shithub Public

Watch 1 Fork 0 Star 0

markdown · 5280 bytes Raw Blame History

Changelog

All notable changes to shithub are documented here. This project follows Keep a Changelog conventions and Semantic Versioning.

Pre-1.0 versioning: minor versions may break the API. The stability contract begins at v1.0.0; until then, expect changes between minor releases.

Unreleased

Added

REST API contract (S50 §0). GET /api/v1/meta returns the server's version stamp and a list of feature capability strings for client-side feature detection. Every /api/v1/* response now carries X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, and (when PAT-authenticated) X-OAuth-Scopes. The 403 scope-reject response also carries X-Accepted-OAuth-Scopes. Operators tune the API rate-limit budgets via ratelimit.api.authed_per_hour / ratelimit.api.anon_per_hour (defaults: 5000 / 60).
Pagination helper internal/web/handlers/api/apipage — emits canonical RFC 8288 Link headers (first/prev/next/last) with absolute URLs rooted at the configured public base URL.
REST: user emails (S50 §1). GET /api/v1/user/emails lists the authenticated user's emails. Optional ?verified=true|false filter. Scope: user:read.
REST: user SSH keys (S50 §1). GET/POST /api/v1/user/keys and GET/DELETE /api/v1/user/keys/{id} expose CRUD for git authentication keys. Signing keys are tracked separately by a new kind column on user_ssh_keys and remain on the HTML surface for now. Scopes: user:read for GETs, user:write for mutations.
Capabilities: user-emails, ssh-keys added to /api/v1/meta response.
REST: repos core (S50 §2). GET /api/v1/user/repos, GET /api/v1/users/{username}/repos, GET /api/v1/orgs/{org}/repos, GET /api/v1/repos/{owner}/{repo}, POST /api/v1/user/repos, POST /api/v1/orgs/{org}/repos, PATCH /api/v1/repos/{owner}/{repo} (description, has_issues, has_pulls, archived, visibility), and DELETE /api/v1/repos/{owner}/{repo} (soft-delete). Visibility-aware listing: a user's /users/{u}/repos shows private rows only to that user; an org's /orgs/{o}/repos shows private rows only to members. Single-repo GETs 404 for callers who can't see the row (no existence leak).
Capability: repos added to /api/v1/meta.

Changed

JSON error envelope on /api/v1/*. 401 and 403 responses now emit {"error": "..."} with Content-Type: application/json (previously text/plain). Existing 4xx/5xx responses from the handler bodies are unchanged.

0.1.0 — TBD (operator fills in cutover date)

The first public release of shithub. Pre-1.0: there is no backward-compatibility promise yet. Migrations are forward-only; schema may change between minor versions.

Initial public surface

Identity — signup, email verification, password reset, TOTP 2FA + recovery codes, SSH keys, scoped PATs, sessions with per-account epoch invalidation.
Repositories — create, fork, archive, transfer, soft-delete with grace, rename with redirects, visibility toggles, branch protection, default-branch swap, topics, README/license/ .gitignore templates.
Git — bare repos on disk; HTTPS smart-HTTP push/pull; pre/post-receive hook integration.
Code browsing — tree, blob (chroma syntax highlighting), raw, blame, commit history, individual commit views, branch/tag listings, compare views, file finder.
Issues + PRs — full CRUD; reviews; required-reviewer enforcement; status-check gates; three merge methods.
Social — stars, watches, forks, /explore, stargazer/ watcher lists.
Search — code, repo, user, issue.
Notifications — in-app inbox, email fan-out, one-click unsubscribe.
Orgs + teams — roles, invitations, one-level nesting, max-of-sources policy.
Webhooks — HMAC-signed delivery, exponential backoff, auto-disable, SSRF defense, redelivery UI.
Observability — structured logs, Prometheus metrics, optional OTel tracing, Sentry-protocol error reporting.
Operations — Ansible playbook, systemd units, Caddy edge, WireGuard mesh for monitoring, Postgres WAL archive + daily logical backups to Spaces, cross-region DR, restore drill.
Public landing page on / for anonymous viewers; signed-in viewers get a quick-link dashboard.
Lightweight status page at docs.<host>/status.html.
Cutover artifacts under deploy/cutover/.
Public docs site built with mdBook.
Operator runbooks for incidents, backups, restore, upgrade, rollback, rotate-secrets, rotate-keys, regenerate-akc, drain-workers, read-only-mode, day-one.
a11y tooling (pa11y + axe) and k6 load-test scenarios.
THIRD_PARTY_NOTICES.md with a CI-verified generator.

Known gaps at v0.1.0

SSH git transport (HTTPS only)
Actions / CI runner
Packages, Releases, Pages, Projects, Gists
GraphQL API (only a small REST surface today)
Activity feed UI

These are all on the post-MVP roadmap.

View source

  
        1
        # Changelog
      
        2
        
        3
        All notable changes to shithub are documented here. This project
      
        4
        follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/)
      
        5
        conventions and [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
      
        6
        
        7
        Pre-1.0 versioning: minor versions may break the API. The
      
        8
        stability contract begins at v1.0.0; until then, expect changes
      
        9
        between minor releases.
      
        10
        
        11
        ## [Unreleased]
      
        12
        
        13
        ### Added
      
        14
        
        15
        - **REST API contract (S50 §0).** `GET /api/v1/meta` returns the
      
        16
          server's version stamp and a list of feature capability strings
      
        17
          for client-side feature detection. Every `/api/v1/*` response
      
        18
          now carries `X-RateLimit-Limit`, `X-RateLimit-Remaining`,
      
        19
          `X-RateLimit-Reset`, and (when PAT-authenticated) `X-OAuth-Scopes`.
      
        20
          The 403 scope-reject response also carries
      
        21
          `X-Accepted-OAuth-Scopes`. Operators tune the API rate-limit
      
        22
          budgets via `ratelimit.api.authed_per_hour` /
      
        23
          `ratelimit.api.anon_per_hour` (defaults: 5000 / 60).
      
        24
        - **Pagination helper** `internal/web/handlers/api/apipage` —
      
        25
          emits canonical RFC 8288 Link headers (`first`/`prev`/`next`/`last`)
      
        26
          with absolute URLs rooted at the configured public base URL.
      
        27
        - **REST: user emails (S50 §1).** `GET /api/v1/user/emails` lists
      
        28
          the authenticated user's emails. Optional `?verified=true|false`
      
        29
          filter. Scope: `user:read`.
      
        30
        - **REST: user SSH keys (S50 §1).** `GET/POST /api/v1/user/keys`
      
        31
          and `GET/DELETE /api/v1/user/keys/{id}` expose CRUD for git
      
        32
          authentication keys. Signing keys are tracked separately by a
      
        33
          new `kind` column on `user_ssh_keys` and remain on the HTML
      
        34
          surface for now. Scopes: `user:read` for GETs, `user:write` for
      
        35
          mutations.
      
        36
        - **Capabilities:** `user-emails`, `ssh-keys` added to
      
        37
          `/api/v1/meta` response.
      
        38
        - **REST: repos core (S50 §2).**
      
        39
          `GET /api/v1/user/repos`, `GET /api/v1/users/{username}/repos`,
      
        40
          `GET /api/v1/orgs/{org}/repos`,
      
        41
          `GET /api/v1/repos/{owner}/{repo}`,
      
        42
          `POST /api/v1/user/repos`,
      
        43
          `POST /api/v1/orgs/{org}/repos`,
      
        44
          `PATCH /api/v1/repos/{owner}/{repo}` (description, has_issues,
      
        45
          has_pulls, archived, visibility), and
      
        46
          `DELETE /api/v1/repos/{owner}/{repo}` (soft-delete).
      
        47
          Visibility-aware listing: a user's `/users/{u}/repos` shows
      
        48
          private rows only to that user; an org's `/orgs/{o}/repos`
      
        49
          shows private rows only to members. Single-repo GETs `404`
      
        50
          for callers who can't see the row (no existence leak).
      
        51
        - **Capability:** `repos` added to `/api/v1/meta`.
      
        52
        
        53
        ### Changed
      
        54
        
        55
        - **JSON error envelope on `/api/v1/*`.** `401` and `403`
      
        56
          responses now emit `{"error": "..."}` with
      
        57
          `Content-Type: application/json` (previously `text/plain`).
      
        58
          Existing `4xx`/`5xx` responses from the handler bodies are
      
        59
          unchanged.
      
        60
        
        61
        ## [0.1.0] — TBD (operator fills in cutover date)
      
        62
        
        63
        The first public release of shithub. Pre-1.0: there is no
      
        64
        backward-compatibility promise yet. Migrations are forward-only;
      
        65
        schema may change between minor versions.
      
        66
        
        67
        ### Initial public surface
      
        68
        
        69
        - **Identity** — signup, email verification, password reset, TOTP
      
        70
          2FA + recovery codes, SSH keys, scoped PATs, sessions with
      
        71
          per-account epoch invalidation.
      
        72
        - **Repositories** — create, fork, archive, transfer, soft-delete
      
        73
          with grace, rename with redirects, visibility toggles, branch
      
        74
          protection, default-branch swap, topics, README/license/
      
        75
          .gitignore templates.
      
        76
        - **Git** — bare repos on disk; HTTPS smart-HTTP push/pull;
      
        77
          pre/post-receive hook integration.
      
        78
        - **Code browsing** — tree, blob (chroma syntax highlighting),
      
        79
          raw, blame, commit history, individual commit views, branch/tag
      
        80
          listings, compare views, file finder.
      
        81
        - **Issues + PRs** — full CRUD; reviews; required-reviewer
      
        82
          enforcement; status-check gates; three merge methods.
      
        83
        - **Social** — stars, watches, forks, `/explore`, stargazer/
      
        84
          watcher lists.
      
        85
        - **Search** — code, repo, user, issue.
      
        86
        - **Notifications** — in-app inbox, email fan-out, one-click
      
        87
          unsubscribe.
      
        88
        - **Orgs + teams** — roles, invitations, one-level nesting,
      
        89
          max-of-sources policy.
      
        90
        - **Webhooks** — HMAC-signed delivery, exponential backoff,
      
        91
          auto-disable, SSRF defense, redelivery UI.
      
        92
        - **Observability** — structured logs, Prometheus metrics,
      
        93
          optional OTel tracing, Sentry-protocol error reporting.
      
        94
        - **Operations** — Ansible playbook, systemd units, Caddy edge,
      
        95
          WireGuard mesh for monitoring, Postgres WAL archive + daily
      
        96
          logical backups to Spaces, cross-region DR, restore drill.
      
        97
        - **Public landing page** on `/` for anonymous viewers; signed-in
      
        98
          viewers get a quick-link dashboard.
      
        99
        - **Lightweight status page** at `docs.<host>/status.html`.
      
        100
        - **Cutover artifacts** under `deploy/cutover/`.
      
        101
        - **Public docs site** built with mdBook.
      
        102
        - **Operator runbooks** for incidents, backups, restore, upgrade,
      
        103
          rollback, rotate-secrets, rotate-keys, regenerate-akc,
      
        104
          drain-workers, read-only-mode, day-one.
      
        105
        - **a11y tooling** (pa11y + axe) and **k6 load-test scenarios**.
      
        106
        - **THIRD_PARTY_NOTICES.md** with a CI-verified generator.
      
        107
        
        108
        ### Known gaps at v0.1.0
      
        109
        
        110
        - SSH git transport (HTTPS only)
      
        111
        - Actions / CI runner
      
        112
        - Packages, Releases, Pages, Projects, Gists
      
        113
        - GraphQL API (only a small REST surface today)
      
        114
        - Activity feed UI
      
        115
        
        116
        These are all on the post-MVP roadmap.
      
        117
        
        118
        [Unreleased]: https://shithub.sh/shithub/shithub/compare/v0.1.0...trunk
      
        119
        [0.1.0]: https://shithub.sh/shithub/shithub/releases/tag/v0.1.0

1	# Changelog
2
3	All notable changes to shithub are documented here. This project
4	follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/)
5	conventions and [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
6
7	Pre-1.0 versioning: minor versions may break the API. The
8	stability contract begins at v1.0.0; until then, expect changes
9	between minor releases.
10
11	## [Unreleased]
12
13	### Added
14
15	- REST API contract (S50 §0). `GET /api/v1/meta` returns the
16	server's version stamp and a list of feature capability strings
17	for client-side feature detection. Every `/api/v1/*` response
18	now carries `X-RateLimit-Limit`, `X-RateLimit-Remaining`,
19	`X-RateLimit-Reset`, and (when PAT-authenticated) `X-OAuth-Scopes`.
20	The 403 scope-reject response also carries
21	`X-Accepted-OAuth-Scopes`. Operators tune the API rate-limit
22	budgets via `ratelimit.api.authed_per_hour` /
23	`ratelimit.api.anon_per_hour` (defaults: 5000 / 60).
24	- Pagination helper `internal/web/handlers/api/apipage` —
25	emits canonical RFC 8288 Link headers (`first`/`prev`/`next`/`last`)
26	with absolute URLs rooted at the configured public base URL.
27	- REST: user emails (S50 §1). `GET /api/v1/user/emails` lists
28	the authenticated user's emails. Optional `?verified=true\|false`
29	filter. Scope: `user:read`.
30	- REST: user SSH keys (S50 §1). `GET/POST /api/v1/user/keys`
31	and `GET/DELETE /api/v1/user/keys/{id}` expose CRUD for git
32	authentication keys. Signing keys are tracked separately by a
33	new `kind` column on `user_ssh_keys` and remain on the HTML
34	surface for now. Scopes: `user:read` for GETs, `user:write` for
35	mutations.
36	- Capabilities: `user-emails`, `ssh-keys` added to
37	`/api/v1/meta` response.
38	- REST: repos core (S50 §2).
39	`GET /api/v1/user/repos`, `GET /api/v1/users/{username}/repos`,
40	`GET /api/v1/orgs/{org}/repos`,
41	`GET /api/v1/repos/{owner}/{repo}`,
42	`POST /api/v1/user/repos`,
43	`POST /api/v1/orgs/{org}/repos`,
44	`PATCH /api/v1/repos/{owner}/{repo}` (description, has_issues,
45	has_pulls, archived, visibility), and
46	`DELETE /api/v1/repos/{owner}/{repo}` (soft-delete).
47	Visibility-aware listing: a user's `/users/{u}/repos` shows
48	private rows only to that user; an org's `/orgs/{o}/repos`
49	shows private rows only to members. Single-repo GETs `404`
50	for callers who can't see the row (no existence leak).
51	- Capability: `repos` added to `/api/v1/meta`.
52
53	### Changed
54
55	- *JSON error envelope on `/api/v1/`.** `401` and `403`
56	responses now emit `{"error": "..."}` with
57	`Content-Type: application/json` (previously `text/plain`).
58	Existing `4xx`/`5xx` responses from the handler bodies are
59	unchanged.
60
61	## [0.1.0] — TBD (operator fills in cutover date)
62
63	The first public release of shithub. Pre-1.0: there is no
64	backward-compatibility promise yet. Migrations are forward-only;
65	schema may change between minor versions.
66
67	### Initial public surface
68
69	- Identity — signup, email verification, password reset, TOTP
70	2FA + recovery codes, SSH keys, scoped PATs, sessions with
71	per-account epoch invalidation.
72	- Repositories — create, fork, archive, transfer, soft-delete
73	with grace, rename with redirects, visibility toggles, branch
74	protection, default-branch swap, topics, README/license/
75	.gitignore templates.
76	- Git — bare repos on disk; HTTPS smart-HTTP push/pull;
77	pre/post-receive hook integration.
78	- Code browsing — tree, blob (chroma syntax highlighting),
79	raw, blame, commit history, individual commit views, branch/tag
80	listings, compare views, file finder.
81	- Issues + PRs — full CRUD; reviews; required-reviewer
82	enforcement; status-check gates; three merge methods.
83	- Social — stars, watches, forks, `/explore`, stargazer/
84	watcher lists.
85	- Search — code, repo, user, issue.
86	- Notifications — in-app inbox, email fan-out, one-click
87	unsubscribe.
88	- Orgs + teams — roles, invitations, one-level nesting,
89	max-of-sources policy.
90	- Webhooks — HMAC-signed delivery, exponential backoff,
91	auto-disable, SSRF defense, redelivery UI.
92	- Observability — structured logs, Prometheus metrics,
93	optional OTel tracing, Sentry-protocol error reporting.
94	- Operations — Ansible playbook, systemd units, Caddy edge,
95	WireGuard mesh for monitoring, Postgres WAL archive + daily
96	logical backups to Spaces, cross-region DR, restore drill.
97	- Public landing page on `/` for anonymous viewers; signed-in
98	viewers get a quick-link dashboard.
99	- Lightweight status page at `docs.<host>/status.html`.
100	- Cutover artifacts under `deploy/cutover/`.
101	- Public docs site built with mdBook.
102	- Operator runbooks for incidents, backups, restore, upgrade,
103	rollback, rotate-secrets, rotate-keys, regenerate-akc,
104	drain-workers, read-only-mode, day-one.
105	- a11y tooling (pa11y + axe) and k6 load-test scenarios.
106	- THIRD_PARTY_NOTICES.md with a CI-verified generator.
107
108	### Known gaps at v0.1.0
109
110	- SSH git transport (HTTPS only)
111	- Actions / CI runner
112	- Packages, Releases, Pages, Projects, Gists
113	- GraphQL API (only a small REST surface today)
114	- Activity feed UI
115
116	These are all on the post-MVP roadmap.
117
118	[Unreleased]: https://shithub.sh/shithub/shithub/compare/v0.1.0...trunk
119	[0.1.0]: https://shithub.sh/shithub/shithub/releases/tag/v0.1.0