Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
5b550cd
chore(dev): add ci/cd
Jan 25, 2026
54979f0
fix(codec): harden value parsing, string/bytes bounds, nested init
May 21, 2026
bacb0aa
feat(generator): fail on missing nanopb .options; fix escaping & regex
May 21, 2026
fc98324
test: add ASan/UBSan encode/decode fuzz harness
May 21, 2026
116e7b1
docs+dx: threading & value-mapping docs; Xcode 26 fmt fix; pod fallback
May 21, 2026
ff10cbc
docs: add codec audit + runtime/fuzz verification report
May 21, 2026
ed5a4c3
chore(deps): bump nitro-modules + nitrogen to 0.35.7
May 21, 2026
6ebbe1b
chore(deps): upgrade React Native 0.83 -> 0.85.3 + react / safe-area …
May 21, 2026
cd04e7b
fix(android): include nitro headers via <NitroModules/...> for prefab
May 21, 2026
fb1d840
fix(android): eagerly load native lib so HybridObject registers at st…
May 21, 2026
3c85b20
test(native-fuzz): add NitroModules shim include for host compile
May 21, 2026
becf7bc
perf: add benchmark suite (native / protobuf.js / JSON / on-device) +…
May 21, 2026
a37bfce
perf(codec): optimize decode/encode hot paths (decode 34-43% faster)
May 21, 2026
16dd614
feat(dx): zero-install codegen, default field sizes, TS types, init +…
May 21, 2026
28a9994
chore(example): drop example.options to demonstrate zero-config defaults
May 21, 2026
242e508
docs: rewrite README with a clean, best-practice structure
May 21, 2026
84e68ae
style: replace em/en dashes and minus signs with ASCII hyphens
May 21, 2026
4a6af5d
ci: test + npm release workflows; scope package to @klaappinc
May 21, 2026
558420a
test(harness): avoid null memcpy in 0-length decode-fuzz case
May 21, 2026
d8979c2
docs: add Klaapp banner + CI badge to README
May 21, 2026
b4c741d
ci: add lint+format gate, CodeQL, Dependabot, dep review, release-please
May 21, 2026
c380d8c
ci: adopt Git Flow + fix Node-20 action deprecation
May 21, 2026
438eb53
feat(codegen): typed per-message API, well-known types, watch mode
May 21, 2026
62e6aa8
perf(bench): honest size sweep + bytes boundary-conversion cost
May 21, 2026
d4efd3e
docs: typed API, well-known types, compatibility matrix, semver, erro…
May 21, 2026
bf37273
fix(build): compile + resolve well-known-type sources on iOS and Android
May 21, 2026
bf55e96
test(example): on-device typed-API + well-known-type round-trip self-…
May 21, 2026
b080418
feat: bigint + string-enum codegen options, typed errors, size warnings
May 21, 2026
cef8a12
feat: byteLength() + field reflection
May 21, 2026
1b64d28
feat(tooling): protobuf.js wire-interop test + Metro codegen plugin
May 21, 2026
a2a191b
docs: document 1.2.0 features + honest ROADMAP status
May 21, 2026
29a0d76
test(example): on-device checks for byteLength, reflection, typed errors
May 21, 2026
e71b705
feat(codec): oneof support
May 21, 2026
05b8660
feat(codec): map<K,V> support
May 21, 2026
d4fe0ac
test(example): on-device oneof + map checks; regenerate registry (is_…
May 21, 2026
53f44bb
feat(codegen): convert map values (WKT/bigint/enum/nested)
May 21, 2026
b1ae8e4
feat: proto2 syntax support
May 21, 2026
046af8b
feat(codegen): canonical proto3 JSON (toJson/fromJson)
May 21, 2026
6962a15
chore(release): set version 1.1.0; consolidate docs + format
May 21, 2026
cd9d98b
test(example): AllTypes message covering every proto type
May 21, 2026
bb3fa4e
docs(perf): re-measure all benchmarks on a quiet machine
May 21, 2026
acca394
chore(deps-dev): bump lodash from 4.17.23 to 4.18.1
dependabot[bot] May 22, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added .github/banner.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
30 changes: 30 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
version: 2
updates:
# Library dependencies
- package-ecosystem: npm
directory: /
schedule:
interval: weekly
open-pull-requests-limit: 5
groups:
minor-and-patch:
update-types: [minor, patch]

# Example app dependencies
- package-ecosystem: npm
directory: /example
schedule:
interval: weekly
open-pull-requests-limit: 5
groups:
minor-and-patch:
update-types: [minor, patch]

# GitHub Actions versions (also bumps the deprecated Node-20 actions)
- package-ecosystem: github-actions
directory: /
schedule:
interval: weekly
groups:
actions:
patterns: ['*']
16 changes: 16 additions & 0 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
## Summary

<!-- What does this change and why? -->

## Target branch

- [ ] Feature/fix → targets **`develop`** (not `main`)
- [ ] Hotfix → targets **`main`** (and will be back-merged to `develop`)

## Checklist

- [ ] Conventional Commit title (`feat:`, `fix:`, `perf:`, `docs:`, `chore:`, …)
- [ ] `bun run lint-ci` and `bun run format:check` pass
- [ ] `bun run test` passes (unit + native fuzz)
- [ ] If `.proto`/codec changed: regenerated and verified on iOS/Android
- [ ] Docs updated if behavior or API changed
60 changes: 60 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
name: CodeQL

on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
schedule:
- cron: '0 6 * * 1' # weekly, Monday 06:00 UTC

env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

jobs:
analyze:
name: Analyze (${{ matrix.language }})
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
strategy:
fail-fast: false
matrix:
include:
- language: javascript-typescript
build-mode: none
- language: c-cpp
build-mode: manual
steps:
- uses: actions/checkout@v4

- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm

- run: npm ci

- uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}

# Compile the C++ codec (no protoc needed: ProtobufCodec.cpp/Base64.cpp do
# not depend on generated sources) so CodeQL can analyze it. Uses the same
# NitroModules shim as the tests so the <NitroModules/...> includes resolve.
- name: Build C++ codec for CodeQL
if: matrix.language == 'c-cpp'
run: |
NM=node_modules/react-native-nitro-modules/cpp
RN=node_modules/react-native/ReactCommon/jsi
mkdir -p .codeql-shim
ln -sfn "$PWD/$NM/core" .codeql-shim/NitroModules
clang++ -std=c++20 -c cpp/ProtobufCodec.cpp cpp/Base64.cpp \
-I .codeql-shim -I cpp -I cpp/nanopb -I "$NM/core" -I "$NM/utils" -I "$RN"

- uses: github/codeql-action/analyze@v3
with:
category: '/language:${{ matrix.language }}'
22 changes: 22 additions & 0 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: Dependency Review

# Flags vulnerable or disallowed-license dependencies introduced by a PR.
# Requires the Dependency Graph (free on public repos; private repos need
# GitHub Advanced Security). If private without GHAS, replace this with an
# `npm audit --audit-level=high` job.
on: pull_request

permissions:
contents: read

env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/dependency-review-action@v4
with:
fail-on-severity: high
24 changes: 24 additions & 0 deletions .github/workflows/release-please.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: release-please

# Maintains a release PR (version bump in package.json + CHANGELOG.md from
# Conventional Commits). Merging that PR creates a GitHub Release + tag, which
# triggers release.yml to publish to npm.
on:
push:
branches: [main]

permissions:
contents: write
pull-requests: write

env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

jobs:
release-please:
runs-on: ubuntu-latest
steps:
- uses: googleapis/release-please-action@v4
with:
config-file: release-please-config.json
manifest-file: .release-please-manifest.json
47 changes: 47 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: Release

on:
release:
types: [published]
workflow_dispatch:

env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

jobs:
# Run the full CI suite first; never publish a red build.
test:
uses: ./.github/workflows/test.yml

publish:
needs: test
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v4

- uses: actions/setup-node@v4
with:
node-version: 20
registry-url: https://registry.npmjs.org
cache: npm

- run: npm ci

- name: Verify tag matches package.json version
if: startsWith(github.ref, 'refs/tags/v')
run: |
PKG=$(node -p "require('./package.json').version")
TAG="${GITHUB_REF_NAME#v}"
if [ "$PKG" != "$TAG" ]; then
echo "::error::Tag v$TAG does not match package.json version $PKG"
exit 1
fi
echo "Publishing v$PKG"

# `prepublishOnly` builds lib/ via tsc before packing.
- name: Publish to npm
run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
64 changes: 64 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
name: CI

on:
push:
branches: [main, develop, 'feature/**', 'release/**', 'hotfix/**']
pull_request:
branches: [develop, main]
workflow_call: # reused by release.yml as a publish gate

env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- run: npm ci
- name: Lint
run: npm run lint-ci
- name: Format check
run: npm run format:check

test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm

- run: npm ci

- name: Typecheck
run: npm run typecheck

- name: Build (tsc)
run: npm run build

# Toolchain for the native ASan/UBSan fuzz + round-trip tests. They invoke
# the generator with explicit --protoc / --nanopb and compile under clang;
# without these on PATH the native tests self-skip. nanopb is pinned to the
# vendored runtime version (cpp/nanopb).
- uses: actions/setup-python@v5
with:
python-version: '3.12'

- name: Install protoc, nanopb generator, and clang
run: |
python -m pip install --quiet "nanopb==0.4.9.1"
sudo apt-get update
sudo apt-get install -y --no-install-recommends protobuf-compiler clang
protoc --version
protoc-gen-nanopb --version || true
clang++ --version

- name: Test (unit + native ASan/UBSan fuzz)
run: npm test
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,8 @@ lib/
# Nitro Protobuf generated files
generated/*.pb.h
generated/*.pb.c
generated/nitro-protobuf.ts
generated/.nanopb-options/

# caches
.eslintcache
Expand Down
3 changes: 3 additions & 0 deletions .release-please-manifest.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
".": "1.0.0"
}
Loading
Loading