• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

dunglas / mercure / 29599457929
86%
master: 93%

Build:
Build:
LAST BUILD BRANCH: main
DEFAULT BRANCH: master
Ran 17 Jul 2026 05:19PM UTC
Jobs 1
Files 24
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

17 Jul 2026 05:17PM UTC coverage: 84.18%. Remained the same
29599457929

push

github

web-flow
spec!: OAuth 2.0 authorization, two matcher types, IETF-style pass (#1262)

* spec!: add support for several topic matcher types, including URL Pattern

* Update spec/mercure.md

Co-authored-by: Antoine Bluchet <soyuka@users.noreply.github.com>

* Update spec/mercure.md

Co-authored-by: Antoine Bluchet <soyuka@users.noreply.github.com>

* Update spec/mercure.md

Co-authored-by: Antoine Bluchet <soyuka@users.noreply.github.com>

* Update mercure.md

* better matcher type handling

* Update spec/mercure.md

Co-authored-by: Antoine Bluchet <soyuka@users.noreply.github.com>

* add matcher name and query parameter for CEL

* Update spec/mercure.md

Co-authored-by: Antoine Bluchet <soyuka@users.noreply.github.com>

* Update spec/mercure.md

Co-authored-by: Antoine Bluchet <soyuka@users.noreply.github.com>

* review

* Various improvements

* review

* spec: clarify payload matching, URL Pattern base URL, and CEL DoS handling

Three clarifications surfaced while implementing this spec revision:

- Payload assignment: define what it means for a JWT claim matcher to
  "match" a subscription matcher. A claim matches when it is the
  wildcard `*`, when its (type, pattern) pair equals the subscription's,
  or when its matcher accepts the subscription's `match` string as a
  topic. Payload fallback to top-level `mercure.payload` is stated
  explicitly.

- URL Pattern base URL: recommend absolute patterns and describe the
  hub's freedom in resolving relative ones. Subscribers and publishers
  should not rely on the base URL being anything specific because
  resolution is implementation-defined.

- CEL evaluation cost limit: hubs SHOULD enforce an implementation-
  defined cost limit to mitigate DoS from pathological expressions in
  hostile JWTs; exceeding the limit yields `false`.

Also notes that hubs MAY reject oversized patterns with a 400 response.

* spec: require object-form JWT matcher claims outside compat mode

Silently treating v8 bare-string claims as ... (continued)

1857 of 2206 relevant lines covered (84.18%)

51.15 hits per line

Jobs
ID Job ID Ran Files Coverage
1 0 - 29599457929.1 17 Jul 2026 05:19PM UTC 24
84.18
GitHub Action Run
Source Files on build 29599457929
  • Tree
  • List 24
  • Changed 0
  • Source Changed 0
  • Coverage Changed 0
Coverage ∆ File Lines Relevant Covered Missed Hits/Line
  • Back to Repo
  • 0deb240d on github
  • Prev Build on main (#29220830659)
  • Next Build on main (#29599463785)
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc