feat(pds): implement lexicon validation for mutation endpoints (#15)

* feat(pds): implement lexicon validation for mutation endpoints

Adds record schema validation to createRecord, putRecord, and applyWrites
endpoints using @atproto/lexicon package.

Implementation:
- Created RecordValidator class with optimistic validation strategy
- Validates records against lexicon schemas when available
- Fails open for unknown schemas (allows new/custom record types)
- Supports both strict and optimistic validation modes
- Schemas can be added dynamically via validator.addSchema()

Changes:
- New file: packages/pds/src/validation.ts - Core validation module
- New file: packages/pds/test/validation.test.ts - 8 validation tests
- Modified: packages/pds/src/xrpc/repo.ts - Added validation to mutations
- Modified: EDGE_PDS_PLAN.md - Documented validation implementation

All tests passing (81 total).

* feat(pds): load official Bluesky lexicon schemas for validation

Replaces empty validator with actual schema validation using official
Bluesky lexicon JSON files vendored from the atproto repository.

Changes:
- Added update-lexicons.sh script to fetch official schemas from GitHub
- Vendored 16 lexicon schemas (core, feed, actor, graph, richtext, embed)
- Updated validation.ts to load all schemas with proper dependencies
- Added 11 Bluesky-specific validation tests (all passing)
- Tree-shakeable: only JSON files imported, no large dependencies

Schemas loaded:
- Core: com.atproto.repo.strongRef, com.atproto.label.defs
- Feed: app.bsky.feed.{post, like, repost, threadgate}
- Actor: app.bsky.actor.profile
- Graph: app.bsky.graph.{follow, block, list, listitem}
- Richtext: app.bsky.richtext.facet
- Embed: app.bsky.embed.{images, external, record, recordWithMedia}

All 19 tests passing (8 validation tests + 11 Bluesky tests).

* refactor(pds): simplify update-lexicons script

- Use array to define schemas instead of repetitive curl commands
- Single loop to fetch all schemas
- Better error handling with -fsSL flags
- Easier to add new schemas - just add one line to array

* refactor(pds): use Vite glob import to load lexicon schemas

- Replaced 16+ manual imports with single import.meta.glob()
- Automatically loads all .json files from ./lexicons/
- No code changes needed when adding new schemas
- Cleaner, more maintainable code

From 50+ lines of imports to 5 lines with glob.

* fix(pds): add $type field to test records for lexicon validation

Tests were failing because createRecord calls were missing the $type
field, which is now required for records with known lexicon schemas.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* ci: add weekly workflow to update lexicon schemas

Runs every Monday at 9am UTC and opens a PR if schemas have changed.
Can also be triggered manually via workflow_dispatch.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* chore(pds): typing improvements and dependency cleanup

- Use LexiconDoc type instead of any in validation.ts
- Add vite/client types to tsconfig for import.meta.glob
- Format firehose test and add proper sequencer typing
- Remove unused echo from update-lexicons script
- Remove unused dependencies from lockfile

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude <noreply@anthropic.com>

Author: ascorbic

.github/workflows/update-lexicons.yml

@@ -0,0 +1,28 @@
+name: Update Lexicons
+on:
+  schedule:
+    # Run weekly on Mondays at 9am UTC
+    - cron: "0 9 * * 1"
+  workflow_dispatch: # Allow manual trigger
+jobs:
+  update-lexicons:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+      - name: Update lexicon schemas
+        run: ./packages/pds/scripts/update-lexicons.sh
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v8
+        with:
+          commit-message: "chore(pds): update lexicon schemas"
+          title: "chore(pds): update lexicon schemas"
+          body: |
+            Automated update of Bluesky lexicon schemas from the official atproto repository.
+
+            This PR was created automatically by the weekly lexicon update workflow.
+          branch: chore/update-lexicons
+          delete-branch: true

EDGE_PDS_PLAN.md

@@ -47,12 +47,13 @@ Build a single-user AT Protocol Personal Data Server (PDS) on Cloudflare Workers
   - `com.atproto.sync.getBlob` endpoint (public read access)
   - Direct R2 access in endpoint (R2ObjectBody cannot be serialized across RPC)
   - Blobs stored with DID prefix for isolation
-- ✅ **Testing** - Migrated to vitest 4, all 73 tests passing
+- ✅ **Testing** - Migrated to vitest 4, all 81 tests passing
   - 16 storage tests
   - 26 XRPC tests (auth, concurrency, error handling, CAR validation)
   - 6 firehose tests (event sequencing, cursor validation, backfill)
   - 10 blob tests (upload, retrieval, size limits, content types)
   - 15 session tests (login, refresh, getSession, JWT validation)
+  - 8 validation tests (optimistic mode, strict mode, schema enforcement)
 - ✅ **TypeScript** - All diagnostic errors resolved, proper type declarations for cloudflare:test
 - ✅ **Protocol Helpers** - All protocol operations use official @atproto utilities
   - Record keys: `TID.nextStr()` from `@atproto/common-web`
@@ -75,6 +76,12 @@ Build a single-user AT Protocol Personal Data Server (PDS) on Cloudflare Workers
   - bcrypt password hashing with `bcryptjs`
   - Auth middleware accepts both static `AUTH_TOKEN` and JWT access tokens
   - 15 new tests for session endpoints
+- ✅ **Lexicon Validation** - Record schema validation for mutation endpoints
+  - `RecordValidator` class using `@atproto/lexicon` package
+  - Optimistic validation strategy (fail-open): validates if schema is loaded, allows unknown collections
+  - Integrated into `createRecord`, `putRecord`, and `applyWrites` endpoints
+  - Schemas can be added dynamically via `validator.addSchema()`
+  - 8 validation tests covering optimistic mode, strict mode, and schema enforcement
 
 ### Not Started
 
@@ -163,13 +170,12 @@ for (const [cidStr, bytes] of internalMap) { ... }
 
 ### Components We Will DEFER
 
-| Component          | Reason                                     |
-| ------------------ | ------------------------------------------ |
-| OAuth Provider     | Complex, not needed for single-user MVP    |
-| Lexicon Validation | Can add later, not required for federation |
-| Rate Limiting      | Single user, not needed for MVP            |
-| Account Migration  | Complex, post-MVP feature                  |
-| Labelling          | AppView concern, not PDS                   |
+| Component         | Reason                                  |
+| ----------------- | --------------------------------------- |
+| OAuth Provider    | Complex, not needed for single-user MVP |
+| Rate Limiting     | Single user, not needed for MVP         |
+| Account Migration | Complex, post-MVP feature               |
+| Labelling         | AppView concern, not PDS                |
 
 ---
 

packages/pds/scripts/update-lexicons.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+#
+# Update lexicon schemas from the official Bluesky atproto repository
+#
+
+set -e
+
+LEXICONS_DIR="$(cd "$(dirname "$0")/../src/lexicons" && pwd)"
+REPO_BASE="https://raw.githubusercontent.com/bluesky-social/atproto/main/lexicons"
+
+echo "Updating lexicon schemas in: $LEXICONS_DIR"
+mkdir -p "$LEXICONS_DIR"
+cd "$LEXICONS_DIR"
+
+# Define schemas to fetch (namespace/name format)
+schemas=(
+  # Core AT Proto schemas
+  "com/atproto/repo/strongRef"
+  "com/atproto/label/defs"
+
+  # Feed schemas
+  "app/bsky/feed/post"
+  "app/bsky/feed/like"
+  "app/bsky/feed/repost"
+  "app/bsky/feed/threadgate"
+
+  # Actor schemas
+  "app/bsky/actor/profile"
+
+  # Graph schemas
+  "app/bsky/graph/follow"
+  "app/bsky/graph/block"
+  "app/bsky/graph/list"
+  "app/bsky/graph/listitem"
+
+  # Richtext schemas
+  "app/bsky/richtext/facet"
+
+  # Embed schemas
+  "app/bsky/embed/images"
+  "app/bsky/embed/external"
+  "app/bsky/embed/record"
+  "app/bsky/embed/recordWithMedia"
+)
+
+# Fetch each schema
+echo "Fetching ${#schemas[@]} schemas..."
+for schema in "${schemas[@]}"; do
+  # Convert path to NSID (e.g., com/atproto/repo/strongRef -> com.atproto.repo.strongRef)
+  nsid="${schema//\//.}"
+  file="${nsid}.json"
+
+  echo "  → ${nsid}"
+  if ! curl -fsSL "$REPO_BASE/${schema}.json" -o "$file"; then
+    echo "    ✗ Failed to fetch ${nsid}" >&2
+    exit 1
+  fi
+done
+
+echo ""
+echo "✓ Successfully fetched ${#schemas[@]} lexicon schemas!"
+echo ""

packages/pds/src/lexicons/app.bsky.actor.profile.json

@@ -0,0 +1,60 @@
+{
+  "lexicon": 1,
+  "id": "app.bsky.actor.profile",
+  "defs": {
+    "main": {
+      "type": "record",
+      "description": "A declaration of a Bluesky account profile.",
+      "key": "literal:self",
+      "record": {
+        "type": "object",
+        "properties": {
+          "displayName": {
+            "type": "string",
+            "maxGraphemes": 64,
+            "maxLength": 640
+          },
+          "description": {
+            "type": "string",
+            "description": "Free-form profile description text.",
+            "maxGraphemes": 256,
+            "maxLength": 2560
+          },
+          "pronouns": {
+            "type": "string",
+            "description": "Free-form pronouns text.",
+            "maxGraphemes": 20,
+            "maxLength": 200
+          },
+          "website": { "type": "string", "format": "uri" },
+          "avatar": {
+            "type": "blob",
+            "description": "Small image to be displayed next to posts from account. AKA, 'profile picture'",
+            "accept": ["image/png", "image/jpeg"],
+            "maxSize": 1000000
+          },
+          "banner": {
+            "type": "blob",
+            "description": "Larger horizontal image to display behind profile view.",
+            "accept": ["image/png", "image/jpeg"],
+            "maxSize": 1000000
+          },
+          "labels": {
+            "type": "union",
+            "description": "Self-label values, specific to the Bluesky application, on the overall account.",
+            "refs": ["com.atproto.label.defs#selfLabels"]
+          },
+          "joinedViaStarterPack": {
+            "type": "ref",
+            "ref": "com.atproto.repo.strongRef"
+          },
+          "pinnedPost": {
+            "type": "ref",
+            "ref": "com.atproto.repo.strongRef"
+          },
+          "createdAt": { "type": "string", "format": "datetime" }
+        }
+      }
+    }
+  }
+}

packages/pds/src/lexicons/app.bsky.embed.external.json

@@ -0,0 +1,51 @@
+{
+  "lexicon": 1,
+  "id": "app.bsky.embed.external",
+  "defs": {
+    "main": {
+      "type": "object",
+      "description": "A representation of some externally linked content (eg, a URL and 'card'), embedded in a Bluesky record (eg, a post).",
+      "required": ["external"],
+      "properties": {
+        "external": {
+          "type": "ref",
+          "ref": "#external"
+        }
+      }
+    },
+    "external": {
+      "type": "object",
+      "required": ["uri", "title", "description"],
+      "properties": {
+        "uri": { "type": "string", "format": "uri" },
+        "title": { "type": "string" },
+        "description": { "type": "string" },
+        "thumb": {
+          "type": "blob",
+          "accept": ["image/*"],
+          "maxSize": 1000000
+        }
+      }
+    },
+    "view": {
+      "type": "object",
+      "required": ["external"],
+      "properties": {
+        "external": {
+          "type": "ref",
+          "ref": "#viewExternal"
+        }
+      }
+    },
+    "viewExternal": {
+      "type": "object",
+      "required": ["uri", "title", "description"],
+      "properties": {
+        "uri": { "type": "string", "format": "uri" },
+        "title": { "type": "string" },
+        "description": { "type": "string" },
+        "thumb": { "type": "string", "format": "uri" }
+      }
+    }
+  }
+}

packages/pds/src/lexicons/app.bsky.embed.images.json

@@ -0,0 +1,72 @@
+{
+  "lexicon": 1,
+  "id": "app.bsky.embed.images",
+  "description": "A set of images embedded in a Bluesky record (eg, a post).",
+  "defs": {
+    "main": {
+      "type": "object",
+      "required": ["images"],
+      "properties": {
+        "images": {
+          "type": "array",
+          "items": { "type": "ref", "ref": "#image" },
+          "maxLength": 4
+        }
+      }
+    },
+    "image": {
+      "type": "object",
+      "required": ["image", "alt"],
+      "properties": {
+        "image": {
+          "type": "blob",
+          "accept": ["image/*"],
+          "maxSize": 1000000
+        },
+        "alt": {
+          "type": "string",
+          "description": "Alt text description of the image, for accessibility."
+        },
+        "aspectRatio": {
+          "type": "ref",
+          "ref": "app.bsky.embed.defs#aspectRatio"
+        }
+      }
+    },
+    "view": {
+      "type": "object",
+      "required": ["images"],
+      "properties": {
+        "images": {
+          "type": "array",
+          "items": { "type": "ref", "ref": "#viewImage" },
+          "maxLength": 4
+        }
+      }
+    },
+    "viewImage": {
+      "type": "object",
+      "required": ["thumb", "fullsize", "alt"],
+      "properties": {
+        "thumb": {
+          "type": "string",
+          "format": "uri",
+          "description": "Fully-qualified URL where a thumbnail of the image can be fetched. For example, CDN location provided by the App View."
+        },
+        "fullsize": {
+          "type": "string",
+          "format": "uri",
+          "description": "Fully-qualified URL where a large version of the image can be fetched. May or may not be the exact original blob. For example, CDN location provided by the App View."
+        },
+        "alt": {
+          "type": "string",
+          "description": "Alt text description of the image, for accessibility."
+        },
+        "aspectRatio": {
+          "type": "ref",
+          "ref": "app.bsky.embed.defs#aspectRatio"
+        }
+      }
+    }
+  }
+}