Include a draft of the username policy that governs the usage of the Farcaster NameRegistry

Document the functioning of the delegate signers and the custody signers and the revocation process.

First draft out for review here

First draft out for review here

See screenshot. Using Macbook Pro 2012 macOS Monterrey

I guess the main issue is that devs don't actually come here to help solve problems.

Discussed in #147

A final checklist of smaller items that must be taken care of before releasing the first rev of the protocol

• CRDT's: do all of our sets guarantee strong eventual consistency?
• JSON Canonicalization: investigate if there are discrepancies between implementations
• Naming: review all major components once they are described
• Diagrams: add for callouts and any other areas that might benefit from specificity
• Review all open comments on PR and resolve
• Acknowledgements Section
• Come up with a versioning / release scheme that uses Git.
• Add ci linting to ensure consistency of spacing and markdown between edits
• Add PR checklist to anyone who wishes to contribute

We plan to introduce a Direct Messaging system in Farcaster for users to communicate individually and in groups. Philosophically, we want this system to be as secure as the Signal protocol. It should guarantee:

• end-to-end encryption: messages are encrypted before leaving a device and decrypted only at the recipient device.
• forward secrecy: the compromise of a previous key-pair does not compromise future communications
• break-in recovery: the system can recovery safely and easily from a compromise of a key-pair
• minimal metadata leakage: we minimize the amount of metadata that can be determined about a user
• anti-forgery: users cannot impersonate each other

The purpose of this ticket is to outline our approach with enough detail that we are confident that it can easily be added to our protocol in the future. It is not meant to be exhaustive or to cover narrow casts (casts encrypted to a narrow audience) which is a slightly different feature with different requirements. We may also choose to build this feature in stages, starting with no encryption and eventually tending towards a highly secure system that meets our requirements.

Designs

1: Quick & Dirty Elliptic Curve Encryption

Users can communicate securely by using ECDH to derive a shared secret which in turns created a shared symmetric encryption key. Farcaster messages are authenticated by default with signatures, so another MAC system is not required. Currently, all devices have the same ECC key-pair which makes cross device communication straightforward.

A mailbox server can be implemented to proxy messages between users and it holds on to messages for at least N days to ensure that it is delivered to all devices. There is no guarantee that every device gets every messages, if it does not come online within that timeframe.

This approach has many drawbacks - it has no forward secrecy or break-in recovery, it is vulnerable to determined attackers who collect large volumes of ciphertext and it leaks metadata to any listener. It is also only possible in the current Farcaster v1 system where all clients store the same ECC key, and will need to be deprecated as we move to v2. Its only benefit is that it is significantly faster to implement than any of the other options. The only reason to consider this approach is to ship a quick v1 of the system to get usage in a beta form, where users are made aware that the encryption is not fully trustworthy yet.

2: Modified Double Ratchet

We implement the the Signal protocol using Double Ratchet, X3DH and Sesame. We may even be able to use Farcaster Hub network to augment the Sesame mailbox system to offer even less metadata leakage. This achieves all of our goals and is a theoretically secure and practically tested framework. The primary downside to this approach is that it is a significant amount of work to implement correctly, and there is room for errors which can lead to comprise.

3: Matrix Client

Instead of building our own communication stack, we can use Matrix which offers an opinionated stack for real-time communication. The primary downside is the lack of flexibility and extra infrastructure we need to run. We may have to run a Matrix home server for each user, in addition to a Farcaster Hub or sufficiently modify the Hub to perform both functions. This area is less clear and needs more research.

Implications for Current Implementation

The good news is that the decisions we are making with how to handle keys have very little impact on the correct long term designs (2, 3) though they make (1) a little harder in the short term. We should proceed with implementation and revisit this as we get closer to considering DM's

References

• ECDH Key Exchange
• ECC Encryption / Decryption
• Signal's Double Ratchet Algorithm
• E2E encryption in Matrix
• Wickr Messaging Protocol
• X3DH Key Agreement protocol
• Sesame Algorithm

A Recast expresses an intent to share another cast. An account can recast any cast, including its own, but may not recast the same cast multiple times.

I was reading through the Farcaster protocol and the bold text stuck out to me as an odd constraint.

I am curious what the reasoning is for not allowing multiple recasts at different times?

Goal

Pick a home for a living design doc that describes the current Farcaster protocol implementation. Developers will find this a useful resource when considering protocol changes or implementing applications. This is meant to be a detailed technical specification and not a high level white-paper. Philosophically, it will be somewhere between the Ethereum Yellow Paper and Ethereum Beige Paper.

The main requirements are:

• Able to track changes and revert to previous versions.
• Able to propose changes, discuss and merge them.
• Supports simple text formatting, hyperlinks, mathematical equations and diagrams.
• Easy for developers to use without need special tools or knowledge.

Possible Solutions

Notion
Our current design docs live in a Notion page. The main problem is change tracking, where there is no pull request like flow to make, propose, comment on and merge changes. A secondary problem is that a notion doc does not feel truly decentralized public, unlike a Github repository.

Tex in GH
Many crypto projects rely on a PDF format, with a Github repository containing Tex files used to auto-build the PDF. The main downside is that developers must constantly switch between readable format (PDF) and the comment-able format (Tex in GH), and also invest time in learning Tex. Fixed layout PDF's are also inferior to a web page in terms of general usability, and their primary advantage is maintaining the structure of the document exactly, which we don't care about.

Markdown in GH
While rare for protocol documentation, many open source repositories rely entirely on Markdown files in Github to document their code. They meet most of our requirements for developer experience and change tracking. The downside is that equations are not easy to add into markdown on GH, since there is no native support for Tex.

Proposal

We should move to using Markdown in GH. It strikes the best balance between the tradeoffs, and we can work around by equation problem by generating them in other applications and embedding them as images. The next steps would be:

• Migrate the documentation from Notion into GH.
• Add guidelines for how to make changes to the protocol going forward.

Background and motivation

Right now the protocol requires embeds to be strings and cast parents and reaction targets to be cast IDs. However, all three of these should support many types—web URLs, on-chain URIs, and casts. Here are examples of targets we want to embed, reply to, or react to:

• Youtube video URL (string): https://www.youtube.com/watch?v=B51bLBdUt3w
• Jam long cast URL (string): http://longcast.jam.so/jjIT58
• News articles (string): https://www.nytimes.com/interactive/2023/04/06/travel/things-to-do-tokyo.html
• Farcaster cast (cast ID): { fid: 2, hash: "0x2e6bc2ef8a08157144c571baeebe450e28bd7534" }
• Ethereum NFT (string): Etherscan or OpenSea
• Ethereum NFT minting transaction (string): https://etherscan.io/tx/0xfa2bead71e628b6fcbcb45530b1197b52092981860e653dc5285f79a27a0b92a
• Tezos NFT (string): https://objkt.com/asset/fxhashgenesis/145979
• Solana NFT (string): SolanaFM, Solscan, or Solana Explorer

Hubs benefit from having a structured CastId, because it enables indexing (i.e. GetCastsByParent or GetReactionsByCast methods). One option would be to continue this pattern and write protobufs for all types of URIs, however that would slow down product development—Farcaster clients would have to wait for protocol upgrades to use new types of targets. Instead, hubs should have two types of targets (strings and cast IDs) and clients should share rules for parsing the string targets.

Implementation

There are a few parts to the implementation:

1. Upgrading the message.proto file to include both types for embeds, parents, and reaction targets
2. Adding validation to the string targets
3. Deciding on a collection of URI formats for the protocol to initially include

1. Protobufs upgrade

Embeds

Right now embeds are only strings, so we should add a new field in CastAddBody that is a list of targets of mixed type:

message Embed {
  oneof embed {
    string embed_url = 1;
    CastId embed_cast_id = 2;
  }
}

message CastAddBody {
  repeated string url_embeds = 1; // To be deprecated
  repeated Embed embeds = 6;
  ...
}

Once we make this upgrade, historical casts will still include string embeds at field number 1. So as of the protocol version where we add the Embed message, we should reject new messages that include embeds in the old format with a timestamp after the prior version expires. For example, if our current protocol version is 2023.3.1 and we upgrade to 2023.4.12, then casts can use the old embeds format until 4/27 when version 2023.3.1 expires. We can then wait and let the casts using the old embeds format get pruned over time.

Cast parent

Cast parent should include both strings and cast IDs:

message CastAddBody {
  ...
  oneof parent {
    CastId parent_cast_id = 3;
    string parent_url = 7;
  };
  ...
}

The GetCastsByParent rpc method and cast indices will have to change to support string parents.

Reaction target

Reaction targets will need to be updated to include both strings and cast IDs:

message ReactionBody {
  ...
  oneof target {
    CastId target_cast_id = 2;
    string target_url = 3;
  }
}

We should change the GetReactionsByCast rpc method to GetReactionsByTarget and allow requests with both kinds of targets.

2. Validation

While hubs should not worry about validating the format of the string targets, they should implement length constraints, like we already have with string embeds. I propose adding the same 1-256 byte requirement on the length of each target string.

3. Supported target formats

Ultimately, there's nothing stopping a client from submitting messages with malformed targets, and it's up to clients to build UIs for each target format. That being said, the Farcaster protocol can encourage usage of shared target formats to enable cross-client experiences for users.

Similarly, targets should be as generic as possible. For instance, clients should try to reference NFTs or other on-chain assets using URIs rather than Etherscan, OpenSea, or other registry links. Those websites may change their URL formats or may cease to exist all together, so URIs that can be turned into app-specific URLs are better.

One idea is to follow the CAIP-19 standard as much as possible for on-chain assets. Here are examples:

• Ethereum mainnet NFT: eip155:1/erc721:0xa723a8a69d9b8cf0bc93b92f9cb41532c1a27f8f/11
• Tezos NFT: tezos/nft:KT1KEa8z6vWXDJrVqtMrAeDVzsvxat3kHaCE/145979

For NFTs specifically, users should be able to target the NFT itself but also transactions related to it. Here's an example URI for the minting transaction of an Ethereum NFT: eip155:1/erc721:0xa723a8a69d9b8cf0bc93b92f9cb41532c1a27f8f/11/0xfa2bead71e628b6fcbcb45530b1197b52092981860e653dc5285f79a27a0b92a.

Here is an initial list of supported formats to include in the Farcaster protocol docs to encourage clients to implement:

• Generic URL: https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]+\.[a-zA-Z0-9()]{1,6}([-a-zA-Z0-9()@:%_\+.~#?&//=])*
• Ethereum NFT URI: CAIP-19 with additional (optional) transaction hash (i.e. eip155:<chain ID>/<token standard>:<token address>/<token id>/<optional transaction hash>)

Assets from other blockchains can be supported in future versions.

Specify the system which third party applications can use to verify ownership of a Farcaster ID with a signed message.

First draft out for review here

no comment

When trying desktop app, I get the following error after inputting seedphrase and it asking me to input my email address to verify

Unhandled Promise Rejection Error: Request failed with status code 403 at e.exports (file:///Applications/Farcaster.app/Contents/Resources/app.asar/dist/renderer/renderer.js:2:880104) at e.exports (file:///Applications/Farcaster.app/Contents/Resources/app.asar/dist/renderer/renderer.js:2:882532) at XMLHttpRequest.F (file:///Applications/Farcaster.app/Contents/Resources/app.asar/dist/renderer/renderer.js:2:874597)

Farcaster messages can reference other objects using URI's. For instance, a cast that is a reply to another cast set's the targetUri property to a URI that uniquely references the parent. There are three types of references that we need:

1. Farcaster URI's -- pointers to top level Farcaster content like users or casts.
2. Blockchain URI's -- pointers to on-chain content like assets or activity.
3. HTTP URI's -- off-chain content like web pages, snapshot votes

The current design proposal is tracked in the URI Notion docs, which should be kept up to date as this ticket is implemented.

Hello everyone!

I recently started to play around with Farcaster and I tried to run the tutorial that you have to fetch casts, and it didn't work even when I tried with Goerli. I received this error every time (I also tried with Replit).

node:1636) UnhandledPromiseRejectionWarning: Error: missing revert data in call exception (error={"reason":"processing response error","code":"SERVER_ERROR","body":"{\"jsonrpc\":\"2.0\",\"id\":43,\"error\":{\"code\":-32000,\"message\":\"execution reverted\"}}","error":{"code":-32000},"requestBody":"{\"method\":\"eth_call\",\"params\":[{\"to\":\"0xe3be01d99baa8db9905b33a3ca391238234b79d1\",\"data\":\"0x342740c97600000000000000000000000000000000000000000000000000000000000000\"},\"latest\"],\"id\":43,\"jsonrpc\":\"2.0\"}","requestMethod":"POST","url":"https://eth-goerli.alchemyapi.io/v2/<api_key>}, data="0x", code=CALL_EXCEPTION, version=providers/5.5.2)

Not sure if this is the right place to mention this, just want to let you know about it and if you have a solution for it, I would appreciate that.

Let me know if you have any questions

Thanks,

Hi, team ,I posted an issue in 'www' channel,but there's no answer, plz check it out :
farcasterxyz/docs#31

I was in the app on my MacBook, just browsing and clicking on user profiles when I got this error:

Unhandled Promise Rejection Error: The user aborted a request. at new n (file:///Applications/Farcaster.app/Contents/Resources/app.asar/dist/renderer/renderer.js:2:2662251) at r.<anonymous> (file:///Applications/Farcaster.app/Contents/Resources/app.asar/dist/renderer/renderer.js:2:2661529) at new r (file:///Applications/Farcaster.app/Contents/Resources/app.asar/dist/renderer/renderer.js:2:2663434) at r.<anonymous> (file:///Applications/Farcaster.app/Contents/Resources/app.asar/dist/renderer/renderer.js:2:2661529) at new r (file:///Applications/Farcaster.app/Contents/Resources/app.asar/dist/renderer/renderer.js:2:2663584) at i.<anonymous> (file:///Applications/Farcaster.app/Contents/Resources/app.asar/dist/renderer/renderer.js:2:2729165) at l (file:///Applications/Farcaster.app/Contents/Resources/app.asar/dist/renderer/renderer.js:2:2698828) at Generator.<anonymous> (file:///Applications/Farcaster.app/Contents/Resources/app.asar/dist/renderer/renderer.js:2:2700166) at Generator.throw (file:///Applications/Farcaster.app/Contents/Resources/app.asar/dist/renderer/renderer.js:2:2699191) at Kn (file:///Applications/Farcaster.app/Contents/Resources/app.asar/dist/renderer/renderer.js:2:2705402) at s (file:///Applications/Farcaster.app/Contents/Resources/app.asar/dist/renderer/renderer.js:2:2705643) <img width="815" alt="Screen Shot 2022-12-07 at 4 44 26 PM" src="https://user-images.githubusercontent.com/100040464/206321518-5459a22f-dc37-4e0b-a70b-136d048d8bb0.png">

This ticket tracks a to-do list of small changes that need to be made before the v2 spec can be finalized.

• Diagrams: should be color coded to improve readability
• DeltaGraph: delta limits should be specified here for clarity
• Hubs: Differential sync should be described with diagrams
• Hubs: Key pair authentication should be specified
• Hubs: add sequence diagram to describe how gossip sync and differnential sync work
• Upgradeability: process for proposing protocol upgrades
• Appendix: Rules for validating UserData
• Appendix: gRPC API signatures for Hubs
• Appendix: libp2p configuration details should be specified
• Appendix: Specify the core team, and a public channel to communicate
• Appendix: Link to longer form discussions that have informed the direction of the protocol
• Appendix: Acknowledgements section should be added

Discussed in #172

What?

User mentions should be tracked in casts with an array data structure that can store upto 5 mentions

Why?

• Allows mentions to be rendered consistently across all clients
• Allows users to type text that may collide with a mention without explicitly creating a mention (e.g. @xyz on twitter said...)
• Prevents spammy behavior like tagging a very large number of users

How?

If a user wants to write a cast that renders as hello @bob and @alice! where bob and alice are tagged and have fids 123 and 456, the cast body would be generated as follows:

const body =  {
  text: "hello %0% and %1%",
  mentions: [fid:123,fid:456],
  ...
}

Protocol

The proposed design is to keep the mention data outside of the text field while retaining a pointer to it. Each CastShort message will have a mentions array that can contain 0-5 fids. These fids can be pointed to from a cast's text with the strings %0% ... %4%.

A benefit to this approach is that each tag also adds a deterministic amount to the cast.text length (3 chars) instead of it being dependent on the length of the username. The %<num>% strings are also unlikely to collide with text typed by a user which makes parsing this data structure easier for clients.

The formal type definition for cast short then becomes:

type CastShortTextBody = {
  embed: Embed;
  mentions?: [];  // max of 5 items 
  text: string;
  schema: 'farcaster.xyz/schemas/v1/cast-short-text';
  parentUri?: URI;
};

Clients

When rendering a Cast with a mention, clients can follow this simple pseudocode:

• For every match of /\%[0-4]\%/gm in cast.text, if a mentions[num] exists, where num is the number matched
• Replace $<num>$ with @<fname> if it exists, and !<fid> otherwise, and link to the users profile

Casts can also kick off side effects like sending out notifications when they receive such a cast. Note that a single fid can be mentioned multiple times in the same cast, but no more than 5 unique fids can be mentioned.

A user who wishes to tag the fname bob which owns the fid 123 may type hello @bob, which should cause the client to look up the fname bob, find its fid and create this underlying data structure:

const body =  {
  text: "hello $0$ ",
  mentions: [fid:123],
  ... 
}

A user who wishes to tag the fid 456 which does not have an fname may type hello !456, which should cause the client to validate that 456 is an fid and then create this data structure:

const body =  {
  text: "hello $0$ ",
  mentions: [fid:456],
  ... 
}

A user may also choose to tag the fid 123 which owns the name bob by writing hello !123, in which case we recommend that clients change the ui to hello @bob while generating the following data structure

const body =  {
  text: "hello $0$ ",
  mentions: [fid:123],
  ... 
}

Todo

• add to protocol spec
• add to farcaster hub