@kya-os/checkpoint-wasm-runtime 1.2.0 → 1.4.0

package/CHANGELOG.md

@@ -1,5 +1,181 @@
 # @kya-os/checkpoint-wasm-runtime
 
+## 1.4.0 — 2026-05-18
+
+**Minor release** consolidating SDK-Next.js-Integration-Audit-1
+([#2640](https://github.com/Know-That-Ai/agent-shield/pull/2640)) and
+Engine-Tier3-Monitor-Default
+([#2653](https://github.com/Know-That-Ai/agent-shield/pull/2653)).
+
+### Behavioral defaults — Tier-3 now Monitor by default
+
+**`EngineConfig.tier3_action` defaults to `'monitor'`.** Engine emits
+Stage 1 classification signals but does NOT short-circuit known-agent
+UAs with `Block { Tier3UAMatch }` of its own — the tenant
+`PolicyEvaluator` is the arbiter. Preserves the 1.3.0 behaviour
+(tenant policy decides). Prevents the day-1 customer-onboarding
+regression a 1.3.1-style hard-coded Block would have caused.
+
+**Opt into Block via `tier3_action: 'block'`** when the host wants
+the engine-default block before the tenant policy seam (the bench
+harness + customers who've reviewed their traffic):
+
+```ts
+import { engineVerify } from '@kya-os/checkpoint-wasm-runtime/engine';
+
+const result = engineVerify(input, {
+  ...ctxSpec,
+  config: { tier3Action: 'block' },
+});
+```
+
+**No breaking change from 1.3.0.** The new `BlockReason::Tier3UAMatch`
+variant + the `EngineConfig` / `Tier3Action` API are additive. The
+1.3.1 patch shipped the Block-default behaviour; 1.4.0 replaces that
+default with Monitor + adds the explicit opt-in. **Do not use 1.3.0
+or 1.3.1; upgrade to 1.4.0.**
+
+### Added
+
+- wasm-bindgen `--target bundler` artifact at
+  `wasm/kya-os-engine-bundler/` for Turbopack / Vite / esbuild
+  consumers. Exposed via `./engine` (default) + `./orchestrator`.
+- `./engine/node` subpath — explicit nodejs-target safety net for
+  Webpack-without-`asyncWebAssembly` consumers. Companion to the
+  existing `./orchestrator/node`.
+- `EngineConfig` + `Tier3Action` TS types exported from `./engine`.
+- `wasm:rebuild` npm script that runs the canonical
+  `rust/scripts/build-engine-wasm.sh` regen flow.
+
+### Changed
+
+- `verify-request.ts` is engine-agnostic — exports
+  `createVerifyRequestApi(defaultEngine)` factory; the two entry
+  barrels (`./orchestrator/index.ts`, `./orchestrator/node.ts`)
+  inject their own engine bridges so `orchestrator-node.mjs` no
+  longer transitively imports the bundler artifact's `.wasm`.
+- WASM artifacts (nodejs + web + bundler) rebuilt from post-#2653
+  engine source.
+
+### Removed
+
+- Dead `onSuccess` wasm-copy in `tsup.config.ts`'s
+  `nodeFallbackEntries` — the nodejs glue is now an external import.
+- `dynamic-loader.ts` `eval()` runtime-detection probes — the
+  bundler-target artifact handles runtime detection natively.
+
+---
+
+## 1.3.1 — 2026-05-18
+
+**Patch release on top of 1.3.0** — do NOT use 1.3.0; it was published
+during Engine-Tier3-Ruleset-Wiring-1 review and shipped with three
+issues caught in CI:
+
+1. **Hash format pre-coordination.** 1.3.0 shipped a 2-slot
+   `sha256:<t2-data-version>:<t3-pattern-sha256>` placeholder
+   convention. Engineer A's [#2639](https://github.com/Know-That-Ai/agent-shield/pull/2639)
+   merged on main with the canonical 4-slot
+   `sha256:t1:<slot>:t2:<slot>:t3:<slot>:t4:<slot>` format. 1.3.1 is
+   rebased on that merge — drops this PR's own `TIER3_PATTERN_SHA256`
+   const + `tier3_pattern_sha_matches_file` test and consumes
+   Engineer A's `build.rs`-emitted `AIVF1_TIER3_PATTERNS_SHA256` env
+   var via `TIER3_RULESET_HASH = env!(...)`. Today's value (1.3.1):
+   `sha256:t1:unset:t2:<yaml-sha>:t3:<patterns-sha>:t4:unset`.
+
+2. **`sfv = "0.14"` leaked into `kya-os-engine`'s `[dependencies]`**
+   (literally with a "Temporary measurement dep — DO NOT COMMIT"
+   comment), carried in from an unrelated HTTP-Sig-Verifier-1 work
+   tree via a stash apply. The crate is not referenced in source, so
+   the WASM binary is unaffected, but it adds an unused transitive
+   to the dependency graph. Removed in 1.3.1.
+3. **`BlockReason::Tier3UAMatch.confidence` was `f32`**, which round-
+   trips through JS `Number` (always f64) with rounding error —
+   Rust serialized `0.95` while WASM serialized `0.949999988079071`.
+   The cross-runtime parity gate caught this as JSON-string
+   divergence even though the underlying f32 bit pattern was
+   identical. Fixed in 1.3.1 by quantizing to `u32` percent (0–100)
+   at the engine boundary, matching the existing
+   `DetectionDetail.confidence` convention.
+
+**Wire-format change between 1.3.0 and 1.3.1:**
+
+```diff
+- { "kind": "Tier3UAMatch", "confidence": 0.95 }
++ { "kind": "Tier3UAMatch", "confidence": 95 }
+```
+
+Any consumer that pinned 1.3.0 must update — `confidence` is now a
+percent integer, not a float. The cross-runtime stability is the
+load-bearing reason; see the Tier3UAMatch docstring.
+
+## 1.3.0 — 2026-05-18 (DEPRECATED — see 1.3.1)
+
+**Engine-Tier3-Ruleset-Wiring-1.** Replaces the
+`phase-1-d-impl-placeholder` ruleset hash with a real Tier 3 UA
+pattern table, wired into the engine's Stage 1b default policy. The
+engine now Blocks known agent UAs even with an empty tenant policy.
+
+Conforms to `dylan-todos/Engine-Tier-Ordering-1.md` contract:
+`Tier 1 (signed) > Tier 2 (IP+UA) > Tier 3 (UA only) > Tier 4 (IP only)`.
+This release ships Tier 3.
+
+### Added
+
+- `BlockReason::Tier3UAMatch { pattern_id, pattern_kind, confidence }`
+  — additive variant, priority 8 (lowest). Fires only on the PlainHttp
+  path when Stage 1 classifies the request as a known agent.
+- Stage 1b default policy in `verify_plain_http`: if Stage 1 classifies
+  the request as `KnownAiAgent`, `AiCrawler`, or `HeadlessBrowser`,
+  the engine short-circuits with `Decision::Block { Tier3UAMatch }`
+  BEFORE handing off to tenant policy. Calibrated defaults that don't
+  expose customers to the threshold-knob footgun.
+- `SearchBot` is **exempted** from Tier 3 default per architect
+  precedent (`tests/cross_runtime_baselines.rs` line 175-178: "search-
+  engine indexing is generally permitted by tenant policy"). Googlebot
+  / Bingbot / Applebot / DuckDuckBot still flow through to tenant
+  policy.
+
+### Changed
+
+- `EngineInfo.ruleset_hash` is now `sha256:<t2>:<t3_sha256>` where
+  `<t3_sha256>` is the SHA-256 of `patterns_generated.rs` (real
+  identity, not placeholder). `<t2>` is `t2-unset` until Engineer A's
+  reputation/IP-feed schema commits its own identity hash.
+- Drift gate: unit test `tier3_pattern_sha_matches_file` recomputes
+  the SHA at test time and fails with a copy-paste-ready new SHA if
+  `patterns_generated.rs` drifts.
+
+### Breaking change in default behavior
+
+Consumers who deployed the engine with an **empty tenant policy** and
+expected permit-by-default for unsigned traffic now get Block on any
+known agent UA. This is the architectural intent — calibrated defaults
+that don't require every customer to write their own bot-blocking
+policy. Mitigation: deploy a tenant policy that explicitly permits the
+agent classes you want to allow.
+
+### Test coverage added
+
+- 5 new tests in `stage1_classification.rs` covering each blocking
+  class + SearchBot allowlist + real-human permit.
+- Existing baseline tests in `cross_runtime_baselines.rs` updated to
+  assert `Tier3UAMatch` instead of the supplanted `PolicyDenied` path.
+- 173/173 TS tests (including cross-runtime parity) still green.
+
+### Followups
+
+- **Engine-Pattern-Codegen-Retirement-1** (filed): replace
+  `patterns_generated.rs` (legacy YAML codegen) with a build-time JSON
+  export of `KNOWN_AGENT_PATTERNS` from `@kya-os/checkpoint-shared`,
+  with the same drift-prevention pattern as #2599. Current PR uses
+  the existing `patterns_generated.rs` data as the Tier 3 source; the
+  followup makes the TS-side `KNOWN_AGENT_PATTERNS` the engine's SSOT.
+- **Tier 2 data version coordination** (Engineer A): substitute
+  `t2-unset` once the reputation/IP-feed schema commits its identity.
+
+---
+
 ## 1.2.0 — 2026-05-18
 
 Phase-D.8b engine-surface expansion.

package/dist/adapters.d.mts

@@ -1,4 +1,4 @@
-import { d as DidDocument, D as Decision } from './types-ByrdPLL2.mjs';
+import { d as DidDocument, D as Decision } from './types-KPEcVvac.mjs';
 import '@kya-os/checkpoint-shared';
 
 /**

package/dist/adapters.d.ts

@@ -1,4 +1,4 @@
-import { d as DidDocument, D as Decision } from './types-ByrdPLL2.js';
+import { d as DidDocument, D as Decision } from './types-KPEcVvac.js';
 import '@kya-os/checkpoint-shared';
 
 /**

package/dist/engine-edge.d.mts

@@ -1,5 +1,5 @@
-import { A as AgentRequest, C as ContextSpec, V as VerifyResult } from './types-ByrdPLL2.mjs';
-export { a as A2ARequest, b as A2PRequest, B as BlockReason, c as ChallengeParams, D as Decision, d as DidDocument, E as EnforcementMode, e as EngineInfo, H as HttpSignedRequest, I as InstructPayload, K as KeyType, M as McpIRequest, P as PlainHttpRequest, R as RedirectTarget, S as SuggestedAction, f as VerificationMethod } from './types-ByrdPLL2.mjs';
+import { A as AgentRequest, C as ContextSpec, V as VerifyResult } from './types-KPEcVvac.mjs';
+export { a as A2ARequest, b as A2PRequest, B as BlockReason, c as ChallengeParams, D as Decision, d as DidDocument, E as EnforcementMode, e as EngineConfig, f as EngineInfo, H as HttpSignedRequest, I as InstructPayload, K as KeyType, M as McpIRequest, P as PlainHttpRequest, R as RedirectTarget, S as SuggestedAction, T as Tier3Action, g as VerificationMethod } from './types-KPEcVvac.mjs';
 export { DetectionDetail, McpIPayload } from '@kya-os/checkpoint-shared';
 
 /**

package/dist/engine-edge.d.ts

@@ -1,5 +1,5 @@
-import { A as AgentRequest, C as ContextSpec, V as VerifyResult } from './types-ByrdPLL2.js';
-export { a as A2ARequest, b as A2PRequest, B as BlockReason, c as ChallengeParams, D as Decision, d as DidDocument, E as EnforcementMode, e as EngineInfo, H as HttpSignedRequest, I as InstructPayload, K as KeyType, M as McpIRequest, P as PlainHttpRequest, R as RedirectTarget, S as SuggestedAction, f as VerificationMethod } from './types-ByrdPLL2.js';
+import { A as AgentRequest, C as ContextSpec, V as VerifyResult } from './types-KPEcVvac.js';
+export { a as A2ARequest, b as A2PRequest, B as BlockReason, c as ChallengeParams, D as Decision, d as DidDocument, E as EnforcementMode, e as EngineConfig, f as EngineInfo, H as HttpSignedRequest, I as InstructPayload, K as KeyType, M as McpIRequest, P as PlainHttpRequest, R as RedirectTarget, S as SuggestedAction, T as Tier3Action, g as VerificationMethod } from './types-KPEcVvac.js';
 export { DetectionDetail, McpIPayload } from '@kya-os/checkpoint-shared';
 
 /**