@kya-os/checkpoint-nextjs 1.1.4 → 1.7.0

package/templates/middleware-wasm-100.ts

@@ -1,161 +0,0 @@
-/**
- * Checkpoint Middleware Template — Legacy WASM Factory
- *
- * ⚠️ **DEPRECATED TEMPLATE (AgentDetector-Deletion-1):** this template
- * uses `createWasmAgentShieldMiddleware`, which is deprecated and
- * will be removed in the next minor. For new projects, use
- * `withCheckpoint` instead — it's engine-backed (PDM-1 #2560), runs
- * MCP-I envelope verification, and is the canonical Phase-D
- * replacement. See the `withCheckpoint` recipe in
- * `packages/checkpoint-nextjs/README.md`.
- *
- * This template stays in-tree for one release as a migration reference;
- * the deprecated factory still works (with a dev-only console.warn).
- *
- * Installation:
- * 1. Copy this file to your project root as `middleware.ts`
- * 2. Install packages: npm install @kya-os/checkpoint @kya-os/checkpoint-nextjs
- * 3. Deploy to Vercel for Edge Runtime support
- */
-
-import { NextResponse } from 'next/server';
-import type { NextRequest } from 'next/server';
-
-// CRITICAL: Import WASM module with ?module suffix for Edge Runtime
-// This MUST be at the top of the file, before any other AgentShield imports
-import wasmModule from '@kya-os/checkpoint/wasm?module';
-
-// Now import the middleware creator
-import {
-  createWasmAgentShieldMiddleware,
-  instantiateWasm,
-} from '@kya-os/checkpoint-nextjs/wasm-middleware';
-
-// Initialize WASM module once at startup
-let wasmInstancePromise: Promise<WebAssembly.Instance> | null = null;
-
-async function getWasmInstance() {
-  if (!wasmInstancePromise) {
-    wasmInstancePromise = instantiateWasm(wasmModule);
-  }
-  return wasmInstancePromise;
-}
-
-export async function middleware(request: NextRequest) {
-  try {
-    // Get or create WASM instance
-    const wasmInstance = await getWasmInstance();
-
-    // Create middleware with WASM support
-    const agentShieldMiddleware = createWasmAgentShieldMiddleware({
-      wasmInstance,
-
-      // Skip authentication and static assets
-      skipPaths: ['/api/auth', '/_next', '/favicon.ico', '/public'],
-
-      // What to do when agent is detected
-      onAgentDetected: async (result) => {
-        // With WASM: 95-100% confidence for cryptographically verified agents
-        console.log(`🤖 AI Agent detected:`, {
-          agent: result.agent,
-          confidence: `${Math.round(result.confidence * 100)}%`,
-          verification: result.verificationMethod, // 'signature' with WASM, 'pattern' without
-          risk: result.riskLevel,
-          timestamp: result.timestamp,
-        });
-
-        // You can add custom logic here:
-        // - Log to analytics
-        // - Send alerts
-        // - Apply rate limiting
-        // - etc.
-      },
-
-      // Set to true to block AI agents
-      blockOnHighConfidence: false, // Change to true to block agents
-
-      // Minimum confidence to trigger blocking (0.8 = 80%)
-      confidenceThreshold: 0.8,
-
-      // Custom response when blocking
-      blockedResponse: {
-        status: 403,
-        message: 'AI agent access restricted',
-        headers: {
-          'Content-Type': 'application/json',
-          'X-Blocked-Reason': 'ai-agent-detected',
-        },
-      },
-    });
-
-    // Run AgentShield detection
-    const response = await agentShieldMiddleware(request);
-
-    // Add security headers to all responses
-    response.headers.set('X-Frame-Options', 'DENY');
-    response.headers.set('X-Content-Type-Options', 'nosniff');
-    response.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
-
-    return response;
-  } catch (error) {
-    // If WASM fails to load, fall back to pattern detection (85% confidence)
-    console.warn('⚠️ WASM initialization failed, using pattern detection:', error);
-
-    // You could use the regular middleware here as fallback
-    // For now, just continue
-    return NextResponse.next();
-  }
-}
-
-// Configure which paths the middleware runs on
-export const config = {
-  matcher: [
-    /*
-     * Match all request paths except for the ones starting with:
-     * - _next/static (static files)
-     * - _next/image (image optimization files)
-     * - favicon.ico (favicon file)
-     * - public folder
-     */
-    {
-      source: '/((?!_next/static|_next/image|favicon.ico|public).*)',
-      missing: [
-        { type: 'header', key: 'next-router-prefetch' },
-        { type: 'header', key: 'purpose', value: 'prefetch' },
-      ],
-    },
-  ],
-};
-
-/**
- * TypeScript Support
- *
- * Add this to a `types/wasm.d.ts` file in your project:
- *
- * declare module '@kya-os/checkpoint/wasm?module' {
- *   const value: WebAssembly.Module;
- *   export default value;
- * }
- */
-
-/**
- * What You'll See in Logs:
- *
- * With WASM (95-100% confidence):
- * 🤖 AI Agent detected: {
- *   agent: 'ChatGPT-User',
- *   confidence: '100%',
- *   verification: 'signature',  // Cryptographically verified!
- *   risk: 'high',
- *   timestamp: '2024-01-01T00:00:00.000Z'
- * }
- *
- * Without WASM (85% confidence):
- * 🤖 AI Agent detected: {
- *   agent: 'ChatGPT-User',
- *   confidence: '85%',
- *   verification: 'pattern',    // Pattern matching only
- *   risk: 'medium',
- *   timestamp: '2024-01-01T00:00:00.000Z'
- * }
- */