bretton.dev
code
Clone this repository
https://tangled.org/bretton.dev/coves
git@knot.bretton.dev:bretton.dev/coves
For self-hosted knots, clone URLs may differ based on your setup.
- Add goose Up/Down directives to OAuth indexes migration
- Remove WHERE clause from active sessions index (PostgreSQL immutability)
- Clean up unused cookieSecret variable in OAuth test
- Ensure migration rollback works correctly
- Update bluesky-social/indigo to latest (20251003000214)
- Add CLI utility dependencies (urfave/cli, blackfriday)
- Update golang.org/x/crypto and sync libraries
- Add golang.org/x/mod for module support
Product requirements document covering:
- Feature overview and goals
- Architecture decisions (V1: instance-scoped)
- atProto federation design
- Data model and relationships
- API specifications
- Future roadmap (V2: community-owned, V3: full federation)
Test coverage:
- Repository layer: CRUD, subscriptions, search, pagination
- Consumer layer: Event handling, idempotency, filtering
- E2E: Write-forward → PDS → Firehose → Consumer → AppView → XRPC
E2E test validates:
- Full atProto write-forward architecture
- Real PDS integration (not mocked)
- Jetstream consumer indexing
- All XRPC HTTP endpoints
- Data consistency across layers
Test cleanup:
- Removed duplicate writeforward_test.go
- Removed incomplete xrpc_e2e_test.go
- Removed manual real_pds_test.go
- Kept only essential, non-overlapping tests
All tests passing ✅
- Initialize DID generator with PLC directory config
- Create Communities service with PDS connection
- Authenticate instance DID with PDS for write-forward
- Register XRPC HTTP routes
- Add graceful handling for PDS auth failures
Environment variables:
- IS_DEV_ENV: Enable dev mode (mock DID generation)
- PLC_DIRECTORY_URL: PLC directory endpoint
- PDS_URL: Personal Data Server URL
- PDS_INSTANCE_HANDLE: Instance handle for auth
- PDS_INSTANCE_PASSWORD: Instance password for auth
Endpoints implemented:
- GET /xrpc/social.coves.community.get - Retrieve by DID or handle
- GET /xrpc/social.coves.community.list - List with filters
- GET /xrpc/social.coves.community.search - Full-text search
- POST /xrpc/social.coves.community.create - Create community
- POST /xrpc/social.coves.community.subscribe - Subscribe to feed
- POST /xrpc/social.coves.community.unsubscribe - Unsubscribe
Security notes:
- TODO(Communities-OAuth): Authentication currently client-controlled
- MUST integrate OAuth middleware before production
- Authorization enforced at service layer
- Proper error mapping to HTTP status codes