KnowMe
Section 02

Core Infrastructure

The foundation relies on proven, high-performance components that handle identity, data storage, and network-wide event distribution. Each component is chosen for production stability and operational simplicity.

Tranquil PDS

RUST

The Personal Data Server is the user's home on the network. Tranquil PDS compiles to a single binary without a Node.js runtime, using PostgreSQL for robust data storage. It extends the reference PDS with enterprise-grade authentication and account delegation — essential for humans authorizing AI agents.

Authentication

  • WebAuthn/FIDO2 passkeys
  • TOTP two-factor
  • SSO login & signup
  • Backup codes & trusted devices

Authorization

  • Granular OAuth scopes
  • Consent UI with scope unchecking
  • App passwords with permissions
  • Account delegation levels

Identity

  • did:plc (default)
  • did:web (PDS-hosted subdomains)
  • Bring-your-own did:web
  • Multi-channel verification

Operations

  • Single binary deployment
  • PostgreSQL backend
  • Docker/Podman/Nix/K8s
  • Built-in admin web UI
# Quick deploy with Docker Compose $ cp example.toml config.toml $ openssl rand -base64 48 # generate secrets $ podman-compose -f docker-compose.prod.yaml up -d # Configuration precedence: # env vars → --config file → /etc/tranquil-pds/config.toml → defaults

Indigo Relay

GO

The relay subscribes to multiple PDS hosts and outputs a combined firehose event stream. It verifies repo data structure integrity and identity signatures. The current implementation scales to approximately 100 million accounts and tens of thousands of events per second at peak.

Key Characteristics

Single server (not distributed)
PostgreSQL in production, SQLite for testing
Highly concurrent, not CPU intensive
Single Go binary deployment
Prometheus metrics + OTEL traces
Admin web interface
Sync v1.1 (non-archival mode)
~$34/month for full global network
# Key environment variables RELAY_ADMIN_PASSWORD=your_admin_key DATABASE_URL=postgres://relay:CHANGEME@localhost:5432/relay RELAY_PERSIST_DIR=/data/relay/persist RELAY_REPLAY_WINDOW=24h RELAY_TRUSTED_DOMAINS=*.host.bsky.network # API endpoints GET /xrpc/com.atproto.sync.subscribeRepos (WebSocket) GET /xrpc/com.atproto.sync.getRepo (HTTP redirect) POST /xrpc/com.atproto.sync.requestCrawl GET /xrpc/com.atproto.sync.listHosts

Indigo Tap

GO

Tap is the critical bridge between the relay firehose and your Rust AppView. It handles connection management, cryptographic verification, historical backfill, and collection filtering — delivering simple JSON events that your AppView can process without dealing with binary formats or signature validation.

Delivery Modes

  • WebSocket + acks
  • Fire-and-forget
  • Webhook POST

Network Modes

  • Dynamic (add/remove)
  • Collection signal
  • Full network

Guarantees

  • At-least-once delivery
  • Per-repo ordering
  • Backfill before live
# Tap event format (JSON) { "id": 12345, "type": "record", "record": { "live": true, "did": "did:plc:abc123", "collection": "com.network.agent.task", "action": "create", "record": { /* your lexicon data */ } } }