@atproto/bsky 0.0.53 → 0.0.55

package/dist/lexicon/types/com/atproto/server/createAppPassword.d.ts

@@ -9,6 +9,8 @@ export interface QueryParams {
 export interface InputSchema {
     /** A short name for the App Password, to help distinguish them. */
     name: string;
+    /** If an app password has 'privileged' access to possibly sensitive account state. Meant for use with trusted clients. */
+    privileged?: boolean;
     [k: string]: unknown;
 }
 export type OutputSchema = AppPassword;
@@ -41,6 +43,7 @@ export interface AppPassword {
     name: string;
     password: string;
     createdAt: string;
+    privileged?: boolean;
     [k: string]: unknown;
 }
 export declare function isAppPassword(v: unknown): v is AppPassword;

package/dist/lexicon/types/com/atproto/server/createAppPassword.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"createAppPassword.d.ts","sourceRoot":"","sources":["../../../../../../src/lexicon/types/com/atproto/server/createAppPassword.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,OAAO,MAAM,SAAS,CAAA;AAC7B,OAAO,EAAE,gBAAgB,EAAW,MAAM,kBAAkB,CAAA;AAI5D,OAAO,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AAEtE,MAAM,WAAW,WAAW;CAAG;AAE/B,MAAM,WAAW,WAAW;IAC1B,mEAAmE;IACnE,IAAI,EAAE,MAAM,CAAA;IACZ,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;CACrB;AAED,MAAM,MAAM,YAAY,GAAG,WAAW,CAAA;AAEtC,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,IAAI,EAAE,WAAW,CAAA;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,IAAI,EAAE,YAAY,CAAA;IAClB,OAAO,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,KAAK,CAAC,EAAE,iBAAiB,CAAA;CAC1B;AAED,MAAM,MAAM,aAAa,GAAG,YAAY,GAAG,cAAc,GAAG,kBAAkB,CAAA;AAC9E,MAAM,MAAM,aAAa,CAAC,EAAE,SAAS,WAAW,GAAG,KAAK,IAAI;IAC1D,IAAI,EAAE,EAAE,CAAA;IACR,MAAM,EAAE,WAAW,CAAA;IACnB,KAAK,EAAE,YAAY,CAAA;IACnB,GAAG,EAAE,OAAO,CAAC,OAAO,CAAA;IACpB,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAA;CACtB,CAAA;AACD,MAAM,MAAM,OAAO,CAAC,EAAE,SAAS,WAAW,GAAG,KAAK,IAAI,CACpD,GAAG,EAAE,aAAa,CAAC,EAAE,CAAC,KACnB,OAAO,CAAC,aAAa,CAAC,GAAG,aAAa,CAAA;AAE3C,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;CACrB;AAED,wBAAgB,aAAa,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,WAAW,CAM1D;AAED,wBAAgB,mBAAmB,CAAC,CAAC,EAAE,OAAO,GAAG,gBAAgB,CAKhE"}
+{"version":3,"file":"createAppPassword.d.ts","sourceRoot":"","sources":["../../../../../../src/lexicon/types/com/atproto/server/createAppPassword.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,OAAO,MAAM,SAAS,CAAA;AAC7B,OAAO,EAAE,gBAAgB,EAAW,MAAM,kBAAkB,CAAA;AAI5D,OAAO,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AAEtE,MAAM,WAAW,WAAW;CAAG;AAE/B,MAAM,WAAW,WAAW;IAC1B,mEAAmE;IACnE,IAAI,EAAE,MAAM,CAAA;IACZ,0HAA0H;IAC1H,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;CACrB;AAED,MAAM,MAAM,YAAY,GAAG,WAAW,CAAA;AAEtC,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,IAAI,EAAE,WAAW,CAAA;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,IAAI,EAAE,YAAY,CAAA;IAClB,OAAO,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,KAAK,CAAC,EAAE,iBAAiB,CAAA;CAC1B;AAED,MAAM,MAAM,aAAa,GAAG,YAAY,GAAG,cAAc,GAAG,kBAAkB,CAAA;AAC9E,MAAM,MAAM,aAAa,CAAC,EAAE,SAAS,WAAW,GAAG,KAAK,IAAI;IAC1D,IAAI,EAAE,EAAE,CAAA;IACR,MAAM,EAAE,WAAW,CAAA;IACnB,KAAK,EAAE,YAAY,CAAA;IACnB,GAAG,EAAE,OAAO,CAAC,OAAO,CAAA;IACpB,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAA;CACtB,CAAA;AACD,MAAM,MAAM,OAAO,CAAC,EAAE,SAAS,WAAW,GAAG,KAAK,IAAI,CACpD,GAAG,EAAE,aAAa,CAAC,EAAE,CAAC,KACnB,OAAO,CAAC,aAAa,CAAC,GAAG,aAAa,CAAA;AAE3C,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;CACrB;AAED,wBAAgB,aAAa,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,WAAW,CAM1D;AAED,wBAAgB,mBAAmB,CAAC,CAAC,EAAE,OAAO,GAAG,gBAAgB,CAKhE"}

package/dist/lexicon/types/com/atproto/server/createAppPassword.js.map

@@ -1 +1 @@
-{"version":3,"file":"createAppPassword.js","sourceRoot":"","sources":["../../../../../../src/lexicon/types/com/atproto/server/createAppPassword.ts"],"names":[],"mappings":";;;AAKA,mDAA+C;AAC/C,2CAAiD;AAkDjD,SAAgB,aAAa,CAAC,CAAU;IACtC,OAAO,CACL,IAAA,YAAK,EAAC,CAAC,CAAC;QACR,IAAA,cAAO,EAAC,CAAC,EAAE,OAAO,CAAC;QACnB,CAAC,CAAC,KAAK,KAAK,kDAAkD,CAC/D,CAAA;AACH,CAAC;AAND,sCAMC;AAED,SAAgB,mBAAmB,CAAC,CAAU;IAC5C,OAAO,mBAAQ,CAAC,QAAQ,CACtB,kDAAkD,EAClD,CAAC,CACF,CAAA;AACH,CAAC;AALD,kDAKC"}
+{"version":3,"file":"createAppPassword.js","sourceRoot":"","sources":["../../../../../../src/lexicon/types/com/atproto/server/createAppPassword.ts"],"names":[],"mappings":";;;AAKA,mDAA+C;AAC/C,2CAAiD;AAqDjD,SAAgB,aAAa,CAAC,CAAU;IACtC,OAAO,CACL,IAAA,YAAK,EAAC,CAAC,CAAC;QACR,IAAA,cAAO,EAAC,CAAC,EAAE,OAAO,CAAC;QACnB,CAAC,CAAC,KAAK,KAAK,kDAAkD,CAC/D,CAAA;AACH,CAAC;AAND,sCAMC;AAED,SAAgB,mBAAmB,CAAC,CAAU;IAC5C,OAAO,mBAAQ,CAAC,QAAQ,CACtB,kDAAkD,EAClD,CAAC,CACF,CAAA;AACH,CAAC;AALD,kDAKC"}

package/dist/lexicon/types/com/atproto/server/listAppPasswords.d.ts

@@ -36,6 +36,7 @@ export type Handler<HA extends HandlerAuth = never> = (ctx: HandlerReqCtx<HA>) =
 export interface AppPassword {
     name: string;
     createdAt: string;
+    privileged?: boolean;
     [k: string]: unknown;
 }
 export declare function isAppPassword(v: unknown): v is AppPassword;

package/dist/lexicon/types/com/atproto/server/listAppPasswords.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"listAppPasswords.d.ts","sourceRoot":"","sources":["../../../../../../src/lexicon/types/com/atproto/server/listAppPasswords.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,OAAO,MAAM,SAAS,CAAA;AAC7B,OAAO,EAAE,gBAAgB,EAAW,MAAM,kBAAkB,CAAA;AAI5D,OAAO,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AAEtE,MAAM,WAAW,WAAW;CAAG;AAE/B,MAAM,MAAM,WAAW,GAAG,SAAS,CAAA;AAEnC,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,WAAW,EAAE,CAAA;IACxB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;CACrB;AAED,MAAM,MAAM,YAAY,GAAG,SAAS,CAAA;AAEpC,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,IAAI,EAAE,YAAY,CAAA;IAClB,OAAO,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,KAAK,CAAC,EAAE,iBAAiB,CAAA;CAC1B;AAED,MAAM,MAAM,aAAa,GAAG,YAAY,GAAG,cAAc,GAAG,kBAAkB,CAAA;AAC9E,MAAM,MAAM,aAAa,CAAC,EAAE,SAAS,WAAW,GAAG,KAAK,IAAI;IAC1D,IAAI,EAAE,EAAE,CAAA;IACR,MAAM,EAAE,WAAW,CAAA;IACnB,KAAK,EAAE,YAAY,CAAA;IACnB,GAAG,EAAE,OAAO,CAAC,OAAO,CAAA;IACpB,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAA;CACtB,CAAA;AACD,MAAM,MAAM,OAAO,CAAC,EAAE,SAAS,WAAW,GAAG,KAAK,IAAI,CACpD,GAAG,EAAE,aAAa,CAAC,EAAE,CAAC,KACnB,OAAO,CAAC,aAAa,CAAC,GAAG,aAAa,CAAA;AAE3C,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,MAAM,CAAA;IACjB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;CACrB;AAED,wBAAgB,aAAa,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,WAAW,CAM1D;AAED,wBAAgB,mBAAmB,CAAC,CAAC,EAAE,OAAO,GAAG,gBAAgB,CAEhE"}
+{"version":3,"file":"listAppPasswords.d.ts","sourceRoot":"","sources":["../../../../../../src/lexicon/types/com/atproto/server/listAppPasswords.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,OAAO,MAAM,SAAS,CAAA;AAC7B,OAAO,EAAE,gBAAgB,EAAW,MAAM,kBAAkB,CAAA;AAI5D,OAAO,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AAEtE,MAAM,WAAW,WAAW;CAAG;AAE/B,MAAM,MAAM,WAAW,GAAG,SAAS,CAAA;AAEnC,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,WAAW,EAAE,CAAA;IACxB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;CACrB;AAED,MAAM,MAAM,YAAY,GAAG,SAAS,CAAA;AAEpC,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,IAAI,EAAE,YAAY,CAAA;IAClB,OAAO,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,KAAK,CAAC,EAAE,iBAAiB,CAAA;CAC1B;AAED,MAAM,MAAM,aAAa,GAAG,YAAY,GAAG,cAAc,GAAG,kBAAkB,CAAA;AAC9E,MAAM,MAAM,aAAa,CAAC,EAAE,SAAS,WAAW,GAAG,KAAK,IAAI;IAC1D,IAAI,EAAE,EAAE,CAAA;IACR,MAAM,EAAE,WAAW,CAAA;IACnB,KAAK,EAAE,YAAY,CAAA;IACnB,GAAG,EAAE,OAAO,CAAC,OAAO,CAAA;IACpB,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAA;CACtB,CAAA;AACD,MAAM,MAAM,OAAO,CAAC,EAAE,SAAS,WAAW,GAAG,KAAK,IAAI,CACpD,GAAG,EAAE,aAAa,CAAC,EAAE,CAAC,KACnB,OAAO,CAAC,aAAa,CAAC,GAAG,aAAa,CAAA;AAE3C,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;CACrB;AAED,wBAAgB,aAAa,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,WAAW,CAM1D;AAED,wBAAgB,mBAAmB,CAAC,CAAC,EAAE,OAAO,GAAG,gBAAgB,CAEhE"}

package/dist/lexicon/types/com/atproto/server/listAppPasswords.js.map

@@ -1 +1 @@
-{"version":3,"file":"listAppPasswords.js","sourceRoot":"","sources":["../../../../../../src/lexicon/types/com/atproto/server/listAppPasswords.ts"],"names":[],"mappings":";;;AAKA,mDAA+C;AAC/C,2CAAiD;AA6CjD,SAAgB,aAAa,CAAC,CAAU;IACtC,OAAO,CACL,IAAA,YAAK,EAAC,CAAC,CAAC;QACR,IAAA,cAAO,EAAC,CAAC,EAAE,OAAO,CAAC;QACnB,CAAC,CAAC,KAAK,KAAK,iDAAiD,CAC9D,CAAA;AACH,CAAC;AAND,sCAMC;AAED,SAAgB,mBAAmB,CAAC,CAAU;IAC5C,OAAO,mBAAQ,CAAC,QAAQ,CAAC,iDAAiD,EAAE,CAAC,CAAC,CAAA;AAChF,CAAC;AAFD,kDAEC"}
+{"version":3,"file":"listAppPasswords.js","sourceRoot":"","sources":["../../../../../../src/lexicon/types/com/atproto/server/listAppPasswords.ts"],"names":[],"mappings":";;;AAKA,mDAA+C;AAC/C,2CAAiD;AA8CjD,SAAgB,aAAa,CAAC,CAAU;IACtC,OAAO,CACL,IAAA,YAAK,EAAC,CAAC,CAAC;QACR,IAAA,cAAO,EAAC,CAAC,EAAE,OAAO,CAAC;QACnB,CAAC,CAAC,KAAK,KAAK,iDAAiD,CAC9D,CAAA;AACH,CAAC;AAND,sCAMC;AAED,SAAgB,mBAAmB,CAAC,CAAU;IAC5C,OAAO,mBAAQ,CAAC,QAAQ,CAAC,iDAAiD,EAAE,CAAC,CAAC,CAAA;AAChF,CAAC;AAFD,kDAEC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/bsky",
-  "version": "0.0.53",
+  "version": "0.0.55",
   "license": "MIT",
   "description": "Reference implementation of app.bsky App View (Bluesky API)",
   "keywords": [
@@ -39,7 +39,7 @@
     "structured-headers": "^1.0.1",
     "typed-emitter": "^2.1.0",
     "uint8arrays": "3.0.0",
-    "@atproto/api": "^0.12.11",
+    "@atproto/api": "^0.12.13",
     "@atproto/common": "^0.4.0",
     "@atproto/crypto": "^0.4.0",
     "@atproto/identity": "^0.4.0",
@@ -61,9 +61,9 @@
     "axios": "^0.27.2",
     "jest": "^28.1.2",
     "ts-node": "^10.8.2",
-    "@atproto/api": "^0.12.11",
+    "@atproto/api": "^0.12.13",
     "@atproto/lex-cli": "^0.4.0",
-    "@atproto/pds": "^0.4.23",
+    "@atproto/pds": "^0.4.27",
     "@atproto/xrpc": "^0.5.0"
   },
   "scripts": {

package/src/api/app/bsky/graph/getLists.ts

@@ -16,11 +16,15 @@ import { clearlyBadCursor, resHeaders } from '../../../util'
 export default function (server: Server, ctx: AppContext) {
   const getLists = createPipeline(skeleton, hydration, noRules, presentation)
   server.app.bsky.graph.getLists({
-    auth: ctx.authVerifier.standardOptional,
+    auth: ctx.authVerifier.optionalStandardOrRole,
     handler: async ({ params, auth, req }) => {
-      const viewer = auth.credentials.iss
       const labelers = ctx.reqLabelers(req)
-      const hydrateCtx = await ctx.hydrator.createContext({ labelers, viewer })
+      const { viewer, includeTakedowns } = ctx.authVerifier.parseCreds(auth)
+      const hydrateCtx = await ctx.hydrator.createContext({
+        labelers,
+        viewer,
+        includeTakedowns,
+      })
       const result = await getLists({ ...params, hydrateCtx }, ctx)
 
       return {

package/src/api/com/atproto/admin/getAccountInfos.ts

@@ -20,6 +20,7 @@ export default function (server: Server, ctx: AppContext) {
           !info.profileTakedownRef || includeTakedowns
             ? info.profile
             : undefined
+
         return {
           did,
           handle: info.handle ?? INVALID_HANDLE,

package/src/api/com/atproto/label/queryLabels.ts

@@ -0,0 +1,35 @@
+import { Server } from '../../../../lexicon'
+import AppContext from '../../../../context'
+import { InvalidRequestError } from '@atproto/xrpc-server'
+
+export default function (server: Server, ctx: AppContext) {
+  server.com.atproto.label.queryLabels(async ({ params }) => {
+    const { uriPatterns, sources } = params
+
+    if (uriPatterns.find((uri) => uri.includes('*'))) {
+      throw new InvalidRequestError('wildcards not supported')
+    }
+
+    if (!sources?.length) {
+      throw new InvalidRequestError('source dids are required')
+    }
+
+    const labelMap = await ctx.hydrator.label.getLabelsForSubjects(
+      uriPatterns,
+      // If sources are provided, use them. Otherwise, use the labelers from the request header
+      {
+        dids: sources,
+        redact: new Set(),
+      },
+    )
+    const labels = uriPatterns.flatMap((uri) => labelMap.getBySubject(uri))
+
+    return {
+      encoding: 'application/json',
+      body: {
+        cursor: undefined,
+        labels,
+      },
+    }
+  })
+}

package/src/api/index.ts

@@ -46,6 +46,7 @@ import getAccountInfos from './com/atproto/admin/getAccountInfos'
 import resolveHandle from './com/atproto/identity/resolveHandle'
 import getRecord from './com/atproto/repo/getRecord'
 import fetchLabels from './com/atproto/temp/fetchLabels'
+import queryLabels from './com/atproto/label/queryLabels'
 
 export * as health from './health'
 
@@ -102,5 +103,6 @@ export default function (server: Server, ctx: AppContext) {
   resolveHandle(server, ctx)
   getRecord(server, ctx)
   fetchLabels(server, ctx)
+  queryLabels(server, ctx)
   return server
 }

package/src/hydration/hydrator.ts

@@ -219,7 +219,7 @@ export class Hydrator {
     ctx: HydrateCtx,
   ): Promise<HydrationState> {
     const [lists, listViewers, labels] = await Promise.all([
-      this.graph.getLists(uris),
+      this.graph.getLists(uris, ctx.includeTakedowns),
       ctx.viewer ? this.graph.getListViewerStates(uris, ctx.viewer) : undefined,
       this.label.getLabelsForSubjects(uris, ctx.labelers),
     ])

package/src/hydration/label.ts

@@ -75,6 +75,7 @@ export class LabelHydrator {
       subjects,
       issuers: labelers.dids,
     })
+
     return res.labels.reduce((acc, cur) => {
       const parsed = parseJsonBytes(cur) as Label | undefined
       if (!parsed || parsed.neg) return acc

package/src/lexicon/lexicons.ts

@@ -2052,6 +2052,11 @@ export const schemaDict = {
                 description:
                   'A short name for the App Password, to help distinguish them.',
               },
+              privileged: {
+                type: 'boolean',
+                description:
+                  "If an app password has 'privileged' access to possibly sensitive account state. Meant for use with trusted clients.",
+              },
             },
           },
         },
@@ -2082,6 +2087,9 @@ export const schemaDict = {
             type: 'string',
             format: 'datetime',
           },
+          privileged: {
+            type: 'boolean',
+          },
         },
       },
     },
@@ -2629,6 +2637,9 @@ export const schemaDict = {
             type: 'string',
             format: 'datetime',
           },
+          privileged: {
+            type: 'boolean',
+          },
         },
       },
     },

package/src/lexicon/types/com/atproto/server/createAppPassword.ts

@@ -13,6 +13,8 @@ export interface QueryParams {}
 export interface InputSchema {
   /** A short name for the App Password, to help distinguish them. */
   name: string
+  /** If an app password has 'privileged' access to possibly sensitive account state. Meant for use with trusted clients. */
+  privileged?: boolean
   [k: string]: unknown
 }
 
@@ -51,6 +53,7 @@ export interface AppPassword {
   name: string
   password: string
   createdAt: string
+  privileged?: boolean
   [k: string]: unknown
 }
 

package/src/lexicon/types/com/atproto/server/listAppPasswords.ts

@@ -46,6 +46,7 @@ export type Handler<HA extends HandlerAuth = never> = (
 export interface AppPassword {
   name: string
   createdAt: string
+  privileged?: boolean
   [k: string]: unknown
 }
 

package/tests/query-labels.test.ts

@@ -0,0 +1,87 @@
+import { AtpAgent } from '@atproto/api'
+import { TestNetwork, SeedClient, basicSeed } from '@atproto/dev-env'
+import axios from 'axios'
+
+describe('label hydration', () => {
+  let network: TestNetwork
+  let agent: AtpAgent
+  let pdsAgent: AtpAgent
+  let sc: SeedClient
+
+  let alice: string
+  let bob: string
+  let carol: string
+  let labelerDid: string
+
+  beforeAll(async () => {
+    network = await TestNetwork.create({
+      dbPostgresSchema: 'bsky_label_hydration',
+    })
+    agent = network.bsky.getClient()
+    pdsAgent = network.pds.getClient()
+    sc = network.getSeedClient()
+    await basicSeed(sc)
+    alice = sc.dids.alice
+    bob = sc.dids.bob
+    carol = sc.dids.carol
+    labelerDid = network.bsky.ctx.cfg.labelsFromIssuerDids[0]
+    await createLabel({ src: alice, uri: carol, cid: '', val: 'spam' })
+    await createLabel({ src: bob, uri: carol, cid: '', val: 'impersonation' })
+    await createLabel({
+      src: labelerDid,
+      uri: carol,
+      cid: '',
+      val: 'misleading',
+    })
+    await network.processAll()
+  })
+
+  afterAll(async () => {
+    await network.close()
+  })
+
+  it('returns labels based for a subject', async () => {
+    const { data } = await pdsAgent.api.com.atproto.label.queryLabels(
+      { uriPatterns: [carol], sources: [alice] },
+      {
+        headers: sc.getHeaders(bob),
+      },
+    )
+    expect(data.labels?.length).toBe(1)
+    expect(data.labels?.[0].src).toBe(alice)
+    expect(data.labels?.[0].val).toBe('spam')
+  })
+
+  it('returns labels from supplied labelers as param', async () => {
+    const { data } = await pdsAgent.api.com.atproto.label.queryLabels(
+      { uriPatterns: [carol], sources: [alice, labelerDid] },
+      {
+        headers: sc.getHeaders(bob),
+      },
+    )
+    expect(data.labels?.length).toBe(2)
+    expect(data.labels?.find((l) => l.src === alice)?.val).toEqual('spam')
+    expect(data.labels?.find((l) => l.src === labelerDid)?.val).toEqual(
+      'misleading',
+    )
+  })
+
+  const createLabel = async (opts: {
+    src?: string
+    uri: string
+    cid: string
+    val: string
+  }) => {
+    await network.bsky.db.db
+      .insertInto('label')
+      .values({
+        uri: opts.uri,
+        cid: opts.cid,
+        val: opts.val,
+        cts: new Date().toISOString(),
+        neg: false,
+        src: opts.src ?? labelerDid,
+      })
+      .execute()
+  }
+})