Merge branch 'main' into feat/remove-hex-encoding-tdf3

.github/workflows/build.yaml

@@ -27,7 +27,7 @@ jobs:
           fetch-depth: ${{ !fromJSON(env.do_sonarscan) && 1 || 0 }}
       - uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           cache: 'npm'
           cache-dependency-path: './lib/package-lock.json'
       - run: npm ci
@@ -67,7 +67,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           cache: 'npm'
           cache-dependency-path: './cli/package-lock.json'
       - uses: actions/download-artifact@v4
@@ -100,7 +100,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           cache: 'npm'
           cache-dependency-path: './web-app/package-lock.json'
       - uses: actions/download-artifact@v4
@@ -145,7 +145,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           cache: 'npm'
           cache-dependency-path: './web-app/package-lock.json'
       - uses: actions/download-artifact@v4
@@ -200,7 +200,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           registry-url: https://npm.pkg.github.com
       - name: Check version number is same between tag, library, and/or release
         id: check-version
@@ -231,15 +231,6 @@ jobs:
           NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - run: echo "- [Client Library](https://github.com/opentdf/web-sdk/pkgs/npm/client)">>$GITHUB_STEP_SUMMARY
       - run: echo "- [Command Line Tool](https://github.com/opentdf/web-sdk/pkgs/npm/cli)">>$GITHUB_STEP_SUMMARY
-      - name: trigger xtest
-        run: >-
-          curl -XPOST -u "virtru-cloudnative:${{secrets.PERSONAL_ACCESS_TOKEN}}"
-          -H "Accept: application/vnd.github.everest-preview+json"
-          -H "Content-Type: application/json"
-          "https://api.github.com/repos/opentdf/backend/dispatches"
-          --data '{"event_type":"xtest","client_payload":{"version":"'${FULL_VERSION%%+*}'"}}'
-        env:
-          FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }}
       - name: Publish documentation to gh-pages
         uses: JamesIves/[email protected]
         with:
@@ -259,7 +250,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           registry-url: 'https://registry.npmjs.org'
       - run: make all
       - run: >-

.github/workflows/format.yaml

@@ -8,7 +8,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           cache: 'npm'
           cache-dependency-path: './lib/package-lock.json'
       - run: make format

.github/workflows/large-tests.yaml

@@ -14,7 +14,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           cache: 'npm'
           cache-dependency-path: './lib/package-lock.json'
       - run: npm ci
@@ -44,7 +44,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           cache: 'npm'
           cache-dependency-path: './cli/package-lock.json'
       - uses: actions/download-artifact@v4
@@ -74,7 +74,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           cache: 'npm'
           cache-dependency-path: './web-app/package-lock.json'
       - uses: actions/download-artifact@v4

.github/workflows/roundtrip/opentdf.yaml

@@ -23,6 +23,7 @@ services:
         legacy: true
   entityresolution:
     url: http://localhost:65432/auth
+    log_level: info
     clientid: 'tdf-entity-resolution'
     clientsecret: 'secret'
     realm: 'opentdf'
@@ -31,27 +32,34 @@ services:
       from:
         email: true
         username: true
+  # policy is enabled by default in mode 'all'
+  # policy:
+  #   enabled: true
+  # list_request_limit_default: 1000
+  # list_request_limit_max: 2500
 server:
+  tls:
+    enabled: false
+    cert: ./keys/platform.crt
+    key: ./keys/platform-key.pem
   auth:
     enabled: true
     public_client_id: 'opentdf-public'
     audience: 'http://localhost:65432'
     issuer: http://localhost:65432/auth/realms/opentdf
     policy:
-      ## Default policy for all requests
-      default: #"role:standard"
       ## Dot notation is used to access nested claims (i.e. realm_access.roles)
-      claim: # realm_access.roles
-      ## Maps the external role to the opentdf role
-      ## Note: left side is used in the policy, right side is the external role
-      map:
-        # standard: opentdf-standard
-        # admin: opentdf-admin
-
-      ## Custom policy (see examples https://github.com/casbin/casbin/tree/master/examples)
+      # Claim that represents the user (i.e. email)
+      username_claim: # preferred_username
+      # That claim to access groups (i.e. realm_access.roles)
+      groups_claim: # realm_access.roles
+      ## Extends the builtin policy
+      extension: |
+        g, opentdf-admin, role:admin
+        g, opentdf-standard, role:standard
+      ## Custom policy that overrides builtin policy (see examples https://github.com/casbin/casbin/tree/master/examples)
       csv: #|
       #  p, role:admin, *, *, allow
-
       ## Custom model (see https://casbin.org/docs/syntax-for-models/)
       model: #|
       #  [request_definition]

.github/workflows/roundtrip/package.json

@@ -1,7 +1,7 @@
 {
     "name": "web-sdk-roundtrip",
     "version": "0.0.1",
-    "description": "Simple example to encrypt and decrypt files with quickstart backend.",
+    "description": "Simple example to encrypt and decrypt files.",
     "scripts": {},
     "dependencies": {
         "@opentdf/ctl": "file:../../../cli/opentdf-ctl-0.1.0.tgz"

.github/workflows/roundtrip/wait-and-test.sh

@@ -23,13 +23,9 @@ _configure_app() {
   return 0
 }
 
-if [ $1 = backend ]; then
-  VITE_PROXY='{"/api":{"target":"http://localhost:5432","xfwd":true},"/auth":{"target":"http://localhost:5432","xfwd":true}}'
-  VITE_TDF_CFG='{"oidc":{"host":"http://localhost:65432/auth/realms/tdf","clientId":"browsertest"},"kas":"http://localhost:65432/api/kas","reader":"https://secure.virtru.com/start?htmlProtocol=1"}'
-else # if [ $1 = platform ]; then
-  VITE_PROXY='{"/kas":{"target":"http://localhost:8080","xfwd":true},"/auth":{"target":"http://localhost:8888","xfwd":true}}'
-  VITE_TDF_CFG='{"oidc":{"host":"http://localhost:65432/auth/realms/opentdf","clientId":"browsertest"},"kas":"http://localhost:65432/kas","reader":"https://secure.virtru.com/start?htmlProtocol=1"}'
-fi
+VITE_PROXY='{"/kas":{"target":"http://localhost:8080","xfwd":true},"/auth":{"target":"http://localhost:8888","xfwd":true}}'
+VITE_TDF_CFG='{"oidc":{"host":"http://localhost:65432/auth/realms/opentdf","clientId":"browsertest"},"kas":"http://localhost:65432/kas","reader":"https://secure.virtru.com/start?htmlProtocol=1"}'
+
 export VITE_PROXY
 export VITE_TDF_CFG
 

.nvmrc

@@ -1 +1 @@
-20
+22

Makefile

@@ -1,5 +1,5 @@
 
-version=0.1.0
+version=0.2.0
 extras=cli web-app
 pkgs=lib $(extras)