@napplet/conformance
Framework-agnostic conformance engine for the napplet protocol. It lets a napplet self-verify that it conforms to NIP-5D + the NAP wire protocol before publishing, in two scopes that share this one engine:
- Headless / CI — driven by the
napplet-conformancePlaywright CLI. - Standalone web runtime — the single-window
apps/conformanceapp.
v1 is zero-config protocol conformance: manifest/meta validity, boots under
sandbox="allow-scripts", receives runtime-injected window.napplet, every emitted postMessage
envelope validates against the per-NAP validators, graceful degradation when
domain presence returns false, and no forbidden globals / undeclared egress.
What's in the box
validateEnvelope(msg)— runtime validation of anydomain.actionenvelope a napplet emits, across all active NAP domains. Catches malformed payloads, unknown types, and napplets that put shell→napplet (inbound) traffic on the wire.validateManifest(html)— checksnapplet-type,napplet-aggregate-hash,napplet-requires,napplet-config-schema, and the no-inline-<script>rule.
The validator surface is kept in lockstep with @napplet/nap by a drift test, so a
new NAP message type cannot ship without matching conformance coverage.
import { validateEnvelope, validateManifest } from '@napplet/conformance';
validateEnvelope({ type: 'relay.subscribe', id: 'a', subId: 'b', filters: [{ kinds: [1] }] }).ok; // true
validateManifest(builtIndexHtml).ok; // true when the manifest is well-formedThis package is a development/testing tool. It is not loaded inside the napplet sandbox at runtime.