bretton.dev
code
Clone this repository
https://tangled.org/bretton.dev/coves
git@knot.bretton.dev:bretton.dev/coves
For self-hosted knots, clone URLs may differ based on your setup.
**CONTEXT**: Pre-production system should not support V1 communities.
All communities must use V2 architecture from day one.
**CHANGES**:
1. **Jetstream Consumer** - Strict V2 validation:
- REJECT any community profile with rkey != "self"
- V1 used TID-based rkeys (e.g., "3km4..."), V2 uses "self"
- Removed V1 owner field handling
- Added clear error messages for V1 detection
2. **Lexicon Schema** - Removed V1 fields:
- Removed "owner" field (V1: owner != community DID)
- V2 principle: community IS the owner (self-owned)
3. **Domain Model** - Simplified ownership:
- Removed OwnerDID field from Community struct
- V2: owner_did always equals did (enforced at creation)
**V2 ARCHITECTURE PRINCIPLES**:
- Community owns its own PDS account (did)
- Community owns its own repository (at://did/...)
- Profile always at rkey="self" (not TID-based)
- Self-owned: owner_did == did (no separate owner)
**IMPACT**:
- Cleaner codebase without V1/V2 branching logic
- Prevents accidental V1 community creation
- Enforces architectural constraints at every layer
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
**PROBLEM**: PDS credentials were never saved to database, making it impossible
to update community profiles later or re-authenticate if tokens expire.
**ROOT CAUSE**: After provisioning PDS account and creating profile record,
credentials were only stored in memory (returned Community struct) but never
persisted via repository.Create().
**FIX**: Call repo.Create() immediately after PDS provisioning to persist:
- pds_access_token
- pds_refresh_token
- pds_url
- did (from PDS createAccount response)
**IMPACT**:
- Communities can now be updated using their own credentials
- Token refresh will work when access tokens expire
- Critical for V2 write-forward architecture (community updates own profile)
**ARCHITECTURE**:
This fix enables the proper V2 flow:
1. Create community → Store credentials in DB
2. Update community → Fetch credentials from DB → Authenticate as community → Write-forward to PDS
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixed syntax error in 005 migration where pds_url column was missing
a trailing comma, causing migration failures.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add goose Up/Down directives to OAuth indexes migration
- Remove WHERE clause from active sessions index (PostgreSQL immutability)
- Clean up unused cookieSecret variable in OAuth test
- Ensure migration rollback works correctly
- Update bluesky-social/indigo to latest (20251003000214)
- Add CLI utility dependencies (urfave/cli, blackfriday)
- Update golang.org/x/crypto and sync libraries
- Add golang.org/x/mod for module support
Product requirements document covering:
- Feature overview and goals
- Architecture decisions (V1: instance-scoped)
- atProto federation design
- Data model and relationships
- API specifications
- Future roadmap (V2: community-owned, V3: full federation)