push.rocks/smartregistry
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
41405eb40a28e24a4b3d28cef894467ed522e57c
smartregistry/changelog.md

14 KiB
Raw Blame History

Changelog

2025-11-25 - 2.2.0 - feat(core/registrystorage)

Persist OCI manifest content-type in sidecar and normalize manifest body handling

  • Add getOciManifestContentType(repository, digest) to read stored manifest Content-Type
  • Store manifest Content-Type in a .type sidecar file when putOciManifest is called
  • Update putOciManifest to persist both manifest data and its content type
  • OciRegistry now retrieves stored content type (with fallback to detectManifestContentType) when serving manifests
  • Add toBuffer helper in OciRegistry to consistently convert various request body forms to Buffer for digest calculation and uploads

2025-11-25 - 2.1.2 - fix(oci)

Prefer raw request body for content-addressable OCI operations and expose rawBody on request context

  • Add rawBody?: Buffer to IRequestContext to allow callers to provide the exact raw request bytes for digest calculation (falls back to body if absent).
  • OCI registry handlers now prefer context.rawBody over context.body for content-addressable operations (manifests, blobs, and blob uploads) to preserve exact bytes and ensure digest calculation matches client expectations.
  • Upload flow updates: upload init, PATCH (upload chunk) and PUT (complete upload) now pass rawBody when available.

2025-11-25 - 2.1.1 - fix(oci)

Preserve raw manifest bytes for digest calculation and handle string/JSON manifest bodies in OCI registry

  • Preserve the exact bytes of the manifest payload when computing the sha256 digest to comply with the OCI spec and avoid mismatches caused by re-serialization.
  • Accept string request bodies (converted using UTF-8) and treat already-parsed JSON objects by re-serializing as a fallback.
  • Keep existing content-type fallback logic while ensuring accurate digest calculation prior to storing manifests.

2025-11-25 - 2.1.0 - feat(oci)

Support configurable OCI token realm/service and centralize unauthorized responses

  • SmartRegistry now forwards optional ociTokens (realm and service) from auth configuration to OciRegistry when OCI is enabled
  • OciRegistry constructor accepts an optional ociTokens parameter and stores it for use in auth headers
  • Replaced repeated construction of WWW-Authenticate headers with createUnauthorizedResponse and createUnauthorizedHeadResponse helpers that use configured realm/service
  • Behavior is backwards-compatible: when ociTokens are not configured the registry falls back to the previous defaults (realm: /v2/token, service: "registry")

2025-11-25 - 2.0.0 - BREAKING CHANGE(pypi,rubygems)

Revise PyPI and RubyGems handling: normalize error payloads, fix .gem parsing/packing, adjust PyPI JSON API and tests, and export smartarchive plugin

  • Rename error payload property from 'message' to 'error' in PyPI and RubyGems interfaces and responses; error responses are now returned as JSON objects (body: { error: ... }) instead of Buffer(JSON.stringify(...)).
  • RubyGems: treat .gem files as plain tar archives (not gzipped). Use metadata.gz and data.tar.gz correctly, switch packing helper to pack plain tar, and use zlib deflate for .rz gemspec data.
  • RubyGems registry: add legacy Marshal specs endpoint (specs.4.8.gz) and adjust versions handler invocation to accept request context.
  • PyPI: adopt PEP 691 style (files is an array of file objects) in tests and metadata; include requires_python in test package metadata; update JSON API path matching to the package-level '/{package}/json' style used by the handler.
  • Fix HTML escaping expectations in tests (requires_python values are HTML-escaped in attributes, e.g. '>=3.8').
  • Export smartarchive from plugins to enable archive helpers in core modules and helpers.
  • Update tests and internal code to match the new error shape and API/format behaviour.

2025-11-25 - 1.9.0 - feat(auth)

Implement HMAC-SHA256 OCI JWTs; enhance PyPI & RubyGems uploads and normalize responses

  • AuthManager: create and validate OCI JWTs signed with HMAC-SHA256 (header.payload.signature). Signature verification, exp/nbf checks and payload decoding implemented.
  • PyPI: improved Simple API handling (PEP-691 JSON responses returned as objects), Simple HTML responses updated, upload handling enhanced to support nested/flat multipart fields, verify hashes (sha256/md5/blake2b), store files and return 201 on success.
  • RubyGems: upload flow now attempts to extract gem metadata from the .gem binary when name/version are not provided, improved validation, and upload returns 201. Added extractGemMetadata helper.
  • OCI: centralized 401 response creation (including proper WWW-Authenticate header) and HEAD behavior fixed to return no body per HTTP spec.
  • SmartRegistry: use nullish coalescing for protocol basePath defaults to avoid falsy-value bugs when basePath is an empty string.
  • Tests and helpers: test expectations adjusted (Content-Type startsWith check for HTML, PEP-691 projects is an array), test helper switched to smartarchive for packaging.
  • Package.json: added devDependency @push.rocks/smartarchive and updated dev deps.
  • Various response normalization: avoid unnecessary Buffer.from() for already-serialized objects/strings and standardize status codes for create/upload endpoints (201).

2025-11-24 - 1.8.0 - feat(smarts3)

Add local smarts3 testing support and documentation

  • Added @push.rocks/smarts3 ^5.1.0 to devDependencies to enable a local S3-compatible test server.
  • Updated README with a new "Testing with smarts3" section including a Quick Start example and integration test commands.
  • Documented benefits and CI-friendly usage for running registry integration tests locally without cloud credentials.

2025-11-23 - 1.7.0 - feat(core)

Standardize S3 storage config using @tsclass/tsclass IS3Descriptor and wire it into RegistryStorage and plugins exports; update README and package dependencies.

  • Add @tsclass/tsclass dependency to package.json to provide a standardized IS3Descriptor for S3 configuration.
  • Export tsclass from ts/plugins.ts so plugin types are available to core modules.
  • Update IStorageConfig to extend plugins.tsclass.storage.IS3Descriptor, consolidating storage configuration typing.
  • Change RegistryStorage.init() to pass the storage config directly as an IS3Descriptor to SmartBucket (bucketName remains part of IStorageConfig).
  • Update README storage section with example config and mention IS3Descriptor integration.

2025-11-21 - 1.6.0 - feat(core)

Add PyPI and RubyGems registries, integrate into SmartRegistry, extend storage and auth

  • Introduce PyPI registry implementation with PEP 503 (Simple API) and PEP 691 (JSON API), legacy upload support, content negotiation and HTML/JSON generators (ts/pypi/*).
  • Introduce RubyGems registry implementation with Compact Index support, API v1 endpoints (upload, yank/unyank), versions/names files and helpers (ts/rubygems/*).
  • Wire PyPI and RubyGems into the main orchestrator: SmartRegistry now initializes, exposes and routes requests to pypi and rubygems handlers.
  • Extend RegistryStorage with PyPI and RubyGems storage helpers (metadata, simple index, package files, compact index files, gem files).
  • Extend AuthManager to support PyPI and RubyGems UUID token creation, validation and revocation and include them in unified token validation.
  • Add verification of client-provided hashes during PyPI uploads (SHA256 always calculated and verified; MD5 and Blake2b verified when provided) to prevent corrupted uploads.
  • Export new modules from library entry point (ts/index.ts) and add lightweight rubygems index file export.
  • Add helper utilities for PyPI and RubyGems (name normalization, HTML generation, hash calculations, compact index generation/parsing).
  • Update documentation hints/readme to reflect implementation status and configuration examples for pypi and rubygems.

2025-11-21 - 1.5.0 - feat(core)

Add PyPI and RubyGems protocol support, Cargo token management, and storage helpers

  • Extend core protocol types to include 'pypi' and 'rubygems' and add protocol config entries for pypi and rubygems.
  • Add PyPI storage methods for metadata, Simple API HTML/JSON indexes, package files, version listing and deletion in RegistryStorage.
  • Add Cargo-specific storage helpers (index paths, crate storage) and ensure Cargo registry initialization and endpoints are wired into SmartRegistry.
  • Extend AuthManager with Cargo, PyPI and RubyGems token creation, validation and revocation methods; update unified validateToken to check these token types.
  • Update test helpers to create Cargo tokens and return cargoToken from registry setup.

2025-11-21 - 1.4.1 - fix(devcontainer)

Simplify devcontainer configuration and rename container image

  • Rename Dev Container name to 'gitzone.universal' and set image to mcr.microsoft.com/devcontainers/universal:4.0.1-noble
  • Remove large inline comments and example 'build'/'features' blocks to simplify the devcontainer.json

2025-11-21 - 1.4.0 - feat(registrystorage)

Add deleteMavenMetadata to RegistryStorage and update Maven DELETE test to expect 204 No Content

  • Add deleteMavenMetadata(groupId, artifactId) to RegistryStorage to remove maven-metadata.xml.
  • Update Maven test to assert 204 No Content for DELETE responses (previously expected 200).

2025-11-21 - 1.3.1 - fix(maven)

Pass request path to Maven checksum handler so checksum files are resolved correctly

  • Call handleChecksumRequest with the full request path from MavenRegistry.handleRequest
  • Allows getChecksum to extract the checksum filename from the URL and fetch the correct checksum file from storage
  • Fixes 404s when requesting artifact checksum files (md5, sha1, sha256, sha512)

2025-11-21 - 1.3.0 - feat(core)

Add Cargo and Composer registries with storage, auth and helpers

  • Add Cargo registry implementation (ts/cargo) including index, publish, download, yank/unyank and search handlers
  • Add Composer registry implementation (ts/composer) including package upload/download, metadata, packages.json and helpers
  • Extend RegistryStorage with Cargo and Composer-specific storage helpers and path conventions
  • Extend AuthManager with Composer token creation/validation and unified token validation support
  • Wire SmartRegistry to initialize and route requests to cargo and composer handlers
  • Add adm-zip dependency and Composer ZIP parsing helpers (extractComposerJsonFromZip, sha1 calculation, version sorting)
  • Add tests for Cargo index path calculation and config handling
  • Export new modules from ts/index.ts and add module entry files for composer and cargo

2025-11-21 - 1.2.0 - feat(maven)

Add Maven registry protocol support (storage, auth, routing, interfaces, and exports)

  • Add Maven protocol to core types (TRegistryProtocol) and IRegistryConfig
  • SmartRegistry: initialize Maven registry when enabled, route requests to /maven, and expose it via getRegistry
  • RegistryStorage: implement Maven storage helpers (get/put/delete artifact, metadata, list versions) and path helpers
  • AuthManager: add UUID token creation/validation/revocation for Maven and integrate into unified validateToken/authorize flow
  • New ts/maven module: exports, interfaces and helpers for Maven coordinates, metadata, and search results
  • Add basic Cargo (crates.io) scaffolding: ts/cargo exports and Cargo interfaces
  • Update top-level ts/index.ts and package exports to include Maven (and cargo) modules
  • Tests/helpers updated to enable Maven in test registry and add Maven artifact/checksum helpers

2025-11-20 - 1.1.1 - fix(oci)

Improve OCI manifest permission response and tag handling: include WWW-Authenticate header on unauthorized manifest GETs, accept optional headers in manifest lookup, and persist tags as a unified tags.json mapping when pushing manifests.

  • getManifest now accepts an optional headers parameter for better request context handling.
  • Unauthorized GET manifest responses now include a WWW-Authenticate header with realm/service/scope to comply with OCI auth expectations.
  • PUT manifest logic no longer writes individual tag objects; it updates a consolidated oci/tags/{repository}/tags.json mapping using getTagsData and putObject.
  • Simplified tag update flow when pushing a manifest: tags[reference] = digest and persist tags.json.

2025-11-20 - 1.1.0 - feat(oci)

Support monolithic OCI blob uploads; add registry cleanup/destroy hooks; update tests and docs

  • OCI: Add monolithic upload handling in handleUploadInit — accept digest + body, verify digest, store blob and return 201 with Docker-Content-Digest and Location
  • OCI: Include Docker-Distribution-API-Version header in /v2/ version check response
  • Lifecycle: Persist upload session cleanup timer and provide destroy() to clear timers in OciRegistry
  • Orchestrator: Add destroy() to SmartRegistry to propagate cleanup to protocol handlers
  • Tests: Ensure test suites call registry.destroy() in postTask cleanup to prevent leaked timers/resources
  • Package metadata: bump @git.zone/tstest dev dependency and add packageManager field
  • Docs: Readme formatting and legal/trademark/company information updated

2025-11-20 - 1.0.2 - fix(scripts)

Increase tstest timeout from 30s to 240s in package.json test script

  • Extend the tstest CLI timeout in package.json from 30 seconds to 240 seconds to accommodate longer-running tests and reduce CI timeouts.

2025-11-20 - 1.0.1 - registry

Release 1.0.1 brings core registry features, multi-registry support, logging integration, and performance improvements to object listing. Also includes the initial project scaffold and CI/CD setup.

  • Add smartlog dependency and integrate structured logging into the NpmRegistry class for better runtime diagnostics and traceability.

  • Update smartbucket dependency to 4.3.0 and refactor listObjects for improved performance and efficiency when enumerating stored objects.

  • Implement multi-registry support (multiple iterations/refinements included: v2, v3) to allow managing and resolving packages across multiple registries.

  • Initial project setup: TypeScript project scaffold, development tooling, and CI/CD workflows for automated testing and publishing.

  • Miscellaneous housekeeping and small updates (2025-11-19 — 2025-11-20): several commits with no substantive messages; grouped as non-functional/maintenance changes.

Reference in New Issue View Git Blame Copy Permalink