Go to file

gilesb 3756f5e630 Add uvicorn workers for better concurrency

Run with 4 workers to handle concurrent requests without blocking.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-09 03:36:16 +00:00

.env.example

Store and display full provenance including effect_url

2026-01-07 21:29:40 +00:00

.gitignore

feat: add JWT secret via env_file, gitignore .env

2026-01-07 15:41:59 +00:00

anchoring.py

Add format_date helper to handle datetime objects in templates

2026-01-09 01:20:32 +00:00

auth.py

Add l2_server claim to JWT tokens for L1 verification

2026-01-08 17:10:33 +00:00

db.py

Add format_date helper to handle datetime objects in templates

2026-01-09 01:20:32 +00:00

deploy.sh

deploy

2026-01-07 17:16:05 +00:00

docker-compose.yml

Add format_date helper to handle datetime objects in templates

2026-01-09 01:20:32 +00:00

docker-stack.yml

feat: multi-actor ActivityPub support

2026-01-07 19:54:11 +00:00

Dockerfile

feat: Docker support for L2 server

2026-01-07 12:04:58 +00:00

ipfs_client.py

Implement atomic publishing with IPFS and DB transactions

2026-01-09 00:59:12 +00:00

keys.py

feat: RSA key management for ActivityPub signing

2026-01-07 13:51:58 +00:00

migrate.py

Migrate to PostgreSQL database, consolidate routes, improve home page

2026-01-08 00:22:21 +00:00

README.md

Fix logout to clear both legacy and shared domain cookies

2026-01-08 17:38:14 +00:00

requirements.txt

Use direct HTTP API for IPFS instead of ipfshttpclient

2026-01-08 19:40:15 +00:00

server.py

Add uvicorn workers for better concurrency

2026-01-09 03:36:16 +00:00

setup_keys.py

feat: RSA key management for ActivityPub signing

2026-01-07 13:51:58 +00:00

README.md

Art DAG L2 Server - ActivityPub

Ownership registry and ActivityPub federation for Art DAG.

What it does

Registry: Maintains owned assets with content hashes
Activities: Creates signed ownership claims (Create activities)
Federation: ActivityPub endpoints for follow/share
L1 Integration: Records completed L1 runs as owned assets
Authentication: User registration, login, JWT tokens

Setup

pip install -r requirements.txt

# Configure (optional - defaults shown)
export ARTDAG_DOMAIN=artdag.rose-ash.com
export ARTDAG_USER=giles
export ARTDAG_DATA=~/.artdag/l2
export DATABASE_URL=postgresql://artdag:artdag@localhost:5432/artdag

# Generate signing keys (required for federation)
python setup_keys.py

# Start server
python server.py

JWT Secret Configuration

The JWT secret is used to sign authentication tokens. Without a persistent secret, tokens are invalidated on server restart.

Generate a secret

# Generate a 64-character hex secret
openssl rand -hex 32
# Or with Python
python -c "import secrets; print(secrets.token_hex(32))"

Local development

export JWT_SECRET="your-generated-secret-here"
python server.py

Docker Swarm (recommended for production)

Create a Docker secret:

# From a generated value
openssl rand -hex 32 | docker secret create jwt_secret -

# Or from a file
echo "your-secret-here" > jwt_secret.txt
docker secret create jwt_secret jwt_secret.txt
rm jwt_secret.txt

Reference in docker-compose.yml:

services:
  l2-server:
    secrets:
      - jwt_secret

secrets:
  jwt_secret:
    external: true

The server reads secrets from /run/secrets/jwt_secret automatically.

Key Setup

ActivityPub requires RSA keys for signing activities. Generate them:

# Local
python setup_keys.py

# Or with custom paths
python setup_keys.py --data-dir /data/l2 --user giles

# In Docker, exec into container or mount volume
docker exec -it <container> python setup_keys.py

Keys are stored in $ARTDAG_DATA/keys/:

{username}.pem - Private key (chmod 600, NEVER share)
{username}.pub - Public key (included in actor profile)

Important: Private keys are gitignored. Back them up securely. Losing them invalidates all your signatures.

Client Commands

Upload Media

curl -X POST http://localhost:8200/assets \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <token>" \
  -d '{
    "name": "my-video",
    "content_hash": "abc123...",
    "asset_type": "video",
    "tags": ["art", "generated"]
  }'

Upload Recipe

Record an L1 run as an owned asset. This fetches the run details from the L1 server and registers the output:

curl -X POST http://localhost:8200/assets/record-run \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <token>" \
  -d '{
    "run_id": "uuid-from-l1",
    "l1_server": "https://celery-artdag.rose-ash.com",
    "output_name": "my-rendered-video"
  }'

API Endpoints

Server Info

Method	Path	Description
GET	`/`	Home page with stats

Assets

Method	Path	Description
GET	`/assets`	List all assets
GET	`/assets/{name}`	Get asset by name
POST	`/assets`	Upload media - register new asset
POST	`/assets/record-run`	Upload recipe - record L1 run

ActivityPub

Method	Path	Description
GET	`/.well-known/webfinger?resource=acct:user@domain`	Actor discovery
GET	`/users/{username}`	Actor profile
GET	`/users/{username}/outbox`	Published activities
POST	`/users/{username}/inbox`	Receive activities
GET	`/users/{username}/followers`	Followers list
GET	`/objects/{content_hash}`	Get object by hash
GET	`/activities/{index}`	Get activity by index

Authentication

Method	Path	Description
POST	`/auth/register`	Register new user
POST	`/auth/login`	Login, get JWT token
GET	`/auth/me`	Get current user

Data Storage

Data stored in PostgreSQL:

users - Registered users
assets - Asset registry
activities - Signed activities
followers - Followers list

RSA keys stored in $ARTDAG_DATA/keys/ (files, not database).

Architecture

L2 Server (port 8200)
    │
    ├── POST /assets (upload media) → Register asset → Create activity → Sign
    │
    ├── POST /assets/record-run (upload recipe) → Fetch L1 run → Register output
    │       │
    │       └── GET L1_SERVER/runs/{id}
    │
    ├── GET /users/{user}/outbox → Return signed activities
    │
    └── POST /users/{user}/inbox → Receive Follow requests