Replace docker/metadata GH Action with a docker-publish.sh driven workflow (supports auto-versioning, extra tags, multi-arch builds and optional builder). Update docs and READMEs to use the updater and new publish flow. Add server-side swarm/node blocklist support and admin nodes API. Improve auth endpoints (me, logout, switch, session accounts) and support account switching. Extend bots API to support custom LLM provider and optional endpoint. Enforce node blocklist on chat send/receive, refactor link preview handling into dedicated preview modules, and enhance notifications and posts like/repost handlers to accept both signed actions and regular auth flows. Misc: remove admin update UI details, add helper libs (media previews, node-blocklist, reposts, notifications, etc.), and minor housekeeping (pyc, workflow tweaks).
Removed all E2EE chat endpoints, crypto logic, and related API routes, transitioning chat to plain text storage and transport. Updated chat send/receive endpoints to use signed actions and enforce DM privacy settings. Cleaned up Swarm chat inbox, key management, and related debug endpoints. Updated user profile to support DM privacy, improved search for handle queries, and refactored conversation/message logic to support the new model. Migrated bot settings and privacy settings to new locations.
Replaces legacy chat encryption modules with new sodium-based implementation. Adds and updates API routes for chat key management and debugging, introduces new hooks and scripts for sodium chat, and updates related database schema and configuration. Removes old crypto modules and updates dependencies accordingly.
The messages API now resolves and includes sender DIDs for received messages, enabling proper decryption in the chat UI. The chat page adds logic to decrypt self-encrypted messages for sent items and improves V2 envelope handling, while useChatEncryption now serializes ratchet state before storage.
Introduces a migration to add a sender_did column to the chat_messages table and creates new tables for chat_device_bundles, chat_inbox, and chat_one_time_keys. Updates related API routes and adds a script for sender DID migration. These changes support device-based messaging and improved chat security.
Messages sent to remote users are now stored locally for the sender, and incoming remote messages are stored for the recipient, ensuring both parties see their message history in the UI. The implementation creates or updates conversations as needed and marks messages as delivered when appropriate.
Introduces support for V2 encrypted chat envelopes in the swarm inbox route, allowing storage and processing of new message formats. Enhances error handling and logging in both chat send and encryption hooks, including detection of remote nodes that do not support the V2 protocol and providing clearer error messages for users and developers.
Introduces a 'did' field to SwarmUserProfile and related API routes to support decentralized identifiers. Refactors login flow to use soft navigation and synchronize AuthContext state, including new 'login' and enhanced 'unlockIdentity' methods for better user state management.
Introduces encrypted private key storage for nodes and users, updates chat message schema to support sender-side encryption, and adds supporting libraries and tests for cryptographic signing and identity unlock flows. Includes new database migrations, API route updates, and React components for identity unlock prompts.
Adds logic to notify remote nodes when a chat conversation is deleted, and introduces a new API endpoint to receive and process deletion requests from other swarm nodes. Ensures that only authorized participants can trigger deletions and handles both local and remote user scenarios.
The DELETE API route now expects params as a Promise and awaits it to extract the conversation id. All references to params.id have been updated to use the resolved id variable.
Introduces an API route for deleting chat conversations, supporting deletion for self or both parties. Updates the chat page UI to allow users to delete conversations with confirmation modal and handles state updates after deletion.
All user and post profile URLs have been updated from /[handle] to /u/[handle] for consistency. Added a redirect page for /posts/[id] to the canonical /u/[handle]/posts/[id] route. Deprecated and removed legacy scripts and documentation related to chat and federation endpoints. Push-based federation endpoints are now disabled in favor of real-time pull-based federation.
Introduces a new chat page with end-to-end encryption, conversation list, and message thread UI. Adds new API endpoints for unread message count and debugging chat keys/messages. Improves chat key validation and reciprocal conversation/message creation for local recipients. Removes the old ChatWidget component. Updates login and chat API logic for better Turnstile and key handling.
- Implement remote user detection based on @domain format in recipient handle
- Add HTTP/HTTPS protocol selection logic for localhost vs production domains
- Fetch remote user public keys from their node's /api/users endpoint
- Maintain local user key lookup for non-remote recipients
- Add error handling and debug logging for remote key fetch failures
- Enable end-to-end encryption support for federated chat across nodes
- Add recipient public key fetching in messages API endpoint for sent message decryption
- Include `isE2E` flag in message response to indicate end-to-end encryption status
- Simplify encrypted content handling by always returning `encryptedContent` field
- Add comprehensive debug logging throughout message loading pipeline for troubleshooting
- Improve key resolution logic to fetch recipient keys when not available in conversation data
- Add detailed logging for each message processing step including key availability and decryption status
- Enhance error handling with more descriptive error messages in key fetching operations
- Better distinguish between sent and received message decryption requirements with clear comments
- Add chat keys API endpoint for storing and retrieving encrypted RSA public/private key pairs
- Create client-side crypto utilities for E2E encryption/decryption with hybrid encryption support
- Implement useChatEncryption hook for managing encryption state and key generation in chat UI
- Add chatPublicKey and chatPrivateKeyEncrypted fields to user schema for key storage
- Update chat messages API to return encrypted content with sender's public key for decryption
- Modify send message endpoint to accept pre-encrypted content from client while maintaining legacy server-side encryption
- Update chat page UI to integrate client-side encryption workflow
- Ensure private keys are encrypted client-side with user password before transmission to server
- Server cannot decrypt message content in E2E mode, providing true end-to-end encryption
- Add validation to check if cached users have valid public keys (PEM format)
- Fetch remote public keys when local cache has placeholder/invalid keys
- Update existing cached users with real public keys instead of creating duplicates
- Include public key in user profile API response for E2E encrypted chat support
- Improve error handling to reject recipients without valid encryption keys
- Ensure remote user data is properly extracted from API responses
This prevents sending encrypted messages to users with placeholder keys and ensures the chat system always has access to valid public keys for encryption operations.
- Strip leading @ symbol from recipient handle before normalization
- Replace simple split() with substring-based parsing for more robust handle@domain extraction
- Add clarifying comments explaining handle format expectations (handle@domain)
- Prevent potential issues with malformed recipient handles containing multiple @ symbols
- Ensure consistent handle normalization across local and remote recipients
- Remove ActivityPub infrastructure (webfinger, nodeinfo, inbox, activities, signatures)
- Implement native peer-to-peer Swarm network with gossip protocol
- Replace federated timeline with Swarm timeline aggregating posts from all nodes
- Migrate direct messaging to end-to-end encrypted Swarm Chat system
- Update user interactions (follow, like, repost) to use Swarm protocol
- Add cryptographic key management for DID-based identity system
- Remove server-bound identity model in favor of portable DID identities
- Update documentation to reflect Swarm architecture and capabilities
- Add debug utilities and chat testing tools for Swarm network
- Refactor database schema to support distributed user directory
- Update bot framework to work with Swarm network interactions
- Simplify API routes to use Swarm protocol instead of ActivityPub
- This transition enables true peer-to-peer communication, instant interactions, and encrypted messaging while maintaining sovereign identity through DIDs
- Add Swarm Chat documentation with architecture, API endpoints, and security considerations
- Create database schema for chat conversations, messages, and typing indicators
- Implement chat API endpoints for sending, receiving, and managing messages
- Add client-side encryption utilities using RSA-OAEP with SHA-256
- Create chat page UI for viewing conversations and messages
- Add chat type definitions for TypeScript support
- Update database schema with new chat tables and relationships
- Update sidebar navigation to include chat link
- Enable true end-to-end encrypted messaging across swarm nodes without ActivityPub limitations
- Add sql import from drizzle-orm for advanced query filtering
- Exclude federated/swarm posts by checking for null apId in timeline query
- Filter out remote placeholder users by validating handle doesn't contain @ symbol
- Add clarifying comments explaining local-only post filtering logic
- Improve timeline query to return only posts from local users, preventing remote placeholder user content from appearing in feeds
- Add "replies" tab to user profile page to display posts where user replied to others
- Implement replies fetching via new `type=replies` query parameter in posts API
- Add reply deletion permissions for parent post owners on their own posts
- Add swarm reply deletion notification to origin nodes when replies are deleted
- Pass `parentPostAuthorId` prop to PostCard for improved reply context tracking
- Update profile tab navigation to include replies tab for non-bot users
- Add loading and empty states for replies tab display
- Improve authorization logic to allow parent post owners to delete replies on their posts
- Add swarm post ID parsing (format: swarm:domain:uuid) in local post endpoint
- Implement real-time fetching from origin node with 10s timeout
- Transform remote post data to match local format with swarm metadata
- Add reply aggregation from remote node with proper ID transformation
- Implement like status checking for authenticated users on remote posts
- Refactor swarm post endpoint to include reply data in response
- Add media transformation with swarm-prefixed IDs for remote posts
- Improve error handling with fallback to 404 for unreachable nodes
- Enable seamless cross-node post viewing with federated author information
- Add remoteLikes table to track likes from federated nodes on local posts
- Implement deduplication logic in like/unlike endpoints to prevent duplicate remote likes
- Add GET endpoint at /api/swarm/posts/[id]/likes to query like status from origin nodes
- Enhance POST feed endpoint to separate local and swarm posts for interaction checks
- Query origin nodes in real-time to populate isLiked flag for federated posts in feeds
- Add error handling and 3-second timeout for remote like status queries
- Update schema to support remote like tracking with actor handle and domain
- Add swarm post handling to like endpoint with direct delivery to origin node
- Add swarm post handling to repost endpoint with direct delivery to origin node
- Add new unrepost endpoint for removing reposts from swarm posts
- Implement deliverSwarmUnrepost function in interactions library
- Extract swarm domain and post ID validation for all interaction types
- Return appropriate error responses for invalid swarm post IDs
- Log successful swarm interaction deliveries for debugging
- Improve separation between local post and swarm post handling logic
- Enable federated users to interact with remote swarm posts directly without local caching
- Remove dedicated bot owner notification utility in favor of unified notification system
- Update all interaction endpoints (follow, like, mention, repost) to use consolidated notification flow
- Refactor notification route to handle all interaction types through single endpoint
- Update posts endpoints to trigger notifications through unified system
- Add database migration snapshot for notification schema changes
- Simplify notification logic by removing redundant bot owner notification module
- Improve notification consistency across all user interactions and post operations
- Wrap notification creation in try-catch blocks for follow interactions
- Wrap notification creation in try-catch blocks for like interactions
- Wrap notification creation in try-catch blocks for repost interactions
- Add console logging for successful notification creation with interaction details
- Add error logging for failed notification creation to aid in debugging
- Prevent interaction failures from cascading due to notification errors
- Create new botOwnerNotify module with notifyBotOwnerForPost and notifyBotOwnerForFollow functions
- Add bot owner notifications to local post interactions (likes, reposts)
- Add bot owner notifications to swarm post interactions (likes, reposts, mentions)
- Add bot owner notifications to follow interactions (local and swarm)
- Implement mention notification creation for local mentions in post creation
- Notify bot owners when their bots receive interactions from other users
- Ensure bot owners are alerted to engagement on their bot accounts across federated network
- Create new swarm endpoints for fetching user followers list at /api/swarm/users/[handle]/followers
- Create new swarm endpoints for fetching user following list at /api/swarm/users/[handle]/following
- Add SwarmFollowerUser and SwarmFollowingUser interfaces for federated user data
- Implement local and remote follower/following aggregation in swarm endpoints
- Update local followers endpoint to fetch data from remote swarm nodes
- Update local following endpoint to fetch data from remote swarm nodes
- Add error handling and database availability checks for all endpoints
- Include node domain and timestamp metadata in swarm responses
- Support pagination with configurable limit parameter (max 100)
- Enable cross-node follower/following visibility for federated social graph
- Add botOwnerHandle field to SwarmUserProfile interface to track bot ownership
- Include botOwner relationship in swarm user profile queries for bot users
- Populate botOwnerHandle in swarm profile responses when user is a bot
- Build botOwner object in local user profile endpoint when fetching remote bot profiles
- Include botOwner data in user profile responses for better bot attribution
- Enables tracking and displaying which user owns each bot across federated instances