-
Notifications
You must be signed in to change notification settings - Fork 3
Releases: SatGate-io/satgate
Releases · SatGate-io/satgate
v0.5.2
Full Changelog: v0.5.1...v0.5.2
Assets 8
v0.5.1
Full Changelog: v0.5.0...v0.5.1
Assets 8
v0.5.0
What's Changed
- docs: MCP per-tool cost attribution is shipped by @matt-dean-git in #11
- fix(landing): remove unshipped API marketplace section by @matt-dean-git in #12
- feat(landing): add comparison pages (vs Bifrost, vs Zuplo) by @matt-dean-git in #13
- feat(landing): add blog section with first post by @matt-dean-git in #14
- fix: align homepage pricing tiers with pricing page by @matt-dean-git in #15
- docs: sharpen README for Show HN traffic by @matt-dean-git in #16
- security: fix critical vulnerabilities (timing-safe auth, CORS, credential cleanup) by @matt-dean-git in #17
- security: fix medium vulnerabilities (log sanitization, dependency cleanup, error handling) by @matt-dean-git in #18
- security: fix remaining medium and low vulnerabilities by @matt-dean-git in #19
- chore: gofmt all Go files by @matt-dean-git in #20
- fix: update tests for security changes by @matt-dean-git in #21
- fix: Node.js SDK ESLint config + lint fixes by @matt-dean-git in #22
- fix: Node.js SDK TypeScript errors by @matt-dean-git in #23
- fix: Node.js SDK test config + initial test by @matt-dean-git in #24
- fix: broken README links, missing logo, SDK paths by @matt-dean-git in #25
- fix: remove tracked node_modules, add SECURITY.md by @matt-dean-git in #26
- fix: remove X/Twitter links (empty account) by @matt-dean-git in #27
- fix: remove X/Twitter links (empty account) by @matt-dean-git in #28
- fix: implement proper HMAC-chained macaroon delegation (H5) by @matt-dean-git in #29
- fix: add rate limiting on admin API endpoints (H3) by @matt-dean-git in #30
- copy: align landing page with compass principles by @matt-dean-git in #32
- feat: HTTP/SSE and Streamable HTTP upstream transports by @matt-dean-git in #33
Full Changelog: v0.4.0...v0.5.0
Assets 8
v0.4.0
@github-actions
github-actions
f079792
This commit was created on GitHub.com and signed with GitHub’s verified signature.
What's Changed
- feat: Update Python and Node SDKs for OSS gateway compatibility by @matt-dean-git in #4
- feat: /govern and /design-partners pages for enterprise GTM by @matt-dean-git in #5
- feat: homepage refresh + pricing page by @matt-dean-git in #6
- fix: remove tracked node_modules, .next, and binary by @matt-dean-git in #10
- test: add comprehensive tests for config and proxy packages by @matt-dean-git in #7
- improve: pricing page copy + competitive analysis refresh by @matt-dean-git in #8
- feat: MCP-aware request parsing middleware for tool-level cost attribution by @matt-dean-git in #9
Full Changelog: v0.3.1...v0.4.0
Assets 8
v0.3.1
@matt-dean-git
matt-dean-git
4fa927b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
What's New
🔧 Features
stripPrefixroute option — Dynamically strip matchedpathPrefixbefore proxying upstream./public/get→ upstream receives/get. Previously, the full path was forwarded, causing 404s on most upstreams.
Configuration
routes: - name: my-api match: pathPrefix: /api/v1 upstream: backend stripPrefix: true # NEW: /api/v1/users → backend receives /users policy: kind: capability
stripPrefix: trueremoves the matched prefix before proxyingrewrite(static) takes precedence if both are set- Updated example config and quickstart docs
Full Changelog: v0.3.0...v0.3.1
Assets 8
v0.3.0
@matt-dean-git
matt-dean-git
d8a61ff
This commit was created on GitHub.com and signed with GitHub’s verified signature.
What's New
🔒 Security
- Updated all dependencies — resolves 6 Dependabot vulnerabilities (2 high, 4 moderate)
golang.org/x/cryptov0.28.0 → v0.47.0golang.org/x/netv0.21.0 → v0.49.0
🛠️ Admin API
POST /api/capability/mint— Mint capability tokensPOST /api/capability/delegate— Delegate tokens with caveatsPOST /api/capability/validate— Validate tokensGET /api/capability/ping— Test token validityPOST /api/governance/ban— Ban tokensGET /api/governance/graph— Token lineage for dashboard
🔧 Fixes
- Scope enforcement: check ALL scope caveats (macaroon + semantics)
- Expires caveat: check duration before integer parsing
- Ban list checked before allowing token access
- Stripped upstream CORS headers to prevent duplicates
- Recalculate macaroon signature after adding payment_hash caveat
⚡ Lightning
- NWC (Nostr Wallet Connect) provider support
- L402 cryptographic payment verification via preimage
- Payment polling for mobile wallets (Phoenix, WoS)
- LND support via environment variables
📝 Docs
- Binary-first quickstart — 60-second onboarding
- Updated README with correct endpoints and config format
Full Changelog: v0.2.0...v0.3.0
Assets 8
v0.2.0
Full Changelog: v0.1.0...v0.2.0
Assets 8
v0.1.0
Full Changelog: https://github.com/SatGate-io/satgate/commits/v0.1.0