+2 -1

Cargo.toml

··· 8 "crates/atproto-oauth", 9 "crates/atproto-record", 10 "crates/atproto-xrpcs-helloworld", 11 - "crates/atproto-xrpcs", "crates/atproto-lexicon", 0 12 ] 13 resolver = "3" 14

··· 8 "crates/atproto-oauth", 9 "crates/atproto-record", 10 "crates/atproto-xrpcs-helloworld", 11 + "crates/atproto-xrpcs", 12 + "crates/atproto-lexicon", 13 ] 14 resolver = "3" 15

+7 -4

Dockerfile

··· 19 # Build all binaries in release mode 20 # This will build all binaries defined in the workspace: 21 # - atproto-identity: 4 binaries (resolve, key, sign, validate) 22 - # - atproto-record: 2 binaries (sign, verify) 23 # - atproto-client: 3 binaries (auth, app-password, dpop) 24 # - atproto-oauth: 1 binary (service-token) 25 # - atproto-oauth-axum: 1 binary (oauth-tool) 26 # - atproto-jetstream: 1 binary (jetstream-consumer) 27 # - atproto-xrpcs-helloworld: 1 binary (xrpcs-helloworld) 28 - # Note: atproto-identity-resolve requires hickory-dns feature 0 29 RUN cargo build --release --bins -F clap,hickory-dns,zeroize,tokio 30 31 # Runtime stage - use distroless for minimal attack surface ··· 48 COPY --from=builder /usr/src/app/target/release/atproto-oauth-tool . 49 COPY --from=builder /usr/src/app/target/release/atproto-xrpcs-helloworld . 50 COPY --from=builder /usr/src/app/target/release/atproto-jetstream-consumer . 0 51 52 # Default to the main resolution tool 53 # Users can override with specific binary: docker run <image> atproto-identity-resolve --help ··· 56 # docker run <image> atproto-record-sign --help 57 # docker run <image> atproto-client-auth --help 58 # docker run <image> atproto-oauth-service-token --help 59 - # docker run <image> atproto-oauth-tool --help 60 # docker run <image> atproto-xrpcs-helloworld --help 61 # docker run <image> atproto-jetstream-consumer --help 0 62 CMD ["atproto-identity-resolve", "--help"] 63 64 # Add labels for documentation ··· 70 LABEL org.opencontainers.image.licenses="MIT" 71 72 # Document available binaries 73 - LABEL binaries="atproto-identity-resolve,atproto-identity-key,atproto-identity-sign,atproto-identity-validate,atproto-record-sign,atproto-record-verify,atproto-client-auth,atproto-client-app-password,atproto-client-dpop,atproto-oauth-service-token,atproto-oauth-tool,atproto-jetstream-consumer,atproto-xrpcs-helloworld"

··· 19 # Build all binaries in release mode 20 # This will build all binaries defined in the workspace: 21 # - atproto-identity: 4 binaries (resolve, key, sign, validate) 22 + # - atproto-record: 2 binaries (sign, verify) 23 # - atproto-client: 3 binaries (auth, app-password, dpop) 24 # - atproto-oauth: 1 binary (service-token) 25 # - atproto-oauth-axum: 1 binary (oauth-tool) 26 # - atproto-jetstream: 1 binary (jetstream-consumer) 27 # - atproto-xrpcs-helloworld: 1 binary (xrpcs-helloworld) 28 + # - atproto-lexicon: 1 binary (lexicon-resolve) 29 + # Note: atproto-identity-resolve and atproto-lexicon-resolve require hickory-dns feature 30 RUN cargo build --release --bins -F clap,hickory-dns,zeroize,tokio 31 32 # Runtime stage - use distroless for minimal attack surface ··· 49 COPY --from=builder /usr/src/app/target/release/atproto-oauth-tool . 50 COPY --from=builder /usr/src/app/target/release/atproto-xrpcs-helloworld . 51 COPY --from=builder /usr/src/app/target/release/atproto-jetstream-consumer . 52 + COPY --from=builder /usr/src/app/target/release/atproto-lexicon-resolve . 53 54 # Default to the main resolution tool 55 # Users can override with specific binary: docker run <image> atproto-identity-resolve --help ··· 58 # docker run <image> atproto-record-sign --help 59 # docker run <image> atproto-client-auth --help 60 # docker run <image> atproto-oauth-service-token --help 61 + # docker run <image> atproto-oauth-tool --help 62 # docker run <image> atproto-xrpcs-helloworld --help 63 # docker run <image> atproto-jetstream-consumer --help 64 + # docker run <image> atproto-lexicon-resolve --help 65 CMD ["atproto-identity-resolve", "--help"] 66 67 # Add labels for documentation ··· 73 LABEL org.opencontainers.image.licenses="MIT" 74 75 # Document available binaries 76 + LABEL binaries="atproto-identity-resolve,atproto-identity-key,atproto-identity-sign,atproto-identity-validate,atproto-record-sign,atproto-record-verify,atproto-client-auth,atproto-client-app-password,atproto-client-dpop,atproto-oauth-service-token,atproto-oauth-tool,atproto-jetstream-consumer,atproto-xrpcs-helloworld,atproto-lexicon-resolve"

+31 -6

README.md

··· 6 7 ## Components 8 9 - This workspace contains 9 specialized crates that work together to provide complete AT Protocol application development capabilities: 10 11 ### Identity & Cryptography 12 13 - **[`atproto-identity`](crates/atproto-identity/)** - Core identity management with multi-method DID resolution (plc, web, key), DNS/HTTP handle resolution, and P-256/P-384/K-256 cryptographic operations. *Includes 4 CLI tools.* 14 - **[`atproto-record`](crates/atproto-record/)** - Cryptographic signature operations for AT Protocol records using IPLD DAG-CBOR serialization with AT-URI parsing support. *Includes 2 CLI tools.* 0 15 16 ### Authentication & Authorization 17 ··· 37 [dependencies] 38 atproto-identity = "0.12.0" 39 atproto-record = "0.12.0" 0 40 atproto-oauth = "0.12.0" 41 atproto-oauth-aip = "0.12.0" 42 atproto-client = "0.12.0" ··· 60 } 61 ``` 62 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 63 ### Record Signing 64 65 ```rust ··· 70 #[tokio::main] 71 async fn main() -> anyhow::Result<()> { 72 let signing_key = identify_key("did:key:zQ3shNzMp4oaaQ1gQRzCxMGXFrSW3NEM1M9T6KCY9eA7HhyEA")?; 73 - 74 let record = json!({ 75 "$type": "app.bsky.feed.post", 76 "text": "Hello AT Protocol!", 77 "createdAt": "2024-01-01T00:00:00.000Z" 78 }); 79 - 80 let signature_object = json!({ 81 "issuer": "did:plc:issuer123", 82 "issuedAt": "2024-01-01T00:00:00.000Z" 83 }); 84 - 85 let signed_record = signature::create( 86 &signing_key, 87 &record, ··· 89 "app.bsky.feed.post", 90 signature_object, 91 ).await?; 92 - 93 Ok(()) 94 } 95 ``` ··· 178 179 ## Command Line Tools 180 181 - The workspace includes 12 command-line tools across multiple crates, providing ready-to-use utilities for AT Protocol development and testing. All CLI tools require the `clap` feature: 182 183 ```bash 184 # Build with CLI support ··· 193 # Record operations (atproto-record crate) 194 cargo run --features clap --bin atproto-record-sign -- did:key:... did:plc:issuer record.json repository=did:plc:user collection=app.bsky.feed.post 195 cargo run --features clap --bin atproto-record-verify -- did:plc:issuer did:key:... signed_record.json repository=did:plc:user collection=app.bsky.feed.post 0 0 0 196 197 # Client operations (atproto-client crate) 198 cargo run --features clap --bin atproto-client-auth -- login alice.bsky.social password123

··· 6 7 ## Components 8 9 + This workspace contains 10 specialized crates that work together to provide complete AT Protocol application development capabilities: 10 11 ### Identity & Cryptography 12 13 - **[`atproto-identity`](crates/atproto-identity/)** - Core identity management with multi-method DID resolution (plc, web, key), DNS/HTTP handle resolution, and P-256/P-384/K-256 cryptographic operations. *Includes 4 CLI tools.* 14 - **[`atproto-record`](crates/atproto-record/)** - Cryptographic signature operations for AT Protocol records using IPLD DAG-CBOR serialization with AT-URI parsing support. *Includes 2 CLI tools.* 15 + - **[`atproto-lexicon`](crates/atproto-lexicon/)** - Lexicon schema resolution and validation for AT Protocol, supporting recursive resolution, NSID validation, and DNS-based lexicon discovery. *Includes 1 CLI tool.* 16 17 ### Authentication & Authorization 18 ··· 38 [dependencies] 39 atproto-identity = "0.12.0" 40 atproto-record = "0.12.0" 41 + atproto-lexicon = "0.12.0" 42 atproto-oauth = "0.12.0" 43 atproto-oauth-aip = "0.12.0" 44 atproto-client = "0.12.0" ··· 62 } 63 ``` 64 65 + ### Lexicon Resolution 66 + 67 + ```rust 68 + use atproto_lexicon::resolve::{DefaultLexiconResolver, LexiconResolver}; 69 + use atproto_identity::resolve::HickoryDnsResolver; 70 + 71 + #[tokio::main] 72 + async fn main() -> anyhow::Result<()> { 73 + let http_client = reqwest::Client::new(); 74 + let dns_resolver = HickoryDnsResolver::create_resolver(&[]); 75 + let resolver = DefaultLexiconResolver::new(http_client, dns_resolver); 76 + 77 + // Resolve a lexicon schema 78 + let lexicon = resolver.resolve("app.bsky.feed.post").await?; 79 + println!("Lexicon schema: {}", serde_json::to_string_pretty(&lexicon)?); 80 + 81 + Ok(()) 82 + } 83 + ``` 84 + 85 ### Record Signing 86 87 ```rust ··· 92 #[tokio::main] 93 async fn main() -> anyhow::Result<()> { 94 let signing_key = identify_key("did:key:zQ3shNzMp4oaaQ1gQRzCxMGXFrSW3NEM1M9T6KCY9eA7HhyEA")?; 95 + 96 let record = json!({ 97 "$type": "app.bsky.feed.post", 98 "text": "Hello AT Protocol!", 99 "createdAt": "2024-01-01T00:00:00.000Z" 100 }); 101 + 102 let signature_object = json!({ 103 "issuer": "did:plc:issuer123", 104 "issuedAt": "2024-01-01T00:00:00.000Z" 105 }); 106 + 107 let signed_record = signature::create( 108 &signing_key, 109 &record, ··· 111 "app.bsky.feed.post", 112 signature_object, 113 ).await?; 114 + 115 Ok(()) 116 } 117 ``` ··· 200 201 ## Command Line Tools 202 203 + The workspace includes 13 command-line tools across multiple crates, providing ready-to-use utilities for AT Protocol development and testing. All CLI tools require the `clap` feature: 204 205 ```bash 206 # Build with CLI support ··· 215 # Record operations (atproto-record crate) 216 cargo run --features clap --bin atproto-record-sign -- did:key:... did:plc:issuer record.json repository=did:plc:user collection=app.bsky.feed.post 217 cargo run --features clap --bin atproto-record-verify -- did:plc:issuer did:key:... signed_record.json repository=did:plc:user collection=app.bsky.feed.post 218 + 219 + # Lexicon operations (atproto-lexicon crate) 220 + cargo run --features clap,hickory-dns --bin atproto-lexicon-resolve -- app.bsky.feed.post 221 222 # Client operations (atproto-client crate) 223 cargo run --features clap --bin atproto-client-auth -- login alice.bsky.social password123