DID refactor #1139

Author: joepio

.claude/settings.local.json

@@ -13,7 +13,9 @@
       "Bash(grep -n \"pub async fn handle_get_resource\\\\|pub async fn post_commit\" /Users/joep/dev/github/atomicdata-dev/atomic-server/server/src/handlers/*.rs)",
       "Bash(cargo tauri --version)",
       "Bash(echo $ANDROID_HOME)",
-      "Bash(adb devices)"
+      "Bash(adb devices)",
+      "Bash(echo $PATH)",
+      "Bash(cargo build:*)"
     ]
   }
 }

.gitignore

@@ -8,3 +8,4 @@ trace-*.json
 artifact
 server/assets_tmp
 .netlify
+scratchpad

.zed/settings.json

@@ -0,0 +1,10 @@
+{
+  "terminal": {
+    "shell": {
+      "with_arguments": {
+        "program": "/bin/zsh",
+        "args": ["--login"]
+      }
+    }
+  }
+}

.zed/tasks.json

@@ -0,0 +1,57 @@
+[
+  {
+    "label": "run atomic-server (cargo run)",
+    "command": "cargo run --bin atomic-server",
+    "cwd": "$ZED_WORKTREE_ROOT"
+  },
+  {
+    "label": "test atomic-server (cargo nextest run)",
+    "command": "cargo nextest run",
+    "cwd": "$ZED_WORKTREE_ROOT"
+  },
+  {
+    "label": "run data-browser dev server (pnpm start)",
+    "command": "pnpm start",
+    "cwd": "$ZED_WORKTREE_ROOT/browser"
+  },
+  {
+    "label": "test data-browser e2e",
+    "command": "pnpm test-e2e",
+    "cwd": "$ZED_WORKTREE_ROOT/browser"
+  },
+  {
+    "label": "test end-to-end / E2E (npm playwright)",
+    "command": "cd server/e2e_tests/ && npm i && npm run test",
+    "cwd": "$ZED_WORKTREE_ROOT"
+  },
+  {
+    "label": "build desktop atomic-server tauri",
+    "command": "cargo tauri build",
+    "cwd": "$ZED_WORKTREE_ROOT/desktop"
+  },
+  {
+    "label": "dev desktop atomic-server tauri",
+    "command": "cargo tauri dev",
+    "cwd": "$ZED_WORKTREE_ROOT/desktop"
+  },
+  {
+    "label": "benchmark criterion atomic-server",
+    "command": "cargo criterion",
+    "cwd": "$ZED_WORKTREE_ROOT/server"
+  },
+  {
+    "label": "docs atomic data (mdbook serve)",
+    "command": "mdbook serve",
+    "cwd": "$ZED_WORKTREE_ROOT/docs"
+  },
+  {
+    "label": "run SigNoz for tracing locally (docker)",
+    "command": "git clone https://github.com/SigNoz/signoz.git /tmp/signoz 2>/dev/null || true && cd /tmp/signoz/deploy && docker compose up",
+    "cwd": "$ZED_WORKTREE_ROOT"
+  },
+  {
+    "label": "dagger call rust-build",
+    "command": "dagger call rust-build",
+    "cwd": "$ZED_WORKTREE_ROOT"
+  }
+]

Cargo.lock

@@ -8,6 +8,5 @@ members = [
   "plugin-examples/test-plugin",
   "atomic-plugin",
 ]
+
 # Tauri build is deprecated, see
-# https://github.com/atomicdata-dev/atomic-server/issues/718
-exclude = ["desktop"]

Cargo.toml

@@ -6,7 +6,7 @@ Atomic Data is moving away from a fixed "main drive" at the root `/` of a server
 ## Core Concepts
 
 ### 1. Identity vs. Alias
-- **Identity (Immutable)**: A Drive is identified by its DID: `did:ad:{genesis}?drive={hash}`.
+- **Identity (Immutable)**: A Drive is identified by its DID: `did:ad:{genesis}`.
 - **Alias (Mutable)**: A Domain or Subdomain (e.g., `joep.atomicdata.dev`, `localhost:9883`) is an alias that routes to a specific Drive DID.
 
 ### 2. Agent-First Onboarding
@@ -21,30 +21,44 @@ The server uses the HTTP `Host` header to determine which Drive to serve:
 - `jane.atomicdata.dev` -> Serves Jane's Drive.
 - `localhost:9883` -> Serves the developer's default Drive.
 
+### 4. Custom Path Routing
+Human-readable access to resources within a Drive is handled via two strategies:
+- **Flat Slugs**: If a resource has a `https://atomicdata.dev/properties/path` property (e.g., `path: "/my-blog-post"`), it is served directly at that URL relative to the Drive's domain.
+- **Hierarchical Fallback**: If no explicit `path` is found, the server traverses the hierarchy using `PARENT` and `shortname` properties (e.g., `/folders/2026/note`).
+
 ---
 
 ## Implementation Phases
 
 ### Phase 1: Backend Routing & Mapping
-- [ ] **Mapping Store**: Implement a mechanism in `atomic-server` to store and query `Host -> Drive DID` mappings.
-- [ ] **Host-Based Resolution**: Update the HTTP request handler to check the `Host` header.
-- [ ] **Relative Pathing**: Ensure that paths like `/classes` are correctly resolved relative to the Drive DID mapped to the current Host.
+- [x] **Mapping Store**: Sled `drive_mapping` tree in `lib/src/db.rs` — `add_drive_mapping` / `get_drive_did`.
+- [x] **Host-Based Resolution**: `appstate.rs::get_drive_did_for_host` — checks explicit mapping, falls back to subdomain query.
+- [x] **Relative Pathing**: `db.rs::get_resource_at_path` — traverses hierarchy relative to a Drive DID; supports both flat `path` lookups and hierarchical fallback.
 
 ### Phase 2: Drive Lifecycle & Population
-- [ ] **Standard Initialization**: Refactor `atomic_lib::populate` so it can be applied to any Drive DID (creating `/classes`, `/tags`, etc. within that drive).
-- [ ] **Drive Resource**: Ensure the Drive resource itself contains the necessary metadata (Drive Public Key, Hash, Owner).
+- [x] **Standard Initialization**: `atomic_lib::populate::bootstrap` is drive-agnostic and reusable.
+- [x] **Drive Resource metadata**: `OnboardingPage.tsx` creates the genesis drive with `write` and `read` set to the agent's DID.
 
 ### Phase 3: Server Setup & Onboarding UI
-- [ ] **Node Setup State**: Detect when a server has no mappings and enter "Setup Mode".
-- [ ] **Setup UI**: A dedicated frontend flow for creating an Agent and the first Drive.
-- [ ] **Alias Registration**: A secure way for the first Agent to "claim" the server's primary domain.
+- [x] **Node Setup State**: `db.rs::is_uninitialized` + `get_resource.rs` injects `isUninitialized: true` on root responses.
+- [x] **Setup UI**: `OnboardingPage.tsx` — generate agent keypair → genesis drive commit → set `INITIAL_DRIVE` on root → show secret.
+- [x] **Alias Registration**: `handlers/commit.rs` — after commit, if new resource has `INITIAL_DRIVE` set, calls `store.add_drive_mapping(host, drive_did)` using the `Host` header.
+- [x] **Authorization during onboarding**: `handlers/commit.rs` allows unauthenticated writes to `INITIAL_DRIVE` only when the specific host is uninitialized.
 
 ### Phase 4: Decentralized Discovery
-- [ ] **JSON-AD Headers**: Include the true `did:ad` identity in HTTP responses so clients can switch to P2P resolution.
-- [ ] **DHT/Reticulum Announces**: Servers announce the Drive hashes they host to the P2P networks.
+- [x] **JSON-AD Headers**: Added `Link: <did:ad:...>; rel="canonical"` response header in `handlers/get_resource.rs` for DID subjects.
+- [x] **DHT/Reticulum Announces**: `dht.rs` — periodic `announce_peer(SHA1(drive_did))` every 15 min; DHT fallback resolution in `get_resource.rs`.
+- [x] **Explicit Subdomains**: `Subject::Internal` explicitly stores subdomains for reliable multi-tenant routing.
 
 ---
 
+## What to work on next (priority order)
+
+1. **Path Uniqueness Validation** — ensure that two resources in the same Drive cannot share the same `path` property during `commit` validation.
+2. **Drive-Scoped Search** — update the search endpoint to respect the resolved Drive DID so results are filtered by the current "Tenant".
+3. **End-to-end test** — write a server integration test that exercises the full onboarding flow: fresh DB → `isUninitialized` → genesis drive commit → `INITIAL_DRIVE` commit → drive mapping → resource resolution.
+4. **Reticulum Pathfinding** — implement the binary announce/resolution logic for `did:ad` over the Reticulum mesh.
+
 ## Success Criteria
 1. Running `atomic-server` for the first time leads to an Agent/Drive creation flow.
 2. Multiple drives can be accessed via subdomains on the same server instance.

DIDS-DRIVES-ROUTING.md

@@ -0,0 +1,31 @@
+
+> @tomic/data-browser@0.41.0-beta.0 start /Users/joep/dev/github/atomicdata-dev/atomic-server/browser/data-browser
+> vite
+
+
+  VITE v8.0.0  ready in 1634 ms
+
+  ➜  Local:   http://localhost:5173/
+  ➜  Network: http://192.168.0.169:5173/
+  ➜  Network: http://192.168.139.3:5173/
+  ➜  Network: http://192.168.194.0:5173/
+  ➜  Network: http://192.168.215.0:5173/
+  ➜  press h + enter to show help
+node:events:485
+      throw er; // Unhandled 'error' event
+      ^
+
+Error: read EIO
+    at TTY.onStreamRead (node:internal/stream_base_commons:216:20)
+Emitted 'error' event on Interface instance at:
+    at ReadStream.onerror (node:internal/readline/interface:243:10)
+    at ReadStream.emit (node:events:507:28)
+    at emitErrorNT (node:internal/streams/destroy:170:8)
+    at emitErrorCloseNT (node:internal/streams/destroy:129:3)
+    at process.processTicksAndRejections (node:internal/process/task_queues:90:21) {
+  errno: -5,
+  code: 'EIO',
+  syscall: 'read'
+}
+
+Node.js v23.11.0

browser/data-browser/frontend.log

@@ -19,6 +19,7 @@
     "@emotion/is-prop-valid": "^1.4.0",
     "@floating-ui/dom": "^1.7.4",
     "@modelcontextprotocol/sdk": "^1.23.0",
+    "@noble/hashes": "^0.5.9",
     "@oddbird/css-anchor-positioning": "^0.6.1",
     "@openrouter/ai-sdk-provider": "^1.2.5",
     "@radix-ui/react-popover": "^1.1.15",
@@ -48,8 +49,8 @@
     "@tiptap/suggestion": "^3.11.0",
     "@tiptap/y-tiptap": "^3.0.1",
     "@tomic/lib": "workspace:*",
-    "@tomic/react": "workspace:*",
     "@tomic/plugin": "workspace:*",
+    "@tomic/react": "workspace:*",
     "@uiw/codemirror-theme-github": "^4.25.3",
     "@uiw/react-codemirror": "^4.25.3",
     "@wuchale/jsx": "^0.10.1",
@@ -102,7 +103,7 @@
     "lint-staged": "^10.5.4",
     "types-wm": "^1.1.0",
     "typescript": "^5.9.3",
-    "vite": "^7.3.1",
+    "vite": "^8.0.0",
     "vite-plugin-prismjs": "^0.0.11",
     "vite-plugin-pwa": "^1.1.0",
     "vite-plugin-webfont-dl": "^3.11.1"

browser/data-browser/package.json

@@ -33,6 +33,9 @@ const store = new Store({
   serverUrl,
 });
 
+import { bootstrap } from './bootstrap';
+bootstrap(store);
+
 await enableYjs();
 
 store.parseMetaTags();
@@ -44,7 +47,7 @@ declare global {
 }
 
 // Fetch all the Properties and Classes - this helps speed up the app.
-store.preloadPropsAndClasses();
+// store.preloadPropsAndClasses();
 
 registerCustomCreateActions();
 // Register global event handlers.