+202

LICENSE

reviewed

··· 1 1 + 2 2 + Apache License 3 3 + Version 2.0, January 2004 4 4 + http://www.apache.org/licenses/ 5 5 + 6 6 + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 7 + 8 8 + 1. Definitions. 9 9 + 10 10 + "License" shall mean the terms and conditions for use, reproduction, 11 11 + and distribution as defined by Sections 1 through 9 of this document. 12 12 + 13 13 + "Licensor" shall mean the copyright owner or entity authorized by 14 14 + the copyright owner that is granting the License. 15 15 + 16 16 + "Legal Entity" shall mean the union of the acting entity and all 17 17 + other entities that control, are controlled by, or are under common 18 18 + control with that entity. For the purposes of this definition, 19 19 + "control" means (i) the power, direct or indirect, to cause the 20 20 + direction or management of such entity, whether by contract or 21 21 + otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 22 + outstanding shares, or (iii) beneficial ownership of such entity. 23 23 + 24 24 + "You" (or "Your") shall mean an individual or Legal Entity 25 25 + exercising permissions granted by this License. 26 26 + 27 27 + "Source" form shall mean the preferred form for making modifications, 28 28 + including but not limited to software source code, documentation 29 29 + source, and configuration files. 30 30 + 31 31 + "Object" form shall mean any form resulting from mechanical 32 32 + transformation or translation of a Source form, including but 33 33 + not limited to compiled object code, generated documentation, 34 34 + and conversions to other media types. 35 35 + 36 36 + "Work" shall mean the work of authorship, whether in Source or 37 37 + Object form, made available under the License, as indicated by a 38 38 + copyright notice that is included in or attached to the work 39 39 + (an example is provided in the Appendix below). 40 40 + 41 41 + "Derivative Works" shall mean any work, whether in Source or Object 42 42 + form, that is based on (or derived from) the Work and for which the 43 43 + editorial revisions, annotations, elaborations, or other modifications 44 44 + represent, as a whole, an original work of authorship. For the purposes 45 45 + of this License, Derivative Works shall not include works that remain 46 46 + separable from, or merely link (or bind by name) to the interfaces of, 47 47 + the Work and Derivative Works thereof. 48 48 + 49 49 + "Contribution" shall mean any work of authorship, including 50 50 + the original version of the Work and any modifications or additions 51 51 + to that Work or Derivative Works thereof, that is intentionally 52 52 + submitted to Licensor for inclusion in the Work by the copyright owner 53 53 + or by an individual or Legal Entity authorized to submit on behalf of 54 54 + the copyright owner. For the purposes of this definition, "submitted" 55 55 + means any form of electronic, verbal, or written communication sent 56 56 + to the Licensor or its representatives, including but not limited to 57 57 + communication on electronic mailing lists, source code control systems, 58 58 + and issue tracking systems that are managed by, or on behalf of, the 59 59 + Licensor for the purpose of discussing and improving the Work, but 60 60 + excluding communication that is conspicuously marked or otherwise 61 61 + designated in writing by the copyright owner as "Not a Contribution." 62 62 + 63 63 + "Contributor" shall mean Licensor and any individual or Legal Entity 64 64 + on behalf of whom a Contribution has been received by Licensor and 65 65 + subsequently incorporated within the Work. 66 66 + 67 67 + 2. Grant of Copyright License. Subject to the terms and conditions of 68 68 + this License, each Contributor hereby grants to You a perpetual, 69 69 + worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 70 + copyright license to reproduce, prepare Derivative Works of, 71 71 + publicly display, publicly perform, sublicense, and distribute the 72 72 + Work and such Derivative Works in Source or Object form. 73 73 + 74 74 + 3. Grant of Patent License. Subject to the terms and conditions of 75 75 + this License, each Contributor hereby grants to You a perpetual, 76 76 + worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 77 + (except as stated in this section) patent license to make, have made, 78 78 + use, offer to sell, sell, import, and otherwise transfer the Work, 79 79 + where such license applies only to those patent claims licensable 80 80 + by such Contributor that are necessarily infringed by their 81 81 + Contribution(s) alone or by combination of their Contribution(s) 82 82 + with the Work to which such Contribution(s) was submitted. If You 83 83 + institute patent litigation against any entity (including a 84 84 + cross-claim or counterclaim in a lawsuit) alleging that the Work 85 85 + or a Contribution incorporated within the Work constitutes direct 86 86 + or contributory patent infringement, then any patent licenses 87 87 + granted to You under this License for that Work shall terminate 88 88 + as of the date such litigation is filed. 89 89 + 90 90 + 4. Redistribution. You may reproduce and distribute copies of the 91 91 + Work or Derivative Works thereof in any medium, with or without 92 92 + modifications, and in Source or Object form, provided that You 93 93 + meet the following conditions: 94 94 + 95 95 + (a) You must give any other recipients of the Work or 96 96 + Derivative Works a copy of this License; and 97 97 + 98 98 + (b) You must cause any modified files to carry prominent notices 99 99 + stating that You changed the files; and 100 100 + 101 101 + (c) You must retain, in the Source form of any Derivative Works 102 102 + that You distribute, all copyright, patent, trademark, and 103 103 + attribution notices from the Source form of the Work, 104 104 + excluding those notices that do not pertain to any part of 105 105 + the Derivative Works; and 106 106 + 107 107 + (d) If the Work includes a "NOTICE" text file as part of its 108 108 + distribution, then any Derivative Works that You distribute must 109 109 + include a readable copy of the attribution notices contained 110 110 + within such NOTICE file, excluding those notices that do not 111 111 + pertain to any part of the Derivative Works, in at least one 112 112 + of the following places: within a NOTICE text file distributed 113 113 + as part of the Derivative Works; within the Source form or 114 114 + documentation, if provided along with the Derivative Works; or, 115 115 + within a display generated by the Derivative Works, if and 116 116 + wherever such third-party notices normally appear. The contents 117 117 + of the NOTICE file are for informational purposes only and 118 118 + do not modify the License. You may add Your own attribution 119 119 + notices within Derivative Works that You distribute, alongside 120 120 + or as an addendum to the NOTICE text from the Work, provided 121 121 + that such additional attribution notices cannot be construed 122 122 + as modifying the License. 123 123 + 124 124 + You may add Your own copyright statement to Your modifications and 125 125 + may provide additional or different license terms and conditions 126 126 + for use, reproduction, or distribution of Your modifications, or 127 127 + for any such Derivative Works as a whole, provided Your use, 128 128 + reproduction, and distribution of the Work otherwise complies with 129 129 + the conditions stated in this License. 130 130 + 131 131 + 5. Submission of Contributions. Unless You explicitly state otherwise, 132 132 + any Contribution intentionally submitted for inclusion in the Work 133 133 + by You to the Licensor shall be under the terms and conditions of 134 134 + this License, without any additional terms or conditions. 135 135 + Notwithstanding the above, nothing herein shall supersede or modify 136 136 + the terms of any separate license agreement you may have executed 137 137 + with Licensor regarding such Contributions. 138 138 + 139 139 + 6. Trademarks. This License does not grant permission to use the trade 140 140 + names, trademarks, service marks, or product names of the Licensor, 141 141 + except as required for reasonable and customary use in describing the 142 142 + origin of the Work and reproducing the content of the NOTICE file. 143 143 + 144 144 + 7. Disclaimer of Warranty. Unless required by applicable law or 145 145 + agreed to in writing, Licensor provides the Work (and each 146 146 + Contributor provides its Contributions) on an "AS IS" BASIS, 147 147 + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 148 + implied, including, without limitation, any warranties or conditions 149 149 + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 150 + PARTICULAR PURPOSE. You are solely responsible for determining the 151 151 + appropriateness of using or redistributing the Work and assume any 152 152 + risks associated with Your exercise of permissions under this License. 153 153 + 154 154 + 8. Limitation of Liability. In no event and under no legal theory, 155 155 + whether in tort (including negligence), contract, or otherwise, 156 156 + unless required by applicable law (such as deliberate and grossly 157 157 + negligent acts) or agreed to in writing, shall any Contributor be 158 158 + liable to You for damages, including any direct, indirect, special, 159 159 + incidental, or consequential damages of any character arising as a 160 160 + result of this License or out of the use or inability to use the 161 161 + Work (including but not limited to damages for loss of goodwill, 162 162 + work stoppage, computer failure or malfunction, or any and all 163 163 + other commercial damages or losses), even if such Contributor 164 164 + has been advised of the possibility of such damages. 165 165 + 166 166 + 9. Accepting Warranty or Additional Liability. While redistributing 167 167 + the Work or Derivative Works thereof, You may choose to offer, 168 168 + and charge a fee for, acceptance of support, warranty, indemnity, 169 169 + or other liability obligations and/or rights consistent with this 170 170 + License. However, in accepting such obligations, You may act only 171 171 + on Your own behalf and on Your sole responsibility, not on behalf 172 172 + of any other Contributor, and only if You agree to indemnify, 173 173 + defend, and hold each Contributor harmless for any liability 174 174 + incurred by, or claims asserted against, such Contributor by reason 175 175 + of your accepting any such warranty or additional liability. 176 176 + 177 177 + END OF TERMS AND CONDITIONS 178 178 + 179 179 + APPENDIX: How to apply the Apache License to your work. 180 180 + 181 181 + To apply the Apache License to your work, attach the following 182 182 + boilerplate notice, with the fields enclosed by brackets "[]" 183 183 + replaced with your own identifying information. (Don't include 184 184 + the brackets!) The text should be enclosed in the appropriate 185 185 + comment syntax for the file format. We also recommend that a 186 186 + file or class name and description of purpose be included on the 187 187 + same "printed page" as the copyright notice for easier 188 188 + identification within third-party archives. 189 189 + 190 190 + Copyright [yyyy] [name of copyright owner] 191 191 + 192 192 + Licensed under the Apache License, Version 2.0 (the "License"); 193 193 + you may not use this file except in compliance with the License. 194 194 + You may obtain a copy of the License at 195 195 + 196 196 + http://www.apache.org/licenses/LICENSE-2.0 197 197 + 198 198 + Unless required by applicable law or agreed to in writing, software 199 199 + distributed under the License is distributed on an "AS IS" BASIS, 200 200 + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 201 + See the License for the specific language governing permissions and 202 202 + limitations under the License.

+90

README.md

reviewed

··· 1 1 + # didplcbft 2 2 + 3 3 + A very experimental [PLC](https://web.plc.directory/) implementation, for `did:plc` credentials, which uses [BFT consensus](https://docs.cometbft.com/v0.38/introduction/) to decentralize the hosting/maintenance of the directory. ⚠️ This is not a cryptocurrency system, nor is it intended to become one! 4 4 + 5 5 + _The release of this to the public is being rushed, because in light of [developments](https://github.com/bluesky-social/atproto/discussions/4508), I want to bring this into the open ASAP in order to showcase why sequence IDs make my life a bit more difficult, **if the intention for this implementation were to achieve 1:1 response parity with the official plc.directory** (I don't know if I want that yet). A very unorganized readme follows!_ 6 6 + 7 7 + This is definitely not ready for any type of production use, even if it already implements the entirety of the PLC HTTP API (with some caveats related to the export endpoint). 8 8 + 9 9 + The general theme behind this project is, 10 10 + 11 11 + > Man, plc.directory seems so centralized, particularly considering most other atproto components are, at least in theory, decentralizable! There's this idea of forming an [independent organization](https://docs.bsky.app/blog/plc-directory-org) to maintain it, but what if we just skipped that entirely and made the ownership and operation of the entire system even more murky, while giving those nerds that run their own PDS/relay/appview/etc. another thing to run on their servers/homelabs? All while giving such a nerd - gbl08ma - an excuse to learn more about the tech that powers all the many blockchains that use Tendermint consensus! 12 12 + 13 13 + Hopefully the tone of that communicates that this initiative isn't meant to be taken too seriously, _at least yet._ 14 14 + 15 15 + The idea for how this would work, on an initial phase, would be to continue using plc.directory as an authoritative source while mirroring the operations in the blockchain. 16 16 + Validator nodes would gradually import operations from plc.directory ("authoritative import"). Eventually they'd catch up to the present moment, at which point this import would keep going as a way to bring in all the operations not submitted to didplcbft - because I recognize that this would definitely not become the official PLC implementation any time soon, and new operations would continue to be submitted to plc.directory by the general population. 17 17 + Nodes would also submit any operations observed on the blockchain (i.e. operations submitted directly to didplcbft) to plc.directory. 18 18 + Conflict/fork resolution within each DID history would happen by deferring to whatever plc.directory says the truth is. 19 19 + 20 20 + **_Hypothetically_**, at some point in the future, and should an hypothetical network of didplcbft nodes reach a consensus on that, such network could act independently (for this, it'd just need to cease the ongoing import of operations, and cease publishing operations to plc.directory. In fact, the current code is already capable of acting like this - it's the syncing with the official centralized plc.directory that's more tricky to implement). 21 21 + 22 22 + ## What's implemented 23 23 + 24 24 + - The entirety of the PLC HTTP API, 25 25 + - Both read (GET) and write (POST) operations 26 26 + - ...but export only works with timestamps (sequence-based export and websocket-based export is not implemented) 27 27 + - Validation of operations (hopefully it's foolproof enough - needs revising, strengthening... and nullification might not be as simple as I made it out to be?) 28 28 + - Snapshot-based sync for quickly bringing replicas up to date 29 29 + 30 30 + ## What's yet to be implemented 31 31 + 32 32 + - Actually syncing with the authoritative source, plc.directory (I am in the middle of this, and I am not liking how many doubts I have about how to approach it) 33 33 + - Spam/abuse prevention (typical blockchains do this with transaction fees and some lesser known ones - e.g. Nano - use proof of work, but this is not a cryptocurrency and PoW is a bit ewww) 34 34 + - A process for nodes to become validators. Unless everyone agreed that it's best if the set of validators is centralized. I mean, it's not worse than the current state of plc.directory while still allowing people to easily have their own local synced mirror through the magic of CometBFT... 35 35 + - Testing, testing, testing, validation, validation, validation... 36 36 + - A live testnet on the internet, so this can go from something that runs just within the computers of the developers, and actually becomes distributed 37 37 + - This might be a matter of someone just figuring out the right CometBFT configs and bringing it up? 38 38 + - I am planning to take care of this after the "authoritative import" mechanism is done (its first version, anyway) 39 39 + 40 40 + ## What's not to be implemented by the original authors 41 41 + 42 42 + - Features that would allow for didplcbft to act as some form of currency or store of value. 43 43 + 44 44 + ## How it works 45 45 + 46 46 + - Ugh, I'll explain later. The gist of it is that all of the data is stored in an [AVL+ tree](https://pkg.go.dev/github.com/cosmos/iavl) which is basically the perfect match for CometBFT. The core logic of the PLC is implemented as an ABCI 2.0 application, and the HTTP API communicates with it (turning POST requests into blockchain transactions, and for GET requests it ends up just reading the tree directly, why even bother going through the ABCI `Query` logic for that, am I right?). The tree is "synced" across replicas by having CometBFT replay transactions or whatever it is that it does, what matters is that in the end the root node of the tree has the same hash on all replicas which means everything was replicated properly (CometBFT takes care of ensuring this is the case, as long as our application is deterministic and stores all relevant state in the tree). 47 47 + 48 48 + ## Some random notes and comments 49 49 + 50 50 + - Yes, this project is bound to elicit knee-jerk reactions, understandably. I was planning to make it public only once it was more complete, but I figured the public discussion could benefit from the awareness that this _exists_, even if it isn't necessarily going somewhere. And with the official implementation [introducing global sequential IDs](https://github.com/bluesky-social/atproto/discussions/4508), I figured time is of the essence before reimplementing things in a distributed fashion becomes even more difficult. 51 51 + - To be clear, the sequence ID only poses a challenge if we wanted the different blockchain nodes to present the same sequence IDs. And honestly, even if we wanted that, it's still perfectly doable, but it'd require more complexity on the "authoritative import" reconciliation mechanism (we'd potentially need to renumber operations that already exist within the didplcbft tree). And 52 52 + - Yes, this is a blockchain, but only because it was relatively easy for me to bring in CometBFT as a means of making things happen in sync across different machines (even if this is my first time using it, which is fantastic, I'm sure there are 300 pitfalls I'm not aware of). 53 53 + - If I had come across a different P2P framework of sorts with equally nice sync primitives and resistance to byzantine faults that was not a blockchain and which supported the languages I like to use, I'd have used it. 54 54 + - Because each DID history is its own mini-blockchain, I'm convinced that all nodes could actively throw away older blockchain history (CometBFT supports this) and from then on, The World could rely exclusively on snapshot sync (which is already implemented). Of course, there are trust implications with this approach (but are they really worse than trusting plc.directory as it is right now?). 55 55 + - For "a blockchain approach," the better defined operation validation is, the better (in the past, the plc.directory was not very good at this, and they had to go and retroactively mess with existing data...). But the fun thing about blockchain is that it works as long as some network of nodes agrees on what the truth is. So of course history can be re-written on a blockchain too, it just takes slightly more effort. 56 56 + - I am convinced the current storage implementation can fit the entire state of the plc.directory in under 100 GB. It isn't great but it isn't terrible either, considering it's a blockchain and all. But I don't know for sure that it can, this is merely what tests with roughly 10 million operations stored have shown (operations taken from plc.directory, so real world data). 57 57 + - There are plenty of unstructured debug prints throughout the code, and in general the code quality is meh... like I said, this all is very experimental. 58 58 + - I have some thoughts about using proof-of-storage and some kind of "leaderboard system" (not a currency) in order to elect/demote validators 59 59 + - Another option would be to tie it to some type of social metrics (did:plc is mostly used by atproto stuff after all right?) but I can't think of anything that can't be manipulated 60 60 + - CometBFT coupled with the AVL+ tree implementation I'm using has some nice properties for proofs of storage (and proofs that one doesn't have something in storage) which _could_ make it easier to prove that nodes are not omitting newer operations of a DID's history on purpose (which is really the main attack I can see a malicious PLC implementation performing, as far as the contract with its consumers is concerned). But it's very early in the life of this project, and I haven't thought sufficiently about this. 61 61 + - Spam prevention will be a difficult problem (it already is in the official plc.directory; of course it'd be even more difficult to solve in a decentralized system) 62 62 + - But see also the above notes on exclusively using snapshot sync, and on consensus... the truth is whatever the nodes agree it is, so spam could conceivably be removed even after it is inserted, etc. Just because it uses a blockchain it doesn't mean that it must store everything forever, history can be forgotten if everyone agrees on a snapshot, etc. A distributed system just means that rewriting history takes more effort compared to simply running some Postgres migrations... this would be the case even without "blockchain" in the mix. 63 63 + - This project would kind of reduce the need for something like `plcbundle` (even if it could learn something from it, when it comes to importing operations from the authoritative plc.directory) 64 64 + 65 65 + ## How to run this 66 66 + 67 67 + I would rather not reveal it right now, but if you insist... 68 68 + 69 69 + Note that this definitely doesn't currently do enough things to be a viable PLC mirror, let alone _do them well_. This is at a stage where it's really only useful to those wanting to work on it. 70 70 + 71 71 + Let me just point out that there are some scripts in this repo (mostly LLM generated because I hate shell scripting). 72 72 + 73 73 + You need to install Go, in case the go.mod and multiple *.go files didn't make it obvious. 74 74 + 75 75 + To run a single node, you want to use `startfresh.sh`. To run multiple nodes, there's `startfresh-testnet.sh` but note that you'll have to go into the config.toml of every node **except one**, and add 76 76 + 77 77 + ``` 78 78 + [plc] 79 79 + laddr = "" 80 80 + ``` 81 81 + 82 82 + to prevent the PLC API server from coming up on those nodes (since by default it'd try listening on the same port that's already used by one of the other replicas, and fail to launch). 83 83 + 84 84 + The PLC API server listens on `127.0.0.1:28080` by default and other fun facts you could learn from reading config.go. There are other ports that the server listens on, one that exposes the CometBFT RPC API, and also the P2P ports for communication between the nodes. 85 85 + 86 86 + To easily import operations you can play around with the mess that's within `importer/importer_test.go` - note that this imports operations by creating blockchain transactions directly, it doesn't use the PLC API. And despite being called "importer" this is not how I was meaning to do the "authoritative import" mechanism I mentioned earlier - this is really just for bringing in data for testing. 87 87 + 88 88 + ## Disclaimer 89 89 + 90 90 + If you happen to know who my employer is - this is not endorsed or condoned by them; this wasn't developed on company time, nor using company resources; no, I don't think this constitutes a conflict of interest; no, it doesn't make use of any trade secrets, proprietary, or confidential information, nor does it make use of any skills specific to my role (as much as it may look like it, from an uninformed point of view). If you don't know, no, I won't tell you who my employer is.