+1

docs/TEST_AUDIT.md

reviewed

··· 65 65 - `com.atproto.admin.updateAccountPassword` and `com.atproto.admin.disableAccountInvites` / `enableAccountInvites` now follow the reference runtime’s missing-account behavior: they are empty-body `200` no-ops instead of returning local `404 AccountNotFound` or JSON `{}` success bodies. 66 66 - `com.atproto.admin.updateSubjectStatus` now follows the reference runtime’s narrower response contract: it echoes the normalized `subject`, includes `takedown` only when that field was part of the request, and no longer synthesizes `deactivated` into the response body from stored state. 67 67 - Record and blob moderation now have direct coverage for `com.atproto.admin.getSubjectStatus`, so taken-down record/blob subjects are pinned as first-class admin-surface behavior instead of only being inferred from repo and sync visibility. 68 68 + - The executable differential harness now also pins blob-subject moderation directly, covering `com.atproto.admin.updateSubjectStatus` and `getSubjectStatus` for `repoBlobRef` subjects instead of leaving blob moderation as local-only coverage. 68 69 - `com.atproto.admin.updateAccountPassword` follows the reference runtime’s looser admin policy: it rejects overlong passwords with `400 InvalidRequest` / `Invalid password length.`, but does not impose the normal user-facing minimum-length gate. 69 70 - `com.atproto.admin.disableAccountInvites` / `enableAccountInvites` now ignore the local `note` field so the visible account state matches the official runtime instead of carrying an extra stored `inviteNote`. 70 71 - `com.atproto.admin.getInviteCodes` now matches the official runtime on sort validation, always-emitted cursor behavior, total `available` counts, and newest-first `uses` ordering.

+62

script/differential-validate

reviewed

··· 1997 1997 'getBlob payload and hardening headers match the official reference PDS', 1998 1998 ); 1999 1999 2000 2000 + note('Comparing blob subject-status semantics'); 2001 2001 + for my $name (sort keys %server) { 2002 2002 + my $blob_cid = $server{$name}{sync_blob}{cid}; 2003 2003 + my $takedown = post_json( 2004 2004 + $server{$name}{origin}, 2005 2005 + 'com.atproto.admin.updateSubjectStatus', 2006 2006 + { 2007 2007 + subject => { 2008 2008 + '$type' => 'com.atproto.admin.defs#repoBlobRef', 2009 2009 + did => $server{$name}{did}, 2010 2010 + cid => $blob_cid, 2011 2011 + }, 2012 2012 + takedown => { applied => true }, 2013 2013 + }, 2014 2014 + admin_auth_header($server{$name}{admin_password}), 2015 2015 + ); 2016 2016 + check($takedown->is_success, "$name blob takedown succeeds for subject-status comparison"); 2017 2017 + next unless $takedown->is_success; 2018 2018 + 2019 2019 + my $takedown_json = $takedown->json || {}; 2020 2020 + my $status = get_form( 2021 2021 + $server{$name}{origin}, 2022 2022 + 'com.atproto.admin.getSubjectStatus', 2023 2023 + { 2024 2024 + did => $server{$name}{did}, 2025 2025 + blob => $blob_cid, 2026 2026 + }, 2027 2027 + admin_auth_header($server{$name}{admin_password}), 2028 2028 + ); 2029 2029 + my $status_json = $status->json || {}; 2030 2030 + 2031 2031 + my $restore = post_json( 2032 2032 + $server{$name}{origin}, 2033 2033 + 'com.atproto.admin.updateSubjectStatus', 2034 2034 + { 2035 2035 + subject => { 2036 2036 + '$type' => 'com.atproto.admin.defs#repoBlobRef', 2037 2037 + did => $server{$name}{did}, 2038 2038 + cid => $blob_cid, 2039 2039 + }, 2040 2040 + takedown => { applied => false }, 2041 2041 + }, 2042 2042 + admin_auth_header($server{$name}{admin_password}), 2043 2043 + ); 2044 2044 + check($restore->is_success, "$name blob takedown restore succeeds for subject-status comparison"); 2045 2045 + 2046 2046 + $server{$name}{blob_subject_status} = { 2047 2047 + update_subject_type => $takedown_json->{subject}{'$type'}, 2048 2048 + update_takedown => $takedown_json->{takedown}{applied} ? 1 : 0, 2049 2049 + update_has_deactivated => exists($takedown_json->{deactivated}) ? 1 : 0, 2050 2050 + status_ok => $status->is_success ? 1 : 0, 2051 2051 + status_subject_type => $status_json->{subject}{'$type'}, 2052 2052 + status_takedown => $status_json->{takedown}{applied} ? 1 : 0, 2053 2053 + restore_status => $restore->code // 0, 2054 2054 + }; 2055 2055 + } 2056 2056 + 2057 2057 + check( 2058 2058 + same_hash($server{reference}{blob_subject_status}, $server{perlsky}{blob_subject_status}), 2059 2059 + 'blob subject-status semantics match the official reference PDS', 2060 2060 + ); 2061 2061 + 2000 2062 note('Comparing listRepos'); 2001 2063 for my $name (sort keys %server) { 2002 2064 my $list_repos = get_form($server{$name}{origin}, 'com.atproto.sync.listRepos', {