Conversation
Add a new reference page documenting the Certified-operated ePDS instances — certified.one (production), dev.certified.app (staging), and the *.test.certified.app test instances — and which to use in which scenario. Also fix existing mentions that were misleading or out of date: - pages/tools/scaffold.md: stop recommending the deprecated pds-eu-west4.test.certified.app as an example PDS URL; point at dev.certified.app (staging) and cross-link to the new page. - pages/architecture/epds.md: replace the single-instance mention of certified.one with a pointer to the full services reference. - pages/roadmap.md: the 'Hypercerts PDS' table referenced pds1/pds2.certified.app which don't exist; certified.one is the production ePDS, so update the table to reflect current reality. - lib/navigation.js: add the new page to the Reference sidebar.
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 4 minutes and 46 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (8)
📝 WalkthroughWalkthroughThis PR introduces comprehensive documentation for Certified Group Service (CGS), a role-based multi-identity governance layer for AT Protocol. It adds two new documentation pages explaining CGS architecture and Certified-operated ePDS services, updates example handles from Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 3❌ Failed checks (2 warnings, 1 inconclusive)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
…ER-282) - scaffold.md: drop example hostnames from NEXT_PUBLIC_PDS_URL/EPDS_URL rows and explain the distinction between the two vars (standard OAuth target vs. optional email-login ePDS target). - roadmap.md: collapse the Hypercerts PDS table into prose that cross-links to the Certified services reference page.
- New architecture page for the Certified Group Service (CGS), covering authentication, RBAC, PDS proxying, audit logging, group lifecycle, the single-backing-PDS constraint, and future directions for governance. - Rename "Certified services" to "Certified PDSs" and move the entry above Glossary in the Reference sidebar. - Expand the Certified PDSs page with a handle-suffix explainer, an auth services section, status page links, cross-links to the new CGS page, and a callout that groups created via the hosted CGS currently land on a test PDS. - Add pds1.test.certified.app to the test instances table and note it is the current backing PDS for the hosted CGS.
The LastUpdated component appended a <p class="last-updated"> to the article imperatively, bypassing React reconciliation. When navigating to a page whose route was missing from the lastUpdated map, the effect early-returned before removing the previous element, leaving it stranded at the top of the new page's article. Always remove any existing .last-updated element on route change, before deciding whether to append a new one.
holkexyz
changed the title
Cross-linking pass from existing pages to the new CGS and Certified PDSs pages: - Glossary: add new "ePDS (extended PDS)" and "CGS (Certified Group Service)" entries, update the "PDS" entry to link to the Certified PDSs page, and sort the whole glossary alphabetically. - Architecture overview: mention CGS as the governance layer for multi-identity repositories. - ePDS page: add Certified PDSs and CGS links under Further reading. - Account & Identity: add a "Role-based governance with CGS" subsection inside Organization accounts, framing CGS as the principled alternative to shared app passwords. - Testing & Deployment: note dev.certified.app as an alternative to self-hosting a local PDS. Also correct Certified handle examples across the docs. Handles issued by the production Certified PDS (`certified.one`) end in `.certified.one`, not `.certified.app`. Updated: - getting-started/quickstart.md - tools/scaffold.md - tools/hyperboards.md - tools/hypercerts-cli.md - architecture/epds.md (code examples) - architecture/account-and-identity.md (handle example + initial random handle example) - core-concepts/certified-identity.md - reference/certified-services.md (rewrite the "Reading handles" callout, which previously claimed the hostname and handle suffix were decoupled) Derived artifacts (public/raw, search index) regenerated. Sitemap intentionally not re-staged — it contains unrelated whitespace/timestamp-only churn.
…d (HYPER-282) Adds a short paragraph to the "Certified: the reference identity provider" section of the Certified Identity page, clarifying that certified.app is where users manage their Certified identity day-to-day (sign up/in, profile, handle, groups, passwords) and that it talks to the production PDS at certified.one under the hood.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (4)
components/LastUpdated.js (1)
15-17: Scope stale-element cleanup to the injected node only.Line 15 removes the first
.last-updatedglobally, which risks deleting unrelated page content sharing that class. Prefer a dedicated data marker for the imperatively inserted element.Safer selector scoping
- const existing = document.querySelector('.last-updated'); + const existing = document.querySelector('[data-last-updated="true"]'); if (existing) existing.remove(); @@ const el = document.createElement('p'); el.className = 'last-updated'; + el.dataset.lastUpdated = 'true';Also applies to: 23-25
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/LastUpdated.js` around lines 15 - 17, The code currently uses document.querySelector('.last-updated') and removes the first matching element globally, which can delete unrelated DOM nodes; change the cleanup and selection logic to target only the imperatively inserted node by using a unique data marker (e.g., data-injected="last-updated") when creating the element and then query/remove via that attribute (replace document.querySelector('.last-updated') and the similar block at lines 23-25 with document.querySelector('[data-injected="last-updated"]') and ensure the created node (in the function that builds the .last-updated element) sets the same data-injected attribute so only the injected element is removed.pages/roadmap.md (1)
93-93: Align operator wording with the Certified services docs.Line 93 currently attributes operation to “Hypercerts,” while related docs describe these as Certified-operated services. Consider using one operator term consistently to avoid identity/ownership ambiguity.
Proposed wording tweak
-General users can use any existing ATProto PDS such as `pds.bsky.app`. Hypercerts also operates its own production, staging, and test ePDS instances for apps that want to offer "Sign in with Certified" — see [Certified services](/reference/certified-services) for the full list. +General users can use any existing ATProto PDS such as `pds.bsky.app`. Certified operates production, staging, and test ePDS instances for apps that want to offer "Sign in with Certified" — see [Certified services](/reference/certified-services) for the full list.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pages/roadmap.md` at line 93, The sentence in pages/roadmap.md attributes the PDS instances to “Hypercerts” but related docs use “Certified-operated” — update the wording for consistency by replacing “Hypercerts” with “Certified-operated” (or the agreed operator term used in the Certified services docs) in the sentence that currently reads “Hypercerts also operates its own production, staging, and test ePDS instances…” so the sentence consistently refers to the operator as Certified-operated across docs.pages/tools/scaffold.md (1)
99-99: Tighten Line 99 into a complete sentence for clarity.Small wording tweak improves readability in the env table.
✏️ Suggested edit
-| `NEXT_PUBLIC_PDS_URL` | Target PDS for the standard handle-based OAuth sign-in flow. Can be any AT Protocol PDS (Bluesky, a Certified ePDS, a self-hosted PDS, etc.). | +| `NEXT_PUBLIC_PDS_URL` | Target PDS for the standard handle-based OAuth sign-in flow. This can be any AT Protocol PDS (Bluesky, a Certified ePDS, a self-hosted PDS, etc.). |🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pages/tools/scaffold.md` at line 99, The env table entry for NEXT_PUBLIC_PDS_URL is a fragment; update the description text for the `NEXT_PUBLIC_PDS_URL` cell so it is a complete sentence (e.g., "Target PDS for the standard handle-based OAuth sign-in flow. This can be any AT Protocol PDS (Bluesky, a certified ePDS, or a self-hosted PDS)."), ensuring the phrase `NEXT_PUBLIC_PDS_URL` remains the key identifier and the explanation reads as a full sentence.pages/reference/certified-services.md (1)
48-55: Add a “last verified” stamp for volatile host/status rows.The “current test instances” and “currently …” status claims will age quickly; adding a verification date in-section will reduce ambiguity for readers.
Proposed doc tweak
### Current test instances + +_Last verified: 2026-04-10_ | Instance | Status | |---|---| | `epds1.test.certified.app` | Active | | `pds1.test.certified.app` | Active — currently used as the backing PDS for the hosted [CGS](/architecture/certified-group-service) | | `pds-eu-west4.test.certified.app` | Deprecated — do not use for new work |Also applies to: 70-71
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pages/reference/certified-services.md` around lines 48 - 55, Update the "### Current test instances" table (and the similar table around the `pds-eu-west4.test.certified.app` rows referenced at lines ~70-71) to include a last-verified timestamp for volatile host/status info: either add a new "Last verified" column to the table or append "— last verified YYYY-MM-DD" to each Status cell for `epds1.test.certified.app`, `pds1.test.certified.app`, and `pds-eu-west4.test.certified.app`; ensure the text is succinct and uses ISO date format so readers can immediately see when each status was checked.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@pages/architecture/account-and-identity.md`:
- Around line 69-70: The sentence "Certified operates a hosted CGS instance
(used by "create a group" flows on https://certified.app), and CGS is also
self-hostable..." needs a caveat that hosted "create a group" flows currently
land on a test PDS; add one concise sentence immediately after that sentence
stating that groups created via the hosted flow are placed on a test PDS (not
production) and include a link to the Certified services page for more details
so organizations don't assume production placement.
In `@pages/getting-started/testing-and-deployment.md`:
- Around line 18-19: The inline hostname `dev.certified.app` is currently
hyperlinked to the explainer page (/reference/certified-services), causing
click-target confusion; change the sentence so the hostname remains plain inline
code (`dev.certified.app`) and make only the explanatory text link to
/reference/certified-services (e.g., keep `dev.certified.app` unlinked and
ensure the phrase "See Certified PDSs" or the following explainer points to
/reference/certified-services).
In `@pages/reference/glossary.md`:
- Around line 74-76: The "Work Scopes" link under the "Work scope" section
points to the wrong route and will 404; update the markdown link target in
pages/reference/glossary.md (the "Work scope" heading / the link text "Work
Scopes") to use the registered docs route /core-concepts/cel-work-scopes instead
of /core-concepts/work-scopes so it matches lib/navigation.js.
---
Nitpick comments:
In `@components/LastUpdated.js`:
- Around line 15-17: The code currently uses
document.querySelector('.last-updated') and removes the first matching element
globally, which can delete unrelated DOM nodes; change the cleanup and selection
logic to target only the imperatively inserted node by using a unique data
marker (e.g., data-injected="last-updated") when creating the element and then
query/remove via that attribute (replace document.querySelector('.last-updated')
and the similar block at lines 23-25 with
document.querySelector('[data-injected="last-updated"]') and ensure the created
node (in the function that builds the .last-updated element) sets the same
data-injected attribute so only the injected element is removed.
In `@pages/reference/certified-services.md`:
- Around line 48-55: Update the "### Current test instances" table (and the
similar table around the `pds-eu-west4.test.certified.app` rows referenced at
lines ~70-71) to include a last-verified timestamp for volatile host/status
info: either add a new "Last verified" column to the table or append "— last
verified YYYY-MM-DD" to each Status cell for `epds1.test.certified.app`,
`pds1.test.certified.app`, and `pds-eu-west4.test.certified.app`; ensure the
text is succinct and uses ISO date format so readers can immediately see when
each status was checked.
In `@pages/roadmap.md`:
- Line 93: The sentence in pages/roadmap.md attributes the PDS instances to
“Hypercerts” but related docs use “Certified-operated” — update the wording for
consistency by replacing “Hypercerts” with “Certified-operated” (or the agreed
operator term used in the Certified services docs) in the sentence that
currently reads “Hypercerts also operates its own production, staging, and test
ePDS instances…” so the sentence consistently refers to the operator as
Certified-operated across docs.
In `@pages/tools/scaffold.md`:
- Line 99: The env table entry for NEXT_PUBLIC_PDS_URL is a fragment; update the
description text for the `NEXT_PUBLIC_PDS_URL` cell so it is a complete sentence
(e.g., "Target PDS for the standard handle-based OAuth sign-in flow. This can be
any AT Protocol PDS (Bluesky, a certified ePDS, or a self-hosted PDS)."),
ensuring the phrase `NEXT_PUBLIC_PDS_URL` remains the key identifier and the
explanation reads as a full sentence.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 482c1e65-638a-47fc-9227-cc6405c98a18
📒 Files selected for processing (31)
components/LastUpdated.jslib/lastUpdated.jsonlib/navigation.jspages/architecture/account-and-identity.mdpages/architecture/certified-group-service.mdpages/architecture/epds.mdpages/architecture/overview.mdpages/core-concepts/certified-identity.mdpages/getting-started/quickstart.mdpages/getting-started/testing-and-deployment.mdpages/reference/certified-services.mdpages/reference/glossary.mdpages/roadmap.mdpages/tools/hyperboards.mdpages/tools/hypercerts-cli.mdpages/tools/scaffold.mdpublic/raw/architecture/account-and-identity.mdpublic/raw/architecture/certified-group-service.mdpublic/raw/architecture/epds.mdpublic/raw/architecture/overview.mdpublic/raw/core-concepts/certified-identity.mdpublic/raw/getting-started/quickstart.mdpublic/raw/getting-started/testing-and-deployment.mdpublic/raw/reference/certified-services.mdpublic/raw/reference/glossary.mdpublic/raw/roadmap.mdpublic/raw/tools/hyperboards.mdpublic/raw/tools/hypercerts-cli.mdpublic/raw/tools/scaffold.mdpublic/search-index.jsonpublic/sitemap.xml
- account-and-identity.md: add caveat that hosted CGS groups currently land on a test PDS, with link to Certified PDSs page. - testing-and-deployment.md: unlink dev.certified.app hostname so it doesn't look like a clickable link to the docs page; keep the prose link to Certified PDSs. - glossary.md: fix broken Work Scopes link — was pointing at /core-concepts/work-scopes (404), now /core-concepts/cel-work-scopes.
aspiers
deleted the
adam/hyper-282-document-various-certified-infrastructure-services
branch
This was referenced Apr 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes HYPER-282.
Summary
Covers the HYPER-282 checklist with two new pages, a cross-linking pass, and cleanup.
New:
pages/reference/certified-services.md— "Certified PDSs"Documents the Certified-operated ePDS instances and which to use in which scenario:
certified.one— production ePDSdev.certified.app— staging ePDS (recommended for app developers' staging envs)*.test.certified.app— bleeding-edge test instances, with:epds1.test.certified.appactivepds1.test.certified.appactive, currently used as the backing PDS for the hosted CGSpds-eu-west4.test.certified.appdeprecatedAdditional content on the page:
certified.one(the prod ePDS backend) andcertified.app(the frontend app for managing identities)New:
pages/architecture/certified-group-service.md— "Certified Group Service (CGS)"A dedicated architecture page for CGS:
atproto-proxyvia the user's PDS)app.certified.group.repo.*vscom.atproto.repo.*)group.registerflow)GROUP_PDS_URLCross-linking pass
Wired the two new pages into existing docs so they're reachable from natural entry points:
ePDSandCGSentries, updated thePDSentry to link to the Certified PDSs page, and sorted the glossary alphabetically.certified.appas the frontend where Certified identities are managed day-to-day, talking tocertified.oneunder the hood.dev.certified.appas an alternative to self-hosting a local PDS.Handle corrections
Certified handles issued by
certified.oneend in.certified.one, not.certified.app. Corrected examples in:getting-started/quickstart.mdtools/scaffold.md,tools/hyperboards.md,tools/hypercerts-cli.mdarchitecture/epds.md(code examples)architecture/account-and-identity.md(handle example + initial random handle example)core-concepts/certified-identity.mdreference/certified-services.md— rewrote the "Reading handles" calloutCleanup of existing mentions
pages/tools/scaffold.md: stop recommending the deprecatedpds-eu-west4.test.certified.app; point atdev.certified.appand cross-link to the new pagepages/architecture/epds.md: cross-link to the new services referencepages/roadmap.md: the 'Hypercerts PDS' table listedpds1/pds2.certified.appwhich don't exist — updated to reflect thatcertified.oneis the production ePDSNav
Adds both new pages to
lib/navigation.js:Bundled bug fix
components/LastUpdated.jsimperatively appended a.last-updatedelement and early-returned when a page had no entry inlastUpdated.json, leaving the previous route's element stranded. Now cleans up before deciding whether to append.HYPER-282 checklist status
pds-eu-west4and related hostnamescertified.app(as the identity management frontend, and its relationship tocertified.one)hyperscan.dev(deferred — someone else will update)Test plan
.certified.one, not.certified.appSummary by CodeRabbit
Release Notes
New Features
Documentation
certified.one) and clarified distinction between frontend (certified.app) and PDSBug Fixes