Add event kind ranges table

clarifying what it means to "replace an event"

01.md

@@ -10,27 +10,27 @@ This NIP defines the basic protocol that should be implemented by everybody. New
 
 ## Events and signatures
 
-Each user has a keypair. Signatures, public key and encodings are done according to the [Schnorr signatures standard for the curve `secp256k1`](https://bips.xyz/340).
+Each user has a keypair. Signatures, public key, and encodings are done according to the [Schnorr signatures standard for the curve `secp256k1`](https://bips.xyz/340).
 
 The only object type that exists is the `event`, which has the following format on the wire:
 
 ```json
 {
-  "id": <32-bytes sha256 of the the serialized event data>
-  "pubkey": <32-bytes hex-encoded public key of the event creator>,
+  "id": <32-bytes lowercase hex-encoded sha256 of the serialized event data>
+  "pubkey": <32-bytes lowercase hex-encoded public key of the event creator>,
   "created_at": <unix timestamp in seconds>,
   "kind": <integer>,
   "tags": [
     ["e", <32-bytes hex of the id of another event>, <recommended relay URL>],
-    ["p", <32-bytes hex of the key>, <recommended relay URL>],
+    ["p", <32-bytes hex of a pubkey>, <recommended relay URL>],
     ... // other kinds of tags may be included later
   ],
   "content": <arbitrary string>,
-  "sig": <64-bytes signature of the sha256 hash of the serialized event data, which is the same as the "id" field>
+  "sig": <64-bytes hex of the signature of the sha256 hash of the serialized event data, which is the same as the "id" field>
 }
 ```
 
-To obtain the `event.id`, we `sha256` the serialized event. The serialization is done over the UTF-8 JSON-serialized string (with no indentation or extra spaces) of the following structure:
+To obtain the `event.id`, we `sha256` the serialized event. The serialization is done over the UTF-8 JSON-serialized string (with no white space or line breaks) of the following structure:
 
 ```json
 [
@@ -55,7 +55,7 @@ Clients can send 3 types of messages, which must be JSON arrays, according to th
   * `["REQ", <subscription_id>, <filters JSON>...]`, used to request events and subscribe to new updates.
   * `["CLOSE", <subscription_id>]`, used to stop previous subscriptions.
 
-`<subscription_id>` is a random string that should be used to represent a subscription.
+`<subscription_id>` is an arbitrary, non-empty string of max length 64 chars, that should be used to represent a subscription.
 
 `<filters>` is a JSON object that determines what events will be sent in that subscription, it can have the following attributes:
 
@@ -66,8 +66,8 @@ Clients can send 3 types of messages, which must be JSON arrays, according to th
   "kinds": <a list of a kind numbers>,
   "#e": <a list of event ids that are referenced in an "e" tag>,
   "#p": <a list of pubkeys that are referenced in a "p" tag>,
-  "since": <a timestamp, events must be newer than this to pass>,
-  "until": <a timestamp, events must be older than this to pass>,
+  "since": <an integer unix timestamp, events must be newer than this to pass>,
+  "until": <an integer unix timestamp, events must be older than this to pass>,
   "limit": <maximum number of events to be returned in the initial query>
 }
 ```
@@ -80,16 +80,16 @@ The `ids` and `authors` lists contain lowercase hexadecimal strings, which may e
 
 All conditions of a filter that are specified must match for an event for it to pass the filter, i.e., multiple conditions are interpreted as `&&` conditions.
 
-A `REQ` message may contain multiple filters. In this case events that match any of the filters are to be returned, i.e., multiple filters are to be interpreted as `||` conditions.
+A `REQ` message may contain multiple filters. In this case, events that match any of the filters are to be returned, i.e., multiple filters are to be interpreted as `||` conditions.
 
-The `limit` property of a filter is only valid for the initial query and can be ignored afterwards. When `limit: n` is present it is assumed that the the events returned in the initial query will be the latest `n` events. It is safe to return less events than `limit` specifies, but it is expected that relays do not return (much) more events than requested so clients don't get unnecessarily overwhelmed by data.
+The `limit` property of a filter is only valid for the initial query and can be ignored afterward. When `limit: n` is present it is assumed that the events returned in the initial query will be the latest `n` events. It is safe to return less events than `limit` specifies, but it is expected that relays do not return (much) more events than requested so clients don't get unnecessarily overwhelmed by data.
 
 ### From relay to client: sending events and notices
 
 Relays can send 2 types of messages, which must also be JSON arrays, according to the following patterns:
 
   * `["EVENT", <subscription_id>, <event JSON as defined above>]`, used to send events requested by clients.
-  * `["NOTICE", <message>]`, used to send human-readable error messages or other things to clients.
+  * `["NOTICE", <message>]`, used to send human-readable error messages or other things to clients. 
 
 This NIP defines no rules for how `NOTICE` messages should be sent or treated.
 
@@ -98,16 +98,13 @@ This NIP defines no rules for how `NOTICE` messages should be sent or treated.
 ## Basic Event Kinds
 
   - `0`: `set_metadata`: the `content` is set to a stringified JSON object `{name: <username>, about: <string>, picture: <url, string>}` describing the user who created the event. A relay may delete past `set_metadata` events once it gets a new one for the same pubkey.
-   * Where `<username>` is a string that matches the pattern: `[\w+\-]` (java regular epression).  Or, in other words, a sequence of the following
-	   characters: `[a-zA-Z_\-0-9]`.  <br>
-	   Thus `George-Washington-1776` is a valid `<username>`, but `George Washington` is not. Clients may reject metadata that does not comply.
-  - `1`: `text_note`: the `content` is set to the text content of a note (anything the user wants to say).
-  - `2`: `recommend_server`: the `content` is set to the URL (e.g., `https://somerelay.com`) of a relay the event creator wants to recommend to its followers.
+  - `1`: `text_note`: the `content` is set to the plaintext content of a note (anything the user wants to say). Markdown links (`[]()` stuff) are not plaintext.
+  - `2`: `recommend_server`: the `content` is set to the URL (e.g., `wss://somerelay.com`) of a relay the event creator wants to recommend to its followers.
 
 A relay may choose to treat different message kinds differently, and it may or may not choose to have a default way to handle kinds it doesn't know about.
 
 ## Other Notes:
 
-- Clients should not open more than one websocket to each relay. It also is advised that clients do not open more than 3 subscriptions to the same relay. 3 is enough for most use cases and relays should impose limits to prevent over usage by clients.
-- The `tags` array can store a tag identifier as the first element of each subarray, plus arbitrary information afterwards (always as strings). This NIP defines `"p"` — meaning "pubkey", which points to a pubkey of someone that is referred to in the event —, and `"e"` — meaning "event", which points to the id of an event this event is quoting, replying to or referring to somehow.
+- Clients should not open more than one websocket to each relay. One channel can support an unlimited number of subscriptions, so clients should do that.
+- The `tags` array can store a tag identifier as the first element of each subarray, plus arbitrary information afterward (always as strings). This NIP defines `"p"` — meaning "pubkey", which points to a pubkey of someone that is referred to in the event —, and `"e"` — meaning "event", which points to the id of an event this event is quoting, replying to or referring to somehow.
 - The `<recommended relay URL>` item present on the `"e"` and `"p"` tags is an optional (could be set to `""`) URL of a relay the client could attempt to connect to fetch the tagged event or other events from a tagged profile. It MAY be ignored, but it exists to increase censorship resistance and make the spread of relay addresses more seamless across clients.

02.md

@@ -4,7 +4,7 @@ NIP-02
 Contact List and Petnames
 -------------------------
 
-`draft` `optional` `author:fiatjaf` `author:arcbtc`
+`final` `optional` `author:fiatjaf` `author:arcbtc`
 
 A special event with kind `3`, meaning "contact list" is defined as having a list of `p` tags, one for each of the followed/known profiles one is following.
 
@@ -22,6 +22,7 @@ For example:
   ],
   "content": "",
   ...other fields
+}
 ```
 
 Every new contact list that gets published overwrites the past ones, so it should contain all entries. Relays and clients SHOULD delete past contact lists as soon as they receive a new one.
@@ -38,7 +39,7 @@ A client may rely on the kind-3 event to display a list of followed people by pr
 
 ### Relay sharing
 
-A client may publish a full list of contacts with good relays for each of their contacts so other clients may use these to update their internal relay lists if needed, increasing censorship-resistant.
+A client may publish a full list of contacts with good relays for each of their contacts so other clients may use these to update their internal relay lists if needed, increasing censorship-resistance.
 
 ### Petname scheme
 

03.md

@@ -10,11 +10,11 @@ When there is an OTS available it MAY be included in the existing event body und
 
 ```
 {
-  id: ...,
-  kind: ...,
+  "id": ...,
+  "kind": ...,
   ...,
   ...,
-  ots: <base64-encoded OTS file data>
+  "ots": <base64-encoded OTS file data>
 }
 ```
 

04.md

@@ -4,7 +4,7 @@ NIP-04
 Encrypted Direct Message
 ------------------------
 
-`draft` `optional` `author:arcbtc`
+`final` `optional` `author:arcbtc`
 
 A special event with kind `4`, meaning "encrypted direct message". It is supposed to have the following attributes:
 
@@ -14,19 +14,21 @@ A special event with kind `4`, meaning "encrypted direct message". It is suppose
 
 **`tags`** MAY contain an entry identifying the previous message in a conversation or a message we are explicitly replying to (such that contextual, more organized conversations may happen), in the form `["e", "<event_id>"]`.
 
+**Note**: By default in the [libsecp256k1](https://github.com/bitcoin-core/secp256k1) ECDH implementation, the secret is the SHA256 hash of the shared point (both X and Y coordinates). In Nostr, only the X coordinate of the shared point is used as the secret and it is NOT hashed. If using libsecp256k1, a custom function that copies the X coordinate must be passed as the `hashfp` argument in `secp256k1_ecdh`. See [here](https://github.com/bitcoin-core/secp256k1/blob/master/src/modules/ecdh/main_impl.h#L29).
+
 Code sample for generating such an event in JavaScript:
 
 ```js
 import crypto from 'crypto'
-import * as secp from 'noble-secp256k1'
+import * as secp from '@noble/secp256k1'
 
 let sharedPoint = secp.getSharedSecret(ourPrivateKey, '02' + theirPublicKey)
-let sharedX = sharedPoint.substr(2, 64)
+let sharedX = sharedPoint.slice(1, 33)
 
 let iv = crypto.randomFillSync(new Uint8Array(16))
 var cipher = crypto.createCipheriv(
   'aes-256-cbc',
-  Buffer.from(sharedX, 'hex'),
+  Buffer.from(sharedX),
   iv
 )
 let encryptedMessage = cipher.update(text, 'utf8', 'base64')
@@ -41,3 +43,11 @@ let event = {
   content: encryptedMessage + '?iv=' + ivBase64
 }
 ```
+
+## Security Warning
+
+This standard does not go anywhere near what is considered the state-of-the-art in encrypted communication between peers, and it leaks metadata in the events, therefore it must not be used for anything you really need to keep secret, and only with relays that use `AUTH` to restrict who can fetch your `kind:4` events.
+
+## Client Implementation Warning
+
+Client's *should not* search and replace public key or note references from the `.content`. If processed like a regular text note (where `@npub...` is replaced with `#[0]` with a `["p", "..."]` tag) the tags are leaked and the mentioned user will receive the message in their inbox.

05.md

@@ -4,13 +4,13 @@ NIP-05
 Mapping Nostr keys to DNS-based internet identifiers
 ----------------------------------------------------
 
-`draft` `optional` `author:fiatjaf`
+`final` `optional` `author:fiatjaf` `author:mikedilger`
 
-On events of type `0` (`set_metadata`) one can specify the key `"nip05"` with an [internet identifier](https://datatracker.ietf.org/doc/html/rfc5322#section-3.4.1) (an email-like address) as the value. Although there is a link to a very liberal "internet identifier" specification above, NIP-05 assumes the `<local-part>` part will be restricted to the characters `a-z0-9-_.`, case insensitive.
+On events of kind `0` (`set_metadata`) one can specify the key `"nip05"` with an [internet identifier](https://datatracker.ietf.org/doc/html/rfc5322#section-3.4.1) (an email-like address) as the value. Although there is a link to a very liberal "internet identifier" specification above, NIP-05 assumes the `<local-part>` part will be restricted to the characters `a-z0-9-_.`, case insensitive.
 
 Upon seeing that, the client splits the identifier into `<local-part>` and `<domain>` and use these values to make a GET request to `https://<domain>/.well-known/nostr.json?name=<local-part>`.
 
-The result should be a JSON document object with a key `"names"` that should then be a mapping of names to public keys. If the public key for the given `<name>` matches the `pubkey` from the `set_metadata` event, the client then concludes that the given pubkey can indeed be referenced by its identifier.
+The result should be a JSON document object with a key `"names"` that should then be a mapping of names to hex formatted public keys. If the public key for the given `<name>` matches the `pubkey` from the `set_metadata` event, the client then concludes that the given pubkey can indeed be referenced by its identifier.
 
 ### Example
 
@@ -33,19 +33,46 @@ It will make a GET request to `https://example.com/.well-known/nostr.json?name=b
     "bob": "b0635d6a9851d3aed0cd6c495b282167acf761729078d975fc341b22650b07b9"
   }
 }
-```
+````
 
-That will mean everything is alright.
+or with the **optional** `"relays"` attribute:
+
+```json
+{
+  "names": {
+    "bob": "b0635d6a9851d3aed0cd6c495b282167acf761729078d975fc341b22650b07b9"
+  },
+  "relays": {
+    "b0635d6a9851d3aed0cd6c495b282167acf761729078d975fc341b22650b07b9": [ "wss://relay.example.com", "wss://relay2.example.com" ]
+  }
+}
+````
+
+If the pubkey matches the one given in `"names"` (as in the example above) that means the association is right and the `"nip05"` identifier is valid and can be displayed.
+
+The optional `"relays"` attribute may contain an object with public keys as properties and arrays of relay URLs as values. When present, that can be used to help clients learn in which relays that user may be found. Web servers which serve `/.well-known/nostr.json` files dynamically based on the query string SHOULD also serve the relays data for any name they serve in the same reply when that is available.
+
+## Finding users from their NIP-05 identifier
+
+A client may implement support for finding users' public keys from _internet identifiers_, the flow is the same as above, but reversed: first the client fetches the _well-known_ URL and from there it gets the public key of the user, then it tries to fetch the kind `0` event for that user and check if it has a matching `"nip05"`.
 
 ## Notes
 
+### Clients must always follow public keys, not NIP-05 addresses
+
+For example, if after finding that `bob@bob.com` has the public key `abc...def`, the user clicks a button to follow that profile, the client must keep a primary reference to `abc...def`, not `bob@bob.com`. If, for any reason, the address `https://bob.com/.well-known/nostr.json?name=bob` starts returning the public key `1d2...e3f` at any time in the future, the client must not replace `abc...def` in his list of followed profiles for the user (but it should stop displaying "bob@bob.com" for that user, as that will have become an invalid `"nip05"` property).
+
+### Public keys must be in hex format
+
+Keys must be returned in hex format. Keys in NIP-19 `npub` format are are only meant to be used for display in client UIs, not in this NIP.
+
 ### User Discovery implementation suggestion
 
 A client can also use this to allow users to search other profiles. If a client has a search box or something like that, a user may be able to type "bob@example.com" there and the client would recognize that and do the proper queries to obtain a pubkey and suggest that to the user.
 
 ### Showing just the domain as an identifier
 
-Clients may treat the identifier `_@domain` as the "root" identifier, and choose to display it as just the `<domain>`. For example, if Bob owns `bob.com`, he may not want an identifier like `bob@bob.com` as that is redundant. Instead Bob can use the identifier `_@bob.com` and expect Nostr clients to show and treat that as just `bob.com` for all purposes.
+Clients may treat the identifier `_@domain` as the "root" identifier, and choose to display it as just the `<domain>`. For example, if Bob owns `bob.com`, he may not want an identifier like `bob@bob.com` as that is redundant. Instead, Bob can use the identifier `_@bob.com` and expect Nostr clients to show and treat that as just `bob.com` for all purposes.
 
 ### Reasoning for the `/.well-known/nostr.json?name=<local-part>` format
 
@@ -53,13 +80,19 @@ By adding the `<local-part>` as a query string instead of as part of the path th
 
 ### Allowing access from JavaScript apps
 
-JavaScript Nostr apps may be restricted by browser [CORS][] policies that prevent them from accesing `/.well-known/nostr.json` on the user's domain. When CORS prevents JS from loading a resource, the JS program sees it as a network failure identical to the resource not existing, so it is not possible for a pure-JS app to tell the user for certain that the failure was caused by a CORS issue. JS Nostr apps that see network failures requesting `/.well-known/nostr.json` files may want to recommend to users that they check the CORS policy of their servers, e.g.:
+JavaScript Nostr apps may be restricted by browser [CORS][] policies that prevent them from accessing `/.well-known/nostr.json` on the user's domain. When CORS prevents JS from loading a resource, the JS program sees it as a network failure identical to the resource not existing, so it is not possible for a pure-JS app to tell the user for certain that the failure was caused by a CORS issue. JS Nostr apps that see network failures requesting `/.well-known/nostr.json` files may want to recommend to users that they check the CORS policy of their servers, e.g.:
 
 ```bash
-$ curl -sI https://example.com/.well-known/nostr.json?name=bob | grep ^Access-Control
+$ curl -sI https://example.com/.well-known/nostr.json?name=bob | grep -i ^Access-Control
 Access-Control-Allow-Origin: *
 ```
 
 Users should ensure that their `/.well-known/nostr.json` is served with the HTTP header `Access-Control-Allow-Origin: *` to ensure it can be validated by pure JS apps running in modern browsers.
 
 [CORS]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
+
+### Security Constraints
+
+The `/.well-known/nostr.json` endpoint MUST NOT return any HTTP redirects.
+
+Fetchers MUST ignore any HTTP redirects given by the `/.well-known/nostr.json` endpoint.

07.md

@@ -12,9 +12,20 @@ That object must define the following methods:
 
 ```
 async window.nostr.getPublicKey(): string // returns a public key as hex
-async window.nostr.signEvent(event: Event): Event // takes an event object and returns it with the `sig`
+async window.nostr.signEvent(event: Event): Event // takes an event object, adds `id`, `pubkey` and `sig` and returns it
 ```
 
-### Implementation example
+Aside from these two basic above, the following functions can also be implemented optionally:
+```
+async window.nostr.getRelays(): { [url: string]: {read: boolean, write: boolean} } // returns a basic map of relay urls to relay policies
+async window.nostr.nip04.encrypt(pubkey, plaintext): string // returns ciphertext and iv as specified in nip-04
+async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext and iv as specified in nip-04
+```
 
-- [nos2x](https://github.com/fiatjaf/nos2x) is available as a Chromium (and partially Firefox) extension that provides such capabilities.
+### Implementation
+
+- [nos2x](https://github.com/fiatjaf/nos2x) (Chrome and derivatives)
+- [Alby](https://getalby.com) (Chrome and derivatives, Firefox, Safari)
+- [Blockcore](https://www.blockcore.net/wallet) (Chrome and derivatives)
+- [nos2x-fox](https://diegogurpegui.com/nos2x-fox/) (Firefox)
+- [Flamingo](https://www.getflamingo.org/) (Chrome and derivatives)

08.md

@@ -1,10 +1,12 @@
+> __Warning__  `unrecommended`: deprecated in favor of NIP-27
+
 NIP-08
 ======
 
 Handling Mentions
 -----------------
 
-`draft` `optional` `author:fiatjaf` `author:scsibug`
+`final` `unrecommended` `optional` `author:fiatjaf` `author:scsibug`
 
 This document standardizes the treatment given by clients of inline mentions of other events and pubkeys inside the content of `text_note`s.
 
@@ -15,3 +17,5 @@ Once a mention is identified, for example, the pubkey `27866e9d854c78ae625b867ee
 The same process applies for mentioning event IDs.
 
 A client that receives a `text_note` event with such `#[index]` mentions in its `.content` CAN do a search-and-replace using the actual contents from the `.tags` array with the actual pubkey or event ID that is mentioned, doing any desired context augmentation (for example, linking to the pubkey or showing a preview of the mentioned event contents) it wants in the process.
+
+Where `#[index]` has an `index` that is outside the range of the tags array or points to a tag that is not an `e` or `p` tag or a tag otherwise declared to support this notation, the client MUST NOT perform such replacement or augmentation, but instead display it as normal text.

09.md

@@ -27,11 +27,13 @@ For example:
 }
 ```
 
-Relays MAY delete or stop publishing any referenced events that have an identical `pubkey` as the deletion request.  Clients may hide or otherwise indicate a deletion status for referenced events.
+Relays SHOULD delete or stop publishing any referenced events that have an identical `id` as the deletion request.  Clients SHOULD hide or otherwise indicate a deletion status for referenced events.
+
+Relays SHOULD continue to publish/share the deletion events indefinitely, as clients may already have the event that's intended to be deleted. Additionally, clients SHOULD broadcast deletion events to other relays which don't have it.
 
 ## Client Usage
 
-Clients MAY choose to fully hide any events that are referenced by valid deletion events.  This includes text notes, direct messages, or other yet-to-be defined event kinds.  Alternatively, they MAY show the event along with an icon or other indication that the author has "disowned" the event.  The `content` field MAY also be used to replace the deleted events own content, although a user interface should clearly indicate that this is a deletion reason, not the original content.
+Clients MAY choose to fully hide any events that are referenced by valid deletion events.  This includes text notes, direct messages, or other yet-to-be defined event kinds.  Alternatively, they MAY show the event along with an icon or other indication that the author has "disowned" the event.  The `content` field MAY also be used to replace the deleted event's own content, although a user interface should clearly indicate that this is a deletion reason, not the original content.
 
 A client MUST validate that each event `pubkey` referenced in the `e` tag of the deletion request is identical to the deletion request `pubkey`, before hiding or deleting any event.  Relays can not, in general, perform this validation and should not be treated as authoritative.
 

10.md

@@ -13,7 +13,7 @@ This NIP describes how to use "e" and "p" tags in text events, especially those
 ## Positional "e" tags (DEPRECATED)
 >This scheme is in common use; but should be considered deprecated.
 
-`["e", <event-id> <relay-url>]`  as per NIP-01.
+`["e", <event-id>, <relay-url>]`  as per NIP-01.
 
 Where:
 
@@ -26,35 +26,37 @@ Where:
  This event is not a reply to, nor does it refer to, any other event.
 
  * One "e" tag: <br>
- `["e",<id>]`: The id of the event to which this event is a reply.
+ `["e", <id>]`: The id of the event to which this event is a reply.
 
- * Two "e" tags:  `["e",<root-id>]`, `["e",<reply-id>]` <br>
+ * Two "e" tags:  `["e", <root-id>]`, `["e", <reply-id>]` <br>
  `<root-id>` is the id of the event at the root of the reply chain.  `<reply-id>` is the id of the article to which this event is a reply.  
 
- * Many "e" tags: `["e",<root-id>]` `["e",<mention-id>]`, ..., `["e",<reply-id>]`<br>
+ * Many "e" tags: `["e", <root-id>]` `["e", <mention-id>]`, ..., `["e", <reply-id>]`<br>
 There may be any number of `<mention-ids>`.  These are the ids of events which may, or may not be in the reply chain.  
 They are citings from this event.  `root-id` and `reply-id` are as above.
 
 >This scheme is deprecated because it creates ambiguities that are difficult, or impossible to resolve when an event references another but is not a reply.
 
 ## Marked "e" tags (PREFERRED)
-`["e", <event-id> <relay-url> <marker>]`  
+`["e", <event-id>, <relay-url>, <marker>]`  
 	
 Where:
 
  * `<event-id>` is the id of the event being referenced.
- * `<relay-url>` is the URL of a recommended relay associated with the reference.  It is NOT optional.
- * `<marker>` is optional and if present is one of `"reply"` or `"root"`
+ * `<relay-url>` is the URL of a recommended relay associated with the reference. Clients SHOULD add a valid `<relay-URL>` field, but may instead leave it as `""`.
+ * `<marker>` is optional and if present is one of `"reply"`, `"root"`, or `"mention"`.
 
-**The order of marked "e" tags is not relevant.**  Those marked with `"reply"` denote the `<reply-id>`.  Those marked with `"root"` denote the root id of the reply thread.
+**The order of marked "e" tags is not relevant.**  Those marked with `"reply"` denote the id of the reply event being responded to.  Those marked with `"root"` denote the root id of the reply thread being responded to. For top level replies (those replying directly to the root event), only the `"root"` marker should be used. Those marked with `"mention"` denote a quoted or reposted event id.
 
->This scheme is preferred because it allows events to mention others without confusing them with `<relay-id>` or `<root-id>`.  
+A direct reply to the root of a thread should have a single marked "e" tag of type "root".
+
+>This scheme is preferred because it allows events to mention others without confusing them with `<reply-id>` or `<root-id>`.  
 
 
 ## The "p" tag
 Used in a text event contains a list of pubkeys used to record who is involved in a reply thread.
 
-When replying to a text event E the reply event's "p" tags should contain all of E's "p" tags as well as the `"pubkey"` of the of the event being replied to.  
+When replying to a text event E the reply event's "p" tags should contain all of E's "p" tags as well as the `"pubkey"` of the event being replied to.  
 
 Example:  Given a text event authored by `a1` with "p" tags [`p1`, `p2`, `p3`] then the "p" tags of the reply should be [`a1`, `p1`, `p2`, `p3`] 
 in no particular order.

11.md

@@ -4,7 +4,7 @@ NIP-11
 Relay Information Document
 ---------------------------
 
-`draft` `optional` `author:scsibug`
+`draft` `optional` `author:scsibug` `author:doc-hex` `author:cameri`
 
 Relays may provide server metadata to clients to inform them of capabilities, administrative contacts, and various server attributes.  This is made available as a JSON document over HTTP, on the same URI as the relay's websocket.
 
@@ -12,17 +12,17 @@ When a relay receives an HTTP(s) request with an `Accept` header of `application
 
 ```json
 {
-  name: <string identifying relay>,
-  description: <string with detailed information>,
-  pubkey: <administrative contact pubkey>,
-  contact: <administrative alternate contact>,
-  supported_nips: <a list of NIP numbers supported by the relay>,
-  software: <string identifying relay software URL>,
-  version: <string version identifier>
+  "name": <string identifying relay>,
+  "description": <string with detailed information>,
+  "pubkey": <administrative contact pubkey>,
+  "contact": <administrative alternate contact>,
+  "supported_nips": <a list of NIP numbers supported by the relay>,
+  "software": <string identifying relay software URL>,
+  "version": <string version identifier>
 }
 ```
 
-Any field may be omitted, and clients MUST ignore any additional fields they do not understand.
+Any field may be omitted, and clients MUST ignore any additional fields they do not understand. Relays MUST accept CORS requests by sending `Access-Control-Allow-Origin`, `Access-Control-Allow-Headers`, and `Access-Control-Allow-Methods` headers.
 
 Field Descriptions
 -----------------
@@ -47,7 +47,7 @@ An alternative contact may be listed under the `contact` field as well, with the
 
 ### Supported NIPs ###
 
-As the Nostr protocol evolves, some functionality may only be available by relays that implement a specific `NIP`.  This field is an array of the integer identifiers of `NIP`s that are implemented in the relay.  Examples would include `1`, for `"NIP-01"` and `9`, for `"NIP-09"`.  Client-side `NIPs` SHOULD not be advertised, and can be ignored by clients.
+As the Nostr protocol evolves, some functionality may only be available by relays that implement a specific `NIP`.  This field is an array of the integer identifiers of `NIP`s that are implemented in the relay.  Examples would include `1`, for `"NIP-01"` and `9`, for `"NIP-09"`.  Client-side `NIPs` SHOULD NOT be advertised, and can be ignored by clients.
 
 ### Software ###
 
@@ -56,3 +56,200 @@ The relay server implementation MAY be provided in the `software` attribute.  If
 ### Version ###
 
 The relay MAY choose to publish its software version as a string attribute.  The string format is defined by the relay implementation.  It is recommended this be a version number or commit identifier.
+
+Extra Fields
+-----------------
+
+### Server Limitations ###
+
+These are limitations imposed by the relay on clients. Your client
+should expect that requests which exceed these *practical* limitations
+are rejected or fail immediately.
+
+```json
+{
+...
+  limitation: {
+        max_message_length: 16384,
+        max_subscriptions: 20,
+        max_filters: 100,
+        max_limit: 5000,
+        max_subid_length: 100,
+        min_prefix: 4,
+        max_event_tags: 100,
+        max_content_length: 8196,
+        min_pow_difficulty: 30,
+        auth_required: true,
+        payment_required: true,
+  }
+...
+}
+```
+
+- `max_message_length`: this is the maximum number of bytes for incoming JSON that the relay
+will attempt to decode and act upon. When you send large subscriptions, you will be
+limited by this value. It also effectively limits the maximum size of any event. Value is
+calculated from `[` to `]` and is after UTF-8 serialization (so some unicode characters
+will cost 2-3 bytes). It is equal to the maximum size of the WebSocket message frame.
+
+- `max_subscriptions`: total number of subscriptions that may be
+active on a single websocket connection to this relay. It's possible
+that authenticated clients with a (paid) relationship to the relay
+may have higher limits.
+
+- `max_filters`: maximum number of filter values in each subscription.
+Must be one or higher.
+
+- `max_subid_length`: maximum length of subscription id as a string.
+
+- `min_prefix`: for `authors` and `ids` filters which are to match against
+a hex prefix, you must provide at least this many hex digits in the prefix.
+
+- `max_limit`: the relay server will clamp each filter's `limit` value to this number.
+This means the client won't be able to get more than this number
+of events from a single subscription filter. This clamping is typically done silently
+by the relay, but with this number, you can know that there are additional results
+if you narrowed your filter's time range or other parameters.
+
+- `max_event_tags`: in any event, this is the maximum number of elements in the `tags` list.
+
+- `max_content_length`: maximum number of characters in the `content`
+field of any event. This is a count of unicode characters. After
+serializing into JSON it may be larger (in bytes), and is still
+subject to the `max_message_length`, if defined.
+
+- `min_pow_difficulty`: new events will require at least this difficulty of PoW, 
+based on [NIP-13](13.md), or they will be rejected by this server.
+
+- `auth_required`: this relay requires [NIP-42](42.md) authentication
+to happen before a new connection may perform any other action.
+Even if set to False, authentication may be required for specific actions.
+
+- `payment_required`: this relay requires payment before a new connection may perform any action.
+
+### Event Retention ###
+
+There may be a cost associated with storing data forever, so relays 
+may wish to state retention times. The values stated here are defaults
+for unauthenticated users and visitors. Paid users would likely have
+other policies.
+
+Retention times are given in seconds, with `null` indicating infinity.
+If zero is provided, this means the event will not be stored at
+all, and preferably an error will be provided when those are received.
+
+```json
+{
+...
+  retention: [
+    { kinds: [0, 1, [5, 7], [40, 49]], time: 3600 },
+    { kinds: [[40000, 49999], time: 100 },
+    { kinds: [[30000, 39999], count: 1000 },
+    { time: 3600, count: 10000 }
+  ]
+...
+}
+```
+
+`retention` is a list of specifications: each will apply to either all kinds, or 
+a subset of kinds. Ranges may be specified for the kind field as a tuple of inclusive
+start and end values. Events of indicated kind (or all) are then limited to a `count`
+and or time period.
+
+It is possible to effectively blacklist Nostr-based protocols that rely on
+a specific `kind` number, by giving a retention time of zero for those `kind` values.
+While that is unfortunate, it does allow clients to discover servers that will
+support their protocol quickly via a single HTTP fetch.
+
+There is no need to specify retention times for _ephemeral events_ as defined
+in [NIP-16](16.md) since they are not retained.
+
+
+### Content Limitations ###
+
+Some relays may be governed by the arbitrary laws of a nation state. This
+may limit what content can be stored in cleartext on those relays. All
+clients are encouraged to use encryption to work around this limitation.
+
+It is not possible to describe the limitations of each country's laws
+and policies which themselves are typically vague and constantly shifting.
+
+Therefore, this field allows the relay operator to indicate which
+country's' laws might end up being enforced on them, and then
+indirectly on their users's content.
+
+Users should be able to avoid relays in countries they don't like,
+and/or select relays in more favourable zones. Exposing this
+flexibility is up to the client software.
+
+```json
+{
+...
+  relay_countries: [ 'CA', 'US' ],
+...
+}
+```
+
+- `relay_countries`: a list of two-level ISO country codes (ISO 3166-1 alpha-2)  whose
+  laws and policies may affect this relay. `EU` may be used for European Union countries.
+
+Remember that a relay may be hosted in a country which is not the
+country of the legal entities who own the relay, so it's very
+likely a number of countries are involved.
+
+
+### Community Preferences ###
+
+For public text notes at least, a relay may try to foster a
+local community. This would encourage users to follow the global
+feed on that relay, in addition to their usual individual follows.
+To support this goal, relays MAY specify some of the following values.
+
+```json
+{
+...
+  language_tags: [ 'en', 'en-419' ],
+  tags: [ 'sfw-only', 'bitcoin-only', 'anime' ],
+  posting_policy: 'https://example.com/posting-policy.html',
+...
+}
+```
+
+- `language_tags` is an ordered list
+  of [IETF language tags](https://en.wikipedia.org/wiki/IETF_language_tag) indicating
+  the major languages spoken on the relay.
+
+- `tags` is a list of limitations on the topics to be discussed.
+  For example `sfw-only` indicates hat only "Safe For Work" content
+  is encouraged on this relay. This relies on assumptions of what the
+  "work" "community" feels "safe" talking about. In time, a common
+  set of tags may emerge that allow users to find relays that suit
+  their needs, and client software will be able to parse these tags easily.
+  The `bitcoin-only` tag indicates that any *altcoin*, *"crypto"* or *blockchain*
+  comments will be ridiculed without mercy.
+
+- `posting_policy` is a link to a human-readable page which specifies the
+  community policies for the relay. In cases where `sfw-only` is True, it's
+  important to link to a page which gets into the specifics of your posting policy.
+
+The `description` field should be used to describe your community
+goals and values, in brief. The `posting_policy` is for additional
+detail and legal terms. Use the `tags` field to signify limitations
+on content, or topics to be discussed, which could be machine
+processed by appropriate client software.
+
+### Pay-To-Relay ###
+
+Relays that require payments may want to expose their fee schedules.
+
+```json
+{
+...
+  payments_url: "https://my-relay/payments",
+  fees: {
+    "admission": [{ amount: 1000000, unit: 'msats' }],
+    "subscription": [{ amount: 5000000, unit: 'msats', period: 2592000 }],
+    "publication": [{ kinds: [4], amount: 100, unit: 'msats' }],
+  },
+...
+}

13.md

@@ -6,7 +6,7 @@ Proof of Work
 
 `draft` `optional` `author:jb55` `author:cameri`
 
-This NIP defines a way to generate and interpret Proof of Work for nostr notes. Proof of Work (PoW) is a way to add a proof of computational work to a note. This is a bearer proof which all relays and clients can universally validate with a small amount of code. This proof can be used as a means of spam deterrence.
+This NIP defines a way to generate and interpret Proof of Work for nostr notes. Proof of Work (PoW) is a way to add a proof of computational work to a note. This is a bearer proof that all relays and clients can universally validate with a small amount of code. This proof can be used as a means of spam deterrence.
 
 `difficulty` is defined to be the number of leading zero bits in the `NIP-01` id. For example, an id of `000000000e9d97a1ab09fc381030b346cdd7a142ad57e6df0b46dc9bef6c7e2d` has a difficulty of `36` with `36` leading 0 bits.
 
@@ -90,4 +90,4 @@ $ echo '["REQ", "subid", {"ids": ["000000000"]}]'  | websocat wss://some-relay.c
 Delegated Proof of Work
 -----------------------
 
-Since the `NIP-01` note id does not commit to any signature, PoW can be outsourced to PoW providers, perhaps for a fee. This provides a way for clients to get their messages out to PoW restricted relays without having to do any work themselves, which is useful for energy constrained devices like on mobile
+Since the `NIP-01` note id does not commit to any signature, PoW can be outsourced to PoW providers, perhaps for a fee. This provides a way for clients to get their messages out to PoW-restricted relays without having to do any work themselves, which is useful for energy constrained devices like on mobile

15.md

@@ -4,7 +4,7 @@ NIP-15
 End of Stored Events Notice
 ---------------------------
 
-`draft` `optional` `author:Semisol`
+`final` `optional` `author:Semisol`
 
 Relays may support notifying clients when all stored events have been sent.
 

16.md

@@ -8,10 +8,17 @@ Event Treatment
 
 Relays may decide to allow replaceable and/or ephemeral events.
 
+Regular Events
+------------------
+A *regular event* is defined as an event with a kind `1000 <= n < 10000`.
+Upon a regular event being received, the relay SHOULD send it to all clients with a matching filter, and SHOULD store it. New events of the same kind do not affect previous events in any way.
+
 Replaceable Events
 ------------------
 A *replaceable event* is defined as an event with a kind `10000 <= n < 20000`.
-Upon a replaceable event with a newer timestamp than the currently known latest replaceable event with the same kind, the old event SHOULD be discarded and replaced with the newer event.
+Upon a replaceable event with a newer timestamp than the currently known latest replaceable event with the same kind and author being received, the old event SHOULD be discarded,
+effectively replacing what gets returned when querying for
+`author:kind` tuples.
 
 Ephemeral Events
 ----------------
@@ -21,7 +28,7 @@ Upon an ephemeral event being received, the relay SHOULD send it to all clients
 Client Behavior
 ---------------
 
-Clients SHOULD use the `supported_nips` field to learn if a relay supports generic tag queries.  Clients SHOULD NOT send ephemeral events to relays that do not support this NIP; they will most likely be persisted.  Clients MAY send replaceable events to relays that may not support this NIP, and clients querying SHOULD be prepared for the relay to send multiple events and should use the latest one.  
+Clients SHOULD use the `supported_nips` field to learn if a relay supports this NIP.  Clients SHOULD NOT send ephemeral events to relays that do not support this NIP; they will most likely be persisted.  Clients MAY send replaceable events to relays that may not support this NIP, and clients querying SHOULD be prepared for the relay to send multiple events and should use the latest one.  
 
 Suggested Use Cases
 -------------------

19.md

@@ -0,0 +1,68 @@
+NIP-19
+======
+
+bech32-encoded entities
+-----------------------
+
+`draft` `optional` `author:jb55` `author:fiatjaf` `author:Semisol`
+
+This NIP standardizes bech32-formatted strings that can be used to display keys, ids and other information in clients. These formats are not meant to be used anywhere in the core protocol, they are only meant for displaying to users, copy-pasting, sharing, rendering QR codes and inputting data.
+
+It is recommended that ids and keys are stored in either hex or binary format, since these formats are closer to what must actually be used the core protocol.
+
+## Bare keys and ids
+
+To prevent confusion and mixing between private keys, public keys and event ids, which are all 32 byte strings. bech32-(not-m) encoding with different prefixes can be used for each of these entities.
+
+These are the possible bech32 prefixes:
+
+  - `npub`: public keys
+  - `nsec`: private keys
+  - `note`: note ids
+
+Example: the hex public key `3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d` translates to `npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6`.
+
+The bech32 encodings of keys and ids are not meant to be used inside the standard NIP-01 event formats or inside the filters, they're meant for human-friendlier display and input only. Clients should still accept keys in both hex and npub format for now, and convert internally.
+
+## Shareable identifiers with extra metadata
+
+When sharing a profile or an event, an app may decide to include relay information and other metadata such that other apps can locate and display these entities more easily.
+
+For these events, the contents are a binary-encoded list of `TLV` (type-length-value), with `T` and `L` being 1 byte each (`uint8`, i.e. a number in the range of 0-255), and `V` being a sequence of bytes of the size indicated by `L`.
+
+These are the possible bech32 prefixes with `TLV`:
+
+  - `nprofile`: a nostr profile
+  - `nevent`: a nostr event
+  - `nrelay`: a nostr relay
+  - `naddr`: a nostr parameterized replaceable event coordinate (NIP-33)
+
+These possible standardized `TLV` types are indicated here:
+
+- `0`: `special`
+  - depends on the bech32 prefix:
+    - for `nprofile` it will be the 32 bytes of the profile public key
+    - for `nevent` it will be the 32 bytes of the event id
+    - for `nrelay`, this is the relay URL
+    - for `naddr`, it is the identifier (the `"d"` tag) of the event being referenced
+- `1`: `relay`
+  - for `nprofile`, `nevent` and `naddr`, _optionally_, a relay in which the entity (profile or event) is more likely to be found, encoded as ascii
+  - this may be included multiple times
+- `2`: `author`
+  - for `naddr`, the 32 bytes of the pubkey of the event
+  - for `nevent`, _optionally_, the 32 bytes of the pubkey of the event
+- `3`: `kind`
+  - for `naddr`, the 32-bit unsigned integer of the kind, big-endian
+
+## Examples
+
+- `npub10elfcs4fr0l0r8af98jlmgdh9c8tcxjvz9qkw038js35mp4dma8qzvjptg` should decode into the public key hex `7e7e9c42a91bfef19fa929e5fda1b72e0ebc1a4c1141673e2794234d86addf4e` and vice-versa
+- `nsec1vl029mgpspedva04g90vltkh6fvh240zqtv9k0t9af8935ke9laqsnlfe5` should decode into the private key hex `67dea2ed018072d675f5415ecfaed7d2597555e202d85b3d65ea4e58d2d92ffa` and vice-versa
+- `nprofile1qqsrhuxx8l9ex335q7he0f09aej04zpazpl0ne2cgukyawd24mayt8gpp4mhxue69uhhytnc9e3k7mgpz4mhxue69uhkg6nzv9ejuumpv34kytnrdaksjlyr9p` should decode into a profile with the following TLV items:
+  - pubkey: `3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d`
+  - relay: `wss://r.x.com`
+  - relay: `wss://djbas.sadkb.com`
+
+## Notes
+
+- `npub` keys MUST NOT be used in NIP-01 events or in NIP-05 JSON responses, only the hex format is supported there.

20.md

@@ -1,50 +1,93 @@
 NIP-20
 ======
 
-Web Comments
-------------
 
-`draft` `optional` `author:fiatjaf`
+Command Results
+---------------
 
-A special event with kind `34` is defined, meaning "web comment".
+`draft` `optional` `author:jb55`
 
-Events of this kind should have at least one `r` tag with the value set to the normalized URL of the webpage they're commenting in.
+When submitting events to relays, clients currently have no way to know if an event was successfully committed to the database. This NIP introduces the concept of command results which are like NOTICE's except provide more information about if an event was accepted or rejected.
 
-The content should be the plaintext of the comment.
+A command result is a JSON object with the following structure that is returned when an event is successfully saved to the database or rejected:
 
-For example:
+    ["OK", <event_id>, <true|false>, <message>]
 
-```json
-{
-  "kind": 34,
-  "tags": [
-    ["r", "https://random.blog/article"]
-  ],
-  "content": "I didn't like this article.",
-  ...other fields
-```
+Relays MUST return `true` when the event is a duplicate and has already been saved. The `message` SHOULD start with `duplicate:` in this case.
 
-URL Normalization
+Relays MUST return `false` when the event was rejected and not saved.
+
+The `message` SHOULD provide additional information as to why the command succeeded or failed.
+
+The `message` SHOULD start with `blocked:` if the pubkey or network address has been blocked, banned, or is not on a whitelist.
+
+The `message` SHOULD start with `invalid:` if the event is invalid or doesn't meet some specific criteria (created_at is too far off, id is wrong, signature is wrong, etc)
+
+The `message` SHOULD start with `pow:` if the event doesn't meet some proof-of-work difficulty. The client MAY consult the relay metadata at this point to retrieve the required posting difficulty.
+
+The `message` SHOULD start with `rate-limited:` if the event was rejected due to rate limiting techniques.
+
+The `message` SHOULD start with `error:` if the event failed to save due to a server issue.
+
+Ephemeral events are not acknowledged with OK responses, unless there is a failure.
+
+If the event or `EVENT` command is malformed and could not be parsed, a NOTICE message SHOULD be used instead of a command result. This NIP only applies to non-malformed EVENT commands.
+
+
+Examples
+--------
+
+Event successfully written to the database:
+
+    ["OK", "b1a649ebe8b435ec71d3784793f3bbf4b93e64e17568a741aecd4c7ddeafce30", true, ""]
+
+Event successfully written to the database because of a reason:
+
+    ["OK", "b1a649ebe8b435ec71d3784793f3bbf4b93e64e17568a741aecd4c7ddeafce30", true, "pow: difficulty 25>=24"]
+
+Event blocked due to ip filter
+
+    ["OK", "b1a649ebe8...", false, "blocked: tor exit nodes not allowed"]
+
+Event blocked due to pubkey ban
+
+    ["OK", "b1a649ebe8...", false, "blocked: you are banned from posting here"]
+
+Event blocked, pubkey not registered
+
+    ["OK", "b1a649ebe8...", false, "blocked: please register your pubkey at https://my-expensive-relay.example.com"]
+
+Event rejected, rate limited
+
+    ["OK", "b1a649ebe8...", false, "rate-limited: slow down there chief"]
+
+Event rejected, `created_at` too far off
+
+    ["OK", "b1a649ebe8...", false, "invalid: event creation date is too far off from the current time. Is your system clock in sync?"]
+
+Event rejected, insufficient proof-of-work difficulty
+
+    ["OK", "b1a649ebe8...", false, "pow: difficulty 26 is less than 30"]
+
+Event failed to save, 
+
+    ["OK", "b1a649ebe8...", false, "error: could not connect to the database"]
+
+
+
+Client Handling
+---------------
+
+`messages` are meant for humans, with `reason:` prefixes so that clients can be slightly more intelligent with what to do with them. For example, with a `rate-limited:` reason the client may not show anything and simply try again with a longer timeout.
+
+For the `pow:` prefix it may query relay metadata to get the updated difficulty requirement and try again in the background.
+
+For the `invalid:` and `blocked:` prefix the client may wish to show these as styled error popups.
+
+The prefixes include a colon so that the message can be cleanly separated from the prefix by taking everything after `:` and trimming it.
+
+
+Future Extensions
 -----------------
 
-Early prototypes have been using the following naïve URL normalization algorithm:
-
-```js
-export function normalizeURL(raw) {
-  let url = new URL(raw)
-  return (
-    url.origin
-      .replace('://m.', '://') // remove known 'mobile' subdomains
-      .replace('://mobile.', '://')
-      .replace('http://', 'https://') // default everything to https (maybe a terrible idea)
-      .replace( /:\d+/, port => (port === ':443' || port === ':80' ? '' : port)) + // remove 443 and 80 ports
-    url.pathname
-      .replace(/\/+/g, '/') // remove duplicated slashes in the middle of the path
-      .replace(/\/*$/, '') // remove slashes from the end of path
-
-    // notice that only origin ("https://random.blog") and pathname ("/article") are used, all the rest is thrown away
-  )
-}
-```
-
-This is open for improvement, of course.
+This proposal SHOULD be extended to support further commands in the future, such as REQ and AUTH. They are left out of this initial version to keep things simpler.

21.md

@@ -0,0 +1,20 @@
+NIP-21
+======
+
+`nostr:` URL scheme
+-------------------
+
+`draft` `optional` `author:fiatjaf`
+
+This NIP standardizes the usage of a common URL scheme for maximum interoperability and openness in the network.
+
+The scheme is `nostr:`.
+
+The identifiers that come after are expected to be the same as those defined in NIP-19 (except `nsec`).
+
+## Examples
+
+- `nostr:npub1sn0wdenkukak0d9dfczzeacvhkrgz92ak56egt7vdgzn8pv2wfqqhrjdv9`
+- `nostr:nprofile1qqsrhuxx8l9ex335q7he0f09aej04zpazpl0ne2cgukyawd24mayt8gpp4mhxue69uhhytnc9e3k7mgpz4mhxue69uhkg6nzv9ejuumpv34kytnrdaksjlyr9p`
+- `nostr:note1fntxtkcy9pjwucqwa9mddn7v03wwwsu9j330jj350nvhpky2tuaspk6nqc`
+- `nostr:nevent1qqstna2yrezu5wghjvswqqculvvwxsrcvu7uc0f78gan4xqhvz49d9spr3mhxue69uhkummnw3ez6un9d3shjtn4de6x2argwghx6egpr4mhxue69uhkummnw3ez6ur4vgh8wetvd3hhyer9wghxuet5nxnepm`

22.md

@@ -0,0 +1,45 @@
+NIP-22
+======
+
+Event `created_at` Limits
+---------------------------
+
+`draft` `optional` `author:jeffthibault` `author:Giszmo`
+
+Relays may define both upper and lower limits within which they will consider an event's `created_at` to be acceptable. Both the upper and lower limits MUST be unix timestamps in seconds as defined in [NIP-01](01.md).
+
+If a relay supports this NIP, the relay SHOULD send the client a [NIP-20](20.md) command result saying the event was not stored for the `created_at` timestamp not being within the permitted limits.
+
+Client Behavior
+---------------
+
+Clients SHOULD use the [NIP-11](11.md) `supported_nips` field to learn if a relay uses event `created_at` time limits as defined by this NIP.
+
+Motivation
+----------
+
+This NIP formalizes restrictions on event timestamps as accepted by a relay and allows clients to be aware of relays that have these restrictions.
+
+The event `created_at` field is just a unix timestamp and can be set to a time in the past or future. Relays accept and share events dated to 20 years ago or 50,000 years in the future. This NIP aims to define a way for relays that do not want to store events with *any* timestamp to set their own restrictions.
+
+[Replaceable events](16.md#replaceable-events) can behave rather unexpected if the user wrote them - or tried to write them - with a wrong system clock. Persisting an update with a backdated system now would result in the update not getting persisted without a notification and if they did the last update with a forward dated system, they will again fail to do another update with the now correct time.
+
+A wide adoption of this NIP could create a better user experience as it would decrease the amount of events that appear wildly out of order or even from impossible dates in the distant past or future.
+
+Keep in mind that there is a use case where a user migrates their old posts onto a new relay. If a relay rejects events that were not recently created, it cannot serve this use case.
+
+
+Python (pseudocode) Example
+---------------------------
+
+```python
+import time
+
+TIME = int(time.time())
+LOWER_LIMIT = TIME - (60 * 60 * 24) # Define lower limit as 1 day into the past
+UPPER_LIMIT = TIME + (60 * 15)      # Define upper limit as 15 minutes into the future
+
+if event.created_at not in range(LOWER_LIMIT, UPPER_LIMIT):
+  ws.send('["OK", event.id, False, "invalid: the event created_at field is out of the acceptable range (-24h, +15min) for this relay"]')
+```
+Note: These are just example limits, the relay operator can choose whatever limits they want.

23.md

@@ -0,0 +1,58 @@
+NIP-23
+======
+
+Long-form Content
+-----------------
+
+`draft` `optional` `author:fiatjaf`
+
+This NIP defines `kind:30023` (a parameterized replaceable event according to [NIP-33](33.md)) for long-form text content, generally referred to as "articles" or "blog posts".
+
+"Social" clients that deal primarily with `kind:1` notes should not be expected to implement this NIP.
+
+### Format
+
+The `.content` of these events should be a string text in Markdown syntax.
+
+### Metadata
+
+For the date of the last update the `.created_at` field should be used, for "tags"/"hashtags" (i.e. topics about which the event might be of relevance) the `"t"` event tag should be used, as per NIP-12.
+
+Other metadata fields can be added as tags to the event as necessary. Here we standardize 4 that may be useful, although they remain strictly optional:
+
+- `"title"`, for the article title
+- `"image"`, for a URL pointing to an image to be shown along with the title
+- `"summary"`, for the article summary
+- `"published_at"`, for the timestamp in unix seconds (stringified) of the first time the article was published
+
+### Editability
+
+These articles are meant to be editable, so they should make use of the replaceability feature of NIP-33 and include a `"d"` tag with an identifier for the article. Clients should take care to only publish and read these events from relays that implement that. If they don't do that they should also take care to hide old versions of the same article they may receive.
+
+### Linking
+
+The article may be linked to using the NIP-19 `naddr` code along with the `"a"` tag (see [NIP-33](33.md) and [NIP-19](19.md)).
+
+### References
+
+References to other Nostr notes, articles or profiles must be made according to [NIP-27](27.md), i.e. by using [NIP-21](21.md) `nostr:...` links and optionally adding tags for these (see example below).
+
+## Example Event
+
+```json
+{
+  "kind": 30023,
+  "created_at": 1675642635,
+  "content": "Lorem [ipsum][nostr:nevent1qqst8cujky046negxgwwm5ynqwn53t8aqjr6afd8g59nfqwxpdhylpcpzamhxue69uhhyetvv9ujuetcv9khqmr99e3k7mg8arnc9] dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.\n\nRead more at nostr:naddr1qqzkjurnw4ksz9thwden5te0wfjkccte9ehx7um5wghx7un8qgs2d90kkcq3nk2jry62dyf50k0h36rhpdtd594my40w9pkal876jxgrqsqqqa28pccpzu.",
+  "tags": [
+    ["d", "lorem-ipsum"],
+    ["title", "Lorem Ipsum"],
+    ["published_at", "1296962229"],
+    ["t", "placeholder"],
+    ["e", "b3e392b11f5d4f28321cedd09303a748acfd0487aea5a7450b3481c60b6e4f87", "wss://relay.example.com"],
+    ["a", "30023:a695f6b60119d9521934a691347d9f78e8770b56da16bb255ee286ddf9fda919:ipsum", "wss://relay.nostr.org"]
+  ],
+  "pubkey": "...",
+  "id": "..."
+}
+```

25.md

@@ -0,0 +1,49 @@
+
+NIP-25
+======
+
+Reactions
+---------
+
+`draft` `optional` `author:jb55`
+
+A reaction is a `kind 7` note that is used to react to other notes.
+
+The generic reaction, represented by the `content` set to a `+` string, SHOULD
+be interpreted as a "like" or "upvote".
+
+A reaction with `content` set to `-` SHOULD be interpreted as a "dislike" or
+"downvote". It SHOULD NOT be counted as a "like", and MAY be displayed as a
+downvote or dislike on a post. A client MAY also choose to tally likes against
+dislikes in a reddit-like system of upvotes and downvotes, or display them as
+separate tallys.
+
+The `content` MAY be an emoji, in this case it MAY be interpreted as a "like" or "dislike",
+or the client MAY display this emoji reaction on the post.
+
+Tags
+----
+
+The reaction event SHOULD include `e` and `p` tags from the note the user is
+reacting to. This allows users to be notified of reactions to posts they were
+mentioned in. Including the `e` tags enables clients to pull all the reactions
+associated with individual posts or all the posts in a thread.
+
+The last `e` tag MUST be the `id` of the note that is being reacted to. 
+
+The last `p` tag MUST be the `pubkey` of the event being reacted to.
+
+Example code
+
+```swift
+func make_like_event(pubkey: String, privkey: String, liked: NostrEvent) -> NostrEvent {
+    var tags: [[String]] = liked.tags.filter { 
+    	tag in tag.count >= 2 && (tag[0] == "e" || tag[0] == "p") 
+    }
+    tags.append(["e", liked.id])
+    tags.append(["p", liked.pubkey])
+    let ev = NostrEvent(content: "+", pubkey: pubkey, kind: 7, tags: tags)
+    ev.calculate_id()
+    ev.sign(privkey: privkey)
+    return ev
+}

26.md

@@ -0,0 +1,106 @@
+NIP: 26
+=======
+
+Delegated Event Signing
+-----
+
+`draft` `optional` `author:markharding` `author:minds`
+
+This NIP defines how events can be delegated so that they can be signed by other keypairs.
+
+Another application of this proposal is to abstract away the use of the 'root' keypairs when interacting with clients. For example, a user could generate new keypairs for each client they wish to use and authorize those keypairs to generate events on behalf of their root pubkey, where the root keypair is stored in cold storage. 
+
+#### Introducing the 'delegation' tag
+
+This NIP introduces a new tag: `delegation` which is formatted as follows:
+
+```json
+[
+  "delegation",
+  <pubkey of the delegator>,
+  <conditions query string>,
+  <delegation token: 64-byte Schnorr signature of the sha256 hash of the delegation string>
+]
+```
+
+##### Delegation Token
+
+The **delegation token** should be a 64-byte Schnorr signature of the sha256 hash of the following string:
+
+```
+nostr:delegation:<pubkey of publisher (delegatee)>:<conditions query string>
+```
+
+##### Conditions Query String
+
+The following fields and operators are supported in the above query string:
+
+*Fields*:
+1. `kind`
+   -  *Operators*:
+      -  `=${KIND_NUMBER}` - delegatee may only sign events of this kind
+2. `created_at`
+   -  *Operators*:
+      -  `<${TIMESTAMP}` - delegatee may only sign events created ***before*** the specified timestamp
+      -  `>${TIMESTAMP}` - delegatee may only sign events created ***after*** the specified timestamp
+
+In order to create a single condition, you must use a supported field and operator. Multiple conditions can be used in a single query string, including on the same field. Conditions must be combined with `&`.
+
+For example, the following condition strings are valid:
+
+- `kind=1&created_at<1675721813`
+- `kind=0&kind=1&created_at>1675721813`
+- `kind=1&created_at>1674777689&created_at<1675721813`
+
+For the vast majority of use-cases, it is advisable that query strings should include a `created_at` ***after*** condition reflecting the current time, to prevent the delegatee from publishing historic notes on the delegator's behalf.
+
+#### Example
+
+```
+# Delegator:
+privkey: ee35e8bb71131c02c1d7e73231daa48e9953d329a4b701f7133c8f46dd21139c
+pubkey:  8e0d3d3eb2881ec137a11debe736a9086715a8c8beeeda615780064d68bc25dd
+
+# Delegatee:
+privkey: 777e4f60b4aa87937e13acc84f7abcc3c93cc035cb4c1e9f7a9086dd78fffce1
+pubkey:  477318cfb5427b9cfc66a9fa376150c1ddbc62115ae27cef72417eb959691396
+```
+
+Delegation string to grant note publishing authorization to the delegatee (477318cf) from now, for the next 30 days, given the current timestamp is `1674834236`.
+```json
+nostr:delegation:477318cfb5427b9cfc66a9fa376150c1ddbc62115ae27cef72417eb959691396:kind=1&created_at>1674834236&created_at<1677426236
+```
+
+The delegator (8e0d3d3e) then signs a SHA256 hash of the above delegation string, the result of which is the delegation token:
+```
+6f44d7fe4f1c09f3954640fb58bd12bae8bb8ff4120853c4693106c82e920e2b898f1f9ba9bd65449a987c39c0423426ab7b53910c0c6abfb41b30bc16e5f524
+```
+
+The delegatee (477318cf) can now construct an event on behalf of the delegator (8e0d3d3e). The delegatee then signs the event with its own private key and publishes.
+```json
+{
+  "id": "e93c6095c3db1c31d15ac771f8fc5fb672f6e52cd25505099f62cd055523224f",
+  "pubkey": "477318cfb5427b9cfc66a9fa376150c1ddbc62115ae27cef72417eb959691396",
+  "created_at": 1677426298,
+  "kind": 1,
+  "tags": [
+    [
+      "delegation",
+      "8e0d3d3eb2881ec137a11debe736a9086715a8c8beeeda615780064d68bc25dd",
+      "kind=1&created_at>1674834236&created_at<1677426236",
+      "6f44d7fe4f1c09f3954640fb58bd12bae8bb8ff4120853c4693106c82e920e2b898f1f9ba9bd65449a987c39c0423426ab7b53910c0c6abfb41b30bc16e5f524"
+    ]
+  ],
+  "content": "Hello, world!",
+  "sig": "633db60e2e7082c13a47a6b19d663d45b2a2ebdeaf0b4c35ef83be2738030c54fc7fd56d139652937cdca875ee61b51904a1d0d0588a6acd6168d7be2909d693"
+}
+```
+
+The event should be considered a valid delegation if the conditions are satisfied (`kind=1`, `created_at>1674834236` and `created_at<1677426236` in this example) and, upon validation of the delegation token, are found to be unchanged from the conditions in the original delegation string.
+
+Clients should display the delegated note as if it was published directly by the delegator (8e0d3d3e).
+
+
+#### Relay & Client Querying Support
+
+Relays should answer requests such as `["REQ", "", {"authors": ["A"]}]` by querying both the `pubkey` and delegation tags `[1]` value.

27.md

@@ -0,0 +1,54 @@
+NIP-27
+======
+
+Text Note References
+--------------------
+
+`draft` `optional` `author:arthurfranca` `author:hodlbod` `author:fiatjaf`
+
+This document standardizes the treatment given by clients of inline references of other events and profiles inside the `.content` of any event that has readable text in its `.content` (such as kinds 1 and 30023).
+
+When creating an event, clients should include mentions to other profiles and to other events in the middle of the `.content` using NIP-21 codes, such as `nostr:nprofile1qqsw3dy8cpu...6x2argwghx6egsqstvg`.
+
+Including [NIP-10](10.md)-style tags (`["e", <hex-id>, <relay-url>, <marker>]`) for each reference is optional, clients should do it whenever they want the profile being mentioned to be notified of the mention, or when they want the referenced event to recognize their mention as a reply.
+
+A reader client that receives an event with such `nostr:...` mentions in its `.content` can do any desired context augmentation (for example, linking to the profile or showing a preview of the mentioned event contents) it wants in the process. If turning such mentions into links, they could become internal links, NIP-21 links or direct links to web clients that will handle these references.
+
+---
+
+## Example of a profile mention process
+
+Suppose Bob is writing a note in a client that has search-and-autocomplete functionality for users that is triggered when they write the character `@`.
+
+As Bob types `"hello @mat"` the client will prompt him to autocomplete with [mattn's profile](https://gateway.nostr.com/p/2c7cc62a697ea3a7826521f3fd34f0cb273693cbe5e9310f35449f43622a5cdc), showing a picture and name.
+
+Bob presses "enter" and now he sees his typed note as `"hello @mattn"`, `@mattn` is highlighted, indicating that it is a mention. Internally, however, the event looks like this:
+
+```json
+{
+  "content": "hello nostr:nprofile1qqszclxx9f5haga8sfjjrulaxncvkfekj097t6f3pu65f86rvg49ehqj6f9dh",
+  "created_at": 1679790774,
+  "id": "f39e9b451a73d62abc5016cffdd294b1a904e2f34536a208874fe5e22bbd47cf",
+  "kind": 1,
+  "pubkey": "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
+  "sig": "f8c8bab1b90cc3d2ae1ad999e6af8af449ad8bb4edf64807386493163e29162b5852a796a8f474d6b1001cddbaac0de4392838574f5366f03cc94cf5dfb43f4d",
+  "tags": [
+    [
+      "p",
+      "2c7cc62a697ea3a7826521f3fd34f0cb273693cbe5e9310f35449f43622a5cdc"
+    ]
+  ]
+}
+```
+
+(Alternatively, the mention could have been a `nostr:npub1...` URL.)
+
+After Bob publishes this event and Carol sees it, her client will initially display the `.content` as it is, but later it will parse the `.content` and see that there is a `nostr:` URL in there, decode it, extract the public key from it (and possibly relay hints), fetch that profile from its internal database or relays, then replace the full URL with the name `@mattn`, with a link to the internal page view for that profile.
+
+## Verbose and probably unnecessary considerations
+
+- The example above was very concrete, but it doesn't mean all clients have to implement the same flow. There could be clients that do not support autocomplete at all, so they just allow users to paste raw [NIP-19](19.md) codes into the body of text, then prefix these with `nostr:` before publishing the event.
+- The flow for referencing other events is similar: a user could paste a `note1...` or `nevent1...` code and the client will turn that into a `nostr:note1...` or `nostr:nevent1...` URL. Then upon reading such references the client may show the referenced note in a preview box or something like that -- or nothing at all.
+- Other display procedures can be employed: for example, if a client that is designed for dealing with only `kind:1` text notes sees, for example, a [`kind:30023`](23.md) `nostr:naddr1...` URL reference in the `.content`, it can, for example, decide to turn that into a link to some hardcoded webapp capable of displaying such events.
+- Clients may give the user the option to include or not include tags for mentioned events or profiles. If someone wants to mention `mattn` without notifying them, but still have a nice augmentable/clickable link to their profile inside their note, they can instruct their client to _not_ create a `["p", ...]` tag for that specific mention.
+- In the same way, if someone wants to reference another note but their reference is not meant to show up along other replies to that same note, their client can choose to not include a corresponding `["e", ...]` tag for any given `nostr:nevent1...` URL inside `.content`. Clients may decide to expose these advanced functionalities to users or be more opinionated about things.

28.md

@@ -0,0 +1,153 @@
+
+NIP-28
+======
+
+Public Chat
+-----------
+
+`draft` `optional` `author:ChristopherDavid` `author:fiatjaf` `author:jb55` `author:Cameri`
+
+This NIP defines new event kinds for public chat channels, channel messages, and basic client-side moderation.
+
+It reserves five event kinds (40-44) for immediate use:
+
+- `40 - channel create`
+- `41 - channel metadata`
+- `42 - channel message`
+- `43 - hide message`
+- `44 - mute user`
+
+Client-centric moderation gives client developers discretion over what types of content they want included in their apps, while imposing no additional requirements on relays.
+
+## Kind 40: Create channel
+
+Create a public chat channel.
+
+In the channel creation `content` field, Client SHOULD include basic channel metadata (`name`, `about`, `picture` as specified in kind 41).
+
+```json
+{
+    "content": "{\"name\": \"Demo Channel\", \"about\": \"A test channel.\", \"picture\": \"https://placekitten.com/200/200\"}",
+    ...
+}
+```
+
+
+## Kind 41: Set channel metadata
+
+Update a channel's public metadata.
+
+Clients and relays SHOULD handle kind 41 events similar to kind 0 `metadata` events.
+
+Clients SHOULD ignore kind 41s from pubkeys other than the kind 40 pubkey.
+
+Clients SHOULD support basic metadata fields:
+
+- `name` - string - Channel name
+- `about` - string - Channel description
+- `picture` - string - URL of channel picture
+
+Clients MAY add additional metadata fields.
+
+Clients SHOULD use [NIP-10](10.md) marked "e" tags to recommend a relay.
+
+```json
+{
+    "content": "{\"name\": \"Updated Demo Channel\", \"about\": \"Updating a test channel.\", \"picture\": \"https://placekitten.com/201/201\"}",
+    "tags": [["e", <channel_create_event_id>, <relay-url>]],
+    ...
+}
+```
+
+
+## Kind 42: Create channel message
+
+Send a text message to a channel.
+
+Clients SHOULD use [NIP-10](10.md) marked "e" tags to recommend a relay and specify whether it is a reply or root message.
+
+Clients SHOULD append [NIP-10](10.md) "p" tags to replies.
+
+Root message:
+
+```json
+{
+    "content": <string>,
+    "tags": [["e", <kind_40_event_id>, <relay-url>, "root"]],
+    ...
+}
+```
+
+Reply to another message:
+
+```json
+{
+    "content": <string>,
+    "tags": [
+        ["e", <kind_40_event_id>, <relay-url>, "root"],
+        ["e", <kind_42_event_id>, <relay-url>, "reply"],
+        ["p", <pubkey>, <relay-url>],
+        ...
+    ],
+    ...
+}
+```
+
+
+## Kind 43: Hide message
+
+User no longer wants to see a certain message.
+
+The `content` may optionally include metadata such as a `reason`.
+
+Clients SHOULD hide event 42s shown to a given user, if there is an event 43 from that user matching the event 42 `id`.
+
+Clients MAY hide event 42s for other users other than the user who sent the event 43.
+
+(For example, if three users 'hide' an event giving a reason that includes the word 'pornography', a Nostr client that is an iOS app may choose to hide that message for all iOS clients.)
+
+```json
+{
+    "content": "{\"reason\": \"Dick pic\"}",
+    "tags": [["e", <kind_42_event_id>]],
+    ...
+}
+```
+
+## Kind 44: Mute user
+
+User no longer wants to see messages from another user.
+
+The `content` may optionally include metadata such as a `reason`.
+
+Clients SHOULD hide event 42s shown to a given user, if there is an event 44 from that user matching the event 42 `pubkey`.
+
+Clients MAY hide event 42s for users other than the user who sent the event 44.
+
+```json
+{
+    "content": "{\"reason\": \"Posting dick pics\"}",
+    "tags": [["p", <pubkey>]],
+    ...
+}
+```
+
+## NIP-10 relay recommendations
+
+For [NIP-10](10.md) relay recommendations, clients generally SHOULD use the relay URL of the original (oldest) kind 40 event.
+
+Clients MAY recommend any relay URL. For example, if a relay hosting the original kind 40 event for a channel goes offline, clients could instead fetch channel data from a backup relay, or a relay that clients trust more than the original relay.
+
+
+Motivation
+----------
+If we're solving censorship-resistant communication for social media, we may as well solve it also for Telegram-style messaging.
+
+We can bring the global conversation out from walled gardens into a true public square open to all.
+
+
+Additional info
+---------------
+
+- [Chat demo PR with fiatjaf+jb55 comments](https://github.com/ArcadeCity/arcade/pull/28)
+- [Conversation about NIP16](https://t.me/nostr_protocol/29566)

33.md

@@ -0,0 +1,53 @@
+NIP-33
+======
+
+Parameterized Replaceable Events
+--------------------------------
+
+`draft` `optional` `author:Semisol` `author:Kukks` `author:Cameri` `author:Giszmo`
+
+This NIP adds a new event range that allows for replacement of events that have the same `d` tag and kind unlike NIP-16 which only replaced by kind.
+
+Implementation
+--------------
+The value of a tag is defined as the first parameter of a tag after the tag name.
+
+A *parameterized replaceable event* is defined as an event with a kind `30000 <= n < 40000`.
+Upon a parameterized replaceable event with a newer timestamp than the currently known latest
+replaceable event with the same kind, author and first `d` tag value being received, the old event
+SHOULD be discarded, effectively replacing what gets returned when querying for
+`author:kind:d-tag` tuples.
+
+A missing or a `d` tag with no value should be interpreted equivalent to a `d` tag with the
+value as an empty string. Events from the same author with any of the following `tags`
+replace each other:
+
+* `"tags":[["d",""]]`
+* `"tags":[]`: implicit `d` tag with empty value
+* `"tags":[["d"]]`: implicit empty value `""`
+* `"tags":[["d",""],["d","not empty"]]`: only first `d` tag is considered
+* `"tags":[["d"],["d","some value"]]`: only first `d` tag is considered
+* `"tags":[["e"]]`: same as no tags
+* `"tags":[["d","","1"]]`: only the first value is considered (`""`)
+
+Clients SHOULD NOT use `d` tags with multiple values and SHOULD include the `d` tag even if it has no value to allow querying using the `#d` filter.
+
+Referencing and tagging
+-----------------------
+
+Normally (as per NIP-01, NIP-12) the `"p"` tag is used for referencing public keys and the
+`"e"` tag for referencing event ids and the `note`, `npub`, `nprofile` or `nevent` are their
+equivalents for event tags (i.e. an `nprofile` is generally translated into a tag
+`["p", "<event hex id>", "<relay url>"]`).
+
+To support linking to parameterized replaceable events, the `naddr` code is introduced on
+NIP-19. It includes the public key of the event author and the `d` tag (and relays) such that
+the referenced combination of public key and `d` tag can be found.
+
+The equivalent in `tags` to the `naddr` code is the tag `"a"`, comprised of `["a", "<kind>:<pubkey>:<d-identifier>", "<relay url>"]`.
+
+Client Behavior
+---------------
+
+Clients SHOULD use the `supported_nips` field to learn if a relay supports this NIP.
+Clients MAY send parameterized replaceable events to relays that may not support this NIP, and clients querying SHOULD be prepared for the relay to send multiple events and should use the latest one and are recommended to send a `#d` tag filter. Clients should account for the fact that missing `d` tags or ones with no value are not returned in tag filters, and are recommended to always include a `d` tag with a value.

36.md

@@ -0,0 +1,34 @@
+NIP-36
+======
+
+Sensitive Content / Content Warning
+-----------------------------------
+
+`draft` `optional` `author:fernandolguevara`
+
+The `content-warning` tag enables users to specify if the event's content needs to be approved by readers to be shown.
+Clients can hide the content until the user acts on it.
+
+#### Spec
+
+```
+tag: content-warning
+options:
+ - [reason]: optional  
+```
+
+#### Example
+
+```json
+{
+    "pubkey": "<pub-key>",
+    "created_at": 1000000000,
+    "kind": 1,
+    "tags": [
+      ["t", "hastag"],
+      ["content-warning", "reason"] /* reason is optional */
+    ],
+    "content": "sensitive content with #hastag\n",
+    "id": "<event-id>"
+}
+```

39.md

@@ -0,0 +1,66 @@
+NIP-39
+======
+
+External Identities in Profiles
+-------------------------------
+
+`draft` `optional` `author:pseudozach` `author:Semisol`
+
+## Abstract
+
+Nostr protocol users may have other online identities such as usernames, profile pages, keypairs etc. they control and they may want to include this data in their profile metadata so clients can parse, validate and display this information.
+
+## `i` tag on a metadata event
+
+A new optional `i` tag is introduced for `kind 0` metadata event contents in addition to name, about, picture fields as included in [NIP-01](https://github.com/nostr-protocol/nips/blob/master/01.md):
+```json
+{
+    "id": <id>,
+    "pubkey": <pubkey>,
+    ...
+    "tags": [
+        ["i", "github:semisol", "9721ce4ee4fceb91c9711ca2a6c9a5ab"],
+        ["i", "twitter:semisol_public", "1619358434134196225"],
+        ["i", "mastodon:bitcoinhackers.org/@semisol", "109775066355589974"]
+        ["i", "telegram:1087295469", "nostrdirectory/770"]
+    ]
+}
+```
+
+An `i` tag will have two parameters, which are defined as the following:
+1. `platform:identity`: This is the platform name (for example `github`) and the identity on that platform (for example `semisol`) joined together with `:`.
+2. `proof`: String or object that points to the proof of owning this identity.
+
+Clients SHOULD process any `i` tags with more than 2 values for future extensibility.  
+Identity provider names SHOULD only include `a-z`, `0-9` and the characters `._-/` and MUST NOT include `:`.  
+Identity names SHOULD be normalized if possible by replacing uppercase letters with lowercase letters, and if there are multiple aliases for an entity the primary one should be used.  
+
+## Claim types
+
+### `github`
+
+Identity: A GitHub username.
+
+Proof: A GitHub Gist ID. This Gist should be created by `<identity>` with a single file that has the text `Verifying that I control the following Nostr public key: <npub encoded public key>`.  
+This can be located at `https://gist.github.com/<identity>/<proof>`.
+
+### `twitter`
+
+Identity: A Twitter username.
+
+Proof: A Tweet ID. The tweet should be posted by `<identity>` and have the text `Verifying my account on nostr My Public Key: "<npub encoded public key>"`.  
+This can be located at `https://twitter.com/<identity>/status/<proof>`.
+
+### `mastodon`
+
+Identity: A Mastodon instance and username in the format `<instance>/@<username>`.
+
+Proof: A Mastodon post ID. This post should be published by `<username>@<instance>` and have the text `Verifying that I control the following Nostr public key: "<npub encoded public key>"`.
+This can be located at `https://<identity>/<proof>`.
+
+### `telegram`
+
+Identity: A Telegram user ID.
+
+Proof: A string in the format `<ref>/<id>` which points to a message published in the public channel or group with name `<ref>` and message ID `<id>`. This message should be sent by user ID `<identity>` and have the text `Verifying that I control the following Nostr public key: "<npub encoded public key>"`.  
+This can be located at `https://t.me/<proof>`.

40.md

@@ -0,0 +1,59 @@
+NIP-40
+======
+
+Expiration Timestamp
+-----------------------------------
+
+`draft` `optional` `author:0xtlt`
+
+The `expiration` tag enables users to specify a unix timestamp at which the message SHOULD be considered expired (by relays and clients) and SHOULD be deleted by relays.
+
+#### Spec
+
+```
+tag: expiration
+values:
+ - [UNIX timestamp in seconds]: required
+```
+
+#### Example
+
+```json
+{
+    "pubkey": "<pub-key>",
+    "created_at": 1000000000,
+    "kind": 1,
+    "tags": [
+      ["expiration", "1600000000"]
+    ],
+    "content": "This message will expire at the specified timestamp and be deleted by relays.\n",
+    "id": "<event-id>"
+}
+```
+
+Note: The timestamp should be in the same format as the created_at timestamp and should be interpreted as the time at which the message should be deleted by relays.
+
+Client Behavior
+---------------
+
+Clients SHOULD use the `supported_nips` field to learn if a relay supports this NIP. Clients SHOULD NOT send expiration events to relays that do not support this NIP.
+
+Clients SHOULD ignore events that have expired.
+
+Relay Behavior
+--------------
+
+Relays MAY NOT delete an expired message immediately on expiration and MAY persist them indefinitely.  
+Relays SHOULD NOT send expired events to clients, even if they are stored.  
+Relays SHOULD drop any events that are published to them if they are expired.  
+An expiration timestamp does not affect storage of ephemeral events.
+
+Suggested Use Cases
+-------------------
+
+* Temporary announcements - This tag can be used to make temporary announcements. For example, an event organizer could use this tag to post announcements about an upcoming event.
+* Limited-time offers - This tag can be used by businesses to make limited-time offers that expire after a certain amount of time. For example, a business could use this tag to make a special offer that is only available for a limited time.
+
+#### Warning
+The events could be downloaded by third parties as they are publicly accessible all the time on the relays.
+So don't consider expiring messages as a security feature for your conversations or other uses.

42.md

@@ -0,0 +1,88 @@
+NIP-42
+======
+
+Authentication of clients to relays
+-----------------------------------
+
+`draft` `optional` `author:Semisol` `author:fiatjaf`
+
+This NIP defines a way for clients to authenticate to relays by signing an ephemeral event.
+
+## Motivation
+
+A relay may want to require clients to authenticate to access restricted resources. For example,
+
+  - A relay may request payment or other forms of whitelisting to publish events -- this can naïvely be achieved by limiting publication
+    to events signed by the whitelisted key, but with this NIP they may choose to accept any events as long as they are published from an
+    authenticated user;
+  - A relay may limit access to `kind: 4` DMs to only the parties involved in the chat exchange, and for that it may require authentication
+    before clients can query for that kind.
+  - A relay may limit subscriptions of any kind to paying users or users whitelisted through any other means, and require authentication.
+
+## Definitions
+
+This NIP defines a new message, `AUTH`, which relays can send when they support authentication and clients can send to relays when they want
+to authenticate. When sent by relays, the message is of the following form:
+
+```
+["AUTH", <challenge-string>]
+```
+
+And, when sent by clients, of the following form:
+
+```
+["AUTH", <signed-event-json>]
+```
+
+The signed event is an ephemeral event not meant to be published or queried, it must be of `kind: 22242` and it should have at least two tags,
+one for the relay URL and one for the challenge string as received from the relay.
+Relays MUST exclude `kind: 22242` events from being broadcasted to any client.
+`created_at` should be the current time. Example:
+
+```json
+{
+  "id": "...",
+  "pubkey": "...",
+  "created_at": 1669695536,
+  "kind": 22242,
+  "tags": [
+    ["relay", "wss://relay.example.com/"],
+    ["challenge", "challengestringhere"]
+  ],
+  "content": "",
+  "sig": "..."
+}
+```
+
+## Protocol flow
+
+At any moment the relay may send an `AUTH` message to the client containing a challenge. After receiving that the client may decide to
+authenticate itself or not. The challenge is expected to be valid for the duration of the connection or until a next challenge is sent by
+the relay.
+
+The client may send an auth message right before performing an action for which it knows authentication will be required -- for example, right
+before requesting `kind: 4` chat messages --, or it may do right on connection start or at some other moment it deems best. The authentication
+is expected to last for the duration of the WebSocket connection.
+
+Upon receiving a message from an unauthenticated user it can't fulfill without authentication, a relay may choose to notify the client. For
+that it can use a `NOTICE` or `OK` message with a standard prefix `"restricted: "` that is readable both by humans and machines, for example:
+
+```
+["NOTICE", "restricted: we can't serve DMs to unauthenticated users, does your client implement NIP-42?"]
+```
+
+or it can return an `OK` message noting the reason an event was not written using the same prefix:
+
+```
+["OK", <event-id>, false, "restricted: we do not accept events from unauthenticated users, please sign up at https://example.com/"]
+```
+
+## Signed Event Verification
+
+To verify `AUTH` messages, relays must ensure:
+
+  - that the `kind` is `22242`;
+  - that the event `created_at` is close (e.g. within ~10 minutes) of the current time;
+  - that the `"challenge"` tag matches the challenge sent before;
+  - that the `"relay"` tag matches the relay URL:
+    - URL normalization techniques can be applied. For most cases just checking if the domain name is correct should be enough.

46.md

@@ -0,0 +1,162 @@
+NIP-46
+======
+
+Nostr Connect
+------------------------
+
+`draft` `optional` `author:tiero` `author:giowe` `author:vforvalerio87`
+
+## Rationale
+
+Private keys should be exposed to as few systems - apps, operating systems, devices - as possible as each system adds to the attack surface.
+
+Entering private keys can also be annoying and requires exposing them to even more systems such as the operating system's clipboard that might be monitored by malicious apps.
+
+
+## Terms
+
+* **App**: Nostr app on any platform that *requires* to act on behalf of a nostr account.
+* **Signer**: Nostr app that holds the private key of a nostr account and *can sign* on its behalf.
+
+
+## `TL;DR`
+
+
+**App** and **Signer** sends ephemeral encrypted messages to each other using kind `24133`, using a relay of choice. 
+
+App prompts the Signer to do things such as fetching the public key or signing events.
+
+The `content` field must be an encrypted JSONRPC-ish **request** or **response**.
+
+## Signer Protocol
+
+### Messages
+
+#### Request
+
+```json
+{
+  "id": <random_string>,
+  "method": <one_of_the_methods>,
+  "params": [<anything>, <else>]
+}
+```
+
+#### Response
+
+```json
+{
+  "id": <request_id>,
+  "result": <anything>,
+  "error": <reason>
+}
+```
+
+### Methods
+
+
+#### Mandatory 
+
+These are mandatory methods the remote signer app MUST implement:
+
+- **describe**
+  - params []
+  - result `["describe", "get_public_key", "sign_event", "connect", "disconnect", "delegate", ...]`  
+- **get_public_key**
+  - params []
+  - result `pubkey` 
+- **sign_event**
+  - params [`event`]
+  - result `event_with_signature` 
+
+#### optional
+
+
+- **connect**
+  - params [`pubkey`]
+- **disconnect**
+  - params []
+- **delegate** 
+  - params [`delegatee`, `{ kind: number, since: number, until: number }`]
+  - result `{ from: string, to: string, cond: string, sig: string }`
+- **get_relays**
+  - params []
+  - result `{ [url: string]: {read: boolean, write: boolean} }` 
+- **nip04_encrypt**
+  - params [`pubkey`, `plaintext`]
+  - result `nip4 ciphertext`
+- **nip04_decrypt**
+  - params [`pubkey`, `nip4 ciphertext`]
+  - result [`plaintext`]
+
+
+NOTICE: `pubkey` and `signature` are hex-encoded strings.
+
+
+### Nostr Connect URI
+
+**Signer** discovers **App** by scanning a QR code, clicking on a deep link or copy-pasting an URI.
+
+The **App** generates a special URI with prefix `nostrconnect://` and base path the hex-encoded `pubkey` with the following querystring parameters **URL encoded**
+
+- `relay` URL of the relay of choice where the **App** is connected and the **Signer** must send and listen for messages.
+- `metadata`  metadata JSON of the **App** 
+    - `name` human-readable name of the **App** 
+    - `url` (optional) URL of the website requesting the connection
+    - `description` (optional) description of the **App**
+    - `icons` (optional) array of URLs for icons of the **App**.
+
+#### JavaScript
+
+```js
+const uri = `nostrconnect://<pubkey>?relay=${encodeURIComponent("wss://relay.damus.io")}&metadata=${encodeURIComponent(JSON.stringify({"name": "Example"}))}`
+```
+
+#### Example
+```sh
+nostrconnect://b889ff5b1513b641e2a139f661a661364979c5beee91842f8f0ef42ab558e9d4?relay=wss%3A%2F%2Frelay.damus.io&metadata=%7B%22name%22%3A%22Example%22%7D
+```
+
+
+
+## Flows
+
+The `content` field contains encrypted message as specified by [NIP04](https://github.com/nostr-protocol/nips/blob/master/04.md). The `kind` chosen is `24133`.
+
+### Connect
+
+1. User clicks on **"Connect"** button on a website or scan it with a QR code
+2. It will show an URI to open a "nostr connect" enabled **Signer** 
+3. In the URI there is a pubkey of the **App** ie. `nostrconnect://<pubkey>&relay=<relay>&metadata=<metadata>`
+4. The **Signer** will send a message to ACK the `connect` request, along with his public key
+
+### Disconnect (from App)
+
+1. User clicks on **"Disconnect"** button on the **App**
+2. The **App** will send a message to the **Signer** with a `disconnect` request
+3. The **Signer** will send a message to ACK the `disconnect` request
+
+### Disconnect (from Signer)
+
+1. User clicks on **"Disconnect"** button on the **Signer**
+2. The **Signer** will send a message to the **App** with a `disconnect` request
+
+
+### Get Public Key
+
+1. The **App** will send a message to the **Signer** with a `get_public_key` request
+3. The **Signer** will send back a message with the public key as a response to the `get_public_key` request
+
+### Sign Event
+
+1. The **App** will send a message to the **Signer** with a `sign_event` request along with the **event** to be signed
+2. The **Signer** will show a popup to the user to inspect the event and sign it
+3. The **Signer** will send back a message with the event including the `id` and the schnorr `signature` as a response to the `sign_event` request
+
+### Delegate
+
+1. The **App** will send a message with metadata to the **Signer** with a `delegate` request along with the **conditions** query string and the **pubkey** of the **App** to be delegated.
+2. The **Signer** will show a popup to the user to delegate the **App** to sign on his behalf
+3. The **Signer** will send back a message with the signed [NIP-26 delegation token](https://github.com/nostr-protocol/nips/blob/master/26.md) or reject it
+
+

50.md

@@ -0,0 +1,49 @@
+NIP-50
+======
+
+Search Capability
+-----------------
+
+`draft` `optional` `author:brugeman` `author:mikedilger` `author:fiatjaf`
+
+## Abstract
+
+Many Nostr use cases require some form of general search feature, in addition to structured queries by tags or ids. 
+Specifics of the search algorithms will differ between event kinds, this NIP only describes a general 
+extensible framework for performing such queries.
+
+## `search` filter field 
+
+A new `search` field is introduced for `REQ` messages from clients:
+```json
+{
+  ...
+  "search": <string>
+}
+```
+`search` field is a string describing a query in a human-readable form, i.e. "best nostr apps". 
+Relays SHOULD interpret the query to the best of their ability and return events that match it. 
+Relays SHOULD perform matching against `content` event field, and MAY perform
+matching against other fields if that makes sense in the context of a specific kind. 
+
+A query string may contain `key:value` pairs (two words separated by colon), these are extensions, relays SHOULD ignore 
+extensions they don't support.
+
+Clients may specify several search filters, i.e. `["REQ", "", { "search": "orange" }, { "kinds": [1, 2], "search": "purple" }]`. Clients may 
+include `kinds`, `ids` and other filter field to restrict the search results to particular event kinds.
+
+Clients SHOULD use the supported_nips field to learn if a relay supports `search` filter. Clients MAY send `search` 
+filter queries to any relay, if they are prepared to filter out extraneous responses from relays that do not support this NIP.
+
+Clients SHOULD query several relays supporting this NIP to compensate for potentially different 
+implementation details between relays.
+
+Clients MAY verify that events returned by a relay match the specified query in a way that suits the
+client's use case, and MAY stop querying relays that have low precision.
+
+Relays SHOULD exclude spam from search results by default if they supports some form of spam filtering.
+
+## Extensions
+
+Relay MAY support these extensions:
+- `include:spam` - turn off spam filtering, if it was enabled by default

51.md

@@ -0,0 +1,112 @@
+NIP-51
+======
+
+Lists
+-------------------------
+
+`draft` `optional` `author:fiatjaf` `author:arcbtc` `author:monlovesmango` `author:eskema` `depends:33`
+
+A "list" event is defined as having a list of public and/or private tags. Public tags will be listed in the event `tags`. Private tags will be encrypted in the event `content`. Encryption for private tags will use [NIP-04 - Encrypted Direct Message](04.md) encryption, using the list author's private and public key for the shared secret. A distinct event kind should be used for each list type created.
+
+If a list type should only be defined once per user (like the 'Mute' list), the list type's events should follow the specification for [NIP-16 - Replaceable Events](16.md). These lists may be referred to as 'replaceable lists'.
+
+Otherwise the list type's events should follow the specification for [NIP-33 - Parameterized Replaceable Events](33.md), where the list name will be used as the 'd' parameter. These lists may be referred to as 'parameterized replaceable lists'.
+
+## Replaceable List Event Example
+
+Lets say a user wants to create a 'Mute' list and has keys:
+```
+priv: fb505c65d4df950f5d28c9e4d285ee12ffaf315deef1fc24e3c7cd1e7e35f2b1
+pub: b1a5c93edcc8d586566fde53a20bdb50049a97b15483cb763854e57016e0fa3d
+```
+The user wants to publicly include these users:
+
+```json
+["p", "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"],
+["p", "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"]
+```
+and privately include these users (below is the JSON that would be encrypted and placed in the event content):
+
+```json
+[
+    ["p", "9ec7a778167afb1d30c4833de9322da0c08ba71a69e1911d5578d3144bb56437"],
+    ["p", "8c0da4862130283ff9e67d889df264177a508974e2feb96de139804ea66d6168"]
+]
+```
+
+Then the user would create a 'Mute' list event like below:
+
+```json
+{
+  "kind": 10000,
+  "tags": [
+    ["p", "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"],
+    ["p", "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"],
+  ],
+  "content": "VezuSvWak++ASjFMRqBPWS3mK5pZ0vRLL325iuIL4S+r8n9z+DuMau5vMElz1tGC/UqCDmbzE2kwplafaFo/FnIZMdEj4pdxgptyBV1ifZpH3TEF6OMjEtqbYRRqnxgIXsuOSXaerWgpi0pm+raHQPseoELQI/SZ1cvtFqEUCXdXpa5AYaSd+quEuthAEw7V1jP+5TDRCEC8jiLosBVhCtaPpLcrm8HydMYJ2XB6Ixs=?iv=/rtV49RFm0XyFEwG62Eo9A==",
+  ...other fields
+}
+```
+
+
+## Parameterized Replaceable List Event Example
+
+Lets say a user wants to create a 'Categorized People' list of `nostr` people and has keys:
+```
+priv: fb505c65d4df950f5d28c9e4d285ee12ffaf315deef1fc24e3c7cd1e7e35f2b1
+pub: b1a5c93edcc8d586566fde53a20bdb50049a97b15483cb763854e57016e0fa3d
+```
+The user wants to publicly include these users:
+
+```json
+["p", "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"],
+["p", "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"]
+```
+and privately include these users (below is the JSON that would be encrypted and placed in the event content):
+
+```json
+[
+    ["p", "9ec7a778167afb1d30c4833de9322da0c08ba71a69e1911d5578d3144bb56437"],
+    ["p", "8c0da4862130283ff9e67d889df264177a508974e2feb96de139804ea66d6168"]
+]
+```
+
+Then the user would create a 'Categorized People' list event like below:
+
+```json
+{
+  "kind": 30000,
+  "tags": [
+    ["d", "nostr"],
+    ["p", "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"],
+    ["p", "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"],
+  ],
+  "content": "VezuSvWak++ASjFMRqBPWS3mK5pZ0vRLL325iuIL4S+r8n9z+DuMau5vMElz1tGC/UqCDmbzE2kwplafaFo/FnIZMdEj4pdxgptyBV1ifZpH3TEF6OMjEtqbYRRqnxgIXsuOSXaerWgpi0pm+raHQPseoELQI/SZ1cvtFqEUCXdXpa5AYaSd+quEuthAEw7V1jP+5TDRCEC8jiLosBVhCtaPpLcrm8HydMYJ2XB6Ixs=?iv=/rtV49RFm0XyFEwG62Eo9A==",
+  ...other fields
+}
+```
+
+## List Event Kinds
+
+| kind   | list type               |
+| ------ | ----------------------- |
+| 10000  | Mute                    |
+| 10001  | Pin                     |
+| 30000  | Categorized People      |
+| 30001  | Categorized Bookmarks   |
+
+### Mute List
+
+An event with kind `10000` is defined as a replaceable list event for listing content a user wants to mute. Any standarized tag can be included in a Mute List.
+
+### Pin List
+
+An event with kind `10001` is defined as a replaceable list event for listing content a user wants to pin. Any standarized tag can be included in a Pin List.
+
+### Categorized People List
+
+An event with kind `30000` is defined as a parameterized replaceable list event for categorizing people. The 'd' parameter for this event holds the category name of the list. The tags included in these lists MUST follow the format of kind 3 events as defined in [NIP-02 - Contact List and Petnames](02.md).
+
+### Categorized Bookmarks List
+
+An event with kind `30001` is defined as a parameterized replaceable list event for categorizing bookmarks. The 'd' parameter for this event holds the category name of the list. Any standarized tag can be included in a Categorized Bookmarks List.

56.md

@@ -0,0 +1,82 @@
+
+NIP-56
+======
+
+Reporting
+---------
+
+`draft` `optional` `author:jb55`
+
+A report is a `kind 1984` note that is used to report other notes for spam,
+illegal and explicit content.
+
+The content MAY contain additional information submitted by the entity
+reporting the content.
+
+Tags
+----
+
+The report event MUST include a `p` tag referencing the pubkey of the user you
+are reporting.
+
+If reporting a note, an `e` tag MUST also be included referencing the note id.
+
+A `report type` string MUST be included as the 3rd entry to the `e` or `p` tag
+being reported, which consists of the following report types:
+
+- `nudity` - depictions of nudity, porn, etc.
+- `profanity` - profanity, hateful speech, etc.
+- `illegal` - something which may be illegal in some jurisdiction
+- `spam` - spam
+- `impersonation` - someone pretending to be someone else
+
+Some report tags only make sense for profile reports, such as `impersonation`
+
+Example events
+--------------
+
+```json
+{
+  "kind": 1984,
+  "tags": [
+    [ "p", <pubkey>, "nudity"]
+  ],
+  "content": "",
+  ...
+}
+
+{
+  "kind": 1984,
+  "tags": [
+    [ "e", <eventId>, "illegal"],
+    [ "p", <pubkey>]
+  ],
+  "content": "He's insulting the king!",
+  ...
+}
+
+{
+  "kind": 1984,
+  "tags": [
+    [ "p", <impersonator pubkey>, "impersonation"],
+    [ "p", <victim pubkey>]
+  ],
+  "content": "Profile is imitating #[1]",
+  ...
+}
+```
+
+Client behavior
+---------------
+
+Clients can use reports from friends to make moderation decisions if they
+choose to. For instance, if 3+ of your friends report a profile as explicit,
+clients can have an option to automatically blur photos from said account.
+
+
+Relay behavior
+--------------
+
+It is not recommended that relays perform automatic moderation using reports,
+as they can be easily gamed. Admins could use reports from trusted moderators to
+takedown illegal or explicit content if the relay does not allow such things.

57.md

@@ -0,0 +1,150 @@
+NIP-57
+======
+
+Lightning Zaps
+--------------
+
+`draft` `optional` `author:jb55` `author:kieran`
+
+This NIP defines a new note type called a lightning zap of kind `9735`. These represent paid lightning invoice receipts sent by a lightning node called the `zapper`. We also define another note type of kind `9734` which are `zap request` notes, which will be described in this document.
+
+Having lightning receipts on nostr allows clients to display lightning payments from entities on the network. These can be used for fun or for spam deterrence.
+
+
+## Definitions
+
+`zapper` - the lightning node or service that sends zap notes (kind `9735`)
+
+`zap request` - a note of kind `9734` created by the person zapping
+
+`zap invoice` - the bolt11 invoice fetched from a custom lnurl endpoint which contains a `zap request` note
+
+
+## Protocol flow
+
+### Client side
+
+1. Calculate the lnurl pay request url for a user from the lud06 or lud16 field on their profile
+
+2. Fetch the lnurl pay request static endpoint (`https://host.com/.well-known/lnurlp/user`) and gather the `allowsNostr` and `nostrPubkey` fields. If `allowsNostr` exists and it is `true`, and if `nostrPubkey` exists and is a valid BIP 340 public key in hex, associate this information with the user. The `nostrPubkey` is the `zapper`'s pubkey, and it is used to authorize zaps sent to that user.
+
+3. Clients may choose to display a lightning zap button on each post or on the users profile, if the user's lnurl pay request endpoint supports nostr, the client SHOULD generate a `zap invoice` instead of a normal lnurl invoice.
+
+4. To generate a `zap invoice`, call the `callback` url with `amount` set to the milli-satoshi amount value. A `nostr` querystring value MUST be set as well. It is a uri-encoded `zap request` note signed by the user's key. The `zap request` note contains an `e` tag of the note it is zapping, and a `p` tag of the target user's pubkey. The `e` tag is optional which allows profile tipping. An optional `a` tag allows tipping parameterized replaceable events such as NIP-23 long-form notes. The `zap request` note must also have a `relays` tag, which is gathered from the user's configured relays. The `zap request` note SHOULD contain an `amount` tag, which is the milli-satoshi value of the zap which clients SHOULD verify being equal to the amount of the invoice. The `content` MAY be an additional comment from the user which can be displayed when listing zaps on posts and profiles.
+
+5. Pay this invoice or pass it to an app that can pay the invoice. Once it's paid, a `zap note` will be created by the `zapper`.
+
+### LNURL Server side
+
+The lnurl server will need some additional pieces of information so that clients can know that zap invoices are supported:
+
+1. Add a `nostrPubkey` to the lnurl-pay static endpoint `/.well-known/lnurlp/user`, where `nostrPubkey` is the nostr pubkey of the `zapper`, the entity that creates zap notes. Clients will use this to authorize zaps.
+
+2. Add an `allowsNostr` field and set it to true.
+
+3. In the lnurl-pay callback URL, watch for a `nostr` querystring, where the contents of the note is a uri-encoded `zap request` JSON.
+
+4. If present, the zap request note must be validated:
+
+	a. It MUST have a valid nostr signature
+
+	b. It MUST have tags
+
+	c. It MUST have at least one p-tag
+
+	d. It MUST have either 0 or 1 e-tag
+
+	e. There should be a `relays` tag with the relays to send the `zap` note to.
+
+	f. If there is an `amount` tag, it MUST be equal to the `amount` query parameter.
+
+	g. If there is an `a` tag, it MUST be a valid NIP-33 event coordinate
+
+5. If valid, fetch a description hash invoice where the description is this note and this note only. No additional lnurl metadata is included in the description.
+
+At this point, the lightning node is ready to send the zap note once payment is received.
+
+## The zap note
+
+Zap notes are created by a lightning node reacting to paid invoices. Zap notes are only created when the invoice description (committed to the description hash) contains a `zap request` note.
+
+Example zap note:
+
+```json
+{
+    "id": "67b48a14fb66c60c8f9070bdeb37afdfcc3d08ad01989460448e4081eddda446",
+    "pubkey": "9630f464cca6a5147aa8a35f0bcdd3ce485324e732fd39e09233b1d848238f31",
+    "created_at": 1674164545,
+    "kind": 9735,
+    "tags": [
+      [
+        "p",
+        "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"
+      ],
+      [
+        "e",
+        "3624762a1274dd9636e0c552b53086d70bc88c165bc4dc0f9e836a1eaf86c3b8"
+      ],
+      [
+        "bolt11",
+        "lnbc10u1p3unwfusp5t9r3yymhpfqculx78u027lxspgxcr2n2987mx2j55nnfs95nxnzqpp5jmrh92pfld78spqs78v9euf2385t83uvpwk9ldrlvf6ch7tpascqhp5zvkrmemgth3tufcvflmzjzfvjt023nazlhljz2n9hattj4f8jq8qxqyjw5qcqpjrzjqtc4fc44feggv7065fqe5m4ytjarg3repr5j9el35xhmtfexc42yczarjuqqfzqqqqqqqqlgqqqqqqgq9q9qxpqysgq079nkq507a5tw7xgttmj4u990j7wfggtrasah5gd4ywfr2pjcn29383tphp4t48gquelz9z78p4cq7ml3nrrphw5w6eckhjwmhezhnqpy6gyf0"
+      ],
+      [
+        "description",
+        "{\"pubkey\":\"32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245\",\"content\":\"\",\"id\":\"d9cc14d50fcb8c27539aacf776882942c1a11ea4472f8cdec1dea82fab66279d\",\"created_at\":1674164539,\"sig\":\"77127f636577e9029276be060332ea565deaf89ff215a494ccff16ae3f757065e2bc59b2e8c113dd407917a010b3abd36c8d7ad84c0e3ab7dab3a0b0caa9835d\",\"kind\":9734,\"tags\":[[\"e\",\"3624762a1274dd9636e0c552b53086d70bc88c165bc4dc0f9e836a1eaf86c3b8\"],[\"p\",\"32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245\"],[\"relays\",\"wss://relay.damus.io\",\"wss://nostr-relay.wlvs.space\",\"wss://nostr.fmt.wiz.biz\",\"wss://relay.nostr.bg\",\"wss://nostr.oxtr.dev\",\"wss://nostr.v0l.io\",\"wss://brb.io\",\"wss://nostr.bitcoiner.social\",\"ws://monad.jb55.com:8080\",\"wss://relay.snort.social\"]]}"
+      ],
+      [
+        "preimage",
+        "5d006d2cf1e73c7148e7519a4c68adc81642ce0e25a432b2434c99f97344c15f"
+      ]
+    ],
+    "content": "",
+    "sig": "b0a3c5c984ceb777ac455b2f659505df51585d5fd97a0ec1fdb5f3347d392080d4b420240434a3afd909207195dac1e2f7e3df26ba862a45afd8bfe101c2b1cc"
+  }
+```
+
+* The zap note MUST have a `bolt11` tag containing the description hash bolt11 invoice.
+
+* The zap note MUST contain a `description` tag which is the invoice description.
+
+* `SHA256(description)` MUST match the description hash in the bolt11 invoice.
+
+* The zap note MAY contain a `preimage` to match against the payment hash of the bolt11 invoice. This isn't really a payment proof, there is no real way to prove that the invoice is real or has been paid. You are trusting the author of the zap note for the legitimacy of the payment.
+
+The zap note is not a proof of payment, all it proves is that some nostr user fetched an invoice. The existence of the zap note implies the invoice as paid, but it could be a lie given a rogue implementation.
+
+
+### Creating a zap note
+
+When receiving a payment, the following steps are executed:
+
+1. Get the description for the invoice. This needs to be saved somewhere during the generation of the description hash invoice. It is saved automatically for you with CLN, which is the reference implementation used here.
+
+2. Parse the bolt11 description as a JSON nostr note. You SHOULD check the signature of the parsed note to ensure that it is valid. This is the `zap request` note created by the entity who is zapping.
+
+4. The note MUST have only one `p` tag
+
+5. The note MUST have 0 or 1 `e` tag
+
+6. Create a nostr note of kind `9735` that includes the `p` tag AND optional `e` tag. The content SHOULD be empty. The created_at date SHOULD be set to the invoice paid_at date for idempotency.
+
+7. Send the note to the `relays` declared in the `zap request` note from the invoice description.
+
+A reference implementation for the zapper is here: [zapper][zapper]
+
+[zapper]: https://github.com/jb55/cln-nostr-zapper
+
+
+## Client Behavior
+
+Clients MAY fetch zap notes on posts and profiles:
+
+`{"kinds": [9735], "#e": [...]}`
+
+To authorize these notes, clients MUST fetch the `nostrPubkey` from the users configured lightning address or lnurl and ensure that the zaps to their posts were created by this pubkey. If clients don't do this, anyone could forge unauthorized zaps.
+
+Once authorized, clients MAY tally zaps on posts, and list them on profiles. If the zap request note contains a non-empty `content`, it may display a zap comment. Generally clients should show users the `zap request` note, and use the `zap note` to show "zap authorized by ..." but this is optional.
+
+## Future Work
+
+Zaps can be extended to be more private by encrypting zap request notes to the target user, but for simplicity it has been left out of this initial draft.

58.md

@@ -0,0 +1,132 @@
+NIP-58
+======
+
+Badges
+------
+
+`draft` `optional` `author:cameri`
+
+Three special events are used to define, award and display badges in
+user profiles:
+
+1. A "Badge Definition" event is defined as a parameterized replaceable event
+with kind `30009` having a `d` tag with a value that uniquely identifies
+the badge (e.g. `bravery`) published by the badge issuer. Badge definitions can
+be updated.
+
+2. A "Badge Award" event is a kind `8` event with a single `a` tag referencing
+a "Define Badge" event and one or more `p` tags, one for each pubkey the
+badge issuer wishes to award. The value for the `a` tag MUST follow the format
+defined in [NIP-33](33.md). Awarded badges are immutable and non-transferrable.
+
+3. A "Profile Badges" event is defined as a parameterized replaceable event
+with kind `30008` with a `d` tag with the value `profile_badges`.
+Profile badges contain an ordered list of pairs of `a` and `e` tags referencing a `Badge Definition` and a `Badge Award` for each badge to be displayed.
+
+### Badge Definition event
+
+The following tags MUST be present:
+
+- `d` tag with the unique name of the badge.
+
+The following tags MAY be present:
+
+- A `name` tag with a short name for the badge.
+- `image` tag whose value is the URL of a high-resolution image representing the badge. The second value optionally specifies the dimensions of the image as  `width`x`height` in pixels. Badge recommended dimensions is 1024x1024 pixels.
+- A `description` tag whose value MAY contain a textual representation of the
+image, the meaning behind the badge, or the reason of it's issuance.
+- One or more `thumb` tags whose first value is an URL pointing to a thumbnail version of the image referenced in the `image` tag. The second value optionally specifies the dimensions of the thumbnail as `width`x`height` in pixels.
+
+### Badge Award event
+
+The following tags MUST be present:
+
+- An `a` tag referencing a kind `30009` Badge Definition event.
+- One or more `p` tags referencing each pubkey awarded.
+
+### Profile Badges Event
+
+The number of badges a pubkey can be awarded is unbounded. The Profile Badge
+event allows individual users to accept or reject awarded badges, as well
+as choose the display order of badges on their profiles.
+
+The following tags MUST be present:
+
+- A `d` tag with the unique identifier `profile_badges`
+
+The following tags MAY be present:
+
+- Zero or more ordered consecutive pairs of `a` and `e` tags referencing a kind `30009` Badge Definition and kind `8` Badge Award, respectively. Clients SHOULD
+ignore `a` without corresponding `e` tag and viceversa. Badge Awards referenced
+by the `e` tags should contain the same `a` tag.
+
+### Motivation
+
+Users MAY be awarded badges (but not limited to) in recognition, in gratitude, for participation, or in appreciation of a certain goal, task or cause.
+
+Users MAY choose to decorate their profiles with badges for fame, notoriety, recognition, support, etc., from badge issuers they deem reputable.
+
+### Recommendations
+
+Badge issuers MAY include some Proof of Work as per [NIP-13](13.md) when minting Badge Definitions or Badge Awards to embed them with a combined energy cost, arguably making them more special and valuable for users that wish to collect them.
+
+Clients MAY whitelist badge issuers (pubkeys) for the purpose of ensuring they retain a valuable/special factor for their users.
+
+Badge image recommended aspect ratio is 1:1 with a high-res size of 1024x1024 pixels.
+
+Badge thumbnail image recommended dimensions are: 512x512 (xl), 256x256 (l), 64x64 (m), 32x32 (s) and 16x16 (xs).
+
+Clients MAY choose to render less badges than those specified by users in the Profile Badges event or replace the badge image and thumbnails with ones that fits the theme of the client.
+
+Clients SHOULD attempt to render the most appropriate badge thumbnail according to the number of badges chosen by the user and space available. Clients SHOULD attempt render the high-res version on user action (click, tap, hover).
+
+### Example of a Badge Definition event
+
+```json
+{
+  "pubkey": "alice",
+  "kind": 30009,
+  "tags": [
+    ["d", "bravery"],
+    ["name", "Medal of Bravery"],
+    ["description", "Awarded to users demonstrating bravery"],
+    ["image", "https://nostr.academy/awards/bravery.png", "1024x1024"],
+    ["thumb", "https://nostr.academy/awards/bravery_256x256.png", "256x256"],
+  ],
+  ...
+}
+```
+
+### Example of Badge Award event
+
+```json
+{
+  "id": "<badge award event id>",
+  "kind": 8,
+  "pubkey": "alice",
+  "tags": [
+    ["a", "30009:alice:bravery"],
+    ["p", "bob", "wss://relay"],
+    ["p", "charlie", "wss://relay"],
+  ],
+  ...
+}
+```
+
+### Example of a Profile Badges event
+
+Honorable Bob The Brave:
+```json
+{
+  "kind": 30008,
+  "pubkey": "bob",
+  "tags": [
+    ["d", "profile_badges"],
+    ["a", "30009:alice:bravery"],
+    ["e", "<bravery badge award event id>", "wss://nostr.academy"],
+    ["a", "30009:alice:honor"],
+    ["e", "<honor badge award event id>", "wss://nostr.academy"],
+  ],
+  ...
+}
+```

65.md

@@ -0,0 +1,76 @@
+NIP-65
+======
+
+Relay List Metadata
+-------------------
+
+`draft` `optional` `author:mikedilger`
+
+A special replaceable event meaning "Relay List Metadata" is defined as an event with kind `10002` having a list of `r` tags, one for each relay the author uses to either read or write to.
+
+The primary purpose of this relay list is to advertise to others, not for configuring one's client.
+
+The content is not used and SHOULD be an empty string.
+
+The `r` tags can have a second parameter as either `read` or `write`. If it is omitted, it means the author uses the relay for both purposes.
+
+Clients SHOULD, as with all replaceable events, use only the most recent kind-10002 event they can find.
+
+### The meaning of read and write
+
+Write relays are for events that are intended for anybody (e.g. your followers). Read relays are for events that address a particular person.
+
+Clients SHOULD write feed-related events created by their user to their user's write relays.
+
+Clients SHOULD read feed-related events created by another from at least some of that other person's write relays. Explicitly, they SHOULD NOT expect them to be available at their user's read relays. It SHOULD NOT be presumed that the user's read relays coincide with the write relays of the people the user follows.
+
+Clients SHOULD read events that tag their user from their user's read relays.
+
+Clients SHOULD write events that tag a person to at least some of that person's read relays. Explicitly, they SHOULD NOT expect that person will pick them up from their user's write relays. It SHOULD NOT be presumed that the user's write relays coincide with the read relays of the person being tagged.
+
+Clients SHOULD presume that if their user has a pubkey in their ContactList (kind 3) that it is because they wish to see that author's feed-related events. But clients MAY presume otherwise.
+
+### Motivation
+
+There is a common nostr use case where users wish to follow the content produced by other users. This is evidenced by the implicit meaning of the Contact List in [NIP-02](02.md)
+
+Because users don't often share the same sets of relays, ad-hoc solutions have arisen to get that content, but these solutions negatively impact scalability and decentralization:
+
+  - Most people are sending their posts to the same most popular relays in order to be more widely seen
+  - Many people are pulling from a large number of relays (including many duplicate events) in order to get more data
+  - Events are being copied between relays, oftentimes to many different relays
+
+### Purposes
+
+The purpose of this NIP is to help clients find the events of the people they follow, to help tagged events get to the people tagged, and to help nostr scale better.
+
+### Suggestions
+
+It is suggested that people spread their kind `10002` events to many relays, but write their normal feed-related events to a much smaller number of relays (between 2 to 6 relays). It is suggested that clients offer a way for users to spread their kind `10002` events to many more relays than they normally post to.
+
+Authors may post events outside of the feed that they wish their followers to follow by posting them to relays outside of those listed in their "Relay List Metadata".  For example, an author may want to reply to someone without all of their followers watching.
+
+It is suggested that relays allow any user to write their own kind `10002` event (optionally with AUTH to verify it is their own) even if they are not otherwise subscribed to the relay because
+
+  - finding where someone posts is rather important
+  - these events do not have content that needs management
+  - relays only need to store one replaceable event per pubkey to offer this service
+
+### Why not in kind `0` Metadata
+
+Even though this is user related metadata, it is a separate event from kind `0` in order to keep it small (as it should be widely spread) and to not have content that may require moderation by relay operators so that it is more acceptable to relays.
+
+### Example
+
+```json
+{
+  "kind": 10002,
+  "tags": [
+    ["r", "wss://alicerelay.example.com"],
+    ["r", "wss://brando-relay.com"],
+    ["r", "wss://expensive-relay.example2.com", "write"],
+    ["r", "wss://nostr-relay.example.com", "read"],
+  ],
+  "content": "",
+  ...other fields
+```

78.md

@@ -0,0 +1,21 @@
+NIP-78
+======
+
+Arbitrary custom app data
+-------------------------
+
+`draft` `optional` `author:sandwich` `author:fiatjaf`
+
+The goal of this NIP is to enable [remoteStorage](https://remotestorage.io/)-like capabilities for custom applications that do not care about interoperability.
+
+Even though interoperability is great, some apps do not want or do not need interoperability, and it that wouldn't make sense for them. Yet Nostr can still serve as a generalized data storage for these apps in a "bring your own database" way, for example: a user would open an app and somehow input their preferred relay for storage, which would then enable these apps to store application-specific data there.
+
+## Nostr event
+
+This NIP specifies the use of event kind `30078` (parameterized replaceable event) with a `d` tag containing some reference to the app name and context -- or any other arbitrary string. `content` and other `tags` can be anything or in any format.
+
+## Some use cases
+
+ - User personal settings on Nostr clients (and other apps unrelated to Nostr)
+ - A way for client developers to propagate dynamic parameters to users without these having to update
+ - Personal private data generated by apps that have nothing to do with Nostr, but allow users to use Nostr relays as their personal database

README.md

@@ -1,6 +1,6 @@
 # NIPs
 
-NIPs stand for **Nostr Implementation Possibilities**. They exist to document what MUST, what SHOULD and what MAY be implemented by [Nostr](https://github.com/fiatjaf/nostr)-compatible _relay_ and _client_ software.
+NIPs stand for **Nostr Implementation Possibilities**. They exist to document what may be implemented by [Nostr](https://github.com/fiatjaf/nostr)-compatible _relay_ and _client_ software.
 
 - [NIP-01: Basic protocol flow description](01.md)
 - [NIP-02: Contact List and Petnames](02.md)
@@ -9,36 +9,124 @@ NIPs stand for **Nostr Implementation Possibilities**. They exist to document wh
 - [NIP-05: Mapping Nostr keys to DNS-based internet identifiers](05.md)
 - [NIP-06: Basic key derivation from mnemonic seed phrase](06.md)
 - [NIP-07: `window.nostr` capability for web browsers](07.md)
-- [NIP-08: Handling Mentions](08.md)
+- [NIP-08: Handling Mentions](08.md) – `unrecommended`: deprecated in favor of [NIP-27](27.md)
 - [NIP-09: Event Deletion](09.md)
-- [NIP-10: Conventions for clients' use of `e` and `p` tags in text events.](10.md)
+- [NIP-10: Conventions for clients' use of `e` and `p` tags in text events](10.md)
 - [NIP-11: Relay Information Document](11.md)
 - [NIP-12: Generic Tag Queries](12.md)
 - [NIP-13: Proof of Work](13.md)
 - [NIP-14: Subject tag in text events.](14.md)
 - [NIP-15: End of Stored Events Notice](15.md)
 - [NIP-16: Event Treatment](16.md)
+- [NIP-19: bech32-encoded entities](19.md)
+- [NIP-20: Command Results](20.md)
+- [NIP-21: `nostr:` URL scheme](21.md)
+- [NIP-22: Event `created_at` Limits](22.md)
+- [NIP-23: Long-form Content](23.md)
+- [NIP-25: Reactions](25.md)
+- [NIP-26: Delegated Event Signing](26.md)
+- [NIP-27: Text Note References](27.md)
+- [NIP-28: Public Chat](28.md)
+- [NIP-33: Parameterized Replaceable Events](33.md)
+- [NIP-36: Sensitive Content](36.md)
+- [NIP-39: External Identities in Profiles](39.md)
+- [NIP-40: Expiration Timestamp](40.md)
+- [NIP-42: Authentication of clients to relays](42.md)
+- [NIP-46: Nostr Connect](46.md)
+- [NIP-50: Keywords filter](50.md)
+- [NIP-51: Lists](51.md)
+- [NIP-56: Reporting](56.md)
+- [NIP-57: Lightning Zaps](57.md)
+- [NIP-58: Badges](58.md)
+- [NIP-65: Relay List Metadata](65.md)
+- [NIP-78: Application-specific data](78.md)
 
 ## Event Kinds
 
-| kind | description               | NIP  |
-|------|---------------------------|------|
-| 0    | Metadata                  | 1, 5 |
-| 1    | Text                      | 1    |
-| 2    | Recommend Relay           | 1    |
-| 3    | Contacts                  | 2    |
-| 4    | Encrypted Direct Messages | 4    |
-| 5    | Event Deletion            | 9    |
+| kind          | description                      | NIP         |
+| ------------- | -------------------------------- | ----------- |
+| 0             | Metadata                         | [1](01.md)  |
+| 1             | Short Text Note                  | [1](01.md)  |
+| 2             | Recommend Relay                  | [1](01.md)  |
+| 3             | Contacts                         | [2](02.md)  |
+| 4             | Encrypted Direct Messages        | [4](04.md)  |
+| 5             | Event Deletion                   | [9](09.md)  |
+| 7             | Reaction                         | [25](25.md) |
+| 8             | Badge Award                      | [58](58.md) |
+| 40            | Channel Creation                 | [28](28.md) |
+| 41            | Channel Metadata                 | [28](28.md) |
+| 42            | Channel Message                  | [28](28.md) |
+| 43            | Channel Hide Message             | [28](28.md) |
+| 44            | Channel Mute User                | [28](28.md) |
+| 1984          | Reporting                        | [56](56.md) |
+| 9734          | Zap Request                      | [57](57.md) |
+| 9735          | Zap                              | [57](57.md) |
+| 10000         | Mute List                        | [51](51.md) |
+| 10001         | Pin List                         | [51](51.md) |
+| 10002         | Relay List Metadata              | [65](65.md) |
+| 22242         | Client Authentication            | [42](42.md) |
+| 24133         | Nostr Connect                    | [46](46.md) |
+| 30000         | Categorized People List          | [51](51.md) |
+| 30001         | Categorized Bookmark List        | [51](51.md) |
+| 30008         | Profile Badges                   | [58](58.md) |
+| 30009         | Badge Definition                 | [58](58.md) |
+| 30023         | Long-form Content                | [23](23.md) |
+| 30078         | Application-specific Data        | [78](78.md) |
 
-Please update this list when proposing NIPs introducing new event kinds.
+### Event Kind Ranges
+
+| kind           | description                      | NIP         |
+| -------------- | -------------------------------- | ----------- |
+| 1000-9999      | Regular Events                   | [16](16.md) |
+| 10000-19999    | Replaceable Events               | [16](16.md) |
+| 20000-29999    | Ephemeral Events                 | [16](16.md) |
+| 30000-39999    | Parameterized Replaceable Events | [33](33.md) |
+
+## Message Types
+
+### Client to Relay
+| type  | description                                         | NIP         |
+|-------|-----------------------------------------------------|-------------|
+| EVENT | used to publish events                              | [1](01.md)  |
+| REQ   | used to request events and subscribe to new updates | [1](01.md)  |
+| CLOSE | used to stop previous subscriptions                 | [1](01.md)  |
+| AUTH  | used to send authentication events                  | [42](42.md) |
+
+### Relay to Client
+| type   | description                                             | NIP         |
+|--------|---------------------------------------------------------|-------------|
+| EVENT  | used to send events requested to clients                | [1](01.md)  |
+| NOTICE | used to send human-readable messages to clients         | [1](01.md)  |
+| EOSE   | used to notify clients all stored events have been sent | [15](15.md) |
+| OK     | used to notify clients if an EVENT was successful       | [20](20.md) |
+| AUTH   | used to send authentication challenges                  | [42](42.md) |
+
+Please update these lists when proposing NIPs introducing new event kinds.
 
 When experimenting with kinds, keep in mind the classification introduced by [NIP-16](16.md).
 
+## Standardized Tags
+
+| name       | value                   | other parameters  | NIP                      |
+| ---------- | ----------------------- | ----------------- | ------------------------ |
+| e          | event id (hex)          | relay URL, marker | [1](01.md), [10](10.md)  |
+| p          | pubkey (hex)            | relay URL         | [1](01.md)               |
+| a          | coordinates to an event | relay URL         | [33](33.md), [23](23.md) |
+| r          | a reference (URL, etc)  |                   | [12](12.md)              |
+| t          | hashtag                 |                   | [12](12.md)              |
+| g          | geohash                 |                   | [12](12.md)              |
+| nonce      | random                  |                   | [13](13.md)              |
+| subject    | subject                 |                   | [14](14.md)              |
+| d          | identifier              |                   | [33](33.md)              |
+| expiration | unix timestamp (string) |                   | [40](40.md)              |
+
 ## Criteria for acceptance of NIPs
 
-1. They should be implemented somewhere at least as a prototype somewhere.
+1. They should be implemented in at least two clients and one relay -- when applicable.
 2. They should make sense.
-3. Other rules will be made up when necessary.
+3. They should be optional and backwards-compatible: care must be taken such that clients and relays that choose to not implement them do not stop working when interacting with the ones that choose to.
+4. There should be no more than one way of doing the same thing.
+5. Other rules will be made up when necessary.
 
 ## License