Stratos

Appearance

Introduction

Stratos is a private permissioned data layer for ATProtocol. It keeps private records out of public purview, publishes enrollment metadata back to the PDS for discovery, and lets downstream apps serve boundary-filtered content without inventing a separate identity model.

What Problem Does It Solve?

ATProtocol is designed for open, public social data. Every record on a PDS is visible to anyone who knows the AT-URI. Stratos adds a permissioned layer on top: users can create posts that are only visible to members of specific communities, without leaving the AT Protocol identity and tooling ecosystem.

How It Works

🧑
User
alice.bsky.social
⚙️
Stratos Service
stratos.example.com
🗄️
PDS
pds.bsky.social
🔄
Indexer
stratos-indexer
🛢️
PostgreSQL
appview database
📡
AppView
zone.stratos.feed.*
💻
Client App
your application
  1. A user enrolls with a Stratos service via OAuth. The service writes a zone.stratos.actor.enrollment record to the user's PDS.
  2. The user creates private records by calling the Stratos XRPC API. Records are stored in the user's per-actor repo on Stratos, not on the PDS. A lightweight stub record is written to the PDS with a source field pointing back to Stratos.
  3. A standalone indexer subscribes to the PDS firehose (to discover enrollments) and to each user's subscribeRecords stream (to index records with their boundary metadata).
  4. An AppView queries the indexed PostgreSQL tables. When a viewer requests a feed, the AppView filters posts to only those whose boundaries overlap with the viewer's enrolled boundaries.

Repository Packages

PackageDescription
stratos-coreDomain logic, storage interfaces, schema, validation, MST commit builder
stratos-serviceHTTP/XRPC service, OAuth enrollment, repo CRUD, sync export, adapters
stratos-clientDiscovery, routing, verification, and OAuth scope helpers
stratos-indexerStandalone indexer consuming PDS + Stratos streams into AppView PostgreSQL
webappSvelte demo client for enrollment and private posting

Next Steps