From 68f44e65310e681db3ecd56bc71aa9fb6531f938 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Sun, 31 May 2026 13:57:36 +0000
Subject: [PATCH] ci: release

---
 .changeset/create-report-proxy.md      |  5 -----
 .changeset/getfeed-service-auth-aud.md |  5 -----
 .changeset/proxy-rpc-scope-audience.md |  5 -----
 .changeset/submit-plc-operation.md     |  5 -----
 packages/pds/CHANGELOG.md              | 14 ++++++++++++++
 packages/pds/package.json              |  2 +-
 6 files changed, 15 insertions(+), 21 deletions(-)
 delete mode 100644 .changeset/create-report-proxy.md
 delete mode 100644 .changeset/getfeed-service-auth-aud.md
 delete mode 100644 .changeset/proxy-rpc-scope-audience.md
 delete mode 100644 .changeset/submit-plc-operation.md

diff --git a/.changeset/create-report-proxy.md b/.changeset/create-report-proxy.md
deleted file mode 100644
index 21440142..00000000
--- a/.changeset/create-report-proxy.md
+++ /dev/null
@@ -1,5 +0,0 @@
----
-"@getcirrus/pds": minor
----
-
-Proxy `com.atproto.moderation.createReport` so the Bluesky app's "Report" button works. Reports default to Bluesky's moderation service (`did:plc:ar7c4by46qjdydhdevvrndac#atproto_labeler`) with a service-auth JWT addressed to that labeler. Clients can override the target by setting the `atproto-proxy` header to a different labeler's `did#service_id`, in which case the request is routed to the resolved endpoint and the JWT is addressed there instead. Previously these reports fell through to the generic AppView proxy and were silently rejected.
diff --git a/.changeset/getfeed-service-auth-aud.md b/.changeset/getfeed-service-auth-aud.md
deleted file mode 100644
index 3f454af2..00000000
--- a/.changeset/getfeed-service-auth-aud.md
+++ /dev/null
@@ -1,5 +0,0 @@
----
-"@getcirrus/pds": patch
----
-
-Address the service-auth JWT for `app.bsky.feed.getFeed` to the feed generator rather than the AppView. The token is now stamped with `aud` set to the generator's service DID (resolved from the feed record) and `lxm` set to `app.bsky.feed.getFeedSkeleton`, matching the reference PDS implementation. Previously the token carried `aud: did:web:api.bsky.app`, so generators that validate the audience (such as the Bluesky "For You" feed) rejected it and ran in a degraded, stateless mode — feeds appeared stuck because per-user "seen" state was never recorded. If the feed record can't be resolved, the request falls back to ordinary AppView proxying so the feed still loads.
diff --git a/.changeset/proxy-rpc-scope-audience.md b/.changeset/proxy-rpc-scope-audience.md
deleted file mode 100644
index 63ec25e4..00000000
--- a/.changeset/proxy-rpc-scope-audience.md
+++ /dev/null
@@ -1,5 +0,0 @@
----
-"@getcirrus/pds": patch
----
-
-Fix OAuth scope checking when proxying XRPC requests. Granular `rpc:` scopes are granted against the full `did#service_id` audience, but the proxy was checking them against the bare DID, so any granular (non-`aud=*`) scope was rejected. Proxied requests now check scope against the full service audience, while the outbound service-auth JWT continues to use the bare DID.
diff --git a/.changeset/submit-plc-operation.md b/.changeset/submit-plc-operation.md
deleted file mode 100644
index d48a688b..00000000
--- a/.changeset/submit-plc-operation.md
+++ /dev/null
@@ -1,5 +0,0 @@
----
-"@getcirrus/pds": minor
----
-
-Implement `com.atproto.identity.submitPlcOperation`. The endpoint forwards an already-signed PLC operation to `plc.directory` on the user's behalf, so migration clients can complete an outbound move without talking to the PLC directory themselves. Pairs with the existing `com.atproto.identity.signPlcOperation` to match the reference PDS migration flow.
diff --git a/packages/pds/CHANGELOG.md b/packages/pds/CHANGELOG.md
index 4a18b3fd..a102fa84 100644
--- a/packages/pds/CHANGELOG.md
+++ b/packages/pds/CHANGELOG.md
@@ -1,5 +1,19 @@
 # @getcirrus/pds
 
+## 0.18.0
+
+### Minor Changes
+
+- [#196](https://github.com/ascorbic/cirrus/pull/196) [`c560f2e`](https://github.com/ascorbic/cirrus/commit/c560f2e666a97bba305806c5d98e49bcbd88d47c) Thanks [@ascorbic](https://github.com/ascorbic)! - Proxy `com.atproto.moderation.createReport` so the Bluesky app's "Report" button works. Reports default to Bluesky's moderation service (`did:plc:ar7c4by46qjdydhdevvrndac#atproto_labeler`) with a service-auth JWT addressed to that labeler. Clients can override the target by setting the `atproto-proxy` header to a different labeler's `did#service_id`, in which case the request is routed to the resolved endpoint and the JWT is addressed there instead. Previously these reports fell through to the generic AppView proxy and were silently rejected.
+
+- [#195](https://github.com/ascorbic/cirrus/pull/195) [`3008f88`](https://github.com/ascorbic/cirrus/commit/3008f88982269eaa655b6a726c163260a3320756) Thanks [@ascorbic](https://github.com/ascorbic)! - Implement `com.atproto.identity.submitPlcOperation`. The endpoint forwards an already-signed PLC operation to `plc.directory` on the user's behalf, so migration clients can complete an outbound move without talking to the PLC directory themselves. Pairs with the existing `com.atproto.identity.signPlcOperation` to match the reference PDS migration flow.
+
+### Patch Changes
+
+- [#193](https://github.com/ascorbic/cirrus/pull/193) [`be57325`](https://github.com/ascorbic/cirrus/commit/be57325cde6cf0ccd5f6d5b900777da81e6b3c46) Thanks [@ascorbic](https://github.com/ascorbic)! - Address the service-auth JWT for `app.bsky.feed.getFeed` to the feed generator rather than the AppView. The token is now stamped with `aud` set to the generator's service DID (resolved from the feed record) and `lxm` set to `app.bsky.feed.getFeedSkeleton`, matching the reference PDS implementation. Previously the token carried `aud: did:web:api.bsky.app`, so generators that validate the audience (such as the Bluesky "For You" feed) rejected it and ran in a degraded, stateless mode — feeds appeared stuck because per-user "seen" state was never recorded. If the feed record can't be resolved, the request falls back to ordinary AppView proxying so the feed still loads.
+
+- [#193](https://github.com/ascorbic/cirrus/pull/193) [`be57325`](https://github.com/ascorbic/cirrus/commit/be57325cde6cf0ccd5f6d5b900777da81e6b3c46) Thanks [@ascorbic](https://github.com/ascorbic)! - Fix OAuth scope checking when proxying XRPC requests. Granular `rpc:` scopes are granted against the full `did#service_id` audience, but the proxy was checking them against the bare DID, so any granular (non-`aud=*`) scope was rejected. Proxied requests now check scope against the full service audience, while the outbound service-auth JWT continues to use the bare DID.
+
 ## 0.17.1
 
 ### Patch Changes
diff --git a/packages/pds/package.json b/packages/pds/package.json
index 97599e7a..a8954b03 100644
--- a/packages/pds/package.json
+++ b/packages/pds/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@getcirrus/pds",
-	"version": "0.17.1",
+	"version": "0.18.0",
 	"description": "Cirrus – A single-user AT Protocol PDS on Cloudflare Workers",
 	"type": "module",
 	"main": "dist/index.js",