield',\n 'dist',\n 'wasm',\n 'agentshield_wasm_bg.wasm'\n ),\n ];\n\n let wasmBuffer: Buffer | null = null;\n let loadedPath: string | null = null;\n\n for (const wasmPath of possiblePaths) {\n try {\n if (fs.existsSync(wasmPath)) {\n wasmBuffer = fs.readFileSync(wasmPath);\n loadedPath = wasmPath;\n break;\n }\n } catch (e) {\n // Try next path\n continue;\n }\n }\n\n if (!wasmBuffer) {\n console.warn('AgentShield: WASM file not found in any expected location');\n return false;\n }\n\n // Convert Buffer to Uint8Array for WebAssembly\n // This is the proper way to handle Buffer -> ArrayBuffer conversion\n const bytes = new Uint8Array(wasmBuffer);\n wasmModule = await WebAssembly.compile(bytes);\n\n // Set the module in AgentShield\n setWasmModule(wasmModule);\n\n wasmInitialized = true;\n console.log(`✅ AgentShield: WASM loaded successfully from ${loadedPath} (Node.js runtime)`);\n console.log('🔐 Cryptographic verification enabled (95-100% confidence)');\n\n return true;\n } catch (error) {\n console.warn('⚠️ AgentShield: Failed to load WASM in Node.js runtime:', error);\n console.log('📊 Falling back to pattern detection (85% confidence)');\n return false;\n }\n}\n\n/**\n * Check if we're in Node.js runtime\n */\nexport function isNodejsRuntime(): boolean {\n return (\n typeof process !== 'undefined' &&\n typeof process.versions !== 'undefined' &&\n typeof process.versions.node !== 'undefined' &&\n typeof require !== 'undefined'\n );\n}\n\n/**\n * Get the loaded WASM module\n */\nexport function getWasmModule(): WebAssembly.Module | null {\n return wasmModule;\n}\n\n/**\n * Check if WASM is initialized\n */\nexport function isWasmInitialized(): boolean {\n return wasmInitialized;\n}\n","/**\n * WASM Setup for AgentShield in Next.js Edge Runtime\n *\n * This module handles WASM initialization for cryptographic signature verification.\n * Designed to work without top-level await to avoid Next.js middleware issues.\n *\n * Usage in middleware.ts:\n * ```typescript\n * import { setupWasm } from '@kya-os/checkpoint-nextjs/wasm-setup';\n * import { createAgentShieldMiddleware } from '@kya-os/checkpoint-nextjs';\n *\n * export async function middleware(request: NextRequest) {\n * // Initialize WASM inside the middleware function\n * await setupWasm();\n *\n * const agentShieldMiddleware = createAgentShieldMiddleware({...});\n * return agentShieldMiddleware(request);\n * }\n * ```\n */\n\nlet wasmInitialized = false;\nlet initPromise: Promise<void> | null = null;\nlet initAttempted = false;\n\n/**\n * Initialize WASM module for AgentShield\n *\n * This function:\n * - Loads WASM in production/Edge Runtime for cryptographic verification\n * - Skips WASM in test environments (Jest) automatically\n * - Is safe to call multiple times (idempotent)\n * - Handles errors gracefully with fallback to pattern detection\n *\n * @returns Promise that resolves when initialization is complete\n */\nexport async function setupWasm(): Promise<void> {\n // Already initialized, return immediately\n if (wasmInitialized) {\n return;\n }\n\n // Initialization in progress, return the existing promise\n if (initPromise) {\n return initPromise;\n }\n\n // Start initialization\n initPromise = doSetupWasm();\n return initPromise;\n}\n\nasync function doSetupWasm(): Promise<void> {\n // Prevent multiple initialization attempts\n if (initAttempted) {\n return;\n }\n initAttempted = true;\n\n try {\n // Skip WASM in test environments\n if (typeof process !== 'undefined' && process.env.NODE_ENV === 'test') {\n wasmInitialized = true;\n return;\n }\n\n // Check if we're in Node.js runtime (middleware with runtime: 'nodejs')\n const isNodejs =\n typeof process !== 'undefined' &&\n typeof require !== 'undefined' &&\n process.env.NEXT_RUNTIME === 'nodejs';\n\n if (isNodejs) {\n // We're in Node.js runtime - use fs to load WASM!\n try {\n const { loadWasmNodejs } = await import('./nodejs-wasm-loader');\n const loaded = await loadWasmNodejs();\n wasmInitialized = true;\n\n if (loaded) {\n console.log('🚀 AgentShield: Running with full WASM support (Node.js runtime)');\n } else {\n console.log('📊 AgentShield: Using pattern detection (WASM not found)');\n }\n return;\n } catch (error) {\n console.warn('⚠️ AgentShield: Node.js WASM loader failed:', error);\n }\n }\n\n // Edge Runtime or build time - skip WASM loading\n // Pattern detection will be used (85% confidence)\n wasmInitialized = true;\n\n if (process.env.NEXT_RUNTIME === 'edge') {\n console.log(\n '⚡ AgentShield: Edge Runtime detected - using pattern detection (85% confidence)'\n );\n console.log('✅ AgentShield: Ready for AI agent detection');\n }\n } catch (error) {\n // Mark as initialized to prevent retries\n wasmInitialized = true;\n }\n}\n\n/**\n * Check if WASM has been initialized\n *\n * @returns true if WASM setup has been attempted (success or failure)\n */\nexport function isWasmInitialized(): boolean {\n return wasmInitialized;\n}\n\n/**\n * Reset WASM initialization state (mainly for testing)\n *\n * @internal\n */\nexport function resetWasmState(): void {\n wasmInitialized = false;\n initPromise = null;\n}\n"]}