Patch Changes
-
#1100
f753dbaThanks @jcheese1! - Resolve bare local media IDs in media fields before falling back to external URLs. -
#1101
e539731Thanks @ascorbic! - Fixes experimental registry navigation and allows the configured registry aggregator through the admin CSP. -
#1112
3756168Thanks @ascorbic! - Validates aggregator responses at the read-side trust boundary inDiscoveryClient. Two layers run:- Response envelope (
uri,cid,did,slug,version, …):DiscoveryClientnow routes every call through@atcute/client's schema-validating.call()against the aggregator method's output lexicon. Request params are validated too. A non-conforming envelope throwsClientValidationError. - Embedded signed
profile/releaserecords (typedunknownby the aggregator lexicon because they are relayed verbatim from publisher repos under a different lexicon namespace): nowsafeParse'd againstcom.emdashcms.experimental.package.profile/release. A conforming record is returned as the typed lexicon shape; a non-conforming one is surfaced asnullso one bad record doesn't fail an entire search page.
Refines the return types from
unknowntoPackageProfile.Main | null/PackageRelease.Main | null(new exportedValidatedPackageView/ValidatedReleaseView/ValidatedSearchPackages/ValidatedListReleasestypes). Callers must null-check. The registry install handler now fails closed when the aggregator returns a release record that does not conform to its lexicon.Validation is structural only — the lexicon's
uriformat permits non-HTTP schemes, so UI rendering these URLs still applies its own scheme allow-list. - Response envelope (
-
Updated dependencies [
cf85941,3756168,3756168]:- @emdash-cms/admin@0.14.0
- @emdash-cms/registry-client@0.1.0
- @emdash-cms/auth@0.14.0
- @emdash-cms/gutenberg-to-portable-text@0.14.0
- @emdash-cms/auth-atproto@0.2.7