ci: release

[mixie-bot]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@ascorbic/atproto-oauth-provider@0.1.0

Minor Changes

• #33 4f5b50c Thanks @ascorbic! - Initial release of AT Protocol OAuth 2.1 Provider

  A complete OAuth 2.1 Authorization Server implementation for AT Protocol, enabling "Login with Bluesky" functionality.

  Features:

  • Full OAuth 2.1 Authorization Code flow with PKCE
  • DPoP (Demonstrating Proof of Possession) support for token binding
  • PAR (Pushed Authorization Requests) for secure request initiation
  • Client metadata discovery and validation
  • Token rotation and revocation
  • SQLite-based storage adapter for Durable Objects

  Security:

  • Cryptographically secure token generation
  • PKCE challenge verification (SHA-256)
  • DPoP proof validation with replay protection
  • Token binding to prevent token theft

  Compatibility:

  • Integrates with @atproto/oauth-client for client applications
  • Storage interface allows custom backends beyond SQLite
  • Built for Cloudflare Workers with Durable Objects

  This package enables AT Protocol PDSs to act as OAuth providers, allowing users to authenticate with third-party applications using their PDS identity.

@ascorbic/pds@0.2.0

Minor Changes

• #33 4f5b50c Thanks @ascorbic! - Implement deactivated account pattern for seamless account migration

  Account State Management:

  • Add account activation state tracking to support migration workflows
  • New INITIAL_ACTIVE environment variable controls whether accounts start active or deactivated
  • Accounts can transition between active and deactivated states

  Migration Endpoints:

  • POST /xrpc/com.atproto.server.activateAccount - Enable writes and firehose events
  • POST /xrpc/com.atproto.server.deactivateAccount - Disable writes while keeping reads available
  • Enhanced getAccountStatus to return actual activation state and migration metrics

  Write Protection:

  • Write operations (createRecord, putRecord, deleteRecord, applyWrites) are blocked when account is deactivated
  • Returns clear "AccountDeactivated" error with helpful instructions
  • Read operations, importRepo, uploadBlob, and activateAccount remain available

  Improved Setup Flow:

  • pds init now asks if you're migrating an existing account
  • For migrations: auto-resolves handle to DID, deploys account as deactivated
  • For new accounts: generates identity, deploys as active
  • Worker name automatically generated from handle using smart slugification

  Migration UX:

  • Handle resolution using DNS-over-HTTPS via @atproto-labs/handle-resolver
  • Retry logic with helpful error messages for failed handle lookups
  • Step-by-step guidance for export, import, PLC update, and activation
  • Custom domain validation to prevent using hosted handles (*.bsky.social)

  This enables users to safely migrate their Bluesky accounts to self-hosted infrastructure with a clean, resumable workflow.

Patch Changes

• Updated dependencies [4f5b50c]:
  • @ascorbic/atproto-oauth-provider@0.1.0

create-pds@0.0.4

Patch Changes

• #33 4f5b50c Thanks @ascorbic! - Improve UX with clearer prompts