CHANGELOG.md at v0.3.0 · chadtmiller.com/pds.js

chadtmiller.com / pds.js
this repo has no description
pds.js / CHANGELOG.md
at v0.3.0 2.9 kB view raw view rendered
 1# Changelog
 2
 3All notable changes to this project will be documented in this file.
 4
 5The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 6
 7## [Unreleased]
 8
 9### Added
10
11- **Granular OAuth scope enforcement** on repo and blob endpoints
12  - `parseRepoScope()` parses `repo:collection?action=create&action=update` format
13  - `parseBlobScope()` parses `blob:image/*` format with MIME wildcards
14  - `ScopePermissions` class for checking repo/blob permissions
15  - Enforced on createRecord, putRecord, deleteRecord, applyWrites, uploadBlob
16- **Consent page permissions table** displaying scopes in human-readable format
17  - Identity-only: "wants to uniquely identify you" message
18  - Granular scopes: Table with Collection + Create/Update/Delete columns
19  - Full access: Warning banner for `transition:generic`
20- `parseScopesForDisplay()` helper for consent page rendering
21- E2E tests for scope enforcement and consent page display
22
23## [0.2.0] - 2026-01-07
24
25### Added
26
27- **OAuth 2.0 authorization server** with full AT Protocol support
28  - Discovery endpoints (AS metadata, protected resource, JWKS)
29  - Pushed Authorization Requests (PAR)
30  - Authorization endpoint with dark-themed consent UI
31  - Token endpoint (authorization_code + refresh_token grants)
32  - Token revocation (RFC 7009)
33  - DPoP proof validation and token binding
34  - PKCE with S256 code challenge
35  - Client metadata fetching and validation
36  - Loopback client support for development
37- DPoP JTI tracking to prevent replay attacks
38- Comprehensive OAuth e2e tests
39
40### Changed
41
42- **BREAKING:** Normalized SQL schema to snake_case convention
43  - Tables: `blob` → `blobs`, `record_blob` → `record_blobs`
44  - Columns: `mimeType` → `mime_type`, `createdAt` → `created_at`, `blobCid` → `blob_cid`, `recordUri` → `record_uri`
45  - Existing Durable Objects require storage reset
46- Consolidated error responses to use `errorResponse` helper
47- Moved OAuth types to TYPES & CONSTANTS section
48
49## [0.1.0] - 2025-01-07
50
51Initial experimental release.
52
53### Added
54
55- **Repo operations:** createRecord, getRecord, putRecord, deleteRecord, applyWrites, listRecords
56- **Sync endpoints:** getRepo (CAR export), subscribeRepos (WebSocket firehose), getLatestCommit
57- **Authentication:** createSession, getSession, refreshSession with JWT tokens
58- **Blob storage:** uploadBlob, getBlob, listBlobs with R2 backend
59  - MIME type sniffing (JPEG, PNG, GIF, WebP, MP4, AVIF, HEIC)
60  - Automatic orphaned blob cleanup via DO alarms
61  - Blob-record association tracking
62- **Identity:** Handle resolution, PLC directory registration
63- **Federation:** Relay notification (requestCrawl), AppView proxy for app.bsky.* endpoints
64- **Infrastructure:**
65  - Merkle Search Tree (MST) for repo structure
66  - DAG-CBOR encoding with CID generation
67  - P-256 ECDSA signing via Web Crypto
68  - TypeScript checking via JSDoc annotations
69  - Setup script for key generation and PLC registration