perimeterx-js-core 0.36.0 → 0.37.1

package/lib/cjs/activities/utils.js

@@ -93,6 +93,9 @@ var addRootContextDataToDetails = function (details, context) {
     if (context.vidSource) {
         details.enforcer_vid_source = context.vidSource;
     }
+    if (context.origCookieVid) {
+        details.orig_cookie_vid = context.origCookieVid;
+    }
     if (context.graphqlData) {
         details.graphql_operations = context.graphqlData;
     }
@@ -161,6 +164,23 @@ var addProductDataToDetails = function (details, productData) {
             details.is_sensitive_route = productData.bd.isSensitiveRequest;
         }
     }
+    if (productData.at) {
+        if (productData.at.mcpMethod) {
+            details.mcp_method = productData.at.mcpMethod;
+        }
+        if (productData.at.mcpToolName) {
+            details.mcp_tool_name = productData.at.mcpToolName;
+        }
+        if (productData.at.mcpToolArgumentKeys) {
+            details.mcp_tool_argument_keys = productData.at.mcpToolArgumentKeys;
+        }
+        if (productData.at.mcpSessionId) {
+            details.mcp_session_id = productData.at.mcpSessionId;
+        }
+        if (productData.at.mcpHttpMethod) {
+            details.mcp_http_method = productData.at.mcpHttpMethod;
+        }
+    }
 };
 exports.addProductDataToDetails = addProductDataToDetails;
 var addTlsDataToDetails = function (details, tlsData) {

package/lib/cjs/config/ConfigurationBase.js

@@ -790,6 +790,20 @@ var ConfigurationBase = /** @class */ (function () {
         enumerable: false,
         configurable: true
     });
+    Object.defineProperty(ConfigurationBase.prototype, "agenticTrustEnabled", {
+        get: function () {
+            return this.configParams.px_agentic_trust_enabled;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(ConfigurationBase.prototype, "agenticTrustMcpEndpointPath", {
+        get: function () {
+            return this.configParams.px_agentic_trust_mcp_endpoint_path;
+        },
+        enumerable: false,
+        configurable: true
+    });
     Object.defineProperty(ConfigurationBase.prototype, "enableBlockedUrlOnCaptchaBlockPage", {
         get: function () {
             return true;

package/lib/cjs/config/defaults/DefaultConfigurationParams.js

@@ -141,5 +141,7 @@ var defaultConfigurationParams = function () { return ({
     px_custom_is_enforced_request: null,
     px_custom_is_filtered_request: null,
     px_extract_graphql_keywords: null,
+    px_agentic_trust_enabled: false,
+    px_agentic_trust_mcp_endpoint_path: '/mcp',
 }); };
 exports.defaultConfigurationParams = defaultConfigurationParams;

package/lib/cjs/context/DefaultContext.js

@@ -152,6 +152,9 @@ var DefaultContext = /** @class */ (function () {
             this.vid = vidValue;
             this.vidSource = utils_1.VidSource.VID_COOKIE;
         }
+        else if (vidValue) {
+            this.origCookieVid = vidValue;
+        }
         var pxhdCookie = this.requestData.cookies[utils_1.PXHD_COOKIE_NAME];
         if (pxhdCookie) {
             this.pxhd = {
@@ -184,6 +187,7 @@ var DefaultContext = /** @class */ (function () {
             customParameters: this.customParameters,
             graphqlData: this.graphqlData,
             vid: this.vid,
+            origCookieVid: this.origCookieVid,
             vidSource: this.vidSource,
             uuid: this.uuid,
             enforcerStartTime: this.enforcerStartTime,

package/lib/cjs/context/SerializedContext.js

@@ -39,6 +39,7 @@ var SerializedContext = /** @class */ (function () {
         this.tokenOrigin = contextJson.tokenOrigin;
         this.uuid = contextJson.uuid;
         this.vid = contextJson.vid;
+        this.origCookieVid = contextJson.origCookieVid;
         this.vidSource = contextJson.vidSource;
         this.pxhd = contextJson.pxhd;
         this.pxde = contextJson.pxde;

package/lib/cjs/custom_parameters/CustomParametersUtils.js

@@ -75,7 +75,7 @@ var CustomParametersUtils;
                         context.logger.debug('no response available for response custom parameters');
                         return [2 /*return*/, null];
                     }
-                    return [4 /*yield*/, config.enrichResponseCustomParameters(config.getActiveConfig(), context.response.getUnderlyingResponse())];
+                    return [4 /*yield*/, config.enrichResponseCustomParameters(config.getActiveConfig(), context.response.getUnderlyingResponse(), context.requestData.request.getUnderlyingRequest())];
                 case 2:
                     parameters = _a.sent();
                     return [2 /*return*/, CustomParametersUtils.normalizeResponseCustomParams(parameters)];

package/lib/cjs/enforcer/utils.js

@@ -68,12 +68,14 @@ var createEnforcerProducts = function (config, products, base64Utils, hashUtils,
     var accountDefender = (products === null || products === void 0 ? void 0 : products.ad) || new products_1.AccountDefender(config, { base64Utils: base64Utils });
     var credentialIntelligence = (products === null || products === void 0 ? void 0 : products.ci) || new products_1.CredentialIntelligence(config, { hashUtils: hashUtils, urlUtils: urlUtils });
     var hypeSaleChallenge = (products === null || products === void 0 ? void 0 : products.hsc) || new products_1.HypeSaleChallenge(config, { base64Utils: base64Utils });
+    var agenticTrust = (products === null || products === void 0 ? void 0 : products.at) || new products_1.AgenticTrust(config);
     return _a = {},
         _a[products_1.ProductName.BOT_DEFENDER] = botDefender,
         _a[products_1.ProductName.ACCOUNT_DEFENDER] = accountDefender,
         _a[products_1.ProductName.CODE_DEFENDER] = products === null || products === void 0 ? void 0 : products.cd,
         _a[products_1.ProductName.CREDENTIAL_INTELLIGENCE] = credentialIntelligence,
         _a[products_1.ProductName.HYPE_SALE_CHALLENGE] = hypeSaleChallenge,
+        _a[products_1.ProductName.AGENTIC_TRUST] = agenticTrust,
         _a;
 };
 exports.createEnforcerProducts = createEnforcerProducts;

package/lib/cjs/products/agentic_trust/AgenticTrust.js

@@ -0,0 +1,163 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AgenticTrust = void 0;
+var http_1 = require("../../http/index.js");
+var MCP_SESSION_ID_HEADER = 'mcp-session-id';
+var AgenticTrust = /** @class */ (function () {
+    function AgenticTrust(config) {
+        this.config = config;
+    }
+    AgenticTrust.prototype.enrichContextFromRequest = function (context) {
+        return __awaiter(this, void 0, void 0, function () {
+            var data, sessionId;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        if (!this.config.agenticTrustEnabled) {
+                            return [2 /*return*/, null];
+                        }
+                        if (!this.isMatchingEndpoint(context)) {
+                            return [2 /*return*/, null];
+                        }
+                        data = {
+                            mcpHttpMethod: context.requestData.method,
+                        };
+                        sessionId = context.requestData.request.headers.get(MCP_SESSION_ID_HEADER);
+                        if (sessionId) {
+                            data.mcpSessionId = sessionId;
+                        }
+                        if (!(context.requestData.method === http_1.HttpMethod.POST)) return [3 /*break*/, 2];
+                        return [4 /*yield*/, this.extractFromBody(context, data)];
+                    case 1:
+                        _a.sent();
+                        _a.label = 2;
+                    case 2: return [2 /*return*/, data];
+                }
+            });
+        });
+    };
+    AgenticTrust.prototype.enrichContextFromRiskApi = function (_context) {
+        return __awaiter(this, void 0, void 0, function () {
+            return __generator(this, function (_a) {
+                return [2 /*return*/, null];
+            });
+        });
+    };
+    AgenticTrust.prototype.modifyIncomingRequest = function (_context) {
+        return __awaiter(this, void 0, void 0, function () {
+            return __generator(this, function (_a) {
+                return [2 /*return*/];
+            });
+        });
+    };
+    AgenticTrust.prototype.enrichContextFromResponse = function (context) {
+        return __awaiter(this, void 0, void 0, function () {
+            var responseHeaders, sessionId;
+            var _a;
+            return __generator(this, function (_b) {
+                if (!context.productData.at) {
+                    return [2 /*return*/, null];
+                }
+                if (context.productData.at.mcpSessionId) {
+                    return [2 /*return*/, null];
+                }
+                responseHeaders = (_a = context.response) === null || _a === void 0 ? void 0 : _a.headers;
+                if (!responseHeaders) {
+                    return [2 /*return*/, null];
+                }
+                sessionId = responseHeaders.get(MCP_SESSION_ID_HEADER);
+                if (sessionId) {
+                    return [2 /*return*/, { mcpSessionId: sessionId }];
+                }
+                return [2 /*return*/, null];
+            });
+        });
+    };
+    AgenticTrust.prototype.modifyOutgoingResponse = function (_context) {
+        return __awaiter(this, void 0, void 0, function () {
+            return __generator(this, function (_a) {
+                return [2 /*return*/];
+            });
+        });
+    };
+    AgenticTrust.prototype.isMatchingEndpoint = function (context) {
+        var pathname = context.requestData.url.pathname.replace(/\/+$/, '');
+        var configuredPath = this.config.agenticTrustMcpEndpointPath.replace(/\/+$/, '');
+        return pathname === configuredPath;
+    };
+    AgenticTrust.prototype.extractFromBody = function (context, data) {
+        return __awaiter(this, void 0, void 0, function () {
+            var body, jsonRpcMessage, _a;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0:
+                        _b.trys.push([0, 2, , 3]);
+                        return [4 /*yield*/, context.requestData.request.json()];
+                    case 1:
+                        body = _b.sent();
+                        if (!body) {
+                            return [2 /*return*/];
+                        }
+                        jsonRpcMessage = Array.isArray(body) ? body[0] : body;
+                        if (!jsonRpcMessage) {
+                            return [2 /*return*/];
+                        }
+                        if (typeof jsonRpcMessage.method === 'string') {
+                            data.mcpMethod = jsonRpcMessage.method;
+                        }
+                        if (jsonRpcMessage.params) {
+                            if (typeof jsonRpcMessage.params.name === 'string') {
+                                data.mcpToolName = jsonRpcMessage.params.name;
+                            }
+                            if (jsonRpcMessage.params.arguments && typeof jsonRpcMessage.params.arguments === 'object') {
+                                data.mcpToolArgumentKeys = Object.keys(jsonRpcMessage.params.arguments).join(',');
+                            }
+                        }
+                        return [3 /*break*/, 3];
+                    case 2:
+                        _a = _b.sent();
+                        return [3 /*break*/, 3];
+                    case 3: return [2 /*return*/];
+                }
+            });
+        });
+    };
+    return AgenticTrust;
+}());
+exports.AgenticTrust = AgenticTrust;

package/lib/cjs/products/agentic_trust/IAgenticTrust.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/cjs/products/agentic_trust/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./AgenticTrust.js"), exports);
+__exportStar(require("./IAgenticTrust.js"), exports);
+__exportStar(require("./model/index.js"), exports);

package/lib/cjs/products/agentic_trust/model/AgenticTrustData.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/cjs/products/agentic_trust/model/index.js

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./AgenticTrustData.js"), exports);

package/lib/cjs/products/index.js

@@ -20,3 +20,4 @@ __exportStar(require("./bot_defender/index.js"), exports);
 __exportStar(require("./credential_intelligence/index.js"), exports);
 __exportStar(require("./account_defender/index.js"), exports);
 __exportStar(require("./hype_sale_challenge/index.js"), exports);
+__exportStar(require("./agentic_trust/index.js"), exports);

package/lib/cjs/products/utils/ProductName.js

@@ -8,4 +8,5 @@ var ProductName;
     ProductName["CODE_DEFENDER"] = "cd";
     ProductName["CREDENTIAL_INTELLIGENCE"] = "ci";
     ProductName["HYPE_SALE_CHALLENGE"] = "hsc";
+    ProductName["AGENTIC_TRUST"] = "at";
 })(ProductName || (exports.ProductName = ProductName = {}));

package/lib/cjs/products/utils/ProductPriorityOrder.js

@@ -8,4 +8,5 @@ exports.PRODUCT_PRIORITY_ORDER = [
     ProductName_1.ProductName.ACCOUNT_DEFENDER,
     ProductName_1.ProductName.CREDENTIAL_INTELLIGENCE,
     ProductName_1.ProductName.CODE_DEFENDER,
+    ProductName_1.ProductName.AGENTIC_TRUST,
 ];

package/lib/cjs/risk_api/model/GetRiskRequestHeaders.js

@@ -97,6 +97,9 @@ exports.RISK_ACTIVITY_ADDITIONAL_FIELDS_TO_HEADER_NAMES = {
     enforcer_vid_source: {
         header: 'x-px-add-enforcer-vid-source',
     },
+    orig_cookie_vid: {
+        header: 'x-px-add-orig-cookie-vid',
+    },
     server_info_datacenter: {
         header: 'x-px-add-server-info-datacenter',
     },
@@ -186,4 +189,19 @@ exports.RISK_ACTIVITY_ADDITIONAL_FIELDS_TO_HEADER_NAMES = {
         header: 'x-px-add-is-sensitive-route',
         convertToString: function (value) { return "".concat(value); },
     },
+    mcp_method: {
+        header: 'x-px-add-mcp-method',
+    },
+    mcp_tool_name: {
+        header: 'x-px-add-mcp-tool-name',
+    },
+    mcp_tool_argument_keys: {
+        header: 'x-px-add-mcp-tool-argument-keys',
+    },
+    mcp_session_id: {
+        header: 'x-px-add-mcp-session-id',
+    },
+    mcp_http_method: {
+        header: 'x-px-add-mcp-http-method',
+    },
 };

package/lib/cjs/utils/constants.js

@@ -15,4 +15,4 @@ exports.PUSH_DATA_FEATURE_HEADER_NAME = 'x-px-feature';
 exports.EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
 exports.URL_REGEX = /^(https?:)\/\/(([^@\s:\/]+):?([^@\s\/]*)@)?(([^:\/?#]*)(?:\:([0-9]+))?)(\/?[^?#]*)(\?[^#]*|)(#.*|)$/;
 exports.REGEX_STRUCTURE = /^\/(.+?)\/([gimsuyvd]*)$/;
-exports.CORE_MODULE_VERSION = 'JS Core 0.36.0';
+exports.CORE_MODULE_VERSION = 'JS Core 0.37.1';

package/lib/esm/activities/utils.js

@@ -83,6 +83,9 @@ export const addRootContextDataToDetails = (details, context) => {
     if (context.vidSource) {
         details.enforcer_vid_source = context.vidSource;
     }
+    if (context.origCookieVid) {
+        details.orig_cookie_vid = context.origCookieVid;
+    }
     if (context.graphqlData) {
         details.graphql_operations = context.graphqlData;
     }
@@ -148,6 +151,23 @@ export const addProductDataToDetails = (details, productData) => {
             details.is_sensitive_route = productData.bd.isSensitiveRequest;
         }
     }
+    if (productData.at) {
+        if (productData.at.mcpMethod) {
+            details.mcp_method = productData.at.mcpMethod;
+        }
+        if (productData.at.mcpToolName) {
+            details.mcp_tool_name = productData.at.mcpToolName;
+        }
+        if (productData.at.mcpToolArgumentKeys) {
+            details.mcp_tool_argument_keys = productData.at.mcpToolArgumentKeys;
+        }
+        if (productData.at.mcpSessionId) {
+            details.mcp_session_id = productData.at.mcpSessionId;
+        }
+        if (productData.at.mcpHttpMethod) {
+            details.mcp_http_method = productData.at.mcpHttpMethod;
+        }
+    }
 };
 export const addTlsDataToDetails = (details, tlsData) => {
     if (tlsData.tlsCipher) {

package/lib/esm/config/ConfigurationBase.js

@@ -412,6 +412,12 @@ export class ConfigurationBase {
     get proxyUrl() {
         return this.configParams.px_proxy_url;
     }
+    get agenticTrustEnabled() {
+        return this.configParams.px_agentic_trust_enabled;
+    }
+    get agenticTrustMcpEndpointPath() {
+        return this.configParams.px_agentic_trust_mcp_endpoint_path;
+    }
     get enableBlockedUrlOnCaptchaBlockPage() {
         return true;
     }

package/lib/esm/config/defaults/DefaultConfigurationParams.js

@@ -138,4 +138,6 @@ export const defaultConfigurationParams = () => ({
     px_custom_is_enforced_request: null,
     px_custom_is_filtered_request: null,
     px_extract_graphql_keywords: null,
+    px_agentic_trust_enabled: false,
+    px_agentic_trust_mcp_endpoint_path: '/mcp',
 });

package/lib/esm/context/DefaultContext.js

@@ -22,6 +22,7 @@ export class DefaultContext {
     productData;
     uuid;
     vid;
+    origCookieVid;
     vidSource;
     action;
     reasons;
@@ -154,6 +155,9 @@ export class DefaultContext {
             this.vid = vidValue;
             this.vidSource = VidSource.VID_COOKIE;
         }
+        else if (vidValue) {
+            this.origCookieVid = vidValue;
+        }
         const pxhdCookie = this.requestData.cookies[PXHD_COOKIE_NAME];
         if (pxhdCookie) {
             this.pxhd = {
@@ -190,6 +194,7 @@ export class DefaultContext {
             customParameters: this.customParameters,
             graphqlData: this.graphqlData,
             vid: this.vid,
+            origCookieVid: this.origCookieVid,
             vidSource: this.vidSource,
             uuid: this.uuid,
             enforcerStartTime: this.enforcerStartTime,

package/lib/esm/context/SerializedContext.js

@@ -29,6 +29,7 @@ export class SerializedContext {
     customParameters;
     graphqlData;
     vid;
+    origCookieVid;
     vidSource;
     tokenOrigin;
     uuid;
@@ -50,6 +51,7 @@ export class SerializedContext {
         this.tokenOrigin = contextJson.tokenOrigin;
         this.uuid = contextJson.uuid;
         this.vid = contextJson.vid;
+        this.origCookieVid = contextJson.origCookieVid;
         this.vidSource = contextJson.vidSource;
         this.pxhd = contextJson.pxhd;
         this.pxde = contextJson.pxde;

package/lib/esm/custom_parameters/CustomParametersUtils.js

@@ -20,7 +20,7 @@ export var CustomParametersUtils;
                     context.logger.debug('no response available for response custom parameters');
                     return null;
                 }
-                const parameters = await config.enrichResponseCustomParameters(config.getActiveConfig(), context.response.getUnderlyingResponse());
+                const parameters = await config.enrichResponseCustomParameters(config.getActiveConfig(), context.response.getUnderlyingResponse(), context.requestData.request.getUnderlyingRequest());
                 return CustomParametersUtils.normalizeResponseCustomParams(parameters);
             }
             catch (e) {

package/lib/esm/enforcer/utils.js

@@ -7,7 +7,7 @@ import { DefaultGraphQLParser } from '../graphql/index.js';
 import { PostRiskApiClientV2, PostRiskApiClientV3 } from '../risk_api/index.js';
 import { HttpActivityClient, HttpBatchedActivityClient } from '../activities/index.js';
 import { HttpLogServiceClient } from '../logger/index.js';
-import { AccountDefender, BotDefender, CredentialIntelligence, HypeSaleChallenge, ProductName, } from '../products/index.js';
+import { AccountDefender, BotDefender, CredentialIntelligence, HypeSaleChallenge, AgenticTrust, ProductName, } from '../products/index.js';
 import { EnforcerError, isValidTokenVersion } from '../utils/index.js';
 import { DefaultSnippetRetriever } from '../snippet_injection/index.js';
 export const createEnforcerInitializationBlock = (config, options) => {
@@ -70,12 +70,14 @@ export const createEnforcerProducts = (config, products, base64Utils, hashUtils,
     const accountDefender = products?.ad || new AccountDefender(config, { base64Utils });
     const credentialIntelligence = products?.ci || new CredentialIntelligence(config, { hashUtils, urlUtils });
     const hypeSaleChallenge = products?.hsc || new HypeSaleChallenge(config, { base64Utils });
+    const agenticTrust = products?.at || new AgenticTrust(config);
     return {
         [ProductName.BOT_DEFENDER]: botDefender,
         [ProductName.ACCOUNT_DEFENDER]: accountDefender,
         [ProductName.CODE_DEFENDER]: products?.cd,
         [ProductName.CREDENTIAL_INTELLIGENCE]: credentialIntelligence,
         [ProductName.HYPE_SALE_CHALLENGE]: hypeSaleChallenge,
+        [ProductName.AGENTIC_TRUST]: agenticTrust,
     };
 };
 export const createRemoteConfigClients = (config, options) => {

package/lib/esm/products/agentic_trust/AgenticTrust.js

@@ -0,0 +1,84 @@
+import { HttpMethod } from '../../http/index.js';
+const MCP_SESSION_ID_HEADER = 'mcp-session-id';
+export class AgenticTrust {
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    async enrichContextFromRequest(context) {
+        if (!this.config.agenticTrustEnabled) {
+            return null;
+        }
+        if (!this.isMatchingEndpoint(context)) {
+            return null;
+        }
+        const data = {
+            mcpHttpMethod: context.requestData.method,
+        };
+        const sessionId = context.requestData.request.headers.get(MCP_SESSION_ID_HEADER);
+        if (sessionId) {
+            data.mcpSessionId = sessionId;
+        }
+        if (context.requestData.method === HttpMethod.POST) {
+            await this.extractFromBody(context, data);
+        }
+        return data;
+    }
+    async enrichContextFromRiskApi(_context) {
+        return null;
+    }
+    async modifyIncomingRequest(_context) {
+        // no-op
+    }
+    async enrichContextFromResponse(context) {
+        if (!context.productData.at) {
+            return null;
+        }
+        if (context.productData.at.mcpSessionId) {
+            return null;
+        }
+        const responseHeaders = context.response?.headers;
+        if (!responseHeaders) {
+            return null;
+        }
+        const sessionId = responseHeaders.get(MCP_SESSION_ID_HEADER);
+        if (sessionId) {
+            return { mcpSessionId: sessionId };
+        }
+        return null;
+    }
+    async modifyOutgoingResponse(_context) {
+        // no-op
+    }
+    isMatchingEndpoint(context) {
+        const pathname = context.requestData.url.pathname.replace(/\/+$/, '');
+        const configuredPath = this.config.agenticTrustMcpEndpointPath.replace(/\/+$/, '');
+        return pathname === configuredPath;
+    }
+    async extractFromBody(context, data) {
+        try {
+            const body = await context.requestData.request.json();
+            if (!body) {
+                return;
+            }
+            const jsonRpcMessage = Array.isArray(body) ? body[0] : body;
+            if (!jsonRpcMessage) {
+                return;
+            }
+            if (typeof jsonRpcMessage.method === 'string') {
+                data.mcpMethod = jsonRpcMessage.method;
+            }
+            if (jsonRpcMessage.params) {
+                if (typeof jsonRpcMessage.params.name === 'string') {
+                    data.mcpToolName = jsonRpcMessage.params.name;
+                }
+                if (jsonRpcMessage.params.arguments && typeof jsonRpcMessage.params.arguments === 'object') {
+                    data.mcpToolArgumentKeys = Object.keys(jsonRpcMessage.params.arguments).join(',');
+                }
+            }
+        }
+        catch {
+            // failed to parse request body
+        }
+    }
+}

package/lib/esm/products/agentic_trust/IAgenticTrust.js

@@ -0,0 +1 @@
+export {};

package/lib/esm/products/agentic_trust/index.js

@@ -0,0 +1,3 @@
+export * from './AgenticTrust.js';
+export * from './IAgenticTrust.js';
+export * from './model/index.js';

package/lib/esm/products/agentic_trust/model/AgenticTrustData.js

@@ -0,0 +1 @@
+export {};

package/lib/esm/products/agentic_trust/model/index.js

@@ -0,0 +1 @@
+export * from './AgenticTrustData.js';

package/lib/esm/products/index.js

@@ -4,3 +4,4 @@ export * from './bot_defender/index.js';
 export * from './credential_intelligence/index.js';
 export * from './account_defender/index.js';
 export * from './hype_sale_challenge/index.js';
+export * from './agentic_trust/index.js';

package/lib/esm/products/utils/ProductName.js

@@ -5,4 +5,5 @@ export var ProductName;
     ProductName["CODE_DEFENDER"] = "cd";
     ProductName["CREDENTIAL_INTELLIGENCE"] = "ci";
     ProductName["HYPE_SALE_CHALLENGE"] = "hsc";
+    ProductName["AGENTIC_TRUST"] = "at";
 })(ProductName || (ProductName = {}));

package/lib/esm/products/utils/ProductPriorityOrder.js

@@ -5,4 +5,5 @@ export const PRODUCT_PRIORITY_ORDER = [
     ProductName.ACCOUNT_DEFENDER,
     ProductName.CREDENTIAL_INTELLIGENCE,
     ProductName.CODE_DEFENDER,
+    ProductName.AGENTIC_TRUST,
 ];

package/lib/esm/risk_api/model/GetRiskRequestHeaders.js

@@ -94,6 +94,9 @@ export const RISK_ACTIVITY_ADDITIONAL_FIELDS_TO_HEADER_NAMES = {
     enforcer_vid_source: {
         header: 'x-px-add-enforcer-vid-source',
     },
+    orig_cookie_vid: {
+        header: 'x-px-add-orig-cookie-vid',
+    },
     server_info_datacenter: {
         header: 'x-px-add-server-info-datacenter',
     },
@@ -183,4 +186,19 @@ export const RISK_ACTIVITY_ADDITIONAL_FIELDS_TO_HEADER_NAMES = {
         header: 'x-px-add-is-sensitive-route',
         convertToString: (value) => `${value}`,
     },
+    mcp_method: {
+        header: 'x-px-add-mcp-method',
+    },
+    mcp_tool_name: {
+        header: 'x-px-add-mcp-tool-name',
+    },
+    mcp_tool_argument_keys: {
+        header: 'x-px-add-mcp-tool-argument-keys',
+    },
+    mcp_session_id: {
+        header: 'x-px-add-mcp-session-id',
+    },
+    mcp_http_method: {
+        header: 'x-px-add-mcp-http-method',
+    },
 };

package/lib/esm/utils/constants.js

@@ -12,4 +12,4 @@ export const PUSH_DATA_FEATURE_HEADER_NAME = 'x-px-feature';
 export const EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
 export const URL_REGEX = /^(https?:)\/\/(([^@\s:\/]+):?([^@\s\/]*)@)?(([^:\/?#]*)(?:\:([0-9]+))?)(\/?[^?#]*)(\?[^#]*|)(#.*|)$/;
 export const REGEX_STRUCTURE = /^\/(.+?)\/([gimsuyvd]*)$/;
-export const CORE_MODULE_VERSION = 'JS Core 0.36.0';
+export const CORE_MODULE_VERSION = 'JS Core 0.37.1';

package/lib/types/activities/model/CommonActivityDetails.d.ts

@@ -24,6 +24,7 @@ export type CommonActivityDetails = {
     tls_preferred_ciphers?: string;
     tls_ja3_fingerprint?: string;
     enforcer_vid_source?: VidSource;
+    orig_cookie_vid?: string;
     original_uuid?: string;
     original_token_error?: string;
     original_token?: string;
@@ -47,4 +48,9 @@ export type CommonActivityDetails = {
     raw_url?: string;
     used_cookie_secret?: string;
     is_sensitive_route?: boolean;
+    mcp_method?: string;
+    mcp_tool_name?: string;
+    mcp_tool_argument_keys?: string;
+    mcp_session_id?: string;
+    mcp_http_method?: string;
 } & CustomParameters;

package/lib/types/config/ConfigurationBase.d.ts

@@ -150,6 +150,8 @@ export declare abstract class ConfigurationBase<Req, Res, Supported extends stri
     get createCustomSnippet(): CustomSnippetFunction<Req, Res, Supported, Added> | null;
     get dataEnrichmentHeaderName(): string;
     get proxyUrl(): string;
+    get agenticTrustEnabled(): boolean;
+    get agenticTrustMcpEndpointPath(): string;
     get enableBlockedUrlOnCaptchaBlockPage(): boolean;
     get awaitAsyncHttpRequests(): boolean;
     get isPostEnforceEnabled(): boolean;

package/lib/types/config/IConfiguration.d.ts

@@ -348,6 +348,14 @@ export interface IConfiguration<Req, Res, Supported extends string, Added> {
      * The default login successful custom callback to use if none is defined for an endpoint.
      */
     readonly ciDefaultLoginSuccessfulCustomCallback: CustomLoginSuccessfulCallback<Res> | null;
+    /**
+     * Whether to enable Agentic Trust.
+     */
+    readonly agenticTrustEnabled: boolean;
+    /**
+     * The endpoint path used for MCP requests.
+     */
+    readonly agenticTrustMcpEndpointPath: string;
     /**
      * The authentication token for the logging service.
      */

package/lib/types/config/params/CoreConfigurationParams.d.ts

@@ -122,6 +122,8 @@ export type CommonConfigurationParams<Req, Res, Supported extends string, Added>
     px_secured_pxhd_enabled?: boolean;
     px_data_enrichment_header_name?: string;
     px_proxy_url?: string;
+    px_agentic_trust_enabled?: boolean;
+    px_agentic_trust_mcp_endpoint_path?: string;
     px_additional_activity_handler?: AdditionalActivityHandler<Req, Res, Supported, Added> | null;
     px_enrich_custom_parameters?: CustomParametersFunction<Req, Res, Supported, Added> | null;
     px_enrich_response_custom_parameters?: ResponseCustomParametersFunction<Req, Res, Supported, Added> | null;

package/lib/types/context/ContextJson.d.ts

@@ -29,6 +29,7 @@ export type ContextJson<Req = unknown, Res = unknown> = {
     readonly productData: ProductData;
     uuid?: string;
     vid?: string;
+    origCookieVid?: string;
     vidSource?: VidSource;
     tokenOrigin: TokenOrigin;
     score?: number;

package/lib/types/context/DefaultContext.d.ts

@@ -34,6 +34,7 @@ export declare class DefaultContext<Req, Res, Supported extends string, Added> i
     readonly productData: ProductData;
     uuid?: string;
     vid?: string;
+    origCookieVid?: string;
     vidSource?: VidSource;
     action: Action;
     reasons: Partial<Record<ProductName, string>>;

package/lib/types/context/SerializedContext.d.ts

@@ -41,6 +41,7 @@ export declare class SerializedContext<Req, Res, Supported extends string, Added
     customParameters?: CustomParameters;
     graphqlData?: GraphQLData[];
     vid?: string;
+    origCookieVid?: string;
     vidSource?: VidSource;
     tokenOrigin: TokenOrigin;
     uuid?: string;

package/lib/types/context/interfaces/IContext.d.ts

@@ -61,6 +61,10 @@ export interface IContext<Req, Res> {
      * The visitor ID, unique to the end-user.
      */
     vid?: string;
+    /**
+     * The raw `_pxvid` cookie value when it fails UUID validation.
+     */
+    origCookieVid?: string;
     /**
      * The secret used to decrypt the risk cookie.
      */

package/lib/types/custom_parameters/CustomParametersFunction.d.ts

@@ -1,4 +1,4 @@
 import { CustomParameters, ResponseCustomParameters } from './CustomParameters';
 import { ActiveConfigurationParams } from '../config';
 export type CustomParametersFunction<Req, Res, Supported extends string, Added> = (config: ActiveConfigurationParams<Req, Res, Supported, Added>, request: Req) => CustomParameters | Promise<CustomParameters>;
-export type ResponseCustomParametersFunction<Req, Res, Supported extends string, Added> = (config: ActiveConfigurationParams<Req, Res, Supported, Added>, response: Res) => ResponseCustomParameters | Promise<ResponseCustomParameters>;
+export type ResponseCustomParametersFunction<Req, Res, Supported extends string, Added> = (config: ActiveConfigurationParams<Req, Res, Supported, Added>, response: Res, request?: Req) => ResponseCustomParameters | Promise<ResponseCustomParameters>;

package/lib/types/products/agentic_trust/AgenticTrust.d.ts

@@ -0,0 +1,15 @@
+import { IConfiguration } from '../../config';
+import { ReadonlyContext } from '../../context';
+import { IAgenticTrust } from './IAgenticTrust';
+import { AgenticTrustData } from './model';
+export declare class AgenticTrust<Req, Res, Supported extends string, Added> implements IAgenticTrust<Req, Res> {
+    protected readonly config: IConfiguration<Req, Res, Supported, Added>;
+    constructor(config: IConfiguration<Req, Res, Supported, Added>);
+    enrichContextFromRequest(context: ReadonlyContext<Req, Res>): Promise<AgenticTrustData | null>;
+    enrichContextFromRiskApi(_context: ReadonlyContext<Req, Res>): Promise<Partial<AgenticTrustData> | null>;
+    modifyIncomingRequest(_context: ReadonlyContext<Req, Res>): Promise<void>;
+    enrichContextFromResponse(context: ReadonlyContext<Req, Res>): Promise<Partial<AgenticTrustData> | null>;
+    modifyOutgoingResponse(_context: ReadonlyContext<Req, Res>): Promise<void>;
+    protected isMatchingEndpoint(context: ReadonlyContext<Req, Res>): boolean;
+    protected extractFromBody(context: ReadonlyContext<Req, Res>, data: AgenticTrustData): Promise<void>;
+}

package/lib/types/products/agentic_trust/IAgenticTrust.d.ts

@@ -0,0 +1,4 @@
+import { IProduct } from '../interfaces';
+import { ProductName } from '../utils';
+export interface IAgenticTrust<Req, Res> extends IProduct<ProductName.AGENTIC_TRUST, Req, Res> {
+}

package/lib/types/products/agentic_trust/index.d.ts

@@ -0,0 +1,3 @@
+export * from './AgenticTrust';
+export * from './IAgenticTrust';
+export * from './model';

package/lib/types/products/agentic_trust/model/AgenticTrustData.d.ts

@@ -0,0 +1,7 @@
+export type AgenticTrustData = {
+    mcpMethod?: string;
+    mcpToolName?: string;
+    mcpToolArgumentKeys?: string;
+    mcpSessionId?: string;
+    mcpHttpMethod?: string;
+};

package/lib/types/products/agentic_trust/model/index.d.ts

@@ -0,0 +1 @@
+export * from './AgenticTrustData';

package/lib/types/products/index.d.ts

@@ -4,3 +4,4 @@ export * from './bot_defender';
 export * from './credential_intelligence';
 export * from './account_defender';
 export * from './hype_sale_challenge';
+export * from './agentic_trust';

package/lib/types/products/interfaces/ProductDataType.d.ts

@@ -3,4 +3,5 @@ import { BotDefenderData } from '../bot_defender';
 import { CredentialIntelligenceData } from '../credential_intelligence';
 import { AccountDefenderData } from '../account_defender';
 import { HypeSaleChallengeData } from '../hype_sale_challenge';
-export type ProductDataType<Name extends ProductName> = Name extends ProductName.BOT_DEFENDER ? BotDefenderData : Name extends ProductName.CREDENTIAL_INTELLIGENCE ? CredentialIntelligenceData : Name extends ProductName.ACCOUNT_DEFENDER ? AccountDefenderData : Name extends ProductName.HYPE_SALE_CHALLENGE ? HypeSaleChallengeData : never;
+import { AgenticTrustData } from '../agentic_trust';
+export type ProductDataType<Name extends ProductName> = Name extends ProductName.BOT_DEFENDER ? BotDefenderData : Name extends ProductName.CREDENTIAL_INTELLIGENCE ? CredentialIntelligenceData : Name extends ProductName.ACCOUNT_DEFENDER ? AccountDefenderData : Name extends ProductName.HYPE_SALE_CHALLENGE ? HypeSaleChallengeData : Name extends ProductName.AGENTIC_TRUST ? AgenticTrustData : never;

package/lib/types/products/interfaces/ProductType.d.ts

@@ -3,4 +3,5 @@ import { IBotDefender } from '../bot_defender';
 import { ICredentialIntelligence } from '../credential_intelligence';
 import { IAccountDefender } from '../account_defender';
 import { IHypeSaleChallenge } from '../hype_sale_challenge';
-export type ProductType<Name extends ProductName, Req, Res> = Name extends ProductName.BOT_DEFENDER ? IBotDefender<Req, Res> : Name extends ProductName.CREDENTIAL_INTELLIGENCE ? ICredentialIntelligence<Req, Res> : Name extends ProductName.ACCOUNT_DEFENDER ? IAccountDefender<Req, Res> : Name extends ProductName.HYPE_SALE_CHALLENGE ? IHypeSaleChallenge<Req, Res> : never;
+import { IAgenticTrust } from '../agentic_trust';
+export type ProductType<Name extends ProductName, Req, Res> = Name extends ProductName.BOT_DEFENDER ? IBotDefender<Req, Res> : Name extends ProductName.CREDENTIAL_INTELLIGENCE ? ICredentialIntelligence<Req, Res> : Name extends ProductName.ACCOUNT_DEFENDER ? IAccountDefender<Req, Res> : Name extends ProductName.HYPE_SALE_CHALLENGE ? IHypeSaleChallenge<Req, Res> : Name extends ProductName.AGENTIC_TRUST ? IAgenticTrust<Req, Res> : never;

package/lib/types/products/utils/ProductName.d.ts

@@ -3,5 +3,6 @@ export declare enum ProductName {
     ACCOUNT_DEFENDER = "ad",
     CODE_DEFENDER = "cd",
     CREDENTIAL_INTELLIGENCE = "ci",
-    HYPE_SALE_CHALLENGE = "hsc"
+    HYPE_SALE_CHALLENGE = "hsc",
+    AGENTIC_TRUST = "at"
 }

package/lib/types/risk_api/utils.d.ts

@@ -31,6 +31,7 @@ export declare const createRiskApiActivity: <Req, Res, Supported extends string,
         tls_preferred_ciphers?: string;
         tls_ja3_fingerprint?: string;
         enforcer_vid_source?: import("../utils").VidSource;
+        orig_cookie_vid?: string;
         original_uuid?: string;
         original_token_error?: string;
         original_token?: string;
@@ -54,6 +55,11 @@ export declare const createRiskApiActivity: <Req, Res, Supported extends string,
         raw_url?: string;
         used_cookie_secret?: string;
         is_sensitive_route?: boolean;
+        mcp_method?: string;
+        mcp_tool_name?: string;
+        mcp_tool_argument_keys?: string;
+        mcp_session_id?: string;
+        mcp_http_method?: string;
         custom_param1?: any;
         custom_param2?: any;
         custom_param3?: any;

package/lib/types/utils/constants.d.ts

@@ -12,4 +12,4 @@ export declare const PUSH_DATA_FEATURE_HEADER_NAME = "x-px-feature";
 export declare const EMAIL_ADDRESS_REGEX: RegExp;
 export declare const URL_REGEX: RegExp;
 export declare const REGEX_STRUCTURE: RegExp;
-export declare const CORE_MODULE_VERSION = "JS Core 0.36.0";
+export declare const CORE_MODULE_VERSION = "JS Core 0.37.1";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "perimeterx-js-core",
-  "version": "0.36.0",
+  "version": "0.37.1",
   "description": "",
   "type": "module",
   "typesVersions": {