Initial release v1.4.0

Author: AudD

.github/workflows/ci.yml

@@ -0,0 +1,33 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: tests (JDK ${{ matrix.java }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        java: ['11', '17', '21']
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: ${{ matrix.java }}
+          cache: maven
+      - name: mvn verify
+        run: mvn -B verify
+      - name: jar --describe-module (JPMS smoke)
+        if: matrix.java == '21'
+        run: |
+          JAR=$(ls target/audd-*.jar 2>/dev/null | grep -v sources | grep -v javadoc | head -1)
+          if [ -n "$JAR" ]; then jar --describe-module --file="$JAR"; fi

.github/workflows/contract.yml

@@ -0,0 +1,50 @@
+name: Contract tests
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: '0 6 * * *'
+  repository_dispatch:
+    types: [openapi-updated]
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  contract:
+    name: validate parser against latest audd-openapi fixtures
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          path: audd-java
+      - name: Check out audd-openapi
+        uses: actions/checkout@v4
+        with:
+          repository: AudDMusic/audd-openapi
+          path: audd-openapi
+          ref: main
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: '21'
+          cache: maven
+      - name: Run contract tests
+        working-directory: audd-java
+        env:
+          AUDD_OPENAPI_FIXTURES: ${{ github.workspace }}/audd-openapi/fixtures
+        run: mvn -B test -Dtest='*ContractTest' -DfailIfNoTests=false
+      - name: Open issue on failure (dispatched runs only)
+        if: failure() && github.event_name == 'repository_dispatch'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TRIGGER_SHA: ${{ github.event.client_payload.trigger_sha }}
+        run: |
+          gh issue create \
+            --title "Contract drift: audd-openapi spec change broke parser" \
+            --body "An openapi-updated dispatch (trigger SHA: $TRIGGER_SHA) caused contract tests to fail. Investigate and update parsers." \
+            --label "contract-drift" || true

.github/workflows/release.yml

@@ -0,0 +1,35 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'audd-java/v*'
+
+permissions:
+  contents: read
+
+jobs:
+  publish:
+    name: Build and publish to Maven Central
+    runs-on: ubuntu-latest
+    environment: maven-central
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: '21'
+          cache: maven
+          server-id: central
+          server-username: MAVEN_CENTRAL_USERNAME
+          server-password: MAVEN_CENTRAL_PASSWORD
+          gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE
+      - name: Verify build
+        run: mvn -B verify
+      - name: Deploy to Maven Central
+        env:
+          MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
+          MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+        run: mvn -B -Prelease deploy -DskipTests

.gitignore

@@ -0,0 +1,13 @@
+target/
+*.class
+*.jar
+*.war
+*.ear
+.idea/
+*.iml
+.vscode/
+.settings/
+.classpath
+.project
+hs_err_pid*
+.mvn/wrapper/maven-wrapper.jar

CHANGELOG.md

@@ -0,0 +1,81 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.4.0] - 2026-05-05
+
+Brand polish — every public type now spells the brand name as `AudD`
+PascalCase across the entire public surface (clients, error classes,
+event, options). Java package paths (`io.audd`) and Maven coordinates
+(`io.audd:audd`) stay lowercase as Java conventions require.
+
+### Changed
+
+- Top-level clients renamed to `AudD` and `AsyncAudD`.
+- Event class renamed to `AudDEvent`.
+- Options class renamed to `AudDOptions`.
+- Sealed error hierarchy renamed: `AudDException`, `AudDApiError`,
+  `AudDAuthenticationError`, `AudDSubscriptionError`,
+  `AudDCustomCatalogAccessError`, `AudDQuotaError`,
+  `AudDInvalidRequestError`, `AudDInvalidAudioError`,
+  `AudDConnectionError`, `AudDSerializationError`,
+  `AudDRateLimitError`, `AudDStreamLimitError`,
+  `AudDBlockedError`, `AudDNotReleasedError`,
+  `AudDNeedsUpdateError`, `AudDServerError`.
+
+### Unchanged
+
+- Java package name `io.audd` (lowercase per JLS convention).
+- Maven `groupId` / `artifactId`: `io.audd` / `audd`.
+- `AUDD_API_TOKEN` environment variable.
+- JPMS module name `io.audd`.
+
+## [1.3.0] - 2026-05-05
+
+Coordinated v1.3.0 stable release across the audd-sdks family. No breaking
+changes; the version bump signals API stability across all nine SDKs.
+
+The full v0.3.0 polish — env-var auto-pickup, streaming/preview helpers
+with metadata fallback, `onEvent` inspection hook, thread-safe token
+rotation, plus per-language work (JPMS module-info, Kotlin `Flow<LongpollEvent>`,
+Swift `Sendable` + DocC, .NET AOT/source-gen + `IServiceCollection`, Rust
+TLS feature flags + `Serialize`, PHP PSR-3 logger, Python `__repr__` +
+`pretty_print()`, Go `slog` example) is now the v1.3.0 baseline.
+
+## [0.3.0] - 2026-05-05
+
+JPMS module support — `module-info.java` ships in the SDK so modular consumers can `requires io.audd;` cleanly without falling back to the automatic-module-from-filename derivation.
+
+### Added
+
+- **`module-info.java`** at `src/main/java/module-info.java`. Module name `io.audd`. Exports the public packages (`io.audd`, `io.audd.streams`, `io.audd.customcatalog`, `io.audd.advanced`, `io.audd.errors`, `io.audd.models`); deliberately does **not** export `io.audd.internal`. Declares `requires transitive` on `com.fasterxml.jackson.databind`, `com.fasterxml.jackson.annotation`, and `okhttp3` since their types appear on the public API surface (`JsonNode` in error classes, `OkHttpClient` / `RequestBody` in option/builder types). `requires java.logging` for the `onEvent` hook's `java.util.logging` fallback path. Maven build target stays at Java 11 — module-info compiles cleanly under `--release 11` since JPMS has been supported since Java 9.
+
+## [0.2.0] - 2026-05-05
+
+DX polish — env-var auto-pickup, streaming/preview helpers, on_event inspection hook, thread-safe token rotation.
+
+### Added
+
+- **`AUDD_API_TOKEN` env-var fallback** (§7.11): `AudD.builder().build()` and `new AudD((String) null)` now resolve the api_token via explicit-arg → `AUDD_API_TOKEN` env var → `IllegalArgumentException` with a hint pointing at <https://dashboard.audd.io>. New static factories `AudD.fromEnvironment()` / `AsyncAudD.fromEnvironment()` make the env-var path explicit.
+- **`RecognitionResult.streamingUrl(StreamingProvider)`** (§4.3): direct URL from the metadata block when present (`apple_music.url`, `spotify.external_urls.spotify`, `deezer.link`, `napster.href`), else `lis.tn?<provider>` redirect when `songLink` is on `lis.tn`, else `null`. `StreamingProvider` enum (`SPOTIFY`, `APPLE_MUSIC`, `DEEZER`, `NAPSTER`, `YOUTUBE`); `YOUTUBE` has only the lis.tn path.
+- **`RecognitionResult.streamingUrls()`** (§4.3): `Map<StreamingProvider, String>` of every provider with a resolvable URL.
+- **`RecognitionResult.previewUrl()`** (§4.3): first non-empty preview URL across `apple_music.previews[0].url` → `spotify.preview_url` → `deezer.preview`. Doc-noted caveat about provider TOS.
+- Same `streamingUrl` / `streamingUrls` helpers on `EnterpriseMatch` (lis.tn-only — enterprise responses don't carry the per-provider metadata blocks).
+- **`AudD.setApiToken(newToken)`** / **`AsyncAudD.setApiToken(newToken)`** (§7.10): thread-safe token rotation via `AtomicReference`. In-flight requests continue with the old token; subsequent requests use the new one. Validates non-empty. `Streams` / `AsyncStreams` now accept a `Supplier<String>` for the api_token so `deriveLongpollCategory()` reflects rotations.
+- **`onEvent` inspection hook** on `AudD` / `AsyncAudD` (§7.7a): a `Consumer<AudDEvent>` receiving lifecycle events (`kind` ∈ {`REQUEST`, `RESPONSE`, `EXCEPTION`}, `method`, `url`, `requestId`, `httpStatus`, `elapsedMs`, `errorCode`, `extras`). Off by default. Never carries the `api_token` or request body bytes. Hook exceptions are swallowed at FINE log level via `java.util.logging.Logger("io.audd")` so observability never breaks the request path.
+
+### Internal
+
+- 27 new regression tests (`src/test/java/io/audd/V02PolishTest.java`) covering all four feature areas. Total: 116 tests passing.
+
+## [0.1.0] - 2026-05-04
+### Added
+- Initial release of the official AudD Java SDK.
+- Sync `AudD` and async `AsyncAudD` clients (CompletableFuture-based).
+- Tokenless `LongpollConsumer` and `AsyncLongpollConsumer` for browser/widget use cases.
+- Sealed exception hierarchy mapping every documented AudD error code.
+- Forward-compatible models via Jackson `@JsonAnySetter` / `@JsonAnyGetter`.
+- Cost-aware retry policy (READ / RECOGNITION / MUTATING classes).
+- HTTP transport injection, configurable timeouts, structured logging hooks.

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 AudD
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,137 @@
+# audd-java — Official Java SDK for AudD
+
+The official Java SDK for the [AudD music recognition API](https://audd.io).
+Java 11+, OkHttp transport, sync `AudD` + async `AsyncAudD` (CompletableFuture-based),
+forward-compatible types, cost-aware retries.
+
+## Hello, AudD
+
+```java
+import io.audd.AudD;
+
+public class Hello {
+    public static void main(String[] args) throws Exception {
+        try (AudD audd = AudD.builder().apiToken("test").build()) {
+            var result = audd.recognize("https://audd.tech/example.mp3");
+            if (result != null) {
+                System.out.println(result.artist() + " — " + result.title());
+            }
+        }
+    }
+}
+```
+
+The public `"test"` token is capped at 10 requests; get a real one at
+[dashboard.audd.io](https://dashboard.audd.io/).
+
+## Install
+
+Maven:
+
+```xml
+<dependency>
+  <groupId>io.audd</groupId>
+  <artifactId>audd</artifactId>
+  <version>1.4.0</version>
+</dependency>
+```
+
+Gradle:
+
+```kotlin
+implementation("io.audd:audd:1.4.0")
+```
+
+Java 11+.
+
+## Capabilities
+
+| Capability | SDK |
+|---|---|
+| Recognize a song (URL / file / bytes / InputStream) | `audd.recognize(source, opts)` |
+| Recognize a long file (enterprise) | `audd.recognizeEnterprise(source, opts)` |
+| Configure callback URL | `audd.streams().setCallbackUrl(url, opts)` |
+| Add a stream | `audd.streams().add(req)` |
+| List/manage streams | `audd.streams().list() / delete(...) / setUrl(...)` |
+| Streams (callback POST or longpoll subscription) | `audd.streams().longpoll(...)` / `Streams.parseCallback(body)` |
+| Tokenless longpoll (browser/widget) | `new LongpollConsumer(category)` |
+| Derive a longpoll category locally | `Streams.deriveLongpollCategory(token, radioId)` |
+
+Sample mains will be added under [`examples/`](./examples). For now, treat the
+[`Hello, AudD`](#hello-audd) snippet above as the canonical starting point.
+
+## Configuration
+
+```java
+AudD audd = AudD.builder()
+    .apiToken("your-token")
+    .maxRetries(5)
+    .backoffFactorMs(1000)
+    .standardTimeoutSeconds(120)
+    .enterpriseTimeoutSeconds(7200)
+    .httpClient(new OkHttpClient.Builder() /* corporate proxy etc. */ .build())
+    .onDeprecation(msg -> log.warn("audd-deprecation: {}", msg))
+    .build();
+```
+
+`AudD` and `AsyncAudD` are safe for concurrent use across threads. Token
+rotation via `setApiToken(...)` uses an `AtomicReference`; in-flight requests
+continue with the prior token, subsequent ones use the new one.
+
+Retries are cost-aware:
+
+- **READ** endpoints (`streams.list`, `streams.getCallbackUrl`): retry on
+  408/429/5xx and connection errors.
+- **RECOGNITION** endpoints (`recognize`, `recognizeEnterprise`,
+  `advanced.findLyrics`, `advanced.rawRequest`): retry on pre-upload
+  connection failures and on 5xx. Do **not** retry on read-timeout
+  after upload completed (cost protection).
+- **MUTATING** endpoints (`streams.add`, `streams.delete`, etc.): retry only
+  on pre-upload connection failures.
+
+## Error handling
+
+Sealed hierarchy under `AudDException`:
+
+```
+AudDException
+├── AudDApiError
+│   ├── AudDAuthenticationError       (900, 901, 903)
+│   ├── AudDQuotaError                (902)
+│   ├── AudDSubscriptionError         (904, 905)
+│   │   └── AudDCustomCatalogAccessError
+│   ├── AudDInvalidRequestError       (50, 51, 600/601/602, 700/701/702, 906)
+│   ├── AudDInvalidAudioError         (300, 400, 500)
+│   ├── AudDRateLimitError            (611)
+│   ├── AudDStreamLimitError          (610)
+│   ├── AudDNotReleasedError          (907)
+│   ├── AudDBlockedError              (19, 31337)
+│   ├── AudDNeedsUpdateError          (20)
+│   └── AudDServerError               (100, 1000, generic 5xx)
+├── AudDConnectionError                # network / TLS / timeout
+└── AudDSerializationError             # 2xx response with malformed JSON
+```
+
+## Custom catalog (advanced — read first)
+
+> **This is NOT how you submit audio for music recognition.** For that, use
+> `audd.recognize(...)` (or `audd.recognizeEnterprise(...)` for files longer
+> than 25 seconds). The custom-catalog endpoint manipulates your **private
+> fingerprint catalog** so AudD's recognition can later identify *your own*
+> tracks for *your account only*. Requires special access — contact
+> api@audd.io if you need it enabled.
+
+```java
+audd.customCatalog().add(146, Path.of("track.mp3"));
+```
+
+## Advanced
+
+`audd.advanced().findLyrics("query")` and `audd.advanced().rawRequest(method, params)`.
+`rawRequest` is the escape hatch for any AudD endpoint not yet wrapped here.
+
+## Contributing / security / license
+
+- Issues: <https://github.com/AudDMusic/audd-java/issues>
+- Security: see [SECURITY.md](./SECURITY.md)
+- License: MIT (see [LICENSE](./LICENSE))

SECURITY.md

@@ -0,0 +1,18 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security issue in the AudD Java SDK, please report it
+privately to **api@audd.io**. Do not open a public GitHub issue for security
+problems.
+
+We will acknowledge receipt within 2 business days and aim to provide a fix
+or mitigation plan within 14 days.
+
+## Scope
+
+In-scope: vulnerabilities in this SDK's code (`io.audd:audd`).
+
+Out-of-scope: issues in upstream dependencies (file those upstream), issues
+in the AudD service itself (file via api@audd.io with subject "AudD service
+security report").