str4d.xyz / atproto-devtool
CLI app for developers prototyping atproto functionality
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

refactor: remove implementation-plan phase references from code

The "Phase N" tags referenced the phased implementation plan under
docs/implementation-plans/2026-04-17-labeler-report-stage/. Now that
the plan is finished, these cross-references are dead weight that
force a reader to look up a historical document to understand what
the comment means.

Rewrite each to describe the actual subject instead:

* create_report.rs: module doc, control-flow comments, and the
"Phase 6/7 now", "Phase 7/8 fallthrough", "Phase 4 Task 0
IdentityFacts", and "Phase 7 pollution-avoidance" comments are
rewritten to name the affected checks or data directly.
* create_report/self_mint.rs: "Phase 1 Task 0 direct dep" →
"carried as a direct dependency".
* pipeline.rs: the "Phase 4 / Phase 8 populates" comments on
self_mint_signer and pds_credentials describe the actual gating
condition (self-mint viability and --handle/--app-password).
* identity.rs: subject_collections doc re-explains retention as
"future pollution-avoidance refinements" instead of "Phase 7".
* tests/labeler_report.rs: "Phase 5/6/7/8" comments and the
ac4_5_non_viable_skip_matches_phase_6_reason test name now use
"no-JWT negatives / self-mint negatives / self-mint positive /
PDS service-auth" instead.

Runtime-protocol "backfill phase" / "live-tail phase" references in
subscription.rs and "probe phase" references in did_doc_server.rs /
self_mint.rs stay — they describe actual behavior, not the plan.

No logic changes — comments, doc comments, and one test rename only.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

authored by

Jack Grigg
Claude Opus 4.7 and committed by
Tangled abcfc890 c54185f3

+54 -56
+14 -17
src/commands/test/labeler/create_report.rs
··· 1 1 //! `report` stage: exercises the labeler's authenticated 2 2 //! `com.atproto.moderation.createReport` path. 3 3 //! 4 - //! Scaffolding only in Phase 1. Stage `run()` and full public surface land 5 - //! in Phase 4. The `sentinel` submodule is self-contained and is exercised 6 - //! by later phases for the pollution-avoidance sentinel reason string. 4 + //! The `sentinel` submodule builds the pollution-avoidance reason string 5 + //! that every committed report body carries. 7 6 8 7 use std::borrow::Cow; 9 8 use std::sync::Arc; ··· 676 675 // 677 676 // Control-flow contract: each branch below pushes EXACTLY 10 rows 678 677 // (1 contract row + 9 downstream) and returns. No fallthrough — the 679 - // "contract advertised" branch is the one that invokes Phases 5/6/7/8 680 - // logic (added incrementally; Phase 4 emits Skipped stubs for them). 678 + // "contract advertised" branch is the one that invokes the 679 + // authenticated negative checks and the committing positive checks. 681 680 if !contract_advertised { 682 681 if opts.commit_report { 683 682 // AC1.3: commit requested, contract missing ⇒ SpecViolation + ··· 706 705 } 707 706 708 707 // Contract advertised. Emit the Pass row and fall through into the 709 - // per-check logic that Phases 5-8 replace incrementally. 708 + // per-check logic. 710 709 results.push(Check::ContractPublished.pass()); 711 710 712 711 // Minimal body for negative checks. The labeler should reject at auth ··· 789 788 None 790 789 }; 791 790 792 - // Compute `now` once for both Phase 6 and Phase 7 checks. 791 + // Compute `now` once for all JWT-based checks. 793 792 let now = SystemTime::now() 794 793 .duration_since(UNIX_EPOCH) 795 794 .map(|d| d.as_secs() as i64) 796 795 .unwrap_or(0); 797 796 798 797 // CRITICAL: this block either emits 4 Skipped rows OR emits 4 real-check 799 - // rows, then falls through to Phase 7/8 logic for SelfMintAccepted, 798 + // rows, then falls through to the committing checks for SelfMintAccepted, 800 799 // PdsServiceAuthAccepted, PdsProxiedAccepted. Do NOT `return` here — the 801 800 // stage always emits 10 rows total, and the later checks need to run 802 801 // regardless of self-mint viability. ··· 1007 1006 } 1008 1007 } 1009 1008 1010 - // Fallthrough to Phase 7/8 check logic below. In Phase 6 (before Phases 1011 - // 7 and 8 replace their stubs), the Phase 4 stubs for SelfMintAccepted / 1012 - // PdsServiceAuthAccepted / PdsProxiedAccepted still fire here. Keeping 1013 - // this block fallthrough-safe is why the `if let Some(signer)` above 1014 - // does NOT `return`. 1009 + // Fallthrough to the committing check logic below. Keeping this block 1010 + // fallthrough-safe is why the `if let Some(signer)` above does NOT 1011 + // `return`. 1015 1012 1016 1013 // AC4.4 — gate on commit_report. 1017 1014 if !opts.commit_report { 1018 1015 results.push(Check::SelfMintAccepted.skip("commit gated behind --commit-report")); 1019 1016 } else if let Some(signer) = signer_for_negative { 1020 1017 // AC4.1/AC4.2 — construct a positive POST with pollution-avoidance. 1021 - // Reads contract from the Phase 4 Task 0 extended IdentityFacts 1022 - // fields (`reason_types` / `subject_types`). 1018 + // Reads the contract from the `reason_types` / `subject_types` fields 1019 + // on `IdentityFacts`. 1023 1020 let reason_type = pollution::choose_reason_type( 1024 1021 id_facts.reason_types.as_deref().unwrap_or(&[]), 1025 1022 is_local_labeler, ··· 1663 1660 serde_json::json!({ 1664 1661 "$type": "com.atproto.repo.strongRef", 1665 1662 // Ghost AT-URI targeting the labeler's own DID. Negative-path 1666 - // only; positive paths use real pollution-avoidance logic in 1667 - // Phase 7. 1663 + // only; positive paths use the real pollution-avoidance logic 1664 + // in `self_mint_accepted`. 1668 1665 "uri": format!("at://{}/app.bsky.feed.post/not-real", facts.did.0), 1669 1666 "cid": "bafyreiaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 1670 1667 })
+3 -3
src/commands/test/labeler/create_report/self_mint.rs
··· 19 19 20 20 // Local RNG shim: `k256::ecdsa::SigningKey::random` and 21 21 // `p256::ecdsa::SigningKey::random` take `CryptoRngCore`. We build a 22 - // thin adapter around `getrandom` (Phase 1 Task 0 direct dep) since 23 - // `elliptic_curve::rand_core::OsRng` is not re-exported through the 24 - // current dep graph. 22 + // thin adapter around `getrandom` (carried as a direct dependency) 23 + // since `elliptic_curve::rand_core::OsRng` is not re-exported through 24 + // the current dep graph. 25 25 struct GetrandomRng; 26 26 impl rand_core::RngCore for GetrandomRng { 27 27 fn next_u32(&mut self) -> u32 {
+3 -3
src/commands/test/labeler/identity.rs
··· 70 70 /// (`account`, `record`, ...) this labeler accepts for reports. 71 71 pub subject_types: Option<Vec<String>>, 72 72 /// `app.bsky.labeler.service.subjectCollections` — NSIDs of record 73 - /// collections this labeler will accept reports about. Retained for 74 - /// future AC use (e.g., refined pollution-avoidance in Phase 7); not 75 - /// read by Phase 4. 73 + /// collections this labeler will accept reports about. Retained so 74 + /// future pollution-avoidance refinements can honor collection-level 75 + /// restrictions; not currently consumed by the report stage. 76 76 pub subject_collections: Option<Vec<String>>, 77 77 } 78 78
+6 -6
src/commands/test/labeler/pipeline.rs
··· 79 79 /// Override the default computed subject DID for committing checks. 80 80 pub report_subject_override: Option<&'a Did>, 81 81 /// Self-mint signer. Populated in `LabelerCmd::run` only when the 82 - /// heuristic + `--force-self-mint` say self-mint is viable. Phase 4 83 - /// leaves this as `None` when the pipeline can't reach the labeler 84 - /// locally. 82 + /// heuristic + `--force-self-mint` say self-mint is viable; otherwise 83 + /// `None` so the report stage skips the self-mint checks with a 84 + /// reason. 85 85 pub self_mint_signer: Option<&'a SelfMintSigner>, 86 - /// PDS credentials for modes 2 and 3. Populated in Phase 8. 86 + /// PDS credentials for modes 2 and 3. Populated when `--handle` and 87 + /// `--app-password` are both supplied; otherwise `None`. 87 88 pub pds_credentials: Option<&'a PdsCredentials>, 88 89 /// PDS XRPC client for modes 2 and 3. Populated by the pipeline when 89 90 /// credentials are supplied; tests inject overrides via `pds_xrpc_client_override`. ··· 114 115 } 115 116 116 117 /// Credentials for PDS-mediated modes (modes 2 and 3). Present when 117 - /// `--handle` and `--app-password` are both supplied. Phase 8 populates 118 - /// this; Phase 4 and earlier leave it as `None`. 118 + /// `--handle` and `--app-password` are both supplied; otherwise `None`. 119 119 #[derive(Debug, Clone)] 120 120 pub struct PdsCredentials { 121 121 /// The user's handle (e.g., `alice.bsky.social`).
+28 -27
tests/labeler_report.rs
··· 74 74 // Minimal DID document with the one verification method the stages 75 75 // care about. Raw bytes must match the parsed form so `NamedSource` 76 76 // diagnostics land correctly; the exact bytes aren't snapshotted in 77 - // Phase 4 tests, so a small JSON is fine. 77 + // these tests, so a small JSON is fine. 78 78 let did_string = "did:plc:aaa22222222222222222bbbbbb"; 79 79 let doc_json = serde_json::json!({ 80 80 "id": did_string, ··· 555 555 // Six POSTs expected: unauthenticated, malformed, wrong_aud, 556 556 // wrong_lxm, expired, rejected_shape. Enqueue each: 557 557 for _ in 0..2 { 558 - tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); // phase 5 checks 558 + tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); // no-JWT negative checks 559 559 } 560 560 tee.enqueue(common::FakeCreateReportResponse::unauthorized( 561 561 "BadJwtAudience", ··· 592 592 let facts = local_identity_facts(); 593 593 let signer = SelfMintSigner::spawn(SelfMintCurve::Es256k).await.unwrap(); 594 594 let tee = FakeCreateReportTee::new(); 595 - // Two Phase 5 checks, then wrong_aud with 200 OK. 595 + // Two no-JWT negative checks, then wrong_aud with 200 OK. 596 596 for _ in 0..2 { 597 597 tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); 598 598 } ··· 744 744 ); 745 745 facts.labeler_endpoint = url::Url::parse("https://labeler.example.com").unwrap(); 746 746 let tee = FakeCreateReportTee::new(); 747 - // Only two Phase 5 POSTs expected (unauth + malformed). 747 + // Only two no-JWT negative POSTs expected (unauth + malformed). 748 748 for _ in 0..2 { 749 749 tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); 750 750 } ··· 813 813 let facts = local_identity_facts(); 814 814 let signer = SelfMintSigner::spawn(SelfMintCurve::Es256k).await.unwrap(); 815 815 let tee = FakeCreateReportTee::new(); 816 - // Enqueue responses for Phase 5 (2), Phase 6 (4), then AC4 positive. 816 + // Enqueue responses for the no-JWT negatives (2), the self-mint 817 + // negatives (4), then the AC4 positive. 817 818 for _ in 0..2 { 818 819 tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); 819 820 } ··· 856 857 facts.labeler_endpoint = url::Url::parse("https://labeler.example.com").unwrap(); 857 858 let signer = SelfMintSigner::spawn(SelfMintCurve::Es256k).await.unwrap(); 858 859 let tee = FakeCreateReportTee::new(); 859 - // Phase 5: 2 POSTs (unauth, malformed). 860 + // No-JWT negatives: 2 POSTs (unauth, malformed). 860 861 for _ in 0..2 { 861 862 tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); 862 863 } 863 - // Phase 6: 4 POSTs (wrong_aud, wrong_lxm, expired, rejected_shape). 864 + // Self-mint negatives: 4 POSTs (wrong_aud, wrong_lxm, expired, rejected_shape). 864 865 for _ in 0..4 { 865 866 tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); 866 867 } ··· 869 870 let mut opts = default_opts(); 870 871 opts.self_mint_signer = Some(&signer); 871 872 opts.commit_report = true; 872 - opts.force_self_mint = true; // Force self-mint to enable Phase 6 checks. 873 + opts.force_self_mint = true; // Force self-mint to enable the self-mint negatives for non-local. 873 874 874 875 let results = run_report_stage(&facts, &tee, opts).await; 875 876 assert_eq!(results[7].status, CheckStatus::Pass); ··· 890 891 let facts = local_identity_facts(); 891 892 let signer = SelfMintSigner::spawn(SelfMintCurve::Es256k).await.unwrap(); 892 893 let tee = FakeCreateReportTee::new(); 893 - // 2 Phase 5 + 4 Phase 6 + 1 AC4. 894 + // 2 no-JWT negatives + 4 self-mint negatives + 1 AC4. 894 895 for _ in 0..2 { 895 896 tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); 896 897 } ··· 952 953 } 953 954 954 955 #[tokio::test] 955 - async fn ac4_5_non_viable_skip_matches_phase_6_reason() { 956 + async fn ac4_5_non_viable_skip_matches_self_mint_viability_reason() { 956 957 // When self_mint_viable=false AND commit_report=true, self_mint_accepted 957 - // is Skipped with the Phase-6 viability reason (already tested, retest 958 + // is Skipped with the self-mint viability reason (already tested, retest 958 959 // that the row is Skipped here for completeness). 959 960 let mut facts = make_identity_facts( 960 961 Some(vec!["com.atproto.moderation.defs#reasonSpam".to_string()]), ··· 977 978 let facts = local_identity_facts(); 978 979 let signer = SelfMintSigner::spawn(SelfMintCurve::Es256k).await.unwrap(); 979 980 let tee = FakeCreateReportTee::new(); 980 - // Enqueue responses for Phase 5 (2), Phase 6 (4), then AC4 positive with missing ID. 981 + // Enqueue responses for the no-JWT negatives (2), self-mint negatives (4), then the AC4 positive with missing ID. 981 982 for _ in 0..2 { 982 983 tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); 983 984 } ··· 1016 1017 let pds_client = common::FakePdsXrpcClient::new(); 1017 1018 1018 1019 // Queue responses for labeler tee: 1019 - // Phase 5 (2): unauth_rejected, malformed_bearer_rejected. 1020 + // No-JWT negatives (2): unauth_rejected, malformed_bearer_rejected. 1020 1021 tee.enqueue(common::FakeCreateReportResponse::unauthorized( 1021 1022 "AuthenticationRequired", 1022 1023 "jwt required", ··· 1025 1026 "BadJwt", 1026 1027 "invalid bearer", 1027 1028 )); 1028 - // Phase 6 (4): wrong_aud_rejected, wrong_lxm_rejected, expired_rejected, rejected_shape_returns_400. 1029 + // Self-mint negatives (4): wrong_aud_rejected, wrong_lxm_rejected, expired_rejected, rejected_shape_returns_400. 1029 1030 tee.enqueue(common::FakeCreateReportResponse::unauthorized( 1030 1031 "BadJwtAudience", 1031 1032 "aud mismatch", ··· 1042 1043 "InvalidRequest", 1043 1044 "unadvertised reasonType", 1044 1045 )); 1045 - // Phase 7 (1): self_mint_accepted. 1046 + // Self-mint positive (1): self_mint_accepted. 1046 1047 tee.enqueue(common::FakeCreateReportResponse::ok_empty()); 1047 - // Phase 8 (1): pds_service_auth_accepted (service-auth mode POST). 1048 + // PDS service-auth (1): pds_service_auth_accepted (service-auth mode POST). 1048 1049 tee.enqueue(common::FakeCreateReportResponse::ok_empty()); 1049 1050 1050 1051 // Queue PDS responses: ··· 1104 1105 let tee = FakeCreateReportTee::new(); 1105 1106 let pds_client = common::FakePdsXrpcClient::new(); 1106 1107 1107 - // Queue responses for Phase 5-7: 7 unauthorized. 1108 + // Queue responses for the 7 labeler-only checks (2 no-JWT + 4 self-mint negatives + 1 self-mint positive): 7 unauthorized. 1108 1109 for _ in 0..7 { 1109 1110 tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); 1110 1111 } ··· 1168 1169 let tee = FakeCreateReportTee::new(); 1169 1170 let pds_client = common::FakePdsXrpcClient::new(); 1170 1171 1171 - // Queue responses for Phase 5-7. 1172 + // Queue responses for the 7 labeler-only checks (2 no-JWT + 4 self-mint negatives + 1 self-mint positive). 1172 1173 for _ in 0..7 { 1173 1174 tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); 1174 1175 } ··· 1201 1202 let facts = local_identity_facts(); 1202 1203 let tee = FakeCreateReportTee::new(); 1203 1204 1204 - // Queue responses for Phase 5-7. 1205 + // Queue responses for the 7 labeler-only checks (2 no-JWT + 4 self-mint negatives + 1 self-mint positive). 1205 1206 for _ in 0..7 { 1206 1207 tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); 1207 1208 } ··· 1230 1231 let tee = FakeCreateReportTee::new(); 1231 1232 let pds_client = common::FakePdsXrpcClient::new(); 1232 1233 1233 - // Queue responses for Phase 5-7. 1234 + // Queue responses for the 7 labeler-only checks (2 no-JWT + 4 self-mint negatives + 1 self-mint positive). 1234 1235 for _ in 0..7 { 1235 1236 tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); 1236 1237 } ··· 1286 1287 let tee = FakeCreateReportTee::new(); 1287 1288 let pds_client = common::FakePdsXrpcClient::new(); 1288 1289 1289 - // Queue responses for Phase 5-7. 1290 + // Queue responses for the 7 labeler-only checks (2 no-JWT + 4 self-mint negatives + 1 self-mint positive). 1290 1291 for _ in 0..7 { 1291 1292 tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); 1292 1293 } ··· 1347 1348 let tee = FakeCreateReportTee::new(); 1348 1349 let pds_client = common::FakePdsXrpcClient::new(); 1349 1350 1350 - // Queue responses for Phase 5-7. 1351 + // Queue responses for the 7 labeler-only checks (2 no-JWT + 4 self-mint negatives + 1 self-mint positive). 1351 1352 for _ in 0..7 { 1352 1353 tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); 1353 1354 } ··· 1403 1404 let facts = local_identity_facts(); 1404 1405 let tee = FakeCreateReportTee::new(); 1405 1406 1406 - // Queue responses for Phase 5-7. 1407 + // Queue responses for the 7 labeler-only checks (2 no-JWT + 4 self-mint negatives + 1 self-mint positive). 1407 1408 for _ in 0..7 { 1408 1409 tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); 1409 1410 } ··· 1433 1434 let signer = SelfMintSigner::spawn(SelfMintCurve::Es256k).await.unwrap(); 1434 1435 let tee = FakeCreateReportTee::new(); 1435 1436 1436 - // Enqueue responses for 2 Phase 5 checks. 1437 + // Enqueue responses for the 2 no-JWT negative checks. 1437 1438 for _ in 0..2 { 1438 1439 tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); 1439 1440 } 1440 - // Enqueue responses for 4 Phase 6 checks. 1441 + // Enqueue responses for the 4 self-mint negative checks. 1441 1442 for _ in 0..4 { 1442 1443 tee.enqueue(common::FakeCreateReportResponse::unauthorized("x", "y")); 1443 1444 } ··· 1535 1536 let signer = SelfMintSigner::spawn(SelfMintCurve::Es256k).await.unwrap(); 1536 1537 let tee = FakeCreateReportTee::new(); 1537 1538 1538 - // Queue responses for Phase 5 (2), Phase 6 (4), Phase 7 (1). 1539 + // Queue responses for the no-JWT negatives (2), self-mint negatives (4), self-mint positive (1). 1539 1540 tee.enqueue(common::FakeCreateReportResponse::unauthorized( 1540 1541 "AuthenticationRequired", 1541 1542 "jwt required", ··· 1583 1584 let tee = FakeCreateReportTee::new(); 1584 1585 let pds_client = common::FakePdsXrpcClient::new(); 1585 1586 1586 - // Queue labeler responses: Phase 5 (2), Phase 6 (4), Phase 7 (1), Phase 8 (1). 1587 + // Queue labeler responses: no-JWT negatives (2), self-mint negatives (4), self-mint positive (1), PDS service-auth (1). 1587 1588 tee.enqueue(common::FakeCreateReportResponse::unauthorized( 1588 1589 "AuthenticationRequired", 1589 1590 "jwt required",