@kya-os/checkpoint-nextjs 1.1.4 → 1.7.0

package/dist/middleware-node.d.ts

@@ -1,99 +1,12 @@
+import * as _kya_os_checkpoint_wasm_runtime_engine from '@kya-os/checkpoint-wasm-runtime/engine';
 import * as _kya_os_checkpoint_wasm_runtime_adapters from '@kya-os/checkpoint-wasm-runtime/adapters';
-import { DidResolverAdapter, StatusListCacheAdapter, ReputationOracleAdapter, PolicyEvaluatorAdapter } from '@kya-os/checkpoint-wasm-runtime/adapters';
-import { NextRequest, NextResponse } from 'next/server';
-import { EnforcementMode, VerifyResult } from '@kya-os/checkpoint-wasm-runtime/engine';
+import { NextRequest, NextFetchEvent, NextResponse } from 'next/server';
+import { DetectionReporter, ReporterContext } from '@kya-os/checkpoint-wasm-runtime/reporter';
+import { C as CheckpointConfig } from './config-kxFihzR_.js';
+import { ComposedPolicyContext, TrustedDelegationRootsResolver } from './composed-policy.js';
+import '@kya-os/checkpoint-wasm-runtime/composed-policy';
+import '@kya-os/checkpoint-shared';
 
-/**
- * Configuration for `withCheckpoint`.
- *
- * The new minimal shape Phase D's middleware needs. Legacy
- * `AgentShieldMiddlewareConfig` (from `./api-middleware`) remains
- * exported during the deprecation window — see D.4 cutover.
- */
-interface CheckpointConfig {
-    /**
-     * Tenant identifier — typically the customer's dashboard hostname
-     * (e.g. `acme.checkpoint.example`). The PolicyEvaluator uses this
-     * to look up tenant policy from the dashboard.
-     */
-    tenantHost: string;
-    /**
-     * `'enforce'` (default) blocks; `'observe'` passes everything
-     * through with `X-Checkpoint-Would-Have-Been` headers. Per Phase 0.2.
-     */
-    enforcementMode?: EnforcementMode;
-    /**
-     * Argus reputation oracle base URL. Omit to use the trust-by-default
-     * baseline (reputation defaults to 1.0; orchestrator logs a one-shot
-     * warning at first request).
-     */
-    argusUrl?: string;
-    /**
-     * Dashboard base URL for the PolicyEvaluator to fetch tenant policy
-     * from. Omit to use the open-by-default tenant policy.
-     */
-    dashboardUrl?: string;
-    /**
-     * Returned to the PolicyEvaluator for anonymous requests (no agent
-     * DID). Default 1.0 (trust-by-default).
-     */
-    reputationBaseline?: number;
-    /**
-     * Pre-built adapter instances. Production deployments use the
-     * factory-built defaults from `@kya-os/checkpoint-wasm-runtime/adapters`;
-     * tests use stubs. The factory composes any provided overrides over
-     * defaults — partial overrides are supported.
-     */
-    adapters?: Partial<{
-        didResolver: DidResolverAdapter;
-        statusListCache: StatusListCacheAdapter;
-        reputationOracle: ReputationOracleAdapter;
-        policyEvaluator: PolicyEvaluatorAdapter;
-    }>;
-    /**
-     * Optional callback for the post-verdict path — fires after every
-     * verification, regardless of permit/block, with the full
-     * `VerifyResult`. Use for logging, dashboards, telemetry. Errors
-     * thrown here are swallowed so user code can't break the middleware
-     * response.
-     */
-    onResult?: (result: VerifyResult, req: NextRequest) => void | Promise<void>;
-    /**
-     * Accept legacy `KYA-Delegation`-header envelope form alongside the
-     * canonical `_meta.proof.jws` body form. Default `false`.
-     *
-     * **When to enable** — customers whose agents pre-date Envelope-1
-     * (#2537) and ship MCP-I proofs as `{protected,payload,signature}`
-     * JSON in a `KYA-Delegation` HTTP header. Post-Envelope-1 agents
-     * ship compact JWS in the request body's `_meta.proof.jws` field;
-     * those don't need this flag.
-     *
-     * Forwarded to the orchestrator's `VerifyRequestOpts.legacyEnvelopeFallback`.
-     * Both transports (header + body) are honored when this is `true`;
-     * the orchestrator's detection order is body first, then header
-     * (`packages/checkpoint-wasm-runtime/src/engine/orchestrator/build-agent-request.ts`).
-     *
-     * SDK-Envelope-Plumbing-1 (#2594). Added in `@kya-os/checkpoint-nextjs@1.1.0`.
-     */
-    legacyEnvelopeFallback?: boolean;
-    /**
-     * Read the request body when `content-type` is `application/json` so
-     * the orchestrator can extract an MCP-I envelope from
-     * `_meta.proof.jws`. Default `true`.
-     *
-     * **When to disable** — streaming middlewares that can't tolerate
-     * the `req.clone()` memory overhead (one full-body copy is buffered
-     * during the read). For those, set `false` and route MCP-I
-     * envelopes through the `KYA-Delegation` header transport instead
-     * (requires `legacyEnvelopeFallback: true`).
-     *
-     * The clone preserves `req.body` for downstream handlers — disabling
-     * is a performance optimization, not a correctness fix.
-     *
-     * SDK-Envelope-Plumbing-1 (#2594). Added in `@kya-os/checkpoint-nextjs@1.1.0`.
-     */
-    drainJsonBody?: boolean;
-}
 /**
  * Build the Checkpoint middleware. Returns a function `(req) => NextResponse`
  * suitable for `export default withCheckpoint({...})` in `middleware.ts`.
@@ -103,23 +16,48 @@ interface CheckpointConfig {
  * `verifyRequest`, and translates the verdict to `NextResponse`. No
  * verification logic lives in this file.
  */
-declare function withCheckpoint(config: CheckpointConfig): (req: NextRequest) => Promise<NextResponse>;
+declare function withCheckpoint(config: CheckpointConfig): (req: NextRequest, event?: NextFetchEvent) => Promise<NextResponse>;
+/**
+ * Installed SDK version, self-reported to the detection reporter so the
+ * dashboard can version-gate "composed policy enforces here". MUST equal
+ * `package.json` version — pinned by a unit test (the old hardcoded `0.1.0` had
+ * drifted). Re-exported as `VERSION` from the package index.
+ */
+declare const VERSION = "1.7.0";
+declare function buildReporter(config: CheckpointConfig, runtime?: 'node' | 'edge'): DetectionReporter | null;
+/**
+ * Build the per-factory trusted-delegation-roots resolver (P2 / DR-1). Root
+ * pinning is a security concern INDEPENDENT of composed Cedar enforcement, so it
+ * must resolve wherever a `projectId` exists — including Edge setups that never
+ * wire `cedarWasmModule` (where `buildComposedContext` returns null). Prefers the
+ * composed context's accessor (reuses its cached fetcher / honors an injected
+ * enforcer); otherwise falls back to a `projectId`-only policy fetch. Returns
+ * `null` when no source is configured (no roots → engine open default).
+ */
+declare function buildTrustedRootsResolver(config: CheckpointConfig, composed: ComposedPolicyContext | null): TrustedDelegationRootsResolver | null;
+/**
+ * Pull the request context the dashboard's `/api/v1/log-detection`
+ * endpoint expects out of a `NextRequest`. Works under both Node and
+ * Edge runtimes — no runtime-specific APIs.
+ */
+declare function extractReporterContext(req: NextRequest): ReporterContext;
 /**
  * Compose adapter defaults with caller-supplied overrides. Factored
  * out so the Edge entry (which uses the same composition) can reuse
  * the shape.
  */
 declare function buildVerifyOpts(config: CheckpointConfig): {
-    didResolver: DidResolverAdapter;
-    statusListCache: StatusListCacheAdapter;
-    reputationOracle: ReputationOracleAdapter;
-    policyEvaluator: PolicyEvaluatorAdapter;
+    didResolver: _kya_os_checkpoint_wasm_runtime_adapters.DidResolverAdapter;
+    statusListCache: _kya_os_checkpoint_wasm_runtime_adapters.StatusListCacheAdapter;
+    reputationOracle: _kya_os_checkpoint_wasm_runtime_adapters.ReputationOracleAdapter;
+    policyEvaluator: _kya_os_checkpoint_wasm_runtime_adapters.PolicyEvaluatorAdapter;
     clock: _kya_os_checkpoint_wasm_runtime_adapters.ClockAdapter;
     tenantHost: string;
-    enforcementMode: EnforcementMode;
+    enforcementMode: _kya_os_checkpoint_wasm_runtime_engine.EnforcementMode;
     reputationBaseline: number | undefined;
     argusUrl: string | undefined;
     legacyEnvelopeFallback: boolean;
+    engineConfig: _kya_os_checkpoint_wasm_runtime_engine.EngineConfig | undefined;
 };
 
-export { type CheckpointConfig, buildVerifyOpts as _buildVerifyOpts, withCheckpoint };
+export { CheckpointConfig, VERSION, buildReporter as _buildReporter, buildTrustedRootsResolver as _buildTrustedRootsResolver, buildVerifyOpts as _buildVerifyOpts, extractReporterContext as _extractReporterContext, withCheckpoint };

package/dist/middleware-node.js

@@ -2,8 +2,10 @@
 
 var orchestrator = require('@kya-os/checkpoint-wasm-runtime/orchestrator');
 var adapters = require('@kya-os/checkpoint-wasm-runtime/adapters');
-var server = require('next/server');
+var reporter = require('@kya-os/checkpoint-wasm-runtime/reporter');
 var checkpointShared = require('@kya-os/checkpoint-shared');
+var server = require('next/server');
+var composedPolicy = require('@kya-os/checkpoint-wasm-runtime/composed-policy');
 
 // src/middleware-node.ts
 function adaptToNextResponse(rendered, req) {
@@ -54,6 +56,85 @@ function applyHeaders(res, headers) {
     res.headers.set(key, value);
   }
 }
+var DEFAULT_DASHBOARD_URL = "https://kya.vouched.id";
+var NOOP_LOGGER = {
+  shadowDivergence: () => {
+  },
+  evaluationError: () => {
+  }
+};
+function makeComposedPolicyContext(opts) {
+  const { projectId, fetcher } = opts;
+  const cache = composedPolicy.makeComposedPolicyCache({ compile: opts.compile, cacheMax: opts.cacheMax });
+  const logger = opts.logger ?? NOOP_LOGGER;
+  return {
+    async apply(result, path) {
+      const structured = { decision: result.decision, acted: false };
+      const policy = await fetcher.getPolicy(projectId);
+      const outcome = await composedPolicy.evaluateComposedPolicy({
+        cache,
+        projectId,
+        flags: {
+          policyLanguage: policy.policyLanguage,
+          policySourceText: policy.policySourceText,
+          engineEnforcementEnabled: policy.engineEnforcementEnabled,
+          enabled: policy.enabled
+        },
+        authorizeInput: composedPolicy.verifyResultToAuthorizeInput(result, { tenantId: projectId, path }),
+        baselineDecisionKind: result.decision.kind
+      });
+      if ((outcome.status === "acting" || outcome.status === "shadow") && outcome.diverged) {
+        logger.shadowDivergence({
+          projectId,
+          path,
+          engineDecision: outcome.engineDecision.kind,
+          structuredDecision: result.decision.kind,
+          detectionClass: result.detectionDetail.detectionClass.type,
+          verificationMethod: result.detectionDetail.verificationMethod,
+          confidence: result.detectionDetail.confidence,
+          agentName: result.detectionDetail.detectedAgent?.name
+        });
+      }
+      if (outcome.status === "error") {
+        logger.evaluationError(projectId, outcome.error);
+        return structured;
+      }
+      if (outcome.status === "acting") {
+        return { decision: outcome.engineDecision, acted: true };
+      }
+      return structured;
+    },
+    async trustedDelegationRoots() {
+      const policy = await fetcher.getPolicy(projectId);
+      return policy.trustedDelegationRoots ?? [];
+    }
+  };
+}
+async function resolveTrustedDelegationRootsForRequest(resolver, headers) {
+  if (!resolver) return void 0;
+  if (!checkpointShared.requestCarriesDelegationProof(headers)) return void 0;
+  const roots = await resolver();
+  return roots.length > 0 ? roots : void 0;
+}
+async function applyComposedPolicy(context, result, path) {
+  if (!context) return;
+  try {
+    const outcome = await context.apply(result, path);
+    if (outcome.acted) result.decision = outcome.decision;
+  } catch {
+  }
+}
+var consoleComposedPolicyLogger = {
+  shadowDivergence(info) {
+    console.warn("[checkpoint/composed-policy] shadow-divergence", info);
+  },
+  evaluationError(projectId, error) {
+    console.error(
+      `[checkpoint/composed-policy] evaluation failed for ${projectId}; using structured decision:`,
+      error
+    );
+  }
+};
 
 // src/translate.ts
 async function nextRequestToHttpLike(req, opts = {}) {
@@ -98,15 +179,91 @@ function extractRemoteAddress(req) {
 // src/middleware-node.ts
 function withCheckpoint(config) {
   const opts = buildVerifyOpts(config);
+  const reporter = buildReporter(config);
+  const composed = buildComposedContext(config);
+  const trustedRootsResolver = buildTrustedRootsResolver(config, composed);
   const translateOpts = { drainJsonBody: config.drainJsonBody };
-  return async function checkpointMiddleware(req) {
+  return async function checkpointMiddleware(req, event) {
     const httpLike = await nextRequestToHttpLike(req, translateOpts);
-    const result = await orchestrator.verifyRequest(httpLike, opts);
+    const trustedDelegationRoots = await resolveTrustedDelegationRootsForRequest(
+      trustedRootsResolver,
+      req.headers
+    );
+    const result = await orchestrator.verifyRequest(
+      httpLike,
+      trustedDelegationRoots ? { ...opts, trustedDelegationRoots } : opts
+    );
+    await applyComposedPolicy(composed, result, req.nextUrl.pathname);
+    if (reporter) {
+      const reportPromise = reporter(result, extractReporterContext(req));
+      if (event) {
+        event.waitUntil(reportPromise);
+      }
+    }
     await dispatchOnResult(config, result, req);
     const rendered = orchestrator.renderDecisionAsResponse(result);
     return adaptToNextResponse(rendered, req);
   };
 }
+var SDK_NAME = "@kya-os/checkpoint-nextjs";
+var VERSION = "1.7.0";
+function buildReporter(config, runtime = "node") {
+  if (!config.apiKey) return null;
+  return reporter.makeDetectionReporter({
+    apiKey: config.apiKey,
+    baseUrl: config.baseUrl,
+    debug: config.debug,
+    // Self-identify (incl. node-vs-edge) so the dashboard can version-gate
+    // enforcement. Next.js EDGE composed enforcement is opt-in (needs
+    // `cedarWasmModule`), so the dashboard shows it as opt-in, never "Enforcing".
+    sdk: { name: SDK_NAME, version: VERSION, runtime }
+  });
+}
+function buildTrustedRootsResolver(config, composed) {
+  if (composed?.trustedDelegationRoots) {
+    return () => composed.trustedDelegationRoots();
+  }
+  if (!config.projectId) return null;
+  const fetcher = new checkpointShared.PolicyFetcher({
+    apiBaseUrl: config.dashboardUrl ?? config.baseUrl ?? DEFAULT_DASHBOARD_URL,
+    apiKey: config.apiKey,
+    cacheTtlSeconds: config.policyCacheTtlSeconds
+  });
+  const projectId = config.projectId;
+  return async () => (await fetcher.getPolicy(projectId)).trustedDelegationRoots ?? [];
+}
+function buildComposedContext(config) {
+  if (config.composedPolicyEnforcer) return config.composedPolicyEnforcer;
+  if (!config.projectId) return null;
+  return makeComposedPolicyContext({
+    projectId: config.projectId,
+    fetcher: new checkpointShared.PolicyFetcher({
+      apiBaseUrl: config.dashboardUrl ?? config.baseUrl ?? DEFAULT_DASHBOARD_URL,
+      apiKey: config.apiKey,
+      cacheTtlSeconds: config.policyCacheTtlSeconds
+    }),
+    // LAZY dynamic import — NOT a top-level `import` — so the node-only
+    // `./policy` glue (`createRequire`/`fs` at module load) is never pulled into
+    // the Edge bundle. `middleware-edge.ts` imports helpers from this file, so a
+    // top-level `./policy` import would surface as a side-effect import in the
+    // edge bundle and boot-fail on Vercel edge. The import is cached after first
+    // call; the core's single-flight cache wraps the (now async) compile.
+    compile: async (_language, source) => {
+      const { createPolicyEvaluator } = await import('@kya-os/checkpoint-wasm-runtime/policy');
+      return createPolicyEvaluator(source);
+    },
+    logger: config.debug ? consoleComposedPolicyLogger : void 0
+  });
+}
+function extractReporterContext(req) {
+  return {
+    userAgent: req.headers.get("user-agent") ?? void 0,
+    ipAddress: req.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ?? req.headers.get("x-real-ip") ?? void 0,
+    path: req.nextUrl.pathname,
+    url: req.nextUrl.href,
+    method: req.method
+  };
+}
 function buildVerifyOpts(config) {
   const overrides = config.adapters ?? {};
   return {
@@ -119,7 +276,8 @@ function buildVerifyOpts(config) {
     enforcementMode: config.enforcementMode ?? "enforce",
     reputationBaseline: config.reputationBaseline,
     argusUrl: config.argusUrl,
-    legacyEnvelopeFallback: config.legacyEnvelopeFallback ?? false
+    legacyEnvelopeFallback: config.legacyEnvelopeFallback ?? false,
+    engineConfig: config.engineConfig
   };
 }
 async function dispatchOnResult(config, result, req) {
@@ -130,5 +288,9 @@ async function dispatchOnResult(config, result, req) {
   }
 }
 
+exports.VERSION = VERSION;
+exports._buildReporter = buildReporter;
+exports._buildTrustedRootsResolver = buildTrustedRootsResolver;
 exports._buildVerifyOpts = buildVerifyOpts;
+exports._extractReporterContext = extractReporterContext;
 exports.withCheckpoint = withCheckpoint;

package/dist/middleware-node.mjs

@@ -1,7 +1,9 @@
 import { verifyRequest, renderDecisionAsResponse } from '@kya-os/checkpoint-wasm-runtime/orchestrator';
 import { makeSystemClock, makePolicyEvaluator, makeReputationOracle, makeStatusListCache, makeDidResolver } from '@kya-os/checkpoint-wasm-runtime/adapters';
+import { makeDetectionReporter } from '@kya-os/checkpoint-wasm-runtime/reporter';
+import { PolicyFetcher, requestCarriesDelegationProof, acceptsHtml, encodeVerdictCookie, classifyResponseShape, BLOCKED_PATH, VERDICT_COOKIE_NAME } from '@kya-os/checkpoint-shared';
 import { NextResponse } from 'next/server';
-import { acceptsHtml, encodeVerdictCookie, classifyResponseShape, BLOCKED_PATH, VERDICT_COOKIE_NAME } from '@kya-os/checkpoint-shared';
+import { makeComposedPolicyCache, evaluateComposedPolicy, verifyResultToAuthorizeInput } from '@kya-os/checkpoint-wasm-runtime/composed-policy';
 
 // src/middleware-node.ts
 function adaptToNextResponse(rendered, req) {
@@ -52,6 +54,85 @@ function applyHeaders(res, headers) {
     res.headers.set(key, value);
   }
 }
+var DEFAULT_DASHBOARD_URL = "https://kya.vouched.id";
+var NOOP_LOGGER = {
+  shadowDivergence: () => {
+  },
+  evaluationError: () => {
+  }
+};
+function makeComposedPolicyContext(opts) {
+  const { projectId, fetcher } = opts;
+  const cache = makeComposedPolicyCache({ compile: opts.compile, cacheMax: opts.cacheMax });
+  const logger = opts.logger ?? NOOP_LOGGER;
+  return {
+    async apply(result, path) {
+      const structured = { decision: result.decision, acted: false };
+      const policy = await fetcher.getPolicy(projectId);
+      const outcome = await evaluateComposedPolicy({
+        cache,
+        projectId,
+        flags: {
+          policyLanguage: policy.policyLanguage,
+          policySourceText: policy.policySourceText,
+          engineEnforcementEnabled: policy.engineEnforcementEnabled,
+          enabled: policy.enabled
+        },
+        authorizeInput: verifyResultToAuthorizeInput(result, { tenantId: projectId, path }),
+        baselineDecisionKind: result.decision.kind
+      });
+      if ((outcome.status === "acting" || outcome.status === "shadow") && outcome.diverged) {
+        logger.shadowDivergence({
+          projectId,
+          path,
+          engineDecision: outcome.engineDecision.kind,
+          structuredDecision: result.decision.kind,
+          detectionClass: result.detectionDetail.detectionClass.type,
+          verificationMethod: result.detectionDetail.verificationMethod,
+          confidence: result.detectionDetail.confidence,
+          agentName: result.detectionDetail.detectedAgent?.name
+        });
+      }
+      if (outcome.status === "error") {
+        logger.evaluationError(projectId, outcome.error);
+        return structured;
+      }
+      if (outcome.status === "acting") {
+        return { decision: outcome.engineDecision, acted: true };
+      }
+      return structured;
+    },
+    async trustedDelegationRoots() {
+      const policy = await fetcher.getPolicy(projectId);
+      return policy.trustedDelegationRoots ?? [];
+    }
+  };
+}
+async function resolveTrustedDelegationRootsForRequest(resolver, headers) {
+  if (!resolver) return void 0;
+  if (!requestCarriesDelegationProof(headers)) return void 0;
+  const roots = await resolver();
+  return roots.length > 0 ? roots : void 0;
+}
+async function applyComposedPolicy(context, result, path) {
+  if (!context) return;
+  try {
+    const outcome = await context.apply(result, path);
+    if (outcome.acted) result.decision = outcome.decision;
+  } catch {
+  }
+}
+var consoleComposedPolicyLogger = {
+  shadowDivergence(info) {
+    console.warn("[checkpoint/composed-policy] shadow-divergence", info);
+  },
+  evaluationError(projectId, error) {
+    console.error(
+      `[checkpoint/composed-policy] evaluation failed for ${projectId}; using structured decision:`,
+      error
+    );
+  }
+};
 
 // src/translate.ts
 async function nextRequestToHttpLike(req, opts = {}) {
@@ -96,15 +177,91 @@ function extractRemoteAddress(req) {
 // src/middleware-node.ts
 function withCheckpoint(config) {
   const opts = buildVerifyOpts(config);
+  const reporter = buildReporter(config);
+  const composed = buildComposedContext(config);
+  const trustedRootsResolver = buildTrustedRootsResolver(config, composed);
   const translateOpts = { drainJsonBody: config.drainJsonBody };
-  return async function checkpointMiddleware(req) {
+  return async function checkpointMiddleware(req, event) {
     const httpLike = await nextRequestToHttpLike(req, translateOpts);
-    const result = await verifyRequest(httpLike, opts);
+    const trustedDelegationRoots = await resolveTrustedDelegationRootsForRequest(
+      trustedRootsResolver,
+      req.headers
+    );
+    const result = await verifyRequest(
+      httpLike,
+      trustedDelegationRoots ? { ...opts, trustedDelegationRoots } : opts
+    );
+    await applyComposedPolicy(composed, result, req.nextUrl.pathname);
+    if (reporter) {
+      const reportPromise = reporter(result, extractReporterContext(req));
+      if (event) {
+        event.waitUntil(reportPromise);
+      }
+    }
     await dispatchOnResult(config, result, req);
     const rendered = renderDecisionAsResponse(result);
     return adaptToNextResponse(rendered, req);
   };
 }
+var SDK_NAME = "@kya-os/checkpoint-nextjs";
+var VERSION = "1.7.0";
+function buildReporter(config, runtime = "node") {
+  if (!config.apiKey) return null;
+  return makeDetectionReporter({
+    apiKey: config.apiKey,
+    baseUrl: config.baseUrl,
+    debug: config.debug,
+    // Self-identify (incl. node-vs-edge) so the dashboard can version-gate
+    // enforcement. Next.js EDGE composed enforcement is opt-in (needs
+    // `cedarWasmModule`), so the dashboard shows it as opt-in, never "Enforcing".
+    sdk: { name: SDK_NAME, version: VERSION, runtime }
+  });
+}
+function buildTrustedRootsResolver(config, composed) {
+  if (composed?.trustedDelegationRoots) {
+    return () => composed.trustedDelegationRoots();
+  }
+  if (!config.projectId) return null;
+  const fetcher = new PolicyFetcher({
+    apiBaseUrl: config.dashboardUrl ?? config.baseUrl ?? DEFAULT_DASHBOARD_URL,
+    apiKey: config.apiKey,
+    cacheTtlSeconds: config.policyCacheTtlSeconds
+  });
+  const projectId = config.projectId;
+  return async () => (await fetcher.getPolicy(projectId)).trustedDelegationRoots ?? [];
+}
+function buildComposedContext(config) {
+  if (config.composedPolicyEnforcer) return config.composedPolicyEnforcer;
+  if (!config.projectId) return null;
+  return makeComposedPolicyContext({
+    projectId: config.projectId,
+    fetcher: new PolicyFetcher({
+      apiBaseUrl: config.dashboardUrl ?? config.baseUrl ?? DEFAULT_DASHBOARD_URL,
+      apiKey: config.apiKey,
+      cacheTtlSeconds: config.policyCacheTtlSeconds
+    }),
+    // LAZY dynamic import — NOT a top-level `import` — so the node-only
+    // `./policy` glue (`createRequire`/`fs` at module load) is never pulled into
+    // the Edge bundle. `middleware-edge.ts` imports helpers from this file, so a
+    // top-level `./policy` import would surface as a side-effect import in the
+    // edge bundle and boot-fail on Vercel edge. The import is cached after first
+    // call; the core's single-flight cache wraps the (now async) compile.
+    compile: async (_language, source) => {
+      const { createPolicyEvaluator } = await import('@kya-os/checkpoint-wasm-runtime/policy');
+      return createPolicyEvaluator(source);
+    },
+    logger: config.debug ? consoleComposedPolicyLogger : void 0
+  });
+}
+function extractReporterContext(req) {
+  return {
+    userAgent: req.headers.get("user-agent") ?? void 0,
+    ipAddress: req.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ?? req.headers.get("x-real-ip") ?? void 0,
+    path: req.nextUrl.pathname,
+    url: req.nextUrl.href,
+    method: req.method
+  };
+}
 function buildVerifyOpts(config) {
   const overrides = config.adapters ?? {};
   return {
@@ -117,7 +274,8 @@ function buildVerifyOpts(config) {
     enforcementMode: config.enforcementMode ?? "enforce",
     reputationBaseline: config.reputationBaseline,
     argusUrl: config.argusUrl,
-    legacyEnvelopeFallback: config.legacyEnvelopeFallback ?? false
+    legacyEnvelopeFallback: config.legacyEnvelopeFallback ?? false,
+    engineConfig: config.engineConfig
   };
 }
 async function dispatchOnResult(config, result, req) {
@@ -128,4 +286,4 @@ async function dispatchOnResult(config, result, req) {
   }
 }
 
-export { buildVerifyOpts as _buildVerifyOpts, withCheckpoint };
+export { VERSION, buildReporter as _buildReporter, buildTrustedRootsResolver as _buildTrustedRootsResolver, buildVerifyOpts as _buildVerifyOpts, extractReporterContext as _extractReporterContext, withCheckpoint };

package/dist/middleware.d.mts

@@ -32,5 +32,14 @@ declare function createAgentShieldMiddleware(_config?: Partial<NextJSMiddlewareC
  * Migrate to `withCheckpoint`.
  */
 declare function agentShield(config?: Partial<NextJSMiddlewareConfig>): (request: NextRequest) => Promise<NextResponse>;
+/**
+ * Pass-through export required by Next.js 16+ middleware file validation.
+ * Next.js requires any file named `middleware.ts` to export a function named
+ * `middleware` or a default function. This stub satisfies that constraint so
+ * consumers that still reference the `./middleware` subpath can build.
+ *
+ * @deprecated Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs`.
+ */
+declare function middleware(_request: NextRequest): NextResponse<unknown>;
 
-export { agentShield, createAgentShieldMiddleware };
+export { agentShield, createAgentShieldMiddleware, middleware };

package/dist/middleware.d.ts

@@ -32,5 +32,14 @@ declare function createAgentShieldMiddleware(_config?: Partial<NextJSMiddlewareC
  * Migrate to `withCheckpoint`.
  */
 declare function agentShield(config?: Partial<NextJSMiddlewareConfig>): (request: NextRequest) => Promise<NextResponse>;
+/**
+ * Pass-through export required by Next.js 16+ middleware file validation.
+ * Next.js requires any file named `middleware.ts` to export a function named
+ * `middleware` or a default function. This stub satisfies that constraint so
+ * consumers that still reference the `./middleware` subpath can build.
+ *
+ * @deprecated Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs`.
+ */
+declare function middleware(_request: NextRequest): NextResponse<unknown>;
 
-export { agentShield, createAgentShieldMiddleware };
+export { agentShield, createAgentShieldMiddleware, middleware };

package/dist/middleware.js

@@ -1,5 +1,7 @@
 'use strict';
 
+var server = require('next/server');
+
 // src/middleware.ts
 var MIGRATION_ERROR = "@kya-os/checkpoint-nextjs's `createAgentShieldMiddleware` / `agentShield` were deleted in Phase D (engine consolidation). The 600-line TS pattern matcher that backed them is gone. Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs` (Node runtime) or `@kya-os/checkpoint-nextjs/edge` (Edge runtime). See packages/checkpoint-nextjs/CHANGELOG.md (1.0.0) for the recipe.";
 function createAgentShieldMiddleware(_config = {}) {
@@ -8,6 +10,10 @@ function createAgentShieldMiddleware(_config = {}) {
 function agentShield(config = {}) {
   return createAgentShieldMiddleware(config);
 }
+function middleware(_request) {
+  return server.NextResponse.next();
+}
 
 exports.agentShield = agentShield;
 exports.createAgentShieldMiddleware = createAgentShieldMiddleware;
+exports.middleware = middleware;

package/dist/middleware.mjs

@@ -1,3 +1,5 @@
+import { NextResponse } from 'next/server';
+
 // src/middleware.ts
 var MIGRATION_ERROR = "@kya-os/checkpoint-nextjs's `createAgentShieldMiddleware` / `agentShield` were deleted in Phase D (engine consolidation). The 600-line TS pattern matcher that backed them is gone. Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs` (Node runtime) or `@kya-os/checkpoint-nextjs/edge` (Edge runtime). See packages/checkpoint-nextjs/CHANGELOG.md (1.0.0) for the recipe.";
 function createAgentShieldMiddleware(_config = {}) {
@@ -6,5 +8,8 @@ function createAgentShieldMiddleware(_config = {}) {
 function agentShield(config = {}) {
   return createAgentShieldMiddleware(config);
 }
+function middleware(_request) {
+  return NextResponse.next();
+}
 
-export { agentShield, createAgentShieldMiddleware };
+export { agentShield, createAgentShieldMiddleware, middleware };

package/dist/nodejs-wasm-loader.d.mts

@@ -1,10 +1,9 @@
 /**
  * @deprecated Phase-D.9a — legacy Node.js WASM loader for the retired
  * `agentshield-wasm` Rust crate. This file used `fs.readFileSync` to
- * locate + load the legacy detector's WASM binary into the
- * `@kya-os/checkpoint` `AgentDetector` class via `setWasmModule`. Both
- * the WASM crate (Phase-D.9a/D.9b) and the AgentDetector class
- * (AgentDetector-Deletion-2, next minor) are slated for deletion.
+ * locate + load the legacy detector's WASM binary into the legacy
+ * detection class. Both the WASM crate (Phase-D.9a/D.9b) and the
+ * detection class (removed in AgentDetector-Deletion-2) are retired.
  *
  * Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs` — it
  * loads the canonical `kya-os-engine` WASM automatically via