···1313- `com.atproto.server.getAccountInviteCodes` lists codes owned by the current
1414 account and their recorded uses.
15151616-Admin code creation is restricted by `ZDS_INVITE_ADMIN_DIDS`. That is ZDS's
1717-local admin boundary; the official PDS uses its admin-token verifier, while
1818-Tranquil routes invite administration through its own infra/user store traits.
1616+Admin code creation requires `Authorization: Bearer $ZDS_ADMIN_TOKEN`, matching
1717+the official PDS admin-token boundary. Tranquil routes invite administration
1818+through its own infra/user store traits, but it is still privileged
1919+infrastructure behavior rather than normal account auth.
19202021## storage
2122···4647requests cannot both consume a one-use code.
47484849When invite-required mode starts against an empty database, ZDS creates one
4949-bootstrap code and logs it. After that, admins should mint codes through the
5050-XRPC endpoint, for example:
5050+bootstrap code and logs it. After that, mint codes through the XRPC endpoint:
51515252```sh
5353-ZDS_ADMIN_PASSWORD='...' just invite bufo.uk https://pds.zat.dev
5353+ZDS_ADMIN_TOKEN='...' just invite https://pds.zat.dev
5454```
55555656For a multi-use code:
57575858```sh
5959-ZDS_ADMIN_PASSWORD='...' just invite bufo.uk https://pds.zat.dev 3
5959+ZDS_ADMIN_TOKEN='...' just invite https://pds.zat.dev 3
6060```
61616262For a code assigned to a specific DID:
63636464```sh
6565-ZDS_ADMIN_PASSWORD='...' just invite bufo.uk https://pds.zat.dev 1 did:plc:...
6565+ZDS_ADMIN_TOKEN='...' just invite https://pds.zat.dev 1 did:plc:...
6666```
67676868## reference notes
+2-2
docs/operations.md
···6363- `ZDS_BLOB_UPLOAD_LIMIT`: upload body limit. Default: `100000000`.
6464- `ZDS_BLOBSTORE_PATH`: disk blobstore root.
6565- `ZDS_CRAWLERS`: comma-separated relay crawl targets.
6666+- `ZDS_ADMIN_TOKEN`: bearer token for privileged local PDS administration,
6767+ including invite-code minting.
6668- `ZDS_INVITE_REQUIRED`: set to `true` to require invite codes for account
6769 creation. `describeServer` reflects this value.
6868-- `ZDS_INVITE_ADMIN_DIDS`: comma-separated account DIDs allowed to create invite
6969- codes through `com.atproto.server.createInviteCode(s)`.
70707171When invites are required and the database has no accounts or invite codes, ZDS
7272creates one bootstrap code and logs it during startup. Invite codes are stored
+4-10
justfile
···88smoke:
99 tools/smoke.sh
10101111-# mint an invite code from an admin account
1212-invite handle="bufo.uk" pds="https://pds.zat.dev" use_count="1" for_account="":
1111+# mint an invite code with the configured admin token
1212+invite pds="https://pds.zat.dev" use_count="1" for_account="":
1313 #!/usr/bin/env bash
1414 set -euo pipefail
1515- : "${ZDS_ADMIN_PASSWORD:?set ZDS_ADMIN_PASSWORD to the admin account password}"
1616- token="$(
1717- curl -fsS "{{pds}}/xrpc/com.atproto.server.createSession" \
1818- -H 'content-type: application/json' \
1919- --data "$(jq -nc --arg identifier "{{handle}}" --arg password "$ZDS_ADMIN_PASSWORD" '{identifier:$identifier,password:$password}')" |
2020- jq -r '.accessJwt'
2121- )"
1515+ : "${ZDS_ADMIN_TOKEN:?set ZDS_ADMIN_TOKEN to the configured PDS admin token}"
2216 if [[ -n "{{for_account}}" ]]; then
2317 body="$(jq -nc --argjson useCount "{{use_count}}" --arg forAccount "{{for_account}}" '{useCount:$useCount,forAccount:$forAccount}')"
2418 else
2519 body="$(jq -nc --argjson useCount "{{use_count}}" '{useCount:$useCount}')"
2620 fi
2721 curl -fsS "{{pds}}/xrpc/com.atproto.server.createInviteCode" \
2828- -H "authorization: Bearer $token" \
2222+ -H "authorization: Bearer $ZDS_ADMIN_TOKEN" \
2923 -H 'content-type: application/json' \
3024 --data "$body" |
3125 jq -r '.code'