# Changelog All notable changes to ForgeBucket are documented here. Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). Versions follow [Semantic Versioning](https://semver.org/spec/v2.0.0.html). --- ## [Unreleased] ### Planned — Phase 2 (CI/CD) - CI orchestrator with DAG pipeline execution - Runner manager (Docker, Kubernetes, Firecracker backends) - Pipeline DAG visualization (visual dependency graph with live execution state) - Build artifact storage and retention policies - Forgejo Actions gRPC integration - Flaky test detection - Pipeline log viewer (collapsible, filterable, syntax-highlighted) - Matrix builds and reusable workflow templates - Concurrency controls and pipeline cancellation ### Planned — Phase 3 (GitOps + Observability + Federation) - GitOps controller with reconciliation loops - Environment management and topology visualization - Drift detection and sync status - Deployment promotion workflows (dev → staging → production) - Rollback visualization and one-click rollbacks - Canary and blue/green deployment support - Unified operational timeline (commits + deployments + incidents + CI failures merged) - ActivityPub / ForgeFed federation handlers (inbox, outbox, cross-instance PRs) - Audit log (all administrative and git-over-HTTP actions) - Secret scanning and dependency vulnerability scanning --- ## [0.1.0] — 2026-05-11 Initial development milestone. Core Git hosting, collaboration, and frontend SPA are functional. ### Added — Authentication & Security - User registration and login with secure session cookies - CSRF protection on all mutating routes via `X-CSRF-Token` header - Middleware chain: Logger → RealIP → Recoverer → CORS → CSRF → SessionAuth → RBAC → Handler - SSH key management per user - OIDC / OAuth2 optional integration (configurable via env) - Scoped access tokens with optional expiration dates - Repository deploy keys (read-only or read-write HTTP tokens) - ENV-driven config with fail-fast validation on missing secrets ### Added — Git Hosting - Smart HTTP transport (git clone, push, pull over HTTP) - AGit protocol support (`refs/for/` push for instant PR creation without branch switching) - Branch management (list, create, delete, default branch configuration) - Commit log and diff viewing - Git LFS per-repository (configurable file size limits, locking) - Branch protection rules (force-push blocking, required reviews) - Repository visibility (public / private) ### Added — Collaboration - Pull requests (open / merged / closed states) with author tracking - Issues (open / closed) - Reviewer assignment (default reviewer per repo, per-PR reviewer assignment) - Merge strategy selection per repository (merge commit / squash / rebase) - Branching model configuration (feature / bugfix / release / hotfix prefixes) - PR default description templates (per-repo) - Excluded files from diffs (glob pattern configuration) - Webhook system with event filtering (push, pull_request, issue) - Repository member RBAC (read / write / admin roles) ### Added — Frontend SPA - React 18 + TypeScript + Vite, embedded into Go binary via `//go:embed` - 20 route-level pages: Login, Register, Dashboard, Repos, CreateRepo, ImportRepo, Repo, RepoSettings, Blob, Commits, Branches, RepoIssues, RepoPRs, CreatePR, PRDetail, Starred, PRs (cross-repo), Pipelines (placeholder), Explore, Profile, Settings - AppShell layout wrapper for all authenticated pages - Triple-state sidebar: expanded (320px) / collapsed (56px) / mobile bottom bar - Mobile-first responsive design (375px → 1440px) - DiffViewer: side-by-side and unified views with syntax highlighting - MobileComment: bottom-sheet overlay for inline code review on mobile - TreeBrowser: repository file tree navigation - PipelineWaterfall: placeholder pipeline visualization component - Skeleton loading states for perceived performance ### Added — Design System - Custom semantic token palette in `frontend/src/ui/tokens.ts` - Full dark/light mode support via Tailwind CSS v4 `@variant dark` - Brand colors: `#0052CC` (light) / `#3B82F6` (dark) - 8px grid system (xs: 4px, sm: 8px, md: 16px, lg: 24px, xl: 32px, xxl: 48px) - 44px minimum touch targets on all interactive elements (WCAG 2.5.5) - Consistent border radius scale (subtle 3–8px, full 9999px) - System font stack (Segoe UI, Roboto, sans-serif) ### Added — Infrastructure - PostgreSQL + XORM with 7 migration files covering: users, repositories, issues, SSH keys, access tokens, deploy keys, workflows, and LFS settings - ActivityPub actor data model (FederationActor with inbox/outbox URLs and RSA key pairs) — data layer only - Docker Compose setup for local PostgreSQL - Makefile targets: dev, build, migrate, test, lint, docker-up - WebSockets foundation for live logs and notifications --- [Unreleased]: https://github.com/forgeo/forgebucket/compare/v0.1.0...HEAD [0.1.0]: https://github.com/forgeo/forgebucket/releases/tag/v0.1.0