@ascorbic/pds 0.0.0

package/dist/index.js

@@ -0,0 +1,3130 @@
+import { DurableObject, env } from "cloudflare:workers";
+import { BlockMap, ReadableBlockstore, Repo, WriteOpAction, blocksToCarFile, readCarWithRoot } from "@atproto/repo";
+import { Secp256k1Keypair, randomStr } from "@atproto/crypto";
+import { CID } from "@atproto/lex-data";
+import { TID } from "@atproto/common-web";
+import { AtUri, ensureValidDid, ensureValidHandle } from "@atproto/syntax";
+import { cidForRawBytes, decode, encode } from "@atproto/lex-cbor";
+import { Hono } from "hono";
+import { cors } from "hono/cors";
+import { SignJWT, jwtVerify } from "jose";
+import { compare } from "bcryptjs";
+import { Lexicons } from "@atproto/lexicon";
+
+//#region rolldown:runtime
+var __defProp = Object.defineProperty;
+var __exportAll = (all, symbols) => {
+	let target = {};
+	for (var name in all) {
+		__defProp(target, name, {
+			get: all[name],
+			enumerable: true
+		});
+	}
+	if (symbols) {
+		__defProp(target, Symbol.toStringTag, { value: "Module" });
+	}
+	return target;
+};
+
+//#endregion
+//#region src/storage.ts
+/**
+* SQLite-backed repository storage for Cloudflare Durable Objects.
+*
+* Implements the RepoStorage interface from @atproto/repo, storing blocks
+* in a SQLite database within a Durable Object.
+*/
+var SqliteRepoStorage = class extends ReadableBlockstore {
+	constructor(sql) {
+		super();
+		this.sql = sql;
+	}
+	/**
+	* Initialize the database schema. Should be called once on DO startup.
+	*/
+	initSchema() {
+		this.sql.exec(`
+			-- Block storage (MST nodes + record blocks)
+			CREATE TABLE IF NOT EXISTS blocks (
+				cid TEXT PRIMARY KEY,
+				bytes BLOB NOT NULL,
+				rev TEXT NOT NULL
+			);
+
+			CREATE INDEX IF NOT EXISTS idx_blocks_rev ON blocks(rev);
+
+			-- Repo state (single row)
+			CREATE TABLE IF NOT EXISTS repo_state (
+				id INTEGER PRIMARY KEY CHECK (id = 1),
+				root_cid TEXT,
+				rev TEXT,
+				seq INTEGER NOT NULL DEFAULT 0
+			);
+
+			-- Initialize with empty state if not exists
+			INSERT OR IGNORE INTO repo_state (id, root_cid, rev, seq)
+			VALUES (1, NULL, NULL, 0);
+
+			-- Firehose events (sequenced commit log)
+			CREATE TABLE IF NOT EXISTS firehose_events (
+				seq INTEGER PRIMARY KEY AUTOINCREMENT,
+				event_type TEXT NOT NULL,
+				payload BLOB NOT NULL,
+				created_at TEXT NOT NULL DEFAULT (datetime('now'))
+			);
+
+			CREATE INDEX IF NOT EXISTS idx_firehose_created_at ON firehose_events(created_at);
+		`);
+	}
+	/**
+	* Get the current root CID of the repository.
+	*/
+	async getRoot() {
+		const rows = this.sql.exec("SELECT root_cid FROM repo_state WHERE id = 1").toArray();
+		if (rows.length === 0 || !rows[0]?.root_cid) return null;
+		return CID.parse(rows[0].root_cid);
+	}
+	/**
+	* Get the current revision string.
+	*/
+	async getRev() {
+		const rows = this.sql.exec("SELECT rev FROM repo_state WHERE id = 1").toArray();
+		return rows.length > 0 ? rows[0].rev ?? null : null;
+	}
+	/**
+	* Get the current sequence number for firehose events.
+	*/
+	async getSeq() {
+		const rows = this.sql.exec("SELECT seq FROM repo_state WHERE id = 1").toArray();
+		return rows.length > 0 ? rows[0].seq ?? 0 : 0;
+	}
+	/**
+	* Increment and return the next sequence number.
+	*/
+	async nextSeq() {
+		this.sql.exec("UPDATE repo_state SET seq = seq + 1 WHERE id = 1");
+		return this.getSeq();
+	}
+	/**
+	* Get the raw bytes for a block by CID.
+	*/
+	async getBytes(cid) {
+		const rows = this.sql.exec("SELECT bytes FROM blocks WHERE cid = ?", cid.toString()).toArray();
+		if (rows.length === 0 || !rows[0]?.bytes) return null;
+		return new Uint8Array(rows[0].bytes);
+	}
+	/**
+	* Check if a block exists.
+	*/
+	async has(cid) {
+		return this.sql.exec("SELECT 1 FROM blocks WHERE cid = ? LIMIT 1", cid.toString()).toArray().length > 0;
+	}
+	/**
+	* Get multiple blocks at once.
+	*/
+	async getBlocks(cids) {
+		const blocks = new BlockMap();
+		const missing = [];
+		for (const cid of cids) {
+			const bytes = await this.getBytes(cid);
+			if (bytes) blocks.set(cid, bytes);
+			else missing.push(cid);
+		}
+		return {
+			blocks,
+			missing
+		};
+	}
+	/**
+	* Store a single block.
+	*/
+	async putBlock(cid, block, rev) {
+		this.sql.exec("INSERT OR REPLACE INTO blocks (cid, bytes, rev) VALUES (?, ?, ?)", cid.toString(), block, rev);
+	}
+	/**
+	* Store multiple blocks at once.
+	*/
+	async putMany(blocks, rev) {
+		const internalMap = blocks.map;
+		if (internalMap) for (const [cidStr, bytes] of internalMap) this.sql.exec("INSERT OR REPLACE INTO blocks (cid, bytes, rev) VALUES (?, ?, ?)", cidStr, bytes, rev);
+	}
+	/**
+	* Update the repository root.
+	*/
+	async updateRoot(cid, rev) {
+		this.sql.exec("UPDATE repo_state SET root_cid = ?, rev = ? WHERE id = 1", cid.toString(), rev);
+	}
+	/**
+	* Apply a commit atomically: add new blocks, remove old blocks, update root.
+	*/
+	async applyCommit(commit) {
+		const internalMap = commit.newBlocks.map;
+		if (internalMap) for (const [cidStr, bytes] of internalMap) this.sql.exec("INSERT OR REPLACE INTO blocks (cid, bytes, rev) VALUES (?, ?, ?)", cidStr, bytes, commit.rev);
+		const removedSet = commit.removedCids.set;
+		if (removedSet) for (const cidStr of removedSet) this.sql.exec("DELETE FROM blocks WHERE cid = ?", cidStr);
+		await this.updateRoot(commit.cid, commit.rev);
+	}
+	/**
+	* Get total storage size in bytes.
+	*/
+	async sizeInBytes() {
+		const rows = this.sql.exec("SELECT SUM(LENGTH(bytes)) as total FROM blocks").toArray();
+		return rows.length > 0 ? rows[0].total ?? 0 : 0;
+	}
+	/**
+	* Clear all data (for testing).
+	*/
+	async destroy() {
+		this.sql.exec("DELETE FROM blocks");
+		this.sql.exec("UPDATE repo_state SET root_cid = NULL, rev = NULL WHERE id = 1");
+	}
+	/**
+	* Count the number of blocks stored.
+	*/
+	async countBlocks() {
+		const rows = this.sql.exec("SELECT COUNT(*) as count FROM blocks").toArray();
+		return rows.length > 0 ? rows[0].count ?? 0 : 0;
+	}
+};
+
+//#endregion
+//#region src/sequencer.ts
+/**
+* Sequencer manages the firehose event log.
+*
+* Stores commit events in SQLite and provides methods for:
+* - Sequencing new commits
+* - Backfilling events from a cursor
+* - Getting the latest sequence number
+*/
+var Sequencer = class {
+	constructor(sql) {
+		this.sql = sql;
+	}
+	/**
+	* Add a commit to the firehose sequence.
+	* Returns the complete sequenced event for broadcasting.
+	*/
+	async sequenceCommit(data) {
+		const carBytes = await blocksToCarFile(data.commit, data.newBlocks);
+		const time = (/* @__PURE__ */ new Date()).toISOString();
+		const eventPayload = {
+			repo: data.did,
+			commit: data.commit,
+			rev: data.rev,
+			since: data.since,
+			blocks: carBytes,
+			ops: data.ops.map((op) => ({
+				action: op.action,
+				path: `${op.collection}/${op.rkey}`,
+				cid: "cid" in op && op.cid ? op.cid : null
+			})),
+			rebase: false,
+			tooBig: carBytes.length > 1e6,
+			blobs: [],
+			time
+		};
+		const payload = encode(eventPayload);
+		const seq = this.sql.exec(`INSERT INTO firehose_events (event_type, payload)
+       VALUES ('commit', ?)
+       RETURNING seq`, payload).one().seq;
+		return {
+			seq,
+			type: "commit",
+			event: {
+				...eventPayload,
+				seq
+			},
+			time
+		};
+	}
+	/**
+	* Get events from a cursor position.
+	* Returns up to `limit` events after the cursor.
+	*/
+	async getEventsSince(cursor, limit = 100) {
+		return this.sql.exec(`SELECT seq, event_type, payload, created_at
+       FROM firehose_events
+       WHERE seq > ?
+       ORDER BY seq ASC
+       LIMIT ?`, cursor, limit).toArray().map((row) => {
+			const decoded = decode(new Uint8Array(row.payload));
+			return {
+				seq: row.seq,
+				type: "commit",
+				event: {
+					...decoded,
+					seq: row.seq
+				},
+				time: row.created_at
+			};
+		});
+	}
+	/**
+	* Get the latest sequence number.
+	* Returns 0 if no events have been sequenced yet.
+	*/
+	getLatestSeq() {
+		return this.sql.exec("SELECT MAX(seq) as seq FROM firehose_events").one()?.seq ?? 0;
+	}
+	/**
+	* Prune old events to keep the log from growing indefinitely.
+	* Keeps the most recent `keepCount` events.
+	*/
+	async pruneOldEvents(keepCount = 1e4) {
+		this.sql.exec(`DELETE FROM firehose_events
+       WHERE seq < (SELECT MAX(seq) - ? FROM firehose_events)`, keepCount);
+	}
+};
+
+//#endregion
+//#region src/blobs.ts
+/**
+* BlobStore manages blob storage in R2.
+* Blobs are stored with CID-based keys prefixed by the account's DID.
+*/
+var BlobStore = class {
+	constructor(r2, did) {
+		this.r2 = r2;
+		this.did = did;
+	}
+	/**
+	* Upload a blob to R2 and return a BlobRef.
+	*/
+	async putBlob(bytes, mimeType) {
+		const cid = await cidForRawBytes(bytes);
+		const key = `${this.did}/${cid.toString()}`;
+		await this.r2.put(key, bytes, { httpMetadata: { contentType: mimeType } });
+		return {
+			$type: "blob",
+			ref: { $link: cid.toString() },
+			mimeType,
+			size: bytes.length
+		};
+	}
+	/**
+	* Retrieve a blob from R2 by CID.
+	*/
+	async getBlob(cid) {
+		const key = `${this.did}/${cid.toString()}`;
+		return this.r2.get(key);
+	}
+	/**
+	* Check if a blob exists in R2.
+	*/
+	async hasBlob(cid) {
+		const key = `${this.did}/${cid.toString()}`;
+		return await this.r2.head(key) !== null;
+	}
+};
+
+//#endregion
+//#region src/account-do.ts
+/**
+* Account Durable Object - manages a single user's AT Protocol repository.
+*
+* This DO provides:
+* - SQLite-backed block storage for the repository
+* - AT Protocol Repo instance for repository operations
+* - Firehose WebSocket connections
+* - Sequence number management
+*/
+var AccountDurableObject = class extends DurableObject {
+	storage = null;
+	repo = null;
+	keypair = null;
+	sequencer = null;
+	blobStore = null;
+	storageInitialized = false;
+	repoInitialized = false;
+	constructor(ctx, env$2) {
+		super(ctx, env$2);
+		if (!env$2.SIGNING_KEY) throw new Error("Missing required environment variable: SIGNING_KEY");
+		if (!env$2.DID) throw new Error("Missing required environment variable: DID");
+		if (env$2.BLOBS) this.blobStore = new BlobStore(env$2.BLOBS, env$2.DID);
+	}
+	/**
+	* Initialize the storage adapter. Called lazily on first storage access.
+	*/
+	async ensureStorageInitialized() {
+		if (!this.storageInitialized) await this.ctx.blockConcurrencyWhile(async () => {
+			if (this.storageInitialized) return;
+			this.storage = new SqliteRepoStorage(this.ctx.storage.sql);
+			this.storage.initSchema();
+			this.sequencer = new Sequencer(this.ctx.storage.sql);
+			this.storageInitialized = true;
+		});
+	}
+	/**
+	* Initialize the Repo instance. Called lazily on first repo access.
+	*/
+	async ensureRepoInitialized() {
+		await this.ensureStorageInitialized();
+		if (!this.repoInitialized) await this.ctx.blockConcurrencyWhile(async () => {
+			if (this.repoInitialized) return;
+			this.keypair = await Secp256k1Keypair.import(this.env.SIGNING_KEY);
+			const root = await this.storage.getRoot();
+			if (root) this.repo = await Repo.load(this.storage, root);
+			else this.repo = await Repo.create(this.storage, this.env.DID, this.keypair);
+			this.repoInitialized = true;
+		});
+	}
+	/**
+	* Get the storage adapter for direct access (used by tests and internal operations).
+	*/
+	async getStorage() {
+		await this.ensureStorageInitialized();
+		return this.storage;
+	}
+	/**
+	* Get the Repo instance for repository operations.
+	*/
+	async getRepo() {
+		await this.ensureRepoInitialized();
+		return this.repo;
+	}
+	/**
+	* Get the signing keypair for repository operations.
+	*/
+	async getKeypair() {
+		await this.ensureRepoInitialized();
+		return this.keypair;
+	}
+	/**
+	* Update the Repo instance after mutations.
+	*/
+	async setRepo(repo) {
+		this.repo = repo;
+	}
+	/**
+	* RPC method: Get repo metadata for describeRepo
+	*/
+	async rpcDescribeRepo() {
+		const repo = await this.getRepo();
+		const collections = [];
+		const seenCollections = /* @__PURE__ */ new Set();
+		for await (const record of repo.walkRecords()) if (!seenCollections.has(record.collection)) {
+			seenCollections.add(record.collection);
+			collections.push(record.collection);
+		}
+		return {
+			did: repo.did,
+			collections,
+			cid: repo.cid.toString()
+		};
+	}
+	/**
+	* RPC method: Get a single record
+	*/
+	async rpcGetRecord(collection, rkey) {
+		const repo = await this.getRepo();
+		const dataKey = `${collection}/${rkey}`;
+		const recordCid = await repo.data.get(dataKey);
+		if (!recordCid) return null;
+		const record = await repo.getRecord(collection, rkey);
+		if (!record) return null;
+		return {
+			cid: recordCid.toString(),
+			record
+		};
+	}
+	/**
+	* RPC method: List records in a collection
+	*/
+	async rpcListRecords(collection, opts) {
+		const repo = await this.getRepo();
+		const records = [];
+		const startFrom = opts.cursor || `${collection}/`;
+		for await (const record of repo.walkRecords(startFrom)) {
+			if (record.collection !== collection) {
+				if (records.length > 0) break;
+				continue;
+			}
+			records.push({
+				uri: AtUri.make(repo.did, record.collection, record.rkey).toString(),
+				cid: record.cid.toString(),
+				value: record.record
+			});
+			if (records.length >= opts.limit + 1) break;
+		}
+		if (opts.reverse) records.reverse();
+		const hasMore = records.length > opts.limit;
+		const results = hasMore ? records.slice(0, opts.limit) : records;
+		return {
+			records: results,
+			cursor: hasMore ? `${collection}/${results[results.length - 1]?.uri.split("/").pop() ?? ""}` : void 0
+		};
+	}
+	/**
+	* RPC method: Create a record
+	*/
+	async rpcCreateRecord(collection, rkey, record) {
+		const repo = await this.getRepo();
+		const keypair = await this.getKeypair();
+		const actualRkey = rkey || TID.nextStr();
+		const createOp = {
+			action: WriteOpAction.Create,
+			collection,
+			rkey: actualRkey,
+			record
+		};
+		const prevRev = repo.commit.rev;
+		this.repo = await repo.applyWrites([createOp], keypair);
+		const dataKey = `${collection}/${actualRkey}`;
+		const recordCid = await this.repo.data.get(dataKey);
+		if (!recordCid) throw new Error(`Failed to create record: ${collection}/${actualRkey}`);
+		if (this.sequencer) {
+			const newBlocks = new BlockMap();
+			const rows = this.ctx.storage.sql.exec("SELECT cid, bytes FROM blocks WHERE rev = ?", this.repo.commit.rev).toArray();
+			for (const row of rows) {
+				const cid = CID.parse(row.cid);
+				const bytes = new Uint8Array(row.bytes);
+				newBlocks.set(cid, bytes);
+			}
+			const opWithCid = {
+				...createOp,
+				cid: recordCid
+			};
+			const commitData = {
+				did: this.repo.did,
+				commit: this.repo.cid,
+				rev: this.repo.commit.rev,
+				since: prevRev,
+				newBlocks,
+				ops: [opWithCid]
+			};
+			const event = await this.sequencer.sequenceCommit(commitData);
+			await this.broadcastCommit(event);
+		}
+		return {
+			uri: AtUri.make(this.repo.did, collection, actualRkey).toString(),
+			cid: recordCid.toString(),
+			commit: {
+				cid: this.repo.cid.toString(),
+				rev: this.repo.commit.rev
+			}
+		};
+	}
+	/**
+	* RPC method: Delete a record
+	*/
+	async rpcDeleteRecord(collection, rkey) {
+		const repo = await this.getRepo();
+		const keypair = await this.getKeypair();
+		if (!await repo.getRecord(collection, rkey)) return null;
+		const deleteOp = {
+			action: WriteOpAction.Delete,
+			collection,
+			rkey
+		};
+		const prevRev = repo.commit.rev;
+		const updatedRepo = await repo.applyWrites([deleteOp], keypair);
+		this.repo = updatedRepo;
+		if (this.sequencer) {
+			const newBlocks = new BlockMap();
+			const rows = this.ctx.storage.sql.exec("SELECT cid, bytes FROM blocks WHERE rev = ?", this.repo.commit.rev).toArray();
+			for (const row of rows) {
+				const cid = CID.parse(row.cid);
+				const bytes = new Uint8Array(row.bytes);
+				newBlocks.set(cid, bytes);
+			}
+			const commitData = {
+				did: this.repo.did,
+				commit: this.repo.cid,
+				rev: this.repo.commit.rev,
+				since: prevRev,
+				newBlocks,
+				ops: [deleteOp]
+			};
+			const event = await this.sequencer.sequenceCommit(commitData);
+			await this.broadcastCommit(event);
+		}
+		return { commit: {
+			cid: updatedRepo.cid.toString(),
+			rev: updatedRepo.commit.rev
+		} };
+	}
+	/**
+	* RPC method: Put a record (create or update)
+	*/
+	async rpcPutRecord(collection, rkey, record) {
+		const repo = await this.getRepo();
+		const keypair = await this.getKeypair();
+		const op = await repo.getRecord(collection, rkey) !== null ? {
+			action: WriteOpAction.Update,
+			collection,
+			rkey,
+			record
+		} : {
+			action: WriteOpAction.Create,
+			collection,
+			rkey,
+			record
+		};
+		const prevRev = repo.commit.rev;
+		this.repo = await repo.applyWrites([op], keypair);
+		const dataKey = `${collection}/${rkey}`;
+		const recordCid = await this.repo.data.get(dataKey);
+		if (!recordCid) throw new Error(`Failed to put record: ${collection}/${rkey}`);
+		if (this.sequencer) {
+			const newBlocks = new BlockMap();
+			const rows = this.ctx.storage.sql.exec("SELECT cid, bytes FROM blocks WHERE rev = ?", this.repo.commit.rev).toArray();
+			for (const row of rows) {
+				const cid = CID.parse(row.cid);
+				const bytes = new Uint8Array(row.bytes);
+				newBlocks.set(cid, bytes);
+			}
+			const opWithCid = {
+				...op,
+				cid: recordCid
+			};
+			const commitData = {
+				did: this.repo.did,
+				commit: this.repo.cid,
+				rev: this.repo.commit.rev,
+				since: prevRev,
+				newBlocks,
+				ops: [opWithCid]
+			};
+			const event = await this.sequencer.sequenceCommit(commitData);
+			await this.broadcastCommit(event);
+		}
+		return {
+			uri: AtUri.make(this.repo.did, collection, rkey).toString(),
+			cid: recordCid.toString(),
+			commit: {
+				cid: this.repo.cid.toString(),
+				rev: this.repo.commit.rev
+			},
+			validationStatus: "valid"
+		};
+	}
+	/**
+	* RPC method: Apply multiple writes (batch create/update/delete)
+	*/
+	async rpcApplyWrites(writes) {
+		const repo = await this.getRepo();
+		const keypair = await this.getKeypair();
+		const ops = [];
+		const results = [];
+		for (const write of writes) if (write.$type === "com.atproto.repo.applyWrites#create") {
+			const rkey = write.rkey || TID.nextStr();
+			const op = {
+				action: WriteOpAction.Create,
+				collection: write.collection,
+				rkey,
+				record: write.value
+			};
+			ops.push(op);
+			results.push({
+				$type: "com.atproto.repo.applyWrites#createResult",
+				collection: write.collection,
+				rkey,
+				action: WriteOpAction.Create
+			});
+		} else if (write.$type === "com.atproto.repo.applyWrites#update") {
+			if (!write.rkey) throw new Error("Update requires rkey");
+			const op = {
+				action: WriteOpAction.Update,
+				collection: write.collection,
+				rkey: write.rkey,
+				record: write.value
+			};
+			ops.push(op);
+			results.push({
+				$type: "com.atproto.repo.applyWrites#updateResult",
+				collection: write.collection,
+				rkey: write.rkey,
+				action: WriteOpAction.Update
+			});
+		} else if (write.$type === "com.atproto.repo.applyWrites#delete") {
+			if (!write.rkey) throw new Error("Delete requires rkey");
+			const op = {
+				action: WriteOpAction.Delete,
+				collection: write.collection,
+				rkey: write.rkey
+			};
+			ops.push(op);
+			results.push({
+				$type: "com.atproto.repo.applyWrites#deleteResult",
+				collection: write.collection,
+				rkey: write.rkey,
+				action: WriteOpAction.Delete
+			});
+		} else throw new Error(`Unknown write type: ${write.$type}`);
+		const prevRev = repo.commit.rev;
+		this.repo = await repo.applyWrites(ops, keypair);
+		const finalResults = [];
+		const opsWithCids = [];
+		for (let i = 0; i < results.length; i++) {
+			const result = results[i];
+			const op = ops[i];
+			if (result.action === WriteOpAction.Delete) {
+				finalResults.push({ $type: result.$type });
+				opsWithCids.push(op);
+			} else {
+				const dataKey = `${result.collection}/${result.rkey}`;
+				const recordCid = await this.repo.data.get(dataKey);
+				finalResults.push({
+					$type: result.$type,
+					uri: AtUri.make(this.repo.did, result.collection, result.rkey).toString(),
+					cid: recordCid?.toString(),
+					validationStatus: "valid"
+				});
+				opsWithCids.push({
+					...op,
+					cid: recordCid
+				});
+			}
+		}
+		if (this.sequencer) {
+			const newBlocks = new BlockMap();
+			const rows = this.ctx.storage.sql.exec("SELECT cid, bytes FROM blocks WHERE rev = ?", this.repo.commit.rev).toArray();
+			for (const row of rows) {
+				const cid = CID.parse(row.cid);
+				const bytes = new Uint8Array(row.bytes);
+				newBlocks.set(cid, bytes);
+			}
+			const commitData = {
+				did: this.repo.did,
+				commit: this.repo.cid,
+				rev: this.repo.commit.rev,
+				since: prevRev,
+				newBlocks,
+				ops: opsWithCids
+			};
+			const event = await this.sequencer.sequenceCommit(commitData);
+			await this.broadcastCommit(event);
+		}
+		return {
+			commit: {
+				cid: this.repo.cid.toString(),
+				rev: this.repo.commit.rev
+			},
+			results: finalResults
+		};
+	}
+	/**
+	* RPC method: Get repo status
+	*/
+	async rpcGetRepoStatus() {
+		const repo = await this.getRepo();
+		return {
+			did: repo.did,
+			head: repo.cid.toString(),
+			rev: repo.commit.rev
+		};
+	}
+	/**
+	* RPC method: Export repo as CAR
+	*/
+	async rpcGetRepoCar() {
+		const root = await (await this.getStorage()).getRoot();
+		if (!root) throw new Error("No repository root found");
+		const rows = this.ctx.storage.sql.exec("SELECT cid, bytes FROM blocks").toArray();
+		const blocks = new BlockMap();
+		for (const row of rows) {
+			const cid = CID.parse(row.cid);
+			const bytes = new Uint8Array(row.bytes);
+			blocks.set(cid, bytes);
+		}
+		return blocksToCarFile(root, blocks);
+	}
+	/**
+	* RPC method: Import repo from CAR file
+	* This is used for account migration - importing an existing repository
+	* from another PDS.
+	*/
+	async rpcImportRepo(carBytes) {
+		await this.ensureStorageInitialized();
+		if (await this.storage.getRoot()) throw new Error("Repository already exists. Cannot import over existing repository.");
+		const { root: rootCid, blocks } = await readCarWithRoot(carBytes);
+		const importRev = TID.nextStr();
+		await this.storage.putMany(blocks, importRev);
+		this.keypair = await Secp256k1Keypair.import(this.env.SIGNING_KEY);
+		this.repo = await Repo.load(this.storage, rootCid);
+		if (this.repo.did !== this.env.DID) {
+			await this.storage.destroy();
+			throw new Error(`DID mismatch: CAR file contains DID ${this.repo.did}, but expected ${this.env.DID}`);
+		}
+		this.repoInitialized = true;
+		return {
+			did: this.repo.did,
+			rev: this.repo.commit.rev,
+			cid: rootCid.toString()
+		};
+	}
+	/**
+	* RPC method: Upload a blob to R2
+	*/
+	async rpcUploadBlob(bytes, mimeType) {
+		if (!this.blobStore) throw new Error("Blob storage not configured");
+		const MAX_BLOB_SIZE = 5 * 1024 * 1024;
+		if (bytes.length > MAX_BLOB_SIZE) throw new Error(`Blob too large: ${bytes.length} bytes (max ${MAX_BLOB_SIZE})`);
+		return this.blobStore.putBlob(bytes, mimeType);
+	}
+	/**
+	* RPC method: Get a blob from R2
+	*/
+	async rpcGetBlob(cidStr) {
+		if (!this.blobStore) throw new Error("Blob storage not configured");
+		const cid = CID.parse(cidStr);
+		return this.blobStore.getBlob(cid);
+	}
+	/**
+	* Encode a firehose frame (header + body CBOR).
+	*/
+	encodeFrame(header, body) {
+		const headerBytes = encode(header);
+		const bodyBytes = encode(body);
+		const frame = new Uint8Array(headerBytes.length + bodyBytes.length);
+		frame.set(headerBytes, 0);
+		frame.set(bodyBytes, headerBytes.length);
+		return frame;
+	}
+	/**
+	* Encode a commit event frame.
+	*/
+	encodeCommitFrame(event) {
+		return this.encodeFrame({
+			op: 1,
+			t: "#commit"
+		}, event.event);
+	}
+	/**
+	* Encode an error frame.
+	*/
+	encodeErrorFrame(error, message) {
+		const header = { op: -1 };
+		const body = {
+			error,
+			message
+		};
+		return this.encodeFrame(header, body);
+	}
+	/**
+	* Backfill firehose events from a cursor.
+	*/
+	async backfillFirehose(ws, cursor) {
+		if (!this.sequencer) throw new Error("Sequencer not initialized");
+		if (cursor > this.sequencer.getLatestSeq()) {
+			const frame = this.encodeErrorFrame("FutureCursor", "Cursor is in the future");
+			ws.send(frame);
+			ws.close(1008, "FutureCursor");
+			return;
+		}
+		const events = await this.sequencer.getEventsSince(cursor, 1e3);
+		for (const event of events) {
+			const frame = this.encodeCommitFrame(event);
+			ws.send(frame);
+		}
+		if (events.length > 0) {
+			const lastEvent = events[events.length - 1];
+			if (lastEvent) {
+				const attachment = ws.deserializeAttachment();
+				attachment.cursor = lastEvent.seq;
+				ws.serializeAttachment(attachment);
+			}
+		}
+	}
+	/**
+	* Broadcast a commit event to all connected firehose clients.
+	*/
+	async broadcastCommit(event) {
+		const frame = this.encodeCommitFrame(event);
+		for (const ws of this.ctx.getWebSockets()) try {
+			ws.send(frame);
+			const attachment = ws.deserializeAttachment();
+			attachment.cursor = event.seq;
+			ws.serializeAttachment(attachment);
+		} catch (e) {
+			console.error("Error broadcasting to WebSocket:", e);
+		}
+	}
+	/**
+	* Handle WebSocket upgrade for firehose (subscribeRepos).
+	*/
+	async handleFirehoseUpgrade(request) {
+		await this.ensureStorageInitialized();
+		const cursorParam = new URL(request.url).searchParams.get("cursor");
+		const cursor = cursorParam ? parseInt(cursorParam, 10) : null;
+		const pair = new WebSocketPair();
+		const client = pair[0];
+		const server = pair[1];
+		this.ctx.acceptWebSocket(server);
+		server.serializeAttachment({
+			cursor: cursor ?? 0,
+			connectedAt: Date.now()
+		});
+		if (cursor !== null) await this.backfillFirehose(server, cursor);
+		return new Response(null, {
+			status: 101,
+			webSocket: client
+		});
+	}
+	/**
+	* WebSocket message handler (hibernation API).
+	*/
+	webSocketMessage(_ws, _message) {}
+	/**
+	* WebSocket close handler (hibernation API).
+	*/
+	webSocketClose(_ws, _code, _reason, _wasClean) {}
+	/**
+	* WebSocket error handler (hibernation API).
+	*/
+	webSocketError(_ws, error) {
+		console.error("WebSocket error:", error);
+	}
+	/**
+	* Emit an identity event to notify downstream services to refresh identity cache.
+	*/
+	async rpcEmitIdentityEvent(handle) {
+		await this.ensureStorageInitialized();
+		const time = (/* @__PURE__ */ new Date()).toISOString();
+		const seq = this.ctx.storage.sql.exec(`INSERT INTO firehose_events (event_type, payload)
+				 VALUES ('identity', ?)
+				 RETURNING seq`, new Uint8Array(0)).one().seq;
+		const header = {
+			op: 1,
+			t: "#identity"
+		};
+		const body = {
+			seq,
+			did: this.env.DID,
+			time,
+			handle
+		};
+		const headerBytes = encode(header);
+		const bodyBytes = encode(body);
+		const frame = new Uint8Array(headerBytes.length + bodyBytes.length);
+		frame.set(headerBytes, 0);
+		frame.set(bodyBytes, headerBytes.length);
+		for (const ws of this.ctx.getWebSockets()) try {
+			ws.send(frame);
+		} catch (e) {
+			console.error("Error broadcasting identity event:", e);
+		}
+		return { seq };
+	}
+	/**
+	* HTTP fetch handler for WebSocket upgrades.
+	* This is used instead of RPC to avoid WebSocket serialization errors.
+	*/
+	async fetch(request) {
+		if (new URL(request.url).pathname === "/xrpc/com.atproto.sync.subscribeRepos") return this.handleFirehoseUpgrade(request);
+		return new Response("Method not allowed", { status: 405 });
+	}
+};
+
+//#endregion
+//#region src/session.ts
+const ACCESS_TOKEN_LIFETIME = "2h";
+const REFRESH_TOKEN_LIFETIME = "90d";
+/**
+* Create a secret key from string for HS256 signing
+*/
+function createSecretKey(secret) {
+	return new TextEncoder().encode(secret);
+}
+/**
+* Create an access token (short-lived, 2 hours)
+*/
+async function createAccessToken(jwtSecret, userDid, serviceDid) {
+	const secret = createSecretKey(jwtSecret);
+	return new SignJWT({ scope: "atproto" }).setProtectedHeader({
+		alg: "HS256",
+		typ: "at+jwt"
+	}).setIssuedAt().setIssuer(serviceDid).setAudience(serviceDid).setSubject(userDid).setExpirationTime(ACCESS_TOKEN_LIFETIME).sign(secret);
+}
+/**
+* Create a refresh token (long-lived, 90 days)
+*/
+async function createRefreshToken(jwtSecret, userDid, serviceDid) {
+	const secret = createSecretKey(jwtSecret);
+	return new SignJWT({
+		scope: "com.atproto.refresh",
+		jti: crypto.randomUUID()
+	}).setProtectedHeader({
+		alg: "HS256",
+		typ: "refresh+jwt"
+	}).setIssuedAt().setIssuer(serviceDid).setAudience(serviceDid).setSubject(userDid).setExpirationTime(REFRESH_TOKEN_LIFETIME).sign(secret);
+}
+/**
+* Verify an access token and return the payload
+*/
+async function verifyAccessToken(token, jwtSecret, serviceDid) {
+	const { payload, protectedHeader } = await jwtVerify(token, createSecretKey(jwtSecret), {
+		issuer: serviceDid,
+		audience: serviceDid
+	});
+	if (protectedHeader.typ !== "at+jwt") throw new Error("Invalid token type");
+	if (payload.scope !== "atproto") throw new Error("Invalid scope");
+	return payload;
+}
+/**
+* Verify a refresh token and return the payload
+*/
+async function verifyRefreshToken(token, jwtSecret, serviceDid) {
+	const { payload, protectedHeader } = await jwtVerify(token, createSecretKey(jwtSecret), {
+		issuer: serviceDid,
+		audience: serviceDid
+	});
+	if (protectedHeader.typ !== "refresh+jwt") throw new Error("Invalid token type");
+	if (payload.scope !== "com.atproto.refresh") throw new Error("Invalid scope");
+	if (!payload.jti) throw new Error("Missing token ID");
+	return payload;
+}
+/**
+* Verify a password against a bcrypt hash
+*/
+async function verifyPassword(password, hash) {
+	return compare(password, hash);
+}
+
+//#endregion
+//#region src/middleware/auth.ts
+async function requireAuth(c, next) {
+	const auth = c.req.header("Authorization");
+	if (!auth?.startsWith("Bearer ")) return c.json({
+		error: "AuthMissing",
+		message: "Authorization header required"
+	}, 401);
+	const token = auth.slice(7);
+	if (token === c.env.AUTH_TOKEN) return next();
+	const serviceDid = `did:web:${c.env.PDS_HOSTNAME}`;
+	try {
+		const payload = await verifyAccessToken(token, c.env.JWT_SECRET, serviceDid);
+		if (payload.sub !== c.env.DID) return c.json({
+			error: "AuthenticationRequired",
+			message: "Invalid access token"
+		}, 401);
+		c.set("auth", {
+			did: payload.sub,
+			scope: payload.scope
+		});
+		return next();
+	} catch {
+		return c.json({
+			error: "AuthenticationRequired",
+			message: "Invalid authentication token"
+		}, 401);
+	}
+}
+
+//#endregion
+//#region src/service-auth.ts
+const MINUTE = 60 * 1e3;
+function jsonToB64Url(json) {
+	return Buffer.from(JSON.stringify(json)).toString("base64url");
+}
+function noUndefinedVals(obj) {
+	const result = {};
+	for (const [key, val] of Object.entries(obj)) if (val !== void 0) result[key] = val;
+	return result;
+}
+/**
+* Create a service JWT for proxied requests to AppView.
+* The JWT asserts that the PDS vouches for the user identified by `iss`.
+*/
+async function createServiceJwt(params) {
+	const { iss, aud, keypair } = params;
+	const iat = Math.floor(Date.now() / 1e3);
+	const exp = iat + MINUTE / 1e3;
+	const lxm = params.lxm ?? void 0;
+	const jti = randomStr(16, "hex");
+	const header = {
+		typ: "JWT",
+		alg: keypair.jwtAlg
+	};
+	const payload = noUndefinedVals({
+		iat,
+		iss,
+		aud,
+		exp,
+		lxm,
+		jti
+	});
+	const toSignStr = `${jsonToB64Url(header)}.${jsonToB64Url(payload)}`;
+	const toSign = Buffer.from(toSignStr, "utf8");
+	return `${toSignStr}.${Buffer.from(await keypair.sign(toSign)).toString("base64url")}`;
+}
+
+//#endregion
+//#region src/xrpc/sync.ts
+async function getRepo(c, accountDO) {
+	const did = c.req.query("did");
+	if (!did) return c.json({
+		error: "InvalidRequest",
+		message: "Missing required parameter: did"
+	}, 400);
+	try {
+		ensureValidDid(did);
+	} catch (err) {
+		return c.json({
+			error: "InvalidRequest",
+			message: `Invalid DID format: ${err instanceof Error ? err.message : String(err)}`
+		}, 400);
+	}
+	if (did !== c.env.DID) return c.json({
+		error: "RepoNotFound",
+		message: `Repository not found for DID: ${did}`
+	}, 404);
+	const carBytes = await accountDO.rpcGetRepoCar();
+	return new Response(carBytes, {
+		status: 200,
+		headers: {
+			"Content-Type": "application/vnd.ipld.car",
+			"Content-Length": carBytes.length.toString()
+		}
+	});
+}
+async function getRepoStatus(c, accountDO) {
+	const did = c.req.query("did");
+	if (!did) return c.json({
+		error: "InvalidRequest",
+		message: "Missing required parameter: did"
+	}, 400);
+	try {
+		ensureValidDid(did);
+	} catch (err) {
+		return c.json({
+			error: "InvalidRequest",
+			message: `Invalid DID format: ${err instanceof Error ? err.message : String(err)}`
+		}, 400);
+	}
+	if (did !== c.env.DID) return c.json({
+		error: "RepoNotFound",
+		message: `Repository not found for DID: ${did}`
+	}, 404);
+	const data = await accountDO.rpcGetRepoStatus();
+	return c.json({
+		did: data.did,
+		active: true,
+		status: "active",
+		rev: data.rev
+	});
+}
+async function listRepos(c, accountDO) {
+	const data = await accountDO.rpcGetRepoStatus();
+	return c.json({ repos: [{
+		did: data.did,
+		head: data.head,
+		rev: data.rev,
+		active: true
+	}] });
+}
+async function listBlobs(c, _accountDO) {
+	const did = c.req.query("did");
+	if (!did) return c.json({
+		error: "InvalidRequest",
+		message: "Missing required parameter: did"
+	}, 400);
+	try {
+		ensureValidDid(did);
+	} catch (err) {
+		return c.json({
+			error: "InvalidRequest",
+			message: `Invalid DID format: ${err instanceof Error ? err.message : String(err)}`
+		}, 400);
+	}
+	if (did !== c.env.DID) return c.json({
+		error: "RepoNotFound",
+		message: `Repository not found for DID: ${did}`
+	}, 404);
+	if (!c.env.BLOBS) return c.json({ cids: [] });
+	const prefix = `${did}/`;
+	const cursor = c.req.query("cursor");
+	const limit = Math.min(Number(c.req.query("limit")) || 500, 1e3);
+	const listed = await c.env.BLOBS.list({
+		prefix,
+		limit,
+		cursor: cursor || void 0
+	});
+	const result = { cids: listed.objects.map((obj) => obj.key.slice(prefix.length)) };
+	if (listed.truncated && listed.cursor) result.cursor = listed.cursor;
+	return c.json(result);
+}
+async function getBlob(c, _accountDO) {
+	const did = c.req.query("did");
+	const cid = c.req.query("cid");
+	if (!did || !cid) return c.json({
+		error: "InvalidRequest",
+		message: "Missing required parameters: did, cid"
+	}, 400);
+	try {
+		ensureValidDid(did);
+	} catch (err) {
+		return c.json({
+			error: "InvalidRequest",
+			message: `Invalid DID format: ${err instanceof Error ? err.message : String(err)}`
+		}, 400);
+	}
+	if (did !== c.env.DID) return c.json({
+		error: "RepoNotFound",
+		message: `Repository not found for DID: ${did}`
+	}, 404);
+	if (!c.env.BLOBS) return c.json({
+		error: "ServiceUnavailable",
+		message: "Blob storage is not configured"
+	}, 503);
+	const key = `${did}/${cid}`;
+	const blob = await c.env.BLOBS.get(key);
+	if (!blob) return c.json({
+		error: "BlobNotFound",
+		message: `Blob not found: ${cid}`
+	}, 404);
+	return new Response(blob.body, {
+		status: 200,
+		headers: {
+			"Content-Type": blob.httpMetadata?.contentType || "application/octet-stream",
+			"Content-Length": blob.size.toString()
+		}
+	});
+}
+
+//#endregion
+//#region src/lexicons/app.bsky.actor.profile.json
+var app_bsky_actor_profile_exports = /* @__PURE__ */ __exportAll({
+	default: () => app_bsky_actor_profile_default,
+	defs: () => defs$15,
+	id: () => id$15,
+	lexicon: () => lexicon$15
+});
+var lexicon$15 = 1;
+var id$15 = "app.bsky.actor.profile";
+var defs$15 = { "main": {
+	"type": "record",
+	"description": "A declaration of a Bluesky account profile.",
+	"key": "literal:self",
+	"record": {
+		"type": "object",
+		"properties": {
+			"displayName": {
+				"type": "string",
+				"maxGraphemes": 64,
+				"maxLength": 640
+			},
+			"description": {
+				"type": "string",
+				"description": "Free-form profile description text.",
+				"maxGraphemes": 256,
+				"maxLength": 2560
+			},
+			"pronouns": {
+				"type": "string",
+				"description": "Free-form pronouns text.",
+				"maxGraphemes": 20,
+				"maxLength": 200
+			},
+			"website": {
+				"type": "string",
+				"format": "uri"
+			},
+			"avatar": {
+				"type": "blob",
+				"description": "Small image to be displayed next to posts from account. AKA, 'profile picture'",
+				"accept": ["image/png", "image/jpeg"],
+				"maxSize": 1e6
+			},
+			"banner": {
+				"type": "blob",
+				"description": "Larger horizontal image to display behind profile view.",
+				"accept": ["image/png", "image/jpeg"],
+				"maxSize": 1e6
+			},
+			"labels": {
+				"type": "union",
+				"description": "Self-label values, specific to the Bluesky application, on the overall account.",
+				"refs": ["com.atproto.label.defs#selfLabels"]
+			},
+			"joinedViaStarterPack": {
+				"type": "ref",
+				"ref": "com.atproto.repo.strongRef"
+			},
+			"pinnedPost": {
+				"type": "ref",
+				"ref": "com.atproto.repo.strongRef"
+			},
+			"createdAt": {
+				"type": "string",
+				"format": "datetime"
+			}
+		}
+	}
+} };
+var app_bsky_actor_profile_default = {
+	lexicon: lexicon$15,
+	id: id$15,
+	defs: defs$15
+};
+
+//#endregion
+//#region src/lexicons/app.bsky.embed.external.json
+var app_bsky_embed_external_exports = /* @__PURE__ */ __exportAll({
+	default: () => app_bsky_embed_external_default,
+	defs: () => defs$14,
+	id: () => id$14,
+	lexicon: () => lexicon$14
+});
+var lexicon$14 = 1;
+var id$14 = "app.bsky.embed.external";
+var defs$14 = {
+	"main": {
+		"type": "object",
+		"description": "A representation of some externally linked content (eg, a URL and 'card'), embedded in a Bluesky record (eg, a post).",
+		"required": ["external"],
+		"properties": { "external": {
+			"type": "ref",
+			"ref": "#external"
+		} }
+	},
+	"external": {
+		"type": "object",
+		"required": [
+			"uri",
+			"title",
+			"description"
+		],
+		"properties": {
+			"uri": {
+				"type": "string",
+				"format": "uri"
+			},
+			"title": { "type": "string" },
+			"description": { "type": "string" },
+			"thumb": {
+				"type": "blob",
+				"accept": ["image/*"],
+				"maxSize": 1e6
+			}
+		}
+	},
+	"view": {
+		"type": "object",
+		"required": ["external"],
+		"properties": { "external": {
+			"type": "ref",
+			"ref": "#viewExternal"
+		} }
+	},
+	"viewExternal": {
+		"type": "object",
+		"required": [
+			"uri",
+			"title",
+			"description"
+		],
+		"properties": {
+			"uri": {
+				"type": "string",
+				"format": "uri"
+			},
+			"title": { "type": "string" },
+			"description": { "type": "string" },
+			"thumb": {
+				"type": "string",
+				"format": "uri"
+			}
+		}
+	}
+};
+var app_bsky_embed_external_default = {
+	lexicon: lexicon$14,
+	id: id$14,
+	defs: defs$14
+};
+
+//#endregion
+//#region src/lexicons/app.bsky.embed.images.json
+var app_bsky_embed_images_exports = /* @__PURE__ */ __exportAll({
+	default: () => app_bsky_embed_images_default,
+	defs: () => defs$13,
+	description: () => description$3,
+	id: () => id$13,
+	lexicon: () => lexicon$13
+});
+var lexicon$13 = 1;
+var id$13 = "app.bsky.embed.images";
+var description$3 = "A set of images embedded in a Bluesky record (eg, a post).";
+var defs$13 = {
+	"main": {
+		"type": "object",
+		"required": ["images"],
+		"properties": { "images": {
+			"type": "array",
+			"items": {
+				"type": "ref",
+				"ref": "#image"
+			},
+			"maxLength": 4
+		} }
+	},
+	"image": {
+		"type": "object",
+		"required": ["image", "alt"],
+		"properties": {
+			"image": {
+				"type": "blob",
+				"accept": ["image/*"],
+				"maxSize": 1e6
+			},
+			"alt": {
+				"type": "string",
+				"description": "Alt text description of the image, for accessibility."
+			},
+			"aspectRatio": {
+				"type": "ref",
+				"ref": "app.bsky.embed.defs#aspectRatio"
+			}
+		}
+	},
+	"view": {
+		"type": "object",
+		"required": ["images"],
+		"properties": { "images": {
+			"type": "array",
+			"items": {
+				"type": "ref",
+				"ref": "#viewImage"
+			},
+			"maxLength": 4
+		} }
+	},
+	"viewImage": {
+		"type": "object",
+		"required": [
+			"thumb",
+			"fullsize",
+			"alt"
+		],
+		"properties": {
+			"thumb": {
+				"type": "string",
+				"format": "uri",
+				"description": "Fully-qualified URL where a thumbnail of the image can be fetched. For example, CDN location provided by the App View."
+			},
+			"fullsize": {
+				"type": "string",
+				"format": "uri",
+				"description": "Fully-qualified URL where a large version of the image can be fetched. May or may not be the exact original blob. For example, CDN location provided by the App View."
+			},
+			"alt": {
+				"type": "string",
+				"description": "Alt text description of the image, for accessibility."
+			},
+			"aspectRatio": {
+				"type": "ref",
+				"ref": "app.bsky.embed.defs#aspectRatio"
+			}
+		}
+	}
+};
+var app_bsky_embed_images_default = {
+	lexicon: lexicon$13,
+	id: id$13,
+	description: description$3,
+	defs: defs$13
+};
+
+//#endregion
+//#region src/lexicons/app.bsky.embed.record.json
+var app_bsky_embed_record_exports = /* @__PURE__ */ __exportAll({
+	default: () => app_bsky_embed_record_default,
+	defs: () => defs$12,
+	description: () => description$2,
+	id: () => id$12,
+	lexicon: () => lexicon$12
+});
+var lexicon$12 = 1;
+var id$12 = "app.bsky.embed.record";
+var description$2 = "A representation of a record embedded in a Bluesky record (eg, a post). For example, a quote-post, or sharing a feed generator record.";
+var defs$12 = {
+	"main": {
+		"type": "object",
+		"required": ["record"],
+		"properties": { "record": {
+			"type": "ref",
+			"ref": "com.atproto.repo.strongRef"
+		} }
+	},
+	"view": {
+		"type": "object",
+		"required": ["record"],
+		"properties": { "record": {
+			"type": "union",
+			"refs": [
+				"#viewRecord",
+				"#viewNotFound",
+				"#viewBlocked",
+				"#viewDetached",
+				"app.bsky.feed.defs#generatorView",
+				"app.bsky.graph.defs#listView",
+				"app.bsky.labeler.defs#labelerView",
+				"app.bsky.graph.defs#starterPackViewBasic"
+			]
+		} }
+	},
+	"viewRecord": {
+		"type": "object",
+		"required": [
+			"uri",
+			"cid",
+			"author",
+			"value",
+			"indexedAt"
+		],
+		"properties": {
+			"uri": {
+				"type": "string",
+				"format": "at-uri"
+			},
+			"cid": {
+				"type": "string",
+				"format": "cid"
+			},
+			"author": {
+				"type": "ref",
+				"ref": "app.bsky.actor.defs#profileViewBasic"
+			},
+			"value": {
+				"type": "unknown",
+				"description": "The record data itself."
+			},
+			"labels": {
+				"type": "array",
+				"items": {
+					"type": "ref",
+					"ref": "com.atproto.label.defs#label"
+				}
+			},
+			"replyCount": { "type": "integer" },
+			"repostCount": { "type": "integer" },
+			"likeCount": { "type": "integer" },
+			"quoteCount": { "type": "integer" },
+			"embeds": {
+				"type": "array",
+				"items": {
+					"type": "union",
+					"refs": [
+						"app.bsky.embed.images#view",
+						"app.bsky.embed.video#view",
+						"app.bsky.embed.external#view",
+						"app.bsky.embed.record#view",
+						"app.bsky.embed.recordWithMedia#view"
+					]
+				}
+			},
+			"indexedAt": {
+				"type": "string",
+				"format": "datetime"
+			}
+		}
+	},
+	"viewNotFound": {
+		"type": "object",
+		"required": ["uri", "notFound"],
+		"properties": {
+			"uri": {
+				"type": "string",
+				"format": "at-uri"
+			},
+			"notFound": {
+				"type": "boolean",
+				"const": true
+			}
+		}
+	},
+	"viewBlocked": {
+		"type": "object",
+		"required": [
+			"uri",
+			"blocked",
+			"author"
+		],
+		"properties": {
+			"uri": {
+				"type": "string",
+				"format": "at-uri"
+			},
+			"blocked": {
+				"type": "boolean",
+				"const": true
+			},
+			"author": {
+				"type": "ref",
+				"ref": "app.bsky.feed.defs#blockedAuthor"
+			}
+		}
+	},
+	"viewDetached": {
+		"type": "object",
+		"required": ["uri", "detached"],
+		"properties": {
+			"uri": {
+				"type": "string",
+				"format": "at-uri"
+			},
+			"detached": {
+				"type": "boolean",
+				"const": true
+			}
+		}
+	}
+};
+var app_bsky_embed_record_default = {
+	lexicon: lexicon$12,
+	id: id$12,
+	description: description$2,
+	defs: defs$12
+};
+
+//#endregion
+//#region src/lexicons/app.bsky.embed.recordWithMedia.json
+var app_bsky_embed_recordWithMedia_exports = /* @__PURE__ */ __exportAll({
+	default: () => app_bsky_embed_recordWithMedia_default,
+	defs: () => defs$11,
+	description: () => description$1,
+	id: () => id$11,
+	lexicon: () => lexicon$11
+});
+var lexicon$11 = 1;
+var id$11 = "app.bsky.embed.recordWithMedia";
+var description$1 = "A representation of a record embedded in a Bluesky record (eg, a post), alongside other compatible embeds. For example, a quote post and image, or a quote post and external URL card.";
+var defs$11 = {
+	"main": {
+		"type": "object",
+		"required": ["record", "media"],
+		"properties": {
+			"record": {
+				"type": "ref",
+				"ref": "app.bsky.embed.record"
+			},
+			"media": {
+				"type": "union",
+				"refs": [
+					"app.bsky.embed.images",
+					"app.bsky.embed.video",
+					"app.bsky.embed.external"
+				]
+			}
+		}
+	},
+	"view": {
+		"type": "object",
+		"required": ["record", "media"],
+		"properties": {
+			"record": {
+				"type": "ref",
+				"ref": "app.bsky.embed.record#view"
+			},
+			"media": {
+				"type": "union",
+				"refs": [
+					"app.bsky.embed.images#view",
+					"app.bsky.embed.video#view",
+					"app.bsky.embed.external#view"
+				]
+			}
+		}
+	}
+};
+var app_bsky_embed_recordWithMedia_default = {
+	lexicon: lexicon$11,
+	id: id$11,
+	description: description$1,
+	defs: defs$11
+};
+
+//#endregion
+//#region src/lexicons/app.bsky.feed.like.json
+var app_bsky_feed_like_exports = /* @__PURE__ */ __exportAll({
+	default: () => app_bsky_feed_like_default,
+	defs: () => defs$10,
+	id: () => id$10,
+	lexicon: () => lexicon$10
+});
+var lexicon$10 = 1;
+var id$10 = "app.bsky.feed.like";
+var defs$10 = { "main": {
+	"type": "record",
+	"description": "Record declaring a 'like' of a piece of subject content.",
+	"key": "tid",
+	"record": {
+		"type": "object",
+		"required": ["subject", "createdAt"],
+		"properties": {
+			"subject": {
+				"type": "ref",
+				"ref": "com.atproto.repo.strongRef"
+			},
+			"createdAt": {
+				"type": "string",
+				"format": "datetime"
+			},
+			"via": {
+				"type": "ref",
+				"ref": "com.atproto.repo.strongRef"
+			}
+		}
+	}
+} };
+var app_bsky_feed_like_default = {
+	lexicon: lexicon$10,
+	id: id$10,
+	defs: defs$10
+};
+
+//#endregion
+//#region src/lexicons/app.bsky.feed.post.json
+var app_bsky_feed_post_exports = /* @__PURE__ */ __exportAll({
+	default: () => app_bsky_feed_post_default,
+	defs: () => defs$9,
+	id: () => id$9,
+	lexicon: () => lexicon$9
+});
+var lexicon$9 = 1;
+var id$9 = "app.bsky.feed.post";
+var defs$9 = {
+	"main": {
+		"type": "record",
+		"description": "Record containing a Bluesky post.",
+		"key": "tid",
+		"record": {
+			"type": "object",
+			"required": ["text", "createdAt"],
+			"properties": {
+				"text": {
+					"type": "string",
+					"maxLength": 3e3,
+					"maxGraphemes": 300,
+					"description": "The primary post content. May be an empty string, if there are embeds."
+				},
+				"entities": {
+					"type": "array",
+					"description": "DEPRECATED: replaced by app.bsky.richtext.facet.",
+					"items": {
+						"type": "ref",
+						"ref": "#entity"
+					}
+				},
+				"facets": {
+					"type": "array",
+					"description": "Annotations of text (mentions, URLs, hashtags, etc)",
+					"items": {
+						"type": "ref",
+						"ref": "app.bsky.richtext.facet"
+					}
+				},
+				"reply": {
+					"type": "ref",
+					"ref": "#replyRef"
+				},
+				"embed": {
+					"type": "union",
+					"refs": [
+						"app.bsky.embed.images",
+						"app.bsky.embed.video",
+						"app.bsky.embed.external",
+						"app.bsky.embed.record",
+						"app.bsky.embed.recordWithMedia"
+					]
+				},
+				"langs": {
+					"type": "array",
+					"description": "Indicates human language of post primary text content.",
+					"maxLength": 3,
+					"items": {
+						"type": "string",
+						"format": "language"
+					}
+				},
+				"labels": {
+					"type": "union",
+					"description": "Self-label values for this post. Effectively content warnings.",
+					"refs": ["com.atproto.label.defs#selfLabels"]
+				},
+				"tags": {
+					"type": "array",
+					"description": "Additional hashtags, in addition to any included in post text and facets.",
+					"maxLength": 8,
+					"items": {
+						"type": "string",
+						"maxLength": 640,
+						"maxGraphemes": 64
+					}
+				},
+				"createdAt": {
+					"type": "string",
+					"format": "datetime",
+					"description": "Client-declared timestamp when this post was originally created."
+				}
+			}
+		}
+	},
+	"replyRef": {
+		"type": "object",
+		"required": ["root", "parent"],
+		"properties": {
+			"root": {
+				"type": "ref",
+				"ref": "com.atproto.repo.strongRef"
+			},
+			"parent": {
+				"type": "ref",
+				"ref": "com.atproto.repo.strongRef"
+			}
+		}
+	},
+	"entity": {
+		"type": "object",
+		"description": "Deprecated: use facets instead.",
+		"required": [
+			"index",
+			"type",
+			"value"
+		],
+		"properties": {
+			"index": {
+				"type": "ref",
+				"ref": "#textSlice"
+			},
+			"type": {
+				"type": "string",
+				"description": "Expected values are 'mention' and 'link'."
+			},
+			"value": { "type": "string" }
+		}
+	},
+	"textSlice": {
+		"type": "object",
+		"description": "Deprecated. Use app.bsky.richtext instead -- A text segment. Start is inclusive, end is exclusive. Indices are for utf16-encoded strings.",
+		"required": ["start", "end"],
+		"properties": {
+			"start": {
+				"type": "integer",
+				"minimum": 0
+			},
+			"end": {
+				"type": "integer",
+				"minimum": 0
+			}
+		}
+	}
+};
+var app_bsky_feed_post_default = {
+	lexicon: lexicon$9,
+	id: id$9,
+	defs: defs$9
+};
+
+//#endregion
+//#region src/lexicons/app.bsky.feed.repost.json
+var app_bsky_feed_repost_exports = /* @__PURE__ */ __exportAll({
+	default: () => app_bsky_feed_repost_default,
+	defs: () => defs$8,
+	id: () => id$8,
+	lexicon: () => lexicon$8
+});
+var lexicon$8 = 1;
+var id$8 = "app.bsky.feed.repost";
+var defs$8 = { "main": {
+	"description": "Record representing a 'repost' of an existing Bluesky post.",
+	"type": "record",
+	"key": "tid",
+	"record": {
+		"type": "object",
+		"required": ["subject", "createdAt"],
+		"properties": {
+			"subject": {
+				"type": "ref",
+				"ref": "com.atproto.repo.strongRef"
+			},
+			"createdAt": {
+				"type": "string",
+				"format": "datetime"
+			},
+			"via": {
+				"type": "ref",
+				"ref": "com.atproto.repo.strongRef"
+			}
+		}
+	}
+} };
+var app_bsky_feed_repost_default = {
+	lexicon: lexicon$8,
+	id: id$8,
+	defs: defs$8
+};
+
+//#endregion
+//#region src/lexicons/app.bsky.feed.threadgate.json
+var app_bsky_feed_threadgate_exports = /* @__PURE__ */ __exportAll({
+	default: () => app_bsky_feed_threadgate_default,
+	defs: () => defs$7,
+	id: () => id$7,
+	lexicon: () => lexicon$7
+});
+var lexicon$7 = 1;
+var id$7 = "app.bsky.feed.threadgate";
+var defs$7 = {
+	"main": {
+		"type": "record",
+		"key": "tid",
+		"description": "Record defining interaction gating rules for a thread (aka, reply controls). The record key (rkey) of the threadgate record must match the record key of the thread's root post, and that record must be in the same repository.",
+		"record": {
+			"type": "object",
+			"required": ["post", "createdAt"],
+			"properties": {
+				"post": {
+					"type": "string",
+					"format": "at-uri",
+					"description": "Reference (AT-URI) to the post record."
+				},
+				"allow": {
+					"description": "List of rules defining who can reply to this post. If value is an empty array, no one can reply. If value is undefined, anyone can reply.",
+					"type": "array",
+					"maxLength": 5,
+					"items": {
+						"type": "union",
+						"refs": [
+							"#mentionRule",
+							"#followerRule",
+							"#followingRule",
+							"#listRule"
+						]
+					}
+				},
+				"createdAt": {
+					"type": "string",
+					"format": "datetime"
+				},
+				"hiddenReplies": {
+					"type": "array",
+					"maxLength": 300,
+					"items": {
+						"type": "string",
+						"format": "at-uri"
+					},
+					"description": "List of hidden reply URIs."
+				}
+			}
+		}
+	},
+	"mentionRule": {
+		"type": "object",
+		"description": "Allow replies from actors mentioned in your post.",
+		"properties": {}
+	},
+	"followerRule": {
+		"type": "object",
+		"description": "Allow replies from actors who follow you.",
+		"properties": {}
+	},
+	"followingRule": {
+		"type": "object",
+		"description": "Allow replies from actors you follow.",
+		"properties": {}
+	},
+	"listRule": {
+		"type": "object",
+		"description": "Allow replies from actors on a list.",
+		"required": ["list"],
+		"properties": { "list": {
+			"type": "string",
+			"format": "at-uri"
+		} }
+	}
+};
+var app_bsky_feed_threadgate_default = {
+	lexicon: lexicon$7,
+	id: id$7,
+	defs: defs$7
+};
+
+//#endregion
+//#region src/lexicons/app.bsky.graph.block.json
+var app_bsky_graph_block_exports = /* @__PURE__ */ __exportAll({
+	default: () => app_bsky_graph_block_default,
+	defs: () => defs$6,
+	id: () => id$6,
+	lexicon: () => lexicon$6
+});
+var lexicon$6 = 1;
+var id$6 = "app.bsky.graph.block";
+var defs$6 = { "main": {
+	"type": "record",
+	"description": "Record declaring a 'block' relationship against another account. NOTE: blocks are public in Bluesky; see blog posts for details.",
+	"key": "tid",
+	"record": {
+		"type": "object",
+		"required": ["subject", "createdAt"],
+		"properties": {
+			"subject": {
+				"type": "string",
+				"format": "did",
+				"description": "DID of the account to be blocked."
+			},
+			"createdAt": {
+				"type": "string",
+				"format": "datetime"
+			}
+		}
+	}
+} };
+var app_bsky_graph_block_default = {
+	lexicon: lexicon$6,
+	id: id$6,
+	defs: defs$6
+};
+
+//#endregion
+//#region src/lexicons/app.bsky.graph.follow.json
+var app_bsky_graph_follow_exports = /* @__PURE__ */ __exportAll({
+	default: () => app_bsky_graph_follow_default,
+	defs: () => defs$5,
+	id: () => id$5,
+	lexicon: () => lexicon$5
+});
+var lexicon$5 = 1;
+var id$5 = "app.bsky.graph.follow";
+var defs$5 = { "main": {
+	"type": "record",
+	"description": "Record declaring a social 'follow' relationship of another account. Duplicate follows will be ignored by the AppView.",
+	"key": "tid",
+	"record": {
+		"type": "object",
+		"required": ["subject", "createdAt"],
+		"properties": {
+			"subject": {
+				"type": "string",
+				"format": "did"
+			},
+			"createdAt": {
+				"type": "string",
+				"format": "datetime"
+			},
+			"via": {
+				"type": "ref",
+				"ref": "com.atproto.repo.strongRef"
+			}
+		}
+	}
+} };
+var app_bsky_graph_follow_default = {
+	lexicon: lexicon$5,
+	id: id$5,
+	defs: defs$5
+};
+
+//#endregion
+//#region src/lexicons/app.bsky.graph.list.json
+var app_bsky_graph_list_exports = /* @__PURE__ */ __exportAll({
+	default: () => app_bsky_graph_list_default,
+	defs: () => defs$4,
+	id: () => id$4,
+	lexicon: () => lexicon$4
+});
+var lexicon$4 = 1;
+var id$4 = "app.bsky.graph.list";
+var defs$4 = { "main": {
+	"type": "record",
+	"description": "Record representing a list of accounts (actors). Scope includes both moderation-oriented lists and curration-oriented lists.",
+	"key": "tid",
+	"record": {
+		"type": "object",
+		"required": [
+			"name",
+			"purpose",
+			"createdAt"
+		],
+		"properties": {
+			"purpose": {
+				"type": "ref",
+				"description": "Defines the purpose of the list (aka, moderation-oriented or curration-oriented)",
+				"ref": "app.bsky.graph.defs#listPurpose"
+			},
+			"name": {
+				"type": "string",
+				"maxLength": 64,
+				"minLength": 1,
+				"description": "Display name for list; can not be empty."
+			},
+			"description": {
+				"type": "string",
+				"maxGraphemes": 300,
+				"maxLength": 3e3
+			},
+			"descriptionFacets": {
+				"type": "array",
+				"items": {
+					"type": "ref",
+					"ref": "app.bsky.richtext.facet"
+				}
+			},
+			"avatar": {
+				"type": "blob",
+				"accept": ["image/png", "image/jpeg"],
+				"maxSize": 1e6
+			},
+			"labels": {
+				"type": "union",
+				"refs": ["com.atproto.label.defs#selfLabels"]
+			},
+			"createdAt": {
+				"type": "string",
+				"format": "datetime"
+			}
+		}
+	}
+} };
+var app_bsky_graph_list_default = {
+	lexicon: lexicon$4,
+	id: id$4,
+	defs: defs$4
+};
+
+//#endregion
+//#region src/lexicons/app.bsky.graph.listitem.json
+var app_bsky_graph_listitem_exports = /* @__PURE__ */ __exportAll({
+	default: () => app_bsky_graph_listitem_default,
+	defs: () => defs$3,
+	id: () => id$3,
+	lexicon: () => lexicon$3
+});
+var lexicon$3 = 1;
+var id$3 = "app.bsky.graph.listitem";
+var defs$3 = { "main": {
+	"type": "record",
+	"description": "Record representing an account's inclusion on a specific list. The AppView will ignore duplicate listitem records.",
+	"key": "tid",
+	"record": {
+		"type": "object",
+		"required": [
+			"subject",
+			"list",
+			"createdAt"
+		],
+		"properties": {
+			"subject": {
+				"type": "string",
+				"format": "did",
+				"description": "The account which is included on the list."
+			},
+			"list": {
+				"type": "string",
+				"format": "at-uri",
+				"description": "Reference (AT-URI) to the list record (app.bsky.graph.list)."
+			},
+			"createdAt": {
+				"type": "string",
+				"format": "datetime"
+			}
+		}
+	}
+} };
+var app_bsky_graph_listitem_default = {
+	lexicon: lexicon$3,
+	id: id$3,
+	defs: defs$3
+};
+
+//#endregion
+//#region src/lexicons/app.bsky.richtext.facet.json
+var app_bsky_richtext_facet_exports = /* @__PURE__ */ __exportAll({
+	default: () => app_bsky_richtext_facet_default,
+	defs: () => defs$2,
+	id: () => id$2,
+	lexicon: () => lexicon$2
+});
+var lexicon$2 = 1;
+var id$2 = "app.bsky.richtext.facet";
+var defs$2 = {
+	"main": {
+		"type": "object",
+		"description": "Annotation of a sub-string within rich text.",
+		"required": ["index", "features"],
+		"properties": {
+			"index": {
+				"type": "ref",
+				"ref": "#byteSlice"
+			},
+			"features": {
+				"type": "array",
+				"items": {
+					"type": "union",
+					"refs": [
+						"#mention",
+						"#link",
+						"#tag"
+					]
+				}
+			}
+		}
+	},
+	"mention": {
+		"type": "object",
+		"description": "Facet feature for mention of another account. The text is usually a handle, including a '@' prefix, but the facet reference is a DID.",
+		"required": ["did"],
+		"properties": { "did": {
+			"type": "string",
+			"format": "did"
+		} }
+	},
+	"link": {
+		"type": "object",
+		"description": "Facet feature for a URL. The text URL may have been simplified or truncated, but the facet reference should be a complete URL.",
+		"required": ["uri"],
+		"properties": { "uri": {
+			"type": "string",
+			"format": "uri"
+		} }
+	},
+	"tag": {
+		"type": "object",
+		"description": "Facet feature for a hashtag. The text usually includes a '#' prefix, but the facet reference should not (except in the case of 'double hash tags').",
+		"required": ["tag"],
+		"properties": { "tag": {
+			"type": "string",
+			"maxLength": 640,
+			"maxGraphemes": 64
+		} }
+	},
+	"byteSlice": {
+		"type": "object",
+		"description": "Specifies the sub-string range a facet feature applies to. Start index is inclusive, end index is exclusive. Indices are zero-indexed, counting bytes of the UTF-8 encoded text. NOTE: some languages, like Javascript, use UTF-16 or Unicode codepoints for string slice indexing; in these languages, convert to byte arrays before working with facets.",
+		"required": ["byteStart", "byteEnd"],
+		"properties": {
+			"byteStart": {
+				"type": "integer",
+				"minimum": 0
+			},
+			"byteEnd": {
+				"type": "integer",
+				"minimum": 0
+			}
+		}
+	}
+};
+var app_bsky_richtext_facet_default = {
+	lexicon: lexicon$2,
+	id: id$2,
+	defs: defs$2
+};
+
+//#endregion
+//#region src/lexicons/com.atproto.label.defs.json
+var com_atproto_label_defs_exports = /* @__PURE__ */ __exportAll({
+	default: () => com_atproto_label_defs_default,
+	defs: () => defs$1,
+	id: () => id$1,
+	lexicon: () => lexicon$1
+});
+var lexicon$1 = 1;
+var id$1 = "com.atproto.label.defs";
+var defs$1 = {
+	"label": {
+		"type": "object",
+		"description": "Metadata tag on an atproto resource (eg, repo or record).",
+		"required": [
+			"src",
+			"uri",
+			"val",
+			"cts"
+		],
+		"properties": {
+			"ver": {
+				"type": "integer",
+				"description": "The AT Protocol version of the label object."
+			},
+			"src": {
+				"type": "string",
+				"format": "did",
+				"description": "DID of the actor who created this label."
+			},
+			"uri": {
+				"type": "string",
+				"format": "uri",
+				"description": "AT URI of the record, repository (account), or other resource that this label applies to."
+			},
+			"cid": {
+				"type": "string",
+				"format": "cid",
+				"description": "Optionally, CID specifying the specific version of 'uri' resource this label applies to."
+			},
+			"val": {
+				"type": "string",
+				"maxLength": 128,
+				"description": "The short string name of the value or type of this label."
+			},
+			"neg": {
+				"type": "boolean",
+				"description": "If true, this is a negation label, overwriting a previous label."
+			},
+			"cts": {
+				"type": "string",
+				"format": "datetime",
+				"description": "Timestamp when this label was created."
+			},
+			"exp": {
+				"type": "string",
+				"format": "datetime",
+				"description": "Timestamp at which this label expires (no longer applies)."
+			},
+			"sig": {
+				"type": "bytes",
+				"description": "Signature of dag-cbor encoded label."
+			}
+		}
+	},
+	"selfLabels": {
+		"type": "object",
+		"description": "Metadata tags on an atproto record, published by the author within the record.",
+		"required": ["values"],
+		"properties": { "values": {
+			"type": "array",
+			"items": {
+				"type": "ref",
+				"ref": "#selfLabel"
+			},
+			"maxLength": 10
+		} }
+	},
+	"selfLabel": {
+		"type": "object",
+		"description": "Metadata tag on an atproto record, published by the author within the record. Note that schemas should use #selfLabels, not #selfLabel.",
+		"required": ["val"],
+		"properties": { "val": {
+			"type": "string",
+			"maxLength": 128,
+			"description": "The short string name of the value or type of this label."
+		} }
+	},
+	"labelValueDefinition": {
+		"type": "object",
+		"description": "Declares a label value and its expected interpretations and behaviors.",
+		"required": [
+			"identifier",
+			"severity",
+			"blurs",
+			"locales"
+		],
+		"properties": {
+			"identifier": {
+				"type": "string",
+				"description": "The value of the label being defined. Must only include lowercase ascii and the '-' character ([a-z-]+).",
+				"maxLength": 100,
+				"maxGraphemes": 100
+			},
+			"severity": {
+				"type": "string",
+				"description": "How should a client visually convey this label? 'inform' means neutral and informational; 'alert' means negative and warning; 'none' means show nothing.",
+				"knownValues": [
+					"inform",
+					"alert",
+					"none"
+				]
+			},
+			"blurs": {
+				"type": "string",
+				"description": "What should this label hide in the UI, if applied? 'content' hides all of the target; 'media' hides the images/video/audio; 'none' hides nothing.",
+				"knownValues": [
+					"content",
+					"media",
+					"none"
+				]
+			},
+			"defaultSetting": {
+				"type": "string",
+				"description": "The default setting for this label.",
+				"knownValues": [
+					"ignore",
+					"warn",
+					"hide"
+				],
+				"default": "warn"
+			},
+			"adultOnly": {
+				"type": "boolean",
+				"description": "Does the user need to have adult content enabled in order to configure this label?"
+			},
+			"locales": {
+				"type": "array",
+				"items": {
+					"type": "ref",
+					"ref": "#labelValueDefinitionStrings"
+				}
+			}
+		}
+	},
+	"labelValueDefinitionStrings": {
+		"type": "object",
+		"description": "Strings which describe the label in the UI, localized into a specific language.",
+		"required": [
+			"lang",
+			"name",
+			"description"
+		],
+		"properties": {
+			"lang": {
+				"type": "string",
+				"description": "The code of the language these strings are written in.",
+				"format": "language"
+			},
+			"name": {
+				"type": "string",
+				"description": "A short human-readable name for the label.",
+				"maxGraphemes": 64,
+				"maxLength": 640
+			},
+			"description": {
+				"type": "string",
+				"description": "A longer description of what the label means and why it might be applied.",
+				"maxGraphemes": 1e4,
+				"maxLength": 1e5
+			}
+		}
+	},
+	"labelValue": {
+		"type": "string",
+		"knownValues": [
+			"!hide",
+			"!no-promote",
+			"!warn",
+			"!no-unauthenticated",
+			"dmca-violation",
+			"doxxing",
+			"porn",
+			"sexual",
+			"nudity",
+			"nsfl",
+			"gore"
+		]
+	}
+};
+var com_atproto_label_defs_default = {
+	lexicon: lexicon$1,
+	id: id$1,
+	defs: defs$1
+};
+
+//#endregion
+//#region src/lexicons/com.atproto.repo.strongRef.json
+var com_atproto_repo_strongRef_exports = /* @__PURE__ */ __exportAll({
+	default: () => com_atproto_repo_strongRef_default,
+	defs: () => defs,
+	description: () => description,
+	id: () => id,
+	lexicon: () => lexicon
+});
+var lexicon = 1;
+var id = "com.atproto.repo.strongRef";
+var description = "A URI with a content-hash fingerprint.";
+var defs = { "main": {
+	"type": "object",
+	"required": ["uri", "cid"],
+	"properties": {
+		"uri": {
+			"type": "string",
+			"format": "at-uri"
+		},
+		"cid": {
+			"type": "string",
+			"format": "cid"
+		}
+	}
+} };
+var com_atproto_repo_strongRef_default = {
+	lexicon,
+	id,
+	description,
+	defs
+};
+
+//#endregion
+//#region src/validation.ts
+/**
+* Record validator for AT Protocol records.
+*
+* Validates records against official Bluesky lexicon schemas.
+* Uses optimistic validation strategy:
+* - If a lexicon schema is loaded for the collection, validate the record
+* - If no schema is loaded, allow the record (fail-open)
+*
+* This allows the PDS to accept records for new or unknown collection types
+* while still validating known types when schemas are available.
+*/
+var RecordValidator = class {
+	lex;
+	strictMode;
+	constructor(options = {}) {
+		this.lex = options.lexicons ?? new Lexicons();
+		this.strictMode = options.strict ?? false;
+		this.loadBlueskySchemas();
+	}
+	/**
+	* Load official Bluesky lexicon schemas from vendored JSON files.
+	* Uses Vite's glob import to automatically load all schema files.
+	*/
+	loadBlueskySchemas() {
+		const schemas = {
+			"./lexicons/app.bsky.actor.profile.json": app_bsky_actor_profile_exports,
+			"./lexicons/app.bsky.embed.external.json": app_bsky_embed_external_exports,
+			"./lexicons/app.bsky.embed.images.json": app_bsky_embed_images_exports,
+			"./lexicons/app.bsky.embed.record.json": app_bsky_embed_record_exports,
+			"./lexicons/app.bsky.embed.recordWithMedia.json": app_bsky_embed_recordWithMedia_exports,
+			"./lexicons/app.bsky.feed.like.json": app_bsky_feed_like_exports,
+			"./lexicons/app.bsky.feed.post.json": app_bsky_feed_post_exports,
+			"./lexicons/app.bsky.feed.repost.json": app_bsky_feed_repost_exports,
+			"./lexicons/app.bsky.feed.threadgate.json": app_bsky_feed_threadgate_exports,
+			"./lexicons/app.bsky.graph.block.json": app_bsky_graph_block_exports,
+			"./lexicons/app.bsky.graph.follow.json": app_bsky_graph_follow_exports,
+			"./lexicons/app.bsky.graph.list.json": app_bsky_graph_list_exports,
+			"./lexicons/app.bsky.graph.listitem.json": app_bsky_graph_listitem_exports,
+			"./lexicons/app.bsky.richtext.facet.json": app_bsky_richtext_facet_exports,
+			"./lexicons/com.atproto.label.defs.json": com_atproto_label_defs_exports,
+			"./lexicons/com.atproto.repo.strongRef.json": com_atproto_repo_strongRef_exports
+		};
+		for (const schema of Object.values(schemas)) this.lex.add(schema.default);
+	}
+	/**
+	* Validate a record against its lexicon schema.
+	*
+	* @param collection - The NSID of the record type (e.g., "app.bsky.feed.post")
+	* @param record - The record object to validate
+	* @throws {Error} If validation fails and schema is loaded
+	*/
+	validateRecord(collection, record) {
+		if (!this.hasSchema(collection)) {
+			if (this.strictMode) throw new Error(`No lexicon schema loaded for collection: ${collection}. Enable optimistic validation or add the schema.`);
+			return;
+		}
+		try {
+			this.lex.assertValidRecord(collection, record);
+		} catch (error) {
+			const message = error instanceof Error ? error.message : String(error);
+			throw new Error(`Lexicon validation failed for ${collection}: ${message}`);
+		}
+	}
+	/**
+	* Check if a schema is loaded for a collection.
+	*/
+	hasSchema(collection) {
+		try {
+			this.lex.getDefOrThrow(collection);
+			return true;
+		} catch {
+			return false;
+		}
+	}
+	/**
+	* Add a lexicon schema to the validator.
+	*
+	* @param doc - The lexicon document to add
+	*
+	* @example
+	* ```ts
+	* validator.addSchema({
+	*   lexicon: 1,
+	*   id: "com.example.post",
+	*   defs: { ... }
+	* })
+	* ```
+	*/
+	addSchema(doc) {
+		this.lex.add(doc);
+	}
+	/**
+	* Get list of all loaded schema NSIDs.
+	*/
+	getLoadedSchemas() {
+		return Array.from(this.lex).map((doc) => doc.id);
+	}
+	/**
+	* Get the underlying Lexicons instance for advanced usage.
+	*/
+	getLexicons() {
+		return this.lex;
+	}
+};
+/**
+* Shared validator instance (singleton pattern).
+* Uses optimistic validation by default (strict: false).
+*
+* Automatically loads all schemas from ./lexicons/*.json
+*
+* Additional schemas can be added:
+* ```ts
+* import { validator } from './validation'
+* validator.addSchema(myCustomSchema)
+* ```
+*/
+const validator = new RecordValidator({ strict: false });
+
+//#endregion
+//#region src/xrpc/repo.ts
+function invalidRecordError(c, err, prefix) {
+	const message = err instanceof Error ? err.message : String(err);
+	return c.json({
+		error: "InvalidRecord",
+		message: prefix ? `${prefix}: ${message}` : message
+	}, 400);
+}
+async function describeRepo(c, accountDO) {
+	const repo = c.req.query("repo");
+	if (!repo) return c.json({
+		error: "InvalidRequest",
+		message: "Missing required parameter: repo"
+	}, 400);
+	try {
+		ensureValidDid(repo);
+	} catch (err) {
+		return c.json({
+			error: "InvalidRequest",
+			message: `Invalid DID format: ${err instanceof Error ? err.message : String(err)}`
+		}, 400);
+	}
+	if (repo !== c.env.DID) return c.json({
+		error: "RepoNotFound",
+		message: `Repository not found: ${repo}`
+	}, 404);
+	const data = await accountDO.rpcDescribeRepo();
+	return c.json({
+		did: c.env.DID,
+		handle: c.env.HANDLE,
+		didDoc: {
+			"@context": ["https://www.w3.org/ns/did/v1"],
+			id: c.env.DID,
+			alsoKnownAs: [`at://${c.env.HANDLE}`],
+			verificationMethod: [{
+				id: `${c.env.DID}#atproto`,
+				type: "Multikey",
+				controller: c.env.DID,
+				publicKeyMultibase: c.env.SIGNING_KEY_PUBLIC
+			}]
+		},
+		collections: data.collections,
+		handleIsCorrect: true
+	});
+}
+async function getRecord(c, accountDO) {
+	const repo = c.req.query("repo");
+	const collection = c.req.query("collection");
+	const rkey = c.req.query("rkey");
+	if (!repo || !collection || !rkey) return c.json({
+		error: "InvalidRequest",
+		message: "Missing required parameters: repo, collection, rkey"
+	}, 400);
+	try {
+		ensureValidDid(repo);
+	} catch (err) {
+		return c.json({
+			error: "InvalidRequest",
+			message: `Invalid DID format: ${err instanceof Error ? err.message : String(err)}`
+		}, 400);
+	}
+	if (repo !== c.env.DID) return c.json({
+		error: "RepoNotFound",
+		message: `Repository not found: ${repo}`
+	}, 404);
+	const result = await accountDO.rpcGetRecord(collection, rkey);
+	if (!result) return c.json({
+		error: "RecordNotFound",
+		message: `Record not found: ${collection}/${rkey}`
+	}, 404);
+	return c.json({
+		uri: AtUri.make(repo, collection, rkey).toString(),
+		cid: result.cid,
+		value: result.record
+	});
+}
+async function listRecords(c, accountDO) {
+	const repo = c.req.query("repo");
+	const collection = c.req.query("collection");
+	const limitStr = c.req.query("limit");
+	const cursor = c.req.query("cursor");
+	const reverseStr = c.req.query("reverse");
+	if (!repo || !collection) return c.json({
+		error: "InvalidRequest",
+		message: "Missing required parameters: repo, collection"
+	}, 400);
+	try {
+		ensureValidDid(repo);
+	} catch (err) {
+		return c.json({
+			error: "InvalidRequest",
+			message: `Invalid DID format: ${err instanceof Error ? err.message : String(err)}`
+		}, 400);
+	}
+	if (repo !== c.env.DID) return c.json({
+		error: "RepoNotFound",
+		message: `Repository not found: ${repo}`
+	}, 404);
+	const limit = Math.min(limitStr ? Number.parseInt(limitStr, 10) : 50, 100);
+	const reverse = reverseStr === "true";
+	const result = await accountDO.rpcListRecords(collection, {
+		limit,
+		cursor,
+		reverse
+	});
+	return c.json(result);
+}
+async function createRecord(c, accountDO) {
+	const { repo, collection, rkey, record } = await c.req.json();
+	if (!repo || !collection || !record) return c.json({
+		error: "InvalidRequest",
+		message: "Missing required parameters: repo, collection, record"
+	}, 400);
+	if (repo !== c.env.DID) return c.json({
+		error: "InvalidRepo",
+		message: `Invalid repository: ${repo}`
+	}, 400);
+	try {
+		validator.validateRecord(collection, record);
+	} catch (err) {
+		return invalidRecordError(c, err);
+	}
+	const result = await accountDO.rpcCreateRecord(collection, rkey, record);
+	return c.json(result);
+}
+async function deleteRecord(c, accountDO) {
+	const { repo, collection, rkey } = await c.req.json();
+	if (!repo || !collection || !rkey) return c.json({
+		error: "InvalidRequest",
+		message: "Missing required parameters: repo, collection, rkey"
+	}, 400);
+	if (repo !== c.env.DID) return c.json({
+		error: "InvalidRepo",
+		message: `Invalid repository: ${repo}`
+	}, 400);
+	const result = await accountDO.rpcDeleteRecord(collection, rkey);
+	if (!result) return c.json({
+		error: "RecordNotFound",
+		message: `Record not found: ${collection}/${rkey}`
+	}, 404);
+	return c.json(result);
+}
+async function putRecord(c, accountDO) {
+	const { repo, collection, rkey, record } = await c.req.json();
+	if (!repo || !collection || !rkey || !record) return c.json({
+		error: "InvalidRequest",
+		message: "Missing required parameters: repo, collection, rkey, record"
+	}, 400);
+	if (repo !== c.env.DID) return c.json({
+		error: "InvalidRepo",
+		message: `Invalid repository: ${repo}`
+	}, 400);
+	try {
+		validator.validateRecord(collection, record);
+	} catch (err) {
+		return invalidRecordError(c, err);
+	}
+	try {
+		const result = await accountDO.rpcPutRecord(collection, rkey, record);
+		return c.json(result);
+	} catch (err) {
+		return c.json({
+			error: "InvalidRequest",
+			message: err instanceof Error ? err.message : String(err)
+		}, 400);
+	}
+}
+async function applyWrites(c, accountDO) {
+	const { repo, writes } = await c.req.json();
+	if (!repo || !writes || !Array.isArray(writes)) return c.json({
+		error: "InvalidRequest",
+		message: "Missing required parameters: repo, writes"
+	}, 400);
+	if (repo !== c.env.DID) return c.json({
+		error: "InvalidRepo",
+		message: `Invalid repository: ${repo}`
+	}, 400);
+	if (writes.length > 200) return c.json({
+		error: "InvalidRequest",
+		message: "Too many writes. Max: 200"
+	}, 400);
+	for (let i = 0; i < writes.length; i++) {
+		const write = writes[i];
+		if (write.$type === "com.atproto.repo.applyWrites#create" || write.$type === "com.atproto.repo.applyWrites#update") try {
+			validator.validateRecord(write.collection, write.value);
+		} catch (err) {
+			return invalidRecordError(c, err, `Write ${i}`);
+		}
+	}
+	try {
+		const result = await accountDO.rpcApplyWrites(writes);
+		return c.json(result);
+	} catch (err) {
+		return c.json({
+			error: "InvalidRequest",
+			message: err instanceof Error ? err.message : String(err)
+		}, 400);
+	}
+}
+async function uploadBlob(c, accountDO) {
+	const contentType = c.req.header("Content-Type") || "application/octet-stream";
+	const bytes = new Uint8Array(await c.req.arrayBuffer());
+	const MAX_BLOB_SIZE = 5 * 1024 * 1024;
+	if (bytes.length > MAX_BLOB_SIZE) return c.json({
+		error: "BlobTooLarge",
+		message: `Blob size ${bytes.length} exceeds maximum of ${MAX_BLOB_SIZE} bytes`
+	}, 400);
+	try {
+		const blobRef = await accountDO.rpcUploadBlob(bytes, contentType);
+		return c.json({ blob: blobRef });
+	} catch (err) {
+		if (err instanceof Error && err.message.includes("Blob storage not configured")) return c.json({
+			error: "ServiceUnavailable",
+			message: "Blob storage is not configured"
+		}, 503);
+		throw err;
+	}
+}
+async function importRepo(c, accountDO) {
+	if (c.req.header("Content-Type") !== "application/vnd.ipld.car") return c.json({
+		error: "InvalidRequest",
+		message: "Content-Type must be application/vnd.ipld.car for repository import"
+	}, 400);
+	const carBytes = new Uint8Array(await c.req.arrayBuffer());
+	if (carBytes.length === 0) return c.json({
+		error: "InvalidRequest",
+		message: "Empty CAR file"
+	}, 400);
+	const MAX_CAR_SIZE = 100 * 1024 * 1024;
+	if (carBytes.length > MAX_CAR_SIZE) return c.json({
+		error: "RepoTooLarge",
+		message: `Repository size ${carBytes.length} exceeds maximum of ${MAX_CAR_SIZE} bytes`
+	}, 400);
+	try {
+		const result = await accountDO.rpcImportRepo(carBytes);
+		return c.json(result);
+	} catch (err) {
+		if (err instanceof Error) {
+			if (err.message.includes("already exists")) return c.json({
+				error: "RepoAlreadyExists",
+				message: "Repository already exists. Cannot import over existing data."
+			}, 409);
+			if (err.message.includes("DID mismatch")) return c.json({
+				error: "InvalidRepo",
+				message: err.message
+			}, 400);
+			if (err.message.includes("no roots") || err.message.includes("no blocks") || err.message.includes("Invalid root")) return c.json({
+				error: "InvalidRepo",
+				message: `Invalid CAR file: ${err.message}`
+			}, 400);
+		}
+		throw err;
+	}
+}
+
+//#endregion
+//#region src/xrpc/server.ts
+async function describeServer(c) {
+	return c.json({
+		did: c.env.DID,
+		availableUserDomains: [],
+		inviteCodeRequired: false
+	});
+}
+/**
+* Create a new session (login)
+*/
+async function createSession(c) {
+	const { identifier, password } = await c.req.json();
+	if (!identifier || !password) return c.json({
+		error: "InvalidRequest",
+		message: "Missing identifier or password"
+	}, 400);
+	if (identifier !== c.env.HANDLE && identifier !== c.env.DID) return c.json({
+		error: "AuthenticationRequired",
+		message: "Invalid identifier or password"
+	}, 401);
+	if (!await verifyPassword(password, c.env.PASSWORD_HASH)) return c.json({
+		error: "AuthenticationRequired",
+		message: "Invalid identifier or password"
+	}, 401);
+	const serviceDid = `did:web:${c.env.PDS_HOSTNAME}`;
+	const accessJwt = await createAccessToken(c.env.JWT_SECRET, c.env.DID, serviceDid);
+	const refreshJwt = await createRefreshToken(c.env.JWT_SECRET, c.env.DID, serviceDid);
+	return c.json({
+		accessJwt,
+		refreshJwt,
+		handle: c.env.HANDLE,
+		did: c.env.DID,
+		active: true
+	});
+}
+/**
+* Refresh a session
+*/
+async function refreshSession(c) {
+	const authHeader = c.req.header("Authorization");
+	if (!authHeader?.startsWith("Bearer ")) return c.json({
+		error: "AuthenticationRequired",
+		message: "Refresh token required"
+	}, 401);
+	const token = authHeader.slice(7);
+	const serviceDid = `did:web:${c.env.PDS_HOSTNAME}`;
+	try {
+		if ((await verifyRefreshToken(token, c.env.JWT_SECRET, serviceDid)).sub !== c.env.DID) return c.json({
+			error: "AuthenticationRequired",
+			message: "Invalid refresh token"
+		}, 401);
+		const accessJwt = await createAccessToken(c.env.JWT_SECRET, c.env.DID, serviceDid);
+		const refreshJwt = await createRefreshToken(c.env.JWT_SECRET, c.env.DID, serviceDid);
+		return c.json({
+			accessJwt,
+			refreshJwt,
+			handle: c.env.HANDLE,
+			did: c.env.DID,
+			active: true
+		});
+	} catch (err) {
+		return c.json({
+			error: "ExpiredToken",
+			message: err instanceof Error ? err.message : "Invalid refresh token"
+		}, 400);
+	}
+}
+/**
+* Get current session info
+*/
+async function getSession(c) {
+	const authHeader = c.req.header("Authorization");
+	if (!authHeader?.startsWith("Bearer ")) return c.json({
+		error: "AuthenticationRequired",
+		message: "Access token required"
+	}, 401);
+	const token = authHeader.slice(7);
+	const serviceDid = `did:web:${c.env.PDS_HOSTNAME}`;
+	if (token === c.env.AUTH_TOKEN) return c.json({
+		handle: c.env.HANDLE,
+		did: c.env.DID,
+		active: true
+	});
+	try {
+		if ((await verifyAccessToken(token, c.env.JWT_SECRET, serviceDid)).sub !== c.env.DID) return c.json({
+			error: "AuthenticationRequired",
+			message: "Invalid access token"
+		}, 401);
+		return c.json({
+			handle: c.env.HANDLE,
+			did: c.env.DID,
+			active: true
+		});
+	} catch (err) {
+		return c.json({
+			error: "InvalidToken",
+			message: err instanceof Error ? err.message : "Invalid access token"
+		}, 401);
+	}
+}
+/**
+* Delete current session (logout)
+*/
+async function deleteSession(c) {
+	return c.json({});
+}
+/**
+* Get account status - used for migration checks
+*/
+async function getAccountStatus(c, accountDO) {
+	try {
+		const status = await accountDO.rpcGetRepoStatus();
+		return c.json({
+			activated: true,
+			validDid: true,
+			repoRev: status.rev,
+			repoBlocks: null,
+			indexedRecords: null,
+			privateStateValues: null,
+			expectedBlobs: null,
+			importedBlobs: null
+		});
+	} catch (err) {
+		return c.json({
+			activated: false,
+			validDid: true,
+			repoRev: null,
+			repoBlocks: null,
+			indexedRecords: null,
+			privateStateValues: null,
+			expectedBlobs: null,
+			importedBlobs: null
+		});
+	}
+}
+
+//#endregion
+//#region package.json
+var version = "0.0.0";
+
+//#endregion
+//#region src/index.ts
+const env$1 = env;
+for (const key of [
+	"DID",
+	"HANDLE",
+	"PDS_HOSTNAME",
+	"AUTH_TOKEN",
+	"SIGNING_KEY",
+	"SIGNING_KEY_PUBLIC",
+	"JWT_SECRET",
+	"PASSWORD_HASH"
+]) if (!env$1[key]) throw new Error(`Missing required environment variable: ${key}`);
+try {
+	ensureValidDid(env$1.DID);
+	ensureValidHandle(env$1.HANDLE);
+} catch (err) {
+	throw new Error(`Invalid DID or handle: ${err instanceof Error ? err.message : String(err)}`);
+}
+const APPVIEW_DID = "did:web:api.bsky.app";
+const CHAT_DID = "did:web:api.bsky.chat";
+let keypairPromise = null;
+function getKeypair() {
+	if (!keypairPromise) keypairPromise = Secp256k1Keypair.import(env$1.SIGNING_KEY);
+	return keypairPromise;
+}
+const app = new Hono();
+app.use("*", cors({
+	origin: "*",
+	allowMethods: [
+		"GET",
+		"POST",
+		"PUT",
+		"DELETE",
+		"OPTIONS"
+	],
+	allowHeaders: ["*"],
+	exposeHeaders: ["Content-Type"],
+	maxAge: 86400
+}));
+function getAccountDO(env$2) {
+	const id$16 = env$2.ACCOUNT.idFromName("account");
+	return env$2.ACCOUNT.get(id$16);
+}
+app.get("/.well-known/did.json", (c) => {
+	const didDocument = {
+		"@context": [
+			"https://www.w3.org/ns/did/v1",
+			"https://w3id.org/security/multikey/v1",
+			"https://w3id.org/security/suites/secp256k1-2019/v1"
+		],
+		id: c.env.DID,
+		alsoKnownAs: [`at://${c.env.HANDLE}`],
+		verificationMethod: [{
+			id: `${c.env.DID}#atproto`,
+			type: "Multikey",
+			controller: c.env.DID,
+			publicKeyMultibase: c.env.SIGNING_KEY_PUBLIC
+		}],
+		service: [{
+			id: "#atproto_pds",
+			type: "AtprotoPersonalDataServer",
+			serviceEndpoint: `https://${c.env.PDS_HOSTNAME}`
+		}]
+	};
+	return c.json(didDocument);
+});
+app.get("/.well-known/atproto-did", (c) => {
+	if (c.env.HANDLE !== c.env.PDS_HOSTNAME) return c.notFound();
+	return new Response(c.env.DID, { headers: { "Content-Type": "text/plain" } });
+});
+app.get("/health", (c) => c.json({
+	status: "ok",
+	version
+}));
+app.get("/xrpc/com.atproto.sync.getRepo", (c) => getRepo(c, getAccountDO(c.env)));
+app.get("/xrpc/com.atproto.sync.getRepoStatus", (c) => getRepoStatus(c, getAccountDO(c.env)));
+app.get("/xrpc/com.atproto.sync.getBlob", (c) => getBlob(c, getAccountDO(c.env)));
+app.get("/xrpc/com.atproto.sync.listRepos", (c) => listRepos(c, getAccountDO(c.env)));
+app.get("/xrpc/com.atproto.sync.listBlobs", (c) => listBlobs(c, getAccountDO(c.env)));
+app.get("/xrpc/com.atproto.sync.subscribeRepos", async (c) => {
+	if (c.req.header("Upgrade") !== "websocket") return c.json({
+		error: "InvalidRequest",
+		message: "Expected WebSocket upgrade"
+	}, 400);
+	return getAccountDO(c.env).fetch(c.req.raw);
+});
+app.get("/xrpc/com.atproto.repo.describeRepo", (c) => describeRepo(c, getAccountDO(c.env)));
+app.get("/xrpc/com.atproto.repo.getRecord", (c) => getRecord(c, getAccountDO(c.env)));
+app.get("/xrpc/com.atproto.repo.listRecords", (c) => listRecords(c, getAccountDO(c.env)));
+app.post("/xrpc/com.atproto.repo.createRecord", requireAuth, (c) => createRecord(c, getAccountDO(c.env)));
+app.post("/xrpc/com.atproto.repo.deleteRecord", requireAuth, (c) => deleteRecord(c, getAccountDO(c.env)));
+app.post("/xrpc/com.atproto.repo.uploadBlob", requireAuth, (c) => uploadBlob(c, getAccountDO(c.env)));
+app.post("/xrpc/com.atproto.repo.applyWrites", requireAuth, (c) => applyWrites(c, getAccountDO(c.env)));
+app.post("/xrpc/com.atproto.repo.putRecord", requireAuth, (c) => putRecord(c, getAccountDO(c.env)));
+app.post("/xrpc/com.atproto.repo.importRepo", requireAuth, (c) => importRepo(c, getAccountDO(c.env)));
+app.get("/xrpc/com.atproto.server.describeServer", describeServer);
+app.use("/xrpc/com.atproto.identity.resolveHandle", async (c, next) => {
+	if (c.req.query("handle") === c.env.HANDLE) return c.json({ did: c.env.DID });
+	await next();
+});
+app.post("/xrpc/com.atproto.server.createSession", createSession);
+app.post("/xrpc/com.atproto.server.refreshSession", refreshSession);
+app.get("/xrpc/com.atproto.server.getSession", getSession);
+app.post("/xrpc/com.atproto.server.deleteSession", deleteSession);
+app.get("/xrpc/com.atproto.server.getAccountStatus", requireAuth, (c) => getAccountStatus(c, getAccountDO(c.env)));
+app.get("/xrpc/app.bsky.actor.getPreferences", requireAuth, (c) => {
+	return c.json({ preferences: [] });
+});
+app.post("/xrpc/app.bsky.actor.putPreferences", requireAuth, async (c) => {
+	return c.json({});
+});
+app.get("/xrpc/app.bsky.ageassurance.getState", requireAuth, (c) => {
+	return c.json({
+		state: {
+			status: "assured",
+			access: "full",
+			lastInitiatedAt: (/* @__PURE__ */ new Date()).toISOString()
+		},
+		metadata: { accountCreatedAt: (/* @__PURE__ */ new Date()).toISOString() }
+	});
+});
+app.post("/admin/emit-identity", requireAuth, async (c) => {
+	const result = await getAccountDO(c.env).rpcEmitIdentityEvent(c.env.HANDLE);
+	return c.json(result);
+});
+app.all("/xrpc/*", async (c) => {
+	const url = new URL(c.req.url);
+	url.protocol = "https:";
+	const lxm = url.pathname.replace("/xrpc/", "");
+	const isChat = lxm.startsWith("chat.bsky.");
+	url.host = isChat ? "api.bsky.chat" : "api.bsky.app";
+	const audienceDid = isChat ? CHAT_DID : APPVIEW_DID;
+	const auth = c.req.header("Authorization");
+	let headers = {};
+	if (auth?.startsWith("Bearer ")) {
+		const token = auth.slice(7);
+		const serviceDid = `did:web:${c.env.PDS_HOSTNAME}`;
+		try {
+			let userDid;
+			if (token === c.env.AUTH_TOKEN) userDid = c.env.DID;
+			else userDid = (await verifyAccessToken(token, c.env.JWT_SECRET, serviceDid)).sub;
+			const keypair = await getKeypair();
+			headers["Authorization"] = `Bearer ${await createServiceJwt({
+				iss: userDid,
+				aud: audienceDid,
+				lxm,
+				keypair
+			})}`;
+		} catch {}
+	}
+	const originalHeaders = Object.fromEntries(c.req.raw.headers);
+	delete originalHeaders["authorization"];
+	const reqInit = {
+		method: c.req.method,
+		headers: {
+			...originalHeaders,
+			...headers
+		}
+	};
+	if (c.req.method !== "GET" && c.req.method !== "HEAD") reqInit.body = c.req.raw.body;
+	return fetch(url.toString(), reqInit);
+});
+var src_default = app;
+
+//#endregion
+export { AccountDurableObject, src_default as default };
+//# sourceMappingURL=index.js.map