Merge pull request #100 from NillionNetwork/feat/release-2-0-0

Author: tim-hm

.github/workflows/cd.yaml

@@ -2,15 +2,15 @@ name: CD
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ["main"]
   workflow_dispatch:
 
 concurrency:
   group: "publish"
   cancel-in-progress: true
 
 permissions:
-  id-token: write  # Required for NPM Trusted Publisher
+  id-token: write # Required for NPM Trusted Publisher
   contents: read
 
 jobs:
@@ -37,13 +37,12 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          submodules: 'recursive'
+          submodules: "recursive"
       - uses: actions/setup-node@v4
         with:
-          node-version: "23"
+          node-version: "24"
           registry-url: "https://registry.npmjs.org"
       - uses: pnpm/action-setup@v4
       - run: pnpm install
       - run: pnpm build
-      - run: pnpm exec biome ci
-      - run: tsc
+      - run: pnpm check

.github/workflows/ci.yaml

@@ -12,15 +12,14 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          submodules: 'recursive'
+          submodules: "recursive"
       - uses: actions/setup-node@v4
         with:
-          node-version: "23"
+          node-version: "24"
       - uses: pnpm/action-setup@v4
       - run: pnpm install
       - run: pnpm build
-      - run: pnpm exec biome ci
-      - run: tsc
+      - run: pnpm check
 
   test:
     needs: check
@@ -29,7 +28,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: "23"
+          node-version: "24"
       - uses: pnpm/action-setup@v4
       - run: pnpm install
       - run: pnpm vitest --coverage

.gitignore

@@ -11,3 +11,4 @@ dist
 docs
 dist/**
 node_modules/**
+tsconfig.tsbuildinfo

.oxfmtrc.json

@@ -0,0 +1,9 @@
+{
+  "$schema": "./node_modules/oxfmt/configuration_schema.json",
+  "printWidth": 120,
+  "experimentalSortImports": {
+    "groups": ["builtin", "external", "internal", ["parent", "sibling", "index"]],
+    "internalPattern": ["@nillion/"],
+    "newlinesBetween": true
+  }
+}

.oxlintrc.json

@@ -0,0 +1,27 @@
+{
+  "$schema": "./node_modules/oxlint/configuration_schema.json",
+  "plugins": ["typescript", "import", "unicorn", "vitest"],
+  "categories": {
+    "correctness": "warn"
+  },
+  "rules": {
+    "no-nested-ternary": "error",
+    "no-unneeded-ternary": "error",
+    "no-unused-vars": "error",
+    "typescript/no-explicit-any": "error",
+    "typescript/explicit-function-return-type": "error",
+    "unicorn/prefer-node-protocol": "error",
+    "unicorn/filename-case": ["error", { "case": "kebabCase" }],
+    "import/no-cycle": "error"
+  },
+  "overrides": [
+    {
+      "files": ["tests/**/*.ts"],
+      "rules": {
+        "typescript/no-explicit-any": "off",
+        "typescript/no-non-null-assertion": "off",
+        "typescript/no-floating-promises": "off"
+      }
+    }
+  ]
+}

CONTRIBUTING.md

@@ -17,12 +17,14 @@ This project is managed via [pnpm](https://pnpm.io/). To install dependencies ru
 The library uses [pino](https://github.com/pinojs/pino) for structured logging. You can control the log level to help debug issues:
 
 1. **Node.js**: Set the `NILLION_LOG_LEVEL` environment variable
+
    ```bash
    NILLION_LOG_LEVEL=debug pnpm test
    NILLION_LOG_LEVEL=trace node your-script.js
    ```
 
 2. **Browser**: Use the developer console to configure logging
+
    ```javascript
    // Set log level via localStorage
    localStorage.setItem("NILLION_LOG_LEVEL", "debug");
@@ -32,12 +34,12 @@ The library uses [pino](https://github.com/pinojs/pino) for structured logging.
    ```
 
 3. **Available log levels** (from most to least verbose):
-    - `trace` - Extremely detailed debugging information
-    - `debug` - Detailed debugging information
-    - `info` - General informational messages
-    - `warn` - Warning messages
-    - `error` - Error messages only
-    - `silent` - Disable all logging
+   - `trace` - Extremely detailed debugging information
+   - `debug` - Detailed debugging information
+   - `info` - General informational messages
+   - `warn` - Warning messages
+   - `error` - Error messages only
+   - `silent` - Disable all logging
 
 ## Documentation
 
@@ -49,12 +51,12 @@ The documentation can be generated automatically from the source files using [Ty
 All unit tests are executed and their coverage is measured when using [vitest](https://vitest.dev/):
 `pnpm test --coverage`
 
-Style conventions are enforced using [Biome](https://biomejs.dev/): `biome check`
+Style conventions are enforced using [oxlint](https://oxc.rs/docs/guide/usage/linter) and [oxfmt](https://oxc.rs/docs/guide/usage/formatter): `pnpm check`
 
 ## Versioning
 
 The version number format for this library and the changes to the library associated with version number increments conform with [Semantic Versioning 2.0.0](https://semver.org/#semantic-versioning-200).
 
 ## Publishing
 
-This library can be published as a [package on npmjs](https://www.npmjs.com/package/@nillion/nuc) via the GitHub Actions workflow.
+This library can be published as a [package on npmjs](https://www.npmjs.com/package/@nillion/nuc) via the GitHub Actions workflow.

DOCUMENTATION.md

@@ -9,15 +9,15 @@ pnpm install @nillion/nuc
 ```
 
 ```typescript
-import { Builder, Codec, Signer, Validator } from '@nillion/nuc';
+import { Builder, Codec, Signer, Validator } from "@nillion/nuc";
 ```
 
 ## Core Concepts
 
 A Nuc (Nillion User Controlled) token is a type of capability-based authorisation token inspired by the UCAN specification. It grants specific permissions from a sender to a receiver. Three core claims define the actors in this relationship:
 
 | Claim     | Role                    | Description                                                                                                                                                   |
-|:----------|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| :-------- | :---------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------ |
 | **`iss`** | **Issuer (Sender)**     | The principal who created and signed the token.                                                                                                               |
 | **`aud`** | **Audience (Receiver)** | The principal the token is addressed to. This is the only entity that can use (i.e., invoke or delegate) the token.                                           |
 | **`sub`** | **Subject**             | The principal the token is "about". It represents the identity whose authority is being granted. This value must stay the same throughout a delegation chain. |
@@ -29,7 +29,7 @@ In a simple, two-party delegation, the `aud` and `sub` are often the same. When
 This example demonstrates the primary workflow of creating delegation and invocation tokens:
 
 ```typescript
-import { Signer, Builder, Codec, Validator } from '@nillion/nuc';
+import { Signer, Builder, Codec, Validator } from "@nillion/nuc";
 
 // Step 1: Create Signers for different parties
 // A root authority (e.g., for a server-side process with a private key)
@@ -49,22 +49,23 @@ const serviceDidString = serviceDid.didString; // e.g., "did:key:zDnae..."
 // Step 3: Build a root delegation token
 // This grants capabilities from the root to the user
 const rootDelegation = await Builder.delegation()
-  .audience(userDid)                      // Who can use this delegation
-  .subject(userDid)                       // Who the delegation is about
-  .command("/nil/db/collections/read")    // The authorized command namespace
-  .policy([                               // Policy rules that must be satisfied
+  .audience(userDid) // Who can use this delegation
+  .subject(userDid) // Who the delegation is about
+  .command("/nil/db/collections/read") // The authorized command namespace
+  .policy([
+    // Policy rules that must be satisfied
     ["==", ".command", "/nil/db/collections"], // Command must be an attenuation
-    ["!=", ".args.collection", "secrets"]
+    ["!=", ".args.collection", "secrets"],
   ])
-  .expiresIn(3600 * 1000)                 // Expires in 1 hour
+  .expiresIn(3600 * 1000) // Expires in 1 hour
   .sign(rootSigner);
 
 // Step 4: Build an invocation token from the delegation
 // The user invokes their granted capability for the service
 const invocation = await Builder.invocationFrom(rootDelegation)
-  .audience(serviceDid)                   // The service that will process this
-  .command("/nil/db/collections/read")    // The specific command being invoked
-  .arguments({ collection: "users" })       // Arguments for the command
+  .audience(serviceDid) // The service that will process this
+  .command("/nil/db/collections/read") // The specific command being invoked
+  .arguments({ collection: "users" }) // Arguments for the command
   .sign(userSigner); // Signed by the user
 
 // Step 5: Serialize for transmission
@@ -81,13 +82,13 @@ try {
     params: {
       tokenRequirements: {
         type: "invocation",
-        audience: serviceDidString
-      }
+        audience: serviceDidString,
+      },
     },
     context: {
       // Additional context for policy evaluation
-      environment: "production"
-    }
+      environment: "production",
+    },
   });
   console.log("Token is valid!", decoded);
 } catch (error) {

README.md

@@ -21,4 +21,4 @@ If you're unsure where to start, head over to [docs.nillion.com](https://docs.ni
 
 ## License
 
-This project is licensed under the [MIT License](./LICENSE).
+This project is licensed under the [MIT License](./LICENSE).

bin/check-version.ts

@@ -1,17 +1,16 @@
 #!/usr/bin/env tsx
 
 import { appendFileSync } from "node:fs";
+
 import semver from "semver";
+
 import packageJson from "../package.json";
 
 interface NpmRegistryResponse {
   "dist-tags": Record<string, string>;
 }
 
-async function getNpmVersion(
-  packageName: string,
-  distTag: string,
-): Promise<string> {
+async function getNpmVersion(packageName: string, distTag: string): Promise<string> {
   const response = await fetch(`https://registry.npmjs.org/${packageName}`);
   if (response.ok) {
     const data = (await response.json()) as NpmRegistryResponse;