@kya-os/checkpoint-nextjs 1.0.0

package/dist/middleware-node.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/adapt.ts","../src/translate.ts","../src/middleware-node.ts"],"names":[],"mappings":";;;;;;AA4CO,SAAS,mBAAA,CAAoB,UAA4B,GAAA,EAAgC;AAC9F,EAAA,MAAM,iBAAA,GAAoB,WAAA,CAAY,GAAA,CAAI,OAAO,CAAA;AACjD,EAAA,MAAM,aAAA,GAAgB,oBAAoB,QAAQ,CAAA;AAClD,EAAA,MAAM,KAAA,GAAQ,qBAAA,CAAsB,QAAA,EAAU,iBAAiB,CAAA;AAE/D,EAAA,QAAQ,KAAA;AAAO,IACb,KAAK,cAAA,EAAgB;AAEnB,MAAA,MAAM,GAAA,GAAM,aAAa,IAAA,EAAK;AAC9B,MAAA,YAAA,CAAa,GAAA,EAAK,SAAS,OAAO,CAAA;AAClC,MAAA,gBAAA,CAAiB,KAAK,aAAa,CAAA;AACnC,MAAA,OAAO,GAAA;AAAA,IACT;AAAA,IAEA,KAAK,UAAA,EAAY;AAEf,MAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,QAAA,CAAS,QAAQ,QAAS,CAAA;AACjD,MAAA,MAAM,GAAA,GAAM,YAAA,CAAa,QAAA,CAAS,MAAM,CAAA;AACxC,MAAA,YAAA,CAAa,GAAA,EAAK,SAAS,OAAO,CAAA;AAClC,MAAA,gBAAA,CAAiB,KAAK,aAAa,CAAA;AACnC,MAAA,OAAO,GAAA;AAAA,IACT;AAAA,IAEA,KAAK,YAAA,EAAc;AAIjB,MAAA,MAAM,UAAA,GAAa,IAAI,GAAA,CAAI,YAAA,EAAc,IAAI,GAAG,CAAA;AAChD,MAAA,MAAM,MAAM,YAAA,CAAa,OAAA,CAAQ,YAAY,EAAE,MAAA,EAAQ,KAAK,CAAA;AAC5D,MAAA,YAAA,CAAa,GAAA,EAAK,SAAS,OAAO,CAAA;AAClC,MAAA,gBAAA,CAAiB,KAAK,aAAa,CAAA;AACnC,MAAA,OAAO,GAAA;AAAA,IACT;AAAA,IAEA,KAAK,YAAA,EAAc;AAKjB,MAAA,MAAM,IAAA,GAAO,QAAA,CAAS,IAAA,IAAQ,EAAC;AAC/B,MAAA,MAAM,GAAA,GAAM,aAAa,IAAA,CAAK,IAAA,EAAM,EAAE,MAAA,EAAQ,QAAA,CAAS,QAAkB,CAAA;AACzE,MAAA,YAAA,CAAa,GAAA,EAAK,SAAS,OAAO,CAAA;AAClC,MAAA,gBAAA,CAAiB,KAAK,aAAa,CAAA;AACnC,MAAA,OAAO,GAAA;AAAA,IACT;AAAA;AAEJ;AAUA,SAAS,gBAAA,CAAiB,KAAmB,KAAA,EAAqB;AAKhE,EAAA,GAAA,CAAI,QAAQ,GAAA,CAAI;AAAA,IACd,IAAA,EAAM,mBAAA;AAAA,IACN,KAAA;AAAA,IACA,IAAA,EAAM,GAAA;AAAA,IACN,QAAA,EAAU,KAAA;AAAA,IACV,QAAA,EAAU;AAAA,GACX,CAAA;AACH;AAEA,SAAS,YAAA,CAAa,KAAmB,OAAA,EAAuC;AAI9E,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,IAAA,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC5B;AACF;;;AC1FO,SAAS,sBAAsB,GAAA,EAAoC;AACxE,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,GAAA,CAAI,GAAG,CAAA;AAC3B,EAAA,OAAO;AAAA,IACL,QAAQ,GAAA,CAAI,MAAA;AAAA;AAAA,IAEZ,GAAA,EAAK,GAAA,CAAI,QAAA,GAAW,GAAA,CAAI,MAAA;AAAA,IACxB,OAAA,EAAS,eAAA,CAAgB,GAAA,CAAI,OAAO,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAKpC,IAAA,EAAM,IAAA;AAAA,IACN,aAAA,EAAe,qBAAqB,GAAG;AAAA,GACzC;AACF;AAUA,SAAS,gBAAgB,OAAA,EAA0C;AACjE,EAAA,MAAM,MAA8B,EAAC;AACrC,EAAA,OAAA,CAAQ,OAAA,CAAQ,CAAC,KAAA,EAAO,GAAA,KAAQ;AAC9B,IAAA,GAAA,CAAI,GAAA,CAAI,WAAA,EAAa,CAAA,GAAI,KAAA;AAAA,EAC3B,CAAC,CAAA;AACD,EAAA,OAAO,GAAA;AACT;AAWA,SAAS,qBAAqB,GAAA,EAAsC;AAClE,EAAA,MAAM,GAAA,GAAM,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,iBAAiB,CAAA;AAC7C,EAAA,IAAI,GAAA,EAAK;AACP,IAAA,MAAM,QAAQ,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,GAAG,IAAA,EAAK;AACtC,IAAA,IAAI,OAAO,OAAO,KAAA;AAAA,EACpB;AAGA,EAAA,MAAM,UAAW,GAAA,CAAmC,EAAA;AACpD,EAAA,OAAO,OAAA;AACT;;;ACkCO,SAAS,eACd,MAAA,EAC6C;AAC7C,EAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AACnC,EAAA,OAAO,eAAe,qBAAqB,GAAA,EAAyC;AAClF,IAAA,MAAM,QAAA,GAAW,sBAAsB,GAAG,CAAA;AAC1C,IAAA,MAAM,MAAA,GAAS,MAAM,aAAA,CAAc,QAAA,EAAU,IAAI,CAAA;AACjD,IAAA,MAAM,gBAAA,CAAiB,MAAA,EAAQ,MAAA,EAAQ,GAAG,CAAA;AAC1C,IAAA,MAAM,QAAA,GAAW,yBAAyB,MAAM,CAAA;AAChD,IAAA,OAAO,mBAAA,CAAoB,UAAU,GAAG,CAAA;AAAA,EAC1C,CAAA;AACF;AAOA,SAAS,gBAAgB,MAAA,EAA0B;AACjD,EAAA,MAAM,SAAA,GAAY,MAAA,CAAO,QAAA,IAAY,EAAC;AACtC,EAAA,OAAO;AAAA,IACL,WAAA,EAAa,SAAA,CAAU,WAAA,IAAe,eAAA,EAAgB;AAAA,IACtD,eAAA,EAAiB,SAAA,CAAU,eAAA,IAAmB,mBAAA,EAAoB;AAAA,IAClE,gBAAA,EACE,UAAU,gBAAA,IAAoB,oBAAA,CAAqB,EAAE,QAAA,EAAU,MAAA,CAAO,UAAU,CAAA;AAAA,IAClF,eAAA,EACE,UAAU,eAAA,IAAmB,mBAAA,CAAoB,EAAE,YAAA,EAAc,MAAA,CAAO,cAAc,CAAA;AAAA,IACxF,OAAO,eAAA,EAAgB;AAAA,IACvB,YAAY,MAAA,CAAO,UAAA;AAAA,IACnB,eAAA,EAAiB,OAAO,eAAA,IAAmB,SAAA;AAAA,IAC3C,oBAAoB,MAAA,CAAO,kBAAA;AAAA,IAC3B,UAAU,MAAA,CAAO;AAAA,GACnB;AACF;AAEA,eAAe,gBAAA,CACb,MAAA,EACA,MAAA,EACA,GAAA,EACe;AACf,EAAA,IAAI,CAAC,OAAO,QAAA,EAAU;AACtB,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,CAAO,QAAA,CAAS,MAAA,EAAQ,GAAG,CAAA;AAAA,EACnC,CAAA,CAAA,MAAQ;AAAA,EAGR;AACF","file":"middleware-node.mjs","sourcesContent":["/**\n * D.3 — `RenderedResponse` → `NextResponse` adapter.\n *\n * The host wrapper's *only* job on the outbound path: take the\n * transport-agnostic `RenderedResponse` Phase C's\n * `renderDecisionAsResponse` produces and translate it to a\n * `NextResponse`. Zero verdict decisions, zero engine I/O.\n *\n * Shared between the Node-runtime and Edge-runtime entries. The\n * branching here is identical in both — Next.js `NextResponse` has the\n * same API surface across runtimes; only the underlying response\n * primitive differs (Node http.ServerResponse vs Edge `Response`).\n *\n * Architectural pins per architect § 4.3 / § 4.4:\n *\n *   1. **Verdict-cookie format is contract.** Sites-1's Sonner toast\n *      depends on `__checkpoint_verdict=%7B%22verdict%22%3A%22<v>%22...\n *      %7D` (single URL-encoded JSON). Byte-format pinned by adapt.test.\n *\n *   2. **HTML-accepting clients → `/blocked` rewrite at status 200**\n *      (so the page renders with the verdict cookie set; Sonner picks\n *      up the cookie and shows the toast). Non-HTML clients → JSON 4xx.\n *\n *   3. **`X-Checkpoint-Engine` carries `result.engineInfo.name`** —\n *      `checkpoint-engine-wasm` after Phase D ships. Brian's Sites-2\n *      deviation note confirmed the `X-Checkpoint-*` prefix is canon.\n */\n\nimport { type NextRequest, NextResponse } from 'next/server';\n\nimport type { RenderedResponse } from '@kya-os/checkpoint-wasm-runtime/orchestrator';\nimport {\n  VERDICT_COOKIE_NAME,\n  BLOCKED_PATH,\n  encodeVerdictCookie,\n  acceptsHtml,\n  classifyResponseShape,\n} from '@kya-os/checkpoint-shared';\n\n/**\n * Convert the engine's transport-agnostic `RenderedResponse` into a\n * `NextResponse`. Sites-1's Playwright suite is the regression gate;\n * any drift here is caught downstream.\n */\nexport function adaptToNextResponse(rendered: RenderedResponse, req: NextRequest): NextResponse {\n  const clientAcceptsHtml = acceptsHtml(req.headers);\n  const verdictCookie = encodeVerdictCookie(rendered);\n  const shape = classifyResponseShape(rendered, clientAcceptsHtml);\n\n  switch (shape) {\n    case 'pass-through': {\n      // Permit OR Observe-mode any-verdict.\n      const res = NextResponse.next();\n      applyHeaders(res, rendered.headers);\n      setVerdictCookie(res, verdictCookie);\n      return res;\n    }\n\n    case 'redirect': {\n      // Decision::Redirect → 302 + Location.\n      const target = new URL(rendered.headers.Location!);\n      const res = NextResponse.redirect(target);\n      applyHeaders(res, rendered.headers);\n      setVerdictCookie(res, verdictCookie);\n      return res;\n    }\n\n    case 'html-block': {\n      // Sites-1 contract: HTML clients (browsers) need a renderable page\n      // to show the rejection UI. The verdict cookie carries the reason;\n      // the /blocked route reads it and renders the toast.\n      const blockedUrl = new URL(BLOCKED_PATH, req.url);\n      const res = NextResponse.rewrite(blockedUrl, { status: 200 });\n      applyHeaders(res, rendered.headers);\n      setVerdictCookie(res, verdictCookie);\n      return res;\n    }\n\n    case 'json-block': {\n      // The orchestrator's RenderedResponse already supplies the correct\n      // status (401/403/422/...); we just need to materialise the body.\n      // application/problem+json (Instruct) uses the Content-Type from\n      // rendered.headers; defaults to application/json for everything else.\n      const body = rendered.body ?? {};\n      const res = NextResponse.json(body, { status: rendered.status as number });\n      applyHeaders(res, rendered.headers);\n      setVerdictCookie(res, verdictCookie);\n      return res;\n    }\n  }\n}\n\n// -----------------------------------------------------------------------------\n// Helpers — Next.js-specific glue. The framework-agnostic primitives\n// (encodeVerdictCookie, acceptsHtml, classifyResponseShape,\n// VERDICT_COOKIE_NAME, BLOCKED_PATH) live in `@kya-os/checkpoint-shared`\n// so checkpoint-express + future host wrappers produce byte-identical\n// cookies and route HTML/JSON branching the same way.\n// -----------------------------------------------------------------------------\n\nfunction setVerdictCookie(res: NextResponse, value: string): void {\n  // Path / SameSite / HttpOnly chosen for the Sonner-bridge use case:\n  // path=/ so any route can read it, SameSite=Lax so first-party\n  // navigations carry it, HttpOnly=false so the client-side toast JS\n  // can read it (it's verdict UX, not a session token).\n  res.cookies.set({\n    name: VERDICT_COOKIE_NAME,\n    value,\n    path: '/',\n    sameSite: 'lax',\n    httpOnly: false,\n  });\n}\n\nfunction applyHeaders(res: NextResponse, headers: Record<string, string>): void {\n  // NextResponse.next() / rewrite() / json() return responses with\n  // some default headers; orchestrator headers (X-Checkpoint-*, Location)\n  // override. We don't strip pre-existing headers — only set new ones.\n  for (const [key, value] of Object.entries(headers)) {\n    res.headers.set(key, value);\n  }\n}\n","/**\n * D.2 — `NextRequest` → `IncomingHttpLike` translator.\n *\n * The host wrapper's *only* job on the inbound path: take Next.js's\n * native request shape and produce the transport-agnostic\n * `IncomingHttpLike` Phase C's orchestrator consumes. Zero verification\n * logic, zero adapter calls, zero engine I/O.\n *\n * Shared between the Node-runtime and Edge-runtime entries. Next.js\n * `NextRequest` is the same shape in both runtimes — `req.headers` is\n * a `Headers` instance, `req.body` is a `ReadableStream`, `req.ip` is\n * a getter (only present in some deployment surfaces; fall back to\n * `x-forwarded-for` first IP).\n */\n\nimport type { NextRequest } from 'next/server';\n\nimport type { IncomingHttpLike } from '@kya-os/checkpoint-wasm-runtime/orchestrator';\n\n/**\n * Translate a Next.js `NextRequest` into the orchestrator's\n * `IncomingHttpLike` shape.\n *\n * The body is passed through as-is — the orchestrator's\n * `buildAgentRequest` decides whether to parse JSON (looking for an\n * MCP-I `_meta.proof.jws` envelope) or treat the request as PlainHttp.\n * On Next.js middleware the body is typically not pre-parsed; consumers\n * who want to inspect the body for routing decisions should `await\n * req.json()` themselves and pass the parsed result via a second\n * `verifyRequest` call (not common).\n */\nexport function nextRequestToHttpLike(req: NextRequest): IncomingHttpLike {\n  const url = new URL(req.url);\n  return {\n    method: req.method,\n    // Path + query only — orchestrator's URL parsing expects no scheme/host.\n    url: url.pathname + url.search,\n    headers: headersToRecord(req.headers),\n    // NextRequest.body is a ReadableStream; we don't drain it here.\n    // The orchestrator routes to PlainHttp when body is falsy, which\n    // is the right call for streaming middlewares that don't want to\n    // buffer the request body just to detect agents.\n    body: null,\n    remoteAddress: extractRemoteAddress(req),\n  };\n}\n\n/**\n * Convert a `Headers` instance into a lowercase-keyed plain object.\n * HTTP header names are case-insensitive (RFC 9110 § 5.1); the\n * orchestrator does case-sensitive lookups, so we normalise to\n * lowercase here. Multi-value headers (Set-Cookie, Accept) are\n * surfaced as their `Headers.get()` view — a single string with\n * comma-joined values, matching what other host adapters produce.\n */\nfunction headersToRecord(headers: Headers): Record<string, string> {\n  const out: Record<string, string> = {};\n  headers.forEach((value, key) => {\n    out[key.toLowerCase()] = value;\n  });\n  return out;\n}\n\n/**\n * Pull the originating client IP, preferring `x-forwarded-for`'s first\n * entry over `NextRequest.ip` (the latter is only populated on Vercel-\n * hosted deployments and is missing on self-hosted Next.js + nginx /\n * Fly.io / docker-compose surfaces). The `x-forwarded-for` first IP is\n * the closest the request has come to a load balancer's \"trust this is\n * the real client\" attestation — same convention as nginx, Caddy,\n * Cloudflare.\n */\nfunction extractRemoteAddress(req: NextRequest): string | undefined {\n  const xff = req.headers.get('x-forwarded-for');\n  if (xff) {\n    const first = xff.split(',')[0]?.trim();\n    if (first) return first;\n  }\n  // `req.ip` is typed but may be undefined off-Vercel.\n  // Use `unknown` cast to avoid the type-narrowing optimism.\n  const maybeIp = (req as unknown as { ip?: string }).ip;\n  return maybeIp;\n}\n","/**\n * D.1 + D.3 — Node-runtime Next.js middleware entry.\n *\n * The host wrapper that composes Phase B adapters + Phase C\n * `verifyRequest` (sync engine) + Phase D translate/adapt into the\n * `withCheckpoint(config)` factory. Mounted under Vercel Node-runtime\n * serverless functions and long-lived Node servers.\n *\n * For Vercel Edge runtime (the Next.js middleware default), customers\n * import from `./edge` or `@kya-os/checkpoint-nextjs/edge` — that\n * variant uses `verifyRequestEdge` (async-init) and is otherwise\n * structurally identical. Both share `translate.ts` + `adapt.ts`.\n *\n * **Public API contract (architect § 4.1 — preserved):**\n *\n *   - `withCheckpoint(config)` — factory returning the middleware.\n *   - `CheckpointConfig` — the config shape; new fields are additive.\n *\n * Internal implementation gutted, external contract held. Sites-1's\n * Playwright suite is the regression gate.\n */\n\nimport { type NextRequest, type NextResponse } from 'next/server';\n\nimport {\n  renderDecisionAsResponse,\n  verifyRequest,\n} from '@kya-os/checkpoint-wasm-runtime/orchestrator';\nimport {\n  makeDidResolver,\n  makePolicyEvaluator,\n  makeReputationOracle,\n  makeStatusListCache,\n  makeSystemClock,\n  type DidResolverAdapter,\n  type PolicyEvaluatorAdapter,\n  type ReputationOracleAdapter,\n  type StatusListCacheAdapter,\n} from '@kya-os/checkpoint-wasm-runtime/adapters';\nimport type { EnforcementMode, VerifyResult } from '@kya-os/checkpoint-wasm-runtime/engine';\n\nimport { adaptToNextResponse } from './adapt';\nimport { nextRequestToHttpLike } from './translate';\n\n/**\n * Configuration for `withCheckpoint`.\n *\n * The new minimal shape Phase D's middleware needs. Legacy\n * `AgentShieldMiddlewareConfig` (from `./api-middleware`) remains\n * exported during the deprecation window — see D.4 cutover.\n */\nexport interface CheckpointConfig {\n  /**\n   * Tenant identifier — typically the customer's dashboard hostname\n   * (e.g. `acme.checkpoint.example`). The PolicyEvaluator uses this\n   * to look up tenant policy from the dashboard.\n   */\n  tenantHost: string;\n\n  /**\n   * `'enforce'` (default) blocks; `'observe'` passes everything\n   * through with `X-Checkpoint-Would-Have-Been` headers. Per Phase 0.2.\n   */\n  enforcementMode?: EnforcementMode;\n\n  /**\n   * Argus reputation oracle base URL. Omit to use the trust-by-default\n   * baseline (reputation defaults to 1.0; orchestrator logs a one-shot\n   * warning at first request).\n   */\n  argusUrl?: string;\n\n  /**\n   * Dashboard base URL for the PolicyEvaluator to fetch tenant policy\n   * from. Omit to use the open-by-default tenant policy.\n   */\n  dashboardUrl?: string;\n\n  /**\n   * Returned to the PolicyEvaluator for anonymous requests (no agent\n   * DID). Default 1.0 (trust-by-default).\n   */\n  reputationBaseline?: number;\n\n  /**\n   * Pre-built adapter instances. Production deployments use the\n   * factory-built defaults from `@kya-os/checkpoint-wasm-runtime/adapters`;\n   * tests use stubs. The factory composes any provided overrides over\n   * defaults — partial overrides are supported.\n   */\n  adapters?: Partial<{\n    didResolver: DidResolverAdapter;\n    statusListCache: StatusListCacheAdapter;\n    reputationOracle: ReputationOracleAdapter;\n    policyEvaluator: PolicyEvaluatorAdapter;\n  }>;\n\n  /**\n   * Optional callback for the post-verdict path — fires after every\n   * verification, regardless of permit/block, with the full\n   * `VerifyResult`. Use for logging, dashboards, telemetry. Errors\n   * thrown here are swallowed so user code can't break the middleware\n   * response.\n   */\n  onResult?: (result: VerifyResult, req: NextRequest) => void | Promise<void>;\n}\n\n/**\n * Build the Checkpoint middleware. Returns a function `(req) => NextResponse`\n * suitable for `export default withCheckpoint({...})` in `middleware.ts`.\n *\n * Every verification decision flows through the Rust `kya-os-engine`\n * via WASM. The TS layer translates request shape, calls\n * `verifyRequest`, and translates the verdict to `NextResponse`. No\n * verification logic lives in this file.\n */\nexport function withCheckpoint(\n  config: CheckpointConfig\n): (req: NextRequest) => Promise<NextResponse> {\n  const opts = buildVerifyOpts(config);\n  return async function checkpointMiddleware(req: NextRequest): Promise<NextResponse> {\n    const httpLike = nextRequestToHttpLike(req);\n    const result = await verifyRequest(httpLike, opts);\n    await dispatchOnResult(config, result, req);\n    const rendered = renderDecisionAsResponse(result);\n    return adaptToNextResponse(rendered, req);\n  };\n}\n\n/**\n * Compose adapter defaults with caller-supplied overrides. Factored\n * out so the Edge entry (which uses the same composition) can reuse\n * the shape.\n */\nfunction buildVerifyOpts(config: CheckpointConfig) {\n  const overrides = config.adapters ?? {};\n  return {\n    didResolver: overrides.didResolver ?? makeDidResolver(),\n    statusListCache: overrides.statusListCache ?? makeStatusListCache(),\n    reputationOracle:\n      overrides.reputationOracle ?? makeReputationOracle({ argusUrl: config.argusUrl }),\n    policyEvaluator:\n      overrides.policyEvaluator ?? makePolicyEvaluator({ dashboardUrl: config.dashboardUrl }),\n    clock: makeSystemClock(),\n    tenantHost: config.tenantHost,\n    enforcementMode: config.enforcementMode ?? 'enforce',\n    reputationBaseline: config.reputationBaseline,\n    argusUrl: config.argusUrl,\n  };\n}\n\nasync function dispatchOnResult(\n  config: CheckpointConfig,\n  result: VerifyResult,\n  req: NextRequest\n): Promise<void> {\n  if (!config.onResult) return;\n  try {\n    await config.onResult(result, req);\n  } catch {\n    // Swallow — onResult is observability, not verdict-critical.\n    // Verdict already computed; let the response proceed.\n  }\n}\n\n// Re-export the shared opts builder for the Edge entry. Internal seam;\n// not part of the public surface.\nexport { buildVerifyOpts as _buildVerifyOpts };\n"]}

package/dist/middleware.d.mts

@@ -0,0 +1,36 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { N as NextJSMiddlewareConfig } from './types-C-xCUNTr.mjs';
+import '@kya-os/checkpoint-shared';
+import '@kya-os/checkpoint';
+
+/**
+ * @deprecated Phase D — legacy TS-pattern-matching middleware path is
+ * gone. This file now exists only to preserve the historical export
+ * surface (`createAgentShieldMiddleware`, `agentShield`) at compile
+ * time. Calling either function throws a clear migration error.
+ *
+ * Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs`
+ * (Node runtime) or `@kya-os/checkpoint-nextjs/edge` (Edge runtime).
+ * The new factory accepts a `CheckpointConfig` and routes every
+ * verification through the Rust `kya-os-engine` via WASM. See the
+ * package CHANGELOG for the recipe.
+ *
+ * Architect Q10 deletion ratification — the 600-line TS pattern
+ * matcher (`edge-detector-wrapper.ts`) was removed in Phase D's
+ * cutover. The new path is structurally simpler and decisive: one
+ * engine, one verdict, every runtime.
+ */
+
+/**
+ * @deprecated Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs`.
+ * Throws on invocation; surface exists only so static analysis sees
+ * the historical export.
+ */
+declare function createAgentShieldMiddleware(_config?: Partial<NextJSMiddlewareConfig>): (request: NextRequest) => Promise<NextResponse>;
+/**
+ * @deprecated Alias of the deprecated `createAgentShieldMiddleware`.
+ * Migrate to `withCheckpoint`.
+ */
+declare function agentShield(config?: Partial<NextJSMiddlewareConfig>): (request: NextRequest) => Promise<NextResponse>;
+
+export { agentShield, createAgentShieldMiddleware };

package/dist/middleware.d.ts

@@ -0,0 +1,36 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { N as NextJSMiddlewareConfig } from './types-C-xCUNTr.js';
+import '@kya-os/checkpoint-shared';
+import '@kya-os/checkpoint';
+
+/**
+ * @deprecated Phase D — legacy TS-pattern-matching middleware path is
+ * gone. This file now exists only to preserve the historical export
+ * surface (`createAgentShieldMiddleware`, `agentShield`) at compile
+ * time. Calling either function throws a clear migration error.
+ *
+ * Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs`
+ * (Node runtime) or `@kya-os/checkpoint-nextjs/edge` (Edge runtime).
+ * The new factory accepts a `CheckpointConfig` and routes every
+ * verification through the Rust `kya-os-engine` via WASM. See the
+ * package CHANGELOG for the recipe.
+ *
+ * Architect Q10 deletion ratification — the 600-line TS pattern
+ * matcher (`edge-detector-wrapper.ts`) was removed in Phase D's
+ * cutover. The new path is structurally simpler and decisive: one
+ * engine, one verdict, every runtime.
+ */
+
+/**
+ * @deprecated Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs`.
+ * Throws on invocation; surface exists only so static analysis sees
+ * the historical export.
+ */
+declare function createAgentShieldMiddleware(_config?: Partial<NextJSMiddlewareConfig>): (request: NextRequest) => Promise<NextResponse>;
+/**
+ * @deprecated Alias of the deprecated `createAgentShieldMiddleware`.
+ * Migrate to `withCheckpoint`.
+ */
+declare function agentShield(config?: Partial<NextJSMiddlewareConfig>): (request: NextRequest) => Promise<NextResponse>;
+
+export { agentShield, createAgentShieldMiddleware };

package/dist/middleware.js

@@ -0,0 +1,15 @@
+'use strict';
+
+// src/middleware.ts
+var MIGRATION_ERROR = "@kya-os/checkpoint-nextjs's `createAgentShieldMiddleware` / `agentShield` were deleted in Phase D (engine consolidation). The 600-line TS pattern matcher that backed them is gone. Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs` (Node runtime) or `@kya-os/checkpoint-nextjs/edge` (Edge runtime). See packages/checkpoint-nextjs/CHANGELOG.md (1.0.0) for the recipe.";
+function createAgentShieldMiddleware(_config = {}) {
+  throw new Error(MIGRATION_ERROR);
+}
+function agentShield(config = {}) {
+  return createAgentShieldMiddleware(config);
+}
+
+exports.agentShield = agentShield;
+exports.createAgentShieldMiddleware = createAgentShieldMiddleware;
+//# sourceMappingURL=middleware.js.map
+//# sourceMappingURL=middleware.js.map

package/dist/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/middleware.ts"],"names":[],"mappings":";;;AAsBA,IAAM,eAAA,GACJ,yXAAA;AAYK,SAAS,2BAAA,CACd,OAAA,GAA2C,EAAC,EACK;AACjD,EAAA,MAAM,IAAI,MAAM,eAAe,CAAA;AACjC;AAMO,SAAS,WAAA,CACd,MAAA,GAA0C,EAAC,EACM;AACjD,EAAA,OAAO,4BAA4B,MAAM,CAAA;AAC3C","file":"middleware.js","sourcesContent":["/**\n * @deprecated Phase D — legacy TS-pattern-matching middleware path is\n * gone. This file now exists only to preserve the historical export\n * surface (`createAgentShieldMiddleware`, `agentShield`) at compile\n * time. Calling either function throws a clear migration error.\n *\n * Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs`\n * (Node runtime) or `@kya-os/checkpoint-nextjs/edge` (Edge runtime).\n * The new factory accepts a `CheckpointConfig` and routes every\n * verification through the Rust `kya-os-engine` via WASM. See the\n * package CHANGELOG for the recipe.\n *\n * Architect Q10 deletion ratification — the 600-line TS pattern\n * matcher (`edge-detector-wrapper.ts`) was removed in Phase D's\n * cutover. The new path is structurally simpler and decisive: one\n * engine, one verdict, every runtime.\n */\n\nimport type { NextRequest, NextResponse } from 'next/server';\n\nimport type { NextJSMiddlewareConfig } from './types';\n\nconst MIGRATION_ERROR =\n  \"@kya-os/checkpoint-nextjs's `createAgentShieldMiddleware` / `agentShield` \" +\n  'were deleted in Phase D (engine consolidation). The 600-line TS pattern ' +\n  'matcher that backed them is gone. Migrate to `withCheckpoint` from ' +\n  '`@kya-os/checkpoint-nextjs` (Node runtime) or ' +\n  '`@kya-os/checkpoint-nextjs/edge` (Edge runtime). ' +\n  'See packages/checkpoint-nextjs/CHANGELOG.md (1.0.0) for the recipe.';\n\n/**\n * @deprecated Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs`.\n * Throws on invocation; surface exists only so static analysis sees\n * the historical export.\n */\nexport function createAgentShieldMiddleware(\n  _config: Partial<NextJSMiddlewareConfig> = {}\n): (request: NextRequest) => Promise<NextResponse> {\n  throw new Error(MIGRATION_ERROR);\n}\n\n/**\n * @deprecated Alias of the deprecated `createAgentShieldMiddleware`.\n * Migrate to `withCheckpoint`.\n */\nexport function agentShield(\n  config: Partial<NextJSMiddlewareConfig> = {}\n): (request: NextRequest) => Promise<NextResponse> {\n  return createAgentShieldMiddleware(config);\n}\n"]}

package/dist/middleware.mjs

@@ -0,0 +1,12 @@
+// src/middleware.ts
+var MIGRATION_ERROR = "@kya-os/checkpoint-nextjs's `createAgentShieldMiddleware` / `agentShield` were deleted in Phase D (engine consolidation). The 600-line TS pattern matcher that backed them is gone. Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs` (Node runtime) or `@kya-os/checkpoint-nextjs/edge` (Edge runtime). See packages/checkpoint-nextjs/CHANGELOG.md (1.0.0) for the recipe.";
+function createAgentShieldMiddleware(_config = {}) {
+  throw new Error(MIGRATION_ERROR);
+}
+function agentShield(config = {}) {
+  return createAgentShieldMiddleware(config);
+}
+
+export { agentShield, createAgentShieldMiddleware };
+//# sourceMappingURL=middleware.mjs.map
+//# sourceMappingURL=middleware.mjs.map

package/dist/middleware.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/middleware.ts"],"names":[],"mappings":";AAsBA,IAAM,eAAA,GACJ,yXAAA;AAYK,SAAS,2BAAA,CACd,OAAA,GAA2C,EAAC,EACK;AACjD,EAAA,MAAM,IAAI,MAAM,eAAe,CAAA;AACjC;AAMO,SAAS,WAAA,CACd,MAAA,GAA0C,EAAC,EACM;AACjD,EAAA,OAAO,4BAA4B,MAAM,CAAA;AAC3C","file":"middleware.mjs","sourcesContent":["/**\n * @deprecated Phase D — legacy TS-pattern-matching middleware path is\n * gone. This file now exists only to preserve the historical export\n * surface (`createAgentShieldMiddleware`, `agentShield`) at compile\n * time. Calling either function throws a clear migration error.\n *\n * Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs`\n * (Node runtime) or `@kya-os/checkpoint-nextjs/edge` (Edge runtime).\n * The new factory accepts a `CheckpointConfig` and routes every\n * verification through the Rust `kya-os-engine` via WASM. See the\n * package CHANGELOG for the recipe.\n *\n * Architect Q10 deletion ratification — the 600-line TS pattern\n * matcher (`edge-detector-wrapper.ts`) was removed in Phase D's\n * cutover. The new path is structurally simpler and decisive: one\n * engine, one verdict, every runtime.\n */\n\nimport type { NextRequest, NextResponse } from 'next/server';\n\nimport type { NextJSMiddlewareConfig } from './types';\n\nconst MIGRATION_ERROR =\n  \"@kya-os/checkpoint-nextjs's `createAgentShieldMiddleware` / `agentShield` \" +\n  'were deleted in Phase D (engine consolidation). The 600-line TS pattern ' +\n  'matcher that backed them is gone. Migrate to `withCheckpoint` from ' +\n  '`@kya-os/checkpoint-nextjs` (Node runtime) or ' +\n  '`@kya-os/checkpoint-nextjs/edge` (Edge runtime). ' +\n  'See packages/checkpoint-nextjs/CHANGELOG.md (1.0.0) for the recipe.';\n\n/**\n * @deprecated Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs`.\n * Throws on invocation; surface exists only so static analysis sees\n * the historical export.\n */\nexport function createAgentShieldMiddleware(\n  _config: Partial<NextJSMiddlewareConfig> = {}\n): (request: NextRequest) => Promise<NextResponse> {\n  throw new Error(MIGRATION_ERROR);\n}\n\n/**\n * @deprecated Alias of the deprecated `createAgentShieldMiddleware`.\n * Migrate to `withCheckpoint`.\n */\nexport function agentShield(\n  config: Partial<NextJSMiddlewareConfig> = {}\n): (request: NextRequest) => Promise<NextResponse> {\n  return createAgentShieldMiddleware(config);\n}\n"]}

package/dist/nodejs-wasm-loader.d.mts

@@ -0,0 +1,25 @@
+/**
+ * Node.js Runtime WASM Loader for AgentShield
+ *
+ * This loader uses fs.readFileSync to load WASM in Node.js runtime.
+ * It provides full cryptographic verification capabilities.
+ */
+/**
+ * Load WASM module using Node.js fs module
+ * This only works in Node.js runtime, not Edge Runtime
+ */
+declare function loadWasmNodejs(): Promise<boolean>;
+/**
+ * Check if we're in Node.js runtime
+ */
+declare function isNodejsRuntime(): boolean;
+/**
+ * Get the loaded WASM module
+ */
+declare function getWasmModule(): WebAssembly.Module | null;
+/**
+ * Check if WASM is initialized
+ */
+declare function isWasmInitialized(): boolean;
+
+export { getWasmModule, isNodejsRuntime, isWasmInitialized, loadWasmNodejs };

package/dist/nodejs-wasm-loader.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Node.js Runtime WASM Loader for AgentShield
+ *
+ * This loader uses fs.readFileSync to load WASM in Node.js runtime.
+ * It provides full cryptographic verification capabilities.
+ */
+/**
+ * Load WASM module using Node.js fs module
+ * This only works in Node.js runtime, not Edge Runtime
+ */
+declare function loadWasmNodejs(): Promise<boolean>;
+/**
+ * Check if we're in Node.js runtime
+ */
+declare function isNodejsRuntime(): boolean;
+/**
+ * Get the loaded WASM module
+ */
+declare function getWasmModule(): WebAssembly.Module | null;
+/**
+ * Check if WASM is initialized
+ */
+declare function isWasmInitialized(): boolean;
+
+export { getWasmModule, isNodejsRuntime, isWasmInitialized, loadWasmNodejs };

package/dist/nodejs-wasm-loader.js

@@ -0,0 +1,95 @@
+'use strict';
+
+var fs = require('fs');
+var path = require('path');
+var checkpoint = require('@kya-os/checkpoint');
+
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+
+var fs__default = /*#__PURE__*/_interopDefault(fs);
+var path__default = /*#__PURE__*/_interopDefault(path);
+
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+var wasmInitialized = false;
+var wasmModule = null;
+async function loadWasmNodejs() {
+  if (wasmInitialized) {
+    return true;
+  }
+  try {
+    const possiblePaths = [
+      // In node_modules (most likely)
+      path__default.default.join(
+        process.cwd(),
+        "node_modules",
+        "@kya-os",
+        "agentshield",
+        "dist",
+        "wasm",
+        "agentshield_wasm_bg.wasm"
+      ),
+      // In project root (if user copied it)
+      path__default.default.join(process.cwd(), "agentshield_wasm_bg.wasm"),
+      // Relative to current file
+      path__default.default.join(
+        __dirname,
+        "..",
+        "..",
+        "..",
+        "agentshield",
+        "dist",
+        "wasm",
+        "agentshield_wasm_bg.wasm"
+      )
+    ];
+    let wasmBuffer = null;
+    let loadedPath = null;
+    for (const wasmPath of possiblePaths) {
+      try {
+        if (fs__default.default.existsSync(wasmPath)) {
+          wasmBuffer = fs__default.default.readFileSync(wasmPath);
+          loadedPath = wasmPath;
+          break;
+        }
+      } catch (e) {
+        continue;
+      }
+    }
+    if (!wasmBuffer) {
+      console.warn("AgentShield: WASM file not found in any expected location");
+      return false;
+    }
+    const bytes = new Uint8Array(wasmBuffer);
+    wasmModule = await WebAssembly.compile(bytes);
+    checkpoint.setWasmModule(wasmModule);
+    wasmInitialized = true;
+    console.log(`\u2705 AgentShield: WASM loaded successfully from ${loadedPath} (Node.js runtime)`);
+    console.log("\u{1F510} Cryptographic verification enabled (95-100% confidence)");
+    return true;
+  } catch (error) {
+    console.warn("\u26A0\uFE0F AgentShield: Failed to load WASM in Node.js runtime:", error);
+    console.log("\u{1F4CA} Falling back to pattern detection (85% confidence)");
+    return false;
+  }
+}
+function isNodejsRuntime() {
+  return typeof process !== "undefined" && typeof process.versions !== "undefined" && typeof process.versions.node !== "undefined" && typeof __require !== "undefined";
+}
+function getWasmModule() {
+  return wasmModule;
+}
+function isWasmInitialized() {
+  return wasmInitialized;
+}
+
+exports.getWasmModule = getWasmModule;
+exports.isNodejsRuntime = isNodejsRuntime;
+exports.isWasmInitialized = isWasmInitialized;
+exports.loadWasmNodejs = loadWasmNodejs;
+//# sourceMappingURL=nodejs-wasm-loader.js.map
+//# sourceMappingURL=nodejs-wasm-loader.js.map

package/dist/nodejs-wasm-loader.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/nodejs-wasm-loader.ts"],"names":["path","fs","setWasmModule"],"mappings":";;;;;;;;;;;;;;;;;AAWA,IAAI,eAAA,GAAkB,KAAA;AACtB,IAAI,UAAA,GAAwC,IAAA;AAM5C,eAAsB,cAAA,GAAmC;AACvD,EAAA,IAAI,eAAA,EAAiB;AACnB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI;AAEF,IAAA,MAAM,aAAA,GAAgB;AAAA;AAAA,MAEpBA,qBAAA,CAAK,IAAA;AAAA,QACH,QAAQ,GAAA,EAAI;AAAA,QACZ,cAAA;AAAA,QACA,SAAA;AAAA,QACA,aAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA;AAAA,OACF;AAAA;AAAA,MAEAA,qBAAA,CAAK,IAAA,CAAK,OAAA,CAAQ,GAAA,IAAO,0BAA0B,CAAA;AAAA;AAAA,MAEnDA,qBAAA,CAAK,IAAA;AAAA,QACH,SAAA;AAAA,QACA,IAAA;AAAA,QACA,IAAA;AAAA,QACA,IAAA;AAAA,QACA,aAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA;AAAA;AACF,KACF;AAEA,IAAA,IAAI,UAAA,GAA4B,IAAA;AAChC,IAAA,IAAI,UAAA,GAA4B,IAAA;AAEhC,IAAA,KAAA,MAAW,YAAY,aAAA,EAAe;AACpC,MAAA,IAAI;AACF,QAAA,IAAIC,mBAAA,CAAG,UAAA,CAAW,QAAQ,CAAA,EAAG;AAC3B,UAAA,UAAA,GAAaA,mBAAA,CAAG,aAAa,QAAQ,CAAA;AACrC,UAAA,UAAA,GAAa,QAAA;AACb,UAAA;AAAA,QACF;AAAA,MACF,SAAS,CAAA,EAAG;AAEV,QAAA;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,OAAA,CAAQ,KAAK,2DAA2D,CAAA;AACxE,MAAA,OAAO,KAAA;AAAA,IACT;AAIA,IAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,UAAU,CAAA;AACvC,IAAA,UAAA,GAAa,MAAM,WAAA,CAAY,OAAA,CAAQ,KAAK,CAAA;AAG5C,IAAAC,wBAAA,CAAc,UAAU,CAAA;AAExB,IAAA,eAAA,GAAkB,IAAA;AAClB,IAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,kDAAA,EAAgD,UAAU,CAAA,kBAAA,CAAoB,CAAA;AAC1F,IAAA,OAAA,CAAQ,IAAI,mEAA4D,CAAA;AAExE,IAAA,OAAO,IAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,IAAA,CAAK,qEAA2D,KAAK,CAAA;AAC7E,IAAA,OAAA,CAAQ,IAAI,8DAAuD,CAAA;AACnE,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAKO,SAAS,eAAA,GAA2B;AACzC,EAAA,OACE,OAAO,OAAA,KAAY,WAAA,IACnB,OAAO,OAAA,CAAQ,QAAA,KAAa,WAAA,IAC5B,OAAO,OAAA,CAAQ,QAAA,CAAS,IAAA,KAAS,WAAA,IACjC,OAAO,SAAA,KAAY,WAAA;AAEvB;AAKO,SAAS,aAAA,GAA2C;AACzD,EAAA,OAAO,UAAA;AACT;AAKO,SAAS,iBAAA,GAA6B;AAC3C,EAAA,OAAO,eAAA;AACT","file":"nodejs-wasm-loader.js","sourcesContent":["/**\n * Node.js Runtime WASM Loader for AgentShield\n *\n * This loader uses fs.readFileSync to load WASM in Node.js runtime.\n * It provides full cryptographic verification capabilities.\n */\n\nimport fs from 'fs';\nimport path from 'path';\nimport { setWasmModule } from '@kya-os/checkpoint';\n\nlet wasmInitialized = false;\nlet wasmModule: WebAssembly.Module | null = null;\n\n/**\n * Load WASM module using Node.js fs module\n * This only works in Node.js runtime, not Edge Runtime\n */\nexport async function loadWasmNodejs(): Promise<boolean> {\n  if (wasmInitialized) {\n    return true;\n  }\n\n  try {\n    // Try multiple possible WASM locations\n    const possiblePaths = [\n      // In node_modules (most likely)\n      path.join(\n        process.cwd(),\n        'node_modules',\n        '@kya-os',\n        'agentshield',\n        'dist',\n        'wasm',\n        'agentshield_wasm_bg.wasm'\n      ),\n      // In project root (if user copied it)\n      path.join(process.cwd(), 'agentshield_wasm_bg.wasm'),\n      // Relative to current file\n      path.join(\n        __dirname,\n        '..',\n        '..',\n        '..',\n        'agentshield',\n        'dist',\n        'wasm',\n        'agentshield_wasm_bg.wasm'\n      ),\n    ];\n\n    let wasmBuffer: Buffer | null = null;\n    let loadedPath: string | null = null;\n\n    for (const wasmPath of possiblePaths) {\n      try {\n        if (fs.existsSync(wasmPath)) {\n          wasmBuffer = fs.readFileSync(wasmPath);\n          loadedPath = wasmPath;\n          break;\n        }\n      } catch (e) {\n        // Try next path\n        continue;\n      }\n    }\n\n    if (!wasmBuffer) {\n      console.warn('AgentShield: WASM file not found in any expected location');\n      return false;\n    }\n\n    // Convert Buffer to Uint8Array for WebAssembly\n    // This is the proper way to handle Buffer -> ArrayBuffer conversion\n    const bytes = new Uint8Array(wasmBuffer);\n    wasmModule = await WebAssembly.compile(bytes);\n\n    // Set the module in AgentShield\n    setWasmModule(wasmModule);\n\n    wasmInitialized = true;\n    console.log(`✅ AgentShield: WASM loaded successfully from ${loadedPath} (Node.js runtime)`);\n    console.log('🔐 Cryptographic verification enabled (95-100% confidence)');\n\n    return true;\n  } catch (error) {\n    console.warn('⚠️ AgentShield: Failed to load WASM in Node.js runtime:', error);\n    console.log('📊 Falling back to pattern detection (85% confidence)');\n    return false;\n  }\n}\n\n/**\n * Check if we're in Node.js runtime\n */\nexport function isNodejsRuntime(): boolean {\n  return (\n    typeof process !== 'undefined' &&\n    typeof process.versions !== 'undefined' &&\n    typeof process.versions.node !== 'undefined' &&\n    typeof require !== 'undefined'\n  );\n}\n\n/**\n * Get the loaded WASM module\n */\nexport function getWasmModule(): WebAssembly.Module | null {\n  return wasmModule;\n}\n\n/**\n * Check if WASM is initialized\n */\nexport function isWasmInitialized(): boolean {\n  return wasmInitialized;\n}\n"]}

package/dist/nodejs-wasm-loader.mjs

@@ -0,0 +1,85 @@
+import fs from 'fs';
+import path from 'path';
+import { setWasmModule } from '@kya-os/checkpoint';
+
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+var wasmInitialized = false;
+var wasmModule = null;
+async function loadWasmNodejs() {
+  if (wasmInitialized) {
+    return true;
+  }
+  try {
+    const possiblePaths = [
+      // In node_modules (most likely)
+      path.join(
+        process.cwd(),
+        "node_modules",
+        "@kya-os",
+        "agentshield",
+        "dist",
+        "wasm",
+        "agentshield_wasm_bg.wasm"
+      ),
+      // In project root (if user copied it)
+      path.join(process.cwd(), "agentshield_wasm_bg.wasm"),
+      // Relative to current file
+      path.join(
+        __dirname,
+        "..",
+        "..",
+        "..",
+        "agentshield",
+        "dist",
+        "wasm",
+        "agentshield_wasm_bg.wasm"
+      )
+    ];
+    let wasmBuffer = null;
+    let loadedPath = null;
+    for (const wasmPath of possiblePaths) {
+      try {
+        if (fs.existsSync(wasmPath)) {
+          wasmBuffer = fs.readFileSync(wasmPath);
+          loadedPath = wasmPath;
+          break;
+        }
+      } catch (e) {
+        continue;
+      }
+    }
+    if (!wasmBuffer) {
+      console.warn("AgentShield: WASM file not found in any expected location");
+      return false;
+    }
+    const bytes = new Uint8Array(wasmBuffer);
+    wasmModule = await WebAssembly.compile(bytes);
+    setWasmModule(wasmModule);
+    wasmInitialized = true;
+    console.log(`\u2705 AgentShield: WASM loaded successfully from ${loadedPath} (Node.js runtime)`);
+    console.log("\u{1F510} Cryptographic verification enabled (95-100% confidence)");
+    return true;
+  } catch (error) {
+    console.warn("\u26A0\uFE0F AgentShield: Failed to load WASM in Node.js runtime:", error);
+    console.log("\u{1F4CA} Falling back to pattern detection (85% confidence)");
+    return false;
+  }
+}
+function isNodejsRuntime() {
+  return typeof process !== "undefined" && typeof process.versions !== "undefined" && typeof process.versions.node !== "undefined" && typeof __require !== "undefined";
+}
+function getWasmModule() {
+  return wasmModule;
+}
+function isWasmInitialized() {
+  return wasmInitialized;
+}
+
+export { getWasmModule, isNodejsRuntime, isWasmInitialized, loadWasmNodejs };
+//# sourceMappingURL=nodejs-wasm-loader.mjs.map
+//# sourceMappingURL=nodejs-wasm-loader.mjs.map

package/dist/nodejs-wasm-loader.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/nodejs-wasm-loader.ts"],"names":[],"mappings":";;;;;;;;;;AAWA,IAAI,eAAA,GAAkB,KAAA;AACtB,IAAI,UAAA,GAAwC,IAAA;AAM5C,eAAsB,cAAA,GAAmC;AACvD,EAAA,IAAI,eAAA,EAAiB;AACnB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI;AAEF,IAAA,MAAM,aAAA,GAAgB;AAAA;AAAA,MAEpB,IAAA,CAAK,IAAA;AAAA,QACH,QAAQ,GAAA,EAAI;AAAA,QACZ,cAAA;AAAA,QACA,SAAA;AAAA,QACA,aAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA;AAAA,OACF;AAAA;AAAA,MAEA,IAAA,CAAK,IAAA,CAAK,OAAA,CAAQ,GAAA,IAAO,0BAA0B,CAAA;AAAA;AAAA,MAEnD,IAAA,CAAK,IAAA;AAAA,QACH,SAAA;AAAA,QACA,IAAA;AAAA,QACA,IAAA;AAAA,QACA,IAAA;AAAA,QACA,aAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA;AAAA;AACF,KACF;AAEA,IAAA,IAAI,UAAA,GAA4B,IAAA;AAChC,IAAA,IAAI,UAAA,GAA4B,IAAA;AAEhC,IAAA,KAAA,MAAW,YAAY,aAAA,EAAe;AACpC,MAAA,IAAI;AACF,QAAA,IAAI,EAAA,CAAG,UAAA,CAAW,QAAQ,CAAA,EAAG;AAC3B,UAAA,UAAA,GAAa,EAAA,CAAG,aAAa,QAAQ,CAAA;AACrC,UAAA,UAAA,GAAa,QAAA;AACb,UAAA;AAAA,QACF;AAAA,MACF,SAAS,CAAA,EAAG;AAEV,QAAA;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,OAAA,CAAQ,KAAK,2DAA2D,CAAA;AACxE,MAAA,OAAO,KAAA;AAAA,IACT;AAIA,IAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,UAAU,CAAA;AACvC,IAAA,UAAA,GAAa,MAAM,WAAA,CAAY,OAAA,CAAQ,KAAK,CAAA;AAG5C,IAAA,aAAA,CAAc,UAAU,CAAA;AAExB,IAAA,eAAA,GAAkB,IAAA;AAClB,IAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,kDAAA,EAAgD,UAAU,CAAA,kBAAA,CAAoB,CAAA;AAC1F,IAAA,OAAA,CAAQ,IAAI,mEAA4D,CAAA;AAExE,IAAA,OAAO,IAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,IAAA,CAAK,qEAA2D,KAAK,CAAA;AAC7E,IAAA,OAAA,CAAQ,IAAI,8DAAuD,CAAA;AACnE,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAKO,SAAS,eAAA,GAA2B;AACzC,EAAA,OACE,OAAO,OAAA,KAAY,WAAA,IACnB,OAAO,OAAA,CAAQ,QAAA,KAAa,WAAA,IAC5B,OAAO,OAAA,CAAQ,QAAA,CAAS,IAAA,KAAS,WAAA,IACjC,OAAO,SAAA,KAAY,WAAA;AAEvB;AAKO,SAAS,aAAA,GAA2C;AACzD,EAAA,OAAO,UAAA;AACT;AAKO,SAAS,iBAAA,GAA6B;AAC3C,EAAA,OAAO,eAAA;AACT","file":"nodejs-wasm-loader.mjs","sourcesContent":["/**\n * Node.js Runtime WASM Loader for AgentShield\n *\n * This loader uses fs.readFileSync to load WASM in Node.js runtime.\n * It provides full cryptographic verification capabilities.\n */\n\nimport fs from 'fs';\nimport path from 'path';\nimport { setWasmModule } from '@kya-os/checkpoint';\n\nlet wasmInitialized = false;\nlet wasmModule: WebAssembly.Module | null = null;\n\n/**\n * Load WASM module using Node.js fs module\n * This only works in Node.js runtime, not Edge Runtime\n */\nexport async function loadWasmNodejs(): Promise<boolean> {\n  if (wasmInitialized) {\n    return true;\n  }\n\n  try {\n    // Try multiple possible WASM locations\n    const possiblePaths = [\n      // In node_modules (most likely)\n      path.join(\n        process.cwd(),\n        'node_modules',\n        '@kya-os',\n        'agentshield',\n        'dist',\n        'wasm',\n        'agentshield_wasm_bg.wasm'\n      ),\n      // In project root (if user copied it)\n      path.join(process.cwd(), 'agentshield_wasm_bg.wasm'),\n      // Relative to current file\n      path.join(\n        __dirname,\n        '..',\n        '..',\n        '..',\n        'agentshield',\n        'dist',\n        'wasm',\n        'agentshield_wasm_bg.wasm'\n      ),\n    ];\n\n    let wasmBuffer: Buffer | null = null;\n    let loadedPath: string | null = null;\n\n    for (const wasmPath of possiblePaths) {\n      try {\n        if (fs.existsSync(wasmPath)) {\n          wasmBuffer = fs.readFileSync(wasmPath);\n          loadedPath = wasmPath;\n          break;\n        }\n      } catch (e) {\n        // Try next path\n        continue;\n      }\n    }\n\n    if (!wasmBuffer) {\n      console.warn('AgentShield: WASM file not found in any expected location');\n      return false;\n    }\n\n    // Convert Buffer to Uint8Array for WebAssembly\n    // This is the proper way to handle Buffer -> ArrayBuffer conversion\n    const bytes = new Uint8Array(wasmBuffer);\n    wasmModule = await WebAssembly.compile(bytes);\n\n    // Set the module in AgentShield\n    setWasmModule(wasmModule);\n\n    wasmInitialized = true;\n    console.log(`✅ AgentShield: WASM loaded successfully from ${loadedPath} (Node.js runtime)`);\n    console.log('🔐 Cryptographic verification enabled (95-100% confidence)');\n\n    return true;\n  } catch (error) {\n    console.warn('⚠️ AgentShield: Failed to load WASM in Node.js runtime:', error);\n    console.log('📊 Falling back to pattern detection (85% confidence)');\n    return false;\n  }\n}\n\n/**\n * Check if we're in Node.js runtime\n */\nexport function isNodejsRuntime(): boolean {\n  return (\n    typeof process !== 'undefined' &&\n    typeof process.versions !== 'undefined' &&\n    typeof process.versions.node !== 'undefined' &&\n    typeof require !== 'undefined'\n  );\n}\n\n/**\n * Get the loaded WASM module\n */\nexport function getWasmModule(): WebAssembly.Module | null {\n  return wasmModule;\n}\n\n/**\n * Check if WASM is initialized\n */\nexport function isWasmInitialized(): boolean {\n  return wasmInitialized;\n}\n"]}

package/dist/policy.d.mts

@@ -0,0 +1,162 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { PolicyConfig, PolicyEvaluationResult, PolicyEvaluationContext, DetectionResult } from '@kya-os/checkpoint-shared';
+export { DEFAULT_POLICY, ENFORCEMENT_ACTIONS, PolicyConfig, PolicyEvaluationContext, PolicyEvaluationResult, createEvaluationContext, evaluatePolicy } from '@kya-os/checkpoint-shared';
+
+/**
+ * Policy Integration for agentshield-nextjs
+ *
+ * This module provides policy evaluation support for the Next.js middleware.
+ * It can use:
+ * - Local policy configuration (static)
+ * - Fetched policy from AgentShield API (dynamic with caching)
+ * - Fallback/default policies
+ *
+ * @example
+ * ```typescript
+ * import { createPolicyMiddleware } from '@kya-os/checkpoint-nextjs/policy';
+ *
+ * export default createPolicyMiddleware({
+ *   policy: {
+ *     enabled: true,
+ *     defaultAction: 'allow',
+ *     thresholds: { confidenceThreshold: 80, confidenceAction: 'block' },
+ *     allowList: [{ clientName: 'ChatGPT' }],
+ *   },
+ * });
+ * ```
+ */
+
+/**
+ * Policy middleware configuration
+ */
+interface PolicyMiddlewareConfig {
+    /**
+     * Local policy configuration (static)
+     * If provided, this policy is used instead of fetching from API
+     */
+    policy?: Partial<PolicyConfig>;
+    /**
+     * Fetch policy from AgentShield API
+     * Requires projectId and optionally an apiKey
+     */
+    fetchPolicy?: {
+        /** Project ID to fetch policy for */
+        projectId: string;
+        /** API base URL (defaults to production) */
+        apiUrl?: string;
+        /** API key for authentication */
+        apiKey?: string;
+        /** Cache TTL in seconds (default: 300) */
+        cacheTtlSeconds?: number;
+    };
+    /**
+     * Fallback policy to use when fetch fails
+     * Defaults to DEFAULT_POLICY (allow all)
+     */
+    fallbackPolicy?: Partial<PolicyConfig>;
+    /**
+     * Custom blocked response
+     */
+    blockedResponse?: {
+        status?: number;
+        message?: string;
+        headers?: Record<string, string>;
+    };
+    /**
+     * Default redirect URL for redirect actions
+     */
+    redirectUrl?: string;
+    /**
+     * Callback when policy decision is made
+     */
+    onPolicyDecision?: (request: NextRequest, decision: PolicyEvaluationResult, context: PolicyEvaluationContext) => void | Promise<void>;
+    /**
+     * Custom response builder for blocked requests
+     */
+    customBlockedResponse?: (request: NextRequest, decision: PolicyEvaluationResult) => NextResponse | Promise<NextResponse>;
+    /**
+     * Whether to fail open (allow) on policy evaluation errors
+     * Default: true (recommended for production)
+     */
+    failOpen?: boolean;
+    /**
+     * Enable debug logging
+     */
+    debug?: boolean;
+}
+/**
+ * Combined middleware configuration with policy support
+ */
+interface NextJSPolicyMiddlewareConfig extends PolicyMiddlewareConfig {
+    /**
+     * Paths to skip (in addition to policy excludedPaths)
+     */
+    skipPaths?: string[];
+    /**
+     * Only enforce on these paths (overrides policy includedPaths)
+     */
+    includePaths?: string[];
+}
+/**
+ * Create policy evaluation context from detection result and request
+ */
+declare function createContextFromDetection(detection: DetectionResult, request: NextRequest): PolicyEvaluationContext;
+/**
+ * Evaluate policy for a detection result
+ */
+declare function evaluatePolicyForDetection(detection: DetectionResult, request: NextRequest, policy: PolicyConfig): PolicyEvaluationResult;
+/**
+ * Build blocked response based on policy decision
+ */
+declare function buildBlockedResponse(decision: PolicyEvaluationResult, config: PolicyMiddlewareConfig): NextResponse;
+/**
+ * Build redirect response based on policy decision
+ */
+declare function buildRedirectResponse(request: NextRequest, decision: PolicyEvaluationResult, config: PolicyMiddlewareConfig, detection?: {
+    detectedAgent?: {
+        name?: string;
+    };
+}): NextResponse;
+/**
+ * Build challenge response (placeholder - future implementation)
+ */
+declare function buildChallengeResponse(request: NextRequest, decision: PolicyEvaluationResult, config: PolicyMiddlewareConfig, detection?: {
+    detectedAgent?: {
+        name?: string;
+    };
+}): NextResponse;
+/**
+ * Handle policy decision and return appropriate response
+ */
+declare function handlePolicyDecision(request: NextRequest, decision: PolicyEvaluationResult, config: PolicyMiddlewareConfig, detection?: {
+    detectedAgent?: {
+        name?: string;
+    };
+}): Promise<NextResponse | null>;
+/**
+ * Get policy (local, fetched, or fallback)
+ */
+declare function getPolicy(config: PolicyMiddlewareConfig): Promise<PolicyConfig>;
+/**
+ * Apply policy to a detection result
+ *
+ * This function can be used standalone to evaluate policy after detection.
+ * Supports extended config with skipPaths and includePaths for path-based filtering.
+ *
+ * @example
+ * ```typescript
+ * const result = await detector.analyze(context);
+ * const response = await applyPolicy(request, result, {
+ *   policy: { thresholds: { confidenceThreshold: 80 } },
+ *   skipPaths: ['/health', '/api/public/*'],
+ *   includePaths: ['/api/*'],
+ * });
+ *
+ * if (response) {
+ *   return response; // Policy blocked the request
+ * }
+ * ```
+ */
+declare function applyPolicy(request: NextRequest, detection: DetectionResult, config: NextJSPolicyMiddlewareConfig): Promise<NextResponse | null>;
+
+export { type NextJSPolicyMiddlewareConfig, type PolicyMiddlewareConfig, applyPolicy, buildBlockedResponse, buildChallengeResponse, buildRedirectResponse, createContextFromDetection, evaluatePolicyForDetection, getPolicy, handlePolicyDecision };