@kya-os/checkpoint-wasm-runtime 1.5.0 → 1.6.0

package/wasm/kya-os-engine-cedar-web/package.json

@@ -0,0 +1,31 @@
+{
+  "name": "kya-os-engine",
+  "type": "module",
+  "collaborators": [
+    "KnowThat.ai Team"
+  ],
+  "description": "Verification engine for the KYA-OS ecosystem. The single source of truth for detection, identity, scope, revocation, policy, and reputation across every host runtime. See ADR-001.",
+  "version": "0.1.0",
+  "license": "MIT OR Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/knowthat-ai/agentshield"
+  },
+  "files": [
+    "kya_os_engine_bg.wasm",
+    "kya_os_engine.js",
+    "kya_os_engine.d.ts"
+  ],
+  "main": "kya_os_engine.js",
+  "types": "kya_os_engine.d.ts",
+  "sideEffects": [
+    "./snippets/*"
+  ],
+  "keywords": [
+    "kya-os",
+    "verification",
+    "mcp-i",
+    "agent",
+    "did"
+  ]
+}

package/wasm/kya-os-engine-web/package.json

@@ -13,7 +13,8 @@
   },
   "files": [
     "kya_os_engine_bg.wasm",
-    "kya_os_engine.js"
+    "kya_os_engine.js",
+    "kya_os_engine.d.ts"
   ],
   "main": "kya_os_engine.js",
   "sideEffects": [
@@ -25,5 +26,6 @@
     "mcp-i",
     "agent",
     "did"
-  ]
-}
+  ],
+  "types": "kya_os_engine.d.ts"
+}

package/wasm/agentshield_wasm.d.ts

@@ -1,485 +0,0 @@
-/* tslint:disable */
-/* eslint-disable */
-/**
- * Initialize the AgentShield WASM module
- */
-export function init(): void;
-/**
- * Analyze a request and detect if it's from an agent
- */
-export function detect_agent(metadata: JsRequestMetadata): JsDetectionResult;
-/**
- * Get the version of the AgentShield library
- */
-export function version(): string;
-/**
- * Get the version of the AgentShield library
- */
-export function get_version(): string;
-/**
- * Get build information
- */
-export function get_build_info(): string;
-/**
- * Verify an MCP-I proof (VC-JWT token)
- *
- * This function verifies a Verifiable Credential JWT and extracts the
- * principal (issuer) and agent (subject) DIDs.
- *
- * # Arguments
- *
- * * `vc_jwt` - The VC-JWT token string (header.payload.signature)
- * * `current_time_secs` - Current Unix timestamp in seconds (for expiration check)
- *
- * # Returns
- *
- * A `JsMcpIVerificationResult` with verification status and extracted DIDs.
- */
-export function verify_mcp_i_proof(
-  vc_jwt: string,
-  current_time_secs: bigint
-): JsMcpIVerificationResult;
-/**
- * Resolve a did:key identifier to its public key
- *
- * # Arguments
- *
- * * `did` - The did:key identifier (e.g., "did:key:z6Mkf...")
- *
- * # Returns
- *
- * A `JsDidKeyResult` with the resolved public key or an error.
- */
-export function resolve_did_key_wasm(did: string): JsDidKeyResult;
-/**
- * Check if a requested scope is permitted by granted scopes
- *
- * # Arguments
- *
- * * `requested` - The scope being requested (e.g., "read:email")
- * * `granted_json` - JSON array of granted scopes (e.g., "[\"read:*\", \"write:calendar\"]")
- *
- * # Returns
- *
- * A `JsScopeCheckResult` indicating whether the scope is permitted.
- */
-export function check_delegation_scope(requested: string, granted_json: string): JsScopeCheckResult;
-/**
- * Verify a delegation with time constraints
- *
- * # Arguments
- *
- * * `requested` - The scope being requested
- * * `granted_json` - JSON array of granted scopes
- * * `not_before` - Optional Unix timestamp (0 to skip)
- * * `not_after` - Optional Unix timestamp (0 to skip)
- * * `current_time` - Current Unix timestamp (0 to skip time checks)
- *
- * # Returns
- *
- * A `JsScopeCheckResult` indicating whether the delegation is valid.
- */
-export function verify_delegation_scope(
-  requested: string,
-  granted_json: string,
-  not_before: bigint,
-  not_after: bigint,
-  current_time: bigint
-): JsScopeCheckResult;
-/**
- * Evaluate a request against a policy configuration
- *
- * # Arguments
- *
- * * `policy_json` - Policy configuration as JSON string
- * * `context_json` - Evaluation context as JSON string
- *
- * # Returns
- *
- * A `JsPolicyEvaluationResult` with the enforcement action and reason.
- *
- * # Example
- *
- * ```javascript
- * const policy = JSON.stringify({
- *   version: "1.0.0",
- *   enabled: true,
- *   defaultAction: "allow",
- *   thresholds: { confidenceThreshold: 80, confidenceAction: "block" },
- *   denyList: [],
- *   allowList: [],
- *   rules: []
- * });
- *
- * const context = JSON.stringify({
- *   agentType: "ai_agent",
- *   agentName: "ChatGPT",
- *   confidence: 95
- * });
- *
- * const result = evaluate_policy(policy, context);
- * console.log(result.action); // "block" (confidence exceeded threshold)
- * ```
- */
-export function evaluate_policy(
-  policy_json: string,
-  context_json: string
-): JsPolicyEvaluationResult;
-/**
- * Check if a policy allows a request (convenience function)
- *
- * # Arguments
- *
- * * `policy_json` - Policy configuration as JSON string
- * * `context_json` - Evaluation context as JSON string
- *
- * # Returns
- *
- * `true` if the request is allowed, `false` otherwise.
- */
-export function policy_allows(policy_json: string, context_json: string): boolean;
-/**
- * JavaScript-compatible detection result
- */
-export class JsDetectionResult {
-  private constructor();
-  free(): void;
-  [Symbol.dispose](): void;
-  /**
-   * Whether the request was identified as coming from an agent
-   */
-  is_agent: boolean;
-  /**
-   * Whether the detected bot is an AI crawler (GPTBot, ClaudeBot, etc.)
-   */
-  is_ai_crawler: boolean;
-  /**
-   * Confidence score (0.0 to 1.0 scale)
-   */
-  confidence: number;
-  /**
-   * Get the detected agent name
-   */
-  readonly agent: string | undefined;
-  /**
-   * Get the detection class for database storage
-   * Returns: 'human', 'ai_agent', 'bot', 'automation', or 'unknown'
-   */
-  readonly detection_class: string;
-  /**
-   * Get the verification method as a string
-   */
-  readonly verification_method: string;
-  /**
-   * Get the risk level as a string
-   */
-  readonly risk_level: string;
-  /**
-   * Get the timestamp as a string
-   */
-  readonly timestamp: string;
-}
-/**
- * JavaScript-compatible result from did:key resolution
- */
-export class JsDidKeyResult {
-  private constructor();
-  free(): void;
-  [Symbol.dispose](): void;
-  /**
-   * Whether the resolution was successful
-   */
-  success: boolean;
-  /**
-   * Get the public key as hex string
-   */
-  readonly public_key_hex: string | undefined;
-  /**
-   * Get the key type
-   */
-  readonly key_type: string | undefined;
-  /**
-   * Get the error message
-   */
-  readonly error: string | undefined;
-}
-/**
- * JavaScript-compatible result from MCP-I verification
- */
-export class JsMcpIVerificationResult {
-  private constructor();
-  free(): void;
-  [Symbol.dispose](): void;
-  /**
-   * Whether the verification was successful
-   */
-  verified: boolean;
-  /**
-   * Confidence score (0.0 to 1.0 scale) - 0.99 for verified MCP-I
-   */
-  confidence: number;
-  /**
-   * Get the issuer DID (principal)
-   */
-  readonly issuer_did: string | undefined;
-  /**
-   * Get the subject DID (agent)
-   */
-  readonly subject_did: string | undefined;
-  /**
-   * Get the error message
-   */
-  readonly error: string | undefined;
-}
-/**
- * JavaScript-compatible policy evaluation result
- */
-export class JsPolicyEvaluationResult {
-  private constructor();
-  free(): void;
-  [Symbol.dispose](): void;
-  /**
-   * Check if the action permits the request to proceed
-   * Returns true for 'allow' and 'log' (allow but log for monitoring)
-   */
-  is_allowed(): boolean;
-  /**
-   * Check if the action blocks the request
-   * Returns true for 'block', 'redirect', and 'challenge'
-   */
-  is_blocked(): boolean;
-  /**
-   * Convert to JSON string for serialization
-   */
-  to_json(): string;
-  /**
-   * Get the enforcement action
-   */
-  readonly action: string;
-  /**
-   * Get the reason for the action
-   */
-  readonly reason: string;
-  /**
-   * Get the matched rule ID
-   */
-  readonly rule_id: string | undefined;
-  /**
-   * Get the matched rule name
-   */
-  readonly rule_name: string | undefined;
-  /**
-   * Get the redirect URL
-   */
-  readonly redirect_url: string | undefined;
-  /**
-   * Get the custom message
-   */
-  readonly message: string | undefined;
-  /**
-   * Get the match type
-   */
-  readonly match_type: string;
-}
-/**
- * JavaScript-compatible request metadata
- */
-export class JsRequestMetadata {
-  free(): void;
-  [Symbol.dispose](): void;
-  /**
-   * Constructor for JsRequestMetadata
-   */
-  constructor(
-    user_agent: string | null | undefined,
-    ip_address: string | null | undefined,
-    headers: string,
-    timestamp: string,
-    url?: string | null,
-    method?: string | null,
-    client_fingerprint?: string | null,
-    tls_fingerprint?: string | null
-  );
-  /**
-   * Get the user agent
-   */
-  readonly user_agent: string | undefined;
-  /**
-   * Get the IP address
-   */
-  readonly ip_address: string | undefined;
-  /**
-   * Get the headers as JSON string
-   */
-  readonly headers: string;
-  /**
-   * Get the timestamp
-   */
-  readonly timestamp: string;
-  /**
-   * Get the URL
-   */
-  readonly url: string | undefined;
-  /**
-   * Get the method
-   */
-  readonly method: string | undefined;
-  /**
-   * Get the client fingerprint
-   */
-  readonly client_fingerprint: string | undefined;
-  /**
-   * Get the TLS fingerprint
-   */
-  readonly tls_fingerprint: string | undefined;
-}
-/**
- * JavaScript-compatible result from scope check
- */
-export class JsScopeCheckResult {
-  private constructor();
-  free(): void;
-  [Symbol.dispose](): void;
-  /**
-   * Whether the scope is permitted
-   */
-  permitted: boolean;
-  /**
-   * Get the matching scope
-   */
-  readonly matched_by: string | undefined;
-  /**
-   * Get the match type
-   */
-  readonly match_type: string;
-  /**
-   * Get the error message
-   */
-  readonly error: string | undefined;
-}
-
-export type InitInput = RequestInfo | URL | Response | BufferSource | WebAssembly.Module;
-
-export interface InitOutput {
-  readonly memory: WebAssembly.Memory;
-  readonly __wbg_jsdetectionresult_free: (a: number, b: number) => void;
-  readonly __wbg_get_jsdetectionresult_is_agent: (a: number) => number;
-  readonly __wbg_set_jsdetectionresult_is_agent: (a: number, b: number) => void;
-  readonly __wbg_get_jsdetectionresult_is_ai_crawler: (a: number) => number;
-  readonly __wbg_set_jsdetectionresult_is_ai_crawler: (a: number, b: number) => void;
-  readonly __wbg_get_jsdetectionresult_confidence: (a: number) => number;
-  readonly __wbg_set_jsdetectionresult_confidence: (a: number, b: number) => void;
-  readonly jsdetectionresult_agent: (a: number, b: number) => void;
-  readonly jsdetectionresult_detection_class: (a: number, b: number) => void;
-  readonly jsdetectionresult_verification_method: (a: number, b: number) => void;
-  readonly jsdetectionresult_risk_level: (a: number, b: number) => void;
-  readonly jsdetectionresult_timestamp: (a: number, b: number) => void;
-  readonly __wbg_jsrequestmetadata_free: (a: number, b: number) => void;
-  readonly jsrequestmetadata_new: (
-    a: number,
-    b: number,
-    c: number,
-    d: number,
-    e: number,
-    f: number,
-    g: number,
-    h: number,
-    i: number,
-    j: number,
-    k: number,
-    l: number,
-    m: number,
-    n: number,
-    o: number,
-    p: number
-  ) => number;
-  readonly jsrequestmetadata_user_agent: (a: number, b: number) => void;
-  readonly jsrequestmetadata_ip_address: (a: number, b: number) => void;
-  readonly jsrequestmetadata_headers: (a: number, b: number) => void;
-  readonly jsrequestmetadata_timestamp: (a: number, b: number) => void;
-  readonly jsrequestmetadata_url: (a: number, b: number) => void;
-  readonly jsrequestmetadata_method: (a: number, b: number) => void;
-  readonly jsrequestmetadata_client_fingerprint: (a: number, b: number) => void;
-  readonly jsrequestmetadata_tls_fingerprint: (a: number, b: number) => void;
-  readonly init: () => void;
-  readonly detect_agent: (a: number, b: number) => void;
-  readonly get_version: (a: number) => void;
-  readonly get_build_info: (a: number) => void;
-  readonly __wbg_jsmcpiverificationresult_free: (a: number, b: number) => void;
-  readonly __wbg_get_jsmcpiverificationresult_verified: (a: number) => number;
-  readonly __wbg_set_jsmcpiverificationresult_verified: (a: number, b: number) => void;
-  readonly jsmcpiverificationresult_issuer_did: (a: number, b: number) => void;
-  readonly jsmcpiverificationresult_subject_did: (a: number, b: number) => void;
-  readonly jsmcpiverificationresult_error: (a: number, b: number) => void;
-  readonly verify_mcp_i_proof: (a: number, b: number, c: bigint) => number;
-  readonly __wbg_jsdidkeyresult_free: (a: number, b: number) => void;
-  readonly __wbg_get_jsdidkeyresult_success: (a: number) => number;
-  readonly __wbg_set_jsdidkeyresult_success: (a: number, b: number) => void;
-  readonly jsdidkeyresult_public_key_hex: (a: number, b: number) => void;
-  readonly jsdidkeyresult_key_type: (a: number, b: number) => void;
-  readonly jsdidkeyresult_error: (a: number, b: number) => void;
-  readonly resolve_did_key_wasm: (a: number, b: number) => number;
-  readonly __wbg_jsscopecheckresult_free: (a: number, b: number) => void;
-  readonly jsscopecheckresult_matched_by: (a: number, b: number) => void;
-  readonly jsscopecheckresult_match_type: (a: number, b: number) => void;
-  readonly jsscopecheckresult_error: (a: number, b: number) => void;
-  readonly check_delegation_scope: (a: number, b: number, c: number, d: number) => number;
-  readonly verify_delegation_scope: (
-    a: number,
-    b: number,
-    c: number,
-    d: number,
-    e: bigint,
-    f: bigint,
-    g: bigint
-  ) => number;
-  readonly __wbg_jspolicyevaluationresult_free: (a: number, b: number) => void;
-  readonly jspolicyevaluationresult_action: (a: number, b: number) => void;
-  readonly jspolicyevaluationresult_reason: (a: number, b: number) => void;
-  readonly jspolicyevaluationresult_rule_id: (a: number, b: number) => void;
-  readonly jspolicyevaluationresult_rule_name: (a: number, b: number) => void;
-  readonly jspolicyevaluationresult_redirect_url: (a: number, b: number) => void;
-  readonly jspolicyevaluationresult_message: (a: number, b: number) => void;
-  readonly jspolicyevaluationresult_match_type: (a: number, b: number) => void;
-  readonly jspolicyevaluationresult_is_allowed: (a: number) => number;
-  readonly jspolicyevaluationresult_is_blocked: (a: number) => number;
-  readonly jspolicyevaluationresult_to_json: (a: number, b: number) => void;
-  readonly evaluate_policy: (a: number, b: number, c: number, d: number, e: number) => void;
-  readonly policy_allows: (a: number, b: number, c: number, d: number) => number;
-  readonly version: (a: number) => void;
-  readonly __wbg_get_jsscopecheckresult_permitted: (a: number) => number;
-  readonly __wbg_set_jsscopecheckresult_permitted: (a: number, b: number) => void;
-  readonly __wbg_set_jsmcpiverificationresult_confidence: (a: number, b: number) => void;
-  readonly __wbg_get_jsmcpiverificationresult_confidence: (a: number) => number;
-  readonly __wbindgen_export: (a: number, b: number, c: number) => void;
-  readonly __wbindgen_export2: (a: number, b: number) => number;
-  readonly __wbindgen_export3: (a: number, b: number, c: number, d: number) => number;
-  readonly __wbindgen_add_to_stack_pointer: (a: number) => number;
-  readonly __wbindgen_start: () => void;
-}
-
-export type SyncInitInput = BufferSource | WebAssembly.Module;
-/**
- * Instantiates the given `module`, which can either be bytes or
- * a precompiled `WebAssembly.Module`.
- *
- * @param {{ module: SyncInitInput }} module - Passing `SyncInitInput` directly is deprecated.
- *
- * @returns {InitOutput}
- */
-export function initSync(module: { module: SyncInitInput } | SyncInitInput): InitOutput;
-
-/**
- * If `module_or_path` is {RequestInfo} or {URL}, makes a request and
- * for everything else, calls `WebAssembly.instantiate` directly.
- *
- * @param {{ module_or_path: InitInput | Promise<InitInput> }} module_or_path - Passing `InitInput` directly is deprecated.
- *
- * @returns {Promise<InitOutput>}
- */
-export default function __wbg_init(
-  module_or_path?:
-    | { module_or_path: InitInput | Promise<InitInput> }
-    | InitInput
-    | Promise<InitInput>
-): Promise<InitOutput>;