aboutsummaryrefslogtreecommitdiffstats
path: root/doc/en/developer
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2024-07-06 11:05:22 +0000
committerMario <mario@mariovavti.com>2024-07-06 11:05:22 +0000
commit45275910e606a02b12393714ea3b0409da440d61 (patch)
tree10b2d173d58cb930f8df28fe75af73dd4974c08c /doc/en/developer
parent0c1d0f7498661fb34dcca6f3c6566e757af310a7 (diff)
parentc04e781926a78e514cdf211fa24930a331149072 (diff)
downloadvolse-hubzilla-master.tar.gz
volse-hubzilla-master.tar.bz2
volse-hubzilla-master.zip
Merge branch '9.2RC'master
Diffstat (limited to 'doc/en/developer')
-rw-r--r--doc/en/developer/api_zot.bb766
-rw-r--r--doc/en/developer/covenant.bb47
-rw-r--r--doc/en/developer/developer_guide.bb176
-rw-r--r--doc/en/developer/testing.md130
-rw-r--r--doc/en/developer/unorganized.md73
-rw-r--r--doc/en/developer/zot_protocol.bb478
6 files changed, 1670 insertions, 0 deletions
diff --git a/doc/en/developer/api_zot.bb b/doc/en/developer/api_zot.bb
new file mode 100644
index 000000000..ff937bfa5
--- /dev/null
+++ b/doc/en/developer/api_zot.bb
@@ -0,0 +1,766 @@
+[h3]Zot API[/h3]
+
+Many existing social applications and tools can interface directly using the Twitter/StatusNet API, which is available using the 'twitter_api' addon.
+
+This document describes the native API; which allows direct programmatic access to several internal data structures and libraries extending beyond the basic social interface.
+
+The API endpoints detailed below are relative to [code]api/z/1.0[/code], meaning that if an API is listed as [code]channel/stream[/code] the full API URL is [code][baseurl]/api/z/1.0/channel/stream[/code].
+
+[h3]channel/export/basic[/h3]
+
+Export basic channel data
+
+Options:
+ - sections
+ comma-separated list of data types to export
+
+ - posts
+ if true, return default sections plus 3 months of posts
+
+ If no sections are requested, the following sections are returned:
+ channel, connections, config, apps, chatrooms, events, webpages, mail, wikis
+
+ Files and large collections of posts may run into memory limits; these must generally be
+ requested separately.
+
+
+[h3]channel/stream[/h3]
+
+Fetch channel conversation items
+
+[h3]network/stream[/h3]
+
+
+Fetch network conversation items
+
+
+
+[h3]files[/h3]
+
+
+List file storage (attach DB)
+
+GET /api/z/1.0/files
+
+
+Options:
+
+ - filehash
+ return only entries matching hash (exactly)
+
+ - filename
+ return only entries matching filename (substring)
+
+ - filetype
+ return only entries matching filetype/mimetype (substring)
+
+ - start
+ start at record (default 0)
+
+ - records
+ number of records to return or 0 for unlimited
+
+
+
+Example:
+
+curl -u mychannel:mypassword https://xyz.macgirvin.com/api/z/1.0/files -d filetype=multipart/mixed
+
+
+Returns:
+[code nowrap]
+ {
+
+ "success": true,
+ "results": [
+ {
+ "id": "1",
+ "aid": "1",
+ "uid": "2",
+ "hash": "44ee8b2a1a7f36dea07b93b7747a2383a1bc0fdd08339e8928bfcbe45f65d939",
+ "filename": "Profile Photos",
+ "filetype": "multipart/mixed",
+ "filesize": "0",
+ "revision": "0",
+ "folder": "",
+ "os_storage": "1",
+ "is_dir": "1",
+ "is_photo": "0",
+ "flags": "0",
+ "created": "2016-01-02 21:51:17",
+ "edited": "2016-01-02 21:51:17",
+ "allow_cid": "",
+ "allow_gid": "",
+ "deny_cid": "",
+ "deny_gid": ""
+ },
+ {
+ "id": "12",
+ "aid": "1",
+ "uid": "2",
+ "hash": "71883f1fc64af33889229cbc79c5a056deeec5fc277d765f182f19073e1b2998",
+ "filename": "Cover Photos",
+ "filetype": "multipart/mixed",
+ "filesize": "0",
+ "revision": "0",
+ "folder": "",
+ "os_storage": "1",
+ "is_dir": "1",
+ "is_photo": "0",
+ "flags": "0",
+ "created": "2016-01-15 00:24:33",
+ "edited": "2016-01-15 00:24:33",
+ "allow_cid": "",
+ "allow_gid": "",
+ "deny_cid": "",
+ "deny_gid": ""
+ },
+ {
+ "id": "16",
+ "aid": "1",
+ "uid": "2",
+ "hash": "f48f7ec3278499d1dd86b72c3207beaaf4717b07df5cc9b373f14d7aad2e1bcd",
+ "filename": "2016-01",
+ "filetype": "multipart/mixed",
+ "filesize": "0",
+ "revision": "0",
+ "folder": "",
+ "os_storage": "1",
+ "is_dir": "1",
+ "is_photo": "0",
+ "flags": "0",
+ "created": "2016-01-22 03:24:55",
+ "edited": "2016-01-22 03:26:57",
+ "allow_cid": "",
+ "allow_gid": "",
+ "deny_cid": "",
+ "deny_gid": ""
+ }
+ ]
+ }
+[/code]
+
+
+
+[h3]filemeta[/h3]
+
+Export file metadata for any uploaded file
+
+
+[h3]filedata[/h3]
+
+
+Provides the ability to download a file from cloud storage in chunks
+
+GET /api/z/1.0/filedata
+
+
+Required:
+
+ - file_id
+ attach.hash of desired file ('begins with' match)
+
+
+Optional:
+
+ - start
+ starting byte of returned data in file (counting from 0)
+
+ - length
+ length (prior to base64 encoding) of chunk to download
+
+
+Returns:
+
+ attach (DB) structure with base64 encoded 'content' comprised of the desired chunk
+
+
+
+Example:
+
+ https://xyz.macgirvin.com/api/z/1.0/filedata?f=&file_id=9f5217770fd&start=0&length=48
+
+Returns:
+[code nowrap]
+ {
+
+ "attach": {
+ "id": "107",
+ "aid": "1",
+ "uid": "2",
+ "hash": "9f5217770fd55d563bd77f84d534d8e119a187514bbd391714626cd9c0e60207",
+ "creator": "pgcJx1IQjuPkx8aI9qheJlBMZzJz-oTPjHy3h5pWlOVOriBO_cSiUhhqwhuZ74TYJ8_ECO3pPiRMWC0q8YPCQg",
+ "filename": "pcxtopbm.c",
+ "filetype": "application/octet-stream",
+ "filesize": "3934",
+ "revision": "0",
+ "folder": "",
+ "flags": "0",
+ "is_dir": "0",
+ "is_photo": "0",
+ "os_storage": "1",
+ "os_path": "",
+ "display_path": "",
+ "content": "LyogcGN4dG9wYm0uYyAtIGNvbnZlcnQgUEMgcGFpbnRicnVzaCAoLnBjeCkgZmls",
+ "created": "2016-07-24 23:13:01",
+ "edited": "2016-07-24 23:13:01",
+ "allow_cid": "",
+ "allow_gid": "",
+ "deny_cid": "",
+ "deny_gid": "",
+ "start": 0,
+ "length": 48
+ }
+
+ }
+[/code]
+
+[h3]file/export[/h3]
+
+
+[h3]file[/h3]
+
+
+[h3]albums[/h3]
+
+
+Description: list photo albums
+
+GET /api/z/1.0/albums
+
+
+Output:
+
+ text - textual name
+
+ total - number of photos in this album
+
+ url - web URL
+
+ urlencode - textual name, urlencoded
+
+ bin2hex - textual name using bin2hex (which is used in the web URL link)
+
+
+Example:
+
+[code nowrap]
+ {
+
+ "success": true,
+ "albums": [
+ {
+ "text": "/",
+ "total": "2",
+ "url": "https://xyz.macgirvin.com/photos/hubzilla/album/",
+ "urlencode": "",
+ "bin2hex": ""
+ },
+ {
+ "text": "2016-01",
+ "total": "6",
+ "url": "https://xyz.macgirvin.com/photos/hubzilla/album/323031362d3031",
+ "urlencode": "2016-01",
+ "bin2hex": "323031362d3031"
+ },
+ {
+ "text": "2016-02",
+ "total": "7",
+ "url": "https://xyz.macgirvin.com/photos/hubzilla/album/323031362d3032",
+ "urlencode": "2016-02",
+ "bin2hex": "323031362d3032"
+ },
+ {
+ "text": "Cover Photos",
+ "total": "5",
+ "url": "https://xyz.macgirvin.com/photos/hubzilla/album/436f7665722050686f746f73",
+ "urlencode": "Cover+Photos",
+ "bin2hex": "436f7665722050686f746f73"
+ },
+ {
+ "text": "Profile Photos",
+ "total": "26",
+ "url": "https://xyz.macgirvin.com/photos/hubzilla/album/50726f66696c652050686f746f73",
+ "urlencode": "Profile+Photos",
+ "bin2hex": "50726f66696c652050686f746f73"
+ }
+ ]
+
+ }
+[/code]
+
+
+[h3]photos[/h3]
+
+
+list photo metadata
+
+
+[h3]photo[/h3]
+
+
+
+[h3]group[/h3]
+
+
+[code]GET /api/z/1.0/group[/code]
+
+Description: list privacy groups
+
+Returns: DB tables of all privacy groups.
+
+To use with API group_members, provide either 'group_id' from the id element returned in this call, or 'group_name' from the gname returned in this call.
+
+[code nowrap]
+ [
+
+ {
+ "id": "1",
+ "hash": "966c946394f3e2627bbb8a55026b5725e582407098415c02f85232de3f3fde76Friends",
+ "uid": "2",
+ "visible": "0",
+ "deleted": "0",
+ "gname": "Friends"
+ },
+ {
+ "id": "2",
+ "hash": "852ebc17f8c3ed4866f2162e384ded0f9b9d1048f93822c0c84196745f6eec66Family",
+ "uid": "2",
+ "visible": "1",
+ "deleted": "0",
+ "gname": "Family"
+ },
+ {
+ "id": "3",
+ "hash": "cc3cb5a7f9818effd7c7c80a58b09a189b62efa698a74319117babe33ee30ab9Co-workers",
+ "uid": "2",
+ "visible": "0",
+ "deleted": "0",
+ "gname": "Co-workers"
+ }
+ ]
+[/code]
+[h3]group_members[/h3]
+
+
+[code]GET /api/z/1.0/group_members[/code]
+
+Required:
+
+group_id or group_name
+
+
+Returns:
+
+group_member+abook+xchan (DB join) for each member of the privacy group
+
+[code nowrap]
+ [
+
+ {
+ "id": "1",
+ "uid": "2",
+ "gid": "1",
+ "xchan": "pgcJx1IQjuPkx8aI9qheJlBMZzJz-oTPjHy3h5pWlOVOriBO_cSiUhhqwhuZ74TYJ8_ECO3pPiRMWC0q8YPCQg",
+ "abook_id": "2",
+ "abook_account": "1",
+ "abook_channel": "2",
+ "abook_xchan": "pgcJx1IQjuPkx8aI9qheJlBMZzJz-oTPjHy3h5pWlOVOriBO_cSiUhhqwhuZ74TYJ8_ECO3pPiRMWC0q8YPCQg",
+ "abook_my_perms": "218555",
+ "abook_their_perms": "0",
+ "abook_closeness": "0",
+ "abook_created": "2016-01-02 21:16:26",
+ "abook_updated": "2016-01-02 21:16:26",
+ "abook_connected": "0000-00-00 00:00:00",
+ "abook_dob": "0000-00-00 00:00:00",
+ "abook_flags": "0",
+ "abook_blocked": "0",
+ "abook_ignored": "0",
+ "abook_hidden": "0",
+ "abook_archived": "0",
+ "abook_pending": "0",
+ "abook_unconnected": "0",
+ "abook_self": "1",
+ "abook_feed": "0",
+ "abook_profile": "",
+ "abook_incl": "",
+ "abook_excl": "",
+ "abook_instance": "",
+ "xchan_hash": "pgcJx1IQjuPkx8aI9qheJlBMZzJz-oTPjHy3h5pWlOVOriBO_cSiUhhqwhuZ74TYJ8_ECO3pPiRMWC0q8YPCQg",
+ "xchan_guid": "lql-1VnxtiO4-WF0h72wLX1Fu8szzHDOXgQaTbELwXW77k8AKFfh-hYr70vqMrc3SSvWN-Flrc5HFhRTWB7ICw",
+ "xchan_guid_sig": "PafvEL0VpKfxATxlCqDjfOeSIMdmpr3iU7X-Sysa1h5LzDpjSXsjO37tYZL-accb1M5itLlfnW5epkTa5I4flsW21zSY1A2jCuBQUTLLGV7rNyyBy7lgqJUFvAMRx0TfXzP9lcaPqlM9T1tA6jfWOsOmkdzwofGeXBnsjGfjsO2xdGYe6vwjOU0DSavukvzDMnOayB9DekpvDnaNBTxeGLM45Skzr7ZEMcNF7TeXMbnvpfLaALYEKeQs9bGH-UgAG8fBWgzVAzeBfx_XSR1rdixjyiZGP0kq0h35SlmMPcEjliodOBFwMXqpXFB7Ibp4F6o6te2p2ErViJccQVG8VNKB6SbKNXY6bhP5zVcVsJ-vR-p4xXoYJJvzTN7yTDsGAXHOLF4ZrXbo5yi5gFAlIrTLAF2EdWQwxSGyLRWKxG8PrDkzEzX6cJJ0VRcLh5z6OI5QqQNdeghPZbshMFMJSc_ApCPi9_hI4ZfctCIOi3T6bdgTNKryLm5fhy_eqjwLAZTGP-aUBgLZpb1mf2UojBn6Ey9cCyq-0T2RWyk-FcIcbV4qJ-p_8oODqw13Qs5FYkjLr1bGBq82SuolkYrXEwQClxnrfKa4KYc2_eHAXPL01iS9zVnI1ySOCNJshB97Odpooc4wk7Nb2Fo-Q6THU9zuu0uK_-JbK7IIl6go2qA",
+ "xchan_pubkey": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA18JB76lyP4zzL/y7BCej\neJnfZIWZNtM3MZvI1zEVMWmmwOS+u/yH8oPwyaDk4Y/tnj8GzMPj1lCGVRcd8EJa\nNrCMd50HODA5EsJtxpsOzRcILYjOcTtIAG1K4LtKqELi9ICAaFp0fNfa+Jf0eCek\nvPusx2/ORhy+o23hFoSMhL86o2gmaiRnmnA3Vz4ZMG92ieJEDMXt9IA1EkIqS4y5\nBPZfVPLD1pv8iivj+dtN1XjwplgjUbtxmU0/Ej808nHppscRIqx/XJ0XZU90oNGw\n/wYoK2EzJlPbRsAkwNqoFrAYlr5HPpn4BJ2ebFYQgWBUraD7HwS5atsQEaxGfO21\nlUP0+lDg9t3CXvudDj0UG1jiEKbVIGA+4aG0GN2DSC5AyRq/GRxqyay5W2vQbAZH\nyvxPGrZFO24I65g3pjhpjEsLqZ4ilTLQoLMs0drCIcRm5RxMUo4s/LMg16lT4cEk\n1qRtk2X0Sb1AMQQ2uRXiVtWz77QHMONEYkf6OW4SHbwcv5umvlv69NYEGfCcbgq0\nAV7U4/BWztUz/SWj4r194CG43I9I8dmaEx9CFA/XMePIAXQUuABfe1QMOR6IxLpq\nTHG1peZgHQKeGz4aSGrhQkZNNoOVNaZoIfcvopxcHDTZLigseEIaPPha4WFYoKPi\nUPbZ5o8gTLc750uzrnb2jwcCAwEAAQ==\n-----END PUBLIC KEY-----\n",
+ "xchan_photo_mimetype": "image/png",
+ "xchan_photo_l": "https://xyz.macgirvin.com/photo/profile/l/2",
+ "xchan_photo_m": "https://xyz.macgirvin.com/photo/profile/m/2",
+ "xchan_photo_s": "https://xyz.macgirvin.com/photo/profile/s/2",
+ "xchan_addr": "teller@xyz.macgirvin.com",
+ "xchan_url": "https://xyz.macgirvin.com/channel/teller",
+ "xchan_connurl": "https://xyz.macgirvin.com/poco/teller",
+ "xchan_follow": "https://xyz.macgirvin.com/follow?f=&url=%s",
+ "xchan_connpage": "",
+ "xchan_name": "Teller",
+ "xchan_network": "zot",
+ "xchan_instance_url": "",
+ "xchan_flags": "0",
+ "xchan_photo_date": "2016-10-19 01:26:50",
+ "xchan_name_date": "2016-01-02 21:16:26",
+ "xchan_hidden": "0",
+ "xchan_orphan": "0",
+ "xchan_censored": "0",
+ "xchan_selfcensored": "0",
+ "xchan_system": "0",
+ "xchan_pubforum": "0",
+ "xchan_deleted": "0"
+ },
+ {
+ "id": "12",
+ "uid": "2",
+ "gid": "1",
+ "xchan": "xuSMUYxw1djBB97qXsbrBN1nzJH_gFwQL6pS4zIy8fuusOfBxNlMiVb4h_q5tOEvpE7tYf1EsryjNciMuPIj5w",
+ "abook_id": "24",
+ "abook_account": "1",
+ "abook_channel": "2",
+ "abook_xchan": "xuSMUYxw1djBB97qXsbrBN1nzJH_gFwQL6pS4zIy8fuusOfBxNlMiVb4h_q5tOEvpE7tYf1EsryjNciMuPIj5w",
+ "abook_my_perms": "218555",
+ "abook_their_perms": "218555",
+ "abook_closeness": "80",
+ "abook_created": "2016-01-27 00:48:43",
+ "abook_updated": "2016-12-04 17:16:58",
+ "abook_connected": "2016-12-04 17:16:58",
+ "abook_dob": "0001-01-01 00:00:00",
+ "abook_flags": "0",
+ "abook_blocked": "0",
+ "abook_ignored": "0",
+ "abook_hidden": "0",
+ "abook_archived": "0",
+ "abook_pending": "0",
+ "abook_unconnected": "0",
+ "abook_self": "0",
+ "abook_feed": "0",
+ "abook_profile": "debb5236efb1626cfbad33ccb49892801e5f844aa04bf81f580cfa7d13204819",
+ "abook_incl": "",
+ "abook_excl": "",
+ "abook_instance": "",
+ "xchan_hash": "xuSMUYxw1djBB97qXsbrBN1nzJH_gFwQL6pS4zIy8fuusOfBxNlMiVb4h_q5tOEvpE7tYf1EsryjNciMuPIj5w",
+ "xchan_guid": "d5EMLlt1tHHZ0dANoA7B5Wq9UgXoWcFS9-gXOkL_AAejcPApoQRyxfHTuu8DoTbUaO-bYmX5HPuWuK9PHyqNmA",
+ "xchan_guid_sig": "CVWEMRPtzI1YcHfnnWHTuv3H964OAmSElgUfxMoX6RdQdxNpqb_POirpVuyP8s3W17mVCfO5V9IAjkg5iKcqCk6YcvOD_egmMy-AnM9TC1kKndQHw55CunD82Q8K_xBNSXkSROizcNkKh9DVLjJPFjW1AqtI4njkZ3EMgrWqnbFRM1qPToUoCY9zM3tEMHoAD9YX1zP90wl40LzfN-dtcNWpSBbiz9owou62uzLbN7mrCwKOMlXLjwwGswRnxIsEnb3O-FXOs8hs0mArKe9snq1-BKeD16LyzxgwlpVLElzIJZGEZGtMdIJgeRzKuBvPjsOIpQ1yAkuOpFJ3nGCM-IPOIIjAmyVl5zD3xPVcxxpZlJRn5fG1Y-gnqTgsrEQCA7M6XPWQdrdHU4akZfyUyFJDhv3uM-jon9VzrYTBw68R0WA-1Z8WafEHA4qh5OWAj85lUarwhr7iTiEckH51ypPCPs6VbT6Pw7yMaxfjFOcipashQagx0tfOlDhE5dQANOXKASFtH1J9-CZY2MQdLPQ6u54d5whuHKMGaJ0V68pnmZ2rOn7g344Ah2WCJrm17jj60QsRMorqRFj7GMdPIA1XB8Wrk88MuYOe3Dhyuu6ZWKI7YTWJS690ZVkKUqAiNHqj0W86DtaiPUc_mmGR0fHl4Gksnko3WmCFv9q2X2E",
+ "xchan_pubkey": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoj2xCJktBA8Ww7Hp+ZNL\nrNuQpo8UB/bfvRkIy+yua3xpF1TuXcnAH61kyRz8vXgOu/l2CyxQbIoaGslCV5Sy\n8JKeNXe+IilUdSSEjMIwCPfSPsYnMHsSnHWmPmclvJwEtQUKOZmW5mMuVBvXy7D2\njomFwc69AYphdyys6eQ7Dcn6+FRBiQbyMprZ5lxyVW+O4DuXVNa3ej2ebx0gCJZ4\ntTIlBoKwEey91dY+FyKVFjdwfNczpmL7LgmZXqcVx+MG3mYgibwdVMiXVj5X06cs\nV9hJ5Xi+Aklsv/UWJtjw9FVt7y9TLptnhh4Ra6T/MDmnBBIAkOR7P/X8cRv078MT\nl0IMsP0RJcDEtTLtwHFVtDs6p52KDFqclKWbqmxmxqV3OTPVYtArRGIzgnJi/5ur\nHRr5G6Cif7QY3UowsIOf78Qvy28LwSbdymgBAWwPPKIviXWxGO+9kMWdmPSUQrWy\nK0+7YA9P9fBUFfn9Hc+p8SJQmQ6OAqLwrDGiPSOlGaNrbEqwqLGgIpXwK+lEFcFJ\n3SPOjJRWdR2whlMxvpwX+39+H7dWN3vSa3Al4/Sq7qW8yW2rYwf+eGyp4Z0lRR+8\nJxFMCwZkSw5g14YdlikAPojv5V1c6KuA5ieg8G1hwyONV7A4JHPyEdPt0W0TZi6C\nCOVkPaC3xGrguETZpJfVpwUCAwEAAQ==\n-----END PUBLIC KEY-----\n",
+ "xchan_photo_mimetype": "image/png",
+ "xchan_photo_l": "https://xyz.macgirvin.com/photo/9da63aa910ea14e1501ee1a749d181a6-4",
+ "xchan_photo_m": "https://xyz.macgirvin.com/photo/9da63aa910ea14e1501ee1a749d181a6-5",
+ "xchan_photo_s": "https://xyz.macgirvin.com/photo/9da63aa910ea14e1501ee1a749d181a6-6",
+ "xchan_addr": "cloner@xyz.macgirvin.com",
+ "xchan_url": "http://abc.macgirvin.com/channel/cloner",
+ "xchan_connurl": "http://abc.macgirvin.com/poco/cloner",
+ "xchan_follow": "https://xyz.macgirvin.com/follow?f=&url=%s",
+ "xchan_connpage": "",
+ "xchan_name": "Karen",
+ "xchan_network": "zot",
+ "xchan_instance_url": "",
+ "xchan_flags": "0",
+ "xchan_photo_date": "2016-03-31 19:59:20",
+ "xchan_name_date": "2016-01-26 23:23:42",
+ "xchan_hidden": "0",
+ "xchan_orphan": "0",
+ "xchan_censored": "0",
+ "xchan_selfcensored": "0",
+ "xchan_system": "0",
+ "xchan_pubforum": "0",
+ "xchan_deleted": "0"
+ }
+
+ ]
+[/code]
+
+[h3]xchan[/h3]
+
+
+An xchan is a global location independent channel and is the primary record for a network
+identity. It may refer to channels on other websites, networks, or services.
+
+[code]GET /api/z/1.0/xchan[/code]
+
+Required: one of [ address, hash, guid ] as GET parameters
+
+Returns a portable xchan structure
+
+Example: https://xyz.macgirvin.com/api/z/1.0/xchan?f=&address=mike@macgirvin.com
+
+Returns:
+[code nowrap]
+ {
+ "hash": "jr54M_y2l5NgHX5wBvP0KqWcAHuW23p1ld-6Vn63_pGTZklrI36LF8vUHMSKJMD8xzzkz7s2xxCx4-BOLNPaVA",
+ "guid": "sebQ-IC4rmFn9d9iu17m4BXO-kHuNutWo2ySjeV2SIW1LzksUkss12xVo3m3fykYxN5HMcc7gUZVYv26asx-Pg",
+ "guid_sig": "Llenlbl4zHo6-g4sa63MlQmTP5dRCrsPmXHHFmoCHG63BLq5CUZJRLS1vRrrr_MNxr7zob_Ykt_m5xPKe5H0_i4pDj-UdP8dPZqH2fqhhx00kuYL4YUMJ8gRr5eO17vsZQ3XxTcyKewtgeW0j7ytwMp6-hFVUx_Cq08MrXas429ZrjzaEwgTfxGnbgeQYQ0R5EXpHpEmoERnZx77VaEahftmdjAUx9R4YKAp13pGYadJOX5xnLfqofHQD8DyRHWeMJ4G1OfWPSOlXfRayrV_jhnFlZjMU7vOdQwHoCMoR5TFsRsHuzd-qepbvo3pzvQZRWnTNu6oPucgbf94p13QbalYRpBXKOxdTXJrGdESNhGvhtaZnpT9c1QVqC46jdfP0LOX2xrVdbvvG2JMWFv7XJUVjLSk_yjzY6or2VD4V6ztYcjpCi9d_WoNHruoxro_br1YO3KatySxJs-LQ7SOkQI60FpysfbphNyvYMkotwUFI59G08IGKTMu3-GPnV1wp7NOQD1yzJbGGEGSEEysmEP0SO9vnN45kp3MiqbffBGc1r4_YM4e7DPmqOGM94qksOcLOJk1HNESw2dQYWxWQTBXPfOJT6jW9_crGLMEOsZ3Jcss0XS9KzBUA2p_9osvvhUKuKXbNztqH0oZIWlg37FEVsDs_hUwUJpv2Ar09k4",
+ "pubkey": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7QCwvuEIwCHjhjbpz3Oc\ntyei/Pz9nDksNbsc44Cm8jxYGMXsTPFXDZYCcCB5rcAhPPdZSlzaPkv4vPVcMIrw\n5cdX0tvbwa3rNTng6uFE7qkt15D3YCTkwF0Y9FVZiZ2Ko+G23QeBt9wqb9dlDN1d\nuPmu9BLYXIT/JXoBwf0vjIPFM9WBi5W/EHGaiuqw7lt0qI7zDGw77yO5yehKE4cu\n7dt3SakrXphL70LGiZh2XGoLg9Gmpz98t+gvPAUEotAJxIUqnoiTA8jlxoiQjeRK\nHlJkwMOGmRNPS33awPos0kcSxAywuBbh2X3aSqUMjcbE4cGJ++/13zoa6RUZRObC\nZnaLYJxqYBh13/N8SfH7d005hecDxWnoYXeYuuMeT3a2hV0J84ztkJX5OoxIwk7S\nWmvBq4+m66usn6LNL+p5IAcs93KbvOxxrjtQrzohBXc6+elfLVSQ1Rr9g5xbgpub\npSc+hvzbB6p0tleDRzwAy9X16NI4DYiTj4nkmVjigNo9v2VPnAle5zSam86eiYLO\nt2u9YRqysMLPKevNdj3CIvst+BaGGQONlQalRdIcq8Lin+BhuX+1TBgqyav4XD9K\nd+JHMb1aBk/rFLI9/f2S3BJ1XqpbjXz7AbYlaCwKiJ836+HS8PmLKxwVOnpLMbfH\nPYM8k83Lip4bEKIyAuf02qkCAwEAAQ==\n-----END PUBLIC KEY-----\n",
+ "photo_mimetype": "image/jpeg",
+ "photo_l": "https://xyz.macgirvin.com/photo/350b74555c04429148f2e12775f6c403-4",
+ "photo_m": "https://xyz.macgirvin.com/photo/350b74555c04429148f2e12775f6c403-5",
+ "photo_s": "https://xyz.macgirvin.com/photo/350b74555c04429148f2e12775f6c403-6",
+ "address": "mike@macgirvin.com",
+ "url": "https://macgirvin.com/channel/mike",
+ "connurl": "https://macgirvin.com/poco/mike",
+ "follow": "https://macgirvin.com/follow?f=&url=%s",
+ "connpage": "https://macgirvin.com/connect/mike",
+ "name": "Mike Macgirvin",
+ "network": "zot",
+ "instance_url": "",
+ "flags": "0",
+ "photo_date": "2012-12-06 05:06:11",
+ "name_date": "2012-12-06 04:59:13",
+ "hidden": "1",
+ "orphan": "0",
+ "censored": "0",
+ "selfcensored": "0",
+ "system": "0",
+ "pubforum": "0",
+ "deleted": "0"
+ }
+[/code]
+[h3]item/update[/h3]
+
+
+Create or update an item (post, activity, webpage, etc.)
+
+Usage: [code]POST /api/z/1.0/item/update[/code]
+
+Description: item/update posts an item (typically a conversation item or post, but can be any item) using form input.
+
+
+Required:
+
+- body
+
+ text/bbcode contents by default.
+
+
+Optional:
+
+- $_FILES['media']
+
+ uploaded media file to include with post
+
+- title
+
+ title of post/item
+
+- contact_allow
+
+ array of xchan.xchan_hash allowed to view this item
+
+- group_allow
+
+ array of group.hash allowed to view this item
+
+- contact_deny
+
+ array of xchan.xchan_hash not allowed to view this item
+
+- group_deny
+
+ array of group.hash not allowed to view this item
+
+- coord
+
+ geographic coordinates
+
+- location
+
+ freefrom location
+
+- expire
+
+ datetime this post will expire or be removed
+
+- mimetype
+
+ mimetype if not text/bbcode
+
+- parent
+
+ item.id of parent to this post (makes it a comment)
+
+- parent_mid
+
+ alternate form of parent using message_id
+
+- remote_xchan
+
+ xchan.xchan_hash of this message author if not the channel owner
+
+- consensus
+
+ boolean set to true if this is a consensus or voting item (default false)
+
+- nocomment
+
+ boolean set to true if comments are to be disabled (default false)
+
+- origin
+
+ do not use this without reading the code
+
+- namespace
+
+ persistent identity for a remote network or service
+
+- remote_id
+
+ message_id of this resource on a remote network or service
+
+- message_id
+
+ message_id of this item (leave unset to generate one)
+
+- created
+
+ datetime of message creation
+
+- post_id
+
+ existing item.id if this is an edit operation
+
+- app
+
+ application or network name to display with item
+
+- category
+
+ comma separated categories for this item
+
+- webpage
+
+ item.page_type if not 0
+
+- pagetitle
+
+ for webpage and design elements, the 'page name'
+
+- layout_mid
+
+ item.mid of layout for this design element
+
+- plink
+
+ permalink for this item if different than the default
+
+- verb
+
+ activitystream verb for this item/activity
+
+- obj_type
+
+ activitystream object type for this item/activity
+
+
+
+Example:
+
+ curl -u mychannel:mypassword https://xyz.macgirvin.com/api/z/1.0/item/update -d body="hello world"
+
+
+Returns:
+
+[code nowrap]
+ {
+
+ "success": true,
+ "item_id": "2245",
+ "item": {
+ "id": "2245",
+ "mid": "14135cdecf6b8e3891224e4391748722114da6668eebbcb56fe4667b60b88249@xyz.macgirvin.com",
+ "aid": "1",
+ "uid": "2",
+ "parent": "2245",
+ "parent_mid": "14135cdecf6b8e3891224e4391748722114da6668eebbcb56fe4667b60b88249@xyz.macgirvin.com",
+ "thr_parent": "14135cdecf6b8e3891224e4391748722114da6668eebbcb56fe4667b60b88249@xyz.macgirvin.com",
+ "created": "2016-12-03 20:00:12",
+ "edited": "2016-12-03 20:00:12",
+ "expires": "0001-01-01 00:00:00",
+ "commented": "2016-12-03 20:00:12",
+ "received": "2016-12-03 20:00:12",
+ "changed": "2016-12-03 20:00:12",
+ "comments_closed": "0001-01-01 00:00:00",
+ "owner_xchan": "pgcJx1IQjuPkx8aI9qheJlBMZzJz-oTPjHy3h5pWlOVOriBO_cSiUhhqwhuZ74TYJ8_ECO3pPiRMWC0q8YPCQg",
+ "author_xchan": "pgcJx1IQjuPkx8aI9qheJlBMZzJz-oTPjHy3h5pWlOVOriBO_cSiUhhqwhuZ74TYJ8_ECO3pPiRMWC0q8YPCQg",
+ "source_xchan": "",
+ "mimetype": "text/bbcode",
+ "title": "",
+ "body": "hello world",
+ "html": "",
+ "app": "",
+ "lang": "",
+ "revision": "0",
+ "verb": "http://activitystrea.ms/schema/1.0/post",
+ "obj_type": "http://activitystrea.ms/schema/1.0/note",
+ "obj": "",
+ "tgt_type": "",
+ "target": "",
+ "layout_mid": "",
+ "postopts": "",
+ "route": "",
+ "llink": "https://xyz.macgirvin.com/display/14135cdecf6b8e3891224e4391748722114da6668eebbcb56fe4667b60b88249@xyz.macgirvin.com",
+ "plink": "https://xyz.macgirvin.com/channel/mychannel/?f=&mid=14135cdecf6b8e3891224e4391748722114da6668eebbcb56fe4667b60b88249@xyz.macgirvin.com",
+ "resource_id": "",
+ "resource_type": "",
+ "attach": "",
+ "sig": "sa4TOQNfHtV13HDZ1tuQGWNBpZp-nWhT2GMrZEmelXxa_IvEepD2SEsCTWOBqM8OKPJLfNy8_i-ORXjrOIIgAa_aT8cw5vka7Q0C8L9eEb_LegwQ_BtH0CXO5uT30e_8uowkwzh6kmlVg1ntD8QqrGgD5jTET_fMQOIw4gQUBh40GDG9RB4QnPp_MKsgemGrADnRk2vHO7-bR32yQ0JI-8G-eyeqGaaJmIwkHoi0vXsfjZtU7ijSLuKEBWboNjKEDU89-vQ1c5Kh1r0pmjiDk-a5JzZTYShpuhVA-vQgEcADA7wkf4lJZCYNwu3FRwHTvhSMdF0nmyv3aPFglQDky38-SAXZyQSvd7qlABHGCVVDmYrYaiq7Dh4rRENbAUf-UJFHPCVB7NRg34R8HIqmOKq1Su99bIWaoI2zuAQEVma9wLqMoFsluFhxX58KeVtlCZlro7tZ6z619-dthS_fwt0cL_2dZ3QwjG1P36Q4Y4KrCTpntn9ot5osh-HjVQ01h1I9yNCj6XPgYJ8Im3KT_G4hmMDFM7H9RUrYLl2o9XYyiS2nRrf4aJHa0UweBlAY4zcQG34bw2AMGCY53mwsSArf4Hs3rKu5GrGphuwYX0lHa7XEKMglwBWPWHI49q7-oNWr7aWwn1FnfaMfl4cQppCMtKESMNRKm_nb9Dsh5e0",
+ "diaspora_meta": "",
+ "location": "",
+ "coord": "",
+ "public_policy": "",
+ "comment_policy": "contacts",
+ "allow_cid": "",
+ "allow_gid": "",
+ "deny_cid": "",
+ "deny_gid": "",
+ "item_restrict": "0",
+ "item_flags": "0",
+ "item_private": "0",
+ "item_origin": "1",
+ "item_unseen": "0",
+ "item_starred": "0",
+ "item_uplink": "0",
+ "item_consensus": "0",
+ "item_wall": "1",
+ "item_thread_top": "1",
+ "item_notshown": "0",
+ "item_nsfw": "0",
+ "item_relay": "0",
+ "item_mentionsme": "0",
+ "item_nocomment": "0",
+ "item_obscured": "0",
+ "item_verified": "1",
+ "item_retained": "0",
+ "item_rss": "0",
+ "item_deleted": "0",
+ "item_type": "0",
+ "item_hidden": "0",
+ "item_unpublished": "0",
+ "item_delayed": "0",
+ "item_pending_remove": "0",
+ "item_blocked": "0"
+ }
+
+ }
+[/code]
+[h3]item/full[/h3]
+
+
+Get all data associated with an item
+
+[h3]abook[/h3]
+
+
+Connections
+
+[h3]abconfig[/h3]
+
+
+Connection metadata (such as permissions)
+
+[h3]perm_allowed[/h3]
+
+
+Check a permission for a given xchan
diff --git a/doc/en/developer/covenant.bb b/doc/en/developer/covenant.bb
new file mode 100644
index 000000000..431cc74e9
--- /dev/null
+++ b/doc/en/developer/covenant.bb
@@ -0,0 +1,47 @@
+[size=large]Contributor Covenant Code of Conduct[/size]
+
+[h3]Our Pledge[/h3]
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+[h3]Our Standards[/h3]
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+[list]
+ [*]Using welcoming and inclusive language
+ [*]Being respectful of differing viewpoints and experiences
+ [*]Gracefully accepting constructive criticism
+ [*]Focusing on what is best for the community
+ [*]Showing empathy towards other community members
+[/list]
+
+Examples of unacceptable behavior by participants include:
+
+[list]
+ [*]The use of sexualized language or imagery and unwelcome sexual attention or advances
+ [*]Trolling, insulting/derogatory comments, and personal or political attacks
+ [*]Public or private harassment
+ [*]Publishing others' private information, such as a physical or electronic address, without explicit permission
+ [*]Other conduct which could reasonably be considered inappropriate in a professional setting
+[/list]
+
+[h3]Our Responsibilities[/h3]
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+[h3]Scope[/h3]
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+[h3]Enforcement[/h3]
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at project&#x40;hubzilla.org. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+
+[h3]Attribution[/h3]
+
+This Code of Conduct is adapted from the [url=http://contributor-covenant.org]Contributor Covenant[/url], version 1.4, available at [url=http://contributor-covenant.org/version/1/4/]http://contributor-covenant.org/version/1/4[/url].
+
diff --git a/doc/en/developer/developer_guide.bb b/doc/en/developer/developer_guide.bb
new file mode 100644
index 000000000..d04cec121
--- /dev/null
+++ b/doc/en/developer/developer_guide.bb
@@ -0,0 +1,176 @@
+[h3]Who is a $Projectname developer? Should I read this?[/h3]
+
+Anyone who contributes to making $Projectname better is a developer. There are many different and important ways you can contribute to this amazing technology, [i]even if you do not know how to write code[/i]. The software itself is only a part of the $Projectname project. You can contribute by
+[list]
+[*] translating text to your language so that people around the world have the opportunity to use $Projectname
+[*] promoting $Projectname and spreading awareness of the platform through blog posts, articles, and word-of-mouth
+[*] creating artwork and graphics for project assets such as icons and marketing material
+[*] supporting project infrastructure like the project website and demo servers
+[/list]
+[i]Software[/i] developers are of course welcomed; there are so many great ideas to implement and not enough people to make them all a reality! The $Projectname code base is an advanced and mature system, but the platform is still very flexible and responsive to new ideas.
+
+We're pretty relaxed when it comes to developers. We don't have a lot of rules. Some of us are over-worked and if you want to help we're happy to let you help. That said, attention to a few guidelines will make the process smoother and make it easier to work together. All developers are expected to abide by our [zrl=[baseurl]/help/developer/covenant]code of conduct[/zrl]. We have developers from across the globe with different abilities and different cultural backgrounds and different levels of patience. Our primary rule is to respect others. Sometimes this is hard and sometimes we have very different opinions of how things should work, but if everybody makes an effort, we'll get along just fine.
+
+This document will help you get started learning and contributing to $Projectname.
+
+[h3]Versions and Releases[/h3]
+
+$Projectname currently uses a standard version numbering sequence of $x.$y(.$z), for instance '1.12' or '1.12.1'. The first digit is the major version number. Major versions are released "roughly" once per year; often in December.
+
+The second digit is the minor release number. If this number is odd, it is a development version. If the number is even, it is a released version. Minor versions are released (moved from dev to master) typically once per month when development is 'stable', but this is likely to increase. Going forward minor releases will be made somewhere between one and three months; corresponding to a stable code point and when there is general community consensus that the current code base is stable enough to consider a release.
+
+The final digit is an interface or patch designator.
+
+The release process involves changing the version number (by definition the minor version number will be odd, and the minor number will be incremented). Once a year for a major release the major version will be incremented, and the minor number reset to 0.
+
+The release candidate is moved to a new branch; and testing will commence/continue for a period of 1-2 weeks afterward or until any significant issues have been resolved. This branch is usually labelled with RC (release candidate); for instance 1.8RC represents the pending release of version 1.8. At this time, the minor version number on the dev branch is incremented to the next odd number. (For instance 1.9). New development can then take place in the dev branch.
+
+Bug fixes should always be applied to 'dev' and from there merged forward (typically with git cherry-pick) to the RC branch and if necessary applied to the master or official release branch.
+
+At the time a release candidate is produced, the language strings file is frozen until a release is made. Translation work may continue, but all translations should be submitted to 'dev' and merged forward to RC.
+
+Once RC testing is completed, RC is merged to 'master' and the RC version designator removed; resulting in one final checkin to change the version number. The CHANGELOG file should also be updated at or just prior to this time. If there are merge conflicts during this final merge, the merge will be abandoned; and 'git merge -s ours' applied. This results in a replacement of master with the contents of the RC branch. Conflicts often arise with string updates which were made to master after the last release and cannot easily be resolved without hand editing. Since this is a release of tested code, hand editing is discouraged, and the replacement merge strategy should be used instead. It is assumed that RC now contains the most recent well-tested code.
+
+Once the release is live and merged to master, the RC branch may be removed.
+
+Fixes may be made to master after release. Where possible these should be made to dev and 'git cherry-pick' used to merge forward; which preserves the commit info and prevents merge conflicts in the next cycle. Only rarely does a patch only apply to the master branch. If necessary this can be made. If the change is severe, the interface version number should be incremented. This is at the discretion of the community. In any event, a 'git pull' of the master branch should always result in the latest release with any post-release patches applied.
+
+The interface number (the $z in $x.$y.$z) should be incremented in dev whenever a change is made which changes the interfaces or API in incompatible ways so that any external packages (especially addons and API clients) relying on a the current behaviour can discover and change their own interfaces accordingly at the point that it changed.
+
+[h3]Git repository branches[/h3]
+
+There are two official branches of the $Projectname git repo.
+[list]
+[*] The stable version is maintained on the [b]master[/b] branch. The latest commit in this branch is considered to be suitable for production hubs.
+[*] Experimental development occurs on the [b]dev[/b] branch, which is merged into [b]master[/b] when it is deemed tested and stable enough.
+[/list]
+
+[h3]Developer tools and workflows[/h3]
+
+[h4]Hub Snapshots[/h4]
+
+The [url=[baseurl]/help/admin/hub_snapshots]hub snapshots[/url] page provides instructions and scripts for taking complete snapshots of a hub to support switching between consistent and completely known states. This is useful to prevent situations where the content or database schema might be incompatible with the code.
+
+[h3]Translations[/h3]
+
+Our translations are managed through Transifex. If you wish to help out translating $Projectname to another language, sign up on transifex.com, visit [url=https://www.transifex.com/Friendica/hubzilla/]Transifex[/url] and request to join one of the existing language teams or create a new one. Notify one of the core developers when you have a translation update which requires merging, or ask about merging it yourself if you're comfortable with git and PHP. We have a string file called 'messages.po' which is gettext compliant and a handful of email templates, and from there we automatically generate the application's language files.
+
+[h4]Translation Process[/h4]
+
+The strings used in the UI of $Projectname is translated at [url=https://www.transifex.com/Friendica/hubzilla/]Transifex[/url] and then
+included in the git repository at github. If you want to help with translation
+for any language, be it correcting terms or translating $Projectname to a
+currently not supported language, please register an account at transifex.com
+and contact the translation team there.
+
+Translating $Projectname is simple. Just use the online tool at transifex. If you
+don't want to deal with git & co. that is fine, we check the status of the translations
+regularly and import them into the source tree at github so that others can use them.
+
+We do not include every translation from transifex in the source tree to avoid
+a scattered and disturbed overall experience. As an uneducated guess we have a
+lower limit of 50% translated strings before we include the language. This
+limit is judging only by the amount of translated strings under the assumption
+that the most prominent strings for the UI will be translated first by a translation
+team. If you feel your translation useable before this limit,
+please contact us and we will probably include your teams work in the source tree.
+
+If you want to get your work into the source tree yourself, feel free to do so
+and contact us with and question that arises. The process is simple and
+$Projectname ships with all the tools necessary.
+
+The location of the translated files in the source tree is
+ /view/LNG-CODE/
+where LNG-CODE is the language code used, e.g. de for German or fr for French.
+For the email templates (the *.tpl files) just place them into the directory
+and you are done. The translated strings come as a "hmessages.po" file from
+Transifex which needs to be translated into the PHP file $Projectname uses. To do
+so, place the file in the directory mentioned above and use the "po2php"
+utility from the util directory of your $Projectname installation.
+
+Assuming you want to convert the German localization which is placed in
+view/de/hmessages.po you would do the following.
+
+1. Navigate at the command prompt to the base directory of your
+ $Projectname installation
+
+2. Execute the po2php script, which will place the translation
+ in the hstrings.php file that is used by $Projectname.
+
+ $> php util/po2php.php view/de/hmessages.po
+
+ The output of the script will be placed at view/de/hstrings.php where
+ froemdoca os expecting it, so you can test your translation mmediately.
+
+3. Visit your $Projectname page to check if it still works in the language you
+ just translated. If not try to find the error, most likely PHP will give
+ you a hint in the log/warnings.about the error.
+
+ For debugging you can also try to "run" the file with PHP. This should
+ not give any output if the file is ok but might give a hint for
+ searching the bug in the file.
+
+ $> php view/de/hstrings.php
+
+4. commit the two files with a meaningful commit message to your git
+ repository, push it to your fork of the $Projectname repository at github and
+ issue a pull request for that commit.
+
+[h4]Utilities[/h4]
+
+Additional to the po2php script there are some more utilities for translation
+in the "util" directory of the $Projectname source tree. If you only want to
+translate $Projectname into another language you wont need any of these tools most
+likely but it gives you an idea how the translation process of $Projectname
+works.
+
+For further information see the utils/README file.
+
+[h4]Known Problems[/h4]
+
+* $Projectname uses the language setting of the visitors browser to determain the
+ language for the UI. Most of the time this works, but there are some known
+ quirks.
+* the early translations are based on the friendica translations, if you
+ some rough translations please let us know or fix them at Transifex.
+
+[h3]Licensing[/h3]
+
+All code contributed to the project falls under the MIT license, unless otherwise specified. We will accept third-party code which falls under MIT, BSD and LGPL, but copyleft licensing (GPL, and AGPL) is only permitted in addons. It must be possible to completely remove the GPL (copyleft) code from the main project without breaking anything.
+
+[h3]Coding Style[/h3]
+
+In the interests of consistency we adopt the following code styling. We may accept patches using other styles, but where possible please try to provide a consistent code style. We aren't going to argue or debate the merits of this style, and it is irrelevant what project 'xyz' uses. This is not project 'xyz'. This is a baseline to try and keep the code readable now and in the future.
+[list]
+[*]All comments should be in English.
+[*]We use doxygen to generate documentation. This hasn't been consistently applied, but learning it and using it are highly encouraged.
+[*]Indentation is accomplished primarily with tabs using a tab-width of 4.
+[*]String concatenation and operators should be separated by whitespace. e.g. "$foo = $bar . 'abc';" instead of "$foo=$bar.'abc';"
+[*]Generally speaking, we use single quotes for string variables and double quotes for SQL statements. "Here documents" should be avoided. Sometimes using double quoted strings with variable replacement is the most efficient means of creating the string. In most cases, you should be using single quotes.
+[*]Use whitespace liberally to enhance readability. When creating arrays with many elements, we will often set one key/value pair per line, indented from the parent line appropriately. Lining up the assignment operators takes a bit more work, but also increases readability.
+[*]Generally speaking, opening braces go on the same line as the thing which opens the brace. They are the last character on the line. Closing braces are on a line by themselves.
+[*]Some functions take arguments in argc/argv style like main() in C or function args in bash or Perl. Urls are broken up within a module. e.g, given "http://example.com/module/arg1/arg2", then $this->argc will be 3 (integer) and $this->argv will contain: [0] => 'module', [1] => 'arg1', [2] => 'arg2'. There will always be one argument. If provided a naked domain URL, $this->argv[0] is set to "home".
+[/list]
+
+[h3]File system layout[/h3]
+[table border=0]
+[th]Directory[/th][th]Description[/th][/tr]
+[tr][td]addon[/td][td]optional addons/plugins[/td][/tr]
+[tr][td]boot.php[/td][td]Every process uses this to bootstrap the application structure[/td][/tr]
+[tr][td]doc[/td][td]Help Files[/td][/tr]
+[tr][td]images[/td][td]core required images[/td][/tr]
+[tr][td]include[/td][td]The "model" in MVC - (back-end functions), also contains PHP "executables" for background processing[/td][/tr]
+[tr][td]index.php[/td][td]The front-end controller for web access[/td][/tr]
+[tr][td]install[/td][td]Installation and upgrade files and DB schema[/td][/tr]
+[tr][td]library[/td][td]Third party modules (must be license compatible)[/td][/tr]
+[tr][td]mod[/td][td]Controller modules based on URL pathname (e.g. [url=http://sitename/foo]http://sitename/foo[/url] loads mod/foo.php)[/td][/tr]
+[tr][td]mod/site/[/td][td]site-specific mod overrides, excluded from git[/td][/tr]
+[tr][td]util[/td][td]translation tools, main English string database and other miscellaneous utilities[/td][/tr]
+[tr][td]version.inc[/td][td]contains current version (auto-updated via cron for the master repository and distributed via git)[/td][/tr]
+[tr][td]view[/td][td]theming and language files[/td][/tr]
+[tr][td]view/(css,js,img,php,tpl)[/td][td]default theme files[/td][/tr]
+[tr][td]view/(en,it,es ...)[/td][td]language strings and resources[/td][/tr]
+[tr][td]view/theme/[/td][td]individual named themes containing (css,js,img,php,tpl) over-rides[/td][/tr]
+[/table]
+
+[b][url=[baseurl]/help/developer/unorganized]More information needing re-organization and updating...[/url][/b]
diff --git a/doc/en/developer/testing.md b/doc/en/developer/testing.md
new file mode 100644
index 000000000..f7e8ffeba
--- /dev/null
+++ b/doc/en/developer/testing.md
@@ -0,0 +1,130 @@
+# Testing
+
+Hubzilla uses [PHPUnit] for automated testing, often called _unit testing_ or _integration testing_.
+
+The tests are written as PHP classes, and live under the `tests/unit` subdirectory of the main Hubzilla repository. This guide will explain how to run the tests, how the tests are structured, and how you can write your own tests.
+
+## Running the test suite
+
+### Installing the dependencies
+
+To be able to run the tests you have to install the developer dependencies listen in the `composer.json` file. Make sure you have [composer installed] on your development system, and then run:
+
+ % composer install
+
+This will install phpunit and a few other dependencies. It will also update some files in the `vendor/composer` subdirectory. This may seem a bit noisy, but it's important that these changes are *not* committed to the repository!
+
+**Warning:** Do not commit the changes to the files in the `vendor/composer` directory to your repository!
+
+### Setting up the test database
+
+We have included a script (`tests/create_test_db.sh`) that will help you set up the test database. You can run it like this:
+
+ % HZ_TEST_DB_TYPE=mysql ./tests/create_test_db.sh
+
+If you are running PostgreSQL instead, you create the test db like this:
+
+ % HZ_TEST_DB_TYPE=postgres ./tests/create_test_db.sh
+
+The script make some assumptions about your setup, but everything is configurable using environment variables. If you need any customization, see the script source for the details.
+
+### Running the tests
+
+Once you have installed the developer dependencies and set up the test database, you can run the tests like this:
+
+ % ./vendor/bin/phpunit -c tests/phpunit.xml
+
+Again, by default the configuration in `tests/phpunit.xml` makes some assumptions about your setup, which can be overridden using environment variables. See `tests/phpunit.xml` for the details.
+
+You can also run a specific test, or a specific set of tests using the `--filter` argument to PHPUnit:
+
+ % ./vendor/bin/phpunit -c tests/phpunit.xml --filter Autoname
+
+Will run any test mathcing "Autoname".
+
+### Generating coverage reports
+
+To generate coverage reports you need a driver that is able to generate the coverage info that PHPUnit will collect. We recommend [Xdebug], but see the PHPUnit [page on code coverage analysis](https://docs.phpunit.de/en/9.6/code-coverage-analysis.html) for alternatives and details.
+
+With Xdebug properly set up, you can generate the coverage report like this:
+
+ % XDEBUG_MODE=coverage ./vendor/bin/phpunit -c ./tests/phpunit.xml
+
+This will generate a number of HTML files in directories under the `tests/results/coverage/` subdirectory.
+
+Open the `index.php file in your web browser to view the stats.
+
+### Debugging
+
+With Xdebug installed, you can also do step debugging and a number of other things to debug and get information about the execution of the tests. See the [Xdebug] pages and your prefered editor for how to set this up.
+
+## Test structure and organization
+
+Tests are located in the `tests/unit` subdirectory, and subdirectories under there again, more or less reflecting the directory layout of the core code repository.
+
+Tests are written as PHP classes that extends the UnitTestCase class (located in `tests/unit/UnitTestcase.php`). The file name and the test class it contains should be the same, and they _must_ end with `Test.php`.
+
+Examples are:
+
+* `tests/unit/includes/AccountTest.php`
+* `tests/unit/Lib/ActivityTest.php`
+
+The test classes contain one or more test functions, these must be public and prefixed with `test`.
+
+Here's an example:
+
+ use Zotlabs\Tests\Unit\UnitTestCase;
+
+ class AccountTest extends UnitTestCase {
+ public function test_get_account_by_id_returns_existing_account() {
+ $account = get_account_by_id(42);
+ $this->assertNotFalse($account);
+ $this->assertEquals(
+ $this->fixtures['account'][0]['account_email'],
+ $account['account_email']
+ );
+ }
+
+Notice that we try to make the name of the test funtion as descriptive as possible.
+
+The class can also contain any number of other functions to keep things tidy and nice. These can be private, protected or public as needed by the test code.
+
+Results and artifacts from the test runs will be left in the `tests/results/` directory. This will typically include the test log, code coverage report etc.
+
+### Hubzilla specific features
+
+#### Test database access:
+
+Ideally it should be able to test each part of the code in isolation, where any dependencies should be replaced by stubs, mocks or fakes.
+
+This is not feasible with a legacy codebase like Hubzilla, that has not been written with testability in mind. For this reason we use a separate test database, and make it available to the code under test using the same mechanisms as Hubzilla normally do.
+
+This means that any code that executes database queries will behave as normal when called by a test.
+
+To make this work we connect to the database before running each test function. We also load some initial data into the database to make sure things work as expected, and that we have a known state of the database when the test runs.
+
+When the test finishes, the test database is wiped clean, so that we have the same consistent state when the next test runs.
+
+All of this is handled by the `UnitTestCase` base class.
+
+#### Database fixtures:
+
+We need some predictable content in the database to set up things like logging, and other content that's useful in general for the tests. These are database fixtures that are loaded into the database for each test run.
+
+The database fixtures are located in the `tests/unit/include/dba/_files` directory, and consist of YAML files, where each file represents the content of a database table with the same name as the file itself.
+
+While database fixtures are nice to have, we try to keep the number of them as minimal as possible. It's usually better to add any content needed for a specific test in the test itself.
+
+#### Fakes:
+
+Fakes are classes that we can pass to the code under test that will look and (to the code under test) behave the same as the original class. These are useful when we're able to pass objects to the code under test, as we can control it completely from the test code.
+
+Fakes are located under the `tests/fakes` directory.
+
+## Writing your own tests
+
+To be done
+
+[PHPUnit]: https://phpunit.de
+[composer installed]: https://getcomposer.org/
+[Xdebug]: https://xdebug.org/ \ No newline at end of file
diff --git a/doc/en/developer/unorganized.md b/doc/en/developer/unorganized.md
new file mode 100644
index 000000000..5ba719226
--- /dev/null
+++ b/doc/en/developer/unorganized.md
@@ -0,0 +1,73 @@
+### To-be-organized information
+
+**Here is how you can join us.**
+
+First, get yourself a working git package on the system where you will be
+doing development.
+
+Create your own github account.
+
+You may fork/clone the Red repository from [https://framagit.org/hubzilla/core.git](https://framagit.org/hubzilla/core.git).
+
+Follow the instructions provided here: [http://help.github.com/fork-a-repo/](http://help.github.com/fork-a-repo/)
+to create and use your own tracking fork on github
+
+Then go to your github page and create a "Pull request" when you are ready
+to notify us to merge your work.
+
+
+**Important**
+
+Please pull in any changes from the project repository and merge them with your work **before** issuing a pull request. We reserve the right to reject any patch which results in a large number of merge conflicts. This is especially true in the case of language translations - where we may not be able to understand the subtle differences between conflicting versions.
+
+Also - **test your changes**. Don't assume that a simple fix won't break something else. If possible get an experienced Red developer to review the code.
+
+**How to theme Hubzilla**
+
+This is a short documentation on what I found while trying to modify Hubzilla's appearance.
+
+First, you'll need to create a new theme. This is in /view/theme, and I chose to copy 'redbasic' since it's the only available for now. Let's assume I named it .
+
+Oh, and don't forget to rename the _init function in /php/theme.php to be _init() instead of redbasic_init().
+
+At that point, if you need to add javascript or css files, add them to /js or /css, and then "register" them in _init() through head_add_js('file.js') and head_add_css('file.css').
+
+Now you'll probably want to alter a template. These can be found in in /view/tpl OR view//tpl. All you should have to do is copy whatever you want to tweak from the first place to your theme's own tpl directory.
+
+
+We're pretty relaxed when it comes to developers. We don't have a lot of rules. Some of us are over-worked and if you want to help we're happy to let you help. That said, attention to a few guidelines will make the process smoother and make it easier to work together. We have developers from across the globe with different abilities and different cultural backgrounds and different levels of patience. Our primary rule is to respect others. Sometimes this is hard and sometimes we have very different opinions of how things should work, but if everybody makes an effort, we'll get along just fine.
+
+**Here is how you can join us.**
+
+First, get yourself a working git package on the system where you will be
+doing development.
+
+Create your own github account.
+
+You may fork/clone the Red repository from [url=https://framagit.org/hubzilla/core.git]https://framagit.org/hubzilla/core.git[/url]
+
+Follow the instructions provided here: [url=http://help.github.com/fork-a-repo/]http://help.github.com/fork-a-repo/[/url]
+to create and use your own tracking fork on github
+
+Then go to your github page and create a "Pull request" when you are ready
+to notify us to merge your work.
+
+
+**Important**
+
+Please pull in any changes from the project repository and merge them with your work **before** issuing a pull request. We reserve the right to reject any patch which results in a large number of merge conflicts. This is especially true in the case of language translations - where we may not be able to understand the subtle differences between conflicting versions.
+
+Also - **test your changes**. Don't assume that a simple fix won't break something else. If possible get an experienced Red developer to review the code.
+
+Further documentation can be found at the Github wiki pages at: [url=https://github.com/friendica/red/wiki]https://github.com/friendica/red/wiki[/url]
+
+**Concensus Building**
+
+Code changes which fix an obvious bug are pretty straight-forward. For instance if you click "Save" and the thing you're trying to save isn't saved, it's fairly obvious what the intended behaviour should be. Often when developing feature requests, it may affect large numbers of community members and it's possible that other members of the community won't agree with the need for the feature, or with your proposed implementation. They may not see something as a bug or a desirable feature.
+
+We encourage consensus building within the community when it comes to any feature which might be considered controversial or where there isn't unanimous decision that the proposed feature is the correct way to accomplish the task. The first place to pitch your ideas is to [url=https://zothub.com/channel/one]Channel One[/url]. Others may have some input or be able to point out facets of your concept which might be problematic in our environment. But also, you may encounter opposition to your plan. This doesn't mean you should stop and/or ignore the feature. Listen to the concerns of others and try and work through any implementation issues.
+
+There are places where opposition cannot be resolved. In these cases, please consider making your feature **optional** or non-default behaviour that must be specifically enabled. This technique can often be used when a feature has significant but less than unanimous support. Those who desire the feature can turn it on and those who don't want it - will leave it turned off.
+
+If a feature uses other networks or websites and or is only seen as desirable by a small minority of the community, consider making the functionality available via an addon or plugin. Once again, those who don't desire the feature won't need to install it. Plugins are relatively easy to create and "hooks" can be easily added or modified if the current hooks do not do what is needed to allow your plugin to work.
+
diff --git a/doc/en/developer/zot_protocol.bb b/doc/en/developer/zot_protocol.bb
new file mode 100644
index 000000000..e9355bca8
--- /dev/null
+++ b/doc/en/developer/zot_protocol.bb
@@ -0,0 +1,478 @@
+[h3] What is Zot?[/h3]
+Zot is the revolutionary protocol that powers $Projectname, providing [b]communications[/b], [b]identity management[/b], and [b]access control[/b] across a fully [b]decentralised[/b] network of independent websites, often called "the grid". The resulting platform is a robust system that supports privacy and security while enabling the kind of rich web services typically seen only in centralized, proprietary solutions.
+
+Consider this typical scenario:
+
+Jaquelina wishes to share photos with Roberto from her blog at [b]jaquelina.org[/b], but to nobody else. Roberto maintains his own family hub at [b]roberto.net[/b] on a completely independent server. Zot allows Jaquelina to publish her photos using an [i]access control list (ACL)[/i] that includes only Roberto. That means that while Roberto can see the photos when he visits her blog, his brother Marco cannot, and neither can any of his other family members who have accounts on [b]roberto.net[/b].
+
+The magic in this scenario comes from the fact that Roberto never logged in to Jaquelina's website. Instead, he had to login only once using his password on his [i]own[/i] website at [b]roberto.net[/b]. When Roberto visits [b]jaquelina.org[/b], her hub seamlessly authenticates him by remotely querying his server in the background.
+
+It is not uncommon for servers to have technical problems or become inaccessible for a variety of reasons. Zot provides robustness for Roberto's online activities by allowing him to have [i]clones[/i] of his online identity, or [i]channel[/i], on multiple independent hubs. Imagine that Roberto's server crashes for some reason and he cannot log in there. He simply logs in to one of his clones at [b]gadfly.com[/b], a site operated by his friend Peter. Once authenticated at [b]gadfly.com[/b], Roberto can view Jaquelina's blog as before, without Jaquelina having to grant any additional access!
+
+[h4] Communications[/h4]
+Communications and social networking are an integral part of the grid. Any channel (and any services provided by that channel) can make full use of feature-rich social communications on a global scale. These communications may be public or private - and private communications comprise not only fully encrypted transport, but also encrypted storage to help protect against accidental snooping and disclosure by rogue system administrators and internet service providers.
+
+Zot supports a wide array of background services in the grid, from friend suggestions to directory services. New content and data updates are propagated in the background between hubs across the grid according to access control lists and permissions specified by both sender [i]and[/i] receiver channels. Data is also synchronized between an arbitrary number of channel clones, allowing hub members to access data and continue collaborating seamlessly in the event that their primary hub is inaccessible or offline.
+
+[h4] Identity [/h4]
+Zot's identity layer is unique. It provides [b]invisible single sign-on[/b] across all sites in the grid.
+
+It also provides [b]nomadic identity[/b], so that your communications with friends, family, and or anyone else you're communicating with won't be affected by the loss of your primary communication node - either temporarily or permanently.
+
+The important bits of your identity and relationships can be backed up to a thumb drive, or your laptop, and may appear at any node in the grid at any time - with all your friends and preferences intact.
+
+Crucially, these nomadic instances are kept in sync so any instance can take over if another one is compromised or damaged. This protects you against not only major system failure, but also temporary site overloads and governmental manipulation or censorship.
+
+Nomadic identity, single sign-on, and $Projectname's decentralisation of hubs, we believe, introduce a high degree of degree of [b]resiliency[/b] and [b]persistence[/b] in internet communications, that are sorely needed amidst global trends towards corporate centralization, as well as mass and indiscriminate government surveillance and censorship.
+
+As you browse the grid, viewing channels and their unique content, you are seamlessly authenticated as you go, even across completely different server hubs. No passwords to enter. Nothing to type. You're just greeted by name on every new site you visit.
+
+How does Zot do that? We call it [b]magic-auth[/b], because $Projectname hides the details of the complexities that go into single sign-on logins, and nomadic identities, from the experience of browsing on the grid. This is one of the design goals of $Projectname: to increase privacy, and freedom on the web, while reducing the complexity and tedium brought by the need to enter new passwords and login names for every different sight that someone might visit online. You login only once on your home hub (or any nomadic backup hub you have chosen). This allows you to access any authenticated services provided anywhere in the grid - such as shopping, blogs, forums, and access to private information. Your password isn't stored on a thousand different sites; it is stored on servers that you control or that you have chosen to trust.
+
+You cannot be silenced. You cannot be removed from the grid unless you yourself choose to exit it.
+
+[h4] Access Control[/h4]
+Zot's identity layer allows you to provide fine-grained permissions to any content you wish to publish - and these permissions extend across the grid. This is like having one super huge website made up of an army of small individual websites - and where each channel in the grid can completely control their privacy and sharing preferences for any web resources they create.
+
+Currently, $Projectname supports access control for many types of data, including post/comment discussion threads, photo albums, events, cloud files, web pages, wikis, and more. Every object and how it is shared and with whom is completely under your control.
+
+This type of control is trivial on large corporate providers because they own the user database. Within the grid, there is no need for a huge user database on your machine - because the grid [b]is[/b] your user database. It has what is essentially infinite capacity (limited by the total number of hubs online across the internet), and is spread amongst hundreds, and potentially millions of computers.
+
+Access can be granted or denied for any resource, to any channel, or any group of channels; anywhere within the grid. Others can access your content if you permit them to do so, and they do not even need to have an account on your hub.
+
+[h3]Technical Introduction[/h3]
+Zot is a JSON-based web framework for implementing secure decentralised communications and services. In order to provide this functionality, Zot creates a decentralised globally unique identifier for each hub on the network. This global identifier is not linked inextricably to DNS, providing the requisite mobility. Many existing decentralised communications frameworks provide the communication aspect, but do not provide remote access control and authentication. Additionally most of these are based on 'webfinger', which still binds identity to domain names and cannot support nomadic identity.
+
+The primary issues Zot addresses are
+
+[list]
+[*] completely decentralised communications
+[*] independence from DNS-based identity
+[*] node mobility
+[*] seamless remote authentication
+[*] high performance
+[/list]
+We will rely on DNS-based user@host addresses as a "user-friendly" mechanism to let people know where you are, specifically on a named host with a given username, and communication will be carried out to DNS entities using TCP and the web.
+
+But the underlying protocol will provide an abstraction layer on top of this, so that a communications node (e.g. "identity") can move to an alternate DNS location and (to the best of our ability) gracefully recover from site re-locations and/or maintain pre-existing communication relationships. A side effect of this requirement is the ability to communicate from alternate/multiple DNS locations and service providers and yet maintain a single online identity.
+
+We will call this overlay network the "grid". Servers attached to this network are known as "hubs" and may support any number of individual identities.
+
+An identity does not necessarily correspond to a person. It is just something which requires the ability to communicate within the grid.
+
+The ability to recover will be accomplished by communication to the original location when creating a new or replacement identity, or as a fallback from a stored file describing the identity and their contacts in the case where the old location no longer responds.
+
+At least on the short term, the mobility of existing content is not a top priority. This may or may not take place at a later stage. The most important things we want to keep are your identity and your friends.
+
+Addresses which are shared amongst people are user@host, and which describe the [b]current[/b] local account credentials for a given identity. These are DNS based addresses and used as a seed to locate a given identity within the grid. The machine communications will bind this address to a globally unique ID. A single globally unique ID may be attached or bound to any number of DNS locations. Once an identity has been mapped or bound to a DNS location, communications will consist of just knowing the globally unique address, and what DNS (url) is being used currently (in order to call back and verify/complete the current communication). These concepts will be specified in better detail.
+
+In order for an identity to persist across locations, one must be able to provide or recover
+
+[list]
+[*] the globally unique ID for that identity
+[*] the private key assigned to that identity
+[*] (if the original server no longer exists) an address book of contacts for that identity.
+[/list]
+This information will be exportable from the original server via API, and/or downloadable to disk or thumb-drive.
+
+We may also attempt to recover with even less information, but doing so is prone to account hijacking and will require that your contacts confirm the change.
+
+In order to implement high performance communications, the data transfer format for all aspects of Zot is JSON. XML communications require way too much overhead.
+
+Bi-directional encryption is based on RSA 4096-bit keys expressed in DER/ASN.1 format using the PKCS#8 encoding variant, with AES encryption of variable length or large items. The precise encryption algorithms are negotiable between sites.
+
+Some aspects of well known "federation protocols" (webfinger, salmon, activitystreams, portablecontacts, etc.) may be used in zot, but we are not tied to them and will not be bound by them. $Projectname project is attempting some rather novel developments in decentralised communications and if there is any need to diverge from such "standard protocols" we will do so without question or hesitation.
+
+In order to create a globally unique ID, we will base it on a whirlpool hash of the identity URL of the origination node and a psuedo-random number, which should provide us with a 256 bit ID with an extremely low probability of collision (256 bits represents approximately 115 quattuorviginitillion or 1.16 X 10^77 unique numbers). This will be represented in communications as a base64url-encoded string. We will not depend on probabilities however and the ID must also be attached to a public key with public key cryptography used to provide an assurance of identity which has not been copied or somehow collided in whirlpool hash space.
+
+Basing this ID on DNS provides a globally unique seed, which would not be the case if it was based completely on psuedo-random number generation.
+
+We will refer to the encoded globally unique uid string as zot_uid
+
+As there may be more than one DNS location attached/bound to a given zot_uid identity, delivery processes should deliver to all of them - as we do not know for sure which hub instance may be accessed at any given time. However we will designate one DNS location as "primary" and which will be the preferred location to view web profile information.
+
+We must also provide the ability to change the primary to a new location. A look-up of information on the current primary location may provide a "forwarding pointer" which will tell us to update our records and move everything to the new location. There is also the possibility that the primary location is defunct and no longer responding. In that case, a location which has already been mapped to this zot_uid can seize control, and declare itself to be primary. In both cases the primary designation is automatically approved and moved. A request can also be made from a primary location which requests that another location be removed.
+
+In order to map a zot_uid to a second (or tertiary) location, we require a secure exchange which verifies that the new location is in possession of the private key for this zot_uid. Security of the private key is thus essential to avoid hijacking of identities.
+
+Communications will then require
+[list]
+[*] zot_uid (string)
+[*] uid_sig
+[*] callback (current location Zot endpoint url)
+[*] callback_sig
+[*] spec (int)
+[/list]
+passed with every communique. The spec is a revision number of the applicable Zot spec so that communications can be maintained with hubs using older and perhaps incompatible protocol specifications. Communications are verified using a stored public key which was copied when the connection to this zot_uid was first established.
+
+Key revocation and replacement must take place from the primary hub. The exact form for this is still being worked out, but will likely be a notification to all other bound hubs to "phone home" (to the primary hub) and request a copy of the new key. This communique should be verified using a site or hub key; as the original identity key may have been compromised and cannot be trusted.
+
+In order to eliminate confusion, there should be exactly one canonical url for any hub, so that these can be indexed and referenced without ambiguity.
+
+So as to avoid ambiguity of scheme, it is strongly encouraged that all addresses to be https with a "browser valid" cert and a single valid host component (either www.domain.ext or domain.ext, but not both), which is used in all communications. Multiple URLs may be provided locally, but only one unique URL should be used for all Zot communications within the grid.
+
+Test installation which do not connect to the public grid may use non-SSL, but all traffic flowing over public networks should be safe from session-hijacking, preferably with a "browser recognised" cert.
+
+Where possible, Zot encourages the use of "batching" to minimise network traffic between two hubs. This means that site 'A' can send multiple messages to site 'B' in a single transaction, and also consolidate deliveries of identical messages to multiple recipients on the same hub.
+
+Messages themselves may or may not be encrypted in transit, depending on the private nature of the messages. SSL (strongly encouraged) provides unconditional encryption of the data stream, however there is little point in encrypting public communications which have been designated as having unrestricted visibility. The encryption of data storage and so-called "end-to-end encryption" is outside the scope of zot. It is presumed that hub operators will take adequate safeguards to ensure the security of their data stores and these are functions of application and site integrity as opposed to protocol integrity.
+
+
+[h4]Messages[/h4]
+
+Given the constraints listed previously, a Zot communique should therefore be a json array of individual messages. These can be mixed and combined within the same transmission.
+
+Each message then requires:
+[list]
+[*] type
+[*] (optional) recipient list
+[/list]
+Lack of a recipient list would indicate an unencrypted public or site level message. The recipient list would contain an array of zot_uid with an individual decryption key, and a common iv. The decryption key is encoded with the recipient identity's public key. The iv is encrypted with the sender's private key.
+
+All messages should be digitally signed by the sender.
+
+The type can be one of (this list is extensible):
+[list]
+[*] post (or activity)
+[*] mail
+[*] identity
+[*] authenticate
+[/list]
+Identity messages have no recipients and notify the system social graph of an identity update, which could be a new or deleted identity, a new or deleted location, or a change in primary hub. The signature for these messages uses system keys as opposed to identity-specific keys.
+
+Posts include many different types of activities, such as top-level posts, likes/dislikes, comments, tagging activities, etc. These types are indicated within the message sturcture.
+
+authenticate messages result in mutual authentication and browser redirect to protected resources on the remote hub such as the ability to post wall-to-wall messages and view private photo albums and events, etc.
+
+[h4]Discovery[/h4]
+
+A well-known url is used to probe a hub for Zot capabilities and identity lookups, including the discovery of public keys, profile locations, profile photos, and primary hub location.
+
+The location for this service is /.well-known/zot-info - and must be available at the root of the chosen domain.
+
+To perform a lookup, a POST request is made to the discovery location with the following parameters:
+
+Required:
+
+address => an address on the target system such as "john"
+
+Optional
+
+target => the Zot "guid" of the observer for evaluating permissions
+
+target_sig => an RSA signature (base64url encoded) of the guid
+
+key => The public key needed to verify the signature
+
+token => a string (possibly random) chosen by the requesting service. If provided, an entry in the discovered packet will be provided called 'signed_token' which consists of the base64url_encoded RSA signature of the concatenation of the string 'token.' and the provided token using the private key of the discovered channel. This can be verified using the provided 'key' entry, and provides assurance that the server is in possession of the private key for the discovered identity. After 2017-01-01 it is [b]required[/b] that a server provide a signed_token [i]if[/i] a token was provided in the request.
+
+With no target provided, the permissions returned will be generic permissions
+for unknown or unauthenticated observers
+
+Example of discovery packet for 'mike@zothub.com'
+[code nowrap]
+ {
+
+ "success": true,
+ "signed_token": "KBJrKTq1qrctNuxF3GwVh3GAGRqmgkirlXANPcJZAeWlvSt_9TMV097slR4AYnYCBEushbVqHEJ9Rb5wHTa0HzMbfRo8cRdl2yAirvvv5d98dtwHddQgX1jB0xEypXtmIYMdPGDLvhI1RNdIBhHkkrRcNreRzoy4xD--HM6m1W0-A8PJJJ9BcNxmGPcBtLzW08wzoP9trJ3M7DQ6Gkk6j7iwVsyApw1ZBaDvabGTdc_SFV-Iegtqw3rjzT_xXWsfzMlKBy-019MYn_KS-gu23YzjvGu5tS_zDfkQb8DMUlPLz5yyxM0yOMlUDtG2qQgIJAU2O0X6T5xDdJ6mtolNyhepg845PvFDEqBQGMIH1nc47CNumeudDi8IWymEALhjG_U8KAK7JVlQTJj2EKUb0au1g6fpiBFab5mmxCMtZEX3Jreyak5GOcFFz-WpxuXJD9TdSoIvaBfBFOoJnXkg2zE4RHXeQzZ2FotmrbBG5dm8B-_6byYGoHBc08ZsWze1K96JIeRnLpBaj6ifUDcVHxZMPcGHHT27dvU2PNbgLiBjlAsxhYqkhN5qOHN8XBcg2KRjcMBaI3V0YMxlzXz5MztmZq3fcB1p-ccIoIyMPMzSj3yMB7J9CEU2LYPSTHMdPkIeDE6GaCkQKviaQQJQde346tK_YjA2k7_SOBmvPYE",
+ "guid": "sebQ-IC4rmFn9d9iu17m4BXO-kHuNutWo2ySjeV2SIW1LzksUkss12xVo3m3fykYxN5HMcc7gUZVYv26asx-Pg",
+ "guid_sig": "Llenlbl4zHo6-g4sa63MlQmTP5dRCrsPmXHHFmoCHG63BLq5CUZJRLS1vRrrr_MNxr7zob_Ykt_m5xPKe5H0_i4pDj-UdP8dPZqH2fqhhx00kuYL4YUMJ8gRr5eO17vsZQ3XxTcyKewtgeW0j7ytwMp6-hFVUx_Cq08MrXas429ZrjzaEwgTfxGnbgeQYQ0R5EXpHpEmoERnZx77VaEahftmdjAUx9R4YKAp13pGYadJOX5xnLfqofHQD8DyRHWeMJ4G1OfWPSOlXfRayrV_jhnFlZjMU7vOdQwHoCMoR5TFsRsHuzd-qepbvo3pzvQZRWnTNu6oPucgbf94p13QbalYRpBXKOxdTXJrGdESNhGvhtaZnpT9c1QVqC46jdfP0LOX2xrVdbvvG2JMWFv7XJUVjLSk_yjzY6or2VD4V6ztYcjpCi9d_WoNHruoxro_br1YO3KatySxJs-LQ7SOkQI60FpysfbphNyvYMkotwUFI59G08IGKTMu3-GPnV1wp7NOQD1yzJbGGEGSEEysmEP0SO9vnN45kp3MiqbffBGc1r4_YM4e7DPmqOGM94qksOcLOJk1HNESw2dQYWxWQTBXPfOJT6jW9_crGLMEOsZ3Jcss0XS9KzBUA2p_9osvvhUKuKXbNztqH0oZIWlg37FEVsDs_hUwUJpv2Ar09k4",
+ "key": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7QCwvuEIwCHjhjbpz3Oc\ntyei/Pz9nDksNbsc44Cm8jxYGMXsTPFXDZYCcCB5rcAhPPdZSlzaPkv4vPVcMIrw\n5cdX0tvbwa3rNTng6uFE7qkt15D3YCTkwF0Y9FVZiZ2Ko+G23QeBt9wqb9dlDN1d\nuPmu9BLYXIT/JXoBwf0vjIPFM9WBi5W/EHGaiuqw7lt0qI7zDGw77yO5yehKE4cu\n7dt3SakrXphL70LGiZh2XGoLg9Gmpz98t+gvPAUEotAJxIUqnoiTA8jlxoiQjeRK\nHlJkwMOGmRNPS33awPos0kcSxAywuBbh2X3aSqUMjcbE4cGJ++/13zoa6RUZRObC\nZnaLYJxqYBh13/N8SfH7d005hecDxWnoYXeYuuMeT3a2hV0J84ztkJX5OoxIwk7S\nWmvBq4+m66usn6LNL+p5IAcs93KbvOxxrjtQrzohBXc6+elfLVSQ1Rr9g5xbgpub\npSc+hvzbB6p0tleDRzwAy9X16NI4DYiTj4nkmVjigNo9v2VPnAle5zSam86eiYLO\nt2u9YRqysMLPKevNdj3CIvst+BaGGQONlQalRdIcq8Lin+BhuX+1TBgqyav4XD9K\nd+JHMb1aBk/rFLI9/f2S3BJ1XqpbjXz7AbYlaCwKiJ836+HS8PmLKxwVOnpLMbfH\nPYM8k83Lip4bEKIyAuf02qkCAwEAAQ==\n-----END PUBLIC KEY-----\n",
+ "name": "Mike Macgirvin",
+ "name_updated": "2012-12-06 04:59:13",
+ "address": "mike@zothub.com",
+ "photo_mimetype": "image/jpeg",
+ "photo": "https://zothub.com/photo/profile/l/1",
+ "photo_updated": "2012-12-06 05:06:11",
+ "url": "https://zothub.com/channel/mike",
+ "connections_url": "https://zothub.com/poco/mike",
+ "target": "",
+ "target_sig": "",
+ "searchable": false,
+ "permissions": {
+ "view_stream": true,
+ "view_profile": true,
+ "view_photos": true,
+ "view_contacts": true,
+ "view_storage": true,
+ "view_pages": true,
+ "send_stream": false,
+ "post_wall": false,
+ "post_comments": false,
+ "post_mail": false,
+ "post_photos": false,
+ "tag_deliver": false,
+ "chat": false,
+ "write_storage": false,
+ "write_pages": false,
+ "delegate": false
+ },
+ "profile": {
+ "description": "Freedom Fighter",
+ "birthday": "0000-05-14",
+ "next_birthday": "2013-05-14 00:00:00",
+ "gender": "Male",
+ "marital": "It's complicated",
+ "sexual": "Females",
+ "locale": "",
+ "region": "",
+ "postcode": "",
+ "country": "Australia"
+ },
+ "locations": [
+ {
+ "host": "zothub.com",
+ "address": "mike@zothub.com",
+ "primary": true,
+ "url": "https://zothub.com",
+ "url_sig": "eqkB_9Z8nduBYyyhaSQPPDN1AhSm5I4R0yfcFxPeFpuu17SYk7jKD7QzvmsyahM5Kq7vDW6VE8nx8kdFYpcNaurqw0_IKI2SWg15pGrhkZfrCnM-g6A6qbCv_gKCYqXvwpSMO8SMIO2mjQItbBrramSbWClUd2yO0ZAceq3Z_zhirCK1gNm6mGRJaDOCuuTQNb6D66TF80G8kGLklv0o8gBfxQTE12Gd0ThpUb5g6_1L3eDHcsArW_RWM2XnNPi_atGNyl9bS_eLI2TYq0fuxkEdcjjYx9Ka0-Ws-lXMGpTnynQNCaSFqy-Fe1aYF7X1JJVJIO01LX6cCs-kfSoz29ywnntj1I8ueYldLB6bUtu4t7eeo__4t2CUWd2PCZkY3PKcoOrrnm3TJP5_yVFV_VpjkcBCRj3skjoCwISPcGYrXDufJxfp6bayGKwgaCO6QoLPtqqjPGLFm-fbn8sVv3fYUDGilaR3sFNxdo9mQ3utxM291XE2Pd0jGgeUtpxZSRzBuhYeOybu9DPusID320QbgNcbEbEImO8DuGIxuVRartzEXQF4WSYRdraZzbOqCzmU0O55P836JAfrWjgxTQkXlYCic-DBk-iE75JeT72smCtZ4AOtoFWCjZAABCw42J7JELY9APixZXWriKtjy6JI0G9d3fs6r7SrXr1JMy0",
+ "callback": "https://zothub.com/post",
+ "sitekey": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1IWXwd/BZuevq8jzNFoR\n3VkenduQH2RpR3Wy9n4+ZDpbrUKGJddUGm/zUeWEdKMVkgyllVA/xHdB7jdyKs1X\nuIet9mIdnzvhdLO/JFD5hgbNG2wpSBIUY6aSNeCFTzszqXmuSXMW5U0Ef5pCbzEA\nnhoCoGL1KAgPqyxnGKUlj7q2aDwC9IRNtAqNyFQL67oT91vOQxuMThjlDhbR/29Q\ncYR4i1RzyahgEPCnHCPkT2GbRrkAPjNZAdlnk9UesgP16o8QB3tE2j50TVrbVc/d\nYRbzC56QMPP9UgUsapNeSJBHji75Ip/E5Eg/kfJC/HEQgyCqjCGfb7XeUaeQ7lLO\nqc7CGuMP+Jqr/cE54/aSHg8boTwxkMp11Ykb+ng17fl57MHTM2RJ99qZ1KBkXezR\nuH1lyvjzeJPxEFr9rkUqc4GH74/AgfbgaFvQc8TS7ovEa5I/7Pg04m7vLSEYc6UF\nYJYxXKrzmZT2TDoKeJzaBBx5MFLhW19l68h9dQ8hJXIpTP0hJrpI+Sr6VUAEfFQC\ndIDRiFcgjz6j7T/x8anqh63/hpsyf2PMYph1+4/fxtSCWJdvf+9jCRM8F1IDfluX\n87gm+88KBNaklYpchmGIohbjivJyru41CsSLe0uinQFvA741W00w6JrcrOAX+hkS\nRQuK1dDVwGKoIY85KtTUiMcCAwEAAQ==\n-----END PUBLIC KEY-----\n"
+ }
+ ],
+ "site": {
+ "url": "https://zothub.com",
+ "directory_mode": "primary",
+ "directory_url": "https://zothub.com/dirsearch"
+ }
+
+ }
+[/code]
+
+
+Discovery returns a JSON array with the following components:
+
+'success' => (true or false) Operation was successful if true. Otherwise an optional 'message' may be present indicating the source of error.
+
+'signed_token' => If a token parameter was provided in the request, it is prepended with the text 'token.' and then RSA signed with the channel private key and base64url encoded and returned as 'signed_token'.
+
+'guid' => the guid of the address on the target system
+
+'guid_sig' => the base64url encoded RSA signature of the guid, signed with the private key associated with that guid.
+
+'key' => the public key associated with that guid
+
+'name' => channel name
+
+'name_updated' => MySQL style timestamp '2012-01-01 00:00:00' when the name was last changed (UTC)
+
+'address' => "webbie" or user@host address associated with this channel
+
+'photo' => URL of a profile photo for this channel (ideally 175x175)
+
+'photo_mimetype' => content-type of the profile photo
+
+'photo_updated' => MySQL style timestamp when photo was last updated (UTC)
+
+'url' => location of channel homepage
+
+'connections_url' => location of Portable Contacts (extended for zot) URL for this channel
+
+'target' => if a permissions target was specified, it is mirrored
+
+'target_sig' => if a permissions target was specified, the signature is mirrored.
+
+'searchable' => (true or false) true indicates this entry can be searched in a directory
+
+[h5]Permissions[/h5]
+
+'permissions' => extensible array of permissions appropriate to this target, values are true or false
+
+ Permissions may include:
+[list]
+[*] view_stream
+[*] view_profile
+[*] view_photos
+[*] view_contacts
+[*] view_storage
+[*] view_pages
+[*] send_stream
+[*] post_wall
+[*] post_comments
+[*] post_mail
+[*] post_photos
+[*] tag_deliver
+[*] chat
+[*] write_storage
+[*] write_pages
+[*] delegate
+[/list]
+
+
+[h5]Profile[/h5]
+
+
+'profile' => array of important profile fields
+[list]
+[*] description
+[*] birthday YYYY-MM-DD , all fields are optional, any field (such as year) may be zero
+[*] next_birthday => MySQL datetime string representing the next upcoming birthday, converted from the channel's default timezone to UTC.
+[*] gender (free form)
+[*] marital (marital status)
+[*] sexual (preference)
+[*] locale (city)
+[*] region (state)
+[*] postcode
+[*] country
+[/list]
+
+[h5]Locations[/h5]
+
+
+'locations' => array of registered locations (DNS locations) this channel may be visible or may be posting from
+
+Each location is an array of
+
+'host' => DNS hostname, e.g. example.com
+
+'address' => the webbie or user@host identifier associated with this location
+
+'primary' => (true or false) whether or not this is the primary location for this channel where files and web pages are generally found
+
+'url' => url of the root of this DNS location e.g. https://example.com
+
+'url_sig' => base64url encoded RSA signature of the URL, signed with the channel private key
+
+'callback' => Zot communications endpoint on this site, usually https://example.com/post
+
+'sitekey' => public key of this site/host
+
+
+[h5]Site[/h5]
+
+
+'site' => array providing the directory role of the site responding to this request
+
+'url' => url of this site e.g. https://example.com
+
+'directory_mode' => one of 'primary', 'secondary', 'normal', or 'standalone'
+
+'directory_url' => if this is a directory server or standalone, the URL for the directory search module
+
+
+
+[h3]Magic Auth[/h3]
+
+So-called "magic auth" takes place by a special exchange. On the remote computer, a redirection is made to the Zot endpoint with special GET parameters.
+
+Endpoint: https://example.com/post/name
+
+where 'name' is the left hand side of the channel webbie, for instance 'mike' where the webbie is 'mike@zothub.com'
+
+Additionally four parameters are supplied:
+[list]
+[*] auth => the webbie of the person requesting access
+[*] dest => the desired destination URL (urlencoded)
+[*] sec => a random string which is also stored locally for use during the verification phase.
+[*] version => the Zot revision
+[/list]
+When this packet is received, a Zot message is initiated to the auth identity:
+
+[code nowrap]
+ {
+ "type":"auth_check",
+ "sender":{
+ "guid":"kgVFf_1_SSbyqH-BNWjWuhAvJ2EhQBTUdw-Q1LwwssAntr8KTBgBSzNVzUm9_RwuDpxI6X8me_QQhZMf7RfjdA",
+ "guid_sig":"PT9-TApzpm7QtMxC63MjtdK2nUyxNI0tUoWlOYTFGke3kNdtxSzSvDV4uzq_7SSBtlrNnVMAFx2_1FDgyKawmqVtRPmT7QSXrKOL2oPzL8Hu_nnVVTs_0YOLQJJ0GYACOOK-R5874WuXLEept5-KYg0uShifsvhHnxnPIlDM9lWuZ1hSJTrk3NN9Ds6AKpyNRqf3DUdz81-Xvs8I2kj6y5vfFtm-FPKAqu77XP05r74vGaWbqb1r8zpWC7zxXakVVOHHC4plG6rLINjQzvdSFKCQb5R_xtGsPPfvuE24bv4fvN4ZG2ILvb6X4Dly37WW_HXBqBnUs24mngoTxFaPgNmz1nDQNYQu91-ekX4-BNaovjDx4tP379qIG3-NygHTjFoOMDVUvs-pOPi1kfaoMjmYF2mdZAmVYS2nNLWxbeUymkHXF8lT_iVsJSzyaRFJS1Iqn7zbvwH1iUBjD_pB9EmtNmnUraKrCU9eHES27xTwD-yaaH_GHNc1XwXNbhWJaPFAm35U8ki1Le4WbUVRluFx0qwVqlEF3ieGO84PMidrp51FPm83B_oGt80xpvf6P8Ht5WvVpytjMU8UG7-js8hAzWQeYiK05YTXk-78xg0AO6NoNe_RSRk05zYpF6KlA2yQ_My79rZBv9GFt4kUfIxNjd9OiV1wXdidO7Iaq_Q",
+ "url":"http:\/\/podunk.edu",
+ "url_sig":"T8Bp7j5DHHhQDCFcAHXfuhUfGk2P3inPbImwaXXF1xJd3TGgluoXyyKDx6WDm07x0hqbupoAoZB1qBP3_WfvWiJVAK4N1FD77EOYttUEHZ7L43xy5PCpojJQmkppGbPJc2jnTIc_F1vvGvw5fv8gBWZvPqTdb6LWF6FLrzwesZpi7j2rsioZ3wyUkqb5TDZaNNeWQrIEYXrEnWkRI_qTSOzx0dRTsGO6SpU1fPWuOOYMZG8Nh18nay0kLpxReuHCiCdxjXRVvk5k9rkcMbDBJcBovhiSioPKv_yJxcZVBATw3z3TTE95kGi4wxCEenxwhSpvouwa5b0hT7NS4Ay70QaxoKiLb3ZjhZaUUn4igCyZM0h6fllR5I6J_sAQxiMYD0v5ouIlb0u8YVMni93j3zlqMWdDUZ4WgTI7NNbo8ug9NQDHd92TPmSE1TytPTgya3tsFMzwyq0LZ0b-g-zSXWIES__jKQ7vAtIs9EwlPxqJXEDDniZ2AJ6biXRYgE2Kd6W_nmI7w31igwQTms3ecXe5ENI3ckEPUAq__llNnND7mxp5ZrdXzd5HHU9slXwDShYcW3yDeQLEwAVomTGSFpBrCX8W77n9hF3JClkWaeS4QcZ3xUtsSS81yLrp__ifFfQqx9_Be89WVyIOoF4oydr08EkZ8zwlAsbZLG7eLXY"
+ },
+ "recipients":{
+ {
+ "guid":"ZHSqb3yGar3TYV_o9S-JkD-6o_V4DhUcxtv0VeyX8Kj_ENHPI_M3SyAUucU835-mIayGMmTpqJz3ujPkcavVhA",
+ "guid_sig":"JsAAXigNghTkkbq8beGMJjj9LBKZn28hZ-pHSsoQuwYWvBJ2lSnfc4r9l--WgO6sucH-SR6RiBo78eWn1cZrh_cRMu3x3LLx4y-tjixg-oOOgtZakkBg4vmOhkKPkci0mFtzvUrpY4YHySqsWTuPwRx_vOlIYIGEY5bRXpnkNCoC8J4EJnRucDrgSARJvA8QQeQQL0H4mWEdGL7wlsZp_2VTC6nEMQ48Piu6Czu5ThvLggGPDbr7PEMUD2cZ0jE4SeaC040REYASq8IdXIEDMm6btSlGPuskNh3cD0AGzH2dMciFtWSjmMVuxBU59U1I6gHwcxYEV6BubWt_jQSfmA3EBiPhKLyu02cBMMiOvYIdJ3xmpGoMY1Cn__vhHnx_vEofFOIErb6nRzbD-pY49C28AOdBA5ffzLW3ss99d0A-6GxZmjsyYhgJu4tFUAa7JUl84tMbq28Tib0HW6qYo6QWw8K1HffxcTpHtwSL5Ifx0PAoGMJsGDZDD1y_r9a4vH5pjqmGrjL3RXJJUy-m4eLV5r7xMWXsxjqu3D8r04_dcw4hwwexpMT1Nwf8CTB0TKb8ElgeOpDFjYVgrqMYWP0XdhatcFtAJI7gsS-JtzsIwON9Kij66-VAkqy_z1IXI0ziyqV1yapSVYoUV1vMScRZ_nMqwiB5rEDx-XLfzko"
+ }
+ }
+ "callback":"\/post",
+ "version":1,
+ "secret":"1eaa6613699be6ebb2adcefa5379c61a3678aa0df89025470fac871431b70467",
+ "secret_sig":"eKV968b1sDkOVdSMi0tLRtOhQw4otA8yFKaVg6cA4I46_zlAQGbFptS-ODiZlSAqR7RiiZQv4E2uXCKar52dHo0vvNKbpOp_ezWYcwKRu1shvAlYytsflH5acnDWL-FKOOgz5zqLLZ6cKXFMoR1VJGG_Od-DKjSwajyV9uVzTry58Hz_w0W2pjxwQ-Xv11rab5R2O4kKSW77YzPG2R5E6Q7HN38FrLtyWD_ai3K9wlsFOpwdYC064dk66X7BZtcIbKtM6zKwMywcfJzvS5_0U5yc5GGbIY_lY6SViSfx9shOKyxkEKHfS29Ynk9ATYGnwO-jnlMqkJC7t149H-sI9hYWMkLuCzaeLP56k2B2TmtnYvE_vHNQjzVhTwuHCIRVr-p6nplQn_P3SkOpYqPi3k_tnnOLa2d3Wtga8ClEY90oLWFJC3j2UkBf_VEOBNcg-t5XO3T-j9O4Sbk96k1Qoalc-QlznbGx4bOVsGkRBBMiH4YUqiiWB_OkFHtdqv7dqGeC-u-B4u9IxzYst46vvmyA3O-Q4APSZ1RY8ITUH0jLTbh6EAV7Oki8pIbOg0t56p-8RlanOZqmFvR-grVSc7Ak1ZcD8NACmvidUpa1B7WEvRcOeffx9lype0bt5XenDnMyx6szevwxZIiM8qGM2lsSk4fu8HI9cW0mLywzZT0"
+ }
+[/code]
+
+auth_check messages MUST be encrypted. This message is sent to the origination site, which checks the 'secret' to see if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the destination channel's private key and base64url encoded. If everything checks out, a json packet is returned:
+[code nowrap]
+ {
+ "success":1,
+ "confirm":"q0Ysovd1uQRsur2xG9Tg6bC23ynzw0191SkVd7CJcYoaePy6e_v0vnmPg2xBUtIaHpx_aSuhgAkd3aVjPeaVBmts6aakT6a_yAEy7l2rBydntu2tvrHhoVqRNOmw0Q1tI6hwobk1BgK9Pm0lwOeAo8Q98BqIJxf47yO9pATa0wktOg6a7LMogC2zkkhwOV5oEqjJfeHeo27TiHr1e2WaphfCusjmk27V_FAYTzw05HvW4SPCx55EeeTJYIwDfQwjLfP4aKV-I8HQCINt-2yxJvzH7Izy9AW-7rYU0Il_gW5hrhIS5MTM12GBXLVs2Ij1CCLXIs4cO0x6e8KEIKwIjf7iAu60JPmnb_fx4QgBlF2HLw9vXMwZokor8yktESoGl1nvf5VV5GHWSIKAur3KPS2Tb0ekNh-tIk9u-xob4d9eIf6tge_d3aq1LcAtrDBDLk8AD0bho5zrVuTmZ9k-lBVPr_DRHSV_dlpu088j3ThaBsuV1olHK3vLFRhYCDIO0CqqK5IuhqtRNnRaqhlNN6fQUHpXk2SwHiJ2W36RCYMTnno6ezFk_tN-RA2ly-FomNZoC5FPA9gFwoJR7ZmVFDmUeK3bW-zYTA5vu15lpBPnt7Up_5rZKkr0WQVbhWJmylqOuwuNWbn3SrMQ8rYFZ23Tv300cOfKVgRBaePWQb4"
+ }
+[/code]
+'confirm' in this case is the base64url encoded RSA signature of the concatenation of 'secret' with the base64url encoded whirlpool hash of the source guid and guid_sig; signed with the source channel private key. This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login.
+
+[h3]Zot Structures[/h3]
+[h4]Zot Signatures[/h4]
+All signed data in Zot is accomplished by performing an RSA sign operation using the private key of the initiator. The binary result is then base64url encoded for transport.
+[h4]Zot Encryption[/h4]
+Encryption is currently provided by AES256CTR. Additional algorithms MAY be supported. A 32-octet key and 16-octet initialisation vector are randomly generated. The desired data is then encrypted using these generated strings and the result base64url encoded. Then we build an array:
+
+[dl terms="b"]
+[*= data]The base64url encoded encrypted data
+[*= alg]The chosen algorithm, in this case the string 'aes256ctr'.
+[*= key]The randomly generated key, RSA encrypted using the recipients public key, and the result base64url encoded
+[*= iv]The randomly generated initialization vector, RSA encrypted using the recipient's public key, and the result base64url encoded
+[/dl]
+
+[h4]Basic Zot Packet[/h4]
+Used for initiating a dialogue with another Zot site. This packet MAY be encrypted. The presence of an array element 'iv' indicates encryption has been applied. When sending an 'auth_check' packet type, this packet MUST be encrypted, using the public key of the destination site (the site key, as opposed to a sender key).
+
+[code nowrap]
+ {
+ "type":"notify",
+ "sender":{
+ "guid":"kgVFf_1_SSbyqH-BNWjWuhAvJ2EhQBTUdw-Q1LwwssAntr8KTBgBSzNVzUm9_RwuDpxI6X8me_QQhZMf7RfjdA",
+ "guid_sig":"PT9-TApzpm7QtMxC63MjtdK2nUyxNI0tUoWlOYTFGke3kNdtxSzSvDV4uzq_7SSBtlrNnVMAFx2_1FDgyKawmqVtRPmT7QSXrKOL2oPzL8Hu_nnVVTs_0YOLQJJ0GYACOOK-R5874WuXLEept5-KYg0uShifsvhHnxnPIlDM9lWuZ1hSJTrk3NN9Ds6AKpyNRqf3DUdz81-Xvs8I2kj6y5vfFtm-FPKAqu77XP05r74vGaWbqb1r8zpWC7zxXakVVOHHC4plG6rLINjQzvdSFKCQb5R_xtGsPPfvuE24bv4fvN4ZG2ILvb6X4Dly37WW_HXBqBnUs24mngoTxFaPgNmz1nDQNYQu91-ekX4-BNaovjDx4tP379qIG3-NygHTjFoOMDVUvs-pOPi1kfaoMjmYF2mdZAmVYS2nNLWxbeUymkHXF8lT_iVsJSzyaRFJS1Iqn7zbvwH1iUBjD_pB9EmtNmnUraKrCU9eHES27xTwD-yaaH_GHNc1XwXNbhWJaPFAm35U8ki1Le4WbUVRluFx0qwVqlEF3ieGO84PMidrp51FPm83B_oGt80xpvf6P8Ht5WvVpytjMU8UG7-js8hAzWQeYiK05YTXk-78xg0AO6NoNe_RSRk05zYpF6KlA2yQ_My79rZBv9GFt4kUfIxNjd9OiV1wXdidO7Iaq_Q",
+ "url":"http:\/\/podunk.edu",
+ "url_sig":"T8Bp7j5DHHhQDCFcAHXfuhUfGk2P3inPbImwaXXF1xJd3TGgluoXyyKDx6WDm07x0hqbupoAoZB1qBP3_WfvWiJVAK4N1FD77EOYttUEHZ7L43xy5PCpojJQmkppGbPJc2jnTIc_F1vvGvw5fv8gBWZvPqTdb6LWF6FLrzwesZpi7j2rsioZ3wyUkqb5TDZaNNeWQrIEYXrEnWkRI_qTSOzx0dRTsGO6SpU1fPWuOOYMZG8Nh18nay0kLpxReuHCiCdxjXRVvk5k9rkcMbDBJcBovhiSioPKv_yJxcZVBATw3z3TTE95kGi4wxCEenxwhSpvouwa5b0hT7NS4Ay70QaxoKiLb3ZjhZaUUn4igCyZM0h6fllR5I6J_sAQxiMYD0v5ouIlb0u8YVMni93j3zlqMWdDUZ4WgTI7NNbo8ug9NQDHd92TPmSE1TytPTgya3tsFMzwyq0LZ0b-g-zSXWIES__jKQ7vAtIs9EwlPxqJXEDDniZ2AJ6biXRYgE2Kd6W_nmI7w31igwQTms3ecXe5ENI3ckEPUAq__llNnND7mxp5ZrdXzd5HHU9slXwDShYcW3yDeQLEwAVomTGSFpBrCX8W77n9hF3JClkWaeS4QcZ3xUtsSS81yLrp__ifFfQqx9_Be89WVyIOoF4oydr08EkZ8zwlAsbZLG7eLXY"
+ "sitekey":"-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxTeIwXZWrw/S+Ju6gewh
+LgkKnNNe2uCUqCqMZoYgJar3T5sHCDhvXc4dDCbDkxVIaA/+V1mURtBV60a3IGjn
+OAO0W0XGGLe2ED7G5o9U8T9mVGq8Mauv0v1oQ5wIR1gEAhBavkQ2OUGuF/YKn2nj
+HlKsv9HzUAHpcDMUe3Uklc2RhQbMcnJxEgkyjCkDyrTtCZzISkTAocHvpCG1KSog
+njUZdiz9UWxvM4rCFkCJvQU4RwRZJb7GA9ul+9JrF7NvUQTx8csRP2weBk1E9yyj
+wbe187E0eVj9RXX2Mx3mYhgrTdodxLOVMSXZLg1/SMpeFFl7QBhuM0SiOPg8a7Et
+e2iNA/RD4WiUFqCDfafasRa1TOozOm7LA+08lkAh5PeQPJsJbrX0wVVft++Y+5/z
+BvcUOP73vcbz7j5hJ7HLsbQtye/UUCfODBFybuDqRM84Aet8rjZohX7vukXdMD4I
+2HuB7pjR4uIfyYr0J63ANkvbsn8LR+RnirmHrK5H/OgxxjXcfYbGEQgFxvxhF6lA
+FpMu6Do4dx3CIb6pRmZ8bjSImXexJ0BSo9n3gtrz0XYLecsYFlQ9+QQjm83qxyLb
+M23in0xqMVsyQvzjNkpImrO/QdbEFRIIMee83IHq+adbyjQR49Z2hNEIZhkLPc3U
+2cJJ2HkzkOoF2K37qwIzk68CAwEAAQ==
+-----END PUBLIC KEY-----
+"
+ },
+ "recipients":{
+ {
+ "guid":"lql-1VnxtiO4-WF0h72wLX1Fu8szzHDOXgQaTbELwXW77k8AKFfh-hYr70vqMrc3SSvWN-Flrc5HFhRTWB7ICw",
+ "guid_sig":"PafvEL0VpKfxATxlCqDjfOeSIMdmpr3iU7X-Sysa1h5LzDpjSXsjO37tYZL-accb1M5itLlfnW5epkTa5I4flsW21zSY1A2jCuBQUTLLGV7rNyyBy7lgqJUFvAMRx0TfXzP9lcaPqlM9T1tA6jfWOsOmkdzwofGeXBnsjGfjsO2xdGYe6vwjOU0DSavukvzDMnOayB9DekpvDnaNBTxeGLM45Skzr7ZEMcNF7TeXMbnvpfLaALYEKeQs9bGH-UgAG8fBWgzVAzeBfx_XSR1rdixjyiZGP0kq0h35SlmMPcEjliodOBFwMXqpXFB7Ibp4F6o6te2p2ErViJccQVG8VNKB6SbKNXY6bhP5zVcVsJ-vR-p4xXoYJJvzTN7yTDsGAXHOLF4ZrXbo5yi5gFAlIrTLAF2EdWQwxSGyLRWKxG8PrDkzEzX6cJJ0VRcLh5z6OI5QqQNdeghPZbshMFMJSc_ApCPi9_hI4ZfctCIOi3T6bdgTNKryLm5fhy_eqjwLAZTGP-aUBgLZpb1mf2UojBn6Ey9cCyq-0T2RWyk-FcIcbV4qJ-p_8oODqw13Qs5FYkjLr1bGBq82SuolkYrXEwQClxnrfKa4KYc2_eHAXPL01iS9zVnI1ySOCNJshB97Odpooc4wk7Nb2Fo-Q6THU9zuu0uK_-JbK7IIl6go2qA"
+ },
+ },
+ "callback":"\/post",
+ "version":"1.2",
+ "encryption":{
+ "aes256ctr"
+ },
+ "secret":"1eaa6613699be6ebb2adcefa5379c61a3678aa0df89025470fac871431b70467",
+ "secret_sig":"0uShifsvhHnxnPIlDM9lWuZ1hSJTrk3NN9Ds6AKpyNRqf3DUdz81-Xvs8I2kj6y5vfFtm-FPKAqu77XP05r74vGaWbqb1r8zpWC7zxXakVVOHHC4plG6rLINjQzvdSFKCQb5R_xtGsPPfvuE24bv4fvN4ZG2ILvb6X4Dly37WW_HXBqBnUs24mngoTxFaPgNmz1nDQNYQu91-ekX4-BNaovjDx4tP379qIG3-NygHTjFoOMDVUvs-pOPi1kfaoMjmYF2mdZAmVYS2nNLWxbeUymkHXF8lT_iVsJSzyaRFJS1Iqn7zbvwH1iUBjD_pB9EmtNmnUraKrCU9eHES27xTwD-yaaH_GHNc1XwXNbhWJaPFAm35U8ki1Le4WbUVRluFx0qwVqlEF3ieGO84PMidrp51FPm83B_oGt80xpvf6P8Ht5WvVpytjMU8UG7-js8hAzWQeYiK05YTXk-78xg0AO6NoNe_RSRk05zYpF6KlA2yQ_My79rZBv9GFt4kUfIxNjd9OiV1wXdidO7Iaq_Q"
+ }
+[/code]
+
+[dl terms="b"]
+[*= type] The message type: [b]notify, purge, refresh, force_refresh, auth_check, ping[/b] or [b]pickup[/b]. The packet contents vary by message type. Here we will describe the [b]notify[/b] packet.
+[*= callback]A string to be appended onto the url which identifies the Zot communications endpoint on this system. It is typically the string "/post".
+[*= version]The Zot protocol identifier, to allow future protocol revisions to co-exist.
+[*= encryption] array of supported encryption algorithms, order by decreasing preference. If no compatible encryption methods are provided, applications MUST use 'aes256cbc'.
+[*= secret]A 64-char string which is randomly generated by the sending site.
+[*= secret_sig]The RSA signature of the secret, signed with the sender's private key.
+[*= sender] An array of four components that provide a portable identity. We can contact the URL provided and download a Zot info packet to obtain the public key of the sender, and use that to verify the sender guid and the posting URL signatures.
+ [dl terms="b"]
+ [*= guid]Typically a 64 character base64url encoded string. This is generated when an identity is created and an attempt is made that it be unique; though this isn't required.
+ [*= guid_sig]The RSA signature of the guid, signed by the sender's private key and base64url encoded.
+ [*= url]The base url of the location this post is originating from.
+ [*= url_sig]The RSA signature of url, signed by the sender's private key and base64url encoded.
+ [*= sitekey]The public key of the website specified in the url
+ [/dl]
+[*= recipients] Only used for private messages. An array of envelope recipients. Each recipient is represented by an array of guid and guid_sig. When recipients are specified, the entire packet is also encapsulated using a negotiated cryptographic algorithm or 'aes256cbc' if none could be negotiated.
+ [dl terms="b"]
+ [*= guid]The guid of a private recipient.
+ [*= guid_sig]The RSA signature of the guid, signed by the recipient's private key and base64url encoded
+ [/dl]
+[/dl]