+3

cmd/hold/main.go

reviewed

··· 97 97 // Setup HTTP routes with chi router 98 98 r := chi.NewRouter() 99 99 100 100 + // Add RealIP middleware to extract real client IP from proxy headers 101 101 + r.Use(middleware.RealIP) 102 102 + 100 103 // Add logging middleware to log all HTTP requests 101 104 r.Use(middleware.Logger) 102 105

+873

docs/BLUESKY_MANIFEST_POSTS.md

reviewed

··· 1 1 + # Bluesky Manifest Posts 2 2 + 3 3 + ## Overview 4 4 + 5 5 + This document describes the feature for posting to Bluesky when OCI manifests are uploaded to ATCR holds. When a user pushes an image to the registry, the hold's embedded PDS will: 6 6 + 7 7 + 1. Create `io.atcr.hold.layer` records for structured metadata tracking 8 8 + 2. Post to Bluesky announcing the push (similar to the "what's new" feed on the AppView web UI) 9 9 + 10 10 + ## Architecture 11 11 + 12 12 + ### High-Level Flow 13 13 + 14 14 + ``` 15 15 + User pushes image 16 16 + ↓ 17 17 + AppView receives manifest PUT request 18 18 + ↓ 19 19 + AppView stores manifest in user's PDS 20 20 + ↓ 21 21 + AppView notifies hold via XRPC 22 22 + ↓ 23 23 + Hold creates layer records in embedded PDS 24 24 + ↓ 25 25 + Hold creates Bluesky post 26 26 + ↓ 27 27 + Post appears in Bluesky feed 28 28 + ``` 29 29 + 30 30 + ### Component Interactions 31 31 + 32 32 + **AppView** (`pkg/appview/storage/manifest_store.go`): 33 33 + - After successfully uploading manifest to user's PDS 34 34 + - Extracts manifest metadata (repository, tag, user info, layers) 35 35 + - Calls hold's `io.atcr.hold.notifyManifest` XRPC endpoint 36 36 + - Uses service token from user's PDS for authentication 37 37 + - Gracefully handles notification failures (doesn't fail manifest upload) 38 38 + 39 39 + **Hold** (`pkg/hold/oci/xrpc.go`): 40 40 + - Receives manifest notification via new XRPC endpoint 41 41 + - Validates service token and extracts user DID 42 42 + - Creates layer records for each blob reference in manifest 43 43 + - Creates Bluesky post announcing the push 44 44 + - Returns success/failure status 45 45 + 46 46 + **Hold's Embedded PDS** (`pkg/hold/pds/`): 47 47 + - Stores layer records in `io.atcr.hold.layer` collection 48 48 + - Stores Bluesky posts in `app.bsky.feed.post` collection 49 49 + - Both are ATProto records with auto-generated TID rkeys 50 50 + - Queryable via standard ATProto sync endpoints 51 51 + 52 52 + ## Implementation Details 53 53 + 54 54 + ### 1. Layer Record Schema 55 55 + 56 56 + **File**: `pkg/atproto/lexicon.go` 57 57 + 58 58 + **Collection**: `io.atcr.hold.layer` 59 59 + 60 60 + **Purpose**: Structured metadata about container layers stored in the hold 61 61 + 62 62 + **Schema**: 63 63 + ```go 64 64 + type LayerRecord struct { 65 65 + // Type identifier (always "io.atcr.hold.layer") 66 66 + Type string `json:"$type" cborgen:"$type"` 67 67 + 68 68 + // Digest of the layer (e.g., "sha256:abc123...") 69 69 + Digest string `json:"digest" cborgen:"digest"` 70 70 + 71 71 + // Size in bytes 72 72 + Size int64 `json:"size" cborgen:"size"` 73 73 + 74 74 + // MediaType of the layer 75 75 + MediaType string `json:"mediaType" cborgen:"mediaType"` 76 76 + 77 77 + // Repository this layer belongs to (e.g., "alice/myapp") 78 78 + Repository string `json:"repository" cborgen:"repository"` 79 79 + 80 80 + // User DID who uploaded this layer 81 81 + UserDID string `json:"userDid" cborgen:"userDid"` 82 82 + 83 83 + // User handle (for display purposes) 84 84 + UserHandle string `json:"userHandle,omitempty" cborgen:"userHandle,omitempty"` 85 85 + 86 86 + // Timestamp 87 87 + CreatedAt time.Time `json:"createdAt" cborgen:"createdAt"` 88 88 + } 89 89 + ``` 90 90 + 91 91 + **Constructor**: 92 92 + ```go 93 93 + func NewLayerRecord(digest string, size int64, mediaType, repository, userDID, userHandle string) *LayerRecord { 94 94 + return &LayerRecord{ 95 95 + Type: LayerCollection, 96 96 + Digest: digest, 97 97 + Size: size, 98 98 + MediaType: mediaType, 99 99 + Repository: repository, 100 100 + UserDID: userDID, 101 101 + UserHandle: userHandle, 102 102 + CreatedAt: time.Now(), 103 103 + } 104 104 + } 105 105 + ``` 106 106 + 107 107 + **Why CBOR tags**: The hold's embedded PDS uses CBOR encoding for efficient storage in the SQLite-backed carstore. All records stored in the hold must have `cborgen:` tags. 108 108 + 109 109 + ### 2. XRPC Manifest Notification Endpoint 110 110 + 111 111 + **File**: `pkg/hold/oci/xrpc.go` 112 112 + 113 113 + **Endpoint**: `POST /xrpc/io.atcr.hold.notifyManifest` 114 114 + 115 115 + **Authentication**: Service token from user's PDS (same pattern as blob upload endpoints) 116 116 + 117 117 + **Request Schema**: 118 118 + ```go 119 119 + type NotifyManifestRequest struct { 120 120 + // Repository name (e.g., "alice/myapp") 121 121 + Repository string `json:"repository"` 122 122 + 123 123 + // Tag (e.g., "latest", "v1.0.0") 124 124 + Tag string `json:"tag"` 125 125 + 126 126 + // User DID (e.g., "did:plc:abc123") 127 127 + UserDID string `json:"userDid"` 128 128 + 129 129 + // User handle (e.g., "alice.bsky.social") 130 130 + UserHandle string `json:"userHandle"` 131 131 + 132 132 + // Manifest content (parsed from uploaded manifest) 133 133 + Manifest struct { 134 134 + MediaType string `json:"mediaType"` 135 135 + Config struct { 136 136 + Digest string `json:"digest"` 137 137 + Size int64 `json:"size"` 138 138 + } `json:"config"` 139 139 + Layers []struct { 140 140 + Digest string `json:"digest"` 141 141 + Size int64 `json:"size"` 142 142 + MediaType string `json:"mediaType"` 143 143 + } `json:"layers"` 144 144 + } `json:"manifest"` 145 145 + } 146 146 + ``` 147 147 + 148 148 + **Response Schema**: 149 149 + ```go 150 150 + type NotifyManifestResponse struct { 151 151 + Success bool `json:"success"` 152 152 + LayersCreated int `json:"layersCreated"` 153 153 + PostCreated bool `json:"postCreated"` 154 154 + PostURI string `json:"postUri,omitempty"` // ATProto URI if post created 155 155 + Error string `json:"error,omitempty"` 156 156 + } 157 157 + ``` 158 158 + 159 159 + **Handler Implementation**: 160 160 + ```go 161 161 + func (h *XRPCHandler) HandleNotifyManifest(w http.ResponseWriter, r *http.Request) { 162 162 + ctx := r.Context() 163 163 + 164 164 + // 1. Validate service token (reuse existing auth middleware pattern) 165 165 + userDID, err := h.validateServiceToken(ctx, r) 166 166 + if err != nil { 167 167 + writeXRPCError(w, "InvalidToken", err.Error()) 168 168 + return 169 169 + } 170 170 + 171 171 + // 2. Parse request 172 172 + var req NotifyManifestRequest 173 173 + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { 174 174 + writeXRPCError(w, "InvalidRequest", err.Error()) 175 175 + return 176 176 + } 177 177 + 178 178 + // 3. Verify user DID matches token 179 179 + if req.UserDID != userDID { 180 180 + writeXRPCError(w, "Unauthorized", "user DID mismatch") 181 181 + return 182 182 + } 183 183 + 184 184 + // 4. Create layer records for each blob 185 185 + layersCreated := 0 186 186 + for _, layer := range req.Manifest.Layers { 187 187 + record := atproto.NewLayerRecord( 188 188 + layer.Digest, 189 189 + layer.Size, 190 190 + layer.MediaType, 191 191 + req.Repository, 192 192 + req.UserDID, 193 193 + req.UserHandle, 194 194 + ) 195 195 + 196 196 + _, _, err := h.pds.CreateLayerRecord(ctx, record) 197 197 + if err != nil { 198 198 + log.Printf("Failed to create layer record: %v", err) 199 199 + // Continue creating other records 200 200 + } else { 201 201 + layersCreated++ 202 202 + } 203 203 + } 204 204 + 205 205 + // 5. Create Bluesky post 206 206 + postURI, err := h.pds.CreateManifestPost(ctx, req.Repository, req.Tag, req.UserHandle) 207 207 + 208 208 + // 6. Return response 209 209 + resp := NotifyManifestResponse{ 210 210 + Success: layersCreated > 0 || err == nil, 211 211 + LayersCreated: layersCreated, 212 212 + PostCreated: err == nil, 213 213 + PostURI: postURI, 214 214 + } 215 215 + 216 216 + if err != nil && layersCreated == 0 { 217 217 + resp.Error = err.Error() 218 218 + } 219 219 + 220 220 + w.Header().Set("Content-Type", "application/json") 221 221 + json.NewEncoder(w).Encode(resp) 222 222 + } 223 223 + ``` 224 224 + 225 225 + ### 3. Hold PDS Layer Record Methods 226 226 + 227 227 + **File**: `pkg/hold/pds/layer.go` (new file) 228 228 + 229 229 + **Methods**: 230 230 + 231 231 + ```go 232 232 + // CreateLayerRecord creates a new layer record in the hold's PDS 233 233 + func (p *HoldPDS) CreateLayerRecord(ctx context.Context, record *atproto.LayerRecord) (string, string, error) { 234 234 + // Validate record 235 235 + if record.Type != atproto.LayerCollection { 236 236 + return "", "", fmt.Errorf("invalid record type: %s", record.Type) 237 237 + } 238 238 + 239 239 + if record.Digest == "" { 240 240 + return "", "", fmt.Errorf("digest is required") 241 241 + } 242 242 + 243 243 + // Create record with auto-generated TID rkey 244 244 + rkey, recordCID, err := p.repomgr.CreateRecord( 245 245 + ctx, 246 246 + p.uid, 247 247 + atproto.LayerCollection, 248 248 + record, 249 249 + ) 250 250 + 251 251 + if err != nil { 252 252 + return "", "", fmt.Errorf("failed to create layer record: %w", err) 253 253 + } 254 254 + 255 255 + log.Printf("Created layer record at %s/%s (digest: %s, size: %d)", 256 256 + atproto.LayerCollection, rkey, record.Digest, record.Size) 257 257 + 258 258 + return rkey, recordCID.String(), nil 259 259 + } 260 260 + 261 261 + // ListLayerRecords lists layer records with optional filtering 262 262 + func (p *HoldPDS) ListLayerRecords(ctx context.Context, limit int, cursor string) ([]*atproto.LayerRecord, string, error) { 263 263 + // Implementation using repomgr.GetRecord for pagination 264 264 + // This would query the carstore and unmarshal layer records 265 265 + // Return records + next cursor for pagination 266 266 + } 267 267 + 268 268 + // GetLayerRecord retrieves a specific layer record by rkey 269 269 + func (p *HoldPDS) GetLayerRecord(ctx context.Context, rkey string) (*atproto.LayerRecord, error) { 270 270 + // Implementation using repomgr.GetRecord 271 271 + } 272 272 + ``` 273 273 + 274 274 + ### 4. Bluesky Post Creation 275 275 + 276 276 + **File**: `pkg/hold/pds/manifest_post.go` (new file) 277 277 + 278 278 + **Pattern**: Reuse existing `status.go` pattern 279 279 + 280 280 + ```go 281 281 + // CreateManifestPost creates a Bluesky post announcing a manifest upload 282 282 + func (p *HoldPDS) CreateManifestPost(ctx context.Context, repository, tag, userHandle string) (string, error) { 283 283 + now := time.Now() 284 284 + 285 285 + // Format post text (similar to "what's new" feed) 286 286 + text := formatManifestPostText(repository, tag, userHandle) 287 287 + 288 288 + // Create post struct 289 289 + post := &bsky.FeedPost{ 290 290 + LexiconTypeID: "app.bsky.feed.post", 291 291 + Text: text, 292 292 + CreatedAt: now.Format(time.RFC3339), 293 293 + // Optional: Add embed with link to AppView 294 294 + // Embed: &bsky.FeedPost_Embed{...} 295 295 + } 296 296 + 297 297 + // Create record with auto-generated TID 298 298 + rkey, recordCID, err := p.repomgr.CreateRecord( 299 299 + ctx, 300 300 + p.uid, 301 301 + "app.bsky.feed.post", 302 302 + post, 303 303 + ) 304 304 + 305 305 + if err != nil { 306 306 + return "", fmt.Errorf("failed to create manifest post: %w", err) 307 307 + } 308 308 + 309 309 + // Build ATProto URI for the post 310 310 + postURI := fmt.Sprintf("at://%s/app.bsky.feed.post/%s", p.did, rkey) 311 311 + 312 312 + log.Printf("Created manifest post: %s (cid: %s)", postURI, recordCID) 313 313 + 314 314 + return postURI, nil 315 315 + } 316 316 + 317 317 + // formatManifestPostText generates the post text 318 318 + func formatManifestPostText(repository, tag, userHandle string) string { 319 319 + // Example formats: 320 320 + // "@alice.bsky.social pushed alice/myapp:latest to ATCR" 321 321 + // "New image pushed: alice/myapp:v1.0.0 by @alice.bsky.social" 322 322 + // "📦 alice/myapp:latest pushed by @alice.bsky.social" 323 323 + 324 324 + return fmt.Sprintf("📦 %s:%s pushed by @%s", repository, tag, userHandle) 325 325 + } 326 326 + ``` 327 327 + 328 328 + **Advanced Post Options**: 329 329 + 330 330 + ```go 331 331 + // Example with embedded link to AppView 332 332 + post := &bsky.FeedPost{ 333 333 + LexiconTypeID: "app.bsky.feed.post", 334 334 + Text: text, 335 335 + CreatedAt: now.Format(time.RFC3339), 336 336 + Embed: &bsky.FeedPost_Embed{ 337 337 + FeedPost_External: &bsky.EmbedExternal{ 338 338 + External: &bsky.EmbedExternal_External{ 339 339 + Uri: fmt.Sprintf("https://atcr.io/%s", repository), 340 340 + Title: fmt.Sprintf("%s:%s", repository, tag), 341 341 + Description: "View on ATCR", 342 342 + }, 343 343 + }, 344 344 + }, 345 345 + } 346 346 + 347 347 + // Example with facets (mentions) 348 348 + // This would require parsing the text and creating facet structs 349 349 + // for @mentions to be clickable in Bluesky 350 350 + ``` 351 351 + 352 352 + ### 5. AppView Integration 353 353 + 354 354 + **File**: `pkg/appview/storage/manifest_store.go` 355 355 + 356 356 + **Integration Point**: After `client.PutRecord()` succeeds (around line 130-140) 357 357 + 358 358 + ```go 359 359 + // Existing code: 360 360 + recordURI, recordCID, err := ms.client.PutRecord(ctx, atproto.ManifestCollection, rkey, manifestRecord) 361 361 + if err != nil { 362 362 + return "", fmt.Errorf("failed to store manifest in PDS: %w", err) 363 363 + } 364 364 + 365 365 + // NEW: Notify hold about manifest upload 366 366 + if err := ms.notifyHoldAboutManifest(ctx, desc, manifestRecord, tag); err != nil { 367 367 + // Log error but don't fail the manifest upload 368 368 + log.Printf("Failed to notify hold about manifest: %v", err) 369 369 + } 370 370 + 371 371 + return desc.Digest.String(), nil 372 372 + ``` 373 373 + 374 374 + **Implementation**: 375 375 + 376 376 + ```go 377 377 + // notifyHoldAboutManifest sends manifest metadata to the hold 378 378 + func (ms *ManifestStore) notifyHoldAboutManifest( 379 379 + ctx context.Context, 380 380 + desc distribution.Descriptor, 381 381 + manifestRecord *atproto.ManifestRecord, 382 382 + tag string, 383 383 + ) error { 384 384 + // 1. Get registry context 385 385 + regCtx, err := storage.GetRegistryContext(ctx) 386 386 + if err != nil { 387 387 + return fmt.Errorf("failed to get registry context: %w", err) 388 388 + } 389 389 + 390 390 + // 2. Resolve hold DID to endpoint 391 391 + holdEndpoint, err := ms.resolver.ResolveDIDToHTTPEndpoint(ctx, manifestRecord.HoldDID) 392 392 + if err != nil { 393 393 + return fmt.Errorf("failed to resolve hold DID: %w", err) 394 394 + } 395 395 + 396 396 + // 3. Get service token from user's PDS 397 397 + serviceToken, err := regCtx.Refresher.GetServiceToken(ctx, regCtx.DID, manifestRecord.HoldDID) 398 398 + if err != nil { 399 399 + return fmt.Errorf("failed to get service token: %w", err) 400 400 + } 401 401 + 402 402 + // 4. Parse manifest to extract layer info 403 403 + var parsedManifest struct { 404 404 + MediaType string `json:"mediaType"` 405 405 + Config distribution.Descriptor `json:"config"` 406 406 + Layers []distribution.Descriptor `json:"layers"` 407 407 + } 408 408 + 409 409 + if err := json.Unmarshal(manifestRecord.ManifestBlob.Data, &parsedManifest); err != nil { 410 410 + return fmt.Errorf("failed to parse manifest: %w", err) 411 411 + } 412 412 + 413 413 + // 5. Build notification request 414 414 + notifyReq := map[string]interface{}{ 415 415 + "repository": ms.repository, 416 416 + "tag": tag, 417 417 + "userDid": regCtx.DID, 418 418 + "userHandle": regCtx.Handle, // Need to add this to RegistryContext 419 419 + "manifest": map[string]interface{}{ 420 420 + "mediaType": parsedManifest.MediaType, 421 421 + "config": map[string]interface{}{ 422 422 + "digest": parsedManifest.Config.Digest.String(), 423 423 + "size": parsedManifest.Config.Size, 424 424 + }, 425 425 + "layers": func() []map[string]interface{} { 426 426 + layers := make([]map[string]interface{}, len(parsedManifest.Layers)) 427 427 + for i, layer := range parsedManifest.Layers { 428 428 + layers[i] = map[string]interface{}{ 429 429 + "digest": layer.Digest.String(), 430 430 + "size": layer.Size, 431 431 + "mediaType": layer.MediaType, 432 432 + } 433 433 + } 434 434 + return layers 435 435 + }(), 436 436 + }, 437 437 + } 438 438 + 439 439 + // 6. Call hold's XRPC endpoint 440 440 + reqBody, _ := json.Marshal(notifyReq) 441 441 + req, err := http.NewRequestWithContext( 442 442 + ctx, 443 443 + "POST", 444 444 + holdEndpoint+"/xrpc/io.atcr.hold.notifyManifest", 445 445 + bytes.NewReader(reqBody), 446 446 + ) 447 447 + if err != nil { 448 448 + return err 449 449 + } 450 450 + 451 451 + req.Header.Set("Content-Type", "application/json") 452 452 + req.Header.Set("Authorization", "Bearer "+serviceToken) 453 453 + 454 454 + resp, err := http.DefaultClient.Do(req) 455 455 + if err != nil { 456 456 + return err 457 457 + } 458 458 + defer resp.Body.Close() 459 459 + 460 460 + if resp.StatusCode != http.StatusOK { 461 461 + body, _ := io.ReadAll(resp.Body) 462 462 + return fmt.Errorf("hold notification failed: %s (status: %d)", body, resp.StatusCode) 463 463 + } 464 464 + 465 465 + // 7. Parse response (optional logging) 466 466 + var notifyResp map[string]interface{} 467 467 + if err := json.NewDecoder(resp.Body).Decode(&notifyResp); err == nil { 468 468 + log.Printf("Hold notification successful: %+v", notifyResp) 469 469 + } 470 470 + 471 471 + return nil 472 472 + } 473 473 + ``` 474 474 + 475 475 + ### 6. Record Type Registration 476 476 + 477 477 + **File**: `pkg/hold/pds/server.go` 478 478 + 479 479 + **In `init()` function** (around line 30): 480 480 + 481 481 + ```go 482 482 + func init() { 483 483 + // Existing registrations 484 484 + lexutil.RegisterType(atproto.CaptainCollection, &atproto.CaptainRecord{}) 485 485 + lexutil.RegisterType(atproto.CrewCollection, &atproto.CrewRecord{}) 486 486 + lexutil.RegisterType(atproto.TangledProfileCollection, &atproto.TangledProfileRecord{}) 487 487 + 488 488 + // NEW: Register layer record type 489 489 + lexutil.RegisterType(atproto.LayerCollection, &atproto.LayerRecord{}) 490 490 + } 491 491 + ``` 492 492 + 493 493 + **Why needed**: ATProto's CBOR unmarshaling requires type registration to automatically deserialize records when reading from the carstore. 494 494 + 495 495 + ## Testing Strategy 496 496 + 497 497 + ### Unit Tests 498 498 + 499 499 + **Test Layer Record Creation** (`pkg/hold/pds/layer_test.go`): 500 500 + ```go 501 501 + func TestCreateLayerRecord(t *testing.T) { 502 502 + pds := setupTestPDS(t) 503 503 + ctx := context.Background() 504 504 + 505 505 + record := atproto.NewLayerRecord( 506 506 + "sha256:abc123", 507 507 + 1024, 508 508 + "application/vnd.docker.image.rootfs.diff.tar.gzip", 509 509 + "alice/myapp", 510 510 + "did:plc:alice123", 511 511 + "alice.bsky.social", 512 512 + ) 513 513 + 514 514 + rkey, cid, err := pds.CreateLayerRecord(ctx, record) 515 515 + assert.NoError(t, err) 516 516 + assert.NotEmpty(t, rkey) 517 517 + assert.NotEmpty(t, cid) 518 518 + 519 519 + // Verify record was stored 520 520 + retrieved, err := pds.GetLayerRecord(ctx, rkey) 521 521 + assert.NoError(t, err) 522 522 + assert.Equal(t, record.Digest, retrieved.Digest) 523 523 + } 524 524 + ``` 525 525 + 526 526 + **Test Manifest Post Creation** (`pkg/hold/pds/manifest_post_test.go`): 527 527 + ```go 528 528 + func TestCreateManifestPost(t *testing.T) { 529 529 + pds := setupTestPDS(t) 530 530 + ctx := context.Background() 531 531 + 532 532 + postURI, err := pds.CreateManifestPost(ctx, "alice/myapp", "latest", "alice.bsky.social") 533 533 + assert.NoError(t, err) 534 534 + assert.Contains(t, postURI, "app.bsky.feed.post") 535 535 + 536 536 + // Parse URI and verify post exists 537 537 + // at://did:web:hold01.atcr.io/app.bsky.feed.post/{rkey} 538 538 + } 539 539 + ``` 540 540 + 541 541 + **Test XRPC Endpoint** (`pkg/hold/oci/xrpc_test.go`): 542 542 + ```go 543 543 + func TestHandleNotifyManifest(t *testing.T) { 544 544 + handler := setupTestHandler(t) 545 545 + 546 546 + req := NotifyManifestRequest{ 547 547 + Repository: "alice/myapp", 548 548 + Tag: "latest", 549 549 + UserDID: "did:plc:alice123", 550 550 + UserHandle: "alice.bsky.social", 551 551 + Manifest: /* ... */, 552 552 + } 553 553 + 554 554 + // Make HTTP request with service token 555 555 + resp := makeRequest(t, handler, req, validServiceToken) 556 556 + 557 557 + assert.Equal(t, http.StatusOK, resp.StatusCode) 558 558 + 559 559 + var result NotifyManifestResponse 560 560 + json.NewDecoder(resp.Body).Decode(&result) 561 561 + 562 562 + assert.True(t, result.Success) 563 563 + assert.Equal(t, 3, result.LayersCreated) // if manifest has 3 layers 564 564 + assert.True(t, result.PostCreated) 565 565 + } 566 566 + ``` 567 567 + 568 568 + ### Integration Tests 569 569 + 570 570 + **End-to-End Test**: 571 571 + 1. Push a test image to ATCR 572 572 + 2. Verify manifest is stored in user's PDS 573 573 + 3. Verify layer records are created in hold's PDS 574 574 + 4. Verify Bluesky post is created in hold's PDS 575 575 + 5. Query ATProto endpoints to retrieve records 576 576 + 577 577 + ## Error Handling 578 578 + 579 579 + ### AppView Side 580 580 + 581 581 + **Notification failures should NOT break manifest uploads**: 582 582 + - If hold is unreachable: Log error, continue 583 583 + - If service token fails: Log error, continue 584 584 + - If hold returns error: Log error, continue 585 585 + 586 586 + **Rationale**: Bluesky posts are a "nice to have" feature, not critical infrastructure. Image pushes must succeed even if social features fail. 587 587 + 588 588 + ### Hold Side 589 589 + 590 590 + **Partial failures are acceptable**: 591 591 + - If some layer records fail: Create what we can, return partial success 592 592 + - If Bluesky post fails but layers succeed: Return success with `postCreated: false` 593 593 + - If all operations fail: Return error response 594 594 + 595 595 + **Logging**: 596 596 + - Log all errors for debugging 597 597 + - Include user DID, repository, and error details 598 598 + - Use structured logging for easy querying 599 599 + 600 600 + ## Configuration 601 601 + 602 602 + ### Environment Variables 603 603 + 604 604 + **Hold Service** (`.env.hold.example`): 605 605 + ```bash 606 606 + # Enable/disable Bluesky posting 607 607 + HOLD_BLUESKY_POSTS_ENABLED=true 608 608 + 609 609 + # Enable/disable layer record creation 610 610 + HOLD_LAYER_RECORDS_ENABLED=true 611 611 + ``` 612 612 + 613 613 + **AppView** (`.env.appview.example`): 614 614 + ```bash 615 615 + # Enable/disable manifest notifications to holds 616 616 + ATCR_NOTIFY_HOLDS_ENABLED=true 617 617 + ``` 618 618 + 619 619 + ### Feature Flags 620 620 + 621 621 + Consider making this feature opt-in initially: 622 622 + - Add flag to captain record: `enableSocialPosts bool` 623 623 + - Check flag before creating posts 624 624 + - Allow hold owners to disable social features 625 625 + 626 626 + ## Performance Considerations 627 627 + 628 628 + ### Database Impact 629 629 + 630 630 + **Layer records**: Each manifest upload creates N records (where N = number of layers) 631 631 + - Typical image: 5-10 layers 632 632 + - Large image: 50+ layers 633 633 + - Storage: ~500 bytes per record (CBOR compressed) 634 634 + 635 635 + **Bluesky posts**: One post per manifest 636 636 + - Storage: ~200 bytes per post 637 637 + - Indexed by creation time for feed queries 638 638 + 639 639 + **Carstore growth**: Estimate ~5KB per manifest upload (records + post) 640 640 + 641 641 + ### Network Impact 642 642 + 643 643 + **AppView → Hold notification**: 644 644 + - One HTTP POST per manifest upload 645 645 + - Payload size: ~2-10KB (depends on layer count) 646 646 + - Should complete in <100ms on local network 647 647 + 648 648 + **Service token requests**: 649 649 + - Tokens cached for 50 seconds 650 650 + - Minimal overhead if pushing multiple manifests quickly 651 651 + 652 652 + ### Optimization Opportunities 653 653 + 654 654 + 1. **Batch layer record creation**: Use `BatchWrite` for multiple records 655 655 + 2. **Async processing**: Queue notifications and process in background 656 656 + 3. **Rate limiting**: Limit posts per user/hold to prevent spam 657 657 + 4. **Deduplication**: Skip layer records for already-seen digests 658 658 + 659 659 + ## Future Enhancements 660 660 + 661 661 + ### Phase 2: Enhanced Posts 662 662 + 663 663 + **Rich embeds**: 664 664 + - Link preview to AppView repository page 665 665 + - Thumbnail image from first layer 666 666 + - Metadata badges (image size, layer count, tags) 667 667 + 668 668 + **Mentions**: 669 669 + - Parse user handle and create Bluesky facets for @mentions 670 670 + - Enable clickable mentions in posts 671 671 + 672 672 + **Tags/hashtags**: 673 673 + - Add `#container`, `#docker`, repository tags 674 674 + - Improve discoverability in Bluesky 675 675 + 676 676 + ### Phase 3: Feed Customization 677 677 + 678 678 + **Hold-specific feeds**: 679 679 + - Query layer records by repository 680 680 + - Filter by user DID 681 681 + - Time-based queries 682 682 + 683 683 + **ATProto feed generator**: 684 684 + - Implement `app.bsky.feed.getFeedSkeleton` XRPC endpoint 685 685 + - Publish hold's feed to Bluesky 686 686 + - Users can subscribe to hold activity feeds 687 687 + 688 688 + ### Phase 4: Analytics 689 689 + 690 690 + **Track metrics**: 691 691 + - Posts per day/week/month 692 692 + - Most active users 693 693 + - Most popular repositories 694 694 + - Storage growth over time 695 695 + 696 696 + **Dashboards**: 697 697 + - Visualize activity on AppView UI 698 698 + - Show trending images 699 699 + - Leaderboards for most pushed repositories 700 700 + 701 701 + ## Security Considerations 702 702 + 703 703 + ### Authentication 704 704 + 705 705 + **Service tokens**: 706 706 + - Validate tokens against user's PDS 707 707 + - Verify DID matches in token claims 708 708 + - Check token expiration (60s from PDS) 709 709 + 710 710 + **Authorization**: 711 711 + - Only authenticated users can trigger posts 712 712 + - Posts created under hold's DID (not user's DID) 713 713 + - User information is metadata in post text 714 714 + 715 715 + ### Privacy 716 716 + 717 717 + **User handles**: 718 718 + - Posts include user handle (`@alice.bsky.social`) 719 719 + - Consider opt-out mechanism for privacy-conscious users 720 720 + 721 721 + **Repository names**: 722 722 + - Public information (already visible in AppView) 723 723 + - Consider private repository flags in future 724 724 + 725 725 + ### Rate Limiting 726 726 + 727 727 + **Prevent spam**: 728 728 + - Limit posts per user per hour 729 729 + - Detect rapid-fire pushes (CI/CD) 730 730 + - Consider aggregating multiple pushes into single post 731 731 + 732 732 + **Resource protection**: 733 733 + - Limit layer record creation to prevent storage exhaustion 734 734 + - Cap manifest notification payload size 735 735 + - Timeout long-running operations 736 736 + 737 737 + ## Monitoring and Observability 738 738 + 739 739 + ### Metrics to Track 740 740 + 741 741 + **AppView**: 742 742 + - `atcr_hold_notifications_total` - Counter of notifications sent 743 743 + - `atcr_hold_notifications_errors` - Counter of failures 744 744 + - `atcr_hold_notification_duration_ms` - Histogram of latency 745 745 + 746 746 + **Hold**: 747 747 + - `hold_layer_records_created_total` - Counter of layer records 748 748 + - `hold_bluesky_posts_created_total` - Counter of posts 749 749 + - `hold_manifest_notifications_received_total` - Counter of incoming notifications 750 750 + - `hold_notification_errors_total` - Counter of errors by type 751 751 + 752 752 + ### Logging 753 753 + 754 754 + **Structured logs**: 755 755 + ```json 756 756 + { 757 757 + "level": "info", 758 758 + "msg": "manifest notification received", 759 759 + "repository": "alice/myapp", 760 760 + "tag": "latest", 761 761 + "userDid": "did:plc:alice123", 762 762 + "layerCount": 5, 763 763 + "layersCreated": 5, 764 764 + "postCreated": true, 765 765 + "duration_ms": 45 766 766 + } 767 767 + ``` 768 768 + 769 769 + ### Alerts 770 770 + 771 771 + **Critical issues**: 772 772 + - High error rate (>10% failures) 773 773 + - Service token failures (auth issues) 774 774 + - PDS carstore errors (database problems) 775 775 + 776 776 + **Warning issues**: 777 777 + - Slow notifications (>1s latency) 778 778 + - Partial failures (some layers not created) 779 779 + - Missing user handle in context 780 780 + 781 781 + ## Migration Strategy 782 782 + 783 783 + ### Rollout Plan 784 784 + 785 785 + **Phase 1: Development** 786 786 + - Implement core functionality 787 787 + - Add comprehensive tests 788 788 + - Deploy to staging environment 789 789 + 790 790 + **Phase 2: Beta** 791 791 + - Enable for test holds only 792 792 + - Gather feedback from early users 793 793 + - Monitor performance and errors 794 794 + 795 795 + **Phase 3: Opt-in** 796 796 + - Add configuration flags 797 797 + - Allow hold owners to enable feature 798 798 + - Document setup process 799 799 + 800 800 + **Phase 4: Default On** 801 801 + - Enable by default for new holds 802 802 + - Migrate existing holds (opt-out available) 803 803 + - Announce feature publicly 804 804 + 805 805 + ### Backward Compatibility 806 806 + 807 807 + **No breaking changes**: 808 808 + - New XRPC endpoint (doesn't affect existing endpoints) 809 809 + - New record types (isolated collections) 810 810 + - Optional feature (can be disabled) 811 811 + 812 812 + **Existing holds**: 813 813 + - Work without changes 814 814 + - Can opt-in by updating hold service 815 815 + - No data migration required 816 816 + 817 817 + ## Example Post Formats 818 818 + 819 819 + ### Simple Format 820 820 + ``` 821 821 + 📦 alice/myapp:latest pushed by @alice.bsky.social 822 822 + ``` 823 823 + 824 824 + ### Detailed Format 825 825 + ``` 826 826 + 📦 New container image pushed! 827 827 + 828 828 + alice/myapp:v1.2.3 829 829 + Pushed by @alice.bsky.social 830 830 + 5 layers, 125 MB total 831 831 + 832 832 + View: https://atcr.io/alice/myapp 833 833 + ``` 834 834 + 835 835 + ### With Emoji/Styling 836 836 + ``` 837 837 + 🚀 alice/myapp:latest 838 838 + 839 839 + ✅ 5 layers 840 840 + 📦 125.4 MB 841 841 + 👤 @alice.bsky.social 842 842 + 🔗 atcr.io/alice/myapp 843 843 + ``` 844 844 + 845 845 + ### With Tags 846 846 + ``` 847 847 + 📦 alice/myapp:latest pushed by @alice.bsky.social 848 848 + 849 849 + #container #docker #atcr 850 850 + ``` 851 851 + 852 852 + ## References 853 853 + 854 854 + ### Related Code 855 855 + 856 856 + - Existing Bluesky post implementation: `pkg/hold/pds/status.go` 857 857 + - XRPC endpoint pattern: `pkg/hold/oci/xrpc.go` 858 858 + - Record type definitions: `pkg/atproto/lexicon.go` 859 859 + - Manifest storage: `pkg/appview/storage/manifest_store.go` 860 860 + - Service token handling: `pkg/auth/oauth/refresher.go` 861 861 + 862 862 + ### External Documentation 863 863 + 864 864 + - ATProto Record Schema: https://atproto.com/specs/record-key 865 865 + - Bluesky Post Lexicon: https://atproto.com/lexicons/app-bsky-feed#appbskyfeedpost 866 866 + - CBOR Encoding: https://cbor.io/ 867 867 + - Bluesky Facets (mentions/links): https://atproto.com/specs/richtext 868 868 + 869 869 + ### Tools 870 870 + 871 871 + - CBOR code generation: `github.com/whyrusleeping/cbor-gen` 872 872 + - ATProto libraries: `github.com/bluesky-social/indigo` 873 873 + - Testing: Standard Go testing + `testify/assert`