Skip to content

Commit 68f44e6

Browse files
github-actions[bot]github-actions[bot]
committed
ci: release
1 parent c560f2e commit 68f44e6

6 files changed

Lines changed: 15 additions & 21 deletions

File tree

.changeset/create-report-proxy.md

Lines changed: 0 additions & 5 deletions
This file was deleted.

.changeset/getfeed-service-auth-aud.md

Lines changed: 0 additions & 5 deletions
This file was deleted.

.changeset/proxy-rpc-scope-audience.md

Lines changed: 0 additions & 5 deletions
This file was deleted.

.changeset/submit-plc-operation.md

Lines changed: 0 additions & 5 deletions
This file was deleted.

packages/pds/CHANGELOG.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,19 @@
11
# @getcirrus/pds
22

3+
## 0.18.0
4+
5+
### Minor Changes
6+
7+
- [#196](https://github.com/ascorbic/cirrus/pull/196) [`c560f2e`](https://github.com/ascorbic/cirrus/commit/c560f2e666a97bba305806c5d98e49bcbd88d47c) Thanks [@ascorbic](https://github.com/ascorbic)! - Proxy `com.atproto.moderation.createReport` so the Bluesky app's "Report" button works. Reports default to Bluesky's moderation service (`did:plc:ar7c4by46qjdydhdevvrndac#atproto_labeler`) with a service-auth JWT addressed to that labeler. Clients can override the target by setting the `atproto-proxy` header to a different labeler's `did#service_id`, in which case the request is routed to the resolved endpoint and the JWT is addressed there instead. Previously these reports fell through to the generic AppView proxy and were silently rejected.
8+
9+
- [#195](https://github.com/ascorbic/cirrus/pull/195) [`3008f88`](https://github.com/ascorbic/cirrus/commit/3008f88982269eaa655b6a726c163260a3320756) Thanks [@ascorbic](https://github.com/ascorbic)! - Implement `com.atproto.identity.submitPlcOperation`. The endpoint forwards an already-signed PLC operation to `plc.directory` on the user's behalf, so migration clients can complete an outbound move without talking to the PLC directory themselves. Pairs with the existing `com.atproto.identity.signPlcOperation` to match the reference PDS migration flow.
10+
11+
### Patch Changes
12+
13+
- [#193](https://github.com/ascorbic/cirrus/pull/193) [`be57325`](https://github.com/ascorbic/cirrus/commit/be57325cde6cf0ccd5f6d5b900777da81e6b3c46) Thanks [@ascorbic](https://github.com/ascorbic)! - Address the service-auth JWT for `app.bsky.feed.getFeed` to the feed generator rather than the AppView. The token is now stamped with `aud` set to the generator's service DID (resolved from the feed record) and `lxm` set to `app.bsky.feed.getFeedSkeleton`, matching the reference PDS implementation. Previously the token carried `aud: did:web:api.bsky.app`, so generators that validate the audience (such as the Bluesky "For You" feed) rejected it and ran in a degraded, stateless mode — feeds appeared stuck because per-user "seen" state was never recorded. If the feed record can't be resolved, the request falls back to ordinary AppView proxying so the feed still loads.
14+
15+
- [#193](https://github.com/ascorbic/cirrus/pull/193) [`be57325`](https://github.com/ascorbic/cirrus/commit/be57325cde6cf0ccd5f6d5b900777da81e6b3c46) Thanks [@ascorbic](https://github.com/ascorbic)! - Fix OAuth scope checking when proxying XRPC requests. Granular `rpc:` scopes are granted against the full `did#service_id` audience, but the proxy was checking them against the bare DID, so any granular (non-`aud=*`) scope was rejected. Proxied requests now check scope against the full service audience, while the outbound service-auth JWT continues to use the bare DID.
16+
317
## 0.17.1
418

519
### Patch Changes

packages/pds/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@getcirrus/pds",
3-
"version": "0.17.1",
3+
"version": "0.18.0",
44
"description": "Cirrus – A single-user AT Protocol PDS on Cloudflare Workers",
55
"type": "module",
66
"main": "dist/index.js",

0 commit comments

Comments
 (0)