@kya-os/checkpoint-nextjs 1.2.0 → 1.7.1

package/dist/composed-policy.mjs

@@ -0,0 +1,96 @@
+import { makeComposedPolicyCache, evaluateComposedPolicy, verifyResultToAuthorizeInput } from '@kya-os/checkpoint-wasm-runtime/composed-policy';
+import { requestCarriesDelegationProof } from '@kya-os/checkpoint-shared';
+
+// src/composed-policy.ts
+var DEFAULT_DASHBOARD_URL = "https://kya.vouched.id";
+var NOOP_LOGGER = {
+  shadowDivergence: () => {
+  },
+  evaluationError: () => {
+  }
+};
+function makeComposedPolicyContext(opts) {
+  const { projectId, fetcher } = opts;
+  const cache = makeComposedPolicyCache({ compile: opts.compile, cacheMax: opts.cacheMax });
+  const logger = opts.logger ?? NOOP_LOGGER;
+  return {
+    async apply(result, path) {
+      const structured = { decision: result.decision, acted: false };
+      const policy = await fetcher.getPolicy(projectId);
+      const outcome = await evaluateComposedPolicy({
+        cache,
+        projectId,
+        flags: {
+          policyLanguage: policy.policyLanguage,
+          policySourceText: policy.policySourceText,
+          engineEnforcementEnabled: policy.engineEnforcementEnabled,
+          enabled: policy.enabled
+        },
+        authorizeInput: verifyResultToAuthorizeInput(result, { tenantId: projectId, path }),
+        baselineDecisionKind: result.decision.kind
+      });
+      if ((outcome.status === "acting" || outcome.status === "shadow") && outcome.diverged) {
+        logger.shadowDivergence({
+          projectId,
+          path,
+          engineDecision: outcome.engineDecision.kind,
+          structuredDecision: result.decision.kind,
+          detectionClass: result.detectionDetail.detectionClass.type,
+          verificationMethod: result.detectionDetail.verificationMethod,
+          confidence: result.detectionDetail.confidence,
+          agentName: result.detectionDetail.detectedAgent?.name
+        });
+      }
+      if (outcome.status === "error") {
+        logger.evaluationError(projectId, outcome.error);
+        return structured;
+      }
+      if (outcome.status === "acting") {
+        return {
+          decision: outcome.engineDecision,
+          acted: true,
+          // Echo the SSOT revision pin with the decision it produced (#3246
+          // PR5). Conditional spread: absent upstream stays absent here.
+          ...policy.policySourceHash ? { composedBlobHash: policy.policySourceHash } : {}
+        };
+      }
+      return structured;
+    },
+    async trustedDelegationRoots() {
+      const policy = await fetcher.getPolicy(projectId);
+      return policy.trustedDelegationRoots ?? [];
+    }
+  };
+}
+async function resolveTrustedDelegationRootsForRequest(resolver, headers) {
+  if (!resolver) return void 0;
+  if (!requestCarriesDelegationProof(headers)) return void 0;
+  const roots = await resolver();
+  return roots.length > 0 ? roots : void 0;
+}
+async function applyComposedPolicy(context, result, path) {
+  if (!context) return;
+  try {
+    const outcome = await context.apply(result, path);
+    if (outcome.acted) {
+      result.decision = outcome.decision;
+      if (outcome.composedBlobHash) {
+        result.composedBlobHash = outcome.composedBlobHash;
+      }
+    }
+  } catch {
+  }
+}
+var consoleComposedPolicyLogger = {
+  shadowDivergence(info) {
+    console.warn("[checkpoint/composed-policy] shadow-divergence", info);
+  },
+  evaluationError(projectId, error) {
+    console.error(
+      `[checkpoint/composed-policy] evaluation failed for ${projectId}; using structured decision:`,
+      error
+    );
+  }
+};
+
+export { DEFAULT_DASHBOARD_URL, applyComposedPolicy, consoleComposedPolicyLogger, makeComposedPolicyContext, resolveTrustedDelegationRootsForRequest };

package/dist/config-DAwIA4DB.d.mts

@@ -0,0 +1,214 @@
+import { NextRequest } from 'next/server';
+import { DidResolverAdapter, StatusListCacheAdapter, ReputationOracleAdapter, PolicyEvaluatorAdapter } from '@kya-os/checkpoint-wasm-runtime/adapters';
+import { EnforcementMode, VerifyResult, EngineConfig } from '@kya-os/checkpoint-wasm-runtime/engine';
+import { ChallengeEnvelopeMode } from '@kya-os/checkpoint-shared';
+import { ComposedPolicyContext } from './composed-policy.mjs';
+
+/**
+ * `CheckpointConfig` — the `withCheckpoint` config contract for both the Node
+ * (`./node`) and Edge (`./edge`) middleware entries. Extracted from
+ * `middleware-node.ts` (a 190-line documented contract); both entries import it
+ * from here and re-export it so the public import paths
+ * (`@kya-os/checkpoint-nextjs`, `/node`, `/edge`) are unchanged.
+ */
+
+/**
+ * Configuration for `withCheckpoint`.
+ *
+ * The new minimal shape Phase D's middleware needs. Legacy
+ * `AgentShieldMiddlewareConfig` (from `./api-middleware`) remains
+ * exported during the deprecation window — see D.4 cutover.
+ */
+interface CheckpointConfig {
+    /**
+     * Tenant identifier — typically the customer's dashboard hostname
+     * (e.g. `acme.checkpoint.example`). The PolicyEvaluator uses this
+     * to look up tenant policy from the dashboard.
+     */
+    tenantHost: string;
+    /**
+     * `'enforce'` (default) blocks; `'observe'` passes everything
+     * through with `X-Checkpoint-Would-Have-Been` headers. Per Phase 0.2.
+     */
+    enforcementMode?: EnforcementMode;
+    /**
+     * Challenge-emission envelope mode (draft-kya-http-02 §8.1 fetcher-200).
+     * `negotiated` serves a body-readable HTTP 200 step-up response to
+     * cooperative agents (fetchers that drop 4xx/5xx bodies), keeping the spec
+     * 401/422 for everyone else. Defaults to `spec-401`. A cooperative-UX
+     * bridge, NOT an access control.
+     */
+    delegationChallengeMode?: ChallengeEnvelopeMode;
+    /**
+     * Argus reputation oracle base URL. Omit to use the trust-by-default
+     * baseline (reputation defaults to 1.0; orchestrator logs a one-shot
+     * warning at first request).
+     */
+    argusUrl?: string;
+    /**
+     * Dashboard base URL for the PolicyEvaluator to fetch tenant policy
+     * from. Omit to use the open-by-default tenant policy.
+     */
+    dashboardUrl?: string;
+    /**
+     * Returned to the PolicyEvaluator for anonymous requests (no agent
+     * DID). Default 1.0 (trust-by-default).
+     */
+    reputationBaseline?: number;
+    /**
+     * Pre-built adapter instances. Production deployments use the
+     * factory-built defaults from `@kya-os/checkpoint-wasm-runtime/adapters`;
+     * tests use stubs. The factory composes any provided overrides over
+     * defaults — partial overrides are supported.
+     */
+    adapters?: Partial<{
+        didResolver: DidResolverAdapter;
+        statusListCache: StatusListCacheAdapter;
+        reputationOracle: ReputationOracleAdapter;
+        policyEvaluator: PolicyEvaluatorAdapter;
+    }>;
+    /**
+     * Optional callback for the post-verdict path — fires after every
+     * verification, regardless of permit/block, with the full
+     * `VerifyResult`. Use for logging, dashboards, telemetry. Errors
+     * thrown here are swallowed so user code can't break the middleware
+     * response.
+     */
+    onResult?: (result: VerifyResult, req: NextRequest) => void | Promise<void>;
+    /**
+     * Accept legacy `KYA-Delegation`-header envelope form alongside the
+     * canonical `_meta.proof.jws` body form. Default `false`.
+     *
+     * **When to enable** — customers whose agents pre-date Envelope-1
+     * (#2537) and ship MCP-I proofs as `{protected,payload,signature}`
+     * JSON in a `KYA-Delegation` HTTP header. Post-Envelope-1 agents
+     * ship compact JWS in the request body's `_meta.proof.jws` field;
+     * those don't need this flag.
+     *
+     * Forwarded to the orchestrator's `VerifyRequestOpts.legacyEnvelopeFallback`.
+     * Both transports (header + body) are honored when this is `true`;
+     * the orchestrator's detection order is body first, then header
+     * (`packages/checkpoint-wasm-runtime/src/engine/orchestrator/build-agent-request.ts`).
+     *
+     * SDK-Envelope-Plumbing-1 (#2594). Added in `@kya-os/checkpoint-nextjs@1.1.0`.
+     */
+    legacyEnvelopeFallback?: boolean;
+    /**
+     * Read the request body when `content-type` is `application/json` so
+     * the orchestrator can extract an MCP-I envelope from
+     * `_meta.proof.jws`. Default `true`.
+     *
+     * **When to disable** — streaming middlewares that can't tolerate
+     * the `req.clone()` memory overhead (one full-body copy is buffered
+     * during the read). For those, set `false` and route MCP-I
+     * envelopes through the `KYA-Delegation` header transport instead
+     * (requires `legacyEnvelopeFallback: true`).
+     *
+     * The clone preserves `req.body` for downstream handlers — disabling
+     * is a performance optimization, not a correctness fix.
+     *
+     * SDK-Envelope-Plumbing-1 (#2594). Added in `@kya-os/checkpoint-nextjs@1.1.0`.
+     */
+    drainJsonBody?: boolean;
+    /**
+     * Engine-default behaviour knobs forwarded to every composed
+     * `ContextSpec`. Defaults to `{ tier3Action: 'monitor' }` —
+     * customer-onboarding-safe (tenant policy decides; engine doesn't
+     * short-circuit known-agent UAs with an engine-default Block).
+     *
+     * Opt into `{ tier3Action: 'block' }` when the host wants the
+     * calibrated engine-default block for KnownAiAgent / AiCrawler /
+     * HeadlessBrowser classifications BEFORE the tenant policy seam.
+     *
+     * Added in `@kya-os/checkpoint-nextjs@1.2.0` (Engine-Tier3-Monitor-
+     * Default, #2653 + this PR's plumbing follow-up).
+     */
+    engineConfig?: EngineConfig;
+    /**
+     * Project API key. Required for detections to land in the dashboard
+     * — the engine verifies in-process via WASM, but the resulting
+     * `VerifyResult` only reaches the dashboard's `detections` table
+     * when this reporter is configured. Without it the verdict path
+     * works locally but the onboarding "Verify connection" check fails
+     * forever because no rows are ever written.
+     *
+     * Resolve from `process.env.CHECKPOINT_API_KEY` in the host app.
+     *
+     * Added in `@kya-os/checkpoint-nextjs@1.4.0`
+     * (SDK-Detection-Reporter-1).
+     */
+    apiKey?: string;
+    /**
+     * Dashboard base URL. Defaults to `https://kya.vouched.id`.
+     * Override for staging or self-hosted dashboards.
+     */
+    baseUrl?: string;
+    /**
+     * Surface reporter errors via `console.warn`. Defaults to `false`.
+     * The reporter is fire-and-forget; enable during development to
+     * confirm `apiKey` / `baseUrl` are routed correctly.
+     *
+     * Also wires the composed-policy shadow-divergence + fail-open
+     * telemetry to `console.warn`/`console.error` (otherwise silent).
+     */
+    debug?: boolean;
+    /**
+     * Project id whose composed (/policy-compose) policy this middleware
+     * enforces. When set, the project's policy is fetched from the dashboard
+     * (`<dashboardUrl ?? baseUrl ?? default>/api/internal/policies/${projectId}`)
+     * and — if it carries a deployed Cedar bundle with `engineEnforcementEnabled`
+     * on — the kya-os-engine decision is enforced IN-PROCESS, byte-for-byte the
+     * same as the DNS Gateway. Omit to run detection + the structured policy only
+     * (fully back-compatible; purely additive).
+     *
+     * SHADOW-FIRST: with a deployed bundle but `engineEnforcementEnabled` off, the
+     * engine decision is computed + logged on divergence but does NOT act.
+     *
+     * **Node vs Edge:** composed enforcement is default-on under the Node runtime
+     * (`./node`). Under the Edge runtime (`./edge`) it additionally requires
+     * `cedarWasmModule` to be wired (see below) — otherwise the seam stays inert.
+     *
+     * Added in `@kya-os/checkpoint-nextjs@1.5.0` (@Policy middleware-Cedar, #3076).
+     */
+    projectId?: string;
+    /**
+     * Policy-fetch cache TTL in seconds. Defaults to 300 (5 minutes). How long
+     * a fetched project policy is reused before the middleware refetches from
+     * the dashboard — i.e. the worst-case delay before a dashboard policy
+     * change takes effect on this host.
+     *
+     * `0` disables reuse entirely: every request fetches the policy (one
+     * origin round-trip per request). Use for demo/example sites where instant
+     * policy propagation matters more than latency; keep the default (or a
+     * small positive value like 5) for production and benchmark hosts.
+     */
+    policyCacheTtlSeconds?: number;
+    /**
+     * Advanced / testing: inject a pre-built composed-policy context instead of
+     * letting `withCheckpoint` construct one from `projectId` + `baseUrl` +
+     * `apiKey`. Mirrors the `adapters` injection philosophy — production omits
+     * this. When set, it takes precedence over `projectId`.
+     */
+    composedPolicyEnforcer?: ComposedPolicyContext;
+    /**
+     * EDGE runtime only. The cedar-web `WebAssembly.Module`, statically imported
+     * by the host so composed-policy Cedar can compile at the edge:
+     *
+     * ```ts
+     * import cedarWasmModule from
+     *   '@kya-os/checkpoint-wasm-runtime/wasm/kya-os-engine-cedar-web/kya_os_engine_bg.wasm?module';
+     * export default withCheckpoint({ projectId, cedarWasmModule });
+     * ```
+     *
+     * The ~2 MB cedar binary is deliberately NOT bundled into the SDK — wiring it
+     * is the consumer's explicit opt-in for edge composed enforcement (requires
+     * `experiments.asyncWebAssembly` + a `.wasm` asset rule in `next.config`).
+     * Without it the Edge seam stays inert (behaves exactly as 1.4.0); the Node
+     * runtime ignores this field (it loads cedar via `createPolicyEvaluator`).
+     *
+     * Added in `@kya-os/checkpoint-nextjs@1.5.0` (@Policy middleware-Cedar, #3076).
+     */
+    cedarWasmModule?: WebAssembly.Module;
+}
+
+export type { CheckpointConfig as C };

package/dist/config-DyU4l5er.d.ts

@@ -0,0 +1,214 @@
+import { NextRequest } from 'next/server';
+import { DidResolverAdapter, StatusListCacheAdapter, ReputationOracleAdapter, PolicyEvaluatorAdapter } from '@kya-os/checkpoint-wasm-runtime/adapters';
+import { EnforcementMode, VerifyResult, EngineConfig } from '@kya-os/checkpoint-wasm-runtime/engine';
+import { ChallengeEnvelopeMode } from '@kya-os/checkpoint-shared';
+import { ComposedPolicyContext } from './composed-policy.js';
+
+/**
+ * `CheckpointConfig` — the `withCheckpoint` config contract for both the Node
+ * (`./node`) and Edge (`./edge`) middleware entries. Extracted from
+ * `middleware-node.ts` (a 190-line documented contract); both entries import it
+ * from here and re-export it so the public import paths
+ * (`@kya-os/checkpoint-nextjs`, `/node`, `/edge`) are unchanged.
+ */
+
+/**
+ * Configuration for `withCheckpoint`.
+ *
+ * The new minimal shape Phase D's middleware needs. Legacy
+ * `AgentShieldMiddlewareConfig` (from `./api-middleware`) remains
+ * exported during the deprecation window — see D.4 cutover.
+ */
+interface CheckpointConfig {
+    /**
+     * Tenant identifier — typically the customer's dashboard hostname
+     * (e.g. `acme.checkpoint.example`). The PolicyEvaluator uses this
+     * to look up tenant policy from the dashboard.
+     */
+    tenantHost: string;
+    /**
+     * `'enforce'` (default) blocks; `'observe'` passes everything
+     * through with `X-Checkpoint-Would-Have-Been` headers. Per Phase 0.2.
+     */
+    enforcementMode?: EnforcementMode;
+    /**
+     * Challenge-emission envelope mode (draft-kya-http-02 §8.1 fetcher-200).
+     * `negotiated` serves a body-readable HTTP 200 step-up response to
+     * cooperative agents (fetchers that drop 4xx/5xx bodies), keeping the spec
+     * 401/422 for everyone else. Defaults to `spec-401`. A cooperative-UX
+     * bridge, NOT an access control.
+     */
+    delegationChallengeMode?: ChallengeEnvelopeMode;
+    /**
+     * Argus reputation oracle base URL. Omit to use the trust-by-default
+     * baseline (reputation defaults to 1.0; orchestrator logs a one-shot
+     * warning at first request).
+     */
+    argusUrl?: string;
+    /**
+     * Dashboard base URL for the PolicyEvaluator to fetch tenant policy
+     * from. Omit to use the open-by-default tenant policy.
+     */
+    dashboardUrl?: string;
+    /**
+     * Returned to the PolicyEvaluator for anonymous requests (no agent
+     * DID). Default 1.0 (trust-by-default).
+     */
+    reputationBaseline?: number;
+    /**
+     * Pre-built adapter instances. Production deployments use the
+     * factory-built defaults from `@kya-os/checkpoint-wasm-runtime/adapters`;
+     * tests use stubs. The factory composes any provided overrides over
+     * defaults — partial overrides are supported.
+     */
+    adapters?: Partial<{
+        didResolver: DidResolverAdapter;
+        statusListCache: StatusListCacheAdapter;
+        reputationOracle: ReputationOracleAdapter;
+        policyEvaluator: PolicyEvaluatorAdapter;
+    }>;
+    /**
+     * Optional callback for the post-verdict path — fires after every
+     * verification, regardless of permit/block, with the full
+     * `VerifyResult`. Use for logging, dashboards, telemetry. Errors
+     * thrown here are swallowed so user code can't break the middleware
+     * response.
+     */
+    onResult?: (result: VerifyResult, req: NextRequest) => void | Promise<void>;
+    /**
+     * Accept legacy `KYA-Delegation`-header envelope form alongside the
+     * canonical `_meta.proof.jws` body form. Default `false`.
+     *
+     * **When to enable** — customers whose agents pre-date Envelope-1
+     * (#2537) and ship MCP-I proofs as `{protected,payload,signature}`
+     * JSON in a `KYA-Delegation` HTTP header. Post-Envelope-1 agents
+     * ship compact JWS in the request body's `_meta.proof.jws` field;
+     * those don't need this flag.
+     *
+     * Forwarded to the orchestrator's `VerifyRequestOpts.legacyEnvelopeFallback`.
+     * Both transports (header + body) are honored when this is `true`;
+     * the orchestrator's detection order is body first, then header
+     * (`packages/checkpoint-wasm-runtime/src/engine/orchestrator/build-agent-request.ts`).
+     *
+     * SDK-Envelope-Plumbing-1 (#2594). Added in `@kya-os/checkpoint-nextjs@1.1.0`.
+     */
+    legacyEnvelopeFallback?: boolean;
+    /**
+     * Read the request body when `content-type` is `application/json` so
+     * the orchestrator can extract an MCP-I envelope from
+     * `_meta.proof.jws`. Default `true`.
+     *
+     * **When to disable** — streaming middlewares that can't tolerate
+     * the `req.clone()` memory overhead (one full-body copy is buffered
+     * during the read). For those, set `false` and route MCP-I
+     * envelopes through the `KYA-Delegation` header transport instead
+     * (requires `legacyEnvelopeFallback: true`).
+     *
+     * The clone preserves `req.body` for downstream handlers — disabling
+     * is a performance optimization, not a correctness fix.
+     *
+     * SDK-Envelope-Plumbing-1 (#2594). Added in `@kya-os/checkpoint-nextjs@1.1.0`.
+     */
+    drainJsonBody?: boolean;
+    /**
+     * Engine-default behaviour knobs forwarded to every composed
+     * `ContextSpec`. Defaults to `{ tier3Action: 'monitor' }` —
+     * customer-onboarding-safe (tenant policy decides; engine doesn't
+     * short-circuit known-agent UAs with an engine-default Block).
+     *
+     * Opt into `{ tier3Action: 'block' }` when the host wants the
+     * calibrated engine-default block for KnownAiAgent / AiCrawler /
+     * HeadlessBrowser classifications BEFORE the tenant policy seam.
+     *
+     * Added in `@kya-os/checkpoint-nextjs@1.2.0` (Engine-Tier3-Monitor-
+     * Default, #2653 + this PR's plumbing follow-up).
+     */
+    engineConfig?: EngineConfig;
+    /**
+     * Project API key. Required for detections to land in the dashboard
+     * — the engine verifies in-process via WASM, but the resulting
+     * `VerifyResult` only reaches the dashboard's `detections` table
+     * when this reporter is configured. Without it the verdict path
+     * works locally but the onboarding "Verify connection" check fails
+     * forever because no rows are ever written.
+     *
+     * Resolve from `process.env.CHECKPOINT_API_KEY` in the host app.
+     *
+     * Added in `@kya-os/checkpoint-nextjs@1.4.0`
+     * (SDK-Detection-Reporter-1).
+     */
+    apiKey?: string;
+    /**
+     * Dashboard base URL. Defaults to `https://kya.vouched.id`.
+     * Override for staging or self-hosted dashboards.
+     */
+    baseUrl?: string;
+    /**
+     * Surface reporter errors via `console.warn`. Defaults to `false`.
+     * The reporter is fire-and-forget; enable during development to
+     * confirm `apiKey` / `baseUrl` are routed correctly.
+     *
+     * Also wires the composed-policy shadow-divergence + fail-open
+     * telemetry to `console.warn`/`console.error` (otherwise silent).
+     */
+    debug?: boolean;
+    /**
+     * Project id whose composed (/policy-compose) policy this middleware
+     * enforces. When set, the project's policy is fetched from the dashboard
+     * (`<dashboardUrl ?? baseUrl ?? default>/api/internal/policies/${projectId}`)
+     * and — if it carries a deployed Cedar bundle with `engineEnforcementEnabled`
+     * on — the kya-os-engine decision is enforced IN-PROCESS, byte-for-byte the
+     * same as the DNS Gateway. Omit to run detection + the structured policy only
+     * (fully back-compatible; purely additive).
+     *
+     * SHADOW-FIRST: with a deployed bundle but `engineEnforcementEnabled` off, the
+     * engine decision is computed + logged on divergence but does NOT act.
+     *
+     * **Node vs Edge:** composed enforcement is default-on under the Node runtime
+     * (`./node`). Under the Edge runtime (`./edge`) it additionally requires
+     * `cedarWasmModule` to be wired (see below) — otherwise the seam stays inert.
+     *
+     * Added in `@kya-os/checkpoint-nextjs@1.5.0` (@Policy middleware-Cedar, #3076).
+     */
+    projectId?: string;
+    /**
+     * Policy-fetch cache TTL in seconds. Defaults to 300 (5 minutes). How long
+     * a fetched project policy is reused before the middleware refetches from
+     * the dashboard — i.e. the worst-case delay before a dashboard policy
+     * change takes effect on this host.
+     *
+     * `0` disables reuse entirely: every request fetches the policy (one
+     * origin round-trip per request). Use for demo/example sites where instant
+     * policy propagation matters more than latency; keep the default (or a
+     * small positive value like 5) for production and benchmark hosts.
+     */
+    policyCacheTtlSeconds?: number;
+    /**
+     * Advanced / testing: inject a pre-built composed-policy context instead of
+     * letting `withCheckpoint` construct one from `projectId` + `baseUrl` +
+     * `apiKey`. Mirrors the `adapters` injection philosophy — production omits
+     * this. When set, it takes precedence over `projectId`.
+     */
+    composedPolicyEnforcer?: ComposedPolicyContext;
+    /**
+     * EDGE runtime only. The cedar-web `WebAssembly.Module`, statically imported
+     * by the host so composed-policy Cedar can compile at the edge:
+     *
+     * ```ts
+     * import cedarWasmModule from
+     *   '@kya-os/checkpoint-wasm-runtime/wasm/kya-os-engine-cedar-web/kya_os_engine_bg.wasm?module';
+     * export default withCheckpoint({ projectId, cedarWasmModule });
+     * ```
+     *
+     * The ~2 MB cedar binary is deliberately NOT bundled into the SDK — wiring it
+     * is the consumer's explicit opt-in for edge composed enforcement (requires
+     * `experiments.asyncWebAssembly` + a `.wasm` asset rule in `next.config`).
+     * Without it the Edge seam stays inert (behaves exactly as 1.4.0); the Node
+     * runtime ignores this field (it loads cedar via `createPolicyEvaluator`).
+     *
+     * Added in `@kya-os/checkpoint-nextjs@1.5.0` (@Policy middleware-Cedar, #3076).
+     */
+    cedarWasmModule?: WebAssembly.Module;
+}
+
+export type { CheckpointConfig as C };

package/dist/create-middleware.js

@@ -3,8 +3,6 @@
 var server = require('next/server');
 
 // src/create-middleware.ts
-
-// src/middleware.ts
 var MIGRATION_ERROR = "@kya-os/checkpoint-nextjs's `createAgentShieldMiddleware` / `agentShield` were deleted in Phase D (engine consolidation). The 600-line TS pattern matcher that backed them is gone. Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs` (Node runtime) or `@kya-os/checkpoint-nextjs/edge` (Edge runtime). See packages/checkpoint-nextjs/CHANGELOG.md (1.0.0) for the recipe.";
 function createAgentShieldMiddleware(_config = {}) {
   throw new Error(MIGRATION_ERROR);

package/dist/create-middleware.mjs

@@ -1,8 +1,6 @@
 import { NextResponse } from 'next/server';
 
 // src/create-middleware.ts
-
-// src/middleware.ts
 var MIGRATION_ERROR = "@kya-os/checkpoint-nextjs's `createAgentShieldMiddleware` / `agentShield` were deleted in Phase D (engine consolidation). The 600-line TS pattern matcher that backed them is gone. Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs` (Node runtime) or `@kya-os/checkpoint-nextjs/edge` (Edge runtime). See packages/checkpoint-nextjs/CHANGELOG.md (1.0.0) for the recipe.";
 function createAgentShieldMiddleware(_config = {}) {
   throw new Error(MIGRATION_ERROR);

package/dist/edge-runtime-loader.js

@@ -25,11 +25,13 @@ var SUSPICIOUS_HEADER_PREFIXES = ["x-openai-", "x-anthropic-", "x-ai-", "x-llm-"
 function escapeRegex(s) {
   return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
 }
+var REGEX_SYNTAX_PATTERN = /(?:\\.|[()[\]{}|^$]|\.\*|\.\+|\.\?)/;
 var TOKEN_REGEX_CACHE = /* @__PURE__ */ new Map();
 function tokenRegex(token) {
   const cached = TOKEN_REGEX_CACHE.get(token);
   if (cached) return cached;
-  const regex = new RegExp(`\\b${escapeRegex(token)}\\b`, "i");
+  const source = REGEX_SYNTAX_PATTERN.test(token) ? token : escapeRegex(token);
+  const regex = new RegExp(`(^|[^a-z0-9])${source}($|[^a-z0-9])`, "i");
   TOKEN_REGEX_CACHE.set(token, regex);
   return regex;
 }

package/dist/edge-runtime-loader.mjs

@@ -23,11 +23,13 @@ var SUSPICIOUS_HEADER_PREFIXES = ["x-openai-", "x-anthropic-", "x-ai-", "x-llm-"
 function escapeRegex(s) {
   return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
 }
+var REGEX_SYNTAX_PATTERN = /(?:\\.|[()[\]{}|^$]|\.\*|\.\+|\.\?)/;
 var TOKEN_REGEX_CACHE = /* @__PURE__ */ new Map();
 function tokenRegex(token) {
   const cached = TOKEN_REGEX_CACHE.get(token);
   if (cached) return cached;
-  const regex = new RegExp(`\\b${escapeRegex(token)}\\b`, "i");
+  const source = REGEX_SYNTAX_PATTERN.test(token) ? token : escapeRegex(token);
+  const regex = new RegExp(`(^|[^a-z0-9])${source}($|[^a-z0-9])`, "i");
   TOKEN_REGEX_CACHE.set(token, regex);
   return regex;
 }

package/dist/edge-wasm-middleware.d.mts

@@ -5,13 +5,13 @@ import { NextRequest, NextResponse } from 'next/server';
  * the retired `agentshield-wasm` Rust crate. This file shipped hand-
  * written wasm-bindgen glue code that loaded the legacy detector's
  * WASM binary; PR #2599's SSOT consolidation + PDM-1 #2560's engine
- * move + AgentDetector-Deletion-1 PR #2610's class-deprecation made
- * it structural dead weight.
+ * move + AgentDetector-Deletion-1 PR #2610's class-deprecation +
+ * AgentDetector-Deletion-2's class removal made it structural dead weight.
  *
- * Phase-D.9a converts the exports to throw-stubs (same precedent as
- * PR #2610's `createWasmAgentShieldMiddleware` deprecation). Phase-D.9b
- * (follow-up) deletes the underlying `agentshield-wasm` Rust crate
- * after migrating the production Cloudflare gateway worker.
+ * Phase-D.9a converts the exports to throw-stubs (same precedent the
+ * `createWasmAgentShieldMiddleware` removal used). Phase-D.9b (follow-up)
+ * deletes the underlying `agentshield-wasm` Rust crate after migrating
+ * the production Cloudflare gateway worker.
  *
  * Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs/edge` —
  * engine-backed, runs the full kya-os-engine orchestrator including

package/dist/edge-wasm-middleware.d.ts

@@ -5,13 +5,13 @@ import { NextRequest, NextResponse } from 'next/server';
  * the retired `agentshield-wasm` Rust crate. This file shipped hand-
  * written wasm-bindgen glue code that loaded the legacy detector's
  * WASM binary; PR #2599's SSOT consolidation + PDM-1 #2560's engine
- * move + AgentDetector-Deletion-1 PR #2610's class-deprecation made
- * it structural dead weight.
+ * move + AgentDetector-Deletion-1 PR #2610's class-deprecation +
+ * AgentDetector-Deletion-2's class removal made it structural dead weight.
  *
- * Phase-D.9a converts the exports to throw-stubs (same precedent as
- * PR #2610's `createWasmAgentShieldMiddleware` deprecation). Phase-D.9b
- * (follow-up) deletes the underlying `agentshield-wasm` Rust crate
- * after migrating the production Cloudflare gateway worker.
+ * Phase-D.9a converts the exports to throw-stubs (same precedent the
+ * `createWasmAgentShieldMiddleware` removal used). Phase-D.9b (follow-up)
+ * deletes the underlying `agentshield-wasm` Rust crate after migrating
+ * the production Cloudflare gateway worker.
  *
  * Migrate to `withCheckpoint` from `@kya-os/checkpoint-nextjs/edge` —
  * engine-backed, runs the full kya-os-engine orchestrator including

package/dist/index.d.mts

@@ -1,4 +1,4 @@
-export { CheckpointConfig, withCheckpoint } from './middleware-node.mjs';
+export { VERSION, withCheckpoint } from './middleware-node.mjs';
 export { createAgentShieldMiddleware, createAgentShieldMiddleware as createMiddleware } from './create-middleware.mjs';
 export { AgentDetectionEvent, AgentSession, AgentShieldMiddlewareConfig, CheckpointApiMiddlewareConfig, EnhancedMiddlewareConfig, StorageAdapter, StorageConfig, agentShieldMiddleware, createEnhancedAgentShieldMiddleware, withAgentShield, withCheckpointApi } from './api-middleware.mjs';
 export { createAgentShieldMiddleware as createAgentShieldMiddlewareBase } from './middleware.mjs';
@@ -6,20 +6,12 @@ export { EdgeSessionTracker, SessionData, SessionTrackingConfig, StatelessSessio
 export { AgentShieldClient, AgentShieldClientConfig, CheckpointApiClient, CheckpointApiClientConfig, EnforceInput, EnforceResponse, EnforcementDecision, LogDetectionInput, getAgentShieldClient, getCheckpointApiClient, resetAgentShieldClient, resetCheckpointApiClient } from './api-client.mjs';
 export { A as AgentShieldRequest, D as DetectionContext, N as NextJSMiddlewareConfig } from './types-D9RQvPNy.mjs';
 export { NextJSPolicyMiddlewareConfig, PolicyMiddlewareConfig, applyPolicy, buildBlockedResponse as buildPolicyBlockedResponse, buildRedirectResponse as buildPolicyRedirectResponse, createContextFromDetection, evaluatePolicyForDetection, getPolicy, handlePolicyDecision } from './policy.mjs';
+export { C as CheckpointConfig } from './config-DAwIA4DB.mjs';
 export { DEFAULT_POLICY, ENFORCEMENT_ACTIONS, EnforcementAction, PolicyConfig, PolicyEvaluationContext, PolicyEvaluationResult, createEvaluationContext, evaluatePolicy } from '@kya-os/checkpoint-shared';
+import '@kya-os/checkpoint-wasm-runtime/engine';
 import '@kya-os/checkpoint-wasm-runtime/adapters';
 import 'next/server';
-import '@kya-os/checkpoint-wasm-runtime/engine';
+import '@kya-os/checkpoint-wasm-runtime/reporter';
+import './composed-policy.mjs';
+import '@kya-os/checkpoint-wasm-runtime/composed-policy';
 import '@kya-os/checkpoint';
-
-/**
- * @fileoverview Checkpoint Next.js Integration
- * @license MIT OR Apache-2.0
- */
-
-/**
- * Library version
- */
-declare const VERSION = "0.1.0";
-
-export { VERSION };