atproto-devtool 0.1.0

A multitool for the atproto developer ecosystem
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506

//! Target parsing and pipeline driver skeleton for labeler conformance checks.

use std::borrow::Cow;
use std::time::Duration;

use miette::Diagnostic;
use thiserror::Error;
use url::Url;

use crate::commands::test::labeler::crypto;
use crate::commands::test::labeler::http::{self, RealHttpTee};
use crate::commands::test::labeler::identity;
use crate::commands::test::labeler::report::{
    CheckResult, CheckStatus, LabelerReport, ReportHeader, Stage,
};
use crate::commands::test::labeler::subscription::{self, RealWebSocketClient};
use crate::common::identity::{Did, DnsResolver, HttpClient};

/// A labeler target: either a resolvable identifier (handle or DID) or a raw endpoint URL.
#[derive(Debug, Clone)]
pub enum LabelerTarget {
    /// A handle or DID that can be resolved.
    Identified {
        /// The handle or DID to resolve.
        identifier: AtIdentifier,
        /// An optional explicit DID override (for cross-checking).
        explicit_did: Option<Did>,
    },
    /// A raw HTTP endpoint, optionally with a DID for identity checks.
    Endpoint {
        /// The endpoint URL.
        url: Url,
        /// An optional DID to cross-check against the endpoint.
        did: Option<Did>,
    },
}

/// An ATProto identifier: a handle or a DID.
#[derive(Debug, Clone)]
pub enum AtIdentifier {
    /// An ATProto handle (e.g., `alice.bsky.social`).
    Handle(String),
    /// A decentralized identifier (e.g., `did:plc:...` or `did:web:...`).
    Did(Did),
}

/// Options for running the labeler pipeline.
pub struct LabelerOptions<'a> {
    /// HTTP client for network requests.
    pub http: &'a dyn HttpClient,
    /// DNS resolver for handle lookups.
    pub dns: &'a dyn DnsResolver,
    /// HTTP tee to use for the labeler endpoint.
    pub http_tee: HttpTee<'a>,
    /// WebSocket client for subscription stage (optional, defaults to RealWebSocketClient).
    pub ws_client: Option<&'a dyn subscription::WebSocketClient>,
    /// Per-connection time budget for subscription checks.
    pub subscribe_timeout: Duration,
    /// Whether to emit verbose diagnostics.
    pub verbose: bool,
}

/// HTTP tee to use for the labeler endpoint.
pub enum HttpTee<'a> {
    /// Shared reqwest client for both identity and HTTP stages.
    Real(&'a reqwest::Client),
    /// Explicit control (for tests).
    Test(&'a dyn http::RawHttpTee),
}

/// Error from target parsing.
#[derive(Debug, Error, Diagnostic)]
#[error("{message}")]
pub struct TargetParseError {
    /// The error message.
    pub message: String,
}

impl TargetParseError {
    fn new(message: impl Into<String>) -> Self {
        Self {
            message: message.into(),
        }
    }

    fn unrecognized_target(raw: &str) -> Self {
        Self::new(format!(
            "Unrecognized target '{raw}'. Expected one of:\n  - ATProto handle (e.g., alice.bsky.social)\n  - DID (e.g., did:plc:abc123 or did:web:example.com)\n  - HTTPS endpoint URL (e.g., https://labeler.example.com)"
        ))
    }

    fn http_not_supported(raw: &str) -> Self {
        Self::new(format!(
            "HTTP endpoint '{raw}' is not supported. Please use an HTTPS endpoint instead."
        ))
    }

    fn ambiguous_did(raw: &str, explicit: &str) -> Self {
        Self::new(format!(
            "Ambiguous target specification: target '{raw}' is already a DID, but --did {explicit} was also provided. Please use only one."
        ))
    }
}

/// Check if a string is a valid ATProto handle.
///
/// A valid handle:
/// - Contains at least one dot.
/// - Contains only alphanumeric characters, hyphens, and dots.
/// - Does not start or end with a hyphen or dot.
/// - Has no empty segments (no consecutive dots or leading/trailing dots).
fn is_valid_handle(s: &str) -> bool {
    if !s.contains('.') {
        return false;
    }

    // Check for empty string or leading/trailing special chars.
    if s.is_empty()
        || s.starts_with('-')
        || s.starts_with('.')
        || s.ends_with('-')
        || s.ends_with('.')
    {
        return false;
    }

    // Check all characters are alphanumeric, hyphen, or dot.
    for c in s.chars() {
        if !c.is_ascii_alphanumeric() && c != '-' && c != '.' {
            return false;
        }
    }

    // Check no empty segments (no consecutive dots).
    if s.contains("..") {
        return false;
    }

    true
}

/// Parse a labeler target from a string and optional explicit DID.
///
/// Returns a `LabelerTarget` on success, or a `TargetParseError` on failure.
///
/// Rules:
/// - If `raw` starts with `did:`, parse as a DID. If `explicit_did` is also provided, return an error.
/// - If `raw` starts with `https://`, parse as a URL. `explicit_did` is carried as an optional DID.
/// - If `raw` starts with `http://`, return an error pointing the user to HTTPS.
/// - If `raw` contains a dot and matches handle grammar, treat as a handle. `explicit_did` is carried.
/// - Otherwise, return an unrecognized target error.
pub fn parse_target(
    raw: &str,
    explicit_did: Option<&str>,
) -> Result<LabelerTarget, TargetParseError> {
    // Check for DID.
    if raw.starts_with("did:") {
        if let Some(ed) = explicit_did {
            return Err(TargetParseError::ambiguous_did(raw, ed));
        }
        return Ok(LabelerTarget::Identified {
            identifier: AtIdentifier::Did(Did(raw.to_string())),
            explicit_did: None,
        });
    }

    // Check for HTTPS URL.
    if raw.starts_with("https://") {
        let url = Url::parse(raw)
            .map_err(|e| TargetParseError::new(format!("Invalid URL '{raw}': {e}")))?;
        return Ok(LabelerTarget::Endpoint {
            url,
            did: explicit_did.map(|d| Did(d.to_string())),
        });
    }

    // Check for HTTP URL (reject with helpful message).
    if raw.starts_with("http://") {
        return Err(TargetParseError::http_not_supported(raw));
    }

    // Check for handle.
    if is_valid_handle(raw) {
        return Ok(LabelerTarget::Identified {
            identifier: AtIdentifier::Handle(raw.to_string()),
            explicit_did: explicit_did.map(|d| Did(d.to_string())),
        });
    }

    // Unrecognized target.
    Err(TargetParseError::unrecognized_target(raw))
}

/// Run the full labeler conformance pipeline.
///
/// This is the main driver that orchestrates all validation stages.
pub async fn run_pipeline(target: LabelerTarget, opts: LabelerOptions<'_>) -> LabelerReport {
    // Build initial header from target.
    let header = ReportHeader {
        target: format_target(&target),
        resolved_did: None,
        pds_endpoint: None,
        labeler_endpoint: None,
    };

    let mut report = LabelerReport::new(header);

    // Run the identity stage.
    let identity_output = identity::run(&target, opts.http, opts.dns).await;

    // Populate header from facts if available.
    if let Some(ref facts) = identity_output.facts {
        report.header.resolved_did = Some(facts.did.to_string());
        report.header.pds_endpoint = Some(facts.pds_endpoint.to_string());
        report.header.labeler_endpoint = Some(facts.labeler_endpoint.to_string());
    }

    // Determine if subsequent stages are blocked by identity failures or just not supplied.
    // If all identity results are Skipped with "no DID supplied" reason, then HTTP/Subscription
    // should say they're "not yet implemented" rather than "blocked". Otherwise, they're blocked.
    let is_no_did_supplied = !identity_output.results.is_empty()
        && identity_output.results.iter().all(|r| {
            r.status == CheckStatus::Skipped
                && r.skipped_reason
                    .as_ref()
                    .map(|reason| reason.contains("no DID supplied"))
                    .unwrap_or(false)
        });

    // Record all identity stage results.
    for result in identity_output.results {
        report.record(result);
    }

    // Determine the labeler endpoint for the HTTP stage.
    let labeler_endpoint = if let Some(ref facts) = identity_output.facts {
        Some(facts.labeler_endpoint.clone())
    } else if let LabelerTarget::Endpoint { url, .. } = &target {
        Some(url.clone())
    } else {
        None
    };

    // Run the HTTP stage if we have an endpoint.
    let mut http_facts = None;
    if let Some(endpoint) = &labeler_endpoint {
        let output = match opts.http_tee {
            HttpTee::Test(tee) => {
                // Use the supplied tee (for testing).
                http::run(tee).await
            }
            HttpTee::Real(client) => {
                let http_client = client.clone();
                let real_tee = RealHttpTee::new(http_client, endpoint.clone());
                http::run(&real_tee).await
            }
        };
        for result in output.results {
            report.record(result);
        }
        http_facts = output.facts.clone();
    } else if identity_output.facts.is_none() && !is_no_did_supplied {
        // HTTP stage blocked by identity failures.
        report.record(CheckResult {
            id: "http::not_run",
            stage: Stage::Http,
            status: CheckStatus::Skipped,
            summary: Cow::Borrowed("HTTP stage (not run)"),
            diagnostic: None,
            skipped_reason: Some(Cow::Borrowed("blocked by identity stage failures")),
        });
    } else {
        // HTTP stage not run because no endpoint could be derived.
        report.record(CheckResult {
            id: "http::not_run",
            stage: Stage::Http,
            status: CheckStatus::Skipped,
            summary: Cow::Borrowed("HTTP stage (not run)"),
            diagnostic: None,
            skipped_reason: Some(Cow::Borrowed("identity stage produced no labeler endpoint")),
        });
    }

    // Run the subscription stage if we have an endpoint.
    let mut subscription_facts = None;
    if let Some(endpoint) = &labeler_endpoint {
        let ws: &dyn subscription::WebSocketClient = if let Some(injected_ws) = opts.ws_client {
            injected_ws
        } else {
            &RealWebSocketClient
        };
        let sub_output = subscription::run(endpoint, ws, opts.subscribe_timeout).await;
        for result in sub_output.results {
            report.record(result);
        }
        subscription_facts = sub_output.facts;
    } else if identity_output.facts.is_none() && !is_no_did_supplied {
        // Subscription stage blocked by identity failures.
        report.record(CheckResult {
            id: "subscription::not_run",
            stage: Stage::Subscription,
            status: CheckStatus::Skipped,
            summary: Cow::Borrowed("Subscription stage (not run)"),
            diagnostic: None,
            skipped_reason: Some(Cow::Borrowed("blocked by identity stage failures")),
        });
    } else {
        // Subscription stage not run because no endpoint could be derived.
        report.record(CheckResult {
            id: "subscription::not_run",
            stage: Stage::Subscription,
            status: CheckStatus::Skipped,
            summary: Cow::Borrowed("Subscription stage (not run)"),
            diagnostic: None,
            skipped_reason: Some(Cow::Borrowed("identity stage produced no labeler endpoint")),
        });
    }

    // Run the crypto stage if identity succeeded and at least one of the HTTP
    // or subscription stages produced labels to verify. Labels from both
    // sources are combined so a failure in one does not block verification
    // on the other — the HTTP stage yields JSON-decoded labels via
    // `queryLabels` and the subscription stage yields CBOR-decoded labels
    // from `subscribeLabels`, and both encodings are covered.
    let sub_has_labels = subscription_facts
        .as_ref()
        .map(|f| !f.sample_labels.is_empty())
        .unwrap_or(false);
    if let Some(identity_facts) = &identity_output.facts {
        if http_facts.is_some() || sub_has_labels {
            let mut combined_labels: Vec<atrium_api::com::atproto::label::defs::Label> = Vec::new();
            if let Some(h) = &http_facts {
                combined_labels.extend(h.first_page.iter().cloned());
            }
            if let Some(s) = &subscription_facts {
                combined_labels.extend(s.sample_labels.iter().cloned());
            }
            // Crypto stage uses the same HTTP seam as the rest of the
            // pipeline so tests can inject a fake client for the PLC audit
            // log fetch.
            let crypto_output = crypto::run(identity_facts, &combined_labels, opts.http).await;
            for result in crypto_output.results {
                report.record(result);
            }
        } else {
            report.record(CheckResult {
                id: "crypto::not_run",
                stage: Stage::Crypto,
                status: CheckStatus::Skipped,
                summary: Cow::Borrowed("Crypto stage (not run)"),
                diagnostic: None,
                skipped_reason: Some(Cow::Borrowed(
                    "neither HTTP nor subscription stage produced labels to verify",
                )),
            });
        }
    } else if identity_output.facts.is_none() && !is_no_did_supplied {
        // Crypto stage blocked by identity failures.
        report.record(CheckResult {
            id: "crypto::not_run",
            stage: Stage::Crypto,
            status: CheckStatus::Skipped,
            summary: Cow::Borrowed("Crypto stage (not run)"),
            diagnostic: None,
            skipped_reason: Some(Cow::Borrowed("blocked by upstream stage failures")),
        });
    } else {
        // Crypto stage not run (no identity or no endpoint).
        report.record(CheckResult {
            id: "crypto::not_run",
            stage: Stage::Crypto,
            status: CheckStatus::Skipped,
            summary: Cow::Borrowed("Crypto stage (not run)"),
            diagnostic: None,
            skipped_reason: Some(Cow::Borrowed("identity stage produced no labeler endpoint")),
        });
    }

    report.finish();
    report
}

/// Format a target for display in the report header.
fn format_target(target: &LabelerTarget) -> String {
    match target {
        LabelerTarget::Identified {
            identifier,
            explicit_did,
        } => {
            let id_str = match identifier {
                AtIdentifier::Handle(h) => h.clone(),
                AtIdentifier::Did(d) => d.0.clone(),
            };
            if explicit_did.is_some() {
                format!("{id_str} (with explicit DID)")
            } else {
                id_str
            }
        }
        LabelerTarget::Endpoint { url, did } => {
            if did.is_some() {
                format!("{url} (with explicit DID)")
            } else {
                url.to_string()
            }
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn parse_target_handle() {
        let target = parse_target("alice.bsky.social", None).expect("should parse");
        match target {
            LabelerTarget::Identified {
                identifier,
                explicit_did,
            } => {
                assert!(
                    matches!(identifier, AtIdentifier::Handle(ref h) if h == "alice.bsky.social")
                );
                assert!(explicit_did.is_none());
            }
            _ => panic!("expected Identified variant"),
        }
    }

    #[test]
    fn parse_target_did_plc() {
        let target = parse_target("did:plc:abc123", None).expect("should parse");
        match target {
            LabelerTarget::Identified {
                identifier,
                explicit_did,
            } => {
                assert!(matches!(identifier, AtIdentifier::Did(ref d) if d.0 == "did:plc:abc123"));
                assert!(explicit_did.is_none());
            }
            _ => panic!("expected Identified variant"),
        }
    }

    #[test]
    fn parse_target_did_web() {
        let target = parse_target("did:web:example.com", None).expect("should parse");
        match target {
            LabelerTarget::Identified {
                identifier,
                explicit_did,
            } => {
                assert!(
                    matches!(identifier, AtIdentifier::Did(ref d) if d.0 == "did:web:example.com")
                );
                assert!(explicit_did.is_none());
            }
            _ => panic!("expected Identified variant"),
        }
    }

    #[test]
    fn parse_target_endpoint_https() {
        let target = parse_target("https://example.com/labeler", None).expect("should parse");
        match target {
            LabelerTarget::Endpoint { url, did } => {
                assert_eq!(url.as_str(), "https://example.com/labeler");
                assert!(did.is_none());
            }
            _ => panic!("expected Endpoint variant"),
        }
    }

    #[test]
    fn parse_target_endpoint_with_explicit_did() {
        let target =
            parse_target("https://example.com/labeler", Some("did:plc:xyz")).expect("should parse");
        match target {
            LabelerTarget::Endpoint { url, did } => {
                assert_eq!(url.as_str(), "https://example.com/labeler");
                assert_eq!(did.map(|d| d.0.clone()), Some("did:plc:xyz".to_string()));
            }
            _ => panic!("expected Endpoint variant"),
        }
    }

    #[test]
    fn parse_target_endpoint_http_rejected() {
        let err = parse_target("http://evil.example", None).expect_err("should reject http");
        assert!(err.message.contains("HTTPS"));
    }

    #[test]
    fn parse_target_unrecognised() {
        let err = parse_target("not a handle or did", None).expect_err("should fail");
        assert!(err.message.contains("Unrecognized target"));
    }

    #[test]
    fn parse_target_did_with_conflicting_flag() {
        let err = parse_target("did:plc:abc", Some("did:web:example.com"))
            .expect_err("should reject ambiguous target");
        assert!(err.message.contains("Ambiguous"));
    }
}