posta/spec
0
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity
No description
18 commits 2 branches 0 tags 791 KiB
  • Go 100%
Find a file
Exact
Arne Skaar Fismen 5131331ff2 pkg/posta: ActorDoc.Kind, KeyFile reader, MemoryStore 
- ActorDoc.Kind (optional, max 64 chars per SPEC §5.2.2) round-trips
  through encode/decode and is rejected when over-length.
- LoadKeyFile parses the daemon's keys.json; Current() picks the
  most-recently-created entry; Sign() is a convenience for embedders
  that hold only the file.
- NewMemoryStore returns an in-memory MessageStore that dedups on
  (sender, id) for the given TTL.

posta-server's internal/keys can now import this — out of scope for
this commit (different repo).

Closes posta/spec#1.
2026-05-13 19:26:18 +02:00
cmd add posta.room/v1 action=leave for membership opt-out 2026-05-13 19:23:58 +02:00
examples initial commit 2026-05-10 18:00:14 +02:00
internal capitalize remaining Posta refs; add §13.1.3 surface-unknown-kinds 2026-05-13 18:45:23 +02:00
pkg/posta pkg/posta: ActorDoc.Kind, KeyFile reader, MemoryStore 2026-05-13 19:26:18 +02:00
testdata/vectors add posta.room/v1 action=leave for membership opt-out 2026-05-13 19:23:58 +02:00
.gitignore initial commit 2026-05-10 18:00:14 +02:00
CLAUDE.md initial commit 2026-05-10 18:00:14 +02:00
CONTEXT.md add posta.room/v1 action=leave for membership opt-out 2026-05-13 19:23:58 +02:00
go.mod implement SPEC §4.1 URL canonicalization in pkg/posta 2026-05-12 20:48:28 +02:00
go.sum implement SPEC §4.1 URL canonicalization in pkg/posta 2026-05-12 20:48:28 +02:00
README.md capitalize Posta in prose 2026-05-10 21:05:12 +02:00
SPEC.md add posta.room/v1 action=leave for membership opt-out 2026-05-13 19:23:58 +02:00

README.md

Posta

URL-to-URL messaging with cryptographic origin authentication.

Every participant is a URL. To send Alice a message, you POST to her URL. When her server receives a message claiming to be from Bob, it verifies the signature against the public key Bob publishes at his own URL. No relays, no central directory, no PKI — HTTPS bootstraps the trust.

Quick start

# install
go install <module>/cmd/posta@latest

# first-run setup (interactive: URL, TLS mode, display name)
posta init

# start the daemon (auto-TLS via Let's Encrypt by default)
posta serve

# open the inbox/compose TUI
posta

# one-shot send (for shell pipelines)
echo '{"hello":"world"}' | posta send https://bob.example/inbox

What's in this repo

  • A wire protocol, defined in SPEC.md. Implementable in any language with an HTTP client and Ed25519. Test vectors under testdata/vectors/ are part of the spec.
  • A reference Go implementation as a single binary: HTTPS daemon, bubbletea TUI, SQLite-backed inbox/outbox.
  • Examples under examples/ (Python, JavaScript, Bash) — send and receive in third-party languages, demonstrating the protocol's portability.

Why this exists

If you want to receive a message at https://alice.example/inbox and know with cryptographic certainty that it really came from https://bob.example/inbox, this is the simplest thing that works. No accounts, no shared API keys, no service in the middle.

Design

See CONTEXT.md for the design rationale, vocabulary, and explicit non-goals.

The Go binary is a reference implementation, not the source of truth. Behavior changes require test vector updates. See CLAUDE.md for contributor and AI-agent conventions.

Status

Proposal 1 in development. The wire format it specifies is version 1.

License

TBD.