1.1.0

Changed

• Private notes now use the collection xyz.2877686.obsidian-pds-sync.note. Old private records stay in the old collection; a re-sync re-creates them in the new one.
• Encrypted bodies are stored as a compact bytes field instead of base64 text, and a redundant timestamp was dropped.
• The OAuth scope changed to match, so you'll be prompted to re-authorize.

1.0.4

Fixed

• OAuth sign-in now works on mobile. Tapping Connect opens a small dialog with an
  "Open sign-in page" button; the browser opens for sign-in, and the dialog
  closes automatically when you return to Obsidian.

1.0.4-alpha.2

Fixed

• OAuth sign-in now works on mobile. Tapping Connect opens a small dialog with an
  "Open sign-in page" button; the browser opens for sign-in, and the dialog
  closes automatically when you return to Obsidian.

1.0.4-alpha.1

Pre-release for testing the mobile OAuth sign-in fix. Not for general use.

Testing

• Tap Connect on mobile: a dialog appears with Open sign-in page, a
  tappable link, and Copy link.

Changed

• Mobile sign-in now hands off to a dialog (direct-tap open + copy-link
  fallback) instead of auto-opening.

1.0.3

Fixed

• Browser OAuth sign-in on mobile.

1.0.2

Fixed

• Try fixing the authorization page not opening on mobile.
• Derive note title from the filename. Re-sync an affected note to update its published record.

1.0.1

Addressing the Obsidian plugin review.

Changed

• Now requires Obsidian 1.11.4+ due to the keychain plugin.

Fixed

• Internal type-safety and lint cleanups.

1.0.0

Sync your Obsidian vault to an atproto PDS - private notes
encrypted end-to-end, public notes published via standard.site. One engine,
two backends, opt-in per note.

Highlights

• Private notes (default). Mark a note pds: true to encrypt it
  client-side (Argon2id + AES-256-GCM) and store it as an opaque record on
  your PDS. Only you can read it.
• Public notes. Mark publish: true to publish as a
  site.standard.document, shown by standard.site readers such as Leaflet.
  Includes a publication helper - name, base URL, theme, icon, discovery,
  and .well-known domain verification.
• Two-way sync. Push, pull/restore, last-write-wins with conflict
  copies, orphan deletion, and self-healing compare-and-swap writes.
• Auth. OAuth (PKCE + DPoP, no backend) or app password, with
  credentials stored in your OS keychain.
• Auto-sync. On edit and/or on an interval, with a
  status-bar indicator. Works on desktop and mobile.

Install (manual)

1. Download main.js and manifest.json below.
2. Drop both into <vault>/.obsidian/plugins/pds-sync/.
3. Enable PDS Sync in Settings -> Community plugins.

Then in Settings -> PDS Sync: connect, set an encryption passphrase, flag a
note (pds: true or publish: true), and run Sync vault to PDS.

Before you rely on private notes

Encrypted records live in your public, firehose-archived repo, so the
ciphertext can be attacked offline indefinitely. Your passphrase is the only
secret - use a long one, and note that losing it means the private notes are
unrecoverable. Full security model in the README.

Requirements

• Obsidian 1.5.0+ (keychain storage needs 1.11.4+; older versions fall back
  to a local file).
• An atproto account / PDS.

Talks only to atproto infrastructure - no analytics or telemetry.

Verify

main.js is built in CI with signed build provenance:
gh attestation verify main.js --repo Moshyfawn/obsidian-pds-sync