Changelog
Release notes for every shipped version of Packr Registry. See also the roadmap.
v0.8
Marketing site polish, LLM optimization, production hardening
Added
- SEO foundation: robots.txt, sitemap.xml, Open Graph + Twitter Card metadata, per-page titles
- LLM optimization: /llms.txt and /llms-full.txt per the llmstxt.org proposal
- Explicit allow-list for LLM crawlers (GPTBot, ChatGPT-User, ClaudeBot, PerplexityBot, Google-Extended, Applebot-Extended, cohere-ai, CCBot)
- JSON-LD structured data (Organization, WebSite, SoftwareApplication)
- Vercel Analytics + Speed Insights
- Fixed pricing card CTAs and home page hero CTAs that were dead links
- API-based token management via CLI — packr-cli token create/list/revoke now work from a developer laptop without SSH into the server
- JWT fallback in AdminAuthMiddleware — CLI tokens can call admin endpoints
- Public routes /api/v1/orgs/:slug/packages and /api/v1/users/:username/profile no longer gated by admin auth middleware
- Production-verified OAuth device flow end to end (deployed dashboard, GitHub OAuth app configured, scoped CI tokens in org secrets)
Fixed
- Publish scope check was prepending @ to an already-prefixed scope, producing @@blueforge-studio that never matched any real scope
- Org membership / plan limit / ownership checks were blocking CI tokens (synthetic web:N user IDs). Now skipped for CI tokens — their scope restriction is the authorization boundary
- updateNpmrc hardcoded ${PACKR_TOKEN} placeholder instead of writing the actual token to ~/.npmrc
- packr-cli login reported 'Logged in as unknown' because it parsed the user field as an object but the API returns a string
- Stripe webhook handler updated for Stripe v22 API changes (current_period_end moved to SubscriptionItem, invoice.subscription moved to invoice.parent.subscription_details)
- Dashboard /api/packr/[...path]/ proxy only exported PATCH — added GET/POST/PUT/DELETE
- Next.js 16 proxy.ts should not export runtime — it always runs on Node.js
v0.7
CDN, AI documentation, VS Code extension, multi-region, recommendations
Added
- AI-generated package documentation via Claude API — parses TypeScript declarations from published tarballs and generates structured API docs
- Geographic replication via Fly.io multi-region + PostgreSQL read replicas — new docs/10-multi-region.md guide
- VS Code extension scaffold at packages/vscode/ — browse, search, package info with quality scores, install via terminal
- Package recommendation engine via co-occurrence analysis — /agent/:pkg/recommendations
- CDN cache headers (Cache-Control: immutable) on tarball responses and S3 uploads — works with Supabase CDN and Cloudflare + B2
- Enhanced capability extraction — parses bin, exports, keywords, TypeScript declarations, framework detection
v0.6
Stripe billing, org management, pagination, Helm chart, Redis, subdomain routing
Added
- Stripe subscription integration — checkout, webhook handler, plan enforcement on publish
- Organization model with admin/maintainer/reader roles — /api/v1/admin/orgs CRUD
- Per-org data isolation on publish (org membership required for scoped publishes)
- Subdomain routing for multi-tenant orgs (myorg.packr.dev via Next.js proxy)
- Usage metering — per-user API call and publish tracking with monthly buckets
- Package transfer between users (POST /api/v1/admin/packages/transfer)
- Pagination on all list endpoints with total count
- Agent response cache with TTL and publish-triggered invalidation
- Kubernetes Helm chart at helm/packr/
- Optional Redis cache adapter with fallback to DB
v0.5
OAuth login, fine-grained token permissions, CLI auth, user profiles
Added
- OAuth device flow (RFC 8628) via packr-cli login — GitHub, Google, GitLab, generic OIDC, forge-auth
- Fine-grained token permissions (read, publish, unpublish, admin) with 4 preset roles: ci-readonly, ci-publish, maintainer, admin
- Per-scope token restrictions (e.g. token locked to @blueforge-studio/*)
- CLI credential storage at ~/.packr/credentials.json + optional system keychain backend
- packr-cli init generates .packr.json + .npmrc with ${PACKR_TOKEN} placeholder for safe commit
- User profiles with display name, bio, company, location, avatar, and public profile pages
- OAuth account linking (multiple providers per user)
- Email notifications for password reset (Resend provider, log fallback for dev)
- Webhook retry with exponential backoff (1m, 5m, 30m, 2h, 24h)
- Audit log for publish/unpublish/token events
- Token rotation via packr-cli rotate
v0.4
Agent SDK, MCP server, GitHub Action, comparison API
Added
- @packr/agent TypeScript SDK for AI agent integration
- @packr/mcp-server for Claude and Cursor direct registry queries
- GitHub Action packr-registry/publish-action@v1
- Package comparison API: GET /agent/compare?packages=a,b with quality-based recommendation
- Download count tracking exposed in agent responses
- Package quality scoring (0–100) based on TypeScript types, tests, CI, README, version maturity, freshness
v0.3
Webhooks, deprecation, S3 storage, mobile dashboard
Added
- Webhook system with HMAC-SHA256 signed payloads
- Package deprecation support (PUT /-/v1/deprecate)
- Package unpublish with 72-hour window
- S3-compatible blob storage (AWS S3, Supabase Storage, Backblaze B2)
- Presigned URLs for direct tarball downloads
- Mobile-responsive dashboard with collapsible sidebar
- OpenAPI 3.0 spec at GET /openapi.json
v0.2
Production hardening
Added
- Rate limiting per IP (login, publish, search, admin)
- Structured JSON logging with request ID tracing
- 59+ Go unit tests, authenticated E2E tests
- Docker + docker-compose + GitHub Actions CI
- Dashboard with themes (Default, Matrix, Pixel) and sound effects
- Security hardening: CORS, input validation, path traversal protection, tarball size limits, SSRF protection
What's next
v0.9 planned features include: GitHub App for automatic token provisioning, SAML SSO, monitoring/alerting integration, and team-scoped publish permissions.
View the full roadmap →