@kya-os/checkpoint-wasm-runtime 1.5.0 → 1.5.1

package/CHANGELOG.md

@@ -1,5 +1,93 @@
 # @kya-os/checkpoint-wasm-runtime
 
+## 1.5.1 — 2026-05-20
+
+**Tier 1 verification is now observable from the wire.** Closes the
+diagnostic gap Bench-Detection-Delta V3 (2026-05-20) surfaced: although
+Tier 1 RFC 9421 cryptographic verification was engaging correctly in
+1.5.0, the response headers only exposed `Decision`-level info — operators
+couldn't tell whether the engine had verified the request OR what tier
+fired. Required a bench-side `onResult` callback to see
+`detectionDetail.metadata.verified_*`. This patch surfaces the same
+information on the wire.
+
+Patch bump (not minor) because both changes are additive observability
+improvements — no public API surface change, no behavior change for any
+existing consumer:
+
+| Change                                                                                                 | Type     | Consumer impact                                                                                                                                                                                                                                                                                                        |
+| ------------------------------------------------------------------------------------------------------ | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `X-Checkpoint-Verified-Tier` / `-Vendor` / `-Protocol` response headers                                | Additive | New headers only emitted when `detectionDetail.metadata.verified_*` populated. No existing consumer parsed these (they didn't exist).                                                                                                                                                                                  |
+| `ruleset_hash` `t1:` slot now populates with vendor-keys SHA-256 (`t1:<64-hex>` instead of `t1:unset`) | Additive | The structured format documented `unset` / `disabled` / `<64-hex>` as valid slot values per [[Engine-Tier-Ruleset-Hash-1]]. Operators pinning on the literal `t1:unset` string would see breakage — but doing so was always against the documented contract (the slot was documented as a placeholder pending wiring). |
+
+### Added
+
+- **`X-Checkpoint-Verified-Tier` response header.** Emitted when
+  `detectionDetail.metadata.verified_tier` is a finite number or non-empty
+  string. Value is the stringified tier (`"1"` for Tier 1 RFC 9421 today;
+  `"2"` reserved for Tier 2 IP+UA cross-match attribution when that path
+  populates `verified_*`).
+- **`X-Checkpoint-Verified-Vendor` response header.** Emitted when
+  `detectionDetail.metadata.verified_vendor` is a non-empty string.
+  Today: `openai` (the only Tier 1 vendor with a bundled JWK). Future
+  Anthropic / Google RFC 9421 signers will add `anthropic` / `google`
+  values without a SemVer event.
+- **`X-Checkpoint-Verified-Protocol` response header.** Emitted when
+  `detectionDetail.metadata.verified_protocol` is a non-empty string.
+  Today: `rfc9421` (HTTP Message Signatures). Future MCP-I JWS envelope
+  verifications will emit `mcp-i` / `did-jws`.
+- **`X-Checkpoint-Ruleset-Hash`'s `t1:` slot now populates.** Computed
+  at engine build time as SHA-256 of the canonical concat of every
+  `data/vendor-keys/*.json` file (sorted by filename, `\n--\n`
+  separator). Build-time panic gate on empty dir / empty file prevents
+  shipping a misleading empty-input hash (mirrors Tier 2/3 discipline).
+  The `cargo:rustc-env=KYA_OS_ENGINE_TIER1_KEYS_SHA256` producer in
+  `kya-os-engine/build.rs` is the single source of truth; `api.rs`
+  consumes via `env!()`.
+
+### Defensive guards (PR #2718 reviewer feedback)
+
+- `X-Checkpoint-Verified-Tier` number path uses `Number.isFinite` to
+  reject `NaN` / `±Infinity` (`typeof NaN === 'number'` is true in JS,
+  so a plain typeof check would emit `Verified-Tier: NaN`).
+- `X-Checkpoint-Verified-Tier` string path requires `length > 0`
+  (mirrors `Verified-Vendor` / `Verified-Protocol` defensive guards).
+
+### Tests
+
+- New Rust drift gate `ruleset_hash_tier1_slot_resolves_to_vendor_keys_sha`
+  re-reads `data/vendor-keys/*.json` at test time + asserts the `t1:`
+  slot matches the computed SHA. Mirrors the existing Tier 2 YAML drift
+  gate. 96/96 lib tests pass.
+- 6 new vitest cases on `render-decision.test.ts` cover the
+  `Verified-*` header emission (presence, absence, partial metadata,
+  Block-path co-emission, observe-mode co-emission, empty-string +
+  NaN + ±Infinity defensive guards, number-vs-string acceptance).
+  26/26 render-decision tests pass.
+
+### What this DOESN'T change
+
+- Engine verify-dispatch behavior — unchanged. Tier 1 was already
+  engaging in 1.5.0; this release only makes that visible.
+- Public API surface — unchanged. No new exports, no new types, no
+  removed exports.
+- Existing response headers — unchanged. `X-Checkpoint-Decision`,
+  `-Reason`, `-Engine`, `-Engine-Version` emit exactly as before.
+- Ruleset-hash format — unchanged. The structured-prefix format
+  pinned by `ruleset_hash_matches_structured_per_tier_format` still
+  matches `sha256:t1:<slot>:t2:<slot>:t3:<slot>:t4:<slot>` where
+  each slot is one of `unset`/`disabled`/`[0-9a-f]{64}`. Only the
+  `t1:` slot's runtime value changed from `unset` to `<64-hex>`.
+
+### Pin guidance
+
+- Customers pinning `^1.5.0` (caret) → auto-pick up 1.5.1 on next
+  install. No action needed.
+- Customers pinning `~1.5.0` (tilde) → auto-pick up 1.5.1 on next
+  install. No action needed.
+- Customers pinning `1.5.0` (exact) → no auto-pickup. Bump to
+  `^1.5.1` to see Tier 1 attribution on the wire.
+
 ## 1.5.0 — 2026-05-19
 
 **Formal announcement of HTTP-Sig-Verifier-1 — Tier 1 RFC 9421 HTTP

package/dist/orchestrator-edge.js

@@ -404,6 +404,23 @@ function buildBaseHeaders(result) {
   if (result.engineInfo.rulesetHash) {
     headers["X-Checkpoint-Ruleset-Hash"] = result.engineInfo.rulesetHash;
   }
+  const meta = result.detectionDetail.metadata;
+  if (meta) {
+    const verifiedTier = meta.verified_tier;
+    if (typeof verifiedTier === "number" && Number.isFinite(verifiedTier)) {
+      headers["X-Checkpoint-Verified-Tier"] = String(verifiedTier);
+    } else if (typeof verifiedTier === "string" && verifiedTier.length > 0) {
+      headers["X-Checkpoint-Verified-Tier"] = verifiedTier;
+    }
+    const verifiedVendor = meta.verified_vendor;
+    if (typeof verifiedVendor === "string" && verifiedVendor.length > 0) {
+      headers["X-Checkpoint-Verified-Vendor"] = verifiedVendor;
+    }
+    const verifiedProtocol = meta.verified_protocol;
+    if (typeof verifiedProtocol === "string" && verifiedProtocol.length > 0) {
+      headers["X-Checkpoint-Verified-Protocol"] = verifiedProtocol;
+    }
+  }
   return headers;
 }
 function httpStatusForBlockReason(reason) {

package/dist/orchestrator-edge.mjs

@@ -402,6 +402,23 @@ function buildBaseHeaders(result) {
   if (result.engineInfo.rulesetHash) {
     headers["X-Checkpoint-Ruleset-Hash"] = result.engineInfo.rulesetHash;
   }
+  const meta = result.detectionDetail.metadata;
+  if (meta) {
+    const verifiedTier = meta.verified_tier;
+    if (typeof verifiedTier === "number" && Number.isFinite(verifiedTier)) {
+      headers["X-Checkpoint-Verified-Tier"] = String(verifiedTier);
+    } else if (typeof verifiedTier === "string" && verifiedTier.length > 0) {
+      headers["X-Checkpoint-Verified-Tier"] = verifiedTier;
+    }
+    const verifiedVendor = meta.verified_vendor;
+    if (typeof verifiedVendor === "string" && verifiedVendor.length > 0) {
+      headers["X-Checkpoint-Verified-Vendor"] = verifiedVendor;
+    }
+    const verifiedProtocol = meta.verified_protocol;
+    if (typeof verifiedProtocol === "string" && verifiedProtocol.length > 0) {
+      headers["X-Checkpoint-Verified-Protocol"] = verifiedProtocol;
+    }
+  }
   return headers;
 }
 function httpStatusForBlockReason(reason) {

package/dist/orchestrator-node.js

@@ -508,6 +508,23 @@ function buildBaseHeaders(result) {
   if (result.engineInfo.rulesetHash) {
     headers["X-Checkpoint-Ruleset-Hash"] = result.engineInfo.rulesetHash;
   }
+  const meta = result.detectionDetail.metadata;
+  if (meta) {
+    const verifiedTier = meta.verified_tier;
+    if (typeof verifiedTier === "number" && Number.isFinite(verifiedTier)) {
+      headers["X-Checkpoint-Verified-Tier"] = String(verifiedTier);
+    } else if (typeof verifiedTier === "string" && verifiedTier.length > 0) {
+      headers["X-Checkpoint-Verified-Tier"] = verifiedTier;
+    }
+    const verifiedVendor = meta.verified_vendor;
+    if (typeof verifiedVendor === "string" && verifiedVendor.length > 0) {
+      headers["X-Checkpoint-Verified-Vendor"] = verifiedVendor;
+    }
+    const verifiedProtocol = meta.verified_protocol;
+    if (typeof verifiedProtocol === "string" && verifiedProtocol.length > 0) {
+      headers["X-Checkpoint-Verified-Protocol"] = verifiedProtocol;
+    }
+  }
   return headers;
 }
 function httpStatusForBlockReason(reason) {

package/dist/orchestrator-node.mjs

@@ -487,6 +487,23 @@ function buildBaseHeaders(result) {
   if (result.engineInfo.rulesetHash) {
     headers["X-Checkpoint-Ruleset-Hash"] = result.engineInfo.rulesetHash;
   }
+  const meta = result.detectionDetail.metadata;
+  if (meta) {
+    const verifiedTier = meta.verified_tier;
+    if (typeof verifiedTier === "number" && Number.isFinite(verifiedTier)) {
+      headers["X-Checkpoint-Verified-Tier"] = String(verifiedTier);
+    } else if (typeof verifiedTier === "string" && verifiedTier.length > 0) {
+      headers["X-Checkpoint-Verified-Tier"] = verifiedTier;
+    }
+    const verifiedVendor = meta.verified_vendor;
+    if (typeof verifiedVendor === "string" && verifiedVendor.length > 0) {
+      headers["X-Checkpoint-Verified-Vendor"] = verifiedVendor;
+    }
+    const verifiedProtocol = meta.verified_protocol;
+    if (typeof verifiedProtocol === "string" && verifiedProtocol.length > 0) {
+      headers["X-Checkpoint-Verified-Protocol"] = verifiedProtocol;
+    }
+  }
   return headers;
 }
 function httpStatusForBlockReason(reason) {

package/dist/orchestrator.js

@@ -512,6 +512,23 @@ function buildBaseHeaders(result) {
   if (result.engineInfo.rulesetHash) {
     headers["X-Checkpoint-Ruleset-Hash"] = result.engineInfo.rulesetHash;
   }
+  const meta = result.detectionDetail.metadata;
+  if (meta) {
+    const verifiedTier = meta.verified_tier;
+    if (typeof verifiedTier === "number" && Number.isFinite(verifiedTier)) {
+      headers["X-Checkpoint-Verified-Tier"] = String(verifiedTier);
+    } else if (typeof verifiedTier === "string" && verifiedTier.length > 0) {
+      headers["X-Checkpoint-Verified-Tier"] = verifiedTier;
+    }
+    const verifiedVendor = meta.verified_vendor;
+    if (typeof verifiedVendor === "string" && verifiedVendor.length > 0) {
+      headers["X-Checkpoint-Verified-Vendor"] = verifiedVendor;
+    }
+    const verifiedProtocol = meta.verified_protocol;
+    if (typeof verifiedProtocol === "string" && verifiedProtocol.length > 0) {
+      headers["X-Checkpoint-Verified-Protocol"] = verifiedProtocol;
+    }
+  }
   return headers;
 }
 function httpStatusForBlockReason(reason) {

package/dist/orchestrator.mjs

@@ -510,6 +510,23 @@ function buildBaseHeaders(result) {
   if (result.engineInfo.rulesetHash) {
     headers["X-Checkpoint-Ruleset-Hash"] = result.engineInfo.rulesetHash;
   }
+  const meta = result.detectionDetail.metadata;
+  if (meta) {
+    const verifiedTier = meta.verified_tier;
+    if (typeof verifiedTier === "number" && Number.isFinite(verifiedTier)) {
+      headers["X-Checkpoint-Verified-Tier"] = String(verifiedTier);
+    } else if (typeof verifiedTier === "string" && verifiedTier.length > 0) {
+      headers["X-Checkpoint-Verified-Tier"] = verifiedTier;
+    }
+    const verifiedVendor = meta.verified_vendor;
+    if (typeof verifiedVendor === "string" && verifiedVendor.length > 0) {
+      headers["X-Checkpoint-Verified-Vendor"] = verifiedVendor;
+    }
+    const verifiedProtocol = meta.verified_protocol;
+    if (typeof verifiedProtocol === "string" && verifiedProtocol.length > 0) {
+      headers["X-Checkpoint-Verified-Protocol"] = verifiedProtocol;
+    }
+  }
   return headers;
 }
 function httpStatusForBlockReason(reason) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kya-os/checkpoint-wasm-runtime",
-  "version": "1.5.0",
+  "version": "1.5.1",
   "description": "Checkpoint WASM runtime for AI agent detection across all environments (formerly @kya-os/agentshield-wasm-runtime)",
   "keywords": [
     "ai",

package/wasm/kya-os-engine/package.json

@@ -12,7 +12,8 @@
   },
   "files": [
     "kya_os_engine_bg.wasm",
-    "kya_os_engine.js"
+    "kya_os_engine.js",
+    "kya_os_engine.d.ts"
   ],
   "main": "kya_os_engine.js",
   "keywords": [
@@ -23,5 +24,6 @@
     "did"
   ],
   "type": "commonjs",
-  "_note": "wasm-bindgen --target nodejs output: uses module.exports + require('fs') at module load. The parent wasm/package.json says type:module (for the older agentshield_wasm.js ESM file), which would make Node mis-classify this CJS file and throw ERR_REQUIRE_ESM. This nested package.json overrides per Node's nearest-package.json resolution algorithm. See SDK-WASM-Bundler-Loader-1 (#2613) for the original incident; AIVF-1 Path B (#2639) re-instated this override after a wasm-pack regen silently dropped it, plus a regen-pipeline patcher (rust/scripts/build-engine-wasm.sh) + an integrity test (packages/checkpoint-wasm-runtime/src/__tests__/wasm-artifact-integrity.test.ts) so the next regen can't silently break Node consumers again."
+  "types": "kya_os_engine.d.ts",
+  "_note": "wasm-bindgen --target nodejs output: uses module.exports + require('fs') at module load. The parent wasm/package.json says type:module (for the older agentshield_wasm.js ESM file), which would make Node mis-classify this CJS file and throw ERR_REQUIRE_ESM. This nested package.json overrides per Node's nearest-package.json resolution algorithm. See SDK-WASM-Bundler-Loader-1 (#2613) for the original incident; AIVF-1 Path B (#2639) re-instated this override after a wasm-pack regen silently dropped it, plus a regen-pipeline patcher (rust/scripts/build-engine-wasm.sh) + an integrity test (packages/checkpoint-wasm-runtime/src/__tests__/wasm-artifact-integrity.test.ts) so the next regen can't silently break Node consumers again. Engine-Pattern-Codegen-Retirement-1 extended the patcher to also restore the types/`files` .d.ts references that --no-typescript drops."
 }

package/wasm/kya-os-engine-web/package.json

@@ -13,7 +13,8 @@
   },
   "files": [
     "kya_os_engine_bg.wasm",
-    "kya_os_engine.js"
+    "kya_os_engine.js",
+    "kya_os_engine.d.ts"
   ],
   "main": "kya_os_engine.js",
   "sideEffects": [
@@ -25,5 +26,6 @@
     "mcp-i",
     "agent",
     "did"
-  ]
-}
+  ],
+  "types": "kya_os_engine.d.ts"
+}