Add firehose commit verification and advanced consumer features #27

New issue

Closed

opened 2026-04-12 17:29:41 +00:00 by Grandiras · 0 comments

Grandiras commented

2026-04-12 17:29:41 +00:00

Owner

Summary

The AT Protocol firehose delivers repository commits with embedded CAR data. To fully verify this data, consumers need to validate MST proofs, verify commit signatures against DID documents, and handle all event types properly. ATProto.NET's firehose consumer currently parses frames but doesn't verify commit authenticity.

What's needed

Commit Verification

Signature verification on commits - Verify the sig field on commit objects:
- Serialize unsigned commit as DRISL-CBOR
- SHA-256 hash the bytes
- Verify ECDSA signature against account's signing key from DID document
- Support both P-256 and K-256 keys
MST proof verification - Verify that commit operations are consistent with the MST diff
CID verification - Verify that block CIDs match their content

Identity Verification

Handle verification on #identity events - Bidirectional handle↔DID verification
DID document refresh - Fetch and cache DID documents for signature verification

Missing Event Types

#sync event type - New in Sync v1.1, for large repo updates that don't fit in a commit message
Proper #account event handling - Account status changes with all new status types

Advanced Consumer Features

Collection filtering - Client-side filtering by collection type (currently no filtering support)
Partitioned processing - Process events from different repos concurrently while maintaining per-repo ordering
Persistent cursor storage - Interface for storing last-processed cursor for reliable resume

Context

From the @atproto/sync reference implementation:

"On Commit events, the firehose will verify signatures and repo proofs to ensure that the event is authentic."

The ATProto.NET FirehoseClient has reconnection and cursor management but lacks data authenticity verification.

## Summary The AT Protocol firehose delivers repository commits with embedded CAR data. To fully verify this data, consumers need to validate MST proofs, verify commit signatures against DID documents, and handle all event types properly. ATProto.NET's firehose consumer currently parses frames but doesn't verify commit authenticity. ## What's needed ### Commit Verification 1. **Signature verification on commits** - Verify the `sig` field on commit objects: - Serialize unsigned commit as DRISL-CBOR - SHA-256 hash the bytes - Verify ECDSA signature against account's signing key from DID document - Support both P-256 and K-256 keys 2. **MST proof verification** - Verify that commit operations are consistent with the MST diff 3. **CID verification** - Verify that block CIDs match their content ### Identity Verification 4. **Handle verification on `#identity` events** - Bidirectional handle↔DID verification 5. **DID document refresh** - Fetch and cache DID documents for signature verification ### Missing Event Types 6. **`#sync` event type** - New in Sync v1.1, for large repo updates that don't fit in a commit message 7. **Proper `#account` event handling** - Account status changes with all new status types ### Advanced Consumer Features 8. **Collection filtering** - Client-side filtering by collection type (currently no filtering support) 9. **Partitioned processing** - Process events from different repos concurrently while maintaining per-repo ordering 10. **Persistent cursor storage** - Interface for storing last-processed cursor for reliable resume ## Context From the `@atproto/sync` reference implementation: > "On Commit events, the firehose will verify signatures and repo proofs to ensure that the event is authentic." The ATProto.NET `FirehoseClient` has reconnection and cursor management but lacks data authenticity verification.