ascorbic · ascorbic · Jan 1, 2026 · Jan 1, 2026
diff --git a/.changeset/create-pds-ux.md b/.changeset/create-pds-ux.md
diff --git a/.changeset/deactivated-account-pattern.md b/.changeset/deactivated-account-pattern.md
diff --git a/.changeset/oauth-provider-initial.md b/.changeset/oauth-provider-initial.md
diff --git a/packages/create-pds/CHANGELOG.md b/packages/create-pds/CHANGELOG.md
@@ -1,5 +1,11 @@
 # create-pds
 
+## 0.0.4
+
+### Patch Changes
+
+- [#33](https://github.com/ascorbic/atproto-worker/pull/33) [`4f5b50c`](https://github.com/ascorbic/atproto-worker/commit/4f5b50c4911514f0f87dc3f3856a2b4e2ccb9b4d) Thanks [@ascorbic](https://github.com/ascorbic)! - Improve UX with clearer prompts
+
 ## 0.0.3
 
 ### Patch Changes

diff --git a/packages/create-pds/package.json b/packages/create-pds/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "create-pds",
-	"version": "0.0.3",
+	"version": "0.0.4",
 	"description": "Create a new AT Protocol PDS on Cloudflare Workers",
 	"type": "module",
 	"bin": {

diff --git a/packages/oauth-provider/CHANGELOG.md b/packages/oauth-provider/CHANGELOG.md
@@ -0,0 +1,30 @@
+# @ascorbic/atproto-oauth-provider
+
+## 0.1.0
+
+### Minor Changes
+
+- [#33](https://github.com/ascorbic/atproto-worker/pull/33) [`4f5b50c`](https://github.com/ascorbic/atproto-worker/commit/4f5b50c4911514f0f87dc3f3856a2b4e2ccb9b4d) Thanks [@ascorbic](https://github.com/ascorbic)! - Initial release of AT Protocol OAuth 2.1 Provider
+
+  A complete OAuth 2.1 Authorization Server implementation for AT Protocol, enabling "Login with Bluesky" functionality.
+
+  **Features:**
+  - Full OAuth 2.1 Authorization Code flow with PKCE
+  - DPoP (Demonstrating Proof of Possession) support for token binding
+  - PAR (Pushed Authorization Requests) for secure request initiation
+  - Client metadata discovery and validation
+  - Token rotation and revocation
+  - SQLite-based storage adapter for Durable Objects
+
+  **Security:**
+  - Cryptographically secure token generation
+  - PKCE challenge verification (SHA-256)
+  - DPoP proof validation with replay protection
+  - Token binding to prevent token theft
+
+  **Compatibility:**
+  - Integrates with `@atproto/oauth-client` for client applications
+  - Storage interface allows custom backends beyond SQLite
+  - Built for Cloudflare Workers with Durable Objects
+
+  This package enables AT Protocol PDSs to act as OAuth providers, allowing users to authenticate with third-party applications using their PDS identity.
diff --git a/packages/oauth-provider/package.json b/packages/oauth-provider/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@ascorbic/atproto-oauth-provider",
-	"version": "0.0.0",
+	"version": "0.1.0",
 	"description": "OAuth 2.1 Provider with AT Protocol extensions for Cloudflare Workers",
 	"type": "module",
 	"main": "dist/index.js",

diff --git a/packages/pds/CHANGELOG.md b/packages/pds/CHANGELOG.md
@@ -1,5 +1,45 @@
 # @ascorbic/pds
 
+## 0.2.0
+
+### Minor Changes
+
+- [#33](https://github.com/ascorbic/atproto-worker/pull/33) [`4f5b50c`](https://github.com/ascorbic/atproto-worker/commit/4f5b50c4911514f0f87dc3f3856a2b4e2ccb9b4d) Thanks [@ascorbic](https://github.com/ascorbic)! - Implement deactivated account pattern for seamless account migration
+
+  **Account State Management:**
+  - Add account activation state tracking to support migration workflows
+  - New `INITIAL_ACTIVE` environment variable controls whether accounts start active or deactivated
+  - Accounts can transition between active and deactivated states
+
+  **Migration Endpoints:**
+  - `POST /xrpc/com.atproto.server.activateAccount` - Enable writes and firehose events
+  - `POST /xrpc/com.atproto.server.deactivateAccount` - Disable writes while keeping reads available
+  - Enhanced `getAccountStatus` to return actual activation state and migration metrics
+
+  **Write Protection:**
+  - Write operations (`createRecord`, `putRecord`, `deleteRecord`, `applyWrites`) are blocked when account is deactivated
+  - Returns clear "AccountDeactivated" error with helpful instructions
+  - Read operations, `importRepo`, `uploadBlob`, and `activateAccount` remain available
+
+  **Improved Setup Flow:**
+  - `pds init` now asks if you're migrating an existing account
+  - For migrations: auto-resolves handle to DID, deploys account as deactivated
+  - For new accounts: generates identity, deploys as active
+  - Worker name automatically generated from handle using smart slugification
+
+  **Migration UX:**
+  - Handle resolution using DNS-over-HTTPS via `@atproto-labs/handle-resolver`
+  - Retry logic with helpful error messages for failed handle lookups
+  - Step-by-step guidance for export, import, PLC update, and activation
+  - Custom domain validation to prevent using hosted handles (\*.bsky.social)
+
+  This enables users to safely migrate their Bluesky accounts to self-hosted infrastructure with a clean, resumable workflow.
+
+### Patch Changes
+
+- Updated dependencies [[`4f5b50c`](https://github.com/ascorbic/atproto-worker/commit/4f5b50c4911514f0f87dc3f3856a2b4e2ccb9b4d)]:
+  - @ascorbic/atproto-oauth-provider@0.1.0
+
 ## 0.1.0
 
 ### Minor Changes

diff --git a/packages/pds/package.json b/packages/pds/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@ascorbic/pds",
-	"version": "0.1.0",
+	"version": "0.2.0",
 	"description": "AT Protocol PDS on Cloudflare Workers",
 	"type": "module",
 	"main": "dist/index.js",