arvo-core 3.0.19 → 3.0.21

package/.nvmrc

@@ -0,0 +1 @@
+v20.17.0

package/Dockerfile

@@ -0,0 +1,7 @@
+ARG NODE_VERSION=18
+FROM node:${NODE_VERSION}-alpine
+WORKDIR /app
+COPY node_modules ./node_modules
+COPY package*.json ./
+COPY . .
+RUN npm run build

package/Dockerfile.install

@@ -0,0 +1,23 @@
+ARG NODE_VERSION=18
+FROM node:${NODE_VERSION}-alpine
+
+RUN npm install -g @aikidosec/safe-chain
+RUN safe-chain setup-ci
+
+WORKDIR /install
+COPY package*.json ./
+COPY .npmrc ./
+
+# Build arguments for optional package installation
+ARG PACKAGES=""
+ARG DEV=""
+
+# Install dependencies in isolation
+# Lifecycle scripts can run but have no access to host secrets
+# If PACKAGES specified: install those specific packages
+# Otherwise: install all dependencies from package.json
+RUN if [ -n "$PACKAGES" ]; then \
+        [ "$DEV" = "true" ] && npm install -D $PACKAGES || npm install $PACKAGES; \
+    else \
+        npm install; \
+    fi

package/Dockerfile.test

@@ -0,0 +1,7 @@
+ARG NODE_VERSION=18
+FROM node:${NODE_VERSION}-alpine
+WORKDIR /app
+COPY node_modules ./node_modules
+COPY package*.json ./
+COPY . .
+CMD ["npm", "test"]

package/README.md

@@ -1,199 +1,83 @@
 [![SonarCloud](https://sonarcloud.io/images/project_badges/sonarcloud-white.svg)](https://sonarcloud.io/summary/new_code?id=SaadAhmad123_arvo-core)
 [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=SaadAhmad123_arvo-core&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=SaadAhmad123_arvo-core)
 
+# Arvo - A toolkit for event driven application (arvo-core)
 
-# Arvo
-In the landscape of event-driven systems, Arvo attempts to stand apart through its unique approach to complexity. Rather than prescribing rigid solutions, Arvo provides a thoughtful pattern language and methodology for building distributed systems. It achieves this by striking a careful balance between structure and freedom, offering strong conventions while remaining deliberately unopinionated about implementation details.
+The foundational package of, Arvo, a TypeScript toolkit for building event-driven applications that are distributed system-compliant. Arvo Core provides CloudEvents-compliant event primitives, type-safe contract validation, and OpenTelemetry observability without infrastructure lock-in.
 
-## Core Philosophy
-Arvo's fundamental principle is that distributed systems thrive on trust and clear contracts, yet must remain flexible in their technical implementation. While the framework ensures reliability and type safety across service boundaries through these contracts, it consciously avoids dictating how you should implement core functionalities like security, event brokerage, event handling, telemetry, or workflow orchestration. This approach enables seamless integration with your existing infrastructure and tools, whether you're using cloud providers like AWS and Azure or your own on-premise solutions.
-Understanding that teams shouldn't need to reinvent common patterns, Arvo provides thoughtfully designed tools to reduce implementation complexity. The Arvo suite includes libraries like arvo-xstate for workflow orchestration using state machines and arvo-event-handler for implementing contract-based event handlers. However, these tools remain entirely optional – they exist to accelerate development when they align with your needs, but Arvo fully supports teams who choose different approaches that better suit their specific requirements.
-This philosophy particularly benefits teams focusing on business logic who want to avoid rebuilding fundamental event-driven patterns. By providing essential building blocks for event creation, contract validation, state management, and telemetry, while maintaining cloud agnosticism and extensibility, Arvo reduces the complexity of distributed system development without constraining technical choices.
+## What is Arvo Core?
 
-## Design Goals
-Arvo addresses the inherent complexity of distributed systems by establishing clear patterns for event handling, state management, and service communication. Instead of enforcing a rigid framework, it provides a flexible foundation that helps teams reduce cognitive load while preserving their ability to innovate and adapt. This approach ensures that whether you're building a small microservice or orchestrating a large-scale distributed system, Arvo's lightweight core and extensible architecture can grow alongside your needs, allowing you to progressively adopt more sophisticated patterns as your system evolves.
+Arvo Core gives you three essential building blocks for event-driven architecture:
 
+**ArvoEvent** - CloudEvents-compliant event primitives with built-in validation, tracing, and execution cost tracking.
 
-## The Arvo Framework: Build at Your Own Pace
-The Arvo framework provides a cohesive set of libraries for building event-driven systems. While designed to work together seamlessly, each component remains independent - adopt what serves your needs and integrate at your own pace.
+**ArvoContract** - Type-safe service interfaces with semantic versioning. Define what events your services accept and emit with automatic runtime validation and compile-time type inference.
 
-| Scope       | NPM                                                                | Github                                                                | Documentation                                                                |
-| ------------ | ------------------------------------------------------------- | ------------------------------------------------------------- | ------------------------------------------------------------- |
-| Orchestration      | https://www.npmjs.com/package/arvo-xstate?activeTab=readme | https://github.com/SaadAhmad123/arvo-xstate | https://saadahmad123.github.io/arvo-xstate/index.html |
-| Core       | https://www.npmjs.com/package/arvo-core?activeTab=readme                | https://github.com/SaadAhmad123/arvo-core | https://saadahmad123.github.io/arvo-core/index.html |
-| Event Handling | https://www.npmjs.com/package/arvo-event-handler?activeTab=readme      | https://github.com/SaadAhmad123/arvo-event-handler | https://saadahmad123.github.io/arvo-event-handler/index.html |
+**ArvoEventFactory** - Contract-bound factories that create validated events with full IntelliSense support and OpenTelemetry integration.
 
-
-# Arvo - Core
-
-Arvo Core provides the foundational building blocks for creating robust event-driven systems. It implements industry standards while adding enterprise-grade features, enabling developers to build reliable distributed systems without sacrificing flexibility or introducing vendor lock-in.
-
-## Core Concepts
-
-Understanding Arvo Core begins with its three fundamental components that work together to create a robust event-driven architecture:
-
-### 1. Events (ArvoEvent)
-
-ArvoEvent extends the CloudEvents specification to provide a standardized way to describe events in your system. Every event is an immutable, validated instance that includes:
-
-```typescript
-import { createArvoEvent } from 'arvo-core';
-
-const event = createArvoEvent({
-  source: 'user-service',
-  type: 'user.created',
-  subject: 'user/123',
-  data: {
-    userId: 'usr_123',
-    email: 'user@example.com'
-  }
-});
+## Installation
+```bash
+npm install arvo-core zod@3
 ```
 
-### 2. Contracts (ArvoContract)
-
-ArvoContract defines and enforces agreements between services, ensuring type safety and validation across your distributed system:
-
+## Quick Start
 ```typescript
-import { createArvoContract, z } from 'arvo-core';
+import { createArvoContract, createArvoEventFactory } from 'arvo-core';
+import { z } from 'zod';
 
+// Define a contract
 const userContract = createArvoContract({
   uri: '#/contracts/user',
-  type: 'user.created',
+  type: 'user.create',
   versions: {
     '1.0.0': {
       accepts: z.object({
-        userId: z.string(),
-        email: z.string().email()
+        email: z.string().email(),
+        name: z.string()
       }),
       emits: {
-        'user.notification.sent': z.object({
+        'evt.user.create.success': z.object({
           userId: z.string(),
-          timestamp: z.date()
+          timestamp: z.string()
         })
       }
     }
   }
 });
-```
-
-### 3. Event Factory (ArvoEventFactory)
-
-ArvoEventFactory provides a type-safe way to create events that conform to your contracts. It handles validation, OpenTelemetry integration, and ensures events meet their contract specifications:
 
-```typescript
-import { createArvoEventFactory } from 'arvo-core';
-
-// Create a factory for a specific contract version
+// Create events with type safety
 const factory = createArvoEventFactory(userContract.version('1.0.0'));
 
-// Create an event that accepts input
-const inputEvent = factory.accepts({
+const event = factory.accepts({
   source: 'api/users',
-  subject: 'user/creation',
-  data: {
-    userId: 'usr_123',
-    email: 'user@example.com'
-  }
-});
-
-// Create an event that emits output
-const outputEvent = factory.emits({
-  type: 'user.notification.sent',
-  source: 'notification-service',
-  subject: 'notification/sent',
   data: {
-    userId: 'usr_123',
-    timestamp: new Date()
+    email: 'user@example.com',
+    name: 'John Doe'
   }
 });
-
-// Create a system error event
-const errorEvent = factory.systemError({
-  error: new Error('Validation failed'),
-  source: 'validation-service',
-  subject: 'validation/error'
-});
-```
-
-## Installation
-
-```bash
-# Using npm
-npm install arvo-core
-
-# Using yarn
-yarn add arvo-core
 ```
 
-## Advanced Usage
-
-### Working with Contract Versions
-
-The versioning system in ArvoContract allows you to evolve your APIs while maintaining compatibility:
-
-```typescript
-const versionedContract = createArvoContract({
-  uri: '#/contracts/order',
-  type: 'order.process',
-  versions: {
-    '1.0.0': {
-      accepts: z.object({ orderId: z.string() }),
-      emits: { 
-        'order.processed': z.object({ status: z.string() }) 
-      }
-    },
-    '2.0.0': {
-      accepts: z.object({ 
-        orderId: z.string(),
-        metadata: z.record(z.string()) 
-      }),
-      emits: { 
-        'order.processed': z.object({ 
-          status: z.string(),
-          metrics: z.object({ duration: z.number() })
-        }) 
-      }
-    }
-  }
-});
-
-// Create version-specific factories
-const v1Factory = createArvoEventFactory(versionedContract.version('1.0.0'));
-const v2Factory = createArvoEventFactory(versionedContract.version('2.0.0'));
-```
+## Why Arvo?
 
-## Integration with Other Arvo Components
+Arvo abstracts infrastructure concerns from your business logic. Write application code once and deploy it anywhere - Node.js servers, serverless functions, browsers, or distributed clusters. Your business logic encapsulated in event handlers and contracts remain unchanged while you swap infrastructure integrations.
 
-Arvo Core works seamlessly with:
-- arvo-event-handler: For processing events
-- arvo-xstate: For orchestration and workflow management
+The same primitives work for simple request-response services, complex multi-service workflows, AI agent systems, and everything in between. No framework lock-in, no mandatory infrastructure, just clean event-driven code that integrates with your existing stack.
 
-Each component builds upon these core primitives while maintaining the same principles of flexibility and reliability.
+## What is `arvo-core`?
 
-## Best Practices
+The `arvo-core` is one of the two foundational packages in the Arvo ecosystem, alongside `arvo-event-handler`. Together, they provide the complete foundation for building event-driven applications that are distributed system-compliant. Explore additional tools and integrations in the `@arvo-tools` namespace.
 
-1. Use factories for event creation to ensure contract compliance
-2. Implement proper error handling using the standard error schema
-3. Enable distributed tracing in production systems
-4. Share contracts as separate packages or monorepo internals
-5. Utilize version-specific factories for different API versions
+Learn more at the official Arvo website: [https://www.arvo.land/](https://www.arvo.land/)
 
-## Resources
+## Documentation
 
-| Resource      | Link                                                       |
-|--------------|-------------------------------------------------------------|
-| Documentation | https://saadahmad123.github.io/arvo-core/index.html        |
-| GitHub        | https://github.com/SaadAhmad123/arvo-core                  |
-| NPM Package   | https://www.npmjs.com/package/arvo-core                    |
+Complete guides, API reference, and tutorials at [https://www.arvo.land/](https://www.arvo.land/)
 
 ## License
 
-This package is available under the MIT License. For more details, refer to the [LICENSE.md](LICENSE.md) file in the project repository.
-
-## Change Logs
+MIT - See [LICENSE.md](LICENSE.md)
 
-For a detailed list of changes and updates, please refer to the [document](CHANGELOG.md) file.
+---
 
 ### SonarCloud Metrics
 
@@ -207,5 +91,4 @@ For a detailed list of changes and updates, please refer to the [document](CHANG
 [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=SaadAhmad123_arvo-core&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=SaadAhmad123_arvo-core)
 [![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=SaadAhmad123_arvo-core&metric=sqale_index)](https://sonarcloud.io/summary/new_code?id=SaadAhmad123_arvo-core)
 [![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=SaadAhmad123_arvo-core&metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=SaadAhmad123_arvo-core)
-[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=SaadAhmad123_arvo-core&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=SaadAhmad123_arvo-core)
-
+[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=SaadAhmad123_arvo-core&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=SaadAhmad123_arvo-core)

package/dist/ArvoContract/VersionedArvoContract/index.js

@@ -10,12 +10,9 @@ var __assign = (this && this.__assign) || function () {
     };
     return __assign.apply(this, arguments);
 };
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VersionedArvoContract = void 0;
-var zod_to_json_schema_1 = __importDefault(require("zod-to-json-schema"));
+var zod_to_json_schema_1 = require("zod-to-json-schema");
 var OpenTelemetry_1 = require("../../OpenTelemetry");
 var utils_1 = require("../../utils");
 var WildCardArvoSemanticVersion_1 = require("../WildCardArvoSemanticVersion");
@@ -119,17 +116,17 @@ var VersionedArvoContract = /** @class */ (function () {
                 metadata: this.metadata,
                 accepts: {
                     type: this._accepts.type,
-                    schema: (0, zod_to_json_schema_1.default)(this._accepts.schema),
+                    schema: (0, zod_to_json_schema_1.zodToJsonSchema)(this._accepts.schema),
                 },
                 systemError: {
                     type: this.systemError.type,
-                    schema: (0, zod_to_json_schema_1.default)(this.systemError.schema),
+                    schema: (0, zod_to_json_schema_1.zodToJsonSchema)(this.systemError.schema),
                 },
                 emits: Object.entries(this._emits).map(function (_a) {
                     var key = _a[0], value = _a[1];
                     return ({
                         type: key,
-                        schema: (0, zod_to_json_schema_1.default)(value),
+                        schema: (0, zod_to_json_schema_1.zodToJsonSchema)(value),
                     });
                 }),
             };

package/dist/ArvoContract/VersionedArvoContract/types.d.ts

@@ -1,4 +1,4 @@
-import type zodToJsonSchema from 'zod-to-json-schema';
+import type { zodToJsonSchema } from 'zod-to-json-schema';
 import type ArvoContract from '..';
 import type { ArvoSemanticVersion } from '../../types';
 /**

package/justfile

@@ -0,0 +1,126 @@
+# Docker-Isolated NPM Development Environment
+#
+# This justfile provides Docker-based sandbox isolation for npm operations to protect against
+# supply chain attacks during local development on local machine. All npm operations 
+# run in ephemeral containers with no access to your host filesystem, environment 
+# variables, or secrets.
+#
+# WHAT THIS PROTECTS AGAINST:
+# - Malicious install scripts stealing SSH keys, AWS credentials, or other secrets
+# - Package typosquatting attacks that exfiltrate local environment variables
+# - Compromised packages accessing your home directory during installation
+# - Supply chain attacks that attempt to modify files outside node_modules
+# - Malicious code execution during build and test phases (runs in isolated containers)
+#
+# WHAT THIS DOESN'T PROTECT AGAINST:
+# - Malicious code in package runtime logic when you actually run your application
+# - Sophisticated obfuscated malware that bypasses basic pattern detection
+# - Attacks that only activate in production environments
+# 
+# **Disclaimer:** This does not gate against malware in node_modules or in your code 
+# (you need to update the Docker.install to add that gate as per your requirments 
+# - if you need one). Rather, its scope is **strictly limited** to attempting to protect
+# the host device from exposure if the malware gets excuted.
+#
+# HOW IT WORKS:
+# INSTALL PHASE:
+#   1. npm install runs inside a clean Docker container with no volume mounts
+#   2. Basic placeholder malware detection (so the you can add more complex methods if you want) scans run after installation completes
+#   3. Only node_modules and package files are extracted back to your host
+#   4. Container is destroyed, leaving no trace of potentially malicious install scripts
+#
+# BUILD PHASE:
+#   1. Source code and dependencies are copied into a fresh container
+#   2. Build process (TypeScript compilation, bundling, etc.) runs isolated
+#   3. Only the compiled output (dist/) is extracted back to host
+#   4. Any malicious code that tries to run during build is contained
+#
+# TEST PHASE:
+#   1. Tests run in an isolated container with optional .env file mounting
+#   2. Test dependencies can't access your host system during execution
+#   3. Container is destroyed after tests complete
+#   4. Secrets in .env are passed at runtime, never baked into image layers
+#
+# USAGE:
+#   just install                    # Install all dependencies from package.json
+#   just install <package>          # Install specific package(s)
+#   just install-dev <package>      # Install as dev dependency
+#   just test                       # Run tests in isolated container
+#   just build                      # Build project in isolated container
+#   just clean                      # Remove node_modules
+
+node_version := `cat .nvmrc | tr -d 'v\n\r'`
+
+install *PACKAGES:
+    #!/usr/bin/env bash
+    set -euo pipefail
+    NODE_VERSION={{node_version}}
+    echo "Installing dependencies with Node $NODE_VERSION..."
+    docker build --progress=plain -f Dockerfile.install --build-arg NODE_VERSION=$NODE_VERSION --build-arg PACKAGES="{{PACKAGES}}" -t npm-installer .
+    CONTAINER_ID=$(docker create --name npm-temp npm-installer)
+    docker logs $CONTAINER_ID
+    echo "Extracting node_modules..."
+    docker cp npm-temp:/install/node_modules ./node_modules
+    docker cp npm-temp:/install/package.json ./package.json
+    docker cp npm-temp:/install/package-lock.json ./package-lock.json 2>/dev/null || true
+    echo "Cleaning up..."
+    docker rm npm-temp
+    docker rmi npm-installer
+    echo "Done."
+
+install-dev *PACKAGES:
+    #!/usr/bin/env bash
+    set -euo pipefail
+    NODE_VERSION={{node_version}}
+    echo "Installing dev dependencies with Node $NODE_VERSION..."
+    docker build --progress=plain -f Dockerfile.install --build-arg NODE_VERSION=$NODE_VERSION --build-arg PACKAGES="{{PACKAGES}}" --build-arg DEV=true -t npm-installer .
+    CONTAINER_ID=$(docker create --name npm-temp npm-installer)
+    docker logs $CONTAINER_ID
+    echo "Extracting node_modules..."
+    docker cp npm-temp:/install/node_modules ./node_modules
+    docker cp npm-temp:/install/package.json ./package.json
+    docker cp npm-temp:/install/package-lock.json ./package-lock.json 2>/dev/null || true
+    echo "Cleaning up..."
+    docker rm npm-temp
+    docker rmi npm-installer
+    echo "Done."
+
+build:
+    #!/usr/bin/env bash
+    set -euo pipefail
+    NODE_VERSION=$(cat .nvmrc | tr -d 'v\n\r')
+    echo "Building with Node $NODE_VERSION..."
+    # Build does not need network. So it must not use it
+    docker build --network none --progress=plain -f Dockerfile --build-arg NODE_VERSION=$NODE_VERSION -t npm-build .
+    CONTAINER_ID=$(docker create npm-build)
+    echo "Extracting build artifacts..."
+    docker cp $CONTAINER_ID:/app/dist ./dist
+    echo "Cleaning up..."
+    docker rm $CONTAINER_ID
+    docker rmi npm-build
+    echo "Build complete. Output in ./dist"
+
+test:
+    #!/usr/bin/env bash
+    set -euo pipefail
+    NODE_VERSION=$(cat .nvmrc | tr -d 'v\n\r')
+    echo "Running tests with Node $NODE_VERSION..."
+    docker build --progress=plain -f Dockerfile.test --build-arg NODE_VERSION=$NODE_VERSION -t npm-test .
+
+    # Run tests with .env file mounted if it exists
+    if [ -f .env ]; then
+        echo "Found .env file, mounting it..."
+        docker run --rm --env-file .env npm-test
+    else
+        echo "No .env file found, running without environment variables..."
+        ## If the .env is not there then I can safely assume the there is
+        ## no need so making netowrk calls
+        docker run --rm --network none npm-test
+    fi
+    echo "Tests complete."
+
+clean:
+    rm -rf node_modules
+
+install-biome:
+    npm i -D @biomejs/biome@1.9.4

package/package.json

@@ -1,8 +1,12 @@
 {
   "name": "arvo-core",
-  "version": "3.0.19",
-  "description": "This core package contains all the core classes and components of the Arvo Event Driven System",
+  "version": "3.0.21",
   "main": "dist/index.js",
+  "description": "The core Arvo package which provides application tier core primitives and contract system for building production-grade event-driven application. Provides ArvoEvent (CloudEvents-compliant), ArvoContract for type-safe service interfaces, event factories, OpenTelemetry integration, and orchestration utilities - enabling infrastructure-agnostic, composable, and observable distributed systems-compliant applications.",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/SaadAhmad123/arvo-core"
+  },
   "scripts": {
     "build": "tsc",
     "start": "node ./dist/index.js",
@@ -12,40 +16,55 @@
     "format": "biome format --fix",
     "doc": "npx typedoc"
   },
-  "keywords": ["arvo", "event-driven architecture", "xorca", "core", "cloudevent", "opentelemetry", "orchestrator"],
+  "keywords": [
+    "arvo",
+    "event-driven",
+    "cloudevents",
+    "opentelemetry",
+    "distributed-systems",
+    "event-sourcing",
+    "messaging",
+    "microservices",
+    "observability",
+    "type-safe",
+    "orchestration",
+    "async",
+    "workflow",
+    "telemetry",
+    "events"
+  ],
   "author": "Saad Ahmad <saadkwi12@hotmail.com>",
   "license": "MIT",
   "devDependencies": {
-    "@biomejs/biome": "^1.9.4",
-    "@jest/globals": "^29.7.0",
-    "@opentelemetry/auto-instrumentations-node": "^0.49.1",
-    "@opentelemetry/exporter-metrics-otlp-proto": "^0.52.1",
-    "@opentelemetry/exporter-trace-otlp-proto": "^0.52.1",
-    "@opentelemetry/resources": "^1.25.1",
-    "@opentelemetry/sdk-metrics": "^1.25.1",
-    "@opentelemetry/sdk-node": "^0.52.1",
-    "@opentelemetry/sdk-trace-node": "^1.25.1",
-    "@opentelemetry/semantic-conventions": "^1.25.1",
-    "@types/jest": "^29.5.12",
-    "@types/node": "^22.5.0",
-    "@types/pako": "^2.0.3",
-    "@types/uuid": "^10.0.0",
-    "dotenv": "^16.4.5",
-    "jest": "^29.7.0",
-    "ts-jest": "^29.2.5",
-    "ts-node": "^10.9.2",
-    "typedoc": "^0.26.6",
-    "typedoc-github-theme": "^0.1.2",
-    "typedoc-plugin-zod": "^1.2.1",
-    "typescript": "^5.5.4"
+    "@biomejs/biome": "1.9.4",
+    "@jest/globals": "29.7.0",
+    "@opentelemetry/auto-instrumentations-node": "0.49.1",
+    "@opentelemetry/exporter-metrics-otlp-proto": "0.52.1",
+    "@opentelemetry/exporter-trace-otlp-proto": "0.52.1",
+    "@opentelemetry/resources": "1.25.1",
+    "@opentelemetry/sdk-metrics": "1.25.1",
+    "@opentelemetry/sdk-node": "0.52.1",
+    "@opentelemetry/sdk-trace-node": "1.25.1",
+    "@opentelemetry/semantic-conventions": "1.38.0",
+    "@types/jest": "29.5.12",
+    "@types/node": "22.19.1",
+    "@types/pako": "2.0.4",
+    "dotenv": "16.6.1",
+    "jest": "29.7.0",
+    "ts-jest": "29.4.5",
+    "ts-node": "10.9.2",
+    "typedoc": "0.28.15",
+    "typedoc-github-theme": "0.3.1",
+    "typedoc-plugin-zod": "1.4.3",
+    "typescript": "5.9.3"
   },
   "dependencies": {
-    "@opentelemetry/api": "^1.9.0",
-    "@opentelemetry/core": "^1.30.1",
-    "pako": "^2.1.0",
-    "uuid": "^11.1.0",
-    "zod": "^3.25.74",
-    "zod-to-json-schema": "^3.24.6"
+    "@opentelemetry/api": "1.9.0",
+    "@opentelemetry/core": "1.30.1",
+    "pako": "2.1.0",
+    "uuid": "11.1.0",
+    "zod": "3.25.74",
+    "zod-to-json-schema": "3.25.0"
   },
   "engines": {
     "node": ">=18.0.0"