From 0a0fb2d1161eb81c9f8351bb3a028e3c4e37a994 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 1 Jan 2026 09:06:59 +0000 Subject: [PATCH] ci: release --- .changeset/create-pds-ux.md | 5 --- .changeset/deactivated-account-pattern.md | 34 ------------------- .changeset/oauth-provider-initial.md | 28 ---------------- packages/create-pds/CHANGELOG.md | 6 ++++ packages/create-pds/package.json | 2 +- packages/oauth-provider/CHANGELOG.md | 30 +++++++++++++++++ packages/oauth-provider/package.json | 2 +- packages/pds/CHANGELOG.md | 40 +++++++++++++++++++++++ packages/pds/package.json | 2 +- 9 files changed, 79 insertions(+), 70 deletions(-) delete mode 100644 .changeset/create-pds-ux.md delete mode 100644 .changeset/deactivated-account-pattern.md delete mode 100644 .changeset/oauth-provider-initial.md create mode 100644 packages/oauth-provider/CHANGELOG.md diff --git a/.changeset/create-pds-ux.md b/.changeset/create-pds-ux.md deleted file mode 100644 index 93bbf25c..00000000 --- a/.changeset/create-pds-ux.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"create-pds": patch ---- - -Improve UX with clearer prompts diff --git a/.changeset/deactivated-account-pattern.md b/.changeset/deactivated-account-pattern.md deleted file mode 100644 index c1cdd056..00000000 --- a/.changeset/deactivated-account-pattern.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -"@ascorbic/pds": minor ---- - -Implement deactivated account pattern for seamless account migration - -**Account State Management:** -- Add account activation state tracking to support migration workflows -- New `INITIAL_ACTIVE` environment variable controls whether accounts start active or deactivated -- Accounts can transition between active and deactivated states - -**Migration Endpoints:** -- `POST /xrpc/com.atproto.server.activateAccount` - Enable writes and firehose events -- `POST /xrpc/com.atproto.server.deactivateAccount` - Disable writes while keeping reads available -- Enhanced `getAccountStatus` to return actual activation state and migration metrics - -**Write Protection:** -- Write operations (`createRecord`, `putRecord`, `deleteRecord`, `applyWrites`) are blocked when account is deactivated -- Returns clear "AccountDeactivated" error with helpful instructions -- Read operations, `importRepo`, `uploadBlob`, and `activateAccount` remain available - -**Improved Setup Flow:** -- `pds init` now asks if you're migrating an existing account -- For migrations: auto-resolves handle to DID, deploys account as deactivated -- For new accounts: generates identity, deploys as active -- Worker name automatically generated from handle using smart slugification - -**Migration UX:** -- Handle resolution using DNS-over-HTTPS via `@atproto-labs/handle-resolver` -- Retry logic with helpful error messages for failed handle lookups -- Step-by-step guidance for export, import, PLC update, and activation -- Custom domain validation to prevent using hosted handles (*.bsky.social) - -This enables users to safely migrate their Bluesky accounts to self-hosted infrastructure with a clean, resumable workflow. diff --git a/.changeset/oauth-provider-initial.md b/.changeset/oauth-provider-initial.md deleted file mode 100644 index 6cdf630c..00000000 --- a/.changeset/oauth-provider-initial.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -"@ascorbic/atproto-oauth-provider": minor ---- - -Initial release of AT Protocol OAuth 2.1 Provider - -A complete OAuth 2.1 Authorization Server implementation for AT Protocol, enabling "Login with Bluesky" functionality. - -**Features:** -- Full OAuth 2.1 Authorization Code flow with PKCE -- DPoP (Demonstrating Proof of Possession) support for token binding -- PAR (Pushed Authorization Requests) for secure request initiation -- Client metadata discovery and validation -- Token rotation and revocation -- SQLite-based storage adapter for Durable Objects - -**Security:** -- Cryptographically secure token generation -- PKCE challenge verification (SHA-256) -- DPoP proof validation with replay protection -- Token binding to prevent token theft - -**Compatibility:** -- Integrates with `@atproto/oauth-client` for client applications -- Storage interface allows custom backends beyond SQLite -- Built for Cloudflare Workers with Durable Objects - -This package enables AT Protocol PDSs to act as OAuth providers, allowing users to authenticate with third-party applications using their PDS identity. diff --git a/packages/create-pds/CHANGELOG.md b/packages/create-pds/CHANGELOG.md index 6dd96505..cb63cc62 100644 --- a/packages/create-pds/CHANGELOG.md +++ b/packages/create-pds/CHANGELOG.md @@ -1,5 +1,11 @@ # create-pds +## 0.0.4 + +### Patch Changes + +- [#33](https://github.com/ascorbic/atproto-worker/pull/33) [`4f5b50c`](https://github.com/ascorbic/atproto-worker/commit/4f5b50c4911514f0f87dc3f3856a2b4e2ccb9b4d) Thanks [@ascorbic](https://github.com/ascorbic)! - Improve UX with clearer prompts + ## 0.0.3 ### Patch Changes diff --git a/packages/create-pds/package.json b/packages/create-pds/package.json index 236f63c8..c7e60a41 100644 --- a/packages/create-pds/package.json +++ b/packages/create-pds/package.json @@ -1,6 +1,6 @@ { "name": "create-pds", - "version": "0.0.3", + "version": "0.0.4", "description": "Create a new AT Protocol PDS on Cloudflare Workers", "type": "module", "bin": { diff --git a/packages/oauth-provider/CHANGELOG.md b/packages/oauth-provider/CHANGELOG.md new file mode 100644 index 00000000..b5f2188f --- /dev/null +++ b/packages/oauth-provider/CHANGELOG.md @@ -0,0 +1,30 @@ +# @ascorbic/atproto-oauth-provider + +## 0.1.0 + +### Minor Changes + +- [#33](https://github.com/ascorbic/atproto-worker/pull/33) [`4f5b50c`](https://github.com/ascorbic/atproto-worker/commit/4f5b50c4911514f0f87dc3f3856a2b4e2ccb9b4d) Thanks [@ascorbic](https://github.com/ascorbic)! - Initial release of AT Protocol OAuth 2.1 Provider + + A complete OAuth 2.1 Authorization Server implementation for AT Protocol, enabling "Login with Bluesky" functionality. + + **Features:** + - Full OAuth 2.1 Authorization Code flow with PKCE + - DPoP (Demonstrating Proof of Possession) support for token binding + - PAR (Pushed Authorization Requests) for secure request initiation + - Client metadata discovery and validation + - Token rotation and revocation + - SQLite-based storage adapter for Durable Objects + + **Security:** + - Cryptographically secure token generation + - PKCE challenge verification (SHA-256) + - DPoP proof validation with replay protection + - Token binding to prevent token theft + + **Compatibility:** + - Integrates with `@atproto/oauth-client` for client applications + - Storage interface allows custom backends beyond SQLite + - Built for Cloudflare Workers with Durable Objects + + This package enables AT Protocol PDSs to act as OAuth providers, allowing users to authenticate with third-party applications using their PDS identity. diff --git a/packages/oauth-provider/package.json b/packages/oauth-provider/package.json index bcaf3d71..bb8b790b 100644 --- a/packages/oauth-provider/package.json +++ b/packages/oauth-provider/package.json @@ -1,6 +1,6 @@ { "name": "@ascorbic/atproto-oauth-provider", - "version": "0.0.0", + "version": "0.1.0", "description": "OAuth 2.1 Provider with AT Protocol extensions for Cloudflare Workers", "type": "module", "main": "dist/index.js", diff --git a/packages/pds/CHANGELOG.md b/packages/pds/CHANGELOG.md index 54f904f7..5326d3d1 100644 --- a/packages/pds/CHANGELOG.md +++ b/packages/pds/CHANGELOG.md @@ -1,5 +1,45 @@ # @ascorbic/pds +## 0.2.0 + +### Minor Changes + +- [#33](https://github.com/ascorbic/atproto-worker/pull/33) [`4f5b50c`](https://github.com/ascorbic/atproto-worker/commit/4f5b50c4911514f0f87dc3f3856a2b4e2ccb9b4d) Thanks [@ascorbic](https://github.com/ascorbic)! - Implement deactivated account pattern for seamless account migration + + **Account State Management:** + - Add account activation state tracking to support migration workflows + - New `INITIAL_ACTIVE` environment variable controls whether accounts start active or deactivated + - Accounts can transition between active and deactivated states + + **Migration Endpoints:** + - `POST /xrpc/com.atproto.server.activateAccount` - Enable writes and firehose events + - `POST /xrpc/com.atproto.server.deactivateAccount` - Disable writes while keeping reads available + - Enhanced `getAccountStatus` to return actual activation state and migration metrics + + **Write Protection:** + - Write operations (`createRecord`, `putRecord`, `deleteRecord`, `applyWrites`) are blocked when account is deactivated + - Returns clear "AccountDeactivated" error with helpful instructions + - Read operations, `importRepo`, `uploadBlob`, and `activateAccount` remain available + + **Improved Setup Flow:** + - `pds init` now asks if you're migrating an existing account + - For migrations: auto-resolves handle to DID, deploys account as deactivated + - For new accounts: generates identity, deploys as active + - Worker name automatically generated from handle using smart slugification + + **Migration UX:** + - Handle resolution using DNS-over-HTTPS via `@atproto-labs/handle-resolver` + - Retry logic with helpful error messages for failed handle lookups + - Step-by-step guidance for export, import, PLC update, and activation + - Custom domain validation to prevent using hosted handles (\*.bsky.social) + + This enables users to safely migrate their Bluesky accounts to self-hosted infrastructure with a clean, resumable workflow. + +### Patch Changes + +- Updated dependencies [[`4f5b50c`](https://github.com/ascorbic/atproto-worker/commit/4f5b50c4911514f0f87dc3f3856a2b4e2ccb9b4d)]: + - @ascorbic/atproto-oauth-provider@0.1.0 + ## 0.1.0 ### Minor Changes diff --git a/packages/pds/package.json b/packages/pds/package.json index 474730a7..04ac2ad6 100644 --- a/packages/pds/package.json +++ b/packages/pds/package.json @@ -1,6 +1,6 @@ { "name": "@ascorbic/pds", - "version": "0.1.0", + "version": "0.2.0", "description": "AT Protocol PDS on Cloudflare Workers", "type": "module", "main": "dist/index.js",