From 70e319fef8c358d96fee528137843ccd853ecb55 Mon Sep 17 00:00:00 2001 From: Sterister Date: Sun, 3 May 2026 19:36:47 +0200 Subject: [PATCH] release(v4.0.1): strict-TS publishability fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 4.0.0 shipped TypeScript source as published main/types, but several files only compiled inside the monorepo. Consumer projects (Dispatch, etc.) running their own strict tsc against our published source hit: - @shade/key-transparency: 4 noUnusedLocals violations (IndexAbsenceProof, IndexInclusionProof, IndexProofWire, nodeHash) - @shade/sdk: KT verifier callbacks returned Promise instead of Promise / Promise<{ proof: string[] }> - @shade/sdk: thumbnail.ts globalThis cast collided with consumer's lib.dom-supplied createImageBitmap signature - @shade/files: cycle with @shade/sdk produced "this is not assignable to type 'Shade'" because hoisted node_modules layouts duplicated the Shade class. Broken by replacing `import type { Shade }` with a local structural ShadeBridge interface. - @shade/storage-encrypted: KeyUsage (lib.dom) used under lib: ["ES2022"] - @shade/transport-bridge: ReadableStreamDefaultReader mismatch - @shade/keychain / @shade/dashboard / @shade/storage-encrypted tsconfig rootDir / include hygiene Tooling: scripts/typecheck-all.ts runs `bunx tsc --noEmit` against every workspace package's tsconfig and fails on any error. Wired into publish:dry / publish:all and publish-shade.sh as a hard gate so this class of bug cannot recur. All 24 packages bumped to 4.0.1 in lockstep. Migration: now requires an explicit `files` prop (pass `shade.files`). Wire format unchanged. Co-Authored-By: Claude Opus 4.7 (1M context) --- CHANGELOG.md | 97 +++++++++++++++++++ package.json | 6 +- packages/shade-cli/package.json | 2 +- packages/shade-core/package.json | 2 +- packages/shade-crypto-web/package.json | 2 +- packages/shade-dashboard/package.json | 2 +- packages/shade-dashboard/tsconfig.json | 2 +- packages/shade-files/package.json | 2 +- packages/shade-files/src/client/client.ts | 4 +- .../src/integration/files-namespace.ts | 4 +- .../src/integration/shade-bridge.ts | 67 +++++++++++++ .../src/react/ShadeFilesProvider.tsx | 18 ++-- packages/shade-files/src/rpc/channel.ts | 9 +- .../shade-files/src/server/handler-context.ts | 4 +- packages/shade-files/src/server/handler.ts | 4 +- packages/shade-inbox-server/package.json | 2 +- packages/shade-inbox/package.json | 2 +- packages/shade-key-transparency/package.json | 2 +- .../shade-key-transparency/src/index-tree.ts | 2 +- .../shade-key-transparency/src/manager.ts | 2 - packages/shade-key-transparency/src/proof.ts | 2 +- packages/shade-key-transparency/tsconfig.json | 5 + packages/shade-keychain/package.json | 2 +- packages/shade-keychain/tsconfig.json | 3 +- packages/shade-observability/package.json | 2 +- packages/shade-observer/package.json | 2 +- packages/shade-proto/package.json | 2 +- packages/shade-recovery/package.json | 2 +- packages/shade-sdk/package.json | 2 +- packages/shade-sdk/src/shade.ts | 10 +- packages/shade-sdk/src/thumbnail.ts | 8 +- packages/shade-server/package.json | 2 +- packages/shade-storage-encrypted/package.json | 2 +- .../src/crypto/aead.ts | 14 ++- .../shade-storage-encrypted/tsconfig.json | 3 +- packages/shade-storage-postgres/package.json | 2 +- packages/shade-storage-sqlite/package.json | 2 +- packages/shade-streams/package.json | 2 +- packages/shade-transfer/package.json | 2 +- packages/shade-transport-bridge/package.json | 2 +- .../shade-transport-bridge/src/sse-bridge.ts | 2 +- packages/shade-transport-webrtc/package.json | 2 +- packages/shade-transport/package.json | 2 +- packages/shade-widgets/package.json | 2 +- .../components/transfer/ThumbnailPreview.tsx | 1 - scripts/publish-shade.sh | 4 + scripts/typecheck-all.ts | 75 ++++++++++++++ 47 files changed, 335 insertions(+), 59 deletions(-) create mode 100644 packages/shade-files/src/integration/shade-bridge.ts create mode 100644 packages/shade-key-transparency/tsconfig.json create mode 100644 scripts/typecheck-all.ts diff --git a/CHANGELOG.md b/CHANGELOG.md index 6d62277..14536ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,103 @@ All notable changes to Shade are documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [4.0.1] — 2026-05-03 — Strict-TS publishability fixes + +`4.0.0` shipped TypeScript source files as the published `main` / +`types`, which meant every consumer's `tsc` had to compile our code +under their own strict settings. Several files only compiled inside +the monorepo (where peer-dep cycles resolve via workspace links and +the `lib` array doesn't include `DOM`). This release makes all 24 +packages compile cleanly under the strict-flagged tsconfig that ships +with the repo, and wires a `bun run typecheck` gate into both the +`publish:dry` and `publish:all` flows so this category of bug cannot +recur. + +### Fixed + +#### `@shade/key-transparency` +- Removed unused imports `IndexAbsenceProof`, `IndexInclusionProof` + (`src/manager.ts`), `nodeHash` (`src/index-tree.ts`). +- `IndexProofWire` is now exported (was a private type that + `noUnusedLocals` flagged). +- Added missing `tsconfig.json` so the package can be type-checked + in isolation. + +#### `@shade/sdk` +- KT verifier wiring: `fetchLatestSTH()` and `fetchConsistencyProof()` + now have explicit return types (`Promise` and + `Promise<{ proof: string[] }>`) so consumers don't see + `Promise` from `res.json()`. +- `STHWire` type is now imported from `@shade/key-transparency`. +- `thumbnail.ts`: cast `globalThis` through `unknown` first when + reading optional DOM globals (`OffscreenCanvas`, `createImageBitmap`) + so consumer projects that include `lib.dom` don't reject our + narrower local types as "insufficiently overlapping". + +#### `@shade/files` +- **Broke the `@shade/sdk` ↔ `@shade/files` dependency cycle.** + `@shade/files` no longer imports `Shade` from `@shade/sdk` — every + callsite uses a new local `ShadeBridge` interface defined in + `src/integration/shade-bridge.ts`. This is the structural surface + Shade must satisfy: `myAddress`, `send`, `onMessage`, `upload`, + `onIncomingTransfer`, `getFingerprintFor` (required) plus + `getObservability`, `deliverControlEnvelope` (optional). The Shade + class structurally implements every member, so + `createFilesNamespace(this)` from the SDK side compiles regardless + of how many copies of `@shade/sdk` a consumer's package manager + hoists. **Fixes "this is not assignable to type 'Shade'"** in + consumer builds. +- `` now takes `files: FilesNamespace` as an + explicit prop instead of reading `shade.files`. Consumers pass + `shade.files` (or any `createFilesNamespace(...)` result for tests) + directly. +- `ShadeFileRpcChannel.send` now raises a clear error when + `deliverControlEnvelope` is undefined instead of producing an + implicit-undefined-call error at compile time. + +#### `@shade/storage-encrypted` +- Replaced `KeyUsage` (a `lib.dom` type) with a local + `WebCryptoKeyUsage` union so the package compiles under + `lib: ["ES2022"]` without DOM. +- Fixed `tsconfig.json` `rootDir` so package-level `bunx tsc` works. + +#### `@shade/transport-bridge` +- `sse-bridge.ts`: cast `res.body.getReader()` to + `ReadableStreamDefaultReader` so the strict reader-type + parity check in the consume loop passes. + +#### `@shade/keychain` / `@shade/dashboard` +- Fixed `tsconfig.json` `rootDir` and `include` so the packages can + type-check standalone (and so `vite.config.ts` doesn't get pulled + into the dashboard's `rootDir`). + +#### `@shade/widgets` +- Removed unused `ThumbnailMime` import in + `components/transfer/ThumbnailPreview.tsx`. + +### Tooling + +- New `scripts/typecheck-all.ts` — runs `bunx tsc --noEmit` against + every workspace package's `tsconfig.json` and fails if any reports + errors. +- New `bun run typecheck` script. +- `publish:dry` and `publish:all` now run `prepublish:check` + (`typecheck` + `test`) before any package is packed or published. +- `scripts/publish-shade.sh` calls the typecheck-all gate before + invoking the publisher. + +### Migration + +`4.0.0 → 4.0.1` is wire-compatible and source-compatible with one +exception: + +- `` requires a `files` prop. Previously + `...` worked; + it now must be ``. + +No on-disk schema changes. No package-version-pin changes outside +the lockstep `4.0.0 → 4.0.1` bump. + ## [4.0.0] — 2026-05-03 — General Availability Shade 4.0 is the first GA-marked release: every plan from V3.1 through diff --git a/package.json b/package.json index 8a8a4d7..aff4278 100644 --- a/package.json +++ b/package.json @@ -16,8 +16,10 @@ "version": "bun run scripts/bump-version.ts", "soak": "bun run scripts/soak.ts", "soak:smoke": "bun run scripts/soak.ts --hours 0.05 --pairs 4", - "publish:dry": "DRY_RUN=1 bun run scripts/publish-all.ts", - "publish:all": "bash scripts/publish-shade.sh", + "typecheck": "bun run scripts/typecheck-all.ts", + "prepublish:check": "bun run typecheck", + "publish:dry": "bun run prepublish:check && DRY_RUN=1 bun run scripts/publish-all.ts", + "publish:all": "bun run prepublish:check && bash scripts/publish-shade.sh", "build:docker": "bun run scripts/build-docker.ts", "publish:docker": "bun run scripts/build-docker.ts -- --push" }, diff --git a/packages/shade-cli/package.json b/packages/shade-cli/package.json index 6061dfe..3e1b3b7 100644 --- a/packages/shade-cli/package.json +++ b/packages/shade-cli/package.json @@ -1,6 +1,6 @@ { "name": "@shade/cli", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/cli.ts", "bin": { diff --git a/packages/shade-core/package.json b/packages/shade-core/package.json index ca5ce3a..4cae89c 100644 --- a/packages/shade-core/package.json +++ b/packages/shade-core/package.json @@ -1,6 +1,6 @@ { "name": "@shade/core", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-crypto-web/package.json b/packages/shade-crypto-web/package.json index 471519c..edb11d8 100644 --- a/packages/shade-crypto-web/package.json +++ b/packages/shade-crypto-web/package.json @@ -1,6 +1,6 @@ { "name": "@shade/crypto-web", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-dashboard/package.json b/packages/shade-dashboard/package.json index e3fb5b5..664bddd 100644 --- a/packages/shade-dashboard/package.json +++ b/packages/shade-dashboard/package.json @@ -1,6 +1,6 @@ { "name": "@shade/dashboard", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "scripts": { "dev": "vite", diff --git a/packages/shade-dashboard/tsconfig.json b/packages/shade-dashboard/tsconfig.json index 035d463..74b047e 100644 --- a/packages/shade-dashboard/tsconfig.json +++ b/packages/shade-dashboard/tsconfig.json @@ -8,5 +8,5 @@ "module": "ESNext", "moduleResolution": "bundler" }, - "include": ["src", "vite.config.ts"] + "include": ["src"] } diff --git a/packages/shade-files/package.json b/packages/shade-files/package.json index 8d4eee6..c37f9d3 100644 --- a/packages/shade-files/package.json +++ b/packages/shade-files/package.json @@ -1,6 +1,6 @@ { "name": "@shade/files", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-files/src/client/client.ts b/packages/shade-files/src/client/client.ts index bcad3b0..5087ce0 100644 --- a/packages/shade-files/src/client/client.ts +++ b/packages/shade-files/src/client/client.ts @@ -1,4 +1,4 @@ -import type { Shade } from '@shade/sdk'; +import type { ShadeBridge } from '../integration/shade-bridge.js'; import { KIND_CUSTOM_V1, KIND_DELETE_V1, @@ -184,7 +184,7 @@ export interface CreateFileClientOptions { * transfers that carry the actual bytes. */ export function createFileClient( - shade: Shade, + shade: ShadeBridge, channel: ShadeFileRpcChannel, pending: PendingRpcRegistry, peerAddress: string, diff --git a/packages/shade-files/src/integration/files-namespace.ts b/packages/shade-files/src/integration/files-namespace.ts index 87b1204..6cf7904 100644 --- a/packages/shade-files/src/integration/files-namespace.ts +++ b/packages/shade-files/src/integration/files-namespace.ts @@ -4,7 +4,7 @@ * so a single Shade can simultaneously serve files AND consume them from * peers without paying the setup cost twice. */ -import type { Shade } from '@shade/sdk'; +import type { ShadeBridge } from './shade-bridge.js'; import { attachClientRouting, attachFileHandler, @@ -54,7 +54,7 @@ interface NamespaceState { * Construct a `FilesNamespace` bound to a Shade instance. The SDK's * `Shade.files` getter calls this lazily and memoizes the result. */ -export function createFilesNamespace(shade: Shade): FilesNamespace { +export function createFilesNamespace(shade: ShadeBridge): FilesNamespace { const state: NamespaceState = { channel: new ShadeFileRpcChannel(shade), pending: new PendingRpcRegistry(), diff --git a/packages/shade-files/src/integration/shade-bridge.ts b/packages/shade-files/src/integration/shade-bridge.ts new file mode 100644 index 0000000..01ffd15 --- /dev/null +++ b/packages/shade-files/src/integration/shade-bridge.ts @@ -0,0 +1,67 @@ +/** + * Structural surface @shade/files needs from a Shade instance. + * + * Defining this locally — instead of `import type { Shade } from '@shade/sdk'` + * — breaks the @shade/sdk ↔ @shade/files dependency cycle. Without this + * break, a consumer that installs @shade/sdk from a registry ends up with + * two distinct `Shade` classes in `node_modules` (one from + * `@shade/sdk/node_modules/@shade/files/.../Shade`, one from + * `@shade/sdk/Shade`). TypeScript treats them as nominally different types, + * raising `this is not assignable to Shade` from inside SDK methods that + * pass `this` into `createFilesNamespace`. + * + * The Shade class structurally implements every member listed below, so + * `createFilesNamespace(this)` from the SDK side compiles regardless of + * how many copies of @shade/sdk a consumer's package manager installs. + * + * Member signatures match Shade's exactly so this is a structural + * subtype, not a parallel API. + */ +import type { ShadeEnvelope } from '@shade/core'; +import type { + IncomingTransfer, + TransferHandle, + TransferOptions, +} from '@shade/transfer'; +import type { ObservabilityHook } from '@shade/observability'; + +export interface ShadeBridge { + /** Address that names this Shade instance to peers. */ + readonly myAddress: string; + + /** Encrypt + send `plaintext` to `peer`; returns the wire envelope. */ + send(peer: string, plaintext: string): Promise; + + /** + * Subscribe to incoming ratchet plaintext. Returns an unsubscribe. + * Handlers may be sync or async; async handlers are awaited in + * registration order. + */ + onMessage( + handler: (from: string, plaintext: string) => void | Promise, + ): () => void; + + /** + * Upload bytes via the SDK's transfer engine. Required when the bridge + * is used with `streams` content I/O (read/write > 256 KiB). + */ + upload(opts: TransferOptions): Promise; + + /** Subscribe to incoming transfers initiated by a peer. */ + onIncomingTransfer( + handler: (incoming: IncomingTransfer) => void | Promise, + ): Promise<() => void>; + + /** Fingerprint accessor for the trust-gate hooks. */ + getFingerprintFor(peer: string): Promise; + + /** + * Optional inheritable observability bus. Files inherits the bus when + * the SDK passes one in via the namespace; otherwise files runs without + * observability hooks. + */ + getObservability?(): ObservabilityHook | undefined; + + /** Optional control-envelope passthrough used by the WebRTC bridge. */ + deliverControlEnvelope?(peer: string, envelope: ShadeEnvelope): Promise; +} diff --git a/packages/shade-files/src/react/ShadeFilesProvider.tsx b/packages/shade-files/src/react/ShadeFilesProvider.tsx index 74b9fa4..0285105 100644 --- a/packages/shade-files/src/react/ShadeFilesProvider.tsx +++ b/packages/shade-files/src/react/ShadeFilesProvider.tsx @@ -1,17 +1,23 @@ import React, { createContext, useContext, useMemo } from 'react'; -import type { Shade } from '@shade/sdk'; +import type { ShadeBridge } from '../integration/shade-bridge.js'; import type { FilesNamespace } from '../integration/files-namespace.js'; export interface ShadeFilesContextValue { - shade: Shade; + shade: ShadeBridge; files: FilesNamespace; } const ShadeFilesContext = createContext(null); export interface ShadeFilesProviderProps { - /** Initialized `Shade` instance. `files` namespace is read off it lazily. */ - shade: Shade; + /** Initialized `Shade` instance (or any `ShadeBridge`-shaped object). */ + shade: ShadeBridge; + /** + * The `FilesNamespace` to expose to children. Pass `shade.files` from + * `@shade/sdk`, or a `createFilesNamespace(...)` result for tests / + * custom bridges. + */ + files: FilesNamespace; children: React.ReactNode; } @@ -20,8 +26,8 @@ export interface ShadeFilesProviderProps { * `` in `@shade/widgets` so file-RPC consumers * don't pull in the widget tree. */ -export function ShadeFilesProvider({ shade, children }: ShadeFilesProviderProps): React.ReactElement { - const value = useMemo(() => ({ shade, files: shade.files }), [shade]); +export function ShadeFilesProvider({ shade, files, children }: ShadeFilesProviderProps): React.ReactElement { + const value = useMemo(() => ({ shade, files }), [shade, files]); return React.createElement(ShadeFilesContext.Provider, { value }, children); } diff --git a/packages/shade-files/src/rpc/channel.ts b/packages/shade-files/src/rpc/channel.ts index 3c452e8..7cd3c11 100644 --- a/packages/shade-files/src/rpc/channel.ts +++ b/packages/shade-files/src/rpc/channel.ts @@ -1,4 +1,4 @@ -import type { Shade } from '@shade/sdk'; +import type { ShadeBridge } from '../integration/shade-bridge.js'; import { encodeEnvelope, looksLikeFileEnvelope, @@ -35,7 +35,7 @@ export class ShadeFileRpcChannel { private readonly unsubscribe: () => void; private destroyed = false; - constructor(private readonly shade: Shade) { + constructor(private readonly shade: ShadeBridge) { this.unsubscribe = shade.onMessage(async (from, plaintext) => { if (!looksLikeFileEnvelope(plaintext)) return; const classified = tryParseEnvelope(plaintext); @@ -72,6 +72,11 @@ export class ShadeFileRpcChannel { if (this.destroyed) throw new Error('ShadeFileRpcChannel: destroyed'); const plaintext = encodeEnvelope(envelope); const ratchetEnvelope = await this.shade.send(peerAddress, plaintext); + if (this.shade.deliverControlEnvelope === undefined) { + throw new Error( + 'ShadeFileRpcChannel: shade.deliverControlEnvelope is required — call shade.configureTransfers({ resolveBaseUrl }) before using the files namespace.', + ); + } await this.shade.deliverControlEnvelope(peerAddress, ratchetEnvelope); } diff --git a/packages/shade-files/src/server/handler-context.ts b/packages/shade-files/src/server/handler-context.ts index a9cfeab..1e158d3 100644 --- a/packages/shade-files/src/server/handler-context.ts +++ b/packages/shade-files/src/server/handler-context.ts @@ -1,4 +1,4 @@ -import type { Shade } from '@shade/sdk'; +import type { ShadeBridge } from '../integration/shade-bridge.js'; import type { StandardOp } from '../protocol/kinds.js'; export type OpKind = StandardOp | `custom:${string}`; @@ -42,7 +42,7 @@ export function buildOpContext(args: { signal: AbortSignal; idempotencyKey: string | undefined; attemptNumber: number; - shade: Shade; + shade: ShadeBridge; }): OpContext { return { op: args.op, diff --git a/packages/shade-files/src/server/handler.ts b/packages/shade-files/src/server/handler.ts index fb3911e..71e35b7 100644 --- a/packages/shade-files/src/server/handler.ts +++ b/packages/shade-files/src/server/handler.ts @@ -1,4 +1,4 @@ -import type { Shade } from '@shade/sdk'; +import type { ShadeBridge } from '../integration/shade-bridge.js'; import type { ZodTypeAny } from 'zod'; import { MUTATION_OPS, @@ -215,7 +215,7 @@ const OP_SCHEMAS: Record = { * via `Shade.files.serve(...)` in the SDK). */ export function createFileHandler( - shade: Shade, + shade: ShadeBridge, config: FileHandlerConfig, ): FileHandler { const idempotency = new IdempotencyCache(config.idempotency); diff --git a/packages/shade-inbox-server/package.json b/packages/shade-inbox-server/package.json index 0efb2bf..6612c13 100644 --- a/packages/shade-inbox-server/package.json +++ b/packages/shade-inbox-server/package.json @@ -1,6 +1,6 @@ { "name": "@shade/inbox-server", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-inbox/package.json b/packages/shade-inbox/package.json index 7df885f..f1cf85f 100644 --- a/packages/shade-inbox/package.json +++ b/packages/shade-inbox/package.json @@ -1,6 +1,6 @@ { "name": "@shade/inbox", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-key-transparency/package.json b/packages/shade-key-transparency/package.json index 048f00d..995f6fc 100644 --- a/packages/shade-key-transparency/package.json +++ b/packages/shade-key-transparency/package.json @@ -1,6 +1,6 @@ { "name": "@shade/key-transparency", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-key-transparency/src/index-tree.ts b/packages/shade-key-transparency/src/index-tree.ts index c3e4625..cabffb0 100644 --- a/packages/shade-key-transparency/src/index-tree.ts +++ b/packages/shade-key-transparency/src/index-tree.ts @@ -21,7 +21,7 @@ * the dataset grows enough that flat re-hash becomes a bottleneck. */ -import { leafHash, nodeHash, emptyRootHash } from './hashes.js'; +import { leafHash, emptyRootHash } from './hashes.js'; import { sha256Sync } from './sha256.js'; import { constantTimeEqual } from './util.js'; import { mth, auditPath, recomputeRootFromAuditPath } from './log.js'; diff --git a/packages/shade-key-transparency/src/manager.ts b/packages/shade-key-transparency/src/manager.ts index 9325f21..0d12851 100644 --- a/packages/shade-key-transparency/src/manager.ts +++ b/packages/shade-key-transparency/src/manager.ts @@ -24,8 +24,6 @@ import { MerkleLog, auditPath } from './log.js'; import { AddressIndex, type AddressIndexEntry, - type IndexAbsenceProof, - type IndexInclusionProof, } from './index-tree.js'; import { type SignedTreeHead, diff --git a/packages/shade-key-transparency/src/proof.ts b/packages/shade-key-transparency/src/proof.ts index 68d19ca..1e1ea39 100644 --- a/packages/shade-key-transparency/src/proof.ts +++ b/packages/shade-key-transparency/src/proof.ts @@ -111,7 +111,7 @@ interface IndexAbsenceWire { } | null; } -type IndexProofWire = IndexInclusionWire | IndexAbsenceWire; +export type IndexProofWire = IndexInclusionWire | IndexAbsenceWire; interface BundleInclusionWire { kind: 'inclusion' | 'tombstone'; diff --git a/packages/shade-key-transparency/tsconfig.json b/packages/shade-key-transparency/tsconfig.json new file mode 100644 index 0000000..a3e0a93 --- /dev/null +++ b/packages/shade-key-transparency/tsconfig.json @@ -0,0 +1,5 @@ +{ + "extends": "../../tsconfig.json", + "compilerOptions": { "outDir": "dist", "rootDir": "src" }, + "include": ["src"] +} diff --git a/packages/shade-keychain/package.json b/packages/shade-keychain/package.json index 46fd475..6706ba2 100644 --- a/packages/shade-keychain/package.json +++ b/packages/shade-keychain/package.json @@ -1,6 +1,6 @@ { "name": "@shade/keychain", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-keychain/tsconfig.json b/packages/shade-keychain/tsconfig.json index e0c192b..a3e0a93 100644 --- a/packages/shade-keychain/tsconfig.json +++ b/packages/shade-keychain/tsconfig.json @@ -1,4 +1,5 @@ { "extends": "../../tsconfig.json", - "include": ["src/**/*", "tests/**/*"] + "compilerOptions": { "outDir": "dist", "rootDir": "src" }, + "include": ["src"] } diff --git a/packages/shade-observability/package.json b/packages/shade-observability/package.json index ede35ba..e9cbde8 100644 --- a/packages/shade-observability/package.json +++ b/packages/shade-observability/package.json @@ -1,6 +1,6 @@ { "name": "@shade/observability", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-observer/package.json b/packages/shade-observer/package.json index c8c7c58..ee5c552 100644 --- a/packages/shade-observer/package.json +++ b/packages/shade-observer/package.json @@ -1,6 +1,6 @@ { "name": "@shade/observer", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-proto/package.json b/packages/shade-proto/package.json index b1b000a..5754821 100644 --- a/packages/shade-proto/package.json +++ b/packages/shade-proto/package.json @@ -1,6 +1,6 @@ { "name": "@shade/proto", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-recovery/package.json b/packages/shade-recovery/package.json index 253c139..0691237 100644 --- a/packages/shade-recovery/package.json +++ b/packages/shade-recovery/package.json @@ -1,6 +1,6 @@ { "name": "@shade/recovery", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-sdk/package.json b/packages/shade-sdk/package.json index 1655b4d..8dd8d42 100644 --- a/packages/shade-sdk/package.json +++ b/packages/shade-sdk/package.json @@ -1,6 +1,6 @@ { "name": "@shade/sdk", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-sdk/src/shade.ts b/packages/shade-sdk/src/shade.ts index 804a181..30282f0 100644 --- a/packages/shade-sdk/src/shade.ts +++ b/packages/shade-sdk/src/shade.ts @@ -21,7 +21,7 @@ import { import { encodeEnvelope, decodeEnvelope, inspectEnvelopeType } from '@shade/proto'; import { ShadeFetchTransport, type KTVerifierOptions } from '@shade/transport'; import { LightWitness } from '@shade/key-transparency'; -import type { SignedTreeHead } from '@shade/key-transparency'; +import type { SignedTreeHead, STHWire } from '@shade/key-transparency'; import { TransferEngine, ShadeTransferHttpTransport, @@ -217,15 +217,15 @@ export class Shade { maxStaleMs: this.config.keyTransparency.maxStaleMs, maxStored: this.config.keyTransparency.witnessMaxStored, fetcher: { - async fetchLatestSTH() { + async fetchLatestSTH(): Promise { const res = await fetch(`${baseUrl}/v1/kt/sth`); if (!res.ok) throw new Error(`KT /sth: ${res.status}`); - return res.json(); + return (await res.json()) as STHWire; }, - async fetchConsistencyProof(from, to) { + async fetchConsistencyProof(from, to): Promise<{ proof: string[] }> { const res = await fetch(`${baseUrl}/v1/kt/consistency?from=${from}&to=${to}`); if (!res.ok) throw new Error(`KT /consistency: ${res.status}`); - return res.json(); + return (await res.json()) as { proof: string[] }; }, }, }); diff --git a/packages/shade-sdk/src/thumbnail.ts b/packages/shade-sdk/src/thumbnail.ts index 5280567..11c49b8 100644 --- a/packages/shade-sdk/src/thumbnail.ts +++ b/packages/shade-sdk/src/thumbnail.ts @@ -59,12 +59,16 @@ interface CreateImageBitmapFn { } function getOffscreenCanvasCtor(): OffscreenCanvasCtor | null { - const g = globalThis as { OffscreenCanvas?: OffscreenCanvasCtor }; + const g = globalThis as unknown as { OffscreenCanvas?: OffscreenCanvasCtor }; return g.OffscreenCanvas ?? null; } function getCreateImageBitmap(): CreateImageBitmapFn | null { - const g = globalThis as { createImageBitmap?: CreateImageBitmapFn }; + // `globalThis.createImageBitmap` (when DOM lib is loaded) has a wider + // signature than our minimal `CreateImageBitmapFn`. Cast through + // `unknown` so consumer tsconfigs that include "DOM" don't reject the + // narrower local type as "insufficiently overlapping". + const g = globalThis as unknown as { createImageBitmap?: CreateImageBitmapFn }; return g.createImageBitmap ?? null; } diff --git a/packages/shade-server/package.json b/packages/shade-server/package.json index f48d293..4e658cc 100644 --- a/packages/shade-server/package.json +++ b/packages/shade-server/package.json @@ -1,6 +1,6 @@ { "name": "@shade/server", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-storage-encrypted/package.json b/packages/shade-storage-encrypted/package.json index 221e743..1572f7e 100644 --- a/packages/shade-storage-encrypted/package.json +++ b/packages/shade-storage-encrypted/package.json @@ -1,6 +1,6 @@ { "name": "@shade/storage-encrypted", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-storage-encrypted/src/crypto/aead.ts b/packages/shade-storage-encrypted/src/crypto/aead.ts index 79bb00d..0a7ad48 100644 --- a/packages/shade-storage-encrypted/src/crypto/aead.ts +++ b/packages/shade-storage-encrypted/src/crypto/aead.ts @@ -11,11 +11,23 @@ const NONCE_LEN = 12; +// Local mirror of the WebCrypto KeyUsage union — avoids depending on +// `lib.dom` (we run on Bun + plain ES2022) while keeping API parity. +type WebCryptoKeyUsage = + | 'encrypt' + | 'decrypt' + | 'sign' + | 'verify' + | 'deriveKey' + | 'deriveBits' + | 'wrapKey' + | 'unwrapKey'; + function bs(u: Uint8Array): ArrayBuffer { return u as unknown as ArrayBuffer; } -async function importKey(key: Uint8Array, usages: KeyUsage[]): Promise { +async function importKey(key: Uint8Array, usages: WebCryptoKeyUsage[]): Promise { if (key.length !== 32) throw new Error(`AES-256-GCM key must be 32 bytes, got ${key.length}`); return globalThis.crypto.subtle.importKey('raw', bs(key), 'AES-GCM', false, usages); } diff --git a/packages/shade-storage-encrypted/tsconfig.json b/packages/shade-storage-encrypted/tsconfig.json index e0c192b..a3e0a93 100644 --- a/packages/shade-storage-encrypted/tsconfig.json +++ b/packages/shade-storage-encrypted/tsconfig.json @@ -1,4 +1,5 @@ { "extends": "../../tsconfig.json", - "include": ["src/**/*", "tests/**/*"] + "compilerOptions": { "outDir": "dist", "rootDir": "src" }, + "include": ["src"] } diff --git a/packages/shade-storage-postgres/package.json b/packages/shade-storage-postgres/package.json index 347f077..674e550 100644 --- a/packages/shade-storage-postgres/package.json +++ b/packages/shade-storage-postgres/package.json @@ -1,6 +1,6 @@ { "name": "@shade/storage-postgres", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-storage-sqlite/package.json b/packages/shade-storage-sqlite/package.json index 5dd39fd..28dd5b3 100644 --- a/packages/shade-storage-sqlite/package.json +++ b/packages/shade-storage-sqlite/package.json @@ -1,6 +1,6 @@ { "name": "@shade/storage-sqlite", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-streams/package.json b/packages/shade-streams/package.json index 0cefdfe..641e431 100644 --- a/packages/shade-streams/package.json +++ b/packages/shade-streams/package.json @@ -1,6 +1,6 @@ { "name": "@shade/streams", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-transfer/package.json b/packages/shade-transfer/package.json index 0fc36d9..b68f0fe 100644 --- a/packages/shade-transfer/package.json +++ b/packages/shade-transfer/package.json @@ -1,6 +1,6 @@ { "name": "@shade/transfer", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-transport-bridge/package.json b/packages/shade-transport-bridge/package.json index 6167458..4087af1 100644 --- a/packages/shade-transport-bridge/package.json +++ b/packages/shade-transport-bridge/package.json @@ -1,6 +1,6 @@ { "name": "@shade/transport-bridge", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-transport-bridge/src/sse-bridge.ts b/packages/shade-transport-bridge/src/sse-bridge.ts index 108d8bf..8a54646 100644 --- a/packages/shade-transport-bridge/src/sse-bridge.ts +++ b/packages/shade-transport-bridge/src/sse-bridge.ts @@ -127,7 +127,7 @@ export class SseBridge implements BridgeTransport { if (!res.body) { throw new BridgeError('SSE response has no body'); } - this.currentReader = res.body.getReader(); + this.currentReader = res.body.getReader() as ReadableStreamDefaultReader; this.connected = true; } diff --git a/packages/shade-transport-webrtc/package.json b/packages/shade-transport-webrtc/package.json index f625fcf..a5e0caf 100644 --- a/packages/shade-transport-webrtc/package.json +++ b/packages/shade-transport-webrtc/package.json @@ -1,6 +1,6 @@ { "name": "@shade/transport-webrtc", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-transport/package.json b/packages/shade-transport/package.json index 42ee39b..d982487 100644 --- a/packages/shade-transport/package.json +++ b/packages/shade-transport/package.json @@ -1,6 +1,6 @@ { "name": "@shade/transport", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-widgets/package.json b/packages/shade-widgets/package.json index 4cacd94..6df21d3 100644 --- a/packages/shade-widgets/package.json +++ b/packages/shade-widgets/package.json @@ -1,6 +1,6 @@ { "name": "@shade/widgets", - "version": "4.0.0", + "version": "4.0.1", "type": "module", "main": "src/index.ts", "types": "src/index.ts", diff --git a/packages/shade-widgets/src/components/transfer/ThumbnailPreview.tsx b/packages/shade-widgets/src/components/transfer/ThumbnailPreview.tsx index b9094c3..5dc4731 100644 --- a/packages/shade-widgets/src/components/transfer/ThumbnailPreview.tsx +++ b/packages/shade-widgets/src/components/transfer/ThumbnailPreview.tsx @@ -2,7 +2,6 @@ import React, { useEffect, useRef, useState } from 'react'; import { isAllowedThumbnailMime, THUMBNAIL_MAX_BYTES, - type ThumbnailMime, } from '@shade/sdk'; import { useShadeRuntimeTheme } from '../../ShadeRuntimeProvider.js'; diff --git a/scripts/publish-shade.sh b/scripts/publish-shade.sh index 6e1bf69..6104f77 100755 --- a/scripts/publish-shade.sh +++ b/scripts/publish-shade.sh @@ -127,6 +127,10 @@ export GITEA_TOKEN="$TOKEN" cd "$SHADE_DIR" echo +echo "Type-check (strict TS) før publish ..." +echo "----------------------------------------" +bun run scripts/typecheck-all.ts +echo echo "Kjører scripts/publish-all.ts i $SHADE_DIR" echo "----------------------------------------" bun run scripts/publish-all.ts diff --git a/scripts/typecheck-all.ts b/scripts/typecheck-all.ts new file mode 100644 index 0000000..9ceee8f --- /dev/null +++ b/scripts/typecheck-all.ts @@ -0,0 +1,75 @@ +#!/usr/bin/env bun +/** + * Pre-publish gate — type-check every workspace package against the + * monorepo's strict tsconfig. + * + * Required before any publish. The Bun test runner is intentionally + * permissive (it transpiles, doesn't type-check), so without this gate + * a package can pass `bun test` and still ship code that fails to + * compile in a downstream consumer's strict TS project. + * + * Usage: + * bun run scripts/typecheck-all.ts # check every package + * bun run scripts/typecheck-all.ts core sdk # check only listed + * + * Exit code 0 if every package compiles, 1 otherwise. + */ +import { readdirSync, statSync, existsSync } from 'fs'; +import { join } from 'path'; +import { $ } from 'bun'; + +const ROOT = join(import.meta.dir, '..'); +const PACKAGES_DIR = join(ROOT, 'packages'); + +const filter = new Set(process.argv.slice(2)); + +const packages = readdirSync(PACKAGES_DIR).filter((name) => { + const p = join(PACKAGES_DIR, name); + if (!statSync(p).isDirectory()) return false; + if (!existsSync(join(p, 'tsconfig.json'))) return false; + if (filter.size > 0 && !filter.has(name) && !filter.has(name.replace(/^shade-/, ''))) { + return false; + } + return true; +}); + +let failures = 0; +const failed: { pkg: string; out: string }[] = []; + +for (const pkg of packages) { + const dir = join(PACKAGES_DIR, pkg); + const proc = Bun.spawnSync(['bunx', 'tsc', '--noEmit', '-p', 'tsconfig.json'], { + cwd: dir, + stdout: 'pipe', + stderr: 'pipe', + }); + const stdout = proc.stdout.toString(); + const stderr = proc.stderr.toString(); + const out = (stdout + stderr) + .split('\n') + .filter((l) => !/^Resolving|^Resolved|^Saved/.test(l)) + .join('\n') + .trim(); + + if (proc.exitCode === 0 && out.length === 0) { + console.log(` ✓ ${pkg}`); + } else { + failures++; + failed.push({ pkg, out }); + console.log(` ✗ ${pkg}`); + } +} + +console.log(); +if (failures === 0) { + console.log(`All ${packages.length} packages type-check cleanly.`); + process.exit(0); +} + +console.error(`${failures} of ${packages.length} packages failed:\n`); +for (const f of failed) { + console.error(`── ${f.pkg} ──`); + console.error(f.out); + console.error(); +} +process.exit(1);