Skip to content

chore(main): release 1.1.0#55

Closed
sid-release-bot[bot] wants to merge 95 commits into
mainfrom
release-please--branches--main--components--opaque
Closed

chore(main): release 1.1.0#55
sid-release-bot[bot] wants to merge 95 commits into
mainfrom
release-please--branches--main--components--opaque

Conversation

@sid-release-bot

@sid-release-bot sid-release-bot Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

🤖 I have created a release beep boop

1.1.0 (2026-06-27)

Features

  • policy: Rust-parity password policy validation for the TS fallback (c6e9dd7)
  • zkpp: Blake2b Fiat-Shamir transcript, interop-verified vs halo2 (8d06186)
  • zkpp: domain primitives for vanishing quotient (lagrange_to_coeff, extended_to_coeff, divide_by_vanishing) (f68dd9a)
  • zkpp: dynamic lazy loader (wasm-simd>wasm>pure-ts) — pure-TS code-split, loaded only on no-WASM fallback (6fc07ac)
  • zkpp: ECC complete-addition tail witness byte-exact (6b4dba1)
  • zkpp: ECC variable-base mul incomplete double-and-add witness byte-exact (7aee2db)
  • zkpp: ECC variable-base mul scalar decomposition (k=scalar+t_q bits) byte-exact (55b7f5f)
  • zkpp: EvaluationDomain coset-FFT (coeff_to_extended), interop-verified vs halo2 (f3a4223)
  • zkpp: full ECC variable-base mul assembly — variableBaseMul(k,P)==[k]P end-to-end (7a35556)
  • zkpp: gadget A (policy engine) witness byte-exact vs halo2 circuit (815980f)
  • zkpp: gadget B diff-accumulator witness byte-exact vs halo2 (531e34e)
  • zkpp: gadget C opaque-binder application witness (H_p + M=blind·H_p) byte-exact (be78532)
  • zkpp: gadget D breach-bloom witness (hash+bits+indices) byte-exact vs halo2 (4bebd10)
  • zkpp: IPA polynomial commitment (MSM+blind), interop-verified vs halo2 (ae53d32)
  • zkpp: lookup commit_product (Z_lookup) byte-exact + lookup expressions (0aa2e0f)
  • zkpp: lookup evals byte-exact — full lookup argument ported (permute/product/expressions/evals) (9cdd0e8)
  • zkpp: lookup folded-H expressions byte-exact (permute+product+expressions complete) (76698c1)
  • zkpp: lookup h_poly (quotient) byte-exact — lookup argument fully verified (fde7511)
  • zkpp: lookup permute_expression_pair (A'/S' + commits) byte-exact vs halo2 (a2cd8ee)
  • zkpp: native HashToCurve (gadget C H_p), interop-verified vs Rust (391ae77)
  • zkpp: Okamoto commit-prove binding, interop-verified vs Rust (38ae1ee)
  • zkpp: orchestration — all Poseidon hash-chains (gadget_b/c/d, 12 perms) reproduce real circuit (43a87c8)
  • zkpp: orchestration — Poseidon input cells (gadget_b zeros, gadget_c/d password fes) (d171e95)
  • zkpp: orchestration gadget_c binding — H_p + r·G2 fixed-base mul + Pedersen com reproduce real circuit (505c88c)
  • zkpp: orchestration R0 — gadget_a witness reproduces real circuit advice cols 0-9 byte-exact (d739a39)
  • zkpp: orchestration R26 — gadget_b diff-acc reproduces real circuit advice cols 11-16 (1d896f5)
  • zkpp: orchestration R34 — gadget_c HashToCurve Poseidon (password input) reproduces real circuit (9749a7d)
  • zkpp: orchestration R46 — fixed-base mul window decomposition reproduces real circuit col26 (dfe72c0)
  • zkpp: orchestration R5 — Pow5 Poseidon permutation reproduces real circuit cols 18-21 byte-exact (3299332)
  • zkpp: orchestration R67 — gadget_d hash bit-decomposition reproduces real circuit cols 39-40 (41ffe38)
  • zkpp: Pallas+Vesta via makeCurve factory + MSM (Vesta interop-verified) (4eeb563)
  • zkpp: Pasta field + Pallas curve foundation (verified vs pasta_curves) (e12ac76)
  • zkpp: platform capability detection + kernel auto-selection (7335711)
  • zkpp: Poseidon P128Pow5T3 over Pasta, interop-verified vs halo2_gadgets (4c8fb77)
  • zkpp: Pow5 Poseidon-chip witness layout (checkpoint states + partial sboxes) (e5dab3c)
  • zkpp: radix-2 NTT over Pasta, interop-verified vs halo2 best_fft (580de8e)
  • zkpp: SimpleFloorPlanner region packing — reproduces all 71 ZkppCircuit region starts (117afe7)
  • zkpp: step 6a advice extended coset verified vs halo2 (folded-H inputs) (277c4ea)
  • zkpp: TS halo2 prover step 1 (advice commit), byte-exact vs create_proof (889da41)
  • zkpp: TS prover step 2 (transcript hash_into+instance+advice -> theta), byte-exact (4794208)
  • zkpp: TS prover step 3 (beta/gamma challenges), byte-exact vs halo2 (5773211)
  • zkpp: TS prover step 4 (permutation grand-product Z), byte-exact vs halo2 (82bf00d)
  • zkpp: TS prover step 6 folded H (gate + permutation constraints) byte-exact vs halo2 (02d53ba)
  • zkpp: TS prover step 8 (evaluations at x, 17 scalars) byte-exact vs halo2 (b034a89)
  • zkpp: TS prover step 9a IPA opening (s_commit, L/R, c, f) byte-exact vs halo2 (e836541)
  • zkpp: TS prover step 9b multiopen — FULL toy create_proof byte-exact vs halo2 (317085e)
  • zkpp: TS prover steps 4b-5 (Z commit, vanishing random commit, y), byte-exact (8804695)
  • zkpp: TS prover steps 6c-7 (h-pieces commit, x challenge) byte-exact vs halo2 (af4bbd3)
  • zkpp: verify divide_by_vanishing + extended_to_coeff (folded H -> h) vs halo2 (7b9e11a)

Bug Fixes

  • backend: delegate OPAQUE protocol to TS backend when WASM OPAQUE unavailable (046007d)
  • deps: align packageManager to yarn 4.14.1 to match lockfile v9 (dac6e16)

Performance Improvements

  • zkpp: back Pallas curve with @noble weierstrass (~11x faster, native-capable) (339176c)
  • zkpp: pippenger MSM (16x faster, 251ms for n=2048) + suite benchmark (5c84464)

This PR was generated with Release Please. See documentation.

polaz and others added 30 commits February 12, 2026 21:32
- Add TypeScript OPAQUE client with WebCrypto backend
- Add WASM integration support for password validation
- Configure commitlint, semantic-release, GitHub Actions CI
- Add Docker and deployment configs
- Built sid-wasm via wasm-pack (--target web, --no-default-features)
- 146KB WASM binary with: validate_password, get_policy,
  prepare_breach_check, verify_breach_response, generate_zkpp_proof
- wasm.ts rewritten to use wasm-bindgen glue (not raw instantiation)
- Build script: tsup + copy wasm files to dist/
- wasm/ directory holds pre-built WASM artifacts
- 303 tests pass (JS fallback in Node.js test env)
- .releaserc.json: chore(wasm) triggers patch release
  (GitLab CI pushes WASM binary with this commit type)
- ci-cd.yml: add NPM_TOKEN for semantic-release npm publish
- Pipeline: GitLab builds WASM → pushes to GitHub → semantic-release
  detects chore(wasm) → patch release → npm publish
Replace semantic-release with release-please:
- release-please accumulates commits into Release PR (no auto-bump per commit)
- Maintainer merges PR when ready → GitHub Release created
- publish.yml triggered on release → npm publish with OIDC provenance

Workflows:
- ci-cd.yml: CI only (typecheck, lint, test, build) — no release logic
- release-please.yml: creates/updates Release PR on push to main
- publish.yml: npm publish on GitHub Release (OIDC, no NPM_TOKEN)

Removed: semantic-release + 4 plugins, .releaserc.json
… updates

Bumps the minor-and-patch group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) | `20.4.1` | `20.5.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.2.2` | `25.5.1` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.55.0` | `8.58.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.55.0` | `8.58.0` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.0.18` | `4.1.2` |
| [conventional-changelog-conventionalcommits](https://github.com/conventional-changelog/conventional-changelog/tree/HEAD/packages/conventional-changelog-conventionalcommits) | `9.1.0` | `9.3.1` |
| [eslint](https://github.com/eslint/eslint) | `10.0.0` | `10.1.0` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.0.18` | `4.1.2` |



Updates `@commitlint/config-conventional` from 20.4.1 to 20.5.0
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.0/@commitlint/config-conventional)

Updates `@types/node` from 25.2.2 to 25.5.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@typescript-eslint/eslint-plugin` from 8.55.0 to 8.58.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.58.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.55.0 to 8.58.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.58.0/packages/parser)

Updates `@vitest/coverage-v8` from 4.0.18 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/coverage-v8)

Updates `conventional-changelog-conventionalcommits` from 9.1.0 to 9.3.1
- [Release notes](https://github.com/conventional-changelog/conventional-changelog/releases)
- [Changelog](https://github.com/conventional-changelog/conventional-changelog/blob/master/packages/conventional-changelog-conventionalcommits/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/conventional-changelog/commits/conventional-changelog-conventionalcommits-v9.3.1/packages/conventional-changelog-conventionalcommits)

Updates `eslint` from 10.0.0 to 10.1.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.0.0...v10.1.0)

Updates `vitest` from 4.0.18 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/vitest)

---
updated-dependencies:
- dependency-name: "@commitlint/config-conventional"
  dependency-version: 20.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@types/node"
  dependency-version: 25.5.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.58.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.58.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: conventional-changelog-conventionalcommits
  dependency-version: 9.3.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: eslint
  dependency-version: 10.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: vitest
  dependency-version: 4.1.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…or-and-patch-62833b99dc

chore(deps): bump the minor-and-patch group across 1 directory with 8 updates
Bumps [rollup](https://github.com/rollup/rollup) from 4.57.1 to 4.60.1.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.57.1...v4.60.1)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.60.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 1 to 3.
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](actions/create-github-app-token@v1...v3)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [minimatch](https://github.com/isaacs/minimatch) from 9.0.5 to 9.0.9.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v9.0.5...v9.0.9)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.2.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.2)

---
updated-dependencies:
- dependency-name: typescript
  dependency-version: 6.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [picomatch](https://github.com/micromatch/picomatch) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@4.0.3...4.0.4)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: sid-release-bot[bot] <260545971+sid-release-bot[bot]@users.noreply.github.com>
Co-authored-by: sid-release-bot[bot] <260545971+sid-release-bot[bot]@users.noreply.github.com>
* chore: update dependencies and fix CI issues

- Fix prettier formatting in src/testing/performance.ts (extra parens in void expressions)
- Add ignoreDeprecations: "6.0" to tsconfig.json for TypeScript 6 baseUrl deprecation
- Update @types/node ^25.5.1 → ^25.5.2

Closes #32

* fix: use NPM_TOKEN for npm publish authentication

OIDC trusted publishing only works for already-published packages.
First publish requires explicit npm automation token.

- Add NODE_AUTH_TOKEN env var pointing to NPM_TOKEN secret
- Keep --provenance for OIDC signing (separate from auth)
- Requires NPM_TOKEN secret in "release" environment

Closes #35

* fix: align publish.yml with gitlab-mcp pattern

- Upgrade actions/setup-node v4 → v6, node 22 → 24
- Use yarn npm publish instead of npm publish
- Add idempotency check (skip if version already published)
- Use NPM_CONFIG_PROVENANCE env var instead of --provenance flag

Closes #35

* fix: use OIDC trusted publishing, remove NPM_TOKEN

npm trusted publishing authenticates via GitHub Actions OIDC identity.
No secret tokens needed — configured at npmjs.com package settings.

Closes #35

* fix: remove registry-url that breaks OIDC trusted publishing

actions/setup-node with registry-url creates .npmrc with
NODE_AUTH_TOKEN=${GITHUB_TOKEN} which overrides OIDC auth.
Without registry-url, npm falls back to OIDC identity for auth.

* fix: validate package.json version matches release tag before publish

Use package.json version (what npm publish uses) instead of git tag
for idempotency check. Fail fast if tag and package.json diverge.

* fix: add missing void prefix to digit regex check for consistency

* fix: align Node.js and setup-node versions across all workflows

Upgrade all CI workflows to Node 24 + actions/setup-node@v6
to match publish.yml. Update test matrix from [20, 22] to [22, 24].
Co-authored-by: sid-release-bot[bot] <260545971+sid-release-bot[bot]@users.noreply.github.com>
… unavailable

The compiled WASM provides policy / breach / ZKPP today but not the OPAQUE
protocol itself, so the WASM backend's registration/login methods threw
"WASM OPAQUE protocol not yet available". They now delegate to the pure-TS
jsBackend (lazily loaded, cached after first use).

The wire format is backend-agnostic, so the hybrid (WASM for policy/breach,
TS for OPAQUE) is transparent to the server. On a browser without WASM the
selector already falls back to the TS backend wholesale.

Unblocks registration/login. Benchmarked locally: full OPAQUE
registration+login roundtrips run in ms (21 integration roundtrips in 2.4s) —
no ZK proving on this path, so none of the heavy-gadget cost.
@sid-release-bot sid-release-bot Bot force-pushed the release-please--branches--main--components--opaque branch from 74b9e0d to 8df9b5b Compare June 27, 2026 18:15
@sid-release-bot sid-release-bot Bot force-pushed the release-please--branches--main--components--opaque branch from 8df9b5b to 4bfa64b Compare June 27, 2026 18:28
@sid-release-bot sid-release-bot Bot force-pushed the release-please--branches--main--components--opaque branch from 4bfa64b to 156feec Compare June 27, 2026 18:31
@sid-release-bot sid-release-bot Bot force-pushed the release-please--branches--main--components--opaque branch from 156feec to fdfcf09 Compare June 27, 2026 18:42
@sid-release-bot sid-release-bot Bot force-pushed the release-please--branches--main--components--opaque branch from fdfcf09 to 1f2152b Compare June 27, 2026 18:56
@sid-release-bot sid-release-bot Bot force-pushed the release-please--branches--main--components--opaque branch from 1f2152b to 92d6e3b Compare June 27, 2026 18:59
@sid-release-bot sid-release-bot Bot force-pushed the release-please--branches--main--components--opaque branch from 92d6e3b to f0763c3 Compare June 27, 2026 19:01
@sid-release-bot sid-release-bot Bot force-pushed the release-please--branches--main--components--opaque branch from f0763c3 to 7a4e2cd Compare June 27, 2026 19:03
@sid-release-bot sid-release-bot Bot force-pushed the release-please--branches--main--components--opaque branch from 7a4e2cd to 3f68923 Compare June 27, 2026 19:33
@sid-release-bot sid-release-bot Bot force-pushed the release-please--branches--main--components--opaque branch from 3f68923 to 2a38678 Compare June 27, 2026 20:01
@sid-release-bot sid-release-bot Bot force-pushed the release-please--branches--main--components--opaque branch from 2a38678 to e7c5c9c Compare June 27, 2026 20:09
@sid-release-bot sid-release-bot Bot force-pushed the release-please--branches--main--components--opaque branch from e7c5c9c to c7096d8 Compare June 27, 2026 20:13
@sid-release-bot sid-release-bot Bot force-pushed the release-please--branches--main--components--opaque branch from c7096d8 to 356aa6b Compare June 27, 2026 20:18
@sid-release-bot sid-release-bot Bot force-pushed the release-please--branches--main--components--opaque branch from 356aa6b to 0b78fb0 Compare June 27, 2026 20:19
@polaz polaz closed this Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant