@kya-os/checkpoint-wasm-runtime 1.4.4 → 1.5.0

package/CHANGELOG.md

@@ -1,5 +1,100 @@
 # @kya-os/checkpoint-wasm-runtime
 
+## 1.5.0 — 2026-05-19
+
+**Formal announcement of HTTP-Sig-Verifier-1 — Tier 1 RFC 9421 HTTP
+Message Signature verification (PR #2642).** Engine cryptographically
+verifies OpenAI's `ChatGPT-Agent` signed traffic at 0.99 confidence
+with vendor attribution on `detection_detail.metadata.verified_*`.
+Pin `^1.5.0` if your dashboard / handler consumes the new Tier 1
+metadata or the failure/skip-reason taxonomy.
+
+### Honest note on what 1.5.0 actually is
+
+The Tier 1 code first rode along in 1.4.3 + 1.4.4 because the publish
+workflow rebuilds wasm from `main` HEAD and #2642 had already merged.
+But both releases shipped under publish-mechanic CHANGELOG entries
+(`workspace:*` leaks, `.gitignore` poison) and were never advertised
+as the Tier 1 ship. 1.5.0 corrects the SemVer label: Tier 1 adds a
+new `AgentRequest::HttpSigned` enum variant + new `verified_*`
+metadata fields + new failure-reason taxonomy strings. That's
+additive public API surface → minor bump, not patch. 1.4.4 is not
+broken and stays on the registry, but new consumers should pin
+`^1.5.0` for clarity of intent.
+
+### Added (Tier 1 RFC 9421 verification)
+
+- **`AgentRequest::HttpSigned` variant** wired through `verify`
+  dispatch. Verified signatures short-circuit to a high-confidence
+  `Permit` Decision; failed / skipped verification falls through to
+  the existing plain-HTTP pipeline with `tier1_failure_reason` /
+  `tier1_skipped_reason` preserved on the detection metadata.
+- **`detection_detail.metadata.verified_*` attribution** when Tier 1
+  succeeds: `verified_tier` (1), `verified_protocol` (`rfc9421`),
+  `verified_vendor` (e.g. `openai`), `key_id`, `covered_components`.
+  F-18 dual-write contract: these fields are byte-stable.
+- **Embedded OpenAI JWK manifest** (`data/vendor-keys/openai.json`)
+  loaded via `include_str!` into a lazy `VendorKeyRegistry`. Resilient
+  to packaging failure (engine still runs without Tier 1 if the
+  manifest is absent or malformed).
+- **Failure-reason taxonomy (byte-stable):** `bad_signature`,
+  `replay_expires_violation`, `replay_window_violation`, `alg_mismatch`,
+  `unknown_keyid_with_signature_agent`, `signature_agent_mismatch`,
+  `malformed_header`, `unsupported_covered_component`,
+  `missing_covered_header`, `key_expired`, `key_not_yet_valid`.
+- **Skip-reason taxonomy (byte-stable):** `no_signature_header`,
+  `unsupported_alg`, `unknown_signature_agent_no_matching_keyid`.
+- **Cross-runtime parity:** 13 fixtures × 3 runtimes (Rust + WASM
+  Node + WASM Edge) green, including 2 new `HttpSigned` fixtures
+  covering skip + fail paths.
+- **`serde-wasm-bindgen` `Serializer::json_compatible()` fix** so
+  `BTreeMap<String, Value>` metadata survives `JSON.stringify` across
+  the WASM boundary. Was silently collapsing to `{}` before; Tier 1
+  is the first real emit site for metadata so the bug surfaced now.
+
+### Operator surface
+
+- `scripts/refresh-openai-signing-keys.ts` — runnable today; fetches
+  `https://chatgpt.com/.well-known/http-message-signatures-directory`,
+  diffs against the embedded manifest, applies 4 sanity gates (>50%
+  removal block, >10× growth block, Ed25519-only alg whitelist,
+  per-kid expiry regression block) + `--ack-vendor` one-shot override.
+  GitHub Actions cron wrapper lands in a follow-up.
+
+### Verification gates active on this release
+
+All four publish-workflow gates from 1.4.4 still apply:
+
+1. Sanity gate — all three wasm-pack targets produce non-trivial
+   `.wasm` binaries on disk.
+2. Tarball-content gate — `tar -tz` listing must contain every
+   required wasm artifact path. (1.4.1/1.4.2 failure mode.)
+3. Manifest gate — packed `package.json` must contain zero
+   `workspace:` substrings in any dependency field. (1.4.3 failure
+   mode.)
+4. Post-publish re-fetch gate — fetches the published tarball from
+   the registry and re-runs gates 2 + 3.
+
+### Adobe pitch narrative upgrade
+
+Pre-1.5.0: "MCP-I cryptographic verification + Tier 2 vendor IP+UA
+cross-match + Tier 3 UA pattern fallback (Monitor)." Post-1.5.0:
+"Same engine; same `Decision` output shape; also verifies RFC 9421
+signed traffic from OpenAI's ChatGPT-Agent at 0.99 confidence today,
+plus any vendor that adopts the same protocol tomorrow. No vendor
+adoption of MCP-I required for verification to work." DataDome /
+Cloudflare / Kasada ceiling at Tier 3 heuristics; this release puts
+KYA-OS one tier above the field for any vendor that signs.
+
+### Follow-ups (not in this release)
+
+- Real ChatGPT-Agent traffic fixture (synthetic-signed fixtures cover
+  dispatch + crypto today).
+- GitHub Actions cron + PR template + vitest coverage + architecture
+  doc for the JWK refresh script.
+- Phase 2 crypto (RSA-PSS-SHA512 + ECDSA-P256-SHA256) — when a
+  second vendor adopts RFC 9421.
+
 ## 1.4.4 — 2026-05-18
 
 **Third recovery release. Do NOT use 1.4.3 — the published manifest

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kya-os/checkpoint-wasm-runtime",
-  "version": "1.4.4",
+  "version": "1.5.0",
   "description": "Checkpoint WASM runtime for AI agent detection across all environments (formerly @kya-os/agentshield-wasm-runtime)",
   "keywords": [
     "ai",