bretton.dev
code
Clone this repository
https://tangled.org/bretton.dev/coves
git@knot.bretton.dev:bretton.dev/coves
For self-hosted knots, clone URLs may differ based on your setup.
Add ES256 federation support and JWT config caching:
- DID-based key fetcher for verifying tokens from any PDS
- O(1) issuer whitelist lookups with cached config
- Environment configuration documentation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Document the dual JWT verification methods (HS256 + ES256) in environment
configuration files:
- HS256: For your own PDS (fast, shared secret, no network calls)
- ES256: For federated users (DID resolution, works with any PDS)
Updates:
- .env.dev: Add HS256_ISSUERS for local development
- .env.prod.example: Add JWT Authentication section with documentation
- docker-compose.prod.yml: Pass PDS_JWT_SECRET and HS256_ISSUERS to appview
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Cache HS256_ISSUERS, PDS_JWT_SECRET, and IS_DEV_ENV at startup instead
of reading environment variables on every token verification request.
- Add jwtConfig struct with sync.Once initialization
- Use map[string]struct{} for O(1) issuer whitelist lookups
- Add InitJWTConfig() for explicit startup initialization
- Add ResetJWTConfigForTesting() for test isolation
- Update main.go to call InitJWTConfig() at startup
Before: 2-3 os.Getenv() calls + O(n) string iteration per request
After: Single pointer dereference + O(1) map lookup per request
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add support for verifying ES256 service auth tokens from federated users.
This enables users from any PDS (bsky.social, etc.) to authenticate with
Coves instances.
- DIDKeyFetcher: resolves DID documents via PLC directory to get public keys
- CombinedKeyFetcher: routes to DID or JWKS based on issuer format
- Supports did:plc: and did:web: issuers
- Converts atcrypto JWK to Go ecdsa.PublicKey for jwt-go verification
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Only did:web:coves.social can now create communities in production.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Replace local disk blobstore with S3-compatible storage configuration.
This allows blobs to be stored in OVH Object Storage while keeping
record data (CAR files, SQLite) on local NVMe.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Adds optional sources field to social.coves.embed.external lexicon
to support aggregator megathreads that combine multiple news sources.
Changes:
- Add #source definition with uri, title, domain, and optional sourcePost
- Add sources array (max 50) to #external for aggregated links
- Add maxLength constraints to domain (253) and provider (100) fields
- Update descriptions to clarify primary vs aggregated content
This enables LLM aggregators to create megathread posts that reference
multiple source articles, with optional strongRef to existing Coves
posts for future feed deprioritization.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed camelCase NSIDs to lowercase to comply with atProto Lexicon
specification which requires NSIDs to use only lowercase letters:
- social.coves.actor.getProfile → social.coves.actor.getprofile
- social.coves.actor.updateProfile → social.coves.actor.updateprofile
Updated all code references including routes, tests, and documentation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Apply gofumpt formatting with extra-rules across all packages
- Fix mock interface signatures to match updated Service/Repository interfaces
- Fix ineffassign bugs in community_repo.go (sortColumn/sortOrder)
- Fix unchecked error returns in production code (register.go)
- Fix unchecked error returns in test files (defer closures)
- Optimize struct field alignment per govet fieldalignment
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Standardize import ordering and formatting using gofumpt.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>