Version + Auto-Update Discovery

Single canonical endpoint that tells clients (embed scripts, SDKs, CLI tools) what version of Peacock they're talking to, and what version of each downloadable component is current.

Endpoint

GET /v1/version

Anonymous, anonymous-cacheable, ~600 ms TTL at the edge. No rate limit (it's a discovery URL).

Response

{
  "peacock": {
    "version": "0.1.0",
    "channel": "pre-alpha",
    "released_at": "2026-05-25",
    "min_supported_sdk": "0.1.0",
    "min_supported_embed": "0.1.0"
  },
  "components": {
    "embed_js": {
      "latest": "0.1.0",
      "url": "https://peacock-cms.webhoch.com/embed.js",
      "versioned_url": "https://peacock-cms.webhoch.com/embed-v0.1.0.js",
      "integrity": "sha384-R2FMQxAk59Fbs+ln2bREi/U26a3VrRPa9AIo4w0aop9b/mHPJlmZToP9UrJg17RM",
      "changelog": "https://peacock-cms.webhoch.com/docs/CHANGELOG.html#embed-js-0-1-0"
    },
    "peacock_admin_js": {
      "latest": "0.1.0",
      "url": "https://peacock-cms.webhoch.com/peacock-admin.js",
      "integrity": "sha384-..."
    },
    "sdk_js": { "latest": "0.1.0", "npm": "@peacock/sdk-js" },
    "sdk_astro": { "latest": "0.1.0", "npm": "@peacock/sdk-astro" },
    "cli": { "latest": "0.1.0", "npm": "@peacock/cli" }
  }
}

Channels

Channel	Audience	Update cadence
pre-alpha	Closed Pre-Alpha testers	Hourly, breaking changes possible
alpha	Early adopters	Weekly, breaking changes flagged
beta	Public testers	Bi-weekly, semver-honored
stable	Production users	Monthly, full semver

Set the channel via env: PEACOCK_RELEASE_CHANNEL=stable on the Peacock API host.

Auto-update behavior in embed.js

The embed script polls /v1/version on every page-mount (rate-limited client-side via localStorage to once per 24h):

1. Compares its loaded version against components.embed_js.latest.
2. If a newer version exists, emits a console.warn for ops visibility.
3. Optionally (when data-peacock-auto-update="on") reloads the page with the new version (Pre-Alpha: disabled by default; Stable channel recommended to leave off, since auto-reloads break UX).

Using from your own tooling

# Check current version
curl https://peacock-cms.webhoch.com/v1/version | jq -r '.peacock.version'

# Get the SRI hash for a specific embed version
curl -s https://peacock-cms.webhoch.com/v1/version | \
  jq -r '.components.embed_js.integrity'

SRI usage

Recommended <script> tag for production embedders:

<script
  src="https://peacock-cms.webhoch.com/embed-v0.1.0.js"
  integrity="sha384-R2FMQxAk59Fbs+ln2bREi/U26a3VrRPa9AIo4w0aop9b/mHPJlmZToP9UrJg17RM"
  crossorigin="anonymous"
  data-peacock-api="https://peacock-cms.webhoch.com"
  data-peacock-space="your-space-slug"
  defer
></script>

CORS is shipped (2026-05-27)

Until 2026-05-27, the crossorigin="anonymous" SRI recipe broke because the script URLs didn't return Access-Control-Allow-Origin. That's fixed — nginx now emits ACAO: * and Cross-Origin-Resource-Policy: cross-origin for /embed.js, /embed-v*.js, and /peacock-admin.js, plus a 204 OPTIONS preflight handler.

See also

• /guide/auto-update — operator guide for the update channel
• /api/openapi — full API spec discovery
• /guide/integrate-existing-site — Setup walkthrough with SRI