@kya-os/checkpoint-express 1.1.1 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/CHANGELOG.md +58 -0
  2. package/dist/index.d.mts +2 -2
  3. package/dist/index.d.ts +2 -2
  4. package/dist/index.js +21 -1357
  5. package/dist/index.mjs +15 -1351
  6. package/package.json +5 -5
package/CHANGELOG.md CHANGED
@@ -1,5 +1,63 @@
1
1
  # @kya-os/checkpoint-express
2
2
 
3
+ ## 1.1.3 — 2026-05-18
4
+
5
+ Companion patch for `@kya-os/checkpoint-wasm-runtime@1.2.0`.
6
+
7
+ ### Changed
8
+
9
+ - Session persistence and enforcement compatibility logic now consume
10
+ `VerifyResult.decision` plus `VerifyResult.detectionDetail`.
11
+
12
+ ---
13
+
14
+ ## 1.1.2 — 2026-05-17
15
+
16
+ **Critical rebuild.** 1.1.1 shipped with `engineVerify` bundled inline
17
+ from wasm-runtime@1.0.0 — which had the `(void 0) is not a function`
18
+ tree-shake bug that was later fixed in wasm-runtime@1.1.1 (#2611). Even
19
+ after that wasm-runtime fix, Express consumers were still hitting the
20
+ bug because the broken code was baked into Express's published bundle
21
+ rather than imported transitively at install time.
22
+
23
+ ### Fix
24
+
25
+ tsup `external` now lists `@kya-os/checkpoint-wasm-runtime` (and its
26
+ subpath exports) so the wasm-runtime is loaded via Node's runtime
27
+ resolution rather than inlined at bundle time. Fresh installs of
28
+ checkpoint-express@1.1.2 transitively pull whatever wasm-runtime
29
+ version their dep range resolves — currently 1.1.2 (with all the
30
+ SDK-WASM-Bundler-Loader fixes from 1.1.0 → 1.1.2).
31
+
32
+ Bundle proof:
33
+
34
+ ```
35
+ $ grep -c "function engineVerify" dist/index.mjs
36
+ 0 # ✓ no longer inlined
37
+
38
+ $ grep "from '@kya-os/checkpoint-wasm-runtime" dist/index.mjs
39
+ import { verifyRequest, renderDecisionAsResponse } from '@kya-os/checkpoint-wasm-runtime/orchestrator';
40
+ import { makeSystemClock, ... } from '@kya-os/checkpoint-wasm-runtime/adapters';
41
+ ```
42
+
43
+ ### Surfaced by
44
+
45
+ Bench-Before-After-1 §3.8 pivot — when the Next.js bench-new path
46
+ proved unstable (see [#2618 SDK-Next.js-Integration-Audit-1](https://github.com/Know-That-Ai/agent-shield/issues/2618)),
47
+ the architect pivoted to Express. Local smoke against the freshly-
48
+ cloned `sites/express-bench-new` immediately hit `(void 0) is not a
49
+ function` in the bundled engineVerify — exposed Express's stale-bundle
50
+ issue that the Next.js path had hidden behind its own bundling layers.
51
+
52
+ ### Followup
53
+
54
+ SDK-Next.js-Integration-Audit-1 (#2618) Option B (wasm-bindgen `--target
55
+ bundler`) will eventually let all consumers either bundle or externalize
56
+ wasm-runtime without the (void 0) class of bug. Until then, externalizing
57
+ at the consumer-package level is the right defense.
58
+
59
+ ---
60
+
3
61
  ## 1.1.1 — 2026-05-17
4
62
 
5
63
  Companion patch to `@kya-os/checkpoint-wasm-runtime@1.1.0`. Express
package/dist/index.d.mts CHANGED
@@ -1,7 +1,7 @@
1
1
  import { Request, RequestHandler, Response, NextFunction } from 'express';
2
2
  import { DidResolverAdapter, StatusListCacheAdapter, ReputationOracleAdapter, PolicyEvaluatorAdapter } from '@kya-os/checkpoint-wasm-runtime/adapters';
3
3
  import { EnforcementMode, VerifyResult } from '@kya-os/checkpoint-wasm-runtime/engine';
4
- import { DetectionResult, AgentShieldConfig } from '@kya-os/checkpoint-shared';
4
+ import { DetectionResult, AgentShieldConfig, DetectionDetail } from '@kya-os/checkpoint-shared';
5
5
  export { DEFAULT_POLICY, ENFORCEMENT_ACTIONS, PolicyConfig, PolicyEvaluationContext, PolicyEvaluationResult, createEvaluationContext, evaluatePolicy } from '@kya-os/checkpoint-shared';
6
6
  export { PolicyMiddlewareConfig, applyPolicy, createContextFromDetection, evaluatePolicyForDetection, getPolicy, handlePolicyDecision, sendBlockedResponse, sendRedirectResponse } from './policy.mjs';
7
7
 
@@ -230,7 +230,7 @@ declare class ExpressSessionTracker {
230
230
  /**
231
231
  * Track a new session in Express response
232
232
  */
233
- track(res: Response, result: DetectionResult): void;
233
+ track(res: Response, result: DetectionDetail): void;
234
234
  /**
235
235
  * Generate a simple ID without crypto dependency
236
236
  */
package/dist/index.d.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  import { Request, RequestHandler, Response, NextFunction } from 'express';
2
2
  import { DidResolverAdapter, StatusListCacheAdapter, ReputationOracleAdapter, PolicyEvaluatorAdapter } from '@kya-os/checkpoint-wasm-runtime/adapters';
3
3
  import { EnforcementMode, VerifyResult } from '@kya-os/checkpoint-wasm-runtime/engine';
4
- import { DetectionResult, AgentShieldConfig } from '@kya-os/checkpoint-shared';
4
+ import { DetectionResult, AgentShieldConfig, DetectionDetail } from '@kya-os/checkpoint-shared';
5
5
  export { DEFAULT_POLICY, ENFORCEMENT_ACTIONS, PolicyConfig, PolicyEvaluationContext, PolicyEvaluationResult, createEvaluationContext, evaluatePolicy } from '@kya-os/checkpoint-shared';
6
6
  export { PolicyMiddlewareConfig, applyPolicy, createContextFromDetection, evaluatePolicyForDetection, getPolicy, handlePolicyDecision, sendBlockedResponse, sendRedirectResponse } from './policy.js';
7
7
 
@@ -230,7 +230,7 @@ declare class ExpressSessionTracker {
230
230
  /**
231
231
  * Track a new session in Express response
232
232
  */
233
- track(res: Response, result: DetectionResult): void;
233
+ track(res: Response, result: DetectionDetail): void;
234
234
  /**
235
235
  * Generate a simple ID without crypto dependency
236
236
  */