CHANGELOG.md at 605d8c81213efc1d6bfada63591c427bc3107a13 · chadtmiller.com/pds.js

chadtmiller.com / pds.js

A zero-dependency AT Protocol Personal Data Server written in JavaScript

atproto pds

pds.js / CHANGELOG.md

at 605d8c81213efc1d6bfada63591c427bc3107a13 2.2 kB view raw view rendered

 1# Changelog
 2
 3All notable changes to this project will be documented in this file.
 4
 5The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 6
 7## [Unreleased]
 8
 9## [0.2.0] - 2026-01-07
10
11### Added
12
13- **OAuth 2.0 authorization server** with full AT Protocol support
14  - Discovery endpoints (AS metadata, protected resource, JWKS)
15  - Pushed Authorization Requests (PAR)
16  - Authorization endpoint with dark-themed consent UI
17  - Token endpoint (authorization_code + refresh_token grants)
18  - Token revocation (RFC 7009)
19  - DPoP proof validation and token binding
20  - PKCE with S256 code challenge
21  - Client metadata fetching and validation
22  - Loopback client support for development
23- DPoP JTI tracking to prevent replay attacks
24- Comprehensive OAuth e2e tests
25
26### Changed
27
28- **BREAKING:** Normalized SQL schema to snake_case convention
29  - Tables: `blob` → `blobs`, `record_blob` → `record_blobs`
30  - Columns: `mimeType` → `mime_type`, `createdAt` → `created_at`, `blobCid` → `blob_cid`, `recordUri` → `record_uri`
31  - Existing Durable Objects require storage reset
32- Consolidated error responses to use `errorResponse` helper
33- Moved OAuth types to TYPES & CONSTANTS section
34
35## [0.1.0] - 2025-01-07
36
37Initial experimental release.
38
39### Added
40
41- **Repo operations:** createRecord, getRecord, putRecord, deleteRecord, applyWrites, listRecords
42- **Sync endpoints:** getRepo (CAR export), subscribeRepos (WebSocket firehose), getLatestCommit
43- **Authentication:** createSession, getSession, refreshSession with JWT tokens
44- **Blob storage:** uploadBlob, getBlob, listBlobs with R2 backend
45  - MIME type sniffing (JPEG, PNG, GIF, WebP, MP4, AVIF, HEIC)
46  - Automatic orphaned blob cleanup via DO alarms
47  - Blob-record association tracking
48- **Identity:** Handle resolution, PLC directory registration
49- **Federation:** Relay notification (requestCrawl), AppView proxy for app.bsky.* endpoints
50- **Infrastructure:**
51  - Merkle Search Tree (MST) for repo structure
52  - DAG-CBOR encoding with CID generation
53  - P-256 ECDSA signing via Web Crypto
54  - TypeScript checking via JSDoc annotations
55  - Setup script for key generation and PLC registration