diff --git a/package.json b/package.json
index a3eac4c07..a1a99eb0a 100644
--- a/package.json
+++ b/package.json
@@ -11,10 +11,9 @@
         "test-integration": "pnpm run --filter=integration test --silent --forceExit",
         "test-regression": "pnpm run --filter=regression test --silent --forceExit",
         "test-scaffold": "tsx script/test-scaffold.ts",
-        "publish-all": "pnpm --filter \"./packages/**\" -r publish --access public",
+        "publish-all": "pnpm --filter \"./packages/**\" -r publish --access public --tag v2",
         "publish-preview": "pnpm --filter \"./packages/**\" -r publish --force --registry https://preview.registry.zenstack.dev/",
         "unpublish-preview": "pnpm --recursive --shell-mode exec -- npm unpublish -f --registry https://preview.registry.zenstack.dev/ \"\\$PNPM_PACKAGE_NAME\"",
-        "publish-next": "pnpm --filter \"./packages/**\" -r publish --access public --tag next",
         "publish-preview-next": "pnpm --filter \"./packages/**\" -r publish --force --registry https://preview.registry.zenstack.dev/ --tag next",
         "unpublish-preview-next": "pnpm --recursive --shell-mode exec -- npm unpublish -f --registry https://preview.registry.zenstack.dev/ --tag next \"\\$PNPM_PACKAGE_NAME\"",
         "publish-test": "pnpm --filter \"./packages/**\" -r publish --access public --tag test"
diff --git a/packages/runtime/src/enhancements/node/policy/policy-utils.ts b/packages/runtime/src/enhancements/node/policy/policy-utils.ts
index ed9e435c6..ed5d95982 100644
--- a/packages/runtime/src/enhancements/node/policy/policy-utils.ts
+++ b/packages/runtime/src/enhancements/node/policy/policy-utils.ts
@@ -1,7 +1,9 @@
 /* eslint-disable @typescript-eslint/no-explicit-any */
 
 import deepmerge from 'deepmerge';
-import { z, type ZodError, type ZodObject, type ZodSchema } from 'zod';
+import type { z, ZodError, ZodObject, ZodSchema } from 'zod';
+import { z as zod3 } from 'zod/v3';
+import { z as zod4 } from 'zod/v4';
 import { CrudFailureReason, PrismaErrorCode } from '../../../constants';
 import {
     clone,
@@ -1376,17 +1378,19 @@ export class PolicyUtil extends QueryUtils {
             let schema: ZodObject<any> | undefined;
 
             const overridePasswordFields = (schema: z.ZodObject<any>) => {
+                const useZod: any = schema._def ? zod3 : zod4;
+
                 let result = schema;
                 const modelFields = this.modelMeta.models[lowerCaseFirst(model)]?.fields;
                 if (modelFields) {
                     for (const [key, field] of Object.entries(modelFields)) {
                         if (field.attributes?.some((attr) => attr.name === '@password')) {
                             // override `@password` field schema with a string schema
-                            let pwFieldSchema: ZodSchema = z.string();
+                            let pwFieldSchema: ZodSchema = useZod.string();
                             if (field.isOptional) {
                                 pwFieldSchema = pwFieldSchema.nullish();
                             }
-                            result = result.merge(z.object({ [key]: pwFieldSchema }));
+                            result = result.merge(useZod.object({ [key]: pwFieldSchema }));
                         }
                     }
                 }
@@ -1540,7 +1544,12 @@ export class PolicyUtil extends QueryUtils {
                     continue;
                 }
 
-                if (fieldInfo.isDataModel && queryArgs?.include && typeof queryArgs.include === 'object' && !queryArgs.include[field]) {
+                if (
+                    fieldInfo.isDataModel &&
+                    queryArgs?.include &&
+                    typeof queryArgs.include === 'object' &&
+                    !queryArgs.include[field]
+                ) {
                     // respect include
                     delete entityData[field];
                     continue;
diff --git a/packages/runtime/src/validation.ts b/packages/runtime/src/validation.ts
index 3cb606c1e..a063cdeb9 100644
--- a/packages/runtime/src/validation.ts
+++ b/packages/runtime/src/validation.ts
@@ -1,4 +1,4 @@
-import { z } from 'zod';
+import type { z } from 'zod';
 import { getZodErrorMessage } from './local-helpers';
 
 /**
diff --git a/packages/runtime/src/zod-utils.ts b/packages/runtime/src/zod-utils.ts
index beb19409c..48d3eeace 100644
--- a/packages/runtime/src/zod-utils.ts
+++ b/packages/runtime/src/zod-utils.ts
@@ -1,5 +1,5 @@
 /* eslint-disable @typescript-eslint/no-explicit-any */
-import { z as Z } from 'zod';
+import type { z as Z } from 'zod';
 
 /**
  * A smarter version of `z.union` that decide which candidate to use based on how few unrecognized keys it has.