Skip to content

v0.4.0

Choose a tag to compare

@github-actions github-actions released this 30 Jun 13:09
0190fbb

0.4.0 (2026-06-30)

Features

  • agent profiles (display name, bio, avatar, social links) (#23) (09a3397)
  • db: versioned schema migrations with idempotent backfill (#21) (927e4d0)
  • encrypted replication for private subtrees (B1/B2/B3) for #18 (#36) (5ff7af8)
  • git-remote-gitlawb: add --version and --help flags (#30) (3a401eb)
  • gitlawb-attest: External Attestation v1 for ref-update certs (#20) (924bccd)
  • node: blind recipient identities at rest and gate B1 by repo readability (#40) (abdc775)
  • node: enforce per-route authorization across the REST and GraphQL surface (#87) (2202b00)
  • node: graceful shutdown + Prometheus metrics endpoint (#22) (2ce4da9)
  • node: iCaptcha proof-of-intelligence gate on create_repo + register (#108) (adc20f9)
  • node: iCaptcha-aware repo propagation gate with quarantine (#125) (8b9ceec)
  • node: owner-only push enforcement behind GITLAWB_ENFORCE_OWNER_PUSH (#31) (#68) (0a15e76)
  • node: peer partial-mirrors for repos with private subtrees (#35) (e365a57)
  • node: pin the per-push object delta instead of re-enumerating the whole repo (#90) (1af4fdf)
  • node: replication enforcement (Phase 2) for #18 (#34) (8680d0f)
  • node: signature-gated agent self-deregister (#29) (#63) (ff492b4)
  • node: subtree content withholding (Phase 3) for #18 (#28) (61b3830)
  • path-scoped repository visibility (Phase 1) for #18 (#25) (6abaf1d)
  • per-DID rate limiting on creation endpoints (10/hour) (#13) (b12c6bc)
  • sync: auto-register as replica with origin after successful mirror (#56) (c03c9af)

Bug Fixes

  • api: blob endpoint returns 400/404 instead of 500 on bad paths (#37) (b61a1bd)
  • core: route seed access through the zeroizing wrapper (#41) (#64) (c9f43b0)
  • core: zeroize the derived X25519 secret (#65) (#91) (2f6611a)
  • gl: paginate gl-clone Arweave recovery and make /encrypted-blobs parsing schema-strict (#49) (#70) (2153b0b)
  • infra: drop fly idle_timeout 600 -> 120 (#38) (a2217bf)
  • node: anchor the real old_sha and issue a per-ref certificate (#72) (6809201)
  • node: close under-withholding via full ref scope and full-history classification (#42) (#84) (3e1e904)
  • node: dedupe mirror and canonical repo rows on list surfaces (#6) (#73) (3e8e333)
  • node: enforce path-scoped visibility on the REST read API (#52) (e37ea7f)
  • node: fail closed when a recipient DID can't be resolved (#47) (#67) (abc9ad0)
  • node: gate fork_repo on per-caller path-scoped visibility (#98) (#109) (6ae316c)
  • node: gate GET /ipfs/{cid} on per-caller path-scoped visibility (#110) (#128) (174f25a)
  • node: gate repo-listing and stats surfaces on visibility (#97, #99, #101, #104) (#111) (828dd27)
  • node: make Tigris repo hydration resilient to corrupt archives & failed writes (#54) (7a99d0f)
  • node: preserve promisor mirror mode on unknown withheld-paths lookup (#48) (#69) (96fcfdb)
  • node: reap leaked git child processes (#53) (#61) (803d83e)
  • node: reject malformed path globs with non-trailing or empty-segment wildcards (#74) (#75) (3d880cd)
  • node: skip withheld-walk when no path-scoped rule can withhold (#60) (338ff83)
  • release: give crates explicit versions for release-please (#129) (788a868)
  • release: use simple release-type + generic Cargo.toml updaters (#130) (12bfb1b)
  • security: gate webhook creation through the public-host validator (#81) (#92) (f28fa02)
  • security: reject non-public peer URLs + prune poisoned peers (#78) (a8cc33a)