FujoWebDev · essential-randomness · Apr 30, 2026 · Apr 30, 2026 · Apr 27, 2026 · Apr 27, 2026
diff --git a/.changeset/atproto-badges-initial.md b/.changeset/atproto-badges-initial.md
@@ -0,0 +1,7 @@
+---
+"@fujocoded/atproto-badges": minor
+---
+
+Initial release of `@fujocoded/atproto-badges` — ATProto badge attestation utilities for creating, signing, and verifying badges per the badge.blue specification.
+
+Also ships a `/react` subpath export with drop-in `<BadgeSection>`, `<BadgePill>`, `<BadgeClaim>`, and `<BadgeCertificate>` components, plus a `/styles.css` import. Components take async action handlers (`onClaim`/`onVerify`/`onUnclaim`) and theming props (`issuerName`, `getBadgeShortName`, `isRemoteBadge`, custom icon renderers), so consumers wire them to their own backend without forking. Requires Tailwind v4 in the consuming project.
diff --git a/.changeset/authproto-callback-state-fix.md b/.changeset/authproto-callback-state-fix.md
@@ -0,0 +1,6 @@
+---
+"@fujocoded/authproto": patch
+---
+
+Fix custom-redirect / referer parsing in the OAuth callback so encoded
+`redirect` and `referer` values are no longer silently dropped on login.
diff --git a/.changeset/authproto-docs-and-example.md b/.changeset/authproto-docs-and-example.md
@@ -0,0 +1,12 @@
+---
+"@fujocoded/authproto": patch
+---
+
+Fix custom-redirect / referer state parsing in the OAuth callback. The OAuth client wraps our state under an opaque key in the URL `state` param and returns the original value as `clientCallback.state`, so we now read from there instead of `requestUrl.searchParams.get("state")` — which was always the wrapped value and never parsed as JSON.
+
+Also improve `astro-authproto` README and `02-read-bsky-profile` example:
+
+- Document `session` driver setup and full integration config in install steps.
+- Clarify `applicationDomain` should be the full URL with scheme (e.g. `https://example.com`, or `http://127.0.0.1:4321` locally).
+- Add a "Shipping it" production section.
+- Update the read-profile example to use `getBlueskyAgent` from `@fujocoded/authproto/helpers` instead of constructing `AtpBaseClient` directly, and fix the avatar `alt` to use a JSX expression.
diff --git a/.changeset/authproto-dynamic-dev-port.md b/.changeset/authproto-dynamic-dev-port.md
@@ -0,0 +1,8 @@
+---
+"@fujocoded/authproto": patch
+---
+
+Use Astro's actual dev server port for the OAuth callback URL in development
+instead of always assuming `4321`. If you run `astro dev --port 4322` (or set
+`server.port` in your Astro config), Authproto now points OAuth at the right
+local URL.
diff --git a/astro-atproto-loader/__examples__/03-grouped-reposts/src/live.config.ts b/astro-atproto-loader/__examples__/03-grouped-reposts/src/live.config.ts
@@ -21,11 +21,16 @@ import { defineAtProtoLiveCollection } from "@fujocoded/astro-atproto-loader";
 // Set up validation for schemas via zod
 const BlobRefSchema = z
   .object({
-    ref: z.unknown(),
+    ref: z.union([z.string(), z.object({ $link: z.string() })]).nullish(),
     mimeType: z.string(),
   })
   .transform((blob) => ({
-    cid: blob.ref == null ? undefined : String(blob.ref),
+    cid:
+      blob.ref == null
+        ? undefined
+        : typeof blob.ref === "string"
+          ? blob.ref
+          : blob.ref.$link,
     mimeType: blob.mimeType,
   }));