chore: update docker/setup-buildx-action to v2

* wip

* working into cfg & dev-env

* fix appview test util

* bump xrpc server version

* no check did on deciding to mount appview proxy

* Lexicon updates for getting mod reports by active action type

* Update pds and bsky to support getting mod reports by active action type

* allow bringing your own did

* tests + tidy

* one more check/test

* fix typo

* better err names

* Add lexicons for account preferences

* Move prefs to app.bsky, codegen

* Setup model and services for user prefs

* Setup xrpc methods for prefs

* Test preferences, fixes

* Tidy

* Tidy

---------

Co-authored-by: Devin Ivy <devinivy@gmail.com>

* possible schemas

* more lexicons

* codegen

* tables

* hook up processor

* getlist route

* add getListBlocks route

* migration

* didnt save something

* add reason + facets

* description facets

* get facets into db

* add to accnt deletion tests before i forget

* tests & bugfixes

* quickfix

* move defs to .graph

* add purpose

* remove unused actor defs

* add creator info to list view

* refactor to graph service

* lexicons

* impl

* writer methods

* bug in accnt service

* handle blobs

* tests

* fix typos

* tidy

* fix snap

* pr feedback

* missed drop index in migration

* remove listitem reason

* allow puts for lists

* make mute lists idempotent

* test mute list updates

* fix up

* fix err test

* update snap

* Add block record duplicate detection

* Update packages/pds/src/services/record/index.ts

---------

Co-authored-by: Daniel Holmgren <dtholmgren@gmail.com>

* Update zod version, some perf improvements

* Fix circular type ref

* pds: place-holder robots.txt and / (as txt)

robots.txt: want to be explicit about allowing crawling (generically)

/: a bit of dev-experience polish. in prod we already redirect this
route, but may be helpful for self-hosting folks and people just
exploring

* pds: move basic routes (health, robots.txt, /) to separate file

Improve BskyAgent performance

By using z.discriminatedUnion instead of z.union
we can hint to zod at which field it should look when
validating/parsing schemas

This improves BskyAgent instantiation time around 4 times,
when creating 10 agents using stuff from #1015,
the time went down from ~1200ms to 330ms

* invalidatedBy -> invalidated

* fix test

* dont remake fkey constraint sqlite

* sqlite migration

* appeasing sqlite

* sqlite finally happy?

* Fix sqlite migration, run proxy tests thru postgres when configured

* Fix pg schemas in proxy tests

---------

Co-authored-by: Devin Ivy <devinivy@gmail.com>

* handles: test 'dotless' disallowed; move .arpa/.local proto-level test

* handles: disallow infra/reserved handles

* Normalize record datetimes used for sort to simplified iso

* Update tests and snapshots for alternate valid datetime formats

* Fix notifications race during record update

* enable disabling account invites

* xtra test

* couple fixes

* allow re-enabling user accoutn invites

* add in getter route for if invites are disabled or not

* fix admin search test

* gneerated type on user account

no invalidate on blob deletion

* tidy rebase query

* add rebase route

* bring tests up to speed

* add tx check

* changes to clean up whats hot

* fix test

* add quote posts back in & use underwear label instead of no-promote

* tidy

* Add indexes to support account deletion

* Temporarily skip index creation in migration

Update README.md

fix: add updated node-gyp dep

This fixes better-sqlite3 from using an old version of node-gyp to build from source.

give notifs in blessed hell thread

do not give deeply nested notifs

do not filter on negative labels on whats hot

* lex: 'escalate' mod action type

* api: codegen for escalate mod action type

* pds: codegen+impl esclate mod action type

* bsky: codegen+impl esclate mod action type

* pds: prettier:fix

* Tidy

---------

Co-authored-by: Devin Ivy <devinivy@gmail.com>

* Delete user state on account delete

* blocks too

* delete dereferenced blobs

* invalidate cache for delete blobs

* start testing

* test & cleanup

* rm blob cleanup logic on rebases

* make disk blob deletes idempotent

* move blob deletion to background queue

* drafted security policy

* update email

* update wording

* more words

* avoid seq loop

* tidy

* comments

filter server side labels

* Perform takedown then background hard-deletion process for deleteAccount

* Remove transactions from account deletion process, perform steps sequentially

* Disallow writes of bad records

* Increase obj depth to hit stack issue on more systems

* Add hostname and protocol validation for pds in getBlob()

Hostname and protocol validation for the pds' url in the getBlob() to prevent potential SSRF (Server-Side Request Forgery) attacks by ensuring that only valid protocols and hostnames are used in the URL. Function also will now throw a 400 error if detects any invalid.

* Migrate changes

* delete the line with console.log...

* wip

* split out seq invalidations

* wip

* fix

* comments

* 2 db hits

* cleanup

* re-add comment

* Return `XRPCError` instead of 404 if a handler errors

Currently, if there is an uncaught error inside a handler, a 404 response is returned instead of the error itself. This fixes that.

* Catch it in the higher-level catch block

* Add test

* merge

* Improve test

The name length limit is 128 not 127.

* Some improvements for tid.ts

* refactor dedash helper

* tripple equal

* run prettify

Somehow the output of this log line has been ending up in datadog under
the wrong 'service' (with the 'service' being an "wss://"-prefixed URL,
not "pds" or "bav" or whatever expected).

Tweaks the 'service' key, and some others that might have conflict.

* Improve readability in `instanceof` assertions

* Remove unused import

* enforce constraint for one handle per domain

* tweak + tests

add includeNsfw flag for whats hot

* tweak whats hot

* couple fixes & test