From 2f899341f5963f8fe2f612d2f23b7c392f59d95e Mon Sep 17 00:00:00 2001
From: _ <>
Date: Wed, 26 Mar 2025 12:05:43 +0000
Subject: [PATCH] fixes2

---
 README.md | 41 +++++++++++++++++++++++++++++++++--------
 1 file changed, 33 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index d6c0bf8..73990d0 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ Enables a local client to make and receive http requests (PUT, POST, GET, PATCH
 architecture-beta
 group user(internet)[Nostr Client]
 group cloud(cloud)[Untrusted Servers]
-group home(server)[Trusted Server]
+group home(server)[Trusted Device]
 service client(internet) in user
 service blossom(database)[Blossom Storage] in cloud
 service relay(logos:aws-ec2)[Relays] in cloud
@@ -58,22 +58,44 @@ sequenceDiagram
     r<<-->>c: Fetch event
     Note over c: Decrypt event
     b<<-->>c: Fetch payload (if large)
-    Note over c: Provide RESPONSE
-    
+    Note over c: Convert<br> kind 21120 into<br> HTTP Response
+    c-->>b: Delete REQUEST blob (if exists)
+    c->>r: Delete REQUEST event
     
 ```
 
+The remote server should periodically scan for expired RESPONSE events (and associated blossom blobs) and delete them.
 
 ## Event Structure
 
+Example **request** with a small payload.  Payload is in `content` and `P` tag is the npub of the remote HTTP server.
+
 ```jsonc
 {
   "kind": 21120,
   "pubkey": "<pubkey>",
-  "content": "nip44Encrypt({'url':'blossom.one','hash':'xx','decrypt':'password123'})",
+  "content": "$encryptedPayload",
   "tags": [
-    ["E", "<request event id>"], // (RES) Request ID (mandatory)
-    ["r", "https://relay.one"] // (REQ) Response Relay (optional)
+    ["p", "<pubkey of remote server>"], // P tag entry, this is a REQUEST
+    ["key","nip44Encrypt($decryptkey)"],
+    ["r", "https://relay.one"],
+    ["expiration",<unix timestamp>]
+  ],
+  // other fields...
+}
+```
+
+Example **response** with a large payload.  Valid JSON is in `content` and `E` tag is populated.  For privacy, the requestor npub is NOT shown - the requestor instead should be fetching the response using the `E` tag.
+
+```jsonc
+{
+  "kind": 21120,
+  "pubkey": "<pubkey>",
+  "content": "encrypt({'url':'blossom.one','hash':'xx'},$decryptkey)",
+  "tags": [
+    ["key","nip44Encrypt($decryptkey)"],
+    ["E", "<request event id>"], // E tag entry, this is a RESPONSE
+    ["expiration",<unix timestamp>]
   ],
   // other fields...
 }
@@ -82,8 +104,11 @@ sequenceDiagram
 Explanations:
 
  * `kind:21120` - BIP39 word #1120 ([message](https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt#L1120)), plus 20,000 to be treated as ephemeral (not stored by relays).
- * `"content"` - encrypted (NIP-44) JSON with location of blob and decryption key **OR** the content itself (if under a threshold)
- * `"E"` - ID of the request event.  Enables a response to be easily identified.
+ * `"content"` - encrypted JSON with location of blob **OR** the content itself (if under a threshold).  NIP-44 is NOT used as the payload may be large, affecting bunker signing stability.
+* `"p"` - the pubkey of the remote HTTP server.  Indicates that this is a REQUEST.
+ * `"key"` - the decryption key for the `content` field, also the key for the blossom blob (if used).
+ * `"E"` - ID of the request event.  Enables a response to be identified, and fetched.
+ * `"expiration"` - remote servers should not process requests after this time.  Relays SHOULD delete events after this time.
  * `"r"` - (optional) relay on which the response should be sent.  For Requests only.