Skip to content

Releases: devasignhq/devasign-api

# v1.1.0 — Secure Proxy Layer & Resilient Repository Fetching

Choose a tag to compare

@LennyMalcolm0 LennyMalcolm0 released this 26 Jun 16:31
65ac158

What's new

  • Authenticated internal proxying. The extension's internal service requests
    are now authenticated with OIDC tokens, and the edge server adds proxy
    endpoints for commit message generation. Private service URL resolution is
    deferred to request handlers, and timeout errors in proxied requests are
    handled explicitly.

  • User validation at the edge. New user-validation middleware resolves and
    forwards the user ID (and tier) rather than trusting client-supplied values.

  • Hardened test routes. Test routes now require both an explicit enable flag
    and a bypass token to mount, with the token compared using a timing-safe
    equality check.

  • Server-side truncation limits. Extension diff payloads and the review
    schema's contextFiles are now truncated server-side, so oversized inputs are
    capped at the edge.

Notable improvements

  • Repository fetching is more resilient: per-repo fetch errors are isolated to
    prevent a single failure from breaking the bulk fetch, and a mapWithConcurrency
    helper bounds parallelism. Added a getRepositories query parameter for
    selective repo fetching.
  • Increased the local-changes review timeout to 5 minutes.
  • Patched package vulnerabilities and pinned uuid to ^11.1.1.

v1.0.0 — Initial Release

Choose a tag to compare

@LennyMalcolm0 LennyMalcolm0 released this 05 Jun 14:25
e99ab12

First stable release of the server.