npm - @kya-os/checkpoint-wasm-runtime - Versions diffs - 1.4.3 → 1.5.0 - Mend

@kya-os/checkpoint-wasm-runtime 1.4.3 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md +129 -1
package/package.json +2 -2
package/wasm/kya-os-engine/kya_os_engine_bg.wasm +0 -0
package/wasm/kya-os-engine-bundler/kya_os_engine_bg.wasm +0 -0
package/wasm/kya-os-engine-web/kya_os_engine_bg.wasm +0 -0

package/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,134 @@
 # @kya-os/checkpoint-wasm-runtime
-## 1.4.3 — 2026-05-18
+## 1.5.0 — 2026-05-19
+**Formal announcement of HTTP-Sig-Verifier-1 — Tier 1 RFC 9421 HTTP
+Message Signature verification (PR #2642).** Engine cryptographically
+verifies OpenAI's `ChatGPT-Agent` signed traffic at 0.99 confidence
+with vendor attribution on `detection_detail.metadata.verified_*`.
+Pin `^1.5.0` if your dashboard / handler consumes the new Tier 1
+metadata or the failure/skip-reason taxonomy.
+### Honest note on what 1.5.0 actually is
+The Tier 1 code first rode along in 1.4.3 + 1.4.4 because the publish
+workflow rebuilds wasm from `main` HEAD and #2642 had already merged.
+But both releases shipped under publish-mechanic CHANGELOG entries
+(`workspace:*` leaks, `.gitignore` poison) and were never advertised
+as the Tier 1 ship. 1.5.0 corrects the SemVer label: Tier 1 adds a
+new `AgentRequest::HttpSigned` enum variant + new `verified_*`
+metadata fields + new failure-reason taxonomy strings. That's
+additive public API surface → minor bump, not patch. 1.4.4 is not
+broken and stays on the registry, but new consumers should pin
+`^1.5.0` for clarity of intent.
+### Added (Tier 1 RFC 9421 verification)
+- **`AgentRequest::HttpSigned` variant** wired through `verify`
+  dispatch. Verified signatures short-circuit to a high-confidence
+  `Permit` Decision; failed / skipped verification falls through to
+  the existing plain-HTTP pipeline with `tier1_failure_reason` /
+  `tier1_skipped_reason` preserved on the detection metadata.
+- **`detection_detail.metadata.verified_*` attribution** when Tier 1
+  succeeds: `verified_tier` (1), `verified_protocol` (`rfc9421`),
+  `verified_vendor` (e.g. `openai`), `key_id`, `covered_components`.
+  F-18 dual-write contract: these fields are byte-stable.
+- **Embedded OpenAI JWK manifest** (`data/vendor-keys/openai.json`)
+  loaded via `include_str!` into a lazy `VendorKeyRegistry`. Resilient
+  to packaging failure (engine still runs without Tier 1 if the
+  manifest is absent or malformed).
+- **Failure-reason taxonomy (byte-stable):** `bad_signature`,
+  `replay_expires_violation`, `replay_window_violation`, `alg_mismatch`,
+  `unknown_keyid_with_signature_agent`, `signature_agent_mismatch`,
+  `malformed_header`, `unsupported_covered_component`,
+  `missing_covered_header`, `key_expired`, `key_not_yet_valid`.
+- **Skip-reason taxonomy (byte-stable):** `no_signature_header`,
+  `unsupported_alg`, `unknown_signature_agent_no_matching_keyid`.
+- **Cross-runtime parity:** 13 fixtures × 3 runtimes (Rust + WASM
+  Node + WASM Edge) green, including 2 new `HttpSigned` fixtures
+  covering skip + fail paths.
+- **`serde-wasm-bindgen` `Serializer::json_compatible()` fix** so
+  `BTreeMap<String, Value>` metadata survives `JSON.stringify` across
+  the WASM boundary. Was silently collapsing to `{}` before; Tier 1
+  is the first real emit site for metadata so the bug surfaced now.
+### Operator surface
+- `scripts/refresh-openai-signing-keys.ts` — runnable today; fetches
+  `https://chatgpt.com/.well-known/http-message-signatures-directory`,
+  diffs against the embedded manifest, applies 4 sanity gates (>50%
+  removal block, >10× growth block, Ed25519-only alg whitelist,
+  per-kid expiry regression block) + `--ack-vendor` one-shot override.
+  GitHub Actions cron wrapper lands in a follow-up.
+### Verification gates active on this release
+All four publish-workflow gates from 1.4.4 still apply:
+1. Sanity gate — all three wasm-pack targets produce non-trivial
+   `.wasm` binaries on disk.
+2. Tarball-content gate — `tar -tz` listing must contain every
+   required wasm artifact path. (1.4.1/1.4.2 failure mode.)
+3. Manifest gate — packed `package.json` must contain zero
+   `workspace:` substrings in any dependency field. (1.4.3 failure
+   mode.)
+4. Post-publish re-fetch gate — fetches the published tarball from
+   the registry and re-runs gates 2 + 3.
+### Adobe pitch narrative upgrade
+Pre-1.5.0: "MCP-I cryptographic verification + Tier 2 vendor IP+UA
+cross-match + Tier 3 UA pattern fallback (Monitor)." Post-1.5.0:
+"Same engine; same `Decision` output shape; also verifies RFC 9421
+signed traffic from OpenAI's ChatGPT-Agent at 0.99 confidence today,
+plus any vendor that adopts the same protocol tomorrow. No vendor
+adoption of MCP-I required for verification to work." DataDome /
+Cloudflare / Kasada ceiling at Tier 3 heuristics; this release puts
+KYA-OS one tier above the field for any vendor that signs.
+### Follow-ups (not in this release)
+- Real ChatGPT-Agent traffic fixture (synthetic-signed fixtures cover
+  dispatch + crypto today).
+- GitHub Actions cron + PR template + vitest coverage + architecture
+  doc for the JWK refresh script.
+- Phase 2 crypto (RSA-PSS-SHA512 + ECDSA-P256-SHA256) — when a
+  second vendor adopts RFC 9421.
+## 1.4.4 — 2026-05-18
+**Third recovery release. Do NOT use 1.4.3 — the published manifest
+shipped `@kya-os/checkpoint-shared: "workspace:*"` instead of the
+resolved version. Consumers can't install with any package manager
+(pnpm errors with `ERR_PNPM_WORKSPACE_PKG_NOT_FOUND`; npm/yarn try to
+fetch `workspace:*` from the registry and fail).**
+### What 1.4.3 got wrong (and 1.4.4 fixes)
+The new publish workflow (#2675/#2676) uses `npm pack --ignore-scripts`
+so it can skip `prepublishOnly` (which would re-introduce the wasm-pack
+`.gitignore` poison that broke 1.4.1/1.4.2). The trade-off we missed:
+`pnpm publish` and `pnpm pack` rewrite the `workspace:` protocol to
+concrete versions at pack-time; `npm pack` does NOT. So the new
+workflow shipped a manifest that no package manager outside the source
+workspace could resolve.
+Fix in this release:
+1. **Pre-pack substitution step** in `pack-and-verify-tarball`: reads
+   `@kya-os/checkpoint-shared`'s actual version from the workspace and
+   rewrites `workspace:*` → `1.1.0` (or whatever the workspace publishes)
+   in the wasm-runtime manifest before `npm pack` runs.
+2. **New `MANIFEST GATE`** in the same job: extracts the packed
+   `package.json` from the tarball and asserts zero `workspace:`
+   substrings in any dependency field. The 1.4.3 publish would have
+   failed at this gate.
+Two artifact-shape gates (1.4.1/1.4.2 failure) + two manifest gates
+(1.4.3 failure) + a post-publish re-fetch gate now stand between any
+future publish and a broken registry entry.
+## 1.4.3 — 2026-05-18 — DEPRECATED (workspace:\* leak)
 **Second recovery release. Do NOT use 1.4.1 OR 1.4.2 — both shipped
 broken tarballs missing `wasm/kya-os-engine/*` (nodejs target) and

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kya-os/checkpoint-wasm-runtime",
-  "version": "1.4.3",
+  "version": "1.5.0",
   "description": "Checkpoint WASM runtime for AI agent detection across all environments (formerly @kya-os/agentshield-wasm-runtime)",
   "keywords": [
     "ai",
@@ -148,7 +148,7 @@
     "wasm:rebuild": "bash ../../rust/scripts/build-engine-wasm.sh"
   },
   "dependencies": {
-    "@kya-os/checkpoint-shared": "workspace:*",
+    "@kya-os/checkpoint-shared": "1.1.0",
     "multiformats": "^13"
   },
   "devDependencies": {

package/wasm/kya-os-engine/kya_os_engine_bg.wasm CHANGED Viewed

Binary file

package/wasm/kya-os-engine-bundler/kya_os_engine_bg.wasm CHANGED Viewed

Binary file

package/wasm/kya-os-engine-web/kya_os_engine_bg.wasm CHANGED Viewed

Binary file