this repo has no description
chadtmiller.com
1# Changelog
2
3All notable changes to this project will be documented in this file.
4
5The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
6
7## [Unreleased]
8
9## [0.4.0] - 2026-01-08
10
11### Added
12
13- **Foreign DID proxying** via `atproto-proxy` header
14 - `parseAtprotoProxyHeader()` parses `did:web:api.bsky.app#bsky_appview` format
15 - `getKnownServiceUrl()` maps known service DIDs to URLs
16 - `proxyToService()` generic proxy utility with header forwarding
17 - Repo endpoints (getRecord, listRecords, describeRepo) support explicit proxying
18 - Returns appropriate errors for malformed headers or unknown services
19- Unit tests for proxy utilities
20- E2E tests for foreign DID proxying behavior
21
22### Changed
23
24- Refactored `handleAppViewProxy` to use shared `proxyToService` utility
25- Added caching for registered DIDs lookup (30s TTL)
26
27## [0.3.0] - 2026-01-08
28
29### Added
30
31- **Granular OAuth scope enforcement** on repo and blob endpoints
32 - `parseRepoScope()` parses `repo:collection?action=create&action=update` format
33 - `parseBlobScope()` parses `blob:image/*` format with MIME wildcards
34 - `ScopePermissions` class for checking repo/blob permissions
35 - Enforced on createRecord, putRecord, deleteRecord, applyWrites, uploadBlob
36- **Consent page permissions table** displaying scopes in human-readable format
37 - Identity-only: "wants to uniquely identify you" message
38 - Granular scopes: Table with Collection + Create/Update/Delete columns
39 - Full access: Warning banner for `transition:generic`
40- `parseScopesForDisplay()` helper for consent page rendering
41- E2E tests for scope enforcement and consent page display
42
43## [0.2.0] - 2026-01-07
44
45### Added
46
47- **OAuth 2.0 authorization server** with full AT Protocol support
48 - Discovery endpoints (AS metadata, protected resource, JWKS)
49 - Pushed Authorization Requests (PAR)
50 - Authorization endpoint with dark-themed consent UI
51 - Token endpoint (authorization_code + refresh_token grants)
52 - Token revocation (RFC 7009)
53 - DPoP proof validation and token binding
54 - PKCE with S256 code challenge
55 - Client metadata fetching and validation
56 - Loopback client support for development
57- DPoP JTI tracking to prevent replay attacks
58- Comprehensive OAuth e2e tests
59
60### Changed
61
62- **BREAKING:** Normalized SQL schema to snake_case convention
63 - Tables: `blob` → `blobs`, `record_blob` → `record_blobs`
64 - Columns: `mimeType` → `mime_type`, `createdAt` → `created_at`, `blobCid` → `blob_cid`, `recordUri` → `record_uri`
65 - Existing Durable Objects require storage reset
66- Consolidated error responses to use `errorResponse` helper
67- Moved OAuth types to TYPES & CONSTANTS section
68
69## [0.1.0] - 2025-01-07
70
71Initial experimental release.
72
73### Added
74
75- **Repo operations:** createRecord, getRecord, putRecord, deleteRecord, applyWrites, listRecords
76- **Sync endpoints:** getRepo (CAR export), subscribeRepos (WebSocket firehose), getLatestCommit
77- **Authentication:** createSession, getSession, refreshSession with JWT tokens
78- **Blob storage:** uploadBlob, getBlob, listBlobs with R2 backend
79 - MIME type sniffing (JPEG, PNG, GIF, WebP, MP4, AVIF, HEIC)
80 - Automatic orphaned blob cleanup via DO alarms
81 - Blob-record association tracking
82- **Identity:** Handle resolution, PLC directory registration
83- **Federation:** Relay notification (requestCrawl), AppView proxy for app.bsky.* endpoints
84- **Infrastructure:**
85 - Merkle Search Tree (MST) for repo structure
86 - DAG-CBOR encoding with CID generation
87 - P-256 ECDSA signing via Web Crypto
88 - TypeScript checking via JSDoc annotations
89 - Setup script for key generation and PLC registration