bretton.dev / coves
A community based topic aggregation platform built on atproto
fork atom

feat: Add verification system to actor lexicon

Add support for cryptographically signed verifications (phone, email, domain, etc.)
to actor profiles. This is a backwards-compatible addition.

Changes:
- Replace simple verified boolean with verifications array
- Add verification lexicon definition with signature support
- Add XRPC endpoints: requestPhone, verifyPhone, getStatus

The verification array allows multiple verification types and is
cryptographically signed by trusted services (e.g., did:web:coves.social).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

bretton.dev 583c3d4b b09be3af

options
unified split
Changed files
+214 -14
internal
atproto
lexicon
social
coves
actor
profile.json
verification
getStatus.json
requestPhone.json
verifyPhone.json
+42 -14
internal/atproto/lexicon/social/coves/actor/profile.json 
···

       
46

       
46

       
 

       
            "accept": ["image/png", "image/jpeg", "image/webp"],


     

       
47

       
47

       
 

       
            "maxSize": 2000000


     

       
48

       
48

       
 

       
          },


     

       
49

       

       
-

       
          "verified": {


     

       
50

       

       
-

       
            "type": "boolean",


     

       
51

       

       
-

       
            "default": false,


     

       
52

       

       
-

       
            "description": "Whether the user has completed phone verification"


     

       
53

       

       
-

       
          },


     

       
54

       

       
-

       
          "verifiedAt": {


     

       
55

       

       
-

       
            "type": "string",


     

       
56

       

       
-

       
            "format": "datetime",


     

       
57

       

       
-

       
            "description": "When the user was verified"


     

       
58

       

       
-

       
          },


     

       
59

       

       
-

       
          "verificationExpiresAt": {


     

       
60

       

       
-

       
            "type": "string",


     

       
61

       

       
-

       
            "format": "datetime",


     

       
62

       

       
-

       
            "description": "When verification expires"


     

       

       
49

       
+

       
          "verifications": {


     

       

       
50

       
+

       
            "type": "array",


     

       

       
51

       
+

       
            "description": "Cryptographically signed verifications from trusted services",


     

       

       
52

       
+

       
            "items": {


     

       

       
53

       
+

       
              "type": "ref",


     

       

       
54

       
+

       
              "ref": "#verification"


     

       

       
55

       
+

       
            }


     

       
63

       
56

       
 

       
          },


     

       
64

       
57

       
 

       
          "federatedFrom": {


     

       
65

       
58

       
 

       
            "type": "string",


     
···

       
215

       
208

       
 

       
          "type": "string",


     

       
216

       
209

       
 

       
          "maxLength": 256,


     

       
217

       
210

       
 

       
          "description": "Human-readable location name"


     

       

       
211

       
+

       
        }


     

       

       
212

       
+

       
      }


     

       

       
213

       
+

       
    },


     

       

       
214

       
+

       
    "verification": {


     

       

       
215

       
+

       
      "type": "object",


     

       

       
216

       
+

       
      "description": "A cryptographically signed verification from a trusted service",


     

       

       
217

       
+

       
      "required": ["type", "verifiedBy", "verifiedAt", "expiresAt", "signature"],


     

       

       
218

       
+

       
      "properties": {


     

       

       
219

       
+

       
        "type": {


     

       

       
220

       
+

       
          "type": "string",


     

       

       
221

       
+

       
          "knownValues": ["phone", "email", "domain", "government_id"],


     

       

       
222

       
+

       
          "description": "Type of verification performed"


     

       

       
223

       
+

       
        },


     

       

       
224

       
+

       
        "verifiedBy": {


     

       

       
225

       
+

       
          "type": "string",


     

       

       
226

       
+

       
          "format": "did",


     

       

       
227

       
+

       
          "description": "DID of the service that performed verification (e.g., did:web:coves.social)"


     

       

       
228

       
+

       
        },


     

       

       
229

       
+

       
        "verifiedAt": {


     

       

       
230

       
+

       
          "type": "string",


     

       

       
231

       
+

       
          "format": "datetime",


     

       

       
232

       
+

       
          "description": "When the verification was completed"


     

       

       
233

       
+

       
        },


     

       

       
234

       
+

       
        "expiresAt": {


     

       

       
235

       
+

       
          "type": "string",


     

       

       
236

       
+

       
          "format": "datetime",


     

       

       
237

       
+

       
          "description": "When this verification expires and requires renewal"


     

       

       
238

       
+

       
        },


     

       

       
239

       
+

       
        "signature": {


     

       

       
240

       
+

       
          "type": "string",


     

       

       
241

       
+

       
          "description": "Base64-encoded signature over verification data (type + verifiedBy + verifiedAt + expiresAt + subject DID)"


     

       

       
242

       
+

       
        },


     

       

       
243

       
+

       
        "metadata": {


     

       

       
244

       
+

       
          "type": "object",


     

       

       
245

       
+

       
          "description": "Optional verification-specific metadata (e.g., phone country code, domain name)"


     

       
218

       
246

       
 

       
        }


     

       
219

       
247

       
 

       
      }


     

       
220

       
248

       
 

       
    }
+41
internal/atproto/lexicon/social/coves/verification/getStatus.json 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  "lexicon": 1,


     

       

       
3

       
+

       
  "id": "social.coves.verification.getStatus",


     

       

       
4

       
+

       
  "defs": {


     

       

       
5

       
+

       
    "main": {


     

       

       
6

       
+

       
      "type": "query",


     

       

       
7

       
+

       
      "description": "Get phone verification status for the authenticated user.",


     

       

       
8

       
+

       
      "parameters": {


     

       

       
9

       
+

       
        "type": "params",


     

       

       
10

       
+

       
        "properties": {}


     

       

       
11

       
+

       
      },


     

       

       
12

       
+

       
      "output": {


     

       

       
13

       
+

       
        "encoding": "application/json",


     

       

       
14

       
+

       
        "schema": {


     

       

       
15

       
+

       
          "type": "object",


     

       

       
16

       
+

       
          "required": ["hasVerifiedPhone"],


     

       

       
17

       
+

       
          "properties": {


     

       

       
18

       
+

       
            "hasVerifiedPhone": {


     

       

       
19

       
+

       
              "type": "boolean",


     

       

       
20

       
+

       
              "description": "Whether the user has a verified phone"


     

       

       
21

       
+

       
            },


     

       

       
22

       
+

       
            "verifiedAt": {


     

       

       
23

       
+

       
              "type": "string",


     

       

       
24

       
+

       
              "format": "datetime",


     

       

       
25

       
+

       
              "description": "When phone was verified"


     

       

       
26

       
+

       
            },


     

       

       
27

       
+

       
            "expiresAt": {


     

       

       
28

       
+

       
              "type": "string",


     

       

       
29

       
+

       
              "format": "datetime",


     

       

       
30

       
+

       
              "description": "When verification expires"


     

       

       
31

       
+

       
            },


     

       

       
32

       
+

       
            "needsRenewal": {


     

       

       
33

       
+

       
              "type": "boolean",


     

       

       
34

       
+

       
              "description": "Whether verification is expiring soon (within 30 days)"


     

       

       
35

       
+

       
            }


     

       

       
36

       
+

       
          }


     

       

       
37

       
+

       
        }


     

       

       
38

       
+

       
      }


     

       

       
39

       
+

       
    }


     

       

       
40

       
+

       
  }


     

       

       
41

       
+

       
}
+59
internal/atproto/lexicon/social/coves/verification/requestPhone.json 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  "lexicon": 1,


     

       

       
3

       
+

       
  "id": "social.coves.verification.requestPhone",


     

       

       
4

       
+

       
  "defs": {


     

       

       
5

       
+

       
    "main": {


     

       

       
6

       
+

       
      "type": "procedure",


     

       

       
7

       
+

       
      "description": "Request a phone verification OTP code. Rate limited to prevent abuse.",


     

       

       
8

       
+

       
      "input": {


     

       

       
9

       
+

       
        "encoding": "application/json",


     

       

       
10

       
+

       
        "schema": {


     

       

       
11

       
+

       
          "type": "object",


     

       

       
12

       
+

       
          "required": ["phoneNumber"],


     

       

       
13

       
+

       
          "properties": {


     

       

       
14

       
+

       
            "phoneNumber": {


     

       

       
15

       
+

       
              "type": "string",


     

       

       
16

       
+

       
              "description": "Phone number in E.164 format (e.g., +14155552671)"


     

       

       
17

       
+

       
            }


     

       

       
18

       
+

       
          }


     

       

       
19

       
+

       
        }


     

       

       
20

       
+

       
      },


     

       

       
21

       
+

       
      "output": {


     

       

       
22

       
+

       
        "encoding": "application/json",


     

       

       
23

       
+

       
        "schema": {


     

       

       
24

       
+

       
          "type": "object",


     

       

       
25

       
+

       
          "required": ["requestId", "expiresAt"],


     

       

       
26

       
+

       
          "properties": {


     

       

       
27

       
+

       
            "requestId": {


     

       

       
28

       
+

       
              "type": "string",


     

       

       
29

       
+

       
              "description": "Unique identifier for this verification request"


     

       

       
30

       
+

       
            },


     

       

       
31

       
+

       
            "expiresAt": {


     

       

       
32

       
+

       
              "type": "string",


     

       

       
33

       
+

       
              "format": "datetime",


     

       

       
34

       
+

       
              "description": "When the OTP code expires"


     

       

       
35

       
+

       
            }


     

       

       
36

       
+

       
          }


     

       

       
37

       
+

       
        }


     

       

       
38

       
+

       
      },


     

       

       
39

       
+

       
      "errors": [


     

       

       
40

       
+

       
        {


     

       

       
41

       
+

       
          "name": "InvalidPhoneNumber",


     

       

       
42

       
+

       
          "description": "Phone number format is invalid"


     

       

       
43

       
+

       
        },


     

       

       
44

       
+

       
        {


     

       

       
45

       
+

       
          "name": "PhoneAlreadyVerified",


     

       

       
46

       
+

       
          "description": "This phone number is already verified by another account"


     

       

       
47

       
+

       
        },


     

       

       
48

       
+

       
        {


     

       

       
49

       
+

       
          "name": "RateLimitExceeded",


     

       

       
50

       
+

       
          "description": "Too many verification requests. Please try again later."


     

       

       
51

       
+

       
        },


     

       

       
52

       
+

       
        {


     

       

       
53

       
+

       
          "name": "SMSDeliveryFailed",


     

       

       
54

       
+

       
          "description": "Failed to send SMS to the provided number"


     

       

       
55

       
+

       
        }


     

       

       
56

       
+

       
      ]


     

       

       
57

       
+

       
    }


     

       

       
58

       
+

       
  }


     

       

       
59

       
+

       
}
+72
internal/atproto/lexicon/social/coves/verification/verifyPhone.json 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  "lexicon": 1,


     

       

       
3

       
+

       
  "id": "social.coves.verification.verifyPhone",


     

       

       
4

       
+

       
  "defs": {


     

       

       
5

       
+

       
    "main": {


     

       

       
6

       
+

       
      "type": "procedure",


     

       

       
7

       
+

       
      "description": "Verify phone number with OTP code. On success, writes signed verification to user's PDS profile.",


     

       

       
8

       
+

       
      "input": {


     

       

       
9

       
+

       
        "encoding": "application/json",


     

       

       
10

       
+

       
        "schema": {


     

       

       
11

       
+

       
          "type": "object",


     

       

       
12

       
+

       
          "required": ["requestId", "code"],


     

       

       
13

       
+

       
          "properties": {


     

       

       
14

       
+

       
            "requestId": {


     

       

       
15

       
+

       
              "type": "string",


     

       

       
16

       
+

       
              "description": "Request ID from requestPhone call"


     

       

       
17

       
+

       
            },


     

       

       
18

       
+

       
            "code": {


     

       

       
19

       
+

       
              "type": "string",


     

       

       
20

       
+

       
              "description": "6-digit OTP code received via SMS"


     

       

       
21

       
+

       
            }


     

       

       
22

       
+

       
          }


     

       

       
23

       
+

       
        }


     

       

       
24

       
+

       
      },


     

       

       
25

       
+

       
      "output": {


     

       

       
26

       
+

       
        "encoding": "application/json",


     

       

       
27

       
+

       
        "schema": {


     

       

       
28

       
+

       
          "type": "object",


     

       

       
29

       
+

       
          "required": ["verified", "verifiedAt", "expiresAt"],


     

       

       
30

       
+

       
          "properties": {


     

       

       
31

       
+

       
            "verified": {


     

       

       
32

       
+

       
              "type": "boolean",


     

       

       
33

       
+

       
              "description": "Whether verification was successful"


     

       

       
34

       
+

       
            },


     

       

       
35

       
+

       
            "verifiedAt": {


     

       

       
36

       
+

       
              "type": "string",


     

       

       
37

       
+

       
              "format": "datetime",


     

       

       
38

       
+

       
              "description": "When the verification completed"


     

       

       
39

       
+

       
            },


     

       

       
40

       
+

       
            "expiresAt": {


     

       

       
41

       
+

       
              "type": "string",


     

       

       
42

       
+

       
              "format": "datetime",


     

       

       
43

       
+

       
              "description": "When verification expires (1 year from verifiedAt)"


     

       

       
44

       
+

       
            }


     

       

       
45

       
+

       
          }


     

       

       
46

       
+

       
        }


     

       

       
47

       
+

       
      },


     

       

       
48

       
+

       
      "errors": [


     

       

       
49

       
+

       
        {


     

       

       
50

       
+

       
          "name": "InvalidCode",


     

       

       
51

       
+

       
          "description": "The provided OTP code is incorrect"


     

       

       
52

       
+

       
        },


     

       

       
53

       
+

       
        {


     

       

       
54

       
+

       
          "name": "CodeExpired",


     

       

       
55

       
+

       
          "description": "The OTP code has expired. Request a new one."


     

       

       
56

       
+

       
        },


     

       

       
57

       
+

       
        {


     

       

       
58

       
+

       
          "name": "RequestNotFound",


     

       

       
59

       
+

       
          "description": "Invalid or expired request ID"


     

       

       
60

       
+

       
        },


     

       

       
61

       
+

       
        {


     

       

       
62

       
+

       
          "name": "TooManyAttempts",


     

       

       
63

       
+

       
          "description": "Too many failed verification attempts. Request a new code."


     

       

       
64

       
+

       
        },


     

       

       
65

       
+

       
        {


     

       

       
66

       
+

       
          "name": "PDSWriteFailed",


     

       

       
67

       
+

       
          "description": "Failed to write verification to user's PDS profile"


     

       

       
68

       
+

       
        }


     

       

       
69

       
+

       
      ]


     

       

       
70

       
+

       
    }


     

       

       
71

       
+

       
  }


     

       

       
72

       
+

       
}