shithub Public

Watch 1 Fork 0 Star 0

markdown · 4013 bytes Raw Blame History

Changelog

All notable changes to shithub are documented here. This project follows Keep a Changelog conventions and Semantic Versioning.

Pre-1.0 versioning: minor versions may break the API. The stability contract begins at v1.0.0; until then, expect changes between minor releases.

Unreleased

Added

REST API contract (S50 §0). GET /api/v1/meta returns the server's version stamp and a list of feature capability strings for client-side feature detection. Every /api/v1/* response now carries X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, and (when PAT-authenticated) X-OAuth-Scopes. The 403 scope-reject response also carries X-Accepted-OAuth-Scopes. Operators tune the API rate-limit budgets via ratelimit.api.authed_per_hour / ratelimit.api.anon_per_hour (defaults: 5000 / 60).
Pagination helper internal/web/handlers/api/apipage — emits canonical RFC 8288 Link headers (first/prev/next/last) with absolute URLs rooted at the configured public base URL.

Changed

JSON error envelope on /api/v1/*. 401 and 403 responses now emit {"error": "..."} with Content-Type: application/json (previously text/plain). Existing 4xx/5xx responses from the handler bodies are unchanged.

0.1.0 — TBD (operator fills in cutover date)

The first public release of shithub. Pre-1.0: there is no backward-compatibility promise yet. Migrations are forward-only; schema may change between minor versions.

Initial public surface

Identity — signup, email verification, password reset, TOTP 2FA + recovery codes, SSH keys, scoped PATs, sessions with per-account epoch invalidation.
Repositories — create, fork, archive, transfer, soft-delete with grace, rename with redirects, visibility toggles, branch protection, default-branch swap, topics, README/license/ .gitignore templates.
Git — bare repos on disk; HTTPS smart-HTTP push/pull; pre/post-receive hook integration.
Code browsing — tree, blob (chroma syntax highlighting), raw, blame, commit history, individual commit views, branch/tag listings, compare views, file finder.
Issues + PRs — full CRUD; reviews; required-reviewer enforcement; status-check gates; three merge methods.
Social — stars, watches, forks, /explore, stargazer/ watcher lists.
Search — code, repo, user, issue.
Notifications — in-app inbox, email fan-out, one-click unsubscribe.
Orgs + teams — roles, invitations, one-level nesting, max-of-sources policy.
Webhooks — HMAC-signed delivery, exponential backoff, auto-disable, SSRF defense, redelivery UI.
Observability — structured logs, Prometheus metrics, optional OTel tracing, Sentry-protocol error reporting.
Operations — Ansible playbook, systemd units, Caddy edge, WireGuard mesh for monitoring, Postgres WAL archive + daily logical backups to Spaces, cross-region DR, restore drill.
Public landing page on / for anonymous viewers; signed-in viewers get a quick-link dashboard.
Lightweight status page at docs.<host>/status.html.
Cutover artifacts under deploy/cutover/.
Public docs site built with mdBook.
Operator runbooks for incidents, backups, restore, upgrade, rollback, rotate-secrets, rotate-keys, regenerate-akc, drain-workers, read-only-mode, day-one.
a11y tooling (pa11y + axe) and k6 load-test scenarios.
THIRD_PARTY_NOTICES.md with a CI-verified generator.

Known gaps at v0.1.0

SSH git transport (HTTPS only)
Actions / CI runner
Packages, Releases, Pages, Projects, Gists
GraphQL API (only a small REST surface today)
Activity feed UI

These are all on the post-MVP roadmap.

View source

  
        1
        # Changelog
      
        2
        
        3
        All notable changes to shithub are documented here. This project
      
        4
        follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/)
      
        5
        conventions and [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
      
        6
        
        7
        Pre-1.0 versioning: minor versions may break the API. The
      
        8
        stability contract begins at v1.0.0; until then, expect changes
      
        9
        between minor releases.
      
        10
        
        11
        ## [Unreleased]
      
        12
        
        13
        ### Added
      
        14
        
        15
        - **REST API contract (S50 §0).** `GET /api/v1/meta` returns the
      
        16
          server's version stamp and a list of feature capability strings
      
        17
          for client-side feature detection. Every `/api/v1/*` response
      
        18
          now carries `X-RateLimit-Limit`, `X-RateLimit-Remaining`,
      
        19
          `X-RateLimit-Reset`, and (when PAT-authenticated) `X-OAuth-Scopes`.
      
        20
          The 403 scope-reject response also carries
      
        21
          `X-Accepted-OAuth-Scopes`. Operators tune the API rate-limit
      
        22
          budgets via `ratelimit.api.authed_per_hour` /
      
        23
          `ratelimit.api.anon_per_hour` (defaults: 5000 / 60).
      
        24
        - **Pagination helper** `internal/web/handlers/api/apipage` —
      
        25
          emits canonical RFC 8288 Link headers (`first`/`prev`/`next`/`last`)
      
        26
          with absolute URLs rooted at the configured public base URL.
      
        27
        
        28
        ### Changed
      
        29
        
        30
        - **JSON error envelope on `/api/v1/*`.** `401` and `403`
      
        31
          responses now emit `{"error": "..."}` with
      
        32
          `Content-Type: application/json` (previously `text/plain`).
      
        33
          Existing `4xx`/`5xx` responses from the handler bodies are
      
        34
          unchanged.
      
        35
        
        36
        ## [0.1.0] — TBD (operator fills in cutover date)
      
        37
        
        38
        The first public release of shithub. Pre-1.0: there is no
      
        39
        backward-compatibility promise yet. Migrations are forward-only;
      
        40
        schema may change between minor versions.
      
        41
        
        42
        ### Initial public surface
      
        43
        
        44
        - **Identity** — signup, email verification, password reset, TOTP
      
        45
          2FA + recovery codes, SSH keys, scoped PATs, sessions with
      
        46
          per-account epoch invalidation.
      
        47
        - **Repositories** — create, fork, archive, transfer, soft-delete
      
        48
          with grace, rename with redirects, visibility toggles, branch
      
        49
          protection, default-branch swap, topics, README/license/
      
        50
          .gitignore templates.
      
        51
        - **Git** — bare repos on disk; HTTPS smart-HTTP push/pull;
      
        52
          pre/post-receive hook integration.
      
        53
        - **Code browsing** — tree, blob (chroma syntax highlighting),
      
        54
          raw, blame, commit history, individual commit views, branch/tag
      
        55
          listings, compare views, file finder.
      
        56
        - **Issues + PRs** — full CRUD; reviews; required-reviewer
      
        57
          enforcement; status-check gates; three merge methods.
      
        58
        - **Social** — stars, watches, forks, `/explore`, stargazer/
      
        59
          watcher lists.
      
        60
        - **Search** — code, repo, user, issue.
      
        61
        - **Notifications** — in-app inbox, email fan-out, one-click
      
        62
          unsubscribe.
      
        63
        - **Orgs + teams** — roles, invitations, one-level nesting,
      
        64
          max-of-sources policy.
      
        65
        - **Webhooks** — HMAC-signed delivery, exponential backoff,
      
        66
          auto-disable, SSRF defense, redelivery UI.
      
        67
        - **Observability** — structured logs, Prometheus metrics,
      
        68
          optional OTel tracing, Sentry-protocol error reporting.
      
        69
        - **Operations** — Ansible playbook, systemd units, Caddy edge,
      
        70
          WireGuard mesh for monitoring, Postgres WAL archive + daily
      
        71
          logical backups to Spaces, cross-region DR, restore drill.
      
        72
        - **Public landing page** on `/` for anonymous viewers; signed-in
      
        73
          viewers get a quick-link dashboard.
      
        74
        - **Lightweight status page** at `docs.<host>/status.html`.
      
        75
        - **Cutover artifacts** under `deploy/cutover/`.
      
        76
        - **Public docs site** built with mdBook.
      
        77
        - **Operator runbooks** for incidents, backups, restore, upgrade,
      
        78
          rollback, rotate-secrets, rotate-keys, regenerate-akc,
      
        79
          drain-workers, read-only-mode, day-one.
      
        80
        - **a11y tooling** (pa11y + axe) and **k6 load-test scenarios**.
      
        81
        - **THIRD_PARTY_NOTICES.md** with a CI-verified generator.
      
        82
        
        83
        ### Known gaps at v0.1.0
      
        84
        
        85
        - SSH git transport (HTTPS only)
      
        86
        - Actions / CI runner
      
        87
        - Packages, Releases, Pages, Projects, Gists
      
        88
        - GraphQL API (only a small REST surface today)
      
        89
        - Activity feed UI
      
        90
        
        91
        These are all on the post-MVP roadmap.
      
        92
        
        93
        [Unreleased]: https://shithub.sh/shithub/shithub/compare/v0.1.0...trunk
      
        94
        [0.1.0]: https://shithub.sh/shithub/shithub/releases/tag/v0.1.0

1	# Changelog
2
3	All notable changes to shithub are documented here. This project
4	follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/)
5	conventions and [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
6
7	Pre-1.0 versioning: minor versions may break the API. The
8	stability contract begins at v1.0.0; until then, expect changes
9	between minor releases.
10
11	## [Unreleased]
12
13	### Added
14
15	- REST API contract (S50 §0). `GET /api/v1/meta` returns the
16	server's version stamp and a list of feature capability strings
17	for client-side feature detection. Every `/api/v1/*` response
18	now carries `X-RateLimit-Limit`, `X-RateLimit-Remaining`,
19	`X-RateLimit-Reset`, and (when PAT-authenticated) `X-OAuth-Scopes`.
20	The 403 scope-reject response also carries
21	`X-Accepted-OAuth-Scopes`. Operators tune the API rate-limit
22	budgets via `ratelimit.api.authed_per_hour` /
23	`ratelimit.api.anon_per_hour` (defaults: 5000 / 60).
24	- Pagination helper `internal/web/handlers/api/apipage` —
25	emits canonical RFC 8288 Link headers (`first`/`prev`/`next`/`last`)
26	with absolute URLs rooted at the configured public base URL.
27
28	### Changed
29
30	- *JSON error envelope on `/api/v1/`.** `401` and `403`
31	responses now emit `{"error": "..."}` with
32	`Content-Type: application/json` (previously `text/plain`).
33	Existing `4xx`/`5xx` responses from the handler bodies are
34	unchanged.
35
36	## [0.1.0] — TBD (operator fills in cutover date)
37
38	The first public release of shithub. Pre-1.0: there is no
39	backward-compatibility promise yet. Migrations are forward-only;
40	schema may change between minor versions.
41
42	### Initial public surface
43
44	- Identity — signup, email verification, password reset, TOTP
45	2FA + recovery codes, SSH keys, scoped PATs, sessions with
46	per-account epoch invalidation.
47	- Repositories — create, fork, archive, transfer, soft-delete
48	with grace, rename with redirects, visibility toggles, branch
49	protection, default-branch swap, topics, README/license/
50	.gitignore templates.
51	- Git — bare repos on disk; HTTPS smart-HTTP push/pull;
52	pre/post-receive hook integration.
53	- Code browsing — tree, blob (chroma syntax highlighting),
54	raw, blame, commit history, individual commit views, branch/tag
55	listings, compare views, file finder.
56	- Issues + PRs — full CRUD; reviews; required-reviewer
57	enforcement; status-check gates; three merge methods.
58	- Social — stars, watches, forks, `/explore`, stargazer/
59	watcher lists.
60	- Search — code, repo, user, issue.
61	- Notifications — in-app inbox, email fan-out, one-click
62	unsubscribe.
63	- Orgs + teams — roles, invitations, one-level nesting,
64	max-of-sources policy.
65	- Webhooks — HMAC-signed delivery, exponential backoff,
66	auto-disable, SSRF defense, redelivery UI.
67	- Observability — structured logs, Prometheus metrics,
68	optional OTel tracing, Sentry-protocol error reporting.
69	- Operations — Ansible playbook, systemd units, Caddy edge,
70	WireGuard mesh for monitoring, Postgres WAL archive + daily
71	logical backups to Spaces, cross-region DR, restore drill.
72	- Public landing page on `/` for anonymous viewers; signed-in
73	viewers get a quick-link dashboard.
74	- Lightweight status page at `docs.<host>/status.html`.
75	- Cutover artifacts under `deploy/cutover/`.
76	- Public docs site built with mdBook.
77	- Operator runbooks for incidents, backups, restore, upgrade,
78	rollback, rotate-secrets, rotate-keys, regenerate-akc,
79	drain-workers, read-only-mode, day-one.
80	- a11y tooling (pa11y + axe) and k6 load-test scenarios.
81	- THIRD_PARTY_NOTICES.md with a CI-verified generator.
82
83	### Known gaps at v0.1.0
84
85	- SSH git transport (HTTPS only)
86	- Actions / CI runner
87	- Packages, Releases, Pages, Projects, Gists
88	- GraphQL API (only a small REST surface today)
89	- Activity feed UI
90
91	These are all on the post-MVP roadmap.
92
93	[Unreleased]: https://shithub.sh/shithub/shithub/compare/v0.1.0...trunk
94	[0.1.0]: https://shithub.sh/shithub/shithub/releases/tag/v0.1.0