bretton.dev
+30
cmd/server/main.go
+30
cmd/server/main.go
······
······+// Currently handles only CREATE operations - UPDATE/DELETE deferred until those features exist+postJetstreamConnector := jetstream.NewPostJetstreamConnector(postEventConsumer, postJetstreamURL)
+92
docs/PRD_BACKLOG.md
+92
docs/PRD_BACKLOG.md
···+Current implementation rejects handles in endpoints that declare `"format": "at-identifier"` in their lexicon schemas, violating atProto best practices and breaking legitimate client usage.+- ❌ Post creation fails when client sends community handle (e.g., `!gardening.communities.coves.social`)+Handlers and services validate `strings.HasPrefix(req.Community, "did:")` instead of calling `ResolveCommunityIdentifier()`.+1. **Post Creation** - [create.go:54](../internal/api/handlers/post/create.go#L54), [service.go:51](../internal/core/posts/service.go#L51)+- Lexicon declares `at-identifier`: [post/create.json:16](../internal/atproto/lexicon/social/coves/post/create.json#L16)+- Lexicon declares `at-identifier`: [subscribe.json:16](../internal/atproto/lexicon/social/coves/community/subscribe.json#L16)+- Lexicon declares `at-identifier`: [unsubscribe.json:16](../internal/atproto/lexicon/social/coves/community/unsubscribe.json#L16)+4. **Block/Unblock** - [block.go:58](../internal/api/handlers/community/block.go#L58), [block.go:132](../internal/api/handlers/community/block.go#L132)+- Lexicon declares `"format": "did"`: [block.json:15](../internal/atproto/lexicon/social/coves/community/block.json#L15)+Replace direct DID validation with handle resolution using existing `ResolveCommunityIdentifier()`:+✅ `ResolveCommunityIdentifier()` already implemented at [service.go:843](../internal/core/communities/service.go#L843)**Added:** 2025-10-11 | **Updated:** 2025-10-16 | **Effort:** 2-3 days | **Priority:** ALPHA BLOCKER
+60
-2
docs/PRD_COMMUNITIES.md
+60
-2
docs/PRD_COMMUNITIES.md
·········**Decision:** Use single `handle` field containing DNS-resolvable atProto handle; remove `atprotoHandle` field
···+Communities can define content posting restrictions via the `contentRules` object in their profile:+**See:** [PRD_GOVERNANCE.md - Content Rules System](PRD_GOVERNANCE.md#content-rules-system) for full details···+- `contentRules` - Content posting restrictions (see [PRD_GOVERNANCE.md](PRD_GOVERNANCE.md#content-rules-system))···+**Decision:** Remove `postType` enum from post creation; use flexible `contentRules` in community profile instead+- `postType` enum forced users to explicitly select type (bad UX - app should infer from structure)+- Communities can't programmatically restrict to exact "article" vs "text" types (but structure-based rules are better)**Decision:** Use single `handle` field containing DNS-resolvable atProto handle; remove `atprotoHandle` field
+134
-72
docs/PRD_GOVERNANCE.md
+134
-72
docs/PRD_GOVERNANCE.md
···**Note:** Moderator management and advanced governance are **post-alpha** (Beta Phase 1) work. Alpha focuses on basic community CRUD operations.···-- As a **self-hosted instance owner**, I want to create communities and assign moderators so I don't have to manage everything myself············-**Decision:** Use `knownValues` instead of `enum` for moderator roles and permissions in `social.coves.community.moderator` record schema-- Using `knownValues` allows adding new roles/permissions in Beta Phase 2 without requiring V2 schema migration-- Zero cost to fix during alpha planning; expensive to migrate once records exist in production-- `role` field: Changed from `enum: ["moderator", "admin"]` to `knownValues: ["moderator", "admin"]` with `maxLength: 64`-- **New roles**: "owner" (full transfer rights), "trainee" (limited trial moderator), "emeritus" (honorary former moderator)-- **New permissions**: "manage_bots", "manage_flairs", "manage_automoderator", "manage_federation", "pin_posts"-- Can add these values during Phase 2 (Moderator Tiers & Permissions) without breaking existing moderator records-Per [atproto#4245](https://github.com/bluesky-social/atproto/discussions/4245): "Enum sets are 'closed' and can not be updated or extended without breaking schema evolution rules. For this reason they should almost always be avoided. For strings, `knownValues` provides more flexible alternative."**Decision:** Store moderator records in community's repository (`at://community_did/social.coves.community.moderator/{tid}`), not user's repository
···**Note:** Moderator management and advanced governance are **post-alpha** (Beta Phase 1) work. Alpha focuses on basic community CRUD operations.·········+Content rules allow communities to define restrictions on what types of content can be posted, replacing the rejected `postType` enum approach with flexible, structure-based validation.+- Rules stored in community's repository (`at://community_did/social.coves.community.profile/self`)+✅ **More Flexible:** Communities can define granular rules (e.g., "text required but images optional")+- **Validation is advisory:** Malicious PDS could ignore rules, but AppView can filter out violating posts······**Decision:** Store moderator records in community's repository (`at://community_did/social.coves.community.moderator/{tid}`), not user's repository
+840
docs/PRD_POSTS.md
+840
docs/PRD_POSTS.md
···
···+**See:** [IMPLEMENTATION_POST_CREATION.md](IMPLEMENTATION_POST_CREATION.md) for complete implementation details.+Posts are the core content unit in Coves communities. Built on atProto, each post is stored in the **community's repository** and indexed by the AppView for discovery and interaction. Posts support rich text, embeds, voting, tagging, and federation with other atProto platforms.+Posts are validated against community-specific content rules at creation time. Communities can restrict:+**See:** [PRD_GOVERNANCE.md - Content Rules System](PRD_GOVERNANCE.md#content-rules-system) for full details.+- [x] **Handler:** `POST /xrpc/social.coves.post.create` ✅ (Alpha - see IMPLEMENTATION_POST_CREATION.md)+- ⚠️ **Validate post against content rules** DEFERRED (see [PRD_GOVERNANCE.md](PRD_GOVERNANCE.md#content-rules-system))+- [x] **E2E Test:** Create text post → Write to **community's PDS** → Index via Jetstream → Verify in AppView ✅+- [ ] **E2E Test:** Create vote → Index → Verify count updates → Delete vote → Verify count decrements+**Note:** Votes live in user's repository (user owns their voting history), but posts live in community's repository.+- ⚠️ **Derive post characteristics:** DEFERRED (embed_type, text_length, has_title, has_embed for content rules filtering)+- [ ] **Consumer:** `PostConsumer.HandleVoteEvent()` - DEFERRED TO BETA (voting system not yet implemented)+**Migration:** [internal/db/migrations/011_create_posts_table.sql](../internal/db/migrations/011_create_posts_table.sql)+CONSTRAINT fk_community FOREIGN KEY (community_did) REFERENCES communities(did) ON DELETE CASCADE+CREATE INDEX idx_posts_community_created ON posts(community_did, created_at DESC) WHERE deleted_at IS NULL;+CREATE INDEX idx_posts_community_score ON posts(community_did, score DESC, created_at DESC) WHERE deleted_at IS NULL;+-- CREATE INDEX idx_posts_embed_type ON posts(community_did, embed_type) WHERE deleted_at IS NULL;+CREATE INDEX idx_votes_voter_subject ON votes(voter_did, subject_uri) WHERE deleted_at IS NULL;+- [x] **Token Refresh Integration:** ✅ Reuse community token refresh logic for post operations+- [x] **at-identifier Support:** ✅ All 4 formats supported (DIDs, canonical, @-prefixed, scoped)+- [ ] **Content Rules Validation:** ⚠️ DEFERRED TO BETA - Posts validated against community content rules+- [ ] **Content rules validation:** Federated post rejected if `allowFederated: false` ⚠️ DEFERRED+**Decision:** Remove `postType` from post creation input; validate posts against community's `contentRules` instead+- `postType` enum forced users to explicitly select type (bad UX - app should infer from structure)+- Structure-based validation is more flexible ("text required, images optional" vs rigid type categories)+**Note:** Direction (up/down) inferred from record creation/deletion pattern. Stored in user's repository (user owns votes).+- Bluesky Post Record: https://github.com/bluesky-social/atproto/blob/main/lexicons/app/bsky/feed/post.json
+106
internal/api/handlers/post/create.go
+106
internal/api/handlers/post/create.go
···
···
+57
internal/api/handlers/post/errors.go
+57
internal/api/handlers/post/errors.go
···
···
+6
internal/api/middleware/auth.go
+6
internal/api/middleware/auth.go
···
+26
internal/api/routes/post.go
+26
internal/api/routes/post.go
···
···+func RegisterPostRoutes(r chi.Router, service posts.Service, authMiddleware *middleware.AtProtoAuthMiddleware) {+r.With(authMiddleware.RequireAuth).Post("/xrpc/social.coves.post.create", createHandler.HandleCreate)+// r.With(authMiddleware.RequireAuth).Post("/xrpc/social.coves.post.update", updateHandler.HandleUpdate)+// r.With(authMiddleware.RequireAuth).Post("/xrpc/social.coves.post.delete", deleteHandler.HandleDelete)
+243
internal/atproto/jetstream/post_consumer.go
+243
internal/atproto/jetstream/post_consumer.go
···
···+// Currently only handles CREATE operations - UPDATE/DELETE deferred until those features exist+func (c *PostEventConsumer) createPost(ctx context.Context, repoDID string, commit *CommitEvent) error {+func (c *PostEventConsumer) validatePostEvent(ctx context.Context, repoDID string, post *PostRecordFromJetstream) error {+// This prevents users from creating posts that appear to be from communities they don't control+return fmt.Errorf("repository DID (%s) doesn't match community DID (%s) - posts must come from community repos",+return fmt.Errorf("community not found: %s - cannot index post before community", post.Community)
+125
internal/atproto/jetstream/post_jetstream_connector.go
+125
internal/atproto/jetstream/post_jetstream_connector.go
···
···+func NewPostJetstreamConnector(consumer *PostEventConsumer, wsURL string) *PostJetstreamConnector {+if err := conn.WriteControl(websocket.PingMessage, []byte{}, time.Now().Add(10*time.Second)); err != nil {
+3
-3
internal/core/communities/community.go
+3
-3
internal/core/communities/community.go
···-DisplayHandle string `json:"displayHandle,omitempty" db:"-"` // UI hint: !gardening@coves.social (computed, not stored)-Handle string `json:"handle" db:"handle"` // Canonical atProto handle (e.g., gardening.community.coves.social)
···+DisplayHandle string `json:"displayHandle,omitempty" db:"-"` // UI hint: !gardening@coves.social (computed, not stored)+Handle string `json:"handle" db:"handle"` // Canonical atProto handle (e.g., gardening.community.coves.social)
+6
internal/core/communities/interfaces.go
+6
internal/core/communities/interfaces.go
···ResolveCommunityIdentifier(ctx context.Context, identifier string) (string, error) // Returns DID from handle or DID
+25
-10
internal/core/communities/service.go
+25
-10
internal/core/communities/service.go
···func (s *communityService) UpdateCommunity(ctx context.Context, req UpdateCommunityRequest) (*Community, error) {······-func (s *communityService) ensureFreshToken(ctx context.Context, community *Community) (*Community, error) {···func (s *communityService) ResolveCommunityIdentifier(ctx context.Context, identifier string) (string, error) {······func (s *communityService) resolveScopedIdentifier(ctx context.Context, scoped string) (string, error) {
···func (s *communityService) UpdateCommunity(ctx context.Context, req UpdateCommunityRequest) (*Community, error) {······+func (s *communityService) EnsureFreshToken(ctx context.Context, community *Community) (*Community, error) {···func (s *communityService) ResolveCommunityIdentifier(ctx context.Context, identifier string) (string, error) {······func (s *communityService) resolveScopedIdentifier(ctx context.Context, scoped string) (string, error) {
+123
internal/core/posts/errors.go
+123
internal/core/posts/errors.go
···
···
+35
internal/core/posts/interfaces.go
+35
internal/core/posts/interfaces.go
···
···+// ListCommunityPosts(ctx context.Context, communityDID string, limit, offset int) ([]*Post, error)
+68
internal/core/posts/post.go
+68
internal/core/posts/post.go
···
···
+261
internal/core/posts/service.go
+261
internal/core/posts/service.go
···
···+func (s *postService) CreatePost(ctx context.Context, req CreatePostRequest) (*CreatePostResponse, error) {+log.Printf("[POST-CREATE] Author: %s, Community: %s, URI: %s", req.AuthorDID, communityDID, uri)
+51
internal/db/migrations/011_create_posts_table.sql
+51
internal/db/migrations/011_create_posts_table.sql
···
···+CONSTRAINT fk_community FOREIGN KEY (community_did) REFERENCES communities(did) ON DELETE CASCADE+CREATE INDEX idx_posts_community_created ON posts(community_did, created_at DESC) WHERE deleted_at IS NULL;+CREATE INDEX idx_posts_community_score ON posts(community_did, score DESC, created_at DESC) WHERE deleted_at IS NULL;+-- CREATE INDEX idx_posts_content_search ON posts USING gin(to_tsvector('english', content)) WHERE deleted_at IS NULL;+COMMENT ON TABLE posts IS 'Posts indexed from community repositories via Jetstream firehose consumer';+COMMENT ON COLUMN posts.uri IS 'AT-URI in format: at://community_did/social.coves.post.record/rkey';+COMMENT ON COLUMN posts.score IS 'Computed as upvote_count - downvote_count for ranking algorithms';
+138
internal/db/postgres/post_repo.go
+138
internal/db/postgres/post_repo.go
···
···+if strings.Contains(err.Error(), "duplicate key") && strings.Contains(err.Error(), "posts_uri_key") {
+13
-19
internal/validation/lexicon_test.go
+13
-19
internal/validation/lexicon_test.go
···
···
+2
-1
tests/integration/community_blocking_test.go
+2
-1
tests/integration/community_blocking_test.go
-42
tests/integration/community_e2e_test.go
-42
tests/integration/community_e2e_test.go
···-return "", "", fmt.Errorf("PDS auth failed (status %d, failed to read body: %w)", resp.StatusCode, readErr)
+8
-4
tests/integration/community_hostedby_security_test.go
+8
-4
tests/integration/community_hostedby_security_test.go
························
························
+1
-1
tests/integration/community_identifier_resolution_test.go
+1
-1
tests/integration/community_identifier_resolution_test.go
+12
-6
tests/integration/community_v2_validation_test.go
+12
-6
tests/integration/community_v2_validation_test.go
··················
··················
+92
tests/integration/helpers.go
+92
tests/integration/helpers.go
···
···+return "", "", fmt.Errorf("PDS auth failed (status %d, failed to read body: %w)", resp.StatusCode, readErr)
+1
-13
tests/integration/jetstream_consumer_test.go
+1
-13
tests/integration/jetstream_consumer_test.go
···
+363
tests/integration/post_creation_test.go
+363
tests/integration/post_creation_test.go
···
···+Handle: "testcommunity.community.test.coves.social", // Canonical atProto handle (no ! prefix, .community. format)+Community: "nonexistent.community.test.coves.social", // Valid canonical handle format, but doesn't exist
+715
tests/integration/post_e2e_test.go
+715
tests/integration/post_e2e_test.go
···
···+// a live PDS/Jetstream in test environment. For true live testing, use TestPostCreation_E2E_LivePDS.+req := httptest.NewRequest("POST", "/xrpc/social.coves.post.create", bytes.NewReader(reqJSON))+require.Equal(t, http.StatusOK, rr.Code, "Handler should return 200 OK, body: %s", rr.Body.String())+jetstreamURL := fmt.Sprintf("ws://%s:6008/subscribe?wantedCollections=social.coves.post.record",+err := subscribeToJetstreamForPost(ctx, jetstreamURL, community.DID, postConsumer, eventChan, errorChan, done)+// subscribeToJetstreamForPost subscribes to real Jetstream firehose and processes post events
+470
tests/integration/post_handler_test.go
+470
tests/integration/post_handler_test.go
···
···+req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.post.create", bytes.NewReader(body))+req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.post.create", bytes.NewReader(body))+req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.post.create", bytes.NewReader(body))+req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.post.create", bytes.NewReader(invalidJSON))+req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.post.create", bytes.NewReader(body))+req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.post.create", bytes.NewReader(body))+// Should reject (either 400 InvalidRequest or 404 NotFound depending on how service resolves it)+req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.post.create", bytes.NewReader(body))+req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.post.create", bytes.NewReader(body))+req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.post.create", bytes.NewReader(body))+// Canonical handles don't have strict validation at handler level - they're validated by the service+req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.post.create", bytes.NewReader(body))+req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.post.create", bytes.NewReader(body))+assert.NotEqual(t, http.StatusBadRequest, rec.Code, "Handler should not reject valid unicode")+req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.post.create", bytes.NewReader(body))
+2
-1
tests/integration/subscription_indexing_test.go
+2
-1
tests/integration/subscription_indexing_test.go
···
+4
-4
tests/lexicon_validation_test.go
+4
-4
tests/lexicon_validation_test.go
······
······