github emdash-cms/emdash @emdash-cms/registry-cli@0.1.0
on GitHub

latest releases: create-emdash@0.11.0, @emdash-cms/auth-atproto@0.2.3, emdash@0.11.0...
3 hours ago

Minor Changes

  • #978 27e6d58 Thanks @ascorbic! - Enforces the sandboxed plugin bundle size caps from RFC 0001 §"Bundle size limits" in both the bundle and publish CLI flows: total decompressed ≤ 256 KB, per-file decompressed ≤ 128 KB, and at most 20 files per bundle. The previous bundle command capped only the total at 5 MB; the publish command now also re-validates the decompressed tarball before signing the release record so a publisher hits the same cap locally that aggregators enforce at ingest. Bundles between 256 KB and the old 5 MB ceiling will now be rejected — usually a sign the plugin is bundling host-provided dependencies or assets that belong in a CDN rather than the plugin payload.

Patch Changes

  • #929 5464b55 Thanks @ascorbic! - Fixes the CLI hanging indefinitely after a successful login or logout. run() was returning correctly, but something in the OAuth path left a ref'd handle alive that prevented Node's event loop from draining. Workaround: force-exit at the top level once runMain resolves. The underlying handle leak is unidentified.

  • #929 5464b55 Thanks @ascorbic! - Switches the login flow to request granular OAuth scopes derived from the @emdash-cms/registry-lexicons lexicon set instead of the broad transition:generic: repo: for every record-shaped lexicon (package profile, package release, publisher profile, publisher verification) and rpc:<nsid>?aud=* for every aggregator query (getLatestRelease, getPackage, listReleases, resolvePackage, searchPackages). Display name resolution no longer goes through com.atproto.server.getSession; the handle is read from the DID document via LocalActorResolver so the CLI doesn't need an rpc:com.atproto.* scope and isn't affected by PDS-side DPoP/Bearer compatibility quirks. If the PDS rejects the granular scopes with invalid_scope, login automatically retries once with transition:generic and prints a notice. Existing sessions continue working with their original scope until they're revoked or re-issued.

  • #929 5464b55 Thanks @ascorbic! - Improves login error reporting for OAuth response failures. Previously, transient PDS errors surfaced as a bare unknown_error with a stack trace; the CLI now prints the HTTP status, endpoint, OAuth error code/description, a body snippet when the response wasn't OAuth-shaped JSON, and a hint to retry on 5xx responses.

  • #923 943df46 Thanks @ascorbic! - Adds @emdash-cms/registry-cli: standalone CLI for the experimental plugin registry. Subcommands for login, logout, whoami, switch, search, info, bundle, and publish. Atproto OAuth via loopback callback server. The publish flow fetches the tarball from the URL, verifies a sha256 multihash, extracts and validates manifest.json, locally validates each lexicon record, and atomically writes profile + release records (with the EmDash declaredAccess trust extension) via a single atproto applyWrites. Distributes via npx @emdash-cms/registry-cli to keep atproto deps out of the core CMS install.

  • Updated dependencies [943df46, 943df46, 5464b55, 943df46]:

    • @emdash-cms/plugin-types@0.0.1
    • @emdash-cms/registry-client@0.0.1
    • @emdash-cms/registry-lexicons@0.1.0
Check out latest releases or
releases around emdash-cms/emdash @emdash-cms/registry-cli@0.1.0

Don't miss a new emdash release

NewReleases is sending notifications on new releases.

Get notifications