Builds on the initial publish/build pipeline:

- Comments: post pages render an inline-JS comments section that fetches
app.bsky.feed.getPostThread from the public Bluesky AppView at view
time. No-JS users get a "reply on Bluesky" link; empty-thread state
shows "be the first to reply"; replies render with avatar, profile
link, timestamp, body text, and a permalink ↗ to the specific reply.

- --announce flag on publish: optional auto-create of an
app.bsky.feed.post on the user's repo, pinned via bskyPostRef as the
comment-thread root. Adds repo:app.bsky.feed.post scope (existing
sessions need one-time re-login). Idempotent — writes the new at-uri
back to frontmatter as bsky_post: so re-runs short-circuit.

- bskyPostRef lexicon compliance: the field is a
com.atproto.repo.strongRef per the canonical standard.site lexicon —
fair now reads/writes both uri+cid. Frontmatter `bsky_post:` resolves
the CID via own-repo authenticated GetRecord (sandbox-friendly) or
the public AppView (federated posts).

- Responsive images: publish generates 480/960/1440/1920 variants
alongside each inline image (golang.org/x/image/draw CatmullRom);
build emits srcset/sizes/width/height + loading=lazy + decoding=async
on every <img>. New internal/images package.

- Home page: _index.md frontmatter gains description/subtitle/pinned/
hide_years for home-only customization; _outro.md is below-fold
chrome; year-grouped post index via <details>; tag cloud + h2
section headers; reading time per post; pdsls.dev link in the post
meta line.

- Polish: viewport meta, color-scheme light/dark, theme-color light/
dark, speculation-rules prerender, system font stack, line-height,
body width cap, centered prev/home/next nav, prev/next rel links.

- Security review fixes: path-traversal validation on PDS-controlled
path and tag fields; SSRF mitigation via no-redirect HTTP client
policy on the build's getRecord/listRecords calls; XSS escaping in
OAuth loopback callback page; at-uri prefix gate on htmltemplate.URL
casts; favicon download bounded with io.LimitReader (5 MiB); all
XRPC URL params now built via url.Values.Encode rather than
fmt.Sprintf.

- Cleanup: removed migrate cleanup-whtwnd subcommand and scope; new
docs/runbook.md replaces the migration-flavored runbook-cutover.md;
CLAUDE.md split between fair (project doc) and the operator's
blog-posts repo (deploy notebook).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

51596b95

Austin Parker +1

18 hours ago

main

fair: a Go CLI that publishes markdown to ATProto as standard.site

A single-author static-site publisher built around two ideas:

1. The PDS is the source of truth. Posts live as
site.standard.publication + site.standard.document records on your
ATProto PDS; the rendered site mirrors them. Markdown files on disk
are working copies. External standard.site readers (Leaflet, pckt,
indexers) see the same records your own site does.

2. The output is plain HTML. No CSS, no JavaScript, no client-side
rendering. Native browser widgets carry the load — <details>,
<progress>, <meter>, <figure>, semantic <article>/<aside>/<time>,
GFM tables, footnotes, definition lists. A demo article in
blog-posts/html-feature-demo/ exercises every feature.

Architecture (see docs/design-plans/2026-04-29-blog-v2026.md):

- Profile mechanism: --profile required (sandbox vs prod), no default,
Levenshtein typo suggestion, profile-isolated state + sessions.
- ATProto OAuth (loopback + DPoP + PAR) via haileyok/atproto-oauth-golang.
Auto-refresh wired into every authenticated subcommand.
- Idempotent publish: SHA-256 over canonical inputs (markdown source,
not goldmark output) gates re-puts; --dry-run / --force escapes.
- ULID identity in frontmatter — written back on first publish, drives
rename detection.
- Build flow has a cold-start contract: works with no auth, no records,
emits well-known + a stub site so the OAuth metadata document is
reachable before first login.
- Outputs: index, per-post, archive, tag pages, Atom + RSS + JSON Feed
+ index.json, sitemap, robots.txt, .well-known/oauth-client-metadata
+ .well-known/site.standard.publication, favicon from publication.icon
blob. Atomic dist.tmp -> dist promote.
- HTML enhancements: OG/Twitter cards, canonical, rel=me, prev/next
link headers, atproto+json alternate, bsky discuss link from
bskyPostRef, image-paragraph -> figure rewrite, Bluesky blockquote
-> "Discuss on Bluesky" footer link.

Sandbox: bluesky-social/pds Docker container behind Caddy + mkcert at
pds.localtest.me (workaround for the upstream PDS rejecting loopback
hostnames in OAuth issuer URLs). Profile-isolated session storage
prevents cross-contamination with prod.

Subcommands: auth login/logout/status, init publication,
emit-client-metadata, publish (--dry-run/--force), build, ls (PDS-vs-
local diff), doctor (5-check health report), unpublish,
migrate cleanup-whtwnd (post-cutover legacy lexicon cleanup),
config show.

Operator runbook for the WhtWnd -> standard.site cutover lives at
docs/runbook-cutover.md. CLAUDE.md captures the non-obvious rules.

Replaces the Next.js + WhiteWind blog at ~/code/pds-blog.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

3331e793

Austin Parker +1

1 day ago

branches 1

main 18 hours ago default

README.md

fair#

A Go CLI that publishes markdown posts to an ATProto PDS as standard.site lexicon records, then renders them as plain HTML — no CSS, no JavaScript — for static deploy.

The PDS is the source of truth for what the site shows. Markdown files on disk are working copies. Re-running fair publish is idempotent (short-circuits when the content hash hasn't changed). External standard.site readers (Leaflet, pckt, indexers) see the same records your site does.

Features#

Single static binary. go build and you're done.
PDS canonical. Site renders from site.standard.document records, not from your local markdown.
OAuth (loopback + DPoP). Native ATProto OAuth flow against your PDS. No app passwords.
Idempotent publish. SHA-256 over canonical inputs (markdown body + sorted/deduped tags + cover-source-hash); --dry-run and --force available.
Pure HTML output. Semantic markup, native widgets (<details>, <progress>, <meter>, <figure>, etc.), browser default styling. The only CSS shipped is a two-rule inline block — one constrains the reading column to ~720px on desktop, one keeps images from overflowing it. No stylesheet, no framework, no design system; everything else uses browser defaults.
Responsive images. fair publish generates resized variants (480/960/1440/1920) alongside each inline image; rendered HTML emits srcset + sizes so phones fetch a small variant and big screens fetch a sharp one.
Native widgets: demo article shows what's possible with no CSS or JS.
Discovery & sharing: OpenGraph, Twitter cards, canonical links, rel=me social verification, favicon from publication.icon blob.
Alternate formats: Atom + RSS 2.0 + JSON Feed + index.json + sitemap.xml + robots.txt, all generated.
Tag pages, archive page, prev/next navigation between posts.
Year-grouped home page with native <details> disclosures; current year expanded by default.
Optional home-page intro: drop _index.md in your blog-posts directory and it renders above the year disclosures.
Local sandbox for end-to-end testing without touching prod (Caddy + mkcert + pds.localtest.me + a real PDS Docker container).
Operational tools: ls (PDS-vs-local diff), doctor (health checks), unpublish.

Status#

Alpha but feature-complete for single-author personal use. See docs/design-plans/2026-04-29-blog-v2026.md for the validated architecture (historical) and docs/runbook.md for the first-deploy walkthrough.

Quick start#

# Build
go build -o fair ./cmd/fair

# Configure your profile
mkdir -p ~/.config/fair
cat > ~/.config/fair/config.prod.toml <<'EOF'
pds_url           = "https://bsky.social"
did               = "did:plc:..."          # your DID
domain            = "https://aparker.io"
publication_name  = "Your Blog"
description       = "Tagline"
blog_posts        = "/path/to/blog-posts"
state_file        = ".fair/state.prod.json"
# For prod, mirror lives inside the content repo so deploy CI can read
# inline image bytes from a git clone (no PDS blob fetch for inline images).
images_mirror     = "/path/to/blog-posts/images-mirror"
dist_dir          = "dist/"
social_links      = ["https://bsky.app/profile/handle.bsky.social"]
EOF

# Cold-start build + deploy (publishes the OAuth client metadata
# document the auth flow needs to fetch)
./fair --profile prod build
wrangler pages deploy dist/

# Auth + create publication record
./fair --profile prod auth login --handle handle.bsky.social
./fair --profile prod init publication

# Publish a post
./fair --profile prod publish blog-posts/my-post/index.md

# Persist the frontmatter id-write + any new images in images-mirror/
( cd /path/to/blog-posts && git add . && git commit -m 'publish: my-post' && git push )

# Render & deploy
./fair --profile prod build
wrangler pages deploy dist/

Subcommand reference#

Command	What it does
`auth login`	OAuth loopback flow against the active profile's PDS
`auth status`	Show the persisted session
`auth logout`	Clear the session
`init publication`	Create/update the singleton `site.standard.publication/self` record
`emit-client-metadata --out <dir>`	Write OAuth client metadata JSON
`publish <path>`	Publish a markdown post (`--dry-run`, `--force` available)
`build`	Render all PDS records to `dist/` (no auth required)
`ls`	Diff PDS records against local markdown
`doctor`	Five-check health report
`unpublish <rkey>`	Delete a `site.standard.document` record
`config show`	Print loaded config for the active profile

Profile is mandatory — pass --profile <name> or set FAIR_PROFILE. There is no default. Configs live at ~/.config/fair/config.<profile>.toml.

Sandbox#

The repo includes a fully-functional local sandbox PDS for end-to-end testing without touching production:

sandbox/seed.sh        # one-time bootstrap (Docker compose + mkcert + test account)
./fair --profile sandbox auth login --ca-bundle "$(mkcert -CAROOT)/rootCA.pem" \
  --handle aparker.pds.localtest.me
# … publish, build, eyeball at http://localhost:8000/ via dist-preview …
sandbox/reset.sh       # full teardown

See sandbox/README.md for why we use pds.localtest.me + Caddy + mkcert (the upstream PDS image rejects loopback hostnames in OAuth issuer URLs, so we work around it with a public-DNS-but-resolves-to-127.0.0.1 hostname).

Building from source#

Requirements:

Go 1.26+
Docker (for the sandbox)
mkcert (for the sandbox; brew install mkcert)
macOS or Linux (Windows works for prod commands but not sandbox)

git clone https://tangled.sh/aparker.io/fair
cd fair
go build -o fair ./cmd/fair
go test ./...

Project layout#

cmd/fair/             # CLI entrypoints (one file per subcommand)
internal/atproto/     # OAuth + XRPC client + session storage
internal/build/       # PDS records → dist/ HTML rendering
internal/config/      # TOML config + profile resolution
internal/markdown/    # Normalize + frontmatter + hash + goldmark parser
internal/ops/         # ls, doctor, unpublish
internal/publish/     # 13-step publish orchestrator + building blocks
sandbox/              # Local PDS Docker compose + Caddy + scripts
docs/design-plans/    # Validated architecture
docs/runbook.md          # First-deploy runbook

License#

MIT — see LICENSE.

Acknowledgments#

standard.site — the lexicon being implemented
haileyok/atproto-oauth-golang — the OAuth client library
bluesky-social/indigo — XRPC plumbing
yuin/goldmark — markdown rendering

Configure Feed