Lewis
562f970bc3
ripple: transport backpressure & connect coalesing
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-06-14 18:46:41 +03:00
Lewis
06fd6a1ce9
ripple: transport from tcp to quic
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-06-14 18:46:41 +03:00
nelind
3b07cdfb24
fix(api): dont verify signature or DID during importRepo
2026-06-13 23:33:57 +03:00
nelind
4a8826b7a1
fix(docs): i forgor auto links need absolute URIs ... lets use normal links instead
2026-06-12 01:00:24 +02:00
nelind
80afd764d3
fix(nix): provide a jemalloc build in the dev shell
2026-06-10 19:56:40 +02:00
Lewis
5bbe2146ff
server: serve xrpc over http/3
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-06-10 13:18:49 +03:00
Lewis
b009ccdaf2
repo: the pg side of MST structural repair
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-06-08 16:58:51 +03:00
nelind
39f74b5adf
feat(nix): pratice what i preach. expose lib.mkPackages
2026-06-07 22:14:27 +02:00
ave
a231d7da29
feat(auth): accept totp/backup codes in legacy login createSession
2026-06-06 10:42:24 +03:00
ave
63d84d38fb
refactor(auth): unify short-code generation onto util::generate_token_code
...
Collapse the three ad-hoc short-code generators into one canonical generator
plus a shared normalizer:
- util::generate_token_code now emits the uppercase base32 XXXXX-XXXXX display
form; new util::normalize_token_code canonicalizes user input (uppercase,
strip hyphen/whitespace).
- email_token and legacy_2fa now generate via util, store the normalized form,
and compare normalized input. Their private generate_short_token/generate_code
(and BASE32_CHARS/CODE_LENGTH) are removed.
- PLC (request/sign) and password reset inline util::generate_token_code,
persist the normalized form, email the display form, and normalize input
before lookup. The generate_plc_token/generate_reset_code wrappers are removed.
Behavior changes: legacy login-2FA codes go from 8-digit numeric to XXXXX-XXXXX;
PLC and password-reset codes go from lowercase to uppercase. All four code types
are now accepted case-/hyphen-insensitively. OAuth web-login 2FA, account
deletion, and the long verification_token blobs are intentionally untouched.
Tests: add util normalize tests + email_token/legacy_2fa case/hyphen tests;
update integration tests to expect the canonical stored form and the new
emailed format.
2026-06-06 09:36:08 +03:00
ave
fe9b88141c
chore(auth): align at+jwt/refresh+jwt expiry with reference PDS
2026-06-06 01:43:46 +03:00
ave
72f5dce32b
add ave.zone to contributors list in README
2026-06-06 01:42:54 +03:00
nelind
cd7e01100e
chore(auth): also mention that atproto spec requiers typ be "JWT" for inter-service tokens
2026-06-05 12:49:25 +02:00
ave
7c248be153
fix(auth): emit uppercase "JWT" typ in service-auth header
...
RFC 7519 §5.1 recommends the uppercase "JWT" typ for compatibility with
legacy implementations, and it matches the reference @atproto/pds. Parsing
already lowercases, so existing lowercase "jwt" tokens still verify.
2026-06-05 13:34:43 +03:00
ave
91999819c6
fix(proxy): limit audience of getFeed service-auth to the feed generator
v0.6.5
2026-06-04 22:39:14 +03:00
nelind
ffce1d5d05
feat(docs): add some general PDS debugging documentation
2026-06-04 13:45:08 +03:00
Tyler
8e6ace2fe2
fix: derive lexicon DNS authority from all-but-last NSID segment
...
Permission-set expansion resolved the lexicon's DNS authority using a
fixed `parts[..2]`, which only works for three-segment NSIDs. For a
four-segment NSID such as community.lexicon.bookmarks.authManageBookmarks
this dropped a segment and queried _lexicon.lexicon.community instead of
_lexicon.bookmarks.lexicon.community, failing with "DNS resolution
failed: ... no record found".
The authority is every NSID segment except the last (the name),
reversed. Use parts[..parts.len() - 1] to match the spec and the
existing extract_namespace_authority helper, and update the DNS
authority test with three/four-segment and bookmarks regression cases.
2026-06-04 01:28:13 +03:00
Lewis
3018a20843
fix(plc): allow arbitrary services to sign
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-06-03 11:23:51 +03:00
Lewis
37fc06fb39
fix(store): unblock eventlog sync&freeze when writer dies
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-06-02 17:29:21 +03:00
Lewis
728a8c4d3b
test(store): cross-store, firehose, read-validation coverage w/ faults
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-06-02 17:29:21 +03:00
Lewis
3d49e99cc3
test(store): generic consistency checker, gauntlet fault/read
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-06-02 17:29:21 +03:00
Lewis
7e823673ca
test(store): untested metastore, eventlog, & archival stuff
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-06-02 17:29:21 +03:00
Lewis
320933598c
fix(auth): error num 401 for oauth
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-06-01 19:38:45 +03:00
Lewis
500dc2e0e6
test(store): gauntlet sweep configs for time-travel & fsync repro
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-06-01 19:01:04 +03:00
Lewis
a220611a8b
test(store): D gauntlet faults, crash-loss oracley, recoverable scenarios
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-06-01 19:01:04 +03:00
Lewis
ca7a4b4b73
fix(store): recover eventlog lastseq from tail not sidecar
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-06-01 19:01:04 +03:00
Lewis
8ff02610e4
feat(store): inline-commit mode, committed-extent recovery, failsafe verify&rollback
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-06-01 19:01:04 +03:00
Lewis
22f82489d5
test(pds): e2e & durability coverage for MST self-heal
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-05-31 21:11:36 +03:00
Lewis
cee483e358
feat(pds): selfhealing repo writing by detecting corruption & retrying
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-05-31 21:11:36 +03:00
Lewis
7f8e858137
test(store): gauntlet MST-repairable & misdirected-write scenario
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-05-31 21:11:36 +03:00
Lewis
44d73dac58
feat(store): rebuild & rewrite missing/corrupt MST blocks
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-05-31 21:11:36 +03:00
Lewis
b8cae15c12
feat(store): detect foreign&corrupt blocks on read & preserve blocks thru recovery
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-05-31 21:11:36 +03:00
Lewis
9b58961bba
feat(repo): missing $type? invent one
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-05-31 13:02:11 +03:00
Lewis
31ee12ecd3
fix(store): torn hint-file tail should be recoverable on reopen
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-05-31 11:37:21 +03:00
nelind
ea106d5246
chore(nix): update frontend pnpm hash
2026-05-31 00:51:27 +02:00
Lewis
4015217a2e
feat(store): Clock trait for DST
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-05-30 23:46:22 +03:00
Lewis
7e4c9e1dab
chore: bump to 0.6.4
...
Lewis: May this revision serve well! <lu5a@proton.me >
v0.6.4
2026-05-30 21:23:02 +03:00
Lewis
e9dc57d6f4
fix(firehose): lost events if seq commits out of order
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-05-30 21:10:38 +03:00
Lewis
4e2525b245
fix(migrate): oauth account:* spec, p256 support
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-05-30 21:07:16 +03:00
nelind
38508c2c6e
feat(nix): base the data storage path defaults on the dataDir option
2026-05-30 00:37:55 +02:00
Lewis
7a54ccf6a3
fix(tranquil-config): reject unknown keys in TlsConfig, bump rust 1.96
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-05-29 09:39:14 +03:00
nelind
e85394c314
build: bump version to 0.6.3
v0.6.3
2026-05-27 19:28:10 +02:00
isabel
411c6be108
feat(nix): validate config at build time
2026-05-27 20:14:06 +03:00
isabel
28aa7ab7fc
feat!(tranquil-config): error on unknown keys
...
an attempt to make it so that fixes like
fc6063dba8 never have to occur again
2026-05-27 20:13:58 +03:00
nelind
348b69d76b
feat(nix): ensure that tranquil-store path is always writable by the service user just like file blob storage
2026-05-27 20:13:07 +03:00
nelind
4b23ca2c36
fix(docs): some wording on nix config and CI stuffs
2026-05-27 20:13:07 +03:00
Lewis
a7052e878c
feat: tranquil's own TLS handling
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-05-27 13:54:33 +03:00
nelind
fc6063dba8
fix(nix): override the right frontend package setting in the flake nixos module
2026-05-27 01:04:31 +02:00
Lewis
44cb016762
fix(docs): install docs better
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-05-26 09:49:59 +03:00
Lewis
e6eee18ace
fix(docs): migration oauth update
...
Lewis: May this revision serve well! <lu5a@proton.me >
2026-05-25 19:02:13 +03:00