Releases: Gitlawb/node
Releases · Gitlawb/node
Release list
v0.5.1
0.5.1 (2026-07-10)
Bug Fixes
- bounties: add tests for claim_bounty repo-read gate (#160) (#169) (6bafaa6)
- deps: bump crossbeam-epoch to 0.9.20 for RUSTSEC-2026-0204 (#162) (#163) (67ad2b8)
- node,git: bound a hung served git with a total-duration timeout (#62) (#165) (cd67718)
- node: bound list_ref_certificates with LIMIT and add upsert to prevent unbounded growth (#147) (#149) (6b5e5bc)
- node: gate POST /api/v1/sync/trigger and rate-limit the peer-sync routes (#82) (#161) (d00d89a)
- node: rate-limit repo/agent creation per client IP to stop DID-farm spam floods (#180) (dfcaa22)
- release: build aarch64-musl natively on arm64 runners, replace retired macos-13 (#155) (6cff528)
- visibility: gate repo-scoped read surfaces on visibility (#120) (#157) (26bc3f6)
v0.5.0
0.5.0 (2026-07-05)
Features
Bug Fixes
- gl: sign the CLI's /ipfs/pins reads under the #134 auth gate (#146) (20d6848)
- node,git-remote: gate receive-pack advertisement, sign client fetch/push (#119) (6f36fc0)
- node,gossip: route gossip HTTP through the no-redirect client (#93) (#140) (563c456)
- node: close two spam-vector root causes (trust upsert + ungated push) (#152) (2df6ff9)
- node: gate GET /ipfs/{cid} on reachable allowed-set, not deny-set (#126) (#133) (466a550)
- node: gate the ref-updates feeds on read visibility (#112, #114) (#143) (4891db3)
- node: prefer canonical repo row over mirror row in get_repo (#124) (#141) (6c95592)
- remote: include HTTP error response body (#137) (09a0cb2)
- repos: log the cause when repo create fails (#103) (2620e97)
v0.4.0
0.4.0 (2026-06-30)
Features
- agent profiles (display name, bio, avatar, social links) (#23) (09a3397)
- db: versioned schema migrations with idempotent backfill (#21) (927e4d0)
- encrypted replication for private subtrees (B1/B2/B3) for #18 (#36) (5ff7af8)
- git-remote-gitlawb: add --version and --help flags (#30) (3a401eb)
- gitlawb-attest: External Attestation v1 for ref-update certs (#20) (924bccd)
- node: blind recipient identities at rest and gate B1 by repo readability (#40) (abdc775)
- node: enforce per-route authorization across the REST and GraphQL surface (#87) (2202b00)
- node: graceful shutdown + Prometheus metrics endpoint (#22) (2ce4da9)
- node: iCaptcha proof-of-intelligence gate on create_repo + register (#108) (adc20f9)
- node: iCaptcha-aware repo propagation gate with quarantine (#125) (8b9ceec)
- node: owner-only push enforcement behind GITLAWB_ENFORCE_OWNER_PUSH (#31) (#68) (0a15e76)
- node: peer partial-mirrors for repos with private subtrees (#35) (e365a57)
- node: pin the per-push object delta instead of re-enumerating the whole repo (#90) (1af4fdf)
- node: replication enforcement (Phase 2) for #18 (#34) (8680d0f)
- node: signature-gated agent self-deregister (#29) (#63) (ff492b4)
- node: subtree content withholding (Phase 3) for #18 (#28) (61b3830)
- path-scoped repository visibility (Phase 1) for #18 (#25) (6abaf1d)
- per-DID rate limiting on creation endpoints (10/hour) (#13) (b12c6bc)
- sync: auto-register as replica with origin after successful mirror (#56) (c03c9af)
Bug Fixes
- api: blob endpoint returns 400/404 instead of 500 on bad paths (#37) (b61a1bd)
- core: route seed access through the zeroizing wrapper (#41) (#64) (c9f43b0)
- core: zeroize the derived X25519 secret (#65) (#91) (2f6611a)
- gl: paginate gl-clone Arweave recovery and make /encrypted-blobs parsing schema-strict (#49) (#70) (2153b0b)
- infra: drop fly idle_timeout 600 -> 120 (#38) (a2217bf)
- node: anchor the real old_sha and issue a per-ref certificate (#72) (6809201)
- node: close under-withholding via full ref scope and full-history classification (#42) (#84) (3e1e904)
- node: dedupe mirror and canonical repo rows on list surfaces (#6) (#73) (3e8e333)
- node: enforce path-scoped visibility on the REST read API (#52) (e37ea7f)
- node: fail closed when a recipient DID can't be resolved (#47) (#67) (abc9ad0)
- node: gate fork_repo on per-caller path-scoped visibility (#98) (#109) (6ae316c)
- node: gate GET /ipfs/{cid} on per-caller path-scoped visibility (#110) (#128) (174f25a)
- node: gate repo-listing and stats surfaces on visibility (#97, #99, #101, #104) (#111) (828dd27)
- node: make Tigris repo hydration resilient to corrupt archives & failed writes (#54) (7a99d0f)
- node: preserve promisor mirror mode on unknown withheld-paths lookup (#48) (#69) (96fcfdb)
- node: reap leaked git child processes (#53) (#61) (803d83e)
- node: reject malformed path globs with non-trailing or empty-segment wildcards (#74) (#75) (3d880cd)
- node: skip withheld-walk when no path-scoped rule can withhold (#60) (338ff83)
- release: give crates explicit versions for release-please (#129) (788a868)
- release: use simple release-type + generic Cargo.toml updaters (#130) (12bfb1b)
- security: gate webhook creation through the public-host validator (#81) (#92) (f28fa02)
- security: reject non-public peer URLs + prune poisoned peers (#78) (a8cc33a)