@kya-os/checkpoint-wasm-runtime 1.4.0 → 1.4.2

package/CHANGELOG.md

@@ -1,5 +1,59 @@
 # @kya-os/checkpoint-wasm-runtime
 
+## 1.4.2 — 2026-05-18
+
+**Recovery release. Do NOT use 1.4.1 — it was published with a broken
+tarball that ships only `wasm/kya-os-engine-bundler/*` and is missing
+`wasm/kya-os-engine/*` (nodejs target) + `wasm/kya-os-engine-web/*`
+(web target) entirely. Consumers using the `./engine`,
+`./engine/node`, `./orchestrator`, or `./orchestrator/node` subpaths
+crash on import with `ERR_MODULE_NOT_FOUND` (or
+`FUNCTION_INVOCATION_FAILED` on Vercel).**
+
+### What 1.4.1 should have shipped
+
+1.4.1 was a patch release bundling two fixes on top of 1.4.0:
+
+- **#2659** — split anthropic vendor pattern into 3 per-bot entries
+  (`anthropic_claude_user`, `anthropic_claudebot`,
+  `anthropic_claude_web`). Updates the Tier-3 ruleset hash.
+- **#2663** — `httpStatusForBlockReason` + `blockResponseBody`
+  switches gained `Tier3UAMatch` and `AgentAttribution` cases (were
+  falling through to `undefined` status → Express default 500
+  error page). Adds the matching variants to the TS `BlockReason`
+  union (with snake_case `pattern_id` / `pattern_kind` matching the
+  Rust serde wire format).
+
+### Root cause of the broken 1.4.1 tarball
+
+`prepublishOnly` chains `copy-engine-wasm` (nodejs target) +
+`copy-engine-wasm-web` (web target) + `copy-engine-wasm-bundler`
+(bundler target). Each script `cp`s from `rust/crates/kya-os-engine/
+pkg{,-web,-bundler}/` into `packages/checkpoint-wasm-runtime/wasm/`.
+The publish was invoked from a fresh `git reset --hard origin/main`
+state with **only `wasm-pack build --target bundler`** run before
+publish — `pkg/` (nodejs) and `pkg-web/` (web) were empty. The cp
+commands silently produced empty target dirs (`wasm/kya-os-engine/`
+
+- `wasm/kya-os-engine-web/`) populated only with the git-committed
+  `README.md` placeholders, and the tarball shipped that state.
+
+### What 1.4.2 ships
+
+Identical TS + Rust changes to 1.4.1 (no code regression) but with
+the full wasm artifact set (`wasm/kya-os-engine/`,
+`wasm/kya-os-engine-web/`, `wasm/kya-os-engine-bundler/`) verified
+present before publish.
+
+### Hardening (separate dylan-todo to follow)
+
+`prepublishOnly` should fail-fast when any of the three artifact
+dirs is missing rather than producing an empty-but-existing dir.
+Filing as `Engine-WASM-Publish-Sanity-Gate-1` so the next regen
+can't ship the same shape of partial tarball silently.
+
+---
+
 ## 1.4.0 — 2026-05-18
 
 **Minor release** consolidating SDK-Next.js-Integration-Audit-1

package/dist/adapters.d.mts

@@ -1,4 +1,4 @@
-import { d as DidDocument, D as Decision } from './types-KPEcVvac.mjs';
+import { d as DidDocument, D as Decision } from './types-C3RniIOM.mjs';
 import '@kya-os/checkpoint-shared';
 
 /**

package/dist/adapters.d.ts

@@ -1,4 +1,4 @@
-import { d as DidDocument, D as Decision } from './types-KPEcVvac.js';
+import { d as DidDocument, D as Decision } from './types-C3RniIOM.js';
 import '@kya-os/checkpoint-shared';
 
 /**

package/dist/engine-edge.d.mts

@@ -1,5 +1,5 @@
-import { A as AgentRequest, C as ContextSpec, V as VerifyResult } from './types-KPEcVvac.mjs';
-export { a as A2ARequest, b as A2PRequest, B as BlockReason, c as ChallengeParams, D as Decision, d as DidDocument, E as EnforcementMode, e as EngineConfig, f as EngineInfo, H as HttpSignedRequest, I as InstructPayload, K as KeyType, M as McpIRequest, P as PlainHttpRequest, R as RedirectTarget, S as SuggestedAction, T as Tier3Action, g as VerificationMethod } from './types-KPEcVvac.mjs';
+import { A as AgentRequest, C as ContextSpec, V as VerifyResult } from './types-C3RniIOM.mjs';
+export { a as A2ARequest, b as A2PRequest, B as BlockReason, c as ChallengeParams, D as Decision, d as DidDocument, E as EnforcementMode, e as EngineConfig, f as EngineInfo, H as HttpSignedRequest, I as InstructPayload, K as KeyType, M as McpIRequest, P as PlainHttpRequest, R as RedirectTarget, S as SuggestedAction, T as Tier3Action, g as VerificationMethod } from './types-C3RniIOM.mjs';
 export { DetectionDetail, McpIPayload } from '@kya-os/checkpoint-shared';
 
 /**

package/dist/engine-edge.d.ts

@@ -1,5 +1,5 @@
-import { A as AgentRequest, C as ContextSpec, V as VerifyResult } from './types-KPEcVvac.js';
-export { a as A2ARequest, b as A2PRequest, B as BlockReason, c as ChallengeParams, D as Decision, d as DidDocument, E as EnforcementMode, e as EngineConfig, f as EngineInfo, H as HttpSignedRequest, I as InstructPayload, K as KeyType, M as McpIRequest, P as PlainHttpRequest, R as RedirectTarget, S as SuggestedAction, T as Tier3Action, g as VerificationMethod } from './types-KPEcVvac.js';
+import { A as AgentRequest, C as ContextSpec, V as VerifyResult } from './types-C3RniIOM.js';
+export { a as A2ARequest, b as A2PRequest, B as BlockReason, c as ChallengeParams, D as Decision, d as DidDocument, E as EnforcementMode, e as EngineConfig, f as EngineInfo, H as HttpSignedRequest, I as InstructPayload, K as KeyType, M as McpIRequest, P as PlainHttpRequest, R as RedirectTarget, S as SuggestedAction, T as Tier3Action, g as VerificationMethod } from './types-C3RniIOM.js';
 export { DetectionDetail, McpIPayload } from '@kya-os/checkpoint-shared';
 
 /**

package/dist/engine-node.d.mts

@@ -1,5 +1,5 @@
-import { A as AgentRequest, C as ContextSpec, V as VerifyResult } from './types-KPEcVvac.mjs';
-export { a as A2ARequest, b as A2PRequest, B as BlockReason, c as ChallengeParams, D as Decision, d as DidDocument, E as EnforcementMode, e as EngineConfig, f as EngineInfo, H as HttpSignedRequest, I as InstructPayload, K as KeyType, M as McpIRequest, P as PlainHttpRequest, R as RedirectTarget, S as SuggestedAction, T as Tier3Action, g as VerificationMethod } from './types-KPEcVvac.mjs';
+import { A as AgentRequest, C as ContextSpec, V as VerifyResult } from './types-C3RniIOM.mjs';
+export { a as A2ARequest, b as A2PRequest, B as BlockReason, c as ChallengeParams, D as Decision, d as DidDocument, E as EnforcementMode, e as EngineConfig, f as EngineInfo, H as HttpSignedRequest, I as InstructPayload, K as KeyType, M as McpIRequest, P as PlainHttpRequest, R as RedirectTarget, S as SuggestedAction, T as Tier3Action, g as VerificationMethod } from './types-C3RniIOM.mjs';
 export { DetectionDetail, McpIPayload } from '@kya-os/checkpoint-shared';
 
 /**

package/dist/engine-node.d.ts

@@ -1,5 +1,5 @@
-import { A as AgentRequest, C as ContextSpec, V as VerifyResult } from './types-KPEcVvac.js';
-export { a as A2ARequest, b as A2PRequest, B as BlockReason, c as ChallengeParams, D as Decision, d as DidDocument, E as EnforcementMode, e as EngineConfig, f as EngineInfo, H as HttpSignedRequest, I as InstructPayload, K as KeyType, M as McpIRequest, P as PlainHttpRequest, R as RedirectTarget, S as SuggestedAction, T as Tier3Action, g as VerificationMethod } from './types-KPEcVvac.js';
+import { A as AgentRequest, C as ContextSpec, V as VerifyResult } from './types-C3RniIOM.js';
+export { a as A2ARequest, b as A2PRequest, B as BlockReason, c as ChallengeParams, D as Decision, d as DidDocument, E as EnforcementMode, e as EngineConfig, f as EngineInfo, H as HttpSignedRequest, I as InstructPayload, K as KeyType, M as McpIRequest, P as PlainHttpRequest, R as RedirectTarget, S as SuggestedAction, T as Tier3Action, g as VerificationMethod } from './types-C3RniIOM.js';
 export { DetectionDetail, McpIPayload } from '@kya-os/checkpoint-shared';
 
 /**

package/dist/engine.d.mts

@@ -1,5 +1,5 @@
-import { A as AgentRequest, C as ContextSpec, V as VerifyResult } from './types-KPEcVvac.mjs';
-export { a as A2ARequest, b as A2PRequest, B as BlockReason, c as ChallengeParams, D as Decision, d as DidDocument, E as EnforcementMode, e as EngineConfig, f as EngineInfo, H as HttpSignedRequest, I as InstructPayload, K as KeyType, M as McpIRequest, P as PlainHttpRequest, R as RedirectTarget, S as SuggestedAction, T as Tier3Action, g as VerificationMethod } from './types-KPEcVvac.mjs';
+import { A as AgentRequest, C as ContextSpec, V as VerifyResult } from './types-C3RniIOM.mjs';
+export { a as A2ARequest, b as A2PRequest, B as BlockReason, c as ChallengeParams, D as Decision, d as DidDocument, E as EnforcementMode, e as EngineConfig, f as EngineInfo, H as HttpSignedRequest, I as InstructPayload, K as KeyType, M as McpIRequest, P as PlainHttpRequest, R as RedirectTarget, S as SuggestedAction, T as Tier3Action, g as VerificationMethod } from './types-C3RniIOM.mjs';
 export { DetectionDetail, McpIPayload } from '@kya-os/checkpoint-shared';
 
 /**

package/dist/engine.d.ts

@@ -1,5 +1,5 @@
-import { A as AgentRequest, C as ContextSpec, V as VerifyResult } from './types-KPEcVvac.js';
-export { a as A2ARequest, b as A2PRequest, B as BlockReason, c as ChallengeParams, D as Decision, d as DidDocument, E as EnforcementMode, e as EngineConfig, f as EngineInfo, H as HttpSignedRequest, I as InstructPayload, K as KeyType, M as McpIRequest, P as PlainHttpRequest, R as RedirectTarget, S as SuggestedAction, T as Tier3Action, g as VerificationMethod } from './types-KPEcVvac.js';
+import { A as AgentRequest, C as ContextSpec, V as VerifyResult } from './types-C3RniIOM.js';
+export { a as A2ARequest, b as A2PRequest, B as BlockReason, c as ChallengeParams, D as Decision, d as DidDocument, E as EnforcementMode, e as EngineConfig, f as EngineInfo, H as HttpSignedRequest, I as InstructPayload, K as KeyType, M as McpIRequest, P as PlainHttpRequest, R as RedirectTarget, S as SuggestedAction, T as Tier3Action, g as VerificationMethod } from './types-C3RniIOM.js';
 export { DetectionDetail, McpIPayload } from '@kya-os/checkpoint-shared';
 
 /**

package/dist/orchestrator-edge.d.mts

@@ -1,5 +1,5 @@
 export { initEngineEdge } from './engine-edge.mjs';
-import { E as EnforcementMode, A as AgentRequest, C as ContextSpec, V as VerifyResult, e as EngineConfig } from './types-KPEcVvac.mjs';
+import { E as EnforcementMode, A as AgentRequest, C as ContextSpec, V as VerifyResult, e as EngineConfig } from './types-C3RniIOM.mjs';
 import { DidResolverAdapter, StatusListCacheAdapter, ReputationOracleAdapter, PolicyEvaluatorAdapter, ClockAdapter } from './adapters.mjs';
 import '@kya-os/checkpoint-shared';
 
@@ -198,6 +198,8 @@ declare function extractCredentialStatusUrl(request: AgentRequest): string | nul
  * | Block(LowReputation)              | 403  | Body carries score + threshold          |
  * | Block(PolicyDenied)               | 403  | Body carries detail                     |
  * | Block(ParseError)                 | 400  | Body carries detail                     |
+ * | Block(AgentAttribution)           | 403  | Body carries vendor + tier + confidence |
+ * | Block(Tier3UAMatch)               | 403  | Body carries pattern_id + kind + conf   |
  * | Challenge                         | 401  | Body carries ChallengeParams            |
  * | Redirect                          | 302  | Location header                         |
  * | Instruct                          | 422  | application/problem+json body           |

package/dist/orchestrator-edge.d.ts

@@ -1,5 +1,5 @@
 export { initEngineEdge } from './engine-edge.js';
-import { E as EnforcementMode, A as AgentRequest, C as ContextSpec, V as VerifyResult, e as EngineConfig } from './types-KPEcVvac.js';
+import { E as EnforcementMode, A as AgentRequest, C as ContextSpec, V as VerifyResult, e as EngineConfig } from './types-C3RniIOM.js';
 import { DidResolverAdapter, StatusListCacheAdapter, ReputationOracleAdapter, PolicyEvaluatorAdapter, ClockAdapter } from './adapters.js';
 import '@kya-os/checkpoint-shared';
 
@@ -198,6 +198,8 @@ declare function extractCredentialStatusUrl(request: AgentRequest): string | nul
  * | Block(LowReputation)              | 403  | Body carries score + threshold          |
  * | Block(PolicyDenied)               | 403  | Body carries detail                     |
  * | Block(ParseError)                 | 400  | Body carries detail                     |
+ * | Block(AgentAttribution)           | 403  | Body carries vendor + tier + confidence |
+ * | Block(Tier3UAMatch)               | 403  | Body carries pattern_id + kind + conf   |
  * | Challenge                         | 401  | Body carries ChallengeParams            |
  * | Redirect                          | 302  | Location header                         |
  * | Instruct                          | 422  | application/problem+json body           |

package/dist/orchestrator-edge.js

@@ -418,6 +418,8 @@ function httpStatusForBlockReason(reason) {
     case "OutOfScope":
     case "LowReputation":
     case "PolicyDenied":
+    case "AgentAttribution":
+    case "Tier3UAMatch":
       return 403;
   }
 }
@@ -460,6 +462,22 @@ function blockResponseBody(reason) {
         reason: "ParseError",
         detail: reason.detail
       };
+    case "AgentAttribution":
+      return {
+        error: "request identified as agent traffic via Tier-2 IP+UA cross-match",
+        reason: "AgentAttribution",
+        vendor: reason.vendor,
+        tier: reason.tier,
+        confidence: reason.confidence
+      };
+    case "Tier3UAMatch":
+      return {
+        error: "request identified as agent traffic via Tier-3 UA pattern match",
+        reason: "Tier3UAMatch",
+        pattern_id: reason.pattern_id,
+        pattern_kind: reason.pattern_kind,
+        confidence: reason.confidence
+      };
   }
 }
 function humanError(kind) {

package/dist/orchestrator-edge.mjs

@@ -416,6 +416,8 @@ function httpStatusForBlockReason(reason) {
     case "OutOfScope":
     case "LowReputation":
     case "PolicyDenied":
+    case "AgentAttribution":
+    case "Tier3UAMatch":
       return 403;
   }
 }
@@ -458,6 +460,22 @@ function blockResponseBody(reason) {
         reason: "ParseError",
         detail: reason.detail
       };
+    case "AgentAttribution":
+      return {
+        error: "request identified as agent traffic via Tier-2 IP+UA cross-match",
+        reason: "AgentAttribution",
+        vendor: reason.vendor,
+        tier: reason.tier,
+        confidence: reason.confidence
+      };
+    case "Tier3UAMatch":
+      return {
+        error: "request identified as agent traffic via Tier-3 UA pattern match",
+        reason: "Tier3UAMatch",
+        pattern_id: reason.pattern_id,
+        pattern_kind: reason.pattern_kind,
+        confidence: reason.confidence
+      };
   }
 }
 function humanError(kind) {

package/dist/orchestrator-node.d.mts

@@ -1,4 +1,4 @@
-import { d as DidDocument, D as Decision, E as EnforcementMode, A as AgentRequest, C as ContextSpec, V as VerifyResult, e as EngineConfig } from './types-KPEcVvac.mjs';
+import { d as DidDocument, D as Decision, E as EnforcementMode, A as AgentRequest, C as ContextSpec, V as VerifyResult, e as EngineConfig } from './types-C3RniIOM.mjs';
 import '@kya-os/checkpoint-shared';
 
 /**
@@ -311,6 +311,8 @@ declare function extractCredentialStatusUrl(request: AgentRequest): string | nul
  * | Block(LowReputation)              | 403  | Body carries score + threshold          |
  * | Block(PolicyDenied)               | 403  | Body carries detail                     |
  * | Block(ParseError)                 | 400  | Body carries detail                     |
+ * | Block(AgentAttribution)           | 403  | Body carries vendor + tier + confidence |
+ * | Block(Tier3UAMatch)               | 403  | Body carries pattern_id + kind + conf   |
  * | Challenge                         | 401  | Body carries ChallengeParams            |
  * | Redirect                          | 302  | Location header                         |
  * | Instruct                          | 422  | application/problem+json body           |

package/dist/orchestrator-node.d.ts

@@ -1,4 +1,4 @@
-import { d as DidDocument, D as Decision, E as EnforcementMode, A as AgentRequest, C as ContextSpec, V as VerifyResult, e as EngineConfig } from './types-KPEcVvac.js';
+import { d as DidDocument, D as Decision, E as EnforcementMode, A as AgentRequest, C as ContextSpec, V as VerifyResult, e as EngineConfig } from './types-C3RniIOM.js';
 import '@kya-os/checkpoint-shared';
 
 /**
@@ -311,6 +311,8 @@ declare function extractCredentialStatusUrl(request: AgentRequest): string | nul
  * | Block(LowReputation)              | 403  | Body carries score + threshold          |
  * | Block(PolicyDenied)               | 403  | Body carries detail                     |
  * | Block(ParseError)                 | 400  | Body carries detail                     |
+ * | Block(AgentAttribution)           | 403  | Body carries vendor + tier + confidence |
+ * | Block(Tier3UAMatch)               | 403  | Body carries pattern_id + kind + conf   |
  * | Challenge                         | 401  | Body carries ChallengeParams            |
  * | Redirect                          | 302  | Location header                         |
  * | Instruct                          | 422  | application/problem+json body           |

package/dist/orchestrator-node.js

@@ -522,6 +522,8 @@ function httpStatusForBlockReason(reason) {
     case "OutOfScope":
     case "LowReputation":
     case "PolicyDenied":
+    case "AgentAttribution":
+    case "Tier3UAMatch":
       return 403;
   }
 }
@@ -564,6 +566,22 @@ function blockResponseBody(reason) {
         reason: "ParseError",
         detail: reason.detail
       };
+    case "AgentAttribution":
+      return {
+        error: "request identified as agent traffic via Tier-2 IP+UA cross-match",
+        reason: "AgentAttribution",
+        vendor: reason.vendor,
+        tier: reason.tier,
+        confidence: reason.confidence
+      };
+    case "Tier3UAMatch":
+      return {
+        error: "request identified as agent traffic via Tier-3 UA pattern match",
+        reason: "Tier3UAMatch",
+        pattern_id: reason.pattern_id,
+        pattern_kind: reason.pattern_kind,
+        confidence: reason.confidence
+      };
   }
 }
 function humanError(kind) {

package/dist/orchestrator-node.mjs

@@ -501,6 +501,8 @@ function httpStatusForBlockReason(reason) {
     case "OutOfScope":
     case "LowReputation":
     case "PolicyDenied":
+    case "AgentAttribution":
+    case "Tier3UAMatch":
       return 403;
   }
 }
@@ -543,6 +545,22 @@ function blockResponseBody(reason) {
         reason: "ParseError",
         detail: reason.detail
       };
+    case "AgentAttribution":
+      return {
+        error: "request identified as agent traffic via Tier-2 IP+UA cross-match",
+        reason: "AgentAttribution",
+        vendor: reason.vendor,
+        tier: reason.tier,
+        confidence: reason.confidence
+      };
+    case "Tier3UAMatch":
+      return {
+        error: "request identified as agent traffic via Tier-3 UA pattern match",
+        reason: "Tier3UAMatch",
+        pattern_id: reason.pattern_id,
+        pattern_kind: reason.pattern_kind,
+        confidence: reason.confidence
+      };
   }
 }
 function humanError(kind) {

package/dist/orchestrator.d.mts

@@ -1,4 +1,4 @@
-import { d as DidDocument, D as Decision, E as EnforcementMode, A as AgentRequest, C as ContextSpec, V as VerifyResult, e as EngineConfig } from './types-KPEcVvac.mjs';
+import { d as DidDocument, D as Decision, E as EnforcementMode, A as AgentRequest, C as ContextSpec, V as VerifyResult, e as EngineConfig } from './types-C3RniIOM.mjs';
 import '@kya-os/checkpoint-shared';
 
 /**
@@ -351,6 +351,8 @@ declare function extractCredentialStatusUrl(request: AgentRequest): string | nul
  * | Block(LowReputation)              | 403  | Body carries score + threshold          |
  * | Block(PolicyDenied)               | 403  | Body carries detail                     |
  * | Block(ParseError)                 | 400  | Body carries detail                     |
+ * | Block(AgentAttribution)           | 403  | Body carries vendor + tier + confidence |
+ * | Block(Tier3UAMatch)               | 403  | Body carries pattern_id + kind + conf   |
  * | Challenge                         | 401  | Body carries ChallengeParams            |
  * | Redirect                          | 302  | Location header                         |
  * | Instruct                          | 422  | application/problem+json body           |

package/dist/orchestrator.d.ts

@@ -1,4 +1,4 @@
-import { d as DidDocument, D as Decision, E as EnforcementMode, A as AgentRequest, C as ContextSpec, V as VerifyResult, e as EngineConfig } from './types-KPEcVvac.js';
+import { d as DidDocument, D as Decision, E as EnforcementMode, A as AgentRequest, C as ContextSpec, V as VerifyResult, e as EngineConfig } from './types-C3RniIOM.js';
 import '@kya-os/checkpoint-shared';
 
 /**
@@ -351,6 +351,8 @@ declare function extractCredentialStatusUrl(request: AgentRequest): string | nul
  * | Block(LowReputation)              | 403  | Body carries score + threshold          |
  * | Block(PolicyDenied)               | 403  | Body carries detail                     |
  * | Block(ParseError)                 | 400  | Body carries detail                     |
+ * | Block(AgentAttribution)           | 403  | Body carries vendor + tier + confidence |
+ * | Block(Tier3UAMatch)               | 403  | Body carries pattern_id + kind + conf   |
  * | Challenge                         | 401  | Body carries ChallengeParams            |
  * | Redirect                          | 302  | Location header                         |
  * | Instruct                          | 422  | application/problem+json body           |

package/dist/orchestrator.js

@@ -526,6 +526,8 @@ function httpStatusForBlockReason(reason) {
     case "OutOfScope":
     case "LowReputation":
     case "PolicyDenied":
+    case "AgentAttribution":
+    case "Tier3UAMatch":
       return 403;
   }
 }
@@ -568,6 +570,22 @@ function blockResponseBody(reason) {
         reason: "ParseError",
         detail: reason.detail
       };
+    case "AgentAttribution":
+      return {
+        error: "request identified as agent traffic via Tier-2 IP+UA cross-match",
+        reason: "AgentAttribution",
+        vendor: reason.vendor,
+        tier: reason.tier,
+        confidence: reason.confidence
+      };
+    case "Tier3UAMatch":
+      return {
+        error: "request identified as agent traffic via Tier-3 UA pattern match",
+        reason: "Tier3UAMatch",
+        pattern_id: reason.pattern_id,
+        pattern_kind: reason.pattern_kind,
+        confidence: reason.confidence
+      };
   }
 }
 function humanError(kind) {

package/dist/orchestrator.mjs

@@ -524,6 +524,8 @@ function httpStatusForBlockReason(reason) {
     case "OutOfScope":
     case "LowReputation":
     case "PolicyDenied":
+    case "AgentAttribution":
+    case "Tier3UAMatch":
       return 403;
   }
 }
@@ -566,6 +568,22 @@ function blockResponseBody(reason) {
         reason: "ParseError",
         detail: reason.detail
       };
+    case "AgentAttribution":
+      return {
+        error: "request identified as agent traffic via Tier-2 IP+UA cross-match",
+        reason: "AgentAttribution",
+        vendor: reason.vendor,
+        tier: reason.tier,
+        confidence: reason.confidence
+      };
+    case "Tier3UAMatch":
+      return {
+        error: "request identified as agent traffic via Tier-3 UA pattern match",
+        reason: "Tier3UAMatch",
+        pattern_id: reason.pattern_id,
+        pattern_kind: reason.pattern_kind,
+        confidence: reason.confidence
+      };
   }
 }
 function humanError(kind) {

package/dist/{types-KPEcVvac.d.mts → types-C3RniIOM.d.mts}

@@ -80,6 +80,34 @@ type BlockReason = {
 } | {
     kind: 'ParseError';
     detail: string;
+}
+/**
+ * Tier-2 IP+UA cross-match against the vendor SSOT (AIVF-1 Path B
+ * / agent-shield#2639). Emitted by `TieredPolicy` when the request
+ * carries both a vendor-published IP and a matching UA pattern.
+ * `tier` is the tier ordinal (`2` for IP+UA cross-match today;
+ * reserved for future Tier-1 cryptographic attribution).
+ * `confidence` is f32 in `[0.0, 1.0]`.
+ */
+ | {
+    kind: 'AgentAttribution';
+    vendor: string;
+    tier: number;
+    confidence: number;
+}
+/**
+ * Tier-3 UA-only pattern match short-circuit (Engine-Tier3-
+ * Ruleset-Wiring-1 / agent-shield#2641). Emitted at Stage 1b when
+ * `EngineConfig.tier3_action == Block` and the request classifies
+ * as KnownAiAgent / AiCrawler / HeadlessBrowser. **Field names are
+ * snake_case on the wire** (no `rename_all` on the Rust enum) —
+ * they mirror the Rust struct field names verbatim.
+ */
+ | {
+    kind: 'Tier3UAMatch';
+    pattern_id: string;
+    pattern_kind: string;
+    confidence: number;
 };
 interface ChallengeParams {
     nonce: string;

package/dist/{types-KPEcVvac.d.ts → types-C3RniIOM.d.ts}

@@ -80,6 +80,34 @@ type BlockReason = {
 } | {
     kind: 'ParseError';
     detail: string;
+}
+/**
+ * Tier-2 IP+UA cross-match against the vendor SSOT (AIVF-1 Path B
+ * / agent-shield#2639). Emitted by `TieredPolicy` when the request
+ * carries both a vendor-published IP and a matching UA pattern.
+ * `tier` is the tier ordinal (`2` for IP+UA cross-match today;
+ * reserved for future Tier-1 cryptographic attribution).
+ * `confidence` is f32 in `[0.0, 1.0]`.
+ */
+ | {
+    kind: 'AgentAttribution';
+    vendor: string;
+    tier: number;
+    confidence: number;
+}
+/**
+ * Tier-3 UA-only pattern match short-circuit (Engine-Tier3-
+ * Ruleset-Wiring-1 / agent-shield#2641). Emitted at Stage 1b when
+ * `EngineConfig.tier3_action == Block` and the request classifies
+ * as KnownAiAgent / AiCrawler / HeadlessBrowser. **Field names are
+ * snake_case on the wire** (no `rename_all` on the Rust enum) —
+ * they mirror the Rust struct field names verbatim.
+ */
+ | {
+    kind: 'Tier3UAMatch';
+    pattern_id: string;
+    pattern_kind: string;
+    confidence: number;
 };
 interface ChallengeParams {
     nonce: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kya-os/checkpoint-wasm-runtime",
-  "version": "1.4.0",
+  "version": "1.4.2",
   "description": "Checkpoint WASM runtime for AI agent detection across all environments (formerly @kya-os/agentshield-wasm-runtime)",
   "keywords": [
     "ai",

package/wasm/kya-os-engine/README.md

@@ -0,0 +1,26 @@
+# kya-os-engine
+
+Verification engine for the KYA-OS ecosystem. Every TS / .NET / Go / Python /
+Cloudflare-Workers host wrapper is a thin shim around the WASM or WASI build of
+this crate. ADR-001 (Engine-Centric Consolidation) is the architectural
+decision; the locked public API contract is tracked in D-design
+([issue #2484][issue]) and mirrored at
+[`docs/architecture/D-design-ratification.md`][ratification].
+
+`kya-os-engine` is the root of the dependency graph. It depends on
+nothing from `@kya-os/*`, `agentshield-*`, or `checkpoint-*`; the
+direction is the other way.
+
+The public surface is one function (`verify`), one decision vocabulary (`Decision`
+with five variants — `Permit`, `Block`, `Challenge`, `Redirect`, `Instruct`),
+five dependency-injection traits (`DidResolver`, `StatusListCache`,
+`ReputationOracle`, `PolicyEvaluator`, `Clock`), and one canonical-signing-payload
+helper (`canonical_signing_payload`, RFC 8785 / JCS).
+
+This is the **Layer 1 API lock** (D-design, [issue #2484][issue]). The body of
+`verify()` is `todo!()`; trait methods are stubbed. D-impl
+([issue #2485][impl]) satisfies the contract.
+
+[issue]: https://github.com/Know-That-Ai/agent-shield/issues/2484
+[impl]: https://github.com/Know-That-Ai/agent-shield/issues/2485
+[ratification]: ../../../docs/architecture/D-design-ratification.md

package/wasm/kya-os-engine-web/README.md

@@ -0,0 +1,26 @@
+# kya-os-engine
+
+Verification engine for the KYA-OS ecosystem. Every TS / .NET / Go / Python /
+Cloudflare-Workers host wrapper is a thin shim around the WASM or WASI build of
+this crate. ADR-001 (Engine-Centric Consolidation) is the architectural
+decision; the locked public API contract is tracked in D-design
+([issue #2484][issue]) and mirrored at
+[`docs/architecture/D-design-ratification.md`][ratification].
+
+`kya-os-engine` is the root of the dependency graph. It depends on
+nothing from `@kya-os/*`, `agentshield-*`, or `checkpoint-*`; the
+direction is the other way.
+
+The public surface is one function (`verify`), one decision vocabulary (`Decision`
+with five variants — `Permit`, `Block`, `Challenge`, `Redirect`, `Instruct`),
+five dependency-injection traits (`DidResolver`, `StatusListCache`,
+`ReputationOracle`, `PolicyEvaluator`, `Clock`), and one canonical-signing-payload
+helper (`canonical_signing_payload`, RFC 8785 / JCS).
+
+This is the **Layer 1 API lock** (D-design, [issue #2484][issue]). The body of
+`verify()` is `todo!()`; trait methods are stubbed. D-impl
+([issue #2485][impl]) satisfies the contract.
+
+[issue]: https://github.com/Know-That-Ai/agent-shield/issues/2484
+[impl]: https://github.com/Know-That-Ai/agent-shield/issues/2485
+[ratification]: ../../../docs/architecture/D-design-ratification.md

package/wasm/kya-os-engine/kya_os_engine.d.ts

@@ -1,24 +0,0 @@
-/* tslint:disable */
-/* eslint-disable */
-/**
- * Cross-boundary `verify` wrapper. The JS host calls `engine.verify(input,
- * ctxSpec)`; on success it gets a [`VerifyResult`] JSON object; on
- * infrastructure failure (or malformed input) it gets a thrown JS error
- * whose message names the failure mode.
- *
- * **Error semantics**:
- *
- * - Verification *verdicts* (Block/Challenge/etc.) surface inside the
- *   returned `VerifyResult` — they are not thrown.
- * - Engine [`VerifyError`][crate::error::VerifyError] (resolver / cache /
- *   reputation / policy infra failures) surface as thrown JS errors.
- * - Serde deserialisation failures (malformed JS input) surface as thrown
- *   JS errors too, mirroring the typed-vs-thrown split.
- *
- * # JS signature
- *
- * ```ts
- * function verify(input: AgentRequest, ctx: ContextSpec): VerifyResult;
- * ```
- */
-export function verify(input_js: any, ctx_js: any): any;