+3 -1

CLAUDE.md

··· 30 30 #### Record Operations 31 31 - **Sign records**: `cargo run --features clap --bin atproto-record-sign -- <issuer_did> <signing_key> <record_input> repository=<repo> collection=<collection>` 32 32 - **Verify records**: `cargo run --features clap --bin atproto-record-verify -- <issuer_did> <key> <record_input> repository=<repo> collection=<collection>` 33 33 + - **Generate CID**: `cat record.json | cargo run --features clap --bin atproto-record-cid` (reads JSON from stdin, outputs CID) 33 34 34 35 #### Client Tools 35 36 - **App password auth**: `cargo run --features clap --bin atproto-client-app-password -- <subject> <access_token> <xrpc_path>` ··· 55 56 - **atproto-xrpcs-helloworld**: Complete example XRPC service 56 57 57 58 Features: 58 58 - - **12 CLI tools** with consistent clap-based command-line interfaces (optional via `clap` feature) 59 59 + - **13 CLI tools** with consistent clap-based command-line interfaces (optional via `clap` feature) 59 60 - **Rust edition 2024** with modern async/await patterns 60 61 - **Comprehensive error handling** with structured error types 61 62 - **Full test coverage** with unit tests across all modules ··· 157 158 #### Record Operations (atproto-record) 158 159 - **`src/bin/atproto-record-sign.rs`**: Sign AT Protocol records with cryptographic signatures 159 160 - **`src/bin/atproto-record-verify.rs`**: Verify AT Protocol record signatures 161 161 + - **`src/bin/atproto-record-cid.rs`**: Generate CID (Content Identifier) for AT Protocol records using DAG-CBOR serialization 160 162 161 163 #### Client Tools (atproto-client) 162 164 - **`src/bin/atproto-client-app-password.rs`**: Make XRPC calls using app password authentication

+3

Cargo.lock

··· 280 280 "atproto-identity", 281 281 "base64", 282 282 "chrono", 283 283 + "cid", 283 284 "clap", 285 285 + "multihash", 284 286 "serde", 285 287 "serde_ipld_dagcbor", 286 288 "serde_json", 289 289 + "sha2", 287 290 "thiserror 2.0.12", 288 291 "tokio", 289 292 ]

+53 -1

crates/atproto-client/src/client.rs

··· 397 397 Ok(value) 398 398 } 399 399 400 400 - 400 400 + /// Performs a DPoP-authenticated HTTP POST request with raw bytes body and additional headers, and parses the response as JSON. 401 401 + /// 402 402 + /// This function is similar to `post_dpop_json_with_headers` but accepts a raw bytes payload 403 403 + /// instead of JSON. Useful for sending pre-serialized data or binary payloads while maintaining 404 404 + /// DPoP authentication and custom headers. 405 405 + /// 406 406 + /// # Arguments 407 407 + /// 408 408 + /// * `http_client` - The HTTP client to use for the request 409 409 + /// * `dpop_auth` - DPoP authentication credentials 410 410 + /// * `url` - The URL to request 411 411 + /// * `payload` - The raw bytes to send in the request body 412 412 + /// * `additional_headers` - Additional HTTP headers to include in the request 413 413 + /// 414 414 + /// # Returns 415 415 + /// 416 416 + /// The parsed JSON response as a `serde_json::Value` 417 417 + /// 418 418 + /// # Errors 419 419 + /// 420 420 + /// Returns `DPoPError::ProofGenerationFailed` if DPoP proof generation fails, 421 421 + /// `DPoPError::HttpRequestFailed` if the HTTP request fails, 422 422 + /// or `DPoPError::JsonParseFailed` if JSON parsing fails. 423 423 + /// 424 424 + /// # Example 425 425 + /// 426 426 + /// ```no_run 427 427 + /// use atproto_client::client::{DPoPAuth, post_dpop_bytes_with_headers}; 428 428 + /// use atproto_identity::key::identify_key; 429 429 + /// use reqwest::{Client, header::{HeaderMap, CONTENT_TYPE}}; 430 430 + /// use bytes::Bytes; 431 431 + /// 432 432 + /// # async fn example() -> anyhow::Result<()> { 433 433 + /// let client = Client::new(); 434 434 + /// let dpop_auth = DPoPAuth { 435 435 + /// dpop_private_key_data: identify_key("did:key:zQ3sh...")?, 436 436 + /// oauth_access_token: "access_token".to_string(), 437 437 + /// }; 438 438 + /// 439 439 + /// let mut headers = HeaderMap::new(); 440 440 + /// headers.insert(CONTENT_TYPE, "application/json".parse()?); 441 441 + /// 442 442 + /// let payload = Bytes::from(r#"{"text": "Hello!"}"#); 443 443 + /// let response = post_dpop_bytes_with_headers( 444 444 + /// &client, 445 445 + /// &dpop_auth, 446 446 + /// "https://pds.example.com/xrpc/com.atproto.repo.createRecord", 447 447 + /// payload, 448 448 + /// &headers 449 449 + /// ).await?; 450 450 + /// # Ok(()) 451 451 + /// # } 452 452 + /// ``` 401 453 pub async fn post_dpop_bytes_with_headers( 402 454 http_client: &reqwest::Client, 403 455 dpop_auth: &DPoPAuth,

+11 -1

crates/atproto-record/Cargo.toml

··· 21 21 doc = true 22 22 required-features = ["clap", "tokio"] 23 23 24 24 - [[bin]] 24 24 + [[bin]] 25 25 name = "atproto-record-verify" 26 26 test = false 27 27 bench = false 28 28 doc = true 29 29 required-features = ["clap", "tokio"] 30 30 31 31 + [[bin]] 32 32 + name = "atproto-record-cid" 33 33 + test = false 34 34 + bench = false 35 35 + doc = true 36 36 + required-features = ["clap"] 37 37 + 31 38 [dependencies] 32 39 atproto-identity.workspace = true 33 40 ··· 41 48 tokio = { workspace = true, optional = true } 42 49 chrono = {version = "0.4.41", default-features = false, features = ["std", "now", "serde"]} 43 50 clap = { workspace = true, optional = true } 51 51 + cid = "0.11" 52 52 + multihash = "0.19" 53 53 + sha2 = { workspace = true } 44 54 45 55 [features] 46 56 default = ["hickory-dns"]

+150

crates/atproto-record/src/bin/atproto-record-cid.rs

··· 1 1 + //! Command-line tool for generating CIDs from JSON records. 2 2 + //! 3 3 + //! This tool reads JSON from stdin, serializes it using IPLD DAG-CBOR format, 4 4 + //! and outputs the corresponding CID (Content Identifier) using CIDv1 with 5 5 + //! SHA-256 hashing. This matches the AT Protocol specification for content 6 6 + //! addressing of records. 7 7 + //! 8 8 + //! # AT Protocol CID Format 9 9 + //! 10 10 + //! The tool generates CIDs that follow the AT Protocol specification: 11 11 + //! - **CID Version**: CIDv1 12 12 + //! - **Codec**: DAG-CBOR (0x71) 13 13 + //! - **Hash Function**: SHA-256 (0x12) 14 14 + //! - **Encoding**: Base32 (default for CIDv1) 15 15 + //! 16 16 + //! # Example Usage 17 17 + //! 18 18 + //! ```bash 19 19 + //! # Generate CID from a simple JSON object 20 20 + //! echo '{"text":"Hello, AT Protocol!"}' | cargo run --features clap --bin atproto-record-cid 21 21 + //! 22 22 + //! # Generate CID from a file 23 23 + //! cat post.json | cargo run --features clap --bin atproto-record-cid 24 24 + //! 25 25 + //! # Generate CID from a complex record 26 26 + //! echo '{ 27 27 + //! "$type": "app.bsky.feed.post", 28 28 + //! "text": "Hello world", 29 29 + //! "createdAt": "2025-01-19T10:00:00.000Z" 30 30 + //! }' | cargo run --features clap --bin atproto-record-cid 31 31 + //! ``` 32 32 + //! 33 33 + //! # Output Format 34 34 + //! 35 35 + //! The tool outputs the CID as a single line string in the format: 36 36 + //! ```text 37 37 + //! bafyreibjzlvhtyxnhbvvzl3gj4qmg2ufl2jbhh5qr3gvvxlm7ksf3qwxqq 38 38 + //! ``` 39 39 + //! 40 40 + //! # Error Handling 41 41 + //! 42 42 + //! The tool will return an error if: 43 43 + //! - Input is not valid JSON 44 44 + //! - JSON cannot be serialized to DAG-CBOR 45 45 + //! - CID generation fails 46 46 + //! 47 47 + //! # Technical Details 48 48 + //! 49 49 + //! The CID generation process: 50 50 + //! 1. Read JSON from stdin 51 51 + //! 2. Parse JSON into serde_json::Value 52 52 + //! 3. Serialize to DAG-CBOR bytes using serde_ipld_dagcbor 53 53 + //! 4. Hash the bytes using SHA-256 54 54 + //! 5. Create CIDv1 with DAG-CBOR codec 55 55 + //! 6. Output the CID string 56 56 + 57 57 + use anyhow::Result; 58 58 + use atproto_record::errors::CliError; 59 59 + use cid::Cid; 60 60 + use clap::Parser; 61 61 + use multihash::Multihash; 62 62 + use sha2::{Digest, Sha256}; 63 63 + use std::io::{self, Read}; 64 64 + 65 65 + /// AT Protocol Record CID Generator 66 66 + #[derive(Parser)] 67 67 + #[command( 68 68 + name = "atproto-record-cid", 69 69 + version, 70 70 + about = "Generate CID for AT Protocol DAG-CBOR records from JSON", 71 71 + long_about = " 72 72 + A command-line tool for generating Content Identifiers (CIDs) from JSON records 73 73 + using the AT Protocol DAG-CBOR serialization format. 74 74 + 75 75 + The tool reads JSON from stdin, serializes it using IPLD DAG-CBOR format, and 76 76 + outputs the corresponding CID using CIDv1 with SHA-256 hashing. This matches 77 77 + the AT Protocol specification for content addressing of records. 78 78 + 79 79 + CID FORMAT: 80 80 + Version: CIDv1 81 81 + Codec: DAG-CBOR (0x71) 82 82 + Hash: SHA-256 (0x12) 83 83 + Encoding: Base32 (default for CIDv1) 84 84 + 85 85 + EXAMPLES: 86 86 + # Generate CID from stdin: 87 87 + echo '{\"text\":\"Hello!\"}' | atproto-record-cid 88 88 + 89 89 + # Generate CID from a file: 90 90 + cat post.json | atproto-record-cid 91 91 + 92 92 + # Complex record with AT Protocol fields: 93 93 + echo '{ 94 94 + \"$type\": \"app.bsky.feed.post\", 95 95 + \"text\": \"Hello world\", 96 96 + \"createdAt\": \"2025-01-19T10:00:00.000Z\" 97 97 + }' | atproto-record-cid 98 98 + 99 99 + OUTPUT: 100 100 + The tool outputs a single line containing the CID: 101 101 + bafyreibjzlvhtyxnhbvvzl3gj4qmg2ufl2jbhh5qr3gvvxlm7ksf3qwxqq 102 102 + 103 103 + NOTES: 104 104 + - Input must be valid JSON 105 105 + - The same JSON input will always produce the same CID 106 106 + - Field order in JSON objects may affect the CID due to DAG-CBOR serialization 107 107 + - Special AT Protocol fields like $type, $sig, and $link are preserved 108 108 + " 109 109 + )] 110 110 + struct Args {} 111 111 + 112 112 + fn main() -> Result<()> { 113 113 + let _args = Args::parse(); 114 114 + 115 115 + // Read JSON from stdin 116 116 + let mut stdin_content = String::new(); 117 117 + io::stdin() 118 118 + .read_to_string(&mut stdin_content) 119 119 + .map_err(|_| CliError::StdinReadFailed)?; 120 120 + 121 121 + // Parse JSON 122 122 + let json_value: serde_json::Value = 123 123 + serde_json::from_str(&stdin_content).map_err(|_| CliError::StdinJsonParseFailed)?; 124 124 + 125 125 + // Serialize to DAG-CBOR 126 126 + let dag_cbor_bytes = serde_ipld_dagcbor::to_vec(&json_value).map_err(|error| { 127 127 + CliError::RecordSerializationFailed { 128 128 + error: error.to_string(), 129 129 + } 130 130 + })?; 131 131 + 132 132 + // Hash the bytes using SHA-256 133 133 + // Code 0x12 is SHA-256, size 32 bytes 134 134 + let mut hasher = Sha256::new(); 135 135 + hasher.update(&dag_cbor_bytes); 136 136 + let hash_result = hasher.finalize(); 137 137 + 138 138 + let multihash = 139 139 + Multihash::wrap(0x12, &hash_result).map_err(|error| CliError::CidGenerationFailed { 140 140 + error: error.to_string(), 141 141 + })?; 142 142 + 143 143 + // Create CIDv1 with DAG-CBOR codec (0x71) 144 144 + let cid = Cid::new_v1(0x71, multihash); 145 145 + 146 146 + // Output the CID 147 147 + println!("{}", cid); 148 148 + 149 149 + Ok(()) 150 150 + }

+14

crates/atproto-record/src/errors.rs

··· 277 277 /// The name of the missing value 278 278 name: String, 279 279 }, 280 280 + 281 281 + /// Occurs when record serialization to DAG-CBOR fails 282 282 + #[error("error-atproto-record-cli-9 Failed to serialize record to DAG-CBOR: {error}")] 283 283 + RecordSerializationFailed { 284 284 + /// The underlying serialization error 285 285 + error: String, 286 286 + }, 287 287 + 288 288 + /// Occurs when CID generation fails 289 289 + #[error("error-atproto-record-cli-10 Failed to generate CID: {error}")] 290 290 + CidGenerationFailed { 291 291 + /// The underlying CID generation error 292 292 + error: String, 293 293 + }, 280 294 }