Merge v.1.8.0

[blowdart]

• Added metrics in AtProtoHttpClientMetrics including request duration, request count and failure count.
• Added metrics in DidPlcDirectory including request duration, request count and failure count.
• Added extensions for OpenTelemetry.Metrics: AddAtProtoHttpClientMetrics, AddAtProtoDirectoryMetrics, and AddAtProtoJetStreamMetrics.
• Added new constructor overloads for AtProtoHttpClient to allow for use with MetricsFactory.
• Added Throttled to AccountStatus in Jetstream account events.
• Added MaxMessageSize to JetStreamOptions to guard against a malicious jetstream server sending overly large messages.
• Added optional validation callbacks to AtProtoAgent.BuildOAuthLoginUri to allow for validation of the discovered PDS and authorization server URIs.
• Added default validation function to disallow loopback and private IP ranges in discovered URIs, to mitigate SSRF attacks.
• Added override on ToString() on AtProtoCredential to return a redacted string in case of accidental logging.
• Added default SSRF protections to AtProtoAgent, AtProtoHttpClient and AtProtoJetStream with idunno.Security.Ssrf.
• Added AllowLoopback parameter to BuildOAuth2LoginUri to allow loopback addresses in discovered URIs for testing and development purposes. This is disabled by default.
• Added == and != operations to Cid.
• Added Bot property to Profile record to set or unset the profile self label
  indicating a bot account, see [APP-1928] add bot/automated account badge and self-labeling settings
• Added SelfLabels property to ProfileViewBasic which returns a list of self labels applied to a profile
• Added SelfLabels property to PostView.
• Added SelfLabelValues class.
• Added Bot and DiscourageShowingToLoggedOutUser to SelfLabelValues.
• Added JsonPolymorphic attributes to individual records to remove the extraneous ExtensionData entries.
• Added CreateStatus, GetStatus and UpdateStatus to BlueskyAgent.
• Added a setter to DurationMinutes on Status and setters to ExternalProperties to allow for updating of an existing profile status.
• Added documentation for metrics.
• Added documentation for setting a status on a profile.
• Changed AtJetStreamIdentity class to make Handle property nullable.
• Add version to JetstreamMetrics
• Made JetStream.MeterName and JetStream.MeterVersion properties public to allow for easy OTEL configuration.
• Fixed OAuth logout.
• Changed JetStreamMetrics from public to internal because it is not intended for public use.
• Remove [Serializable] from AtProtoCredential.
• Exclude Credential in CredentialException from serialization because it may contain sensitive information.
• Updated DID validation regex to align with specs: allow digits in DID method.
• Updated SuggestedActors to include RecIdStr, see Add recIdStr to suggested follows by actor
• Added setter to Notification.Declaration.AllowSubscriptions for easy updating of the value.
• Mark SetStatus as obsolete in favor of CreateStatus and UpdateStatus.
• Marked SelfLabelNames as obsolete in favor of SelfLabelValues, as the new name is more correct.

[github-actions]

Test Results

    7 files      7 suites   57s ⏱️
1 153 tests 1 153 ✅ 0 💤 0 ❌
1 159 runs  1 159 ✅ 0 💤 0 ❌

Results for commit a3c505c.

♻️ This comment has been updated with latest results.

[Copilot]

Pull request overview

Merges the v1.8.0 feature set: adds OpenTelemetry metrics, introduces SSRF protections/default URI validation, tightens Jetstream WebSocket safety limits, and modernizes many files to file-scoped namespaces plus assorted docs/samples updates.

Changes:

• Add OpenTelemetry meters + registration extensions and wire optional IMeterFactory through agents/clients.
• Add SSRF mitigations (default discovery URI validation + dependency) and reduce accidental credential leakage via redacted ToString().
• Add Jetstream safety improvements (MaxMessageSize) and multiple API/DTO updates + broad file-scoped namespace refactors.

Reviewed changes

Copilot reviewed 298 out of 610 changed files in this pull request and generated 10 comments.

Show a summary per file

File	Description
src/idunno.AtProto/SecurityHelpers.cs	Adds default discovery URI validation to mitigate SSRF.
src/idunno.AtProto/AtProtoHttpClientMetrics.cs	Introduces HTTP client metric instruments (counters/histogram).
src/idunno.AtProto/DidPlcDirectory/DirectoryMetrics.cs	Introduces DID PLC directory metric instruments.
src/idunno.AtProto/AtProtoMetricsExtensions.cs	Adds OTEL MeterProviderBuilder extension methods for registering meters.
src/idunno.AtProto/WebSocketExtensions.cs	Adds max message size enforcement for WebSocket receives and logging.
src/idunno.AtProto/Jetstream/JetstreamOptions.cs	Exposes MaxMessageSize option to guard against oversized Jetstream messages.
src/idunno.AtProto/Authentication/OAuthClient.cs	Adjusts handler factory types; impacts handler lifetime/disposal patterns.
src/idunno.AtProto/Logger.cs	Adds new structured log events for SSRF and WebSocket oversize handling.
samples/Samples.Timeline/Program.cs	Updates sample; currently forces proxy usage (likely accidental).
src/idunno.AtProto.Types/Cid.cs	Adds == / != operators and expands XML docs.

Files not reviewed (1)

• src/idunno.AtProto.OAuthCallback/Resources.Designer.cs: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.