Skip to content

Releases: Gitlawb/node

v0.5.1

Choose a tag to compare

@github-actions github-actions released this 10 Jul 11:46
3ec8cbf

0.5.1 (2026-07-10)

Bug Fixes

  • bounties: add tests for claim_bounty repo-read gate (#160) (#169) (6bafaa6)
  • deps: bump crossbeam-epoch to 0.9.20 for RUSTSEC-2026-0204 (#162) (#163) (67ad2b8)
  • node,git: bound a hung served git with a total-duration timeout (#62) (#165) (cd67718)
  • node: bound list_ref_certificates with LIMIT and add upsert to prevent unbounded growth (#147) (#149) (6b5e5bc)
  • node: gate POST /api/v1/sync/trigger and rate-limit the peer-sync routes (#82) (#161) (d00d89a)
  • node: rate-limit repo/agent creation per client IP to stop DID-farm spam floods (#180) (dfcaa22)
  • release: build aarch64-musl natively on arm64 runners, replace retired macos-13 (#155) (6cff528)
  • visibility: gate repo-scoped read surfaces on visibility (#120) (#157) (26bc3f6)

v0.5.0

Choose a tag to compare

@github-actions github-actions released this 05 Jul 12:07
5f63f28

0.5.0 (2026-07-05)

Features

  • gl: sanctioned iCaptcha client flow + secure git lifecycle (#138) (06388ec)

Bug Fixes

  • gl: sign the CLI's /ipfs/pins reads under the #134 auth gate (#146) (20d6848)
  • node,git-remote: gate receive-pack advertisement, sign client fetch/push (#119) (6f36fc0)
  • node,gossip: route gossip HTTP through the no-redirect client (#93) (#140) (563c456)
  • node: close two spam-vector root causes (trust upsert + ungated push) (#152) (2df6ff9)
  • node: gate GET /ipfs/{cid} on reachable allowed-set, not deny-set (#126) (#133) (466a550)
  • node: gate the ref-updates feeds on read visibility (#112, #114) (#143) (4891db3)
  • node: prefer canonical repo row over mirror row in get_repo (#124) (#141) (6c95592)
  • remote: include HTTP error response body (#137) (09a0cb2)
  • repos: log the cause when repo create fails (#103) (2620e97)

v0.4.0

Choose a tag to compare

@github-actions github-actions released this 30 Jun 13:09
0190fbb

0.4.0 (2026-06-30)

Features

  • agent profiles (display name, bio, avatar, social links) (#23) (09a3397)
  • db: versioned schema migrations with idempotent backfill (#21) (927e4d0)
  • encrypted replication for private subtrees (B1/B2/B3) for #18 (#36) (5ff7af8)
  • git-remote-gitlawb: add --version and --help flags (#30) (3a401eb)
  • gitlawb-attest: External Attestation v1 for ref-update certs (#20) (924bccd)
  • node: blind recipient identities at rest and gate B1 by repo readability (#40) (abdc775)
  • node: enforce per-route authorization across the REST and GraphQL surface (#87) (2202b00)
  • node: graceful shutdown + Prometheus metrics endpoint (#22) (2ce4da9)
  • node: iCaptcha proof-of-intelligence gate on create_repo + register (#108) (adc20f9)
  • node: iCaptcha-aware repo propagation gate with quarantine (#125) (8b9ceec)
  • node: owner-only push enforcement behind GITLAWB_ENFORCE_OWNER_PUSH (#31) (#68) (0a15e76)
  • node: peer partial-mirrors for repos with private subtrees (#35) (e365a57)
  • node: pin the per-push object delta instead of re-enumerating the whole repo (#90) (1af4fdf)
  • node: replication enforcement (Phase 2) for #18 (#34) (8680d0f)
  • node: signature-gated agent self-deregister (#29) (#63) (ff492b4)
  • node: subtree content withholding (Phase 3) for #18 (#28) (61b3830)
  • path-scoped repository visibility (Phase 1) for #18 (#25) (6abaf1d)
  • per-DID rate limiting on creation endpoints (10/hour) (#13) (b12c6bc)
  • sync: auto-register as replica with origin after successful mirror (#56) (c03c9af)

Bug Fixes

  • api: blob endpoint returns 400/404 instead of 500 on bad paths (#37) (b61a1bd)
  • core: route seed access through the zeroizing wrapper (#41) (#64) (c9f43b0)
  • core: zeroize the derived X25519 secret (#65) (#91) (2f6611a)
  • gl: paginate gl-clone Arweave recovery and make /encrypted-blobs parsing schema-strict (#49) (#70) (2153b0b)
  • infra: drop fly idle_timeout 600 -> 120 (#38) (a2217bf)
  • node: anchor the real old_sha and issue a per-ref certificate (#72) (6809201)
  • node: close under-withholding via full ref scope and full-history classification (#42) (#84) (3e1e904)
  • node: dedupe mirror and canonical repo rows on list surfaces (#6) (#73) (3e8e333)
  • node: enforce path-scoped visibility on the REST read API (#52) (e37ea7f)
  • node: fail closed when a recipient DID can't be resolved (#47) (#67) (abc9ad0)
  • node: gate fork_repo on per-caller path-scoped visibility (#98) (#109) (6ae316c)
  • node: gate GET /ipfs/{cid} on per-caller path-scoped visibility (#110) (#128) (174f25a)
  • node: gate repo-listing and stats surfaces on visibility (#97, #99, #101, #104) (#111) (828dd27)
  • node: make Tigris repo hydration resilient to corrupt archives & failed writes (#54) (7a99d0f)
  • node: preserve promisor mirror mode on unknown withheld-paths lookup (#48) (#69) (96fcfdb)
  • node: reap leaked git child processes (#53) (#61) (803d83e)
  • node: reject malformed path globs with non-trailing or empty-segment wildcards (#74) (#75) (3d880cd)
  • node: skip withheld-walk when no path-scoped rule can withhold (#60) (338ff83)
  • release: give crates explicit versions for release-please (#129) (788a868)
  • release: use simple release-type + generic Cargo.toml updaters (#130) (12bfb1b)
  • security: gate webhook creation through the public-host validator (#81) (#92) (f28fa02)
  • security: reject non-public peer URLs + prune poisoned peers (#78) (a8cc33a)