feat: release v0.9.13

[jarvis9443]

Changes since v0.9.12

• feat: add skip_validation custom hook for value-level bypass (feat: add skip_validation custom hook for value-level bypass #103)

Release checklist

• CI passes
• Tag v0.9.13 after merge

Summary by CodeRabbit

• New Features

  • Added a customizable skip_validation hook so generated validators can conditionally bypass schema checks for specified values (e.g., secret-ref values), while still allowing schema defaults to be injected.

• Tests

  • Expanded coverage for skip_validation across types, enums, arrays, nested objects, and default value injection; includes schema-aware and always-skip callback variants.

• Packaging

  • Added a new rockspec describing the package release and installation metadata.

[coderabbitai]

Warning

Rate limit exceeded

@jarvis9443 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 1 minute and 15 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 84641511-bc4f-4789-b8c0-7cf34cc955fd

📥 Commits

Reviewing files that changed from the base of the PR and between ef178b8 and 64adfae.

📒 Files selected for processing (1)

• rockspec/jsonschema-0.9.13-0.rockspec

📝 Walkthrough

Walkthrough

Adds an optional skip_validation predicate to generated JSON Schema validators so callers can short-circuit validation for selected non-nil values; generate_validator forwards custom.skip_validation into the generated validator. Also adds a new rockspec and tests covering bypass behavior and interaction with schema default injection.

Changes

Cohort / File(s)	Summary
Core Implementation lib/jsonschema.lua	Generated validators now check custom.skip_validation(value, schema_ref) when value is non-nil; if it returns true the validator short-circuits and accepts the value. generate_validator passes skip_validation = custom and custom.skip_validation or nil into the customlib used by generated code.
Package Configuration rockspec/jsonschema-0.9.13-0.rockspec	Adds a new LuaRocks rockspec for jsonschema v0.9.13-0 with metadata, source pinned to v0.9.13, runtime deps (net-url, lrexlib-pcre = 2.9.1-1), and install mappings for lib/jsonschema.lua and lib/jsonschema/store.lua.
Test Suite t/default.lua	Adds tests exercising skip_validation with "$secret://" values: ensures type/enum/array/item checks can be bypassed, verifies default population still occurs when skipping, tests nested-object behaviors, and includes schema-aware predicate variants plus negative cases when predicate is absent.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested reviewers

• nic-6443

🚥 Pre-merge checks | ✅ 5 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
E2e Test Quality Review	⚠️ Warning	E2E tests are absent; tests only verify isolated validator function calls without testing full business workflow integration, error handling, or realistic usage scenarios.	Convert unit tests to true E2E tests verifying complete validation workflow with skip_validation hook, add comprehensive error handling tests, and document business rationale for each scenario.

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'feat: release v0.9.13' directly corresponds to the main objective stated in the PR description and accurately describes the changeset as a version release.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Security Check	✅ Passed	The skip_validation feature is a well-designed, security-conscious addition for handling secret references at validation time.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch release/v0.9.13

---

_{Review rate limit: 0/5 reviews remaining, refill in 1 minute and 15 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Release prep for v0.9.13, capturing the new skip_validation hook feature (from #103), its tests, and packaging metadata for LuaRocks.

Changes:

• Add skip_validation option support to generated validators (early-return hook per value).
• Add test cases covering bypass behavior across types/enums/defaults/nesting/arrays and the no-hook baseline.
• Add jsonschema-0.9.13-0.rockspec for the release.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
lib/jsonschema.lua	Wires skip_validation through codegen context and runtime custom lib table; emits early-return check in generated validators.
t/default.lua	Adds test cases 10–15 validating skip_validation behavior and ensuring normal validation without the hook.
rockspec/jsonschema-0.9.13-0.rockspec	Adds LuaRocks spec for the v0.9.13 tag/package version.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

t/default.lua (1)

347-359: ⚠️ Potential issue | 🟡 Minor

Add a boolean-false regression case.

The new tests don’t cover the one schema branch that still preempts the bypass hook. A small regression here would protect the new behavior.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@t/default.lua` around lines 347 - 359, Add a regression test that explicitly
sets skip_validation = false to exercise the schema branch that preempts the
bypass hook: copy the existing test (rule, validator, and the call validator({
port = "$secret://vault/port" })) but include skip_validation = false in the
test setup and assert that validation still fails (ok is false) and emits the
same failure message; reference the symbols rule and validator so the new case
mirrors the existing test but with skip_validation = false.

lib/jsonschema.lua (1)

614-629: ⚠️ Potential issue | 🟠 Major

Move skip_validation ahead of the boolean-schema fast paths.

Right now schema == false returns before the new hook runs, so secret placeholders still fail on a valid false schema. That undercuts the bypass behavior for one JSON Schema form.

🛠️ Suggested fix

-  if schema == true then
-    ctx:stmt('do return true end')
-    return ctx
-  elseif schema == false then
-    ctx:stmt('do return false, "expect false always" end')
-    return ctx
-  end
-
   -- skip_validation hook: if the caller provided a predicate via
   -- custom.skip_validation, check it before any constraint.  When it
   -- returns true the value is accepted as-is (useful for placeholder
   -- strings like secret references that will be resolved at runtime).
   if ctx._root._skip_validation then
     ctx:stmt(sformat('if %s(%s) then return true end',
              ctx:libfunc('custom.skip_validation'), ctx:param(1)))
   end
+
+  if schema == true then
+    ctx:stmt('do return true end')
+    return ctx
+  elseif schema == false then
+    ctx:stmt('do return false, "expect false always" end')
+    return ctx
+  end

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/jsonschema.lua` around lines 614 - 629, The skip_validation hook check
must run before the boolean-schema fast paths so placeholders can bypass
validation even when schema is false; move the block that checks
ctx._root._skip_validation (the ctx:stmt using
ctx:libfunc('custom.skip_validation') and ctx:param(1)) to come before the `if
schema == true` / `elseif schema == false` checks, ensuring the
custom.skip_validation predicate is evaluated first and can return true to
short-circuit validation for both true and false schemas.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@lib/jsonschema.lua`:
- Around line 614-629: The skip_validation hook check must run before the
boolean-schema fast paths so placeholders can bypass validation even when schema
is false; move the block that checks ctx._root._skip_validation (the ctx:stmt
using ctx:libfunc('custom.skip_validation') and ctx:param(1)) to come before the
`if schema == true` / `elseif schema == false` checks, ensuring the
custom.skip_validation predicate is evaluated first and can return true to
short-circuit validation for both true and false schemas.

In `@t/default.lua`:
- Around line 347-359: Add a regression test that explicitly sets
skip_validation = false to exercise the schema branch that preempts the bypass
hook: copy the existing test (rule, validator, and the call validator({ port =
"$secret://vault/port" })) but include skip_validation = false in the test setup
and assert that validation still fails (ok is false) and emits the same failure
message; reference the symbols rule and validator so the new case mirrors the
existing test but with skip_validation = false.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e9e7f235-a8c7-4932-a236-c9ffe02f6ec1

📥 Commits

Reviewing files that changed from the base of the PR and between 9d410a7 and 0864473.

📒 Files selected for processing (3)

• lib/jsonschema.lua
• rockspec/jsonschema-0.9.13-0.rockspec
• t/default.lua

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@lib/jsonschema.lua`:
- Around line 622-633: The skip_validation bypass block (checking
ctx._root._skip_validation and emitting the custom.skip_validation call using
ctx:uservalue(schema) and ctx:param(1)) must be moved so it runs before any
boolean-schema handling (i.e. before the code path that treats schema == false);
relocate the entire if ctx._root._skip_validation ... ctx:stmt(...) block
earlier in the validation generation so the custom predicate can short-circuit
even when schema is the literal false, ensuring the bypass executes prior to any
checks that branch on schema boolean values.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ba3edc70-cb6b-4580-929a-301e7a1f6f0f

📥 Commits

Reviewing files that changed from the base of the PR and between 3d246a3 and 017bb9b.

📒 Files selected for processing (3)

• lib/jsonschema.lua
• rockspec/jsonschema-0.9.13-0.rockspec
• t/default.lua

✅ Files skipped from review due to trivial changes (1)

• rockspec/jsonschema-0.9.13-0.rockspec

🚧 Files skipped from review as they are similar to previous changes (1)

• t/default.lua

[Copilot]

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

🧹 Nitpick comments (2)

lib/jsonschema.lua (1)

1223-1224: Consider validating custom.skip_validation type up front.

A non-function truthy value will fail later at runtime when invoked from generated code; fail-fast here would provide a clearer error.

♻️ Suggested hardening

 generate_validator = function(schema, custom)
+  if custom and custom.skip_validation ~= nil and type(custom.skip_validation) ~= "function" then
+    error("custom.skip_validation must be a function")
+  end
   local customlib = {
     null = custom and custom.null or default_null,
     match_pattern = custom and custom.match_pattern or match_pattern,
     parse_ipv4 = custom and custom.parse_ipv4 or parse_ipv4,
     parse_ipv6 = custom and custom.parse_ipv6 or parse_ipv6,
     skip_validation = custom and custom.skip_validation or nil,
   }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/jsonschema.lua` around lines 1223 - 1224, Validate custom.skip_validation
when building the options table: if custom and custom.skip_validation is
present, assert its type is "function" and raise a clear error (e.g.,
error("custom.skip_validation must be a function")) instead of silently
assigning non-functions; then set skip_validation = custom.skip_validation or
nil. This change should be applied where parse_ipv6 and skip_validation are
assembled (the code handling the options/custom table) so generated code never
receives a non-callable skip_validation.

t/default.lua (1)

331-430: Add one regression test to lock the schema == false non-bypass rule.

Current additions cover positive paths well, but a focused negative case for forbidden fields would prevent future regressions in hook placement/semantics.

🧪 Suggested test addition

+----------------------------------------------------- test case 18
+-- skip_validation must NOT bypass forbidden fields (`schema == false`)
+rule = {
+    type = "object",
+    additionalProperties = false,
+    properties = {
+        host = { type = "string" },
+    },
+}
+validator = jsonschema.generate_validator(rule, { skip_validation = always_skip_secret })
+ok, err = validator({ host = "ok", forbidden = "$secret://vault/forbidden" })
+assert(not ok, "fail: skip_validation must not bypass additionalProperties=false")
+ngx.say("passed: forbidden fields are still rejected with skip_validation")

Based on learnings: In lib/jsonschema.lua, skip_validation intentionally does not bypass schema == false because forbidden-field positions must remain invalid.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@t/default.lua` around lines 331 - 430, Add a regression test that asserts
skip_validation hooks do NOT bypass forbidden fields where the schema is
explicitly false: generate_validator(rule, { skip_validation = <hook> }) and
call the validator with an object containing a property whose schema is false
(e.g., properties = { bad = false }) and a secret-like string value to confirm
the validator returns not ok; reference generate_validator, skip_validation, and
the schema == false case to locate where to add the test so future changes don't
allow hooks to bypass forbidden-field validation.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@lib/jsonschema.lua`:
- Around line 1223-1224: Validate custom.skip_validation when building the
options table: if custom and custom.skip_validation is present, assert its type
is "function" and raise a clear error (e.g., error("custom.skip_validation must
be a function")) instead of silently assigning non-functions; then set
skip_validation = custom.skip_validation or nil. This change should be applied
where parse_ipv6 and skip_validation are assembled (the code handling the
options/custom table) so generated code never receives a non-callable
skip_validation.

In `@t/default.lua`:
- Around line 331-430: Add a regression test that asserts skip_validation hooks
do NOT bypass forbidden fields where the schema is explicitly false:
generate_validator(rule, { skip_validation = <hook> }) and call the validator
with an object containing a property whose schema is false (e.g., properties = {
bad = false }) and a secret-like string value to confirm the validator returns
not ok; reference generate_validator, skip_validation, and the schema == false
case to locate where to add the test so future changes don't allow hooks to
bypass forbidden-field validation.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: bef54432-acea-44ec-a010-a7f5e3e8719d

📥 Commits

Reviewing files that changed from the base of the PR and between 017bb9b and ef178b8.

📒 Files selected for processing (3)

• lib/jsonschema.lua
• rockspec/jsonschema-0.9.13-0.rockspec
• t/default.lua

✅ Files skipped from review due to trivial changes (1)

• rockspec/jsonschema-0.9.13-0.rockspec

[Copilot]

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.