chore(release): pryv 3.4.0 + @pryv/cmc 1.1.0 + monitor/socket.io 3.4.0 lockstep

perki · perki · commit c7053e7b22a3 · 2026-05-20T13:46:49.000Z
Minor release shipping the SDK side of @pryv/cmc Phase 2 + Phase 4 +
companion CHANGELOG. The server-side counterpart is open-pryv.io
2.0.0-pre.4 (cmc plugin commit 0306c7e).

@pryv/cmc@1.1.0 (MINOR bump — additive error ids):
- 7 new ids on cmc.errorIds: CAPABILITY_TTL_OUT_OF_RANGE,
  HANDLER_MISSING_CAPABILITY_ID, CHAT_DISABLED,
  SYSTEM_MESSAGING_DISABLED, CLIENTDATA_CMC_FORBIDDEN,
  RESERVED_STREAM_UNDELETABLE, COUNTERPARTY_IDENTITY_MISSING.
- New [CMCXEC] J9 catalogue-match test pinning all 7 against the
  server-side strings (fails at unit-test time if SDK + server
  drift).
- No source-level breaking change. Existing apps on pryv@3.3.x +
  @pryv/cmc@1.0.x continue to work.

pryv@3.4.0, @pryv/monitor@3.4.0, @pryv/socket.io@3.4.0:
- No code changes. Versions bumped in lockstep with @pryv/cmc@1.1.0
  so operators upgrade with one `npm install pryv@3.4.0
  @pryv/cmc@1.1.0` and the monitor / socket.io packages follow via
  transitive resolution. The ^3.3.0 peer-dep selector on @pryv/cmc
  resolves cleanly against pryv@3.4.0.

Tests: 55 -&gt; 56 passing (+1 J9 catalogue test). The earlier J3-J10
suite already in 1.0.2 stays green.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,88 @@
 
 <!-- Format based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) -->
 
+## [3.4.0]
+
+Lockstep release of `pryv@3.4.0` + `@pryv/monitor@3.4.0` +
+`@pryv/socket.io@3.4.0`, plus `@pryv/cmc@1.1.0` (additive — new error
+ids on the catalogue + new wire-shape contract tests).
+
+### `@pryv/cmc@1.1.0`
+
+#### Added
+- **7 new error ids** on `cmc.errorIds`, mirroring the server-side
+  `CmcErrorIds` additions shipped in `open-pryv.io` 2.0.0-pre.4 (cmc
+  plugin commit `0306c7e`):
+  - `CAPABILITY_TTL_OUT_OF_RANGE` (`cmc-capability-ttl-out-of-range`)
+    — server now bounds `content.expiresAt` to `[60s, 30d]` at mint.
+    Omit `expiresAt` to use the 7-day default; pick a value in range
+    to override.
+  - `HANDLER_MISSING_CAPABILITY_ID` (`cmc-handler-missing-capability-id`)
+    — was on the server catalog but missing from the SDK mirror.
+  - `CHAT_DISABLED` (`cmc-chat-disabled`) — feature-gating: writes
+    rejected when the relationship's `clientData.cmc.features.chat ===
+    false`. Default-permit on omission.
+  - `SYSTEM_MESSAGING_DISABLED` (`cmc-system-messaging-disabled`) —
+    same for `features.systemMessaging`. Scope-request /
+    scope-update remain protocol-level and permitted regardless.
+  - `CLIENTDATA_CMC_FORBIDDEN` (`cmc-clientdata-cmc-forbidden`) —
+    `accesses.create` / `accesses.update` reject any user-supplied
+    `clientData.cmc.*`. Use this to catch hand-crafted forge attempts
+    surfacing as 400-not-200 from the api-server.
+  - `RESERVED_STREAM_UNDELETABLE` (`cmc-reserved-stream-undeletable`)
+    — `streams.delete` rejects the five reserved CMC parents +
+    `:_cmc:_internal:*` + plugin-managed `chats`/`collectors` segments
+    even from personal tokens. App code should not target these.
+  - `COUNTERPARTY_IDENTITY_MISSING` (`cmc-counterparty-identity-missing`)
+    — peer-side `content.from` stamping hook rejects a write when the
+    counterparty access has no stored `{username,host}` identity.
+    Surfaced for ops; app developers shouldn't see it under normal
+    flow.
+
+#### Tests
+- New `[CMCXEC]` J9 catalogue-match test pinning all 7 ids against
+  the server-side strings. Future drift between SDK + server will
+  fail at unit-test time.
+- New `[CMCL1OB]`–`[CMCL1OH]` wire-shape contract tests (J3, J4, J5,
+  J7, J8) covering `listInvites` (uses `streams` not `streamIds`),
+  `listAcceptedRelationships` counterparty-mapping precedence
+  (content.from > content.acceptedBy > null fallback), `waitForAccept`
+  `sinceTime` filter (defensive passthrough when `ev.time` missing),
+  `acceptInvite` `scopeStreamId` requirement, `acceptInvite`
+  `dataGrantAccessId` resolution post-completion.
+
+#### Compatibility
+- **No source-level breaking changes.** Existing apps using
+  `pryv@3.3.x` + `@pryv/cmc@1.0.x` continue to work; the new error ids
+  are additive. The `^3.3.0` peer-dep selector on `@pryv/cmc` resolves
+  cleanly against `pryv@3.4.0` so apps that pin only `@pryv/cmc` get
+  the new `pryv` transitively without action.
+
+### `pryv@3.4.0`, `@pryv/monitor@3.4.0`, `@pryv/socket.io@3.4.0`
+
+- No code changes. Versions bumped in lockstep with `@pryv/cmc@1.1.0`
+  so operators upgrade with `npm install pryv@3.4.0 @pryv/cmc@1.1.0`
+  and pick up the new ids + the monitor / socket.io packages follow
+  via transitive resolution.
+
+### Server-side coverage
+
+This SDK release pairs with `open-pryv.io` 2.0.0-pre.4 (cmc plugin
+commit `0306c7e`+) which ships:
+- Plugin field-stamping completion (`inviteEventId` on inbox mirrors,
+  `requestEventId` on capability accesses via post-create hook).
+- Capability TTL configurable per-invite, bounded `[60s, 30d]`.
+- Feature-gating enforced at send time on `handleChat` / `handleSystem`.
+- Forge-prevention on `accesses.create` / `accesses.update` /
+  `streams.delete` (new route-level hooks).
+- `content.from` stamping extended from `:_cmc:inbox` to per-app
+  chats/collectors writes by counterparty-marked accesses.
+- `:_cmc:_internal:*` defense-in-depth filter on `events.get` /
+  `events.getOne` / `streams.get`.
+
+See `open-pryv.io/components/cmc/CHANGELOG-v2.md` for the server-side
+detail.
+
 ## [3.3.2]
 
 Lockstep patch release of `pryv@3.3.2` + `@pryv/monitor@3.3.2` +
diff --git a/components/pryv-cmc/package.json b/components/pryv-cmc/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@pryv/cmc",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "description": "Cross-account Messaging & Consent client helpers for Pryv.io",
   "keywords": [
     "Pryv",
diff --git a/components/pryv-cmc/src/index.js b/components/pryv-cmc/src/index.js
@@ -249,8 +249,13 @@ const errorIds = Object.freeze({
   CAPABILITY_TIMEOUT: 'cmc-capability-timeout',
   CAPABILITY_EMPTY: 'cmc-capability-empty',
   CAPABILITY_MULTIPLE_OFFERS: 'cmc-capability-multiple-offers',
+  // Caller's `content.expiresAt` on the trigger event resolves to a
+  // TTL outside the platform-allowed bounds [60s, 30d]. Either omit
+  // `expiresAt` to use the 7-day default or pick a bounded value.
+  CAPABILITY_TTL_OUT_OF_RANGE: 'cmc-capability-ttl-out-of-range',
   // Trigger-event content shape
   HANDLER_MISSING_CAPABILITY_URL: 'cmc-handler-missing-capability-url',
+  HANDLER_MISSING_CAPABILITY_ID: 'cmc-handler-missing-capability-id',
   HANDLER_OFFER_MISSING_CAPABILITY_ID: 'cmc-handler-offer-missing-capability-id',
   OFFER_EMPTY_PERMISSIONS: 'cmc-offer-empty-permissions',
   // Handler routing
@@ -272,7 +277,28 @@ const errorIds = Object.freeze({
   CHAT_STREAM_NOT_CHAT: 'cmc-chat-stream-not-chat',
   CHAT_COUNTERPARTY_ACCESS_NOT_FOUND: 'cmc-chat-counterparty-access-not-found',
   CHAT_NO_REMOTE_APIENDPOINT: 'cmc-chat-no-remote-apiendpoint',
-  CHAT_NO_REMOTE_CHAT_STREAM: 'cmc-chat-no-remote-chat-stream'
+  CHAT_NO_REMOTE_CHAT_STREAM: 'cmc-chat-no-remote-chat-stream',
+  // Feature-gating: a relationship with negotiated `features.chat:
+  // false` or `features.systemMessaging: false` rejects sends on the
+  // disabled channel. Default-permit on omission (matches the
+  // offer-side default).
+  CHAT_DISABLED: 'cmc-chat-disabled',
+  SYSTEM_MESSAGING_DISABLED: 'cmc-system-messaging-disabled',
+  // Route-level forge prevention: `accesses.create` / `accesses.update`
+  // reject any user-supplied `clientData.cmc.*`. That namespace is
+  // plugin-owned end-to-end (role, appCode, counterparty, capability,
+  // requestEventId, features); allowing user-set values would let an
+  // app forge a counterparty role and bypass the handshake.
+  CLIENTDATA_CMC_FORBIDDEN: 'cmc-clientdata-cmc-forbidden',
+  // streams.delete reject on the five reserved CMC parents +
+  // :_cmc:_internal:* + plugin-managed chats/collectors segments —
+  // even from a personal token. Deleting :_cmc: would silently break
+  // every active relationship on the account.
+  RESERVED_STREAM_UNDELETABLE: 'cmc-reserved-stream-undeletable',
+  // The peer-side `content.from` stamping hook rejects when the
+  // writer's counterparty access has no stored `{username,host}`
+  // identity — wiring bug at handshake time; surface for ops.
+  COUNTERPARTY_IDENTITY_MISSING: 'cmc-counterparty-identity-missing'
 });
 
 // --- Level-1 protocol functions ---
diff --git a/components/pryv-cmc/test/cmc.test.js b/components/pryv-cmc/test/cmc.test.js
@@ -139,6 +139,19 @@ describe('[CMCX] @pryv/cmc Level-0 helpers', function () {
     it('[CMCXEB] does not carry the dropped CHAT_RATE_LIMITED', function () {
       expect(cmc.errorIds).to.not.have.property('CHAT_RATE_LIMITED');
     });
+
+    it('[CMCXEC] J9 catalogue mirrors @pryv/cmc 1.1.0 server-side additions', function () {
+      // Server-side errorIds shipped in open-pryv.io 2.0.0-pre.4 / cmc
+      // plugin commit 0306c7e. SDK must expose the same kebab strings so
+      // apps can pattern-match without parsing message text.
+      expect(cmc.errorIds.CAPABILITY_TTL_OUT_OF_RANGE).to.equal('cmc-capability-ttl-out-of-range');
+      expect(cmc.errorIds.CHAT_DISABLED).to.equal('cmc-chat-disabled');
+      expect(cmc.errorIds.SYSTEM_MESSAGING_DISABLED).to.equal('cmc-system-messaging-disabled');
+      expect(cmc.errorIds.CLIENTDATA_CMC_FORBIDDEN).to.equal('cmc-clientdata-cmc-forbidden');
+      expect(cmc.errorIds.RESERVED_STREAM_UNDELETABLE).to.equal('cmc-reserved-stream-undeletable');
+      expect(cmc.errorIds.COUNTERPARTY_IDENTITY_MISSING).to.equal('cmc-counterparty-identity-missing');
+      expect(cmc.errorIds.HANDLER_MISSING_CAPABILITY_ID).to.equal('cmc-handler-missing-capability-id');
+    });
   });
 });
 
diff --git a/components/pryv-monitor/package.json b/components/pryv-monitor/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@pryv/monitor",
-  "version": "3.3.2",
+  "version": "3.4.0",
   "description": "Extends `pryv` with event-driven notifications for changes on a Pryv.io account",
   "keywords": [
     "Pryv",
diff --git a/components/pryv-socket.io/package.json b/components/pryv-socket.io/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@pryv/socket.io",
-  "version": "3.3.2",
+  "version": "3.4.0",
   "description": "Extends `pryv` with Socket.IO transport",
   "keywords": [
     "Pryv",
diff --git a/components/pryv/package.json b/components/pryv/package.json
@@ -1,6 +1,6 @@
 {
   "name": "pryv",
-  "version": "3.3.2",
+  "version": "3.4.0",
   "description": "Pryv JavaScript library",
   "keywords": [
     "Pryv",
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "lib-js",
-  "version": "3.3.2",
+  "version": "3.4.0",
   "private": false,
   "description": "Pryv JavaScript library and add-ons",
   "keywords": [

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@pryv/cmc",`
`3`		`- "version": "1.0.2",`
	`3`	`+ "version": "1.1.0",`
`4`	`4`	`"description": "Cross-account Messaging & Consent client helpers for Pryv.io",`
`5`	`5`	`"keywords": [`
`6`	`6`	`"Pryv",`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@pryv/monitor",`
`3`		`- "version": "3.3.2",`
	`3`	`+ "version": "3.4.0",`
`4`	`4`	"description": "Extends `pryv` with event-driven notifications for changes on a Pryv.io account",
`5`	`5`	`"keywords": [`
`6`	`6`	`"Pryv",`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@pryv/socket.io",`
`3`		`- "version": "3.3.2",`
	`3`	`+ "version": "3.4.0",`
`4`	`4`	"description": "Extends `pryv` with Socket.IO transport",
`5`	`5`	`"keywords": [`
`6`	`6`	`"Pryv",`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "pryv",`
`3`		`- "version": "3.3.2",`
	`3`	`+ "version": "3.4.0",`
`4`	`4`	`"description": "Pryv JavaScript library",`
`5`	`5`	`"keywords": [`
`6`	`6`	`"Pryv",`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "lib-js",`
`3`		`- "version": "3.3.2",`
	`3`	`+ "version": "3.4.0",`
`4`	`4`	`"private": false,`
`5`	`5`	`"description": "Pryv JavaScript library and add-ons",`
`6`	`6`	`"keywords": [`