+1 -1

.zed/settings.json

··· 10 10 "analyzerTargetDir": true 11 11 }, 12 12 "cargo": { 13 13 - //"allFeatures": true 13 13 + "allFeatures": true 14 14 } 15 15 } 16 16 }

+1

Cargo.lock

··· 2382 2382 "http", 2383 2383 "jacquard-api", 2384 2384 "jacquard-common", 2385 2385 + "jacquard-lexicon", 2385 2386 "miette", 2386 2387 "n0-future", 2387 2388 "percent-encoding",

+6

crates/jacquard-identity/Cargo.toml

··· 23 23 bytes.workspace = true 24 24 jacquard-common = { version = "0.8", path = "../jacquard-common", features = ["reqwest-client"] } 25 25 jacquard-api = { version = "0.8", path = "../jacquard-api", default-features = false, features = ["minimal"] } 26 26 + jacquard-lexicon = { version = "0.8", path = "../jacquard-lexicon", default-features = false } 26 27 percent-encoding.workspace = true 27 28 reqwest.workspace = true 28 29 url.workspace = true ··· 39 40 [target.'cfg(not(target_family = "wasm"))'.dependencies] 40 41 hickory-resolver = { optional = true, version = "0.24", default-features = false, features = ["system-config", "tokio-runtime"]} 41 42 tokio = { workspace = true, features = ["macros", "rt-multi-thread"] } 43 43 + 44 44 + [[example]] 45 45 + name = "resolve_lexicon" 46 46 + path = "../../examples/resolve_lexicon.rs" 47 47 + required-features = ["dns"]

+327

crates/jacquard-identity/src/lexicon_resolver.rs

··· 1 1 + //! Lexicon schema resolution via DNS and XRPC 2 2 + //! 3 3 + //! This module provides traits and implementations for resolving lexicon schemas at runtime: 4 4 + //! 1. Resolve NSID authority to DID via DNS TXT records (`_lexicon.{reversed-authority}`) 5 5 + //! 2. Fetch lexicon schema from `com.atproto.lexicon.schema` collection via XRPC 6 6 + 7 7 + use crate::resolver::{IdentityError, IdentityResolver}; 8 8 + use jacquard_common::{ 9 9 + IntoStatic, smol_str, 10 10 + types::{cid::Cid, did::Did, string::Nsid}, 11 11 + }; 12 12 + use smol_str::SmolStr; 13 13 + 14 14 + /// Resolve lexicon authority (NSID → authoritative DID) 15 15 + #[cfg_attr(not(target_arch = "wasm32"), trait_variant::make(Send))] 16 16 + pub trait LexiconAuthorityResolver { 17 17 + /// Resolve an NSID to the authoritative DID via DNS 18 18 + /// 19 19 + /// Uses DNS TXT records at `_lexicon.{reversed-authority}`, following the 20 20 + /// AT Protocol lexicon authority spec. Authority segments are reversed 21 21 + /// (e.g., `app.bsky.feed` → query `_lexicon.feed.bsky.app`). 22 22 + /// 23 23 + /// Note: No hierarchical fallback - per the spec, only exact authority match is checked. 24 24 + async fn resolve_lexicon_authority( 25 25 + &self, 26 26 + nsid: &Nsid, 27 27 + ) -> std::result::Result<Did<'static>, LexiconResolutionError>; 28 28 + } 29 29 + 30 30 + /// Resolve lexicon schemas (NSID → schema document) 31 31 + #[cfg_attr(not(target_arch = "wasm32"), trait_variant::make(Send))] 32 32 + pub trait LexiconSchemaResolver { 33 33 + /// Resolve a complete lexicon schema for an NSID 34 34 + async fn resolve_lexicon_schema( 35 35 + &self, 36 36 + nsid: &Nsid, 37 37 + ) -> std::result::Result<ResolvedLexiconSchema<'static>, LexiconResolutionError>; 38 38 + } 39 39 + 40 40 + /// A resolved lexicon schema with metadata 41 41 + #[derive(Debug, Clone)] 42 42 + pub struct ResolvedLexiconSchema<'s> { 43 43 + /// The NSID of the schema 44 44 + pub nsid: Nsid<'s>, 45 45 + /// DID of the repository this schema was fetched from 46 46 + pub repo: Did<'s>, 47 47 + /// Content ID of the record (for cache invalidation) 48 48 + pub cid: Cid<'s>, 49 49 + /// Parsed lexicon document 50 50 + pub doc: jacquard_lexicon::lexicon::LexiconDoc<'s>, 51 51 + } 52 52 + 53 53 + /// Error type for lexicon resolution operations 54 54 + #[derive(Debug, thiserror::Error, miette::Diagnostic)] 55 55 + #[error("{kind}")] 56 56 + pub struct LexiconResolutionError { 57 57 + #[diagnostic_source] 58 58 + kind: LexiconResolutionErrorKind, 59 59 + #[source] 60 60 + source: Option<Box<dyn std::error::Error + Send + Sync>>, 61 61 + } 62 62 + 63 63 + impl LexiconResolutionError { 64 64 + pub fn new( 65 65 + kind: LexiconResolutionErrorKind, 66 66 + source: Option<Box<dyn std::error::Error + Send + Sync>>, 67 67 + ) -> Self { 68 68 + Self { kind, source } 69 69 + } 70 70 + 71 71 + pub fn kind(&self) -> &LexiconResolutionErrorKind { 72 72 + &self.kind 73 73 + } 74 74 + 75 75 + pub fn dns_lookup_failed( 76 76 + authority: impl Into<SmolStr>, 77 77 + source: impl std::error::Error + Send + Sync + 'static, 78 78 + ) -> Self { 79 79 + Self::new( 80 80 + LexiconResolutionErrorKind::DnsLookupFailed { 81 81 + authority: authority.into(), 82 82 + }, 83 83 + Some(Box::new(source)), 84 84 + ) 85 85 + } 86 86 + 87 87 + pub fn no_did_found(authority: impl Into<SmolStr>) -> Self { 88 88 + Self::new( 89 89 + LexiconResolutionErrorKind::NoDIDFound { 90 90 + authority: authority.into(), 91 91 + }, 92 92 + None, 93 93 + ) 94 94 + } 95 95 + 96 96 + pub fn invalid_did(authority: impl Into<SmolStr>, value: impl Into<SmolStr>) -> Self { 97 97 + Self::new( 98 98 + LexiconResolutionErrorKind::InvalidDID { 99 99 + authority: authority.into(), 100 100 + value: value.into(), 101 101 + }, 102 102 + None, 103 103 + ) 104 104 + } 105 105 + 106 106 + pub fn dns_not_configured() -> Self { 107 107 + Self::new(LexiconResolutionErrorKind::DnsNotConfigured, None) 108 108 + } 109 109 + 110 110 + pub fn fetch_failed( 111 111 + nsid: impl Into<SmolStr>, 112 112 + source: impl std::error::Error + Send + Sync + 'static, 113 113 + ) -> Self { 114 114 + Self::new( 115 115 + LexiconResolutionErrorKind::FetchFailed { nsid: nsid.into() }, 116 116 + Some(Box::new(source)), 117 117 + ) 118 118 + } 119 119 + 120 120 + pub fn parse_failed( 121 121 + nsid: impl Into<SmolStr>, 122 122 + source: impl std::error::Error + Send + Sync + 'static, 123 123 + ) -> Self { 124 124 + Self::new( 125 125 + LexiconResolutionErrorKind::ParseFailed { nsid: nsid.into() }, 126 126 + Some(Box::new(source)), 127 127 + ) 128 128 + } 129 129 + 130 130 + pub fn invalid_collection() -> Self { 131 131 + Self::new(LexiconResolutionErrorKind::InvalidCollection, None) 132 132 + } 133 133 + 134 134 + pub fn missing_cid(nsid: impl Into<SmolStr>) -> Self { 135 135 + Self::new( 136 136 + LexiconResolutionErrorKind::MissingCID { nsid: nsid.into() }, 137 137 + None, 138 138 + ) 139 139 + } 140 140 + } 141 141 + 142 142 + impl From<IdentityError> for LexiconResolutionError { 143 143 + fn from(err: IdentityError) -> Self { 144 144 + Self::new(LexiconResolutionErrorKind::IdentityResolution(err), None) 145 145 + } 146 146 + } 147 147 + 148 148 + /// Error categories for lexicon resolution 149 149 + #[derive(Debug, thiserror::Error, miette::Diagnostic)] 150 150 + pub enum LexiconResolutionErrorKind { 151 151 + #[error("DNS lookup failed for authority {authority}")] 152 152 + #[diagnostic(code(jacquard::lexicon::dns_lookup_failed))] 153 153 + DnsLookupFailed { authority: SmolStr }, 154 154 + 155 155 + #[error("no DID found in DNS for authority {authority}")] 156 156 + #[diagnostic( 157 157 + code(jacquard::lexicon::no_did_found), 158 158 + help("ensure _lexicon.{{reversed-authority}} TXT record exists with did=...") 159 159 + )] 160 160 + NoDIDFound { authority: SmolStr }, 161 161 + 162 162 + #[error("invalid DID in DNS for authority {authority}: {value}")] 163 163 + #[diagnostic(code(jacquard::lexicon::invalid_did))] 164 164 + InvalidDID { authority: SmolStr, value: SmolStr }, 165 165 + 166 166 + #[error("DNS not configured (dns feature disabled or WASM target)")] 167 167 + #[diagnostic( 168 168 + code(jacquard::lexicon::dns_not_configured), 169 169 + help("enable the 'dns' feature or use a non-WASM target") 170 170 + )] 171 171 + DnsNotConfigured, 172 172 + 173 173 + #[error("failed to fetch lexicon record for {nsid}")] 174 174 + #[diagnostic(code(jacquard::lexicon::fetch_failed))] 175 175 + FetchFailed { nsid: SmolStr }, 176 176 + 177 177 + #[error("failed to parse lexicon schema for {nsid}")] 178 178 + #[diagnostic(code(jacquard::lexicon::parse_failed))] 179 179 + ParseFailed { nsid: SmolStr }, 180 180 + 181 181 + #[error("invalid collection NSID")] 182 182 + #[diagnostic(code(jacquard::lexicon::invalid_collection))] 183 183 + InvalidCollection, 184 184 + 185 185 + #[error("record missing CID for {nsid}")] 186 186 + #[diagnostic(code(jacquard::lexicon::missing_cid))] 187 187 + MissingCID { nsid: SmolStr }, 188 188 + 189 189 + #[error(transparent)] 190 190 + #[diagnostic(code(jacquard::lexicon::identity_resolution_failed))] 191 191 + IdentityResolution(#[from] crate::resolver::IdentityError), 192 192 + } 193 193 + 194 194 + // Implementation on JacquardResolver 195 195 + impl crate::JacquardResolver { 196 196 + /// Resolve lexicon authority via DNS 197 197 + /// 198 198 + /// Queries `_lexicon.{reversed-authority}` for a TXT record containing `did=...` 199 199 + #[cfg(all(feature = "dns", not(target_family = "wasm")))] 200 200 + async fn resolve_lexicon_authority_dns( 201 201 + &self, 202 202 + nsid: &Nsid<'_>, 203 203 + ) -> std::result::Result<Did<'static>, LexiconResolutionError> { 204 204 + let Some(dns) = &self.dns else { 205 205 + return Err(LexiconResolutionError::dns_not_configured()); 206 206 + }; 207 207 + 208 208 + // Extract and reverse authority segments 209 209 + let authority = nsid.domain_authority(); 210 210 + let reversed_authority = authority.split('.').rev().collect::<Vec<_>>().join("."); 211 211 + let fqdn = format!("_lexicon.{}.", reversed_authority); 212 212 + 213 213 + #[cfg(feature = "tracing")] 214 214 + tracing::debug!("resolving lexicon authority via DNS: {}", fqdn); 215 215 + 216 216 + let response = dns 217 217 + .txt_lookup(fqdn) 218 218 + .await 219 219 + .map_err(|e| LexiconResolutionError::dns_lookup_failed(authority, e))?; 220 220 + 221 221 + // Parse TXT records looking for "did=..." 222 222 + for txt in response.iter() { 223 223 + for data in txt.txt_data().iter() { 224 224 + let text = std::str::from_utf8(data).unwrap_or(""); 225 225 + if let Some(did_str) = text.strip_prefix("did=") { 226 226 + return Did::new_owned(did_str) 227 227 + .map(|d| d.into_static()) 228 228 + .map_err(|_| LexiconResolutionError::invalid_did(authority, did_str)); 229 229 + } 230 230 + } 231 231 + } 232 232 + 233 233 + Err(LexiconResolutionError::no_did_found(authority)) 234 234 + } 235 235 + } 236 236 + 237 237 + #[cfg(all(feature = "dns", not(target_family = "wasm")))] 238 238 + impl LexiconAuthorityResolver for crate::JacquardResolver { 239 239 + async fn resolve_lexicon_authority( 240 240 + &self, 241 241 + nsid: &Nsid<'_>, 242 242 + ) -> std::result::Result<Did<'static>, LexiconResolutionError> { 243 243 + self.resolve_lexicon_authority_dns(nsid).await 244 244 + } 245 245 + } 246 246 + 247 247 + #[cfg(not(all(feature = "dns", not(target_family = "wasm"))))] 248 248 + impl LexiconAuthorityResolver for crate::JacquardResolver { 249 249 + async fn resolve_lexicon_authority( 250 250 + &self, 251 251 + _nsid: &Nsid<'_>, 252 252 + ) -> std::result::Result<Did<'static>, LexiconResolutionError> { 253 253 + Err(LexiconResolutionError::dns_not_configured()) 254 254 + } 255 255 + } 256 256 + 257 257 + impl LexiconSchemaResolver for crate::JacquardResolver { 258 258 + async fn resolve_lexicon_schema( 259 259 + &self, 260 260 + nsid: &Nsid<'_>, 261 261 + ) -> std::result::Result<ResolvedLexiconSchema<'static>, LexiconResolutionError> { 262 262 + use jacquard_api::com_atproto::repo::get_record::GetRecord; 263 263 + use jacquard_common::{IntoStatic, xrpc::XrpcExt}; 264 264 + 265 265 + // 1. Resolve authority DID via DNS 266 266 + let authority_did = self.resolve_lexicon_authority(nsid).await?; 267 267 + 268 268 + #[cfg(feature = "tracing")] 269 269 + tracing::debug!( 270 270 + "resolved lexicon authority {} -> {}", 271 271 + nsid.domain_authority(), 272 272 + authority_did 273 273 + ); 274 274 + 275 275 + // 2. Resolve DID document to get PDS endpoint 276 276 + let did_doc_resp = self.resolve_did_doc(&authority_did).await?; 277 277 + let did_doc = did_doc_resp.parse()?; 278 278 + let pds = did_doc 279 279 + .pds_endpoint() 280 280 + .ok_or_else(|| IdentityError::missing_pds_endpoint())?; 281 281 + 282 282 + #[cfg(feature = "tracing")] 283 283 + tracing::debug!("fetching lexicon {} from PDS {}", nsid, pds); 284 284 + 285 285 + // 3. Fetch lexicon record via XRPC getRecord 286 286 + let collection = Nsid::new("com.atproto.lexicon.schema") 287 287 + .map_err(|_| LexiconResolutionError::invalid_collection())?; 288 288 + 289 289 + let request = GetRecord::new() 290 290 + .repo(authority_did.clone()) 291 291 + .collection(collection.into_static()) 292 292 + .rkey(nsid.clone()) 293 293 + .build(); 294 294 + 295 295 + let response = self 296 296 + .xrpc(pds) 297 297 + .send(&request) 298 298 + .await 299 299 + .map_err(|e| LexiconResolutionError::fetch_failed(nsid.as_str(), e))?; 300 300 + 301 301 + let output = response 302 302 + .into_output() 303 303 + .map_err(|e| LexiconResolutionError::fetch_failed(nsid.as_str(), e))?; 304 304 + 305 305 + // 4. Parse lexicon document from value 306 306 + let json_str = serde_json::to_string(&output.value) 307 307 + .map_err(|e| LexiconResolutionError::parse_failed(nsid.as_str(), e))?; 308 308 + 309 309 + let doc: jacquard_lexicon::lexicon::LexiconDoc = serde_json::from_str(&json_str) 310 310 + .map_err(|e| LexiconResolutionError::parse_failed(nsid.as_str(), e))?; 311 311 + 312 312 + #[cfg(feature = "tracing")] 313 313 + tracing::debug!("successfully parsed lexicon schema {}", nsid); 314 314 + 315 315 + let cid = output 316 316 + .cid 317 317 + .ok_or_else(|| LexiconResolutionError::missing_cid(nsid.as_str()))? 318 318 + .into_static(); 319 319 + 320 320 + Ok(ResolvedLexiconSchema { 321 321 + nsid: nsid.clone().into_static(), 322 322 + repo: authority_did.into_static(), 323 323 + cid, 324 324 + doc: doc.into_static(), 325 325 + }) 326 326 + } 327 327 + }

+1

crates/jacquard-identity/src/lib.rs

··· 68 68 // use crate::CowStr; // not currently needed directly here 69 69 70 70 #![cfg_attr(target_arch = "wasm32", allow(unused))] 71 71 + pub mod lexicon_resolver; 71 72 pub mod resolver; 72 73 73 74 use crate::resolver::{

+7 -1

crates/jacquard-lexgen/Cargo.toml

··· 23 23 name = "extract-schemas" 24 24 path = "src/bin/extract_schemas.rs" 25 25 26 26 + [[example]] 27 27 + name = "extract_inventory" 28 28 + path = "../../examples/extract_inventory.rs" 29 29 + required-features = ["codegen"] 30 30 + 31 31 + 26 32 [dependencies] 27 33 clap.workspace = true 28 34 glob = "0.3" ··· 30 36 jacquard-api = { version = "0.8", path = "../jacquard-api", default-features = false, features = [ "minimal" ] } 31 37 jacquard-common = { version = "0.8", features = [ "reqwest-client" ], path = "../jacquard-common" } 32 38 jacquard-derive = { version = "0.8", path = "../jacquard-derive" } 33 33 - jacquard-identity = { version = "0.8", path = "../jacquard-identity" } 39 39 + jacquard-identity = { version = "0.8", path = "../jacquard-identity", features = ["dns"] } 34 40 jacquard-lexicon = { version = "0.8", path = "../jacquard-lexicon" } 35 41 kdl = "6" 36 42 miette = { workspace = true, features = ["fancy"] }

crates/jacquard-lexgen/examples/extract_inventory.rs examples/extract_inventory.rs

+5

crates/jacquard-lexgen/lexicons.kdl.example

··· 20 20 pattern "lexicons/**/*.json" 21 21 } 22 22 23 23 + // Fetch a single lexicon by NSID - will use DNS to resolve authority 24 24 + source "bsky-post" type="atproto" priority=30 { 25 25 + endpoint "app.bsky.feed.post" 26 26 + } 27 27 + 23 28 // Fetch lexicons from a Git repository 24 29 source "my-lexicons" type="git" priority=100 { 25 30 repo "https://github.com/example/my-lexicons"

+25 -2

crates/jacquard-lexgen/src/fetch/sources/atproto.rs

··· 5 5 use jacquard_common::xrpc::XrpcExt; 6 6 use jacquard_common::{CowStr, IntoStatic}; 7 7 use jacquard_identity::JacquardResolver; 8 8 + use jacquard_identity::lexicon_resolver::LexiconSchemaResolver; 8 9 use jacquard_identity::resolver::{IdentityResolver, ResolverOptions}; 9 10 use jacquard_lexicon::lexicon::LexiconDoc; 10 11 use miette::{Result, miette}; ··· 17 18 } 18 19 19 20 impl AtProtoSource { 21 21 + /// Fetch a single lexicon schema by NSID using DNS + XRPC resolution 22 22 + async fn fetch_single_lexicon( 23 23 + &self, 24 24 + resolver: &JacquardResolver, 25 25 + nsid: &Nsid<'_>, 26 26 + ) -> Result<HashMap<String, LexiconDoc<'_>>> { 27 27 + let schema = resolver 28 28 + .resolve_lexicon_schema(nsid) 29 29 + .await 30 30 + .map_err(|e| miette!("Failed to resolve lexicon '{}': {}", nsid, e))?; 31 31 + 32 32 + let mut lexicons = HashMap::new(); 33 33 + lexicons.insert(schema.nsid.to_string(), schema.doc); 34 34 + 35 35 + Ok(lexicons) 36 36 + } 37 37 + 20 38 fn parse_lexicon_record(record_data: &Record<'_>) -> Option<LexiconDoc<'static>> { 21 39 // // Extract the 'value' field from the record 22 40 // let value = match record_data { ··· 46 64 impl LexiconSource for AtProtoSource { 47 65 async fn fetch(&self) -> Result<HashMap<String, LexiconDoc<'_>>> { 48 66 let http = reqwest::Client::new(); 49 49 - let resolver = JacquardResolver::new(http, ResolverOptions::default()); 67 67 + let resolver = JacquardResolver::new_dns(http.clone(), ResolverOptions::default()); 68 68 + 69 69 + // Try parsing as NSID first (for single lexicon fetch) 70 70 + if let Ok(nsid) = Nsid::new(&self.endpoint) { 71 71 + return self.fetch_single_lexicon(&resolver, &nsid).await; 72 72 + } 50 73 51 51 - // Parse endpoint as at-identifier (handle or DID) 74 74 + // Otherwise parse as at-identifier (handle or DID) for bulk fetch 52 75 let identifier = AtIdentifier::new(&self.endpoint) 53 76 .map_err(|e| miette!("Invalid endpoint '{}': {}", self.endpoint, e))?; 54 77

+57

examples/resolve_lexicon.rs

··· 1 1 + //! Example demonstrating lexicon schema resolution via DNS + XRPC 2 2 + //! 3 3 + //! Run with: cargo run --example resolve_lexicon --features dns 4 4 + 5 5 + use jacquard_common::types::string::Nsid; 6 6 + use jacquard_identity::{ 7 7 + JacquardResolver, 8 8 + lexicon_resolver::{LexiconAuthorityResolver, LexiconSchemaResolver}, 9 9 + resolver::ResolverOptions, 10 10 + }; 11 11 + 12 12 + #[tokio::main] 13 13 + async fn main() -> miette::Result<()> { 14 14 + // Set up resolver with DNS enabled 15 15 + let http = reqwest::Client::new(); 16 16 + let opts = ResolverOptions::default(); 17 17 + let resolver = JacquardResolver::new_dns(http, opts); 18 18 + 19 19 + // Test NSID - using app.bsky.feed.post as a known lexicon 20 20 + let nsid = 21 21 + Nsid::new("app.bsky.feed.post").map_err(|e| miette::miette!("invalid NSID: {}", e))?; 22 22 + 23 23 + println!("Resolving lexicon for: {}", nsid); 24 24 + println!(); 25 25 + println!("Resolving authority via DNS..."); 26 26 + match resolver.resolve_lexicon_authority(&nsid).await { 27 27 + Ok(did) => { 28 28 + println!("Authority DID: {}", did); 29 29 + } 30 30 + Err(e) => { 31 31 + eprintln!("Failed to resolve authority: {:?}", e); 32 32 + return Err(e.into()); 33 33 + } 34 34 + } 35 35 + 36 36 + println!(); 37 37 + println!("Fetching full lexicon schema..."); 38 38 + match resolver.resolve_lexicon_schema(&nsid).await { 39 39 + Ok(schema) => { 40 40 + println!("Successfully fetched schema"); 41 41 + println!(" NSID: {}", schema.nsid); 42 42 + println!(" Repo: {}", schema.repo); 43 43 + println!(" CID: {}", schema.cid); 44 44 + println!(" Doc ID: {}", schema.doc.id); 45 45 + println!( 46 46 + "\nSchema:\n{}", 47 47 + serde_json::to_string_pretty(&schema.doc).unwrap() 48 48 + ) 49 49 + } 50 50 + Err(e) => { 51 51 + eprintln!("Failed to resolve schema: {:?}", e); 52 52 + return Err(e.into()); 53 53 + } 54 54 + } 55 55 + 56 56 + Ok(()) 57 57 + }