Updated README with complete WebFinger section:
## Overview & Features
- Updated tagline to include WebFinger
- Added 🔍 WebFinger to feature list with use cases
## API Reference - webfinger section
### Complete TypeScript Interfaces
- WebFingerConfig with enabled, resources, collections
- WebFingerResource (JRD structure)
- WebFingerLink (rel, href, type, titles, properties)
### Static Resources Example
- Shows simple acct: URI configuration
- ActivityPub/Mastodon integration example
- Profile page and avatar links
### Content Collection Example
- Team members as discoverable resources
- Template URI patterns: acct:{slug}@example.com
- Builder functions for links and properties
- Schema.org property integration
### Common Use Cases
- ActivityPub/Mastodon federation
- OpenID Connect issuer discovery
- Team profile discovery
- Blog author linking
### Query Format Documentation
- Required resource parameter
- Optional rel filtering
- Example queries
### Technical Notes
- Dynamic route (not prerendered)
- CORS enabled per RFC 7033
- Media type: application/jrd+json
- Template variable reference
## Caching Section
- Added webfinger: 3600 (1 hour) to defaults table
Documentation now covers all 7 discovery mechanisms with examples and best practices.
Added complete test coverage for WebFinger JRD generation:
## Static Resources Tests (11 tests)
- Unknown resource returns null
- Basic JRD generation
- Subject defaults to resource when not provided
- Aliases support
- Properties support (URI-based names)
- Links support with rel, href, type
- Rel filtering (single and multiple)
- Link titles with language tags
- Complete JRD with all fields
## Protocol Support Tests
- HTTP/HTTPS resource URIs
- ActivityPub profile discovery (self rel, application/activity+json)
- OpenID Connect issuer discovery
## Edge Cases (4 tests)
- Resource with no links
- Empty aliases array omitted
- Empty properties object omitted
- All links filtered out by rel
Test suite now at 89 tests (up from 72), all passing.
Coverage includes RFC 7033 compliance, common use cases (Mastodon/ActivityPub,
OpenID), and edge cases.
Updated README with complete documentation for new features:
## Overview & Features
- Updated tagline to include security.txt and canary.txt
- Added 🔒 security.txt and 🐦 canary.txt to feature list
## Quick Start
- Added example showing how to enable security and canary files
- Shows resulting .well-known paths
## API Reference
### security section
- Complete TypeScript interface with all RFC 9116 fields
- Example configuration with common options
- Notes on mailto: prefix, auto-expiration, canonical URL
### canary section
- Full interface including CanaryStatement type
- Example with statements, verification, personnel check
- Frequency-based expiration table (daily→yearly)
- Links to CANARY_SPEC.md for full specification
## Caching
- Added security (24 hours) and canary (1 hour) cache defaults
- Note about frequent canary checking
## Advanced Usage
- Added custom template examples for both new files
- Shows proper typing and URL handling
Documentation now covers all 6 generated files with examples and best practices.
Implemented two major new discovery file formats:
## security.txt (RFC 9116 - Industry Standard)
- Standardized security contact information
- Required fields: Contact, Expires, Canonical
- Optional fields: Encryption, Acknowledgments, Policy, Hiring, Languages
- Auto-expiration calculation (1 year by default)
- Proper mailto: prefix handling
- Located at /.well-known/security.txt
## canary.txt (NEW SPECIFICATION)
- First standardized format for warrant canaries
- Machine-readable transparency statements
- Auto-expiring based on update frequency
- Support for multiple statement types (NSL, FISA, gag orders, etc.)
- Optional blockchain proof
- Personnel duress statement
- See CANARY_SPEC.md for full specification
- Located at /.well-known/canary.txt
Changes:
- Added SecurityConfig and CanaryConfig type definitions
- Created generators for both formats with smart defaults
- Added API route handlers with virtual module config
- Updated integration to inject /.well-known/ routes
- Added to cache configuration (security: 24h, canary: 1h)
- Exported new types for TypeScript users
- Updated CLAUDE.md with feature priorities
- Created comprehensive CANARY_SPEC.md specification document
Testing: Both features verified in test project with full configuration.
All files generate correctly with proper formatting and validation.
The initial config-store approach failed because Astro's injected routes
run in isolated contexts during prerendering and don't have access to
global state set during astro:config:setup.
Solution: Created a Vite plugin that provides the configuration through
a virtual module (virtual:@astrojs/discovery/config) which routes can
import at build time.
Changes:
- Added Vite plugin in astro:config:setup hook
- Updated all route handlers to import from virtual module
- Changed version from date-based (2025.11.03) to semantic (1.0.0) per npm requirements
- Added @ts-ignore comments for virtual module imports
Testing: Verified in test project that all configuration now properly
passes through to generated files (robots.txt, llms.txt, humans.txt).
This commit introduces a comprehensive Astro integration that automatically
generates discovery files for websites:
Features:
- robots.txt with LLM bot support (Anthropic-AI, GPTBot, etc.)
- llms.txt for AI assistant context and instructions
- humans.txt for team credits and site information
- Automatic sitemap integration via @astrojs/sitemap
Technical Details:
- TypeScript implementation with full type safety
- Configurable HTTP caching headers
- Custom template support for all generated files
- Sensible defaults with extensive customization options
- Date-based versioning (2025.11.03)
Testing:
- 34 unit tests covering all generators
- Test coverage for robots.txt, llms.txt, and humans.txt
- Integration with Vitest
Documentation:
- Comprehensive README with examples
- API reference documentation
- Contributing guidelines
- Example configurations (minimal and full)
