npm - dacument - Versions diffs - 1.2.2 → 2.0.0 - Mend

dacument 1.2.2 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -1,258 +1,260 @@
-# Dacument
-Dacument is a schema-driven CRDT document that signs every operation and
-enforces role-based ACLs at merge time. Local writes emit signed ops; state
-advances only when ops are merged. It gives you a JS object-like API for
-register fields and safe CRDT views for all other field types.
-## Install
-```sh
-npm install dacument
-# or
-pnpm add dacument
-# or
-yarn add dacument
-```
-## Quick start
-```ts
-import { generateNonce } from "bytecodec";
-import { generateSignPair } from "zeyra";
-import { Dacument } from "dacument";
-const actorId = generateNonce(); // 256-bit base64url id
-const actorKeys = await generateSignPair();
-await Dacument.setActorInfo({
-  id: actorId,
-  privateKeyJwk: actorKeys.signingJwk,
-  publicKeyJwk: actorKeys.verificationJwk,
-});
-const schema = Dacument.schema({
-  title: Dacument.register({ jsType: "string", regex: /^[a-z ]+$/i }),
-  body: Dacument.text(),
-  items: Dacument.array({ jsType: "string" }),
-  tags: Dacument.set({ jsType: "string" }),
-  meta: Dacument.record({ jsType: "string" }),
-});
-const { docId, snapshot, roleKeys } = await Dacument.create({ schema });
-const doc = await Dacument.load({
-  schema,
-  roleKey: roleKeys.owner.privateKey,
-  snapshot,
-});
-doc.title = "Hello world";
-doc.body.insertAt(0, "H");
-doc.tags.add("draft");
-doc.items.push("milk");
-// Wire ops to your transport.
-doc.addEventListener("change", (event) => channel.send(event.ops));
-channel.onmessage = (ops) => doc.merge(ops);
-doc.addEventListener("merge", ({ actor, target, method, data }) => {
-  // Update UI from a single merge stream.
-});
-```
-`create()` returns `roleKeys` for owner/manager/editor; store them securely and
-distribute the highest role key each actor should hold.
-## Schema and fields
-- `register` fields behave like normal properties: `doc.title = "hi"`.
-- Other fields return safe CRDT views: `doc.items.push("x")`.
-- Unknown fields or schema bypasses throw.
-- UI updates should listen to `merge` events.
-Supported CRDT field types:
-- `register` - last writer wins register.
-- `text` - text RGA.
-- `array` - array RGA.
-- `set` - OR-Set.
-- `map` - OR-Map.
-- `record` - OR-Record.
-Map keys must be JSON-compatible values (`string`, `number`, `boolean`, `null`,
-arrays, or objects). For string-keyed data, prefer `record`. For non-JSON or
-identity-based keys, use `CRMap` with a stable `key` function.
-## Roles and ACL
-Roles are evaluated at the op stamp time (HLC).
-- Owner: full control (including ownership transfer).
-- Manager: can grant editor/viewer/revoked roles (cannot change owner).
-- Editor: can write non-ACL fields.
-- Viewer: read-only.
-- Revoked: reads are masked to initial values; writes are rejected.
-Grant roles via `doc.acl` (viewer/revoked have no key):
-```ts
-const bobId = generateNonce();
-doc.acl.setRole(bobId, "editor");
-doc.acl.setRole("user-viewer", "viewer");
-await doc.flush();
-```
-Before any schema/load/create, call `await Dacument.setActorInfo(...)` once per
-process. The actor id must be a 256-bit base64url string (e.g.
-`bytecodec` library's `generateNonce()`), and the actor key pair must be ES256 (P-256).
-Updating actor info requires providing the current keys. On first merge, Dacument
-auto-attaches the actor's `publicKeyJwk` to its own ACL entry (if missing) and
-pins it for actor-signature verification. To rotate actor keys in-process, call
-`Dacument.setActorInfo` again with the new keys plus
-`currentPrivateKeyJwk`/`currentPublicKeyJwk`.
-Write ops are role-signed; acks are actor-signed with the per-actor key set via
-`setActorInfo`. Load with the highest role key you have; viewers load without a
-key. Role keys are generated once at `create()`; role public keys are embedded
-in the snapshot and never rotated.
-## Networking and sync
-Use `change` events to relay signed ops, and `merge` to apply them:
-```ts
-doc.addEventListener("change", (event) => send(event.ops));
-// on remote
-await peer.merge(ops);
-```
-Local writes do not update state until merged. If you want a single UI update
-path, broadcast ops (even back to yourself) and drive UI from `merge` events.
-`merge` events mirror the confirmed operation parameters (e.g. `insertAt`,
-`deleteAt`, `push`, `pop`, `set`, `add`) so UIs can apply minimal updates
-without snapshotting.
-To add a new replica, share a snapshot and load it:
-```ts
-const bobKeys = await generateSignPair();
-await Dacument.setActorInfo({
-  id: bobId,
-  privateKeyJwk: bobKeys.signingJwk,
-  publicKeyJwk: bobKeys.verificationJwk,
-});
-const bob = await Dacument.load({
-  schema,
-  roleKey: bobKey.privateKey,
-  snapshot,
-});
-```
-Snapshots do not include the schema or schema ids; callers must supply the schema on load.
-## Events and values
-- `doc.addEventListener("change", handler)` emits ops for network sync
-  (writer ops are role-signed; acks are actor-signed by non-revoked actors and
-  verified against ACL-pinned actor public keys).
-- `doc.addEventListener("merge", handler)` emits `{ actor, target, method, data }`.
-- `doc.addEventListener("error", handler)` emits signing/verification errors.
-- `doc.addEventListener("revoked", handler)` fires when the current actor is revoked.
-- `doc.addEventListener("reset", handler)` emits `{ oldDocId, newDocId, ts, by, reason }`.
-- `doc.selfRevoke()` emits a signed ACL op that revokes the current actor.
-- `await doc.accessReset({ reason })` creates a new Dacument with fresh keys and emits a reset op.
-- `doc.getResetState()` returns reset metadata (or `null`).
-- `await doc.flush()` waits for pending signatures so all local ops are emitted.
-- `doc.snapshot()` returns a loadable op log (`{ docId, roleKeys, ops }`).
-- `await doc.verifyActorIntegrity(...)` verifies per-actor signatures on demand.
-- Revoked actors cannot snapshot; reads are masked to initial values.
-## Access reset (key compromise response)
-If an owner suspects role key compromise, call `accessReset()` to fork to a new
-docId and revoke the old one:
-```ts
-const { newDoc, oldDocOps, newDocSnapshot, roleKeys } =
-  await doc.accessReset({ reason: "suspected compromise" });
-```
-`accessReset()` materializes the current state into a new Dacument with fresh
-role keys, emits a signed `reset` op for the old doc, and returns the new
-snapshot + keys. The reset is stored as a CRDT op so all replicas converge. Once
-reset, the old doc rejects any ops after the reset stamp and throws on writes:
-`Dacument is reset/deprecated. Use newDocId: <id>`. Snapshots and verification
-still work so you can archive/inspect history.
-If an attacker already has the owner key, they can also reset; this is a
-response tool for suspected compromise, not a prevention mechanism.
-## Actor identity (cold path)
-Every op may include an `actorSig` (detached ES256 signature over the op token).
-Merges ignore `actorSig` by default to keep the hot path fast. When you need
-attribution or forensic checks, call `verifyActorIntegrity()` with a token,
-ops list, or snapshot. It verifies `actorSig` against the actor's `publicKeyJwk`
-from the ACL at the op stamp and returns a summary plus failures.
-## Garbage collection
-Dacument tracks per-actor `ack` ops and compacts tombstones once all non-revoked
-actors (including viewers) have acknowledged a given HLC. Acks are emitted
-automatically after merges that apply new non-ack ops. Acks are ES256 actor-signed
-by non-revoked actors and verified against ACL-pinned actor public keys.
-If any non-revoked actor is offline and never acks, tombstones are kept.
-## Guarantees
-- Schema enforcement is strict; unknown fields are rejected.
-- Ops are accepted only if the CRDT patch is valid and the role signature
-  verifies; acks require a valid actor signature.
-- Role checks are applied at the op stamp time (HLC).
-- IDs are base64url nonces from `bytecodec` library's `generateNonce()` (32 random bytes).
-- Private keys are returned by `create()` and never stored by Dacument.
-- Snapshots may include ops that are rejected; invalid ops are ignored on load.
-Eventual consistency is achieved when all signed ops are delivered to all
-replicas. Dacument does not provide transport; use `change` events to wire it up.
-## Possible threats and how to handle
-- Role key compromise: role keys cannot be rotated; use `accessReset` or
-  snapshot into a new Dacument with fresh keys. Actor keys can be rotated by
-  providing the current keys.
-- Shared role keys: attribution is role-level, not per-user; treat roles as
-  trust groups and log merge events if you need auditing.
-- Insider DoS/flooding: rate-limit ops, cap payload sizes, and monitor merge
-  errors at the application layer.
-- Withholding/delivery delays: eventual consistency depends on ops arriving;
-  use reliable transport and resync via snapshot when needed.
-- No built-in encryption: use TLS or E2E encryption and treat snapshots as
-  sensitive data.
-## Compatibility
-- ESM only (`type: module`).
-- Requires WebCrypto (`node >= 18` or modern browsers).
-## Scripts
+# Dacument
+Dacument is a schema-driven CRDT document that signs every operation and
+enforces role-based ACLs at merge time. Local writes emit signed ops; state
+advances only when ops are merged. It gives you a JS object-like API for
+register fields and safe CRDT views for all other field types.
+## Install
+```sh
+npm install dacument
+# or
+pnpm add dacument
+# or
+yarn add dacument
+```
+## Quick start
+```ts
+import { generateNonce } from "bytecodec";
+import { generateSignPair } from "zeyra";
+import { Dacument } from "dacument";
+const actorId = generateNonce(); // 256-bit base64url id
+const actorKeys = await generateSignPair();
+await Dacument.setActorInfo({
+  id: actorId,
+  privateKeyJwk: actorKeys.signingJwk,
+  publicKeyJwk: actorKeys.verificationJwk,
+});
+const schema = Dacument.schema({
+  title: Dacument.register({ jsType: "string", regex: /^[a-z ]+$/i }),
+  body: Dacument.text(),
+  items: Dacument.array({ jsType: "string" }),
+  tags: Dacument.set({ jsType: "string" }),
+  meta: Dacument.record({ jsType: "string" }),
+});
+const { docId, snapshot, roleKeys } = await Dacument.create({ schema });
+const doc = await Dacument.load({
+  schema,
+  roleKey: roleKeys.owner.privateKey,
+  snapshot,
+});
+doc.title = "Hello world";
+doc.body.insertAt(0, "H");
+doc.tags.add("draft");
+doc.items.push("milk");
+// Wire ops to your transport.
+doc.addEventListener("delta", (event) => channel.send(event.ops));
+channel.onmessage = (ops) => doc.merge(ops);
+doc.addEventListener("merge", ({ actor, target, method, data }) => {
+  // Update UI from a single merge stream.
+});
+```
+`create()` returns `roleKeys` for owner/manager/editor; store them securely and
+distribute the highest role key each actor should hold.
+## Schema and fields
+- `register` fields behave like normal properties: `doc.title = "hi"`.
+- Other fields return safe CRDT views: `doc.items.push("x")`.
+- Unknown fields or schema bypasses throw.
+- UI updates should listen to `merge` events.
+Supported CRDT field types:
+- `register` - last writer wins register.
+- `text` - text RGA.
+- `array` - array RGA.
+- `set` - OR-Set.
+- `map` - OR-Map.
+- `record` - OR-Record.
+Map keys must be JSON-compatible values (`string`, `number`, `boolean`, `null`,
+arrays, or objects). For string-keyed data, prefer `record`. For non-JSON or
+identity-based keys, use `CRMap` with a stable `key` function.
+## Roles and ACL
+Roles are evaluated at the op stamp time (HLC).
+- Owner: full control (including ownership transfer).
+- Manager: can grant editor/viewer/revoked roles (cannot change owner).
+- Editor: can write non-ACL fields.
+- Viewer: read-only.
+- Revoked: reads are masked to initial values; writes are rejected.
+Grant roles via `doc.acl` (viewer/revoked have no key):
+```ts
+const bobId = generateNonce();
+doc.acl.setRole(bobId, "editor");
+doc.acl.setRole("user-viewer", "viewer");
+await doc.flush();
+```
+Before any schema/load/create, call `await Dacument.setActorInfo(...)` once per
+process. The actor id must be a 256-bit base64url string (e.g.
+`bytecodec` library's `generateNonce()`), and the actor key pair must be ES256 (P-256).
+Updating actor info requires providing the current keys. On first merge, Dacument
+auto-attaches the actor's `publicKeyJwk` to its own ACL entry (if missing) and
+pins it for actor-signature verification. To rotate actor keys in-process, call
+`Dacument.setActorInfo` again with the new keys plus
+`currentPrivateKeyJwk`/`currentPublicKeyJwk`.
+Write ops are role-signed; acks are actor-signed with the per-actor key set via
+`setActorInfo`. Load with the highest role key you have; viewers load without a
+key. Role keys are generated once at `create()`; role public keys are embedded
+in the snapshot and never rotated.
+## Networking and sync
+Use `delta` events to relay signed ops, and `merge` to apply them:
+```ts
+doc.addEventListener("delta", (event) => send(event.ops));
+// on remote
+await peer.merge(ops);
+```
+Local writes do not update state until merged. If you want a single UI update
+path, broadcast ops (even back to yourself) and drive UI from `merge` events.
+`merge` events mirror the confirmed operation parameters (e.g. `insertAt`,
+`deleteAt`, `push`, `pop`, `set`, `add`) so UIs can apply minimal updates
+without snapshotting.
+To add a new replica, share a snapshot and load it:
+```ts
+const bobKeys = await generateSignPair();
+await Dacument.setActorInfo({
+  id: bobId,
+  privateKeyJwk: bobKeys.signingJwk,
+  publicKeyJwk: bobKeys.verificationJwk,
+});
+const bob = await Dacument.load({
+  schema,
+  roleKey: bobKey.privateKey,
+  snapshot,
+});
+```
+Snapshots do not include the schema or schema ids; callers must supply the schema on load.
+## Events and values
+- `doc.addEventListener("delta", handler)` emits ops for network sync
+  (writer ops are role-signed; acks are actor-signed by non-revoked actors and
+  verified against ACL-pinned actor public keys).
+- `doc.addEventListener("merge", handler)` emits `{ actor, target, method, data }`.
+- `doc.addEventListener("error", handler)` emits signing/verification errors.
+- `doc.addEventListener("revoked", handler)` fires when the current actor is revoked.
+- `doc.addEventListener("reset", handler)` emits `{ oldDocId, newDocId, ts, by, reason }`.
+- `doc.selfRevoke()` emits a signed ACL op that revokes the current actor.
+- `await doc.accessReset({ reason })` creates a new Dacument with fresh keys and emits a reset op.
+- `doc.getResetState()` returns reset metadata (or `null`).
+- `await doc.flush()` waits for pending signatures so all local ops are emitted.
+- `doc.snapshot()` returns a loadable op log (`{ docId, roleKeys, ops }`).
+- `await doc.verifyActorIntegrity(...)` verifies per-actor signatures on demand.
+- Revoked actors cannot snapshot; reads are masked to initial values.
+## Access reset (key compromise response)
+If an owner suspects role key compromise, call `accessReset()` to fork to a new
+docId and revoke the old one:
+```ts
+const { newDoc, oldDocOps, newDocSnapshot, roleKeys } =
+  await doc.accessReset({ reason: "suspected compromise" });
+```
+`accessReset()` materializes the current state into a new Dacument with fresh
+role keys, emits a signed `reset` op for the old doc, and returns the new
+snapshot + keys. The reset is stored as a CRDT op so all replicas converge. Once
+reset, the old doc rejects any ops after the reset stamp and throws on writes:
+`Dacument is reset/deprecated. Use newDocId: <id>`. Snapshots and verification
+still work so you can archive/inspect history.
+If an attacker already has the owner key, they can also reset; this is a
+response tool for suspected compromise, not a prevention mechanism.
+## Actor identity (cold path)
+Every op may include an `actorSig` (detached ES256 signature over the op token).
+Merges ignore `actorSig` by default to keep the hot path fast. When you need
+attribution or forensic checks, call `verifyActorIntegrity()` with a token,
+ops list, or snapshot. It verifies `actorSig` against the actor's `publicKeyJwk`
+from the ACL at the op stamp and returns a summary plus failures.
+## Garbage collection
+Dacument tracks per-actor `ack` ops and compacts tombstones once all non-revoked
+actors (including viewers) have acknowledged a given HLC. Acks are emitted
+automatically after merges that apply new non-ack ops. Acks are ES256 actor-signed
+by non-revoked actors and verified against ACL-pinned actor public keys.
+If any non-revoked actor is offline and never acks, tombstones are kept.
+## Guarantees
+- Schema enforcement is strict; unknown fields are rejected.
+- Ops are accepted only if the CRDT patch is valid and the role signature
+  verifies; acks require a valid actor signature.
+- Role checks are applied at the op stamp time (HLC).
+- IDs are base64url nonces from `bytecodec` library's `generateNonce()` (32 random bytes).
+- Private keys are returned by `create()` and never stored by Dacument.
+- Snapshots may include ops that are rejected; invalid ops are ignored on load.
+Eventual consistency is achieved when all signed ops are delivered to all
+replicas. Dacument does not provide transport; use `delta` events to wire it up.
+## Possible threats and how to handle
+- Role key compromise: role keys cannot be rotated; use `accessReset` or
+  snapshot into a new Dacument with fresh keys. Actor keys can be rotated by
+  providing the current keys.
+- Shared role keys: attribution is role-level, not per-user; treat roles as
+  trust groups and log merge events if you need auditing.
+- Insider DoS/flooding: rate-limit ops, cap payload sizes, and monitor merge
+  errors at the application layer.
+- Withholding/delivery delays: eventual consistency depends on ops arriving;
+  use reliable transport and resync via snapshot when needed.
+- No built-in encryption: use TLS or E2E encryption and treat snapshots as
+  sensitive data.
+## Compatibility
+- ESM only (`type: module`).
+- Requires WebCrypto (`node >= 18` or modern browsers).
+## Scripts
 - `npm test` runs the test suite (build included).
+- `npm run test:types` runs compile-time inference checks.
+- `npm run test:playwright` runs browser/unit/integration/e2e coverage via Playwright.
 - `npm run bench` runs all CRDT micro-benchmarks (build included).
 - `npm run sim` runs a worker-thread stress simulation.
-- `npm run verify` runs tests, benchmarks, and the simulation in one go.
-## Benchmarks
-`npm run bench` prints CRDT timings alongside native structure baselines
-(Array/Set/Map/string). Use environment variables like `RUNS`, `SIZE`, `READS`,
-`WRITES`, and `MERGE_SIZE` to tune scale. Compare the CRDT lines to the native
-lines in the output to estimate overhead on your machine. CRDT ops retain
-causal metadata and tombstones, so write-heavy paths will be slower than native
-structures; the baselines show the relative cost.
-## Advanced exports
-`CRArray`, `CRMap`, `CRRecord`, `CRRegister`, `CRSet`, and `CRText` are exported
-from the package for building custom CRDT workflows.
+- `npm run verify` runs tests (including type + Playwright), benchmarks, and the simulation in one go.
+## Benchmarks
+`npm run bench` prints CRDT timings alongside native structure baselines
+(Array/Set/Map/string). Use environment variables like `RUNS`, `SIZE`, `READS`,
+`WRITES`, and `MERGE_SIZE` to tune scale. Compare the CRDT lines to the native
+lines in the output to estimate overhead on your machine. CRDT ops retain
+causal metadata and tombstones, so write-heavy paths will be slower than native
+structures; the baselines show the relative cost.
+## Advanced exports
+`CRArray`, `CRMap`, `CRRecord`, `CRRegister`, `CRSet`, and `CRText` are exported
+from the package for building custom CRDT workflows.

package/dist/Dacument/class.js CHANGED Viewed

@@ -746,7 +746,7 @@ export class Dacument {
         const token = await signToken(this.roleKey, header, payload);
         const actorSig = await Dacument.signActorToken(token);
         const oldDocOps = [{ token, actorSig }];
-        this.emitEvent("change", { type: "change", ops: oldDocOps });
+        this.emitEvent("delta", { type: "delta", ops: oldDocOps });
         await this.merge(oldDocOps);
         return {
             newDoc,
@@ -1860,7 +1860,7 @@ export class Dacument {
                 ? await Dacument.signActorToken(token, actorSigKey)
                 : undefined;
             const op = actorSig ? { token, actorSig } : { token };
-            this.emitEvent("change", { type: "change", ops: [op] });
+            this.emitEvent("delta", { type: "delta", ops: [op] });
         })
             .catch((error) => this.emitError(error instanceof Error ? error : new Error(String(error))));
         this.pending.add(promise);
@@ -1879,7 +1879,7 @@ export class Dacument {
             .then(async (token) => {
             const actorSig = await Dacument.signActorToken(token, signingKey);
             const op = { token, actorSig };
-            this.emitEvent("change", { type: "change", ops: [op] });
+            this.emitEvent("delta", { type: "delta", ops: [op] });
         })
             .catch((error) => {
             options?.onError?.();

package/dist/Dacument/types.d.ts CHANGED Viewed

@@ -47,17 +47,20 @@ export type TextSchema = {
     jsType: "string";
     initial?: string;
 };
+type KeyFn<T> = {
+    bivarianceHack(value: T): string;
+}["bivarianceHack"];
 export type ArraySchema<T extends JsTypeName = JsTypeName> = {
     crdt: "array";
     jsType: T;
     initial?: JsTypeValue<T>[];
-    key?: (value: JsTypeValue<T>) => string;
+    key?: KeyFn<JsTypeValue<T>>;
 };
 export type SetSchema<T extends JsTypeName = JsTypeName> = {
     crdt: "set";
     jsType: T;
     initial?: JsTypeValue<T>[];
-    key?: (value: JsTypeValue<T>) => string;
+    key?: KeyFn<JsTypeValue<T>>;
 };
 export type MapSchema<T extends JsTypeName = JsTypeName> = {
     crdt: "map";
@@ -98,8 +101,8 @@ export type ResetState = {
     newDocId: string;
     reason?: string;
 };
-export type DacumentChangeEvent = {
-    type: "change";
+export type DacumentDeltaEvent = {
+    type: "delta";
     ops: SignedOp[];
 };
 export type DacumentMergeEvent = {
@@ -129,7 +132,7 @@ export type DacumentResetEvent = {
     reason?: string;
 };
 export type DacumentEventMap = {
-    change: DacumentChangeEvent;
+    delta: DacumentDeltaEvent;
     merge: DacumentMergeEvent;
     error: DacumentErrorEvent;
     revoked: DacumentRevokedEvent;
@@ -219,7 +222,9 @@ export type MapView<V> = {
 export type RecordView<T> = Record<string, T> & {};
 export type FieldValue<F extends FieldSchema> = F["crdt"] extends "register" ? JsTypeValue<F["jsType"]> : F["crdt"] extends "text" ? TextView : F["crdt"] extends "array" ? ArrayView<JsTypeValue<F["jsType"]>> : F["crdt"] extends "set" ? SetView<JsTypeValue<F["jsType"]>> : F["crdt"] extends "map" ? MapView<JsTypeValue<F["jsType"]>> : F["crdt"] extends "record" ? RecordView<JsTypeValue<F["jsType"]>> : never;
 export type DocFieldAccess<S extends SchemaDefinition> = {
-    [K in keyof S]: FieldValue<S[K]>;
+    [K in keyof S as S[K]["crdt"] extends "register" ? K : never]: FieldValue<S[K]>;
+} & {
+    readonly [K in keyof S as S[K]["crdt"] extends "register" ? never : K]: FieldValue<S[K]>;
 };
 export declare function isJsValue(value: unknown): value is JsValue;
 export declare function isValueOfType(value: unknown, jsType: JsTypeName): boolean;
@@ -256,3 +261,4 @@ export declare function record<T extends JsTypeName>(options: {
     jsType: T;
     initial?: Record<string, JsTypeValue<T>>;
 }): RecordSchema<T>;
+export {};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "dacument",
-  "version": "1.2.2",
+  "version": "2.0.0",
   "description": "Schema-driven CRDT document with signed ops, role-based ACLs, and per-actor auditability.",
   "keywords": [
     "crdt",
@@ -19,9 +19,11 @@
   "scripts": {
     "build": "tsc -p tsconfig.json",
     "test": "npm run build && node --test test/*.test.js",
+    "test:types": "tsc -p tsconfig.types.json",
+    "test:playwright": "npm run build && playwright test",
     "bench": "npm run build && node bench/index.js",
     "sim": "npm run build && node bench/dacument.sim.js",
-    "verify": "npm run test && npm run bench && npm run sim"
+    "verify": "npm run test && npm run test:types && npm run test:playwright && npm run bench && npm run sim"
   },
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -56,6 +58,7 @@
   },
   "devDependencies": {
     "@types/node": "^25.0.3",
+    "playwright": "^1.57.0",
     "typescript": "^5.9.3"
   }
 }