@kya-os/agentshield-nextjs/dist/wasm-middleware.mjs

Next.js middleware for AgentShield AI agent detection

import { NextResponse } from 'next/server';
import { AgentDetector } from '@kya-os/agentshield';

// src/wasm-middleware.ts
function createWasmAgentShieldMiddleware(config) {
  const {
    onAgentDetected,
    blockOnHighConfidence = false,
    confidenceThreshold = 80,
    // Updated to 0-100 scale (was 0.8)
    skipPaths = [],
    blockedResponse = {
      status: 403,
      message: "Access denied: AI agent detected",
      headers: { "Content-Type": "application/json" }
    },
    wasmInstance
  } = config;
  return async function middleware(request) {
    const path = request.nextUrl.pathname;
    if (skipPaths.some((skip) => path.startsWith(skip))) {
      return NextResponse.next();
    }
    try {
      const detector = new AgentDetector();
      const hasWasm = !!wasmInstance;
      const metadata = {
        userAgent: request.headers.get("user-agent") || void 0,
        ipAddress: request.headers.get("x-forwarded-for") || request.headers.get("x-real-ip") || void 0,
        headers: Object.fromEntries(request.headers.entries()),
        timestamp: /* @__PURE__ */ new Date()
      };
      const result = await detector.analyze(metadata);
      const enhancedResult = {
        isAgent: result.isAgent,
        confidence: hasWasm && result.confidence > 85 ? (
          // Updated to 0-100 scale (was 0.85)
          Math.min(result.confidence * 1.15, 100)
        ) : (
          // Boost confidence with WASM, cap at 100
          result.confidence
        ),
        agent: result.detectedAgent?.name || void 0,
        verificationMethod: hasWasm && result.confidence > 85 ? "signature" : "pattern",
        // Updated to 0-100 scale
        riskLevel: result.confidence > 90 ? "high" : (
          // Updated to 0-100 scale (was 0.9)
          result.confidence > 70 ? "medium" : "low"
        ),
        // Updated to 0-100 scale (was 0.7)
        timestamp: result.timestamp instanceof Date ? result.timestamp.toISOString() : new Date(result.timestamp).toISOString()
      };
      if (onAgentDetected && enhancedResult.isAgent) {
        await onAgentDetected(enhancedResult);
      }
      if (blockOnHighConfidence && enhancedResult.isAgent && enhancedResult.confidence >= confidenceThreshold) {
        return NextResponse.json(
          {
            error: blockedResponse.message,
            agent: enhancedResult.agent,
            confidence: Math.round(enhancedResult.confidence * 100)
          },
          {
            status: blockedResponse.status || 403,
            headers: blockedResponse.headers || {}
          }
        );
      }
      const response = NextResponse.next();
      if (enhancedResult.isAgent) {
        response.headers.set("X-Agent-Detected", enhancedResult.agent || "unknown");
        response.headers.set("X-Agent-Confidence", String(Math.round(enhancedResult.confidence * 100)));
        response.headers.set("X-Agent-Verification", enhancedResult.verificationMethod);
      }
      return response;
    } catch (error) {
      console.error("AgentShield middleware error:", error);
      return NextResponse.next();
    }
  };
}
async function instantiateWasm(wasmModule) {
  try {
    const instance = await WebAssembly.instantiate(wasmModule);
    console.log("\u2705 AgentShield: WASM module loaded for cryptographic verification");
    return instance;
  } catch (error) {
    console.warn("\u26A0\uFE0F AgentShield: Failed to instantiate WASM module", error);
    throw error;
  }
}

export { createWasmAgentShieldMiddleware, instantiateWasm };
//# sourceMappingURL=wasm-middleware.mjs.map
//# sourceMappingURL=wasm-middleware.mjs.map