Fix flaky appeal test (#3369 )

fix flaky appeal test
add pipethrough for recids on suggestions (#3365 )
2025-01-14 13:02:06 -06:00 · 2025-01-13 16:33:32 -08:00 · 2025-01-13 16:32:43 -08:00 · 2025-01-13 15:34:11 -08:00 · 2025-01-10 14:46:14 +01:00 · 2025-01-09 14:27:17 +01:00
88 changed files with 721 additions and 299 deletions
--- a/.changeset/lucky-sloths-tie.md
+++ b/.changeset/lucky-sloths-tie.md
@ -1,5 +0,0 @@
 ---
 "@atproto/crypto": patch
 ---
 Update noble crypto libraries
--- a/lexicons/app/bsky/actor/getSuggestions.json
+++ b/lexicons/app/bsky/actor/getSuggestions.json
@ -30,6 +30,10 @@
                "type": "ref",
                "ref": "app.bsky.actor.defs#profileView"
              }
            },
            "recId": {
              "type": "integer",
              "description": "Snowflake for this recommendation, use when submitting recommendation events."
            }
          }
        }
--- a/lexicons/app/bsky/graph/getSuggestedFollowsByActor.json
+++ b/lexicons/app/bsky/graph/getSuggestedFollowsByActor.json
@ -29,6 +29,10 @@
              "type": "boolean",
              "description": "If true, response has fallen-back to generic results, and is not scoped using relativeToDid",
              "default": false
            },
            "recId": {
              "type": "integer",
              "description": "Snowflake for this recommendation, use when submitting recommendation events."
            }
          }
        }
--- a/lexicons/app/bsky/unspecced/getSuggestionsSkeleton.json
+++ b/lexicons/app/bsky/unspecced/getSuggestionsSkeleton.json
@ -45,6 +45,10 @@
              "type": "string",
              "format": "did",
              "description": "DID of the account these suggestions are relative to. If this is returned undefined, suggestions are based on the viewer."
            },
            "recId": {
              "type": "integer",
              "description": "Snowflake for this recommendation, use when submitting recommendation events."
            }
          }
        }
--- a/packages/api/CHANGELOG.md
+++ b/packages/api/CHANGELOG.md
@ -1,5 +1,11 @@
 # @atproto/api
 ## 0.13.27
 ### Patch Changes
 - [#3364](https://github.com/bluesky-social/atproto/pull/3364) [`e277158f7`](https://github.com/bluesky-social/atproto/commit/e277158f70a831b04fde3ec84b3c1eaa6ce82e9d) Thanks [@iwsmith](https://github.com/iwsmith)! - add recId to getSuggestions
 ## 0.13.26
 ### Patch Changes
--- a/packages/api/package.json
+++ b/packages/api/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/api",
-  "version": "0.13.26",
+  "version": "0.13.27",
  "license": "MIT",
  "description": "Client library for atproto and Bluesky",
  "keywords": [
--- a/packages/api/src/client/lexicons.ts
+++ b/packages/api/src/client/lexicons.ts
@ -12359,7 +12359,7 @@ export const schemaDict = {
              items: {
                type: 'string',
                description:
-                  'If specified, only events where the policy matches the given policy are returned',
+                  'If specified, only events where the action policies match any of the given policies are returned',
              },
            },
            cursor: {
--- a/packages/api/src/client/types/app/bsky/actor/getSuggestions.ts
+++ b/packages/api/src/client/types/app/bsky/actor/getSuggestions.ts
@ -18,6 +18,8 @@ export type InputSchema = undefined
 export interface OutputSchema {
  cursor?: string
  actors: AppBskyActorDefs.ProfileView[]
  /** Snowflake for this recommendation, use when submitting recommendation events. */
  recId?: number
  [k: string]: unknown
 }
--- a/packages/api/src/client/types/app/bsky/graph/getSuggestedFollowsByActor.ts
+++ b/packages/api/src/client/types/app/bsky/graph/getSuggestedFollowsByActor.ts
@ -18,6 +18,8 @@ export interface OutputSchema {
  suggestions: AppBskyActorDefs.ProfileView[]
  /** If true, response has fallen-back to generic results, and is not scoped using relativeToDid */
  isFallback: boolean
  /** Snowflake for this recommendation, use when submitting recommendation events. */
  recId?: number
  [k: string]: unknown
 }
--- a/packages/api/src/client/types/app/bsky/unspecced/getSuggestionsSkeleton.ts
+++ b/packages/api/src/client/types/app/bsky/unspecced/getSuggestionsSkeleton.ts
@ -24,6 +24,8 @@ export interface OutputSchema {
  actors: AppBskyUnspeccedDefs.SkeletonSearchActor[]
  /** DID of the account these suggestions are relative to. If this is returned undefined, suggestions are based on the viewer. */
  relativeToDid?: string
  /** Snowflake for this recommendation, use when submitting recommendation events. */
  recId?: number
  [k: string]: unknown
 }
--- a/packages/aws/CHANGELOG.md
+++ b/packages/aws/CHANGELOG.md
@ -1,5 +1,13 @@
 # @atproto/aws
 ## 0.2.12
 ### Patch Changes
 - Updated dependencies [[`1abfd74ec`](https://github.com/bluesky-social/atproto/commit/1abfd74ec7114e5d8e2411f7a4fa10bdce97e277)]:
  - @atproto/crypto@0.4.3
  - @atproto/repo@0.6.2
 ## 0.2.11
 ### Patch Changes
--- a/packages/aws/package.json
+++ b/packages/aws/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/aws",
-  "version": "0.2.11",
+  "version": "0.2.12",
  "license": "MIT",
  "description": "Shared AWS cloud API helpers for atproto services",
  "keywords": [
--- a/packages/bsky/CHANGELOG.md
+++ b/packages/bsky/CHANGELOG.md
@ -1,5 +1,25 @@
 # @atproto/bsky
 ## 0.0.106
 ### Patch Changes
 - Updated dependencies [[`e277158f7`](https://github.com/bluesky-social/atproto/commit/e277158f70a831b04fde3ec84b3c1eaa6ce82e9d)]:
  - @atproto/api@0.13.27
  - @atproto-labs/fetch-node@0.1.5
 ## 0.0.105
 ### Patch Changes
 - Updated dependencies [[`1abfd74ec`](https://github.com/bluesky-social/atproto/commit/1abfd74ec7114e5d8e2411f7a4fa10bdce97e277)]:
  - @atproto/crypto@0.4.3
  - @atproto/identity@0.4.5
  - @atproto/repo@0.6.2
  - @atproto/xrpc-server@0.7.6
  - @atproto/sync@0.1.9
  - @atproto-labs/xrpc-utils@0.0.2
 ## 0.0.104
 ### Patch Changes
--- a/packages/bsky/package.json
+++ b/packages/bsky/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/bsky",
-  "version": "0.0.104",
+  "version": "0.0.106",
  "license": "MIT",
  "description": "Reference implementation of app.bsky App View (Bluesky API)",
  "keywords": [
--- a/packages/bsky/src/api/app/bsky/actor/getSuggestions.ts
+++ b/packages/bsky/src/api/app/bsky/actor/getSuggestions.ts
@ -71,6 +71,7 @@ const skeleton = async (input: {
    return {
      dids: res.data.actors.map((a) => a.did),
      cursor: res.data.cursor,
      recId: res.data.recId,
      resHeaders: res.headers,
    }
  } else {
@ -129,6 +130,7 @@ const presentation = (input: {
  return {
    actors,
    cursor: skeleton.cursor,
    recId: skeleton.recId,
    resHeaders: skeleton.resHeaders,
  }
 }
@ -148,5 +150,6 @@ type Params = QueryParams & {
 type Skeleton = {
  dids: string[]
  cursor?: string
  recId?: number
  resHeaders?: Record<string, string>
 }
--- a/packages/bsky/src/api/app/bsky/graph/getSuggestedFollowsByActor.ts
+++ b/packages/bsky/src/api/app/bsky/graph/getSuggestedFollowsByActor.ts
@ -73,6 +73,7 @@ const skeleton = async (input: SkeletonFnInput<Context, Params>) => {
    return {
      isFallback: !res.data.relativeToDid,
      suggestedDids: res.data.actors.map((a) => a.did),
      recId: res.data.recId,
      headers: res.headers,
    }
  } else {
@ -115,7 +116,12 @@ const presentation = (
  const suggestions = mapDefined(suggestedDids, (did) =>
    ctx.views.profileDetailed(did, hydration),
  )
-  return { isFallback: skeleton.isFallback, suggestions, headers }
+  return {
    isFallback: skeleton.isFallback,
    suggestions,
    recId: skeleton.recId,
    headers,
  }
 }
 type Context = {
@ -133,5 +139,6 @@ type Params = QueryParams & {
 type SkeletonState = {
  isFallback: boolean
  suggestedDids: string[]
  recId?: number
  headers?: Record<string, string>
 }
--- a/packages/bsky/src/lexicon/types/app/bsky/actor/getSuggestions.ts
+++ b/packages/bsky/src/lexicon/types/app/bsky/actor/getSuggestions.ts
@ -19,6 +19,8 @@ export type InputSchema = undefined
 export interface OutputSchema {
  cursor?: string
  actors: AppBskyActorDefs.ProfileView[]
  /** Snowflake for this recommendation, use when submitting recommendation events. */
  recId?: number
  [k: string]: unknown
 }
--- a/packages/bsky/src/lexicon/types/app/bsky/graph/getSuggestedFollowsByActor.ts
+++ b/packages/bsky/src/lexicon/types/app/bsky/graph/getSuggestedFollowsByActor.ts
@ -19,6 +19,8 @@ export interface OutputSchema {
  suggestions: AppBskyActorDefs.ProfileView[]
  /** If true, response has fallen-back to generic results, and is not scoped using relativeToDid */
  isFallback?: boolean
  /** Snowflake for this recommendation, use when submitting recommendation events. */
  recId?: number
  [k: string]: unknown
 }
--- a/packages/bsky/src/lexicon/types/app/bsky/unspecced/getSuggestionsSkeleton.ts
+++ b/packages/bsky/src/lexicon/types/app/bsky/unspecced/getSuggestionsSkeleton.ts
@ -25,6 +25,8 @@ export interface OutputSchema {
  actors: AppBskyUnspeccedDefs.SkeletonSearchActor[]
  /** DID of the account these suggestions are relative to. If this is returned undefined, suggestions are based on the viewer. */
  relativeToDid?: string
  /** Snowflake for this recommendation, use when submitting recommendation events. */
  recId?: number
  [k: string]: unknown
 }
--- a/packages/crypto/CHANGELOG.md
+++ b/packages/crypto/CHANGELOG.md
@ -1,5 +1,11 @@
 # @atproto/crypto
 ## 0.4.3
 ### Patch Changes
 - [#3335](https://github.com/bluesky-social/atproto/pull/3335) [`1abfd74ec`](https://github.com/bluesky-social/atproto/commit/1abfd74ec7114e5d8e2411f7a4fa10bdce97e277) Thanks [@dholms](https://github.com/dholms)! - Update noble crypto libraries
 ## 0.4.2
 ### Patch Changes
--- a/packages/crypto/package.json
+++ b/packages/crypto/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/crypto",
-  "version": "0.4.2",
+  "version": "0.4.3",
  "license": "MIT",
  "description": "Library for cryptographic keys and signing in atproto",
  "keywords": [
--- a/packages/dev-env/CHANGELOG.md
+++ b/packages/dev-env/CHANGELOG.md
@ -1,5 +1,30 @@
 # @atproto/dev-env
 ## 0.3.76
 ### Patch Changes
 - [#3344](https://github.com/bluesky-social/atproto/pull/3344) [`48a0e9d60`](https://github.com/bluesky-social/atproto/commit/48a0e9d6060c2dc93899f13f2fc7cc76c04fbcd9) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Properly dispose of unused http responses
 - Updated dependencies [[`48a0e9d60`](https://github.com/bluesky-social/atproto/commit/48a0e9d6060c2dc93899f13f2fc7cc76c04fbcd9), [`e277158f7`](https://github.com/bluesky-social/atproto/commit/e277158f70a831b04fde3ec84b3c1eaa6ce82e9d)]:
  - @atproto/ozone@0.1.67
  - @atproto/api@0.13.27
  - @atproto/bsky@0.0.106
  - @atproto/pds@0.4.84
 ## 0.3.75
 ### Patch Changes
 - Updated dependencies [[`1abfd74ec`](https://github.com/bluesky-social/atproto/commit/1abfd74ec7114e5d8e2411f7a4fa10bdce97e277)]:
  - @atproto/crypto@0.4.3
  - @atproto/bsky@0.0.105
  - @atproto/identity@0.4.5
  - @atproto/ozone@0.1.66
  - @atproto/pds@0.4.83
  - @atproto/xrpc-server@0.7.6
  - @atproto/sync@0.1.9
 ## 0.3.74
 ### Patch Changes
--- a/packages/dev-env/package.json
+++ b/packages/dev-env/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/dev-env",
-  "version": "0.3.74",
+  "version": "0.3.76",
  "license": "MIT",
  "description": "Local development environment helper for atproto development",
  "keywords": [
--- a/packages/dev-env/src/util.ts
+++ b/packages/dev-env/src/util.ts
@ -45,7 +45,7 @@ export const mockResolvers = (idResolver: IdResolver, pds: TestPds) => {
    try {
      const res = await request(url, { headers: { host: handle } })
      if (res.statusCode !== 200) {
-        res.body.destroy()
+        await res.body.dump()
        return undefined
      }
--- a/packages/identity/CHANGELOG.md
+++ b/packages/identity/CHANGELOG.md
@ -1,5 +1,12 @@
 # @atproto/identity
 ## 0.4.5
 ### Patch Changes
 - Updated dependencies [[`1abfd74ec`](https://github.com/bluesky-social/atproto/commit/1abfd74ec7114e5d8e2411f7a4fa10bdce97e277)]:
  - @atproto/crypto@0.4.3
 ## 0.4.4
 ### Patch Changes
--- a/packages/identity/package.json
+++ b/packages/identity/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/identity",
-  "version": "0.4.4",
+  "version": "0.4.5",
  "license": "MIT",
  "description": "Library for decentralized identities in atproto using DIDs and handles",
  "keywords": [
--- a/packages/internal/did-resolver/CHANGELOG.md
+++ b/packages/internal/did-resolver/CHANGELOG.md
@ -1,5 +1,12 @@
 # @atproto-labs/did-resolver
 ## 0.1.8
 ### Patch Changes
 - Updated dependencies [[`5ece8c6ae`](https://github.com/bluesky-social/atproto/commit/5ece8c6aeab9c5c3f51295d93ed6e27c3c6095c2), [`5ece8c6ae`](https://github.com/bluesky-social/atproto/commit/5ece8c6aeab9c5c3f51295d93ed6e27c3c6095c2)]:
  - @atproto-labs/fetch@0.2.0
 ## 0.1.7
 ### Patch Changes
--- a/packages/internal/did-resolver/package.json
+++ b/packages/internal/did-resolver/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto-labs/did-resolver",
-  "version": "0.1.7",
+  "version": "0.1.8",
  "license": "MIT",
  "description": "DID resolution and verification library",
  "keywords": [
--- a/packages/internal/fetch-node/CHANGELOG.md
+++ b/packages/internal/fetch-node/CHANGELOG.md
@ -1,5 +1,12 @@
 # @atproto-labs/fetch-node
 ## 0.1.5
 ### Patch Changes
 - Updated dependencies [[`5ece8c6ae`](https://github.com/bluesky-social/atproto/commit/5ece8c6aeab9c5c3f51295d93ed6e27c3c6095c2), [`5ece8c6ae`](https://github.com/bluesky-social/atproto/commit/5ece8c6aeab9c5c3f51295d93ed6e27c3c6095c2)]:
  - @atproto-labs/fetch@0.2.0
 ## 0.1.4
 ### Patch Changes
--- a/packages/internal/fetch-node/package.json
+++ b/packages/internal/fetch-node/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto-labs/fetch-node",
-  "version": "0.1.4",
+  "version": "0.1.5",
  "license": "MIT",
  "description": "SSRF protection for fetch() in Node.js",
  "keywords": [
--- a/packages/internal/fetch/CHANGELOG.md
+++ b/packages/internal/fetch/CHANGELOG.md
@ -1,5 +1,15 @@
 # @atproto-labs/fetch
 ## 0.2.0
 ### Minor Changes
 - [#3343](https://github.com/bluesky-social/atproto/pull/3343) [`5ece8c6ae`](https://github.com/bluesky-social/atproto/commit/5ece8c6aeab9c5c3f51295d93ed6e27c3c6095c2) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Fix typo in `ResponseTranformer` and `fetchResponseJsonTranformer`
 ### Patch Changes
 - [#3343](https://github.com/bluesky-social/atproto/pull/3343) [`5ece8c6ae`](https://github.com/bluesky-social/atproto/commit/5ece8c6aeab9c5c3f51295d93ed6e27c3c6095c2) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Response mime type check is now case-insensitive (as per rfc2616)
 ## 0.1.2
 ### Patch Changes
--- a/packages/internal/fetch/package.json
+++ b/packages/internal/fetch/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto-labs/fetch",
-  "version": "0.1.2",
+  "version": "0.2.0",
  "license": "MIT",
  "description": "Isomorphic wrapper utilities for fetch API",
  "keywords": [
--- a/packages/internal/fetch/src/fetch-response.ts
+++ b/packages/internal/fetch/src/fetch-response.ts
@ -14,7 +14,24 @@ import {
  logCancellationError,
 } from './util.js'
-export type ResponseTranformer = Transformer<Response>
+/**
 * media-type     = type "/" subtype *( ";" parameter )
 * type           = token
 * subtype        = token
 * token          = 1*<any CHAR except CTLs or separators>
 * separators     = "(" | ")" | "<" | ">" | "@"
 *                | "," | ";" | ":" | "\" | <">
 *                | "/" | "[" | "]" | "?" | "="
 *                | "{" | "}" | SP | HT
 * CTL            = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
 * SP             = <US-ASCII SP, space (32)>
 * HT             = <US-ASCII HT, horizontal-tab (9)>
 * @note The type, subtype, and parameter attribute names are case-insensitive.
 * @see {@link https://datatracker.ietf.org/doc/html/rfc2616#autoid-23}
 */
 const JSON_MIME = /^application\/(?:[^()<>@,;:/[\]\\?={} \t]+\+)?json$/i
 export type ResponseTransformer = Transformer<Response>
 export type ResponseMessageGetter = Transformer<Response, string | undefined>
 export class FetchResponseError extends FetchError {
@ -51,7 +68,7 @@ const extractResponseMessage: ResponseMessageGetter = async (response) => {
  try {
    if (mimeType === 'text/plain') {
      return await response.text()
-    } else if (/^application\/(?:[^+]+\+)?json$/i.test(mimeType)) {
+    } else if (JSON_MIME.test(mimeType)) {
      const json: unknown = await response.json()
      if (typeof json === 'string') return json
@ -155,7 +172,7 @@ export function cancelBodyOnError<T>(
 export function fetchOkProcessor(
  customMessage?: string | ResponseMessageGetter,
-): ResponseTranformer {
+): ResponseTransformer {
  return cancelBodyOnError((response) => {
    return fetchOkTransformer(response, customMessage)
  })
@ -169,7 +186,7 @@ export async function fetchOkTransformer(
  throw await FetchResponseError.from(response, customMessage)
 }
-export function fetchMaxSizeProcessor(maxBytes: number): ResponseTranformer {
+export function fetchMaxSizeProcessor(maxBytes: number): ResponseTransformer {
  if (maxBytes === Infinity) return (response) => response
  if (!Number.isFinite(maxBytes) || maxBytes < 0) {
    throw new TypeError('maxBytes must be a 0, Infinity or a positive number')
@ -200,7 +217,7 @@ export type MimeTypeCheck = string | RegExp | MimeTypeCheckFn
 export function fetchTypeProcessor(
  expectedMime: MimeTypeCheck,
  contentTypeRequired = true,
-): ResponseTranformer {
+): ResponseTransformer {
  const isExpected: MimeTypeCheckFn =
    typeof expectedMime === 'string'
      ? (mimeType) => mimeType === expectedMime
@ -220,7 +237,7 @@ export async function fetchResponseTypeChecker(
 ): Promise<Response> {
  const mimeType = extractMime(response)
  if (mimeType) {
-    if (!isExpectedMime(mimeType)) {
+    if (!isExpectedMime(mimeType.toLowerCase())) {
      throw await FetchResponseError.from(
        response,
        `Unexpected response Content-Type (${mimeType})`,
@ -243,7 +260,7 @@ export type ParsedJsonResponse<T = Json> = {
  json: T
 }
-export async function fetchResponseJsonTranformer<T = Json>(
+export async function fetchResponseJsonTransformer<T = Json>(
  response: Response,
 ): Promise<ParsedJsonResponse<T>> {
  try {
@ -260,12 +277,12 @@ export async function fetchResponseJsonTranformer<T = Json>(
 }
 export function fetchJsonProcessor<T = Json>(
-  expectedMime: MimeTypeCheck = /^application\/(?:[^+]+\+)?json$/,
+  expectedMime: MimeTypeCheck = JSON_MIME,
  contentTypeRequired = true,
 ): Transformer<Response, ParsedJsonResponse<T>> {
  return pipe(
    fetchTypeProcessor(expectedMime, contentTypeRequired),
-    cancelBodyOnError(fetchResponseJsonTranformer<T>),
+    cancelBodyOnError(fetchResponseJsonTransformer<T>),
  )
 }
--- a/packages/internal/handle-resolver-node/CHANGELOG.md
+++ b/packages/internal/handle-resolver-node/CHANGELOG.md
@ -1,5 +1,12 @@
 # @atproto-labs/handle-resolver-node
 ## 0.1.10
 ### Patch Changes
 - Updated dependencies []:
  - @atproto-labs/fetch-node@0.1.5
 ## 0.1.9
 ### Patch Changes
--- a/packages/internal/handle-resolver-node/package.json
+++ b/packages/internal/handle-resolver-node/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto-labs/handle-resolver-node",
-  "version": "0.1.9",
+  "version": "0.1.10",
  "license": "MIT",
  "description": "Node specific ATProto handle to DID resolver",
  "keywords": [
--- a/packages/internal/identity-resolver/CHANGELOG.md
+++ b/packages/internal/identity-resolver/CHANGELOG.md
@ -1,5 +1,12 @@
 # @atproto-labs/identity-resolver
 ## 0.1.10
 ### Patch Changes
 - Updated dependencies []:
  - @atproto-labs/did-resolver@0.1.8
 ## 0.1.9
 ### Patch Changes
--- a/packages/internal/identity-resolver/package.json
+++ b/packages/internal/identity-resolver/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto-labs/identity-resolver",
-  "version": "0.1.9",
+  "version": "0.1.10",
  "license": "MIT",
  "description": "A library resolving ATPROTO identities",
  "keywords": [
--- a/packages/internal/xrpc-utils/CHANGELOG.md
+++ b/packages/internal/xrpc-utils/CHANGELOG.md
@ -1,5 +1,12 @@
 # @atproto-labs/xrpc-utils
 ## 0.0.2
 ### Patch Changes
 - Updated dependencies []:
  - @atproto/xrpc-server@0.7.6
 ## 0.0.1
 ### Patch Changes
--- a/packages/internal/xrpc-utils/package.json
+++ b/packages/internal/xrpc-utils/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto-labs/xrpc-utils",
-  "version": "0.0.1",
+  "version": "0.0.2",
  "license": "MIT",
  "description": "XRPC server utilities for Node.JS",
  "keywords": [
--- a/packages/oauth/jwk-jose/CHANGELOG.md
+++ b/packages/oauth/jwk-jose/CHANGELOG.md
@ -1,5 +1,16 @@
 # @atproto/jwk-jose
 ## 0.1.3
 ### Patch Changes
 - [#2879](https://github.com/bluesky-social/atproto/pull/2879) [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Improve compatibility with runtimes relying on webcrypto (by explicit JOSE's importJWK() "alg" argument).
 - [#2879](https://github.com/bluesky-social/atproto/pull/2879) [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Remove unsafe type casting during JWT verification
 - Updated dependencies [[`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0)]:
  - @atproto/jwk@0.1.2
 ## 0.1.2
 ### Patch Changes
--- a/packages/oauth/jwk-jose/package.json
+++ b/packages/oauth/jwk-jose/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/jwk-jose",
-  "version": "0.1.2",
+  "version": "0.1.3",
  "license": "MIT",
  "description": "`jose` based implementation of @atproto/jwk Key's",
  "keywords": [
--- a/packages/oauth/jwk-jose/src/jose-key.ts
+++ b/packages/oauth/jwk-jose/src/jose-key.ts
@ -1,4 +1,19 @@
-import { JwtVerifyError } from '@atproto/jwk'
+import {
  Jwk,
  JwkError,
  JwtCreateError,
  JwtHeader,
  JwtPayload,
  JwtVerifyError,
  Key,
  RequiredKey,
  SignedJwt,
  VerifyOptions,
  VerifyResult,
  jwkValidator,
  jwtHeaderSchema,
  jwtPayloadSchema,
 } from '@atproto/jwk'
 import {
  SignJWT,
  errors,
@ -14,19 +29,6 @@ import {
  type KeyLike,
 } from 'jose'
 import {
  Jwk,
  JwkError,
  JwtCreateError,
  JwtHeader,
  JwtPayload,
  Key,
  SignedJwt,
  VerifyOptions,
  VerifyPayload,
  VerifyResult,
  jwkValidator,
 } from '@atproto/jwk'
 import { either } from './util'
 const { JOSEError } = errors
@ -35,53 +37,97 @@ export type Importable = string | KeyLike | Jwk
 export type { GenerateKeyPairOptions, GenerateKeyPairResult }
-export class JoseKey extends Key {
+export class JoseKey<J extends Jwk = Jwk> extends Key<J> {
-  #keyObj?: KeyLike | Uint8Array
+  /**
-
+   * Some runtimes (e.g. Bun) require an `alg` second argument to be set when
-  protected async getKey() {
+   * invoking `importJWK`. In order to be compatible with these runtimes, we
   * provide the following method to ensure the `alg` is always set. We also
   * take the opportunity to ensure that the `alg` is compatible with this key.
   */
  protected async getKeyObj(alg: string) {
    if (!this.algorithms.includes(alg)) {
      throw new JwkError(`Key cannot be used with algorithm "${alg}"`)
    }
    try {
-      return (this.#keyObj ||= await importJWK(this.jwk as JWK))
+      return await importJWK(this.jwk as JWK, alg)
    } catch (cause) {
      throw new JwkError('Failed to import JWK', undefined, { cause })
    }
  }
-  async createJwt(header: JwtHeader, payload: JwtPayload) {
+  async createJwt(header: JwtHeader, payload: JwtPayload): Promise<SignedJwt> {
    if (header.kid && header.kid !== this.kid) {
      throw new JwtCreateError(
        `Invalid "kid" (${header.kid}) used to sign with key "${this.kid}"`,
      )
    }
    if (!header.alg || !this.algorithms.includes(header.alg)) {
      throw new JwtCreateError(
        `Invalid "alg" (${header.alg}) used to sign with key "${this.kid}"`,
      )
    }
    const keyObj = await this.getKey()
    return new SignJWT(payload)
      .setProtectedHeader({ ...header, kid: this.kid })
      .sign(keyObj) as Promise<SignedJwt>
  }
  async verifyJwt<
    P extends VerifyPayload = JwtPayload,
    C extends string = string,
  >(token: SignedJwt, options?: VerifyOptions<C>): Promise<VerifyResult<P, C>> {
    try {
-      const keyObj = await this.getKey()
+      const { kid } = header
-      const result = await jwtVerify(token, keyObj, {
+      if (kid && kid !== this.kid) {
-        ...options,
+        throw new JwtCreateError(
-        algorithms: this.algorithms,
+          `Invalid "kid" (${kid}) used to sign with key "${this.kid}"`,
-      } as JWTVerifyOptions)
+        )
      }
-      return result as VerifyResult<P, C>
+      const { alg } = header
-    } catch (error) {
+      if (!alg) {
-      if (error instanceof JOSEError) {
+        throw new JwtCreateError('Missing "alg" in JWT header')
-        throw new JwtVerifyError(error.message, error.code, { cause: error })
+      }
      const keyObj = await this.getKeyObj(alg)
      const jwtBuilder = new SignJWT(payload).setProtectedHeader({
        ...header,
        alg,
        kid: this.kid,
      })
      const signedJwt = await jwtBuilder.sign(keyObj)
      return signedJwt as SignedJwt
    } catch (cause) {
      if (cause instanceof JOSEError) {
        throw new JwtCreateError(cause.message, cause.code, { cause })
      } else {
-        throw JwtVerifyError.from(error)
+        throw JwtCreateError.from(cause)
      }
    }
  }
  async verifyJwt<C extends string = never>(
    token: SignedJwt,
    options?: VerifyOptions<C>,
  ): Promise<VerifyResult<C>> {
    try {
      const result = await jwtVerify(
        token,
        async ({ alg }) => this.getKeyObj(alg),
        { ...options, algorithms: this.algorithms } as JWTVerifyOptions,
      )
      // @NOTE if all tokens are signed exclusively through createJwt(), then
      // there should be no need to parse the payload and headers here. But
      // since the JWT could have been signed with the same key from somewhere
      // else, let's parse it to ensure the integrity (and type safety) of the
      // data.
      const headerParsed = jwtHeaderSchema.safeParse(result.protectedHeader)
      if (!headerParsed.success) {
        throw new JwtVerifyError('Invalid JWT header', undefined, {
          cause: headerParsed.error,
        })
      }
      const payloadParsed = jwtPayloadSchema.safeParse(result.payload)
      if (!payloadParsed.success) {
        throw new JwtVerifyError('Invalid JWT payload', undefined, {
          cause: payloadParsed.error,
        })
      }
      return {
        protectedHeader: headerParsed.data,
        // "requiredClaims" enforced by jwtVerify()
        payload: payloadParsed.data as RequiredKey<JwtPayload, C>,
      }
    } catch (cause) {
      if (cause instanceof JOSEError) {
        throw new JwtVerifyError(cause.message, cause.code, { cause })
      } else {
        throw JwtVerifyError.from(cause)
      }
    }
  }
--- a/packages/oauth/jwk-webcrypto/CHANGELOG.md
+++ b/packages/oauth/jwk-webcrypto/CHANGELOG.md
@ -1,5 +1,13 @@
 # @atproto/jwk-webcrypto
 ## 0.1.3
 ### Patch Changes
 - Updated dependencies [[`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0)]:
  - @atproto/jwk@0.1.2
  - @atproto/jwk-jose@0.1.3
 ## 0.1.2
 ### Patch Changes
--- a/packages/oauth/jwk-webcrypto/package.json
+++ b/packages/oauth/jwk-webcrypto/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/jwk-webcrypto",
-  "version": "0.1.2",
+  "version": "0.1.3",
  "license": "MIT",
  "description": "Webcrypto based implementation of @atproto/jwk Key's",
  "keywords": [
@ -25,7 +25,8 @@
  },
  "dependencies": {
    "@atproto/jwk": "workspace:*",
-    "@atproto/jwk-jose": "workspace:*"
+    "@atproto/jwk-jose": "workspace:*",
    "zod": "^3.23.8"
  },
  "devDependencies": {
    "typescript": "^5.6.3"
--- a/packages/oauth/jwk-webcrypto/src/webcrypto-key.ts
+++ b/packages/oauth/jwk-webcrypto/src/webcrypto-key.ts
@ -1,9 +1,20 @@
-import { Jwk, jwkSchema } from '@atproto/jwk'
+import { JwkError, jwkSchema } from '@atproto/jwk'
 import { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose'
 import z from 'zod'
 import { fromSubtleAlgorithm, isCryptoKeyPair } from './util.js'
-export class WebcryptoKey extends JoseKey {
+// Webcrypto keys are bound to a single algorithm
 export const jwkWithAlgSchema = z.intersection(
  jwkSchema,
  z.object({ alg: z.string() }),
 )
 export type JwkWithAlg = z.infer<typeof jwkWithAlgSchema>
 export class WebcryptoKey<
  J extends JwkWithAlg = JwkWithAlg,
 > extends JoseKey<J> {
  // We need to override the static method generate from JoseKey because
  // the browser needs both the private and public keys
  static override async generate(
@ -26,29 +37,35 @@ export class WebcryptoKey extends JoseKey {
    // > The "use" and "key_ops" JWK members SHOULD NOT be used together; [...]
    // > Applications should specify which of these members they use.
-    const { key_ops: _, ...jwk } = await crypto.subtle.exportKey(
+    const {
      key_ops,
      use,
      alg = fromSubtleAlgorithm(cryptoKeyPair.privateKey.algorithm),
      ...jwk
    } = await crypto.subtle.exportKey(
      'jwk',
      cryptoKeyPair.privateKey.extractable
        ? cryptoKeyPair.privateKey
        : cryptoKeyPair.publicKey,
    )
-    const use = jwk.use ?? 'sig'
+    if (use && use !== 'sig') {
-    const alg =
+      throw new TypeError(`Unsupported JWK use "${use}"`)
-      jwk.alg ?? fromSubtleAlgorithm(cryptoKeyPair.privateKey.algorithm)
+    }
-    if (use !== 'sig') {
+    if (key_ops && !key_ops.some((o) => o === 'sign' || o === 'verify')) {
-      throw new TypeError('Unsupported JWK use')
+      // Make sure that "key_ops", if present, is compatible with "use"
      throw new TypeError(`Invalid key_ops "${key_ops}" for "sig" use`)
    }
    return new WebcryptoKey(
-      jwkSchema.parse({ ...jwk, use, kid, alg }),
+      jwkWithAlgSchema.parse({ ...jwk, kid, alg, use: 'sig' }),
      cryptoKeyPair,
    )
  }
  constructor(
-    jwk: Jwk,
+    jwk: Readonly<J>,
    readonly cryptoKeyPair: CryptoKeyPair,
  ) {
    super(jwk)
@ -58,12 +75,15 @@ export class WebcryptoKey extends JoseKey {
    return true
  }
-  get privateJwk(): Jwk | undefined {
+  get privateJwk(): Readonly<J> | undefined {
    if (super.isPrivate) return this.jwk
    throw new Error('Private Webcrypto Key not exportable')
  }
-  protected override async getKey() {
+  protected override async getKeyObj(alg: string) {
    if (this.jwk.alg !== alg) {
      throw new JwkError(`Key cannot be used with algorithm "${alg}"`)
    }
    return this.cryptoKeyPair.privateKey
  }
 }
--- a/packages/oauth/jwk/CHANGELOG.md
+++ b/packages/oauth/jwk/CHANGELOG.md
@ -1,5 +1,17 @@
 # @atproto/jwk
 ## 0.1.2
 ### Patch Changes
 - [#2879](https://github.com/bluesky-social/atproto/pull/2879) [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Mark jwk key fields as readonly
 - [#2879](https://github.com/bluesky-social/atproto/pull/2879) [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Remove unsafe type casting during JWT verification
 - [#2879](https://github.com/bluesky-social/atproto/pull/2879) [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Allow (passthrough) unknown properties in JWT payload & headers
 - [#2879](https://github.com/bluesky-social/atproto/pull/2879) [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Expose ValidationError to allow for proper error handling
 ## 0.1.1
 ### Patch Changes
--- a/packages/oauth/jwk/package.json
+++ b/packages/oauth/jwk/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/jwk",
-  "version": "0.1.1",
+  "version": "0.1.2",
  "license": "MIT",
  "description": "A library for working with JSON Web Keys (JWKs) in TypeScript. This is meant to be extended by environment-specific libraries like @atproto/jwk-jose.",
  "keywords": [
--- a/packages/oauth/jwk/src/index.ts
+++ b/packages/oauth/jwk/src/index.ts
@ -1,3 +1,8 @@
 // Since we expose zod schemas, let's expose ZodError (under a generic name) so
 // that dependents can catch schema parsing errors without requiring an explicit
 // dependency on zod, or risking a conflict in case of mismatching zob versions.
 export { ZodError as ValidationError } from 'zod'
 export * from './alg.js'
 export * from './errors.js'
 export * from './jwk.js'
--- a/packages/oauth/jwk/src/jwt-verify.ts
+++ b/packages/oauth/jwk/src/jwt-verify.ts
@ -1,7 +1,7 @@
 import { JwtHeader, JwtPayload } from './jwt.js'
 import { RequiredKey } from './util.js'
-export type VerifyOptions<C extends string = string> = {
+export type VerifyOptions<C extends string = never> = {
  audience?: string | readonly string[]
  /** in seconds */
  clockTolerance?: number
@ -14,9 +14,7 @@ export type VerifyOptions<C extends string = string> = {
  requiredClaims?: readonly C[]
 }
-export type VerifyPayload = Record<string, unknown>
+export type VerifyResult<C extends string = never> = {
-
+  payload: RequiredKey<JwtPayload, C>
 export type VerifyResult<P extends VerifyPayload, C extends string> = {
  payload: RequiredKey<P & JwtPayload, C>
  protectedHeader: JwtHeader
 }
--- a/packages/oauth/jwk/src/jwt.ts
+++ b/packages/oauth/jwk/src/jwt.ts
@ -24,7 +24,8 @@ export const isUnsignedJwt = (data: unknown): data is UnsignedJwt =>
 /**
 * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4}
 */
-export const jwtHeaderSchema = z.object({
+export const jwtHeaderSchema = z
  .object({
    /** "alg" (Algorithm) Header Parameter */
    alg: z.string(),
    /** "jku" (JWK Set URL) Header Parameter */
@ -56,12 +57,14 @@ export const jwtHeaderSchema = z.object({
    cty: z.string().optional(),
    /** "crit" (Critical) Header Parameter */
    crit: z.array(z.string()).optional(),
-})
+  })
  .passthrough()
 export type JwtHeader = z.infer<typeof jwtHeaderSchema>
 // https://www.iana.org/assignments/jwt/jwt.xhtml
-export const jwtPayloadSchema = z.object({
+export const jwtPayloadSchema = z
  .object({
    iss: z.string().optional(),
    aud: z.union([z.string(), z.array(z.string()).nonempty()]).optional(),
    sub: z.string().optional(),
@ -168,6 +171,7 @@ export const jwtPayloadSchema = z.object({
          .passthrough(),
      )
      .optional(),
-})
+  })
  .passthrough()
 export type JwtPayload = z.infer<typeof jwtPayloadSchema>
--- a/packages/oauth/jwk/src/key.ts
+++ b/packages/oauth/jwk/src/key.ts
@ -1,12 +1,14 @@
 import { jwkAlgorithms } from './alg.js'
 import { JwkError } from './errors.js'
 import { Jwk, jwkSchema } from './jwk.js'
-import { VerifyOptions, VerifyPayload, VerifyResult } from './jwt-verify.js'
+import { VerifyOptions, VerifyResult } from './jwt-verify.js'
 import { JwtHeader, JwtPayload, SignedJwt } from './jwt.js'
 import { cachedGetter } from './util.js'
-export abstract class Key {
+const jwkSchemaReadonly = jwkSchema.readonly()
-  constructor(protected readonly jwk: Readonly<Jwk>) {
+
 export abstract class Key<J extends Jwk = Jwk> {
  constructor(protected readonly jwk: Readonly<J>) {
    // A key should always be used either for signing or encryption.
    if (!jwk.use) throw new JwkError('Missing "use" Parameter value')
  }
@ -24,25 +26,28 @@ export abstract class Key {
    return false
  }
-  get privateJwk(): Jwk | undefined {
+  get privateJwk(): Readonly<J> | undefined {
    return this.isPrivate ? this.jwk : undefined
  }
  @cachedGetter
-  get publicJwk(): Jwk | undefined {
+  get publicJwk():
    | Readonly<Exclude<J, { kty: 'oct' }> & { d?: never }>
    | undefined {
    if (this.isSymetric) return undefined
-    if (this.isPrivate) {
+
-      const { d: _, ...jwk } = this.jwk as any
+    return jwkSchemaReadonly.parse({
-      return jwk
+      ...this.jwk,
-    }
+      d: undefined,
-    return this.jwk
+      k: undefined,
    }) as Exclude<J, { kty: 'oct' }> & { d?: never }
  }
  @cachedGetter
-  get bareJwk(): Jwk | undefined {
+  get bareJwk(): Readonly<Jwk> | undefined {
    if (this.isSymetric) return undefined
    const { kty, crv, e, n, x, y } = this.jwk as any
-    return jwkSchema.parse({ crv, e, kty, n, x, y })
+    return jwkSchemaReadonly.parse({ crv, e, kty, n, x, y })
  }
  get use() {
@ -64,7 +69,7 @@ export abstract class Key {
  }
  get crv() {
-    return (this.jwk as { crv: undefined } | Extract<Jwk, { crv: unknown }>).crv
+    return (this.jwk as { crv: undefined } | Extract<J, { crv: unknown }>).crv
  }
  /**
@ -73,7 +78,7 @@ export abstract class Key {
   */
  @cachedGetter
  get algorithms(): readonly string[] {
-    return Array.from(jwkAlgorithms(this.jwk))
+    return Object.freeze(Array.from(jwkAlgorithms(this.jwk)))
  }
  /**
@ -86,8 +91,8 @@ export abstract class Key {
   *
   * @throws {JwtVerifyError} if the JWT is invalid
   */
-  abstract verifyJwt<
+  abstract verifyJwt<C extends string = never>(
-    P extends VerifyPayload = JwtPayload,
+    token: SignedJwt,
-    C extends string = string,
+    options?: VerifyOptions<C>,
-  >(token: SignedJwt, options?: VerifyOptions<C>): Promise<VerifyResult<P, C>>
+  ): Promise<VerifyResult<C>>
 }
--- a/packages/oauth/jwk/src/keyset.ts
+++ b/packages/oauth/jwk/src/keyset.ts
@ -213,13 +213,10 @@ export class Keyset<K extends Key = Key> implements Iterable<K> {
    }
  }
-  async verifyJwt<
+  async verifyJwt<C extends string = never>(
    P extends Record<string, unknown> = JwtPayload,
    C extends string = string,
  >(
    token: SignedJwt,
    options?: VerifyOptions<C>,
-  ): Promise<VerifyResult<P, C> & { key: K }> {
+  ): Promise<VerifyResult<C> & { key: K }> {
    const { header } = unsafeDecodeJwt(token)
    const { kid, alg } = header
@ -227,7 +224,7 @@ export class Keyset<K extends Key = Key> implements Iterable<K> {
    for (const key of this.list({ kid, alg })) {
      try {
-        const result = await key.verifyJwt<P, C>(token, options)
+        const result = await key.verifyJwt<C>(token, options)
        return { ...result, key }
      } catch (err) {
        errors.push(err)
--- a/packages/oauth/jwk/src/util.ts
+++ b/packages/oauth/jwk/src/util.ts
@ -5,12 +5,12 @@ import { RefinementCtx, ZodIssueCode } from 'zod'
 export type Simplify<T> = { [K in keyof T]: T[K] } & {}
 export type Override<T, V> = Simplify<V & Omit<T, keyof V>>
-export type RequiredKey<T, K extends string> = Simplify<
+export type RequiredKey<T, K extends keyof T = never> = Simplify<
-  string extends K
+  T & {
-    ? T
+    [L in K]-?: unknown extends T[L]
-    : {
+      ? NonNullable<unknown> | null
-        [L in K]: Exclude<L extends keyof T ? T[L] : unknown, undefined>
+      : Exclude<T[L], undefined>
-      } & Omit<T, K>
+  }
 >
 // eslint-disable-next-line @typescript-eslint/ban-types
--- a/packages/oauth/oauth-client-browser/CHANGELOG.md
+++ b/packages/oauth/oauth-client-browser/CHANGELOG.md
@ -1,5 +1,16 @@
 # @atproto/oauth-client-browser
 ## 0.3.7
 ### Patch Changes
 - Updated dependencies [[`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0)]:
  - @atproto/jwk@0.1.2
  - @atproto/jwk-webcrypto@0.1.3
  - @atproto/oauth-client@0.3.7
  - @atproto/oauth-types@0.2.2
  - @atproto-labs/did-resolver@0.1.8
 ## 0.3.6
 ### Patch Changes
--- a/packages/oauth/oauth-client-browser/package.json
+++ b/packages/oauth/oauth-client-browser/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/oauth-client-browser",
-  "version": "0.3.6",
+  "version": "0.3.7",
  "license": "MIT",
  "description": "ATPROTO OAuth client for the browser (relies on WebCrypto & Indexed DB)",
  "keywords": [
--- a/packages/oauth/oauth-client-node/CHANGELOG.md
+++ b/packages/oauth/oauth-client-node/CHANGELOG.md
@ -1,5 +1,18 @@
 # @atproto/oauth-client-node
 ## 0.2.7
 ### Patch Changes
 - Updated dependencies [[`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0)]:
  - @atproto/jwk@0.1.2
  - @atproto/jwk-jose@0.1.3
  - @atproto/jwk-webcrypto@0.1.3
  - @atproto/oauth-client@0.3.7
  - @atproto/oauth-types@0.2.2
  - @atproto-labs/did-resolver@0.1.8
  - @atproto-labs/handle-resolver-node@0.1.10
 ## 0.2.6
 ### Patch Changes
--- a/packages/oauth/oauth-client-node/package.json
+++ b/packages/oauth/oauth-client-node/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/oauth-client-node",
-  "version": "0.2.6",
+  "version": "0.2.7",
  "license": "MIT",
  "description": "ATPROTO OAuth client for the NodeJS",
  "keywords": [
--- a/packages/oauth/oauth-client/CHANGELOG.md
+++ b/packages/oauth/oauth-client/CHANGELOG.md
@ -1,5 +1,16 @@
 # @atproto/oauth-client
 ## 0.3.7
 ### Patch Changes
 - Updated dependencies [[`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`5ece8c6ae`](https://github.com/bluesky-social/atproto/commit/5ece8c6aeab9c5c3f51295d93ed6e27c3c6095c2), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`5ece8c6ae`](https://github.com/bluesky-social/atproto/commit/5ece8c6aeab9c5c3f51295d93ed6e27c3c6095c2)]:
  - @atproto/jwk@0.1.2
  - @atproto-labs/fetch@0.2.0
  - @atproto/oauth-types@0.2.2
  - @atproto-labs/did-resolver@0.1.8
  - @atproto-labs/identity-resolver@0.1.10
 ## 0.3.6
 ### Patch Changes
--- a/packages/oauth/oauth-client/package.json
+++ b/packages/oauth/oauth-client/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/oauth-client",
-  "version": "0.3.6",
+  "version": "0.3.7",
  "license": "MIT",
  "description": "OAuth client for ATPROTO PDS. This package serves as common base for environment-specific implementations (NodeJS, Browser, React-Native).",
  "keywords": [
--- a/packages/oauth/oauth-provider/CHANGELOG.md
+++ b/packages/oauth/oauth-provider/CHANGELOG.md
@ -1,5 +1,16 @@
 # @atproto/oauth-provider
 ## 0.2.12
 ### Patch Changes
 - Updated dependencies [[`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`5ece8c6ae`](https://github.com/bluesky-social/atproto/commit/5ece8c6aeab9c5c3f51295d93ed6e27c3c6095c2), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`5ece8c6ae`](https://github.com/bluesky-social/atproto/commit/5ece8c6aeab9c5c3f51295d93ed6e27c3c6095c2)]:
  - @atproto/jwk@0.1.2
  - @atproto/jwk-jose@0.1.3
  - @atproto-labs/fetch@0.2.0
  - @atproto/oauth-types@0.2.2
  - @atproto-labs/fetch-node@0.1.5
 ## 0.2.11
 ### Patch Changes
--- a/packages/oauth/oauth-provider/package.json
+++ b/packages/oauth/oauth-provider/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/oauth-provider",
-  "version": "0.2.11",
+  "version": "0.2.12",
  "license": "MIT",
  "description": "Generic OAuth2 and OpenID Connect provider for Node.js. Currently only supports features needed for Atproto.",
  "keywords": [
--- a/packages/oauth/oauth-provider/src/signer/signed-token-payload.ts
+++ b/packages/oauth/oauth-provider/src/signer/signed-token-payload.ts
@ -27,7 +27,8 @@ export const signedTokenPayloadSchema = z.intersection(
      jti: tokenIdSchema,
      sub: subSchema,
      client_id: clientIdSchema,
-    }),
+    })
    .passthrough(),
 )
 export type SignedTokenPayload = Simplify<
--- a/packages/oauth/oauth-provider/src/signer/signer.ts
+++ b/packages/oauth/oauth-provider/src/signer/signer.ts
@ -19,7 +19,7 @@ import {
  signedTokenPayloadSchema,
 } from './signed-token-payload.js'
-export type SignPayload = Omit<JwtPayload, 'iss'>
+export type SignPayload = JwtPayload & { iss?: never }
 export class Signer {
  constructor(
@ -27,11 +27,11 @@ export class Signer {
    public readonly keyset: Keyset,
  ) {}
-  async verify<P extends Record<string, unknown> = JwtPayload>(
+  async verify<C extends string = never>(
    token: SignedJwt,
-    options?: Omit<VerifyOptions, 'issuer'>,
+    options?: Omit<VerifyOptions<C>, 'issuer'>,
  ) {
-    return this.keyset.verifyJwt<P>(token, {
+    return this.keyset.verifyJwt<C>(token, {
      ...options,
      issuer: [this.issuer],
    })
@ -84,18 +84,16 @@ export class Signer {
    )
  }
-  async verifyAccessToken(token: SignedJwt) {
+  async verifyAccessToken<C extends string = never>(
-    const result = await this.verify<SignedTokenPayload>(token, {
+    token: SignedJwt,
-      typ: 'at+jwt',
+    options?: Omit<VerifyOptions<C>, 'issuer' | 'typ'>,
-    })
+  ) {
-
+    const result = await this.verify<C>(token, { ...options, typ: 'at+jwt' })
-    // The result is already type casted as an AccessTokenPayload, but we need
+    type Payload = typeof result.payload // RequiredKey<JwtPayload, C>
-    // to actually verify this. That should already be covered by the fact that
+    return {
-    // we don't sign 'at+jwt' tokens without a valid token ID. Let's double
+      protectedHeader: result.protectedHeader,
-    // check in case another version/implementation was used to generate the
+      payload: signedTokenPayloadSchema.parse(result.payload) as Payload &
-    // token.
+        SignedTokenPayload,
-    signedTokenPayloadSchema.parse(result.payload)
+    }
    return result
  }
 }
--- a/packages/oauth/oauth-provider/src/token/token-manager.ts
+++ b/packages/oauth/oauth-provider/src/token/token-manager.ts
@ -462,6 +462,7 @@ export class TokenManager {
      case isSignedJwt(token): {
        const { payload } = await this.signer.verify(token, {
          clockTolerance: Infinity,
          requiredClaims: ['jti'],
        })
        const tokenId = tokenIdSchema.parse(payload.jti)
        await this.store.deleteToken(tokenId)
--- a/packages/oauth/oauth-types/CHANGELOG.md
+++ b/packages/oauth/oauth-types/CHANGELOG.md
@ -1,5 +1,12 @@
 # @atproto/oauth-types
 ## 0.2.2
 ### Patch Changes
 - Updated dependencies [[`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0)]:
  - @atproto/jwk@0.1.2
 ## 0.2.1
 ### Patch Changes
--- a/packages/oauth/oauth-types/package.json
+++ b/packages/oauth/oauth-types/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/oauth-types",
-  "version": "0.2.1",
+  "version": "0.2.2",
  "license": "MIT",
  "description": "OAuth typing & validation library",
  "keywords": [
--- a/packages/ozone/CHANGELOG.md
+++ b/packages/ozone/CHANGELOG.md
@ -1,5 +1,23 @@
 # @atproto/ozone
 ## 0.1.67
 ### Patch Changes
 - [#3344](https://github.com/bluesky-social/atproto/pull/3344) [`48a0e9d60`](https://github.com/bluesky-social/atproto/commit/48a0e9d6060c2dc93899f13f2fc7cc76c04fbcd9) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Properly dispose of unused http responses
 - Updated dependencies [[`e277158f7`](https://github.com/bluesky-social/atproto/commit/e277158f70a831b04fde3ec84b3c1eaa6ce82e9d)]:
  - @atproto/api@0.13.27
 ## 0.1.66
 ### Patch Changes
 - Updated dependencies [[`1abfd74ec`](https://github.com/bluesky-social/atproto/commit/1abfd74ec7114e5d8e2411f7a4fa10bdce97e277)]:
  - @atproto/crypto@0.4.3
  - @atproto/identity@0.4.5
  - @atproto/xrpc-server@0.7.6
 ## 0.1.65
 ### Patch Changes
--- a/packages/ozone/package.json
+++ b/packages/ozone/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/ozone",
-  "version": "0.1.65",
+  "version": "0.1.67",
  "license": "MIT",
  "description": "Backend service for moderating the Bluesky network.",
  "keywords": [
--- a/packages/ozone/src/daemon/blob-diverter.ts
+++ b/packages/ozone/src/daemon/blob-diverter.ts
@ -46,7 +46,7 @@ export class BlobDiverter {
      })
    if (blobResponse.statusCode !== 200) {
-      blobResponse.body.destroy()
+      await blobResponse.body.dump()
      throw new XRPCError(
        blobResponse.statusCode,
        undefined,
@ -72,7 +72,7 @@ export class BlobDiverter {
      }
    } catch (err) {
      // Typically un-supported content encoding
-      blobResponse.body.destroy()
+      await blobResponse.body.dump()
      throw err
    }
  }
@ -99,7 +99,7 @@ export class BlobDiverter {
      })
    if (result.statusCode !== 200) {
-      result.body.destroy()
+      await result.body.dump()
      throw new XRPCError(
        result.statusCode,
        undefined,
--- a/packages/ozone/src/lexicon/lexicons.ts
+++ b/packages/ozone/src/lexicon/lexicons.ts
@ -12359,7 +12359,7 @@ export const schemaDict = {
              items: {
                type: 'string',
                description:
-                  'If specified, only events where the policy matches the given policy are returned',
+                  'If specified, only events where the action policies match any of the given policies are returned',
              },
            },
            cursor: {
--- a/packages/ozone/src/lexicon/types/app/bsky/actor/getSuggestions.ts
+++ b/packages/ozone/src/lexicon/types/app/bsky/actor/getSuggestions.ts
@ -19,6 +19,8 @@ export type InputSchema = undefined
 export interface OutputSchema {
  cursor?: string
  actors: AppBskyActorDefs.ProfileView[]
  /** Snowflake for this recommendation, use when submitting recommendation events. */
  recId?: number
  [k: string]: unknown
 }
--- a/packages/ozone/src/lexicon/types/app/bsky/graph/getSuggestedFollowsByActor.ts
+++ b/packages/ozone/src/lexicon/types/app/bsky/graph/getSuggestedFollowsByActor.ts
@ -19,6 +19,8 @@ export interface OutputSchema {
  suggestions: AppBskyActorDefs.ProfileView[]
  /** If true, response has fallen-back to generic results, and is not scoped using relativeToDid */
  isFallback?: boolean
  /** Snowflake for this recommendation, use when submitting recommendation events. */
  recId?: number
  [k: string]: unknown
 }
--- a/packages/ozone/src/lexicon/types/app/bsky/unspecced/getSuggestionsSkeleton.ts
+++ b/packages/ozone/src/lexicon/types/app/bsky/unspecced/getSuggestionsSkeleton.ts
@ -25,6 +25,8 @@ export interface OutputSchema {
  actors: AppBskyUnspeccedDefs.SkeletonSearchActor[]
  /** DID of the account these suggestions are relative to. If this is returned undefined, suggestions are based on the viewer. */
  relativeToDid?: string
  /** Snowflake for this recommendation, use when submitting recommendation events. */
  recId?: number
  [k: string]: unknown
 }
--- a/packages/pds/CHANGELOG.md
+++ b/packages/pds/CHANGELOG.md
@ -1,5 +1,26 @@
 # @atproto/pds
 ## 0.4.84
 ### Patch Changes
 - Updated dependencies [[`e277158f7`](https://github.com/bluesky-social/atproto/commit/e277158f70a831b04fde3ec84b3c1eaa6ce82e9d)]:
  - @atproto/api@0.13.27
  - @atproto/oauth-provider@0.2.12
  - @atproto-labs/fetch-node@0.1.5
 ## 0.4.83
 ### Patch Changes
 - Updated dependencies [[`1abfd74ec`](https://github.com/bluesky-social/atproto/commit/1abfd74ec7114e5d8e2411f7a4fa10bdce97e277)]:
  - @atproto/crypto@0.4.3
  - @atproto/aws@0.2.12
  - @atproto/identity@0.4.5
  - @atproto/repo@0.6.2
  - @atproto/xrpc-server@0.7.6
  - @atproto-labs/xrpc-utils@0.0.2
 ## 0.4.82
 ### Patch Changes
--- a/packages/pds/package.json
+++ b/packages/pds/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/pds",
-  "version": "0.4.82",
+  "version": "0.4.84",
  "license": "MIT",
  "description": "Reference implementation of atproto Personal Data Server (PDS)",
  "keywords": [
--- a/packages/pds/src/lexicon/lexicons.ts
+++ b/packages/pds/src/lexicon/lexicons.ts
@ -12359,7 +12359,7 @@ export const schemaDict = {
              items: {
                type: 'string',
                description:
-                  'If specified, only events where the policy matches the given policy are returned',
+                  'If specified, only events where the action policies match any of the given policies are returned',
              },
            },
            cursor: {
--- a/packages/pds/src/lexicon/types/app/bsky/actor/getSuggestions.ts
+++ b/packages/pds/src/lexicon/types/app/bsky/actor/getSuggestions.ts
@ -19,6 +19,8 @@ export type InputSchema = undefined
 export interface OutputSchema {
  cursor?: string
  actors: AppBskyActorDefs.ProfileView[]
  /** Snowflake for this recommendation, use when submitting recommendation events. */
  recId?: number
  [k: string]: unknown
 }
--- a/packages/pds/src/lexicon/types/app/bsky/graph/getSuggestedFollowsByActor.ts
+++ b/packages/pds/src/lexicon/types/app/bsky/graph/getSuggestedFollowsByActor.ts
@ -19,6 +19,8 @@ export interface OutputSchema {
  suggestions: AppBskyActorDefs.ProfileView[]
  /** If true, response has fallen-back to generic results, and is not scoped using relativeToDid */
  isFallback?: boolean
  /** Snowflake for this recommendation, use when submitting recommendation events. */
  recId?: number
  [k: string]: unknown
 }
--- a/packages/pds/src/lexicon/types/app/bsky/unspecced/getSuggestionsSkeleton.ts
+++ b/packages/pds/src/lexicon/types/app/bsky/unspecced/getSuggestionsSkeleton.ts
@ -25,6 +25,8 @@ export interface OutputSchema {
  actors: AppBskyUnspeccedDefs.SkeletonSearchActor[]
  /** DID of the account these suggestions are relative to. If this is returned undefined, suggestions are based on the viewer. */
  relativeToDid?: string
  /** Snowflake for this recommendation, use when submitting recommendation events. */
  recId?: number
  [k: string]: unknown
 }
--- a/packages/pds/tests/_util.ts
+++ b/packages/pds/tests/_util.ts
@ -5,6 +5,7 @@ import { CID } from 'multiformats/cid'
 import { Server } from 'node:http'
 import { AddressInfo } from 'node:net'
 import { FeedViewPost } from '../src/lexicon/types/app/bsky/feed/defs'
 import { ToolsOzoneModerationDefs } from '@atproto/api'
 // Swap out identifiers and dates with stable
 // values for the purpose of snapshot testing
@ -202,3 +203,21 @@ export async function stopServer(server: Server) {
    })
  })
 }
 const normalizeSubjectStatus = (
  subject: ToolsOzoneModerationDefs.SubjectStatusView,
 ) => {
  return { ...subject, tags: subject.tags?.sort() }
 }
 export const forSubjectStatusSnapshot = (
  status:
    | ToolsOzoneModerationDefs.SubjectStatusView
    | ToolsOzoneModerationDefs.SubjectStatusView[],
 ) => {
  if (Array.isArray(status)) {
    return forSnapshot(status.map(normalizeSubjectStatus))
  }
  return forSnapshot(normalizeSubjectStatus(status))
 }
--- a/packages/pds/tests/takedown-appeal.test.ts
+++ b/packages/pds/tests/takedown-appeal.test.ts
@ -1,6 +1,6 @@
 import { AtpAgent, ComAtprotoModerationDefs } from '@atproto/api'
 import { SeedClient, TestNetwork } from '@atproto/dev-env'
-import { forSnapshot } from './_util'
+import { forSubjectStatusSnapshot } from './_util'
 import { ids } from '../src/lexicon/lexicons'
 describe('appeal account takedown', () => {
@ -35,6 +35,7 @@ describe('appeal account takedown', () => {
      email: 'jeff@test.com',
      password: 'password',
    })
    await network.processAll()
    // Emit a takedown event
    await network.ozone.getModClient().performTakedown({
@ -97,7 +98,9 @@ describe('appeal account takedown', () => {
    )
    expect(result.subjectStatuses[0].appealed).toBe(true)
-    expect(forSnapshot(result.subjectStatuses[0])).toMatchSnapshot()
+    expect(
      forSubjectStatusSnapshot(result.subjectStatuses[0]),
    ).toMatchSnapshot()
  })
  it('takendown actor is not allowed to create reports.', async () => {
--- a/packages/repo/CHANGELOG.md
+++ b/packages/repo/CHANGELOG.md
@ -1,5 +1,12 @@
 # @atproto/repo
 ## 0.6.2
 ### Patch Changes
 - Updated dependencies [[`1abfd74ec`](https://github.com/bluesky-social/atproto/commit/1abfd74ec7114e5d8e2411f7a4fa10bdce97e277)]:
  - @atproto/crypto@0.4.3
 ## 0.6.1
 ### Patch Changes
--- a/packages/repo/package.json
+++ b/packages/repo/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/repo",
-  "version": "0.6.1",
+  "version": "0.6.2",
  "license": "MIT",
  "description": "atproto repo and MST implementation",
  "keywords": [
--- a/packages/sync/CHANGELOG.md
+++ b/packages/sync/CHANGELOG.md
@ -1,5 +1,14 @@
 # @atproto/sync
 ## 0.1.9
 ### Patch Changes
 - Updated dependencies []:
  - @atproto/identity@0.4.5
  - @atproto/repo@0.6.2
  - @atproto/xrpc-server@0.7.6
 ## 0.1.8
 ### Patch Changes
--- a/packages/sync/package.json
+++ b/packages/sync/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/sync",
-  "version": "0.1.8",
+  "version": "0.1.9",
  "license": "MIT",
  "description": "atproto sync library",
  "keywords": [
--- a/packages/xrpc-server/CHANGELOG.md
+++ b/packages/xrpc-server/CHANGELOG.md
@ -1,5 +1,12 @@
 # @atproto/xrpc-server
 ## 0.7.6
 ### Patch Changes
 - Updated dependencies [[`1abfd74ec`](https://github.com/bluesky-social/atproto/commit/1abfd74ec7114e5d8e2411f7a4fa10bdce97e277)]:
  - @atproto/crypto@0.4.3
 ## 0.7.5
 ### Patch Changes
--- a/packages/xrpc-server/package.json
+++ b/packages/xrpc-server/package.json
@ -1,6 +1,6 @@
 {
  "name": "@atproto/xrpc-server",
-  "version": "0.7.5",
+  "version": "0.7.6",
  "license": "MIT",
  "description": "atproto HTTP API (XRPC) server library",
  "keywords": [
@ -37,7 +37,7 @@
    "@atproto/crypto": "workspace:^",
    "@types/express": "^4.17.13",
    "@types/express-serve-static-core": "^4.17.36",
-    "@types/http-errors": "^2.0.1",
+    "@types/http-errors": "^2.0.4",
    "@types/ws": "^8.5.4",
    "get-port": "^6.1.2",
    "jest": "^28.1.2",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -201,7 +201,7 @@ importers:
        version: 0.0.1
      '@types/http-errors':
        specifier: ^2.0.1
-        version: 2.0.1
+        version: 2.0.4
      compression:
        specifier: ^1.7.4
        version: 1.7.4
@ -812,6 +812,9 @@ importers:
      '@atproto/jwk-jose':
        specifier: workspace:*
        version: link:../jwk-jose
      zod:
        specifier: ^3.23.8
        version: 3.23.8
    devDependencies:
      typescript:
        specifier: ^5.6.3
@ -1566,8 +1569,8 @@ importers:
        specifier: ^4.17.36
        version: 4.17.36
      '@types/http-errors':
-        specifier: ^2.0.1
+        specifier: ^2.0.4
-        version: 2.0.1
+        version: 2.0.4
      '@types/ws':
        specifier: ^8.5.4
        version: 8.5.4
@ -6310,8 +6313,8 @@ packages:
      '@types/node': 18.19.67
    dev: true
-  /@types/http-errors@2.0.1:
+  /@types/http-errors@2.0.4:
-    resolution: {integrity: sha512-/K3ds8TRAfBvi5vfjuz8y6+GiAYBZ0x4tXv1Av6CWBWn0IlADc+ZX9pMq7oU0fNQPnBwIZl3rmeLp6SBApbxSQ==}
+    resolution: {integrity: sha512-D0CFMMtydbJAegzOyHjtiKPLlvnm3iTZyZRSZoLq2mRhDdmLfIWOCYPfQJ4cu2erKghU++QvjcUjp/5h7hESpA==}
  /@types/is-ci@3.0.0:
    resolution: {integrity: sha512-Q0Op0hdWbYd1iahB+IFNQcWXFq4O0Q5MwQP7uN0souuQ4rPg1vEYcnIOfr1gY+M+6rc8FGoRaBO1mOOvL29sEQ==}
@ -6447,7 +6450,7 @@ packages:
  /@types/serve-static@1.15.2:
    resolution: {integrity: sha512-J2LqtvFYCzaj8pVYKw8klQXrLLk7TBZmQ4ShlcdkELFKGwGMfevMLneMMRkMgZxotOD9wg497LpC7O8PcvAmfw==}
    dependencies:
-      '@types/http-errors': 2.0.1
+      '@types/http-errors': 2.0.4
      '@types/mime': 3.0.1
      '@types/node': 18.19.67
Author	SHA1	Message	Date
Daniel Holmgren	3f93d8cabf	Fix flaky appeal test (#3369 ) fix flaky appeal test	2025-01-14 13:02:06 -06:00
Hailey	17057144d8	add pipethrough for recids on suggestions (#3365 ) * add pipethrough * add missing	2025-01-13 16:33:32 -08:00
github-actions[bot]	a44db38d05	Version packages (#3345 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2025-01-13 16:32:43 -08:00
Ian Wesley-Smith	e277158f70	Add recId to getSuggestionsSkeleton (#3364 ) * Add recId to getSuggestionsSkeleton * codegen * add recId to app client endpoints * codegen * changeset --------- Co-authored-by: Hailey <me@haileyok.com>	2025-01-13 15:34:11 -08:00
Matthieu Sieben	d97272de0b	Fixes lexgen on main (#3351 ) fix lexgen	2025-01-10 14:46:14 +01:00
Matthieu Sieben	5ece8c6aea	Fix typo in "@atproto/fetch" (#3343 ) * fix typo * Response mime type check is now case-insensitive	2025-01-09 14:27:17 +01:00
Matthieu Sieben	2889c76995	Improve type safety and compatibility with Bun (#2879 ) * jwk: Improve type safety and compatibility with Bun * improve type safety of jwk keys * improve typing of verifyAccessToken * update @types/http-errors * Better report invalid content-encoding errors * Mark jwk key fields as readonly	2025-01-09 14:26:07 +01:00
Matthieu Sieben	48a0e9d606	Properly dispose of unused undici HTTP responses (#3344 ) Properly dispose of unused http responses	2025-01-09 14:18:07 +01:00
Foysal Ahamed	9dc7251fc7	✅ Update snapshot check for tags array (#3340 )	2025-01-08 17:24:31 +01:00
github-actions[bot]	5b6e0611d6	Version packages (#3336 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2025-01-07 12:06:16 -06:00