sdk(typescript,v4): P0-4 — align @klickd/core with v4 GA strict schema#44
Merged
Conversation
Mirrors PR #43 (Python SDK V4 GA alignment, merged 4136282) on the TypeScript side: - New validate(payload, { strict, target }) and validateIterErrors matching the Python surface (klickd.validate). Throws KlickdError(KLICKD_E_SCHEMA) with the same 8-issue summary format. - Bundles all four v4 schemas (payload+unified x strict+preview) under src/schemas/, byte-identical to the canonical files in schemas/ and schema/. getBundledSchema(key) and listBundledSchemas() mirror Python's _load_schema affordance. - ajv (>=8.12) added as an OPTIONAL peerDependency — callers that do not invoke validate() keep the v3 crypto-only surface. Lazy-loaded through ajv/dist/2020.js for Draft 2020-12 support; missing-ajv raises KLICKD_E_SCHEMA with a clear install hint. - KlickdPayload extended with the additive v4 GA fields (profile_kind, media_profile, verification_gates, human_veto_policy, claim_sources, migration, ...) and the v1-frozen sub-types (KlickdMediaProfileEntry, KlickdGateEntry, KlickdGateLevel, ...) — parity with packages/pypi/klickd/src/klickd/_types.py. - New Jest suite v4-ga-strict.test.ts mirroring the Python pytest matrix: 5 personas validated against strict+preview+unified schemas, double round-trip preservation, negative cases (unknown gate level, missing media hash, bad modality, unsupported schema version, missing envelope kdf), both structured and flat gate forms accepted, preview/GA cross-acceptance, v3.x non-regression, unknown-field preservation (SPEC.md §33.7), validateIterErrors path/message shape, and KlickdError(code/httpStatus) shape. Results: 61/61 Jest, 63/63 Python pytest, 59/59 Python vectors, 42/42 JS vectors, validate_v4_schemas.py all green, package integrity unchanged. No package version bump. No publish. tsup build flagged with --external ajv and --loader .json=copy so the bundled schemas ship in dist/. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
P0-4 brings the TypeScript SDK (
@klickd/core) into V4 GA alignment, mirroring the surface introduced for the Python SDK in PR #43 (merged4136282). No package version bump; no publish.validate(payload, { strict, target })andvalidateIterErrors(payload, { strict, target })mirror Pythonklickd.validateexactly — same target enum ("payload" | "unified"), same strict default (true), sameKlickdError(KLICKD_E_SCHEMA)shape and 8-issue summary format.schemas/andschema/intopackages/@klickd/core/src/schemas/.getBundledSchema(key)andlistBundledSchemas()expose them programmatically.ajvis an optional peer dependency (>=8.12, Draft 2020-12 viaajv/dist/2020.js). Callers that never callvalidate()keep the v3 crypto-only dependency surface. Missing-ajv raisesKLICKD_E_SCHEMAwith a clear install hint.KlickdPayloadnow carries the additive v4 GA fields, plus the v1-frozen sub-typesKlickdMediaProfileEntry,KlickdGateEntry,KlickdGateLevel,KlickdHumanVetoPolicy,KlickdClaimSources,KlickdMigrationV1,KlickdVerificationGatesV1,KlickdMediaProfileV1— parity withpackages/pypi/klickd/src/klickd/_types.py.v4-ga-strict.test.ts) mirrors the Python pytest matrix:validateIterErrorsempty-on-valid +{path, message}shapeKlickdError.code = 'KLICKD_E_SCHEMA'+httpStatus = 400tsupinvocation updated with--external ajv --loader .json=copyso the bundled schemas ship indist/and ajv stays optional at install time.No changes to
decode.ts,encode.ts,errors.ts, or to the Python SDK. No release/tag/Zenodo, no npm publish.Test plan
npm testinpackages/@klickd/core→ 61/61 Jest tests pass (3 suites)python -m pytest tests/ -qinpackages/pypi/klickd→ 63/63 pass (no regression on the Python side)python3 verify_vectors.py→ 59/59 vectors pass (v2.5 + v3.0 + adversarial + v4.0-preview)node verify_vectors.mjs(withnpm installat repo root forhash-wasm) → 42/42 vectors pass, 0 skippedpython3 scripts/validate_v4_schemas.py→ all persona/unified/payload/vector/negative cases OK@klickd/core — package integrity checkstep run locally → OK (required deps present, source files present, version unchanged at4.0.0-preview.1)Argon2id CI skip note (not in scope here)
node verify_vectors.mjsskips v3.0 / v4.0-preview vectors whenhash-wasmis absent. The existing workflow runsnpm installfirst, so it is unaffected in CI. No change toverify_vectors.mjsor workflows in this PR. If a future PR wants zero-skip in environments without a rootnode_modules/, a minimal option would be to lazy-loadhash-wasmfrompackages/@klickd/core/node_modulesas a fallback — left as a separate change.Governance
npm publish, no PyPI publish, no Zenodo deposit.versionbump (still4.0.0-preview.1).packages/@klickd/core/{package.json, src/types.ts, src/index.ts, src/validate.ts (new), src/schemas/*.json (new), src/__tests__/v4-ga-strict.test.ts (new)}.🤖 Generated with Claude Code