@alteran/astro 0.1.0

package/src/pages/debug/record.ts

@@ -0,0 +1,33 @@
+import type { APIContext } from 'astro';
+import { getRecord as dalGetRecord, putRecord as dalPutRecord } from '@alteran/db/dal';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  const url = new URL(request.url);
+  const uri = url.searchParams.get('uri');
+  if (!uri) return new Response('missing uri', { status: 400 });
+
+  const row = await dalGetRecord(env, uri);
+  if (!row) return new Response('not found', { status: 404 });
+
+  return new Response(JSON.stringify(row), { headers: { 'Content-Type': 'application/json' } });
+}
+
+export async function POST({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  const body = (await request.json()) as { uri?: string; json?: unknown };
+  const uri = body.uri;
+  if (!uri) return new Response('missing uri', { status: 400 });
+
+  const did = env.PDS_DID ?? 'did:example:single-user';
+  const row = {
+    uri,
+    did,
+    cid: 'cid-dev',
+    json: JSON.stringify(body.json ?? { hello: 'world' }),
+  };
+  await dalPutRecord(env, row);
+  return new Response(JSON.stringify({ ok: true }), { headers: { 'Content-Type': 'application/json' } });
+}

package/src/pages/health.ts

@@ -0,0 +1,68 @@
+import type { APIContext } from 'astro';
+
+export const prerender = false;
+
+interface HealthCheck {
+  status: 'healthy' | 'unhealthy';
+  timestamp: string;
+  checks: {
+    database: { status: 'ok' | 'error'; message?: string };
+    storage: { status: 'ok' | 'error'; message?: string };
+  };
+}
+
+export async function GET({ locals }: APIContext) {
+  const { env } = locals.runtime;
+  const checks: HealthCheck['checks'] = {
+    database: { status: 'ok' },
+    storage: { status: 'ok' },
+  };
+
+  let overallStatus: 'healthy' | 'unhealthy' = 'healthy';
+
+  // Check D1 database connectivity
+  try {
+    if (env.DB) {
+      await env.DB.prepare('SELECT 1').first();
+      checks.database.status = 'ok';
+    } else {
+      checks.database.status = 'error';
+      checks.database.message = 'Database not configured';
+      overallStatus = 'unhealthy';
+    }
+  } catch (error) {
+    checks.database.status = 'error';
+    checks.database.message = error instanceof Error ? error.message : 'Database connection failed';
+    overallStatus = 'unhealthy';
+  }
+
+  // Check R2 storage connectivity
+  try {
+    if (env.BLOBS) {
+      // Simple list operation to verify connectivity
+      await env.BLOBS.list({ limit: 1 });
+      checks.storage.status = 'ok';
+    } else {
+      checks.storage.status = 'error';
+      checks.storage.message = 'Storage not configured';
+      overallStatus = 'unhealthy';
+    }
+  } catch (error) {
+    checks.storage.status = 'error';
+    checks.storage.message = error instanceof Error ? error.message : 'Storage connection failed';
+    overallStatus = 'unhealthy';
+  }
+
+  const response: HealthCheck = {
+    status: overallStatus,
+    timestamp: new Date().toISOString(),
+    checks,
+  };
+
+  const status = overallStatus === 'healthy' ? 200 : 503;
+
+  return new Response(JSON.stringify(response, null, 2), {
+    status,
+    headers: { 'Content-Type': 'application/json' },
+  });
+}

package/src/pages/index.astro

@@ -0,0 +1,57 @@
+---
+import { Icon } from 'astro-icon/components';
+---
+
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
+    <meta name="viewport" content="width=device-width" />
+    <meta name="generator" content={Astro.generator} />
+    <title>Alteran PDS</title>
+    <style>
+      body {
+        font-family: sans-serif;
+        display: flex;
+        justify-content: center;
+        align-items: center;
+        height: 100vh;
+        background-color: #f0f2f5;
+      }
+      .card {
+        background-color: white;
+        padding: 2rem;
+        border-radius: 0.5rem;
+        box-shadow: 0 0 1rem rgba(0, 0, 0, 0.1);
+        text-align: center;
+      }
+      h1 {
+        margin-top: 0;
+      }
+      .did, .handle {
+        font-family: monospace;
+        background-color: #eee;
+        padding: 0.25rem 0.5rem;
+        border-radius: 0.25rem;
+      }
+    </style>
+  </head>
+  <body>
+    <div class="card">
+      <h1>Alteran</h1>
+      <p>This is a single-user ATProto Personal Data Server running on Cloudflare.</p>
+      <p>
+        <strong>Handle:</strong> <span class="handle">{import.meta.env.PDS_HANDLE}</span>
+      </p>
+      <p>
+        <strong>DID:</strong> <span class="did">{import.meta.env.PDS_DID}</span>
+      </p>
+      <p>
+        <a href="https://github.com/alteran-dev/alteran" target="_blank" rel="noopener noreferrer">
+          <Icon name="simple-icons:github" />
+          Source Code
+        </a>
+      </p>
+    </div>
+  </body>
+</html>

package/src/pages/index.ts

@@ -0,0 +1,2 @@
+export { GET } from '../handlers/root';
+

package/src/pages/ready.ts

@@ -0,0 +1,16 @@
+import type { APIContext } from 'astro';
+
+export const prerender = false;
+
+export async function GET({ locals }: APIContext) {
+  const { env } = locals.runtime;
+
+  try {
+    if (env.DB) {
+      await env.DB.prepare('select 1').first();
+    }
+    return new Response('ok');
+  } catch (e) {
+    return new Response('db not ready', { status: 503 });
+  }
+}

package/src/pages/xrpc/com.atproto.identity.resolveHandle.ts

@@ -0,0 +1,38 @@
+import type { APIContext } from 'astro';
+
+export const prerender = false;
+
+/**
+ * com.atproto.identity.resolveHandle
+ * Resolve a handle to a DID
+ */
+export async function GET({ locals, url }: APIContext) {
+  const { env } = locals.runtime;
+
+  const handle = url.searchParams.get('handle');
+  const configuredHandle = env.PDS_HANDLE || 'user.example.com';
+  const did = env.PDS_DID || 'did:example:single-user';
+
+  if (!handle) {
+    return new Response(
+      JSON.stringify({ error: 'InvalidRequest', message: 'handle parameter required' }),
+      { status: 400, headers: { 'Content-Type': 'application/json' } }
+    );
+  }
+
+  // Single-user PDS: only resolve if handle matches configured handle
+  if (handle === configuredHandle) {
+    return new Response(
+      JSON.stringify({ did }),
+      {
+        status: 200,
+        headers: { 'Content-Type': 'application/json' },
+      }
+    );
+  }
+
+  return new Response(
+    JSON.stringify({ error: 'HandleNotFound' }),
+    { status: 404, headers: { 'Content-Type': 'application/json' } }
+  );
+}

package/src/pages/xrpc/com.atproto.identity.updateHandle.ts

@@ -0,0 +1,45 @@
+import type { APIContext } from 'astro';
+import { readJson } from '@alteran/lib/util';
+
+export const prerender = false;
+
+/**
+ * com.atproto.identity.updateHandle
+ * Update the handle for the repository
+ */
+export async function POST({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+
+  try {
+    const body = await readJson(request);
+    const { handle } = body;
+
+    if (!handle) {
+      return new Response(
+        JSON.stringify({ error: 'InvalidRequest', message: 'handle required' }),
+        { status: 400, headers: { 'Content-Type': 'application/json' } }
+      );
+    }
+
+    // TODO: Implement handle verification (DNS TXT or HTTP)
+    // TODO: Update PDS_HANDLE configuration
+    // For single-user PDS, this would require redeployment with new config
+
+    return new Response(
+      JSON.stringify({
+        error: 'NotImplemented',
+        message: 'Handle updates require PDS reconfiguration for single-user mode',
+      }),
+      {
+        status: 501,
+        headers: { 'Content-Type': 'application/json' },
+      }
+    );
+  } catch (error) {
+    console.error('updateHandle error:', error);
+    return new Response(
+      JSON.stringify({ error: 'InternalServerError', message: String(error) }),
+      { status: 500, headers: { 'Content-Type': 'application/json' } }
+    );
+  }
+}

package/src/pages/xrpc/com.atproto.repo.applyWrites.ts

@@ -0,0 +1,73 @@
+import type { APIContext } from 'astro';
+import { RepoManager } from '@alteran/services/repo-manager';
+import { readJson } from '@alteran/lib/util';
+import { bumpRoot } from '@alteran/db/repo';
+
+export const prerender = false;
+
+/**
+ * com.atproto.repo.applyWrites
+ * Apply a batch of repository writes atomically
+ */
+export async function POST({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+
+  try {
+    const body = await readJson(request);
+    const { repo, writes, validate = true, swapCommit } = body;
+
+    if (!writes || !Array.isArray(writes)) {
+      return new Response(
+        JSON.stringify({ error: 'InvalidRequest', message: 'writes must be an array' }),
+        { status: 400, headers: { 'Content-Type': 'application/json' } }
+      );
+    }
+
+    const repoManager = new RepoManager(env);
+    const results = [];
+
+    // Apply all writes atomically
+    for (const write of writes) {
+      const { $type, collection, rkey, value } = write;
+
+      if ($type === 'com.atproto.repo.applyWrites#create') {
+        const { mst, recordCid } = await repoManager.addRecord(collection, rkey, value);
+        results.push({
+          uri: `at://${repo}/${collection}/${rkey}`,
+          cid: recordCid.toString(),
+        });
+      } else if ($type === 'com.atproto.repo.applyWrites#update') {
+        const { mst, recordCid } = await repoManager.updateRecord(collection, rkey, value);
+        results.push({
+          uri: `at://${repo}/${collection}/${rkey}`,
+          cid: recordCid.toString(),
+        });
+      } else if ($type === 'com.atproto.repo.applyWrites#delete') {
+        await repoManager.deleteRecord(collection, rkey);
+        results.push({
+          uri: `at://${repo}/${collection}/${rkey}`,
+        });
+      }
+    }
+
+    // Bump repo root to create new commit
+    const { commitCid, rev } = await bumpRoot(env);
+
+    return new Response(
+      JSON.stringify({
+        commit: { cid: commitCid, rev },
+        results,
+      }),
+      {
+        status: 200,
+        headers: { 'Content-Type': 'application/json' },
+      }
+    );
+  } catch (error) {
+    console.error('applyWrites error:', error);
+    return new Response(
+      JSON.stringify({ error: 'InternalServerError', message: String(error) }),
+      { status: 500, headers: { 'Content-Type': 'application/json' } }
+    );
+  }
+}

package/src/pages/xrpc/com.atproto.repo.createRecord.ts

@@ -0,0 +1,36 @@
+import type { APIContext } from 'astro';
+import { isAuthorized, unauthorized } from '@alteran/lib/auth';
+import { checkRate } from '@alteran/lib/ratelimit';
+import { readJsonBounded } from '@alteran/lib/util';
+import { RepoManager } from '@alteran/services/repo-manager';
+import { notifySequencer } from '@alteran/lib/sequencer';
+
+export const prerender = false;
+
+export async function POST({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  const rateLimitResponse = await checkRate(env, request, 'writes');
+  if (rateLimitResponse) return rateLimitResponse;
+
+  let body: any;
+  try {
+    body = await readJsonBounded(env, request);
+  } catch (e: any) {
+    if (e?.code === 'PayloadTooLarge') {
+      return new Response(JSON.stringify({ error: 'PayloadTooLarge' }), { status: 413 });
+    }
+    return new Response(JSON.stringify({ error: 'BadRequest' }), { status: 400 });
+  }
+  const { collection, rkey, record } = body ?? {};
+  if (!collection || !record) return new Response(JSON.stringify({ error: 'BadRequest' }), { status: 400 });
+
+  const repo = new RepoManager(env);
+  const commit = await repo.createRecord(collection, record, rkey);
+  await notifySequencer(env, { type: 'commit', did: env.PDS_DID ?? 'did:example:single-user', commitCid: commit.commitCid, rev: commit.rev, ops: commit.ops });
+
+  return new Response(JSON.stringify(commit), {
+    headers: { 'Content-Type': 'application/json' },
+  });
+}

package/src/pages/xrpc/com.atproto.repo.deleteRecord.ts

@@ -0,0 +1,36 @@
+import type { APIContext } from 'astro';
+import { isAuthorized, unauthorized } from '@alteran/lib/auth';
+import { checkRate } from '@alteran/lib/ratelimit';
+import { readJsonBounded } from '@alteran/lib/util';
+import { RepoManager } from '@alteran/services/repo-manager';
+import { notifySequencer } from '@alteran/lib/sequencer';
+
+export const prerender = false;
+
+export async function POST({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  const rateLimitResponse = await checkRate(env, request, 'writes');
+  if (rateLimitResponse) return rateLimitResponse;
+
+  let body: any;
+  try {
+    body = await readJsonBounded(env, request);
+  } catch (e: any) {
+    if (e?.code === 'PayloadTooLarge') {
+      return new Response(JSON.stringify({ error: 'PayloadTooLarge' }), { status: 413 });
+    }
+    return new Response(JSON.stringify({ error: 'BadRequest' }), { status: 400 });
+  }
+  const { collection, rkey } = body ?? {};
+  if (!collection || !rkey) return new Response(JSON.stringify({ error: 'BadRequest' }), { status: 400 });
+
+  const repo = new RepoManager(env);
+  const commit = await repo.deleteRecord(collection, rkey);
+  await notifySequencer(env, { type: 'commit', did: env.PDS_DID ?? 'did:example:single-user', commitCid: commit.commitCid, rev: commit.rev, ops: commit.ops });
+
+  return new Response(JSON.stringify(commit), {
+    headers: { 'Content-Type': 'application/json' },
+  });
+}

package/src/pages/xrpc/com.atproto.repo.describeRepo.ts

@@ -0,0 +1,51 @@
+import type { APIContext } from 'astro';
+import { getRoot } from '@alteran/db/repo';
+
+export const prerender = false;
+
+/**
+ * com.atproto.repo.describeRepo
+ * Get metadata about a repository
+ */
+export async function GET({ locals, url }: APIContext) {
+  const { env } = locals.runtime;
+
+  const repo = url.searchParams.get('repo') || env.PDS_DID || 'did:example:single-user';
+  const did = env.PDS_DID || 'did:example:single-user';
+  const handle = env.PDS_HANDLE || 'user.example.com';
+
+  // Get repo root to check if repo exists
+  const root = await getRoot(env);
+
+  return new Response(
+    JSON.stringify({
+      did,
+      handle,
+      didDoc: {
+        '@context': ['https://www.w3.org/ns/did/v1'],
+        id: did,
+        alsoKnownAs: [`at://${handle}`],
+        verificationMethod: [],
+        service: [
+          {
+            id: '#atproto_pds',
+            type: 'AtprotoPersonalDataServer',
+            serviceEndpoint: `https://${handle}`,
+          },
+        ],
+      },
+      collections: [
+        'app.bsky.feed.post',
+        'app.bsky.feed.like',
+        'app.bsky.feed.repost',
+        'app.bsky.graph.follow',
+        'app.bsky.actor.profile',
+      ],
+      handleIsCorrect: true,
+    }),
+    {
+      status: 200,
+      headers: { 'Content-Type': 'application/json' },
+    }
+  );
+}

package/src/pages/xrpc/com.atproto.repo.getRecord.ts

@@ -0,0 +1,25 @@
+import type { APIContext } from 'astro';
+import { getRecord as dalGetRecord } from '@alteran/db/dal';
+
+export const prerender = false;
+
+export async function GET({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  const url = new URL(request.url);
+  let uri = url.searchParams.get('uri');
+  if (!uri) {
+    const repo = url.searchParams.get('repo') ?? (env.PDS_DID ?? 'did:example:single-user');
+    const collection = url.searchParams.get('collection');
+    const rkey = url.searchParams.get('rkey');
+    if (repo && collection && rkey) uri = `at://${repo}/${collection}/${rkey}`;
+  }
+
+  if (!uri) return new Response(JSON.stringify({ error: 'BadRequest', message: 'query param uri required' }), { status: 400 });
+
+  const row = await dalGetRecord(env, uri);
+  if (!row) return new Response(JSON.stringify({ error: 'NotFound' }), { status: 404 });
+
+  return new Response(JSON.stringify({ uri: row.uri, cid: row.cid, value: JSON.parse(row.json) }), {
+    headers: { 'Content-Type': 'application/json' },
+  });
+}

package/src/pages/xrpc/com.atproto.repo.listRecords.ts

@@ -0,0 +1,57 @@
+import type { APIContext } from 'astro';
+import { RepoManager } from '@alteran/services/repo-manager';
+
+export const prerender = false;
+
+/**
+ * com.atproto.repo.listRecords
+ * List records in a collection with pagination
+ */
+export async function GET({ locals, url }: APIContext) {
+  const { env } = locals.runtime;
+
+  const repo = url.searchParams.get('repo') || env.PDS_DID || 'did:example:single-user';
+  const collection = url.searchParams.get('collection');
+  const limit = parseInt(url.searchParams.get('limit') || '50', 10);
+  const cursor = url.searchParams.get('cursor') || undefined;
+
+  if (!collection) {
+    return new Response(
+      JSON.stringify({ error: 'InvalidRequest', message: 'collection parameter required' }),
+      { status: 400, headers: { 'Content-Type': 'application/json' } }
+    );
+  }
+
+  try {
+    const repoManager = new RepoManager(env);
+    const results = await repoManager.listRecords(collection, limit, cursor);
+
+    const records = await Promise.all(
+      results.map(async ({ key, cid }) => {
+        const record = await repoManager.getRecord(collection, key);
+        return {
+          uri: `at://${repo}/${collection}/${key}`,
+          cid: cid.toString(),
+          value: record,
+        };
+      })
+    );
+
+    return new Response(
+      JSON.stringify({
+        records,
+        cursor: records.length > 0 ? results[results.length - 1].key : undefined,
+      }),
+      {
+        status: 200,
+        headers: { 'Content-Type': 'application/json' },
+      }
+    );
+  } catch (error) {
+    console.error('listRecords error:', error);
+    return new Response(
+      JSON.stringify({ error: 'InternalServerError', message: String(error) }),
+      { status: 500, headers: { 'Content-Type': 'application/json' } }
+    );
+  }
+}

package/src/pages/xrpc/com.atproto.repo.putRecord.ts

@@ -0,0 +1,36 @@
+import type { APIContext } from 'astro';
+import { isAuthorized, unauthorized } from '@alteran/lib/auth';
+import { checkRate } from '@alteran/lib/ratelimit';
+import { readJsonBounded } from '@alteran/lib/util';
+import { RepoManager } from '@alteran/services/repo-manager';
+import { notifySequencer } from '@alteran/lib/sequencer';
+
+export const prerender = false;
+
+export async function POST({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  const rateLimitResponse = await checkRate(env, request, 'writes');
+  if (rateLimitResponse) return rateLimitResponse;
+
+  let body: any;
+  try {
+    body = await readJsonBounded(env, request);
+  } catch (e: any) {
+    if (e?.code === 'PayloadTooLarge') {
+      return new Response(JSON.stringify({ error: 'PayloadTooLarge' }), { status: 413 });
+    }
+    return new Response(JSON.stringify({ error: 'BadRequest' }), { status: 400 });
+  }
+  const { collection, rkey, record } = body ?? {};
+  if (!collection || !rkey || !record) return new Response(JSON.stringify({ error: 'BadRequest' }), { status: 400 });
+
+  const repo = new RepoManager(env);
+  const commit = await repo.putRecord(collection, rkey, record);
+  await notifySequencer(env, { type: 'commit', did: env.PDS_DID ?? 'did:example:single-user', commitCid: commit.commitCid, rev: commit.rev, ops: commit.ops });
+
+  return new Response(JSON.stringify(commit), {
+    headers: { 'Content-Type': 'application/json' },
+  });
+}

package/src/pages/xrpc/com.atproto.repo.uploadBlob.ts

@@ -0,0 +1,53 @@
+import type { APIContext } from 'astro';
+import { isAuthorized, unauthorized } from '@alteran/lib/auth';
+import { checkRate } from '@alteran/lib/ratelimit';
+import { isAllowedMime } from '@alteran/lib/util';
+import { R2BlobStore } from '@alteran/services/r2-blob-store';
+import { putBlobRef, checkBlobQuota, updateBlobQuota } from '@alteran/db/dal';
+
+export const prerender = false;
+
+export async function POST({ locals, request }: APIContext) {
+  const { env } = locals.runtime;
+  if (!(await isAuthorized(request, env))) return unauthorized();
+
+  const rateLimitResponse = await checkRate(env, request, 'blob');
+  if (rateLimitResponse) return rateLimitResponse;
+
+  const buf = await request.arrayBuffer();
+  const contentType = request.headers.get('content-type') ?? 'application/octet-stream';
+  if (!isAllowedMime(env, contentType)) return new Response(JSON.stringify({ error: 'UnsupportedMediaType' }), { status: 415 });
+
+  // Get DID from environment (single-user PDS)
+  const did = env.PDS_DID ?? 'did:example:single-user';
+
+  // Check quota before upload
+  const canUpload = await checkBlobQuota(env, did, buf.byteLength);
+  if (!canUpload) {
+    return new Response(
+      JSON.stringify({
+        error: 'BlobQuotaExceeded',
+        message: 'Blob storage quota exceeded'
+      }),
+      { status: 413 }
+    );
+  }
+
+  const store = new R2BlobStore(env);
+  try {
+    const res = await store.put(buf, { contentType });
+
+    // Register blob ref with CID-based key
+    await putBlobRef(env, did, res.sha256, res.key, contentType, res.size);
+
+    // Update quota
+    await updateBlobQuota(env, did, res.size, 1);
+
+    return new Response(JSON.stringify({ blob: { ref: { $link: res.key }, mimeType: contentType, size: res.size } }), {
+      headers: { 'Content-Type': 'application/json' },
+    });
+  } catch (e: any) {
+    if (String(e.message || '').startsWith('BlobTooLarge')) return new Response(JSON.stringify({ error: 'PayloadTooLarge' }), { status: 413 });
+    return new Response(JSON.stringify({ error: 'UploadFailed' }), { status: 500 });
+  }
+}