-
-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathpackage.json
More file actions
155 lines (155 loc) · 10.3 KB
/
package.json
File metadata and controls
155 lines (155 loc) · 10.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
{
"name": "@peac/monorepo",
"version": "0.12.12",
"private": true,
"description": "Portable signed records for agent, API, MCP, and cross-runtime interactions.",
"repository": {
"type": "git",
"url": "https://github.com/peacprotocol/peac.git"
},
"author": "jithinraj <7850727+jithinraj@users.noreply.github.com>",
"license": "Apache-2.0",
"workspaces": [
"packages/*",
"packages/rails/*",
"packages/mappings/*",
"packages/transport/*",
"packages/adapters/*/*",
"surfaces/workers/*",
"apps/*",
"examples/*"
],
"scripts": {
"prepare": "git config core.hooksPath .githooks 2>/dev/null || true",
"test": "vitest run",
"test:watch": "vitest",
"test:coverage": "vitest --coverage",
"test:core": "turbo run test --filter=@peac/crypto --filter=@peac/protocol --filter=@peac/policy-kit --filter=@peac/http-signatures --filter=@peac/jwks-cache --filter=@peac/mappings-mcp --filter=@peac/mappings-acp --filter=@peac/mappings-rsl --filter=@peac/mappings-tap --filter=@peac/rails-x402 --filter=@peac/rails-stripe --filter=@peac/rails-razorpay --filter=@peac/adapter-x402-daydreams --filter=@peac/adapter-x402-fluora --filter=@peac/adapter-x402-pinata --filter=@peac/worker-fastly --filter=@peac/worker-akamai --filter=@peac/transport-grpc",
"test:conformance": "vitest run tests/conformance/",
"conformance:test": "vitest run tests/conformance/",
"schemas:lint": "pnpm format:check -- 'specs/wire/*.json' && node scripts/lint-schemas.js",
"lint": "eslint .",
"lint:fix": "eslint . --fix",
"lint:deps": "depcruise packages/ --config .dependency-cruiser.json",
"format": "prettier \"**/*.{ts,tsx,js,jsx,json,md,yml,yaml}\" --write --ignore-path .prettierignore",
"format:check": "prettier \"**/*.{ts,tsx,js,jsx,json,md,yml,yaml}\" --check --ignore-path .prettierignore",
"typecheck": "pnpm typecheck:core",
"typecheck:core": "tsc -p tsconfig.core.json --noEmit",
"typecheck:legacy": "tsc -p tsconfig.legacy.json --noEmit",
"typecheck:apps": "pnpm --filter @peac/app-sandbox-issuer typecheck && pnpm --filter @peac/app-verifier typecheck && pnpm --filter @peac/app-api typecheck",
"build": "turbo run build",
"dev": "turbo run dev",
"clean": "turbo run clean && rm -rf node_modules",
"ci:guards": "bash scripts/ci/forbid-strings.sh",
"ci:surface": "bash scripts/ci/surface-validator.sh",
"ci:all": "pnpm run ci:guards && pnpm run ci:surface && pnpm run lint && pnpm run check:unicode && pnpm run typecheck && pnpm test",
"examples:check": "pnpm --filter './examples/*' exec tsc --noEmit",
"verify:examples-commerce": "pnpm --filter @peac/example-paymentauth-evidence build && pnpm --filter @peac/example-paymentauth-jsonrpc build && pnpm --filter @peac/example-acp-session-lifecycle build && pnpm --filter @peac/example-stripe-spt-evidence build && pnpm --filter @peac/example-commerce-evidence-bundle build && pnpm --filter @peac/example-x402-dual-header-read build && pnpm --filter @peac/example-paymentauth-evidence demo && pnpm --filter @peac/example-paymentauth-jsonrpc demo && pnpm --filter @peac/example-acp-session-lifecycle demo && pnpm --filter @peac/example-stripe-spt-evidence demo && pnpm --filter @peac/example-commerce-evidence-bundle demo && pnpm --filter @peac/example-x402-dual-header-read demo",
"verify:commerce-coverage": "node scripts/conformance/check-commerce-coverage.mjs",
"verify:protocol-strings": "node scripts/verify-protocol-strings.mjs",
"verify:spec-drift": "node scripts/verify-spec-drift.mjs",
"verify:docs-examples": "node scripts/verify-docs-examples.mjs",
"verify:bundle-drift": "node scripts/verify-bundle-drift.mjs",
"codegen:errors": "tsx scripts/codegen-errors.ts",
"codegen:registries": "tsx scripts/codegen-registries.ts",
"verify:registries-schema": "node scripts/validate-registries-schema.mjs",
"verify:codegen-drift": "bash scripts/verify-codegen-drift.sh",
"verify:distribution": "node scripts/verify-distribution.mjs",
"verify:release": "node scripts/verify-release.mjs",
"api-contract:extract": "tsx scripts/extract-api-contract.ts",
"api-contract:check": "tsx scripts/extract-api-contract.ts --check",
"verify:contracts:drift": "tsx scripts/extract-api-contract.ts --check",
"verify:surface-status": "node scripts/generate-surface-status.mjs --check",
"verify:openapi:drift": "node scripts/verify-openapi-drift.mjs",
"verify:trust-artifacts": "node scripts/verify-trust-artifacts.mjs",
"verify:public-surface-names": "node scripts/verify-public-surface-names.mjs",
"fixtures:new": "node scripts/fixtures-new.mjs",
"conformance:regen:bundle": "tsx scripts/generate-bundle-vectors.ts",
"bench": "pnpm --filter @peac/crypto bench && pnpm --filter @peac/schema bench && pnpm --filter @peac/protocol bench",
"bench:capture": "node scripts/bench-capture.mjs",
"bench:legacy": "tsx scripts/bench-protocol.ts all",
"bench:verify": "tsx scripts/bench-protocol.ts verify",
"bench:issue": "tsx scripts/bench-protocol.ts issue",
"build:apps": "pnpm --filter @peac/app-sandbox-issuer build && pnpm --filter @peac/app-verifier build && pnpm --filter @peac/app-api build",
"test:apps": "pnpm --filter @peac/app-sandbox-issuer test && pnpm --filter @peac/app-verifier test && pnpm --filter @peac/app-api test",
"test:exports": "node scripts/test-package-exports.mjs",
"check:unicode": "bash scripts/check-unicode.sh",
"sanitize:unicode": "node scripts/sanitize-unicode.mjs --fix",
"version:check": "node scripts/check-version-sync.mjs",
"version:bump": "node scripts/bump-version.mjs",
"release:stamp:publish": "node scripts/stamp-release-state.mjs --publish",
"release:stamp:promote": "node scripts/stamp-release-state.mjs --promote",
"release:stamp:check:publish": "node scripts/stamp-release-state.mjs --check --mode publish",
"release:stamp:check:promote": "node scripts/stamp-release-state.mjs --check --mode promote",
"check:zod-major": "node scripts/check-zod-single-major.mjs",
"gate": "bash scripts/gate.sh",
"gate:fast": "bash scripts/gate.sh --fast",
"ci:prepush-fast": "PEAC_FAST=1 bash scripts/guard.sh && pnpm format:check",
"ci:local-parity": "bash scripts/gate.sh",
"evidence-pack": "node scripts/build-submission-pack.mjs",
"release:gate:0.11.3": "bash scripts/release-gate-0.11.3.sh",
"test:property": "vitest run packages/schema/__tests__/json.property.test.ts packages/schema/__tests__/workflow.property.test.ts packages/schema/__tests__/constraints.property.test.ts packages/schema/__tests__/constraints.fuzz.test.ts packages/schema/__tests__/wire02-claims.property.test.ts packages/crypto/__tests__/jws.property.test.ts packages/protocol/__tests__/jti-collision.property.test.ts packages/protocol/__tests__/policy-binding.property.test.ts packages/protocol/__tests__/strictness.property.test.ts packages/protocol/__tests__/verify-local.property.test.ts packages/net/node/tests/jcs-property.test.ts"
},
"devDependencies": {
"@eslint/js": "^10.0.1",
"@peac/adapter-x402": "workspace:*",
"@peac/mappings-acp": "workspace:*",
"@peac/mappings-paymentauth": "workspace:*",
"@peac/mappings-ucp": "workspace:*",
"@peac/rails-stripe": "workspace:*",
"@types/js-yaml": "^4.0.9",
"@types/node": "^22.19.11",
"@vitest/coverage-v8": "^4.1.0",
"ajv": "^8.18.0",
"ajv-formats": "^3.0.1",
"dependency-cruiser": "^17.3.0",
"eslint": "^10.0.1",
"fast-check": "^4.5.3",
"globals": "^17.4.0",
"js-yaml": "^4.1.1",
"lint-staged": "^16.3.1",
"prettier": "^3.8.1",
"tsx": "^4.21.0",
"turbo": "^2.8.10",
"typescript": "^5.3.3",
"typescript-eslint": "^8.56.0",
"vitest": "^4.1.0",
"yaml": "^2.3.4"
},
"engines": {
"node": ">=22.0.0",
"pnpm": ">=8.0.0"
},
"packageManager": "pnpm@8.15.0",
"pnpm": {
"overrides": {
"minimatch": "10.2.4",
"picomatch": ">=4.0.4",
"qs@>=6.7.0 <=6.14.1": "6.14.2",
"zod": "^4.3.6",
"rollup": ">=4.59.0",
"express-rate-limit": ">=8.2.2",
"flatted": "3.4.2",
"path-to-regexp@>=8.0.0": ">=8.4.0",
"yaml": "2.8.3",
"@hono/node-server": ">=1.19.13",
"hono": ">=4.12.12",
"protobufjs": ">=8.0.1"
},
"overridesComments": {
"minimatch": "Cross-major pin to 10.2.4: typescript-estree requires ^9.0.4 but 9.x has no patch for GHSA-3ppc-4f35-3m26. minimatch 10.x is API-compatible (same globbing interface). 10.2.4 patches GHSA-7r86-cg39-jmmj and GHSA-23c5-xmqv-rm74 (ReDoS). Drops Node 18 (fine: repo baseline is >=22.0.0). Lint verified clean.",
"picomatch": "Override to >=4.0.4: patches GHSA-c2c7-rcm5-vvqj (ReDoS via extglob quantifiers). Dev-only via vitest/vite/dependency-cruiser.",
"qs": "Range-scoped: only overrides vulnerable 6.7.0-6.14.1 to 6.14.2 (fixes GHSA-w7fw-mjwx-w883 arrayLimit bypass). Minimal blast radius.",
"zod": "Workspace-wide Zod 4 enforcement: prevents mixed Zod 3/4 which causes runtime TypeError (incompatible internal _parse API). All workspace packages must use Zod 4.",
"rollup": "Override vulnerable 4.53.2 to >=4.59.0 (fixes GHSA-mw96-cpmx-2vgc path traversal). Dev-only via vitest/vite/tsup.",
"express-rate-limit": "Override 8.2.1 to >=8.2.2 (fixes GHSA-46wh-pxpv-q5gq IPv4-mapped IPv6 bypass). Prod dep via @modelcontextprotocol/sdk.",
"flatted": "Override to >=3.4.2 (fixes GHSA-25h7-pfq9-p65f unbounded recursion DoS + GHSA-rf6f-7fwh-wjgh prototype pollution via parse()). Dev-only via eslint -> file-entry-cache -> flat-cache.",
"path-to-regexp@>=8.0.0": "Override to >=8.4.0 (fixes GHSA-j3q9-mxjg-w52f sequential optional groups DoS). Prod dep via @modelcontextprotocol/sdk -> express@5 -> router. path-to-regexp@0.1.12 in express@4 (examples only, not published) is not overridden because 0.1.13 breaks express@4 internal API.",
"yaml": "Pin to 2.8.3 (fixes GHSA-48c2-rrv3-qjmp). Dep via @peac/policy-kit.",
"protobufjs": "Override to >=8.0.1 (fixes GHSA-xq3m-2v4x-88gg arbitrary code execution in protobufjs@8.0.0). Transitive dep via examples/telemetry-otel -> @opentelemetry/otlp-transformer@0.212.0. Examples are private (never published); override protects local eval flows and unblocks CI prod-audit gate."
}
},
"lint-staged": {
"*.{ts,tsx,js,jsx,json,md,yml,yaml}": "prettier --write --ignore-unknown"
}
}