npm - @hatk/hatk - Versions diffs - 0.0.1-alpha.41 → 0.0.1-alpha.43 - Mend

@hatk/hatk 0.0.1-alpha.41 → 0.0.1-alpha.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

package/dist/cli.js +16 -553
package/dist/database/adapters/sqlite.d.ts.map +1 -1
package/dist/database/adapters/sqlite.js +2 -1
package/dist/database/db.d.ts +23 -0
package/dist/database/db.d.ts.map +1 -1
package/dist/database/db.js +81 -4
package/dist/labels.d.ts +2 -0
package/dist/labels.d.ts.map +1 -1
package/dist/labels.js +5 -0
package/dist/lexicon-resolve.d.ts.map +1 -1
package/dist/lexicon-resolve.js +27 -112
package/dist/lexicons/com/atproto/label/defs.json +75 -0
package/dist/lexicons/com/atproto/moderation/defs.json +30 -0
package/dist/lexicons/com/atproto/repo/strongRef.json +24 -0
package/dist/lexicons/dev/hatk/createRecord.json +40 -0
package/dist/lexicons/dev/hatk/createReport.json +48 -0
package/dist/lexicons/dev/hatk/deleteRecord.json +25 -0
package/dist/lexicons/dev/hatk/describeCollections.json +41 -0
package/dist/lexicons/dev/hatk/describeFeeds.json +29 -0
package/dist/lexicons/dev/hatk/describeLabels.json +45 -0
package/dist/lexicons/dev/hatk/getFeed.json +30 -0
package/dist/lexicons/dev/hatk/getPreferences.json +19 -0
package/dist/lexicons/dev/hatk/getRecord.json +26 -0
package/dist/lexicons/dev/hatk/getRecords.json +32 -0
package/dist/lexicons/dev/hatk/putPreference.json +28 -0
package/dist/lexicons/dev/hatk/putRecord.json +41 -0
package/dist/lexicons/dev/hatk/searchRecords.json +32 -0
package/dist/lexicons/dev/hatk/uploadBlob.json +23 -0
package/dist/oauth/db.d.ts +2 -1
package/dist/oauth/db.d.ts.map +1 -1
package/dist/oauth/db.js +4 -2
package/dist/oauth/server.d.ts.map +1 -1
package/dist/oauth/server.js +10 -3
package/dist/pds-proxy.d.ts.map +1 -1
package/dist/pds-proxy.js +19 -1
package/dist/server-init.d.ts.map +1 -1
package/dist/server-init.js +3 -2
package/dist/server.d.ts.map +1 -1
package/dist/server.js +91 -13
package/dist/templates/feed.tpl +14 -0
package/dist/templates/hook.tpl +5 -0
package/dist/templates/label.tpl +15 -0
package/dist/templates/og.tpl +17 -0
package/dist/templates/seed.tpl +11 -0
package/dist/templates/setup.tpl +5 -0
package/dist/templates/test-feed.tpl +19 -0
package/dist/templates/test-xrpc.tpl +19 -0
package/dist/templates/xrpc.tpl +41 -0
package/package.json +3 -2
package/public/admin.html +133 -0
package/dist/cloudflare/container.d.ts +0 -73
package/dist/cloudflare/container.d.ts.map +0 -1
package/dist/cloudflare/container.js +0 -232
package/dist/cloudflare/hooks.d.ts +0 -33
package/dist/cloudflare/hooks.d.ts.map +0 -1
package/dist/cloudflare/hooks.js +0 -40
package/dist/cloudflare/init.d.ts +0 -27
package/dist/cloudflare/init.d.ts.map +0 -1
package/dist/cloudflare/init.js +0 -103
package/dist/cloudflare/worker.d.ts +0 -27
package/dist/cloudflare/worker.d.ts.map +0 -1
package/dist/cloudflare/worker.js +0 -54
package/dist/database/adapters/d1.d.ts +0 -56
package/dist/database/adapters/d1.d.ts.map +0 -1
package/dist/database/adapters/d1.js +0 -108
package/dist/db.d.ts +0 -134
package/dist/db.d.ts.map +0 -1
package/dist/db.js +0 -1327
package/dist/fts.d.ts +0 -20
package/dist/fts.d.ts.map +0 -1
package/dist/fts.js +0 -767
package/dist/oauth/hooks.d.ts +0 -10
package/dist/oauth/hooks.d.ts.map +0 -1
package/dist/oauth/hooks.js +0 -40
package/dist/schema.d.ts +0 -59
package/dist/schema.d.ts.map +0 -1
package/dist/schema.js +0 -387
package/dist/test-browser.d.ts +0 -14
package/dist/test-browser.d.ts.map +0 -1
package/dist/test-browser.js +0 -26

package/dist/lexicons/dev/hatk/describeFeeds.json ADDED Viewed

@@ -0,0 +1,29 @@
+{
+  "lexicon": 1,
+  "id": "dev.hatk.describeFeeds",
+  "defs": {
+    "main": {
+      "type": "query",
+      "description": "List available feeds.",
+      "output": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "object",
+          "properties": {
+            "feeds": {
+              "type": "array",
+              "items": {
+                "type": "object",
+                "required": ["name", "label"],
+                "properties": {
+                  "name": { "type": "string" },
+                  "label": { "type": "string" }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}

package/dist/lexicons/dev/hatk/describeLabels.json ADDED Viewed

@@ -0,0 +1,45 @@
+{
+  "lexicon": 1,
+  "id": "dev.hatk.describeLabels",
+  "defs": {
+    "main": {
+      "type": "query",
+      "description": "List available label definitions.",
+      "output": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "object",
+          "properties": {
+            "definitions": {
+              "type": "array",
+              "items": { "type": "ref", "ref": "#labelDefinition" }
+            }
+          }
+        }
+      }
+    },
+    "labelDefinition": {
+      "type": "object",
+      "required": ["identifier", "severity", "blurs", "defaultSetting"],
+      "properties": {
+        "identifier": { "type": "string" },
+        "severity": { "type": "string" },
+        "blurs": { "type": "string" },
+        "defaultSetting": { "type": "string" },
+        "locales": {
+          "type": "array",
+          "items": { "type": "ref", "ref": "#labelLocale" }
+        }
+      }
+    },
+    "labelLocale": {
+      "type": "object",
+      "required": ["lang", "name", "description"],
+      "properties": {
+        "lang": { "type": "string" },
+        "name": { "type": "string" },
+        "description": { "type": "string" }
+      }
+    }
+  }
+}

package/dist/lexicons/dev/hatk/getFeed.json ADDED Viewed

@@ -0,0 +1,30 @@
+{
+  "lexicon": 1,
+  "id": "dev.hatk.getFeed",
+  "defs": {
+    "main": {
+      "type": "query",
+      "description": "Retrieve a named feed of items.",
+      "parameters": {
+        "type": "params",
+        "required": ["feed"],
+        "properties": {
+          "feed": { "type": "string", "description": "Feed name" },
+          "limit": { "type": "integer", "minimum": 1, "maximum": 100, "default": 30 },
+          "cursor": { "type": "string" }
+        }
+      },
+      "output": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "object",
+          "required": ["items"],
+          "properties": {
+            "items": { "type": "array", "items": { "type": "unknown" } },
+            "cursor": { "type": "string" }
+          }
+        }
+      }
+    }
+  }
+}

package/dist/lexicons/dev/hatk/getPreferences.json ADDED Viewed

@@ -0,0 +1,19 @@
+{
+  "lexicon": 1,
+  "id": "dev.hatk.getPreferences",
+  "defs": {
+    "main": {
+      "type": "query",
+      "description": "Get all preferences for the authenticated user.",
+      "output": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "object",
+          "properties": {
+            "preferences": { "type": "unknown" }
+          }
+        }
+      }
+    }
+  }
+}

package/dist/lexicons/dev/hatk/getRecord.json ADDED Viewed

@@ -0,0 +1,26 @@
+{
+  "lexicon": 1,
+  "id": "dev.hatk.getRecord",
+  "defs": {
+    "main": {
+      "type": "query",
+      "description": "Fetch a single record by AT URI.",
+      "parameters": {
+        "type": "params",
+        "required": ["uri"],
+        "properties": {
+          "uri": { "type": "string", "format": "at-uri" }
+        }
+      },
+      "output": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "object",
+          "properties": {
+            "record": { "type": "unknown" }
+          }
+        }
+      }
+    }
+  }
+}

package/dist/lexicons/dev/hatk/getRecords.json ADDED Viewed

@@ -0,0 +1,32 @@
+{
+  "lexicon": 1,
+  "id": "dev.hatk.getRecords",
+  "defs": {
+    "main": {
+      "type": "query",
+      "description": "List records from a collection with optional filters.",
+      "parameters": {
+        "type": "params",
+        "required": ["collection"],
+        "properties": {
+          "collection": { "type": "string" },
+          "limit": { "type": "integer", "minimum": 1, "maximum": 100, "default": 20 },
+          "cursor": { "type": "string" },
+          "sort": { "type": "string" },
+          "order": { "type": "string" }
+        }
+      },
+      "output": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "object",
+          "required": ["items"],
+          "properties": {
+            "items": { "type": "array", "items": { "type": "unknown" } },
+            "cursor": { "type": "string" }
+          }
+        }
+      }
+    }
+  }
+}

package/dist/lexicons/dev/hatk/putPreference.json ADDED Viewed

@@ -0,0 +1,28 @@
+{
+  "lexicon": 1,
+  "id": "dev.hatk.putPreference",
+  "defs": {
+    "main": {
+      "type": "procedure",
+      "description": "Set a single preference by key.",
+      "input": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "object",
+          "required": ["key", "value"],
+          "properties": {
+            "key": { "type": "string" },
+            "value": { "type": "unknown" }
+          }
+        }
+      },
+      "output": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "object",
+          "properties": {}
+        }
+      }
+    }
+  }
+}

package/dist/lexicons/dev/hatk/putRecord.json ADDED Viewed

@@ -0,0 +1,41 @@
+{
+  "lexicon": 1,
+  "id": "dev.hatk.putRecord",
+  "defs": {
+    "main": {
+      "type": "procedure",
+      "description": "Create or update a record via the user's PDS.",
+      "input": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "object",
+          "required": ["collection", "rkey", "record"],
+          "properties": {
+            "collection": { "type": "string" },
+            "rkey": { "type": "string" },
+            "record": { "type": "unknown" },
+            "repo": { "type": "string", "format": "did" }
+          }
+        }
+      },
+      "output": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "object",
+          "properties": {
+            "uri": { "type": "string", "format": "at-uri" },
+            "cid": { "type": "string", "format": "cid" },
+            "commit": {
+              "type": "object",
+              "properties": {
+                "cid": { "type": "string", "format": "cid" },
+                "rev": { "type": "string" }
+              }
+            },
+            "validationStatus": { "type": "string" }
+          }
+        }
+      }
+    }
+  }
+}

package/dist/lexicons/dev/hatk/searchRecords.json ADDED Viewed

@@ -0,0 +1,32 @@
+{
+  "lexicon": 1,
+  "id": "dev.hatk.searchRecords",
+  "defs": {
+    "main": {
+      "type": "query",
+      "description": "Full-text search across a collection.",
+      "parameters": {
+        "type": "params",
+        "required": ["collection", "q"],
+        "properties": {
+          "collection": { "type": "string" },
+          "q": { "type": "string", "description": "Search query" },
+          "limit": { "type": "integer", "minimum": 1, "maximum": 100, "default": 20 },
+          "cursor": { "type": "string" },
+          "fuzzy": { "type": "boolean", "default": true }
+        }
+      },
+      "output": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "object",
+          "required": ["items"],
+          "properties": {
+            "items": { "type": "array", "items": { "type": "unknown" } },
+            "cursor": { "type": "string" }
+          }
+        }
+      }
+    }
+  }
+}

package/dist/lexicons/dev/hatk/uploadBlob.json ADDED Viewed

@@ -0,0 +1,23 @@
+{
+  "lexicon": 1,
+  "id": "dev.hatk.uploadBlob",
+  "defs": {
+    "main": {
+      "type": "procedure",
+      "description": "Upload a blob via the user's PDS.",
+      "input": {
+        "encoding": "*/*"
+      },
+      "output": {
+        "encoding": "application/json",
+        "schema": {
+          "type": "object",
+          "required": ["blob"],
+          "properties": {
+            "blob": { "type": "blob" }
+          }
+        }
+      }
+    }
+  }
+}

package/dist/oauth/db.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-export declare const OAUTH_DDL = "\nCREATE TABLE IF NOT EXISTS _oauth_keys (\n  kid TEXT PRIMARY KEY,\n  private_key TEXT NOT NULL,\n  public_key TEXT NOT NULL,\n  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_sessions (\n  did TEXT PRIMARY KEY,\n  pds_endpoint TEXT NOT NULL,\n  access_token TEXT NOT NULL,\n  refresh_token TEXT,\n  dpop_jkt TEXT NOT NULL,\n  token_expires_at INTEGER,\n  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,\n  updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_requests (\n  request_uri TEXT PRIMARY KEY,\n  client_id TEXT NOT NULL,\n  redirect_uri TEXT NOT NULL,\n  scope TEXT,\n  state TEXT,\n  code_challenge TEXT NOT NULL,\n  code_challenge_method TEXT NOT NULL DEFAULT 'S256',\n  dpop_jkt TEXT NOT NULL,\n  pds_request_uri TEXT,\n  pds_auth_server TEXT,\n  pds_code_verifier TEXT,\n  pds_state TEXT,\n  did TEXT,\n  login_hint TEXT,\n  expires_at INTEGER NOT NULL\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_codes (\n  code TEXT PRIMARY KEY,\n  request_uri TEXT NOT NULL,\n  created_at INTEGER NOT NULL\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_refresh_tokens (\n  token TEXT PRIMARY KEY,\n  client_id TEXT NOT NULL,\n  did TEXT NOT NULL,\n  dpop_jkt TEXT NOT NULL,\n  scope TEXT,\n  created_at INTEGER NOT NULL,\n  expires_at INTEGER,\n  revoked INTEGER NOT NULL DEFAULT 0\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_dpop_jtis (\n  jti TEXT PRIMARY KEY,\n  expires_at INTEGER NOT NULL\n);\n";
+export declare const OAUTH_DDL = "\nCREATE TABLE IF NOT EXISTS _oauth_keys (\n  kid TEXT PRIMARY KEY,\n  private_key TEXT NOT NULL,\n  public_key TEXT NOT NULL,\n  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_sessions (\n  did TEXT PRIMARY KEY,\n  pds_endpoint TEXT NOT NULL,\n  access_token TEXT NOT NULL,\n  refresh_token TEXT,\n  dpop_jkt TEXT NOT NULL,\n  token_expires_at INTEGER,\n  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,\n  updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_requests (\n  request_uri TEXT PRIMARY KEY,\n  client_id TEXT NOT NULL,\n  redirect_uri TEXT NOT NULL,\n  scope TEXT,\n  state TEXT,\n  code_challenge TEXT NOT NULL,\n  code_challenge_method TEXT NOT NULL DEFAULT 'S256',\n  dpop_jkt TEXT NOT NULL,\n  pds_request_uri TEXT,\n  pds_auth_server TEXT,\n  pds_endpoint TEXT,\n  pds_code_verifier TEXT,\n  pds_state TEXT,\n  did TEXT,\n  login_hint TEXT,\n  expires_at INTEGER NOT NULL\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_codes (\n  code TEXT PRIMARY KEY,\n  request_uri TEXT NOT NULL,\n  created_at INTEGER NOT NULL\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_refresh_tokens (\n  token TEXT PRIMARY KEY,\n  client_id TEXT NOT NULL,\n  did TEXT NOT NULL,\n  dpop_jkt TEXT NOT NULL,\n  scope TEXT,\n  created_at INTEGER NOT NULL,\n  expires_at INTEGER,\n  revoked INTEGER NOT NULL DEFAULT 0\n);\n\nCREATE TABLE IF NOT EXISTS _oauth_dpop_jtis (\n  jti TEXT PRIMARY KEY,\n  expires_at INTEGER NOT NULL\n);\n";
 export declare function getServerKey(kid: string): Promise<{
     privateKey: string;
     publicKey: string;
@@ -14,6 +14,7 @@ export declare function storeOAuthRequest(requestUri: string, data: {
     dpopJkt: string;
     pdsRequestUri?: string;
     pdsAuthServer?: string;
+    pdsEndpoint?: string;
     pdsCodeVerifier?: string;
     pdsState?: string;
     did?: string;

package/dist/oauth/db.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"db.d.ts","sourceRoot":"","sources":["../../src/oauth/db.ts"],"names":[],"mappings":"AAMA,eAAO,MAAM,SAAS,~~87CA0DrB~~,CAAA;AAID,wBAAsB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAIzG;AAED,wBAAsB,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAMtG;AAID,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE;IACJ,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,aAAa,EAAE,MAAM,CAAA;IACrB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;CAClB,GACA,OAAO,CAAC,IAAI,CAAC,~~CAsBf~~;AAED,wBAAsB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAM7E;AAED,wBAAsB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE1E;AAID,wBAAsB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAMnF;AAED,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAK1E;AAID,wBAAsB,YAAY,CAChC,GAAG,EAAE,MAAM,EACX,IAAI,EAAE;IACJ,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,MAAM,CAAA;IACf,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB,GACA,OAAO,CAAC,IAAI,CAAC,CAMf;AAED,wBAAsB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAGjE;AAED,wBAAsB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE9D;AAID,wBAAsB,iBAAiB,CACrC,KAAK,EAAE,MAAM,EACb,IAAI,EAAE;IACJ,QAAQ,EAAE,MAAM,CAAA;IAChB,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,GACA,OAAO,CAAC,IAAI,CAAC,CAQf;AAED,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAGxE;AAED,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAErE;AAID,wBAAsB,oBAAoB,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAK3F;AAED,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,IAAI,CAAC,CAQzD"}
1	+ {"version":3,"file":"db.d.ts","sourceRoot":"","sources":["../../src/oauth/db.ts"],"names":[],"mappings":"AAMA,eAAO,MAAM,SAAS,o9CA2DrB,CAAA;AAID,wBAAsB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAIzG;AAED,wBAAsB,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAMtG;AAID,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE;IACJ,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,aAAa,EAAE,MAAM,CAAA;IACrB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;CAClB,GACA,OAAO,CAAC,IAAI,CAAC,CAuBf;AAED,wBAAsB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAM7E;AAED,wBAAsB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE1E;AAID,wBAAsB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAMnF;AAED,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAK1E;AAID,wBAAsB,YAAY,CAChC,GAAG,EAAE,MAAM,EACX,IAAI,EAAE;IACJ,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,MAAM,CAAA;IACf,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB,GACA,OAAO,CAAC,IAAI,CAAC,CAMf;AAED,wBAAsB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAGjE;AAED,wBAAsB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE9D;AAID,wBAAsB,iBAAiB,CACrC,KAAK,EAAE,MAAM,EACb,IAAI,EAAE;IACJ,QAAQ,EAAE,MAAM,CAAA;IAChB,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,GACA,OAAO,CAAC,IAAI,CAAC,CAQf;AAED,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAGxE;AAED,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAErE;AAID,wBAAsB,oBAAoB,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAK3F;AAED,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,IAAI,CAAC,CAQzD"}

package/dist/oauth/db.js CHANGED Viewed

@@ -31,6 +31,7 @@ CREATE TABLE IF NOT EXISTS _oauth_requests (
   dpop_jkt TEXT NOT NULL,
   pds_request_uri TEXT,
   pds_auth_server TEXT,
+  pds_endpoint TEXT,
   pds_code_verifier TEXT,
   pds_state TEXT,
   did TEXT,
@@ -76,8 +77,8 @@ export async function storeServerKey(kid, privateKey, publicKey) {
 }
 // --- OAuth Request Storage ---
 export async function storeOAuthRequest(requestUri, data) {
-    await runSQL(`INSERT INTO _oauth_requests (request_uri, client_id, redirect_uri, scope, state, code_challenge, code_challenge_method, dpop_jkt, pds_request_uri, pds_auth_server, pds_code_verifier, pds_state, did, login_hint, expires_at)
-     VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15)`, [
+    await runSQL(`INSERT INTO _oauth_requests (request_uri, client_id, redirect_uri, scope, state, code_challenge, code_challenge_method, dpop_jkt, pds_request_uri, pds_auth_server, pds_endpoint, pds_code_verifier, pds_state, did, login_hint, expires_at)
+     VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16)`, [
         requestUri,
         data.clientId,
         data.redirectUri,
@@ -88,6 +89,7 @@ export async function storeOAuthRequest(requestUri, data) {
         data.dpopJkt,
         data.pdsRequestUri || null,
         data.pdsAuthServer || null,
+        data.pdsEndpoint || null,
         data.pdsCodeVerifier || null,
         data.pdsState || null,
         data.did || null,

package/dist/oauth/server.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/oauth/server.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;~~AA2E~~/C,wBAAsB,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAsBrG;AAID,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;;;;;;;;;;;;;;;;;;;EAqBxE;AAED,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;;;;;EAO/E;AAED,wBAAgB,OAAO;;;;;;;;;;;;;;;;;;;;;;EAWtB;AAED,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;;;;;;;;;EAcpE;AAID,wBAAsB,SAAS,CAC7B,MAAM,EAAE,WAAW,EACnB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC,~~CA2ItD~~;AAID,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,GAAG,MAAM,CAShF;AAID,wBAAsB,WAAW,CAAC,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,~~CAoGtF~~;AAID,wBAAsB,cAAc,CAClC,MAAM,EAAE,WAAW,EACnB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GAAG,IAAI,EACpB,GAAG,EAAE,MAAM,GAAG,IAAI,GACjB,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,iBAAiB,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAC,~~CAyHrG~~;AAID,wBAAsB,WAAW,CAC/B,MAAM,EAAE,WAAW,EACnB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,GAAG,CAAC,CAUd;AA0JD,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,WAAW,EACnB,OAAO,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GACtF,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,~~CAmEpF~~;AAID,wBAAsB,YAAY,CAChC,UAAU,EAAE,MAAM,GAAG,IAAI,EACzB,UAAU,EAAE,MAAM,GAAG,IAAI,EACzB,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,GACV,OAAO,CAAC;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CA0BjC"}
1	+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/oauth/server.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AA4E/C,wBAAsB,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAsBrG;AAID,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;;;;;;;;;;;;;;;;;;;EAqBxE;AAED,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;;;;;EAO/E;AAED,wBAAgB,OAAO;;;;;;;;;;;;;;;;;;;;;;EAWtB;AAED,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;;;;;;;;;EAcpE;AAID,wBAAsB,SAAS,CAC7B,MAAM,EAAE,WAAW,EACnB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC,CA+ItD;AAID,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,GAAG,MAAM,CAShF;AAID,wBAAsB,WAAW,CAAC,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAsGtF;AAID,wBAAsB,cAAc,CAClC,MAAM,EAAE,WAAW,EACnB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GAAG,IAAI,EACpB,GAAG,EAAE,MAAM,GAAG,IAAI,GACjB,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,iBAAiB,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAC,CA0HrG;AAID,wBAAsB,WAAW,CAC/B,MAAM,EAAE,WAAW,EACnB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,GAAG,CAAC,CAUd;AA0JD,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,WAAW,EACnB,OAAO,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GACtF,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAoEpF;AAID,wBAAsB,YAAY,CAChC,UAAU,EAAE,MAAM,GAAG,IAAI,EACzB,UAAU,EAAE,MAAM,GAAG,IAAI,EACzB,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,GACV,OAAO,CAAC;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CA0BjC"}

package/dist/oauth/server.js CHANGED Viewed

@@ -4,7 +4,7 @@ import { parseDpopProof, createDpopProof } from "./dpop.js";
 import { initSession } from "./session.js";
 import { resolveClient, validateRedirectUri, isLoopbackClient } from "./client.js";
 import { discoverAuthServer, resolveHandle } from "./discovery.js";
-import { getServerKey, storeServerKey, storeOAuthRequest, getOAuthRequest, deleteOAuthRequest, storeAuthCode, consumeAuthCode, storeSession, checkAndStoreDpopJti, cleanupExpiredOAuth, storeRefreshToken, getRefreshToken, revokeRefreshToken, } from "./db.js";
+import { getServerKey, storeServerKey, storeOAuthRequest, getOAuthRequest, deleteOAuthRequest, storeAuthCode, consumeAuthCode, storeSession, deleteSession, checkAndStoreDpopJti, cleanupExpiredOAuth, storeRefreshToken, getRefreshToken, revokeRefreshToken, } from "./db.js";
 import { emit } from "../logger.js";
 import { querySQL } from "../database/db.js";
 import { fireOnLoginHook } from "../hooks.js";
@@ -161,9 +161,11 @@ export async function handlePar(config, body, dpopHeader, requestUrl) {
     let pdsAuthServer;
     let pdsCodeVerifier;
     let pdsState;
+    let pdsEndpoint;
     if (did) {
         const discovery = await discoverAuthServer(did, _plcUrl);
         pdsAuthServer = discovery.authServerEndpoint;
+        pdsEndpoint = discovery.pdsEndpoint;
         // Create PKCE for our PAR to the PDS
         pdsCodeVerifier = randomToken();
         const pdsCodeChallenge = base64UrlEncode(await sha256(pdsCodeVerifier));
@@ -242,6 +244,7 @@ export async function handlePar(config, body, dpopHeader, requestUrl) {
         dpopJkt: dpop.jkt,
         pdsRequestUri,
         pdsAuthServer,
+        pdsEndpoint,
         pdsCodeVerifier,
         pdsState,
         did,
@@ -271,6 +274,7 @@ export async function serverLogin(config, handle) {
     // Discover PDS auth server
     const discovery = await discoverAuthServer(did, _plcUrl);
     const pdsAuthServer = discovery.authServerEndpoint;
+    const pdsEndpoint = discovery.pdsEndpoint;
     // Create PKCE for PAR to PDS
     const pdsCodeVerifier = randomToken();
     const pdsCodeChallenge = base64UrlEncode(await sha256(pdsCodeVerifier));
@@ -335,6 +339,7 @@ export async function serverLogin(config, handle) {
         dpopJkt: serverJkt,
         pdsRequestUri,
         pdsAuthServer,
+        pdsEndpoint,
         pdsCodeVerifier,
         pdsState,
         did,
@@ -424,9 +429,10 @@ export async function handleCallback(config, code, state, iss) {
     const did = tokenData.sub;
     if (!did)
         throw new Error('PDS token response missing sub (DID)');
-    // Store PDS session server-side
+    // Store PDS session server-side — pds_endpoint is the actual data PDS
+    // (e.g. leccinum.us-west.host.bsky.network), not the auth server (bsky.social)
     await storeSession(did, {
-        pdsEndpoint: request.pds_auth_server.replace('/oauth', ''),
+        pdsEndpoint: request.pds_endpoint,
         accessToken: tokenData.access_token,
         refreshToken: tokenData.refresh_token,
         dpopJkt: serverJkt,
@@ -621,6 +627,7 @@ export async function refreshPdsSession(config, session) {
             did: session.did,
             pds_endpoint: session.pds_endpoint,
         });
+        await deleteSession(session.did);
         return null;
     }
     const tokenData = await tokenRes.json();

package/dist/pds-proxy.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"pds-proxy.d.ts","sourceRoot":"","sources":["../src/pds-proxy.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;~~AAS9C~~,qBAAa,UAAW,SAAQ,KAAK;IAE1B,MAAM,EAAE,MAAM;gBAAd,MAAM,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM;CAIlB;AAED,qBAAa,sBAAuB,SAAQ,UAAU;;CAIrD;~~AAoHD~~,wBAAsB,eAAe,CACnC,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,EACvB,KAAK,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,GAC3F,OAAO,CAAC;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,~~CAiCzC~~;AAED,wBAAsB,eAAe,CACnC,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,EACvB,KAAK,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAC1C,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAyBlC;AAED,wBAAsB,YAAY,CAChC,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,EACvB,KAAK,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,GAC1F,OAAO,CAAC;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,~~CA8BzC~~;AAED,wBAAsB,aAAa,CACjC,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,EACvB,IAAI,EAAE,UAAU,EAChB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,CAAC,CAS5B"}
1	+ {"version":3,"file":"pds-proxy.d.ts","sourceRoot":"","sources":["../src/pds-proxy.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAU9C,qBAAa,UAAW,SAAQ,KAAK;IAE1B,MAAM,EAAE,MAAM;gBAAd,MAAM,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM;CAIlB;AAED,qBAAa,sBAAuB,SAAQ,UAAU;;CAIrD;AAuHD,wBAAsB,eAAe,CACnC,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,EACvB,KAAK,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,GAC3F,OAAO,CAAC;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAwCzC;AAED,wBAAsB,eAAe,CACnC,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,EACvB,KAAK,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAC1C,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAyBlC;AAED,wBAAsB,YAAY,CAChC,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,EACvB,KAAK,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,GAC1F,OAAO,CAAC;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAqCzC;AAED,wBAAsB,aAAa,CACjC,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,EACvB,IAAI,EAAE,UAAU,EAChB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,CAAC,CAS5B"}

package/dist/pds-proxy.js CHANGED Viewed

@@ -6,6 +6,7 @@ import { validateRecord } from '@bigmoves/lexicon';
 import { getLexiconArray } from "./database/schema.js";
 import { insertRecord, deleteRecord as dbDeleteRecord } from "./database/db.js";
 import { emit } from "./logger.js";
+import { runLabelRules } from "./labels.js";
 export class ProxyError extends Error {
     status;
     constructor(status, message) {
@@ -40,7 +41,10 @@ async function withDpopRetry(oauthConfig, session, doFetch) {
         throw new ScopeMissingProxyError();
     }
     // Step 3: handle expired PDS token — refresh and retry
-    if (result.body.error === 'invalid_token') {
+    // The PDS returns 'InvalidToken' or 'ExpiredToken' (AT Proto PascalCase convention)
+    // while the OAuth spec uses 'invalid_token' (RFC 6750 snake_case)
+    const err = result.body.error;
+    if (err === 'invalid_token' || err === 'InvalidToken' || err === 'ExpiredToken') {
         const refreshed = await refreshPdsSession(oauthConfig, session);
         if (refreshed) {
             accessToken = refreshed.accessToken;
@@ -117,6 +121,13 @@ export async function pdsCreateRecord(oauthConfig, viewer, input) {
         throw new ProxyError(pdsRes.status, String(pdsRes.body.error || 'PDS write failed'));
     try {
         await insertRecord(input.collection, String(pdsRes.body.uri), String(pdsRes.body.cid), viewer.did, input.record);
+        await runLabelRules({
+            uri: String(pdsRes.body.uri),
+            cid: String(pdsRes.body.cid),
+            did: viewer.did,
+            collection: input.collection,
+            value: input.record,
+        });
     }
     catch (err) {
         emit('pds-proxy', 'local_index_error', {
@@ -171,6 +182,13 @@ export async function pdsPutRecord(oauthConfig, viewer, input) {
         throw new ProxyError(pdsRes.status, String(pdsRes.body.error || 'PDS write failed'));
     try {
         await insertRecord(input.collection, String(pdsRes.body.uri), String(pdsRes.body.cid), viewer.did, input.record);
+        await runLabelRules({
+            uri: String(pdsRes.body.uri),
+            cid: String(pdsRes.body.cid),
+            did: viewer.did,
+            collection: input.collection,
+            value: input.record,
+        });
     }
     catch (err) {
         emit('pds-proxy', 'local_index_error', { op: 'putRecord', error: err instanceof Error ? err.message : String(err) });

package/dist/server-init.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"server-init.d.ts","sourceRoot":"","sources":["../src/server-init.ts"],"names":[],"mappings":"AAWA;;;GAGG;AACH,wBAAsB,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE;IAAE,SAAS,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,~~CA2DjG~~"}
1	+ {"version":3,"file":"server-init.d.ts","sourceRoot":"","sources":["../src/server-init.ts"],"names":[],"mappings":"AAWA;;;GAGG;AACH,wBAAsB,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE;IAAE,SAAS,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA4DjG"}

package/dist/server-init.js CHANGED Viewed

@@ -3,7 +3,7 @@ import { log } from "./logger.js";
 import { scanServerDir } from "./scanner.js";
 import { registerFeed, listFeeds } from "./feeds.js";
 import { registerXrpcHandler, listXrpc } from "./xrpc.js";
-import { registerLabelModule, getLabelDefinitions } from "./labels.js";
+import { registerLabelModule, getLabelDefinitions, clearLabels } from "./labels.js";
 import { registerOgHandler } from "./opengraph.js";
 import { registerHook } from "./hooks.js";
 import { runSetupHandler } from "./setup.js";
@@ -40,7 +40,8 @@ export async function initServer(serverDir, opts) {
     for (const entry of scanned.hooks) {
         registerHook(entry.mod.event, entry.mod.handler);
     }
-    // 5. Register labels
+    // 5. Register labels (clear first for hot-reload)
+    clearLabels();
     for (const entry of scanned.labels) {
         registerLabelModule(entry.name, entry.mod);
     }

package/dist/server.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"~~AAqDA~~,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AA0B9C;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,WAAW,GAAG,IAAI,GAAG,IAAI,~~CAwH3F~~;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,EAAE,CAAA;IACrB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,KAAK,EAAE,WAAW,GAAG,IAAI,CAAA;IACzB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,KAAK,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACxF,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAA;IAC5D,QAAQ,CAAC,EAAE,MAAM,IAAI,CAAA;CACtB;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,aAAa,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,~~CA8xB5F~~;AAGD,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EAAE,EACrB,SAAS,EAAE,MAAM,GAAG,IAAI,EACxB,KAAK,EAAE,WAAW,GAAG,IAAI,EACzB,MAAM,GAAE,MAAM,EAAO,EACrB,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,EAC5D,QAAQ,CAAC,EAAE,MAAM,IAAI,GACpB,OAAO,WAAW,EAAE,MAAM,CAG5B"}
1	+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAyDA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AA0B9C;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,WAAW,GAAG,IAAI,GAAG,IAAI,CAuK3F;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,EAAE,CAAA;IACrB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,KAAK,EAAE,WAAW,GAAG,IAAI,CAAA;IACzB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,KAAK,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACxF,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAA;IAC5D,QAAQ,CAAC,EAAE,MAAM,IAAI,CAAA;CACtB;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,aAAa,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CA6zB5F;AAGD,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EAAE,EACrB,SAAS,EAAE,MAAM,GAAG,IAAI,EACxB,KAAK,EAAE,WAAW,GAAG,IAAI,EACzB,MAAM,GAAE,MAAM,EAAO,EACrB,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,EAC5D,QAAQ,CAAC,EAAE,MAAM,IAAI,GACpB,OAAO,WAAW,EAAE,MAAM,CAG5B"}