perimeterx-js-core 0.35.1 → 0.37.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cjs/activities/utils.js +20 -0
- package/lib/cjs/blocker/model/BlockAction.js +1 -0
- package/lib/cjs/blocker/model/BlockActionToWordMap.js +1 -0
- package/lib/cjs/config/ConfigurationBase.js +14 -0
- package/lib/cjs/config/defaults/DefaultConfigurationParams.js +2 -0
- package/lib/cjs/context/DefaultContext.js +4 -0
- package/lib/cjs/context/SerializedContext.js +1 -0
- package/lib/cjs/enforcer/utils.js +2 -0
- package/lib/cjs/products/agentic_trust/AgenticTrust.js +163 -0
- package/lib/cjs/products/agentic_trust/IAgenticTrust.js +2 -0
- package/lib/cjs/products/agentic_trust/index.js +19 -0
- package/lib/cjs/products/agentic_trust/model/AgenticTrustData.js +2 -0
- package/lib/cjs/products/agentic_trust/model/index.js +17 -0
- package/lib/cjs/products/bot_defender/block/DefaultBotDefenderBlocker.js +15 -0
- package/lib/cjs/products/bot_defender/block/captcha/JsonCaptchaBlocker.js +3 -1
- package/lib/cjs/products/bot_defender/block/templates/hard_block_template.js +4 -0
- package/lib/cjs/products/bot_defender/block/templates/index.js +1 -0
- package/lib/cjs/products/index.js +1 -0
- package/lib/cjs/products/utils/ProductName.js +1 -0
- package/lib/cjs/products/utils/ProductPriorityOrder.js +1 -0
- package/lib/cjs/risk_api/model/GetRiskRequestHeaders.js +18 -0
- package/lib/cjs/utils/constants.js +1 -1
- package/lib/esm/activities/utils.js +20 -0
- package/lib/esm/blocker/model/BlockAction.js +1 -0
- package/lib/esm/blocker/model/BlockActionToWordMap.js +1 -0
- package/lib/esm/config/ConfigurationBase.js +6 -0
- package/lib/esm/config/defaults/DefaultConfigurationParams.js +2 -0
- package/lib/esm/context/DefaultContext.js +5 -0
- package/lib/esm/context/SerializedContext.js +2 -0
- package/lib/esm/enforcer/utils.js +3 -1
- package/lib/esm/products/agentic_trust/AgenticTrust.js +84 -0
- package/lib/esm/products/agentic_trust/IAgenticTrust.js +1 -0
- package/lib/esm/products/agentic_trust/index.js +3 -0
- package/lib/esm/products/agentic_trust/model/AgenticTrustData.js +1 -0
- package/lib/esm/products/agentic_trust/model/index.js +1 -0
- package/lib/esm/products/bot_defender/block/DefaultBotDefenderBlocker.js +17 -2
- package/lib/esm/products/bot_defender/block/captcha/JsonCaptchaBlocker.js +3 -1
- package/lib/esm/products/bot_defender/block/templates/hard_block_template.js +109 -0
- package/lib/esm/products/bot_defender/block/templates/index.js +1 -0
- package/lib/esm/products/index.js +1 -0
- package/lib/esm/products/utils/ProductName.js +1 -0
- package/lib/esm/products/utils/ProductPriorityOrder.js +1 -0
- package/lib/esm/risk_api/model/GetRiskRequestHeaders.js +18 -0
- package/lib/esm/utils/constants.js +1 -1
- package/lib/types/activities/model/CommonActivityDetails.d.ts +6 -0
- package/lib/types/blocker/model/BlockAction.d.ts +1 -0
- package/lib/types/config/ConfigurationBase.d.ts +2 -0
- package/lib/types/config/IConfiguration.d.ts +8 -0
- package/lib/types/config/params/CoreConfigurationParams.d.ts +2 -0
- package/lib/types/context/ContextJson.d.ts +1 -0
- package/lib/types/context/DefaultContext.d.ts +1 -0
- package/lib/types/context/SerializedContext.d.ts +1 -0
- package/lib/types/context/interfaces/IContext.d.ts +4 -0
- package/lib/types/products/agentic_trust/AgenticTrust.d.ts +15 -0
- package/lib/types/products/agentic_trust/IAgenticTrust.d.ts +4 -0
- package/lib/types/products/agentic_trust/index.d.ts +3 -0
- package/lib/types/products/agentic_trust/model/AgenticTrustData.d.ts +7 -0
- package/lib/types/products/agentic_trust/model/index.d.ts +1 -0
- package/lib/types/products/bot_defender/block/DefaultBotDefenderBlocker.d.ts +2 -0
- package/lib/types/products/bot_defender/block/templates/hard_block_template.d.ts +1 -0
- package/lib/types/products/bot_defender/block/templates/index.d.ts +1 -0
- package/lib/types/products/index.d.ts +1 -0
- package/lib/types/products/interfaces/ProductDataType.d.ts +2 -1
- package/lib/types/products/interfaces/ProductType.d.ts +2 -1
- package/lib/types/products/utils/ProductName.d.ts +2 -1
- package/lib/types/risk_api/utils.d.ts +6 -0
- package/lib/types/utils/constants.d.ts +1 -1
- package/package.json +1 -1
|
@@ -93,6 +93,9 @@ var addRootContextDataToDetails = function (details, context) {
|
|
|
93
93
|
if (context.vidSource) {
|
|
94
94
|
details.enforcer_vid_source = context.vidSource;
|
|
95
95
|
}
|
|
96
|
+
if (context.origCookieVid) {
|
|
97
|
+
details.orig_cookie_vid = context.origCookieVid;
|
|
98
|
+
}
|
|
96
99
|
if (context.graphqlData) {
|
|
97
100
|
details.graphql_operations = context.graphqlData;
|
|
98
101
|
}
|
|
@@ -161,6 +164,23 @@ var addProductDataToDetails = function (details, productData) {
|
|
|
161
164
|
details.is_sensitive_route = productData.bd.isSensitiveRequest;
|
|
162
165
|
}
|
|
163
166
|
}
|
|
167
|
+
if (productData.at) {
|
|
168
|
+
if (productData.at.mcpMethod) {
|
|
169
|
+
details.mcp_method = productData.at.mcpMethod;
|
|
170
|
+
}
|
|
171
|
+
if (productData.at.mcpToolName) {
|
|
172
|
+
details.mcp_tool_name = productData.at.mcpToolName;
|
|
173
|
+
}
|
|
174
|
+
if (productData.at.mcpToolArgumentKeys) {
|
|
175
|
+
details.mcp_tool_argument_keys = productData.at.mcpToolArgumentKeys;
|
|
176
|
+
}
|
|
177
|
+
if (productData.at.mcpSessionId) {
|
|
178
|
+
details.mcp_session_id = productData.at.mcpSessionId;
|
|
179
|
+
}
|
|
180
|
+
if (productData.at.mcpHttpMethod) {
|
|
181
|
+
details.mcp_http_method = productData.at.mcpHttpMethod;
|
|
182
|
+
}
|
|
183
|
+
}
|
|
164
184
|
};
|
|
165
185
|
exports.addProductDataToDetails = addProductDataToDetails;
|
|
166
186
|
var addTlsDataToDetails = function (details, tlsData) {
|
|
@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.BlockAction = void 0;
|
|
4
4
|
var BlockAction;
|
|
5
5
|
(function (BlockAction) {
|
|
6
|
+
BlockAction["BLOCK"] = "b";
|
|
6
7
|
BlockAction["CAPTCHA"] = "c";
|
|
7
8
|
BlockAction["RATE_LIMIT"] = "r";
|
|
8
9
|
BlockAction["CHALLENGE"] = "j";
|
|
@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.BLOCK_ACTION_TO_WORD_MAP = void 0;
|
|
4
4
|
var BlockAction_1 = require("./BlockAction.js");
|
|
5
5
|
exports.BLOCK_ACTION_TO_WORD_MAP = new Map([
|
|
6
|
+
[BlockAction_1.BlockAction.BLOCK, 'block'],
|
|
6
7
|
[BlockAction_1.BlockAction.CAPTCHA, 'captcha'],
|
|
7
8
|
[BlockAction_1.BlockAction.RATE_LIMIT, 'ratelimit'],
|
|
8
9
|
[BlockAction_1.BlockAction.CHALLENGE, 'challenge'],
|
|
@@ -790,6 +790,20 @@ var ConfigurationBase = /** @class */ (function () {
|
|
|
790
790
|
enumerable: false,
|
|
791
791
|
configurable: true
|
|
792
792
|
});
|
|
793
|
+
Object.defineProperty(ConfigurationBase.prototype, "agenticTrustEnabled", {
|
|
794
|
+
get: function () {
|
|
795
|
+
return this.configParams.px_agentic_trust_enabled;
|
|
796
|
+
},
|
|
797
|
+
enumerable: false,
|
|
798
|
+
configurable: true
|
|
799
|
+
});
|
|
800
|
+
Object.defineProperty(ConfigurationBase.prototype, "agenticTrustMcpEndpointPath", {
|
|
801
|
+
get: function () {
|
|
802
|
+
return this.configParams.px_agentic_trust_mcp_endpoint_path;
|
|
803
|
+
},
|
|
804
|
+
enumerable: false,
|
|
805
|
+
configurable: true
|
|
806
|
+
});
|
|
793
807
|
Object.defineProperty(ConfigurationBase.prototype, "enableBlockedUrlOnCaptchaBlockPage", {
|
|
794
808
|
get: function () {
|
|
795
809
|
return true;
|
|
@@ -141,5 +141,7 @@ var defaultConfigurationParams = function () { return ({
|
|
|
141
141
|
px_custom_is_enforced_request: null,
|
|
142
142
|
px_custom_is_filtered_request: null,
|
|
143
143
|
px_extract_graphql_keywords: null,
|
|
144
|
+
px_agentic_trust_enabled: false,
|
|
145
|
+
px_agentic_trust_mcp_endpoint_path: '/mcp',
|
|
144
146
|
}); };
|
|
145
147
|
exports.defaultConfigurationParams = defaultConfigurationParams;
|
|
@@ -152,6 +152,9 @@ var DefaultContext = /** @class */ (function () {
|
|
|
152
152
|
this.vid = vidValue;
|
|
153
153
|
this.vidSource = utils_1.VidSource.VID_COOKIE;
|
|
154
154
|
}
|
|
155
|
+
else if (vidValue) {
|
|
156
|
+
this.origCookieVid = vidValue;
|
|
157
|
+
}
|
|
155
158
|
var pxhdCookie = this.requestData.cookies[utils_1.PXHD_COOKIE_NAME];
|
|
156
159
|
if (pxhdCookie) {
|
|
157
160
|
this.pxhd = {
|
|
@@ -184,6 +187,7 @@ var DefaultContext = /** @class */ (function () {
|
|
|
184
187
|
customParameters: this.customParameters,
|
|
185
188
|
graphqlData: this.graphqlData,
|
|
186
189
|
vid: this.vid,
|
|
190
|
+
origCookieVid: this.origCookieVid,
|
|
187
191
|
vidSource: this.vidSource,
|
|
188
192
|
uuid: this.uuid,
|
|
189
193
|
enforcerStartTime: this.enforcerStartTime,
|
|
@@ -39,6 +39,7 @@ var SerializedContext = /** @class */ (function () {
|
|
|
39
39
|
this.tokenOrigin = contextJson.tokenOrigin;
|
|
40
40
|
this.uuid = contextJson.uuid;
|
|
41
41
|
this.vid = contextJson.vid;
|
|
42
|
+
this.origCookieVid = contextJson.origCookieVid;
|
|
42
43
|
this.vidSource = contextJson.vidSource;
|
|
43
44
|
this.pxhd = contextJson.pxhd;
|
|
44
45
|
this.pxde = contextJson.pxde;
|
|
@@ -68,12 +68,14 @@ var createEnforcerProducts = function (config, products, base64Utils, hashUtils,
|
|
|
68
68
|
var accountDefender = (products === null || products === void 0 ? void 0 : products.ad) || new products_1.AccountDefender(config, { base64Utils: base64Utils });
|
|
69
69
|
var credentialIntelligence = (products === null || products === void 0 ? void 0 : products.ci) || new products_1.CredentialIntelligence(config, { hashUtils: hashUtils, urlUtils: urlUtils });
|
|
70
70
|
var hypeSaleChallenge = (products === null || products === void 0 ? void 0 : products.hsc) || new products_1.HypeSaleChallenge(config, { base64Utils: base64Utils });
|
|
71
|
+
var agenticTrust = (products === null || products === void 0 ? void 0 : products.at) || new products_1.AgenticTrust(config);
|
|
71
72
|
return _a = {},
|
|
72
73
|
_a[products_1.ProductName.BOT_DEFENDER] = botDefender,
|
|
73
74
|
_a[products_1.ProductName.ACCOUNT_DEFENDER] = accountDefender,
|
|
74
75
|
_a[products_1.ProductName.CODE_DEFENDER] = products === null || products === void 0 ? void 0 : products.cd,
|
|
75
76
|
_a[products_1.ProductName.CREDENTIAL_INTELLIGENCE] = credentialIntelligence,
|
|
76
77
|
_a[products_1.ProductName.HYPE_SALE_CHALLENGE] = hypeSaleChallenge,
|
|
78
|
+
_a[products_1.ProductName.AGENTIC_TRUST] = agenticTrust,
|
|
77
79
|
_a;
|
|
78
80
|
};
|
|
79
81
|
exports.createEnforcerProducts = createEnforcerProducts;
|
|
@@ -0,0 +1,163 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
12
|
+
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
|
|
13
|
+
return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
|
14
|
+
function verb(n) { return function (v) { return step([n, v]); }; }
|
|
15
|
+
function step(op) {
|
|
16
|
+
if (f) throw new TypeError("Generator is already executing.");
|
|
17
|
+
while (g && (g = 0, op[0] && (_ = 0)), _) try {
|
|
18
|
+
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
|
19
|
+
if (y = 0, t) op = [op[0] & 2, t.value];
|
|
20
|
+
switch (op[0]) {
|
|
21
|
+
case 0: case 1: t = op; break;
|
|
22
|
+
case 4: _.label++; return { value: op[1], done: false };
|
|
23
|
+
case 5: _.label++; y = op[1]; op = [0]; continue;
|
|
24
|
+
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
|
25
|
+
default:
|
|
26
|
+
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
|
27
|
+
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
|
28
|
+
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
|
29
|
+
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
|
30
|
+
if (t[2]) _.ops.pop();
|
|
31
|
+
_.trys.pop(); continue;
|
|
32
|
+
}
|
|
33
|
+
op = body.call(thisArg, _);
|
|
34
|
+
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
|
35
|
+
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
|
36
|
+
}
|
|
37
|
+
};
|
|
38
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
39
|
+
exports.AgenticTrust = void 0;
|
|
40
|
+
var http_1 = require("../../http/index.js");
|
|
41
|
+
var MCP_SESSION_ID_HEADER = 'mcp-session-id';
|
|
42
|
+
var AgenticTrust = /** @class */ (function () {
|
|
43
|
+
function AgenticTrust(config) {
|
|
44
|
+
this.config = config;
|
|
45
|
+
}
|
|
46
|
+
AgenticTrust.prototype.enrichContextFromRequest = function (context) {
|
|
47
|
+
return __awaiter(this, void 0, void 0, function () {
|
|
48
|
+
var data, sessionId;
|
|
49
|
+
return __generator(this, function (_a) {
|
|
50
|
+
switch (_a.label) {
|
|
51
|
+
case 0:
|
|
52
|
+
if (!this.config.agenticTrustEnabled) {
|
|
53
|
+
return [2 /*return*/, null];
|
|
54
|
+
}
|
|
55
|
+
if (!this.isMatchingEndpoint(context)) {
|
|
56
|
+
return [2 /*return*/, null];
|
|
57
|
+
}
|
|
58
|
+
data = {
|
|
59
|
+
mcpHttpMethod: context.requestData.method,
|
|
60
|
+
};
|
|
61
|
+
sessionId = context.requestData.request.headers.get(MCP_SESSION_ID_HEADER);
|
|
62
|
+
if (sessionId) {
|
|
63
|
+
data.mcpSessionId = sessionId;
|
|
64
|
+
}
|
|
65
|
+
if (!(context.requestData.method === http_1.HttpMethod.POST)) return [3 /*break*/, 2];
|
|
66
|
+
return [4 /*yield*/, this.extractFromBody(context, data)];
|
|
67
|
+
case 1:
|
|
68
|
+
_a.sent();
|
|
69
|
+
_a.label = 2;
|
|
70
|
+
case 2: return [2 /*return*/, data];
|
|
71
|
+
}
|
|
72
|
+
});
|
|
73
|
+
});
|
|
74
|
+
};
|
|
75
|
+
AgenticTrust.prototype.enrichContextFromRiskApi = function (_context) {
|
|
76
|
+
return __awaiter(this, void 0, void 0, function () {
|
|
77
|
+
return __generator(this, function (_a) {
|
|
78
|
+
return [2 /*return*/, null];
|
|
79
|
+
});
|
|
80
|
+
});
|
|
81
|
+
};
|
|
82
|
+
AgenticTrust.prototype.modifyIncomingRequest = function (_context) {
|
|
83
|
+
return __awaiter(this, void 0, void 0, function () {
|
|
84
|
+
return __generator(this, function (_a) {
|
|
85
|
+
return [2 /*return*/];
|
|
86
|
+
});
|
|
87
|
+
});
|
|
88
|
+
};
|
|
89
|
+
AgenticTrust.prototype.enrichContextFromResponse = function (context) {
|
|
90
|
+
return __awaiter(this, void 0, void 0, function () {
|
|
91
|
+
var responseHeaders, sessionId;
|
|
92
|
+
var _a;
|
|
93
|
+
return __generator(this, function (_b) {
|
|
94
|
+
if (!context.productData.at) {
|
|
95
|
+
return [2 /*return*/, null];
|
|
96
|
+
}
|
|
97
|
+
if (context.productData.at.mcpSessionId) {
|
|
98
|
+
return [2 /*return*/, null];
|
|
99
|
+
}
|
|
100
|
+
responseHeaders = (_a = context.response) === null || _a === void 0 ? void 0 : _a.headers;
|
|
101
|
+
if (!responseHeaders) {
|
|
102
|
+
return [2 /*return*/, null];
|
|
103
|
+
}
|
|
104
|
+
sessionId = responseHeaders.get(MCP_SESSION_ID_HEADER);
|
|
105
|
+
if (sessionId) {
|
|
106
|
+
return [2 /*return*/, { mcpSessionId: sessionId }];
|
|
107
|
+
}
|
|
108
|
+
return [2 /*return*/, null];
|
|
109
|
+
});
|
|
110
|
+
});
|
|
111
|
+
};
|
|
112
|
+
AgenticTrust.prototype.modifyOutgoingResponse = function (_context) {
|
|
113
|
+
return __awaiter(this, void 0, void 0, function () {
|
|
114
|
+
return __generator(this, function (_a) {
|
|
115
|
+
return [2 /*return*/];
|
|
116
|
+
});
|
|
117
|
+
});
|
|
118
|
+
};
|
|
119
|
+
AgenticTrust.prototype.isMatchingEndpoint = function (context) {
|
|
120
|
+
var pathname = context.requestData.url.pathname.replace(/\/+$/, '');
|
|
121
|
+
var configuredPath = this.config.agenticTrustMcpEndpointPath.replace(/\/+$/, '');
|
|
122
|
+
return pathname === configuredPath;
|
|
123
|
+
};
|
|
124
|
+
AgenticTrust.prototype.extractFromBody = function (context, data) {
|
|
125
|
+
return __awaiter(this, void 0, void 0, function () {
|
|
126
|
+
var body, jsonRpcMessage, _a;
|
|
127
|
+
return __generator(this, function (_b) {
|
|
128
|
+
switch (_b.label) {
|
|
129
|
+
case 0:
|
|
130
|
+
_b.trys.push([0, 2, , 3]);
|
|
131
|
+
return [4 /*yield*/, context.requestData.request.json()];
|
|
132
|
+
case 1:
|
|
133
|
+
body = _b.sent();
|
|
134
|
+
if (!body) {
|
|
135
|
+
return [2 /*return*/];
|
|
136
|
+
}
|
|
137
|
+
jsonRpcMessage = Array.isArray(body) ? body[0] : body;
|
|
138
|
+
if (!jsonRpcMessage) {
|
|
139
|
+
return [2 /*return*/];
|
|
140
|
+
}
|
|
141
|
+
if (typeof jsonRpcMessage.method === 'string') {
|
|
142
|
+
data.mcpMethod = jsonRpcMessage.method;
|
|
143
|
+
}
|
|
144
|
+
if (jsonRpcMessage.params) {
|
|
145
|
+
if (typeof jsonRpcMessage.params.name === 'string') {
|
|
146
|
+
data.mcpToolName = jsonRpcMessage.params.name;
|
|
147
|
+
}
|
|
148
|
+
if (jsonRpcMessage.params.arguments && typeof jsonRpcMessage.params.arguments === 'object') {
|
|
149
|
+
data.mcpToolArgumentKeys = Object.keys(jsonRpcMessage.params.arguments).join(',');
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
return [3 /*break*/, 3];
|
|
153
|
+
case 2:
|
|
154
|
+
_a = _b.sent();
|
|
155
|
+
return [3 /*break*/, 3];
|
|
156
|
+
case 3: return [2 /*return*/];
|
|
157
|
+
}
|
|
158
|
+
});
|
|
159
|
+
});
|
|
160
|
+
};
|
|
161
|
+
return AgenticTrust;
|
|
162
|
+
}());
|
|
163
|
+
exports.AgenticTrust = AgenticTrust;
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./AgenticTrust.js"), exports);
|
|
18
|
+
__exportStar(require("./IAgenticTrust.js"), exports);
|
|
19
|
+
__exportStar(require("./model/index.js"), exports);
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./AgenticTrustData.js"), exports);
|
|
@@ -14,6 +14,7 @@ var DefaultBotDefenderBlocker = /** @class */ (function () {
|
|
|
14
14
|
this.captchaBlocker = options.captchaBlocker;
|
|
15
15
|
}
|
|
16
16
|
else {
|
|
17
|
+
this.base64Utils = options.base64Utils;
|
|
17
18
|
this.captchaBlocker = new captcha_1.CaptchaBlocker({
|
|
18
19
|
config: config,
|
|
19
20
|
base64Utils: options.base64Utils,
|
|
@@ -27,6 +28,8 @@ var DefaultBotDefenderBlocker = /** @class */ (function () {
|
|
|
27
28
|
};
|
|
28
29
|
DefaultBotDefenderBlocker.prototype.createBlockResponse = function (context) {
|
|
29
30
|
switch (context.blockAction) {
|
|
31
|
+
case blocker_1.BlockAction.BLOCK:
|
|
32
|
+
return this.createHardBlockResponse(context);
|
|
30
33
|
case blocker_1.BlockAction.RATE_LIMIT:
|
|
31
34
|
return this.createRateLimitResponse();
|
|
32
35
|
case blocker_1.BlockAction.CHALLENGE:
|
|
@@ -35,6 +38,18 @@ var DefaultBotDefenderBlocker = /** @class */ (function () {
|
|
|
35
38
|
return this.createCaptchaResponse(context);
|
|
36
39
|
}
|
|
37
40
|
};
|
|
41
|
+
DefaultBotDefenderBlocker.prototype.createHardBlockResponse = function (context) {
|
|
42
|
+
var _a;
|
|
43
|
+
var blockData = this.base64Utils ? (0, blocker_1.createBlockData)(this.config, context, this.base64Utils) : undefined;
|
|
44
|
+
var body = (0, blocker_1.renderHtml)(templates_1.HARD_BLOCK_TEMPLATE, blockData);
|
|
45
|
+
return new http_1.MinimalResponseImpl({
|
|
46
|
+
body: body,
|
|
47
|
+
status: 403,
|
|
48
|
+
headers: (_a = {},
|
|
49
|
+
_a[http_1.CONTENT_TYPE_HEADER_NAME] = [http_1.ContentType.TEXT_HTML],
|
|
50
|
+
_a),
|
|
51
|
+
});
|
|
52
|
+
};
|
|
38
53
|
DefaultBotDefenderBlocker.prototype.createRateLimitResponse = function () {
|
|
39
54
|
var _a;
|
|
40
55
|
var status = 429;
|
|
@@ -29,7 +29,9 @@ var JsonCaptchaBlocker = /** @class */ (function (_super) {
|
|
|
29
29
|
if (!this.config.advancedBlockingResponseEnabled) {
|
|
30
30
|
return false;
|
|
31
31
|
}
|
|
32
|
-
return context.blockAction !== blocker_1.BlockAction.RATE_LIMIT &&
|
|
32
|
+
return (context.blockAction !== blocker_1.BlockAction.RATE_LIMIT &&
|
|
33
|
+
context.blockAction !== blocker_1.BlockAction.BLOCK &&
|
|
34
|
+
_super.prototype.shouldBlock.call(this, context));
|
|
33
35
|
};
|
|
34
36
|
JsonCaptchaBlocker.prototype.createJsonPayload = function (context) {
|
|
35
37
|
var _a, _b;
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.HARD_BLOCK_TEMPLATE = void 0;
|
|
4
|
+
exports.HARD_BLOCK_TEMPLATE = "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <meta name=\"description\" content=\"px-hard-block\">\n <title>Access Denied</title>\n {{cssRef}}\n <style>\n @import url('https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap');\n body {\n background-color: #fafbfc;\n margin: 0;\n padding: 0;\n }\n .px-hard-block-container {\n position: fixed;\n background-color: #fff;\n font-family: Roboto, sans-serif;\n }\n .px-hard-block-logo {\n text-align: center;\n margin: 30px 0 0;\n }\n .px-hard-block-logo img {\n max-height: 50px;\n }\n .px-hard-block-logo img[src=\"\"] {\n display: none;\n }\n .px-hard-block-header {\n color: #000;\n font-size: 29px;\n margin: 35px 0 20px;\n font-weight: 500;\n line-height: 1;\n text-align: center;\n }\n .px-hard-block-message {\n color: #646464;\n font-size: 16px;\n margin: 0 30px 25px;\n line-height: 1.4;\n text-align: center;\n }\n .px-hard-block-refid {\n border-top: solid 1px #f0eeee;\n height: 27px;\n margin: 15px 0 0;\n border-radius: 0 0 3px 3px;\n background-color: #fafbfc;\n font-size: 10px;\n line-height: 2.5;\n text-align: center;\n color: #b1b5b8;\n }\n @media (min-width: 620px) {\n .px-hard-block-container {\n width: 530px;\n top: 50%;\n left: 50%;\n margin-top: -150px;\n margin-left: -265px;\n border-radius: 3px;\n box-shadow: 0 2px 9px -1px rgba(0,0,0,.13);\n }\n }\n @media (min-width: 481px) and (max-width: 619px) {\n .px-hard-block-container {\n width: 85%;\n top: 50%;\n left: 50%;\n margin-top: -150px;\n margin-left: -42.5%;\n border-radius: 3px;\n box-shadow: 0 2px 9px -1px rgba(0,0,0,.13);\n }\n }\n @media (max-width: 480px) {\n body { background-color: #fff; }\n .px-hard-block-container {\n width: 100%;\n top: 50%;\n left: 0;\n margin-top: -150px;\n }\n .px-hard-block-refid {\n position: fixed;\n width: 100%;\n left: 0;\n bottom: 0;\n border-radius: 0;\n font-size: 14px;\n line-height: 2;\n }\n }\n </style>\n</head>\n<body>\n <div class=\"px-hard-block-container\">\n <div class=\"px-hard-block-logo\"><img src=\"{{customLogo}}\" alt=\"\"></div>\n <div class=\"px-hard-block-header\">Access Denied</div>\n <div class=\"px-hard-block-message\">Access to this page has been denied.<br>Please contact the site administrator if you believe this is an error.</div>\n <div class=\"px-hard-block-refid\">Reference ID: {{uuid}}</div>\n </div>\n {{jsRef}}\n</body>\n</html>\n";
|
|
@@ -15,4 +15,5 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
17
|
__exportStar(require("./captcha_template.js"), exports);
|
|
18
|
+
__exportStar(require("./hard_block_template.js"), exports);
|
|
18
19
|
__exportStar(require("./rate_limit_template.js"), exports);
|
|
@@ -20,3 +20,4 @@ __exportStar(require("./bot_defender/index.js"), exports);
|
|
|
20
20
|
__exportStar(require("./credential_intelligence/index.js"), exports);
|
|
21
21
|
__exportStar(require("./account_defender/index.js"), exports);
|
|
22
22
|
__exportStar(require("./hype_sale_challenge/index.js"), exports);
|
|
23
|
+
__exportStar(require("./agentic_trust/index.js"), exports);
|
|
@@ -97,6 +97,9 @@ exports.RISK_ACTIVITY_ADDITIONAL_FIELDS_TO_HEADER_NAMES = {
|
|
|
97
97
|
enforcer_vid_source: {
|
|
98
98
|
header: 'x-px-add-enforcer-vid-source',
|
|
99
99
|
},
|
|
100
|
+
orig_cookie_vid: {
|
|
101
|
+
header: 'x-px-add-orig-cookie-vid',
|
|
102
|
+
},
|
|
100
103
|
server_info_datacenter: {
|
|
101
104
|
header: 'x-px-add-server-info-datacenter',
|
|
102
105
|
},
|
|
@@ -186,4 +189,19 @@ exports.RISK_ACTIVITY_ADDITIONAL_FIELDS_TO_HEADER_NAMES = {
|
|
|
186
189
|
header: 'x-px-add-is-sensitive-route',
|
|
187
190
|
convertToString: function (value) { return "".concat(value); },
|
|
188
191
|
},
|
|
192
|
+
mcp_method: {
|
|
193
|
+
header: 'x-px-add-mcp-method',
|
|
194
|
+
},
|
|
195
|
+
mcp_tool_name: {
|
|
196
|
+
header: 'x-px-add-mcp-tool-name',
|
|
197
|
+
},
|
|
198
|
+
mcp_tool_argument_keys: {
|
|
199
|
+
header: 'x-px-add-mcp-tool-argument-keys',
|
|
200
|
+
},
|
|
201
|
+
mcp_session_id: {
|
|
202
|
+
header: 'x-px-add-mcp-session-id',
|
|
203
|
+
},
|
|
204
|
+
mcp_http_method: {
|
|
205
|
+
header: 'x-px-add-mcp-http-method',
|
|
206
|
+
},
|
|
189
207
|
};
|
|
@@ -15,4 +15,4 @@ exports.PUSH_DATA_FEATURE_HEADER_NAME = 'x-px-feature';
|
|
|
15
15
|
exports.EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
|
|
16
16
|
exports.URL_REGEX = /^(https?:)\/\/(([^@\s:\/]+):?([^@\s\/]*)@)?(([^:\/?#]*)(?:\:([0-9]+))?)(\/?[^?#]*)(\?[^#]*|)(#.*|)$/;
|
|
17
17
|
exports.REGEX_STRUCTURE = /^\/(.+?)\/([gimsuyvd]*)$/;
|
|
18
|
-
exports.CORE_MODULE_VERSION = 'JS Core 0.
|
|
18
|
+
exports.CORE_MODULE_VERSION = 'JS Core 0.37.0';
|
|
@@ -83,6 +83,9 @@ export const addRootContextDataToDetails = (details, context) => {
|
|
|
83
83
|
if (context.vidSource) {
|
|
84
84
|
details.enforcer_vid_source = context.vidSource;
|
|
85
85
|
}
|
|
86
|
+
if (context.origCookieVid) {
|
|
87
|
+
details.orig_cookie_vid = context.origCookieVid;
|
|
88
|
+
}
|
|
86
89
|
if (context.graphqlData) {
|
|
87
90
|
details.graphql_operations = context.graphqlData;
|
|
88
91
|
}
|
|
@@ -148,6 +151,23 @@ export const addProductDataToDetails = (details, productData) => {
|
|
|
148
151
|
details.is_sensitive_route = productData.bd.isSensitiveRequest;
|
|
149
152
|
}
|
|
150
153
|
}
|
|
154
|
+
if (productData.at) {
|
|
155
|
+
if (productData.at.mcpMethod) {
|
|
156
|
+
details.mcp_method = productData.at.mcpMethod;
|
|
157
|
+
}
|
|
158
|
+
if (productData.at.mcpToolName) {
|
|
159
|
+
details.mcp_tool_name = productData.at.mcpToolName;
|
|
160
|
+
}
|
|
161
|
+
if (productData.at.mcpToolArgumentKeys) {
|
|
162
|
+
details.mcp_tool_argument_keys = productData.at.mcpToolArgumentKeys;
|
|
163
|
+
}
|
|
164
|
+
if (productData.at.mcpSessionId) {
|
|
165
|
+
details.mcp_session_id = productData.at.mcpSessionId;
|
|
166
|
+
}
|
|
167
|
+
if (productData.at.mcpHttpMethod) {
|
|
168
|
+
details.mcp_http_method = productData.at.mcpHttpMethod;
|
|
169
|
+
}
|
|
170
|
+
}
|
|
151
171
|
};
|
|
152
172
|
export const addTlsDataToDetails = (details, tlsData) => {
|
|
153
173
|
if (tlsData.tlsCipher) {
|
|
@@ -412,6 +412,12 @@ export class ConfigurationBase {
|
|
|
412
412
|
get proxyUrl() {
|
|
413
413
|
return this.configParams.px_proxy_url;
|
|
414
414
|
}
|
|
415
|
+
get agenticTrustEnabled() {
|
|
416
|
+
return this.configParams.px_agentic_trust_enabled;
|
|
417
|
+
}
|
|
418
|
+
get agenticTrustMcpEndpointPath() {
|
|
419
|
+
return this.configParams.px_agentic_trust_mcp_endpoint_path;
|
|
420
|
+
}
|
|
415
421
|
get enableBlockedUrlOnCaptchaBlockPage() {
|
|
416
422
|
return true;
|
|
417
423
|
}
|
|
@@ -138,4 +138,6 @@ export const defaultConfigurationParams = () => ({
|
|
|
138
138
|
px_custom_is_enforced_request: null,
|
|
139
139
|
px_custom_is_filtered_request: null,
|
|
140
140
|
px_extract_graphql_keywords: null,
|
|
141
|
+
px_agentic_trust_enabled: false,
|
|
142
|
+
px_agentic_trust_mcp_endpoint_path: '/mcp',
|
|
141
143
|
});
|
|
@@ -22,6 +22,7 @@ export class DefaultContext {
|
|
|
22
22
|
productData;
|
|
23
23
|
uuid;
|
|
24
24
|
vid;
|
|
25
|
+
origCookieVid;
|
|
25
26
|
vidSource;
|
|
26
27
|
action;
|
|
27
28
|
reasons;
|
|
@@ -154,6 +155,9 @@ export class DefaultContext {
|
|
|
154
155
|
this.vid = vidValue;
|
|
155
156
|
this.vidSource = VidSource.VID_COOKIE;
|
|
156
157
|
}
|
|
158
|
+
else if (vidValue) {
|
|
159
|
+
this.origCookieVid = vidValue;
|
|
160
|
+
}
|
|
157
161
|
const pxhdCookie = this.requestData.cookies[PXHD_COOKIE_NAME];
|
|
158
162
|
if (pxhdCookie) {
|
|
159
163
|
this.pxhd = {
|
|
@@ -190,6 +194,7 @@ export class DefaultContext {
|
|
|
190
194
|
customParameters: this.customParameters,
|
|
191
195
|
graphqlData: this.graphqlData,
|
|
192
196
|
vid: this.vid,
|
|
197
|
+
origCookieVid: this.origCookieVid,
|
|
193
198
|
vidSource: this.vidSource,
|
|
194
199
|
uuid: this.uuid,
|
|
195
200
|
enforcerStartTime: this.enforcerStartTime,
|
|
@@ -29,6 +29,7 @@ export class SerializedContext {
|
|
|
29
29
|
customParameters;
|
|
30
30
|
graphqlData;
|
|
31
31
|
vid;
|
|
32
|
+
origCookieVid;
|
|
32
33
|
vidSource;
|
|
33
34
|
tokenOrigin;
|
|
34
35
|
uuid;
|
|
@@ -50,6 +51,7 @@ export class SerializedContext {
|
|
|
50
51
|
this.tokenOrigin = contextJson.tokenOrigin;
|
|
51
52
|
this.uuid = contextJson.uuid;
|
|
52
53
|
this.vid = contextJson.vid;
|
|
54
|
+
this.origCookieVid = contextJson.origCookieVid;
|
|
53
55
|
this.vidSource = contextJson.vidSource;
|
|
54
56
|
this.pxhd = contextJson.pxhd;
|
|
55
57
|
this.pxde = contextJson.pxde;
|
|
@@ -7,7 +7,7 @@ import { DefaultGraphQLParser } from '../graphql/index.js';
|
|
|
7
7
|
import { PostRiskApiClientV2, PostRiskApiClientV3 } from '../risk_api/index.js';
|
|
8
8
|
import { HttpActivityClient, HttpBatchedActivityClient } from '../activities/index.js';
|
|
9
9
|
import { HttpLogServiceClient } from '../logger/index.js';
|
|
10
|
-
import { AccountDefender, BotDefender, CredentialIntelligence, HypeSaleChallenge, ProductName, } from '../products/index.js';
|
|
10
|
+
import { AccountDefender, BotDefender, CredentialIntelligence, HypeSaleChallenge, AgenticTrust, ProductName, } from '../products/index.js';
|
|
11
11
|
import { EnforcerError, isValidTokenVersion } from '../utils/index.js';
|
|
12
12
|
import { DefaultSnippetRetriever } from '../snippet_injection/index.js';
|
|
13
13
|
export const createEnforcerInitializationBlock = (config, options) => {
|
|
@@ -70,12 +70,14 @@ export const createEnforcerProducts = (config, products, base64Utils, hashUtils,
|
|
|
70
70
|
const accountDefender = products?.ad || new AccountDefender(config, { base64Utils });
|
|
71
71
|
const credentialIntelligence = products?.ci || new CredentialIntelligence(config, { hashUtils, urlUtils });
|
|
72
72
|
const hypeSaleChallenge = products?.hsc || new HypeSaleChallenge(config, { base64Utils });
|
|
73
|
+
const agenticTrust = products?.at || new AgenticTrust(config);
|
|
73
74
|
return {
|
|
74
75
|
[ProductName.BOT_DEFENDER]: botDefender,
|
|
75
76
|
[ProductName.ACCOUNT_DEFENDER]: accountDefender,
|
|
76
77
|
[ProductName.CODE_DEFENDER]: products?.cd,
|
|
77
78
|
[ProductName.CREDENTIAL_INTELLIGENCE]: credentialIntelligence,
|
|
78
79
|
[ProductName.HYPE_SALE_CHALLENGE]: hypeSaleChallenge,
|
|
80
|
+
[ProductName.AGENTIC_TRUST]: agenticTrust,
|
|
79
81
|
};
|
|
80
82
|
};
|
|
81
83
|
export const createRemoteConfigClients = (config, options) => {
|