Initial release v1.4.3

Author: AudD

.github/workflows/ci.yml

@@ -0,0 +1,33 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: tests (JDK ${{ matrix.java }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        java: ['11', '17', '21']
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: ${{ matrix.java }}
+          cache: maven
+      - name: mvn verify
+        run: mvn -B verify
+      - name: jar --describe-module (JPMS smoke)
+        if: matrix.java == '21'
+        run: |
+          JAR=$(ls target/audd-*.jar 2>/dev/null | grep -v sources | grep -v javadoc | head -1)
+          if [ -n "$JAR" ]; then jar --describe-module --file="$JAR"; fi

.github/workflows/contract.yml

@@ -0,0 +1,50 @@
+name: Contract tests
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: '0 6 * * *'
+  repository_dispatch:
+    types: [openapi-updated]
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  contract:
+    name: validate parser against latest audd-openapi fixtures
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          path: audd-java
+      - name: Check out audd-openapi
+        uses: actions/checkout@v4
+        with:
+          repository: AudDMusic/audd-openapi
+          path: audd-openapi
+          ref: main
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: '21'
+          cache: maven
+      - name: Run contract tests
+        working-directory: audd-java
+        env:
+          AUDD_OPENAPI_FIXTURES: ${{ github.workspace }}/audd-openapi/fixtures
+        run: mvn -B test -Dtest='*ContractTest' -DfailIfNoTests=false
+      - name: Open issue on failure (dispatched runs only)
+        if: failure() && github.event_name == 'repository_dispatch'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TRIGGER_SHA: ${{ github.event.client_payload.trigger_sha }}
+        run: |
+          gh issue create \
+            --title "Contract drift: audd-openapi spec change broke parser" \
+            --body "An openapi-updated dispatch (trigger SHA: $TRIGGER_SHA) caused contract tests to fail. Investigate and update parsers." \
+            --label "contract-drift" || true

.github/workflows/release.yml

@@ -0,0 +1,35 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'audd-java/v*'
+
+permissions:
+  contents: read
+
+jobs:
+  publish:
+    name: Build and publish to Maven Central
+    runs-on: ubuntu-latest
+    environment: maven-central
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: '21'
+          cache: maven
+          server-id: central
+          server-username: MAVEN_CENTRAL_USERNAME
+          server-password: MAVEN_CENTRAL_PASSWORD
+          gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE
+      - name: Verify build
+        run: mvn -B verify
+      - name: Deploy to Maven Central
+        env:
+          MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
+          MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+        run: mvn -B -Prelease deploy -DskipTests

.gitignore

@@ -0,0 +1,13 @@
+target/
+*.class
+*.jar
+*.war
+*.ear
+.idea/
+*.iml
+.vscode/
+.settings/
+.classpath
+.project
+hs_err_pid*
+.mvn/wrapper/maven-wrapper.jar

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 AudD
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,137 @@
+# audd-java — Official Java SDK for AudD
+
+The official Java SDK for the [AudD music recognition API](https://audd.io).
+Java 11+, OkHttp transport, sync `AudD` + async `AsyncAudD` (CompletableFuture-based),
+forward-compatible types, cost-aware retries.
+
+## Hello, AudD
+
+```java
+import io.audd.AudD;
+
+public class Hello {
+    public static void main(String[] args) throws Exception {
+        try (AudD audd = AudD.builder().apiToken("test").build()) {
+            var result = audd.recognize("https://audd.tech/example.mp3");
+            if (result != null) {
+                System.out.println(result.artist() + " — " + result.title());
+            }
+        }
+    }
+}
+```
+
+The public `"test"` token is capped at 10 requests; get a real one at
+[dashboard.audd.io](https://dashboard.audd.io/).
+
+## Install
+
+Maven:
+
+```xml
+<dependency>
+  <groupId>io.audd</groupId>
+  <artifactId>audd</artifactId>
+  <version>1.4.0</version>
+</dependency>
+```
+
+Gradle:
+
+```kotlin
+implementation("io.audd:audd:1.4.0")
+```
+
+Java 11+.
+
+## Capabilities
+
+| Capability | SDK |
+|---|---|
+| Recognize a song (URL / file / bytes / InputStream) | `audd.recognize(source, opts)` |
+| Recognize a long file (enterprise) | `audd.recognizeEnterprise(source, opts)` |
+| Configure callback URL | `audd.streams().setCallbackUrl(url, opts)` |
+| Add a stream | `audd.streams().add(req)` |
+| List/manage streams | `audd.streams().list() / delete(...) / setUrl(...)` |
+| Streams (callback POST or longpoll subscription) | `audd.streams().longpoll(...)` / `Streams.parseCallback(body)` |
+| Tokenless longpoll (browser/widget) | `new LongpollConsumer(category)` |
+| Derive a longpoll category locally | `Streams.deriveLongpollCategory(token, radioId)` |
+
+Sample mains will be added under [`examples/`](./examples). For now, treat the
+[`Hello, AudD`](#hello-audd) snippet above as the canonical starting point.
+
+## Configuration
+
+```java
+AudD audd = AudD.builder()
+    .apiToken("your-token")
+    .maxRetries(5)
+    .backoffFactorMs(1000)
+    .standardTimeoutSeconds(120)
+    .enterpriseTimeoutSeconds(7200)
+    .httpClient(new OkHttpClient.Builder() /* corporate proxy etc. */ .build())
+    .onDeprecation(msg -> log.warn("audd-deprecation: {}", msg))
+    .build();
+```
+
+`AudD` and `AsyncAudD` are safe for concurrent use across threads. Token
+rotation via `setApiToken(...)` uses an `AtomicReference`; in-flight requests
+continue with the prior token, subsequent ones use the new one.
+
+Retries are cost-aware:
+
+- **READ** endpoints (`streams.list`, `streams.getCallbackUrl`): retry on
+  408/429/5xx and connection errors.
+- **RECOGNITION** endpoints (`recognize`, `recognizeEnterprise`,
+  `advanced.findLyrics`, `advanced.rawRequest`): retry on pre-upload
+  connection failures and on 5xx. Do **not** retry on read-timeout
+  after upload completed (cost protection).
+- **MUTATING** endpoints (`streams.add`, `streams.delete`, etc.): retry only
+  on pre-upload connection failures.
+
+## Error handling
+
+Sealed hierarchy under `AudDException`:
+
+```
+AudDException
+├── AudDApiError
+│   ├── AudDAuthenticationError       (900, 901, 903)
+│   ├── AudDQuotaError                (902)
+│   ├── AudDSubscriptionError         (904, 905)
+│   │   └── AudDCustomCatalogAccessError
+│   ├── AudDInvalidRequestError       (50, 51, 600/601/602, 700/701/702, 906)
+│   ├── AudDInvalidAudioError         (300, 400, 500)
+│   ├── AudDRateLimitError            (611)
+│   ├── AudDStreamLimitError          (610)
+│   ├── AudDNotReleasedError          (907)
+│   ├── AudDBlockedError              (19, 31337)
+│   ├── AudDNeedsUpdateError          (20)
+│   └── AudDServerError               (100, 1000, generic 5xx)
+├── AudDConnectionError                # network / TLS / timeout
+└── AudDSerializationError             # 2xx response with malformed JSON
+```
+
+## Custom catalog (advanced — read first)
+
+> **This is NOT how you submit audio for music recognition.** For that, use
+> `audd.recognize(...)` (or `audd.recognizeEnterprise(...)` for files longer
+> than 25 seconds). The custom-catalog endpoint manipulates your **private
+> fingerprint catalog** so AudD's recognition can later identify *your own*
+> tracks for *your account only*. Requires special access — contact
+> api@audd.io if you need it enabled.
+
+```java
+audd.customCatalog().add(146, Path.of("track.mp3"));
+```
+
+## Advanced
+
+`audd.advanced().findLyrics("query")` and `audd.advanced().rawRequest(method, params)`.
+`rawRequest` is the escape hatch for any AudD endpoint not yet wrapped here.
+
+## Contributing / security / license
+
+- Issues: <https://github.com/AudDMusic/audd-java/issues>
+- Security: see [SECURITY.md](./SECURITY.md)
+- License: MIT (see [LICENSE](./LICENSE))

SECURITY.md

@@ -0,0 +1,17 @@
+# Security Policy
+
+## Reporting a vulnerability
+
+If you discover a security issue in this SDK, please email **api@audd.io** privately. Do not open a public GitHub issue for security reports.
+
+We will acknowledge receipt within 2 business days and coordinate disclosure with you.
+
+## Scope
+
+- **In scope:** vulnerabilities in this SDK's source code.
+- **Out of scope:** issues in upstream dependencies (file those with the upstream maintainer), or issues in the AudD service or API itself (email **api@audd.io** with subject `AudD service: <summary>`).
+
+## Hardening practices
+
+This SDK never logs `api_token`, request bodies, or response bodies. The `onEvent` inspection hook receives request / response / exception lifecycle events with method, URL, HTTP status, elapsed time, and request_id — but never the token or payload bytes.
+