Checkpoint.Core 0.3.0

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. .NET Standard 2.0 This package targets .NET Standard 2.0. The package is compatible with this framework or higher. .NET Framework 4.6.2 This package targets .NET Framework 4.6.2. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package Checkpoint.Core --version 0.3.0
                    


                    

                
NuGet\Install-Package Checkpoint.Core -Version 0.3.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Checkpoint.Core" Version="0.3.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Checkpoint.Core" Version="0.3.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Checkpoint.Core" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Checkpoint.Core --version 0.3.0
                    


                    

                
#r "nuget: Checkpoint.Core, 0.3.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Checkpoint.Core@0.3.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Checkpoint.Core&version=0.3.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Checkpoint.Core&version=0.3.0
                    


                            Install as a Cake Tool

Core AI agent detection engine for .NET. Detects AI agents (Claude, ChatGPT, Gemini, etc.) via user-agent patterns, header analysis, and behavioral signals. Platform-agnostic — use with any .NET HTTP server, including ASP.NET Core (via Checkpoint.AspNetCore) and classic .NET Framework 4.6.2+ (via Checkpoint.AspNet).

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net461 was computed.  net462 is compatible.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (2)

Showing the top 2 NuGet packages that depend on Checkpoint.Core:

Package Downloads
Checkpoint.AspNetCore

ASP.NET Core middleware for AI agent detection and policy enforcement. Drop-in middleware that detects AI agents, enforces policies from the Checkpoint dashboard, and blocks/redirects automated traffic. The .NET equivalent of @kya-os/checkpoint-express.
Checkpoint.AspNet

ASP.NET (System.Web) HTTP module for AI agent detection and policy enforcement. Drop-in IHttpModule that detects AI agents using the same Rust-compiled WASM engine as AgentShield's Next.js, Express, and .NET Core packages — classic ASP.NET / MVC 5 / Web API 2 / Web Forms consumers get identical detection behavior to modern .NET consumers. Register via Web.config; zero code changes required.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.4.0 63 4/22/2026
0.3.3 78 4/21/2026
0.3.2 105 4/21/2026
0.3.1 130 4/18/2026
0.3.0 121 4/18/2026
0.2.9 114 4/18/2026
0.2.8 113 4/17/2026
0.2.7 128 4/17/2026
0.2.6 118 4/17/2026
0.2.5 121 4/17/2026
0.2.4 132 4/17/2026
0.2.3 132 4/17/2026
0.2.2 130 4/15/2026
0.2.1 128 4/15/2026
0.2.0 127 4/15/2026
0.1.11 108 4/13/2026
0.1.10 150 4/10/2026
0.1.9 114 4/2/2026
0.1.8 114 3/31/2026
0.1.7 104 3/31/2026
Loading failed

0.3.0 — Hang fix follow-up to 0.2.9 (CRITICAL for anyone on 0.2.4–0.2.9)

0.2.9 (#1829) added ConfigureAwait(false) and a relative-URL fix in
McpInstructBuilder. 0.3.0 builds on that with the bounded-fetch +
negative-cache + URL-validation work needed to actually prevent the
hardwareworld.com class of hang, not just the synchronization-context
amplification of it. Anyone running 0.2.4–0.2.9 should upgrade.

Changes:
* PolicyEvaluator: cap lock-wait at 2s and policy-fetch at 3s via linked
 CancellationTokenSource. Worst-case per-request policy time bounded
 regardless of HttpClient timeout or retry behavior.
* PolicyEvaluator: short (10s) negative cache after a failed/null fetch so
 one slow backend doesn't cascade into per-request retries serialised
 through the SemaphoreSlim.
* PolicyEvaluator: stale-on-failure — if a refresh fails, keep serving the
 last-known-good policy rather than dropping to local-only enforcement.
* CheckpointModule / UseCheckpoint(): pre-warm the policy cache on
 initialization so the first real request never pays the cold-cache cost.
* CheckpointApiClient: per-call retry budget (1 retry, 3s total) for
 policy fetches; telemetry endpoints unchanged.
* PolicyCacheTtlMinutes default raised from 1 → 5 to cut steady-state
 policy traffic 5×. Set lower explicitly for rapid-rollout setups.
* ConfigureAwait(false) added to all library awaits (CheckpointModule,
 CheckpointMiddleware, PolicyEvaluator, CheckpointApiClient,
 SignatureVerificationHelper) — eliminates classic ASP.NET sync-context
 amplification on the .NET Framework adapter.
* Redirect branches now reject non-absolute / non-http(s) URLs from
 policy.RedirectUrl and Checkpoint:McpServerUrl. A relative URL like
 "/connect/{projectId}" used to 302 the request back into the customer's
 own host, looping through the same module and surfacing as a hung
 connection. When neither the policy URL nor the local McpServerUrl is
 an absolute http(s) URL, the module falls through to the default block
 response and emits a Trace warning identifying which value(s) were
 malformed. UrlHelpers.TryResolveAbsoluteRedirect / IsAbsoluteHttpUrl
 added for both adapters.

Note: Checkpoint.FailOpen catches *exceptions*, not *hangs*. Before 0.2.9
a slow policy fetch never threw, so FailOpen=true did not protect the
request path. With 0.2.9 the bounded-wait CTS makes this distinction
mostly moot, but the underlying behavior is unchanged.