Replace docker/metadata GH Action with a docker-publish.sh driven workflow (supports auto-versioning, extra tags, multi-arch builds and optional builder). Update docs and READMEs to use the updater and new publish flow. Add server-side swarm/node blocklist support and admin nodes API. Improve auth endpoints (me, logout, switch, session accounts) and support account switching. Extend bots API to support custom LLM provider and optional endpoint. Enforce node blocklist on chat send/receive, refactor link preview handling into dedicated preview modules, and enhance notifications and posts like/repost handlers to accept both signed actions and regular auth flows. Misc: remove admin update UI details, add helper libs (media previews, node-blocklist, reposts, notifications, etc.), and minor housekeeping (pyc, workflow tweaks).
Removed all E2EE chat endpoints, crypto logic, and related API routes, transitioning chat to plain text storage and transport. Updated chat send/receive endpoints to use signed actions and enforce DM privacy settings. Cleaned up Swarm chat inbox, key management, and related debug endpoints. Updated user profile to support DM privacy, improved search for handle queries, and refactored conversation/message logic to support the new model. Migrated bot settings and privacy settings to new locations.
Removed 'healing' logic and authoritative update propagation from handle registry and gossip code, simplifying handle upserts to only update on strictly newer timestamps. Enhanced sodium-chat key handling with robust base64 decoding and key repair logic. Added scripts for key inspection and crypto testing. Deleted unused healing module.
Added healing utilities to update the handle registry when a user profile is found at a new node domain. Enhanced upsertHandleEntries to accept a sourceDomain parameter, allowing authoritative updates from the owning node. Updated gossip logic to pass sender/target domains for proper trust handling during handle propagation. Integrated healing logic into chat key lookup to keep the registry accurate.
Introduces a 'did' field to SwarmUserProfile and related API routes to support decentralized identifiers. Refactors login flow to use soft navigation and synchronize AuthContext state, including new 'login' and enhanced 'unlockIdentity' methods for better user state management.
Introduces encrypted private key storage for nodes and users, updates chat message schema to support sender-side encryption, and adds supporting libraries and tests for cryptographic signing and identity unlock flows. Includes new database migrations, API route updates, and React components for identity unlock prompts.
- Replace pure RSA encryption with hybrid encryption scheme for better performance
- Implement AES-256-GCM for fast message encryption without size limitations
- Use RSA-OAEP for secure AES key exchange between chat participants
- Add EncryptedPayload interface to structure encrypted data (key, IV, ciphertext, auth tag)
- Update encryptMessage() to generate random AES key and IV, encrypt with AES-GCM, then wrap AES key with RSA
- Update decryptMessage() to unwrap AES key with RSA, then decrypt message with AES-GCM
- Include GCM authentication tag for message integrity verification
- Encode all binary components as base64 strings in JSON payload for transport
- Improves encryption performance while maintaining security for end-to-end swarm messaging
- Remove ActivityPub infrastructure (webfinger, nodeinfo, inbox, activities, signatures)
- Implement native peer-to-peer Swarm network with gossip protocol
- Replace federated timeline with Swarm timeline aggregating posts from all nodes
- Migrate direct messaging to end-to-end encrypted Swarm Chat system
- Update user interactions (follow, like, repost) to use Swarm protocol
- Add cryptographic key management for DID-based identity system
- Remove server-bound identity model in favor of portable DID identities
- Update documentation to reflect Swarm architecture and capabilities
- Add debug utilities and chat testing tools for Swarm network
- Refactor database schema to support distributed user directory
- Update bot framework to work with Swarm network interactions
- Simplify API routes to use Swarm protocol instead of ActivityPub
- This transition enables true peer-to-peer communication, instant interactions, and encrypted messaging while maintaining sovereign identity through DIDs
- Add Swarm Chat documentation with architecture, API endpoints, and security considerations
- Create database schema for chat conversations, messages, and typing indicators
- Implement chat API endpoints for sending, receiving, and managing messages
- Add client-side encryption utilities using RSA-OAEP with SHA-256
- Create chat page UI for viewing conversations and messages
- Add chat type definitions for TypeScript support
- Update database schema with new chat tables and relationships
- Update sidebar navigation to include chat link
- Enable true end-to-end encrypted messaging across swarm nodes without ActivityPub limitations
- Add swarm post handling to like endpoint with direct delivery to origin node
- Add swarm post handling to repost endpoint with direct delivery to origin node
- Add new unrepost endpoint for removing reposts from swarm posts
- Implement deliverSwarmUnrepost function in interactions library
- Extract swarm domain and post ID validation for all interaction types
- Return appropriate error responses for invalid swarm post IDs
- Log successful swarm interaction deliveries for debugging
- Improve separation between local post and swarm post handling logic
- Enable federated users to interact with remote swarm posts directly without local caching
- Remove scheduled posting logic and consolidate all bot posting into autonomous module
- Simplify cron endpoint to only call processAllAutonomousBots with cleaner response format
- Add background post caching for swarm follow operations via cacheSwarmUserPosts
- Update background scheduler to remove scheduled posting references and streamline logging
- Improve autonomous module documentation to clarify schedule-based posting with optional sources
- Enhance error tracking and reporting across bot task execution
- Reduce code duplication by eliminating separate scheduled/autonomous processing paths