Skip to content

V2 branch: Move to native encryption, batch performance improvements and better input validation

Pelle Braendgaardrequested to merge
v2 into master

Change description

Key Changes

🔒 Input Validation (Latest Addition)

  • Added Zod v4.1.12 for runtime type validation across all public methods
  • Created comprehensive validation schemas for DIDs, keypairs, configs, and encryption methods
  • Implemented ValidationError class with structured issue tracking
  • Added conditional validation based on encryption method (HOSTED, END_2_END, HYBRID)
  • Created 35 validation-specific tests with full coverage
  • Fixed property-based tests to handle invalid IVMS101 structures

Performance Improvements

  • 14x+ performance boost through batch encryption/decryption operations
  • Libsodium-based ECDH-1PU encryption implementation
  • Default to sodium-universal with automatic fallback to pure JS

🏗️ Build System Updates

  • Migrated from Parcel to Vite 7.1.10
  • Added ESM export support alongside CommonJS
  • Improved bundle optimization

📚 Documentation & Code Quality

  • Comprehensive JSDoc documentation throughout
  • Property-based testing with fast-check
  • Branded type aliases for DIDs and IVMS101 integration
  • Template literals standardization

Test Results

  • 35 new validation tests
  • All existing tests updated and passing
  • Property-based tests fixed for edge cases

Performance Metrics

  • Sodium provider: 0.2ms average per encryption
  • Noble provider: 6.4ms average per encryption
  • 32x speedup with Sodium

Breaking Changes

None - Full backwards compatibility maintained

Migration Guide

No migration needed. The validation layer adds safety without changing existing APIs.

Type of change

  • Bug fix (fixes an issue)
  • New feature (adds functionality)
  • Chore (task that not add a new functionality or fix an issue)

Checklists

Development

  • Lint rules pass locally
  • Application changes have been tested thoroughly
  • Docker Image was build correctly

Security

  • Security impact of change has been considered
  • Code follows company security practices and guidelines

Network

  • Changes to network configurations have been reviewed
  • Any newly exposed public endpoints or data have gone through security review

Code review

  • Merge request has a descriptive title and context useful to a reviewer. Screenshots or screencasts are attached as necessary
  • "Ready for review" label attached and reviewers assigned
  • Changes have been reviewed by at least one other contributor

Merge request reports