CLAUDE.md at main · smokesignal.events/atproto-identity-rs

smokesignal.events / atproto-identity-rs
A library for ATProtocol identities.
atproto-identity-rs / CLAUDE.md
at main 10 kB view raw view rendered
  1# CLAUDE.md
  2
  3This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
  4
  5## Project Overview
  6
  7This is `atproto-identity`, a comprehensive Rust library for AT Protocol identity management. The project provides full functionality for DID resolution, handle resolution, and identity document management across multiple DID methods.
  8
  9## Common Commands
 10
 11- **Build**: `cargo build`
 12- **Build with CLI tools**: `cargo build --features clap,hickory-dns --bins`
 13- **Run tests**: `cargo test`
 14- **Run specific test**: `cargo test test_name`
 15- **Check code**: `cargo check`
 16- **Format code**: `cargo fmt`
 17- **Lint**: `cargo clippy`
 18
 19### CLI Tools (require --features clap)
 20
 21All CLI tools now use clap for consistent command-line argument processing. Use `--help` with any tool for detailed usage information.
 22
 23#### Identity Management
 24- **Resolve identities**: `cargo run --features clap,hickory-dns --bin atproto-identity-resolve -- <handle_or_did>`
 25- **Resolve with DID document**: `cargo run --features clap,hickory-dns --bin atproto-identity-resolve -- --did-document <handle_or_did>`
 26- **Generate keys**: `cargo run --features clap --bin atproto-identity-key -- generate p256` (supports p256, p384, k256)
 27- **Sign data**: `cargo run --features clap --bin atproto-identity-sign -- <did_key> <json_file>`
 28- **Validate signatures**: `cargo run --features clap --bin atproto-identity-validate -- <did_key> <json_file> <signature>`
 29
 30#### Attestation Operations
 31- **Sign records (inline)**: `cargo run --package atproto-attestation --features clap,tokio --bin atproto-attestation-sign -- inline <source_record> <signing_key> <metadata_record>`
 32- **Sign records (remote)**: `cargo run --package atproto-attestation --features clap,tokio --bin atproto-attestation-sign -- remote <source_record> <repository_did> <metadata_record>`
 33- **Verify records**: `cargo run --package atproto-attestation --features clap,tokio --bin atproto-attestation-verify -- <record>` (verifies all signatures)
 34- **Verify attestation**: `cargo run --package atproto-attestation --features clap,tokio --bin atproto-attestation-verify -- <record> <attestation>` (verifies specific attestation)
 35
 36#### Record Operations
 37- **Generate CID**: `cat record.json | cargo run --features clap --bin atproto-record-cid` (reads JSON from stdin, outputs CID)
 38
 39#### Client Tools
 40- **App password auth**: `cargo run --features clap --bin atproto-client-app-password -- <subject> <access_token> <xrpc_path>`
 41- **Session auth**: `cargo run --features clap --bin atproto-client-auth -- login <identifier> <password>`
 42- **DPoP client**: `cargo run --features clap --bin atproto-client-dpop -- <subject> <private_dpop_key> <access_token> <xrpc_path>`
 43
 44#### Streaming and OAuth
 45- **Jetstream consumer**: `cargo run --features clap --bin atproto-jetstream-consumer -- <hostname> <zstd_dictionary>`
 46- **OAuth tool**: `cargo run --features clap --bin atproto-oauth-tool -- login <private_signing_key> <subject>`
 47- **XRPCS service**: `cargo run --features clap --bin atproto-xrpcs-helloworld`
 48
 49## Architecture
 50
 51A comprehensive Rust workspace with multiple crates:
 52- **atproto-identity**: Core identity management with 11 modules (resolve, plc, web, model, validation, config, errors, key, storage_lru, traits, url)
 53- **atproto-attestation**: CID-first attestation utilities for creating and verifying record signatures
 54- **atproto-record**: Record utilities including TID generation, AT-URI parsing, and CID generation
 55- **atproto-client**: HTTP client with OAuth and identity integration
 56- **atproto-jetstream**: WebSocket event streaming with compression
 57- **atproto-oauth**: OAuth workflow implementation with DPoP, PKCE, JWT, and storage abstractions
 58- **atproto-oauth-aip**: AT Protocol OAuth AIP (Identity Provider) implementation with PAR support
 59- **atproto-oauth-axum**: Axum web framework integration for OAuth
 60- **atproto-xrpcs**: XRPC service framework
 61- **atproto-xrpcs-helloworld**: Complete example XRPC service
 62
 63Features:
 64- **13 CLI tools** with consistent clap-based command-line interfaces (optional via `clap` feature)
 65- **Rust edition 2024** with modern async/await patterns
 66- **Comprehensive error handling** with structured error types
 67- **Full test coverage** with unit tests across all modules
 68- **Modern dependencies** for HTTP, DNS, JSON, cryptographic operations, and WebSocket streaming
 69- **Storage abstractions** with LRU caching support (enabled by default via `lru` feature)
 70- **DNS resolution** with Hickory DNS support (enabled by default via `hickory-dns` feature)
 71- **Secure memory handling** (optional via `zeroize` feature)
 72
 73## Error Handling
 74
 75All error strings must use this format:
 76
 77    error-atproto-identity-<domain>-<number> <message>: <details>
 78
 79Example errors:
 80
 81* error-atproto-identity-resolve-1 Multiple DIDs resolved for method
 82* error-atproto-identity-plc-1 HTTP request failed: https://google.com/ Not Found
 83* error-atproto-identity-key-1 Error decoding key: invalid
 84
 85Errors should be represented as enums using the `thiserror` library when possible using `src/errors.rs` as a reference and example.
 86
 87Avoid creating new errors with the `anyhow!(...)` macro.
 88
 89When a function call would return `anyhow::Error`, use the following pattern to log the error in addition to any code specific handling that must occur:
 90
 91```
 92If let Err(err) = result {
 93    tracing::error!(error = ?error, "Helpful contextual log line.");
 94}
 95```
 96
 97## Result
 98
 99Functions that return a `Result` type should use `anyhow::Result` where second Error component of is one of the error types defined in `src/errors.rs`.
100
101## Logging
102
103Use tracing for structured logging.
104
105All calls to `tracing::error`, `tracing::warn`, `tracing::info`, `tracing::debug`, and `tracing::trace` should be fully qualified.
106
107Do not use the `println!` macro in library code.
108
109Async calls should be instrumented using the `.instrument()` that references the `use tracing::Instrument;` trait.
110
111## Command-Line Interface Pattern
112
113All CLI tools use the clap library with derive macros for consistent command-line argument processing:
114
115- **Optional dependency**: clap is an optional dependency in each crate via `clap = { workspace = true, optional = true }`
116- **Feature-gated**: All binaries require the `clap` feature via `required-features = ["clap"]`
117- **Derive pattern**: Use `#[derive(Parser)]` and `#[derive(Subcommand)]` for command structures
118- **Comprehensive help**: Include detailed help documentation in clap attributes
119- **Consistent structure**: Use structured arguments with proper types rather than manual parsing
120
121Example command structure:
122```rust
123#[derive(Parser)]
124#[command(
125    name = "tool-name",
126    version,
127    about = "Brief description",
128    long_about = "Detailed description with examples"
129)]
130struct Args {
131    /// Argument description
132    positional_arg: String,
133    
134    /// Optional flag description
135    #[arg(long)]
136    optional_flag: bool,
137}
138```
139
140## Module Structure
141
142### Core Library Modules (atproto-identity)
143- **`src/lib.rs`**: Main library exports
144- **`src/resolve.rs`**: Core resolution logic for handles and DIDs, DNS/HTTP resolution
145- **`src/plc.rs`**: PLC directory client for did:plc resolution
146- **`src/web.rs`**: Web DID client for did:web resolution and URL conversion
147- **`src/model.rs`**: Data structures for DID documents and AT Protocol entities
148- **`src/validation.rs`**: Input validation for handles and DIDs
149- **`src/config.rs`**: Configuration management and environment variable handling
150- **`src/errors.rs`**: Structured error types following project conventions
151- **`src/key.rs`**: Cryptographic key operations including signature validation and key identification for P-256, P-384, and K-256 curves
152- **`src/storage_lru.rs`**: LRU-based storage implementation (requires `lru` feature)
153- **`src/traits.rs`**: Core trait definitions for identity resolution and key resolution
154- **`src/url.rs`**: URL utilities for AT Protocol services
155
156### CLI Tools (require --features clap)
157
158#### Identity Management (atproto-identity)
159- **`src/bin/atproto-identity-resolve.rs`**: Resolve AT Protocol handles and DIDs to canonical identifiers
160- **`src/bin/atproto-identity-key.rs`**: Generate and manage cryptographic keys (P-256, P-384, K-256)
161- **`src/bin/atproto-identity-sign.rs`**: Create cryptographic signatures of JSON data
162- **`src/bin/atproto-identity-validate.rs`**: Validate cryptographic signatures
163
164#### Attestation Operations (atproto-attestation)
165- **`src/bin/atproto-attestation-sign.rs`**: Sign AT Protocol records with inline or remote attestations using CID-first specification
166- **`src/bin/atproto-attestation-verify.rs`**: Verify cryptographic signatures on AT Protocol records with attestation validation
167
168#### Record Operations (atproto-record)
169- **`src/bin/atproto-record-cid.rs`**: Generate CID (Content Identifier) for AT Protocol records using DAG-CBOR serialization
170
171#### Client Tools (atproto-client)
172- **`src/bin/atproto-client-app-password.rs`**: Make XRPC calls using app password authentication
173- **`src/bin/atproto-client-auth.rs`**: Create and refresh authentication sessions
174- **`src/bin/atproto-client-dpop.rs`**: Make XRPC calls using DPoP (Demonstration of Proof-of-Possession) authentication
175
176#### Streaming and Services
177- **`crates/atproto-jetstream/src/bin/atproto-jetstream-consumer.rs`**: Consume AT Protocol events via WebSocket streaming
178- **`crates/atproto-oauth/src/bin/atproto-oauth-service-token.rs`**: OAuth service token management tool for AT Protocol authentication workflows
179- **`crates/atproto-oauth-axum/src/bin/atproto-oauth-tool.rs`**: OAuth authentication workflow management
180- **`crates/atproto-xrpcs-helloworld/src/main.rs`**: Complete example XRPC service with DID web functionality
181
182## Documentation
183
184All public and exported types, methods, and variables must be documented.
185
186All source files must have high level module documentation.
187
188Documentation must be brief and specific.