HM24 Zen Details

Account Identity

Permanent ID Format
Account Key Derivation and ID Format
Account Key Encrypted on Devices
Account Key signs Blobs
Account Key signs token to authenticate peer ID
We should make sure we can support multi-account
And there may be an option to use the account ID as peer ID on the remote server

Account Profile

An entity which can only be modified by the account. There is only one member of a Profile: the owner.

Entity Metadata

Flat object of info strings on an entity
Title - The account alias, or group/document name
Photo - The Square avatar for the entity
Copyright Holder - Set to the legal entity who owns the copyright
Copyright License - will have special values that affect sync. By default the value is CC0 or something
Any other strings are allowed. If IPFS values are specified then the files will be synced


A blob that points to the "latest" version of a standalone entity.
It may override or add to the membership of the embedded membership

Standalone Entity

Create a new entity that gets an ID
All standalone entities have a ref

Entity Content

block hierarchy, unchanged from existing Hypermedia Documents
new embed type: index

Entity Index

A dictionary of entries identified by a key (path name). Each entry has:
an entity id
a set of change IDs
a block ref
Roles[AccountId] =
The roles allow non-members of the entity to edit the ref for that given entry(key/path)

Invites on Entity Index entries

If you invite an account, it will only show in the members list IF there's a change create by any of its devices

Revocations on Entity Index entries

no clue!
a Controller can revoke you from a entity

Entity Membership

Described as .members.ACCOUNT_ID = role
Roles are:
Admin - In control of editors, can do anything an editor can do
Editor - In control of collaborators, can edit the entity directly
Collaborator - Can make comments and suggested changes that are distributed alongside the entity
The owner is the only fixed member and they have all privelidges
To request to join, an account creates a change where they set themself as a member
To invite, an account who already has authority will set a role for another member
When both the invite and request have been included in the change DAG, the member becomes the lowest role as specified by the invite and the request. So if the owner invites Alice as an editor, but she joins as a collaborator, she becomes a collaborator.
A field called openMembership when true means you do not need an invite to become a collaborator. All other roles still require invites
To leave, either the account in question or an account in control will set their role to empty.

Anonymous Invites

A entity admin/owner/editor create an "invite" key pair and saves the public key into the entity as a special kind of invite, specifying the role that the recipient can have
The private key is shared securely with somebody who might not have an account yet. Then the recipient will create an account.
Then the recipient account issues a special kind of join change where they add themself as a member. This contains the regular account signature AND a signature from the pre-shared private key.
Once this invite key has been used to redeem membership, it cannot be used again.

Unlisted Documents

Do not get synced

Suggested Changes

make a change with suggested=true

Duplicate Entity

Issue a change that references dep changes, and set the ID to a new value

Local Drafts

Create or get a local draft by specifying the branch:
Entity ID
Parent Entity ID and Index Key

Immediate Changes

API where a change can be created immediately for a given entity, bypassing the draft workflow.

Web Publishing

Workflow for configuring the server to accept this entity
The site should accept a push workflow where members of the entity can send content directly
The site should support a pull workflow where new content is regularly searched for in the p2p network
Set metadata.webURL to the new server so that Hypermedia consumers can verify that the server claims responsibility for this URL. Otherwise the URL will be flagged with a failed verification

Snapshots and State Proofs

To enable faster loading of data, all changes should include a snapshot which is a hash of the current state, or a merkle tree hash or prolly tree hash


Without joining, you should be able to subscribe to an entity, which will configure your node to look for the latest content, archive it, and optionally redistribute the content

Sync Policies

Sync and freely share your profile, all interests, all your invites, and reconcile all entities you are a member of.
Connections must be two-way consent

History Rewriting

We should at least sketch this out but it is lower priority


We support the following URLs
hm://id - Look up using entity ID
hm://id?v=123 - Look up using entity ID and version
hm://id?v=123&l - Look up latest of this entity ID, past a given version
hm://id/foo?v=123 - Look up the foo index entry on id entity version 123
hm://a/id - Look up the profile of an account ID
All URLs work on as well


should have this viral pattern. as long as a comment "is relevant" we should show it
the comment references a version
if that version is in your deps (the version/change this comment is referencing), then is relevant
if a comment mentions Alice, the comment should be synced with Alice from anyone that is connected to her

Merge Suggested changes

if you can control the branch, you can see the suggested change and create a merge change pointing to it if you feel like.

Anonymous Suggestions

Peer reviewers might not want to appear as contributors to a document. they just want to suggest changes because they like the author

Domain is Account Concept

Uncertain idea from @z6Mkg...A7cgt
Multiple people can be part of an account that is defined on a domain
... something about letsencrypt?...

Web of Trust

Add a Contact means:
Consent for connections
Archive their content (their profile, maybe indexed content, maybe all their content)
Continue to sync their content over time
Publish an endorsement

Account Switcher

WE ARE NOT SURE ABOUT THIS, it might compromise your identity if you re-use the same peer ID
peerID needs to be separate from the deviceID