Conversation
Migrate all 9 packages from Zod 3.22.x to Zod 4.3.6. This is a
breaking change for downstream TypeScript consumers who compile
against exported @peac/schema types (z.infer<> types are not
assignment-compatible across Zod majors).
Schema changes:
- z.record() single-arg form removed in Zod 4: add explicit
z.string() key schema in 5 locations (schema, control, mcp-server)
- .default({}) on object schemas requires output-type-compatible
values in Zod 4: use .prefault({}) for input-type defaults (policy.ts)
- ZodError.errors alias removed: use .issues in test assertions
- issue.path typed as PropertyKey[] (was (string | number)[]): add
casts at 2 call sites (protocol/issue.ts, cli/validators.ts)
No behavioral changes to schema validation, receipt issuance, or
verification. All 4138 tests pass across 167 test files.
Workspace enforcement:
- pnpm.overrides forces zod@^4.3.6 across all workspace packages
- Prevents mixed Zod 3/4 which causes runtime TypeError
Add HTTP transport alongside stdio for remote MCP client connectivity. Each session gets isolated McpServer + transport (CVE-2026-25536 defense). New files: - src/http-transport.ts: HTTP server with CORS, rate limiting, PRM - src/session-manager.ts: session lifecycle, TTL eviction, isolation Endpoints: POST /mcp (JSON-RPC), DELETE /mcp (terminate session), GET /health, GET /.well-known/oauth-protected-resource (conditional PRM) Security (DD-123): localhost-only default, CORS deny-all, 1MB body limit, per-session + per-IP rate limiting, Host/Origin validation, server timeouts CLI flags: --transport, --port, --host, --cors-origins, --authorization-servers, --public-url, --trust-proxy Tests: 25 new (session manager + HTTP transport integration)
Wire validateKernelConstraints() into issue() and verify pipelines. Fail-closed: violations reject before signing (issue) or before schema validation (verify). Changes: - issue.ts: constraint check after claims build, before Zod parse - verify-local.ts: constraint check after signature, before schema - verify.ts: constraint check after decode, before Zod parse - errors.ts: E_CONSTRAINT_VIOLATION error code + factory function - verify-local.ts: E_CONSTRAINT_VIOLATION added to VerifyLocalErrorCode - verify.ts: 'constraint_violation' added to VerifyFailure reasons New: docs/specs/KERNEL-CONSTRAINTS.md normative specification Tests: 11 new (issue + verify constraint boundary tests)
Add integrator kit templates for ecosystem partners and a CLI conformance harness for running fixtures against validators. Integrator kits: - template/: base kit with README, integration guide, security FAQ - mcp/, a2a/, acp/, x402/, content-signals/: ecosystem scaffolds Conformance harness (scripts/conformance-harness.ts): - Runs fixtures from specs/conformance/fixtures/ against validators - JSON (default) or pretty output format - Deterministic ordering, stable report schema - Exit code 0 = pass, 1 = failures - Core adapter: validates 10 fixture categories via @peac/schema
- Update performance baselines with Zod 4 benchmarks (measured) - Create OWASP Top 10 for Agentic Applications alignment mapping (ASI-01 through ASI-10) - Verify audit-gate allowlist freshness (3 active entries, all within 30-day ceiling) - All 10 OWASP ASI risks mapped to specific PEAC mitigations with test file citations
Bump all 63 workspace packages to 0.11.0. CHANGELOG documents: - Zod 4 migration (DD-120): breaking for TS consumers compiling against exported schemas - MCP Streamable HTTP transport (DD-119, DD-123): session-isolated, CVE-2026-25536 mitigated - Kernel constraint enforcement in pipelines (DD-121): fail-closed, new constraint_violation reason - Integrator Kit + conformance harness (DD-108, DD-122) - OWASP Top 10 for Agentic Applications alignment (ASI-01 through ASI-10) - Performance baselines updated with Zod 4 benchmarks Gates: 76 build targets, 4174 tests, lint/typecheck/format clean, guard.sh + check-planning-leak.sh pass
MCP transport (DD-119, DD-123): - Session ID validation: ASCII 0x21-0x7E, max 128 chars (MCP spec) - Trust-proxy: typed TrustProxyValue (off|loopback|IPs) replacing boolean - PRM path-aware routing: validatePublicUrl(), trailing slash normalization - Startup banner references MCP spec dates (2025-06-18, 2025-11-25) Error code governance: - E_CONSTRAINT_VIOLATION added to specs/kernel/errors.json (canonical registry) Conformance harness (DD-122): - Promoted to workspace package @peac/conformance-harness - FAIL vs SKIP semantics: AdapterDefinition with supportedCategories - Report schema (specs/conformance/report.schema.json) with schema_version - Legacy fixture detection: auth wrapper + old format -> SKIP not FAIL - scripts/conformance-harness.ts now thin redirect to workspace package Editorial: - CHANGELOG Unicode: replaced typographic arrows/symbols with ASCII equivalents - guard.sh: allowlist integrator-kits/ for npm references (user-facing docs) Tests: 24 HTTP transport tests (session ID, PRM paths, trust-proxy behavior)
Trust-proxy upgrade: - TrustProxyValue presets: off, loopback, linklocal, private, all (discouraged) - isLoopbackAddr/isLinkLocalAddr/isPrivateAddr helpers for RFC 1918/3927 ranges - IPv6-mapped IPv4 (::ffff:) recognized in all presets CVE-2026-25536 hardening: - Explicit regression test: 3 concurrent sessions verified isolated (unique server, transport, and session ID per session; termination of one does not affect others) Unicode/bidi stop-ship gate: - Trojan Source regression test: RLO + LRI + PDI attack pattern detected - Proves scanner catches exact pattern GitHub flags in diff views MCP compliance: - docs/security/MCP-COMPLIANCE-MATRIX.md maps 35 requirements (MUST/SHOULD/MAY) to specific test names across transport, security, session, and auth categories - Intentional deviations documented (GET /mcp 405, Accept tolerance, unprotected mode) Kernel constraints: - Normative ordering precedence rule in KERNEL-CONSTRAINTS.md: constraint check runs before expensive JWKS fetch and signature verify (DoS resistance) - Constraint validation does not mask downstream signature failures Security: - docs/security/HTTP-TRANSPORT-SECURITY.md: deployer-facing checklist (TLS, bind address, auth, trust-proxy, session management, monitoring) CHANGELOG: - Standards References section: MCP 2025-06-18/2025-11-25, RFC 9728, CVE-2026-25536, Zod ^4.3.6, OWASP ASI-01 through ASI-10
Session management hardening: - Per-IP session creation limit (default 10/IP) prevents one IP from exhausting the global session pool (maxSessions) - SessionEntry now tracks clientIp for per-IP accounting - ipSessionCount map incremented on create, decremented on terminate/evict - Startup banner shows per-IP limit alongside global limit PRM startup validation: - Empty authorization_servers entries filtered (whitespace-only rejected) - Explicit warnings when --authorization-servers set without --public-url or vice versa (prevents silent misconfiguration) - PRM document uses filtered authServers array Trust-proxy integration test: - trust-proxy=loopback test: XFF parsed from 127.0.0.1 connections Benchmark metadata: - Added cpu, git_ref, warmup/measurement iterations, notes to tests/perf/baseline-results.json for reproducibility Tests: 4189 passing (171 files), 77 builds, all gates clean
…e versioning) - Fix CI: regenerate errors.generated.ts after E_CONSTRAINT_VIOLATION addition - Multi-client concurrent isolation regression test (CVE-2026-25536 stop-ship) - Trust-proxy: formal peer_ip vs client_ip definition with JSDoc - Trust-proxy: negative spoofing test (untrusted peer XFF ignored) - PRM language precision: "implemented but disabled by default" in banner/CHANGELOG - Zod single-major CI gate: scripts/check-zod-single-major.mjs - Conformance report versioning: format_version 1.1.0, tooling block (git_sha, node_version) - Benchmark reproducibility: atomic writes, warmup/measurement iteration constants - MCP compliance matrix: S10/S11 (XFF spoofing, per-IP cap), C7/C8 (per-IP, concurrent isolation) - PR merge order documented in CHANGELOG Notes
- Format errors.generated.ts after codegen (CI gate fix) - Remove unused exactArray variable in issue-constraints.test.ts - Refactor isLegacyFormat to IIFE with explicit type narrowing
- Bump specs/kernel/errors.json version to 0.11.0 (E_CONSTRAINT_VIOLATION added) - Fix report.schema.json $id: add www. prefix to match all other schemas - Fix peac-v0.9.2.json $id: peac.org -> www.peacprotocol.org (canonical domain)
# Conflicts: # docs/specs/KERNEL-CONSTRAINTS.md # packages/mcp-server/src/cli.ts # packages/mcp-server/src/http-transport.ts # packages/mcp-server/src/session-manager.ts # packages/mcp-server/tests/http/http-transport.test.ts # packages/mcp-server/tests/http/session-manager.test.ts # scripts/conformance-harness.ts # scripts/guard.sh # tests/perf/baseline-results.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
v0.11.0: Infrastructure Modernization + Enterprise Readiness
This release integrates 6 feature/chore PRs into a single release:
Breaking Change
`@peac/schema` exports Zod 4 types. Zod 3 and Zod 4 types are not assignment-compatible. Consumers pinned to `^0.10.x` stay on v0.10.14 (safe); `^0.11.x` opts in.
Summary
Security Hardening (Rounds 1-4)
Design Decisions
DD-119 (Streamable HTTP), DD-120 (Zod 4), DD-121 (kernel constraints pipeline), DD-122 (conformance harness), DD-123 (HTTP security)
PR Merge Order
`#407 -> #408 -> #409/#410/#411 (parallel) -> #412 (release)`
Test Coverage
4191 tests across 171 files, 77 build targets