Releases: devasignhq/devasign-api
Release list
# v1.1.0 — Secure Proxy Layer & Resilient Repository Fetching
What's new
-
Authenticated internal proxying. The extension's internal service requests
are now authenticated with OIDC tokens, and the edge server adds proxy
endpoints for commit message generation. Private service URL resolution is
deferred to request handlers, and timeout errors in proxied requests are
handled explicitly. -
User validation at the edge. New user-validation middleware resolves and
forwards the user ID (and tier) rather than trusting client-supplied values. -
Hardened test routes. Test routes now require both an explicit enable flag
and a bypass token to mount, with the token compared using a timing-safe
equality check. -
Server-side truncation limits. Extension diff payloads and the review
schema'scontextFilesare now truncated server-side, so oversized inputs are
capped at the edge.
Notable improvements
- Repository fetching is more resilient: per-repo fetch errors are isolated to
prevent a single failure from breaking the bulk fetch, and amapWithConcurrency
helper bounds parallelism. Added agetRepositoriesquery parameter for
selective repo fetching. - Increased the local-changes review timeout to 5 minutes.
- Patched package vulnerabilities and pinned
uuidto^11.1.1.
v1.0.0 — Initial Release
First stable release of the server.