@kya-os/checkpoint-nextjs 1.1.1 → 1.2.0

package/dist/edge-runtime-loader.d.mts

@@ -1,3 +1,4 @@
+import { DetectionDetail } from '@kya-os/checkpoint-shared';
 import { NextRequest } from 'next/server';
 
 /**
@@ -8,23 +9,16 @@ import { NextRequest } from 'next/server';
  *
  * ## SSOT for pattern detection
  *
- * The fallback `patternDetection` path imports BOTH pattern arrays
- * from `@kya-os/checkpoint-shared/constants/agents`:
- *
- *   - `KNOWN_AGENT_PATTERNS` — strict SSOT carved for the server-side
- *     classifier (per-agent rows with category + isLegitimate fields).
- *   - `INTERACTIVE_AGENT_PATTERNS` — supplement holding interactive-
- *     session tokens, generic vendor fallbacks, and the GPT-Crawler
- *     entry that lives in seed-agent-types-data.ts (NOT in the strict
- *     SSOT).
- *
- * Pre-#2599 this file had a 15-pattern inline subset that diverged
- * from the shared SSOT — the you.com regex was tightened in agents.ts
- * but reverted here. SSOT-Fallback-Drift-1 (this PR) collapsed the
- * inline duplication and moved the supplement into checkpoint-shared
- * so both layers reference the same source. EPIC #2573 (PDM-2) is the
- * future unified-SSOT consolidation that folds the two arrays into
- * one canonical table.
+ * The fallback `patternDetection` path imports the single canonical
+ * pattern table `KNOWN_AGENT_PATTERNS` from
+ * `@kya-os/checkpoint-shared/constants/agents`. PDM-2 (#2573) folded
+ * what was previously a sibling supplement export
+ * (`INTERACTIVE_AGENT_PATTERNS`) into per-agent SSOT rows alongside
+ * the existing entries — interactive-session tokens, generic vendor
+ * fallbacks, and the GPT-Crawler bot are now first-class SSOT rows
+ * with `category`/`isLegitimate` fields. The drift-prevention test
+ * in `checkpoint-shared/__tests__/constants/agents.test.ts` enforces
+ * that no future PR re-introduces a sibling pool.
  *
  * ## Naming
  *
@@ -37,19 +31,14 @@ import { NextRequest } from 'next/server';
 interface WasmModule {
     default: WebAssembly.Module;
 }
-interface DetectionResult {
-    isAgent: boolean;
-    isAiCrawler?: boolean;
-    confidence: number;
+type EdgeRuntimeDetectionDetail = DetectionDetail & {
     agent?: string;
-    verificationMethod: 'cryptographic' | 'pattern';
-    riskLevel?: 'low' | 'medium' | 'high' | 'critical';
-    timestamp: string;
-}
+};
+
 interface EdgeCheckpointConfig {
     wasmModule?: WebAssembly.Module;
     enableWasm?: boolean;
-    onAgentDetected?: (result: DetectionResult) => void;
+    onAgentDetected?: (result: EdgeRuntimeDetectionDetail) => void;
     blockAgents?: boolean;
     allowedAgents?: string[];
     debug?: boolean;
@@ -63,7 +52,7 @@ declare class EdgeRuntimeCheckpoint {
     init(wasmModule?: WebAssembly.Module): Promise<void>;
     private readString;
     private writeString;
-    detect(request: NextRequest): Promise<DetectionResult>;
+    detect(request: NextRequest): Promise<EdgeRuntimeDetectionDetail>;
     private patternDetection;
     isInitialized(): boolean;
     getVerificationMethod(): 'cryptographic' | 'pattern';
@@ -83,4 +72,4 @@ declare const createEdgeAgentShield: typeof createEdgeCheckpoint;
 /** @deprecated Renamed to {@link getDefaultEdgeCheckpoint}. */
 declare const getDefaultAgentShield: typeof getDefaultEdgeCheckpoint;
 
-export { type AgentShieldConfig, type DetectionResult, type EdgeCheckpointConfig, EdgeRuntimeAgentShield, EdgeRuntimeCheckpoint, type WasmModule, createEdgeAgentShield, createEdgeCheckpoint, getDefaultAgentShield, getDefaultEdgeCheckpoint };
+export { type AgentShieldConfig, type EdgeRuntimeDetectionDetail as DetectionResult, type EdgeCheckpointConfig, EdgeRuntimeAgentShield, EdgeRuntimeCheckpoint, type EdgeRuntimeDetectionDetail, type WasmModule, createEdgeAgentShield, createEdgeCheckpoint, getDefaultAgentShield, getDefaultEdgeCheckpoint };

package/dist/edge-runtime-loader.d.ts

@@ -1,3 +1,4 @@
+import { DetectionDetail } from '@kya-os/checkpoint-shared';
 import { NextRequest } from 'next/server';
 
 /**
@@ -8,23 +9,16 @@ import { NextRequest } from 'next/server';
  *
  * ## SSOT for pattern detection
  *
- * The fallback `patternDetection` path imports BOTH pattern arrays
- * from `@kya-os/checkpoint-shared/constants/agents`:
- *
- *   - `KNOWN_AGENT_PATTERNS` — strict SSOT carved for the server-side
- *     classifier (per-agent rows with category + isLegitimate fields).
- *   - `INTERACTIVE_AGENT_PATTERNS` — supplement holding interactive-
- *     session tokens, generic vendor fallbacks, and the GPT-Crawler
- *     entry that lives in seed-agent-types-data.ts (NOT in the strict
- *     SSOT).
- *
- * Pre-#2599 this file had a 15-pattern inline subset that diverged
- * from the shared SSOT — the you.com regex was tightened in agents.ts
- * but reverted here. SSOT-Fallback-Drift-1 (this PR) collapsed the
- * inline duplication and moved the supplement into checkpoint-shared
- * so both layers reference the same source. EPIC #2573 (PDM-2) is the
- * future unified-SSOT consolidation that folds the two arrays into
- * one canonical table.
+ * The fallback `patternDetection` path imports the single canonical
+ * pattern table `KNOWN_AGENT_PATTERNS` from
+ * `@kya-os/checkpoint-shared/constants/agents`. PDM-2 (#2573) folded
+ * what was previously a sibling supplement export
+ * (`INTERACTIVE_AGENT_PATTERNS`) into per-agent SSOT rows alongside
+ * the existing entries — interactive-session tokens, generic vendor
+ * fallbacks, and the GPT-Crawler bot are now first-class SSOT rows
+ * with `category`/`isLegitimate` fields. The drift-prevention test
+ * in `checkpoint-shared/__tests__/constants/agents.test.ts` enforces
+ * that no future PR re-introduces a sibling pool.
  *
  * ## Naming
  *
@@ -37,19 +31,14 @@ import { NextRequest } from 'next/server';
 interface WasmModule {
     default: WebAssembly.Module;
 }
-interface DetectionResult {
-    isAgent: boolean;
-    isAiCrawler?: boolean;
-    confidence: number;
+type EdgeRuntimeDetectionDetail = DetectionDetail & {
     agent?: string;
-    verificationMethod: 'cryptographic' | 'pattern';
-    riskLevel?: 'low' | 'medium' | 'high' | 'critical';
-    timestamp: string;
-}
+};
+
 interface EdgeCheckpointConfig {
     wasmModule?: WebAssembly.Module;
     enableWasm?: boolean;
-    onAgentDetected?: (result: DetectionResult) => void;
+    onAgentDetected?: (result: EdgeRuntimeDetectionDetail) => void;
     blockAgents?: boolean;
     allowedAgents?: string[];
     debug?: boolean;
@@ -63,7 +52,7 @@ declare class EdgeRuntimeCheckpoint {
     init(wasmModule?: WebAssembly.Module): Promise<void>;
     private readString;
     private writeString;
-    detect(request: NextRequest): Promise<DetectionResult>;
+    detect(request: NextRequest): Promise<EdgeRuntimeDetectionDetail>;
     private patternDetection;
     isInitialized(): boolean;
     getVerificationMethod(): 'cryptographic' | 'pattern';
@@ -83,4 +72,4 @@ declare const createEdgeAgentShield: typeof createEdgeCheckpoint;
 /** @deprecated Renamed to {@link getDefaultEdgeCheckpoint}. */
 declare const getDefaultAgentShield: typeof getDefaultEdgeCheckpoint;
 
-export { type AgentShieldConfig, type DetectionResult, type EdgeCheckpointConfig, EdgeRuntimeAgentShield, EdgeRuntimeCheckpoint, type WasmModule, createEdgeAgentShield, createEdgeCheckpoint, getDefaultAgentShield, getDefaultEdgeCheckpoint };
+export { type AgentShieldConfig, type EdgeRuntimeDetectionDetail as DetectionResult, type EdgeCheckpointConfig, EdgeRuntimeAgentShield, EdgeRuntimeCheckpoint, type EdgeRuntimeDetectionDetail, type WasmModule, createEdgeAgentShield, createEdgeCheckpoint, getDefaultAgentShield, getDefaultEdgeCheckpoint };

package/dist/edge-runtime-loader.js

@@ -33,6 +33,22 @@ function tokenRegex(token) {
   TOKEN_REGEX_CACHE.set(token, regex);
   return regex;
 }
+function readStringField(value) {
+  return typeof value === "string" && value.length > 0 ? value : void 0;
+}
+function readNumberField(value) {
+  return typeof value === "number" && Number.isFinite(value) ? value : void 0;
+}
+function readBooleanField(value) {
+  return typeof value === "boolean" ? value : void 0;
+}
+function readStringArrayField(value) {
+  return Array.isArray(value) ? value.filter((item) => typeof item === "string") : [];
+}
+function normalizeEngineConfidence(value) {
+  if (value === void 0) return 0;
+  return Math.round(Math.max(0, Math.min(100, value)));
+}
 function matchKnownAgent(lowercasedUa) {
   let best = null;
   for (const entry of checkpointShared.KNOWN_AGENT_PATTERNS) {
@@ -45,13 +61,6 @@ function matchKnownAgent(lowercasedUa) {
       }
     }
   }
-  for (const { pattern, name, confidence } of checkpointShared.INTERACTIVE_AGENT_PATTERNS) {
-    if (pattern.test(lowercasedUa)) {
-      if (!best || confidence > best.confidence) {
-        best = { name, confidence };
-      }
-    }
-  }
   return best;
 }
 var EdgeRuntimeCheckpoint = class {
@@ -145,10 +154,21 @@ var EdgeRuntimeCheckpoint = class {
           exports$1.__wbindgen_free(resultPtr, offset);
         }
         const result = JSON.parse(resultStr);
+        const agent = readStringField(result.agent) ?? readStringField(result.agentName);
+        const confidence = normalizeEngineConfidence(readNumberField(result.confidence));
         const detection = {
-          ...result,
-          verificationMethod: "cryptographic",
-          timestamp: (/* @__PURE__ */ new Date()).toISOString()
+          isAgent: readBooleanField(result.isAgent) ?? readBooleanField(result.is_agent) ?? false,
+          isAiCrawler: readBooleanField(result.isAiCrawler) ?? readBooleanField(result.is_ai_crawler),
+          confidence,
+          detectionClass: agent ? { type: "AiAgent", agentType: agent } : { type: confidence > 0 ? "IncompleteData" : "Human" },
+          detectedAgent: agent ? { type: "ai_agent", name: agent } : void 0,
+          agent,
+          agentType: agent,
+          reasons: readStringArrayField(result.reasons),
+          signals: [],
+          verificationMethod: "signature",
+          riskLevel: readStringField(result.riskLevel) ?? readStringField(result.risk_level),
+          timestamp: Date.now()
         };
         if (this.config.onAgentDetected && detection.isAgent) {
           this.config.onAgentDetected(detection);
@@ -174,13 +194,19 @@ var EdgeRuntimeCheckpoint = class {
     const match = matchKnownAgent(lowercasedUa);
     if (match) {
       const finalConfidence = Math.min(match.confidence + headerBoost, 1);
+      const confidence = Math.round(finalConfidence * 100);
       const result = {
         isAgent: true,
-        confidence: finalConfidence,
+        confidence,
+        detectionClass: { type: "AiAgent", agentType: match.name },
+        detectedAgent: { type: "ai_agent", name: match.name },
         agent: match.name,
+        agentType: match.name,
+        reasons: [`known_pattern:${match.name.toLowerCase()}`],
+        signals: [],
         verificationMethod: "pattern",
         riskLevel: finalConfidence > 0.9 ? "high" : "medium",
-        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+        timestamp: Date.now()
       };
       if (this.config.onAgentDetected) {
         this.config.onAgentDetected(result);
@@ -189,9 +215,12 @@ var EdgeRuntimeCheckpoint = class {
     }
     return {
       isAgent: false,
-      confidence: 0.85,
+      confidence: 0,
+      detectionClass: { type: "Human" },
+      reasons: ["No known agent indicators matched"],
+      signals: [],
       verificationMethod: "pattern",
-      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      timestamp: Date.now()
     };
   }
   isInitialized() {

package/dist/edge-runtime-loader.mjs

@@ -1,4 +1,4 @@
-import { KNOWN_AGENT_PATTERNS, INTERACTIVE_AGENT_PATTERNS } from '@kya-os/checkpoint-shared';
+import { KNOWN_AGENT_PATTERNS } from '@kya-os/checkpoint-shared';
 
 // src/edge-runtime-loader.ts
 
@@ -31,6 +31,22 @@ function tokenRegex(token) {
   TOKEN_REGEX_CACHE.set(token, regex);
   return regex;
 }
+function readStringField(value) {
+  return typeof value === "string" && value.length > 0 ? value : void 0;
+}
+function readNumberField(value) {
+  return typeof value === "number" && Number.isFinite(value) ? value : void 0;
+}
+function readBooleanField(value) {
+  return typeof value === "boolean" ? value : void 0;
+}
+function readStringArrayField(value) {
+  return Array.isArray(value) ? value.filter((item) => typeof item === "string") : [];
+}
+function normalizeEngineConfidence(value) {
+  if (value === void 0) return 0;
+  return Math.round(Math.max(0, Math.min(100, value)));
+}
 function matchKnownAgent(lowercasedUa) {
   let best = null;
   for (const entry of KNOWN_AGENT_PATTERNS) {
@@ -43,13 +59,6 @@ function matchKnownAgent(lowercasedUa) {
       }
     }
   }
-  for (const { pattern, name, confidence } of INTERACTIVE_AGENT_PATTERNS) {
-    if (pattern.test(lowercasedUa)) {
-      if (!best || confidence > best.confidence) {
-        best = { name, confidence };
-      }
-    }
-  }
   return best;
 }
 var EdgeRuntimeCheckpoint = class {
@@ -143,10 +152,21 @@ var EdgeRuntimeCheckpoint = class {
           exports$1.__wbindgen_free(resultPtr, offset);
         }
         const result = JSON.parse(resultStr);
+        const agent = readStringField(result.agent) ?? readStringField(result.agentName);
+        const confidence = normalizeEngineConfidence(readNumberField(result.confidence));
         const detection = {
-          ...result,
-          verificationMethod: "cryptographic",
-          timestamp: (/* @__PURE__ */ new Date()).toISOString()
+          isAgent: readBooleanField(result.isAgent) ?? readBooleanField(result.is_agent) ?? false,
+          isAiCrawler: readBooleanField(result.isAiCrawler) ?? readBooleanField(result.is_ai_crawler),
+          confidence,
+          detectionClass: agent ? { type: "AiAgent", agentType: agent } : { type: confidence > 0 ? "IncompleteData" : "Human" },
+          detectedAgent: agent ? { type: "ai_agent", name: agent } : void 0,
+          agent,
+          agentType: agent,
+          reasons: readStringArrayField(result.reasons),
+          signals: [],
+          verificationMethod: "signature",
+          riskLevel: readStringField(result.riskLevel) ?? readStringField(result.risk_level),
+          timestamp: Date.now()
         };
         if (this.config.onAgentDetected && detection.isAgent) {
           this.config.onAgentDetected(detection);
@@ -172,13 +192,19 @@ var EdgeRuntimeCheckpoint = class {
     const match = matchKnownAgent(lowercasedUa);
     if (match) {
       const finalConfidence = Math.min(match.confidence + headerBoost, 1);
+      const confidence = Math.round(finalConfidence * 100);
       const result = {
         isAgent: true,
-        confidence: finalConfidence,
+        confidence,
+        detectionClass: { type: "AiAgent", agentType: match.name },
+        detectedAgent: { type: "ai_agent", name: match.name },
         agent: match.name,
+        agentType: match.name,
+        reasons: [`known_pattern:${match.name.toLowerCase()}`],
+        signals: [],
         verificationMethod: "pattern",
         riskLevel: finalConfidence > 0.9 ? "high" : "medium",
-        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+        timestamp: Date.now()
       };
       if (this.config.onAgentDetected) {
         this.config.onAgentDetected(result);
@@ -187,9 +213,12 @@ var EdgeRuntimeCheckpoint = class {
     }
     return {
       isAgent: false,
-      confidence: 0.85,
+      confidence: 0,
+      detectionClass: { type: "Human" },
+      reasons: ["No known agent indicators matched"],
+      signals: [],
       verificationMethod: "pattern",
-      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      timestamp: Date.now()
     };
   }
   isInitialized() {

package/dist/edge-wasm-middleware.d.mts

@@ -1,15 +1,25 @@
 import { NextRequest, NextResponse } from 'next/server';
 
 /**
- * Edge Runtime Compatible WASM Middleware for AgentShield
+ * @deprecated Phase-D.9a — legacy Edge Runtime WASM middleware wrapping
+ * the retired `agentshield-wasm` Rust crate. This file shipped hand-
+ * written wasm-bindgen glue code that loaded the legacy detector's
+ * WASM binary; PR #2599's SSOT consolidation + PDM-1 #2560's engine
+ * move + AgentDetector-Deletion-1 PR #2610's class-deprecation made
+ * it structural dead weight.
  *
- * This module provides WASM-based AI agent detection with 95-100% confidence
- * in Next.js Edge Runtime and Vercel Edge Functions.
+ * Phase-D.9a converts the exports to throw-stubs (same precedent as
+ * PR #2610's `createWasmAgentShieldMiddleware` deprecation). Phase-D.9b
+ * (follow-up) deletes the underlying `agentshield-wasm` Rust crate
+ * after migrating the production Cloudflare gateway worker.
  *
- * IMPORTANT: WebAssembly.instantiate(module) IS supported in Edge Runtime
- * when using a pre-compiled module imported with ?module suffix.
+ * Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs/edge` —
+ * engine-backed, runs the full kya-os-engine orchestrator including
+ * MCP-I envelope verification. See `packages/checkpoint-nextjs/README.md`
+ * for the canonical recipe.
  */
 
+/** @deprecated See file header. Type-only surface preservation. */
 interface EdgeWasmDetectionResult {
     isAgent: boolean;
     isAiCrawler?: boolean;
@@ -20,17 +30,10 @@ interface EdgeWasmDetectionResult {
     timestamp: string;
     reasons?: string[];
 }
+/** @deprecated See file header. Type-only surface preservation. */
 interface EdgeAgentShieldConfig {
     onAgentDetected?: (result: EdgeWasmDetectionResult) => void | Promise<void>;
     blockOnHighConfidence?: boolean;
-    /**
-     * Confidence threshold for blocking (0.0-1.0 scale).
-     * Detection confidence above this threshold will be blocked if blockOnHighConfidence is true.
-     * @default 0.9 (90% confidence)
-     * @example
-     * confidenceThreshold: 0.9  // Block if >= 90% confident
-     * confidenceThreshold: 0.7  // Block if >= 70% confident
-     */
     confidenceThreshold?: number;
     skipPaths?: string[];
     blockedResponse?: {
@@ -39,30 +42,21 @@ interface EdgeAgentShieldConfig {
         headers?: Record<string, string>;
     };
 }
+/** @internal — test-only reset for the one-shot warn latch. */
+declare function __resetEdgeWasmWarningForTests(): void;
 /**
- * Initialize WASM module with proper imports for Edge Runtime
+ * @deprecated Removed in Phase-D.9a. Use `withCheckpoint` from
+ * `@kya-os/checkpoint-nextjs/edge` instead. Throws on invocation;
+ * surface exists only so static analysis sees the historical export.
  */
-declare function initializeEdgeWasm(wasmModule: WebAssembly.Module): Promise<void>;
+declare function initializeEdgeWasm(_wasmModule: WebAssembly.Module): Promise<void>;
 /**
- * Create Edge Runtime compatible WASM middleware
- *
- * @example
- * ```typescript
- * // middleware.ts
- * import wasmModule from '@kya-os/checkpoint/wasm?module';
- * import { createEdgeWasmMiddleware } from '@kya-os/checkpoint-nextjs/edge-wasm-middleware';
- *
- * export const middleware = createEdgeWasmMiddleware({
- *   wasmModule,
- *   onAgentDetected: (result) => {
- *     // Note: result.confidence is 0.0-1.0 scale
- *     console.log(`AI Agent: ${result.agent} (${Math.round(result.confidence * 100)}% confidence)`);
- *   }
- * });
- * ```
+ * @deprecated Removed in Phase-D.9a. Use `withCheckpoint` from
+ * `@kya-os/checkpoint-nextjs/edge` instead. Throws on invocation;
+ * surface exists only so static analysis sees the historical export.
  */
-declare function createEdgeWasmMiddleware(config: EdgeAgentShieldConfig & {
+declare function createEdgeWasmMiddleware(_config: EdgeAgentShieldConfig & {
     wasmModule: WebAssembly.Module;
-}): (request: NextRequest) => Promise<NextResponse<unknown>>;
+}): (request: NextRequest) => Promise<NextResponse>;
 
-export { type EdgeAgentShieldConfig, type EdgeWasmDetectionResult, createEdgeWasmMiddleware, initializeEdgeWasm };
+export { type EdgeAgentShieldConfig, type EdgeWasmDetectionResult, __resetEdgeWasmWarningForTests, createEdgeWasmMiddleware, initializeEdgeWasm };

package/dist/edge-wasm-middleware.d.ts

@@ -1,15 +1,25 @@
 import { NextRequest, NextResponse } from 'next/server';
 
 /**
- * Edge Runtime Compatible WASM Middleware for AgentShield
+ * @deprecated Phase-D.9a — legacy Edge Runtime WASM middleware wrapping
+ * the retired `agentshield-wasm` Rust crate. This file shipped hand-
+ * written wasm-bindgen glue code that loaded the legacy detector's
+ * WASM binary; PR #2599's SSOT consolidation + PDM-1 #2560's engine
+ * move + AgentDetector-Deletion-1 PR #2610's class-deprecation made
+ * it structural dead weight.
  *
- * This module provides WASM-based AI agent detection with 95-100% confidence
- * in Next.js Edge Runtime and Vercel Edge Functions.
+ * Phase-D.9a converts the exports to throw-stubs (same precedent as
+ * PR #2610's `createWasmAgentShieldMiddleware` deprecation). Phase-D.9b
+ * (follow-up) deletes the underlying `agentshield-wasm` Rust crate
+ * after migrating the production Cloudflare gateway worker.
  *
- * IMPORTANT: WebAssembly.instantiate(module) IS supported in Edge Runtime
- * when using a pre-compiled module imported with ?module suffix.
+ * Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs/edge` —
+ * engine-backed, runs the full kya-os-engine orchestrator including
+ * MCP-I envelope verification. See `packages/checkpoint-nextjs/README.md`
+ * for the canonical recipe.
  */
 
+/** @deprecated See file header. Type-only surface preservation. */
 interface EdgeWasmDetectionResult {
     isAgent: boolean;
     isAiCrawler?: boolean;
@@ -20,17 +30,10 @@ interface EdgeWasmDetectionResult {
     timestamp: string;
     reasons?: string[];
 }
+/** @deprecated See file header. Type-only surface preservation. */
 interface EdgeAgentShieldConfig {
     onAgentDetected?: (result: EdgeWasmDetectionResult) => void | Promise<void>;
     blockOnHighConfidence?: boolean;
-    /**
-     * Confidence threshold for blocking (0.0-1.0 scale).
-     * Detection confidence above this threshold will be blocked if blockOnHighConfidence is true.
-     * @default 0.9 (90% confidence)
-     * @example
-     * confidenceThreshold: 0.9  // Block if >= 90% confident
-     * confidenceThreshold: 0.7  // Block if >= 70% confident
-     */
     confidenceThreshold?: number;
     skipPaths?: string[];
     blockedResponse?: {
@@ -39,30 +42,21 @@ interface EdgeAgentShieldConfig {
         headers?: Record<string, string>;
     };
 }
+/** @internal — test-only reset for the one-shot warn latch. */
+declare function __resetEdgeWasmWarningForTests(): void;
 /**
- * Initialize WASM module with proper imports for Edge Runtime
+ * @deprecated Removed in Phase-D.9a. Use `withCheckpoint` from
+ * `@kya-os/checkpoint-nextjs/edge` instead. Throws on invocation;
+ * surface exists only so static analysis sees the historical export.
  */
-declare function initializeEdgeWasm(wasmModule: WebAssembly.Module): Promise<void>;
+declare function initializeEdgeWasm(_wasmModule: WebAssembly.Module): Promise<void>;
 /**
- * Create Edge Runtime compatible WASM middleware
- *
- * @example
- * ```typescript
- * // middleware.ts
- * import wasmModule from '@kya-os/checkpoint/wasm?module';
- * import { createEdgeWasmMiddleware } from '@kya-os/checkpoint-nextjs/edge-wasm-middleware';
- *
- * export const middleware = createEdgeWasmMiddleware({
- *   wasmModule,
- *   onAgentDetected: (result) => {
- *     // Note: result.confidence is 0.0-1.0 scale
- *     console.log(`AI Agent: ${result.agent} (${Math.round(result.confidence * 100)}% confidence)`);
- *   }
- * });
- * ```
+ * @deprecated Removed in Phase-D.9a. Use `withCheckpoint` from
+ * `@kya-os/checkpoint-nextjs/edge` instead. Throws on invocation;
+ * surface exists only so static analysis sees the historical export.
  */
-declare function createEdgeWasmMiddleware(config: EdgeAgentShieldConfig & {
+declare function createEdgeWasmMiddleware(_config: EdgeAgentShieldConfig & {
     wasmModule: WebAssembly.Module;
-}): (request: NextRequest) => Promise<NextResponse<unknown>>;
+}): (request: NextRequest) => Promise<NextResponse>;
 
-export { type EdgeAgentShieldConfig, type EdgeWasmDetectionResult, createEdgeWasmMiddleware, initializeEdgeWasm };
+export { type EdgeAgentShieldConfig, type EdgeWasmDetectionResult, __resetEdgeWasmWarningForTests, createEdgeWasmMiddleware, initializeEdgeWasm };