5.1 KiB
NIP-29
Relay-based Groups
draft
optional
author:fiatjaf
This NIP defines a standard for groups that are only writable by a closed set of users. They can be public for reading by external users or not.
Groups are identified by a random string of any length that serves as an id.
There is no way to create a group, what happens is just that relays (most likely when asked by users) create rules around some specific ids so these ids can serve as an actual group, henceforth messages sent to that group will be subject to these rules.
Normally a group will originally belong to one specific relay, but the community may choose to move the group to other relays or even fork the group so it exists in different forms -- still using the same id -- across different relays.
Relay-generated events
Relays are supposed to generate the events that describe group metadata and group admins. These are parameterized replaceable events signed by the relay keypair directly, with the group id as the d
tag.
The h
tag
Events sent by users to groups (chat messages, text notes, moderation events etc) must have an h
tag with the value set to the group id.
Timeline references
In order to not be used out of context, events sent to these groups may contain references to previous events seen from the same relay in the previous
tag. The choice of which previous events to pick belongs to the clients.
This is a hack to prevent messages from being broadcasted to external relays that have forks of one group out of context. Relays are expected to reject any events that contain timeline references to events not found in their own database. Clients must also check these to keep relays honest about them.
Trimmed signatures
Relays must strip the signature of messages in groups that are private
so they do not leak.
Event definitions
- text note (
kind:11
)
This is the basic unit of a "microblog" text note sent to a group.
"kind": 11,
"content": "hello my friends lovers of pizza",
"tags": [
["h", "<group-id>"],
["previous", "<event-id>", "<event-id>", ...]
]
...
- chat message (
kind:9
)
Similar to kind:11
, this is the basic unit of a chat message sent to a group.
"kind": 9,
"content": "hello my friends lovers of pizza",
"tags": [
["h", "<group-id>"],
["previous", "<event-id>", "<event-id>", ...]
]
...
- group metadata (
kind:39000
) (optional)
If this event does not exist, the group should be identified in the client UI by its identifier (i.e. "/flavors" or "pizza.com/flavors"). All tags are optional. Having the "private"
tag means the group cannot be read and relays will use NIP-42 AUTH
messages to control who can read from it. The "closed"
tag means the group can be read by anyone but only explicitly whitelisted pubkeys are allowed to post, again these enforcements happen at the relay level.
{
"kind": 39000,
"content": "a nip-29 chat group for debating pizza flavors and other topics",
"tags": [
["d", "<group-id>"],
["name", "Pizza Lovers"],
["picture", "https://pizza.com/pizza.png"],
["private"],
["closed"]
]
...
}
The NIP-19 naddr
pointer for this event including with a mandatory relay can be used as the canonical group identifier.
- group admins (
kind:39001
) (optional)
Each admin gets a label that is only used for display purposes, and a list of permissions it has are listed afterwards. These permissions can inform client building UI, but ultimately are evaluated by the relay in order to become effective.
The list of capabilities, as defined by this NIP, for now, is the following:
add-user
edit-metadata
delete-event
ban-user
add-permission
remove-permission
{
"kind": 39001,
"content": "list of admins for the pizza lovers group",
"tags": [
["d", "<group-id>"],
["<pubkey1-as-hex>", "ceo", "add-user", "edit-metadata", "delete-event", "ban-user"],
["<pubkey2-as-hex>", "secretary", "add-user", "delete-event"]
]
...
}
- deletion event (
kind:5
) (optional)
This is the same event as described in NIP-09, the difference is that if there are admins with delete-event
capability for the relevant group their kind:5
events must be honored by the relays.
- moderation event (
kind:9000
) (optional)
An event sent from a client to the relay in order to accomplish a moderation action (except delete-event
, as that is the job of kind:5
). The relay should read this event and act on it if the user sending the event has the required permissions and the date is close to the current date. The relay may discard the event after taking action or keep it as a way to expose a moderation log.
{
"kind": 9000,
"content": "action description and/or reason",
"tags": [
["h", "<group-id>"],
["action", "add-user", "<pubkey-to-add>"],
["action", "ban-user", "<pubkey-to-ban>"],
["action", "edit-metadata", "<field-name>", "<field-value>"],
["action", "add-permission", "<pubkey>", "<permission>"],
["action", "remove-permission", "<pubkey>", "<permission>"],
]
}