UNPKG

@kya-os/agentshield-nextjs

Version:

Next.js middleware for AgentShield AI agent detection

github.com/Know-That-Ai/agent-shield

Know-That-Ai/agent-shield

1 lines 48.1 kB
1
{"version":3,"sources":["../src/signature-verifier.ts","../src/edge-detector-wrapper.ts"],"names":["now"],"mappings":";;;;;AAaQ,OAAA,CAAA,GAAA,CAAI,UAAA,GAAa,IAAI,CAAA,KAAM,MAAA,CAAe,YAAI,WAAA,CAAY,GAAG,CAAC,CAAC,CAAA;AAcvE,IAAM,UAAA,GAAa;AAAA,EACjB,OAAA,EAAS;AAAA,IACP;AAAA,MACE,GAAA,EAAK,6CAAA;AAAA;AAAA;AAAA,MAGL,SAAA,EAAW,6CAAA;AAAA,MACX,SAAA,EAAW,UAAA;AAAA;AAAA,MACX,UAAA,EAAY;AAAA;AAAA;AACd;AAEJ,CAAA;AAeA,IAAM,QAAA,uBAAe,GAAA,EAAwB;AAC7C,IAAM,YAAA,GAAe,IAAI,EAAA,GAAK,GAAA;AAC9B,IAAM,cAAA,GAAiB,GAAA;AAMvB,SAAS,aAAA,GAAwB;AAC/B,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAEjC,IAAA,OAAO,eAAA;AAAA,EACT;AAIA,EAAA,MAAM,UACJ,OAAA,CAAQ,GAAA,CAAI,mBAAA,IACZ,OAAA,CAAQ,IAAI,mBAAA,IACZ,OAAA,CAAQ,GAAA,CAAI,OAAA,KACX,QAAQ,GAAA,CAAI,UAAA,GAAa,WAAW,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA,CAAA,GAAK,IAAA,CAAA;AAElE,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,OAAO,OAAA,CAAQ,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA,GAAI,eAAA;AAAA,EACtC;AAKA,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,EAAc;AACzC,IAAA,OAAA,CAAQ,IAAA;AAAA,MACN;AAAA,KACF;AACA,IAAA,OAAO,oCAAA;AAAA,EACT;AAGA,EAAA,OAAA,CAAQ,KAAA;AAAA,IACN;AAAA,GACF;AACA,EAAA,OAAO,eAAA;AACT;AAOA,SAAS,mBAAA,GAA4B;AACnC,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,kBAA4B,EAAC;AAGnC,EAAA,KAAA,MAAW,CAAC,KAAA,EAAO,MAAM,CAAA,IAAK,QAAA,CAAS,SAAQ,EAAG;AAChD,IAAA,IAAI,GAAA,GAAM,MAAA,CAAO,QAAA,GAAW,YAAA,EAAc;AACxC,MAAA,eAAA,CAAgB,KAAK,KAAK,CAAA;AAAA,IAC5B;AAAA,EACF;AAEA,EAAA,KAAA,MAAW,SAAS,eAAA,EAAiB;AACnC,IAAA,QAAA,CAAS,OAAO,KAAK,CAAA;AAAA,EACvB;AAGA,EAAA,IAAI,QAAA,CAAS,OAAO,cAAA,EAAgB;AAElC,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,IAAA,CAAK,QAAA,CAAS,OAAA,EAAS,CAAA,CAAE,GAAA,CAAI,CAAC,CAAC,KAAA,EAAO,MAAM,CAAA,MAAO;AAAA,MACvE,KAAA;AAAA,MACA,UAAU,MAAA,CAAO;AAAA,KACnB,CAAE,CAAA;AAGF,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA,EAAG,MAAM,CAAA,CAAE,QAAA,GAAW,EAAE,QAAQ,CAAA;AAG9C,IAAA,MAAM,WAAW,OAAA,CAAQ,KAAA,CAAM,CAAA,EAAG,QAAA,CAAS,OAAO,cAAc,CAAA;AAChE,IAAA,KAAA,MAAW,SAAS,QAAA,EAAU;AAC5B,MAAA,QAAA,CAAS,MAAA,CAAO,MAAM,KAAK,CAAA;AAAA,IAC7B;AAAA,EACF;AACF;AAKA,eAAe,iBAAiB,KAAA,EAKrB;AAET,EAAA,IAAI,QAAA,CAAS,OAAO,cAAA,EAAgB;AAClC,IAAA,mBAAA,EAAoB;AAAA,EACtB;AAGA,EAAA,MAAM,MAAA,GAAS,QAAA,CAAS,GAAA,CAAI,KAAK,CAAA;AACjC,EAAA,IAAI,UAAU,IAAA,CAAK,GAAA,EAAI,GAAI,MAAA,CAAO,WAAW,YAAA,EAAc;AACzD,IAAA,OAAO,MAAA,CAAO,IAAA;AAAA,EAChB;AAGA,EAAA,IAAI,OAAO,UAAU,WAAA,EAAa;AAChC,IAAA,OAAA,CAAQ,KAAK,uDAAuD,CAAA;AACpE,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,aAAa,aAAA,EAAc;AACjC,IAAA,MAAM,MAAM,CAAA,EAAG,UAAU,CAAA,sBAAA,EAAyB,kBAAA,CAAmB,KAAK,CAAC,CAAA,CAAA;AAE3E,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,GAAA,EAAK;AAAA,MAChC,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB;AAAA,OAClB;AAAA;AAAA,MAEA,MAAA,EAAQ,WAAA,CAAY,OAAA,CAAQ,GAAI;AAAA,KACjC,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,2CAAA,EAA8C,QAAA,CAAS,MAAM,CAAA,CAAE,CAAA;AAC5E,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAEjC,IAAA,IAAI,CAAC,IAAA,CAAK,IAAA,IAAQ,CAAC,KAAA,CAAM,OAAA,CAAQ,IAAA,CAAK,IAAI,CAAA,IAAK,IAAA,CAAK,IAAA,CAAK,MAAA,KAAW,CAAA,EAAG;AACrE,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,iDAAA,EAAoD,KAAK,CAAA,CAAE,CAAA;AACxE,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,QAAA,CAAS,IAAI,KAAA,EAAO;AAAA,MAClB,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,QAAA,EAAU,KAAK,GAAA;AAAI,KACpB,CAAA;AAED,IAAA,OAAO,IAAA,CAAK,IAAA;AAAA,EACd,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAK,0DAAA,EAA4D;AAAA,MACvE,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,eAAA;AAAA,MAChD;AAAA,KACD,CAAA;AACD,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAKA,SAAS,aAAa,KAAA,EAAiD;AACrE,EAAA,OAAO,KAAA,IAAS,UAAA;AAClB;AAKA,eAAe,gBAAgB,KAAA,EAO7B;AAEA,EAAA,MAAM,OAAA,GAAU,MAAM,gBAAA,CAAiB,KAAK,CAAA;AAC5C,EAAA,IAAI,OAAA,IAAW,OAAA,CAAQ,MAAA,GAAS,CAAA,EAAG;AACjC,IAAA,OAAO,OAAA;AAAA,EACT;AAGA,EAAA,IAAI,YAAA,CAAa,KAAK,CAAA,EAAG;AACvB,IAAA,OAAO,WAAW,KAAK,CAAA;AAAA,EACzB;AAEA,EAAA,OAAO,EAAC;AACV;AAKA,SAAS,oBAAoB,cAAA,EAKpB;AACP,EAAA,IAAI;AAEF,IAAA,MAAM,KAAA,GAAQ,cAAA,CAAe,KAAA,CAAM,qBAAqB,CAAA;AACxD,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,MAAM,GAAG,WAAA,EAAa,MAAM,CAAA,GAAI,KAAA;AAGhC,IAAA,MAAM,aAAA,GAAgB,WAAA,GAClB,WAAA,CACG,KAAA,CAAM,GAAG,EACT,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,OAAA,CAAQ,IAAA,EAAM,EAAE,CAAA,CAAE,IAAA,EAAM,CAAA,CACrC,MAAA,CAAO,CAAC,MAAM,CAAA,CAAE,MAAA,GAAS,CAAC,CAAA,GAC7B,EAAC;AAGL,IAAA,MAAM,UAAA,GAAa,MAAA,GAAS,MAAA,CAAO,KAAA,CAAM,iBAAiB,CAAA,GAAI,IAAA;AAC9D,IAAA,MAAM,YAAA,GAAe,MAAA,GAAS,MAAA,CAAO,KAAA,CAAM,eAAe,CAAA,GAAI,IAAA;AAC9D,IAAA,MAAM,YAAA,GAAe,MAAA,GAAS,MAAA,CAAO,KAAA,CAAM,eAAe,CAAA,GAAI,IAAA;AAE9D,IAAA,IAAI,CAAC,UAAA,IAAc,CAAC,UAAA,CAAW,CAAC,GAAG,OAAO,IAAA;AAE1C,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,WAAW,CAAC,CAAA;AAAA,MACnB,OAAA,EAAS,gBAAgB,YAAA,CAAa,CAAC,IAAI,QAAA,CAAS,YAAA,CAAa,CAAC,CAAC,CAAA,GAAI,KAAA,CAAA;AAAA,MACvE,OAAA,EAAS,gBAAgB,YAAA,CAAa,CAAC,IAAI,QAAA,CAAS,YAAA,CAAa,CAAC,CAAC,CAAA,GAAI,KAAA,CAAA;AAAA,MACvE;AAAA,KACF;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,gDAAgD,KAAK,CAAA;AACnE,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAMA,SAAS,kBAAA,CACP,MAAA,EACA,IAAA,EACA,OAAA,EACA,aAAA,EACQ;AACR,EAAA,MAAM,aAAuB,EAAC;AAE9B,EAAA,KAAA,MAAW,cAAc,aAAA,EAAe;AACtC,IAAA,IAAI,KAAA;AAEJ,IAAA,QAAQ,UAAA;AAAY,MAClB,KAAK,SAAA;AACH,QAAA,KAAA,GAAQ,OAAO,WAAA,EAAY;AAC3B,QAAA;AAAA,MACF,KAAK,OAAA;AACH,QAAA,KAAA,GAAQ,IAAA;AACR,QAAA;AAAA,MACF,KAAK,YAAA;AAEH,QAAA,KAAA,GAAQ,OAAA,CAAQ,MAAM,CAAA,IAAK,OAAA,CAAQ,MAAM,CAAA,IAAK,EAAA;AAC9C,QAAA;AAAA,MACF,SAAS;AAEP,QAAA,MAAM,GAAA,GAAM,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA,CAAE,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,WAAA,EAAY,KAAM,UAAA,CAAW,aAAa,CAAA;AACzF,QAAA,KAAA,GAAQ,GAAA,GAAM,OAAA,CAAQ,GAAG,CAAA,IAAK,EAAA,GAAK,EAAA;AACnC,QAAA;AAAA,MACF;AAAA;AAIF,IAAA,UAAA,CAAW,IAAA,CAAK,CAAA,CAAA,EAAI,UAAU,CAAA,GAAA,EAAM,KAAK,CAAA,CAAE,CAAA;AAAA,EAC7C;AAEA,EAAA,OAAO,UAAA,CAAW,KAAK,IAAI,CAAA;AAC7B;AAMA,SAAS,cAAc,MAAA,EAA4B;AAEjD,EAAA,IAAI,cAAA,GAAiB,OAAO,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAGhE,EAAA,MAAM,OAAA,GAAU,eAAe,MAAA,GAAS,CAAA;AACxC,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,cAAA,IAAkB,GAAA,CAAI,MAAA,CAAO,CAAA,GAAI,OAAO,CAAA;AAAA,EAC1C;AAEA,EAAA,MAAM,YAAA,GAAe,KAAK,cAAc,CAAA;AACxC,EAAA,OAAO,UAAA,CAAW,KAAK,YAAA,EAAc,CAAC,MAAM,CAAA,CAAE,UAAA,CAAW,CAAC,CAAC,CAAA;AAC7D;AAMA,eAAe,sBAAA,CACb,eAAA,EACA,eAAA,EACA,OAAA,EACkB;AAClB,EAAA,IAAI;AAEF,IAAA,MAAM,cAAA,GAAiB,cAAc,eAAe,CAAA;AACpD,IAAA,MAAM,cAAA,GAAiB,cAAc,eAAe,CAAA;AACpD,IAAA,MAAM,YAAA,GAAe,IAAI,WAAA,EAAY,CAAE,OAAO,OAAO,CAAA;AAGrD,IAAA,IAAI,cAAA,CAAe,WAAW,EAAA,EAAI;AAChC,MAAA,OAAA,CAAQ,KAAA,CAAM,wCAAA,EAA0C,cAAA,CAAe,MAAM,CAAA;AAC7E,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,IAAI,cAAA,CAAe,WAAW,EAAA,EAAI;AAChC,MAAA,OAAA,CAAQ,KAAA,CAAM,uCAAA,EAAyC,cAAA,CAAe,MAAM,CAAA;AAC5E,MAAA,OAAO,KAAA;AAAA,IACT;AAGA,IAAA,OAAe,OAAA,CAAA,MAAA,CAAO,cAAA,EAAgB,YAAA,EAAc,cAAc,CAAA;AAAA,EACpE,SAAS,UAAA,EAAY;AACnB,IAAA,OAAA,CAAQ,IAAA,CAAK,kEAAkE,UAAU,CAAA;AAGzF,IAAA,IAAI;AACF,MAAA,MAAM,cAAA,GAAiB,cAAc,eAAe,CAAA;AACpD,MAAA,MAAM,cAAA,GAAiB,cAAc,eAAe,CAAA;AACpD,MAAA,MAAM,YAAA,GAAe,IAAI,WAAA,EAAY,CAAE,OAAO,OAAO,CAAA;AAErD,MAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,QACpC,KAAA;AAAA,QACA,cAAA,CAAe,MAAA;AAAA,QACf;AAAA,UACE,IAAA,EAAM,SAAA;AAAA,UACN,UAAA,EAAY;AAAA,SACd;AAAA,QACA,KAAA;AAAA,QACA,CAAC,QAAQ;AAAA,OACX;AAEA,MAAA,OAAO,MAAM,OAAO,MAAA,CAAO,MAAA;AAAA,QACzB,SAAA;AAAA,QACA,SAAA;AAAA,QACA,cAAA,CAAe,MAAA;AAAA,QACf;AAAA,OACF;AAAA,IACF,SAAS,WAAA,EAAa;AACpB,MAAA,OAAA,CAAQ,MAAM,wDAAA,EAA0D;AAAA,QACtE,UAAA,EAAY,UAAA,YAAsB,KAAA,GAAQ,UAAA,CAAW,OAAA,GAAU,SAAA;AAAA,QAC/D,WAAA,EAAa,WAAA,YAAuB,KAAA,GAAQ,WAAA,CAAY,OAAA,GAAU;AAAA,OACnE,CAAA;AACD,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AACF;AAiBA,eAAsB,oBAAA,CACpB,MAAA,EACA,IAAA,EACA,OAAA,EACsC;AAEtC,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,WAAW,CAAA,IAAK,QAAQ,WAAW,CAAA;AAC7D,EAAA,MAAM,cAAA,GAAiB,OAAA,CAAQ,iBAAiB,CAAA,IAAK,QAAQ,iBAAiB,CAAA;AAC9E,EAAA,MAAM,cAAA,GAAiB,OAAA,CAAQ,iBAAiB,CAAA,IAAK,QAAQ,iBAAiB,CAAA;AAG9E,EAAA,IAAI,CAAC,SAAA,IAAa,CAAC,cAAA,EAAgB;AACjC,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,8BAAA;AAAA,MACR,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AAGA,EAAA,MAAM,MAAA,GAAS,oBAAoB,cAAc,CAAA;AACjD,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,gCAAA;AAAA,MACR,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,MAAMA,OAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,IAAA,MAAM,GAAA,GAAMA,OAAM,MAAA,CAAO,OAAA;AAGzB,IAAA,IAAI,MAAM,GAAA,EAAK;AACb,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,UAAA,EAAY,CAAA;AAAA,QACZ,MAAA,EAAQ,0CAAA;AAAA,QACR,kBAAA,EAAoB;AAAA,OACtB;AAAA,IACF;AAGA,IAAA,IAAI,MAAM,GAAA,EAAK;AACb,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,UAAA,EAAY,CAAA;AAAA,QACZ,MAAA,EAAQ,sCAAA;AAAA,QACR,kBAAA,EAAoB;AAAA,OACtB;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,KAAA;AACJ,EAAA,IAAI,QAAA;AAEJ,EAAA,IAAI,cAAA,KAAmB,uBAAA,IAA2B,cAAA,EAAgB,QAAA,CAAS,aAAa,CAAA,EAAG;AACzF,IAAA,KAAA,GAAQ,SAAA;AACR,IAAA,QAAA,GAAW,SAAA;AAAA,EACb;AAGA,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,QAAA,EAAU;AACvB,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,yBAAA;AAAA,MACR,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AAGA,EAAA,MAAM,SAAA,GAAY,MAAM,eAAA,CAAgB,QAAQ,CAAA;AAEhD,EAAA,IAAI,SAAA,CAAU,WAAW,CAAA,EAAG;AAC1B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,6BAAA;AAAA,MACR,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AAGA,EAAA,MAAM,GAAA,GAAM,UAAU,IAAA,CAAK,CAAC,MAAM,CAAA,CAAE,GAAA,KAAQ,OAAO,KAAK,CAAA;AACxD,EAAA,IAAI,CAAC,GAAA,EAAK;AACR,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,CAAA,gBAAA,EAAmB,MAAA,CAAO,KAAK,CAAA,CAAA;AAAA,MACvC,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AAGA,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,EAAA,IAAI,GAAA,GAAM,GAAA,CAAI,SAAA,IAAa,GAAA,GAAM,IAAI,UAAA,EAAY;AAC/C,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,kCAAA;AAAA,MACR,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AAGA,EAAA,MAAM,gBAAgB,kBAAA,CAAmB,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,OAAO,aAAa,CAAA;AAGpF,EAAA,IAAI,cAAA,GAAiB,SAAA;AACrB,EAAA,IAAI,cAAA,CAAe,UAAA,CAAW,QAAQ,CAAA,EAAG;AACvC,IAAA,cAAA,GAAiB,cAAA,CAAe,UAAU,CAAC,CAAA;AAAA,EAC7C;AACA,EAAA,IAAI,cAAA,CAAe,QAAA,CAAS,GAAG,CAAA,EAAG;AAChC,IAAA,cAAA,GAAiB,cAAA,CAAe,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAAA,EAC7C;AAGA,EAAA,MAAM,UAAU,MAAM,sBAAA,CAAuB,GAAA,CAAI,SAAA,EAAW,gBAAgB,aAAa,CAAA;AAEzF,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA;AAAA,MACA,OAAO,MAAA,CAAO,KAAA;AAAA,MACd,UAAA,EAAY,CAAA;AAAA;AAAA,MACZ,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF,CAAA,MAAO;AACL,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,UAAA,EAAY,CAAA;AAAA,MACZ,MAAA,EAAQ,+BAAA;AAAA,MACR,kBAAA,EAAoB;AAAA,KACtB;AAAA,EACF;AACF;AAKO,SAAS,oBAAoB,OAAA,EAA0C;AAC5E,EAAA,OAAO,CAAC,EAAA,CACL,OAAA,CAAQ,WAAW,CAAA,IAAK,OAAA,CAAQ,WAAW,CAAA,MAC3C,OAAA,CAAQ,iBAAiB,CAAA,IAAK,OAAA,CAAQ,iBAAiB,CAAA,CAAA,CAAA;AAE5D;AAMO,SAAS,mBAAmB,OAAA,EAA0C;AAC3E,EAAA,MAAM,cAAA,GAAiB,OAAA,CAAQ,iBAAiB,CAAA,IAAK,QAAQ,iBAAiB,CAAA;AAE9E,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,MAAM,WAAA,GAAc,cAAA,CAAe,OAAA,CAAQ,UAAA,EAAY,EAAE,CAAA;AAGzD,EAAA,IAAI,gBAAgB,qBAAA,EAAuB;AACzC,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,IAAI,GAAA,CAAI,WAAW,CAAA;AACpC,IAAA,MAAM,YAAA,GAAe,CAAC,aAAA,EAAe,iBAAiB,CAAA;AACtD,IAAA,OAAO,YAAA,CAAa,QAAA,CAAS,QAAA,CAAS,IAAI,CAAA;AAAA,EAC5C,CAAA,CAAA,MAAQ;AAEN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AC7iBA,IAAM,QAAwB,aAAA,EAAc;AAK5C,IAAM,oBAAN,MAAwB;AAAA,EACd,KAAA;AAAA,EAER,WAAA,GAAc;AACZ,IAAA,IAAA,CAAK,KAAA,GAAQ,KAAA;AAAA,EACf;AAAA,EAEA,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,IAAI,aAAA;AACJ,IAAA,IAAI,kBAAA;AACJ,IAAA,IAAI,UAAA,GAAa,CAAA;AAEjB,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,OAAA,IAAW,EAAC;AAClC,IAAA,MAAM,oBAA4C,EAAC;AAGnD,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,MAAA,iBAAA,CAAkB,GAAA,CAAI,WAAA,EAAa,CAAA,GAAI,KAAA;AAAA,IACzC;AAGA,IAAA,IAAI,mBAAA,CAAoB,OAAO,CAAA,EAAG;AAChC,MAAA,IAAI;AAEF,QAAA,MAAM,kBAAkB,MAAM,oBAAA;AAAA,UAC5B,MAAM,MAAA,IAAU,KAAA;AAAA,UAChB,MAAM,GAAA,IAAO,GAAA;AAAA,UACb;AAAA,SACF;AAEA,QAAA,IAAI,gBAAgB,OAAA,EAAS;AAE3B,UAAA,UAAA,GAAa,gBAAgB,UAAA,GAAa,GAAA;AAC1C,UAAA,OAAA,CAAQ,KAAK,CAAA,mBAAA,EAAsB,eAAA,CAAgB,OAAO,WAAA,EAAY,IAAK,SAAS,CAAA,CAAE,CAAA;AACtF,UAAA,IAAI,gBAAgB,KAAA,EAAO;AACzB,YAAA,aAAA,GAAgB;AAAA,cACd,IAAA,EAAM,eAAA,CAAgB,KAAA,CAAM,WAAA,EAAY;AAAA,cACxC,MAAM,eAAA,CAAgB;AAAA,aACxB;AAAA,UACF;AACA,UAAA,kBAAA,GAAqB,eAAA,CAAgB,kBAAA;AAGrC,UAAA,IAAI,gBAAgB,KAAA,EAAO;AACzB,YAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,MAAA,EAAS,eAAA,CAAgB,KAAK,CAAA,CAAE,CAAA;AAAA,UAC/C;AAAA,QACF,CAAA,MAAO;AAEL,UAAA,OAAA,CAAQ,KAAK,oDAAA,EAAsD;AAAA,YACjE,QAAQ,eAAA,CAAgB,MAAA;AAAA,YACxB,OAAO,eAAA,CAAgB,KAAA;AAAA,YACvB,iBAAA,EAAmB,CAAC,CAAC,OAAA,CAAQ,iBAAiB,CAAA,IAAK,CAAC,CAAC,OAAA,CAAQ,iBAAiB,CAAA;AAAA,YAC9E,mBAAA,EAAqB,OAAA,CAAQ,iBAAiB,CAAA,IAAK,QAAQ,iBAAiB;AAAA,WAC7E,CAAA;AACD,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,EAAE,CAAA;AACpC,UAAA,OAAA,CAAQ,KAAK,mBAAmB,CAAA;AAChC,UAAA,IAAI,gBAAgB,MAAA,EAAQ;AAC1B,YAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,gBAAA,EAAmB,eAAA,CAAgB,MAAM,CAAA,CAAE,CAAA;AAAA,UAC1D;AAGA,UAAA,IAAI,kBAAA,CAAmB,OAAO,CAAA,EAAG;AAC/B,YAAA,OAAA,CAAQ,KAAK,gBAAgB,CAAA;AAC7B,YAAA,aAAA,GAAgB,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,sBAAA,EAAuB;AAAA,UAClE;AAAA,QACF;AAAA,MACF,SAAS,KAAA,EAAO;AAEd,QAAA,OAAA,CAAQ,KAAA,CAAM,qDAAqD,KAAK,CAAA;AACxE,QAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,EAAE,CAAA;AACpC,QAAA,OAAA,CAAQ,KAAK,8BAA8B,CAAA;AAAA,MAC7C;AAAA,IACF;AAIA,IAAA,MAAM,YAAY,KAAA,CAAM,SAAA,IAAa,KAAA,CAAM,OAAA,GAAU,YAAY,CAAA,IAAK,EAAA;AACtE,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,MAAM,mBAAmB,MAAA,CAAO,OAAA,CAAQ,IAAA,CAAK,KAAA,CAAM,MAAM,UAAU,CAAA;AAEnE,MAAA,MAAM,WAAA,GAAc,CAAC,aAAA,EAAe,WAAA,EAAa,kBAAkB,CAAA;AACnE,MAAA,MAAM,aAAA,GAAgB,gBAAA,CAAiB,IAAA,CAAK,CAAC,GAAG,CAAA,KAAM;AACpD,QAAA,MAAM,UAAA,GAAa,WAAA,CAAY,QAAA,CAAS,CAAA,CAAE,CAAC,CAAC,CAAA;AAC5C,QAAA,MAAM,UAAA,GAAa,WAAA,CAAY,QAAA,CAAS,CAAA,CAAE,CAAC,CAAC,CAAA;AAC5C,QAAA,IAAI,UAAA,IAAc,CAAC,UAAA,EAAY,OAAO,CAAA;AACtC,QAAA,IAAI,CAAC,UAAA,IAAc,UAAA,EAAY,OAAO,EAAA;AACtC,QAAA,OAAO,CAAA;AAAA,MACT,CAAC,CAAA;AAED,MAAA,KAAA,MAAW,CAAC,QAAA,EAAU,SAAS,CAAA,IAAK,aAAA,EAAe;AACjD,QAAA,MAAM,IAAA,GAAO,SAAA;AACb,QAAA,MAAM,OAAA,GAAU,IAAA,CAAK,QAAA,CAAS,IAAA,CAAK,CAAC,OAAA,KAAoB;AACtD,UAAA,MAAM,KAAA,GAAQ,IAAI,MAAA,CAAO,OAAA,EAAS,GAAG,CAAA;AACrC,UAAA,OAAO,KAAA,CAAM,KAAK,SAAS,CAAA;AAAA,QAC7B,CAAC,CAAA;AAED,QAAA,IAAI,OAAA,EAAS;AACX,UAAA,MAAM,SAAA,GAAY,IAAA,CAAK,YAAA,CAAa,QAAQ,CAAA;AAC5C,UAAA,MAAM,SAAA,GAAY,IAAA,CAAK,YAAA,CAAa,QAAQ,CAAA;AAE5C,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,IAAA,CAAK,aAAa,GAAG,CAAA;AACvD,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,cAAA,EAAiB,SAAS,CAAA,CAAE,CAAA;AACzC,UAAA,IAAI,CAAC,aAAA,EAAe;AAClB,YAAA,aAAA,GAAgB,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,SAAA,EAAU;AACnD,YAAA,kBAAA,GAAqB,SAAA;AAAA,UACvB;AACA,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,MAAM,iBAAA,GAAoB,IAAA,CAAK,KAAA,CAAM,KAAA,CAAM,OAAA,CAAQ,UAAA;AACnD,IAAA,MAAM,iBAAiB,iBAAA,CAAkB,MAAA;AAAA,MACvC,CAAC,UAAA,KAA2B,iBAAA,CAAkB,UAAA,CAAW,IAAA,CAAK,aAAa;AAAA,KAC7E;AAEA,IAAA,IAAI,cAAA,CAAe,SAAS,CAAA,EAAG;AAC7B,MAAA,MAAM,aAAA,GAAgB,IAAA,CAAK,GAAA,CAAI,GAAG,cAAA,CAAe,GAAA,CAAI,CAAC,CAAA,KAAkB,CAAA,CAAE,UAAA,GAAa,GAAG,CAAC,CAAA;AAC3F,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,aAAa,CAAA;AAC/C,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,WAAA,EAAc,cAAA,CAAe,MAAM,CAAA,CAAE,CAAA;AAAA,IACpD;AAGA,IAAA,MAAM,EAAA,GAAK,KAAA,CAAM,EAAA,IAAM,KAAA,CAAM,SAAA;AAC7B,IAAA,IAAI,EAAA,IAAM,CAAC,iBAAA,CAAkB,iBAAiB,KAAK,CAAC,iBAAA,CAAkB,WAAW,CAAA,EAAG;AAElF,MAAA,MAAM,QAAA,GACJ,WAAA,IAAe,IAAA,CAAK,KAAA,CAAM,KAAA,CAAM,QAAA,GAC5B,IAAA,CAAK,KAAA,CAAM,KAAA,CAAM,QAAA,CAAS,SAAA,GAC1B,IAAA,CAAK,MAAM,KAAA,CAAM,QAAA;AAEvB,MAAA,KAAA,MAAW,CAAC,QAAA,EAAU,MAAM,KAAK,MAAA,CAAO,OAAA,CAAQ,QAAQ,CAAA,EAAG;AAEzD,QAAA,IACE,CAAC,MAAA,IACD,OAAO,MAAA,KAAW,QAAA,IAClB,EAAE,QAAA,IAAY,MAAA,CAAA,IACd,CAAC,KAAA,CAAM,OAAA,CAAQ,MAAA,CAAO,MAAM,CAAA;AAE5B,UAAA;AAEF,QAAA,MAAM,OAAA,GAAU,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,CAAC,KAAA,KAAkB;AACpD,UAAA,MAAM,MAAA,GAAS,KAAA,CAAM,KAAA,CAAM,GAAG,EAAE,CAAC,CAAA;AACjC,UAAA,MAAM,WAAA,GAAc,MAAA,CAAO,KAAA,CAAM,GAAG,CAAA;AACpC,UAAA,MAAM,OAAA,GAAU,EAAA,CAAG,KAAA,CAAM,GAAG,CAAA;AAG5B,UAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,IAAA,CAAK,GAAA,CAAI,YAAY,MAAA,GAAS,CAAA,EAAG,CAAC,CAAA,EAAG,CAAA,EAAA,EAAK;AAC5D,YAAA,IAAI,WAAA,CAAY,CAAC,CAAA,KAAM,OAAA,CAAQ,CAAC,CAAA,IAAK,WAAA,CAAY,CAAC,CAAA,KAAM,GAAA,EAAK;AAC3D,cAAA,OAAO,KAAA;AAAA,YACT;AAAA,UACF;AACA,UAAA,OAAO,IAAA;AAAA,QACT,CAAC,CAAA;AAED,QAAA,IAAI,OAAA,EAAS;AACX,UAAA,MAAM,IAAA,GAAO,MAAA;AACb,UAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY,IAAA,CAAK,aAAa,EAAE,CAAA;AACtD,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,eAAA,EAAkB,QAAQ,CAAA,CAAE,CAAA;AACzC,UAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,OAAA,CAAQ,MAAA,GAAS,CAAA,IAAK,UAAA,GAAa,GAAA,EAAK;AAC1C,MAAA,UAAA,GAAa,IAAA,CAAK,GAAA,CAAI,UAAA,GAAa,GAAA,EAAK,EAAE,CAAA;AAAA,IAC5C;AAGA,IAAA,UAAA,GAAa,KAAK,GAAA,CAAI,IAAA,CAAK,IAAI,UAAA,EAAY,CAAC,GAAG,GAAG,CAAA;AAElD,IAAA,OAAO;AAAA,MACL,SAAS,UAAA,GAAa,EAAA;AAAA;AAAA,MACtB,UAAA;AAAA,MACA,gBACE,UAAA,GAAa,EAAA,IAAM,gBACf,EAAE,IAAA,EAAM,WAAoB,SAAA,EAAW,aAAA,CAAc,MAAK,GAC1D,UAAA,GAAa,KACX,EAAE,IAAA,EAAM,WAAmB,GAC3B,EAAE,MAAM,OAAA,EAAiB;AAAA,MACjC,SAAS,EAAC;AAAA;AAAA,MACV,GAAI,aAAA,IAAiB,EAAE,aAAA,EAAc;AAAA,MACrC,OAAA;AAAA,MACA,GAAI,kBAAA,IAAsB;AAAA,QACxB;AAAA,OAOF;AAAA,MACA,kBACE,kBAAA,KAAuB,WAAA,GAAc,KAAA,GAAQ,UAAA,GAAa,KAAK,QAAA,GAAW,MAAA;AAAA;AAAA,MAC5E,SAAA,sBAAe,IAAA;AAAK,KACtB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,aAAa,QAAA,EAA0B;AAC7C,IAAA,MAAM,OAAA,GAAkC;AAAA,MACtC,aAAA,EAAe,QAAA;AAAA,MACf,gBAAA,EAAkB,WAAA;AAAA,MAClB,cAAA,EAAgB,YAAA;AAAA,MAChB,SAAA,EAAW,QAAA;AAAA,MACX,YAAA,EAAc,WAAA;AAAA,MACd,OAAA,EAAS,MAAA;AAAA,MACT,UAAA,EAAY,QAAA;AAAA,MACZ,eAAA,EAAiB,aAAA;AAAA,MACjB,WAAA,EAAa,SAAA;AAAA,MACb,SAAA,EAAW,KAAA;AAAA,MACX,gBAAA,EAAkB;AAAA,KACpB;AACA,IAAA,OAAO,OAAA,CAAQ,QAAQ,CAAA,IAAK,QAAA;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA,EAKQ,aAAa,QAAA,EAA0B;AAC7C,IAAA,MAAM,OAAA,GAAkC;AAAA,MACtC,aAAA,EAAe,gBAAA;AAAA,MACf,gBAAA,EAAkB,QAAA;AAAA,MAClB,cAAA,EAAgB,YAAA;AAAA,MAChB,SAAA,EAAW,WAAA;AAAA,MACX,YAAA,EAAc,mBAAA;AAAA,MACd,OAAA,EAAS,SAAA;AAAA,MACT,UAAA,EAAY,QAAA;AAAA,MACZ,eAAA,EAAiB,aAAA;AAAA,MACjB,WAAA,EAAa,aAAA;AAAA,MACb,SAAA,EAAW,kBAAA;AAAA,MACX,gBAAA,EAAkB;AAAA,KACpB;AACA,IAAA,OAAO,OAAA,CAAQ,QAAQ,CAAA,IAAK,QAAA;AAAA,EAC9B;AACF,CAAA;AAKO,IAAM,2BAAN,MAA+B;AAAA,EAC5B,QAAA;AAAA,EACA,MAAA,uBAA0C,GAAA,EAAI;AAAA,EAEtD,YAAY,OAAA,EAAmB;AAE7B,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,iBAAA,EAAkB;AAAA,EACxC;AAAA,EAEA,MAAM,QAAQ,KAAA,EAAiD;AAC7D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,QAAA,CAAS,QAAQ,KAAK,CAAA;AAGhD,IAAA,IAAI,OAAO,OAAA,IAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,gBAAgB,KAAK,EAAC;AACvD,MAAA,QAAA,CAAS,QAAQ,CAAC,OAAA,KAAY,OAAA,CAAQ,MAAA,EAAQ,KAAK,CAAC,CAAA;AAAA,IACtD;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEA,EAAA,CAAG,OAAe,OAAA,EAA6B;AAC7C,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,EAAG;AAC3B,MAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAA,EAAO,EAAE,CAAA;AAAA,IAC3B;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA,CAAG,KAAK,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,IAAA,CAAK,UAAkB,IAAA,EAAuB;AAC5C,IAAA,MAAM,WAAW,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,KAAK,KAAK,EAAC;AAC5C,IAAA,QAAA,CAAS,QAAQ,CAAC,OAAA,KAAY,OAAA,CAAQ,GAAG,IAAI,CAAC,CAAA;AAAA,EAChD;AAAA,EAEA,MAAM,IAAA,GAAsB;AAE1B,IAAA;AAAA,EACF;AACF","file":"edge-detector-wrapper.mjs","sourcesContent":["/**\n * Ed25519 Signature Verification for HTTP Message Signatures\n * Implements proper cryptographic verification for ChatGPT and other agents\n *\n * Based on RFC 9421 (HTTP Message Signatures) and ChatGPT's implementation\n * Reference: https://help.openai.com/en/articles/9785974-chatgpt-user-allowlisting\n */\n\nimport * as ed25519 from '@noble/ed25519';\nimport { sha512 } from '@noble/hashes/sha2.js';\n\n// Configure @noble/ed25519 to use sync SHA-512 from @noble/hashes\n// This works in all environments including Edge Runtime\ned25519.etc.sha512Sync = (...m) => sha512(ed25519.etc.concatBytes(...m));\n\n/**\n * Known public keys for AI agents (fallback)\n *\n * IMPORTANT: These keys are used as fallback when the API is unavailable.\n * The primary source of keys should be the /api/internal/signature-keys endpoint\n * which fetches from https://chatgpt.com/.well-known/http-message-signatures-directory\n *\n * TODO: Implement automated key rotation by:\n * 1. Setting up a cron job to fetch from OpenAI's well-known endpoint\n * 2. Storing keys in database/KV store with proper expiration handling\n * 3. Removing hardcoded fallback keys entirely\n */\nconst KNOWN_KEYS = {\n chatgpt: [\n {\n kid: 'otMqcjr17mGyruktGvJU8oojQTSMHlVm7uO-lrcqbdg',\n // ChatGPT's current Ed25519 public key (base64)\n // Source: https://chatgpt.com/.well-known/http-message-signatures-directory\n publicKey: '7F_3jDlxaquwh291MiACkcS3Opq88NksyHiakzS-Y1g',\n validFrom: 1735689600, // Jan 1, 2025 (nbf from OpenAI)\n validUntil: 1769029093, // Jan 21, 2026 (exp from OpenAI)\n },\n ],\n};\n\n/**\n * In-memory cache for API-fetched keys\n */\ninterface CachedKeys {\n keys: Array<{\n kid: string;\n publicKey: string;\n validFrom: number;\n validUntil: number;\n }>;\n cachedAt: number;\n}\n\nconst keyCache = new Map<string, CachedKeys>();\nconst CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes\nconst CACHE_MAX_SIZE = 100; // Maximum cache entries before cleanup\n\n/**\n * Get API base URL for fetching keys\n * Returns absolute URL for server-side, relative for browser\n */\nfunction getApiBaseUrl(): string {\n if (typeof window !== 'undefined') {\n // Browser: use relative path\n return '/api/internal';\n }\n\n // Server-side: must use absolute URL\n // Try environment variables first\n const baseUrl =\n process.env.NEXT_PUBLIC_APP_URL ||\n process.env.NEXT_PUBLIC_API_URL ||\n process.env.API_URL ||\n (process.env.VERCEL_URL ? `https://${process.env.VERCEL_URL}` : null);\n\n if (baseUrl) {\n return baseUrl.replace(/\\/$/, '') + '/api/internal';\n }\n\n // Fallback: try to construct from request context if available\n // For middleware/edge runtime, we may need to pass the request URL\n // For now, return relative path and log warning\n if (process.env.NODE_ENV !== 'production') {\n console.warn(\n '[Signature] No base URL configured for server-side fetch. Using localhost fallback.'\n );\n return 'http://localhost:3000/api/internal';\n }\n\n // Production fallback - should not reach here if properly configured\n console.error(\n '[Signature] CRITICAL: No base URL configured for server-side fetch in production!'\n );\n return '/api/internal'; // Will fail, but prevents silent success\n}\n\n/**\n * Clean up expired cache entries and enforce size limit\n * Called periodically to prevent unbounded memory growth\n * Uses LRU-style eviction: removes expired entries first, then oldest entries if still over limit\n */\nfunction cleanupExpiredCache(): void {\n const now = Date.now();\n const entriesToDelete: string[] = [];\n\n // First pass: remove expired entries\n for (const [agent, cached] of keyCache.entries()) {\n if (now - cached.cachedAt > CACHE_TTL_MS) {\n entriesToDelete.push(agent);\n }\n }\n\n for (const agent of entriesToDelete) {\n keyCache.delete(agent);\n }\n\n // Second pass: if still over limit, remove oldest entries (LRU eviction)\n if (keyCache.size > CACHE_MAX_SIZE) {\n // Convert entries to array with cachedAt timestamp for sorting\n const entries = Array.from(keyCache.entries()).map(([agent, cached]) => ({\n agent,\n cachedAt: cached.cachedAt,\n }));\n\n // Sort by cachedAt (oldest first)\n entries.sort((a, b) => a.cachedAt - b.cachedAt);\n\n // Remove oldest entries until we're under the limit\n const toRemove = entries.slice(0, keyCache.size - CACHE_MAX_SIZE);\n for (const entry of toRemove) {\n keyCache.delete(entry.agent);\n }\n }\n}\n\n/**\n * Fetch keys from API with caching\n */\nasync function fetchKeysFromApi(agent: string): Promise<Array<{\n kid: string;\n publicKey: string;\n validFrom: number;\n validUntil: number;\n}> | null> {\n // Periodic cleanup to prevent memory leaks\n if (keyCache.size > CACHE_MAX_SIZE) {\n cleanupExpiredCache();\n }\n\n // Check cache first\n const cached = keyCache.get(agent);\n if (cached && Date.now() - cached.cachedAt < CACHE_TTL_MS) {\n return cached.keys;\n }\n\n // Check if fetch is available (Edge Runtime compatibility)\n if (typeof fetch === 'undefined') {\n console.warn('[Signature] fetch() not available in this environment');\n return null;\n }\n\n try {\n const apiBaseUrl = getApiBaseUrl();\n const url = `${apiBaseUrl}/signature-keys?agent=${encodeURIComponent(agent)}`;\n\n const response = await fetch(url, {\n method: 'GET',\n headers: {\n 'Content-Type': 'application/json',\n },\n // 5 second timeout\n signal: AbortSignal.timeout(5000),\n });\n\n if (!response.ok) {\n console.warn(`[Signature] Failed to fetch keys from API: ${response.status}`);\n return null;\n }\n\n const data = await response.json();\n\n if (!data.keys || !Array.isArray(data.keys) || data.keys.length === 0) {\n console.warn(`[Signature] No keys returned from API for agent: ${agent}`);\n return null;\n }\n\n // Cache the result\n keyCache.set(agent, {\n keys: data.keys,\n cachedAt: Date.now(),\n });\n\n return data.keys;\n } catch (error) {\n console.warn('[Signature] Error fetching keys from API, using fallback', {\n error: error instanceof Error ? error.message : 'Unknown error',\n agent,\n });\n return null;\n }\n}\n\n/**\n * Type guard to check if agent is a valid key in KNOWN_KEYS\n */\nfunction isValidAgent(agent: string): agent is keyof typeof KNOWN_KEYS {\n return agent in KNOWN_KEYS;\n}\n\n/**\n * Get keys for an agent (API first, then fallback)\n */\nasync function getKeysForAgent(agent: string): Promise<\n Array<{\n kid: string;\n publicKey: string;\n validFrom: number;\n validUntil: number;\n }>\n> {\n // Try API first\n const apiKeys = await fetchKeysFromApi(agent);\n if (apiKeys && apiKeys.length > 0) {\n return apiKeys;\n }\n\n // Fallback to hardcoded keys with type guard\n if (isValidAgent(agent)) {\n return KNOWN_KEYS[agent];\n }\n\n return [];\n}\n\n/**\n * Parse the Signature-Input header according to RFC 9421\n */\nfunction parseSignatureInput(signatureInput: string): {\n keyid: string;\n created?: number | undefined;\n expires?: number | undefined;\n signedHeaders: string[];\n} | null {\n try {\n // Example: sig1=(\"@method\" \"@path\" \"@authority\" \"date\");keyid=\"...\";created=1234567890\n const match = signatureInput.match(/sig1=\\((.*?)\\);(.+)/);\n if (!match) return null;\n\n const [, headersList, params] = match;\n\n // Parse signed headers\n const signedHeaders = headersList\n ? headersList\n .split(' ')\n .map((h) => h.replace(/\"/g, '').trim())\n .filter((h) => h.length > 0)\n : [];\n\n // Parse parameters\n const keyidMatch = params ? params.match(/keyid=\"([^\"]+)\"/) : null;\n const createdMatch = params ? params.match(/created=(\\d+)/) : null;\n const expiresMatch = params ? params.match(/expires=(\\d+)/) : null;\n\n if (!keyidMatch || !keyidMatch[1]) return null;\n\n return {\n keyid: keyidMatch[1],\n created: createdMatch && createdMatch[1] ? parseInt(createdMatch[1]) : undefined,\n expires: expiresMatch && expiresMatch[1] ? parseInt(expiresMatch[1]) : undefined,\n signedHeaders,\n };\n } catch (error) {\n console.error('[Signature] Failed to parse Signature-Input:', error);\n return null;\n }\n}\n\n/**\n * Build the signature base string according to RFC 9421\n * This is what gets signed\n */\nfunction buildSignatureBase(\n method: string,\n path: string,\n headers: Record<string, string>,\n signedHeaders: string[]\n): string {\n const components: string[] = [];\n\n for (const headerName of signedHeaders) {\n let value: string;\n\n switch (headerName) {\n case '@method':\n value = method.toUpperCase();\n break;\n case '@path':\n value = path;\n break;\n case '@authority':\n // Get from Host header or URL\n value = headers['host'] || headers['Host'] || '';\n break;\n default: {\n // Regular headers (case-insensitive lookup)\n const key = Object.keys(headers).find((k) => k.toLowerCase() === headerName.toLowerCase());\n value = key ? headers[key] || '' : '';\n break;\n }\n }\n\n // Format according to RFC 9421\n components.push(`\"${headerName}\": ${value}`);\n }\n\n return components.join('\\n');\n}\n\n/**\n * Decode base64 (handles both standard and URL-safe variants)\n * URL-safe base64 uses - instead of + and _ instead of /\n */\nfunction base64ToBytes(base64: string): Uint8Array {\n // Convert URL-safe base64 to standard base64\n let standardBase64 = base64.replace(/-/g, '+').replace(/_/g, '/');\n\n // Add padding if needed\n const padding = standardBase64.length % 4;\n if (padding) {\n standardBase64 += '='.repeat(4 - padding);\n }\n\n const binaryString = atob(standardBase64);\n return Uint8Array.from(binaryString, (c) => c.charCodeAt(0));\n}\n\n/**\n * Verify Ed25519 signature using @noble/ed25519 (works in all environments including Edge Runtime)\n * Falls back to Web Crypto API if available\n */\nasync function verifyEd25519Signature(\n publicKeyBase64: string,\n signatureBase64: string,\n message: string\n): Promise<boolean> {\n try {\n // Decode base64 to Uint8Array (handles URL-safe base64)\n const publicKeyBytes = base64ToBytes(publicKeyBase64);\n const signatureBytes = base64ToBytes(signatureBase64);\n const messageBytes = new TextEncoder().encode(message);\n\n // Check key and signature lengths\n if (publicKeyBytes.length !== 32) {\n console.error('[Signature] Invalid public key length:', publicKeyBytes.length);\n return false;\n }\n if (signatureBytes.length !== 64) {\n console.error('[Signature] Invalid signature length:', signatureBytes.length);\n return false;\n }\n\n // Use @noble/ed25519 with sync SHA-512 - works in all environments including Edge Runtime\n return ed25519.verify(signatureBytes, messageBytes, publicKeyBytes);\n } catch (nobleError) {\n console.warn('[Signature] @noble/ed25519 failed, trying Web Crypto fallback:', nobleError);\n\n // Fallback to Web Crypto API (may not work in Edge Runtime)\n try {\n const publicKeyBytes = base64ToBytes(publicKeyBase64);\n const signatureBytes = base64ToBytes(signatureBase64);\n const messageBytes = new TextEncoder().encode(message);\n\n const publicKey = await crypto.subtle.importKey(\n 'raw',\n publicKeyBytes.buffer as ArrayBuffer,\n {\n name: 'Ed25519',\n namedCurve: 'Ed25519',\n },\n false,\n ['verify']\n );\n\n return await crypto.subtle.verify(\n 'Ed25519',\n publicKey,\n signatureBytes.buffer as ArrayBuffer,\n messageBytes\n );\n } catch (cryptoError) {\n console.error('[Signature] Both @noble/ed25519 and Web Crypto failed:', {\n nobleError: nobleError instanceof Error ? nobleError.message : 'Unknown',\n cryptoError: cryptoError instanceof Error ? cryptoError.message : 'Unknown',\n });\n return false;\n }\n }\n}\n\n/**\n * Signature verification result\n */\nexport interface SignatureVerificationResult {\n isValid: boolean;\n agent?: string;\n keyid?: string;\n confidence: number;\n reason?: string;\n verificationMethod: 'signature' | 'none';\n}\n\n/**\n * Verify HTTP Message Signature for AI agents\n */\nexport async function verifyAgentSignature(\n method: string,\n path: string,\n headers: Record<string, string>\n): Promise<SignatureVerificationResult> {\n // Check for signature headers\n const signature = headers['signature'] || headers['Signature'];\n const signatureInput = headers['signature-input'] || headers['Signature-Input'];\n const signatureAgent = headers['signature-agent'] || headers['Signature-Agent'];\n\n // No signature present\n if (!signature || !signatureInput) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'No signature headers present',\n verificationMethod: 'none',\n };\n }\n\n // Parse Signature-Input header\n const parsed = parseSignatureInput(signatureInput);\n if (!parsed) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Invalid Signature-Input header',\n verificationMethod: 'none',\n };\n }\n\n // Check timestamp if present\n if (parsed.created) {\n const now = Math.floor(Date.now() / 1000);\n const age = now - parsed.created;\n\n // Reject signatures older than 5 minutes\n if (age > 300) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Signature expired (older than 5 minutes)',\n verificationMethod: 'none',\n };\n }\n\n // Reject signatures from the future (clock skew tolerance: 30 seconds)\n if (age < -30) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Signature timestamp is in the future',\n verificationMethod: 'none',\n };\n }\n }\n\n // Determine which agent based on signature-agent header\n let agent: string | undefined;\n let agentKey: string | undefined;\n\n if (signatureAgent === '\"https://chatgpt.com\"' || signatureAgent?.includes('chatgpt.com')) {\n agent = 'ChatGPT';\n agentKey = 'chatgpt';\n }\n // Add other agents here as needed\n\n if (!agent || !agentKey) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Unknown signature agent',\n verificationMethod: 'none',\n };\n }\n\n // Get keys (API first, then fallback)\n const knownKeys = await getKeysForAgent(agentKey);\n\n if (knownKeys.length === 0) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'No keys available for agent',\n verificationMethod: 'none',\n };\n }\n\n // Find the key by ID\n const key = knownKeys.find((k) => k.kid === parsed.keyid);\n if (!key) {\n return {\n isValid: false,\n confidence: 0,\n reason: `Unknown key ID: ${parsed.keyid}`,\n verificationMethod: 'none',\n };\n }\n\n // Check key validity period\n const now = Math.floor(Date.now() / 1000);\n if (now < key.validFrom || now > key.validUntil) {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Key is not valid at current time',\n verificationMethod: 'none',\n };\n }\n\n // Build the signature base string\n const signatureBase = buildSignatureBase(method, path, headers, parsed.signedHeaders);\n\n // Extract the actual signature value (remove \"sig1=:\" prefix and \"::\" suffix if present)\n let signatureValue = signature;\n if (signatureValue.startsWith('sig1=:')) {\n signatureValue = signatureValue.substring(6);\n }\n if (signatureValue.endsWith(':')) {\n signatureValue = signatureValue.slice(0, -1);\n }\n\n // Verify the signature\n const isValid = await verifyEd25519Signature(key.publicKey, signatureValue, signatureBase);\n\n if (isValid) {\n return {\n isValid: true,\n agent,\n keyid: parsed.keyid,\n confidence: 1.0, // 100% confidence for valid signature\n verificationMethod: 'signature',\n };\n } else {\n return {\n isValid: false,\n confidence: 0,\n reason: 'Signature verification failed',\n verificationMethod: 'none',\n };\n }\n}\n\n/**\n * Quick check if signature headers are present (for performance)\n */\nexport function hasSignatureHeaders(headers: Record<string, string>): boolean {\n return !!(\n (headers['signature'] || headers['Signature']) &&\n (headers['signature-input'] || headers['Signature-Input'])\n );\n}\n\n/**\n * Check if this is a ChatGPT signature based on headers\n * Uses secure URL parsing to prevent spoofing attacks\n */\nexport function isChatGPTSignature(headers: Record<string, string>): boolean {\n const signatureAgent = headers['signature-agent'] || headers['Signature-Agent'];\n\n if (!signatureAgent) {\n return false;\n }\n\n // Strip leading/trailing quotes if present\n const agentUrlStr = signatureAgent.replace(/^\"+|\"+$/g, '');\n\n // Exact match for the standard ChatGPT signature agent\n if (agentUrlStr === 'https://chatgpt.com') {\n return true;\n }\n\n // Parse URL and validate host to prevent spoofing\n try {\n const agentUrl = new URL(agentUrlStr);\n const allowedHosts = ['chatgpt.com', 'www.chatgpt.com'];\n return allowedHosts.includes(agentUrl.host);\n } catch {\n // Not a valid URL, return false for security\n return false;\n }\n}\n","/**\n * Wrapper for EdgeAgentDetector to match AgentDetector interface\n * This allows the middleware to work with EdgeAgentDetector in Edge Runtime\n *\n * This is a self-contained implementation to avoid import resolution issues\n * Includes proper Ed25519 signature verification for ChatGPT and other agents\n */\n\ntype DetectionInput = {\n userAgent?: string;\n ip?: string;\n ipAddress?: string;\n headers?: Record<string, string>;\n url?: string;\n method?: string;\n timestamp?: Date;\n};\n\n// Import the proper DetectionResult type from shared package\nimport type { DetectionResult } from '@kya-os/agentshield-shared';\n\ntype EventHandler = (...args: unknown[]) => void;\n\n// Import signature verifier\nimport {\n verifyAgentSignature,\n hasSignatureHeaders,\n isChatGPTSignature,\n} from './signature-verifier';\nimport {\n loadRulesSync,\n type DetectionRules,\n type UserAgentRule,\n type HeaderRule,\n type IpRangeRule,\n} from '@kya-os/agentshield-shared';\n\n// Load centralized rules - this will fail fast if rules cannot be loaded\nconst rules: DetectionRules = loadRulesSync();\n\n/**\n * Self-contained EdgeAgentDetector implementation with proper signature verification\n */\nclass EdgeAgentDetector {\n private rules: DetectionRules;\n\n constructor() {\n this.rules = rules;\n }\n\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const reasons: string[] = [];\n let detectedAgent: { type: string; name: string } | undefined;\n let verificationMethod: string | undefined;\n let confidence = 0;\n\n const headers = input.headers || {};\n const normalizedHeaders: Record<string, string> = {};\n\n // Normalize header names to lowercase\n for (const [key, value] of Object.entries(headers)) {\n normalizedHeaders[key.toLowerCase()] = value;\n }\n\n // Check for HTTP Message Signatures with proper cryptographic verification\n if (hasSignatureHeaders(headers)) {\n try {\n // Verify the signature cryptographically\n const signatureResult = await verifyAgentSignature(\n input.method || 'GET',\n input.url || '/',\n headers\n );\n\n if (signatureResult.isValid) {\n // Valid cryptographic signature - highest confidence (convert 0-1 to 0-100)\n confidence = signatureResult.confidence * 100;\n reasons.push(`verified_signature:${signatureResult.agent?.toLowerCase() || 'unknown'}`);\n if (signatureResult.agent) {\n detectedAgent = {\n type: signatureResult.agent.toLowerCase(),\n name: signatureResult.agent,\n };\n }\n verificationMethod = signatureResult.verificationMethod;\n\n // Add keyid to reasons for debugging\n if (signatureResult.keyid) {\n reasons.push(`keyid:${signatureResult.keyid}`);\n }\n } else {\n // Invalid signature - suspicious\n console.warn('[EdgeAgentDetector] Signature verification failed:', {\n reason: signatureResult.reason,\n agent: signatureResult.agent,\n hasSignatureAgent: !!headers['signature-agent'] || !!headers['Signature-Agent'],\n signatureAgentValue: headers['signature-agent'] || headers['Signature-Agent'],\n });\n confidence = Math.max(confidence, 30); // Updated to 0-100 scale (was 0.3)\n reasons.push('invalid_signature');\n if (signatureResult.reason) {\n reasons.push(`signature_error:${signatureResult.reason}`);\n }\n\n // Still check if it claims to be ChatGPT\n if (isChatGPTSignature(headers)) {\n reasons.push('claims_chatgpt');\n detectedAgent = { type: 'chatgpt', name: 'ChatGPT (unverified)' };\n }\n }\n } catch (error) {\n // Error during verification\n console.error('[EdgeAgentDetector] Signature verification error:', error);\n confidence = Math.max(confidence, 20); // Updated to 0-100 scale (was 0.2)\n reasons.push('signature_verification_error');\n }\n }\n\n // Check User-Agent patterns using centralized rules\n // Sort rules to check more specific patterns first (generic_bot last)\n const userAgent = input.userAgent || input.headers?.['user-agent'] || '';\n if (userAgent) {\n const userAgentEntries = Object.entries(this.rules.rules.userAgents);\n // Sort: put generic_bot, dev_tools, automation_tools last since they have broad patterns\n const genericKeys = ['generic_bot', 'dev_tools', 'automation_tools'];\n const sortedEntries = userAgentEntries.sort((a, b) => {\n const aIsGeneric = genericKeys.includes(a[0]);\n const bIsGeneric = genericKeys.includes(b[0]);\n if (aIsGeneric && !bIsGeneric) return 1;\n if (!aIsGeneric && bIsGeneric) return -1;\n return 0;\n });\n\n for (const [agentKey, agentRule] of sortedEntries) {\n const rule = agentRule as UserAgentRule;\n const matched = rule.patterns.some((pattern: string) => {\n const regex = new RegExp(pattern, 'i');\n return regex.test(userAgent);\n });\n\n if (matched) {\n const agentType = this.getAgentType(agentKey);\n const agentName = this.getAgentName(agentKey);\n\n confidence = Math.max(confidence, rule.confidence * 100); // Convert 0-1 rule confidence to 0-100 scale\n reasons.push(`known_pattern:${agentType}`);\n if (!detectedAgent) {\n detectedAgent = { type: agentType, name: agentName };\n verificationMethod = 'pattern';\n }\n break;\n }\n }\n }\n\n // Check AI-specific headers using centralized rules\n const suspiciousHeaders = this.rules.rules.headers.suspicious;\n const foundAiHeaders = suspiciousHeaders.filter(\n (headerRule: HeaderRule) => normalizedHeaders[headerRule.name.toLowerCase()]\n );\n\n if (foundAiHeaders.length > 0) {\n const maxConfidence = Math.max(...foundAiHeaders.map((h: HeaderRule) => h.confidence * 100)); // Convert 0-1 to 0-100\n confidence = Math.max(confidence, maxConfidence);\n reasons.push(`ai_headers:${foundAiHeaders.length}`);\n }\n\n // Check cloud provider IPs using centralized rules\n const ip = input.ip || input.ipAddress;\n if (ip && !normalizedHeaders['x-forwarded-for'] && !normalizedHeaders['x-real-ip']) {\n // Handle both old (with providers) and new (direct) structures\n const ipRanges =\n 'providers' in this.rules.rules.ipRanges\n ? this.rules.rules.ipRanges.providers\n : this.rules.rules.ipRanges;\n\n for (const [provider, ipRule] of Object.entries(ipRanges)) {\n // Skip non-rule entries\n if (\n !ipRule ||\n typeof ipRule !== 'object' ||\n !('ranges' in ipRule) ||\n !Array.isArray(ipRule.ranges)\n )\n continue;\n\n const matched = ipRule.ranges.some((range: string) => {\n const prefix = range.split('/')[0];\n const prefixParts = prefix.split('.');\n const ipParts = ip.split('.');\n\n // Check if IP starts with the same octets\n for (let i = 0; i < Math.min(prefixParts.length - 1, 2); i++) {\n if (prefixParts[i] !== ipParts[i] && prefixParts[i] !== '0') {\n return false;\n }\n }\n return true;\n });\n\n if (matched) {\n const rule = ipRule as IpRangeRule;\n confidence = Math.max(confidence, rule.confidence * 40); // Convert 0-1 to 0-100 with 0.4 reduction factor\n reasons.push(`cloud_provider:${provider}`);\n break;\n }\n }\n }\n\n // Boost confidence for combinations (but not if already at 100 from signature)\n if (reasons.length > 2 && confidence < 100) {\n confidence = Math.min(confidence * 1.2, 95); // Cap at 95 to leave room for cryptographic verification\n }\n\n // Ensure confidence stays within 0-100 range\n confidence = Math.min(Math.max(confidence, 0), 100);\n\n return {\n isAgent: confidence > 30, // Updated to 0-100 scale (was 0.3)\n confidence,\n detectionClass:\n confidence > 30 && detectedAgent // Updated to 0-100 scale\n ? { type: 'AiAgent' as const, agentType: detectedAgent.name }\n : confidence > 30 // Updated to 0-100 scale\n ? { type: 'Unknown' as const }\n : { type: 'Human' as const },\n signals: [], // Will be populated by enhanced detection engine in future tasks\n ...(detectedAgent && { detectedAgent }),\n reasons,\n ...(verificationMethod && {\n verificationMethod: verificationMethod as\n | 'signature'\n | 'pattern'\n | 'behavioral'\n | 'network'\n | 'mcp_i_handshake'\n | 'none',\n }),\n forgeabilityRisk:\n verificationMethod === 'signature' ? 'low' : confidence > 80 ? 'medium' : 'high', // Updated to 0-100 scale\n timestamp: new Date(),\n };\n }\n\n /**\n * Get agent type from rule key\n */\n private getAgentType(agentKey: string): string {\n const typeMap: Record<string, string> = {\n openai_gptbot: 'openai',\n anthropic_claude: 'anthropic',\n perplexity_bot: 'perplexity',\n google_ai: 'google',\n microsoft_ai: 'microsoft',\n meta_ai: 'meta',\n cohere_bot: 'cohere',\n huggingface_bot: 'huggingface',\n generic_bot: 'generic',\n dev_tools: 'dev',\n automation_tools: 'automation',\n };\n return typeMap[agentKey] || agentKey;\n }\n\n /**\n * Get agent name from rule key\n */\n private getAgentName(agentKey: string): string {\n const nameMap: Record<string, string> = {\n openai_gptbot: 'ChatGPT/GPTBot',\n anthropic_claude: 'Claude',\n perplexity_bot: 'Perplexity',\n google_ai: 'Google AI',\n microsoft_ai: 'Microsoft Copilot',\n meta_ai: 'Meta AI',\n cohere_bot: 'Cohere',\n huggingface_bot: 'HuggingFace',\n generic_bot: 'Generic Bot',\n dev_tools: 'Development Tool',\n automation_tools: 'Automation Tool',\n };\n return nameMap[agentKey] || agentKey;\n }\n}\n\n/**\n * Wrapper that provides event emitter functionality\n */\nexport class EdgeAgentDetectorWrapper {\n private detector: EdgeAgentDetector;\n private events: Map<string, EventHandler[]> = new Map();\n\n constructor(_config?: unknown) {\n // Config is accepted but not used by EdgeAgentDetector\n this.detector = new EdgeAgentDetector();\n }\n\n async analyze(input: DetectionInput): Promise<DetectionResult> {\n const result = await this.detector.analyze(input);\n\n // Emit events if there are listeners\n if (result.isAgent && this.events.has('agent.detected')) {\n const handlers = this.events.get('agent.detected') || [];\n handlers.forEach((handler) => handler(result, input));\n }\n\n return result;\n }\n\n on(event: string, handler: EventHandler): void {\n if (!this.events.has(event)) {\n this.events.set(event, []);\n }\n this.events.get(event)!.push(handler);\n }\n\n emit(event: string, ...args: unknown[]): void {\n const handlers = this.events.get(event) || [];\n handlers.forEach((handler) => handler(...args));\n }\n\n async init(): Promise<void> {\n // EdgeAgentDetector doesn't need initialization\n return;\n }\n}\n"]}