diff options
| author | Vitor Pamplona <vitor@vitorpamplona.com> | 2024-12-19 10:15:46 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-12-19 10:15:46 -0500 |
| commit | f7d97f3f40dc6677e6f996ffff431142ffe05810 (patch) | |
| tree | 2eaa8c8628cc9a4b05811ed3869e21221fd85307 /29.md | |
| parent | d5b77b6d7348061cd0f16adc35e4d02a3a0b7380 (diff) | |
| parent | 561059ff85c171b87a12b8381b724b4afc569a97 (diff) | |
Merge branch 'master' into draft-event
Diffstat (limited to '29.md')
| -rw-r--r-- | 29.md | 191 |
1 files changed, 119 insertions, 72 deletions
| @@ -16,15 +16,19 @@ Normally a group will originally belong to one specific relay, but the community | |||
| 16 | 16 | ||
| 17 | ## Relay-generated events | 17 | ## Relay-generated events |
| 18 | 18 | ||
| 19 | Relays are supposed to generate the events that describe group metadata and group admins. These are parameterized replaceable events signed by the relay keypair directly, with the group _id_ as the `d` tag. | 19 | Relays are supposed to generate the events that describe group metadata and group admins. These are _addressable_ events signed by the relay keypair directly, with the group _id_ as the `d` tag. |
| 20 | 20 | ||
| 21 | ## Group identifier | 21 | ## Group identifier |
| 22 | 22 | ||
| 23 | A group may be identified by a string in the format `<host>'<group-id>`. For example, a group with _id_ `abcdef` hosted at the relay `wss://groups.nostr.com` would be identified by the string `groups.nostr.com'abcdef`. | 23 | A group may be identified by a string in the format `<host>'<group-id>`. For example, a group with _id_ `abcdef` hosted at the relay `wss://groups.nostr.com` would be identified by the string `groups.nostr.com'abcdef`. |
| 24 | 24 | ||
| 25 | Group identifiers must be strings restricted to the characters `a-z0-9-_`, and SHOULD be random in order to avoid name collisions. | ||
| 26 | |||
| 27 | When encountering just the `<host>` without the `'<group-id>`, clients MAY infer `_` as the group id, which is a special top-level group dedicated to relay-local discussions. | ||
| 28 | |||
| 25 | ## The `h` tag | 29 | ## The `h` tag |
| 26 | 30 | ||
| 27 | Events sent by users to groups (chat messages, text notes, moderation events etc) must have an `h` tag with the value set to the group _id_. | 31 | Events sent by users to groups (chat messages, text notes, moderation events etc) MUST have an `h` tag with the value set to the group _id_. |
| 28 | 32 | ||
| 29 | ## Timeline references | 33 | ## Timeline references |
| 30 | 34 | ||
| @@ -36,89 +40,101 @@ This is a hack to prevent messages from being broadcasted to external relays tha | |||
| 36 | 40 | ||
| 37 | Relays should prevent late publication (messages published now with a timestamp from days or even hours ago) unless they are open to receive a group forked or moved from another relay. | 41 | Relays should prevent late publication (messages published now with a timestamp from days or even hours ago) unless they are open to receive a group forked or moved from another relay. |
| 38 | 42 | ||
| 39 | ## Event definitions | 43 | ## Group management |
| 40 | 44 | ||
| 41 | - *text root note* (`kind:11`) | 45 | Groups can have any number of users with elevated access. These users are identified by role labels which are arbitrarily defined by the relays (see also the description of `kind:39003`). What each role is capable of not defined in this NIP either, it's a relay policy that can vary. Roles can be assigned by other users (as long as they have the capability to add roles) by publishing a `kind:9000` event with that user's pubkey in a `p` tag and the roles afterwards (even if the user is already a group member a `kind:9000` can be issued and the user roles must just be updated). |
| 42 | 46 | ||
| 43 | This is the basic unit of a "microblog" root text note sent to a group. | 47 | The roles supported by the group as to having some special privilege assigned to them should be accessible on the event `kind:39003`, but the relay may also accept other role names, arbitrarily defined by clients, and just not do anything with them. |
| 44 | 48 | ||
| 45 | ```js | 49 | Users with any roles that have any privilege can be considered _admins_ in a broad sense and be returned in the `kind:39001` event for a group. |
| 46 | "kind": 11, | ||
| 47 | "content": "hello my friends lovers of pizza", | ||
| 48 | "tags": [ | ||
| 49 | ["h", "<group-id>"], | ||
| 50 | ["previous", "<event-id-first-chars>", "<event-id-first-chars>", ...] | ||
| 51 | ] | ||
| 52 | ... | ||
| 53 | ``` | ||
| 54 | 50 | ||
| 55 | - *threaded text reply* (`kind:12`) | 51 | ## Unmanaged groups |
| 56 | 52 | ||
| 57 | This is the basic unit of a "microblog" reply note sent to a group. It's the same as `kind:11`, except for the fact that it must be used whenever it's in reply to some other note (either in reply to a `kind:11` or a `kind:12`). `kind:12` events SHOULD use NIP-10 markers, leaving an empty relay url: | 53 | Unmanaged groups are impromptu groups that can be used in any public relay unaware of NIP-29 specifics. They piggyback on relays' natural white/blacklists (or lack of) but aside from that are not actively managed and won't have any admins, group state or metadata events. |
| 58 | 54 | ||
| 59 | * `["e", "<kind-11-root-id>", "", "root"]` | 55 | In `unmanaged` groups, everybody is considered to be a member. |
| 60 | * `["e", "<kind-12-event-id>", "", "reply"]` | ||
| 61 | 56 | ||
| 62 | - *chat message* (`kind:9`) | 57 | Unmanaged groups can transition to managed groups, in that case the relay master key just has to publish moderation events setting the state of all groups and start enforcing the rules they choose to. |
| 63 | 58 | ||
| 64 | This is the basic unit of a _chat message_ sent to a group. | 59 | ## Event definitions |
| 65 | 60 | ||
| 66 | ```js | 61 | These are the events expected to be found in NIP-29 groups. |
| 67 | "kind": 9, | 62 | |
| 68 | "content": "hello my friends lovers of pizza", | 63 | ### Normal user-created events |
| 69 | "tags": [ | ||
| 70 | ["h", "<group-id>"], | ||
| 71 | ["previous", "<event-id-first-chars>", "<event-id-first-chars>", ...] | ||
| 72 | ] | ||
| 73 | ... | ||
| 74 | ``` | ||
| 75 | 64 | ||
| 76 | - *chat message threaded reply* (`kind:10`) | 65 | Groups may accept any event kind, including chats, threads, long-form articles, calendar, livestreams, market announcements and so on. These should be as defined in their respective NIPs, with the addition of the `h` tag. |
| 77 | 66 | ||
| 78 | Similar to `kind:12`, this is the basic unit of a chat message sent to a group. This is intended for in-chat threads that may be hidden by default. Not all in-chat replies MUST use `kind:10`, only when the intention is to create a hidden thread that isn't part of the normal flow of the chat (although clients are free to display those by default too). | 67 | ### User-related group management events |
| 79 | 68 | ||
| 80 | `kind:10` SHOULD use NIP-10 markers, just like `kind:12`. | 69 | These are events that can be sent by users to manage their situation in a group, they also require the `h` tag. |
| 81 | 70 | ||
| 82 | - *join request* (`kind:9021`) | 71 | - *join request* (`kind:9021`) |
| 83 | 72 | ||
| 84 | Any user can send one of these events to the relay in order to be automatically or manually added to the group. If the group is `open` the relay will automatically issue a `kind:9000` in response adding this user. Otherwise group admins may choose to query for these requests and act upon them. | 73 | Any user can send a kind `9021` event to the relay in order to request admission to the group. Relays MUST reject the request if the user has not been added to the group. The accompanying error message SHOULD explain whether the rejection is final, if the request is pending review, or if some other special handling is relevant (e.g. if payment is required). If a user is already a member, the event MUST be rejected with `duplicate: ` as the error message prefix. |
| 85 | 74 | ||
| 86 | ```js | 75 | ```json |
| 87 | { | 76 | { |
| 88 | "kind": 9021, | 77 | "kind": 9021, |
| 89 | "content": "optional reason", | 78 | "content": "optional reason", |
| 90 | "tags": [ | 79 | "tags": [ |
| 80 | ["h", "<group-id>"], | ||
| 81 | ["code", "<optional-invite-code>"] | ||
| 82 | ] | ||
| 83 | } | ||
| 84 | ``` | ||
| 85 | |||
| 86 | The optional `code` tag may be used by the relay to preauthorize acceptances in `closed` groups, together with the `kind:9009` `create-invite` moderation event. | ||
| 87 | |||
| 88 | - *leave request* (`kind:9022`) | ||
| 89 | |||
| 90 | Any user can send one of these events to the relay in order to be automatically removed from the group. The relay will automatically issue a `kind:9001` in response removing this user. | ||
| 91 | |||
| 92 | ```json | ||
| 93 | { | ||
| 94 | "kind": 9022, | ||
| 95 | "content": "optional reason", | ||
| 96 | "tags": [ | ||
| 91 | ["h", "<group-id>"] | 97 | ["h", "<group-id>"] |
| 92 | ] | 98 | ] |
| 93 | } | 99 | } |
| 94 | ``` | 100 | ``` |
| 95 | 101 | ||
| 102 | ### Group state -- or moderation | ||
| 103 | |||
| 104 | These are events expected to be sent by the relay master key or by group admins -- and relays should reject them if they don't come from an authorized admin. They also require the `h` tag. | ||
| 105 | |||
| 96 | - *moderation events* (`kinds:9000-9020`) (optional) | 106 | - *moderation events* (`kinds:9000-9020`) (optional) |
| 97 | 107 | ||
| 98 | Clients can send these events to a relay in order to accomplish a moderation action. Relays must check if the pubkey sending the event is capable of performing the given action. The relay may discard the event after taking action or keep it as a moderation log. | 108 | Clients can send these events to a relay in order to accomplish a moderation action. Relays must check if the pubkey sending the event is capable of performing the given action based on its role and the relay's internal policy (see also the description of `kind:39003`). |
| 99 | 109 | ||
| 100 | ```js | 110 | ```jsonc |
| 101 | { | 111 | { |
| 102 | "kind": 90xx, | 112 | "kind": 90xx, |
| 103 | "content": "optional reason", | 113 | "content": "optional reason", |
| 104 | "tags": [ | 114 | "tags": [ |
| 105 | ["h", "<group-id>"], | 115 | ["h", "<group-id>"], |
| 106 | ["previous", ...] | 116 | ["previous", /*...*/] |
| 107 | ] | 117 | ] |
| 108 | } | 118 | } |
| 109 | ``` | 119 | ``` |
| 110 | 120 | ||
| 111 | Each moderation action uses a different kind and requires different arguments, which are given as tags. These are defined in the following table: | 121 | Each moderation action uses a different kind and requires different arguments, which are given as tags. These are defined in the following table: |
| 112 | 122 | ||
| 113 | | kind | name | tags | | 123 | | kind | name | tags | |
| 114 | | --- | --- | --- | | 124 | | --- | --- | --- | |
| 115 | | 9000 | `add-user` | `p` (pubkey hex) | | 125 | | 9000 | `put-user` | `p` with pubkey hex and optional roles | |
| 116 | | 9001 | `remove-user` | `p` (pubkey hex) | | 126 | | 9001 | `remove-user` | `p` with pubkey hex | |
| 117 | | 9002 | `edit-metadata` | `name`, `about`, `picture` (string) | | 127 | | 9002 | `edit-metadata` | fields from `kind:39000` to be modified | |
| 118 | | 9003 | `add-permission` | `p` (pubkey), `permission` (name) | | 128 | | 9005 | `delete-event` | `e` with event id hex | |
| 119 | | 9004 | `remove-permission` | `p` (pubkey), `permission` (name) | | 129 | | 9007 | `create-group` | | |
| 120 | | 9005 | `delete-event` | `e` (id hex) | | 130 | | 9008 | `delete-group` | | |
| 121 | | 9006 | `edit-group-status` | `public` or `private`, `open` or `closed` | | 131 | | 9009 | `create-invite` | | |
| 132 | |||
| 133 | It's expected that the group state (of who is an allowed member or not, who is an admin and with which permission or not, what are the group name and picture etc) can be fully reconstructed from the canonical sequence of these events. | ||
| 134 | |||
| 135 | ### Group metadata events | ||
| 136 | |||
| 137 | These events contain the group id in a `d` tag instead of the `h` tag. They MUST be created by the relay master key only and a single instance of each (or none) should exist at all times for each group. They are merely informative but should reflect the latest group state (as it was changed by moderation events over time). | ||
| 122 | 138 | ||
| 123 | - *group metadata* (`kind:39000`) (optional) | 139 | - *group metadata* (`kind:39000`) (optional) |
| 124 | 140 | ||
| @@ -126,7 +142,9 @@ This event defines the metadata for the group -- basically how clients should di | |||
| 126 | 142 | ||
| 127 | If the group is forked and hosted in multiple relays, there will be multiple versions of this event in each different relay and so on. | 143 | If the group is forked and hosted in multiple relays, there will be multiple versions of this event in each different relay and so on. |
| 128 | 144 | ||
| 129 | ```js | 145 | When this event is not found, clients may still connect to the group, but treat it as having a different status, `unmanaged`, |
| 146 | |||
| 147 | ```jsonc | ||
| 130 | { | 148 | { |
| 131 | "kind": 39000, | 149 | "kind": 39000, |
| 132 | "content": "", | 150 | "content": "", |
| @@ -138,7 +156,7 @@ If the group is forked and hosted in multiple relays, there will be multiple ver | |||
| 138 | ["public"], // or ["private"] | 156 | ["public"], // or ["private"] |
| 139 | ["open"] // or ["closed"] | 157 | ["open"] // or ["closed"] |
| 140 | ] | 158 | ] |
| 141 | ... | 159 | // other fields... |
| 142 | } | 160 | } |
| 143 | ``` | 161 | ``` |
| 144 | 162 | ||
| @@ -146,40 +164,29 @@ If the group is forked and hosted in multiple relays, there will be multiple ver | |||
| 146 | 164 | ||
| 147 | - *group admins* (`kind:39001`) (optional) | 165 | - *group admins* (`kind:39001`) (optional) |
| 148 | 166 | ||
| 149 | Similar to the group metadata, this event is supposed to be generated by relays that host the group. | 167 | Each admin is listed along with one or more roles. These roles SHOULD have a correspondence with the roles supported by the relay, as advertised by the `kind:39003` event. |
| 150 | |||
| 151 | Each admin gets a label that is only used for display purposes, and a list of permissions it has are listed afterwards. These permissions can inform client building UI, but ultimately are evaluated by the relay in order to become effective. | ||
| 152 | |||
| 153 | The list of capabilities, as defined by this NIP, for now, is the following: | ||
| 154 | |||
| 155 | - `add-user` | ||
| 156 | - `edit-metadata` | ||
| 157 | - `delete-event` | ||
| 158 | - `remove-user` | ||
| 159 | - `add-permission` | ||
| 160 | - `remove-permission` | ||
| 161 | - `edit-group-status` | ||
| 162 | 168 | ||
| 163 | ```js | 169 | ```jsonc |
| 164 | { | 170 | { |
| 165 | "kind": 39001, | 171 | "kind": 39001, |
| 166 | "content": "list of admins for the pizza lovers group", | 172 | "content": "list of admins for the pizza lovers group", |
| 167 | "tags": [ | 173 | "tags": [ |
| 168 | ["d", "<group-id>"], | 174 | ["d", "<group-id>"], |
| 169 | ["p", "<pubkey1-as-hex>", "ceo", "add-user", "edit-metadata", "delete-event", "remove-user"], | 175 | ["p", "<pubkey1-as-hex>", "ceo"], |
| 170 | ["p", "<pubkey2-as-hex>", "secretary", "add-user", "delete-event"] | 176 | ["p", "<pubkey2-as-hex>", "secretary", "gardener"], |
| 171 | ] | 177 | // other pubkeys... |
| 172 | ... | 178 | ], |
| 179 | // other fields... | ||
| 173 | } | 180 | } |
| 174 | ``` | 181 | ``` |
| 175 | 182 | ||
| 176 | - *group members* (`kind:39002`) (optional) | 183 | - *group members* (`kind:39002`) (optional) |
| 177 | 184 | ||
| 178 | Similar to *group admins*, this event is supposed to be generated by relays that host the group. | 185 | It's a list of pubkeys that are members of the group. Relays might choose to not to publish this information, to restrict what pubkeys can fetch it or to only display a subset of the members in it. |
| 179 | 186 | ||
| 180 | It's a NIP-51-like list of pubkeys that are members of the group. Relays might choose to not to publish this information or to restrict what pubkeys can fetch it. | 187 | Clients should not assume this will always be present or that it will contain a full list of members. |
| 181 | 188 | ||
| 182 | ```json | 189 | ```jsonc |
| 183 | { | 190 | { |
| 184 | "kind": 39002, | 191 | "kind": 39002, |
| 185 | "content": "list of members for the pizza lovers group", | 192 | "content": "list of members for the pizza lovers group", |
| @@ -188,10 +195,50 @@ It's a NIP-51-like list of pubkeys that are members of the group. Relays might c | |||
| 188 | ["p", "<admin1>"], | 195 | ["p", "<admin1>"], |
| 189 | ["p", "<member-pubkey1>"], | 196 | ["p", "<member-pubkey1>"], |
| 190 | ["p", "<member-pubkey2>"], | 197 | ["p", "<member-pubkey2>"], |
| 191 | ] | 198 | // other pubkeys... |
| 199 | ], | ||
| 200 | // other fields... | ||
| 201 | } | ||
| 202 | ``` | ||
| 203 | |||
| 204 | - *group roles* (`kind:39003`) (optional) | ||
| 205 | |||
| 206 | This is an event that MAY be published by the relay informing users and clients about what are the roles supported by this relay according to its internal logic. | ||
| 207 | |||
| 208 | For example, a relay may choose to support the roles `"admin"` and `"moderator"`, in which the `"admin"` will be allowed to edit the group metadata, delete messages and remove users from the group, while the `"moderator"` can only delete messages (or the relay may choose to call these roles `"ceo"` and `"secretary"` instead, the exact role name is not relevant). | ||
| 209 | |||
| 210 | The process through which the relay decides what roles to support and how to handle moderation events internally based on them is specific to each relay and not specified here. | ||
| 211 | |||
| 212 | ```jsonc | ||
| 213 | { | ||
| 214 | "kind": 39003, | ||
| 215 | "content": "list of roles supported by this group", | ||
| 216 | "tags": [ | ||
| 217 | ["d", "<group-id>"], | ||
| 218 | ["role", "<role-name>", "<optional-description>"], | ||
| 219 | ["role", "<role-name>", "<optional-description>"], | ||
| 220 | // other roles... | ||
| 221 | ], | ||
| 222 | // other fields... | ||
| 192 | } | 223 | } |
| 193 | ``` | 224 | ``` |
| 194 | 225 | ||
| 195 | ## Storing the list of groups a user belongs to | 226 | ## Implementation quirks |
| 227 | |||
| 228 | ### Checking your own membership in a group | ||
| 229 | |||
| 230 | The latest of either `kind:9000` or `kind:9001` events present in a group should tell a user that they are currently members of the group or if they were removed. In case none of these exist the user is assumed to not be a member of the group -- unless the group is `unmanaged`, in which case the user is assumed to be a member. | ||
| 231 | |||
| 232 | ### Adding yourself to a group | ||
| 233 | |||
| 234 | When a group is `open`, anyone can send a `kind:9021` event to it in order to be added, then expect a `kind:9000` event to be emitted confirming that the user was added. The same happens with `closed` groups, except in that case a user may only send a `kind:9021` if it has an invite code. | ||
| 235 | |||
| 236 | ### Storing your list of groups | ||
| 237 | |||
| 238 | A definition for `kind:10009` was included in [NIP-51](51.md) that allows clients to store the list of groups a user wants to remember being in. | ||
| 239 | |||
| 240 | ### Using `unmanaged` relays | ||
| 241 | |||
| 242 | To prevent event leakage, when using `unmanaged` relays, clients should include the [NIP-70](70.md) `-` tag, as just the `previous` tag won't be checked by other `unmanaged` relays. | ||
| 196 | 243 | ||
| 197 | A definition for kind `10009` was included in [NIP-51](51.md) that allows clients to store the list of groups a user wants to remember being in. | 244 | Groups MAY be named without relay support by adding a `name` to the corresponding tag in a user's `kind 10009` group list. |