Editing Personal Data Server (PDS) (section)

== Core Functions ==
=== Repository Hosting and Management ===
The primary function of a PDS is hosting and managing public AT Protocol repositories. The PDS maintains the [[Merkle Search Tree (MST)]] data structure that stores user content, handling mutations and generating [[diffs]] between repository versions. These diffs are streamed as real-time updates to [[Relay|relays]] via [[wikipedia:WebSocket|WebSockets]], allowing the network to efficiently aggregate and broadcast updates to user repositories.

The PDS validates all records against their [[lexicon]] schemas before adding them to the repository to ensure data integrity. It also provides a repository [[event stream]] that notifies subscribers of changes, including sequence numbers for ordering and a backfill period for catching up after disconnections.

For data portability, the PDS supports importing and exporting repositories as [https://ipld.io/specs/transport/car/carv1/ CAR files], allowing users to migrate between providers without losing their content or social connections.

=== Account and Identity Management ===
PDSes handle the complete lifecycle of user accounts, from creation through deletion or migration. They manage account security through email verification, password reset flows,  and email change processes.

For AT Protocol identities, PDSes resolve and maintain the connection between a user's [[handle]] and [[decentralized Identifier (DID)]], and often manage a default handle namespace  (base domain) for its users.

PDSes handle the user's cryptographic keys - both the AT Protocol signing key used to authenticate repository changes and the [[PLC]] rotation key used for identity operations. It implements the necessary cryptographic operations to generate keys, sign data, and validate signatures according to the protocol's specifications.

The PDS also handles identity operations through the PLC system, including handle changes and identity verification. When these changes occur, the PDS outputs identity and account events on its repository event stream to notify the network.

=== Blob Storage ===
Beyond text-based content, PDSes host and manages [[Blob|blobs]] - binary media files like images, videos, and other media files shared by users. They validate the content type of uploaded blobs, store them securely, and serve them publicly. Some implementations also detect sensitive metadata in blobs (like EXIF location data) and prevent upload unless explicitly overriden by the client.

PDSes track repository references to blobs and enforces restrictions on size and type. They manage the blob lifecycle by expiring never-referenced blobs and deleting blobs after their last referencing record is deleted. For moderation purposes, it also provides mechanisms to purge individual blobs from an account.

=== Authentication and Network Proxying ===
In the current network architecture, almost all client requests go through the user's PDS, which then proxies them to other services as needed. PDSes forward appropriate HTTP headers and handle authentication for these proxied requests. PDSes also handle authentication and authorization via [[OAuth]].

PDSes implement authentication mechanisms for clients, including session management and [[App Passwords|App Password]] generation. Current development aims to elevate PDSes to become a full-fledges [[OAuth]] authorization server that will track registered client software, provide web interfaces to approve or reject client privileges, and enforce scope limitations on API and repository access.

=== Private Data and Preferences ===
PDSes store arbitrary [[lexicon]]-defined private preferences and configuration for users. This aids synchronization across multiple devices and clients to ensure that personal settings can be exported and re-imported during migration. The PDS provides endpoints for storing preference data and bulk import/export operations.