create-pds 0.0.1 → 0.0.2

package/package.json

@@ -1,11 +1,40 @@
 {
   "name": "create-pds",
-  "version": "0.0.1",
-  "description": "Create a new PDS project",
+  "version": "0.0.2",
+  "description": "Create a new AT Protocol PDS on Cloudflare Workers",
+  "type": "module",
   "bin": {
-    "create-pds": "./index.js"
+    "create-pds": "./dist/index.js"
   },
-  "keywords": ["pds", "create", "scaffold"],
-  "author": "Matt",
-  "license": "MIT"
-}
+  "files": [
+    "dist",
+    "templates"
+  ],
+  "devDependencies": {
+    "@clack/prompts": "^0.11.0",
+    "@types/node": "^24.10.4",
+    "citty": "^0.1.6",
+    "publint": "^0.3.16",
+    "tsdown": "^0.18.3",
+    "typescript": "^5.9.3"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ascorbic/atproto-worker.git",
+    "directory": "packages/create-pds"
+  },
+  "homepage": "https://github.com/ascorbic/atproto-worker",
+  "keywords": [
+    "atproto",
+    "bluesky",
+    "pds",
+    "cloudflare-workers"
+  ],
+  "author": "Matt Kane",
+  "license": "MIT",
+  "scripts": {
+    "build": "tsdown",
+    "test": "vitest run",
+    "check": "publint"
+  }
+}

package/templates/pds-worker/README.md

@@ -0,0 +1,92 @@
+# Personal PDS on Cloudflare Workers
+
+A single-user AT Protocol Personal Data Server running on Cloudflare Workers.
+
+> **⚠️ Experimental Software**
+>
+> This is an early-stage project under active development. **Do not migrate your main Bluesky account to this PDS yet.** Use a test account or create a new identity for experimentation.
+
+## Setup
+
+### 1. Install dependencies
+
+```bash
+pnpm install
+```
+
+### 2. Configure environment
+
+If you haven't already, run the setup wizard:
+
+```bash
+pnpm pds init
+# or
+npm run pds init
+yarn pds init
+```
+
+This prompts for your hostname, handle, and password, then writes configuration to `.dev.vars`.
+
+### 3. Run locally
+
+```bash
+pnpm dev
+```
+
+This starts a local development server at http://localhost:5173.
+
+### 4. Deploy to production
+
+First configure for production:
+
+```bash
+pnpm pds init --production
+
+# or
+npm run pds init --production
+yarn pds init --production
+```
+
+This sets vars in `wrangler.jsonc` and secrets via `wrangler secret put`.
+
+Then deploy:
+
+```bash
+pnpm run deploy
+```
+
+## Configuration
+
+Configuration uses environment variables: vars in `wrangler.jsonc` and secrets.
+
+**Vars (in wrangler.jsonc):**
+
+- `PDS_HOSTNAME` - Public hostname of the PDS
+- `DID` - Account DID (e.g., did:web:pds.example.com)
+- `HANDLE` - Account handle (e.g., alice.example.com)
+- `SIGNING_KEY_PUBLIC` - Public key for DID document (multibase)
+
+**Secrets (via wrangler):**
+
+- `AUTH_TOKEN` - Bearer token for API write operations
+- `SIGNING_KEY` - Private signing key (secp256k1 JWK)
+- `JWT_SECRET` - Secret for signing session JWTs
+- `PASSWORD_HASH` - Bcrypt hash of account password (for Bluesky app login)
+
+## Endpoints
+
+Once deployed, your PDS serves:
+
+- `GET /.well-known/did.json` - DID document
+- `GET /health` - Health check
+- `GET /xrpc/com.atproto.sync.getRepo` - Export repository as CAR
+- `GET /xrpc/com.atproto.sync.subscribeRepos` - WebSocket firehose
+- `POST /xrpc/com.atproto.repo.createRecord` - Create a record (authenticated)
+- `POST /xrpc/com.atproto.repo.uploadBlob` - Upload a blob (authenticated)
+- And more...
+
+## Resources
+
+- [AT Protocol Docs](https://atproto.com)
+- [Cloudflare Workers Docs](https://developers.cloudflare.com/workers/)
+- [@ascorbic/pds on GitHub](https://github.com/ascorbic/atproto-worker)

package/templates/pds-worker/env.example

@@ -0,0 +1,27 @@
+# Example environment variables for local development
+# Copy this to .dev.vars and fill in your values
+# Or run `pnpm pds init --local` to generate automatically
+
+# Public hostname of your PDS
+PDS_HOSTNAME=demo-pds.example.com
+
+# Your account's DID (usually did:web:{PDS_HOSTNAME})
+DID=did:web:demo-pds.example.com
+
+# Your account's handle
+HANDLE=alice.demo-pds.example.com
+
+# Bearer token for write operations (generate a random string)
+AUTH_TOKEN=your-secret-token-here
+
+# Private key for signing commits (secp256k1 JWK)
+SIGNING_KEY={"kty":"EC","crv":"secp256k1","x":"...","d":"..."}
+
+# Public key for DID document (multibase encoded)
+SIGNING_KEY_PUBLIC=zQ3sh...
+
+# Secret for signing session JWTs (generate a random string)
+JWT_SECRET=your-jwt-secret-here
+
+# Optional: Bcrypt hash of account password (for app login)
+# PASSWORD_HASH=$2a$10$...

package/templates/pds-worker/gitignore

@@ -0,0 +1,5 @@
+node_modules
+.dev.vars
+.env
+.wrangler
+dist

package/templates/pds-worker/package.json.tmpl

@@ -0,0 +1,27 @@
+{
+	"name": "{{name}}",
+	"version": "1.0.0",
+	"description": "AT Protocol PDS on Cloudflare Workers",
+	"type": "module",
+	"private": true,
+	"dependencies": {
+		"@ascorbic/pds": "^0.0.0"
+	},
+	"devDependencies": {
+		"@cloudflare/vite-plugin": "^1.17.0",
+		"vite": "^6.4.1",
+		"wrangler": "^4.54.0"
+	},
+	"scripts": {
+		"dev": "vite dev",
+		"build": "vite build",
+		"deploy": "vite build && wrangler deploy",
+		"preview": "vite preview",
+		"pds": "pds",
+		"wrangler": "wrangler",
+		"types": "wrangler types"
+	},
+	"keywords": [],
+	"author": "",
+	"license": "MIT"
+}

package/templates/pds-worker/src/index.ts

@@ -0,0 +1,2 @@
+// Re-export the PDS worker - that's all you need!
+export { default, AccountDurableObject } from "@ascorbic/pds";

package/templates/pds-worker/vite.config.ts

@@ -0,0 +1,12 @@
+import { defineConfig } from "vite";
+import { cloudflare } from "@cloudflare/vite-plugin";
+
+export default defineConfig({
+	plugins: [cloudflare()],
+	resolve: {
+		alias: {
+			// Required for dev mode - pino (used by @atproto) doesn't work in Workers
+			pino: "pino/browser.js",
+		},
+	},
+});

package/templates/pds-worker/wrangler.jsonc

@@ -0,0 +1,50 @@
+{
+	// AT Protocol PDS on Cloudflare Workers
+	// Run `pnpm pds init` to configure, or `pnpm pds init --production` to deploy secrets
+	"name": "atproto-pds",
+	"main": "src/index.ts",
+	"compatibility_date": "2025-12-02",
+	"compatibility_flags": [
+		"nodejs_compat"
+	],
+	// Durable Object bindings
+	"durable_objects": {
+		"bindings": [
+			{
+				"name": "ACCOUNT",
+				"class_name": "AccountDurableObject"
+			}
+		]
+	},
+	// Enable SQLite for the Durable Object
+	"migrations": [
+		{
+			"tag": "v1",
+			"new_sqlite_classes": [
+				"AccountDurableObject"
+			]
+		}
+	],
+	// R2 bucket for blob storage (optional - create via Cloudflare dashboard)
+	"r2_buckets": [
+		{
+			"binding": "BLOBS",
+			"bucket_name": "pds-blobs"
+		}
+	],
+	// Environment variables (public config)
+	// These are set by `pds init` or can be edited manually
+	"vars": {
+		// Public hostname of the PDS (e.g., "pds.example.com")
+		"PDS_HOSTNAME": "",
+		// Account DID - usually did:web:<hostname>
+		"DID": "",
+		// Account handle (e.g., "alice.example.com")
+		"HANDLE": ""
+	}
+	// Secrets (set via `pds init` or `pds secret <name>`):
+	// - AUTH_TOKEN: Bearer token for API write operations
+	// - SIGNING_KEY: Private signing key (secp256k1 JWK)
+	// - JWT_SECRET: Secret for signing session JWTs
+	// - PASSWORD_HASH: Bcrypt hash of account password (for Bluesky app login)
+}

package/index.js

@@ -1,4 +0,0 @@
-#!/usr/bin/env node
-
-console.log('create-pds is not yet implemented');
-process.exit(1);