Commit Graph

135 Commits

Author SHA1 Message Date
devin ivy 877e6293b9 pds: use entryway mock server for tests (#4757)
* pds: setup entryway mock server for tests, remove stale dep.

* changeset

* tidy test

* pds: tidy mock entryway
2026-04-24 16:35:18 -04:00
Matthieu Sieben b3ce11ae2e OAuth provider UI unification (#4820)
* refactor

* tidy

* tidy
2026-04-14 16:46:18 +02:00
Matthieu Sieben d0c136cba2 Move PDS code over to @atproto/lex (#4408) 2026-03-23 18:10:16 +01:00
Matthieu Sieben 6a88461c5a Allow processing of invalid lex data (#4761)
* Allow processing of responses with invalid lex data

* Apply suggestions from code review

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* add tests

* tidy

* Add non-strict validation mode to lex SDK (#4766)

* non-strict validation mode

* apply strict option to client responses

* update readme

* Apply suggestions from code review

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Allow `-1` BlobRef size in non-strict mode

* review comments

---------

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* tidy

* tidy

* tidy

* tidy

---------

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-03-19 13:50:11 +01:00
Matthieu Sieben cbbc03b6e4 Revert "non-strict validation mode"
This reverts commit 3d60e1af7c.
2026-03-18 15:13:36 +01:00
Matthieu Sieben 3d60e1af7c non-strict validation mode 2026-03-18 15:12:48 +01:00
Matthieu Sieben 3dc3791543 Add Standard Schema compatibility (#4734)
* Add [Standard Schema](https://standardschema.dev/) compatibility

* tidy

* tidy

* rename `StandardSchemaValidator` to `StandardSchemaAdapter`

* `LexValidationError` class now implements `ResultFailure`

* review comments

* add readme

* fix tests

* Add tests for StandardSchemaAdapter (`schema['~standard']`) (#4735)

* Initial plan

* Add StandardSchemaAdapter tests

Co-authored-by: matthieusieben <813661+matthieusieben@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: matthieusieben <813661+matthieusieben@users.noreply.github.com>

* changeset

* return `message` in `toJSON`

* review comments

* tidy

---------

Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: matthieusieben <813661+matthieusieben@users.noreply.github.com>
2026-03-10 16:39:39 +01:00
Matthieu Sieben f7c26103a6 Increase type strictness in @atproto/syntax (#4689)
* Increase type strictness in `@atproto/syntax`

* review comments

* wip

* make `rkey` and `collection` AtUri getters actually safe

* tidy

* tidy

* tidy

* changeset

* tidy

* tidy

* fix ci
2026-03-03 15:10:29 +01:00
Matthieu Sieben 1c473ab555 Update @atprto/lexicon-resolver to use Lex SDK (#4697)
Use Lex SDK as codegen for `@atprto/lexicon-resolver`
2026-03-03 13:57:33 +01:00
Matthieu Sieben e8969b6b3d Add Lex SDK support to @atproto/xrpc-server (#4691)
* Lex SDK error handling improvements

* Add support for method defined through `@atproto/lex` in addition to `@atproto/lexicon` "codegen"

* review comments

* tidy
2026-03-03 11:28:09 +01:00
Matthieu Sieben 52834aba18 Lex SDK error handling improvements (#4688)
* Lex SDK error handling improvements

* Allow `WWWAuthenticate` to have multiple challenges for the same scheme

* tidy

* add tests

* tests

* review comments

* tidy

* tidy

* tidy

* tidy
2026-03-02 15:37:00 +01:00
Matthieu Sieben a23d13268c OAuth client improvements (#4642)
* Delete any pre-existing OAuth session when a new one is created (for a given `sub`)

* OAuth client improvements

* tidy

* tidy

* tdy

* remove event-target-polyfill dep

* Update .changeset/neat-humans-fix.md

Co-authored-by: devin ivy <devinivy@gmail.com>

* tidy

---------

Co-authored-by: devin ivy <devinivy@gmail.com>
2026-02-19 15:21:00 +01:00
Matthieu Sieben 0e8d4bb62b Skip puppeteer download in build and verify steps (#4652)
* Skip puppeteer download in build and verify steps

* tidy

* tidy

* fix deps

* install puppeteer as pretest step

* cleanup
2026-02-18 17:43:38 +01:00
Matthieu Sieben a2e4e95847 Use fixed version in oauth-provider UI packages (#4619)
* Use fixed version in oauth-provider UI packages

* pnpm-lock
2026-02-06 15:02:12 +01:00
Matthieu Sieben 8a725a9d69 Change workspace version selector from workspace:* to workspace:^ 2026-01-28 16:42:44 +01:00
Eduardo Cuducos e6e43f3ad3 Adds GrowthBook feature flag for suggested users from Discover (#4526)
* Adds GrowthBook feature flag for suggested users from Discover

* Moves GrowthBook URL to envvar

* Reverts search feature

* Some minor fixes

* Adds GrowthBook feature flag for suggested users from Discover

* Moves GrowthBook URL to envvar

* Some minor fixes

* Keep search filtering exploration around but disable until migration

* Properly initialize GrowthBook client

* Cleans up

* Migrate flags

* Tweak context creation and types

* Add refetching and more error handling

* Rename config to be a little more clear

* Remove check validation, not needed

* Yeah ok we can do this

* Changeset

---------

Co-authored-by: Eric Bailey <git@esb.lol>
2026-01-23 12:56:10 -06:00
Matthieu Sieben ecf59214d5 Update performances of cbor encoding/decoding (#4572)
* Update performances of cbog encoding/decoding

* pnpm-lock

* tidy

* ci
2026-01-21 17:26:24 +01:00
Matthieu Sieben 99963d002a lex SDK improvements (#4571)
* Improve code coverage of `@atproto/lex-data` tests

* Improve typing of `@atproto/syntax` type assertion utilities

* Improve performance of `@atproto/lex-schema ` string format checking

* Remove `assertX` string format assertion utilities

* tidy

* tidy

* Rename `isLanguageString` to `validateLanguage`

* add string format utils

* tidy

* Refactor uri validation to use `@atproto/syntax`

* More language validation to @atproto/syntax
2026-01-21 16:15:47 +01:00
Matthieu Sieben aaedafc6ba Replace tap's event validation from "zod" to "@atproto/lex" (#4532)
* Replace `tap`'s event validation from "zod" to "@atproto/lex"

* Expose `record` data as parsed atproto data (including CIDs and Uint8Arrays)

* Minor change to validation of integers in lex data

* tidy

* tidy

* test using vitest

* add missing `tap` from root `tsconfig.json`
2026-01-20 14:11:24 +01:00
Matthieu Sieben 7310b9704d Fix behavior of "default" and assignment to LexValue (#4562)
* Fix inability to assign (object containing) open union results to `LexMap` type

* properly support and type default values

* strong cohesion

* changeset

* tidy

* Add validation error as cause when handling invalid records

* tidy

* Update `cborg` dependency, fixing encoding of strings with invalid surrogate pairs, and ignoring `undefined` object properties

* tidy

* Simplify encoding logic of `number`

* Improvements around usage of `noUndefinedVals`

* Memoize array schemas (without options)

* Memoize empty params schemas

* tidy

* tidy
2026-01-20 13:20:56 +01:00
David Buchanan 6c7160ff7b PDS: Stop probing image dimensions on blob upload (#4560)
* pds: stop probing image dimensions

* remove width and height from BlobMetadata

* remove image dimension checks from tests

* comment out width and height in Blob schema
2026-01-19 17:02:23 +00:00
Matthieu Sieben d78484f94d @atproto/lex improvements (bis) (#4512)
* `@atproto/lex` improvements (bis)

* tidy

* tidy
2026-01-08 15:31:49 +01:00
Matthieu Sieben 5b19d390b3 Rename lex-password-agent to lex-password-session (#4519)
* Rename `lex-password-agent` to `lex-password-session`

* tidy

* tidy

* tidy

* improve 2fa

* tests

* tidy

* tidy

* tidy

* tidy

* tidy
2026-01-08 15:02:44 +01:00
Matthieu Sieben 2f78893ace Small @atproto/lex improvements (#4501)
* Avoid escaping export identifier when it is a known global

* Use a record type instead of a record schema type as the generic parameter for `ListRecord`

* Export everything from `@atproto/lex-data` and `@atproto/lex-json`

* Add lex-json and lex-data to lex readme

* lock

* Apply defaults when running `schema.$build()` on objects and records.

* changeset

* simplify $Typed and $TypedMaybe

* tidy

* tidy

* Add `enumBlobRefs` utility function

* Add an `indexFile` option that allows generating an "index.ts" file that re-exports every tld namespaces.

* readme

* Add `base64ToUtf8` and `utf8ToBase64` utilities

* Add service auth authentication method
2026-01-06 15:47:13 +01:00
Daniel Holmgren e3357e9c78 Tap: Lex Indexer (#4483)
* initial pass

* tidying stuff up

* tidy types

* tests

* readme

* app.bsky -> com.exmaple

* changeset

* readme tweak

* pr feedback

* use new Main type

* simplify types a bit
2026-01-05 18:23:30 -06:00
Matthieu Sieben 9af7a2d122 Password based agent implementation (#4443)
* Password based agent implementation

* tidy

* tidy

* wip

* tidy

* wip

* tidy

* wip

* tests

* tidy

* websocket

* tidy

* tidy

* tidy

* tidy

* tidy

* tidy

* tidy

* tidy

* changeset

* codegen

* tidy

* tidy

* tidy

* tidy

* tests

* tidy

* tidy

* tests

* tidy

* tidy

* tidy

* wip

* tidy

* memoize

* tidy

* tests

* tidy

* files reorg

* Ensure that default values match constraints

* wip

* use vitest to test lex

* Add readme

* fix lint

* add vitest workspace config

* vitest config

* vitest-cfg

* tests

* ignore coverage

* tidy
2026-01-01 13:28:29 +01:00
Matthieu Sieben e6b6107e02 Lex SDK improvements (#4457)
* Lex SDK improvements

* changeset

* tidy

* tidy

* Fix `include` option in `tsconfig.test.json` files

* tidy

* ignore "require" in cjs files

* tidy

* tidy

* Improve error management

* rename xrpc-error file

* tests

* fix lint

* lint

* tidy

* puppeteer cache busting

* fix oauth tests

* tidy

* wip

* tidy

* tidy

* tidy

* Forbid use of unsafe integers
2025-12-17 16:14:15 +01:00
Daniel Holmgren b4a76bae7b Sync tool library (#4290)
* first pass

* tweaks

* tidy

* alt ack example

* websocket keep alive & callback/handler interface for channel

* simplify evt schemas

* readme

* thread through signal

* small fix

* router -> indexer & tidy wording

* small tweaks

* add type to ack msg

* pr feedback

* no implicit any

* resolve after buffered ack is actually sent

* create new websocket lib

* switch out ozone impl

* keepalive test

* remove websocket keepalive code from xrpc-server

* add the package in all the spots

* use websocket lib

* fix returned promise in simple-indexer

* websocket -> ws-client

* missed ref

* websocket -> ws-client

* nexus -> tap

* tidy readme

* admin password auth & fix some routes

* user evt -> identity evt

* small fixes

* add missing methods & types

* fix type in resolveDid

* update version

* pr feedback, assureAdminAUth util & README fixes

* more readme

* couple fixups

* lockfile

* tidy deps

* tests

* changesets

* lint readme

* add note to readme
2025-12-11 20:14:11 -06:00
Eric Bailey 90f15698ee Age Assurance V2 (#4407)
Age Assurance v2 endpoints and config
2025-12-02 10:58:29 -06:00
Matthieu Sieben 8012627a12 Migrate OAuth libs to new @atproto/lex utils (#4383)
* Migrate Oauth libs to new @atproto/lex utils

* pnpm-lock

* tidy

* fix

* tidy

* tidy

* tidy

* tidy

* Implement lex resolution logging through hooks
2025-12-01 12:24:01 +01:00
Matthieu Sieben 1d445af2a7 lex SDK improvements (#4390)
* Add `l.nullable` schema builder

* Use unique symbol to describe Validator type metadata

* fixup! Add `l.nullable` schema builder

* Rework object validation logic to work without `options` argument

* Do not use symbol for type inference

* Use `Issue` classes to represent validation issues

* Properly apply default value with `const` and `enum` schemas

* style

* Require `l.discriminatedUnion` discriminator field to be a literal or enum schema

* Add `l.refined` schema

* Add more lexicons document validation tests

* wip

* use "assert" fn

* rework refine system

* use assert instead of check fn

* tidy

* Rename schema methods `validate`, `check` and `maybe` to `safeParse`, `matches` and `ifMatches` respectively.

* docs

* changeset
2025-11-30 14:35:15 +01:00
Matthieu Sieben 0adc852c31 Use arrays for "account" permission action attributes (#4353)
* Use arrays for "account" permission `action` attributes

* Allow lexicon permission data to be readonly

* changeset

* tidy

* tidy

* tidy
2025-11-25 21:48:10 +01:00
Matthieu Sieben d396de016d Validate repo signature when fetching lexicon document with @atproto/lex-resolver (#4384)
* Expose `matchesIdentifier` and `extractAtprotoData` utilities.

* Update `formatDidKey` return type to `did🔑${string}`

* fixup! Expose `matchesIdentifier` and `extractAtprotoData` utilities.

* Validate repo signature when fetching lexicon document

* Use new lex-resolver proof as CID

* tidy

* tidy

* fic build

* fic build

* tidy

* tidy
2025-11-25 20:49:51 +01:00
Matthieu Sieben 46550d6c1f Release of @atproto/lex packages (#4371) 2025-11-24 23:18:28 +01:00
Matthieu Sieben 261968fd65 New TS SDK (#4366)
* lex

* packaging

* moke packaging

* revert test changes

* do not build temp

* tidy

* automatically build the list of `@atproto/lex/com` lexicons

* fix build

* Remove "com" export

* ridy

* remove manifest option

* tidy

* rename

* tidy

* tidy

* tidy

* tests

* add procedure params

* stricter tests

* tidy

* Improve ui8 parsing

* tidy

* tidy

* code split

* code split

* fix reserved keywords conflict

* exclude packages/lex/src/tests/lexicons from lint

* reserved keywords

* safe identifier

* fix build

* move lib.js to src/lib.ts

* Move tests dir

* fix ci ?

* increast lint size

* Remove `Record` type alias for recordsz

* fix package json exports

* Add support for unsafe characters in defs and nsids

* tidy

* token tests

* tidy

* name consistency

* remove unused `unknownKeys` params option

* Fix "moving" keys in `DictSchema` (remove `IntersectionSchema`)

* REview comments

* adapt shebang in `env`

* Make sure union object have their $type property set in typings

* fix

* Improve typing of `UnknownTypedObject`

* lex improvements

* code reorg

* split lex-builder

* tidy

* improve packaging

* rename lex-validation to lex-schema

* lex client

* rename prettifier option

* add lex-client as dependency to "lex"

* Export client as part of main export

* re-write example app using @atproto/lex

* add missing lex-client to tsconfig

* tidy

* add "null" schema type

* Smaller bundle code footprint

* tidy

* correctness

* tidy

* code split and improved testing

* tidy

* refactor common utils

* test all implementations

* improve tests

* tidy

* fix build

* fixes

* tidy

* lint

* tests

* tidy

* fix oauth-example app

* tidy

* tidy

* tests

* tidy

* Return an actual `Uint8Array` from `fromBase64Node`

* tidy

* adapt xrpc-server

* Rename `Lex` to `LexValue`

* minor fixes

* fix tests

* fix tests

* tidy

* fix

* tidy

* tidy

* fix `verifyCidForBytes` implementation

* fix imports

* tidy

* split lex-json in own package

* make base64 tests faster

* Add interop tests

* lint error

* tidy

* tidy

* changeset

* implement lex-resolver and lex-install

* remove need for polyfill

* readme

* more details

* tidy

* allow specifying `service` header on a per request basis

* tidy

* tidy

* tidy

* tidy

* add custom/intersection validation schemas

* tidy

* tidy

* remive un-necessary util

* improve typing of `l.object` output

* make "name" required in lexicon method errors

* fix tests

* tidy

* tidy

* add error responses

* update readme

* add "like " to example

* readme improvements

* tidy

* error management improvements

* Improve error results

* tidy

* refactor

* tidy

* lock

* Update binary to `ts-lex`

* tidy

* tidy

* Add "Overview" section

* fix build

* update bin

* readme-improvements

* paul's feedback

* Update packages/lex/lex/README.md

Co-authored-by: Daniel Holmgren <dtholmgren@gmail.com>

* Update packages/lex/lex/README.md

Co-authored-by: Daniel Holmgren <dtholmgren@gmail.com>

* Update packages/lex/lex/README.md

Co-authored-by: Daniel Holmgren <dtholmgren@gmail.com>

* Update packages/lex/lex/README.md

Co-authored-by: Daniel Holmgren <dtholmgren@gmail.com>

* Update packages/lex/lex/README.md

Co-authored-by: Daniel Holmgren <dtholmgren@gmail.com>

* Initial plan

* Address README review comments

Co-authored-by: matthieusieben <813661+matthieusieben@users.noreply.github.com>

* Clarify client configuration inheritance behavior

Co-authored-by: matthieusieben <813661+matthieusieben@users.noreply.github.com>

* Document allowLegacyBlobs default and compatibility implications (#15)

* Initial plan

* Add notes about default setting and compatibility for allowLegacyBlobs

Co-authored-by: matthieusieben <813661+matthieusieben@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: matthieusieben <813661+matthieusieben@users.noreply.github.com>

* Rename `Json` to `JsonValue` in lex-json package (#14)

* Initial plan

* Rename Json to JsonValue in lex-json package and dependent packages

Co-authored-by: matthieusieben <813661+matthieusieben@users.noreply.github.com>

* Remove import alias for JsonValue in ipld.ts

Co-authored-by: matthieusieben <813661+matthieusieben@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: matthieusieben <813661+matthieusieben@users.noreply.github.com>

* Update packages/lex/lex/README.md

Co-authored-by: Paul Frazee <pfrazee@gmail.com>

* Update packages/lex/lex/README.md

Co-authored-by: Paul Frazee <pfrazee@gmail.com>

* Update packages/lex/lex/README.md

Co-authored-by: Paul Frazee <pfrazee@gmail.com>

* Update packages/lex/lex/README.md

Co-authored-by: Paul Frazee <pfrazee@gmail.com>

* Update packages/lex/lex/README.md

Co-authored-by: Paul Frazee <pfrazee@gmail.com>

* Update packages/lex/lex/README.md

Co-authored-by: Paul Frazee <pfrazee@gmail.com>

* review comments and fixes

* Add lex to the dockerfiles

* tidy

* changeset for lex packages

* tidy

* Tidy

* tidy

* tidy

* Move language parsing to lex-data

* tidy

* doctoc

* error handling

* tidy

* tidy

* tidy

* fix

---------

Co-authored-by: Daniel Holmgren <dtholmgren@gmail.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: matthieusieben <813661+matthieusieben@users.noreply.github.com>
Co-authored-by: Paul Frazee <pfrazee@gmail.com>
2025-11-24 21:01:16 +01:00
Daniel Holmgren 1dd20d3a81 WebSocket Library (#4348)
* create new websocket lib

* switch out ozone impl

* keepalive test

* remove websocket keepalive code from xrpc-server

* add the package in all the spots

* websocket -> ws-client

* missed ref

* fix import in ozone test
2025-11-18 17:34:41 -06:00
Matthieu Sieben d764c54fe4 Minor oauth-client-browser-example improvements (#4311)
* Minor oauth-client-browser-example improvements

* pnpm lock
2025-10-28 16:00:06 +01:00
Matthieu Sieben 1a7bd8c0d2 Remove abortcontroller-polyfill from @atproto/oauth-client-expo (#4300)
* Remove `abortcontroller-polyfill` that was causing "Property 'DOMException' doesn't exist" errors

* changeset
2025-10-24 12:38:31 +02:00
Matthieu Sieben 09439d7d68 OAuth client improvements (#4216)
* wip

* Various OAuth client & API improvements

* pnpm lock

* Minor typing improvements

* ci

* fix
2025-10-02 16:21:17 +02:00
Matthieu Sieben fefe70126d oauth-client-expo (#4220)
* `oauth-client-expo`

* working on android

* remove example app

* tidy

* tidy

* Do not install full expo

* tidy

* chngeset

* chngeset

* load expo

* tidy
2025-10-02 11:59:16 +02:00
Matthieu Sieben 8914f9abde Allow encoding scope claims of oauth access token JWT (#4149)
* Refactor token decoding

* Add scope decoder to pds

* tidy

* tidy

* tidy

* tidy

* review changes

* Add scope normzlization utility

* wording in lexicon

* Add specific error

* style

* tidy

* Update `AccessTokenMode` enum values to be more meaningful

* tidy

* Update .changeset/brown-boxes-bow.md

Co-authored-by: devin ivy <devinivy@gmail.com>

* Add retry strategy

* lint

* lint

---------

Co-authored-by: devin ivy <devinivy@gmail.com>
2025-09-09 12:13:34 +02:00
Matthieu Sieben 055a413fba InternalServerError when creating records (#4169)
* Various perf fixes

* add transaction assertions

* tidy

* changeset

* tidy

* Update packages/aws/src/s3.ts

* tidy

* Apply suggestions from code review

* tidy

* Update .changeset/chilled-shirts-ring.md

Co-authored-by: devin ivy <devinivy@gmail.com>

* Update .changeset/stale-rocks-press.md

* Update packages/pds/src/actor-store/blob/transactor.ts

Co-authored-by: devin ivy <devinivy@gmail.com>

* build

* revert blob upload logic

* tidy

* use `uploadTimeoutMs` as default for `requestTimeoutMs`

* review coments

* chngeset

* tidy

---------

Co-authored-by: devin ivy <devinivy@gmail.com>
Co-authored-by: David Buchanan <david@blueskyweb.xyz>
2025-09-08 18:40:56 +02:00
Matthieu Sieben f9dc9aa4c9 Permission set (#4108)
* Export constants and type assertion utilities

* Add permission set support to oauth provider

* improve permission set parsing

* Rename `PermissionSet` to `ScopePermissions`

* Improve performance of NSID validation

* Add support for `permission-set` in lexicon document

* Validate NSID syntax using `@atproto/syntax`

* Export all types used in public interfaces (from `lexicon-resolver`)

* Small performance improvement

* Rework scope parsing utilities to work with Lexicon defined permissions

* file rename

* fixup! Rework scope parsing utilities to work with Lexicon defined permissions

* removed outdated comment

* removed outdated comment

* fix comment typo

* Improve `SimpleStore` api

* permission-set NSID auth scopes

* Remove dev dependency on dev-env

* fix build script

* pnpm-lock

* Improve fetch-node unicast protection

* Explicitly set the `redirect: "follow"` `fetch()` option

* Add delay when building oauth-provider-ui in watch mode

* Remove external dependencies from auth-scopes

* Add customizable lexicon authority to pds (for dev purposes)

* fix pds migration

* update permission-set icon

* Add support for `include:` syntax in scopes

* tidy

* Renaming of "resource" concept to better reflect the fact that not all oauth scope values are about resources

* changeset

* ui improvmeents

* i18n

* ui imporvements

* add `AtprotoAudience` type

* Enforce proper formatting of audience (atproto supported did + fragment part)

* tidy

* tidy

* tidy

* fix ci ?

* ci fix ?

* tidy ?

* Apply consistent outline around focusable items

* Use `inheritAud: true` to control `aud` inheritance

* Update packages/oauth/oauth-provider/src/lexicon/lexicon-manager.ts

Co-authored-by: devin ivy <devinivy@gmail.com>

* Review comments

* Add `nsid` property to `LexiconResolutionError`

* improve nsid validation

* i18n

* Improve oauth scope parsing

* Simplify lex scope parsing

* tidy

* docs

* tidy

* ci

* Code simplification

* tidy

* improve type safety

* improve deps graph

* naming

* Improve tests and package structure

* Improve error when resolving a non permission-set

* improve nsid parsing perfs

* benchmark

* Refactor ozone and lexicon into using a common service profile mechanism

* improve perfs

* ci fix (?)

* tidy

* Allow storage of valid lexicons in lexicon store

* Improve handling of lexicon resolution failures

* review comment

* Test both regexp and non regexp based nsid validation

* properly detect presence of port number in https did:web

* Re-enable logging of `safeFetch` requests

* tidy

---------

Co-authored-by: devin ivy <devinivy@gmail.com>
2025-08-29 12:19:19 +02:00
Matthieu Sieben 9d22305f71 Fix circular dev dependencies and build scripts (#4124)
* fix build script

* Remove dev dependency on dev-env

* pnpm-lock
2025-08-21 16:02:54 +02:00
devin ivy 331a356ce2 Lexicon resolver package (#4069)
* lexicon: doc validation compatibility with published lexicons

* lexicon-resolver: setup new package

* lexicon-resolver: implement record resolution

* lexicon-resolver: implement lexicon resolution

* lexicon-resolver: test record resolution

* repo: add option to verify CIDs found in CARs. tidy.

* lexicon-resolution: verify CIDs in proof CAR

* lexicon-resolution: tests and fixes

* tidy

* lexicon-resolution: add entrypoint

* lexicon-resolver: tidy errors

* lexicon-resolver: readme

* lexicon-resolver: changeset

* prettier

* eslint

* tidy

* tidy

* tidy

* enable CID-to-content verification within CARs by default

* lexicon-resolver: tidy types, application of defaults, gitattributes

* lexicon-resolver: add interface and builder fn for lexicon and record resolvers

* lexicon-resolver: update readme

* tidy

* lexicon-resolver: cover error cases in record resolution

---------

Co-authored-by: Matthieu Sieben <matthieu.sieben@gmail.com>
2025-08-17 22:45:51 -04:00
Matthieu Sieben 8602827985 Prevent cookie from being downgraded when doing "pnpm up" (#4098) 2025-08-12 17:35:02 +02:00
Matthieu Sieben 396ab57ed0 Fix warnings during build (#4096)
* Fix warnings during build

* Update caniuse-lite
2025-08-12 17:15:23 +02:00
Matthieu Sieben 1899b1fc16 OAuth scopes (#3806)
* style: prefix `id` and `uri` with `request` where applicable

* Dynamically validate OAuth scopes

* Allow configuring trusted OAuth clients

* Improve client validation

* Rework authorization to work with permissions

* Review changes

* fix permissions

* tidy

* Drop authorization result

* unused code cleanup

* fix preferences auth

* remove redundant check in `applyWrites`

* style

* Remove need to specify "scopes" in authorized auth strategy

* fixup! Remove need to specify "scopes" in authorized auth strategy

* split authorized and oauth auth methods

* Require explicit opt-in for takendown

* fix tests

* rollback redundant permissions mechanism

* tidy

* Fix tests

* tidy

* tidy

* pr changes

* remove hack allowing access to full preferences

* always specify authorize method

* Add OAuth scope parsing & matching

* tidy

* add support for oauth scopes in client

* review changes

* Small xrpc-server optimizations

* pr comments

* Review comments

* refactor: move oauth scopes parser & checker in own package

* code simplification

* Allow multiple collections in `repo` scopes.
Allow wildcard action in `repo` scopes.
Require action in `repo` scopes.

* Rename `emailUpdate` to `email-update` in `account` scope params.
Add wildcard (`*`) in `account` and `identity` scopes.

* tidy

* add oauth-scopes package to PDS Dockerfile

* unit tests

* Syntax rework

* adapt to latest scope definition

* Add missing tests

* Render scopes in UI

* fix build

* fixes and tests

* improve ui

* tidy

* tidy

* ui improvements

* tidy

* fr messages

* tidy

* improve consent screen ui

* fix test

* tidy

* improve dx

* Remove `transition:` scopes from `scopes_supported` authorization server metadata

* Hide blob scope if no repo scope present

* changeset

* Remove the `action` param from the `identity` scope

* fix html syntax

* simplified wording

* Make `account:email` scope optional (#4089)

* Make `account:email` scope optional

* tidy

* tidy

* tidy

* tidy

* fix

* tidy

* review comments

* tidy

* refactor: remove redundant tests for identity scope parsing and matching

* minor ui fixes

* fix "back" label not translated

* ui improvements

* fix tests
2025-08-12 13:13:14 +02:00
Matthieu Sieben 43fbeda63e Update cookie dependency (#4092) 2025-08-12 09:49:14 +02:00
rafael 534bea0a98 Fixes on handle suggestions (#4055) 2025-07-18 12:12:09 -03:00