Bluesky integration on the Internet Computer
Ever wonder how a DAO can have a social media presence without trusting someone to hold the keys? This project makes that possible by integrating with the AT Protocol (the protocol behind Bluesky) through a Personal Data Server hosted entirely on the Internet Computer. It’s a Motoko implementation that lets DAOs and on-chain entities directly control their social identity - primarily for posting to Bluesky, but supporting the full protocol spec as it evolves. Built as part of a DFINITY developer grant.
Quick overview video: https://www.youtube.com/watch?v=vzTaZP5YqB4
AT Protocol / Bluesky
Source: muni.town
AT Protocol/Bluesky flips the traditional social platform model: instead of all user data living on servers controlled by the app, each user’s data lives on a Personal Data Server (PDS) that they control.
The protocol works through aggregation - Relay servers crawl PDSs across the network, collect the data, and App Views (like Bluesky) consume from the relays to render feeds and UI. Your identity and content remain portable; if you don’t like one app, you can take your data and followers to another without starting over.
This PDS implementation brings that model to the Internet Computer, letting a canister serve as the authoritative source for an organization’s AT Protocol identity and content.
Web3 Advantages
The idea came from wanting organizations on the IC to have a presence on Bluesky and other AT Protocol networks. Rather than having one person control an account, a DAO can use proposals and voting to decide what gets posted and how the identity is managed. This fits well with how many IC-native organizations already operate.
There are some practical advantages to this approach that solve real coordination problems:
No trusted account manager: Traditionally, if a DAO wants a social media presence, someone has to create the account with a password, manage the credentials, and be trusted not to go rogue or lose access. This creates a single point of failure and trust. With this implementation, the DAO canister itself is the identity - no individual holds the keys.
Automatic key management: The canister handles cryptographic key generation and signing automatically. There’s no password to remember, no private key file to secure, no recovery phrases to store safely. The Internet Computer’s chain key cryptography handles this at the protocol level. A DAO can deploy and immediately start using their AT Protocol identity without dealing with key material.
How It’s Built
The PDS canister is written in Motoko. The implementation includes:
- Full XRPC endpoint support for AT Protocol repository operations
- IPLD/CAR-based repository with commit history
- DID document serving via certified assets
- Permission system for direct control or delegation
- ICRC-120 support for automated deployment
The example DAO implementation shows how to:
- Deploy and manage PDS canisters through proposals
- Upload large WASM modules via chunked transfers
- Create posts through member voting
- Delegate specific permissions to other principals
The WebSocket Challenge
There’s one notable technical limitation worth mentioning. AT Protocol relays require a WebSocket connection (com.atproto.sync.subscribeRepos) to crawl and index PDS servers. Since the IC doesn’t support WebSocket connections, I worked around this using a reverse proxy architecture:
- A custom domain points to a Cloudflare Worker (or similar proxy)
- Regular HTTP requests go directly to the canister via
{canister-id}.raw.icp0.io - WebSocket requests get routed to a separate Node.js server
- That server polls the canister and pushes events through the WebSocket
The proxy code is straightforward - just a few lines to route one endpoint differently (example in the README). The WebSocket server implementation is available separately for anyone who needs it.
Important: You can’t use standard IC domain registration for this. The reverse proxy must handle the domain routing, otherwise the WebSocket connection won’t work properly.
The ideal solution would be native WebSocket support on the Internet Computer. That would eliminate the need for external infrastructure entirely. For now, the reverse proxy approach works but does add operational complexity.
Status
Beta - Functional but not production-ready.
The PDS canister can:
- Create, update, and delete records
- Serve DID documents
- Handle repository exports
- Manage permissions and delegates
- Integrate with relay crawlers (via the proxy)
The DAO example demonstrates a complete governance system where members can propose and vote on posts, deployments, and configuration changes.
Reusable Libraries
Building this PDS implementation required developing several lower-level libraries for working with IPFS and AT Protocol data structures. These have been published as standalone packages on MOPS (the Motoko package manager) so they can be used in other projects:
- cid - Content Identifier (CID) encoding and decoding for IPFS
- dag-cbor - DAG-CBOR codec implementation for IPLD data structures
- tid - Timestamp Identifier (TID) implementation for AT Protocol
- did - Decentralized Identifier (DID) parsing and handling
- multiformats - Multiformat, multicodec, multibase, and multihash implementations
- car - Content Addressable aRchive (CAR) file format for IPLD data
- atproto - Core AT Protocol types and utilities
These libraries are completely independent of the PDS canister and can be used in any Motoko project that needs to work with IPFS content addressing, IPLD data structures, or AT Protocol primitives.
Resources
- GitHub: GitHub - edjCase/motoko_atproto_pds: PDS canister for AT Protocol written in Motoko for the Internet Computer
- DAO Example with frontend
Future Plans
Potential directions (contingent on funding):
- Multi-tenant PDS - A shared instance where multiple DAOs register and each gets their own repository, reducing infrastructure overhead
- Additional protocols - Support for ActivityPub (Mastodon) and other decentralized social protocols
- Production hardening
Interested in collaborating? Feel free to reach out or contribute on GitHub.