Expand description
HTTP mailbox relay — minimal, persistent, bearer-authenticated.
Design (v0.1):
- One process serves N slots; each slot is a per-peer FIFO of signed events.
- Slot allocation returns
(slot_id, slot_token). Holder of the token can post + read that slot. Tokens never expire in v0.1 (rotate by allocating a new slot). - Events are stored verbatim — the relay does NOT verify Ed25519 signatures
itself. Verification happens client-side (
wire tail+verify_message_v31). The relay is dumb on purpose: it is a content-addressed mailbox, not a trust authority. - 256 KiB max body per event.
- Persistence: each slot’s events are appended to
<state_dir>/slots/<slot_id>.jsonlon everyPOST /events. Tokens are persisted to<state_dir>/tokens.jsonon allocation. - On startup, slots + tokens are reloaded from disk.
Structs§
- Allocate
Request - Handle
Claim Request - Handles
Directory Query - Invite
Register Request - Invite
Script Query - List
Events Query - Pair
Abandon Request - Pair
Bootstrap Request - Pair
GetQuery - Pair
Open Request - Post
Event Request - Relay
- Responder
Health Record - Server
Mode - v0.5.17: relay-server mode toggles. Default = full federation
(current behavior).
local_onlystrips phonebook + well-known surfaces so the relay is invisible from off-box and from any directory-scraping agent on the same box. - Stats
History Query - Well
Known Agent Query
Functions§
- serve
- Run the relay until SIGINT/SIGTERM.
- serve_
with_ mode - v0.5.17: server-mode-aware entry point. Same as
servebut with the--local-onlytoggle exposed so the binary can refuse to publish phonebook + well-known surfaces on within-machine relays.