shithub Public

Watch 1 Fork 0 Star 0
markdown · 7155 bytes Raw Blame History

Changelog

All notable changes to shithub are documented here. This project follows Keep a Changelog conventions and Semantic Versioning.

Pre-1.0 versioning: minor versions may break the API. The stability contract begins at v1.0.0; until then, expect changes between minor releases.

Unreleased

Added

  • REST API contract (S50 §0). GET /api/v1/meta returns the server's version stamp and a list of feature capability strings for client-side feature detection. Every /api/v1/* response now carries X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, and (when PAT-authenticated) X-OAuth-Scopes. The 403 scope-reject response also carries X-Accepted-OAuth-Scopes. Operators tune the API rate-limit budgets via ratelimit.api.authed_per_hour / ratelimit.api.anon_per_hour (defaults: 5000 / 60).
  • Pagination helper internal/web/handlers/api/apipage — emits canonical RFC 8288 Link headers (first/prev/next/last) with absolute URLs rooted at the configured public base URL.
  • REST: user emails (S50 §1). GET /api/v1/user/emails lists the authenticated user's emails. Optional ?verified=true|false filter. Scope: user:read.
  • REST: user SSH keys (S50 §1). GET/POST /api/v1/user/keys and GET/DELETE /api/v1/user/keys/{id} expose CRUD for git authentication keys. Signing keys are tracked separately by a new kind column on user_ssh_keys and remain on the HTML surface for now. Scopes: user:read for GETs, user:write for mutations.
  • Capabilities: user-emails, ssh-keys added to /api/v1/meta response.
  • REST: repos core (S50 §2). GET /api/v1/user/repos, GET /api/v1/users/{username}/repos, GET /api/v1/orgs/{org}/repos, GET /api/v1/repos/{owner}/{repo}, POST /api/v1/user/repos, POST /api/v1/orgs/{org}/repos, PATCH /api/v1/repos/{owner}/{repo} (description, has_issues, has_pulls, archived, visibility), and DELETE /api/v1/repos/{owner}/{repo} (soft-delete). Visibility-aware listing: a user's /users/{u}/repos shows private rows only to that user; an org's /orgs/{o}/repos shows private rows only to members. Single-repo GETs 404 for callers who can't see the row (no existence leak).
  • Capability: repos added to /api/v1/meta.
  • REST: issues + comments + lock (S50 §3). GET /api/v1/repos/{o}/{r}/issues (with ?state= filter and Link:-header pagination), GET /api/v1/repos/{o}/{r}/issues/{number}, POST /api/v1/repos/{o}/{r}/issues, PATCH /api/v1/repos/{o}/{r}/issues/{number} (title/body author-gated, state/state_reason policy-gated), GET / POST /api/v1/repos/{o}/{r}/issues/{number}/comments, PATCH / DELETE /api/v1/repos/{o}/{r}/issues/comments/{cid}, PUT / DELETE /api/v1/repos/{o}/{r}/issues/{number}/lock.
  • REST: repo labels (S50 §3). GET / POST /api/v1/repos/{o}/{r}/labels and GET / PATCH / DELETE /api/v1/repos/{o}/{r}/labels/{name}.
  • Capabilities: issues, labels added to /api/v1/meta.
  • Reach: internal/web/handlers/api.resolveAPIRepo now resolves both user-owner and org-owner repos — check-runs and every later batch implicitly gain org-repo support.

Added (internal)

  • REST: pull requests core (S50 §4). GET /api/v1/repos/{o}/{r}/pulls with ?state= and ?draft= filters, GET /api/v1/repos/{o}/{r}/pulls/{number}, POST /api/v1/repos/{o}/{r}/pulls, PATCH /api/v1/repos/{o}/{r}/pulls/{number} (title/body author-gated, state via ActionPullClose, draft→ready author-only), GET /api/v1/repos/{o}/{r}/pulls/{number}/commits, GET /api/v1/repos/{o}/{r}/pulls/{number}/files, PUT /api/v1/repos/{o}/{r}/pulls/{number}/merge (honoring the repo's default merge method and the optional sha head guard). Reviews + comments + reviewers + update-branch + auto-merge land in a follow-up.
  • Capability: pulls added to /api/v1/meta.

Added (internal)

  • issues.Edit orchestrator wraps UpdateIssueTitleBody with markdown re-render + cross-reference re-indexing. Used by the new PATCH-issue endpoint; available for the HTML edit flow when it lands.

Changed

  • JSON error envelope on /api/v1/*. 401 and 403 responses now emit {"error": "..."} with Content-Type: application/json (previously text/plain). Existing 4xx/5xx responses from the handler bodies are unchanged.

0.1.0 — TBD (operator fills in cutover date)

The first public release of shithub. Pre-1.0: there is no backward-compatibility promise yet. Migrations are forward-only; schema may change between minor versions.

Initial public surface

  • Identity — signup, email verification, password reset, TOTP 2FA + recovery codes, SSH keys, scoped PATs, sessions with per-account epoch invalidation.
  • Repositories — create, fork, archive, transfer, soft-delete with grace, rename with redirects, visibility toggles, branch protection, default-branch swap, topics, README/license/ .gitignore templates.
  • Git — bare repos on disk; HTTPS smart-HTTP push/pull; pre/post-receive hook integration.
  • Code browsing — tree, blob (chroma syntax highlighting), raw, blame, commit history, individual commit views, branch/tag listings, compare views, file finder.
  • Issues + PRs — full CRUD; reviews; required-reviewer enforcement; status-check gates; three merge methods.
  • Social — stars, watches, forks, /explore, stargazer/ watcher lists.
  • Search — code, repo, user, issue.
  • Notifications — in-app inbox, email fan-out, one-click unsubscribe.
  • Orgs + teams — roles, invitations, one-level nesting, max-of-sources policy.
  • Webhooks — HMAC-signed delivery, exponential backoff, auto-disable, SSRF defense, redelivery UI.
  • Observability — structured logs, Prometheus metrics, optional OTel tracing, Sentry-protocol error reporting.
  • Operations — Ansible playbook, systemd units, Caddy edge, WireGuard mesh for monitoring, Postgres WAL archive + daily logical backups to Spaces, cross-region DR, restore drill.
  • Public landing page on / for anonymous viewers; signed-in viewers get a quick-link dashboard.
  • Lightweight status page at docs.<host>/status.html.
  • Cutover artifacts under deploy/cutover/.
  • Public docs site built with mdBook.
  • Operator runbooks for incidents, backups, restore, upgrade, rollback, rotate-secrets, rotate-keys, regenerate-akc, drain-workers, read-only-mode, day-one.
  • a11y tooling (pa11y + axe) and k6 load-test scenarios.
  • THIRD_PARTY_NOTICES.md with a CI-verified generator.

Known gaps at v0.1.0

  • SSH git transport (HTTPS only)
  • Actions / CI runner
  • Packages, Releases, Pages, Projects, Gists
  • GraphQL API (only a small REST surface today)
  • Activity feed UI

These are all on the post-MVP roadmap.

View source
1 # Changelog
2
3 All notable changes to shithub are documented here. This project
4 follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/)
5 conventions and [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
6
7 Pre-1.0 versioning: minor versions may break the API. The
8 stability contract begins at v1.0.0; until then, expect changes
9 between minor releases.
10
11 ## [Unreleased]
12
13 ### Added
14
15 - **REST API contract (S50 §0).** `GET /api/v1/meta` returns the
16 server's version stamp and a list of feature capability strings
17 for client-side feature detection. Every `/api/v1/*` response
18 now carries `X-RateLimit-Limit`, `X-RateLimit-Remaining`,
19 `X-RateLimit-Reset`, and (when PAT-authenticated) `X-OAuth-Scopes`.
20 The 403 scope-reject response also carries
21 `X-Accepted-OAuth-Scopes`. Operators tune the API rate-limit
22 budgets via `ratelimit.api.authed_per_hour` /
23 `ratelimit.api.anon_per_hour` (defaults: 5000 / 60).
24 - **Pagination helper** `internal/web/handlers/api/apipage`
25 emits canonical RFC 8288 Link headers (`first`/`prev`/`next`/`last`)
26 with absolute URLs rooted at the configured public base URL.
27 - **REST: user emails (S50 §1).** `GET /api/v1/user/emails` lists
28 the authenticated user's emails. Optional `?verified=true|false`
29 filter. Scope: `user:read`.
30 - **REST: user SSH keys (S50 §1).** `GET/POST /api/v1/user/keys`
31 and `GET/DELETE /api/v1/user/keys/{id}` expose CRUD for git
32 authentication keys. Signing keys are tracked separately by a
33 new `kind` column on `user_ssh_keys` and remain on the HTML
34 surface for now. Scopes: `user:read` for GETs, `user:write` for
35 mutations.
36 - **Capabilities:** `user-emails`, `ssh-keys` added to
37 `/api/v1/meta` response.
38 - **REST: repos core (S50 §2).**
39 `GET /api/v1/user/repos`, `GET /api/v1/users/{username}/repos`,
40 `GET /api/v1/orgs/{org}/repos`,
41 `GET /api/v1/repos/{owner}/{repo}`,
42 `POST /api/v1/user/repos`,
43 `POST /api/v1/orgs/{org}/repos`,
44 `PATCH /api/v1/repos/{owner}/{repo}` (description, has_issues,
45 has_pulls, archived, visibility), and
46 `DELETE /api/v1/repos/{owner}/{repo}` (soft-delete).
47 Visibility-aware listing: a user's `/users/{u}/repos` shows
48 private rows only to that user; an org's `/orgs/{o}/repos`
49 shows private rows only to members. Single-repo GETs `404`
50 for callers who can't see the row (no existence leak).
51 - **Capability:** `repos` added to `/api/v1/meta`.
52 - **REST: issues + comments + lock (S50 §3).**
53 `GET /api/v1/repos/{o}/{r}/issues` (with `?state=` filter and
54 `Link:`-header pagination),
55 `GET /api/v1/repos/{o}/{r}/issues/{number}`,
56 `POST /api/v1/repos/{o}/{r}/issues`,
57 `PATCH /api/v1/repos/{o}/{r}/issues/{number}` (title/body
58 author-gated, state/state_reason policy-gated),
59 `GET / POST /api/v1/repos/{o}/{r}/issues/{number}/comments`,
60 `PATCH / DELETE /api/v1/repos/{o}/{r}/issues/comments/{cid}`,
61 `PUT / DELETE /api/v1/repos/{o}/{r}/issues/{number}/lock`.
62 - **REST: repo labels (S50 §3).**
63 `GET / POST /api/v1/repos/{o}/{r}/labels` and
64 `GET / PATCH / DELETE /api/v1/repos/{o}/{r}/labels/{name}`.
65 - **Capabilities:** `issues`, `labels` added to `/api/v1/meta`.
66 - **Reach:** `internal/web/handlers/api.resolveAPIRepo` now
67 resolves both user-owner and org-owner repos — check-runs and
68 every later batch implicitly gain org-repo support.
69
70 ### Added (internal)
71
72 - **REST: pull requests core (S50 §4).**
73 `GET /api/v1/repos/{o}/{r}/pulls` with `?state=` and `?draft=`
74 filters,
75 `GET /api/v1/repos/{o}/{r}/pulls/{number}`,
76 `POST /api/v1/repos/{o}/{r}/pulls`,
77 `PATCH /api/v1/repos/{o}/{r}/pulls/{number}` (title/body
78 author-gated, state via `ActionPullClose`, draft→ready
79 author-only),
80 `GET /api/v1/repos/{o}/{r}/pulls/{number}/commits`,
81 `GET /api/v1/repos/{o}/{r}/pulls/{number}/files`,
82 `PUT /api/v1/repos/{o}/{r}/pulls/{number}/merge` (honoring
83 the repo's default merge method and the optional `sha`
84 head guard). Reviews + comments + reviewers + update-branch +
85 auto-merge land in a follow-up.
86 - **Capability:** `pulls` added to `/api/v1/meta`.
87
88 ### Added (internal)
89
90 - `issues.Edit` orchestrator wraps `UpdateIssueTitleBody` with
91 markdown re-render + cross-reference re-indexing. Used by the
92 new PATCH-issue endpoint; available for the HTML edit flow when
93 it lands.
94
95 ### Changed
96
97 - **JSON error envelope on `/api/v1/*`.** `401` and `403`
98 responses now emit `{"error": "..."}` with
99 `Content-Type: application/json` (previously `text/plain`).
100 Existing `4xx`/`5xx` responses from the handler bodies are
101 unchanged.
102
103 ## [0.1.0] — TBD (operator fills in cutover date)
104
105 The first public release of shithub. Pre-1.0: there is no
106 backward-compatibility promise yet. Migrations are forward-only;
107 schema may change between minor versions.
108
109 ### Initial public surface
110
111 - **Identity** — signup, email verification, password reset, TOTP
112 2FA + recovery codes, SSH keys, scoped PATs, sessions with
113 per-account epoch invalidation.
114 - **Repositories** — create, fork, archive, transfer, soft-delete
115 with grace, rename with redirects, visibility toggles, branch
116 protection, default-branch swap, topics, README/license/
117 .gitignore templates.
118 - **Git** — bare repos on disk; HTTPS smart-HTTP push/pull;
119 pre/post-receive hook integration.
120 - **Code browsing** — tree, blob (chroma syntax highlighting),
121 raw, blame, commit history, individual commit views, branch/tag
122 listings, compare views, file finder.
123 - **Issues + PRs** — full CRUD; reviews; required-reviewer
124 enforcement; status-check gates; three merge methods.
125 - **Social** — stars, watches, forks, `/explore`, stargazer/
126 watcher lists.
127 - **Search** — code, repo, user, issue.
128 - **Notifications** — in-app inbox, email fan-out, one-click
129 unsubscribe.
130 - **Orgs + teams** — roles, invitations, one-level nesting,
131 max-of-sources policy.
132 - **Webhooks** — HMAC-signed delivery, exponential backoff,
133 auto-disable, SSRF defense, redelivery UI.
134 - **Observability** — structured logs, Prometheus metrics,
135 optional OTel tracing, Sentry-protocol error reporting.
136 - **Operations** — Ansible playbook, systemd units, Caddy edge,
137 WireGuard mesh for monitoring, Postgres WAL archive + daily
138 logical backups to Spaces, cross-region DR, restore drill.
139 - **Public landing page** on `/` for anonymous viewers; signed-in
140 viewers get a quick-link dashboard.
141 - **Lightweight status page** at `docs.<host>/status.html`.
142 - **Cutover artifacts** under `deploy/cutover/`.
143 - **Public docs site** built with mdBook.
144 - **Operator runbooks** for incidents, backups, restore, upgrade,
145 rollback, rotate-secrets, rotate-keys, regenerate-akc,
146 drain-workers, read-only-mode, day-one.
147 - **a11y tooling** (pa11y + axe) and **k6 load-test scenarios**.
148 - **THIRD_PARTY_NOTICES.md** with a CI-verified generator.
149
150 ### Known gaps at v0.1.0
151
152 - SSH git transport (HTTPS only)
153 - Actions / CI runner
154 - Packages, Releases, Pages, Projects, Gists
155 - GraphQL API (only a small REST surface today)
156 - Activity feed UI
157
158 These are all on the post-MVP roadmap.
159
160 [Unreleased]: https://shithub.sh/shithub/shithub/compare/v0.1.0...trunk
161 [0.1.0]: https://shithub.sh/shithub/shithub/releases/tag/v0.1.0