Joey Yakimowich-Payne
abc5c863fdThe T3 audit flagged the Zod v3 / v4 hand-mirrored schemas as a silent-drift risk: a bug where the client accepts what the server rejects (or vice versa) would silently degrade gameplay rather than fail loudly. New cross-package parity test at packages/server/src/custom-modifier-wire-parity.test.ts imports BOTH schemas and asserts they agree on an accept/reject matrix of 17 cases (valid minimal, valid rich, valid optional-field combinations + 12 rejection cases covering type/version/name/description/uiForm/source literals, bounds, empty id, oversized primitives/description, and primitive-node empty-kind). A final round-trip case parses on the client, JSON-serializes, and parses on the server — catching stringification edge cases too. First run surfaced a real drift: the client schema was missing the primitives.max(50) cap that the server schema enforces. A malicious or buggy client could construct an oversized descriptor, get past local validation, then hit the server's rejection. Fixed by adding matching caps (primitives.max(50) + targetAttrs.max(32) + author.max(80)) to the client schema. Barrel export: chess/src/index.ts now re-exports CustomModifierDescriptorSchema + EffectPrimitiveNodeSchema + the parse/serialize helpers so the server parity test can import them without reaching into subpaths. 1400 → 1417 unit tests. |
||
|---|---|---|
| .. | ||
| src | ||
| package.json | ||
| PROTOCOL.md | ||
| README.md | ||
| tsconfig.json | ||
| vitest.config.ts | ||