npm - @kya-os/checkpoint-nextjs - Versions diffs - 1.0.0 - Mend

@kya-os/checkpoint-nextjs 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (122) hide show

package/CHANGELOG.md +80 -0
package/EDGE_RUNTIME_WASM_SETUP.md +348 -0
package/README.md +414 -0
package/bin/setup-edge-wasm.js +497 -0
package/dist/.tsbuildinfo +1 -0
package/dist/adapt.d.mts +39 -0
package/dist/adapt.d.ts +39 -0
package/dist/adapt.js +58 -0
package/dist/adapt.js.map +1 -0
package/dist/adapt.mjs +56 -0
package/dist/adapt.mjs.map +1 -0
package/dist/api-client.d.mts +204 -0
package/dist/api-client.d.ts +204 -0
package/dist/api-client.js +206 -0
package/dist/api-client.js.map +1 -0
package/dist/api-client.mjs +199 -0
package/dist/api-client.mjs.map +1 -0
package/dist/api-middleware.d.mts +156 -0
package/dist/api-middleware.d.ts +156 -0
package/dist/api-middleware.js +510 -0
package/dist/api-middleware.js.map +1 -0
package/dist/api-middleware.mjs +505 -0
package/dist/api-middleware.mjs.map +1 -0
package/dist/create-middleware.d.mts +17 -0
package/dist/create-middleware.d.ts +17 -0
package/dist/create-middleware.js +38 -0
package/dist/create-middleware.js.map +1 -0
package/dist/create-middleware.mjs +35 -0
package/dist/create-middleware.mjs.map +1 -0
package/dist/edge/index.d.mts +110 -0
package/dist/edge/index.d.ts +110 -0
package/dist/edge/index.js +277 -0
package/dist/edge/index.js.map +1 -0
package/dist/edge/index.mjs +275 -0
package/dist/edge/index.mjs.map +1 -0
package/dist/edge-runtime-loader.d.mts +50 -0
package/dist/edge-runtime-loader.d.ts +50 -0
package/dist/edge-runtime-loader.js +204 -0
package/dist/edge-runtime-loader.js.map +1 -0
package/dist/edge-runtime-loader.mjs +201 -0
package/dist/edge-runtime-loader.mjs.map +1 -0
package/dist/edge-wasm-middleware.d.mts +68 -0
package/dist/edge-wasm-middleware.d.ts +68 -0
package/dist/edge-wasm-middleware.js +318 -0
package/dist/edge-wasm-middleware.js.map +1 -0
package/dist/edge-wasm-middleware.mjs +315 -0
package/dist/edge-wasm-middleware.mjs.map +1 -0
package/dist/index.d.mts +25 -0
package/dist/index.d.ts +25 -0
package/dist/index.js +1019 -0
package/dist/index.js.map +1 -0
package/dist/index.mjs +979 -0
package/dist/index.mjs.map +1 -0
package/dist/middleware-edge.d.mts +46 -0
package/dist/middleware-edge.d.ts +46 -0
package/dist/middleware-edge.js +134 -0
package/dist/middleware-edge.js.map +1 -0
package/dist/middleware-edge.mjs +129 -0
package/dist/middleware-edge.mjs.map +1 -0
package/dist/middleware-node.d.mts +89 -0
package/dist/middleware-node.d.ts +89 -0
package/dist/middleware-node.js +127 -0
package/dist/middleware-node.js.map +1 -0
package/dist/middleware-node.mjs +124 -0
package/dist/middleware-node.mjs.map +1 -0
package/dist/middleware.d.mts +36 -0
package/dist/middleware.d.ts +36 -0
package/dist/middleware.js +15 -0
package/dist/middleware.js.map +1 -0
package/dist/middleware.mjs +12 -0
package/dist/middleware.mjs.map +1 -0
package/dist/nodejs-wasm-loader.d.mts +25 -0
package/dist/nodejs-wasm-loader.d.ts +25 -0
package/dist/nodejs-wasm-loader.js +95 -0
package/dist/nodejs-wasm-loader.js.map +1 -0
package/dist/nodejs-wasm-loader.mjs +85 -0
package/dist/nodejs-wasm-loader.mjs.map +1 -0
package/dist/policy.d.mts +162 -0
package/dist/policy.d.ts +162 -0
package/dist/policy.js +189 -0
package/dist/policy.js.map +1 -0
package/dist/policy.mjs +165 -0
package/dist/policy.mjs.map +1 -0
package/dist/session-tracker.d.mts +55 -0
package/dist/session-tracker.d.ts +55 -0
package/dist/session-tracker.js +170 -0
package/dist/session-tracker.js.map +1 -0
package/dist/session-tracker.mjs +167 -0
package/dist/session-tracker.mjs.map +1 -0
package/dist/signature-verifier.d.mts +33 -0
package/dist/signature-verifier.d.ts +33 -0
package/dist/signature-verifier.js +386 -0
package/dist/signature-verifier.js.map +1 -0
package/dist/signature-verifier.mjs +362 -0
package/dist/signature-verifier.mjs.map +1 -0
package/dist/translate.d.mts +33 -0
package/dist/translate.d.ts +33 -0
package/dist/translate.js +38 -0
package/dist/translate.js.map +1 -0
package/dist/translate.mjs +36 -0
package/dist/translate.mjs.map +1 -0
package/dist/types-C-xCUNTr.d.mts +105 -0
package/dist/types-C-xCUNTr.d.ts +105 -0
package/dist/wasm-middleware.d.mts +63 -0
package/dist/wasm-middleware.d.ts +63 -0
package/dist/wasm-middleware.js +98 -0
package/dist/wasm-middleware.js.map +1 -0
package/dist/wasm-middleware.mjs +95 -0
package/dist/wasm-middleware.mjs.map +1 -0
package/dist/wasm-setup.d.mts +46 -0
package/dist/wasm-setup.d.ts +46 -0
package/dist/wasm-setup.js +176 -0
package/dist/wasm-setup.js.map +1 -0
package/dist/wasm-setup.mjs +167 -0
package/dist/wasm-setup.mjs.map +1 -0
package/package.json +156 -0
package/templates/middleware-wasm-100.ts +153 -0
package/wasm/agentshield_wasm.d.ts +479 -0
package/wasm/agentshield_wasm.js +1536 -0
package/wasm/agentshield_wasm_bg.wasm +0 -0
package/wasm/package.json +30 -0
package/wasm.d.ts +21 -0

package/README.md ADDED Viewed

@@ -0,0 +1,414 @@
+# @kya-os/checkpoint-nextjs
+Next.js middleware and React hooks for Checkpoint AI agent detection and enforcement.
+## Features
+- 🚀 **Next.js Middleware**: Edge-compatible middleware for all routes
+- ⚛️ **React Hooks**: Client-side detection and monitoring
+- 🎯 **Flexible Actions**: Block, redirect, rewrite, or log detected agents
+- 🛡️ **Edge Runtime**: Optimized for Vercel Edge Functions
+- 📊 **Built-in Analytics**: Track detection patterns and statistics
+## Two deployment shapes
+This package ships two complementary middleware factories. Pick the one that
+fits your runtime; both are first-class and supported.
+| Shape            | Factory             | Where verification runs                                         | Use when                                                                                                                                                                                                                                                                          |
+| ---------------- | ------------------- | --------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Local engine** | `withCheckpoint`    | In-process, via WASM (`kya-os-engine`)                          | You want the lowest possible latency, deterministic verdicts, no network round-trip per request, and your runtime can load the WASM artifact (Vercel Node, Vercel Edge with the bundled artifact, Cloudflare Workers with `nodejs_compat`). This is the canonical Phase D output. |
+| **SaaS gateway** | `withCheckpointApi` | Cloudflare DNS gateway (`https://detect.checkpoint-gateway.ai`) | You want centralized policy + dashboard rules without a redeploy, you're on a runtime where the WASM artifact won't load (bare-Edge, browser embedding), or you want a single HTTPS hop with cached verdicts. Trades ~30–50ms of edge latency for zero local engine state.        |
+Both factories return a Next.js middleware function — the request/response
+contract is identical. You can run both side-by-side in the same app on
+different routes if your policy demands it.
+```ts
+// middleware.ts — local engine
+import { withCheckpoint } from '@kya-os/checkpoint-nextjs';
+export default withCheckpoint({ tenantHost: 'demo.example' });
+// middleware.ts — SaaS gateway
+import { withCheckpointApi } from '@kya-os/checkpoint-nextjs';
+export default withCheckpointApi({
+  apiKey: process.env.CHECKPOINT_API_KEY!,
+  onBlock: 'redirect',
+  redirectUrl: '/blocked',
+});
+```
+> Pre-Phase-D the SaaS-gateway factory shipped as `withAgentShield`; the
+> name is preserved as a `@deprecated` alias for one release. Same for
+> `AgentShieldClient` / `AgentShieldClientConfig` → `CheckpointApiClient`
+> / `CheckpointApiClientConfig`. New code should import the
+> `Checkpoint*` names.
+## Installation
+```bash
+npm install @kya-os/checkpoint-nextjs
+```
+## Quick Start
+### Middleware Setup
+Create `middleware.js` (or `middleware.ts`) in your project root:
+```javascript
+import { agentShield } from '@kya-os/checkpoint-nextjs';
+export default agentShield({
+  onAgentDetected: 'block',
+  confidenceThreshold: 0.8,
+  // NEW: Session tracking (v0.1.27+)
+  sessionTracking: {
+    enabled: true, // Track continued sessions from AI agents
+  },
+});
+export const config = {
+  matcher: ['/((?!api|_next/static|_next/image|favicon.ico).*)'],
+};
+```
+### React Hooks
+```javascript
+'use client';
+import { useAgentDetection } from '@kya-os/checkpoint-nextjs';
+export default function SecurityMonitor() {
+  const { detect, isDetecting, lastResult } = useAgentDetection({
+    confidenceThreshold: 0.7,
+  });
+  const handleCheck = async () => {
+    const result = await detect();
+    if (result.isAgent) {
+      alert('Agent detected!');
+    }
+  };
+  return (
+    <div>
+      <button onClick={handleCheck} disabled={isDetecting}>
+        {isDetecting ? 'Checking...' : 'Check for Agents'}
+      </button>
+      {lastResult && (
+        <div>
+          <p>Is Agent: {lastResult.isAgent ? 'Yes' : 'No'}</p>
+          <p>Confidence: {(lastResult.confidence * 100).toFixed(1)}%</p>
+        </div>
+      )}
+    </div>
+  );
+}
+```
+## Middleware Configuration
+```javascript
+import { agentShield } from '@kya-os/checkpoint-nextjs';
+export default agentShield({
+  // Core detection options
+  confidenceThreshold: 0.7,
+  enablePatternMatching: true,
+  enableBehaviorAnalysis: true,
+  // Action when agent is detected
+  onAgentDetected: 'block', // 'block' | 'redirect' | 'rewrite' | 'allow' | 'log'
+  // Skip detection for paths
+  skipPaths: ['/api/webhooks', /^\/admin/],
+  // Custom responses
+  blockedResponse: {
+    status: 403,
+    message: 'Access denied',
+  },
+  redirectUrl: '/blocked',
+  rewriteUrl: '/blocked',
+  // Custom handler
+  onDetection: async (request, result) => {
+    console.log('Agent detected:', result);
+    // Return custom NextResponse or void
+  },
+});
+```
+## Actions
+### Block Agents
+```javascript
+export default agentShield({
+  onAgentDetected: 'block',
+  blockedResponse: {
+    status: 403,
+    message: 'Automated access not allowed',
+    headers: {
+      'Content-Type': 'application/json',
+      'X-Robots-Tag': 'noindex',
+    },
+  },
+});
+```
+### Redirect Agents
+```javascript
+export default agentShield({
+  onAgentDetected: 'redirect',
+  redirectUrl: '/blocked',
+  confidenceThreshold: 0.8,
+});
+```
+### Rewrite Requests
+```javascript
+export default agentShield({
+  onAgentDetected: 'rewrite',
+  rewriteUrl: '/bot-content',
+  confidenceThreshold: 0.6,
+});
+```
+### Custom Logic
+```javascript
+export default agentShield({
+  onDetection: async (request, result) => {
+    if (result.confidence > 0.9) {
+      // High confidence - block
+      return NextResponse.json({ error: 'Blocked' }, { status: 403 });
+    } else if (result.confidence > 0.5) {
+      // Medium confidence - redirect to captcha
+      return NextResponse.redirect(new URL('/verify', request.url));
+    }
+    // Low confidence - continue
+  },
+});
+```
+## React Hooks
+### useAgentDetection
+Client-side agent detection:
+```javascript
+import { useAgentDetection } from '@kya-os/checkpoint-nextjs';
+function SecurityComponent() {
+  const { detect, isDetecting, lastResult, detector } = useAgentDetection({
+    confidenceThreshold: 0.7,
+  });
+  useEffect(() => {
+    // Auto-detect on component mount
+    detect();
+  }, [detect]);
+  return (
+    <div>
+      {lastResult?.isAgent && (
+        <div className="alert">Agent detected with {lastResult.confidence} confidence</div>
+      )}
+    </div>
+  );
+}
+```
+### useDetectionMonitor
+Monitor and track detection events:
+```javascript
+import { useDetectionMonitor } from '@kya-os/checkpoint-nextjs';
+function AnalyticsDashboard() {
+  const { detectionHistory, getStats, clearHistory } = useDetectionMonitor((context) => {
+    // Handle each detection
+    console.log('Detection event:', context);
+  });
+  const stats = getStats();
+  return (
+    <div>
+      <h2>Detection Statistics</h2>
+      <p>Total Requests: {stats.total}</p>
+      <p>Agents Detected: {stats.detected}</p>
+      <p>Detection Rate: {(stats.detectionRate * 100).toFixed(1)}%</p>
+      <p>Average Confidence: {(stats.avgConfidence * 100).toFixed(1)}%</p>
+      <button onClick={clearHistory}>Clear History</button>
+    </div>
+  );
+}
+```
+## API Routes Integration
+Protect API routes with server-side detection:
+```javascript
+// pages/api/protected.js or app/api/protected/route.js
+import { AgentDetector } from '@kya-os/checkpoint';
+const detector = new AgentDetector();
+export async function GET(request) {
+  const context = {
+    userAgent: request.headers.get('user-agent'),
+    ip: request.ip,
+    headers: Object.fromEntries(request.headers.entries()),
+  };
+  const result = await detector.analyze(context);
+  if (result.isAgent && result.confidence > 0.7) {
+    return NextResponse.json({ error: 'Automated access detected' }, { status: 403 });
+  }
+  return NextResponse.json({ data: 'Protected content' });
+}
+```
+## Advanced Usage
+### Path-Specific Configuration
+```javascript
+import { NextRequest, NextResponse } from 'next/server';
+import { AgentDetector } from '@kya-os/checkpoint';
+const detector = new AgentDetector();
+export async function middleware(request: NextRequest) {
+  const { pathname } = request.nextUrl;
+  // Different thresholds for different paths
+  let threshold = 0.7;
+  if (pathname.startsWith('/api/')) {
+    threshold = 0.5; // More sensitive for API
+  } else if (pathname.startsWith('/admin/')) {
+    threshold = 0.9; // Less sensitive for admin (humans expected)
+  }
+  const context = {
+    userAgent: request.headers.get('user-agent') ?? undefined,
+    ip: request.ip,
+    headers: Object.fromEntries(request.headers.entries()),
+    url: request.url,
+  };
+  const result = await detector.analyze(context);
+  if (result.isAgent && result.confidence >= threshold) {
+    return NextResponse.json(
+      { error: 'Access denied' },
+      { status: 403 }
+    );
+  }
+  return NextResponse.next();
+}
+```
+### Server Components
+Use detection results in Server Components:
+```javascript
+// app/dashboard/page.tsx
+import { headers } from 'next/headers';
+import { AgentDetector } from '@kya-os/checkpoint';
+export default async function Dashboard() {
+  const headersList = headers();
+  const detector = new AgentDetector();
+  const result = await detector.analyze({
+    userAgent: headersList.get('user-agent') ?? undefined,
+    headers: Object.fromEntries(headersList.entries()),
+  });
+  if (result.isAgent) {
+    return <div>Automated access detected</div>;
+  }
+  return <div>Welcome to the dashboard!</div>;
+}
+```
+## TypeScript Support
+Full TypeScript support with proper types:
+```typescript
+import { NextRequest } from 'next/server';
+import { agentShield, NextJSMiddlewareConfig } from '@kya-os/checkpoint-nextjs';
+const config: NextJSMiddlewareConfig = {
+  onAgentDetected: 'block',
+  confidenceThreshold: 0.8,
+  onDetection: async (request: NextRequest, result) => {
+    // Fully typed parameters
+    console.log(result.confidence);
+  },
+};
+export default agentShield(config);
+```
+## Examples
+### E-commerce Protection
+```javascript
+// Protect product pages from scrapers
+export default agentShield({
+  onAgentDetected: 'redirect',
+  redirectUrl: '/captcha',
+  confidenceThreshold: 0.6,
+  skipPaths: ['/api/webhooks', '/health'],
+});
+export const config = {
+  matcher: ['/products/:path*', '/search/:path*'],
+};
+```
+### Content Publishing
+```javascript
+// Allow search engines, block other bots
+export default agentShield({
+  onDetection: async (request, result) => {
+    const userAgent = request.headers.get('user-agent') || '';
+    // Allow known search engines
+    if (/googlebot|bingbot|slurp/i.test(userAgent)) {
+      return; // Continue
+    }
+    // Block other agents
+    if (result.isAgent && result.confidence > 0.5) {
+      return NextResponse.json({ error: 'Bot access restricted' }, { status: 403 });
+    }
+  },
+});
+```
+## License
+MIT OR Apache-2.0