feat: end-to-end repo verification · zat.dev/zat@5a70d8d

atproto utils for zig zat.dev

atproto sdk zig

feat: end-to-end repo verification

verifyRepo(allocator, identifier) exercises the full AT Protocol trust chain:
handle → DID → DID doc → signing key → fetch repo → verify commit sig → walk MST → rebuild → CID match

integration tests against zzstoatzz.io (self-hosted PDS) and pfrazee.com (bsky.network PDS)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

zzstoatzz.io 3 weeks ago 5a70d8d4 caff093c

+256

2 changed files

expand all

src

internal

repo

repo_verifier.zig

root.zig

+250

src/internal/repo/repo_verifier.zig

··· 1 + //! end-to-end repo verification 2 + //! 3 + //! exercises the full AT Protocol trust chain: 4 + //! handle → DID → DID document → signing key 5 + //! ↓ 6 + //! repo CAR → commit → signature ← verified against key 7 + //! ↓ 8 + //! MST root CID → walk nodes → rebuild tree → CID match 9 + 10 + const std = @import("std"); 11 + const Allocator = std.mem.Allocator; 12 + 13 + const Did = @import("../syntax/did.zig").Did; 14 + const Handle = @import("../syntax/handle.zig").Handle; 15 + const DidDocument = @import("../identity/did_document.zig").DidDocument; 16 + const DidResolver = @import("../identity/did_resolver.zig").DidResolver; 17 + const HandleResolver = @import("../identity/handle_resolver.zig").HandleResolver; 18 + const HttpTransport = @import("../xrpc/transport.zig").HttpTransport; 19 + const multibase = @import("../crypto/multibase.zig"); 20 + const multicodec = @import("../crypto/multicodec.zig"); 21 + const jwt = @import("../crypto/jwt.zig"); 22 + const cbor = @import("cbor.zig"); 23 + const car = @import("car.zig"); 24 + const mst = @import("mst.zig"); 25 + 26 + pub const VerifyResult = struct { 27 + did: []const u8, 28 + handle: []const u8, 29 + signing_key_type: multicodec.KeyType, 30 + commit_rev: []const u8, 31 + commit_version: i64, 32 + record_count: usize, 33 + }; 34 + 35 + pub const VerifyError = error{ 36 + InvalidIdentifier, 37 + SigningKeyNotFound, 38 + PdsEndpointNotFound, 39 + NoRootsInCar, 40 + CommitBlockNotFound, 41 + InvalidCommit, 42 + SignatureNotFound, 43 + MstRootMismatch, 44 + FetchFailed, 45 + } || Allocator.Error; 46 + 47 + /// verify a repo end-to-end: resolve identity, fetch repo, verify commit signature, walk and rebuild MST. 48 + pub fn verifyRepo(caller_alloc: Allocator, identifier: []const u8) !VerifyResult { 49 + var arena = std.heap.ArenaAllocator.init(caller_alloc); 50 + defer arena.deinit(); 51 + const allocator = arena.allocator(); 52 + 53 + // 1. resolve identifier to DID 54 + const did_str = if (Did.parse(identifier) != null) 55 + identifier 56 + else blk: { 57 + const handle = Handle.parse(identifier) orelse return error.InvalidIdentifier; 58 + var resolver = HandleResolver.init(allocator); 59 + defer resolver.deinit(); 60 + break :blk try resolver.resolve(handle); 61 + }; 62 + 63 + const did = Did.parse(did_str) orelse return error.InvalidIdentifier; 64 + 65 + // 2. resolve DID → DID document 66 + var did_resolver = DidResolver.init(allocator); 67 + defer did_resolver.deinit(); 68 + var did_doc = try did_resolver.resolve(did); 69 + defer did_doc.deinit(); 70 + 71 + // 3. extract signing key 72 + const signing_vm = did_doc.signingKey() orelse return error.SigningKeyNotFound; 73 + const key_bytes = try multibase.decode(allocator, signing_vm.public_key_multibase); 74 + const public_key = try multicodec.parsePublicKey(key_bytes); 75 + 76 + // 4. extract PDS endpoint 77 + const pds_endpoint = did_doc.pdsEndpoint() orelse return error.PdsEndpointNotFound; 78 + 79 + // 5. fetch repo CAR 80 + const car_bytes = try fetchRepo(allocator, pds_endpoint, did_str); 81 + 82 + // 6. parse CAR 83 + const repo_car = car.read(allocator, car_bytes) catch return error.InvalidCommit; 84 + if (repo_car.roots.len == 0) return error.NoRootsInCar; 85 + 86 + // 7. find commit block 87 + const commit_data = car.findBlock(repo_car, repo_car.roots[0].raw) orelse return error.CommitBlockNotFound; 88 + 89 + // 8. decode commit 90 + const commit = cbor.decodeAll(allocator, commit_data) catch return error.InvalidCommit; 91 + const commit_did = commit.getString("did") orelse return error.InvalidCommit; 92 + const commit_version = commit.getInt("version") orelse return error.InvalidCommit; 93 + const commit_rev = commit.getString("rev") orelse return error.InvalidCommit; 94 + const sig_bytes = commit.getBytes("sig") orelse return error.SignatureNotFound; 95 + 96 + const data_cid_value = commit.get("data") orelse return error.InvalidCommit; 97 + const data_cid = switch (data_cid_value) { 98 + .cid => |c| c, 99 + else => return error.InvalidCommit, 100 + }; 101 + 102 + // sanity: commit DID matches resolved DID 103 + if (!std.mem.eql(u8, commit_did, did_str)) return error.InvalidCommit; 104 + 105 + // 9. verify signature: encode unsigned commit, then verify 106 + const unsigned_commit_bytes = try encodeUnsignedCommit(allocator, commit); 107 + switch (public_key.key_type) { 108 + .p256 => try jwt.verifyP256(unsigned_commit_bytes, sig_bytes, public_key.raw), 109 + .secp256k1 => try jwt.verifySecp256k1(unsigned_commit_bytes, sig_bytes, public_key.raw), 110 + } 111 + 112 + // 10. walk MST — collect all (key, value_cid) pairs 113 + var records: std.ArrayList(MstRecord) = .{}; 114 + try walkMst(allocator, repo_car, data_cid.raw, &records); 115 + 116 + // 11. rebuild MST and compare root CID 117 + var tree = mst.Mst.init(allocator); 118 + for (records.items) |record| { 119 + try tree.put(record.key, record.value); 120 + } 121 + const rebuilt_root = try tree.rootCid(); 122 + 123 + if (!std.mem.eql(u8, rebuilt_root.raw, data_cid.raw)) { 124 + return error.MstRootMismatch; 125 + } 126 + 127 + // build result — dupe strings to caller's allocator so they survive arena cleanup 128 + return VerifyResult{ 129 + .did = try caller_alloc.dupe(u8, did_str), 130 + .handle = try caller_alloc.dupe(u8, did_doc.handle() orelse identifier), 131 + .signing_key_type = public_key.key_type, 132 + .commit_rev = try caller_alloc.dupe(u8, commit_rev), 133 + .commit_version = commit_version, 134 + .record_count = records.items.len, 135 + }; 136 + } 137 + 138 + const MstRecord = struct { 139 + key: []const u8, 140 + value: cbor.Cid, 141 + }; 142 + 143 + /// fetch a repo CAR from a PDS endpoint 144 + fn fetchRepo(allocator: Allocator, pds_endpoint: []const u8, did_str: []const u8) ![]u8 { 145 + var transport = HttpTransport.init(allocator); 146 + defer transport.deinit(); 147 + 148 + // build URL: {pds}/xrpc/com.atproto.sync.getRepo?did={did} 149 + const url = try std.fmt.allocPrint(allocator, "{s}/xrpc/com.atproto.sync.getRepo?did={s}", .{ pds_endpoint, did_str }); 150 + 151 + const result = transport.fetch(.{ .url = url }) catch return error.FetchFailed; 152 + if (result.status != .ok) return error.FetchFailed; 153 + return result.body; 154 + } 155 + 156 + /// encode a commit value without the "sig" field (for signature verification) 157 + fn encodeUnsignedCommit(allocator: Allocator, commit: cbor.Value) ![]u8 { 158 + const entries = switch (commit) { 159 + .map => |m| m, 160 + else => return error.InvalidCommit, 161 + }; 162 + 163 + // filter out "sig", keep everything else 164 + var unsigned_entries: std.ArrayList(cbor.Value.MapEntry) = .{}; 165 + for (entries) |entry| { 166 + if (!std.mem.eql(u8, entry.key, "sig")) { 167 + try unsigned_entries.append(allocator, entry); 168 + } 169 + } 170 + 171 + const unsigned_value: cbor.Value = .{ .map = unsigned_entries.items }; 172 + return cbor.encodeAlloc(allocator, unsigned_value); 173 + } 174 + 175 + /// recursively walk MST nodes, collecting all (key, value_cid) pairs. 176 + /// inverse of mst.serializeNode — decompresses prefix-compressed keys. 177 + fn walkMst(allocator: Allocator, repo_car: car.Car, node_cid_raw: []const u8, records: *std.ArrayList(MstRecord)) !void { 178 + const block_data = car.findBlock(repo_car, node_cid_raw) orelse return; 179 + const node = cbor.decodeAll(allocator, block_data) catch return; 180 + 181 + // recurse into left subtree first (sorted order) 182 + if (node.get("l")) |left_val| { 183 + switch (left_val) { 184 + .cid => |left_cid| try walkMst(allocator, repo_car, left_cid.raw, records), 185 + else => {}, 186 + } 187 + } 188 + 189 + // walk entries with prefix decompression 190 + const entries_arr = node.getArray("e") orelse return; 191 + var prev_key: []const u8 = ""; 192 + 193 + for (entries_arr) |entry_val| { 194 + const p = entry_val.getInt("p") orelse continue; 195 + const prefix_len: usize = @intCast(p); 196 + const k = entry_val.getBytes("k") orelse continue; 197 + 198 + // reconstruct full key: prev_key[0..prefix_len] ++ k 199 + const full_key = try std.mem.concat(allocator, u8, &.{ prev_key[0..prefix_len], k }); 200 + prev_key = full_key; 201 + 202 + // collect value CID 203 + if (entry_val.get("v")) |v| { 204 + switch (v) { 205 + .cid => |value_cid| try records.append(allocator, .{ .key = full_key, .value = value_cid }), 206 + else => {}, 207 + } 208 + } 209 + 210 + // recurse into right subtree (between entries) 211 + if (entry_val.get("t")) |t| { 212 + switch (t) { 213 + .cid => |tree_cid| try walkMst(allocator, repo_car, tree_cid.raw, records), 214 + else => {}, 215 + } 216 + } 217 + } 218 + } 219 + 220 + // === tests === 221 + 222 + test "verify repo - zzstoatzz.io" { 223 + // did:plc:xbtmt2zjwlrfegqvch7fboei on pds.zzstoatzz.io (self-hosted PDS) 224 + var arena = std.heap.ArenaAllocator.init(std.testing.allocator); 225 + defer arena.deinit(); 226 + 227 + const result = verifyRepo(arena.allocator(), "zzstoatzz.io") catch |err| { 228 + std.debug.print("network error (expected in CI): {}\n", .{err}); 229 + return; 230 + }; 231 + 232 + try std.testing.expectEqualStrings("did:plc:xbtmt2zjwlrfegqvch7fboei", result.did); 233 + try std.testing.expect(result.record_count > 0); 234 + std.debug.print("verified zzstoatzz.io: {d} records, rev={s}\n", .{ result.record_count, result.commit_rev }); 235 + } 236 + 237 + test "verify repo - pfrazee.com" { 238 + // did:plc:ragtjsm2j2vknwkz3zp4oxrd on bsky.network (bluesky-hosted PDS) 239 + var arena = std.heap.ArenaAllocator.init(std.testing.allocator); 240 + defer arena.deinit(); 241 + 242 + const result = verifyRepo(arena.allocator(), "pfrazee.com") catch |err| { 243 + std.debug.print("network error (expected in CI): {}\n", .{err}); 244 + return; 245 + }; 246 + 247 + try std.testing.expectEqualStrings("did:plc:ragtjsm2j2vknwkz3zp4oxrd", result.did); 248 + try std.testing.expect(result.record_count > 0); 249 + std.debug.print("verified pfrazee.com: {d} records, rev={s}\n", .{ result.record_count, result.commit_rev }); 250 + }

src/root.zig

··· 32 32 pub const cbor = @import("internal/repo/cbor.zig"); 33 33 pub const car = @import("internal/repo/car.zig"); 34 34 35 + // repo verification 36 + pub const repo_verifier = @import("internal/repo/repo_verifier.zig"); 37 + pub const verifyRepo = repo_verifier.verifyRepo; 38 + pub const VerifyResult = repo_verifier.VerifyResult; 39 + 35 40 // sync / streaming 36 41 const sync = @import("internal/streaming/sync.zig"); 37 42 pub const CommitAction = sync.CommitAction; ··· 52 57 comptime { 53 58 if (@import("builtin").is_test) { 54 59 _ = @import("internal/testing/interop_tests.zig"); 60 + _ = @import("internal/repo/repo_verifier.zig"); 55 61 } 56 62 }