@kya-os/checkpoint-wasm-runtime 1.0.0

package/dist/node.js

@@ -0,0 +1,972 @@
+'use strict';
+
+var checkpointShared = require('@kya-os/checkpoint-shared');
+
+// src/types.ts
+var CONFIDENCE = {
+  /** Minimum confidence for isAgent=true */
+  THRESHOLD_AGENT: 30,
+  /** Cryptographic signature verified */
+  SIGNATURE_VERIFIED: 100,
+  /** Signature header present but not verified */
+  SIGNATURE_PRESENT: 85,
+  /** Strong pattern match */
+  PATTERN_HIGH: 85,
+  /** Moderate pattern match */
+  PATTERN_MEDIUM: 60,
+  /** Weak pattern match */
+  PATTERN_LOW: 40,
+  /** Cloud IP detection only */
+  CLOUD_IP: 30
+};
+
+// src/wasm-detector.ts
+function parseVerificationMethod(method) {
+  switch (method.toLowerCase()) {
+    case "signature":
+      return "signature";
+    case "pattern":
+      return "pattern";
+    case "behavioral":
+      return "behavioral";
+    case "network":
+      return "network";
+    case "mcp_i_handshake":
+      return "mcp_i_handshake";
+    default:
+      return "none";
+  }
+}
+function determineForgeabilityRisk(method, confidence) {
+  if (method === "signature" && confidence >= 90) {
+    return "low";
+  }
+  if (confidence >= 80) {
+    return "medium";
+  }
+  return "high";
+}
+function determineDetectionClass(isAgent, agentName, confidence) {
+  if (!isAgent || confidence < CONFIDENCE.THRESHOLD_AGENT) {
+    return { type: "Human" };
+  }
+  if (agentName) {
+    const aiAgentPatterns = [
+      "chatgpt",
+      "gpt",
+      "openai",
+      "claude",
+      "anthropic",
+      "perplexity",
+      "gemini",
+      "google ai",
+      "copilot",
+      "bing chat"
+    ];
+    const lowerName = agentName.toLowerCase();
+    if (aiAgentPatterns.some((pattern) => lowerName.includes(pattern))) {
+      return { type: "AiAgent", agentType: agentName };
+    }
+    const botPatterns = ["bot", "crawler", "spider", "scraper"];
+    if (botPatterns.some((pattern) => lowerName.includes(pattern))) {
+      return { type: "Bot", botType: agentName };
+    }
+    const automationPatterns = ["selenium", "puppeteer", "playwright", "cypress"];
+    if (automationPatterns.some((pattern) => lowerName.includes(pattern))) {
+      return { type: "Automation", toolType: agentName };
+    }
+    return { type: "AiAgent", agentType: agentName };
+  }
+  return { type: "Unknown" };
+}
+var WasmDetector = class {
+  /**
+   * Create a new WasmDetector
+   * @param loader - WASM loader (static for Edge, dynamic for Node.js)
+   * @param policyLoader - Optional policy loader for API key support
+   * @param options - Detector configuration options
+   */
+  constructor(loader, policyLoader, options = {}) {
+    this.loader = loader;
+    this.policyLoader = policyLoader;
+    this.options = options;
+  }
+  ready = false;
+  loadPromise = null;
+  /**
+   * Analyze a request and detect if it's from an agent
+   */
+  async detect(input) {
+    await this.ensureReady();
+    try {
+      const bindings = this.loader.getBindings();
+      const metadata = {
+        user_agent: input.userAgent || null,
+        ip_address: input.ipAddress || null,
+        headers: JSON.stringify(input.headers || {}),
+        timestamp: (input.timestamp || /* @__PURE__ */ new Date()).toISOString(),
+        url: input.url || null,
+        method: input.method || null,
+        client_fingerprint: input.clientFingerprint || null,
+        free: () => {
+        }
+        // No-op for JS
+      };
+      const wasmResult = bindings.detect_agent(metadata);
+      const verificationMethod = parseVerificationMethod(wasmResult.verification_method);
+      const forgeabilityRisk = determineForgeabilityRisk(verificationMethod, wasmResult.confidence);
+      const detectionClass = determineDetectionClass(
+        wasmResult.is_agent,
+        wasmResult.agent,
+        wasmResult.confidence
+      );
+      let result = {
+        isAgent: wasmResult.is_agent,
+        confidence: wasmResult.confidence,
+        // Already 0-100, no conversion!
+        detectionClass,
+        detectedAgent: wasmResult.agent ? {
+          type: this.inferAgentType(wasmResult.agent),
+          name: wasmResult.agent
+        } : void 0,
+        verificationMethod,
+        forgeabilityRisk,
+        reasons: this.extractReasons(wasmResult),
+        timestamp: /* @__PURE__ */ new Date()
+      };
+      if (this.policyLoader && this.options.apiKey) {
+        result = await this.applyPolicy(result);
+      }
+      return result;
+    } catch (error) {
+      if (this.options.debug) {
+        console.error("[WasmDetector] Detection error:", error);
+      }
+      return this.createDefaultResult();
+    }
+  }
+  /**
+   * Check if the detector is ready
+   */
+  isReady() {
+    return this.ready;
+  }
+  /**
+   * Ensure the detector is initialized
+   */
+  async ensureReady() {
+    if (this.ready) {
+      return;
+    }
+    if (this.loadPromise) {
+      return this.loadPromise;
+    }
+    this.loadPromise = this.initialize();
+    return this.loadPromise;
+  }
+  /**
+   * Get detector version
+   */
+  async getVersion() {
+    await this.ensureReady();
+    return this.loader.getBindings().get_version();
+  }
+  /**
+   * Initialize the detector
+   */
+  async initialize() {
+    try {
+      await this.loader.load();
+      this.ready = true;
+      if (this.options.debug) {
+        const version = this.loader.getBindings().get_version();
+        console.log(
+          `[WasmDetector] Initialized with WASM v${version} (${this.loader.getStrategy()})`
+        );
+      }
+    } catch (error) {
+      this.loadPromise = null;
+      throw error;
+    }
+  }
+  /**
+   * Apply customer policy to detection result
+   */
+  async applyPolicy(result) {
+    if (!this.policyLoader || !this.options.apiKey) {
+      return result;
+    }
+    try {
+      let policy = this.policyLoader.getCachedPolicy(this.options.apiKey);
+      if (!policy) {
+        policy = await this.policyLoader.loadPolicy(this.options.apiKey);
+      }
+      return this.applyPolicyRules(result, policy);
+    } catch (error) {
+      if (this.options.debug) {
+        console.warn("[WasmDetector] Failed to load policy:", error);
+      }
+      return result;
+    }
+  }
+  /**
+   * Check if agent name matches a policy list entry
+   * Uses exact match or word-boundary prefix match to avoid false positives
+   * e.g., "gpt" matches "ChatGPT" and "GPT-4" but not "EgyptBot"
+   */
+  matchesPolicyEntry(agentName, policyEntry) {
+    const lowerAgent = agentName.toLowerCase();
+    const lowerEntry = policyEntry.toLowerCase();
+    if (lowerAgent === lowerEntry) {
+      return true;
+    }
+    const wordBoundaryRegex = new RegExp(
+      `(^|[^a-z0-9])${this.escapeRegex(lowerEntry)}($|[^a-z0-9])`,
+      "i"
+    );
+    return wordBoundaryRegex.test(lowerAgent);
+  }
+  /**
+   * Escape special regex characters in a string
+   */
+  escapeRegex(str) {
+    return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+  }
+  /**
+   * Apply policy rules to detection result
+   */
+  applyPolicyRules(result, policy) {
+    if (policy.denyList && result.detectedAgent) {
+      const agentName = result.detectedAgent.name;
+      const isDenied = policy.denyList.some((denied) => this.matchesPolicyEntry(agentName, denied));
+      if (isDenied) {
+        return {
+          ...result,
+          shouldBlock: true,
+          blockReason: "deny_list"
+        };
+      }
+    }
+    if (policy.allowList && policy.allowList.length > 0 && result.isAgent) {
+      const agentName = result.detectedAgent?.name;
+      if (!agentName) ; else {
+        const isAllowed = policy.allowList.some(
+          (allowed) => this.matchesPolicyEntry(agentName, allowed)
+        );
+        if (!isAllowed) {
+          return {
+            ...result,
+            shouldBlock: true,
+            blockReason: "not_in_allow_list"
+          };
+        }
+        return {
+          ...result,
+          shouldBlock: false
+        };
+      }
+    }
+    if (policy.blockThreshold !== void 0 && result.isAgent && result.confidence >= policy.blockThreshold) {
+      return {
+        ...result,
+        shouldBlock: true,
+        blockReason: "threshold"
+      };
+    }
+    return result;
+  }
+  /**
+   * Infer agent type from name
+   */
+  inferAgentType(agentName) {
+    const lowerName = agentName.toLowerCase();
+    if (lowerName.includes("chatgpt") || lowerName.includes("openai") || lowerName.includes("gpt")) {
+      return "openai";
+    }
+    if (lowerName.includes("claude") || lowerName.includes("anthropic")) {
+      return "anthropic";
+    }
+    if (lowerName.includes("perplexity")) {
+      return "perplexity";
+    }
+    if (lowerName.includes("gemini") || lowerName.includes("google")) {
+      return "google";
+    }
+    if (lowerName.includes("copilot") || lowerName.includes("bing")) {
+      return "microsoft";
+    }
+    return "unknown";
+  }
+  /**
+   * Extract reasons from WASM result
+   */
+  extractReasons(wasmResult) {
+    const reasons = [];
+    if (wasmResult.verification_method) {
+      reasons.push(`method:${wasmResult.verification_method}`);
+    }
+    if (wasmResult.agent) {
+      reasons.push(`agent:${wasmResult.agent.toLowerCase()}`);
+    }
+    return reasons;
+  }
+  /**
+   * Create default result (assumed human)
+   */
+  createDefaultResult() {
+    return {
+      isAgent: false,
+      confidence: 0,
+      detectionClass: { type: "Human" },
+      verificationMethod: "none",
+      forgeabilityRisk: "high",
+      reasons: ["detection_failed"],
+      timestamp: /* @__PURE__ */ new Date()
+    };
+  }
+};
+
+// src/loaders/dynamic-loader.ts
+async function findWasmModule() {
+  const wasmPaths = [
+    // Relative to this package
+    "../wasm/agentshield_wasm_bg.wasm",
+    "./wasm/agentshield_wasm_bg.wasm",
+    // From agentshield-core package
+    "@kya-os/checkpoint/wasm/agentshield_wasm_bg.wasm",
+    // From monorepo build output
+    "../../rust/target/wasm32-unknown-unknown/release/agentshield_wasm_bg.wasm"
+  ];
+  for (const path of wasmPaths) {
+    try {
+      const module = await import(
+        /* webpackIgnore: true */
+        path
+      );
+      if (module.default && module.default instanceof ArrayBuffer) {
+        return module.default;
+      }
+    } catch {
+    }
+  }
+  try {
+    const fs = await import('fs/promises');
+    const nodePath = await import('path');
+    let moduleDir = null;
+    try {
+      const importMetaUrl = eval('typeof import.meta !== "undefined" && import.meta.url');
+      if (importMetaUrl) {
+        const url = await import('url');
+        moduleDir = nodePath.dirname(url.fileURLToPath(importMetaUrl));
+      }
+    } catch {
+    }
+    if (!moduleDir) {
+      try {
+        const cjsDirname = eval('typeof __dirname !== "undefined" && __dirname');
+        if (cjsDirname) {
+          moduleDir = cjsDirname;
+        }
+      } catch {
+      }
+    }
+    const fsWasmPaths = [
+      nodePath.resolve(
+        process.cwd(),
+        "node_modules/@kya-os/checkpoint-wasm-runtime/wasm/agentshield_wasm_bg.wasm"
+      ),
+      nodePath.resolve(
+        process.cwd(),
+        "node_modules/@kya-os/checkpoint/dist/wasm/agentshield_wasm_bg.wasm"
+      )
+    ];
+    if (moduleDir) {
+      fsWasmPaths.unshift(
+        nodePath.resolve(moduleDir, "../wasm/agentshield_wasm_bg.wasm"),
+        nodePath.resolve(moduleDir, "../../wasm/agentshield_wasm_bg.wasm")
+      );
+    }
+    for (const wasmPath of fsWasmPaths) {
+      try {
+        const buffer = await fs.readFile(wasmPath);
+        const arrayBuffer = new ArrayBuffer(buffer.byteLength);
+        new Uint8Array(arrayBuffer).set(buffer);
+        return arrayBuffer;
+      } catch {
+      }
+    }
+  } catch {
+  }
+  throw new Error(
+    "Could not find WASM module. Ensure @kya-os/checkpoint-wasm-runtime/wasm is installed."
+  );
+}
+var JsRequestMetadata = class {
+  constructor(user_agent, ip_address, headers, timestamp, url, method, client_fingerprint) {
+    this.user_agent = user_agent;
+    this.ip_address = ip_address;
+    this.headers = headers;
+    this.timestamp = timestamp;
+    this.url = url;
+    this.method = method;
+    this.client_fingerprint = client_fingerprint;
+  }
+  free() {
+  }
+};
+var DynamicWasmLoader = class {
+  /**
+   * Create a new DynamicWasmLoader
+   * @param wasmPath - Optional custom path to WASM file
+   */
+  constructor(wasmPath) {
+    this.wasmPath = wasmPath;
+  }
+  bindings = null;
+  instance = null;
+  loadPromise = null;
+  /**
+   * Load and compile the WASM module
+   */
+  async load() {
+    if (this.bindings) {
+      return;
+    }
+    if (this.loadPromise) {
+      return this.loadPromise;
+    }
+    this.loadPromise = this.doLoad();
+    return this.loadPromise;
+  }
+  async doLoad() {
+    try {
+      let wasmBuffer;
+      if (this.wasmPath) {
+        const fs2 = await import('fs/promises');
+        const buffer = await fs2.readFile(this.wasmPath);
+        wasmBuffer = new ArrayBuffer(buffer.byteLength);
+        new Uint8Array(wasmBuffer).set(buffer);
+      } else {
+        wasmBuffer = await findWasmModule();
+      }
+      const compiled = await WebAssembly.compile(wasmBuffer);
+      const imports = {
+        wbg: this.createWasmBindgenImports()
+      };
+      this.instance = await WebAssembly.instantiate(compiled, imports);
+      const exports$1 = this.instance.exports;
+      this.bindings = this.createBindings(exports$1);
+    } catch (error) {
+      this.loadPromise = null;
+      throw new Error(
+        `Failed to load WASM module: ${error instanceof Error ? error.message : String(error)}`
+      );
+    }
+  }
+  /**
+   * Get the WASM bindings after loading
+   */
+  getBindings() {
+    if (!this.bindings) {
+      throw new Error("WASM not loaded. Call load() first.");
+    }
+    return this.bindings;
+  }
+  /**
+   * Check if WASM is loaded
+   */
+  isLoaded() {
+    return this.bindings !== null;
+  }
+  /**
+   * Get the loading strategy name
+   */
+  getStrategy() {
+    return "dynamic-compile";
+  }
+  /**
+   * Create wasm-bindgen required imports
+   */
+  createWasmBindgenImports() {
+    return {
+      __wbg_log_f740dc2253ea759b: (ptr, len) => {
+        console.log("[WASM]", ptr, len);
+      },
+      __wbg_error_f851667af71bcfc6: (ptr, len) => {
+        console.error("[WASM Error]", ptr, len);
+      },
+      __wbg_now_c644db5194be8437: () => Date.now(),
+      __wbindgen_throw: (ptr, len) => {
+        throw new Error(`WASM threw: ${ptr}, ${len}`);
+      },
+      __wbindgen_object_drop_ref: () => {
+      }
+    };
+  }
+  /**
+   * Create bindings wrapper from WASM exports
+   */
+  createBindings(exports$1) {
+    const detectAgent = exports$1["detect_agent"];
+    const getVersion = exports$1["get_version"];
+    const getBuildInfo = exports$1["get_build_info"];
+    if (!detectAgent) {
+      throw new Error("WASM module missing detect_agent export");
+    }
+    return {
+      detect_agent: (metadata) => {
+        const wasmMetadata = new JsRequestMetadata(
+          metadata.user_agent,
+          metadata.ip_address,
+          metadata.headers,
+          metadata.timestamp,
+          metadata.url,
+          metadata.method,
+          metadata.client_fingerprint
+        );
+        try {
+          return detectAgent(wasmMetadata);
+        } finally {
+          wasmMetadata.free();
+        }
+      },
+      get_version: () => {
+        if (getVersion) {
+          return getVersion();
+        }
+        return "0.1.0-dynamic";
+      },
+      get_build_info: () => {
+        if (getBuildInfo) {
+          return getBuildInfo();
+        }
+        return JSON.stringify({ version: "0.1.0", strategy: "dynamic-compile" });
+      }
+    };
+  }
+};
+function createDynamicLoader(wasmPath) {
+  return new DynamicWasmLoader(wasmPath);
+}
+
+// src/policy/policy-loader.ts
+var DEFAULT_CONFIG = {
+  apiUrl: "https://api.agentshield.io",
+  cacheTTL: 5 * 60 * 1e3,
+  // 5 minutes
+  maxCacheSize: 100,
+  backgroundRefresh: true,
+  timeout: 5e3
+};
+var PolicyLoader = class {
+  cache = /* @__PURE__ */ new Map();
+  config;
+  constructor(config = {}) {
+    this.config = { ...DEFAULT_CONFIG, ...config };
+  }
+  /**
+   * Load policy for an API key
+   */
+  async loadPolicy(apiKey) {
+    const cached = this.getCachedPolicy(apiKey);
+    if (cached) {
+      if (this.config.backgroundRefresh && this.shouldRefresh(apiKey)) {
+        this.refreshInBackground(apiKey);
+      }
+      return cached;
+    }
+    return this.fetchPolicy(apiKey);
+  }
+  /**
+   * Get cached policy if available and not expired
+   */
+  getCachedPolicy(apiKey) {
+    const entry = this.cache.get(apiKey);
+    if (!entry) {
+      return null;
+    }
+    if (this.isExpired(entry)) {
+      this.cache.delete(apiKey);
+      return null;
+    }
+    return entry.policy;
+  }
+  /**
+   * Invalidate cached policy
+   */
+  invalidateCache(apiKey) {
+    this.cache.delete(apiKey);
+  }
+  /**
+   * Fetch policy from API and cache it
+   */
+  async fetchPolicy(apiKey) {
+    const policy = await this.fetchPolicyFromApi(apiKey);
+    this.cachePolicy(apiKey, policy);
+    return policy;
+  }
+  /**
+   * Fetch policy from API without caching
+   * Used internally for both direct fetches and background refreshes
+   */
+  async fetchPolicyFromApi(apiKey) {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
+    try {
+      const response = await fetch(`${this.config.apiUrl}/api/v1/policy`, {
+        method: "GET",
+        headers: {
+          Authorization: `Bearer ${apiKey}`,
+          "Content-Type": "application/json",
+          "User-Agent": "agentshield-wasm-runtime/0.1.0"
+        },
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        if (response.status === 401) {
+          throw new PolicyLoadError("Invalid API key", "INVALID_API_KEY");
+        }
+        if (response.status === 404) {
+          return this.getDefaultPolicy(apiKey);
+        }
+        throw new PolicyLoadError(`Failed to load policy: ${response.status}`, "API_ERROR");
+      }
+      return await response.json();
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error instanceof PolicyLoadError) {
+        throw error;
+      }
+      if (error instanceof Error && error.name === "AbortError") {
+        throw new PolicyLoadError("Policy request timeout", "TIMEOUT");
+      }
+      throw new PolicyLoadError(
+        `Failed to load policy: ${error instanceof Error ? error.message : "Unknown error"}`,
+        "NETWORK_ERROR"
+      );
+    }
+  }
+  /**
+   * Cache a policy
+   */
+  cachePolicy(apiKey, policy) {
+    if (this.cache.size >= this.config.maxCacheSize) {
+      const oldestKey = this.cache.keys().next().value;
+      if (oldestKey) {
+        this.cache.delete(oldestKey);
+      }
+    }
+    this.cache.set(apiKey, {
+      policy,
+      loadedAt: Date.now(),
+      refreshing: false
+    });
+  }
+  /**
+   * Check if cached entry is expired
+   */
+  isExpired(entry) {
+    return Date.now() - entry.loadedAt > this.config.cacheTTL;
+  }
+  /**
+   * Check if cache entry should be refreshed
+   */
+  shouldRefresh(apiKey) {
+    const entry = this.cache.get(apiKey);
+    if (!entry) {
+      return false;
+    }
+    const refreshThreshold = this.config.cacheTTL * 0.8;
+    return Date.now() - entry.loadedAt > refreshThreshold && !entry.refreshing;
+  }
+  /**
+   * Refresh policy in background
+   */
+  async refreshInBackground(apiKey) {
+    const entry = this.cache.get(apiKey);
+    if (!entry || entry.refreshing) {
+      return;
+    }
+    entry.refreshing = true;
+    try {
+      const policy = await this.fetchPolicyFromApi(apiKey);
+      this.cachePolicy(apiKey, policy);
+    } catch {
+    } finally {
+      const currentEntry = this.cache.get(apiKey);
+      if (currentEntry && currentEntry.refreshing) {
+        currentEntry.refreshing = false;
+      }
+    }
+  }
+  /**
+   * Get default policy for a project
+   */
+  getDefaultPolicy(apiKey) {
+    return {
+      projectId: apiKey.split("_")[1] || "unknown",
+      blockThreshold: 90
+    };
+  }
+};
+var PolicyLoadError = class extends Error {
+  constructor(message, code) {
+    super(message);
+    this.code = code;
+    this.name = "PolicyLoadError";
+  }
+};
+function createPolicyLoader(config) {
+  return new PolicyLoader(config);
+}
+var RulesDetector = class {
+  rules = null;
+  ready = false;
+  /**
+   * Analyze a request and detect if it's from an agent
+   */
+  async detect(input) {
+    await this.ensureReady();
+    const reasons = [];
+    let confidence = 0;
+    let detectedAgentName = null;
+    let verificationMethod = "none";
+    const userAgent = input.userAgent || input.headers["user-agent"] || "";
+    const normalizedHeaders = this.normalizeHeaders(input.headers);
+    if (userAgent && this.rules) {
+      const uaMatch = this.matchUserAgent(userAgent);
+      if (uaMatch) {
+        confidence = Math.max(confidence, uaMatch.confidence);
+        detectedAgentName = uaMatch.agentName;
+        verificationMethod = "pattern";
+        reasons.push(`pattern:${uaMatch.agentKey}`);
+      }
+    }
+    if (this.rules) {
+      const headerMatch = this.matchHeaders(normalizedHeaders);
+      if (headerMatch.confidence > 0) {
+        confidence = Math.max(confidence, headerMatch.confidence);
+        reasons.push(`headers:${headerMatch.count}`);
+      }
+    }
+    if (this.hasSignatureHeaders(normalizedHeaders)) {
+      confidence = Math.max(confidence, CONFIDENCE.SIGNATURE_PRESENT);
+      reasons.push("signature_headers_present");
+      verificationMethod = "pattern";
+    }
+    const isAgent = confidence > CONFIDENCE.THRESHOLD_AGENT;
+    const detectionClass = this.determineDetectionClass(isAgent, detectedAgentName, confidence);
+    return {
+      isAgent,
+      confidence,
+      detectionClass,
+      detectedAgent: detectedAgentName ? {
+        type: this.inferAgentType(detectedAgentName),
+        name: detectedAgentName
+      } : void 0,
+      verificationMethod,
+      forgeabilityRisk: "high",
+      // JS fallback is always high risk
+      reasons,
+      timestamp: /* @__PURE__ */ new Date()
+    };
+  }
+  /**
+   * Check if the detector is ready
+   */
+  isReady() {
+    return this.ready;
+  }
+  /**
+   * Ensure the detector is initialized
+   */
+  async ensureReady() {
+    if (this.ready) {
+      return;
+    }
+    try {
+      this.rules = checkpointShared.loadRulesSync();
+      this.ready = true;
+    } catch (error) {
+      console.warn("[RulesDetector] Failed to load rules:", error);
+      this.ready = true;
+    }
+  }
+  /**
+   * Get detector version
+   */
+  async getVersion() {
+    return "0.1.0-js-fallback";
+  }
+  /**
+   * Normalize headers to lowercase keys
+   */
+  normalizeHeaders(headers) {
+    const normalized = {};
+    for (const [key, value] of Object.entries(headers)) {
+      normalized[key.toLowerCase()] = value;
+    }
+    return normalized;
+  }
+  /**
+   * Match user agent against rules
+   */
+  matchUserAgent(userAgent) {
+    if (!this.rules) {
+      return null;
+    }
+    const userAgents = this.rules.rules.userAgents;
+    const genericKeys = ["generic_bot", "dev_tools", "automation_tools"];
+    const entries = Object.entries(userAgents).sort((a, b) => {
+      const aIsGeneric = genericKeys.includes(a[0]);
+      const bIsGeneric = genericKeys.includes(b[0]);
+      if (aIsGeneric && !bIsGeneric) return 1;
+      if (!aIsGeneric && bIsGeneric) return -1;
+      return 0;
+    });
+    for (const [agentKey, rule] of entries) {
+      for (const pattern of rule.patterns) {
+        try {
+          const regex = new RegExp(pattern, "i");
+          if (regex.test(userAgent)) {
+            return {
+              // Convert 0-1 rule confidence to 0-100 scale
+              confidence: rule.confidence * 100,
+              agentName: this.getAgentName(agentKey),
+              agentKey
+            };
+          }
+        } catch {
+        }
+      }
+    }
+    return null;
+  }
+  /**
+   * Match headers against suspicious header rules
+   */
+  matchHeaders(headers) {
+    if (!this.rules) {
+      return { confidence: 0, count: 0 };
+    }
+    const suspicious = this.rules.rules.headers.suspicious || [];
+    let maxConfidence = 0;
+    let count = 0;
+    for (const headerRule of suspicious) {
+      if (headers[headerRule.name.toLowerCase()]) {
+        maxConfidence = Math.max(maxConfidence, headerRule.confidence * 100);
+        count++;
+      }
+    }
+    return { confidence: maxConfidence, count };
+  }
+  /**
+   * Check if signature headers are present
+   */
+  hasSignatureHeaders(headers) {
+    return !!(headers["signature"] || headers["signature-input"] || headers["signature-agent"]);
+  }
+  /**
+   * Get human-readable agent name from rule key
+   */
+  getAgentName(agentKey) {
+    const nameMap = {
+      openai_gptbot: "ChatGPT/GPTBot",
+      anthropic_claude: "Claude",
+      perplexity_bot: "Perplexity",
+      google_ai: "Google AI",
+      microsoft_ai: "Microsoft Copilot",
+      meta_ai: "Meta AI",
+      cohere_bot: "Cohere",
+      huggingface_bot: "HuggingFace",
+      generic_bot: "Generic Bot",
+      dev_tools: "Development Tool",
+      automation_tools: "Automation Tool"
+    };
+    return nameMap[agentKey] || agentKey;
+  }
+  /**
+   * Infer agent type from name
+   */
+  inferAgentType(agentName) {
+    const lowerName = agentName.toLowerCase();
+    if (lowerName.includes("chatgpt") || lowerName.includes("gpt")) return "openai";
+    if (lowerName.includes("claude")) return "anthropic";
+    if (lowerName.includes("perplexity")) return "perplexity";
+    if (lowerName.includes("google")) return "google";
+    if (lowerName.includes("copilot") || lowerName.includes("bing")) return "microsoft";
+    return "unknown";
+  }
+  /**
+   * Determine detection class
+   */
+  determineDetectionClass(isAgent, agentName, confidence) {
+    if (!isAgent || confidence < CONFIDENCE.THRESHOLD_AGENT) {
+      return { type: "Human" };
+    }
+    if (agentName) {
+      const lowerName = agentName.toLowerCase();
+      const aiPatterns = ["chatgpt", "gpt", "claude", "perplexity", "gemini", "copilot"];
+      if (aiPatterns.some((p) => lowerName.includes(p))) {
+        return { type: "AiAgent", agentType: agentName };
+      }
+      if (lowerName.includes("bot") || lowerName.includes("crawler")) {
+        return { type: "Bot", botType: agentName };
+      }
+      if (lowerName.includes("automation") || lowerName.includes("tool")) {
+        return { type: "Automation", toolType: agentName };
+      }
+      return { type: "AiAgent", agentType: agentName };
+    }
+    return { type: "Unknown" };
+  }
+};
+function createRulesDetector() {
+  return new RulesDetector();
+}
+
+// src/node.ts
+function createNodeDetector(options = {}) {
+  const loader = new DynamicWasmLoader();
+  let policyLoader;
+  if (options.apiKey) {
+    policyLoader = new PolicyLoader({
+      apiUrl: options.policyApiUrl,
+      cacheTTL: options.policyTTL
+    });
+  }
+  return new WasmDetector(loader, policyLoader, options);
+}
+function createFallbackDetector() {
+  return new RulesDetector();
+}
+function extractInputFromExpressRequest(req) {
+  const headers = {};
+  for (const [key, value] of Object.entries(req.headers)) {
+    if (value) {
+      headers[key] = Array.isArray(value) ? value[0] : value;
+    }
+  }
+  return {
+    userAgent: headers["user-agent"],
+    ipAddress: req.ip || headers["x-forwarded-for"]?.split(",")[0]?.trim() || headers["x-real-ip"],
+    headers,
+    url: req.url,
+    method: req.method
+  };
+}
+
+exports.CONFIDENCE = CONFIDENCE;
+exports.DynamicWasmLoader = DynamicWasmLoader;
+exports.PolicyLoader = PolicyLoader;
+exports.RulesDetector = RulesDetector;
+exports.WasmDetector = WasmDetector;
+exports.createDynamicLoader = createDynamicLoader;
+exports.createFallbackDetector = createFallbackDetector;
+exports.createNodeDetector = createNodeDetector;
+exports.createPolicyLoader = createPolicyLoader;
+exports.createRulesDetector = createRulesDetector;
+exports.extractInputFromExpressRequest = extractInputFromExpressRequest;
+//# sourceMappingURL=node.js.map
+//# sourceMappingURL=node.js.map