A lexicon-driven AppView for ATProto. happyview.dev
backfill firehose jetstream atproto appview oauth lexicon
8
fork

Configure Feed

Select the types of activity you want to include in your feed.

docs: update from localhost to 127.0.0.1 (atrium requirement)

Trezy 12086bd6 fde532dc

+87 -75
+2 -2
packages/docs/docs/getting-started/authentication.md
··· 95 95 96 96 ```sh 97 97 export TOKEN="hv_your-api-key-here" 98 - curl http://localhost:3000/admin/lexicons \ 98 + curl http://127.0.0.1:3000/admin/lexicons \ 99 99 -H "Authorization: Bearer $TOKEN" 100 100 ``` 101 101 ··· 196 196 ``` 197 197 POST /oauth/dpop-keys 198 198 X-Client-Key: hvc_... 199 - Origin: http://localhost:3000 199 + Origin: http://127.0.0.1:3000 200 200 Content-Type: application/json 201 201 202 202 { "pkce_challenge": "base64url..." }
+6 -2
packages/docs/docs/getting-started/configuration.md
··· 8 8 |----------|----------|---------|-------------| 9 9 | `DATABASE_URL` | yes | --- | Database connection string. SQLite (`sqlite://path/to/db?mode=rwc`) or Postgres (`postgres://user:pass@host/db`) | 10 10 | `DATABASE_BACKEND` | no | auto-detected | Force `sqlite` or `postgres`. Auto-detected from `DATABASE_URL` scheme if not set | 11 - | `PUBLIC_URL` | yes | --- | Public-facing URL for HappyView (used for OAuth callbacks, e.g. `https://happyview.example.com`) | 11 + | `PUBLIC_URL` | yes | --- | Public-facing URL for HappyView (used for OAuth callbacks, e.g. `https://happyview.example.com`). **For local development, use `http://127.0.0.1:3000` — not `localhost`** (see note below) | 12 12 | `SESSION_SECRET` | no | dev default | Secret key for signing session cookies (at least 64 characters). **Must be set in production** | 13 13 | `HOST` | no | `0.0.0.0` | Bind host | 14 14 | `PORT` | no | `3000` | Bind port | ··· 26 26 | `TOS_URI` | no | --- | URL to terms of service. Overridden by database setting if set via admin API | 27 27 | `POLICY_URI` | no | --- | URL to privacy policy. Overridden by database setting if set via admin API | 28 28 29 + :::warning[Use 127.0.0.1, not localhost] 30 + ATProto OAuth loopback clients are registered with `127.0.0.1`. If you set `PUBLIC_URL` to `http://localhost:3000`, OAuth sign-in will fail because the redirect URI won't match the loopback client ID. Always use `http://127.0.0.1:3000` for local development. 31 + ::: 32 + 29 33 ## Example `.env` 30 34 31 35 ```sh 32 36 # SQLite (default — zero setup required) 33 37 DATABASE_URL=sqlite://data/happyview.db?mode=rwc 34 - PUBLIC_URL=http://localhost:3000 38 + PUBLIC_URL=http://127.0.0.1:3000 35 39 SESSION_SECRET=change-me-in-production 36 40 37 41 # Or use Postgres instead:
+6 -2
packages/docs/docs/getting-started/deployment/docker.md
··· 14 14 cp .env.example .env 15 15 ``` 16 16 17 - Edit `.env` and set at least `PUBLIC_URL` (e.g. `http://localhost:3000`) and `SESSION_SECRET` (at least 64 characters). The defaults work for everything else. See [Configuration](../configuration.md) for the full list of environment variables. 17 + Edit `.env` and set at least `PUBLIC_URL` (e.g. `http://127.0.0.1:3000`) and `SESSION_SECRET` (at least 64 characters). The defaults work for everything else. See [Configuration](../configuration.md) for the full list of environment variables. 18 + 19 + :::warning[Use 127.0.0.1, not localhost] 20 + ATProto OAuth loopback clients are registered with `127.0.0.1`. If you set `PUBLIC_URL` to `http://localhost:3000`, OAuth sign-in will fail because the redirect URI won't match the loopback client ID. Always use `http://127.0.0.1:3000` for local development. 21 + ::: 18 22 19 23 ## 2. Start the stack 20 24 ··· 31 35 32 36 HappyView runs migrations automatically on startup. The first build will take a few minutes while Rust compiles. 33 37 34 - The `happyview` container serves its own bundled dashboard at `http://localhost:3000`, but that copy is baked in at container build time and only updates when you rebuild the image. For day-to-day development, use the dev dashboard at `http://localhost:3001` — it hot-reloads on changes to the `web/` source. 38 + The `happyview` container serves its own bundled dashboard at `http://127.0.0.1:3000`, but that copy is baked in at container build time and only updates when you rebuild the image. For day-to-day development, use the dev dashboard at `http://127.0.0.1:3001` — it hot-reloads on changes to the `web/` source. 35 39 36 40 :::tip 37 41 SQLite is the default and requires no extra services. To use Postgres instead, uncomment the `postgres` service in `docker-compose.yml` and update `DATABASE_URL` in `.env`. See the [database setup guide](../../guides/database/database-setup.md).
+5 -1
packages/docs/docs/getting-started/deployment/other.md
··· 20 20 ```sh 21 21 # SQLite (default — no setup needed, file created automatically) 22 22 DATABASE_URL=sqlite://data/happyview.db?mode=rwc 23 - PUBLIC_URL=http://localhost:3000 23 + PUBLIC_URL=http://127.0.0.1:3000 24 24 SESSION_SECRET=change-me-in-production 25 25 ``` 26 + 27 + :::warning[Use 127.0.0.1, not localhost] 28 + ATProto OAuth loopback clients are registered with `127.0.0.1`. If you set `PUBLIC_URL` to `http://localhost:3000`, OAuth sign-in will fail because the redirect URI won't match the loopback client ID. Always use `http://127.0.0.1:3000` for local development. 29 + ::: 26 30 27 31 Or if you prefer Postgres: 28 32
+1 -1
packages/docs/docs/guides/admin/api-keys.md
··· 27 27 Pass the key as a Bearer token in the `Authorization` header: 28 28 29 29 ```sh 30 - curl http://localhost:3000/admin/lexicons \ 30 + curl http://127.0.0.1:3000/admin/lexicons \ 31 31 -H "Authorization: Bearer hv_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4" 32 32 ``` 33 33
+4 -4
packages/docs/docs/guides/admin/event-logs.md
··· 106 106 107 107 ```sh 108 108 # Get all errors 109 - curl "http://localhost:3000/admin/events?severity=error" -H "$AUTH" 109 + curl "http://127.0.0.1:3000/admin/events?severity=error" -H "$AUTH" 110 110 111 111 # Get script errors for a specific lexicon 112 - curl "http://localhost:3000/admin/events?event_type=script.error&subject=com.example.feed.like" -H "$AUTH" 112 + curl "http://127.0.0.1:3000/admin/events?event_type=script.error&subject=com.example.feed.like" -H "$AUTH" 113 113 114 114 # Get all lexicon-related events 115 - curl "http://localhost:3000/admin/events?category=lexicon" -H "$AUTH" 115 + curl "http://127.0.0.1:3000/admin/events?category=lexicon" -H "$AUTH" 116 116 117 117 # Paginate through results 118 - curl "http://localhost:3000/admin/events?limit=20&cursor=2026-03-01T11:59:00Z" -H "$AUTH" 118 + curl "http://127.0.0.1:3000/admin/events?limit=20&cursor=2026-03-01T11:59:00Z" -H "$AUTH" 119 119 ``` 120 120 121 121 See the [Admin API reference](../../reference/admin/events.md#list-event-logs) for full parameter documentation.
+1 -1
packages/docs/docs/guides/features/api-clients.md
··· 50 50 ### From the API 51 51 52 52 ```sh 53 - curl -X POST http://localhost:3000/admin/api-clients \ 53 + curl -X POST http://127.0.0.1:3000/admin/api-clients \ 54 54 -H "Authorization: Bearer $TOKEN" \ 55 55 -H "Content-Type: application/json" \ 56 56 -d '{
+3 -3
packages/docs/docs/guides/features/labelers.md
··· 22 22 You can also add a labeler via the API: 23 23 24 24 ```sh 25 - curl -X POST http://localhost:3000/admin/labelers \ 25 + curl -X POST http://127.0.0.1:3000/admin/labelers \ 26 26 -H "$AUTH" \ 27 27 -H "Content-Type: application/json" \ 28 28 -d '{ "did": "did:plc:ar7c4by46qjdydhdevvrndac" }' ··· 33 33 You can pause a labeler subscription to temporarily stop consuming labels without losing your cursor position. Click the pause icon next to the labeler in the table, or use the API: 34 34 35 35 ```sh 36 - curl -X PATCH http://localhost:3000/admin/labelers/did:plc:ar7c4by46qjdydhdevvrndac \ 36 + curl -X PATCH http://127.0.0.1:3000/admin/labelers/did:plc:ar7c4by46qjdydhdevvrndac \ 37 37 -H "$AUTH" \ 38 38 -H "Content-Type: application/json" \ 39 39 -d '{ "status": "paused" }' ··· 51 51 Or via the API: 52 52 53 53 ```sh 54 - curl -X DELETE http://localhost:3000/admin/labelers/did:plc:ar7c4by46qjdydhdevvrndac \ 54 + curl -X DELETE http://127.0.0.1:3000/admin/labelers/did:plc:ar7c4by46qjdydhdevvrndac \ 55 55 -H "$AUTH" 56 56 ``` 57 57
+1 -1
packages/docs/docs/guides/scripting/batch-save.md
··· 30 30 ## Usage 31 31 32 32 ```sh 33 - curl -X POST http://localhost:3000/xrpc/xyz.statusphere.batchCreate \ 33 + curl -X POST http://127.0.0.1:3000/xrpc/xyz.statusphere.batchCreate \ 34 34 -H "X-Client-Key: $CLIENT_KEY" \ 35 35 -H "Authorization: Bearer $TOKEN" \ 36 36 -H "Content-Type: application/json" \
+1 -1
packages/docs/docs/guides/scripting/cascading-delete.md
··· 55 55 ## Usage 56 56 57 57 ```sh 58 - curl -X POST http://localhost:3000/xrpc/xyz.statusphere.deletePost \ 58 + curl -X POST http://127.0.0.1:3000/xrpc/xyz.statusphere.deletePost \ 59 59 -H "X-Client-Key: $CLIENT_KEY" \ 60 60 -H "Authorization: Bearer $TOKEN" \ 61 61 -H "Content-Type: application/json" \
+1 -1
packages/docs/docs/guides/scripting/complex-mutations.md
··· 67 67 ## Usage 68 68 69 69 ```sh 70 - curl -X POST http://localhost:3000/xrpc/xyz.statusphere.updatePost \ 70 + curl -X POST http://127.0.0.1:3000/xrpc/xyz.statusphere.updatePost \ 71 71 -H "X-Client-Key: $CLIENT_KEY" \ 72 72 -H "Authorization: Bearer $TOKEN" \ 73 73 -H "Content-Type: application/json" \
+1 -1
packages/docs/docs/guides/scripting/create-record.md
··· 21 21 ## Usage 22 22 23 23 ```sh 24 - curl -X POST http://localhost:3000/xrpc/xyz.statusphere.createRecord \ 24 + curl -X POST http://127.0.0.1:3000/xrpc/xyz.statusphere.createRecord \ 25 25 -H "X-Client-Key: $CLIENT_KEY" \ 26 26 -H "Authorization: Bearer $TOKEN" \ 27 27 -H "Content-Type: application/json" \
+1 -1
packages/docs/docs/guides/scripting/sidecar-records.md
··· 40 40 ## Usage 41 41 42 42 ```sh 43 - curl -X POST http://localhost:3000/xrpc/xyz.statusphere.createPost \ 43 + curl -X POST http://127.0.0.1:3000/xrpc/xyz.statusphere.createPost \ 44 44 -H "X-Client-Key: $CLIENT_KEY" \ 45 45 -H "Authorization: Bearer $TOKEN" \ 46 46 -H "Content-Type: application/json" \
+3 -3
packages/docs/docs/guides/scripting/update-or-delete.md
··· 38 38 39 39 ```sh 40 40 # Create 41 - curl -X POST http://localhost:3000/xrpc/xyz.statusphere.setRecord \ 41 + curl -X POST http://127.0.0.1:3000/xrpc/xyz.statusphere.setRecord \ 42 42 -H "X-Client-Key: $CLIENT_KEY" \ 43 43 -H "Authorization: Bearer $TOKEN" \ 44 44 -H "Content-Type: application/json" \ 45 45 -d '{ "status": "hello" }' 46 46 47 47 # Update 48 - curl -X POST http://localhost:3000/xrpc/xyz.statusphere.setRecord \ 48 + curl -X POST http://127.0.0.1:3000/xrpc/xyz.statusphere.setRecord \ 49 49 -H "X-Client-Key: $CLIENT_KEY" \ 50 50 -H "Authorization: Bearer $TOKEN" \ 51 51 -H "Content-Type: application/json" \ 52 52 -d '{ "uri": "at://did:plc:abc/xyz.statusphere.record/abc123", "status": "updated" }' 53 53 54 54 # Delete 55 - curl -X POST http://localhost:3000/xrpc/xyz.statusphere.setRecord \ 55 + curl -X POST http://127.0.0.1:3000/xrpc/xyz.statusphere.setRecord \ 56 56 -H "X-Client-Key: $CLIENT_KEY" \ 57 57 -H "Authorization: Bearer $TOKEN" \ 58 58 -H "Content-Type: application/json" \
+2 -2
packages/docs/docs/guides/scripting/upsert-record.md
··· 41 41 42 42 ```sh 43 43 # Create: no rkey, so a new TID is generated 44 - curl -X POST http://localhost:3000/xrpc/xyz.statusphere.setStatus \ 44 + curl -X POST http://127.0.0.1:3000/xrpc/xyz.statusphere.setStatus \ 45 45 -H "X-Client-Key: $CLIENT_KEY" \ 46 46 -H "Authorization: Bearer $TOKEN" \ 47 47 -H "Content-Type: application/json" \ ··· 49 49 # → { "uri": "at://did:plc:abc/xyz.statusphere.status/3abc123", "cid": "bafyrei..." } 50 50 51 51 # Update: pass the rkey back to update the same record 52 - curl -X POST http://localhost:3000/xrpc/xyz.statusphere.setStatus \ 52 + curl -X POST http://127.0.0.1:3000/xrpc/xyz.statusphere.setStatus \ 53 53 -H "X-Client-Key: $CLIENT_KEY" \ 54 54 -H "Authorization: Bearer $TOKEN" \ 55 55 -H "Content-Type: application/json" \
+2 -2
packages/docs/docs/reference/admin/api-clients.md
··· 24 24 Requires `api-clients:view`. Returns clients ordered by `created_at` descending. Secrets are never returned. 25 25 26 26 ```sh 27 - curl http://localhost:3000/admin/api-clients -H "$AUTH" 27 + curl http://127.0.0.1:3000/admin/api-clients -H "$AUTH" 28 28 ``` 29 29 30 30 **Response**: `200 OK` ··· 60 60 Requires `api-clients:create`. Generates a `client_key` and `client_secret`. Store the secret — it won't be shown again. 61 61 62 62 ```sh 63 - curl -X POST http://localhost:3000/admin/api-clients \ 63 + curl -X POST http://127.0.0.1:3000/admin/api-clients \ 64 64 -H "$AUTH" \ 65 65 -H "Content-Type: application/json" \ 66 66 -d '{
+3 -3
packages/docs/docs/reference/admin/api-keys.md
··· 16 16 Requires `api-keys:create` permission. 17 17 18 18 ```sh 19 - curl -X POST http://localhost:3000/admin/api-keys \ 19 + curl -X POST http://127.0.0.1:3000/admin/api-keys \ 20 20 -H "$AUTH" \ 21 21 -H "Content-Type: application/json" \ 22 22 -d '{ ··· 53 53 Requires `api-keys:read` permission. 54 54 55 55 ```sh 56 - curl http://localhost:3000/admin/api-keys -H "$AUTH" 56 + curl http://127.0.0.1:3000/admin/api-keys -H "$AUTH" 57 57 ``` 58 58 59 59 **Response**: `200 OK` ··· 83 83 Requires `api-keys:delete` permission. 84 84 85 85 ```sh 86 - curl -X DELETE http://localhost:3000/admin/api-keys/550e8400-e29b-41d4-a716-446655440000 \ 86 + curl -X DELETE http://127.0.0.1:3000/admin/api-keys/550e8400-e29b-41d4-a716-446655440000 \ 87 87 -H "$AUTH" 88 88 ``` 89 89
+2 -2
packages/docs/docs/reference/admin/backfill.md
··· 14 14 ``` 15 15 16 16 ```sh 17 - curl -X POST http://localhost:3000/admin/backfill \ 17 + curl -X POST http://127.0.0.1:3000/admin/backfill \ 18 18 -H "$AUTH" \ 19 19 -H "Content-Type: application/json" \ 20 20 -d '{ "collection": "xyz.statusphere.status" }' ··· 41 41 ``` 42 42 43 43 ```sh 44 - curl http://localhost:3000/admin/backfill/status -H "$AUTH" 44 + curl http://127.0.0.1:3000/admin/backfill/status -H "$AUTH" 45 45 ``` 46 46 47 47 **Response**: `200 OK`
+4 -4
packages/docs/docs/reference/admin/domains.md
··· 14 14 ``` 15 15 16 16 ```sh 17 - curl http://localhost:3000/admin/domains -H "$AUTH" 17 + curl http://127.0.0.1:3000/admin/domains -H "$AUTH" 18 18 ``` 19 19 20 20 **Response**: `200 OK` ··· 38 38 ``` 39 39 40 40 ```sh 41 - curl -X POST http://localhost:3000/admin/domains \ 41 + curl -X POST http://127.0.0.1:3000/admin/domains \ 42 42 -H "$AUTH" \ 43 43 -H "Content-Type: application/json" \ 44 44 -d '{ "url": "https://api.cartridge.dev" }' ··· 71 71 ``` 72 72 73 73 ```sh 74 - curl -X DELETE http://localhost:3000/admin/domains/550e8400-e29b-41d4-a716-446655440001 \ 74 + curl -X DELETE http://127.0.0.1:3000/admin/domains/550e8400-e29b-41d4-a716-446655440001 \ 75 75 -H "$AUTH" 76 76 ``` 77 77 ··· 88 88 ``` 89 89 90 90 ```sh 91 - curl -X POST http://localhost:3000/admin/domains/550e8400-e29b-41d4-a716-446655440001/primary \ 91 + curl -X POST http://127.0.0.1:3000/admin/domains/550e8400-e29b-41d4-a716-446655440001/primary \ 92 92 -H "$AUTH" 93 93 ``` 94 94
+1 -1
packages/docs/docs/reference/admin/events.md
··· 14 14 ``` 15 15 16 16 ```sh 17 - curl "http://localhost:3000/admin/events?severity=error&limit=10" -H "$AUTH" 17 + curl "http://127.0.0.1:3000/admin/events?severity=error&limit=10" -H "$AUTH" 18 18 ``` 19 19 20 20 | Param | Type | Required | Description |
+4 -4
packages/docs/docs/reference/admin/labelers.md
··· 16 16 Requires `labelers:create` permission. 17 17 18 18 ```sh 19 - curl -X POST http://localhost:3000/admin/labelers \ 19 + curl -X POST http://127.0.0.1:3000/admin/labelers \ 20 20 -H "$AUTH" \ 21 21 -H "Content-Type: application/json" \ 22 22 -d '{ "did": "did:plc:ar7c4by46qjdydhdevvrndac" }' ··· 37 37 Requires `labelers:read` permission. 38 38 39 39 ```sh 40 - curl http://localhost:3000/admin/labelers -H "$AUTH" 40 + curl http://127.0.0.1:3000/admin/labelers -H "$AUTH" 41 41 ``` 42 42 43 43 **Response**: `200 OK` ··· 71 71 Requires `labelers:create` permission. 72 72 73 73 ```sh 74 - curl -X PATCH http://localhost:3000/admin/labelers/did:plc:ar7c4by46qjdydhdevvrndac \ 74 + curl -X PATCH http://127.0.0.1:3000/admin/labelers/did:plc:ar7c4by46qjdydhdevvrndac \ 75 75 -H "$AUTH" \ 76 76 -H "Content-Type: application/json" \ 77 77 -d '{ "status": "paused" }' ··· 92 92 Requires `labelers:delete` permission. Removes the subscription and all labels emitted by this labeler. 93 93 94 94 ```sh 95 - curl -X DELETE http://localhost:3000/admin/labelers/did:plc:ar7c4by46qjdydhdevvrndac \ 95 + curl -X DELETE http://127.0.0.1:3000/admin/labelers/did:plc:ar7c4by46qjdydhdevvrndac \ 96 96 -H "$AUTH" 97 97 ``` 98 98
+7 -7
packages/docs/docs/reference/admin/lexicons.md
··· 14 14 ``` 15 15 16 16 ```sh 17 - curl -X POST http://localhost:3000/admin/lexicons \ 17 + curl -X POST http://127.0.0.1:3000/admin/lexicons \ 18 18 -H "$AUTH" \ 19 19 -H "Content-Type: application/json" \ 20 20 -d '{ ··· 48 48 ``` 49 49 50 50 ```sh 51 - curl http://localhost:3000/admin/lexicons -H "$AUTH" 51 + curl http://127.0.0.1:3000/admin/lexicons -H "$AUTH" 52 52 ``` 53 53 54 54 **Response**: `200 OK` ··· 73 73 ``` 74 74 75 75 ```sh 76 - curl http://localhost:3000/admin/lexicons/xyz.statusphere.status -H "$AUTH" 76 + curl http://127.0.0.1:3000/admin/lexicons/xyz.statusphere.status -H "$AUTH" 77 77 ``` 78 78 79 79 **Response**: `200 OK` with full lexicon details including raw JSON. ··· 85 85 ``` 86 86 87 87 ```sh 88 - curl -X DELETE http://localhost:3000/admin/lexicons/xyz.statusphere.status -H "$AUTH" 88 + curl -X DELETE http://127.0.0.1:3000/admin/lexicons/xyz.statusphere.status -H "$AUTH" 89 89 ``` 90 90 91 91 **Response**: `204 No Content` ··· 101 101 ``` 102 102 103 103 ```sh 104 - curl -X POST http://localhost:3000/admin/network-lexicons \ 104 + curl -X POST http://127.0.0.1:3000/admin/network-lexicons \ 105 105 -H "$AUTH" \ 106 106 -H "Content-Type: application/json" \ 107 107 -d '{ ··· 134 134 ``` 135 135 136 136 ```sh 137 - curl http://localhost:3000/admin/network-lexicons -H "$AUTH" 137 + curl http://127.0.0.1:3000/admin/network-lexicons -H "$AUTH" 138 138 ``` 139 139 140 140 **Response**: `200 OK` ··· 158 158 ``` 159 159 160 160 ```sh 161 - curl -X DELETE http://localhost:3000/admin/network-lexicons/xyz.statusphere.status \ 161 + curl -X DELETE http://127.0.0.1:3000/admin/network-lexicons/xyz.statusphere.status \ 162 162 -H "$AUTH" 163 163 ``` 164 164
+4 -4
packages/docs/docs/reference/admin/plugins.md
··· 16 16 Requires `plugins:read`. Returns every loaded plugin with its source, required secrets, configuration status, and any pending updates from the official registry cache. 17 17 18 18 ```sh 19 - curl http://localhost:3000/admin/plugins -H "$AUTH" 19 + curl http://127.0.0.1:3000/admin/plugins -H "$AUTH" 20 20 ``` 21 21 22 22 **Response**: `200 OK` ··· 62 62 Requires `plugins:create`. Fetches and parses a manifest without installing the plugin, so the dashboard can show what it would register. 63 63 64 64 ```sh 65 - curl -X POST http://localhost:3000/admin/plugins/preview \ 65 + curl -X POST http://127.0.0.1:3000/admin/plugins/preview \ 66 66 -H "$AUTH" \ 67 67 -H "Content-Type: application/json" \ 68 68 -d '{ "url": "https://example.com/plugins/steam/manifest.json" }' ··· 97 97 Requires `plugins:create`. Fetches the manifest, downloads the WASM, registers the plugin, and persists it. 98 98 99 99 ```sh 100 - curl -X POST http://localhost:3000/admin/plugins \ 100 + curl -X POST http://127.0.0.1:3000/admin/plugins \ 101 101 -H "$AUTH" \ 102 102 -H "Content-Type: application/json" \ 103 103 -d '{ ··· 205 205 Requires `plugins:create`. Encrypts the provided secret values with `TOKEN_ENCRYPTION_KEY` (AES-256-GCM) and upserts them into `plugin_configs`. 206 206 207 207 ```sh 208 - curl -X PUT http://localhost:3000/admin/plugins/steam/secrets \ 208 + curl -X PUT http://127.0.0.1:3000/admin/plugins/steam/secrets \ 209 209 -H "$AUTH" \ 210 210 -H "Content-Type: application/json" \ 211 211 -d '{
+1 -1
packages/docs/docs/reference/admin/script-variables.md
··· 24 24 Requires `script-variables:create`. 25 25 26 26 ```sh 27 - curl -X POST http://localhost:3000/admin/script-variables \ 27 + curl -X POST http://127.0.0.1:3000/admin/script-variables \ 28 28 -H "$AUTH" \ 29 29 -H "Content-Type: application/json" \ 30 30 -d '{ "key": "ALGOLIA_API_KEY", "value": "..." }'
+2 -2
packages/docs/docs/reference/admin/settings.md
··· 14 14 ``` 15 15 16 16 ```sh 17 - curl http://localhost:3000/admin/settings -H "$AUTH" 17 + curl http://127.0.0.1:3000/admin/settings -H "$AUTH" 18 18 ``` 19 19 20 20 Returns all key/value pairs stored in the `instance_settings` table. ··· 26 26 ``` 27 27 28 28 ```sh 29 - curl -X PUT http://localhost:3000/admin/settings/app_name \ 29 + curl -X PUT http://127.0.0.1:3000/admin/settings/app_name \ 30 30 -H "$AUTH" \ 31 31 -H "Content-Type: application/json" \ 32 32 -d '{ "value": "My HappyView" }'
+1 -1
packages/docs/docs/reference/admin/stats.md
··· 12 12 ``` 13 13 14 14 ```sh 15 - curl http://localhost:3000/admin/stats -H "$AUTH" 15 + curl http://127.0.0.1:3000/admin/stats -H "$AUTH" 16 16 ``` 17 17 18 18 **Response**: `200 OK`
+6 -6
packages/docs/docs/reference/admin/users.md
··· 16 16 Requires `users:create` permission. You cannot grant permissions you don't have yourself (escalation guard). 17 17 18 18 ```sh 19 - curl -X POST http://localhost:3000/admin/users \ 19 + curl -X POST http://127.0.0.1:3000/admin/users \ 20 20 -H "$AUTH" \ 21 21 -H "Content-Type: application/json" \ 22 22 -d '{ ··· 53 53 Requires `users:read` permission. 54 54 55 55 ```sh 56 - curl http://localhost:3000/admin/users -H "$AUTH" 56 + curl http://127.0.0.1:3000/admin/users -H "$AUTH" 57 57 ``` 58 58 59 59 **Response**: `200 OK` ··· 80 80 Requires `users:read` permission. 81 81 82 82 ```sh 83 - curl http://localhost:3000/admin/users/550e8400-e29b-41d4-a716-446655440000 -H "$AUTH" 83 + curl http://127.0.0.1:3000/admin/users/550e8400-e29b-41d4-a716-446655440000 -H "$AUTH" 84 84 ``` 85 85 86 86 **Response**: `200 OK` with the same shape as a single item from the list response. ··· 94 94 Requires `users:update` permission. You cannot grant permissions you don't have yourself, and you cannot modify the super user's permissions. 95 95 96 96 ```sh 97 - curl -X PATCH http://localhost:3000/admin/users/550e8400-e29b-41d4-a716-446655440000/permissions \ 97 + curl -X PATCH http://127.0.0.1:3000/admin/users/550e8400-e29b-41d4-a716-446655440000/permissions \ 98 98 -H "$AUTH" \ 99 99 -H "Content-Type: application/json" \ 100 100 -d '{ ··· 119 119 Only the current super user can call this endpoint. Transfers super user status to another existing user. 120 120 121 121 ```sh 122 - curl -X POST http://localhost:3000/admin/users/transfer-super \ 122 + curl -X POST http://127.0.0.1:3000/admin/users/transfer-super \ 123 123 -H "$AUTH" \ 124 124 -H "Content-Type: application/json" \ 125 125 -d '{ "target_user_id": "550e8400-e29b-41d4-a716-446655440000" }' ··· 140 140 Requires `users:delete` permission. You cannot delete the super user or yourself. 141 141 142 142 ```sh 143 - curl -X DELETE http://localhost:3000/admin/users/550e8400-e29b-41d4-a716-446655440000 \ 143 + curl -X DELETE http://127.0.0.1:3000/admin/users/550e8400-e29b-41d4-a716-446655440000 \ 144 144 -H "$AUTH" 145 145 ``` 146 146
+7 -7
packages/docs/docs/reference/xrpc-api.md
··· 22 22 ``` 23 23 24 24 ```sh 25 - curl http://localhost:3000/health 25 + curl http://127.0.0.1:3000/health 26 26 ``` 27 27 28 28 **Response**: `200 OK` with body `ok` ··· 36 36 Returns the authenticated user's profile, resolved from their PDS via PLC directory lookup. 37 37 38 38 ```sh 39 - curl http://localhost:3000/xrpc/app.bsky.actor.getProfile \ 39 + curl http://127.0.0.1:3000/xrpc/app.bsky.actor.getProfile \ 40 40 -H "X-Client-Key: $CLIENT_KEY" \ 41 41 -H "Authorization: Bearer $TOKEN" 42 42 ``` ··· 62 62 Proxies a blob upload to the authenticated user's PDS. Maximum size: 50MB. 63 63 64 64 ```sh 65 - curl -X POST http://localhost:3000/xrpc/com.atproto.repo.uploadBlob \ 65 + curl -X POST http://127.0.0.1:3000/xrpc/com.atproto.repo.uploadBlob \ 66 66 -H "X-Client-Key: $CLIENT_KEY" \ 67 67 -H "Authorization: Bearer $TOKEN" \ 68 68 -H "Content-Type: image/png" \ ··· 82 82 ``` 83 83 84 84 ```sh 85 - curl "http://localhost:3000/xrpc/xyz.statusphere.listStatuses?uri=at%3A%2F%2Fdid%3Aplc%3Aabc%2Fxyz.statusphere.status%2Fabc123" \ 85 + curl "http://127.0.0.1:3000/xrpc/xyz.statusphere.listStatuses?uri=at%3A%2F%2Fdid%3Aplc%3Aabc%2Fxyz.statusphere.status%2Fabc123" \ 86 86 -H "X-Client-Key: $CLIENT_KEY" 87 87 ``` 88 88 ··· 114 114 | `did` | string | --- | Filter records by DID | 115 115 116 116 ```sh 117 - curl "http://localhost:3000/xrpc/xyz.statusphere.listStatuses?limit=10&did=did:plc:abc" \ 117 + curl "http://127.0.0.1:3000/xrpc/xyz.statusphere.listStatuses?limit=10&did=did:plc:abc" \ 118 118 -H "X-Client-Key: $CLIENT_KEY" 119 119 ``` 120 120 ··· 148 148 When the body does **not** contain a `uri` field, a new record is created. 149 149 150 150 ```sh 151 - curl -X POST http://localhost:3000/xrpc/xyz.statusphere.setStatus \ 151 + curl -X POST http://127.0.0.1:3000/xrpc/xyz.statusphere.setStatus \ 152 152 -H "X-Client-Key: $CLIENT_KEY" \ 153 153 -H "Authorization: Bearer $TOKEN" \ 154 154 -H "Content-Type: application/json" \ ··· 162 162 When the body **contains** a `uri` field, the existing record is updated. 163 163 164 164 ```sh 165 - curl -X POST http://localhost:3000/xrpc/xyz.statusphere.setStatus \ 165 + curl -X POST http://127.0.0.1:3000/xrpc/xyz.statusphere.setStatus \ 166 166 -H "X-Client-Key: $CLIENT_KEY" \ 167 167 -H "Authorization: Bearer $TOKEN" \ 168 168 -H "Content-Type: application/json" \
+5 -5
packages/docs/docs/tutorials/statusphere.md
··· 35 35 You can also add lexicons via the [admin API](../reference/admin/lexicons.md). This is useful for automation or CI/CD workflows: 36 36 37 37 ```sh 38 - curl -X POST http://localhost:3000/admin/lexicons \ 38 + curl -X POST http://127.0.0.1:3000/admin/lexicons \ 39 39 -H "Authorization: Bearer $TOKEN" \ 40 40 -H "Content-Type: application/json" \ 41 41 -d '{ ··· 84 84 This creates a `GET /xrpc/xyz.statusphere.listStatuses` endpoint. Without a Lua script, it uses HappyView's built-in default behavior: listing records with `limit`, `cursor`, and `did` parameters, or fetching a single record by `uri`. Try it: 85 85 86 86 ```sh 87 - curl "http://localhost:3000/xrpc/xyz.statusphere.listStatuses?limit=5" \ 87 + curl "http://127.0.0.1:3000/xrpc/xyz.statusphere.listStatuses?limit=5" \ 88 88 -H "X-Client-Key: $CLIENT_KEY" 89 89 ``` 90 90 ··· 140 140 The endpoint now uses your custom logic. Filter by a specific user: 141 141 142 142 ```sh 143 - curl "http://localhost:3000/xrpc/xyz.statusphere.listStatuses?did=did:plc:abc&limit=1" \ 143 + curl "http://127.0.0.1:3000/xrpc/xyz.statusphere.listStatuses?did=did:plc:abc&limit=1" \ 144 144 -H "X-Client-Key: $CLIENT_KEY" 145 145 ``` 146 146 147 147 Fetch a single record by URI: 148 148 149 149 ```sh 150 - curl "http://localhost:3000/xrpc/xyz.statusphere.listStatuses?uri=at://did:plc:abc/xyz.statusphere.status/3abc123" \ 150 + curl "http://127.0.0.1:3000/xrpc/xyz.statusphere.listStatuses?uri=at://did:plc:abc/xyz.statusphere.status/3abc123" \ 151 151 -H "X-Client-Key: $CLIENT_KEY" 152 152 ``` 153 153 ··· 181 181 Set a status. This requires DPoP authentication — the [JavaScript SDK](../sdk/overview.md) handles this for you, but you can test with curl if you have a token: 182 182 183 183 ```sh 184 - curl -X POST http://localhost:3000/xrpc/xyz.statusphere.setStatus \ 184 + curl -X POST http://127.0.0.1:3000/xrpc/xyz.statusphere.setStatus \ 185 185 -H "X-Client-Key: $CLIENT_KEY" \ 186 186 -H "Authorization: DPoP $TOKEN" \ 187 187 -H "DPoP: $DPOP_PROOF" \