emdash

v@emdash-cms/[email protected] Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 14d Productivity & Wikis

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

astro cms emdash typescript

Affected surfaces

auth rbac

Summary

AI summary

DiscoveryClient now validates response envelopes and embedded signed records against schemas, refining return types to nullable validated shapes.

Changes in this release

Type	Severity	Summary	CVE
Breaking	Medium	Registry install handler fails closed on non-conforming aggregator release records. Registry install handler fails closed on non-conforming aggregator release records. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature
Feature	Medium	Routes every call through @atcute/client's schema-validating .call() against aggregator method's output lexicon. Routes every call through @atcute/client's schema-validating .call() against aggregator method's output lexicon. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	Validates request parameters alongside response envelope. Validates request parameters alongside response envelope. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	Safe-parses embedded signed profile / release records against respective lexicons. Safe-parses embedded signed profile / release records against respective lexicons. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	Refines return types from unknown to PackageProfile.Main \| null / PackageRelease.Main \| null. Refines return types from unknown to PackageProfile.Main \| null / PackageRelease.Main \| null. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	Introduces ValidatedPackageView, ValidatedReleaseView, ValidatedSearchPackages, ValidatedListReleases types. Introduces ValidatedPackageView, ValidatedReleaseView, ValidatedSearchPackages, ValidatedListReleases types. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	Validates aggregator responses at read-side trust boundary in DiscoveryClient. Validates aggregator responses at read-side trust boundary in DiscoveryClient. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Feature	Medium	Validates aggregator response envelopes in DiscoveryClient. Validates aggregator response envelopes in DiscoveryClient. Source: granite4.1:30b@2026-05-20-audit Confidence: low	—
Bugfix	Medium	Non-conforming envelope throws ClientValidationError. Non-conforming envelope throws ClientValidationError. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Bugfix	Medium	Conforming record returned as typed lexicon shape; non-conforming surfaced as null. Conforming record returned as typed lexicon shape; non-conforming surfaced as null. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—

Full changelog

Minor Changes

#1112 3756168 Thanks @ascorbic! - Validates aggregator responses at the read-side trust boundary in DiscoveryClient. Two layers run:
- Response envelope (uri, cid, did, slug, version, …): DiscoveryClient now routes every call through @atcute/client's schema-validating .call() against the aggregator method's output lexicon. Request params are validated too. A non-conforming envelope throws ClientValidationError.
- Embedded signed profile / release records (typed unknown by the aggregator lexicon because they are relayed verbatim from publisher repos under a different lexicon namespace): now safeParse'd against com.emdashcms.experimental.package.profile / release. A conforming record is returned as the typed lexicon shape; a non-conforming one is surfaced as null so one bad record doesn't fail an entire search page.
Refines the return types from unknown to PackageProfile.Main | null / PackageRelease.Main | null (new exported ValidatedPackageView / ValidatedReleaseView / ValidatedSearchPackages / ValidatedListReleases types). Callers must null-check. The registry install handler now fails closed when the aggregator returns a release record that does not conform to its lexicon.

Validation is structural only — the lexicon's uri format permits non-HTTP schemes, so UI rendering these URLs still applies its own scheme allow-list.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track emdash

Get notified when new releases ship.

About emdash

All releases →

Related context

Related tools

Earlier breaking changes

[email protected] Schema migration adds `locale` and `translation_group` columns to `_emdash_bylines`.
[email protected] Byline hydration now strictly per-locale, suppressing cross‑locale fallback.
v@emdash-cms/[email protected] Changes `_emdash_content_bylines.byline_id` to store translation_group instead of row id, enforcing strict per-locale credit hydration.
v@emdash-cms/[email protected] Menu and menu-item API responses now camelCase, breaking clients expecting snake_case keys.
v@emdash-cms/[email protected] Legacy query-string item writes removed; use PUT /menus/:name/items/:id and DELETE /menus/:name/items/:id instead.