@getcirrus/pds 0.8.0 → 0.10.0

package/README.md

@@ -343,6 +343,7 @@ The PDS uses environment variables for configuration. Public values go in `wrang
 | `HANDLE`             | Account handle                             |
 | `SIGNING_KEY_PUBLIC` | Public key for DID document (multibase)    |
 | `INITIAL_ACTIVE`     | Whether account starts active (true/false) |
+| `DATA_LOCATION`      | Data placement (optional, see below)       |
 
 ### Secrets
 
@@ -353,6 +354,31 @@ The PDS uses environment variables for configuration. Public values go in `wrang
 | `JWT_SECRET`    | Secret for signing session JWTs       |
 | `PASSWORD_HASH` | Bcrypt hash of password for app login |
 
+### Data Placement
+
+Cirrus supports Cloudflare's Durable Object [data placement features](https://developers.cloudflare.com/durable-objects/reference/data-location/) for users who need control over where their data is stored. By default a durable object is created near to the first location it is accessed from. This is likely to be correct for most users. However, if you have specific data residency requirements, you can set the `DATA_LOCATION` environment variable to control where your Durable Object is placed. This only affects the location of the Durable Object instance that stores your PDS data. ATProto data is globally distributed via relays, so this does not limit access to your data from other regions.
+
+> [!WARNING]
+> Once a Durable Object is created, its location cannot be changed. Therefore, you should set `DATA_LOCATION` before the first deployment of your PDS. Changing this value after deployment will break your installation, as existing data will not be migrated.
+
+Supported values for `DATA_LOCATION`:
+
+- **Auto** (`auto`): Default behaviour. Cloudflare places the DO near the first access location.
+- **Jurisdiction** (`eu`): Hard guarantee that data never leaves the region. Use this for compliance requirements.
+- **Hints** (`wnam`, `enam`, `weur`, `eeur`, `apac`, `oc`). Best-effort suggestions for initial placement region. Cloudflare may place the DO elsewhere based on availability. See [supported locations](https://developers.cloudflare.com/durable-objects/reference/data-location/#supported-locations-1) for more details)
+
+Example in `wrangler.jsonc`:
+
+```jsonc
+{
+	"vars": {
+		"DATA_LOCATION": "eu",
+	},
+}
+```
+
+See [Cloudflare's data location documentation](https://developers.cloudflare.com/durable-objects/reference/data-location/) for more details.
+
 ## API Endpoints
 
 ### Identity
@@ -473,6 +499,7 @@ npx pds migrate
 ```
 
 The migrate command:
+
 - Resolves your DID to find the current PDS
 - Authenticates with your source PDS
 - Downloads the repository (posts, follows, likes, etc.)
@@ -488,6 +515,7 @@ npx pds identity
 ```
 
 This updates your DID document to point to your new PDS. The command:
+
 1. Authenticates with your source PDS (requires password)
 2. Requests an email confirmation token
 3. Gets the source PDS to sign a PLC operation with your new endpoint
@@ -510,6 +538,7 @@ npx pds status
 ```
 
 Check that:
+
 - The account is active
 - The repository has the expected number of records
 - Your handle resolves correctly

package/dist/cli.js

@@ -1768,7 +1768,8 @@ const initCommand = defineCommand({
 		try {
 			cfSecrets = await listSecrets();
 		} catch {}
-		if (cfSecrets.includes("SIGNING_KEY") && !devVars.SIGNING_KEY) {
+		const signingKeyInCloudflare = cfSecrets.includes("SIGNING_KEY");
+		if (signingKeyInCloudflare && !devVars.SIGNING_KEY) {
 			p.log.error("⚠️  Signing key exists in Cloudflare but not locally!");
 			p.note([
 				"Your PDS has a signing key deployed to Cloudflare, but you don't have",
@@ -1948,6 +1949,55 @@ const initCommand = defineCommand({
 				`  containing: ${did}`
 			].join("\n"), "Identity Setup 🪪");
 		}
+		let dataLocation;
+		if (currentVars.DATA_LOCATION) dataLocation = currentVars.DATA_LOCATION;
+		else {
+			dataLocation = await promptSelect({
+				message: "Where should your data be stored?",
+				options: [
+					{
+						value: "auto",
+						label: "Auto (Recommended)",
+						hint: "Cloudflare chooses optimal location"
+					},
+					{
+						value: "eu",
+						label: "European Union",
+						hint: "GDPR jurisdiction guarantee"
+					},
+					{
+						value: "wnam",
+						label: "Western North America",
+						hint: "Location hint"
+					},
+					{
+						value: "enam",
+						label: "Eastern North America",
+						hint: "Location hint"
+					},
+					{
+						value: "apac",
+						label: "Asia-Pacific",
+						hint: "Location hint"
+					},
+					{
+						value: "oc",
+						label: "Oceania",
+						hint: "Location hint"
+					}
+				]
+			});
+			if (dataLocation && dataLocation !== "auto") {
+				p.log.warn("⚠️  Data location cannot be changed after deployment!");
+				p.note([
+					"Durable Objects cannot be relocated once created.",
+					"If you deploy with this setting and later change it,",
+					"existing data will become inaccessible.",
+					"",
+					`You selected: ${dataLocation}`
+				].join("\n"), "Important");
+			}
+		}
 		const spinner = p.spinner();
 		const authToken = await getOrGenerateSecret("AUTH_TOKEN", devVars, async () => {
 			spinner.start("Generating auth token...");
@@ -2070,7 +2120,8 @@ const initCommand = defineCommand({
 			DID: did,
 			HANDLE: handle,
 			SIGNING_KEY_PUBLIC: signingKeyPublic,
-			INITIAL_ACTIVE: initialActive
+			INITIAL_ACTIVE: initialActive,
+			DATA_LOCATION: dataLocation
 		});
 		setCustomDomains([hostname]);
 		spinner.stop("wrangler.jsonc updated");
@@ -2102,12 +2153,12 @@ const initCommand = defineCommand({
 		if (!isProduction) {
 			const deployNow = await p.confirm({
 				message: "Push secrets to Cloudflare now?",
-				initialValue: false
+				initialValue: true
 			});
 			if (!p.isCancel(deployNow) && deployNow) {
 				spinner.start("Deploying secrets to Cloudflare...");
 				await setSecretValue("AUTH_TOKEN", authToken, false);
-				if (signingKeyIsNew) await setSecretValue("SIGNING_KEY", signingKey, false);
+				if (!signingKeyInCloudflare) await setSecretValue("SIGNING_KEY", signingKey, false);
 				await setSecretValue("JWT_SECRET", jwtSecret, false);
 				await setSecretValue("PASSWORD_HASH", passwordHash, false);
 				spinner.stop("Secrets deployed to Cloudflare");
@@ -2158,7 +2209,22 @@ const initCommand = defineCommand({
 		}
 		if (deployed) p.outro(`Your PDS is live at https://${hostname}! 🚀`);
 		else if (deployedSecrets) p.outro(`Run '${formatCommand(pm, "deploy")}' to launch your PDS! 🚀`);
-		else p.outro(`Run '${formatCommand(pm, "dev")}' to start your PDS locally! 🦋`);
+		else {
+			p.note([
+				"To deploy your PDS, first push your secrets to Cloudflare:",
+				"",
+				`  ${formatCommand(pm, "pds", "init")}`,
+				"",
+				"Then deploy:",
+				"",
+				`  ${formatCommand(pm, "deploy")}`,
+				"",
+				"Or to test locally first:",
+				"",
+				`  ${formatCommand(pm, "dev")}`
+			].join("\n"), "Next Steps");
+			p.outro("Configuration saved to .dev.vars");
+		}
 	}
 });
 /**

package/dist/index.d.ts

@@ -250,6 +250,27 @@ interface BlobRef {
 }
 //#endregion
 //#region src/types.d.ts
+/**
+ * Data location options for Durable Object placement.
+ *
+ * - "auto": No location constraint (default, recommended)
+ * - "eu": European Union - hard guarantee data never leaves EU
+ * - Location hints (best-effort, not guaranteed):
+ *   - "wnam": Western North America
+ *   - "enam": Eastern North America
+ *   - "sam": South America
+ *   - "weur": Western Europe
+ *   - "eeur": Eastern Europe
+ *   - "apac": Asia-Pacific
+ *   - "oc": Oceania
+ *   - "afr": Africa
+ *   - "me": Middle East
+ *
+ * IMPORTANT: This setting only affects newly-created Durable Objects.
+ * Changing this after initial deployment will NOT migrate existing data.
+ * To relocate data, you must export and re-import to a new PDS.
+ */
+type DataLocation = "auto" | "eu" | "wnam" | "enam" | "sam" | "weur" | "eeur" | "apac" | "oc" | "afr" | "me";
 /**
  * Environment bindings required by the PDS worker.
  * Consumers must provide these bindings in their wrangler config.
@@ -277,6 +298,20 @@ interface PDSEnv {
   BLOBS?: R2Bucket;
   /** Initial activation state for new accounts (default: true) */
   INITIAL_ACTIVE?: string;
+  /**
+   * Data location for Durable Object placement.
+   *
+   * WARNING: DO NOT CHANGE THIS AFTER INITIAL DEPLOYMENT.
+   * This setting only affects newly-created DOs. Changing it will NOT
+   * migrate existing data and may cause issues.
+   *
+   * Options:
+   * - "auto" or unset: No location constraint (default, recommended)
+   * - "eu": European Union - hard guarantee data never leaves EU
+   * - Location hints (best-effort, not guaranteed):
+   *   "wnam", "enam", "sam", "weur", "eeur", "apac", "oc", "afr", "me"
+   */
+  DATA_LOCATION?: DataLocation;
 }
 //#endregion
 //#region src/account-do.d.ts
@@ -439,6 +474,13 @@ declare class AccountDurableObject extends DurableObject<PDSEnv> {
    * Used for partial sync and migration.
    */
   rpcGetBlocks(cids: string[]): Promise<Uint8Array>;
+  /**
+   * RPC method: Get record with proof as CAR file.
+   * Returns the commit block and all MST blocks needed to verify
+   * the existence (or non-existence) of a record.
+   * Used by com.atproto.sync.getRecord for record verification.
+   */
+  rpcGetRecordProof(collection: string, rkey: string): Promise<Uint8Array>;
   /**
    * RPC method: Import repo from CAR file
    * This is used for account migration - importing an existing repository
@@ -652,5 +694,5 @@ declare const app: Hono<{
   Bindings: PDSEnv;
 }, hono_types0.BlankSchema, "/">;
 //#endregion
-export { AccountDurableObject, type PDSEnv, app as default };
+export { AccountDurableObject, type DataLocation, type PDSEnv, app as default };
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","names":[],"sources":["../src/storage.ts","../src/oauth-storage.ts","../src/blobs.ts","../src/types.ts","../src/account-do.ts","../src/index.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;;;;cAUa,iBAAA,SACJ,kBAAA,YACG;EAFC,QAAA,GAAA;EAIa,WAAA,CAAA,GAAA,EAAA,UAAA;EA2FA;;;;EAiCR,UAAA,CAAA,aAAA,CAAA,EAAA,OAAA,CAAA,EAAA,IAAA;EAQG;;;EAcL,OAAA,CAAA,CAAA,EAvDE,OAuDF,CAvDU,GAuDV,GAAA,IAAA,CAAA;EAAM;;;EAU8C,MAAA,CAAA,CAAA,EApDnD,OAoDmD,CAAA,MAAA,GAAA,IAAA,CAAA;EAArC;;;EAmB4B,MAAA,CAAA,CAAA,EA7D1C,OA6D0C,CAAA,MAAA,CAAA;EAYpC;;;EAoBmB,OAAA,CAAA,CAAA,EAnFxB,OAmFwB,CAAA,MAAA,CAAA;EAWf;;;EA6CT,QAAA,CAAA,GAAA,EAnIG,GAmIH,CAAA,EAnIS,OAmIT,CAnIiB,UAmIjB,GAAA,IAAA,CAAA;EAUI;;;EAoCF,GAAA,CAAA,GAAA,EAnKJ,GAmKI,CAAA,EAnKE,OAmKF,CAAA,OAAA,CAAA;EAUe;;;EA2JtB,SAAA,CAAA,IAAA,EA9TU,GA8TV,EAAA,CAAA,EA9TkB,OA8TlB,CAAA;IA8BI,MAAA,EA5VgC,QA4VhC;IA3fR,OAAA,EA+J2D,GA/J3D,EAAA;EACG,CAAA,CAAA;EAAW;;;gBAiLF,YAAY,0BAA0B;EC/K9C;;;EAuG0C,OAAA,CAAA,MAAA,EDoFhC,QCpFgC,EAAA,GAAA,EAAA,MAAA,CAAA,EDoFR,OCpFQ,CAAA,IAAA,CAAA;EAgBb;;;EAsClB,UAAA,CAAA,GAAA,EDkDD,GClDC,EAAA,GAAA,EAAA,MAAA,CAAA,EDkDkB,OClDlB,CAAA,IAAA,CAAA;EAAY;;;EAiDoB,WAAA,CAAA,MAAA,EDY7B,UCZ6B,CAAA,EDYhB,OCZgB,CAAA,IAAA,CAAA;EAAR;;;EA4CF,WAAA,CAAA,CAAA,EDGxB,OCHwB,CAAA,MAAA,CAAA;EAAiB;;;EAwCtB,OAAA,CAAA,CAAA,ED3BvB,OC2BuB,CAAA,IAAA,CAAA;EAAU;;;EAuCb,WAAA,CAAA,CAAA,EDxDhB,OCwDgB,CAAA,MAAA,CAAA;EAWG;;;oBDzDhB;;;AEvSzB;0CFyT+C;;;AGpT/C;EAkBiC,SAAA,CAAA,CAAA,EH0Sb,OG1Sa,CAAA,OAAA,CAAA;EAAvB;;;8BHoTyB;;;AItSnC;EAAwD,aAAA,CAAA,SAAA,EAAA,MAAA,EAAA,OAAA,EAAA,MAAA,CAAA,EAAA,IAAA;EAUtC;;;EA6GW,cAAA,CAAA,SAAA,EAAA,MAAA,EAAA,QAAA,EAAA,MAAA,EAAA,CAAA,EAAA,IAAA;EAAR;;;EAgBK,iBAAA,CAAA,SAAA,EAAA,MAAA,CAAA,EAAA,IAAA;EAAR;;;EAqBG,iBAAA,CAAA,GAAA,EAAA,MAAA,EAAA,IAAA,EAAA,MAAA,EAAA,QAAA,EAAA,MAAA,CAAA,EAAA,IAAA;EAQA;;;EAsCX,cAAI,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,OAAA;EAFV;;;EA8EA,kBAAA,CAAA,CAAA,EAAA,MAAA;EA8EA;;;EA6JO,kBAAA,CAAA,CAAA,EAAA,MAAA;EAFP;;;EA6KoB,gBAAA,CAAA,KAAA,CAAA,EAAA,MAAA,EAAA,MAAA,CAAA,EAAA,MAAA,CAAA,EAAA;IA6BqB,KAAA,EJ7UhC,KI6UgC,CAAA;MAAR,GAAA,EAAA,MAAA;MA2BN,SAAA,EAAA,MAAA;IAAa,CAAA,CAAA;IAsEhB,MAAA,CAAA,EAAA,MAAA;EAAuC,CAAA;EAAR;;;EAiJrB,iBAAA,CAAA,CAAA,EAAA,IAAA;EAAkB;;;EAqCnC,WAAA,CAAA,YAAA,EAAA,MAAA,EAAA,SAAA,EJljBR,UIkjBQ,EAAA,OAAA,EAAA,MAAA,EAAA,IAAA,CAAA,EAAA,MAAA,CAAA,EAAA,IAAA;EASd;;;EAkBqB,UAAA,CAAA,YAAA,EAAA,MAAA,CAAA,EAAA;IASsB,YAAA,EAAA,MAAA;IAQ3B,SAAA,EJ3kBV,UI2kBU;IAQM,OAAA,EAAA,MAAA;IAQE,IAAA,EAAA,MAAA,GAAA,IAAA;IAYN,SAAA,EAAA,MAAA;IAQC,UAAA,EAAA,MAAA,GAAA,IAAA;EAYM,CAAA,GAAA,IAAA;EAQA;;;EAwBJ,YAAA,CAAA,CAAA,EJ7nBX,KI6nBW,CAAA;IAkCiB,YAAA,EAAA,MAAA;IAkDpB,IAAA,EAAA,MAAA,GAAA,IAAA;IAQM,SAAA,EAAA,MAAA;IAAO,UAAA,EAAA,MAAA,GAsBM,IAAA;EACxC,CAAA,CAAA;EAAO;;;EAcoC,aAAA,CAAA,YAOH,EAAA,MAAA,CAAA,EAAA,OAAA;EACxC;;;EAQO,oBAAA,CAAA,YAQqC,EAAA,MAAA,EAAA,OAAA,EAAA,MAAA,CAAA,EAAA,IAAA;EAA5C;;;EAY2C,WAAA,CAAA,CAAA,EAAA,OAAA;EAS3C;;;EAQO,gBAAA,CAAA,KAAA,EAQiC,MAAA,EAAA,SAAA,EAAA,MAAA,EAAA,SAAA,EAAA,MAAA,EAAA,IAAA,CAAA,EAAA,MAAA,CAAA,EAAA,IAAA;EACxC;;;EAcqC,mBAAA,CAAA,KAAA,EAAA,MAAA,CAAA,EAAA;IAMG,SAAA,EAAA,MAAA;IAY/B,IAAA,EAAA,MAAA,GAAA,IAAA;EAGT,CAAA,GAAA,IAAA;EAQS;;;EAWa,oBAAA,CAAA,CAAA,EAAA,IAAA;;;;;;;;;;cH12Cb,kBAAA,YAA8B;;mBACjB;EDLb;;;EA+FK,UAAA,CAAA,CAAA,EAAA,IAAA;EAaD;;;EA4BI,OAAA,CAAA,CAAA,EAAA,IAAA;EAAc,YAAA,CAAA,IAAA,EAAA,MAAA,EAAA,IAAA,EC7BK,YD6BL,CAAA,EC7BoB,OD6BpB,CAAA,IAAA,CAAA;EAAR,WAAA,CAAA,IAAA,EAAA,MAAA,CAAA,ECbO,ODaP,CCbe,YDaf,GAAA,IAAA,CAAA;EAcX,cAAA,CAAA,IAAA,EAAA,MAAA,CAAA,ECGqB,ODHrB,CAAA,IAAA,CAAA;EAAM,UAAA,CAAA,IAAA,ECWE,SDXF,CAAA,ECWc,ODXd,CAAA,IAAA,CAAA;EAUC,gBAAA,CAAA,WAAA,EAAA,MAAA,CAAA,ECkBuB,ODlBvB,CCkB+B,SDlB/B,GAAA,IAAA,CAAA;EAA0B,iBAAA,CAAA,YAAA,EAAA,MAAA,CAAA,ECkDD,ODlDC,CCkDO,SDlDP,GAAA,IAAA,CAAA;EAAmB,WAAA,CAAA,WAAA,EAAA,MAAA,CAAA,EC+E3B,OD/E2B,CAAA,IAAA,CAAA;EAArC,eAAA,CAAA,GAAA,EAAA,MAAA,CAAA,ECsFM,ODtFN,CAAA,IAAA,CAAA;EAmBV,UAAA,CAAA,QAAA,EAAA,MAAA,EAAA,QAAA,EC2EyB,cD3EzB,CAAA,EC2E0C,OD3E1C,CAAA,IAAA,CAAA;EAAY,SAAA,CAAA,QAAA,EAAA,MAAA,CAAA,ECyFG,ODzFH,CCyFW,cDzFX,GAAA,IAAA,CAAA;EAA0B,OAAA,CAAA,UAAA,EAAA,MAAA,EAAA,IAAA,ECmHlB,ODnHkB,CAAA,ECmHR,ODnHQ,CAAA,IAAA,CAAA;EAYpC,MAAA,CAAA,UAAA,EAAA,MAAA,CAAA,ECkHY,ODlHZ,CCkHoB,ODlHpB,GAAA,IAAA,CAAA;EAAwB,SAAA,CAAA,UAAA,EAAA,MAAA,CAAA,EC8IT,OD9IS,CAAA,IAAA,CAAA;EAoBxB,iBAAA,CAAA,KAAA,EAAA,MAAA,CAAA,ECqIkB,ODrIlB,CAAA,OAAA,CAAA;EAAmB;;;EA8CpB,OAAA,CAAA,CAAA,EAAA,IAAA;EAUJ;;;EAsC6B,qBAAA,CAAA,SAAA,EAAA,MAAA,CAAA,EAAA,IAAA;EAQ3B;;;;EAqKP,wBAAA,CAAA,SAAA,EAAA,MAAA,CAAA,EAAA,OAAA;;;;UEteI,OAAA;;;;;;;;;;;;;;UCKA,MAAA;;;;EHGJ,MAAA,EAAA,MAAA;EAIa;EA2FA,YAAA,EAAA,MAAA;EAAR;EAaD,UAAA,EAAA,MAAA;EAUA;EAUC,WAAA,EAAA,MAAA;EAQG;EAAc,kBAAA,EAAA,MAAA;EAAR;EAcX,UAAA,EAAA,MAAA;EAAM;EAUC,aAAA,EAAA,MAAA;EAA0B;EAAmB,OAAA,EGjJ1D,sBHiJ0D,CGjJnC,oBHiJmC,CAAA;EAArC;EAmBV,KAAA,CAAA,EGlKZ,QHkKY;EAAY;EAA0B,cAAA,CAAA,EAAA,MAAA;;;;;;;AAnL3D;;;;;;AAgIkB,cInGL,oBAAA,SAA6B,aJmGxB,CInGsC,MJmGtC,CAAA,CAAA;EAQG,QAAA,OAAA;EAAc,QAAA,YAAA;EAAR,QAAA,IAAA;EAcX,QAAA,OAAA;EAAM,QAAA,SAAA;EAUC,QAAA,SAAA;EAA0B,QAAA,kBAAA;EAAmB,QAAA,eAAA;EAArC,WAAA,CAAA,GAAA,EIzHb,kBJyHa,EAAA,GAAA,EIzHY,MJyHZ;EAmBV;;;EAYE,QAAA,wBAAA;EAAwB;;;EA+BpB,QAAA,UAAA;EAAa;;;;EAiEf,KAAA,CAAA,CAAA,EItLA,OJsLA,CAAA,IAAA,CAAA;EAkBsB;;;EAwGlC,QAAA,qBAAA;EAkDA;;;EA1cJ,UAAA,CAAA,CAAA,EImJY,OJnJZ,CImJoB,iBJnJpB,CAAA;EACG;;;qBI0Jc,QAAQ;;AHxJlC;;EAuGwC,OAAA,CAAA,CAAA,EGyDtB,OHzDsB,CGyDd,IHzDc,CAAA;EAAe;;;EA8ClB,YAAA,CAAA,CAAA,EGmBd,OHnBc,CAAA,IAAA,CAAA;EAQb;;;EAiBsB,UAAA,CAAA,CAAA,EGOzB,OHPyB,CGOjB,gBHPiB,CAAA;EAgCU;;;EAoCnB,OAAA,CAAA,IAAA,EGrDhB,IHqDgB,CAAA,EGrDT,OHqDS,CAAA,IAAA,CAAA;EAQS;;;EAcV,eAAA,CAAA,CAAA,EGpEV,OHoEU,CAAA;IA0BK,GAAA,EAAA,MAAA;IAAU,WAAA,EAAA,MAAA,EAAA;IAWR,GAAA,EAAA,MAAA;EAAR,CAAA,CAAA;EA4BG;;;EAzUiB,YAAA,CAAA,UAAA,EAAA,MAAA,EAAA,IAAA,EAAA,MAAA,CAAA,EGiOnD,OHjOmD,CAAA;;YGmO7C,GAAA,CAAI;;EF/OG;;;;ICKA,KAAM,EAAA,MAAA;IAkBU,MAAA,CAAA,EAAA,MAAA;IAAvB,OAAA,CAAA,EAAA,OAAA;EAED,CAAA,CAAA,ECuPL,ODvPK,CAAA;IAAQ,OAAA,ECwPN,KDxPM,CAAA;;;;ICYJ,CAAA,CAAA;IAA2C,MAAA,CAAA,EAAA,MAAA;EAUtC,CAAA,CAAA;EAAyB;;;EA6GtB,eAAA,CAAA,UAAA,EAAA,MAAA,EAAA,IAAA,EAAA,MAAA,GAAA,SAAA,EAAA,MAAA,EAAA,OAAA,CAAA,EA+JjB,OA/JiB,CAAA;IAQa,GAAA,EAAA,MAAA;IAAR,GAAA,EAAA,MAAA;IAQA,MAAA,EAAA;MAAR,GAAA,EAAA,MAAA;MAQK,GAAA,EAAA,MAAA;IAaM,CAAA;EAAR,CAAA,CAAA;EAQA;;;EAsCX,eAAI,CAAA,UAAA,EAAA,MAAA,EAAA,IAAA,EAAA,MAAA,CAAA,EA0JV,OA1JU,CAAA;IAFV,MAAA,EAAA;MAoCO,GAAA,EAAA,MAAA;MADP,GAAA,EAAA,MAAA;IA2CA,CAAA;EA8EA,CAAA,GAAA,IAAA,CAAA;EA+DA;;;EA4FA,YAAA,CAAA,UAAA,EAAA,MAAA,EAAA,IAAA,EAAA,MAAA,EAAA,MAAA,EAAA,OAAA,CAAA,EA5FA,OA4FA,CAAA;IA6JuB,GAAA,EAAA,MAAA;IAgBK,GAAA,EAAA,MAAA;IAAR,MAAA,EAAA;MA6BqB,GAAA,EAAA,MAAA;MAAR,GAAA,EAAA,MAAA;IA2BN,CAAA;IAAa,gBAAA,EAAA,MAAA;EAsEhB,CAAA,CAAA;EAAuC;;;EAyBhC,cAAA,CAAA,MAAA,EA1UzB,KA0UyB,CAAA;IAwHG,KAAA,EAAA,MAAA;IAAkB,UAAA,EAAA,MAAA;IAAR,IAAA,CAAA,EAAA,MAAA;IAoCzC,KAAA,CAAA,EAAA,OAAA;EACc,CAAA,CAAA,CAAA,EAjejB,OAieiB,CAAA;IASd,MAAA,EAAA;MAWuB,GAAA,EAAA,MAAA;MAAkB,GAAA,EAAA,MAAA;IAOpB,CAAA;IASsB,OAAA,EAngBvC,KAmgBuC,CAAA;MAQ3B,KAAA,EAAA,MAAA;MAQM,GAAA,CAAA,EAAA,MAAA;MAQE,GAAA,CAAA,EAAA,MAAA;MAYN,gBAAA,CAAA,EAAA,MAAA;IAQC,CAAA,CAAA;EAYM,CAAA,CAAA;EAQA;;;EAwBJ,gBAAA,CAAA,CAAA,EAhcD,OAgcC,CAAA;IAkCiB,GAAA,EAAA,MAAA;IAkDpB,IAAA,EAAA,MAAA;IAQM,GAAA,EAAA,MAAA;EAAO,CAAA,CAAA;EAuBlC;;;EAcoC,aAAA,CAAA,CAAA,EAjjBhB,OAijBgB,CAjjBR,UAijBQ,CAAA;EAAO;;;;EAgBpC,YAAA,CAAA,IAAA,EAAA,MAQqC,EAAA,CAAA,EA5iBX,OA4iBW,CA5iBH,UA4iBG,CAAA;EAA5C;;;;;EAqBO,aAAA,CAAA,QAAA,EAtiBoB,UA8iBiB,CAAA,EA9iBJ,OA8iBI,CAAA;IAA5C,GAAA,EAAA,MAAA;IAAO,GAAA,EAAA,MAAA;IASP,GAAA,EAAA,MAAA;EAAO,CAAA,CAAA;EAQP;;;EAwBS,aAAA,CAAA,KAAA,EAjhBe,UAihBf,EAAA,QAAA,EAAA,MAAA,CAAA,EAjhB8C,OAihB9C,CAjhBsD,OAihBtD,CAAA;EAGT;;;EAmB8B,UAAA,CAAA,MAAA,EAAA,MAAA,CAAA,EA9gBC,OA8gBD,CA9gBS,YA8gBT,GAAA,IAAA,CAAA;EAAR;;;EA0BD,QAAA,WAAA;EAWrB;;;EAoBmD,QAAA,iBAAA;EASxB;;;EAn5CW,QAAA,mBAAA;EAAa;;;;ECkCjD;;;EAAG,QAAA,gBAAA;EAAA;;;;;;;;;;;iCDy5B6B,UAAU,QAAQ;;;;wBAoCjD,8BACc;;;;sBASd;;;;sBAWuB,kBAAkB;;;;uBAOpB;;;;;;6CASsB;;;;kBAQ3B;;;;wBAQM;;;;0BAQE;;;;oBAYN;;;;qBAQC;;;;2BAYM;;;;2BAQA;;;;wDAW5B;WACK;;;;;;;;;;;uBAYmB;;;;;;;wCAkCiB;;;;;;oBAkDpB;;;;;;0BAQM;;;;;sCAAO,0BAAA,CAsBM,eACxC;;gCAQA,QARO,0BAAA,CAQqC,YAAA;;mCAMR;;sBAAO,0BAAA,CAOH,YACxC;;4CAQA,QARO,0BAAA,CAQqC,SAAA;;8CAQ5C,QARO,0BAAA,CAQqC,SAAA;;uCAMJ;;mCAMJ;;4CAAO,0BAAA,CAQC,iBAC5C;;kCAQA,QARO,0BAAA,CAQqC,cAAA;;uCAArC,0BAAA,CAQiC,UACxC;;iCAQA,QARO,0BAAA,CAQqC,OAAA;;oCAMP;;uCAMG;;kDAY/B,6CAGT;;uCAMwC;;eAE/B;;;;;;;qBAWa,QAAQ;;;;;;;0CAWa;;kEAS3C;;oBAMqB;;2FAWrB;;yCAQA;;;;;+CAMgD;;kDAMG;;;;;iBASxB,UAAU,QAAQ;;;;cCj3C3C,KAAG;YAAwB;GAAM,WAAA,CAAA,WAAA"}
+{"version":3,"file":"index.d.ts","names":[],"sources":["../src/storage.ts","../src/oauth-storage.ts","../src/blobs.ts","../src/types.ts","../src/account-do.ts","../src/index.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;;;;cAUa,iBAAA,SACJ,kBAAA,YACG;EAFC,QAAA,GAAA;EAIa,WAAA,CAAA,GAAA,EAAA,UAAA;EA2FA;;;;EAiCR,UAAA,CAAA,aAAA,CAAA,EAAA,OAAA,CAAA,EAAA,IAAA;EAQG;;;EAcL,OAAA,CAAA,CAAA,EAvDE,OAuDF,CAvDU,GAuDV,GAAA,IAAA,CAAA;EAAM;;;EAU8C,MAAA,CAAA,CAAA,EApDnD,OAoDmD,CAAA,MAAA,GAAA,IAAA,CAAA;EAArC;;;EAmB4B,MAAA,CAAA,CAAA,EA7D1C,OA6D0C,CAAA,MAAA,CAAA;EAYpC;;;EAoBmB,OAAA,CAAA,CAAA,EAnFxB,OAmFwB,CAAA,MAAA,CAAA;EAWf;;;EA6CT,QAAA,CAAA,GAAA,EAnIG,GAmIH,CAAA,EAnIS,OAmIT,CAnIiB,UAmIjB,GAAA,IAAA,CAAA;EAUI;;;EAoCF,GAAA,CAAA,GAAA,EAnKJ,GAmKI,CAAA,EAnKE,OAmKF,CAAA,OAAA,CAAA;EAUe;;;EA2JtB,SAAA,CAAA,IAAA,EA9TU,GA8TV,EAAA,CAAA,EA9TkB,OA8TlB,CAAA;IA8BI,MAAA,EA5VgC,QA4VhC;IA3fR,OAAA,EA+J2D,GA/J3D,EAAA;EACG,CAAA,CAAA;EAAW;;;gBAiLF,YAAY,0BAA0B;EC/K9C;;;EAuG0C,OAAA,CAAA,MAAA,EDoFhC,QCpFgC,EAAA,GAAA,EAAA,MAAA,CAAA,EDoFR,OCpFQ,CAAA,IAAA,CAAA;EAgBb;;;EAsClB,UAAA,CAAA,GAAA,EDkDD,GClDC,EAAA,GAAA,EAAA,MAAA,CAAA,EDkDkB,OClDlB,CAAA,IAAA,CAAA;EAAY;;;EAiDoB,WAAA,CAAA,MAAA,EDY7B,UCZ6B,CAAA,EDYhB,OCZgB,CAAA,IAAA,CAAA;EAAR;;;EA4CF,WAAA,CAAA,CAAA,EDGxB,OCHwB,CAAA,MAAA,CAAA;EAAiB;;;EAwCtB,OAAA,CAAA,CAAA,ED3BvB,OC2BuB,CAAA,IAAA,CAAA;EAAU;;;EAuCb,WAAA,CAAA,CAAA,EDxDhB,OCwDgB,CAAA,MAAA,CAAA;EAWG;;;oBDzDhB;;;AEvSzB;0CFyT+C;;;AGpS/C;EAiBiB,SAAM,CAAA,CAAA,EH2RH,OG3RG,CAAA,OAAA,CAAA;EAkBU;;;EAkBhB,SAAA,CAAA,MAAA,EAAA,OAAA,CAAA,EHiQkB,OGjQlB,CAAA,IAAA,CAAA;EAAY;;;;ECpChB;;;EAU8B,cAAA,CAAA,SAAA,EAAA,MAAA,EAAA,QAAA,EAAA,MAAA,EAAA,CAAA,EAAA,IAAA;EAkElB;;;EAmDS,iBAAA,CAAA,SAAA,EAAA,MAAA,CAAA,EAAA,IAAA;EAAR;;;EAgBH,iBAAA,CAAA,GAAA,EAAA,MAAA,EAAA,IAAA,EAAA,MAAA,EAAA,QAAA,EAAA,MAAA,CAAA,EAAA,IAAA;EAaM;;;EAQD,cAAA,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,OAAA;EAOF;;;EAiEf,kBAAA,CAAA,CAAA,EAAA,MAAA;EADP;;;EAwLA,kBAAA,CAAA,CAAA,EAAA,MAAA;EAsFM;;;EAmKiB,gBAAA,CAAA,KAAA,CAAA,EAAA,MAAA,EAAA,MAAA,CAAA,EAAA,MAAA,CAAA,EAAA;IAgBK,KAAA,EJjTnB,KIiTmB,CAAA;MAAR,GAAA,EAAA,MAAA;MA6BqB,SAAA,EAAA,MAAA;IAAR,CAAA,CAAA;IA+BzB,MAAA,CAAA,EAAA,MAAA;EAAR,CAAA;EAkC2B;;;EAsEoC,iBAAA,CAAA,CAAA,EAAA,IAAA;EAAR;;;EAiJrB,WAAA,CAAA,YAAA,EAAA,MAAA,EAAA,SAAA,EJpjBzB,UIojByB,EAAA,OAAA,EAAA,MAAA,EAAA,IAAA,CAAA,EAAA,MAAA,CAAA,EAAA,IAAA;EAAkB;;;EAqCnC,UAAA,CAAA,YAAA,EAAA,MAAA,CAAA,EAAA;IASd,YAAA,EAAA,MAAA;IAWuB,SAAA,EJ1lBjB,UI0lBiB;IAAkB,OAAA,EAAA,MAAA;IAOpB,IAAA,EAAA,MAAA,GAAA,IAAA;IASsB,SAAA,EAAA,MAAA;IAQ3B,UAAA,EAAA,MAAA,GAAA,IAAA;EAQM,CAAA,GAAA,IAAA;EAQE;;;EAgCC,YAAA,CAAA,CAAA,EJpoBf,KIooBe,CAAA;IAQA,YAAA,EAAA,MAAA;IAYvB,IAAA,EAAA,MAAA,GAAA,IAAA;IADL,SAAA,EAAA,MAAA;IAawB,UAAA,EAAA,MAAA,GAAA,IAAA;EAkCiB,CAAA,CAAA;EAkDpB;;;EA+BrB,aAAA,CAAA,YAAA,EAAA,MAAA,CAAA,EAAA,OAAA;EAAO;;;EAcoC,oBAAA,CAAA,YAOH,EAAA,MAAA,EAAA,OAAA,EAAA,MAAA,CAAA,EAAA,IAAA;EACxC;;;EAQO,WAAA,CAAA,CAAA,EAAA,OAAA;EAQP;;;EAY2C,gBAAA,CAAA,KAAA,EAQC,MAAA,EAAA,SAAA,EAAA,MAAA,EAAA,SAAA,EAAA,MAAA,EAAA,IAAA,CAAA,EAAA,MAAA,CAAA,EAAA,IAAA;EAC5C;;;EAQO,mBAAA,CAAA,KAQiC,EAAA,MAAA,CAAA,EAAA;IACxC,SAAA,EAAA,MAAA;IAAO,IAAA,EAAA,MAAA,GAAA,IAAA;EAQP,CAAA,GAAA,IAAA;EAMqC;;;EAqBrC,oBAAA,CAAA,CAAA,EAAA,IAAA;;;;;;;;;;cH93CS,kBAAA,YAA8B;;mBACjB;EDLb;;;EA+FK,UAAA,CAAA,CAAA,EAAA,IAAA;EAaD;;;EA4BI,OAAA,CAAA,CAAA,EAAA,IAAA;EAAc,YAAA,CAAA,IAAA,EAAA,MAAA,EAAA,IAAA,EC7BK,YD6BL,CAAA,EC7BoB,OD6BpB,CAAA,IAAA,CAAA;EAAR,WAAA,CAAA,IAAA,EAAA,MAAA,CAAA,ECbO,ODaP,CCbe,YDaf,GAAA,IAAA,CAAA;EAcX,cAAA,CAAA,IAAA,EAAA,MAAA,CAAA,ECGqB,ODHrB,CAAA,IAAA,CAAA;EAAM,UAAA,CAAA,IAAA,ECWE,SDXF,CAAA,ECWc,ODXd,CAAA,IAAA,CAAA;EAUC,gBAAA,CAAA,WAAA,EAAA,MAAA,CAAA,ECkBuB,ODlBvB,CCkB+B,SDlB/B,GAAA,IAAA,CAAA;EAA0B,iBAAA,CAAA,YAAA,EAAA,MAAA,CAAA,ECkDD,ODlDC,CCkDO,SDlDP,GAAA,IAAA,CAAA;EAAmB,WAAA,CAAA,WAAA,EAAA,MAAA,CAAA,EC+E3B,OD/E2B,CAAA,IAAA,CAAA;EAArC,eAAA,CAAA,GAAA,EAAA,MAAA,CAAA,ECsFM,ODtFN,CAAA,IAAA,CAAA;EAmBV,UAAA,CAAA,QAAA,EAAA,MAAA,EAAA,QAAA,EC2EyB,cD3EzB,CAAA,EC2E0C,OD3E1C,CAAA,IAAA,CAAA;EAAY,SAAA,CAAA,QAAA,EAAA,MAAA,CAAA,ECyFG,ODzFH,CCyFW,cDzFX,GAAA,IAAA,CAAA;EAA0B,OAAA,CAAA,UAAA,EAAA,MAAA,EAAA,IAAA,ECmHlB,ODnHkB,CAAA,ECmHR,ODnHQ,CAAA,IAAA,CAAA;EAYpC,MAAA,CAAA,UAAA,EAAA,MAAA,CAAA,ECkHY,ODlHZ,CCkHoB,ODlHpB,GAAA,IAAA,CAAA;EAAwB,SAAA,CAAA,UAAA,EAAA,MAAA,CAAA,EC8IT,OD9IS,CAAA,IAAA,CAAA;EAoBxB,iBAAA,CAAA,KAAA,EAAA,MAAA,CAAA,ECqIkB,ODrIlB,CAAA,OAAA,CAAA;EAAmB;;;EA8CpB,OAAA,CAAA,CAAA,EAAA,IAAA;EAUJ;;;EAsC6B,qBAAA,CAAA,SAAA,EAAA,MAAA,CAAA,EAAA,IAAA;EAQ3B;;;;EAqKP,wBAAA,CAAA,SAAA,EAAA,MAAA,CAAA,EAAA,OAAA;;;;UEteI,OAAA;;;;;;;;;;;;;;;;;;AFQjB;;;;;;;;;;;;AAgKuB,KGnJX,YAAA,GHmJW,MAAA,GAAA,IAAA,GAAA,MAAA,GAAA,MAAA,GAAA,KAAA,GAAA,MAAA,GAAA,MAAA,GAAA,MAAA,GAAA,IAAA,GAAA,KAAA,GAAA,IAAA;;;;;AAmBU,UGrJhB,MAAA,CHqJgB;EAA0B;EAYpC,GAAA,EAAA,MAAA;EAAwB;EAoBxB,MAAA,EAAA,MAAA;EAAmB;EAWf,YAAA,EAAA,MAAA;EAAa;EAmClB,UAAA,EAAA,MAAA;EAUJ;EAUI,WAAA,EAAA,MAAA;EAUG;EAkBsB,kBAAA,EAAA,MAAA;EAQ3B;EAUe,UAAA,EAAA,MAAA;EAsFtB;EAkDA,aAAA,EAAA,MAAA;EAmBA;EA8BI,OAAA,EG5cP,sBH4cO,CG5cgB,oBH4chB,CAAA;EA3fR;EACG,KAAA,CAAA,EGgDH,QHhDG;EAAW;;;;ACEvB;;;;;;;;;;;EA8MwD,aAAA,CAAA,EEhJvC,YFgJuC;;;;;;;ADlNxD;;;;;;AAgIkB,cIlGL,oBAAA,SAA6B,aJkGxB,CIlGsC,MJkGtC,CAAA,CAAA;EAQG,QAAA,OAAA;EAAc,QAAA,YAAA;EAAR,QAAA,IAAA;EAcX,QAAA,OAAA;EAAM,QAAA,SAAA;EAUC,QAAA,SAAA;EAA0B,QAAA,kBAAA;EAAmB,QAAA,eAAA;EAArC,WAAA,CAAA,GAAA,EIxHb,kBJwHa,EAAA,GAAA,EIxHY,MJwHZ;EAmBV;;;EAYE,QAAA,wBAAA;EAAwB;;;EA+BpB,QAAA,UAAA;EAAa;;;;EAiEf,KAAA,CAAA,CAAA,EIrLA,OJqLA,CAAA,IAAA,CAAA;EAkBsB;;;EAwGlC,QAAA,qBAAA;EAkDA;;;EA1cJ,UAAA,CAAA,CAAA,EIoJY,OJpJZ,CIoJoB,iBJpJpB,CAAA;EACG;;;qBI2Jc,QAAQ;;AHzJlC;;EAuGwC,OAAA,CAAA,CAAA,EG0DtB,OH1DsB,CG0Dd,IH1Dc,CAAA;EAAe;;;EA8ClB,YAAA,CAAA,CAAA,EGoBd,OHpBc,CAAA,IAAA,CAAA;EAQb;;;EAiBsB,UAAA,CAAA,CAAA,EGQzB,OHRyB,CGQjB,gBHRiB,CAAA;EAgCU;;;EAoCnB,OAAA,CAAA,IAAA,EGpDhB,IHoDgB,CAAA,EGpDT,OHoDS,CAAA,IAAA,CAAA;EAQS;;;EAcV,eAAA,CAAA,CAAA,EGnEV,OHmEU,CAAA;IA0BK,GAAA,EAAA,MAAA;IAAU,WAAA,EAAA,MAAA,EAAA;IAWR,GAAA,EAAA,MAAA;EAAR,CAAA,CAAA;EA4BG;;;EAzUiB,YAAA,CAAA,UAAA,EAAA,MAAA,EAAA,IAAA,EAAA,MAAA,CAAA,EGkOnD,OHlOmD,CAAA;;YGoO7C,GAAA,CAAI;;EFhPG;;;;ICqBL,KAAA,EAAA,MAAY;IAiBP,MAAM,CAAA,EAAA,MAAA;IAkBU,OAAA,CAAA,EAAA,OAAA;EAAvB,CAAA,CAAA,ECyNN,ODzNM,CAAA;IAED,OAAA,ECwNE,KDxNF,CAAA;MAgBQ,GAAA,EAAA,MAAA;MAAY,GAAA,EAAA,MAAA;;;;ECpChB,CAAA,CAAA;EAA2C;;;EA4E/B,eAAA,CAAA,UAAA,EAAA,MAAA,EAAA,IAAA,EAAA,MAAA,GAAA,SAAA,EAAA,MAAA,EAAA,OAAA,CAAA,EA0MrB,OA1MqB,CAAA;IA2CI,GAAA,EAAA,MAAA;IAAR,GAAA,EAAA,MAAA;IAQa,MAAA,EAAA;MAAR,GAAA,EAAA,MAAA;MAQA,GAAA,EAAA,MAAA;IAAR,CAAA;EAQK,CAAA,CAAA;EAaM;;;EAQD,eAAA,CAAA,UAAA,EAAA,MAAA,EAAA,IAAA,EAAA,MAAA,CAAA,EAgMxB,OAhMwB,CAAA;IAOF,MAAA,EAAA;MA+BZ,GAAA,EAAA,MAAA;MAFV,GAAA,EAAA,MAAA;IAoCO,CAAA;EADP,CAAA,GAAA,IAAA,CAAA;EA2CA;;;EAmOM,YAAA,CAAA,UAAA,EAAA,MAAA,EAAA,IAAA,EAAA,MAAA,EAAA,MAAA,EAAA,OAAA,CAAA,EAtFN,OAsFM,CAAA;IAQC,GAAA,EAAA,MAAA;IAFP,GAAA,EAAA,MAAA;IA6JuB,MAAA,EAAA;MAgBK,GAAA,EAAA,MAAA;MAAR,GAAA,EAAA,MAAA;IA6BqB,CAAA;IAAR,gBAAA,EAAA,MAAA;EA+BzB,CAAA,CAAA;EAAR;;;EAwGwB,cAAA,CAAA,MAAA,EAvVlB,KAuVkB,CAAA;IAAuC,KAAA,EAAA,MAAA;IAAR,UAAA,EAAA,MAAA;IAyBhB,IAAA,CAAA,EAAA,MAAA;IAAR,KAAA,CAAA,EAAA,OAAA;EAwHG,CAAA,CAAA,CAAA,EAlelC,OAkekC,CAAA;IAAkB,MAAA,EAAA;MAAR,GAAA,EAAA,MAAA;MAoCzC,GAAA,EAAA,MAAA;IACc,CAAA;IASd,OAAA,EA9gBI,KA8gBJ,CAAA;MAWuB,KAAA,EAAA,MAAA;MAAkB,GAAA,CAAA,EAAA,MAAA;MAOpB,GAAA,CAAA,EAAA,MAAA;MASsB,gBAAA,CAAA,EAAA,MAAA;IAQ3B,CAAA,CAAA;EAQM,CAAA,CAAA;EAQE;;;EAgCC,gBAAA,CAAA,CAAA,EAtcL,OAscK,CAAA;IAQA,GAAA,EAAA,MAAA;IAYvB,IAAA,EAAA,MAAA;IADL,GAAA,EAAA,MAAA;EAawB,CAAA,CAAA;EAkCiB;;;EA0DP,aAAA,CAAA,CAAA,EAljBd,OAwkBoB,CAxkBZ,UAwkBY,CAAA;EACxC;;;;EAc2C,YAAA,CAAA,IAAA,EAAA,MAOH,EAAA,CAAA,EAjkBP,OAikBO,CAjkBC,UAikBD,CAAA;EACxC;;;;;;EA4BoC,iBAAA,CAAA,UAAA,EAAA,MAAA,EAAA,IAAA,EAAA,MAAA,CAAA,EA/jBpC,OA+jBoC,CA/jB5B,UA+jB4B,CAAA;EAAO;;;;;EA0B3C,aAAA,CAAA,QAAA,EAvjB2B,UAujB3B,CAAA,EAvjBwC,OAujBxC,CAAA;IAAO,GAAA,EAAA,MAAA;IAQP,GAAA,EAAA,MAAA;IAMqC,GAAA,EAAA,MAAA;EAMG,CAAA,CAAA;EAY/B;;;EAS+B,aAAA,CAAA,KAAA,EA1hBhB,UA0hBgB,EAAA,QAAA,EAAA,MAAA,CAAA,EA1hBe,OA0hBf,CA1hBuB,OA0hBvB,CAAA;EAaV;;;EAoB9B,UAAA,CAAA,MAAA,EAAA,MAAA,CAAA,EAliB+B,OAkiB/B,CAliBuC,YAkiBvC,GAAA,IAAA,CAAA;EAMqB;;;EAyB2B,QAAA,WAAA;EAMG;;;EASd,QAAA,iBAAA;EAz7CC;;;;;ACfJ;;EAgDC,QAAA,gBAAA;EAA9B;;;;;;;;;;;;;;;iCDg8B6B,UAAU,QAAQ;;;;wBAoCjD,8BACc;;;;sBASd;;;;sBAWuB,kBAAkB;;;;uBAOpB;;;;;;6CASsB;;;;kBAQ3B;;;;wBAQM;;;;0BAQE;;;;oBAYN;;;;qBAQC;;;;2BAYM;;;;2BAQA;;;;wDAW5B;WACK;;;;;;;;;;;uBAYmB;;;;;;;wCAkCiB;;;;;;oBAkDpB;;;;;;0BAQM;;;;;sCAAO,0BAAA,CAsBM,eACxC;;gCAQA,QARO,0BAAA,CAQqC,YAAA;;mCAMR;;sBAAO,0BAAA,CAOH,YACxC;;4CAQA,QARO,0BAAA,CAQqC,SAAA;;8CAQ5C,QARO,0BAAA,CAQqC,SAAA;;uCAMJ;;mCAMJ;;4CAAO,0BAAA,CAQC,iBAC5C;;kCAQA,QARO,0BAAA,CAQqC,cAAA;;uCAArC,0BAAA,CAQiC,UACxC;;iCAQA,QARO,0BAAA,CAQqC,OAAA;;oCAMP;;uCAMG;;kDAY/B,6CAGT;;uCAMwC;;eAE/B;;;;;;;qBAWa,QAAQ;;;;;;;0CAWa;;kEAS3C;;oBAMqB;;2FAWrB;;yCAQA;;;;;+CAMgD;;kDAMG;;;;;iBASxB,UAAU,QAAQ;;;;cCx5C3C,KAAG;YAAwB;GAAM,WAAA,CAAA,WAAA"}

package/dist/index.js

@@ -1,5 +1,5 @@
 import { DurableObject, env, waitUntil } from "cloudflare:workers";
-import { BlockMap, ReadableBlockstore, Repo, WriteOpAction, blocksToCarFile, readCarWithRoot } from "@atproto/repo";
+import { BlockMap, ReadableBlockstore, Repo, WriteOpAction, blocksToCarFile, getRecords, readCarWithRoot } from "@atproto/repo";
 import { Secp256k1Keypair, randomStr, verifySignature } from "@atproto/crypto";
 import { CID, asCid, isBlobRef } from "@atproto/lex-data";
 import { now } from "@atcute/tid";
@@ -7,8 +7,8 @@ import { decode, encode, fromBytes, isBytes, toBytes, toCidLink } from "@atcute/
 import { CODEC_RAW, create, fromString, toString } from "@atcute/cid";
 import { Hono } from "hono";
 import { cors } from "hono/cors";
-import { isDid, isHandle } from "@atcute/lexicons/syntax";
-import { SignJWT, base64url, jwtVerify } from "jose";
+import { isDid, isHandle, isNsid, isRecordKey } from "@atcute/lexicons/syntax";
+import { SignJWT, base64url, errors, jwtVerify } from "jose";
 import { compare, compare as compare$1 } from "bcryptjs";
 import { ATProtoOAuthProvider } from "@getcirrus/oauth-provider";
 import { generateAuthenticationOptions, generateRegistrationOptions, verifyAuthenticationResponse, verifyRegistrationResponse } from "@simplewebauthn/server";
@@ -1365,6 +1365,30 @@ var AccountDurableObject = class extends DurableObject {
 		return blocksToCarFile(root, blocks);
 	}
 	/**
+	* RPC method: Get record with proof as CAR file.
+	* Returns the commit block and all MST blocks needed to verify
+	* the existence (or non-existence) of a record.
+	* Used by com.atproto.sync.getRecord for record verification.
+	*/
+	async rpcGetRecordProof(collection, rkey) {
+		const storage = await this.getStorage();
+		const root = await storage.getRoot();
+		if (!root) throw new Error("No repository root found");
+		const carChunks = [];
+		for await (const chunk of getRecords(storage, root, [{
+			collection,
+			rkey
+		}])) carChunks.push(chunk);
+		const totalLength = carChunks.reduce((acc, chunk) => acc + chunk.length, 0);
+		const result = new Uint8Array(totalLength);
+		let offset = 0;
+		for (const chunk of carChunks) {
+			result.set(chunk, offset);
+			offset += chunk.length;
+		}
+		return result;
+	}
+	/**
 	* RPC method: Import repo from CAR file
 	* This is used for account migration - importing an existing repository
 	* from another PDS.
@@ -1893,7 +1917,17 @@ async function verifyServiceJwt(token, signingKey, expectedAudience, expectedIss
 
 //#endregion
 //#region src/session.ts
-const ACCESS_TOKEN_LIFETIME = "15m";
+/**
+* Error thrown when a JWT has expired.
+* Callers should return HTTP 400 with error code 'ExpiredToken'.
+*/
+var TokenExpiredError = class extends Error {
+	constructor(message = "Token has expired") {
+		super(message);
+		this.name = "TokenExpiredError";
+	}
+};
+const ACCESS_TOKEN_LIFETIME = "120m";
 const REFRESH_TOKEN_LIFETIME = "90d";
 /**
 * Create a secret key from string for HS256 signing
@@ -1906,44 +1940,58 @@ function createSecretKey(secret) {
 */
 async function createAccessToken(jwtSecret, userDid, serviceDid) {
 	const secret = createSecretKey(jwtSecret);
-	return new SignJWT({ scope: "atproto" }).setProtectedHeader({
+	return new SignJWT({ scope: "com.atproto.access" }).setProtectedHeader({
 		alg: "HS256",
 		typ: "at+jwt"
-	}).setIssuedAt().setIssuer(serviceDid).setAudience(serviceDid).setSubject(userDid).setExpirationTime(ACCESS_TOKEN_LIFETIME).sign(secret);
+	}).setIssuedAt().setAudience(serviceDid).setSubject(userDid).setExpirationTime(ACCESS_TOKEN_LIFETIME).sign(secret);
 }
 /**
 * Create a refresh token (long-lived, 90 days)
 */
 async function createRefreshToken(jwtSecret, userDid, serviceDid) {
 	const secret = createSecretKey(jwtSecret);
-	return new SignJWT({
-		scope: "com.atproto.refresh",
-		jti: crypto.randomUUID()
-	}).setProtectedHeader({
+	const jti = crypto.randomUUID();
+	return new SignJWT({ scope: "com.atproto.refresh" }).setProtectedHeader({
 		alg: "HS256",
 		typ: "refresh+jwt"
-	}).setIssuedAt().setIssuer(serviceDid).setAudience(serviceDid).setSubject(userDid).setExpirationTime(REFRESH_TOKEN_LIFETIME).sign(secret);
+	}).setIssuedAt().setAudience(serviceDid).setSubject(userDid).setJti(jti).setExpirationTime(REFRESH_TOKEN_LIFETIME).sign(secret);
 }
 /**
-* Verify an access token and return the payload
+* Verify an access token and return the payload.
+* Throws TokenExpiredError if the token has expired.
 */
 async function verifyAccessToken(token, jwtSecret, serviceDid) {
-	const { payload, protectedHeader } = await jwtVerify(token, createSecretKey(jwtSecret), {
-		issuer: serviceDid,
-		audience: serviceDid
-	});
+	const secret = createSecretKey(jwtSecret);
+	let payload;
+	let protectedHeader;
+	try {
+		const result = await jwtVerify(token, secret, { audience: serviceDid });
+		payload = result.payload;
+		protectedHeader = result.protectedHeader;
+	} catch (err) {
+		if (err instanceof errors.JWTExpired) throw new TokenExpiredError();
+		throw err;
+	}
 	if (protectedHeader.typ !== "at+jwt") throw new Error("Invalid token type");
-	if (payload.scope !== "atproto") throw new Error("Invalid scope");
+	if (payload.scope !== "com.atproto.access") throw new Error("Invalid scope");
 	return payload;
 }
 /**
-* Verify a refresh token and return the payload
+* Verify a refresh token and return the payload.
+* Throws TokenExpiredError if the token has expired.
 */
 async function verifyRefreshToken(token, jwtSecret, serviceDid) {
-	const { payload, protectedHeader } = await jwtVerify(token, createSecretKey(jwtSecret), {
-		issuer: serviceDid,
-		audience: serviceDid
-	});
+	const secret = createSecretKey(jwtSecret);
+	let payload;
+	let protectedHeader;
+	try {
+		const result = await jwtVerify(token, secret, { audience: serviceDid });
+		payload = result.payload;
+		protectedHeader = result.protectedHeader;
+	} catch (err) {
+		if (err instanceof errors.JWTExpired) throw new TokenExpiredError();
+		throw err;
+	}
 	if (protectedHeader.typ !== "refresh+jwt") throw new Error("Invalid token type");
 	if (payload.scope !== "com.atproto.refresh") throw new Error("Invalid scope");
 	if (!payload.jti) throw new Error("Missing token ID");
@@ -2348,7 +2396,7 @@ async function requireAuth(c, next) {
 	if (token === c.env.AUTH_TOKEN) {
 		c.set("auth", {
 			did: c.env.DID,
-			scope: "atproto"
+			scope: "com.atproto.access"
 		});
 		return next();
 	}
@@ -2364,7 +2412,12 @@ async function requireAuth(c, next) {
 			scope: payload.scope
 		});
 		return next();
-	} catch {}
+	} catch (err) {
+		if (err instanceof TokenExpiredError) return c.json({
+			error: "ExpiredToken",
+			message: err.message
+		}, 400);
+	}
 	try {
 		const payload = await verifyServiceJwt(token, c.env.SIGNING_KEY, serviceDid, c.env.DID);
 		c.set("auth", {
@@ -2577,7 +2630,12 @@ async function handleXrpcProxy(c, didResolver$1, getKeypair$1) {
 				const payload = await verifyAccessToken(token, c.env.JWT_SECRET, serviceDid);
 				if (payload.sub) userDid = payload.sub;
 			}
-		} catch {}
+		} catch (err) {
+			if (err instanceof TokenExpiredError) return c.json({
+				error: "ExpiredToken",
+				message: err.message
+			}, 400);
+		}
 	}
 	if (userDid) try {
 		const keypair = await getKeypair$1();
@@ -2753,6 +2811,55 @@ async function getBlob(c, _accountDO) {
 		}
 	});
 }
+async function getRecord$1(c, accountDO) {
+	const did = c.req.query("did");
+	const collection = c.req.query("collection");
+	const rkey = c.req.query("rkey");
+	if (!did) return c.json({
+		error: "InvalidRequest",
+		message: "Missing required parameter: did"
+	}, 400);
+	if (!collection) return c.json({
+		error: "InvalidRequest",
+		message: "Missing required parameter: collection"
+	}, 400);
+	if (!rkey) return c.json({
+		error: "InvalidRequest",
+		message: "Missing required parameter: rkey"
+	}, 400);
+	if (!isDid(did)) return c.json({
+		error: "InvalidRequest",
+		message: "Invalid DID format"
+	}, 400);
+	if (!isNsid(collection)) return c.json({
+		error: "InvalidRequest",
+		message: "Invalid collection format (must be NSID)"
+	}, 400);
+	if (!isRecordKey(rkey)) return c.json({
+		error: "InvalidRequest",
+		message: "Invalid rkey format"
+	}, 400);
+	if (did !== c.env.DID) return c.json({
+		error: "RepoNotFound",
+		message: `Repository not found for DID: ${did}`
+	}, 404);
+	try {
+		const carBytes = await accountDO.rpcGetRecordProof(collection, rkey);
+		return new Response(carBytes, {
+			status: 200,
+			headers: {
+				"Content-Type": "application/vnd.ipld.car",
+				"Content-Length": carBytes.length.toString()
+			}
+		});
+	} catch (err) {
+		console.error("Error getting record proof:", err);
+		return c.json({
+			error: "InternalServerError",
+			message: "Failed to get record proof"
+		}, 500);
+	}
+}
 
 //#endregion
 //#region src/validation.ts
@@ -3150,6 +3257,7 @@ async function createSession(c) {
 		refreshJwt,
 		handle: c.env.HANDLE,
 		did: c.env.DID,
+		emailConfirmed: false,
 		active: true
 	});
 }
@@ -3176,11 +3284,16 @@ async function refreshSession(c) {
 			refreshJwt,
 			handle: c.env.HANDLE,
 			did: c.env.DID,
+			emailConfirmed: false,
 			active: true
 		});
 	} catch (err) {
-		return c.json({
+		if (err instanceof TokenExpiredError) return c.json({
 			error: "ExpiredToken",
+			message: err.message
+		}, 400);
+		return c.json({
+			error: "InvalidToken",
 			message: err instanceof Error ? err.message : "Invalid refresh token"
 		}, 400);
 	}
@@ -3199,6 +3312,7 @@ async function getSession(c) {
 	if (token === c.env.AUTH_TOKEN) return c.json({
 		handle: c.env.HANDLE,
 		did: c.env.DID,
+		emailConfirmed: false,
 		active: true
 	});
 	try {
@@ -3209,9 +3323,14 @@ async function getSession(c) {
 		return c.json({
 			handle: c.env.HANDLE,
 			did: c.env.DID,
+			emailConfirmed: false,
 			active: true
 		});
 	} catch (err) {
+		if (err instanceof TokenExpiredError) return c.json({
+			error: "ExpiredToken",
+			message: err.message
+		}, 400);
 		return c.json({
 			error: "InvalidToken",
 			message: err instanceof Error ? err.message : "Invalid access token"
@@ -3925,7 +4044,7 @@ function renderPasskeyErrorPage(error, description) {
 
 //#endregion
 //#region package.json
-var version = "0.8.0";
+var version = "0.10.0";
 
 //#endregion
 //#region src/index.ts
@@ -3967,7 +4086,13 @@ app.use("*", cors({
 	maxAge: 86400
 }));
 function getAccountDO(env$2) {
+	const location = env$2.DATA_LOCATION;
+	if (location === "eu") {
+		const namespace = env$2.ACCOUNT.jurisdiction("eu");
+		return namespace.get(namespace.idFromName("account"));
+	}
 	const id = env$2.ACCOUNT.idFromName("account");
+	if (location && location !== "auto") return env$2.ACCOUNT.get(id, { locationHint: location });
 	return env$2.ACCOUNT.get(id);
 }
 app.get("/.well-known/did.json", (c) => {
@@ -4056,6 +4181,7 @@ app.get("/xrpc/com.atproto.sync.getBlocks", (c) => getBlocks(c, getAccountDO(c.e
 app.get("/xrpc/com.atproto.sync.getBlob", (c) => getBlob(c, getAccountDO(c.env)));
 app.get("/xrpc/com.atproto.sync.listRepos", (c) => listRepos(c, getAccountDO(c.env)));
 app.get("/xrpc/com.atproto.sync.listBlobs", (c) => listBlobs(c, getAccountDO(c.env)));
+app.get("/xrpc/com.atproto.sync.getRecord", (c) => getRecord$1(c, getAccountDO(c.env)));
 app.get("/xrpc/com.atproto.sync.subscribeRepos", async (c) => {
 	if (c.req.header("Upgrade") !== "websocket") return c.json({
 		error: "InvalidRequest",