zat.dev / zat
atproto utils for zig zat.dev
atproto sdk zig
26
fork

Configure Feed

Select the types of activity you want to include in your feed.

release: v0.3.1

zzstoatzz 8de5f408 8ba4cc0c

+15 -6
+8
CHANGELOG.md
··· 1 1 # changelog 2 2 3 + ## 0.3.1 4 + 5 + - **feat**: `XrpcClient.queryChecked` and `XrpcClient.procedureChecked` return a checked union of successful `Response` or structured `XrpcError`, preserving AT Protocol `error` / `message` envelopes for non-2xx responses. 6 + - **feat**: `XrpcClient.RetryPolicy` adds status-driven retries for transient transport errors plus HTTP 429/5xx responses, with `retry-after` and rate-limit header support. 7 + - **feat**: `HttpTransport.fetch` captures `ratelimit-limit`, `ratelimit-remaining`, `ratelimit-reset`, and `retry-after` headers on responses. 8 + - **fix**: DID and handle resolution now reject unsafe network targets by default, including private, loopback, link-local, multicast, documentation, and unspecified IP ranges. 9 + - **fix**: identity resolution validates DNS and redirect targets before issuing HTTP requests, reducing SSRF exposure when resolving untrusted AT Protocol identifiers. 10 + 3 11 ## 0.3.0 4 12 5 13 - **breaking**: zig 0.16 — all networking APIs take `io: std.Io` as first parameter
+1 -1
build.zig.zon
··· 1 1 .{ 2 2 .name = .zat, 3 - .version = "0.3.0-alpha.24", 3 + .version = "0.3.1", 4 4 .fingerprint = 0x8da9db57ee82fbe4, 5 5 .minimum_zig_version = "0.16.0-dev.3070+b22eb176b", 6 6 .dependencies = .{
+6 -5
docs/roadmap.md
··· 4 4 5 5 ## current status 6 6 7 - **v0.3.0-alpha** — zig 0.16, `std.Io` throughout. 7 + **v0.3.1** — zig 0.16, `std.Io` throughout. 8 8 9 9 the v0.3.0 migration replaced all networking and concurrency primitives with zig 0.16's [`std.Io`](https://ziglang.org/documentation/master/std/#std.Io) interface. the API change is mechanical: every networking type takes `io: std.Io` as its first parameter. streaming clients moved from `connect()` + `next()` loops to `subscribe(handler)` with automatic reconnection, backoff, and host rotation. 10 10 11 - the library is stable and tested. the alpha tag reflects that downstream consumers (zlay, labelz, pollz) are still validating in production. 11 + the library is stable and tested. downstream consumers continue to drive hardening work, especially around network safety and XRPC error handling. 12 12 13 13 ## history 14 14 ··· 24 24 - CID hash verification in CAR parser (v0.2.1), size limits (v0.2.2) 25 25 - OAuth 2.1 DPoP client (v0.2.14) 26 26 - configurable keep-alive, transport options (v0.2.12–v0.2.18) 27 - - `std.Io` migration, `subscribe(handler)` streaming API (v0.3.0-alpha) 27 + - `std.Io` migration, `subscribe(handler)` streaming API (v0.3.0) 28 + - checked XRPC results, retry policy, and identity network safety (v0.3.1) 28 29 29 30 this pattern — start minimal, expand based on real pain — continues. 30 31 ··· 33 34 the library covers the full AT Protocol verification pipeline: identity resolution, repo parsing, signature verification, and MST validation. benchmarked against Go (indigo) and Rust (rsky) in [atproto-bench](https://tangled.org/zzstoatzz.io/atproto-bench). 34 35 35 36 near-term: 36 - - promote to v0.3.0-beta once production consumers stabilize 37 - - cut v0.3.0 when the API surface is confirmed 37 + - keep validating the v0.3.x surface in production consumers 38 + - promote repeated downstream patterns into the library once they prove stable 38 39 39 40 what's missing will show up when people build things. until then, no speculative features. 40 41