@kya-os/checkpoint-wasm-runtime 1.2.0 → 1.3.0

package/CHANGELOG.md

@@ -1,5 +1,72 @@
 # @kya-os/checkpoint-wasm-runtime
 
+## 1.3.0 — 2026-05-18
+
+**Engine-Tier3-Ruleset-Wiring-1.** Replaces the
+`phase-1-d-impl-placeholder` ruleset hash with a real Tier 3 UA
+pattern table, wired into the engine's Stage 1b default policy. The
+engine now Blocks known agent UAs even with an empty tenant policy.
+
+Conforms to `dylan-todos/Engine-Tier-Ordering-1.md` contract:
+`Tier 1 (signed) > Tier 2 (IP+UA) > Tier 3 (UA only) > Tier 4 (IP only)`.
+This release ships Tier 3.
+
+### Added
+
+- `BlockReason::Tier3UAMatch { pattern_id, pattern_kind, confidence }`
+  — additive variant, priority 8 (lowest). Fires only on the PlainHttp
+  path when Stage 1 classifies the request as a known agent.
+- Stage 1b default policy in `verify_plain_http`: if Stage 1 classifies
+  the request as `KnownAiAgent`, `AiCrawler`, or `HeadlessBrowser`,
+  the engine short-circuits with `Decision::Block { Tier3UAMatch }`
+  BEFORE handing off to tenant policy. Calibrated defaults that don't
+  expose customers to the threshold-knob footgun.
+- `SearchBot` is **exempted** from Tier 3 default per architect
+  precedent (`tests/cross_runtime_baselines.rs` line 175-178: "search-
+  engine indexing is generally permitted by tenant policy"). Googlebot
+  / Bingbot / Applebot / DuckDuckBot still flow through to tenant
+  policy.
+
+### Changed
+
+- `EngineInfo.ruleset_hash` is now `sha256:<t2>:<t3_sha256>` where
+  `<t3_sha256>` is the SHA-256 of `patterns_generated.rs` (real
+  identity, not placeholder). `<t2>` is `t2-unset` until Engineer A's
+  reputation/IP-feed schema commits its own identity hash.
+- Drift gate: unit test `tier3_pattern_sha_matches_file` recomputes
+  the SHA at test time and fails with a copy-paste-ready new SHA if
+  `patterns_generated.rs` drifts.
+
+### Breaking change in default behavior
+
+Consumers who deployed the engine with an **empty tenant policy** and
+expected permit-by-default for unsigned traffic now get Block on any
+known agent UA. This is the architectural intent — calibrated defaults
+that don't require every customer to write their own bot-blocking
+policy. Mitigation: deploy a tenant policy that explicitly permits the
+agent classes you want to allow.
+
+### Test coverage added
+
+- 5 new tests in `stage1_classification.rs` covering each blocking
+  class + SearchBot allowlist + real-human permit.
+- Existing baseline tests in `cross_runtime_baselines.rs` updated to
+  assert `Tier3UAMatch` instead of the supplanted `PolicyDenied` path.
+- 173/173 TS tests (including cross-runtime parity) still green.
+
+### Followups
+
+- **Engine-Pattern-Codegen-Retirement-1** (filed): replace
+  `patterns_generated.rs` (legacy YAML codegen) with a build-time JSON
+  export of `KNOWN_AGENT_PATTERNS` from `@kya-os/checkpoint-shared`,
+  with the same drift-prevention pattern as #2599. Current PR uses
+  the existing `patterns_generated.rs` data as the Tier 3 source; the
+  followup makes the TS-side `KNOWN_AGENT_PATTERNS` the engine's SSOT.
+- **Tier 2 data version coordination** (Engineer A): substitute
+  `t2-unset` once the reputation/IP-feed schema commits its identity.
+
+---
+
 ## 1.2.0 — 2026-05-18
 
 Phase-D.8b engine-surface expansion.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kya-os/checkpoint-wasm-runtime",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "description": "Checkpoint WASM runtime for AI agent detection across all environments (formerly @kya-os/agentshield-wasm-runtime)",
   "keywords": [
     "ai",