src/bin/README.md at main · smokesignal.events/atproto-plc

Rust and WASM did-method-plc tools and structures
atproto-plc / src / bin / README.md
at main 8.6 kB view raw view rendered
  1# AT Protocol PLC Command-Line Tools
  2
  3Command-line tools for working with AT Protocol PLC (Public Ledger of Credentials) DIDs.
  4
  5## Tools
  6
  7### plc-audit: DID Audit Log Validator
  8
  9Validates the cryptographic integrity of a DID's audit log from plc.directory.
 10
 11#### Features
 12
 13- 🔍 **Fetch Audit Logs**: Retrieves complete operation history from plc.directory
 14- 🔐 **Cryptographic Validation**: Verifies all signatures using rotation keys
 15- 🔗 **Chain Verification**: Validates operation chain linkage (prev references)
 16- 📊 **Detailed Output**: Shows operation history and final DID state
 17- ⚡ **Fast & Reliable**: Built with Rust for performance and safety
 18
 19#### Usage
 20
 21```bash
 22# Basic validation
 23cargo run --bin plc-audit --features cli -- did:plc:z72i7hdynmk6r22z27h6tvur
 24
 25# Verbose mode (show all operations)
 26cargo run --bin plc-audit --features cli -- did:plc:z72i7hdynmk6r22z27h6tvur --verbose
 27
 28# Quiet mode (VALID/INVALID only)
 29cargo run --bin plc-audit --features cli -- did:plc:z72i7hdynmk6r22z27h6tvur --quiet
 30
 31# Custom PLC directory
 32cargo run --bin plc-audit --features cli -- did:plc:example --plc-url https://custom.plc.directory
 33```
 34
 35---
 36
 37### plc-fork-viz: Fork Visualizer
 38
 39Visualizes forks in a DID's operation chain, showing which operations won/lost based on rotation key priority and the 72-hour recovery window.
 40
 41#### Features
 42
 43- 🔀 **Fork Detection**: Identifies competing operations in the chain
 44- 🔐 **Priority Analysis**: Determines which rotation key signed each operation
 45- ⏱️ **Recovery Window**: Applies 72-hour recovery window rules
 46- 📊 **Multiple Formats**: Tree, JSON, and Markdown visualization
 47- 🎨 **Color Coding**: Green for canonical operations, red for rejected
 48
 49#### Usage
 50
 51```bash
 52# Basic fork visualization
 53cargo run --bin plc-fork-viz --features cli -- did:plc:ewvi7nxzyoun6zhxrhs64oiz
 54
 55# Verbose mode (detailed operation info)
 56cargo run --bin plc-fork-viz --features cli -- did:plc:ewvi7nxzyoun6zhxrhs64oiz --verbose
 57
 58# Show timestamps and recovery window calculations
 59cargo run --bin plc-fork-viz --features cli -- did:plc:ewvi7nxzyoun6zhxrhs64oiz --timing
 60
 61# Show full DIDs/CIDs
 62cargo run --bin plc-fork-viz --features cli -- did:plc:ewvi7nxzyoun6zhxrhs64oiz --full-ids
 63
 64# Output as JSON
 65cargo run --bin plc-fork-viz --features cli -- did:plc:ewvi7nxzyoun6zhxrhs64oiz --format json
 66
 67# Output as Markdown
 68cargo run --bin plc-fork-viz --features cli -- did:plc:ewvi7nxzyoun6zhxrhs64oiz --format markdown
 69```
 70
 71#### Output Formats
 72
 73**Tree Format** (default):
 74```
 75Fork at operation referencing bafyre...abc123
 76  ├─ 🔴 ✗ CID: bafyre...def456
 77  │  Signed by: rotation_key[1]
 78  │  Reason: Invalidated by higher-priority key[0] within recovery window
 79  └─ 🟢 ✓ CID: bafyre...ghi789
 80     Signed by: rotation_key[0]
 81     Status: CANONICAL (winner)
 82```
 83
 84**JSON Format**:
 85```json
 86[
 87  {
 88    "prev_cid": "bafyre...",
 89    "winner_cid": "bafyre...",
 90    "operations": [...]
 91  }
 92]
 93```
 94
 95**Markdown Format**:
 96| Status | CID | Key Index | Timestamp | Reason |
 97|--------|-----|-----------|-----------|--------|
 98| ✅ Winner | bafyre...ghi789 | 0 | 2025-01-15 14:30:00 | Canonical operation |
 99| ❌ Rejected | bafyre...def456 | 1 | 2025-01-15 10:00:00 | Invalidated by higher-priority key[0] |
100
101#### Fork Resolution Rules
102
1031. **Rotation Key Priority**: Keys are ordered by array index (0 = highest priority)
1042. **Recovery Window**: 72 hours from the first operation's timestamp
1053. **First-Received Default**: The operation received first wins unless invalidated
1064. **Higher Priority Override**: A higher-priority key can invalidate if:
107   - It arrives within 72 hours
108   - Its key index is lower (e.g., key[0] beats key[1])
109
110#### Example: No Forks
111
112```bash
113$ cargo run --bin plc-fork-viz --features cli -- did:plc:ewvi7nxzyoun6zhxrhs64oiz
114
115🔍 Analyzing forks in: did:plc:ewvi7nxzyoun6zhxrhs64oiz
116   Source: https://plc.directory
117
118📊 Audit log contains 5 operations
119
120✅ No forks detected - this is a linear operation chain
121   All operations form a single canonical path from genesis to tip.
122```
123
124#### Example: Fork Detected
125
126```bash
127$ cargo run --bin plc-fork-viz --features cli -- did:plc:z7x2k3j4m5n6 --timing
128
129🔍 Analyzing forks in: did:plc:z7x2k3j4m5n6
130   Source: https://plc.directory
131
132📊 Audit log contains 8 operations
133⚠️  Detected 1 fork point(s)
134
135📊 Fork Visualization (Tree Format)
136═══════════════════════════════════════════════════════════════
137
138Fork at operation referencing bafyre...abc123
139  ├─ 🔴 ✗ CID: bafyre...def456
140     │  Signed by: rotation_key[1]
141     │  Timestamp: 2025-01-15 10:00:00 UTC
142     │  Reason: Invalidated by higher-priority key[0] within recovery window
143     │
144  └─ 🟢 ✓ CID: bafyre...ghi789
145     │  Signed by: rotation_key[0]
146     │  Timestamp: 2025-01-15 14:00:00 UTC
147     │  Status: CANONICAL (winner)
148
149═══════════════════════════════════════════════════════════════
150📈 Summary:
151   Total operations: 8
152   Fork points: 1
153   Rejected operations: 1
154
155🔐 Fork Resolution Details:
156   Fork 1: Winner is bafyre...ghi789 (signed by key[0])
157```
158
159---
160
161## Building & Installation
162
163### Build Both Tools
164
165```bash
166cargo build --bins --features cli --release
167```
168
169### Install to ~/.cargo/bin
170
171```bash
172cargo install --path . --features cli
173```
174
175Then use directly:
176```bash
177plc-audit did:plc:ewvi7nxzyoun6zhxrhs64oiz
178plc-fork-viz did:plc:ewvi7nxzyoun6zhxrhs64oiz
179```
180
181---
182
183## Common Workflows
184
185### Workflow 1: Validate and Check for Forks
186
187```bash
188# First validate the audit log
189$ plc-audit did:plc:ewvi7nxzyoun6zhxrhs64oiz
190✅ Validation successful!
191
192# Then check for forks
193$ plc-fork-viz did:plc:ewvi7nxzyoun6zhxrhs64oiz
194```
195
196### Workflow 2: Export Fork Data
197
198```bash
199# Export as JSON for analysis
200$ plc-fork-viz did:plc:ewvi7nxzyoun6zhxrhs64oiz --format json > forks.json
201
202# Generate Markdown report
203$ plc-fork-viz did:plc:ewvi7nxzyoun6zhxrhs64oiz --format markdown > FORK_REPORT.md
204```
205
206### Workflow 3: Monitor DIDs
207
208```bash
209#!/bin/bash
210# Monitor a DID for changes and forks
211DID="did:plc:ewvi7nxzyoun6zhxrhs64oiz"
212
213# Validate
214if plc-audit $DID --quiet; then
215  echo "✅ DID is valid"
216
217  # Check for forks
218  plc-fork-viz $DID --format json > /tmp/forks.json
219
220  if [ -s /tmp/forks.json ]; then
221    echo "⚠️ Forks detected!"
222    plc-fork-viz $DID
223  fi
224else
225  echo "❌ DID validation failed!"
226  exit 1
227fi
228```
229
230---
231
232## Understanding Fork Visualization
233
234### Symbols
235
236- 🌱 Genesis operation (creates the DID)
237- 🟢 ✓ Canonical operation (winner)
238- 🔴 ✗ Rejected operation (lost the fork)
239- ├─ Fork branch (more operations follow)
240- └─ Final fork branch
241
242### Rejection Reasons
243
2441. **"Invalidated by higher-priority key[N] within recovery window"**
245   - A higher-priority rotation key signed a competing operation within 72 hours
246
2472. **"Higher-priority key[N] but outside 72-hour recovery window (X hours late)"**
248   - A higher-priority key tried to invalidate but arrived too late
249
2503. **"Lower-priority key[N] (current winner has key[M])"**
251   - This operation was signed by a lower-priority key and can't override
252
253---
254
255## Troubleshooting
256
257### Error: "Invalid DID format"
258DID must follow format: `did:plc:<24 lowercase base32 characters>`
259
260### Error: "Failed to fetch audit log"
261- Check internet connection
262- Verify DID exists on plc.directory
263- Try `--plc-url` for custom PLC directories
264
265### No forks detected but expected
266- The DID may have a linear operation chain
267- All operations were submitted sequentially without conflicts
268
269---
270
271## Technical Details
272
273**plc-audit** validates:
2741. DID format (prefix, length, base32 encoding)
2752. Chain linkage (prev references)
2763. Cryptographic signatures (ECDSA with P-256/secp256k1)
2774. State consistency
278
279**plc-fork-viz** implements:
2801. Fork detection (multiple operations with same prev CID)
2812. Rotation key index resolution
2823. Priority-based fork resolution
2834. 72-hour recovery window enforcement
284
285Both tools use:
286- `reqwest` for HTTP requests
287- `atproto-plc` library for cryptographic operations
288- `clap` for command-line parsing
289
290---
291
292## See Also
293
294- [AT Protocol PLC Specification](https://atproto.com/specs/did-plc)
295- [Fork Resolution Implementation Report](../../FORK_RESOLUTION_REPORT.md)
296- [Implementation Summary](../../IMPLEMENTATION_SUMMARY.md)
297- [Library Documentation](../../README.md)
298
299---
300
301## License
302
303Dual-licensed under MIT or Apache-2.0, same as the parent library.