stakekit · ajag408 · Jun 19, 2026 · Jun 20, 2026 · Jun 20, 2026 · Jun 20, 2026
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [20.17.0, 22.x]
+        node-version: [20.19.0, 22.x, 24.x]
 
     steps:
       - name: Harden runner
@@ -32,13 +32,14 @@ jobs:
         uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
         with:
           node-version: ${{ matrix.node-version }}
+          package-manager-cache: false
 
       - name: Install pnpm
         shell: bash
         run: |
           npm install -g corepack@0.35.0
           corepack enable
-          corepack prepare pnpm@10.12.2 --activate
+          corepack prepare pnpm@10.33.1 --activate
 
       - name: Set up Socket Firewall
         uses: socketdev/action@937f824ec476dfd164d4a4d9995751427b0be143  # v1
@@ -60,7 +61,7 @@ jobs:
         run: pnpm run build
 
       - name: Upload coverage to Codecov
-        if: matrix.node-version == '20.17.0'
+        if: matrix.node-version == '24.x'
         uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de 
         with:
           files: ./coverage/lcov.info
@@ -86,14 +87,15 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
         with:
-          node-version: 20.17.0
+          node-version: 24.x
+          package-manager-cache: false
 
       - name: Install pnpm
         shell: bash
         run: |
           npm install -g corepack@0.35.0
           corepack enable
-          corepack prepare pnpm@10.12.2 --activate
+          corepack prepare pnpm@10.33.1 --activate
 
       - name: Set up Socket Firewall
         uses: socketdev/action@937f824ec476dfd164d4a4d9995751427b0be143  # v1

@@ -43,14 +43,15 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
         with:
-          node-version: "22"
+          node-version: "24"
+          package-manager-cache: false
 
       - name: Install pnpm
         shell: bash
         run: |
           npm install -g corepack@0.35.0
           corepack enable
-          corepack prepare pnpm@10.12.2 --activate
+          corepack prepare pnpm@10.33.1 --activate
 
       - name: Set up Socket Firewall
         uses: socketdev/action@937f824ec476dfd164d4a4d9995751427b0be143  # v1
@@ -101,15 +102,16 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
         with:
-          node-version: "22"
+          node-version: "24"
           registry-url: "https://registry.npmjs.org"
+          package-manager-cache: false
 
       - name: Install pnpm
         shell: bash
         run: |
           npm install -g corepack@0.35.0
           corepack enable
-          corepack prepare pnpm@10.12.2 --activate
+          corepack prepare pnpm@10.33.1 --activate
 
       - name: Update npm
         run: npm install -g npm@11.15.0
@@ -189,21 +191,23 @@ jobs:
         if: ${{ !matrix.node_arch }}
         uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
         with:
-          node-version: "22"
+          node-version: "24"
+          package-manager-cache: false
 
       - name: Setup Node.js (x64 via Rosetta)
         if: ${{ matrix.node_arch }}
         uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
         with:
-          node-version: "22"
+          node-version: "24"
           architecture: ${{ matrix.node_arch }}
+          package-manager-cache: false
 
       - name: Install pnpm
         shell: bash
         run: |
           npm install -g corepack@0.35.0
           corepack enable
-          corepack prepare pnpm@10.12.2 --activate
+          corepack prepare pnpm@10.33.1 --activate
 
       - name: Set up Socket Firewall
         uses: socketdev/action@937f824ec476dfd164d4a4d9995751427b0be143  # v1
@@ -285,8 +289,10 @@ jobs:
         run: ls -la shield-*
 
       - name: Create Release
-        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b
-        with:
-          files: shield-*
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release create "${GITHUB_REF_NAME}" shield-* \
+            --repo "${GITHUB_REPOSITORY}" \
+            --title "${GITHUB_REF_NAME}" \
+            --generate-notes
diff --git a/.nvmrc b/.nvmrc
@@ -1 +1 @@
-20.17.0
+24.16.0
@@ -1,8 +1,12 @@
 {
   "name": "@yieldxyz/shield",
-  "version": "1.2.6",
+  "version": "1.3.0",
   "description": "Zero-trust transaction validation library for Yield.xyz integrations.",
-  "packageManager": "pnpm@10.12.2",
+  "packageManager": "pnpm@10.33.1",
+  "engines": {
+    "node": ">=20.19.0",
+    "pnpm": ">=10.33.1"
+  },
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "repository": {
@@ -59,7 +63,7 @@
   "devDependencies": {
     "@rslib/core": "^0.0.11",
     "@types/jest": "^29.0.0",
-    "@types/node": "^20.0.0",
+    "@types/node": "^20.19.0",
     "@typescript-eslint/eslint-plugin": "^6.21.0",
     "@typescript-eslint/parser": "^6.21.0",
     "esbuild": "^0.27.2",

diff --git a/src/cli.integration.test.ts b/src/cli.integration.test.ts
@@ -0,0 +1,36 @@
+import { execSync, spawnSync } from 'child_process';
+import { existsSync } from 'fs';
+import { join } from 'path';
+
+const ROOT = join(__dirname, '..');
+const BUNDLE = join(ROOT, 'dist', 'cli.bundled.js');
+
+describe('CLI stdout flush (large response not truncated over a pipe)', () => {
+  beforeAll(() => {
+    // CI builds after tests; ensure the SEA entry bundle exists.
+    if (!existsSync(BUNDLE)) {
+      execSync('pnpm build:cli:bundle', { cwd: ROOT, stdio: 'inherit' });
+    }
+  }, 120_000);
+
+  it('returns the full getSupportedYieldIds payload (>64KB) over a pipe', () => {
+    const req = JSON.stringify({
+      apiVersion: '1.0',
+      operation: 'getSupportedYieldIds',
+    });
+
+    // spawnSync captures stdout via a pipe — the exact path that truncated at 64KB.
+    const res = spawnSync(process.execPath, [BUNDLE], {
+      input: req,
+      encoding: 'utf8',
+      maxBuffer: 10 * 1024 * 1024,
+    });
+
+    expect(res.status).toBe(0);
+    // Regression: output was truncated to exactly 65536 bytes.
+    expect(res.stdout.length).toBeGreaterThan(64 * 1024);
+    const parsed = JSON.parse(res.stdout); // would throw on truncated JSON
+    expect(parsed.ok).toBe(true);
+    expect(parsed.result.yieldIds.length).toBeGreaterThan(1000);
+  });
+});
diff --git a/src/cli.ts b/src/cli.ts
@@ -30,8 +30,10 @@ async function main(): Promise<void> {
   try {
     const input = await readStdin();
     const output = handleJsonRequest(input);
-    process.stdout.write(output + '\n');
-    process.exit(0);
+    // Wait for stdout to flush before exiting. process.exit() drops any
+    // unflushed buffer when stdout is a pipe, truncating large responses
+    // (e.g. getSupportedYieldIds) at the ~64KB pipe-buffer boundary.
+    process.stdout.write(output + '\n', () => process.exit(0));
   } catch (error) {
     // SECURITY: Output valid JSON even on catastrophic failure
     const errorResponse = {
@@ -43,9 +45,10 @@ async function main(): Promise<void> {
       },
       meta: { requestHash: 'unavailable' },
     };
-    process.stdout.write(JSON.stringify(errorResponse) + '\n');
     process.stdin.destroy();
-    process.exit(1);
+    process.stdout.write(JSON.stringify(errorResponse) + '\n', () =>
+      process.exit(1),
+    );
   }
 }