@atproto/pds 0.4.59 → 0.4.61

package/src/api/com/atproto/admin/getAccountInfos.ts

@@ -0,0 +1,33 @@
+import { Server } from '../../../../lexicon'
+import AppContext from '../../../../context'
+import { formatAccountInfo } from './util'
+
+export default function (server: Server, ctx: AppContext) {
+  server.com.atproto.admin.getAccountInfos({
+    auth: ctx.authVerifier.moderator,
+    handler: async ({ params }) => {
+      const [accounts, invites, invitedBy] = await Promise.all([
+        ctx.accountManager.getAccounts(params.dids, {
+          includeDeactivated: true,
+          includeTakenDown: true,
+        }),
+        ctx.accountManager.getAccountsInvitesCodes(params.dids),
+        ctx.accountManager.getInvitedByForAccounts(params.dids),
+      ])
+
+      const managesOwnInvites = !ctx.cfg.entryway
+      const infos = Array.from(accounts.values()).map((account) => {
+        return formatAccountInfo(account, {
+          managesOwnInvites,
+          invitedBy,
+          invites,
+        })
+      })
+
+      return {
+        encoding: 'application/json',
+        body: { infos },
+      }
+    },
+  })
+}

package/src/api/com/atproto/admin/index.ts

@@ -12,11 +12,13 @@ import updateAccountEmail from './updateAccountEmail'
 import updateAccountPassword from './updateAccountPassword'
 import sendEmail from './sendEmail'
 import deleteAccount from './deleteAccount'
+import getAccountInfos from './getAccountInfos'
 
 export default function (server: Server, ctx: AppContext) {
   updateSubjectStatus(server, ctx)
   getSubjectStatus(server, ctx)
   getAccountInfo(server, ctx)
+  getAccountInfos(server, ctx)
   enableAccountInvites(server, ctx)
   disableAccountInvites(server, ctx)
   disableInviteCodes(server, ctx)

package/src/api/com/atproto/admin/util.ts

@@ -1,4 +1,7 @@
 import express from 'express'
+import { ActorAccount } from '../../../../account-manager/helpers/account'
+import { INVALID_HANDLE } from '@atproto/syntax'
+import { CodeDetail } from '../../../../account-manager/helpers/invite'
 
 // Output designed to passed as second arg to AtpAgent methods.
 // The encoding field here is a quirk of the AtpAgent.
@@ -22,3 +25,38 @@ export function authPassthru(req: express.Request, withEncoding?: boolean) {
     }
   }
 }
+
+export function formatAccountInfo(
+  account: ActorAccount,
+  {
+    managesOwnInvites,
+    invitedBy,
+    invites,
+  }: {
+    managesOwnInvites: boolean
+    invites: Map<string, CodeDetail[]> | CodeDetail[]
+    invitedBy: Record<string, CodeDetail>
+  },
+) {
+  let invitesResults: CodeDetail[] | undefined
+  if (managesOwnInvites) {
+    if (Array.isArray(invites)) {
+      invitesResults = invites
+    } else {
+      invitesResults = invites.get(account.did) || []
+    }
+  }
+  return {
+    did: account.did,
+    handle: account.handle ?? INVALID_HANDLE,
+    email: account.email ?? undefined,
+    indexedAt: account.createdAt,
+    emailConfirmedAt: account.emailConfirmedAt ?? undefined,
+    invitedBy: managesOwnInvites ? invitedBy[account.did] : undefined,
+    invites: invitesResults,
+    invitesDisabled: managesOwnInvites
+      ? account.invitesDisabled === 1
+      : undefined,
+    deactivatedAt: account.deactivatedAt ?? undefined,
+  }
+}

package/src/api/com/atproto/repo/getRecord.ts

@@ -16,7 +16,10 @@ export default function (server: Server, ctx: AppContext) {
         store.record.getRecord(uri, cid ?? null),
       )
       if (!record || record.takedownRef !== null) {
-        throw new InvalidRequestError(`Could not locate record: ${uri}`)
+        throw new InvalidRequestError(
+          `Could not locate record: ${uri}`,
+          'RecordNotFound',
+        )
       }
       return {
         encoding: 'application/json',
@@ -32,6 +35,6 @@ export default function (server: Server, ctx: AppContext) {
       throw new InvalidRequestError(`Could not locate record`)
     }
 
-    return await pipethrough(ctx, req, null)
+    return pipethrough(ctx, req)
   })
 }

package/src/api/com/atproto/server/requestPasswordReset.ts

@@ -40,7 +40,7 @@ export default function (server: Server, ctx: AppContext) {
         'reset_password',
       )
       await ctx.mailer.sendResetPassword(
-        { identifier: account.handle ?? account.email, token },
+        { handle: account.handle ?? account.email, token },
         { to: account.email },
       )
     },

package/src/config/config.ts

@@ -236,7 +236,17 @@ export const envToCfg = (env: ServerEnvironment): ServerConfig => {
   const crawlersCfg: ServerConfig['crawlers'] = env.crawlers ?? []
 
   const fetchCfg: ServerConfig['fetch'] = {
-    disableSsrfProtection: env.fetchDisableSsrfProtection ?? false,
+    disableSsrfProtection: env.disableSsrfProtection ?? env.devMode ?? false,
+    maxResponseSize: env.fetchMaxResponseSize ?? 512 * 1024, // 512kb
+  }
+
+  const proxyCfg: ServerConfig['proxy'] = {
+    disableSsrfProtection: env.disableSsrfProtection ?? env.devMode ?? false,
+    allowHTTP2: env.proxyAllowHTTP2 ?? false,
+    headersTimeout: env.proxyHeadersTimeout ?? 10e3,
+    bodyTimeout: env.proxyBodyTimeout ?? 30e3,
+    maxResponseSize: env.proxyMaxResponseSize ?? 10 * 1024 * 1024, // 10mb
+    preferCompressed: env.proxyPreferCompressed ?? false,
   }
 
   const oauthCfg: ServerConfig['oauth'] = entrywayCfg
@@ -302,6 +312,7 @@ export const envToCfg = (env: ServerEnvironment): ServerConfig => {
     rateLimits: rateLimitsCfg,
     crawlers: crawlersCfg,
     fetch: fetchCfg,
+    proxy: proxyCfg,
     oauth: oauthCfg,
   }
 }
@@ -324,6 +335,7 @@ export type ServerConfig = {
   rateLimits: RateLimitsConfig
   crawlers: string[]
   fetch: FetchConfig
+  proxy: ProxyConfig
   oauth: OAuthConfig
 }
 
@@ -393,6 +405,24 @@ export type EntrywayConfig = {
 
 export type FetchConfig = {
   disableSsrfProtection: boolean
+  maxResponseSize: number
+}
+
+export type ProxyConfig = {
+  disableSsrfProtection: boolean
+  allowHTTP2: boolean
+  headersTimeout: number
+  bodyTimeout: number
+  maxResponseSize: number
+
+  /**
+   * When proxying requests that might get intercepted (for read-after-write) we
+   * negotiate the encoding based on the client's preferences. We will however
+   * use or own weights in order to be able to better control if the PDS will
+   * need to perform content decoding. This settings allows to prefer compressed
+   * content over uncompressed one.
+   */
+  preferCompressed: boolean
 }
 
 export type OAuthConfig = {

package/src/config/env.ts

@@ -117,8 +117,18 @@ export const readEnv = (): ServerEnvironment => {
       'PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX',
     ),
 
+    // user provided url http requests
+    disableSsrfProtection: envBool('PDS_DISABLE_SSRF_PROTECTION'),
+
     // fetch
-    fetchDisableSsrfProtection: envBool('PDS_DISABLE_SSRF_PROTECTION'),
+    fetchMaxResponseSize: envInt('PDS_FETCH_MAX_RESPONSE_SIZE'),
+
+    // proxy
+    proxyAllowHTTP2: envBool('PDS_PROXY_ALLOW_HTTP2'),
+    proxyHeadersTimeout: envInt('PDS_PROXY_HEADERS_TIMEOUT'),
+    proxyBodyTimeout: envInt('PDS_PROXY_BODY_TIMEOUT'),
+    proxyMaxResponseSize: envInt('PDS_PROXY_MAX_RESPONSE_SIZE'),
+    proxyPreferCompressed: envBool('PDS_PROXY_PREFER_COMPRESSED'),
   }
 }
 
@@ -233,6 +243,16 @@ export type ServerEnvironment = {
   plcRotationKeyKmsKeyId?: string
   plcRotationKeyK256PrivateKeyHex?: string
 
+  // user provided url http requests
+  disableSsrfProtection?: boolean
+
   // fetch
-  fetchDisableSsrfProtection?: boolean
+  fetchMaxResponseSize?: number
+
+  // proxy
+  proxyAllowHTTP2?: boolean
+  proxyHeadersTimeout?: number
+  proxyBodyTimeout?: number
+  proxyMaxResponseSize?: number
+  proxyPreferCompressed?: boolean
 }

package/src/context.ts

@@ -1,23 +1,28 @@
 import assert from 'node:assert'
+import * as undici from 'undici'
 import * as nodemailer from 'nodemailer'
 import { Redis } from 'ioredis'
 import * as plc from '@did-plc/lib'
+import {
+  Fetch,
+  isUnicastIp,
+  loggedFetch,
+  safeFetchWrap,
+  unicastLookup,
+} from '@atproto-labs/fetch-node'
 import * as crypto from '@atproto/crypto'
 import { IdResolver } from '@atproto/identity'
 import { AtpAgent } from '@atproto/api'
 import { KmsKeypair, S3BlobStore } from '@atproto/aws'
+import { JoseKey, OAuthVerifier } from '@atproto/oauth-provider'
+import { BlobStore } from '@atproto/repo'
 import {
   RateLimiter,
   RateLimiterCreator,
   RateLimiterOpts,
   createServiceAuthHeaders,
+  createServiceJwt,
 } from '@atproto/xrpc-server'
-import {
-  JoseKey,
-  Fetch,
-  safeFetchWrap,
-  OAuthVerifier,
-} from '@atproto/oauth-provider'
 
 import { ServerConfig, ServerSecrets } from './config'
 import { PdsOAuthProvider } from './oauth/provider'
@@ -29,7 +34,6 @@ import {
 import { fetchLogger } from './logger'
 import { ServerMailer } from './mailer'
 import { ModerationMailer } from './mailer/moderation'
-import { BlobStore } from '@atproto/repo'
 import { AccountManager } from './account-manager'
 import { Sequencer } from './sequencer'
 import { BackgroundQueue } from './background'
@@ -59,6 +63,7 @@ export type AppContextOptions = {
   moderationAgent?: AtpAgent
   reportingAgent?: AtpAgent
   entrywayAgent?: AtpAgent
+  proxyAgent: undici.Agent
   safeFetch: Fetch
   authProvider?: PdsOAuthProvider
   authVerifier: AuthVerifier
@@ -85,6 +90,7 @@ export class AppContext {
   public moderationAgent: AtpAgent | undefined
   public reportingAgent: AtpAgent | undefined
   public entrywayAgent: AtpAgent | undefined
+  public proxyAgent: undici.Agent
   public safeFetch: Fetch
   public authVerifier: AuthVerifier
   public authProvider?: PdsOAuthProvider
@@ -110,6 +116,7 @@ export class AppContext {
     this.moderationAgent = opts.moderationAgent
     this.reportingAgent = opts.reportingAgent
     this.entrywayAgent = opts.entrywayAgent
+    this.proxyAgent = opts.proxyAgent
     this.safeFetch = opts.safeFetch
     this.authVerifier = opts.authVerifier
     this.authProvider = opts.authProvider
@@ -256,20 +263,47 @@ export class AppContext {
       appviewCdnUrlPattern: cfg.bskyAppView?.cdnUrlPattern,
     })
 
+    // An agent for performing HTTP requests based on user provided URLs.
+    const proxyAgent = new undici.Agent({
+      allowH2: cfg.proxy.allowHTTP2, // This is experimental
+      headersTimeout: cfg.proxy.headersTimeout,
+      maxResponseSize: cfg.proxy.maxResponseSize,
+      bodyTimeout: cfg.proxy.bodyTimeout,
+      factory: cfg.proxy.disableSsrfProtection
+        ? undefined
+        : (origin, opts) => {
+            const { protocol, hostname } =
+              origin instanceof URL ? origin : new URL(origin)
+            if (protocol !== 'https:') {
+              throw new Error(`Forbidden protocol "${protocol}"`)
+            }
+            if (isUnicastIp(hostname) === false) {
+              throw new Error('Hostname resolved to non-unicast address')
+            }
+            return new undici.Pool(origin, opts)
+          },
+      connect: {
+        lookup: cfg.proxy.disableSsrfProtection ? undefined : unicastLookup,
+      },
+    })
+
     // A fetch() function that protects against SSRF attacks, large responses &
     // known bad domains. This function can safely be used to fetch user
     // provided URLs (unless "disableSsrfProtection" is true, of course).
-    const safeFetch = safeFetchWrap({
-      allowHttp: cfg.fetch.disableSsrfProtection,
-      responseMaxSize: 512 * 1024, // 512kB
-      ssrfProtection: !cfg.fetch.disableSsrfProtection,
-      fetch: async (input, init) => {
-        const request = input instanceof Request ? input : null
-        const method = init?.method ?? request?.method ?? 'GET'
-        const uri = request?.url ?? String(input)
-        fetchLogger.debug({ method, uri }, 'fetch')
-        return globalThis.fetch(input, init)
+    const safeFetch = loggedFetch({
+      fetch: safeFetchWrap({
+        // Using globalThis.fetch allows safeFetchWrap to use keep-alive. See
+        // unicastFetchWrap().
+        fetch: globalThis.fetch,
+        allowIpHost: false,
+        responseMaxSize: cfg.fetch.maxResponseSize,
+        ssrfProtection: !cfg.fetch.disableSsrfProtection,
+      }),
+      logRequest: ({ method, url }) => {
+        fetchLogger.debug({ method, uri: url }, 'fetch')
       },
+      logResponse: false,
+      logError: false,
     })
 
     const authProvider = cfg.oauth.provider
@@ -333,6 +367,7 @@ export class AppContext {
       moderationAgent,
       reportingAgent,
       entrywayAgent,
+      proxyAgent,
       safeFetch,
       authVerifier,
       authProvider,
@@ -356,6 +391,16 @@ export class AppContext {
       keypair,
     })
   }
+
+  async serviceAuthJwt(did: string, aud: string, lxm: string) {
+    const keypair = await this.actorStore.keypair(did)
+    return createServiceJwt({
+      iss: did,
+      aud,
+      lxm,
+      keypair,
+    })
+  }
 }
 
 export default AppContext

package/src/index.ts

@@ -127,6 +127,7 @@ export class PDS {
     await this.ctx.backgroundQueue.destroy()
     await this.ctx.accountManager.close()
     await this.ctx.redisScratch?.quit()
+    await this.ctx.proxyAgent.destroy()
     clearInterval(this.dbStatsInterval)
     clearInterval(this.sequencerStatsInterval)
   }

package/src/lexicon/index.ts

@@ -166,7 +166,9 @@ import * as ToolsOzoneCommunicationUpdateTemplate from './types/tools/ozone/comm
 import * as ToolsOzoneModerationEmitEvent from './types/tools/ozone/moderation/emitEvent'
 import * as ToolsOzoneModerationGetEvent from './types/tools/ozone/moderation/getEvent'
 import * as ToolsOzoneModerationGetRecord from './types/tools/ozone/moderation/getRecord'
+import * as ToolsOzoneModerationGetRecords from './types/tools/ozone/moderation/getRecords'
 import * as ToolsOzoneModerationGetRepo from './types/tools/ozone/moderation/getRepo'
+import * as ToolsOzoneModerationGetRepos from './types/tools/ozone/moderation/getRepos'
 import * as ToolsOzoneModerationQueryEvents from './types/tools/ozone/moderation/queryEvents'
 import * as ToolsOzoneModerationQueryStatuses from './types/tools/ozone/moderation/queryStatuses'
 import * as ToolsOzoneModerationSearchRepos from './types/tools/ozone/moderation/searchRepos'
@@ -2262,6 +2264,17 @@ export class ToolsOzoneModerationNS {
     return this._server.xrpc.method(nsid, cfg)
   }
 
+  getRecords<AV extends AuthVerifier>(
+    cfg: ConfigOf<
+      AV,
+      ToolsOzoneModerationGetRecords.Handler<ExtractAuth<AV>>,
+      ToolsOzoneModerationGetRecords.HandlerReqCtx<ExtractAuth<AV>>
+    >,
+  ) {
+    const nsid = 'tools.ozone.moderation.getRecords' // @ts-ignore
+    return this._server.xrpc.method(nsid, cfg)
+  }
+
   getRepo<AV extends AuthVerifier>(
     cfg: ConfigOf<
       AV,
@@ -2273,6 +2286,17 @@ export class ToolsOzoneModerationNS {
     return this._server.xrpc.method(nsid, cfg)
   }
 
+  getRepos<AV extends AuthVerifier>(
+    cfg: ConfigOf<
+      AV,
+      ToolsOzoneModerationGetRepos.Handler<ExtractAuth<AV>>,
+      ToolsOzoneModerationGetRepos.HandlerReqCtx<ExtractAuth<AV>>
+    >,
+  ) {
+    const nsid = 'tools.ozone.moderation.getRepos' // @ts-ignore
+    return this._server.xrpc.method(nsid, cfg)
+  }
+
   queryEvents<AV extends AuthVerifier>(
     cfg: ConfigOf<
       AV,

package/src/lexicon/lexicons.ts

@@ -1686,6 +1686,11 @@ export const schemaDict = {
             },
           },
         },
+        errors: [
+          {
+            name: 'RecordNotFound',
+          },
+        ],
       },
     },
   },
@@ -4190,6 +4195,10 @@ export const schemaDict = {
               ref: 'lex:com.atproto.label.defs#label',
             },
           },
+          pinnedPost: {
+            type: 'ref',
+            ref: 'lex:com.atproto.repo.strongRef',
+          },
         },
       },
       profileAssociated: {
@@ -4812,6 +4821,10 @@ export const schemaDict = {
               type: 'ref',
               ref: 'lex:com.atproto.repo.strongRef',
             },
+            pinnedPost: {
+              type: 'ref',
+              ref: 'lex:com.atproto.repo.strongRef',
+            },
             createdAt: {
               type: 'string',
               format: 'datetime',
@@ -5468,6 +5481,9 @@ export const schemaDict = {
           embeddingDisabled: {
             type: 'boolean',
           },
+          pinned: {
+            type: 'boolean',
+          },
         },
       },
       feedViewPost: {
@@ -5484,7 +5500,10 @@ export const schemaDict = {
           },
           reason: {
             type: 'union',
-            refs: ['lex:app.bsky.feed.defs#reasonRepost'],
+            refs: [
+              'lex:app.bsky.feed.defs#reasonRepost',
+              'lex:app.bsky.feed.defs#reasonPin',
+            ],
           },
           feedContext: {
             type: 'string',
@@ -5536,6 +5555,10 @@ export const schemaDict = {
           },
         },
       },
+      reasonPin: {
+        type: 'object',
+        properties: {},
+      },
       threadViewPost: {
         type: 'object',
         required: ['post'],
@@ -5693,7 +5716,10 @@ export const schemaDict = {
           },
           reason: {
             type: 'union',
-            refs: ['lex:app.bsky.feed.defs#skeletonReasonRepost'],
+            refs: [
+              'lex:app.bsky.feed.defs#skeletonReasonRepost',
+              'lex:app.bsky.feed.defs#skeletonReasonPin',
+            ],
           },
           feedContext: {
             type: 'string',
@@ -5713,6 +5739,10 @@ export const schemaDict = {
           },
         },
       },
+      skeletonReasonPin: {
+        type: 'object',
+        properties: {},
+      },
       threadgateView: {
         type: 'object',
         properties: {
@@ -6078,6 +6108,10 @@ export const schemaDict = {
               ],
               default: 'posts_with_replies',
             },
+            includePins: {
+              type: 'boolean',
+              default: false,
+            },
           },
         },
         output: {
@@ -7162,7 +7196,7 @@ export const schemaDict = {
         type: 'record',
         key: 'tid',
         description:
-          "Record defining interaction gating rules for a thread (aka, reply controls). The record key (rkey) of the threadgate record must match the record key of the thread's root post, and that record must be in the same repository..",
+          "Record defining interaction gating rules for a thread (aka, reply controls). The record key (rkey) of the threadgate record must match the record key of the thread's root post, and that record must be in the same repository.",
         record: {
           type: 'object',
           required: ['post', 'createdAt'],
@@ -8236,6 +8270,12 @@ export const schemaDict = {
                   ref: 'lex:app.bsky.actor.defs#profileView',
                 },
               },
+              isFallback: {
+                type: 'boolean',
+                description:
+                  'If true, response has fallen-back to generic results, and is not scoped using relativeToDid',
+                default: false,
+              },
             },
           },
         },
@@ -9192,6 +9232,12 @@ export const schemaDict = {
                   ref: 'lex:app.bsky.unspecced.defs#skeletonSearchActor',
                 },
               },
+              relativeToDid: {
+                type: 'string',
+                format: 'did',
+                description:
+                  'DID of the account these suggestions are relative to. If this is returned undefined, suggestions are based on the viewer.',
+              },
             },
           },
         },
@@ -11602,6 +11648,49 @@ export const schemaDict = {
       },
     },
   },
+  ToolsOzoneModerationGetRecords: {
+    lexicon: 1,
+    id: 'tools.ozone.moderation.getRecords',
+    defs: {
+      main: {
+        type: 'query',
+        description: 'Get details about some records.',
+        parameters: {
+          type: 'params',
+          required: ['uris'],
+          properties: {
+            uris: {
+              type: 'array',
+              maxLength: 100,
+              items: {
+                type: 'string',
+                format: 'at-uri',
+              },
+            },
+          },
+        },
+        output: {
+          encoding: 'application/json',
+          schema: {
+            type: 'object',
+            required: ['records'],
+            properties: {
+              records: {
+                type: 'array',
+                items: {
+                  type: 'union',
+                  refs: [
+                    'lex:tools.ozone.moderation.defs#recordViewDetail',
+                    'lex:tools.ozone.moderation.defs#recordViewNotFound',
+                  ],
+                },
+              },
+            },
+          },
+        },
+      },
+    },
+  },
   ToolsOzoneModerationGetRepo: {
     lexicon: 1,
     id: 'tools.ozone.moderation.getRepo',
@@ -11634,6 +11723,49 @@ export const schemaDict = {
       },
     },
   },
+  ToolsOzoneModerationGetRepos: {
+    lexicon: 1,
+    id: 'tools.ozone.moderation.getRepos',
+    defs: {
+      main: {
+        type: 'query',
+        description: 'Get details about some repositories.',
+        parameters: {
+          type: 'params',
+          required: ['dids'],
+          properties: {
+            dids: {
+              type: 'array',
+              maxLength: 100,
+              items: {
+                type: 'string',
+                format: 'did',
+              },
+            },
+          },
+        },
+        output: {
+          encoding: 'application/json',
+          schema: {
+            type: 'object',
+            required: ['repos'],
+            properties: {
+              repos: {
+                type: 'array',
+                items: {
+                  type: 'union',
+                  refs: [
+                    'lex:tools.ozone.moderation.defs#repoViewDetail',
+                    'lex:tools.ozone.moderation.defs#repoViewNotFound',
+                  ],
+                },
+              },
+            },
+          },
+        },
+      },
+    },
+  },
   ToolsOzoneModerationQueryEvents: {
     lexicon: 1,
     id: 'tools.ozone.moderation.queryEvents',
@@ -12450,7 +12582,9 @@ export const ids = {
   ToolsOzoneModerationEmitEvent: 'tools.ozone.moderation.emitEvent',
   ToolsOzoneModerationGetEvent: 'tools.ozone.moderation.getEvent',
   ToolsOzoneModerationGetRecord: 'tools.ozone.moderation.getRecord',
+  ToolsOzoneModerationGetRecords: 'tools.ozone.moderation.getRecords',
   ToolsOzoneModerationGetRepo: 'tools.ozone.moderation.getRepo',
+  ToolsOzoneModerationGetRepos: 'tools.ozone.moderation.getRepos',
   ToolsOzoneModerationQueryEvents: 'tools.ozone.moderation.queryEvents',
   ToolsOzoneModerationQueryStatuses: 'tools.ozone.moderation.queryStatuses',
   ToolsOzoneModerationSearchRepos: 'tools.ozone.moderation.searchRepos',

package/src/lexicon/types/app/bsky/actor/defs.ts

@@ -7,6 +7,7 @@ import { isObj, hasProp } from '../../../../util'
 import { CID } from 'multiformats/cid'
 import * as ComAtprotoLabelDefs from '../../../com/atproto/label/defs'
 import * as AppBskyGraphDefs from '../graph/defs'
+import * as ComAtprotoRepoStrongRef from '../../../com/atproto/repo/strongRef'
 
 export interface ProfileViewBasic {
   did: string
@@ -74,6 +75,7 @@ export interface ProfileViewDetailed {
   createdAt?: string
   viewer?: ViewerState
   labels?: ComAtprotoLabelDefs.Label[]
+  pinnedPost?: ComAtprotoRepoStrongRef.Main
   [k: string]: unknown
 }