ci: release

[mixie-bot]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@getcirrus/pds@0.18.0

Minor Changes

• #196 c560f2e Thanks @ascorbic! - Proxy com.atproto.moderation.createReport so the Bluesky app's "Report" button works. Reports default to Bluesky's moderation service (did:plc:ar7c4by46qjdydhdevvrndac#atproto_labeler) with a service-auth JWT addressed to that labeler. Clients can override the target by setting the atproto-proxy header to a different labeler's did#service_id, in which case the request is routed to the resolved endpoint and the JWT is addressed there instead. Previously these reports fell through to the generic AppView proxy and were silently rejected.

• #195 3008f88 Thanks @ascorbic! - Implement com.atproto.identity.submitPlcOperation. The endpoint forwards an already-signed PLC operation to plc.directory on the user's behalf, so migration clients can complete an outbound move without talking to the PLC directory themselves. Pairs with the existing com.atproto.identity.signPlcOperation to match the reference PDS migration flow.

Patch Changes

• #193 be57325 Thanks @ascorbic! - Address the service-auth JWT for app.bsky.feed.getFeed to the feed generator rather than the AppView. The token is now stamped with aud set to the generator's service DID (resolved from the feed record) and lxm set to app.bsky.feed.getFeedSkeleton, matching the reference PDS implementation. Previously the token carried aud: did:web:api.bsky.app, so generators that validate the audience (such as the Bluesky "For You" feed) rejected it and ran in a degraded, stateless mode — feeds appeared stuck because per-user "seen" state was never recorded. If the feed record can't be resolved, the request falls back to ordinary AppView proxying so the feed still loads.

• #193 be57325 Thanks @ascorbic! - Fix OAuth scope checking when proxying XRPC requests. Granular rpc: scopes are granted against the full did#service_id audience, but the proxy was checking them against the bare DID, so any granular (non-aud=*) scope was rejected. Proxied requests now check scope against the full service audience, while the outbound service-auth JWT continues to use the bare DID.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
✅ Deployment successful! View logs	pdscheck	68f44e6	May 31 2026, 01:58 PM

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	cirrusdocs	68f44e6	Commit Preview URL Branch Preview URL	May 31 2026, 01:58 PM

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
✅ Deployment successful! View logs	atproto-pds	68f44e6	May 31 2026, 01:58 PM

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/create-pds@194

npm i https://pkg.pr.new/@getcirrus/oauth-provider@194

npm i https://pkg.pr.new/@getcirrus/pds@194

commit: 68f44e6