@kya-os/checkpoint-wasm-runtime 1.1.1 → 1.1.3

package/dist/orchestrator-node.d.ts

@@ -1,8 +1,203 @@
-import { V as VerifyResult } from './types-D0j85fF0.js';
-import { V as VerifyRequestOpts, I as IncomingHttpLike } from './render-decision-Dsjwt96g.js';
-export { B as BuildAgentRequestOpts, R as RenderedResponse, b as buildAgentRequest, e as extractAgentDid, a as extractCredentialStatusUrl, c as extractIssuer, h as hasMalformedJwsBody, r as renderDecisionAsResponse } from './render-decision-Dsjwt96g.js';
+import { d as DidDocument, D as Decision, E as EnforcementMode, V as VerifyResult, A as AgentRequest } from './types-D0j85fF0.js';
 import '@kya-os/checkpoint-shared';
-import './adapters.js';
+
+/**
+ * DidResolver adapter — sub-phase B.1.
+ *
+ * Resolves `did:key:*` (in-memory multibase decode) and `did:web:*`
+ * (HTTPS fetch of `.well-known/did.json`) into the engine's
+ * `DidDocument` shape. The async half does any required I/O; the
+ * adapter's output is plain data that the host wrapper bundles into
+ * `ContextSpec.didDocs` before calling `engineVerify`.
+ *
+ * Phase 1 supports only Ed25519 verification methods (the engine's
+ * `KeyType` is `#[non_exhaustive]` with `Ed25519` as its single
+ * variant). Non-Ed25519 methods on a resolved doc are silently
+ * filtered out — the engine wouldn't accept them as a valid Stage 2
+ * key match anyway.
+ *
+ * **`kid` for `did:key`**: the verification-method id is
+ * `<did>#<multibase>` per mcp-i-core PR #16. **NOT** `<did>#keys-1`.
+ * H-1's `stage2_did_key_fragment_resolution` test pins this.
+ */
+
+interface DidResolverAdapter {
+    resolve(did: string): Promise<DidDocument>;
+}
+
+interface StatusListCacheAdapter {
+    /**
+     * Fetch the status list at `url`, decode it, and return the sorted
+     * set of revoked credential indices.
+     *
+     * @throws {StatusListUnavailable} on transport / non-2xx response.
+     * @throws {StatusListTimeout} when the fetch budget is exceeded.
+     * @throws {MalformedStatusList} when the VC is unparseable.
+     */
+    fetch(url: string): Promise<number[]>;
+}
+
+/**
+ * ReputationOracle adapter — sub-phase B.3.
+ *
+ * Resolves a per-DID reputation score in `[0.0, 1.0]`. Phase 1 wires
+ * an optional HTTP endpoint (Argus). Unavailable / misconfigured /
+ * out-of-range responses degrade to a baseline score so infrastructure
+ * blips can't silently DOS Adobe-class traffic. The engine's Stage 6
+ * compares the returned score against the tenant-configured threshold
+ * (Phase B.4 builds the threshold via `PolicyEvaluator`).
+ *
+ * **Degrade-to-trust** (Phase B § 4.5). Reputation is best-effort;
+ * Argus outages do not block traffic. The adapter returns the
+ * configured baseline (default 1.0 = "no signal, treat as trusted")
+ * and logs loudly. The engine's `LowReputation` block fires only
+ * when score < threshold from tenant policy; baseline-1.0 ensures
+ * no traffic is silently rejected just because Argus went down.
+ */
+interface ReputationOracleAdapter {
+    /**
+     * Return the agent's reputation in `[0.0, 1.0]`. Higher is better.
+     *
+     * **Does not throw.** Network / parse / range failures degrade to
+     * the baseline + log; the engine should never see a thrown error
+     * from this adapter.
+     */
+    score(agentDid: string): Promise<number>;
+}
+
+/**
+ * PolicyEvaluator adapter — sub-phase B.4.
+ *
+ * Computes the **tenant verdict** on the JS side and hands the engine
+ * a constant `Decision` for the WASM `WasmConstantPolicy` to echo as
+ * Stage 7's contribution. The engine's cross-stage priority order
+ * (locked in D-design § 6 row 4) handles how Stage 7 interacts with
+ * Stages 2 / 3 / 4 / 5.
+ *
+ * **Sync-engine / async-host invariant.** The JS adapter is async (it
+ * fetches tenant policy from the Checkpoint dashboard); the engine
+ * sees only the resolved `Decision`. Cedar-1 will replace this
+ * adapter's implementation without touching the surrounding orchestrator.
+ *
+ * **Cedar-1 forward-compat.** [`PolicyEvaluatorAdapter`] is the
+ * Cedar-swappable interface: `(input) → Decision`. The Phase 1 stub
+ * is a reputation-threshold check; Cedar-1 will replace the
+ * implementation, not the surface. Don't bake Cedar internals into
+ * this seam.
+ *
+ * **Degrade-to-permit.** Per Phase B § 4.5: when the dashboard policy
+ * endpoint is unreachable, fall back to `defaultPolicy` (caller-supplied)
+ * or `permit-by-default`. Loud log; no silent block.
+ */
+
+/**
+ * Pre-fetched inputs the JS host knows before calling the engine.
+ * Phase 1's evaluator only consumes `reputation` + `tenantHost`; later
+ * implementations (Cedar-1) may extend.
+ */
+interface PolicyEvalInput {
+    tenantHost: string;
+    reputation: number;
+}
+interface PolicyEvaluatorAdapter {
+    evaluate(input: PolicyEvalInput): Promise<Decision>;
+}
+
+/**
+ * Clock adapter — sub-phase B.5.
+ *
+ * Provides the Unix-seconds timestamp the engine's `Clock` trait needs
+ * for Stage 4 expiration checks. Trivial; the trait shape exists so
+ * tests can inject a frozen clock (and so the engine's sync-trait
+ * surface is satisfied without a JS callback crossing the WASM
+ * boundary — `ContextSpec.nowUnix` carries the value).
+ */
+interface ClockAdapter {
+    nowUnix(): number;
+}
+
+/**
+ * Orchestrator-layer types — Phase C, host-side only.
+ *
+ * Nothing here crosses the WASM boundary. The engine ABI types live
+ * in `../types.ts`; the adapter interfaces live in
+ * `../adapters/index.ts`. This file is the host-wrapper-facing
+ * surface — what Phase D (Next.js) and Phase E (Express) import.
+ */
+
+/**
+ * Framework-agnostic HTTP request shape.
+ *
+ * Next.js / Express / Cloudflare Workers / Hono adapters marshal
+ * their native request type into this shape before calling
+ * `verifyRequest`. The shape is intentionally minimal — only what
+ * the engine needs to make a verdict.
+ */
+interface IncomingHttpLike {
+    method: string;
+    /** Path + query string (no scheme + host). */
+    url: string;
+    headers: Record<string, string | string[] | undefined>;
+    /**
+     * Parsed body if the framework has already parsed it (Next.js
+     * with `await req.json()`, Express with `body-parser`). Falsy if
+     * the caller hasn't materialised the body — the orchestrator
+     * treats that as "no MCP-I envelope present" and routes to
+     * PlainHttp.
+     */
+    body?: Buffer | string | object | null;
+    /** Client IP if the framework surfaces one (Express `req.ip`). */
+    remoteAddress?: string;
+}
+/**
+ * Options the host wrapper passes per-`verifyRequest`-construction.
+ * The five adapters + clock + tenant identifier + enforcement mode.
+ */
+interface VerifyRequestOpts {
+    didResolver: DidResolverAdapter;
+    statusListCache: StatusListCacheAdapter;
+    reputationOracle: ReputationOracleAdapter;
+    policyEvaluator: PolicyEvaluatorAdapter;
+    clock: ClockAdapter;
+    /** Tenant identifier — the host customer this request targets. */
+    tenantHost: string;
+    enforcementMode: EnforcementMode;
+    /** Returned to the PolicyEvaluator when the request has no agent DID. Default 1.0. */
+    reputationBaseline?: number;
+    /**
+     * **Envelope-1 (#2537) coordination flag.** Pre-Envelope-1 the TS
+     * bouncer ships MCP-I proofs as `{protected,payload,signature}` JSON
+     * in a `KYA-Delegation` header. Post-Envelope-1 they ship compact
+     * JWS in `_meta.proof.jws` of the body. When this flag is true the
+     * orchestrator also accepts the legacy header form. **Default off.**
+     * Delete this flag once Envelope-1 ships end-to-end.
+     */
+    legacyEnvelopeFallback?: boolean;
+    /**
+     * Argus URL — passed only so the orchestrator can detect "Argus
+     * not configured" at construction time and log the one-shot
+     * warning. The actual reputation fetch goes through `reputationOracle`.
+     */
+    argusUrl?: string;
+    /** Injectable for the once-only Argus configuration warning. */
+    logger?: (msg: string) => void;
+}
+/**
+ * Transport-agnostic response shape `renderDecisionAsResponse`
+ * produces. Host wrappers adapt this to their framework's response
+ * type (NextResponse / Express `res` / Cloudflare Response).
+ *
+ * `status === null` means "pass through" — the request continues to
+ * the next handler. Happens in two cases:
+ *   1. `Decision::Permit` (no block in Enforce mode).
+ *   2. **Any verdict in Observe mode** — Observe never blocks, but
+ *      the response headers still carry the would-have-been verdict.
+ */
+interface RenderedResponse {
+    status: number | null;
+    headers: Record<string, string>;
+    body?: string | object;
+}
 
 /**
  * `verifyRequest` async orchestrator — Phase C.2.
@@ -46,4 +241,117 @@ declare function makeVerifyRequest(opts: VerifyRequestOpts): (req: IncomingHttpL
  */
 declare function verifyRequest(req: IncomingHttpLike, opts: VerifyRequestOpts): Promise<VerifyResult>;
 
-export { IncomingHttpLike, VerifyRequestOpts, makeVerifyRequest, verifyRequest };
+/**
+ * HTTP-to-`AgentRequest` translator — Phase C.1.
+ *
+ * Detects which engine protocol the request belongs to and builds
+ * the typed `AgentRequest` the WASM consumes. Conservative
+ * detection: never escalates an ambiguous request into a higher
+ * verification tier. Anonymous PlainHttp is the default.
+ *
+ * **What this layer parses and what it doesn't.** It parses *only
+ * what's needed to drive conditional pre-fetch* — header presence,
+ * the MCP-I envelope's payload segment (to extract `iss` + `sub` +
+ * optional credentialStatus URL). It does **not** verify
+ * signatures, decode VC chains for revocation bits, or evaluate
+ * scope. Those live in the engine (H-1's parser + Stages 2-5).
+ *
+ * **Buffer-portability note.** This module uses `Buffer.from(...)` and
+ * `Buffer.isBuffer(...)` at multiple call sites (the JWS preflight
+ * `hasMalformedJwsBody`, both `tryBuildMcpIFromBody` variants, the
+ * legacy-header reconstitution path, and `bodyAsBytes`). All of these
+ * assume the Node `Buffer` global is available — provided natively by
+ * the Node runtime, polyfilled on Vercel Edge, and gated behind
+ * `nodejs_compat` on Cloudflare Workers. Bare-Edge and pure-browser
+ * embedders would need a `Buffer` polyfill or a refactor to
+ * `TextEncoder` / `Uint8Array.from`. Tracked as a follow-up since
+ * Phase D's Vercel Node + Vercel Edge targets are both covered today.
+ */
+
+interface BuildAgentRequestOpts {
+    /** See `VerifyRequestOpts.legacyEnvelopeFallback`. */
+    legacyEnvelopeFallback?: boolean;
+}
+/**
+ * Translate an HTTP-like request into the engine's `AgentRequest`.
+ *
+ * Detection order (conservative — never escalate ambiguous input):
+ *   1. MCP-I L2 detached proof in `_meta.proof.jws` (spec form).
+ *   2. (Legacy, opt-in) MCP-I in `KYA-Delegation` header
+ *      (Envelope-1 #2537 transition window only).
+ *   3. RFC 9421 HTTP Message Signatures (`Signature-Input` header).
+ *   4. PlainHttp (default — anonymous traffic).
+ */
+declare function buildAgentRequest(req: IncomingHttpLike, opts?: BuildAgentRequestOpts): AgentRequest;
+/**
+ * Preflight check — does the request body carry a `_meta.proof.jws`
+ * string that `parseJwsPayloadStruct` cannot project into a typed
+ * `McpIPayload`?
+ *
+ * The caller declared intent (an MCP-I envelope) by including the
+ * JWS field; structural failure to extract the payload means the
+ * envelope is malformed, not absent. Without this preflight, the
+ * orchestrator would silently fall through to PlainHttp — pre-#2560
+ * that happened to also Block (engine returned `Block(ParseError)`
+ * for every PlainHttp), so the regression was invisible; post-#2560
+ * the engine's Stage 1 + stub policy returns `Permit` for anonymous
+ * PlainHttp and tampered envelopes would be silently accepted.
+ *
+ * Returns `true` when the orchestrator should synthesize
+ * `Block(ParseError)` BEFORE calling `buildAgentRequest`.
+ */
+declare function hasMalformedJwsBody(req: IncomingHttpLike): boolean;
+/**
+ * Issuer DID — Stage 1 (identity resolution) targets this. `null`
+ * for PlainHttp (anonymous → no DID to resolve).
+ */
+declare function extractIssuer(request: AgentRequest): string | null;
+/**
+ * Agent DID — used by ReputationOracle. Defaults to `payload.sub`
+ * for MCP-I (subject = the agent the proof is *about*).
+ */
+declare function extractAgentDid(request: AgentRequest): string | null;
+/**
+ * Status-list URL for revocation pre-fetch. Pulled from the JWS
+ * payload's `vc.credentialStatus.id` (W3C VC Data Model 1.1).
+ * `null` when the envelope is L1 (no VC chain) — Stage 3 will skip.
+ */
+declare function extractCredentialStatusUrl(request: AgentRequest): string | null;
+
+/**
+ * Transport-agnostic `Decision` → HTTP renderer — Phase C.3.
+ *
+ * Translates a `VerifyResult` into a framework-neutral
+ * `{ status, headers, body }` shape. Phase D (Next.js) adapts this
+ * to `NextResponse`; Phase E (Express) adapts it to `res.status().set().send()`.
+ * One source of truth for the verdict→HTTP mapping.
+ *
+ * Mapping table (§ 4.5 of Phase C kickoff):
+ *
+ * | Decision                          | HTTP | Notes                                   |
+ * |-----------------------------------|------|-----------------------------------------|
+ * | Permit                            | null | Pass through to next handler            |
+ * | Block(Unauthenticated)            | 401  | WWW-Authenticate header                 |
+ * | Block(InvalidSignature)           | 403  |                                          |
+ * | Block(Revoked)                    | 403  |                                          |
+ * | Block(Expired)                    | 401  | Refresh-the-credential semantics        |
+ * | Block(OutOfScope)                 | 403  | Body carries requested + granted        |
+ * | Block(LowReputation)              | 403  | Body carries score + threshold          |
+ * | Block(PolicyDenied)               | 403  | Body carries detail                     |
+ * | Block(ParseError)                 | 400  | Body carries detail                     |
+ * | Challenge                         | 401  | Body carries ChallengeParams            |
+ * | Redirect                          | 302  | Location header                         |
+ * | Instruct                          | 422  | application/problem+json body           |
+ *
+ * Observe mode overrides: every verdict renders as `status: null`
+ * (pass through) with an `X-Checkpoint-Would-Have-Been` header
+ * carrying the verdict kind, plus the standard attribution headers.
+ *
+ * Every response carries the Phase 0.1 attribution headers:
+ * `X-Checkpoint-Engine`, `X-Checkpoint-Engine-Version`, and
+ * (when present) `X-Checkpoint-Ruleset-Hash`.
+ */
+
+declare function renderDecisionAsResponse(result: VerifyResult): RenderedResponse;
+
+export { type BuildAgentRequestOpts, type IncomingHttpLike, type RenderedResponse, type VerifyRequestOpts, buildAgentRequest, extractAgentDid, extractCredentialStatusUrl, extractIssuer, hasMalformedJwsBody, makeVerifyRequest, renderDecisionAsResponse, verifyRequest };

package/dist/orchestrator-node.js

@@ -12,6 +12,9 @@ var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require
   if (typeof require !== "undefined") return require.apply(this, arguments);
   throw Error('Dynamic require of "' + x + '" is not supported');
 });
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
 var __commonJS = (cb, mod) => function __require2() {
   return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
 };
@@ -32,9 +35,16 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   mod
 ));
 
+// ../../node_modules/.pnpm/tsup@8.5.0_@swc+core@1.15.32_jiti@2.6.1_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3_yaml@2.8.3/node_modules/tsup/assets/cjs_shims.js
+var init_cjs_shims = __esm({
+  "../../node_modules/.pnpm/tsup@8.5.0_@swc+core@1.15.32_jiti@2.6.1_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3_yaml@2.8.3/node_modules/tsup/assets/cjs_shims.js"() {
+  }
+});
+
 // wasm/kya-os-engine/kya_os_engine.js
 var require_kya_os_engine = __commonJS({
   "wasm/kya-os-engine/kya_os_engine.js"(exports$1, module) {
+    init_cjs_shims();
     var imports = {};
     imports["__wbindgen_placeholder__"] = module.exports;
     var cachedUint8ArrayMemory0 = null;
@@ -444,7 +454,14 @@ ${val.stack}`;
   }
 });
 
+// src/engine/orchestrator/node.ts
+init_cjs_shims();
+
+// src/engine/orchestrator/verify-request.ts
+init_cjs_shims();
+
 // src/engine/adapters/outbound-url-policy.ts
+init_cjs_shims();
 var BLOCKED_HOSTNAMES = /* @__PURE__ */ new Set(["localhost", "metadata", "metadata.google.internal"]);
 var UnsafeOutboundUrl = class extends Error {
   kind = "UnsafeOutboundUrl";
@@ -520,13 +537,18 @@ function isBlockedIpv6(hostname) {
 }
 
 // src/engine/index.ts
+init_cjs_shims();
 var wasmModule = __toESM(require_kya_os_engine());
 function engineVerify(input, ctx) {
   const verify2 = wasmModule.verify;
   return verify2(input, ctx);
 }
 
+// src/engine/orchestrator/build-agent-request.ts
+init_cjs_shims();
+
 // src/engine/adapters/util.ts
+init_cjs_shims();
 function base64UrlDecode(input) {
   const padded = input.replace(/-/g, "+").replace(/_/g, "/");
   const padding = padded.length % 4 === 0 ? "" : "=".repeat(4 - padded.length % 4);
@@ -821,6 +843,7 @@ function defaultLogger(msg) {
 }
 
 // src/engine/orchestrator/render-decision.ts
+init_cjs_shims();
 function renderDecisionAsResponse(result) {
   const baseHeaders = buildBaseHeaders(result);
   if (result.enforcementMode === "observe") {

package/dist/orchestrator-node.mjs

@@ -1,15 +1,23 @@
+import { createRequire } from 'module';
+import path from 'path';
+import { fileURLToPath } from 'url';
+
+const require$1 = createRequire(import.meta.url);
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+var __require = /* @__PURE__ */ ((x) => typeof require$1 !== "undefined" ? require$1 : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require$1 !== "undefined" ? require$1 : a)[b]
 }) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
+  if (typeof require$1 !== "undefined") return require$1.apply(this, arguments);
   throw Error('Dynamic require of "' + x + '" is not supported');
 });
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
 var __commonJS = (cb, mod) => function __require2() {
   return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
 };
@@ -29,10 +37,19 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
   mod
 ));
+var getFilename, getDirname, __dirname$1;
+var init_esm_shims = __esm({
+  "../../node_modules/.pnpm/tsup@8.5.0_@swc+core@1.15.32_jiti@2.6.1_postcss@8.5.8_tsx@4.21.0_typescript@5.9.3_yaml@2.8.3/node_modules/tsup/assets/esm_shims.js"() {
+    getFilename = () => fileURLToPath(import.meta.url);
+    getDirname = () => path.dirname(getFilename());
+    __dirname$1 = /* @__PURE__ */ getDirname();
+  }
+});
 
 // wasm/kya-os-engine/kya_os_engine.js
 var require_kya_os_engine = __commonJS({
   "wasm/kya-os-engine/kya_os_engine.js"(exports$1, module) {
+    init_esm_shims();
     var imports = {};
     imports["__wbindgen_placeholder__"] = module.exports;
     var cachedUint8ArrayMemory0 = null;
@@ -435,14 +452,21 @@ ${val.stack}`;
     exports$1.__wbindgen_object_drop_ref = function(arg0) {
       takeObject(arg0);
     };
-    var wasmPath = `${__dirname}/kya_os_engine_bg.wasm`;
+    var wasmPath = `${__dirname$1}/kya_os_engine_bg.wasm`;
     var wasmBytes = __require("fs").readFileSync(wasmPath);
     var wasmModule2 = new WebAssembly.Module(wasmBytes);
     var wasm = exports$1.__wasm = new WebAssembly.Instance(wasmModule2, imports).exports;
   }
 });
 
+// src/engine/orchestrator/node.ts
+init_esm_shims();
+
+// src/engine/orchestrator/verify-request.ts
+init_esm_shims();
+
 // src/engine/adapters/outbound-url-policy.ts
+init_esm_shims();
 var BLOCKED_HOSTNAMES = /* @__PURE__ */ new Set(["localhost", "metadata", "metadata.google.internal"]);
 var UnsafeOutboundUrl = class extends Error {
   kind = "UnsafeOutboundUrl";
@@ -518,13 +542,18 @@ function isBlockedIpv6(hostname) {
 }
 
 // src/engine/index.ts
+init_esm_shims();
 var wasmModule = __toESM(require_kya_os_engine());
 function engineVerify(input, ctx) {
   const verify2 = wasmModule.verify;
   return verify2(input, ctx);
 }
 
+// src/engine/orchestrator/build-agent-request.ts
+init_esm_shims();
+
 // src/engine/adapters/util.ts
+init_esm_shims();
 function base64UrlDecode(input) {
   const padded = input.replace(/-/g, "+").replace(/_/g, "/");
   const padding = padded.length % 4 === 0 ? "" : "=".repeat(4 - padded.length % 4);
@@ -819,6 +848,7 @@ function defaultLogger(msg) {
 }
 
 // src/engine/orchestrator/render-decision.ts
+init_esm_shims();
 function renderDecisionAsResponse(result) {
   const baseHeaders = buildBaseHeaders(result);
   if (result.enforcementMode === "observe") {

package/dist/orchestrator.d.mts

@@ -1,7 +1,87 @@
-export { makeVerifyRequest, verifyRequest } from './orchestrator-node.mjs';
-export { makeVerifyRequestEdge, verifyRequestEdge } from './orchestrator-edge.mjs';
-export { B as BuildAgentRequestOpts, I as IncomingHttpLike, R as RenderedResponse, V as VerifyRequestOpts, b as buildAgentRequest, e as extractAgentDid, a as extractCredentialStatusUrl, c as extractIssuer, h as hasMalformedJwsBody, r as renderDecisionAsResponse } from './render-decision-C1a-iuiW.mjs';
-export { initEngineEdge } from './engine-edge.mjs';
-import './types-D0j85fF0.mjs';
+import { VerifyRequestOpts, IncomingHttpLike } from './orchestrator-node.mjs';
+export { BuildAgentRequestOpts, RenderedResponse, buildAgentRequest, extractAgentDid, extractCredentialStatusUrl, extractIssuer, hasMalformedJwsBody, makeVerifyRequest, renderDecisionAsResponse, verifyRequest } from './orchestrator-node.mjs';
+import { V as VerifyResult } from './types-D0j85fF0.mjs';
 import '@kya-os/checkpoint-shared';
-import './adapters.mjs';
+
+/**
+ * `kya-os-engine` WASM bridge for edge runtimes — Edge-WASM-1.
+ *
+ * The Node target (`./index.ts`) uses `fs.readFileSync` at module
+ * load and exposes a sync `engineVerify`. That's incompatible with
+ * Vercel Edge / Cloudflare Workers / browser embedding (no `fs`,
+ * no sync wasm load).
+ *
+ * This module loads the `wasm-pack --target web` artifact via the
+ * async `__wbg_init` default export, then exposes the same typed
+ * `engineVerifyEdge(input, ctx) → Promise<VerifyResult>` shape with
+ * a small lazy-init wrapper. First call awaits initialisation;
+ * subsequent calls resolve synchronously on the JS side (the
+ * underlying wasm `verify` is sync).
+ *
+ * **Why this matters for the consolidation narrative.** Phase A
+ * shipped Node-only. Without an edge build, the first Vercel-edge
+ * or Cloudflare-Workers deployment after Phase D would hit the
+ * same wasm-bindgen-on-edge wall the Sites-1 F3 workaround was
+ * created to dodge — and someone would re-introduce the
+ * inline-TS detector that Q10 ratified deleting. Shipping the
+ * edge target alongside the Node target keeps Phase D's
+ * deletion narrative durable.
+ */
+
+/**
+ * Initialise the edge wasm module. Idempotent — subsequent calls
+ * return the same in-flight or resolved promise. Host wrappers can
+ * call this at startup to eagerly load the wasm and avoid first-
+ * request latency, but it's not required: `engineVerifyEdge`
+ * lazily initialises on first call.
+ *
+ * @param moduleOrPath  Optional pre-fetched `WebAssembly.Module` or
+ *                      a URL / Request the wasm-bindgen loader will
+ *                      fetch. Defaults to the bundled artifact via
+ *                      `import.meta.url`. Cloudflare Workers / Vercel
+ *                      Edge typically pass a pre-bundled `Module`.
+ */
+declare function initEngineEdge(moduleOrPath?: WebAssembly.Module | URL | string | Request | BufferSource): Promise<void>;
+
+/**
+ * `verifyRequestEdge` async-init orchestrator — Edge-WASM-2 (folded into
+ * Phase D's PR).
+ *
+ * Mirror of [[./verify-request.ts]] for edge runtimes. Differs in only
+ * three places:
+ *
+ *   1. Imports `engineVerifyEdge` + `initEngineEdge` from `../edge`
+ *      instead of `engineVerify` from `../index` (Node target).
+ *   2. Awaits `initEngineEdge()` before the engine call — async-init
+ *      pattern required by the `--target web` wasm-bindgen build.
+ *   3. The final engine call is `await engineVerifyEdge(...)` rather
+ *      than the synchronous `engineVerify(...)`.
+ *
+ * **The two files MUST stay in sync.** Any change to verify-request.ts
+ * (new adapter, new error-classification rule, new ContextSpec field)
+ * MUST be mirrored here. The cross-target parity test in
+ * [[__tests__/verify-request-parity.test.ts]] guards the verdict-shape
+ * invariant — both orchestrators must produce identical
+ * `VerifyResult.decision` / `engineInfo.name` on identical inputs.
+ *
+ * Cedar-1 forward-compat: same seam as the Node variant — step (5)
+ * (tenant policy eval) is the only place the PolicyEvaluator
+ * interface gets exercised. When Cedar-1 swaps implementations, this
+ * orchestrator does not change.
+ */
+
+/**
+ * Factory — constructs a `verifyRequestEdge` closure that remembers the
+ * one-shot Argus-not-configured warning state. Use this when the
+ * host wrapper wants the startup log; call `verifyRequestEdge` directly
+ * (the loose function below) if you don't.
+ */
+declare function makeVerifyRequestEdge(opts: VerifyRequestOpts): (req: IncomingHttpLike) => Promise<VerifyResult>;
+/**
+ * Single-shot async entry. Use [`makeVerifyRequestEdge`] in long-lived
+ * hosts (so the Argus warning is one-shot per process); use this
+ * loose form in tests + one-off invocations.
+ */
+declare function verifyRequestEdge(req: IncomingHttpLike, opts: VerifyRequestOpts): Promise<VerifyResult>;
+
+export { IncomingHttpLike, VerifyRequestOpts, initEngineEdge, makeVerifyRequestEdge, verifyRequestEdge };

package/dist/orchestrator.d.ts

@@ -1,7 +1,87 @@
-export { makeVerifyRequest, verifyRequest } from './orchestrator-node.js';
-export { makeVerifyRequestEdge, verifyRequestEdge } from './orchestrator-edge.js';
-export { B as BuildAgentRequestOpts, I as IncomingHttpLike, R as RenderedResponse, V as VerifyRequestOpts, b as buildAgentRequest, e as extractAgentDid, a as extractCredentialStatusUrl, c as extractIssuer, h as hasMalformedJwsBody, r as renderDecisionAsResponse } from './render-decision-Dsjwt96g.js';
-export { initEngineEdge } from './engine-edge.js';
-import './types-D0j85fF0.js';
+import { VerifyRequestOpts, IncomingHttpLike } from './orchestrator-node.js';
+export { BuildAgentRequestOpts, RenderedResponse, buildAgentRequest, extractAgentDid, extractCredentialStatusUrl, extractIssuer, hasMalformedJwsBody, makeVerifyRequest, renderDecisionAsResponse, verifyRequest } from './orchestrator-node.js';
+import { V as VerifyResult } from './types-D0j85fF0.js';
 import '@kya-os/checkpoint-shared';
-import './adapters.js';
+
+/**
+ * `kya-os-engine` WASM bridge for edge runtimes — Edge-WASM-1.
+ *
+ * The Node target (`./index.ts`) uses `fs.readFileSync` at module
+ * load and exposes a sync `engineVerify`. That's incompatible with
+ * Vercel Edge / Cloudflare Workers / browser embedding (no `fs`,
+ * no sync wasm load).
+ *
+ * This module loads the `wasm-pack --target web` artifact via the
+ * async `__wbg_init` default export, then exposes the same typed
+ * `engineVerifyEdge(input, ctx) → Promise<VerifyResult>` shape with
+ * a small lazy-init wrapper. First call awaits initialisation;
+ * subsequent calls resolve synchronously on the JS side (the
+ * underlying wasm `verify` is sync).
+ *
+ * **Why this matters for the consolidation narrative.** Phase A
+ * shipped Node-only. Without an edge build, the first Vercel-edge
+ * or Cloudflare-Workers deployment after Phase D would hit the
+ * same wasm-bindgen-on-edge wall the Sites-1 F3 workaround was
+ * created to dodge — and someone would re-introduce the
+ * inline-TS detector that Q10 ratified deleting. Shipping the
+ * edge target alongside the Node target keeps Phase D's
+ * deletion narrative durable.
+ */
+
+/**
+ * Initialise the edge wasm module. Idempotent — subsequent calls
+ * return the same in-flight or resolved promise. Host wrappers can
+ * call this at startup to eagerly load the wasm and avoid first-
+ * request latency, but it's not required: `engineVerifyEdge`
+ * lazily initialises on first call.
+ *
+ * @param moduleOrPath  Optional pre-fetched `WebAssembly.Module` or
+ *                      a URL / Request the wasm-bindgen loader will
+ *                      fetch. Defaults to the bundled artifact via
+ *                      `import.meta.url`. Cloudflare Workers / Vercel
+ *                      Edge typically pass a pre-bundled `Module`.
+ */
+declare function initEngineEdge(moduleOrPath?: WebAssembly.Module | URL | string | Request | BufferSource): Promise<void>;
+
+/**
+ * `verifyRequestEdge` async-init orchestrator — Edge-WASM-2 (folded into
+ * Phase D's PR).
+ *
+ * Mirror of [[./verify-request.ts]] for edge runtimes. Differs in only
+ * three places:
+ *
+ *   1. Imports `engineVerifyEdge` + `initEngineEdge` from `../edge`
+ *      instead of `engineVerify` from `../index` (Node target).
+ *   2. Awaits `initEngineEdge()` before the engine call — async-init
+ *      pattern required by the `--target web` wasm-bindgen build.
+ *   3. The final engine call is `await engineVerifyEdge(...)` rather
+ *      than the synchronous `engineVerify(...)`.
+ *
+ * **The two files MUST stay in sync.** Any change to verify-request.ts
+ * (new adapter, new error-classification rule, new ContextSpec field)
+ * MUST be mirrored here. The cross-target parity test in
+ * [[__tests__/verify-request-parity.test.ts]] guards the verdict-shape
+ * invariant — both orchestrators must produce identical
+ * `VerifyResult.decision` / `engineInfo.name` on identical inputs.
+ *
+ * Cedar-1 forward-compat: same seam as the Node variant — step (5)
+ * (tenant policy eval) is the only place the PolicyEvaluator
+ * interface gets exercised. When Cedar-1 swaps implementations, this
+ * orchestrator does not change.
+ */
+
+/**
+ * Factory — constructs a `verifyRequestEdge` closure that remembers the
+ * one-shot Argus-not-configured warning state. Use this when the
+ * host wrapper wants the startup log; call `verifyRequestEdge` directly
+ * (the loose function below) if you don't.
+ */
+declare function makeVerifyRequestEdge(opts: VerifyRequestOpts): (req: IncomingHttpLike) => Promise<VerifyResult>;
+/**
+ * Single-shot async entry. Use [`makeVerifyRequestEdge`] in long-lived
+ * hosts (so the Argus warning is one-shot per process); use this
+ * loose form in tests + one-off invocations.
+ */
+declare function verifyRequestEdge(req: IncomingHttpLike, opts: VerifyRequestOpts): Promise<VerifyResult>;
+
+export { IncomingHttpLike, VerifyRequestOpts, initEngineEdge, makeVerifyRequestEdge, verifyRequestEdge };