Go to file

gilesb a0ed1ae5ae Make IPFS pinning non-blocking (fire-and-forget)

IPFS pinning can take a long time if content needs to be fetched
from the network. Changed all pin operations to run in background
threads so they don't block the HTTP response.

This fixes the 30s timeout issue when publishing assets.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-09 00:26:32 +00:00

.env.example

Store and display full provenance including effect_url

2026-01-07 21:29:40 +00:00

.gitignore

feat: add JWT secret via env_file, gitignore .env

2026-01-07 15:41:59 +00:00

auth.py

Add l2_server claim to JWT tokens for L1 verification

2026-01-08 17:10:33 +00:00

db.py

Add ipfs_cid to all asset SELECT queries

2026-01-08 23:37:44 +00:00

deploy.sh

deploy

2026-01-07 17:16:05 +00:00

docker-compose.yml

Expose IPFS swarm port 4002 for P2P connectivity

2026-01-08 18:51:41 +00:00

docker-stack.yml

feat: multi-actor ActivityPub support

2026-01-07 19:54:11 +00:00

Dockerfile

feat: Docker support for L2 server

2026-01-07 12:04:58 +00:00

ipfs_client.py

Use direct HTTP API for IPFS instead of ipfshttpclient

2026-01-08 19:40:15 +00:00

keys.py

feat: RSA key management for ActivityPub signing

2026-01-07 13:51:58 +00:00

migrate.py

Migrate to PostgreSQL database, consolidate routes, improve home page

2026-01-08 00:22:21 +00:00

README.md

Fix logout to clear both legacy and shared domain cookies

2026-01-08 17:38:14 +00:00

requirements.txt

Use direct HTTP API for IPFS instead of ipfshttpclient

2026-01-08 19:40:15 +00:00

server.py

Make IPFS pinning non-blocking (fire-and-forget)

2026-01-09 00:26:32 +00:00

setup_keys.py

feat: RSA key management for ActivityPub signing

2026-01-07 13:51:58 +00:00

README.md

Art DAG L2 Server - ActivityPub

Ownership registry and ActivityPub federation for Art DAG.

What it does

Registry: Maintains owned assets with content hashes
Activities: Creates signed ownership claims (Create activities)
Federation: ActivityPub endpoints for follow/share
L1 Integration: Records completed L1 runs as owned assets
Authentication: User registration, login, JWT tokens

Setup

pip install -r requirements.txt

# Configure (optional - defaults shown)
export ARTDAG_DOMAIN=artdag.rose-ash.com
export ARTDAG_USER=giles
export ARTDAG_DATA=~/.artdag/l2
export DATABASE_URL=postgresql://artdag:artdag@localhost:5432/artdag

# Generate signing keys (required for federation)
python setup_keys.py

# Start server
python server.py

JWT Secret Configuration

The JWT secret is used to sign authentication tokens. Without a persistent secret, tokens are invalidated on server restart.

Generate a secret

# Generate a 64-character hex secret
openssl rand -hex 32
# Or with Python
python -c "import secrets; print(secrets.token_hex(32))"

Local development

export JWT_SECRET="your-generated-secret-here"
python server.py

Docker Swarm (recommended for production)

Create a Docker secret:

# From a generated value
openssl rand -hex 32 | docker secret create jwt_secret -

# Or from a file
echo "your-secret-here" > jwt_secret.txt
docker secret create jwt_secret jwt_secret.txt
rm jwt_secret.txt

Reference in docker-compose.yml:

services:
  l2-server:
    secrets:
      - jwt_secret

secrets:
  jwt_secret:
    external: true

The server reads secrets from /run/secrets/jwt_secret automatically.

Key Setup

ActivityPub requires RSA keys for signing activities. Generate them:

# Local
python setup_keys.py

# Or with custom paths
python setup_keys.py --data-dir /data/l2 --user giles

# In Docker, exec into container or mount volume
docker exec -it <container> python setup_keys.py

Keys are stored in $ARTDAG_DATA/keys/:

{username}.pem - Private key (chmod 600, NEVER share)
{username}.pub - Public key (included in actor profile)

Important: Private keys are gitignored. Back them up securely. Losing them invalidates all your signatures.

Client Commands

Upload Media

curl -X POST http://localhost:8200/assets \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <token>" \
  -d '{
    "name": "my-video",
    "content_hash": "abc123...",
    "asset_type": "video",
    "tags": ["art", "generated"]
  }'

Upload Recipe

Record an L1 run as an owned asset. This fetches the run details from the L1 server and registers the output:

curl -X POST http://localhost:8200/assets/record-run \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <token>" \
  -d '{
    "run_id": "uuid-from-l1",
    "l1_server": "https://celery-artdag.rose-ash.com",
    "output_name": "my-rendered-video"
  }'

API Endpoints

Server Info

Method	Path	Description
GET	`/`	Home page with stats

Assets

Method	Path	Description
GET	`/assets`	List all assets
GET	`/assets/{name}`	Get asset by name
POST	`/assets`	Upload media - register new asset
POST	`/assets/record-run`	Upload recipe - record L1 run

ActivityPub

Method	Path	Description
GET	`/.well-known/webfinger?resource=acct:user@domain`	Actor discovery
GET	`/users/{username}`	Actor profile
GET	`/users/{username}/outbox`	Published activities
POST	`/users/{username}/inbox`	Receive activities
GET	`/users/{username}/followers`	Followers list
GET	`/objects/{content_hash}`	Get object by hash
GET	`/activities/{index}`	Get activity by index

Authentication

Method	Path	Description
POST	`/auth/register`	Register new user
POST	`/auth/login`	Login, get JWT token
GET	`/auth/me`	Get current user

Data Storage

Data stored in PostgreSQL:

users - Registered users
assets - Asset registry
activities - Signed activities
followers - Followers list

RSA keys stored in $ARTDAG_DATA/keys/ (files, not database).

Architecture

L2 Server (port 8200)
    │
    ├── POST /assets (upload media) → Register asset → Create activity → Sign
    │
    ├── POST /assets/record-run (upload recipe) → Fetch L1 run → Register output
    │       │
    │       └── GET L1_SERVER/runs/{id}
    │
    ├── GET /users/{user}/outbox → Return signed activities
    │
    └── POST /users/{user}/inbox → Receive Follow requests