npm - @atproto/pds - Versions diffs - 0.4.176 → 0.4.177 - Mend

@atproto/pds 0.4.176 → 0.4.177

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (107) hide show

package/CHANGELOG.md +33 -0
package/dist/account-manager/db/migrations/007-lexicon-failures-index.d.ts +4 -0
package/dist/account-manager/db/migrations/007-lexicon-failures-index.d.ts.map +1 -0
package/dist/account-manager/db/migrations/007-lexicon-failures-index.js +17 -0
package/dist/account-manager/db/migrations/007-lexicon-failures-index.js.map +1 -0
package/dist/account-manager/db/migrations/index.d.ts +2 -0
package/dist/account-manager/db/migrations/index.d.ts.map +1 -1
package/dist/account-manager/db/migrations/index.js +2 -0
package/dist/account-manager/db/migrations/index.js.map +1 -1
package/dist/account-manager/helpers/lexicon.d.ts.map +1 -1
package/dist/account-manager/helpers/lexicon.js +7 -0
package/dist/account-manager/helpers/lexicon.js.map +1 -1
package/dist/account-manager/helpers/token.d.ts +32 -32
package/dist/account-manager/scope-reference-getter.d.ts +14 -0
package/dist/account-manager/scope-reference-getter.d.ts.map +1 -0
package/dist/account-manager/scope-reference-getter.js +69 -0
package/dist/account-manager/scope-reference-getter.js.map +1 -0
package/dist/actor-store/actor-store.d.ts.map +1 -1
package/dist/actor-store/actor-store.js +4 -1
package/dist/actor-store/actor-store.js.map +1 -1
package/dist/actor-store/blob/transactor.d.ts +2 -2
package/dist/actor-store/blob/transactor.d.ts.map +1 -1
package/dist/actor-store/blob/transactor.js +73 -24
package/dist/actor-store/blob/transactor.js.map +1 -1
package/dist/actor-store/record/reader.d.ts.map +1 -1
package/dist/actor-store/record/reader.js +12 -9
package/dist/actor-store/record/reader.js.map +1 -1
package/dist/actor-store/repo/sql-repo-reader.d.ts.map +1 -1
package/dist/actor-store/repo/sql-repo-reader.js +2 -2
package/dist/actor-store/repo/sql-repo-reader.js.map +1 -1
package/dist/actor-store/repo/sql-repo-transactor.d.ts.map +1 -1
package/dist/actor-store/repo/sql-repo-transactor.js +16 -19
package/dist/actor-store/repo/sql-repo-transactor.js.map +1 -1
package/dist/actor-store/repo/transactor.d.ts.map +1 -1
package/dist/actor-store/repo/transactor.js +11 -15
package/dist/actor-store/repo/transactor.js.map +1 -1
package/dist/api/com/atproto/admin/updateSubjectStatus.js +6 -2
package/dist/api/com/atproto/admin/updateSubjectStatus.js.map +1 -1
package/dist/api/com/atproto/repo/importRepo.d.ts.map +1 -1
package/dist/api/com/atproto/repo/importRepo.js +43 -51
package/dist/api/com/atproto/repo/importRepo.js.map +1 -1
package/dist/auth-verifier.d.ts.map +1 -1
package/dist/auth-verifier.js +2 -12
package/dist/auth-verifier.js.map +1 -1
package/dist/context.d.ts.map +1 -1
package/dist/context.js +20 -4
package/dist/context.js.map +1 -1
package/dist/disk-blobstore.d.ts.map +1 -1
package/dist/disk-blobstore.js +10 -2
package/dist/disk-blobstore.js.map +1 -1
package/dist/lexicon/index.d.ts +49 -0
package/dist/lexicon/index.d.ts.map +1 -1
package/dist/lexicon/index.js +52 -1
package/dist/lexicon/index.js.map +1 -1
package/dist/lexicon/lexicons.d.ts +470 -16
package/dist/lexicon/lexicons.d.ts.map +1 -1
package/dist/lexicon/lexicons.js +329 -7
package/dist/lexicon/lexicons.js.map +1 -1
package/dist/lexicon/types/com/atproto/moderation/defs.d.ts +8 -8
package/dist/lexicon/types/com/atproto/moderation/defs.d.ts.map +1 -1
package/dist/lexicon/types/com/atproto/moderation/defs.js +7 -7
package/dist/lexicon/types/com/atproto/moderation/defs.js.map +1 -1
package/dist/lexicon/types/com/atproto/temp/dereferenceScope.d.ts +24 -0
package/dist/lexicon/types/com/atproto/temp/dereferenceScope.d.ts.map +1 -0
package/dist/lexicon/types/com/atproto/temp/dereferenceScope.js +7 -0
package/dist/lexicon/types/com/atproto/temp/dereferenceScope.js.map +1 -0
package/dist/lexicon/types/tools/ozone/report/defs.d.ts +92 -0
package/dist/lexicon/types/tools/ozone/report/defs.d.ts.map +1 -0
package/dist/lexicon/types/tools/ozone/report/defs.js +98 -0
package/dist/lexicon/types/tools/ozone/report/defs.js.map +1 -0
package/dist/logger.d.ts +1 -0
package/dist/logger.d.ts.map +1 -1
package/dist/logger.js +2 -1
package/dist/logger.js.map +1 -1
package/dist/scripts/rebuild-repo.d.ts.map +1 -1
package/dist/scripts/rebuild-repo.js +3 -5
package/dist/scripts/rebuild-repo.js.map +1 -1
package/dist/scripts/sequencer-recovery/recoverer.js +8 -10
package/dist/scripts/sequencer-recovery/recoverer.js.map +1 -1
package/dist/sequencer/sequencer.js +2 -2
package/dist/sequencer/sequencer.js.map +1 -1
package/package.json +19 -16
package/src/account-manager/db/migrations/007-lexicon-failures-index.ts +14 -0
package/src/account-manager/db/migrations/index.ts +2 -0
package/src/account-manager/helpers/lexicon.ts +14 -1
package/src/account-manager/scope-reference-getter.ts +92 -0
package/src/actor-store/actor-store.ts +5 -9
package/src/actor-store/blob/transactor.ts +115 -42
package/src/actor-store/record/reader.ts +14 -12
package/src/actor-store/repo/sql-repo-reader.ts +12 -14
package/src/actor-store/repo/sql-repo-transactor.ts +17 -23
package/src/actor-store/repo/transactor.ts +29 -32
package/src/api/com/atproto/admin/updateSubjectStatus.ts +7 -7
package/src/api/com/atproto/repo/importRepo.ts +41 -55
package/src/auth-verifier.ts +4 -20
package/src/context.ts +26 -5
package/src/disk-blobstore.ts +20 -3
package/src/lexicon/index.ts +82 -0
package/src/lexicon/lexicons.ts +341 -7
package/src/lexicon/types/com/atproto/moderation/defs.ts +52 -7
package/src/lexicon/types/com/atproto/temp/dereferenceScope.ts +42 -0
package/src/lexicon/types/tools/ozone/report/defs.ts +154 -0
package/src/logger.ts +1 -0
package/src/scripts/rebuild-repo.ts +4 -5
package/src/scripts/sequencer-recovery/recoverer.ts +8 -12
package/src/sequencer/sequencer.ts +3 -3
package/tsconfig.build.tsbuildinfo +1 -1

package/src/api/com/atproto/repo/importRepo.ts CHANGED Viewed

@@ -1,5 +1,4 @@
 import { CID } from 'multiformats/cid'
-import PQueue from 'p-queue'
 import { TID } from '@atproto/common'
 import { BlobRef, LexValue, RepoRecord } from '@atproto/lexicon'
 import {
@@ -11,7 +10,6 @@ import {
 } from '@atproto/repo'
 import { AtUri } from '@atproto/syntax'
 import { InvalidRequestError } from '@atproto/xrpc-server'
-import { ActorStoreTransactor } from '../../../../actor-store/actor-store-transactor'
 import { ACCESS_FULL } from '../../../../auth-scope'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
@@ -32,53 +30,47 @@ export default function (server: Server, ctx: AppContext) {
       const { did } = auth.credentials
-      await ctx.actorStore.transact(did, (store) =>
-        importRepo(store, input.body),
-      )
-    },
-  })
-}
+      // @NOTE process as much as we can before the transaction, in particular
+      // the reading of the body stream.
+      const { roots, blocks } = await readCarStream(input.body)
+      if (roots.length !== 1) {
+        await blocks.dump()
+        throw new InvalidRequestError('expected one root')
+      }
-const importRepo = async (
-  actorStore: ActorStoreTransactor,
-  incomingCar: AsyncIterable<Uint8Array>,
-) => {
-  const now = new Date().toISOString()
-  const rev = TID.nextStr()
-  const did = actorStore.repo.did
+      const blockMap = new BlockMap()
+      for await (const block of blocks) {
+        blockMap.set(block.cid, block.bytes)
+      }
-  const { roots, blocks } = await readCarStream(incomingCar)
-  if (roots.length !== 1) {
-    await blocks.dump()
-    throw new InvalidRequestError('expected one root')
-  }
-  const blockMap = new BlockMap()
-  for await (const block of blocks) {
-    blockMap.set(block.cid, block.bytes)
-  }
-  const currRepo = await actorStore.repo.maybeLoadRepo()
-  const diff = await verifyDiff(
-    currRepo,
-    blockMap,
-    roots[0],
-    undefined,
-    undefined,
-    { ensureLeaves: false },
-  )
-  diff.commit.rev = rev
-  await actorStore.repo.storage.applyCommit(diff.commit, currRepo === null)
-  const recordQueue = new PQueue({ concurrency: 50 })
-  const controller = new AbortController()
-  for (const write of diff.writes) {
-    recordQueue
-      .add(
-        async () => {
+      await ctx.actorStore.transact(did, async (store) => {
+        const now = new Date().toISOString()
+        const rev = TID.nextStr()
+        const did = store.repo.did
+        const currRepo = await store.repo.maybeLoadRepo()
+        const diff = await verifyDiff(
+          currRepo,
+          blockMap,
+          roots[0],
+          undefined,
+          undefined,
+          { ensureLeaves: false },
+        )
+        diff.commit.rev = rev
+        await store.repo.storage.applyCommit(diff.commit, currRepo === null)
+        // @NOTE There is no point in performing the following concurrently
+        // since better-sqlite3 is synchronous.
+        for (const write of diff.writes) {
           const uri = AtUri.make(did, write.collection, write.rkey)
           if (write.action === WriteOpAction.Delete) {
-            await actorStore.record.deleteRecord(uri)
+            await store.record.deleteRecord(uri)
           } else {
             let parsedRecord: RepoRecord
             try {
+              // @NOTE getAndParseRecord returns a promise for historical
+              // reasons but it's internal processing is actually synchronous.
               const parsed = await getAndParseRecord(blockMap, write.cid)
               parsedRecord = parsed.record
             } catch {
@@ -86,7 +78,8 @@ const importRepo = async (
                 `Could not parse record at '${write.collection}/${write.rkey}'`,
               )
             }
-            const indexRecord = actorStore.record.indexRecord(
+            await store.record.indexRecord(
               uri,
               write.cid,
               parsedRecord,
@@ -95,19 +88,12 @@ const importRepo = async (
               now,
             )
             const recordBlobs = findBlobRefs(parsedRecord)
-            const indexRecordBlobs = actorStore.repo.blob.insertBlobs(
-              uri.toString(),
-              recordBlobs,
-            )
-            await Promise.all([indexRecord, indexRecordBlobs])
+            await store.repo.blob.insertBlobs(uri.toString(), recordBlobs)
           }
-        },
-        { signal: controller.signal },
-      )
-      .catch((err) => controller.abort(err))
-  }
-  await recordQueue.onIdle()
-  controller.signal.throwIfAborted()
+        }
+      })
+    },
+  })
 }
 export const findBlobRefs = (val: LexValue, layer = 0): BlobRef[] => {

package/src/auth-verifier.ts CHANGED Viewed

@@ -7,7 +7,7 @@ import { IdResolver, getDidKeyFromMultibase } from '@atproto/identity'
 import {
   OAuthError,
   OAuthVerifier,
-  VerifyTokenClaimsOptions,
+  VerifyTokenPayloadOptions,
   WWWAuthenticateError,
 } from '@atproto/oauth-provider'
 import {
@@ -39,7 +39,6 @@ import {
 } from './auth-output'
 import { ACCESS_STANDARD, AuthScope, isAuthScope } from './auth-scope'
 import { softDeleted } from './db'
-import { oauthLogger } from './logger'
 import { appendVary } from './util/http'
 import { WithRequired } from './util/types'
@@ -338,7 +337,7 @@ export class AuthVerifier {
     OAuthOutput,
     P
   > {
-    const verifyTokenOptions: VerifyTokenClaimsOptions = {
+    const verifyTokenOptions: VerifyTokenPayloadOptions = {
       audience: [this.dids.pds],
       scope: ['atproto'],
     }
@@ -358,7 +357,7 @@ export class AuthVerifier {
       const originalUrl = req.originalUrl || req.url || '/'
       const url = new URL(originalUrl, this._publicUrl)
-      const { tokenClaims, dpopProof } = await this.oauthVerifier
+      const { scope, sub: did } = await this.oauthVerifier
         .authenticateRequest(
           req.method || 'GET',
           url,
@@ -383,28 +382,13 @@ export class AuthVerifier {
           throw err
         })
-      // @TODO drop this once oauth provider no longer accepts DPoP proof with
-      // query or fragment in "htu" claim.
-      if (dpopProof?.htu.match(/[?#]/)) {
-        oauthLogger.info(
-          {
-            client_id: tokenClaims.client_id,
-            htu: dpopProof.htu,
-          },
-          'DPoP proof "htu" contains query or fragment',
-        )
-      }
-      const { sub: did } = tokenClaims
       if (typeof did !== 'string' || !did.startsWith('did:')) {
         throw new InvalidRequestError('Malformed token', 'InvalidToken')
       }
       await this.verifyStatus(did, verifyStatusOptions)
-      const permissions = new ScopePermissionsTransition(
-        tokenClaims.scope?.split(' '),
-      )
+      const permissions = new ScopePermissionsTransition(scope?.split(' '))
       // Should never happen
       if (!permissions.scopes.has('atproto')) {

package/src/context.ts CHANGED Viewed

@@ -32,6 +32,7 @@ import {
 } from '@atproto-labs/fetch-node'
 import { AccountManager } from './account-manager/account-manager'
 import { OAuthStore } from './account-manager/oauth-store'
+import { ScopeReferenceGetter } from './account-manager/scope-reference-getter'
 import { ActorStore } from './actor-store/actor-store'
 import { authPassthru, forwardedFor } from './api/proxy'
 import {
@@ -46,7 +47,7 @@ import { Crawlers } from './crawlers'
 import { DidSqliteCache } from './did-cache'
 import { DiskBlobStore } from './disk-blobstore'
 import { ImageUrlBuilder } from './image/image-url-builder'
-import { fetchLogger, lexiconResolverLogger } from './logger'
+import { fetchLogger, lexiconResolverLogger, oauthLogger } from './logger'
 import { ServerMailer } from './mailer'
 import { ModerationMailer } from './mailer/moderation'
 import { LocalViewer, LocalViewerCreator } from './read-after-write/viewer'
@@ -397,10 +398,11 @@ export class AppContext {
             protected_resources: [new URL(cfg.oauth.issuer).origin],
           },
           // If the PDS is both an authorization server & resource server (no
-          // entryway), there is no need to use JWTs as access tokens. Instead,
-          // the PDS can use tokenId as access tokens. This allows the PDS to
-          // always use up-to-date token data from the token store.
-          accessTokenMode: AccessTokenMode.light,
+          // entryway), we can afford to check the token validity on every
+          // request. This allows revoked tokens to be rejected immediately.
+          // This also allows JWT to be shorter since some claims (notably the
+          // "scope" claim) do not need to be included in the token.
+          accessTokenMode: AccessTokenMode.stateful,
           getClientInfo(clientId) {
             return {
@@ -410,6 +412,10 @@ export class AppContext {
         })
       : undefined
+    const scopeRefGetter = entrywayAgent
+      ? new ScopeReferenceGetter(entrywayAgent, redisScratch)
+      : undefined
     const oauthVerifier: OAuthVerifier =
       oauthProvider ?? // OAuthProvider extends OAuthVerifier
       new OAuthVerifier({
@@ -417,6 +423,21 @@ export class AppContext {
         keyset: [await JoseKey.fromKeyLike(jwtPublicKey!, undefined, 'ES256K')],
         dpopSecret: secrets.dpopSecret,
         redis: redisScratch,
+        onDecodeToken: scopeRefGetter
+          ? async ({ payload, dpopProof }) => {
+              // @TODO drop this once oauth provider no longer accepts DPoP proof with
+              // query or fragment in "htu" claim.
+              if (dpopProof?.htu.match(/[?#]/)) {
+                oauthLogger.info(
+                  { htu: dpopProof.htu, client_id: payload.client_id },
+                  'DPoP proof "htu" contains query or fragment',
+                )
+              }
+              const scope = await scopeRefGetter.dereference(payload.scope)
+              return { ...payload, scope }
+            }
+          : undefined,
       })
     const authVerifier = new AuthVerifier(

package/src/disk-blobstore.ts CHANGED Viewed

@@ -3,10 +3,16 @@ import fs from 'node:fs/promises'
 import path from 'node:path'
 import stream from 'node:stream'
 import { CID } from 'multiformats/cid'
-import { fileExists, isErrnoException, rmIfExists } from '@atproto/common'
+import {
+  aggregateErrors,
+  chunkArray,
+  fileExists,
+  isErrnoException,
+  rmIfExists,
+} from '@atproto/common'
 import { randomStr } from '@atproto/crypto'
 import { BlobNotFoundError, BlobStore } from '@atproto/repo'
-import { httpLogger as log } from './logger'
+import { blobStoreLogger as log } from './logger'
 export class DiskBlobStore implements BlobStore {
   constructor(
@@ -137,7 +143,18 @@ export class DiskBlobStore implements BlobStore {
   }
   async deleteMany(cids: CID[]): Promise<void> {
-    await Promise.all(cids.map((cid) => this.delete(cid)))
+    const errors: unknown[] = []
+    for (const chunk of chunkArray(cids, 500)) {
+      await Promise.all(
+        chunk.map((cid) =>
+          this.delete(cid).catch((err) => {
+            log.error({ err, cid: cid.toString() }, 'error deleting blob')
+            errors.push(err)
+          }),
+        ),
+      )
+    }
+    if (errors.length) throw aggregateErrors(errors)
   }
   async deleteAll(): Promise<void> {

package/src/lexicon/index.ts CHANGED Viewed

@@ -198,6 +198,7 @@ import * as ComAtprotoSyncSubscribeRepos from './types/com/atproto/sync/subscrib
 import * as ComAtprotoTempAddReservedHandle from './types/com/atproto/temp/addReservedHandle.js'
 import * as ComAtprotoTempCheckHandleAvailability from './types/com/atproto/temp/checkHandleAvailability.js'
 import * as ComAtprotoTempCheckSignupQueue from './types/com/atproto/temp/checkSignupQueue.js'
+import * as ComAtprotoTempDereferenceScope from './types/com/atproto/temp/dereferenceScope.js'
 import * as ComAtprotoTempFetchLabels from './types/com/atproto/temp/fetchLabels.js'
 import * as ComAtprotoTempRequestPhoneVerification from './types/com/atproto/temp/requestPhoneVerification.js'
 import * as ComAtprotoTempRevokeAccountCredentials from './types/com/atproto/temp/revokeAccountCredentials.js'
@@ -289,6 +290,75 @@ export const TOOLS_OZONE_MODERATION = {
   DefsTimelineEventPlcTombstone:
     'tools.ozone.moderation.defs#timelineEventPlcTombstone',
 }
+export const TOOLS_OZONE_REPORT = {
+  DefsReasonAppeal: 'tools.ozone.report.defs#reasonAppeal',
+  DefsReasonViolenceAnimalWelfare:
+    'tools.ozone.report.defs#reasonViolenceAnimalWelfare',
+  DefsReasonViolenceThreats: 'tools.ozone.report.defs#reasonViolenceThreats',
+  DefsReasonViolenceGraphicContent:
+    'tools.ozone.report.defs#reasonViolenceGraphicContent',
+  DefsReasonViolenceSelfHarm: 'tools.ozone.report.defs#reasonViolenceSelfHarm',
+  DefsReasonViolenceGlorification:
+    'tools.ozone.report.defs#reasonViolenceGlorification',
+  DefsReasonViolenceExtremistContent:
+    'tools.ozone.report.defs#reasonViolenceExtremistContent',
+  DefsReasonViolenceTrafficking:
+    'tools.ozone.report.defs#reasonViolenceTrafficking',
+  DefsReasonViolenceOther: 'tools.ozone.report.defs#reasonViolenceOther',
+  DefsReasonSexualAbuseContent:
+    'tools.ozone.report.defs#reasonSexualAbuseContent',
+  DefsReasonSexualNCII: 'tools.ozone.report.defs#reasonSexualNCII',
+  DefsReasonSexualSextortion: 'tools.ozone.report.defs#reasonSexualSextortion',
+  DefsReasonSexualDeepfake: 'tools.ozone.report.defs#reasonSexualDeepfake',
+  DefsReasonSexualAnimal: 'tools.ozone.report.defs#reasonSexualAnimal',
+  DefsReasonSexualUnlabeled: 'tools.ozone.report.defs#reasonSexualUnlabeled',
+  DefsReasonSexualOther: 'tools.ozone.report.defs#reasonSexualOther',
+  DefsReasonChildSafetyCSAM: 'tools.ozone.report.defs#reasonChildSafetyCSAM',
+  DefsReasonChildSafetyGroom: 'tools.ozone.report.defs#reasonChildSafetyGroom',
+  DefsReasonChildSafetyMinorPrivacy:
+    'tools.ozone.report.defs#reasonChildSafetyMinorPrivacy',
+  DefsReasonChildSafetyEndangerment:
+    'tools.ozone.report.defs#reasonChildSafetyEndangerment',
+  DefsReasonChildSafetyHarassment:
+    'tools.ozone.report.defs#reasonChildSafetyHarassment',
+  DefsReasonChildSafetyPromotion:
+    'tools.ozone.report.defs#reasonChildSafetyPromotion',
+  DefsReasonChildSafetyOther: 'tools.ozone.report.defs#reasonChildSafetyOther',
+  DefsReasonHarassmentTroll: 'tools.ozone.report.defs#reasonHarassmentTroll',
+  DefsReasonHarassmentTargeted:
+    'tools.ozone.report.defs#reasonHarassmentTargeted',
+  DefsReasonHarassmentHateSpeech:
+    'tools.ozone.report.defs#reasonHarassmentHateSpeech',
+  DefsReasonHarassmentDoxxing:
+    'tools.ozone.report.defs#reasonHarassmentDoxxing',
+  DefsReasonHarassmentOther: 'tools.ozone.report.defs#reasonHarassmentOther',
+  DefsReasonMisleadingBot: 'tools.ozone.report.defs#reasonMisleadingBot',
+  DefsReasonMisleadingImpersonation:
+    'tools.ozone.report.defs#reasonMisleadingImpersonation',
+  DefsReasonMisleadingSpam: 'tools.ozone.report.defs#reasonMisleadingSpam',
+  DefsReasonMisleadingScam: 'tools.ozone.report.defs#reasonMisleadingScam',
+  DefsReasonMisleadingSyntheticContent:
+    'tools.ozone.report.defs#reasonMisleadingSyntheticContent',
+  DefsReasonMisleadingMisinformation:
+    'tools.ozone.report.defs#reasonMisleadingMisinformation',
+  DefsReasonMisleadingOther: 'tools.ozone.report.defs#reasonMisleadingOther',
+  DefsReasonRuleSiteSecurity: 'tools.ozone.report.defs#reasonRuleSiteSecurity',
+  DefsReasonRuleStolenContent:
+    'tools.ozone.report.defs#reasonRuleStolenContent',
+  DefsReasonRuleProhibitedSales:
+    'tools.ozone.report.defs#reasonRuleProhibitedSales',
+  DefsReasonRuleBanEvasion: 'tools.ozone.report.defs#reasonRuleBanEvasion',
+  DefsReasonRuleOther: 'tools.ozone.report.defs#reasonRuleOther',
+  DefsReasonCivicElectoralProcess:
+    'tools.ozone.report.defs#reasonCivicElectoralProcess',
+  DefsReasonCivicDisclosure: 'tools.ozone.report.defs#reasonCivicDisclosure',
+  DefsReasonCivicInterference:
+    'tools.ozone.report.defs#reasonCivicInterference',
+  DefsReasonCivicMisinformation:
+    'tools.ozone.report.defs#reasonCivicMisinformation',
+  DefsReasonCivicImpersonation:
+    'tools.ozone.report.defs#reasonCivicImpersonation',
+}
 export const TOOLS_OZONE_TEAM = {
   DefsRoleAdmin: 'tools.ozone.team.defs#roleAdmin',
   DefsRoleModerator: 'tools.ozone.team.defs#roleModerator',
@@ -2843,6 +2913,18 @@ export class ComAtprotoTempNS {
     return this._server.xrpc.method(nsid, cfg)
   }
+  dereferenceScope<A extends Auth = void>(
+    cfg: MethodConfigOrHandler<
+      A,
+      ComAtprotoTempDereferenceScope.QueryParams,
+      ComAtprotoTempDereferenceScope.HandlerInput,
+      ComAtprotoTempDereferenceScope.HandlerOutput
+    >,
+  ) {
+    const nsid = 'com.atproto.temp.dereferenceScope' // @ts-ignore
+    return this._server.xrpc.method(nsid, cfg)
+  }
   fetchLabels<A extends Auth = void>(
     cfg: MethodConfigOrHandler<
       A,