From 06dd9aa1672510a26098c374264166f3fe61cd00 Mon Sep 17 00:00:00 2001 From: Phil Skentelbery Date: Mon, 24 Nov 2025 12:42:44 -0700 Subject: [PATCH] chore: Bump version to 1.0.0-rc.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Release candidate for V1.0.0 with complete IndieWeb support. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- CHANGELOG.md | 72 ++++++++++++++++++++++++++++++++++++++++++++ starpunk/__init__.py | 4 +-- 2 files changed, 74 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 13cff90..693f183 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,78 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [1.0.0-rc.1] - 2025-11-24 + +### Release Candidate for V1.0.0 +First release candidate with complete IndieWeb support. This milestone implements the full V1 specification with IndieAuth authentication and Micropub posting capabilities. + +### Added +- **Phase 1: Secure Token Management** + - Bearer token storage with Argon2id hashing + - Automatic token expiration (90 days default) + - Token revocation endpoint (`POST /micropub?action=revoke`) + - Admin interface for token management with creation, viewing, and revocation + - Comprehensive test coverage for token operations (14 tests) + +- **Phase 2: IndieAuth Token Endpoint** + - Token endpoint (`POST /indieauth/token`) for access token issuance + - Authorization endpoint (`POST /indieauth/authorize`) for consent flow + - PKCE verification for authorization code exchange + - Token verification endpoint (`GET /indieauth/token`) for clients + - Proper OAuth 2.0/IndieAuth spec compliance + - Client credential validation and scope enforcement + - Test suite for token and authorization endpoints (13 tests) + +- **Phase 3: Micropub Endpoint** + - Micropub endpoint (`POST /micropub`) for creating posts + - Support for both JSON and form-encoded requests + - Bearer token authentication with scope validation + - Content validation and sanitization + - Post creation with automatic timestamps + - Location header with post URL in responses + - Comprehensive error handling with proper HTTP status codes + - Integration tests for complete authentication flow (11 tests) + +### Changed +- Admin interface now includes token management section +- Database schema extended with `tokens` table for secure token storage +- Authentication system now supports both admin sessions and bearer tokens +- Authorization flow integrated with existing IndieAuth authentication + +### Security +- Bearer tokens hashed with Argon2id (same as passwords) +- Tokens support automatic expiration +- Scope validation enforces `create` permission for posting +- PKCE prevents authorization code interception +- Token verification validates both hash and expiration + +### Standards Compliance +- IndieAuth specification (W3C) for authentication and authorization +- Micropub specification (W3C) for posting interface +- OAuth 2.0 bearer token authentication +- Proper HTTP status codes and error responses +- Location header for created resources + +### Testing +- 77 total tests (all passing) +- Complete coverage of token management, IndieAuth endpoints, and Micropub +- Integration tests verify end-to-end flows +- Error case coverage for validation and authentication failures + +### Documentation +- Implementation reports for all three phases +- Architecture reviews documenting design decisions +- API contracts specified in docs/design/api-contracts.md +- Test coverage documented in implementation reports + +### Related Standards +- ADR-023: Micropub V1 Implementation Strategy +- W3C IndieAuth Specification +- W3C Micropub Specification + +### Notes +This is a release candidate for testing. Stable 1.0.0 will be released after testing period and any necessary fixes. + ## [0.9.5] - 2025-11-23 ### Fixed diff --git a/starpunk/__init__.py b/starpunk/__init__.py index 7eb4118..a4d4670 100644 --- a/starpunk/__init__.py +++ b/starpunk/__init__.py @@ -153,5 +153,5 @@ def create_app(config=None): # Package version (Semantic Versioning 2.0.0) # See docs/standards/versioning-strategy.md for details -__version__ = "0.9.5" -__version_info__ = (0, 9, 5) +__version__ = "1.0.0-rc.1" +__version_info__ = (1, 0, 0, "rc", 1)