Changelog

jsr-io/jsr · · 16 commits

API split, OTLP export, and key fixes

Big infrastructure refactor plus telemetry changes, with several frontend accessibility and usability fixes and a few important backend corrections.

crowlbot crowlKats

Scaffold workers-rs API worker (crowlbota757423)

Adds a new workers-rs/ Cloudflare Worker skeleton for api.jsr.io, including a /health endpoint and a 501 catch-all. This is the first concrete step in splitting the API between a wasm edge worker and the existing compute service.

Refactor shared API types into jsr_types (crowlbota7fed01)

Extracts shared IDs and models out of api/ into a new wasm-safe jsr_types crate so both the native API and the new worker can share one source of truth. The Docker build and workspace setup were updated to support the new crate without pulling native dependencies into the worker path.

Switch traces export to OTLP/HTTP (crowlKats9d89e55)

Replaces the API's tracing backend from OTLP/gRPC and Cloud Trace to OTLP/HTTP via reqwest, aligning with the managed Grafana Cloud OTLP gateway. Config and Terraform were updated to pass OTLP headers and deployment metadata through to staging and production.

Enable native Cloudflare observability export (crowlKatsd947d07)

Turns on Cloudflare Workers Observability export for logs and traces on the frontend and load balancer, routing them to configured destinations instead of persisting invocation logs locally. This is a meaningful observability change for the edge runtime.

Fix provenance DSSE payload decoding (crowlbotf15d566)

The provenance verifier now accepts URL-safe base64 payloads as well as standard base64, which fixes failures like Invalid symbol 45 for some clients. That unblocks provenance submission for packages whose DSSE envelopes use the -/_ alphabet.

Fix npm tarball file permissions (crowlbot807cfe3)

npm-compat tarballs now emit files with mode 0o644 instead of 0o777. This prevents installed package files from incorrectly inheriting executable bits, which could break downstream tooling and packaging workflows.

Fix README root-relative links (crowlbot4341e3d)

Root-relative links in rendered READMEs now resolve against the repository root instead of being left to 404 on jsr.io. This matches GitHub/npm behavior and fixes broken links like /LICENSE and /docs/....

Other misc changes

  • Frontend accessibility fixes: decorative service logos got empty alt text, the nav overflow button got an accessible name, and diff version selectors got labels/ARIA.
  • Frontend UX fixes: tooltip stacking order improved; package descriptions now wrap long unbroken strings on mobile; usage selector no longer crashes on unsupported saved preferences.
  • CI/Terraform/build maintenance: docker image build and image existence checks tweaked, frontend Cloud Run removed, and the new worker CI/build scaffolding added.
  • Minor doc/comment and internal cleanup across auth/tracing/config files.