@getcirrus/pds@0.5.0

Minor Changes

• #81 688d141 Thanks @ascorbic! - Raise blob size limit from 5MB to 60MB

Patch Changes

• Updated dependencies [e5507d1]:
  • @getcirrus/oauth-provider@0.2.1

@getcirrus/oauth-provider@0.2.1

Patch Changes

• #82 e5507d1 Thanks @ascorbic! - Fix support for confidential OAuth clients with remote JWKS (like leaflet.pub):
  • Accept issuer URL as valid JWT audience (not just token endpoint)
  • Invalidate stale cache entries missing tokenEndpointAuthMethod

@getcirrus/pds@0.4.1

Patch Changes

• #77 2ea70ce Thanks @ascorbic! - Add /oauth/userinfo endpoint

  Returns the user's DID (sub) and handle (preferred_username) for OpenID Connect compatibility.

• Updated dependencies [2ea70ce]:

  • @getcirrus/oauth-provider@0.2.0

@getcirrus/pds@0.4.0

Minor Changes

• #74 0d4813e Thanks @ascorbic! - Add pre-activation checks and emit-identity command

  activate command improvements:

  • Run identity checks before activation (handle resolution, DID document, repo status)
  • Display clear results table with pass/fail status
  • Require confirmation if checks fail (skip with --yes)
  • Verify activation succeeded after calling the endpoint
  • Offer to emit identity event if all checks passed
  • Add --yes / -y flag to skip confirmation prompts

  deactivate command improvements:

  • Run identity checks to inform user of current state before deactivating
  • Add --yes / -y flag to skip confirmation prompts

  New emit-identity command:

  • Standalone pds emit-identity command to notify relays to refresh handle verification
  • Useful after migration or handle changes

  Internal changes:

  • Moved emit identity endpoint from /admin/emit-identity to XRPC namespace gg.mk.experimental.emitIdentityEvent

Patch Changes

• #67 a633fb7 Thanks @JackDallas! - Create user's bsky profile as part of the activate script

• #76 d6c2eb5 Thanks @ascorbic! - Add relay status check to pds status command

  • Added getRelayHostStatus method to PDSClient that calls com.atproto.sync.getHostStatus on the relay
  • Status command now shows relay status (active/idle/offline/throttled/banned) and account count
  • Shows relay seq number when available
  • Suggests running emit-identity or requesting crawl when relay shows idle/offline

@getcirrus/oauth-provider@0.2.0

Minor Changes

• #77 2ea70ce Thanks @ascorbic! - Add private_key_jwt client authentication and fix response_mode default
  • Implement RFC 7523 JWT Bearer client authentication for confidential OAuth clients
  • Add private_key_jwt to token_endpoint_auth_methods_supported in metadata
  • Support inline JWKS and remote JWKS URI for client public keys
  • Fix default response_mode from fragment to query for authorization code flow
  • Add userinfo_endpoint to OAuth server metadata

@getcirrus/pds@0.3.1

Patch Changes

• #71 a696032 Thanks @ascorbic! - Fix foreign DID requests returning 404 for repo endpoints

  Previously, getRecord, listRecords, and describeRepo returned 404 when the requested repo DID didn't match the local PDS DID. Now these endpoints proxy foreign DID requests to the Bluesky AppView, enabling clients to fetch records from other users' repositories.

@getcirrus/pds@0.3.0

Minor Changes

• #57 20ca34d Thanks @ascorbic! - Add pds status CLI command for comprehensive PDS health and configuration checks

  • Enhanced /xrpc/_health endpoint to verify Durable Object and SQLite storage health
  • New pds status command checks connectivity, repository state, identity resolution, blob import progress, federation status, and account activation
  • Shows DID resolution method (plc.directory or well-known) and handle verification method (DNS TXT and/or HTTP well-known)
  • Added authenticated /xrpc/gg.mk.experimental.getFirehoseStatus endpoint for firehose subscriber info

• #62 af0fde8 Thanks @ascorbic! - Ping the Bluesky relay on account activation. The pds activate command now calls com.atproto.sync.requestCrawl on bsky.network to notify the relay that the PDS is ready for federation. If the account is already active, running pds activate again will offer to retry notifying the relay.

Patch Changes

• #56 fed94a4 Thanks @JackDallas! - Add custom domain routing to pds init - sets up routes with custom_domain: true so wrangler deploy configures DNS automatically

• #65 30910f7 Thanks @ascorbic! - Switch to atcute for most internal protocol handling

• #68 a537cc6 Thanks @ascorbic! - fix: correctly encode identity events

• #56 fed94a4 Thanks @JackDallas! - Add multi-account selection to pds init - detects multiple Cloudflare accounts via wrangler whoami and prompts user to select one

• #58 adedb2b Thanks @ascorbic! - Respect user's package manager choice in CLI commands. All CLI commands (init, migrate, activate, deactivate) now detect and use the user's package manager consistently. Changed wrangler deploy references to use the appropriate package manager command (e.g., pnpm run deploy).

• Updated dependencies [95ffff6, 30910f7]:

  • @getcirrus/oauth-provider@0.1.3

@getcirrus/oauth-provider@0.1.3

Patch Changes

• #63 95ffff6 Thanks @ascorbic! - Fix CSP blocking OAuth authorization flow in Chrome

  Remove form-action from CSP due to inconsistent browser behavior with redirects. Chrome blocks redirects after form submission if the redirect URL isn't in form-action, while Firefox does not. Since OAuth requires redirecting to the client's callback URL after consent, form-action cannot be used without breaking the flow in Chrome.

• #65 30910f7 Thanks @ascorbic! - Switch to atcute for most internal protocol handling

create-pds@0.0.8

Patch Changes

• #51 a2aea3a Thanks @ascorbic! - Don't attempt to run init if dependencies haven't been installed

create-pds@0.0.7

Patch Changes

• #47 b4de6fa Thanks @ascorbic! - Rename to Cirrus