shindakun.net / bskyoauth
Vibe-guided bskyoauth and custom repo example code in Golang ๐Ÿค– probably not safe to use in prod
fork atom

Add VERSION.md for tracking version changes

Created VERSION.md to track version history and establish versioning policy
for future releases.

Versioning Policy:
- v1.x.x: Stable API, 100% backward compatibility
- Major (v2.x.x): Only for breaking changes
- Minor (v1.x.0): New features, non-breaking enhancements
- Patch (v1.0.x): Bug fixes, documentation, internal improvements

The file includes:
- Complete v1.0.0 release notes
- Versioning policy and semantic versioning guidelines
- Release process checklist
- Sections for tracking planned changes (v1.1.0, v1.0.1)
- Stability guarantees for v1.x.x releases

This provides a clear process for maintaining the module going forward
while tracking all changes for users.

๐Ÿค– Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Steve Layton cc993617 7721959f

options
unified split
Changed files
+127
VERSION.md
+127
VERSION.md
··· 1 + # Version History 2 + 3 + This document tracks version changes for the bskyoauth module. 4 + 5 + ## Versioning Policy 6 + 7 + - **v1.x.x**: Stable API, 100% backward compatibility maintained 8 + - **Major version (v2.x.x)**: Only for breaking changes (requires updating imports) 9 + - **Minor version (v1.x.0)**: New features, non-breaking enhancements 10 + - **Patch version (v1.0.x)**: Bug fixes, documentation updates, internal improvements 11 + 12 + ## Current Version: v1.0.0 13 + 14 + ### v1.0.0 (2025-10-29) 15 + 16 + **Initial stable release** - Production-ready Bluesky OAuth library 17 + 18 + #### Features 19 + - Complete OAuth 2.0 authorization code flow with PKCE 20 + - DPoP (RFC 9449) for token binding with ECDSA P-256 21 + - Automatic token refresh with expiration tracking 22 + - PAR (Pushed Authorization Request) support 23 + - JWKS caching and JWT verification 24 + - Handle resolution and PDS discovery 25 + 26 + #### Session Management 27 + - Built-in memory session store 28 + - Custom session store interface for Redis, database, etc. 29 + - Automatic session cleanup and expiration 30 + - Thread-safe concurrent access 31 + 32 + #### API Operations 33 + - Create posts (app.bsky.feed.post) 34 + - Create custom records with any collection NSID 35 + - Delete records from repository 36 + - Automatic DPoP nonce management 37 + - Replay protection and retry logic 38 + 39 + #### Middleware & Security 40 + - IP-based rate limiting with configurable limits 41 + - Security headers (CSP, HSTS, X-Frame-Options, etc.) 42 + - Environment-aware CSP policies (localhost vs production) 43 + - HTTP request/response logging middleware 44 + - Composable middleware pattern 45 + 46 + #### Validation 47 + - Handle validation (length, format, syntax) 48 + - Post text validation (length, UTF-8, null bytes) 49 + - Record validation (createdAt format, depth limits) 50 + - NSID (collection) validation 51 + 52 + #### Developer Experience 53 + - Structured logging with slog 54 + - Environment-based log configuration 55 + - Context-based request/correlation IDs 56 + - Comprehensive error types 57 + - 100+ tests with race detection 58 + - Full example application included 59 + 60 + #### Architecture 61 + - Clean separation between public API and internal implementation 62 + - `internal/` packages protect implementation details 63 + - Thin wrapper pattern for public exports 64 + - Well-organized by concern (oauth, dpop, jwt, session, api, validation) 65 + - Testing utilities (internal/testutil) with fixtures and mock servers 66 + 67 + #### Testing 68 + - All tests pass with -race detection 69 + - No known vulnerabilities (govulncheck clean) 70 + - Passes golangci-lint with all checks enabled 71 + - Automated pre-commit hooks included 72 + 73 + --- 74 + 75 + ## Upcoming Changes 76 + 77 + Track minor version changes here for future releases. 78 + 79 + ### Planned for v1.1.0 (Future) 80 + - (Add new features here as they are planned) 81 + 82 + ### Planned for v1.0.1 (Future) 83 + - (Add bug fixes here as they are identified) 84 + 85 + --- 86 + 87 + ## Release Process 88 + 89 + 1. Update this VERSION.md file with changes 90 + 2. Update CHANGELOG.md if present 91 + 3. Run full test suite: `go test -race ./...` 92 + 4. Run linting: `golangci-lint run` 93 + 5. Run security scan: `govulncheck ./...` 94 + 6. Commit changes 95 + 7. Create git tag: `git tag -a vX.Y.Z -m "Release vX.Y.Z"` 96 + 8. Push commits: `git push origin main` 97 + 9. Push tag: `git push origin vX.Y.Z` 98 + 99 + ## Version Numbering 100 + 101 + Following semantic versioning (https://semver.org/): 102 + 103 + - **MAJOR** version (v2.0.0): Breaking API changes 104 + - Changing function signatures 105 + - Removing public APIs 106 + - Changing behavior in incompatible ways 107 + 108 + - **MINOR** version (v1.1.0): New features, backward compatible 109 + - Adding new public functions/methods 110 + - Adding new optional parameters 111 + - Adding new middleware 112 + - Performance improvements 113 + 114 + - **PATCH** version (v1.0.1): Bug fixes, backward compatible 115 + - Fixing bugs 116 + - Documentation improvements 117 + - Internal refactoring 118 + - Security fixes (non-breaking) 119 + 120 + ## Stability Guarantee 121 + 122 + For all v1.x.x releases: 123 + - โœ… All public APIs will remain stable 124 + - โœ… Function signatures will not change 125 + - โœ… Behavior will remain consistent 126 + - โœ… Internal packages can evolve freely 127 + - โœ… Existing code will continue to work